systemd lets stdout go to journal only. Usually, this is desired
behavior to ensure that plymouth does not get disrupted.
However in the 01fips case, the system has to halt when the integrity
check fails to satisfy FIPS requirements. So the user will not be able
to inspect the journal.
As this is special to the fips module, we introduce a fips_info() which
works like info(), but deviates the output to stderr when running with
systemd.
osmin.img is no longer used by anaconda or generated by
livemedia-creator. livecd-creator will soon drop it as well.
Removing this code will allow OverlayFS boots to proceed when
osmin.img is present in the .iso image.
mwberry [Sun, 31 May 2020 00:55:35 +0000 (17:55 -0700)]
UEFI Mode: only write kernel cmdline to UEFI binary
The kernel command line was being written both into
/etc/cmdline.d/01-default.conf and the UEFI executable.
During boot, getcmdline would concatenate these two
resulting in all arguments being duplicated. Some
args, such as ip=, are sensitive to the number of
times they are specified.
/usr/sbin/dracut-install is a symlink:
$ file /usr/sbin/dracut-install
/usr/sbin/dracut-install: symbolic link to ../lib/dracut/dracut-install
It resulted to "dracut-install not found" error:
+++ for p in $DRACUT_PATH
+++ [[ -L /sbin/dracut-install ]]
+++ [[ -x /sbin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /bin/dracut-install ]]
+++ [[ -x /bin/dracut-install ]]
+++ for p in $DRACUT_PATH
+++ [[ -L /usr/sbin/dracut-install ]]
+++ printf '%s\n' dracut-install
+++ return 0
++ DRACUT_INSTALL=dracut-install
++ [[ -n dracut-install ]]
++ [[ -n dracut-install ]]
++ DRINSTALLPARTS=0
++ for i in $DRACUT_INSTALL
++ DRINSTALLPARTS=1
++ [[ 1 = 1 ]]
++ [[ -x dracut-install ]]
++ dfatal 'dracut-install not found!'
++ set +x
dracut: dracut-install not found!
[ -x <not a path to file> ] is not correct and will always be false.
But actually it is available. Let's just allow it to be not an absolute path.
Maybe some other places can be improved to avoid DRACUT_INSTALL being not an absolute path.
Thomas Blume [Wed, 22 Jul 2020 07:34:42 +0000 (09:34 +0200)]
35network-legacy: simplify fallback dhcp setup
suppress redundant calls to network setup
combine code for "no ip option directed at our interface" and
"No ip lines default to dhcp"
correct evaluation of return code for creating did-setup files
fix application of "load_ipv6" call to ipv6 setup only
Kairui Song [Fri, 2 Aug 2019 09:11:19 +0000 (17:11 +0800)]
dracut-initqueue: Print more useful info in case of timeout
Currently when initqueue timeout, it span the console with
"dracut-initqueue timeout - starting timeout scripts", which isn't very
helpful as we still don't know what actually happened. Try to improve
this by print what is actually being waited.
Besides, only print "starting timeout scripts" when there are
actual timeout scripts to use.
Kairui Song [Wed, 10 Jun 2020 10:28:27 +0000 (18:28 +0800)]
99memstrack: Only start tracking service when rd.memdebug=4|5
Currently systemd will always start the tracking service, it will
exit early if rd.memdebug<=3 so there is no issue here, but it
leave a message of: "Started Memstrack Anylazing Service.".
Better to avoid such message if it's not used.
The iSCSI configuration is started after dracut checks for resume,
so we run into a timeout here. Additionally it's questionable if
resume on iSCSI makes sense (or is even supported on the platform).
Same holds true for Network Block Devices and FcOE, cover those as well
References: bsc#999663
Original-patch-by: Hannes Reinecke <hare@suse.com> Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
This helper function takes a remote IP address, and tries to
determine the dracut command line arguments ip= and ifname= that
will make this remote address reachable during boot.
Functionality was taken from the module-setup.sh scripts of 95iscsi and 95nfs,
cleaned up and fixed some issues in particular with statically configured
networks, where the old code would print the unsupported string
"$ifname:static".
Enzo Matsumiya [Mon, 3 Aug 2020 14:21:36 +0000 (11:21 -0300)]
95nvmf: add NVMe over TCP support
Add support to boot from an NVMe over TCP device.
