rpms/dracut
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Upgrade to dracut 105

Browse Source 
https://github.com/redhat-plumbers/dracut-rhel10/pull/30

And additonal fixes; respective commits:

- fix(systemd-ask-password): do not half-install systemd-ask-password-wall
- fix(pcsc): add libpcsclite_real.so.*
Additional simple fixes.

- revert: "fix(rescue): make rescue always no-hostonly"
Do not use "add-confdir", as we do not package those configs.

- fix(dracut-install): initize fts pointer
Fix for compiler warning; https://github.com/dracut-ng/dracut-ng/pull/1229

- feat: add openssl module
Needed for eDNS and fips.

- build: make erofs the default requirement for squash subpackage
Needed for squashfs removal.

Resolves: RHEL-65204,RHEL-68935,RHEL-76323

From-source-git-commit: 9e216f2126a772e4b91b234c90d1debef797dced
This commit is contained in:
Pavel Valena 2025-02-17 04:17:31 +01:00
parent b9234e4ffc
commit 2f63df8772
39 changed files with 1290 additions and 2498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
0001-fix-rngd-install-system-service-file.patch
View File

@ -1,59 +0,0 @@
From f75ae29afc829e19834c4cb99ca51b8ebe8481bf Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sun, 23 Jul 2023 19:44:17 +0200
Subject: [PATCH 01/32] fix(rngd): install system service file
as there's no reason to keep a copy; there shouldn't be any modifications.
In case there are args stored in a separate file (Fedora and alike),
it needs to be supplied too, but without the option to change the user.
---
modules.d/06rngd/module-setup.sh | 7 ++++++-
modules.d/06rngd/rngd.service | 8 --------
modules.d/06rngd/sysconfig | 1 +
3 files changed, 7 insertions(+), 9 deletions(-)
delete mode 100644 modules.d/06rngd/rngd.service
create mode 100644 modules.d/06rngd/sysconfig
diff --git a/modules.d/06rngd/module-setup.sh b/modules.d/06rngd/module-setup.sh
index aec8d576..e8bdf7f5 100755
--- a/modules.d/06rngd/module-setup.sh
+++ b/modules.d/06rngd/module-setup.sh
@@ -32,7 +32,12 @@ depends() {
install() {
inst rngd
- inst_simple "${moddir}/rngd.service" "${systemdsystemunitdir}/rngd.service"
+ inst_simple "${systemdsystemunitdir}/rngd.service"
+
+ if [ -r /etc/sysconfig/rngd ]; then
+ inst_simple "${moddir}/sysconfig" "/etc/sysconfig/rngd"
+ fi
+
# make sure dependent libs are installed too
inst_libdir_file opensc-pkcs11.so
diff --git a/modules.d/06rngd/rngd.service b/modules.d/06rngd/rngd.service
deleted file mode 100644
index dd5374d7..00000000
--- a/modules.d/06rngd/rngd.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Hardware RNG Entropy Gatherer Daemon
-DefaultDependencies=no
-Before=systemd-udevd.service
-ConditionVirtualization=!container
-
-[Service]
-ExecStart=/usr/sbin/rngd -f
diff --git a/modules.d/06rngd/sysconfig b/modules.d/06rngd/sysconfig
new file mode 100644
index 00000000..68047ec1
--- /dev/null
+++ b/modules.d/06rngd/sysconfig
@@ -0,0 +1 @@
+RNGD_ARGS="-x pkcs11 -x nist"
--
2.42.0

8
0002-revert-fix-install.d-correctly-install-pre-genned-im.patch → 0001-revert-fix-install.d-correctly-install-pre-genned-im.patch
View File

@ -1,7 +1,7 @@
From 9b7740eaf33357cc087c83d95d089bdf8ead07dd Mon Sep 17 00:00:00 2001
From 07151e560561b415f7e016362ab1d180b13f33fb Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:30:42 +0200
Subject: [PATCH 02/32] revert: "fix(install.d): correctly install pre-genned
Subject: [PATCH 01/13] revert: "fix(install.d): correctly install pre-genned
image and die if no args"
revert: "fix(install.d): simplify and use what kernel-install gives us"
@ -198,7 +198,7 @@ index 14f87721..441414ac 100755
- "$KERNEL_INSTALL_STAGING_AREA/$IMAGE" || exit 1
+exit $ret
diff --git a/install.d/51-dracut-rescue.install b/install.d/51-dracut-rescue.install
index 25f75557..aa0ccdc5 100755
index 4ec9e3c5..9312e242 100755
--- a/install.d/51-dracut-rescue.install
+++ b/install.d/51-dracut-rescue.install
@@ -2,29 +2,11 @@
@ -234,5 +234,5 @@ index 25f75557..aa0ccdc5 100755
suffix=$1
shift
--
2.42.0
2.47.1

96
0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch → 0002-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
View File

@ -1,7 +1,7 @@
From 0d2983f7dbc1f5fbaa60735c839ea111d3f5d4e0 Mon Sep 17 00:00:00 2001
From e8c6d93a1fe7ea255754bfb93fad8daad62a85ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:08:42 +0100
Subject: [PATCH 03/32] feat(kernel-install): do nothing when
Subject: [PATCH 02/13] feat(kernel-install): do nothing when
$KERNEL_INSTALL_INITRD_GENERATOR says so
dracut may be installed without being actually used. This is very common in
@ -15,15 +15,15 @@ something else, skip our kernel-install plugins.
(Cherry-picked commit f47bcdd7342ca0d46b889e712a1c7446e18434bc from PR#1825)
---
install.d/50-dracut.install | 31 ++++++------------------------
install.d/51-dracut-rescue.install | 12 +++++++++---
2 files changed, 15 insertions(+), 28 deletions(-)
install.d/50-dracut.install | 9 ++++++++-
install.d/51-dracut-rescue.install | 6 ++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/install.d/50-dracut.install b/install.d/50-dracut.install
index 441414ac..efb184cd 100755
index 441414ac..3f961b11 100755
--- a/install.d/50-dracut.install
+++ b/install.d/50-dracut.install
@@ -6,38 +6,19 @@ BOOT_DIR_ABS="$3"
@@ -6,11 +6,17 @@ BOOT_DIR_ABS="$3"
KERNEL_IMAGE="$4"
# If KERNEL_INSTALL_MACHINE_ID is defined but empty, BOOT_DIR_ABS is a fake directory.
@ -33,64 +33,40 @@ index 441414ac..efb184cd 100755
exit 0
fi
-# Do not attempt to create initramfs if the supplied image is already a UKI
-if [[ "$KERNEL_INSTALL_IMAGE_TYPE" = "uki" ]]; then
+# Skip this plugin if we're using a different generator. If nothing is specified,
+# assume we're wanted since we're installed.
+if [ "${KERNEL_INSTALL_INITRD_GENERATOR:-dracut}" != "dracut" ]; then
exit 0
fi
-# Mismatching the install layout and the --uefi/--no-uefi opts just creates a mess.
-if [[ $KERNEL_INSTALL_LAYOUT == "uki" && -n $KERNEL_INSTALL_STAGING_AREA ]]; then
- BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA"
- if [[ -z $KERNEL_INSTALL_UKI_GENERATOR || $KERNEL_INSTALL_UKI_GENERATOR == "dracut" ]]; then
- # No uki generator preference set or we have been chosen
- IMAGE="uki.efi"
- UEFI_OPTS="--uefi"
- elif [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then
- # We aren't the uki generator, but we have been requested to make the initrd
- IMAGE="initrd"
- UEFI_OPTS="--no-uefi"
- else
- exit 0
- fi
-elif [[ $KERNEL_INSTALL_LAYOUT == "bls" && -n $KERNEL_INSTALL_STAGING_AREA ]]; then
- BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA"
- if [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then
- IMAGE="initrd"
- UEFI_OPTS="--no-uefi"
- else
- exit 0
- fi
+if [[ -d "$BOOT_DIR_ABS" ]]; then
+ INITRD="initrd"
else
# No layout information, use users --uefi/--no-uefi preference
UEFI_OPTS=""
diff --git a/install.d/51-dracut-rescue.install b/install.d/51-dracut-rescue.install
index aa0ccdc5..be4172b5 100755
--- a/install.d/51-dracut-rescue.install
+++ b/install.d/51-dracut-rescue.install
@@ -7,9 +7,15 @@ KERNEL_VERSION="$2"
BOOT_DIR_ABS="${3%/*}/0-rescue"
KERNEL_IMAGE="$4"
-dropindirs_sort() {
- suffix=$1
- shift
+# Skip this plugin if we're using a different generator. If nothing is specified,
+# assume we're wanted since we're installed.
+if [ "${KERNEL_INSTALL_INITRD_GENERATOR:-dracut}" != "dracut" ]; then
+ exit 0
+fi
+
+dropindirs_sort()
+{
+ suffix=$1; shift
args=("$@")
files=$(
while (($# > 0)); do
# Do not attempt to create initramfs if the supplied image is already a UKI
if [[ "$KERNEL_INSTALL_IMAGE_TYPE" = "uki" ]]; then
exit 0
@@ -38,6 +44,7 @@ elif [[ $KERNEL_INSTALL_LAYOUT == "bls" && -n $KERNEL_INSTALL_STAGING_AREA ]]; t
else
exit 0
fi
+
else
# No layout information, use users --uefi/--no-uefi preference
UEFI_OPTS=""
diff --git a/install.d/51-dracut-rescue.install b/install.d/51-dracut-rescue.install
index 9312e242..decee283 100755
--- a/install.d/51-dracut-rescue.install
+++ b/install.d/51-dracut-rescue.install
@@ -7,6 +7,12 @@ KERNEL_VERSION="$2"
BOOT_DIR_ABS="${3%/*}/0-rescue"
KERNEL_IMAGE="$4"
+# Skip this plugin if we're using a different generator. If nothing is specified,
+# assume we're wanted since we're installed.
+if [ "${KERNEL_INSTALL_INITRD_GENERATOR:-dracut}" != "dracut" ]; then
+ exit 0
+fi
+
dropindirs_sort() {
suffix=$1
shift
--
2.42.0
2.47.1

10
0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch → 0003-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
View File

@ -1,7 +1,7 @@
From 65d5bd785458da98b0388ddf3f8e67e569af67c1 Mon Sep 17 00:00:00 2001
From 430b1b06e60de78c28ed6e70982a30f41585b219 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:58:58 +0100
Subject: [PATCH 04/32] fix(kernel-install): do not generate an initrd when one
Subject: [PATCH 03/13] fix(kernel-install): do not generate an initrd when one
was specified
According to the synopsis, kernel-install can be called with an
@ -13,7 +13,7 @@ already-prepared initrd. In that case, no initrd should be generated by dracut.
1 file changed, 4 insertions(+)
diff --git a/install.d/50-dracut.install b/install.d/50-dracut.install
index efb184cd..3907e303 100755
index 3f961b11..076b4f5e 100755
--- a/install.d/50-dracut.install
+++ b/install.d/50-dracut.install
@@ -4,6 +4,7 @@ COMMAND="$1"
@ -24,7 +24,7 @@ index efb184cd..3907e303 100755
# If KERNEL_INSTALL_MACHINE_ID is defined but empty, BOOT_DIR_ABS is a fake directory.
# In this case, do not create the initrd.
@@ -34,6 +35,9 @@ ret=0
@@ -60,6 +61,9 @@ ret=0
case "$COMMAND" in
add)
@ -35,5 +35,5 @@ index efb184cd..3907e303 100755
IMAGE_PREGENERATED=${KERNEL_IMAGE%/*}/uki.efi
else
--
2.42.0
2.47.1

39
0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch → 0004-fix-resume-always-include-the-resume-module.patch
View File

@ -1,8 +1,17 @@
From 4a6806efae05b453bb9b93efe961fb1033bb562b Mon Sep 17 00:00:00 2001
From 67654956c27c159e29701a2b9fd9430d372a9f91 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 00:39:17 +0200
Subject: [PATCH 22/32] fix(resume): do not include resume if swap is on
netdevice
Date: Thu, 8 Aug 2024 00:21:12 +0200
Subject: [PATCH 04/13] fix(resume): always include the resume module
as we can't determine with certainity that it won't be needed.
rhel-only
Resolves: RHEL-53350
(commit messages from squashed commits:)
fix(resume): do not include resume if swap is on netdevice
Additional fix, restoring previous behavior identical to RHEL-9.
@ -10,24 +19,24 @@ rhel-only
Resolves: RHEL-53350
---
modules.d/95resume/module-setup.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
modules.d/95resume/module-setup.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules.d/95resume/module-setup.sh b/modules.d/95resume/module-setup.sh
index c0f04a6c..785f681a 100755
index d419566e..785f681a 100755
--- a/modules.d/95resume/module-setup.sh
+++ b/modules.d/95resume/module-setup.sh
@@ -4,9 +4,6 @@
# shellcheck disable=SC2317
check() {
@@ -1,7 +1,9 @@
#!/bin/bash
- # Always include resume module
- return 0
-
# called by dracut
+# shellcheck disable=SC2317
check() {
+
swap_on_netdevice() {
local _dev
for _dev in "${swap_devs[@]}"; do
@@ -23,6 +20,9 @@ check() {
@@ -18,6 +20,9 @@ check() {
# hibernation support requested on kernel command line
return 0
else
@ -38,5 +47,5 @@ index c0f04a6c..785f681a 100755
if [[ -f /sys/power/resume ]]; then
if [[ "$(< /sys/power/resume)" == "0:0" ]]; then
--
2.42.0
2.47.1

