rpms/dracut
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Upgrade to dracut 103

Browse Source 
- enable dracut-cpio binary
- feat(fips-crypto-policies): make c-p follow FIPS mode automatically
- fix(fips-crypto-policies): make it depend on fips dracut module

Resolves: RHEL-59678,RHEL-65204

From-source-git-commit: ff3186be9d5871c6ec216019463199bb78cc1b32
This commit is contained in:
Pavel Valena 2024-10-31 21:03:00 +01:00
parent bcb0f045c0
commit a3b408b277
40 changed files with 391 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch
View File

@ -1,54 +0,0 @@
From 3bcb0a9f06bac7fa62dc7241860deb8b671f17cd Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 25 Apr 2023 14:56:59 +0200
Subject: [PATCH 01/24] feat(hwdb): add hwdb module to install hwdb.bin on
demand
Module to install hwdb.bin. Further extensions might make only selected
part of hwdb installable to save space. The module is not included by default.
Including the module adds 2MB of compressed data (on Fedora, the file has 12MB).
Installing hwdb.bin is needed in case of custom HW like a keyboard/mouse, or various interfaces.
Original PR: https://github.com/dracutdevs/dracut/pull/1681
---
modules.d/95hwdb/module-setup.sh | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100755 modules.d/95hwdb/module-setup.sh
diff --git a/modules.d/95hwdb/module-setup.sh b/modules.d/95hwdb/module-setup.sh
new file mode 100755
index 00000000..5d3250f3
--- /dev/null
+++ b/modules.d/95hwdb/module-setup.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+check() {
+ return 255
+}
+
+# called by dracut
+install() {
+ local hwdb_bin
+
+ # Follow the same priority as `systemd-hwdb`; `/etc` is the default
+ # and `/usr/lib` an alternative location.
+ hwdb_bin="${udevconfdir}"/hwdb.bin
+
+ if [[ ! -r ${hwdb_bin} ]]; then
+ hwdb_bin="${udevdir}"/hwdb.bin
+ fi
+
+ if [[ $hostonly ]]; then
+ inst_multiple -H "${hwdb_bin}"
+ else
+ inst_multiple "${hwdb_bin}"
+ fi
+}
--
2.42.0

4
0002-fix-rngd-install-system-service-file.patch → 0001-fix-rngd-install-system-service-file.patch
View File

@ -1,7 +1,7 @@
From d14d724620fe4810930d1c2f07d10fa6b8bc9557 Mon Sep 17 00:00:00 2001
From f75ae29afc829e19834c4cb99ca51b8ebe8481bf Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sun, 23 Jul 2023 19:44:17 +0200
Subject: [PATCH 02/24] fix(rngd): install system service file
Subject: [PATCH 01/32] fix(rngd): install system service file
as there's no reason to keep a copy; there shouldn't be any modifications.

4
0003-revert-fix-install.d-correctly-install-pre-genned-im.patch → 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch
View File

@ -1,7 +1,7 @@
From 6fa596ca039300e5f4bb3cca14768976efe95eac Mon Sep 17 00:00:00 2001
From 9b7740eaf33357cc087c83d95d089bdf8ead07dd Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:30:42 +0200
Subject: [PATCH 03/24] revert: "fix(install.d): correctly install pre-genned
Subject: [PATCH 02/32] revert: "fix(install.d): correctly install pre-genned
image and die if no args"
revert: "fix(install.d): simplify and use what kernel-install gives us"

4
0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch → 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
View File

@ -1,7 +1,7 @@
From c6d18c3c71597e78572378fc4dde391f1845b8bd Mon Sep 17 00:00:00 2001
From 0d2983f7dbc1f5fbaa60735c839ea111d3f5d4e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:08:42 +0100
Subject: [PATCH 04/24] feat(kernel-install): do nothing when
Subject: [PATCH 03/32] feat(kernel-install): do nothing when
$KERNEL_INSTALL_INITRD_GENERATOR says so
dracut may be installed without being actually used. This is very common in

4
0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch → 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
View File

@ -1,7 +1,7 @@
From 1bd81956dc050db071c5885cfbcde393370468ae Mon Sep 17 00:00:00 2001
From 65d5bd785458da98b0388ddf3f8e67e569af67c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:58:58 +0100
Subject: [PATCH 05/24] fix(kernel-install): do not generate an initrd when one
Subject: [PATCH 04/32] fix(kernel-install): do not generate an initrd when one
was specified
According to the synopsis, kernel-install can be called with an

4
0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch → 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
View File

@ -1,7 +1,7 @@
From 30e7870504d09183bb9d99ed04f148c7dfb0c645 Mon Sep 17 00:00:00 2001
From 35326479721f8b439f291bf8ff35354107144012 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 07:33:05 +0200
Subject: [PATCH 07/24] fix: incorrectly applied patch in commit
Subject: [PATCH 05/32] fix: incorrectly applied patch in commit
c6d18c3c71597e78572378fc4dde391f1845b8
named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so"

25
0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch
View File

@ -1,25 +0,0 @@
From 6cb58e86ae65cf9922023b12e889446323a89080 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Sat, 15 Jun 2024 15:21:44 -0400
Subject: [PATCH 06/24] fix(crypt): decryption when rd.luks.name is set
---
modules.d/90crypt/parse-crypt.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 39fc6d21..9567a4a9 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -174,7 +174,7 @@ else
} >> "$hookdir/emergency/90-crypt.sh"
fi
done
- elif getargbool 1 rd.auto; then
+ elif getargbool 1 rd.auto && [ -z "$(getargs rd.luks.name)" ]; then
if [ -z "$DRACUT_SYSTEMD" ]; then
{
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
--
2.42.0

4
0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch → 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
View File

@ -1,7 +1,7 @@
From 93937d805f8166d9f708f9163fc93839fc1437d3 Mon Sep 17 00:00:00 2001
From afcfd7378110969cce445d7613d9e81c9d85cac0 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 16:24:14 +0200
Subject: [PATCH 08/24] revert: "fix(crypt): unlock encrypted devices by
Subject: [PATCH 06/32] revert: "fix(crypt): unlock encrypted devices by
default during boot"
This reverts commit 2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1.

