If a non-default device mapper name is used for an encrypted partion is
used, (i.e. not luks-$UUID) due to parsing of /etc/crypttab, then the
short-circuits put in place to prevent asking the password twice do not
work.
This would not normally be an issue as the settled job itself should be
removed after it has run and thus cannot be run again. Sadly, due to
the corresponding udev rule using ACTION="add|changed", and the fact
that trying to unlock the device (whether successful or not) seems to
trigger a changed event, it means the settled job is recreated with
each itteration thus causing the whole loop to run again.
It is this situation that the short-circuit exits would normally come
into play but sadly do not work when non-standard names are used.
By the time the /tmp/cryptroot-asked-$2 file is written near the end of
the script, the value of $2 has already been lost due to the argument
parsing code's use of 'shift'. So while on systems where the default
name is used are protected by checking /dev/mapper/xxxx, the
/tmp/cryptroot-asked-$2 file didn't help on systems where this was not
used due to this bug.
So this commit shuffles things around somewhat such that:
1. The /dev/mapper/xxxx device is checked *after* resolving $2 (which
contains the default name) to whatever /etc/crypttab specifies.
2. The cryptroot-asked-xxxx file also uses the translated name both
for the initial check and to flag when it's written.
As a separate fix, it might make sense to change the udev rule to only
act on add events rather than add|change events, but I'm not sure of the
ramifications of such a change and there may be cases where the add
event is missed and thus the change event needs to be included.
Systemd tries to load this modules very early.
Even though they are not strictly required it it is a good
thing to have them around.
[Edited-by: Harald Hoyer: moved to installkernel() ]
if i18n_install_all is set to "yes", then install all keyboard layouts
and fonts regardless of the hostonly setting.
This way, people can switch keyboard layouts, without having to recreate
the initramfs.
On SuSE the DASD configuration is kept in udev rules, one rule
file per device. So add a new module for copying and creating
these rules during boot.
Signed-off-by: Hannes Reinecke <hare@suse.de>
znet_cio_free is a RedHat-specific tool, so do not install this
module on systems where the program is missing.
Signed-off-by: Hannes Reinecke <hare@suse.de>
normalize_dasd_arg is a RedHat specific script, so no point
installing this module if the script isn't present.
Signed-off-by: Hannes Reinecke <hare@suse.de>
The lvmetad daemon is not yet running in initramfs so there's no
need to run pvscan (or instantiate any lvm2-pvscan systemd service).
If pvscan was called in this case (either directly or via systemd
instantiated service), it would fail because there's no lvmetad
daemon to update. This could cause confusion, especially in systemd
instantiated service which is run only once!
If new kernels have modules split out, handle the case, where modules
have to modalias and just install them.
Also add the crypto drivers and names to host_modalias.
The global var setting was happening in a pipe and did not have an
effect.
Use <<<$() instead.
< <() cannot be used, because dracut is called in chroot's environments,
where /dev/fd does not point to /proc/self/fd, but bash wants
/dev/fd/<num> for this construct.
parse-resume.sh already contains all the code from resume-genrules.sh.
Also parse-resume.sh is executed before resume-genrules.sh, so there is
no point to keep the latter.
This fixes the following error messages:
dracut-initqueue: ln: failed to create symbolic link '/dev/resume': File exists
dracut-initqueue: rm: cannot remove '/lib/dracut/hooks/initqueue/settled/resume.sh': No such file or directory
dracut-initqueue: rm: cannot remove '/lib/dracut/hooks/initqueue/timeout/resume.sh': No such file or directory
Check for other possible fs types. This fixes swap detection when using
TuxOnIce kernel.
Note that parse-resume.sh generate udev rules with support for
ID_FS_TYPE=suspend, but we do not include it here, because it is
libvolume_id thing and host_fs_types is populated using blkid.
This is similar to the reason for adding the
/run/initramfs/live-baseloop symlink -- access to the original live
image without overlays.
livemedia-creator does not create a osmin.img, so there is no mountable
device for it to use when rsyncing the live image to the target. It
needs a device that points to the original live image without overlays.