75
0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
View File

@ -1,75 +0,0 @@
From 35326479721f8b439f291bf8ff35354107144012 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 07:33:05 +0200
Subject: [PATCH 05/32] fix: incorrectly applied patch in commit
c6d18c3c71597e78572378fc4dde391f1845b8
named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so"
Resolves: rhbz#2276271
---
install.d/50-dracut.install | 30 ++++++++++++++++++++++++++++--
install.d/51-dracut-rescue.install | 6 +++---
2 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/install.d/50-dracut.install b/install.d/50-dracut.install
index 3907e303..076b4f5e 100755
--- a/install.d/50-dracut.install
+++ b/install.d/50-dracut.install
@@ -18,8 +18,34 @@ if [ "${KERNEL_INSTALL_INITRD_GENERATOR:-dracut}" != "dracut" ]; then
exit 0
fi
-if [[ -d "$BOOT_DIR_ABS" ]]; then
- INITRD="initrd"
+# Do not attempt to create initramfs if the supplied image is already a UKI
+if [[ "$KERNEL_INSTALL_IMAGE_TYPE" = "uki" ]]; then
+ exit 0
+fi
+
+# Mismatching the install layout and the --uefi/--no-uefi opts just creates a mess.
+if [[ $KERNEL_INSTALL_LAYOUT == "uki" && -n $KERNEL_INSTALL_STAGING_AREA ]]; then
+ BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA"
+ if [[ -z $KERNEL_INSTALL_UKI_GENERATOR || $KERNEL_INSTALL_UKI_GENERATOR == "dracut" ]]; then
+ # No uki generator preference set or we have been chosen
+ IMAGE="uki.efi"
+ UEFI_OPTS="--uefi"
+ elif [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then
+ # We aren't the uki generator, but we have been requested to make the initrd
+ IMAGE="initrd"
+ UEFI_OPTS="--no-uefi"
+ else
+ exit 0
+ fi
+elif [[ $KERNEL_INSTALL_LAYOUT == "bls" && -n $KERNEL_INSTALL_STAGING_AREA ]]; then
+ BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA"
+ if [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then
+ IMAGE="initrd"
+ UEFI_OPTS="--no-uefi"
+ else
+ exit 0
+ fi
+
else
# No layout information, use users --uefi/--no-uefi preference
UEFI_OPTS=""
diff --git a/install.d/51-dracut-rescue.install b/install.d/51-dracut-rescue.install
index be4172b5..5310229e 100755
--- a/install.d/51-dracut-rescue.install
+++ b/install.d/51-dracut-rescue.install
@@ -13,9 +13,9 @@ if [ "${KERNEL_INSTALL_INITRD_GENERATOR:-dracut}" != "dracut" ]; then
exit 0
fi
-dropindirs_sort()
-{
- suffix=$1; shift
+dropindirs_sort() {
+ suffix=$1
+ shift
args=("$@")
files=$(
while (($# > 0)); do
--
2.42.0

8
0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch → 0005-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
View File

@ -1,7 +1,7 @@
From c6c9f871b87cdc334be989b42e9a5d2070ae17c5 Mon Sep 17 00:00:00 2001
From 3e33ee5ce614059c9e4a81e8003df5142f1312c5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 19 Jul 2021 11:27:28 +0200
Subject: [PATCH 21/32] fix(nfs): set correct ownership and permissions for
Subject: [PATCH 05/13] fix(nfs): set correct ownership and permissions for
statd directory
The directory ownership for the statd directory should be
@ -15,7 +15,7 @@ Resolves: RHEL-53361
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index 5cc42892..fbaeeb00 100755
index c6fdd506..e36cd144 100755
--- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh
@@ -120,8 +120,13 @@ install() {
@ -35,5 +35,5 @@ index 5cc42892..fbaeeb00 100755
# Rather than copy the passwd file in, just set a user for rpcbind
# We'll save the state and restart the daemon from the root anyway
--
2.42.0
2.47.1

10
0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch → 0006-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
View File

@ -1,7 +1,7 @@
From 2f3c9cb56cc7ccdccbd8f8056b21d39fa736da1e Mon Sep 17 00:00:00 2001
From 7fea469146481fdf30e6f2c933fa85426b6a2927 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 01:43:50 +0200
Subject: [PATCH 23/32] feat(dracut-init.sh): give --force-add precedence over
Subject: [PATCH 06/13] feat(dracut-init.sh): give --force-add precedence over
--omit
This gives precedence of force_add_dracutmodules to omit_dracutmodules,
@ -23,10 +23,10 @@ Resolves: RHEL-53791
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 746362d1..3917bb0d 100755
index 1ce0d7ed..d78d3cd0 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -969,8 +969,10 @@ check_module() {
@@ -935,8 +935,10 @@ check_module() {
[[ $2 ]] || mods_checked_as_dep+=" $_mod "
if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then
@ -40,5 +40,5 @@ index 746362d1..3917bb0d 100755
if [[ " $dracutmodules $add_dracutmodules $force_add_dracutmodules" == *\ $_mod\ * ]]; then
--
2.42.0
2.47.1

29
0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
View File

@ -1,29 +0,0 @@
From afcfd7378110969cce445d7613d9e81c9d85cac0 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 16:24:14 +0200
Subject: [PATCH 06/32] revert: "fix(crypt): unlock encrypted devices by
default during boot"
This reverts commit 2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1.
Resolves: rhbz#2295215
---
modules.d/90crypt/parse-crypt.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 9567a4a9..e46e347a 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -174,7 +174,7 @@ else
} >> "$hookdir/emergency/90-crypt.sh"
fi
done
- elif getargbool 1 rd.auto && [ -z "$(getargs rd.luks.name)" ]; then
+ elif getargbool 0 rd.auto; then
if [ -z "$DRACUT_SYSTEMD" ]; then
{
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
--
2.42.0

8
0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch → 0007-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
View File

@ -1,7 +1,7 @@
From 226de396c97d483380bd0604bfe2ff7f6a2ef48c Mon Sep 17 00:00:00 2001
From 9e9193f6da0348eb476c3aff6d066292b10cefe1 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Aug 2024 20:40:15 +0200
Subject: [PATCH 24/32] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Subject: [PATCH 07/13] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Introduce new path for lsinitrd.sh to look into:
@ -19,7 +19,7 @@ Resolves: RHEL-54650
1 file changed, 4 insertions(+)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 6799f938..35314b78 100755
index ac49b5d7..f8696e68 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -125,6 +125,10 @@ find_initrd_for_kernel_version() {
@ -34,5 +34,5 @@ index 6799f938..35314b78 100755
echo "/boot/initramfs-${kernel_version}.img"
else
--
2.42.0
2.47.1

30
0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
View File

@ -1,30 +0,0 @@
From 02bc9391cfdf7f3b16c49cde9d881642c13fc8c0 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Sat, 20 Jul 2024 18:49:38 -0400
Subject: [PATCH 07/32] test: do not force include dash, let sh module make a
selection
This is important for alpine, so that it does not install both
dash and busybox dracut modules that are potentially conflicting.
(cherry picked from commit 6e3c2bf9d01ad0f93176ee121bb70404f24de4e7)
---
modules.d/80test-makeroot/module-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/80test-makeroot/module-setup.sh b/modules.d/80test-makeroot/module-setup.sh
index f311e4a0..fc105d7e 100755
--- a/modules.d/80test-makeroot/module-setup.sh
+++ b/modules.d/80test-makeroot/module-setup.sh
@@ -6,7 +6,7 @@ check() {
}
depends() {
- echo "dash rootfs-block kernel-modules qemu"
+ echo "rootfs-block kernel-modules qemu"
}
installkernel() {
--
2.42.0

8
0025-feat-fips-include-fips-module-unconditionally.patch → 0008-feat-fips-include-fips-module-unconditionally.patch
View File

@ -1,7 +1,7 @@
From 3e25517a0d1f0054e69409eb89484879251f47a3 Mon Sep 17 00:00:00 2001
From c41f441214a98284475f0965973c3541bd158df7 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 19 Aug 2024 09:41:27 +0200
Subject: [PATCH 25/32] feat(fips): include fips module unconditionally
Subject: [PATCH 08/13] feat(fips): include fips module unconditionally
rhel-only
@ -11,7 +11,7 @@ Resolves: RHEL-39404
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 1e0c9d09..005f0b6d 100755
index a497ac5c..e3b7ca33 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -2,7 +2,7 @@
@ -24,5 +24,5 @@ index 1e0c9d09..005f0b6d 100755
# called by dracut
--
2.42.0
2.47.1

31
0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
View File

@ -1,31 +0,0 @@
From bdfdbdee356cb83dad86f1d49fc21df9117ba8eb Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 01:30:50 +0200
Subject: [PATCH 08/32] fix(dracut-functions): allow for \ in get_maj_min file
path
as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition
which would produce Warning 'grep: warning: stray \ before x' in get_maj_min
Resolves: RHEL-47145
---
dracut-functions.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index 1f7a9052..d436a357 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -243,7 +243,7 @@ get_maj_min() {
local _out
if [[ $get_maj_min_cache_file ]]; then
- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
fi
if ! [[ "$_out" ]]; then
--
2.42.0

42
0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
View File

@ -1,42 +0,0 @@
From 31fe330589cfd564790c4255c951567a3479df94 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Mon, 5 Aug 2024 11:28:32 +0200
Subject: [PATCH 09/32] fix(dracut-functions.sh): only return block devices
from get_persistent_dev
With udev 256, there are now directories such as
/dev/disk/by-path/pci-0000:02:00.0-nvme-1-part/ which match here.
In case a nonexisting file/device was passed to get_persistent_dev, it
returned the first directory it looked at because both have maj:min 0:0.
This accidental conversion from garbage to a sensible looking path leads
to weird behaviour later.
Instead of filtering out directories explicitly switch the check to only
return block devices, which also takes care of the character special
/dev/mapper/control.
(cherry picked from commit 55d2fb5b459f356fdbde60ddefb97be942a0c141)
Resolves: RHEL-49744
---
dracut-functions.sh | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index d436a357..b4d57454 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -294,8 +294,7 @@ get_persistent_dev() {
/dev/disk/by-partlabel/* \
/dev/disk/by-id/* \
/dev/disk/by-path/*; do
- [[ -e $i ]] || continue
- [[ $i == /dev/mapper/control ]] && continue
+ [[ -b $i ]] || continue
[[ $i == /dev/mapper/mpath* ]] && continue
_tmp=$(get_maj_min "$i")
if [ "$_tmp" = "$_dev" ]; then
--
2.42.0

39
0009-fix-systemd-ask-password-do-not-half-install-systemd.patch Normal file
View File

@ -0,0 +1,39 @@
From 8002a6125bf3f36144a92643ea02ad3abfa5d6d8 Mon Sep 17 00:00:00 2001
From: Jo Zzsi <jozzsicsataban@gmail.com>
Date: Sun, 12 Jan 2025 20:01:09 -0500
Subject: [PATCH 09/13] fix(systemd-ask-password): do not half-install
systemd-ask-password-wall
Do not install the path unit when the service unit is not installed
for systemd-ask-password-wall.
Fixes the following warning on the CI:
[FAILED] Failed to start Forward Password Requests to Wall Directory Watch.
See 'systemctl status systemd-ask-password-wall.path' for details.
...
systemd[1]: systemd-ask-password-wall.path: Refusing to start, unit systemd-ask-password-wall.service to trigger not loaded.
systemd[1]: Failed to start Forward Password Requests to Wall Directory Watch.
(cherry picked from commit 4ddc0053e869eb37b7c3d4e08876a687e1a995ae)
Related: RHEL-65204
---
modules.d/01systemd-ask-password/module-setup.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/modules.d/01systemd-ask-password/module-setup.sh b/modules.d/01systemd-ask-password/module-setup.sh
index 40774ab9..8b09b69f 100755
--- a/modules.d/01systemd-ask-password/module-setup.sh
+++ b/modules.d/01systemd-ask-password/module-setup.sh
@@ -43,7 +43,6 @@ install() {
inst_multiple -o \
"$systemdsystemunitdir"/systemd-ask-password-console.path \
"$systemdsystemunitdir"/systemd-ask-password-console.service \
- "$systemdsystemunitdir"/multi-user.target.wants/systemd-ask-password-wall.path \
"$systemdsystemunitdir"/sysinit.target.wants/systemd-ask-password-console.path \
systemd-ask-password \
systemd-tty-ask-password-agent
--
2.47.1

