On Wed 11 Jan 2023 00:17:44 +0000, Gervase wrote:
> On Sat, 2022-12-24 at 14:16 +0000, Gervase wrote:
> > Awhile back, I did have a look around the fix. From what I
> > remembered,
> > intrigeri's solution used a systemd shutdown 'script' to check for
> > devmaps or whatever of LVMs, ZFS partitions, etc... and runs specific
> > commands to umount the partitions.
>
> Apparently, I got confused. What I saw is the script called 'shutdown'
> from the mkinitcpio package used in Arch Linux (see
> https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/blob/master/shutdown
> ).
>
> What it does is (1) recursively umount the devices, (2) detaches loop
> back devices and then (3) disassembles stacked devices (i.e. encrypted
> devices, lvm and raid).
>
> In contrast, what intrigeri's solution SEEMS to do (I haven't done any
> experimentation using the solution) is provide a way for Debian's initrd
> process to "pivot" back to a systemd shutdown procedure within an
> initramfs environment, as opposed to running the Arch Linux shutdown
> script. This shutdown procedure differs from Arch Linux's because its
> initramfs infrastructure differs from Debian's, I assume?
It does final umount/swapoff &c:
https://github.com/systemd/systemd/blob/v252/src/shutdown/shutdown.c#L422
i.e. it's similar to arch's script, except it's 1) C code; 2) distro-agnostic;
and 3) a bit feature-limited.
I think if you want it to run arbitrary other commands (e.g. "zpool export
-a"), you would need more code.
I think for that you'd want systemdize /run/initramfs/shutdown
(i.e. be a copy of systemd's /bin/init), and then run some subset of
https://github.com/systemd/systemd/blob/v252/man/bootup.xml#L291-L330
Note that systemd can "be" the boot initrd, too, which is the previous flow
chart:
https://github.com/systemd/systemd/blob/v252/man/bootup.xml#L236-L288
AFAIK Debian initramfs-tools doesn't support this at all.
AFAIK ArchLinux supports this, but it is opt in (off by default).
Last time I looked (around Debian 10),
Debian dracut theoretically supported putting systemd in charge of boot initrd
(and shutdown initrd?), BUT
it also installed a zillion bits of coreutils that systemd itself doesn't use.
Since my goal was to REDUCE the attack surface of the boot initrd, I gave up on
dracut at the time.
> As intrigeri wrote in his instructions, the relevant scripts would need
> to be written for dismantling devices ('virtual' or physical) and placed
> in /usr/share/initramfs-tools/hooks/* (if I understood things
> correctly). So, if ZFS was installed as root, there would need to be a
> script for that and/or if LUKS was installed as root, there would need
> to be a script for that, etc...
I think it'd be better if /run/initramfs/shutdown used existing code -- either
/lib/systemd/systemd-shutdown/*.shutdown, or
maybe .service units, if that's appropriate.
But I confess I still do not understand how a "pure systemd" boot initrd +
shutdown initrd would actually look.
