mkinitfs usage: mkinitfs [-nKklLh] [-b basedir] [-o outfile] [-t tempdir] [-c configfile] [-F features] [-P featuresdir] [-f fstab] [-i initfile] [kernelversion] options: -b prefix files and kernel modules with basedir -o set another outfile -t use tempdir when creating initramfs image -c use configfile instead of default -F use specified features -P additional paths to find features -f use fstab instead of default -i use initfile as init instead of default -n don't include kernel modules or firmware -K copy also host keys to initramfs -k keep tempdir -q Quiet mode -l only list files that would have been used -L list available features -h print this help --- Inputs: Directory structure containing needed files. List of initfs features. Requested kernel version. Output: Compressed cpio archive containg initramfs. Steps: base kmods firmware apk_keys cpio Usage: mkinitfs_main <source dir> <temp dir> <outfile> <kernel version> <initfs-features...> mkinitfs_feature_files <source> <type> <features...> mkinitfs_find_files <source> <features...> mkinitfs_initfs_base <source> <target> <features...> <list of modules...> | mkinitfs_find_kmod_deps <source> <kernel version> mkinitfs_find_kmods <source> <kernel version> <features...> mkinitfs_initfs_kmods <source> <target> <kernel version> <features...> mkinitfs_find_firmware <source> <kernel version> <features...> mkinitfs_initfs_firmware <source> <target> <kernel version> <features...> mkinitfs_initfs_apk_keys <source> <target> mkinitfs_cpio_sources <source> mkinitfs_initfs_cpio <source> <output file> Wrapper: mkinitfs_wrapper_usage mkinitfs <opts> <kernel version> mkinitfs rewrite and compatibilty wrapper Existing mkinitfs: - Called with root directory to copy files from, defaults to /. - Called with output filename. - Gets list of features from /etc/mkinitfs/mkinitfs.conf or on command line via flag -F. - Features consist of single level of files named <feature>.files and <feature>.modules. - Files for features are included by glob, no current means to even verify presence of required files. - mkinitfs has no idea what packages must be installed to supply the aforementioned files, thus missing deps are possible. - modules are copied from kernel module directory with the same issue as file above. - No provision for anything other than files and modules, nor setting perms and ownership. - None of the installed files currently have their checksums tracked nor is their origin validated. mkimage mkinitfs: - Mostly identical with above, but feature information stored in functions in shell scripts rather than flat text files. - This allows for inclusion and dependency tracking between features and more specific subsets of broad features such as 'ata'. - All functionality provided through compatibility wrapper. - Currently uses features found in mkimage tree. These could be extracted for system installation. Proposed redesign: - Split core init logic off from features and their required files and modules. - Use init-stub to load only signed, apk verified tarballs in initfs. - Explicitly set DIRTY flag to let subsequent scripts know that something unverified has been introduced to the environment. - Allow for CANARY value which can be modified and handed off by each stage to detect an unexpected execution path (skipping or inserting a step). - Package stock init stub, base, and features (these should be the only kernel specific part) as standard apk packages to be included in initramfs image. - This would allow building features at kernel-build time, leaving only assembly on the client machine for stock use. - Allow user to use custom initramfs by signing and baking their own stub and features. Support use of a nonce signature per build for positive versioning. - Ideally, use bootloader to append all initfs features. Alternately, append all feature cpio.gz directly to the stub cpio.gz before installing. - Draw files to include in initramfs only from signed apks (or at the very least, verify checksums match those in signed manifest) without explicit request. - Output one signed artifact per feature, including its script(s), userspace binaries, and modules. - Maintain manifest of source package and hash for each file included. - Use globs to generate file lists only, then subtract files provided by deps before creating manifests and packaging. - Provide hooks in base to call any included features needed. - For very simple static cases, provide a minimal shim init instead.