112
0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
View File

@ -1,112 +0,0 @@
From e90249443fe2285f221849359e9066aefff29eff Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:06:32 +0200
Subject: [PATCH 10/32] feat(systemd*): include systemd config files from
/usr/lib/systemd
and also use proper variables for the paths, and fixup invalid paths.
--
The new systemd reads from both /etc and /usr/, so to accomodate this,
I've added new paths to install configs from (I probably haven't covered
all). This changes only hostonly behaviour; uses global variables:
systemdutilconfdir: "/etc/systemd"
systemdutildir: "/lib/systemd:/lib/systemd/systemd-udevd" "/usr/lib/systemd:/usr/lib/systemd/systemd-udevd"
(cherry picked from commit ea4905e944a2acd75ba3a48a5dfeaba417f724e8)
Resolves: RHEL-32506
---
modules.d/00systemd/module-setup.sh | 6 ++++--
modules.d/01systemd-coredump/module-setup.sh | 3 ++-
modules.d/01systemd-pstore/module-setup.sh | 2 ++
modules.d/01systemd-resolved/module-setup.sh | 1 +
modules.d/01systemd-timesyncd/module-setup.sh | 1 +
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh
index ce7bb520..70a2a78f 100755
--- a/modules.d/00systemd/module-setup.sh
+++ b/modules.d/00systemd/module-setup.sh
@@ -42,6 +42,8 @@ install() {
"$systemdutildir"/system-generators/systemd-debug-generator \
"$systemdutildir"/system-generators/systemd-fstab-generator \
"$systemdutildir"/system-generators/systemd-gpt-auto-generator \
+ "$systemdutildir"/system.conf \
+ "$systemdutildir"/system.conf.d/*.conf \
"$systemdsystemunitdir"/debug-shell.service \
"$systemdsystemunitdir"/cryptsetup.target \
"$systemdsystemunitdir"/cryptsetup-pre.target \
@@ -94,8 +96,8 @@ install() {
if [[ $hostonly ]]; then
inst_multiple -H -o \
- /etc/systemd/system.conf \
- /etc/systemd/system.conf.d/*.conf \
+ "$systemdutilconfdir"/system.conf \
+ "$systemdutilconfdir"/system.conf.d/*.conf \
/etc/hosts \
/etc/hostname \
/etc/nsswitch.conf \
diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh
index 0c5cbcfb..6acbe75f 100755
--- a/modules.d/01systemd-coredump/module-setup.sh
+++ b/modules.d/01systemd-coredump/module-setup.sh
@@ -35,6 +35,7 @@ install() {
inst_multiple -o \
"$sysctld"/50-coredump.conf \
"$systemdutildir"/coredump.conf \
+ "$systemdutildir/coredump.conf.d/*.conf" \
"$systemdutildir"/systemd-coredump \
"$systemdsystemunitdir"/systemd-coredump.socket \
"$systemdsystemunitdir"/systemd-coredump@.service \
@@ -52,7 +53,7 @@ install() {
if [[ $hostonly ]]; then
inst_multiple -H -o \
"$systemdutilconfdir"/coredump.conf \
- "$systemdsystemconfdir/coredump.conf.d/*.conf" \
+ "$systemdutilconfdir/coredump.conf.d/*.conf" \
"$systemdsystemconfdir"/systemd-coredump.socket \
"$systemdsystemconfdir/systemd-coredump.socket.d/*.conf" \
"$systemdsystemconfdir"/systemd-coredump@.service \
diff --git a/modules.d/01systemd-pstore/module-setup.sh b/modules.d/01systemd-pstore/module-setup.sh
index 67034bbf..5de5db4b 100755
--- a/modules.d/01systemd-pstore/module-setup.sh
+++ b/modules.d/01systemd-pstore/module-setup.sh
@@ -34,6 +34,8 @@ install() {
inst_dir /var/lib/systemd/pstore
inst_multiple -o \
"$tmpfilesdir/systemd-pstore.conf" \
+ "$systemdutildir"/pstore.conf \
+ "$systemdutildir/pstore.conf.d/*.conf" \
"$systemdutildir"/systemd-pstore \
"$systemdsystemunitdir"/systemd-pstore.service \
"$systemdsystemunitdir/systemd-pstore.service.d/*.conf"
diff --git a/modules.d/01systemd-resolved/module-setup.sh b/modules.d/01systemd-resolved/module-setup.sh
index b354bc6c..d20f211c 100755
--- a/modules.d/01systemd-resolved/module-setup.sh
+++ b/modules.d/01systemd-resolved/module-setup.sh
@@ -50,6 +50,7 @@ install() {
# Install the hosts local user configurations if enabled.
if [[ $hostonly ]]; then
inst_multiple -H -o \
+ "$systemdutilconfdir"/resolv.conf \
"$systemdutilconfdir"/resolved.conf \
"$systemdutilconfdir/resolved.conf.d/*.conf" \
"$systemdsystemconfdir"/systemd-resolved.service \
diff --git a/modules.d/01systemd-timesyncd/module-setup.sh b/modules.d/01systemd-timesyncd/module-setup.sh
index 0c065af6..82902b3b 100755
--- a/modules.d/01systemd-timesyncd/module-setup.sh
+++ b/modules.d/01systemd-timesyncd/module-setup.sh
@@ -40,6 +40,7 @@ install() {
"$systemdntpunits/*.list" \
"$systemdutildir"/systemd-timesyncd \
"$systemdutildir"/systemd-time-wait-sync \
+ "$systemdutildir"/timesyncd.conf \
"$systemdutildir/timesyncd.conf.d/*.conf" \
"$systemdsystemunitdir"/systemd-timesyncd.service \
"$systemdsystemunitdir/systemd-timesyncd.service.d/*.conf" \
--
2.42.0

37
0010-fix-pcsc-add-libpcsclite_real.so.patch Normal file
View File

@ -0,0 +1,37 @@
From 8f3b92db19bf4654d7346a1532928fcf172c09e6 Mon Sep 17 00:00:00 2001
From: Manuel Fombuena <fombuena@outlook.com>
Date: Thu, 31 Oct 2024 12:01:46 +0000
Subject: [PATCH 10/13] fix(pcsc): add libpcsclite_real.so.*
systemd-cryptsetup requires libpcsclite_real.so.1
Without it you get the following error:
systemd-cryptsetup[697]: loading "libpcsclite_real.so.1" failed: libpcsclite_real.so.1: cannot open shared object file: No such file or directory
Signed-off-by: Manuel Fombuena <fombuena@outlook.com>
(cherry picked from commit bfa00c2a03b07efae5a826aa881317acea9a4ec6)
Related: RHEL-65204
---
modules.d/91pcsc/module-setup.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules.d/91pcsc/module-setup.sh b/modules.d/91pcsc/module-setup.sh
index 26b463d4..5ae1272b 100755
--- a/modules.d/91pcsc/module-setup.sh
+++ b/modules.d/91pcsc/module-setup.sh
@@ -51,7 +51,8 @@ install() {
{"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist" \
{"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so" \
{"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/serial/libccidtwin.so" \
- {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite.so.*"
+ {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite.so.*" \
+ {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite_real.so.*"
# Install the hosts local user configurations if enabled.
if [[ $hostonly ]]; then
--
2.47.1

34
0011-fix-resume-always-include-the-resume-module.patch
View File

@ -1,34 +0,0 @@
From 91f878a4fe4ed694baad59cdb1c7366b002cf1da Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:21:12 +0200
Subject: [PATCH 11/32] fix(resume): always include the resume module
as we can't determine with certainity that it won't be needed.
rhel-only
Resolves: RHEL-53350
---
modules.d/95resume/module-setup.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules.d/95resume/module-setup.sh b/modules.d/95resume/module-setup.sh
index d419566e..c0f04a6c 100755
--- a/modules.d/95resume/module-setup.sh
+++ b/modules.d/95resume/module-setup.sh
@@ -1,7 +1,12 @@
#!/bin/bash
# called by dracut
+# shellcheck disable=SC2317
check() {
+
+ # Always include resume module
+ return 0
+
swap_on_netdevice() {
local _dev
for _dev in "${swap_devs[@]}"; do
--
2.42.0

30
0011-revert-fix-rescue-make-rescue-always-no-hostonly.patch Normal file
View File

@ -0,0 +1,30 @@
From ad4549b5e8fb66ee33126ba01bbb24f4801a3936 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 29 Jan 2025 20:25:03 +0100
Subject: [PATCH 11/13] revert: "fix(rescue): make rescue always no-hostonly"
This partly reverts commit 224c00914bfb4ba1dee48e094ebb137facfd5947.
Related: RHEL-65204
---
install.d/51-dracut-rescue.install | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/install.d/51-dracut-rescue.install b/install.d/51-dracut-rescue.install
index decee283..1be9b882 100755
--- a/install.d/51-dracut-rescue.install
+++ b/install.d/51-dracut-rescue.install
@@ -119,8 +119,8 @@ case "$COMMAND" in
if [[ ! -f "$BOOT_DIR_ABS/$INITRD" ]]; then
# shellcheck disable=SC2046
- dracut -f \
- --add-confdir rescue \
+ dracut -f --no-hostonly --no-uefi \
+ -a "rescue" \
$([[ $KERNEL_INSTALL_VERBOSE == 1 ]] && echo --verbose) \
--kver "$KERNEL_VERSION" \
"$BOOT_DIR_ABS/$INITRD"
--
2.47.1

197
0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
View File

@ -1,197 +0,0 @@
From 5ed57d866f2be5dc73c7c70a70f51ccae9bdd47d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:46:47 +0200
Subject: [PATCH 12/32] feat(dracut-init.sh): allow changing the destination
directory for inst et al
When using 99squash dracut actually builds two separate initrds. The
"normal" one, that gets squashed into a squashfs image, and a
"minimalistic" one, whose only task is to mount and switch_root to the
squashfs image.
This is currently done the following way:
1. Skipp install() for 99squash during the "normal" installation phase.
2. Trigger a special postinstall hook in 99squash that moves the content
of $initdir to $squashdir and installs the "minimalistic" initrd to
$initdir.
3. Strip the binaries in $initdir (of which $squashdir is a sub
directory of).
4. Squash the content of $squashdir into the squashfs image and remove
$squashdir.
The problem with this approach is that the steps 2 and 4 specific to
99squash but need to be done in dracut.sh. Thus a lot of special
handling for 99squash is needed in dracut.sh. This will get even more
complex once support for different filesystem images, e.g. erofs, are
implemented.
In order to be able to move most of the functionality into 99squash
itself a new approach will be chosen, i.e.
1. During the installation phase install the "normal" initrd into
$initdir and the "minimalistic" initrd into $squashdir.
2. Strip the binaries in $initdir.
3. Trigger a special postinstall hook in 99squash that squashes the
content of $initdir (excluding $squashdir) into the squashfs image,
removes the content of $intidir (excluding $suqashdir) and, moves the
content of $squashdir into $initdir.
With that the only special handling remaining in dracut.sh is triggering
the postinstall hook.
However, in inst et al. the destination directory is hard coded to
$initdir. Thus allow setting a different destination directory in inst
et al. to get the new approach to work. For the time being only do that
for the functions required by 99squash.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 5ab4470cf136c2d9983564b84b49fd700d4b8514)
Related: RHEL-43460
---
dracut-init.sh | 40 +++++++++++++++++++++++++---------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 986da96b..8e943493 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -240,34 +240,36 @@ inst_dir() {
}
inst() {
+ local dstdir="${dstdir:-"$initdir"}"
local _ret _hostonly_install
if [[ $1 == "-H" ]]; then
_hostonly_install="-H"
shift
fi
- [[ -e ${initdir}/"${2:-$1}" ]] && return 0 # already there
- if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"; then
+ [[ -e ${dstdir}/"${2:-$1}" ]] && return 0 # already there
+ if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"; then
return 0
else
_ret=$?
- derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
+ derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
return $_ret
fi
}
inst_simple() {
+ local dstdir="${dstdir:-"$initdir"}"
local _ret _hostonly_install
if [[ $1 == "-H" ]]; then
_hostonly_install="-H"
shift
fi
- [[ -e ${initdir}/"${2:-$1}" ]] && return 0 # already there
- [[ -e $1 ]] || return 1 # no source
- if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"; then
+ [[ -e ${dstdir}/"${2:-$1}" ]] && return 0 # already there
+ [[ -e $1 ]] || return 1 # no source
+ if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"; then
return 0
else
_ret=$?
- derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"
+ derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"
return $_ret
fi
}
@@ -290,16 +292,17 @@ inst_symlink() {
}
inst_multiple() {
+ local dstdir="${dstdir:-"$initdir"}"
local _ret _hostonly_install
if [[ $1 == "-H" ]]; then
_hostonly_install="-H"
shift
fi
- if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"; then
+ if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"; then
return 0
else
_ret=$?
- derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
+ derror FAILED: "$DRACUT_INSTALL" ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
return $_ret
fi
}
@@ -566,6 +569,8 @@ inst_rules_wildcard() {
# make sure that library links are correct and up to date
build_ld_cache() {
+ local dstdir="${dstdir:-"$initdir"}"
+
for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do
[[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}"
done
@@ -1056,13 +1061,15 @@ for_each_module_dir() {
}
dracut_kernel_post() {
+ local dstdir="${dstdir:-"$initdir"}"
+
for _f in modules.builtin modules.builtin.alias modules.builtin.modinfo modules.order; do
[[ -e $srcmods/$_f ]] && inst_simple "$srcmods/$_f" "/lib/modules/$kernel/$_f"
done
# generate module dependencies for the initrd
- if [[ -d $initdir/lib/modules/$kernel ]] \
- && ! depmod -a -b "$initdir" "$kernel"; then
+ if [[ -d $dstdir/lib/modules/$kernel ]] \
+ && ! depmod -a -b "$dstdir" "$kernel"; then
dfatal "\"depmod -a $kernel\" failed."
exit 1
fi
@@ -1076,6 +1083,7 @@ instmods() {
# <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"
# -c check
# -s silent
+ local dstdir="${dstdir:-"$initdir"}"
local _optional="-o"
local _silent
local _ret
@@ -1101,7 +1109,7 @@ instmods() {
fi
$DRACUT_INSTALL \
- ${initdir:+-D "$initdir"} \
+ ${dstdir:+-D "$dstdir"} \
${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \
@@ -1115,7 +1123,7 @@ instmods() {
if ((_ret != 0)) && [[ -z $_silent ]]; then
derror "FAILED: " \
"$DRACUT_INSTALL" \
- ${initdir:+-D "$initdir"} \
+ ${dstdir:+-D "$dstdir"} \
${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \
@@ -1132,14 +1140,16 @@ instmods() {
if [[ "$(ln --help)" == *--relative* ]]; then
ln_r() {
- ln -sfnr "${initdir}/$1" "${initdir}/$2"
+ local dstdir="${dstdir:-"$initdir"}"
+ ln -sfnr "${dstdir}/$1" "${dstdir}/$2"
}
else
ln_r() {
+ local dstdir="${dstdir:-"$initdir"}"
local _source=$1
local _dest=$2
[[ -d ${_dest%/*} ]] && _dest=$(readlink -f "${_dest%/*}")/${_dest##*/}
- ln -sfn -- "$(convert_abs_rel "${_dest}" "${_source}")" "${initdir}/${_dest}"
+ ln -sfn -- "$(convert_abs_rel "${_dest}" "${_source}")" "${dstdir}/${_dest}"
}
fi
--
2.42.0

