That way, the HMAC file can contain a relative path instead of an
absolute one. The issue is that right now the kernel RPM bakes the
`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
rpm-ostree systems (and any other system where the kernel isn't simply
in the top-level `/boot`.
For now, we're hacking around this in rpm-ostree:
https://github.com/coreos/rpm-ostree/pull/1934
Though I'd like to propose the same change in the kernel spec file.
There is a small regression in #343: when handling the 'separate boot
partition' case, we're checking for the kernel image in the wrong
location: `BOOT_IMAGE` is the `/boot`-relative path to the kernel image,
so `/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}` expands to e.g.
`/boot/mysubdir1/mysubdir2/mysubdir1/mysubdir2/vmlinuz...`.
We should be using `BOOT_IMAGE_NAME` here instead (and in fact, the next
if-statement does this correctly, so it might've just been accidentally
left out of #343).
For the shell scripts, new environment variables were introduced.
dracutsysrootdir is the root directory, file existence checks use it.
DRACUT_LDCONFIG can override ldconfig with a different one that works
on the sysroot with foreign binaries.
DRACUT_LDD can override ldd with a different one that works
with foreign binaries.
DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot
may use symlinks that are valid only when running on the target
so a real file must be provided that exist in the sysroot.
DRACUT_INSTALL now supports debugging dracut-install in itself
when run by dracut but without debugging the dracut scripts.
E.g. DRACUT_INSTALL="valgrind dracut-install or
DRACUT_INSTALL="dracut-install --debug".
DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA,
DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ,
DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4,
DRACUT_COMPRESS_CAT: All of the compression utilities may be
overridden, to support the native binaries in non-standard places.
DRACUT_ARCH overrides "uname -m".
SYSTEMD_VERSION overrides "systemd --version".
The dracut-install utility was overhauled to support sysroot via
a new option -r and fixes for clang-analyze. It supports
cross-compiler-ldd from
https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f
DRACUT_INSTALL_PATH was introduced so dracut-install can work with
a different PATH. In a cross-compiled environment (e.g. Yocto), PATH
points to natively built binaries that are not in the host's /bin,
/usr/bin, etc. dracut-install still needs plain /bin and /usr/bin
that are relative to the cross-compiled sysroot.
The hashmap pool allocate_tile/deallocate_tile code was removed
because clang-analyze showed errors in it. hashmap_copy was removed
because it wasn't used and clang-analyze showed errors in it.
DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were
introduced so dracut-install can use different settings from
DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
It looks like only the 'fips=1' is really supported and it is working
correctly. So instead of failing on 'fips' not clear way give user
information why we are failing.
Intel has notified us that some microcode updates are not safe
to be applied during runtime. To accomodate for that, microcode
files shipped by SUSE and openSUSE have an '.early' postfix such
that triggering
/sys/devices/system/cpu/microcode/reload
from a booted system cannot pick up the ucode by accident, while
still allowing the code to be picked up during initrd time.
This change is needed to make this scheme work also in a hostonly
situation.
Currently, this affects only 06-4f-01, which is now 06-4f-01.early.
If a distro does not change the filename, the behavior does not
change.
Reference: osc#1098915
The new qedi driver needs to be handled just like
the bnx2i driver, so update 95iscsi scripts to do this.
References: bsc#1113712
Signed-off-by: Lee Duncan <lduncan@suse.com>
Unmounting the image iso, detaching its loop device, and unmounting
its parent partition can simplify installation to the parent disk.
Note that programs or scripts using the /run/initramfs/live mount
point will fail.
Fixes these error messages during intird build:
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
cat: '/sys/devices/platform/host3/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
The goal of this module is to enable automatic loading of the
thermal/fan control modules on PowerPC based Macs, as on some
modular kernel configurations this will not happen automatically
which will result in the fans spinning up to 100% until they are
manually loaded.
This is especially a problem in live systems where it takes some
time to boot up and the spin-up happens before the system even
leaves initramfs.
Commmit 8a33e52e2f94 assumes that dracut's work is done if a root device
is found. This holds usually for booting computers, but it may be wrong
for other environments.
