dev_t -> major/minor number mapping is more complicated than the
incorrect major=(dev_t >> 8) minor=(dev_t & 0xff) mapping that we
currently perform. Fix mapping to match Linux / glibc behaviour.
Fixes: https://github.com/dracutdevs/dracut/issues/1695
Reported-by: Ethan Wu <ethanwu10@gmail.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
This tests dracut-cpio's handling of rmajor / rminor values compared to
GNU cpio. The test requires root, due to mknod invocation for block
device node creation.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The code for determining local interface and address works
only for peers that are reachable in a single hop.
This is parsed correctly:
192.168.110.1 dev br0 src 192.168.110.160 uid 0 \ cache
But this isn't:
192.168.1.4 via 192.168.110.1 dev br0 src 192.168.110.160 uid 0 \ cache
Fix it.
Fixes: ceca74cc ("dracut-functions: add ip_params_for_remote_addr() helper")
From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
Incorrect:
$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$
Correct:
$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Dracut currently calls `eu-strip` or `strip` with -g, which only strips
out .debug_* sections. symtab and strtab are kept, but are not required
for runtime, and people will rarely need to do binary level debugging
work in initramfs.
So introduce a --aggresive-strip options, try strip out all sections
that are not required for runtime. This can help reduce the binary size
by a lot.
For example, the size of libc.so is reduced by a lot when stripped
with no option than with -g.
3014184 libc-2.28.orig.so
2970920 libc-2.28.strip-g.so
1460904 libc-2.28.strip.so
Signed-off-by: Kairui Song <kasong@tencent.com>
It may happen that dracut-shutdown.service fails, for example on timeout
due to very low bandwidth.
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
unit doing dracut-shutdown.service cleanup needs to execute to make sure
switching root to an incomplete initramfs won't occur later.
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
Use nohup instead of disown, and let systemd track the service properly.
This makes the scripts POSIX compatible and bash is no longer needed.
Signed-off-by: Kairui Song <kasong@tencent.com>
The regular expression here is trying to handle various kernel
module compression schemas and was missing the zst extension
which indicates use of zstd.
Mailbox drivers might be needed by some of the devices used in the
initrd. For example, on the Raspberry Pi 4, the MMC 'sdhci-iproc' driver
depends on 'bcm2835-mailbox'.
Signed-off-by: Adrien Thierry <athierry@redhat.com>
The 69-dm-lvm-metad.rules udev rule has been removed from
the initrd, because it's been dropped by recent upstream
lvm versions, and it never performed any primary function
within the initrd. But, it did have the job of setting
LVM_MD_PV_ACTIVATED=1 for active md devices used by PVs.
That step needs to be restored, and is now included in
64-lvm.rules.
Change the command listing LVs from lvscan to lvs, and list
only the LV names that are being activated. Before attempting
to activate an LV, check that that LV name appears in the
lvs command output. This avoids wasting time running an
lvchange command that we know will fail.
Previously, the lvm device filter generated by dracut
would not be used if any lvm.conf file existed in the
initrd. Change this so that the generated filter will
be used when the included lvm.conf has no filter set.
Drop checking for options that have been available for
at least ten years. This simplifies code maintenance.
Add the new --nohints option (when available) to disable
the use of hints which is not useful during startup.
The --partial option will activate a linear (or other) LV
without segments for missing devices, which is unlikely to
be useful. The intention was to activate raid LVs in a useful
form while missing devices, which is specified with the option
--activationmode degraded.
This udev rule runs pvscan to autoactivate VGs, which dracut
does not want to do, and previously disabled by editing the
rule file and commenting out lines.
This also stops /dev/disk/by-id/lvm-pv-uuid-* symlinks from
being created in the initrd.
Remove support for modifying use_lvmetad and locking_type
settings in lvm.conf for lvm versions 2.2.*. Recent lvm
versions (2.3.*) do not include lvmetad or locking_type.
This cleanup simplifies code maintenance.
To use the lvm module with older versions (2.2), a user
would need to ensure that lvmetad settings are disabled
in the initrd's lvm.conf rather than relying on the lvm
dracut mode to modify their lvm.conf.
Not all distributions utilize and ship the mpathconf utilitiy.
Avoid error messages and systemd complaints about
multipathd-configure.service in this case.
In the long run, it's desirable to be able to drop dracut's copy of
multipathd.service and use the upstream one from multipath-tools instead.
This patch makes a step in that direction.
With these changes, the only remaining difference is the support for
rd.multipath=0 and rd_NO_MULTIPATH, which must obviously be ignored in the
upstream unit.
The modifications in this patch are minor and will have no effect in the
initramfs.
The dependency of multipathd on "udev settle" has recently been removed in
c9689b6 ("multipathd: Remove dependency on systemd-udev-settle.service").
But this dependency has never been necessary in the initramfs environment. It
was only required after switching root, because multipathd would potentially
tear down valid multipath maps after switching from initrd to root FS. This can
happen because dm devices "survive" the root FS switch in the udev data
base (they have the "db_persist" flag set), whereas their component devices
(SCSI etc) do not. But this can only happen after initrd-udevadm-cleanup-db.service
has been run, which happens after initrd processing.
The only dependency that's really needed is that on
systemd-udevd-kernel.socket, because multipathd depends on uevents for
devices being delivered via systemd-udevd.
During boot dracut parses the provided UUID to lower case and thus starts an
endless loop wating for the devise to appear. The device is actually mapped
correctly by the kernel (which doesn't tweak the UUID) but because we are
waiting for a name with lower charachters the expeted device never appers which
drops us at the emergency shell leaving the system unbootable.
This happens especially on nfts/fat filesystems because technically those don't
have a UUID but searial numbers which are used by the linux tools as UUID.
An example kernel command line option for this configuration
root=/dev/sda1 ro rd.live.image rd.live.overlay.overlayfs=1
The change checks if $FSIMG is empty and adds a symlink from
/run/rootfsbase to /run/initramfs/live and changes the place
of the creation of the required mount point directories.
Since wicked-0.6.67, its dbus configuration files can be installed in /etc or /usr/share.
Also, check if it's using libexec or lib instead of displaying always an error.
This is a workaround for GRUB2's Btrfs implementation, which doesn't
correctly handle gaps between extents.
A fix has already been proposed upstream via
https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00206.html
Given that this bug is severe, it makes sense to include this minimal
workaround.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The current detection routine for openssl-based libcurl assumes that
libcurl has its own hardcoded path to the ca-bundle. Fix the
cases where curl is compiled with:
--with-ca-fallback --without-ca-path --without-ca-bundle
In this case, we must also grep in OpenSSLs libcrypto.
Other changes:
- Filter reported but non-existant paths.
- Strip nul bytes returned by grep.
- Consider that ca-bundles might use '.pem' instead of '.crt'.
Original-patch-by: Daniel Molkentin <daniel.molkentin@suse.com>
Starting with kernel 5.17 the kernel supports the builtin privacy screens
built into the LCD panel of some new laptop models.
This means that the drm drivers will now return -EPROBE_DEFER from their
probe() method on models with a builtin privacy screen when the privacy
screen provider driver has not been loaded yet.
Make dracut add the privacy screen providing drivers to the initrd
(when necessary for hostmode=yes), so that drm drivers on affected
drivers can probe() successfully.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
If the configured compression command is unavailable, reset $compress,
and fall back to auto-detection. This allows building an initramfs
even if the configured compression command is not installed. This can
happen e.g. if the distribution uses a preconfigured default, but the
user deinstalled the respective tool.
If the compression method is unset, or had to be reset because of
missing dependencies, inform the user what's being used. Also,
replace the printf in the "cat" case with a dwarn.
There's no need to decompress the kernel modules in dracut, and
"$kcompress" is never referenced. dracut can build the initramfs
just fine if there's no tool for decompressing modules.
End with error, or show a warning when nonexistent device is specified for network setup like
`ip=10.12.8.12::10.12.255.254:255.255.0.0:xk12:eth0:off`.
I've added the error only for `write-ifcfg.sh`, as I think no such setup should be written.
Resolves: #1712424
dracut does not install the kernel module of the block device that contains
the root filesystem if the following preconditions are met:
- Running in host-only mode.
- Symlinks of all block devices needed to boot the system pointing to virtual
subsystems.
The get_dev_module function uses "udevadm info -a" to get the corresponding
kernel modules of a /sys/class/*/* or /dev/* device. This function is called
in modules.d/90kernel-modules/module-setup.sh to detect if dracut must install
block device drivers in host-only mode. The symlinks in /sys/dev/block/
usually point to "real" devices in /sys/devices/pci*. But, we have come across
some NVMe systems where the kernel creates the symlinks in /sys/dev/block/
pointing to "virtual" devices instead. In this case, udevadm never finds any
"driver" attributes following up the chain of parent devices.
If the system provides more than one UUID, the _MD_UUID var
contains a line break after each UUID. Therefore the strstr
function could not find any UUID, caused by the additional
spaces provided to the function.
Furthermore this could lead to a boot interruption, because
the start of a degraded raid1 won't be executed. So, manual
interaction is necessary.
dracut-cpio already carries a bunch of unit tests covering compression
and GNU cpio extraction. The purpose of these tests is to exercise the
dracut.sh --enhanced-cpio code-paths as well as kernel cpio archive
extraction.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The new dracut-cpio binary is capable of performing copy-on-write
optimized initramfs archive creation, but due to the rust dependency
isn't built / installed by default.
This change adds a new "--enhanced-cpio" parameter for dracut which
sees dracut-cpio called for archive creation instead of GNU cpio.
Signed-off-by: David Disseldorp <ddiss@suse.de>
dracut-cpio is a minimal cpio archive creation utility written in Rust.
It provides support for a minimal set of features needed to create
performant and space-efficient initramfs archives:
- "newc" archive format only
- reproducible; inode numbers, uid/gid and mtime can be explicitly set
- data segment copy-on-write reflinks
+ using Rust io::copy()'s native copy_file_range() support[1]
+ optional archive data segment alignment for optimal reflink use[2]
- hardlink support
- comprehensive tests asserting GNU cpio binary output compatibility
1. Rust io::copy() copy_file_range()
https://github.com/rust-lang/rust/pull/75272
2. Data segment alignment
We're bending the newc spec a bit to inject zeros after the file path
to provide data segment alignment. These zeros are accounted for in
the namesize, but some applications may only expect a single
zero-terminator (and 4 byte alignment). GNU cpio and Linux initramfs
handle this fine as long as PATH_MAX isn't exceeded.
Signed-off-by: David Disseldorp <ddiss@suse.de>
Crosvm's rust argument library is very small and simple, while still
providing helpful functionality. It will be consumed by dracut-cpio in a
subsequent commit.
The unmodified, BSD licensed argument.rs source is lifted as-is from
https://chromium.googlesource.com/chromiumos/platform/crosvm
(release-R92-13982.B b6ae6517aeef9ae1e3a39c55b52f9ac6de8edb31).
The one-line crosvm.rs wrapper is needed to ensure that crosvm::argument
imports continue to work.
Signed-off-by: David Disseldorp <ddiss@suse.de>
On platforms where the kernel is built without suspend/resume support we
see "cat: /sys/power/resume: No such file or directory" message when
creating an initrd image. Check for the presence of /sys/power/resume
first before reading it.
Signed-off-by: Dan Horák <dan@danny.cz>
Systemd is an optional module for the dmsquash-live module. This scenario
is properly handled for other modules (for example livenet module) but not
for dmsquash-live module.
When a forced shutdown is issued through sending a burst of Ctrl-Alt-Del
keys, systemd sends SIGTERM to all processes. This ends up killing
dracut-initramfs-restore as well, preventing the script from detecting
that the unpack of the initramfs is incomplete, which later causes a
crash to happen when "shutdown" tries to execute from the unpacked
initramfs.
This fix makes sure dracut-initramfs-restore remains alive to detect
the unpack failed (because cpio was killed by systemd too).
Refs:
* https://bugzilla.redhat.com/show_bug.cgi?id=2023665
There appears to be an issue with newer QEMU versions (spotted with Arch
Linux and C9S containers) which causes the respective GH Action to hang
when booting a QEMU VM in combination with the `-cpu max` parameter.
During (a particularly painful) debugging session I once managed to get
some output from such "frozen" machine (using `earlycon` and
`earlyprintk` kernel cmdline options), and in that particular case the
VM died with a trap caused by an invalid opcode.
I couldn't reproduce this locally, only in GH Actions environment with
Arch Linux and C9S containers. Also, so far I haven't found out which
specific CPUID flag causes this, but using the `IvyBridge-v2` feature
set seems to mitigate the issue.
Like the dwc/chipidea controllers the isp1760 can act in either
host or gadget mode so it ends up in it's own directory. Add this
driver into the initrd as it's part of some arm platforms and
is needed to be able to boot off USB storage.
Fixes issue #1619
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The network-manager module also writes logs to the console, so that it's easier
to debug network-related boot issues. If systemd can't open the console, the
service fails and network doesn't get configured.
Add a check to disable tty output when the console is not present or not
usable.
https://github.com/coreos/fedora-coreos-tracker/issues/943
When systemd is compiled with ASAN library to troubleshoot memory issues
within systemd code, the libasan library expects to have /proc be
available as soon as systemd starts, which isn't the case currently,
causing an assertion to fail, systemd to crash and kernel to panic:
==1==AddressSanitizer CHECK failed: ../../../../libsanitizer/sanitizer_common/sanitizer_procmaps_common.cc:75 "((data_.proc_self_maps.len)) > ((0))" (0x0, 0x0)
<empty stack>
X.XXXXXXX Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[...]
We need to pull in Type-C USB drivers as they can provide a number of
differnet bits of functionality in early boot including input, display
(altmode DP) and storage so we need to have them available to ensure
functionality attached to those buses/interfaces are available in early
boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
This removes the 'ExecStop=' field from `multipathd.service`.
Sometimes CI runs do encounter a failure related to this
service in initrd, which seems to be stemming from a socket
I/O race between the client and the server on shutdown.
It looks like the client (`multipathd shutdown`) can lose the race,
hit an I/O error, and cause the whole unit to fail (even if the server
managed to shutdown properly already).
Notably, the upstream unit does not have such stop command
as the daemon can already perform a graceful exit through
its signal handler.
As such, this commit partially re-aligns the two units,
trying to sidestep any of the existing races.
Refs:
* https://github.com/coreos/fedora-coreos-tracker/issues/803
* https://github.com/opensvc/multipath-tools/blob/0.8.7/multipathd/multipathd.service
Fix how ifname for a given local_address is found.
Fix logic to detect presence of ifname and route.
Signed-off-by: Charles Rose <charles.rose@dell.com>
Currently $_dev is always overridden with the value returned by
label_uuid_to_dev(). This results in an empty value if $_dev is a
device path. Fix this by calling label_uuid_to_dev() conditionally.
Bug: https://bugs.gentoo.org/807971
Fixes: d3532978de
On hostonly mode, the platform driver is not copied blindless. There
should be a way to detect the real hardware driver, which probes a block
device.
/sys/dev/block/major:minor is a symbol link, which points to the real
device, recording the hardware stack. And those info can help to
identify the associated drivers for the hardware stack.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
---
v2 -> v3:
address shellcheck in dracut-functions.sh
v1 -> v2:
remove local variable _extra_mod
shorten subject
There are some workarounds in dracut.sh for FIPS/libpthread covering
some hidden lib dependency issues. These workarounds didn't take effect
for the squash loader since the squash loader is installed
independently. So apply these workarounds again.
Also skip the lib detection code, since these extra installed libs
are small, and squash loader contents are dropped after switch root,
won't be an issue to be always installed. And this makes the code
cleaner.
Signed-off-by: Kairui Song <kasong@redhat.com>
When NetworkManager is running as systemd service, it's not enough to write
connection files; the module should also tell NetworkManager to reload the
connections from disk so that any new connection can be auto-activated.
https://bugzilla.redhat.com/show_bug.cgi?id=1975929
Sice commit 22d6863ef1 ("fix(network-manager): cope with distributions not
using `libexec`") nm-initrd-generator can be installed in either /usr/libexec
or /usr/lib. Change other modules to check for the binary in both locations.
NetworkManager leaves state files behind in "/run/NetworkManager/devices".
These files are in keyfile format (glib's GKeyFile API [1]).
From the statefile, the dracut module writes a .dhcpopts file. And other users
want to parse that file, for example anaconda ([2]). To be fair,
anaconda seems to parse a different file, so I am a bit confused who
uses this file how. In any case, it seems somebody might be tempted to
execute this as a script.
We need to write the .dhcpopts file in a format that is defined and easy
to handle from a shell script. As already previously, this format is
a bash script that sets certain variables. That means, to load the file,
the user could execute it as bash script. But this is dangerous, as the
file contains potentially untrusted data from the network.
Optimally, users still don't trust the .dhcpopts file to be safe for
executing! It would be better if users too try to parse the file
instead of executing it. That is not trivial however because in face
of special characters, as we use bash's `printf '%q'` to escape the values
and parsing bash escaping is not trivial.
Anyway, make sure we properly quote and handle the content so that also
executing is safe. In the best case, there are no special characters
that require escaping, and naive parsing can be done with `sed`.
Otherwise, executing is now also supposed to be safe.
In this case we parse DHCP options from the state file. They are themselves
backslash escaped UTF-8 strings (C escape sequences), which then are stored
via keyfile API. The properly parse them, we would first need to load the file
with GKeyFile (which undoes one level of backslash escaping) and then
use g_str_compress() (to undo the second level). We mimic that with
shell.
[1] b3411d6780/dracut/fetch-kickstart-net.sh (L30)
[2] https://developer.gnome.org/glib/stable/glib-Key-value-file-parser.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
Add support for loading EVM x509 certs from a directory that the user can
specify with the EVMKEYSDIR variable in the evm config file. By default
the additional certs are loaded from /etc/keys/evm.
Support for multiple EVM keys allows the usage in a system of files with
signed metadata from multiple parties.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
We want word splitting to occur so that the arguments are passed
separately, and we don't end up passing an empty string if no arguments
are specified.
Bug: https://bugs.gentoo.org/803548
Fixes: 2fabaaa62d
This tailing '/' will result in following error:
dracut-install: ERROR: installing '/etc/ld.so.conf.d/'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.kEFQLs/initramfs -d /etc/ld.so.conf.d/
Signed-off-by: Kairui Song <kasong@redhat.com>
Since version 1.32, NetworkManager launches a tiny external helper to determine
the hostname via reverse DNS resolution through glibc's nss-dns. Include the
binary.
systemd-vconsole-setup.service may fail if the user specifies a missing keymap,
see [1,2,3], or font. This is unfortunate, but the system should not refuse
boot. It is better to continue, possible without the desired font or keymap.
All other systemd services that depend on systemd-vconsole-setup.service do so
without a hard Requires=.
(In particular, systemd-vconsole-setup internally will try to do as much setup
as possible, and will load the font even if it cannot load the keymap and vice
versa.)
[1] https://fedoraproject.org/wiki/Common_F34_bugs#kbd-legacy-media
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1955162
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1955793
When running kdump on PowerPC, the following bug is hit:
[ 0.391629] Freeing unused kernel memory: 5568K
[ 0.391634] This architecture does not have kernel memory protection.
/bin/sh: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
[ 0.392214] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
[ 0.392214]
[ 0.392223] CPU: 6 PID: 1 Comm: init Not tainted 4.18.0-319.el8.ppc64le #1
[ 0.392228] Call Trace:
[ 0.392234] [c00000000c703c10] [c000000008ecb94c] dump_stack+0xb0/0xf4 (unreliable)
[ 0.392243] [c00000000c703c50] [c000000008167324] panic+0x148/0x3c4
[ 0.392249] [c00000000c703cf0] [c000000008170474] do_exit+0xcd4/0xd40
[ 0.392255] [c00000000c703dc0] [c0000000081705b0] do_group_exit+0x60/0x110
[ 0.392261] [c00000000c703e00] [c000000008170684] sys_exit_group+0x24/0x30
[ 0.392268] [c00000000c703e20] [c00000000800b408] system_call+0x5c/0x70
This is due to the non-conventional library path:
ldd /bin/bash
linux-vdso64.so.1 (0x00007fffbdc90000)
libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fffbda80000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fffbda50000)
libc.so.6 => /lib64/glibc-hwcaps/power9/libc-2.28.so (0x00007fffbd830000)
^^^
/lib64/ld64.so.2 (0x00007fffbdcb0000)
ldd finds the path by libc.so.6 -> /usr/lib64/libc.so.6 ->
/usr/lib64/glibc-hwcaps/power9/libc-2.28.so and cache the result. So
when dracut_install, it only saw
'/usr/lib64/glibc-hwcaps/power9/libc-2.28.so' and blind to
'/usr/lib64/libc.so.6'
In the final kdumpimg, the symlink /usr/lib64/libc.so.6 is not created,
hence ld.so can not find the /usr/lib64/glibc-hwcaps/power9/libc-2.28.so
On the other hand, during the process of building kdumpimg, all of dynamic library info
have been cached in ld.so.cache. Hence this bug can be simplely resolved
by keeping ld cache under $initdir/etc.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
---
v3 -> v4:
use inst() instead of copy
v2 -> v3:
fix format by shfmt -s -w modules.d/99squash/module-setup.sh
v1 -> v2:
cp -r /etc/ld.so* instead of move, since after switch-root, initdir
can not be seen any longer
Fix potential memory leaks in two locations and use
_exit(EXIT_FAILURE) if asprintf(&abspath, ...) fails.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
On s390x KVM machines, the follow errors occurred,
$ kdumpctl rebuild
kdump: Rebuilding /boot/initramfs-4.18.0-321.el8.s390xkdump.img
/usr/lib/dracut/modules.d/95qeth_rules/module-setup.sh: line 13: /sys/devices/qeth/*/online: No such file or directory
/usr/lib/dracut/modules.d/95qeth_rules/module-setup.sh: line 13: /sys/devices/qeth/*/online: No such file or directory
because s390x KVM uses virtual devices and /sys/devices/qeth/*/online
doesn't exist. Eliminate this error by checking the existence
beforehand.
We get a nice warning about it being deprecated:
```
systemd-udev-settle.service is deprecated. Please fix nm-initrd.service not to pull it in.
```
The service is deprecated because its purpose was to wait for the
discovery of all hardware, but it didn't guarantee that (see the
systemd-udev-settle man page).
NM now runs as an independent service and can deal with devices showing
up at any point, but it does need udev to be started. For now just
Want/After systemd-udev-trigger.
If the gpg card is not inserted before the --card-status command is
executed then the public key is not linked with the card. Therefore,
the LUKS partition cannot be decrypted. To solve this, the
--card--status command is executed on each try.
[[ -d $symlink ]] will return true if the symlink points to a directory.
So the symlink will not be copied, instead a directory is created with
the symlink name and the content is copied.
Signed-off-by: Kairui Song <kasong@redhat.com>
While including a directory using '--include' option, the file and
subdirectory names that begin with '.' are not included. Also, dracut
throws a warning message when a subdirectory is empty or only has
files or subdirectories that begin with '.'.
For example, while trying to include /tmpdata directory with the
below tree:
# tree -a /tmpdata
/tmpdata
├── .anothertestdir
├── testdir
│ └── .testsubdir
└── .testfile
dracut throws the below warning message:
# dracut --include /tmpdata /root
cp: cannot stat '/tmpdata/testdir/*': No such file or directory
#
and this is how the included /tmpdata directory tree looks:
# tree -a root
root
└── testdir
No file or directory beginning with '.' is included & also, copying
/tmpdata/testdir reported "No such file or directory" warning. Using
'.' instead of '*' in the below command will fix the warning whether
the directory being copied is empty or only has files or directories
that begin with dot:
$DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/*
Also, enable 'dotglob' temporarily to include files and directories
beginning with a `.' in the results of pathname expansion of source
directory being included.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Previously when NM was run without dbus then teaming would come
up appropriately [1], but now that dbus exists we also need to
include some supporting infrastructure to allow for it to work
again.
[1] d689380cfc
Don't use absolute path, or it may resolve to wrong files after unpack
the initramfs to a sub path on a running system.
Signed-off-by: Kairui Song <kasong@redhat.com>
On s390x, the `BOOT_IMAGE` karg injected by the bootloader is not a path
to the kernel image, but rather an integer describing the index of the
menu entry selected. Because of the way the s390x bootloader works,
there is no information retained about e.g. the path of the kernel that
was loaded.
This causes issues for the FIPS code which assumes that `BOOT_IMAGE` is
a path to the kernel image to derive the HMAC path. In non-OSTree
systems, this ends up working anyway, because the kernel is located at
the root of the boot partition. In OSTree systems, this is not the
case. However, OSTree systems use BLS configs, and they are named in
reverse order of precedence (i.e. menu ordering). So from the
`BOOT_IMAGE` integer, we can figure out which BLS entry was selected.
Add some code to do just this on s390x. This isn't completely foolproof,
because it presumes that (1) BLS configs were used to populate the
bootloader (and that they were exactly in the same state they currently
are when `zipl` was run), and (2) there are no other menu entries
originating from outside the BLS configs. However, if these assumptions
are wrong we would simply fail the boot, which is currently what is
happening anyway.
See also:
https://github.com/openshift/os/pull/546https://github.com/ibm-s390-linux/s390-tools/issues/78
Tested-by: Muhammad Adeel <muhammad.adeel@ibm.com>
Also install umount binary, make it possible to cleanup squash overlay
mounts. This is useful for other tools reusing the dracut initramfs built
with squash module enabled.
Signed-off-by: Kairui Song <kasong@redhat.com>
Upcoming versions of EVM will not require the ALLOW_METADATA_WRITES anymore,
therefore we remove it from the script and require it to be set in the EVM
config file variable EVM_ACTIVATION_BITS for those versions that need it.
Patch 9 in this patch set deprecates the EVM_ALLOW_METADATA_WRITES flag:
https://lore.kernel.org/linux-integrity/20210514152753.982958-1-roberto.sassu@huawei.com/
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
It is possible that user setup some early mount in the rootfs even
earlier, so just be more robust and cover that case too.
Signed-off-by: Kairui Song <kasong@redhat.com>
```
dracut-dev-lib.sh: line 92: str_replace: command not found
dracut-dev-lib.sh: line 98: /var/tmp/dracut.sabKZg/initramfs/initqueue/finished/devexists-.sh: No such file or directory
dracut-dev-lib.sh: line 83: /var/tmp/dracut.sabKZg/initramfs/emergency/80-.sh: No such file or directory
```
Add OpenSuse and Arch Linux to limited tests.
Only run the full tests against the latest stable Fedora version
to reduce the workload.
Also remove the `hung_task_panic=1` on the kernel command line, as qemu
tends to be really slow in non-kvm mode.
Fixes: 8e84fa726 ("fix(url-lib): shellcheck for modules.d/45url-lib")
Behaviour introduced by that commit made the following to be run:
curl "--globoff --location --retry 3 --fail --show-error" http://192.168.1.173:8000/test.ks
instead of:
curl --globoff --location --retry 3 --fail --show-error http://192.168.1.173:8000/test.ks
This broke downloading kickstart file in anaconda-dracut.
Gummiboot was merged into systemd and official became systemd-boot in 2015 ( 6 years ago )
and no longer was being maintained as Gummiboot from that point.
It's safe to say distribution should have migrated to sd-boot by now so let's deprecate
it.
The ldd output can contain the variable $LIB, which is a documented feature of
ldd. In a previous commit [0], dracut-install received support for this
variable, but that was later reverted [1] due to issues [2][3] on Gentoo ARM64.
The part before '=>' does not necessarily refer to an existing file (e.g. due
to the usage of $LIB) and thus [1] could be seen as a regression to anyone
that uses this ldd feature. This PR combines both cases together and whenever
it find a '$' character (i.e. a variable) on the left side of the '=>' symbol,
it uses the right hand path (and thus uses evaluation done by ldd), otherwise
falls back to the behavior set by [1].