26
0012-fix-dracut-install-initize-fts-pointer.patch Normal file
View File

@ -0,0 +1,26 @@
From 2c33b7315571dd0fd8240111018ce474fc45f667 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 13 Feb 2025 22:18:06 +0100
Subject: [PATCH 12/13] fix(dracut-install): initize fts pointer
Related: RHEL-65204
---
src/install/dracut-install.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c
index 96bc2eb6..3cd4e5cb 100644
--- a/src/install/dracut-install.c
+++ b/src/install/dracut-install.c
@@ -1681,7 +1681,7 @@ static void find_suppliers_for_sys_node(Hashmap *suppliers, const char *node_pat
static void find_suppliers(struct kmod_ctx *ctx)
{
- _cleanup_fts_close_ FTS *fts;
+ _cleanup_fts_close_ FTS *fts = NULL;
char *paths[] = { "/sys/devices/platform", NULL };
fts = fts_open(paths, FTS_NOSTAT | FTS_PHYSICAL, NULL);
--
2.47.1

1021
0013-feat-add-openssl-module.patch Normal file
View File

File diff suppressed because it is too large Load Diff

82
0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
View File

@ -1,82 +0,0 @@
From 150e428c0e8d40257a983c2f82be5e8e0f30920f Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Thu, 25 Jul 2024 12:47:00 +0200
Subject: [PATCH 13/32] fix(dracut-init.sh): add module to mods_to_load before
checking dependencies
When implementing erofs support for 99squash we end up with three
modules 99squash, 95squash-squashfs and 95squash-erofs. Where 99squash
contains the common code for filesystem images and
95squash-{squashfs,erofs} the special handing depending on the
filesystem used. This leads to a dependency cycle as we want to allow
users both to choose 99squash, when the exact filesystem doesn't matter,
as well as 95squash-{squashfs,erofs} when a specific filesystem is
required.
But when 99squash is added as a dependency calling
dracut_module_included fails in its depends() function. This lead to
cases where both handlers, 95squash-squashfs and 95squash-erofs, were
added to the initrd.
Reason for the failure is that a module only is marked to be loaded
after all it's dependencies have been checked as well. Thus a child
module cannot detect which parent module wants it to be included. Fix
this by marking modules to be loaded before checking its dependencies in
check_module. Do the same change in check_mount for consistency.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 634b4a5c6fbe595eb240cd529d669d21eadd510c)
Related: RHEL-43460
---
dracut-init.sh | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 8e943493..746362d1 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -924,6 +924,9 @@ check_mount() {
fi
fi
+ [[ " $mods_to_load " == *\ $_mod\ * ]] \
+ || mods_to_load+=" $_mod "
+
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -942,9 +945,6 @@ check_mount() {
fi
done
- [[ " $mods_to_load " == *\ $_mod\ * ]] \
- || mods_to_load+=" $_mod "
-
return 0
}
@@ -999,6 +999,9 @@ check_module() {
fi
fi
+ [[ " $mods_to_load " == *\ $_mod\ * ]] \
+ || mods_to_load+=" $_mod "
+
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1017,9 +1020,6 @@ check_module() {
fi
done
- [[ " $mods_to_load " == *\ $_mod\ * ]] \
- || mods_to_load+=" $_mod "
-
return 0
}
--
2.42.0

192
0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
View File

@ -1,192 +0,0 @@
From 2d851d7d1709f5a03d8dab847aa42770bff2644b Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:30:50 +0200
Subject: [PATCH 14/32] feat(squash): move mksquashfs to 99squash/modules-setup
When using 99squash dracut actually builds two separat initrds. The
"normal" one, that gets squashed into a squashfs image, and a
"minimalistic" one, whose only task is to mount and switch_root to the
squashfs image.
For that 99squash currently requires a lot of special handling in
dracut.sh. Move most of this special handling into 99squash itself. This
requires a new approach when building the "minimalistic" initrd. The new
approach works the following way
1. During the installation phase install the "normal" initrd into
$initdir and the "minimalistic" initrd into $squashdir.
2. Strip the binaries in $initdir.
3. Trigger a special postinstall hook in 99squash that squashes the
content of $initdir (excluding $squashdir) into the squashfs image,
removes the content of $intidir (excluding $suqashdir) and, moves the
content of $squashdir into $initdir.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 7a4dd89ca732329893628b886fe8e78337d896e8)
Related: RHEL-43460
---
dracut.sh | 35 ++++--------------
modules.d/99squash/module-setup.sh | 58 +++++++++++++++++++++---------
2 files changed, 49 insertions(+), 44 deletions(-)
diff --git a/dracut.sh b/dracut.sh
index 856b884e..4d2e3df2 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1260,6 +1260,7 @@ trap '
trap 'exit 1;' SIGINT
readonly initdir="${DRACUT_TMPDIR}/initramfs"
+readonly squashdir="$initdir/squash_root"
mkdir -p "$initdir"
if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi_table_dir ]]; }; then
@@ -1787,7 +1788,8 @@ export initdir dracutbasedir \
host_fs_types host_devs swap_devs sshkey add_fstab \
DRACUT_VERSION \
prefix filesystems drivers \
- hostonly_cmdline loginstall
+ hostonly_cmdline loginstall \
+ squashdir squash_compress
mods_to_load=""
# check all our modules to see if they should be sourced.
@@ -1892,6 +1894,8 @@ if [[ $kernel_only != yes ]]; then
fi
fi
+dracut_module_included "squash" && mkdir -p "$squashdir"
+
_isize=0 #initramfs size
modules_loaded=" "
# source our modules.
@@ -2243,14 +2247,6 @@ if [[ $kernel_only != yes ]]; then
build_ld_cache
fi
-if dracut_module_included "squash"; then
- readonly squash_dir="$initdir/squash/root"
- readonly squash_img="$initdir/squash-root.img"
- mkdir -p "$squash_dir"
- dinfo "*** Install squash loader ***"
- DRACUT_SQUASH_POST_INST=1 module_install "squash"
-fi
-
if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
# stripping files negates (dedup) benefits of using reflink
[[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink"
@@ -2270,25 +2266,8 @@ fi
if dracut_module_included "squash"; then
dinfo "*** Squashing the files inside the initramfs ***"
- declare squash_compress_arg
- # shellcheck disable=SC2086
- if [[ $squash_compress ]]; then
- if ! mksquashfs /dev/null "$DRACUT_TMPDIR"/.squash-test.img -no-progress -comp $squash_compress &> /dev/null; then
- dwarn "mksquashfs doesn't support compressor '$squash_compress', failing back to default compressor."
- else
- squash_compress_arg="$squash_compress"
- fi
- fi
-
- # shellcheck disable=SC2086
- if ! mksquashfs "$squash_dir" "$squash_img" \
- -no-xattrs -no-exports -noappend -no-recovery -always-use-fragments \
- -no-progress ${squash_compress_arg:+-comp $squash_compress_arg} 1> /dev/null; then
- dfatal "Failed making squash image"
- exit 1
- fi
-
- rm -rf "$squash_dir"
+ DRACUT_SQUASH_POST_INST=1 module_install "squash"
+ rm -rf "$squashdir"
dinfo "*** Squashing the files inside the initramfs done ***"
# Skip initramfs compress
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index dc2e0a20..96d097af 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -12,26 +12,13 @@ depends() {
return 0
}
-installpost() {
+squash_install() {
local _busybox
_busybox=$(find_binary busybox)
- # Move everything under $initdir except $squash_dir
- # itself into squash image
- for i in "$initdir"/*; do
- [[ $squash_dir == "$i"/* ]] || mv "$i" "$squash_dir"/
- done
-
# Create mount points for squash loader
mkdir -p "$initdir"/squash/
- mkdir -p "$squash_dir"/squash/
-
- # Copy dracut spec files out side of the squash image
- # so dracut rebuild and lsinitrd can work
- for file in "$squash_dir"/usr/lib/dracut/*; do
- [[ -f $file ]] || continue
- DRACUT_RESOLVE_DEPS=1 dracutsysrootdir="$squash_dir" inst "${file#"$squash_dir"}"
- done
+ mkdir -p "$squashdir"/squash/
# Install required modules and binaries for the squash image init script.
if [[ $_busybox ]]; then
@@ -61,8 +48,47 @@ installpost() {
build_ld_cache
}
+squash_installpost() {
+ local _img="$squashdir"/squash-root.img
+ local _comp _file
+
+ # shellcheck disable=SC2086
+ if [[ $squash_compress ]]; then
+ if ! mksquashfs /dev/null "$DRACUT_TMPDIR"/.squash-test.img -no-progress -comp $squash_compress &> /dev/null; then
+ dwarn "mksquashfs doesn't support compressor '$squash_compress', failing back to default compressor."
+ else
+ _comp="$squash_compress"
+ fi
+ fi
+
+ # shellcheck disable=SC2086
+ if ! mksquashfs "$initdir" "$_img" \
+ -no-xattrs -no-exports -noappend -no-recovery -always-use-fragments \
+ -no-progress ${_comp:+-comp $_comp} \
+ -e "$squashdir" 1> /dev/null; then
+ dfatal "Failed making squash image"
+ exit 1
+ fi
+
+ # Rescue the dracut spec files so dracut rebuild and lsinitrd can work
+ for _file in "$initdir"/usr/lib/dracut/*; do
+ [[ -f $_file ]] || continue
+ DRACUT_RESOLVE_DEPS=1 dstdir=$squashdir inst "$_file" "${_file#"$initdir"}"
+ done
+
+ # Remove everything that got squashed into the image
+ for _file in "$initdir"/*; do
+ [[ $_file == "$squashdir" ]] && continue
+ rm -rf "$_file"
+ done
+ mv "$squashdir"/* "$initdir"
+}
+
install() {
+
if [[ $DRACUT_SQUASH_POST_INST ]]; then
- installpost
+ squash_installpost
+ else
+ dstdir="$squashdir" squash_install
fi
}
--
2.42.0

183
0015-feat-squash-split-95squash-squashfs-from-99squash.patch
View File

@ -1,183 +0,0 @@
From dd3daa0560e4e4f809b42a901cd79076d3577f96 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 16:39:13 +0200
Subject: [PATCH 15/32] feat(squash): split 95squash-squashfs from 99squash
99squash only allows squashing the files using squashfs. In order to
make the implementation for different filesystems easier split out the
squashfs specific parts into 95squash-squashfs.
While at it rename the root image contained in the initrd to
squashfs-root.img. This allows tools like lsinitrd to detect the
filesystem used later on.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit f281606f110be1549cd6b1cd34828653879a5f50)
Related: RHEL-43460
---
modules.d/95squash-squashfs/module-setup.sh | 48 ++++++++++++++++++
modules.d/99squash/init-squash.sh | 2 +-
modules.d/99squash/module-setup.sh | 54 ++++++++++++---------
3 files changed, 80 insertions(+), 24 deletions(-)
create mode 100755 modules.d/95squash-squashfs/module-setup.sh
diff --git a/modules.d/95squash-squashfs/module-setup.sh b/modules.d/95squash-squashfs/module-setup.sh
new file mode 100755
index 00000000..83973700
--- /dev/null
+++ b/modules.d/95squash-squashfs/module-setup.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+check() {
+ require_binaries mksquashfs unsquashfs || return 1
+ require_kernel_modules squashfs || return 1
+
+ return 255
+}
+
+depends() {
+ echo "squash"
+ return 0
+}
+
+squashfs_install() {
+ hostonly="" instmods "squashfs"
+}
+
+squashfs_installpost() {
+ local _img="$squashdir/squashfs-root.img"
+ local _comp
+
+ # shellcheck disable=SC2086
+ if [[ $squash_compress ]]; then
+ if ! mksquashfs /dev/null "$DRACUT_TMPDIR"/.squash-test.img -no-progress -comp $squash_compress &> /dev/null; then
+ dwarn "mksquashfs doesn't support compressor '$squash_compress', failing back to default compressor."
+ else
+ _comp="$squash_compress"
+ fi
+ fi
+
+ # shellcheck disable=SC2086
+ if ! mksquashfs "$initdir" "$_img" \
+ -no-xattrs -no-exports -noappend -no-recovery -always-use-fragments \
+ -no-progress ${_comp:+-comp $_comp} \
+ -e "$squashdir" 1> /dev/null; then
+ dfatal "Failed making squash image"
+ exit 1
+ fi
+}
+
+install() {
+ if [[ $DRACUT_SQUASH_POST_INST ]]; then
+ squashfs_installpost
+ else
+ dstdir="$squashdir" squashfs_install
+ fi
+}
diff --git a/modules.d/99squash/init-squash.sh b/modules.d/99squash/init-squash.sh
index 59769f62..42a9a86f 100755
--- a/modules.d/99squash/init-squash.sh
+++ b/modules.d/99squash/init-squash.sh
@@ -21,7 +21,7 @@ modprobe overlay
# Mount the squash image
mount -t ramfs ramfs /squash
mkdir -p /squash/root /squash/overlay/upper /squash/overlay/work
-mount -t squashfs -o ro,loop /squash-root.img /squash/root
+mount -t squashfs -o ro,loop /squashfs-root.img /squash/root
# Setup new root overlay
mkdir /newroot
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index 96d097af..015944c2 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -1,17 +1,42 @@
#!/bin/bash
check() {
- require_binaries mksquashfs unsquashfs || return 1
- require_kernel_modules squashfs loop overlay || return 1
+ require_kernel_modules loop overlay || return 1
return 255
}
depends() {
- echo "systemd-initrd"
+ local _handler
+
+ _handler=$(squash_get_handler) || return 1
+
+ echo "systemd-initrd $_handler"
return 0
}
+squash_get_handler() {
+ local _module _handler
+
+ for _module in squash-squashfs; do
+ if dracut_module_included "$_module"; then
+ _handler="$_module"
+ break
+ fi
+ done
+
+ if [ -z "$_handler" ]; then
+ if check_module "squash-squashfs"; then
+ _handler="squash-squashfs"
+ else
+ dfatal "No valid handler for found"
+ return 1
+ fi
+ fi
+
+ echo "$_handler"
+}
+
squash_install() {
local _busybox
_busybox=$(find_binary busybox)
@@ -36,7 +61,7 @@ squash_install() {
[[ $DRACUT_FIPS_MODE ]] && inst_libdir_file -o "libssl.so*"
fi
- hostonly="" instmods "loop" "squashfs" "overlay"
+ hostonly="" instmods "loop" "overlay"
dracut_kernel_post
# Install squash image init script.
@@ -49,26 +74,9 @@ squash_install() {
}
squash_installpost() {
- local _img="$squashdir"/squash-root.img
- local _comp _file
-
- # shellcheck disable=SC2086
- if [[ $squash_compress ]]; then
- if ! mksquashfs /dev/null "$DRACUT_TMPDIR"/.squash-test.img -no-progress -comp $squash_compress &> /dev/null; then
- dwarn "mksquashfs doesn't support compressor '$squash_compress', failing back to default compressor."
- else
- _comp="$squash_compress"
- fi
- fi
+ local _file
- # shellcheck disable=SC2086
- if ! mksquashfs "$initdir" "$_img" \
- -no-xattrs -no-exports -noappend -no-recovery -always-use-fragments \
- -no-progress ${_comp:+-comp $_comp} \
- -e "$squashdir" 1> /dev/null; then
- dfatal "Failed making squash image"
- exit 1
- fi
+ DRACUT_SQUASH_POST_INST=1 module_install "$(squash_get_handler)"
# Rescue the dracut spec files so dracut rebuild and lsinitrd can work
for _file in "$initdir"/usr/lib/dracut/*; do
--
2.42.0

