rpms/dracut
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Upgrade to dracut 103

Browse Source 
- enable dracut-cpio binary
- feat(fips-crypto-policies): make c-p follow FIPS mode automatically
- fix(fips-crypto-policies): make it depend on fips dracut module

Resolves: RHEL-59678,RHEL-65204

From-source-git-commit: ff3186be9d5871c6ec216019463199bb78cc1b32
This commit is contained in:
Pavel Valena 2024-10-31 21:03:00 +01:00
parent bcb0f045c0
commit a3b408b277
40 changed files with 391 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch
View File

@ -1,54 +0,0 @@
From 3bcb0a9f06bac7fa62dc7241860deb8b671f17cd Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 25 Apr 2023 14:56:59 +0200
Subject: [PATCH 01/24] feat(hwdb): add hwdb module to install hwdb.bin on
demand
Module to install hwdb.bin. Further extensions might make only selected
part of hwdb installable to save space. The module is not included by default.
Including the module adds 2MB of compressed data (on Fedora, the file has 12MB).
Installing hwdb.bin is needed in case of custom HW like a keyboard/mouse, or various interfaces.
Original PR: https://github.com/dracutdevs/dracut/pull/1681
---
modules.d/95hwdb/module-setup.sh | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100755 modules.d/95hwdb/module-setup.sh
diff --git a/modules.d/95hwdb/module-setup.sh b/modules.d/95hwdb/module-setup.sh
new file mode 100755
index 00000000..5d3250f3
--- /dev/null
+++ b/modules.d/95hwdb/module-setup.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+check() {
+ return 255
+}
+
+# called by dracut
+install() {
+ local hwdb_bin
+
+ # Follow the same priority as `systemd-hwdb`; `/etc` is the default
+ # and `/usr/lib` an alternative location.
+ hwdb_bin="${udevconfdir}"/hwdb.bin
+
+ if [[ ! -r ${hwdb_bin} ]]; then
+ hwdb_bin="${udevdir}"/hwdb.bin
+ fi
+
+ if [[ $hostonly ]]; then
+ inst_multiple -H "${hwdb_bin}"
+ else
+ inst_multiple "${hwdb_bin}"
+ fi
+}
--
2.42.0

4
0002-fix-rngd-install-system-service-file.patch → 0001-fix-rngd-install-system-service-file.patch
View File

@ -1,7 +1,7 @@
From d14d724620fe4810930d1c2f07d10fa6b8bc9557 Mon Sep 17 00:00:00 2001 From f75ae29afc829e19834c4cb99ca51b8ebe8481bf Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Sun, 23 Jul 2023 19:44:17 +0200 Date: Sun, 23 Jul 2023 19:44:17 +0200
Subject: [PATCH 02/24] fix(rngd): install system service file Subject: [PATCH 01/32] fix(rngd): install system service file
as there's no reason to keep a copy; there shouldn't be any modifications. as there's no reason to keep a copy; there shouldn't be any modifications.

4
0003-revert-fix-install.d-correctly-install-pre-genned-im.patch → 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch
View File

@ -1,7 +1,7 @@
From 6fa596ca039300e5f4bb3cca14768976efe95eac Mon Sep 17 00:00:00 2001 From 9b7740eaf33357cc087c83d95d089bdf8ead07dd Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:30:42 +0200 Date: Wed, 12 Jun 2024 06:30:42 +0200
Subject: [PATCH 03/24] revert: "fix(install.d): correctly install pre-genned Subject: [PATCH 02/32] revert: "fix(install.d): correctly install pre-genned
image and die if no args" image and die if no args"
revert: "fix(install.d): simplify and use what kernel-install gives us" revert: "fix(install.d): simplify and use what kernel-install gives us"

4
0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch → 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
View File

@ -1,7 +1,7 @@
From c6d18c3c71597e78572378fc4dde391f1845b8bd Mon Sep 17 00:00:00 2001 From 0d2983f7dbc1f5fbaa60735c839ea111d3f5d4e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:08:42 +0100 Date: Tue, 18 Jan 2022 18:08:42 +0100
Subject: [PATCH 04/24] feat(kernel-install): do nothing when Subject: [PATCH 03/32] feat(kernel-install): do nothing when
$KERNEL_INSTALL_INITRD_GENERATOR says so $KERNEL_INSTALL_INITRD_GENERATOR says so
dracut may be installed without being actually used. This is very common in dracut may be installed without being actually used. This is very common in

4
0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch → 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
View File

@ -1,7 +1,7 @@
From 1bd81956dc050db071c5885cfbcde393370468ae Mon Sep 17 00:00:00 2001 From 65d5bd785458da98b0388ddf3f8e67e569af67c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 18 Jan 2022 18:58:58 +0100 Date: Tue, 18 Jan 2022 18:58:58 +0100
Subject: [PATCH 05/24] fix(kernel-install): do not generate an initrd when one Subject: [PATCH 04/32] fix(kernel-install): do not generate an initrd when one
was specified was specified
According to the synopsis, kernel-install can be called with an According to the synopsis, kernel-install can be called with an

4
0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch → 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
View File

@ -1,7 +1,7 @@
From 30e7870504d09183bb9d99ed04f148c7dfb0c645 Mon Sep 17 00:00:00 2001 From 35326479721f8b439f291bf8ff35354107144012 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 07:33:05 +0200 Date: Thu, 11 Jul 2024 07:33:05 +0200
Subject: [PATCH 07/24] fix: incorrectly applied patch in commit Subject: [PATCH 05/32] fix: incorrectly applied patch in commit
c6d18c3c71597e78572378fc4dde391f1845b8 c6d18c3c71597e78572378fc4dde391f1845b8
named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so" named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so"

25
0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch
View File

@ -1,25 +0,0 @@
From 6cb58e86ae65cf9922023b12e889446323a89080 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Sat, 15 Jun 2024 15:21:44 -0400
Subject: [PATCH 06/24] fix(crypt): decryption when rd.luks.name is set
---
modules.d/90crypt/parse-crypt.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index 39fc6d21..9567a4a9 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -174,7 +174,7 @@ else
} >> "$hookdir/emergency/90-crypt.sh"
fi
done
- elif getargbool 1 rd.auto; then
+ elif getargbool 1 rd.auto && [ -z "$(getargs rd.luks.name)" ]; then
if [ -z "$DRACUT_SYSTEMD" ]; then
{
printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
--
2.42.0

4
0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch → 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
View File

@ -1,7 +1,7 @@
From 93937d805f8166d9f708f9163fc93839fc1437d3 Mon Sep 17 00:00:00 2001 From afcfd7378110969cce445d7613d9e81c9d85cac0 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 11 Jul 2024 16:24:14 +0200 Date: Thu, 11 Jul 2024 16:24:14 +0200
Subject: [PATCH 08/24] revert: "fix(crypt): unlock encrypted devices by Subject: [PATCH 06/32] revert: "fix(crypt): unlock encrypted devices by
default during boot" default during boot"
This reverts commit 2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1. This reverts commit 2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1.

4
0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch → 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
View File

@ -1,7 +1,7 @@
From aded658821983ba7d92def26793813c1b3a83475 Mon Sep 17 00:00:00 2001 From 02bc9391cfdf7f3b16c49cde9d881642c13fc8c0 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com> From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Sat, 20 Jul 2024 18:49:38 -0400 Date: Sat, 20 Jul 2024 18:49:38 -0400
Subject: [PATCH 10/24] test: do not force include dash, let sh module make a Subject: [PATCH 07/32] test: do not force include dash, let sh module make a
selection selection
This is important for alpine, so that it does not install both This is important for alpine, so that it does not install both

10
0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch → 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
View File

@ -1,7 +1,7 @@
From a891ae527aaf3c015d3b4b0290655b89fdf8f03d Mon Sep 17 00:00:00 2001 From bdfdbdee356cb83dad86f1d49fc21df9117ba8eb Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 01:30:50 +0200 Date: Thu, 8 Aug 2024 01:30:50 +0200
Subject: [PATCH 11/24] fix(dracut-functions): allow for \ in get_maj_min file Subject: [PATCH 08/32] fix(dracut-functions): allow for \ in get_maj_min file
path path
as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition
@ -14,15 +14,15 @@ Resolves: RHEL-47145
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh diff --git a/dracut-functions.sh b/dracut-functions.sh
index f9e5d3bc..c8cb2e15 100755 index 1f7a9052..d436a357 100755
--- a/dracut-functions.sh --- a/dracut-functions.sh
+++ b/dracut-functions.sh +++ b/dracut-functions.sh
@@ -243,7 +243,7 @@ get_maj_min() { @@ -243,7 +243,7 @@ get_maj_min() {
local _out local _out
if [[ $get_maj_min_cache_file ]]; then if [[ $get_maj_min_cache_file ]]; then
- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" - _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" + _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
fi fi
if ! [[ "$_out" ]]; then if ! [[ "$_out" ]]; then

