info transfer initrd -> bootscript

News and discussion about development of the Debian OS itself

info transfer initrd -> bootscript

Postby hede » 2013-10-11 16:20

I would like to transfer some informations I gather inside the initrd (with some script) to some later boot script.
I tried setting an environment variable and export it, but this will get lost.
I tried writing to the filesystem, but root is not mounted at that stage.

Any idea of "the best way to do it"?
hede
 
Posts: 5
Joined: 2012-02-28 08:17
Location: Germany, email: debian452@der-he.de

User Autologin to X11 via LUKS Key

Postby hede » 2013-11-21 09:56

Okay, because no one showed me the best way, I did it my way.

Background: I'm running several Linux Desktop Systems with Full Drive Encryption. cryptsetup LUKS. The main LVM group, inkl. the root volume, get opened inside the initrd. And Linux is a multiuser Operating System, so there are several users all with their own LUKS Key. They first enter their key and then login to the System with different Usernames and Passwords. So why not login the user to the graphical UI via those different LUKS keys?

I do so. If I enter my LUKS passphrase at bootup, I get automatically logged in to my window manager. If my wife enters her LUKS passphrase she gets logged in.

rough draft: The key entered for cryptsetup inside the initrd (early boot) gets hashed and saved inside the memory. Later on in the boot process, the Desktop Manager startscript compares this hash to a list of hashes of different users and automatically logs in the one with the matching hash.

I attached the files I edited in my Debian 7 with gdm3, Arch Linux with vt-Login and Ubuntu 12.04 with lightdm.

For Debian it is f*cksystemd.c compiled and installed to /usr/local/bin/, this is used to get the hash from initrd userland to later userland simply by adding it to the process stack and reading it later on via "ps"-tool. That's crude, yes, but I didn't find a smarter way...
Other files needed: gdm3 -> /etc/init.d/gdm3, hooks-cryptroot -> /usr/share/initramfs-tools/hooks/cryptroot and scripts-local-top-cryptroot -> /usr/share/initramfs-tools/hooks/cryptroot.

This is not a howto for end users, for now. No detailed install instructions. Just a proof of concept for discussion. If anyone is interested, please tell me.

The name and many other things are subject for debate. I'm pretty sure there are smarter ways on the one hand for the hash transfer and on the other hand for autologon (I modify a symlinks to the DM-config every time). The name f*cksystemd of the hash-transfer-binary accrued while trying to let systemd pass some environment variables from initrd to a boot script. Which doesn't work because systemd deletes the whole environment and this is not configurable. So I thought like Linus to NVidia... f* you, systemd! There should be some configuration option to whitelist environment parameters for single boot scripts and maybe delete them after running those scripts.

(Argh, sorry, I'm not allowed to attach files here. So here we go: http://limelinx.com/dejfq
hede
 
Posts: 5
Joined: 2012-02-28 08:17
Location: Germany, email: debian452@der-he.de

Re: info transfer initrd -> bootscript

Postby llivv » 2013-11-22 20:31

just skimming your post, most sounds interesting to me except the gnome part.
oh :D fghisystemd.c
If you make it work for a console login I'll see if I can find time to test. :?
in the kitchen with Julia ....
[...]
Get on the D bus to B Can ....
[...]
User avatar
llivv
 
Posts: 5586
Joined: 2007-02-14 18:10
Location: willo the tree

Re: info transfer initrd -> bootscript

Postby hede » 2013-11-24 17:48

I'm using automatic console login via systemd on arch. If you are using systemd you can adapt what I've done there [1]. If you are using the default sysvinit and autologin to console via some getty line in inittab, there should be other ways to do so. I don't think running an unmodified loginuser.sh instead of getty will do it, but with a little modification... I don't know.

[1] arch subdir in the downloaded tar.gz, but remember: this is no installer package or even install instructions. You have to place and edit the files by your own. This "proof of concept" addresses pro/expert users.
hede
 
Posts: 5
Joined: 2012-02-28 08:17
Location: Germany, email: debian452@der-he.de


Return to Debian Development

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable