forge/pmaports
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

main/postmarketos-initramfs: add some sane mount options to /boot (MR 5089)

Browse source 
We won't want executables, suid executables, devices. We neither want
symbolic links in fat partitions. These have been taken from
systemd (Ref #2782)
This commit is contained in:
Pablo Correa Gómez 2024-04-30 21:45:14 +02:00
parent 2db5ff27fc
commit efc7ad99e4
No known key found for this signature in database
GPG key ID: 7A342565FF635F79
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
main/postmarketos-initramfs/APKBUILD
View file

@ -1,7 +1,7 @@
# Maintainer: Oliver Smith <ollieparanoid@postmarketos.org> # Maintainer: Oliver Smith <ollieparanoid@postmarketos.org>
# Co-Maintainer: Clayton Craft <clayton@craftyguy.net> # Co-Maintainer: Clayton Craft <clayton@craftyguy.net>
pkgname=postmarketos-initramfs pkgname=postmarketos-initramfs
pkgver=2.6.0 pkgver=2.6.1
pkgrel=0 pkgrel=0
pkgdesc="Base files for the postmarketOS initramfs / initramfs-extra" pkgdesc="Base files for the postmarketOS initramfs / initramfs-extra"
url="https://postmarketos.org" url="https://postmarketos.org"
@ -89,7 +89,7 @@ sha512sums="
ab41b45b0613f25a61114ed8c8b92bc53c60838f6e2e0ba18c76e5369b2984e6023a0661887692673aca3f647f268c468a468f6b1ac424cfee609017a89481dd 00-initramfs-base.files ab41b45b0613f25a61114ed8c8b92bc53c60838f6e2e0ba18c76e5369b2984e6023a0661887692673aca3f647f268c468a468f6b1ac424cfee609017a89481dd 00-initramfs-base.files
8a4adad3785af474b36a09a05f6a3b2c4b4f43aac331a53b903abfa51ea12be1e3d1d807b7a6e66a1346815f3b0044daf8cd62e21e2dc75d2db13ee265a72985 00-initramfs-extra-base.files 8a4adad3785af474b36a09a05f6a3b2c4b4f43aac331a53b903abfa51ea12be1e3d1d807b7a6e66a1346815f3b0044daf8cd62e21e2dc75d2db13ee265a72985 00-initramfs-extra-base.files
b1462989633c65a102e7ae7ced9c41a00673b4c7434cd3fe16c229c39bb870d7e850b0d317487191b7d7ca32c75b2eed1561b1facf405bd4d876d32c71badcf3 init.sh b1462989633c65a102e7ae7ced9c41a00673b4c7434cd3fe16c229c39bb870d7e850b0d317487191b7d7ca32c75b2eed1561b1facf405bd4d876d32c71badcf3 init.sh
fe9fd7ae5bedf393e96a9fa771396a1aa8b17ba97155070789186cd2e2fa32ab8bf7d003cb88bbe620b4c7713f4086affbede816afdc1b47881d31448bad0862 init_functions.sh 3fd2efbc6fc375bbba67b313b0a9e41805b95fb7d9b06959d0b08fb626ba425d31f748df961ac92c1fb4454be796a95a8bc68d28964f4a3c1ba6a1d85de0ca1b init_functions.sh
ba3275a9af788c7c782322a22a0f144d5e50e3498ea6886486a29331f23ae89cd32d500a3635cfa7cab369afba92edc18aeca64ccbf0cd589061cce23d15b46c unudhcpd.conf ba3275a9af788c7c782322a22a0f144d5e50e3498ea6886486a29331f23ae89cd32d500a3635cfa7cab369afba92edc18aeca64ccbf0cd589061cce23d15b46c unudhcpd.conf
675e7d5bee39b2df7d322117f8dcaccc274d61beaf4d50ead19bbf2109446d64b1c0aa0c5b4f9846eb6c1c403418f28f6364eff4537ba41120fbfcbc484b7da7 mdev.conf 675e7d5bee39b2df7d322117f8dcaccc274d61beaf4d50ead19bbf2109446d64b1c0aa0c5b4f9846eb6c1c403418f28f6364eff4537ba41120fbfcbc484b7da7 mdev.conf
" "

8
main/postmarketos-initramfs/init_functions.sh
View file

@ -321,7 +321,8 @@ get_partition_type() {
# /sysroot/boot (rw), after root has been mounted at /sysroot, so we can # /sysroot/boot (rw), after root has been mounted at /sysroot, so we can
# switch_root to /sysroot and have the boot partition properly mounted. # switch_root to /sysroot and have the boot partition properly mounted.
mount_boot_partition() { mount_boot_partition() {
partition=$(find_boot_partition) partition="$(find_boot_partition)"
local mount_opts="-o nodev,nosuid,noexec"
# We dont need to do this when using stowaways # We dont need to do this when using stowaways
if grep -q "pmos.stowaway" /proc/cmdline; then if grep -q "pmos.stowaway" /proc/cmdline; then
@ -329,10 +330,9 @@ mount_boot_partition() {
fi fi
if [ "$2" = "rw" ]; then if [ "$2" = "rw" ]; then
mount_opts=""
echo "Mount boot partition ($partition) to $1 (read-write)" echo "Mount boot partition ($partition) to $1 (read-write)"
else else
mount_opts="-o ro" mount_opts="$mount_opts,ro"
echo "Mount boot partition ($partition) to $1 (read-only)" echo "Mount boot partition ($partition) to $1 (read-only)"
fi fi
@ -347,7 +347,7 @@ mount_boot_partition() {
vfat) vfat)
echo "Detected vfat filesystem" echo "Detected vfat filesystem"
modprobe vfat modprobe vfat
mount_opts="-t vfat $mount_opts" mount_opts="-t vfat $mount_opts,umask=0077,nosymfollow"
;; ;;
*) echo "WARNING: Detected unsupported '$type' filesystem ($partition)." ;; *) echo "WARNING: Detected unsupported '$type' filesystem ($partition)." ;;
esac esac