33
0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch
View File

@ -1,33 +0,0 @@
From e02ef9afa1ede698623f25d5694949e9b4fedb4e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 6 Dec 2022 21:46:01 +0100
Subject: [PATCH 09/24] fix(90kernel-modules): install blk modules using symbol
blk_alloc_disk
Corresponding kernel symbol blk_cleanup_disk is no longer used in the nvdimm
driver and calls are made directly instead.
blk_alloc_disk is used:
https://elixir.bootlin.com/linux/v6.1-rc8/source/drivers/nvdimm/pmem.c#L522
Resolves: RHEL-32237
---
modules.d/90kernel-modules/module-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh
index ec60f393..89f33231 100755
--- a/modules.d/90kernel-modules/module-setup.sh
+++ b/modules.d/90kernel-modules/module-setup.sh
@@ -2,7 +2,7 @@
# called by dracut
installkernel() {
- local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk'
+ local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_alloc_disk|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk'
local -A _hostonly_drvs
record_block_dev_drv() {
--
2.42.0

6
0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch → 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
View File

@ -1,7 +1,7 @@
From 821ffb39cd0c3003b2711d30302b713ab9b5da9b Mon Sep 17 00:00:00 2001 From 31fe330589cfd564790c4255c951567a3479df94 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de> From: Fabian Vogt <fvogt@suse.de>
Date: Mon, 5 Aug 2024 11:28:32 +0200 Date: Mon, 5 Aug 2024 11:28:32 +0200
Subject: [PATCH 12/24] fix(dracut-functions.sh): only return block devices Subject: [PATCH 09/32] fix(dracut-functions.sh): only return block devices
from get_persistent_dev from get_persistent_dev
With udev 256, there are now directories such as With udev 256, there are now directories such as
@ -24,7 +24,7 @@ Resolves: RHEL-49744
1 file changed, 1 insertion(+), 2 deletions(-) 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh diff --git a/dracut-functions.sh b/dracut-functions.sh
index c8cb2e15..43d905e3 100755 index d436a357..b4d57454 100755
--- a/dracut-functions.sh --- a/dracut-functions.sh
+++ b/dracut-functions.sh +++ b/dracut-functions.sh
@@ -294,8 +294,7 @@ get_persistent_dev() { @@ -294,8 +294,7 @@ get_persistent_dev() {

20
0013-feat-systemd-include-systemd-config-files-from-usr-l.patch → 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
View File

@ -1,7 +1,7 @@
From 3e4a22f2b72d0723fd43ca917b8aa9003c6c7f8f Mon Sep 17 00:00:00 2001 From e90249443fe2285f221849359e9066aefff29eff Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 12 Jun 2024 06:06:32 +0200 Date: Wed, 12 Jun 2024 06:06:32 +0200
Subject: [PATCH 13/24] feat(systemd*): include systemd config files from Subject: [PATCH 10/32] feat(systemd*): include systemd config files from
/usr/lib/systemd /usr/lib/systemd
and also use proper variables for the paths, and fixup invalid paths. and also use proper variables for the paths, and fixup invalid paths.
@ -26,7 +26,7 @@ Resolves: RHEL-32506
5 files changed, 10 insertions(+), 3 deletions(-) 5 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh
index d173c99f..0f151289 100755 index ce7bb520..70a2a78f 100755
--- a/modules.d/00systemd/module-setup.sh --- a/modules.d/00systemd/module-setup.sh
+++ b/modules.d/00systemd/module-setup.sh +++ b/modules.d/00systemd/module-setup.sh
@@ -42,6 +42,8 @@ install() { @@ -42,6 +42,8 @@ install() {
@ -50,10 +50,10 @@ index d173c99f..0f151289 100755
/etc/hostname \ /etc/hostname \
/etc/nsswitch.conf \ /etc/nsswitch.conf \
diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh
index 47666b6c..17deb088 100755 index 0c5cbcfb..6acbe75f 100755
--- a/modules.d/01systemd-coredump/module-setup.sh --- a/modules.d/01systemd-coredump/module-setup.sh
+++ b/modules.d/01systemd-coredump/module-setup.sh +++ b/modules.d/01systemd-coredump/module-setup.sh
@@ -33,6 +33,7 @@ install() { @@ -35,6 +35,7 @@ install() {
inst_multiple -o \ inst_multiple -o \
"$sysctld"/50-coredump.conf \ "$sysctld"/50-coredump.conf \
"$systemdutildir"/coredump.conf \ "$systemdutildir"/coredump.conf \
@ -61,7 +61,7 @@ index 47666b6c..17deb088 100755
"$systemdutildir"/systemd-coredump \ "$systemdutildir"/systemd-coredump \
"$systemdsystemunitdir"/systemd-coredump.socket \ "$systemdsystemunitdir"/systemd-coredump.socket \
"$systemdsystemunitdir"/systemd-coredump@.service \ "$systemdsystemunitdir"/systemd-coredump@.service \
@@ -51,7 +52,7 @@ install() { @@ -52,7 +53,7 @@ install() {
if [[ $hostonly ]]; then if [[ $hostonly ]]; then
inst_multiple -H -o \ inst_multiple -H -o \
"$systemdutilconfdir"/coredump.conf \ "$systemdutilconfdir"/coredump.conf \
@ -84,10 +84,10 @@ index 67034bbf..5de5db4b 100755
"$systemdsystemunitdir"/systemd-pstore.service \ "$systemdsystemunitdir"/systemd-pstore.service \
"$systemdsystemunitdir/systemd-pstore.service.d/*.conf" "$systemdsystemunitdir/systemd-pstore.service.d/*.conf"
diff --git a/modules.d/01systemd-resolved/module-setup.sh b/modules.d/01systemd-resolved/module-setup.sh diff --git a/modules.d/01systemd-resolved/module-setup.sh b/modules.d/01systemd-resolved/module-setup.sh
index 0c2e8c28..7b4b26e8 100755 index b354bc6c..d20f211c 100755
--- a/modules.d/01systemd-resolved/module-setup.sh --- a/modules.d/01systemd-resolved/module-setup.sh
+++ b/modules.d/01systemd-resolved/module-setup.sh +++ b/modules.d/01systemd-resolved/module-setup.sh
@@ -49,6 +49,7 @@ install() { @@ -50,6 +50,7 @@ install() {
# Install the hosts local user configurations if enabled. # Install the hosts local user configurations if enabled.
if [[ $hostonly ]]; then if [[ $hostonly ]]; then
inst_multiple -H -o \ inst_multiple -H -o \
@ -96,10 +96,10 @@ index 0c2e8c28..7b4b26e8 100755
"$systemdutilconfdir/resolved.conf.d/*.conf" \ "$systemdutilconfdir/resolved.conf.d/*.conf" \
"$systemdsystemconfdir"/systemd-resolved.service \ "$systemdsystemconfdir"/systemd-resolved.service \
diff --git a/modules.d/01systemd-timesyncd/module-setup.sh b/modules.d/01systemd-timesyncd/module-setup.sh diff --git a/modules.d/01systemd-timesyncd/module-setup.sh b/modules.d/01systemd-timesyncd/module-setup.sh
index a2c67540..77f7b113 100755 index 0c065af6..82902b3b 100755
--- a/modules.d/01systemd-timesyncd/module-setup.sh --- a/modules.d/01systemd-timesyncd/module-setup.sh
+++ b/modules.d/01systemd-timesyncd/module-setup.sh +++ b/modules.d/01systemd-timesyncd/module-setup.sh
@@ -38,6 +38,7 @@ install() { @@ -40,6 +40,7 @@ install() {
"$systemdntpunits/*.list" \ "$systemdntpunits/*.list" \
"$systemdutildir"/systemd-timesyncd \ "$systemdutildir"/systemd-timesyncd \
"$systemdutildir"/systemd-time-wait-sync \ "$systemdutildir"/systemd-time-wait-sync \

4
0014-fix-resume-always-include-the-resume-module.patch → 0011-fix-resume-always-include-the-resume-module.patch
View File

@ -1,7 +1,7 @@
From 53d78f4eb236500465279c424c296ff576421c7c Mon Sep 17 00:00:00 2001 From 91f878a4fe4ed694baad59cdb1c7366b002cf1da Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:21:12 +0200 Date: Thu, 8 Aug 2024 00:21:12 +0200
Subject: [PATCH 14/24] fix(resume): always include the resume module Subject: [PATCH 11/32] fix(resume): always include the resume module
as we can't determine with certainity that it won't be needed. as we can't determine with certainity that it won't be needed.