Reproducer that was presented to me:
$ grep "ibz.so" /etc/ld.so.preload || cat << EOF >> /etc/ld.so.preload
/\$LIB/libz.so.1.2.11
EOF
$ mkdir -p /var/tmp/dracut.xitk6p/initramfs
$ strace /usr/lib/dracut/dracut-install -D /var/tmp/dracut.xitk6p/initramfs -l /bin/bash 2>&1|grep ibz
$ rm -rf /var/tmp/dracut.xitk6p/
[0] 45404a2
[1] 6d886bb
[2] #471
[3] https://bugs.gentoo.org/667752
Setting `DEBUG_MEM_LEVEL` in the build phase prevents
`setmemdebug()` to call `getargnum`, which would use `dracut-getarg`
in the initrd runtime phase.
No more:
```
modules.d/99base/dracut-lib.sh: line 217: dracut-getarg: command not found
```
On systems with a large number of devices, usually multipath devices,
dracut can spend a lot of time stat'ing the devices to collect the
major/minor numbers, leading to huge slowness rebuilding the initramfs
when stat'ing devices is slow (seen with oracleasm file systems in
particular).
This commit implements a basic cache stored in a file under
DRACUT_TMPDIR storing the major:minor corresponding to the specified
device.
Reproducer: create N loopback devices used as a LVM extension to volume
group hosting the root file system
# LVMVG="rhel"
# NDEVICES=200
# mkdir devices; for i in $(seq 1 $NDEVICES); do
truncate -s 10m devices/$i; losetup loop$i devices/$i
done
# vgextend $LVMVG $(/bin/ls -1 /dev/loop[0-9]*)
With standard code (tested with RHEL8.3 dracut):
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug 2>&1
# grep -c "stat -L -c" /tmp/debug
2440
With this code:
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug_optim 2>&1
# grep -c "stat -L -c" /tmp/debug_optim
205
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Modern Linux kernels support zstd-compressed modules, which was added
by commit 73f3d1b48f50 ("lib: Add zstd modules").
Commit c3d7ef377eb ("kbuild: add support for zstd compressed modules")
added support of compressing modules with zstd to kernel Makefiles.
libkmod >= 28 built with libzstd is also required.
Just install all `=crypto` drivers in the generic initramfs, because who
are we to decide which combinations are allowed in current and future
`cryptsetup`. We only could install blacklist filter in the future, if
there are modules, which are definetely not used and are huge in size.
- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
dracut-install triggers "ERROR: installing '/usr/lib/wicked/bin/*'"
when find_binary is being used to determine if wicked is installed
so let's just check for the wicked type service unit instead.
All device-mapper based devices, including device-mapper-multipath,
do reuse the udev db from the initramfs after switching to the root fs.
Therefore device-mapper devices have to be correctly initialized before
the udev daemon is stopped, to have the correct entries in the udev db.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1949076
Currently when dracut search for btrfs device used for initramfs, it
assumes the mount points passed in with "--mount" are all mounted with
given mount path. If user want the device to be mounted to a different
location in initramfs, this will not be true.
eg. with "--mount '/dev/mapper/vol /sysroot btrfs rw,relatime,subvolid=256,subvol=/root'"
and having '/dev/mapper/vol' currently mounted on '/', will raise an
error:
ERROR: cannot access '/sysroot': No such file or directory
So search for actual mount point of given device.
Signed-off-by: Kairui Song <kasong@redhat.com>
Introducing the systemd-network-management meta module which will
allow distribution users and vendors to easily include
systemd + systemd's network management modules by simply include this
module instead of systemd network modules individually.
Obviously if the intent is to glue together somekind of network stack
out of random existing modules such as NetworkManager and or Wicked,
this meta module should not be enabled.
The system currently throws numerous nasty warning messages during
the boot, about ignored null bytes in input.
This patch adds a filter to the dd command, to filter these null
bytes out, and thus to prevent these warning messages.
Signed-off-by: Lev Veyde <lveyde@redhat.com>
- Removing dependency on the systemd meta module since it causes circular dependency,
prevents the existance of multiple systemd based meta modules and is redunant.
- Removing directory creation for modules-load since it should not be
necessary and if it turns out that it is, it will be re-introduced in the
form of a systemd tmpfile instead of inst_dir.
- Add a missing inclusion of configuration files placed in /usr/lib/modules-load.d
and /etc/modules-load.d ( hostonly ) directories.
- Fix a spelling error in the systemd type unit file conf directory overwrite
in the hostonly section.
Create the `/run/NetworkManager/initrd` directory before creating
`/run/NetworkManager/initrd/neednet`. Somehow on Fedora 32 this
directory is missing, when the script is running.
This fixes all NetworkManager tests for Fedora 32.
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
The watchdog module pulls in the device specific watchdog if that
module is enabled, but in the case where we need a generic initrd
we don't get all watchdog drivers which means if we have a watchdog
enabled for that usecase it may get kicked too late in the boot
process so we need the drivers in the initrd for the generic case too.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
* Correct the systemd generated sysroot.mount unit with the options
received by the DHCP request and do a `daemon-reload`.
* Inject the `nbd-client -check /dev/nbd0` in the finished initqueue.
* Reactivate the NBD tests and prepare them for NetworkManager tests.
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
`qemu_add_drive_args` can be used to generate arguments to specify disks
for a qemu machine (`-M q35`).
This is mostly useful to address those raw disks via `/dev/disk/by-id`,
because due to parallel probing in the kernel `/dev/sd*` can point to
anything.
Don't hard exit in `check()`. The transaction logic only checks if it
should/can include the module. Just return `255` and the `dbus` meta
module will pick its dependency.
- Included a bluetooth module that installs modules, firmware, udev rules and bluetoothd.
- systemd and dbus are required by bluetoothd
- Include bluetooth by default if BT keyboard or combo found
While creating the striped md raid0 sometimes this error occures:
```
mdadm: Defaulting to version 1.2 metadata
mdadm: RUN_ARRAY failed: Unknown error 524
Failed to clear hint file.
Device /dev/md0 not found.
Powering off.
```
Add debug output with the size of the disks.
Also create disks with multiple of 4096.
This commit changes how NM is started inside the initrd. Instead of running NM
in the special --configure-and-quit=initrd mode, which sets up network and
quits, start it as a daemon.
This has multiple advantages. First, we no longer need to run NM in a special
mode that requires additional code and maintenance. NetworkManager works
exactly as in the real root.
One problem of the current configure-and-quit approach is that once NM has
quit, dynamic addresses can expire if the initrd setup takes longer than the
DHCP lease interval or than the IPv6 address lifetime. Running NM as a service
solves this problem.
Now NM runs with D-Bus support and therefore its API can be used by other
modules. This open the possibility, for example, to integrate nm-cloud-setup to
automatically configure networking based on cloud metadata.
Use the NetworkManager-wait-online.service, ordered before
dracut-initqueue.service, to delay the initqueue until NM has terminated its
configuration.
We don't want to start NetworkManager if networking is not needed.
Right now nm-config.sh lays down /usr/lib/dracut/hooks/initqueue/finished/nm.sh
which will cause the initqueue to run. If nothing exists in
/usr/lib/dracut/hooks/initqueue/finished/ then it will short circuit and
the initqueue won't run anything. But what if something else needed
something to run in the initqueue? nm-run.sh would still get started,
even though /usr/lib/dracut/hooks/initqueue/finished/nm.sh didn't exist.
In this case let's just trigger off of /run/NetworkManager/initrd/neednet
like we are doing in the systemd unit (nm-run.service).
Don't run the new systemd unit (nm-run.service) if rd.neednet=1
isn't set. nm-initrd-generator will generate configuration even
without rd.neednet=1 so determining if we should start based on
just if connection profiles exist isn't enough. We need some other
indicator. In this case we lay down a /run/NetworkManager/initrd/neednet
if rd.neednet=1, which is used by nm-run.service to determine the
need to run.
If teaming is set up via NetworkManager we don't want systemd to take
down the userspace teamd process when NetworkManager quits. `KillMode=process`
will allow it to leave those processes behind.
This is fallout from the change to run NetworkManager via systemd (c17c5b7).
With `KillMode=process` we get something like:
```
sh-5.1# journalctl -u nm-run -o cat | tail
<info> [1618411262.7030] quitting now that startup is complete
<info> [1618411262.7030] device (team0): carrier: link connected
<info> [1618411262.7033] device (team0): team port ens2 was released
<info> [1618411262.7033] device (team0): team port ens3 was released
<info> [1618411262.7033] manager: NetworkManager state is now CONNECTED_SITE
<info> [1618411262.7034] exiting (success)
nm-run.service: Deactivated successfully.
nm-run.service: Unit process 476 (teamd) remains running after unit stopped.
Finished nm-run.service.
```
There are a bunch of `logger: unknown facility name: --user` errors
during a run. This is because logger is getting passed something like:
```
logger -p --user.info
```
Where it should be something like:
```
logger -p user.info
```
On system that doesn't have either consolefonts, consoletrans, keymaps,
or unimaps, "kbddir" is empty, thus the followed installation will
broken with errors like:
cp: cannot stat '/consolefonts/*': No such file or directory
Let's report the checks as failure if "kbddir" is empty.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
When omitting a module from the command line via -o or --omit
it's expected that it behaves in the same manner as adding a module from the
command line as in it does not overwrite existing omissions of other modules in
configuration file(s).
This unquated regex could be splitted into two arguments and sed will
not work. I've see giving error of wrong arguments being used on my
desktop.
Signed-off-by: Kairui Song <kasong@redhat.com>
Patch 2fabaaa62d changed the behaviour for `dash`
under the assumption, that dash does not take parameters for `.` aka
`source`. Although this is true, the original positional parameters of
the `source_all` function are still in place, so everything is
fine with the old way of sourcing.
`$_hostonly_drvs` contained multiple arguments and was quoted.
This patch converts `_hostonly_drvs` into an associative array, which
enables easy deduplication and proper quoting in bash.
Fixes: https://github.com/dracutdevs/dracut/issues/1276
A shellcheck regression quoted `HARD` in
```shell
kill "$HARD" "$pid" > /dev/null 2>&1
```
which would error on an empty "HARD".
Instead of fixing this, use `pkill` instead and also add it to the
non-optional list of binaries to install, which was revised also.
Fixes: https://github.com/dracutdevs/dracut/issues/1275
`$_allow` should not have been quoted, because it can be multiple options.
Instead of unquoting it, convert it to an associative array with easy
deduplication and prefix every device with the `--allow` option.
Fixes: https://github.com/dracutdevs/dracut/issues/1274
`_provider_dirs` should not have been quoted, because it should expand
to multiple arguments.
Just remove the whole variable and add those arguments.
Fixes: https://github.com/dracutdevs/dracut/issues/1273
dbus-broker.service has a 'dbus.service' alias which is installed when the
service gets enabled.
If the alias is not present in the initrd image, services requiring D-Bus in
the initrd fail to start because they depend on dbus.service, which doesn't
exist.
Therefore, enable the service to create the alias.
It was not working anyway, so nobody used it for years.
If it is not used, just remove it.
mkinitrd-suse.sh will be maintained by SUSE as it is SUSE specific
anyway.
This adds support for virtio-mem devices, which provide a dynamic
amount of memory in a VM. Right now, the driver gets loaded and any
memory gets added to the system when loading the kernel module from disk.
While not strictly required to boot, we want to be able to
1) add virito-mem provided memory to the system early while booting up
2) add virtio-mem provided memory even when booting without a disk
3) add virtio-mem devices without adding actual memory in kdump
environments such that we can query things like:
a) is a certain PFN currently plugged in the hypervisor and, therefore,
should actually be read when creating a system dump. (kexec-tools
prepares the vmcore header, like on x86-64)
b) which ranges of a virtio-mem device are currently plugged in the
hypervisor and, therefore, should be added to the dump. (vmcore header
gets prepared by the crashkernel, like on s390x)
Note that loading virtio-mem in kdump environments currently fails with
-EBUSY -- but there are plans to install proper hooks instead to support
especially a) in the near future.
1) and 2) are only really effective when memory hotplug is configured to
automatically online all added system RAM in the kernel (and not late,
via udev rules): e.g., via "mhp_default_state=online" on the kernel
cmdline or via CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE in the kernel.
Especially 2) and 3) require the module to be present inside the initial
ramdisk. The primary use case for including it in the initial ramdisk
is 3).
Signed-off-by: David Hildenbrand <david@redhat.com>
With this config change,copr builds will happen on pull requests
for all fedora development branches and the next major RHEL release
( fedora-eln ) and on commits, copr builds will happen on all fedora
release and the next major RHEL release.
The kernel has an odd way to handle `"` surrounded parameters.
To handle the parameters as the kernel would do, no simple shell script
suffices, so a new utility `dracut-util` is introduced. Written in "C"
it handles `dracut-getarg` and `dracut-getargs` as the old shell script
functions `_dogetarg` and `_dogetargs` would.
Try to make mksquashfs follow --compress option if squash module is
included, if not specified or invalid, fall back to use mksquashfs's
default compressor.
No function change, decide which compressor to use right before
compressing the initramfs.
This may delay the print of this message:
"dracut: no compression tool available. Initramfs image is going to be big."
but should be OK, this message is not an error.
Simplify the squash mount layout. Instead of overlay on each top
directory (/etc, /usr), just mount and switch_root into the squash
image, with a overlay on top of it.
Also install the binaries and setup scripts separately, so the squash
setup code and the squash image content is independent of each other,
all squash setup script and binaries can be deleted safely upon
switch_root.
With this change, previous squash clean up service and other tricky
implementations are all gone.
This commit depends on systemd commits from:
https://github.com/systemd/systemd/pull/18124
Previouly systemd doesn't recognize non-ramfs initramfs, now this is
doable with SYSTEMD_IN_INITRD=lenient
Signed-off-by: Kairui Song <kasong@redhat.com>
The squasn mount points are recorded in text file so later clean up
script can umount them, this is not needed, the mount points are fixed
so just detect the umount by hardcoded pattern.
Separately install the modules required for squash image setup.
These modules can be deleted after squash image setup to save
memory.
Signed-off-by: Kairui Song <kasong@redhat.com>
When a GZIP environment variable is set, this leads to various breakage:
In case 'pigz' is installed and GZIP is defined as a path, e.g.
/usr/local/bin/gzip, then dracut will fail with the following message:
"
pigz: abort: cannot provide files in GZIP environment variable
"
In case 'pigz' isn't installed and regular 'gzip' is used and GZIP is
defined as a path, e.g. /usr/local/bin/gzip, then the path will be
zipped and dracut will fail for no obvious reason. Trying again, dracut
will then fail with following message:
"
gzip: /usr/local/bin/gzip.gz already exists; not overwritten
"
In any case, GZIP environment should be unset to avoid breakage or
unwanted behaviour. This variable is anyway obsolescent, from gzip(1)
manpage.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Before:
```
Benchmark #1: ./skipcpio/skipcpio test-5.10.15-200.fc33.x86_64.img >/dev/null
Time (mean ± σ): 125.5 ms ± 0.9 ms [User: 97.4 ms, System: 27.9 ms]
Range (min … max): 124.8 ms … 129.4 ms 23 runs
```
After:
```
Benchmark #1: ./skipcpio/skipcpio test-5.10.15-200.fc33.x86_64.img >/dev/null
Time (mean ± σ): 12.2 ms ± 0.3 ms [User: 2.7 ms, System: 9.5 ms]
Range (min … max): 11.7 ms … 13.6 ms 212 runs
```
Besides the speedup, skipcpio now parses the cpio header and is not
falsely ending when the early cpio payload contains `TRAILER!!!`.
Fixes: https://github.com/dracutdevs/dracut/issues/1123
Adding initial packit [1] support for fedora maintenance which
should automate the release process from upstream release to fedora.
1. https://packit.dev
There is no `fstab_lines_l` variable used before.
The `--include` option was turned into `++include` and therefore the
switch option is not reachable anymore.
If SIGWHATEVER will be processed after fsfreeze -f, but before fsfreeze
-u we will end up with /boot/ never unfrozen, let's try to minimize risk of this.
on my system (ThinkPad X201s) I have several modalias entries that are
empty:
/sys/bus/platform/devices/dock.0/modalias
/sys/bus/platform/devices/dock.1/modalias
/sys/bus/platform/devices/dock.2/modalias
executing the drm module setup thus results in the following errors
dracut-install: No SOURCE argument given
when calling dracut_instmods and hostonly mode is enabled.
Skip those entries, as there are no modules to load in this case
anyways.
Note: it is not sufficient to use [['s -s test (file size is greater
than zero), as all those files are 4096B if you stat them.
In the current state, services that depend on network need to
use dracut hooks, since nothing with pull in the network
targets into the transaction.
In the future, it would be nice to provide developers on systemd-only
systems the possibility to not use dracut hooks at all, but simply put
normal systemd services into the initrd.
Also, some modules even right now depend on systemd ordering, like
cryptsetup, so let's make sure, that the ordering inside systemd work
properly as well.
Instead of running directly NM with --debug, create a drop-in in
nm-config.sh. This will make sure, that we can get the debug output
regardless the way how NM will be started.
The current name of this bool is kinda stupid. Based on the manpage
setting it to 0 turns off fcoe, which means that nofcoe=1 should mean
that it is on.
Let's just do the same thing as with rd.lvm=0, rd.luks=0,....
A test of the form
if ! command; then
_ret=$?
...
return _ret
fi
does not capture the return code of `command`, but the negation of the
return code, leaving _ret == 0. The test of this form in inst_multiple
has been refactored to capture and return the right value.
Invalid space broke the creation of the keyboard subdirectories,
leading to a symbolic link
usr/share/consolefonts,consoletrans,keymaps,unimaps ->
/usr/lib/kbd/consolefonts,consoletrans,keymaps,unimaps
in the created initramfs.
With this fix the correct symlinks are created again:
usr/share/consolefonts -> /usr/lib/kbd/consolefonts
usr/share/consoletrans -> /usr/lib/kbd/consoletrans
usr/share/keymaps -> /usr/lib/kbd/keymaps
usr/share/unimaps -> /usr/lib/kbd/unimaps
Because some of the CI tests fail randomly while grepping for the
test success marker, let's be specific of the file format grep will
search to eleminate all failure sources.
Creating the /docs directory which will contain all project related
documentation and will also host the projects github based website
in the future.
Adding RELEASE.md which is a document that outlines the release process.
```
mke2fs 1.45.6 (20-Mar-2020)
Filesystem too small for a journal
Discarding device blocks: done
Creating filesystem with 1024 1k blocks and 128 inodes
Allocating group tables: 0/1 done
Writing inode tables: 0/1 done
Writing superblocks and filesystem accounting information: 0/1 done
cp: error writing '/sysroot/usr/bin/bash': No space left on device
cp: error writing '/sysroot/usr/bin/grep': No space left on device
cp: error writing '/sysroot/usr/bin/ping': No space left on device
[…]
```
This rephrases a comment in the check() as requested on another PR
and generalizes the install() section comments on par with other recent
module changes.
Introducing systemd-ask-password module which is used to query a
system password or passphrase from the user.
This module can be used standalone ( systemd-ask-password )
( which is without plymouth & wall support )
With plymouth module ( systemd-ask-password + plymouth )
With wall module ( systemd-ask-password + wall ), which is currently
commented out since there is no forceable usecase for it or even exiting
wall module.
This is a standalone systemd module which means it depends on no other module than systemd.
systemd-run runs nbd-client in parallel. This introduces a possible
race condition when /dev/nbd0 is not directly used by /sysroot mount
but used by another dracut module as in:
netroot=nbd:ip:port:fstype root=live:/dev/nbd0
Before nbd0 usages are synchronized, it is better to keep it serial.
This reverts commit 9fd0461b7d.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Introducing systemd-sysctl module which is an early boot
service that configures sysctl.
The systemd-sysctl module has dependency's on systemd and
systemd-modules-load module.
Previously with `no_kernel` the `for` loop errored on the modules
wildcard. By checking, if the file exists, this is mitigated.
"mv" asked interactively, if aliased in the user session, so a "--force"
was added.
Introducing systemd-modules-load which is an early boot service
that loads kernel modules from a static list, which is required for
kernel modules that do for example not support automatic module loading
( like key type parsers ).
When terminating a system, the shutdown module attempts to unmount all
file systems from under /oldroot. This reaps remaining file systems that
systemd cannot unmount and detaches /oldroot itself.
In case that running umount for some file system repeatedly fails, the
module reports this error and continues the processing in order to
shutdown the system. This handles a condition when the umount command
actually terminates but it can happen in some cases that it waits
indefinitely.
An example with NFS mounts:
# mount -t nfs 192.168.0.1:/srv/nfs/dir /mnt/nfs
# mkdir /mnt/nfs/dir2
# mount -t nfs 192.168.0.1:/srv/nfs/dir2 /mnt/nfs/dir2
# touch /mnt/nfs/dir2/file
# systemd-run -pKillMode=none -pSendSIGKILL=no tail -f /mnt/nfs/dir2/file
Running as unit: run-r367825c967ca4d88a793ae4793c02f8b.service
# systemctl poweroff
The invoked tail command escapes normal termination by systemd and
prevents stopping mnt-nfs.mount and mnt-nfs-dir2.mount as it makes the
mounts busy. Systemd then again attempts to unmount these file systems
in systemd-shutdown but this fails as well. The utility tries to unmount
/mnt/nfs/dir2 but the kernel waits indefinitely doing a path lookup for
/mnt/nfs because network is no longer available at that point. The
systemd-shutdown gives up after 90 seconds. Finally, the control is
transferred to dracut which tries to unmount the file systems in the
same way and ends up indefinitely waiting on umount to finish.
This situation causes that the system hangs during shutdown. The patch
improves the shutdown module to add a timeout of 90 seconds for the
umount operation and continue with the shutdown if it gets reached,
similarly to what systemd-shutdown does.
Reset controllers might be needed by some of the devices used in the
initrd. Particularly on the Raspberry Pi 4, 'xhci-pci' depends on a
platform specific reset controller.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
This command prints
RTNETLINK answers: Network is unreachable
to stderr if IP is not assigned yet, but that's the thing we are
checking for, so there's no point in showing the message.
If plymouth is used then its own installation script is preferred.
While plymouth's own variant of inst_binary resolves the library
dependencies properly, its inst_library shell function doesn't
actually install them in some cases properly.
Make sure to install both the required binaries and their
dependencies. In the worst case, it's a NOP.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
With dracutsysrootdir set and foreign binaries in sysroot,
running NetworkManager --version is not possible and it may be
different than the one installed on the host.
NM_VERSION can be used to override it.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
Allow overriding the systemctl command for sysroot with $SYSTEMCTL
Modified every modules' module-setup.sh to use the envvar instead
of the hardcoded command name.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
This used to cause some echo write/invalid argument errors. Simplest fix is to use readlink with -f for absolute path and -n to remove trailing newline.
See previous discussion here:
https://github.com/void-linux/void-packages/issues/13024
Commit de3cb0e321 moved libpthread workaround after the code that runs
ldconfig. As a result, if installed in a non-default path, libgcc_s.so.1
could not be found by dynamic linker.
External Memory Controller (EMC) drivers can be built as a module.
On Tegra, this allows tegra_drm to load faster and without deferred
probes, instead of waiting for the rootfs for the tegra*_emc dependencies.
Tested on jetson-tk1 and ac100.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
This modules introduces systemd-repart which can be used
to generate partition(s), via a simple systemd-repart
drop-in(s), which can be useful in wide varity of usecase.
feat(systemd-repart): adding module to spec file
feat(systemd-repart): removing unessary requirement on type unit
fix: spelling error
Introdusing dbus-daemon which is based on but superseeds
the previous 06dbus implementation with various enhancements and fixes.
fix: adding new modules to rpm spec file
fix: missed an echo
This finally allows running the test suite completely in a rootless container:
```
❯ podman run \
--user 0 \
-v /dev:/dev \
-v ./:/dracut \
-it \
quay.io/haraldh/dracut-fedora:33 \
bash -c 'cd /dracut; make DRACUT_NO_XATTR=1 check'
```
commit 5840c466d tried to make it create the right directory according
to the directory layout on current host, but added "$initdir" prefix
to the if statement by accident, so the installation code have no
effect now. Just fix it.
The kernel does not allow the cmdline to be overridden if one is defined
in the uefi image. This means that bootloaders like systemd-boot or
grub cannot manage boot options (editing at boot for debug being a use
case). This patchset allows for no cmdline to be set (instead of force
setting one if none is provided).
Fixes: https://github.com/dracutdevs/dracut/issues/1012
Signed-off-by: Matthew Thode <mthode@mthode.org>
We can drastically improve boot times on some machines, or BM or VM
shapes, if we send DHCP requests in parallel on all interfaces
Add ip=single-dhcp as a kernel boot parameter, to send DHCP requests in
parallel on all interfaces. Thus, DHCP on each interface is overlapped
thereby reducing boot times for multiple interface machines.
This can help reduce the boot time by 1 minute per interface.
In addition, we may also save another 40 secs delay per interface, if
the link on which we try to send DHCP is in DOWN state. This can be
reduced by giving the following kernel command line parameter while
booting - rd.net.timeout.carrier=<timeout>.
Added manpage for ip=single-dhcp with the caveat that it does not
apply to Network Manager or SUSE wicked.
Signed-off-by: Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
During raid assembly mdadm will call mdadm-grow-continue.service if
reshape is in progress.
If service doesn't exist then it is done via fork and systemd will kill
it unconditionally after processing all events.
Add proper service to allow systemd to manage reshape correctly.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
A recent change in Linux kernel v5.10 split the MDIO drivers from the PHY
subdirectory into a new MDIO subdirectory [0]. This caused MDIO drivers
to not be included in the initramfs.
Also include the modules of this new subdirectory to prevent this issue.
[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9770eac511
Suggested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Otherwise e.g. the xts(aes) implementation provided by the vmx_crypto
module (which does usually get included on ppc64le) fails to initialize
when xts is built as a module (CONFIG_CRYPTO_XTS=m), because it can't
instantiate the fallback generic xts(aes) implementation (needs the
generic xts module).
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
On EL8.3 the NetworkManager keep restarting even if it exits successfully while waiting for Clevis to unlock. This patch ensures NetworkManager runs only once in initrd.
It is only installed on RHEL 8+, but as noted in the first commit
that tried to do this - 0bb9a683 - we already have branches for
all RHEL releases, so there's no point keeping such a conditional
on the master branch. After 0bb9a683, 51-dracut-rescue-postinst.sh
was re-added because Fedora 30 needed it, with a FIXME saying to
remove it after F30 was released. But instead of that happening, it
got changed to a conditional to install it on Fedora <= 30 or RHEL
<= 8 in 9e68789d and the FIXME was removed, then in 9eb1d1ed that
conditional was simplified to only refer to RHEL, so we wound up
with this situation.
Note the last two commits were never ported to the RHEL-8 branch,
so it's broken, I will send a separate PR for that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The underlying issues this was trying to solve is to get a cheap
workaround for the fact that (open)SUSE with atomic support moved
/etc stock files to /usr/etc in order to improve compatibility. But
now that even nsswitch.conf moved, this is no longer enough. And it
might be more trouble to support once it's in an official release.
So let's rather drop it now.
This reverts commit e0524af2bf.
From shellcheck:
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2039]: In POSIX sh, == in place of = is undefined.
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2193]: The arguments to this comparison can never be equal.
When in hostonly mode, 95fcoe module will still be installed even there
is no FCoE hostonly device. So use the new block_is_fcoe helper to check
for hostonly device in hostonly mode, avoid installing unneccessary module.
Signed-off-by: Kairui Song <kasong@redhat.com>
If fcoe module is loaded, the initramfs will always try load libfcoe
and bnx2fc, so also ensure they are installed if needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
When LDFLAGS contains ``-Wl,--as-needed``, the FTS library will be
ignored if it is specified before the .c source.
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
Fixes: 62f27ee6f1 ("configure: find cflags and libs for fts on musl")
dracut builds today are fairly verbose to start, but on top of
that many of the messages tend to liberally use the
exclamation point `!` which calls attention to them.
I see these a lot when looking at rpm-ostree build logs
and it'd be nicer if we were quiet when there wasn't
an actual problem.
