Bug#707040: initramfs-tools: missing busybox package creates unbootable initramfs missing /bin/sh

To: 707040@bugs.debian.org
Cc: Adam Conrad <adconrad@0c3.net>
Subject: Bug#707040: initramfs-tools: missing busybox package creates unbootable initramfs missing /bin/sh
From: Ben Love <blove+debianbugs@kylimar.com>
Date: Wed, 8 May 2013 22:26:34 -0400
Message-id: <[🔎] 20130509022634.GK601@forodwaith.kylimar.com>
Reply-to: Ben Love <blove+debianbugs@kylimar.com>, 707040@bugs.debian.org
In-reply-to: <handler.707040.B.136789808028682.ack@bugs.debian.org>
References: <[🔎] 20130507033451.5602.36134.reportbug@krondor.lovehaus.dom> <handler.707040.B.136789808028682.ack@bugs.debian.org>

Hi,

I've done a little more digging and have some more information:

TLDR: Root cause appears to be mounting /tmp noexec, and the
original patch for bug #638068.

The source of the problem seems to be
/usr/share/initramfs-tools/hooks/klibc.

The older version of initramfs-tools had this snippet:

if [ "${BUSYBOX}" = "n" ] || [ ! -e ${BUSYBOXDIR}/busybox ]; then
        mv ${DESTDIR}/bin/sh.shared ${DESTDIR}/bin/sh
fi

In my case, BUSYBOX is set to y.  BUSYBOXDIR is set by
/usr/sbin/mkinitramfs:

test -e /bin/busybox && BUSYBOXDIR=/bin
test -e /usr/lib/initramfs-tools/bin/busybox && BUSYBOXDIR=/usr/lib/initramfs-tools/bin
export BUSYBOXDIR

Since busybox is not installed, BUSYBOXDIR is unset, and /busybox
does not exist, so sh.shared is moved to sh and everything is fine.

In the new version of initramfs-tools, the same hook has this snippet
instead:

if [ "${BUSYBOX}" = "n" ] || [ ! -e ${BUSYBOXDIR}/busybox ]; then
        if [ -x ${DESTDIR}/bin/sh.shared ]; then
                # Some platforms build a shared klibc/sh:
                mv ${DESTDIR}/bin/sh.shared ${DESTDIR}/bin/sh
        elif [ -x /usr/lib/klibc/bin/sh ]; then
                # Others build a static version instead:
                cp -pL /usr/lib/klibc/bin/sh ${DESTDIR}/bin/sh
        fi
else
        # Nobody wanted it, so save a tiny bit of space:
        rm -f ${DESTDIR}/bin/sh.shared
fi

In my case, the first conditional is still the same, so the first
branch is taken.  But now, there are two -x tests.  Since DESTDIR
defaults to /tmp (which is mounted noexec for me) the -x test fails
even though sh.shared exists and is in fact [supposed to be]
executable.  The second -x test fails because /usr/lib/klibc/bin/sh
does not exist.  Then the conditionals end _without ever creating_
${DESTDIR}/bin/sh!

Two potential solutions:

1) Change the -x test to a -e test.  I don't know if sh.shared would
ever legitimately exist, yet should not be used as /bin/sh.

2) Create a final, unconditional block that does "something" sane
to provide a fallback /bin/sh.  (Or else bail entirely!)

I think the right answer is probably to do some kind combination:
The sh.shared text should be changed to -e, to fix the noexec mount
problem.  And then there should be a final, unconditional block that
halts the entire initramfs image creation.  An image without /bin/sh
will never work!

Ben

-- 
Ben Love
http://www.kylimar.com/

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#707040: initramfs-tools: missing busybox package creates unbootable initramfs missing /bin/sh
  - From: Ben Love <blove+debianbugs@kylimar.com>

Prev by Date: Processed: tagging 659033
Next by Date: Bug#707175: linux-image-3.2.0-4-powerpc64: kernel BUG at /build/buildd-linux_3.2.41-2-powerpc-TjfGhD/linux-3.2.41/fs/dcache.c:474
Previous by thread: Bug#707040: initramfs-tools: missing busybox package creates unbootable initramfs missing /bin/sh
Next by thread: Bug#707047: Lockup and possible hardware damage on VIA EPIA-PD motherboard
Index(es):
- Date
- Thread