Note that lmc won't be creating osmin.img, since really isn't needed any
longer. Its purpose was to provide a minimal image that could be dd'd to
the target. Now that we use rsync this is no longer necessary.
The included patch adds a /dev/mapper/live-base device that Anaconda can
use whether or not there is an osmin present.
mdadm-3.2.6+:
Incremental assembly rule contains "--offroot" arg. Update
regexp to catch this variant.
mdadm-3.3+:
Rules was splitted into two files: 63-md-raid-arrays.rules
and 64-md-raid-assembly.rules. Install them both and edit
the latter.
The 69-dm-lvm-metad.rules set some udev env. variables that makes it
possible to detect the right time to activate LVM on MD. The MD is very
similar to DM during activation - it's usable only after proper device
activation - the CHANGE event. We need to make a difference between a
CHANGE event that comes from this activation and CHANGE event that is
the outcome of the WATCH udev rule (otherwise we'd end up with LVM
activation done on each CHANGE event - which is wrong).
So we need the udev databse to be persistent during pivot to root fs
even for MD devices.
Configure cmdline to:
ip=br0:dhcp bridge=br0:bond0 bond=bond0:eth0
By default ifup bond0 will run dhcp on bond0, which is wrong. bond0
isn't the top interface. we should really run dhcp on br0.
So if we ifup an network interface on secondary stack, we should not
dhcp. Fix this issue with this patch.
The loop driver could be a module and would never be loaded, so the
iso-scan never takes place.
To let the iso-scan happen, it is now placed into the initqueue/settled
unconditionally.
Cached CMDLINE doesn't work 100%. For example the following case,
1. dracut starts to run dracut-cmdline.sh. CMDLINE is cached when calling
getarg 'rd.break=cmdline'.
2. In 92-parse-ibft.sh, ibft_to_cmdline() calls $(set_ifname ibft xx:xx..)
multiple times in each subshell.
3. In 1st call, set_ifname() will check $(getargs ifname) and write out
ifname=xxxx accordingly.
4. In 2nd call, set_ifname() will check $(getargs ifname) and it's wrong here.
Because in step 3, we introduce a new cmdline arg ifname=xxx, but CMDLINE
isn't updated. Thus we fail to get the new ifname arg.
It's doable to unset CMDLINE every time after a new cmdline arg is in. But
unset should be done in the parent process, because unset CMDLINE in a
subshell won't unset CMDLINE in its parent or sibling process. And also it's
painful to unset CMDLINE every time. In the future, functions and code
snippet could probably separate or move to other file, the unset CMDLINE could
malfunction again like this time.
So I'm thinking not to cache CMDLINE. It's doesn't hurt to re-read all the
cmdline args everytime. Because it's in initramfs, a non cached _getcmdline()
should be fast enough.
Please consider!
Thanks
WANG Chao
Previously if "$rootok" = 1, parsing of netroot command line arguments
was skipped. For multiple netroot arguments, all parse scripts have to
run.
Previously only the first netroot argument was taken into account for
the parsing scripts. Now every netroot argument is processed.
Fix 3 issues in ibft_to_cmdline():
- unset local variables at the beginning of each loop
- only write vlan.conf when we write out ip=xxx
- when vlan id is 0, don't write out vlan.conf. Because 0 means untagged
and we don't actually need vlan interface.
--persistent-policy <policy>:
Use <policy> to address disks and partitions.
<policy> can be any directory name found in /dev/disk.
E.g. "by-uuid", "by-label"
This prints the kernel command line parameters for the current disk
layout.
$ dracut --print-cmdline
rd.luks.uuid=luks-e68c8906-6542-4a26-83c4-91b4dd9f0471
rd.lvm.lv=debian/root rd.lvm.lv=debian/usr root=/dev/mapper/debian-root
rootflags=rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered
rootfstype=ext4
We only wait for master interfaces for bridge/bonding/team/vlan case.
If none of these complex network is configured, we should wait for
ethernet interface (bootdev) instead.
systemd uses vt102 as default term for tty:
commit acda6a0
Author: Lennart Poettering <lennart@poettering.net>
Date: Sun Apr 22 02:45:39 2012 +0200
default to v102 everywhere, instead of vt100, to synchronize with agetty
Signed-off-by: WANG Chao <chaowang@redhat.com>
Currently when action_on_fail is enabled, the emergency_shell won't be called.
