diff --git a/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch b/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch new file mode 100644 index 0000000..d45aea4 --- /dev/null +++ b/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch @@ -0,0 +1,39 @@ +From 458e2a42d6921cedb67623b68f6e310145f4b129 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Mon, 19 Jul 2021 11:27:28 +0200 +Subject: [PATCH 25/31] fix(nfs): set correct ownership and permissions for + statd directory + +The directory ownership for the statd directory should be +rpcuser:rpcuser. + +(cherry picked from commit ed5ab5787177f2be8a620a8d2d63a9ad26fbf149 from PR#583) + +Resolves: RHEL-53361 +--- + modules.d/95nfs/module-setup.sh | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index abe1ee59..da6549d1 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -120,8 +120,13 @@ install() { + mkdir -m 0755 -p "$initdir/var/lib/nfs" + mkdir -m 0755 -p "$initdir/var/lib/nfs/rpc_pipefs" + mkdir -m 0770 -p "$initdir/var/lib/rpcbind" +- [ -d "/var/lib/nfs/statd/sm" ] && mkdir -m 0755 -p "$initdir/var/lib/nfs/statd/sm" +- [ -d "/var/lib/nfs/sm" ] && mkdir -m 0755 -p "$initdir/var/lib/nfs/sm" ++ [ -d "$dracutsysrootdir/var/lib/nfs/statd/sm" ] \ ++ && mkdir -m 0700 -p "$initdir/var/lib/nfs/statd" \ ++ && mkdir -m 0755 -p "$initdir/var/lib/nfs/statd/sm" \ ++ && chown -R rpcuser:rpcuser "$initdir/var/lib/nfs/statd" ++ [ -d "$dracutsysrootdir/var/lib/nfs/sm" ] \ ++ && mkdir -m 0755 -p "$initdir/var/lib/nfs/sm" \ ++ && chown -R rpcuser:rpcuser "$initdir/var/lib/nfs/sm" + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +-- +2.42.0 + diff --git a/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch b/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch new file mode 100644 index 0000000..07efa7f --- /dev/null +++ b/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch @@ -0,0 +1,42 @@ +From 23a7d5d4752dd4273f406cf1729b2d98f39d0aa5 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Sat, 17 Aug 2024 00:39:17 +0200 +Subject: [PATCH 26/31] fix(resume): do not include resume if swap is on + netdevice + +Additional fix, restoring previous behavior identical to RHEL-9. + +rhel-only + +Resolves: RHEL-53350 +--- + modules.d/95resume/module-setup.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/modules.d/95resume/module-setup.sh b/modules.d/95resume/module-setup.sh +index c0f04a6c..785f681a 100755 +--- a/modules.d/95resume/module-setup.sh ++++ b/modules.d/95resume/module-setup.sh +@@ -4,9 +4,6 @@ + # shellcheck disable=SC2317 + check() { + +- # Always include resume module +- return 0 +- + swap_on_netdevice() { + local _dev + for _dev in "${swap_devs[@]}"; do +@@ -23,6 +20,9 @@ check() { + # hibernation support requested on kernel command line + return 0 + else ++ # always include resume module when not on netdevice ++ return 0 ++ + # resume= not set on kernel command line + if [[ -f /sys/power/resume ]]; then + if [[ "$(< /sys/power/resume)" == "0:0" ]]; then +-- +2.42.0 + diff --git a/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch b/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch new file mode 100644 index 0000000..2e1ef5f --- /dev/null +++ b/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch @@ -0,0 +1,44 @@ +From 101ee8a01d36d93b23749a67c337a2833f8ce1d3 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Sat, 17 Aug 2024 01:43:50 +0200 +Subject: [PATCH 27/31] feat(dracut-init.sh): give --force-add precedence over + --omit + +This gives precedence of force_add_dracutmodules to omit_dracutmodules, +as there is not other way to override omit_dracutmodules list, and users +would expect it to be overriden from command line. + +Ref: https://github.com/dracut-ng/dracut-ng/pull/569 + +This way, `--add` retains it behaviour, and `--force-add` gains additional +functionality in non-hostonly mode. The module may still be skipped +if the module check returns 1, but it should throw error (as I'd expect +for `--force-add`). + +(cherry picked commit a669346f48cbb3278c51ba5e95b1b91f9bfdee0a from PR#584) + +Resolves: RHEL-53791 +--- + dracut-init.sh | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index 840c6167..5d5fc081 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -960,8 +960,10 @@ check_module() { + [[ $2 ]] || mods_checked_as_dep+=" $_mod " + + if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then +- ddebug "Module '$_mod' will not be installed, because it's in the list to be omitted!" +- return 1 ++ if [[ " $force_add_dracutmodules " != *\ $_mod\ * ]]; then ++ ddebug "Module '$_mod' will not be installed, because it's in the list to be omitted!" ++ return 1 ++ fi + fi + + if [[ " $dracutmodules $add_dracutmodules $force_add_dracutmodules" == *\ $_mod\ * ]]; then +-- +2.42.0 + diff --git a/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch b/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch new file mode 100644 index 0000000..a8fbd8c --- /dev/null +++ b/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch @@ -0,0 +1,36 @@ +From afd17820980728f18a5cc96e794d4c56a8694698 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Fri, 16 Aug 2024 20:40:15 +0200 +Subject: [PATCH 28/31] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ + +Introduce new path for lsinitrd.sh to look into: + +/usr/lib/modules/$kver/initramfs.img + +Which is valid on all ostree-based systems, and also other image based +systems with pre-generated initramfs. + +Ref: https://issues.redhat.com/browse/RHEL-35890 +(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282) + +Resolves: RHEL-54650 +--- + lsinitrd.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lsinitrd.sh b/lsinitrd.sh +index 952dbc9f..429cce7e 100755 +--- a/lsinitrd.sh ++++ b/lsinitrd.sh +@@ -136,6 +136,8 @@ else + image="/lib/modules/${KERNEL_VERSION}/initramfs.img" + elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then + image="/boot/initramfs-${KERNEL_VERSION}.img" ++ elif [[ -f /usr/lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then ++ image="/usr/lib/modules/${KERNEL_VERSION}/initramfs.img" + elif [[ $MACHINE_ID ]] \ + && mountpoint -q /efi; then + image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" +-- +2.42.0 + diff --git a/0029-feat-fips-include-fips-module-unconditionally.patch b/0029-feat-fips-include-fips-module-unconditionally.patch new file mode 100644 index 0000000..983b00b --- /dev/null +++ b/0029-feat-fips-include-fips-module-unconditionally.patch @@ -0,0 +1,28 @@ +From 833ca2c3832f1939a9a9729ed66c20d2a5fbf1fa Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Mon, 19 Aug 2024 09:41:27 +0200 +Subject: [PATCH 29/31] feat(fips): include fips module unconditionally + +rhel-only + +Resolves: RHEL-39404 +--- + modules.d/01fips/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 83fcd564..5ce1f201 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -2,7 +2,7 @@ + + # called by dracut + check() { +- return 255 ++ return 0 + } + + # called by dracut +-- +2.42.0 + diff --git a/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch b/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch new file mode 100644 index 0000000..34e7aa1 --- /dev/null +++ b/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch @@ -0,0 +1,40 @@ +From e1ae840425837004bacafe53c53468207aa513e3 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Thu, 8 Aug 2024 00:55:03 +0200 +Subject: [PATCH 30/31] fix(nfs): include also entries from + /usr/lib/{passwd,group} + +as those paths are used by bootc instead of the /etc ones. + +(cherry picked from commit 45cdf3c4f24f77f04b264a7747f115d1031b2e67) + +Resolves: RHEL-53431 +--- + modules.d/95nfs/module-setup.sh | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index da6549d1..df2d0e05 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -130,8 +130,15 @@ install() { + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" +- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" ++ local _confdir ++ for _confdir in etc usr/lib; do ++ ++ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \ ++ >> "$initdir/${_confdir}/passwd" ++ ++ grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \ ++ >> "$initdir/${_confdir}/group" ++ done + + dracut_need_initqueue + } +-- +2.42.0 + diff --git a/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch b/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch new file mode 100644 index 0000000..684cb25 --- /dev/null +++ b/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch @@ -0,0 +1,39 @@ +From d18bbc304e838ecf3b888ce4d70f1d96d21821f5 Mon Sep 17 00:00:00 2001 +From: Daniel McIlvaney +Date: Fri, 7 Jun 2024 11:38:54 -0700 +Subject: [PATCH 31/31] fix(dracut-functions): avoid awk in get_maj_min() + +The `get_maj_min()` cache lookup is commonly used +across many flows. While `awk` should be available, +some highly constrained environments may not have it. +A second call to `grep` can provide the same behaviour +without adding a dependnecy. + +Lines in the cache will be of the form "/dev/sda2 8:2". +`awk '{print $NF}'` returns the last word of a matching line. Since +the initial matching regex is so specific a second call to grep can +easily extract the last word. + +(cherry picked commit ec7efd5701e9a1b24f2e85666d625fb1fe46ce86) + +Related: RHEL-47145 +--- + dracut-functions.