16
0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch → 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
View File

@ -1,7 +1,7 @@
From b8b7e0245bb3c645b45d4a31847ed227a8431ec8 Mon Sep 17 00:00:00 2001 From 5ed57d866f2be5dc73c7c70a70f51ccae9bdd47d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:46:47 +0200 Date: Mon, 22 Jul 2024 16:46:47 +0200
Subject: [PATCH 15/24] feat(dracut-init.sh): allow changing the destination Subject: [PATCH 12/32] feat(dracut-init.sh): allow changing the destination
directory for inst et al directory for inst et al
When using 99squash dracut actually builds two separate initrds. The When using 99squash dracut actually builds two separate initrds. The
@ -53,7 +53,7 @@ Related: RHEL-43460
1 file changed, 25 insertions(+), 15 deletions(-) 1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh diff --git a/dracut-init.sh b/dracut-init.sh
index 863df0cb..58e657b5 100755 index 986da96b..8e943493 100755
--- a/dracut-init.sh --- a/dracut-init.sh
+++ b/dracut-init.sh +++ b/dracut-init.sh
@@ -240,34 +240,36 @@ inst_dir() { @@ -240,34 +240,36 @@ inst_dir() {
@ -129,7 +129,7 @@ index 863df0cb..58e657b5 100755
for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do
[[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}" [[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}"
done done
@@ -1047,13 +1052,15 @@ for_each_module_dir() { @@ -1056,13 +1061,15 @@ for_each_module_dir() {
} }
dracut_kernel_post() { dracut_kernel_post() {
@ -147,7 +147,7 @@ index 863df0cb..58e657b5 100755
dfatal "\"depmod -a $kernel\" failed." dfatal "\"depmod -a $kernel\" failed."
exit 1 exit 1
fi fi
@@ -1067,6 +1074,7 @@ instmods() { @@ -1076,6 +1083,7 @@ instmods() {
# <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage" # <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"
# -c check # -c check
# -s silent # -s silent
@ -155,7 +155,7 @@ index 863df0cb..58e657b5 100755
local _optional="-o" local _optional="-o"
local _silent local _silent
local _ret local _ret
@@ -1092,7 +1100,7 @@ instmods() { @@ -1101,7 +1109,7 @@ instmods() {
fi fi
$DRACUT_INSTALL \ $DRACUT_INSTALL \
@ -164,7 +164,7 @@ index 863df0cb..58e657b5 100755
${dracutsysrootdir:+-r "$dracutsysrootdir"} \ ${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \ ${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \ ${hostonly:+-H} \
@@ -1106,7 +1114,7 @@ instmods() { @@ -1115,7 +1123,7 @@ instmods() {
if ((_ret != 0)) && [[ -z $_silent ]]; then if ((_ret != 0)) && [[ -z $_silent ]]; then
derror "FAILED: " \ derror "FAILED: " \
"$DRACUT_INSTALL" \ "$DRACUT_INSTALL" \
@ -173,7 +173,7 @@ index 863df0cb..58e657b5 100755
${dracutsysrootdir:+-r "$dracutsysrootdir"} \ ${dracutsysrootdir:+-r "$dracutsysrootdir"} \
${loginstall:+-L "$loginstall"} \ ${loginstall:+-L "$loginstall"} \
${hostonly:+-H} \ ${hostonly:+-H} \
@@ -1123,14 +1131,16 @@ instmods() { @@ -1132,14 +1140,16 @@ instmods() {
if [[ "$(ln --help)" == *--relative* ]]; then if [[ "$(ln --help)" == *--relative* ]]; then
ln_r() { ln_r() {

14
0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch → 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
View File

@ -1,7 +1,7 @@
From c81d6422d71b02ed9158a67c00fa0a5eec232f37 Mon Sep 17 00:00:00 2001 From 150e428c0e8d40257a983c2f82be5e8e0f30920f Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Thu, 25 Jul 2024 12:47:00 +0200 Date: Thu, 25 Jul 2024 12:47:00 +0200
Subject: [PATCH 16/24] fix(dracut-init.sh): add module to mods_to_load before Subject: [PATCH 13/32] fix(dracut-init.sh): add module to mods_to_load before
checking dependencies checking dependencies
When implementing erofs support for 99squash we end up with three When implementing erofs support for 99squash we end up with three
@ -34,10 +34,10 @@ Related: RHEL-43460
1 file changed, 6 insertions(+), 6 deletions(-) 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh diff --git a/dracut-init.sh b/dracut-init.sh
index 58e657b5..840c6167 100755 index 8e943493..746362d1 100755
--- a/dracut-init.sh --- a/dracut-init.sh
+++ b/dracut-init.sh +++ b/dracut-init.sh
@@ -915,6 +915,9 @@ check_mount() { @@ -924,6 +924,9 @@ check_mount() {
fi fi
fi fi
@ -47,7 +47,7 @@ index 58e657b5..840c6167 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added # handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \ [[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -933,9 +936,6 @@ check_mount() { @@ -942,9 +945,6 @@ check_mount() {
fi fi
done done
@ -57,7 +57,7 @@ index 58e657b5..840c6167 100755
return 0 return 0
} }
@@ -990,6 +990,9 @@ check_module() { @@ -999,6 +999,9 @@ check_module() {
fi fi
fi fi
@ -67,7 +67,7 @@ index 58e657b5..840c6167 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added # handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \ [[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1008,9 +1011,6 @@ check_module() { @@ -1017,9 +1020,6 @@ check_module() {
fi fi
done done

16
0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch → 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
View File

@ -1,7 +1,7 @@
From bbb64f449a4f3cd76ea63d73ebc1043a3dd14118 Mon Sep 17 00:00:00 2001 From 2d851d7d1709f5a03d8dab847aa42770bff2644b Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 22 Jul 2024 16:30:50 +0200 Date: Mon, 22 Jul 2024 16:30:50 +0200
Subject: [PATCH 17/24] feat(squash): move mksquashfs to 99squash/modules-setup Subject: [PATCH 14/32] feat(squash): move mksquashfs to 99squash/modules-setup
When using 99squash dracut actually builds two separat initrds. The When using 99squash dracut actually builds two separat initrds. The
"normal" one, that gets squashed into a squashfs image, and a "normal" one, that gets squashed into a squashfs image, and a
@ -32,10 +32,10 @@ Related: RHEL-43460
2 files changed, 49 insertions(+), 44 deletions(-) 2 files changed, 49 insertions(+), 44 deletions(-)
diff --git a/dracut.sh b/dracut.sh diff --git a/dracut.sh b/dracut.sh
index cc6d6f28..68bdf33b 100755 index 856b884e..4d2e3df2 100755
--- a/dracut.sh --- a/dracut.sh
+++ b/dracut.sh +++ b/dracut.sh
@@ -1277,6 +1277,7 @@ trap ' @@ -1260,6 +1260,7 @@ trap '
trap 'exit 1;' SIGINT trap 'exit 1;' SIGINT
readonly initdir="${DRACUT_TMPDIR}/initramfs" readonly initdir="${DRACUT_TMPDIR}/initramfs"
@ -43,7 +43,7 @@ index cc6d6f28..68bdf33b 100755
mkdir -p "$initdir" mkdir -p "$initdir"
if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi_table_dir ]]; }; then if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi_table_dir ]]; }; then
@@ -1804,7 +1805,8 @@ export initdir dracutbasedir \ @@ -1787,7 +1788,8 @@ export initdir dracutbasedir \
host_fs_types host_devs swap_devs sshkey add_fstab \ host_fs_types host_devs swap_devs sshkey add_fstab \
DRACUT_VERSION \ DRACUT_VERSION \
prefix filesystems drivers \ prefix filesystems drivers \
@ -53,7 +53,7 @@ index cc6d6f28..68bdf33b 100755
mods_to_load="" mods_to_load=""
# check all our modules to see if they should be sourced. # check all our modules to see if they should be sourced.
@@ -1909,6 +1911,8 @@ if [[ $kernel_only != yes ]]; then @@ -1892,6 +1894,8 @@ if [[ $kernel_only != yes ]]; then
fi fi
fi fi
@ -62,7 +62,7 @@ index cc6d6f28..68bdf33b 100755
_isize=0 #initramfs size _isize=0 #initramfs size
modules_loaded=" " modules_loaded=" "
# source our modules. # source our modules.
@@ -2255,14 +2259,6 @@ if [[ $kernel_only != yes ]]; then @@ -2243,14 +2247,6 @@ if [[ $kernel_only != yes ]]; then
build_ld_cache build_ld_cache
fi fi
@ -77,7 +77,7 @@ index cc6d6f28..68bdf33b 100755
if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
# stripping files negates (dedup) benefits of using reflink # stripping files negates (dedup) benefits of using reflink
[[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink" [[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink"
@@ -2282,25 +2278,8 @@ fi @@ -2270,25 +2266,8 @@ fi
if dracut_module_included "squash"; then if dracut_module_included "squash"; then
dinfo "*** Squashing the files inside the initramfs ***" dinfo "*** Squashing the files inside the initramfs ***"

