[pkg-cryptsetup-devel] initramfs-tools: Please provide an API or best practices for custom initramfs hook configuration

Jonas Meurer jonas at freesources.org
Fri Dec 25 13:46:04 UTC 2015


Am 23.12.2015 um 23:15 schrieb Jonas Meurer:
> Am 17.12.2015 um 09:57 schrieb Jonas Meurer:
>> Am 11.12.2015 um 15:35 schrieb Guilhem Moulin:
>>> On Fri, 11 Dec 2015 at 00:54:03 +0000, Ben Hutchings wrote:
>> I guess that Guilhem meant "... something that's only documented in the
>> changelog". And I agree with him, that the purpose and limitations of
>> conf-hooks.d directory should be properly documented somewhere in the
>> mkinitramfs(8) manpage.
> 
> Do you agree?
> 
>>>> No, I am not going to add any more half-baked shell script parsing.
>>>>
>>>> Also, it doesn't make any sense to me, to put hook-specific
>>>> configuration into a namespace shared across all hooks.  You can
>>>> always add a configuration file to your own package and source it in
>>>> your hook script.
>>>
>>> Using /etc/$package/initramfs adds a useless directory level for
>>> packages that only ship initramfs hook and script.  The directory
>>> /etc/default is shared, also.
>>
>> I understand that Ben will not add the solution that we prefer and
>> suggest. But I still believe that some "standardized" way to make a
>> initramfs hook script configurable would be a benefit.
>>
>> Especially I don't like the idea to add yet another new config file for
>> the hook scripts. Thus I suggest the following: in cryptsetup, we use
>> the conf-hook.d/cryptroot file for both the main mkinitramfs and the
>> hook script configuration. Variables for the hook script will use a
>> special namespace (like CRYPTROOT_*) and will be exported. Moulin could
>> use the same scheme for dropbear (with DROPBEAR_* namespace).
>>
>> Ben, would you be ok with adding the /etc/initramfs-tools/conf-hooks.d
>> equivalent directory in addition to
>> /usr/share/initramfs-tools/conf-hooks.d? That way, at least custom
>> changes of the hook script config would be supported in a proper way.
>>
>> If we can agree on that, then the following changes would be needed in
>> initramfs-tools:
>>
>> 1/ add support for /etc/initramfs-tools/conf-hooks.d (already
>>    implemented in the patch I submitted)
>> 2/ properly document purpose and limitations of conf-hooks.d directories
> 
> Ben, what's your opinion on this suggestion? Is it an acceptable
> solution for you? Or do you prefer to not change anything regarding
> conf-hooks.d directory handing in mkinitramfs?

After taking bugreport #783297[1] into consideration, the suggested
solution doesn't look sufficient any more.

Instead, the initramfs-tools documentation should make clear that hook
scripts *must not* source initramfs.conf without sourcing all files from
hook-conf.d/* as well.

Probably a separate configuration file is the cleanest solution for hook
scripts that need to be configurable. But in that case, I do think that
initramfs-tools should provide a place for hook configuration files.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783297

Cheers
 jonas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20151225/c6a000d2/attachment.sig>


More information about the pkg-cryptsetup-devel mailing list