dev_t -> major/minor number mapping is more complicated than the
incorrect major=(dev_t >> 8) minor=(dev_t & 0xff) mapping that we
currently perform. Fix mapping to match Linux / glibc behaviour.
Fixes: https://github.com/dracutdevs/dracut/issues/1695
Reported-by: Ethan Wu <ethanwu10@gmail.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
This tests dracut-cpio's handling of rmajor / rminor values compared to
GNU cpio. The test requires root, due to mknod invocation for block
device node creation.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The code for determining local interface and address works
only for peers that are reachable in a single hop.
This is parsed correctly:
192.168.110.1 dev br0 src 192.168.110.160 uid 0 \ cache
But this isn't:
192.168.1.4 via 192.168.110.1 dev br0 src 192.168.110.160 uid 0 \ cache
Fix it.
Fixes: ceca74cc ("dracut-functions: add ip_params_for_remote_addr() helper")
From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
Incorrect:
$ bash -u -c 'echo -n ${FUNCNAME[0]}'
bash: line 1: FUNCNAME[0]: unbound variable
$
Correct:
$ bash -u -c 'echo -n ${FUNCNAME[0]-}'
$
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Dracut currently calls `eu-strip` or `strip` with -g, which only strips
out .debug_* sections. symtab and strtab are kept, but are not required
for runtime, and people will rarely need to do binary level debugging
work in initramfs.
So introduce a --aggresive-strip options, try strip out all sections
that are not required for runtime. This can help reduce the binary size
by a lot.
For example, the size of libc.so is reduced by a lot when stripped
with no option than with -g.
3014184 libc-2.28.orig.so
2970920 libc-2.28.strip-g.so
1460904 libc-2.28.strip.so
Signed-off-by: Kairui Song <kasong@tencent.com>
It may happen that dracut-shutdown.service fails, for example on timeout
due to very low bandwidth.
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
unit doing dracut-shutdown.service cleanup needs to execute to make sure
switching root to an incomplete initramfs won't occur later.
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
Use nohup instead of disown, and let systemd track the service properly.
This makes the scripts POSIX compatible and bash is no longer needed.
Signed-off-by: Kairui Song <kasong@tencent.com>
The regular expression here is trying to handle various kernel
module compression schemas and was missing the zst extension
which indicates use of zstd.
Mailbox drivers might be needed by some of the devices used in the
initrd. For example, on the Raspberry Pi 4, the MMC 'sdhci-iproc' driver
depends on 'bcm2835-mailbox'.
Signed-off-by: Adrien Thierry <athierry@redhat.com>
The 69-dm-lvm-metad.rules udev rule has been removed from
the initrd, because it's been dropped by recent upstream
lvm versions, and it never performed any primary function
within the initrd. But, it did have the job of setting
LVM_MD_PV_ACTIVATED=1 for active md devices used by PVs.
That step needs to be restored, and is now included in
64-lvm.rules.
Change the command listing LVs from lvscan to lvs, and list
only the LV names that are being activated. Before attempting
to activate an LV, check that that LV name appears in the
lvs command output. This avoids wasting time running an
lvchange command that we know will fail.
Previously, the lvm device filter generated by dracut
would not be used if any lvm.conf file existed in the
initrd. Change this so that the generated filter will
be used when the included lvm.conf has no filter set.
Drop checking for options that have been available for
at least ten years. This simplifies code maintenance.
Add the new --nohints option (when available) to disable
the use of hints which is not useful during startup.
The --partial option will activate a linear (or other) LV
without segments for missing devices, which is unlikely to
be useful. The intention was to activate raid LVs in a useful
form while missing devices, which is specified with the option
--activationmode degraded.
This udev rule runs pvscan to autoactivate VGs, which dracut
does not want to do, and previously disabled by editing the
rule file and commenting out lines.
This also stops /dev/disk/by-id/lvm-pv-uuid-* symlinks from
being created in the initrd.
Remove support for modifying use_lvmetad and locking_type
settings in lvm.conf for lvm versions 2.2.*. Recent lvm
versions (2.3.*) do not include lvmetad or locking_type.
This cleanup simplifies code maintenance.
To use the lvm module with older versions (2.2), a user
would need to ensure that lvmetad settings are disabled
in the initrd's lvm.conf rather than relying on the lvm
dracut mode to modify their lvm.conf.
Not all distributions utilize and ship the mpathconf utilitiy.
Avoid error messages and systemd complaints about
multipathd-configure.service in this case.
In the long run, it's desirable to be able to drop dracut's copy of
multipathd.service and use the upstream one from multipath-tools instead.
This patch makes a step in that direction.
With these changes, the only remaining difference is the support for
rd.multipath=0 and rd_NO_MULTIPATH, which must obviously be ignored in the
upstream unit.
The modifications in this patch are minor and will have no effect in the
initramfs.
The dependency of multipathd on "udev settle" has recently been removed in
c9689b6 ("multipathd: Remove dependency on systemd-udev-settle.service").
But this dependency has never been necessary in the initramfs environment. It
was only required after switching root, because multipathd would potentially
tear down valid multipath maps after switching from initrd to root FS. This can
happen because dm devices "survive" the root FS switch in the udev data
base (they have the "db_persist" flag set), whereas their component devices
(SCSI etc) do not. But this can only happen after initrd-udevadm-cleanup-db.service
has been run, which happens after initrd processing.
The only dependency that's really needed is that on
systemd-udevd-kernel.socket, because multipathd depends on uevents for
devices being delivered via systemd-udevd.
During boot dracut parses the provided UUID to lower case and thus starts an
endless loop wating for the devise to appear. The device is actually mapped
correctly by the kernel (which doesn't tweak the UUID) but because we are
waiting for a name with lower charachters the expeted device never appers which
drops us at the emergency shell leaving the system unbootable.
This happens especially on nfts/fat filesystems because technically those don't
have a UUID but searial numbers which are used by the linux tools as UUID.
An example kernel command line option for this configuration
root=/dev/sda1 ro rd.live.image rd.live.overlay.overlayfs=1
The change checks if $FSIMG is empty and adds a symlink from
/run/rootfsbase to /run/initramfs/live and changes the place
of the creation of the required mount point directories.
Since wicked-0.6.67, its dbus configuration files can be installed in /etc or /usr/share.
Also, check if it's using libexec or lib instead of displaying always an error.
This is a workaround for GRUB2's Btrfs implementation, which doesn't
correctly handle gaps between extents.
A fix has already been proposed upstream via
https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00206.html
Given that this bug is severe, it makes sense to include this minimal
workaround.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The current detection routine for openssl-based libcurl assumes that
libcurl has its own hardcoded path to the ca-bundle. Fix the
cases where curl is compiled with:
--with-ca-fallback --without-ca-path --without-ca-bundle
In this case, we must also grep in OpenSSLs libcrypto.
Other changes:
- Filter reported but non-existant paths.
- Strip nul bytes returned by grep.
- Consider that ca-bundles might use '.pem' instead of '.crt'.
Original-patch-by: Daniel Molkentin <daniel.molkentin@suse.com>
Starting with kernel 5.17 the kernel supports the builtin privacy screens
built into the LCD panel of some new laptop models.
This means that the drm drivers will now return -EPROBE_DEFER from their
probe() method on models with a builtin privacy screen when the privacy
screen provider driver has not been loaded yet.
Make dracut add the privacy screen providing drivers to the initrd
(when necessary for hostmode=yes), so that drm drivers on affected
drivers can probe() successfully.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
If the configured compression command is unavailable, reset $compress,
and fall back to auto-detection. This allows building an initramfs
even if the configured compression command is not installed. This can
happen e.g. if the distribution uses a preconfigured default, but the
user deinstalled the respective tool.
If the compression method is unset, or had to be reset because of
missing dependencies, inform the user what's being used. Also,
replace the printf in the "cat" case with a dwarn.
There's no need to decompress the kernel modules in dracut, and
"$kcompress" is never referenced. dracut can build the initramfs
just fine if there's no tool for decompressing modules.
End with error, or show a warning when nonexistent device is specified for network setup like
`ip=10.12.8.12::10.12.255.254:255.255.0.0:xk12:eth0:off`.
I've added the error only for `write-ifcfg.sh`, as I think no such setup should be written.
Resolves: #1712424
dracut does not install the kernel module of the block device that contains
the root filesystem if the following preconditions are met:
- Running in host-only mode.
- Symlinks of all block devices needed to boot the system pointing to virtual
subsystems.
The get_dev_module function uses "udevadm info -a" to get the corresponding
kernel modules of a /sys/class/*/* or /dev/* device. This function is called
in modules.d/90kernel-modules/module-setup.sh to detect if dracut must install
block device drivers in host-only mode. The symlinks in /sys/dev/block/
usually point to "real" devices in /sys/devices/pci*. But, we have come across
some NVMe systems where the kernel creates the symlinks in /sys/dev/block/
pointing to "virtual" devices instead. In this case, udevadm never finds any
"driver" attributes following up the chain of parent devices.
If the system provides more than one UUID, the _MD_UUID var
contains a line break after each UUID. Therefore the strstr
function could not find any UUID, caused by the additional
spaces provided to the function.
Furthermore this could lead to a boot interruption, because
the start of a degraded raid1 won't be executed. So, manual
interaction is necessary.
dracut-cpio already carries a bunch of unit tests covering compression
and GNU cpio extraction. The purpose of these tests is to exercise the
dracut.sh --enhanced-cpio code-paths as well as kernel cpio archive
extraction.
Signed-off-by: David Disseldorp <ddiss@suse.de>
The new dracut-cpio binary is capable of performing copy-on-write
optimized initramfs archive creation, but due to the rust dependency
isn't built / installed by default.
This change adds a new "--enhanced-cpio" parameter for dracut which
sees dracut-cpio called for archive creation instead of GNU cpio.
Signed-off-by: David Disseldorp <ddiss@suse.de>
dracut-cpio is a minimal cpio archive creation utility written in Rust.
It provides support for a minimal set of features needed to create
performant and space-efficient initramfs archives:
- "newc" archive format only
- reproducible; inode numbers, uid/gid and mtime can be explicitly set
- data segment copy-on-write reflinks
+ using Rust io::copy()'s native copy_file_range() support[1]
+ optional archive data segment alignment for optimal reflink use[2]
- hardlink support
- comprehensive tests asserting GNU cpio binary output compatibility
1. Rust io::copy() copy_file_range()
https://github.com/rust-lang/rust/pull/75272
2. Data segment alignment
We're bending the newc spec a bit to inject zeros after the file path
to provide data segment alignment. These zeros are accounted for in
the namesize, but some applications may only expect a single
zero-terminator (and 4 byte alignment). GNU cpio and Linux initramfs
handle this fine as long as PATH_MAX isn't exceeded.
Signed-off-by: David Disseldorp <ddiss@suse.de>
Crosvm's rust argument library is very small and simple, while still
providing helpful functionality. It will be consumed by dracut-cpio in a
subsequent commit.
The unmodified, BSD licensed argument.rs source is lifted as-is from
https://chromium.googlesource.com/chromiumos/platform/crosvm
(release-R92-13982.B b6ae6517aeef9ae1e3a39c55b52f9ac6de8edb31).
The one-line crosvm.rs wrapper is needed to ensure that crosvm::argument
imports continue to work.
Signed-off-by: David Disseldorp <ddiss@suse.de>
On platforms where the kernel is built without suspend/resume support we
see "cat: /sys/power/resume: No such file or directory" message when
creating an initrd image. Check for the presence of /sys/power/resume
first before reading it.
Signed-off-by: Dan Horák <dan@danny.cz>
Systemd is an optional module for the dmsquash-live module. This scenario
is properly handled for other modules (for example livenet module) but not
for dmsquash-live module.
When a forced shutdown is issued through sending a burst of Ctrl-Alt-Del
keys, systemd sends SIGTERM to all processes. This ends up killing
dracut-initramfs-restore as well, preventing the script from detecting
that the unpack of the initramfs is incomplete, which later causes a
crash to happen when "shutdown" tries to execute from the unpacked
initramfs.
This fix makes sure dracut-initramfs-restore remains alive to detect
the unpack failed (because cpio was killed by systemd too).
Refs:
* https://bugzilla.redhat.com/show_bug.cgi?id=2023665
There appears to be an issue with newer QEMU versions (spotted with Arch
Linux and C9S containers) which causes the respective GH Action to hang
when booting a QEMU VM in combination with the `-cpu max` parameter.
During (a particularly painful) debugging session I once managed to get
some output from such "frozen" machine (using `earlycon` and
`earlyprintk` kernel cmdline options), and in that particular case the
VM died with a trap caused by an invalid opcode.
I couldn't reproduce this locally, only in GH Actions environment with
Arch Linux and C9S containers. Also, so far I haven't found out which
specific CPUID flag causes this, but using the `IvyBridge-v2` feature
set seems to mitigate the issue.
Like the dwc/chipidea controllers the isp1760 can act in either
host or gadget mode so it ends up in it's own directory. Add this
driver into the initrd as it's part of some arm platforms and
is needed to be able to boot off USB storage.
Fixes issue #1619
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The network-manager module also writes logs to the console, so that it's easier
to debug network-related boot issues. If systemd can't open the console, the
service fails and network doesn't get configured.
Add a check to disable tty output when the console is not present or not
usable.
https://github.com/coreos/fedora-coreos-tracker/issues/943
When systemd is compiled with ASAN library to troubleshoot memory issues
within systemd code, the libasan library expects to have /proc be
available as soon as systemd starts, which isn't the case currently,
causing an assertion to fail, systemd to crash and kernel to panic:
==1==AddressSanitizer CHECK failed: ../../../../libsanitizer/sanitizer_common/sanitizer_procmaps_common.cc:75 "((data_.proc_self_maps.len)) > ((0))" (0x0, 0x0)
<empty stack>
X.XXXXXXX Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[...]
We need to pull in Type-C USB drivers as they can provide a number of
differnet bits of functionality in early boot including input, display
(altmode DP) and storage so we need to have them available to ensure
functionality attached to those buses/interfaces are available in early
boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
This removes the 'ExecStop=' field from `multipathd.service`.
Sometimes CI runs do encounter a failure related to this
service in initrd, which seems to be stemming from a socket
I/O race between the client and the server on shutdown.
It looks like the client (`multipathd shutdown`) can lose the race,
hit an I/O error, and cause the whole unit to fail (even if the server
managed to shutdown properly already).
Notably, the upstream unit does not have such stop command
as the daemon can already perform a graceful exit through
its signal handler.
As such, this commit partially re-aligns the two units,
trying to sidestep any of the existing races.
Refs:
* https://github.com/coreos/fedora-coreos-tracker/issues/803
* https://github.com/opensvc/multipath-tools/blob/0.8.7/multipathd/multipathd.service
Fix how ifname for a given local_address is found.
