Frederic Crozat <fcrozat@suse.com> <fcrozat@mandriva.com>
Shawn W Dunn <sfalken@opensuse.org> <sfalken@opensuse.org>
Kyle McMartin <kmcmarti@redhat.com> <kyle@redhat.com>
+Angelo "pallotron" Failla <pallotron@fb.com> <pallotron@fb.com>
Thomas Renninger <trenn@suse.de>
WANG Chao <chaowang@redhat.com>
Andrey Borzenkov <arvidjaar@gmail.com>
-Peter Jones <pjones@redhat.com>
Alexander Tsoy <alexander@tsoy.me>
+Peter Jones <pjones@redhat.com>
Andreas Thienemann <andreas@bawue.net>
Hans de Goede <hdegoede@redhat.com>
+Frederick Grose <fgrose@sugarlabs.org>
John Reiser <jreiser@bitwagon.com>
Luca Berra <bluca@vodka.it>
Brian C. Lane <bcl@redhat.com>
Daniel Drake <dsd@laptop.org>
+Peter Robinson <pbrobinson@gmail.com>
+Ville Skyttä <ville.skytta@iki.fi>
Dan Horák <dhorak@redhat.com>
-Frederick Grose <fgrose@sugarlabs.org>
+Daniel Molkentin <dmolkentin@suse.com>
Baoquan He <bhe@redhat.com>
+Brendan Germain <brendan.germain@nasdaqomx.com>
Leho Kraav <leho@kraav.com>
+Xunlei Pang <xlpang@redhat.com>
Colin Walters <walters@verbum.org>
Cristian RodrÃguez <crrodriguez@opensuse.org>
Fabian Deutsch <fabiand@fedoraproject.org>
Kamil Rytarowski <n54@gmx.com>
+Lukas Nykryn <lnykryn@redhat.com>
Marc Grimme <grimme@atix.de>
NeilBrown <neilb@suse.de>
+Nicolas Chauvet <kwizart@gmail.com>
Peter Rajnoha <prajnoha@redhat.com>
Radek Vykydal <rvykydal@redhat.com>
Thorsten Behrens <tbehrens@suse.com>
Jesse Keating <jkeating@redhat.com>
Milan Broz <mbroz@redhat.com>
Mimi Zohar <zohar@linux.vnet.ibm.com>
-Nicolas Chauvet <kwizart@gmail.com>
Roberto Sassu <roberto.sassu@polito.it>
Stefan Reimer <it@startux.de>
Anton Blanchard <anton@samba.org>
Lidong Zhong <lzhong@suse.com>
Marian Ganisin <mganisin@redhat.com>
Michael Ploujnikov <plouj@somanetworks.com>
-Peter Robinson <pbrobinson@gmail.com>
+Mike Gilbert <floppym@gentoo.org>
+Pratyush Anand <panand@redhat.com>
Silvio Fricke <silvio.fricke@gmail.com>
Stig Telfer <stelfer@cray.com>
Vasiliy Tolstov <v.tolstov@selfip.ru>
-Ville Skyttä <ville.skytta@iki.fi>
Wim Muskee <wimmuskee@gmail.com>
yuwata <watanabe.yu+github@gmail.com>
Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Alex Harpin <development@landsofshadow.co.uk>
Antony Messerli <amesserl@rackspace.com>
Chao Fan <cfan@redhat.com>
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Daniel Schaal <farbing@web.de>
+Denis Silakov <dsilakov@virtuozzo.com>
Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Erwan Velu <erwan.velu@enovance.com>
+Evgeny Vereshchagin <evvers@ya.ru>
+Fabian Vogt <fvogt@suse.com>
+Guido Trentalancia <guido@trentalancia.net>
Hari Bathini <hbathini@linux.vnet.ibm.com>
Ian Dall <ian@beware.dropbear.id.au>
James Buren <ryuo@frugalware.org>
Kyle McMartin <kmcmarti@redhat.com>
Lubomir Rintel <lkundrak@v3.sk>
Lukas Wunner <lukas@wunner.de>
-Mike Gilbert <floppym@gentoo.org>
Mike Snitzer <snitzer@redhat.com>
Minfei Huang <mhuang@redhat.com>
+Moritz Maxeiner <moritz@ucworks.org>
Przemysław Rudy <prudy1@o2.pl>
+Stefan Berger <stefanb@us.ibm.com>
Thomas Backlund <tmb@mageia.org>
Thomas Lange <lange@informatik.uni-koeln.de>
Till Maas <opensource@till.name>
Vivek Goyal <vgoyal@redhat.com>
Vladislav Bogdanov <bubble@hoster-ok.com>
+Yu Watanabe <watanabe.yu+github@gmail.com>
+pallotron <pallotron@fb.com>
Adam Williamson <awilliam@redhat.com>
+Alexander Kurtz <alexander@kurtz.be>
Alexander Todorov <atodorov@redhat.com>
+Andreas Stieger <astieger@suse.com>
Andrei Borzenkov <arvidjaar@gmail.com>
Andy Lutomirski <luto@mit.edu>
Anssi Hannula <anssi@mageia.org>
Brandon Philips <brandon@ifup.co>
Canek Peláez Valdés <caneko@gmail.com>
+Chad Dupuis <chad.dupuis@cavium.com>
Christian Heinz <christian.ch.heinz@gmail.com>
Christian Rodrigues <crrodriguez@opensuse.org>
Cong Wang <amwang@redhat.com>
+Dan Fuhry <dfuhry@datto.com>
Daniel Drake <drake@endlessm.com>
Dave Jones <davej@redhat.com>
+David Disseldorp <ddiss@suse.de>
+David Michael <david.michael@coreos.com>
Dennis Schridde <devurandom@gmx.net>
Duane Griffin <duaneg@dghda.com>
+Elan Ruusamäe <glen@delfi.ee>
Fabian <fvogt@suse.com>
+Florian Albrechtskirchinger <falbrechtskirchinger@gmail.com>
Gerd von Egidy <gerd.von.egidy@intra2net.com>
Glen Gray <slaine@slaine.org>
HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Hermann Gausterer <git-dracut-2012@mrq1.org>
+Imran Haider <imran1008@gmail.com>
James Laska <jlaska@redhat.com>
Jan Stodola <jstodola@redhat.com>
Jiri Pirko <jiri@resnulli.us>
Kevin Yung <Kevin.Yung@myob.com>
Lars R. Damerow <lars@pixar.com>
Lennert Buytenhek <buytenh@wantstofly.org>
-Lukas Nykryn <lnykryn@redhat.com>
+Lidong Zhong <lidong.zhong@suse.com>
Major Hayden <major@mhtx.net>
+Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
Marian Csontos <mcsontos@redhat.com>
Marko Myllynen <myllynen@redhat.com>
+Martin Wilck <mwilck@suse.com>
Matt <smoothsailing72@hotmail.com>
Matt Smith <shadowfax@gmx.com>
Mei Liu <liumbj@linux.vnet.ibm.com>
+Michael Chapman <mike@very.puzzling.org>
Michal Schmidt <mschmidt@redhat.com>
Mike Gorse <mgorse@suse.com>
Moritz 'Morty' Strübe <morty@gmx.net>
Olivier Blin <dev@blino.org>
P J P <ppandit@redhat.com>
Paolo Bonzini <pbonzini@redhat.com>
+Pekka Wallendahl <wyrmiyu@gmail.com>
Peter Robinson <pbrobinson@fedoraproject.org>
Praveen_Paladugu@Dell.com <Praveen_Paladugu@Dell.com>
Pádraig Brady <P@draigBrady.com>
Quentin Armitage <quentin@armitage.org.uk>
Robert Buchholz <rbu@goodpoint.de>
+Ruben Kerkhof <ruben@rubenkerkhof.com>
Rusty Bird <rustybird@openmailbox.org>
Sergey Fionov <fionov@gmail.com>
Shawn W Dunn <sfalken@opensuse.org>
Tobias Geerinckx <tobias.geerinckx@gmail.com>
Tom Gundersen <teg@jklm.no>
Tomasz Torcz <tomek@pipebreaker.pl>
+Tong Li <tonli@redhat.com>
Vadim Kuznetsov <vadimk@gentoo.org>
Vaughan Cao <vaughan.cao@oracle.com>
Vratislav Podzimek <vpodzime@redhat.com>
+Xunlei Pang <xpang@redhat.com>
Yanko Kaneti <yaneti@declera.com>
+Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Zhiguo Deng <bjzgdeng@linux.vnet.ibm.com>
+honza801 <honza801@gmail.com>
jloeser <jloeser@suse.de>
maximilian attems <max@stro.at>
+tpg <tpgxyz@gmail.com>
xtraeme <xtraeme@voidlinux.eu>
sysconfdir ?= ${prefix}/etc
bindir ?= ${prefix}/bin
mandir ?= ${prefix}/share/man
-CFLAGS ?= -O2 -g -Wall $(KMOD_CFLAGS)
-CFLAGS += -std=gnu99 -D_FILE_OFFSET_BITS=64 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
