[pkg-cryptsetup-devel] initramfs-tools: Please provide an API or best practices for custom initramfs hook configuration
Jonas Meurer
jonas at freesources.org
Thu Dec 17 08:57:53 UTC 2015
Am 11.12.2015 um 15:35 schrieb Guilhem Moulin:
> On Fri, 11 Dec 2015 at 00:54:03 +0000, Ben Hutchings wrote:
>> On Thu, 2015-12-10 at 12:15 +0100, Jonas Meurer wrote:
>>> Hi there,
>>>
>>> On Thu, 10 Dec 2015 02:52:11 +0100 Guilhem Moulin
>>> wrote:
>>>> AFAIK there is no documentation for where users should set variables to
>>>> configure an initramfs hook. There are a couple of workaround, all
>>>> hacky and/or relying on undocumented properties of initramfs-tools(8):
>>>>
>>>> 1/ Setting said variable in initramfs.conf(5). (Since hook scripts
>>>> are executed is sub-shells the variable need to be exported.) This
>>>> is somewhat ugly since initramfs.conf(5) is the configuration file
>>>> *for mkinitramfs*, not for the hook files.
>>>>
>>>> 2/ Using /usr/share/initramfs-tools/conf-hooks.d/$hook. This is an
>>>> undocumented (short of an entry in the changelog) hack. Also
>>>> unless that file is marked as a conffile (which violates the
>>>> policy) user modifications are wiped upon upgrade.
>>>
>>> If I got it right (didn't find documentation about it), the current
>>> purpose of conf-hooks.d seems to be to configure *mkinitramfs* in a
>>> proper way required by the hook scripts, not to set configuration
>>> variables for the hook scripts themselves, no?
>>
>> The only documentation I'm aware of is in the changelog:
>>
>> * mkinitramfs: Export MODULES, allows hook scripts to act accordingly.
>> (closes: #421658) Add /usr/share/initramfs-tools/conf-hooks.d for hooks
>> options on mkinitramfs run. Do not land in initramfs.
>
> Please consider adding it to the mkinitramfs manpage, too. Package
> maintainers can't rely on something that's only documented in the
> manpage, IMHO.
I guess that Guilhem meant "... something that's only documented in the
changelog". And I agree with him, that the purpose and limitations of
conf-hooks.d directory should be properly documented somewhere in the
mkinitramfs(8) manpage.
>> No, I am not going to add any more half-baked shell script parsing.
>>
>> Also, it doesn't make any sense to me, to put hook-specific
>> configuration into a namespace shared across all hooks. You can
>> always add a configuration file to your own package and source it in
>> your hook script.
>
> Using /etc/$package/initramfs adds a useless directory level for
> packages that only ship initramfs hook and script. The directory
> /etc/default is shared, also.
I understand that Ben will not add the solution that we prefer and
suggest. But I still believe that some "standardized" way to make a
initramfs hook script configurable would be a benefit.
Especially I don't like the idea to add yet another new config file for
the hook scripts. Thus I suggest the following: in cryptsetup, we use
the conf-hook.d/cryptroot file for both the main mkinitramfs and the
hook script configuration. Variables for the hook script will use a
special namespace (like CRYPTROOT_*) and will be exported. Moulin could
use the same scheme for dropbear (with DROPBEAR_* namespace).
Ben, would you be ok with adding the /etc/initramfs-tools/conf-hooks.d
equivalent directory in addition to
/usr/share/initramfs-tools/conf-hooks.d? That way, at least custom
changes of the hook script config would be supported in a proper way.
If we can agree on that, then the following changes would be needed in
initramfs-tools:
1/ add support for /etc/initramfs-tools/conf-hooks.d (already
implemented in the patch I submitted)
2/ properly document purpose and limitations of conf-hooks.d directories
Cheers
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20151217/81740acd/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list