[please ignore] Just a CI test #25
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From-dist-git-commit: a1ebaf27b616010bc672be9409ff42b8234b008d
Based on a commit 856e7ac. Currently upstream does not create releases. Reference PR: dracutdevs/dracut#2509 Unpacked archive: https://github.com/pvalena/dracut-fedora/tree/v60-srpm-unpacked
- rebased from state acf404af26c4add66ba0dd13509a94589dce86df - rebased from state a24e1272faba2875f9b78fcf42109028af0869bc - rebased from state fa245ce
From-dist-git-commit: 4faeede00276da9101b9f279a9f1d1a188824021
The original dracut repository is no longer maintained, new initiative was started: https://github.com/dracut-ng/dracut-ng/
(keeping all upstream changes)
as there's no reason to keep a copy; there shouldn't be any modifications. In case there are args stored in a separate file (Fedora and alike), it needs to be supplied too, but without the option to change the user.
…f no args" revert: "fix(install.d): simplify and use what kernel-install gives us" This reverts commits: d401553 8388ad1 dracut-ng/dracut-ng#334 This is temporary, until the `20-grub.install` will be able to handle initrd from kernel staging area.
…R says so dracut may be installed without being actually used. This is very common in binary distros where a package may be pulled in through dependencies, even though the user does not need it in a particular setup. KERNEL_INSTALL_INITRD_GENERATOR is being added in systemd's kernel-install to select which of the possibly many initrd generation mechanisms will be used. For backwards compat, if it not set, continue as before. But if set to something else, skip our kernel-install plugins. (Cherry-picked commit f47bcdd7342ca0d46b889e712a1c7446e18434bc from PR#1825)
According to the synopsis, kernel-install can be called with an already-prepared initrd. In that case, no initrd should be generated by dracut. (Cherry-picked commit 0b72cf5c4eca0e0db76e3e210cfdc48e6b49bb74 from PR#1825)
named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so" Resolves: rhbz#2276271
This reverts commit 2339acf. Resolves: rhbz#2295215
+ add C10s dockerfile.
rhel-only
Different distributions and containers might prefer different defaults. The motivation of this work is to increase test coverage and to run the tests in the same configurations as dracut is used. (cherry picked from commit e9be0ecc01d35ab8613b2e104ab624ab8f066fbd)
Fix failing test cases by enforcing no-hostonly for those tests cases that need it. (cherry picked from commit 51f392a4624bc1cb172a03e4cc28ff0a5cae02a8)
This is important for alpine, so that it does not install both dash and busybox dracut modules that are potentially conflicting. (cherry picked from commit 6e3c2bf)
Authored-by: Laszlo Gombos <[email protected]>
as tests are failing without it (and someone might actually use it). https://koji.fedoraproject.org/koji/packageinfo?packageID=6398
as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition which would produce Warning 'grep: warning: stray \ before x' in get_maj_min Resolves: RHEL-47145
…nt_dev With udev 256, there are now directories such as /dev/disk/by-path/pci-0000:02:00.0-nvme-1-part/ which match here. In case a nonexisting file/device was passed to get_persistent_dev, it returned the first directory it looked at because both have maj:min 0:0. This accidental conversion from garbage to a sensible looking path leads to weird behaviour later. Instead of filtering out directories explicitly switch the check to only return block devices, which also takes care of the character special /dev/mapper/control. (cherry picked from commit 55d2fb5b459f356fdbde60ddefb97be942a0c141) Resolves: RHEL-49744
and also use proper variables for the paths, and fixup invalid paths. -- The new systemd reads from both /etc and /usr/, so to accomodate this, I've added new paths to install configs from (I probably haven't covered all). This changes only hostonly behaviour; uses global variables: systemdutilconfdir: "/etc/systemd" systemdutildir: "/lib/systemd:/lib/systemd/systemd-udevd" "/usr/lib/systemd:/usr/lib/systemd/systemd-udevd" (cherry picked from commit ea4905e944a2acd75ba3a48a5dfeaba417f724e8) Resolves: RHEL-32506
as we can't determine with certainity that it won't be needed. rhel-only Resolves: RHEL-53350
