remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed

qubes/boot.sh

@@ -70,27 +70,30 @@ unseal-key \
 # we know that the first 0x3400 bytes are the microcode
 INITRD_DIR=/tmp/initrd
 echo '+++ Unpacking initrd'
-mkdir -p $INITRD_DIR
-dd if="$INITRD" bs=256 count=52 | ( cd $INITRD_DIR ; cpio -i )
-dd if="$INITRD" bs=256 skip=52 | zcat | ( cd $INITRD_DIR ; cpio -i )
-
-# Update the /etc/crypttab in the initrd and install our key
-for dev in /dev/$CONFIG_QUBES_VG/*; do
-	uuid=`blkid $dev | cut -d\" -f2`
-	echo luks-$uuid /dev/disk/by-uuid/$uuid /secret.key
-done > $INITRD_DIR/etc/crypttab
+mkdir -p $INITRD_DIR/etc
+#dd if="$INITRD" bs=256 count=52 | ( cd $INITRD_DIR ; cpio -i )
+#dd if="$INITRD" bs=256 skip=52 | zcat | ( cd $INITRD_DIR ; cpio -i )
 
 mv /tmp/secret.key $INITRD_DIR/
 
+## Update the /etc/crypttab in the initrd and install our key
+## This is no longer required, now that dom0 /etc/crypttab has
+## the /secret.key specified.
+#for dev in /dev/$CONFIG_QUBES_VG/*; do
+#	uuid=`blkid $dev | cut -d\" -f2`
+#	echo luks-$uuid /dev/disk/by-uuid/$uuid /secret.key
+#done > $INITRD_DIR/etc/crypttab
+
 echo '+++ Repacking initrd'
-( cd $INITRD_DIR ; find . | cpio -H newc -o ) | gzip > /initrd.gz
+( cd $INITRD_DIR ; find . | cpio -H newc -o ) > /initrd.cpio
+cat "$INITRD" >> /initrd.cpio
 
 # command line arguments are include in the signature on this script,
 echo '+++ Loading kernel and initrd'
 kexec \
 	-l \
 	--module "${KERNEL} root=/dev/mapper/luks-$ROOT_UUID ro rd.qubes.hide_all_usb" \
-	--module /initrd.gz \
+	--module /initrd.cpio \
 	--command-line "no-real-mode reboot=no" \
 	"${XEN}" \
 || recovery "kexec load failed"

qubes/boot.sh.asc

@@ -1,10 +1,10 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQEUAwUAWOK7zw+UgFLd7L5oAQJ/vwf4yf9zRGeKC2pwDJcMoBww1A4E8LbxW8FF
-jdbojg8r5uvfuPeF0V7+BjnE5RItr1UiaClxryXpSwElSXNLoyQPdKbUaYr+w5R1
-jmwZpXxPkoCkUPpzsFl2JAvHe00d4isOU3rLOH6SJjN1VZDeOFGBkAeH5rr0kBpt
-A0WaMW1Qe9RIFDHbyx6sxWXTzMTwHxvskqd5oJojJRiRFlgsOhPY7FGCop0ajEAA
-PlYpupMtJQhJGpF4d/vF6nPTC2Trm5FSfK8lgrLwryxI4nSmPpPfXCfdscoid+2L
-bJuThLvSdV/0DE1rsNcxxMZmhrPK4AnKK6tvTXA/CK3nwEkNQhgn
-=OWVi
+iQEVAwUAWOQaag+UgFLd7L5oAQIYMQgA1W3mnxsd6Bln0ipvZtITN0cAoAdsnuG/
+Kt/2Usabu7lzdYNpBp9h+jmGDj1Jg+5wvKBXgYQXiPG0TuPNXqeih+X1NJbeXO3S
+BF6PXPEHkZlU7kDXUiPHVF9Hy2T6Kw45SQ5pEctATDYjO8SL/lVuxGRSXSiBdyW0
+PLEOHmVNh5C9LNtoGZmmRf8BkVpNc7LCZIkDWj29wNypaxBzv1AQmWBWTvWTSK3D
+CkFW10DbF3nJZNrPtTY4EOV2fynRsCZYN/O3ZyN5iZ9kAm8WXWcjqMBB7K/bE3dw
+KUb3E0pwyT+uAknT1pXPbcyx8hq6mvX0Fp+46UYovgx5KU+yQunItw==
+=0kHU
 -----END PGP SIGNATURE-----