Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Signed-off-by: Kairui Song <kasong@redhat.com>
It's like check_kernel_config, help to check if a kernel module is
enabled (cover built-in or compiled module case).
Signed-off-by: Kairui Song <kasong@redhat.com>
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
So we have a dependency cycle:
initqueue -> devexists hook -> root device ->
systemd-cryptsetup@.service -> remote-fs-pre.target -> initqueue
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
In the case of the s805x the drivers/hwmon directory contains the
scpi_hwmon kernel module.
On a running system, lsmod would output the following dependencies:
arm_scpi 24576 2 clk_scpi,scpi_hwmon
It means that if the clock driver is bundled in the initramfs it will
bring arm_scpi. But if scpi_hwmon is missing the scpi will be incomplete
and it can lead to crashes.
When the hwmon is bundled, no crash occurs
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some filesystem (e.g. ZFS, and btrfs subvolumes) don't use block
devices. Should they be mounted as `/`, `find_root_block_device`
yields nothing, hence dracut will append this problematic argument
to kernel cmdline:
root=/dev/block
On a machine that employ root ZFS on LUKS, which was setup with
an OpenPGP-encrypted key file, this argument renders that machine
unbootable. Remove that `root=/dev/block` manually could boot the
machine.
Let check if that device is a block device before write down `root`
argument. This is consistent with the check for block device in
`find_block_device`.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
D-Bus doesn't run in the initrd, so our usual trick of activating
custom systemd services from udev doesn't work.
So add a rule to create initqueue entries for each possible
connection.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Always add the nvmf.discover parameters to /etc/nvme/discovery
when parsing the dracut commandline, and rely on NVMe autodiscovery
when no parameters are given.
And modify the syntax to use a comma ',' as a separator for nvmf.discover
as the semicolon ':' is already used for the FC-NVMe transport address format.
Signed-off-by: Hannes Reinecke <hare@suse.de>
This was introduced with 6dafdda4a6, but
is actually caused by the fact that modules that have already been
installed cause dracut_install() to return without adding the module
to the hashmap. This can happen if an earlier-run dracut module chose
to install the same module. Now modprobe statements like:
softdep usb_storage post: uas
softdep uas pre: usb_storage
(which look weird, but are perfectly valid), cause
dracut_install() to enter an infinite recursion if and only if
at least one of the files has previously been installed by another
module.
Fix this by also adding already installed modules to the hashmap.
If there are any nonexistent libraries listed in /etc/ld.so.preload, ldd
prints error messages like:
ERROR: ld.so: object '/usr/lib64/libfoo.so.1' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
This causes resolve_deps() to return error, which leads to symlinks
(like usr/bin/awk) not being copied into the initrd.
Some modules are involved in the display output without to rely on
drm_crtc_init.
This is the case for the meson_dw_hdmi. This module need to be included
into the initramfs in both hostonly and generic modes.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
On arm, many drm drivers are located in the plaform bus.
Adding the platform bus will allow drm drivers to be included in the
initramfs when using hostonly mode.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If i contains a space, there is a need to protect the variable usage in some cases.
This will occurs when a next patch will enable platform bus with such case:
'/sys/bus/platform/devices/Fixed MDIO bus.0'
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some SoCs now have drivers that user devfreq in early init and fail
if the drivers are missing so make sure we have them in the initrd.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Introduce prefix `keysource:` for the values of `rd.luks.partuuid`,
`rd.luks.serial` and `rd.luks.uuid`.
If specified, ask for passphrase instead of waiting for keydevs to come
online.
In some cases, user only want to include the watchdog module, not the
wdctl or any other userspace helper. For example, systemd have a
RebootWatchdogSec option that use watchdog to prevent reboot hangs. And
it can help prevent machines hangs when reboot directly within the
initramfs stage. So split the module installation to a standlone module.
Also when watchdog-module get included, install driver for all loaded
watchdog instaed of only install driver for active watchdog. Both
watchdog and watchdog-module return 255 in check(), so it's enabled only
when manually included, the watchdog may get configured/activated later.
Signed-off-by: Kairui Song <kasong@redhat.com>
- use [ ] instead of calling test manually, as most of the script is
doing.
- use quotes in hostonly_cmdline blocks, specially when dealing with the
conf files, whose names are set by users/system administrators
- uefi_splash_image was being assigned set to `${dracutsysroot}...`, which
is a variable that doesn't exist.
- we don't want the conditional to run the output of fsfreeze as
commands. Instead, we just need to know if any of the fsfreeze commands
failed.
systemd lets stdout go to journal only. Usually, this is desired
behavior to ensure that plymouth does not get disrupted.
However in the 01fips case, the system has to halt when the integrity
check fails to satisfy FIPS requirements. So the user will not be able
to inspect the journal.
As this is special to the fips module, we introduce a fips_info() which
works like info(), but deviates the output to stderr when running with
systemd.
Reference: bsc#1164076
Users might see
"modprobe: FATAL: Module xyz not found in directory"
The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.
It now reads "Module xyz not found in directory"
Reference: bsc#1169997
Kairui Song