Currently, when trying to unpack or print the content of multiple
files, lsinitrd will decompress the image and pipe the decompressed
content to cpio to retrive each file if the image is compressed.
Which mean if we want to extract 10 files the image will be decompressed
10 times, which is a waste of time.
This patch will let lsinitrd decompress the image file to a temp file
first if multiple file names are given, then cpio will read from the
decompressed temp file, which will speed up a lot.
Time consumption test for command:
`lsinitrd initramfs-4.16.15-300.fc28.x86_64.img \
usr/lib/dracut/build-parameter.txt \
usr/lib/dracut/modules.txt \
etc/machine-id \
etc/hostname \
usr/lib/udev/rules.d/99-systemd.rules`
Before the patch:
2.37user 0.33system 0:02.12elapsed
After the patch:
0.50user 0.42system 0:00.72elapsed
There would be a more significant time difference if we try to
extract more files.
Before this patch, "--unpack" will always unpack the whole image.
Make "--unpack" be able to unpack only certain files, it will be
easier to retrieve files from initramfs image.
Signed-off-by: Kairui Song <kasong@redhat.com>
Add module for setting correct timezone.
References: bnc#830060
For now, this module will not be included automatically due to different
expectations (see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=981617)
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
A hostonly image will not include every possibly required kernel module,
so if any hardware or configuration changed, the image may fail to boot.
One way to know if there are any hardware change or configuration change
that will require an image rebuild or not is to check the loaded kernel
module list. If the loaded kernel module list differs from last build
time, then the image may require to be rebuilt.
This commit will let dracut record the loaded kernel module list when
the image is being built, so other tools or services can compare this
list with currently loaded kernel modules to decide if dracut should be
called to rebuild the image.
To retrieve the loaded kernel modules list when an image is built, use
lsinitrd command:
lsinitrd $image -f */lib/dracut/loaded-kernel-modules.txt
if rd.md.uuid is in ID_FS_UUID format with dashes
e40a0234-7e52-5f10-f267-658d8ec463fa
convert it for the /dev/disk/by-id/md-uuid-${uuid} format
e40a0234:7e525f10:f267658d:8ec463fa
Check for a common binary in systemdutildir. This resolves an issue on
split-usr systems, where it is common to have both /lib/systemd[/system]
and /usr/lib/systemd[/user] present.
Check for systemd-udevd specifically, since some distros (Gentoo) allow
udev to be installed without the rest of the systemd stack.
Similar logic is applied to udevdir simply for consistency.
This commit basically reverts 5ce7cc73
90-multipath-hostonly module was added in 5ce7cc73, because if hostonly
mode is enabled, multipath module will always hardcode wwids which
causes problems when the initramfs is cloned to another system with same
hardware.
Now with tri-state hostonly mode, the two modules could be merged and only
hardcode wwids when "strict" hostonly mode is enabled.
Only pick rules for interfaces which have a carrier in the running
system. Those interfaces will be assembled by udev to allow booting
from those devices (i.e. iSCSI).
Reference: FATE#323440
Add a new option --hostonly-mode which accept an <mode> parameter, so we have a tri-state hostonly mode:
* generic: by passing "--no-hostonly" or not passing anything.
"--hostonly-mode" has no effect in such case.
* sloppy: by passing "--hostonly --hostonly-mode sloppy". This
is also the default mode when only "--hostonly" is given.
* strict: by passing "--hostonly --hostonly-mode strict".
Sloppy mode is the original hostonly mode, the new introduced strict
mode will allow modules to ignore more drivers or do some extra job to
save memory and disk space, while making the image less portable.
Also introduced a helper function "optional_hostonly" to make it
easier for modules to leverage new hostonly mode.
To force install modules only in sloppy hostonly mode, use the form:
hostonly="$(optional_hostonly)" instmods <modules>
Signed-off-by: Kairui Song <kasong@redhat.com>
Dracut uses the module deps to determine module dependencies
but that only works for modules with hard symbolic dependencies.
Some modules have dependencies created via callback API's or other
methods which aren't reflected in the modules.dep but rather in
modules.softdep through the use of "pre:" and "post:" commands
created in the kernel with MODULE_SOFTDEP().
Since in dracut we are only concerned about early boot, this patch
only looks at the pre: section of modules which are already being
inserted in the initrd under the assumption that the pre: section
lists dependencies required for the functionality of the module being
installed in the initrd.
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
For EFI systems, the BLS fragments were stored in the EFI System Partition
(ESP) while in non-EFI systems it was stored in /boot.
