ubuntu 下的文件系统initramfs解压缩

系统： ubuntu 16.04

解压镜像：/boot/initrd.img-4.15.0-107-generic

需要额外安装的工具：sudo apt-get install binwalk -y

1. 使用lsinitramfs工具查看initramfs的具体文件

lsinitramfs /boot/initrd.img-4.15.0-107-generic

2. 使用binwalk查看initramfs内包含的格式

binwalk /boot/initrd.img-4.15.0-107-generic 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000"
112           0x70            ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
232           0xE8            ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
356           0x164           ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
488           0x1E8           ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A"
28072         0x6DA8          ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
28672         0x7000          ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
28792         0x7078          ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
28916         0x70F4          ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
29048         0x7178          ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x0000002A", file size: "0x002DD400"
3032592       0x2E4610        ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
3033088       0x2E4800        gzip compressed data, from Unix, last modified: 2020-07-06 05:10:31
46149573      0x2C02FC5       Cisco IOS microcode, for ""
56593448      0x35F8C28       MySQL ISAM compressed data file Version 11

从上面可以看出，再3033088处开始，是gzip压缩格式的数据，从这是initramfs中的文件系统。
3. 解压

dd if=/boot/initrd.img-4.15.0-107-generic bs=3033088 skip=1 | zcat | cpio -id --no-absolute-filenames -v

bin  conf  etc  init  lib  lib64  run  sbin  scripts  usr  var

initrd使用lzma压缩的。那么解压时候就不能用zcat命令了。应该使用如下命令：

dd if=/mnt/casper/initrd bs=1540096 skip=1 | lzcat | cpio -id --no-absolute-filenames -v

lzcat=xz --format=lzma --decompress --stdout

4. 压缩

find . | cpio --quiet --dereference -o -H newc | gzip -9 > ~/new-initrd.gz

或

find . | cpio --quiet --dereference -o -H newc | lzma -7 > ~/new-initrd.lz

参考：

https://blog.csdn.net/xiaofeng_yan/article/details/83303544
https://www.computerhope.com/unix/xz.htm
https://askubuntu.com/questions/777260/how-to-repack-initrd-img
https://wiki.ubuntu.com/CustomizeLiveInitrd