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dracut-functions.sh b/dracut-functions.sh +index 43d905e3..b4d57454 100755 +--- a/dracut-functions.sh ++++ b/dracut-functions.sh +@@ -243,7 +243,7 @@ get_maj_min() { + local _out + + if [[ $get_maj_min_cache_file ]]; then +- _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" ++ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")" + fi + + if ! [[ "$_out" ]]; then +-- +2.42.0 + diff --git a/dracut.spec b/dracut.spec index bfa0104..33f33db 100644 --- a/dracut.spec +++ b/dracut.spec @@ -8,7 +8,7 @@ Name: dracut Version: 102 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Initramfs generator using udev @@ -24,76 +24,97 @@ Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar Source1: https://www.gnu.org/licenses/lgpl-2.1.txt # feat(hwdb): add hwdb module to install hwdb.bin on demand # Author: Pavel Valena -Patch0001: 0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch +Patch1: 0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch # fix(rngd): install system service file # Author: Pavel Valena -Patch0002: 0002-fix-rngd-install-system-service-file.patch +Patch2: 0002-fix-rngd-install-system-service-file.patch # revert: "fix(install.d): correctly install pre-genned image and die if no args" # Author: Pavel Valena -Patch0003: 0003-revert-fix-install.d-correctly-install-pre-genned-im.patch +Patch3: 0003-revert-fix-install.d-correctly-install-pre-genned-im.patch # feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so # Author: Zbigniew Jędrzejewski-Szmek -Patch0004: 0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch +Patch4: 0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch # fix(kernel-install): do not generate an initrd when one was specified # Author: Zbigniew Jędrzejewski-Szmek -Patch0005: 0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch +Patch5: 0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch # fix(crypt): decryption when rd.luks.name is set # Author: Laszlo Gombos -Patch0006: 0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch +Patch6: 0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch # fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8 # Author: Pavel Valena -Patch0007: 0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch +Patch7: 0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch # revert: "fix(crypt): unlock encrypted devices by default during boot" # Author: Pavel Valena -Patch0008: 0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch +Patch8: 0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch # fix(90kernel-modules): install blk modules using symbol blk_alloc_disk # Author: Pavel Valena -Patch0009: 0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch +Patch9: 0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch # test: do not force include dash, let sh module make a selection # Author: Laszlo Gombos -Patch0010: 0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch +Patch10: 0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch # fix(dracut-functions): allow for \ in get_maj_min file path # Author: Pavel Valena -Patch0011: 0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch +Patch11: 0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch # fix(dracut-functions.sh): only return block devices from get_persistent_dev # Author: Fabian Vogt -Patch0012: 0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch +Patch12: 0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch # feat(systemd*): include systemd config files from /usr/lib/systemd # Author: Pavel Valena -Patch0013: 0013-feat-systemd-include-systemd-config-files-from-usr-l.patch +Patch13: 0013-feat-systemd-include-systemd-config-files-from-usr-l.patch # fix(resume): always