blob: 3f27bb623aa3ff1dc97accb3e0ddea86194c7e74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# mkinitcpio-hook-neoshy
[](https://aur.archlinux.org/packages/mkinitcpio-hook-neoshy)
[](LICENSE)
[](#)
[](#)
๐ [README in Russian](README-ru.md)
Custom mkinitcpio hook to mount a container image from a block device before running the `encrypt` hook.
---
## ๐ก What it does
This hook is designed for setups where your encrypted root filesystem is stored *inside a container file* on a block device, not on the device itself.
It performs the following steps:
1. Mounts the block device specified by `src_dev=...`
2. Locates the container image via `src_img=...`
3. Attaches it to a loop device
4. Makes the loop device accessible to the `encrypt` hook via `cryptdevice=...`
---
## ๐งต Kernel cmdline usage
You must add the following parameters to your kernel cmdline:
```
src_dev=/dev/your_block_device src_img=/relative/path/to/container.img cryptdevice=/dev/loop0:your_crypt_name root=/dev/mapper/your_crypt_name
```
### Example
```
src_dev=/dev/nvme0n1p3 src_img=/crypto/rootfs.img cryptdevice=/dev/loop0:cryptroot cryptkey=/dev/sda5:0:3214325 crypto:::: root=/dev/mapper/cryptroot rw initrd=/Arch/initramfs-linux.img
```
> **Note:** Parameters `cryptdevice`, `cryptkey`, and `crypto` are provided and handled by the `encrypt` hook. This project does not implement or alter their behavior.
> For detailed information on how to use these parameters, refer to the [ArchWiki article on dm-crypt system configuration](https://wiki.archlinux.org/title/Dm-crypt/System_configuration).
> **Hint:** The loop device (`/dev/loop0`) is created by this hook when the container image is attached. In typical setups where no other loop devices are in use during early boot, this device will be `/dev/loop0`. You must pass that path to the `encrypt` hook via the `cryptdevice=...` parameter.
---
## ๐ฆ Installation
### โ
On Arch-based distros (AUR):
Install via your favorite AUR helper:
```bash
paru -S mkinitcpio-hook-neoshy
# or
yay -S mkinitcpio-hook-neoshy
```
Or manually:
```bash
git clone https://aur.archlinux.org/mkinitcpio-hook-neoshy.git
cd mkinitcpio-hook-neoshy
makepkg -si
```
### ๐ป On other distros (manual install):
```bash
make install
```
---
## ๐ง Configuration
After installation, add `neoshy` before `encrypt` in your `/etc/mkinitcpio.conf` `HOOKS` array:
```bash
HOOKS=(base udev autodetect modconf block keyboard neoshy encrypt filesystems fsck)
```
In some cases in order to correct setup system boot you also may need to add values in 'MODULES' array:
```bash
MODULES=(<your_modules> dm_mod dm_crypt xts sha256)
```
Then rebuild your initramfs:
```bash
sudo mkinitcpio -P
```
---
## ๐ License
MIT
Maintainer: Andrei A. Bykov <andreiab9019@gmail.com>
---
## ๐ Changelog
See [CHANGELOG.md](CHANGELOG.md) for full release history.
|