docs: update NEWS.md and AUTHORS

Signed-off-by: Harald Hoyer <harald@profian.com>

.github/workflows/container.yml

@@ -28,7 +28,6 @@ jobs:
             fail-fast: false
             matrix:
                 config:
-                    - { dockerfile: 'Dockerfile-Fedora-33',         tag: 'fedora:33' }
                     - { dockerfile: 'Dockerfile-Fedora-latest',     tag: 'fedora:latest' }
                     - { dockerfile: 'Dockerfile-Fedora-rawhide',    tag: 'fedora:rawhide' }
                     - { dockerfile: 'Dockerfile-OpenSuse-latest',   tag: 'opensuse:latest' }

.gitignore

@@ -1,11 +1,14 @@
 /Makefile.inc
-/dracut.8
-/dracut-catimages.8
-/dracut.conf.5
+/man/dracut.8
+/man/dracut-catimages.8
+/man/dracut.conf.5
 /dracut.conf.d/*.conf
-/dracut-gencmdline.8
+/man/dracut.cmdline.7
 /dracut.html
-/dracut.kernel.7
+/man/dracut.kernel.7
+/man/dracut.bootup.7
+/man/dracut.modules.7
+/man/lsinitrd.1
 /dracut.pc
 /dracut-install
 /modules.d/99base/switch_root
@@ -15,13 +18,13 @@ test*.img
 /.buildpath
 /.project
 /dracut-version.sh
-/install/dracut-install
+/src/install/dracut-install
 /*.rpm
 /*.[0-9]
 /modules.d/98dracut-systemd/*.service.8
 /*.sign
 *.o
-skipcpio/skipcpio
-/util/util
+/src/skipcpio/skipcpio
+/src/util/util
 /dracut-util
 .idea/

.mailmap

@@ -2,9 +2,10 @@ Philippe Seewer <philippe.seewer@bfh.ch> 	<philippe.seewer-omB+W0Dpw2o@public.gm
 Seewer Philippe <philippe.seewer@bfh.ch> 	<philippe.seewer@bfh.ch>
 Philippe Seewer <philippe.seewer@bfh.ch> 	<philippe.seewer@bfh.ch>
 Victor Lowther <victor.lowther@gmail.com> 	<victor.lowther-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
-Harald Hoyer <harald@redhat.com> 		<harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
-Harald Hoyer <harald@redhat.com> 		<harald@eeepc.(none)>
-Harald Hoyer <harald@redhat.com> 		<harald@hoyer.xyz>
+Harald Hoyer <harald@profian.com> 		<harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
+Harald Hoyer <harald@profian.com> 		<harald@eeepc.(none)>
+Harald Hoyer <harald@profian.com> 		<harald@hoyer.xyz>
+Harald Hoyer <harald@profian.com> 		<harald@redhat.com>
 Mike Snitzer <snitzer@redhat.com> 		<msnitzer@redhat.com>
 Amerigo Wang <amwang@redhat.com> 		<xiyou.wangcong@gmail.com>
 Andrey Borzenkov <arvidjaar@gmail.com> 		<arvidjaar@mail.ru>

.packit.yml

@@ -33,7 +33,7 @@ jobs:
 - job: propose_downstream
   trigger: release
   metadata:
-    dist_git_branches: master
+    dist_git_branches: main
 
 - job: tests
   trigger: pull_request

AUTHORS

@@ -1,11 +1,11 @@
-Harald Hoyer <harald@redhat.com>
+Harald Hoyer <harald@profian.com>
 Victor Lowther <victor.lowther@gmail.com>
 Jóhann B. Guðmundsson <johannbg@gmail.com>
 Amadeusz Żołnowski <aidecoe@aidecoe.name>
 Daniel Molkentin <daniel.molkentin@suse.com>
 Hannes Reinecke <hare@suse.com>
-Will Woods <wwoods@redhat.com>
 Kairui Song <kasong@redhat.com>
+Will Woods <wwoods@redhat.com>
 Philippe Seewer <philippe.seewer@bfh.ch>
 Warren Togami <wtogami@redhat.com>
 Dave Young <dyoung@redhat.com>
@@ -15,60 +15,66 @@ David Dillow <dave@thedillows.org>
 Lubomir Rintel <lkundrak@v3.sk>
 Michal Soltys <soltys@ziu.info>
 Colin Guthrie <colin@mageia.org>
+Martin Wilck <mwilck@suse.de>
 Amerigo Wang <amwang@redhat.com>
 Thomas Renninger <trenn@suse.com>
 Alexander Tsoy <alexander@tsoy.me>
-Martin Wilck <mwilck@suse.de>
 Frederick Grose <fgrose@sugarlabs.org>
+Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
 WANG Chao <chaowang@redhat.com>
+Beniamino Galvani <bgalvani@redhat.com>
 Yu Watanabe <watanabe.yu+github@gmail.com>
 Andrey Borzenkov <arvidjaar@gmail.com>
+Peter Robinson <pbrobinson@fedoraproject.org>
+David Disseldorp <ddiss@suse.de>
 Hans de Goede <hdegoede@redhat.com>
 Jonathan Lebon <jonathan@jlebon.com>
-Peter Jones <pjones@redhat.com>
-Peter Robinson <pbrobinson@fedoraproject.org>
-Andreas Thienemann <andreas@bawue.net>
 Frantisek Sumsal <frantisek@sumsal.cz>
+Peter Jones <pjones@redhat.com>
+Thomas Blume <thomas.blume@suse.com>
+Andreas Thienemann <andreas@bawue.net>
+Renaud Métrich <rmetrich@redhat.com>
+Tomasz Paweł Gajc <tpgxyz@gmail.com>
 Fabian Vogt <fvogt@suse.com>
 Nicolas Chauvet <kwizart@gmail.com>
 Zoltán Böszörményi <zboszor@pr.hu>
-Beniamino Galvani <bgalvani@redhat.com>
 Colin Walters <walters@verbum.org>
 John Reiser <jreiser@bitwagon.com>
 Luca Berra <bluca@vodka.it>
-Tomasz Paweł Gajc <tpgxyz@gmail.com>
 Xunlei Pang <xlpang@redhat.com>
 Brian C. Lane <bcl@redhat.com>
 Daniel Drake <drake@endlessm.com>
-Renaud Métrich <rmetrich@redhat.com>
+Dusty Mabe <dusty@dustymabe.com>
+Shreenidhi Shedi <sshedi@vmware.com>
 Angelo "pallotron" Failla <pallotron@fb.com>
-Thomas Blume <thomas.blume@suse.com>
+Dan Horák <dhorak@redhat.com>
+David Tardon <dtardon@redhat.com>
+David Teigland <teigland@redhat.com>
 Ville Skyttä <ville.skytta@iki.fi>
 Böszörményi Zoltán <zboszor@pr.hu>
 Cristian Rodríguez <crrodriguez@opensuse.org>
-Dan Horák <dhorak@redhat.com>
 Javier Martinez Canillas <javierm@redhat.com>
 Ondrej Mosnacek <omosnace@redhat.com>
 Baoquan He <bhe@redhat.com>
 Brendan Germain <brendan.germain@nasdaqomx.com>
-David Tardon <dtardon@redhat.com>
-Dusty Mabe <dusty@dustymabe.com>
 Jonas Witschel <diabonas@gmx.de>
 Leho Kraav <leho@kraav.com>
+Marcos Mello <marcosfrm@gmail.com>
+Mike Gilbert <floppym@gentoo.org>
 Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
 Moritz Maxeiner <moritz@ucworks.org>
 Nathan Rini <nate@ucar.edu>
 Radek Vykydal <rvykydal@redhat.com>
+Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 Đoàn Trần Công Danh <congdanhqx@gmail.com>
 Fabian Deutsch <fabiand@fedoraproject.org>
 Kamil Rytarowski <n54@gmx.com>
+Laszlo Gombos <laszlo.gombos@gmail.com>
 Lidong Zhong <lidong.zhong@suse.com>
 Marc Grimme <grimme@atix.de>
-Mike Gilbert <floppym@gentoo.org>
 NeilBrown <neilb@suse.de>
 Peter Rajnoha <prajnoha@redhat.com>
 Thorsten Behrens <tbehrens@suse.com>
-Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 q66 <daniel@octaforge.org>
 Adam Williamson <awilliam@redhat.com>
 Chao Wang <chaowang@redhat.com>
@@ -78,9 +84,11 @@ Jesse Keating <jkeating@redhat.com>
 Milan Broz <mbroz@redhat.com>
 Mimi Zohar <zohar@linux.vnet.ibm.com>
 Norbert Lange <norbert.lange@andritz.com>
+Pingfan Liu <piliu@redhat.com>
 Roberto Sassu <roberto.sassu@polito.it>
 Stefan Reimer <it@startux.de>
 Takashi Iwai <tiwai@suse.de>
+Tony Asleson <tasleson@redhat.com>
 Anton Blanchard <anton@samba.org>
 Bill Nottingham <notting@redhat.com>
 Chapman Flack <g2@anastigmatix.net>
@@ -94,13 +102,14 @@ Jiri Konecny <jkonecny@redhat.com>
 Jon Ander Hernandez <jonan.h@gmail.com>
 Juan RP <xtraeme@gmail.com>
 Lance Albertson <lance@osuosl.org>
-Marcos Mello <marcosfrm@gmail.com>
 Marian Ganisin <mganisin@redhat.com>
+Masahiro Matsuya <mmatsuya@redhat.com>
 Matthias Gerstner <matthias.gerstner@suse.de>
 Max Resch <resch.max@gmail.com>
 Michael Ploujnikov <plouj@somanetworks.com>
 Pratyush Anand <panand@redhat.com>
 Silvio Fricke <silvio.fricke@gmail.com>
+Stefan Berger <stefanb@linux.ibm.com>
 Steven Brudenell <steven.brudenell@gmail.com>
 Stig Telfer <stelfer@cray.com>
 Thomas Backlund <tmb@mageia.org>
@@ -110,10 +119,14 @@ Wim Muskee <wimmuskee@gmail.com>
 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
 Alan Pevec <apevec@redhat.com>
 Alex Harpin <development@landsofshadow.co.uk>
+Alexander Wenzel <alexander.wenzel@qbeyond.de>
 Alexey Shabalin <shaba@altlinux.org>
+Andre Russ <andre.russ@sap.com>
+Andreas Schwab <schwab@suse.de>
 Ankit Kumar <ankit@linux.vnet.ibm.com>
 Antony Messerli <amesserl@rackspace.com>
 Chao Fan <cfan@redhat.com>
+Cornelius Hoffmann <coding@hoffmn.de>
 Daniel Cordero <dracut@0xdc.io>
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Daniel Schaal <farbing@web.de>
@@ -128,7 +141,9 @@ Imran Haider <imran1008@gmail.com>
 James Buren <ryuo@frugalware.org>
 Jan Macku <jamacku@redhat.com>
 Joey Boggs <jboggs@redhat.com>
+José María Fernández <josemariafg@gmail.com>
 Julian Wolf <juwolf@suse.com>
+Kairui Song <kasong@tencent.com>
 Koen Kooi <koen@dominion.thruhere.net>
 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 Kyle McMartin <kmcmarti@redhat.com>
@@ -144,28 +159,28 @@ Nikoli <nikoli@gmx.us>
 Patrick Talbert <ptalbert@redhat.com>
 Pedro Monreal <pmgdeb@gmail.com>
 Petr Pavlu <petr.pavlu@suse.com>
-Pingfan Liu <piliu@redhat.com>
 Przemysław Rudy <prudy1@o2.pl>
 Robert LeBlanc <robert@leblancnet.us>
 Robert Scheck <robert@fedoraproject.org>
 Stefan Berger <stefanb@us.ibm.com>
 Thomas Lange <lange@informatik.uni-koeln.de>
 Till Maas <opensource@till.name>
-Tony Asleson <tasleson@redhat.com>
 Vivek Goyal <vgoyal@redhat.com>
 Vladislav Bogdanov <bubble@hoster-ok.com>
+Zoltán Böszörményi <zboszor@gmail.com>
 Érico Rolim <erico.erc@gmail.com>
 наб <nabijaczleweli@nabijaczleweli.xyz>
 A. Wilcox <AWilcox@Wilcox-Tech.com>
 Adam Alves <adamoa@gmail.com>
+Adrien Thierry <athierry@redhat.com>
 Alexander Kurtz <alexander@kurtz.be>
 Alexander Miroshnichenko <alex@millerson.name>
 Alexander Sosedkin <asosedkin@redhat.com>
 Alexander Todorov <atodorov@redhat.com>
 Alexey Kodanev <alexey.kodanev@oracle.com>
-Andreas Schwab <schwab@suse.de>
 Andreas Stieger <astieger@suse.com>
 Andrew J. Hesford <ajh@sideband.org>
+Andrey Sokolov <keremet@altlinux.org>
 Andy Lutomirski <luto@mit.edu>
 Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
 Anssi Hannula <anssi@mageia.org>
@@ -177,22 +192,25 @@ B. Wilson <x@wilsonb.com>
 Ben Howard <ben.howard@redhat.com>
 Benjamin Marzinski <bmarzins@redhat.com>
 Brandon Philips <brandon@ifup.co>
+Brandon Sloane <btsloane@verizon.net>
 Bruno E. O. Meneguele <bmeneg@redhat.com>
 Bryn M. Reeves <bmr@redhat.com>
 Canek Peláez Valdés <caneko@gmail.com>
 Carlo Caione <carlo@endlessm.com>
 Chad Dupuis <chad.dupuis@cavium.com>
+Charles Rose <charles.rose@dell.com>
 Christian Heinz <christian.ch.heinz@gmail.com>
+Coiby Xu <coxu@redhat.com>
 Cong Wang <amwang@redhat.com>
 Dan Fuhry <dfuhry@datto.com>
 Dave Jones <davej@redhat.com>
-David Disseldorp <ddiss@suse.de>
 David Hildenbrand <david@redhat.com>
 David Michael <david.michael@coreos.com>
 Denis Volkov <denis@simpletexting.net>
 Dennis Schridde <devurandom@gmx.net>
 Derek Hageman <hageman@inthat.cloud>
 Derek Higgins <derekh@redhat.com>
+Dirk Müller <dirk@dmllr.de>
 Donovan Tremura <neurognostic@protonmail.ch>
 Duane Griffin <duaneg@dghda.com>
 Elan Ruusamäe <glen@delfi.ee>
@@ -208,9 +226,12 @@ Frank Deng <frank.deng@oracle.com>
 François Cami <fcami@fedoraproject.org>
 Gerd von Egidy <gerd.von.egidy@intra2net.com>
 Glen Gray <slaine@slaine.org>
+Glenn Morris <rgm@stanford.edu>
 GuoChuang <guo.chuang@zte.com.cn>
 HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
+Hari Bathini <hbathini@linux.ibm.com>
 Hendrik Brueckner <brueckner@linux.ibm.com>
+Henrik Gombos <henrik99999@gmail.com>
 Hermann Gausterer <git-dracut-2012@mrq1.org>
 Hiroaki Mizuguchi <hiroaki-m@iij.ad.jp>
 Hongxu Jia <hongxu.jia@windriver.com>
@@ -231,11 +252,14 @@ Jonas Jonsson <jonas@websystem.se>
 Jonas Witschel <diabonas@archlinux.org>
 Kevin Yung <Kevin.Yung@myob.com>
 Lars R. Damerow <lars@pixar.com>
+Lars Wendler <polynomial-c@gentoo.org>
 Lee Duncan <lduncan@suse.com>
 Lennart Poettering <lennart@poettering.net>
 Lennert Buytenhek <buytenh@wantstofly.org>
 Lev Veyde <lveyde@redhat.com>
 Lianbo Jiang <lijiang@redhat.com>
+LinkTed <link.ted@mailbox.org>
+Luca BRUNO <luca.bruno@coreos.com>
 Lucas C. Villa Real <lucasvr@gmail.com>
 Major Hayden <major@mhtx.net>
 Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
@@ -244,6 +268,7 @@ Marian Csontos <mcsontos@redhat.com>
 Mark Fasheh <mfasheh@suse.de>
 Matt <smoothsailing72@hotmail.com>
 Matt Smith <shadowfax@gmx.com>
+Matthias Berndt <matthias_berndt@gmx.de>
 Mei Liu <liumbj@linux.vnet.ibm.com>
 Michael Chapman <mike@very.puzzling.org>
 Michael McCracken <michael.mccracken@gmail.com>
@@ -259,6 +284,7 @@ Ondrej Dubaj <odubaj@redhat.com>
 P J P <ppandit@redhat.com>
 Paolo Bonzini <pbonzini@redhat.com>
 Paul Robins <exp@users.noreply.github.com>
+Pavel Valena <pvalena@redhat.com>
 Pavel Zhukov <pzhukov@redhat.com>
 Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
 Pekka Wallendahl <wyrmiyu@gmail.com>
@@ -279,12 +305,12 @@ Sergei Iudin <tsipa740@gmail.com>
 Sergey Fionov <fionov@gmail.com>
 Shawn W Dunn <sfalken@opensuse.org>
 Srinivasa T N <seenutn@linux.vnet.ibm.com>
-Stefan Berger <stefanb@linux.ibm.com>
 Stijn Hoop <stijn@sandcat.nl>
 Sullivan (CTR), Austin <austin.sullivan.ctr@progeny.net>
 Thierry Vignaud <thierry.vignaud@gmail.com>
 Thilo Bangert <thilo.bangert@gmx.net>
 Thomas Abraham <tabraham@suse.com>
+Thomas Haller <thaller@redhat.com>
 Tobias Geerinckx <tobias.geerinckx@gmail.com>
 Tobias Klauser <tklauser@distanz.ch>
 Tom Gundersen <teg@jklm.no>
@@ -305,6 +331,8 @@ jbash aka John Bashinski <jbash@velvet.com>
 jloeser <jloeser@suse.de>
 johannes <johannes.brechtmann@gmail.com>
 jonathan-teh <30538043+jonathan-teh@users.noreply.github.com>
+joshuacov1 <joshuacov@gmail.com>
+lapseofreason <lapseofreason0@gmail.com>
 leo-lb <lle-bout@zaclys.net>
 logan <logancaldwell23@gmail.com>
 masem <matej.semian@gmail.com>

Makefile

@@ -102,6 +102,16 @@ ifeq ($(HAVE_SHFMT),yes)
 	shfmt -w -s .
 endif
 
+src/dracut-cpio/target/release/dracut-cpio: src/dracut-cpio/src/main.rs
+	cargo --offline build --release --manifest-path src/dracut-cpio/Cargo.toml
+
+dracut-cpio: src/dracut-cpio/target/release/dracut-cpio
+	ln -fs $< $@
+
+ifeq ($(enable_dracut_cpio),yes)
+all: dracut-cpio
+endif
+
 doc: $(manpages) dracut.html
 
 ifneq ($(enable_documentation),no)
@@ -168,6 +178,7 @@ ifneq ($(enable_documentation),no)
 endif
 	if [ -n "$(systemdsystemunitdir)" ]; then \
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir); \
+		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown-onfailure.service; \
 		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown.service; \
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir)/sysinit.target.wants; \
 		ln -s ../dracut-shutdown.service \
@@ -196,6 +207,9 @@ endif
 	if [ -f dracut-util ]; then \
 		install -m 0755 dracut-util $(DESTDIR)$(pkglibdir)/dracut-util; \
 	fi
+ifeq ($(enable_dracut_cpio),yes)
+	install -m 0755 dracut-cpio $(DESTDIR)$(pkglibdir)/dracut-cpio
+endif
 	mkdir -p $(DESTDIR)${prefix}/lib/kernel/install.d
 	install -m 0755 install.d/50-dracut.install $(DESTDIR)${prefix}/lib/kernel/install.d/50-dracut.install
 	install -m 0755 install.d/51-dracut-rescue.install $(DESTDIR)${prefix}/lib/kernel/install.d/51-dracut-rescue.install
@@ -222,6 +236,7 @@ clean:
 	$(RM) dracut-util util/util $(UTIL_OBJECTS)
 	$(RM) $(manpages) dracut.html
 	$(RM) dracut.pc
+	$(RM) dracut-cpio src/dracut-cpio/target/release/dracut-cpio*
 	$(MAKE) -C test clean
 
 dist: dracut-$(DRACUT_MAIN_VERSION).tar.xz

NEWS.md

@@ -1,5 +1,271 @@
 [Rendered view](https://github.com/dracutdevs/dracut/blob/master/NEWS.md)
 
