rpms/dracut
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS dracut-057-86.git20250217.el9

Browse Source
This commit is contained in:
eabdullin 2025-03-10 14:08:58 +00:00
parent b6eda06431
commit ec149de110
17 changed files with 2150 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
SOURCES/0070.patch Normal file
View File

@ -0,0 +1,250 @@
From 29616c6a89437e138bb5abc55b42325d0d2b1394 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 22 Oct 2024 17:30:32 +0200
Subject: [PATCH] ci: fix CentOS-9-Stream container and ci config
- correct URL for dash
- add missing dependencies
- use centos9 instead of fedora
rhel-only
Resolves: RHEL-65249
---
.github/workflows/integration.yml | 4 +-
test/container/Dockerfile-Arch | 25 -------------
test/container/Dockerfile-CentOS-9-Stream | 5 ++-
test/container/Dockerfile-Debian | 61 -------------------------------
test/container/Dockerfile-Fedora-latest | 56 ----------------------------
test/container/Dockerfile-OpenSuse-latest | 23 ------------
6 files changed, 5 insertions(+), 169 deletions(-)
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index c22bf916..c023ab16 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -14,7 +14,7 @@ jobs:
strategy:
matrix:
container: [
- "fedora:latest",
+ "centos:stream9",
]
test: [
"04",
@@ -40,7 +40,7 @@ jobs:
strategy:
matrix:
container: [
- "fedora:latest",
+ "centos:stream9",
]
test: [
"01",
diff --git a/test/container/Dockerfile-Arch b/test/container/Dockerfile-Arch
deleted file mode 100644
index 4112cc5b..00000000
--- a/test/container/Dockerfile-Arch
+++ /dev/null
@@ -1,25 +0,0 @@
-FROM docker.io/archlinux
-
-MAINTAINER https://github.com/dracutdevs/dracut
-
-ENV container docker
-LABEL RUN="docker run -it --name NAME --privileged --ipc=host --net=host --pid=host -e NAME=NAME -e IMAGE=IMAGE IMAGE"
-
-RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)' > /etc/profile.d/dracut-test.sh
-
-# Install needed packages for the dracut CI container
-RUN pacman --noconfirm -Sy \
- linux dash strace dhclient asciidoc cpio pigz squashfs-tools \
- qemu btrfs-progs mdadm dmraid nfs-utils nfsidmap lvm2 nbd \
- dhcp networkmanager multipath-tools vi tcpdump open-iscsi \
- git shfmt shellcheck astyle which base-devel glibc parted && yes | pacman -Scc
-
-RUN useradd -m build
-RUN su build -c 'cd && git clone https://aur.archlinux.org/perl-config-general.git && cd perl-config-general && makepkg -s --noconfirm'
-RUN pacman -U --noconfirm ~build/perl-config-general/*.pkg.tar.*
-RUN su build -c 'cd && git clone https://aur.archlinux.org/tgt.git && cd tgt && echo "CFLAGS=-Wno-error=stringop-truncation" >> PKGBUILD && makepkg -s --noconfirm'
-RUN pacman -U --noconfirm ~build/tgt/*.pkg.tar.*
-RUN rm -fr ~build
-
-# Set default command
-CMD ["/usr/bin/bash"]
diff --git a/test/container/Dockerfile-CentOS-9-Stream b/test/container/Dockerfile-CentOS-9-Stream
index abcc067e..26d308d2 100644
--- a/test/container/Dockerfile-CentOS-9-Stream
+++ b/test/container/Dockerfile-CentOS-9-Stream
@@ -8,9 +8,10 @@ LABEL RUN="docker run -it --name NAME --privileged --ipc=host --net=host --pid=h
RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)' > /etc/profile.d/dracut-test.sh
# Install needed packages for the dracut CI container
-# FIXME: properly re-add dash once C9S EPEL is available
+# FIXME: add dmraid, scsi-target-utils (e.g. from COPR)
RUN dnf -y install --enablerepo crb --setopt=install_weak_deps=False \
- http://mirrors.kernel.org/fedora/releases/34/Everything/x86_64/os/Packages/d/dash-0.5.10.2-8.fc34.x86_64.rpm \
+ https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/d/dash-0.5.11.5-4.el9.x86_64.rpm \
+ https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/b/btrfs-progs-6.10-1.el9.x86_64.rpm \
qemu-kvm \
NetworkManager \
asciidoc \
diff --git a/test/container/Dockerfile-Debian b/test/container/Dockerfile-Debian
deleted file mode 100644
index 15eb9958..00000000