128
0016-feat-squash-add-module-95squash-erofs.patch
View File

@ -1,128 +0,0 @@
From fcc73940a1e21fa79b7133e12ed0f8ed13645a54 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 17:42:33 +0200
Subject: [PATCH 16/32] feat(squash): add module 95squash-erofs
Allow squashing the image in 99squash using erofs. Keep squashfs as
default to not change existing systems. I.e. only use erofs if the user
explicitly include 95squash-erofs or when the prereqs for squashfs are
missing.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit e185d6ae1cc38af90f741d3d6c677458d69a345f)
Resolves: RHEL-43460
---
modules.d/95squash-erofs/module-setup.sh | 45 ++++++++++++++++++++++++
modules.d/99squash/init-squash.sh | 12 +++++--
modules.d/99squash/module-setup.sh | 4 ++-
3 files changed, 58 insertions(+), 3 deletions(-)
create mode 100755 modules.d/95squash-erofs/module-setup.sh
diff --git a/modules.d/95squash-erofs/module-setup.sh b/modules.d/95squash-erofs/module-setup.sh
new file mode 100755
index 00000000..71c2b672
--- /dev/null
+++ b/modules.d/95squash-erofs/module-setup.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+check() {
+ require_binaries mkfs.erofs || return 1
+ require_kernel_modules erofs || return 1
+
+ return 255
+}
+
+depends() {
+ echo "squash"
+ return 0
+}
+
+erofs_install() {
+ hostonly="" instmods "erofs"
+}
+
+erofs_installpost() {
+ local _img="$squashdir/erofs-root.img"
+ local -a _erofs_args
+
+ _erofs_args+=("--exclude-path=$squashdir")
+ _erofs_args+=("-E" "fragments")
+
+ if [[ -n $squash_compress ]]; then
+ if mkfs.erofs "${_erofs_args[@]}" -z "$squash_compress" "$_img" "$initdir" &> /dev/null; then
+ return
+ fi
+ dwarn "mkfs.erofs doesn't support compressor '$squash_compress', failing back to default compressor."
+ fi
+
+ if ! mkfs.erofs "${_erofs_args[@]}" "$_img" "$initdir" &> /dev/null; then
+ dfatal "Failed making squash image"
+ exit 1
+ fi
+}
+
+install() {
+ if [[ $DRACUT_SQUASH_POST_INST ]]; then
+ erofs_installpost
+ else
+ dstdir="$squashdir" erofs_install
+ fi
+}
diff --git a/modules.d/99squash/init-squash.sh b/modules.d/99squash/init-squash.sh
index 42a9a86f..31a39cfd 100755
--- a/modules.d/99squash/init-squash.sh
+++ b/modules.d/99squash/init-squash.sh
@@ -13,15 +13,23 @@ grep -q '^devtmpfs /dev devtmpfs' /proc/self/mounts \
grep -q '^tmpfs /run tmpfs' /proc/self/mounts \
|| (mkdir -p /run && mount -t tmpfs -o mode=755,noexec,nosuid,strictatime tmpfs /run)
+if [ -e /erofs-root.img ]; then
+ _fs=erofs
+ _img=erofs-root.img
+else
+ _fs=squashfs
+ _img=squashfs-root.img
+fi
+
# Load required modules
modprobe loop
-modprobe squashfs
+modprobe "$_fs"
modprobe overlay
# Mount the squash image
mount -t ramfs ramfs /squash
mkdir -p /squash/root /squash/overlay/upper /squash/overlay/work
-mount -t squashfs -o ro,loop /squashfs-root.img /squash/root
+mount -t "$_fs" -o ro,loop /"$_img" /squash/root
# Setup new root overlay
mkdir /newroot
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index 015944c2..5cbbec63 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -18,7 +18,7 @@ depends() {
squash_get_handler() {
local _module _handler
- for _module in squash-squashfs; do
+ for _module in squash-squashfs squash-erofs; do
if dracut_module_included "$_module"; then
_handler="$_module"
break
@@ -28,6 +28,8 @@ squash_get_handler() {
if [ -z "$_handler" ]; then
if check_module "squash-squashfs"; then
_handler="squash-squashfs"
+ elif check_module "squash-erofs"; then
+ _handler="squash-erofs"
else
dfatal "No valid handler for found"
return 1
--
2.42.0

240
0017-feat-lsinitrd-add-support-for-erofs-images.patch
View File

@ -1,240 +0,0 @@
From fc5efe96e0ffbfa447d27ba28245420f91b638dc Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 18:33:37 +0200
Subject: [PATCH 17/32] feat(lsinitrd): add support for erofs images
Add support to handle erofs images in lsinitrd. Unfortunately the erofs
tooling is missing some functionality of unsquashfs, esp. the ability to
extract single files and list the content of the image. Work around this
deficiency by always extracting the full image and emulate the missing
functionality as close as possible.
While at it also handle the rename of the squashfs image to
squashfs-root.img.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 009b4ccc94fe3fcf129dddc5aca4f25b1e1b1862)
Resolves: RHEL-43460
---
lsinitrd.sh | 167 +++++++++++++++++++++++++++++++++++-----------------
1 file changed, 113 insertions(+), 54 deletions(-)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index b36d0e12..6799f938 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -174,10 +174,47 @@ dracutlibdirs() {
done
}
+SQUASH_TMPFILE=""
+SQUASH_EXTRACT="$TMPDIR/squash-extract"
+
+extract_squash_img() {
+ local _img _tmp
+
+ [[ $SQUASH_TMPDIR == none ]] && return 1
+ [[ -s $SQUASH_TMPFILE ]] && return 0
+
+ # Before dracut 104 the image was named squash-root.img. Keep the old name
+ # so newer versions of lsinitrd can inspect initrds build with older dracut
+ # versions.
+ for _img in squash-root.img squashfs-root.img erofs-root.img; do
+ _tmp="$TMPDIR/$_img"
+ $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout -- \
+ $_img > "$_tmp" 2> /dev/null
+ [[ -s $_tmp ]] || continue
+
+ SQUASH_TMPFILE="$_tmp"
+
+ # fsck.erofs doesn't allow extracting single files or listing the
+ # content of the image. So always extract the full image.
+ if [[ $_img == erofs-root.img ]]; then
+ mkdir -p "$SQUASH_EXTRACT"
+ fsck.erofs --extract="$SQUASH_EXTRACT/erofs-root" --overwrite "$SQUASH_TMPFILE" 2> /dev/null
+ ((ret += $?))
+ fi
+
+ break
+ done
+
+ if [[ -z $SQUASH_TMPFILE ]]; then
+ SQUASH_TMPFILE=none
+ return 1
+ fi
+
+ return 0
+}
+
extract_files() {
- SQUASH_IMG="squash-root.img"
- SQUASH_TMPFILE="$TMPDIR/initrd.root.sqsh"
- SQUASH_EXTRACT="$TMPDIR/squash-extract"
+ local nofileinfo
((${#filenames[@]} == 1)) && nofileinfo=1
for f in "${!filenames[@]}"; do
@@ -185,18 +222,24 @@ extract_files() {
[[ $nofileinfo ]] || echo "========================================================================"
# shellcheck disable=SC2001
[[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g')
- $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout "$f" 2> /dev/null
- ((ret += $?))
- if [[ -z ${f/#squashfs-root*/} ]]; then
- if [[ ! -s $SQUASH_TMPFILE ]]; then
- $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout -- \
- $SQUASH_IMG > "$SQUASH_TMPFILE" 2> /dev/null
- fi
- unsquashfs -force -d "$SQUASH_EXTRACT" -no-progress "$SQUASH_TMPFILE" "${f#squashfs-root/}" > /dev/null 2>&1
- ((ret += $?))
- cat "$SQUASH_EXTRACT/${f#squashfs-root/}" 2> /dev/null
- rm "$SQUASH_EXTRACT/${f#squashfs-root/}" 2> /dev/null
- fi
+
+ case $f in
+ squashfs-root/*)
+ extract_squash_img
+ unsquashfs -force -d "$SQUASH_EXTRACT" -no-progress "$SQUASH_TMPFILE" "${f#squashfs-root/}" &> /dev/null
+ ((ret += $?))
+ cat "$SQUASH_EXTRACT/${f#squashfs-root/}" 2> /dev/null
+ ;;
+ erofs-root/*)
+ extract_squash_img
+ cat "$SQUASH_EXTRACT/$f" 2> /dev/null
+ ;;
+ *)
+ $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout "$f" 2> /dev/null
+ ((ret += $?))
+ ;;
+ esac
+
[[ $nofileinfo ]] || echo "========================================================================"
[[ $nofileinfo ]] || echo
done
@@ -222,66 +265,82 @@ list_files() {
}
list_squash_content() {
- SQUASH_IMG="squash-root.img"
- SQUASH_TMPFILE="$TMPDIR/initrd.root.sqsh"
+ extract_squash_img || return 0
- $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout -- \
- $SQUASH_IMG > "$SQUASH_TMPFILE" 2> /dev/null
- if [[ -s $SQUASH_TMPFILE ]]; then
- echo "Squashed content ($SQUASH_IMG):"
- echo "========================================================================"
- unsquashfs -d "squashfs-root" -ll "$SQUASH_TMPFILE" | tail -n +4
- echo "========================================================================"
- fi
+ echo "Squashed content (${SQUASH_TMPFILE##*/}):"
+ echo "========================================================================"
+ case $SQUASH_TMPFILE in
+ */squash-root.img | */squashfs-root.img)
+ unsquashfs -ll "$SQUASH_TMPFILE" | tail -n +4
+ ;;
+ */erofs-root.img)
+ (
+ cd "$SQUASH_EXTRACT" || return 1
+ find erofs-root/ -ls
+ )
+ ;;
+ esac
+ echo "========================================================================"
}
list_cmdline() {
- # depends on list_squash_content() having run before
- SQUASH_IMG="squash-root.img"
- SQUASH_TMPFILE="$TMPDIR/initrd.root.sqsh"
- SQUASH_EXTRACT="$TMPDIR/squash-extract"
echo "dracut cmdline:"
# shellcheck disable=SC2046
$CAT "$image" | cpio --extract --verbose --quiet --to-stdout -- \
etc/cmdline.d/\*.conf 2> /dev/null
((ret += $?))
- if [[ -s $SQUASH_TMPFILE ]]; then
- unsquashfs -force -d "$SQUASH_EXTRACT" -no-progress "$SQUASH_TMPFILE" etc/cmdline.d/\*.conf > /dev/null 2>&1
- ((ret += $?))
- cat "$SQUASH_EXTRACT"/etc/cmdline.d/*.conf 2> /dev/null
- rm "$SQUASH_EXTRACT"/etc/cmdline.d/*.conf 2> /dev/null
- fi
+
+ extract_squash_img || return 0
+ case $SQUASH_TMPFILE in
+ */squash-root.img | */squashfs-root.img)
+ unsquashfs -force -d "$SQUASH_EXTRACT" -no-progress "$SQUASH_TMPFILE" etc/cmdline.d/\*.conf &> /dev/null
+ ((ret += $?))
+ cat "$SQUASH_EXTRACT"/etc/cmdline.d/*.conf 2> /dev/null
+ ;;
+ */erofs-root.img)
+ cat "$SQUASH_EXTRACT"/erofs-root/etc/cmdline.d/*.conf 2> /dev/null
+ ;;
+ esac
+
}
unpack_files() {
- SQUASH_IMG="squash-root.img"
- SQUASH_TMPFILE="$TMPDIR/initrd.root.sqsh"
-
if ((${#filenames[@]} > 0)); then
for f in "${!filenames[@]}"; do
# shellcheck disable=SC2001
[[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g')
- $CAT "$image" 2> /dev/null | cpio -id --quiet $verbose "$f"
- ((ret += $?))
- if [[ -z ${f/#squashfs-root*/} ]]; then
- if [[ ! -s $SQUASH_TMPFILE ]]; then
- $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout -- \
- $SQUASH_IMG > "$SQUASH_TMPFILE" 2> /dev/null
- fi
- unsquashfs -force -d "squashfs-root" -no-progress "$SQUASH_TMPFILE" "${f#squashfs-root/}" > /dev/null
- ((ret += $?))
- fi
+ case $f in
+ squashfs-root/*)
+ extract_squash_img || continue
+ unsquashfs -force -d "squashfs-root" -no-progress "$SQUASH_TMPFILE" "${f#squashfs-root/}" > /dev/null
+ ((ret += $?))
+ ;;
+ erofs-root/*)
+ extract_squash_img || continue
+ mkdir -p "${f%/*}"
+ cp -rf "$SQUASH_EXTRACT/$f" "$f"
+ ;;
+ *)
+ $CAT "$image" 2> /dev/null | cpio -id --quiet $verbose "$f"
+ ((ret += $?))
+ ;;
+ esac
done
else
$CAT "$image" 2> /dev/null | cpio -id --quiet $verbose
((ret += $?))
- $CAT "$image" 2> /dev/null | cpio --extract --verbose --quiet --to-stdout -- \
- $SQUASH_IMG > "$SQUASH_TMPFILE" 2> /dev/null
- if [[ -s $SQUASH_TMPFILE ]]; then
- unsquashfs -d "squashfs-root" -no-progress "$SQUASH_TMPFILE" > /dev/null
- ((ret += $?))
- fi
+
+ extract_squash_img || return 0
+ case $SQUASH_TMPFILE in
+ */squash-root.img | */squashfs-root.img)
+ unsquashfs -d "squashfs-root" -no-progress "$SQUASH_TMPFILE" > /dev/null
+ ((ret += $?))
+ ;;
+ */erofs-root.img)
+ cp -rf "$SQUASH_EXTRACT/erofs-root" .
+ ;;
+ esac
fi
}
--
2.42.0

