It is only installed on RHEL 8+, but as noted in the first commit
that tried to do this - 0bb9a683 - we already have branches for
all RHEL releases, so there's no point keeping such a conditional
on the master branch. After 0bb9a683, 51-dracut-rescue-postinst.sh
was re-added because Fedora 30 needed it, with a FIXME saying to
remove it after F30 was released. But instead of that happening, it
got changed to a conditional to install it on Fedora <= 30 or RHEL
<= 8 in 9e68789d and the FIXME was removed, then in 9eb1d1ed that
conditional was simplified to only refer to RHEL, so we wound up
with this situation.
Note the last two commits were never ported to the RHEL-8 branch,
so it's broken, I will send a separate PR for that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The underlying issues this was trying to solve is to get a cheap
workaround for the fact that (open)SUSE with atomic support moved
/etc stock files to /usr/etc in order to improve compatibility. But
now that even nsswitch.conf moved, this is no longer enough. And it
might be more trouble to support once it's in an official release.
So let's rather drop it now.
This reverts commit e0524af2bf.
From shellcheck:
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2039]: In POSIX sh, == in place of = is undefined.
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2193]: The arguments to this comparison can never be equal.
When in hostonly mode, 95fcoe module will still be installed even there
is no FCoE hostonly device. So use the new block_is_fcoe helper to check
for hostonly device in hostonly mode, avoid installing unneccessary module.
Signed-off-by: Kairui Song <kasong@redhat.com>
If fcoe module is loaded, the initramfs will always try load libfcoe
and bnx2fc, so also ensure they are installed if needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
When LDFLAGS contains ``-Wl,--as-needed``, the FTS library will be
ignored if it is specified before the .c source.
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
Fixes: 62f27ee6f1 ("configure: find cflags and libs for fts on musl")
dracut builds today are fairly verbose to start, but on top of
that many of the messages tend to liberally use the
exclamation point `!` which calls attention to them.
I see these a lot when looking at rpm-ostree build logs
and it'd be nicer if we were quiet when there wasn't
an actual problem.
In this specific case, if the builder is explicitly adding
`--omit=foo`, there's no reason for us to say:
`dracut: dracut module 'foo' will not be installed, because it's in the list to be omitted!`
We already print the command line to start, so the information
is there.
Demote this message to debug.
Sometimes, systems have more elaborate backends in nsswitch.conf,
the complexity of which we do not want in the initrd. SUSE systems
with atomic for instance, where those files may also reside in /usr/etc.
With this change, the unavaiable nsswitch.conf backends will be silently
ignored, and we still end up with all the information we need.
Reference: boo#1165366
dracutinstall picks up interpreters and includes bash despite
the users' wishes or expectations, as modules should not require
bashisms at runtime.
Fixes#951
This should've been part of #964. As mentioned there, the
`initrd-cryptsetup.target` approach was reverted in the end, and we went
back to relying in `remote-cryptsetup.target`:
https://github.com/systemd/systemd/pull/17467
So we do need to ship the enablement symlink for it.
For strict hostonly mode, only install currently loaded modules instead
of a bunch of driver that may not be needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Use udevadm to detect the required kernel modules to load a given
device. udevadm will follow the device chain, help detect all required
parent device drivers as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
check_block_and_slaves_all $func $dev should return 0, if $func return 0
for any checked device. Currently if any device don't have any sub
device, 1 is returned instead.
So remove the sub device checking statement. Also remove the same
statement in check_block_and_slaves, the "[[ -f $_x/dev ]]" in the for
loop is enought to ensure sub device exists.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Signed-off-by: Kairui Song <kasong@redhat.com>
It's like check_kernel_config, help to check if a kernel module is
enabled (cover built-in or compiled module case).
Signed-off-by: Kairui Song <kasong@redhat.com>
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
So we have a dependency cycle:
initqueue -> devexists hook -> root device ->
systemd-cryptsetup@.service -> remote-fs-pre.target -> initqueue
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
Daniel Molkentin