--- a/test/container/Dockerfile-Debian
+++ /dev/null
@@ -1,61 +0,0 @@
-FROM docker.io/debian:latest
-
-MAINTAINER https://github.com/dracutdevs/dracut
-
-ENV container docker
-LABEL RUN="docker run -it --name NAME --privileged --ipc=host --net=host --pid=host -e NAME=NAME -e IMAGE=IMAGE IMAGE"
-
-RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)' > /etc/profile.d/dracut-test.sh
-
-# Install needed packages for the dracut CI container
-RUN apt-get update -y -qq && apt-get upgrade -y -qq && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends -o Dpkg::Use-Pty=0 \
- asciidoc \
- astyle \
- btrfs-progs \
- busybox-static \
- bzip2 \
- ca-certificates \
- console-setup \
- cpio \
- cryptsetup \
- curl \
- dash \
- debhelper \
- debhelper-compat \
- docbook \
- docbook-xml \
- docbook-xsl \
- fdisk \
- g++ \
- git \
- iputils-ping \
- isc-dhcp-client \
- kmod \
- less \
- libkmod-dev \
- linux-image-generic \
- lvm2 \
- make \
- mdadm \
- multipath-tools \
- nbd-client \
- network-manager \
- nfs-common \
- open-iscsi \
- parted \
- pigz \
- pkg-config \
- procps \
- qemu-system-x86 \
- quilt \
- shellcheck \
- squashfs-tools \
- strace \
- sudo \
- tcpdump \
- vim \
- wget \
- && apt-get clean
-
-# Set default command
-CMD ["/usr/bin/bash"]
diff --git a/test/container/Dockerfile-Fedora-latest b/test/container/Dockerfile-Fedora-latest
deleted file mode 100644
index a38a72ef..00000000
--- a/test/container/Dockerfile-Fedora-latest
+++ /dev/null
@@ -1,56 +0,0 @@
-FROM registry.fedoraproject.org/fedora:latest
-
-MAINTAINER https://github.com/dracutdevs/dracut
-
-ENV container docker
-LABEL RUN="docker run -it --name NAME --privileged --ipc=host --net=host --pid=host -e NAME=NAME -e IMAGE=IMAGE IMAGE"
-
-RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)' > /etc/profile.d/dracut-test.sh
-
-# Install needed packages for the dracut CI container
-RUN dnf -y install --setopt=install_weak_deps=False \
- dash \
- pigz \
- asciidoc \
- mdadm \
- lvm2 \
- dmraid \
- cryptsetup \
- nfs-utils \
- nbd \
- dhcp-server \
- scsi-target-utils \
- iscsi-initiator-utils \
- strace \
- btrfs-progs \
- kmod-devel \
- gcc \
- bzip2 \
- xz \
- tar \
- wget \
- rpm-build \
- make \
- git \
- bash-completion \
- sudo \
- kernel \
- dhcp-client \
- /usr/bin/qemu-kvm \
- /usr/bin/qemu-system-$(uname -i) \
- e2fsprogs \
- tcpdump \
- iproute \
- iputils \
- dbus-daemon \
- kbd \
- NetworkManager \
- squashfs-tools \
- which \
- ShellCheck \
- shfmt \
- parted \
- && dnf -y update && dnf clean all
-
-# Set default command
-CMD ["/usr/bin/bash"]
diff --git a/test/container/Dockerfile-OpenSuse-latest b/test/container/Dockerfile-OpenSuse-latest
deleted file mode 100644
index 9aaf07b1..00000000
--- a/test/container/Dockerfile-OpenSuse-latest
+++ /dev/null
@@ -1,23 +0,0 @@
-FROM registry.opensuse.org/opensuse/tumbleweed-dnf:latest
-
-MAINTAINER https://github.com/dracutdevs/dracut
-
-ENV container docker
-LABEL RUN="docker run -it --name NAME --privileged --ipc=host --net=host --pid=host -e NAME=NAME -e IMAGE=IMAGE IMAGE"
-
-RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)' > /etc/profile.d/dracut-test.sh
-
-# Install needed packages for the dracut CI container
-RUN dnf -y install --setopt=install_weak_deps=False \
- dash asciidoc mdadm lvm2 dmraid cryptsetup nfs-utils nbd dhcp-server \
- strace libkmod-devel gcc bzip2 xz tar wget rpm-build make git bash-completion \
- sudo kernel dhcp-client qemu-kvm /usr/bin/qemu-system-$(uname -m) e2fsprogs \
- tcpdump iproute iputils kbd NetworkManager btrfsprogs tgt dbus-broker \
- iscsiuio open-iscsi which ShellCheck procps pigz parted squashfs \
- && dnf -y update && dnf clean all
-
-RUN shfmt_version=3.2.4; wget "https://github.com/mvdan/sh/releases/download/v${shfmt_version}/shfmt_v${shfmt_version}_linux_amd64" -O /usr/local/bin/shfmt \
- && chmod +x /usr/local/bin/shfmt
-
-# Set default command
-CMD ["/usr/bin/bash"]

