Benjamin Drung [Wed, 13 Aug 2025 10:15:22 +0000 (12:15 +0200)]
fix(Makefile): exclude hidden directories from shellcheck
`shfmt -f .` also searches in hidden directories (like `.git` or
`.pc`). The `.pc` is used on Debian for patch tracking and should not be
searched for files.
So ignore the top-level hidden directories from shellcheck.
James Le Cuirot [Mon, 11 Aug 2025 09:51:51 +0000 (10:51 +0100)]
fix(dracut-install): cache resolve_deps calls for speed and less noise
The dlopen dependency failure warning was particularly noisy and likely
to trigger. We were already caching the processed items in resolve_lazy,
but resolve_deps recurses many times, so it was necessary to move the
cache down a level. I didn't reuse "items" here because it would have
clashed with its usage elsewhere.
I had to think about whether the cache would function correctly with
changing values of pdeps. If a dependency is not found on the first
attempt, it does not prevent its consumer from being installed, so it
does not matter that it might be found via a RUNPATH on a subsequent
attempt.
Closes: https://github.com/dracut-ng/dracut-ng/issues/1552 Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
James Le Cuirot [Mon, 11 Aug 2025 09:12:59 +0000 (10:12 +0100)]
fix(dracut-install): handling of multiple sonames in dlopen JSON
We should not try to install every library referenced in the soname
array, only the first one present. The array is intended to be an
ordered preference list.
Closes: https://github.com/dracut-ng/dracut-ng/issues/1552 Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Tomas Bzatek [Tue, 24 Jun 2025 14:50:31 +0000 (16:50 +0200)]
fix(74nvmf): set root=nvmf
In a restricted image like kdump the kernel commandline argument root=
is typically absent. However it is required by the 45net-lib/netroot.sh
module that fails with:
[ 23.599862] dracut: FATAL: No or empty root= argument
[ 23.604956] dracut: Refusing to continue
Inspired by the 74iscsi module, let's set it to root=nvmf if not set
before.
NETWORK test now would pass on alpine as long as
networkmanager-initrd-generator is installed.
This commit would expand test coverage for network-manager
dracut module.
Dowstream alpine maintains a dracut-tests package the
already does a good job installing dracut test dependencies
including networkmanager-initrd-generator.
Let's rely on dracut-tests package to further reduce
the need to maintain alpine package lists here upstream.
See https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/dracut/APKBUILD
Jo Zzsi [Sun, 24 Aug 2025 04:12:42 +0000 (00:12 -0400)]
test: remove unmaintained tests MULTINIC and BONDBRIDGEVLAN
These tests are always skipped in all CI containers as they
no longer pass. These tests require network-legacy and in some
cases ifcfg and nobody stepped up to modernize them for years.
Since the tests are in revision history, iof someone step up
to maintain these tests, the project can easily bring them back.
Alexander Zubkov [Sun, 31 Aug 2025 08:12:38 +0000 (10:12 +0200)]
fix(resume): avoid matching extra resume= substrings in cmdline
`grep ... 'resume='` matches not only 'resume' parameter, but any alike
substring. It could be other parameter ending in 'resume' or even parameter
value. The presense of those could fail the module setup.
Fix it by checking for a space or the beginning of a line.
Fixes: https://github.com/dracut-ng/dracut-ng/issues/1595 Signed-off-by: Alexander Zubkov <green@qrator.net>
Alexander Zubkov [Sun, 31 Aug 2025 07:50:29 +0000 (09:50 +0200)]
fix(dracut-systemd): avoid matching extra root= substrings in cmdline
`strstr ... 'root='` matches not only 'root' parameter, but any alike
substring. It could be other parameter ending in 'root', for example
'cryto_root=' or even parameter value. The presense of those in cmdline
could fail the boot process.
Fix it by adding a space in front of the matched string.
