I'm modifying a bunch of initramfs
archives from different Linux distros in which normally only one file is being changed.
I would like to automate the process without switching to root user to extract all files inside the initramfs
image and packing them again.
First I've tried to generate a list of files for gen_init_cpio
without extracting all contents on the initramfs
archive, i.e. parsing the output of cpio -tvn initrd.img
(like ls -l
output) through a script which changes all permissions to octal and arranges the output to the format gen_init_cpio
wants, like:
dir /dev 755 0 0
nod /dev/console 644 0 0 c 5 1
slink /bin/sh busybox 777 0 0
file /bin/busybox initramfs/busybox 755 0 0
This involves some replacements and the script may be hard to write for me, so I've found a better way and I'm asking about how safe and portable is:
In some distros we have an initramfs
file with concatenated parts, and apparently the kernel parses the whole file extracting all parts packed in a 1-byte boundary, so there is no need to fill each part to a multiple of 512 bytes. I thought this 'feature' can be useful for me to avoid recreating the archive when modifying files inside it. Indeed it works, at least for Debian
and CloneZilla
.
For example if we have modified the /init
file on initrd.gz
of Debian 8.2.0, we can append it to initrd.gz
image with:
$ echo ./init | cpio -H newc -o | gzip >> initrd.gz
so initrd.gz
has two concatenated archives, the original and its modifications. Let's see the result of binwalk
:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 gzip compressed data, maximum compression, has original file name: "initrd", from Unix, last modified: Tue Sep 1 09:33:08 2015
6299939 0x602123 gzip compressed data, from Unix, last modified: Tue Nov 17 16:06:13 2015
It works perfectly. But it is reliable? what restrictions do we have when appending data to initfamfs
files? it is safe to append without padding the original archive to a multiple of 512 bytes? from which kernel version is this feature supported?
Best Answer
It's very reliable and supported by all kernel versions that support initrd, AFAIK. It's a feature of the
cpio
archives thatinitramfs
are made up of.cpio
just keeps on extracting its input....we might know the file is two cpio archives one after the other, but cpio just sees it as a single input stream.Debian advises use of exactly this method (appending another cpio to the initramfs) to add binary-blob firmware to their installer initramfs. For example:
DebianInstaller / NetbootFirmware | Debian Wiki