SoylentNews is people
SoylentNews
systemd's mkosi-initrd Talked Up As Better Alternative To Current Initrd Handling--Phoronix:
Red Hat engineer and systemd developer Zbigniew Jędrzejewski-Szmek presented on Monday at the Linux Plumbers Conference on a new design for inital RAM disks (initrd) making use of the new systemd mkosi-initrd project.
The mkosi-initrd approach paired with systemd system extensions is a fundamental shift from expecting initrd images to be built locally on user systems to something that can be done by distribution vendors with their build system. This can allow for better QA, embracing various modern security features, and more manageable initrd assets. Zbigniew summed up his LPC 2022 talk as:
Distributions ship signed kernels, but initrds are generally built locally. Each machine gets a "unique" initrd, which means they cannot be signed by the distro, the QA process is hard, and development of features for the initrd duplicates work done elsewhere.
Systemd has gained "system extensions" (sysexts, runtime additions to the root file system), and "credentials" (secure storage of secrets bound to a TPM). Together, those features can be used to provide signed initrds built by the distro, like the kernel. Sysexts and credentials provide a mechanism for local extensibility: kernel-commandline configuration, secrets for authentication during emergency logins, additional functionality to be included in the initrd, e.g. an sshd server, other tweaks and customizations.
Mkosi-initrd is a project to build such initrds directly from distribution rpms (with support for dm-verity, signatures, sysexts). We think that such an approach will be more maintainable than the current approaches using dracut/mkinitcpio/mkinitramfs. (It also assumes we use systemd to the full extent in the initrd.)
See the talk or go look at the PDF slides.
(Score: 5, Insightful) by hendrikboom on Friday September 16 2022, @11:09PM (8 children)
I run Devuan Linux. I have never had to involve myself in making an initrd. The installation procedure just installed the one that came with the distribution.
I see no reason why systemd needs to make this issue so difficult that they have to add another major new mechanism.
-- hendrik
(Score: 5, Insightful) by epitaxial on Friday September 16 2022, @11:43PM (6 children)
We didn't invent this, therefor it is old and bad.
Can't wait until they get tired of all the plaintext files in /etc and make it into a flat binary database instead. Maybe call it the registry...
(Score: 0, Spam) by antifa on Friday September 16 2022, @11:47PM (2 children)
Do we detect a systemd editorial bias on SN these days? Should we all be worried?
(Score: 2) by hendrikboom on Friday September 16 2022, @11:51PM
Know thine enemy.
(Score: 2) by JoeMerchant on Saturday September 17 2022, @02:52PM
Not just these days. The bias has been high and consistent, carrying over from the earliest days of SN and back deep into the history of the green site.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by sjames on Saturday September 17 2022, @01:45AM (2 children)
Caldera tried that years ago, but the demographic of Linux users leaned more knowledgable in those days. That was the first time I ever saw a representative try and fail to give away free install disks at a Linux enthusiasts meeting.
(Score: 2) by maxwell demon on Sunday September 18 2022, @11:13AM (1 child)
Caldera? The company that later bought and renamed itself into SCO, before acting as a Microsoft proxy against Linux?
I didn't know that they already tried to subvert Linux that early.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by sjames on Sunday September 18 2022, @03:55PM
The very same Caldera. The distro was a fork of RedHat with a few more bugs.
(Score: 3, Insightful) by JoeMerchant on Saturday September 17 2022, @02:50PM
>so difficult that they have to add another major new mechanism.
Isn't that the whole systemd M.O.? Major new mechanisms incompatible with the things they replace?
It would appear that resistance is futile, at least in mainstream markets.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end