59
0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
View File

@ -1,59 +0,0 @@
From ac4b18bf89bfa440ff741557fe9928cd2b19b66e Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 17:24:28 +0200
Subject: [PATCH 18/32] feat(dracut-initramfs-restore): unpack erofs images
Follow the example for squashfs images and also unpack erofs images in
dracut-initramfs-restore.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit b390e194911835e6bd24eeeb0946e374852b8ddc)
Resolves: RHEL-43460
---
dracut-initramfs-restore.sh | 10 ++++++++--
modules.d/95squash-erofs/module-setup.sh | 2 +-
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/dracut-initramfs-restore.sh b/dracut-initramfs-restore.sh
index 74725308..98cfaed7 100755
--- a/dracut-initramfs-restore.sh
+++ b/dracut-initramfs-restore.sh
@@ -81,12 +81,18 @@ else
exit 1
fi
-if [[ -d squash ]]; then
- if ! unsquashfs -no-xattrs -f -d . squash-root.img > /dev/null; then
+if [[ -f squashfs-root.img ]]; then
+ if ! unsquashfs -no-xattrs -f -d . squashfs-root.img > /dev/null; then
echo "Squash module is enabled for this initramfs but failed to unpack squash-root.img" >&2
rm -f -- /run/initramfs/shutdown
exit 1
fi
+elif [[ -f erofs-root.img ]]; then
+ if ! fsck.erofs --extract=. --overwrite erofs-root.img > /dev/null; then
+ echo "Squash module is enabled for this initramfs but failed to unpack erofs-root.img" >&2
+ rm -f -- /run/initramfs/shutdown
+ exit 1
+ fi
fi
if grep -q -w selinux /sys/kernel/security/lsm 2> /dev/null \
diff --git a/modules.d/95squash-erofs/module-setup.sh b/modules.d/95squash-erofs/module-setup.sh
index 71c2b672..d763a902 100755
--- a/modules.d/95squash-erofs/module-setup.sh
+++ b/modules.d/95squash-erofs/module-setup.sh
@@ -1,7 +1,7 @@
#!/bin/bash
check() {
- require_binaries mkfs.erofs || return 1
+ require_binaries mkfs.erofs fsck.erofs || return 1
require_kernel_modules erofs || return 1
return 255
--
2.42.0

55
0019-fix-squash-explicitly-create-required-directories.patch
View File

@ -1,55 +0,0 @@
From c0bd2334708d9bfc6fbeb1c63eae0037eb4157b6 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:35:17 +0200
Subject: [PATCH 19/32] fix(squash): explicitly create required directories
At the moment 99squash relies on dracut-install to create the required
directories it later links to. This approach is error prone and will
cause problems when switching to use 99busybox later on, which tries to
add a link to /usr/sbin that hasn't been created. Thus explicitly
create the expected directories before installing the minimal initrd.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit dde95b10ff6b28330370fd697350f8bc5da422da)
Related: RHEL-43460
---
modules.d/99squash/module-setup.sh | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index 5cbbec63..6aa649b7 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -40,12 +40,15 @@ squash_get_handler() {
}
squash_install() {
- local _busybox
+ local _busybox _dir
_busybox=$(find_binary busybox)
- # Create mount points for squash loader
- mkdir -p "$initdir"/squash/
- mkdir -p "$squashdir"/squash/
+ # Create mount points for squash loader and basic directories
+ mkdir -p "$initdir"/squash
+ for _dir in squash usr/bin usr/sbin usr/lib; do
+ mkdir -p "$squashdir/$_dir"
+ [[ $_dir == usr/* ]] && ln_r "/$_dir" "${_dir#usr}"
+ done
# Install required modules and binaries for the squash image init script.
if [[ $_busybox ]]; then
@@ -67,8 +70,6 @@ squash_install() {
dracut_kernel_post
# Install squash image init script.
- ln_r /usr/bin /bin
- ln_r /usr/sbin /sbin
inst_simple "$moddir"/init-squash.sh /init
# make sure that library links are correct and up to date for squash loader
--
2.42.0

64
0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
View File

@ -1,64 +0,0 @@
From eef65961330c8fb68493d9a3eab55171482984c1 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:44:32 +0200
Subject: [PATCH 20/32] fix(squash): use 99busybox instead of installing it
manually
Make use of 99busybox in 99squash rather than installing it manually.
This not only removes duplicate code but allows mixing of busybox with
tools from coreutils. This requires a small change in 99busybox to
remove the hard coded use of $initdir.
Suggested-by: Laszlo Gombos <laszlo.gombos@gmail.com>
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 395366278f473038badba239f76cac391428b149)
Related: RHEL-43460
---
modules.d/05busybox/module-setup.sh | 5 +++++
modules.d/99squash/module-setup.sh | 5 +----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/modules.d/05busybox/module-setup.sh b/modules.d/05busybox/module-setup.sh
index 86b3761a..857145c9 100755
--- a/modules.d/05busybox/module-setup.sh
+++ b/modules.d/05busybox/module-setup.sh
@@ -15,6 +15,7 @@ depends() {
# called by dracut
install() {
local _i _path _busybox
+ local _dstdir="${dstdir:-"$initdir"}"
local _progs=()
_busybox=$(find_binary busybox)
inst "$_busybox" /usr/bin/busybox
@@ -26,6 +27,10 @@ install() {
for _i in "${_progs[@]}"; do
_path=$(find_binary "$_i")
[ -z "$_path" ] && continue
+
+ # do not remove existing destination files
+ [ -e "${_dstdir}/$_path" ] && continue
+
ln_r /usr/bin/busybox "$_path"
done
}
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index 6aa649b7..56f70774 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -52,10 +52,7 @@ squash_install() {
# Install required modules and binaries for the squash image init script.
if [[ $_busybox ]]; then
- inst "$_busybox" /usr/bin/busybox
- for _i in sh echo mount modprobe mkdir switch_root grep umount; do
- ln_r /usr/bin/busybox /usr/bin/$_i
- done
+ module_install "busybox"
else
DRACUT_RESOLVE_DEPS=1 inst_multiple sh mount modprobe mkdir switch_root grep umount
--
2.42.0

40
0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
View File

@ -1,40 +0,0 @@
From 4dfd0c8de071f074c813a87cc06335fa43e93a9d Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:55:03 +0200
Subject: [PATCH 26/32] fix(nfs): include also entries from
/usr/lib/{passwd,group}
as those paths are used by bootc instead of the /etc ones.
(cherry picked from commit 45cdf3c4f24f77f04b264a7747f115d1031b2e67)
Resolves: RHEL-53431
---
modules.d/95nfs/module-setup.sh | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index fbaeeb00..df2d0e05 100755
--- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh
@@ -130,8 +130,15 @@ install() {
# Rather than copy the passwd file in, just set a user for rpcbind
# We'll save the state and restart the daemon from the root anyway
- grep -E '^(nfsnobody|_rpc|rpc|rpcuser):' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd"
- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group"
+ local _confdir
+ for _confdir in etc usr/lib; do
+
+ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \
+ >> "$initdir/${_confdir}/passwd"
+
+ grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \
+ >> "$initdir/${_confdir}/group"
+ done
dracut_need_initqueue
}
--
2.42.0

73
0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
View File

@ -1,73 +0,0 @@
From f26573ec709c7703863e8affdec990b100c25598 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:58:54 +0200
Subject: [PATCH 27/32] revert(dracut-init.sh): add module to mods_to_load
before checking dependencies
Commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before
checking dependencies") introduced a regression. When dracut is in
"auto" mode, i.e. '--modules auto' or no --modules is provided, the
expected behavior is that all modules that return 0 in their check()
function are included. Except for the ones where the dependencies cannot
be installed. The commit however, caused those modules to be included
without their dependencies. Thus revert the commit.
This reverts commit d0f8fde5668cfd7fda1d15824e268b4949b4fd04.
Reported-by: Jo Zzsi <jozzsicsataban@gmail.com>
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit bddbb11bbbfc405317a6fbd53bb189b575d46da2)
Resolves: RHEL-43460
---
dracut-init.sh | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 3917bb0d..644825c9 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -924,9 +924,6 @@ check_mount() {
fi
fi
- [[ " $mods_to_load " == *\ $_mod\ * ]] \
- || mods_to_load+=" $_mod "
-
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -945,6 +942,9 @@ check_mount() {
fi
done
+ [[ " $mods_to_load " == *\ $_mod\ * ]] \
+ || mods_to_load+=" $_mod "
+
return 0
}
@@ -1001,9 +1001,6 @@ check_module() {
fi
fi
- [[ " $mods_to_load " == *\ $_mod\ * ]] \
- || mods_to_load+=" $_mod "
-
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1022,6 +1019,9 @@ check_module() {
fi
done
+ [[ " $mods_to_load " == *\ $_mod\ * ]] \
+ || mods_to_load+=" $_mod "
+
return 0
}
--
2.42.0