…st et al When using 99squash dracut actually builds two separate initrds. The "normal" one, that gets squashed into a squashfs image, and a "minimalistic" one, whose only task is to mount and switch_root to the squashfs image. This is currently done the following way: 1. Skipp install() for 99squash during the "normal" installation phase. 2. Trigger a special postinstall hook in 99squash that moves the content of $initdir to $squashdir and installs the "minimalistic" initrd to $initdir. 3. Strip the binaries in $initdir (of which $squashdir is a sub directory of). 4. Squash the content of $squashdir into the squashfs image and remove $squashdir. The problem with this approach is that the steps 2 and 4 specific to 99squash but need to be done in dracut.sh. Thus a lot of special handling for 99squash is needed in dracut.sh. This will get even more complex once support for different filesystem images, e.g. erofs, are implemented. In order to be able to move most of the functionality into 99squash itself a new approach will be chosen, i.e. 1. During the installation phase install the "normal" initrd into $initdir and the "minimalistic" initrd into $squashdir. 2. Strip the binaries in $initdir. 3. Trigger a special postinstall hook in 99squash that squashes the content of $initdir (excluding $squashdir) into the squashfs image, removes the content of $intidir (excluding $suqashdir) and, moves the content of $squashdir into $initdir. With that the only special handling remaining in dracut.sh is triggering the postinstall hook. However, in inst et al. the destination directory is hard coded to $initdir. Thus allow setting a different destination directory in inst et al. to get the new approach to work. For the time being only do that for the functions required by 99squash. Signed-off-by: Philipp Rudo <[email protected]> (cherry picked from commit 5ab4470cf136c2d9983564b84b49fd700d4b8514) Related: RHEL-43460
…dencies
When implementing erofs support for 99squash we end up with three
modules 99squash, 95squash-squashfs and 95squash-erofs. Where 99squash
contains the common code for filesystem images and
95squash-{squashfs,erofs} the special handing depending on the
filesystem used. This leads to a dependency cycle as we want to allow
users both to choose 99squash, when the exact filesystem doesn't matter,
as well as 95squash-{squashfs,erofs} when a specific filesystem is
required.
But when 99squash is added as a dependency calling
dracut_module_included fails in its depends() function. This lead to
cases where both handlers, 95squash-squashfs and 95squash-erofs, were
added to the initrd.
Reason for the failure is that a module only is marked to be loaded
after all it's dependencies have been checked as well. Thus a child
module cannot detect which parent module wants it to be included. Fix
this by marking modules to be loaded before checking its dependencies in
check_module. Do the same change in check_mount for consistency.
Signed-off-by: Philipp Rudo <[email protected]>
(cherry picked from commit 634b4a5c6fbe595eb240cd529d669d21eadd510c)
Related: RHEL-43460
Additional fix, restoring previous behavior identical to RHEL-9. rhel-only Resolves: RHEL-53350
This gives precedence of force_add_dracutmodules to omit_dracutmodules, as there is not other way to override omit_dracutmodules list, and users would expect it to be overriden from command line. Ref: dracut-ng/dracut-ng#569 This way, `--add` retains it behaviour, and `--force-add` gains additional functionality in non-hostonly mode. The module may still be skipped if the module check returns 1, but it should throw error (as I'd expect for `--force-add`). (cherry picked commit a669346f48cbb3278c51ba5e95b1b91f9bfdee0a from PR#584) Resolves: RHEL-53791
Introduce new path for lsinitrd.sh to look into: /usr/lib/modules/$kver/initramfs.img Which is valid on all ostree-based systems, and also other image based systems with pre-generated initramfs. Ref: https://issues.redhat.com/browse/RHEL-35890 (cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282) Resolves: RHEL-54650
rhel-only Resolves: RHEL-39404
as those paths are used by bootc instead of the /etc ones. (cherry picked from commit 45cdf3c4f24f77f04b264a7747f115d1031b2e67) Resolves: RHEL-53431
…pendencies Commit d0f8fde ("fix(dracut-init.sh): add module to mods_to_load before checking dependencies") introduced a regression. When dracut is in "auto" mode, i.e. '--modules auto' or no --modules is provided, the expected behavior is that all modules that return 0 in their check() function are included. Except for the ones where the dependencies cannot be installed. The commit however, caused those modules to be included without their dependencies. Thus revert the commit. This reverts commit d0f8fde. Reported-by: Jo Zzsi <[email protected]> Signed-off-by: Philipp Rudo <[email protected]> (cherry picked from commit bddbb11bbbfc405317a6fbd53bb189b575d46da2) Resolves: RHEL-43460