4
0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch → 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
View File

@ -1,7 +1,7 @@
From aded658821983ba7d92def26793813c1b3a83475 Mon Sep 17 00:00:00 2001
From 02bc9391cfdf7f3b16c49cde9d881642c13fc8c0 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Sat, 20 Jul 2024 18:49:38 -0400
Subject: [PATCH 10/24] test: do not force include dash, let sh module make a
Subject: [PATCH 07/32] test: do not force include dash, let sh module make a
selection
This is important for alpine, so that it does not install both

10
0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch → 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
View File

@ -1,7 +1,7 @@
From a891ae527aaf3c015d3b4b0290655b89fdf8f03d Mon Sep 17 00:00:00 2001
From bdfdbdee356cb83dad86f1d49fc21df9117ba8eb Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 01:30:50 +0200
Subject: [PATCH 11/24] fix(dracut-functions): allow for \ in get_maj_min file
Subject: [PATCH 08/32] fix(dracut-functions): allow for \ in get_maj_min file
path
as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition
@ -14,15 +14,15 @@ Resolves: RHEL-47145
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index f9e5d3bc..c8cb2e15 100755
index 1f7a9052..d436a357 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -243,7 +243,7 @@ get_maj_min() {
local _out
if [[ $get_maj_min_cache_file ]]; then
- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')"
- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
fi
if ! [[ "$_out" ]]; then

33
0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch
View File

@ -1,33 +0,0 @@
From e02ef9afa1ede698623f25d5694949e9b4fedb4e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 6 Dec 2022 21:46:01 +0100
Subject: [PATCH 09/24] fix(90kernel-modules): install blk modules using symbol
blk_alloc_disk
Corresponding kernel symbol blk_cleanup_disk is no longer used in the nvdimm
driver and calls are made directly instead.
blk_alloc_disk is used:
https://elixir.bootlin.com/linux/v6.1-rc8/source/drivers/nvdimm/pmem.c#L522
Resolves: RHEL-32237
---
modules.d/90kernel-modules/module-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh
index ec60f393..89f33231 100755
--- a/modules.d/90kernel-modules/module-setup.sh
+++ b/modules.d/90kernel-modules/module-setup.sh
@@ -2,7 +2,7 @@
# called by dracut
installkernel() {
- local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk'
+ local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_alloc_disk|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk'
local -A _hostonly_drvs
record_block_dev_drv() {
--
2.42.0

6
0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch → 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
View File

@ -1,7 +1,7 @@
From 821ffb39cd0c3003b2711d30302b713ab9b5da9b Mon Sep 17 00:00:00 2001
From 31fe330589cfd564790c4255c951567a3479df94 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Mon, 5 Aug 2024 11:28:32 +0200
Subject: [PATCH 12/24] fix(dracut-functions.sh): only return block devices
Subject: [PATCH 09/32] fix(dracut-functions.sh): only return block devices
from get_persistent_dev
With udev 256, there are now directories such as
@ -24,7 +24,7 @@ Resolves: RHEL-49744
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index c8cb2e15..43d905e3 100755
index d436a357..b4d57454 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -294,8 +294,7 @@ get_persistent_dev() {

20
0013-feat-systemd-include-systemd-config-files-from-usr-l.patch → 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
View File

@ -1,7 +1,7 @@
From 3e4a22f2b72d0723fd43ca917b8aa9003c6c7f8f Mon Sep 17 00:00:00 2001
From e90249443fe2285f221849359e9066aefff29eff Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:06:32 +0200
Subject: [PATCH 13/24] feat(systemd*): include systemd config files from
Subject: [PATCH 10/32] feat(systemd*): include systemd config files from
/usr/lib/systemd
and also use proper variables for the paths, and fixup invalid paths.
@ -26,7 +26,7 @@ Resolves: RHEL-32506
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh
index d173c99f..0f151289 100755
index ce7bb520..70a2a78f 100755
--- a/modules.d/00systemd/module-setup.sh
+++ b/modules.d/00systemd/module-setup.sh
@@ -42,6 +42,8 @@ install() {
@ -50,10 +50,10 @@ index d173c99f..0f151289 100755
/etc/hostname \
/etc/nsswitch.conf \
diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh
index 47666b6c..17deb088 100755
index 0c5cbcfb..6acbe75f 100755
--- a/modules.d/01systemd-coredump/module-setup.sh
+++ b/modules.d/01systemd-coredump/module-setup.sh
@@ -33,6 +33,7 @@ install() {
@@ -35,6 +35,7 @@ install() {
inst_multiple -o \
"$sysctld"/50-coredump.conf \
"$systemdutildir"/coredump.conf \
@ -61,7 +61,7 @@ index 47666b6c..17deb088 100755
"$systemdutildir"/systemd-coredump \
"$systemdsystemunitdir"/systemd-coredump.socket \
"$systemdsystemunitdir"/systemd-coredump@.service \
@@ -51,7 +52,7 @@ install() {
@@ -52,7 +53,7 @@ install() {
if [[ $hostonly ]]; then
inst_multiple -H -o \
"$systemdutilconfdir"/coredump.conf \
@ -84,10 +84,10 @@ index 67034bbf..5de5db4b 100755
"$systemdsystemunitdir"/systemd-pstore.service \
"$systemdsystemunitdir/systemd-pstore.service.d/*.conf"
diff --git a/modules.d/01systemd-resolved/module-setup.sh b/modules.d/01systemd-resolved/module-setup.sh
index 0c2e8c28..7b4b26e8 100755
index b354bc6c..d20f211c 100755
--- a/modules.d/01systemd-resolved/module-setup.sh
+++ b/modules.d/01systemd-resolved/module-setup.sh
@@ -49,6 +49,7 @@ install() {
@@ -50,6 +50,7 @@ install() {
# Install the hosts local user configurations if enabled.
if [[ $hostonly ]]; then
inst_multiple -H -o \
@ -96,10 +96,10 @@ index 0c2e8c28..7b4b26e8 100755
"$systemdutilconfdir/resolved.conf.d/*.conf" \
"$systemdsystemconfdir"/systemd-resolved.service \
diff --git a/modules.d/01systemd-timesyncd/module-setup.sh b/modules.d/01systemd-timesyncd/module-setup.sh
index a2c67540..77f7b113 100755
index 0c065af6..82902b3b 100755
--- a/modules.d/01systemd-timesyncd/module-setup.sh
+++ b/modules.d/01systemd-timesyncd/module-setup.sh
@@ -38,6 +38,7 @@ install() {
@@ -40,6 +40,7 @@ install() {
"$systemdntpunits/*.list" \
"$systemdutildir"/systemd-timesyncd \
"$systemdutildir"/systemd-time-wait-sync \

4
0014-fix-resume-always-include-the-resume-module.patch → 0011-fix-resume-always-include-the-resume-module.patch
View File

@ -1,7 +1,7 @@
From 53d78f4eb236500465279c424c296ff576421c7c Mon Sep 17 00:00:00 2001
From 91f878a4fe4ed694baad59cdb1c7366b002cf1da Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:21:12 +0200
Subject: [PATCH 14/24] fix(resume): always include the resume module
Subject: [PATCH 11/32] fix(resume): always include the resume module
as we can't determine with certainity that it won't be needed.

16
0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch → 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
View File

@ -1,7 +1,7 @@
From b8b7e0245bb3c645b45d4a31847ed227a8431ec8 Mon Sep 17 00:00:00 2001
From 5ed57d866f2be5dc73c7c70a70f51ccae9bdd47d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:46:47 +0200
Subject: [PATCH 15/24] feat(dracut-init.sh): allow changing the destination
Subject: [PATCH 12/32] feat(dracut-init.sh): allow changing the destination
directory for inst et al
When using 99squash dracut actually builds two separate initrds. The
@ -53,7 +53,7 @@ Related: RHEL-43460
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 863df0cb..58e657b5 100755
index 986da96b..8e943493 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -240,34 +240,36 @@ inst_dir() {
@ -129,7 +129,7 @@ index 863df0cb..58e657b5 100755
for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do
[[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}"
done
@@ -1047,13 +1052,15 @@ for_each_module_dir() {
@@ -1056,13 +1061,15 @@ for_each_module_dir() {
}
dracut_kernel_post() {
@ -147,7 +147,7 @@ index 863df0cb..58e657b5 100755
dfatal "\"depmod -a $kernel\" failed."
exit 1
fi
@@ -1067,6 +1074,7 @@ instmods() {
@@ -1076,6 +1083,7 @@ instmods() {
# <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"
# -c check
# -s silent
@ -155,7 +155,7 @@ index 863df0cb..58e657b5 100755
local _optional="-o"
local _silent
local _ret
@@ -1092,7 +1100,7 @@ instmods() {
@@ -1101,7 +1109,7 @@ instmods() {
fi
$DRACUT_INSTALL \
@ -164,7 +164,7 @@ index 863df0cb..58e657b5 100755
${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \
@@ -1106,7 +1114,7 @@ instmods() {
@@ -1115,7 +1123,7 @@ instmods() {
if ((_ret != 0)) && [[ -z $_silent ]]; then
derror "FAILED: " \
"$DRACUT_INSTALL" \
@ -173,7 +173,7 @@ index 863df0cb..58e657b5 100755
${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \
@@ -1123,14 +1131,16 @@ instmods() {
@@ -1132,14 +1140,16 @@ instmods() {
if [[ "$(ln --help)" == *--relative* ]]; then
ln_r() {

14
0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch → 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
View File

@ -1,7 +1,7 @@
From c81d6422d71b02ed9158a67c00fa0a5eec232f37 Mon Sep 17 00:00:00 2001
From 150e428c0e8d40257a983c2f82be5e8e0f30920f Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Thu, 25 Jul 2024 12:47:00 +0200
Subject: [PATCH 16/24] fix(dracut-init.sh): add module to mods_to_load before
Subject: [PATCH 13/32] fix(dracut-init.sh): add module to mods_to_load before
checking dependencies
When implementing erofs support for 99squash we end up with three
@ -34,10 +34,10 @@ Related: RHEL-43460
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 58e657b5..840c6167 100755
index 8e943493..746362d1 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -915,6 +915,9 @@ check_mount() {
@@ -924,6 +924,9 @@ check_mount() {
fi
fi
@ -47,7 +47,7 @@ index 58e657b5..840c6167 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -933,9 +936,6 @@ check_mount() {
@@ -942,9 +945,6 @@ check_mount() {
fi
done
@ -57,7 +57,7 @@ index 58e657b5..840c6167 100755
return 0
}
@@ -990,6 +990,9 @@ check_module() {
@@ -999,6 +999,9 @@ check_module() {
fi
fi
@ -67,7 +67,7 @@ index 58e657b5..840c6167 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1008,9 +1011,6 @@ check_module() {
@@ -1017,9 +1020,6 @@ check_module() {
fi
done

16
0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch → 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
View File

@ -1,7 +1,7 @@
From bbb64f449a4f3cd76ea63d73ebc1043a3dd14118 Mon Sep 17 00:00:00 2001
From 2d851d7d1709f5a03d8dab847aa42770bff2644b Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:30:50 +0200
Subject: [PATCH 17/24] feat(squash): move mksquashfs to 99squash/modules-setup
Subject: [PATCH 14/32] feat(squash): move mksquashfs to 99squash/modules-setup
When using 99squash dracut actually builds two separat initrds. The
"normal" one, that gets squashed into a squashfs image, and a
@ -32,10 +32,10 @@ Related: RHEL-43460
2 files changed, 49 insertions(+), 44 deletions(-)
diff --git a/dracut.sh b/dracut.sh
index cc6d6f28..68bdf33b 100755
index 856b884e..4d2e3df2 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1277,6 +1277,7 @@ trap '
@@ -1260,6 +1260,7 @@ trap '
trap 'exit 1;' SIGINT
readonly initdir="${DRACUT_TMPDIR}/initramfs"
@ -43,7 +43,7 @@ index cc6d6f28..68bdf33b 100755
mkdir -p "$initdir"
if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi_table_dir ]]; }; then
@@ -1804,7 +1805,8 @@ export initdir dracutbasedir \
@@ -1787,7 +1788,8 @@ export initdir dracutbasedir \
host_fs_types host_devs swap_devs sshkey add_fstab \
DRACUT_VERSION \
prefix filesystems drivers \
@ -53,7 +53,7 @@ index cc6d6f28..68bdf33b 100755
mods_to_load=""
# check all our modules to see if they should be sourced.
@@ -1909,6 +1911,8 @@ if [[ $kernel_only != yes ]]; then
@@ -1892,6 +1894,8 @@ if [[ $kernel_only != yes ]]; then
fi
fi
@ -62,7 +62,7 @@ index cc6d6f28..68bdf33b 100755
_isize=0 #initramfs size
modules_loaded=" "
# source our modules.
@@ -2255,14 +2259,6 @@ if [[ $kernel_only != yes ]]; then
@@ -2243,14 +2247,6 @@ if [[ $kernel_only != yes ]]; then
build_ld_cache
fi
@ -77,7 +77,7 @@ index cc6d6f28..68bdf33b 100755
if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
# stripping files negates (dedup) benefits of using reflink
[[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink"
@@ -2282,25 +2278,8 @@ fi
@@ -2270,25 +2266,8 @@ fi
if dracut_module_included "squash"; then
dinfo "*** Squashing the files inside the initramfs ***"

4
0018-feat-squash-split-95squash-squashfs-from-99squash.patch → 0015-feat-squash-split-95squash-squashfs-from-99squash.patch
View File

@ -1,7 +1,7 @@
From 1ef53f9d5ea7f74730b27b8016304c58b2d31871 Mon Sep 17 00:00:00 2001
From dd3daa0560e4e4f809b42a901cd79076d3577f96 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 16:39:13 +0200
Subject: [PATCH 18/24] feat(squash): split 95squash-squashfs from 99squash
Subject: [PATCH 15/32] feat(squash): split 95squash-squashfs from 99squash
99squash only allows squashing the files using squashfs. In order to
make the implementation for different filesystems easier split out the

4
0019-feat-squash-add-module-95squash-erofs.patch → 0016-feat-squash-add-module-95squash-erofs.patch
View File

@ -1,7 +1,7 @@
From 4e8ea763cb10ab4f3b65e865d2ad03c8a5393e04 Mon Sep 17 00:00:00 2001
From fcc73940a1e21fa79b7133e12ed0f8ed13645a54 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 17:42:33 +0200
Subject: [PATCH 19/24] feat(squash): add module 95squash-erofs
Subject: [PATCH 16/32] feat(squash): add module 95squash-erofs
Allow squashing the image in 99squash using erofs. Keep squashfs as
default to not change existing systems. I.e. only use erofs if the user

12
0020-feat-lsinitrd-add-support-for-erofs-images.patch → 0017-feat-lsinitrd-add-support-for-erofs-images.patch
View File

@ -1,7 +1,7 @@
From 327adc7782fd43f4cf9848f1c24f196c496b6b53 Mon Sep 17 00:00:00 2001
From fc5efe96e0ffbfa447d27ba28245420f91b638dc Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 18:33:37 +0200
Subject: [PATCH 20/24] feat(lsinitrd): add support for erofs images
Subject: [PATCH 17/32] feat(lsinitrd): add support for erofs images
Add support to handle erofs images in lsinitrd. Unfortunately the erofs
tooling is missing some functionality of unsquashfs, esp. the ability to
@ -22,10 +22,10 @@ Resolves: RHEL-43460
1 file changed, 113 insertions(+), 54 deletions(-)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 1329ab70..952dbc9f 100755
index b36d0e12..6799f938 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -172,10 +172,47 @@ dracutlibdirs() {
@@ -174,10 +174,47 @@ dracutlibdirs() {
done
}
@ -76,7 +76,7 @@ index 1329ab70..952dbc9f 100755
((${#filenames[@]} == 1)) && nofileinfo=1
for f in "${!filenames[@]}"; do
@@ -183,18 +220,24 @@ extract_files() {
@@ -185,18 +222,24 @@ extract_files() {
[[ $nofileinfo ]] || echo "========================================================================"
# shellcheck disable=SC2001
[[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g')
@ -113,7 +113,7 @@ index 1329ab70..952dbc9f 100755
[[ $nofileinfo ]] || echo "========================================================================"
[[ $nofileinfo ]] || echo
done
@@ -220,66 +263,82 @@ list_files() {
@@ -222,66 +265,82 @@ list_files() {
}
list_squash_content() {

8
0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch → 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
View File

@ -1,7 +1,7 @@
From 0d90ae671e130b631383fb481a1f38a175167eff Mon Sep 17 00:00:00 2001
From ac4b18bf89bfa440ff741557fe9928cd2b19b66e Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 17:24:28 +0200
Subject: [PATCH 21/24] feat(dracut-initramfs-restore): unpack erofs images
Subject: [PATCH 18/32] feat(dracut-initramfs-restore): unpack erofs images
Follow the example for squashfs images and also unpack erofs images in
dracut-initramfs-restore.
@ -17,10 +17,10 @@ Resolves: RHEL-43460
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/dracut-initramfs-restore.sh b/dracut-initramfs-restore.sh
index cc561b22..015160b7 100755
index 74725308..98cfaed7 100755
--- a/dracut-initramfs-restore.sh
+++ b/dracut-initramfs-restore.sh
@@ -74,12 +74,18 @@ else
@@ -81,12 +81,18 @@ else
exit 1
fi

4
0022-fix-squash-explicitly-create-required-directories.patch → 0019-fix-squash-explicitly-create-required-directories.patch
View File

@ -1,7 +1,7 @@
From a3ca60929c50f1a1d41cf4567e3a4a8231a92642 Mon Sep 17 00:00:00 2001
From c0bd2334708d9bfc6fbeb1c63eae0037eb4157b6 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:35:17 +0200
Subject: [PATCH 22/24] fix(squash): explicitly create required directories
Subject: [PATCH 19/32] fix(squash): explicitly create required directories
At the moment 99squash relies on dracut-install to create the required
directories it later links to. This approach is error prone and will

4
0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch → 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
View File

@ -1,7 +1,7 @@
From a6e8e41cd1d67bb4ee64b2bf107e98c18bf8afdf Mon Sep 17 00:00:00 2001
From eef65961330c8fb68493d9a3eab55171482984c1 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:44:32 +0200
Subject: [PATCH 23/24] fix(squash): use 99busybox instead of installing it
Subject: [PATCH 20/32] fix(squash): use 99busybox instead of installing it
manually
Make use of 99busybox in 99squash rather than installing it manually.

6
0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch → 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
View File

@ -1,7 +1,7 @@
From 458e2a42d6921cedb67623b68f6e310145f4b129 Mon Sep 17 00:00:00 2001
From c6c9f871b87cdc334be989b42e9a5d2070ae17c5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 19 Jul 2021 11:27:28 +0200
Subject: [PATCH 25/31] fix(nfs): set correct ownership and permissions for
Subject: [PATCH 21/32] fix(nfs): set correct ownership and permissions for
statd directory
The directory ownership for the statd directory should be
@ -15,7 +15,7 @@ Resolves: RHEL-53361
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index abe1ee59..da6549d1 100755
index 5cc42892..fbaeeb00 100755
--- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh
@@ -120,8 +120,13 @@ install() {

4
0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch → 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
View File

@ -1,7 +1,7 @@
From 23a7d5d4752dd4273f406cf1729b2d98f39d0aa5 Mon Sep 17 00:00:00 2001
From 4a6806efae05b453bb9b93efe961fb1033bb562b Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 00:39:17 +0200
Subject: [PATCH 26/31] fix(resume): do not include resume if swap is on
Subject: [PATCH 22/32] fix(resume): do not include resume if swap is on
netdevice
Additional fix, restoring previous behavior identical to RHEL-9.

8
0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch → 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
View File

@ -1,7 +1,7 @@
From 101ee8a01d36d93b23749a67c337a2833f8ce1d3 Mon Sep 17 00:00:00 2001
From 2f3c9cb56cc7ccdccbd8f8056b21d39fa736da1e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 01:43:50 +0200
Subject: [PATCH 27/31] feat(dracut-init.sh): give --force-add precedence over
Subject: [PATCH 23/32] feat(dracut-init.sh): give --force-add precedence over
--omit
This gives precedence of force_add_dracutmodules to omit_dracutmodules,
@ -23,10 +23,10 @@ Resolves: RHEL-53791
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 840c6167..5d5fc081 100755
index 746362d1..3917bb0d 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -960,8 +960,10 @@ check_module() {
@@ -969,8 +969,10 @@ check_module() {
[[ $2 ]] || mods_checked_as_dep+=" $_mod "
if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then

