From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
Incorrect:
$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$
Correct:
$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Dracut currently calls `eu-strip` or `strip` with -g, which only strips
out .debug_* sections. symtab and strtab are kept, but are not required
for runtime, and people will rarely need to do binary level debugging
work in initramfs.
So introduce a --aggresive-strip options, try strip out all sections
that are not required for runtime. This can help reduce the binary size
by a lot.
For example, the size of libc.so is reduced by a lot when stripped
with no option than with -g.
3014184 libc-2.28.orig.so
2970920 libc-2.28.strip-g.so
1460904 libc-2.28.strip.so
Signed-off-by: Kairui Song <kasong@tencent.com>
If the configured compression command is unavailable, reset $compress,
and fall back to auto-detection. This allows building an initramfs
even if the configured compression command is not installed. This can
happen e.g. if the distribution uses a preconfigured default, but the
user deinstalled the respective tool.
If the compression method is unset, or had to be reset because of
missing dependencies, inform the user what's being used. Also,
replace the printf in the "cat" case with a dwarn.
There's no need to decompress the kernel modules in dracut, and
"$kcompress" is never referenced. dracut can build the initramfs
just fine if there's no tool for decompressing modules.
The new dracut-cpio binary is capable of performing copy-on-write
optimized initramfs archive creation, but due to the rust dependency
isn't built / installed by default.
This change adds a new "--enhanced-cpio" parameter for dracut which
sees dracut-cpio called for archive creation instead of GNU cpio.
Signed-off-by: David Disseldorp <ddiss@suse.de>
[[ -d $symlink ]] will return true if the symlink points to a directory.
So the symlink will not be copied, instead a directory is created with
the symlink name and the content is copied.
Signed-off-by: Kairui Song <kasong@redhat.com>
While including a directory using '--include' option, the file and
subdirectory names that begin with '.' are not included. Also, dracut
throws a warning message when a subdirectory is empty or only has
files or subdirectories that begin with '.'.
For example, while trying to include /tmpdata directory with the
below tree:
# tree -a /tmpdata
/tmpdata
├── .anothertestdir
├── testdir
│ └── .testsubdir
└── .testfile
dracut throws the below warning message:
# dracut --include /tmpdata /root
cp: cannot stat '/tmpdata/testdir/*': No such file or directory
#
and this is how the included /tmpdata directory tree looks:
# tree -a root
root
└── testdir
No file or directory beginning with '.' is included & also, copying
/tmpdata/testdir reported "No such file or directory" warning. Using
'.' instead of '*' in the below command will fix the warning whether
the directory being copied is empty or only has files or directories
that begin with dot:
$DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/*
Also, enable 'dotglob' temporarily to include files and directories
beginning with a `.' in the results of pathname expansion of source
directory being included.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Gummiboot was merged into systemd and official became systemd-boot in 2015 ( 6 years ago )
and no longer was being maintained as Gummiboot from that point.
It's safe to say distribution should have migrated to sd-boot by now so let's deprecate
it.
On systems with a large number of devices, usually multipath devices,
dracut can spend a lot of time stat'ing the devices to collect the
major/minor numbers, leading to huge slowness rebuilding the initramfs
when stat'ing devices is slow (seen with oracleasm file systems in
particular).
This commit implements a basic cache stored in a file under
DRACUT_TMPDIR storing the major:minor corresponding to the specified
device.
Reproducer: create N loopback devices used as a LVM extension to volume
group hosting the root file system
# LVMVG="rhel"
# NDEVICES=200
# mkdir devices; for i in $(seq 1 $NDEVICES); do
truncate -s 10m devices/$i; losetup loop$i devices/$i
done
# vgextend $LVMVG $(/bin/ls -1 /dev/loop[0-9]*)
With standard code (tested with RHEL8.3 dracut):
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug 2>&1
# grep -c "stat -L -c" /tmp/debug
2440
With this code:
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug_optim 2>&1
# grep -c "stat -L -c" /tmp/debug_optim
205
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Modern Linux kernels support zstd-compressed modules, which was added
by commit 73f3d1b48f50 ("lib: Add zstd modules").
Commit c3d7ef377eb ("kbuild: add support for zstd compressed modules")
added support of compressing modules with zstd to kernel Makefiles.
libkmod >= 28 built with libzstd is also required.
Currently when dracut search for btrfs device used for initramfs, it
assumes the mount points passed in with "--mount" are all mounted with
given mount path. If user want the device to be mounted to a different
location in initramfs, this will not be true.
eg. with "--mount '/dev/mapper/vol /sysroot btrfs rw,relatime,subvolid=256,subvol=/root'"
and having '/dev/mapper/vol' currently mounted on '/', will raise an
error:
ERROR: cannot access '/sysroot': No such file or directory
So search for actual mount point of given device.
Signed-off-by: Kairui Song <kasong@redhat.com>
When omitting a module from the command line via -o or --omit
it's expected that it behaves in the same manner as adding a module from the
command line as in it does not overwrite existing omissions of other modules in
configuration file(s).
It was not working anyway, so nobody used it for years.
If it is not used, just remove it.
mkinitrd-suse.sh will be maintained by SUSE as it is SUSE specific
anyway.
Try to make mksquashfs follow --compress option if squash module is
included, if not specified or invalid, fall back to use mksquashfs's
default compressor.
No function change, decide which compressor to use right before
compressing the initramfs.
This may delay the print of this message:
"dracut: no compression tool available. Initramfs image is going to be big."
but should be OK, this message is not an error.
Simplify the squash mount layout. Instead of overlay on each top
directory (/etc, /usr), just mount and switch_root into the squash
image, with a overlay on top of it.
Also install the binaries and setup scripts separately, so the squash
setup code and the squash image content is independent of each other,
all squash setup script and binaries can be deleted safely upon
switch_root.
With this change, previous squash clean up service and other tricky
implementations are all gone.
This commit depends on systemd commits from:
https://github.com/systemd/systemd/pull/18124
Previouly systemd doesn't recognize non-ramfs initramfs, now this is
doable with SYSTEMD_IN_INITRD=lenient
Signed-off-by: Kairui Song <kasong@redhat.com>
When a GZIP environment variable is set, this leads to various breakage:
In case 'pigz' is installed and GZIP is defined as a path, e.g.
/usr/local/bin/gzip, then dracut will fail with the following message:
"
pigz: abort: cannot provide files in GZIP environment variable
"
In case 'pigz' isn't installed and regular 'gzip' is used and GZIP is
defined as a path, e.g. /usr/local/bin/gzip, then the path will be
zipped and dracut will fail for no obvious reason. Trying again, dracut
will then fail with following message:
"
gzip: /usr/local/bin/gzip.gz already exists; not overwritten
"
In any case, GZIP environment should be unset to avoid breakage or
unwanted behaviour. This variable is anyway obsolescent, from gzip(1)
manpage.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
There is no `fstab_lines_l` variable used before.
The `--include` option was turned into `++include` and therefore the
switch option is not reachable anymore.
If SIGWHATEVER will be processed after fsfreeze -f, but before fsfreeze
-u we will end up with /boot/ never unfrozen, let's try to minimize risk of this.
Renaud Métrich