Example of supported command line formats:
nvme.discover=tcp:192.168.1.3::4420
nvme.discover=tcp:192.168.1.3 # will use 4420 as default svcid
- Create is_nvmf() function to handle all fabrics types
- Fix parse_nvmf_discover() to correctly use the default values
- Auxiliary function to validate an IP connection
- Fix inverted result for getargbool when reading "rd.nonvmf" command line parameter
Requires rd.neednet=1
Requires adding/replacing STARTMODE in /etc/sysconfig/network/ifcfg-ethX to "nfsroot"
to avoid shutdown hanging in initiator
1) on non-x86 systems in non-hostonly config this would cause
an annoying warning on every initramfs generation
2) on non-x86 systems in hostonly config this would result in
early microcode not getting disabled
Thomas Blume [Mon, 6 Jul 2020 13:16:35 +0000 (15:16 +0200)]
95iscsi: fix ipv6 target discovery
ipv6 addresses need square brackets, otherwise the iscsi discovery and log-in,
which adds the iscsi port after another colon will get confused and fail.
Kairui Song [Wed, 10 Jun 2020 07:57:20 +0000 (15:57 +0800)]
dracut.sh: FIPS workaround for openssl-libs on Fedora/RHEL
On Fedora/RHEL, libcryto will verify both itself and libssl on start, if
libssl is missing, FIPS self test will fail. However libssl is not a
dependency of libcryto so dracut will not install it, unless some other
binary or library pulls it in. Systemd requires libssl, so in most cases
it just worked, but could fail in some corner cases where systemd is not
used.
After changing the kernel command line, the cmsifup script calls ifup
to activate the interface. However, ifup is only available in the
network-legacy module; when using the network-manager module, we
should regenerate connections according to the command line; then
later NM will be run and will activate the device.
Kairui Song [Fri, 10 Apr 2020 12:50:49 +0000 (20:50 +0800)]
95nfs: only install rpc services for NFS < 4 when hostonly is strict
Most rpc services are not needed for NFSv4, so skip these components
to save space. rpc.idmapd is still needed in case of
nfs4_disable_idmapping is set to 0.
network-manager: set kernel hostname from the command line
Since commit ff70adf873ef ("initrd: save hostname to a file in /run"),
the initrd generator of NetworkManager parses the hostname from 'ip='
options of the kernel command line and writes it to
/run/NetworkManager/initrd/hostname.
When that file exists, set the kernel hostname.
In presence of multiple hostnames in the command line, the last one
wins. Hostnames from command line always have precedence over ones
received through DHCP. This is a bit different from the legacy network
module that gives higher precedence to the hostname (from DHCP or
command line) of the last interface that is brought up, which depends
on the udev order.
Kairui Song [Wed, 27 May 2020 14:07:37 +0000 (22:07 +0800)]
99memstrack: hook script should not call exit
With memstrack module, rd.break may not work because the hook scripts
are sourced, not executed, so the exit call will make pre-pivot queue
exit early. See 98dracut-systemd/dracut-pre-pivot.sh, everything after
"source_hook cleanup" will be ignored.
Replace with return instead.
Credits go to Lukas Nykryn <lnykryn@redhat.com> who helped discover and
debug this issue.
51-dracut-rescue.install: Don't use BLS fragment shipped by kernel package
For the GRUB and zipl bootloaders the BLS fragment that is shipped by the
kernel package is used, so the same fragment is used for the rescue entry.
But there are cases where this BLS fragment is not suitable. For example,
if the boot directory is on a btrfs subvolume the path in the linux and
initrd fiels need to be adjusted with the real path. Otherwise GRUB won't
be able to read them.
The GRUB and zipl kernel-install plugins already take care of this before
installing the BLS fragments, so just copy the installed fragment that has
the updated paths instead of using the BLS shipped by the kernel package.
Derek Hageman [Fri, 1 May 2020 00:40:13 +0000 (18:40 -0600)]
90crypt/module-setup.sh: fix force on multiple lines
The first line in crypttab with a "force" option causes all subsequent
lines to be included as if they also had it set because the variable
used to track it is not reset between loop iterations. So fix that by
just setting it to empty before the check for the force option.
Harald Hoyer [Tue, 7 Apr 2020 20:26:25 +0000 (22:26 +0200)]
90crypt/module-setup.sh: try to catch kernel config changes
If a crypto kernel module changes from compiled in to module, the
encrypted disk might fail to open, because the kernel module was
not included in the initramfs.