4
0018-feat-squash-split-95squash-squashfs-from-99squash.patch → 0015-feat-squash-split-95squash-squashfs-from-99squash.patch
View File

@ -1,7 +1,7 @@
From 1ef53f9d5ea7f74730b27b8016304c58b2d31871 Mon Sep 17 00:00:00 2001 From dd3daa0560e4e4f809b42a901cd79076d3577f96 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 16:39:13 +0200 Date: Tue, 23 Jul 2024 16:39:13 +0200
Subject: [PATCH 18/24] feat(squash): split 95squash-squashfs from 99squash Subject: [PATCH 15/32] feat(squash): split 95squash-squashfs from 99squash
99squash only allows squashing the files using squashfs. In order to 99squash only allows squashing the files using squashfs. In order to
make the implementation for different filesystems easier split out the make the implementation for different filesystems easier split out the

4
0019-feat-squash-add-module-95squash-erofs.patch → 0016-feat-squash-add-module-95squash-erofs.patch
View File

@ -1,7 +1,7 @@
From 4e8ea763cb10ab4f3b65e865d2ad03c8a5393e04 Mon Sep 17 00:00:00 2001 From fcc73940a1e21fa79b7133e12ed0f8ed13645a54 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 17:42:33 +0200 Date: Tue, 23 Jul 2024 17:42:33 +0200
Subject: [PATCH 19/24] feat(squash): add module 95squash-erofs Subject: [PATCH 16/32] feat(squash): add module 95squash-erofs
Allow squashing the image in 99squash using erofs. Keep squashfs as Allow squashing the image in 99squash using erofs. Keep squashfs as
default to not change existing systems. I.e. only use erofs if the user default to not change existing systems. I.e. only use erofs if the user

12
0020-feat-lsinitrd-add-support-for-erofs-images.patch → 0017-feat-lsinitrd-add-support-for-erofs-images.patch
View File

@ -1,7 +1,7 @@
From 327adc7782fd43f4cf9848f1c24f196c496b6b53 Mon Sep 17 00:00:00 2001 From fc5efe96e0ffbfa447d27ba28245420f91b638dc Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 23 Jul 2024 18:33:37 +0200 Date: Tue, 23 Jul 2024 18:33:37 +0200
Subject: [PATCH 20/24] feat(lsinitrd): add support for erofs images Subject: [PATCH 17/32] feat(lsinitrd): add support for erofs images
Add support to handle erofs images in lsinitrd. Unfortunately the erofs Add support to handle erofs images in lsinitrd. Unfortunately the erofs
tooling is missing some functionality of unsquashfs, esp. the ability to tooling is missing some functionality of unsquashfs, esp. the ability to
@ -22,10 +22,10 @@ Resolves: RHEL-43460
1 file changed, 113 insertions(+), 54 deletions(-) 1 file changed, 113 insertions(+), 54 deletions(-)
diff --git a/lsinitrd.sh b/lsinitrd.sh diff --git a/lsinitrd.sh b/lsinitrd.sh
index 1329ab70..952dbc9f 100755 index b36d0e12..6799f938 100755
--- a/lsinitrd.sh --- a/lsinitrd.sh
+++ b/lsinitrd.sh +++ b/lsinitrd.sh
@@ -172,10 +172,47 @@ dracutlibdirs() { @@ -174,10 +174,47 @@ dracutlibdirs() {
done done
} }
@ -76,7 +76,7 @@ index 1329ab70..952dbc9f 100755
((${#filenames[@]} == 1)) && nofileinfo=1 ((${#filenames[@]} == 1)) && nofileinfo=1
for f in "${!filenames[@]}"; do for f in "${!filenames[@]}"; do
@@ -183,18 +220,24 @@ extract_files() { @@ -185,18 +222,24 @@ extract_files() {
[[ $nofileinfo ]] || echo "========================================================================" [[ $nofileinfo ]] || echo "========================================================================"
# shellcheck disable=SC2001 # shellcheck disable=SC2001
[[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g') [[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g')
@ -113,7 +113,7 @@ index 1329ab70..952dbc9f 100755
[[ $nofileinfo ]] || echo "========================================================================" [[ $nofileinfo ]] || echo "========================================================================"
[[ $nofileinfo ]] || echo [[ $nofileinfo ]] || echo
done done
@@ -220,66 +263,82 @@ list_files() { @@ -222,66 +265,82 @@ list_files() {
} }
list_squash_content() { list_squash_content() {

8
0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch → 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
View File

@ -1,7 +1,7 @@
From 0d90ae671e130b631383fb481a1f38a175167eff Mon Sep 17 00:00:00 2001 From ac4b18bf89bfa440ff741557fe9928cd2b19b66e Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 17:24:28 +0200 Date: Tue, 30 Jul 2024 17:24:28 +0200
Subject: [PATCH 21/24] feat(dracut-initramfs-restore): unpack erofs images Subject: [PATCH 18/32] feat(dracut-initramfs-restore): unpack erofs images
Follow the example for squashfs images and also unpack erofs images in Follow the example for squashfs images and also unpack erofs images in
dracut-initramfs-restore. dracut-initramfs-restore.
@ -17,10 +17,10 @@ Resolves: RHEL-43460
2 files changed, 9 insertions(+), 3 deletions(-) 2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/dracut-initramfs-restore.sh b/dracut-initramfs-restore.sh diff --git a/dracut-initramfs-restore.sh b/dracut-initramfs-restore.sh
index cc561b22..015160b7 100755 index 74725308..98cfaed7 100755
--- a/dracut-initramfs-restore.sh --- a/dracut-initramfs-restore.sh
+++ b/dracut-initramfs-restore.sh +++ b/dracut-initramfs-restore.sh
@@ -74,12 +74,18 @@ else @@ -81,12 +81,18 @@ else
exit 1 exit 1
fi fi

4
0022-fix-squash-explicitly-create-required-directories.patch → 0019-fix-squash-explicitly-create-required-directories.patch
View File

@ -1,7 +1,7 @@
From a3ca60929c50f1a1d41cf4567e3a4a8231a92642 Mon Sep 17 00:00:00 2001 From c0bd2334708d9bfc6fbeb1c63eae0037eb4157b6 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:35:17 +0200 Date: Tue, 30 Jul 2024 13:35:17 +0200
Subject: [PATCH 22/24] fix(squash): explicitly create required directories Subject: [PATCH 19/32] fix(squash): explicitly create required directories
At the moment 99squash relies on dracut-install to create the required At the moment 99squash relies on dracut-install to create the required
directories it later links to. This approach is error prone and will directories it later links to. This approach is error prone and will

4
0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch → 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
View File

@ -1,7 +1,7 @@
From a6e8e41cd1d67bb4ee64b2bf107e98c18bf8afdf Mon Sep 17 00:00:00 2001 From eef65961330c8fb68493d9a3eab55171482984c1 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 30 Jul 2024 13:44:32 +0200 Date: Tue, 30 Jul 2024 13:44:32 +0200
Subject: [PATCH 23/24] fix(squash): use 99busybox instead of installing it Subject: [PATCH 20/32] fix(squash): use 99busybox instead of installing it
manually manually
Make use of 99busybox in 99squash rather than installing it manually. Make use of 99busybox in 99squash rather than installing it manually.

6
0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch → 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
View File

@ -1,7 +1,7 @@
From 458e2a42d6921cedb67623b68f6e310145f4b129 Mon Sep 17 00:00:00 2001 From c6c9f871b87cdc334be989b42e9a5d2070ae17c5 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com> From: Lukas Nykryn <lnykryn@redhat.com>
Date: Mon, 19 Jul 2021 11:27:28 +0200 Date: Mon, 19 Jul 2021 11:27:28 +0200
Subject: [PATCH 25/31] fix(nfs): set correct ownership and permissions for Subject: [PATCH 21/32] fix(nfs): set correct ownership and permissions for
statd directory statd directory
The directory ownership for the statd directory should be The directory ownership for the statd directory should be
@ -15,7 +15,7 @@ Resolves: RHEL-53361
1 file changed, 7 insertions(+), 2 deletions(-) 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index abe1ee59..da6549d1 100755 index 5cc42892..fbaeeb00 100755
--- a/modules.d/95nfs/module-setup.sh --- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh +++ b/modules.d/95nfs/module-setup.sh
@@ -120,8 +120,13 @@ install() { @@ -120,8 +120,13 @@ install() {

4
0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch → 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
View File

@ -1,7 +1,7 @@
From 23a7d5d4752dd4273f406cf1729b2d98f39d0aa5 Mon Sep 17 00:00:00 2001 From 4a6806efae05b453bb9b93efe961fb1033bb562b Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 00:39:17 +0200 Date: Sat, 17 Aug 2024 00:39:17 +0200
Subject: [PATCH 26/31] fix(resume): do not include resume if swap is on Subject: [PATCH 22/32] fix(resume): do not include resume if swap is on
netdevice netdevice
Additional fix, restoring previous behavior identical to RHEL-9. Additional fix, restoring previous behavior identical to RHEL-9.