69
0024-feat-dmdquash-live-add-support-for-using-erofs.patch
View File

@ -1,69 +0,0 @@
From 3b4fe88a4259ec576a41d98b6aaee324a6b48b0f Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Wed, 10 Jul 2024 16:30:09 -0700
Subject: [PATCH 24/24] feat(dmdquash-live): add support for using erofs
This adds support for rootfs compressed with erofs. Either as a plain
erofs image or a LiveOS/rootfs.img ext4 filesystem compressed with
erofs.
This patch does not make any attempt to change the squashfs directory
naming (or variable names) in order to make these changes as small as
possible and easy to review. It also does not make any attempt to
support the multitude of available options other than what is needed by
anaconda-dracut calling this script to setup the boot.iso root
filesystem.
(which isn't to say it doesn't work, it just hasn't been tested and is
outside the scope of this change).
(cherry picked commit ca5ae5d3466eec40d118fc96d450478aa6faebb6)
Resolves: RHEL-43460
---
modules.d/90dmsquash-live/dmsquash-live-root.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh
index 4518852b..a376185e 100755
--- a/modules.d/90dmsquash-live/dmsquash-live-root.sh
+++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh
@@ -97,7 +97,6 @@ det_img_fs() {
blkid -s TYPE -u noraid -o value "$1"
}
-load_fstype squashfs
CMDLINE=$(getcmdline)
for arg in $CMDLINE; do
case $arg in
@@ -112,14 +111,15 @@ if [ -f "$livedev" ]; then
# check filesystem type and handle accordingly
fstype=$(det_img_fs "$livedev")
case $fstype in
- squashfs) SQUASHED=$livedev ;;
- auto) die "cannot mount live image (unknown filesystem type)" ;;
+ squashfs | erofs) SQUASHED=$livedev ;;
+ auto) die "cannot mount live image (unknown filesystem type $fstype)" ;;
*) FSIMG=$livedev ;;
esac
load_fstype "$fstype"
else
livedev_fstype=$(det_fs "$livedev")
- if [ "$livedev_fstype" = "squashfs" ]; then
+ load_fstype "$livedev_fstype"
+ if [ "$livedev_fstype" = "squashfs" ] || [ "$livedev_fstype" = "erofs" ]; then
# no mount needed - we've already got the LiveOS image in $livedev
SQUASHED=$livedev
elif [ "$livedev_fstype" != "ntfs" ]; then
@@ -336,7 +336,7 @@ if [ -e "$SQUASHED" ]; then
SQUASHED_LOOPDEV=$(losetup -f)
losetup -r "$SQUASHED_LOOPDEV" $SQUASHED
mkdir -m 0755 -p /run/initramfs/squashfs
- mount -n -t squashfs -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs
+ mount -n -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs
if [ -d /run/initramfs/squashfs/LiveOS ]; then
if [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
--
2.42.0

38
0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch Normal file
View File

@ -0,0 +1,38 @@
From 226de396c97d483380bd0604bfe2ff7f6a2ef48c Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Aug 2024 20:40:15 +0200
Subject: [PATCH 24/32] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Introduce new path for lsinitrd.sh to look into:
/usr/lib/modules/$kver/initramfs.img
Which is valid on all ostree-based systems, and also other image based
systems with pre-generated initramfs.
Ref: https://issues.redhat.com/browse/RHEL-35890
(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282)
Resolves: RHEL-54650
---
lsinitrd.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 6799f938..35314b78 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -125,6 +125,10 @@ find_initrd_for_kernel_version() {
echo "/lib/modules/${kernel_version}/initrd"
elif [[ -f /lib/modules/${kernel_version}/initramfs.img ]]; then
echo "/lib/modules/${kernel_version}/initramfs.img"
+ elif [[ -f /usr/lib/modules/${kernel_version}/initrd ]]; then
+ echo "/usr/lib/modules/${kernel_version}/initrd"
+ elif [[ -f /usr/lib/modules/${kernel_version}/initramfs.img ]]; then
+ echo "/usr/lib/modules/${kernel_version}/initramfs.img"
elif [[ -f /boot/initramfs-${kernel_version}.img ]]; then
echo "/boot/initramfs-${kernel_version}.img"
else
--
2.42.0

6
0029-feat-fips-include-fips-module-unconditionally.patch → 0025-feat-fips-include-fips-module-unconditionally.patch
View File

@ -1,7 +1,7 @@
From 833ca2c3832f1939a9a9729ed66c20d2a5fbf1fa Mon Sep 17 00:00:00 2001
From 3e25517a0d1f0054e69409eb89484879251f47a3 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 19 Aug 2024 09:41:27 +0200
Subject: [PATCH 29/31] feat(fips): include fips module unconditionally
Subject: [PATCH 25/32] feat(fips): include fips module unconditionally
rhel-only
@ -11,7 +11,7 @@ Resolves: RHEL-39404
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 83fcd564..5ce1f201 100755
index 1e0c9d09..005f0b6d 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -2,7 +2,7 @@

8
0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch → 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
View File

@ -1,7 +1,7 @@
From e1ae840425837004bacafe53c53468207aa513e3 Mon Sep 17 00:00:00 2001
From 4dfd0c8de071f074c813a87cc06335fa43e93a9d Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:55:03 +0200
Subject: [PATCH 30/31] fix(nfs): include also entries from
Subject: [PATCH 26/32] fix(nfs): include also entries from
/usr/lib/{passwd,group}
as those paths are used by bootc instead of the /etc ones.
@ -14,14 +14,14 @@ Resolves: RHEL-53431
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index da6549d1..df2d0e05 100755
index fbaeeb00..df2d0e05 100755
--- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh
@@ -130,8 +130,15 @@ install() {
# Rather than copy the passwd file in, just set a user for rpcbind
# We'll save the state and restart the daemon from the root anyway
- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd"
- grep -E '^(nfsnobody|_rpc|rpc|rpcuser):' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd"
- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group"
+ local _confdir
+ for _confdir in etc usr/lib; do

14
0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch → 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
View File

@ -1,7 +1,7 @@
From 7a580a481f8b2d2df60a5e7b9da5c4a11ed9ecbf Mon Sep 17 00:00:00 2001
From f26573ec709c7703863e8affdec990b100c25598 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:58:54 +0200
Subject: [PATCH 32/35] revert(dracut-init.sh): add module to mods_to_load
Subject: [PATCH 27/32] revert(dracut-init.sh): add module to mods_to_load
before checking dependencies
Commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before
@ -25,10 +25,10 @@ Resolves: RHEL-43460
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh
index 5d5fc081..756a0a75 100755
index 3917bb0d..644825c9 100755
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -915,9 +915,6 @@ check_mount() {
@@ -924,9 +924,6 @@ check_mount() {
fi
fi
@ -38,7 +38,7 @@ index 5d5fc081..756a0a75 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -936,6 +933,9 @@ check_mount() {
@@ -945,6 +942,9 @@ check_mount() {
fi
done
@ -48,7 +48,7 @@ index 5d5fc081..756a0a75 100755
return 0
}
@@ -992,9 +992,6 @@ check_module() {
@@ -1001,9 +1001,6 @@ check_module() {
fi
fi
@ -58,7 +58,7 @@ index 5d5fc081..756a0a75 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1013,6 +1010,9 @@ check_module() {
@@ -1022,6 +1019,9 @@ check_module() {
fi
done