35
SOURCES/0071.patch Normal file
View File

@ -0,0 +1,35 @@
From 0a264651d148b543c0c5d6b0a07909cdcb1abfba Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Tue, 26 Nov 2024 11:27:54 +0100
Subject: [PATCH] fix(35network-manager): install nftables kernel modules
needed
NetworkManager requires nf_tables, nfnetlink and nft_fwd_netdev kernel
modules to operate balance-slb bonding mode.
Fixes a6264d1726d9 ("fix(35network-manager): install nft binary during module installation")
(cherry picked from commit 037da383dd8d9d9d699f1430d6afc790b28b18f8)
Resolves: RHEL-64754
---
modules.d/35network-manager/module-setup.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/modules.d/35network-manager/module-setup.sh b/modules.d/35network-manager/module-setup.sh
index c93c6a3c..6ed8c04e 100755
--- a/modules.d/35network-manager/module-setup.sh
+++ b/modules.d/35network-manager/module-setup.sh
@@ -19,6 +19,11 @@ installkernel() {
return 0
}
+# called by dracut
+installkernel() {
+ instmods nf_tables nfnetlink nft_fwd_netdev
+}
+
# called by dracut
install() {
local _nm_version

35
SOURCES/0072.patch Normal file
View File

@ -0,0 +1,35 @@
From 3db62d5a16557941ef95ab0aa838f1012c20af9e Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Thu, 21 Nov 2024 00:40:27 +0100
Subject: [PATCH] fix(35network-manager): install nft binary during module
installation
NetworkManager has a new bonding mode called balance-slb. This mode is
used in environments where NICs are connected to switches without LACP.
In order to work, NetworkManager configures a set of nftables rules.
The 'nft' binary is required to work.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
(cherry picked from commit 37317b61fda5181aeb0604381e994e8181a53200)
Resolves: RHEL-64754
---
modules.d/35network-manager/module-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/35network-manager/module-setup.sh b/modules.d/35network-manager/module-setup.sh
index 6ed8c04e..4fd3d051 100755
--- a/modules.d/35network-manager/module-setup.sh
+++ b/modules.d/35network-manager/module-setup.sh
@@ -37,7 +37,7 @@ install() {
inst NetworkManager
inst_multiple -o /usr/{lib,libexec}/nm-initrd-generator
inst_multiple -o /usr/{lib,libexec}/nm-daemon-helper
- inst_multiple -o teamd dhclient
+ inst_multiple -o teamd dhclient nft
inst_hook cmdline 99 "$moddir/nm-config.sh"
if dracut_module_included "systemd"; then

100
SOURCES/0073.patch Normal file
View File

@ -0,0 +1,100 @@
From e3bba58810038d0e7bc83988355e07eb30c1f5a7 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Thu, 20 Jun 2024 13:38:26 +0800
Subject: [PATCH] fix(dracut-install): copy xattr when use clone ioctl
When use clone ioctl to copy a file, the extended attributes of files are
missing, which is inconsistent with the result by using the cp command.
This commit add the process to copy extended attributes after clone_file().
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
(cherry picked from commit 1cf0db26e43fe4c6173acdb8047f16666ebf070a)
Resolves: RHEL-55245
---
src/install/dracut-install.c | 56 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c
index 997d62d3..2ad783d3 100644
--- a/src/install/dracut-install.c
+++ b/src/install/dracut-install.c
@@ -43,6 +43,7 @@
#include <fts.h>
#include <regex.h>
#include <sys/utsname.h>
+#include <sys/xattr.h>
#include "log.h"
#include "hashmap.h"
@@ -267,6 +268,56 @@ static inline int clone_file(int dest_fd, int src_fd)
return ioctl(dest_fd, BTRFS_IOC_CLONE, src_fd);
}
+static int copy_xattr(int dest_fd, int src_fd)
+{
+ int ret = 0;
+ ssize_t name_len = 0, value_len = 0;
+ char *name_buf = NULL, *name = NULL, *value = NULL, *value_save = NULL;
+
+ name_len = flistxattr(src_fd, NULL, 0);
+ if (name_len < 0)
+ return -1;
+
+ name_buf = calloc(1, name_len + 1);
+ if (name_buf == NULL)
+ return -1;
+
+ name_len = flistxattr(src_fd, name_buf, name_len);
+ if (name_len < 0)
+ goto out;
+
+ for (name = name_buf; name != name_buf + name_len; name = strchr(name, '\0') + 1) {
+ value_len = fgetxattr(src_fd, name, NULL, 0);
+ if (value_len < 0) {
+ ret = -1;
+ continue;
+ }
+
+ value_save = value;
+ value = realloc(value, value_len);
+ if (value == NULL) {
+ value = value_save;
+ ret = -1;
+ goto out;
+ }
+
+ value_len = fgetxattr(src_fd, name, value, value_len);
+ if (value_len < 0) {
+ ret = -1;
+ continue;
+ }
+
+ value_len = fsetxattr(dest_fd, name, value, value_len, 0);
+ if (value_len < 0)
+ ret = -1;
+ }
+
+out:
+ free(name_buf);
+ free(value);
+ return ret;
+}
+
static bool use_clone = true;
static int cp(const char *src, const char *dst)
@@ -308,6 +359,11 @@ static int cp(const char *src, const char *dst)
log_info("Failed to chown %s: %m", dst);
}
+ if (geteuid() == 0 && no_xattr == false) {
+ if (copy_xattr(dest_desc, source_desc) != 0)
+ log_error("Failed to copy xattr %s: %m", dst);
+ }
+
tv[0].tv_sec = sb.st_atime;
tv[0].tv_usec = 0;
tv[1].tv_sec = sb.st_mtime;

