docs: update NEWS.md and AUTHORS

Signed-off-by: Harald Hoyer <harald@profian.com>

.github/workflows/container.yml

@@ -28,7 +28,6 @@ jobs:
             fail-fast: false
             matrix:
                 config:
-                    - { dockerfile: 'Dockerfile-Fedora-33',         tag: 'fedora:33' }
                     - { dockerfile: 'Dockerfile-Fedora-latest',     tag: 'fedora:latest' }
                     - { dockerfile: 'Dockerfile-Fedora-rawhide',    tag: 'fedora:rawhide' }
                     - { dockerfile: 'Dockerfile-OpenSuse-latest',   tag: 'opensuse:latest' }

.gitignore

@@ -1,11 +1,14 @@
 /Makefile.inc
-/dracut.8
-/dracut-catimages.8
-/dracut.conf.5
+/man/dracut.8
+/man/dracut-catimages.8
+/man/dracut.conf.5
 /dracut.conf.d/*.conf
-/dracut-gencmdline.8
+/man/dracut.cmdline.7
 /dracut.html
-/dracut.kernel.7
+/man/dracut.kernel.7
+/man/dracut.bootup.7
+/man/dracut.modules.7
+/man/lsinitrd.1
 /dracut.pc
 /dracut-install
 /modules.d/99base/switch_root
@@ -15,13 +18,13 @@ test*.img
 /.buildpath
 /.project
 /dracut-version.sh
-/install/dracut-install
+/src/install/dracut-install
 /*.rpm
 /*.[0-9]
 /modules.d/98dracut-systemd/*.service.8
 /*.sign
 *.o
-skipcpio/skipcpio
-/util/util
+/src/skipcpio/skipcpio
+/src/util/util
 /dracut-util
 .idea/

.mailmap

@@ -2,9 +2,10 @@ Philippe Seewer <philippe.seewer@bfh.ch> 	<philippe.seewer-omB+W0Dpw2o@public.gm
 Seewer Philippe <philippe.seewer@bfh.ch> 	<philippe.seewer@bfh.ch>
 Philippe Seewer <philippe.seewer@bfh.ch> 	<philippe.seewer@bfh.ch>
 Victor Lowther <victor.lowther@gmail.com> 	<victor.lowther-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
-Harald Hoyer <harald@redhat.com> 		<harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
-Harald Hoyer <harald@redhat.com> 		<harald@eeepc.(none)>
-Harald Hoyer <harald@redhat.com> 		<harald@hoyer.xyz>
+Harald Hoyer <harald@profian.com> 		<harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
+Harald Hoyer <harald@profian.com> 		<harald@eeepc.(none)>
+Harald Hoyer <harald@profian.com> 		<harald@hoyer.xyz>
+Harald Hoyer <harald@profian.com> 		<harald@redhat.com>
 Mike Snitzer <snitzer@redhat.com> 		<msnitzer@redhat.com>
 Amerigo Wang <amwang@redhat.com> 		<xiyou.wangcong@gmail.com>
 Andrey Borzenkov <arvidjaar@gmail.com> 		<arvidjaar@mail.ru>

AUTHORS

@@ -1,4 +1,4 @@
-Harald Hoyer <harald@redhat.com>
+Harald Hoyer <harald@profian.com>
 Victor Lowther <victor.lowther@gmail.com>
 Jóhann B. Guðmundsson <johannbg@gmail.com>
 Amadeusz Żołnowski <aidecoe@aidecoe.name>
@@ -15,61 +15,66 @@ David Dillow <dave@thedillows.org>
 Lubomir Rintel <lkundrak@v3.sk>
 Michal Soltys <soltys@ziu.info>
 Colin Guthrie <colin@mageia.org>
+Martin Wilck <mwilck@suse.de>
 Amerigo Wang <amwang@redhat.com>
 Thomas Renninger <trenn@suse.com>
 Alexander Tsoy <alexander@tsoy.me>
-Martin Wilck <mwilck@suse.de>
 Frederick Grose <fgrose@sugarlabs.org>
+Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
 WANG Chao <chaowang@redhat.com>
+Beniamino Galvani <bgalvani@redhat.com>
 Yu Watanabe <watanabe.yu+github@gmail.com>
 Andrey Borzenkov <arvidjaar@gmail.com>
+Peter Robinson <pbrobinson@fedoraproject.org>
+David Disseldorp <ddiss@suse.de>
 Hans de Goede <hdegoede@redhat.com>
 Jonathan Lebon <jonathan@jlebon.com>
-Peter Jones <pjones@redhat.com>
-Peter Robinson <pbrobinson@fedoraproject.org>
-Andreas Thienemann <andreas@bawue.net>
 Frantisek Sumsal <frantisek@sumsal.cz>
+Peter Jones <pjones@redhat.com>
+Thomas Blume <thomas.blume@suse.com>
+Andreas Thienemann <andreas@bawue.net>
+Renaud Métrich <rmetrich@redhat.com>
+Tomasz Paweł Gajc <tpgxyz@gmail.com>
 Fabian Vogt <fvogt@suse.com>
 Nicolas Chauvet <kwizart@gmail.com>
-Tomasz Paweł Gajc <tpgxyz@gmail.com>
 Zoltán Böszörményi <zboszor@pr.hu>
-Beniamino Galvani <bgalvani@redhat.com>
 Colin Walters <walters@verbum.org>
 John Reiser <jreiser@bitwagon.com>
 Luca Berra <bluca@vodka.it>
 Xunlei Pang <xlpang@redhat.com>
 Brian C. Lane <bcl@redhat.com>
 Daniel Drake <drake@endlessm.com>
-Renaud Métrich <rmetrich@redhat.com>
+Dusty Mabe <dusty@dustymabe.com>
+Shreenidhi Shedi <sshedi@vmware.com>
 Angelo "pallotron" Failla <pallotron@fb.com>
-Thomas Blume <thomas.blume@suse.com>
+Dan Horák <dhorak@redhat.com>
+David Tardon <dtardon@redhat.com>
+David Teigland <teigland@redhat.com>
 Ville Skyttä <ville.skytta@iki.fi>
 Böszörményi Zoltán <zboszor@pr.hu>
 Cristian Rodríguez <crrodriguez@opensuse.org>
-Dan Horák <dhorak@redhat.com>
 Javier Martinez Canillas <javierm@redhat.com>
 Ondrej Mosnacek <omosnace@redhat.com>
 Baoquan He <bhe@redhat.com>
 Brendan Germain <brendan.germain@nasdaqomx.com>
-David Tardon <dtardon@redhat.com>
-Dusty Mabe <dusty@dustymabe.com>
 Jonas Witschel <diabonas@gmx.de>
 Leho Kraav <leho@kraav.com>
 Marcos Mello <marcosfrm@gmail.com>
+Mike Gilbert <floppym@gentoo.org>
 Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
 Moritz Maxeiner <moritz@ucworks.org>
 Nathan Rini <nate@ucar.edu>
 Radek Vykydal <rvykydal@redhat.com>
+Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 Đoàn Trần Công Danh <congdanhqx@gmail.com>
 Fabian Deutsch <fabiand@fedoraproject.org>
 Kamil Rytarowski <n54@gmx.com>
+Laszlo Gombos <laszlo.gombos@gmail.com>
 Lidong Zhong <lidong.zhong@suse.com>
 Marc Grimme <grimme@atix.de>
-Mike Gilbert <floppym@gentoo.org>
 NeilBrown <neilb@suse.de>
 Peter Rajnoha <prajnoha@redhat.com>
 Thorsten Behrens <tbehrens@suse.com>
-Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 q66 <daniel@octaforge.org>
 Adam Williamson <awilliam@redhat.com>
 Chao Wang <chaowang@redhat.com>
@@ -79,9 +84,11 @@ Jesse Keating <jkeating@redhat.com>
 Milan Broz <mbroz@redhat.com>
 Mimi Zohar <zohar@linux.vnet.ibm.com>
 Norbert Lange <norbert.lange@andritz.com>
+Pingfan Liu <piliu@redhat.com>
 Roberto Sassu <roberto.sassu@polito.it>
 Stefan Reimer <it@startux.de>
 Takashi Iwai <tiwai@suse.de>
+Tony Asleson <tasleson@redhat.com>
 Anton Blanchard <anton@samba.org>
 Bill Nottingham <notting@redhat.com>
 Chapman Flack <g2@anastigmatix.net>
@@ -96,11 +103,13 @@ Jon Ander Hernandez <jonan.h@gmail.com>
 Juan RP <xtraeme@gmail.com>
 Lance Albertson <lance@osuosl.org>
 Marian Ganisin <mganisin@redhat.com>
+Masahiro Matsuya <mmatsuya@redhat.com>
 Matthias Gerstner <matthias.gerstner@suse.de>
 Max Resch <resch.max@gmail.com>
 Michael Ploujnikov <plouj@somanetworks.com>
 Pratyush Anand <panand@redhat.com>
 Silvio Fricke <silvio.fricke@gmail.com>
+Stefan Berger <stefanb@linux.ibm.com>
 Steven Brudenell <steven.brudenell@gmail.com>
 Stig Telfer <stelfer@cray.com>
 Thomas Backlund <tmb@mageia.org>
@@ -110,10 +119,14 @@ Wim Muskee <wimmuskee@gmail.com>
 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
 Alan Pevec <apevec@redhat.com>
 Alex Harpin <development@landsofshadow.co.uk>
+Alexander Wenzel <alexander.wenzel@qbeyond.de>
 Alexey Shabalin <shaba@altlinux.org>
+Andre Russ <andre.russ@sap.com>
+Andreas Schwab <schwab@suse.de>
 Ankit Kumar <ankit@linux.vnet.ibm.com>
 Antony Messerli <amesserl@rackspace.com>
 Chao Fan <cfan@redhat.com>
+Cornelius Hoffmann <coding@hoffmn.de>
 Daniel Cordero <dracut@0xdc.io>
 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Daniel Schaal <farbing@web.de>
@@ -128,7 +141,9 @@ Imran Haider <imran1008@gmail.com>
 James Buren <ryuo@frugalware.org>
 Jan Macku <jamacku@redhat.com>
 Joey Boggs <jboggs@redhat.com>
+José María Fernández <josemariafg@gmail.com>
 Julian Wolf <juwolf@suse.com>
+Kairui Song <kasong@tencent.com>
 Koen Kooi <koen@dominion.thruhere.net>
 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 Kyle McMartin <kmcmarti@redhat.com>
@@ -144,29 +159,28 @@ Nikoli <nikoli@gmx.us>
 Patrick Talbert <ptalbert@redhat.com>
 Pedro Monreal <pmgdeb@gmail.com>
 Petr Pavlu <petr.pavlu@suse.com>
-Pingfan Liu <piliu@redhat.com>
 Przemysław Rudy <prudy1@o2.pl>
 Robert LeBlanc <robert@leblancnet.us>
 Robert Scheck <robert@fedoraproject.org>
-Stefan Berger <stefanb@linux.ibm.com>
 Stefan Berger <stefanb@us.ibm.com>
 Thomas Lange <lange@informatik.uni-koeln.de>
 Till Maas <opensource@till.name>
-Tony Asleson <tasleson@redhat.com>
 Vivek Goyal <vgoyal@redhat.com>
 Vladislav Bogdanov <bubble@hoster-ok.com>
+Zoltán Böszörményi <zboszor@gmail.com>
 Érico Rolim <erico.erc@gmail.com>
 наб <nabijaczleweli@nabijaczleweli.xyz>
 A. Wilcox <AWilcox@Wilcox-Tech.com>
 Adam Alves <adamoa@gmail.com>
+Adrien Thierry <athierry@redhat.com>
 Alexander Kurtz <alexander@kurtz.be>
 Alexander Miroshnichenko <alex@millerson.name>
 Alexander Sosedkin <asosedkin@redhat.com>
 Alexander Todorov <atodorov@redhat.com>
 Alexey Kodanev <alexey.kodanev@oracle.com>
-Andreas Schwab <schwab@suse.de>
 Andreas Stieger <astieger@suse.com>
 Andrew J. Hesford <ajh@sideband.org>
+Andrey Sokolov <keremet@altlinux.org>
 Andy Lutomirski <luto@mit.edu>
 Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
 Anssi Hannula <anssi@mageia.org>
@@ -178,22 +192,25 @@ B. Wilson <x@wilsonb.com>
 Ben Howard <ben.howard@redhat.com>
 Benjamin Marzinski <bmarzins@redhat.com>
 Brandon Philips <brandon@ifup.co>
+Brandon Sloane <btsloane@verizon.net>
 Bruno E. O. Meneguele <bmeneg@redhat.com>
 Bryn M. Reeves <bmr@redhat.com>
 Canek Peláez Valdés <caneko@gmail.com>
 Carlo Caione <carlo@endlessm.com>
 Chad Dupuis <chad.dupuis@cavium.com>
+Charles Rose <charles.rose@dell.com>
 Christian Heinz <christian.ch.heinz@gmail.com>
+Coiby Xu <coxu@redhat.com>
 Cong Wang <amwang@redhat.com>
 Dan Fuhry <dfuhry@datto.com>
 Dave Jones <davej@redhat.com>
-David Disseldorp <ddiss@suse.de>
 David Hildenbrand <david@redhat.com>
 David Michael <david.michael@coreos.com>
 Denis Volkov <denis@simpletexting.net>
 Dennis Schridde <devurandom@gmx.net>
 Derek Hageman <hageman@inthat.cloud>
 Derek Higgins <derekh@redhat.com>
+Dirk Müller <dirk@dmllr.de>
 Donovan Tremura <neurognostic@protonmail.ch>
 Duane Griffin <duaneg@dghda.com>
 Elan Ruusamäe <glen@delfi.ee>
@@ -209,9 +226,12 @@ Frank Deng <frank.deng@oracle.com>
 François Cami <fcami@fedoraproject.org>
 Gerd von Egidy <gerd.von.egidy@intra2net.com>
 Glen Gray <slaine@slaine.org>
+Glenn Morris <rgm@stanford.edu>
 GuoChuang <guo.chuang@zte.com.cn>
 HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
+Hari Bathini <hbathini@linux.ibm.com>
 Hendrik Brueckner <brueckner@linux.ibm.com>
+Henrik Gombos <henrik99999@gmail.com>
 Hermann Gausterer <git-dracut-2012@mrq1.org>
 Hiroaki Mizuguchi <hiroaki-m@iij.ad.jp>
 Hongxu Jia <hongxu.jia@windriver.com>
@@ -238,6 +258,8 @@ Lennart Poettering <lennart@poettering.net>
 Lennert Buytenhek <buytenh@wantstofly.org>
 Lev Veyde <lveyde@redhat.com>
 Lianbo Jiang <lijiang@redhat.com>
+LinkTed <link.ted@mailbox.org>
+Luca BRUNO <luca.bruno@coreos.com>
 Lucas C. Villa Real <lucasvr@gmail.com>
 Major Hayden <major@mhtx.net>
 Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
@@ -246,6 +268,7 @@ Marian Csontos <mcsontos@redhat.com>
 Mark Fasheh <mfasheh@suse.de>
 Matt <smoothsailing72@hotmail.com>
 Matt Smith <shadowfax@gmx.com>
+Matthias Berndt <matthias_berndt@gmx.de>
 Mei Liu <liumbj@linux.vnet.ibm.com>
 Michael Chapman <mike@very.puzzling.org>
 Michael McCracken <michael.mccracken@gmail.com>
@@ -261,6 +284,7 @@ Ondrej Dubaj <odubaj@redhat.com>
 P J P <ppandit@redhat.com>
 Paolo Bonzini <pbonzini@redhat.com>
 Paul Robins <exp@users.noreply.github.com>
+Pavel Valena <pvalena@redhat.com>
 Pavel Zhukov <pzhukov@redhat.com>
 Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
 Pekka Wallendahl <wyrmiyu@gmail.com>
@@ -286,6 +310,7 @@ Sullivan (CTR), Austin <austin.sullivan.ctr@progeny.net>
 Thierry Vignaud <thierry.vignaud@gmail.com>
 Thilo Bangert <thilo.bangert@gmx.net>
 Thomas Abraham <tabraham@suse.com>
+Thomas Haller <thaller@redhat.com>
 Tobias Geerinckx <tobias.geerinckx@gmail.com>
 Tobias Klauser <tklauser@distanz.ch>
 Tom Gundersen <teg@jklm.no>
@@ -306,6 +331,8 @@ jbash aka John Bashinski <jbash@velvet.com>
 jloeser <jloeser@suse.de>
 johannes <johannes.brechtmann@gmail.com>
 jonathan-teh <30538043+jonathan-teh@users.noreply.github.com>
+joshuacov1 <joshuacov@gmail.com>
+lapseofreason <lapseofreason0@gmail.com>
 leo-lb <lle-bout@zaclys.net>
 logan <logancaldwell23@gmail.com>
 masem <matej.semian@gmail.com>

Makefile

@@ -102,6 +102,16 @@ ifeq ($(HAVE_SHFMT),yes)
 	shfmt -w -s .
 endif
 
+src/dracut-cpio/target/release/dracut-cpio: src/dracut-cpio/src/main.rs
+	cargo --offline build --release --manifest-path src/dracut-cpio/Cargo.toml
+
+dracut-cpio: src/dracut-cpio/target/release/dracut-cpio
+	ln -fs $< $@
+
+ifeq ($(enable_dracut_cpio),yes)
+all: dracut-cpio
+endif
+
 doc: $(manpages) dracut.html
 
 ifneq ($(enable_documentation),no)
@@ -168,6 +178,7 @@ ifneq ($(enable_documentation),no)
 endif
 	if [ -n "$(systemdsystemunitdir)" ]; then \
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir); \
+		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown-onfailure.service; \
 		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown.service; \
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir)/sysinit.target.wants; \
 		ln -s ../dracut-shutdown.service \
@@ -196,6 +207,9 @@ endif
 	if [ -f dracut-util ]; then \
 		install -m 0755 dracut-util $(DESTDIR)$(pkglibdir)/dracut-util; \
 	fi
+ifeq ($(enable_dracut_cpio),yes)
+	install -m 0755 dracut-cpio $(DESTDIR)$(pkglibdir)/dracut-cpio
+endif
 	mkdir -p $(DESTDIR)${prefix}/lib/kernel/install.d
 	install -m 0755 install.d/50-dracut.install $(DESTDIR)${prefix}/lib/kernel/install.d/50-dracut.install
 	install -m 0755 install.d/51-dracut-rescue.install $(DESTDIR)${prefix}/lib/kernel/install.d/51-dracut-rescue.install
@@ -222,6 +236,7 @@ clean:
 	$(RM) dracut-util util/util $(UTIL_OBJECTS)
 	$(RM) $(manpages) dracut.html
 	$(RM) dracut.pc
+	$(RM) dracut-cpio src/dracut-cpio/target/release/dracut-cpio*
 	$(MAKE) -C test clean
 
 dist: dracut-$(DRACUT_MAIN_VERSION).tar.xz

NEWS.md

@@ -1,5 +1,234 @@
 [Rendered view](https://github.com/dracutdevs/dracut/blob/master/NEWS.md)
 
