str*_*gee 3 startup arch-linux ramdisk mkinitcpio
我有一个使用mkinitcpio. 我在 Arch GNU/Linux 上。
不久前,我掉到了一个救援外壳上,并/bin在 ramdisk 的底部四处探查,看看有什么可用的。出于某种原因,有一堆看起来无关紧要的实用程序(想想诸如ping- 你为什么要在救援环境中使用它?)。
alex@alexs-arch-imac:/tmp$ mkdir initramfs
alex@alexs-arch-imac:/tmp$ cd initramfs
alex@alexs-arch-imac:/tmp/initramfs$ cp /boot/initramfs-linux.img .
alex@alexs-arch-imac:/tmp/initramfs$ cat initramfs-linux.img | unlzma - >
initramfs-linux # needed because unlzma complains that it doesn't recognize the .img extension
alex@alexs-arch-imac:/tmp/initramfs$ cpio -iV < initramfs-linux
.............................................................................................................................................................................................................................................................................................................................................................
24225 blocks
alex@alexs-arch-imac:/tmp/initramfs$ ls
bin buildconfig config dev etc hooks init init_functions initramfs-linux initramfs-linux.img lib lib64 new_root proc run sbin shutdown sys tmp usr VERSION
alex@alexs-arch-imac:/tmp/initramfs$ ls -l bin
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 bin -> usr/bin
alex@alexs-arch-imac:/tmp/initramfs$ ls bin
[ blkid chown cttyhack dirname egrep free hexdump ip iptunnel less ls mkfifo mount nslookup ping6 readlink route sha1sum stat tac touch uniq yes
[[ busybox chroot cut dmesg env getopt ifconfig ipaddr kbd_mode ln lsblk mknod mountpoint openvt poweroff reboot sed sha256sum strings tail true uptime
ash cat clear dd dmsetup expr grep init iplink kill loadfont lsmod mktemp mv pgrep printf rm seq sha512sum switch_root telnet udevadm vi
awk chgrp cp depmod du false halt insmod iproute killall loadkmap md5sum modinfo nc pidof ps rmdir setfont sleep sync test umount wc
basename chmod cryptsetup df echo findmnt head install iprule kmod losetup mkdir modprobe netstat ping pwd rmmod sh sort systemd-tmpfiles tftp uname wget
alex@alexs-arch-imac:/tmp/initramfs$
请注意,该图像具有最奇怪的实用程序。只是看着它,我看到wget,ping,telnet,sha1sum...为什么这些在这里?
这是我的/etc/mkinitcpio.conf. 图像是使用mkinitcpio -p linux.
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=""
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect block filesystems"
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev block filesystems"
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev block mdadm encrypt filesystems"
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev block lvm2 filesystems"
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf keyboard block encrypt resume filesystems fsck shutdown"
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
初始 ramdisk 使用 Busybox 来节省空间。从本质上讲,像公用事业mv和cp所有有许多共同的逻辑-打开一个文件描述符,缓冲区读取到内存中,等Busybox的基本上把所有的常见逻辑成一个二进制文件,改变其行为会根据该名称的方式与它被称为. 让我们来看看那个 ramdisk。
alex@alexs-arch-imac:/tmp/initramfs/bin$ ls -l
total 1308
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 [ -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 [[ -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ash -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 awk -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 basename -> busybox
-rwxr-xr-x 1 alex alex 68840 Mar 24 17:06 blkid
-rwxr-xr-x 1 alex alex 287096 Mar 24 17:06 busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 cat -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 chgrp -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 chmod -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 chown -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 chroot -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 clear -> busybox
-rwxr-xr-x 1 alex alex 130272 Mar 24 17:06 cp
-rwxr-xr-x 1 alex alex 59264 Mar 24 17:06 cryptsetup
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 cttyhack -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 cut -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 dd -> busybox
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 depmod -> kmod
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 df -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 dirname -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 dmesg -> busybox
-r-xr-xr-x 1 alex alex 92227 Mar 24 17:06 dmsetup
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 du -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 echo -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 egrep -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 env -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 expr -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 false -> busybox
-rwxr-xr-x 1 alex alex 53696 Mar 24 17:06 findmnt
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 free -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 getopt -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 grep -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 halt -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 head -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 hexdump -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ifconfig -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 init -> busybox
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 insmod -> kmod
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 install -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ip -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ipaddr -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 iplink -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 iproute -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 iprule -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 iptunnel -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 kbd_mode -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 kill -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 killall -> busybox
-rwxr-xr-x 1 alex alex 142424 Mar 24 17:06 kmod
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 less -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ln -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 loadfont -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 loadkmap -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 losetup -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ls -> busybox