8
0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch → 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
View File

@ -1,7 +1,7 @@
From 101ee8a01d36d93b23749a67c337a2833f8ce1d3 Mon Sep 17 00:00:00 2001 From 2f3c9cb56cc7ccdccbd8f8056b21d39fa736da1e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Sat, 17 Aug 2024 01:43:50 +0200 Date: Sat, 17 Aug 2024 01:43:50 +0200
Subject: [PATCH 27/31] feat(dracut-init.sh): give --force-add precedence over Subject: [PATCH 23/32] feat(dracut-init.sh): give --force-add precedence over
--omit --omit
This gives precedence of force_add_dracutmodules to omit_dracutmodules, This gives precedence of force_add_dracutmodules to omit_dracutmodules,
@ -23,10 +23,10 @@ Resolves: RHEL-53791
1 file changed, 4 insertions(+), 2 deletions(-) 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh diff --git a/dracut-init.sh b/dracut-init.sh
index 840c6167..5d5fc081 100755 index 746362d1..3917bb0d 100755
--- a/dracut-init.sh --- a/dracut-init.sh
+++ b/dracut-init.sh +++ b/dracut-init.sh
@@ -960,8 +960,10 @@ check_module() { @@ -969,8 +969,10 @@ check_module() {
[[ $2 ]] || mods_checked_as_dep+=" $_mod " [[ $2 ]] || mods_checked_as_dep+=" $_mod "
if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then

69
0024-feat-dmdquash-live-add-support-for-using-erofs.patch
View File

@ -1,69 +0,0 @@
From 3b4fe88a4259ec576a41d98b6aaee324a6b48b0f Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Wed, 10 Jul 2024 16:30:09 -0700
Subject: [PATCH 24/24] feat(dmdquash-live): add support for using erofs
This adds support for rootfs compressed with erofs. Either as a plain
erofs image or a LiveOS/rootfs.img ext4 filesystem compressed with
erofs.
This patch does not make any attempt to change the squashfs directory
naming (or variable names) in order to make these changes as small as
possible and easy to review. It also does not make any attempt to
support the multitude of available options other than what is needed by
anaconda-dracut calling this script to setup the boot.iso root
filesystem.
(which isn't to say it doesn't work, it just hasn't been tested and is
outside the scope of this change).
(cherry picked commit ca5ae5d3466eec40d118fc96d450478aa6faebb6)
Resolves: RHEL-43460
---
modules.d/90dmsquash-live/dmsquash-live-root.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh
index 4518852b..a376185e 100755
--- a/modules.d/90dmsquash-live/dmsquash-live-root.sh
+++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh
@@ -97,7 +97,6 @@ det_img_fs() {
blkid -s TYPE -u noraid -o value "$1"
}
-load_fstype squashfs
CMDLINE=$(getcmdline)
for arg in $CMDLINE; do
case $arg in
@@ -112,14 +111,15 @@ if [ -f "$livedev" ]; then
# check filesystem type and handle accordingly
fstype=$(det_img_fs "$livedev")
case $fstype in
- squashfs) SQUASHED=$livedev ;;
- auto) die "cannot mount live image (unknown filesystem type)" ;;
+ squashfs | erofs) SQUASHED=$livedev ;;
+ auto) die "cannot mount live image (unknown filesystem type $fstype)" ;;
*) FSIMG=$livedev ;;
esac
load_fstype "$fstype"
else
livedev_fstype=$(det_fs "$livedev")
- if [ "$livedev_fstype" = "squashfs" ]; then
+ load_fstype "$livedev_fstype"
+ if [ "$livedev_fstype" = "squashfs" ] || [ "$livedev_fstype" = "erofs" ]; then
# no mount needed - we've already got the LiveOS image in $livedev
SQUASHED=$livedev
elif [ "$livedev_fstype" != "ntfs" ]; then
@@ -336,7 +336,7 @@ if [ -e "$SQUASHED" ]; then
SQUASHED_LOOPDEV=$(losetup -f)
losetup -r "$SQUASHED_LOOPDEV" $SQUASHED
mkdir -m 0755 -p /run/initramfs/squashfs
- mount -n -t squashfs -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs
+ mount -n -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs
if [ -d /run/initramfs/squashfs/LiveOS ]; then
if [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
--
2.42.0

38
0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch Normal file
View File

@ -0,0 +1,38 @@
From 226de396c97d483380bd0604bfe2ff7f6a2ef48c Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Aug 2024 20:40:15 +0200
Subject: [PATCH 24/32] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Introduce new path for lsinitrd.sh to look into:
/usr/lib/modules/$kver/initramfs.img
Which is valid on all ostree-based systems, and also other image based
systems with pre-generated initramfs.
Ref: https://issues.redhat.com/browse/RHEL-35890
(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282)
Resolves: RHEL-54650
---
lsinitrd.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 6799f938..35314b78 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -125,6 +125,10 @@ find_initrd_for_kernel_version() {
echo "/lib/modules/${kernel_version}/initrd"
elif [[ -f /lib/modules/${kernel_version}/initramfs.img ]]; then
echo "/lib/modules/${kernel_version}/initramfs.img"
+ elif [[ -f /usr/lib/modules/${kernel_version}/initrd ]]; then
+ echo "/usr/lib/modules/${kernel_version}/initrd"
+ elif [[ -f /usr/lib/modules/${kernel_version}/initramfs.img ]]; then
+ echo "/usr/lib/modules/${kernel_version}/initramfs.img"
elif [[ -f /boot/initramfs-${kernel_version}.img ]]; then
echo "/boot/initramfs-${kernel_version}.img"
else
--
2.42.0

6
0029-feat-fips-include-fips-module-unconditionally.patch → 0025-feat-fips-include-fips-module-unconditionally.patch
View File

@ -1,7 +1,7 @@
From 833ca2c3832f1939a9a9729ed66c20d2a5fbf1fa Mon Sep 17 00:00:00 2001 From 3e25517a0d1f0054e69409eb89484879251f47a3 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 19 Aug 2024 09:41:27 +0200 Date: Mon, 19 Aug 2024 09:41:27 +0200
Subject: [PATCH 29/31] feat(fips): include fips module unconditionally Subject: [PATCH 25/32] feat(fips): include fips module unconditionally
rhel-only rhel-only
@ -11,7 +11,7 @@ Resolves: RHEL-39404
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 83fcd564..5ce1f201 100755 index 1e0c9d09..005f0b6d 100755
--- a/modules.d/01fips/module-setup.sh --- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@

8
0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch → 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
View File

@ -1,7 +1,7 @@
From e1ae840425837004bacafe53c53468207aa513e3 Mon Sep 17 00:00:00 2001 From 4dfd0c8de071f074c813a87cc06335fa43e93a9d Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com> From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 8 Aug 2024 00:55:03 +0200 Date: Thu, 8 Aug 2024 00:55:03 +0200
Subject: [PATCH 30/31] fix(nfs): include also entries from Subject: [PATCH 26/32] fix(nfs): include also entries from
/usr/lib/{passwd,group} /usr/lib/{passwd,group}
as those paths are used by bootc instead of the /etc ones. as those paths are used by bootc instead of the /etc ones.
@ -14,14 +14,14 @@ Resolves: RHEL-53431
1 file changed, 9 insertions(+), 2 deletions(-) 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh
index da6549d1..df2d0e05 100755 index fbaeeb00..df2d0e05 100755
--- a/modules.d/95nfs/module-setup.sh --- a/modules.d/95nfs/module-setup.sh
+++ b/modules.d/95nfs/module-setup.sh +++ b/modules.d/95nfs/module-setup.sh
@@ -130,8 +130,15 @@ install() { @@ -130,8 +130,15 @@ install() {
# Rather than copy the passwd file in, just set a user for rpcbind # Rather than copy the passwd file in, just set a user for rpcbind
# We'll save the state and restart the daemon from the root anyway # We'll save the state and restart the daemon from the root anyway
- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" - grep -E '^(nfsnobody|_rpc|rpc|rpcuser):' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd"
- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" - grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group"
+ local _confdir + local _confdir
+ for _confdir in etc usr/lib; do + for _confdir in etc usr/lib; do

14
0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch → 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
View File