In kdump even though user specify the default action as emergency_shell,
dracut skip it. Now change the implementation of action_on_fail to depend
on a file which is created by kdump when making kdump initrd, then remove it
at the beginning of kdump. This can solve the explicit emergency_shell problem.
And action_on_fail won't need paramenters, remove the relevant description in
dracut man page.
Signed-off-by: Baoquan He <bhe@redhat.com>
To eliminate a race condition that occurs when unlocking one device
depends on the result of unlocking a device before it, the crypt
module must wait for udev to settle between each unlock attempt.
Example
/etc/crypttab:
keyfile /dev/md1 none luks
sda4_crypt /dev/sda4 /dev/mapper/keyfile luks
sdb4_crypt /dev/sdb4 /dev/mapper/keyfile luks
Without this patch, sometimes /dev/sda4 fails to unlock because udev
doesn't have time to create /dev/mapper/keyfile before it's needed.
Prevents following error message:
I: *** Including module: crypt ***
/usr/lib/dracut/modules.d/90crypt/module-setup.sh: line 31: /etc/crypttab: No such file or directory
kernel-tegra is now part of the base kernel package, so bits and pieces
ended up modular, and as a result, if you boot off the internal USB, you
drop to a dracut shell with no way of getting to root.
In the kernel comments PARTUUID is shown using uppercase A-F:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/init/do_mounts.c?id=HEAD#n183
However, dracut tries to use the value of PARTUUID directly in
/dev/disks/by-partuuid/ which expects the hex to be lowercase. This will
cause root to never be found, oops!
Fix dracut so it can, like the Kernel, accept either casing.
Untested but I added a hack on my local system that was similar.
$NEWROOT/dev and its submounts should be umounted after we use it.
Otherwise it fails other scripts that umount /sysroot only.
Signed-off-by: WANG Chao <chaowang@redhat.com>
configured_ifaces is a function that returns the names of each interface
that the user wanted configured.
Currently, this is accomplished by reading the list from
/tmp/net.ifaces. But if we want to allow the user to specify an
interface by its MAC address or IP or something, we need a function that
will read the cache and convert the MACs etc. to names.
(Obviously this conversion only works once udev starts, so it will warn
you if you try it too early.)
Now that we can use a MAC as a device identifier, we can just bring up
the device specified by BOOTIF as a normal interface.
So instead of ignoring everything but BOOTIF, we'll put BOOTIF in the
IFACES list and bring it up as normal, defaulting to DHCP if nothing
else is specified.
We can also handle anaconda-style 'ksdevice=bootif' this way.
A MAC address is a unique identifier for a particular network interface.
We can use the MAC to generate udev rules to bring up that interface,
like we currently do with BOOTIF.
This patch allows interfaces to be specified as a MAC address, either
in the usual colon-separated form or the PXE-style dash-separated form.
(The latter is more useful on the commandline, since it allows for
arguments like: "ip=77-77-6f-6f-64-73:dhcp")
This is useful since it's common for a user who is booting a new OS for
the first time to know the MAC of the device, but not know what the
kernel name will be.
To set the default font for your distribution, add
i18n_default_font="latarcyrheb-sun16"
to your /lib/dracut/dracut.conf.d/01-dist.conf distribution config.
Scripts in dracut initqueue hooks are placed under
/usr/lib/dracut/hooks/initqueue/*/ directory.
And also start initqueue service when kernel cmdline has
rd.break=initqueue
Signed-off-by: WANG Chao <chaowang@redhat.com>
Currently in initrd, hardware clock is always considered to use UTC time
format and system time zone is also UTC. Thus system time isn't correct
if hw clock is localtime or we're using other time zone in real root.
To fix this, install /etc/adjtime and /etc/localtime to initrd. If not
using systemd, install /usr/sbin/hwclock for dracut init to setup system
time.
