summaryrefslogtreecommitdiff
path: root/repo/openrc/modloop.initd
blob: fb7006c2a2b6a5c87dde413b25074a9a6fc67796 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/sbin/openrc-run

# script that will mount image with modules

depend() {
	after dev-mount
	before checkfs fsck hwdrivers modules hwclock dev sysfs
	keyword -vserver -lxc
}

# read kernel options
init_KOPT() {
	for opt in $(cat /proc/cmdline 2>/dev/null); do
	        case "$opt" in
			modloop=*|modloop_verify=*)
				eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
		esac
	done
}

mountdirs() {
	awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts
}

find_modloop() {
	local dir="$1"
	local kver=$(uname -r)
	local oifs="$IFS"
	IFS=$'\n'
	set -- $(blkid "$dir"/boot/* "$dir"/*)
	IFS="$oifs"
	for line; do
		img=${line%%:*}
		verify_modloop "$img" || eerror "Failed to verify signature of $img!"
		mount "$img" -o loop,ro /.modloop || continue
		if [ -d /.modloop/modules/$kver ]; then
			return 0
		fi
		umount /.modloop
	done
	return 1
}

verify_modloop() {
	local modloop=$1 key=
	if ! yesno "${KOPT_modloop_verify:=yes}"; then
		return 0
	fi
	for key in /etc/apk/keys/*.pub; do
		local sig=/var/cache/misc/${modloop##*/}.SIGN.RSA.${key##*/}
		if [ -f "$sig" ]; then
			if ! command -v openssl > /dev/null; then
				ewarn "Missing openssl. Modloop verification disabled!"
				return 0
			fi
			einfo "Verifying modloop"
			openssl dgst -sha1 -verify "$key" -signature "$sig" "$modloop" \
				>/dev/null 2>&1 || return 1
		fi
	done
}

find_backing_file() {
	local dir="$1"
	local dev=$(df -P "$dir" | tail -1 | awk '{print $1}')
	cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null
}

start() {
	local modloop= mount_opts= modloop_dldir="/lib"
	init_KOPT

	case "$KOPT_modloop" in
		none) return 0;;
		http://*|https://*|ftp://*)
			modloop=$modloop_dldir/${KOPT_modloop##*/}
			if [ ! -f "$modloop" ]; then
				mkdir -p "$modloop_dldir"
				wget -P "$modloop_dldir" "$KOPT_modloop" || eend 1
			fi
			;;
		*)
			for dir in $(mountdirs); do
				if [ -f "$dir"/$KOPT_modloop ]; then
					modloop="$dir/${KOPT_modloop##/}"
					alpine_mnt="$dir"
					break
				fi
			done
			;;
	esac

	ebegin "Mounting modloop $modloop"
	mkdir -p /.modloop
	if [ -n "$modloop" ]; then
		verify_modloop "$modloop" || eerror "Failed to verify signature of $img!"
		mount -o loop,ro $modloop /.modloop
		eend $? || return 1
	else
		for dir in $(mountdirs); do
			if find_modloop "$dir"; then
				alpine_mnt="$dir"
				break
			fi
		done
		if [ -d /.modloop/modules/$(uname -r) ]; then
			eend 0
		else
			eend 1 || return 1
		fi
	fi

	#use overlayfs if available and configured
	if grep -q -w "overlay$" /proc/filesystems && [ ! -z ${unionfs_size+x} ]; then
		ewarn "Use of unionfs_size is deprecated use overlay_size instead"
		overlay_size="$unionfs_size"
	fi
	if grep -q -w "overlay$" /proc/filesystems && [ -n "$overlay_size" ]; then
		ebegin "OverlayFS detected, mounting modloop rw"
		[ "$overlay_size" != 0 ] && mount_ops="-o size=$overlay_size"
		mkdir -p /.modoverlayfs /lib/modules
		mount -t tmpfs $mount_ops tmpfs /.modoverlayfs
		mkdir -p /.modoverlayfs/modules /.modoverlayfs/work
		mount -t overlay -o upperdir=/.modoverlayfs/modules,lowerdir=/lib/modules:/.modloop/modules,workdir=/.modoverlayfs/work overlay /lib/modules
		depmod -A
		eend $? || return 1
	else
		rm -rf /lib/modules && ln -sf /.modloop/modules /lib/
	fi

	# copy firmware if there are any
	if [ -d $alpine_mnt/firmware ]; then
	        ebegin "Copying firmware from $alpine_mnt/firmware"
	        cp -R -a $alpine_mnt/firmware /lib/
	        eend $?
	elif  [ -d /lib/modules/firmware ]; then
		rmdir /lib/firmware 2>/dev/null \
			&& ln -s /lib/modules/firmware /lib/
	fi
	return 0
}

stop() {
	local ret=0
	local mnt; for mnt in /lib/modules /.modoverlayfs /.modloop; do
		if mountinfo --quiet "$mnt"; then
			ebegin "Unmounting $mnt"
			umount -d "$mnt" || ret=1
		fi
	done
	eend $ret || return 1
}