Fixes: https://github.com/dracut-ng/dracut-ng/issues/1595 Signed-off-by: Alexander Zubkov <green@qrator.net>
Benjamin Drung [Wed, 13 Aug 2025 10:33:12 +0000 (12:33 +0200)]
fix: ignore shellcheck SC2329 in addition to SC2317
Shellcheck <= 0.10 complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). Shellcheck
0.11 changes this complaint to SC2329 (info): This function is never
invoked. Check usage (or ignored if invoked indirectly).
So ignore shellcheck SC2329 in addition to SC2317 to make both
shellcheck versions happy.
Deli Zhang [Mon, 18 Aug 2025 01:41:10 +0000 (01:41 +0000)]
fix(dracut): use "-name" to avoid find matching temporary directory
$initdir includes a temporary directory, and the "-path" option of
find attempts to match the entire path. If the temporary directory
happens to contain ".ko", e.g.
initdir=/var/tmp/dracut.ko79pT/initramfs
this can lead to a incorrect match, finally all executable files are
excluded.
Jo Zzsi [Fri, 15 Aug 2025 16:03:23 +0000 (12:03 -0400)]
fix(dracut): decrease logging by default
The current default set in dracut is "4". All distributions
(except Debian), sets the default to "3".
Instead of relying on good defaults only within distribution
configurations, let's set the dracut default to be less verbose.
Most users new to dracut perceive the verbose dracut logs as errors.
This change will help prevent and eliminate user confusion and improve
the user experience.
Jo Zzsi [Fri, 15 Aug 2025 16:42:27 +0000 (12:42 -0400)]
ci: introduce networking tests into Daily integration tests
The newly introduced NETWORK test case is simple enough to run on all
available dracut network modules. Let's use Debian and Arch only for
now to keep the test matrix small.
network-manager always requires nf_tables and other kernel modules
in the generated initramfs to function, regardless if these
modules are loaded on the host or not at the time of initramfs
generation.
Jo Zzsi [Sat, 9 Aug 2025 22:24:32 +0000 (18:24 -0400)]
fix(net-lib): always include af_packet
For static IPv4 configurations, we use arping to check for duplicate
IP addresses. arping requires the af_packet module to work, and if arping
fails, the IP address will not be set and booting will fail.
af_packet may not be loaded / required in the running system, for example if
the system had been booted in an IPv6 configuration, or if it had been
manually unloaded. Make sure it's included in initramfs in hostonly mode, too.
Jo Zzsi [Sat, 2 Aug 2025 23:08:44 +0000 (19:08 -0400)]
chore: always set hostonly and hostonly_mode
It makes it easier to reason both for built-in and out-of-tree dracut
modules with the assumption that hostonly and hostonly_mode variables
are always set.
Document most commonly used shell variables for dracut modules and
document that they are always set.
Benjamin Drung [Tue, 5 Aug 2025 17:16:17 +0000 (19:16 +0200)]
fix(Makefile): use install for installing files
The `cp` command will copy the file/directory permissions from the
source files. The local source files might have group write permission
set which should not be applied to the installation.
Tighten the file/directory permission by using the `install` command
with specifying the mode.
Benjamin Drung [Thu, 31 Jul 2025 19:45:17 +0000 (21:45 +0200)]
fix(kernel-modules): add Cadence USB driver to base
Installed Debian Trixie d-i rc2 (dvd-1) on USB storage on Pine64 Star64
is not bootable due to missing modules `cdns3_starfive` and `cdns3` from
initramfs.
Note the above USB support on Pine64 Star64 is directly part of StarFive
JH7110 CPU and differs from StarFive VisionFive2 which uses an external
controller attached to the PCIe bus.
Jo Zzsi [Sun, 13 Jul 2025 05:35:51 +0000 (01:35 -0400)]
test(NETWORK): coverage for bringing up network interface
Currently, all networking tests in the dracut CI require a client and a
server VM, and all the server VMs are enabled to work with network-legacy only.
Introduce a simpler networking test that tests the rd.neednet dracut
boot time argument and ensures that the interface is up without needing
a server VM.
