dracut: script adjusted to new logging facility; -v changed
-v meaning has changed. Now it increases verbosity level. -q option has
been added, which decreases verbosity level. Both options might be
specified multiple times.
Harald Hoyer [Wed, 16 Mar 2011 20:17:26 +0000 (21:17 +0100)]
dracut: add "--check=crc32" to xz compression
As mentioned in kernel/Documentation/xz.txt:
...
Notes on compression options
Since the XZ Embedded supports only streams with no integrity check
or CRC32, make sure that you don't use some other integrity check
type when encoding files that are supposed to be decoded by the
kernel. With liblzma, you need to use either LZMA_CHECK_NONE or
LZMA_CHECK_CRC32 when encoding. With the xz command line tool, use
--check=none or --check=crc32.
Using CRC32 is strongly recommended unless there is some other layer
which will verify the integrity of the uncompressed data anyway.
...
dracut-logger: logging facility module for build- and boot-time
It's dash compatible to be used also at boot-time. For now it's included
by dracut-functions and replaces functions: dinfo(), dwarning() and
derror(). New options are introduced: -L|--stdlog, and -q|--quiet to
control stderr verbosity. Logging to file or syslog may be controlled by
options set in config file.
Note that code is not adjusted to the meaning of the new logging
functions, yet.
Doxygen formatted documentation (as a proposal, by the way) is included
in dracut-logger.
Will Woods [Fri, 11 Mar 2011 21:29:09 +0000 (16:29 -0500)]
dmsquash-live: use 'rootfs.img' for rootfs image name
Every image gets handled the same way regardless of filesystem, so
let's use a filesystem-neutral name (rather than adding new
lines for every fstype anyone might want to use).
Andrey Borzenkov [Thu, 10 Mar 2011 22:54:04 +0000 (01:54 +0300)]
cryptroot-ask: check that plymouth is running before use
Otherwise there is no way to skip pasword prompt. --has-active-vt
seems to correctly catch also the case when plymouthd is started
but splash is disabled.
Harald Hoyer [Thu, 10 Mar 2011 16:01:10 +0000 (17:01 +0100)]
dracut: let some parameters be specified multiple times
These parameters can now be specified multiple times:
-a|--add
--add-drivers
-m|--modules
-o|--omit
-d|--drivers
--filesystems
-I|--install
--fwdir
-i|--include
Harald Hoyer [Wed, 9 Mar 2011 17:10:54 +0000 (18:10 +0100)]
add caps module, to drop capabilities
This adds the following parameters:
rd.caps=1
turn the caps module on/off
rd.caps.initdrop=cap_sys_module,cap_sys_rawio
drop the specified comma seperated capabilities
rd.caps.disablemodules=1
turn off module loading
rd.caps.disablekexec=1
turn off the kexec functionality
If module loading is turned off, all modules have to be loaded in the
initramfs, which are used later on. This can be done with
"rd.driver.pre="
rd.driver.pre=autofs4,sunrpc,ipt_REJECT,nf_conntrack_ipv4,....
Because the kernel command line would get huge with all those drivers, I
recommend to make use of $initramfs/etc/cmdline.
So, all rd.caps.* and rd.driver.pre arguments are in caps.conf can be
copied to $initramfs/etc/cmdline with "-i caps.conf /etc/cmdline".
Also all modules have to be loaded in the initramfs via "--add-drivers".
The resulting initramfs creation would look like this:
Harald Hoyer [Thu, 10 Mar 2011 10:11:32 +0000 (11:11 +0100)]
move all /dev/.initramfs to /dev/.run/initramfs
We want all "/var/run" information to live in /dev/.run, until the real
root is mounted.
Therefore we mount a tmpfs on /dev/.run, which can/will be bind/move mounted
on /var/run later on.
Will Woods [Tue, 8 Mar 2011 23:35:17 +0000 (18:35 -0500)]
Add support for in-initramfs live images with "root=live:/path/name.img"
This allows creation of initramfs images which contain a Live system.
The primary use for this is keeping very large initramfs-based systems
(e.g. anaconda, the Fedora installer) compressed in-memory, by using a
compressed filesystem image like squashfs or btrfs.
dmsquash-live-genrules.sh will initqueue dmsquash-live-root itself
(rather than making udev rules) if the given live "device" is actually
an existing, plain file.
parse-dmsquash-live.sh will only accept paths that end in ".img".
dmsquash-live-root will only handle images named "*squashfs.img",
"*ext3fs.img", or "*btrfs.img".
Will Woods [Tue, 8 Mar 2011 23:35:15 +0000 (18:35 -0500)]
Use 'btrfs' command rather than 'btrfsctl', and install btrfs driver
btrfsctl is being replaced by the btrfs command in the upstream
tools, so change accordingly. Also, if we're using the btrfs module
we should probably make sure the btrfs driver gets installed.
Will Woods [Tue, 8 Mar 2011 23:35:12 +0000 (18:35 -0500)]
inst_dir: fix handling of relative symlinks outside the current dir
inst_dir used the following to try to resolve a relative path:
[[ $target = ${target##*/} ]] && target="${file%/*}/$target"
inst_dir $target
This will only match if $target has no slashes, so something like
/usr/bin -> ../sbin would result in: inst_dir ../sbin, or
/usr/share -> local/share would result in: inst_dir local/share
which is not going to do the right thing.
Instead, we resolve any non-absolute link, like so:
[[ $target == ${target#/} ]] && target=$(dirname "$file")/$target
Thus /usr/bin -> ../sbin results in: inst_dir /usr/../sbin, and
/usr/share -> local/share results in: inst_dir /usr/local/share
which is what you would expect.
Harald Hoyer [Mon, 7 Mar 2011 12:09:25 +0000 (13:09 +0100)]
dracut-functions: fixed instmods() return value
The FIPS installkernel() relies on the instmods() return value. So only
return 0, if the module and its dependencies were actually installed
correctly.
Harald Hoyer [Fri, 18 Feb 2011 08:44:47 +0000 (09:44 +0100)]
selinux: turn off selinux by default
In Fedora selinux is now handled by systemd. If you want to enable
selinux by default, just add it to your /etc/dracut.conf.d/01-dist.conf
with:
add_dracutmodules+=" selinux "
It happens that either due to newer modprobe or missing depmod
module-init-tools cries.
Suppressing the error ensures for a funny debug search for the user.
Resulting initramfs is generally unbootable due to missing module deps.
Better use the quiet option of modprobe itself.
It makes it less chatty, but doesn't suppress "fatal" errors.