@ -1,7 +1,7 @@
From 7a580a481f8b2d2df60a5e7b9da5c4a11ed9ecbf Mon Sep 17 00:00:00 2001 From f26573ec709c7703863e8affdec990b100c25598 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:58:54 +0200 Date: Mon, 26 Aug 2024 15:58:54 +0200
Subject: [PATCH 32/35] revert(dracut-init.sh): add module to mods_to_load Subject: [PATCH 27/32] revert(dracut-init.sh): add module to mods_to_load
before checking dependencies before checking dependencies
Commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before Commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before
@ -25,10 +25,10 @@ Resolves: RHEL-43460
1 file changed, 6 insertions(+), 6 deletions(-) 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dracut-init.sh b/dracut-init.sh diff --git a/dracut-init.sh b/dracut-init.sh
index 5d5fc081..756a0a75 100755 index 3917bb0d..644825c9 100755
--- a/dracut-init.sh --- a/dracut-init.sh
+++ b/dracut-init.sh +++ b/dracut-init.sh
@@ -915,9 +915,6 @@ check_mount() { @@ -924,9 +924,6 @@ check_mount() {
fi fi
fi fi
@ -38,7 +38,7 @@ index 5d5fc081..756a0a75 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added # handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \ [[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -936,6 +933,9 @@ check_mount() { @@ -945,6 +942,9 @@ check_mount() {
fi fi
done done
@ -48,7 +48,7 @@ index 5d5fc081..756a0a75 100755
return 0 return 0
} }
@@ -992,9 +992,6 @@ check_module() { @@ -1001,9 +1001,6 @@ check_module() {
fi fi
fi fi
@ -58,7 +58,7 @@ index 5d5fc081..756a0a75 100755
for _moddep in $(module_depends "$_mod" "$_moddir"); do for _moddep in $(module_depends "$_mod" "$_moddir"); do
# handle deps as if they were manually added # handle deps as if they were manually added
[[ " $dracutmodules " == *\ $_mod\ * ]] \ [[ " $dracutmodules " == *\ $_mod\ * ]] \
@@ -1013,6 +1010,9 @@ check_module() { @@ -1022,6 +1019,9 @@ check_module() {
fi fi
done done

36
0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
View File

@ -1,36 +0,0 @@
From afd17820980728f18a5cc96e794d4c56a8694698 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 16 Aug 2024 20:40:15 +0200
Subject: [PATCH 28/31] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
Introduce new path for lsinitrd.sh to look into:
/usr/lib/modules/$kver/initramfs.img
Which is valid on all ostree-based systems, and also other image based
systems with pre-generated initramfs.
Ref: https://issues.redhat.com/browse/RHEL-35890
(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282)
Resolves: RHEL-54650
---
lsinitrd.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lsinitrd.sh b/lsinitrd.sh
index 952dbc9f..429cce7e 100755
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -136,6 +136,8 @@ else
image="/lib/modules/${KERNEL_VERSION}/initramfs.img"
elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then
image="/boot/initramfs-${KERNEL_VERSION}.img"
+ elif [[ -f /usr/lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then
+ image="/usr/lib/modules/${KERNEL_VERSION}/initramfs.img"
elif [[ $MACHINE_ID ]] \
&& mountpoint -q /efi; then
image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd"
--
2.42.0

10
0033-fix-squash-remove-cyclic-dependency.patch → 0028-fix-squash-remove-cyclic-dependency.patch
View File

@ -1,7 +1,7 @@
From 7e1598536003caf9c6b68e9a4eaf3cef8bfcfeb9 Mon Sep 17 00:00:00 2001 From 043aef3a9dee83818d67697fb6ad203dc3e87c39 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:23:41 +0200 Date: Mon, 26 Aug 2024 15:23:41 +0200
Subject: [PATCH 33/35] fix(squash): remove cyclic dependency Subject: [PATCH 28/32] fix(squash): remove cyclic dependency
With commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load With commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load
before checking dependencies") reverted 99squash can no longer rely on before checking dependencies") reverted 99squash can no longer rely on
@ -36,10 +36,10 @@ Resolves: RHEL-43460
create mode 100755 modules.d/99squash-lib/module-setup.sh create mode 100755 modules.d/99squash-lib/module-setup.sh
diff --git a/dracut.sh b/dracut.sh diff --git a/dracut.sh b/dracut.sh
index 68bdf33b..71568fe0 100755 index 4d2e3df2..db6713a9 100755
--- a/dracut.sh --- a/dracut.sh
+++ b/dracut.sh +++ b/dracut.sh
@@ -1911,7 +1911,7 @@ if [[ $kernel_only != yes ]]; then @@ -1894,7 +1894,7 @@ if [[ $kernel_only != yes ]]; then
fi fi
fi fi
@ -48,7 +48,7 @@ index 68bdf33b..71568fe0 100755
_isize=0 #initramfs size _isize=0 #initramfs size
modules_loaded=" " modules_loaded=" "
@@ -2276,9 +2276,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then @@ -2264,9 +2264,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
dinfo "*** Stripping files done ***" dinfo "*** Stripping files done ***"
fi fi

8
0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch → 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
View File

@ -1,7 +1,7 @@
From 8fe64408bd8349e28b7257f93880527a93c63fa2 Mon Sep 17 00:00:00 2001 From 2ce3f3ff72e608d7a3d42b566f9772393e313df4 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 27 Aug 2024 12:14:40 +0200 Date: Tue, 27 Aug 2024 12:14:40 +0200
Subject: [PATCH 34/35] fix(dracut.sh): exit when installing the squash loader Subject: [PATCH 29/32] fix(dracut.sh): exit when installing the squash loader
fails fails
The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib
@ -21,10 +21,10 @@ Resolves: RHEL-43460
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut.sh b/dracut.sh diff --git a/dracut.sh b/dracut.sh
index 71568fe0..3d73fe43 100755 index db6713a9..c5ef61ad 100755
--- a/dracut.sh --- a/dracut.sh
+++ b/dracut.sh +++ b/dracut.sh
@@ -2278,7 +2278,7 @@ fi @@ -2266,7 +2266,7 @@ fi
if dracut_module_included "squash-lib"; then if dracut_module_included "squash-lib"; then
dinfo "*** Squashing the files inside the initramfs ***" dinfo "*** Squashing the files inside the initramfs ***"

4
0035-fix-squash-lib-harden-against-empty-initdir.patch → 0030-fix-squash-lib-harden-against-empty-initdir.patch
View File

@ -1,7 +1,7 @@
From 85235ab58df8343a1a0314333b360648a5d0f452 Mon Sep 17 00:00:00 2001 From e391c64afd187a81861301c949db5ffd1f9a3e5d Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com> From: Philipp Rudo <prudo@redhat.com>
Date: Mon, 26 Aug 2024 15:29:01 +0200 Date: Mon, 26 Aug 2024 15:29:01 +0200
Subject: [PATCH 35/35] fix(squash-lib): harden against empty $initdir Subject: [PATCH 30/32] fix(squash-lib): harden against empty $initdir
The postinstall phase of 99squash-lib has the potential to delete the The postinstall phase of 99squash-lib has the potential to delete the
whole rootfs if $initdir is empty. This should(tm) never happen. whole rootfs if $initdir is empty. This should(tm) never happen.

158
0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch Normal file
View File

