Appending files to initramfs image – reliable

bootcpioinitramfskernel

I'm modifying a bunch of initramfs archives from different Linux distros in which normally only one file is being changed.

I would like to automate the process without switching to root user to extract all files inside the initramfs image and packing them again.

First I've tried to generate a list of files for gen_init_cpio without extracting all contents on the initramfs archive, i.e. parsing the output of cpio -tvn initrd.img (like ls -l output) through a script which changes all permissions to octal and arranges the output to the format gen_init_cpio wants, like:

dir /dev 755 0 0
nod /dev/console 644 0 0 c 5 1
slink /bin/sh busybox 777 0 0
file /bin/busybox initramfs/busybox 755 0 0

This involves some replacements and the script may be hard to write for me, so I've found a better way and I'm asking about how safe and portable is:

In some distros we have an initramfs file with concatenated parts, and apparently the kernel parses the whole file extracting all parts packed in a 1-byte boundary, so there is no need to fill each part to a multiple of 512 bytes. I thought this 'feature' can be useful for me to avoid recreating the archive when modifying files inside it. Indeed it works, at least for Debian and CloneZilla.

For example if we have modified the /init file on initrd.gz of Debian 8.2.0, we can append it to initrd.gz image with:

$ echo ./init | cpio -H newc -o | gzip >> initrd.gz

so initrd.gz has two concatenated archives, the original and its modifications. Let's see the result of binwalk:

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             gzip compressed data, maximum compression, has original file name: "initrd", from Unix, last modified: Tue Sep  1 09:33:08 2015
6299939       0x602123        gzip compressed data, from Unix, last modified: Tue Nov 17 16:06:13 2015

It works perfectly. But it is reliable? what restrictions do we have when appending data to initfamfs files? it is safe to append without padding the original archive to a multiple of 512 bytes? from which kernel version is this feature supported?

Best Answer

It's very reliable and supported by all kernel versions that support initrd, AFAIK. It's a feature of the cpio archives that initramfs are made up of. cpio just keeps on extracting its input....we might know the file is two cpio archives one after the other, but cpio just sees it as a single input stream.

Debian advises use of exactly this method (appending another cpio to the initramfs) to add binary-blob firmware to their installer initramfs. For example:

DebianInstaller / NetbootFirmware | Debian Wiki

Initramfs is essentially a concatenation of gzipped cpio archives which are extracted into a ramdisk and used as an early userspace by the Linux kernel. Debian Installer's initrd.gz is in fact a single gzipped cpio archive containing all the files the installer needs at boot time. By simply appending another gzipped cpio archive - containing the firmware files we are missing - we get the show on the road!

Related Solutions

Linux – How to Generate Initramfs Image with Busybox Links

It's not the kernel that's generating the initramfs, it's cpio. So what you're really looking for is a way to build a cpio archive that contains devices, symbolic links, etc.

Your method 2 uses usr/gen_init_cpio in the kernel source tree to build the cpio archive during the kernel build. That's indeed a good way of building a cpio archive without having to populate the local filesystem first (which would require being root to create all the devices, or using fakeroot or a FUSE filesystem which I'm not sure has been written already).

All you're missing is generating the input file to gen_init_cpio as a build step. E.g. in shell:

INITRAMFS_SOURCE_DIR=/home/brandon/rascal-initramfs
exec >initramfs_source.txt
echo "dir /bin 755 0 0"
echo "file /bin/busybox $INITRAMFS_SOURCE_DIR/bin/busybox 755 0 0"
for x in sh ls cp …; do echo "slink /bin/$x busybox 777 0 0" done
# etc …

If you want to reflect the symbolic links to busybox that are present in your build tree, here's a way (I assume you're building on Linux):

( cd "$INITRAMFS_SOURCE_DIR/bin" &&
  for x in *; do
    if [ "$(readlink "$x")" = busybox ]; then
      echo "slink /bin/$x busybox 777 0 0"
    fi
  done )

Here's a way to copy all your symbolic links:

find "$INITRAMFS_SOURCE_DIR" -type l -printf 'slink %p %l 777 0 0\n'

For busybox, maybe your build tree doesn't have the symlinks, and instead you want to create one for every utility that you've compiled in. The simplest way I can think of is to look through your busybox build tree for .*.o.cmd files: there's one per generated command.

find /path/to/busybox/build/tree -name '.*.cmd' -exec sh -c '
    for x; do
      x=${x##*/.}
      echo "slink /bin/${x%%.*} busybox 777 0 0"
    done
' _ {} +

Why use cpio for initramfs

I'm not 100% sure, but as the initial ramdisk needs to be unpacked by the kernel during boot, cpio is used because it is already implemented in kernel code.

Best Answer

Related Solutions

Linux – How to Generate Initramfs Image with Busybox Links

Why use cpio for initramfs

Related Question