With commit d0f8fde ("fix(dracut-init.sh): add module to mods_to_load before checking dependencies") reverted 99squash can no longer rely on dracut_module_included working as expected in its check() and depends() function. Solve this problem by breaking up the cyclic dependency between 99squash and 95squash-{squashfs,erofs} as the commit was originally introduced to allow this cyclic dependency. This requires to move all code shared by 95squash-{squashfs,erofs} from 99squash to a new 99squash-lib module and update the dependencies accordingly. In addition update the checks in dracut.sh to check for 99squash-lib as 99squash is no longer guaranteed to be included. Finally make sure that 99squash-lib isn't included without a back end. While at it improve and align the error messages in 99squash and 99squash-lib. Signed-off-by: Philipp Rudo <[email protected]> (cherry picked from commit d5783635950e38cccf334e7163db79f280650fa2) Resolves: RHEL-43460
The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib is added without one of the required back ends. Usually this isn't fatal and simply results in a "normal" initrd, i.e. one without squashed image, being created. Nevertheless, a user needs to explicitly add one of the required modules for the code to be triggered. So it is better to fail with an error rather than giving the user something he didn't ask for. Signed-off-by: Philipp Rudo <[email protected]> (cherry picked from commit 8909d892a7a055ae95be45416e6fbf1b833ff426) Resolves: RHEL-43460
The postinstall phase of 99squash-lib has the potential to delete the whole rootfs if $initdir is empty. This should(tm) never happen. Nevertheless as the consequences are so devastating it is better to double check. Signed-off-by: Philipp Rudo <[email protected]> (cherry picked from commit 6b089c70761c81a7b82a1bfba5f2c1faef7e972f) Resolves: RHEL-43460
pvalena
force-pushed
the
rebase-103-rhel-10
branch
from
226daff to
21f875d
Compare
This binary uses reflinks to speed up initramfs generation on btrfs and XFS filesystems so let's build it and include it in the dracut package to speed up initramfs generation. Author: Daan De Meyer <[email protected]> https://src.fedoraproject.org/rpms/dracut/pull-request/62 Related: RHEL-65204
For a system that uses crypto-policies to be switched to FIPS mode correctly, it needs to be - booted with `fips=1` on the kernel command line - switched to the FIPS crypto-policy (or a policy derived from it) - have the fips dracut module enabled On older systems, there were additional steps, for example, creating `/etc/system-fips`. We have repeatedly seen inconsistencies between those different toggles, either because the user space tooling to switch between those does not (for reliability, maintainability, and compliance reasons) undo some of the steps it does when disabling FIPS mode, or because other installation methods (bootc, containers, image builder) independently do some of those steps. Eventually, all of these ended with user confusion. We can avoid this situation by eliminating the difference by treating the `fips=1` kernel command line switch as a single source of truth, and making all others follow automatically. This module provides this for crypto-policies, by adding bind-mounts before pivot if the system has not already been switched to a FIPS-based crypto-policy. This requires some support from the crypto-policies package (because it needs to deal with the bind mounts when a user calls `update-crypto-policies --set`), so make it a no-op unless - `fips=1` is on the kernel command line - crypto-policies is installed - crypto-policies supports the bind-mounts (indicated by the presence of the `default-fips-config` file) - the policy isn't already FIPS These checks should make this safe to add to the initramfs on all current systems. The bind-mounts also need to happen in the initramfs already, because systemd links against OpenSSL, and doing them later means that systemd will start with an OpenSSL configuration that isn't tailored for FIPS. See also [1], which adds the user space support to crypto-policies, along with a systemd service that does the same steps in case dracut hasn't already done them (which is useful for environments that don't use an initramfs like containers). [1]: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/191 Signed-off-by: Clemens Lang <[email protected]> (cherry picked from commit bd3c1e1) Resolves: RHEL-59678
Signed-off-by: Clemens Lang <[email protected]> Resolves: RHEL-59678
pvalena
force-pushed
the
rebase-103-rhel-10
branch
from
21f875d to
3a5b401
Compare
(dist-git commit: 84573b7f1433c998e293dd93457c75303e8e978b)
pvalena
force-pushed
the
rebase-103-rhel-10
branch
from
3a5b401 to
ff3186b
Compare
pvalena
force-pushed
the
rebase-103-rhel-10-test
branch
from
60be2dc to
9de12ed
Compare
pvalena
force-pushed
the
rebase-103-rhel-10-test
branch
from
9de12ed to
0340421
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TEST