This simple networking test could be run in most networking configurations
and pass in the Void test containers as well, which previously have not had
any network tests enabled.
Vitaly Kuznetsov [Mon, 11 Aug 2025 09:36:41 +0000 (11:36 +0200)]
fix(systemd-sysext): skip manual systemct enablement for systemd>=258
systemd-258 ships the required initrd.target.wants symlinks, there is
no need to enable services manually. Use the existence of old
systemd-confext/systemd-sysext units as an indication of when manual
(legacy) enablement is still needed.
James Le Cuirot [Fri, 8 Aug 2025 12:18:07 +0000 (13:18 +0100)]
fix(dracut-install): the handling of absolute paths in sonames
If the soname is an absolute path, expand it like the RUNPATH, and
return it (with the sysroot) without further checks like glibc and musl
do.
They also support relative paths, but we cannot feasibly support them.
Such paths are relative to the current directory of the calling process
at runtime, which we cannot know in this context.
This was observed with Neovim.
Bug: https://bugs.gentoo.org/961101 Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
James Le Cuirot [Fri, 8 Aug 2025 11:52:23 +0000 (12:52 +0100)]
fix(dracut-install): the RUNPATH expansion returning empty strings
The input was not initially copied into the result, so the result would
start with a null pointer and be treated as an empty string. Expansion
will not occur in most cases, leading to a straight copy of input being
returned, so just do that in the first place.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Jo Zzsi [Sat, 2 Aug 2025 16:53:50 +0000 (12:53 -0400)]
fix: make sure final hostonly value is computed before reading it
hostonly variable is unset later in a later code block after
decisions are made based on the value of the hostonly variable
which is unexpected, hard to reason about and inconsistent.
Fix it by rearranging the order of execution of the code blocks.
Jo Zzsi [Thu, 31 Jul 2025 11:21:44 +0000 (07:21 -0400)]
test: remove test module
test module can be simplified down to just a configuration file instead
as it no longer has its own additional scripts files that would
require a module.
This commit is an additional step to reinforce testing in a similar configuration
as actual end-user configuration.
test(SYSTEMD-INITRD): be more careful with `set -e` and subshells
When the condition in the subshell fails (i.e. none of the
dracut*.service files is found), it doesn't trigger shell exit due to
`set -e` as it's a part of a larger condition (&& ...), but since it's
the last command of that subshell, it sets the subshell error code to 1.
This is then treated by the parent shell as an error and the test is
incorrectly interrupted and marked as failed.
For comparison:
$ (set -ex; echo begin; (for f in dracut*.service; do [[ -e "$f" ]] && echo fail; done); echo end); echo $?
+ echo begin
begin
+ for f in dracut*.service
+ [[ -e dracut*.service ]]
1
$ (set -ex; echo begin; (for f in dracut*.service; do if [[ -e "$f" ]]; then echo nope; fi; done); echo end); echo $?
+ echo begin
begin
+ for f in dracut*.service
+ [[ -e dracut*.service ]]
+ echo end
end
0
Benjamin Drung [Sat, 9 Aug 2025 16:54:33 +0000 (18:54 +0200)]
test: drop setting DRACUT_PATH
Commit 2606f985d6f3 ("feat(dracut): drop DRACUT_PATH and rely on PATH")
removed the `DRACUT_PATH` variable. So `DRACUT_PATH` does not need to be
set in the tests any more.
Benjamin Drung [Sat, 9 Aug 2025 16:55:11 +0000 (18:55 +0200)]
feat(dracut.conf.d): move examples into subdirectories
Instead of shipping example configuration files that need to be
installed in the right place, move those configuration files into
configuration directories. Then they can be easily installed via a
configure option. Example: `./configure --configprofile=fedora`.
Benjamin Drung [Mon, 4 Aug 2025 12:41:41 +0000 (14:41 +0200)]
fix(dracut): do not call uname -r in chroot environments
Running dracut in a schroot environment (even with `systemd-detect-virt`
installed) will pick `uname -r` as kernel version despite that kernel
not being available.
