diff --git a/SOURCES/0053.patch b/SOURCES/0053.patch new file mode 100644 index 0000000..67d242f --- /dev/null +++ b/SOURCES/0053.patch @@ -0,0 +1,31 @@ +From 2dcfc99c645aaeef3811e5278c399e4f78d9ce4c Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sat, 14 Oct 2023 23:45:57 +0200 +Subject: [PATCH] feat(systemd): install systemd-executor + +In [0] systemd gained a new binary - systemd-executor - that's used to +spawn processes forked off systemd. Let's copy it into the initrd if +it's available. + +[0] https://github.com/systemd/systemd/pull/27890 + +(cherry picked from commit bee1c4824a8cd47ce6c01892a548bdc07b1fa678) + +Related: RHEL-30581 +--- + modules.d/00systemd/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 2a4fe4ba..a4397249 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -34,6 +34,7 @@ install() { + "$systemdutildir"/systemd \ + "$systemdutildir"/systemd-coredump \ + "$systemdutildir"/systemd-cgroups-agent \ ++ "$systemdutildir"/systemd-executor \ + "$systemdutildir"/systemd-shutdown \ + "$systemdutildir"/systemd-reply-password \ + "$systemdutildir"/systemd-fsck \ + diff --git a/SOURCES/0054.patch b/SOURCES/0054.patch new file mode 100644 index 0000000..b563684 --- /dev/null +++ b/SOURCES/0054.patch @@ -0,0 +1,124 @@ +From 92bda68884b321195436729b7fcf19ada342c0a9 Mon Sep 17 00:00:00 2001 +From: Laszlo Gombos +Date: Thu, 10 Nov 2022 14:20:42 +0000 +Subject: [PATCH] test: use -device instead of -watchdog to remove qemu + warnings + +(cherry picked from commit 9f6b4e53367be20b2295b77800c73b2614530559) + +Related: RHEL-30581 +--- + test/TEST-01-BASIC/test.sh | 2 +- + test/TEST-03-USR-MOUNT/test.sh | 2 +- + test/TEST-20-NFS/test.sh | 4 ++-- + test/TEST-50-MULTINIC/test.sh | 4 ++-- + test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh | 4 ++-- + test/TEST-63-DRACUT-CPIO/test.sh | 2 +- + 6 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh +index 390089b6..9f98af2c 100755 +--- a/test/TEST-01-BASIC/test.sh ++++ b/test/TEST-01-BASIC/test.sh +@@ -17,7 +17,7 @@ test_run() { + + "$testdir"/run-qemu \ + "${disk_args[@]}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot \"root=LABEL= rdinit=/bin/sh\" rw systemd.log_level=debug systemd.log_target=console rd.retry=3 rd.debug console=ttyS0,115200n81 rd.shell=0 $DEBUGFAIL" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-03-USR-MOUNT/test.sh b/test/TEST-03-USR-MOUNT/test.sh +index 5cb61bce..57157bc0 100755 +--- a/test/TEST-03-USR-MOUNT/test.sh ++++ b/test/TEST-03-USR-MOUNT/test.sh +@@ -25,7 +25,7 @@ client_run() { + + "$testdir"/run-qemu \ + "${disk_args[@]}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot root=LABEL=dracut $client_opts loglevel=7 rd.retry=3 rd.info console=ttyS0,115200n81 selinux=0 rd.debug rd.shell=0 $DEBUGFAIL" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-20-NFS/test.sh b/test/TEST-20-NFS/test.sh +index 0be60a80..0821dc84 100755 +--- a/test/TEST-20-NFS/test.sh ++++ b/test/TEST-20-NFS/test.sh +@@ -33,7 +33,7 @@ run_server() { + -net socket,listen=127.0.0.1:12320 \ + -net nic,macaddr=52:54:00:12:34:56,model=e1000 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0 $SERVER_DEBUG" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -78,7 +78,7 @@ client_test() { + "${disk_args[@]}" \ + -net nic,macaddr="$mac",model=e1000 \ + -net socket,connect=127.0.0.1:12320 \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot rd.shell=0 $cmdline $DEBUGFAIL rd.retry=10 quiet ro console=ttyS0,115200n81 selinux=0" \ + -initrd "$TESTDIR"/initramfs.testing + +diff --git a/test/TEST-50-MULTINIC/test.sh b/test/TEST-50-MULTINIC/test.sh +index 81b1f685..47408983 100755 +--- a/test/TEST-50-MULTINIC/test.sh ++++ b/test/TEST-50-MULTINIC/test.sh +@@ -31,7 +31,7 @@ run_server() { + -net socket,listen=127.0.0.1:12350 \ + -net nic,macaddr=52:54:01:12:34:56,model=e1000 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -85,7 +85,7 @@ client_test() { + -netdev hubport,id=n2,hubid=2 \ + -device e1000,netdev=n1,mac=52:54:00:12:34:98 \ + -device e1000,netdev=n2,mac=52:54:00:12:34:99 \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "quiet panic=1 oops=panic softlockup_panic=1 systemd.crash_reboot rd.shell=0 $cmdline $DEBUGFAIL rd.retry=5 ro console=ttyS0,115200n81 selinux=0 init=/sbin/init rd.debug systemd.log_target=console" \ + -initrd "$TESTDIR"/initramfs.testing || return 1 + +diff --git a/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh b/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh +index 309600d4..8f9f0cfd 100755 +--- a/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh ++++ b/test/TEST-60-BONDBRIDGEVLANIFCFG/test.sh +@@ -35,7 +35,7 @@ run_server() { + -device virtio-net-pci,netdev=n3,mac=52:54:01:12:34:59 \ + -hda "$TESTDIR"/server.ext3 \ + -serial "${SERIAL:-"file:$TESTDIR/server.log"}" \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append "panic=1 oops=panic softlockup_panic=1 loglevel=7 root=LABEL=dracut rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0 rd.debug" \ + -initrd "$TESTDIR"/initramfs.server \ + -pidfile "$TESTDIR"/server.pid -daemonize || return 1 +@@ -90,7 +90,7 @@ client_test() { + -netdev socket,connect=127.0.0.1:12372,id=n2 -device virtio-net-pci,mac=52:54:00:12:34:04,netdev=n2 \ + "${nic3[@]}" -device virtio-net-pci,mac=52:54:00:12:34:05,netdev=n3 \ + -hda "$TESTDIR"/client.img \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -append " + panic=1 oops=panic softlockup_panic=1 + ifname=net1:52:54:00:12:34:01 +diff --git a/test/TEST-63-DRACUT-CPIO/test.sh b/test/TEST-63-DRACUT-CPIO/test.sh +index 8e319bf2..be93cfb5 100755 +--- a/test/TEST-63-DRACUT-CPIO/test.sh ++++ b/test/TEST-63-DRACUT-CPIO/test.sh +@@ -39,7 +39,7 @@ EOF + || return 1 + + "$testdir"/run-qemu \ +- -watchdog i6300esb -watchdog-action poweroff \ ++ -device i6300esb -watchdog-action poweroff \ + -daemonize -pidfile "$tdir/vm.pid" \ + -serial "file:$tdir/console.out" \ + -append "panic=1 oops=panic softlockup_panic=1 loglevel=7 console=ttyS0 rd.shell=1" \ + diff --git a/SOURCES/0055.patch b/SOURCES/0055.patch new file mode 100644 index 0000000..10b39d0 --- /dev/null +++ b/SOURCES/0055.patch @@ -0,0 +1,52 @@ +From 55108a3a24a1780f6d5273a3e97dbdeb7d2c75c0 Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Thu, 23 May 2024 14:20:43 +0200 +Subject: [PATCH] fix(fips): remove /dev/{random,urandom} pre-creation + +Random device nodes were required to workaround libgcrypt initialization +problem (see https://bugzilla.redhat.com/show_bug.cgi?id=1401444) which +is gone since libgcrypt-1.10 (2022): modern Linux kernels (3.17+) support +getrandom() syscall and libgcrypt has switch to using getentropy() +(glibc-2.25+). + +The requirement to run dracut as root (which is needed to mknod +/dev/{random,urandom}) is a particular problem for building UKIs in distro +build systems where packages are not built by a privileged user. + +Note, dracut itself always pre-creates /dev/{null,kmsg,console,random,urandom} +devices when running privileged so the patch has no effect on 'traditional' +setup. + +Signed-off-by: Vitaly Kuznetsov + +(Cherry-picked commit: 62f907e9eb3147ad8603953ec3cf29673d4fae79) + +Resolves: RHEL-38830 +--- + modules.d/01fips/module-setup.sh | 12 ------------ + 1 file changed, 12 deletions(-) + +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 7ff5e640..1dc7ea33 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -70,18 +70,6 @@ install() { + inst_multiple sha512hmac rmmod insmod