Cha*_*ffy 5 linux initramfs cpio
Linux 上的 initramfs 档案可以由一系列串联的、gzipped cpio 文件组成。
给定这样的档案,如何提取所有嵌入的档案,而不是仅提取第一个?
下面是一个模式的例子,虽然它看起来有可能工作,但只提取第一个存档:
while gunzip -c | cpio -i; do :; done <input.cgz
我还尝试了dracut的skipcpio 帮助程序将文件指针移过第一个 cpio 图像,但以下结果会导致发送到 cpio 的损坏流(不在输入中的正确点):
# this isn't ideal -- presumably would need to rerun with an extra skipcpio in the pipeline
# ...until all files in the archive have been reached.
gunzip -c <input.cgz | skipcpio /dev/stdin | cpio -i
gunzip 只需要运行一次(消耗所有输入),而 cpio 应该为每个嵌入的存档运行一次,如下所示:
gunzip -c <input.cgz | while cpio -i; do :; done
/usr/lib/dracut/skipcpio $your-initrd-img | zcat | cpio -id --no-absolute-file-names
要不然
/usr/lib/dracut/skipcpio $your-img | gunzip -c | cpio -id
(在 FreeBSD 中,cpio 没有 --no-absolute-file-names 选项)
这个小程序skipcpio如果是dracut包的一部分。但是你可以下载代码(skipcpio.c)并在 FreeBSD 下编译它。
在提取 dracut 创建的 initrd 映像时,至少在 RedHat 驱动的发行版(如 Fedora)下,您需要使用它。它将一个名为“early_cpio”的文件放入映像中,因此以以前已知的正常方式提取 initramfs 将不起作用。
安装了软件包amd64-microcode/intel-microcode软件包的 Debian 似乎使用了某种混乱的未压缩cpio存档,其中包含 CPU 微代码,后跟包含实际 initrd 内容的gzip压缩存档。cpio我能够提取它的唯一方法是使用binwalk( apt install binwalk),它都可以正确列出结构:
binwalk /path/to/initrd
示例输出:
host ~ # binwalk /boot/initrd.img-5.10.0-15-amd64
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
120 0x78 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
244 0xF4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
376 0x178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
540 0x21C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00455C00"
4546224 0x455EB0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
4546560 0x456000 gzip compressed data, has original file name: "mkinitramfs-MAIN_dTZaRk", from Unix, last modified: 2022-06-14 14:02:57
37332712 0x239A6E8 MySQL ISAM compressed data file Version 9
并提取单独的部分:
binwalk -e /path/to/initrd
示例输出:
host ~ # binwalk -e /boot/initrd.img-5.10.0-15-amd64
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
120 0x78 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
244 0xF4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
376 0x178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
540 0x21C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00455C00"
4546224 0x455EB0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
4546560 0x456000 gzip compressed data, has original file name: "mkinitramfs-MAIN_dTZaRk", from Unix, last modified: 2022-06-14 14:02:57
37332712 0x239A6E8 MySQL ISAM compressed data file Version 9
这将为您提供单独文件中的单独部分,现在您终于可以提取正确的cpio存档:
host ~ # ls -l _initrd.img-5.10.0-15-amd64.extracted
insgesamt 187M
drwxr-xr-x 3 root root 4,0K 14. Jun 17:53 cpio-root/
-rw-r--r-- 1 root root 114M 14. Jun 17:53 mkinitramfs-MAIN_dTZaRk
-rw-r--r-- 1 root root 39M 14. Jun 17:53 0.cpio
-rw-r--r-- 1 root root 35M 14. Jun 17:53 mkinitramfs-MAIN_dTZaRk.gz
host ~/_initrd.img-5.10.0-15-amd64.extracted # mkdir extracted
host ~/_initrd.img-5.10.0-15-amd64.extracted # cd extracted
host ~/_initrd.img-5.10.0-15-amd64.extracted/extracted # cat ../mkinitramfs-MAIN_dTZaRk | cpio -idmv --no-absolute-filenames
[...]
host ~/_initrd.img-5.10.0-15-amd64.extracted/extracted # ll
insgesamt 28K
lrwxrwxrwx 1 root root 7 14. Jun 17:55 bin -> usr/bin/
drwxr-xr-x 3 root root 4,0K 14. Jun 17:55 conf/
drwxr-xr-x 7 root root 4,0K 14. Jun 17:55 etc/
lrwxrwxrwx 1 root root 7 14. Jun 17:55 lib -> usr/lib/
lrwxrwxrwx 1 root root 9 14. Jun 17:55 lib32 -> usr/lib32/
lrwxrwxrwx 1 root root 9 14. Jun 17:55 lib64 -> usr/lib64/
lrwxrwxrwx 1 root root 10 14. Jun 17:55 libx32 -> usr/libx32/
drwxr-xr-x 2 root root 4,0K 14. Jun 16:02 run/
lrwxrwxrwx 1 root root 8 14. Jun 17:55 sbin -> usr/sbin/
drwxr-xr-x 8 root root 4,0K 14. Jun 17:55 scripts/
drwxr-xr-x 8 root root 4,0K 14. Jun 17:55 usr/
-rwxr-xr-x 1 root root 6,2K 14. Jan 2021 init*