@ -0,0 +1,158 @@
From 626280f62a8f05e68e70b8db81eeffe196642bf3 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 8 Aug 2024 16:43:31 +0200
Subject: [PATCH 31/32] feat(fips-crypto-policies): make c-p follow FIPS mode
automatically
For a system that uses crypto-policies to be switched to FIPS mode
correctly, it needs to be
- booted with `fips=1` on the kernel command line
- switched to the FIPS crypto-policy (or a policy derived from it)
- have the fips dracut module enabled
On older systems, there were additional steps, for example, creating
`/etc/system-fips`.
We have repeatedly seen inconsistencies between those different toggles,
either because the user space tooling to switch between those does not
(for reliability, maintainability, and compliance reasons) undo some of
the steps it does when disabling FIPS mode, or because other
installation methods (bootc, containers, image builder) independently do
some of those steps. Eventually, all of these ended with user confusion.
We can avoid this situation by eliminating the difference by treating
the `fips=1` kernel command line switch as a single source of truth, and
making all others follow automatically. This module provides this for
crypto-policies, by adding bind-mounts before pivot if the system has
not already been switched to a FIPS-based crypto-policy.
This requires some support from the crypto-policies package (because it
needs to deal with the bind mounts when a user calls
`update-crypto-policies --set`), so make it a no-op unless
- `fips=1` is on the kernel command line
- crypto-policies is installed
- crypto-policies supports the bind-mounts (indicated by the presence
of the `default-fips-config` file)
- the policy isn't already FIPS
These checks should make this safe to add to the initramfs on all
current systems.
The bind-mounts also need to happen in the initramfs already, because
systemd links against OpenSSL, and doing them later means that systemd
will start with an OpenSSL configuration that isn't tailored for FIPS.
See also [1], which adds the user space support to crypto-policies,
along with a systemd service that does the same steps in case dracut
hasn't already done them (which is useful for environments that don't
use an initramfs like containers).
[1]: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/191
Signed-off-by: Clemens Lang <cllang@redhat.com>
(cherry picked from commit bd3c1e1cc2f656f7ee4ff47e00ca716d52a86a3d)
Resolves: RHEL-59678
---
.../fips-crypto-policies.sh | 52 +++++++++++++++++++
.../01fips-crypto-policies/module-setup.sh | 27 ++++++++++
2 files changed, 79 insertions(+)
create mode 100755 modules.d/01fips-crypto-policies/fips-crypto-policies.sh
create mode 100755 modules.d/01fips-crypto-policies/module-setup.sh
diff --git a/modules.d/01fips-crypto-policies/fips-crypto-policies.sh b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
new file mode 100755
index 00000000..ff298298
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/sh
+
+type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ] || [ -z "$fipsmode" ]; then
+ # Do nothing if not in FIPS mode
+ return 0
+fi
+
+policyfile=/etc/crypto-policies/config
+fipspolicyfile=/usr/share/crypto-policies/default-fips-config
+backends=/etc/crypto-policies/back-ends
+fipsbackends=/usr/share/crypto-policies/back-ends/FIPS
+
+# When in FIPS mode, check the active crypto policy by reading the
+# $root/etc/crypto-policies/config file. If it is not "FIPS", or does not start
+# with "FIPS:", automatically switch to the FIPS policy by creating
+# bind-mounts.
+
+if ! [ -r "${NEWROOT}${policyfile}" ]; then
+ # No crypto-policies configured, possibly not a system that uses
+ # crypto-policies?
+ return 0
+fi
+
+if ! [ -f "${NEWROOT}${fipspolicyfile}" ]; then
+ # crypto-policies is too old to deal with automatic bind-mounting of the
+ # FIPS policy over the normal policy, do not attempt to do the bind-mount.
+ return 0
+fi
+
+policy=$(cat "${NEWROOT}${policyfile}")
+
+# Remove the largest suffix pattern matching ":*" from the string (i.e., the
+# complete list of active policy modules), then check for FIPS. This is part of
+# POSIX sh (https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_06_02).
+if [ "${policy%%:*}" = "FIPS" ]; then
+ return 0
+fi
+
+# Current crypto policy is not FIPS or FIPS-based, but the system is in FIPS
+# mode; this is an inconsistent configuration. Automatically bind-mount a FIPS
+# configuration over this.
+if ! mount -o bind,ro "${NEWROOT}${fipsbackends}" "${NEWROOT}${backends}"; then
+ warn "Failed to bind-mount FIPS policy over ${backends} (the system is in FIPS mode, but the crypto-policy is not)."
+ # If this bind-mount failed, don't attempt to do the other one to avoid
+ # a system that seems to be in FIPS crypto-policy but actually is not.
+ return 0
+fi
+
+mount -o bind,ro "${NEWROOT}${fipspolicyfile}" "${NEWROOT}${policyfile}" \
+ || warn "Failed to bind-mount FIPS crypto-policy state file over ${policyfile} (the system is in FIPS mode, but the crypto-policy is not)."
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
new file mode 100755
index 00000000..ee00452e
--- /dev/null
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/bash
+
+# called by dracut
+check() {
+ # only enable on systems that use crypto-policies
+ [ -d "$dracutsysrootdir/etc/crypto-policies" ] && return 0
+
+ # include when something else depends on it or it is explicitly requested
+ return 255
+}
+
+# called by dracut
+depends() {
+ return 0
+}
+
+# called by dracut
+installkernel() {
+ return 0
+}
+
+# called by dracut
+install() {
+ inst_hook pre-pivot 01 "$moddir/fips-crypto-policies.sh"
+
+ inst_multiple mount
+}
--
2.42.0

39
0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch
View File

@ -1,39 +0,0 @@
From d18bbc304e838ecf3b888ce4d70f1d96d21821f5 Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri, 7 Jun 2024 11:38:54 -0700
Subject: [PATCH 31/31] fix(dracut-functions): avoid awk in get_maj_min()
The `get_maj_min()` cache lookup is commonly used
across many flows. While `awk` should be available,
some highly constrained environments may not have it.
A second call to `grep` can provide the same behaviour
without adding a dependnecy.
Lines in the cache will be of the form "/dev/sda2 8:2".
`awk '{print $NF}'` returns the last word of a matching line. Since
the initial matching regex is so specific a second call to grep can
easily extract the last word.
(cherry picked commit ec7efd5701e9a1b24f2e85666d625fb1fe46ce86)
Related: RHEL-47145
---
dracut-functions.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index 43d905e3..b4d57454 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -243,7 +243,7 @@ get_maj_min() {
local _out
if [[ $get_maj_min_cache_file ]]; then
- _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')"
+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")"
fi
if ! [[ "$_out" ]]; then
--
2.42.0

34
0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch Normal file
View File

@ -0,0 +1,34 @@
From cd5dbe004652d88b5d73418cba1e45c54ff9fd12 Mon Sep 17 00:00:00 2001
From: Jo Zzsi <jozzsicsataban@gmail.com>
Date: Thu, 5 Sep 2024 09:09:36 -0400
Subject: [PATCH 32/32] fix(fips-crypto-policies): make it depend on fips
dracut module
(cherry picked from commit a2096dafdbfc88eed91ce34b1f4d27e7eb7ca839)
Conflicts:
modules.d/01fips-crypto-policies/module-setup.sh
Due to upstream e6117b92fa0108dbaf9ea3ac0ec8f5a02487c812, which
was not cherry-picked. Resolved the conflict by keeping the
functions (i.e., undoing the cleanup of the upstream commit).
Resolves: RHEL-59678
---
modules.d/01fips-crypto-policies/module-setup.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh
index ee00452e..140eae00 100755
--- a/modules.d/01fips-crypto-policies/module-setup.sh
+++ b/modules.d/01fips-crypto-policies/module-setup.sh
@@ -11,6 +11,7 @@ check() {
# called by dracut
depends() {
+ echo fips
return 0
}
--
2.42.0