This patch tries heuristically to catch such modules.
Kairui Song [Wed, 8 Apr 2020 12:09:38 +0000 (20:09 +0800)]
Add 99memstrack module
memstrack is a new tool to track the overall memory usage and
allocation, which can help off load the improve the builtin module
memory tracing function in dracut.
With this change, the rd.memdebug=4 behavior is similiar with before,
but the report is defered to pre-pivot, so the memory usage info
during the whole initramfs run is traced. And the ourput format is
changed a bit:
dracut-pre-pivot[519]: ======== Report format module_summary: ========
dracut-pre-pivot[519]: Module squashfs using 10.4MB (2658 pages), peak allocation 10.4MB (2671 pages)
dracut-pre-pivot[519]: Module qxl using 3.4MB (865 pages), peak allocation 3.4MB (880 pages)
dracut-pre-pivot[519]: Module crc32c_intel using 2.0MB (519 pages), peak allocation 3.0MB (769 pages)
dracut-pre-pivot[519]: Module serio_raw using 2.0MB (505 pages), peak allocation 3.6MB (918 pages)
dracut-pre-pivot[519]: Module virtio_console using 1.6MB (416 pages), peak allocation 1.6MB (419 pages)
... snip ...
dracut-pre-pivot[519]: ======== Report format module_summary END ========
It now contains more detail and also includes the peak usage which could
be more helpful.
And now it have a rd.memdebug=5, which will print more detail about
the stack trace of the top memory user, also printed on pri-pivot:
network-manager: install libnss DNS and mDNS plugins
Install libnss_dns.so and libnss_mdns4_minimal.so plugins for the Name
Service Switch (NSS) functionality of glibc so that name resolution
through /etc/resolv.conf and mDNS works in the initrd.
/etc/vconsole.conf must be installed always, even in generic initrds, not only host-only ones.
systemd-vconsole-setup is run at initrd stage and expects either /etc/vconsole.conf or kernel cmdline options to exist.
I have also proposed a change in systemd-vconsole-setup that makes it behave better if /etc/vconsole.conf does not exist:
https://github.com/systemd/systemd/pull/15479
But it is just a fallback. If /etc/vconsole.conf does not exist in initrd and if that patch is applied on systemd,
then the default consoel font is set despite the one being set in /etc/vconsole.conf and this setting is inherited
when new TTYs are opened. This leads to full ignorance of settings in /etc/vconsole.conf.
It is incorrect, and that is why this file must be copied to initrds always, but not only on host-only initrds.
Jonas Witschel [Sat, 18 Apr 2020 12:55:41 +0000 (14:55 +0200)]
dracut-lib.sh: quote variables in parameter expansion patterns
According to POSIX.1-2017, 2.6.2 Parameter Expansion:
${parameter%[word]} [...] The word shall be expanded to produce a
pattern.
This means if word contains variables that itself contain special
characters like asterisks or backslashes, these are treated as pattern
characters unless the variable is quoted. Try e.g. the following example
in bash, dash or (busybox) ash:
i='a\c'; j='\'; echo "${i%$j*}"
This prints "a\c" because "$j*" is expanded to "\*", escaping the
asterisk. In contrast,
i='a\c'; j='\'; echo "${i%"$j"*}"
produces the expected result "a" because the backslash is not specially
treated any more after quoting.
The quotes that this commit adds have been previously removed in commit f9c96cf56fed390841eac05c43826e62014c9188, citing issues with busybox
hush without further specifying the actual error. I tested a recent
busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b)
and couldn't find any problems. Note that the above example always
produces "a\c" in hush regardless of quoting $j, making hush unsuitable
for use with dracut, but using quotes in parameter expansions generally
works.
The unquoted variables break the "rd.luks.uuid/name" kernel command line
options in dracut 050 because
str_replace "$luksname" '\' '\\'
in modules.d/90crypt/parse-crypt.sh is not able to escape the
backslashes any more, see GH-723, GH-727: backslashes in the
systemd-cryptsetup@.service unit name stay unescaped for use in udev
(cf. commit 0f6d93eb9d63695a64002ec8b0421fbc9fc8a7a3), leading to
failures in starting the unit.
projects / thirdparty / dracut.git / log