+CFLAGS ?= -O2 -g -Wall
+CFLAGS += -std=gnu99 -D_FILE_OFFSET_BITS=64 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 $(KMOD_CFLAGS)
bashcompletiondir ?= ${datadir}/bash-completion/completions
pkgconfigdatadir ?= $(datadir)/pkgconfig
rpmbuild --define "_topdir $$PWD" --define "_sourcedir $$PWD" \
--define "_specdir $$PWD" --define "_srcrpmdir $$PWD" \
--define "_rpmdir $$PWD" -ba dracut.spec; ) && \
- ( mv "$$rpmbuild"/$$(arch)/*.rpm $(DESTDIR).; mv "$$rpmbuild"/*.src.rpm $(DESTDIR).;rm -fr -- "$$rpmbuild"; ls $(DESTDIR)*.rpm )
+ ( mv "$$rpmbuild"/{,$$(arch)/}*.rpm $(DESTDIR).; rm -fr -- "$$rpmbuild"; ls $(DESTDIR)*.rpm )
syncheck:
@ret=0;for i in dracut-initramfs-restore.sh modules.d/*/*.sh; do \
dracut-045
==========
-dracut now requires libkmod for the dracut-install binary helper.
+Important: dracut now requires libkmod for the dracut-install binary helper,
+ which nows handles kernel module installing and filtering.
dracut.sh:
- restorecon final image file
and include only, if systemd is used
- fixed dmsquash-live-root.sh for cases where the fstype of the liveimage is squashfs
- fixed typo for rootfs.img
+- enable the use of the OverlayFS for the LiveOS root filesystem
+ Patch notes:
+ Integrate the option to use an OverlayFS as the root filesystem
+ into the 90dmsquash-live module for testing purposes.
+
+ The rd.live.overlay.overlayfs option allows one to request an
+ OverlayFS overlay. If a persistent overlay is detected at the
+ standard LiveOS path, the overlay & type detected will be used.
+
+ Tested primarily with transient, in-RAM overlay boots on vfat-
+ formatted Live USB devices, with persistent overlay directories
+ on ext4-formatted Live USB devices, and with embedded, persistent
+ overlay directories on vfat-formatted devices. (Persistent overlay
+ directories on a vfat-formatted device must be in an embedded
+ filesystem that supports the creation of trusted.* extended
+ attributes, and must provide valid d_type in readdir responses.)
+
+ The rd.live.overlay.readonly option, which allows a persistent
+ overlayfs to be mounted read only through a higher level transient
+ overlay directory, has been implemented through the multiple lower
+ layers feature of OverlayFS.
+
+ The default transient DM overlay size has been adjusted up to 32 GiB.
+ This change supports comparison of transient Device-mapper vs.
+ transient OverlayFS overlay performance. A transient DM overlay
+ is a sparse file in memory, so this setting does not consume more
+ RAM for legacy applications. It does permit a user to use all of
+ the available root filesystem storage, and fails gently when it is
+ consumed, as the available free root filesystem storage on a typical
+ LiveOS build is only a few GiB. Thus, when booted on other-
+ than-small RAM systems, the transient DM overlay should not overflow.
+
+ OverlayFS offers the potential to use all of the available free RAM
+ or all of the available free disc storage (on non-vfat-devices)
+ in its overlay, even beyond the root filesystem available space,
+ because the OverlayFS root filesystem is a union of directories on
+ two different partitions.