36
0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
View File

@ -1,36 +0,0 @@
From afd17820980728f18a5cc96e794d4c56a8694698 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Aug 2024 20:40:15 +0200
Subject: [PATCH 28/31] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Introduce new path for lsinitrd.sh to look into:
/usr/lib/modules/$kver/initramfs.img
Which is valid on all ostree-based systems, and also other image based
systems with pre-generated initramfs.
Ref: https://issues.redhat.com/browse/RHEL-35890
(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282)
Resolves: RHEL-54650
---
lsinitrd.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 952dbc9f..429cce7e 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -136,6 +136,8 @@ else
image="/lib/modules/${KERNEL_VERSION}/initramfs.img"
elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
image="/boot/initramfs-${KERNEL_VERSION}.img"
+ elif [[ -f /usr/lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then
+ image="/usr/lib/modules/${KERNEL_VERSION}/initramfs.img"
elif [[ $MACHINE_ID ]] \
&& mountpoint -q /efi; then
image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
--
2.42.0

10
0033-fix-squash-remove-cyclic-dependency.patch → 0028-fix-squash-remove-cyclic-dependency.patch
View File

@ -1,7 +1,7 @@
From 7e1598536003caf9c6b68e9a4eaf3cef8bfcfeb9 Mon Sep 17 00:00:00 2001
From 043aef3a9dee83818d67697fb6ad203dc3e87c39 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:23:41 +0200
Subject: [PATCH 33/35] fix(squash): remove cyclic dependency
Subject: [PATCH 28/32] fix(squash): remove cyclic dependency
With commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load
before checking dependencies") reverted 99squash can no longer rely on
@ -36,10 +36,10 @@ Resolves: RHEL-43460
create mode 100755 modules.d/99squash-lib/module-setup.sh
diff --git a/dracut.sh b/dracut.sh
index 68bdf33b..71568fe0 100755
index 4d2e3df2..db6713a9 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1911,7 +1911,7 @@ if [[ $kernel_only != yes ]]; then
@@ -1894,7 +1894,7 @@ if [[ $kernel_only != yes ]]; then
fi
fi
@ -48,7 +48,7 @@ index 68bdf33b..71568fe0 100755
_isize=0 #initramfs size
modules_loaded=" "
@@ -2276,9 +2276,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
@@ -2264,9 +2264,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
dinfo "*** Stripping files done ***"
fi

8
0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch → 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
View File

@ -1,7 +1,7 @@
From 8fe64408bd8349e28b7257f93880527a93c63fa2 Mon Sep 17 00:00:00 2001
From 2ce3f3ff72e608d7a3d42b566f9772393e313df4 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 27 Aug 2024 12:14:40 +0200
Subject: [PATCH 34/35] fix(dracut.sh): exit when installing the squash loader
Subject: [PATCH 29/32] fix(dracut.sh): exit when installing the squash loader
fails
The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib
@ -21,10 +21,10 @@ Resolves: RHEL-43460
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut.sh b/dracut.sh
index 71568fe0..3d73fe43 100755
index db6713a9..c5ef61ad 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2278,7 +2278,7 @@ fi
@@ -2266,7 +2266,7 @@ fi
if dracut_module_included "squash-lib"; then
dinfo "*** Squashing the files inside the initramfs ***"

4
0035-fix-squash-lib-harden-against-empty-initdir.patch → 0030-fix-squash-lib-harden-against-empty-initdir.patch
View File

@ -1,7 +1,7 @@
From 85235ab58df8343a1a0314333b360648a5d0f452 Mon Sep 17 00:00:00 2001
From e391c64afd187a81861301c949db5ffd1f9a3e5d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:29:01 +0200
Subject: [PATCH 35/35] fix(squash-lib): harden against empty $initdir
Subject: [PATCH 30/32] fix(squash-lib): harden against empty $initdir
The postinstall phase of 99squash-lib has the potential to delete the
whole rootfs if $initdir is empty. This should(tm) never happen.

158
0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch Normal file
View File

@ -0,0 +1,158 @@
From 626280f62a8f05e68e70b8db81eeffe196642bf3 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 8 Aug 2024 16:43:31 +0200
Subject: [PATCH 31/32] feat(fips-crypto-policies): make c-p follow FIPS mode
automatically
For a system that uses crypto-policies to be switched to FIPS mode
correctly, it needs to be
- booted with `fips=1` on the kernel command line
- switched to the FIPS crypto-policy (or a policy derived from it)
- have the fips dracut module enabled
On older systems, there were additional steps, for example, creating
`/etc/system-fips`.
We have repeatedly seen inconsistencies between those different toggles,
either because the user space tooling to switch between those does not
(for reliability, maintainability, and compliance reasons) undo some of
the steps it does when disabling FIPS mode, or because other
installation methods (bootc, containers, image builder) independently do
some of those steps. Eventually, all of these ended with user confusion.
We can avoid this situation by eliminating the difference by treating
the `fips=1` kernel command line switch as a single source of truth, and
making all others follow automatically. This module provides this for
crypto-policies, by adding bind-mounts before pivot if the system has
not already been switched to a FIPS-based crypto-policy.
This requires some support from the crypto-policies package (because it
needs to deal with the bind mounts when a user calls
`update-crypto-policies --set`), so make it a no-op unless
- `fips=1` is on the kernel command line
- crypto-policies is installed
- crypto-policies supports the bind-mounts (indicated by the presence
of the `default-fips-config` file)
- the policy isn't already FIPS
These checks should make this safe to add to the initramfs on all
current systems.
The bind-mounts also need to happen in the initramfs already, because
systemd links against OpenSSL, and doing them later means that systemd
will start with an OpenSSL configuration that isn't tailored for FIPS.
See also [1], which adds the user space support to crypto-policies,
along with a systemd service that does the same steps in case dracut
hasn't already done them (which is useful for environments that don't
use an initramfs like containers).
[1]: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/191
Signed-off-by: Clemens Lang <cllang@redhat.com>
(cherry picked from commit bd3c1e1cc2f656f7ee4ff47e00ca716d52a86a3d)
Resolves: RHEL-59678
---
.../fips-crypto-policies.sh | 52 +++++++++++++++++++
.../01fips-crypto-policies/module-setup.sh | 27 ++++++++++
2 files changed, 79 insertions(+)
create mode 100755 modules.d/01fips-crypto-policies/fips-crypto-policies.sh
create mode 100755 modules.d/01fips-crypto-policies/module-setup.sh
diff --git a/modules.d/01fips-crypto-policies/fips-crypto-policies.sh b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
new file mode 100755
index 00000000..ff298298
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/sh
+
+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ] || [ -z "$fipsmode" ]; then
+ # Do nothing if not in FIPS mode
+ return 0
+fi
+
+policyfile=/etc/crypto-policies/config
+fipspolicyfile=/usr/share/crypto-policies/default-fips-config
+backends=/etc/crypto-policies/back-ends
+fipsbackends=/usr/share/crypto-policies/back-ends/FIPS
+
+# When in FIPS mode, check the active crypto policy by reading the
+# $root/etc/crypto-policies/config file. If it is not "FIPS", or does not start
+# with "FIPS:", automatically switch to the FIPS policy by creating
+# bind-mounts.
+
+if ! [ -r "${NEWROOT}${policyfile}" ]; then
+ # No crypto-policies configured, possibly not a system that uses
+ # crypto-policies?
+ return 0
+fi
+
+if ! [ -f "${NEWROOT}${fipspolicyfile}" ]; then
+ # crypto-policies is too old to deal with automatic bind-mounting of the
+ # FIPS policy over the normal policy, do not attempt to do the bind-mount.
+ return 0
+fi
+
+policy=$(cat "${NEWROOT}${policyfile}")
+
+# Remove the largest suffix pattern matching ":*" from the string (i.e., the
+# complete list of active policy modules), then check for FIPS. This is part of
+# POSIX sh (https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_06_02).
+if [ "${policy%%:*}" = "FIPS" ]; then
+ return 0
+fi
+
+# Current crypto policy is not FIPS or FIPS-based, but the system is in FIPS
+# mode; this is an inconsistent configuration. Automatically bind-mount a FIPS
+# configuration over this.
+if ! mount -o bind,ro "${NEWROOT}${fipsbackends}" "${NEWROOT}${backends}"; then
+ warn "Failed to bind-mount FIPS policy over ${backends} (the system is in FIPS mode, but the crypto-policy is not)."
+ # If this bind-mount failed, don't attempt to do the other one to avoid
+ # a system that seems to be in FIPS crypto-policy but actually is not.
+ return 0
+fi
+
+mount -o bind,ro "${NEWROOT}${fipspolicyfile}" "${NEWROOT}${policyfile}" \
+ || warn "Failed to bind-mount FIPS crypto-policy state file over ${policyfile} (the system is in FIPS mode, but the crypto-policy is not)."
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
new file mode 100755
index 00000000..ee00452e
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/bash
+
+# called by dracut
+check() {
+ # only enable on systems that use crypto-policies
+ [ -d "$dracutsysrootdir/etc/crypto-policies" ] && return 0
+
+ # include when something else depends on it or it is explicitly requested
+ return 255
+}
+
+# called by dracut
+depends() {
+ return 0
+}
+
+# called by dracut
+installkernel() {
+ return 0
+}
+
+# called by dracut
+install() {
+ inst_hook pre-pivot 01 "$moddir/fips-crypto-policies.sh"
+
+ inst_multiple mount
+}
--
2.42.0

