Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved]Better way to get staticbinarys in custom initramfs?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Pale
n00b
n00b


Joined: 23 Sep 2009
Posts: 14

PostPosted: Mon Oct 05, 2015 3:51 pm    Post subject: [Solved]Better way to get staticbinarys in custom initramfs? Reply with quote

There has to be a better way to do this... :x

Early in my Gentoo install process I emerged a static cryptsetup for use in my custom initramfs. My profile was set to default and getting a static cryptsetup was fairly painless (less than 10 packages, and it worked!). Now after selecting the kde profile, and getting my system installed, I discovered I need a newer version of cryptsetup with slightly different use flags for the all the features I want. Getting a static cryptsetup now is going to force me to recompile 250+ packages (use flag changes leading to use flag changes..). And I KNOW my system wont boot with some of these changes(no udev support for lvm for example), forcing me to recompile 250+ packages AGAIN after I get the binary for my initramfs.

There needs to be a way to emerge this separate from my system. For emerge to just check what most basic dependencies are needed and build them with the appropriate use flags that static cryptsetup needs without installing on my system, then build cryptsetup with the dependencies that are separate from my system's. Then trash everything but the binary.

I've looked at the emerge --root option, but it doesn't seem to do what I want. I think it just changes where it installs to.

Pls. I don't want to rebuild almost EVERYTHING twice... :x :(

The same thing is true for lvm but luckily I have a working static binary from earlier. I need udev support in the lvm on my system, but no udev support in the static lvm binary on my initramfs. If I needed to build a static lvm now, it would be the same story.

:( :( :(


Last edited by Pale on Tue Oct 06, 2015 3:52 am; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43192
Location: 56N 3W

PostPosted: Mon Oct 05, 2015 5:00 pm    Post subject: Reply with quote

Pale,

Build your initrd without any kernel modules. This means that the kernel modules needed to boot must be built in.
There is now no need to rebuild your initrd every time you build a kernel. Its just a small self consistant root filesystem, that you can think of as firmware.

I'm still using an initrd from April 2009. Like you, I would find it difficult to recreate, six years on.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Oct 05, 2015 6:14 pm    Post subject: Re: Better way to get static binarys for custom initramfs? Reply with quote

Pale wrote:
There has to be a better way to do this...

Pale ... fortunately there is ... don't use the static useflag, and don't use system built binaries ... build your initramfs seperately. It's fairly easy to do using Aboriginal Linux ... or better-initramfs (which uses Aboriginal as the build system). As Neddy suggests, avoid having kernel modules within the initramfs, they shouldn't be needed, and you will avoid the need to rebuild the initramfs on kernel updates ...

HTH & best ... khay
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Mon Oct 05, 2015 6:17 pm    Post subject: Reply with quote

I don't understand how you get 250+ packages. Are you setting useflags globally instead of package.use?

static global is a bad idea.

Oh, and you should probably use nettle or kernel instead of gcrypt for static cryptsetup.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43192
Location: 56N 3W

PostPosted: Mon Oct 05, 2015 6:23 pm    Post subject: Reply with quote

Pale,

To use dynamically linked packages in the initrd and will put it togethor yourself, lddtree will tell what you need.

A statically linked package looks like
Code:
$ lddtree /bin/busybox
/bin/busybox (interpreter => None)


and a dynamically linked package looks like
Code:
$ lddtree /sbin/fsck.ext4
/sbin/fsck.ext4 (interpreter => /lib64/ld-linux-x86-64.so.2)
    libext2fs.so.2 => /lib64/libext2fs.so.2
    libcom_err.so.2 => /lib64/libcom_err.so.2
        libpthread.so.0 => /lib64/libpthread.so.0
    libblkid.so.1 => /lib64/libblkid.so.1
    libuuid.so.1 => /lib64/libuuid.so.1
    libe2p.so.2 => /lib64/libe2p.so.2
    libc.so.6 => /lib64/libc.so.6

You just need to include all the pieces. Static linking is not essential.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Oct 05, 2015 7:01 pm    Post subject: Reply with quote

NeddySeagoon wrote:
You just need to include all the pieces. Static linking is not essential.