+dracut-056
+==========
+
+#### Bug Fixes
+
+* **base:**
+    *  do not change the provided UUID ([4e858741](https://github.com/dracutdevs/dracut/commit/4e858741087a5cfea891bd2c1fd51ea9b830aeaf))
+    *  add default device choice ([e8c18c9f](https://github.com/dracutdevs/dracut/commit/e8c18c9f7f5ed94898f70e9ff5a5f94a815a2b49))
+    *  tr needs to be installed ([dfbfd33b](https://github.com/dracutdevs/dracut/commit/dfbfd33b24524c0c10ad3594be143192f5b7da84))
+    *  do not quote $initargs for switch_root ([f649cd10](https://github.com/dracutdevs/dracut/commit/f649cd10b2e920e9d65c532db9b9f89a7370ad99))
+    *  repair installing dracut-util ([d7acf107](https://github.com/dracutdevs/dracut/commit/d7acf107f2ac619f73dfa29588ea9adfaf79e296))
+* **bluetooth:**
+    *  make hostonly configuration files optional ([d03fb675](https://github.com/dracutdevs/dracut/commit/d03fb675d8e904c6c44de9b91814b33c45043f4f))
+    *  dbus configuration path fixes ([34b1dd2e](https://github.com/dracutdevs/dracut/commit/34b1dd2e26c343e9000094db01a7985b6851adf1))
+* **cms:**  reload NetworkManager connections ([07977ee5](https://github.com/dracutdevs/dracut/commit/07977ee5c5294a5d30c1f33f292a0b31303750fb))
+* **cpio:**
+    *  correct dev_t -> rmajor/rminor mapping ([acc629ab](https://github.com/dracutdevs/dracut/commit/acc629abb0d7a26f692f99e5a9cf8c8401bc6a86))
+    *  write zeros instead of seek for padding and alignment ([0af11c5e](https://github.com/dracutdevs/dracut/commit/0af11c5ea5018a3e1049a2207a9a671049651876))
+* **crypt:**  remove quotes from cryptsetupopts ([e0abf88a](https://github.com/dracutdevs/dracut/commit/e0abf88a15d23fbf793cf872397016ad86aeaaa8), closes [#1528](https://github.com/dracutdevs/dracut/issues/1528))
+* **crypt-gpg:**
+    *  tr needs to be installed ([a93fbc4a](https://github.com/dracutdevs/dracut/commit/a93fbc4ae00d8c6ecda67319a6425f7966609bbe))
+    *  execute --card-status on each try ([66100936](https://github.com/dracutdevs/dracut/commit/6610093698db25fda1d584b9771da1e2c2330095))
+* **dasd_rules:**
+    *  correct udev dasd rules parsing ([5de6e4d5](https://github.com/dracutdevs/dracut/commit/5de6e4d56e5206cb47f645ad1cb6d39794048c68))
+    *  remove collect based udev rule creators ([ebafbd82](https://github.com/dracutdevs/dracut/commit/ebafbd824175e201ae9476576588a896c6b7d7eb))
+* **dmsquash-live:**
+    *  option to use overlayfs on a block device root ([813577e2](https://github.com/dracutdevs/dracut/commit/813577e2ba034b448d2cf2d2857b2d20d56c0259))
+    *  do not install systemd files when systemd is not enabled ([bf8738d3](https://github.com/dracutdevs/dracut/commit/bf8738d31ca53ad6410c46c1f9b2a4a12273b9a3))
+    *  iso-scan requires rmdir ([e19e3890](https://github.com/dracutdevs/dracut/commit/e19e38904c054664473207d2d6ef3c53bd938867))
+    *  correct regression introduced with shellcheck changes ([0c631efb](https://github.com/dracutdevs/dracut/commit/0c631efb10bf4ce18ec8640277bd94712950298a))
+* **dmsquash-live-ntfs:**  fuse3 no longer requires ulockmgr_server ([75ad2699](https://github.com/dracutdevs/dracut/commit/75ad269931eccd266a5d60ba4000d93655143e00))
+* **dracut:**  be more robust when using 'set -u' ([22a80629](https://github.com/dracutdevs/dracut/commit/22a80629b4bbcef02eb8fe3611ea44e253ef4c61))
+* **dracut-functions.sh:**
+    *  ip route parsing ([d754e1c6](https://github.com/dracutdevs/dracut/commit/d754e1c6f081a6501cb7fdcb5caaa6c4977235af))
+    *  get block device driver if in a virtual subsystem ([dc3b976f](https://github.com/dracutdevs/dracut/commit/dc3b976f3393d7a3fb75b349418fc8ee2c9142bd))
+* **dracut-init:**  unbreak a comment ([bc4f196f](https://github.com/dracutdevs/dracut/commit/bc4f196f9825029eaef7ccf525ec57f5229b2793))
+* **dracut-initramfs-restore.sh:**
+    *  add missing compression options ([e86397de](https://github.com/dracutdevs/dracut/commit/e86397de24f4efa6d36e2bb5ae84b7d9ec69b72d))
+    *  add missing default paths ([3d8e1ad2](https://github.com/dracutdevs/dracut/commit/3d8e1ad2ae1e34244ddf700beea6358c1452e05c), closes [#1628](https://github.com/dracutdevs/dracut/issues/1628))
+* **dracut-install:**  tweaks to get_real_file() ([1beeaf3b](https://github.com/dracutdevs/dracut/commit/1beeaf3b71aed763d5fc7a9ee044d675f8906e8c))
+* **dracut-shutdown:**  add cleanup handler on failure ([7ab1d002](https://github.com/dracutdevs/dracut/commit/7ab1d00227cad6f1b86ba01fdc766769faebb031))
+* **dracut-systemd:**  do not use Requires for vconsole-setup.service ([a7f5429c](https://github.com/dracutdevs/dracut/commit/a7f5429cb81f7ffdf9bd5684af8d36725170b756))
+* **dracut.sh:**
+    *  do not ignore invalid config file or dir path ([7de9ffc0](https://github.com/dracutdevs/dracut/commit/7de9ffc0574790ecbad74b5a000ecd022d7736d4))
+    *  check kernel zstd support early ([475497b1](https://github.com/dracutdevs/dracut/commit/475497b1bd12c006c782541124b6427cb7ef4cb7))
+    *  check availability of configured compression ([bdac657b](https://github.com/dracutdevs/dracut/commit/bdac657bf65615438942a872491a818750735014))
+    *  inform user about auto-selected compression method ([06d47ded](https://github.com/dracutdevs/dracut/commit/06d47ded679231e1370cc655c1df408fc865baac))
+    *  drop pointless check for module compression method ([586d3e76](https://github.com/dracutdevs/dracut/commit/586d3e7664c00bf144becfa69dde2dbab8711d51))
+    *  change misspelled variable name ([acfd97a9](https://github.com/dracutdevs/dracut/commit/acfd97a94385c33cd6cef4e5a37f233ea4081288))
+    *  remove wrong $ in loop sequence ([f1245b5b](https://github.com/dracutdevs/dracut/commit/f1245b5bc13a98ef0dcc679dcef6148214e09503))
+    *  handle symlinks appropriately while using '-i' option ([c7fbc0c8](https://github.com/dracutdevs/dracut/commit/c7fbc0c8901917baf0d1f0822568e65c6ec00d18))
+    *  handle '-i' option to include files beginning with '.' ([f1138012](https://github.com/dracutdevs/dracut/commit/f1138012c9dc44e6614466c0a8e929fc55e4a5dd))
+* **drm:**  add privacy screen modules to the initrd ([14d97a6a](https://github.com/dracutdevs/dracut/commit/14d97a6a28c6172340c47c89374358aaf4e2629d))
+* **fedora.conf.example:**  rename misspelled variable ([9371dcab](https://github.com/dracutdevs/dracut/commit/9371dcaba3c58377428eee44bd702fae7b2ab20e))
+* **fido2:**  add a missing library ([4753738b](https://github.com/dracutdevs/dracut/commit/4753738b62d958955f50fb077ea21c56a8d23dc3))
+* **fips:**
+    *  missing sourcing of dracut-lib ([857b17f0](https://github.com/dracutdevs/dracut/commit/857b17f090bdf575292f0bd6f5e8e3d753f6b426))
+    *  add and remove local variables ([e8121bfd](https://github.com/dracutdevs/dracut/commit/e8121bfddda34e20db889a74d4ac6259ed182aea))
+    *  wrong error message ([7f10c483](https://github.com/dracutdevs/dracut/commit/7f10c483b6abcc8be42cf246bbdade264be68228))
+    *  handle s390x OSTree systems ([78557f05](https://github.com/dracutdevs/dracut/commit/78557f05a69fe718a97df85d2ed741ce10d3f806))
+* **fips.sh:**  repsect rd.fips.skipkernel ([5789abcb](https://github.com/dracutdevs/dracut/commit/5789abcbe05f30d556086590b786c4857d025d9d))
+* **img-lib:**  install rmdir ([51ce8893](https://github.com/dracutdevs/dracut/commit/51ce8893d981e90640123a7dcc3e4f3621e7d819))
+* **install:**
+    *  segfault on popen error ([5c2f72f1](https://github.com/dracutdevs/dracut/commit/5c2f72f152ec319a8001d1ff0bfd1f81a9130b04))
+    *  extend hwcaps library handling to libraries under glibc-hwcaps/ ([10ed204f](https://github.com/dracutdevs/dracut/commit/10ed204f873f454dcd15ffcc82dc3a1c781c1514))
+    *  use size_t to avoid -Wsign-compare warning ([55468a2d](https://github.com/dracutdevs/dracut/commit/55468a2d40182de4cce5ba4ecd5dcd96be03bd4d))
+    *  improve gettid definition ([ef0f848a](https://github.com/dracutdevs/dracut/commit/ef0f848a67fdd0a0dab135acbd1cd7fa0179a95c))
+    *  validate return values log.c ([19537f89](https://github.com/dracutdevs/dracut/commit/19537f8943ac4106c6d4ab0e00a48a8c0a9a0519))
+    *  rectify unused function args in log.c ([b5cf7ec7](https://github.com/dracutdevs/dracut/commit/b5cf7ec784335ec561e379f8e78f48019a344ac0))
+    *  use wrapper for asprintf ([e2a61595](https://github.com/dracutdevs/dracut/commit/e2a61595d2c91202ff4ea69937064cd2c0d1f336))
+    *  use unsigned int instead of unsigned ([74a41799](https://github.com/dracutdevs/dracut/commit/74a417994840f7a6119e2dee57f9a3bb4d84998b))
+    *  reduce cppcheck warnings ([b0bf8187](https://github.com/dracutdevs/dracut/commit/b0bf8187d5cc51d5576d8d70a81677d7c9741b37))
+    *  add a missing ret value assignment ([6a444261](https://github.com/dracutdevs/dracut/commit/6a44426162d5b1b7084b17f921799863d353f847))
+* **integrity:**  add support for loading multiple EVM x509 certs ([9da76af8](https://github.com/dracutdevs/dracut/commit/9da76af8e7f0f7a939b2ee44f0b4a5ce0bdd3b0b))
+* **iscsi:**  add support for the new iscsiadm "no-wait" (-W) command ([7374943a](https://github.com/dracutdevs/dracut/commit/7374943ae3d063f0142c969b132c4156030fda8b))
+* **kernel-modules:**
+    *  add mailbox drivers for arm ([0e80ff72](https://github.com/dracutdevs/dracut/commit/0e80ff72e01d28e7e92d3adbf98ec40bdbdc37fe))
+    *  detect block device's hardware driver ([c86f4d28](https://github.com/dracutdevs/dracut/commit/c86f4d286000d1e76fd405560b4114537e2cbbff))
+    *  add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs ([b292ce72](https://github.com/dracutdevs/dracut/commit/b292ce7295f18192124e64e5ec31161d09492160))
+    *  add more modules on RISC-V ([3cc9f1c1](https://github.com/dracutdevs/dracut/commit/3cc9f1c10c67dcdb5254e0eb69f19e9ab22abf20))
+    *  add isp1760 USB controller ([15398458](https://github.com/dracutdevs/dracut/commit/15398458685d376fef56b1bf6fe09ae7c68324c1))
+    *  add Type-C USB drivers for generic initrd ([a1287c62](https://github.com/dracutdevs/dracut/commit/a1287c627f28b16b1b066b7c256549b832bd98de))
+* **kernel-modules-extra:**  handle zstd module extension ([b3d2dcb7](https://github.com/dracutdevs/dracut/commit/b3d2dcb71e7af8f605f5f66041ed3c801333e5f1))
+* **lvm:**
+    *  restore setting LVM_MD_PV_ACTIVATED ([164e5ebb](https://github.com/dracutdevs/dracut/commit/164e5ebb1199ea3e3d641ce402d8257f0055a529))
+    *  replace --partial option ([97543cca](https://github.com/dracutdevs/dracut/commit/97543cca48dfde849396f11c83f9c320e1b91c46))
+* **man:**  default value of rd.retry was increased to 180 seconds ([4855242c](https://github.com/dracutdevs/dracut/commit/4855242ce5cb586afd2eebd91df57ce1d28ae6b5))
+* **mdraid:**  allow UUID comparison for more than one UUID ([d364ce83](https://github.com/dracutdevs/dracut/commit/d364ce8334fef96f48492bd0fb3b7deac37bbb66))
+* **memstrack:**  drop bash runtime requirement ([35822f39](https://github.com/dracutdevs/dracut/commit/35822f39970b369301e0ff54436d5714dd996896))
+* **mksh:**  requires printf ([f806a628](https://github.com/dracutdevs/dracut/commit/f806a628aa9aec548e425e81b6ea4ab6f5db26f6))
+* **multipath:**
+    *  check if mpathconf is available ([4318533e](https://github.com/dracutdevs/dracut/commit/4318533e1493bfab622b64efc1b799426c812c26))
+    *  drop ExecStop= setting from service unit ([9491e599](https://github.com/dracutdevs/dracut/commit/9491e599282d0d6bb12063eddbd192c0d2ce8acf))
+    *  get config. dir from configuration ([2e3c5444](https://github.com/dracutdevs/dracut/commit/2e3c5444d271cb8f05955858b8fdc367c4ea5c48))
+* **multipathd.service:**
+    *  drop dependencies on iscsi and iscsid ([6246da40](https://github.com/dracutdevs/dracut/commit/6246da400fa7f527a1ff1c620bf85ac9f6644508))
+    *  adapt to upstream multipath-tools unit file ([a247d2bc](https://github.com/dracutdevs/dracut/commit/a247d2bc0d4c6d37a2ea4f3da98dd7902bb37385))
+    *  remove dependency on systemd-udev-settle ([371b338a](https://github.com/dracutdevs/dracut/commit/371b338a5f19d40ff4c3216dc0f27f9a00cf4e22))
+* **network:**
+    *  consistent use of "$gw" for gateway ([3f2c76bb](https://github.com/dracutdevs/dracut/commit/3f2c76bb1456941a28d3333569d2bf18f8624617))
+    *  wrong test of wicked unit ([22e68307](https://github.com/dracutdevs/dracut/commit/22e683077a686b592da55e1d247b31f65c95d481))
+    *  add errors and warnings when network interface does not exist ([79389352](https://github.com/dracutdevs/dracut/commit/7938935267dd8824f074adf84c219340ad4c8db6))
+* **network-manager:**
+    *  skip non-directories in /sys/class/net ([d9c3c774](https://github.com/dracutdevs/dracut/commit/d9c3c77437d91d7d66369a3ef701ffc5e501346d))
+    *  disable tty output if the console is not usable ([f6e6be24](https://github.com/dracutdevs/dracut/commit/f6e6be245d0cda14d90a0442b688c8dca1410a2e))
+    *  show output on console only with rd.debug enabled ([e07b7ad0](https://github.com/dracutdevs/dracut/commit/e07b7ad0e7f5dbb8024336f3075610b3b74ffb2e))
+    *  write DHCP filename option to dhcpopts file ([38320fce](https://github.com/dracutdevs/dracut/commit/38320fce56a8d83b79d6c970c491a454ba9de213))
+    *  check for nm-initrd-generator in both /usr/{libexec,lib} ([5ee7e249](https://github.com/dracutdevs/dracut/commit/5ee7e249b8cc74461122ccd7efe954b3402c23da))
+    *  ensure safe content of /tmp/dhclient."$ifname".dhcpopts ([e509c638](https://github.com/dracutdevs/dracut/commit/e509c638e68a8e3cae446d1a4f9f86e3aa6e7a99))
+    *  include nm-daemon-helper binary ([0e590531](https://github.com/dracutdevs/dracut/commit/0e5905315e92dfc095f543fd73db6190db533217))
+    *  don't pull in systemd-udev-settle ([a0f12fb6](https://github.com/dracutdevs/dracut/commit/a0f12fb6a09b09f35ab28753d7c4461c10a8b562))
+    *  support teaming under NM+systemd ([a97d2ced](https://github.com/dracutdevs/dracut/commit/a97d2cedcf65a9a2fbff2591171f0163c7d3cb46))
+    *  pull in network.target in nm-initrd.service ([a97d6e2b](https://github.com/dracutdevs/dracut/commit/a97d6e2b13146783831b166ec5e8b33b29c514b0))
+* **network-wicked:**  multiple path corrections ([d3b5bc17](https://github.com/dracutdevs/dracut/commit/d3b5bc17ebadfe8922d1144b3dfd5435d0ecc71a))
+* **nvmf:**  validate_ip_conn ([655c65e6](https://github.com/dracutdevs/dracut/commit/655c65e6ced00e7a80c41e96c5f6fe108da07839))
+* **qeth_rules:**  check the existence of /sys/devices/qeth/*/online beforehand ([6c71ba41](https://github.com/dracutdevs/dracut/commit/6c71ba4121ae64ccd13fefba68ca327ac623810f))
+* **resume:**
+    *  resume using /usr/lib64/suspend ([c4593734](https://github.com/dracutdevs/dracut/commit/c459373448d24760d15e22fde7c6f811c7891376))
+    *  check for presence of /sys/power/resume ([0b977906](https://github.com/dracutdevs/dracut/commit/0b97790626bff3579755b38f78a9c524a075cfcc))
+* **rootfs-block:**  make the base module dependency explicit ([3326e4c9](https://github.com/dracutdevs/dracut/commit/3326e4c957d0499495d9e91182fc574b960ace86))
+* **s390_rules:**  drop collect installation ([f905c3a7](https://github.com/dracutdevs/dracut/commit/f905c3a72c975cf6006f266755cc91229132c739))
+* **shutdown:**  be robust against forced shutdown ([b9ba3c8b](https://github.com/dracutdevs/dracut/commit/b9ba3c8bb8f0f1328cd1ffaa8dbf64585b28c474))
+* **skipcpio:**
+    *  calculate and use CPIO_MAGIC_LEN ([3fb8723c](https://github.com/dracutdevs/dracut/commit/3fb8723ce0066b4ba92f6dbfc4373a66d1f551c4))
+    *  improve error checking ([f6d16b6b](https://github.com/dracutdevs/dracut/commit/f6d16b6bbd5b8b7ac238c3d2148bebf4e91140a2))
+* **squash:**
+    *  apply FIPS and libpthread workaround ([5ab18dee](https://github.com/dracutdevs/dracut/commit/5ab18dee996f0eeb2b0bfe354570e1b1af46d025))
+    *  remove tailing '/' when installing ld.so.conf.d ([cbd85597](https://github.com/dracutdevs/dracut/commit/cbd85597e3ed6abf64ac17f431da5477eb5aefa0))
+    *  keep ld cache under initdir ([dc21638c](https://github.com/dracutdevs/dracut/commit/dc21638c3f0acbb54417f3bfb6294ad5514bf2db))
+    *  create relative symlinks ([a2b6be44](https://github.com/dracutdevs/dracut/commit/a2b6be44792b68218e3378a7d844b0f8527a4805))
+* **systemd-sysusers:**
+    *  use split systemd sysuser configs ([fec93bb2](https://github.com/dracutdevs/dracut/commit/fec93bb22181f80056b40231fca36c422248ade0))
+    *  override systemd-sysusers.service ([dcbe23c1](https://github.com/dracutdevs/dracut/commit/dcbe23c14d13ca335ad327b7bb985071ca442f12))
+* **tpm2-tss:**
+    *  add a missing library ([c656b612](https://github.com/dracutdevs/dracut/commit/c656b612b101e4834e01f9841162e2629a7272f7))
+    *  typo in depends() ([8b17105b](https://github.com/dracutdevs/dracut/commit/8b17105bed69ed90582a13d97d95ee19e6581365))
+* **url-lib:**
+    * SC2086: Double quote to prevent globbing and word splitting ([acb18869](https://github.com/dracutdevs/dracut/commit/acb18869e98687a3f8c172d7e7befaa5326cf67a))
+    * SC2046: Quote this to prevent word splitting ([ec50cec3](https://github.com/dracutdevs/dracut/commit/ec50cec3bd9169410df409e077d0487c63c2a627))
+    * improve ca-bundle detection ([e3bb1815](https://github.com/dracutdevs/dracut/commit/e3bb1815bbbff1a7e21b857d2ae32bc0410754d5))
+    * make pre-pivot hook separetely per nfs mount ([2f091b17](https://github.com/dracutdevs/dracut/commit/2f091b17075f81ff490b05d3d566d736fc32f0be))
+* **usrmount:**  do not empty _dev variable ([4afdcba2](https://github.com/dracutdevs/dracut/commit/4afdcba212793f136aea012b30dd7bdb5b641a5a))
+* **zfcp_rules:**
+    *  correct udev zfcp rules parsing ([59252668](https://github.com/dracutdevs/dracut/commit/5925266832042f9d17a3fb7a219b83118c5b16d6))
+    *  remove collect based udev rule creators ([d40c49a8](https://github.com/dracutdevs/dracut/commit/d40c49a8dfe203be33af8ace5f0efd07a88856f4))
+
+#### Features
+
+* **Makefile:**  cargo wrapper for dracut-cpio build ([51d21c6b](https://github.com/dracutdevs/dracut/commit/51d21c6b37b0eb8566d18d665d0197ca4d68101c))
+* **cpio:**
+    *  add newc archive creation utility ([a9c67046](https://github.com/dracutdevs/dracut/commit/a9c67046431ccf5fd4f4c16c890695df388f0d38))
+    *  add rust argument parsing library from crosvm ([94fc5026](https://github.com/dracutdevs/dracut/commit/94fc50262f5e6c28d92782dc231fbb6c61855954))
+* **crypt:**
+    *  check if pkcs11 module is needed in hostonly mode ([56f4fb6c](https://github.com/dracutdevs/dracut/commit/56f4fb6cb755327c77c32f8c414a4a0e64fc933c))
+    *  check if fido2 module is needed in hostonly mode ([d5fd030c](https://github.com/dracutdevs/dracut/commit/d5fd030cc285730e1a1b9e0e78a1e1dc4daabfe0))
+    *  check if tpm2-tss module is needed in hostonly mode ([5d990a00](https://github.com/dracutdevs/dracut/commit/5d990a004b5ae6863f2c9a633b184c07dd73563d))
+* **dracut.sh:**
+    *  add --aggresive-strip option ([67fc670a](https://github.com/dracutdevs/dracut/commit/67fc670a88ab6c97d22c6718082619c0cf850fc3))
+    *  add "--enhanced-cpio" option for calling dracut-cpio ([afe4a6db](https://github.com/dracutdevs/dracut/commit/afe4a6dbb7df62982baab8212bba5d90010dfbac))
+    *  check if target kernel has zstd support compiled in ([591118c5](https://github.com/dracutdevs/dracut/commit/591118c56da2bfcea060e3b7671bc87b23c0e44a))
+* **fido2:**  introducing the fido2 module ([049973b7](https://github.com/dracutdevs/dracut/commit/049973b708298ea0ce1ac9c869b404f4c718eff3))
+* **lvm:**
+    *  only run lvchange for LV that is seen on devices ([1af46743](https://github.com/dracutdevs/dracut/commit/1af46743195422aaebcde5c508a5dd479eff51ea))
+    *  use generated filter when none is set ([7ffc5e38](https://github.com/dracutdevs/dracut/commit/7ffc5e388bcce20785803825bdd260c3c854b34f))
+    *  update lvm command options ([c0a54f29](https://github.com/dracutdevs/dracut/commit/c0a54f2993b1d3c2101202c274a41f925445d54b))
+* **pcsc:**  introducing the pcsc module ([dcaff88a](https://github.com/dracutdevs/dracut/commit/dcaff88ac942042e3db0a2bbfc1c995ec0735f38))
+* **pkcs11:**
+    *  include the module in the spec file ([c5907f82](https://github.com/dracutdevs/dracut/commit/c5907f82d835d72e4dd7c473a86e872fce37d61e))
+    *  introducing the pkcs11 module ([83ea8cf0](https://github.com/dracutdevs/dracut/commit/83ea8cf001a49356cf7814b3c08bdd1c4b4f2763))
+* **spec:**  add systemd-integritysetup module ([fe8df024](https://github.com/dracutdevs/dracut/commit/fe8df0240a24b9d2d60a5b0b998f82b251ede849))
+* **squash:**  install umount util ([563f5434](https://github.com/dracutdevs/dracut/commit/563f543424c66bf38e6cbd3f489655d45ad9b5c5))
+* **systemd:**  enable support for systemd compiled with ASAN ([d502d2a8](https://github.com/dracutdevs/dracut/commit/d502d2a816ba8f8329b3d8616bd2a7e82a0ad21f))
+* **systemd-integritysetup:**  introducing the systemd-integritysetup module ([33cf47a6](https://github.com/dracutdevs/dracut/commit/33cf47a60870cc290bd5b59c9cf87c54ad37051f))
+
+#### Contributors
+
+- Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+- David Disseldorp <ddiss@suse.de>
+- Martin Wilck <mwilck@suse.de>
+- Jóhann B. Guðmundsson <johannbg@gmail.com>
+- Shreenidhi Shedi <sshedi@vmware.com>
+- David Teigland <teigland@redhat.com>
+- Beniamino Galvani <bgalvani@redhat.com>
+- Thomas Blume <thomas.blume@suse.com>
+- Kairui Song <kasong@redhat.com>
+- Laszlo Gombos <laszlo.gombos@gmail.com>
+- Renaud Métrich <rmetrich@redhat.com>
+- Dusty Mabe <dusty@dustymabe.com>
+- Masahiro Matsuya <mmatsuya@redhat.com>
+- Alexander Wenzel <alexander.wenzel@qbeyond.de>
+- Andre Russ <andre.russ@sap.com>
+- Cornelius Hoffmann <coding@hoffmn.de>
+- David Tardon <dtardon@redhat.com>
+- Frantisek Sumsal <frantisek@sumsal.cz>
+- Harald Hoyer <harald@profian.com>
+- José María Fernández <josemariafg@gmail.com>
+- Kairui Song <kasong@tencent.com>
+- Peter Robinson <pbrobinson@fedoraproject.org>
+- Pingfan Liu <piliu@redhat.com>
+- Tony Asleson <tasleson@redhat.com>
+- Zoltán Böszörményi <zboszor@gmail.com>
+- Adrien Thierry <athierry@redhat.com>
+- Alexander Tsoy <alexander@tsoy.me>
+- Andreas Schwab <schwab@suse.de>
+- Andrey Sokolov <keremet@altlinux.org>
+- Brandon Sloane <btsloane@verizon.net>
+- Charles Rose <charles.rose@dell.com>
+- Coiby Xu <coxu@redhat.com>
+- Dan Horák <dhorak@redhat.com>
+- Dirk Müller <dirk@dmllr.de>
+- Glenn Morris <rgm@stanford.edu>
+- Hans de Goede <hdegoede@redhat.com>
+- Hari Bathini <hbathini@linux.ibm.com>
+- Henrik Gombos <henrik99999@gmail.com>
+- Jonathan Lebon <jonathan@jlebon.com>
+- LinkTed <link.ted@mailbox.org>
+- Lubomir Rintel <lkundrak@v3.sk>
+- Luca BRUNO <luca.bruno@coreos.com>
+- Lukas Nykryn <lnykryn@redhat.com>
+- Matthias Berndt <matthias_berndt@gmx.de>
+- Mike Gilbert <floppym@gentoo.org>
+- Pavel Valena <pvalena@redhat.com>
+- Stefan Berger <stefanb@linux.ibm.com>
+- Thomas Haller <thaller@redhat.com>
+- Tomasz Paweł Gajc <tpgxyz@gmail.com>
+- Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+- joshuacov1 <joshuacov@gmail.com>
+- lapseofreason <lapseofreason0@gmail.com>
+
+dracut-055
+==========
+
+#### Bug Fixes
+
+* **base:**
+    *  add missing `str_replace` to `dracut-dev-lib.sh` ([148e420b](https://github.com/dracutdevs/dracut/commit/148e420be5b5809aa8d5033f47477573bbbf3e60))
+    *  split out `dracut-dev-lib.sh` ([c08bc810](https://github.com/dracutdevs/dracut/commit/c08bc8109d4c43beacfa4bcdc20a356102da6d02))
+* **bash:**  minor cleanups ([9355cb8e](https://github.com/dracutdevs/dracut/commit/9355cb8ea5024533210067373657dc337d63ecb9))
+* **dash:**  minor cleanups ([f4ea5f87](https://github.com/dracutdevs/dracut/commit/f4ea5f8734c4636f7d6db78da76e9525beb9a0ac))
+* **dracut:**  pipe hardlink output to `dinfo` ([0a6007bf](https://github.com/dracutdevs/dracut/commit/0a6007bf4f472565d2c0c205a56edea7ba3e3bc3))
+* **dracut-functions:**  get_maj_min without get_maj_min_cache_file set ([a277a5fc](https://github.com/dracutdevs/dracut/commit/a277a5fc7acc0a9e8d853f09671495f9d27645c1))
+* **dracut-util:**  print error message with trailing newline ([b9b6f0ee](https://github.com/dracutdevs/dracut/commit/b9b6f0ee5b859a562e46a8c4e0dee0261fabf74d))
+* **fs-lib:**  install fsck utilities ([12beeac7](https://github.com/dracutdevs/dracut/commit/12beeac741e4429146a674ef4ea9aa0bac10364b))
+* **install:**
+    *  configure logging earlier ([5eb24aa2](https://github.com/dracutdevs/dracut/commit/5eb24aa21d3ee639f869c2e363b3fb0b98be552b))
+    *  sane default --kerneldir ([c1ab3613](https://github.com/dracutdevs/dracut/commit/c1ab36139d416e580e768c29f2addf7ccbc2c612), closes [#1505](https://github.com/dracutdevs/dracut/issues/1505))
+* **integrity:**  require ALLOW_METADATA_WRITES to come from EVM config file ([b12d91c4](https://github.com/dracutdevs/dracut/commit/b12d91c431220488fecf7b4be82427e3560560cb))
+* **mksh:**  minor cleanups ([6c673298](https://github.com/dracutdevs/dracut/commit/6c673298f36990665467564e6114c9ca2530f584))
+* **squash:**  don't mount the mount points if already mounted ([636d6df3](https://github.com/dracutdevs/dracut/commit/636d6df3134dde1dac72241937724bc59deb9303))
+* **warpclock:**  minor cleanups ([7d205598](https://github.com/dracutdevs/dracut/commit/7d205598c6a500b58b4d328e824d0446276f7ced))
+
+#### Features
+
+* **dracut.sh:**  detect running in a container ([7275c6f6](https://github.com/dracutdevs/dracut/commit/7275c6f6a0f6808cd939ea5bdf1244c7bd13ba44))
+* **install:**  add default value for --firmwaredirs ([4cb086fa](https://github.com/dracutdevs/dracut/commit/4cb086fa2995799b95c0b25bc9a0cf72ba3868ea))
+
+#### Contributors
+
+- Harald Hoyer <harald@redhat.com>
+- Jóhann B. Guðmundsson <johannbg@gmail.com>
+- Marcos Mello <marcosfrm@gmail.com>
+- Kairui Song <kasong@redhat.com>
+- Lars Wendler <polynomial-c@gentoo.org>
+- Stefan Berger <stefanb@linux.ibm.com>
+- Tomasz Paweł Gajc <tpgxyz@gmail.com>
+
 dracut-054
 ==========
 

configure

@@ -6,6 +6,7 @@ echo \#buildapi-variable-no-builddir > /dev/null
 prefix=/usr
 
 enable_documentation=yes
+enable_dracut_cpio=no
 
 CC="${CC:-cc}"
 PKG_CONFIG="${PKG_CONFIG:-pkg-config}"
@@ -48,6 +49,7 @@ while (($# > 0)); do
         --infodir) read_arg infodir "$@" || shift ;;
         --systemdsystemunitdir) read_arg systemdsystemunitdir "$@" || shift ;;
         --bashcompletiondir) read_arg bashcompletiondir "$@" || shift ;;
+        --enable-dracut-cpio) enable_dracut_cpio=yes ;;
         *) echo "Ignoring unknown option '$1'" ;;
     esac
     shift
@@ -102,6 +104,15 @@ if test $found = no; then
     exit 1
 fi
 
+if test "$enable_dracut_cpio" = "yes"; then
+    cargo --version > /dev/null
+    ret=$?
+    if test $ret -ne 0; then
+        echo "dracut couldn't find cargo for dracut-cpio build"
+        exit 1
+    fi
+fi
+
 cat > Makefile.inc.$$ << EOF
 prefix ?= ${prefix}
 libdir ?= ${libdir:-${prefix}/lib}
@@ -110,6 +121,7 @@ sysconfdir ?= ${sysconfdir:-${prefix}/etc}
 sbindir ?= ${sbindir:-${prefix}/sbin}
 mandir ?= ${mandir:-${prefix}/share/man}
 enable_documentation ?= ${enable_documentation:-yes}
+enable_dracut_cpio ?= ${enable_dracut_cpio}
 bindir ?= ${bindir:-${prefix}/bin}
 KMOD_CFLAGS ?= $(${PKG_CONFIG} --cflags " libkmod >= 23 ")
 KMOD_LIBS ?= $(${PKG_CONFIG} --libs " libkmod >= 23 ")

docs/CODE_OF_CONDUCT.md

@@ -40,7 +40,7 @@ This Code of Conduct applies within all community spaces, and also applies when
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@redhat.com>. 
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@profian.com>. 
 All complaints will be reviewed and investigated promptly and fairly and will result in a response that is deemed necessary and appropriate to the circumstances.
 Project maintainers are obligated to respect the privacy and security of the reporter of any incident.
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

docs/SECURITY.md

@@ -1,3 +1,3 @@
 Security is very important to us. If you discover any issue regarding security, we'd appreciate a non-public disclosure of
-the information, so  please disclose the information responsibly by sending an email to Harald Hoyer harald@redhat.com and not by creating a GitHub issue. 
+the information, so  please disclose the information responsibly by sending an email to Harald Hoyer <harald@profian.com> and not by creating a GitHub issue. 
 We will respond swiftly to fix verifiable security issues with the disclosure being coordinated with distributions and relevant security teams.

dracut-functions.sh

@@ -234,13 +234,20 @@ get_fs_env() {
 # 8:2
 get_maj_min() {
     local _majmin
-    out="$(grep -m1 -oP "^$1 \K\S+$" "${get_maj_min_cache_file:?}")"
-    if [ -z "$out" ]; then
-        _majmin="$(stat -L -c '%t:%T' "$1" 2> /dev/null)"
-        out="$(printf "%s" "$((0x${_majmin%:*})):$((0x${_majmin#*:}))")"
-        echo "$1 $out" >> "${get_maj_min_cache_file:?}"
+    local _out
+
+    if [[ $get_maj_min_cache_file ]]; then
+        _out="$(grep -m1 -oP "^$1 \K\S+$" "$get_maj_min_cache_file")"
     fi
-    echo -n "$out"
+
+    if ! [[ "$_out" ]]; then
+        _majmin="$(stat -L -c '%t:%T' "$1" 2> /dev/null)"
+        _out="$(printf "%s" "$((0x${_majmin%:*})):$((0x${_majmin#*:}))")"
+        if [[ $get_maj_min_cache_file ]]; then
+            echo "$1 $_out" >> "$get_maj_min_cache_file"
+        fi
+    fi
+    echo -n "$_out"
 }
 
 # get_devpath_block <device>
@@ -610,6 +617,27 @@ for_each_host_dev_and_slaves() {
     return 1
 }
 
+# /sys/dev/block/major:minor is symbol link to real hardware device
+# go downstream $(realpath /sys/dev/block/major:minor) to detect driver
+get_blockdev_drv_through_sys() {
+    local _block_mods=""
+    local _path
+
+    _path=$(realpath "$1")
+    while true; do
+        if [[ -L "$_path"/driver/module ]]; then
+            _mod=$(realpath "$_path"/driver/module)
+            _mod=$(basename "$_mod")
+            _block_mods="$_block_mods $_mod"
+        fi
+        _path=$(dirname "$_path")
+        if [[ $_path == '/sys/devices' ]] || [[ $_path == '/' ]]; then
+            break
+        fi
+    done
+    echo "$_block_mods"
+}
+
 # ugly workaround for the lvm design
 # There is no volume group device,
 # so, there are no slave devices for volume groups.
@@ -755,13 +783,29 @@ btrfs_devs() {
 iface_for_remote_addr() {
     # shellcheck disable=SC2046
     set -- $(ip -o route get to "$1")
-    echo "$3"
+    while [ $# -gt 0 ]; do
+        case $1 in
+            dev)
+                echo "$2"
+                return
+                ;;
+        esac
+        shift
+    done
 }
 
 local_addr_for_remote_addr() {
     # shellcheck disable=SC2046
     set -- $(ip -o route get to "$1")
-    echo "$5"
+    while [ $# -gt 0 ]; do
+        case $1 in
+            src)
+                echo "$2"
+                return
+                ;;
+        esac
+        shift
+    done
 }
 
 peer_for_addr() {
@@ -917,5 +961,29 @@ block_is_netdevice() {
 
 # get the corresponding kernel modules of a /sys/class/*/* or/dev/* device
 get_dev_module() {
-    udevadm info -a "$1" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p'
+    local dev_attr_walk
+    local dev_drivers
+    dev_attr_walk=$(udevadm info -a "$1")
+    dev_drivers=$(echo "$dev_attr_walk" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p')
+    # if no kernel modules found and device is in a virtual subsystem, follow symlinks
+    if [[ -z $dev_drivers && $(udevadm info -q path "$1") == "/devices/virtual"* ]]; then
+        local dev_vkernel
+        local dev_vsubsystem
+        local dev_vpath
+        dev_vkernel=$(echo "$dev_attr_walk" | sed -n 's/\s*KERNELS=="\(\S\+\)"/\1/p' | tail -1)
+        dev_vsubsystem=$(echo "$dev_attr_walk" | sed -n 's/\s*SUBSYSTEMS=="\(\S\+\)"/\1/p' | tail -1)
+        dev_vpath="/sys/devices/virtual/$dev_vsubsystem/$dev_vkernel"
+        if [[ -n $dev_vkernel && -n $dev_vsubsystem && -d $dev_vpath ]]; then
+            local dev_links
+            local dev_link
+            dev_links=$(find "$dev_vpath" -maxdepth 1 -type l ! -name "subsystem" -exec readlink {} \;)
+            for dev_link in $dev_links; do
+                [[ -n $dev_drivers && ${dev_drivers: -1} != $'\n' ]] && dev_drivers+=$'\n'
+                dev_drivers+=$(udevadm info -a "$dev_vpath/$dev_link" \
+                    | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p' \
+                    | grep -v -e pcieport)
+            done
+        fi
+    fi
+    echo "$dev_drivers"
 }

dracut-init.sh

@@ -423,7 +423,7 @@ inst_rule_programs() {
     done
 }
 
-# attempt to install any programs specified in a udev rule
+# attempt to create any groups and users specified in a udev rule
 inst_rule_group_owner() {
     local i
 

dracut-initramfs-restore.sh

@@ -6,28 +6,44 @@ set -e
 [ -e /run/initramfs/bin/sh ] && exit 0
 [ -e /run/initramfs/.need_shutdown ] || exit 0
 
+# SIGTERM signal is received upon forced shutdown: ignore the signal
+# We want to remain alive to be able to trap unpacking errors to avoid
+# switching root to an incompletely unpacked initramfs
+trap 'echo "Received SIGTERM signal, ignoring!" >&2' TERM
+
 KERNEL_VERSION="$(uname -r)"
 
 [[ $dracutbasedir ]] || dracutbasedir=/usr/lib/dracut
 SKIP="$dracutbasedir/skipcpio"
 [[ -x $SKIP ]] || SKIP="cat"
 
-[[ -f /etc/machine-id ]] && read -r MACHINE_ID < /etc/machine-id
+if [[ -d /efi/Default ]] || [[ -d /boot/Default ]] || [[ -d /boot/efi/Default ]]; then
+    MACHINE_ID="Default"
+elif [[ -f /etc/machine-id ]]; then
+    read -r MACHINE_ID < /etc/machine-id
+else
+    MACHINE_ID="Default"
+fi
 
 mount -o ro /boot &> /dev/null || true
 
-if [[ -d /efi/loader/entries || -L /efi/loader/entries ]] \
-    && [[ $MACHINE_ID ]] \
-    && [[ -d /efi/${MACHINE_ID} || -L /efi/${MACHINE_ID} ]]; then
+if [[ -d /efi/loader/entries ]] || [[ -L /efi/loader/entries ]] \
+    || [[ -d /efi/$MACHINE_ID ]] || [[ -L /efi/$MACHINE_ID ]]; then
     IMG="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
-elif [[ -d /boot/loader/entries || -L /boot/loader/entries ]] \
-    && [[ $MACHINE_ID ]] \
-    && [[ -d /boot/${MACHINE_ID} || -L /boot/${MACHINE_ID} ]]; then
+elif [[ -d /boot/loader/entries ]] || [[ -L /boot/loader/entries ]] \
+    || [[ -d /boot/$MACHINE_ID ]] || [[ -L /boot/$MACHINE_ID ]]; then
     IMG="/boot/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
-elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
-    IMG="/boot/initramfs-${KERNEL_VERSION}.img"
+elif [[ -d /boot/efi/loader/entries ]] || [[ -L /boot/efi/loader/entries ]] \
+    || [[ -d /boot/efi/$MACHINE_ID ]] || [[ -L /boot/efi/$MACHINE_ID ]]; then
+    IMG="/boot/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
 elif [[ -f /lib/modules/${KERNEL_VERSION}/initrd ]]; then
     IMG="/lib/modules/${KERNEL_VERSION}/initrd"
+elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
+    IMG="/boot/initramfs-${KERNEL_VERSION}.img"
+elif mountpoint -q /efi; then
+    IMG="/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
+elif mountpoint -q /boot/efi; then
+    IMG="/boot/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
 else
     echo "No initramfs image found to restore!"
     exit 1
@@ -35,13 +51,13 @@ fi
 
 cd /run/initramfs
 
-if $SKIP "$IMG" | zcat | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | xzcat | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | lz4 -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | zstd -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
+if $SKIP "$IMG" | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | zcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | bzcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | xzcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | lz4 -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | lzop -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | zstd -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
     rm -f -- .need_shutdown
 else
     # something failed, so we clean up

dracut.conf.d/fedora.conf.example

@@ -22,7 +22,7 @@ dbusconfdir=/etc/dbus-1
 dbusinterfacesconfdir=/etc/dbus-1/interfaces
 dbusservicesconfdir=/etc/dbus-1/services
 dbussessionconfdir=/etc/dbus-1/session.d
-dbussystem=confdir/etc/dbus-1/system.d
+dbussystemconfdir=/etc/dbus-1/system.d
 dbussystemservicesconfdir=/etc/dbus-1/system-services
 sysctld=/usr/lib/sysctl.d
 sysctlconfdir=/etc/sysctl.d

dracut.conf.d/suse.conf.example

@@ -7,7 +7,7 @@
 hostonly="yes"
 hostonly_cmdline="yes"
 
-compress="xz -0 --check=crc32 --memlimit-compress=50%"
+compress="zstd"
 
 i18n_vars="/etc/sysconfig/language:RC_LANG-LANG,RC_LC_ALL-LC_ALL /etc/sysconfig/console:CONSOLE_UNICODEMAP-FONT_UNIMAP,CONSOLE_FONT-FONT,CONSOLE_SCREENMAP-FONT_MAP /etc/sysconfig/keyboard:KEYTABLE-KEYMAP"
 omit_drivers+=" i2o_scsi "

dracut.sh

@@ -111,6 +111,8 @@ Creates initial ramdisk images for preloading modules
   --no-early-microcode  Do not combine early microcode with ramdisk
   --kernel-cmdline [PARAMETERS] Specify default kernel command line parameters
   --strip               Strip binaries in the initramfs
+  --aggresive-strip     Strip more than just debug symbol and sections,
+                        for a smaller initramfs build.
   --nostrip             Do not strip binaries in the initramfs
   --hardlink            Hardlink files in the initramfs
   --nohardlink          Do not hardlink files in the initramfs
@@ -226,6 +228,7 @@ Creates initial ramdisk images for preloading modules
                          otherwise you will not be able to boot.
   --no-compress         Do not compress the generated initramfs.  This will
                          override any other compression options.
+  --enhanced-cpio       Attempt to reflink cpio file data using dracut-cpio.
   --list-modules        List all available dracut modules.
   -M, --show-modules    Print included module's name to standard output during
                          build.
@@ -378,6 +381,7 @@ rearrange_params() {
             --long print-cmdline \
             --long kernel-cmdline: \
             --long strip \
+            --long aggresive-strip \
             --long nostrip \
             --long hardlink \
             --long nohardlink \
@@ -412,6 +416,7 @@ rearrange_params() {
             --long zstd \
             --long no-compress \
             --long gzip \
+            --long enhanced-cpio \
             --long list-modules \
             --long show-modules \
             --long keep \
@@ -695,6 +700,7 @@ while :; do
             early_microcode_l="no"
             ;;
         --strip) do_strip_l="yes" ;;
+        --aggresive-strip) aggresive_strip_l="yes" ;;
         --nostrip) do_strip_l="no" ;;
         --hardlink) do_hardlink_l="yes" ;;
         --nohardlink) do_hardlink_l="no" ;;
@@ -770,6 +776,7 @@ while :; do
         --zstd) compress_l="zstd" ;;
         --no-compress) _no_compress_l="cat" ;;
         --gzip) compress_l="gzip" ;;
+        --enhanced-cpio) enhanced_cpio_l="yes" ;;
         --list-modules) do_list="yes" ;;
         -M | --show-modules)
             show_modules_l="yes"
@@ -875,7 +882,7 @@ unset GREP_OPTIONS
 export DRACUT_LOG_LEVEL=warning
 [[ $debug ]] && {
     export DRACUT_LOG_LEVEL=debug
-    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
     set -x
 }
 
@@ -888,20 +895,26 @@ export DRACUT_LOG_LEVEL=warning
 [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut
 
 # if we were not passed a config file, try the default one
-if [[ ! -f $conffile ]]; then
+if [[ -z $conffile ]]; then
     if [[ $allowlocal ]]; then
         conffile="$dracutbasedir/dracut.conf"
     else
         conffile="$dracutsysrootdir/etc/dracut.conf"
     fi
+elif [[ ! -f $conffile ]]; then
+    printf "%s\n" "dracut: Configuration file '$conffile' not found." >&2
+    exit 1
 fi
 
-if [[ ! -d $confdir ]]; then
+if [[ -z $confdir ]]; then
     if [[ $allowlocal ]]; then
         confdir="$dracutbasedir/dracut.conf.d"
     else
         confdir="$dracutsysrootdir/etc/dracut.conf.d"
     fi
+elif [[ ! -d $confdir ]]; then
+    printf "%s\n" "dracut: Configuration directory '$confdir' not found." >&2
+    exit 1
 fi
 
 # source our config file
@@ -960,6 +973,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $drivers_dir_l ]] && drivers_dir=$drivers_dir_l
 [[ $do_strip_l ]] && do_strip=$do_strip_l
 [[ $do_strip ]] || do_strip=yes
+[[ $aggresive_strip_l ]] && aggresive_strip=$aggresive_strip_l
 [[ $do_hardlink_l ]] && do_hardlink=$do_hardlink_l
 [[ $do_hardlink ]] || do_hardlink=yes
 [[ $prefix_l ]] && prefix=$prefix_l
@@ -982,6 +996,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $tmpdir ]] || tmpdir="$dracutsysrootdir"/var/tmp
 [[ $INITRD_COMPRESS ]] && compress=$INITRD_COMPRESS
 [[ $compress_l ]] && compress=$compress_l
+[[ $enhanced_cpio_l ]] && enhanced_cpio=$enhanced_cpio_l
 [[ $show_modules_l ]] && show_modules=$show_modules_l
 [[ $nofscks_l ]] && nofscks="yes"
 [[ $ro_mnt_l ]] && ro_mnt="yes"
@@ -1171,6 +1186,13 @@ if [[ -f $dracutbasedir/dracut-version.sh ]]; then
     . "$dracutbasedir"/dracut-version.sh
 fi
 
+if systemd-detect-virt -c &> /dev/null; then
+    export DRACUT_NO_MKNOD=1 DRACUT_NO_XATTR=1
+    if [[ $hostonly ]]; then
+        printf "%s\n" "dracut: WARNING: running in hostonly mode in a container!!"
+    fi
+fi
+
 if [[ -f $dracutbasedir/dracut-init.sh ]]; then
     # shellcheck source=./dracut-init.sh
     . "$dracutbasedir"/dracut-init.sh
@@ -1181,6 +1203,19 @@ else
     exit 1
 fi
 
+if [[ $enhanced_cpio == "yes" ]]; then
+    enhanced_cpio="$dracutbasedir/dracut-cpio"
+    if [[ -x $enhanced_cpio ]]; then
+        # align based on statfs optimal transfer size
+        cpio_align=$(stat --file-system -c "%s" -- "$initdir")
+    else
+        dinfo "--enhanced-cpio ignored due to lack of dracut-cpio"
+        unset enhanced_cpio
+    fi
+else
+    unset enhanced_cpio
+fi
+
 # shellcheck disable=SC2154
 if [[ $no_kernel != yes ]] && ! [[ -d $srcmods ]]; then
     printf "%s\n" "dracut: Cannot find module directory $srcmods" >&2
@@ -1270,23 +1305,6 @@ if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then
         else
             dwarn "$srcmods/modules.dep is missing. Did you run depmod?"
         fi
-    elif ! (command -v gzip &> /dev/null && command -v xz &> /dev/null); then
-        read -r _mod < "$srcmods"/modules.dep
-        _mod=${_mod%%:*}
-        if [[ -f $srcmods/"$_mod" ]]; then
-            # Check, if kernel modules are compressed, and if we can uncompress them
-            case "$_mod" in
-                *.ko.gz) kcompress=gzip ;;
-                *.ko.xz) kcompress=xz ;;
-                *.ko.zst) kcompress=zstd ;;
-            esac
-            if [[ $kcompress ]]; then
-                if ! command -v "$kcompress" &> /dev/null; then
-                    dfatal "Kernel modules are compressed with $kcompress, but $kcompress is not available."
-                    exit 1
-                fi
-            fi
-        fi
     fi
 fi
 
@@ -1888,7 +1906,7 @@ if [[ $kernel_only != yes ]]; then
         # shellcheck disable=SC2174
         mkdir -m 0755 -p "${initdir}/lib/dracut/hooks/$_d"
     done
-    if [[ $EUID == "0" ]]; then
+    if [[ $EUID == "0" ]] && ! [[ $DRACUT_NO_MKNOD ]]; then
         [[ -c ${initdir}/dev/null ]] || mknod "${initdir}"/dev/null c 1 3
         [[ -c ${initdir}/dev/kmsg ]] || mknod "${initdir}"/dev/kmsg c 1 11
         [[ -c ${initdir}/dev/console ]] || mknod "${initdir}"/dev/console c 5 1
@@ -2060,9 +2078,11 @@ for ((i = 0; i < ${#include_src[@]}; i++)); do
             # check for preexisting symlinks, so we can cope with the
             # symlinks to $prefix
             # Objectname is a file or a directory
+            reset_dotglob="$(shopt -p dotglob)"
+            shopt -q -s dotglob
             for objectname in "$src"/*; do
                 [[ -e $objectname || -L $objectname ]] || continue
-                if [[ -d $objectname ]]; then
+                if [[ -d $objectname ]] && [[ ! -L $objectname ]]; then
                     # objectname is a directory, let's compute the final directory name
                     object_destdir=${destdir}/${objectname#$src/}
                     if ! [[ -e $object_destdir ]]; then
@@ -2070,11 +2090,12 @@ for ((i = 0; i < ${#include_src[@]}; i++)); do
                         mkdir -m 0755 -p "$object_destdir"
                         chmod --reference="$objectname" "$object_destdir"
                     fi
-                    $DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/*
+                    $DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/.
                 else
                     $DRACUT_CP -t "$destdir" "$dracutsysrootdir$objectname"
                 fi
             done
+            eval "$reset_dotglob"
         elif [[ -e $src ]]; then
             derror "$src is neither a directory nor a regular file"
         else
@@ -2085,7 +2106,7 @@ done
 
 if [[ $do_hardlink == yes ]] && command -v hardlink > /dev/null; then
     dinfo "*** Hardlinking files ***"
-    hardlink "$initdir" 2>&1
+    hardlink "$initdir" 2>&1 | dinfo
     dinfo "*** Hardlinking files done ***"
 fi
 
@@ -2102,6 +2123,13 @@ if [[ $do_strip == yes ]]; then
             do_strip=no
         fi
     done
+
+    if [[ $aggresive_strip ]]; then
+        # `eu-strip` and `strip` both strips all unneeded parts by default
+        strip_args=(-p)
+    else
+        strip_args=(-g -p)
+    fi
 fi
 
 # cleanup empty ldconfig_paths directories
@@ -2242,17 +2270,19 @@ if dracut_module_included "squash"; then
 fi
 
 if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
+    # stripping files negates (dedup) benefits of using reflink
+    [[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink"
     dinfo "*** Stripping files ***"
     find "$initdir" -type f \
         -executable -not -path '*/lib/modules/*.ko' -print0 \
-        | xargs -r -0 $strip_cmd -g -p 2> /dev/null
+        | xargs -r -0 $strip_cmd "${strip_args[@]}" 2> /dev/null
 
     # strip kernel modules, but do not touch signed modules
     find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
         | while read -r -d $'\0' f || [ -n "$f" ]; do
             SIG=$(tail -c 28 "$f" | tr -d '\000')
             [[ $SIG == '~Module signature appended~' ]] || { printf "%s\000" "$f"; }
-        done | xargs -r -0 $strip_cmd -g -p
+        done | xargs -r -0 $strip_cmd "${strip_args[@]}"
     dinfo "*** Stripping files done ***"
 fi
 
@@ -2312,27 +2342,62 @@ if [[ $create_early_cpio == yes ]]; then
     fi
 
     # The microcode blob is _before_ the initramfs blob, not after
-    if ! (
-        umask 077
-        cd "$early_cpio_dir/d"
-        find . -print0 | sort -z \
-            | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null \
-                ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
-    ); then
-        dfatal "dracut: creation of $outfile failed"
-        exit 1
+    if [[ -n $enhanced_cpio ]]; then
+        if ! (
+            umask 077
+            cd "$early_cpio_dir/d"
+            find . -print0 | sort -z \
+                | $enhanced_cpio --null ${cpio_owner:+--owner "$cpio_owner"} \
+                    --mtime 0 --data-align "$cpio_align" --truncate-existing \
+                    "${DRACUT_TMPDIR}/initramfs.img"
+        ); then
+            dfatal "dracut-cpio: creation of $outfile failed"
+            exit 1
+        fi
+    else
+        if ! (
+            umask 077
+            cd "$early_cpio_dir/d"
+            find . -print0 | sort -z \
+                | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null \
+                    ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
+        ); then
+            dfatal "dracut: creation of $outfile failed"
+            exit 1
+        fi
+    fi
+fi
+
+if check_kernel_config CONFIG_RD_ZSTD; then
+    DRACUT_KERNEL_RD_ZSTD=yes
+else
+    DRACUT_KERNEL_RD_ZSTD=
+fi
+
+if [[ $compress == $DRACUT_COMPRESS_ZSTD* && ! $DRACUT_KERNEL_RD_ZSTD ]]; then
+    dwarn "dracut: kernel has no zstd support compiled in."
+    compress=
+fi
+
+if [[ $compress && $compress != cat ]]; then
+    if ! command -v "${compress%% *}" &> /dev/null; then
+        derror "dracut: cannot execute compression command '$compress', falling back to default"
+        compress=
     fi
 fi
 
 if ! [[ $compress ]]; then
     # check all known compressors, if none specified
-    for i in $DRACUT_COMPRESS_PIGZ $DRACUT_COMPRESS_GZIP $DRACUT_COMPRESS_LZ4 $DRACUT_COMPRESS_LZOP $ $DRACUT_COMPRESS_ZSTD $DRACUT_COMPRESS_LZMA $DRACUT_COMPRESS_XZ $DRACUT_COMPRESS_LBZIP2 $OMPRESS_BZIP2 $DRACUT_COMPRESS_CAT; do
+    for i in $DRACUT_COMPRESS_PIGZ $DRACUT_COMPRESS_GZIP $DRACUT_COMPRESS_LZ4 $DRACUT_COMPRESS_LZOP $DRACUT_COMPRESS_ZSTD $DRACUT_COMPRESS_LZMA $DRACUT_COMPRESS_XZ $DRACUT_COMPRESS_LBZIP2 $DRACUT_COMPRESS_BZIP2 $DRACUT_COMPRESS_CAT; do
+        [[ $i != "$DRACUT_COMPRESS_ZSTD" || $DRACUT_KERNEL_RD_ZSTD ]] || continue
         command -v "$i" &> /dev/null || continue
         compress="$i"
         break
     done
     if [[ $compress == cat ]]; then
-        printf "%s\n" "dracut: no compression tool available. Initramfs image is going to be big." >&2
+        dwarn "dracut: no compression tool available. Initramfs image is going to be big."
+    else
+        dinfo "dracut: using auto-determined compression method '$compress'"
     fi
 fi
 
@@ -2371,15 +2436,41 @@ case $compress in
         ;;
 esac
 
-if ! (
-    umask 077
-    cd "$initdir"
-    find . -print0 | sort -z \
-        | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet \
-        | $compress >> "${DRACUT_TMPDIR}/initramfs.img"
-); then
-    dfatal "dracut: creation of $outfile failed"
-    exit 1
+if [[ -n $enhanced_cpio ]]; then
+    if [[ $compress == "cat" ]]; then
+        # dracut-cpio appends by default, so any ucode remains
+        cpio_outfile="${DRACUT_TMPDIR}/initramfs.img"
+    else
+        ddebug "$compress compression enabled alongside cpio reflink"
+        # dracut-cpio doesn't output to stdout, so stage for compression
+        cpio_outfile="${DRACUT_TMPDIR}/initramfs.img.uncompressed"
+    fi
+
+    if ! (
+        umask 077
+        cd "$initdir"
+        find . -print0 | sort -z \
+            | $enhanced_cpio --null ${cpio_owner:+--owner "$cpio_owner"} \
+                --mtime 0 --data-align "$cpio_align" "$cpio_outfile" || exit 1
+        [[ $compress == "cat" ]] && exit 0
+        $compress < "$cpio_outfile" >> "${DRACUT_TMPDIR}/initramfs.img" \
+            && rm "$cpio_outfile"
+    ); then
+        dfatal "dracut-cpio: creation of $outfile failed"
+        exit 1
+    fi
+    unset cpio_outfile
+else
+    if ! (
+        umask 077
+        cd "$initdir"
+        find . -print0 | sort -z \
+            | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null ${cpio_owner:+-R "$cpio_owner"} -H newc -o --quiet \
+            | $compress >> "${DRACUT_TMPDIR}/initramfs.img"
+    ); then
+        dfatal "dracut: creation of $outfile failed"
+        exit 1
+    fi
 fi
 
 # shellcheck disable=SC2154

man/dracut.8.asc

@@ -530,6 +530,15 @@ will not be able to boot.
     Specifies the kernel image, which to include in the UEFI executable. The default is
     _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or _/boot/vmlinuz-<KERNEL-VERSION>_
 
+**--enhanced-cpio**::
+    Attempt to use the dracut-cpio binary, which optimizes archive creation for
+    copy-on-write filesystems by using the copy_file_range(2) syscall via Rust's
+    io::copy(). When specified, initramfs archives are also padded to ensure
+    optimal data alignment for extent sharing. To retain reflink data
+    deduplication benefits, this should be used alongside the **--no-compress**
+    and **--no-strip** parameters, with initramfs source files, **--tmpdir**
+    staging area and destination all on the same copy-on-write capable filesystem.
+
 ENVIRONMENT
 -----------
 

man/dracut.asc

@@ -1,7 +1,7 @@
 dracut {mainversion}
 ====================
 :author: Harald Hoyer
-:email: harald@redhat.com
+:email: harald@profian.com
 :revnumber: {version}
 :language: bash
 

man/dracut.cmdline.7.asc

@@ -151,7 +151,7 @@ Misc
 
 **rd.retry=**__<seconds>__::
     specify how long dracut should retry the initqueue to configure devices.
-    The default is 30 seconds. After 2/3 of the time, degraded raids are force
+    The default is 180 seconds. After 2/3 of the time, degraded raids are force
     started. If you have hardware, which takes a very long time to announce its
     drives, you might want to extend this value.
 
@@ -575,6 +575,11 @@ USB Android phone::
 * enp0s29u1u2
 =====================
 
+The following options are supported by the 'network-legacy' dracut
+module. Other network modules might support a slightly different set of
+options; refer to the documentation of the specific network module in use. For
+NetworkManager, see *nm-initrd-generator*(8).
+
 **ip=**__{dhcp|on|any|dhcp6|auto6|either6|link6|single-dhcp}__::
     dhcp|on|any::: get ip from dhcp server from all interfaces. If netroot=dhcp,
     loop sequentially through all interfaces (eth0, eth1, ...) and use the first

modules.d/00bash/module-setup.sh

@@ -1,20 +1,32 @@
 #!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
 
-# called by dracut
+# Prerequisite check(s) for module.
 check() {
-    require_binaries /bin/bash
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries bash || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
 }
 
-# called by dracut
+# Module dependency requirements.
 depends() {
+
+    # Return 0 to include the dependent module(s) in the initramfs.
     return 0
+
 }
 
-# called by dracut
+# Install the required file(s) and directories for the module in the initramfs.
 install() {
-    # If another shell is already installed, do not use bash
-    [[ -x $initdir/bin/sh ]] && return
 
-    # Prefer bash as /bin/sh if it is available.
-    inst /bin/bash && ln -sf bash "${initdir}/bin/sh"
+    inst /bin/bash
+
+    # Prefer bash as default shell if no other shell is preferred.
+    [[ -L $initdir/bin/sh ]] || ln -sf bash "${initdir}/bin/sh"
+
 }

modules.d/00dash/module-setup.sh

@@ -1,20 +1,32 @@
 #!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
 
-# called by dracut
+# Prerequisite check(s) for module.
 check() {
-    require_binaries /bin/dash
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries dash || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
 }
 
-# called by dracut
+# Module dependency requirements.
 depends() {
+
+    # Return 0 to include the dependent module(s) in the initramfs.
     return 0
+
 }
 
-# called by dracut
+# Install the required file(s) and directories for the module in the initramfs.
 install() {
-    # If another shell is already installed, do not use dash
-    [[ -x $initdir/bin/sh ]] && return
 
-    # Prefer dash as /bin/sh if it is available.
-    inst /bin/dash && ln -sf dash "${initdir}/bin/sh"
+    inst /bin/dash
+
+    # Prefer dash as default shell if no other shell is preferred.
+    [[ -L $initdir/bin/sh ]] || ln -sf dash "${initdir}/bin/sh"
+
 }

modules.d/00mksh/module-setup.sh

@@ -1,20 +1,34 @@
 #!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
 
-# called by dracut
+# Prerequisite check(s) for module.
 check() {
-    require_binaries /bin/mksh
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries mksh || return 1
+    require_binaries printf || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
 }
 
-# called by dracut
+# Module dependency requirements.
 depends() {
+
+    # Return 0 to include the dependent module(s) in the initramfs.
     return 0
+
 }
 
-# called by dracut
+# Install the required file(s) and directories for the module in the initramfs.
 install() {
-    # If another shell is already installed, do not use mksh
-    [[ -x $initdir/bin/sh ]] && return
 
-    # Prefer mksh as /bin/sh if it is available.
-    inst /bin/mksh && ln -sf mksh "${initdir}/bin/sh"
+    inst /bin/mksh
+    inst printf
+
+    # Prefer mksh as default shell if no other shell is preferred.
+    [[ -L $initdir/bin/sh ]] || ln -sf mksh "${initdir}/bin/sh"
+
 }

modules.d/00systemd/module-setup.sh

@@ -213,8 +213,23 @@ install() {
         grep '^systemd-network:' "$dracutsysrootdir"/etc/group 2> /dev/null
     } >> "$initdir/etc/group"
 
-    ln_r "$systemdutildir"/systemd "/init"
-    ln_r "$systemdutildir"/systemd "/sbin/init"
+    local _systemdbinary="$systemdutildir"/systemd
+
+    if ldd "$_systemdbinary" | grep -qw libasan; then
+        local _wrapper="$systemdutildir"/systemd-asan-wrapper
+        cat > "$initdir"/"$_wrapper" << EOF
+#!/bin/sh
+mount -t proc -o nosuid,nodev,noexec proc /proc
+exec $_systemdbinary
+EOF
+        chmod 755 "$initdir"/"$_wrapper"
+        _systemdbinary="$_wrapper"
+        unset _wrapper
+    fi
+    ln_r "$_systemdbinary" "/init"
+    ln_r "$_systemdbinary" "/sbin/init"
+
+    unset _systemdbinary
 
     inst_binary true
     ln_r "$(find_binary true)" "/usr/bin/loginctl"

modules.d/00warpclock/module-setup.sh

@@ -1,29 +1,39 @@
 #!/bin/bash
-# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
-# ex: ts=8 sw=4 sts=4 et filetype=sh
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
 
-# called by dracut
+# Prerequisite check(s) for module.
 check() {
+
     # hwclock does not exist on S390(x), bail out silently then
     local _arch=${DRACUT_ARCH:-$(uname -m)}
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] && return 1
 
-    [ -e /etc/localtime -a -e /etc/adjtime ] || return 1
-    require_binaries /sbin/hwclock || return 1
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries hwclock || return 1
 
+    # Return 255 to only include the module, if another module requires it.
     return 255
+
 }
 
-# called by dracut
+# Module dependency requirements.
 depends() {
+
+    # Return 0 to include the dependent module(s) in the initramfs.
     return 0
+
 }
 
-# called by dracut
+# Install the required file(s) and directories for the module in the initramfs.
 install() {
-    inst /usr/share/zoneinfo/UTC
-    inst /etc/localtime
-    inst /etc/adjtime
+
     inst_hook pre-trigger 00 "$moddir/warpclock.sh"
-    inst /sbin/hwclock
+
+    inst_multiple -o \
+        /usr/share/zoneinfo/UTC \
+        /etc/localtime \
+        /etc/adjtime \
+        hwclock
+
 }

modules.d/00warpclock/warpclock.sh

@@ -1,4 +1,9 @@
 #!/bin/sh
+# This file is part of dracut warpclock module.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Set the kernel's timezone and reset the system time
+# if adjtime is set to LOCAL.
 
 if test -e /etc/adjtime; then
     while read -r line; do

modules.d/01fips/fips-noboot.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
 if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then
     rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1
 elif [ -z "$fipsmode" ]; then

modules.d/01fips/fips.sh

@@ -79,6 +79,7 @@ nonfatal_modprobe() {
 fips_load_crypto() {
     local _k
     local _v
+    local _module
     local _found
 
     FIPSMODULES=$(cat /etc/fipsmodules)
@@ -108,48 +109,63 @@ fips_load_crypto() {
 }
 
 do_fips() {
-    local _v
-    local _module
-
     KERNEL=$(uname -r)
 
-    fips_info "Checking integrity of kernel"
-    if [ -e "/run/initramfs/live/vmlinuz0" ]; then
-        do_rhevh_check /run/initramfs/live/vmlinuz0 || return 1
-    elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
-        do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
-    elif [ -e "/run/install/repo/images/pxeboot/vmlinuz" ]; then
-        # This is a boot.iso with the .hmac inside the install.img
-        do_rhevh_check /run/install/repo/images/pxeboot/vmlinuz || return 1
-    else
-        BOOT_IMAGE="$(getarg BOOT_IMAGE)"
+    if ! getarg rd.fips.skipkernel > /dev/null; then
 
-        # Trim off any leading GRUB boot device (e.g. ($root) )
-        BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')"
+        fips_info "Checking integrity of kernel"
+        if [ -e "/run/initramfs/live/vmlinuz0" ]; then
+            do_rhevh_check /run/initramfs/live/vmlinuz0 || return 1
+        elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
+            do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
+        elif [ -e "/run/install/repo/images/pxeboot/vmlinuz" ]; then
+            # This is a boot.iso with the .hmac inside the install.img
+            do_rhevh_check /run/install/repo/images/pxeboot/vmlinuz || return 1
+        else
+            BOOT_IMAGE="$(getarg BOOT_IMAGE)"
 
-        BOOT_IMAGE_NAME="${BOOT_IMAGE##*/}"
-        BOOT_IMAGE_PATH="${BOOT_IMAGE%${BOOT_IMAGE_NAME}}"
-
-        if [ -z "$BOOT_IMAGE_NAME" ]; then
-            BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
-        elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
-            #if /boot is not a separate partition BOOT_IMAGE might start with /boot
-            BOOT_IMAGE_PATH=${BOOT_IMAGE_PATH#"/boot"}
-            #on some achitectures BOOT_IMAGE does not contain path to kernel
-            #so if we can't find anything, let's treat it in the same way as if it was empty
-            if ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
-                BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
-                BOOT_IMAGE_PATH=""
+            # On s390x, BOOT_IMAGE isn't a path but an integer representing the
+            # entry number selected. Let's try the root of /boot first, and
+            # otherwise fallback to trying to parse the BLS entries if it's a
+            # BLS-based system.
+            if [ "$(uname -m)" = s390x ]; then
+                if [ -e "/boot/vmlinuz-${KERNEL}" ]; then
+                    BOOT_IMAGE="vmlinuz-${KERNEL}"
+                elif [ -d /boot/loader/entries ]; then
+                    bls=$(find /boot/loader/entries -name '*.conf' | sort -rV | sed -n "$((BOOT_IMAGE + 1))p")
+                    if [ -e "${bls}" ]; then
+                        BOOT_IMAGE=$(grep ^linux "${bls}" | cut -d' ' -f2)
+                    fi
+                fi
             fi
-        fi
 
-        BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}/.${BOOT_IMAGE_NAME}.hmac"
-        if ! [ -e "${BOOT_IMAGE_HMAC}" ]; then
-            warn "${BOOT_IMAGE_HMAC} does not exist"
-            return 1
-        fi
+            # Trim off any leading GRUB boot device (e.g. ($root) )
+            BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')"
 
-        (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
+            BOOT_IMAGE_NAME="${BOOT_IMAGE##*/}"
+            BOOT_IMAGE_PATH="${BOOT_IMAGE%${BOOT_IMAGE_NAME}}"
+
+            if [ -z "$BOOT_IMAGE_NAME" ]; then
+                BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
+            elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
+                #if /boot is not a separate partition BOOT_IMAGE might start with /boot
+                BOOT_IMAGE_PATH=${BOOT_IMAGE_PATH#"/boot"}
+                #on some achitectures BOOT_IMAGE does not contain path to kernel
+                #so if we can't find anything, let's treat it in the same way as if it was empty
+                if ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
+                    BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
+                    BOOT_IMAGE_PATH=""
+                fi
+            fi
+
+            BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}/.${BOOT_IMAGE_NAME}.hmac"
+            if ! [ -e "${BOOT_IMAGE_HMAC}" ]; then
+                warn "${BOOT_IMAGE_HMAC} does not exist"
+                return 1
+            fi
+
+            (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
+        fi
     fi
 
     fips_info "All initrd crypto checks done"

modules.d/01fips/module-setup.sh

@@ -67,7 +67,7 @@ install() {
     inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
     inst_script "$moddir/fips.sh" /sbin/fips.sh
 
-    inst_multiple sha512hmac rmmod insmod mount uname umount
+    inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort
 
     inst_simple /etc/system-fips
     [ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \
@@ -78,7 +78,7 @@ install() {
         }
     [ -c "${initdir}"/dev/urandom ] || mknod "${initdir}"/dev/urandom c 1 9 \
         || {
-            dfatal "Cannot create /dev/random"
+            dfatal "Cannot create /dev/urandom"
             dfatal "To create an initramfs with fips support, dracut has to run as root"
             return 1
         }

modules.d/01systemd-coredump/module-setup.sh

@@ -37,6 +37,7 @@ install() {
         "$systemdsystemunitdir"/systemd-coredump.socket \
         "$systemdsystemunitdir"/systemd-coredump@.service \
         "$systemdsystemunitdir"/sockets.target.wants/systemd-coredump.socket \
+        "$sysusers"/systemd-coredump.conf \
         coredumpctl
 
     # Install the hosts local user configurations if enabled.
@@ -48,6 +49,7 @@ install() {
             "$systemdsystemconfdir/systemd-coredump.socket.d/*.conf" \
             "$systemdsystemconfdir"/systemd-coredump@.service \
             "$systemdsystemconfdir/systemd-coredump@.service.d/*.conf" \
-            "$systemdsystemconfdir"/sockets.target.wants/systemd-coredump.socket
+            "$systemdsystemconfdir"/sockets.target.wants/systemd-coredump.socket \
+            "$sysusersconfdir"/systemd-coredump.conf
     fi
 }

modules.d/01systemd-integritysetup/module-setup.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd dm
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+installkernel() {
+    instmods dm-integrity
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    inst_multiple -o \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        "$systemdsystemunitdir"/integritysetup-pre.target \
+        "$systemdsystemunitdir"/integritysetup.target \
+        "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/integritytab \
+            "$systemdsystemconfdir"/integritysetup.target \
+            "$systemdsystemconfdir/integritysetup.target.wants/*.target" \
+            "$systemdsystemconfdir"/integritysetup-pre.target \
+            "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \
+            "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \
+            "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target"
+    fi
+
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*"
+
+}

modules.d/01systemd-journald/module-setup.sh

@@ -47,6 +47,7 @@ install() {
         "$systemdsystemunitdir"/sockets.target.wants/systemd-journald.socket \
         "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-audit.socket \
         "$systemdsystemunitdir"/sysinit.target.wants/systemd-journald.service \
+        "$sysusers"/systemd-journal.conf \
         journalctl
 
     # Install library file(s)
@@ -66,7 +67,8 @@ install() {
             "$systemdsystemconfdir"/systemd-journal-flush.service \
             "$systemdsystemconfdir/systemd-journal-flush.service.d/*.conf" \
             "$systemdsystemconfdir"/systemd-journal-catalog-update.service \
-            "$systemdsystemconfdir/systemd-journal-catalog-update.service.d/*.conf"
+            "$systemdsystemconfdir/systemd-journal-catalog-update.service.d/*.conf" \
+            "$sysusersconfdir"/systemd-journal.conf
     fi
 
 }

modules.d/01systemd-networkd/module-setup.sh

@@ -50,6 +50,7 @@ install() {
         "$systemdsystemunitdir"/systemd-network-generator.service \
         "$systemdsystemunitdir"/systemd-networkd-wait-online.service \
         "$systemdsystemunitdir"/systemd-network-generator.service \
+        "$sysusers"/systemd-network.conf \
         networkctl ip
 
     # Enable systemd type units
@@ -74,6 +75,7 @@ install() {
             "$systemdsystemconfdir"/systemd-network-generator.service \
             "$systemdsystemconfdir/systemd-network-generator.service/*.conf" \
             "$systemdsystemconfdir"/systemd-networkd-wait-online.service \
-            "$systemdsystemconfdir/systemd-networkd-wait-online.service/*.conf"
+            "$systemdsystemconfdir/systemd-networkd-wait-online.service/*.conf" \
+            "$sysusersconfdir"/systemd-network.conf
     fi
 }

modules.d/01systemd-resolved/module-setup.sh

@@ -40,6 +40,7 @@ install() {
         "$systemdutildir"/systemd-resolved \
         "$systemdsystemunitdir"/systemd-resolved.service \
         "$systemdsystemunitdir/systemd-resolved.service.d/*.conf" \
+        "$sysusers"/systemd-resolve.conf \
         resolvectl
 
     # Enable systemd type unit(s)
@@ -51,6 +52,7 @@ install() {
             "$systemdutilconfdir"/resolved.conf \
             "$systemdutilconfdir/resolved.conf.d/*.conf" \
             "$systemdsystemconfdir"/systemd-resolved.service \
-            "$systemdsystemconfdir/systemd-resolved.service/*.conf"
+            "$systemdsystemconfdir/systemd-resolved.service/*.conf" \
+            "$sysusersconfdir"/systemd-resolve.conf
     fi
 }

modules.d/01systemd-sysusers/module-setup.sh

@@ -24,6 +24,8 @@ depends() {
 # Install the required file(s) and directories for the module in the initramfs.
 install() {
 
+    inst_simple "$moddir/sysusers-dracut.conf" "$systemdsystemunitdir/systemd-sysusers.service.d/sysusers-dracut.conf"
+
     inst_multiple -o \
         "$sysusers"/basic.conf \
         "$sysusers"/systemd.conf \

modules.d/01systemd-sysusers/sysusers-dracut.conf

@@ -0,0 +1,2 @@
+[Unit]
+ConditionNeedsUpdate=

modules.d/01systemd-timesyncd/module-setup.sh

@@ -42,7 +42,8 @@ install() {
         "$systemdsystemunitdir"/systemd-timesyncd.service \
         "$systemdsystemunitdir/systemd-timesyncd.service.d/*.conf" \
         "$systemdsystemunitdir"/systemd-time-wait-sync.service \
-        "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf"
+        "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \
+        "$sysusers"/systemd-timesync.conf
 
     # Enable systemd type unit(s)
     for i in \
@@ -60,6 +61,7 @@ install() {
             "$systemdsystemconfdir"/systemd-timesyncd.service \
             "$systemdsystemconfdir/systemd-timesyncd.service.d/*.conf" \
             "$systemdsystemunitdir"/systemd-time-wait-sync.service \
-            "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf"
+            "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \
+            "$sysusersconfdir"/systemd-timesync.conf
     fi
 }

modules.d/35network-legacy/ifup.sh

@@ -446,7 +446,11 @@ for p in $(getargs ip=); do
 
     # If this option isn't directed at our interface, skip it
     if [ -n "$dev" ]; then
-        [ "$dev" != "$netif" ] && continue
+        if [ "$dev" != "$netif" ]; then
+            [ ! -e "/sys/class/net/$dev" ] \
+                && warn "Network interface '$dev' does not exist!"
+            continue
+        fi
     else
         iface_is_enslaved "$netif" && continue
     fi

modules.d/35network-legacy/parse-ip-opts.sh

@@ -97,6 +97,11 @@ for p in $(getargs ip=); do
         fi
         # IFACES list for later use
         IFACES="$IFACES $dev"
+
+        # Interface should exist
+        if [ ! -e "/sys/class/net/$dev" ]; then
+            warn "Network interface '$dev' does not exist"
+        fi
     fi
 
     # Do we need to check for specific options?

modules.d/35network-manager/module-setup.sh

@@ -10,7 +10,7 @@ check() {
 
 # called by dracut
 depends() {
-    echo dbus
+    echo dbus bash
     return 0
 }
 
@@ -31,6 +31,7 @@ install() {
 
     inst NetworkManager
     inst_multiple -o /usr/{lib,libexec}/nm-initrd-generator
+    inst_multiple -o /usr/{lib,libexec}/nm-daemon-helper
     inst_multiple -o teamd dhclient
     inst_hook cmdline 99 "$moddir/nm-config.sh"
     if dracut_module_included "systemd"; then
@@ -38,6 +39,11 @@ install() {
         inst "$dbussystem"/org.freedesktop.NetworkManager.conf
         inst_multiple nmcli nm-online
 
+        # teaming support under systemd+dbus
+        inst_multiple -o \
+            "$dbussystem"/teamd.conf \
+            "$dbussystemconfdir"/teamd.conf
+
         # Install a configuration snippet to prevent the automatic creation of
         # "Wired connection #" DHCP connections for Ethernet interfaces
         inst_simple "$moddir"/initrd-no-auto-default.conf /usr/lib/NetworkManager/conf.d/

modules.d/35network-manager/nm-config.sh

@@ -16,6 +16,20 @@ if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
         echo '[logging]'
         echo 'level=TRACE'
     ) > /run/NetworkManager/conf.d/initrd-logging.conf
+
+    if [ -n "$DRACUT_SYSTEMD" ]; then
+        # Enable tty output if a usable console is found
+        # See https://github.com/coreos/fedora-coreos-tracker/issues/943
+        # shellcheck disable=SC2217
+        if [ -w /dev/console ] && (echo < /dev/console) > /dev/null 2> /dev/null; then
+            mkdir -p /run/systemd/system/nm-initrd.service.d
+            cat << EOF > /run/systemd/system/nm-initrd.service.d/tty-output.conf
+[Service]
+StandardOutput=tty
+EOF
+            systemctl --no-block daemon-reload
+        fi
+    fi
 fi
 
 nm_generate_connections

modules.d/35network-manager/nm-initrd.service

@@ -1,8 +1,9 @@
 [Unit]
 DefaultDependencies=no
-Wants=systemd-udev-settle.service
-After=systemd-udev-settle.service
+Wants=systemd-udev-trigger.service
+After=systemd-udev-trigger.service
 After=dracut-cmdline.service
+Wants=network.target
 Before=network.target
 ConditionPathExists=/run/NetworkManager/initrd/neednet
 ConditionPathExistsGlob=|/usr/lib/NetworkManager/system-connections/*
@@ -16,7 +17,9 @@ BusName=org.freedesktop.NetworkManager
 ExecReload=/usr/bin/busctl call org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager Reload u 0
 ExecStart=/usr/sbin/NetworkManager --debug
 KillMode=process
-StandardOutput=tty
+# The following gets changed to StandardOutput=tty by nm-config.sh
+# when debug is enabled and a usable console is found.
+StandardOutput=null
 Environment=NM_CONFIG_ENABLE_TAG=initrd
 Restart=on-failure
 ProtectSystem=true

modules.d/35network-manager/nm-lib.sh

@@ -28,3 +28,7 @@ nm_generate_connections() {
         done
     fi
 }
+
+nm_reload_connections() {
+    [ -n "$DRACUT_SYSTEMD" ] && systemctl is-active nm-initrd.service && nmcli connection reload
+}

modules.d/35network-manager/nm-run.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 type source_hook > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
@@ -24,11 +24,47 @@ if [ -s /run/NetworkManager/initrd/hostname ]; then
     cat /run/NetworkManager/initrd/hostname > /proc/sys/kernel/hostname
 fi
 
+kf_get_string() {
+    # NetworkManager writes keyfiles (glib's GKeyFile API). Have a naive
+    # parser for it.
+    #
+    # But GKeyFile will backslash escape certain keys (\s, \t, \n) but also
+    # escape backslash. As an approximation, interpret the string with printf's
+    # '%b'.
+    #
+    # This is supposed to mimic g_key_file_get_string() (poorly).
+
+    v1="$(sed -n "s/^$1=/=/p" | sed '1!d')"
+    test "$v1" = "${v1#=}" && return 1
+    printf "%b" "${v1#=}"
+}
+
+kf_unescape() {
+    # Another layer of unescaping. While values in GKeyFile format
+    # are backslash escaped, the original strings (which are in no
+    # defined encoding) are backslash escaped too to be valid UTF-8.
+    # This will undo the second layer of escaping to give binary "strings".
+    printf "%b" "$1"
+}
+
+kf_parse() {
+    v3="$(kf_get_string "$1")" || return 1
+    v3="$(kf_unescape "$v3")"
+    printf '%s=%s\n' "$2" "$(printf '%q' "$v3")"
+}
+
+dhcpopts_create() {
+    kf_parse root-path new_root_path < "$1"
+    kf_parse next-server new_next_server < "$1"
+    kf_parse dhcp-bootfile filename < "$1"
+}
+
 for _i in /sys/class/net/*; do
-    state=/run/NetworkManager/devices/$(cat "$_i"/ifindex)
-    grep -q connection-uuid= "$state" 2> /dev/null || continue
-    ifname=${_i##*/}
-    sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p' < "$state" > /tmp/dhclient."$ifname".dhcpopts
+    [ -d "$_i" ] || continue
+    state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)"
+    grep -q '^connection-uuid=' "$state" 2> /dev/null || continue
+    ifname="${_i##*/}"
+    dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts
     source_hook initqueue/online "$ifname"
     /sbin/netroot "$ifname"
 done

modules.d/35network-wicked/module-setup.sh

@@ -33,15 +33,23 @@ install() {
 
     inst_dir /etc/wicked/extensions
     inst_dir /usr/share/wicked/schema
-    inst_dir /usr/lib/wicked/bin
+    if [ -d /usr/lib/wicked/bin ]; then
+        inst_dir /usr/lib/wicked/bin
+        inst_multiple "/usr/lib/wicked/bin/*"
+    elif [ -d /usr/libexec/wicked/bin ]; then
+        inst_dir /usr/libexec/wicked/bin
+        inst_multiple "/usr/libexec/wicked/bin/*"
+    fi
     inst_dir /var/lib/wicked
 
     inst_multiple "/etc/wicked/*.xml"
     inst_multiple "/etc/wicked/extensions/*"
-    inst_multiple "/etc/dbus-1/system.d/org.opensuse.Network*"
+    if [ -f /etc/dbus-1/system.d/org.opensuse.Network.conf ]; then
+        inst_multiple "/etc/dbus-1/system.d/org.opensuse.Network*"
+    elif [ -f /usr/share/dbus-1/system.d/org.opensuse.Network.conf ]; then
+        inst_multiple "/usr/share/dbus-1/system.d/org.opensuse.Network*"
+    fi
     inst_multiple "/usr/share/wicked/schema/*"
-    inst_multiple "/usr/lib/wicked/bin/*"
-    inst_multiple "/usr/libexec/wicked/bin/*"
     inst_multiple "/usr/sbin/wicked*"
 
     wicked_units=(

modules.d/40network/module-setup.sh

@@ -17,9 +17,9 @@ depends() {
     done
 
     if [ -z "$network_handler" ]; then
-        if [[ -x $dracutsysrootdir$systemdsystemunitdir/wicked.service ]]; then
+        if [[ -e $dracutsysrootdir$systemdsystemunitdir/wicked.service ]]; then
             network_handler="network-wicked"
-        elif [[ -x $dracutsysrootdir/usr/libexec/nm-initrd-generator ]]; then
+        elif [[ -x $dracutsysrootdir/usr/libexec/nm-initrd-generator ]] || [[ -x $dracutsysrootdir/usr/lib/nm-initrd-generator ]]; then
             network_handler="network-manager"
         elif [[ -x $dracutsysrootdir$systemdutildir/systemd-networkd ]]; then
             network_handler="systemd-networkd"

modules.d/40network/net-lib.sh

@@ -295,7 +295,7 @@ ibft_to_cmdline() {
                 # skip not assigned ip adresses
                 [ "$ip" = "0.0.0.0" ] && continue
                 [ -e "${iface}"/gateway ] && read -r gw < "${iface}"/gateway
-                [ "$gateway" = "0.0.0.0" ] && unset gateway
+                [ "$gw" = "0.0.0.0" ] && unset gw
                 [ -e "${iface}"/subnet-mask ] && read -r mask < "${iface}"/subnet-mask
                 [ -e "${iface}"/prefix-len ] && read -r prefix < "${iface}"/prefix-len
                 [ -e "${iface}"/primary-dns ] && read -r dns1 < "${iface}"/primary-dns

modules.d/45ifcfg/write-ifcfg.sh

@@ -103,6 +103,11 @@ interface_bind() {
     local _netif="$1"
     local _macaddr="$2"
 
+    if [ ! -e "/sys/class/net/$_netif" ]; then
+        derror "Cannot find network interface '$_netif'!"
+        return 1
+    fi
+
     # see, if we can bind it to some hw parms
     if hw_bind "$_netif" "$_macaddr"; then
         # only print out DEVICE, if it's user assigned

modules.d/45url-lib/module-setup.sh

@@ -15,10 +15,10 @@ depends() {
 
 # called by dracut
 install() {
-    local _dir _crt _found _lib _nssckbi _p11roots _p11root
+    local _dir _crt _crts _found _lib _nssckbi _p11roots _p11root
     inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
     inst_multiple -o ctorrent
-    inst_multiple curl
+    inst_multiple curl sed
     if curl --version | grep -qi '\bNSS\b'; then
         # also install libs for curl https
         inst_libdir_file "libnsspem.so*"
@@ -29,21 +29,28 @@ install() {
 
     for _dir in $libdirs; do
         [[ -d $dracutsysrootdir$_dir ]] || continue
-        for _lib in "$dracutsysrootdir$_dir"/libcurl.so.*; do
+        for _lib in "$dracutsysrootdir$_dir"/libcurl.so.* "$dracutsysrootdir$_dir"/libcrypto.so.*; do
             [[ -e $_lib ]] || continue
             if ! [[ $_nssckbi ]]; then
                 read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib")
             fi
-            read -r -d '' _crt < <(grep -F --binary-files=text -z .crt "$_lib")
+            read -r -d '' _crt < <(grep -E --binary-files=text -z "\.(pem|crt)" "$_lib" | sed 's/\x0//g')
             [[ $_crt ]] || continue
             [[ $_crt == /*/* ]] || continue
+            if [[ -e $_crt ]]; then
+                _crts="$_crts $_crt"
+                _found=1
+            fi
+        done
+    done
+    if [[ $_found ]] && [[ -n $_crts ]]; then
+        for _crt in $_crts; do
             if ! inst "${_crt#$dracutsysrootdir}"; then
                 dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
                 continue
             fi
-            _found=1
         done
-    done
+    fi
     # If we found no cert bundle files referenced in libcurl but we
     # *did* find a mention of libnssckbi (checked above), install it.
     # If its truly NSS libnssckbi, it includes its own trust bundle,

modules.d/45url-lib/url-lib.sh

@@ -159,7 +159,7 @@ nfs_fetch_url() {
         mntdir="$(mkuniqdir /run nfs_mnt)"
         mount_nfs "$nfs:$server:$filepath${options:+:$options}" "$mntdir"
         # lazy unmount during pre-pivot hook
-        inst_hook --hook pre-pivot --name 99url-lib-umount-nfs umount -l -- "$mntdir"
+        inst_hook --hook pre-pivot --name 99url-lib-umount-nfs-"$(basename "$mntdir")" umount -l -- "$mntdir"
     fi
 
     if [ -z "$outloc" ]; then

modules.d/50drm/module-setup.sh

@@ -29,6 +29,8 @@ installkernel() {
     # as we could e.g. be in the installer; nokmsboot boot parameter will disable
     # loading of the driver if needed
     if [[ $hostonly ]]; then
+        local i modlink modname
+
         for i in /sys/bus/{pci/devices,platform/devices,virtio/devices,soc/devices/soc?}/*/modalias; do
             [[ -e $i ]] || continue
             [[ -n $(< "$i") ]] || continue
@@ -39,7 +41,19 @@ installkernel() {
                 fi
             fi
         done
+        # if there is a privacy screen then its driver must be loaded before the
+        # kms driver will bind, otherwise its probe() will return -EPROBE_DEFER
+        # note privacy screens always register, even with e.g. nokmsboot
+        for i in /sys/class/drm/privacy_screen-*/device/driver/module; do
+            [[ -L $i ]] || continue
+            modlink=$(readlink "$i")
+            modname=$(basename "$modlink")
+            instmods "$modname"
+        done
     else
         dracut_instmods -o -s "drm_crtc_init|drm_dev_register|drm_encoder_init" "=drivers/gpu/drm" "=drivers/staging"
+        # also include privacy screen providers (see above comment)
+        # atm all providers live under drivers/platform/x86
+        dracut_instmods -o -s "drm_privacy_screen_register" "=drivers/platform/x86"
     fi
 }

modules.d/62bluetooth/module-setup.sh

@@ -56,6 +56,7 @@ install() {
     local -a var_lib_files
 
     inst_multiple \
+        "$dbussystem"/bluetooth.conf \
         "${systemdsystemunitdir}/bluetooth.target" \
         "${systemdsystemunitdir}/bluetooth.service" \
         bluetoothctl
@@ -67,9 +68,9 @@ install() {
     if [[ $hostonly ]]; then
         var_lib_files=("$dracutsysrootdir"/var/lib/bluetooth/**)
 
-        inst_multiple \
+        inst_multiple -o \
             /etc/bluetooth/main.conf \
-            /etc/dbus-1/system.d/bluetooth.conf \
+            "$dbussystemconfdir"/bluetooth.conf \
             "${var_lib_files[@]#"$dracutsysrootdir"}"
     fi
 

modules.d/80cms/cmsifup.sh

@@ -34,9 +34,10 @@ fi
 IFACES="$IFACES $DEVICE"
 echo "$IFACES" >> /tmp/net.ifaces
 
-if [ -x /usr/libexec/nm-initrd-generator ]; then
+if [ -x /usr/libexec/nm-initrd-generator ] || [ -x /usr/lib/nm-initrd-generator ]; then
     type nm_generate_connections > /dev/null 2>&1 || . /lib/nm-lib.sh
     nm_generate_connections
+    nm_reload_connections
 else
     exec ifup "$DEVICE"
 fi

modules.d/80cms/module-setup.sh

@@ -27,7 +27,7 @@ install() {
     inst_script "$moddir/cmsifup.sh" /sbin/cmsifup
     # shellcheck disable=SC2046
     inst_multiple /etc/cmsfs-fuse/filetypes.conf /etc/udev/rules.d/99-fuse.rules /etc/fuse.conf \
-        cmsfs-fuse fusermount ulockmgr_server bash insmod rmmod cat normalize_dasd_arg sed \
+        cmsfs-fuse fusermount bash insmod rmmod cat normalize_dasd_arg sed \
         $(rpm -ql s390utils-base) awk getopt
 
     inst_libdir_file "gconv/*"

modules.d/90crypt/cryptroot-ask.sh

@@ -138,8 +138,9 @@ unset allowdiscards
 ask_passphrase=1
 
 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
+    # shellcheck disable=SC2086
     if readkey "$luksfile" / "$device" \
-        | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname"; then
+        | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then
         ask_passphrase=0
     fi
 elif [ "$is_keysource" -ne 0 ]; then
@@ -164,8 +165,9 @@ else
         unset tmp
 
         info "Using '$keypath' on '$keydev'"
+        # shellcheck disable=SC2086
         readkey "$keypath" "$keydev" "$device" \
-            | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname" \
+            | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" \
             && ask_passphrase=0
         unset keypath keydev
         break

modules.d/90crypt/module-setup.sh

@@ -18,7 +18,20 @@ check() {
 
 # called by dracut
 depends() {
-    echo dm rootfs-block
+    local deps
+    deps="dm rootfs-block"
+    if [[ $hostonly && -f "$dracutsysrootdir"/etc/crypttab ]]; then
+        if grep -q -e "fido2-device=" -e "fido2-cid=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" fido2"
+        fi
+        if grep -q "pkcs11-uri" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" pkcs11"
+        fi
+        if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" tpm2-tss"
+        fi
+    fi
+    echo "$deps"
     return 0
 }
 

modules.d/90dmsquash-live-ntfs/module-setup.sh

@@ -13,7 +13,7 @@ depends() {
 }
 
 install() {
-    inst_multiple fusermount ulockmgr_server mount.fuse ntfs-3g
+    inst_multiple fusermount mount.fuse ntfs-3g
     dracut_need_initqueue
 }
 

modules.d/90dmsquash-live/dmsquash-live-root.sh

@@ -129,11 +129,9 @@ do_live_overlay() {
     # need to know where to look for the overlay
     if [ -z "$setup" -a -n "$devspec" -a -n "$pathspec" -a -n "$overlay" ]; then
         mkdir -m 0755 -p /run/initramfs/overlayfs
-        opt=''
-        [ -n "$readonly_overlay" ] && opt=-r
         mount -n -t auto "$devspec" /run/initramfs/overlayfs || :
         if [ -f /run/initramfs/overlayfs$pathspec -a -w /run/initramfs/overlayfs$pathspec ]; then
-            OVERLAY_LOOPDEV=$(losetup -f --show $opt /run/initramfs/overlayfs$pathspec)
+            OVERLAY_LOOPDEV=$(losetup -f --show ${readonly_overlay:+-r} /run/initramfs/overlayfs$pathspec)
             over=$OVERLAY_LOOPDEV
             umount -l /run/initramfs/overlayfs || :
             oltype=$(det_img_fs "$OVERLAY_LOOPDEV")
@@ -148,11 +146,11 @@ do_live_overlay() {
                 fi
                 setup="yes"
             else
-                mount -n -t "$oltype" $opt "$OVERLAY_LOOPDEV" /run/initramfs/overlayfs
+                mount -n -t "$oltype" ${readonly_overlay:+-r} "$OVERLAY_LOOPDEV" /run/initramfs/overlayfs
                 if [ -d /run/initramfs/overlayfs/overlayfs ] \
                     && [ -d /run/initramfs/overlayfs/ovlwork ]; then
-                    ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs$opt
-                    ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork$opt
+                    ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs${readonly_overlay:+-r}
+                    ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork${readonly_overlay:+-r}
                     if [ -z "$overlayfs" ] && [ -n "$DRACUT_SYSTEMD" ]; then
                         reloadsysrootmountunit=":>/xor_overlayfs;"
                     fi
@@ -162,8 +160,8 @@ do_live_overlay() {
             fi
         elif [ -d /run/initramfs/overlayfs$pathspec ] \
             && [ -d /run/initramfs/overlayfs$pathspec/../ovlwork ]; then
-            ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs$opt
-            ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork$opt
+            ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs${readonly_overlay:+-r}
+            ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork${readonly_overlay:+-r}
             if [ -z "$overlayfs" ] && [ -n "$DRACUT_SYSTEMD" ]; then
                 reloadsysrootmountunit=":>/xor_overlayfs;"
             fi
@@ -212,8 +210,6 @@ do_live_overlay() {
             fi
         fi
         if [ -n "$overlayfs" ]; then
-            mkdir -m 0755 -p /run/overlayfs
-            mkdir -m 0755 -p /run/ovlwork
             if [ -n "$readonly_overlay" ] && ! [ -h /run/overlayfs-r ]; then
                 info "No persistent overlay found."
                 unset -v readonly_overlay
@@ -336,13 +332,13 @@ if [ -n "$FSIMG" ]; then
         fi
         FSIMG=/run/initramfs/fsimg/rootfs.img
     fi
-    opt=-r
     # For writable DM images...
+    readonly_base=1
     if [ -z "$SQUASHED" -a -n "$live_ram" -a -z "$overlayfs" ] \
         || [ -n "$writable_fsimg" ] \
         || [ "$overlay" = none -o "$overlay" = None -o "$overlay" = NONE ]; then
         if [ -z "$readonly_overlay" ]; then
-            opt=''
+            unset readonly_base
             setup=rw
         else
             setup=yes
@@ -351,7 +347,7 @@ if [ -n "$FSIMG" ]; then
     if [ "$FSIMG" = "$SQUASHED" ]; then
         BASE_LOOPDEV=$SQUASHED_LOOPDEV
     else
-        BASE_LOOPDEV=$(losetup -f --show "$opt" $FSIMG)
+        BASE_LOOPDEV=$(losetup -f --show ${readonly_base:+-r} $FSIMG)
         sz=$(blockdev --getsz "$BASE_LOOPDEV")
     fi
     if [ "$setup" = rw ]; then
@@ -370,7 +366,14 @@ fi
 ROOTFLAGS="$(getarg rootflags)"
 
 if [ -n "$overlayfs" ]; then
-    mkdir -m 0755 -p /run/rootfsbase
+    if [ -n "$FSIMG" ]; then
+        mkdir -m 0755 -p /run/rootfsbase
+        mount -r $FSIMG /run/rootfsbase
+    else
+        ln -sf /run/initramfs/live /run/rootfsbase
+    fi
+    mkdir -m 0755 -p /run/overlayfs
+    mkdir -m 0755 -p /run/ovlwork
     if [ -n "$reset_overlay" ] && [ -h /run/overlayfs ]; then
         ovlfs=$(readlink /run/overlayfs)
         info "Resetting the OverlayFS overlay directory."
@@ -381,7 +384,6 @@ if [ -n "$overlayfs" ]; then
     else
         ovlfs=lowerdir=/run/rootfsbase
     fi
-    mount -r $FSIMG /run/rootfsbase
     if [ -z "$DRACUT_SYSTEMD" ]; then
         printf 'mount -t overlay LiveOS_rootfs -o%s,%s %s\n' "$ROOTFLAGS" \
             "$ovlfs",upperdir=/run/overlayfs,workdir=/run/ovlwork \

modules.d/90dmsquash-live/module-setup.sh

@@ -22,7 +22,7 @@ installkernel() {
 
 # called by dracut
 install() {
-    inst_multiple umount dmsetup blkid dd losetup blockdev find
+    inst_multiple umount dmsetup blkid dd losetup blockdev find rmdir
     inst_multiple -o checkisomd5
     inst_hook cmdline 30 "$moddir/parse-dmsquash-live.sh"
     inst_hook cmdline 31 "$moddir/parse-iso-scan.sh"
@@ -31,9 +31,11 @@ install() {
     inst_hook pre-pivot 20 "$moddir/apply-live-updates.sh"
     inst_script "$moddir/dmsquash-live-root.sh" "/sbin/dmsquash-live-root"
     inst_script "$moddir/iso-scan.sh" "/sbin/iso-scan"
-    inst_script "$moddir/dmsquash-generator.sh" "$systemdutildir"/system-generators/dracut-dmsquash-generator
+    if dracut_module_included "systemd-initrd"; then
+        inst_script "$moddir/dmsquash-generator.sh" "$systemdutildir"/system-generators/dracut-dmsquash-generator
+        inst_simple "$moddir/checkisomd5@.service" "/etc/systemd/system/checkisomd5@.service"
+    fi
     # should probably just be generally included
     inst_rules 60-cdrom_id.rules
-    inst_simple "$moddir/checkisomd5@.service" "/etc/systemd/system/checkisomd5@.service"
     dracut_need_initqueue
 }

modules.d/90kernel-modules-extra/module-setup.sh

@@ -173,7 +173,7 @@ installkernel() {
 
     ((${#pathlist[@]} > 0)) || return 0
 
-    printf "^%s\.ko(\.gz|\.bz2|\.xz)?:\n" "${pathlist[@]}" \
+    printf "^%s\.ko(\.gz|\.bz2|\.xz|\.zst)?:\n" "${pathlist[@]}" \
         | (LANG=C grep -E -o -f - -- "$depmod_modules_dep" || exit 0) \
         | tr -d ':' \
         | (

modules.d/90kernel-modules/module-setup.sh

@@ -2,7 +2,7 @@
 
 # called by dracut
 installkernel() {
-    local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma'
+    local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_mq_alloc_disk|blk_cleanup_disk'
     local -A _hostonly_drvs
 
     find_kernel_modules_external() {
@@ -16,9 +16,15 @@ installkernel() {
     }
 
     record_block_dev_drv() {
+
         for _mod in $(get_dev_module /dev/block/"$1"); do
             _hostonly_drvs["$_mod"]="$_mod"
         done
+
+        for _mod in $(get_blockdev_drv_through_sys "/sys/dev/block/$1"); do
+            _hostonly_drvs["$_mod"]="$_mod"
+        done
+
         ((${#_hostonly_drvs[@]} > 0)) && return 0
         return 1
     }
@@ -53,6 +59,7 @@ installkernel() {
             "=drivers/pci/host" \
             "=drivers/pci/controller" \
             "=drivers/pinctrl" \
+            "=drivers/usb/typec" \
             "=drivers/watchdog"
 
         instmods \
@@ -61,7 +68,7 @@ installkernel() {
             virtio virtio_ring virtio_pci pci_hyperv \
             "=drivers/pcmcia"
 
-        if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 ]]; then
+        if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 || ${DRACUT_ARCH:-$(uname -m)} == riscv* ]]; then
             # arm/aarch64 specific modules
             _blockfuncs+='|dw_mc_probe|dw_mci_pltfm_register'
             instmods \
@@ -73,9 +80,11 @@ installkernel() {
                 "=drivers/hwmon" \
                 "=drivers/hwspinlock" \
                 "=drivers/i2c/busses" \
+                "=drivers/mailbox" \
                 "=drivers/memory" \
                 "=drivers/mfd" \
                 "=drivers/mmc/core" \
+                "=drivers/mmc/host" \
                 "=drivers/phy" \
                 "=drivers/power" \
                 "=drivers/regulator" \
@@ -83,10 +92,12 @@ installkernel() {
                 "=drivers/rpmsg" \
                 "=drivers/rtc" \
                 "=drivers/soc" \
+                "=drivers/spi" \
                 "=drivers/usb/chipidea" \
                 "=drivers/usb/dwc2" \
                 "=drivers/usb/dwc3" \
                 "=drivers/usb/host" \
+                "=drivers/usb/isp1760" \
                 "=drivers/usb/misc" \
                 "=drivers/usb/musb" \
                 "=drivers/usb/phy" \

modules.d/90lvm/64-lvm.rules

@@ -6,6 +6,14 @@
 
 SUBSYSTEM!="block", GOTO="lvm_end"
 ACTION!="add|change", GOTO="lvm_end"
+
+# If the md device is active (indicated by array_state), then set the flag
+# LVM_MD_PV_ACTIVATED=1 indicating that the md device for the PV is ready
+# to be used.  The lvm udev rule running in root will check that this flag
+# is set before it will process the md device (it wants to avoid
+# processing an md device that exists but is not yet ready to be used.)
+KERNEL=="md[0-9]*", ACTION=="change", ENV{ID_FS_TYPE}=="LVM2_member", ENV{LVM_MD_PV_ACTIVATED}!="1", TEST=="md/array_state", ENV{LVM_MD_PV_ACTIVATED}="1"
+
 # Also don't process disks that are slated to be a multipath device
 ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="lvm_end"
 KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end"
@@ -15,7 +23,7 @@ PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] &&
     GOTO="lvm_end"
 
 RUN+="/sbin/initqueue --settled --onetime --unique /sbin/lvm_scan"
-RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique /sbin/lvm_scan --partial"
+RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique /sbin/lvm_scan --activationmode degraded"
 RUN+="/bin/sh -c '>/tmp/.lvm_scan-%k;'"
 
 LABEL="lvm_end"

modules.d/90lvm/lvm_scan.sh

@@ -7,11 +7,10 @@ type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
 VGS=$(getargs rd.lvm.vg -d rd_LVM_VG=)
 LVS=$(getargs rd.lvm.lv -d rd_LVM_LV=)
-SNAPSHOT=$(getargs rd.lvm.snapshot -d rd_LVM_SNAPSHOT=)
-SNAPSIZE=$(getargs rd.lvm.snapsize -d rd_LVM_SNAPSIZE=)
 
 # shellcheck disable=SC2174
 [ -d /etc/lvm ] || mkdir -m 0755 -p /etc/lvm
+[ -d /run/lvm ] || mkdir -m 0755 -p /run/lvm
 # build a list of devices to scan
 lvmdevs=$(
     for f in /tmp/.lvm_scan-*; do
@@ -20,32 +19,6 @@ lvmdevs=$(
     done
 )
 
-if [ ! -e /etc/lvm/lvm.conf ]; then
-    {
-        echo 'devices {'
-        printf '    filter = [ '
-        for dev in $lvmdevs; do
-            printf '"a|^/dev/%s$|", ' "$dev"
-        done
-        echo '"r/.*/" ]'
-        echo '}'
-
-        # establish LVM locking
-        if [ -n "$SNAPSHOT" ]; then
-            echo 'global {'
-            echo '    locking_type = 1'
-            echo '    use_lvmetad = 0'
-            echo '}'
-        else
-            echo 'global {'
-            echo '    locking_type = 4'
-            echo '    use_lvmetad = 0'
-            echo '}'
-        fi
-    } > /etc/lvm/lvm.conf
-    lvmwritten=1
-fi
-
 check_lvm_ver() {
     maj=$1
     min=$2
@@ -59,6 +32,75 @@ check_lvm_ver() {
     return 1
 }
 
+no_lvm_conf_filter() {
+    if [ ! -e /etc/lvm/lvm.conf ]; then
+        return 0
+    fi
+
+    if [ -e /run/lvm/initrd_no_filter ]; then
+        return 0
+    fi
+
+    if [ -e /run/lvm/initrd_filter ]; then
+        return 1
+    fi
+
+    if [ -e /run/lvm/initrd_global_filter ]; then
+        return 1
+    fi
+
+    # Save lvm config results in /run to avoid running
+    # lvm config commands for every PV that's scanned.
+
+    filter=$(lvm config devices/filter | grep "$filter=")
+    if [ -n "$filter" ]; then
+        printf '%s\n' "$filter" > /run/lvm/initrd_filter
+        return 1
+    fi
+
+    global_filter=$(lvm config devices/global_filter | grep "$global_filter=")
+    if [ -n "$global_filter" ]; then
+        printf '%s\n' "$global_filter" > /run/lvm/initrd_global_filter
+        return 1
+    fi
+
+    # /etc/lvm/lvm.conf exists with no filter setting
+    true > /run/lvm/initrd_no_filter
+    return 0
+}
+
+# If no lvm.conf exists, create a basic one with a global section.
+if [ ! -e /etc/lvm/lvm.conf ]; then
+    {
+        echo 'global {'
+        echo '}'
+    } > /etc/lvm/lvm.conf
+    lvmwritten=1
+fi
+
+# Save the original lvm.conf before appending a filter setting.
+if [ ! -e /etc/lvm/lvm.conf.orig ]; then
+    cp /etc/lvm/lvm.conf /etc/lvm/lvm.conf.orig
+fi
+
+# If the original lvm.conf does not contain a filter setting,
+# then generate a filter and append it to the original lvm.conf.
+# The filter is generated from the list PVs that have been seen
+# so far (each has been processed by the lvm udev rule.)
+if no_lvm_conf_filter; then
+    {
+        echo 'devices {'
+        printf '    filter = [ '
+        for dev in $lvmdevs; do
+            printf '"a|^/dev/%s$|", ' "$dev"
+        done
+        echo '"r/.*/" ]'
+        echo '}'
+    } > /etc/lvm/lvm.conf.filter
+    lvmfilter=1
+    cat /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf.filter > /etc/lvm/lvm.conf
+fi
+
 # hopefully this output format will never change, e.g.:
 #   LVM version:     2.02.53(1) (2009-09-25)
 OLDIFS=$IFS
@@ -71,67 +113,63 @@ min=$2
 sub=${3%% *}
 sub=${sub%%\(*}
 
-lvm_ignorelockingfailure="--ignorelockingfailure"
-lvm_quirk_args="--ignorelockingfailure --ignoremonitoring"
-
-check_lvm_ver 2 2 57 "$maj" "$min" "$sub" \
-    && lvm_quirk_args="$lvm_quirk_args --poll n"
-
-if check_lvm_ver 2 2 65 "$maj" "$min" "$sub"; then
-    lvm_quirk_args=" --sysinit $extraargs"
-fi
-
-if check_lvm_ver 2 2 221 "$maj" "$min" "$sub"; then
-    lvm_quirk_args=" $extraargs"
-    unset lvm_ignorelockingfailure
-fi
+# For lvchange and vgchange use --sysinit which:
+# disables polling (--poll n)
+# ignores monitoring (--ignoremonitoring)
+# ignores locking failures (--ignorelockingfailure)
+# disables hints (--nohints)
+#
+# For lvs and vgscan:
+# disable locking (--nolocking)
+# disable hints (--nohints)
 
+activate_args="--sysinit $extraargs"
 unset extraargs
 
 export LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES=1
 
-if [ -n "$SNAPSHOT" ]; then
-    # HACK - this should probably be done elsewhere or turned into a function
-    # Enable read-write LVM locking
-    sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type =  1/' /etc/lvm/lvm.conf
+scan_args="--nolocking"
 
-    # Expected SNAPSHOT format "<orig lv name>:<snap lv name>"
-    ORIG_LV=${SNAPSHOT%%:*}
-    SNAP_LV=${SNAPSHOT##*:}
-
-    info "Removing existing LVM snapshot $SNAP_LV"
-    lvm lvremove --force "$SNAP_LV" 2>&1 | vinfo
-
-    # Determine snapshot size
-    if [ -z "$SNAPSIZE" ]; then
-        SNAPSIZE=$(lvm lvs --noheadings --units m --options lv_size "$ORIG_LV")
-        info "No LVM snapshot size provided, using size of $ORIG_LV ($SNAPSIZE)"
-    fi
-
-    info "Creating LVM snapshot $SNAP_LV ($SNAPSIZE)"
-    lvm lvcreate -s -n "$SNAP_LV" -L "$SNAPSIZE" "$ORIG_LV" 2>&1 | vinfo
-fi
+check_lvm_ver 2 3 14 "$maj" "$min" "$sub" \
+    && scan_args="$scan_args --nohints"
 
 if [ -n "$LVS" ]; then
     info "Scanning devices $lvmdevs for LVM logical volumes $LVS"
-    lvm lvscan $lvm_ignorelockingfailure 2>&1 | vinfo
+    # shellcheck disable=SC2086
+    LVSLIST=$(lvm lvs $scan_args --noheading -o lv_full_name,segtype $LVS)
+    info "$LVSLIST"
+
+    # Only attempt to activate an LV if it appears in the lvs output.
     for LV in $LVS; do
-        # shellcheck disable=SC2086
-        lvm lvchange --yes -K -ay $lvm_quirk_args "$LV" 2>&1 | vinfo
+        if strstr "$LVSLIST" "$LV"; then
+            # This lvchange is expected to fail if all PVs used by
+            # the LV are not yet present.  Premature/failed lvchange
+            # could be avoided by reporting if an LV is complete
+            # from the lvs command above and skipping this lvchange
+            # if the LV is not lised as complete.
+            # shellcheck disable=SC2086
+            lvm lvchange --yes -K -ay $activate_args "$LV" 2>&1 | vinfo
+        fi
     done
 fi
 
 if [ -z "$LVS" ] || [ -n "$VGS" ]; then
     info "Scanning devices $lvmdevs for LVM volume groups $VGS"
-    lvm vgscan $lvm_ignorelockingfailure 2>&1 | vinfo
     # shellcheck disable=SC2086
-    lvm vgchange -ay $lvm_quirk_args $VGS 2>&1 | vinfo
+    lvm vgscan $scan_args 2>&1 | vinfo
+    # shellcheck disable=SC2086
+    lvm vgchange -ay $activate_args $VGS 2>&1 | vinfo
 fi
 
 if [ "$lvmwritten" ]; then
     rm -f -- /etc/lvm/lvm.conf
+elif [ "$lvmfilter" ]; then
+    # revert filter that was appended to existing lvm.conf
+    cp /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf
+    rm -f -- /etc/lvm/lvm.conf.filter
 fi
 unset lvmwritten
+unset lvmfilter
 
 udevadm settle
 

modules.d/90lvm/module-setup.sh

@@ -61,10 +61,6 @@ install() {
     if [[ $hostonly ]] || [[ $lvmconf == "yes" ]]; then
         if [[ -f $dracutsysrootdir/etc/lvm/lvm.conf ]]; then
             inst_simple -H /etc/lvm/lvm.conf
-            # FIXME: near-term hack to establish read-only locking;
-            # use command-line lvm.conf editor once it is available
-            sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type = 4/' "${initdir}/etc/lvm/lvm.conf"
-            sed -i -e 's/\(^[[:space:]]*\)use_lvmetad[[:space:]]*=[[:space:]]*[[:digit:]]/\1use_lvmetad = 0/' "${initdir}/etc/lvm/lvm.conf"
         fi
 
         export LVM_SUPPRESS_FD_WARNINGS=1
@@ -82,30 +78,7 @@ install() {
         unset LVM_SUPPRESS_FD_WARNINGS
     fi
 
-    if ! [[ -e ${initdir}/etc/lvm/lvm.conf ]]; then
-        mkdir -p "${initdir}/etc/lvm"
-        {
-            echo 'global {'
-            echo 'locking_type = 4'
-            echo 'use_lvmetad = 0'
-            echo '}'
-        } > "${initdir}/etc/lvm/lvm.conf"
-    fi
-
-    inst_rules 11-dm-lvm.rules 69-dm-lvm-metad.rules
-
-    # Do not run lvmetad update via pvscan in udev rule  - lvmetad is not running yet in dracut!
-    if [[ -f ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules ]]; then
-        if grep -q SYSTEMD_WANTS "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules; then
-            sed -i -e 's/^ENV{SYSTEMD_ALIAS}=.*/# No LVM pvscan in dracut - lvmetad is not running yet/' \
-                "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-            sed -i -e 's/^ENV{ID_MODEL}=.*//' "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-            sed -i -e 's/^ENV{SYSTEMD_WANTS}+\?=.*//' "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-        else
-            sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' \
-                "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-        fi
-    fi
+    inst_rules 11-dm-lvm.rules
 
     # Gentoo ebuild for LVM2 prior to 2.02.63-r1 doesn't install above rules
     # files, but provides the one below:

modules.d/90mdraid/mdraid_start.sh

@@ -54,7 +54,7 @@ _md_force_run() {
             _UUID=$(str_replace "$_UUID" ":" "")
 
             # check if we should handle this device
-            strstr " $_MD_UUID " " $_UUID " || continue
+            strstr "$_MD_UUID" "$_UUID" || continue
 
             _md_start "${_md}"
         done

modules.d/90multipath/module-setup.sh

@@ -60,9 +60,14 @@ installkernel() {
     hostonly='' dracut_instmods -o -s "$_funcs" "=drivers/scsi" "=drivers/md" ${_s390drivers:+"$_s390drivers"}
 }
 
+mpathconf_installed() {
+    command -v mpathconf &> /dev/null
+}
+
 # called by dracut
 install() {
     local -A _allow
+    local config_dir
 
     add_hostonly_mpath_conf() {
         if is_mpath "$1"; then
@@ -74,6 +79,16 @@ install() {
         fi
     }
 
+    local k v
+    while read -r k v; do
+        if [[ $k == "config_dir" ]]; then
+            v="${v#\"}"
+            config_dir="${v%\"}"
+            break
+        fi
+    done < <(multipath -t 2> /dev/null)
+    [[ -d $config_dir ]] || config_dir=/etc/multipath/conf.d
+
     inst_multiple \
         pkill \
         pidof \
@@ -91,9 +106,10 @@ install() {
         /etc/xdrdevices.conf \
         /etc/multipath.conf \
         /etc/multipath/* \
-        /etc/multipath/conf.d/*
+        "$config_dir"/*
 
-    [[ $hostonly ]] && [[ $hostonly_mode == "strict" ]] && {
+    mpathconf_installed \
+        && [[ $hostonly ]] && [[ $hostonly_mode == "strict" ]] && {
         for_each_host_dev_and_slaves_all add_hostonly_mpath_conf
         if ((${#_allow[@]} > 0)); then
             local -a _args
@@ -117,9 +133,11 @@ install() {
     fi
 
     if dracut_module_included "systemd"; then
-        inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service"
+        if mpathconf_installed; then
+            inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service"
+            $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service
+        fi
         inst_simple "${moddir}/multipathd.service" "${systemdsystemunitdir}/multipathd.service"
-        $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service
         $SYSTEMCTL -q --root "$initdir" enable multipathd.service
     else
         inst_hook pre-trigger 02 "$moddir/multipathd.sh"

modules.d/90multipath/multipathd.service

@@ -1,9 +1,10 @@
 [Unit]
 Description=Device-Mapper Multipath Device Controller
-Before=iscsi.service iscsid.service lvm2-activation-early.service
-Wants=systemd-udev-trigger.service systemd-udev-settle.service local-fs-pre.target
-After=systemd-udev-trigger.service systemd-udev-settle.service
-Before=local-fs-pre.target
+Before=lvm2-activation-early.service
+Before=local-fs-pre.target blk-availability.service shutdown.target
+Wants=systemd-udevd-kernel.socket
+After=systemd-udevd-kernel.socket
+After=multipathd.socket systemd-remount-fs.service
 Before=initrd-cleanup.service
 DefaultDependencies=no
 Conflicts=shutdown.target
@@ -12,13 +13,16 @@ ConditionKernelCommandLine=!nompath
 ConditionKernelCommandLine=!rd.multipath=0
 ConditionKernelCommandLine=!rd_NO_MULTIPATH
 ConditionKernelCommandLine=!multipath=off
+ConditionVirtualization=!container
 
 [Service]
-Type=simple
+Type=notify
+NotifyAccess=main
 ExecStartPre=-/sbin/modprobe dm-multipath
-ExecStart=/sbin/multipathd -s -d
+ExecStart=/sbin/multipathd -d -s
 ExecReload=/sbin/multipathd reconfigure
-ExecStop=/sbin/multipathd shutdown
+TasksMax=infinity
 
 [Install]
 WantedBy=sysinit.target
+Also=multipathd.socket

modules.d/91crypt-gpg/crypt-gpg-lib.sh

@@ -51,7 +51,7 @@ gpg_decrypt() {
     fi
 
     ask_for_password \
-        --cmd "gpg $opts --decrypt $mntp/$keypath" \
+        --cmd "GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath" \
         --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \
         --tries 3 --tty-echo-off
 

modules.d/91crypt-gpg/module-setup.sh

@@ -3,7 +3,7 @@
 # GPG support is optional
 # called by dracut
 check() {
-    require_binaries gpg || return 1
+    require_binaries gpg tr || return 1
 
     if sc_requested; then
         if ! sc_supported; then
@@ -23,7 +23,7 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple gpg
+    inst_multiple gpg tr
     inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"
 
     if sc_requested; then

modules.d/91fido2/module-setup.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+}
+
+# Module dependency requirements.
+depends() {
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libfido2.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-fido2.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcbor.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libhidapi-hidraw.so.*"
+}

modules.d/91pcsc/module-setup.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries pcscd || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+    inst_simple "$moddir/pcscd.service" "${systemdsystemunitdir}"/pcscd.service
+    inst_simple "$moddir/pcscd.socket" "${systemdsystemunitdir}"/pcscd.socket
+
+    inst_multiple -o \
+        pcscd
+
+    # Enable systemd type unit(s)
+    for i in \
+        pcscd.service \
+        pcscd.socket; do
+        $SYSTEMCTL -q --root "$initdir" enable "$i"
+    done
+
+    # Install library file(s)
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libopensc.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libsmm-local.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"onepin-opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/onepin-opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/serial/libccidtwin.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite.so.*"
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/opensc.conf \
+            "/etc/reader.conf.d/*"
+    fi
+
+}

modules.d/91pcsc/pcscd.service

@@ -0,0 +1,13 @@
+[Unit]
+DefaultDependencies=no
+Description=PC/SC Smart Card Daemon (Dracut)
+Documentation=man:pcscd(8)
+Requires=pcscd.socket
+
+[Service]
+ExecStart=/usr/sbin/pcscd --foreground --auto-exit
+ExecReload=/usr/sbin/pcscd --hotplug
+
+[Install]
+Also=pcscd.socket
+WantedBy=cryptsetup-pre.target

modules.d/91pcsc/pcscd.socket

@@ -0,0 +1,11 @@
+[Unit]
+DefaultDependencies=no
+Description=PC/SC Smart Card Daemon Activation Socket (Dracut)
+Documentation=man:pcscd(8)
+
+[Socket]
+ListenStream=/run/pcscd/pcscd.comm
+SocketMode=0666
+
+[Install]
+WantedBy=cryptsetup-pre.target sockets.target

modules.d/91pkcs11/module-setup.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    # Install library file(s)
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtasn1.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libffi.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libp11-kit.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so.*"
+
+}

modules.d/91tpm2-tss/module-setup.sh

@@ -17,7 +17,7 @@ check() {
 depends() {
 
     # This module has external dependency on other module(s).
-    echo systemd-sysusers systemd-udev
+    echo systemd-sysusers systemd-udevd
     # Return 0 to include the dependent module(s) in the initramfs.
     return 0
 
@@ -52,6 +52,7 @@ install() {
         {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-swtpm.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tctildr.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-tpm2.so" \
         {"tls/$_arch/",tls/,"$_arch/",}"libcurl.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libjson-c.so.*"
 

modules.d/95dasd_rules/module-setup.sh

@@ -26,7 +26,6 @@ check() {
     local found=0
     local bdev
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
 
     [[ $hostonly ]] || [[ $mount_needs ]] && {
         for bdev in /sys/block/*; do
@@ -50,7 +49,6 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple /usr/lib/udev/collect
     inst_hook cmdline 30 "$moddir/parse-dasd.sh"
     if [[ $hostonly_cmdline == "yes" ]]; then
         local _dasd
@@ -58,10 +56,10 @@ install() {
         [[ $_dasd ]] && printf "%s\n" "$_dasd" >> "${initdir}/etc/cmdline.d/95dasd.conf"
     fi
     if [[ $hostonly ]]; then
-        inst_rules_wildcard 51-dasd-*.rules
-        inst_rules_wildcard 41-s390x-dasd-*.rules
+        inst_rules_wildcard "51-dasd-*.rules"
+        inst_rules_wildcard "41-dasd-*.rules"
         mark_hostonly /etc/udev/rules.d/51-dasd-*.rules
-        mark_hostonly /etc/udev/rules.d/41-s390x-dasd-*.rules
+        mark_hostonly /etc/udev/rules.d/41-dasd-*.rules
     fi
     inst_rules 59-dasd.rules
 }

modules.d/95dasd_rules/parse-dasd.sh

@@ -1,57 +1,22 @@
 #!/bin/bash
 
-create_udev_rule() {
+allow_device() {
     local ccw=$1
-    local _drv _cu_type _dev_type
-    local _rule="/etc/udev/rules.d/51-dasd-${ccw}.rules"
 
     if [ -x /sbin/cio_ignore ] && cio_ignore -i "$ccw" > /dev/null; then
         cio_ignore -r "$ccw"
     fi
-
-    if [ -e /sys/bus/ccw/devices/"${ccw}" ]; then
-        read -r _cu_type < /sys/bus/ccw/devices/"${ccw}"/cutype
-        read -r _dev_type < /sys/bus/ccw/devices/"${ccw}"/devtype
-    fi
-
-    case "$_cu_type" in
-        3990/* | 2105/* | 2107/* | 1750/* | 9343/*)
-            _drv=dasd-eckd
-            ;;
-        6310/*)
-            _drv=dasd-fba
-            ;;
-        3880/*)
-            case "$_dev_type" in
-                3380/*)
-                    _drv=dasd_eckd
-                    ;;
-                3370/*)
-                    _drv=dasd-fba
-                    ;;
-            esac
-            ;;
-    esac
-    [ -z "${_drv}" ] && return 0
-
-    [ -e "${_rule}" ] && return 0
-
-    cat > "$_rule" << EOF
-ACTION=="add", SUBSYSTEM=="ccw", KERNEL=="$ccw", IMPORT{program}="collect $ccw %k ${ccw} $_drv"
-ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="$_drv", IMPORT{program}="collect $ccw %k ${ccw} $_drv"
-ACTION=="add", ENV{COLLECT_$ccw}=="0", ATTR{[ccw/$ccw]online}="1"
-EOF
 }
 
 if [[ -f /sys/firmware/ipl/ipl_type ]] && [[ $(< /sys/firmware/ipl/ipl_type) == "ccw" ]]; then
-    create_udev_rule "$(< /sys/firmware/ipl/device)"
+    allow_device "$(< /sys/firmware/ipl/device)"
 fi
 
 for dasd_arg in $(getargs root=) $(getargs resume=); do
     [[ $dasd_arg =~ /dev/disk/by-path/ccw-* ]] || continue
 
     ccw_dev="${dasd_arg##*/ccw-}"
-    create_udev_rule "${ccw_dev%%-*}"
+    allow_device "${ccw_dev%%-*}"
 done
 
 for dasd_arg in $(getargs rd.dasd=); do
@@ -66,12 +31,12 @@ for dasd_arg in $(getargs rd.dasd=); do
                 prefix=${start%.*}
                 start=${start##*.}
                 for rdev in $(seq $((16#$start)) $((16#$end))); do
-                    create_udev_rule "$(printf "%s.%04x" "$prefix" "$rdev")"
+                    allow_device "$(printf "%s.%04x" "$prefix" "$rdev")"
                 done
                 ;;
             *)
                 IFS="." read -r sid ssid chan _ <<< "${dev%(ro)}"
-                create_udev_rule "$(printf "%01x.%01x.%04x" $((16#$sid)) $((16#$ssid)) $((16#$chan)))"
+                allow_device "$(printf "%01x.%01x.%04x" $((16#$sid)) $((16#$ssid)) $((16#$chan)))"
                 ;;
         esac
     done

modules.d/95iscsi/iscsiroot.sh

@@ -45,7 +45,7 @@ if [ -z "${DRACUT_SYSTEMD}" ] \
 fi
 
 handle_firmware() {
-    local ifaces retry
+    local ifaces retry _res
 
     # Depending on the 'ql4xdisablesysfsboot' qla4xxx
     # will be autostarting sessions without presenting
@@ -69,9 +69,28 @@ handle_firmware() {
             rm /tmp/session-retry
         fi
 
-        if ! iscsiadm -m fw -l; then
+        # check to see if we have the new iscsiadm command,
+        # that supports the "no-wait" (-W) flag. If so, use it.
+        iscsiadm -m fw -l -W 2> /dev/null
+        _res=$?
+        if [ $_res -eq 7 ]; then
+            # ISCSI_ERR_INVALID (7) => "-W" not supported
+            info "iscsiadm does not support no-wait firmware logins"
+            iscsiadm -m fw -l
+            _res=$?
+        fi
+        if [ $_res -ne 0 ]; then
             warn "iscsiadm: Log-in to iscsi target failed"
         else
+            # get a list of connected targets
+            tgts=$(cat /sys/firmware/ibft/target*/target-name | sort -u)
+            # disable NOPs for each FW target
+            for tgt in ${tgts}; do
+                iscsiadm -m node -T "${tgt}" \
+                    --op update \
+                    --name 'node.conn[0].timeo.noop_out_interval' --value 0 \
+                    --name 'node.conn[0].timeo.noop_out_timeout' --value 0
+            done
             need_shutdown
         fi
     fi

modules.d/95iscsi/module-setup.sh

@@ -188,6 +188,7 @@ install() {
     inst_multiple -o iscsiuio
     inst_libdir_file 'libgcc_s.so*'
     inst_multiple umount iscsi-iname iscsiadm iscsid
+    inst_binary sort
 
     inst_multiple -o \
         "$systemdsystemunitdir"/iscsid.socket \

modules.d/95nvmf/parse-nvmf-boot-connections.sh

@@ -40,15 +40,15 @@ validate_ip_conn() {
         return 1
     fi
 
-    ifname=$(ip -o route get to "$local_address" | sed -n 's/.*dev \([^ ]*\).*/\1/p')
+    ifname=$(ip -o route get from "$local_address" to "$traddr" | sed -n 's/.*dev \([^ ]*\).*/\1/p')
 
-    if ip l show "$ifname" > /dev/null 2>&1; then
+    if ! ip l show "$ifname" > /dev/null 2>&1; then
         warn "invalid network interface $ifname"
         return 1
     fi
 
     # confirm there's a route to destination
-    if ip route get "$traddr" > /dev/null 2>&1; then
+    if ! ip route get "$traddr" > /dev/null 2>&1; then
         warn "no route to $traddr"
         return 1
     fi

modules.d/95qeth_rules/module-setup.sh

@@ -5,11 +5,11 @@ check() {
     local _arch=${DRACUT_ARCH:-$(uname -m)}
     local _online=0
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
     dracut_module_included network || return 1
 
     [[ $hostonly ]] && {
         for i in /sys/devices/qeth/*/online; do
+            [ ! -f "$i" ] && continue
             read -r _online < "$i"
             [ "$_online" -eq 1 ] && return 0
         done
@@ -55,5 +55,4 @@ install() {
         [ -n "$id" ] && inst_rules_qeth "$id"
     done
 
-    inst_simple /usr/lib/udev/collect
 }

modules.d/95resume/module-setup.sh

@@ -13,7 +13,7 @@ check() {
     # Only support resume if hibernation is currently on
     # and no swap is mounted on a net device
     [[ $hostonly ]] || [[ $mount_needs ]] && {
-        swap_on_netdevice || [[ "$(cat /sys/power/resume)" == "0:0" ]] && return 255
+        swap_on_netdevice || [[ -f /sys/power/resume && "$(cat /sys/power/resume)" == "0:0" ]] && return 255
     }
 
     return 0
@@ -50,7 +50,7 @@ install() {
     fi
 
     # Optional uswsusp support
-    for _bin in /usr/sbin/resume /usr/lib/suspend/resume /usr/lib/uswsusp/resume; do
+    for _bin in /usr/sbin/resume /usr/lib/suspend/resume /usr/lib64/suspend/resume /usr/lib/uswsusp/resume /usr/lib64/uswsusp/resume; do
         [[ -x $dracutsysrootdir${_bin} ]] && {
             inst "${_bin}" /usr/sbin/resume
             [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/suspend.conf ]] && inst -H /etc/suspend.conf

modules.d/95rootfs-block/module-setup.sh

@@ -7,7 +7,7 @@ check() {
 
 # called by dracut
 depends() {
-    echo fs-lib
+    echo base fs-lib
 }
 
 cmdline_journal() {

modules.d/95zfcp_rules/module-setup.sh

@@ -45,7 +45,6 @@ check() {
     local _arch=${DRACUT_ARCH:-$(uname -m)}
     local _ccw
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
 
     [[ $hostonly ]] || [[ $mount_needs ]] && {
         found=0
@@ -66,7 +65,6 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple /usr/lib/udev/collect
     inst_hook cmdline 30 "$moddir/parse-zfcp.sh"
     if [[ $hostonly_cmdline == "yes" ]]; then
         local _zfcp
@@ -76,7 +74,7 @@ install() {
         done
     fi
     if [[ $hostonly ]]; then
-        inst_rules_wildcard 51-zfcp-*.rules
-        inst_rules_wildcard 41-s390x-zfcp-*.rules
+        inst_rules_wildcard "51-zfcp-*.rules"
+        inst_rules_wildcard "41-zfcp-*.rules"
     fi
 }

modules.d/95zfcp_rules/parse-zfcp.sh

@@ -22,13 +22,6 @@ create_udev_rule() {
         return 0
     fi
 
-    if [ ! -f "$_rule" ]; then
-        cat > "$_rule" << EOF
-ACTION=="add", SUBSYSTEM=="ccw", KERNEL=="$ccw", IMPORT{program}="collect $ccw %k ${ccw} zfcp"
-ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="zfcp", IMPORT{program}="collect $ccw %k ${ccw} zfcp"
-ACTION=="add", ENV{COLLECT_$ccw}=="0", ATTR{[ccw/$ccw]online}="1"
-EOF
-    fi
     [ -z "$wwpn" ] || [ -z "$lun" ] && return
     m=$(sed -n "/.*${wwpn}.*${lun}.*/p" "$_rule")
     if [ -z "$m" ]; then
@@ -36,9 +29,6 @@ EOF
 ACTION=="add", KERNEL=="rport-*", ATTR{port_name}=="$wwpn", SUBSYSTEMS=="ccw", KERNELS=="$ccw", ATTR{[ccw/$ccw]$wwpn/unit_add}="$lun"
 EOF
     fi
-    if [ -x /sbin/cio_ignore ] && ! cio_ignore -i "$ccw" > /dev/null; then
-        cio_ignore -r "$ccw"
-    fi
 }
 
 if [[ -f /sys/firmware/ipl/ipl_type && \

modules.d/98dracut-systemd/dracut-cmdline-ask.service

@@ -6,10 +6,11 @@
 Description=dracut ask for additional cmdline parameters
 DefaultDependencies=no
 Before=dracut-cmdline.service
-After=systemd-journald.socket
-After=systemd-vconsole-setup.service
-Requires=systemd-vconsole-setup.service
 Wants=systemd-journald.socket
+After=systemd-journald.socket
+Wants=systemd-vconsole-setup.service
+After=systemd-vconsole-setup.service
+
 ConditionPathExists=/usr/lib/initrd-release
 ConditionKernelCommandLine=|rd.cmdline=ask
 ConditionPathExistsGlob=|/etc/cmdline.d/*.conf

modules.d/98dracut-systemd/dracut-shutdown-onfailure.service

@@ -0,0 +1,13 @@
+#  This file is part of dracut.
+#
+# See dracut.bootup(7) for details
+
+[Unit]
+Description=Service executing upon dracut-shutdown failure to perform cleanup
+Documentation=man:dracut-shutdown.service(8)
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=-/bin/rm /run/initramfs/shutdown
+StandardError=null

modules.d/98dracut-systemd/dracut-shutdown.service

@@ -10,6 +10,7 @@ Wants=local-fs.target
 Conflicts=shutdown.target umount.target
 DefaultDependencies=no
 ConditionPathExists=!/run/initramfs/bin/sh
+OnFailure=dracut-shutdown-onfailure.service
 
 [Service]
 RemainAfterExit=yes

modules.d/98dracut-systemd/dracut-shutdown.service.8.asc

@@ -40,6 +40,9 @@ by injecting "rd.break=pre-shutdown rd.shell" or "rd.break=shutdown rd.shell".
 # touch /run/initramfs/.need_shutdown
 ----
 
+In case the unpack of the initramfs fails, dracut-shutdown-onfailure.service
+executes to make sure switch root doesn't happen, since it would result in
+switching to an incomplete initramfs.
 
 AUTHORS
 -------

modules.d/98integrity/evm-enable.sh

@@ -17,9 +17,10 @@ EVM_ACTIVATION_BITS=0
 # EVMKEY: path to the symmetric key; defaults to /etc/keys/evm-trusted.blob
 # EVMKEYDESC: Description of the symmetric key; default is 'evm-key'
 # EVMKEYTYPE: Type of the symmetric key; default is 'encrypted'
-# EMX509: path to x509 cert; default is /etc/keys/x509_evm.der
+# EVMX509: path to x509 cert; default is /etc/keys/x509_evm.der
 # EVM_ACTIVATION_BITS: additional EVM activation bits, such as
 #                      EVM_SETUP_COMPLETE; default is 0
+# EVMKEYSDIR: Directory with more x509 certs; default is /etc/keys/evm/
 
 load_evm_key() {
     # read the configuration from the config file
@@ -77,10 +78,7 @@ load_evm_x509() {
 
     # check for EVM public key's existence
     if [ ! -f "${EVMX509PATH}" ]; then
-        if [ "${RD_DEBUG}" = "yes" ]; then
-            info "integrity: EVM x509 cert file not found: ${EVMX509PATH}"
-        fi
-        return 1
+        EVMX509PATH=""
     fi
 
     local evm_pubid line
@@ -96,13 +94,23 @@ load_evm_x509() {
         fi
     fi
 
-    # load the EVM public key onto the EVM keyring
-    # FIXME: EVMX509ID unused?
-    # shellcheck disable=SC2034
-    if ! EVMX509ID=$(evmctl import "${EVMX509PATH}" "${evm_pubid}"); then
-        info "integrity: failed to load the EVM X509 cert ${EVMX509PATH}"
-        return 1
+    if [ -z "${EVMKEYSDIR}" ]; then
+        EVMKEYSDIR="/etc/keys/evm"
     fi
+    # load the default EVM public key onto the EVM keyring along
+    # with all the other ones in $EVMKEYSDIR
+    for PUBKEY in ${EVMX509PATH} "${NEWROOT}${EVMKEYSDIR}"/*; do
+        if [ ! -f "${PUBKEY}" ]; then
+            if [ "${RD_DEBUG}" = "yes" ]; then
+                info "integrity: EVM x509 cert file not found: ${PUBKEY}"
+            fi
+            continue
+        fi
+        if ! evmctl import "${PUBKEY}" "${evm_pubid}"; then
+            info "integrity: failed to load the EVM X509 cert ${PUBKEY}"
+            return 1
+        fi
+    done
 
     if [ "${RD_DEBUG}" = "yes" ]; then
         keyctl show @u
@@ -131,7 +139,7 @@ enable_evm() {
     fi
 
     local evm_configured=0
-    local EVM_INIT_HMAC=1 EVM_INIT_X509=2 EVM_ALLOW_METADATA_WRITES=4
+    local EVM_INIT_HMAC=1 EVM_INIT_X509=2
 
     # try to load the EVM encrypted key
     load_evm_key && evm_configured=${EVM_INIT_HMAC}
@@ -146,14 +154,7 @@ enable_evm() {
 
     # initialize EVM
     info "Enabling EVM"
-    if [ "$((evm_configured & EVM_INIT_X509))" -ne 0 ]; then
-        # Older kernels did not support EVM_ALLOW_METADATA_WRITES, try for
-        # newer ones first that need it when an x509 is used
-        echo $((evm_configured | EVM_ALLOW_METADATA_WRITES | EVM_ACTIVATION_BITS)) > "${EVMSECFILE}" \
-            || echo $((evm_configured | EVM_ACTIVATION_BITS)) > "${EVMSECFILE}"
-    else
-        echo $((evm_configured | EVM_ACTIVATION_BITS)) > "${EVMSECFILE}"
-    fi
+    echo $((evm_configured | EVM_ACTIVATION_BITS)) > "${EVMSECFILE}"
 
     if [ "$((evm_configured & EVM_INIT_HMAC))" -ne 0 ]; then
         # unload the EVM encrypted key

modules.d/98usrmount/mount-usr.sh

@@ -55,7 +55,12 @@ mount_usr() {
     while read -r _dev _mp _fs _opts _freq _passno || [ -n "$_dev" ]; do
         [ "${_dev%%#*}" != "$_dev" ] && continue
         if [ "$_mp" = "/usr" ]; then
-            _dev="$(label_uuid_to_dev "$_dev")"
+            case "$_dev" in
+                LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*)
+                    _dev="$(label_uuid_to_dev "$_dev")"
+                    ;;
+                *) ;;
+            esac
 
             if strstr "$_opts" "subvol=" \
                 && [ "${root#block:}" -ef "$_dev" ] \

modules.d/99base/dracut-dev-lib.sh

@@ -0,0 +1,139 @@
+#!/bin/sh
+
+# replaces all occurrences of 'search' in 'str' with 'replacement'
+#
+# str_replace str search replacement
+#
+# example:
+# str_replace '  one two  three  ' ' ' '_'
+str_replace() {
+    local in="$1"
+    local s="$2"
+    local r="$3"
+    local out=''
+
+    while [ "${in##*"$s"*}" != "$in" ]; do
+        chop="${in%%"$s"*}"
+        out="${out}${chop}$r"
+        in="${in#*"$s"}"
+    done
+    echo "${out}${in}"
+}
+
+# get a systemd-compatible unit name from a path
+# (mimicks unit_name_from_path_instance())
+dev_unit_name() {
+    local dev="$1"
+
+    if command -v systemd-escape > /dev/null; then
+        systemd-escape -p -- "$dev"
+        return $?
+    fi
+
+    if [ "$dev" = "/" -o -z "$dev" ]; then
+        printf -- "-"
+        return 0
+    fi
+
+    dev="${1%%/}"
+    dev="${dev##/}"
+    # shellcheck disable=SC1003
+    dev="$(str_replace "$dev" '\' '\x5c')"
+    dev="$(str_replace "$dev" '-' '\x2d')"
+    if [ "${dev##.}" != "$dev" ]; then
+        dev="\x2e${dev##.}"
+    fi
+    dev="$(str_replace "$dev" '/' '-')"
+
+    printf -- "%s" "$dev"
+}
+
+# set_systemd_timeout_for_dev [-n] <dev> [<timeout>]
+# Set 'rd.timeout' as the systemd timeout for <dev>
+set_systemd_timeout_for_dev() {
+    local _name
+    local _needreload
+    local _noreload
+    local _timeout
+
+    [ -z "$DRACUT_SYSTEMD" ] && return 0
+
+    if [ "$1" = "-n" ]; then
+        _noreload=1
+        shift
+    fi
+
+    if [ -n "$2" ]; then
+        _timeout="$2"
+    else
+        _timeout=$(getarg rd.timeout)
+    fi
+
+    _timeout=${_timeout:-0}
+
+    _name=$(dev_unit_name "$1")
+    if ! [ -L "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device" ]; then
+        [ -d "${PREFIX}"/etc/systemd/system/initrd.target.wants ] || mkdir -p "${PREFIX}"/etc/systemd/system/initrd.target.wants
+        ln -s ../"${_name}".device "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device"
+        type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/initrd.target.wants/"${_name}".device
+        _needreload=1
+    fi
+
+    if ! [ -f "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf" ]; then
+        mkdir -p "${PREFIX}/etc/systemd/system/${_name}.device.d"
+        {
+            echo "[Unit]"
+            echo "JobTimeoutSec=$_timeout"
+            echo "JobRunningTimeoutSec=$_timeout"
+        } > "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf"
+        type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/"${_name}".device.d/timeout.conf
+        _needreload=1
+    fi
+
+    if [ -z "$PREFIX" ] && [ "$_needreload" = 1 ] && [ -z "$_noreload" ]; then
+        /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload
+    fi
+}
+
+# wait_for_dev <dev> [<timeout>]
+#
+# Installs a initqueue-finished script,
+# which will cause the main loop only to exit,
+# if the device <dev> is recognized by the system.
+wait_for_dev() {
+    local _name
+    local _noreload
+
+    if [ "$1" = "-n" ]; then
+        _noreload=-n
+        shift
+    fi
+
+    _name="$(str_replace "$1" '/' '\x2f')"
+
+    type mark_hostonly > /dev/null 2>&1 && mark_hostonly "$hookdir/initqueue/finished/devexists-${_name}.sh"
+
+    [ -e "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh" ] && return 0
+
+    printf '[ -e "%s" ]\n' "$1" \
+        >> "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh"
+    {
+        printf '[ -e "%s" ] || ' "$1"
+        printf 'warn "\"%s\" does not exist"\n' "$1"
+    } >> "${PREFIX}$hookdir/emergency/80-${_name}.sh"
+
+    set_systemd_timeout_for_dev $_noreload "$@"
+}
+
+cancel_wait_for_dev() {
+    local _name
+    _name="$(str_replace "$1" '/' '\x2f')"
+    rm -f -- "$hookdir/initqueue/finished/devexists-${_name}.sh"
+    rm -f -- "$hookdir/emergency/80-${_name}.sh"
+    if [ -n "$DRACUT_SYSTEMD" ]; then
+        _name=$(dev_unit_name "$1")
+        rm -f -- "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device"
+        rm -f -- "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf"
+        /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload
+    fi
+}

modules.d/99base/dracut-lib.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+type wait_for_dev > /dev/null 2>&1 || . /lib/dracut-dev-lib.sh
+
 export DRACUT_SYSTEMD
 export NEWROOT
 if [ -n "$NEWROOT" ]; then
@@ -390,7 +392,7 @@ setdebug() {
             if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
                 RD_DEBUG=yes
                 [ -n "$BASH" ] \
-                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
             fi
         fi
         export RD_DEBUG
@@ -592,10 +594,13 @@ label_uuid_to_dev() {
             echo "/dev/disk/by-partlabel/$(echo "${_dev#PARTLABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')"
             ;;
         UUID=*)
-            echo "/dev/disk/by-uuid/$(echo "${_dev#UUID=}" | tr "[:upper:]" "[:lower:]")"
+            echo "/dev/disk/by-uuid/${_dev#UUID=}"
             ;;
         PARTUUID=*)
-            echo "/dev/disk/by-partuuid/$(echo "${_dev#PARTUUID=}" | tr "[:upper:]" "[:lower:]")"
+            echo "/dev/disk/by-partuuid/${_dev#PARTUUID=}"
+            ;;
+        *)
+            echo "$_dev"
             ;;
     esac
 }
@@ -838,119 +843,6 @@ wait_for_mount() {
     } >> "$hookdir/emergency/90-${_name}.sh"
 }
 
-# get a systemd-compatible unit name from a path
-# (mimicks unit_name_from_path_instance())
-dev_unit_name() {
-    local dev="$1"
-
-    if command -v systemd-escape > /dev/null; then
-        systemd-escape -p -- "$dev"
-        return
-    fi
-
-    if [ "$dev" = "/" -o -z "$dev" ]; then
-        printf -- "-"
-        exit 0
-    fi
-
-    dev="${1%%/}"
-    dev="${dev##/}"
-    # shellcheck disable=SC1003
-    dev="$(str_replace "$dev" '\' '\x5c')"
-    dev="$(str_replace "$dev" '-' '\x2d')"
-    if [ "${dev##.}" != "$dev" ]; then
-        dev="\x2e${dev##.}"
-    fi
-    dev="$(str_replace "$dev" '/' '-')"
-
-    printf -- "%s" "$dev"
-}
-
-# set_systemd_timeout_for_dev <dev>
-# Set 'rd.timeout' as the systemd timeout for <dev>
-
-set_systemd_timeout_for_dev() {
-    local _name
-    local _needreload
-    local _noreload
-    local _timeout
-
-    if [ "$1" = "-n" ]; then
-        _noreload=1
-        shift
-    fi
-
-    _timeout=$(getarg rd.timeout)
-    _timeout=${_timeout:-0}
-
-    if [ -n "$DRACUT_SYSTEMD" ]; then
-        _name=$(dev_unit_name "$1")
-        if ! [ -L "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device" ]; then
-            [ -d "${PREFIX}"/etc/systemd/system/initrd.target.wants ] || mkdir -p "${PREFIX}"/etc/systemd/system/initrd.target.wants
-            ln -s ../"${_name}".device "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device"
-            type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/initrd.target.wants/"${_name}".device
-            _needreload=1
-        fi
-
-        if ! [ -f "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf" ]; then
-            mkdir -p "${PREFIX}/etc/systemd/system/${_name}.device.d"
-            {
-                echo "[Unit]"
-                echo "JobTimeoutSec=$_timeout"
-                echo "JobRunningTimeoutSec=$_timeout"
-            } > "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf"
-            type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/"${_name}".device.d/timeout.conf
-            _needreload=1
-        fi
-
-        if [ -z "$PREFIX" ] && [ "$_needreload" = 1 ] && [ -z "$_noreload" ]; then
-            /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload
-        fi
-    fi
-}
-# wait_for_dev <dev>
-#
-# Installs a initqueue-finished script,
-# which will cause the main loop only to exit,
-# if the device <dev> is recognized by the system.
-wait_for_dev() {
-    local _name
-    local _noreload
-
-    if [ "$1" = "-n" ]; then
-        _noreload=-n
-        shift
-    fi
-
-    _name="$(str_replace "$1" '/' '\x2f')"
-
-    type mark_hostonly > /dev/null 2>&1 && mark_hostonly "$hookdir/initqueue/finished/devexists-${_name}.sh"
-
-    [ -e "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh" ] && return 0
-
-    printf '[ -e "%s" ]\n' "$1" \
-        >> "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh"
-    {
-        printf '[ -e "%s" ] || ' "$1"
-        printf 'warn "\"%s\" does not exist"\n' "$1"
-    } >> "${PREFIX}$hookdir/emergency/80-${_name}.sh"
-
-    set_systemd_timeout_for_dev $_noreload "$1"
-}
-
-cancel_wait_for_dev() {
-    local _name
-    _name="$(str_replace "$1" '/' '\x2f')"
-    rm -f -- "$hookdir/initqueue/finished/devexists-${_name}.sh"
-    rm -f -- "$hookdir/emergency/80-${_name}.sh"
-    if [ -n "$DRACUT_SYSTEMD" ]; then
-        _name=$(dev_unit_name "$1")
-        rm -f -- "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device"
-        rm -f -- "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf"
-        /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload
-    fi
-}
-
 killproc() {
     debug_off
     local _exe

modules.d/99base/init.sh

@@ -387,7 +387,8 @@ if [ -f /etc/capsdrop ]; then
         }
 else
     unset RD_DEBUG
-    exec "$SWITCH_ROOT" "$NEWROOT" "$INIT" "$initargs" || {
+    # shellcheck disable=SC2086
+    exec "$SWITCH_ROOT" "$NEWROOT" "$INIT" $initargs || {
         warn "Something went very badly wrong in the initramfs.  Please "
         warn "file a bug against dracut."
         emergency_shell

modules.d/99base/module-setup.sh

@@ -15,11 +15,11 @@ depends() {
 install() {
     inst_multiple mount mknod mkdir sleep chroot chown \
         sed ls flock cp mv dmesg rm ln rmmod mkfifo umount readlink setsid \
-        modprobe chmod
+        modprobe chmod tr
 
     inst_multiple -o findmnt less kmod
 
-    inst_binary "${dracutsysrootdir}${dracutbasedir}/dracut-util" "/usr/bin/dracut-util"
+    inst_binary "${dracutbasedir}/dracut-util" "/usr/bin/dracut-util"
 
     ln -s dracut-util "${initdir}/usr/bin/dracut-getarg"
     ln -s dracut-util "${initdir}/usr/bin/dracut-getargs"
@@ -50,6 +50,7 @@ install() {
     mkdir -p "${initdir}"/tmp
 
     inst_simple "$moddir/dracut-lib.sh" "/lib/dracut-lib.sh"
+    inst_simple "$moddir/dracut-dev-lib.sh" "/lib/dracut-dev-lib.sh"
     mkdir -p "${initdir}"/var
 
     if ! dracut_module_included "systemd"; then
@@ -116,11 +117,10 @@ install() {
                     export DRACUT_SYSTEMD=1
                 fi
                 export PREFIX="$initdir"
+                export hookdir=/lib/dracut/hooks
 
-                # suppress getarg for `rd.memdebug`
-                export DEBUG_MEM_LEVEL=0
-                # shellcheck source=dracut-lib.sh
-                . "$moddir/dracut-lib.sh"
+                # shellcheck source=dracut-dev-lib.sh
+                . "$moddir/dracut-dev-lib.sh"
 
                 for _dev in "${host_devs[@]}"; do
                     for _dev2 in "${root_devs[@]}"; do
@@ -137,7 +137,7 @@ install() {
                     _pdev=$(get_persistent_dev "$_dev")
 
                     case "$_pdev" in
-                        /dev/?*) wait_for_dev "$_pdev" ;;
+                        /dev/?*) wait_for_dev "$_pdev" 0 ;;
                         *) ;;
                     esac
                 done

modules.d/99fs-lib/module-setup.sh

@@ -67,22 +67,23 @@ install() {
     [[ $nofscks == "yes" ]] && return
 
     if [[ $fscks == "${fscks#*[^ ]*}" ]]; then
-        _helpers="\
-            umount mount /sbin/fsck* /usr/sbin/fsck*
+        _helpers=(
+            /sbin/fsck* /usr/sbin/fsck*
             xfs_db xfs_check xfs_repair xfs_metadump
             e2fsck jfs_fsck reiserfsck btrfsck
-        "
+        )
         if [[ $hostonly ]]; then
-            _helpers="umount mount "
-            _helpers+=$(for_each_host_dev_fs echo_fs_helper)
+            read -r -a _helpers < <(for_each_host_dev_fs echo_fs_helper)
         fi
     else
-        _helpers="$fscks"
+        read -r -a _helpers <<< "$fscks"
     fi
 
-    if [[ $_helpers == *e2fsck* ]] && [[ -e $dracutsysrootdir/etc/e2fsck.conf ]]; then
+    _helpers+=(umount mount)
+
+    if [[ ${_helpers[*]} == *e2fsck* ]] && [[ -e $dracutsysrootdir/etc/e2fsck.conf ]]; then
         inst_simple /etc/e2fsck.conf
     fi
 
-    inst_multiple -o "$_helpers" fsck
+    inst_multiple -o "${_helpers[@]}" fsck
 }

modules.d/99img-lib/module-setup.sh

@@ -14,7 +14,7 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple tar gzip dd echo tr
+    inst_multiple tar gzip dd echo tr rmdir
     # TODO: make this conditional on a cmdline flag / config option
     inst_multiple -o cpio xz bzip2 zstd
     inst_simple "$moddir/img-lib.sh" "/lib/img-lib.sh"

modules.d/99memstrack/memstrack-start.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 # Mount kernel debug fs so debug tools can work.
 # memdebug=4 and memdebug=5 requires debug fs to be mounted.
 # And there is no need to umount it.
@@ -20,8 +20,6 @@ is_debugfs_ready() {
 }
 
 prepare_debugfs() {
-    local trace_base
-
     trace_base=$(get_trace_base)
     # old debugfs interface case.
     if ! [ -d "$trace_base/tracing" ]; then
@@ -44,10 +42,10 @@ fi
 if [ -n "$DEBUG_MEM_LEVEL" ]; then
     if [ "$DEBUG_MEM_LEVEL" -ge 5 ]; then
         echo "memstrack - will report kernel module memory usage summary and top allocation stack"
-        memstrack --report module_summary,module_top --notui --throttle 80 -o /.memstrack &
+        nohup memstrack --report module_summary,module_top --notui --throttle 80 -o /.memstrack > /dev/null &
     elif [ "$DEBUG_MEM_LEVEL" -ge 4 ]; then
         echo "memstrack - will report memory usage summary"
-        memstrack --report module_summary --notui --throttle 80 -o /.memstrack &
+        nohup memstrack --report module_summary --notui --throttle 80 -o /.memstrack > /dev/null &
     else
         exit 0
     fi
@@ -61,9 +59,7 @@ if [ $RET -ne 0 ]; then
     exit $RET
 fi
 
+echo $PID > /run/memstrack.pid
+
 # Wait a second for memstrack to setup everything, avoid missing any event
 sleep 1
-
-echo $PID > /run/memstrack.pid
-# bash specific - non posix
-disown

modules.d/99memstrack/memstrack.service

@@ -7,7 +7,7 @@ ConditionKernelCommandLine=|rd.memdebug=4
 ConditionKernelCommandLine=|rd.memdebug=5
 
 [Service]
-Type=simple
+Type=forking
 ExecStart=/bin/memstrack-start
 PIDFile=/run/memstrack.pid
 StandardInput=null

modules.d/99memstrack/module-setup.sh

@@ -11,12 +11,12 @@ check() {
 }
 
 depends() {
-    echo systemd bash
+    echo systemd
     return 0
 }
 
 install() {
-    inst_multiple pgrep pkill
+    inst_multiple pgrep pkill nohup
     inst "/bin/memstrack" "/bin/memstrack"
 
     inst "$moddir/memstrack-start.sh" "/bin/memstrack-start"

modules.d/99squash/init-squash.sh

@@ -1,12 +1,17 @@
 #!/bin/sh
 PATH=/bin:/sbin
 
-# Basic mounts for mounting a squash image
-mkdir /proc /sys /dev /run
-mount -t proc -o nosuid,noexec,nodev proc /proc
-mount -t sysfs -o nosuid,noexec,nodev sysfs /sys
-mount -t devtmpfs -o mode=755,noexec,nosuid,strictatime devtmpfs /dev
-mount -t tmpfs -o mode=755,nodev,nosuid,strictatime tmpfs /run
+[ -e /proc/self/mounts ] \
+    || (mkdir -p /proc && mount -t proc -o nosuid,noexec,nodev proc /proc)
+
+grep -q '^sysfs /sys sysfs' /proc/self/mounts \
+    || (mkdir -p /sys && mount -t sysfs -o nosuid,noexec,nodev sysfs /sys)
+
+grep -q '^devtmpfs /dev devtmpfs' /proc/self/mounts \
+    || (mkdir -p /dev && mount -t devtmpfs -o mode=755,noexec,nosuid,strictatime devtmpfs /dev)
+
+grep -q '^tmpfs /run tmpfs' /proc/self/mounts \
+    || (mkdir -p /run && mount -t tmpfs -o mode=755,noexec,nosuid,strictatime tmpfs /run)
 
 # Load required modules
 modprobe loop