39
0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch
View File

@ -1,39 +0,0 @@
From d18bbc304e838ecf3b888ce4d70f1d96d21821f5 Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri, 7 Jun 2024 11:38:54 -0700
Subject: [PATCH 31/31] fix(dracut-functions): avoid awk in get_maj_min()
The `get_maj_min()` cache lookup is commonly used
across many flows. While `awk` should be available,
some highly constrained environments may not have it.
A second call to `grep` can provide the same behaviour
without adding a dependnecy.
Lines in the cache will be of the form "/dev/sda2 8:2".
`awk '{print $NF}'` returns the last word of a matching line. Since
the initial matching regex is so specific a second call to grep can
easily extract the last word.
(cherry picked commit ec7efd5701e9a1b24f2e85666d625fb1fe46ce86)
Related: RHEL-47145
---
dracut-functions.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index 43d905e3..b4d57454 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -243,7 +243,7 @@ get_maj_min() {
local _out
if [[ $get_maj_min_cache_file ]]; then
- _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
fi
if ! [[ "$_out" ]]; then
--
2.42.0

34
0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch Normal file
View File

@ -0,0 +1,34 @@
From cd5dbe004652d88b5d73418cba1e45c54ff9fd12 Mon Sep 17 00:00:00 2001
From: Jo Zzsi <jozzsicsataban@gmail.com>
Date: Thu, 5 Sep 2024 09:09:36 -0400
Subject: [PATCH 32/32] fix(fips-crypto-policies): make it depend on fips
dracut module
(cherry picked from commit a2096dafdbfc88eed91ce34b1f4d27e7eb7ca839)
Conflicts:
modules.d/01fips-crypto-policies/module-setup.sh
Due to upstream e6117b92fa0108dbaf9ea3ac0ec8f5a02487c812, which
was not cherry-picked. Resolved the conflict by keeping the
functions (i.e., undoing the cleanup of the upstream commit).
Resolves: RHEL-59678
---
modules.d/01fips-crypto-policies/module-setup.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
index ee00452e..140eae00 100755
--- a/modules.d/01fips-crypto-policies/module-setup.sh
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -11,6 +11,7 @@ check() {
# called by dracut
depends() {
+ echo fips
return 0
}
--
2.42.0

