SoylentNews

systemd's mkosi-initrd Talked Up as Better Alternative to Current Initrd Handling

posted by hubie on Friday September 16 2022, @05:50PM   
from the we're-in-the-"extend"-phase dept.

upstart writes:

systemd's mkosi-initrd Talked Up As Better Alternative To Current Initrd Handling--Phoronix:

Red Hat engineer and systemd developer Zbigniew Jędrzejewski-Szmek presented on Monday at the Linux Plumbers Conference on a new design for inital RAM disks (initrd) making use of the new systemd mkosi-initrd project.

The mkosi-initrd approach paired with systemd system extensions is a fundamental shift from expecting initrd images to be built locally on user systems to something that can be done by distribution vendors with their build system. This can allow for better QA, embracing various modern security features, and more manageable initrd assets. Zbigniew summed up his LPC 2022 talk as:

Distributions ship signed kernels, but initrds are generally built locally. Each machine gets a "unique" initrd, which means they cannot be signed by the distro, the QA process is hard, and development of features for the initrd duplicates work done elsewhere.

Systemd has gained "system extensions" (sysexts, runtime additions to the root file system), and "credentials" (secure storage of secrets bound to a TPM). Together, those features can be used to provide signed initrds built by the distro, like the kernel. Sysexts and credentials provide a mechanism for local extensibility: kernel-commandline configuration, secrets for authentication during emergency logins, additional functionality to be included in the initrd, e.g. an sshd server, other tweaks and customizations.

Mkosi-initrd is a project to build such initrds directly from distribution rpms (with support for dm-verity, signatures, sysexts). We think that such an approach will be more maintainable than the current approaches using dracut/mkinitcpio/mkinitramfs. (It also assumes we use systemd to the full extent in the initrd.)

See the talk or go look at the PDF slides.

---

Original Submission

• Re:Sounds like modernization and improvement... Re:Sounds like modernization and improvement... (Score: 2) by sjames on Sunday September 18 2022, @06:43PM (1 child)

  by sjames (2882) on Sunday September 18 2022, @06:43PM (#1272298) Journal

  I think I booted my desktop about a month ago after a power issue. Same for the RPi behind the TV. But the difference between SysV and SystemD is best measured in seconds, so that's a lot of dane brammage for very little payoff. I probably burned enough time to make up for years of reboots trying to keep SystemD from messing with my network settings and breaking everything.

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:Sounds like modernization and improvement... (Score: 2) by JoeMerchant on Sunday September 18 2022, @08:56PM

  by JoeMerchant (3937) on Sunday September 18 2022, @08:56PM (#1272304)

  Well, two dozen colleagues at various sites around the country have settled on "vanilla Ubuntu" as the flavor of choice for our products, so I end up with systemd drain bramage at work anyway regardless of what I choose to struggle with at home.

  Actually, at home I rarely interact with systemd as anything but a user. It's my work stuff that has me fighting with services, dependencies, X can't run as root, Y has to run as root headaches.

  For home I'm presently messing around with Raspberry Pi Pico Ws which are cool for their low power requirements... I have one running on a solar cell in the yard running a 24-7 available webserver that can activate an ultrasonic dog whistle on demand... Unfortunately micropython, while easy to get going, isn't terribly stable when running threads on both cores.... And the C SDK stack is.... Formidable.

  By comparison the home Ubuntu and Raspberry Pi OS boxes are pretty much just appliances.

  --
  Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end

  Parent