Boots into initramfs then switch_root

2026-03-26 09:00:28 +08:00
parent 8acf025a9d
commit 215eb0dc75
11 changed files with 173 additions and 32 deletions
--- a/alpine/build-rootfs.sh
+++ b/alpine/build-rootfs.sh
@@ -7,6 +7,14 @@ set -euo pipefail
 mkdir -p "$ROOTFS/var/cache/apk"
 mkdir -p "$ROOTFS/opt/monok8s/config"
 mkdir -p "$ROOTFS/build"
+mkdir -p \
+  "$ROOTFS/dev" \
+  "$ROOTFS/proc" \
+  "$ROOTFS/sys" \
+  "$ROOTFS/run" \
+  "$ROOTFS/data" \
+  "$ROOTFS/var" \
+  "$ROOTFS/tmp"

 mount --bind /var/cache/apk "$ROOTFS/var/cache/apk"
 mount --bind /dev  "$ROOTFS/dev"
@@ -72,6 +80,8 @@ mount "${TMP_LOOP}p4" /mnt/data

 # Put the real /var onto the data partition
 cp -a "$ROOTFS/var" /mnt/data/
+mkdir -p /mnt/data/etc-overlay/work
+mkdir -p /mnt/data/etc-overlay/upper

 # Copy rootfs to root partition, but exclude /var
 cp -a "$ROOTFS"/. /mnt/img-root/
@@ -79,9 +89,7 @@ rm -rf /mnt/img-root/var
 mkdir -p /mnt/img-root/var

 mkdir -p /mnt/img-root/boot
-cp /build/Image.gz /mnt/img-root/boot/Image.gz
 cp /build/board.itb /mnt/img-root/boot/kernel.itb
-cp /build/${DEVICE_TREE_TARGET}.dtb /mnt/img-root/boot/${DEVICE_TREE_TARGET}.dtb

 sync
 umount /mnt/img-root
--- a/alpine/install-packages.sh
+++ b/alpine/install-packages.sh
@@ -5,11 +5,11 @@ cd /build
 echo "##################################################### Installing basic packages"
 apk add alpine-base \
 	openrc busybox-openrc bash nftables \
-	lm-sensors lm-sensors-fancontrol lm-sensors-fancontrol-openrc
+	lm-sensors lm-sensors-fancontrol lm-sensors-fancontrol-openrc e2fsprogs

 # For diagnotics
 apk add \
-  iproute2 iproute2-ss curl bind-tools procps strace tcpdump lsof jq \
+  iproute2 iproute2-ss curl bind-tools procps strace tcpdump lsof jq binutils \
  openssl nftables conntrack-tools ethtool findmnt kmod coreutils util-linux
 echo '[ -x /bin/bash ] && exec /bin/bash -l' >> "/root/.profile"

--- a/alpine/rootfs-extra/etc/fstab
+++ b/alpine/rootfs-extra/etc/fstab
@@ -1,3 +1,7 @@
-PARTLABEL=config               /opt/monok8s/config   vfat    defaults,noatime               0      0
-PARTLABEL=data                 /data                 ext4    defaults,noatime               0      21
-/data/var                      /var                  none    rbind,noatime                  0      0
+PARTLABEL=config  /opt/monok8s/config  vfat  defaults,noatime                          0  0
+PARTLABEL=data    /data                ext4  rw,noatime,nodiratime                     0  0
+
+/data/var         /var                 none  rbind                                     0  0
+
+tmpfs             /run                 tmpfs defaults,nosuid,nodev,mode=0755           0  0
+tmpfs             /tmp                 tmpfs defaults,nosuid,nodev,noexec,mode=1777    0  0
--- a/alpine/rootfs-extra/etc/init.d/root.override
+++ b/alpine/rootfs-extra/etc/init.d/root.override
@@ -0,0 +1,16 @@
+#!/sbin/openrc-run
+
+description="Keep root filesystem read-only for immutable boot"
+
+depend()
+{
+	after clock
+	need fsck
+	keyword -docker -podman -jail -lxc -openvz -prefix -systemd-nspawn -vserver -wsl
+}
+
+start()
+{
+	ebegin "Keeping root filesystem read-only"
+	eend 0
+}