{"id":17058763,"url":"https://github.com/smkent/initramfs","last_synced_at":"2026-05-19T09:06:54.607Z","repository":{"id":150156544,"uuid":"59957344","full_name":"smkent/initramfs","owner":"smkent","description":"Simple initramfs generator for Gentoo Linux","archived":false,"fork":false,"pushed_at":"2019-02-25T04:02:11.000Z","size":26,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-14T17:54:18.877Z","etag":null,"topics":["cryptsetup","gentoo","initramfs-generator","ssh"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smkent.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-29T18:13:08.000Z","updated_at":"2024-11-28T17:04:05.000Z","dependencies_parsed_at":null,"dependency_job_id":"d39f6205-cfde-47c7-a35b-dcf7e36aeda5","html_url":"https://github.com/smkent/initramfs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/smkent/initramfs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smkent%2Finitramfs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smkent%2Finitramfs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smkent%2Finitramfs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smkent%2Finitramfs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smkent","download_url":"https://codeload.github.com/smkent/initramfs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smkent%2Finitramfs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33209485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-19T07:54:09.561Z","status":"ssl_error","status_checked_at":"2026-05-19T07:54:08.508Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptsetup","gentoo","initramfs-generator","ssh"],"created_at":"2024-10-14T10:30:47.504Z","updated_at":"2026-05-19T09:06:54.591Z","avatar_url":"https://github.com/smkent.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Simple initramfs generator for Gentoo Linux\n\nThese tools generate the initramfs images I use on my Gentoo Linux machines.\nThese initramfs images are designed to be very simple, with only the following\nfeatures:\n\n* Assemble software RAID\n  ([md](https://raid.wiki.kernel.org/index.php/Linux_Raid)) devices\n* Prompt for the passphrase needed to mount a dm-crypt (cryptsetup) encrypted\n  root filesystem\n* Start a DHCP client and SSH server to allow an encrypted root filesystem\n  passphrase to be entered via SSH\n\nThese scripts were written with my particular setup in mind, and make a number\nof assumptions.\n\n## Prerequisites\n\nYour kernel must include all the hardware support needed for disk detection,\nnetworking, software RAID, filesystems, etc., as this initramfs does not load\nany kernel modules.\n\nTo build an initramfs image, the following programs must be installed:\n\n* [busybox](https://www.busybox.net/) (`sys-apps/busybox`)\n* If the root filesystem is encrypted:\n  * [cryptsetup](https://gitlab.com/cryptsetup/cryptsetup/)\n    (`sys-fs/cryptsetup`)\n  * [dhcpcd](http://roy.marples.name/projects/dhcpcd) (`net-misc/dhcpcd`)\n  * [OpenSSH](http://www.openssh.com/) (`net-misc/openssh`)\n* If the root filesystem is on a Linux software RAID (md) device:\n  * [mdadm](http://neil.brown.name/blog/mdadm) (`sys-fs/mdadm`)\n\nThe build tool will attempt to determine and include libraries needed for any\nof these executables that are linked dynamically, however initramfs\nconstruction will be simpler and more reliable for any binaries that are linked\nstatically. Currently, I am using a statically-linked version of busybox and\ncryptsetup. In general, packages may be statically linked on Gentoo Linux by\ninstalling them with `USE=\"static\"` set.\n\n## Usage\n\nTo create an initramfs image for the current machine, simply run:\n\n```shell\n$ sudo ./build-initramfs\n```\n\nThe initramfs will be saved to `initramfs.cpio.gz` in the same directory as the\nbuild script.\n\nTo create an initramfs image for another machine, you can override the\nhostname, root block device, and other options using command line arguments.\nRun `./build-initramfs --help` for a complete list.\n\n## Initramfs construction\n\nThe `build-initramfs` script follows this process to create an initramfs image:\n\n* Determine the root block device.\n  * If the root block device is encrypted, determine the underlying block\n    device.\n  * If the root block device is a software RAID (md) device, use the \"friendly\"\n    /dev/md/\\* named path if available instead of the numbered /dev/mdXXX name.\n    For example, prefer `/dev/md/root` over `/dev/md125`.\n* If the root block device is encrypted, determine the /dev/mapper/\\* name in\n  use, or fall back to `root_crypt` as a default.\n* Determine the current hostname\n* Determine the user to authorize ssh login keys for, or fall back to\n  `$SUDO_USER` if none specified\n* Install the needed character and block device nodes\n* Install executables and dynamically loaded libraries needed within the\n  initramfs\n* Create disk, DHCP client, and SSH server configuration\n  * To allow SSH login in the initramfs, authorized\\_keys are added from:\n    * `~/.ssh/id_rsa.pub`\n    * `~/.ssh/authorized_keys`\n    * Any `sshPublicKey` entries found for the specified user in the LDAP\n      database\n  * Re-use the same ED25519 and RSA host keys currently in use with OpenSSH on\n    the current machine (see below for security note)\n* Package and compress initramfs image\n\n## Security note\n\nWhen the SSH server is configured in the initramfs, the same ED25519 and RSA\nhost keys that OpenSSH currently uses are copied to the initramfs. If the root\nfilesystem of the current machine is encrypted, this means the SSH host keys\nare now stored in the initramfs, which is unencrypted. If unauthorized access\nis gained to the physical machine, the SSH host keys should be considered\ncompromised even though the root filesystem may be encrypted.\n\n## References\n\nInspiration for remote root filesystem unlock started with Debian cryptsetup's\ninstructions, available on a Debian installation at\n`/usr/share/doc/cryptsetup/README.remote.gz`. This file no longer seems to be\nDebian's current cryptsetup package, but [a copy of README.remote is\navailable](/doc/debian/README.remote). That file details Debian-specific\ninitramfs configuration instructions.\n\n## License\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\nSee [`LICENSE`](/LICENSE) for the full license text.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmkent%2Finitramfs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmkent%2Finitramfs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmkent%2Finitramfs/lists"}