+dracut-056
+==========
+
+#### Bug Fixes
+
+* **base:**
+    *  do not change the provided UUID ([4e858741](https://github.com/dracutdevs/dracut/commit/4e858741087a5cfea891bd2c1fd51ea9b830aeaf))
+    *  add default device choice ([e8c18c9f](https://github.com/dracutdevs/dracut/commit/e8c18c9f7f5ed94898f70e9ff5a5f94a815a2b49))
+    *  tr needs to be installed ([dfbfd33b](https://github.com/dracutdevs/dracut/commit/dfbfd33b24524c0c10ad3594be143192f5b7da84))
+    *  do not quote $initargs for switch_root ([f649cd10](https://github.com/dracutdevs/dracut/commit/f649cd10b2e920e9d65c532db9b9f89a7370ad99))
+    *  repair installing dracut-util ([d7acf107](https://github.com/dracutdevs/dracut/commit/d7acf107f2ac619f73dfa29588ea9adfaf79e296))
+* **bluetooth:**
+    *  make hostonly configuration files optional ([d03fb675](https://github.com/dracutdevs/dracut/commit/d03fb675d8e904c6c44de9b91814b33c45043f4f))
+    *  dbus configuration path fixes ([34b1dd2e](https://github.com/dracutdevs/dracut/commit/34b1dd2e26c343e9000094db01a7985b6851adf1))
+* **cms:**  reload NetworkManager connections ([07977ee5](https://github.com/dracutdevs/dracut/commit/07977ee5c5294a5d30c1f33f292a0b31303750fb))
+* **cpio:**
+    *  correct dev_t -> rmajor/rminor mapping ([acc629ab](https://github.com/dracutdevs/dracut/commit/acc629abb0d7a26f692f99e5a9cf8c8401bc6a86))
+    *  write zeros instead of seek for padding and alignment ([0af11c5e](https://github.com/dracutdevs/dracut/commit/0af11c5ea5018a3e1049a2207a9a671049651876))
+* **crypt:**  remove quotes from cryptsetupopts ([e0abf88a](https://github.com/dracutdevs/dracut/commit/e0abf88a15d23fbf793cf872397016ad86aeaaa8), closes [#1528](https://github.com/dracutdevs/dracut/issues/1528))
+* **crypt-gpg:**
+    *  tr needs to be installed ([a93fbc4a](https://github.com/dracutdevs/dracut/commit/a93fbc4ae00d8c6ecda67319a6425f7966609bbe))
+    *  execute --card-status on each try ([66100936](https://github.com/dracutdevs/dracut/commit/6610093698db25fda1d584b9771da1e2c2330095))
+* **dasd_rules:**
+    *  correct udev dasd rules parsing ([5de6e4d5](https://github.com/dracutdevs/dracut/commit/5de6e4d56e5206cb47f645ad1cb6d39794048c68))
+    *  remove collect based udev rule creators ([ebafbd82](https://github.com/dracutdevs/dracut/commit/ebafbd824175e201ae9476576588a896c6b7d7eb))
+* **dmsquash-live:**
+    *  option to use overlayfs on a block device root ([813577e2](https://github.com/dracutdevs/dracut/commit/813577e2ba034b448d2cf2d2857b2d20d56c0259))
+    *  do not install systemd files when systemd is not enabled ([bf8738d3](https://github.com/dracutdevs/dracut/commit/bf8738d31ca53ad6410c46c1f9b2a4a12273b9a3))
+    *  iso-scan requires rmdir ([e19e3890](https://github.com/dracutdevs/dracut/commit/e19e38904c054664473207d2d6ef3c53bd938867))
+    *  correct regression introduced with shellcheck changes ([0c631efb](https://github.com/dracutdevs/dracut/commit/0c631efb10bf4ce18ec8640277bd94712950298a))
+* **dmsquash-live-ntfs:**  fuse3 no longer requires ulockmgr_server ([75ad2699](https://github.com/dracutdevs/dracut/commit/75ad269931eccd266a5d60ba4000d93655143e00))
+* **dracut:**  be more robust when using 'set -u' ([22a80629](https://github.com/dracutdevs/dracut/commit/22a80629b4bbcef02eb8fe3611ea44e253ef4c61))
+* **dracut-functions.sh:**
+    *  ip route parsing ([d754e1c6](https://github.com/dracutdevs/dracut/commit/d754e1c6f081a6501cb7fdcb5caaa6c4977235af))
+    *  get block device driver if in a virtual subsystem ([dc3b976f](https://github.com/dracutdevs/dracut/commit/dc3b976f3393d7a3fb75b349418fc8ee2c9142bd))
+* **dracut-init:**  unbreak a comment ([bc4f196f](https://github.com/dracutdevs/dracut/commit/bc4f196f9825029eaef7ccf525ec57f5229b2793))
+* **dracut-initramfs-restore.sh:**
+    *  add missing compression options ([e86397de](https://github.com/dracutdevs/dracut/commit/e86397de24f4efa6d36e2bb5ae84b7d9ec69b72d))
+    *  add missing default paths ([3d8e1ad2](https://github.com/dracutdevs/dracut/commit/3d8e1ad2ae1e34244ddf700beea6358c1452e05c), closes [#1628](https://github.com/dracutdevs/dracut/issues/1628))
+* **dracut-install:**  tweaks to get_real_file() ([1beeaf3b](https://github.com/dracutdevs/dracut/commit/1beeaf3b71aed763d5fc7a9ee044d675f8906e8c))
+* **dracut-shutdown:**  add cleanup handler on failure ([7ab1d002](https://github.com/dracutdevs/dracut/commit/7ab1d00227cad6f1b86ba01fdc766769faebb031))
+* **dracut-systemd:**  do not use Requires for vconsole-setup.service ([a7f5429c](https://github.com/dracutdevs/dracut/commit/a7f5429cb81f7ffdf9bd5684af8d36725170b756))
+* **dracut.sh:**
+    *  do not ignore invalid config file or dir path ([7de9ffc0](https://github.com/dracutdevs/dracut/commit/7de9ffc0574790ecbad74b5a000ecd022d7736d4))
+    *  check kernel zstd support early ([475497b1](https://github.com/dracutdevs/dracut/commit/475497b1bd12c006c782541124b6427cb7ef4cb7))
+    *  check availability of configured compression ([bdac657b](https://github.com/dracutdevs/dracut/commit/bdac657bf65615438942a872491a818750735014))
+    *  inform user about auto-selected compression method ([06d47ded](https://github.com/dracutdevs/dracut/commit/06d47ded679231e1370cc655c1df408fc865baac))
+    *  drop pointless check for module compression method ([586d3e76](https://github.com/dracutdevs/dracut/commit/586d3e7664c00bf144becfa69dde2dbab8711d51))
+    *  change misspelled variable name ([acfd97a9](https://github.com/dracutdevs/dracut/commit/acfd97a94385c33cd6cef4e5a37f233ea4081288))
+    *  remove wrong $ in loop sequence ([f1245b5b](https://github.com/dracutdevs/dracut/commit/f1245b5bc13a98ef0dcc679dcef6148214e09503))
+    *  handle symlinks appropriately while using '-i' option ([c7fbc0c8](https://github.com/dracutdevs/dracut/commit/c7fbc0c8901917baf0d1f0822568e65c6ec00d18))
+    *  handle '-i' option to include files beginning with '.' ([f1138012](https://github.com/dracutdevs/dracut/commit/f1138012c9dc44e6614466c0a8e929fc55e4a5dd))
+* **drm:**  add privacy screen modules to the initrd ([14d97a6a](https://github.com/dracutdevs/dracut/commit/14d97a6a28c6172340c47c89374358aaf4e2629d))
+* **fedora.conf.example:**  rename misspelled variable ([9371dcab](https://github.com/dracutdevs/dracut/commit/9371dcaba3c58377428eee44bd702fae7b2ab20e))
+* **fido2:**  add a missing library ([4753738b](https://github.com/dracutdevs/dracut/commit/4753738b62d958955f50fb077ea21c56a8d23dc3))
+* **fips:**
+    *  missing sourcing of dracut-lib ([857b17f0](https://github.com/dracutdevs/dracut/commit/857b17f090bdf575292f0bd6f5e8e3d753f6b426))
+    *  add and remove local variables ([e8121bfd](https://github.com/dracutdevs/dracut/commit/e8121bfddda34e20db889a74d4ac6259ed182aea))
+    *  wrong error message ([7f10c483](https://github.com/dracutdevs/dracut/commit/7f10c483b6abcc8be42cf246bbdade264be68228))
+    *  handle s390x OSTree systems ([78557f05](https://github.com/dracutdevs/dracut/commit/78557f05a69fe718a97df85d2ed741ce10d3f806))
+* **fips.sh:**  repsect rd.fips.skipkernel ([5789abcb](https://github.com/dracutdevs/dracut/commit/5789abcbe05f30d556086590b786c4857d025d9d))
+* **img-lib:**  install rmdir ([51ce8893](https://github.com/dracutdevs/dracut/commit/51ce8893d981e90640123a7dcc3e4f3621e7d819))
+* **install:**
+    *  segfault on popen error ([5c2f72f1](https://github.com/dracutdevs/dracut/commit/5c2f72f152ec319a8001d1ff0bfd1f81a9130b04))
+    *  extend hwcaps library handling to libraries under glibc-hwcaps/ ([10ed204f](https://github.com/dracutdevs/dracut/commit/10ed204f873f454dcd15ffcc82dc3a1c781c1514))
+    *  use size_t to avoid -Wsign-compare warning ([55468a2d](https://github.com/dracutdevs/dracut/commit/55468a2d40182de4cce5ba4ecd5dcd96be03bd4d))
+    *  improve gettid definition ([ef0f848a](https://github.com/dracutdevs/dracut/commit/ef0f848a67fdd0a0dab135acbd1cd7fa0179a95c))
+    *  validate return values log.c ([19537f89](https://github.com/dracutdevs/dracut/commit/19537f8943ac4106c6d4ab0e00a48a8c0a9a0519))
+    *  rectify unused function args in log.c ([b5cf7ec7](https://github.com/dracutdevs/dracut/commit/b5cf7ec784335ec561e379f8e78f48019a344ac0))
+    *  use wrapper for asprintf ([e2a61595](https://github.com/dracutdevs/dracut/commit/e2a61595d2c91202ff4ea69937064cd2c0d1f336))
+    *  use unsigned int instead of unsigned ([74a41799](https://github.com/dracutdevs/dracut/commit/74a417994840f7a6119e2dee57f9a3bb4d84998b))
+    *  reduce cppcheck warnings ([b0bf8187](https://github.com/dracutdevs/dracut/commit/b0bf8187d5cc51d5576d8d70a81677d7c9741b37))
+    *  add a missing ret value assignment ([6a444261](https://github.com/dracutdevs/dracut/commit/6a44426162d5b1b7084b17f921799863d353f847))
+* **integrity:**  add support for loading multiple EVM x509 certs ([9da76af8](https://github.com/dracutdevs/dracut/commit/9da76af8e7f0f7a939b2ee44f0b4a5ce0bdd3b0b))
+* **iscsi:**  add support for the new iscsiadm "no-wait" (-W) command ([7374943a](https://github.com/dracutdevs/dracut/commit/7374943ae3d063f0142c969b132c4156030fda8b))
+* **kernel-modules:**
+    *  add mailbox drivers for arm ([0e80ff72](https://github.com/dracutdevs/dracut/commit/0e80ff72e01d28e7e92d3adbf98ec40bdbdc37fe))
+    *  detect block device's hardware driver ([c86f4d28](https://github.com/dracutdevs/dracut/commit/c86f4d286000d1e76fd405560b4114537e2cbbff))
+    *  add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs ([b292ce72](https://github.com/dracutdevs/dracut/commit/b292ce7295f18192124e64e5ec31161d09492160))
+    *  add more modules on RISC-V ([3cc9f1c1](https://github.com/dracutdevs/dracut/commit/3cc9f1c10c67dcdb5254e0eb69f19e9ab22abf20))
+    *  add isp1760 USB controller ([15398458](https://github.com/dracutdevs/dracut/commit/15398458685d376fef56b1bf6fe09ae7c68324c1))
+    *  add Type-C USB drivers for generic initrd ([a1287c62](https://github.com/dracutdevs/dracut/commit/a1287c627f28b16b1b066b7c256549b832bd98de))
+* **kernel-modules-extra:**  handle zstd module extension ([b3d2dcb7](https://github.com/dracutdevs/dracut/commit/b3d2dcb71e7af8f605f5f66041ed3c801333e5f1))
+* **lvm:**
+    *  restore setting LVM_MD_PV_ACTIVATED ([164e5ebb](https://github.com/dracutdevs/dracut/commit/164e5ebb1199ea3e3d641ce402d8257f0055a529))
+    *  replace --partial option ([97543cca](https://github.com/dracutdevs/dracut/commit/97543cca48dfde849396f11c83f9c320e1b91c46))
+* **man:**  default value of rd.retry was increased to 180 seconds ([4855242c](https://github.com/dracutdevs/dracut/commit/4855242ce5cb586afd2eebd91df57ce1d28ae6b5))
+* **mdraid:**  allow UUID comparison for more than one UUID ([d364ce83](https://github.com/dracutdevs/dracut/commit/d364ce8334fef96f48492bd0fb3b7deac37bbb66))
+* **memstrack:**  drop bash runtime requirement ([35822f39](https://github.com/dracutdevs/dracut/commit/35822f39970b369301e0ff54436d5714dd996896))
+* **mksh:**  requires printf ([f806a628](https://github.com/dracutdevs/dracut/commit/f806a628aa9aec548e425e81b6ea4ab6f5db26f6))
+* **multipath:**
+    *  check if mpathconf is available ([4318533e](https://github.com/dracutdevs/dracut/commit/4318533e1493bfab622b64efc1b799426c812c26))
+    *  drop ExecStop= setting from service unit ([9491e599](https://github.com/dracutdevs/dracut/commit/9491e599282d0d6bb12063eddbd192c0d2ce8acf))
+    *  get config. dir from configuration ([2e3c5444](https://github.com/dracutdevs/dracut/commit/2e3c5444d271cb8f05955858b8fdc367c4ea5c48))
+* **multipathd.service:**
+    *  drop dependencies on iscsi and iscsid ([6246da40](https://github.com/dracutdevs/dracut/commit/6246da400fa7f527a1ff1c620bf85ac9f6644508))
+    *  adapt to upstream multipath-tools unit file ([a247d2bc](https://github.com/dracutdevs/dracut/commit/a247d2bc0d4c6d37a2ea4f3da98dd7902bb37385))
+    *  remove dependency on systemd-udev-settle ([371b338a](https://github.com/dracutdevs/dracut/commit/371b338a5f19d40ff4c3216dc0f27f9a00cf4e22))
+* **network:**
+    *  consistent use of "$gw" for gateway ([3f2c76bb](https://github.com/dracutdevs/dracut/commit/3f2c76bb1456941a28d3333569d2bf18f8624617))
+    *  wrong test of wicked unit ([22e68307](https://github.com/dracutdevs/dracut/commit/22e683077a686b592da55e1d247b31f65c95d481))
+    *  add errors and warnings when network interface does not exist ([79389352](https://github.com/dracutdevs/dracut/commit/7938935267dd8824f074adf84c219340ad4c8db6))
+* **network-manager:**
+    *  skip non-directories in /sys/class/net ([d9c3c774](https://github.com/dracutdevs/dracut/commit/d9c3c77437d91d7d66369a3ef701ffc5e501346d))
+    *  disable tty output if the console is not usable ([f6e6be24](https://github.com/dracutdevs/dracut/commit/f6e6be245d0cda14d90a0442b688c8dca1410a2e))
+    *  show output on console only with rd.debug enabled ([e07b7ad0](https://github.com/dracutdevs/dracut/commit/e07b7ad0e7f5dbb8024336f3075610b3b74ffb2e))
+    *  write DHCP filename option to dhcpopts file ([38320fce](https://github.com/dracutdevs/dracut/commit/38320fce56a8d83b79d6c970c491a454ba9de213))
+    *  check for nm-initrd-generator in both /usr/{libexec,lib} ([5ee7e249](https://github.com/dracutdevs/dracut/commit/5ee7e249b8cc74461122ccd7efe954b3402c23da))
+    *  ensure safe content of /tmp/dhclient."$ifname".dhcpopts ([e509c638](https://github.com/dracutdevs/dracut/commit/e509c638e68a8e3cae446d1a4f9f86e3aa6e7a99))
+    *  include nm-daemon-helper binary ([0e590531](https://github.com/dracutdevs/dracut/commit/0e5905315e92dfc095f543fd73db6190db533217))
+    *  don't pull in systemd-udev-settle ([a0f12fb6](https://github.com/dracutdevs/dracut/commit/a0f12fb6a09b09f35ab28753d7c4461c10a8b562))
+    *  support teaming under NM+systemd ([a97d2ced](https://github.com/dracutdevs/dracut/commit/a97d2cedcf65a9a2fbff2591171f0163c7d3cb46))
+    *  pull in network.target in nm-initrd.service ([a97d6e2b](https://github.com/dracutdevs/dracut/commit/a97d6e2b13146783831b166ec5e8b33b29c514b0))
+* **network-wicked:**  multiple path corrections ([d3b5bc17](https://github.com/dracutdevs/dracut/commit/d3b5bc17ebadfe8922d1144b3dfd5435d0ecc71a))
+* **nvmf:**  validate_ip_conn ([655c65e6](https://github.com/dracutdevs/dracut/commit/655c65e6ced00e7a80c41e96c5f6fe108da07839))
+* **qeth_rules:**  check the existence of /sys/devices/qeth/*/online beforehand ([6c71ba41](https://github.com/dracutdevs/dracut/commit/6c71ba4121ae64ccd13fefba68ca327ac623810f))
+* **resume:**
+    *  resume using /usr/lib64/suspend ([c4593734](https://github.com/dracutdevs/dracut/commit/c459373448d24760d15e22fde7c6f811c7891376))
+    *  check for presence of /sys/power/resume ([0b977906](https://github.com/dracutdevs/dracut/commit/0b97790626bff3579755b38f78a9c524a075cfcc))
+* **rootfs-block:**  make the base module dependency explicit ([3326e4c9](https://github.com/dracutdevs/dracut/commit/3326e4c957d0499495d9e91182fc574b960ace86))
+* **s390_rules:**  drop collect installation ([f905c3a7](https://github.com/dracutdevs/dracut/commit/f905c3a72c975cf6006f266755cc91229132c739))
+* **shutdown:**  be robust against forced shutdown ([b9ba3c8b](https://github.com/dracutdevs/dracut/commit/b9ba3c8bb8f0f1328cd1ffaa8dbf64585b28c474))
+* **skipcpio:**
+    *  calculate and use CPIO_MAGIC_LEN ([3fb8723c](https://github.com/dracutdevs/dracut/commit/3fb8723ce0066b4ba92f6dbfc4373a66d1f551c4))
+    *  improve error checking ([f6d16b6b](https://github.com/dracutdevs/dracut/commit/f6d16b6bbd5b8b7ac238c3d2148bebf4e91140a2))
+* **squash:**
+    *  apply FIPS and libpthread workaround ([5ab18dee](https://github.com/dracutdevs/dracut/commit/5ab18dee996f0eeb2b0bfe354570e1b1af46d025))
+    *  remove tailing '/' when installing ld.so.conf.d ([cbd85597](https://github.com/dracutdevs/dracut/commit/cbd85597e3ed6abf64ac17f431da5477eb5aefa0))
+    *  keep ld cache under initdir ([dc21638c](https://github.com/dracutdevs/dracut/commit/dc21638c3f0acbb54417f3bfb6294ad5514bf2db))
+    *  create relative symlinks ([a2b6be44](https://github.com/dracutdevs/dracut/commit/a2b6be44792b68218e3378a7d844b0f8527a4805))
+* **systemd-sysusers:**
+    *  use split systemd sysuser configs ([fec93bb2](https://github.com/dracutdevs/dracut/commit/fec93bb22181f80056b40231fca36c422248ade0))
+    *  override systemd-sysusers.service ([dcbe23c1](https://github.com/dracutdevs/dracut/commit/dcbe23c14d13ca335ad327b7bb985071ca442f12))
+* **tpm2-tss:**
+    *  add a missing library ([c656b612](https://github.com/dracutdevs/dracut/commit/c656b612b101e4834e01f9841162e2629a7272f7))
+    *  typo in depends() ([8b17105b](https://github.com/dracutdevs/dracut/commit/8b17105bed69ed90582a13d97d95ee19e6581365))
+* **url-lib:**
+    * SC2086: Double quote to prevent globbing and word splitting ([acb18869](https://github.com/dracutdevs/dracut/commit/acb18869e98687a3f8c172d7e7befaa5326cf67a))
+    * SC2046: Quote this to prevent word splitting ([ec50cec3](https://github.com/dracutdevs/dracut/commit/ec50cec3bd9169410df409e077d0487c63c2a627))
+    * improve ca-bundle detection ([e3bb1815](https://github.com/dracutdevs/dracut/commit/e3bb1815bbbff1a7e21b857d2ae32bc0410754d5))
+    * make pre-pivot hook separetely per nfs mount ([2f091b17](https://github.com/dracutdevs/dracut/commit/2f091b17075f81ff490b05d3d566d736fc32f0be))
+* **usrmount:**  do not empty _dev variable ([4afdcba2](https://github.com/dracutdevs/dracut/commit/4afdcba212793f136aea012b30dd7bdb5b641a5a))
+* **zfcp_rules:**
+    *  correct udev zfcp rules parsing ([59252668](https://github.com/dracutdevs/dracut/commit/5925266832042f9d17a3fb7a219b83118c5b16d6))
+    *  remove collect based udev rule creators ([d40c49a8](https://github.com/dracutdevs/dracut/commit/d40c49a8dfe203be33af8ace5f0efd07a88856f4))
+
+#### Features
+
+* **Makefile:**  cargo wrapper for dracut-cpio build ([51d21c6b](https://github.com/dracutdevs/dracut/commit/51d21c6b37b0eb8566d18d665d0197ca4d68101c))
+* **cpio:**
+    *  add newc archive creation utility ([a9c67046](https://github.com/dracutdevs/dracut/commit/a9c67046431ccf5fd4f4c16c890695df388f0d38))
+    *  add rust argument parsing library from crosvm ([94fc5026](https://github.com/dracutdevs/dracut/commit/94fc50262f5e6c28d92782dc231fbb6c61855954))
+* **crypt:**
+    *  check if pkcs11 module is needed in hostonly mode ([56f4fb6c](https://github.com/dracutdevs/dracut/commit/56f4fb6cb755327c77c32f8c414a4a0e64fc933c))
+    *  check if fido2 module is needed in hostonly mode ([d5fd030c](https://github.com/dracutdevs/dracut/commit/d5fd030cc285730e1a1b9e0e78a1e1dc4daabfe0))
+    *  check if tpm2-tss module is needed in hostonly mode ([5d990a00](https://github.com/dracutdevs/dracut/commit/5d990a004b5ae6863f2c9a633b184c07dd73563d))
+* **dracut.sh:**
+    *  add --aggresive-strip option ([67fc670a](https://github.com/dracutdevs/dracut/commit/67fc670a88ab6c97d22c6718082619c0cf850fc3))
+    *  add "--enhanced-cpio" option for calling dracut-cpio ([afe4a6db](https://github.com/dracutdevs/dracut/commit/afe4a6dbb7df62982baab8212bba5d90010dfbac))
+    *  check if target kernel has zstd support compiled in ([591118c5](https://github.com/dracutdevs/dracut/commit/591118c56da2bfcea060e3b7671bc87b23c0e44a))
+* **fido2:**  introducing the fido2 module ([049973b7](https://github.com/dracutdevs/dracut/commit/049973b708298ea0ce1ac9c869b404f4c718eff3))
+* **lvm:**
+    *  only run lvchange for LV that is seen on devices ([1af46743](https://github.com/dracutdevs/dracut/commit/1af46743195422aaebcde5c508a5dd479eff51ea))
+    *  use generated filter when none is set ([7ffc5e38](https://github.com/dracutdevs/dracut/commit/7ffc5e388bcce20785803825bdd260c3c854b34f))
+    *  update lvm command options ([c0a54f29](https://github.com/dracutdevs/dracut/commit/c0a54f2993b1d3c2101202c274a41f925445d54b))
+* **pcsc:**  introducing the pcsc module ([dcaff88a](https://github.com/dracutdevs/dracut/commit/dcaff88ac942042e3db0a2bbfc1c995ec0735f38))
+* **pkcs11:**
+    *  include the module in the spec file ([c5907f82](https://github.com/dracutdevs/dracut/commit/c5907f82d835d72e4dd7c473a86e872fce37d61e))
+    *  introducing the pkcs11 module ([83ea8cf0](https://github.com/dracutdevs/dracut/commit/83ea8cf001a49356cf7814b3c08bdd1c4b4f2763))
+* **spec:**  add systemd-integritysetup module ([fe8df024](https://github.com/dracutdevs/dracut/commit/fe8df0240a24b9d2d60a5b0b998f82b251ede849))
+* **squash:**  install umount util ([563f5434](https://github.com/dracutdevs/dracut/commit/563f543424c66bf38e6cbd3f489655d45ad9b5c5))
+* **systemd:**  enable support for systemd compiled with ASAN ([d502d2a8](https://github.com/dracutdevs/dracut/commit/d502d2a816ba8f8329b3d8616bd2a7e82a0ad21f))
+* **systemd-integritysetup:**  introducing the systemd-integritysetup module ([33cf47a6](https://github.com/dracutdevs/dracut/commit/33cf47a60870cc290bd5b59c9cf87c54ad37051f))
+
+#### Contributors
+
+- Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+- David Disseldorp <ddiss@suse.de>
+- Martin Wilck <mwilck@suse.de>
+- Jóhann B. Guðmundsson <johannbg@gmail.com>
+- Shreenidhi Shedi <sshedi@vmware.com>
+- David Teigland <teigland@redhat.com>
+- Beniamino Galvani <bgalvani@redhat.com>
+- Thomas Blume <thomas.blume@suse.com>
+- Kairui Song <kasong@redhat.com>
+- Laszlo Gombos <laszlo.gombos@gmail.com>
+- Renaud Métrich <rmetrich@redhat.com>
+- Dusty Mabe <dusty@dustymabe.com>
+- Masahiro Matsuya <mmatsuya@redhat.com>
+- Alexander Wenzel <alexander.wenzel@qbeyond.de>
+- Andre Russ <andre.russ@sap.com>
+- Cornelius Hoffmann <coding@hoffmn.de>
+- David Tardon <dtardon@redhat.com>
+- Frantisek Sumsal <frantisek@sumsal.cz>
+- Harald Hoyer <harald@profian.com>
+- José María Fernández <josemariafg@gmail.com>
+- Kairui Song <kasong@tencent.com>
+- Peter Robinson <pbrobinson@fedoraproject.org>
+- Pingfan Liu <piliu@redhat.com>
+- Tony Asleson <tasleson@redhat.com>
+- Zoltán Böszörményi <zboszor@gmail.com>
+- Adrien Thierry <athierry@redhat.com>
+- Alexander Tsoy <alexander@tsoy.me>
+- Andreas Schwab <schwab@suse.de>
+- Andrey Sokolov <keremet@altlinux.org>
+- Brandon Sloane <btsloane@verizon.net>
+- Charles Rose <charles.rose@dell.com>
+- Coiby Xu <coxu@redhat.com>
+- Dan Horák <dhorak@redhat.com>
+- Dirk Müller <dirk@dmllr.de>
+- Glenn Morris <rgm@stanford.edu>
+- Hans de Goede <hdegoede@redhat.com>
+- Hari Bathini <hbathini@linux.ibm.com>
+- Henrik Gombos <henrik99999@gmail.com>
+- Jonathan Lebon <jonathan@jlebon.com>
+- LinkTed <link.ted@mailbox.org>
+- Lubomir Rintel <lkundrak@v3.sk>
+- Luca BRUNO <luca.bruno@coreos.com>
+- Lukas Nykryn <lnykryn@redhat.com>
+- Matthias Berndt <matthias_berndt@gmx.de>
+- Mike Gilbert <floppym@gentoo.org>
+- Pavel Valena <pvalena@redhat.com>
+- Stefan Berger <stefanb@linux.ibm.com>
+- Thomas Haller <thaller@redhat.com>
+- Tomasz Paweł Gajc <tpgxyz@gmail.com>
+- Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+- joshuacov1 <joshuacov@gmail.com>
+- lapseofreason <lapseofreason0@gmail.com>
+
 dracut-055
 ==========
 

configure

@@ -6,6 +6,7 @@ echo \#buildapi-variable-no-builddir > /dev/null
 prefix=/usr
 
 enable_documentation=yes
+enable_dracut_cpio=no
 
 CC="${CC:-cc}"
 PKG_CONFIG="${PKG_CONFIG:-pkg-config}"
@@ -48,6 +49,7 @@ while (($# > 0)); do
         --infodir) read_arg infodir "$@" || shift ;;
         --systemdsystemunitdir) read_arg systemdsystemunitdir "$@" || shift ;;
         --bashcompletiondir) read_arg bashcompletiondir "$@" || shift ;;
+        --enable-dracut-cpio) enable_dracut_cpio=yes ;;
         *) echo "Ignoring unknown option '$1'" ;;
     esac
     shift
@@ -102,6 +104,15 @@ if test $found = no; then
     exit 1
 fi
 
+if test "$enable_dracut_cpio" = "yes"; then
+    cargo --version > /dev/null
+    ret=$?
+    if test $ret -ne 0; then
+        echo "dracut couldn't find cargo for dracut-cpio build"
+        exit 1
+    fi
+fi
+
 cat > Makefile.inc.$$ << EOF
 prefix ?= ${prefix}
 libdir ?= ${libdir:-${prefix}/lib}
@@ -110,6 +121,7 @@ sysconfdir ?= ${sysconfdir:-${prefix}/etc}
 sbindir ?= ${sbindir:-${prefix}/sbin}
 mandir ?= ${mandir:-${prefix}/share/man}
 enable_documentation ?= ${enable_documentation:-yes}
+enable_dracut_cpio ?= ${enable_dracut_cpio}
 bindir ?= ${bindir:-${prefix}/bin}
 KMOD_CFLAGS ?= $(${PKG_CONFIG} --cflags " libkmod >= 23 ")
 KMOD_LIBS ?= $(${PKG_CONFIG} --libs " libkmod >= 23 ")

docs/CODE_OF_CONDUCT.md

@@ -40,7 +40,7 @@ This Code of Conduct applies within all community spaces, and also applies when
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@redhat.com>. 
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement Harald Hoyer <harald@profian.com>. 
 All complaints will be reviewed and investigated promptly and fairly and will result in a response that is deemed necessary and appropriate to the circumstances.
 Project maintainers are obligated to respect the privacy and security of the reporter of any incident.
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

docs/SECURITY.md

@@ -1,3 +1,3 @@
 Security is very important to us. If you discover any issue regarding security, we'd appreciate a non-public disclosure of
-the information, so  please disclose the information responsibly by sending an email to Harald Hoyer harald@redhat.com and not by creating a GitHub issue. 
+the information, so  please disclose the information responsibly by sending an email to Harald Hoyer <harald@profian.com> and not by creating a GitHub issue. 
 We will respond swiftly to fix verifiable security issues with the disclosure being coordinated with distributions and relevant security teams.

dracut-functions.sh

@@ -617,6 +617,27 @@ for_each_host_dev_and_slaves() {
     return 1
 }
 
+# /sys/dev/block/major:minor is symbol link to real hardware device
+# go downstream $(realpath /sys/dev/block/major:minor) to detect driver
+get_blockdev_drv_through_sys() {
+    local _block_mods=""
+    local _path
+
+    _path=$(realpath "$1")
+    while true; do
+        if [[ -L "$_path"/driver/module ]]; then
+            _mod=$(realpath "$_path"/driver/module)
+            _mod=$(basename "$_mod")
+            _block_mods="$_block_mods $_mod"
+        fi
+        _path=$(dirname "$_path")
+        if [[ $_path == '/sys/devices' ]] || [[ $_path == '/' ]]; then
+            break
+        fi
+    done
+    echo "$_block_mods"
+}
+
 # ugly workaround for the lvm design
 # There is no volume group device,
 # so, there are no slave devices for volume groups.
@@ -762,13 +783,29 @@ btrfs_devs() {
 iface_for_remote_addr() {
     # shellcheck disable=SC2046
     set -- $(ip -o route get to "$1")
-    echo "$3"
+    while [ $# -gt 0 ]; do
+        case $1 in
+            dev)
+                echo "$2"
+                return
+                ;;
+        esac
+        shift
+    done
 }
 
 local_addr_for_remote_addr() {
     # shellcheck disable=SC2046
     set -- $(ip -o route get to "$1")
-    echo "$5"
+    while [ $# -gt 0 ]; do
+        case $1 in
+            src)
+                echo "$2"
+                return
+                ;;
+        esac
+        shift
+    done
 }
 
 peer_for_addr() {
@@ -924,5 +961,29 @@ block_is_netdevice() {
 
 # get the corresponding kernel modules of a /sys/class/*/* or/dev/* device
 get_dev_module() {
-    udevadm info -a "$1" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p'
+    local dev_attr_walk
+    local dev_drivers
+    dev_attr_walk=$(udevadm info -a "$1")
+    dev_drivers=$(echo "$dev_attr_walk" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p')
+    # if no kernel modules found and device is in a virtual subsystem, follow symlinks
+    if [[ -z $dev_drivers && $(udevadm info -q path "$1") == "/devices/virtual"* ]]; then
+        local dev_vkernel
+        local dev_vsubsystem
+        local dev_vpath
+        dev_vkernel=$(echo "$dev_attr_walk" | sed -n 's/\s*KERNELS=="\(\S\+\)"/\1/p' | tail -1)
+        dev_vsubsystem=$(echo "$dev_attr_walk" | sed -n 's/\s*SUBSYSTEMS=="\(\S\+\)"/\1/p' | tail -1)
+        dev_vpath="/sys/devices/virtual/$dev_vsubsystem/$dev_vkernel"
+        if [[ -n $dev_vkernel && -n $dev_vsubsystem && -d $dev_vpath ]]; then
+            local dev_links
+            local dev_link
+            dev_links=$(find "$dev_vpath" -maxdepth 1 -type l ! -name "subsystem" -exec readlink {} \;)
+            for dev_link in $dev_links; do
+                [[ -n $dev_drivers && ${dev_drivers: -1} != $'\n' ]] && dev_drivers+=$'\n'
+                dev_drivers+=$(udevadm info -a "$dev_vpath/$dev_link" \
+                    | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p' \
+                    | grep -v -e pcieport)
+            done
+        fi
+    fi
+    echo "$dev_drivers"
 }

dracut-init.sh

@@ -423,7 +423,7 @@ inst_rule_programs() {
     done
 }
 
-# attempt to install any programs specified in a udev rule
+# attempt to create any groups and users specified in a udev rule
 inst_rule_group_owner() {
     local i
 

dracut-initramfs-restore.sh

@@ -6,28 +6,44 @@ set -e
 [ -e /run/initramfs/bin/sh ] && exit 0
 [ -e /run/initramfs/.need_shutdown ] || exit 0
 
+# SIGTERM signal is received upon forced shutdown: ignore the signal
+# We want to remain alive to be able to trap unpacking errors to avoid
+# switching root to an incompletely unpacked initramfs
+trap 'echo "Received SIGTERM signal, ignoring!" >&2' TERM
+
 KERNEL_VERSION="$(uname -r)"
 
 [[ $dracutbasedir ]] || dracutbasedir=/usr/lib/dracut
 SKIP="$dracutbasedir/skipcpio"
 [[ -x $SKIP ]] || SKIP="cat"
 
-[[ -f /etc/machine-id ]] && read -r MACHINE_ID < /etc/machine-id
+if [[ -d /efi/Default ]] || [[ -d /boot/Default ]] || [[ -d /boot/efi/Default ]]; then
+    MACHINE_ID="Default"
+elif [[ -f /etc/machine-id ]]; then
+    read -r MACHINE_ID < /etc/machine-id
+else
+    MACHINE_ID="Default"
+fi
 
 mount -o ro /boot &> /dev/null || true
 
-if [[ -d /efi/loader/entries || -L /efi/loader/entries ]] \
-    && [[ $MACHINE_ID ]] \
-    && [[ -d /efi/${MACHINE_ID} || -L /efi/${MACHINE_ID} ]]; then
+if [[ -d /efi/loader/entries ]] || [[ -L /efi/loader/entries ]] \
+    || [[ -d /efi/$MACHINE_ID ]] || [[ -L /efi/$MACHINE_ID ]]; then
     IMG="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
-elif [[ -d /boot/loader/entries || -L /boot/loader/entries ]] \
-    && [[ $MACHINE_ID ]] \
-    && [[ -d /boot/${MACHINE_ID} || -L /boot/${MACHINE_ID} ]]; then
+elif [[ -d /boot/loader/entries ]] || [[ -L /boot/loader/entries ]] \
+    || [[ -d /boot/$MACHINE_ID ]] || [[ -L /boot/$MACHINE_ID ]]; then
     IMG="/boot/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
-elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
-    IMG="/boot/initramfs-${KERNEL_VERSION}.img"
+elif [[ -d /boot/efi/loader/entries ]] || [[ -L /boot/efi/loader/entries ]] \
+    || [[ -d /boot/efi/$MACHINE_ID ]] || [[ -L /boot/efi/$MACHINE_ID ]]; then
+    IMG="/boot/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
 elif [[ -f /lib/modules/${KERNEL_VERSION}/initrd ]]; then
     IMG="/lib/modules/${KERNEL_VERSION}/initrd"
+elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
+    IMG="/boot/initramfs-${KERNEL_VERSION}.img"
+elif mountpoint -q /efi; then
+    IMG="/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
+elif mountpoint -q /boot/efi; then
+    IMG="/boot/efi/$MACHINE_ID/$KERNEL_VERSION/initrd"
 else
     echo "No initramfs image found to restore!"
     exit 1
@@ -35,13 +51,13 @@ fi
 
 cd /run/initramfs
 
-if $SKIP "$IMG" | zcat | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | xzcat | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | lz4 -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
-    rm -f -- .need_shutdown
-elif $SKIP "$IMG" | zstd -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
+if $SKIP "$IMG" | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | zcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | bzcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | xzcat | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | lz4 -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | lzop -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null \
+    || $SKIP "$IMG" | zstd -d -c | cpio -id --no-absolute-filenames --quiet > /dev/null; then
     rm -f -- .need_shutdown
 else
     # something failed, so we clean up

dracut.conf.d/fedora.conf.example

@@ -22,7 +22,7 @@ dbusconfdir=/etc/dbus-1
 dbusinterfacesconfdir=/etc/dbus-1/interfaces
 dbusservicesconfdir=/etc/dbus-1/services
 dbussessionconfdir=/etc/dbus-1/session.d
-dbussystem=confdir/etc/dbus-1/system.d
+dbussystemconfdir=/etc/dbus-1/system.d
 dbussystemservicesconfdir=/etc/dbus-1/system-services
 sysctld=/usr/lib/sysctl.d
 sysctlconfdir=/etc/sysctl.d

dracut.conf.d/suse.conf.example

@@ -7,7 +7,7 @@
 hostonly="yes"
 hostonly_cmdline="yes"
 
-compress="xz -0 --check=crc32 --memlimit-compress=50%"
+compress="zstd"
 
 i18n_vars="/etc/sysconfig/language:RC_LANG-LANG,RC_LC_ALL-LC_ALL /etc/sysconfig/console:CONSOLE_UNICODEMAP-FONT_UNIMAP,CONSOLE_FONT-FONT,CONSOLE_SCREENMAP-FONT_MAP /etc/sysconfig/keyboard:KEYTABLE-KEYMAP"
 omit_drivers+=" i2o_scsi "

dracut.sh

@@ -111,6 +111,8 @@ Creates initial ramdisk images for preloading modules
   --no-early-microcode  Do not combine early microcode with ramdisk
   --kernel-cmdline [PARAMETERS] Specify default kernel command line parameters
   --strip               Strip binaries in the initramfs
+  --aggresive-strip     Strip more than just debug symbol and sections,
+                        for a smaller initramfs build.
   --nostrip             Do not strip binaries in the initramfs
   --hardlink            Hardlink files in the initramfs
   --nohardlink          Do not hardlink files in the initramfs
@@ -226,6 +228,7 @@ Creates initial ramdisk images for preloading modules
                          otherwise you will not be able to boot.
   --no-compress         Do not compress the generated initramfs.  This will
                          override any other compression options.
+  --enhanced-cpio       Attempt to reflink cpio file data using dracut-cpio.
   --list-modules        List all available dracut modules.
   -M, --show-modules    Print included module's name to standard output during
                          build.
@@ -378,6 +381,7 @@ rearrange_params() {
             --long print-cmdline \
             --long kernel-cmdline: \
             --long strip \
+            --long aggresive-strip \
             --long nostrip \
             --long hardlink \
             --long nohardlink \
@@ -412,6 +416,7 @@ rearrange_params() {
             --long zstd \
             --long no-compress \
             --long gzip \
+            --long enhanced-cpio \
             --long list-modules \
             --long show-modules \
             --long keep \
@@ -695,6 +700,7 @@ while :; do
             early_microcode_l="no"
             ;;
         --strip) do_strip_l="yes" ;;
+        --aggresive-strip) aggresive_strip_l="yes" ;;
         --nostrip) do_strip_l="no" ;;
         --hardlink) do_hardlink_l="yes" ;;
         --nohardlink) do_hardlink_l="no" ;;
@@ -770,6 +776,7 @@ while :; do
         --zstd) compress_l="zstd" ;;
         --no-compress) _no_compress_l="cat" ;;
         --gzip) compress_l="gzip" ;;
+        --enhanced-cpio) enhanced_cpio_l="yes" ;;
         --list-modules) do_list="yes" ;;
         -M | --show-modules)
             show_modules_l="yes"
@@ -875,7 +882,7 @@ unset GREP_OPTIONS
 export DRACUT_LOG_LEVEL=warning
 [[ $debug ]] && {
     export DRACUT_LOG_LEVEL=debug
-    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+    export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
     set -x
 }
 
@@ -888,20 +895,26 @@ export DRACUT_LOG_LEVEL=warning
 [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut
 
 # if we were not passed a config file, try the default one
-if [[ ! -f $conffile ]]; then
+if [[ -z $conffile ]]; then
     if [[ $allowlocal ]]; then
         conffile="$dracutbasedir/dracut.conf"
     else
         conffile="$dracutsysrootdir/etc/dracut.conf"
     fi
+elif [[ ! -f $conffile ]]; then
+    printf "%s\n" "dracut: Configuration file '$conffile' not found." >&2
+    exit 1
 fi
 
-if [[ ! -d $confdir ]]; then
+if [[ -z $confdir ]]; then
     if [[ $allowlocal ]]; then
         confdir="$dracutbasedir/dracut.conf.d"
     else
         confdir="$dracutsysrootdir/etc/dracut.conf.d"
     fi
+elif [[ ! -d $confdir ]]; then
+    printf "%s\n" "dracut: Configuration directory '$confdir' not found." >&2
+    exit 1
 fi
 
 # source our config file
@@ -960,6 +973,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $drivers_dir_l ]] && drivers_dir=$drivers_dir_l
 [[ $do_strip_l ]] && do_strip=$do_strip_l
 [[ $do_strip ]] || do_strip=yes
+[[ $aggresive_strip_l ]] && aggresive_strip=$aggresive_strip_l
 [[ $do_hardlink_l ]] && do_hardlink=$do_hardlink_l
 [[ $do_hardlink ]] || do_hardlink=yes
 [[ $prefix_l ]] && prefix=$prefix_l
@@ -982,6 +996,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $tmpdir ]] || tmpdir="$dracutsysrootdir"/var/tmp
 [[ $INITRD_COMPRESS ]] && compress=$INITRD_COMPRESS
 [[ $compress_l ]] && compress=$compress_l
+[[ $enhanced_cpio_l ]] && enhanced_cpio=$enhanced_cpio_l
 [[ $show_modules_l ]] && show_modules=$show_modules_l
 [[ $nofscks_l ]] && nofscks="yes"
 [[ $ro_mnt_l ]] && ro_mnt="yes"
@@ -1188,6 +1203,19 @@ else
     exit 1
 fi
 
+if [[ $enhanced_cpio == "yes" ]]; then
+    enhanced_cpio="$dracutbasedir/dracut-cpio"
+    if [[ -x $enhanced_cpio ]]; then
+        # align based on statfs optimal transfer size
+        cpio_align=$(stat --file-system -c "%s" -- "$initdir")
+    else
+        dinfo "--enhanced-cpio ignored due to lack of dracut-cpio"
+        unset enhanced_cpio
+    fi
+else
+    unset enhanced_cpio
+fi
+
 # shellcheck disable=SC2154
 if [[ $no_kernel != yes ]] && ! [[ -d $srcmods ]]; then
     printf "%s\n" "dracut: Cannot find module directory $srcmods" >&2
@@ -1277,23 +1305,6 @@ if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then
         else
             dwarn "$srcmods/modules.dep is missing. Did you run depmod?"
         fi
-    elif ! (command -v gzip &> /dev/null && command -v xz &> /dev/null); then
-        read -r _mod < "$srcmods"/modules.dep
-        _mod=${_mod%%:*}
-        if [[ -f $srcmods/"$_mod" ]]; then
-            # Check, if kernel modules are compressed, and if we can uncompress them
-            case "$_mod" in
-                *.ko.gz) kcompress=gzip ;;
-                *.ko.xz) kcompress=xz ;;
-                *.ko.zst) kcompress=zstd ;;
-            esac
-            if [[ $kcompress ]]; then
-                if ! command -v "$kcompress" &> /dev/null; then
-                    dfatal "Kernel modules are compressed with $kcompress, but $kcompress is not available."
-                    exit 1
-                fi
-            fi
-        fi
     fi
 fi
 
@@ -2067,9 +2078,11 @@ for ((i = 0; i < ${#include_src[@]}; i++)); do
             # check for preexisting symlinks, so we can cope with the
             # symlinks to $prefix
             # Objectname is a file or a directory
+            reset_dotglob="$(shopt -p dotglob)"
+            shopt -q -s dotglob
             for objectname in "$src"/*; do
                 [[ -e $objectname || -L $objectname ]] || continue
-                if [[ -d $objectname ]]; then
+                if [[ -d $objectname ]] && [[ ! -L $objectname ]]; then
                     # objectname is a directory, let's compute the final directory name
                     object_destdir=${destdir}/${objectname#$src/}
                     if ! [[ -e $object_destdir ]]; then
@@ -2077,11 +2090,12 @@ for ((i = 0; i < ${#include_src[@]}; i++)); do
                         mkdir -m 0755 -p "$object_destdir"
                         chmod --reference="$objectname" "$object_destdir"
                     fi
-                    $DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/*
+                    $DRACUT_CP -t "$object_destdir" "$dracutsysrootdir$objectname"/.
                 else
                     $DRACUT_CP -t "$destdir" "$dracutsysrootdir$objectname"
                 fi
             done
+            eval "$reset_dotglob"
         elif [[ -e $src ]]; then
             derror "$src is neither a directory nor a regular file"
         else
@@ -2109,6 +2123,13 @@ if [[ $do_strip == yes ]]; then
             do_strip=no
         fi
     done
+
+    if [[ $aggresive_strip ]]; then
+        # `eu-strip` and `strip` both strips all unneeded parts by default
+        strip_args=(-p)
+    else
+        strip_args=(-g -p)
+    fi
 fi
 
 # cleanup empty ldconfig_paths directories
@@ -2249,17 +2270,19 @@ if dracut_module_included "squash"; then
 fi
 
 if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
+    # stripping files negates (dedup) benefits of using reflink
+    [[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink"
     dinfo "*** Stripping files ***"
     find "$initdir" -type f \
         -executable -not -path '*/lib/modules/*.ko' -print0 \
-        | xargs -r -0 $strip_cmd -g -p 2> /dev/null
+        | xargs -r -0 $strip_cmd "${strip_args[@]}" 2> /dev/null
 
     # strip kernel modules, but do not touch signed modules
     find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
         | while read -r -d $'\0' f || [ -n "$f" ]; do
             SIG=$(tail -c 28 "$f" | tr -d '\000')
             [[ $SIG == '~Module signature appended~' ]] || { printf "%s\000" "$f"; }
-        done | xargs -r -0 $strip_cmd -g -p
+        done | xargs -r -0 $strip_cmd "${strip_args[@]}"
     dinfo "*** Stripping files done ***"
 fi
 
@@ -2319,6 +2342,19 @@ if [[ $create_early_cpio == yes ]]; then
     fi
 
     # The microcode blob is _before_ the initramfs blob, not after
+    if [[ -n $enhanced_cpio ]]; then
+        if ! (
+            umask 077
+            cd "$early_cpio_dir/d"
+            find . -print0 | sort -z \
+                | $enhanced_cpio --null ${cpio_owner:+--owner "$cpio_owner"} \
+                    --mtime 0 --data-align "$cpio_align" --truncate-existing \
+                    "${DRACUT_TMPDIR}/initramfs.img"
+        ); then
+            dfatal "dracut-cpio: creation of $outfile failed"
+            exit 1
+        fi
+    else
         if ! (
             umask 077
             cd "$early_cpio_dir/d"
@@ -2330,16 +2366,38 @@ if [[ $create_early_cpio == yes ]]; then
             exit 1
         fi
     fi
+fi
+
+if check_kernel_config CONFIG_RD_ZSTD; then
+    DRACUT_KERNEL_RD_ZSTD=yes
+else
+    DRACUT_KERNEL_RD_ZSTD=
+fi
+
+if [[ $compress == $DRACUT_COMPRESS_ZSTD* && ! $DRACUT_KERNEL_RD_ZSTD ]]; then
+    dwarn "dracut: kernel has no zstd support compiled in."
+    compress=
+fi
+
+if [[ $compress && $compress != cat ]]; then
+    if ! command -v "${compress%% *}" &> /dev/null; then
+        derror "dracut: cannot execute compression command '$compress', falling back to default"
+        compress=
+    fi
+fi
 
 if ! [[ $compress ]]; then
     # check all known compressors, if none specified
-    for i in $DRACUT_COMPRESS_PIGZ $DRACUT_COMPRESS_GZIP $DRACUT_COMPRESS_LZ4 $DRACUT_COMPRESS_LZOP $ $DRACUT_COMPRESS_ZSTD $DRACUT_COMPRESS_LZMA $DRACUT_COMPRESS_XZ $DRACUT_COMPRESS_LBZIP2 $OMPRESS_BZIP2 $DRACUT_COMPRESS_CAT; do
+    for i in $DRACUT_COMPRESS_PIGZ $DRACUT_COMPRESS_GZIP $DRACUT_COMPRESS_LZ4 $DRACUT_COMPRESS_LZOP $DRACUT_COMPRESS_ZSTD $DRACUT_COMPRESS_LZMA $DRACUT_COMPRESS_XZ $DRACUT_COMPRESS_LBZIP2 $DRACUT_COMPRESS_BZIP2 $DRACUT_COMPRESS_CAT; do
+        [[ $i != "$DRACUT_COMPRESS_ZSTD" || $DRACUT_KERNEL_RD_ZSTD ]] || continue
         command -v "$i" &> /dev/null || continue
         compress="$i"
         break
     done
     if [[ $compress == cat ]]; then
-        printf "%s\n" "dracut: no compression tool available. Initramfs image is going to be big." >&2
+        dwarn "dracut: no compression tool available. Initramfs image is going to be big."
+    else
+        dinfo "dracut: using auto-determined compression method '$compress'"
     fi
 fi
 
@@ -2378,6 +2436,31 @@ case $compress in
         ;;
 esac
 
+if [[ -n $enhanced_cpio ]]; then
+    if [[ $compress == "cat" ]]; then
+        # dracut-cpio appends by default, so any ucode remains
+        cpio_outfile="${DRACUT_TMPDIR}/initramfs.img"
+    else
+        ddebug "$compress compression enabled alongside cpio reflink"
+        # dracut-cpio doesn't output to stdout, so stage for compression
+        cpio_outfile="${DRACUT_TMPDIR}/initramfs.img.uncompressed"
+    fi
+
+    if ! (
+        umask 077
+        cd "$initdir"
+        find . -print0 | sort -z \
+            | $enhanced_cpio --null ${cpio_owner:+--owner "$cpio_owner"} \
+                --mtime 0 --data-align "$cpio_align" "$cpio_outfile" || exit 1
+        [[ $compress == "cat" ]] && exit 0
+        $compress < "$cpio_outfile" >> "${DRACUT_TMPDIR}/initramfs.img" \
+            && rm "$cpio_outfile"
+    ); then
+        dfatal "dracut-cpio: creation of $outfile failed"
+        exit 1
+    fi
+    unset cpio_outfile
+else
     if ! (
         umask 077
         cd "$initdir"
@@ -2388,6 +2471,7 @@ if ! (
         dfatal "dracut: creation of $outfile failed"
         exit 1
     fi
+fi
 
 # shellcheck disable=SC2154
 if ((maxloglvl >= 5)) && ((verbosity_mod_l >= 0)); then

man/dracut.8.asc

@@ -530,6 +530,15 @@ will not be able to boot.
     Specifies the kernel image, which to include in the UEFI executable. The default is
     _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or _/boot/vmlinuz-<KERNEL-VERSION>_
 
+**--enhanced-cpio**::
+    Attempt to use the dracut-cpio binary, which optimizes archive creation for
+    copy-on-write filesystems by using the copy_file_range(2) syscall via Rust's
+    io::copy(). When specified, initramfs archives are also padded to ensure
+    optimal data alignment for extent sharing. To retain reflink data
+    deduplication benefits, this should be used alongside the **--no-compress**
+    and **--no-strip** parameters, with initramfs source files, **--tmpdir**
+    staging area and destination all on the same copy-on-write capable filesystem.
+
 ENVIRONMENT
 -----------
 

man/dracut.asc

@@ -1,7 +1,7 @@
 dracut {mainversion}
 ====================
 :author: Harald Hoyer
-:email: harald@redhat.com
+:email: harald@profian.com
 :revnumber: {version}
 :language: bash
 

man/dracut.cmdline.7.asc

@@ -151,7 +151,7 @@ Misc
 
 **rd.retry=**__<seconds>__::
     specify how long dracut should retry the initqueue to configure devices.
-    The default is 30 seconds. After 2/3 of the time, degraded raids are force
+    The default is 180 seconds. After 2/3 of the time, degraded raids are force
     started. If you have hardware, which takes a very long time to announce its
     drives, you might want to extend this value.
 
@@ -575,6 +575,11 @@ USB Android phone::
 * enp0s29u1u2
 =====================
 
+The following options are supported by the 'network-legacy' dracut
+module. Other network modules might support a slightly different set of
+options; refer to the documentation of the specific network module in use. For
+NetworkManager, see *nm-initrd-generator*(8).
+
 **ip=**__{dhcp|on|any|dhcp6|auto6|either6|link6|single-dhcp}__::
     dhcp|on|any::: get ip from dhcp server from all interfaces. If netroot=dhcp,
     loop sequentially through all interfaces (eth0, eth1, ...) and use the first

modules.d/00mksh/module-setup.sh

@@ -7,6 +7,7 @@ check() {
 
     # If the binary(s) requirements are not fulfilled the module can't be installed.
     require_binaries mksh || return 1
+    require_binaries printf || return 1
 
     # Return 255 to only include the module, if another module requires it.
     return 255
@@ -25,6 +26,7 @@ depends() {
 install() {
 
     inst /bin/mksh
+    inst printf
 
     # Prefer mksh as default shell if no other shell is preferred.
     [[ -L $initdir/bin/sh ]] || ln -sf mksh "${initdir}/bin/sh"

modules.d/00systemd/module-setup.sh

@@ -213,8 +213,23 @@ install() {
         grep '^systemd-network:' "$dracutsysrootdir"/etc/group 2> /dev/null
     } >> "$initdir/etc/group"
 
-    ln_r "$systemdutildir"/systemd "/init"
-    ln_r "$systemdutildir"/systemd "/sbin/init"
+    local _systemdbinary="$systemdutildir"/systemd
+
+    if ldd "$_systemdbinary" | grep -qw libasan; then
+        local _wrapper="$systemdutildir"/systemd-asan-wrapper
+        cat > "$initdir"/"$_wrapper" << EOF
+#!/bin/sh
+mount -t proc -o nosuid,nodev,noexec proc /proc
+exec $_systemdbinary
+EOF
+        chmod 755 "$initdir"/"$_wrapper"
+        _systemdbinary="$_wrapper"
+        unset _wrapper
+    fi
+    ln_r "$_systemdbinary" "/init"
+    ln_r "$_systemdbinary" "/sbin/init"
+
+    unset _systemdbinary
 
     inst_binary true
     ln_r "$(find_binary true)" "/usr/bin/loginctl"

modules.d/01fips/fips-noboot.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
 if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then
     rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1
 elif [ -z "$fipsmode" ]; then

modules.d/01fips/fips.sh

@@ -79,6 +79,7 @@ nonfatal_modprobe() {
 fips_load_crypto() {
     local _k
     local _v
+    local _module
     local _found
 
     FIPSMODULES=$(cat /etc/fipsmodules)
@@ -108,11 +109,10 @@ fips_load_crypto() {
 }
 
 do_fips() {
-    local _v
-    local _module
-
     KERNEL=$(uname -r)
 
+    if ! getarg rd.fips.skipkernel > /dev/null; then
+
         fips_info "Checking integrity of kernel"
         if [ -e "/run/initramfs/live/vmlinuz0" ]; then
             do_rhevh_check /run/initramfs/live/vmlinuz0 || return 1
@@ -124,6 +124,21 @@ do_fips() {
         else
             BOOT_IMAGE="$(getarg BOOT_IMAGE)"
 
+            # On s390x, BOOT_IMAGE isn't a path but an integer representing the
+            # entry number selected. Let's try the root of /boot first, and
+            # otherwise fallback to trying to parse the BLS entries if it's a
+            # BLS-based system.
+            if [ "$(uname -m)" = s390x ]; then
+                if [ -e "/boot/vmlinuz-${KERNEL}" ]; then
+                    BOOT_IMAGE="vmlinuz-${KERNEL}"
+                elif [ -d /boot/loader/entries ]; then
+                    bls=$(find /boot/loader/entries -name '*.conf' | sort -rV | sed -n "$((BOOT_IMAGE + 1))p")
+                    if [ -e "${bls}" ]; then
+                        BOOT_IMAGE=$(grep ^linux "${bls}" | cut -d' ' -f2)
+                    fi
+                fi
+            fi
+
             # Trim off any leading GRUB boot device (e.g. ($root) )
             BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')"
 
@@ -151,6 +166,7 @@ do_fips() {
 
             (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
         fi
+    fi
 
     fips_info "All initrd crypto checks done"
 

modules.d/01fips/module-setup.sh

@@ -67,7 +67,7 @@ install() {
     inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
     inst_script "$moddir/fips.sh" /sbin/fips.sh
 
-    inst_multiple sha512hmac rmmod insmod mount uname umount
+    inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort
 
     inst_simple /etc/system-fips
     [ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \
@@ -78,7 +78,7 @@ install() {
         }
     [ -c "${initdir}"/dev/urandom ] || mknod "${initdir}"/dev/urandom c 1 9 \
         || {
-            dfatal "Cannot create /dev/random"
+            dfatal "Cannot create /dev/urandom"
             dfatal "To create an initramfs with fips support, dracut has to run as root"
             return 1
         }

modules.d/01systemd-coredump/module-setup.sh

@@ -37,6 +37,7 @@ install() {
         "$systemdsystemunitdir"/systemd-coredump.socket \
         "$systemdsystemunitdir"/systemd-coredump@.service \
         "$systemdsystemunitdir"/sockets.target.wants/systemd-coredump.socket \
+        "$sysusers"/systemd-coredump.conf \
         coredumpctl
 
     # Install the hosts local user configurations if enabled.
@@ -48,6 +49,7 @@ install() {
             "$systemdsystemconfdir/systemd-coredump.socket.d/*.conf" \
             "$systemdsystemconfdir"/systemd-coredump@.service \
             "$systemdsystemconfdir/systemd-coredump@.service.d/*.conf" \
-            "$systemdsystemconfdir"/sockets.target.wants/systemd-coredump.socket
+            "$systemdsystemconfdir"/sockets.target.wants/systemd-coredump.socket \
+            "$sysusersconfdir"/systemd-coredump.conf
     fi
 }

modules.d/01systemd-integritysetup/module-setup.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd dm
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+installkernel() {
+    instmods dm-integrity
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    inst_multiple -o \
+        "$systemdutildir"/systemd-integritysetup \
+        "$systemdutildir"/system-generators/systemd-integritysetup-generator \
+        "$systemdsystemunitdir"/integritysetup-pre.target \
+        "$systemdsystemunitdir"/integritysetup.target \
+        "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/integritytab \
+            "$systemdsystemconfdir"/integritysetup.target \
+            "$systemdsystemconfdir/integritysetup.target.wants/*.target" \
+            "$systemdsystemconfdir"/integritysetup-pre.target \
+            "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \
+            "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \
+            "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target"
+    fi
+
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*"
+
+}

modules.d/01systemd-journald/module-setup.sh

@@ -47,6 +47,7 @@ install() {
         "$systemdsystemunitdir"/sockets.target.wants/systemd-journald.socket \
         "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-audit.socket \
         "$systemdsystemunitdir"/sysinit.target.wants/systemd-journald.service \
+        "$sysusers"/systemd-journal.conf \
         journalctl
 
     # Install library file(s)
@@ -66,7 +67,8 @@ install() {
             "$systemdsystemconfdir"/systemd-journal-flush.service \
             "$systemdsystemconfdir/systemd-journal-flush.service.d/*.conf" \
             "$systemdsystemconfdir"/systemd-journal-catalog-update.service \
-            "$systemdsystemconfdir/systemd-journal-catalog-update.service.d/*.conf"
+            "$systemdsystemconfdir/systemd-journal-catalog-update.service.d/*.conf" \
+            "$sysusersconfdir"/systemd-journal.conf
     fi
 
 }

modules.d/01systemd-networkd/module-setup.sh

@@ -50,6 +50,7 @@ install() {
         "$systemdsystemunitdir"/systemd-network-generator.service \
         "$systemdsystemunitdir"/systemd-networkd-wait-online.service \
         "$systemdsystemunitdir"/systemd-network-generator.service \
+        "$sysusers"/systemd-network.conf \
         networkctl ip
 
     # Enable systemd type units
@@ -74,6 +75,7 @@ install() {
             "$systemdsystemconfdir"/systemd-network-generator.service \
             "$systemdsystemconfdir/systemd-network-generator.service/*.conf" \
             "$systemdsystemconfdir"/systemd-networkd-wait-online.service \
-            "$systemdsystemconfdir/systemd-networkd-wait-online.service/*.conf"
+            "$systemdsystemconfdir/systemd-networkd-wait-online.service/*.conf" \
+            "$sysusersconfdir"/systemd-network.conf
     fi
 }

modules.d/01systemd-resolved/module-setup.sh

@@ -40,6 +40,7 @@ install() {
         "$systemdutildir"/systemd-resolved \
         "$systemdsystemunitdir"/systemd-resolved.service \
         "$systemdsystemunitdir/systemd-resolved.service.d/*.conf" \
+        "$sysusers"/systemd-resolve.conf \
         resolvectl
 
     # Enable systemd type unit(s)
@@ -51,6 +52,7 @@ install() {
             "$systemdutilconfdir"/resolved.conf \
             "$systemdutilconfdir/resolved.conf.d/*.conf" \
             "$systemdsystemconfdir"/systemd-resolved.service \
-            "$systemdsystemconfdir/systemd-resolved.service/*.conf"
+            "$systemdsystemconfdir/systemd-resolved.service/*.conf" \
+            "$sysusersconfdir"/systemd-resolve.conf
     fi
 }

modules.d/01systemd-sysusers/module-setup.sh

@@ -24,6 +24,8 @@ depends() {
 # Install the required file(s) and directories for the module in the initramfs.
 install() {
 
+    inst_simple "$moddir/sysusers-dracut.conf" "$systemdsystemunitdir/systemd-sysusers.service.d/sysusers-dracut.conf"
+
     inst_multiple -o \
         "$sysusers"/basic.conf \
         "$sysusers"/systemd.conf \

modules.d/01systemd-sysusers/sysusers-dracut.conf

@@ -0,0 +1,2 @@
+[Unit]
+ConditionNeedsUpdate=

modules.d/01systemd-timesyncd/module-setup.sh

@@ -42,7 +42,8 @@ install() {
         "$systemdsystemunitdir"/systemd-timesyncd.service \
         "$systemdsystemunitdir/systemd-timesyncd.service.d/*.conf" \
         "$systemdsystemunitdir"/systemd-time-wait-sync.service \
-        "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf"
+        "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \
+        "$sysusers"/systemd-timesync.conf
 
     # Enable systemd type unit(s)
     for i in \
@@ -60,6 +61,7 @@ install() {
             "$systemdsystemconfdir"/systemd-timesyncd.service \
             "$systemdsystemconfdir/systemd-timesyncd.service.d/*.conf" \
             "$systemdsystemunitdir"/systemd-time-wait-sync.service \
-            "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf"
+            "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \
+            "$sysusersconfdir"/systemd-timesync.conf
     fi
 }

modules.d/35network-legacy/ifup.sh

@@ -446,7 +446,11 @@ for p in $(getargs ip=); do
 
     # If this option isn't directed at our interface, skip it
     if [ -n "$dev" ]; then
-        [ "$dev" != "$netif" ] && continue
+        if [ "$dev" != "$netif" ]; then
+            [ ! -e "/sys/class/net/$dev" ] \
+                && warn "Network interface '$dev' does not exist!"
+            continue
+        fi
     else
         iface_is_enslaved "$netif" && continue
     fi

modules.d/35network-legacy/parse-ip-opts.sh

@@ -97,6 +97,11 @@ for p in $(getargs ip=); do
         fi
         # IFACES list for later use
         IFACES="$IFACES $dev"
+
+        # Interface should exist
+        if [ ! -e "/sys/class/net/$dev" ]; then
+            warn "Network interface '$dev' does not exist"
+        fi
     fi
 
     # Do we need to check for specific options?

modules.d/35network-manager/module-setup.sh

@@ -10,7 +10,7 @@ check() {
 
 # called by dracut
 depends() {
-    echo dbus
+    echo dbus bash
     return 0
 }
 
@@ -31,6 +31,7 @@ install() {
 
     inst NetworkManager
     inst_multiple -o /usr/{lib,libexec}/nm-initrd-generator
+    inst_multiple -o /usr/{lib,libexec}/nm-daemon-helper
     inst_multiple -o teamd dhclient
     inst_hook cmdline 99 "$moddir/nm-config.sh"
     if dracut_module_included "systemd"; then
@@ -38,6 +39,11 @@ install() {
         inst "$dbussystem"/org.freedesktop.NetworkManager.conf
         inst_multiple nmcli nm-online
 
+        # teaming support under systemd+dbus
+        inst_multiple -o \
+            "$dbussystem"/teamd.conf \
+            "$dbussystemconfdir"/teamd.conf
+
         # Install a configuration snippet to prevent the automatic creation of
         # "Wired connection #" DHCP connections for Ethernet interfaces
         inst_simple "$moddir"/initrd-no-auto-default.conf /usr/lib/NetworkManager/conf.d/

modules.d/35network-manager/nm-config.sh

@@ -16,6 +16,20 @@ if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
         echo '[logging]'
         echo 'level=TRACE'
     ) > /run/NetworkManager/conf.d/initrd-logging.conf
+
+    if [ -n "$DRACUT_SYSTEMD" ]; then
+        # Enable tty output if a usable console is found
+        # See https://github.com/coreos/fedora-coreos-tracker/issues/943
+        # shellcheck disable=SC2217
+        if [ -w /dev/console ] && (echo < /dev/console) > /dev/null 2> /dev/null; then
+            mkdir -p /run/systemd/system/nm-initrd.service.d
+            cat << EOF > /run/systemd/system/nm-initrd.service.d/tty-output.conf
+[Service]
+StandardOutput=tty
+EOF
+            systemctl --no-block daemon-reload
+        fi
+    fi
 fi
 
 nm_generate_connections

modules.d/35network-manager/nm-initrd.service

@@ -1,8 +1,9 @@
 [Unit]
 DefaultDependencies=no
-Wants=systemd-udev-settle.service
-After=systemd-udev-settle.service
+Wants=systemd-udev-trigger.service
+After=systemd-udev-trigger.service
 After=dracut-cmdline.service
+Wants=network.target
 Before=network.target
 ConditionPathExists=/run/NetworkManager/initrd/neednet
 ConditionPathExistsGlob=|/usr/lib/NetworkManager/system-connections/*
@@ -16,7 +17,9 @@ BusName=org.freedesktop.NetworkManager
 ExecReload=/usr/bin/busctl call org.freedesktop.NetworkManager /org/freedesktop/NetworkManager org.freedesktop.NetworkManager Reload u 0
 ExecStart=/usr/sbin/NetworkManager --debug
 KillMode=process
-StandardOutput=tty
+# The following gets changed to StandardOutput=tty by nm-config.sh
+# when debug is enabled and a usable console is found.
+StandardOutput=null
 Environment=NM_CONFIG_ENABLE_TAG=initrd
 Restart=on-failure
 ProtectSystem=true

modules.d/35network-manager/nm-lib.sh

@@ -28,3 +28,7 @@ nm_generate_connections() {
         done
     fi
 }
+
+nm_reload_connections() {
+    [ -n "$DRACUT_SYSTEMD" ] && systemctl is-active nm-initrd.service && nmcli connection reload
+}

modules.d/35network-manager/nm-run.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 type source_hook > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
@@ -24,11 +24,47 @@ if [ -s /run/NetworkManager/initrd/hostname ]; then
     cat /run/NetworkManager/initrd/hostname > /proc/sys/kernel/hostname
 fi
 
+kf_get_string() {
+    # NetworkManager writes keyfiles (glib's GKeyFile API). Have a naive
+    # parser for it.
+    #
+    # But GKeyFile will backslash escape certain keys (\s, \t, \n) but also
+    # escape backslash. As an approximation, interpret the string with printf's
+    # '%b'.
+    #
+    # This is supposed to mimic g_key_file_get_string() (poorly).
+
+    v1="$(sed -n "s/^$1=/=/p" | sed '1!d')"
+    test "$v1" = "${v1#=}" && return 1
+    printf "%b" "${v1#=}"
+}
+
+kf_unescape() {
+    # Another layer of unescaping. While values in GKeyFile format
+    # are backslash escaped, the original strings (which are in no
+    # defined encoding) are backslash escaped too to be valid UTF-8.
+    # This will undo the second layer of escaping to give binary "strings".
+    printf "%b" "$1"
+}
+
+kf_parse() {
+    v3="$(kf_get_string "$1")" || return 1
+    v3="$(kf_unescape "$v3")"
+    printf '%s=%s\n' "$2" "$(printf '%q' "$v3")"
+}
+
+dhcpopts_create() {
+    kf_parse root-path new_root_path < "$1"
+    kf_parse next-server new_next_server < "$1"
+    kf_parse dhcp-bootfile filename < "$1"
+}
+
 for _i in /sys/class/net/*; do
-    state=/run/NetworkManager/devices/$(cat "$_i"/ifindex)
-    grep -q connection-uuid= "$state" 2> /dev/null || continue
-    ifname=${_i##*/}
-    sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p' < "$state" > /tmp/dhclient."$ifname".dhcpopts
+    [ -d "$_i" ] || continue
+    state="/run/NetworkManager/devices/$(cat "$_i"/ifindex)"
+    grep -q '^connection-uuid=' "$state" 2> /dev/null || continue
+    ifname="${_i##*/}"
+    dhcpopts_create "$state" > /tmp/dhclient."$ifname".dhcpopts
     source_hook initqueue/online "$ifname"
     /sbin/netroot "$ifname"
 done

modules.d/35network-wicked/module-setup.sh

@@ -33,15 +33,23 @@ install() {
 
     inst_dir /etc/wicked/extensions
     inst_dir /usr/share/wicked/schema
+    if [ -d /usr/lib/wicked/bin ]; then
         inst_dir /usr/lib/wicked/bin
+        inst_multiple "/usr/lib/wicked/bin/*"
+    elif [ -d /usr/libexec/wicked/bin ]; then
+        inst_dir /usr/libexec/wicked/bin
+        inst_multiple "/usr/libexec/wicked/bin/*"
+    fi
     inst_dir /var/lib/wicked
 
     inst_multiple "/etc/wicked/*.xml"
     inst_multiple "/etc/wicked/extensions/*"
+    if [ -f /etc/dbus-1/system.d/org.opensuse.Network.conf ]; then
         inst_multiple "/etc/dbus-1/system.d/org.opensuse.Network*"
+    elif [ -f /usr/share/dbus-1/system.d/org.opensuse.Network.conf ]; then
+        inst_multiple "/usr/share/dbus-1/system.d/org.opensuse.Network*"
+    fi
     inst_multiple "/usr/share/wicked/schema/*"
-    inst_multiple "/usr/lib/wicked/bin/*"
-    inst_multiple "/usr/libexec/wicked/bin/*"
     inst_multiple "/usr/sbin/wicked*"
 
     wicked_units=(

modules.d/40network/module-setup.sh

@@ -17,9 +17,9 @@ depends() {
     done
 
     if [ -z "$network_handler" ]; then
-        if [[ -x $dracutsysrootdir$systemdsystemunitdir/wicked.service ]]; then
+        if [[ -e $dracutsysrootdir$systemdsystemunitdir/wicked.service ]]; then
             network_handler="network-wicked"
-        elif [[ -x $dracutsysrootdir/usr/libexec/nm-initrd-generator ]]; then
+        elif [[ -x $dracutsysrootdir/usr/libexec/nm-initrd-generator ]] || [[ -x $dracutsysrootdir/usr/lib/nm-initrd-generator ]]; then
             network_handler="network-manager"
         elif [[ -x $dracutsysrootdir$systemdutildir/systemd-networkd ]]; then
             network_handler="systemd-networkd"

modules.d/40network/net-lib.sh

@@ -295,7 +295,7 @@ ibft_to_cmdline() {
                 # skip not assigned ip adresses
                 [ "$ip" = "0.0.0.0" ] && continue
                 [ -e "${iface}"/gateway ] && read -r gw < "${iface}"/gateway
-                [ "$gateway" = "0.0.0.0" ] && unset gateway
+                [ "$gw" = "0.0.0.0" ] && unset gw
                 [ -e "${iface}"/subnet-mask ] && read -r mask < "${iface}"/subnet-mask
                 [ -e "${iface}"/prefix-len ] && read -r prefix < "${iface}"/prefix-len
                 [ -e "${iface}"/primary-dns ] && read -r dns1 < "${iface}"/primary-dns

modules.d/45ifcfg/write-ifcfg.sh

@@ -103,6 +103,11 @@ interface_bind() {
     local _netif="$1"
     local _macaddr="$2"
 
+    if [ ! -e "/sys/class/net/$_netif" ]; then
+        derror "Cannot find network interface '$_netif'!"
+        return 1
+    fi
+
     # see, if we can bind it to some hw parms
     if hw_bind "$_netif" "$_macaddr"; then
         # only print out DEVICE, if it's user assigned

modules.d/45url-lib/module-setup.sh

@@ -15,10 +15,10 @@ depends() {
 
 # called by dracut
 install() {
-    local _dir _crt _found _lib _nssckbi _p11roots _p11root
+    local _dir _crt _crts _found _lib _nssckbi _p11roots _p11root
     inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
     inst_multiple -o ctorrent
-    inst_multiple curl
+    inst_multiple curl sed
     if curl --version | grep -qi '\bNSS\b'; then
         # also install libs for curl https
         inst_libdir_file "libnsspem.so*"
@@ -29,21 +29,28 @@ install() {
 
     for _dir in $libdirs; do
         [[ -d $dracutsysrootdir$_dir ]] || continue
-        for _lib in "$dracutsysrootdir$_dir"/libcurl.so.*; do
+        for _lib in "$dracutsysrootdir$_dir"/libcurl.so.* "$dracutsysrootdir$_dir"/libcrypto.so.*; do
             [[ -e $_lib ]] || continue
             if ! [[ $_nssckbi ]]; then
                 read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib")
             fi
-            read -r -d '' _crt < <(grep -F --binary-files=text -z .crt "$_lib")
+            read -r -d '' _crt < <(grep -E --binary-files=text -z "\.(pem|crt)" "$_lib" | sed 's/\x0//g')
             [[ $_crt ]] || continue
             [[ $_crt == /*/* ]] || continue
+            if [[ -e $_crt ]]; then
+                _crts="$_crts $_crt"
+                _found=1
+            fi
+        done
+    done
+    if [[ $_found ]] && [[ -n $_crts ]]; then
+        for _crt in $_crts; do
             if ! inst "${_crt#$dracutsysrootdir}"; then
                 dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
                 continue
             fi
-            _found=1
-        done
         done
+    fi
     # If we found no cert bundle files referenced in libcurl but we
     # *did* find a mention of libnssckbi (checked above), install it.
     # If its truly NSS libnssckbi, it includes its own trust bundle,

modules.d/45url-lib/url-lib.sh

@@ -159,7 +159,7 @@ nfs_fetch_url() {
         mntdir="$(mkuniqdir /run nfs_mnt)"
         mount_nfs "$nfs:$server:$filepath${options:+:$options}" "$mntdir"
         # lazy unmount during pre-pivot hook
-        inst_hook --hook pre-pivot --name 99url-lib-umount-nfs umount -l -- "$mntdir"
+        inst_hook --hook pre-pivot --name 99url-lib-umount-nfs-"$(basename "$mntdir")" umount -l -- "$mntdir"
     fi
 
     if [ -z "$outloc" ]; then

modules.d/50drm/module-setup.sh

@@ -29,6 +29,8 @@ installkernel() {
     # as we could e.g. be in the installer; nokmsboot boot parameter will disable
     # loading of the driver if needed
     if [[ $hostonly ]]; then
+        local i modlink modname
+
         for i in /sys/bus/{pci/devices,platform/devices,virtio/devices,soc/devices/soc?}/*/modalias; do
             [[ -e $i ]] || continue
             [[ -n $(< "$i") ]] || continue
@@ -39,7 +41,19 @@ installkernel() {
                 fi
             fi
         done
+        # if there is a privacy screen then its driver must be loaded before the
+        # kms driver will bind, otherwise its probe() will return -EPROBE_DEFER
+        # note privacy screens always register, even with e.g. nokmsboot
+        for i in /sys/class/drm/privacy_screen-*/device/driver/module; do
+            [[ -L $i ]] || continue
+            modlink=$(readlink "$i")
+            modname=$(basename "$modlink")
+            instmods "$modname"
+        done
     else
         dracut_instmods -o -s "drm_crtc_init|drm_dev_register|drm_encoder_init" "=drivers/gpu/drm" "=drivers/staging"
+        # also include privacy screen providers (see above comment)
+        # atm all providers live under drivers/platform/x86
+        dracut_instmods -o -s "drm_privacy_screen_register" "=drivers/platform/x86"
     fi
 }

modules.d/62bluetooth/module-setup.sh

@@ -56,6 +56,7 @@ install() {
     local -a var_lib_files
 
     inst_multiple \
+        "$dbussystem"/bluetooth.conf \
         "${systemdsystemunitdir}/bluetooth.target" \
         "${systemdsystemunitdir}/bluetooth.service" \
         bluetoothctl
@@ -67,9 +68,9 @@ install() {
     if [[ $hostonly ]]; then
         var_lib_files=("$dracutsysrootdir"/var/lib/bluetooth/**)
 
-        inst_multiple \
+        inst_multiple -o \
             /etc/bluetooth/main.conf \
-            /etc/dbus-1/system.d/bluetooth.conf \
+            "$dbussystemconfdir"/bluetooth.conf \
             "${var_lib_files[@]#"$dracutsysrootdir"}"
     fi
 

modules.d/80cms/cmsifup.sh

@@ -34,9 +34,10 @@ fi
 IFACES="$IFACES $DEVICE"
 echo "$IFACES" >> /tmp/net.ifaces
 
-if [ -x /usr/libexec/nm-initrd-generator ]; then
+if [ -x /usr/libexec/nm-initrd-generator ] || [ -x /usr/lib/nm-initrd-generator ]; then
     type nm_generate_connections > /dev/null 2>&1 || . /lib/nm-lib.sh
     nm_generate_connections
+    nm_reload_connections
 else
     exec ifup "$DEVICE"
 fi

modules.d/80cms/module-setup.sh

@@ -27,7 +27,7 @@ install() {
     inst_script "$moddir/cmsifup.sh" /sbin/cmsifup
     # shellcheck disable=SC2046
     inst_multiple /etc/cmsfs-fuse/filetypes.conf /etc/udev/rules.d/99-fuse.rules /etc/fuse.conf \
-        cmsfs-fuse fusermount ulockmgr_server bash insmod rmmod cat normalize_dasd_arg sed \
+        cmsfs-fuse fusermount bash insmod rmmod cat normalize_dasd_arg sed \
         $(rpm -ql s390utils-base) awk getopt
 
     inst_libdir_file "gconv/*"

modules.d/90crypt/cryptroot-ask.sh

@@ -138,8 +138,9 @@ unset allowdiscards
 ask_passphrase=1
 
 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then
+    # shellcheck disable=SC2086
     if readkey "$luksfile" / "$device" \
-        | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname"; then
+        | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then
         ask_passphrase=0
     fi
 elif [ "$is_keysource" -ne 0 ]; then
@@ -164,8 +165,9 @@ else
         unset tmp
 
         info "Using '$keypath' on '$keydev'"
+        # shellcheck disable=SC2086
         readkey "$keypath" "$keydev" "$device" \
-            | cryptsetup -d - "$cryptsetupopts" luksOpen "$device" "$luksname" \
+            | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" \
             && ask_passphrase=0
         unset keypath keydev
         break

modules.d/90crypt/module-setup.sh

@@ -18,7 +18,20 @@ check() {
 
 # called by dracut
 depends() {
-    echo dm rootfs-block
+    local deps
+    deps="dm rootfs-block"
+    if [[ $hostonly && -f "$dracutsysrootdir"/etc/crypttab ]]; then
+        if grep -q -e "fido2-device=" -e "fido2-cid=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" fido2"
+        fi
+        if grep -q "pkcs11-uri" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" pkcs11"
+        fi
+        if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" tpm2-tss"
+        fi
+    fi
+    echo "$deps"
     return 0
 }
 

modules.d/90dmsquash-live-ntfs/module-setup.sh

@@ -13,7 +13,7 @@ depends() {
 }
 
 install() {
-    inst_multiple fusermount ulockmgr_server mount.fuse ntfs-3g
+    inst_multiple fusermount mount.fuse ntfs-3g
     dracut_need_initqueue
 }
 

modules.d/90dmsquash-live/dmsquash-live-root.sh

@@ -129,11 +129,9 @@ do_live_overlay() {
     # need to know where to look for the overlay
     if [ -z "$setup" -a -n "$devspec" -a -n "$pathspec" -a -n "$overlay" ]; then
         mkdir -m 0755 -p /run/initramfs/overlayfs
-        opt=''
-        [ -n "$readonly_overlay" ] && opt=-r
         mount -n -t auto "$devspec" /run/initramfs/overlayfs || :
         if [ -f /run/initramfs/overlayfs$pathspec -a -w /run/initramfs/overlayfs$pathspec ]; then
-            OVERLAY_LOOPDEV=$(losetup -f --show $opt /run/initramfs/overlayfs$pathspec)
+            OVERLAY_LOOPDEV=$(losetup -f --show ${readonly_overlay:+-r} /run/initramfs/overlayfs$pathspec)
             over=$OVERLAY_LOOPDEV
             umount -l /run/initramfs/overlayfs || :
             oltype=$(det_img_fs "$OVERLAY_LOOPDEV")
@@ -148,11 +146,11 @@ do_live_overlay() {
                 fi
                 setup="yes"
             else
-                mount -n -t "$oltype" $opt "$OVERLAY_LOOPDEV" /run/initramfs/overlayfs
+                mount -n -t "$oltype" ${readonly_overlay:+-r} "$OVERLAY_LOOPDEV" /run/initramfs/overlayfs
                 if [ -d /run/initramfs/overlayfs/overlayfs ] \
                     && [ -d /run/initramfs/overlayfs/ovlwork ]; then
-                    ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs$opt
-                    ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork$opt
+                    ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs${readonly_overlay:+-r}
+                    ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork${readonly_overlay:+-r}
                     if [ -z "$overlayfs" ] && [ -n "$DRACUT_SYSTEMD" ]; then
                         reloadsysrootmountunit=":>/xor_overlayfs;"
                     fi
@@ -162,8 +160,8 @@ do_live_overlay() {
             fi
         elif [ -d /run/initramfs/overlayfs$pathspec ] \
             && [ -d /run/initramfs/overlayfs$pathspec/../ovlwork ]; then
-            ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs$opt
-            ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork$opt
+            ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs${readonly_overlay:+-r}
+            ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork${readonly_overlay:+-r}
             if [ -z "$overlayfs" ] && [ -n "$DRACUT_SYSTEMD" ]; then
                 reloadsysrootmountunit=":>/xor_overlayfs;"
             fi
@@ -212,8 +210,6 @@ do_live_overlay() {
             fi
         fi
         if [ -n "$overlayfs" ]; then
-            mkdir -m 0755 -p /run/overlayfs
-            mkdir -m 0755 -p /run/ovlwork
             if [ -n "$readonly_overlay" ] && ! [ -h /run/overlayfs-r ]; then
                 info "No persistent overlay found."
                 unset -v readonly_overlay
@@ -336,13 +332,13 @@ if [ -n "$FSIMG" ]; then
         fi
         FSIMG=/run/initramfs/fsimg/rootfs.img
     fi
-    opt=-r
     # For writable DM images...
+    readonly_base=1
     if [ -z "$SQUASHED" -a -n "$live_ram" -a -z "$overlayfs" ] \
         || [ -n "$writable_fsimg" ] \
         || [ "$overlay" = none -o "$overlay" = None -o "$overlay" = NONE ]; then
         if [ -z "$readonly_overlay" ]; then
-            opt=''
+            unset readonly_base
             setup=rw
         else
             setup=yes
@@ -351,7 +347,7 @@ if [ -n "$FSIMG" ]; then
     if [ "$FSIMG" = "$SQUASHED" ]; then
         BASE_LOOPDEV=$SQUASHED_LOOPDEV
     else
-        BASE_LOOPDEV=$(losetup -f --show "$opt" $FSIMG)
+        BASE_LOOPDEV=$(losetup -f --show ${readonly_base:+-r} $FSIMG)
         sz=$(blockdev --getsz "$BASE_LOOPDEV")
     fi
     if [ "$setup" = rw ]; then
@@ -370,7 +366,14 @@ fi
 ROOTFLAGS="$(getarg rootflags)"
 
 if [ -n "$overlayfs" ]; then
+    if [ -n "$FSIMG" ]; then
         mkdir -m 0755 -p /run/rootfsbase
+        mount -r $FSIMG /run/rootfsbase
+    else
+        ln -sf /run/initramfs/live /run/rootfsbase
+    fi
+    mkdir -m 0755 -p /run/overlayfs
+    mkdir -m 0755 -p /run/ovlwork
     if [ -n "$reset_overlay" ] && [ -h /run/overlayfs ]; then
         ovlfs=$(readlink /run/overlayfs)
         info "Resetting the OverlayFS overlay directory."
@@ -381,7 +384,6 @@ if [ -n "$overlayfs" ]; then
     else
         ovlfs=lowerdir=/run/rootfsbase
     fi
-    mount -r $FSIMG /run/rootfsbase
     if [ -z "$DRACUT_SYSTEMD" ]; then
         printf 'mount -t overlay LiveOS_rootfs -o%s,%s %s\n' "$ROOTFLAGS" \
             "$ovlfs",upperdir=/run/overlayfs,workdir=/run/ovlwork \

modules.d/90dmsquash-live/module-setup.sh

@@ -22,7 +22,7 @@ installkernel() {
 
 # called by dracut
 install() {
-    inst_multiple umount dmsetup blkid dd losetup blockdev find
+    inst_multiple umount dmsetup blkid dd losetup blockdev find rmdir
     inst_multiple -o checkisomd5
     inst_hook cmdline 30 "$moddir/parse-dmsquash-live.sh"
     inst_hook cmdline 31 "$moddir/parse-iso-scan.sh"
@@ -31,9 +31,11 @@ install() {
     inst_hook pre-pivot 20 "$moddir/apply-live-updates.sh"
     inst_script "$moddir/dmsquash-live-root.sh" "/sbin/dmsquash-live-root"
     inst_script "$moddir/iso-scan.sh" "/sbin/iso-scan"
+    if dracut_module_included "systemd-initrd"; then
         inst_script "$moddir/dmsquash-generator.sh" "$systemdutildir"/system-generators/dracut-dmsquash-generator
+        inst_simple "$moddir/checkisomd5@.service" "/etc/systemd/system/checkisomd5@.service"
+    fi
     # should probably just be generally included
     inst_rules 60-cdrom_id.rules
-    inst_simple "$moddir/checkisomd5@.service" "/etc/systemd/system/checkisomd5@.service"
     dracut_need_initqueue
 }

modules.d/90kernel-modules-extra/module-setup.sh

@@ -173,7 +173,7 @@ installkernel() {
 
     ((${#pathlist[@]} > 0)) || return 0
 
-    printf "^%s\.ko(\.gz|\.bz2|\.xz)?:\n" "${pathlist[@]}" \
+    printf "^%s\.ko(\.gz|\.bz2|\.xz|\.zst)?:\n" "${pathlist[@]}" \
         | (LANG=C grep -E -o -f - -- "$depmod_modules_dep" || exit 0) \
         | tr -d ':' \
         | (

modules.d/90kernel-modules/module-setup.sh

@@ -2,7 +2,7 @@
 
 # called by dracut
 installkernel() {
-    local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma'
+    local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_mq_alloc_disk|blk_cleanup_disk'
     local -A _hostonly_drvs
 
     find_kernel_modules_external() {
@@ -16,9 +16,15 @@ installkernel() {
     }
 
     record_block_dev_drv() {
+
         for _mod in $(get_dev_module /dev/block/"$1"); do
             _hostonly_drvs["$_mod"]="$_mod"
         done
+
+        for _mod in $(get_blockdev_drv_through_sys "/sys/dev/block/$1"); do
+            _hostonly_drvs["$_mod"]="$_mod"
+        done
+
         ((${#_hostonly_drvs[@]} > 0)) && return 0
         return 1
     }
@@ -53,6 +59,7 @@ installkernel() {
             "=drivers/pci/host" \
             "=drivers/pci/controller" \
             "=drivers/pinctrl" \
+            "=drivers/usb/typec" \
             "=drivers/watchdog"
 
         instmods \
@@ -61,7 +68,7 @@ installkernel() {
             virtio virtio_ring virtio_pci pci_hyperv \
             "=drivers/pcmcia"
 
-        if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 ]]; then
+        if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 || ${DRACUT_ARCH:-$(uname -m)} == riscv* ]]; then
             # arm/aarch64 specific modules
             _blockfuncs+='|dw_mc_probe|dw_mci_pltfm_register'
             instmods \
@@ -73,9 +80,11 @@ installkernel() {
                 "=drivers/hwmon" \
                 "=drivers/hwspinlock" \
                 "=drivers/i2c/busses" \
+                "=drivers/mailbox" \
                 "=drivers/memory" \
                 "=drivers/mfd" \
                 "=drivers/mmc/core" \
+                "=drivers/mmc/host" \
                 "=drivers/phy" \
                 "=drivers/power" \
                 "=drivers/regulator" \
@@ -83,10 +92,12 @@ installkernel() {
                 "=drivers/rpmsg" \
                 "=drivers/rtc" \
                 "=drivers/soc" \
+                "=drivers/spi" \
                 "=drivers/usb/chipidea" \
                 "=drivers/usb/dwc2" \
                 "=drivers/usb/dwc3" \
                 "=drivers/usb/host" \
+                "=drivers/usb/isp1760" \
                 "=drivers/usb/misc" \
                 "=drivers/usb/musb" \
                 "=drivers/usb/phy" \

modules.d/90lvm/64-lvm.rules

@@ -6,6 +6,14 @@
 
 SUBSYSTEM!="block", GOTO="lvm_end"
 ACTION!="add|change", GOTO="lvm_end"
+
+# If the md device is active (indicated by array_state), then set the flag
+# LVM_MD_PV_ACTIVATED=1 indicating that the md device for the PV is ready
+# to be used.  The lvm udev rule running in root will check that this flag
+# is set before it will process the md device (it wants to avoid
+# processing an md device that exists but is not yet ready to be used.)
+KERNEL=="md[0-9]*", ACTION=="change", ENV{ID_FS_TYPE}=="LVM2_member", ENV{LVM_MD_PV_ACTIVATED}!="1", TEST=="md/array_state", ENV{LVM_MD_PV_ACTIVATED}="1"
+
 # Also don't process disks that are slated to be a multipath device
 ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="lvm_end"
 KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end"
@@ -15,7 +23,7 @@ PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] &&
     GOTO="lvm_end"
 
 RUN+="/sbin/initqueue --settled --onetime --unique /sbin/lvm_scan"
-RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique /sbin/lvm_scan --partial"
+RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique /sbin/lvm_scan --activationmode degraded"
 RUN+="/bin/sh -c '>/tmp/.lvm_scan-%k;'"
 
 LABEL="lvm_end"

modules.d/90lvm/lvm_scan.sh

@@ -7,11 +7,10 @@ type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
 VGS=$(getargs rd.lvm.vg -d rd_LVM_VG=)
 LVS=$(getargs rd.lvm.lv -d rd_LVM_LV=)
-SNAPSHOT=$(getargs rd.lvm.snapshot -d rd_LVM_SNAPSHOT=)
-SNAPSIZE=$(getargs rd.lvm.snapsize -d rd_LVM_SNAPSIZE=)
 
 # shellcheck disable=SC2174
 [ -d /etc/lvm ] || mkdir -m 0755 -p /etc/lvm
+[ -d /run/lvm ] || mkdir -m 0755 -p /run/lvm
 # build a list of devices to scan
 lvmdevs=$(
     for f in /tmp/.lvm_scan-*; do
@@ -20,32 +19,6 @@ lvmdevs=$(
     done
 )
 
-if [ ! -e /etc/lvm/lvm.conf ]; then
-    {
-        echo 'devices {'
-        printf '    filter = [ '
-        for dev in $lvmdevs; do
-            printf '"a|^/dev/%s$|", ' "$dev"
-        done
-        echo '"r/.*/" ]'
-        echo '}'
-
-        # establish LVM locking
-        if [ -n "$SNAPSHOT" ]; then
-            echo 'global {'
-            echo '    locking_type = 1'
-            echo '    use_lvmetad = 0'
-            echo '}'
-        else
-            echo 'global {'
-            echo '    locking_type = 4'
-            echo '    use_lvmetad = 0'
-            echo '}'
-        fi
-    } > /etc/lvm/lvm.conf
-    lvmwritten=1
-fi
-
 check_lvm_ver() {
     maj=$1
     min=$2
@@ -59,6 +32,75 @@ check_lvm_ver() {
     return 1
 }
 
+no_lvm_conf_filter() {
+    if [ ! -e /etc/lvm/lvm.conf ]; then
+        return 0
+    fi
+
+    if [ -e /run/lvm/initrd_no_filter ]; then
+        return 0
+    fi
+
+    if [ -e /run/lvm/initrd_filter ]; then
+        return 1
+    fi
+
+    if [ -e /run/lvm/initrd_global_filter ]; then
+        return 1
+    fi
+
+    # Save lvm config results in /run to avoid running
+    # lvm config commands for every PV that's scanned.
+
+    filter=$(lvm config devices/filter | grep "$filter=")
+    if [ -n "$filter" ]; then
+        printf '%s\n' "$filter" > /run/lvm/initrd_filter
+        return 1
+    fi
+
+    global_filter=$(lvm config devices/global_filter | grep "$global_filter=")
+    if [ -n "$global_filter" ]; then
+        printf '%s\n' "$global_filter" > /run/lvm/initrd_global_filter
+        return 1
+    fi
+
+    # /etc/lvm/lvm.conf exists with no filter setting
+    true > /run/lvm/initrd_no_filter
+    return 0
+}
+
+# If no lvm.conf exists, create a basic one with a global section.
+if [ ! -e /etc/lvm/lvm.conf ]; then
+    {
+        echo 'global {'
+        echo '}'
+    } > /etc/lvm/lvm.conf
+    lvmwritten=1
+fi
+
+# Save the original lvm.conf before appending a filter setting.
+if [ ! -e /etc/lvm/lvm.conf.orig ]; then
+    cp /etc/lvm/lvm.conf /etc/lvm/lvm.conf.orig
+fi
+
+# If the original lvm.conf does not contain a filter setting,
+# then generate a filter and append it to the original lvm.conf.
+# The filter is generated from the list PVs that have been seen
+# so far (each has been processed by the lvm udev rule.)
+if no_lvm_conf_filter; then
+    {
+        echo 'devices {'
+        printf '    filter = [ '
+        for dev in $lvmdevs; do
+            printf '"a|^/dev/%s$|", ' "$dev"
+        done
+        echo '"r/.*/" ]'
+        echo '}'
+    } > /etc/lvm/lvm.conf.filter
+    lvmfilter=1
+    cat /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf.filter > /etc/lvm/lvm.conf
+fi
+
 # hopefully this output format will never change, e.g.:
 #   LVM version:     2.02.53(1) (2009-09-25)
 OLDIFS=$IFS
@@ -71,67 +113,63 @@ min=$2
 sub=${3%% *}
 sub=${sub%%\(*}
 
-lvm_ignorelockingfailure="--ignorelockingfailure"
-lvm_quirk_args="--ignorelockingfailure --ignoremonitoring"
-
-check_lvm_ver 2 2 57 "$maj" "$min" "$sub" \
-    && lvm_quirk_args="$lvm_quirk_args --poll n"
-
-if check_lvm_ver 2 2 65 "$maj" "$min" "$sub"; then
-    lvm_quirk_args=" --sysinit $extraargs"
-fi
-
-if check_lvm_ver 2 2 221 "$maj" "$min" "$sub"; then
-    lvm_quirk_args=" $extraargs"
-    unset lvm_ignorelockingfailure
-fi
+# For lvchange and vgchange use --sysinit which:
+# disables polling (--poll n)
+# ignores monitoring (--ignoremonitoring)
+# ignores locking failures (--ignorelockingfailure)
+# disables hints (--nohints)
+#
+# For lvs and vgscan:
+# disable locking (--nolocking)
+# disable hints (--nohints)
 
+activate_args="--sysinit $extraargs"
 unset extraargs
 
 export LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES=1
 
-if [ -n "$SNAPSHOT" ]; then
-    # HACK - this should probably be done elsewhere or turned into a function
-    # Enable read-write LVM locking
-    sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type =  1/' /etc/lvm/lvm.conf
+scan_args="--nolocking"
 
-    # Expected SNAPSHOT format "<orig lv name>:<snap lv name>"
-    ORIG_LV=${SNAPSHOT%%:*}
-    SNAP_LV=${SNAPSHOT##*:}
-
-    info "Removing existing LVM snapshot $SNAP_LV"
-    lvm lvremove --force "$SNAP_LV" 2>&1 | vinfo
-
-    # Determine snapshot size
-    if [ -z "$SNAPSIZE" ]; then
-        SNAPSIZE=$(lvm lvs --noheadings --units m --options lv_size "$ORIG_LV")
-        info "No LVM snapshot size provided, using size of $ORIG_LV ($SNAPSIZE)"
-    fi
-
-    info "Creating LVM snapshot $SNAP_LV ($SNAPSIZE)"
-    lvm lvcreate -s -n "$SNAP_LV" -L "$SNAPSIZE" "$ORIG_LV" 2>&1 | vinfo
-fi
+check_lvm_ver 2 3 14 "$maj" "$min" "$sub" \
+    && scan_args="$scan_args --nohints"
 
 if [ -n "$LVS" ]; then
     info "Scanning devices $lvmdevs for LVM logical volumes $LVS"
-    lvm lvscan $lvm_ignorelockingfailure 2>&1 | vinfo
-    for LV in $LVS; do
     # shellcheck disable=SC2086
-        lvm lvchange --yes -K -ay $lvm_quirk_args "$LV" 2>&1 | vinfo
+    LVSLIST=$(lvm lvs $scan_args --noheading -o lv_full_name,segtype $LVS)
+    info "$LVSLIST"
+
+    # Only attempt to activate an LV if it appears in the lvs output.
+    for LV in $LVS; do
+        if strstr "$LVSLIST" "$LV"; then
+            # This lvchange is expected to fail if all PVs used by
+            # the LV are not yet present.  Premature/failed lvchange
+            # could be avoided by reporting if an LV is complete
+            # from the lvs command above and skipping this lvchange
+            # if the LV is not lised as complete.
+            # shellcheck disable=SC2086
+            lvm lvchange --yes -K -ay $activate_args "$LV" 2>&1 | vinfo
+        fi
     done
 fi
 
 if [ -z "$LVS" ] || [ -n "$VGS" ]; then
     info "Scanning devices $lvmdevs for LVM volume groups $VGS"
-    lvm vgscan $lvm_ignorelockingfailure 2>&1 | vinfo
     # shellcheck disable=SC2086
-    lvm vgchange -ay $lvm_quirk_args $VGS 2>&1 | vinfo
+    lvm vgscan $scan_args 2>&1 | vinfo
+    # shellcheck disable=SC2086
+    lvm vgchange -ay $activate_args $VGS 2>&1 | vinfo
 fi
 
 if [ "$lvmwritten" ]; then
     rm -f -- /etc/lvm/lvm.conf
+elif [ "$lvmfilter" ]; then
+    # revert filter that was appended to existing lvm.conf
+    cp /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf
+    rm -f -- /etc/lvm/lvm.conf.filter
 fi
 unset lvmwritten
+unset lvmfilter
 
 udevadm settle
 

modules.d/90lvm/module-setup.sh

@@ -61,10 +61,6 @@ install() {
     if [[ $hostonly ]] || [[ $lvmconf == "yes" ]]; then
         if [[ -f $dracutsysrootdir/etc/lvm/lvm.conf ]]; then
             inst_simple -H /etc/lvm/lvm.conf
-            # FIXME: near-term hack to establish read-only locking;
-            # use command-line lvm.conf editor once it is available
-            sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type = 4/' "${initdir}/etc/lvm/lvm.conf"
-            sed -i -e 's/\(^[[:space:]]*\)use_lvmetad[[:space:]]*=[[:space:]]*[[:digit:]]/\1use_lvmetad = 0/' "${initdir}/etc/lvm/lvm.conf"
         fi
 
         export LVM_SUPPRESS_FD_WARNINGS=1
@@ -82,30 +78,7 @@ install() {
         unset LVM_SUPPRESS_FD_WARNINGS
     fi
 
-    if ! [[ -e ${initdir}/etc/lvm/lvm.conf ]]; then
-        mkdir -p "${initdir}/etc/lvm"
-        {
-            echo 'global {'
-            echo 'locking_type = 4'
-            echo 'use_lvmetad = 0'
-            echo '}'
-        } > "${initdir}/etc/lvm/lvm.conf"
-    fi
-
-    inst_rules 11-dm-lvm.rules 69-dm-lvm-metad.rules
-
-    # Do not run lvmetad update via pvscan in udev rule  - lvmetad is not running yet in dracut!
-    if [[ -f ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules ]]; then
-        if grep -q SYSTEMD_WANTS "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules; then
-            sed -i -e 's/^ENV{SYSTEMD_ALIAS}=.*/# No LVM pvscan in dracut - lvmetad is not running yet/' \
-                "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-            sed -i -e 's/^ENV{ID_MODEL}=.*//' "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-            sed -i -e 's/^ENV{SYSTEMD_WANTS}+\?=.*//' "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-        else
-            sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' \
-                "${initdir}"/lib/udev/rules.d/69-dm-lvm-metad.rules
-        fi
-    fi
+    inst_rules 11-dm-lvm.rules
 
     # Gentoo ebuild for LVM2 prior to 2.02.63-r1 doesn't install above rules
     # files, but provides the one below:

modules.d/90multipath/module-setup.sh

@@ -60,9 +60,14 @@ installkernel() {
     hostonly='' dracut_instmods -o -s "$_funcs" "=drivers/scsi" "=drivers/md" ${_s390drivers:+"$_s390drivers"}
 }
 
+mpathconf_installed() {
+    command -v mpathconf &> /dev/null
+}
+
 # called by dracut
 install() {
     local -A _allow
+    local config_dir
 
     add_hostonly_mpath_conf() {
         if is_mpath "$1"; then
@@ -74,6 +79,16 @@ install() {
         fi
     }
 
+    local k v
+    while read -r k v; do
+        if [[ $k == "config_dir" ]]; then
+            v="${v#\"}"
+            config_dir="${v%\"}"
+            break
+        fi
+    done < <(multipath -t 2> /dev/null)
+    [[ -d $config_dir ]] || config_dir=/etc/multipath/conf.d
+
     inst_multiple \
         pkill \
         pidof \
@@ -91,9 +106,10 @@ install() {
         /etc/xdrdevices.conf \
         /etc/multipath.conf \
         /etc/multipath/* \
-        /etc/multipath/conf.d/*
+        "$config_dir"/*
 
-    [[ $hostonly ]] && [[ $hostonly_mode == "strict" ]] && {
+    mpathconf_installed \
+        && [[ $hostonly ]] && [[ $hostonly_mode == "strict" ]] && {
         for_each_host_dev_and_slaves_all add_hostonly_mpath_conf
         if ((${#_allow[@]} > 0)); then
             local -a _args
@@ -117,9 +133,11 @@ install() {
     fi
 
     if dracut_module_included "systemd"; then
+        if mpathconf_installed; then
             inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service"
-        inst_simple "${moddir}/multipathd.service" "${systemdsystemunitdir}/multipathd.service"
             $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service
+        fi
+        inst_simple "${moddir}/multipathd.service" "${systemdsystemunitdir}/multipathd.service"
         $SYSTEMCTL -q --root "$initdir" enable multipathd.service
     else
         inst_hook pre-trigger 02 "$moddir/multipathd.sh"

modules.d/90multipath/multipathd.service

@@ -1,9 +1,10 @@
 [Unit]
 Description=Device-Mapper Multipath Device Controller
-Before=iscsi.service iscsid.service lvm2-activation-early.service
-Wants=systemd-udev-trigger.service systemd-udev-settle.service local-fs-pre.target
-After=systemd-udev-trigger.service systemd-udev-settle.service
-Before=local-fs-pre.target
+Before=lvm2-activation-early.service
+Before=local-fs-pre.target blk-availability.service shutdown.target
+Wants=systemd-udevd-kernel.socket
+After=systemd-udevd-kernel.socket
+After=multipathd.socket systemd-remount-fs.service
 Before=initrd-cleanup.service
 DefaultDependencies=no
 Conflicts=shutdown.target
@@ -12,13 +13,16 @@ ConditionKernelCommandLine=!nompath
 ConditionKernelCommandLine=!rd.multipath=0
 ConditionKernelCommandLine=!rd_NO_MULTIPATH
 ConditionKernelCommandLine=!multipath=off
+ConditionVirtualization=!container
 
 [Service]
-Type=simple
+Type=notify
+NotifyAccess=main
 ExecStartPre=-/sbin/modprobe dm-multipath
-ExecStart=/sbin/multipathd -s -d
+ExecStart=/sbin/multipathd -d -s
 ExecReload=/sbin/multipathd reconfigure
-ExecStop=/sbin/multipathd shutdown
+TasksMax=infinity
 
 [Install]
 WantedBy=sysinit.target
+Also=multipathd.socket

modules.d/91crypt-gpg/crypt-gpg-lib.sh

@@ -51,7 +51,7 @@ gpg_decrypt() {
     fi
 
     ask_for_password \
-        --cmd "gpg $opts --decrypt $mntp/$keypath" \
+        --cmd "GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath" \
         --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \
         --tries 3 --tty-echo-off
 

modules.d/91crypt-gpg/module-setup.sh

@@ -3,7 +3,7 @@
 # GPG support is optional
 # called by dracut
 check() {
-    require_binaries gpg || return 1
+    require_binaries gpg tr || return 1
 
     if sc_requested; then
         if ! sc_supported; then
@@ -23,7 +23,7 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple gpg
+    inst_multiple gpg tr
     inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"
 
     if sc_requested; then

modules.d/91fido2/module-setup.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+}
+
+# Module dependency requirements.
+depends() {
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+    # Install required libraries.
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libfido2.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-fido2.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcbor.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libhidapi-hidraw.so.*"
+}

modules.d/91pcsc/module-setup.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # If the binary(s) requirements are not fulfilled the module can't be installed.
+    require_binaries pcscd || return 1
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+    inst_simple "$moddir/pcscd.service" "${systemdsystemunitdir}"/pcscd.service
+    inst_simple "$moddir/pcscd.socket" "${systemdsystemunitdir}"/pcscd.socket
+
+    inst_multiple -o \
+        pcscd
+
+    # Enable systemd type unit(s)
+    for i in \
+        pcscd.service \
+        pcscd.socket; do
+        $SYSTEMCTL -q --root "$initdir" enable "$i"
+    done
+
+    # Install library file(s)
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libopensc.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libsmm-local.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"onepin-opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/onepin-opensc-pkcs11.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/serial/libccidtwin.so" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite.so.*"
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            /etc/opensc.conf \
+            "/etc/reader.conf.d/*"
+    fi
+
+}

modules.d/91pcsc/pcscd.service

@@ -0,0 +1,13 @@
+[Unit]
+DefaultDependencies=no
+Description=PC/SC Smart Card Daemon (Dracut)
+Documentation=man:pcscd(8)
+Requires=pcscd.socket
+
+[Service]
+ExecStart=/usr/sbin/pcscd --foreground --auto-exit
+ExecReload=/usr/sbin/pcscd --hotplug
+
+[Install]
+Also=pcscd.socket
+WantedBy=cryptsetup-pre.target

modules.d/91pcsc/pcscd.socket

@@ -0,0 +1,11 @@
+[Unit]
+DefaultDependencies=no
+Description=PC/SC Smart Card Daemon Activation Socket (Dracut)
+Documentation=man:pcscd(8)
+
+[Socket]
+ListenStream=/run/pcscd/pcscd.comm
+SocketMode=0666
+
+[Install]
+WantedBy=cryptsetup-pre.target sockets.target

modules.d/91pkcs11/module-setup.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd-udevd
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    # Install library file(s)
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtasn1.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libffi.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libp11-kit.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so.*"
+
+}

modules.d/91tpm2-tss/module-setup.sh

@@ -17,7 +17,7 @@ check() {
 depends() {
 
     # This module has external dependency on other module(s).
-    echo systemd-sysusers systemd-udev
+    echo systemd-sysusers systemd-udevd
     # Return 0 to include the dependent module(s) in the initramfs.
     return 0
 
@@ -52,6 +52,7 @@ install() {
         {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-swtpm.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tctildr.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-tpm2.so" \
         {"tls/$_arch/",tls/,"$_arch/",}"libcurl.so.*" \
         {"tls/$_arch/",tls/,"$_arch/",}"libjson-c.so.*"
 

modules.d/95dasd_rules/module-setup.sh

@@ -26,7 +26,6 @@ check() {
     local found=0
     local bdev
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
 
     [[ $hostonly ]] || [[ $mount_needs ]] && {
         for bdev in /sys/block/*; do
@@ -50,7 +49,6 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple /usr/lib/udev/collect
     inst_hook cmdline 30 "$moddir/parse-dasd.sh"
     if [[ $hostonly_cmdline == "yes" ]]; then
         local _dasd
@@ -58,10 +56,10 @@ install() {
         [[ $_dasd ]] && printf "%s\n" "$_dasd" >> "${initdir}/etc/cmdline.d/95dasd.conf"
     fi
     if [[ $hostonly ]]; then
-        inst_rules_wildcard 51-dasd-*.rules
-        inst_rules_wildcard 41-s390x-dasd-*.rules
+        inst_rules_wildcard "51-dasd-*.rules"
+        inst_rules_wildcard "41-dasd-*.rules"
         mark_hostonly /etc/udev/rules.d/51-dasd-*.rules
-        mark_hostonly /etc/udev/rules.d/41-s390x-dasd-*.rules
+        mark_hostonly /etc/udev/rules.d/41-dasd-*.rules
     fi
     inst_rules 59-dasd.rules
 }

modules.d/95dasd_rules/parse-dasd.sh

@@ -1,57 +1,22 @@
 #!/bin/bash
 
-create_udev_rule() {
+allow_device() {
     local ccw=$1
-    local _drv _cu_type _dev_type
-    local _rule="/etc/udev/rules.d/51-dasd-${ccw}.rules"
 
     if [ -x /sbin/cio_ignore ] && cio_ignore -i "$ccw" > /dev/null; then
         cio_ignore -r "$ccw"
     fi
-
-    if [ -e /sys/bus/ccw/devices/"${ccw}" ]; then
-        read -r _cu_type < /sys/bus/ccw/devices/"${ccw}"/cutype
-        read -r _dev_type < /sys/bus/ccw/devices/"${ccw}"/devtype
-    fi
-
-    case "$_cu_type" in
-        3990/* | 2105/* | 2107/* | 1750/* | 9343/*)
-            _drv=dasd-eckd
-            ;;
-        6310/*)
-            _drv=dasd-fba
-            ;;
-        3880/*)
-            case "$_dev_type" in
-                3380/*)
-                    _drv=dasd_eckd
-                    ;;
-                3370/*)
-                    _drv=dasd-fba
-                    ;;
-            esac
-            ;;
-    esac
-    [ -z "${_drv}" ] && return 0
-
-    [ -e "${_rule}" ] && return 0
-
-    cat > "$_rule" << EOF
-ACTION=="add", SUBSYSTEM=="ccw", KERNEL=="$ccw", IMPORT{program}="collect $ccw %k ${ccw} $_drv"
-ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="$_drv", IMPORT{program}="collect $ccw %k ${ccw} $_drv"
-ACTION=="add", ENV{COLLECT_$ccw}=="0", ATTR{[ccw/$ccw]online}="1"
-EOF
 }
 
 if [[ -f /sys/firmware/ipl/ipl_type ]] && [[ $(< /sys/firmware/ipl/ipl_type) == "ccw" ]]; then
-    create_udev_rule "$(< /sys/firmware/ipl/device)"
+    allow_device "$(< /sys/firmware/ipl/device)"
 fi
 
 for dasd_arg in $(getargs root=) $(getargs resume=); do
     [[ $dasd_arg =~ /dev/disk/by-path/ccw-* ]] || continue
 
     ccw_dev="${dasd_arg##*/ccw-}"
-    create_udev_rule "${ccw_dev%%-*}"
+    allow_device "${ccw_dev%%-*}"
 done
 
 for dasd_arg in $(getargs rd.dasd=); do
@@ -66,12 +31,12 @@ for dasd_arg in $(getargs rd.dasd=); do
                 prefix=${start%.*}
                 start=${start##*.}
                 for rdev in $(seq $((16#$start)) $((16#$end))); do
-                    create_udev_rule "$(printf "%s.%04x" "$prefix" "$rdev")"
+                    allow_device "$(printf "%s.%04x" "$prefix" "$rdev")"
                 done
                 ;;
             *)
                 IFS="." read -r sid ssid chan _ <<< "${dev%(ro)}"
-                create_udev_rule "$(printf "%01x.%01x.%04x" $((16#$sid)) $((16#$ssid)) $((16#$chan)))"
+                allow_device "$(printf "%01x.%01x.%04x" $((16#$sid)) $((16#$ssid)) $((16#$chan)))"
                 ;;
         esac
     done

modules.d/95iscsi/iscsiroot.sh

@@ -45,7 +45,7 @@ if [ -z "${DRACUT_SYSTEMD}" ] \
 fi
 
 handle_firmware() {
-    local ifaces retry
+    local ifaces retry _res
 
     # Depending on the 'ql4xdisablesysfsboot' qla4xxx
     # will be autostarting sessions without presenting
@@ -69,9 +69,28 @@ handle_firmware() {
             rm /tmp/session-retry
         fi
 
-        if ! iscsiadm -m fw -l; then
+        # check to see if we have the new iscsiadm command,
+        # that supports the "no-wait" (-W) flag. If so, use it.
+        iscsiadm -m fw -l -W 2> /dev/null
+        _res=$?
+        if [ $_res -eq 7 ]; then
+            # ISCSI_ERR_INVALID (7) => "-W" not supported
+            info "iscsiadm does not support no-wait firmware logins"
+            iscsiadm -m fw -l
+            _res=$?
+        fi
+        if [ $_res -ne 0 ]; then
             warn "iscsiadm: Log-in to iscsi target failed"
         else
+            # get a list of connected targets
+            tgts=$(cat /sys/firmware/ibft/target*/target-name | sort -u)
+            # disable NOPs for each FW target
+            for tgt in ${tgts}; do
+                iscsiadm -m node -T "${tgt}" \
+                    --op update \
+                    --name 'node.conn[0].timeo.noop_out_interval' --value 0 \
+                    --name 'node.conn[0].timeo.noop_out_timeout' --value 0
+            done
             need_shutdown
         fi
     fi

modules.d/95iscsi/module-setup.sh

@@ -188,6 +188,7 @@ install() {
     inst_multiple -o iscsiuio
     inst_libdir_file 'libgcc_s.so*'
     inst_multiple umount iscsi-iname iscsiadm iscsid
+    inst_binary sort
 
     inst_multiple -o \
         "$systemdsystemunitdir"/iscsid.socket \

modules.d/95nvmf/parse-nvmf-boot-connections.sh

@@ -40,15 +40,15 @@ validate_ip_conn() {
         return 1
     fi
 
-    ifname=$(ip -o route get to "$local_address" | sed -n 's/.*dev \([^ ]*\).*/\1/p')
+    ifname=$(ip -o route get from "$local_address" to "$traddr" | sed -n 's/.*dev \([^ ]*\).*/\1/p')
 
-    if ip l show "$ifname" > /dev/null 2>&1; then
+    if ! ip l show "$ifname" > /dev/null 2>&1; then
         warn "invalid network interface $ifname"
         return 1
     fi
 
     # confirm there's a route to destination
-    if ip route get "$traddr" > /dev/null 2>&1; then
+    if ! ip route get "$traddr" > /dev/null 2>&1; then
         warn "no route to $traddr"
         return 1
     fi

modules.d/95qeth_rules/module-setup.sh

@@ -5,11 +5,11 @@ check() {
     local _arch=${DRACUT_ARCH:-$(uname -m)}
     local _online=0
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
     dracut_module_included network || return 1
 
     [[ $hostonly ]] && {
         for i in /sys/devices/qeth/*/online; do
+            [ ! -f "$i" ] && continue
             read -r _online < "$i"
             [ "$_online" -eq 1 ] && return 0
         done
@@ -55,5 +55,4 @@ install() {
         [ -n "$id" ] && inst_rules_qeth "$id"
     done
 
-    inst_simple /usr/lib/udev/collect
 }

modules.d/95resume/module-setup.sh

@@ -13,7 +13,7 @@ check() {
     # Only support resume if hibernation is currently on
     # and no swap is mounted on a net device
     [[ $hostonly ]] || [[ $mount_needs ]] && {
-        swap_on_netdevice || [[ "$(cat /sys/power/resume)" == "0:0" ]] && return 255
+        swap_on_netdevice || [[ -f /sys/power/resume && "$(cat /sys/power/resume)" == "0:0" ]] && return 255
     }
 
     return 0
@@ -50,7 +50,7 @@ install() {
     fi
 
     # Optional uswsusp support
-    for _bin in /usr/sbin/resume /usr/lib/suspend/resume /usr/lib/uswsusp/resume; do
+    for _bin in /usr/sbin/resume /usr/lib/suspend/resume /usr/lib64/suspend/resume /usr/lib/uswsusp/resume /usr/lib64/uswsusp/resume; do
         [[ -x $dracutsysrootdir${_bin} ]] && {
             inst "${_bin}" /usr/sbin/resume
             [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/suspend.conf ]] && inst -H /etc/suspend.conf

modules.d/95rootfs-block/module-setup.sh

@@ -7,7 +7,7 @@ check() {
 
 # called by dracut
 depends() {
-    echo fs-lib
+    echo base fs-lib
 }
 
 cmdline_journal() {

modules.d/95zfcp_rules/module-setup.sh

@@ -45,7 +45,6 @@ check() {
     local _arch=${DRACUT_ARCH:-$(uname -m)}
     local _ccw
     [ "$_arch" = "s390" -o "$_arch" = "s390x" ] || return 1
-    require_binaries /usr/lib/udev/collect || return 1
 
     [[ $hostonly ]] || [[ $mount_needs ]] && {
         found=0
@@ -66,7 +65,6 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple /usr/lib/udev/collect
     inst_hook cmdline 30 "$moddir/parse-zfcp.sh"
     if [[ $hostonly_cmdline == "yes" ]]; then
         local _zfcp
@@ -76,7 +74,7 @@ install() {
         done
     fi
     if [[ $hostonly ]]; then
-        inst_rules_wildcard 51-zfcp-*.rules
-        inst_rules_wildcard 41-s390x-zfcp-*.rules
+        inst_rules_wildcard "51-zfcp-*.rules"
+        inst_rules_wildcard "41-zfcp-*.rules"
     fi
 }

modules.d/95zfcp_rules/parse-zfcp.sh

@@ -22,13 +22,6 @@ create_udev_rule() {
         return 0
     fi
 
-    if [ ! -f "$_rule" ]; then
-        cat > "$_rule" << EOF
-ACTION=="add", SUBSYSTEM=="ccw", KERNEL=="$ccw", IMPORT{program}="collect $ccw %k ${ccw} zfcp"
-ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="zfcp", IMPORT{program}="collect $ccw %k ${ccw} zfcp"
-ACTION=="add", ENV{COLLECT_$ccw}=="0", ATTR{[ccw/$ccw]online}="1"
-EOF
-    fi
     [ -z "$wwpn" ] || [ -z "$lun" ] && return
     m=$(sed -n "/.*${wwpn}.*${lun}.*/p" "$_rule")
     if [ -z "$m" ]; then
@@ -36,9 +29,6 @@ EOF
 ACTION=="add", KERNEL=="rport-*", ATTR{port_name}=="$wwpn", SUBSYSTEMS=="ccw", KERNELS=="$ccw", ATTR{[ccw/$ccw]$wwpn/unit_add}="$lun"
 EOF
     fi
-    if [ -x /sbin/cio_ignore ] && ! cio_ignore -i "$ccw" > /dev/null; then
-        cio_ignore -r "$ccw"
-    fi
 }
 
 if [[ -f /sys/firmware/ipl/ipl_type && \

modules.d/98dracut-systemd/dracut-cmdline-ask.service

@@ -6,10 +6,11 @@
 Description=dracut ask for additional cmdline parameters
 DefaultDependencies=no
 Before=dracut-cmdline.service
-After=systemd-journald.socket
-After=systemd-vconsole-setup.service
-Requires=systemd-vconsole-setup.service
 Wants=systemd-journald.socket
+After=systemd-journald.socket
+Wants=systemd-vconsole-setup.service
+After=systemd-vconsole-setup.service
+
 ConditionPathExists=/usr/lib/initrd-release
 ConditionKernelCommandLine=|rd.cmdline=ask
 ConditionPathExistsGlob=|/etc/cmdline.d/*.conf

modules.d/98dracut-systemd/dracut-shutdown-onfailure.service

@@ -0,0 +1,13 @@
+#  This file is part of dracut.
+#
+# See dracut.bootup(7) for details
+
+[Unit]
+Description=Service executing upon dracut-shutdown failure to perform cleanup
+Documentation=man:dracut-shutdown.service(8)
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=-/bin/rm /run/initramfs/shutdown
+StandardError=null

modules.d/98dracut-systemd/dracut-shutdown.service

@@ -10,6 +10,7 @@ Wants=local-fs.target
 Conflicts=shutdown.target umount.target
 DefaultDependencies=no
 ConditionPathExists=!/run/initramfs/bin/sh
+OnFailure=dracut-shutdown-onfailure.service
 
 [Service]
 RemainAfterExit=yes

modules.d/98dracut-systemd/dracut-shutdown.service.8.asc

@@ -40,6 +40,9 @@ by injecting "rd.break=pre-shutdown rd.shell" or "rd.break=shutdown rd.shell".
 # touch /run/initramfs/.need_shutdown
 ----
 
+In case the unpack of the initramfs fails, dracut-shutdown-onfailure.service
+executes to make sure switch root doesn't happen, since it would result in
+switching to an incomplete initramfs.
 
 AUTHORS
 -------

modules.d/98integrity/evm-enable.sh

@@ -20,6 +20,7 @@ EVM_ACTIVATION_BITS=0
 # EVMX509: path to x509 cert; default is /etc/keys/x509_evm.der
 # EVM_ACTIVATION_BITS: additional EVM activation bits, such as
 #                      EVM_SETUP_COMPLETE; default is 0
+# EVMKEYSDIR: Directory with more x509 certs; default is /etc/keys/evm/
 
 load_evm_key() {
     # read the configuration from the config file
@@ -77,10 +78,7 @@ load_evm_x509() {
 
     # check for EVM public key's existence
     if [ ! -f "${EVMX509PATH}" ]; then
-        if [ "${RD_DEBUG}" = "yes" ]; then
-            info "integrity: EVM x509 cert file not found: ${EVMX509PATH}"
-        fi
-        return 1
+        EVMX509PATH=""
     fi
 
     local evm_pubid line
@@ -96,13 +94,23 @@ load_evm_x509() {
         fi
     fi
 
-    # load the EVM public key onto the EVM keyring
-    # FIXME: EVMX509ID unused?
-    # shellcheck disable=SC2034
-    if ! EVMX509ID=$(evmctl import "${EVMX509PATH}" "${evm_pubid}"); then
-        info "integrity: failed to load the EVM X509 cert ${EVMX509PATH}"
+    if [ -z "${EVMKEYSDIR}" ]; then
+        EVMKEYSDIR="/etc/keys/evm"
+    fi
+    # load the default EVM public key onto the EVM keyring along
+    # with all the other ones in $EVMKEYSDIR
+    for PUBKEY in ${EVMX509PATH} "${NEWROOT}${EVMKEYSDIR}"/*; do
+        if [ ! -f "${PUBKEY}" ]; then
+            if [ "${RD_DEBUG}" = "yes" ]; then
+                info "integrity: EVM x509 cert file not found: ${PUBKEY}"
+            fi
+            continue
+        fi
+        if ! evmctl import "${PUBKEY}" "${evm_pubid}"; then
+            info "integrity: failed to load the EVM X509 cert ${PUBKEY}"
             return 1
         fi
+    done
 
     if [ "${RD_DEBUG}" = "yes" ]; then
         keyctl show @u

modules.d/98usrmount/mount-usr.sh

@@ -55,7 +55,12 @@ mount_usr() {
     while read -r _dev _mp _fs _opts _freq _passno || [ -n "$_dev" ]; do
         [ "${_dev%%#*}" != "$_dev" ] && continue
         if [ "$_mp" = "/usr" ]; then
+            case "$_dev" in
+                LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*)
                     _dev="$(label_uuid_to_dev "$_dev")"
+                    ;;
+                *) ;;
+            esac
 
             if strstr "$_opts" "subvol=" \
                 && [ "${root#block:}" -ef "$_dev" ] \

modules.d/99base/dracut-lib.sh

@@ -392,7 +392,7 @@ setdebug() {
             if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
                 RD_DEBUG=yes
                 [ -n "$BASH" ] \
-                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '
+                    && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): '
             fi
         fi
         export RD_DEBUG
@@ -594,10 +594,13 @@ label_uuid_to_dev() {
             echo "/dev/disk/by-partlabel/$(echo "${_dev#PARTLABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')"
             ;;
         UUID=*)
-            echo "/dev/disk/by-uuid/$(echo "${_dev#UUID=}" | tr "[:upper:]" "[:lower:]")"
+            echo "/dev/disk/by-uuid/${_dev#UUID=}"
             ;;
         PARTUUID=*)
-            echo "/dev/disk/by-partuuid/$(echo "${_dev#PARTUUID=}" | tr "[:upper:]" "[:lower:]")"
+            echo "/dev/disk/by-partuuid/${_dev#PARTUUID=}"
+            ;;
+        *)
+            echo "$_dev"
             ;;
     esac
 }

modules.d/99base/init.sh

@@ -387,7 +387,8 @@ if [ -f /etc/capsdrop ]; then
         }
 else
     unset RD_DEBUG
-    exec "$SWITCH_ROOT" "$NEWROOT" "$INIT" "$initargs" || {
+    # shellcheck disable=SC2086
+    exec "$SWITCH_ROOT" "$NEWROOT" "$INIT" $initargs || {
         warn "Something went very badly wrong in the initramfs.  Please "
         warn "file a bug against dracut."
         emergency_shell

modules.d/99base/module-setup.sh

@@ -15,11 +15,11 @@ depends() {
 install() {
     inst_multiple mount mknod mkdir sleep chroot chown \
         sed ls flock cp mv dmesg rm ln rmmod mkfifo umount readlink setsid \
-        modprobe chmod
+        modprobe chmod tr
 
     inst_multiple -o findmnt less kmod
 
-    inst_binary "${dracutsysrootdir}${dracutbasedir}/dracut-util" "/usr/bin/dracut-util"
+    inst_binary "${dracutbasedir}/dracut-util" "/usr/bin/dracut-util"
 
     ln -s dracut-util "${initdir}/usr/bin/dracut-getarg"
     ln -s dracut-util "${initdir}/usr/bin/dracut-getargs"

modules.d/99img-lib/module-setup.sh

@@ -14,7 +14,7 @@ depends() {
 
 # called by dracut
 install() {
-    inst_multiple tar gzip dd echo tr
+    inst_multiple tar gzip dd echo tr rmdir
     # TODO: make this conditional on a cmdline flag / config option
     inst_multiple -o cpio xz bzip2 zstd
     inst_simple "$moddir/img-lib.sh" "/lib/img-lib.sh"

modules.d/99memstrack/memstrack-start.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 # Mount kernel debug fs so debug tools can work.
 # memdebug=4 and memdebug=5 requires debug fs to be mounted.
 # And there is no need to umount it.
@@ -20,8 +20,6 @@ is_debugfs_ready() {
 }
 
 prepare_debugfs() {
-    local trace_base
-
     trace_base=$(get_trace_base)
     # old debugfs interface case.
     if ! [ -d "$trace_base/tracing" ]; then
@@ -44,10 +42,10 @@ fi
 if [ -n "$DEBUG_MEM_LEVEL" ]; then
     if [ "$DEBUG_MEM_LEVEL" -ge 5 ]; then
         echo "memstrack - will report kernel module memory usage summary and top allocation stack"
-        memstrack --report module_summary,module_top --notui --throttle 80 -o /.memstrack &
+        nohup memstrack --report module_summary,module_top --notui --throttle 80 -o /.memstrack > /dev/null &
     elif [ "$DEBUG_MEM_LEVEL" -ge 4 ]; then
         echo "memstrack - will report memory usage summary"
-        memstrack --report module_summary --notui --throttle 80 -o /.memstrack &
+        nohup memstrack --report module_summary --notui --throttle 80 -o /.memstrack > /dev/null &
     else
         exit 0
     fi
@@ -61,9 +59,7 @@ if [ $RET -ne 0 ]; then
     exit $RET
 fi
 
+echo $PID > /run/memstrack.pid
+
 # Wait a second for memstrack to setup everything, avoid missing any event
 sleep 1
-
-echo $PID > /run/memstrack.pid
-# bash specific - non posix
-disown

modules.d/99memstrack/memstrack.service

@@ -7,7 +7,7 @@ ConditionKernelCommandLine=|rd.memdebug=4
 ConditionKernelCommandLine=|rd.memdebug=5
 
 [Service]
-Type=simple
+Type=forking
 ExecStart=/bin/memstrack-start
 PIDFile=/run/memstrack.pid
 StandardInput=null

modules.d/99memstrack/module-setup.sh

@@ -11,12 +11,12 @@ check() {
 }
 
 depends() {
-    echo systemd bash
+    echo systemd
     return 0
 }
 
 install() {
-    inst_multiple pgrep pkill
+    inst_multiple pgrep pkill nohup
     inst "/bin/memstrack" "/bin/memstrack"
 
     inst "$moddir/memstrack-start.sh" "/bin/memstrack-start"

modules.d/99squash/module-setup.sh

@@ -28,6 +28,11 @@ installpost() {
         [[ $squash_dir == "$i"/* ]] || mv "$i" "$squash_dir"/
     done
 
+    # initdir also needs ld.so.* to make ld.so work
+    inst /etc/ld.so.cache
+    inst /etc/ld.so.conf
+    inst_dir /etc/ld.so.conf.d
+
     # Create mount points for squash loader
     mkdir -p "$initdir"/squash/
     mkdir -p "$squash_dir"/squash/
@@ -42,19 +47,25 @@ installpost() {
     # Install required modules and binaries for the squash image init script.
     if [[ $_busybox ]]; then
         inst "$_busybox" /usr/bin/busybox
-        for _i in sh echo mount modprobe mkdir switch_root grep; do
+        for _i in sh echo mount modprobe mkdir switch_root grep umount; do
             ln_r /usr/bin/busybox /usr/bin/$_i
         done
     else
-        DRACUT_RESOLVE_DEPS=1 inst_multiple sh mount modprobe mkdir switch_root grep
+        DRACUT_RESOLVE_DEPS=1 inst_multiple sh mount modprobe mkdir switch_root grep umount
+
+        # libpthread workaround: pthread_cancel wants to dlopen libgcc_s.so
+        inst_libdir_file -o "libgcc_s.so*"
+
+        # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
+        [[ $DRACUT_FIPS_MODE ]] && inst_libdir_file -o "libssl.so*"
     fi
 
     hostonly="" instmods "loop" "squashfs" "overlay"
     dracut_kernel_post
 
     # Install squash image init script.
-    ln -sfn /usr/bin "$initdir/bin"
-    ln -sfn /usr/sbin "$initdir/sbin"
+    ln_r /usr/bin /bin
+    ln_r /usr/sbin /sbin
     inst_simple "$moddir"/init-squash.sh /init
 }
 

pkgbuild/dracut.spec

@@ -328,6 +328,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %{dracutlibdir}/modules.d/01systemd-coredump
 %{dracutlibdir}/modules.d/01systemd-hostnamed
 %{dracutlibdir}/modules.d/01systemd-initrd
+%{dracutlibdir}/modules.d/01systemd-integritysetup
 %{dracutlibdir}/modules.d/01systemd-journald
 %{dracutlibdir}/modules.d/01systemd-ldconfig
 %{dracutlibdir}/modules.d/01systemd-modules-load
@@ -372,6 +373,9 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %{dracutlibdir}/modules.d/90qemu
 %{dracutlibdir}/modules.d/91crypt-gpg
 %{dracutlibdir}/modules.d/91crypt-loop
+%{dracutlibdir}/modules.d/91fido2
+%{dracutlibdir}/modules.d/91pcsc
+%{dracutlibdir}/modules.d/91pkcs11
 %{dracutlibdir}/modules.d/91tpm2-tss
 %{dracutlibdir}/modules.d/95debug
 %{dracutlibdir}/modules.d/95fstab-sys
@@ -414,6 +418,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %dir %{_sharedstatedir}/initramfs
 %if %{defined _unitdir}
 %{_unitdir}/dracut-shutdown.service
+%{_unitdir}/dracut-shutdown-onfailure.service
 %{_unitdir}/sysinit.target.wants/dracut-shutdown.service
 %{_unitdir}/dracut-cmdline.service
 %{_unitdir}/dracut-initqueue.service

shell-completion/bash/dracut

@@ -32,7 +32,8 @@ _dracut() {
             --local --hostonly --no-hostonly --fstab --help --bzip2 --lzma
             --xz --zstd --no-compress --gzip --list-modules --show-modules --keep
             --printsize --regenerate-all --noimageifnotneeded --early-microcode
-            --no-early-microcode --print-cmdline --reproducible --uefi'
+            --no-early-microcode --print-cmdline --reproducible --uefi
+            --enhanced-cpio'
         [ARG]='-a -m -o -d -I -k -c -L --kver --add --force-add --add-drivers
             --omit-drivers --modules --omit --drivers --filesystems --install
             --fwdir --libdirs --fscks --add-fstab --mount --device --nofscks

src/dracut-cpio/Cargo.lock

@@ -0,0 +1,12 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "crosvm"
+version = "0.1.0"
+
+[[package]]
+name = "dracut-cpio"
+version = "0.1.0"
+dependencies = [
+ "crosvm",
+]

src/dracut-cpio/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "dracut-cpio"
+description = "cpio archive generator for Dracut"
+authors = ["David Disseldorp"]
+license = "GPL-2.0"
+version = "0.1.0"
+edition = "2018"
+
+[dependencies]
+crosvm = { path = "third_party/crosvm" }
+# please avoid adding any more dependencies

src/dracut-cpio/third_party/crosvm/Cargo.toml

@@ -0,0 +1,8 @@
+[package]
+name = "crosvm"
+version = "0.1.0"
+authors = ["The Chromium OS Authors"]
+edition = "2018"
+
+[lib]
+path = "crosvm.rs"

src/dracut-cpio/third_party/crosvm/LICENSE

@@ -0,0 +1,27 @@
+// Copyright 2017 The Chromium OS Authors. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//    * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//    * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//    * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

src/dracut-cpio/third_party/crosvm/argument.rs

@@ -0,0 +1,549 @@
+// Copyright 2017 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+//! Handles argument parsing.
+//!
+//! # Example
+//!
+//! ```
+//! # use crosvm::argument::{Argument, Error, print_help, set_arguments};
+//! # let args: std::slice::Iter<String> = [].iter();
+//! let arguments = &[
+//!     Argument::positional("FILES", "files to operate on"),
+//!     Argument::short_value('p', "program", "PROGRAM", "Program to apply to each file"),
+//!     Argument::short_value('c', "cpus", "N", "Number of CPUs to use. (default: 1)"),
+//!     Argument::flag("unmount", "Unmount the root"),
+//!     Argument::short_flag('h', "help", "Print help message."),
+//! ];
+//!
+//! let match_res = set_arguments(args, arguments, |name, value| {
+//!     match name {
+//!         "" => println!("positional arg! {}", value.unwrap()),
+//!         "program" => println!("gonna use program {}", value.unwrap()),
+//!         "cpus" => {
+//!             let v: u32 = value.unwrap().parse().map_err(|_| {
+//!                 Error::InvalidValue {
+//!                     value: value.unwrap().to_owned(),
+//!                     expected: String::from("this value for `cpus` needs to be integer"),
+//!                 }
+//!             })?;
+//!         }
+//!         "unmount" => println!("gonna unmount"),
+//!         "help" => return Err(Error::PrintHelp),
+//!         _ => unreachable!(),
+//!     }
+//!     unreachable!();
+//! });
+//!
+//! match match_res {
+//!     Ok(_) => println!("running with settings"),
+//!     Err(Error::PrintHelp) => print_help("best_program", "FILES", arguments),
+//!     Err(e) => println!("{}", e),
+//! }
+//! ```
+
+use std::fmt::{self, Display};
+use std::result;
+
+/// An error with argument parsing.
+#[derive(Debug)]
+pub enum Error {
+    /// There was a syntax error with the argument.
+    Syntax(String),
+    /// The argument's name is unused.
+    UnknownArgument(String),
+    /// The argument was required.
+    ExpectedArgument(String),
+    /// The argument's given value is invalid.
+    InvalidValue { value: String, expected: String },
+    /// The argument was already given and none more are expected.
+    TooManyArguments(String),
+    /// The argument expects a value.
+    ExpectedValue(String),
+    /// The argument does not expect a value.
+    UnexpectedValue(String),
+    /// The help information was requested
+    PrintHelp,
+}
+
+impl Display for Error {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        use self::Error::*;
+
+        match self {
+            Syntax(s) => write!(f, "syntax error: {}", s),
+            UnknownArgument(s) => write!(f, "unknown argument: {}", s),
+            ExpectedArgument(s) => write!(f, "expected argument: {}", s),
+            InvalidValue { value, expected } => {
+                write!(f, "invalid value {:?}: {}", value, expected)
+            }
+            TooManyArguments(s) => write!(f, "too many arguments: {}", s),
+            ExpectedValue(s) => write!(f, "expected parameter value: {}", s),
+            UnexpectedValue(s) => write!(f, "unexpected parameter value: {}", s),
+            PrintHelp => write!(f, "help was requested"),
+        }
+    }
+}
+
+/// Result of a argument parsing.
+pub type Result<T> = result::Result<T, Error>;
+
+#[derive(Debug, PartialEq)]
+pub enum ArgumentValueMode {
+    /// Specifies that an argument requires a value and that an error should be generated if
+    /// no value is provided during parsing.
+    Required,
+
+    /// Specifies that an argument does not allow a value and that an error should be returned
+    /// if a value is provided during parsing.
+    Disallowed,
+
+    /// Specifies that an argument may have a value during parsing but is not required to.
+    Optional,
+}
+
+/// Information about an argument expected from the command line.
+///
+/// # Examples
+///
+/// To indicate a flag style argument:
+///
+/// ```
+/// # use crosvm::argument::Argument;
+/// Argument::short_flag('f', "flag", "enable awesome mode");
+/// ```
+///
+/// To indicate a parameter style argument that expects a value:
+///
+/// ```
+/// # use crosvm::argument::Argument;
+/// // "VALUE" and "NETMASK" are placeholder values displayed in the help message for these
+/// // arguments.
+/// Argument::short_value('v', "val", "VALUE", "how much do you value this usage information");
+/// Argument::value("netmask", "NETMASK", "hides your netface");
+/// ```
+///
+/// To indicate an argument with no short version:
+///
+/// ```
+/// # use crosvm::argument::Argument;
+/// Argument::flag("verbose", "this option is hard to type quickly");
+/// ```
+///
+/// To indicate a positional argument:
+///
+/// ```
+/// # use crosvm::argument::Argument;
+/// Argument::positional("VALUES", "these are positional arguments");
+/// ```
+pub struct Argument {
+    /// The name of the value to display in the usage information.
+    pub value: Option<&'static str>,
+    /// Specifies how values should be handled for this this argument.
+    pub value_mode: ArgumentValueMode,
+    /// Optional single character shortened argument name.
+    pub short: Option<char>,
+    /// The long name of this argument.
+    pub long: &'static str,
+    /// Helpfuly usage information for this argument to display to the user.
+    pub help: &'static str,
+}
+
+impl Argument {
+    pub fn positional(value: &'static str, help: &'static str) -> Argument {
+        Argument {
+            value: Some(value),
+            value_mode: ArgumentValueMode::Required,
+            short: None,
+            long: "",
+            help,
+        }
+    }
+
+    pub fn value(long: &'static str, value: &'static str, help: &'static str) -> Argument {
+        Argument {
+            value: Some(value),
+            value_mode: ArgumentValueMode::Required,
+            short: None,
+            long,
+            help,
+        }
+    }
+
+    pub fn short_value(
+        short: char,
+        long: &'static str,
+        value: &'static str,
+        help: &'static str,
+    ) -> Argument {
+        Argument {
+            value: Some(value),
+            value_mode: ArgumentValueMode::Required,
+            short: Some(short),
+            long,
+            help,
+        }
+    }
+
+    pub fn flag(long: &'static str, help: &'static str) -> Argument {
+        Argument {
+            value: None,
+            value_mode: ArgumentValueMode::Disallowed,
+            short: None,
+            long,
+            help,
+        }
+    }
+
+    pub fn short_flag(short: char, long: &'static str, help: &'static str) -> Argument {
+        Argument {
+            value: None,
+            value_mode: ArgumentValueMode::Disallowed,
+            short: Some(short),
+            long,
+            help,
+        }
+    }
+
+    pub fn flag_or_value(long: &'static str, value: &'static str, help: &'static str) -> Argument {
+        Argument {
+            value: Some(value),
+            value_mode: ArgumentValueMode::Optional,
+            short: None,
+            long,
+            help,
+        }
+    }
+}
+
+fn parse_arguments<I, R, F>(args: I, mut f: F) -> Result<()>
+where
+    I: Iterator<Item = R>,
+    R: AsRef<str>,
+    F: FnMut(&str, Option<&str>) -> Result<()>,
+{
+    enum State {
+        // Initial state at the start and after finishing a single argument/value.
+        Top,
+        // The remaining arguments are all positional.
+        Positional,
+        // The next string is the value for the argument `name`.
+        Value { name: String },
+    }
+    let mut s = State::Top;
+    for arg in args {
+        let arg = arg.as_ref();
+        loop {
+            let mut arg_consumed = true;
+            s = match s {
+                State::Top => {
+                    if arg == "--" {
+                        State::Positional
+                    } else if arg.starts_with("--") {
+                        let param = arg.trim_start_matches('-');
+                        if param.contains('=') {
+                            let mut iter = param.splitn(2, '=');
+                            let name = iter.next().unwrap();
+                            let value = iter.next().unwrap();
+                            if name.is_empty() {
+                                return Err(Error::Syntax(
+                                    "expected parameter name before `=`".to_owned(),
+                                ));
+                            }
+                            if value.is_empty() {
+                                return Err(Error::Syntax(
+                                    "expected parameter value after `=`".to_owned(),
+                                ));
+                            }
+                            f(name, Some(value))?;
+                            State::Top
+                        } else {
+                            State::Value {
+                                name: param.to_owned(),
+                            }
+                        }
+                    } else if arg.starts_with('-') {
+                        if arg.len() == 1 {
+                            return Err(Error::Syntax(
+                                "expected argument short name after `-`".to_owned(),
+                            ));
+                        }
+                        let name = &arg[1..2];
+                        let value = if arg.len() > 2 { Some(&arg[2..]) } else { None };
+                        if let Err(e) = f(name, value) {
+                            if let Error::ExpectedValue(_) = e {
+                                State::Value {
+                                    name: name.to_owned(),
+                                }
+                            } else {
+                                return Err(e);
+                            }
+                        } else {
+                            State::Top
+                        }
+                    } else {
+                        f("", Some(&arg))?;
+                        State::Positional
+                    }
+                }
+                State::Positional => {
+                    f("", Some(&arg))?;
+                    State::Positional
+                }
+                State::Value { name } => {
+                    if arg.starts_with('-') {
+                        arg_consumed = false;
+                        f(&name, None)?;
+                    } else if let Err(e) = f(&name, Some(&arg)) {
+                        arg_consumed = false;
+                        f(&name, None).map_err(|_| e)?;
+                    }
+                    State::Top
+                }
+            };
+
+            if arg_consumed {
+                break;
+            }
+        }
+    }
+
+    // If we ran out of arguments while parsing the last parameter, which may be either a
+    // value parameter or a flag, try to parse it as a flag. This will produce "missing value"
+    // error if the parameter is in fact a value parameter, which is the desired outcome.
+    match s {
+        State::Value { name } => f(&name, None),
+        _ => Ok(()),
+    }
+}
+
+/// Parses the given `args` against the list of know arguments `arg_list` and calls `f` with each
+/// present argument and value if required.
+///
+/// This function guarantees that only valid long argument names from `arg_list` are sent to the
+/// callback `f`. It is also guaranteed that if an arg requires a value (i.e.
+/// `arg.value.is_some()`), the value will be `Some` in the callbacks arguments. If the callback
+/// returns `Err`, this function will end parsing and return that `Err`.
+///
+/// See the [module level](index.html) example for a usage example.
+pub fn set_arguments<I, R, F>(args: I, arg_list: &[Argument], mut f: F) -> Result<()>
+where
+    I: Iterator<Item = R>,
+    R: AsRef<str>,
+    F: FnMut(&str, Option<&str>) -> Result<()>,
+{
+    parse_arguments(args, |name, value| {
+        let mut matches = None;
+        for arg in arg_list {
+            if let Some(short) = arg.short {
+                if name.len() == 1 && name.starts_with(short) {
+                    if value.is_some() != arg.value.is_some() {
+                        return Err(Error::ExpectedValue(short.to_string()));
+                    }
+                    matches = Some(arg.long);
+                }
+            }
+            if matches.is_none() && arg.long == name {
+                if value.is_none() && arg.value_mode == ArgumentValueMode::Required {
+                    return Err(Error::ExpectedValue(arg.long.to_owned()));
+                }
+                if value.is_some() && arg.value_mode == ArgumentValueMode::Disallowed {
+                    return Err(Error::UnexpectedValue(arg.long.to_owned()));
+                }
+                matches = Some(arg.long);
+            }
+        }
+        match matches {
+            Some(long) => f(long, value),
+            None => Err(Error::UnknownArgument(name.to_owned())),
+        }
+    })
+}
+
+/// Prints command line usage information to stdout.
+///
+/// Usage information is printed according to the help fields in `args` with a leading usage line.
+/// The usage line is of the format "`program_name` \[ARGUMENTS\] `required_arg`".
+pub fn print_help(program_name: &str, required_arg: &str, args: &[Argument]) {
+    println!(
+        "Usage: {} {}{}\n",
+        program_name,
+        if args.is_empty() { "" } else { "[ARGUMENTS] " },
+        required_arg
+    );
+    if args.is_empty() {
+        return;
+    }
+    println!("Argument{}:", if args.len() > 1 { "s" } else { "" });
+    for arg in args {
+        match arg.short {
+            Some(s) => print!(" -{}, ", s),
+            None => print!("     "),
+        }
+        if arg.long.is_empty() {
+            print!("  ");
+        } else {
+            print!("--");
+        }
+        print!("{:<12}", arg.long);
+        if let Some(v) = arg.value {
+            if arg.long.is_empty() {
+                print!(" ");
+            } else {
+                print!("=");
+            }
+            print!("{:<10}", v);
+        } else {
+            print!("{:<11}", "");
+        }
+        println!("{}", arg.help);
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn request_help() {
+        let arguments = [Argument::short_flag('h', "help", "Print help message.")];
+
+        let match_res = set_arguments(["-h"].iter(), &arguments[..], |name, _| {
+            match name {
+                "help" => return Err(Error::PrintHelp),
+                _ => unreachable!(),
+            };
+        });
+        match match_res {
+            Err(Error::PrintHelp) => {}
+            _ => unreachable!(),
+        }
+    }
+
+    #[test]
+    fn mixed_args() {
+        let arguments = [
+            Argument::positional("FILES", "files to operate on"),
+            Argument::short_value('p', "program", "PROGRAM", "Program to apply to each file"),
+            Argument::short_value('c', "cpus", "N", "Number of CPUs to use. (default: 1)"),
+            Argument::flag("unmount", "Unmount the root"),
+            Argument::short_flag('h', "help", "Print help message."),
+        ];
+
+        let mut unmount = false;
+        let match_res = set_arguments(
+            ["--cpus", "3", "--program", "hello", "--unmount", "file"].iter(),
+            &arguments[..],
+            |name, value| {
+                match name {
+                    "" => assert_eq!(value.unwrap(), "file"),
+                    "program" => assert_eq!(value.unwrap(), "hello"),
+                    "cpus" => {
+                        let c: u32 = value.unwrap().parse().map_err(|_| Error::InvalidValue {
+                            value: value.unwrap().to_owned(),
+                            expected: String::from("this value for `cpus` needs to be integer"),
+                        })?;
+                        assert_eq!(c, 3);
+                    }
+                    "unmount" => unmount = true,
+                    "help" => return Err(Error::PrintHelp),
+                    _ => unreachable!(),
+                };
+                Ok(())
+            },
+        );
+        assert!(match_res.is_ok());
+        assert!(unmount);
+    }
+
+    #[test]
+    fn name_value_pair() {
+        let arguments = [Argument::short_value(
+            'c',
+            "cpus",
+            "N",
+            "Number of CPUs to use. (default: 1)",
+        )];
+        let match_res = set_arguments(
+            ["-c", "5", "--cpus", "5", "-c5", "--cpus=5"].iter(),
+            &arguments[..],
+            |name, value| {
+                assert_eq!(name, "cpus");
+                assert_eq!(value, Some("5"));
+                Ok(())
+            },
+        );
+        assert!(match_res.is_ok());
+        let not_match_res = set_arguments(
+            ["-c", "5", "--cpus"].iter(),
+            &arguments[..],
+            |name, value| {
+                assert_eq!(name, "cpus");
+                assert_eq!(value, Some("5"));
+                Ok(())
+            },
+        );
+        assert!(not_match_res.is_err());
+    }
+
+    #[test]
+    fn flag_or_value() {
+        let run_case = |args| -> Option<String> {
+            let arguments = [
+                Argument::positional("FILES", "files to operate on"),
+                Argument::flag_or_value("gpu", "[2D|3D]", "Enable or configure gpu"),
+                Argument::flag("foo", "Enable foo."),
+                Argument::value("bar", "stuff", "Configure bar."),
+            ];
+
+            let mut gpu_value: Option<String> = None;
+            let match_res =
+                set_arguments(args, &arguments[..], |name: &str, value: Option<&str>| {
+                    match name {
+                        "" => assert_eq!(value.unwrap(), "file1"),
+                        "foo" => assert!(value.is_none()),
+                        "bar" => assert_eq!(value.unwrap(), "stuff"),
+                        "gpu" => match value {
+                            Some(v) => match v {
+                                "2D" | "3D" => {
+                                    gpu_value = Some(v.to_string());
+                                }
+                                _ => {
+                                    return Err(Error::InvalidValue {
+                                        value: v.to_string(),
+                                        expected: String::from("2D or 3D"),
+                                    })
+                                }
+                            },
+                            None => {
+                                gpu_value = None;
+                            }
+                        },
+                        _ => unreachable!(),
+                    };
+                    Ok(())
+                });
+
+            assert!(match_res.is_ok());
+            gpu_value
+        };
+
+        // Used as flag and followed by positional
+        assert_eq!(run_case(["--gpu", "file1"].iter()), None);
+        // Used as flag and followed by flag
+        assert_eq!(run_case(["--gpu", "--foo", "file1",].iter()), None);
+        // Used as flag and followed by value
+        assert_eq!(run_case(["--gpu", "--bar=stuff", "file1"].iter()), None);
+
+        // Used as value and followed by positional
+        assert_eq!(run_case(["--gpu=2D", "file1"].iter()).unwrap(), "2D");
+        // Used as value and followed by flag
+        assert_eq!(run_case(["--gpu=2D", "--foo"].iter()).unwrap(), "2D");
+        // Used as value and followed by value
+        assert_eq!(
+            run_case(["--gpu=2D", "--bar=stuff", "file1"].iter()).unwrap(),
+            "2D"
+        );
+    }
+}