[TUHS] Unix install & "standalone" package

Steffen Nurpmeso steffen at sdaoden.eu
Tue Sep 5 08:10:59 AEST 2023 

Norman Wilson wrote in
 <9A989054DE79CE5059CBA74797391E39.for-standards-violators at oclsc.org>:
 |I don't remember any special many-programs-in-one binary
 |like busybox in any Unix from the days when Unix was simple
 |enough for me to understand.  That covers the entire lifetime
 |of the Research systems, but also System V and the BSDs and
 |their sundry offspring up into at least the 1990s.
 ...
 |Perhaps the question to ask is why such a magic program is
 |needed at all.  Is it just because programs like the shell
 |have become so large and unwieldy that they won't fit in
 |a small environment suitable for loading into an initramfs?

AlpineLinux as used on my vserver has busybox by default and can
cover most utitilities like that.  The lead developer Copa once
said something like "The idea is you install explicitly [if you
want something better]".  (It is a symlink farm that is
selectively replaced by installing "real" packages iirc.)

For my laptop it allows me easy boot management.
To save you the chatter ("Chatten" is the name of my tribe .. most
likely; could be Franken, Sueben .. and you know how it is): this
approach is much easier and smaller than having lots of static
binaries to copy around etc.

I do not use secure boot, i have on EFI only a kernel, busybox and
cryptsetup, and scripts (the laptop is named "kent")::

  ...
  drwxr-xr-x  4 root root     4096 Jul 15  2021  EFI/
  ...
  -rwxr-xr-x  1 root root      272 Feb  1  2022  kent.sh*
  -rwxr-xr-x  1 root root      313 Feb  1  2022  kent-direct.sh*
  drwxr-xr-x  1 root root      252 Oct  9  2022  ../
  -rwxr-xr-x  1 root root     4596 Feb  4  2023  linux-init-s1.sh*
  -rwxr-xr-x  1 root root     3646 Feb  4  2023  linux-init-lib.sh*
  -rwxr-xr-x  1 root root  5480120 Feb 11  2023  cryptsetup.static*
  -rwxr-xr-x  1 root root  1978368 Aug 15 18:51  busybox.static*
  -rwxr-xr-x  1 root root 10112672 Aug 26 18:44  ideapad-stage1.efi*

So kent.sh can be init(8) for the ideapad-stage1.efi Linux kernel
started via EFI as setup via efibootmgr(8) 

  Boot0001* kent HD(1,GPT,5d6d756b-5de2-4e5d-b043-8d4ae1bb6eb0,0x800,0x82000)/File(\ideapad-stage1.efi)root=/dev/nvme0n1p1 rootfstype=vfat init=/kent.sh

  #!/busybox.static sh
  #@ kent, step 1., via EFI.
  PART_ROOT=/dev/nvme0n1p8
  ROOT_DECRYPT='-t btrfs -o defaults,subvol=/crux/kent/root'
          PART_ROOT1=/dev/nvme0n1p8
          ROOT_DECRYPT1='-t btrfs -o defaults,subvol=/crux/kent/root.old'
  INIT_S2=/boot/kent-2.sh
  . /linux-init-s1.sh

and that allows me to unlock the harddisk.

We then boot via $INIT_S2 and kexec(8) a kernel from the encrypted
harddisk, so no code from EFI partition keeps on running.  (We
byte-compare the data from EFI with equal /boot/ files after
booting the real system.)

This allows nice and easy properties: only three files to track
(cryptsetup, busybox, kernel), almost same set of files in /boot/
and /media/efi aka EFI.  And ideapad-stage1.efi is the same kernel
that later runs, but later we have also additional dynamic modules
available.  Ie, every few weeks i copy /boot/ideapad-6_1.efi over
to be the new -stage1.efi.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the TUHS mailing list