From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
Incorrect:
$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$
Correct:
$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
During boot dracut parses the provided UUID to lower case and thus starts an
endless loop wating for the devise to appear. The device is actually mapped
correctly by the kernel (which doesn't tweak the UUID) but because we are
waiting for a name with lower charachters the expeted device never appers which
drops us at the emergency shell leaving the system unbootable.
This happens especially on nfts/fat filesystems because technically those don't
have a UUID but searial numbers which are used by the linux tools as UUID.
Patch 2fabaaa62d changed the behaviour for `dash`
under the assumption, that dash does not take parameters for `.` aka
`source`. Although this is true, the original positional parameters of
the `source_all` function are still in place, so everything is
fine with the old way of sourcing.
The kernel has an odd way to handle `"` surrounded parameters.
To handle the parameters as the kernel would do, no simple shell script
suffices, so a new utility `dracut-util` is introduced. Written in "C"
it handles `dracut-getarg` and `dracut-getargs` as the old shell script
functions `_dogetarg` and `_dogetargs` would.
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
This feature could be off loaded to memstrack, which have better
accurecy, better performance, and have more detailed tracing features.
Also simplify make_trace_mem a bit.
And currently rd.memdebug=4 is unstable, fails from time to time.
According to POSIX.1-2017, 2.6.2 Parameter Expansion:
${parameter%[word]} [...] The word shall be expanded to produce a
pattern.
This means if word contains variables that itself contain special
characters like asterisks or backslashes, these are treated as pattern
characters unless the variable is quoted. Try e.g. the following example
in bash, dash or (busybox) ash:
i='a\c'; j='\'; echo "${i%$j*}"
This prints "a\c" because "$j*" is expanded to "\*", escaping the
asterisk. In contrast,
i='a\c'; j='\'; echo "${i%"$j"*}"
produces the expected result "a" because the backslash is not specially
treated any more after quoting.
The quotes that this commit adds have been previously removed in commit
f9c96cf56f, citing issues with busybox
hush without further specifying the actual error. I tested a recent
busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b)
and couldn't find any problems. Note that the above example always
produces "a\c" in hush regardless of quoting $j, making hush unsuitable
for use with dracut, but using quotes in parameter expansions generally
works.
The unquoted variables break the "rd.luks.uuid/name" kernel command line
options in dracut 050 because
str_replace "$luksname" '\' '\\'
in modules.d/90crypt/parse-crypt.sh is not able to escape the
backslashes any more, see GH-723, GH-727: backslashes in the
systemd-cryptsetup@.service unit name stay unescaped for use in udev
(cf. commit 0f6d93eb9d), leading to
failures in starting the unit.
This partially reverts commit f9c96cf56f.
When DRACUT_SYSTEMD is set and DRACUT_QUIET=yes, vinfo returns 1. This
is a problem for hooks which end with vinfo, as then the hook returns 1.
Especially problematic if this is a shutdown hook, as it will be
restarted again and again.
This commit fixes that.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
If a process (maybe plymouth) was still pinning /oldroot, then shutdown
would
- kill -9 $pid
- umount_a
- umount_a
in a very short timeframe. A small sleep hopefully lets the scheduler free
up /oldroot in the mean time.
JobRunningTimeoutSec now affects how long can start jobs for device
units stay in the "running" state. Disabling default job timeout via
JobTimeoutSec=0 doesn't disable running state timeout. We need to set
running state timeout as well.
Note that doing this the other way around has effect on generic timeout,
i.e. disabling running state timeout disables generic timeout. But doing
it this way we would create implicit dependency on fairly new
systemd-234. However, by setting both options we don't create dependency
on specific systemd version.
Extend "rd.memdebug" to "4", and "make_trace_mem" to "4+:komem".
Add new "cleanup_trace_mem" to cleanup the trace if active.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
crypt/parse-crypt.sh generate initqueue job which always call
dev_unit_name() with an argument beginning with "-". This results
in the following error:
dracut-initqueue[307]: + systemd-escape -p -cfb4aa43-2f02-4c6b-a313-60ea99288087
dracut-initqueue[307]: systemd-escape: invalid option -- 'c'
When systemd's crypttab generator parsed crypttab, it tells
systemd about several devices which may not appear until later
in the boot sequence, and which are not needed while dract is running.
This can particularly happen when an md array is encrypted,
and the array is newly degraded so that it doesn't appear until
dracut runs mdraid_start.sh.
This can result in systemd printing warning messages which are
inappropriate.
So tell systemd that the timeout for each of these is zero.
This is involves splitting some functionality out of wait_for_dev()
That function does two things:
- creates 'finished' hooks so that dracut will wait for the device,
and
- sets the systemd timeout for the device to zero, so systemd doesn't
wait.
We only want the second of these for most encrypted devices.
So split that out into a new function set_systemd_timeout_for_dev(),
and call it from parse-crypt.sh
Signed-off-by: NeilBrown <neilb@suse.de>
--
This version fixes the missing redirect from /etc/crypttab
NeilBrown
Dracut will generate systemd units for additional devices that should be
brought up during boot, e.g. swap devices. These unit files are broken
symlinks with \ in the filename, e.g.
/etc/systemd/system/initrd.target.wants/dev-disk-by\x2duuid-e6a54f99\x2da4fd\x2d4931\x2da956\x2d1c642bcfee5e.device.
Both the backslash and the broken symlink causes problems for shell
scripts, [ -e "$file" ] isn't enough and read requires the additional -r
argument to not react on the \.
Add more corner cases from systemd's
unit_name_from_path_instance() C function.
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>