138
SOURCES/0074.patch Normal file
View File

@ -0,0 +1,138 @@
From 01e51a69c34b58ddb974a1489c2990bb77bf791e Mon Sep 17 00:00:00 2001
From: Lichen Liu <lichliu@redhat.com>
Date: Wed, 7 Aug 2024 10:13:37 +0800
Subject: [PATCH] feat(dracut.sh): add --add-confdir option
When generating kdump's initrd, we want to keep [omit_]dracutmodules
empty and let kdump to handle the modules. And we don't want to
affect the first kernel's initrd, so we cannot place our conf file
to /etc/dracut.conf.d or /usr/lib/dracut/dracut.conf.d.
This patch adds a new option to allow user to add an extra configuration
directory to use *.conf files from. If the dir not exists, will look for
confdir's subdir.
After that, kdump can use "--add-confdir kdump" if
/usr/lib/dracut/dracut.conf.d/kdump exists, to apply its own dracut conf.
See also:
https://github.com/rhkdump/kdump-utils/issues/11
https://github.com/rhkdump/kdump-utils/pull/31
Suggested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Lichen Liu <lichliu@redhat.com>
(cherry picked from commit ae81535037c42b716d8cbb9dc18942b5c6f16fed)
Resolves: RHEL-66582
---
dracut.sh | 25 ++++++++++++++++++++++++-
man/dracut.8.asc | 8 ++++++++
shell-completion/bash/dracut | 4 ++--
3 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/dracut.sh b/dracut.sh
index 778eefd7..7e4b0602 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -156,6 +156,9 @@ Creates initial ramdisk images for preloading modules
Default: /etc/dracut.conf
--confdir [DIR] Specify configuration directory to use *.conf files
from. Default: /etc/dracut.conf.d
+ --add-confdir [DIR] Add an extra configuration directory to use *.conf
+ files from. If the directory is not existed, will
+ look for subdirectory under confdir.
--tmpdir [DIR] Temporary directory to be used instead of default
${TMPDIR:-/var/tmp}.
-r, --sysroot [DIR] Specify sysroot directory to collect files from.
@@ -400,6 +403,7 @@ rearrange_params() {
--long kmoddir: \
--long conf: \
--long confdir: \
+ --long add-confdir: \
--long tmpdir: \
--long sysroot: \
--long stdlog: \
@@ -676,6 +680,11 @@ while :; do
PARMS_TO_STORE+=" '$2'"
shift
;;
+ --add-confdir)
+ add_confdir="$2"
+ PARMS_TO_STORE+=" '$2'"
+ shift
+ ;;
--tmpdir)
tmpdir_l="$2"
PARMS_TO_STORE+=" '$2'"
@@ -931,6 +940,20 @@ elif [[ ! -d $confdir ]]; then
exit 1
fi
+if [[ -n $add_confdir ]]; then
+ if [[ -d $add_confdir ]]; then
+ :
+ # Check if it exists under $confdir.
+ elif [[ -d $confdir/$add_confdir ]]; then
+ add_confdir="$confdir/$add_confdir"
+ elif [[ -d $dracutbasdir/dracut.conf.d/$add_confdir ]]; then
+ add_confdir="$dracutbasdir/dracut.conf.d/$add_confdir"
+ else
+ printf "%s\n" "dracut[F]: Configuration directory '$add_confdir' not found." >&2
+ exit 1
+ fi
+fi
+
# source our config file
if [[ -f $conffile ]]; then
check_conf_file "$conffile"
@@ -939,7 +962,7 @@ if [[ -f $conffile ]]; then
fi
# source our config dir
-for f in $(dropindirs_sort ".conf" "$confdir" "$dracutbasedir/dracut.conf.d"); do
+for f in $(dropindirs_sort ".conf" "$confdir" "$add_confdir" "$dracutbasedir/dracut.conf.d"); do
check_conf_file "$f"
# shellcheck disable=SC1090
[[ -e $f ]] && . "$f"
diff --git a/man/dracut.8.asc b/man/dracut.8.asc
index 8339e8a9..15ae36e6 100644
--- a/man/dracut.8.asc
+++ b/man/dracut.8.asc
@@ -311,6 +311,14 @@ Default:
Default:
_/etc/dracut.conf.d_
+**--add-confdir** _<configuration directory>_::
+ Add an extra configuration directory to use *.conf files from. If the
+ directory is not existed, will look for subdirectory under confdir.
++
+Default:
+ _empty_
+
+
**--tmpdir** _<temporary directory>_::
Specify temporary directory to use.
+
diff --git a/shell-completion/bash/dracut b/shell-completion/bash/dracut
index 9b51db01..bc14aa9a 100644
--- a/shell-completion/bash/dracut
+++ b/shell-completion/bash/dracut
@@ -46,14 +46,14 @@ _dracut() {
--kernel-cmdline --sshkey --persistent-policy --install-optional
--loginstall --uefi-stub --kernel-image --squash-compressor
--sysroot --hostonly-mode --hostonly-nics --include --logfile
- --uefi-splash-image --sbat
+ --uefi-splash-image --sbat --add-confdir
'
)
# shellcheck disable=SC2086
if __contains_word "$prev" ${OPTS[ARG]}; then
case $prev in
- --kmoddir | -k | --fwdir | --confdir | --tmpdir | -r | --sysroot)
+ --kmoddir | -k | --fwdir | --confdir | --add-confdir | --tmpdir | -r | --sysroot)
comps=$(compgen -d -- "$cur")
compopt -o filenames
;;