So also check `systemd-detect-virt --chroot` before relying on
`uname -r`.
Benjamin Drung [Tue, 5 Aug 2025 08:41:54 +0000 (10:41 +0200)]
feat(systemd-networkd): do not require bash
The systemd-networkd module ships `networkd-run.sh` that uses bash, but
there is no bash specific code inside this script. So drop the bash
requirement.
Benjamin Drung [Mon, 4 Aug 2025 22:09:31 +0000 (00:09 +0200)]
feat(Makefile): introduce distclean target
Add a `distclean` target to remove all generated files including the one
(`Makefile.inc`) created by `configure`. Calling `make distclean` should
have the same result as `git clean -fdx`.
Benjamin Drung [Mon, 4 Aug 2025 21:52:20 +0000 (23:52 +0200)]
feat(Makefile): set Dracut version on install
Distributions can override `DRACUT_VERSION` or `DRACUT_FULL_VERSION` to
include the distribution's revision in the dracut version. This override
is not reflected in the installed `dracut-version.sh` and needs to be
modified by the distribution.
Persist the version in the installed `dracut-version.sh` during
`make install`.
Benjamin Drung [Thu, 7 Aug 2025 16:04:01 +0000 (18:04 +0200)]
fix(dracut-util): crash if CMDLINE ends with quotation mark
Sudhakar Verma from the Ubuntu security team found a memory corruption:
```
$ pwd
/tmp/dracut-ng/src/util
$ CC=clang-17 CXX=clang++-17 CFLAGS="-fsanitize=address" cmake .
-- The C compiler identification is Clang 17.0.6
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/clang-17 - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Configuring done (0.3s)
-- Generating done (0.0s)
-- Build files have been written to: /tmp/dracut-ng/src/util
$ CC=clang-17 CXX=clang++-17 CFLAGS="-fsanitize=address" make
[ 50%] Building C object CMakeFiles/dracut-util.dir/util.c.o
[100%] Linking C executable dracut-util
[100%] Built target dracut-util
$ ln -s $PWD/dracut-util dracut-getargs
$ ln -s $PWD/dracut-util dracut-getarg
$ CMDLINE=' "' ./dracut-getarg ' '
AddressSanitizer:DEADLYSIGNAL
=================================================================
==163118==ERROR: AddressSanitizer: SEGV on unknown address 0x50210000001d (pc 0x599a6b7d4c07 bp 0x7ffe44ea9ef0 sp 0x7ffe44ea9da0 T0)
==163118==The signal is caused by a READ memory access.
#0 0x599a6b7d4c07 in next_arg util.c
#1 0x599a6b7d3e75 in getarg util.c
#2 0x599a6b7d3448 in main (/tmp/dracut-ng/src/util/dracut-util+0x108448) (BuildId: ea28a61b3c6dd0a75c505cd1749f8711779bd819)
#3 0x72381be2a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#4 0x72381be2a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#5 0x599a6b6f7304 in _start (/tmp/dracut-ng/src/util/dracut-util+0x2c304) (BuildId: ea28a61b3c6dd0a75c505cd1749f8711779bd819)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV util.c in next_arg
==163118==ABORTING
```
The variable `i` in `next_arg` is an unsigned integeter. `i - 1` will
result in an underflow in case `i` is 0.
Jo Zzsi [Sat, 19 Jul 2025 02:24:47 +0000 (22:24 -0400)]
fix(dracut-init): remove the heuristic to determine fallback kernel version
If kernel version is not passed in the command line for a dracut invocation then
dracut.sh should be the only place where kernel version is determined.
Remove the heuristic to determine kernel version from dracut-init.sh.
Jo Zzsi [Sat, 19 Jul 2025 02:19:35 +0000 (22:19 -0400)]
fix(Makefile): remove the heuristic to determine fallback kernel version
If kernel version is not passed in the command line for a dracut invocation
then dracut.sh should be the only place where kernel version is determined.