include the resume module # Author: Pavel Valena -Patch0014: 0014-fix-resume-always-include-the-resume-module.patch +Patch14: 0014-fix-resume-always-include-the-resume-module.patch # feat(dracut-init.sh): allow changing the destination directory for inst et al # Author: Philipp Rudo -Patch0015: 0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch +Patch15: 0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch # fix(dracut-init.sh): add module to mods_to_load before checking dependencies # Author: Philipp Rudo -Patch0016: 0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch +Patch16: 0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch # feat(squash): move mksquashfs to 99squash/modules-setup # Author: Philipp Rudo -Patch0017: 0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch +Patch17: 0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch # feat(squash): split 95squash-squashfs from 99squash # Author: Philipp Rudo -Patch0018: 0018-feat-squash-split-95squash-squashfs-from-99squash.patch +Patch18: 0018-feat-squash-split-95squash-squashfs-from-99squash.patch # feat(squash): add module 95squash-erofs # Author: Philipp Rudo -Patch0019: 0019-feat-squash-add-module-95squash-erofs.patch +Patch19: 0019-feat-squash-add-module-95squash-erofs.patch # feat(lsinitrd): add support for erofs images # Author: Philipp Rudo -Patch0020: 0020-feat-lsinitrd-add-support-for-erofs-images.patch +Patch20: 0020-feat-lsinitrd-add-support-for-erofs-images.patch # feat(dracut-initramfs-restore): unpack erofs images # Author: Philipp Rudo -Patch0021: 0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch +Patch21: 0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch # fix(squash): explicitly create required directories # Author: Philipp Rudo -Patch0022: 0022-fix-squash-explicitly-create-required-directories.patch +Patch22: 0022-fix-squash-explicitly-create-required-directories.patch # fix(squash): use 99busybox instead of installing it manually # Author: Philipp Rudo -Patch0023: 0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch +Patch23: 0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch # feat(dmdquash-live): add support for using erofs # Author: Brian C. Lane -Patch0024: 0024-feat-dmdquash-live-add-support-for-using-erofs.patch +Patch24: 0024-feat-dmdquash-live-add-support-for-using-erofs.patch +# fix(nfs): set correct ownership and permissions for statd directory +# Author: Lukas Nykryn +Patch25: 0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch +# fix(resume): do not include resume if swap is on netdevice +# Author: Pavel Valena +Patch26: 0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch +# feat(dracut-init.sh): give --force-add precedence over --omit +# Author: Pavel Valena +Patch27: 0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch +# feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ +# Author: Pavel Valena +Patch28: 0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch +# feat(fips): include fips module unconditionally +# Author: Pavel Valena +Patch29: 0029-feat-fips-include-fips-module-unconditionally.patch +# fix(nfs): include also entries from /usr/lib/{passwd,group} +# Author: Pavel Valena +Patch30: 0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch +# fix(dracut-functions): avoid awk in get_maj_min() +# Author: Daniel McIlvaney +Patch31: 0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch # Please use source-git to work with this spec file: # HowTo: https://packit.dev/source-git/work-with-source-git @@ -501,7 +522,17 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %changelog -* Tue Jun 04 2024 Pavel Valena - 102-1 +* Mon Aug 19 2024 Pavel Valena - 102-2 +- fix(nfs): set correct ownership and permissions for statd directory +- fix(resume): do not include resume if swap is on netdevice +- feat(dracut-init.sh): give --force-add precedence over --omit +- feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ +- feat(fips): include fips module unconditionally +- fix(nfs): include also entries from /usr/lib/{passwd,group} +- fix(dracut-functions): avoid awk in get_maj_min() + Resolves: RHEL-39404,RHEL-47145,RHEL-53350,RHEL-53361,RHEL-53431,RHEL-53791,RHEL-54650 + +* Mon Jun 24 2024 Pavel Valena - 102-1 - Update to dracut 102. Resolves: RHEL-43460,RHEL-32237,RHEL-32506,RHEL-43460,RHEL-47145,RHEL-49744,RHEL-53350