28
SOURCES/0075.patch Normal file
View File

@ -0,0 +1,28 @@
From cb1c0c94322768dcdc8748b3623c0a4ba1afde71 Mon Sep 17 00:00:00 2001
From: Jo Zzsi <jozzsicsataban@gmail.com>
Date: Wed, 11 Sep 2024 16:57:13 -0400
Subject: [PATCH] fix: typo in variable name
(cherry picked from commit 76b2f1a9b52afd4203c1d0e6afb57314bbfe8407)
Resolves: RHEL-66582
---
dracut.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dracut.sh b/dracut.sh
index 7e4b0602..f748a073 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -946,8 +946,8 @@ if [[ -n $add_confdir ]]; then
# Check if it exists under $confdir.
elif [[ -d $confdir/$add_confdir ]]; then
add_confdir="$confdir/$add_confdir"
- elif [[ -d $dracutbasdir/dracut.conf.d/$add_confdir ]]; then
- add_confdir="$dracutbasdir/dracut.conf.d/$add_confdir"
+ elif [[ -d $dracutbasedir/dracut.conf.d/$add_confdir ]]; then
+ add_confdir="$dracutbasedir/dracut.conf.d/$add_confdir"
else
printf "%s\n" "dracut[F]: Configuration directory '$add_confdir' not found." >&2
exit 1

118
SOURCES/0076.patch Normal file
View File

@ -0,0 +1,118 @@
From 492bc949e16f78fad9f274744c72bc2fd0161d84 Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Fri, 9 Aug 2024 12:49:05 +0200
Subject: [PATCH] feat(fips): add support for UKIs
Kernel integrity check in FIPS module is incompatible with UKIs as neither
/boot/vmlinuz-`uname-r` nor /boot/.vmlinuz-`uname-r`.hmac are present. UKI
is placed to $ESP\EFI\Linux\<install-tag>-<uname-r>.efi and if a .hmac file
is present next to it, it is possible to do similar check.
Note, UKIs have a 'one size fits all' command line and 'boot=' is not expected
to be set. Luckily, if the UKI is systemd-stub based then we can expect
'LoaderDevicePartUUID' variable containing PARTUUID of the ESP to be set. Mount
it to /boot using the existing logic.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
(cherry picked from commit 72684ff519be4f29c45cbb0f84759e645b0ac4be)
Resolves: RHEL-56885
---
modules.d/01fips/fips.sh | 51 ++++++++++++++++++++++++++++++++++++++++
modules.d/01fips/module-setup.sh | 2 +-
2 files changed, 52 insertions(+), 1 deletion(-)
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 05631c8a..3889dc0c 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -14,9 +14,22 @@ else
}
fi
+# Checks if a systemd-based UKI is running and ESP UUID is set
+is_uki() {
+ [ -f /sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ] \
+ && [ -f /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ]
+}
+
mount_boot() {
boot=$(getarg boot=)
+ if is_uki && [ -z "$boot" ]; then
+ # efivar file has 4 bytes header and contain UCS-2 data. Note, 'cat' is required
+ # as sys/firmware/efi/efivars/ files are 'special' and don't allow 'seeking'.
+ # shellcheck disable=SC2002
+ boot="PARTUUID=$(cat /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f | tail -c +5 | tr -d '\0' | tr 'A-F' 'a-f')"
+ fi
+
if [ -n "$boot" ]; then
if [ -d /boot ] && ismounted /boot; then
boot_dev=
@@ -81,6 +94,41 @@ do_rhevh_check() {
return 0
}
+do_uki_check() {
+ local KVER
+ local uki_checked=0
+
+ KVER="$(uname -r)"
+ # UKI are placed in $ESP\EFI\Linux\<intall-tag>-<uname-r>.efi
+ if ! [ "$FIPS_MOUNTED_BOOT" = 1 ]; then
+ warn "Failed to mount ESP for doing UKI integrity check"
+ return 1
+ fi
+
+ for UKIpath in /boot/EFI/Linux/*-"$KVER".efi; do
+ # UKIs are installed to $ESP/EFI/Linux/<entry-token-or-machine-id>-<uname-r>.efi
+ # and in some cases (e.g. when the image is used as a template for creating new
+ # VMs) entry-token-or-machine-id can change. To make sure the running UKI is
+ # always checked, check all UKIs which match the 'uname -r' of the running kernel
+ # and fail the whole check if any of the matching UKIs are corrupted.
+
+ [ -r "$UKIpath" ] || break
+
+ local UKI="${UKIpath##*/}"
+ local UKIHMAC=."$UKI".hmac
+
+ fips_info "checking $UKIHMAC"
+ (cd /boot/EFI/Linux/ && sha512hmac -c "$UKIHMAC") || return 1
+ uki_checked=1
+ done
+
+ if [ "$uki_checked" = 0 ]; then
+ warn "Failed for find UKI for checking"
+ return 1
+ fi
+ return 0
+}
+
nonfatal_modprobe() {
modprobe "$1" 2>&1 > /dev/stdout \
| while read -r line || [ -n "$line" ]; do
@@ -133,6 +181,9 @@ do_fips() {
elif [ -e "/run/install/repo/images/pxeboot/vmlinuz" ]; then
# This is a boot.iso with the .hmac inside the install.img
do_rhevh_check /run/install/repo/images/pxeboot/vmlinuz || return 1
+ elif is_uki; then
+ # This is a UKI
+ do_uki_check || return 1
else
BOOT_IMAGE="$(getarg BOOT_IMAGE)"
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 91612ff3..a090bc88 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -67,7 +67,7 @@ install() {
inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
inst_script "$moddir/fips.sh" /sbin/fips.sh
- inst_multiple sha512hmac rmmod insmod mount uname umount grep sed sort
+ inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort cat tail tr
inst_simple /etc/system-fips

