I’m modifying a bunch of initramfs archives from different Linux distros in which normally only one file is being changed.
I would like to automate the process without switching to root user to extract all files inside the initramfs image and packing them again.
First I’ve tried to generate a list of files for gen_init_cpio without extracting all contents on the initramfs archive, i.e. parsing the output of cpio -tvn initrd.img (like ls -l output) through a script which changes all permissions to octal and arranges the output to the format gen_init_cpio wants, like:
dir /dev 755 0 0 nod /dev/console 644 0 0 c 5 1 slink /bin/sh busybox 777 0 0 file /bin/busybox initramfs/busybox 755 0 0
This involves some replacements and the script may be hard to write for me, so I’ve found a better way and I’m asking about how safe and portable is:
In some distros we have an initramfs file with concatenated parts, and apparently the kernel parses the whole file extracting all parts packed in a 1-byte boundary, so there is no need to fill each part to a multiple of 512 bytes. I thought this ‘feature’ can be useful for me to avoid recreating the archive when modifying files inside it. Indeed it works, at least for Debian and CloneZilla.
For example if we have modified the /init file on initrd.gz of Debian 8.2.0, we can append it to initrd.gz image with:
$ echo ./init | cpio -H newc -o | gzip >> initrd.gz
so initrd.gz has two concatenated archives, the original and its modifications. Let’s see the result of binwalk:
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 gzip compressed data, maximum compression, has original file name: "initrd", from Unix, last modified: Tue Sep 1 09:33:08 2015 6299939 0x602123 gzip compressed data, from Unix, last modified: Tue Nov 17 16:06:13 2015
It works perfectly. But it is reliable? what restrictions do we have when appending data to initfamfs files? it is safe to append without padding the original archive to a multiple of 512 bytes? from which kernel version is this feature supported?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
It’s very reliable and supported by all kernel versions that support initrd, AFAIK. It’s a feature of the cpio archives that initramfs are made up of. cpio just keeps on extracting its input….we might know the file is two cpio archives one after the other, but cpio just sees it as a single input stream.
Debian advises use of exactly this method (appending another cpio to the initramfs) to add binary-blob firmware to their installer initramfs. For example:
DebianInstaller / NetbootFirmware | Debian Wiki
Initramfs is essentially a concatenation of gzipped cpio archives
which are extracted into a ramdisk and used as an early userspace by
the Linux kernel. Debian Installer’s initrd.gz is in fact a single
gzipped cpio archive containing all the files the installer needs at
boot time. By simply appending another gzipped cpio archive –
containing the firmware files we are missing – we get the show on the
road!
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0