-rwxr-xr-x 1 alex alex 70192 Mar 24 17:06 lsblk
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 lsmod -> kmod
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 md5sum -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mkdir -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mkfifo -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mknod -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mktemp -> busybox
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 modinfo -> kmod
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 modprobe -> kmod
-rwsr-xr-x 1 alex alex 40168 Mar 24 17:06 mount
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mountpoint -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 mv -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 nc -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 netstat -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 nslookup -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 openvt -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 pgrep -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 pidof -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ping -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ping6 -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 poweroff -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 printf -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 ps -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 pwd -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 readlink -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 reboot -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 rm -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 rmdir -> busybox
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 rmmod -> kmod
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 route -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sed -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 seq -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 setfont -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sh -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sha1sum -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sha256sum -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sha512sum -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sleep -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sort -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 stat -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 strings -> busybox
-rwxr-xr-x 1 alex alex 14816 Mar 24 17:06 switch_root
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 sync -> busybox
-rwxr-xr-x 1 alex alex 63992 Mar 24 17:06 systemd-tmpfiles
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 tac -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 tail -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 telnet -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 test -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 tftp -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 touch -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 true -> busybox
-rwxr-xr-x 1 alex alex 264696 Mar 24 17:06 udevadm
-rwsr-xr-x 1 alex alex 27616 Mar 24 17:06 umount
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 uname -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 uniq -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 uptime -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 vi -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 wc -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 wget -> busybox
lrwxrwxrwx 1 alex alex 7 Mar 24 17:06 yes -> busybox
alex@alexs-arch-imac:/tmp/initramfs/bin$
如您所见,此图像中几乎每个二进制文件都链接到 Busybox。
alex@alexs-arch-imac:/tmp/initramfs/bin$ ls -l | grep --invert-match busybox -
total 1308
-rwxr-xr-x 1 alex alex 68840 Mar 24 17:06 blkid
-rwxr-xr-x 1 alex alex 130272 Mar 24 17:06 cp
-rwxr-xr-x 1 alex alex 59264 Mar 24 17:06 cryptsetup
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 depmod -> kmod
-r-xr-xr-x 1 alex alex 92227 Mar 24 17:06 dmsetup
-rwxr-xr-x 1 alex alex 53696 Mar 24 17:06 findmnt
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 insmod -> kmod
-rwxr-xr-x 1 alex alex 142424 Mar 24 17:06 kmod
-rwxr-xr-x 1 alex alex 70192 Mar 24 17:06 lsblk
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 lsmod -> kmod
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 modinfo -> kmod
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 modprobe -> kmod
-rwsr-xr-x 1 alex alex 40168 Mar 24 17:06 mount
lrwxrwxrwx 1 alex alex 4 Mar 24 17:06 rmmod -> kmod
-rwxr-xr-x 1 alex alex 14816 Mar 24 17:06 switch_root
-rwxr-xr-x 1 alex alex 63992 Mar 24 17:06 systemd-tmpfiles
-rwxr-xr-x 1 alex alex 264696 Mar 24 17:06 udevadm
-rwsr-xr-x 1 alex alex 27616 Mar 24 17:06 umount
alex@alexs-arch-imac:/tmp/initramfs/bin$ ls | wc -l # total number of files
116
alex@alexs-arch-imac:/tmp/initramfs/bin$ ls -l | grep --invert-match busybox - | grep --invert-match kmod | wc -l # number of real binaries minus two (busybox and kmod)
12
图像中有 116 个文件,但实际上只有 14 个是二进制文件。其余的是指向kmod或 的符号链接busybox。
所以:有这么多随机实用程序的原因是因为你不妨把它们放在那里。符号链接不占用任何空间,即使您删除它们,该功能仍将保留在 Busybox 二进制文件中,占用空间。由于没有真正的理由删除所有链接,打包人员没有。
这是另一个需要考虑的问题:为什么不简单地从 Busybox 二进制文件中删除网络功能?作为@Gilles提到,有是合法的(如果不是常见的)情况下,您需要在initcpio网络。因此,打包者有两个选择:一,做他们现在做的事情,默认情况下只包含所有内容,或者两个,将网络功能拆分到自己的mkinitcpio钩子中。前者非常简单(你基本上什么都不做)并且花费非常非常少,而第二个非常复杂(再次感谢@Gilles 指出这一点)并且收益真的不够重要。因此,打包者采取聪明的方式,不要对网络做任何事情。
虽然这不是一个很常见的设置,但有些安装只有一些非常小的本地存储,或者根本没有,并通过TFTP检索包括内核在内的引导代码。然后内核通过网络挂载它的根文件系统,例如使用NFS。对于此类系统,可能需要基本的网络工具来定位和挂载根文件系统。
初始 ramdisk 包含与挂载根文件系统、BusyBox实用程序套件和其他一些实用程序所需的功能相对应的内核模块。initramfs 是由mkinitcpio根据您系统的需要组装的(这是依赖于发行版的,例如基于 Debian 的发行版使用类似的程序mkinitramfs)。每个驱动程序都存储在一个单独的文件中,因此可以将 initramfs 中的内核模块精简为系统所需的内核模块(但代价是使系统无法在不同硬件上启动)。BusyBox 包含在一个二进制文件中,其中包含在编译时选择的所有功能,因此对其进行修剪将涉及重新编译它。除非您正在构建具有静态设置和有限空间的嵌入式设备,否则不值得如此复杂。
| 归档时间: |
|
| 查看次数: |
664 次 |
| 最近记录: |