Dracut currently calls `eu-strip` or `strip` with -g, which only strips
out .debug_* sections. symtab and strtab are kept, but are not required
for runtime, and people will rarely need to do binary level debugging
work in initramfs.
So introduce a --aggresive-strip options, try strip out all sections
that are not required for runtime. This can help reduce the binary size
by a lot.
For example, the size of libc.so is reduced by a lot when stripped
with no option than with -g.
3014184 libc-2.28.orig.so
2970920 libc-2.28.strip-g.so
1460904 libc-2.28.strip.so
Signed-off-by: Kairui Song <kasong@tencent.com>
It may happen that dracut-shutdown.service fails, for example on timeout
due to very low bandwidth.
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
unit doing dracut-shutdown.service cleanup needs to execute to make sure
switching root to an incomplete initramfs won't occur later.
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
Use nohup instead of disown, and let systemd track the service properly.
This makes the scripts POSIX compatible and bash is no longer needed.
Signed-off-by: Kairui Song <kasong@tencent.com>
The regular expression here is trying to handle various kernel
module compression schemas and was missing the zst extension
which indicates use of zstd.
Mailbox drivers might be needed by some of the devices used in the
initrd. For example, on the Raspberry Pi 4, the MMC 'sdhci-iproc' driver
depends on 'bcm2835-mailbox'.
Signed-off-by: Adrien Thierry <athierry@redhat.com>
The 69-dm-lvm-metad.rules udev rule has been removed from
the initrd, because it's been dropped by recent upstream
lvm versions, and it never performed any primary function
within the initrd. But, it did have the job of setting
LVM_MD_PV_ACTIVATED=1 for active md devices used by PVs.
That step needs to be restored, and is now included in
64-lvm.rules.
Change the command listing LVs from lvscan to lvs, and list
only the LV names that are being activated. Before attempting
to activate an LV, check that that LV name appears in the
lvs command output. This avoids wasting time running an
lvchange command that we know will fail.
Previously, the lvm device filter generated by dracut
would not be used if any lvm.conf file existed in the
initrd. Change this so that the generated filter will
be used when the included lvm.conf has no filter set.
Drop checking for options that have been available for
at least ten years. This simplifies code maintenance.
Add the new --nohints option (when available) to disable
the use of hints which is not useful during startup.
The --partial option will activate a linear (or other) LV
without segments for missing devices, which is unlikely to
be useful. The intention was to activate raid LVs in a useful
form while missing devices, which is specified with the option
--activationmode degraded.
This udev rule runs pvscan to autoactivate VGs, which dracut
does not want to do, and previously disabled by editing the
rule file and commenting out lines.
This also stops /dev/disk/by-id/lvm-pv-uuid-* symlinks from
being created in the initrd.
Remove support for modifying use_lvmetad and locking_type
settings in lvm.conf for lvm versions 2.2.*. Recent lvm
versions (2.3.*) do not include lvmetad or locking_type.
This cleanup simplifies code maintenance.
To use the lvm module with older versions (2.2), a user
would need to ensure that lvmetad settings are disabled
in the initrd's lvm.conf rather than relying on the lvm
dracut mode to modify their lvm.conf.
Not all distributions utilize and ship the mpathconf utilitiy.
Avoid error messages and systemd complaints about
multipathd-configure.service in this case.
In the long run, it's desirable to be able to drop dracut's copy of
multipathd.service and use the upstream one from multipath-tools instead.
This patch makes a step in that direction.
With these changes, the only remaining difference is the support for
rd.multipath=0 and rd_NO_MULTIPATH, which must obviously be ignored in the
upstream unit.
The modifications in this patch are minor and will have no effect in the
initramfs.
The dependency of multipathd on "udev settle" has recently been removed in
c9689b6 ("multipathd: Remove dependency on systemd-udev-settle.service").
But this dependency has never been necessary in the initramfs environment. It
was only required after switching root, because multipathd would potentially
tear down valid multipath maps after switching from initrd to root FS. This can
happen because dm devices "survive" the root FS switch in the udev data
base (they have the "db_persist" flag set), whereas their component devices
(SCSI etc) do not. But this can only happen after initrd-udevadm-cleanup-db.service
has been run, which happens after initrd processing.
The only dependency that's really needed is that on
systemd-udevd-kernel.socket, because multipathd depends on uevents for
devices being delivered via systemd-udevd.
During boot dracut parses the provided UUID to lower case and thus starts an
endless loop wating for the devise to appear. The device is actually mapped
correctly by the kernel (which doesn't tweak the UUID) but because we are
waiting for a name with lower charachters the expeted device never appers which
drops us at the emergency shell leaving the system unbootable.
This happens especially on nfts/fat filesystems because technically those don't
have a UUID but searial numbers which are used by the linux tools as UUID.
An example kernel command line option for this configuration
root=/dev/sda1 ro rd.live.image rd.live.overlay.overlayfs=1
The change checks if $FSIMG is empty and adds a symlink from
/run/rootfsbase to /run/initramfs/live and changes the place
of the creation of the required mount point directories.
Since wicked-0.6.67, its dbus configuration files can be installed in /etc or /usr/share.
Also, check if it's using libexec or lib instead of displaying always an error.
This is a workaround for GRUB2's Btrfs implementation, which doesn't
correctly handle gaps between extents.
A fix has already been proposed upstream via
https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00206.html
Given that this bug is severe, it makes sense to include this minimal
workaround.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The current detection routine for openssl-based libcurl assumes that
libcurl has its own hardcoded path to the ca-bundle. Fix the
cases where curl is compiled with:
--with-ca-fallback --without-ca-path --without-ca-bundle
In this case, we must also grep in OpenSSLs libcrypto.
Other changes:
- Filter reported but non-existant paths.
- Strip nul bytes returned by grep.
- Consider that ca-bundles might use '.pem' instead of '.crt'.
Original-patch-by: Daniel Molkentin <daniel.molkentin@suse.com>
Starting with kernel 5.17 the kernel supports the builtin privacy screens
built into the LCD panel of some new laptop models.
This means that the drm drivers will now return -EPROBE_DEFER from their
probe() method on models with a builtin privacy screen when the privacy
screen provider driver has not been loaded yet.
Make dracut add the privacy screen providing drivers to the initrd
(when necessary for hostmode=yes), so that drm drivers on affected
drivers can probe() successfully.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
If the configured compression command is unavailable, reset $compress,
and fall back to auto-detection. This allows building an initramfs
even if the configured compression command is not installed. This can
happen e.g. if the distribution uses a preconfigured default, but the
user deinstalled the respective tool.
If the compression method is unset, or had to be reset because of
missing dependencies, inform the user what's being used. Also,
replace the printf in the "cat" case with a dwarn.
There's no need to decompress the kernel modules in dracut, and
"$kcompress" is never referenced. dracut can build the initramfs
just fine if there's no tool for decompressing modules.
End with error, or show a warning when nonexistent device is specified for network setup like
`ip=10.12.8.12::10.12.255.254:255.255.0.0:xk12:eth0:off`.
I've added the error only for `write-ifcfg.sh`, as I think no such setup should be written.
Resolves: #1712424
Jóhann B. Guðmundsson