Fix logic to detect presence of ifname and route.
Signed-off-by: Charles Rose <charles.rose@dell.com>
Currently $_dev is always overridden with the value returned by
label_uuid_to_dev(). This results in an empty value if $_dev is a
device path. Fix this by calling label_uuid_to_dev() conditionally.
Bug: https://bugs.gentoo.org/807971
Fixes: d3532978de
On hostonly mode, the platform driver is not copied blindless. There
should be a way to detect the real hardware driver, which probes a block
device.
/sys/dev/block/major:minor is a symbol link, which points to the real
device, recording the hardware stack. And those info can help to
identify the associated drivers for the hardware stack.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
---
v2 -> v3:
address shellcheck in dracut-functions.sh
v1 -> v2:
remove local variable _extra_mod
shorten subject
There are some workarounds in dracut.sh for FIPS/libpthread covering
some hidden lib dependency issues. These workarounds didn't take effect
for the squash loader since the squash loader is installed
independently. So apply these workarounds again.
Also skip the lib detection code, since these extra installed libs
are small, and squash loader contents are dropped after switch root,
won't be an issue to be always installed. And this makes the code
cleaner.
Signed-off-by: Kairui Song <kasong@redhat.com>
When NetworkManager is running as systemd service, it's not enough to write
connection files; the module should also tell NetworkManager to reload the
connections from disk so that any new connection can be auto-activated.
https://bugzilla.redhat.com/show_bug.cgi?id=1975929
Sice commit 22d6863ef1 ("fix(network-manager): cope with distributions not
using `libexec`") nm-initrd-generator can be installed in either /usr/libexec
or /usr/lib. Change other modules to check for the binary in both locations.
NetworkManager leaves state files behind in "/run/NetworkManager/devices".
These files are in keyfile format (glib's GKeyFile API [1]).
From the statefile, the dracut module writes a .dhcpopts file. And other users
want to parse that file, for example anaconda ([2]). To be fair,
anaconda seems to parse a different file, so I am a bit confused who
uses this file how. In any case, it seems somebody might be tempted to
execute this as a script.
We need to write the .dhcpopts file in a format that is defined and easy
to handle from a shell script. As already previously, this format is
a bash script that sets certain variables. That means, to load the file,
the user could execute it as bash script. But this is dangerous, as the
file contains potentially untrusted data from the network.
Optimally, users still don't trust the .dhcpopts file to be safe for
executing! It would be better if users too try to parse the file
instead of executing it. That is not trivial however because in face
of special characters, as we use bash's `printf '%q'` to escape the values
and parsing bash escaping is not trivial.
Anyway, make sure we properly quote and handle the content so that also
executing is safe. In the best case, there are no special characters
that require escaping, and naive parsing can be done with `sed`.
Otherwise, executing is now also supposed to be safe.
In this case we parse DHCP options from the state file. They are themselves
backslash escaped UTF-8 strings (C escape sequences), which then are stored
via keyfile API. The properly parse them, we would first need to load the file
with GKeyFile (which undoes one level of backslash escaping) and then
use g_str_compress() (to undo the second level). We mimic that with
shell.
[1] b3411d6780/dracut/fetch-kickstart-net.sh (L30)
[2] https://developer.gnome.org/glib/stable/glib-Key-value-file-parser.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
Add support for loading EVM x509 certs from a directory that the user can
specify with the EVMKEYSDIR variable in the evm config file. By default
the additional certs are loaded from /etc/keys/evm.
Support for multiple EVM keys allows the usage in a system of files with
signed metadata from multiple parties.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
We want word splitting to occur so that the arguments are passed
separately, and we don't end up passing an empty string if no arguments
are specified.
Bug: https://bugs.gentoo.org/803548
Fixes: 2fabaaa62d
This tailing '/' will result in following error:
dracut-install: ERROR: installing '/etc/ld.so.conf.d/'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.kEFQLs/initramfs -d /etc/ld.so.conf.d/
Signed-off-by: Kairui Song <kasong@redhat.com>
Since version 1.32, NetworkManager launches a tiny external helper to determine
the hostname via reverse DNS resolution through glibc's nss-dns. Include the
binary.
systemd-vconsole-setup.service may fail if the user specifies a missing keymap,
see [1,2,3], or font. This is unfortunate, but the system should not refuse
boot. It is better to continue, possible without the desired font or keymap.
All other systemd services that depend on systemd-vconsole-setup.service do so
without a hard Requires=.
(In particular, systemd-vconsole-setup internally will try to do as much setup
as possible, and will load the font even if it cannot load the keymap and vice
versa.)
[1] https://fedoraproject.org/wiki/Common_F34_bugs#kbd-legacy-media
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1955162
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1955793
When running kdump on PowerPC, the following bug is hit:
[ 0.391629] Freeing unused kernel memory: 5568K
[ 0.391634] This architecture does not have kernel memory protection.
/bin/sh: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
[ 0.392214] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00007f00
[ 0.392214]
[ 0.392223] CPU: 6 PID: 1 Comm: init Not tainted 4.18.0-319.el8.ppc64le #1
[ 0.392228] Call Trace:
[ 0.392234] [c00000000c703c10] [c000000008ecb94c] dump_stack+0xb0/0xf4 (unreliable)
[ 0.392243] [c00000000c703c50] [c000000008167324] panic+0x148/0x3c4
[ 0.392249] [c00000000c703cf0] [c000000008170474] do_exit+0xcd4/0xd40
[ 0.392255] [c00000000c703dc0] [c0000000081705b0] do_group_exit+0x60/0x110
[ 0.392261] [c00000000c703e00] [c000000008170684] sys_exit_group+0x24/0x30
[ 0.392268] [c00000000c703e20] [c00000000800b408] system_call+0x5c/0x70
This is due to the non-conventional library path:
ldd /bin/bash
linux-vdso64.so.1 (0x00007fffbdc90000)
libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fffbda80000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fffbda50000)
libc.so.6 => /lib64/glibc-hwcaps/power9/libc-2.28.so (0x00007fffbd830000)
^^^
/lib64/ld64.so.2 (0x00007fffbdcb0000)
ldd finds the path by libc.so.6 -> /usr/lib64/libc.so.6 ->
/usr/lib64/glibc-hwcaps/power9/libc-2.28.so and cache the result. So
when dracut_install, it only saw
'/usr/lib64/glibc-hwcaps/power9/libc-2.28.so' and blind to
'/usr/lib64/libc.so.6'
In the final kdumpimg, the symlink /usr/lib64/libc.so.6 is not created,
hence ld.so can not find the /usr/lib64/glibc-hwcaps/power9/libc-2.28.so
On the other hand, during the process of building kdumpimg, all of dynamic library info
have been cached in ld.so.cache. Hence this bug can be simplely resolved
by keeping ld cache under $initdir/etc.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
---
v3 -> v4:
use inst() instead of copy
v2 -> v3:
fix format by shfmt -s -w modules.d/99squash/module-setup.sh
v1 -> v2:
cp -r /etc/ld.so* instead of move, since after switch-root, initdir
can not be seen any longer
Fix potential memory leaks in two locations and use
_exit(EXIT_FAILURE) if asprintf(&abspath, ...) fails.
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
On s390x KVM machines, the follow errors occurred,
$ kdumpctl rebuild
kdump: Rebuilding /boot/initramfs-4.18.0-321.el8.s390xkdump.img
/usr/lib/dracut/modules.d/95qeth_rules/module-setup.sh: line 13: /sys/devices/qeth/*/online: No such file or directory
/usr/lib/dracut/modules.d/95qeth_rules/module-setup.sh: line 13: /sys/devices/qeth/*/online: No such file or directory
because s390x KVM uses virtual devices and /sys/devices/qeth/*/online
doesn't exist. Eliminate this error by checking the existence
beforehand.
We get a nice warning about it being deprecated:
```
systemd-udev-settle.service is deprecated. Please fix nm-initrd.service not to pull it in.
```
The service is deprecated because its purpose was to wait for the
discovery of all hardware, but it didn't guarantee that (see the
systemd-udev-settle man page).
NM now runs as an independent service and can deal with devices showing
up at any point, but it does need udev to be started. For now just
Want/After systemd-udev-trigger.
If the gpg card is not inserted before the --card-status command is
executed then the public key is not linked with the card. Therefore,
the LUKS partition cannot be decrypted. To solve this, the
--card--status command is executed on each try.
[[ -d $symlink ]] will return true if the symlink points to a directory.
So the symlink will not be copied, instead a directory is created with
the symlink name and the content is copied.
Signed-off-by: Kairui Song <kasong@redhat.com>
While including a directory using '--include' option, the file and
subdirectory names that begin with '.' are not included. Also, dracut
throws a warning message when a subdirectory is empty or only has
files or subdirectories that begin with '.'.
For example, while trying to include /tmpdata directory with the
below tree:
# tree -a /tmpdata
/tmpdata
├── .anothertestdir
├── testdir
│ └── .testsubdir
└── .testfile
dracut throws the below warning message:
# dracut --include /tmpdata /root
cp: cannot stat '/tmpdata/testdir/*': No such file or directory
#
and this is how the included /tmpdata directory tree looks:
# tree -a root
root
└── testdir
No file or directory beginning with '.' is included & also, copying
/tmpdata/testdir reported "No such file or directory" warning. Using
'.' instead of '*' in the below command will fix the warning whether
the directory being copied is empty or only has files or directories
that begin with dot:
$DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/*
Also, enable 'dotglob' temporarily to include files and directories
beginning with a `.' in the results of pathname expansion of source
directory being included.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Previously when NM was run without dbus then teaming would come
up appropriately [1], but now that dbus exists we also need to
include some supporting infrastructure to allow for it to work
again.
[1] d689380cfc
Don't use absolute path, or it may resolve to wrong files after unpack
the initramfs to a sub path on a running system.
Signed-off-by: Kairui Song <kasong@redhat.com>
On s390x, the `BOOT_IMAGE` karg injected by the bootloader is not a path
to the kernel image, but rather an integer describing the index of the
menu entry selected. Because of the way the s390x bootloader works,
there is no information retained about e.g. the path of the kernel that
was loaded.
This causes issues for the FIPS code which assumes that `BOOT_IMAGE` is
a path to the kernel image to derive the HMAC path. In non-OSTree
systems, this ends up working anyway, because the kernel is located at
the root of the boot partition. In OSTree systems, this is not the
case. However, OSTree systems use BLS configs, and they are named in
reverse order of precedence (i.e. menu ordering). So from the
`BOOT_IMAGE` integer, we can figure out which BLS entry was selected.
Add some code to do just this on s390x. This isn't completely foolproof,
because it presumes that (1) BLS configs were used to populate the
bootloader (and that they were exactly in the same state they currently
are when `zipl` was run), and (2) there are no other menu entries
originating from outside the BLS configs. However, if these assumptions
are wrong we would simply fail the boot, which is currently what is
happening anyway.
See also:
https://github.com/openshift/os/pull/546https://github.com/ibm-s390-linux/s390-tools/issues/78
Tested-by: Muhammad Adeel <muhammad.adeel@ibm.com>
Also install umount binary, make it possible to cleanup squash overlay
mounts. This is useful for other tools reusing the dracut initramfs built
with squash module enabled.
Signed-off-by: Kairui Song <kasong@redhat.com>
Upcoming versions of EVM will not require the ALLOW_METADATA_WRITES anymore,
therefore we remove it from the script and require it to be set in the EVM
config file variable EVM_ACTIVATION_BITS for those versions that need it.
Patch 9 in this patch set deprecates the EVM_ALLOW_METADATA_WRITES flag:
https://lore.kernel.org/linux-integrity/20210514152753.982958-1-roberto.sassu@huawei.com/
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
It is possible that user setup some early mount in the rootfs even
earlier, so just be more robust and cover that case too.
Signed-off-by: Kairui Song <kasong@redhat.com>
```
dracut-dev-lib.sh: line 92: str_replace: command not found
dracut-dev-lib.sh: line 98: /var/tmp/dracut.sabKZg/initramfs/initqueue/finished/devexists-.sh: No such file or directory
dracut-dev-lib.sh: line 83: /var/tmp/dracut.sabKZg/initramfs/emergency/80-.sh: No such file or directory
```
Add OpenSuse and Arch Linux to limited tests.
Only run the full tests against the latest stable Fedora version
to reduce the workload.
Also remove the `hung_task_panic=1` on the kernel command line, as qemu
tends to be really slow in non-kvm mode.
Fixes: 8e84fa726 ("fix(url-lib): shellcheck for modules.d/45url-lib")
Behaviour introduced by that commit made the following to be run:
curl "--globoff --location --retry 3 --fail --show-error" http://192.168.1.173:8000/test.ks
instead of:
curl --globoff --location --retry 3 --fail --show-error http://192.168.1.173:8000/test.ks
This broke downloading kickstart file in anaconda-dracut.
Gummiboot was merged into systemd and official became systemd-boot in 2015 ( 6 years ago )
and no longer was being maintained as Gummiboot from that point.
It's safe to say distribution should have migrated to sd-boot by now so let's deprecate
it.
The ldd output can contain the variable $LIB, which is a documented feature of
ldd. In a previous commit [0], dracut-install received support for this
variable, but that was later reverted [1] due to issues [2][3] on Gentoo ARM64.
The part before '=>' does not necessarily refer to an existing file (e.g. due
to the usage of $LIB) and thus [1] could be seen as a regression to anyone
that uses this ldd feature. This PR combines both cases together and whenever
it find a '$' character (i.e. a variable) on the left side of the '=>' symbol,
it uses the right hand path (and thus uses evaluation done by ldd), otherwise
falls back to the behavior set by [1].
Reproducer that was presented to me:
$ grep "ibz.so" /etc/ld.so.preload || cat << EOF >> /etc/ld.so.preload
/\$LIB/libz.so.1.2.11
EOF
$ mkdir -p /var/tmp/dracut.xitk6p/initramfs
$ strace /usr/lib/dracut/dracut-install -D /var/tmp/dracut.xitk6p/initramfs -l /bin/bash 2>&1|grep ibz
$ rm -rf /var/tmp/dracut.xitk6p/
[0] 45404a2
[1] 6d886bb
[2] #471
[3] https://bugs.gentoo.org/667752
Setting `DEBUG_MEM_LEVEL` in the build phase prevents
`setmemdebug()` to call `getargnum`, which would use `dracut-getarg`
in the initrd runtime phase.
No more:
```
modules.d/99base/dracut-lib.sh: line 217: dracut-getarg: command not found
```
On systems with a large number of devices, usually multipath devices,
dracut can spend a lot of time stat'ing the devices to collect the
major/minor numbers, leading to huge slowness rebuilding the initramfs
when stat'ing devices is slow (seen with oracleasm file systems in
particular).