In this specific case, if the builder is explicitly adding
`--omit=foo`, there's no reason for us to say:
`dracut: dracut module 'foo' will not be installed, because it's in the list to be omitted!`
We already print the command line to start, so the information
is there.
Demote this message to debug.
Sometimes, systems have more elaborate backends in nsswitch.conf,
the complexity of which we do not want in the initrd. SUSE systems
with atomic for instance, where those files may also reside in /usr/etc.
With this change, the unavaiable nsswitch.conf backends will be silently
ignored, and we still end up with all the information we need.
Reference: boo#1165366
dracutinstall picks up interpreters and includes bash despite
the users' wishes or expectations, as modules should not require
bashisms at runtime.
Fixes#951
This should've been part of #964. As mentioned there, the
`initrd-cryptsetup.target` approach was reverted in the end, and we went
back to relying in `remote-cryptsetup.target`:
https://github.com/systemd/systemd/pull/17467
So we do need to ship the enablement symlink for it.
For strict hostonly mode, only install currently loaded modules instead
of a bunch of driver that may not be needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Use udevadm to detect the required kernel modules to load a given
device. udevadm will follow the device chain, help detect all required
parent device drivers as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
check_block_and_slaves_all $func $dev should return 0, if $func return 0
for any checked device. Currently if any device don't have any sub
device, 1 is returned instead.
So remove the sub device checking statement. Also remove the same
statement in check_block_and_slaves, the "[[ -f $_x/dev ]]" in the for
loop is enought to ensure sub device exists.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Signed-off-by: Kairui Song <kasong@redhat.com>
It's like check_kernel_config, help to check if a kernel module is
enabled (cover built-in or compiled module case).
Signed-off-by: Kairui Song <kasong@redhat.com>
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
So we have a dependency cycle:
initqueue -> devexists hook -> root device ->
systemd-cryptsetup@.service -> remote-fs-pre.target -> initqueue
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
In the case of the s805x the drivers/hwmon directory contains the
scpi_hwmon kernel module.
On a running system, lsmod would output the following dependencies:
arm_scpi 24576 2 clk_scpi,scpi_hwmon
It means that if the clock driver is bundled in the initramfs it will
bring arm_scpi. But if scpi_hwmon is missing the scpi will be incomplete
and it can lead to crashes.
When the hwmon is bundled, no crash occurs
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some filesystem (e.g. ZFS, and btrfs subvolumes) don't use block
devices. Should they be mounted as `/`, `find_root_block_device`
yields nothing, hence dracut will append this problematic argument
to kernel cmdline:
root=/dev/block
On a machine that employ root ZFS on LUKS, which was setup with
an OpenPGP-encrypted key file, this argument renders that machine
unbootable. Remove that `root=/dev/block` manually could boot the
machine.
Let check if that device is a block device before write down `root`
argument. This is consistent with the check for block device in
`find_block_device`.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
D-Bus doesn't run in the initrd, so our usual trick of activating
custom systemd services from udev doesn't work.
So add a rule to create initqueue entries for each possible
connection.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Always add the nvmf.discover parameters to /etc/nvme/discovery
when parsing the dracut commandline, and rely on NVMe autodiscovery
when no parameters are given.
And modify the syntax to use a comma ',' as a separator for nvmf.discover
as the semicolon ':' is already used for the FC-NVMe transport address format.
Signed-off-by: Hannes Reinecke <hare@suse.de>
This was introduced with 6dafdda4a6, but
is actually caused by the fact that modules that have already been
installed cause dracut_install() to return without adding the module
to the hashmap. This can happen if an earlier-run dracut module chose
to install the same module. Now modprobe statements like:
softdep usb_storage post: uas
softdep uas pre: usb_storage
(which look weird, but are perfectly valid), cause
dracut_install() to enter an infinite recursion if and only if
at least one of the files has previously been installed by another
module.
Fix this by also adding already installed modules to the hashmap.
If there are any nonexistent libraries listed in /etc/ld.so.preload, ldd
prints error messages like:
ERROR: ld.so: object '/usr/lib64/libfoo.so.1' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
This causes resolve_deps() to return error, which leads to symlinks
(like usr/bin/awk) not being copied into the initrd.
Some modules are involved in the display output without to rely on
drm_crtc_init.
This is the case for the meson_dw_hdmi. This module need to be included
into the initramfs in both hostonly and generic modes.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
On arm, many drm drivers are located in the plaform bus.
Adding the platform bus will allow drm drivers to be included in the
initramfs when using hostonly mode.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If i contains a space, there is a need to protect the variable usage in some cases.
This will occurs when a next patch will enable platform bus with such case:
'/sys/bus/platform/devices/Fixed MDIO bus.0'
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some SoCs now have drivers that user devfreq in early init and fail
if the drivers are missing so make sure we have them in the initrd.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Introduce prefix `keysource:` for the values of `rd.luks.partuuid`,
`rd.luks.serial` and `rd.luks.uuid`.
If specified, ask for passphrase instead of waiting for keydevs to come
online.
In some cases, user only want to include the watchdog module, not the
wdctl or any other userspace helper. For example, systemd have a
RebootWatchdogSec option that use watchdog to prevent reboot hangs. And
it can help prevent machines hangs when reboot directly within the
initramfs stage. So split the module installation to a standlone module.
Also when watchdog-module get included, install driver for all loaded
watchdog instaed of only install driver for active watchdog. Both
watchdog and watchdog-module return 255 in check(), so it's enabled only
when manually included, the watchdog may get configured/activated later.
Signed-off-by: Kairui Song <kasong@redhat.com>
- use [ ] instead of calling test manually, as most of the script is
doing.
- use quotes in hostonly_cmdline blocks, specially when dealing with the
conf files, whose names are set by users/system administrators
- uefi_splash_image was being assigned set to `${dracutsysroot}...`, which
is a variable that doesn't exist.
- we don't want the conditional to run the output of fsfreeze as
commands. Instead, we just need to know if any of the fsfreeze commands
failed.
systemd lets stdout go to journal only. Usually, this is desired
behavior to ensure that plymouth does not get disrupted.
However in the 01fips case, the system has to halt when the integrity
check fails to satisfy FIPS requirements. So the user will not be able
to inspect the journal.
As this is special to the fips module, we introduce a fips_info() which
works like info(), but deviates the output to stderr when running with
systemd.
Reference: bsc#1164076
Users might see
"modprobe: FATAL: Module xyz not found in directory"
The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.
It now reads "Module xyz not found in directory"
Reference: bsc#1169997
osmin.img is no longer used by anaconda or generated by
livemedia-creator. livecd-creator will soon drop it as well.
Removing this code will allow OverlayFS boots to proceed when
osmin.img is present in the .iso image.
The kernel command line was being written both into
/etc/cmdline.d/01-default.conf and the UEFI executable.
During boot, getcmdline would concatenate these two
resulting in all arguments being duplicated. Some
args, such as ip=, are sensitive to the number of
times they are specified.
/usr/sbin/dracut-install is a symlink:
$ file /usr/sbin/dracut-install
/usr/sbin/dracut-install: symbolic link to ../lib/dracut/dracut-install
It resulted to "dracut-install not found" error:
+++ for p in $DRACUT_PATH
+++ [[ -L /sbin/dracut-install ]]
+++ [[ -x /sbin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /bin/dracut-install ]]
+++ [[ -x /bin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /usr/sbin/dracut-install ]]
+++ printf '%s\n' dracut-install
+++ return 0
++ DRACUT_INSTALL=dracut-install
++ [[ -n dracut-install ]]
++ [[ -n dracut-install ]]
++ DRINSTALLPARTS=0
++ for i in $DRACUT_INSTALL
++ DRINSTALLPARTS=1
++ [[ 1 = 1 ]]
++ [[ -x dracut-install ]]
++ dfatal 'dracut-install not found!'
++ set +x
dracut: dracut-install not found!
[ -x <not a path to file> ] is not correct and will always be false.
But actually it is available. Let's just allow it to be not an absolute path.
Maybe some other places can be improved to avoid DRACUT_INSTALL being not an absolute path.
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
suppress redundant calls to network setup
combine code for "no ip option directed at our interface" and
"No ip lines default to dhcp"
correct evaluation of return code for creating did-setup files
fix application of "load_ipv6" call to ipv6 setup only
Reference: bsc#1173402
The new dracutsysrootdir could be used to replace the shell function
required_in_root, so drop it and also simplify the code.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when initqueue timeout, it span the console with
"dracut-initqueue timeout - starting timeout scripts", which isn't very
helpful as we still don't know what actually happened. Try to improve
this by print what is actually being waited.
Besides, only print "starting timeout scripts" when there are
actual timeout scripts to use.
Signed-off-by: Kairui Song <kasong@redhat.com>
if the kernel argument rootflags is set, then dracut will
not parse the rootfs fstab and rootfsck wil not be set.
if the filesystem can be fsck'ed then its unmounted,
and an entry to the local fstab is written, omitting the last
field.
mounting /sysroot using fstab will then fail.
This change makes sure that the filed is always written.
Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Currently systemd will always start the tracking service, it will
exit early if rd.memdebug<=3 so there is no issue here, but it
leave a message of: "Started Memstrack Anylazing Service.".
Better to avoid such message if it's not used.
Signed-off-by: Kairui Song <kasong@redhat.com>
The iSCSI configuration is started after dracut checks for resume,
so we run into a timeout here. Additionally it's questionable if
resume on iSCSI makes sense (or is even supported on the platform).
Same holds true for Network Block Devices and FcOE, cover those as well
References: bsc#999663
Original-patch-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
This helper function takes a remote IP address, and tries to
determine the dracut command line arguments ip= and ifname= that
will make this remote address reachable during boot.
Functionality was taken from the module-setup.sh scripts of 95iscsi and 95nfs,
cleaned up and fixed some issues in particular with statically configured
networks, where the old code would print the unsupported string
"$ifname:static".
Add support to boot from an NVMe over TCP device.
Example of supported command line formats:
nvme.discover=tcp:192.168.1.3::4420
nvme.discover=tcp:192.168.1.3 # will use 4420 as default svcid
- Create is_nvmf() function to handle all fabrics types
- Fix parse_nvmf_discover() to correctly use the default values
- Auxiliary function to validate an IP connection
- Fix inverted result for getargbool when reading "rd.nonvmf" command line parameter
Requires rd.neednet=1
Requires adding/replacing STARTMODE in /etc/sysconfig/network/ifcfg-ethX to "nfsroot"
to avoid shutdown hanging in initiator
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
This fixes two issues:
1) on non-x86 systems in non-hostonly config this would cause
an annoying warning on every initramfs generation
2) on non-x86 systems in hostonly config this would result in
early microcode not getting disabled
ipv6 addresses need square brackets, otherwise the iscsi discovery and log-in,
which adds the iscsi port after another colon will get confused and fail.
On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
libssl is missing, FIPS self test will fail. However libssl is not a
dependency of libcryto so dracut will not install it, unless some other
binary or library pulls it in. Systemd requires libssl, so in most cases
it just worked, but could fail in some corner cases where systemd is not
used.
Signed-off-by: Kairui Song <kasong@redhat.com>
After changing the kernel command line, the cmsifup script calls ifup
to activate the interface. However, ifup is only available in the
network-legacy module; when using the network-manager module, we
should regenerate connections according to the command line; then
later NM will be run and will activate the device.
Most rpc services are not needed for NFSv4, so skip these components
to save space. rpc.idmapd is still needed in case of
nfs4_disable_idmapping is set to 0.
Since commit ff70adf873ef ("initrd: save hostname to a file in /run"),
the initrd generator of NetworkManager parses the hostname from 'ip='
options of the kernel command line and writes it to
/run/NetworkManager/initrd/hostname.
When that file exists, set the kernel hostname.
In presence of multiple hostnames in the command line, the last one
wins. Hostnames from command line always have precedence over ones
received through DHCP. This is a bit different from the legacy network
module that gives higher precedence to the hostname (from DHCP or
command line) of the last interface that is brought up, which depends
on the udev order.
In commit 49c4172 all shell based memory tracing functions are removed,
there are some left over. Remove them as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
With memstrack module, rd.break may not work because the hook scripts
are sourced, not executed, so the exit call will make pre-pivot queue
exit early. See 98dracut-systemd/dracut-pre-pivot.sh, everything after
"source_hook cleanup" will be ignored.
Replace with return instead.
Credits go to Lukas Nykryn <lnykryn@redhat.com> who helped discover and
debug this issue.
Signed-off-by: Kairui Song <kasong@redhat.com>
For the GRUB and zipl bootloaders the BLS fragment that is shipped by the
kernel package is used, so the same fragment is used for the rescue entry.
But there are cases where this BLS fragment is not suitable. For example,
if the boot directory is on a btrfs subvolume the path in the linux and
initrd fiels need to be adjusted with the real path. Otherwise GRUB won't
be able to read them.
The GRUB and zipl kernel-install plugins already take care of this before
installing the BLS fragments, so just copy the installed fragment that has
the updated paths instead of using the BLS shipped by the kernel package.
Resolves: rhbz#1827882
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The first line in crypttab with a "force" option causes all subsequent
lines to be included as if they also had it set because the variable
used to track it is not reset between loop iterations. So fix that by
just setting it to empty before the check for the force option.
If a crypto kernel module changes from compiled in to module, the
encrypted disk might fail to open, because the kernel module was
not included in the initramfs.
This patch tries heuristically to catch such modules.
Fixes https://github.com/dracutdevs/dracut/issues/706
This feature could be off loaded to memstrack, which have better
accurecy, better performance, and have more detailed tracing features.
Also simplify make_trace_mem a bit.
And currently rd.memdebug=4 is unstable, fails from time to time.
Install libnss_dns.so and libnss_mdns4_minimal.so plugins for the Name
Service Switch (NSS) functionality of glibc so that name resolution
through /etc/resolv.conf and mDNS works in the initrd.
Fixes: #772
/etc/vconsole.conf must be installed always, even in generic initrds, not only host-only ones.
systemd-vconsole-setup is run at initrd stage and expects either /etc/vconsole.conf or kernel cmdline options to exist.
I have also proposed a change in systemd-vconsole-setup that makes it behave better if /etc/vconsole.conf does not exist:
https://github.com/systemd/systemd/pull/15479
But it is just a fallback. If /etc/vconsole.conf does not exist in initrd and if that patch is applied on systemd,
then the default consoel font is set despite the one being set in /etc/vconsole.conf and this setting is inherited
when new TTYs are opened. This leads to full ignorance of settings in /etc/vconsole.conf.
It is incorrect, and that is why this file must be copied to initrds always, but not only on host-only initrds.
Fixes: https://github.com/dracutdevs/dracut/issues/796
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
According to POSIX.1-2017, 2.6.2 Parameter Expansion:
${parameter%[word]} [...] The word shall be expanded to produce a
pattern.
This means if word contains variables that itself contain special
characters like asterisks or backslashes, these are treated as pattern
characters unless the variable is quoted. Try e.g. the following example
in bash, dash or (busybox) ash:
i='a\c'; j='\'; echo "${i%$j*}"
This prints "a\c" because "$j*" is expanded to "\*", escaping the
asterisk. In contrast,
i='a\c'; j='\'; echo "${i%"$j"*}"
produces the expected result "a" because the backslash is not specially
treated any more after quoting.
The quotes that this commit adds have been previously removed in commit
f9c96cf56f, citing issues with busybox
hush without further specifying the actual error. I tested a recent
busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b)
and couldn't find any problems. Note that the above example always
produces "a\c" in hush regardless of quoting $j, making hush unsuitable
for use with dracut, but using quotes in parameter expansions generally
works.
The unquoted variables break the "rd.luks.uuid/name" kernel command line
options in dracut 050 because
str_replace "$luksname" '\' '\\'
in modules.d/90crypt/parse-crypt.sh is not able to escape the
backslashes any more, see GH-723, GH-727: backslashes in the
systemd-cryptsetup@.service unit name stay unescaped for use in udev
(cf. commit 0f6d93eb9d), leading to
failures in starting the unit.
This partially reverts commit f9c96cf56f.
qeth device may have a different IP for each boot, so the rd.ifname=
option will no longer work. So for znet device, introduce a
rd.znet_ifname= options, to subchannel id instead of MAC address as the
identifier and rename the interface.
Signed-off-by: Kairui Song <kasong@redhat.com>
Add support for 'rd.multipath=default' for using the default
configuration on boot. The intended purpose for this is to help support
ostree-based image boots from multipathed devices (such as Fedora and
Red Hat CoreOS).
`dasd.conf` needn't be present on system even if modules have been loaded.
Check if file exists to avoid error message during kernel update
```bash
dracut-install: ERROR: installing '/etc/dasd.conf'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.YvVRx5/initramfs -H /etc/dasd.conf
```
The fix in aed52a6cfb43ebea372328fd5837c1f341c3f0df does not
work (second line will be ignored on override), so expand the implicitly
defined rule and add them there.
Emit a warning about possible misconfigured configuration files, where
the spaces around values are missing for +=""
Better report a possible source of problems. We can fix annoying false
positives later.
In either case:
- encrypted device is decrypted, udev will trigger device changes again,
- multiple encrypted device,
cryptroot-ask will run multiple time, then report:
> mkdir: cannot create directory '/run/cryptsetup': File exists
Pass `-p` into mkdir to ignore that warning.
Ability to use `$TMPDIR` was introduced in bc1e69b but
causes the `--tmpdir` option on the command line to be
ignored. Switch to only using `$TMPDIR` if `--tmpdir`
wasn't specified.
In this case we want to cover three cases
1) ip_address:ip_address
2) number:macaddress
3) :macaddress
We consider something an IPv6 address if it starts with number and
contains ":", but IPv6 addresses are in hexa.
The network-manager command line hook must install a
initqueue/finished hook to ensure that nm-run.sh is executed when
there are network connections to activate.
Fixes: #694
Use environment variable TMPDIR (typically /run/user/$UID) as default
temporary directory, if available. This should be more private
location than /var/tmp. Path specified with --tmpdir is takes
precedence over TMPDIR and /var/tmp is still used as last resort if
neither TMPDIR is set nor --tmpdir is used.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
dracut.sh already doesn't call fsfreeze if the output file is on
the root file system. For btrfs, however, this is not sufficient.
Because fsfreeze is a superblock operation, and all btrfs subvolumes
share the same superblock, fsfreeze may freeze the entire system
if the subvolume on which the output file is written and / are
subvolumes of the same file system. Avoid this by comparing file
system UUIDs for btrfs.
Fixes: de576db3c2 ("call fsfreeze(8) on /boot to flush initramfs data & metadata to media")
Detection of persistent memory devices works mostly out of the box
already. Only the "provider" modules for ndbus devices, which are responsible
to extract information of available NVDIMM devices and their configuration
from system firmware, are only indirectly linked into the module stack.
Examples for such modules are nfit.ko, nd_e820.ko, and virtio-pmem.ko.
Add a module that resolves these dependencies.
With GNU Make 4.3 on both ArchLinux, and VoidLinux,
GITVERION is always empty because of bad substitution.
Change '\#' to simply '#' can fix it,
but we don't need that complation.
We can merge DRACUT_MAIN_VERSION and GITVERSION into DRACUT_FULL_VERSION.
Because, GITVERSION will be attached back to DRACUT_MAIN_VERSION in all
situation.
While we're at it, detect if we're in git worktree by:
limiting GIT_CEILING_DIRECTORIES to parent directory of
dracut's top level directory; instead of checking for .git directory,
in order to support git-worktree, in such case, .git will be a file, see
gitrepository-layout(5)
DRM drivers are filtered for drm_crtc_init symbol,
but not all drivers use it. Especially, cirrus driver
doesn't use it since Linux 5.2.
The practical result is text plymouth theme instead of graphical when in qemu.
Fix it by looking also for drm_dev_register symbol.
Suggested by @haraldh
Fixes#712
Currently there is no usb support on RPi4 in the
initrd phase as the pcie-brcmstb module is missing.
If part of the boot is handled from a USB stick
(e.g. with Ignition), the stick cannot be accessed.
Reference: boo#1162669
systemd provides its own cryptsetup facilities, and the
cryptsetup binary might not even exist, failing
to execute the discard flag processing.
Fixes#602
Debian mkinitramfs does not create the file 'early_cpio', so detection
of additional cpio images fails and only the first cpio is listed.
I checked some Arch and Gentoo initramfs files and these didn't have
'early_cpio' either, but they also have only one cpio part.
Fix this so that if check for 'early_cpio' fails, check if firmware
files ('/kernel/*/microcode/*.bin') exist.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
If the temporary directory for images is mounted with 'noexec', dracut
would construct unbootable images because most dynamic libraries
aren't installed. Avoid this by not resolving library dependencies
lazily if the temporary directory is mounted with 'noexec'.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
GitHub workflows fetch a clone of the dracut repository which doesn't
contain git tags, thus "breaking" the RPM build in certain situations
i.e.:
DRACUT_MAIN_VERSION in Makefile is defined as an output of `git describe`,
which in full git clone returns a tag with a numeric version. However,
without tags it returns SHA of the last commit, which later propagates into
`Provides:` attribute of the built RPM and can break dependency tree when
installed
`make rpm` usually chose `/tmp` as the `$rpmbuild` dir, which breaks the
dracut build, since it needs to execute `./configure`, but `/tmp` is
mounted with `-o noexec`, leading to:
```
/var/tmp/rpm-tmp.SwEhJO: line 46: ./configure: Permission denied
error: Bad exit status from /var/tmp/rpm-tmp.SwEhJO (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.SwEhJO (%build)
```
Switching to `/var/tmp` helps in this case.
The original behavior of $env{INTERFACE} was undocumented and changed in
the recent udev versions, breaking the ability to bring up networking
reliably. Switching to $name directive should fix this issue.
Related links:
- systemd/systemd#12700 (udev PR)
- systemd/systemd#12291 (related udev issue)
- systemd/systemd#14935 (this issue, udev side)
- #732 (this issue, dracut side)
Fixes: #732
Previously, we were doing `setup_net` from `ifup` for any setup that
wasn't DHCP, since those are already taken care of by `dhclient-script`.
The issue is that the case-statement we use to detect this doesn't catch
options like `ip=dhcp,dhcp6`.
Fix this by reworking the logic here to just check if a
`setup_net_$netif.sh` hook exists. If so, then we know that `setup_net`
will be called for this interface later.
This was causing issues in RHCOS which now ships with `ip=dhcp,dhcp6` to
support IPv6 environments[1]. The code here would make us do `setup_net`
pre-emptively which IIUC would then cause the initqueue to finish
earlier even if we had more udev netif events to process.
[1] https://github.com/coreos/coreos-assembler/pull/1067
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1803926
Checks if `uefi_splash_image` exists in `dracutsysroot` if not unset
`uefi_splash_image`. Alternate Value parameter expansion adds section-vma
for splash image to EFI stub loader when the path to image is valid and
not an empty file.
I did not test on other distributions, but on Arch Linux the `systemd`
package includes a splash image at the path
`/usr/share/systemd/bootctl/splash-arch.bmp`. Perhaps, if this is a
common practice, a default image could be gathered from that directory.
It is required that the image be in bitmap (`.bmp`) format according to
`splash.c`.
The code for `stub.c` and `splash.c` can be found at:
https://github.com/systemd/systemd/blob/master/src/boot/efi/stub.chttps://github.com/systemd/systemd/blob/master/src/boot/efi/splash.c
This reverts commit c603419030.
wait_for_ipv6_dad_link is only called from dhclient script,
so the original intent "wait for IPv6 RA if using none/static IPv6 assignment"
does not seem to be correct.
Anyway, this brings an issue on isolated networks, where you don't
have any routes outside. dhclient-script hangs on this check
and after it times out, dhclient is able to set the address normally.
Due to the way dracut-install handles modules from custom kmoddirs, add
a test that ensures the kmoddir argument seems sane.
In addition to erroring out, provide some guidance on how to proceed, as
well as a method of skipping the test via environment variable.
dracut, when passing --kmoddir, would only install modules that exist at
the same location as it will appear in the initramfs.
For most (possibly all) outputs, the output path would be /lib/modules,
so previously all kernel modules must be copied there or the module
installation silently fails.
Now use the original path variable, and install to the shortened path
variable (as calculated by kerneldirlen).
Note: This means that the argument to --kmoddir (and the modules filetree)
should be a directory that ends in 'lib/modules/$kernelversion'.
Some distributions (Arch, Gentoo) ship prepacked microcode images. These
are cpio images that follow the structure specified in the Linux kernel
documentation (x86/microcode.rst, "Early load microcode"), the same
structure dracut uses for its early microcode images.
In case of Arch Linux, the microcode for Intel CPUs is currently only
available in this packed form, /usr/lib/firmware/intel-ucode does not
exist. This commit adds a way to make use of these images on such
systems by unpacking them to the early cpio directory. (Note that the
packed image cannot be used directly since dracut might need to add ACPI
tables to the early initramfs.)
This approach has the drawback that it is not possible to control the
selection of CPUs to be included in the microcode file in host-only
mode, so we only try it as a last ressort if no unpacked microcode could
be found in fw_dir.
The list of possible file names for the packed microcode image is taken
from GRUB (cf. GRUB_EARLY_INITRD_LINUX_STOCK), but can be adapted by
setting "early_microcode_image_name" (and "early_microcode_image_dir")
in a dracut configuration file.
Otherwise we won't retry dhclient again on that interface. In
FCOS/RHCOS, we want to bake in `ip=dhcp,dhcp6` so we automatically try
getting a DHCPv6 lease if DHCPv4 failed.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1793591
If hostonly mode is in use, and there isn't any block device included
as hostonly device, then the initramfs won't need any block driver.
Eg. for kdump built image, there could be only one nfs mount point,
or the initramfs may only execute some network operation then reboot.
In such case, skip block driver installation to save space and time.
Signed-off-by: Kairui Song <kasong@redhat.com>
This is a simple trick to honor RFC 3442:
If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Previous all files are installed with inst_dir, which will not install
the files under /etc/iscsi/, and it create folders with the same of the
files which is wrong.
Now only use inst_dir to install the config dir and ensure it
exists, and use inst_multiple to install the config files.
Signed-off-by: Kairui Song <kasong@redhat.com>
NetworkManager would unnecessarily bring up the devices, colliding with
further attempts to rename the devices.
This is arguably a NetworkManager bug and should eventually be fixed there.
Running NetworkManager without the connection is unnecessary regardless.
Instead of carrying the kernel and hmac in the install.img (which takes
up more space) use the vmlinuz installed under /images/pxeboot/ and the
.hmac in the install.img /boot.
This check is triggered by the presence of /run/install/repo/images/pxeboot/vmlinuz
Related: rhbz#1782737
since we handle the retries explicitly via rd.net.dhcp.retry
Without -1 if user sets ip=dhcp6 and there is no dhcp on the network,
dhclient seems to wait indefinitely, ignoring rd.net.timeout.dhcp
The actual syntax of nsswitch.conf is slightly different from the
current regular expression:
- A comment can appear anywhere, not just at the beginning of a
line.
- Action items take the general form [STATUS=ACTION] or
[!STATUS=ACTION] (with some optional whitespace).
- A service name cannot include a colon. This is a nitpick,
because there should never be more than a single colon per
line.
Signed-off-by: Petr Tesarik <ptesarik@suse.com>
Setting up the machinery to boot with the aid of real networked boot loader
(such as iPXE) would involve much hassle, including possibly serving the kernel
and initrd via TFTP, etc.
Let us generate the iBFT table ourselves, with a Perl script. Include the
pregenerated table as well so that the test run won't depend on Perl. In the
end it's just reproducibly built static data, totally independent of the host
system.
New systemd defaults to generating MAC addresses for software devices (whereas
previously they would inherit them from the first enslaved slave).
Sadly, among the things this breaks is our test fixture, where the dhcp servers
are configured to expect a particular MAC address. Disable this for the
affected tests, which are essentially the ones that use bridges and bonds.
The network interfaces appear asynchronously and sometimes just too late,
after we're already halfway throught server-init.sh:
+ ip link set dev eth0 name ens3
Cannot find device "eth0"
+ ip addr add 192.168.50.1/24 dev ens3
Cannot find device "ens3"
+ dhcpd -cf /etc/dhcpd.conf -lf /var/lib/dhcpd/dhcpd.leases ens3 ens5
...
[ 8.040825] e1000 0000:00:03.0 eth0: (PCI:33MHz:32-bit) 52:54:01:12:34:56
[ 8.047105] e1000 0000:00:03.0 eth0: Intel(R) PRO/1000 Network Connection
...
No subnet declaration for ens3 (no IPv4 addresses).
** Ignoring requests on ens3. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface ens3 is attached. **
Whoopsie. Let's ensure all the interfaces are there before we proceed
fiddling around with them.
dmraid requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
multipath requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
commit 5e0f8c8a4c ('network-manager: remove useless use of basename')
somewhat carelessly didn't take into account that $_i has a slash at
the end which made the result of the ## substitution be just an empty
string.
The slash was put to the end of /sys/class/net/*/ to make sure we're only
iterating directories, but it's not strictly necessary. In an unlikely case
something else than a directory appears in /sys/class/net/, we'll already deal
with it gracefully. Remove it.
This fixes the TEST-30-ISCSI test.
E.g. in RHCOS, the `BOOT_IMAGE` from the cmdline is:
(hd0,gpt1)/ostree/rhcos-e493371e5ee8407889029ec979955a2b86fd7e3cae5a0591b9db1cd248d966e8/vmlinuz-4.18.0-146.el8.x86_64
Which of course is a GRUB thing, not an actual pathname we'll be able to
resolve. In fact, we can simply scrap it off from the variable. Our code
is already able to handle both cases: whether the device refers to a
separate boot partition, or just the root filesystem with a regular
`/boot` directory.
It's already the case the `BOOT_IMAGE_PATH` today, in the non-empty
case, includes a trailing `/`, but let's add it to the path we build
here too to make it more obvious.
That way, the HMAC file can contain a relative path instead of an
absolute one. The issue is that right now the kernel RPM bakes the
`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
rpm-ostree systems (and any other system where the kernel isn't simply
in the top-level `/boot`.
For now, we're hacking around this in rpm-ostree:
https://github.com/coreos/rpm-ostree/pull/1934
Though I'd like to propose the same change in the kernel spec file.
There is a small regression in #343: when handling the 'separate boot
partition' case, we're checking for the kernel image in the wrong
location: `BOOT_IMAGE` is the `/boot`-relative path to the kernel image,
so `/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}` expands to e.g.
`/boot/mysubdir1/mysubdir2/mysubdir1/mysubdir2/vmlinuz...`.
We should be using `BOOT_IMAGE_NAME` here instead (and in fact, the next
if-statement does this correctly, so it might've just been accidentally
left out of #343).
For the shell scripts, new environment variables were introduced.
dracutsysrootdir is the root directory, file existence checks use it.
DRACUT_LDCONFIG can override ldconfig with a different one that works
on the sysroot with foreign binaries.
DRACUT_LDD can override ldd with a different one that works
with foreign binaries.
DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot
may use symlinks that are valid only when running on the target
so a real file must be provided that exist in the sysroot.
DRACUT_INSTALL now supports debugging dracut-install in itself
when run by dracut but without debugging the dracut scripts.
E.g. DRACUT_INSTALL="valgrind dracut-install or
DRACUT_INSTALL="dracut-install --debug".
DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA,
DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ,
DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4,
DRACUT_COMPRESS_CAT: All of the compression utilities may be
overridden, to support the native binaries in non-standard places.
DRACUT_ARCH overrides "uname -m".
SYSTEMD_VERSION overrides "systemd --version".
The dracut-install utility was overhauled to support sysroot via
a new option -r and fixes for clang-analyze. It supports
cross-compiler-ldd from
https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f
DRACUT_INSTALL_PATH was introduced so dracut-install can work with
a different PATH. In a cross-compiled environment (e.g. Yocto), PATH
points to natively built binaries that are not in the host's /bin,
/usr/bin, etc. dracut-install still needs plain /bin and /usr/bin
that are relative to the cross-compiled sysroot.
The hashmap pool allocate_tile/deallocate_tile code was removed
because clang-analyze showed errors in it. hashmap_copy was removed
because it wasn't used and clang-analyze showed errors in it.
DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were
introduced so dracut-install can use different settings from
DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
It looks like only the 'fips=1' is really supported and it is working
correctly. So instead of failing on 'fips' not clear way give user
information why we are failing.
Intel has notified us that some microcode updates are not safe
to be applied during runtime. To accomodate for that, microcode
files shipped by SUSE and openSUSE have an '.early' postfix such
that triggering
/sys/devices/system/cpu/microcode/reload
from a booted system cannot pick up the ucode by accident, while
still allowing the code to be picked up during initrd time.
This change is needed to make this scheme work also in a hostonly
situation.
Currently, this affects only 06-4f-01, which is now 06-4f-01.early.
If a distro does not change the filename, the behavior does not
change.
Reference: osc#1098915
The new qedi driver needs to be handled just like
the bnx2i driver, so update 95iscsi scripts to do this.
References: bsc#1113712
Signed-off-by: Lee Duncan <lduncan@suse.com>
Unmounting the image iso, detaching its loop device, and unmounting
its parent partition can simplify installation to the parent disk.
Note that programs or scripts using the /run/initramfs/live mount
point will fail.
Fixes these error messages during intird build:
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
cat: '/sys/devices/platform/host3/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
The goal of this module is to enable automatic loading of the
thermal/fan control modules on PowerPC based Macs, as on some
modular kernel configurations this will not happen automatically
which will result in the fans spinning up to 100% until they are
manually loaded.
This is especially a problem in live systems where it takes some
time to boot up and the spin-up happens before the system even
leaves initramfs.
Commmit 8a33e52e2f94 assumes that dracut's work is done if a root device
is found. This holds usually for booting computers, but it may be wrong
for other environments.
Only short-cut the waiting if $netroot is also set.
Fixes: 8a33e52e2f94 ("network: stop waiting for interfaces if root device is present")
References: bsc#1152006
On SLE15-SP1 at least, iscsiadm doesn't support combining --op and --login":
> # iscsiadm -m node -T iqn.2018-06.de.suse.zeus:01 --op=update --name=node.startup --value=onboot --login
> iscsiadm: Invalid parameters. Login/logout and op passed in
This breaks iSCSI login in initrd, and thus, iSCSI boot.
Fix it by not coalescing everything into a single iscsiadm command.
Fixes: a59b776bc215 ("Dracut: only login to one target at a time")
References: bsc#1152650
According to the dracut README, module code to be run in
the initrd must be POSIX-compliant. Replace remaining
bashisms (as reported by checkbashisms) with POSIX compliant
code.
The use of "type" is not strictly POSIX compliant, but it's
all over the place in dracut code. dash supports it, anyway.
In multipath scenarios, "iscsiadm -m node" may contain
several records with the same target.
There's no point in trying "iscsiadm --login" multiple
time for the same target, through the same portal.
Moreover, warn if the desired target is not on the node
list.
dracut waits for every iscsiroot connection to be established
before switching root. This is not necessary in multipath scenarios,
where a single path is usually sufficient to set up the root device,
and where users expect booting to succeed unless all paths are down.
Don't wait for the iscsi portal to start if the root device has
already been found.
For handling the configuration where there are two
paths to an iscsi root target, each using a different
NIC. In such a case, the initramfs was trying to configure
the first NIC, then call iscsiroot to login to both targets,
which would fail for the 2nd target, since the path to the
2nd target was not yet configured. This would eventually
work after a timeout. But it's better to login to just
one target at a time.
This change makes the initramfs handle multiple paths to an
iscsi target better by logging into only one target at a time,
rather than trying to login to all targets when only one of
several NICs is up.
This can be further optimized by using the initrd parameter
"rd.iscsi.testroute", which would skip iscsiadm login attempts
for targets to which no route exists.
If the script is called again via the timeout initqueue,
we try "iscsiadm -L onboot" again, hoping that some targets
may now have become reachable.
Harald Hoyer <harald@redhat.com>: Squashed commit of the following:
commit 4b5e5da6061983964a85d1671bd1c97c48ee76f1
Author: jbash aka John Bashinski <jbash@velvet.com>
Date: Thu Aug 1 13:21:35 2019 -0400
Documentation: add systemd warning for rd.luks.key, clean up related text
Currently it starts the cleaner early and do the clean up job if switch
root is called. It's better to just start the service only on switch
root to avoid any risk of service dependency failure and make is
simpler.
Signed-off-by: Kairui Song <kasong@redhat.com>
Before we check if dad is done we should first make sure,
that there is a link local address where we do the check.
Due to this issue, on ipv6 only setups sometimes dhclient started
asking for ip address, before the link local address was present
and failed immediately.
I'd like to rework CoreOS Ignition (which runs in the initramfs)
to include some values from the *real* `/etc/os-release` in
HTTP headers.
Looking at this, it turns out dracut eats almost all of the useful
information from it. I don't think `dracut` should be the `ID`
here...dracut's not an OS itself, it's a way to *build* little
operating systems. It'd be kind of like if Fedora's Koji
injected itself into `/etc/os-release`.
This code dates back a long time; not sure of all the rationale
behind it.
I changed it so that we keep extending the VERSION/PRETTY_NAME
with the dracut version, but otherwise "pass through" the
rest of the real `/etc/os-release` we were built from unchanged.
This change still supports Python 2.6 and 2.7 but loses support
for Python 2.5.
The reason for this change was that Fedora 30 does not ship
python-imgcreate but ships python3-imgcreate.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
The `README.md` was nearly empty. Move the travis bits into
`README`, then rename `README` to `README.md`.
This matches the Github standard. A major compelling feature
of Github is how prominently it displays a project's `README.md`,
so let's ensure ours has content.
Starting with the 0.7.7 release of the multipath tools, the multipath
udev rules always set a value in ENV{DM_MULTIPATH_DEVICE_PATH} for any
device that multipath scans. A value of 0 means that the device is not
claimed by multipath, and a value of 1 means that it is. Because of
this, udev rules that check ENV{DM_MULTIPATH_DEVICE_PATH}=="?*" will
always return True, and act as if every scanned device is claimed by
multipath. Checking ENV{DM_MULTIPATH_DEVICE_PATH}=="1" will work
correctly for both the old and new versions of the multipath tools.
For LUKS2 partitions cryptsetup needs a locking directory. If it does
not exist, cryptsetup will create it, but produce a warning
WARNING: Locking directory /run/cryptsetup is missing!
in the process that we do not want to see in the dracut output.
Since Bash 4.4, command substitutions containing null bytes produce a
warning of the form
/usr/sbin/dracut: line 1958: warning: command substitution: ignored null byte in input
Remove the trailing null byte from the UEFI kernel command line file
before printing it to suppress this warning.
The RPM build failed on due to missing and unpackaged files on my Fedora
machine that happened to have %fedora set to %nil for reasons long
forgotten.
This is probably not a likely scenario, but some of the conditions in the
SPEC file are still wrong and perhaps worth fixing.
Default value of EVMKEYDESC (in evm-enable.sh) is "evm-key" and it's
also specified previously in this README file.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
When booting with Fedora-Server-dvd-x86_64-30-20190411.n.0.iso,
/proc/cmdline is empty (libvirt, qemu host with bios, not sure if that
matters), after installation to disk, anaconda would "crash" in kernel-core
%posttrans, after calling kernel-install, because dracut would fail
with
> Could not determine the kernel command line parameters.
> Please specify the kernel command line in /etc/kernel/cmdline!
I guess it's legitimate, even if unusual, to have no cmdline parameters.
Two changes are done in this patch:
1. do not fail if the cmdline is empty.
2. if /usr/lib/kernel/cmdline or /etc/kernel/cmdline are present, but
empty, ignore /proc/cmdline. If there's explicit configuration to
have empty cmdline, don't ignore it.
Kill the no longer used function, so that anyone won't be confused and
try to modify this function in future.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1146769
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The compressed firmware support was supposed to be already
implemented, but it didn't work as expected in the end, because dracut
moved to use dracut-install binary. This patch adds the support of
XZ-compressed firmware installation to dracut-install for fixing the
missing piece.
At best the firmware files should be uncompressed in initrd, but this
patch simply copies the compressed file as-is, as a quick workaround.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1146769
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When a SHA-1 hash of a specific commit is used as a tag, the regex
shenanigans later in the script can (and will) corrupt it in certain
cases.
e.g.:
$ perl -e '
$tag="6e8cd92261577230daa1098f7e05ec198c3c4281";
$tag=~s/[^0-9]+?([0-9]+)/$1/;
print("$tag\n");
'
68cd92261577230daa1098f7e05ec198c3c4281
(Notice the missing 'e')
Let's fix this by limiting the regex's scope to a non-SHA-1 tags only.
Previously with squash module, some binaries will be reinstalled, but
stripping happens before that so new installed binaries is not stripped.
So adjust the squash and strip order, ensure new installed binaries are
stripped just the same way with the old binaries.
Also split squash into two stage to make the split easier, move the
squash temp dir into initdir so stripping will cover that too,
and print more usefule message.
Signed-off-by: Kairui Song <kasong@redhat.com>
When you install a third-party driver, you will probably end in a
situation, where the module will be in a different directory and
in $depmod_module_dir you will only have symlink. If we resolve the
symlink before we pass the module path to instmod, the dracut-install
will only include the module with its original path, but not the
symlink. Hence the module can't be automatically loaded.
Dracut-install is clever enough to handle symlinks and will include both
the symlink and the module to the initrd.
In e54ab383 we moved the fips script to a later pahse of boot, since
the /boot might not be available early on.
The problem is that systemd-cryptsetup* services could be run now
started before the do_fips is executed and need the crypto modules
to decrypted the devices.
So let's split the do_fips and load the module before udev does the
trigger.
When DRACUT_SYSTEMD is set and DRACUT_QUIET=yes, vinfo returns 1. This
is a problem for hooks which end with vinfo, as then the hook returns 1.
Especially problematic if this is a shutdown hook, as it will be
restarted again and again.
This commit fixes that.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
on line 1086 it's used to check for the uefi_stub:
"${systemdutildir}/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub"
so it needs to be defined before that
The EFI executables produced by dracut --uefi must be placed in the
subdirectory /EFI/Linux of the EFI system partition (ESP) according to
the Boot Loader Specification, see
https://systemd.io/BOOT_LOADER_SPECIFICATION#logic
This is done correctly for the mount points /boot and /boot/efi, but for
the mount point /efi, the files are placed in /efi/Linux instead of the
correct /efi/EFI/Linux. This commit fixes the directory so that the EFI
executables are picked up correctly by conforming boot loaders.
Apart from complying to the specification, the change is also in line
with the commit message of 5c57209ba5
("dracut.sh: add default path for --uefi") which introduced this feature
as well as the documentation in dracut.8.asc.
If the network-manager plugin is used instead, it wouldn't write out
ifcfg files and we wouldn't have anything to check.
While at that, also enable the test.
The IFCFG test will make sure the network-legacy plugin keeps writing
out correct ifcfg files.
This is a separate commit so that actual changes are visible in the
following one.
If the root is on network, let nm-initrd-generator create configuration
even if none was explicitly specified on the command line.
Also do the same if /tmp/net.ifaces exists, because the anaconda plugin
creates an empty file in that location in hopes that will make us
configure the network.
On Fedora 30 the paritition sizes turn out to be too small again:
+ mkdir -p /sysroot
+ mount /dev/dracut/root /sysroot
+ cp -a -t /sysroot /source/bin /source/dev /source/etc /source/lib /source/lib64 /source/proc /source/root /source/sbin /source/sys /source/tmp /source/usr /source/var
cp: error writing '/sysroot/usr/lib64/libkrb5.so.3.3': No space left on device
cp: error writing '/sysroot/usr/lib64/libkrb5support.so.0.1': No space left on device
It turns out that there has been quite some size increase in some libraries,
notably glibc, though not all -- some even shrunk, ruling out a toolchain
problem. Here's are files over 1M we install on Fedora 30:
f29 f30
2.7M => 6.4M /usr/lib64/{libc-2.28.so => libc-2.29.so}
3.1M => 6.0M /usr/lib64/libcrypto.so.1.1.1c
2.0M => 3.5M /usr/lib64/{libm-2.28.so => libm-2.29.so}
2.9M => 2.8M /usr/lib/systemd/{libsystemd-shared-239.so => libsystemd-shared-241.so}
1.7M => 2.5M /usr/lib64/libunistring.so.2.1.0
2.3M => 2.4M /usr/lib64/bind9-export/libdns-export.so.1105.0.0
1.2M => 2.1M /usr/bin/bash
1.1M => 1.4M /usr/lib64/libkrb5.so.3.3
1.2M => 1.4M /usr/lib64/libgcrypt.so.20.2.4
612K => 1.1M /usr/lib64/libssl.so.1.1.1c
This increases the image sizes to accomodate for this. There's probably
little else we can do.
The kernel may only enable 'libfcoe' module. Some modules like bnx2fc
provides FCoE but only depend on 'libfcoe'. Loading 'fcoe' module may
fail but the kernel do support FCoE.
'libfcoe' will be installed as a dependency when installing block device
drivers if it's required. So no need to install it in installkernel.
Signed-off-by: Kairui Song <kasong@redhat.com>
When a module is compressed, uncompress it before packing into initrd.
Since initrd is already compressed, it makes no sense to put the
compressed module files.
The patch contains a slight refactoring and adds a helper function to
get the command for uncompressing a file per extension.
Bash 5 apparently longer propagates variable assignments to local variables
in front of function calls when in POSIX mode:
[lkundrak@demiurge ~]$ cat feh.sh
print_VAR () {
echo "$VAR";
}
testfunc () {
local VAR="OLD"
VAR=NEW print_VAR
}
testfunc
[lkundrak@demiurge ~]$ bash4 --posix feh.sh
NEW
[lkundrak@demiurge ~]$ bash5 --posix feh.sh
OLD
[lkundrak@demiurge ~]$ bash5 feh.sh
NEW
[lkundrak@demiurge ~]$
It works the way it did in Bash 4 in non-POSIX mode, for external programs,
or for non-local variables. Don't ask me why -- it's probably some
compatibility thing for some sad old people.
However, this precisely happens when fsck_single() is calling into the
fsck_drv_com(), assigned to _drv by fsck_able(). That ruins the
TEST-70-BONDBRIDGETEAMVLAN test's server and probably more.
Let's pass the fsck driver binary via the function argument instead. It's
less messy anyway.
- The network script and config could be in
"/etc/sysconfig/network-scripts", so try look for network config in
all possible path.
- The regex used for sed is not working, so fix it too.
- Make bootproto a local variable
Signed-off-by: Kairui Song <kasong@redhat.com>
The dracut-root-block-created line should not be created if we fail to copy
in the required files to sysroot. Let's turn on -e to trap failures and
poweroff on them, like some other tests do.
Also remove the &&. Not only it is unnecessary with -e, but defeats it.
From bash(1):
The shell does not exit if the command that fails is [...] part of any
command executed in a && or || list except the command following the
final && or || [...]
when system's default entropy sources are poor (e.g. use of SSD disks or
UEFI RNG not available)
On systems with low entropy at boot, the boot can take up to several
hours, specially when NBDE is used (e.g. clevis) which makes use of
the random number generator.
Enabling rngd service at boot early, because dracut-initqueue runs,
enables to initialize the random number generator in a couple of seconds
instead of minutes or hours.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
The commit 9f3c31cd8d ("99base: enable initqueue if extra devices are added")
only covers 'dracut --add-device' case, but it did not cover 'dracut --mount'
case, which causes the kdump failure in the Amazon virtual machine.
Lets make sure that the initqueue is enabled in both cases in order to wake up
the device in time.
Reported-by: Xiao Liang <xiliang@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
systemctl need to be accessible on switch-root, but we unmount the
squash image on switch-root, so it will fail. systemctl depends on a lot
of libraries, squash them can save more RAM. So allow modules
(eg. kdump) to tell dracut that switch-root will be intercepted,
then we don't need to take care of that.
Signed-off-by: Kairui Song <kasong@redhat.com>
If required target is a symbol link, create the link then following the
link. If it's a directory, create new directory, else just move it.
Signed-off-by: Kairui Song <kasong@redhat.com>
systemd binary and udevadm are not needed to be outside the squash
image. Some binaries are kept outside because they are required before
mounting the image, or after umounting the image (when switching root),
or they may block umounting the image. But we are using lazy umounting,
so actually nothing will block the umount.
Keep more binaries outside the squash image won't hurt but cost extra
memories, the idea of squash image is to save memory usage.
So, there is no reason to keep udevadm outside, that should be a debug
left over. For systemd binary, it's running when switch root happens,
But we have lazy umounted the image and overlay, once systemd process
exec the new systemd in new root, everything will be cleared by kernel.
Also tidy up the comment make it less confussing.
Signed-off-by: Kairui Song <kasong@redhat.com>
Previous in commit 7047294, dracut will include the loaded kernel module
list in initramfs, so other tools could check if the loaded kernel
module is changed and rebuild the host only initramfs in case some
module required to boot the machine is missing due to host only install.
It's better to use modalias list generated by dracut-install, that
list includes the device modalias list combined with current loaded
kernel module list. In this way, if any kernel module is yet to be
loaded when the initramfs is built, or got unloaded by accident the
module list will not change. This make the list more stable over
initramfs builds.
Signed-off-by: Kairui Song <kasong@redhat.com>
insmods will consider all arguments as optional modules by default, but
for squash module, all listed modules are required, if any of them is
missing the initramfs won't boot. So pass the '-c' argument to let instmos
know all those modules are mandatory, it will fail and give an error if
it failed to install any of those modules.
In commit [9d1b81c dracut.sh: improve udevdir and systemdutildir
fallback logic] , it checked a common binary `collect' to location
udevdir.
But upstream systemd drop binary `collect' since systemd v240
[a168792c2d]
So check binary `ata_id' to instead.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
The parse-fcoe.sh hook is sourced, and hence must not contain
exit 0 calls. Otherwise, the cmdline sequence will be interupted,
and no error will be reported to systemd. Use return instead.
Reference: boo#1136977
The upcoming kernel will have a support for loading compressed
firmware files, and this patch corresponds to that kernel change.
When a firmware file with the extra .xz extension is found, dracut
copies to initrd as fallback. Since initrd itself is compressed, the
file is uncompressed in initrd beforehand.
When using dracut with --hostonly and --no-hostonly-default-device,
/boot will be inaccessible as dracut will most fs modules unless
specified. But FIPS require /boot to be accessible, and it will try
to mount it on boot. It will fail if corresponding fs module is missing.
For most case /boot will be a simple partition, include the fs module
will be enough for FIPS to mount it. For other cases users have to pass
extra parameters by themselves.
Suggested-by: Kenneth Dsouza <kdsouza@redhat.com>
Signed-off-by: Kairui Song <kasong@redhat.com>
Let the caller pass in the module path instead of try to find the module
path everytime. This helps optimize the overall runtime.
Test results (3 rounds) on Fedora 30 in KVM VM with 8 CPUs, 2G memory, HDD:
$ time ./dracut.sh --local --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode 'strict' -o 'plymouth dash resume ifcfg' --mount '/dev/mapper/fedora-root /sysroot xfs defaults' --no-hostonly-default-device -f initramfs.img
Before the commit:
real 0m11.782s | real 0m11.505s | real 0m11.958s
user 0m9.169s | user 0m9.218s | user 0m9.327s
sys 0m10.839s | sys 0m10.829s | sys 0m10.925s
After this commit:
real 0m9.866s | real 0m9.580s | real 0m9.638s
user 0m9.048s | user 0m9.142s | user 0m9.120s
sys 0m7.411s | sys 0m7.775s | sys 0m7.745s
Test result of building a ordinary image:
$ time ./dracut.sh --local --quiet -f initramfs.img
Before the commit:
real 0m34.697s | real 0m34.371s | real 0m35.122s
user 0m27.608s | user 0m27.524s | user 0m27.705s
sys 0m22.341s | sys 0m22.032s | sys 0m22.246s
After the commit:
real 0m31.914s | real 0m31.006 | real 0m31.289ss
user 0m27.315s | user 0m27.324 | user 0m27.290ss
sys 0m19.051s | sys 0m18.916 | sys 0m19.022ss
This will have an ~2s speed up.
Signed-off-by: Kairui Song <kasong@redhat.com>
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 90: [: -eq: unary operator expected
The recent systemd upstream introduced a slightly modified version
string which included information about a git commit, which however
broke the version check in dracut. Unfortunately, the (( )) bash syntax
went along with it in certain cases and introduced a pretty nasty issue,
when the systemd would boot up but with slightly changed environment.
To prevent this from happening in the future, let's at least check if
the version parsed from the `systemd --version` output is a comparable
number.
Eliminate erroneous substring matches when looking up already processed keymaps to prevent necessary keymaps not getting added to the initramfs sometimes e.g. if there are the files 'compose.latin1' and 'compose.latin1.add' the unfixed version would skip processing 'compose.latin1' if find returned 'compose.latin1.add' first due to the directory listing not being in sorted order.
Images built with the fcoe module will always run the lldpad
service as part of their pre-trigger scripts if the network
is active. This prevents network installations in
environments where, for security reasons, LLDPDU frames
cause a switchport shutdown.
Add a new rd.nofcoe option to cause dracut to skip the
lldpad.sh script and the entire 95-fcoe module.
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
When the initramfs is built with squash module enabled, the content
inside squash image will be invisible from the lsinitrd tool. This
commit make lsinitrd detect and list the content of the squash image as
well to avoid possible confusion.
Signed-off-by: Kairui Song <kasong@redhat.com>
- allow emergency login on every console
specified in the kernel cmdline
- require password for hostonly images
- emergency mode: Manually multiplex emergency infos
This will bring all vital information to all ttys specified
as console devices, regardless of wether they hold the C flag.
Reference: FATE#325386
Reference: #449
busybox seems to not properly support this option,
and it can be be safely ommitted or replaced
with piping the output through head.
Rev 2:
* rebased on master
* addressed open points from review
Look for "connection-uuid" instead of "managed" to determine the devices
that are actually activated with a connection and call the online hook.
This fixes the anaconda-net root mount, which utilizes the online hook.
When building squash image, squash module forgot to install the new
shutdown.sh, and the shutdown hooks are always skipped on ordinary
shutdown if squash module is enabled.
The new shutdown.sh will remount the squash image and then everything
will just work, but currently re-mounting the squash image on shutdown
may have selinux problem and make the system hang, and there is no
easy way to fix it.
So skip fixing the shutdown.sh not being install problem, instead
just drop the new shutdown.sh, and unsquash the image on ordinary
shutdown, which is safer and should always work.
Signed-off-by: Kairui Song <kasong@redhat.com>
The kernel-install is called even if you run make install.
Since we don't call dracut with -f a second make install will fail
because initrd with same version is already there.
This makes kernel developers feel miserable.
https://bugzilla.redhat.com/show_bug.cgi?id=1642402
These dependencies cause an odd issue where swap devices specified
by resume= on the kernel command line will cause systemd device
timeouts to occur on boot. According to @haraldh these lines aren't
needed because the socket activiation will take care of it for us.
Removing these lines now as it fixes the resume= device timeout issue.
Fixes#480
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1641268
The only time we need to cleanup squahfs manually is on switch root, to
release resource and memory. We've covered that by setting
"Conflicts=initrd-switch-root.target" for squash cleanup service.
On shutdown systemd will take care of squahfs mounts. But for other
isolate, files in initramfs are most likely still required, so don't
clean up squahfs. For example, kdump's emergency handler will isolate
into its own target, if squahfs is cleaned up it will fail.
Signed-off-by: Kairui Song <kasong@redhat.com>
commit 7347391 ('network-legacy: split off from network module')
splitted network function to network-legacy and removed check() function
of 40network. This caused 40network to be included even if network is
not needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
70291e0 ('dracut.spec: Add dracut-squash package') introduced a new
dracut-squash package, but by accident it overrided some other package
spec and the dependency name is wrong. This patch will fix it.
The previous logic would not handle absolute paths on the left side of
the "=>" properly. For example, on Gentoo ARM64, ldd outputs this:
/lib/ld-linux-aarch64.so.1 => /lib64/ld-linux-aarch64.so.1
At runtime, the kernel tries to load the file from /lib, and fails if we
only provide it in /lib64.
Instead of looking for the first slash after the "=>", just look for the
first slash, period. This would fail if we somehow had a relative path
on the left side (foo/libbar.so), but I'm not aware of any binaries that
would contain such an entry in DT_NEEDED.
Bug: https://bugs.gentoo.org/667752
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
It parses depmod configuration and scans modules.dep for kernel modules
present in directories supplied in "overrides", "external", and "search"
depmod configuration options. The resulting list of (absolute) kernel
module paths is then supplied to instmods.
* modules.d/90kernel-modules-extra/module-setup.sh: New file.
* dracut.spec (%files): Add
%{dracutlibdir}/modules.d/90kernel-modules-extra.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
ln: failed to create symbolic link '/usr/lib/systemd/system/sockets.target.wants/iscsid.socket': Permission denied
ln: failed to create symbolic link '/usr/lib/systemd/system/sockets.target.wants/iscsiuio.socket': Permission denied
No way. Just ensure the links are there in the initramfs image. In fact,
that is already the case for iscsiuio.socket. Add iscsid.socket too.
If the network module obtained a lease using dhclient, NetworkManager
must be configured to use it too, otherwise it would obtain a different
lease (and could potentially break a connection to the network volume).
With all files stored in ramfs, and most of them are not compressed,
the initramfs will take up a lot of memory. Besides, if the file number
is large, each file will waste some memory due to page fragmetation.
This is due to ramfs' design, at least one page will be allocated for
one file however small the file is. On machine with large page size,
this will become worse and waste too many memory.
One approach to reducing the memory usage is to reduce the number of
files that got directly loaded into the root ramfs, and compress files
by put most files will into a read-only squash image and keep a minimum
set of executable and libraries outside as the loader for the squash
image. After the squash image is mounted, the real 'init' will be
executed and then everything behaves as usual.
This patch will introduce a '99squash' module which will never be
included by default. User can force add it, and if it is included,
dracut will perform some extra steps before creating the final image:
For now, "/etc" and "/usr" will be moved into the squashfs image.
"/init" will be renamed to "/init.stock" and replaced by "/init.squash".
Files and folders need to be accessible before mounting the image will
be still avaliable at their original place. And due to squashfs is
readonly, an overlayfs layer will be created on top of squashfs mount
point, as many dracut module require readwrite access to "/etc" and
"/usr", "init.squash" will ultimately call "/init.stock".
An extra systemd service will be installed. This service will umount all
squashfs related mount points right before switch-root to release
resources properly. This service will not actually do anything if
switch-root is not used.
This is very helpful when mem resource is very limited, like Kdump.
According to my tests, this squash module can help save about 35MB of
memory with 64K page size, or about 15MB with 4K page size on an
ordinary kdump capture routine. This module could also help reduce
memory usage for normal boot up process.
Won't change any behavior if squash module is not enabled.
Signed-off-by: Kairui Song <kasong@redhat.com>
Lets not unnecessarily rely on __WORDSIZE, which is not clearly specified
by any spec. Use explicit size comparisons if we're not interested in the
WORDSIZE, anyway.
Patch ported from systemd.
(commit 8507eb20b64010b26f23822cbf442bb0bf96511c)
Original-patch-by: Emil Renner Berthing <systemd@esmil.dk>
Bug: https://bugs.gentoo.org/602122
On my system the following initrd-release is generated:
...
VERSION="4 dracut-048 dracut-048"
...
VERSION is not defined in /etc/os-release, so the variable is
concatenated with its previous value:
* "4" comes from the kernel build system since dracut is called from the
kernel install hook ("4" is a major kernel version);
* first "dracut-048" comes from the "systemd-initrd" module;
* second "dracut-048" comes from the "base" module.
This is what happened before this patch (edited for brevity):
dracut-cmdline-ask.service in modules.d/98dracut-systemd, which invokes
dracut-cmdline-ask.sh. This script and systemd-vconsole-setup are
started in parallel for the same console (tty1).
Then dracut-cmdline-ask quits immediately without doing anything (unless
rd.cmdline=ask is given). As this is a bash script and it gets tty as
stdin as specified in its *.service, this triggers the hangup of tty1 at
its exit.
Meanwhile systemd-vconsole-setup continues and tries some ioctls after
that, but they fail because of the hung up tty1.
The usual culprit for starting systemd-vconsole-setup early on is
plymouth-start.service, even if plymouth.enable=0 is set.
A popular (and annoying) symptom of this as reported by users was
the inability use their configured keyboard layout in plymouth when
unlocking their crypted block devices.
Reference: boo#1055834
When extra devices are added, initqueue should be enabled to make sure
those devices are present, so following services and routines could
use those devices.
See PR #442 for more detail.
Use multiple lower layer directories in a single OverlayFS mount with
a transient overlay directory.
Tolerate a command line with rd.live.overlay.readonly and NO persistent
overlay by reconfiguring the OverlayFS mount options.
Use more compatible shell syntax for testing symlinks, and use printf
instead of echo -e.
A simplified root filesystem structure may be provided for OverlayFS
overlays by squashing the root filesystem directly instead of squashing
an embedded image file at /LiveOS/rootfs.img. Detect and configure
such a squashed root filesystem for live booting.
For OverlayFS boots, avoid the read-only Device-mapper linear device
at /dev/mapper/live-base.
Create a consistent device link at /dev/live-base for the read-only
base loop device for all overlayed live root filesystems.
Consistently provide a link at /dev/root for wait_for_dev.
Update documentation.
Adjust sysroot.mount configuration for rd.live.overlay.overlayfs option.
Use link at /dev/root as a consistent flag for wait_for_dev.
Adjust documentation.
The old code used /tmp/net.$netif.resolv.conf with $netif being randomly
chosen.
As it is not known which nameserver have which priority, just sort them
and deduplicate.
This is needed since few gpio/pinctrl can be built as modules and are
useful on early boot.
One example is jetson-tx1 where sata and external mmc can work only
after loading pinctrl-max77620 and gpio-max77620 modules.
Having theses kind of drivers bundled into the initramfs will also
avoid some deferred probes.
V2: add pinctrl for all arches
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Currently, when trying to unpack or print the content of multiple
files, lsinitrd will decompress the image and pipe the decompressed
content to cpio to retrive each file if the image is compressed.
Which mean if we want to extract 10 files the image will be decompressed
10 times, which is a waste of time.
This patch will let lsinitrd decompress the image file to a temp file
first if multiple file names are given, then cpio will read from the
decompressed temp file, which will speed up a lot.
Time consumption test for command:
`lsinitrd initramfs-4.16.15-300.fc28.x86_64.img \
usr/lib/dracut/build-parameter.txt \
usr/lib/dracut/modules.txt \
etc/machine-id \
etc/hostname \
usr/lib/udev/rules.d/99-systemd.rules`
Before the patch:
2.37user 0.33system 0:02.12elapsed
After the patch:
0.50user 0.42system 0:00.72elapsed
There would be a more significant time difference if we try to
extract more files.
Before this patch, "--unpack" will always unpack the whole image.
Make "--unpack" be able to unpack only certain files, it will be
easier to retrieve files from initramfs image.
Signed-off-by: Kairui Song <kasong@redhat.com>
Add module for setting correct timezone.
References: bnc#830060
For now, this module will not be included automatically due to different
expectations (see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=981617)
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
A hostonly image will not include every possibly required kernel module,
so if any hardware or configuration changed, the image may fail to boot.
One way to know if there are any hardware change or configuration change
that will require an image rebuild or not is to check the loaded kernel
module list. If the loaded kernel module list differs from last build
time, then the image may require to be rebuilt.
This commit will let dracut record the loaded kernel module list when
the image is being built, so other tools or services can compare this
list with currently loaded kernel modules to decide if dracut should be
called to rebuild the image.
To retrieve the loaded kernel modules list when an image is built, use
lsinitrd command:
lsinitrd $image -f */lib/dracut/loaded-kernel-modules.txt
if rd.md.uuid is in ID_FS_UUID format with dashes
e40a0234-7e52-5f10-f267-658d8ec463fa
convert it for the /dev/disk/by-id/md-uuid-${uuid} format
e40a0234:7e525f10:f267658d:8ec463fa
Check for a common binary in systemdutildir. This resolves an issue on
split-usr systems, where it is common to have both /lib/systemd[/system]
and /usr/lib/systemd[/user] present.
Check for systemd-udevd specifically, since some distros (Gentoo) allow
udev to be installed without the rest of the systemd stack.
Similar logic is applied to udevdir simply for consistency.
This commit basically reverts 5ce7cc73
90-multipath-hostonly module was added in 5ce7cc73, because if hostonly
mode is enabled, multipath module will always hardcode wwids which
causes problems when the initramfs is cloned to another system with same
hardware.
Now with tri-state hostonly mode, the two modules could be merged and only
hardcode wwids when "strict" hostonly mode is enabled.
Only pick rules for interfaces which have a carrier in the running
system. Those interfaces will be assembled by udev to allow booting
from those devices (i.e. iSCSI).
Reference: FATE#323440
Add a new option --hostonly-mode which accept an <mode> parameter, so we have a tri-state hostonly mode:
* generic: by passing "--no-hostonly" or not passing anything.
"--hostonly-mode" has no effect in such case.
* sloppy: by passing "--hostonly --hostonly-mode sloppy". This
is also the default mode when only "--hostonly" is given.
* strict: by passing "--hostonly --hostonly-mode strict".
Sloppy mode is the original hostonly mode, the new introduced strict
mode will allow modules to ignore more drivers or do some extra job to
save memory and disk space, while making the image less portable.
Also introduced a helper function "optional_hostonly" to make it
easier for modules to leverage new hostonly mode.
To force install modules only in sloppy hostonly mode, use the form:
hostonly="$(optional_hostonly)" instmods <modules>
Signed-off-by: Kairui Song <kasong@redhat.com>
Dracut uses the module deps to determine module dependencies
but that only works for modules with hard symbolic dependencies.
Some modules have dependencies created via callback API's or other
methods which aren't reflected in the modules.dep but rather in
modules.softdep through the use of "pre:" and "post:" commands
created in the kernel with MODULE_SOFTDEP().
Since in dracut we are only concerned about early boot, this patch
only looks at the pre: section of modules which are already being
inserted in the initrd under the assumption that the pre: section
lists dependencies required for the functionality of the module being
installed in the initrd.
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
For EFI systems, the BLS fragments were stored in the EFI System Partition
(ESP) while in non-EFI systems it was stored in /boot.
For consistency, it's better to always store the BLS fragments in the same
path regardless of the firmware interface used.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The code in 50drm which tries to include all DRM drivers for
hardware attached to the system did not look for virtio devices.
So if the system is a VM using the 'virtio' graphics adapter,
the 'virtio-gpu' module which should be included is not. This
extends the code to also look for virtio devices.
https://bugzilla.redhat.com/show_bug.cgi?id=1593028
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Since the kernel doesn't allow using any non-FIPS-compliant crypto
algorithms, it doesn't make sense to install them. Even if they are
installed, tcrypt will not test them anyway.
Tested on Fedora 28 x86_64 by booting with fips=1 (with hand-patched
module-setup.sh).
This patch cleans up the default list of kernel modules in the 01fips
dracut module. All the algorithms that are tested in tcrypt are listed
by their algorithm name so that all the generic implementations and
drivers are picked up automatically based on the module alias.
This drops several unneeded modules and even a bogus one (rot13 -- this
one was obviously copy-pasted from tcrypt.c where it was listed as an
easter egg :).
The patch adds also some algorithms that weren't included in the
original set. It turns out in FIPS mode we only need those algorithms
that are marked as FIPS-allowed in testmgr.c (failure to find a non-FIPS
algorithm is ignored). The non-FIPS algorithms are further removed in a
subsequent patch.
since kmod-25 keyword "external" was implemented in order to avoid
additional actions(like weak-modules) when kernel was updated, which
makes it more simple while kernels' kabi were compatible.
but if move some special modules such as megaraid_sas, mpt3sas and
so on, to a external path like /opt/modules, these modules will not
be install to initramfs by default, which make the initramfs can't
be used to boot for disk detection failure.
according to kmod's document, you must specify a absolute path with
"external" keyword, so scan the lines in modules.dep that begin with
"/" and install them, to make sure necessary modules in external path
can be installed to initramfs too.
Signed-off-by: Hui Wang <john.wanghui@huawei.com>
After the $COMMAND case statement, the exit status of the last executed
command is added to the $ret variable.
But for the "add" pattern, this last executed command is an arithmetic
expression that also adds the exit status $? to the $ret variable. If
both $? and $ret are 0, then the arithmetic expression evaluates to 0
so is considered false and has an exit status of 1.
This makes the script to wrongly exit with an status code of 1 when it
should had been 0.
case "$COMMAND" in
add)
...
((ret+=$?))
# $ret is 0 here
;;
...
esac
((ret+=$?))
# $ ret is 1 here
exit $ret
Since $ret is set in the case statement, just exit with that status code
and remove the last arithmetic expression that wrongly sets $ret to 1.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The main 01fips module should always load all optimized/driver modules
of all relevant crypto algorithms (based on their aliases), so we can
drop this useless module.
Commit bf5c53a implements support for mounting LUKS devices with
detached headers; however, it assumes that the LUKS device sits on an
unpartitioned disk.
Mirroring the `rd.luks.serial` option, this commit implements the
`rd.luks.partuuid` cmdline option, supporting headless LUKS devices on
drive partitions.
When dracut silently produces a broken initramfs, then the system will
likely not boot and this can be very problematic. Typical use case is
after the kernel has been updated.
It appears that dracut is not protected against the BASH_ENV variable,
causing various scripts called by dracut to possibly fail or provide
wrong output (e.g. "ldd" is one of these).
Having a broken output for "ldd" makes the generated initramfs be not
usable, typically because vital binaries will be missing (e.g.
"awk", "udevadm", ...).
Note: because the shebang line cannot contain more than one argument,
the '--norc' option had to be removed. IMHO, it was useless anyway.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
In kdump, if dump-target is ssh on ipv6, we need to sync until ipv6 addr
is ready. Currently ip=auto6/dhcp6 provides such function. But in 1st kernel,
it is hard to know whether the ipv6 addr is got by dhcpv6 or SLAAC.
E.g ifcfg-eth* contains DHCPV6C=yes direction, but there is no dhcpv6
server in the network, and then after the system is up, the user
echo 1 > /proc/sys/net/ipv6/conf/eth0/autoconf && accept_ra by manual
to obtain a ipv6 addr. Or vice.
So this patch suggests to make dhcpv6 as auto6 fallback
Signed-off-by: Pingfan Liu <piliu@redhat.com>
If a process (maybe plymouth) was still pinning /oldroot, then shutdown
would
- kill -9 $pid
- umount_a
- umount_a
in a very short timeframe. A small sleep hopefully lets the scheduler free
up /oldroot in the mean time.
It's possible for e.g. `kernel` to be installed as an RPM BuildRequires or equivalent,
and there's no reason to sync, and *definitely* no reason to fsfreeze.
Another case where this happens is rpm-ostree, which performs its own sync/fsfreeze
globally. See e.g. 8642ef5ab3
Convert the s390x into s390 to also include s390-specific crypto
modules, for example, aes_s390 into the initramfs.
Signed-off-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Some distros have both /usr/lib/plymouth and /usr/libexec/plymouth
directorirs, so we should check the existance of plymouth-populate-initrd
script.
Fixes: 421b46f8ae
Commit 5e574046e76e ("5?-dracut*.install: Allow scripts to install
the initramfs in /boot dir") added support to generate initramfs
images in the /boot directory and copy the respective BLS files.
Unfortunately, it broke the rescue initramfs generation when it's
not installed on /boot due not checking for the correct condition.
It checks for the 0-rescue sub-dir to exist, but this is created so
instead if the parent sub-dir exists has to be checked. Also, check
if the destination directory is /boot or not, instead if it exists.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/dracut-init.sh:939:20: error: Argument to implicit -n is always true due to literal strings. [SC2157]
937| dracut_kernel_post() {
938| for _f in modules.builtin.bin modules.builtin modules.order; do
939|-> [[ $srcmods/$_f ]] && inst_simple "$srcmods/$_f" "/lib/modules/$kernel/$_f"
940| done
941|
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh:18:12: error: This expression is constant. Did you forget a $ somewhere? [SC2078]
16| elif [ -e /sbin/syslogd ]; then
17| syslogtype="syslogd"
18|-> elif [ /sbin/syslog-ng ]; then
19| syslogtype="syslog-ng"
20| else
Error: SHELLCHECK_WARNING:
/usr/lib/dracut/modules.d/90crypt/crypt-lib.sh:15:29: error: Since you double quoted this, it will not word split, and the loop will only run once. [SC2066]
13| strstr "$d" "${luks##luks-}" && return 0
14| if [ -n "$dev" ]; then
15|-> for _dev in "$(devnames $d)"; do
16| [ "$dev" -ef "$_dev" ] && return 0
17| done
The GRUB 2 bootloaders expect the initrd to be installed in /boot instead
of /boot/$MACHINE_ID/$KERNEL_VERSION/{linux,initrd}, so if that directory
doesn't exists, install the initramfs images on the /boot directory.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
If no network related params are specific, but rd.neednet=1 is set,
the default initqueue action is to wait until one of the network
interfaces is marked as setup properly.
This also help with initqueue's race condition when the network interface
shows up late
References: bnc#866771
Signed-off-by: Hannes Reinecke <hare@suse.de>
The existence of dpkg-achitecture is not indicative of a debian
installation. It may well be installed on systems of people who
package for both distros. The previous code path did not take
that into account.
We now traverse all known plymouth directories, locking on the first
valid one, and try to work with it.
At the same time, we do not include the module if the plymouth directory
could not be found.
Previously if no symmetric key was configured for EVM, then the
initialization process was aborted. It can be a valid use case, however,
to only use EVM digital signatures. In this case only X.509 certificates
need to be loaded.
With this change EVM initialization will continue if any of the
symmetric or X.509 keys could be loaded.
This implements logic analogous to the one already implemented in
ima-keys-load.sh, only for the .evm/_evm keyrings.
If the kernel was built with CONFIG_IMA_TRUSTED_KEYRING then the kernel
initially creates and configures .ima and .evm keyrings. These keyrings
only accept x509 certificates that have been signed by a local CA which
belongs to the kernel builtin trusted keyring.
Thus if such a keyring is already present then additional evm keys
should be loaded into them. If this is not the case then the _evm
keyring needs to be created in userspace and keys will be loaded into
it instead.
Before this change dracut always created the _evm keyring and loaded
keys into it without considering an existing .evm keyring. In case of
CONFIG_IMA_TRUSTED_KEYRING being enabled, the _evm keyring will not be
used by the kernel, however, and EVM digital signatures will not work as
expected.
We initially enabled it for Haswell TSX bug (mga#16657)
Now there is also Meltdown and Spectre security issues,
and more microcode issues will most likely show up...
So the sane default for 'early_microcode' to have it enabled,
as theese changes must be done early in boot process to take
effect as intended.
Update documentation accordingly.
Reference: https://bugs.mageia.org/show_bug.cgi?id=16657
Signed-off-by: Thomas Backlund <tmb@mageia.org>
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
There is currently no way to override dracut's preference for
/dev/mapper device names. But using these is problematic in
different scenarios: For example, if a user has a multipath-
enabled system but wants to disable multipath, or if the
names of multipath maps change because of configuration changes
(e.g. toggling user_friendly_names in /etc/multipath.conf).
This patch makes dracut prefer the user-specified
--persistent_policy names over /dev/mapper names.
It might be worthwhile to discuss why dracut prefers /dev/mapper
of /dev/disk/by-uuid at all. This preference was introduced
in 9037b63e with the argument "dm devices maintain /dev/mapper/* as
persistent names", but that's wrong for the scenarios mentioned
above, and is not a compelling reason for preferring /dev/mapper
over /dev/disk/by-uuid.
References: bsc#908143
Signed-off-by: Martin Wilck <mwilck@suse.de>
As the 'multipath' program will be triggered directly from
udev events it will be called before the multipath service
unit has started up. Which means we cannot rely on the
service unit to load the module for us, but we rather
have to do it early before udev is started.
References: bsc#986734
Signed-off-by: Hannes Reinecke <hare@suse.com>
Instead of trying all /dev/mapper/* devices to match the maj:min, and
get the VG name with "lvm lvs", use the dm/name from /sys and dmsetup
splitname.
This should speedup execution with lots of LVs.
81cio_ignore: handle cio_ignore commandline
References: bnc#874902
Incorporates following on-top patches/fixes:
----------------------------
Subject: 81cio_ignore: skip module if cio_ignore is not active
When cio_ignore is not active we should skip the entire module
during boot; otherwise it'll lead to adverse effects.
References: bnc#882685
----------------------------
Subject: 81cio_ignore: rewrite module
Rewrite cio_ignore module to rely on the dracut commandline
parameter 'rd.cio_accept', which takes a comma-separated list
of CCW IDs. Each of those IDs are being removed from the
list of devices from cio_ignore.
The default values for rd.cio_accept are taken from
/boot/zipl/active_devices.txt.
References: bnc#882685
-----------------------------
Subject: More empty cmdline fixes
This fixes up some more modules which might print out empty
commandline files.
-----------------------------
Subject: Mark scripts as executable
All scripts need to be marked as executable, otherwise dracut
won't be running them.
References: bnc#887010
Signed-off-by: Thomas Renninger <trenn@suse.de>
According to Cathy Zhou <Cathy.Zhou@Oracle.COM>:
"iscsistart is not designed to be working together with iscsid. When an
interface gets the dhcp offer successfully, the iscsiroot script is run
which starts the iscsistart service to establish the iSCSI session. With
the existence of iscsid, the iscsistart service's attempt to setup its
own mgmt ipc fails. Instead, the request to login to the iscsi target
is handled by the mgmt ipc of iscsid. After iscsistart finishes its
login attempt, it eventually sends a stop_event_loop request to stop
the mgmt process. As the result, it terminates iscsid."
So, iscsid is kicked out again.
Additionally iscsistart-flocked is used to make sure iscsistart is not
run in parallel.
91zipl tries to read the filesystem for the /boot/zipl device.
On SLE12, however, the ext2 and ext3 filesystems are handled
by the ext4 module.
And due to bug#886839 no error is registered and booting fails.
So implement a band-aid to translate it into ext4.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Add new module to update the dracut commandline values
during booting with the values found in the file
dracut-cmdline.conf on the device specified by
rd.zipl.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Contrary to the original patch, this one has been modified
to check for /boot/zipl, the location of the first stage kernel
in indirect boot, in order not to install on systems
booting directly via zipl.
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
When the system boots with EFI, then initrd image is stored
on EFI System Partition. Thus dracut always warn about the
failure to invoke fsfreeze on the partition.
This prevents to run fsfreeze on ESP and suppress the warning.
Add s390 dcssblk driver and introduce rd.dcssblk= to pass mounts
that should get activated at initrd stage.
References: FATE#308263
Signed-off-by: Hannes Reinecke <hare@suse.de>
Allow filesystem modules to install a fs-specific text file with
instructions on what to do when mount fails. This is printed when we go into
an emergency shell.
Signed-off-by: Mark Fasheh <mfasheh@suse.de>
- dracut replaced every instance of "-i" in the cmdline,
even if it was part of a kernel image name, e.g. "vmlinuz-i"
- Fixes boo#908452
Signed-off-by: Fabian Vogt <fvogt@suse.com>
Adjusted to not support "dracut -ifoo bar", as this breaks expected
upstream behavior.
8f5c5 broke the case where BOOT_IMAGE is not set at all.
This code should handle following:
1) BOOT_IMAGE not set
2) BOOT_IMAGE set to something unrelated (s390)
3) BOOT_IMAGE=vmlinuz-4.14.7-300.fc27.x86_64
4) BOOT_IMAGE=/vmlinuz-4.14.7-300.fc27.x86_64
5) BOOT_IMAGE=/boot/vmlinuz-4.14.7-300.fc27.x86_64
6) BOOT_IMAGE=subdir/vmlinuz-4.14.7-300.fc27.x86_64
7) BOOT_IMAGE=/subdir/vmlinuz-4.14.7-300.fc27.x86_64
8) BOOT_IMAGE=/boot/subdir/vmlinuz-4.14.7-300.fc27.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1415032
Using the module option 'scsi_mod.scan=manual'
this implements LUN masking by selectively enable only those
devices required for booting.
References: bsc#954600,FATE#319786
Signed-off-by: Hannes Reinecke <hare@suse.de>
Now that we are using persistent network names we can switch
to using the interface names when specifying the fcoe configuration.
With that we can print the fcoe configuration only once.
Signed-off-by: Hannes Reinecke <hare@suse.com>
Occasionally the FCoE connection might be reset after fipvlan was
called, causing the FCoE connection to be dropped and boot to fail.
For these cases we should be adding a timeout entry for the
initqueue to have a failsave mechanism to re-run fipvlan in
these cases.
References: bsc#1052840
Signed-off-by: Hannes Reinecke <hare@suse.com>
bnx2fc doesn't _actually_ need fcoemon, so fipvlan is sufficient
to start the FCoE connection.
And, in fact, fcoemon is started for every interface, causing
subsequent invocations to fail with
fcoemon[1157]: error 98 address already in use
and fcoemon tearing down the connection.
References: bsc#1052840
Signed-off-by: Hannes Reinecke <hare@suse.com>
The 'mode' argument was never referenced in the printf format, causing
invalid rules to be written.
References: bsc#1036323
Signed-off-by: Hannes Reinecke <hare@suse.com>
We should be disabling the FCoE connection (which triggers sending
a LOGO internally) to logout from the target; this resets the target
and will avoid hitting a busy condition during reboots.
References: bsc#994860
Signed-off-by: Hannes Reinecke <hare@suse.com>
fcoemon is well capable of figuring out whether a vlan should
be used, so there's no need to disable the AUTO_VLAN feature.
References: bsc#995019
Signed-off-by: Hannes Reinecke <hare@suse.com>
Old code did not work for two most common use-cases.
On most machines BOOT_IMAGE is set to something like
/vmlinuz-4.11.3-202.fc25.x86_64. So if we just add prefix "/boot/."
it won't work. Also on machines without /boot on separate partition
BOOT_IMAGE already has the /boot/ prefix (/boot/vmlinuz-3.10.0-799.el7.x86_64).
So let's strip it in such case.
https://bugzilla.redhat.com/show_bug.cgi?id=1415032
The needle argument in this specific case is a pattern, which cannot be
matched by the "literal" string matcher strstr.
This can result in fsck calls like:
e2fsck -a -y /dev/sda1
Which will then exit with an error like:
e2fsck: Only one of the options -p/-a, -n or -y may be specified.
Hence, it is necessary to use the strglobin function to correctly match
the pattern.
The "host" command may also print something else than
"asdf.local.lan has address 1.2.3.4", like:
"rootserver.local.net is an alias for rainbow.local.net.".
So "head -n1" is not enough.
Fixes boo#955592
References: boo#965477
fcoe-uefi gets included by default on EFI systems,
as it does not do the same check that fcoe does,
therefore needlessly pulling in network modules.
This patch copies the check from fcoe to fcoe-uefi.
We're now parsing the 'rd.dasd' parameter from 95dasd_rules, so
setting the 'dasd_mod' module parameter should be dropped here.
Signed-off-by: Hannes Reinecke <hare@suse.de>
There is no point trying to delete partitions; dmraid works
happily even with them. On the contrary trying to delete partitions
can even be harmful when eg dmraid should _not_ be started.
References: bsc#998860
Signed-off-by: Hannes Reinecke <hare@suse.com>
DM devices might be located on top of MD devices, so we need to
call the DM shutdown script before MD shutdown. The exception
here are multipath devices, which are below MD devices.
So skip removing multipath devices here to avoid spurious errors.
References: bsc#994860
Signed-off-by: Hannes Reinecke <hare@suse.com>
When calling the shutdown script we need to take care of traversing
the device-mapper tables, otherwise we might end up trying to remove
a device-mapper device which still has another one stacked on top
and the removal will fail.
References: bsc#994860
Signed-off-by: Hannes Reinecke <hare@suse.com>
local-fs-pre.target serves as a separator between the code for
detecting block devices and systemd's fsck/mount logic. This
patch ensures that multipathd is started before local-fs-pre.target
in the initrd. By adding a "Wants=" line for local-fs-pre.target,
it makes sure that this target is started at all.
References: bsc#1006118
Signed-off-by: Martin Wilck <mwilck@suse.de>
===================================================================
SLES11 provided a kernel commandline option 'multipath=off',
so dracut should be parsing the option, too.
References: bsc#1001691
Signed-off-by: Hannes Reinecke <hare@suse.com>
As the device-mapper module is removing all device-mapper tables
during shutdown we need to make sure to disable queuing on the
multipath devices; otherwise there might still be I/O pending
and the removal will fail.
References: bsc#994860
Signed-off-by: Hannes Reinecke <hare@suse.com>
We need to wait until udev has processed all events, otherwise we'll
risk of misdetecting devices. This might cause a temporary interruption
during which multipath removes a device-mapper device, which then
causes a booting failure.
References: bsc#986734
Signed-off-by: Hannes Reinecke <hare@suse.com>
References: bsc#930019
If rootfs is on multipath, but platform does not have an /etc/multipath.conf
file which is not urgently needed, they system will not boot, due to:
multipathd is not started and rootfs and swap are not found:
systemctl status multipathd.service
* multipathd.service - Device-Mapper Multipath Device Controller
Loaded: loaded (/usr/lib/systemd/system/multipathd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Thu 2015-05-07 11:49:11 CEST; 7min ago
ConditionPathExists=/etc/multipath.conf was not met
and exit to dracut shell.
With hostonly enabled, only modules that are currently
loaded are included in the initrd. Modules which are
explicitly listed in modules-load.d do not need to
be filtered that way. Fix for boo#962224.
FCoE can run in Fabric (ie FCF) or VN2VN mode, so we should allowing
to set this parameter from the commandline, too.
Signed-off-by: Hannes Reinecke <hare@suse.com>
When lldpad is not running, any calls to 'dcbtool' will be printing
out a warning. As it perfectly legit to have FCoE running without
DCB we should not be printing out the error.
Signed-off-by: Hannes Reinecke <hare@suse.com>
If the installation already has a FCoE configuration we should
not attempt to overwrite it but rather use the pre-defined
configuration.
References: bsc#993861
Signed-off-by: Hannes Reinecke <hare@suse.com>
Check first if we're running off an bnx2x device and start FCoE on it
via fipvlan, then go the normal/Intel way of starting DCB.
Also the SUSE version of fcoemon needs the yes parameter for the
--syslog option
References: bsc#982588
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.com>
The recently upstreamed virtualbox video driver (vboxvideo) is shipped
in the staging directory. We need to probe it before Xorg is loaded to
avoid a corrupted X.
In general it is a good practice to look also in the staging directory
for DRM drivers.
Signed-off-by: Carlo Caione <carlo@endlessm.com>
This was removed from systemd almost two years ago in
c550f7a9b89d017215af084288bc44f736f774fe, so dracut should drop support
as well.
Reference: bsc#1067279
The caller of "for_each_host_xx func" needs to tell three cases:
func success/ fail / not be called.
E.g, in kdump case, host_devs can be empty, and we want to know it.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
Although no device uses multipath, the module checks
for presence of the multipath binary first, printing a
warning if not present. This patch fixes the wrong ordering.
Fix issue #279 supercede PR #299
Fix bug https://issues.openmandriva.org/show_bug.cgi?id=2219
Replace Bashisms in the boot message for a missing overlay.
Verify presence of plymouth before calling it.
(Rework of commit f1b65e92af5e3f9df79f99e55d5aa936c9bca940.)
Previously, dracut would only copy the first one found. However,
with legacy maps for some locales around, there is a chance we
pick the wrong one. Pick all matching keymaps instead
Reference: boo#1065058
If no iscsi session information can be retrieved from the firmware
then skip the iscsi attachment and allow the boot process to continue.
Ensure the timeout scripts don't hit their timeout waiting for
/tmp/iscsistarted-firmware to be created.
This will allow a common image to be used for servers with both a
local and iscsi root with rd.iscsi.firmware set.
Some of the more complex devices now need rpmsg and hwspinlock in the early boot
process to start, and these to the initrd, and pull in usb/misc because
apparently non standard usb hubs are a thing.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Type=oneshot, as currently set in dracut's emergency service file,
causes an awkward situation if emergency mode is entered e.g. because
of a root device timeout, and the root device appears later because it
just has taken longer than the timeout. In that situation, my
expectation (backed by past positive experience) is that the user should
be able to simply exit the emergency shell and resume normal boot.
:/# systemctl status sysroot.mount
● sysroot.mount - /sysroot
Loaded: loaded (/proc/cmdline; bad; vendor preset: enabled)
Active: active (mounted) since Mon 2017-10-09 14:32:15 CEST; 16s ago
Where: /sysroot
What: /dev/mapper/3600601600a30200024fbbaf3f500e411-part5
Docs: man:fstab(5)
man:systemd-fstab-generator(8)
Process: 1873 ExecMount=/usr/bin/mount /dev/disk/by-uuid/63751805-6abc-46a3-a66f-427920dece4d /sysroot -o ro (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
:/# systemctl list-jobs
JOB UNIT TYPE STATE
56 emergency.target start waiting
57 emergency.service start running
2 jobs listed.
:/# exit
logout
Failed to start default.target: Transaction is destructive.
(system keeps idling from this point on, user has no chance to
do anything).
This results from the combination of two effects:
1) initrd-root-fs.target sets "OnFailureJobMode=replace-irreversibly",
2) emergency.service's Type=oneshot causes the start jobs for both
emergency.service and emergency.target to persist while the user is in
the emergency shell.
When the shell is exited, systemd tries to isolate "initrd.target"
again, but this fails with "the transaction is destructive" error
because of the still pending jobs.
This patch fixes this by changing the Type of "emergency.service" from
"oneshot" to "idle".
JobRunningTimeoutSec now affects how long can start jobs for device
units stay in the "running" state. Disabling default job timeout via
JobTimeoutSec=0 doesn't disable running state timeout. We need to set
running state timeout as well.
Note that doing this the other way around has effect on generic timeout,
i.e. disabling running state timeout disables generic timeout. But doing
it this way we would create implicit dependency on fairly new
systemd-234. However, by setting both options we don't create dependency
on specific systemd version.
A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS".
Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file.
- Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test).
- Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs.
- Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality).
- Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}.
Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header.
Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
Some Combined Network Adapters(CNAs) implement DCB protocol
in firmware, it is recommended that do not run software-based
DCB or LLDP on CNAs that implement DCB, but we have to start
the lldpad service anyway(there might be other software DCB).
If the network interface provides hardware DCB/DCBX capabilities,
the field DCB_REQUIRED in "/etc/fcoe/cfg-xxx" is expected to
be set to "no".
We met an issue on "QLogic BCM57810" with DCB firmware support,
and found dracut still generated "fcoe=<mac>:dcb" which caused
kdump boot failure when using that fcoe dump target.
This patch parses /etc/fcoe/cfg-xxx to detect DCB_REQUIRED="no",
and force "nodcb" if it is the case.
Also improved some coding style in passing.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
The MTU is only being set on the slave devices and the MTU of the
bonding master is not being updated. This updates the bonding master and
also changes the MTU on the slaves as expected.
Signed-Off-By: Robert LeBlanc <robert@leblancnet.us>
kerneldirlen is used to modify absolute path returned by
kmod_module_get_path() while it is calculated on user-supplied
--kerneldir argument which can be a relative path.
Use kmod_get_dirname() to convert user-supplied path to the same format
as used by kmod_module_get_path().
This also allows to get rid of now useless strcmp checks that seem to
imply that /lib and /usr/lib are linked which is not always true.
Prior to this commit, the MTU setting was applied to a bond slave
interface. In older versions of the Linux kernel, this setting
propagated to the bond master and the other bond slaves associated with
the master. In recent versions of the kernel (observed in Linux 4.12),
increasing the MTU of a slave does not automatically increase the MTU of
the master. This allows for more flexibility but requires the MTU of
the master to be changed manually.
Ideally, the MTU setting should be applied to the bond master and the
setting will propagate to the bond slaves, since the slaves are required
to have a MTU that is greater than or equal to the bond master.
systemd sets /proc/sys/kernel/core_pattern to use systemd-coredump.
However, systemd-coredump is missing from initrd, making dumping
the core in initrd impossible by default.
Reference: bsc#1054809
Currently in Fedora/RedHat dracut installs its fedora.conf.example
as the default config file, in which sysloglvl is set 5. This leads
to maxloglvl=5 in dracut calls, making unnecessary lsinitrd calls
during initramfs builds by kdump.
This patch disables lsinitrd logging when --quiet option is given,
which is controlled by maxloglvl only before. This will speed up
dracut image building as the following if --quiet is used in kdump:
1) Before this patch
$ kdumpctl stop; touch /etc/kdump.conf; time kdumpctl start
kexec: unloaded kdump kernel
Stopping kdump: [OK]
Detected change(s) in the following file(s):
/etc/kdump.conf
Rebuilding /boot/initramfs-4.13.0-0.rc1.git4.1.fc27.x86_64kdump.img
kexec: loaded kdump kernel
Starting kdump: [OK]
real 0m26.824s
user 0m9.958s
sys 0m15.106s
2) After this patch
$ kdumpctl stop; touch /etc/kdump.conf; time kdumpctl start
kexec: unloaded kdump kernel
Stopping kdump: [OK]
Detected change(s) in the following file(s):
/etc/kdump.conf
Rebuilding /boot/initramfs-4.13.0-0.rc1.git4.1.fc27.x86_64kdump.img
kexec: loaded kdump kernel
Starting kdump: [OK]
real 0m20.420s
user 0m8.385s
sys 0m10.468s
Signed-off-by: Ziyue Yang <ziyang@redhat.com>
In case of "--no-hostonly-default-device", we do not need
the root device, thus add this check.
Also fixed the stale "root_dev" export.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Kdump doesn't need default host devices like root, swap, fstab, etc,
we only care about the dump target which can be added via "--mount"
or "--add-device". We met several issues that kdump kernel failed
due to one of those host devices added by dracut, additionally, the
needless devices(e.g. LVM) consume some appreciable amount of memory
which is more likely to cause OOM under memory-limited kdump.
So this patch introduced "--no-hostonly-default-device" to avoid
adding those default devices as host_devs.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
SSH uses passwd database and thus need various NSS plugin libraries,
depending upon setting in nsswitch.conf.
SSH binary fails within the dracut environment without the libraries:
#:/ ssh
No user exist for uid 0
In the module-build-service, we have pieces of dracut provided by different
modules ("base-runtime" provides most functionality, but we need
dracut-network in "installer". Since these two modules build with separate
dist-tags, we need to reduce this strict requirement to ignore the dist-tag.
The dracut network module is only supposed to be used for wired interfaces
but if driver modules for wireless devices are wrongly copied, these will
be loaded and the available interfaces brought up.
If the rd.neednet=1 command line parameter is used, dhclient will attempt
to request an IP address for the interfaces and these requests will fail.
But other dracut modules that depend on the network to be settled, will
have to wait for the DHCP requests to timeout. Which can be a lot of time
since the dhclient default timeout value is 60 seconds.
Instead of trying to blacklist all possible kernel modules for wireless
devices, only bring up network interfaces if these are for wired devices.
Suggested-by: Harald Hoyer <harald@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
If we trigger crash just after creating initramfs, sometimes it is
observed that initramfs is not written to disk causing the subsequent
boot to fail. A sync should resolve this.
Signed-off-by: Ankit Kumar <ankit@linux.vnet.ibm.com>
If we trigger crash just after creating initramfs, sometimes it is
observed that initramfs is not written to disk causing the subsequent
boot to fail. A sync should resolve this.
Signed-off-by: Ankit Kumar <ankit@linux.vnet.ibm.com>
We tell dhclient to name 121 option "classless-routes",
but in dhclient-script we parse classless_static_routes.
So either have to change the configuration or the script.
And since dhclient uses by default classless_static_routes,
let's change the configuration
hardcoding the wwid of the drives in the initramfs causes problems
when the drives are cloned to a system with the same hardware, but
different disk wwid's
https://bugzilla.redhat.com/show_bug.cgi?id=1457311
Support booting from USB media with NTFS filesystem (optionally),
which removes the FAT32 related 4 GB file size limit for LiveOS/
squashfs.img (and any other file on the same USB media).
On s390 BOOT_IMAGE only denotes the number of the boot record that
was selected in the bootloader and not the path to the kernel image.
Also only bail out, if the kernel hmac checking relies on that path.
blkid is not available when this function is called, so block_uuid.map is put into
the initrd, mapping block devices from /etc/crypttab to UUIDs.
This fixes a bug where udev rules were created by mistake as crypttab_contains()
returned false for devices specified by path in /etc/crypttab which resulted in
error messages during boot.
Signed-off-by: Julian Wolf <juwolf@suse.de>
Previously our dhclient-script expected that $new_classless_static_routes
will have all values separated by a whitespace. But at least on F25
dhclient will put there the destination descriptor in the same format
as it is used by ISC dhcp-server.
For example:
new_classless_static_routes=32.10.198.122.47 192.168.78.4
while our current code expects
new_classless_static_routes=32 10 198 122 47 192 168 78 4
So let's just accept both of these formats by adding "." to IFS.
For details plesse see https://tools.ietf.org/html/rfc3442
"Classless Route Option Format"
When NPIV is enabled and the allow_lun_scan parameter is set to 'Y'
the HBA will initiate a LUN scan automatically, so there is no need
to specify the WWPN and LUN number manually.
References: bsc#964456
Signed-off-by: Hannes Reinecke <hare@suse.com>
module_setup.sh has a typo preventing it from saving the correct
dracut commandline.
References: bnc#887582
Signed-off-by: Hannes Reinecke <hare@suse.de>
For creating dynamic udev rules parse-dasd.sh look for the device
type in sysfs, which of course does not exist if cio_ignore is
active. So first enable the device before checking.
Signed-off-by: Hannes Reinecke <hare@suse.de>
'for_each_host_dev_and_slaves' would stop at the first found
device, so the cmdline() call would never list all required
devices. Use 'for_each_host_dev_and_slaves_all' instead and
filter out duplicates.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Setting and unsetting the IFS variable is tricky. To be on the
safe side we should always reset the IFS variable to its original
value after parsing.
Signed-off-by: Hannes Reinecke <hare@suse.de>
For creating dynamic udev rules parse-dasd.sh look for the device
type in sysfs, which of course does not exist if cio_ignore is
active. So first enable the device before checking.
Signed-off-by: Hannes Reinecke <hare@suse.de>
'for_each_host_dev_and_slaves' would stop at the first found
device, so the cmdline() call would never list all required
devices. Use 'for_each_host_dev_and_slaves_all' instead and
filter out duplicates.
Signed-off-by: Hannes Reinecke <hare@suse.de>
When a DASD is found to be required for the rootfs we should
be printing out a 'rd.dasd' commandline parameter. This not
only enables us to correctly enable the device with cio_ignore,
we can also inspect the resulting initrd to figure out which
devices are required to mount the rootfs.
Signed-off-by: Hannes Reinecke <hare@suse.de>
There were some errors when rd.dasd parsing, resulting in the
device never to be activated. And we should check for
cio_ignore even if a udev rules has been found.
Signed-off-by: Hannes Reinecke <hare@suse.de>
When converting 'rd.zfcp' and 'rd.dasd' into udev rules we
need to make sure the enable those device ids via cio_ignore,
otherwise the rules might never be called.
Signed-off-by: Hannes Reinecke <hare@suse.de>
With the new s390x configuration tool the naming of the udev
rules files have changed. So add these to the existing ones
to be compatible with existing and new installations.
References: bnc#856585
Signed-off-by: Hannes Reinecke <hare@suse.de>
When converting 'rd.zfcp' and 'rd.dasd' into udev rules we
need to make sure the enable those device ids via cio_ignore,
otherwise the rules might never be called.
Signed-off-by: Hannes Reinecke <hare@suse.de>
This used to work only when specified via the command line
or if systemd was not being used. However, the exisistence of
20_force_driver.conf also requires dracut-pre-udev.service
to be run.
Reference: bsc#986216
removed copy&paste artifact "modify_routes add"
there is no modify_routes() function, and we simply want the output
of the parse function.
(cherry picked from commit 33710dfbfc)
If a hisi_sas storage device is used as / during system install, the
resulting installation will not boot because the hisi_sas driver is not
included in the initramfs.
The Hisilicon storage driver needs to be added to the initramfs image for
aarch64 kernels.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: dzickus@redhat.com
Cc: dmarlin@redhat.com
Cc: wefu@redhat.com
Cc: harald@redhat.com
From systemd-234, kernel-install plugins are called even if /etc/machine-id
is missing or empty, and in that case BOOT_DIR_ABS is a fake directory.
So, let's skip to create initrd in that case.
This patch uses wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}" for the
specified uuids.
On timeout only md devices are force started which are specified by
uuid, or all, if rd.auto was specified.
Fixes https://github.com/dracutdevs/dracut/issues/227
At least on x86 on Bay and Cherry Trail devices the pmw-lpss modules must
be in the initrd too, otherwise the i915 driver will still load, but
it will report the following error:
[drm:pwm_setup_backlight [i915]] *ERROR* Failed to own the pwm chip
And not register /sys/class/backlight/intel_backlight and users will
not be able to control their backlight.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
curl in Fedora recently changed its default CA trust store. The
Fedora package no longer specifies an OpenSSL-format bundle file
during build, and curl itself has been patched to use an NSS
plugin called libnssckbi.so when no bundle file or directory is
specified. There are (at present) two possible providers of the
libnssckbi.so module: the original NSS implementation, which
uses a trust bundle built in at build time, and a compatible
implementation from the p11-kit project, which reads a trust
bundle at run time. So if we find a string in libcurl.so that
suggests libnssckbi might be in use, we must both install it and
make an effort to install any trust bundle files it may use.
The p11-kit libnssckbi implementation does include a string that
lists the top-level trust directories it will use, so we try to
find that string, though the best effort I can come up with will
also find many false positives too. To weed out the false
positives, we check whether the matches actually exist as dirs,
and if so, whether they contain some specific subdirectories we
know p11-kit trust dirs must have (thanks, @kaie). For the NSS
libnssckbi implementation, we will likely wind up not finding any
dirs that match the requirements, so we will simply install the
libnssckbi.so file itself, which is the correct action.
This fixes TLS transactions in the initramfs environment when
using a curl that's built this new way; it's significant for
use of kickstarts and update images with the Fedora / RHEL
installer, as these are retrieved in the initramfs environment,
and are frequently retrieved via HTTPS.
The --ignoreactivationskip/-K switch was added to LVM2 in 2.02.99
(July 2013) and is used to control the activation of volumes with
the activation skip flag set: without -K these volumes will be
ignored when 'lvchange -ay $LV' is issued.
This prevents an LVM2 thin-privisioned snapshot from being used
as the root device when booting with rd.lvm.lv=vg/lv since the
activation skip flag is set for these snapshots by default (the
legacy non-thinp snapshots do not set this flag and can already
be activated and used as a root device by specifying appropriate
values for rd.lvm.lv).
This is only used in the rd.lvm.lv case since in that situation
we are activating one or more named LVs specified by the user:
the flag is not given when calling 'vgchange' since this may
cause many unwanted volumes to be activated during early user
space. Users wishing to use a specific snapshot volume should
specify it with 'rd.lvm.lv'.
The previous algorithm was incorrect and would return
incorrect results e.g. for a /20 mask. Also gets rid
of an undocumented depencency on bc(1).
Reference: bsc#1035743
This is intended for minimum host OSes where 36 MB used by binutils
are deemed too expensive. We only need "strip", which exists as eu-strip
in elfutils, which in turn is < 1 MB in size.
Note that the tests (TEST-04-FULL-SYSTEMD/test.sh) still depend on
strip from binutils. It could use sstrip in the future.
The newer mount utilities are more strict about directly shared
devices. For OverlayFS boots, which mount $BASE_LOOPDEV directly,
avoid a mount error by indirectly sharing the read-only base
filesystem through a second, over-attached $BASE_LOOPDEV for
the DM live-base target.
Install ifcfg-* files with team configuration in the initramfs.
Improve the slave configuration of the team interface, by looking up
ifcfg files in the initramfs.
Create a default loadbalance team config, if none present in the
initramfs.
forward port of
4c88c2859e
This adds the same list of drivers we use for arm platforms for
aarch64 too, also add the DMA drivers there too as they can add
sigficant performance for some storage/usb and often need to be
present when the storage drivers load.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Provide a more prominent alert to the user if an overlay is
missing or the overlay module is not available and a temporary
overlay will be provided. This, to avoid losing data intended to
persist.
Integrate the option to use an OverlayFS as the root filesystem
into the 90dmsquash-live module for testing purposes.
The rd.live.overlay.overlayfs option allows one to request an
OverlayFS overlay. If a persistent overlay is detected at the
standard LiveOS path, the overlay & type detected will be used.
Tested primarily with transient, in-RAM overlay boots on vfat-
formatted Live USB devices, with persistent overlay directories
on ext4-formatted Live USB devices, and with embedded, persistent
overlay directories on vfat-formatted devices. (Persistent overlay
directories on a vfat-formatted device must be in an embedded
filesystem that supports the creation of trusted.* extended
attributes, and must provide valid d_type in readdir responses.)
The rd.live.overlay.readonly option, which allows a persistent
overlayfs to be mounted read only through a higher level transient
overlay directory, has been implemented through the multiple lower
layers feature of OverlayFS.
The default transient DM overlay size has been adjusted up to 32 GiB.
This change supports comparison of transient Device-mapper vs.
transient OverlayFS overlay performance. A transient DM overlay
is a sparse file in memory, so this setting does not consume more
RAM for legacy applications. It does permit a user to use all of
the available root filesystem storage, and fails gently when it is
consumed, as the available free root filesystem storage on a typical
LiveOS build is only a few GiB. Thus, when booted on other-
than-small RAM systems, the transient DM overlay should not overflow.
OverlayFS offers the potential to use all of the available free RAM
or all of the available free disc storage (on non-vfat-devices)
in its overlay, even beyond the root filesystem available space,
because the OverlayFS root filesystem is a union of directories on
two different partitions.
This patch also cleans up some message spew at shutdown, shortens
the execution path in a couple of places, and uses persistent
DM targets where required.
Documentation is updated for these changes.
Commit cf376023e6 moved writing .resolv.conf and .override
after dhcp_do, because dhcp_do was overwriting .resolv.conf. But .override does not have
such problem and on the contrary dhcp_do reads .override file if it is present. So let\'s
move it back.
https://bugzilla.redhat.com/show_bug.cgi?id=1415004
There's a number of usb controllers that are common yet aren't
contained in the host directory. Include these for generic host.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The phy and power modules are needed by some of the recent ARM
devices that have appeared like CHIP and some exynos devices.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Specifying a different kernel module directory with --kmoddir would
result in the same directory being the destination directory.
Strip everything before the "/lib/modules" for the destination dir.
https://github.com/dracutdevs/dracut/issues/194
The default output filename for --uefi is
<EFI>/EFI/Linux/linux-$kernel$-<MACHINE_ID>-<BUILD_ID>.efi.
<EFI> might be /efi, /boot or /boot/efi depending on where the ESP partition
is mounted. The <BUILD_ID> is taken from BUILD_ID in /usr/lib/os-release or
if it exists /etc/os-release and is left out, if BUILD_ID is non-existant or
empty.
Also a new option --no-machineid was added, which affects the default output
filename of --uefi and will discard the <MACHINE_ID> part.
Some docs claimed that values in certain config files would be
overwritten, when they would actually be overridden.
Override: a file is not modified but its contents are superseded by
something else. (configurations set in
/etc/dracut.conf.d/*.conf override configurations set in
/etc/dracut.conf)
Overwrite: a file is modified or its contents replaced by an action
(use dracut --force to overwrite the existing initramfs)
For example under x86, someone maybe missunderstand that the vmlinuz
is the link /boot/vmlinuz points to a specific kernel image and use
the following command directly.
mkinitrd -k vmlinuz
Bug related to this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1360131
Now dracut only attempts to copy GlobalKnownHostsFile while generating kdump's
initramfs. This method will cause kdump's failure if users set customized
UserKnownHostsFile in /etc/ssh/ssh_config. This patch simply attempts to copy
those files too while going through /etc/ssh/ssh_config. Note that we need to
make sure ~/foo will be copied as /root/foo in kdump's initramfs.
Extend "rd.memdebug" to "4", and "make_trace_mem" to "4+:komem".
Add new "cleanup_trace_mem" to cleanup the trace if active.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
The current method for memory debug is to use "rd.memdebug=[0-3]",
it is not enough for debugging kernel modules. For example, when we
want to find out which kernel module consumes a large amount of memory,
"rd.memdebug=[0-3]" won't help too much.
A better way is needed to achieve this requirement, this is useful for
kdump OOM debugging.
The principle of this patch is to use kernel trace to track slab and
buddy allocation calls during kernel module loading(module_init), thus
we can analyze all the trace data and get the total memory consumption.
As for large slab allocation, it will probably fall into buddy allocation,
thus tracing "mm_page_alloc" alone should be enough for the purpose(this
saves quite some trace buffer memory, also large free is quite unlikey
during module loading, we neglect those memory free events).
The trace events include memory calls under "tracing/events/":
kmem/mm_page_alloc
We also inpect the following events to detect the module loading:
module/module_load
module/module_put
Since we use filters to trace events, the final trace data size won't
be too big. Users can adjust the trace buffer size via "trace_buf_size"
kernel boot command line as needed.
We can get the module name and task pid from "module_load" event which
also mark the beginning of the loading, and module_put called by the
same task pid implies the end of the loading. So the memory events
recorded in between by the same task pid are consumed by this module
during loading(i.e. modprobe or module_init()).
With these information, we can record the rough total memory(the larger,
the more precise the result will be) consumption involved by each kernel
module loading.
Thus we introduce this shell script to find out which kernel module
consumes a large amount of memory during loading. Use "rd.memdebug=4"
as the tigger.
After applying this patch and specifying "rd.memdebug=4", during booting
it will print out something extra like below:
0 pages consumed by "pata_acpi"
0 pages consumed by "ata_generic"
1 pages consumed by "drm"
0 pages consumed by "ttm"
0 pages consumed by "drm_kms_helper"
835 pages consumed by "qxl"
0 pages consumed by "mii"
6 pages consumed by "8139cp"
0 pages consumed by "virtio"
0 pages consumed by "virtio_ring"
9 pages consumed by "virtio_pci"
1 pages consumed by "8139too"
0 pages consumed by "serio_raw"
0 pages consumed by "crc32c_intel"
199 pages consumed by "virtio_console"
0 pages consumed by "libcrc32c"
9 pages consumed by "xfs"
From the print, we see clearly that "qxl" consumed the most memory.
This file will be installed as a separate executable named "tracekomem"
in the following patch.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Some crashkernel targets still use legacy NTLM auth, which
require those (bsc#869496). This patch enumerates all dependent
hash algorithems, because even though most of them are probably
compiled in, older ones (e.g. md4 and arc4) usually aren't.
Contrary to previous intel pinctrl drivers, the cherryview driver can be
and usually is built as a module. However, it sets up the SDIO pinout
so sdhci can make use of the SD card reader, which may subsequently
hold a root file system on a card (bsc#998440).
Also change <= N to < N+1. For example, dracut-029-1 > dracut-029, so would not
get obsoleted properly. This all applies to old versions, so doesn't make much
difference in practice, so just fix it to avoid c&p duplication of the bad
pattern in the future.
Preserve extended attributes when copying files using dracut-install.
The copying of extended attributes avoids file execution denials when
the Linux Integrity Measurement's Appraisal mode is active. In that mode
executables need their file signatures copied. In particular, this patch
solves the problem that dependent libaries are not included in the
initramfs since the copied programs could not be executed due to missing
signatures. The following audit record shows the type of failure that
is now prevented:
type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0
auid=4294967295 ses=4294967295
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
op="appraise_data" cause="IMA-signature-required"
comm="ld-linux-x86-64"
name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl"
dev="dm-0" ino=37136 res=0
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
bnx2x can take no longer than 3 seconds to initialize the link in some setups
which can cause fipvlan to fail and thus the fcoe interface(s) won't be
created.
Add another 10 seconds to give the link enough time to initialize.
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
Dracut changes working directory before attempting to output files under
$DRACUT_TMPDIR , resulting in an IO failure if $DRACUT_TMPDIR is a path
relative to the working directory when dracut was started.
Fixes: https://github.com/dracutdevs/dracut/issues/156
Signed-off-by: David Disseldorp <ddiss@suse.de>
This is a further improvement on PR #105 which re-adds support for nfs:// urls to root=live:nfs://... Symptoms prior to applying this patch are that sysroot.mount times out when following the nfs:// syntax for the path to the live image. An additional case is added to livenet-generator to support the nfs protocol.
ip=2620:0052:0000:2220:0226:b9ff:fe81:cde4::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
should be
ip=[2620:0052:0000:2220:0226:b9ff:fe81:cde4]::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
https://bugzilla.redhat.com/show_bug.cgi?id=1322592#c19
(cherry picked from commit b8e6c051c6)
use inst() instead of inst_simple()
/etc/pki/tls/certs/ca-bundle.crt is a symlink to
../../ca-trust/extracted/pem/tls-ca-bundle.pem
with inst() we install the original file also.
https://bugzilla.redhat.com/show_bug.cgi?id=1341280
(cherry picked from commit 1b23c6c65c)
add check_vol_slaves_all to be used in check_block_and_slaves_all
otherwise only the first lvm VG member would be processed
(cherry picked from commit 7a7b8c1740)
The phy and power modules are needed by some of the recent ARM
devices that have appeared like CHIP and some exynos devices.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
IPv6 addresses should be specified in brackets so that the
ip= scanning code doesn't get confused.
References: bnc#887542
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.com>
If emergency and shutdown-emergency hooks are called, the systemd should
poweroff the testsuite, therefore "rd.shell=0" is given on the test
suite kernel command lines.
"rd.shell=0" has to be parsed correctly by the test suite real root init
also.
Both 'utmp' and 'root' groups are mentioned in tmpfiles.d/systemd.conf
and as such should be included.
It's probably better to have something equiv to inst_rule_group_owner()
for udev rules which parses out users and groups and adds them to the
passwd/group db respectively.
Could also rely on sysusers but as the initramfs is static in this
sense, it's more efficient to pre-define the users IMO.
This will bundle clock drivers into the initramfs on arm
Tested on ti dm8148-t410 where adpll is needed on 4.6+ kernel
This will avoid to rely on (maybe broken) bootloader clocks.
Theses modules are also usually loaded early. Having them bundled into
the initramfs will avoid lot of deferred probes and others delay.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If journald.conf already contains Storage=persistent, journald will
write to /var/log/journal/, which ends up at /run/initramfs/log/journal/
after switching root. We want to make sure early boot logs are written
to /run/log/journal/ so they can be flushed to /var/log/journal/ after
switching root.
Users can pass the DNS information throught "nameserver=" cmdline,
there maybe duplicated inputs.
"/etc/resolv.conf" have some restrictions on the number of DNS items
effective, so make sure that this file contains no duplicated items.
We achieve this by simply making the file have no duplicated lines.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
I met a problem when passing kdump dns to dracut via "nameserver=x.x.x.x",
the dns I provided didn't appear in the "/etc/resolv.conf".
After some debugging, found that when setup dhcp DNS, in setup_interface()
and setup_interface6(), it has:
echo "search $search $domain" > /tmp/net.$netif.resolv.conf
So if "$search $domain" isn't NULL(this is ture in my kdump environment),
the dns contents(that is, dns1, dns2, nameserver) in "ifup" before dhcp
will be discarded.
This patch addresses it by handling dhcp first. In fact this is also the
way the NetworkManager in 1st kernel works.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Avoid keymap/font not found error when loadkeys/setfont
are compiled with the default data directory path.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
If a module is renamed or another module takes care of the old one,
all of the alias strings have to be checked against the current set of
loaded modules.
This is still incomplete, because to be absolutely correct, all the
/sys/*...*/modalias files would have to be checked, if they match the
modules alias strings.
- use local variables with _
- use associative array for the kernel modules
- install emergency hook even in the systemd case
- follow device path until /sys is reached
- set kernel version for modprobe checking
If the initramfs was built with prefix=/run/... /run can't be mounted
with noexec, otherwise no binary can be run.
Guard against it by looking where /bin/sh is really located.
Trigger the acpi subsystem. This will ensure hv_vmbus gets loaded before
plymouth is started, which will make the graphics device become
available before plymouth is started too (and the keyboard ! which might
also be important for plymouth in some setups).
https://bugzilla.redhat.com/show_bug.cgi?id=1218130
(cherry picked from commit d2846fdcce9b8de0edecdf0e06a4b86fc8de542c)
It is expected that a watchdog module will disable an active watchdog when
its probe is called ie, when it is loaded. So an early load of the module
will help to disable it earlier.
This can be helpful in some corner cases where kdump and watchdog daemon
both are active.
Testing:
-- When watchdog kernel modules were added
# dracut --no-hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img -f etc/cmdline.d/00-watchdog.conf
rd.driver.pre=iTCO_wdt,lpc_ich,
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
Recently following patches have been added in upstream Linux kernel, which
(1) fixes parent of watchdog_device so that
/sys/class/watchdog/watchdogn/device is populated. (2) adds some sysfs
device attributes so that different watchdog status can be read.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6551881c86c791237a3bebf11eb3bd70b60ea782http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=906d7a5cfeda508e7361f021605579a00cd82815http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33b711269ade3f6bc9d9d15e4343e6fa922d999b
With the above support, now we can find out whether a watchdog is active or
not. We can also find out the driver/module responsible for that watchdog
device.
Proposed patch uses above support and then adds module of active watchdog
in initramfs generated by dracut for hostonly mode. Kernel module for
inactive watchdog will be added as well for none hostonly mode.
When an user does not want to add kernel module, then one should exclude
complete dracut watchdog module with --omit.
Testing:
-- When watchdog is active watchdog modules were added
# cat /sys/class/watchdog/watchdog0/identity
iTCO_wdt
# cat /sys/class/watchdog/watchdog0/state
active
# dracut --hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-rw-r--r-- 1 root root 9100 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_vendor_support.ko
-rw-r--r-- 1 root root 19252 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_wdt.ko
-- When watchdog is inactive then watchdog modules were not added
# cat /sys/class/watchdog/watchdog0/state
inactive
# dracut --hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-- When watchdog is inactive, but no hostonly mode, watchdog modules were added
# cat /sys/class/watchdog/watchdog0/state
inactive
# dracut --no-hostonly initramfs-test.img -a watchdog
# lsinitrd initramfs-test.img | grep iTCO
-rw-r--r-- 1 root root 9100 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_vendor_support.ko
-rw-r--r-- 1 root root 19252 Feb 24 09:19 usr/lib/modules/.../kernel/drivers/watchdog/iTCO_wdt.ko
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
When systemd is present, let it manage watchdog feed.
Signed-off-by: Pratyush Anand <panand@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Harald Hoyer <harald@redhat.com>
How to reproduce:
host# ./dracut.sh -o 'dracut-systemd systemd systemd-initrd' --local -f ./initramfs.img
host# qemu-system-x86_64 -initrd ./initramfs.img \
-append 'root=/dev/sda1 rd.cmdline=ask rd.hostonly=0' \
...
Enter additional kernel command line parameter (end with ctrl-d or .)
> rd.break
> .
...
There is no "Break before switch_root"
...
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Handle module aliases correctly to not generate unbootable
initrds with different kernel versions when modules were renamed
or replaced.
Signed-off-by: Fabian Vogt <fvogt@suse.com>
* Multipath device names only start with the mpath-prefix if the option
use_userfriendly_names is set true in /etc/multipath.conf and if user
has not set any aliases in the said file. Thus the for-loop should go
through all files in /dev/mapper/, not just ones starting with 'mpath'
* Bash is perfectly capable to extend `/dev/mapper/*` notation without a
need to pass it to an external ls
* Changed the function to use a local variable $_dev instead of the
global $dev, which seemed to be the original intention as the local
_dev was defined but not used
crypt/parse-crypt.sh generate initqueue job which always call
dev_unit_name() with an argument beginning with "-". This results
in the following error:
dracut-initqueue[307]: + systemd-escape -p -cfb4aa43-2f02-4c6b-a313-60ea99288087
dracut-initqueue[307]: systemd-escape: invalid option -- 'c'
Add a systemd generator for root=nbd:.. so that systemd has a correct
sysroot.mount unit.
Use export names instead of port numbers, because port number based
exports are deprecated and were removed.
rename iface_has_link() to iface_has_carrier() to clarify usage
Only assign static "wildcard interface" settings, if the interface has a
carrier.
If the interface name was specified with a name, do not do carrier
checking for static configurations.
8b5ee88ff6 removed the check for SQUASHED,
assuming, that the if clause above was the only place, where SQUASHED is
set.
This patch reverts to the old logic, because SQUASHED can be set
earlier.
Add descriptions for the rd.live.overlay.readonly,
rd.live.overlay.size, rd.live.overlay.reset,
rd.live.squashimg, and rd.live.overlay=none options.
Mention the Invalid mark on exhausted overlays.
Clarify the rd.writable.fsimg option.
Repunctuate the rd.live.overlay.thin option description.
Persistent, uncompressed live installations can avoid overlays with a new rd.live.overlay=none flag.
Non-persistent rd.live.ram boots can also take advantage of persistent home.img filesystems.
Resolves issues where systemd attempts to boot a live URL as an NFS mount.
This patch uses systemd's generator arg[2] to generate an early sysroot.mount
that preempts systemd-fstab-generator.
See https://bugzilla.redhat.com/show_bug.cgi?id=1280103
When using rd.zfcp= parameter in generic.prm file, wrong format
parameters will prevent the zfcp driver to add the correct SCSI
disk. dracut should die when a wrong rd.zfcp= parameter supplied.
Signed-off-by: Zhiguo Deng <bjzgdeng@linux.vnet.ibm.com>
znetconf command is part of s390utils-base package. It depends on
awk and getopt.
This patch is used to fix the following error:
dracut:/#
znetconf -c
/usr/sbin/znetconf: line 70: awk: command not found
/usr/sbin/znetconf: line 1138: getopt: command not found
Signed-off-by: Mei Liu <liumbj@linux.vnet.ibm.com>
all_ifaces_up() is true, if all interfaces are up.
all_ifaces_setup() is true, if all interfaces are up and the gateways
and nameserver are setup.
(cherry picked from commit 63e75dc4cd)
By default, dracut only builds in dm-service-time into the initramfs as
that is the default multipath.conf path selector. If the user changes
the path selector to "round robin" on the fly and runs dracut, multipath
does not find any paths on boot and the user will be dropped into a
shell.
Apparently, in RHEL7 dracut defaults to "hostonly" mode, i.e. modules
not currently in use at the time dracut runs do not get built into
initramfs. This is definitely one case where this doesn't work. A change
to reconfigure multipath probably should not render the system
unbootable.
https://bugzilla.redhat.com/show_bug.cgi?id=1195392
(cherry picked from commit f11d7a81e2)
- check if modprobe was successful
- add a timeout for /sys/firmware/edd
- only remove the module, if it was loaded by the script
(cherry picked from commit 34203d03c0)
rd.net.dhcp.retry=<cnt>
If this option is set, dracut will try to connect via dhcp
<cnt> times before failing. Default is 1.
rd.net.timeout.dhcp=<arg>
If this option is set, dhclient is called with "-timeout <arg>".
rd.net.timeout.iflink=<seconds>
Wait <seconds> until link shows up. Default is 60 seconds.
rd.net.timeout.ifup=<seconds>
Wait <seconds> until link has state "UP". Default is 20 seconds.
rd.net.timeout.route=<seconds>
Wait <seconds> until route shows up. Default is 20 seconds.
rd.net.timeout.ipv6dad=<seconds>
Wait <seconds> until IPv6 DAD is finished. Default is 50 seconds.
rd.net.timeout.ipv6auto=<seconds>
Wait <seconds> until IPv6 automatic addresses are assigned.
Default is 40 seconds.
rd.net.timeout.carrier=<seconds>
Wait <seconds> until carrier is recognized. Default is 5 seconds.
(cherry picked from commit d8ad687e1a)
https://bugzilla.redhat.com/show_bug.cgi?id=742564
Once lvm2 starts using /run (bug 742554), it should be no longer
necessary to disable file-based locking in the vgchange call in
fedora-storage-init.
Removing '--sysinit' will make it safe to call LVM operations
concurrently from other units.
The --sysinit is a compound option consisting of:
-> --ignorelockingfailure - not needed anymore, the /run/lock/lvm is
available rw soon in boot process
-> --ignoremonitoring - not needed since /run is available, this would
require the dm-event.service to be run before
fedora-storage-init.service (and new lvm2-activation.service when
deployed). But that's a one line change - I'll have a look whether it
plays well with other services and if yes, I'll commit the change. N.B.:
This has a consequence that all volumes activated on vgchange -ay will
be monitored at the same time they're activated (which is a plus I
think). The lvm2-monitor will just grab all the other volumes not
activated at the time of the boot's vgchange -ay call. But that's not an
issue (for already monitored volumes, calling vgchange --monitor y will
just be a NOOP).
-> --poll n - not needed, we can run the polldaemon as the /run is
available and rw (in case there's unfinished merge or mirror sync from
previous system run, the poll-daemon will be triggered at boot now).
Actually, the polldaemon should be triggered as a service like dmeventd
is, not forked off from the LVM command itself, like from vgchange in
this case - we still need to change this - there's a bug open for this
request already (bug #814857). However, we don't have this feature ready
yet so I need to check whether this is OK with the early boot process
with the current state.
Transient snapshots can take advantage of smaller,
non-persistent metadata structures.
Make the --readonly option explicit rather than inferred
for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
With makepkg is it possible to build sources away from the PKGFILE. The
previous behavior was crash on build if this was setup. With this
patch we prevent this possibility.
Signed-off-by: Silvio Fricke <silvio.fricke@gmail.com>
`pkgver` and `pkgrel` now hard coded to 1. The PKGFILE will getting
changed on a `makepkg`-run.
To prevent some version crashes no commit with changes to `pkgver` and
`pkgrel` should be accepted.
Signed-off-by: Silvio Fricke <silvio.fricke@gmail.com>
On systemd, SIGPIPE is ignored by default; see man 5 systemd.exec for
IgnoreSIGPIPE=. As a result, lsinitrd.sh under a systemd service
outputs "cat: write error: Broken pipe" in the processing of
determining a compression format of a given initramfs file using cat
command in the write part of a pipeline processing.
For example, this is a log message of kdump.service in RHEL7.1,
-- Logs begin at Wed 2015-11-04 09:57:33 JST, end at Wed 2015-11-04 09:58:28 JST. --
Nov 04 09:57:33 localhost systemd[1]: Stopping Crash recovery kernel arming...
Nov 04 09:57:33 localhost kdumpctl[22545]: kexec: unloaded kdump kernel
Nov 04 09:57:33 localhost kdumpctl[22545]: Stopping kdump: [OK]
Nov 04 09:57:33 localhost systemd[1]: Starting Crash recovery kernel arming...
Nov 04 09:57:36 localhost kdumpctl[22553]: Detected change(s) in the following file(s):
Nov 04 09:57:36 localhost kdumpctl[22553]: /etc/kdump.conf
Nov 04 09:57:36 localhost kdumpctl[22553]: Rebuilding /boot/initramfs-3.10.0-229.el7.x86_64kdump.img
Nov 04 09:57:40 localhost dracut[24914]: Executing: /usr/sbin/dracut --hostonly --hostonly-cmdline -o "plymouth dash resume" -f /boot/initramfs-3.10.0-229.el7.x86_64kdump.img 3.10.0-229.el7.x86_64
...<cut>...
Nov 04 09:58:12 localhost dracut[24914]: *** Creating image file done ***
Nov 04 09:58:12 localhost dracut[24914]: Image: /boot/initramfs-3.10.0-229.el7.x86_64kdump.img: 18M
Nov 04 09:58:12 localhost kdumpctl[22553]: cat: write error: Broken pipe
Nov 04 09:58:12 localhost dracut[24914]: ========================================================================
Nov 04 09:58:12 localhost dracut[24914]: Version: dracut-033-240.el7
Nov 04 09:58:12 localhost dracut[24914]:
Nov 04 09:58:12 localhost dracut[24914]: Arguments: --hostonly --hostonly-cmdline -o 'plymouth dash resume' -f
Nov 04 09:58:13 localhost dracut[24914]:
Nov 04 09:58:13 localhost dracut[24914]: dracut modules:
Nov 04 09:58:13 localhost dracut[24914]: bash
kdump.service builds and loads an initramfs for kdump kernel using
kdumpctl command which uses dracut command and so lsinitrd command,
too.
Although there's no actual harm except for the error message, there
has been several inquiries from customers about this message so
far. We should suppress this message to reduce needless
communications.
To suppress the message, this commit cleans up the processing of
reading the first 6 bytes of a given initramfs file without cat
command.
Temporary snapshots can take advantage of smaller, non-persistent metadata structures.
Make the --readonly option explicit rather than inferred for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
Emacs has a whitelist of "safe" variables, using `setq` overrides
that and causes it to warn when opening any file by default.
Dropping the `setq` makes Emacs do the right thing.
Some hosting providers need a static route set in order to be
able to reach the default gateway. Be sure to retry adding
the default gateway after setting the static routes.
netbsd-iscsi is not available on RHEL
Beef up the testsuite to use the two targets over different
interfaces.
Test the new iSCSI parameters rd.iscsi.waitnet and rd.iscsi.testroute.
parse-cmdline sets up an initial initiator-name to let iscsid start.
iscsid is started before doing any iscsistart business.
iscsistart is done with systemd-run asynchrone to do things in
paralllel. Also restarted for every new interface which shows up.
If rd.iscsi.waitnet (default) is set, iscsistart is done only
after all interfaces are up.
If not all interfaces are up and rd.iscsi.testroute (default) is set,
the route to a iscsi target IP is checked and skipped, if there is none.
If all things fail, we issue a "dummy" interface iscsiroot to retry
everything in the initqueue/timeout.
This patch supports loading keys either on the _ima keyring or, as of
Linux 3.17, on the trusted .ima keyring. Only certificates signed by
a key on the system keyring can be loaded onto the trusted .ima keyring.
Changelog:
- Update 98integrity/README
Script enables errexit option (set -e). So if /boot is not a mount point
or is already mounted, then script dies after unsuccessful mount
command. Fix this by always returning successful result.
If the directory where the .img file is saved has no enough space, or in
other wrong conditions, dracut will get an incomplete file xxx.img. But
sometimes this .img file will be loaded when rebooting the system. And then
some bugs will happen because this .img file is wrong.
So I think dracut should remove the incomplete file because this .img file
with problems was made by dracut. And then the wrong file will not be loaded
anymore.
Signed-off-by: Chao Fan <cfan@redhat.com>
This is due to file cannot read out the kernel version on these.
Many thanks to Alexander Graf finding this in old SUSE mkinitrd code.
Converted by Thomas Renninger.
Signed-off-by: Thomas Renninger <trenn@suse.de>
https://bugzilla.suse.com/show_bug.cgi?id=908454
Signed-off-by: Thomas Renninger <trenn@suse.de>
Setting and unsetting the IFS variable is tricky. To be on the
safe side we should always reset the IFS variable to its original
value after parsing.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
For large machine, suppose there's a lot of multipath devices, multipath layer
will use a lot of memory. For kdump kernel memory is very limited thus it causes
oom. To avoid oom, we only add necessary multipath devices in kdump kernel
multipath.conf.
This is done by use mpathconf --allow, a new option which is like whitelist.
Signed-off-by: Dave Young <dyoung@redhat.com>
"ifup -m" was thought to be used by humans in the emergency shell.
Using it programatically shows some other flaw in the execution logic.
Also, "ifup -m" was configuring the interface multiple times on "add"
and "change" uevent, because the "$netif.did-setup" test was not
executed.
This reverts commit cfa365a32d.
The logic in commit cfa365a was added to prevent (odl) lvms from
activating snapshots which should not be activated.
Newer lvms however do this automatically (not enabling an LV if the
the 'k' attribute set), thus we can revert the previous commit.
openSUSE has things stored in different places, so fixup the
paths here.
Signed-off-by: Christian Rodrigues <crrodriguez@opensuse.org>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
The fcoe-uefi module should test for EFI firmware when called
in 'hostonly' mode; of no EFI firmware is found then the module
doesn't need to be included.
References: bnc#882412
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When systemd's crypttab generator parsed crypttab, it tells
systemd about several devices which may not appear until later
in the boot sequence, and which are not needed while dract is running.
This can particularly happen when an md array is encrypted,
and the array is newly degraded so that it doesn't appear until
dracut runs mdraid_start.sh.
This can result in systemd printing warning messages which are
inappropriate.
So tell systemd that the timeout for each of these is zero.
This is involves splitting some functionality out of wait_for_dev()
That function does two things:
- creates 'finished' hooks so that dracut will wait for the device,
and
- sets the systemd timeout for the device to zero, so systemd doesn't
wait.
We only want the second of these for most encrypted devices.
So split that out into a new function set_systemd_timeout_for_dev(),
and call it from parse-crypt.sh
Signed-off-by: NeilBrown <neilb@suse.de>
--
This version fixes the missing redirect from /etc/crypttab
NeilBrown
dracut: Make host only mode more resilient to missing swaps.
This patch set allows swap devices to disappear without cocking up a
host-only initramfs boot.
There is a bug that kdump-initrd contains entry requesting nfs dump
filesystem to get filesystemchecked. And there is an erro message said
that nfs need be checked. But there's no fsck for nfs utility, e.g
fsck.nfs like other file system. Whatever fs_passno 0 or 2 are passed,
no fsck is executed at all for nfs mount.But in dracut, set it to be 2
always, so the erro message appear and it should be set to 0.
In the fstab,the sixth variable fs_passno stands for that the device need
checked or not,and dracut set it to "2".To fix this issue, it should
be "0" when the device is nfs.The third variable stands for the type of
the filesystem and we can use it to judge whether the device is nfs.
So when the third variable of fstab contains "nfs", the sixth variable
fs_passno should be set to "0".
Signed-off-by: Chao Fan <cfan@redhat.com>
Although various bits are in place to cancel waiting for the /dev/resume
device (actually a symlink), we don't actually ever wait for it.
Also as the udev rule may create the symlink, silence any errors from
our manual ln -s call from the settled job.
The only reason we add swap devices to host-only mode (added in
dd5875499e) is to allow us to process
resume= arguments passed on the kernel command line when the swap
partition lives on something slightly more complex than a normal
partion (e.g. in an LVM or RAID setup).
By adding the device to host_devs, the necessary LVM and RAID hooks
are added and thus the underlying storage will be initialised OK, and
the 95resume module handles the waiting for the device (via udev rules
creating the /dev/resume symlink).
So ultimately, we do not need to hard-code the waiting for the swap
devices into the initramfs at build time as the waiting part can be
dynamic.
This makes things more resiliant to swap partitions disappearing and
being reformatted etc.
Inspired by a patch by Martin Whitaker on Mageia bug:
https://bugs.mageia.org/show_bug.cgi?id=12305
If crypt-lib.sh is sourced from any #!/bin/sh script, a POSIX shell
quirk is in effect that causes variable assignments to "special
builtins" (such as "shift") to leak to their context. So the buggy
code works even despite the missing semicolons.
But if it is sourced by "bash acting under its own name", i.e. from
any #!/bin/bash script, the quirk is disabled, tty_cmd/tty_prompt are
undefined, and ask_for_password doesn't do anything if plymouth is not
present.
AMD's HSA Linux kernel driver (amdkfd) has been merged into the mainline
kernel since kernel 3.19.
However, for the driver to work, it needs to be included in the default
initramfs image, together with the amd_iommu_v2 driver.
The radeon driver (AMD's kernel graphic driver) calls amdkfd during its
initialization and probing stages. Because radeon is included in the
initramfs image, it tries to initialize amdkfd during the early boot
stages. However, as amdkfd is not present there, it fails.
That doesn't harm radeon operation. However, it disables the HSA
abilities in the machine.
Because of the current design, if you later try to "modprobe amdkfd",
you won't be able to run HSA applications, even though the driver will
be loaded.
https://bugzilla.redhat.com/show_bug.cgi?id=1205222
When 'systemctl daemon-reload' is run, systemd will clean out
/run/systemd/generator and re-run all the generators.
So it is important that the generators always create the required
files.
rootfs-generator.sh currently does *not* create the desired files
if $hookdir/initqueue/finished/devexists-${_name}.sh
exists.
This is not removed by "systectl daemon-reload" so the first time this
generator is run it will do the right thing. Subsequent times it
won't.
This results in incorrect timeouts after "daemon-reload" is run.
So let the existence of each file only guard the creation that file.
Signed-off-by: NeilBrown <neilb@suse.de>
A number of timeout scripts can be registered. If any one of them
makes progress - e.g. assembles a degraded md array - then
the main loop should wait a bit longer rather than pressing forward.
This is particularly important is resume-from-hibernate requires a
degraded md array. Both the script to forcibly assemble the md array
and the script to abort hibernation if the device doesn't appear
are 'timeout' scripts. There needs to be a reasonable delay between
these running.
So: if any script has indicated that progress was made, break of out
the loop and go back to normal waiting.
Signed-off-by: NeilBrown <neilb@suse.de>
mdraid_start is a number of scripts which run after a timeout.
If it makes progress, it should tell the main loop so that it
knows that it is worth waiting a bit longer.
So in that case, create the initqueue/work file which the main loop
checks for.
Signed-off-by: NeilBrown <neilb@suse.de>
When current dracut receives an ip with netmask of 255.255.255.255 via DHCP,
setting the also supplied default gateway fails (because it is obviously not
within the netmask).
The setup with a netmask of /32 is quite common in colocation datacenters
where you don't want the machines of two different customers to directly talk
to each other. At least two of the biggest colocation providers in Germany
(1&1 and Strato) do it that way. NetworkManager supports this kind of setup
and the dhclient-scripts of several distributions too.
In this patch I have implemented a simple approach very similar to what is
found in Debian. The dhclient-script from Fedora uses a more sophisticated
approach, but that relies on the ipcalc utility which would introduce a
dependency on Fedora-initscripts for dracut.
Signed-off-by: Gerd von Egidy <gerd.von.egidy@intra2net.com>
When the 'loop' kernel module isn't loaded in a running system, it gets
excluded from the hostonly initrd. Given that the crypt-loop dracut
module has to be loaded explicitly anyway, it makes sense to always
include the requisite loop kernel module.
When booting with 'rd.info', the 'info' statements in the crypt-loop
module's 'loop_decrypt' function are output to stdout along with the key
that gets piped into the 'cryptsetup' command, which causes the crypt
device unlocking to fail.
There are two possible simple solutions to this problem:
1. Redirect the info messages to stderr (just add '>&2' at the end of
the info statements).
or
2. Remove the info statements altogether.
I have tested both and they both work, but this commit implements #2.
The existing info messages are long (they overflow 80 characters
easily) and redundant (the password prompt clearly indicates what is
happening), and just generally not useful. Given that no one has
reported or fixed this bug in the three years that this module has
existed, no one will miss these info messages.
The commit also changes an error message in the same function to be more
descriptive.
With an EFI stub, the kernel, the initramfs and a kernel cmdline can be
glued together to a single UEFI executable, which can be booted by a
UEFI BIOS.
Basic systemd functionality is in 00systemd now.
Switching root and the initrd.target is in 00systemd-initrd.
Dracut additions to the systemd initrd are in 98dracut-systemd.
Previously rd.live.fsimg only supported filesystems residing in
(compressed) archives.
Now rd.live.fsimg can also be used when a squashfs image is used.
This is achieved by extracting the rootfs image from the squashfs and
then continue with the default routines for rd.live.fsimg.
In addition some code duplication got removed and some documentation
got added.
Signed-off-by: Fabian Deutsch <fabiand@fedoraproject.org>
This option changes the underlying mechanism for the overlay in the
dmsquash module.
Instead of a plain dm snapshot a dm thin snapshot is used. The advantage
of the thin snapshot is, that the TRIM command is recognized, which
means that at runtime, only the occupied blocks will be claimed from
memory, and freed blocks will really be freed in ram.
Signed-off-by: Fabian Deutsch <fabiand@fedoraproject.org>
Dracut will generate systemd units for additional devices that should be
brought up during boot, e.g. swap devices. These unit files are broken
symlinks with \ in the filename, e.g.
/etc/systemd/system/initrd.target.wants/dev-disk-by\x2duuid-e6a54f99\x2da4fd\x2d4931\x2da956\x2d1c642bcfee5e.device.
Both the backslash and the broken symlink causes problems for shell
scripts, [ -e "$file" ] isn't enough and read requires the additional -r
argument to not react on the \.
The function 99shutdown/shutdown.sh:_check_shutdown() assumes that
shutdown scripts report success or failure via their return value.
However, "dmsetup remove_all" always reports success, even if some
of the device mappings could not be removed.
I submitted a patch for dmsetup but the lvm2 folks rejected it,
asserting that its behaviour is correct, that "remove_all" should
only be used by developers and that the proper solution would be
to invoke "dmsetup remove" on each device. This does report success
or failure via the return value.
Apart from fixing that issue, this commit also adds the dmsetup
option "--noudevsync". Without it, dmsetup would hang after removal
of a device while trying to communicate with systemd-udevd, which
is no longer running at this shutdown stage.
[harald: replaces backticks with $() ]
The sdhci-pci module is currently not being included in the initramfs,
even though other sdhci modules are. This breaks boot on systems that
rely on this driver to access the root filesystem.
Instead of looking for modules that use sdhci_pltfm_init, look for
sdhci_add_host. I checked 3.18 kernel sources, and this change
does not remove any of the previously-matched SDHCI drivers.
It should result in the addition of sdhci-pci, sdhci-s3c, sdhci-spear
and sdhci-acpi.
For targets with colons in the iSCSI target name:
"iqn.2000-09.com.foo:storage-system.e2000:00000001cm1p1"
the parser was confused with the optional iscsi_iface_name and
iscsi_netdev_name.
This patch reintroduces the old IQN, EUI and NAA parsing and enhances
the fallback parser by checking the LUN for a numerical value.
As reported in https://bugs.mageia.org/show_bug.cgi?id=14799
the xhci module got splitted up in upstream linux merged during
3.18 release cycle:
>From 29e409f0f7613f9fd2235e41f0fa33e48e94544e Mon Sep 17 00:00:00 2001
From: Andrew Bresticker <abrestic@chromium.org>
Date: Fri, 3 Oct 2014 11:35:29 +0300
Subject: xhci: Allow xHCI drivers to be built as separate modules
so we need to adjust 90kernel-modules accordingly.
Signed-off-by: Thomas Backlund <tmb@mageia.org>
The space does not separate the elements reliably, spaces can be
embedded in parenthesized expressions too:
libgmpxx.so.4 (libc6, hwcap: 0x0000000004000000) => /lib/sse2/libgmpxx.so.4
libgmp.so.10 (libc6, hwcap: 0x0000000004000000) => /lib/sse2/libgmp.so.10
This results in dracut creating '0x0000000004000000' and '=>'
directories in the initramfs image.
When reading the --include part of the script, we had the following
issues to make the code easy to read:
- src & tgt were extract for the original options
- i variable was a file or a directory from src
- s variable was the directory name in case $i was a directory
"s" sounds very close to "src" while "s" is on the "tgt" side. Very
confusing.
"s" was defined before the "if it's a directory" statement while it's
only used inside the "if".
"i" was commit from the "src" but wasn't really explicit.
Having some lines mixing "i" and "s" takes a little time to get read
properly.
This patch offer the following changes:
- "i" is renamed to "objectname" as we don't know if its a file or a
directory
- "s" is renamed to "object_destdir" as the object name becomes a
directory on the destdir
- "object_destdir" (former "s") is moved inside the "if" statement as it's
only used here
- tgt is finally renamed to "target" to be more explicit. We are not all
native english ;o)
My 2 (semantic) cents,
When including a directory, the files were considered in the directory
name which lead to messages like :
cp: failed to access '/var/tmp/initramfs.L9s2zO///init-func': No such file or directory
This patch does make the destdir more explicit and copy files into the
destination directory instead of destdir/filename/
rootfs is on nbd
In not hostonly mode, require_binaries will still complain.
If in hostonly mode and the module is explicitly added via -a nbd, then
install() section will still complain later:
dracut-install: ERROR: installing 'nbd-client'
Signed-off-by: Thomas Renninger <trenn@suse.de>
95rootfs-block would not terminate the commandline parameter with
a space or newline, instead it'll rely on the main routine from
dracut.sh to do this.
Which will cause unexpected problems for any modules called
after this.
So terminate the commandline parameters correctly here and remove
the newline from dracut.sh.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
This aligns other places piping cmdline() output to cmdline.d files
with the earlier fix for 95rootfs-block.
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
If there's a root fallback, at least attempt to have it falling
back to the last root filesystem this system ran off of.
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
cmdline_journal does not contain linefeeds anymore, so read
silently skipped it altogether.
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
nvidia driver needs this via modprobe script.
Needs to do change the group after a device node got created.
Add chown instead of chgrp which can also change the owner of a file.
Ask Stefand Dirsch <sndirsch@suse.de> for details.
Signed-off-by: Thomas Renninger <trenn@suse.de>
The module_setup.sh script was missing an '_arch' declaration,
causing network not to be installed on s390.
Signed-off-by: Thomas Renninger <trenn@suse.de>
SUSE is using specific settings for dracut, so add them
to the suse.conf.example file.
Add vi and find to the debug module add some help text to the suse.conf
file when and how to use it.
Signed-off-by: Thomas Renninger <trenn@suse.de>
lldpad is a system-wide process, which must be started only once.
So we should be separate it from fcoe-up, as it might be called
several times.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
DCB & fipvlan can only be called on real devices, not VLAN
ones. So skip any VLAN devices which might been added to the
list of network interfaces.
References: bnc#878583
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When running with --hostonly-cmdline we should be storing
the current configuration in /etc/cmdline.d so that dracut
will be configure the system automatically.
References: bnc#877288
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
The 'create' sysfs entry has been removed for newer fcoe modules,
so just check if the module directory exists.
References: bnc#877288
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
--add-drivers and --filesystems kernel drivers are added via:
instmods -c
The check option makes the function return if one driver could not get
installed without trying to install further drivers which is bad.
The user is still informed ($_silent is by default no), but all modules
passed to instmods are tried to be loaded, even if one fails.
Signed-off-by: Thomas Renninger <trenn@suse.de>
Due to some obsure reason the IFS parameter is not set correctly
when evaluating get_ibft_mod(). So change the parsing to not rely
on IFS altogether.
References: bnc#886199
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
cmdline
If the rootfs is an nfs mount, also know as nfsroot, add the correct
parameter to the dracut cmdline.
Signed-off-by: Thomas Renninger <trenn@suse.de>
Dracut parses /etc/fstab when --mount is option is passed (e.g. kdump).
In host_devs variable the real block device must be stored, not UUID=
There are other /etc/fstab syntax possibilities we now warn that they
are not correctly parsed. This will be fixed by another patch
when there is time to test this properly.
Signed-off-by: Thomas Renninger <trenn@suse.de>
If a logfile is passed to dracut via --logfile option and doesn't
exist, dracut doesn't create it and logs nothing. Instead, dracut
should try to touch the file and print a warning if creating fails.
References: bnc#892191
Signed-off-by: Thomas Renninger <trenn@suse.de>
In case of systemd is used the timeout already is set to 180s, compare
with file: modules.d/98systemd/dracut-initqueue.sh
Do the same if systemd is not used, e.g. in kdump case.
Signed-off-by: Thomas Renninger <trenn@suse.de>
Some modules (like ext4) provide aliases by which the modules
can be accessed, too. But when using aliases directly dracut
fails to include the correct module. So translate the alias
into the correct module name before checking the module.
References: bnc#886839
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When 'initqueue' is called with an invalid command it'll generate
invalid job scripts. This will lead to confusing error messages
later on.
So abort in these cases and print out a warning.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
If kernel cmdline has no root= provided, *and* the initrd carries
a default value, create a systemd mount unit to have it available
in /sysroot
References: bnc#855258
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
Add more corner cases from systemd's
unit_name_from_path_instance() C function.
Signed-off-by: Thorsten Behrens <tbehrens@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When generating the initramfs we should be printing out the
generated dracut commandline used for booting.
This will simplify debugging.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
If a device-mapper device is not created by LVM it's pointless
to call any 'lvm' programs got extract details; they'll be
failing anyway. So check the UUID before calling 'lvm'.
This speeds up initrd creation and avoids I/O errors on
multipath devices.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When generating units for devices the administrator might
want to use a different timeout than the default.
So implement a new parameter 'rd.timeout' for this.
References: bnc#878770
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
Make sure duplicates of iscsi.initiator vanish.
Only get one rd.iscsi.* paramter value. If getargs is used and several
parameters are parsed, one gets two values separated by whitespace in a
variable which breaks later code and is not suppported.
Signed-off-by: Thomas Renninger <trenn@suse.de>
When installing on an software iscsi root we need to generate
the correct commandline, otherwise the system cannot boot.
References: bnc#880108
Patch: 0093
When using software iscsi we should be using the existing
configuration from the system for the time being.
References: bnc#884768
Patch: 0095
Avoid bad ip route call on empty address
Patch: 0143
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
This fixes up some 95iscsi/module-setup.sh which might print out empty
commandline files.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
bnx2i is using a separate iSCSI offload engine with a separate
MAC address. As a result, the iBFT information is displaying
a MAC address which does not relate to any MAC address from
the network interfaces.
In addition, the iSCSI offload engine works independently on
the NIC, so we do not need to enable the NIC for iSCSI offload
to work.
This patch modifies the automatic iBFT detection to not set
the 'ip=ibft' flag when bnx2i offload is detected.
References: bnc#855747
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
The bad initqueue parameter passing is already addressed by git commit:
commit bb8c16d121
and
commit 486a8f33e2
However this appraoch is slightly different:
"$netroot" instead of "'$netroot'", etc.
initqueue will process the arguments, assuming the first non-option
argument to be the program to be executed. Putting the entire
commandline into this argument confuses both, initqueue and the
program in question.
References: bnc#879038
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
When iSCSI firmware booting is selected we should not rely on
'netroot' or 'iscsiroot' variables to be set.
References: bnc#873448
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
iscsiuio is using pthread, which requires libgcc_s for
pthread_cancel to work.
Without this library iscsiuio will crash with SIGABRT.
References: bnc#881692
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
Some iSCSI initiator present firmware information in
/sys/firmware/ibft or /sys/firmware/iscsi_bootX
Whenever we detect one of those directories we should assume
that the iSCSI devices should be activated.
Also incorporates SUSE patches:
0049:
95iscsi: Use 'ip=ibft' for ibft autoconfiguration
For iBFT autoconfiguration we should be setting 'ip=ibft'
instead of rd.neednet. This should instruct dracut to only
enable the iBFT interfaces and leave the rest alone.
References: bnc#879038
0054:
95iscsi: update commandline printing
dracut has a separate callout 'cmdline' which should be used
for printing out the generated commandline.
Signed-off-by: Pavel Wieczorkiewicz <pwieczorkiewicz@suse.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
The multipath and kpartx rules have different numbers in SUSE.
The 11-dm-mpath.rules file had been missing, causing
blacklisting to not work properly.
References: bnc#873151, bnc#872662, bnc#883149
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
sg3_utils now provides two rules 55-scsi-sg3_id.rules and
58-scsi-sg3_symlink.rules, which need to be included instead
of the older 59-scsi-sg3_utils.rules.
References: bnc#873151
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
This sed script to edit 64-md-raid-assemble.rules needs to
be adjusted for latest mdadm
References: bnc#866660
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
During boot systemd tries to load autofs4, but dracut will only
add it if it's loaded by the time dracut is run.
Modify dracut to always load autofs4.
References: bnc#869411
Signed-off-by: Thomas Renninger <trenn@suse.de>
Incorporates these patches:
- 0013 mkinitrd-suse: do not update bootloader if no kernel was found
bnc#858268
- 0018 mkinitrd-suse: Fix whitespaces when adding drivers
- 0032 mkinitrd-suse.sh: Use '--hostonly' and '--hostonly-cmdline' correctly
bnc#874000,bnc#874905,bnc#874363
- 0039 Remove --force parameter from mkinitrd
- 0041 mkinitd-suse: remove --hostonly and --hostonly-cmdline
Should be set via configuration files, not in the script itself.
- 0051 mkinitrd-suse: add 'update bootloader' message
- 0120 mkinitrd-suse.sh: Bail out with exit 1 if initrd cannot be generated
bnc#886630
Signed-off-by: Thomas Renninger <trenn@suse.de>
This mimicks the similar move of os-release which was done in systemd. These
files are not configuration, but part of the OS.
Still symlinks are in place for compatibility, but those should probably be
dropped eventually.
In the judgment sentence, it will print the following warning message,
becasuse of lacking the blank on the left of ']'.
/lib/net-lib.sh: line 110: [: missing `]'
Signed-off-by: Minfei Huang <mhuang@redhat.com>
some programs e.g. systemd-journald expect a directory in /var/log as
the marker to do some actions. Here journald tries to flush
/run/log/journal to /var/log/journal, if the directory is seen.
/var/log is now a symlink to /run/initramfs/log.
If the user pressed ESC while checkisomd5 runs the media check, it will
exit with "2". Previously that would mean, that the media check was not
successful.
The multipathd package might install a service and a socket
file. Using the original service file from the installed
system without the socket file triggers a bug in systemd,
causing systemd to crash.
As we don't actually need to socket file in the initrd we
should be installing our own service file which does not
reference the socket file at all.
References: bnc#871610
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
The device handler modules need to be loaded early during boot
to avoid I/O errors being printed to the system log.
References: bnc#871617
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
multipathd is using pthreads, which require libgcc_s for
pthread_cancel to work. Without it multipathd might crash
with SIGABRT.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Thomas Renninger <trenn@suse.de>
udevd will these days default to 'info' logging and thus will
often print out the 'starting version nnn' message (which is
logged at level 'info'), thus spamming the console, even on
'quiet' boots.
We generally expect a udev log level of err (the old default
from pre-October 2013) so we should set that explicilty before
launching udevd in order to suppress the spurious 'info' message.
As we are using the environment variable approach anyway, we
may as well use this method rather than setting the log level
later via udevadm control commands when rd.udev.info/debug are
given on the kernel command line.
The enviroment variable has been around since udev 6b493a20e1
around 2005 so should be safe to use in all cases without version
checks.
It is not available to valid the customize dhcp config
/etc/dhclient.conf in the initram environment.
Dracut uses the default follow config to construct the initramfs.
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
root-path, interface-mtu;
Copy the customize config to make the config availably in the
initram environment.
Signed-off-by: Minfei Huang <mhuang@redhat.com>
The usb_storage, nvme and sdhci_acpi modules are discovered with the
block_module_filter so there's no need to explicitly list them here.
Signed-off-by: <pbrobinson@gmail.com>
The synthetic keyboard of a Gen2 Linux VM doesn't work before the
hyperv_keyboard module is loaded. Without it, we can't cancel the media check
phase if boot with rd.live.check option.
Gen1 Linux VM doesn't have the same issue because the host emulates the legacy
i8042 keyboard for Gen1 VM.
Signed-off-by: Vaughan Cao <vaughan.cao@oracle.com>
Up until now, _check_shutdown() returns true if at least one of
the shutdown hooks succeeded. Change this to only return true if
*all* succeeded. To prevent an infinite loop, introduce an upper
bound of 40 iterations.
When you define the gateway for an interface, dracut sets it up with:
ip route add default via $gw dev $netif
If a default route is already set (e.g. if you have multiple NICs), this
will fail with the message "RTNETLINK answers: File exists".
So, if your first NIC isn't usable as a default route
Using "ip route replace default" instead allows ifup/dhclient-script to
correctly change the default route to the new interface.
loginstall specifies a directory, in which dracut-install records all
files, which were installed from the host system to the initramfs.
Use case is e.g. to create a list of packages to watch for updates, to
maybe trigger a recreation of the initramfs.
Which will not only add listed drivers, but also enforce that they are
tried to be loaded at early boot time.
This is needed if drivers which are not autoloaded (e.g. loop and a lot
others) shall get loaded via initramfs.
Otherwise dracut-logger.sh outputs an empty version on journal testing.
Aug 20 10:15:49 lenovo dracut[11144]: dracut-
Aug 20 10:15:49 lenovo dracut[11148]: Executing: /sbin/dracut
This patch adds bittorrent support to 45url-lib for those that might want
to retrieve the same live image for multiple systems at once without
saturating the network.
This patch requires ctorrent to be installed into initramfs.
Torrent kernel command line format:
root=live:torrent://example.com/liveboot.img.torrent
Start a tracker:
bttrack --bind <tracker_ip> --port 6969 --dfile dstate --reannounce_interval 60
Create the torrent:
ctorrent -t live_image -u http://<tracker_ip>:6969/announce -s live_image.torrent
Seed the initial torrent:
ctorrent live_image.torrent
Boot the live image.
A user can provide a filesystem image (rootfs.img) inside a compressed
tarball and that filesystem image will be mounted read/write. This provides
some benefits over a device mapper snapshot overlay, especially when the
live system becomes full. The boot command line simple needs
"rd.writable.fsimg" added to utilize this feature.
Additional documentation for this option as well as other live boot
options is included.
Signed-off-by: Major Hayden <major@mhtx.net>
With the same source of files, it should be possible to generate the
same image file with every dracut run.
To accomplish this, we modify the timestamps of the files we generate at
runtime, call gzip with "-n" and cpio with "--reproducible".
The cpio --reproducible option is not yet upstream though, so if you
feel like it should be then please nag at the cpio mailing list.
http://lists.gnu.org/archive/html/bug-cpio/2014-08/msg00000.html
In case of raw disk/partition, ex. /dev/vda1, which doesn't contain any
filesystem on it. get_persistent_dev() would return empty. Now fix it to
return its original name, /dev/vda1 in above case. So that we don't have
to check its return string every time.
Signed-off-by: WANG Chao <chaowang@redhat.com>
DRACUT_PATH can now be used to specify the PATH used by dracut
to search for binaries instead of the default
/usr/sbin:/sbin:/usr/bin:/bin
This should be set in the distribution config file
/usr/lib/dracut/dracut.conf.d/01-dist.conf
because some inst*() functions check the existance of the source files
and do not know about the "-H" option, some failed to install the
hostonly files.
When installing OS to a VLAN enabled iscsi LUN (extracted from iBFT), "/tmp/net.{xyz}.has_ibft_config" is not being set properly.
Then anaconda installer requires 'BOOTPROTO="ibft"' populated in ifcfg of the vlan interface (ex: ibft0.20), for it to properly populate the kernel parameters post installation. The setting 'BOOTPROTO="ibft"' is populated by write-ifcfg.sh script only if the corresponding interface has a file /tmp/net.{xyz}.has_inft_config
To get around this issue, in ibft_to_cmdline() function in net-lib.sh file, I made the following changes to populate the has_ibft_config file for the vlan interface(ex: ibft0.20):
inst* functions and dracut-install now accept the "-H" flag, which
logs all installed files to /lib/dracut/hostonly-files. This is used
to remove those files, if rd.hostonly is given on the kernel command line.
This patch adds option "-m|--mod" to lsinitrd to list dracut
modules in the image because sometimes having an option to
only list the dracut modules in the image could be handy.
Sample output:
--------------
[hbathini@localhost dracut]$ sudo ./lsinitrd.sh initramfs-3.11.10-100.fc18.x86_64.img -m
Image: initramfs-3.11.10-100.fc18.x86_64.img: 33M
========================================================================
Version: dracut-029-1.fc18.2
dracut modules:
i18n
network
ifcfg
drm
plymouth
btrfs
crypt
dm
dmraid
kernel-modules
lvm
mdraid
cifs
iscsi
nfs
resume
rootfs-block
terminfo
udev-rules
biosdevname
systemd
usrmount
base
fs-lib
shutdown
========================================================================
Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
lsinitrd (and hence dracut) currently fail to list the contents of any
LZO-compressed image, and merely spit out misleading xzcat errors.
I guess no-one actually uses them.
rd.iscsi.ibft[=1] should be used instead.
Thing is, 'ip=ibft' is not really an ip setting, but rather a marker
that iBFT should be evaluated.
Also removed the trigger of the warning:
"Warning: Please supply bootdev argument for multiple ip= lines"
When a bonded interface is brought up, any slaves included in the bond
have their hardware address set to that of the bond master. Although
this allows an interface to be brought up on start up, when the
configuration file is imported into the booted system it prevents
the bonded interface being successfully restarted.
The fix involves obtaining the hardware address of the slaves before
they are added to the bond and then using this value in the
configuration file.
Currently the block driver detection for generic initrd doesn't include
the SD/MMC drivers so we fail to boot generic images on any device using
those platforms as boot devices when using a generic initrd. Add logic
to detect those modules. This primarily fixes embedded ARM devices but
also likely intel tablets/dev boards and enterprise hypervisors that
have the ability to boot from SD.
Also the ahci_init_controller misses a number of drivers that use the
libahci_platform module for the init so this fixes some missing achi
moduless too.
Finally it cleans up the ARM storage module hacks that the above now
deals with in a more generic manner.
Signed-off-by: <pbrobinson@gmail.com>
The info message written by require_binaries() was a bit frighten to
users. So just be a little bit more verbose.
If you have ideas on how to improve the message for these "soft"
dependency modules, please submit patches.
It turns out that commit f30b74e (dracut-initqueue service runs before
remote-fs-pre.target) is partial fix for remote fs mounts. Because no
one pulls in remote-fs.target, we can never start remote fs mounts.
Now pull in remote-fs.target in dracut-pre-pivot.
Signed-off-by: WANG Chao <chaowang@redhat.com>
cmdline() prints empty "resume=" options for non-persistent swap
devices, for example zram. Add a check for that.
This patch also fixes printf formatting and removes unused variables.
Without the 59-scsi-sg3_utils.rules udev-rule a couple of devices are missing
in /dev/disk/by-id.
If the luks device is specified by-id in /etc/crypttab and rd.luks.uuid not
passed as a commandline parameter during boot, systemd tries to start its
crypto services which depend on those missing devices until it times out and
exits to dracut rescue shell.
Signed-off-by: Julian Wolf <juwolf@suse.com>
The rootfs-generator was installed in the wrong path
in the initrd, cause it never to be run.
References: bnc#878714
Signed-off-by: Hannes Reinecke <hare@suse.de>
for a variable with spaces, e.g.:
EXT_KEYMAPS='backspace keypad euro2'
The following would occur:
print_vars: eval printf -v _value %s '$EXT_KEYMAPS'
print_vars: printf -v _value %s backspace keypad euro2
print_vars: [[ -n backspacekeypadeuro2 ]]
print_vars: printf '%s=\"%s\"\n' EXT_KEYMAPS backspacekeypadeuro2
Thanks to Sebastian Köln for the fix!
By convention, strstr should be a literal string match. Previously, it
would match as a glob pattern. Some code used that, so add new
functions strglob and strglobin to do what that code expects, and
specify them tightly too. strglob tests whether the glob pattern
matches the entire string (the name strglob is also used in the yorick
language, and that's what it does there), while strglobin tests whether
the glob pattern matches anywhere in the string.
Also tightens str_starts, str_ends, and str_replace to deal with
literal strings only. In a quick grep I did not find code that depended
on these functions matching globs.
Changes the call sites where strstr was used with glob patterns to use
strglobin or strglob as the intention seemed to be (or, in one case,
strstr with the * removed as it did not affect the result anyway).
With the following commit, dracut doesn't mount anything from /etc/fstab
commit e920bfb
Author: WANG Chao <chaowang@redhat.com>
Date: Tue Apr 1 15:20:49 2014 +0800
fstab: do not mount and fsck from fstab if using systemd
But systemd doesn't mount nfs at all, because no unit is pulling in
remote-fs.target.
dracut must pull in these remote fs mount and all these remote mounts
should start only after network is up (ie. after dracut-initqueue).
Signed-off-by: WANG Chao <chaowang@redhat.com>
Before modifying 69-dm-lvm-metad.rules, we should check for the
existance first. Otherwise this results in error messages on
distributions (debian), which do not ship these rules.
If using systemd in initramfs, we could run into a race condition when
dracut and systemd both are trying to mount and run fsck for the same
filesystem, and mount or fsck could be a failure.
To fix such failure, we should use systemd to mount/fsck from /etc/fstab
only.
v2: check $DRACUT_SYSTEMD suggested by Alexander Tsoy
Signed-off-by: WANG Chao <chaowang@redhat.com>
Running dracut in a chroot environment, which has /dev not correctly
setup will result in errors like:
/usr/bin/lsinitrd: line 164: /dev/fd/62: No such file or directory
cpio: Malformed number �5�OK��
cpio: Malformed number 5�OK��
cpio: Malformed number �OK��
This is because bash wants /dev/fd/<num> for constructs like:
foo < <$(bar)
for i in $(manpages) dracut.html dracut-version.sh; do [ "$${i%/*}" != "$$i" ] && mkdir -p "dracut-$(VERSION)/$${i%/*}"; cp "$$i" "dracut-$(VERSION)/$$i"; done
tar --owner=root --group=root -rf dracut-$(VERSION).tar $$(find dracut-$(VERSION) -type f)
for i in $(manpages) dracut.html dracut-version.sh; do [ "$${i%/*}" != "$$i" ] && mkdir -p "dracut-$(DRACUT_MAIN_VERSION)/$${i%/*}"; cp "$$i" "dracut-$(DRACUT_MAIN_VERSION)/$$i"; done
tar --owner=root --group=root -rf dracut-$(DRACUT_MAIN_VERSION).tar $$(find dracut-$(DRACUT_MAIN_VERSION) -type f)
This code of conduct outlines our expectations for participants within the Dracut community, as well as steps for reporting unacceptable behavior.
We are committed to providing a welcoming and inspiring community for all and expect our code of conduct to be honored.
Anyone who violates this code of conduct may be banned from the community.
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
* Focusing on what is best not just for us as individuals, but for the overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others’ private information, such as a physical or email address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@profian.com>.
All complaints will be reviewed and investigated promptly and fairly and will result in a response that is deemed necessary and appropriate to the circumstances.
Project maintainers are obligated to respect the privacy and security of the reporter of any incident.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq.
Translations are available at https://www.contributor-covenant.org/translations.
Security is very important to us. If you discover any issue regarding security, we'd appreciate a non-public disclosure of
the information, so please disclose the information responsibly by sending an email to Harald Hoyer <harald@profian.com> and not by creating a GitHub issue.
We will respond swiftly to fix verifiable security issues with the disclosure being coordinated with distributions and relevant security teams.
Harald Hoyer