52
SOURCES/0077.patch Normal file
View File

@ -0,0 +1,52 @@
From f4cda60fd9725d5aa6dd25ee67909339d6400af8 Mon Sep 17 00:00:00 2001
From: Adrien Thierry <athierry@redhat.com>
Date: Mon, 13 Feb 2023 10:43:32 -0500
Subject: [PATCH] fix(kernel-modules): use modalias info in get_dev_module()
When calling dracut with '--hostonly-mode=strict', get_dev_module() gets
called on the system's block devices to find the required drivers. The
driver name is retrieved using udevadm. However, the driver name
returned by udevadm is not necessarily the same as the module name.
This is the case for the Qualcomm UFS driver: udevadm returns
'ufshcd-qcom' while the module name is 'ufs-qcom', so dracut-install is
not able to find the module afterwards.
To solve this, make get_dev_module() also return the module alias info
from the modalias files contained in the sysfs directories parsed by
udevadm.
Signed-off-by: Adrien Thierry <athierry@redhat.com>
(cherry picked from commit 87a76dbb578aff473e690857d1b714eacd92b9ec)
Resolves: RHEL-55708
---
dracut-functions.sh | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index 3c475ca7..f2614308 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -971,8 +971,20 @@ block_is_netdevice() {
get_dev_module() {
local dev_attr_walk
local dev_drivers
+ local dev_paths
dev_attr_walk=$(udevadm info -a "$1")
dev_drivers=$(echo "$dev_attr_walk" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p')
+
+ # also return modalias info from sysfs paths parsed by udevadm
+ dev_paths=$(echo "$dev_attr_walk" | sed -n 's/.*\(\/devices\/.*\)'\'':/\1/p')
+ local dev_path
+ for dev_path in $dev_paths; do
+ local modalias_file="/sys$dev_path/modalias"
+ if [ -e "$modalias_file" ]; then
+ dev_drivers="$(printf "%s\n%s" "$dev_drivers" "$(cat "$modalias_file")")"
+ fi
+ done
+
# if no kernel modules found and device is in a virtual subsystem, follow symlinks
if [[ -z $dev_drivers && $(udevadm info -q path "$1") == "/devices/virtual"* ]]; then
local dev_vkernel

83
SOURCES/0078.patch Normal file
View File

@ -0,0 +1,83 @@
From f194bd6ad64f7baae1a8fded967a198b1127cb64 Mon Sep 17 00:00:00 2001
From: Tao Liu <ltao@redhat.com>
Date: Wed, 12 Apr 2023 23:02:25 +0800
Subject: [PATCH] fix(dracut-functions.sh): convert mmcblk to the real kernel
module name
In some x86_64 platforms such as Intel Elkhartlake, an issue of missing
necessary modules due to udevadm drivers field unmatch the real kernel module
name is found:
$ udevadm info -a /dev/block/179:1
looking at parent device '/devices/pci0000:00/0000:00:1a.0/mmc_host/mmc0/mmc0:0001':
KERNELS=="mmc0:0001"
SUBSYSTEMS=="mmc"
DRIVERS=="mmcblk"
....
The DRIVERS field, aka mmcblk will be given to instmods to install the
corresponding mmc_block.ko kernel module. However mmc_block.ko cannot be
selected by string mmcblk, as a result, mmc_block.ko cannot be installed
in hostonly-mode strict, which will fail to bootup the machine such as in
kdump cases:
$ /usr/lib/dracut/dracut-install -D /var/tmp --kerneldir /lib/modules/$(uname -r)/ -m mmcblk
dracut-install: Failed to find module 'mmcblk'
In this patch, we will convert the string mmcblk to mmc_block, so the
kernel module can be successfully loaded.
Signed-off-by: Tao Liu <ltao@redhat.com>
(cherry picked from commit a62e895db9510f0fc4c47ee81b1436096eca4d64)
Resolves: RHEL-55708
---
dracut-functions.sh | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/dracut-functions.sh b/dracut-functions.sh
index f2614308..2e582ebc 100755
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -967,13 +967,30 @@ block_is_netdevice() {
block_is_nbd "$1" || block_is_iscsi "$1" || block_is_fcoe "$1"
}
+# convert the driver name given by udevadm to the corresponding kernel module name
+get_module_name() {
+ local dev_driver
+ while read -r dev_driver; do
+ case "$dev_driver" in
+ mmcblk)
+ echo "mmc_block"
+ ;;
+ *)
+ echo "$dev_driver"
+ ;;
+ esac
+ done
+}
+
# get the corresponding kernel modules of a /sys/class/*/* or/dev/* device
get_dev_module() {
local dev_attr_walk
local dev_drivers
local dev_paths
dev_attr_walk=$(udevadm info -a "$1")
- dev_drivers=$(echo "$dev_attr_walk" | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p')
+ dev_drivers=$(echo "$dev_attr_walk" \
+ | sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p' \
+ | get_module_name)
# also return modalias info from sysfs paths parsed by udevadm
dev_paths=$(echo "$dev_attr_walk" | sed -n 's/.*\(\/devices\/.*\)'\'':/\1/p')
@@ -1001,6 +1018,7 @@ get_dev_module() {
[[ -n $dev_drivers && ${dev_drivers: -1} != $'\n' ]] && dev_drivers+=$'\n'
dev_drivers+=$(udevadm info -a "$dev_vpath/$dev_link" \
| sed -n 's/\s*DRIVERS=="\(\S\+\)"/\1/p' \
+ | get_module_name \
| grep -v -e pcieport)
done
fi