Neddy ... true, but if you want to keep the initramfs down in size then only building/including whats needed has some advantages ...

Code:
# du -hs /usr/src/initramfs/sourceroot
2.8M    /usr/src/initramfs/sourceroot

... that's an entire (uncompressed) initramfs (built with uClibc/aboriginal) and includes busybox, lvm2, cryptsetup, and a few other small binaries/scripts.

best ... khay
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43192
Location: 56N 3W

PostPosted: Mon Oct 05, 2015 7:08 pm    Post subject: Reply with quote

khayyam,

That's impressive. It will be a year or so before I need a new initrd though, when I move to a new system.
I'm holding off for 4k displays to drop a bit.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Pale
n00b
n00b


Joined: 23 Sep 2009
Posts: 14

PostPosted: Tue Oct 06, 2015 2:15 am    Post subject: Reply with quote

I don't even know what you mean by build your initramfs without modules. My kernel was built with everything i need to boot, I followed this for my initramfs. I just need a way to build cryptsetup use="static static-libs openssl -gcrypt". If i try to build that on my system i have to keep adding changes to package.use until I'm going to have to rebuild 250+ packages. I have a version i need built with "static static-libs kernel -gcrypt" and when I boot it I get "unable to initialize crypto backend" so im going back to openssl. Version 1.6.5 worked with "static static-libs openssl -gcrypt". Openssl is probably the thing leading to so many package re compiles.

Any idea what I might be missing in my kernel or initramfs dir that causes "unable to initialize crypto backend"?

EDIT. I enabled some userspace crypto options in the kernel and cryptsetup on my initramfs works now.

Building an initramfs is still a massive pain if you're gonna try to build the binaries for it on your desktop system. If i need to change something I guess the best solution would be to make a new gentoo VM and build it on there.

Thanks people.
Back to top
View user's profile Send private message
schorsch_76
Guru
Guru


Joined: 19 Jun 2012
Posts: 450

PostPosted: Tue Oct 06, 2015 8:08 am    Post subject: Reply with quote

For my initrd i use the same binaries as on my machine. I simply add the needed *.so files ....
_________________
// valid again: I forgot about the git access. Now 1.2GB big. Start: 2015-06-25
git daily portage tree
Web: https://portage.schorsch-tech.de
git clone https://portage.schorsch-tech.de/portage.git
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Oct 06, 2015 8:52 am    Post subject: Reply with quote

Pale wrote:
I don't even know what you mean by build your initramfs without modules. My kernel was built with everything i need to boot

Pale ... this came into the discussion because in your first post you stated you had a working 'static' cryptsetup/lvm, and assumedly had your kernel (and initramfs), or a bootable install, prior to changing the profile. The only reason to rebuild an initramfs subsequently is if you're forced to do so because the kernel modules are included in the initramfs, if they are not then its hard to see why the initramfs needs rebuilt. From your following posts it seems that the problem is actually the changed useflag(s) causing rebuilds ... which is not directly related to building your initramfs (and the 'subject'). You asked if there were "a better way", there is, don't use 'static static-libs', and build your initramfs in such a way as to not need system binaries, or to need rebuilt when the kernel is updated.

Pale wrote:
Building an initramfs is still a massive pain if you're gonna try to build the binaries for it on your desktop system. If i need to change something I guess the best solution would be to make a new gentoo VM and build it on there.

I provided you with what I think is the "best solution", its quite easy to create a seperate build system to produce a statically linked, compact, initramfs ... without the use of 'static static-libs' and without using '--root'.

best ... khay
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Tue Oct 06, 2015 10:34 am    Post subject: Reply with quote

Pale wrote:
I have a version i need built with "static static-libs kernel -gcrypt" and when I boot it I get "unable to initialize crypto backend" so im going back to openssl.


For kernel you have to enable all the required crypto stuff in the kernel (not just AES but also sha1, pbkdf2, ...)

Also try nettle. It's actually the fastest library for me, http://www.metamorpher.de/files/cryptsetup-benchmark.html

Regarding Gentoo VM, you don't actually need a VM ... you can just build things in a chroot.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum