The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: (Norman Wilson) <norman@oclsc.org>
Cc: tuhs@tuhs.org
Subject: [TUHS] Re: Unix install & "standalone" package
Date: Tue, 05 Sep 2023 00:10:59 +0200	[thread overview]
Message-ID: <20230904221059.sF2G0%steffen@sdaoden.eu> (raw)
In-Reply-To: <9A989054DE79CE5059CBA74797391E39.for-standards-violators@oclsc.org>

Norman Wilson wrote in
 <9A989054DE79CE5059CBA74797391E39.for-standards-violators@oclsc.org>:
 |I don't remember any special many-programs-in-one binary
 |like busybox in any Unix from the days when Unix was simple
 |enough for me to understand.  That covers the entire lifetime
 |of the Research systems, but also System V and the BSDs and
 |their sundry offspring up into at least the 1990s.
 ...
 |Perhaps the question to ask is why such a magic program is
 |needed at all.  Is it just because programs like the shell
 |have become so large and unwieldy that they won't fit in
 |a small environment suitable for loading into an initramfs?

AlpineLinux as used on my vserver has busybox by default and can
cover most utitilities like that.  The lead developer Copa once
said something like "The idea is you install explicitly [if you
want something better]".  (It is a symlink farm that is
selectively replaced by installing "real" packages iirc.)

For my laptop it allows me easy boot management.
To save you the chatter ("Chatten" is the name of my tribe .. most
likely; could be Franken, Sueben .. and you know how it is): this
approach is much easier and smaller than having lots of static
binaries to copy around etc.

I do not use secure boot, i have on EFI only a kernel, busybox and
cryptsetup, and scripts (the laptop is named "kent")::

  ...
  drwxr-xr-x  4 root root     4096 Jul 15  2021  EFI/
  ...
  -rwxr-xr-x  1 root root      272 Feb  1  2022  kent.sh*
  -rwxr-xr-x  1 root root      313 Feb  1  2022  kent-direct.sh*
  drwxr-xr-x  1 root root      252 Oct  9  2022  ../
  -rwxr-xr-x  1 root root     4596 Feb  4  2023  linux-init-s1.sh*
  -rwxr-xr-x  1 root root     3646 Feb  4  2023  linux-init-lib.sh*
  -rwxr-xr-x  1 root root  5480120 Feb 11  2023  cryptsetup.static*
  -rwxr-xr-x  1 root root  1978368 Aug 15 18:51  busybox.static*
  -rwxr-xr-x  1 root root 10112672 Aug 26 18:44  ideapad-stage1.efi*

So kent.sh can be init(8) for the ideapad-stage1.efi Linux kernel
started via EFI as setup via efibootmgr(8) 

  Boot0001* kent HD(1,GPT,5d6d756b-5de2-4e5d-b043-8d4ae1bb6eb0,0x800,0x82000)/File(\ideapad-stage1.efi)root=/dev/nvme0n1p1 rootfstype=vfat init=/kent.sh

  #!/busybox.static sh
  #@ kent, step 1., via EFI.
  PART_ROOT=/dev/nvme0n1p8
  ROOT_DECRYPT='-t btrfs -o defaults,subvol=/crux/kent/root'
          PART_ROOT1=/dev/nvme0n1p8
          ROOT_DECRYPT1='-t btrfs -o defaults,subvol=/crux/kent/root.old'
  INIT_S2=/boot/kent-2.sh
  . /linux-init-s1.sh

and that allows me to unlock the harddisk.

We then boot via $INIT_S2 and kexec(8) a kernel from the encrypted
harddisk, so no code from EFI partition keeps on running.  (We
byte-compare the data from EFI with equal /boot/ files after
booting the real system.)

This allows nice and easy properties: only three files to track
(cryptsetup, busybox, kernel), almost same set of files in /boot/
and /media/efi aka EFI.  And ideapad-stage1.efi is the same kernel
that later runs, but later we have also additional dynamic modules
available.  Ie, every few weeks i copy /boot/ideapad-6_1.efi over
to be the new -stage1.efi.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

  parent reply	other threads:[~2023-09-04 22:11 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-04 14:44 [TUHS] " Norman Wilson
2023-09-04 14:55 ` [TUHS] " Vincenzo Nicosia
2023-09-04 17:20   ` Warner Losh
2023-09-04 19:05     ` Clem Cole
2023-09-05 17:03       ` Paul Winalski
2023-09-05 18:02         ` Clem Cole
2023-09-04 19:59     ` Theodore Ts'o
2023-09-04 23:51       ` Warner Losh
2023-09-04 17:18 ` Warner Losh
2023-09-04 22:10 ` Steffen Nurpmeso [this message]
2023-09-05 15:53   ` Steffen Nurpmeso
2023-09-06 17:50     ` Warner Losh
2023-09-07  0:11       ` Steffen Nurpmeso
2023-09-07 16:05         ` Warner Losh
2023-09-08 14:58           ` Theodore Ts'o
2023-09-08 13:56     ` Michael Kjörling
2023-09-08 23:38       ` Steffen Nurpmeso
2023-09-09 22:43         ` Steffen Nurpmeso
2023-09-11  4:10         ` Theodore Ts'o
2023-09-11 22:05           ` Steffen Nurpmeso
2023-09-05  1:07 ` Jonathan Gray
  -- strict thread matches above, loose matches on Subject: below --
2023-09-04  9:57 [TUHS] " Paul Ruizendaal via TUHS
2023-09-04 14:53 ` [TUHS] " emanuel stiebler
2023-09-04 17:07 ` Warner Losh
2023-09-04 18:21   ` Dan Cross
2023-09-05 11:15   ` Paul Ruizendaal via TUHS
2023-09-05 14:15     ` Clem Cole
2023-09-05 17:03     ` Warner Losh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230904221059.sF2G0%steffen@sdaoden.eu \
    --to=steffen@sdaoden.eu \
    --cc=norman@oclsc.org \
    --cc=tuhs@tuhs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).