34
SOURCES/0079.patch Normal file
View File

@ -0,0 +1,34 @@
From a5b07e49259b201374124ba1e23b931da6e741e0 Mon Sep 17 00:00:00 2001
From: packit-public-repos-bot
<125959684+packit-public-repos-bot@users.noreply.github.com>
Date: Wed, 11 Dec 2024 11:47:15 +0100
Subject: [PATCH] Fix configuration for Packit 1.0.0
This commit fixes the configuration for the forthcoming Packit 1.0.0.
See [our blog post](https://packit.dev/posts/packit_1_0_0_action_required) for more details.
- Job type `build` has been changed to `copr_build`.
- Job type `production_build` has been changed to `upstream_koji_build`.
- Key `upstream_project_name` has been changed to `upstream_package_name`.
- Key `synced_files` has been changed to `files_to_sync`.
Please review and merge me before January 2025 otherwise packit-service jobs will fail because of an invalid configuration.
Resolves: RHEL-65249
---
.packit.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.packit.yml b/.packit.yml
index 86ba83d2..1439a44e 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -7,7 +7,7 @@
# Docs: https://packit.dev/docs/
specfile_path: pkgbuild/dracut.spec
-synced_files:
+files_to_sync:
- .packit.yaml
upstream_package_name: dracut
downstream_package_name: dracut

24
SOURCES/0080.patch Normal file
View File

@ -0,0 +1,24 @@
From 78f56fa46b05409fb49f9c5ba776783aabb89d15 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 30 Jan 2025 12:43:01 +0100
Subject: [PATCH] test: fix url for btrfs-progs
Resolves: RHEL-65249
---
test/container/Dockerfile-CentOS-9-Stream | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/container/Dockerfile-CentOS-9-Stream b/test/container/Dockerfile-CentOS-9-Stream
index 26d308d2..3f0cdf6c 100644
--- a/test/container/Dockerfile-CentOS-9-Stream
+++ b/test/container/Dockerfile-CentOS-9-Stream
@@ -11,7 +11,7 @@ RUN echo 'export DRACUT_NO_XATTR=1 KVERSION=$(cd /lib/modules; ls -1 | tail -1)'
# FIXME: add dmraid, scsi-target-utils (e.g. from COPR)
RUN dnf -y install --enablerepo crb --setopt=install_weak_deps=False \
https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/d/dash-0.5.11.5-4.el9.x86_64.rpm \
- https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/b/btrfs-progs-6.10-1.el9.x86_64.rpm \
+ https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/b/btrfs-progs-6.12-3.el9.x86_64.rpm \
qemu-kvm \
NetworkManager \
asciidoc \

32
SOURCES/0081.patch Normal file
View File

@ -0,0 +1,32 @@
From 4c327d4d5f3dd08bce7a704e2e4e45e2a838dc93 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 17 Feb 2025 02:50:26 +0100
Subject: [PATCH] fix(35network-manager): remove duplicate installkernel
function
Issue introduced in commit: 0a264651d148b543c0c5d6b0a07909cdcb1abfba
Resolves: RHEL-64754
rhel-only
---
modules.d/35network-manager/module-setup.sh | 5 -----
1 file changed, 5 deletions(-)
diff --git a/modules.d/35network-manager/module-setup.sh b/modules.d/35network-manager/module-setup.sh
index 4fd3d051..80ca21bd 100755
--- a/modules.d/35network-manager/module-setup.sh
+++ b/modules.d/35network-manager/module-setup.sh
@@ -14,11 +14,6 @@ depends() {
return 0
}
-# called by dracut
-installkernel() {
- return 0
-}
-
# called by dracut
installkernel() {
instmods nf_tables nfnetlink nft_fwd_netdev

28
SOURCES/0082.patch Normal file
View File

@ -0,0 +1,28 @@
From 31a612d5a1cc8c2f0fcc7db82a6f8c9106c8bb63 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 17 Feb 2025 09:15:11 +0100
Subject: [PATCH] ci: bump actions/upload-artifact version to v4
as v3 is deprecated.
https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
rhel-only
---
.github/workflows/gather-metadata.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml
index e4cbc486..d11c90d1 100644
--- a/.github/workflows/gather-metadata.yml
+++ b/.github/workflows/gather-metadata.yml
@@ -22,7 +22,7 @@ jobs:
uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
- name: Upload artifact with gathered metadata
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: pr-metadata
path: ${{ steps.Metadata.outputs.metadata-file }}

26
SOURCES/0083.patch Normal file
View File

@ -0,0 +1,26 @@
From 379b1eafcfb6b4e34b6689bc8f8eab5ecb27aac7 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Mon, 19 Aug 2024 09:41:27 +0200
Subject: [PATCH] feat(fips): include fips module unconditionally
rhel-only
Resolves: RHEL-53364
---
modules.d/01fips/module-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index a090bc88..91bbe785 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -2,7 +2,7 @@
# called by dracut
check() {
- return 255
+ return 0
}
# called by dracut