mount uname umount grep sed sort + + inst_simple /etc/system-fips +- [ -c "${initdir}"/dev/random ] || mknod "${initdir}"/dev/random c 1 8 \ +- || { +- dfatal "Cannot create /dev/random" +- dfatal "To create an initramfs with fips support, dracut has to run as root" +- return 1 +- } +- [ -c "${initdir}"/dev/urandom ] || mknod "${initdir}"/dev/urandom c 1 9 \ +- || { +- dfatal "Cannot create /dev/urandom" +- dfatal "To create an initramfs with fips support, dracut has to run as root" +- return 1 +- } + + # if we have openssl we need to install their fips library and configuration + [ -x /usr/bin/openssl ] && { + diff --git a/SOURCES/0056.patch b/SOURCES/0056.patch new file mode 100644 index 0000000..f54bb83 --- /dev/null +++ b/SOURCES/0056.patch @@ -0,0 +1,25 @@ +From 99c1c91a3b1f7c0ba417ecdea4cab8f1a424fabe Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Fri, 29 Nov 2019 13:29:23 +0100 +Subject: [PATCH] fix(systemd): always include sg module + +RHEL-only +Resolves: RHEL-32853 +--- + modules.d/00systemd/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index a4397249..27d2180d 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -17,7 +17,7 @@ depends() { + } + + installkernel() { +- hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256 ++ hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256 sg + instmods -s efivarfs + } + + diff --git a/SOURCES/0057.patch b/SOURCES/0057.patch new file mode 100644 index 0000000..15d3b69 --- /dev/null +++ b/SOURCES/0057.patch @@ -0,0 +1,149 @@ +From ab2711df3d85aee7fe5c9cbe018c1a08113e3481 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 23 Nov 2022 14:22:21 +0100 +Subject: [PATCH] fix(fips): do not blindly remove /boot + +The `mount_boot` method called from fips-noboot.sh in the pre-pivot hook blindly +executes `rm -rf /boot` if there is no `boot=` command line parameter, without +first checking that /boot is not already mounted by other means. + +feat(fips): add progress messages + +This allows to better understand at what point a FIPS integrity test failed. + +Signed-off-by: Raymund Will + +fix(fips): only unmount /boot if it was mounted by the fips module + +The `do_fips` method should only unmount /boot if it was mounted in the +`mount_boot` method. + +In addition, now the `mount_boot` method checks if /boot is already mounted. + +Signed-off-by: Raymund Will + +fix(fips): move fips-boot script to pre-pivot + +This is needed in s390x to be able to use the same `boot=` command line +parameter in grub and zipl. Otherwise, `boot=` would need to be added only to +`grub.cfg` (not `/etc/default/grub` and thereby not to `/boot/zipl/config`). + +Signed-off-by: Raymund Will + +(Cherry-picked commits: + 91974e8ff116c7fd9f99963780dba501535700f5 + a71e518fa1f14a9b96ae62ce90714ccd7d307d97 + 1cdb4cb8b5fb7f74e5be6998f9b561fbf73909e0 + cd2a1d4571b2f768f2b67d03fd77191795042402) + +Resolves: RHEL-45913 +--- + modules.d/01fips/fips-boot.sh | 2 ++ + modules.d/01fips/fips-load-crypto.sh | 2 ++ + modules.d/01fips/fips-noboot.sh | 2 ++ + modules.d/01fips/fips.sh | 21 +++++++++++++++++++-- + modules.d/01fips/module-setup.sh | 2 +- + 5 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/modules.d/01fips/fips-boot.sh b/modules.d/01fips/fips-boot.sh +index 031d169a..34760e01 100755 +--- a/modules.d/01fips/fips-boot.sh ++++ b/modules.d/01fips/fips-boot.sh +@@ -8,7 +8,9 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + elif getarg boot= > /dev/null; then + . /sbin/fips.sh ++ fips_info "fips-boot: start" + if mount_boot; then + do_fips || die "FIPS integrity test failed" + fi ++ fips_info "fips-boot: done!" + fi +diff --git a/modules.d/01fips/fips-load-crypto.sh b/modules.d/01fips/fips-load-crypto.sh +index 21e99278..6ef42b95 100644 +--- a/modules.d/01fips/fips-load-crypto.sh ++++ b/modules.d/01fips/fips-load-crypto.sh +@@ -8,5 +8,7 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + else + . /sbin/fips.sh ++ fips_info "fips-load-crypto: start" + fips_load_crypto || die "FIPS integrity test failed" ++ fips_info "fips-load-crypto: done!" + fi +diff --git a/modules.d/01fips/fips-noboot.sh b/modules.d/01fips/fips-noboot.sh +index f00c2f32..963a034d 100755 +--- a/modules.d/01fips/fips-noboot.sh ++++ b/modules.d/01fips/fips-noboot.sh +@@ -8,6 +8,8 @@ elif [ -z "$fipsmode" ]; then + die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" + elif ! [ -f /tmp/fipsdone ]; then + . /sbin/fips.sh ++ fips_info "fips-noboot: start" + mount_boot + do_fips || die "FIPS integrity test failed" ++ fips_info "fips-noboot: done!" + fi +diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh +index 6ad61df8..05631c8a 100755 +--- a/modules.d/01fips/fips.sh ++++ b/modules.d/01fips/fips.sh +@@ -18,6 +18,15 @@ mount_boot() { + boot=$(getarg boot=) + + if [ -n "$boot" ]; then ++ if [ -d /boot ] && ismounted /boot; then ++ boot_dev= ++ if command -v findmnt > /dev/null; then ++ boot_dev=$(findmnt -n -o SOURCE /boot) ++ fi ++ fips_info "Ignoring 'boot=$boot' as /boot is already mounted ${boot_dev:+"from '$boot_dev'"}" ++ return 0 ++ fi ++ + case "$boot" in + LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) + boot="$(label_uuid_to_dev "$boot")" +@@ -47,10 +56,13 @@ mount_boot() { + mkdir -p /boot + fips_info "Mounting $boot as /boot" + mount -oro "$boot" /boot || return 1 +- elif [ -d "$NEWROOT/boot" ]; then ++ FIPS_MOUNTED_BOOT=1 ++ elif ! ismounted /boot && [ -d "$NEWROOT/boot" ]; then + # shellcheck disable=SC2114 + rm -fr -- /boot + ln -sf "$NEWROOT/boot" /boot ++ else ++ die "You have to specify boot= as a boot option for fips=1" + fi + } + +@@ -179,7 +191,12 @@ do_fips() { + + : > /tmp/fipsdone + +- umount /boot > /dev/null 2>&1 ++ if [ "$FIPS_MOUNTED_BOOT" = 1 ]; then ++ fips_info "Unmounting /boot" ++ umount /boot > /dev/null 2>&1 ++ else ++ fips_info "Not unmounting /boot" ++ fi + + return 0 + } +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 1dc7ea33..91612ff3 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -62,7 +62,7 @@ installkernel() { + + # called by dracut + install() { +- inst_hook pre-mount 01 "$moddir/fips-boot.sh" ++ inst_hook pre-pivot 00 "$moddir/fips-boot.sh" + inst_hook pre-pivot 01 "$moddir/fips-noboot.sh" + inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh" + inst_script "$moddir/fips.sh" /sbin/fips.sh + diff --git a/SOURCES/0058.patch b/SOURCES/0058.patch new file mode 100644 index 0000000..f586680 --- /dev/null +++ b/SOURCES/0058.patch @@ -0,0 +1,263 @@ +From c8bc80643d4a6c0ef27c48e680907d6fd3c888cc Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 12 Feb 2024 16:58:16 +0100 +Subject: [PATCH] ci: enable source-git automation + +- commit validation +- pull request validation +- tracker validation +- automatic merging + +rhel-only + +Related: RHEL-30581 +--- + .github/advanced-commit-linter.yml | 17 ++++++ + .github/auto-merge.yml | 4 ++ + .github/pull-request-validator.yml | 4 ++ + .github/tracker-validator.yml | 28 +++++++++ + .github/workflows/gather-metadata.yml | 28 +++++++++ + .../workflows/source-git-automation-on-demand.yml | 70 ++++++++++++++++++++++ + .github/workflows/source-git-automation.yml | 46 ++++++++++++++ + 7 files changed, 197 insertions(+) + +diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml +new file mode 100644 +index 00000000..0180ef07 +--- /dev/null ++++ b/.github/advanced-commit-linter.yml +@@ -0,0 +1,17 @@ ++policy: ++ cherry-pick: ++ upstream: ++ - github: dracutdevs/dracut ++ exception: ++ note: ++ - rhel-only ++ - RHEL-only ++ tracker: ++ - keyword: ++ - 'Resolves: ' ++ - 'Related: ' ++ - 'Reverts: ' ++ type: jira ++ issue-format: ++ - 'RHEL-\d+$' ++ url: 'https://issues.redhat.com/browse/' +diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml +new file mode 100644 +index 00000000..35c25392 +--- /dev/null ++++ b/.github/auto-merge.yml +@@ -0,0 +1,4 @@ ++labels: ++ dont-merge: dont-merge ++ manual-merge: pr/needs-manual-merge ++target-branch': ['main'] +diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml +new file mode 100644 +index 00000000..4bb5bbec +--- /dev/null ++++ b/.github/pull-request-validator.yml +@@ -0,0 +1,4 @@ ++labels: ++ missing-review: pr/needs-review ++ changes-requested: pr/changes-requested ++ missing-failing-ci: pr/needs-ci +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +new file mode 100644 +index 00000000..f88cc0a5 +--- /dev/null ++++ b/.github/tracker-validator.yml +@@ -0,0 +1,28 @@ ++labels: ++ missing-tracker: tracker/missing ++ invalid-product: tracker/invalid-product ++ invalid-component: tracker/invalid-component ++ unapproved: tracker/unapproved ++products: ++ - Red Hat Enterprise Linux 9 ++ - CentOS Stream 9 ++ - rhel-9.0.0 ++ - rhel-9.0.0.z ++ - rhel-9.2.0 ++ - rhel-9.2.0.z ++ - rhel-9.3.0 ++ - rhel-9.3.0.z ++ - rhel-9.4.0 ++ - rhel-9.4.0.z ++ - rhel-9.5.0 ++ - rhel-9.5.0.z ++ - rhel-9.6.0 ++ - rhel-9.6.0.z ++ - rhel-9.7.0 ++ - rhel-9.7.0.z ++ - rhel-9.8.0 ++ - rhel-9.8.0.z ++ - rhel-9.9.0 ++ - rhel-9.9.0.z ++ - rhel-9.10.0 ++ - rhel-9.10.0.z +diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml +new file mode 100644 +index 00000000..e4cbc486 +--- /dev/null ++++ b/.github/workflows/gather-metadata.yml +@@ -0,0 +1,28 @@ ++name: Gather Pull Request Metadata ++on: ++ pull_request: ++ types: [ opened, reopened, synchronize ] ++ branches: ++ - main ++ - rhel-9.* ++ ++permissions: ++ contents: read ++ ++jobs: ++ gather-metadata: ++ runs-on: ubuntu-latest ++ ++ steps: ++ - name: Repository checkout ++ uses: actions/checkout@v4 ++ ++ - id: Metadata ++ name: Gather Pull Request Metadata ++ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 ++ ++ - name: Upload artifact with gathered metadata ++ uses: actions/upload-artifact@v3 ++ with: ++ name: pr-metadata ++ path: ${{ steps.Metadata.outputs.metadata-file }} +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +new file mode 100644 +index 00000000..8a3a366e +--- /dev/null ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -0,0 +1,70 @@ ++name: Source git Automation Scheduled/On Demand ++on: ++ schedule: ++ # Workflow runs every 45 minutes ++ - cron: '*/45 * * * *' ++ workflow_dispatch: ++ inputs: ++ pr-number: ++ description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs' ++ required: true ++ default: '0' ++ ++permissions: ++ contents: read ++ ++jobs: ++ # Get all open PRs ++ gather-pull-requests: ++ if: github.repository == 'redhat-plumbers/dracut-rhel9' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-numbers: ${{ steps.get-pr-numbers.outputs.result }} ++ pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }} ++ ++ steps: ++ - id: get-pr-numbers ++ if: inputs.pr-number == '0' ++ name: Get all open PRs ++ uses: actions/github-script@v6 ++ with: ++ # !FIXME: this is not working if there is more than 100 PRs opened ++ script: | ++ const { data: pullRequests } = await github.rest.pulls.list({ ++ owner: context.repo.owner, ++ repo: context.repo.repo, ++ state: 'open', ++ per_page: 100 ++ }); ++ return pullRequests.map(pr => pr.number); ++ - id: parse-manual-input ++ if: inputs.pr-number != '0' ++ name: Parse manual input ++ run: | ++ echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT ++ shell: bash ++ ++ validate-pr: ++ name: 'Validation of Pull Request #${{ matrix.pr-number }}' ++ needs: [ gather-pull-requests ] ++ runs-on: ubuntu-latest ++ ++ strategy: ++ fail-fast: false ++ matrix: ++ pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} ++ ++ permissions: ++ # required for merging PRs ++ contents: write ++ # required for PR comments and setting labels ++ pull-requests: write ++ ++ steps: ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 ++ with: ++ pr-number: ${{ matrix.pr-number }} ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +new file mode 100644 +index 00000000..025ee84d +--- /dev/null ++++ b/.github/workflows/source-git-automation.yml +@@ -0,0 +1,46 @@ ++name: Source git Automation ++on: ++ workflow_run: ++ workflows: [ Gather Pull Request Metadata ] ++ types: ++ - completed ++ ++permissions: ++ contents: read ++ ++jobs: ++ download-metadata: ++ if: > ++ github.event.workflow_run.event == 'pull_request' && ++ github.event.workflow_run.conclusion == 'success' && ++ github.repository == 'redhat-plumbers/dracut-rhel9' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }} ++ ++ steps: ++ - id: Artifact ++ name: Download Artifact ++ uses: redhat-plumbers-in-action/download-artifact@v1 ++ with: ++ name: pr-metadata ++ ++ source-git-automation: ++ needs: [ download-metadata ] ++ runs-on: ubuntu-latest ++ ++ permissions: ++ # required for merging PRs ++ contents: write ++ # required for PR comments and setting labels ++ pull-requests: write ++ ++ ++ steps: ++ - name: Source-git Automation ++ uses: redhat-plumbers-in-action/source-git-automation@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ jira-api-token: ${{ secrets.JIRA_API_TOKEN }} ++ token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/SOURCES/0059.patch b/SOURCES/0059.patch new file mode 100644 index 0000000..f08228b --- /dev/null +++ b/SOURCES/0059.patch @@ -0,0 +1,679 @@ +From 30e7e5091666e10cce70b90057ccd85289609bd7 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 2 Jan 2024 17:10:11 +0100 +Subject: [PATCH] fix(github): update format of labeler + +Since we are using `actions/labeler@main`, its format changed, displaying the +following error with every new PR: + +``` +Run actions/labeler@main +The configuration file (path: .github/labeler.yml) was not found locally, fetching via the api +Error: Error: found unexpected type for label 'repository' (should be array of config options) +Error: found unexpected type for label 'repository' (should be array of config options) +``` + +(cherry picked from commit de8ac6300d115a05d467dbb6b9a7c2599a2d306f) + +Related: RHEL-30581 +--- + .github/labeler.yml | 460 ++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 358 insertions(+), 102 deletions(-) + +diff --git a/.github/labeler.yml b/.github/labeler.yml +index 1c787a58..0dcc06d4 100644 +--- a/.github/labeler.yml ++++ b/.github/labeler.yml +@@ -1,293 +1,549 @@ + repository: +- - ./* ++ - changed-files: ++ - any-glob-to-any-file: './*' + + github: +- - .github/* +- - .github/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['.github/*', '.github/**/*'] ++ ++docs: ++ - changed-files: ++ - any-glob-to-any-file: 'docs/*' ++ ++man: ++ - changed-files: ++ - any-glob-to-any-file: 'man/*' ++ ++kernel-install: ++ - changed-files: ++ - any-glob-to-any-file: 'install.d/*' ++ ++shell-completion: ++ - changed-files: ++ - any-glob-to-any-file: ['shell-completion/*', 'shell-completion/**/*'] ++ ++dracut-cpio: ++ - changed-files: ++ - any-glob-to-any-file: ['src/dracut-cpio/*', 'src/dracut-cpio/**/*'] + + dracut-install: +- - install/* +- - install/**/* ++ - changed-files: ++ - any-glob-to-any-file: 'src/install/*' ++ ++dracut-util: ++ - changed-files: ++ - any-glob-to-any-file: 'src/util/*' + +-example: +- - examples/* +- - examples/**/* +- - examples/**/**/* ++logtee: ++ - changed-files: ++ - any-glob-to-any-file: 'src/logtee/*' ++ ++skipcpio: ++ - changed-files: ++ - any-glob-to-any-file: 'src/skipcpio/*' + + modules: +- - modules.d/* +- - modules.d/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['modules.d/*', 'modules.d/**/*'] + + bash: +- - modules.d/00bash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00bash/*' + + bootchart: + - modules.d/00bootchart/* + + dash: +- - modules.d/00dash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00dash/*' + + mksh: +- - modules.d/00mksh/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00mksh/*' + + systemd: +- - modules.d/00systemd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00systemd/*' + + warpclock: +- - modules.d/00warpclock/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/00warpclock/*' + + fips: +- - modules.d/01fips/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01fips/*' ++ ++systemd-ac-power: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ac-power/*' ++ ++systemd-ask-password: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ask-password/*' ++ ++systemd-coredump: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-coredump/*' ++ ++systemd-creds: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-creds/*' ++ ++systemd-hostnamed: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-hostnamed/*' + + systemd-initrd: +- - modules.d/01systemd-initrd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-initrd/*' + +-caps: +- - modules.d/02caps/* ++systemd-integritysetup: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-integritysetup/*' ++ ++systemd-journald: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-journald/*' ++ ++systemd-ldconfig: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-ldconfig/*' ++ ++systemd-modules-load: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-modules-load/*' + + systemd-networkd: +- - modules.d/02systemd-networkd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-networkd/*' ++ ++systemd-pcrphase: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-pcrphase/*' ++ ++systemd-portabled: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-portabled/*' ++ ++systemd-pstore: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-pstore/*' ++ ++systemd-repart: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-repart/*' ++ ++systemd-resolved: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-resolved/*' ++ ++systemd-sysctl: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysctl/*' ++ ++systemd-sysext: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysext/*' ++ ++systemd-sysusers: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-sysusers/*' ++ ++systemd-timedated: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-timedated/*' ++ ++systemd-timesyncd: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-timesyncd/*' ++ ++systemd-tmpfiles: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-tmpfiles/*' ++ ++systemd-udevd: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-udevd/*' ++ ++systemd-veritysetup: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/01systemd-veritysetup/*' ++ ++caps: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/02caps/*' + + modsign: +- - modules.d/03modsign/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/03modsign/*' + + rescue: +- - modules.d/03rescue/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/03rescue/*' + + watchdog: +- - modules.d/04watchdog/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/04watchdog/*' ++ ++watchdog-modules: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/04watchdog-modules/*' + + busybox: +- - modules.d/05busybox/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/05busybox/*' ++ ++dbus-broker: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06dbus-broker/*' ++ ++dbus-daemon: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06dbus-daemon/*' + + rngd: +- - modules.d/06rngd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/06rngd/*' ++ ++dbus: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/09dbus/*' + + i18n: +- - modules.d/10i18n/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/10i18n/*' + + convertfs: +- - modules.d/30convertfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/30convertfs/*' ++ ++connman: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35connman/*' + + network-legacy: +- - modules.d/35network-legacy/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35network-legacy/*' + + network-manager: +- - modules.d/35network-manager/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/35network-manager/*' + + network: +- - modules.d/40network/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/40network/*' + + ifcfg: +- - modules.d/45ifcfg/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/45ifcfg/*' + + url-lib: +- - modules.d/45url-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/45url-lib/*' + + drm: +- - modules.d/50drm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/50drm/*' + + plymouth: +- - modules.d/50plymouth/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/50plymouth/*' ++ ++bluetooth: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/62bluetooth/*' + + cms: +- - modules.d/80cms/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80cms/*' + + lvmmerge: +- - modules.d/80lvmmerge/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80lvmmerge/*' ++ ++lvmthinpool-monitor: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/80lvmthinpool-monitor/*' + + cio_ignore: +- - modules.d/81cio_ignore/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/81cio_ignore/*' + + btrfs: +- - modules.d/90btrfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90btrfs/*' + + crypt: +- - modules.d/90crypt/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90crypt/*' + + dm: +- - modules.d/90dm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dm/*' + + dmraid: +- - modules.d/90dmraid/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmraid/*' + + dmsquash-live: +- - modules.d/90dmsquash-live/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live/*' ++ ++dmsquash-live-autooverlay: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live-autooverlay/*' + + dmsquash-live-ntfs: +- - modules.d/90dmsquash-live-ntfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90dmsquash-live-ntfs/*' + + kernel-modules: +- - modules.d/90kernel-modules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-modules/*' + + kernel-modules-extra: +- - modules.d/90kernel-modules-extra/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-modules-extra/*' + + kernel-network-modules: +- - modules.d/90kernel-network-modules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90kernel-network-modules/*' + + livenet: +- - modules.d/90livenet/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90livenet/*' + + lvm: +- - modules.d/90lvm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90lvm/*' + + mdraid: +- - modules.d/90mdraid/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90mdraid/*' + + multipath: +- - modules.d/90multipath/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90multipath/*' + + nvdimm: +- - modules.d/90nvdimm/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90nvdimm/*' ++ ++overlayfs: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90overlayfs/*' + + ppcmac: +- - modules.d/90ppcmac/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90ppcmac/*' + + qemu: +- - modules.d/90qemu/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90qemu/*' + + qemu-net: +- - modules.d/90qemu-net/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/90qemu-net/*' + + stratis: + - modules.d/90stratis/* + + crypt-gpg: +- - modules.d/91crypt-gpg/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91crypt-gpg/*' + + crypt-loop: +- - modules.d/91crypt-loop/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91crypt-loop/*' ++ ++fido2: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91fido2/*' ++ ++pcsc: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91pcsc/*' ++ ++pkcs11: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91pkcs11/*' ++ ++tpm2-tss: ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91tpm2-tss/*' + + zipl: +- - modules.d/91zipl/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/91zipl/*' + + cifs: +- - modules.d/95cifs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95cifs/*' + + dasd: +- - modules.d/95dasd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd/*' + + dasd_mod: +- - modules.d/95dasd_mod/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd_mod/*' + + dasd_rules: +- - modules.d/95dasd_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dasd_rules/*' + + dcssblk: +- - modules.d/95dcssblk/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95dcssblk/*' + + debug: +- - modules.d/95debug/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95debug/*' + + fcoe: +- - modules.d/95fcoe/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fcoe/*' + + fcoe-uefi: +- - modules.d/95fcoe-uefi/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fcoe-uefi/*' + + fstab-sys: +- - modules.d/95fstab-sys/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95fstab-sys/*' + + iscsi: +- - modules.d/95iscsi/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95iscsi/*' + + lunmask: +- - modules.d/95lunmask/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95lunmask/*' + + nbd: +- - modules.d/95nbd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nbd/*' + + nfs: +- - modules.d/95nfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nfs/*' + + nvmf: +- - modules.d/95nvmf/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95nvmf/*' + + qeth_rules: +- - modules.d/95qeth_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95qeth_rules/*' + + resume: +- - modules.d/95resume/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95resume/*' + + rootfs-block: +- - modules.d/95rootfs-block/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95rootfs-block/*' + + ssh-client: +- - modules.d/95ssh-client/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95ssh-client/*' + + terminfo: +- - modules.d/95terminfo/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95terminfo/*' + + udev-rules: +- - modules.d/95udev-rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95udev-rules/*' + + virtfs: +- - modules.d/95virtfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95virtfs/*' + + virtiofs: +- - modules.d/95virtiofs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95virtiofs/*' + + zfcp: +- - modules.d/95zfcp/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95zfcp/*' + + zfcp_rules: +- - modules.d/95zfcp_rules/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95zfcp_rules/*' + + znet: +- - modules.d/95znet/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/95znet/*' + + securityfs: +- - modules.d/96securityfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/96securityfs/*' + + biosdevname: +- - modules.d/97biosdevname/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/97biosdevname/*' + + masterkey: +-- modules.d/97masterkey/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/97masterkey/*' + + dracut-systemd: +- - modules.d/98dracut-systemd/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98dracut-systemd/*' + + ecryptfs: +- - modules.d/98ecryptfs/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98ecryptfs/*' + + integrity: +- - modules.d/98integrity/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98integrity/*' + + pollcdrom: +- - modules.d/98pollcdrom/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98pollcdrom/*' + + selinux: +- - modules.d/98selinux/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98selinux/*' + + syslog: +- - modules.d/98syslog/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98syslog/*' + + usrmount: +- - modules.d/98usrmount/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/98usrmount/*' + + base: +- - modules.d/99base/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99base/*' + + fs-lib: +- - modules.d/99fs-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99fs-lib/*' + + img-lib: +- - modules.d/99img-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99img-lib/*' + + memstrack: +- - modules.d/99memstrack/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99memstrack/*' + + shutdown: +- - modules.d/99shutdown/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99shutdown/*' + + squash: +- - modules.d/99squash/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99squash/*' + + uefi-lib: +- - modules.d/99uefi-lib/* ++ - changed-files: ++ - any-glob-to-any-file: 'modules.d/99uefi-lib/*' + + test: +- - test/* +- - test/**/* ++ - changed-files: ++ - any-glob-to-any-file: ['test/*', 'test/**/*', 'modules.d/80test*', 'modules.d/80test*/*'] + diff --git a/SOURCES/0060.patch b/SOURCES/0060.patch new file mode 100644 index 0000000..44726bc --- /dev/null +++ b/SOURCES/0060.patch @@ -0,0 +1,73 @@ +From 53ee0740d5913d20bf35f7613a12072fd2ebe0d0 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Wed, 17 Jul 2024 15:45:31 +0200 +Subject: [PATCH] ci: fix source-git automation + +rhel-only + +Related: RHEL-30581 +--- + .github/tracker-validator.yml | 28 +++++++++++----------- + .../workflows/source-git-automation-on-demand.yml | 1 + + .github/workflows/source-git-automation.yml | 1 + + 3 files changed, 16 insertions(+), 14 deletions(-) + +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +index f88cc0a5..31ef28f6 100644 +--- a/.github/tracker-validator.yml ++++ b/.github/tracker-validator.yml +@@ -12,17 +12,17 @@ products: + - rhel-9.2.0.z + - rhel-9.3.0 + - rhel-9.3.0.z +- - rhel-9.4.0 +- - rhel-9.4.0.z +- - rhel-9.5.0 +- - rhel-9.5.0.z +- - rhel-9.6.0 +- - rhel-9.6.0.z +- - rhel-9.7.0 +- - rhel-9.7.0.z +- - rhel-9.8.0 +- - rhel-9.8.0.z +- - rhel-9.9.0 +- - rhel-9.9.0.z +- - rhel-9.10.0 +- - rhel-9.10.0.z ++ - rhel-9.4 ++ - rhel-9.4.z ++ - rhel-9.5 ++ - rhel-9.5.z ++ - rhel-9.6 ++ - rhel-9.6.z ++ - rhel-9.7 ++ - rhel-9.7.z ++ - rhel-9.8 ++ - rhel-9.8.z ++ - rhel-9.9 ++ - rhel-9.9.z ++ - rhel-9.10 ++ - rhel-9.10.z +diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml +index 8a3a366e..afd2333e 100644 +--- a/.github/workflows/source-git-automation-on-demand.yml ++++ b/.github/workflows/source-git-automation-on-demand.yml +@@ -66,5 +66,6 @@ jobs: + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-number: ${{ matrix.pr-number }} ++ component: dracut + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +index 025ee84d..bdec3856 100644 +--- a/.github/workflows/source-git-automation.yml ++++ b/.github/workflows/source-git-automation.yml +@@ -42,5 +42,6 @@ jobs: + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ component: dracut + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/SOURCES/0061.patch