98
dracut.spec
View File

@ -7,8 +7,8 @@
%global __requires_exclude pkg-config
Name: dracut
Version: 102
Release: 4%{?dist}
Version: 103
Release: 1%{?dist}
Summary: Initramfs generator using udev
@ -22,111 +22,102 @@ URL: https://github.com/dracut-ng/dracut-ng/wiki/
Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
# feat(hwdb): add hwdb module to install hwdb.bin on demand
# Author: Pavel Valena <pvalena@redhat.com>
Patch1: 0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch
# fix(rngd): install system service file
# Author: Pavel Valena <pvalena@redhat.com>
Patch2: 0002-fix-rngd-install-system-service-file.patch
Patch1: 0001-fix-rngd-install-system-service-file.patch
# revert: "fix(install.d): correctly install pre-genned image and die if no args"
# Author: Pavel Valena <pvalena@redhat.com>
Patch3: 0003-revert-fix-install.d-correctly-install-pre-genned-im.patch
Patch2: 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch
# feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch4: 0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
Patch3: 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
# fix(kernel-install): do not generate an initrd when one was specified
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch5: 0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
# fix(crypt): decryption when rd.luks.name is set
# Author: Laszlo Gombos <laszlo.gombos@gmail.com>
Patch6: 0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch
Patch4: 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
# fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8
# Author: Pavel Valena <pvalena@redhat.com>
Patch7: 0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
Patch5: 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
# revert: "fix(crypt): unlock encrypted devices by default during boot"
# Author: Pavel Valena <pvalena@redhat.com>
Patch8: 0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
# fix(90kernel-modules): install blk modules using symbol blk_alloc_disk
# Author: Pavel Valena <pvalena@redhat.com>
Patch9: 0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch
Patch6: 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
# test: do not force include dash, let sh module make a selection
# Author: Laszlo Gombos <laszlo.gombos@gmail.com>
Patch10: 0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch
Patch7: 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
# fix(dracut-functions): allow for \ in get_maj_min file path
# Author: Pavel Valena <pvalena@redhat.com>
Patch11: 0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
Patch8: 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
# fix(dracut-functions.sh): only return block devices from get_persistent_dev
# Author: Fabian Vogt <fvogt@suse.de>
Patch12: 0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch
Patch9: 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
# feat(systemd*): include systemd config files from /usr/lib/systemd
# Author: Pavel Valena <pvalena@redhat.com>
Patch13: 0013-feat-systemd-include-systemd-config-files-from-usr-l.patch
Patch10: 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
# fix(resume): always include the resume module
# Author: Pavel Valena <pvalena@redhat.com>
Patch14: 0014-fix-resume-always-include-the-resume-module.patch
Patch11: 0011-fix-resume-always-include-the-resume-module.patch
# feat(dracut-init.sh): allow changing the destination directory for inst et al
# Author: Philipp Rudo <prudo@redhat.com>
Patch15: 0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch
Patch12: 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
# fix(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com>
Patch16: 0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
Patch13: 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
# feat(squash): move mksquashfs to 99squash/modules-setup
# Author: Philipp Rudo <prudo@redhat.com>
Patch17: 0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
Patch14: 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
# feat(squash): split 95squash-squashfs from 99squash
# Author: Philipp Rudo <prudo@redhat.com>
Patch18: 0018-feat-squash-split-95squash-squashfs-from-99squash.patch
Patch15: 0015-feat-squash-split-95squash-squashfs-from-99squash.patch
# feat(squash): add module 95squash-erofs
# Author: Philipp Rudo <prudo@redhat.com>
Patch19: 0019-feat-squash-add-module-95squash-erofs.patch
Patch16: 0016-feat-squash-add-module-95squash-erofs.patch
# feat(lsinitrd): add support for erofs images
# Author: Philipp Rudo <prudo@redhat.com>
Patch20: 0020-feat-lsinitrd-add-support-for-erofs-images.patch
Patch17: 0017-feat-lsinitrd-add-support-for-erofs-images.patch
# feat(dracut-initramfs-restore): unpack erofs images
# Author: Philipp Rudo <prudo@redhat.com>
Patch21: 0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch
Patch18: 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
# fix(squash): explicitly create required directories
# Author: Philipp Rudo <prudo@redhat.com>
Patch22: 0022-fix-squash-explicitly-create-required-directories.patch
Patch19: 0019-fix-squash-explicitly-create-required-directories.patch
# fix(squash): use 99busybox instead of installing it manually
# Author: Philipp Rudo <prudo@redhat.com>
Patch23: 0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
# feat(dmdquash-live): add support for using erofs
# Author: Brian C. Lane <bcl@redhat.com>
Patch24: 0024-feat-dmdquash-live-add-support-for-using-erofs.patch
Patch20: 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
# fix(nfs): set correct ownership and permissions for statd directory
# Author: Lukas Nykryn <lnykryn@redhat.com>
Patch25: 0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
Patch21: 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
# fix(resume): do not include resume if swap is on netdevice
# Author: Pavel Valena <pvalena@redhat.com>
Patch26: 0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
Patch22: 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
# feat(dracut-init.sh): give --force-add precedence over --omit
# Author: Pavel Valena <pvalena@redhat.com>
Patch27: 0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
Patch23: 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
# feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
# Author: Pavel Valena <pvalena@redhat.com>
Patch28: 0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
Patch24: 0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
# feat(fips): include fips module unconditionally
# Author: Pavel Valena <pvalena@redhat.com>
Patch29: 0029-feat-fips-include-fips-module-unconditionally.patch
Patch25: 0025-feat-fips-include-fips-module-unconditionally.patch
# fix(nfs): include also entries from /usr/lib/{passwd,group}
# Author: Pavel Valena <pvalena@redhat.com>
Patch30: 0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
# fix(dracut-functions): avoid awk in get_maj_min()
# Author: Daniel McIlvaney <damcilva@microsoft.com>
Patch31: 0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch
Patch26: 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
# revert(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com>
Patch32: 0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
Patch27: 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
# fix(squash): remove cyclic dependency
# Author: Philipp Rudo <prudo@redhat.com>
Patch33: 0033-fix-squash-remove-cyclic-dependency.patch
Patch28: 0028-fix-squash-remove-cyclic-dependency.patch
# fix(dracut.sh): exit when installing the squash loader fails
# Author: Philipp Rudo <prudo@redhat.com>
Patch34: 0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
Patch29: 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
# fix(squash-lib): harden against empty $initdir
# Author: Philipp Rudo <prudo@redhat.com>
Patch35: 0035-fix-squash-lib-harden-against-empty-initdir.patch
Patch30: 0030-fix-squash-lib-harden-against-empty-initdir.patch
# feat(fips-crypto-policies): make c-p follow FIPS mode automatically
# Author: Clemens Lang <cllang@redhat.com>
Patch31: 0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch
# fix(fips-crypto-policies): make it depend on fips dracut module
# Author: Jo Zzsi <jozzsicsataban@gmail.com>
Patch32: 0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch
# Please use source-git to work with this spec file:
# HowTo: https://packit.dev/source-git/work-with-source-git
@ -140,6 +131,7 @@ BuildRequires: gcc
BuildRequires: pkgconfig
BuildRequires: systemd
BuildRequires: bash-completion
BuildRequires: cargo
%if %{with doc}
BuildRequires: docbook-style-xsl docbook-dtds libxslt
@ -151,6 +143,8 @@ Provides: dracut-fips = %{version}-%{release}
Obsoletes: dracut-fips-aesni <= 047
Provides: dracut-fips-aesni = %{version}-%{release}
Provides: bundled(crate(crosvm)) = 0.1.0
Requires: bash >= 4
Requires: coreutils
Requires: cpio
@ -264,6 +258,7 @@ cp %{SOURCE1} .
%configure --systemdsystemunitdir=%{_unitdir} \
--bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) \
--libdir=%{_prefix}/lib \
--enable-dracut-cpio \
%if %{without doc}
--disable-documentation \
%endif
@ -332,6 +327,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/dracut-install
%{dracutlibdir}/dracut-util
%{dracutlibdir}/skipcpio
%{dracutlibdir}/dracut-cpio
%config(noreplace) %{_sysconfdir}/dracut.conf
%{dracutlibdir}/dracut.conf.d/01-dist.conf
%dir %{_sysconfdir}/dracut.conf.d
@ -357,6 +353,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/00warpclock
%endif
%{dracutlibdir}/modules.d/01fips
%{dracutlibdir}/modules.d/01fips-crypto-policies
%{dracutlibdir}/modules.d/01systemd-ac-power
%{dracutlibdir}/modules.d/01systemd-ask-password
%{dracutlibdir}/modules.d/01systemd-bsod
@ -535,6 +532,13 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
%changelog
* Fri Nov 01 2024 Pavel Valena <pvalena@redhat.com> - 103-1
- Update to dracut 103.
- spec: nable dracut-cpio binary
- feat(fips-crypto-policies): make c-p follow FIPS mode automatically
- fix(fips-crypto-policies): make it depend on fips dracut module
Resolves: RHEL-59678,RHEL-65204
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 102-4
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018

2
sources
View File

@ -1 +1 @@
SHA512 (102.tar.gz) = 463ad75f0508392431d58796763a41accf5a1dc17fe27d36e37d588153ca9c5b32b453faa9149524ea2dc2906805126d1e023feecb6554206595a972508f6a32
SHA512 (103.tar.gz) = ba0dbefbcbecb09c44ce240664bc4f4ee25dfb8be7bc060028ae3b1ccf7d70410491c105e64fcef3d6f44d2794cb6162bcea9404125906be46bf3dff098e0277