Fixes: 8e84fa726 ("fix(url-lib): shellcheck for modules.d/45url-lib")
Behaviour introduced by that commit made the following to be run:
curl "--globoff --location --retry 3 --fail --show-error" http://192.168.1.173:8000/test.ks
instead of:
curl --globoff --location --retry 3 --fail --show-error http://192.168.1.173:8000/test.ks
This broke downloading kickstart file in anaconda-dracut.
Gummiboot was merged into systemd and official became systemd-boot in 2015 ( 6 years ago )
and no longer was being maintained as Gummiboot from that point.
It's safe to say distribution should have migrated to sd-boot by now so let's deprecate
it.
The ldd output can contain the variable $LIB, which is a documented feature of
ldd. In a previous commit [0], dracut-install received support for this
variable, but that was later reverted [1] due to issues [2][3] on Gentoo ARM64.
The part before '=>' does not necessarily refer to an existing file (e.g. due
to the usage of $LIB) and thus [1] could be seen as a regression to anyone
that uses this ldd feature. This PR combines both cases together and whenever
it find a '$' character (i.e. a variable) on the left side of the '=>' symbol,
it uses the right hand path (and thus uses evaluation done by ldd), otherwise
falls back to the behavior set by [1].
Reproducer that was presented to me:
$ grep "ibz.so" /etc/ld.so.preload || cat << EOF >> /etc/ld.so.preload
/\$LIB/libz.so.1.2.11
EOF
$ mkdir -p /var/tmp/dracut.xitk6p/initramfs
$ strace /usr/lib/dracut/dracut-install -D /var/tmp/dracut.xitk6p/initramfs -l /bin/bash 2>&1|grep ibz
$ rm -rf /var/tmp/dracut.xitk6p/
[0] 45404a2
[1] 6d886bb
[2] #471
[3] https://bugs.gentoo.org/667752
Setting `DEBUG_MEM_LEVEL` in the build phase prevents
`setmemdebug()` to call `getargnum`, which would use `dracut-getarg`
in the initrd runtime phase.
No more:
```
modules.d/99base/dracut-lib.sh: line 217: dracut-getarg: command not found
```
On systems with a large number of devices, usually multipath devices,
dracut can spend a lot of time stat'ing the devices to collect the
major/minor numbers, leading to huge slowness rebuilding the initramfs
when stat'ing devices is slow (seen with oracleasm file systems in
particular).
This commit implements a basic cache stored in a file under
DRACUT_TMPDIR storing the major:minor corresponding to the specified
device.
Reproducer: create N loopback devices used as a LVM extension to volume
group hosting the root file system
# LVMVG="rhel"
# NDEVICES=200
# mkdir devices; for i in $(seq 1 $NDEVICES); do
truncate -s 10m devices/$i; losetup loop$i devices/$i
done
# vgextend $LVMVG $(/bin/ls -1 /dev/loop[0-9]*)
With standard code (tested with RHEL8.3 dracut):
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug 2>&1
# grep -c "stat -L -c" /tmp/debug
2440
With this code:
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug_optim 2>&1
# grep -c "stat -L -c" /tmp/debug_optim
205
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Modern Linux kernels support zstd-compressed modules, which was added
by commit 73f3d1b48f50 ("lib: Add zstd modules").
Commit c3d7ef377eb ("kbuild: add support for zstd compressed modules")
added support of compressing modules with zstd to kernel Makefiles.
libkmod >= 28 built with libzstd is also required.
Just install all `=crypto` drivers in the generic initramfs, because who
are we to decide which combinations are allowed in current and future
`cryptsetup`. We only could install blacklist filter in the future, if
there are modules, which are definetely not used and are huge in size.
- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Harald Hoyer