fsck_single() operates directly on the device, so fstab is not
necessary. fs-lib functions make sure fscks don't complain.
Code is only commented out just in case I missed something.
To not pollute dracut-lib.sh, all the fsck related functions were moved
to fs-lib.sh. The functions available are as follows:
- fsck_single
this will detect/verify filesystem, check if it has necessary tools and
check the filesystem respecting additional flags (if any), using
specific "driver" (or falling back to generic one). Currently
available: fsck_drv_{com,xfs,std}. 'com' is used for tools following
typical subset of options/return codes (e.g. ext, jfs), 'std' is used
for "unknown" fs and doesn't assume it can be run non-interactively.
Please see comments around the code for more info.
- fsck_batch
this will check provided list of the devices;
Both of the above functions will fake empty fstab, to make generic fsck
not complain too much (excact devices are always provided on the command
line).
"Known" filesystems currently: ext234, reiser, jfs, xfs
- det_fs
Small bug fixed - as this function is meant to be called in $(), it may
not be verbose.
Current behaviour is:
- if detection is successful, use its result
- if detection is not successful, and filesystem is provided, return
the provided one; otherwise use auto
Previously, '-a' was added for ext[234] filesystems if other
conflicting flag were not present. It's being done automatically
in fsck_drv_com() now (also for jfs and reiser).
The livenet module allows you to use a root arg like:
root=live:http://server.name/path/to/live.img ip=dhcp
The named live image will be downloaded with wget and then set up as the
root device.
It currently supports FTP, HTTP, and HTTPS. dracut will try to install
the CA bundle (/etc/ssl/certs/ca-bundle.crt) into the initramfs so that
SSL certificate checking will work properly.
If an HTTPS URL is given and the site fails the certificate check, the
file will be rejected and the system will not boot into it.
Signed-off-by: Will Woods <wwoods@redhat.com>
if a value of a key on the kernel command line includes wildcards, these
would be expanded.
E.g., if you have "key=/dev/sd*" the value would be substituted with
"/dev/sda /dev/sda1 /dev/sda2" instead of returning "/dev/sd*"
The script that was generated always returned the status of the last test
condition, potentially missing any earlier non-existing devices.
The change assures, that the script returns 0 only if all expected
devices are found.
Signed-off-by: Michal Soltys <soltys@ziu.info>
This module mounts an eCryptfs filesystem from the initial ramdisk using an
encrypted key.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This module initializes the EVM software and permits to load a custom IMA
policy.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This module initializes a trusted/user kernel master key that will be used
to decrypt other encrypted keys.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Mount the securityfs filesystem and make available its location through the
exported variable SECURITYFSDIR.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Currently in dracut busybox module, we hard-code the list of binaries
available in busybox. Actually we can get this list by running busybox
without any arguments.
Also, if find_binary() finds nothing, we would symlink $initdir/
which is not we expect.
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
As Ray Strode explains, plymouth --has-active-vt may fail if the user
passes console=ttyS0 or something other not corresponding to
console=tty0, because plymouth is outputing to the serial console and
not a VT in this case.
In the initrd, the init script and the sbin/cryptroot-ask script use
flock with different lock files for the console: /.console_lock and
/.console.lock respectively
Use common fsck and det_fs code. Verify filesystem type more
aggressively, which has a chance to be more resistant to
accidental mistakes.
Also, there's no need to generate custom fstab for the sake of fsck
anymore.
Signed-off-by: Michal Soltys <soltys@ziu.info>
This patch mainly adds fsck functionality to fstab-sys, with additional
sanity checks (checking for device existence, verifying fstype via
det_fs).
Signed-off-by: Michal Soltys <soltys@ziu.info>
Both functions will be used by rootfs-block and fstab-sys modules.
Both are based on code present in mount-root.sh, though few changes are
present.
det_fs:
will try to determine filesystem type for supplied device, even if it's
not auto. If fs cannot be detected, or if the detected one differs from
the supplied one - a warning is issued (so user can fix its stuff later)
wrap_fsck:
will call fsck for specific device with optionally additional
fsckoptions. The function returns fsck return value.
Signed-off-by: Michal Soltys <soltys@ziu.info>
If /proc/cmdline is empty (like if root=... is set in /etc/cmdline),
modules.d/99base/init will crash with a message saying "can't shift that
many" right before switch_root. The problem is in the block of code that
tries to look for init args. It does something like:
read CMDLINE </proc/cmdline
[...]
set $CMDLINE
shift
If CMDLINE="" then "set $CMDLINE" will dump all the variables to stdout.
(That should be "set -- $CMDLINE" instead.) Since there's no $1, the
"shift" causes an error, and dracut crashes.
The 'shift' was copy-and-pasted from the previous block. It doesn't
belong here; remove it.
[Harald Hoyer <harald@redhat.com>: corrected commit message]
[Harald Hoyer <harald@redhat.com>: fixed indention]
Signed-off-by: Will Woods <wwoods@redhat.com>
- also support FIPS on separate LVM partition
- use small settle loop to get /boot
- "set -e" has no effect, if we use "||"
- make fips work with encrypted root and seperate boot
- moved to pre-pivot to support /boot in /
Given that we boot into a modern Linux distribution with the "/run" toplevel
directory, we can easily mount move the whole /run directory to the real
root in the end and have the complete initramfs later on in
/run/initramfs. All log files and /run states are still accessible and
to save space /run/initramfs can be removed later on.
Because the kernel does not mount a tmpfs on /run prior to unpacking the
initramfs cpio image, we have to copy ourselves very early to a tmpfs
and mount it on /run.
Due to lazy umount the old initramfs binaries should
be removed in the end by switch_root.
This feature can be turned on with "--prefix".
Fixes long-standing FIXME
Latest isomd5sum added an option to abort media check with ESC key,
but that key is taken by plymouth for switching to the detailed log
messages, making it impossible to abort checkisomd5.
Tested in text mode.
While on some systems (like Fedora) rpc_pipefs is mounted
automatically when sunrpc module is loaded, on Debian based systems it
needs to be mounted manually.
Harald Hoyer