Only short-cut the waiting if $netroot is also set.
Fixes: 8a33e52e2f94 ("network: stop waiting for interfaces if root device is present")
References: bsc#1152006
On SLE15-SP1 at least, iscsiadm doesn't support combining --op and --login":
> # iscsiadm -m node -T iqn.2018-06.de.suse.zeus:01 --op=update --name=node.startup --value=onboot --login
> iscsiadm: Invalid parameters. Login/logout and op passed in
This breaks iSCSI login in initrd, and thus, iSCSI boot.
Fix it by not coalescing everything into a single iscsiadm command.
Fixes: a59b776bc215 ("Dracut: only login to one target at a time")
References: bsc#1152650
According to the dracut README, module code to be run in
the initrd must be POSIX-compliant. Replace remaining
bashisms (as reported by checkbashisms) with POSIX compliant
code.
The use of "type" is not strictly POSIX compliant, but it's
all over the place in dracut code. dash supports it, anyway.
In multipath scenarios, "iscsiadm -m node" may contain
several records with the same target.
There's no point in trying "iscsiadm --login" multiple
time for the same target, through the same portal.
Moreover, warn if the desired target is not on the node
list.
dracut waits for every iscsiroot connection to be established
before switching root. This is not necessary in multipath scenarios,
where a single path is usually sufficient to set up the root device,
and where users expect booting to succeed unless all paths are down.
Don't wait for the iscsi portal to start if the root device has
already been found.
For handling the configuration where there are two
paths to an iscsi root target, each using a different
NIC. In such a case, the initramfs was trying to configure
the first NIC, then call iscsiroot to login to both targets,
which would fail for the 2nd target, since the path to the
2nd target was not yet configured. This would eventually
work after a timeout. But it's better to login to just
one target at a time.
This change makes the initramfs handle multiple paths to an
iscsi target better by logging into only one target at a time,
rather than trying to login to all targets when only one of
several NICs is up.
This can be further optimized by using the initrd parameter
"rd.iscsi.testroute", which would skip iscsiadm login attempts
for targets to which no route exists.
If the script is called again via the timeout initqueue,
we try "iscsiadm -L onboot" again, hoping that some targets
may now have become reachable.
Harald Hoyer <harald@redhat.com>: Squashed commit of the following:
commit 4b5e5da6061983964a85d1671bd1c97c48ee76f1
Author: jbash aka John Bashinski <jbash@velvet.com>
Date: Thu Aug 1 13:21:35 2019 -0400
Documentation: add systemd warning for rd.luks.key, clean up related text
Currently it starts the cleaner early and do the clean up job if switch
root is called. It's better to just start the service only on switch
root to avoid any risk of service dependency failure and make is
simpler.
Signed-off-by: Kairui Song <kasong@redhat.com>
Before we check if dad is done we should first make sure,
that there is a link local address where we do the check.
Due to this issue, on ipv6 only setups sometimes dhclient started
asking for ip address, before the link local address was present
and failed immediately.
I'd like to rework CoreOS Ignition (which runs in the initramfs)
to include some values from the *real* `/etc/os-release` in
HTTP headers.
Looking at this, it turns out dracut eats almost all of the useful
information from it. I don't think `dracut` should be the `ID`
here...dracut's not an OS itself, it's a way to *build* little
operating systems. It'd be kind of like if Fedora's Koji
injected itself into `/etc/os-release`.
This code dates back a long time; not sure of all the rationale
behind it.
I changed it so that we keep extending the VERSION/PRETTY_NAME
with the dracut version, but otherwise "pass through" the
rest of the real `/etc/os-release` we were built from unchanged.
This change still supports Python 2.6 and 2.7 but loses support
for Python 2.5.
The reason for this change was that Fedora 30 does not ship
python-imgcreate but ships python3-imgcreate.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
The `README.md` was nearly empty. Move the travis bits into
`README`, then rename `README` to `README.md`.
This matches the Github standard. A major compelling feature
of Github is how prominently it displays a project's `README.md`,
so let's ensure ours has content.
Jonathan Lebon