[harald: combined the two hostonly if's]
Signed-off-by: WANG Chao <chaowang@redhat.com>
Signed-off-by: Harald Hoyer <harald@redhat.com>
chroot load_policy will use selinuxfs which should be mounted
in $NEWROOT/sys/fs/selinux for Fedora 19, but because there's
no $NEWROOT/sys/fs, so later process will fail.
Fixing this by bind mount /sys to $NEWROOT/sys.
Signed-off-by: Dave Young <dyoung@redhat.com>
FIPS can work well in 1st kernel, but failed in kdump kernel. the
libssl.so.10 and related hmac file are needed. Now add it and it
works.
Signed-off-by: Baoquan He <bhe@redhat.com>
As per RHBZ #966162, parted stopped unconditionally using "p" as a
separator for dmraid device names in version 3.1, so other things need
to fall in line with that convention now.
This causes the root FS options to be incorrectly applied to to /usr
In some cases this can cause boot failure e.g. due to and XFS /usr
not supporting the 'acl' option from the ext4 root FS.
https://bugs.mageia.org/show_bug.cgi?id=9884
When dropped to emergency shell, for example, use rd.break=pre-pivot,
the PS1 won't correctly show current directory we're in:
pre-pivot:/# cd /sysroot/
pre-pivot:/#
(still shows "/")
Let's take a look at PS1 variable:
(I'm adding prefix/suffix 'x' to make it clear):
pre-pivot:/# echo x${PS1}x
xpre-pivot:/# x
(PS1 isn't dynamic)
Regarding the current dracut code, it should be:
pre-pivot:/# cd /sysroot/etc
pre-pivot:/sysroot/etc#
With this patch:
pre-pivot:/# echo x${PS1}x
xpre-pivot:${PWD}# x
(Now PS1 is dynamic, it will show the directory correctly)
I tested for both normal boot and kdump boot.
Signed-off-by: WANG Chao <chaowang@redhat.com>
now you can write grub entries like
set isofile="/Fedora-live.iso"
loopback loop $isofile
linux loop)/isolinux/vmlinuz iso-scan/filename=$isofile root=live:CDLABEL=Fedora-...
initrd (loop)/isolinux/initrd0.img
Currently the default action is emergency_shell when failure happened
during system boot. In kdump, this default may not be expected. E.g,
if dump target is not rootfs, it does not matter if mount root failed.
Adding an action which allow dracut always go ahead though failure
happens is needed by kdump.
So here add a function action_on_fail() and cmdline parameter
action_on_fail=<shell | continue>. Use action_to_fail() to replace
emergency_shell which was called after failure. By $(getarg action_on_fail=),
decide to drop into shell, or to leave away the failure and go ahead.
v3->v4:
add handling of selinux policy loaded failure, and change code format to
be consitent
Signed-off-by: Baoquan He <bhe@redhat.com>
[Edited by harald@redhat.com]
Currently dracut only support 1 bond, namyly bond0 by default. However multiple
bonds configuration may be needed. For example in kdump, in 1st kernel, more
than one bonds may be configured, and bondX other than bond0 is used as output
interface to remote host which will store dump core. This patch can solve this
problem, to write real bond information to initramfs, 2nd kdump kernel will
use it to create the relevant bondX interface.
Tested-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Baoquan He <bhe@redhat.com>
Team is the same network stack as bonding. Therefore give ifup the ability to
handle bridge over team and vlan tagged team as bonding too.
Signed-off-by: WANG Chao <chaowang@redhat.com>
Start the systemd-cryptsetup@luks-*.service for the detected crypto_LUKS
device in the initqueue, so we block in the initqueue and wait for the
password entry.
Previously I added several trace point to the begin of several
init hooks of systemd, old init script also need this debug info.
Doing same here as what's added in the systemd service scripts:
At cmdline hooks adding trace of "1+:mem 1+:iomem 3+:slab"
For other hooks adding trace of "1:shortmem 2+:mem 3+:slab"
Signed-off-by: Dave Young <dyoung@redhat.com>
The following change makes the check for the nbd port or named export
more robust.
I wasn't sure whether to include sed in the dracut_install() of
module-setup.sh since net already does that (and nbd depends on that).
Harald Hoyer