313
0028-fix-squash-remove-cyclic-dependency.patch
View File

@ -1,313 +0,0 @@
From 043aef3a9dee83818d67697fb6ad203dc3e87c39 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:23:41 +0200
Subject: [PATCH 28/32] fix(squash): remove cyclic dependency
With commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load
before checking dependencies") reverted 99squash can no longer rely on
dracut_module_included working as expected in its check() and depends()
function. Solve this problem by breaking up the cyclic dependency
between 99squash and 95squash-{squashfs,erofs} as the commit was
originally introduced to allow this cyclic dependency.
This requires to move all code shared by 95squash-{squashfs,erofs} from
99squash to a new 99squash-lib module and update the dependencies
accordingly. In addition update the checks in dracut.sh to check for
99squash-lib as 99squash is no longer guaranteed to be included.
Finally make sure that 99squash-lib isn't included without a back
end.
While at it improve and align the error messages in 99squash and
99squash-lib.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit d5783635950e38cccf334e7163db79f280650fa2)
Resolves: RHEL-43460
---
dracut.sh | 6 +-
modules.d/95squash-erofs/module-setup.sh | 2 +-
modules.d/95squash-squashfs/module-setup.sh | 2 +-
.../{99squash => 99squash-lib}/init-squash.sh | 0
modules.d/99squash-lib/module-setup.sh | 101 ++++++++++++++++++
modules.d/99squash/module-setup.sh | 80 +-------------
6 files changed, 110 insertions(+), 81 deletions(-)
rename modules.d/{99squash => 99squash-lib}/init-squash.sh (100%)
create mode 100755 modules.d/99squash-lib/module-setup.sh
diff --git a/dracut.sh b/dracut.sh
index 4d2e3df2..db6713a9 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1894,7 +1894,7 @@ if [[ $kernel_only != yes ]]; then
fi
fi
-dracut_module_included "squash" && mkdir -p "$squashdir"
+dracut_module_included "squash-lib" && mkdir -p "$squashdir"
_isize=0 #initramfs size
modules_loaded=" "
@@ -2264,9 +2264,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
dinfo "*** Stripping files done ***"
fi
-if dracut_module_included "squash"; then
+if dracut_module_included "squash-lib"; then
dinfo "*** Squashing the files inside the initramfs ***"
- DRACUT_SQUASH_POST_INST=1 module_install "squash"
+ DRACUT_SQUASH_POST_INST=1 module_install "squash-lib"
rm -rf "$squashdir"
dinfo "*** Squashing the files inside the initramfs done ***"
diff --git a/modules.d/95squash-erofs/module-setup.sh b/modules.d/95squash-erofs/module-setup.sh
index d763a902..a6e7ad0b 100755
--- a/modules.d/95squash-erofs/module-setup.sh
+++ b/modules.d/95squash-erofs/module-setup.sh
@@ -8,7 +8,7 @@ check() {
}
depends() {
- echo "squash"
+ echo "squash-lib"
return 0
}
diff --git a/modules.d/95squash-squashfs/module-setup.sh b/modules.d/95squash-squashfs/module-setup.sh
index 83973700..d15586da 100755
--- a/modules.d/95squash-squashfs/module-setup.sh
+++ b/modules.d/95squash-squashfs/module-setup.sh
@@ -8,7 +8,7 @@ check() {
}
depends() {
- echo "squash"
+ echo "squash-lib"
return 0
}
diff --git a/modules.d/99squash/init-squash.sh b/modules.d/99squash-lib/init-squash.sh
similarity index 100%
rename from modules.d/99squash/init-squash.sh
rename to modules.d/99squash-lib/init-squash.sh
diff --git a/modules.d/99squash-lib/module-setup.sh b/modules.d/99squash-lib/module-setup.sh
new file mode 100755
index 00000000..6a0b6f85
--- /dev/null
+++ b/modules.d/99squash-lib/module-setup.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+
+check() {
+ require_kernel_modules loop overlay || return 1
+
+ return 255
+}
+
+depends() {
+ echo "systemd-initrd"
+
+ return 0
+}
+
+squash_get_handler() {
+ local _module _handler
+ local -a _modules=(squash-squashfs squash-erofs)
+
+ for _module in "${_modules[@]}"; do
+ if dracut_module_included "$_module"; then
+ _handler="$_module"
+ break
+ fi
+ done
+
+ if [[ -z $_handler ]]; then
+ dfatal "Cannot include squash-lib directly. It requires one of: ${_modules[*]}"
+ return 1
+ fi
+
+ echo "$_handler"
+}
+
+squash_install() {
+ local _busybox _dir
+
+ # verify that there is a valid handler before doing anything
+ squash_get_handler > /dev/null || return 1
+
+ _busybox=$(find_binary busybox)
+
+ # Create mount points for squash loader and basic directories
+ mkdir -p "$initdir"/squash
+ for _dir in squash usr/bin usr/sbin usr/lib; do
+ mkdir -p "$squashdir/$_dir"
+ [[ $_dir == usr/* ]] && ln_r "/$_dir" "${_dir#usr}"
+ done
+
+ # Install required modules and binaries for the squash image init script.
+ if [[ $_busybox ]]; then
+ module_install "busybox"
+ else
+ DRACUT_RESOLVE_DEPS=1 inst_multiple sh mount modprobe mkdir switch_root grep umount
+
+ # libpthread workaround: pthread_cancel wants to dlopen libgcc_s.so
+ inst_libdir_file -o "libgcc_s.so*"
+
+ # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
+ [[ $DRACUT_FIPS_MODE ]] && inst_libdir_file -o "libssl.so*"
+ fi
+
+ hostonly="" instmods "loop" "overlay"
+ dracut_kernel_post
+
+ # Install squash image init script.
+ inst_simple "$moddir"/init-squash.sh /init
+
+ # make sure that library links are correct and up to date for squash loader
+ build_ld_cache
+}
+
+squash_installpost() {
+ local _file _handler
+
+ _handler=$(squash_get_handler)
+ [[ -n $_handler ]] || return 1
+
+ DRACUT_SQUASH_POST_INST=1 module_install "$_handler"
+
+ # Rescue the dracut spec files so dracut rebuild and lsinitrd can work
+ for _file in "$initdir"/usr/lib/dracut/*; do
+ [[ -f $_file ]] || continue
+ DRACUT_RESOLVE_DEPS=1 dstdir=$squashdir inst "$_file" "${_file#"$initdir"}"
+ done
+
+ # Remove everything that got squashed into the image
+ for _file in "$initdir"/*; do
+ [[ $_file == "$squashdir" ]] && continue
+ rm -rf "$_file"
+ done
+ mv "$squashdir"/* "$initdir"
+}
+
+install() {
+
+ if [[ $DRACUT_SQUASH_POST_INST ]]; then
+ squash_installpost
+ else
+ dstdir="$squashdir" squash_install
+ fi
+}
diff --git a/modules.d/99squash/module-setup.sh b/modules.d/99squash/module-setup.sh
index 56f70774..c48ba2c5 100755
--- a/modules.d/99squash/module-setup.sh
+++ b/modules.d/99squash/module-setup.sh
@@ -1,102 +1,30 @@
#!/bin/bash
check() {
- require_kernel_modules loop overlay || return 1
-
return 255
}
depends() {
- local _handler
-
- _handler=$(squash_get_handler) || return 1
-
- echo "systemd-initrd $_handler"
- return 0
-}
-
-squash_get_handler() {
local _module _handler
+ local -a _modules=(squash-squashfs squash-erofs)
- for _module in squash-squashfs squash-erofs; do
+ for _module in "${_modules[@]}"; do
if dracut_module_included "$_module"; then
_handler="$_module"
break
fi
done
- if [ -z "$_handler" ]; then
+ if [[ -z $_handler ]]; then
if check_module "squash-squashfs"; then
_handler="squash-squashfs"
elif check_module "squash-erofs"; then
_handler="squash-erofs"
else
- dfatal "No valid handler for found"
+ dfatal "Cannot find valid handler for squash. It requires one of: ${_modules[*]}"
return 1
fi
fi
echo "$_handler"
}
-
-squash_install() {
- local _busybox _dir
- _busybox=$(find_binary busybox)
-
- # Create mount points for squash loader and basic directories
- mkdir -p "$initdir"/squash
- for _dir in squash usr/bin usr/sbin usr/lib; do
- mkdir -p "$squashdir/$_dir"
- [[ $_dir == usr/* ]] && ln_r "/$_dir" "${_dir#usr}"
- done
-
- # Install required modules and binaries for the squash image init script.
- if [[ $_busybox ]]; then
- module_install "busybox"
- else
- DRACUT_RESOLVE_DEPS=1 inst_multiple sh mount modprobe mkdir switch_root grep umount
-
- # libpthread workaround: pthread_cancel wants to dlopen libgcc_s.so
- inst_libdir_file -o "libgcc_s.so*"
-
- # FIPS workaround for Fedora/RHEL: libcrypto needs libssl when FIPS is enabled
- [[ $DRACUT_FIPS_MODE ]] && inst_libdir_file -o "libssl.so*"
- fi
-
- hostonly="" instmods "loop" "overlay"
- dracut_kernel_post
-
- # Install squash image init script.
- inst_simple "$moddir"/init-squash.sh /init
-
- # make sure that library links are correct and up to date for squash loader
- build_ld_cache
-}
-
-squash_installpost() {
- local _file
-
- DRACUT_SQUASH_POST_INST=1 module_install "$(squash_get_handler)"
-
- # Rescue the dracut spec files so dracut rebuild and lsinitrd can work
- for _file in "$initdir"/usr/lib/dracut/*; do
- [[ -f $_file ]] || continue
- DRACUT_RESOLVE_DEPS=1 dstdir=$squashdir inst "$_file" "${_file#"$initdir"}"
- done
-
- # Remove everything that got squashed into the image
- for _file in "$initdir"/*; do
- [[ $_file == "$squashdir" ]] && continue
- rm -rf "$_file"
- done
- mv "$squashdir"/* "$initdir"
-}
-
-install() {
-
- if [[ $DRACUT_SQUASH_POST_INST ]]; then
- squash_installpost
- else
- dstdir="$squashdir" squash_install
- fi
-}
--
2.42.0

38
0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
View File

@ -1,38 +0,0 @@
From 2ce3f3ff72e608d7a3d42b566f9772393e313df4 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 27 Aug 2024 12:14:40 +0200
Subject: [PATCH 29/32] fix(dracut.sh): exit when installing the squash loader
fails
The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib
is added without one of the required back ends. Usually this isn't fatal
and simply results in a "normal" initrd, i.e. one without squashed
image, being created. Nevertheless, a user needs to explicitly add one
of the required modules for the code to be triggered. So it is better
to fail with an error rather than giving the user something he didn't
ask for.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 8909d892a7a055ae95be45416e6fbf1b833ff426)
Resolves: RHEL-43460
---
dracut.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut.sh b/dracut.sh
index db6713a9..c5ef61ad 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2266,7 +2266,7 @@ fi
if dracut_module_included "squash-lib"; then
dinfo "*** Squashing the files inside the initramfs ***"
- DRACUT_SQUASH_POST_INST=1 module_install "squash-lib"
+ DRACUT_SQUASH_POST_INST=1 module_install "squash-lib" || exit 1
rm -rf "$squashdir"
dinfo "*** Squashing the files inside the initramfs done ***"
--
2.42.0

40
0030-fix-squash-lib-harden-against-empty-initdir.patch
View File

@ -1,40 +0,0 @@
From e391c64afd187a81861301c949db5ffd1f9a3e5d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:29:01 +0200
Subject: [PATCH 30/32] fix(squash-lib): harden against empty $initdir
The postinstall phase of 99squash-lib has the potential to delete the
whole rootfs if $initdir is empty. This should(tm) never happen.
Nevertheless as the consequences are so devastating it is better to
double check.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
(cherry picked from commit 6b089c70761c81a7b82a1bfba5f2c1faef7e972f)
Resolves: RHEL-43460
---
modules.d/99squash-lib/module-setup.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/modules.d/99squash-lib/module-setup.sh b/modules.d/99squash-lib/module-setup.sh
index 6a0b6f85..be3d3dc0 100755
--- a/modules.d/99squash-lib/module-setup.sh
+++ b/modules.d/99squash-lib/module-setup.sh
@@ -72,6 +72,14 @@ squash_install() {
squash_installpost() {
local _file _handler
+ # this shouldn't happen but...
+ # ...better safe than deleting your rootfs
+ if [[ -z $initdir ]]; then
+ #shellcheck disable=SC2016
+ dfatal '$initdir not set. Something went terribly wrong.'
+ exit 1
+ fi
+
_handler=$(squash_get_handler)
[[ -n $_handler ]] || return 1
--
2.42.0

158
0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch
View File

@ -1,158 +0,0 @@
From 626280f62a8f05e68e70b8db81eeffe196642bf3 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 8 Aug 2024 16:43:31 +0200
Subject: [PATCH 31/32] feat(fips-crypto-policies): make c-p follow FIPS mode
automatically
For a system that uses crypto-policies to be switched to FIPS mode
correctly, it needs to be
- booted with `fips=1` on the kernel command line
- switched to the FIPS crypto-policy (or a policy derived from it)
- have the fips dracut module enabled
On older systems, there were additional steps, for example, creating
`/etc/system-fips`.
We have repeatedly seen inconsistencies between those different toggles,
either because the user space tooling to switch between those does not
(for reliability, maintainability, and compliance reasons) undo some of
the steps it does when disabling FIPS mode, or because other
installation methods (bootc, containers, image builder) independently do
some of those steps. Eventually, all of these ended with user confusion.
We can avoid this situation by eliminating the difference by treating
the `fips=1` kernel command line switch as a single source of truth, and
making all others follow automatically. This module provides this for
crypto-policies, by adding bind-mounts before pivot if the system has
not already been switched to a FIPS-based crypto-policy.
This requires some support from the crypto-policies package (because it
needs to deal with the bind mounts when a user calls
`update-crypto-policies --set`), so make it a no-op unless
- `fips=1` is on the kernel command line
- crypto-policies is installed
- crypto-policies supports the bind-mounts (indicated by the presence
of the `default-fips-config` file)
- the policy isn't already FIPS
These checks should make this safe to add to the initramfs on all
current systems.
The bind-mounts also need to happen in the initramfs already, because
systemd links against OpenSSL, and doing them later means that systemd
will start with an OpenSSL configuration that isn't tailored for FIPS.
See also [1], which adds the user space support to crypto-policies,
along with a systemd service that does the same steps in case dracut
hasn't already done them (which is useful for environments that don't
use an initramfs like containers).
[1]: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/191
Signed-off-by: Clemens Lang <cllang@redhat.com>
(cherry picked from commit bd3c1e1cc2f656f7ee4ff47e00ca716d52a86a3d)
Resolves: RHEL-59678
---
.../fips-crypto-policies.sh | 52 +++++++++++++++++++
.../01fips-crypto-policies/module-setup.sh | 27 ++++++++++
2 files changed, 79 insertions(+)
create mode 100755 modules.d/01fips-crypto-policies/fips-crypto-policies.sh
create mode 100755 modules.d/01fips-crypto-policies/module-setup.sh
diff --git a/modules.d/01fips-crypto-policies/fips-crypto-policies.sh b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
new file mode 100755
index 00000000..ff298298
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/sh
+
+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ] || [ -z "$fipsmode" ]; then
+ # Do nothing if not in FIPS mode
+ return 0
+fi
+
+policyfile=/etc/crypto-policies/config
+fipspolicyfile=/usr/share/crypto-policies/default-fips-config
+backends=/etc/crypto-policies/back-ends
+fipsbackends=/usr/share/crypto-policies/back-ends/FIPS
+
+# When in FIPS mode, check the active crypto policy by reading the
+# $root/etc/crypto-policies/config file. If it is not "FIPS", or does not start
+# with "FIPS:", automatically switch to the FIPS policy by creating
+# bind-mounts.
+
+if ! [ -r "${NEWROOT}${policyfile}" ]; then
+ # No crypto-policies configured, possibly not a system that uses
+ # crypto-policies?
+ return 0
+fi
+
+if ! [ -f "${NEWROOT}${fipspolicyfile}" ]; then
+ # crypto-policies is too old to deal with automatic bind-mounting of the
+ # FIPS policy over the normal policy, do not attempt to do the bind-mount.
+ return 0
+fi
+
+policy=$(cat "${NEWROOT}${policyfile}")
+
+# Remove the largest suffix pattern matching ":*" from the string (i.e., the
+# complete list of active policy modules), then check for FIPS. This is part of
+# POSIX sh (https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_06_02).
+if [ "${policy%%:*}" = "FIPS" ]; then
+ return 0
+fi
+
+# Current crypto policy is not FIPS or FIPS-based, but the system is in FIPS
+# mode; this is an inconsistent configuration. Automatically bind-mount a FIPS
+# configuration over this.
+if ! mount -o bind,ro "${NEWROOT}${fipsbackends}" "${NEWROOT}${backends}"; then
+ warn "Failed to bind-mount FIPS policy over ${backends} (the system is in FIPS mode, but the crypto-policy is not)."
+ # If this bind-mount failed, don't attempt to do the other one to avoid
+ # a system that seems to be in FIPS crypto-policy but actually is not.
+ return 0
+fi
+
+mount -o bind,ro "${NEWROOT}${fipspolicyfile}" "${NEWROOT}${policyfile}" \
+ || warn "Failed to bind-mount FIPS crypto-policy state file over ${policyfile} (the system is in FIPS mode, but the crypto-policy is not)."
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
new file mode 100755
index 00000000..ee00452e
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/bash
+
+# called by dracut
+check() {
+ # only enable on systems that use crypto-policies
+ [ -d "$dracutsysrootdir/etc/crypto-policies" ] && return 0
+
+ # include when something else depends on it or it is explicitly requested
+ return 255
+}
+
+# called by dracut
+depends() {
+ return 0
+}
+
+# called by dracut
+installkernel() {
+ return 0
+}
+
+# called by dracut
+install() {
+ inst_hook pre-pivot 01 "$moddir/fips-crypto-policies.sh"
+
+ inst_multiple mount
+}
--
2.42.0