b/SOURCES/0061.patch new file mode 100644 index 0000000..032209b --- /dev/null +++ b/SOURCES/0061.patch @@ -0,0 +1,37 @@ +From f8cb5753f14c65d1371b623f5f0d8e3cb0aa7107 Mon Sep 17 00:00:00 2001 +From: Laszlo Gombos +Date: Wed, 19 Oct 2022 12:32:28 +0000 +Subject: [PATCH] ci: remove non-existing modules from labeler + +(cherry picked from commit 1d60dd74ee721f17cdaadd56b874b564b89c0145) + +Related: RHEL-30581 +--- + .github/labeler.yml | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/.github/labeler.yml b/.github/labeler.yml +index 0dcc06d4..5667c635 100644 +--- a/.github/labeler.yml ++++ b/.github/labeler.yml +@@ -50,9 +50,6 @@ bash: + - changed-files: + - any-glob-to-any-file: 'modules.d/00bash/*' + +-bootchart: +- - modules.d/00bootchart/* +- + dash: + - changed-files: + - any-glob-to-any-file: 'modules.d/00dash/*' +@@ -345,9 +342,6 @@ qemu-net: + - changed-files: + - any-glob-to-any-file: 'modules.d/90qemu-net/*' + +-stratis: +- - modules.d/90stratis/* +- + crypt-gpg: + - changed-files: + - any-glob-to-any-file: 'modules.d/91crypt-gpg/*' + diff --git a/SOURCES/0062.patch b/SOURCES/0062.patch new file mode 100644 index 0000000..7bb8114 --- /dev/null +++ b/SOURCES/0062.patch @@ -0,0 +1,34 @@ +From 79fbe4171a7e42abe40d138a24add2895f7cddcd Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 31 Jan 2023 16:32:19 +0100 +Subject: [PATCH] fix(network-manager): add "After" dependency on dbus.service + +During shutdown, there is no ordering dependency between the nm-initrd service +and the D-Bus daemon, and so the latter can be stopped before. This causes +issues to NetworkManager, especially when team interfaces are present because +NM will see teamd dropping from the bus and will try to reactivate the +connection. + +Add a "After" dependency to make sure the D-Bus daemon is stopped after NM on +shutdown. + +(Cherry-picked commit: 1b7d83110741560f26027fbd9435763eef56935a) + +Resolves: RHEL-13192 +--- + modules.d/35network-manager/nm-initrd.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/35network-manager/nm-initrd.service b/modules.d/35network-manager/nm-initrd.service +index 3e24f52a..dbd8caa7 100644 +--- a/modules.d/35network-manager/nm-initrd.service ++++ b/modules.d/35network-manager/nm-initrd.service +@@ -3,6 +3,7 @@ DefaultDependencies=no + Wants=systemd-udev-trigger.service + After=systemd-udev-trigger.service + After=dracut-cmdline.service ++After=dbus.service + Wants=network.target + Before=network.target + ConditionPathExists=/run/NetworkManager/initrd/neednet + diff --git a/SOURCES/0063.patch b/SOURCES/0063.patch new file mode 100644 index 0000000..29c18c7 --- /dev/null +++ b/SOURCES/0063.patch @@ -0,0 +1,174 @@ +From 75691dfaa822a7ce32e4f97141975d9b10f3101e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E2=80=9CMasahiro?= +Date: Fri, 3 Feb 2023 12:08:26 +0900 +Subject: [PATCH] fix(url-lib.sh): nfs_already_mounted() with trailing slash in + nfs path + +nfs_already_mounted() doesn't work when the installation ISO and kickstart file on a same NFS share are specified with inst.repo and inst.ks boot parameter as below. + + inst.repo=nfs:192.168.1.1:/home/data/rhel9.iso inst.ks=nfs:192.168.1.1:/home/data/ks.cfg + + NOTE: /home/data is configured for nfs share on 192.168.1.1 + +One problem is a file (not a directory) was passed into nfs_already_mounted(). +nfs_already_mounted() is the function to judge if the given directory is already mounted. +So, filepath should be passed in nfs_fetch_url(). + +The other problem is about the trailing slash in the nfs path in /proc/mounts. + +The /proc/mounts has an entry after nfs mount of inst.repo. + + 192.168.1.1:/data/ /run/install/isodir nfs ro,relatime, + +In this case, nfs_already_mounted() returns "/run/install/isodir//home/data/ks.cfg" wrongly. The following is from the log. + +[ 14.556279] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@156(nfs_fetch_url): nfs_already_mounted 192.168.122.1 /home/data/ks.cfg +[ 14.556279] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@137(nfs_already_mounted): local server=192.168.122.1 path=/home/data/ks.cfg s= p= +... +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@140(nfs_already_mounted): '[' 192.168.122.1 = 192.168.122.1 ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@141(nfs_already_mounted): '[' /home/data/ks.cfg = /home/data/ ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@143(nfs_already_mounted): str_starts /home/data/ks.cfg /home/data/ +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/dracut-lib.sh@51(str_starts): '[' ks.cfg '!=' /home/data/ks.cfg ']' +[ 14.654966] localhost.localdomain dracut-initqueue[1282]: ///lib/url-lib.sh@144(nfs_already_mounted): echo /run/install/isodir//home/data/ks.cfg +... +[ 14.658069] localhost.localdomain dracut-initqueue[934]: //lib/url-lib.sh@156(nfs_fetch_url): mntdir=/run/install/isodir//home/data/ks.cfg + +This function doesn't expect the trailiing slash of the nfs path in /proc/mounts, so it should be removed before processing it. + +feat(test): nfs_fetch_url test into nfs test + +This is to check the behavior of nfs_fetch_url() in nfs-lib.sh. +nfs_fetch_url() calls nfs_already_mounted() internally. +A file /nfs/client/root/fetchfile is on NFS server, which is fetched +from clients for testing with nfs_fetch_url(). + +(Cherry-picked commits: + b731369c5fe7f9247337fe08017638a38f36cfca + 3cf092dbd8754a31595b0d8447827c6358fc3a88) + +Resolves: RHEL-13193 +--- + modules.d/45url-lib/url-lib.sh | 3 ++- + test/TEST-20-NFS/client-init.sh | 20 ++++++++++++++++++++ + test/TEST-20-NFS/test.sh | 14 +++++++++++++- + 3 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/modules.d/45url-lib/url-lib.sh b/modules.d/45url-lib/url-lib.sh +index b009fd09..c62b35db 100755 +--- a/modules.d/45url-lib/url-lib.sh ++++ b/modules.d/45url-lib/url-lib.sh +@@ -137,6 +137,7 @@ nfs_already_mounted() { + local server="$1" path="$2" s="" p="" + while read -r src mnt rest || [ -n "$src" ]; do + splitsep ":" "$src" s p ++ p=${p%/} + if [ "$server" = "$s" ]; then + if [ "$path" = "$p" ]; then + echo "$mnt" +@@ -153,7 +154,7 @@ nfs_fetch_url() { + local filepath="${path%/*}" filename="${path##*/}" mntdir="" + + # skip mount if server:/filepath is already mounted +- mntdir=$(nfs_already_mounted "$server" "$path") ++ mntdir=$(nfs_already_mounted "$server" "$filepath") + if [ -z "$mntdir" ]; then + local mntdir + mntdir="$(mkuniqdir /run nfs_mnt)" +diff --git a/test/TEST-20-NFS/client-init.sh b/test/TEST-20-NFS/client-init.sh +index c7e88314..061a2b15 100755 +--- a/test/TEST-20-NFS/client-init.sh ++++ b/test/TEST-20-NFS/client-init.sh +@@ -1,6 +1,7 @@ + #!