For consistency, it's better to always store the BLS fragments in the same
path regardless of the firmware interface used.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The code in 50drm which tries to include all DRM drivers for
hardware attached to the system did not look for virtio devices.
So if the system is a VM using the 'virtio' graphics adapter,
the 'virtio-gpu' module which should be included is not. This
extends the code to also look for virtio devices.
https://bugzilla.redhat.com/show_bug.cgi?id=1593028
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Since the kernel doesn't allow using any non-FIPS-compliant crypto
algorithms, it doesn't make sense to install them. Even if they are
installed, tcrypt will not test them anyway.
Tested on Fedora 28 x86_64 by booting with fips=1 (with hand-patched
module-setup.sh).
This patch cleans up the default list of kernel modules in the 01fips
dracut module. All the algorithms that are tested in tcrypt are listed
by their algorithm name so that all the generic implementations and
drivers are picked up automatically based on the module alias.
This drops several unneeded modules and even a bogus one (rot13 -- this
one was obviously copy-pasted from tcrypt.c where it was listed as an
easter egg :).
The patch adds also some algorithms that weren't included in the
original set. It turns out in FIPS mode we only need those algorithms
that are marked as FIPS-allowed in testmgr.c (failure to find a non-FIPS
algorithm is ignored). The non-FIPS algorithms are further removed in a
subsequent patch.
since kmod-25 keyword "external" was implemented in order to avoid
additional actions(like weak-modules) when kernel was updated, which
makes it more simple while kernels' kabi were compatible.
but if move some special modules such as megaraid_sas, mpt3sas and
so on, to a external path like /opt/modules, these modules will not
be install to initramfs by default, which make the initramfs can't
be used to boot for disk detection failure.
according to kmod's document, you must specify a absolute path with
"external" keyword, so scan the lines in modules.dep that begin with
"/" and install them, to make sure necessary modules in external path
can be installed to initramfs too.
Signed-off-by: Hui Wang <john.wanghui@huawei.com>
After the $COMMAND case statement, the exit status of the last executed
command is added to the $ret variable.
But for the "add" pattern, this last executed command is an arithmetic
expression that also adds the exit status $? to the $ret variable. If
both $? and $ret are 0, then the arithmetic expression evaluates to 0
so is considered false and has an exit status of 1.
This makes the script to wrongly exit with an status code of 1 when it
should had been 0.
case "$COMMAND" in
add)
...
((ret+=$?))
# $ret is 0 here
;;
...
esac
((ret+=$?))
# $ ret is 1 here
exit $ret
Since $ret is set in the case statement, just exit with that status code
and remove the last arithmetic expression that wrongly sets $ret to 1.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The main 01fips module should always load all optimized/driver modules
of all relevant crypto algorithms (based on their aliases), so we can
drop this useless module.
Commit bf5c53a implements support for mounting LUKS devices with
detached headers; however, it assumes that the LUKS device sits on an
unpartitioned disk.
Mirroring the `rd.luks.serial` option, this commit implements the
`rd.luks.partuuid` cmdline option, supporting headless LUKS devices on
drive partitions.
When dracut silently produces a broken initramfs, then the system will
likely not boot and this can be very problematic. Typical use case is
after the kernel has been updated.
It appears that dracut is not protected against the BASH_ENV variable,
causing various scripts called by dracut to possibly fail or provide
wrong output (e.g. "ldd" is one of these).
Having a broken output for "ldd" makes the generated initramfs be not
usable, typically because vital binaries will be missing (e.g.
"awk", "udevadm", ...).
Note: because the shebang line cannot contain more than one argument,
the '--norc' option had to be removed. IMHO, it was useless anyway.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
In kdump, if dump-target is ssh on ipv6, we need to sync until ipv6 addr
is ready. Currently ip=auto6/dhcp6 provides such function. But in 1st kernel,
it is hard to know whether the ipv6 addr is got by dhcpv6 or SLAAC.
E.g ifcfg-eth* contains DHCPV6C=yes direction, but there is no dhcpv6
server in the network, and then after the system is up, the user
echo 1 > /proc/sys/net/ipv6/conf/eth0/autoconf && accept_ra by manual
to obtain a ipv6 addr. Or vice.
So this patch suggests to make dhcpv6 as auto6 fallback
Signed-off-by: Pingfan Liu <piliu@redhat.com>
If a process (maybe plymouth) was still pinning /oldroot, then shutdown
would
- kill -9 $pid
- umount_a
- umount_a
in a very short timeframe. A small sleep hopefully lets the scheduler free
up /oldroot in the mean time.
Kairui Song