Transient snapshots can take advantage of smaller,
non-persistent metadata structures.
Make the --readonly option explicit rather than inferred
for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
With makepkg is it possible to build sources away from the PKGFILE. The
previous behavior was crash on build if this was setup. With this
patch we prevent this possibility.
Signed-off-by: Silvio Fricke <silvio.fricke@gmail.com>
`pkgver` and `pkgrel` now hard coded to 1. The PKGFILE will getting
changed on a `makepkg`-run.
To prevent some version crashes no commit with changes to `pkgver` and
`pkgrel` should be accepted.
Signed-off-by: Silvio Fricke <silvio.fricke@gmail.com>
On systemd, SIGPIPE is ignored by default; see man 5 systemd.exec for
IgnoreSIGPIPE=. As a result, lsinitrd.sh under a systemd service
outputs "cat: write error: Broken pipe" in the processing of
determining a compression format of a given initramfs file using cat
command in the write part of a pipeline processing.
For example, this is a log message of kdump.service in RHEL7.1,
-- Logs begin at Wed 2015-11-04 09:57:33 JST, end at Wed 2015-11-04 09:58:28 JST. --
Nov 04 09:57:33 localhost systemd[1]: Stopping Crash recovery kernel arming...
Nov 04 09:57:33 localhost kdumpctl[22545]: kexec: unloaded kdump kernel
Nov 04 09:57:33 localhost kdumpctl[22545]: Stopping kdump: [OK]
Nov 04 09:57:33 localhost systemd[1]: Starting Crash recovery kernel arming...
Nov 04 09:57:36 localhost kdumpctl[22553]: Detected change(s) in the following file(s):
Nov 04 09:57:36 localhost kdumpctl[22553]: /etc/kdump.conf
Nov 04 09:57:36 localhost kdumpctl[22553]: Rebuilding /boot/initramfs-3.10.0-229.el7.x86_64kdump.img
Nov 04 09:57:40 localhost dracut[24914]: Executing: /usr/sbin/dracut --hostonly --hostonly-cmdline -o "plymouth dash resume" -f /boot/initramfs-3.10.0-229.el7.x86_64kdump.img 3.10.0-229.el7.x86_64
...<cut>...
Nov 04 09:58:12 localhost dracut[24914]: *** Creating image file done ***
Nov 04 09:58:12 localhost dracut[24914]: Image: /boot/initramfs-3.10.0-229.el7.x86_64kdump.img: 18M
Nov 04 09:58:12 localhost kdumpctl[22553]: cat: write error: Broken pipe
Nov 04 09:58:12 localhost dracut[24914]: ========================================================================
Nov 04 09:58:12 localhost dracut[24914]: Version: dracut-033-240.el7
Nov 04 09:58:12 localhost dracut[24914]:
Nov 04 09:58:12 localhost dracut[24914]: Arguments: --hostonly --hostonly-cmdline -o 'plymouth dash resume' -f
Nov 04 09:58:13 localhost dracut[24914]:
Nov 04 09:58:13 localhost dracut[24914]: dracut modules:
Nov 04 09:58:13 localhost dracut[24914]: bash
kdump.service builds and loads an initramfs for kdump kernel using
kdumpctl command which uses dracut command and so lsinitrd command,
too.
Although there's no actual harm except for the error message, there
has been several inquiries from customers about this message so
far. We should suppress this message to reduce needless
communications.
To suppress the message, this commit cleans up the processing of
reading the first 6 bytes of a given initramfs file without cat
command.
Emacs has a whitelist of "safe" variables, using `setq` overrides
that and causes it to warn when opening any file by default.
Dropping the `setq` makes Emacs do the right thing.
Some hosting providers need a static route set in order to be
able to reach the default gateway. Be sure to retry adding
the default gateway after setting the static routes.
netbsd-iscsi is not available on RHEL
Beef up the testsuite to use the two targets over different
interfaces.
Test the new iSCSI parameters rd.iscsi.waitnet and rd.iscsi.testroute.
parse-cmdline sets up an initial initiator-name to let iscsid start.
iscsid is started before doing any iscsistart business.
iscsistart is done with systemd-run asynchrone to do things in
paralllel. Also restarted for every new interface which shows up.
If rd.iscsi.waitnet (default) is set, iscsistart is done only
after all interfaces are up.
If not all interfaces are up and rd.iscsi.testroute (default) is set,
the route to a iscsi target IP is checked and skipped, if there is none.
If all things fail, we issue a "dummy" interface iscsiroot to retry
everything in the initqueue/timeout.
This patch supports loading keys either on the _ima keyring or, as of
Linux 3.17, on the trusted .ima keyring. Only certificates signed by
a key on the system keyring can be loaded onto the trusted .ima keyring.
Changelog:
- Update 98integrity/README
Harald Hoyer