51
SOURCES/0084.patch Normal file
View File

@ -0,0 +1,51 @@
From acbb003a63809ed870598eee7171a5c188e80113 Mon Sep 17 00:00:00 2001
From: Laszlo Gombos <laszlo.gombos@gmail.com>
Date: Wed, 24 Aug 2022 19:16:26 +0000
Subject: [PATCH] fix(dracut.sh): make omit-drivers option do exact match for
names
Modify the basic test case to use --omit-drivers and make it fail
without the PR and make it pass with the PR.
The test would fail with the following error without the PR:
FATAL: iscsiroot requested but kernel/initrd does not support iscsi
(cherry picked from commit a7f5cdbccbbd4d8c406ea7c4b3e6f25cd747e648)
Resolves: RHEL-57094
---
dracut.sh | 2 +-
test/TEST-01-BASIC/test.sh | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/dracut.sh b/dracut.sh
index f748a073..dcdeaf5f 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -1379,7 +1379,7 @@ omit_drivers_corrected=""
for d in $omit_drivers; do
[[ " $drivers $add_drivers " == *\ $d\ * ]] && continue
[[ " $drivers $force_drivers " == *\ $d\ * ]] && continue
- omit_drivers_corrected+="$d|"
+ omit_drivers_corrected+="^$d$|"
done
omit_drivers="${omit_drivers_corrected%|}"
unset omit_drivers_corrected
diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh
index 9f98af2c..877f6534 100755
--- a/test/TEST-01-BASIC/test.sh
+++ b/test/TEST-01-BASIC/test.sh
@@ -110,9 +110,12 @@ test_setup() {
inst_hook shutdown-emergency 000 ./hard-off.sh
inst_hook emergency 000 ./hard-off.sh
)
+
+ # make sure --omit-drivers does not filter out drivers using regexp to test for an earlier regression (assuming there is no one letter linux kernel module needed to run the test)
"$basedir"/dracut.sh -l -i "$TESTDIR"/overlay / \
-a "debug watchdog" \
-d "piix ide-gd_mod ata_piix ext3 sd_mod i6300esb ib700wdt" \
+ --omit-drivers 'a b c d e f g h i j k l m n o p q r s t u v w x y z' \
--no-hostonly-cmdline -N \
-f "$TESTDIR"/initramfs.testing "$KVERSION" || return 1
}

1079
SOURCES/0085.patch Normal file
View File

File diff suppressed because it is too large Load Diff

38
SPECS/dracut.spec
View File

@ -5,7 +5,7 @@
# strip the automatically generated dep here and instead co-own the
# directory.
%global __requires_exclude pkg-config
%define dist_free_release 70.git20240819
%define dist_free_release 86.git20250217
Name: dracut
Version: 057
@ -98,6 +98,22 @@ Patch66: 0066.patch
Patch67: 0067.patch
Patch68: 0068.patch
Patch69: 0069.patch
Patch70: 0070.patch
Patch71: 0071.patch
Patch72: 0072.patch
Patch73: 0073.patch
Patch74: 0074.patch
Patch75: 0075.patch
Patch76: 0076.patch
Patch77: 0077.patch
Patch78: 0078.patch
Patch79: 0079.patch
Patch80: 0080.patch
Patch81: 0081.patch
Patch82: 0082.patch
Patch83: 0083.patch
Patch84: 0084.patch
Patch85: 0085.patch
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
@ -109,6 +125,7 @@ BuildRequires: gcc
%if 0%{?fedora} || 0%{?rhel}
BuildRequires: pkgconfig
BuildRequires: systemd
BuildRequires: openssl-devel
%endif
%if 0%{?fedora}
BuildRequires: bash-completion
@ -347,6 +364,8 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/dracut-initramfs-restore
%{dracutlibdir}/dracut-install
%{dracutlibdir}/dracut-util
%{dracutlibdir}/ossl-config
%{dracutlibdir}/ossl-files
%{dracutlibdir}/skipcpio
%config(noreplace) %{_sysconfdir}/dracut.conf
%if 0%{?fedora} || 0%{?suse_version} || 0%{?rhel}
@ -472,6 +491,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{dracutlibdir}/modules.d/99base
%{dracutlibdir}/modules.d/99memstrack
%{dracutlibdir}/modules.d/99fs-lib
%{dracutlibdir}/modules.d/99openssl
%{dracutlibdir}/modules.d/99shutdown
%attr(0644,root,root) %ghost %config(missingok,noreplace) %{_localstatedir}/log/dracut.log
%dir %{_sharedstatedir}/initramfs
@ -550,6 +570,22 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
%changelog
* Mon Feb 17 2025 Pavel Valena <pvalena@redhat.com> - 057-86.git20250217
- fix(35network-manager): remove duplicate installkernel
- feat(fips): include fips module unconditionally
- fix(dracut.sh): make omit-drivers option do exact match for
- feat: add openssl module
* Wed Nov 27 2024 Pavel Valena <pvalena@redhat.com> - 057-79.git20241127
- fix(35network-manager): install nftables kernel modules
- fix(35network-manager): install nft binary during module
- fix(dracut-install): copy xattr when use clone ioctl
- feat(dracut.sh): add --add-confdir option
- fix: typo in variable name
- feat(fips): add support for UKIs
- fix(kernel-modules): use modalias info in get_dev_module()
- fix(dracut-functions.sh): convert mmcblk to the real kernel
* Mon Aug 19 2024 Pavel Valena <pvalena@redhat.com> - 057-70.git20240819
- fix(systemd): set right permissions for the machine-id file
- feat(lsinitrd.sh): look for initrd in /usr/lib/modules/