Remove the heuristic to determine kernel version from Makefile.
Jo Zzsi [Thu, 3 Jul 2025 12:33:46 +0000 (08:33 -0400)]
ci: disable running arm64 tests on Fedora
If CI is not kept green, than it is hard to separate regressions
caused by PRs from regressions not caused by PRs.
The primary purpose of the CI is to help contributors to highlight
regressions caused by PRs. Leaving tests broken caused by
changes in distributions and not by dracut changes would make it
harder to contribute to dracut.
Ideally we want to respond changes in distributions, but for this the project is leaning on specific
Linux distribution contributors (Fedora in this case) to help out who are more familiar with distribution
specific regressions and changes.
Jo Zzsi [Sat, 28 Jun 2025 17:41:28 +0000 (13:41 -0400)]
feat(network-manager): remove support for ifcfg-rh
This commit removes the dracut module for the NetworkManager fcfg-rh
plugin (`nm-fcfg-rh`), effectively discontinuing its support within dracut.
The `fcfg-rh` plugin for NetworkManager provides backward compatibility
with the legacy `ifcfg` network configuration format.
This format, traditionally found in `/etc/sysconfig/network-scripts/`,
was the standard method for configuring network interfaces on Red Hat-based
distributions for many years. It relies on a collection of shell-script-like
files to define network connections.
While functional for basic configurations, the `ifcfg` format has several
limitations in the context of modern networking and the capabilities of NetworkManager.
The removal of the `nm-fcfg-rh` support from dracut is a forward-looking change
that aligns with the broader trend in the Linux ecosystem to modernize network configuration.
The key reasons for this decision are as follows:
* **Deprecation by Upstream and Distributions:**
The `fcfg-rh` plugin is considered deprecated by the NetworkManager project
and major Linux distributions, such as Fedora and its derivatives.
These distributions are actively migrating users away from the legacy `ifcfg` format
in favor of the more robust `keyfile` format.
See https://networkmanager.dev/docs/api/latest/nm-settings-ifcfg-rh.html.
Nowa Ammerlaan [Sun, 13 Jul 2025 14:40:38 +0000 (16:40 +0200)]
fix(dracut.sh,lsinitrd.sh): use obj{copy,dump} set by toolchain
If dracut is invoked in a context where the toolchain is configured
to use a certain objcopy implementation, use that one. This may be
the case if dracut is invoked via systemd's kernel-install in a
Gentoo ebuild on a llvm-only system.
Closes: https://github.com/dracut-ng/dracut-ng/issues/1424 Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
```
$ dracut -f --kernel-only
...
dracut[I]: *** Including module: btrfs ***
/usr/lib/dracut/modules.d/90btrfs/module-setup.sh: line 35: /var/tmp/dracut.dqV4ugj/initramfs/etc/cmdline.d/00-btrfs.conf: No such file or directory
```
Upstream new log levels in openSUSE, present in Tumbleweed since
snapshot 20250612. Reduce default standard log verbosity from `info` to
`warning`, and increase syslog verbosity from none to `info`.
Benjamin Drung [Thu, 31 Jul 2025 16:15:39 +0000 (18:15 +0200)]
feat(Makefile): explicitly list configs to install
Instead of copying all configuration files in `dracut.conf.d`, copy the
wanted files explicitly. Install all configuration files that could be
useful for `--confdir`/`--add-confdir`, but exclude the distribution
configuration examples.
Move the Dracut test configurations back to `dracut.conf.d`.
Jo Zzsi [Sun, 20 Jul 2025 15:11:26 +0000 (11:11 -0400)]
test: eliminate redundant code by eliminating determine_kernel_version
Both dracut and determine_kernel_version contains a similar code block
for determining linux kernel version.
Instead of duplicating code, let dracut compute the kernel version and
call lsinitrd on the generated initramfs to determine the kernel
version for testing as well.
projects / thirdparty / dracut-ng.git / log
