Modern Linux kernels support zstd-compressed modules, which was added
by commit 73f3d1b48f50 ("lib: Add zstd modules").
Commit c3d7ef377eb ("kbuild: add support for zstd compressed modules")
added support of compressing modules with zstd to kernel Makefiles.
libkmod >= 28 built with libzstd is also required.
Just install all `=crypto` drivers in the generic initramfs, because who
are we to decide which combinations are allowed in current and future
`cryptsetup`. We only could install blacklist filter in the future, if
there are modules, which are definetely not used and are huge in size.
- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
dracut-install triggers "ERROR: installing '/usr/lib/wicked/bin/*'"
when find_binary is being used to determine if wicked is installed
so let's just check for the wicked type service unit instead.
All device-mapper based devices, including device-mapper-multipath,
do reuse the udev db from the initramfs after switching to the root fs.
Therefore device-mapper devices have to be correctly initialized before
the udev daemon is stopped, to have the correct entries in the udev db.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1949076
Currently when dracut search for btrfs device used for initramfs, it
assumes the mount points passed in with "--mount" are all mounted with
given mount path. If user want the device to be mounted to a different
location in initramfs, this will not be true.
eg. with "--mount '/dev/mapper/vol /sysroot btrfs rw,relatime,subvolid=256,subvol=/root'"
and having '/dev/mapper/vol' currently mounted on '/', will raise an
error:
ERROR: cannot access '/sysroot': No such file or directory
So search for actual mount point of given device.
Signed-off-by: Kairui Song <kasong@redhat.com>
Mikhail Novosyolov