98
dracut.spec
View File

@ -7,8 +7,8 @@
%global __requires_exclude pkg-config %global __requires_exclude pkg-config
Name: dracut Name: dracut
Version: 102 Version: 103
Release: 4%{?dist} Release: 1%{?dist}
Summary: Initramfs generator using udev Summary: Initramfs generator using udev
@ -22,111 +22,102 @@ URL: https://github.com/dracut-ng/dracut-ng/wiki/
Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar.gz Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar.gz
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
# feat(hwdb): add hwdb module to install hwdb.bin on demand
# Author: Pavel Valena <pvalena@redhat.com>
Patch1: 0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch
# fix(rngd): install system service file # fix(rngd): install system service file
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch2: 0002-fix-rngd-install-system-service-file.patch Patch1: 0001-fix-rngd-install-system-service-file.patch
# revert: "fix(install.d): correctly install pre-genned image and die if no args" # revert: "fix(install.d): correctly install pre-genned image and die if no args"
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch3: 0003-revert-fix-install.d-correctly-install-pre-genned-im.patch Patch2: 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch
# feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so # feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> # Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch4: 0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch Patch3: 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch
# fix(kernel-install): do not generate an initrd when one was specified # fix(kernel-install): do not generate an initrd when one was specified
# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> # Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Patch5: 0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch Patch4: 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch
# fix(crypt): decryption when rd.luks.name is set
# Author: Laszlo Gombos <laszlo.gombos@gmail.com>
Patch6: 0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch
# fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8 # fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch7: 0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch Patch5: 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch
# revert: "fix(crypt): unlock encrypted devices by default during boot" # revert: "fix(crypt): unlock encrypted devices by default during boot"
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch8: 0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch Patch6: 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch
# fix(90kernel-modules): install blk modules using symbol blk_alloc_disk
# Author: Pavel Valena <pvalena@redhat.com>
Patch9: 0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch
# test: do not force include dash, let sh module make a selection # test: do not force include dash, let sh module make a selection
# Author: Laszlo Gombos <laszlo.gombos@gmail.com> # Author: Laszlo Gombos <laszlo.gombos@gmail.com>
Patch10: 0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch Patch7: 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch
# fix(dracut-functions): allow for \ in get_maj_min file path # fix(dracut-functions): allow for \ in get_maj_min file path
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch11: 0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch Patch8: 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch
# fix(dracut-functions.sh): only return block devices from get_persistent_dev # fix(dracut-functions.sh): only return block devices from get_persistent_dev
# Author: Fabian Vogt <fvogt@suse.de> # Author: Fabian Vogt <fvogt@suse.de>
Patch12: 0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch Patch9: 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch
# feat(systemd*): include systemd config files from /usr/lib/systemd # feat(systemd*): include systemd config files from /usr/lib/systemd
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch13: 0013-feat-systemd-include-systemd-config-files-from-usr-l.patch Patch10: 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch
# fix(resume): always include the resume module # fix(resume): always include the resume module
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch14: 0014-fix-resume-always-include-the-resume-module.patch Patch11: 0011-fix-resume-always-include-the-resume-module.patch
# feat(dracut-init.sh): allow changing the destination directory for inst et al # feat(dracut-init.sh): allow changing the destination directory for inst et al
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch15: 0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch Patch12: 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch
# fix(dracut-init.sh): add module to mods_to_load before checking dependencies # fix(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch16: 0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch Patch13: 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch
# feat(squash): move mksquashfs to 99squash/modules-setup # feat(squash): move mksquashfs to 99squash/modules-setup
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch17: 0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch Patch14: 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch
# feat(squash): split 95squash-squashfs from 99squash # feat(squash): split 95squash-squashfs from 99squash
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch18: 0018-feat-squash-split-95squash-squashfs-from-99squash.patch Patch15: 0015-feat-squash-split-95squash-squashfs-from-99squash.patch
# feat(squash): add module 95squash-erofs # feat(squash): add module 95squash-erofs
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch19: 0019-feat-squash-add-module-95squash-erofs.patch Patch16: 0016-feat-squash-add-module-95squash-erofs.patch
# feat(lsinitrd): add support for erofs images # feat(lsinitrd): add support for erofs images
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch20: 0020-feat-lsinitrd-add-support-for-erofs-images.patch Patch17: 0017-feat-lsinitrd-add-support-for-erofs-images.patch
# feat(dracut-initramfs-restore): unpack erofs images # feat(dracut-initramfs-restore): unpack erofs images
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch21: 0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch Patch18: 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch
# fix(squash): explicitly create required directories # fix(squash): explicitly create required directories
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch22: 0022-fix-squash-explicitly-create-required-directories.patch Patch19: 0019-fix-squash-explicitly-create-required-directories.patch
# fix(squash): use 99busybox instead of installing it manually # fix(squash): use 99busybox instead of installing it manually
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch23: 0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch Patch20: 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch
# feat(dmdquash-live): add support for using erofs
# Author: Brian C. Lane <bcl@redhat.com>
Patch24: 0024-feat-dmdquash-live-add-support-for-using-erofs.patch
# fix(nfs): set correct ownership and permissions for statd directory # fix(nfs): set correct ownership and permissions for statd directory
# Author: Lukas Nykryn <lnykryn@redhat.com> # Author: Lukas Nykryn <lnykryn@redhat.com>
Patch25: 0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch Patch21: 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch
# fix(resume): do not include resume if swap is on netdevice # fix(resume): do not include resume if swap is on netdevice
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch26: 0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch Patch22: 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch
# feat(dracut-init.sh): give --force-add precedence over --omit # feat(dracut-init.sh): give --force-add precedence over --omit
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch27: 0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch Patch23: 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch
# feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ # feat(lsinitrd.sh): look for initrd in /usr/lib/modules/
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch28: 0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch Patch24: 0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch
# feat(fips): include fips module unconditionally # feat(fips): include fips module unconditionally
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch29: 0029-feat-fips-include-fips-module-unconditionally.patch Patch25: 0025-feat-fips-include-fips-module-unconditionally.patch
# fix(nfs): include also entries from /usr/lib/{passwd,group} # fix(nfs): include also entries from /usr/lib/{passwd,group}
# Author: Pavel Valena <pvalena@redhat.com> # Author: Pavel Valena <pvalena@redhat.com>
Patch30: 0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch Patch26: 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch
# fix(dracut-functions): avoid awk in get_maj_min()
# Author: Daniel McIlvaney <damcilva@microsoft.com>
Patch31: 0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch
# revert(dracut-init.sh): add module to mods_to_load before checking dependencies # revert(dracut-init.sh): add module to mods_to_load before checking dependencies
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch32: 0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch Patch27: 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch
# fix(squash): remove cyclic dependency # fix(squash): remove cyclic dependency
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch33: 0033-fix-squash-remove-cyclic-dependency.patch Patch28: 0028-fix-squash-remove-cyclic-dependency.patch
# fix(dracut.sh): exit when installing the squash loader fails # fix(dracut.sh): exit when installing the squash loader fails
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch34: 0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch Patch29: 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch
# fix(squash-lib): harden against empty $initdir # fix(squash-lib): harden against empty $initdir
# Author: Philipp Rudo <prudo@redhat.com> # Author: Philipp Rudo <prudo@redhat.com>
Patch35: 0035-fix-squash-lib-harden-against-empty-initdir.patch Patch30: 0030-fix-squash-lib-harden-against-empty-initdir.patch
# feat(fips-crypto-policies): make c-p follow FIPS mode automatically
# Author: Clemens Lang <cllang@redhat.com>
Patch31: 0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch
# fix(fips-crypto-policies): make it depend on fips dracut module
# Author: Jo Zzsi <jozzsicsataban@gmail.com>
Patch32: 0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch
# Please use source-git to work with this spec file: # Please use source-git to work with this spec file:
# HowTo: https://packit.dev/source-git/work-with-source-git # HowTo: https://packit.dev/source-git/work-with-source-git
@ -140,6 +131,7 @@ BuildRequires: gcc
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: systemd BuildRequires: systemd
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: cargo
%if %{with doc} %if %{with doc}
BuildRequires: docbook-style-xsl docbook-dtds libxslt BuildRequires: docbook-style-xsl docbook-dtds libxslt
@ -151,6 +143,8 @@ Provides: dracut-fips = %{version}-%{release}
Obsoletes: dracut-fips-aesni <= 047 Obsoletes: dracut-fips-aesni <= 047
Provides: dracut-fips-aesni = %{version}-%{release} Provides: dracut-fips-aesni = %{version}-%{release}
Provides: bundled(crate(crosvm)) = 0.1.0
Requires: bash >= 4 Requires: bash >= 4
Requires: coreutils Requires: coreutils
Requires: cpio Requires: cpio
@ -264,6 +258,7 @@ cp %{SOURCE1} .
%configure --systemdsystemunitdir=%{_unitdir} \ %configure --systemdsystemunitdir=%{_unitdir} \
--bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) \ --bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) \
--libdir=%{_prefix}/lib \ --libdir=%{_prefix}/lib \
--enable-dracut-cpio \
%if %{without doc} %if %{without doc}
--disable-documentation \ --disable-documentation \
%endif %endif
@ -332,6 +327,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/dracut-install %{dracutlibdir}/dracut-install
%{dracutlibdir}/dracut-util %{dracutlibdir}/dracut-util
%{dracutlibdir}/skipcpio %{dracutlibdir}/skipcpio
%{dracutlibdir}/dracut-cpio
%config(noreplace) %{_sysconfdir}/dracut.conf %config(noreplace) %{_sysconfdir}/dracut.conf
%{dracutlibdir}/dracut.conf.d/01-dist.conf %{dracutlibdir}/dracut.conf.d/01-dist.conf
%dir %{_sysconfdir}/dracut.conf.d %dir %{_sysconfdir}/dracut.conf.d
@ -357,6 +353,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/00warpclock %{dracutlibdir}/modules.d/00warpclock
%endif %endif
%{dracutlibdir}/modules.d/01fips %{dracutlibdir}/modules.d/01fips
%{dracutlibdir}/modules.d/01fips-crypto-policies
%{dracutlibdir}/modules.d/01systemd-ac-power %{dracutlibdir}/modules.d/01systemd-ac-power
%{dracutlibdir}/modules.d/01systemd-ask-password %{dracutlibdir}/modules.d/01systemd-ask-password
%{dracutlibdir}/modules.d/01systemd-bsod %{dracutlibdir}/modules.d/01systemd-bsod
@ -535,6 +532,13 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
%changelog %changelog
* Fri Nov 01 2024 Pavel Valena <pvalena@redhat.com> - 103-1
- Update to dracut 103.
- spec: nable dracut-cpio binary
- feat(fips-crypto-policies): make c-p follow FIPS mode automatically
- fix(fips-crypto-policies): make it depend on fips dracut module
Resolves: RHEL-59678,RHEL-65204
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 102-4 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 102-4
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018

2
sources
View File

@ -1 +1 @@
SHA512 (102.tar.gz) = 463ad75f0508392431d58796763a41accf5a1dc17fe27d36e37d588153ca9c5b32b453faa9149524ea2dc2906805126d1e023feecb6554206595a972508f6a32 SHA512 (103.tar.gz) = ba0dbefbcbecb09c44ce240664bc4f4ee25dfb8be7bc060028ae3b1ccf7d70410491c105e64fcef3d6f44d2794cb6162bcea9404125906be46bf3dff098e0277