34
0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch
View File

@ -1,34 +0,0 @@
From cd5dbe004652d88b5d73418cba1e45c54ff9fd12 Mon Sep 17 00:00:00 2001
From: Jo Zzsi <jozzsicsataban@gmail.com>
Date: Thu, 5 Sep 2024 09:09:36 -0400
Subject: [PATCH 32/32] fix(fips-crypto-policies): make it depend on fips
dracut module
(cherry picked from commit a2096dafdbfc88eed91ce34b1f4d27e7eb7ca839)
Conflicts:
modules.d/01fips-crypto-policies/module-setup.sh
Due to upstream e6117b92fa0108dbaf9ea3ac0ec8f5a02487c812, which
was not cherry-picked. Resolved the conflict by keeping the
functions (i.e., undoing the cleanup of the upstream commit).
Resolves: RHEL-59678
---
modules.d/01fips-crypto-policies/module-setup.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
index ee00452e..140eae00 100755
--- a/modules.d/01fips-crypto-policies/module-setup.sh
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -11,6 +11,7 @@ check() {
# called by dracut
depends() {
+ echo fips
return 0
}
--
2.42.0

138
dracut.spec
View File

@ -7,7 +7,7 @@
%global __requires_exclude pkg-config
Name: dracut
Version: 103
Version: 105
Release: 1%{?dist}
Summary: Initramfs generator using udev
@ -22,102 +22,45 @@ URL: https://github.com/dracut-ng/dracut-ng/wiki/
Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
# fix(rngd): install system service file
# Author: Pavel Valena <pvalena@redhat.com>
Patch1: 0001-fix-rngd-install-system-service-file.patch
# revert: "fix(install.d): correctly install pre-genned image and die if no args"
# Author: Pavel Valena <pvalena@redhat.com>
Patch2: 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch
Patch1: 0001-revert-fix-install.d-correctly-install-pre-genned-im.patch
# feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch3: 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
Patch2: 0002-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
# fix(kernel-install): do not generate an initrd when one was specified
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch4: 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
# fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8
# Author: Pavel Valena <pvalena@redhat.com>
Patch5: 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
# revert: "fix(crypt): unlock encrypted devices by default during boot"
# Author: Pavel Valena <pvalena@redhat.com>
Patch6: 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
# test: do not force include dash, let sh module make a selection
# Author: Laszlo Gombos <laszlo.gombos@gmail.com>
Patch7: 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
# fix(dracut-functions): allow for \ in get_maj_min file path
# Author: Pavel Valena <pvalena@redhat.com>
Patch8: 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
# fix(dracut-functions.sh): only return block devices from get_persistent_dev
# Author: Fabian Vogt <fvogt@suse.de>
Patch9: 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
# feat(systemd*): include systemd config files from /usr/lib/systemd
# Author: Pavel Valena <pvalena@redhat.com>
Patch10: 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
Patch3: 0003-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
# fix(resume): always include the resume module
# Author: Pavel Valena <pvalena@redhat.com>
Patch11: 0011-fix-resume-always-include-the-resume-module.patch
# feat(dracut-init.sh): allow changing the destination directory for inst et al
# Author: Philipp Rudo <prudo@redhat.com>
Patch12: 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
# fix(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com>
Patch13: 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
# feat(squash): move mksquashfs to 99squash/modules-setup
# Author: Philipp Rudo <prudo@redhat.com>
Patch14: 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
# feat(squash): split 95squash-squashfs from 99squash
# Author: Philipp Rudo <prudo@redhat.com>
Patch15: 0015-feat-squash-split-95squash-squashfs-from-99squash.patch
# feat(squash): add module 95squash-erofs
# Author: Philipp Rudo <prudo@redhat.com>
Patch16: 0016-feat-squash-add-module-95squash-erofs.patch
# feat(lsinitrd): add support for erofs images
# Author: Philipp Rudo <prudo@redhat.com>
Patch17: 0017-feat-lsinitrd-add-support-for-erofs-images.patch
# feat(dracut-initramfs-restore): unpack erofs images
# Author: Philipp Rudo <prudo@redhat.com>
Patch18: 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
# fix(squash): explicitly create required directories
# Author: Philipp Rudo <prudo@redhat.com>
Patch19: 0019-fix-squash-explicitly-create-required-directories.patch
# fix(squash): use 99busybox instead of installing it manually
# Author: Philipp Rudo <prudo@redhat.com>
Patch20: 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
Patch4: 0004-fix-resume-always-include-the-resume-module.patch
# fix(nfs): set correct ownership and permissions for statd directory
# Author: Lukas Nykryn <lnykryn@redhat.com>
Patch21: 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
# fix(resume): do not include resume if swap is on netdevice
# Author: Pavel Valena <pvalena@redhat.com>
Patch22: 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
Patch5: 0005-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
# feat(dracut-init.sh): give --force-add precedence over --omit
# Author: Pavel Valena <pvalena@redhat.com>
Patch23: 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
Patch6: 0006-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
# feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
# Author: Pavel Valena <pvalena@redhat.com>
Patch24: 0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
Patch7: 0007-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
# feat(fips): include fips module unconditionally
# Author: Pavel Valena <pvalena@redhat.com>
Patch25: 0025-feat-fips-include-fips-module-unconditionally.patch
# fix(nfs): include also entries from /usr/lib/{passwd,group}
# Author: Pavel Valena <pvalena@redhat.com>
Patch26: 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
# revert(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com>
Patch27: 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
# fix(squash): remove cyclic dependency
# Author: Philipp Rudo <prudo@redhat.com>
Patch28: 0028-fix-squash-remove-cyclic-dependency.patch
# fix(dracut.sh): exit when installing the squash loader fails
# Author: Philipp Rudo <prudo@redhat.com>
Patch29: 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
# fix(squash-lib): harden against empty $initdir
# Author: Philipp Rudo <prudo@redhat.com>
Patch30: 0030-fix-squash-lib-harden-against-empty-initdir.patch
# feat(fips-crypto-policies): make c-p follow FIPS mode automatically
# Author: Clemens Lang <cllang@redhat.com>
Patch31: 0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch
# fix(fips-crypto-policies): make it depend on fips dracut module
Patch8: 0008-feat-fips-include-fips-module-unconditionally.patch
# fix(systemd-ask-password): do not half-install systemd-ask-password-wall
# Author: Jo Zzsi <jozzsicsataban@gmail.com>
Patch32: 0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch
Patch9: 0009-fix-systemd-ask-password-do-not-half-install-systemd.patch
# fix(pcsc): add libpcsclite_real.so.*
# Author: Manuel Fombuena <fombuena@outlook.com>
Patch10: 0010-fix-pcsc-add-libpcsclite_real.so.patch
# revert: "fix(rescue): make rescue always no-hostonly"
# Author: Pavel Valena <pvalena@redhat.com>
Patch11: 0011-revert-fix-rescue-make-rescue-always-no-hostonly.patch
# fix(dracut-install): initize fts pointer
# Author: Pavel Valena <pvalena@redhat.com>
Patch12: 0012-fix-dracut-install-initize-fts-pointer.patch
# feat: add openssl module
# Author: Pavel Valena <pvalena@redhat.com>
Patch13: 0013-feat-add-openssl-module.patch
# Please use source-git to work with this spec file:
# HowTo: https://packit.dev/source-git/work-with-source-git
@ -131,6 +74,7 @@ BuildRequires: gcc
BuildRequires: pkgconfig
BuildRequires: systemd
BuildRequires: bash-completion
BuildRequires: openssl-devel
%if %{with doc}
BuildRequires: docbook-style-xsl docbook-dtds libxslt
@ -239,8 +183,8 @@ This package contains tools to assemble the local initrd and host configuration.
%package squash
Summary: dracut module to build an initramfs with most files in a squashfs image
Requires: %{name} = %{version}-%{release}
Requires: squashfs-tools
Suggests: erofs-utils
Requires: erofs-utils
Suggests: squashfs-tools
%description squash
This package provides a dracut module to build an initramfs, but store most files
@ -291,11 +235,19 @@ rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95znet
rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/00warpclock
%endif
# we don't want example configs
rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/dracut.conf.d
# we don't ship tests
rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/test
rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/80test*
mkdir -p $RPM_BUILD_ROOT/boot/dracut
mkdir -p $RPM_BUILD_ROOT/var/lib/dracut/overlay
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log
touch $RPM_BUILD_ROOT%{_localstatedir}/log/dracut.log
mkdir -p $RPM_BUILD_ROOT%{_sharedstatedir}/initramfs
mkdir -p $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d
install -m 0644 dracut.conf.d/fedora.conf.example $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/01-dist.conf
rm -f $RPM_BUILD_ROOT%{_mandir}/man?/*suse*
@ -322,6 +274,8 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/dracut-initramfs-restore
%{dracutlibdir}/dracut-install
%{dracutlibdir}/dracut-util
%{dracutlibdir}/ossl-config
%{dracutlibdir}/ossl-files
%{dracutlibdir}/skipcpio
%config(noreplace) %{_sysconfdir}/dracut.conf
%{dracutlibdir}/dracut.conf.d/01-dist.conf
@ -342,6 +296,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%endif
%{dracutlibdir}/modules.d/00bash
%{dracutlibdir}/modules.d/00shell-interpreter
%{dracutlibdir}/modules.d/00systemd
%{dracutlibdir}/modules.d/00systemd-network-management
%ifnarch s390 s390x
@ -354,6 +309,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/01systemd-bsod
%{dracutlibdir}/modules.d/01systemd-coredump
%{dracutlibdir}/modules.d/01systemd-creds
%{dracutlibdir}/modules.d/01systemd-cryptsetup
%{dracutlibdir}/modules.d/01systemd-hostnamed
%{dracutlibdir}/modules.d/01systemd-initrd
%{dracutlibdir}/modules.d/01systemd-integritysetup
@ -377,7 +333,6 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/03rescue
%{dracutlibdir}/modules.d/04watchdog
%{dracutlibdir}/modules.d/04watchdog-modules
%{dracutlibdir}/modules.d/05busybox
%{dracutlibdir}/modules.d/06dbus-broker
%{dracutlibdir}/modules.d/06dbus-daemon
%{dracutlibdir}/modules.d/06rngd
@ -391,9 +346,6 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/62bluetooth
%{dracutlibdir}/modules.d/80lvmmerge
%{dracutlibdir}/modules.d/80lvmthinpool-monitor
%{dracutlibdir}/modules.d/80test
%{dracutlibdir}/modules.d/80test-makeroot
%{dracutlibdir}/modules.d/80test-root
%{dracutlibdir}/modules.d/90btrfs
%{dracutlibdir}/modules.d/90crypt
%{dracutlibdir}/modules.d/90dm
@ -409,7 +361,6 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/90ppcmac
%{dracutlibdir}/modules.d/90pcmcia
%{dracutlibdir}/modules.d/90qemu
%{dracutlibdir}/modules.d/90systemd-cryptsetup
%{dracutlibdir}/modules.d/91crypt-gpg
%{dracutlibdir}/modules.d/91crypt-loop
%{dracutlibdir}/modules.d/91fido2
@ -446,8 +397,10 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/98syslog
%{dracutlibdir}/modules.d/98usrmount
%{dracutlibdir}/modules.d/99base
%{dracutlibdir}/modules.d/99busybox
%{dracutlibdir}/modules.d/99memstrack
%{dracutlibdir}/modules.d/99fs-lib
%{dracutlibdir}/modules.d/99openssl
%{dracutlibdir}/modules.d/99shutdown
%attr(0644,root,root) %ghost %config(missingok,noreplace) %{_localstatedir}/log/dracut.log
%dir %{_sharedstatedir}/initramfs
@ -477,7 +430,6 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/35connman
%{dracutlibdir}/modules.d/35network-manager
%{dracutlibdir}/modules.d/40network
%{dracutlibdir}/modules.d/45ifcfg
%{dracutlibdir}/modules.d/90kernel-network-modules
%{dracutlibdir}/modules.d/90qemu-net
%{dracutlibdir}/modules.d/95cifs
@ -527,6 +479,16 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
%changelog
* Mon Feb 17 2025 Pavel Valena <pvalena@redhat.com> - 105-1
- build: upgrade to dracut 105
- fix(systemd-ask-password): do not half-install systemd-ask-password-wall
- fix(pcsc): add libpcsclite_real.so.*
- revert: "fix(rescue): make rescue always no-hostonly"
- fix(dracut-install): initize fts pointer
- feat: add openssl module
- build: make erofs the default requirement for squash subpackage
Resolves: RHEL-65204,RHEL-68935,RHEL-76323
* Fri Nov 01 2024 Pavel Valena <pvalena@redhat.com> - 103-1
- Update to dracut 103.
- feat(fips-crypto-policies): make c-p follow FIPS mode automatically

2
sources
View File

@ -1 +1 @@
SHA512 (103.tar.gz) = ba0dbefbcbecb09c44ce240664bc4f4ee25dfb8be7bc060028ae3b1ccf7d70410491c105e64fcef3d6f44d2794cb6162bcea9404125906be46bf3dff098e0277
SHA512 (105.tar.gz) = 1608fb31d6a53905ea25a279586573db5fc7e084b4f6ff06e52065cbcb4ff503c2d51c0a282345844228232b1b590382b482a224183e0c4ee16c9c9e6932b275