Bug#1079509: Exploit initramfs-tools trigger from kernel postinst hook
Package: initramfs-tools
Version: 0.145
Severity: wishlist
So far, the kernel postinst.d hook unconditionally creates a new
initramfs, and a potentially activated trigger will re-create this image
at the end of the installation process. This cause extra delay which we
specifically feel in our frequent offline installations via isar [2],
even more when doing that cross. However, the issue affects all Debian
installations.
Here [2] is a change proposal to only stub the initramfs creation and
use the trigger to actually build it:
diff --git a/kernel/postinst.d/initramfs-tools b/kernel/postinst.d/initramfs-tools
index 6b6fef39..603901fa 100755
--- a/kernel/postinst.d/initramfs-tools
+++ b/kernel/postinst.d/initramfs-tools
@@ -2,6 +2,7 @@
version="$1"
bootopt=""
+bootdir="/boot"
command -v update-initramfs >/dev/null 2>&1 || exit 0
@@ -20,7 +21,6 @@ fi
# create the initrd in the same directory
if [ -n "$2" ]; then
bootdir=$(dirname "$2")
- bootopt="-b ${bootdir}"
fi
# avoid running multiple times
@@ -31,6 +31,12 @@ if [ -n "$DEB_MAINT_PARAMS" ]; then
fi
fi
+# if there is already a pending trigger, just create a stub to allow the
+# 'mkinitramfs -u' of the trigger handler do the real work
+if [ -e /var/lib/dpkg/triggers/update-initramfs ]; then
+ touch "${bootdir}/initrd.img-${version}"
+ exit 0
+fi
+
# we're good - create initramfs. update runs do_bootloader
-# shellcheck disable=SC2086
-update-initramfs -c -k "${version}" ${bootopt} >&2
+update-initramfs -c -k "${version}" -b $"{bootdir}" >&2
I've tested this already successfully with our custom kernel recipes in
isar. I'm sure there are nicer ways to achieve the same, and the above
may even have some issues I missed. But it would be great if something
like this could be integrated into that standard package.
[1] https://github.com/ilbers/isar/
[2] https://salsa.debian.org/jan-kiszka/initramfs-tools/-/commit/17d04411408f693e1af8949b17a6aed89ccc73a2
Reply to: