From 0f33f8ca64fe1d2415991b1a2038f2dd4f20e757 Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Mon, 12 Aug 2024 02:01:18 +0200 Subject: [PATCH] dracut-057-67.git20240812 Resolves: RHEL-13192,RHEL-13193,RHEL-27944,RHEL-32853,RHEL-38830,RHEL-45913,RHEL-52326 --- 0053.patch | 31 +++ 0054.patch | 124 ++++++++++ 0055.patch | 52 ++++ 0056.patch | 25 ++ 0057.patch | 149 ++++++++++++ 0058.patch | 263 ++++++++++++++++++++ 0059.patch | 679 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 0060.patch | 73 ++++++ 0061.patch | 37 +++ 0062.patch | 34 +++ 0063.patch | 174 ++++++++++++++ 0064.patch | 86 +++++++ 0065.patch | 45 ++++ 0066.patch | 37 +++ dracut.spec | 30 ++- 15 files changed, 1838 insertions(+), 1 deletion(-) create mode 100644 0053.patch create mode 100644 0054.patch create mode 100644 0055.patch create mode 100644 0056.patch create mode 100644 0057.patch create mode 100644 0058.patch create mode 100644 0059.patch create mode 100644 0060.patch create mode 100644 0061.patch create mode 100644 0062.patch create mode 100644 0063.patch create mode 100644 0064.patch create mode 100644 0065.patch create mode 100644 0066.patch diff --git a/0053.patch b/0053.patch new file mode 100644 index 0000000..67d242f --- /dev/null +++ b/0053.patch @@ -0,0 +1,31 @@ +From 2dcfc99c645aaeef3811e5278c399e4f78d9ce4c Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sat, 14 Oct 2023 23:45:57 +0200 +Subject: [PATCH] feat(systemd): install systemd-executor + +In [0] systemd gained a new binary - systemd-executor - that's used to +spawn processes forked off systemd. Let's copy it into the initrd if +it's available. + +[0] https://github.com/systemd/systemd/pull/27890 + +(cherry picked from commit bee1c4824a8cd47ce6c01892a548bdc07b1fa678) + +Related: RHEL-30581 +--- + modules.d/00systemd/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 2a4fe4ba..a4397249 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -34,6 +34,7 @@ install() { + "$systemdutildir"/systemd \ + "$systemdutildir"/systemd-coredump \ + "$systemdutildir"/systemd-cgroups-agent \ ++ "$systemdutildir"/systemd-executor \ + "$systemdutildir"/systemd-shutdown \ + "$systemdutildir"/systemd-reply-password \ + "$systemdutildir"/systemd-fsck \ + diff --git a/0054.patch b/0054.patch new file mode 100644 index 0000000..b563684 --- /dev/null +++ b/0054.patch @@ -0,0 +1,124 @@ +From 92bda68884b321195436729b7fcf19ada342c0a9 Mon Sep 17 00:00:00 2001 +From: Laszlo Gombos +Date: Thu, 10 Nov 2022 14:20:42 +0000 +Subject: [PATCH] test: use -device instead of -watchdog to remove qemu + warnings + +(cherry picked from commit 9f6b4e53367be20b2295b77800c73b2614530559) + +Related: RHEL-30581 +--- + test/TEST-01-BASIC/test.sh | 2 +- + test/TEST-03-USR-MOUNT/test.sh | 2 +- + test/TEST-20-NFS/test.sh | 4 ++-- + test/TEST-50-MULTINIC/test.sh | 4 ++-- + test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh | 4 ++-- + test/TEST-63-DRACUT-CPIO/test.sh | 2 +- + 6 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh +index 390089b6..9f98af2c 100755 +--- a/test/TEST-01-BASIC/test.sh ++++ b/test/TEST-01-BASIC/test.sh +@@ -17,7 +17,7 @@ test_run() { + + "$testdir"/run-qemu \ + "${disk_args[@]}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot \"root=LABEL= rdinit=/bin/sh\" rw systemd.log_level=debug systemd.log_target=console rd.retry=3 rd.debug console=ttyS0,115200n81 rd.shell=0 $DEBUGFAIL" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-03-USR-MOUNT/test.sh b/test/TEST-03-USR-MOUNT/test.sh +index 5cb61bce..57157bc0 100755 +--- a/test/TEST-03-USR-MOUNT/test.sh ++++ b/test/TEST-03-USR-MOUNT/test.sh +@@ -25,7 +25,7 @@ client_run() { + + "$testdir"/run-qemu \ + "${disk_args[@]}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot root=LABEL=dracut $client_opts loglevel=7 rd.retry=3 rd.info console=ttyS0,115200n81 selinux=0 rd.debug rd.shell=0 $DEBUGFAIL" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-20-NFS/test.sh b/test/TEST-20-NFS/test.sh +index 0be60a80..0821dc84 100755 +--- a/test/TEST-20-NFS/test.sh ++++ b/test/TEST-20-NFS/test.sh +@@ -33,7 +33,7 @@ run_server() { + -net socket,listen=127.0.0.1:12320 \ + -net nic,macaddr=52:54:00:12:34:56,model=e1000 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0 $SERVER_DEBUG" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -78,7 +78,7 @@ client_test() { + "${disk_args[@]}" \ + -net nic,macaddr="$mac",model=e1000 \ + -net socket,connect=127.0.0.1:12320 \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot rd.shell=0 $cmdline $DEBUGFAIL rd.retry=10 quiet ro console=ttyS0,115200n81 selinux=0" \ + -initrd "$TESTDIR"/initramfs.testing + +diff --git a/test/TEST-50-MULTINIC/test.sh b/test/TEST-50-MULTINIC/test.sh +index 81b1f685..47408983 100755 +--- a/test/TEST-50-MULTINIC/test.sh ++++ b/test/TEST-50-MULTINIC/test.sh +@@ -31,7 +31,7 @@ run_server() { + -net socket,listen=127.0.0.1:12350 \ + -net nic,macaddr=52:54:01:12:34:56,model=e1000 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -85,7 +85,7 @@ client_test() { + -netdev hubport,id=n2,hubid=2 \ + -device e1000,netdev=n1,mac=52:54:00:12:34:98 \ + -device e1000,netdev=n2,mac=52:54:00:12:34:99 \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "quiet panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot rd.shell=0 $cmdline $DEBUGFAIL rd.retry=5 ro console=ttyS0,115200n81 selinux=0 init=/sbin/init rd.debug systemd.log_target=console" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh b/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh +index 309600d4..8f9f0cfd 100755 +--- a/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh ++++ b/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh +@@ -35,7 +35,7 @@ run_server() { + -device virtio-net-pci,netdev=n3,mac=52:54:01:12:34:59 \ + -hda "$TESTDIR"/server.ext3 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 loglevel=7 root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0 rd.debug" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -90,7 +90,7 @@ client_test() { + -netdev socket,connect=127.0.0.1:12372,id=n2 -device virtio-net-pci,mac=52:54:00:12:34:04,netdev=n2 \ + "${nic3[@]}" -device virtio-net-pci,mac=52:54:00:12:34:05,netdev=n3 \ + -hda "$TESTDIR"/client.img \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append " + panic=1 oops=panic softlockup_panic=1 + ifname=net1:52:54:00:12:34:01 +diff --git a/test/TEST-63-DRACUT-CPIO/test.sh b/test/TEST-63-DRACUT-CPIO/test.sh +index 8e319bf2..be93cfb5 100755 +--- a/test/TEST-63-DRACUT-CPIO/test.sh ++++ b/test/TEST-63-DRACUT-CPIO/test.sh +@@ -39,7 +39,7 @@ EOF + || return 1 + + "$testdir"/run-qemu \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -daemonize -pidfile "$tdir/vm.pid" \ + -serial "file:$tdir/console.out" \ + -append "panic=1 oops=panic softlockup_panic=1 loglevel=7 console=ttyS0 rd.shell=1" \ + diff --git a/0055.patch b/0055.patch new file mode 100644 index 0000000..10b39d0 --- /dev/null +++ b/0055.patch @@ -0,0 +1,52 @@ +From 55108a3a24a1780f6d5273a3e97dbdeb7d2c75c0 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Thu, 23 May 2024 14:20:43 +0200 +Subject: [PATCH] fix(fips): remove /dev/{random,urandom} pre-creation + +Random device nodes were required to workaround libgcrypt initialization +problem (see https://bugzilla.redhat.com/show_bug.cgi?id=1401444) which +is gone since libgcrypt-1.10 (2022): modern Linux kernels (3.17+) support +getrandom() syscall and libgcrypt has switch to using getentropy() +(glibc-2.25+). + +The requirement to run dracut as root (which is needed to mknod +/dev/{random,urandom}) is a particular problem for building UKIs in distro +build systems where packages are not built by a privileged user. + +Note, dracut itself always pre-creates /dev/{null,kmsg,console,random,urandom} +devices when running privileged so the patch has no effect on 'traditional' +setup. + +Signed-off-by: Vitaly Kuznetsov + +(Cherry-picked commit: 62f907e9eb3147ad8603953ec3cf29673d4fae79) + +Resolves: RHEL-38830 +--- + modules.d/01fips/module-setup.sh | 12 ------------ + 1 file changed, 12 deletions(-) + +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 7ff5e640..1dc7ea33 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -70,18 +70,6 @@ install() { + inst_multiple sha512hmac rmmod insmod mount uname umount grep sed sort + + inst_simple /etc/system-fips +- [ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \ +- || { +- dfatal "Cannot create /dev/random" +- dfatal "To create an initramfs with fips support, dracut has to run as root" +- return 1 +- } +- [ -c "${initdir}"/dev/urandom ] || mknod "${initdir}"/dev/urandom c 1 9 \ +- || { +- dfatal "Cannot create /dev/urandom" +- dfatal "To create an initramfs with fips support, dracut has to run as root" +- return 1 +- } + + # if we have openssl we need to install their fips library and configuration + [ -x /usr/bin/openssl ] && { + diff --git a/0056.patch b/0056.patch new file mode 100644 index 0000000..f54bb83 --- /dev/null +++ b/0056.patch @@ -0,0 +1,25 @@ +From 99c1c91a3b1f7c0ba417ecdea4cab8f1a424fabe Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 29 Nov 2019 13:29:23 +0100 +Subject: [PATCH] fix(systemd): always include sg module + +RHEL-only +Resolves: RHEL-32853 +--- + modules.d/00systemd/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index a4397249..27d2180d 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -17,7 +17,7 @@ depends() { + } + + installkernel() { +- hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256 ++ hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256 sg + instmods -s efivarfs + } + + diff --git a/0057.patch b/0057.patch new file mode 100644 index 0000000..15d3b69 --- /dev/null +++ b/0057.patch @@ -0,0 +1,149 @@ +From ab2711df3d85aee7fe5c9cbe018c1a08113e3481 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 23 Nov 2022 14:22:21 +0100 +Subject: [PATCH] fix(fips): do not blindly remove /boot + +The `mount_boot` method called from fips-noboot.sh in the pre-pivot hook blindly +executes `rm -rf /boot` if there is no `boot=` command line parameter, without +first checking that /boot is not already mounted by other means. + +feat(fips): add progress messages + +This allows to better understand at what point a FIPS integrity test failed. + +Signed-off-by: Raymund Will + +fix(fips): only unmount /boot if it was mounted by the fips module + +The `do_fips` method should only unmount /boot if it was mounted in the +`mount_boot` method. + +In addition, now the `mount_boot` method checks if /boot is already mounted. + +Signed-off-by: Raymund Will + +fix(fips): move fips-boot script to pre-pivot + +This is needed in s390x to be able to use the same `boot=` command line +parameter in grub and zipl. Otherwise, `boot=` would need to be added only to +`grub.cfg` (not `/etc/default/grub` and thereby not to `/boot/zipl/config`). + +Signed-off-by: Raymund Will + +(Cherry-picked commits: + 91974e8ff116c7fd9f99963780dba501535700f5 + a71e518fa1f14a9b96ae62ce90714ccd7d307d97 + 1cdb4cb8b5fb7f74e5be6998f9b561fbf73909e0 + cd2a1d4571b2f768f2b67d03fd77191795042402) + +Resolves: RHEL-45913 +--- + modules.d/01fips/fips-boot.sh | 2 ++ + modules.d/01fips/fips-load-crypto.sh | 2 ++ + modules.d/01fips/fips-noboot.sh | 2 ++ + modules.d/01fips/fips.sh | 21 +++++++++++++++++++-- + modules.d/01fips/module-setup.sh | 2 +- + 5 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/modules.d/01fips/fips-boot.sh b/modules.d/01fips/fips-boot.sh +index 031d169a..34760e01 100755 +--- a/modules.d/01fips/fips-boot.sh ++++ b/modules.d/01fips/fips-boot.sh +@@ -8,7 +8,9 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + elif getarg boot= > /dev/null; then + . /sbin/fips.sh ++ fips_info "fips-boot: start" + if mount_boot; then + do_fips || die "FIPS integrity test failed" + fi ++ fips_info "fips-boot: done!" + fi +diff --git a/modules.d/01fips/fips-load-crypto.sh b/modules.d/01fips/fips-load-crypto.sh +index 21e99278..6ef42b95 100644 +--- a/modules.d/01fips/fips-load-crypto.sh ++++ b/modules.d/01fips/fips-load-crypto.sh +@@ -8,5 +8,7 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + else + . /sbin/fips.sh ++ fips_info "fips-load-crypto: start" + fips_load_crypto || die "FIPS integrity test failed" ++ fips_info "fips-load-crypto: done!" + fi +diff --git a/modules.d/01fips/fips-noboot.sh b/modules.d/01fips/fips-noboot.sh +index f00c2f32..963a034d 100755 +--- a/modules.d/01fips/fips-noboot.sh ++++ b/modules.d/01fips/fips-noboot.sh +@@ -8,6 +8,8 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + elif ! [ -f /tmp/fipsdone ]; then + . /sbin/fips.sh ++ fips_info "fips-noboot: start" + mount_boot + do_fips || die "FIPS integrity test failed" ++ fips_info "fips-noboot: done!" + fi +diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh +index 6ad61df8..05631c8a 100755 +--- a/modules.d/01fips/fips.sh ++++ b/modules.d/01fips/fips.sh +@@ -18,6 +18,15 @@ mount_boot() { + boot=$(getarg boot=) + + if [ -n "$boot" ]; then ++ if [ -d /boot ] && ismounted /boot; then ++ boot_dev= ++ if command -v findmnt > /dev/null; then ++ boot_dev=$(findmnt -n -o SOURCE /boot) ++ fi ++ fips_info "Ignoring 'boot=$boot' as /boot is already mounted ${boot_dev:+"from '$boot_dev'"}" ++ return 0 ++ fi ++ + case "$boot" in + LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) + boot="$(label_uuid_to_dev "$boot")" +@@ -47,10 +56,13 @@ mount_boot() { + mkdir -p /boot + fips_info "Mounting $boot as /boot" + mount -oro "$boot" /boot || return 1 +- elif [ -d "$NEWROOT/boot" ]; then ++ FIPS_MOUNTED_BOOT=1 ++ elif ! ismounted /boot && [ -d "$NEWROOT/boot" ]; then + # shellcheck disable=SC2114 + rm -fr -- /boot + ln -sf "$NEWROOT/boot" /boot ++ else ++ die "You have to specify boot= as a boot option for fips=1" + fi + } + +@@ -179,7 +191,12 @@ do_fips() { + + : > /tmp/fipsdone + +- umount /boot > /dev/null 2>&1 ++ if [ "$FIPS_MOUNTED_BOOT" = 1 ]; then ++ fips_info "Unmounting /boot" ++ umount /boot > /dev/null 2>&1 ++ else ++ fips_info "Not unmounting /boot" ++ fi + + return 0 + } +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 1dc7ea33..91612ff3 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -62,7 +62,7 @@ installkernel() { + + # called by dracut + install() { +- inst_hook pre-mount 01 "$moddir/fips-boot.sh" ++ inst_hook pre-pivot 00 "$moddir/fips-boot.sh" + inst_hook pre-pivot 01 "$moddir/fips-noboot.sh" + inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh" + inst_script "$moddir/fips.sh" /sbin/fips.sh + diff --git a/0058.patch b/0058.patch new file mode 100644 index 0000000..f586680 --- /dev/null +++ b/0058.patch @@ -0,0 +1,263 @@ +From c8bc80643d4a6c0ef27c48e680907d6fd3c888cc Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 12 Feb 2024 16:58:16 +0100 +Subject: [PATCH] ci: enable source-git automation + +- commit validation +- pull request validation +- tracker validation +- automatic merging + +rhel-only + +Related: RHEL-30581 +--- + .github/advanced-commit-linter.yml | 17 ++++++ + .github/auto-merge.yml | 4 ++ + .github/pull-request-validator.yml | 4 ++ + .github/tracker-validator.yml | 28 +++++++++ + .github/workflows/gather-metadata.yml | 28 +++++++++ + .../workflows/source-git-automation-on-demand.yml | 70 ++++++++++++++++++++++ + .github/workflows/source-git-automation.yml | 46 ++++++++++++++ + 7 files changed, 197 insertions(+) + +diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml +new file mode 100644 +index 00000000..0180ef07 +--- /dev/null ++++ b/.github/advanced-commit-linter.yml +@@ -0,0 +1,17 @@ ++policy: ++ cherry-pick: ++ upstream: ++ - github: dracutdevs/dracut ++ exception: ++ note: ++ - rhel-only ++ - RHEL-only ++ tracker: ++ - keyword: ++ - 'Resolves: ' ++ - 'Related: ' ++ - 'Reverts: ' ++ type: jira ++ issue-format: ++ - 'RHEL-\d+$' ++ url: 'https://issues.redhat.com/browse/' +diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml +new file mode 100644 +index 00000000..35c25392 +--- /dev/null ++++ b/.github/auto-merge.yml +@@ -0,0 +1,4 @@ ++labels: ++ dont-merge: dont-merge ++ manual-merge: pr/needs-manual-merge ++target-branch': ['main'] +diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml +new file mode 100644 +index 00000000..4bb5bbec +--- /dev/null ++++ b/.github/pull-request-validator.yml +@@ -0,0 +1,4 @@ ++labels: ++ missing-review: pr/needs-review ++ changes-requested: pr/changes-requested ++ missing-failing-ci: pr/needs-ci +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +new file mode 100644 +index 00000000..f88cc0a5 +--- /dev/null ++++ b/.github/tracker-validator.yml +@@ -0,0 +1,28 @@ ++labels: ++ missing-tracker: tracker/missing ++ invalid-product: tracker/invalid-product ++ invalid-component: tracker/invalid-component ++ unapproved: tracker/unapproved ++products: ++ - Red Hat Enterprise Linux 9 ++ - CentOS Stream 9 ++ - rhel-9.0.0 ++ - rhel-9.0.0.z ++ - rhel-9.2.0 ++ - rhel-9.2.0.z ++ - rhel-9.3.0 ++ - rhel-9.3.0.z ++ - rhel-9.4.0 ++ - rhel-9.4.0.z ++ - rhel-9.5.0 ++ - rhel-9.5.0.z ++ - rhel-9.6.0 ++ - rhel-9.6.0.z ++ - rhel-9.7.0 ++ - rhel-9.7.0.z ++ - rhel-9.8.0 ++ - rhel-9.8.0.z ++ - rhel-9.9.0 ++ - rhel-9.9.0.z ++ - rhel-9.10.0 ++ - rhel-9.10.0.z +diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml +new file mode 100644 +index 00000000..e4cbc486 +--- /dev/null ++++ b/.github/workflows/gather-metadata.yml +@@ -0,0 +1,28 @@ ++name: Gather Pull Request Metadata ++on: ++ pull_request: ++ types: [ opened, reopened, synchronize ] ++ branches: ++ - main ++ - rhel-9.* ++ ++permissions: ++ contents: read ++ ++jobs: ++ gather-metadata: ++ runs-on: ubuntu-latest ++ ++ steps: ++ - name: Repository checkout ++ uses: actions/checkout@v4 ++ ++ - id: Metadata ++ name: Gather Pull Request Metadata ++ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 ++ ++ - name: Upload artifact with gathered metadata ++ uses: actions/upload-artifact@v3 ++ with: ++ name: pr-metadata ++ path: ${{ steps.Metadata.outputs.metadata-file }} +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +new file mode 100644 +index 00000000..8a3a366e +--- /dev/null ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -0,0 +1,70 @@ ++name: Source git Automation Scheduled/On Demand ++on: ++ schedule: ++ # Workflow runs every 45 minutes ++ - cron: '*/45 * * * *' ++ workflow_dispatch: ++ inputs: ++ pr-number: ++ description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs' ++ required: true ++ default: '0' ++ ++permissions: ++ contents: read ++ ++jobs: ++ # Get all open PRs ++ gather-pull-requests: ++ if: github.repository == 'redhat-plumbers/dracut-rhel9' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-numbers: ${{ steps.get-pr-numbers.outputs.result }} ++ pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }} ++ ++ steps: ++ - id: get-pr-numbers ++ if: inputs.pr-number == '0' ++ name: Get all open PRs ++ uses: actions/github-script@v6 ++ with: ++ # !FIXME: this is not working if there is more than 100 PRs opened ++ script: | ++ const { data: pullRequests } = await github.rest.pulls.list({ ++ owner: context.repo.owner, ++ repo: context.repo.repo, ++ state: 'open', ++ per_page: 100 ++ }); ++ return pullRequests.map(pr => pr.number); ++ - id: parse-manual-input ++ if: inputs.pr-number != '0' ++ name: Parse manual input ++ run: | ++ echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT ++ shell: bash ++ ++ validate-pr: ++ name: 'Validation of Pull Request #${{ matrix.pr-number }}' ++ needs: [ gather-pull-requests ] ++ runs-on: ubuntu-latest ++ ++ strategy: ++ fail-fast: false ++ matrix: ++ pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} ++ ++ permissions: ++ # required for merging PRs ++ contents: write ++ # required for PR comments and setting labels ++ pull-requests: write ++ ++ steps: ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 ++ with: ++ pr-number: ${{ matrix.pr-number }} ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +new file mode 100644 +index 00000000..025ee84d +--- /dev/null ++++ b/.github/workflows/source-git-automation.yml +@@ -0,0 +1,46 @@ ++name: Source git Automation ++on: ++ workflow_run: ++ workflows: [ Gather Pull Request Metadata ] ++ types: ++ - completed ++ ++permissions: ++ contents: read ++ ++jobs: ++ download-metadata: ++ if: > ++ github.event.workflow_run.event == 'pull_request' && ++ github.event.workflow_run.conclusion == 'success' && ++ github.repository == 'redhat-plumbers/dracut-rhel9' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }} ++ ++ steps: ++ - id: Artifact ++ name: Download Artifact ++ uses: redhat-plumbers-in-action/download-artifact@v1 ++ with: ++ name: pr-metadata ++ ++ source-git-automation: ++ needs: [ download-metadata ] ++ runs-on: ubuntu-latest ++ ++ permissions: ++ # required for merging PRs ++ contents: write ++ # required for PR comments and setting labels ++ pull-requests: write ++ ++ ++ steps: ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/0059.patch b/0059.patch new file mode 100644 index 0000000..f08228b --- /dev/null +++ b/0059.patch @@ -0,0 +1,679 @@ +From 30e7e5091666e10cce70b90057ccd85289609bd7 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 2 Jan 2024 17:10:11 +0100 +Subject: [PATCH] fix(github): update format of labeler + +Since we are using `actions/labeler@main`, its format changed, displaying the +following error with every new PR: + +``` +Run actions/labeler@main +The configuration file (path: .github/labeler.yml) was not found locally, fetching via the api +Error: Error: found unexpected type for label 'repository' (should be array of config options) +Error: found unexpected type for label 'repository' (should be array of config options) +``` + +(cherry picked from commit de8ac6300d115a05d467dbb6b9a7c2599a2d306f) + +Related: RHEL-30581 +--- + .github/labeler.yml | 460 ++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 358 insertions(+), 102 deletions(-) + +diff --git a/.github/labeler.yml b/.github/labeler.yml +index 1c787a58..0dcc06d4 100644 +--- a/.github/labeler.yml ++++ b/.github/labeler.yml +@@ -1,293 +1,549 @@ + repository: +- - ./* ++ - changed-files: ++ - any-glob-to-any-file: './*' + + github: +- - .github/* +- - .github/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['.github/*', '.github/**/*'] ++ ++docs: ++ - changed-files: ++ - any-glob-to-any-file: 'docs/*' ++ ++man: ++ - changed-files: ++ - any-glob-to-any-file: 'man/*' ++ ++kernel-install: ++ - changed-files: ++ - any-glob-to-any-file: 'install.d/*' ++ ++shell-completion: ++ - changed-files: ++ - any-glob-to-any-file: ['shell-completion/*', 'shell-completion/**/*'] ++ ++dracut-cpio: ++ - changed-files: ++ - any-glob-to-any-file: ['src/dracut-cpio/*', 'src/dracut-cpio/**/*'] + + dracut-install: +- - install/* +- - install/**/* ++ - changed-files: ++ - any-glob-to-any-file: 'src/install/*' ++ ++dracut-util: ++ - changed-files: ++ - any-glob-to-any-file: 'src/util/*' + +-example: +- - examples/* +- - examples/**/* +- - examples/**/**/* ++logtee: ++ - changed-files: ++ - any-glob-to-any-file: 'src/logtee/*' ++ ++skipcpio: ++ - changed-files: ++ - any-glob-to-any-file: 'src/skipcpio/*' + + modules: +- - modules.d/* +- - modules.d/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['modules.d/*', 'modules.d/**/*'] + + bash: +- - modules.d/00bash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00bash/*' + + bootchart: + - modules.d/00bootchart/* + + dash: +- - modules.d/00dash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00dash/*' + + mksh: +- - modules.d/00mksh/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00mksh/*' + + systemd: +- - modules.d/00systemd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00systemd/*' + + warpclock: +- - modules.d/00warpclock/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00warpclock/*' + + fips: +- - modules.d/01fips/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01fips/*' ++ ++systemd-ac-power: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ac-power/*' ++ ++systemd-ask-password: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ask-password/*' ++ ++systemd-coredump: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-coredump/*' ++ ++systemd-creds: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-creds/*' ++ ++systemd-hostnamed: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-hostnamed/*' + + systemd-initrd: +- - modules.d/01systemd-initrd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-initrd/*' + +-caps: +- - modules.d/02caps/* ++systemd-integritysetup: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-integritysetup/*' ++ ++systemd-journald: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-journald/*' ++ ++systemd-ldconfig: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ldconfig/*' ++ ++systemd-modules-load: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-modules-load/*' + + systemd-networkd: +- - modules.d/02systemd-networkd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-networkd/*' ++ ++systemd-pcrphase: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-pcrphase/*' ++ ++systemd-portabled: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-portabled/*' ++ ++systemd-pstore: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-pstore/*' ++ ++systemd-repart: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-repart/*' ++ ++systemd-resolved: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-resolved/*' ++ ++systemd-sysctl: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysctl/*' ++ ++systemd-sysext: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysext/*' ++ ++systemd-sysusers: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysusers/*' ++ ++systemd-timedated: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-timedated/*' ++ ++systemd-timesyncd: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-timesyncd/*' ++ ++systemd-tmpfiles: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-tmpfiles/*' ++ ++systemd-udevd: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-udevd/*' ++ ++systemd-veritysetup: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-veritysetup/*' ++ ++caps: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/02caps/*' + + modsign: +- - modules.d/03modsign/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/03modsign/*' + + rescue: +- - modules.d/03rescue/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/03rescue/*' + + watchdog: +- - modules.d/04watchdog/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/04watchdog/*' ++ ++watchdog-modules: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/04watchdog-modules/*' + + busybox: +- - modules.d/05busybox/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/05busybox/*' ++ ++dbus-broker: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06dbus-broker/*' ++ ++dbus-daemon: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06dbus-daemon/*' + + rngd: +- - modules.d/06rngd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06rngd/*' ++ ++dbus: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/09dbus/*' + + i18n: +- - modules.d/10i18n/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/10i18n/*' + + convertfs: +- - modules.d/30convertfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/30convertfs/*' ++ ++connman: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35connman/*' + + network-legacy: +- - modules.d/35network-legacy/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35network-legacy/*' + + network-manager: +- - modules.d/35network-manager/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35network-manager/*' + + network: +- - modules.d/40network/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/40network/*' + + ifcfg: +- - modules.d/45ifcfg/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/45ifcfg/*' + + url-lib: +- - modules.d/45url-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/45url-lib/*' + + drm: +- - modules.d/50drm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/50drm/*' + + plymouth: +- - modules.d/50plymouth/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/50plymouth/*' ++ ++bluetooth: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/62bluetooth/*' + + cms: +- - modules.d/80cms/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80cms/*' + + lvmmerge: +- - modules.d/80lvmmerge/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80lvmmerge/*' ++ ++lvmthinpool-monitor: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80lvmthinpool-monitor/*' + + cio_ignore: +- - modules.d/81cio_ignore/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/81cio_ignore/*' + + btrfs: +- - modules.d/90btrfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90btrfs/*' + + crypt: +- - modules.d/90crypt/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90crypt/*' + + dm: +- - modules.d/90dm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dm/*' + + dmraid: +- - modules.d/90dmraid/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmraid/*' + + dmsquash-live: +- - modules.d/90dmsquash-live/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live/*' ++ ++dmsquash-live-autooverlay: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live-autooverlay/*' + + dmsquash-live-ntfs: +- - modules.d/90dmsquash-live-ntfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live-ntfs/*' + + kernel-modules: +- - modules.d/90kernel-modules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-modules/*' + + kernel-modules-extra: +- - modules.d/90kernel-modules-extra/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-modules-extra/*' + + kernel-network-modules: +- - modules.d/90kernel-network-modules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-network-modules/*' + + livenet: +- - modules.d/90livenet/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90livenet/*' + + lvm: +- - modules.d/90lvm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90lvm/*' + + mdraid: +- - modules.d/90mdraid/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90mdraid/*' + + multipath: +- - modules.d/90multipath/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90multipath/*' + + nvdimm: +- - modules.d/90nvdimm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90nvdimm/*' ++ ++overlayfs: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90overlayfs/*' + + ppcmac: +- - modules.d/90ppcmac/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90ppcmac/*' + + qemu: +- - modules.d/90qemu/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90qemu/*' + + qemu-net: +- - modules.d/90qemu-net/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90qemu-net/*' + + stratis: + - modules.d/90stratis/* + + crypt-gpg: +- - modules.d/91crypt-gpg/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91crypt-gpg/*' + + crypt-loop: +- - modules.d/91crypt-loop/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91crypt-loop/*' ++ ++fido2: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91fido2/*' ++ ++pcsc: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91pcsc/*' ++ ++pkcs11: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91pkcs11/*' ++ ++tpm2-tss: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91tpm2-tss/*' + + zipl: +- - modules.d/91zipl/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91zipl/*' + + cifs: +- - modules.d/95cifs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95cifs/*' + + dasd: +- - modules.d/95dasd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd/*' + + dasd_mod: +- - modules.d/95dasd_mod/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd_mod/*' + + dasd_rules: +- - modules.d/95dasd_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd_rules/*' + + dcssblk: +- - modules.d/95dcssblk/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dcssblk/*' + + debug: +- - modules.d/95debug/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95debug/*' + + fcoe: +- - modules.d/95fcoe/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fcoe/*' + + fcoe-uefi: +- - modules.d/95fcoe-uefi/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fcoe-uefi/*' + + fstab-sys: +- - modules.d/95fstab-sys/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fstab-sys/*' + + iscsi: +- - modules.d/95iscsi/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95iscsi/*' + + lunmask: +- - modules.d/95lunmask/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95lunmask/*' + + nbd: +- - modules.d/95nbd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nbd/*' + + nfs: +- - modules.d/95nfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nfs/*' + + nvmf: +- - modules.d/95nvmf/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nvmf/*' + + qeth_rules: +- - modules.d/95qeth_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95qeth_rules/*' + + resume: +- - modules.d/95resume/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95resume/*' + + rootfs-block: +- - modules.d/95rootfs-block/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95rootfs-block/*' + + ssh-client: +- - modules.d/95ssh-client/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95ssh-client/*' + + terminfo: +- - modules.d/95terminfo/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95terminfo/*' + + udev-rules: +- - modules.d/95udev-rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95udev-rules/*' + + virtfs: +- - modules.d/95virtfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95virtfs/*' + + virtiofs: +- - modules.d/95virtiofs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95virtiofs/*' + + zfcp: +- - modules.d/95zfcp/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95zfcp/*' + + zfcp_rules: +- - modules.d/95zfcp_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95zfcp_rules/*' + + znet: +- - modules.d/95znet/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95znet/*' + + securityfs: +- - modules.d/96securityfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/96securityfs/*' + + biosdevname: +- - modules.d/97biosdevname/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/97biosdevname/*' + + masterkey: +-- modules.d/97masterkey/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/97masterkey/*' + + dracut-systemd: +- - modules.d/98dracut-systemd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98dracut-systemd/*' + + ecryptfs: +- - modules.d/98ecryptfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98ecryptfs/*' + + integrity: +- - modules.d/98integrity/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98integrity/*' + + pollcdrom: +- - modules.d/98pollcdrom/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98pollcdrom/*' + + selinux: +- - modules.d/98selinux/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98selinux/*' + + syslog: +- - modules.d/98syslog/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98syslog/*' + + usrmount: +- - modules.d/98usrmount/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98usrmount/*' + + base: +- - modules.d/99base/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99base/*' + + fs-lib: +- - modules.d/99fs-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99fs-lib/*' + + img-lib: +- - modules.d/99img-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99img-lib/*' + + memstrack: +- - modules.d/99memstrack/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99memstrack/*' + + shutdown: +- - modules.d/99shutdown/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99shutdown/*' + + squash: +- - modules.d/99squash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99squash/*' + + uefi-lib: +- - modules.d/99uefi-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99uefi-lib/*' + + test: +- - test/* +- - test/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['test/*', 'test/**/*', 'modules.d/80test*', 'modules.d/80test*/*'] + diff --git a/0060.patch b/0060.patch new file mode 100644 index 0000000..44726bc --- /dev/null +++ b/0060.patch @@ -0,0 +1,73 @@ +From 53ee0740d5913d20bf35f7613a12072fd2ebe0d0 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 17 Jul 2024 15:45:31 +0200 +Subject: [PATCH] ci: fix source-git automation + +rhel-only + +Related: RHEL-30581 +--- + .github/tracker-validator.yml | 28 +++++++++++----------- + .../workflows/source-git-automation-on-demand.yml | 1 + + .github/workflows/source-git-automation.yml | 1 + + 3 files changed, 16 insertions(+), 14 deletions(-) + +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +index f88cc0a5..31ef28f6 100644 +--- a/.github/tracker-validator.yml ++++ b/.github/tracker-validator.yml +@@ -12,17 +12,17 @@ products: + - rhel-9.2.0.z + - rhel-9.3.0 + - rhel-9.3.0.z +- - rhel-9.4.0 +- - rhel-9.4.0.z +- - rhel-9.5.0 +- - rhel-9.5.0.z +- - rhel-9.6.0 +- - rhel-9.6.0.z +- - rhel-9.7.0 +- - rhel-9.7.0.z +- - rhel-9.8.0 +- - rhel-9.8.0.z +- - rhel-9.9.0 +- - rhel-9.9.0.z +- - rhel-9.10.0 +- - rhel-9.10.0.z ++ - rhel-9.4 ++ - rhel-9.4.z ++ - rhel-9.5 ++ - rhel-9.5.z ++ - rhel-9.6 ++ - rhel-9.6.z ++ - rhel-9.7 ++ - rhel-9.7.z ++ - rhel-9.8 ++ - rhel-9.8.z ++ - rhel-9.9 ++ - rhel-9.9.z ++ - rhel-9.10 ++ - rhel-9.10.z +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 8a3a366e..afd2333e 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -66,5 +66,6 @@ jobs: + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-number: ${{ matrix.pr-number }} ++ component: dracut + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 025ee84d..bdec3856 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -42,5 +42,6 @@ jobs: + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ component: dracut + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/0061.patch b/0061.patch new file mode 100644 index 0000000..032209b --- /dev/null +++ b/0061.patch @@ -0,0 +1,37 @@ +From f8cb5753f14c65d1371b623f5f0d8e3cb0aa7107 Mon Sep 17 00:00:00 2001 +From: Laszlo Gombos +Date: Wed, 19 Oct 2022 12:32:28 +0000 +Subject: [PATCH] ci: remove non-existing modules from labeler + +(cherry picked from commit 1d60dd74ee721f17cdaadd56b874b564b89c0145) + +Related: RHEL-30581 +--- + .github/labeler.yml | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/.github/labeler.yml b/.github/labeler.yml +index 0dcc06d4..5667c635 100644 +--- a/.github/labeler.yml ++++ b/.github/labeler.yml +@@ -50,9 +50,6 @@ bash: + - changed-files: + - any-glob-to-any-file: 'modules.d/00bash/*' + +-bootchart: +- - modules.d/00bootchart/* +- + dash: + - changed-files: + - any-glob-to-any-file: 'modules.d/00dash/*' +@@ -345,9 +342,6 @@ qemu-net: + - changed-files: + - any-glob-to-any-file: 'modules.d/90qemu-net/*' + +-stratis: +- - modules.d/90stratis/* +- + crypt-gpg: + - changed-files: + - any-glob-to-any-file: 'modules.d/91crypt-gpg/*' + diff --git a/0062.patch b/0062.patch new file mode 100644 index 0000000..7bb8114 --- /dev/null +++ b/0062.patch @@ -0,0 +1,34 @@ +From 79fbe4171a7e42abe40d138a24add2895f7cddcd Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 31 Jan 2023 16:32:19 +0100 +Subject: [PATCH] fix(network-manager): add "After" dependency on dbus.service + +During shutdown, there is no ordering dependency between the nm-initrd service +and the D-Bus daemon, and so the latter can be stopped before. This causes +issues to NetworkManager, especially when team interfaces are present because +NM will see teamd dropping from the bus and will try to reactivate the +connection. + +Add a "After" dependency to make sure the D-Bus daemon is stopped after NM on +shutdown. + +(Cherry-picked commit: 1b7d83110741560f26027fbd9435763eef56935a) + +Resolves: RHEL-13192 +--- + modules.d/35network-manager/nm-initrd.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/35network-manager/nm-initrd.service b/modules.d/35network-manager/nm-initrd.service +index 3e24f52a..dbd8caa7 100644 +--- a/modules.d/35network-manager/nm-initrd.service ++++ b/modules.d/35network-manager/nm-initrd.service +@@ -3,6 +3,7 @@ DefaultDependencies=no + Wants=systemd-udev-trigger.service + After=systemd-udev-trigger.service + After=dracut-cmdline.service ++After=dbus.service + Wants=network.target + Before=network.target + ConditionPathExists=/run/NetworkManager/initrd/neednet + diff --git a/0063.patch b/0063.patch new file mode 100644 index 0000000..29c18c7 --- /dev/null +++ b/0063.patch @@ -0,0 +1,174 @@ +From 75691dfaa822a7ce32e4f97141975d9b10f3101e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E2=80=9CMasahiro?= +Date: Fri, 3 Feb 2023 12:08:26 +0900 +Subject: [PATCH] fix(url-lib.sh): nfs_already_mounted() with trailing slash in + nfs path + +nfs_already_mounted() doesn't work when the installation ISO and kickstart file on a same NFS share are specified with inst.repo and inst.ks boot parameter as below. + + inst.repo=nfs:192.168.1.1:/home/data/rhel9.iso inst.ks=nfs:192.168.1.1:/home/data/ks.cfg + + NOTE: /home/data is configured for nfs share on 192.168.1.1 + +One problem is a file (not a directory) was passed into nfs_already_mounted(). +nfs_already_mounted() is the function to judge if the given directory is already mounted. +So, filepath should be passed in nfs_fetch_url(). + +The other problem is about the trailing slash in the nfs path in /proc/mounts. + +The /proc/mounts has an entry after nfs mount of inst.repo. + + 192.168.1.1:/data/ /run/install/isodir nfs ro,relatime, + +In this case, nfs_already_mounted() returns "/run/install/isodir//home/data/ks.cfg" wrongly. The following is from the log. + +[ 14.556279] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@156(nfs_fetch_url): nfs_already_mounted 192.168.122.1 /home/data/ks.cfg +[ 14.556279] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@137(nfs_already_mounted): local server=192.168.122.1 path=/home/data/ks.cfg s= p= +... +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@140(nfs_already_mounted): '[' 192.168.122.1 = 192.168.122.1 ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@141(nfs_already_mounted): '[' /home/data/ks.cfg = /home/data/ ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@143(nfs_already_mounted): str_starts /home/data/ks.cfg /home/data/ +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/dracut-lib.sh@51(str_starts): '[' ks.cfg '!=' /home/data/ks.cfg ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@144(nfs_already_mounted): echo /run/install/isodir//home/data/ks.cfg +... +[ 14.658069] localhost.localdomain dracut-initqueue[934]: //lib/url-lib.sh@156(nfs_fetch_url): mntdir=/run/install/isodir//home/data/ks.cfg + +This function doesn't expect the trailiing slash of the nfs path in /proc/mounts, so it should be removed before processing it. + +feat(test): nfs_fetch_url test into nfs test + +This is to check the behavior of nfs_fetch_url() in nfs-lib.sh. +nfs_fetch_url() calls nfs_already_mounted() internally. +A file /nfs/client/root/fetchfile is on NFS server, which is fetched +from clients for testing with nfs_fetch_url(). + +(Cherry-picked commits: + b731369c5fe7f9247337fe08017638a38f36cfca + 3cf092dbd8754a31595b0d8447827c6358fc3a88) + +Resolves: RHEL-13193 +--- + modules.d/45url-lib/url-lib.sh | 3 ++- + test/TEST-20-NFS/client-init.sh | 20 ++++++++++++++++++++ + test/TEST-20-NFS/test.sh | 14 +++++++++++++- + 3 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/modules.d/45url-lib/url-lib.sh b/modules.d/45url-lib/url-lib.sh +index b009fd09..c62b35db 100755 +--- a/modules.d/45url-lib/url-lib.sh ++++ b/modules.d/45url-lib/url-lib.sh +@@ -137,6 +137,7 @@ nfs_already_mounted() { + local server="$1" path="$2" s="" p="" + while read -r src mnt rest || [ -n "$src" ]; do + splitsep ":" "$src" s p ++ p=${p%/} + if [ "$server" = "$s" ]; then + if [ "$path" = "$p" ]; then + echo "$mnt" +@@ -153,7 +154,7 @@ nfs_fetch_url() { + local filepath="${path%/*}" filename="${path##*/}" mntdir="" + + # skip mount if server:/filepath is already mounted +- mntdir=$(nfs_already_mounted "$server" "$path") ++ mntdir=$(nfs_already_mounted "$server" "$filepath") + if [ -z "$mntdir" ]; then + local mntdir + mntdir="$(mkuniqdir /run nfs_mnt)" +diff --git a/test/TEST-20-NFS/client-init.sh b/test/TEST-20-NFS/client-init.sh +index c7e88314..061a2b15 100755 +--- a/test/TEST-20-NFS/client-init.sh ++++ b/test/TEST-20-NFS/client-init.sh +@@ -1,6 +1,7 @@ + #!/bin/sh + : > /dev/watchdog + . /lib/dracut-lib.sh ++. /lib/url-lib.sh + + export PATH=/usr/sbin:/usr/bin:/sbin:/bin + command -v plymouth > /dev/null 2>&1 && plymouth --quit +@@ -23,6 +24,25 @@ while read -r dev _ fstype opts rest || [ -n "$dev" ]; do + break + done < /proc/mounts + ++if [ "$fstype" = "nfs" -o "$fstype" = "nfs4" ]; then ++ ++ serverip=${dev%:*} ++ path=${dev#*:} ++ echo serverip="${serverip}" ++ echo path="${path}" ++ echo /proc/mounts status ++ cat /proc/mounts ++ ++ echo test:nfs_fetch_url nfs::"${serverip}":"${path}"/root/fetchfile ++ if nfs_fetch_url nfs::"${serverip}":"${path}"/root/fetchfile /run/nfsfetch.out; then ++ echo nfsfetch-OK ++ echo "nfsfetch-OK" | dd oflag=direct,dsync of=/dev/disk/by-id/ata-disk_marker2 ++ fi ++else ++ echo nfsfetch-BYPASS fstype="${fstype}" ++ echo "nfsfetch-OK" | dd oflag=direct,dsync of=/dev/disk/by-id/ata-disk_marker2 ++fi ++ + : > /dev/watchdog + + sync +diff --git a/test/TEST-20-NFS/test.sh b/test/TEST-20-NFS/test.sh +index 0821dc84..870eeba0 100755 +--- a/test/TEST-20-NFS/test.sh ++++ b/test/TEST-20-NFS/test.sh +@@ -65,13 +65,15 @@ client_test() { + + # Need this so kvm-qemu will boot (needs non-/dev/zero local disk) + dd if=/dev/zero of="$TESTDIR"/marker.img bs=1MiB count=1 ++ dd if=/dev/zero of="$TESTDIR"/marker2.img bs=1MiB count=1 + declare -a disk_args=() + # shellcheck disable=SC2034 + declare -i disk_index=0 + qemu_add_drive_args disk_index disk_args "$TESTDIR"/marker.img marker ++ qemu_add_drive_args disk_index disk_args "$TESTDIR"/marker2.img marker2 + + if dhclient --help 2>&1 | grep -q -F -- '--timeout' 2> /dev/null; then +- cmdline="$cmdline rd.net.timeout.dhcp=3" ++ cmdline="$cmdline rd.net.timeout.dhcp=30" + fi + + "$testdir"/run-qemu \ +@@ -126,6 +128,11 @@ client_test() { + return 1 + fi + ++ if ! grep -U --binary-files=binary -F -m 1 -q nfsfetch-OK "$TESTDIR"/marker2.img; then ++ echo "CLIENT TEST END: $test_name [FAILED - NFS FETCH FAILED]" ++ return 1 ++ fi ++ + echo "CLIENT TEST END: $test_name [OK]" + return 0 + } +@@ -263,6 +270,7 @@ test_setup() { + done + type -P portmap > /dev/null && inst_multiple portmap + type -P rpcbind > /dev/null && inst_multiple rpcbind ++ + [ -f /etc/netconfig ] && inst_multiple /etc/netconfig + type -P dhcpd > /dev/null && inst_multiple dhcpd + [ -x /usr/sbin/dhcpd3 ] && inst /usr/sbin/dhcpd3 /usr/sbin/dhcpd +@@ -308,6 +316,7 @@ test_setup() { + ( + cd "$initdir" || exit + mkdir -p dev sys proc etc run root usr var/lib/nfs/rpc_pipefs ++ echo "TEST FETCH FILE" > root/fetchfile + ) + + inst_multiple sh shutdown poweroff stty cat ps ln ip dd \ +@@ -321,6 +330,9 @@ test_setup() { + + inst_simple "${basedir}/modules.d/99base/dracut-lib.sh" "/lib/dracut-lib.sh" + inst_simple "${basedir}/modules.d/99base/dracut-dev-lib.sh" "/lib/dracut-dev-lib.sh" ++ inst_simple "${basedir}/modules.d/45url-lib/url-lib.sh" "/lib/url-lib.sh" ++ inst_simple "${basedir}/modules.d/40network/net-lib.sh" "/lib/net-lib.sh" ++ inst_simple "${basedir}/modules.d/95nfs/nfs-lib.sh" "/lib/nfs-lib.sh" + inst_binary "${basedir}/dracut-util" "/usr/bin/dracut-util" + ln -s dracut-util "${initdir}/usr/bin/dracut-getarg" + ln -s dracut-util "${initdir}/usr/bin/dracut-getargs" + diff --git a/0064.patch b/0064.patch new file mode 100644 index 0000000..f2a680d --- /dev/null +++ b/0064.patch @@ -0,0 +1,86 @@ +From 813a79d80b272d30ea949b070b436d2bb487df24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= +Date: Sun, 23 Oct 2022 10:54:48 +0000 +Subject: [PATCH] feat(systemd-pcrphase): introducing the systemd-pcrphase + module + +Introducing the systemd-pcrphase module + +(Cherry-picked commit: c4c595ceeab79fefde74750ec6b0d15d7d16ede6) + +Resolves: RHEL-27944 +--- + modules.d/01systemd-pcrphase/module-setup.sh | 51 ++++++++++++++++++++++++++++ + pkgbuild/dracut.spec | 1 + + 2 files changed, 52 insertions(+) + +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +new file mode 100755 +index 00000000..3dbb4974 +--- /dev/null ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -0,0 +1,51 @@ ++#!/bin/bash ++# This file is part of dracut. ++# SPDX-License-Identifier: GPL-2.0-or-later ++ ++# Prerequisite check(s) for module. ++check() { ++ ++ # If the binary(s) requirements are not fulfilled the module can't be installed. ++ require_binaries "$systemdutildir"/systemd-pcrphase || return 1 ++ ++ # Return 255 to only include the module, if another module requires it. ++ return 255 ++ ++} ++ ++# Module dependency requirements. ++depends() { ++ ++ # This module has external dependency on other module(s). ++ echo systemd tpm2-tss ++ # Return 0 to include the dependent module(s) in the initramfs. ++ return 0 ++ ++} ++ ++# Install the required file(s) and directories for the module in the initramfs. ++install() { ++ ++ inst_multiple -o \ ++ "$systemdutildir"/systemd-pcrphase \ ++ "$systemdsystemunitdir"/systemd-pcrphase.service \ ++ "$systemdsystemunitdir/systemd-pcrphase.service.d/*.conf" \ ++ "$systemdsystemunitdir"/systemd-pcrphase-sysinit.service \ ++ "$systemdsystemunitdir/systemd-pcrphase-sysinit.service/*.conf" \ ++ "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ ++ "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ ++ "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service ++ ++ # Install the hosts local user configurations if enabled. ++ if [[ $hostonly ]]; then ++ inst_multiple -H -o \ ++ "$systemdsystemconfdir"/systemd-pcrphase.service \ ++ "$systemdsystemconfdir/systemd-pcrphase.service.d/*.conf" \ ++ "$systemdsystemconfdir"/systemd-pcrphase-sysinit.service \ ++ "$systemdsystemconfdir/systemd-pcrphase-sysinit.service.d/*.conf" \ ++ "$systemdsystemconfdir"/systemd-pcrphase-initrd.service \ ++ "$systemdsystemconfdir/systemd-pcrphase-initrd.service.d/*.conf" \ ++ "$systemdsystemconfdir"/initrd.target.wants/systemd-pcrphase-initrd.service ++ fi ++ ++} +diff --git a/pkgbuild/dracut.spec b/pkgbuild/dracut.spec +index bd850986..0fa46d86 100644 +--- a/pkgbuild/dracut.spec ++++ b/pkgbuild/dracut.spec +@@ -320,6 +320,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ + %{dracutlibdir}/modules.d/01systemd-journald + %{dracutlibdir}/modules.d/01systemd-ldconfig + %{dracutlibdir}/modules.d/01systemd-modules-load ++%{dracutlibdir}/modules.d/01systemd-pcrphase + %{dracutlibdir}/modules.d/01systemd-repart + %{dracutlibdir}/modules.d/01systemd-resolved + %{dracutlibdir}/modules.d/01systemd-rfkill + diff --git a/0065.patch b/0065.patch new file mode 100644 index 0000000..0643650 --- /dev/null +++ b/0065.patch @@ -0,0 +1,45 @@ +From 86ce7047b2ade1f18ed50a736f10c343483f1f6c Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Thu, 9 Feb 2023 13:55:47 +0100 +Subject: [PATCH] fix(systemd-pcrphase): only include + systemd-pcrphase-initrd.service + +The only systemd-pcrphase related unit configured to run in the initrd is +systemd-pcrphase-initrd.service. +Both systemd-pcrphase.service and systemd-pcrphase-sysinit.service contain +`ConditionPathExists=!/etc/initrd-release`. + +(Cherry-picked commit: cd6f683d634970112a29867137431d0d57f8c957) + +Related: RHEL-27944 +--- + modules.d/01systemd-pcrphase/module-setup.sh | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +index 3dbb4974..fa960a42 100755 +--- a/modules.d/01systemd-pcrphase/module-setup.sh ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -28,10 +28,6 @@ install() { + + inst_multiple -o \ + "$systemdutildir"/systemd-pcrphase \ +- "$systemdsystemunitdir"/systemd-pcrphase.service \ +- "$systemdsystemunitdir/systemd-pcrphase.service.d/*.conf" \ +- "$systemdsystemunitdir"/systemd-pcrphase-sysinit.service \ +- "$systemdsystemunitdir/systemd-pcrphase-sysinit.service/*.conf" \ + "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service +@@ -39,10 +35,6 @@ install() { + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then + inst_multiple -H -o \ +- "$systemdsystemconfdir"/systemd-pcrphase.service \ +- "$systemdsystemconfdir/systemd-pcrphase.service.d/*.conf" \ +- "$systemdsystemconfdir"/systemd-pcrphase-sysinit.service \ +- "$systemdsystemconfdir/systemd-pcrphase-sysinit.service.d/*.conf" \ + "$systemdsystemconfdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemconfdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemconfdir"/initrd.target.wants/systemd-pcrphase-initrd.service + diff --git a/0066.patch b/0066.patch new file mode 100644 index 0000000..44c4861 --- /dev/null +++ b/0066.patch @@ -0,0 +1,37 @@ +From 1a57cf705444d3b6800051eee911d26a5c32d49a Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Thu, 8 Aug 2024 00:55:03 +0200 +Subject: [PATCH] fix(nfs): include also entries from /usr/lib/{passwd,group} + +as those paths are used by bootc instead of the /etc ones. + +(cherry picked from commit 45cdf3c4f24f77f04b264a7747f115d1031b2e67 from PR#573) + +Resolves: RHEL-52326 +--- + modules.d/95nfs/module-setup.sh | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 5351c2d5..1d961171 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -130,8 +130,16 @@ install() { + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" +- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" ++ ++ local _confdir ++ for _confdir in etc usr/lib; do ++ ++ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \ ++ >> "$initdir/${_confdir}/passwd" ++ ++ grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \ ++ >> "$initdir/${_confdir}/group" ++ done + + # rpc user needs to be able to write to this directory to save the warmstart + # file diff --git a/dracut.spec b/dracut.spec index 6253355..aa715e8 100644 --- a/dracut.spec +++ b/dracut.spec @@ -5,7 +5,7 @@ # strip the automatically generated dep here and instead co-own the # directory. %global __requires_exclude pkg-config -%define dist_free_release 53.git20240104 +%define dist_free_release 67.git20240812 Name: dracut Version: 057 @@ -81,6 +81,20 @@ Patch49: 0049.patch Patch50: 0050.patch Patch51: 0051.patch Patch52: 0052.patch +Patch53: 0053.patch +Patch54: 0054.patch +Patch55: 0055.patch +Patch56: 0056.patch +Patch57: 0057.patch +Patch58: 0058.patch +Patch59: 0059.patch +Patch60: 0060.patch +Patch61: 0061.patch +Patch62: 0062.patch +Patch63: 0063.patch +Patch64: 0064.patch +Patch65: 0065.patch +Patch66: 0066.patch Source1: https://www.gnu.org/licenses/lgpl-2.1.txt @@ -373,6 +387,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{dracutlibdir}/modules.d/01systemd-journald %{dracutlibdir}/modules.d/01systemd-ldconfig %{dracutlibdir}/modules.d/01systemd-modules-load +%{dracutlibdir}/modules.d/01systemd-pcrphase %{dracutlibdir}/modules.d/01systemd-repart %{dracutlibdir}/modules.d/01systemd-resolved %{dracutlibdir}/modules.d/01systemd-rfkill @@ -532,6 +547,19 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %changelog +* Mon Aug 12 2024 Pavel Valena - 057-67.git20240812 +- feat(systemd): install systemd-executor +- test: use -device instead of -watchdog to remove qemu +- fix(fips): remove /dev/{random,urandom} pre-creation +- fix(systemd): always include sg module +- fix(fips): do not blindly remove /boot +- fix(github): update format of labeler +- fix(network-manager): add "After" dependency on dbus.service +- fix(url-lib.sh): nfs_already_mounted() with trailing slash in +- feat(systemd-pcrphase): introducing the systemd-pcrphase +- fix(systemd-pcrphase): only include +- fix(nfs): include also entries from /usr/lib/{passwd,group} + * Thu Jan 04 2024 Pavel Valena - 057-53.git20240104 - fix(dracut-install): use stripped kernel module path as hash