This commit implements a basic cache stored in a file under
DRACUT_TMPDIR storing the major:minor corresponding to the specified
device.
Reproducer: create N loopback devices used as a LVM extension to volume
group hosting the root file system
# LVMVG="rhel"
# NDEVICES=200
# mkdir devices; for i in $(seq 1 $NDEVICES); do
truncate -s 10m devices/$i; losetup loop$i devices/$i
done
# vgextend $LVMVG $(/bin/ls -1 /dev/loop[0-9]*)
With standard code (tested with RHEL8.3 dracut):
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug 2>&1
# grep -c "stat -L -c" /tmp/debug
2440
With this code:
# dracut -f --debug /tmp/initramfs.img $(uname -r) >/tmp/debug_optim 2>&1
# grep -c "stat -L -c" /tmp/debug_optim
205
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Modern Linux kernels support zstd-compressed modules, which was added
by commit 73f3d1b48f50 ("lib: Add zstd modules").
Commit c3d7ef377eb ("kbuild: add support for zstd compressed modules")
added support of compressing modules with zstd to kernel Makefiles.
libkmod >= 28 built with libzstd is also required.
Just install all `=crypto` drivers in the generic initramfs, because who
are we to decide which combinations are allowed in current and future
`cryptsetup`. We only could install blacklist filter in the future, if
there are modules, which are definetely not used and are huge in size.
- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
dracut-install triggers "ERROR: installing '/usr/lib/wicked/bin/*'"
when find_binary is being used to determine if wicked is installed
so let's just check for the wicked type service unit instead.
All device-mapper based devices, including device-mapper-multipath,
do reuse the udev db from the initramfs after switching to the root fs.
Therefore device-mapper devices have to be correctly initialized before
the udev daemon is stopped, to have the correct entries in the udev db.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1949076
Currently when dracut search for btrfs device used for initramfs, it
assumes the mount points passed in with "--mount" are all mounted with
given mount path. If user want the device to be mounted to a different
location in initramfs, this will not be true.
eg. with "--mount '/dev/mapper/vol /sysroot btrfs rw,relatime,subvolid=256,subvol=/root'"
and having '/dev/mapper/vol' currently mounted on '/', will raise an
error:
ERROR: cannot access '/sysroot': No such file or directory
So search for actual mount point of given device.
Signed-off-by: Kairui Song <kasong@redhat.com>
Introducing the systemd-network-management meta module which will
allow distribution users and vendors to easily include
systemd + systemd's network management modules by simply include this
module instead of systemd network modules individually.
Obviously if the intent is to glue together somekind of network stack
out of random existing modules such as NetworkManager and or Wicked,
this meta module should not be enabled.
The system currently throws numerous nasty warning messages during
the boot, about ignored null bytes in input.
This patch adds a filter to the dd command, to filter these null
bytes out, and thus to prevent these warning messages.
Signed-off-by: Lev Veyde <lveyde@redhat.com>
- Removing dependency on the systemd meta module since it causes circular dependency,
prevents the existance of multiple systemd based meta modules and is redunant.
- Removing directory creation for modules-load since it should not be
necessary and if it turns out that it is, it will be re-introduced in the
form of a systemd tmpfile instead of inst_dir.
- Add a missing inclusion of configuration files placed in /usr/lib/modules-load.d
and /etc/modules-load.d ( hostonly ) directories.
- Fix a spelling error in the systemd type unit file conf directory overwrite
in the hostonly section.
Create the `/run/NetworkManager/initrd` directory before creating
`/run/NetworkManager/initrd/neednet`. Somehow on Fedora 32 this
directory is missing, when the script is running.
This fixes all NetworkManager tests for Fedora 32.
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
The watchdog module pulls in the device specific watchdog if that
module is enabled, but in the case where we need a generic initrd
we don't get all watchdog drivers which means if we have a watchdog
enabled for that usecase it may get kicked too late in the boot
process so we need the drivers in the initrd for the generic case too.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
* Correct the systemd generated sysroot.mount unit with the options
received by the DHCP request and do a `daemon-reload`.
* Inject the `nbd-client -check /dev/nbd0` in the finished initqueue.
* Reactivate the NBD tests and prepare them for NetworkManager tests.
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
`qemu_add_drive_args` can be used to generate arguments to specify disks
for a qemu machine (`-M q35`).
This is mostly useful to address those raw disks via `/dev/disk/by-id`,
because due to parallel probing in the kernel `/dev/sd*` can point to
anything.
Don't hard exit in `check()`. The transaction logic only checks if it
should/can include the module. Just return `255` and the `dbus` meta
module will pick its dependency.
- Included a bluetooth module that installs modules, firmware, udev rules and bluetoothd.
- systemd and dbus are required by bluetoothd
- Include bluetooth by default if BT keyboard or combo found
While creating the striped md raid0 sometimes this error occures:
```
mdadm: Defaulting to version 1.2 metadata
mdadm: RUN_ARRAY failed: Unknown error 524
Failed to clear hint file.
Device /dev/md0 not found.
Powering off.
```
Add debug output with the size of the disks.
Also create disks with multiple of 4096.
This commit changes how NM is started inside the initrd. Instead of running NM
in the special --configure-and-quit=initrd mode, which sets up network and
quits, start it as a daemon.
This has multiple advantages. First, we no longer need to run NM in a special
mode that requires additional code and maintenance. NetworkManager works
exactly as in the real root.
One problem of the current configure-and-quit approach is that once NM has
quit, dynamic addresses can expire if the initrd setup takes longer than the
DHCP lease interval or than the IPv6 address lifetime. Running NM as a service
solves this problem.
Now NM runs with D-Bus support and therefore its API can be used by other
modules. This open the possibility, for example, to integrate nm-cloud-setup to
automatically configure networking based on cloud metadata.
Use the NetworkManager-wait-online.service, ordered before
dracut-initqueue.service, to delay the initqueue until NM has terminated its
configuration.
We don't want to start NetworkManager if networking is not needed.
Right now nm-config.sh lays down /usr/lib/dracut/hooks/initqueue/finished/nm.sh
which will cause the initqueue to run. If nothing exists in
/usr/lib/dracut/hooks/initqueue/finished/ then it will short circuit and
the initqueue won't run anything. But what if something else needed
something to run in the initqueue? nm-run.sh would still get started,
even though /usr/lib/dracut/hooks/initqueue/finished/nm.sh didn't exist.
In this case let's just trigger off of /run/NetworkManager/initrd/neednet
like we are doing in the systemd unit (nm-run.service).
Don't run the new systemd unit (nm-run.service) if rd.neednet=1
isn't set. nm-initrd-generator will generate configuration even
without rd.neednet=1 so determining if we should start based on
just if connection profiles exist isn't enough. We need some other
indicator. In this case we lay down a /run/NetworkManager/initrd/neednet
if rd.neednet=1, which is used by nm-run.service to determine the
need to run.
If teaming is set up via NetworkManager we don't want systemd to take
down the userspace teamd process when NetworkManager quits. `KillMode=process`
will allow it to leave those processes behind.
This is fallout from the change to run NetworkManager via systemd (c17c5b7).
With `KillMode=process` we get something like:
```
sh-5.1# journalctl -u nm-run -o cat | tail
<info> [1618411262.7030] quitting now that startup is complete
<info> [1618411262.7030] device (team0): carrier: link connected
<info> [1618411262.7033] device (team0): team port ens2 was released
<info> [1618411262.7033] device (team0): team port ens3 was released
<info> [1618411262.7033] manager: NetworkManager state is now CONNECTED_SITE
<info> [1618411262.7034] exiting (success)
nm-run.service: Deactivated successfully.
nm-run.service: Unit process 476 (teamd) remains running after unit stopped.
Finished nm-run.service.
```
There are a bunch of `logger: unknown facility name: --user` errors
during a run. This is because logger is getting passed something like:
```
logger -p --user.info
```
Where it should be something like:
```
logger -p user.info
```
On system that doesn't have either consolefonts, consoletrans, keymaps,
or unimaps, "kbddir" is empty, thus the followed installation will
broken with errors like:
cp: cannot stat '/consolefonts/*': No such file or directory
Let's report the checks as failure if "kbddir" is empty.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
When omitting a module from the command line via -o or --omit
it's expected that it behaves in the same manner as adding a module from the
command line as in it does not overwrite existing omissions of other modules in
configuration file(s).
This unquated regex could be splitted into two arguments and sed will
not work. I've see giving error of wrong arguments being used on my
desktop.
Signed-off-by: Kairui Song <kasong@redhat.com>
Patch 2fabaaa62d changed the behaviour for `dash`
under the assumption, that dash does not take parameters for `.` aka
`source`. Although this is true, the original positional parameters of
the `source_all` function are still in place, so everything is
fine with the old way of sourcing.
`$_hostonly_drvs` contained multiple arguments and was quoted.
This patch converts `_hostonly_drvs` into an associative array, which
enables easy deduplication and proper quoting in bash.
Fixes: https://github.com/dracutdevs/dracut/issues/1276
A shellcheck regression quoted `HARD` in
```shell
kill "$HARD" "$pid" > /dev/null 2>&1
```
which would error on an empty "HARD".
Instead of fixing this, use `pkill` instead and also add it to the
non-optional list of binaries to install, which was revised also.
Fixes: https://github.com/dracutdevs/dracut/issues/1275
`$_allow` should not have been quoted, because it can be multiple options.
Instead of unquoting it, convert it to an associative array with easy
deduplication and prefix every device with the `--allow` option.
Fixes: https://github.com/dracutdevs/dracut/issues/1274
`_provider_dirs` should not have been quoted, because it should expand
to multiple arguments.
Just remove the whole variable and add those arguments.
Fixes: https://github.com/dracutdevs/dracut/issues/1273
dbus-broker.service has a 'dbus.service' alias which is installed when the
service gets enabled.
If the alias is not present in the initrd image, services requiring D-Bus in
the initrd fail to start because they depend on dbus.service, which doesn't
exist.
Therefore, enable the service to create the alias.
It was not working anyway, so nobody used it for years.
If it is not used, just remove it.
mkinitrd-suse.sh will be maintained by SUSE as it is SUSE specific
anyway.
This adds support for virtio-mem devices, which provide a dynamic
amount of memory in a VM. Right now, the driver gets loaded and any
memory gets added to the system when loading the kernel module from disk.
While not strictly required to boot, we want to be able to
1) add virito-mem provided memory to the system early while booting up
2) add virtio-mem provided memory even when booting without a disk
3) add virtio-mem devices without adding actual memory in kdump
environments such that we can query things like:
a) is a certain PFN currently plugged in the hypervisor and, therefore,
should actually be read when creating a system dump. (kexec-tools
prepares the vmcore header, like on x86-64)
b) which ranges of a virtio-mem device are currently plugged in the
hypervisor and, therefore, should be added to the dump. (vmcore header
gets prepared by the crashkernel, like on s390x)
Note that loading virtio-mem in kdump environments currently fails with
-EBUSY -- but there are plans to install proper hooks instead to support
especially a) in the near future.
1) and 2) are only really effective when memory hotplug is configured to
automatically online all added system RAM in the kernel (and not late,
via udev rules): e.g., via "mhp_default_state=online" on the kernel
cmdline or via CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE in the kernel.
Especially 2) and 3) require the module to be present inside the initial
ramdisk. The primary use case for including it in the initial ramdisk
is 3).
Signed-off-by: David Hildenbrand <david@redhat.com>
With this config change,copr builds will happen on pull requests
for all fedora development branches and the next major RHEL release
( fedora-eln ) and on commits, copr builds will happen on all fedora
release and the next major RHEL release.
The kernel has an odd way to handle `"` surrounded parameters.
To handle the parameters as the kernel would do, no simple shell script
suffices, so a new utility `dracut-util` is introduced. Written in "C"
it handles `dracut-getarg` and `dracut-getargs` as the old shell script
functions `_dogetarg` and `_dogetargs` would.
Try to make mksquashfs follow --compress option if squash module is
included, if not specified or invalid, fall back to use mksquashfs's
default compressor.
No function change, decide which compressor to use right before
compressing the initramfs.
This may delay the print of this message:
"dracut: no compression tool available. Initramfs image is going to be big."
but should be OK, this message is not an error.
Simplify the squash mount layout. Instead of overlay on each top
directory (/etc, /usr), just mount and switch_root into the squash
image, with a overlay on top of it.
Also install the binaries and setup scripts separately, so the squash
setup code and the squash image content is independent of each other,
all squash setup script and binaries can be deleted safely upon
switch_root.
With this change, previous squash clean up service and other tricky
implementations are all gone.
This commit depends on systemd commits from:
https://github.com/systemd/systemd/pull/18124
Previouly systemd doesn't recognize non-ramfs initramfs, now this is
doable with SYSTEMD_IN_INITRD=lenient
Signed-off-by: Kairui Song <kasong@redhat.com>
The squasn mount points are recorded in text file so later clean up
script can umount them, this is not needed, the mount points are fixed
so just detect the umount by hardcoded pattern.
Separately install the modules required for squash image setup.
These modules can be deleted after squash image setup to save
memory.
Signed-off-by: Kairui Song <kasong@redhat.com>
When a GZIP environment variable is set, this leads to various breakage:
In case 'pigz' is installed and GZIP is defined as a path, e.g.
/usr/local/bin/gzip, then dracut will fail with the following message:
"
pigz: abort: cannot provide files in GZIP environment variable
"
In case 'pigz' isn't installed and regular 'gzip' is used and GZIP is
defined as a path, e.g. /usr/local/bin/gzip, then the path will be
zipped and dracut will fail for no obvious reason. Trying again, dracut
will then fail with following message:
"
gzip: /usr/local/bin/gzip.gz already exists; not overwritten
"
In any case, GZIP environment should be unset to avoid breakage or
unwanted behaviour. This variable is anyway obsolescent, from gzip(1)
manpage.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
Before:
```
Benchmark #1: ./skipcpio/skipcpio test-5.10.15-200.fc33.x86_64.img >/dev/null
Time (mean ± σ): 125.5 ms ± 0.9 ms [User: 97.4 ms, System: 27.9 ms]
Range (min … max): 124.8 ms … 129.4 ms 23 runs
```
After:
```
Benchmark #1: ./skipcpio/skipcpio test-5.10.15-200.fc33.x86_64.img >/dev/null
Time (mean ± σ): 12.2 ms ± 0.3 ms [User: 2.7 ms, System: 9.5 ms]
Range (min … max): 11.7 ms … 13.6 ms 212 runs
```
Besides the speedup, skipcpio now parses the cpio header and is not
falsely ending when the early cpio payload contains `TRAILER!!!`.
Fixes: https://github.com/dracutdevs/dracut/issues/1123
Adding initial packit [1] support for fedora maintenance which
should automate the release process from upstream release to fedora.
1. https://packit.dev
There is no `fstab_lines_l` variable used before.
The `--include` option was turned into `++include` and therefore the
switch option is not reachable anymore.
If SIGWHATEVER will be processed after fsfreeze -f, but before fsfreeze
-u we will end up with /boot/ never unfrozen, let's try to minimize risk of this.
on my system (ThinkPad X201s) I have several modalias entries that are
empty:
/sys/bus/platform/devices/dock.0/modalias
/sys/bus/platform/devices/dock.1/modalias
/sys/bus/platform/devices/dock.2/modalias
executing the drm module setup thus results in the following errors
dracut-install: No SOURCE argument given
when calling dracut_instmods and hostonly mode is enabled.
Skip those entries, as there are no modules to load in this case
anyways.
Note: it is not sufficient to use [['s -s test (file size is greater
than zero), as all those files are 4096B if you stat them.
In the current state, services that depend on network need to
use dracut hooks, since nothing with pull in the network
targets into the transaction.
In the future, it would be nice to provide developers on systemd-only
systems the possibility to not use dracut hooks at all, but simply put
normal systemd services into the initrd.
Also, some modules even right now depend on systemd ordering, like
cryptsetup, so let's make sure, that the ordering inside systemd work
properly as well.
Instead of running directly NM with --debug, create a drop-in in
nm-config.sh. This will make sure, that we can get the debug output
regardless the way how NM will be started.
The current name of this bool is kinda stupid. Based on the manpage
setting it to 0 turns off fcoe, which means that nofcoe=1 should mean
that it is on.
Let's just do the same thing as with rd.lvm=0, rd.luks=0,....
A test of the form
if ! command; then
_ret=$?
...
return _ret
fi
does not capture the return code of `command`, but the negation of the
return code, leaving _ret == 0. The test of this form in inst_multiple
has been refactored to capture and return the right value.
Invalid space broke the creation of the keyboard subdirectories,
leading to a symbolic link
usr/share/consolefonts,consoletrans,keymaps,unimaps ->
/usr/lib/kbd/consolefonts,consoletrans,keymaps,unimaps
in the created initramfs.
With this fix the correct symlinks are created again:
usr/share/consolefonts -> /usr/lib/kbd/consolefonts
usr/share/consoletrans -> /usr/lib/kbd/consoletrans
usr/share/keymaps -> /usr/lib/kbd/keymaps
usr/share/unimaps -> /usr/lib/kbd/unimaps
Because some of the CI tests fail randomly while grepping for the
test success marker, let's be specific of the file format grep will
search to eleminate all failure sources.
Creating the /docs directory which will contain all project related
documentation and will also host the projects github based website
in the future.
Adding RELEASE.md which is a document that outlines the release process.
```
mke2fs 1.45.6 (20-Mar-2020)
Filesystem too small for a journal
Discarding device blocks: done
Creating filesystem with 1024 1k blocks and 128 inodes
Allocating group tables: 0/1 done
Writing inode tables: 0/1 done
Writing superblocks and filesystem accounting information: 0/1 done
cp: error writing '/sysroot/usr/bin/bash': No space left on device
cp: error writing '/sysroot/usr/bin/grep': No space left on device
cp: error writing '/sysroot/usr/bin/ping': No space left on device
[…]
```
This rephrases a comment in the check() as requested on another PR
and generalizes the install() section comments on par with other recent
module changes.
Introducing systemd-ask-password module which is used to query a
system password or passphrase from the user.
This module can be used standalone ( systemd-ask-password )
( which is without plymouth & wall support )
With plymouth module ( systemd-ask-password + plymouth )
With wall module ( systemd-ask-password + wall ), which is currently
commented out since there is no forceable usecase for it or even exiting
wall module.
This is a standalone systemd module which means it depends on no other module than systemd.
systemd-run runs nbd-client in parallel. This introduces a possible
race condition when /dev/nbd0 is not directly used by /sysroot mount
but used by another dracut module as in:
netroot=nbd:ip:port:fstype root=live:/dev/nbd0
Before nbd0 usages are synchronized, it is better to keep it serial.
This reverts commit 9fd0461b7d.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Introducing systemd-sysctl module which is an early boot
service that configures sysctl.
The systemd-sysctl module has dependency's on systemd and
systemd-modules-load module.
Previously with `no_kernel` the `for` loop errored on the modules
wildcard. By checking, if the file exists, this is mitigated.
"mv" asked interactively, if aliased in the user session, so a "--force"
was added.
Introducing systemd-modules-load which is an early boot service
that loads kernel modules from a static list, which is required for
kernel modules that do for example not support automatic module loading
( like key type parsers ).
When terminating a system, the shutdown module attempts to unmount all
file systems from under /oldroot. This reaps remaining file systems that
systemd cannot unmount and detaches /oldroot itself.
In case that running umount for some file system repeatedly fails, the
module reports this error and continues the processing in order to
shutdown the system. This handles a condition when the umount command
actually terminates but it can happen in some cases that it waits
indefinitely.
An example with NFS mounts:
# mount -t nfs 192.168.0.1:/srv/nfs/dir /mnt/nfs
# mkdir /mnt/nfs/dir2
# mount -t nfs 192.168.0.1:/srv/nfs/dir2 /mnt/nfs/dir2
# touch /mnt/nfs/dir2/file
# systemd-run -pKillMode=none -pSendSIGKILL=no tail -f /mnt/nfs/dir2/file
Running as unit: run-r367825c967ca4d88a793ae4793c02f8b.service
# systemctl poweroff
The invoked tail command escapes normal termination by systemd and
prevents stopping mnt-nfs.mount and mnt-nfs-dir2.mount as it makes the
mounts busy. Systemd then again attempts to unmount these file systems
in systemd-shutdown but this fails as well. The utility tries to unmount
/mnt/nfs/dir2 but the kernel waits indefinitely doing a path lookup for
/mnt/nfs because network is no longer available at that point. The
systemd-shutdown gives up after 90 seconds. Finally, the control is
transferred to dracut which tries to unmount the file systems in the
same way and ends up indefinitely waiting on umount to finish.
This situation causes that the system hangs during shutdown. The patch
improves the shutdown module to add a timeout of 90 seconds for the
umount operation and continue with the shutdown if it gets reached,
similarly to what systemd-shutdown does.
Reset controllers might be needed by some of the devices used in the
initrd. Particularly on the Raspberry Pi 4, 'xhci-pci' depends on a
platform specific reset controller.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
This command prints
RTNETLINK answers: Network is unreachable
to stderr if IP is not assigned yet, but that's the thing we are
checking for, so there's no point in showing the message.
If plymouth is used then its own installation script is preferred.
While plymouth's own variant of inst_binary resolves the library
dependencies properly, its inst_library shell function doesn't
actually install them in some cases properly.
Make sure to install both the required binaries and their
dependencies. In the worst case, it's a NOP.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
With dracutsysrootdir set and foreign binaries in sysroot,
running NetworkManager --version is not possible and it may be
different than the one installed on the host.
NM_VERSION can be used to override it.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
Allow overriding the systemctl command for sysroot with $SYSTEMCTL
Modified every modules' module-setup.sh to use the envvar instead
of the hardcoded command name.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
This used to cause some echo write/invalid argument errors. Simplest fix is to use readlink with -f for absolute path and -n to remove trailing newline.
See previous discussion here:
https://github.com/void-linux/void-packages/issues/13024
Commit de3cb0e321 moved libpthread workaround after the code that runs
ldconfig. As a result, if installed in a non-default path, libgcc_s.so.1
could not be found by dynamic linker.
External Memory Controller (EMC) drivers can be built as a module.
On Tegra, this allows tegra_drm to load faster and without deferred
probes, instead of waiting for the rootfs for the tegra*_emc dependencies.
Tested on jetson-tk1 and ac100.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
This modules introduces systemd-repart which can be used
to generate partition(s), via a simple systemd-repart
drop-in(s), which can be useful in wide varity of usecase.
feat(systemd-repart): adding module to spec file
feat(systemd-repart): removing unessary requirement on type unit
fix: spelling error
Introdusing dbus-daemon which is based on but superseeds
the previous 06dbus implementation with various enhancements and fixes.
fix: adding new modules to rpm spec file
fix: missed an echo
This finally allows running the test suite completely in a rootless container:
```
❯ podman run \
--user 0 \
-v /dev:/dev \
-v ./:/dracut \
-it \
quay.io/haraldh/dracut-fedora:33 \
bash -c 'cd /dracut; make DRACUT_NO_XATTR=1 check'
```
commit 5840c466d tried to make it create the right directory according
to the directory layout on current host, but added "$initdir" prefix
to the if statement by accident, so the installation code have no
effect now. Just fix it.
The kernel does not allow the cmdline to be overridden if one is defined
in the uefi image. This means that bootloaders like systemd-boot or
grub cannot manage boot options (editing at boot for debug being a use
case). This patchset allows for no cmdline to be set (instead of force
setting one if none is provided).
Fixes: https://github.com/dracutdevs/dracut/issues/1012
Signed-off-by: Matthew Thode <mthode@mthode.org>
We can drastically improve boot times on some machines, or BM or VM
shapes, if we send DHCP requests in parallel on all interfaces
Add ip=single-dhcp as a kernel boot parameter, to send DHCP requests in
parallel on all interfaces. Thus, DHCP on each interface is overlapped
thereby reducing boot times for multiple interface machines.
This can help reduce the boot time by 1 minute per interface.
In addition, we may also save another 40 secs delay per interface, if
the link on which we try to send DHCP is in DOWN state. This can be
reduced by giving the following kernel command line parameter while
booting - rd.net.timeout.carrier=<timeout>.
Added manpage for ip=single-dhcp with the caveat that it does not
apply to Network Manager or SUSE wicked.
Signed-off-by: Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
During raid assembly mdadm will call mdadm-grow-continue.service if
reshape is in progress.
If service doesn't exist then it is done via fork and systemd will kill
it unconditionally after processing all events.
Add proper service to allow systemd to manage reshape correctly.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
A recent change in Linux kernel v5.10 split the MDIO drivers from the PHY
subdirectory into a new MDIO subdirectory [0]. This caused MDIO drivers
to not be included in the initramfs.
Also include the modules of this new subdirectory to prevent this issue.
[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9770eac511
Suggested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Otherwise e.g. the xts(aes) implementation provided by the vmx_crypto
module (which does usually get included on ppc64le) fails to initialize
when xts is built as a module (CONFIG_CRYPTO_XTS=m), because it can't
instantiate the fallback generic xts(aes) implementation (needs the
generic xts module).
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
On EL8.3 the NetworkManager keep restarting even if it exits successfully while waiting for Clevis to unlock. This patch ensures NetworkManager runs only once in initrd.
It is only installed on RHEL 8+, but as noted in the first commit
that tried to do this - 0bb9a683 - we already have branches for
all RHEL releases, so there's no point keeping such a conditional
on the master branch. After 0bb9a683, 51-dracut-rescue-postinst.sh
was re-added because Fedora 30 needed it, with a FIXME saying to
remove it after F30 was released. But instead of that happening, it
got changed to a conditional to install it on Fedora <= 30 or RHEL
<= 8 in 9e68789d and the FIXME was removed, then in 9eb1d1ed that
conditional was simplified to only refer to RHEL, so we wound up
with this situation.
Note the last two commits were never ported to the RHEL-8 branch,
so it's broken, I will send a separate PR for that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The underlying issues this was trying to solve is to get a cheap
workaround for the fact that (open)SUSE with atomic support moved
/etc stock files to /usr/etc in order to improve compatibility. But
now that even nsswitch.conf moved, this is no longer enough. And it
might be more trouble to support once it's in an official release.
So let's rather drop it now.
This reverts commit e0524af2bf.
From shellcheck:
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2039]: In POSIX sh, == in place of = is undefined.
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2193]: The arguments to this comparison can never be equal.
When in hostonly mode, 95fcoe module will still be installed even there
is no FCoE hostonly device. So use the new block_is_fcoe helper to check
for hostonly device in hostonly mode, avoid installing unneccessary module.
Signed-off-by: Kairui Song <kasong@redhat.com>
If fcoe module is loaded, the initramfs will always try load libfcoe
and bnx2fc, so also ensure they are installed if needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
When LDFLAGS contains ``-Wl,--as-needed``, the FTS library will be
ignored if it is specified before the .c source.
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
Fixes: 62f27ee6f1 ("configure: find cflags and libs for fts on musl")
dracut builds today are fairly verbose to start, but on top of
that many of the messages tend to liberally use the
exclamation point `!` which calls attention to them.
I see these a lot when looking at rpm-ostree build logs
and it'd be nicer if we were quiet when there wasn't
an actual problem.
In this specific case, if the builder is explicitly adding
`--omit=foo`, there's no reason for us to say:
`dracut: dracut module 'foo' will not be installed, because it's in the list to be omitted!`
We already print the command line to start, so the information
is there.
Demote this message to debug.
Sometimes, systems have more elaborate backends in nsswitch.conf,
the complexity of which we do not want in the initrd. SUSE systems
with atomic for instance, where those files may also reside in /usr/etc.
With this change, the unavaiable nsswitch.conf backends will be silently
ignored, and we still end up with all the information we need.
Reference: boo#1165366
dracutinstall picks up interpreters and includes bash despite
the users' wishes or expectations, as modules should not require
bashisms at runtime.
Fixes#951
This should've been part of #964. As mentioned there, the
`initrd-cryptsetup.target` approach was reverted in the end, and we went
back to relying in `remote-cryptsetup.target`:
https://github.com/systemd/systemd/pull/17467
So we do need to ship the enablement symlink for it.
For strict hostonly mode, only install currently loaded modules instead
of a bunch of driver that may not be needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Use udevadm to detect the required kernel modules to load a given
device. udevadm will follow the device chain, help detect all required
parent device drivers as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
check_block_and_slaves_all $func $dev should return 0, if $func return 0
for any checked device. Currently if any device don't have any sub
device, 1 is returned instead.
So remove the sub device checking statement. Also remove the same
statement in check_block_and_slaves, the "[[ -f $_x/dev ]]" in the for
loop is enought to ensure sub device exists.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Signed-off-by: Kairui Song <kasong@redhat.com>
It's like check_kernel_config, help to check if a kernel module is
enabled (cover built-in or compiled module case).
Signed-off-by: Kairui Song <kasong@redhat.com>
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
So we have a dependency cycle:
initqueue -> devexists hook -> root device ->
systemd-cryptsetup@.service -> remote-fs-pre.target -> initqueue
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
In the case of the s805x the drivers/hwmon directory contains the
scpi_hwmon kernel module.
On a running system, lsmod would output the following dependencies:
arm_scpi 24576 2 clk_scpi,scpi_hwmon
It means that if the clock driver is bundled in the initramfs it will
bring arm_scpi. But if scpi_hwmon is missing the scpi will be incomplete
and it can lead to crashes.
When the hwmon is bundled, no crash occurs
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some filesystem (e.g. ZFS, and btrfs subvolumes) don't use block
devices. Should they be mounted as `/`, `find_root_block_device`
yields nothing, hence dracut will append this problematic argument
to kernel cmdline:
root=/dev/block
On a machine that employ root ZFS on LUKS, which was setup with
an OpenPGP-encrypted key file, this argument renders that machine
unbootable. Remove that `root=/dev/block` manually could boot the
machine.
Let check if that device is a block device before write down `root`
argument. This is consistent with the check for block device in
`find_block_device`.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
D-Bus doesn't run in the initrd, so our usual trick of activating
custom systemd services from udev doesn't work.
So add a rule to create initqueue entries for each possible
connection.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Always add the nvmf.discover parameters to /etc/nvme/discovery
when parsing the dracut commandline, and rely on NVMe autodiscovery
when no parameters are given.
And modify the syntax to use a comma ',' as a separator for nvmf.discover
as the semicolon ':' is already used for the FC-NVMe transport address format.
Signed-off-by: Hannes Reinecke <hare@suse.de>
This was introduced with 6dafdda4a6, but
is actually caused by the fact that modules that have already been
installed cause dracut_install() to return without adding the module
to the hashmap. This can happen if an earlier-run dracut module chose
to install the same module. Now modprobe statements like:
softdep usb_storage post: uas
softdep uas pre: usb_storage
(which look weird, but are perfectly valid), cause
dracut_install() to enter an infinite recursion if and only if
at least one of the files has previously been installed by another
module.
Fix this by also adding already installed modules to the hashmap.
If there are any nonexistent libraries listed in /etc/ld.so.preload, ldd
prints error messages like:
ERROR: ld.so: object '/usr/lib64/libfoo.so.1' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
This causes resolve_deps() to return error, which leads to symlinks
(like usr/bin/awk) not being copied into the initrd.
Some modules are involved in the display output without to rely on
drm_crtc_init.
This is the case for the meson_dw_hdmi. This module need to be included
into the initramfs in both hostonly and generic modes.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
On arm, many drm drivers are located in the plaform bus.
Adding the platform bus will allow drm drivers to be included in the
initramfs when using hostonly mode.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If i contains a space, there is a need to protect the variable usage in some cases.
This will occurs when a next patch will enable platform bus with such case:
'/sys/bus/platform/devices/Fixed MDIO bus.0'
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some SoCs now have drivers that user devfreq in early init and fail
if the drivers are missing so make sure we have them in the initrd.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Introduce prefix `keysource:` for the values of `rd.luks.partuuid`,
`rd.luks.serial` and `rd.luks.uuid`.
If specified, ask for passphrase instead of waiting for keydevs to come
online.
In some cases, user only want to include the watchdog module, not the
wdctl or any other userspace helper. For example, systemd have a
RebootWatchdogSec option that use watchdog to prevent reboot hangs. And
it can help prevent machines hangs when reboot directly within the
initramfs stage. So split the module installation to a standlone module.
Also when watchdog-module get included, install driver for all loaded
watchdog instaed of only install driver for active watchdog. Both
watchdog and watchdog-module return 255 in check(), so it's enabled only
when manually included, the watchdog may get configured/activated later.
Signed-off-by: Kairui Song <kasong@redhat.com>
- use [ ] instead of calling test manually, as most of the script is
doing.
- use quotes in hostonly_cmdline blocks, specially when dealing with the
conf files, whose names are set by users/system administrators
- uefi_splash_image was being assigned set to `${dracutsysroot}...`, which
is a variable that doesn't exist.
- we don't want the conditional to run the output of fsfreeze as
commands. Instead, we just need to know if any of the fsfreeze commands
failed.
systemd lets stdout go to journal only. Usually, this is desired
behavior to ensure that plymouth does not get disrupted.
However in the 01fips case, the system has to halt when the integrity
check fails to satisfy FIPS requirements. So the user will not be able
to inspect the journal.
As this is special to the fips module, we introduce a fips_info() which
works like info(), but deviates the output to stderr when running with
systemd.
Reference: bsc#1164076
Users might see
"modprobe: FATAL: Module xyz not found in directory"
The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.
It now reads "Module xyz not found in directory"
Reference: bsc#1169997
osmin.img is no longer used by anaconda or generated by
livemedia-creator. livecd-creator will soon drop it as well.
Removing this code will allow OverlayFS boots to proceed when
osmin.img is present in the .iso image.
The kernel command line was being written both into
/etc/cmdline.d/01-default.conf and the UEFI executable.
During boot, getcmdline would concatenate these two
resulting in all arguments being duplicated. Some
args, such as ip=, are sensitive to the number of
times they are specified.
/usr/sbin/dracut-install is a symlink:
$ file /usr/sbin/dracut-install
/usr/sbin/dracut-install: symbolic link to ../lib/dracut/dracut-install
It resulted to "dracut-install not found" error:
+++ for p in $DRACUT_PATH
+++ [[ -L /sbin/dracut-install ]]
+++ [[ -x /sbin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /bin/dracut-install ]]
+++ [[ -x /bin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /usr/sbin/dracut-install ]]
+++ printf '%s\n' dracut-install
+++ return 0
++ DRACUT_INSTALL=dracut-install
++ [[ -n dracut-install ]]
++ [[ -n dracut-install ]]
++ DRINSTALLPARTS=0
++ for i in $DRACUT_INSTALL
++ DRINSTALLPARTS=1
++ [[ 1 = 1 ]]
++ [[ -x dracut-install ]]
++ dfatal 'dracut-install not found!'
++ set +x
dracut: dracut-install not found!
[ -x <not a path to file> ] is not correct and will always be false.
But actually it is available. Let's just allow it to be not an absolute path.
Maybe some other places can be improved to avoid DRACUT_INSTALL being not an absolute path.
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
suppress redundant calls to network setup
combine code for "no ip option directed at our interface" and
"No ip lines default to dhcp"
correct evaluation of return code for creating did-setup files
fix application of "load_ipv6" call to ipv6 setup only
Reference: bsc#1173402
The new dracutsysrootdir could be used to replace the shell function
required_in_root, so drop it and also simplify the code.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when initqueue timeout, it span the console with
"dracut-initqueue timeout - starting timeout scripts", which isn't very
helpful as we still don't know what actually happened. Try to improve
this by print what is actually being waited.
Besides, only print "starting timeout scripts" when there are
actual timeout scripts to use.
Signed-off-by: Kairui Song <kasong@redhat.com>
if the kernel argument rootflags is set, then dracut will
not parse the rootfs fstab and rootfsck wil not be set.
if the filesystem can be fsck'ed then its unmounted,
and an entry to the local fstab is written, omitting the last
field.
mounting /sysroot using fstab will then fail.
This change makes sure that the filed is always written.
Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Currently systemd will always start the tracking service, it will
exit early if rd.memdebug<=3 so there is no issue here, but it
leave a message of: "Started Memstrack Anylazing Service.".
Better to avoid such message if it's not used.
Signed-off-by: Kairui Song <kasong@redhat.com>
The iSCSI configuration is started after dracut checks for resume,
so we run into a timeout here. Additionally it's questionable if
resume on iSCSI makes sense (or is even supported on the platform).
Same holds true for Network Block Devices and FcOE, cover those as well
References: bsc#999663
Original-patch-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
This helper function takes a remote IP address, and tries to
determine the dracut command line arguments ip= and ifname= that
will make this remote address reachable during boot.
Functionality was taken from the module-setup.sh scripts of 95iscsi and 95nfs,
cleaned up and fixed some issues in particular with statically configured
networks, where the old code would print the unsupported string
"$ifname:static".
Add support to boot from an NVMe over TCP device.
Example of supported command line formats:
nvme.discover=tcp:192.168.1.3::4420
nvme.discover=tcp:192.168.1.3 # will use 4420 as default svcid
- Create is_nvmf() function to handle all fabrics types
- Fix parse_nvmf_discover() to correctly use the default values
- Auxiliary function to validate an IP connection
- Fix inverted result for getargbool when reading "rd.nonvmf" command line parameter
Requires rd.neednet=1
Requires adding/replacing STARTMODE in /etc/sysconfig/network/ifcfg-ethX to "nfsroot"
to avoid shutdown hanging in initiator
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
This fixes two issues:
1) on non-x86 systems in non-hostonly config this would cause
an annoying warning on every initramfs generation
2) on non-x86 systems in hostonly config this would result in
early microcode not getting disabled
ipv6 addresses need square brackets, otherwise the iscsi discovery and log-in,
which adds the iscsi port after another colon will get confused and fail.
On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
libssl is missing, FIPS self test will fail. However libssl is not a
dependency of libcryto so dracut will not install it, unless some other
binary or library pulls it in. Systemd requires libssl, so in most cases
it just worked, but could fail in some corner cases where systemd is not
used.
Signed-off-by: Kairui Song <kasong@redhat.com>
After changing the kernel command line, the cmsifup script calls ifup
to activate the interface. However, ifup is only available in the
network-legacy module; when using the network-manager module, we
should regenerate connections according to the command line; then
later NM will be run and will activate the device.
Most rpc services are not needed for NFSv4, so skip these components
to save space. rpc.idmapd is still needed in case of
nfs4_disable_idmapping is set to 0.
Since commit ff70adf873ef ("initrd: save hostname to a file in /run"),
the initrd generator of NetworkManager parses the hostname from 'ip='
options of the kernel command line and writes it to
/run/NetworkManager/initrd/hostname.
When that file exists, set the kernel hostname.
In presence of multiple hostnames in the command line, the last one
wins. Hostnames from command line always have precedence over ones
received through DHCP. This is a bit different from the legacy network
module that gives higher precedence to the hostname (from DHCP or
command line) of the last interface that is brought up, which depends
on the udev order.
In commit 49c4172 all shell based memory tracing functions are removed,
there are some left over. Remove them as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
With memstrack module, rd.break may not work because the hook scripts
are sourced, not executed, so the exit call will make pre-pivot queue
exit early. See 98dracut-systemd/dracut-pre-pivot.sh, everything after
"source_hook cleanup" will be ignored.
Replace with return instead.
Credits go to Lukas Nykryn <lnykryn@redhat.com> who helped discover and
debug this issue.
Signed-off-by: Kairui Song <kasong@redhat.com>
For the GRUB and zipl bootloaders the BLS fragment that is shipped by the
kernel package is used, so the same fragment is used for the rescue entry.
But there are cases where this BLS fragment is not suitable. For example,
if the boot directory is on a btrfs subvolume the path in the linux and
initrd fiels need to be adjusted with the real path. Otherwise GRUB won't
be able to read them.
The GRUB and zipl kernel-install plugins already take care of this before
installing the BLS fragments, so just copy the installed fragment that has
the updated paths instead of using the BLS shipped by the kernel package.
Resolves: rhbz#1827882
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
The first line in crypttab with a "force" option causes all subsequent
lines to be included as if they also had it set because the variable
used to track it is not reset between loop iterations. So fix that by
just setting it to empty before the check for the force option.
If a crypto kernel module changes from compiled in to module, the
encrypted disk might fail to open, because the kernel module was
not included in the initramfs.
This patch tries heuristically to catch such modules.
Fixes https://github.com/dracutdevs/dracut/issues/706
This feature could be off loaded to memstrack, which have better
accurecy, better performance, and have more detailed tracing features.
Also simplify make_trace_mem a bit.
And currently rd.memdebug=4 is unstable, fails from time to time.
Install libnss_dns.so and libnss_mdns4_minimal.so plugins for the Name
Service Switch (NSS) functionality of glibc so that name resolution
through /etc/resolv.conf and mDNS works in the initrd.
Fixes: #772
/etc/vconsole.conf must be installed always, even in generic initrds, not only host-only ones.
systemd-vconsole-setup is run at initrd stage and expects either /etc/vconsole.conf or kernel cmdline options to exist.
I have also proposed a change in systemd-vconsole-setup that makes it behave better if /etc/vconsole.conf does not exist:
https://github.com/systemd/systemd/pull/15479
But it is just a fallback. If /etc/vconsole.conf does not exist in initrd and if that patch is applied on systemd,
then the default consoel font is set despite the one being set in /etc/vconsole.conf and this setting is inherited
when new TTYs are opened. This leads to full ignorance of settings in /etc/vconsole.conf.
It is incorrect, and that is why this file must be copied to initrds always, but not only on host-only initrds.
Fixes: https://github.com/dracutdevs/dracut/issues/796
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
According to POSIX.1-2017, 2.6.2 Parameter Expansion:
${parameter%[word]} [...] The word shall be expanded to produce a
pattern.
This means if word contains variables that itself contain special
characters like asterisks or backslashes, these are treated as pattern
characters unless the variable is quoted. Try e.g. the following example
in bash, dash or (busybox) ash:
i='a\c'; j='\'; echo "${i%$j*}"
This prints "a\c" because "$j*" is expanded to "\*", escaping the
asterisk. In contrast,
i='a\c'; j='\'; echo "${i%"$j"*}"
produces the expected result "a" because the backslash is not specially
treated any more after quoting.
The quotes that this commit adds have been previously removed in commit
f9c96cf56f, citing issues with busybox
hush without further specifying the actual error. I tested a recent
busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b)
and couldn't find any problems. Note that the above example always
produces "a\c" in hush regardless of quoting $j, making hush unsuitable
for use with dracut, but using quotes in parameter expansions generally
works.
The unquoted variables break the "rd.luks.uuid/name" kernel command line
options in dracut 050 because
str_replace "$luksname" '\' '\\'
in modules.d/90crypt/parse-crypt.sh is not able to escape the
backslashes any more, see GH-723, GH-727: backslashes in the
systemd-cryptsetup@.service unit name stay unescaped for use in udev
(cf. commit 0f6d93eb9d), leading to
failures in starting the unit.
This partially reverts commit f9c96cf56f.
qeth device may have a different IP for each boot, so the rd.ifname=
option will no longer work. So for znet device, introduce a
rd.znet_ifname= options, to subchannel id instead of MAC address as the
identifier and rename the interface.
Signed-off-by: Kairui Song <kasong@redhat.com>
Add support for 'rd.multipath=default' for using the default
configuration on boot. The intended purpose for this is to help support
ostree-based image boots from multipathed devices (such as Fedora and
Red Hat CoreOS).
`dasd.conf` needn't be present on system even if modules have been loaded.
Check if file exists to avoid error message during kernel update
```bash
dracut-install: ERROR: installing '/etc/dasd.conf'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.YvVRx5/initramfs -H /etc/dasd.conf
```
The fix in aed52a6cfb43ebea372328fd5837c1f341c3f0df does not
work (second line will be ignored on override), so expand the implicitly
defined rule and add them there.
Emit a warning about possible misconfigured configuration files, where
the spaces around values are missing for +=""
Better report a possible source of problems. We can fix annoying false
positives later.
In either case:
- encrypted device is decrypted, udev will trigger device changes again,
- multiple encrypted device,
cryptroot-ask will run multiple time, then report:
> mkdir: cannot create directory '/run/cryptsetup': File exists
Pass `-p` into mkdir to ignore that warning.
Ability to use `$TMPDIR` was introduced in bc1e69b but
causes the `--tmpdir` option on the command line to be
ignored. Switch to only using `$TMPDIR` if `--tmpdir`
wasn't specified.
In this case we want to cover three cases
1) ip_address:ip_address
2) number:macaddress
3) :macaddress
We consider something an IPv6 address if it starts with number and
contains ":", but IPv6 addresses are in hexa.
The network-manager command line hook must install a
initqueue/finished hook to ensure that nm-run.sh is executed when
there are network connections to activate.
Fixes: #694
Use environment variable TMPDIR (typically /run/user/$UID) as default
temporary directory, if available. This should be more private
location than /var/tmp. Path specified with --tmpdir is takes
precedence over TMPDIR and /var/tmp is still used as last resort if
neither TMPDIR is set nor --tmpdir is used.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
dracut.sh already doesn't call fsfreeze if the output file is on
the root file system. For btrfs, however, this is not sufficient.
Because fsfreeze is a superblock operation, and all btrfs subvolumes
share the same superblock, fsfreeze may freeze the entire system
if the subvolume on which the output file is written and / are
subvolumes of the same file system. Avoid this by comparing file
system UUIDs for btrfs.
Fixes: de576db3c2 ("call fsfreeze(8) on /boot to flush initramfs data & metadata to media")
Detection of persistent memory devices works mostly out of the box
already. Only the "provider" modules for ndbus devices, which are responsible
to extract information of available NVDIMM devices and their configuration
from system firmware, are only indirectly linked into the module stack.
Examples for such modules are nfit.ko, nd_e820.ko, and virtio-pmem.ko.
Add a module that resolves these dependencies.
With GNU Make 4.3 on both ArchLinux, and VoidLinux,
GITVERION is always empty because of bad substitution.
Change '\#' to simply '#' can fix it,
but we don't need that complation.
We can merge DRACUT_MAIN_VERSION and GITVERSION into DRACUT_FULL_VERSION.
Because, GITVERSION will be attached back to DRACUT_MAIN_VERSION in all
situation.
While we're at it, detect if we're in git worktree by:
limiting GIT_CEILING_DIRECTORIES to parent directory of
dracut's top level directory; instead of checking for .git directory,
in order to support git-worktree, in such case, .git will be a file, see
gitrepository-layout(5)
DRM drivers are filtered for drm_crtc_init symbol,
but not all drivers use it. Especially, cirrus driver
doesn't use it since Linux 5.2.
The practical result is text plymouth theme instead of graphical when in qemu.
Fix it by looking also for drm_dev_register symbol.
Suggested by @haraldh
Fixes#712
Currently there is no usb support on RPi4 in the
initrd phase as the pcie-brcmstb module is missing.
If part of the boot is handled from a USB stick
(e.g. with Ignition), the stick cannot be accessed.
Reference: boo#1162669
systemd provides its own cryptsetup facilities, and the
cryptsetup binary might not even exist, failing
to execute the discard flag processing.
Fixes#602
Debian mkinitramfs does not create the file 'early_cpio', so detection
of additional cpio images fails and only the first cpio is listed.
I checked some Arch and Gentoo initramfs files and these didn't have
'early_cpio' either, but they also have only one cpio part.
Fix this so that if check for 'early_cpio' fails, check if firmware
files ('/kernel/*/microcode/*.bin') exist.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
If the temporary directory for images is mounted with 'noexec', dracut
would construct unbootable images because most dynamic libraries
aren't installed. Avoid this by not resolving library dependencies
lazily if the temporary directory is mounted with 'noexec'.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
GitHub workflows fetch a clone of the dracut repository which doesn't
contain git tags, thus "breaking" the RPM build in certain situations
i.e.:
DRACUT_MAIN_VERSION in Makefile is defined as an output of `git describe`,
which in full git clone returns a tag with a numeric version. However,
without tags it returns SHA of the last commit, which later propagates into
`Provides:` attribute of the built RPM and can break dependency tree when
installed
`make rpm` usually chose `/tmp` as the `$rpmbuild` dir, which breaks the
dracut build, since it needs to execute `./configure`, but `/tmp` is
mounted with `-o noexec`, leading to:
```
/var/tmp/rpm-tmp.SwEhJO: line 46: ./configure: Permission denied
error: Bad exit status from /var/tmp/rpm-tmp.SwEhJO (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.SwEhJO (%build)
```
Switching to `/var/tmp` helps in this case.
The original behavior of $env{INTERFACE} was undocumented and changed in
the recent udev versions, breaking the ability to bring up networking
reliably. Switching to $name directive should fix this issue.
Related links:
- systemd/systemd#12700 (udev PR)
- systemd/systemd#12291 (related udev issue)
- systemd/systemd#14935 (this issue, udev side)
- #732 (this issue, dracut side)
Fixes: #732
Previously, we were doing `setup_net` from `ifup` for any setup that
wasn't DHCP, since those are already taken care of by `dhclient-script`.
The issue is that the case-statement we use to detect this doesn't catch
options like `ip=dhcp,dhcp6`.
Fix this by reworking the logic here to just check if a
`setup_net_$netif.sh` hook exists. If so, then we know that `setup_net`
will be called for this interface later.
This was causing issues in RHCOS which now ships with `ip=dhcp,dhcp6` to
support IPv6 environments[1]. The code here would make us do `setup_net`
pre-emptively which IIUC would then cause the initqueue to finish
earlier even if we had more udev netif events to process.
[1] https://github.com/coreos/coreos-assembler/pull/1067
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1803926
Checks if `uefi_splash_image` exists in `dracutsysroot` if not unset
`uefi_splash_image`. Alternate Value parameter expansion adds section-vma
for splash image to EFI stub loader when the path to image is valid and
not an empty file.
I did not test on other distributions, but on Arch Linux the `systemd`
package includes a splash image at the path
`/usr/share/systemd/bootctl/splash-arch.bmp`. Perhaps, if this is a
common practice, a default image could be gathered from that directory.
It is required that the image be in bitmap (`.bmp`) format according to
`splash.c`.
The code for `stub.c` and `splash.c` can be found at:
https://github.com/systemd/systemd/blob/master/src/boot/efi/stub.chttps://github.com/systemd/systemd/blob/master/src/boot/efi/splash.c
This reverts commit c603419030.
wait_for_ipv6_dad_link is only called from dhclient script,
so the original intent "wait for IPv6 RA if using none/static IPv6 assignment"
does not seem to be correct.
Anyway, this brings an issue on isolated networks, where you don't
have any routes outside. dhclient-script hangs on this check
and after it times out, dhclient is able to set the address normally.
Due to the way dracut-install handles modules from custom kmoddirs, add
a test that ensures the kmoddir argument seems sane.
In addition to erroring out, provide some guidance on how to proceed, as
well as a method of skipping the test via environment variable.
dracut, when passing --kmoddir, would only install modules that exist at
the same location as it will appear in the initramfs.
For most (possibly all) outputs, the output path would be /lib/modules,
so previously all kernel modules must be copied there or the module
installation silently fails.
Now use the original path variable, and install to the shortened path
variable (as calculated by kerneldirlen).
Note: This means that the argument to --kmoddir (and the modules filetree)
should be a directory that ends in 'lib/modules/$kernelversion'.
Some distributions (Arch, Gentoo) ship prepacked microcode images. These
are cpio images that follow the structure specified in the Linux kernel
documentation (x86/microcode.rst, "Early load microcode"), the same
structure dracut uses for its early microcode images.
In case of Arch Linux, the microcode for Intel CPUs is currently only
available in this packed form, /usr/lib/firmware/intel-ucode does not
exist. This commit adds a way to make use of these images on such
systems by unpacking them to the early cpio directory. (Note that the
packed image cannot be used directly since dracut might need to add ACPI
tables to the early initramfs.)
This approach has the drawback that it is not possible to control the
selection of CPUs to be included in the microcode file in host-only
mode, so we only try it as a last ressort if no unpacked microcode could
be found in fw_dir.
The list of possible file names for the packed microcode image is taken
from GRUB (cf. GRUB_EARLY_INITRD_LINUX_STOCK), but can be adapted by
setting "early_microcode_image_name" (and "early_microcode_image_dir")
in a dracut configuration file.
Otherwise we won't retry dhclient again on that interface. In
FCOS/RHCOS, we want to bake in `ip=dhcp,dhcp6` so we automatically try
getting a DHCPv6 lease if DHCPv4 failed.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1793591
If hostonly mode is in use, and there isn't any block device included
as hostonly device, then the initramfs won't need any block driver.
Eg. for kdump built image, there could be only one nfs mount point,
or the initramfs may only execute some network operation then reboot.
In such case, skip block driver installation to save space and time.
Signed-off-by: Kairui Song <kasong@redhat.com>
This is a simple trick to honor RFC 3442:
If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Previous all files are installed with inst_dir, which will not install
the files under /etc/iscsi/, and it create folders with the same of the
files which is wrong.
Now only use inst_dir to install the config dir and ensure it
exists, and use inst_multiple to install the config files.
Signed-off-by: Kairui Song <kasong@redhat.com>
NetworkManager would unnecessarily bring up the devices, colliding with
further attempts to rename the devices.
This is arguably a NetworkManager bug and should eventually be fixed there.
Running NetworkManager without the connection is unnecessary regardless.
Instead of carrying the kernel and hmac in the install.img (which takes
up more space) use the vmlinuz installed under /images/pxeboot/ and the
.hmac in the install.img /boot.
This check is triggered by the presence of /run/install/repo/images/pxeboot/vmlinuz
Related: rhbz#1782737
since we handle the retries explicitly via rd.net.dhcp.retry
Without -1 if user sets ip=dhcp6 and there is no dhcp on the network,
dhclient seems to wait indefinitely, ignoring rd.net.timeout.dhcp
The actual syntax of nsswitch.conf is slightly different from the
current regular expression:
- A comment can appear anywhere, not just at the beginning of a
line.
- Action items take the general form [STATUS=ACTION] or
[!STATUS=ACTION] (with some optional whitespace).
- A service name cannot include a colon. This is a nitpick,
because there should never be more than a single colon per
line.
Signed-off-by: Petr Tesarik <ptesarik@suse.com>
Setting up the machinery to boot with the aid of real networked boot loader
(such as iPXE) would involve much hassle, including possibly serving the kernel
and initrd via TFTP, etc.
Let us generate the iBFT table ourselves, with a Perl script. Include the
pregenerated table as well so that the test run won't depend on Perl. In the
end it's just reproducibly built static data, totally independent of the host
system.
New systemd defaults to generating MAC addresses for software devices (whereas
previously they would inherit them from the first enslaved slave).
Sadly, among the things this breaks is our test fixture, where the dhcp servers
are configured to expect a particular MAC address. Disable this for the
affected tests, which are essentially the ones that use bridges and bonds.
The network interfaces appear asynchronously and sometimes just too late,
after we're already halfway throught server-init.sh:
+ ip link set dev eth0 name ens3
Cannot find device "eth0"
+ ip addr add 192.168.50.1/24 dev ens3
Cannot find device "ens3"
+ dhcpd -cf /etc/dhcpd.conf -lf /var/lib/dhcpd/dhcpd.leases ens3 ens5
...
[ 8.040825] e1000 0000:00:03.0 eth0: (PCI:33MHz:32-bit) 52:54:01:12:34:56
[ 8.047105] e1000 0000:00:03.0 eth0: Intel(R) PRO/1000 Network Connection
...
No subnet declaration for ens3 (no IPv4 addresses).
** Ignoring requests on ens3. If this is not what
you want, please write a subnet declaration
in your dhcpd.conf file for the network segment
to which interface ens3 is attached. **
Whoopsie. Let's ensure all the interfaces are there before we proceed
fiddling around with them.
dmraid requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
multipath requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
commit 5e0f8c8a4c ('network-manager: remove useless use of basename')
somewhat carelessly didn't take into account that $_i has a slash at
the end which made the result of the ## substitution be just an empty
string.
The slash was put to the end of /sys/class/net/*/ to make sure we're only
iterating directories, but it's not strictly necessary. In an unlikely case
something else than a directory appears in /sys/class/net/, we'll already deal
with it gracefully. Remove it.
This fixes the TEST-30-ISCSI test.
E.g. in RHCOS, the `BOOT_IMAGE` from the cmdline is:
(hd0,gpt1)/ostree/rhcos-e493371e5ee8407889029ec979955a2b86fd7e3cae5a0591b9db1cd248d966e8/vmlinuz-4.18.0-146.el8.x86_64
Which of course is a GRUB thing, not an actual pathname we'll be able to
resolve. In fact, we can simply scrap it off from the variable. Our code
is already able to handle both cases: whether the device refers to a
separate boot partition, or just the root filesystem with a regular
`/boot` directory.
It's already the case the `BOOT_IMAGE_PATH` today, in the non-empty
case, includes a trailing `/`, but let's add it to the path we build
here too to make it more obvious.
That way, the HMAC file can contain a relative path instead of an
absolute one. The issue is that right now the kernel RPM bakes the
`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
rpm-ostree systems (and any other system where the kernel isn't simply
in the top-level `/boot`.
For now, we're hacking around this in rpm-ostree:
https://github.com/coreos/rpm-ostree/pull/1934
Though I'd like to propose the same change in the kernel spec file.
There is a small regression in #343: when handling the 'separate boot
partition' case, we're checking for the kernel image in the wrong
location: `BOOT_IMAGE` is the `/boot`-relative path to the kernel image,
so `/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}` expands to e.g.
`/boot/mysubdir1/mysubdir2/mysubdir1/mysubdir2/vmlinuz...`.
We should be using `BOOT_IMAGE_NAME` here instead (and in fact, the next
if-statement does this correctly, so it might've just been accidentally
left out of #343).
For the shell scripts, new environment variables were introduced.
dracutsysrootdir is the root directory, file existence checks use it.
DRACUT_LDCONFIG can override ldconfig with a different one that works
on the sysroot with foreign binaries.
DRACUT_LDD can override ldd with a different one that works
with foreign binaries.
DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot
may use symlinks that are valid only when running on the target
so a real file must be provided that exist in the sysroot.
DRACUT_INSTALL now supports debugging dracut-install in itself
when run by dracut but without debugging the dracut scripts.
E.g. DRACUT_INSTALL="valgrind dracut-install or
DRACUT_INSTALL="dracut-install --debug".
DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA,
DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ,
DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4,
DRACUT_COMPRESS_CAT: All of the compression utilities may be
overridden, to support the native binaries in non-standard places.
DRACUT_ARCH overrides "uname -m".
SYSTEMD_VERSION overrides "systemd --version".
The dracut-install utility was overhauled to support sysroot via
a new option -r and fixes for clang-analyze. It supports
cross-compiler-ldd from
https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f
DRACUT_INSTALL_PATH was introduced so dracut-install can work with
a different PATH. In a cross-compiled environment (e.g. Yocto), PATH
points to natively built binaries that are not in the host's /bin,
/usr/bin, etc. dracut-install still needs plain /bin and /usr/bin
that are relative to the cross-compiled sysroot.
The hashmap pool allocate_tile/deallocate_tile code was removed
because clang-analyze showed errors in it. hashmap_copy was removed
because it wasn't used and clang-analyze showed errors in it.
DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were
introduced so dracut-install can use different settings from
DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
It looks like only the 'fips=1' is really supported and it is working
correctly. So instead of failing on 'fips' not clear way give user
information why we are failing.
Intel has notified us that some microcode updates are not safe
to be applied during runtime. To accomodate for that, microcode
files shipped by SUSE and openSUSE have an '.early' postfix such
that triggering
/sys/devices/system/cpu/microcode/reload
from a booted system cannot pick up the ucode by accident, while
still allowing the code to be picked up during initrd time.
This change is needed to make this scheme work also in a hostonly
situation.
Currently, this affects only 06-4f-01, which is now 06-4f-01.early.
If a distro does not change the filename, the behavior does not
change.
Reference: osc#1098915
The new qedi driver needs to be handled just like
the bnx2i driver, so update 95iscsi scripts to do this.
References: bsc#1113712
Signed-off-by: Lee Duncan <lduncan@suse.com>
Unmounting the image iso, detaching its loop device, and unmounting
its parent partition can simplify installation to the parent disk.
Note that programs or scripts using the /run/initramfs/live mount
point will fail.
Fixes these error messages during intird build:
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
cat: '/sys/devices/platform/host3/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
The goal of this module is to enable automatic loading of the
thermal/fan control modules on PowerPC based Macs, as on some
modular kernel configurations this will not happen automatically
which will result in the fans spinning up to 100% until they are
manually loaded.
This is especially a problem in live systems where it takes some
time to boot up and the spin-up happens before the system even
leaves initramfs.
Commmit 8a33e52e2f94 assumes that dracut's work is done if a root device
is found. This holds usually for booting computers, but it may be wrong
for other environments.
Only short-cut the waiting if $netroot is also set.
Fixes: 8a33e52e2f94 ("network: stop waiting for interfaces if root device is present")
References: bsc#1152006
On SLE15-SP1 at least, iscsiadm doesn't support combining --op and --login":
> # iscsiadm -m node -T iqn.2018-06.de.suse.zeus:01 --op=update --name=node.startup --value=onboot --login
> iscsiadm: Invalid parameters. Login/logout and op passed in
This breaks iSCSI login in initrd, and thus, iSCSI boot.
Fix it by not coalescing everything into a single iscsiadm command.
Fixes: a59b776bc215 ("Dracut: only login to one target at a time")
References: bsc#1152650
According to the dracut README, module code to be run in
the initrd must be POSIX-compliant. Replace remaining
bashisms (as reported by checkbashisms) with POSIX compliant
code.
The use of "type" is not strictly POSIX compliant, but it's
all over the place in dracut code. dash supports it, anyway.
In multipath scenarios, "iscsiadm -m node" may contain
several records with the same target.
There's no point in trying "iscsiadm --login" multiple
time for the same target, through the same portal.
Moreover, warn if the desired target is not on the node
list.
dracut waits for every iscsiroot connection to be established
before switching root. This is not necessary in multipath scenarios,
where a single path is usually sufficient to set up the root device,
and where users expect booting to succeed unless all paths are down.
Don't wait for the iscsi portal to start if the root device has
already been found.
For handling the configuration where there are two
paths to an iscsi root target, each using a different
NIC. In such a case, the initramfs was trying to configure
the first NIC, then call iscsiroot to login to both targets,
which would fail for the 2nd target, since the path to the
2nd target was not yet configured. This would eventually
work after a timeout. But it's better to login to just
one target at a time.
This change makes the initramfs handle multiple paths to an
iscsi target better by logging into only one target at a time,
rather than trying to login to all targets when only one of
several NICs is up.
This can be further optimized by using the initrd parameter
"rd.iscsi.testroute", which would skip iscsiadm login attempts
for targets to which no route exists.
If the script is called again via the timeout initqueue,
we try "iscsiadm -L onboot" again, hoping that some targets
may now have become reachable.
Harald Hoyer <harald@redhat.com>: Squashed commit of the following:
commit 4b5e5da6061983964a85d1671bd1c97c48ee76f1
Author: jbash aka John Bashinski <jbash@velvet.com>
Date: Thu Aug 1 13:21:35 2019 -0400
Documentation: add systemd warning for rd.luks.key, clean up related text
Currently it starts the cleaner early and do the clean up job if switch
root is called. It's better to just start the service only on switch
root to avoid any risk of service dependency failure and make is
simpler.
Signed-off-by: Kairui Song <kasong@redhat.com>
Before we check if dad is done we should first make sure,
that there is a link local address where we do the check.
Due to this issue, on ipv6 only setups sometimes dhclient started
asking for ip address, before the link local address was present
and failed immediately.
I'd like to rework CoreOS Ignition (which runs in the initramfs)
to include some values from the *real* `/etc/os-release` in
HTTP headers.
Looking at this, it turns out dracut eats almost all of the useful
information from it. I don't think `dracut` should be the `ID`
here...dracut's not an OS itself, it's a way to *build* little
operating systems. It'd be kind of like if Fedora's Koji
injected itself into `/etc/os-release`.
This code dates back a long time; not sure of all the rationale
behind it.
I changed it so that we keep extending the VERSION/PRETTY_NAME
with the dracut version, but otherwise "pass through" the
rest of the real `/etc/os-release` we were built from unchanged.
This change still supports Python 2.6 and 2.7 but loses support
for Python 2.5.
The reason for this change was that Fedora 30 does not ship
python-imgcreate but ships python3-imgcreate.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
The `README.md` was nearly empty. Move the travis bits into
`README`, then rename `README` to `README.md`.
This matches the Github standard. A major compelling feature
of Github is how prominently it displays a project's `README.md`,
so let's ensure ours has content.
Starting with the 0.7.7 release of the multipath tools, the multipath
udev rules always set a value in ENV{DM_MULTIPATH_DEVICE_PATH} for any
device that multipath scans. A value of 0 means that the device is not
claimed by multipath, and a value of 1 means that it is. Because of
this, udev rules that check ENV{DM_MULTIPATH_DEVICE_PATH}=="?*" will
always return True, and act as if every scanned device is claimed by
multipath. Checking ENV{DM_MULTIPATH_DEVICE_PATH}=="1" will work
correctly for both the old and new versions of the multipath tools.
For LUKS2 partitions cryptsetup needs a locking directory. If it does
not exist, cryptsetup will create it, but produce a warning
WARNING: Locking directory /run/cryptsetup is missing!
in the process that we do not want to see in the dracut output.
Since Bash 4.4, command substitutions containing null bytes produce a
warning of the form
/usr/sbin/dracut: line 1958: warning: command substitution: ignored null byte in input
Remove the trailing null byte from the UEFI kernel command line file
before printing it to suppress this warning.
The RPM build failed on due to missing and unpackaged files on my Fedora
machine that happened to have %fedora set to %nil for reasons long
forgotten.
This is probably not a likely scenario, but some of the conditions in the
SPEC file are still wrong and perhaps worth fixing.
Default value of EVMKEYDESC (in evm-enable.sh) is "evm-key" and it's
also specified previously in this README file.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
When booting with Fedora-Server-dvd-x86_64-30-20190411.n.0.iso,
/proc/cmdline is empty (libvirt, qemu host with bios, not sure if that
matters), after installation to disk, anaconda would "crash" in kernel-core
%posttrans, after calling kernel-install, because dracut would fail
with
> Could not determine the kernel command line parameters.
> Please specify the kernel command line in /etc/kernel/cmdline!
I guess it's legitimate, even if unusual, to have no cmdline parameters.
Two changes are done in this patch:
1. do not fail if the cmdline is empty.
2. if /usr/lib/kernel/cmdline or /etc/kernel/cmdline are present, but
empty, ignore /proc/cmdline. If there's explicit configuration to
have empty cmdline, don't ignore it.
Kill the no longer used function, so that anyone won't be confused and
try to modify this function in future.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1146769
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The compressed firmware support was supposed to be already
implemented, but it didn't work as expected in the end, because dracut
moved to use dracut-install binary. This patch adds the support of
XZ-compressed firmware installation to dracut-install for fixing the
missing piece.
At best the firmware files should be uncompressed in initrd, but this
patch simply copies the compressed file as-is, as a quick workaround.
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1146769
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When a SHA-1 hash of a specific commit is used as a tag, the regex
shenanigans later in the script can (and will) corrupt it in certain
cases.
e.g.:
$ perl -e '
$tag="6e8cd92261577230daa1098f7e05ec198c3c4281";
$tag=~s/[^0-9]+?([0-9]+)/$1/;
print("$tag\n");
'
68cd92261577230daa1098f7e05ec198c3c4281
(Notice the missing 'e')
Let's fix this by limiting the regex's scope to a non-SHA-1 tags only.
Previously with squash module, some binaries will be reinstalled, but
stripping happens before that so new installed binaries is not stripped.
So adjust the squash and strip order, ensure new installed binaries are
stripped just the same way with the old binaries.
Also split squash into two stage to make the split easier, move the
squash temp dir into initdir so stripping will cover that too,
and print more usefule message.
Signed-off-by: Kairui Song <kasong@redhat.com>
When you install a third-party driver, you will probably end in a
situation, where the module will be in a different directory and
in $depmod_module_dir you will only have symlink. If we resolve the
symlink before we pass the module path to instmod, the dracut-install
will only include the module with its original path, but not the
symlink. Hence the module can't be automatically loaded.
Dracut-install is clever enough to handle symlinks and will include both
the symlink and the module to the initrd.
In e54ab383 we moved the fips script to a later pahse of boot, since
the /boot might not be available early on.
The problem is that systemd-cryptsetup* services could be run now
started before the do_fips is executed and need the crypto modules
to decrypted the devices.
So let's split the do_fips and load the module before udev does the
trigger.
When DRACUT_SYSTEMD is set and DRACUT_QUIET=yes, vinfo returns 1. This
is a problem for hooks which end with vinfo, as then the hook returns 1.
Especially problematic if this is a shutdown hook, as it will be
restarted again and again.
This commit fixes that.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
on line 1086 it's used to check for the uefi_stub:
"${systemdutildir}/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub"
so it needs to be defined before that
The EFI executables produced by dracut --uefi must be placed in the
subdirectory /EFI/Linux of the EFI system partition (ESP) according to
the Boot Loader Specification, see
https://systemd.io/BOOT_LOADER_SPECIFICATION#logic
This is done correctly for the mount points /boot and /boot/efi, but for
the mount point /efi, the files are placed in /efi/Linux instead of the
correct /efi/EFI/Linux. This commit fixes the directory so that the EFI
executables are picked up correctly by conforming boot loaders.
Apart from complying to the specification, the change is also in line
with the commit message of 5c57209ba5
("dracut.sh: add default path for --uefi") which introduced this feature
as well as the documentation in dracut.8.asc.
If the network-manager plugin is used instead, it wouldn't write out
ifcfg files and we wouldn't have anything to check.
While at that, also enable the test.
The IFCFG test will make sure the network-legacy plugin keeps writing
out correct ifcfg files.
This is a separate commit so that actual changes are visible in the
following one.
If the root is on network, let nm-initrd-generator create configuration
even if none was explicitly specified on the command line.
Also do the same if /tmp/net.ifaces exists, because the anaconda plugin
creates an empty file in that location in hopes that will make us
configure the network.
On Fedora 30 the paritition sizes turn out to be too small again:
+ mkdir -p /sysroot
+ mount /dev/dracut/root /sysroot
+ cp -a -t /sysroot /source/bin /source/dev /source/etc /source/lib /source/lib64 /source/proc /source/root /source/sbin /source/sys /source/tmp /source/usr /source/var
cp: error writing '/sysroot/usr/lib64/libkrb5.so.3.3': No space left on device
cp: error writing '/sysroot/usr/lib64/libkrb5support.so.0.1': No space left on device
It turns out that there has been quite some size increase in some libraries,
notably glibc, though not all -- some even shrunk, ruling out a toolchain
problem. Here's are files over 1M we install on Fedora 30:
f29 f30
2.7M => 6.4M /usr/lib64/{libc-2.28.so => libc-2.29.so}
3.1M => 6.0M /usr/lib64/libcrypto.so.1.1.1c
2.0M => 3.5M /usr/lib64/{libm-2.28.so => libm-2.29.so}
2.9M => 2.8M /usr/lib/systemd/{libsystemd-shared-239.so => libsystemd-shared-241.so}
1.7M => 2.5M /usr/lib64/libunistring.so.2.1.0
2.3M => 2.4M /usr/lib64/bind9-export/libdns-export.so.1105.0.0
1.2M => 2.1M /usr/bin/bash
1.1M => 1.4M /usr/lib64/libkrb5.so.3.3
1.2M => 1.4M /usr/lib64/libgcrypt.so.20.2.4
612K => 1.1M /usr/lib64/libssl.so.1.1.1c
This increases the image sizes to accomodate for this. There's probably
little else we can do.
The kernel may only enable 'libfcoe' module. Some modules like bnx2fc
provides FCoE but only depend on 'libfcoe'. Loading 'fcoe' module may
fail but the kernel do support FCoE.
'libfcoe' will be installed as a dependency when installing block device
drivers if it's required. So no need to install it in installkernel.
Signed-off-by: Kairui Song <kasong@redhat.com>
When a module is compressed, uncompress it before packing into initrd.
Since initrd is already compressed, it makes no sense to put the
compressed module files.
The patch contains a slight refactoring and adds a helper function to
get the command for uncompressing a file per extension.
Bash 5 apparently longer propagates variable assignments to local variables
in front of function calls when in POSIX mode:
[lkundrak@demiurge ~]$ cat feh.sh
print_VAR () {
echo "$VAR";
}
testfunc () {
local VAR="OLD"
VAR=NEW print_VAR
}
testfunc
[lkundrak@demiurge ~]$ bash4 --posix feh.sh
NEW
[lkundrak@demiurge ~]$ bash5 --posix feh.sh
OLD
[lkundrak@demiurge ~]$ bash5 feh.sh
NEW
[lkundrak@demiurge ~]$
It works the way it did in Bash 4 in non-POSIX mode, for external programs,
or for non-local variables. Don't ask me why -- it's probably some
compatibility thing for some sad old people.
However, this precisely happens when fsck_single() is calling into the
fsck_drv_com(), assigned to _drv by fsck_able(). That ruins the
TEST-70-BONDBRIDGETEAMVLAN test's server and probably more.
Let's pass the fsck driver binary via the function argument instead. It's
less messy anyway.
- The network script and config could be in
"/etc/sysconfig/network-scripts", so try look for network config in
all possible path.
- The regex used for sed is not working, so fix it too.
- Make bootproto a local variable
Signed-off-by: Kairui Song <kasong@redhat.com>
The dracut-root-block-created line should not be created if we fail to copy
in the required files to sysroot. Let's turn on -e to trap failures and
poweroff on them, like some other tests do.
Also remove the &&. Not only it is unnecessary with -e, but defeats it.
From bash(1):
The shell does not exit if the command that fails is [...] part of any
command executed in a && or || list except the command following the
final && or || [...]
when system's default entropy sources are poor (e.g. use of SSD disks or
UEFI RNG not available)
On systems with low entropy at boot, the boot can take up to several
hours, specially when NBDE is used (e.g. clevis) which makes use of
the random number generator.
Enabling rngd service at boot early, because dracut-initqueue runs,
enables to initialize the random number generator in a couple of seconds
instead of minutes or hours.
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
The commit 9f3c31cd8d ("99base: enable initqueue if extra devices are added")
only covers 'dracut --add-device' case, but it did not cover 'dracut --mount'
case, which causes the kdump failure in the Amazon virtual machine.
Lets make sure that the initqueue is enabled in both cases in order to wake up
the device in time.
Reported-by: Xiao Liang <xiliang@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
systemctl need to be accessible on switch-root, but we unmount the
squash image on switch-root, so it will fail. systemctl depends on a lot
of libraries, squash them can save more RAM. So allow modules
(eg. kdump) to tell dracut that switch-root will be intercepted,
then we don't need to take care of that.
Signed-off-by: Kairui Song <kasong@redhat.com>
If required target is a symbol link, create the link then following the
link. If it's a directory, create new directory, else just move it.
Signed-off-by: Kairui Song <kasong@redhat.com>
systemd binary and udevadm are not needed to be outside the squash
image. Some binaries are kept outside because they are required before
mounting the image, or after umounting the image (when switching root),
or they may block umounting the image. But we are using lazy umounting,
so actually nothing will block the umount.
Keep more binaries outside the squash image won't hurt but cost extra
memories, the idea of squash image is to save memory usage.
So, there is no reason to keep udevadm outside, that should be a debug
left over. For systemd binary, it's running when switch root happens,
But we have lazy umounted the image and overlay, once systemd process
exec the new systemd in new root, everything will be cleared by kernel.
Also tidy up the comment make it less confussing.
Signed-off-by: Kairui Song <kasong@redhat.com>
Previous in commit 7047294, dracut will include the loaded kernel module
list in initramfs, so other tools could check if the loaded kernel
module is changed and rebuild the host only initramfs in case some
module required to boot the machine is missing due to host only install.
It's better to use modalias list generated by dracut-install, that
list includes the device modalias list combined with current loaded
kernel module list. In this way, if any kernel module is yet to be
loaded when the initramfs is built, or got unloaded by accident the
module list will not change. This make the list more stable over
initramfs builds.
Signed-off-by: Kairui Song <kasong@redhat.com>
insmods will consider all arguments as optional modules by default, but
for squash module, all listed modules are required, if any of them is
missing the initramfs won't boot. So pass the '-c' argument to let instmos
know all those modules are mandatory, it will fail and give an error if
it failed to install any of those modules.
In commit [9d1b81c dracut.sh: improve udevdir and systemdutildir
fallback logic] , it checked a common binary `collect' to location
udevdir.
But upstream systemd drop binary `collect' since systemd v240
[a168792c2d]
So check binary `ata_id' to instead.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
The parse-fcoe.sh hook is sourced, and hence must not contain
exit 0 calls. Otherwise, the cmdline sequence will be interupted,
and no error will be reported to systemd. Use return instead.
Reference: boo#1136977
The upcoming kernel will have a support for loading compressed
firmware files, and this patch corresponds to that kernel change.
When a firmware file with the extra .xz extension is found, dracut
copies to initrd as fallback. Since initrd itself is compressed, the
file is uncompressed in initrd beforehand.
When using dracut with --hostonly and --no-hostonly-default-device,
/boot will be inaccessible as dracut will most fs modules unless
specified. But FIPS require /boot to be accessible, and it will try
to mount it on boot. It will fail if corresponding fs module is missing.
For most case /boot will be a simple partition, include the fs module
will be enough for FIPS to mount it. For other cases users have to pass
extra parameters by themselves.
Suggested-by: Kenneth Dsouza <kdsouza@redhat.com>
Signed-off-by: Kairui Song <kasong@redhat.com>
Let the caller pass in the module path instead of try to find the module
path everytime. This helps optimize the overall runtime.
Test results (3 rounds) on Fedora 30 in KVM VM with 8 CPUs, 2G memory, HDD:
$ time ./dracut.sh --local --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode 'strict' -o 'plymouth dash resume ifcfg' --mount '/dev/mapper/fedora-root /sysroot xfs defaults' --no-hostonly-default-device -f initramfs.img
Before the commit:
real 0m11.782s | real 0m11.505s | real 0m11.958s
user 0m9.169s | user 0m9.218s | user 0m9.327s
sys 0m10.839s | sys 0m10.829s | sys 0m10.925s
After this commit:
real 0m9.866s | real 0m9.580s | real 0m9.638s
user 0m9.048s | user 0m9.142s | user 0m9.120s
sys 0m7.411s | sys 0m7.775s | sys 0m7.745s
Test result of building a ordinary image:
$ time ./dracut.sh --local --quiet -f initramfs.img
Before the commit:
real 0m34.697s | real 0m34.371s | real 0m35.122s
user 0m27.608s | user 0m27.524s | user 0m27.705s
sys 0m22.341s | sys 0m22.032s | sys 0m22.246s
After the commit:
real 0m31.914s | real 0m31.006 | real 0m31.289ss
user 0m27.315s | user 0m27.324 | user 0m27.290ss
sys 0m19.051s | sys 0m18.916 | sys 0m19.022ss
This will have an ~2s speed up.
Signed-off-by: Kairui Song <kasong@redhat.com>
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 90: [: -eq: unary operator expected
The recent systemd upstream introduced a slightly modified version
string which included information about a git commit, which however
broke the version check in dracut. Unfortunately, the (( )) bash syntax
went along with it in certain cases and introduced a pretty nasty issue,
when the systemd would boot up but with slightly changed environment.
To prevent this from happening in the future, let's at least check if
the version parsed from the `systemd --version` output is a comparable
number.
Eliminate erroneous substring matches when looking up already processed keymaps to prevent necessary keymaps not getting added to the initramfs sometimes e.g. if there are the files 'compose.latin1' and 'compose.latin1.add' the unfixed version would skip processing 'compose.latin1' if find returned 'compose.latin1.add' first due to the directory listing not being in sorted order.
Images built with the fcoe module will always run the lldpad
service as part of their pre-trigger scripts if the network
is active. This prevents network installations in
environments where, for security reasons, LLDPDU frames
cause a switchport shutdown.
Add a new rd.nofcoe option to cause dracut to skip the
lldpad.sh script and the entire 95-fcoe module.
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
When the initramfs is built with squash module enabled, the content
inside squash image will be invisible from the lsinitrd tool. This
commit make lsinitrd detect and list the content of the squash image as
well to avoid possible confusion.
Signed-off-by: Kairui Song <kasong@redhat.com>
- allow emergency login on every console
specified in the kernel cmdline
- require password for hostonly images
- emergency mode: Manually multiplex emergency infos
This will bring all vital information to all ttys specified
as console devices, regardless of wether they hold the C flag.
Reference: FATE#325386
Reference: #449
busybox seems to not properly support this option,
and it can be be safely ommitted or replaced
with piping the output through head.
Rev 2:
* rebased on master
* addressed open points from review
Look for "connection-uuid" instead of "managed" to determine the devices
that are actually activated with a connection and call the online hook.
This fixes the anaconda-net root mount, which utilizes the online hook.
When building squash image, squash module forgot to install the new
shutdown.sh, and the shutdown hooks are always skipped on ordinary
shutdown if squash module is enabled.
The new shutdown.sh will remount the squash image and then everything
will just work, but currently re-mounting the squash image on shutdown
may have selinux problem and make the system hang, and there is no
easy way to fix it.
So skip fixing the shutdown.sh not being install problem, instead
just drop the new shutdown.sh, and unsquash the image on ordinary
shutdown, which is safer and should always work.
Signed-off-by: Kairui Song <kasong@redhat.com>
The kernel-install is called even if you run make install.
Since we don't call dracut with -f a second make install will fail
because initrd with same version is already there.
This makes kernel developers feel miserable.
https://bugzilla.redhat.com/show_bug.cgi?id=1642402
These dependencies cause an odd issue where swap devices specified
by resume= on the kernel command line will cause systemd device
timeouts to occur on boot. According to @haraldh these lines aren't
needed because the socket activiation will take care of it for us.
Removing these lines now as it fixes the resume= device timeout issue.
Fixes#480
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1641268
The only time we need to cleanup squahfs manually is on switch root, to
release resource and memory. We've covered that by setting
"Conflicts=initrd-switch-root.target" for squash cleanup service.
On shutdown systemd will take care of squahfs mounts. But for other
isolate, files in initramfs are most likely still required, so don't
clean up squahfs. For example, kdump's emergency handler will isolate
into its own target, if squahfs is cleaned up it will fail.
Signed-off-by: Kairui Song <kasong@redhat.com>
commit 7347391 ('network-legacy: split off from network module')
splitted network function to network-legacy and removed check() function
of 40network. This caused 40network to be included even if network is
not needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
70291e0 ('dracut.spec: Add dracut-squash package') introduced a new
dracut-squash package, but by accident it overrided some other package
spec and the dependency name is wrong. This patch will fix it.
The previous logic would not handle absolute paths on the left side of
the "=>" properly. For example, on Gentoo ARM64, ldd outputs this:
/lib/ld-linux-aarch64.so.1 => /lib64/ld-linux-aarch64.so.1
At runtime, the kernel tries to load the file from /lib, and fails if we
only provide it in /lib64.
Instead of looking for the first slash after the "=>", just look for the
first slash, period. This would fail if we somehow had a relative path
on the left side (foo/libbar.so), but I'm not aware of any binaries that
would contain such an entry in DT_NEEDED.
Bug: https://bugs.gentoo.org/667752
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
2018-10-09 13:38:47 +02:00
606 changed files with 25614 additions and 15409 deletions
for i in $(manpages) dracut.html dracut-version.sh; do [ "$${i%/*}" != "$$i" ] && mkdir -p "dracut-$(VERSION)/$${i%/*}"; cp "$$i" "dracut-$(VERSION)/$$i"; done
tar --owner=root --group=root -rf dracut-$(VERSION).tar $$(find dracut-$(VERSION) -type f)
for i in $(manpages) dracut.html dracut-version.sh; do [ "$${i%/*}" != "$$i" ] && mkdir -p "dracut-$(DRACUT_MAIN_VERSION)/$${i%/*}"; cp "$$i" "dracut-$(DRACUT_MAIN_VERSION)/$$i"; done
tar --owner=root --group=root -rf dracut-$(DRACUT_MAIN_VERSION).tar $$(find dracut-$(DRACUT_MAIN_VERSION) -type f)
Most of the initramfs generation functionality in dracut is provided by a bunch
of generator modules that are sourced by the main dracut script to install
specific functionality into the initramfs. They live in the modules.d
subdirectory, and use functionality provided by dracut-functions to do their
work.
- Test 01: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=01,label=dracut-ci-slave01/)
- Test 02: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=02,label=dracut-ci-slave01/)
- Test 03: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=03,label=dracut-ci-slave01/)
- Test 04: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=04,label=dracut-ci-slave01/)
- Test 10: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=10,label=dracut-ci-slave01/)
- Test 11: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=11,label=dracut-ci-slave01/)
- Test 12: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=12,label=dracut-ci-slave01/)
- Test 13: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=13,label=dracut-ci-slave01/)
- Test 14: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=14,label=dracut-ci-slave01/)
- Test 15: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=15,label=dracut-ci-slave01/)
- Test 16: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=16,label=dracut-ci-slave01/)
- Test 17: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=17,label=dracut-ci-slave01/)
- Test 20: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=20,label=dracut-ci-slave01/)
- Test 30: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=30,label=dracut-ci-slave01/)
- Test 31: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=31,label=dracut-ci-slave01/)
- Test 40: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=40,label=dracut-ci-slave01/)
- Test 50: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=50,label=dracut-ci-slave01/)
- Test 70: [](https://ci.centos.org/job/dracut-matrix-master/TESTS=70,label=dracut-ci-slave01/)
Currently dracut lives on github.com and kernel.org.
This code of conduct outlines our expectations for participants within the Dracut community, as well as steps for reporting unacceptable behavior.
We are committed to providing a welcoming and inspiring community for all and expect our code of conduct to be honored.
Anyone who violates this code of conduct may be banned from the community.
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
* Focusing on what is best not just for us as individuals, but for the overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others’ private information, such as a physical or email address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@profian.com>.
All complaints will be reviewed and investigated promptly and fairly and will result in a response that is deemed necessary and appropriate to the circumstances.
Project maintainers are obligated to respect the privacy and security of the reporter of any incident.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq.
Translations are available at https://www.contributor-covenant.org/translations.
Security is very important to us. If you discover any issue regarding security, we'd appreciate a non-public disclosure of
the information, so please disclose the information responsibly by sending an email to Harald Hoyer <harald@profian.com> and not by creating a GitHub issue.
We will respond swiftly to fix verifiable security issues with the disclosure being coordinated with distributions and relevant security teams.
Harald Hoyer
