Just install all `=crypto` drivers in the generic initramfs, because who
are we to decide which combinations are allowed in current and future
`cryptsetup`. We only could install blacklist filter in the future, if
there are modules, which are definetely not used and are huge in size.
- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
dracut-install triggers "ERROR: installing '/usr/lib/wicked/bin/*'"
when find_binary is being used to determine if wicked is installed
so let's just check for the wicked type service unit instead.
All device-mapper based devices, including device-mapper-multipath,
do reuse the udev db from the initramfs after switching to the root fs.
Therefore device-mapper devices have to be correctly initialized before
the udev daemon is stopped, to have the correct entries in the udev db.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1949076
Introducing the systemd-network-management meta module which will
allow distribution users and vendors to easily include
systemd + systemd's network management modules by simply include this
module instead of systemd network modules individually.
Obviously if the intent is to glue together somekind of network stack
out of random existing modules such as NetworkManager and or Wicked,
this meta module should not be enabled.
The system currently throws numerous nasty warning messages during
the boot, about ignored null bytes in input.
This patch adds a filter to the dd command, to filter these null
bytes out, and thus to prevent these warning messages.
Signed-off-by: Lev Veyde <lveyde@redhat.com>
- Removing dependency on the systemd meta module since it causes circular dependency,
prevents the existance of multiple systemd based meta modules and is redunant.
- Removing directory creation for modules-load since it should not be
necessary and if it turns out that it is, it will be re-introduced in the
form of a systemd tmpfile instead of inst_dir.
- Add a missing inclusion of configuration files placed in /usr/lib/modules-load.d
and /etc/modules-load.d ( hostonly ) directories.
- Fix a spelling error in the systemd type unit file conf directory overwrite
in the hostonly section.
Create the `/run/NetworkManager/initrd` directory before creating
`/run/NetworkManager/initrd/neednet`. Somehow on Fedora 32 this
directory is missing, when the script is running.
This fixes all NetworkManager tests for Fedora 32.
The watchdog module pulls in the device specific watchdog if that
module is enabled, but in the case where we need a generic initrd
we don't get all watchdog drivers which means if we have a watchdog
enabled for that usecase it may get kicked too late in the boot
process so we need the drivers in the initrd for the generic case too.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
* Correct the systemd generated sysroot.mount unit with the options
received by the DHCP request and do a `daemon-reload`.
* Inject the `nbd-client -check /dev/nbd0` in the finished initqueue.
* Reactivate the NBD tests and prepare them for NetworkManager tests.
Don't hard exit in `check()`. The transaction logic only checks if it
should/can include the module. Just return `255` and the `dbus` meta
module will pick its dependency.
Harald Hoyer