/bin/sh + : > /dev/watchdog + . /lib/dracut-lib.sh ++. /lib/url-lib.sh + + export PATH=/usr/sbin:/usr/bin:/sbin:/bin + command -v plymouth > /dev/null 2>&1 && plymouth --quit +@@ -23,6 +24,25 @@ while read -r dev _ fstype opts rest || [ -n "$dev" ]; do + break + done < /proc/mounts + ++if [ "$fstype" = "nfs" -o "$fstype" = "nfs4" ]; then ++ ++ serverip=${dev%:*} ++ path=${dev#*:} ++ echo serverip="${serverip}" ++ echo path="${path}" ++ echo /proc/mounts status ++ cat /proc/mounts ++ ++ echo test:nfs_fetch_url nfs::"${serverip}":"${path}"/root/fetchfile ++ if nfs_fetch_url nfs::"${serverip}":"${path}"/root/fetchfile /run/nfsfetch.out; then ++ echo nfsfetch-OK ++ echo "nfsfetch-OK" | dd oflag=direct,dsync of=/dev/disk/by-id/ata-disk_marker2 ++ fi ++else ++ echo nfsfetch-BYPASS fstype="${fstype}" ++ echo "nfsfetch-OK" | dd oflag=direct,dsync of=/dev/disk/by-id/ata-disk_marker2 ++fi ++ + : > /dev/watchdog + + sync +diff --git a/test/TEST-20-NFS/test.sh b/test/TEST-20-NFS/test.sh +index 0821dc84..870eeba0 100755 +--- a/test/TEST-20-NFS/test.sh ++++ b/test/TEST-20-NFS/test.sh +@@ -65,13 +65,15 @@ client_test() { + + # Need this so kvm-qemu will boot (needs non-/dev/zero local disk) + dd if=/dev/zero of="$TESTDIR"/marker.img bs=1MiB count=1 ++ dd if=/dev/zero of="$TESTDIR"/marker2.img bs=1MiB count=1 + declare -a disk_args=() + # shellcheck disable=SC2034 + declare -i disk_index=0 + qemu_add_drive_args disk_index disk_args "$TESTDIR"/marker.img marker ++ qemu_add_drive_args disk_index disk_args "$TESTDIR"/marker2.img marker2 + + if dhclient --help 2>&1 | grep -q -F -- '--timeout' 2> /dev/null; then +- cmdline="$cmdline rd.net.timeout.dhcp=3" ++ cmdline="$cmdline rd.net.timeout.dhcp=30" + fi + + "$testdir"/run-qemu \ +@@ -126,6 +128,11 @@ client_test() { + return 1 + fi + ++ if ! grep -U --binary-files=binary -F -m 1 -q nfsfetch-OK "$TESTDIR"/marker2.img; then ++ echo "CLIENT TEST END: $test_name [FAILED - NFS FETCH FAILED]" ++ return 1 ++ fi ++ + echo "CLIENT TEST END: $test_name [OK]" + return 0 + } +@@ -263,6 +270,7 @@ test_setup() { + done + type -P portmap > /dev/null && inst_multiple portmap + type -P rpcbind > /dev/null && inst_multiple rpcbind ++ + [ -f /etc/netconfig ] && inst_multiple /etc/netconfig + type -P dhcpd > /dev/null && inst_multiple dhcpd + [ -x /usr/sbin/dhcpd3 ] && inst /usr/sbin/dhcpd3 /usr/sbin/dhcpd +@@ -308,6 +316,7 @@ test_setup() { + ( + cd "$initdir" || exit + mkdir -p dev sys proc etc run root usr var/lib/nfs/rpc_pipefs ++ echo "TEST FETCH FILE" > root/fetchfile + ) + + inst_multiple sh shutdown poweroff stty cat ps ln ip dd \ +@@ -321,6 +330,9 @@ test_setup() { + + inst_simple "${basedir}/modules.d/99base/dracut-lib.sh" "/lib/dracut-lib.sh" + inst_simple "${basedir}/modules.d/99base/dracut-dev-lib.sh" "/lib/dracut-dev-lib.sh" ++ inst_simple "${basedir}/modules.d/45url-lib/url-lib.sh" "/lib/url-lib.sh" ++ inst_simple "${basedir}/modules.d/40network/net-lib.sh" "/lib/net-lib.sh" ++ inst_simple "${basedir}/modules.d/95nfs/nfs-lib.sh" "/lib/nfs-lib.sh" + inst_binary "${basedir}/dracut-util" "/usr/bin/dracut-util" + ln -s dracut-util "${initdir}/usr/bin/dracut-getarg" + ln -s dracut-util "${initdir}/usr/bin/dracut-getargs" + diff --git a/SOURCES/0064.patch b/SOURCES/0064.patch new file mode 100644 index 0000000..f2a680d --- /dev/null +++ b/SOURCES/0064.patch @@ -0,0 +1,86 @@ +From 813a79d80b272d30ea949b070b436d2bb487df24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= +Date: Sun, 23 Oct 2022 10:54:48 +0000 +Subject: [PATCH] feat(systemd-pcrphase): introducing the systemd-pcrphase + module + +Introducing the systemd-pcrphase module + +(Cherry-picked commit: c4c595ceeab79fefde74750ec6b0d15d7d16ede6) + +Resolves: RHEL-27944 +--- + modules.d/01systemd-pcrphase/module-setup.sh | 51 ++++++++++++++++++++++++++++ + pkgbuild/dracut.spec | 1 + + 2 files changed, 52 insertions(+) + +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +new file mode 100755 +index 00000000..3dbb4974 +--- /dev/null ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -0,0 +1,51 @@ ++#!/bin/bash ++# This file is part of dracut. ++# SPDX-License-Identifier: GPL-2.0-or-later ++ ++# Prerequisite check(s) for module. ++check() { ++ ++ # If the binary(s) requirements are not fulfilled the module can't be installed. ++ require_binaries "$systemdutildir"/systemd-pcrphase || return 1 ++ ++ # Return 255 to only include the module, if another module requires it. ++ return 255 ++ ++} ++ ++# Module dependency requirements. ++depends() { ++ ++ # This module has external dependency on other module(s). ++ echo systemd tpm2-tss ++ # Return 0 to include the dependent module(s) in the initramfs. ++ return 0 ++ ++} ++ ++# Install the required file(s) and directories for the module in the initramfs. ++install() { ++ ++ inst_multiple -o \ ++ "$systemdutildir"/systemd-pcrphase \ ++ "$systemdsystemunitdir"/systemd-pcrphase.service \ ++ "$systemdsystemunitdir/systemd-pcrphase.service.d/*.conf" \ ++ "$systemdsystemunitdir"/systemd-pcrphase-sysinit.service \ ++ "$systemdsystemunitdir/systemd-pcrphase-sysinit.service/*.conf" \ ++ "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ ++ "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ ++ "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service ++ ++ # Install the hosts local user configurations if enabled. ++ if [[ $hostonly ]]; then ++ inst_multiple -H -o \ ++ "$systemdsystemconfdir"/systemd-pcrphase.service \ ++ "$systemdsystemconfdir/systemd-pcrphase.service.d/*.conf" \ ++ "$systemdsystemconfdir"/systemd-pcrphase-sysinit.service \ ++ "$systemdsystemconfdir/systemd-pcrphase-sysinit.service.d/*.conf" \ ++ "$systemdsystemconfdir"/systemd-pcrphase-initrd.service \ ++ "$systemdsystemconfdir/systemd-pcrphase-initrd.service.d/*.conf" \ ++ "$systemdsystemconfdir"/initrd.target.wants/systemd-pcrphase-initrd.service ++ fi ++ ++} +diff --git a/pkgbuild/dracut.spec b/pkgbuild/dracut.spec +index bd850986..0fa46d86 100644 +--- a/pkgbuild/dracut.spec ++++ b/pkgbuild/dracut.spec +@@ -320,6 +320,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ + %{dracutlibdir}/modules.d/01systemd-journald + %{dracutlibdir}/modules.d/01systemd-ldconfig + %{dracutlibdir}/modules.d/01systemd-modules-load ++%{dracutlibdir}/modules.d/01systemd-pcrphase + %{dracutlibdir}/modules.d/01systemd-repart + %{dracutlibdir}/modules.d/01systemd-resolved + %{dracutlibdir}/modules.d/01systemd-rfkill + diff --git a/SOURCES/0065.patch b/SOURCES/0065.patch new file mode 100644 index 0000000..0643650 --- /dev/null +++ b/SOURCES/0065.patch @@ -0,0 +1,45 @@ +From 86ce7047b2ade1f18ed50a736f10c343483f1f6c Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Thu, 9 Feb 2023 13:55:47 +0100 +Subject: [PATCH] fix(systemd-pcrphase): only include + systemd-pcrphase-initrd.service + +The only systemd-pcrphase related unit configured to run in the initrd is +systemd-pcrphase-initrd.service. +Both systemd-pcrphase.service and systemd-pcrphase-sysinit.service contain +`ConditionPathExists=!/etc/initrd-release`. + +(Cherry-picked commit: cd6f683d634970112a29867137431d0d57f8c957) + +Related: RHEL-27944 +--- + modules.d/01systemd-pcrphase/module-setup.sh | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +index 3dbb4974..fa960a42 100755 +--- a/modules.d/01systemd-pcrphase/module-setup.sh ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -28,10 +28,6 @@ install() { + + inst_multiple -o \ + "$systemdutildir"/systemd-pcrphase \ +- "$systemdsystemunitdir"/systemd-pcrphase.service \ +- "$systemdsystemunitdir/systemd-pcrphase.service.d/*.conf" \ +- "$systemdsystemunitdir"/systemd-pcrphase-sysinit.service \ +- "$systemdsystemunitdir/systemd-pcrphase-sysinit.service/*.conf" \ + "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service +@@ -39,10 +35,6 @@ install() { + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then + inst_multiple -H -o \ +- "$systemdsystemconfdir"/systemd-pcrphase.service \ +- "$systemdsystemconfdir/systemd-pcrphase.service.d/*.conf" \ +- "$systemdsystemconfdir"/systemd-pcrphase-sysinit.service \ +- "$systemdsystemconfdir/systemd-pcrphase-sysinit.service.d/*.conf" \ + "$systemdsystemconfdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemconfdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemconfdir"/initrd.target.wants/systemd-pcrphase-initrd.service + diff --git a/SOURCES/0066.patch b/SOURCES/0066.patch new file mode 100644 index 0000000..44c4861 --- /dev/null +++ b/SOURCES/0066.patch @@ -0,0 +1,37 @@ +From 1a57cf705444d3b6800051eee911d26a5c32d49a Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Thu, 8 Aug 2024 00:55:03 +0200 +Subject: [PATCH] fix(nfs): include also entries from /usr/lib/{passwd,group} + +as those paths are used by bootc instead of the /etc ones. + +(cherry picked from commit 45cdf3c4f24f77f04b264a7747f115d1031b2e67 from PR#573) + +Resolves: RHEL-52326 +--- + modules.d/95nfs/module-setup.sh | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 5351c2d5..1d961171 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -130,8 +130,16 @@ install() { + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" +- grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" ++ ++ local _confdir ++ for _confdir in etc usr/lib; do ++ ++ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \ ++ >> "$initdir/${_confdir}/passwd" ++ ++ grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \ ++ >> "$initdir/${_confdir}/group" ++ done + + # rpc user needs to be able to write to this directory to save the warmstart + # file diff --git a/SOURCES/0067.patch b/SOURCES/0067.patch new file mode 100644 index 0000000..54f240e --- /dev/null +++ b/SOURCES/0067.patch @@ -0,0 +1,25 @@ +From f194130f4f15d2c8159fb8adee76bb53ee5b82f5 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 18 Jul 2022 11:03:32 +0200 +Subject: [PATCH] fix(systemd): set right permissions for the machine-id file + +(cherry picked from commit 455dbb585583bd2e1d40ebb61c335a2ad6dff053) + +Resolves: RHEL-53114 +--- + modules.d/00systemd/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 27d2180d..38393855 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -194,6 +194,7 @@ install() { + + if ! [[ -e "$initdir/etc/machine-id" ]]; then + : > "$initdir/etc/machine-id" ++ chmod 444 "$initdir/etc/machine-id" + fi + + # install adm user/group for journald + diff --git a/SOURCES/0068.patch b/SOURCES/0068.patch new file mode 100644 index 0000000..708b9ff --- /dev/null +++ b/SOURCES/0068.patch @@ -0,0 +1,35 @@ +From b925190ab3b040c67fb217e0f135c0b92f056402 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Fri, 16 Aug 2024 20:40:15 +0200 +Subject: [PATCH] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ + +Introduce new path for lsinitrd.sh to look into: + +/usr/lib/modules/$kver/initramfs.img + +Which is valid on all ostree-based systems, and also other image based +systems with pre-generated initramfs. + +Ref: https://issues.redhat.com/browse/RHEL-35890 + +(cherry picked from commit 7c7cdd9317c21b19a0393f5d28d1acb7ee3ff027 from PR#582) + +Resolves: RHEL-35890 +--- + lsinitrd.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lsinitrd.sh b/lsinitrd.sh +index 39be169d..d05453ce 100755 +--- a/lsinitrd.sh ++++ b/lsinitrd.sh +@@ -133,6 +133,8 @@ else + image="/lib/modules/${KERNEL_VERSION}/initrd" + elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then + image="/boot/initramfs-${KERNEL_VERSION}.img" ++ elif [[ -f /usr/lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then ++ image="/usr/lib/modules/${KERNEL_VERSION}/initramfs.img" + elif [[ $MACHINE_ID ]] \ + && mountpoint -q /efi; then + image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" + diff --git a/SOURCES/0069.patch b/SOURCES/0069.patch new file mode 100644 index 0000000..cd5fa6c --- /dev/null +++ b/SOURCES/0069.patch @@ -0,0 +1,42 @@ +From 097d4bdb20443c1c5a86cc617ac2ab0c24193d75 Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Sat, 17 Aug 2024 01:43:50 +0200 +Subject: [PATCH] feat(dracut-init.sh): give --force-add precedence over --omit + +This gives precedence of force_add_dracutmodules to omit_dracutmodules, +as there is not other way to override omit_dracutmodules list, and users +would expect it to be overriden from command line. + +Ref: https://github.com/dracut-ng/dracut-ng/pull/569 + +This way, `--add` retains it behaviour, and `--force-add` gains additional +functionality in non-hostonly mode. The module may still be skipped +if the module check returns 1, but it should throw error (as I'd expect +for `--force-add`). + +Ref: https://issues.redhat.com/browse/RHEL-26114 + +(cherry picked from commit a669346f48cbb3278c51ba5e95b1b91f9bfdee0a) + +Resolves: RHEL-26114 +--- + dracut-init.sh | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index fe1b1426..27abb07b 100644 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -921,8 +921,10 @@ check_module() { + [[ $2 ]] || mods_checked_as_dep+=" $_mod " + + if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then +- ddebug "dracut module '$_mod' will not be installed, because it's in the list to be omitted!" +- return 1 ++ if [[ " $force_add_dracutmodules " != *\ $_mod\ * ]]; then ++ ddebug "Module '$_mod' will not be installed, because it's in the list to be omitted!" ++ return 1 ++ fi + fi + + if [[ " $dracutmodules $add_dracutmodules $force_add_dracutmodules" == *\ $_mod\ * ]]; then diff --git a/SPECS/dracut.spec b/SPECS/dracut.spec index 6253355..c238655 100644 --- a/SPECS/dracut.spec +++ b/SPECS/dracut.spec @@ -5,7 +5,7 @@ # strip the automatically generated dep here and instead co-own the # directory. %global __requires_exclude pkg-config -%define dist_free_release 53.git20240104 +%define dist_free_release 70.git20240819 Name: dracut Version: 057 @@ -81,6 +81,23 @@ Patch49: 0049.patch Patch50: 0050.patch Patch51: 0051.patch Patch52: 0052.patch +Patch53: 0053.patch +Patch54: 0054.patch +Patch55: 0055.patch +Patch56: 0056.patch +Patch57: 0057.patch +Patch58: 0058.patch +Patch59: 0059.patch +Patch60: 0060.patch +Patch61: 0061.patch +Patch62: 0062.patch +Patch63: 0063.patch +Patch64: 0064.patch +Patch65: 0065.patch +Patch66: 0066.patch +Patch67: 0067.patch +Patch68: 0068.patch +Patch69: 0069.patch Source1: https://www.gnu.org/licenses/lgpl-2.1.txt @@ -373,6 +390,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{dracutlibdir}/modules.d/01systemd-journald %{dracutlibdir}/modules.d/01systemd-ldconfig %{dracutlibdir}/modules.d/01systemd-modules-load +%{dracutlibdir}/modules.d/01systemd-pcrphase %{dracutlibdir}/modules.d/01systemd-repart %{dracutlibdir}/modules.d/01systemd-resolved %{dracutlibdir}/modules.d/01systemd-rfkill @@ -532,6 +550,24 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %changelog +* Mon Aug 19 2024 Pavel Valena - 057-70.git20240819 +- fix(systemd): set right permissions for the machine-id file +- feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ +- feat(dracut-init.sh): give --force-add precedence over --omit + +* Mon Aug 12 2024 Pavel Valena - 057-67.git20240812 +- feat(systemd): install systemd-executor +- test: use -device instead of -watchdog to remove qemu +- fix(fips): remove /dev/{random,urandom} pre-creation +- fix(systemd): always include sg module +- fix(fips): do not blindly remove /boot +- fix(github): update format of labeler +- fix(network-manager): add "After" dependency on dbus.service +- fix(url-lib.sh): nfs_already_mounted() with trailing slash in +- feat(systemd-pcrphase): introducing the systemd-pcrphase +- fix(systemd-pcrphase): only include +- fix(nfs): include also entries from /usr/lib/{passwd,group} + * Thu Jan 04 2024 Pavel Valena - 057-53.git20240104 - fix(dracut-install): use stripped kernel module path as hash