+
+ This patch also cleans up some message spew at shutdown, shortens
+ the execution path in a couple of places, and uses persistent
+ DM targets where required.
dmraid:
- added "nowatch" option in udev rule, otherwise udev would reread partitions for raid members
+- allow booting from degraded MD RAID arrays
shutdown:
- handle readonly /run on shutdown
- support macaddr in brackets [] (commit 740c46c0224a187d6b5a42b4aa56e173238884cc)
- use arping2, if available
- support multiple default gateways from DHCP server
+- fixup VLAN handling
+- enhance team support
+- differ between ipv6 local and global tentative
+- ipv6: wait for a router advertised route
+- add 'mtu' parameter for bond options
+- use 'ip' instead of 'brctl'
nbd:
- add systemd generator
nfs:
- install all nfs modules non-hostonly
+crypt:
+- support keyfiles embedded in the initramfs
+
+testsuite:
+- add TEST-70-BONDBRIDGETEAMVLAN
+- make "-cpu host" the default
+
dracut-044
==========
creation:
For the testsuite to work, you will have to install at least the following software packages:
dash \
-bridge-utils \
asciidoc \
mdadm \
lvm2 \
dhcp-server \
scsi-target-utils \
iscsi-initiator-utils \
-net-tools \
strace \
syslinux \
python-imgcreate \
genisoimage \
btrfs-progs \
-bridge-utils \
kmod-devel \
gcc \
bzip2 \
local i;
[[ $no_kernel = yes ]] && return
for i in "$@"; do
- [[ $i == "--silent" ]] && silent=1
+ [[ $i == "--silent" ]] && _silent=1
done
$DRACUT_INSTALL \
${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${hostonly:+-H} ${omit_drivers:+-N "$omit_drivers"} ${srcmods:+--kerneldir "$srcmods"} -m "$@"
- (($? != 0)) && (($silent == 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${hostonly:+-H} ${omit_drivers:+-N "$omit_drivers"} ${srcmods:+--kerneldir "$srcmods"} -m "$@" || :
+ (($? != 0)) && (($_silent == 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${hostonly:+-H} ${omit_drivers:+-N "$omit_drivers"} ${srcmods:+--kerneldir "$srcmods"} -m "$@" || :
}
inst_library() {
**--uefi-stub _<FILE>_**::
Specifies the UEFI stub loader, which will load the attached kernel, initramfs and
kernel command line and boots the kernel. The default is
- _/lib/systemd/boot/efi/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
- or _/usr/lib/gummiboot/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
+ _$prefix/lib/systemd/boot/efi/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
+ or _$prefix/lib/gummiboot/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
**--kernel-image _<FILE>_**::
Specifies the kernel image, which to include in the UEFI executable. The default is
* systemd switches to the shutdown.target
* systemd starts
- /lib/systemd/system/shutdown.target.wants/dracut-shutdown.service
+ $prefix/lib/systemd/system/shutdown.target.wants/dracut-shutdown.service
* dracut-shutdown.service executes /usr/lib/dracut/dracut-initramfs-restore
which unpacks the initramfs to /run/initramfs
* systemd finishes shutdown.target
VLAN_PLUS_VID_NO_PAD (vlan5), DEV_PLUS_VID (eth0.0005),
DEV_PLUS_VID_NO_PAD (eth0.5)
-**bond=**__<bondname>__[:__<bondslaves>__:[:__<options>__]]::
+**bond=**__<bondname>__[:__<bondslaves>__:[:__<options>__[:<mtu>]]]::
Setup bonding device <bondname> on top of <bondslaves>.
<bondslaves> is a comma-separated list of physical (ethernet) interfaces.
<options> is a comma-separated list on bonding options (modinfo bonding for
details) in format compatible with initscripts. If <options> includes
multi-valued arp_ip_target option, then its values should be separated by
- semicolon. Bond without parameters assumes
+ semicolon. if the mtu is specified, it will be set on the bond master.
+ Bond without parameters assumes
bond=bond0:eth0,eth1:mode=balance-rr
**team=**__<teammaster>__:__<teamslaves>__::
over the read only filesystem. Using this method ensures a relatively fast
boot and lower RAM usage. Users **must be careful** to avoid writing too many
blocks to the snapshot volume. Once the blocks of the snapshot overlay are
-exhausted, the root filesystem becomes unusable and requires a reboot. A
-persistent overlay is marked Invalid, and requires a difficult recovery.
-Non-persistent overlays default to 512 MiB in RAM, but the size can be adjusted
-with the **rd.live.overlay.size=** kernel command line option.
+exhausted, the root filesystem becomes read only and may cause application
+failures. The overlay file is marked 'Overflow', and a difficult recovery is
+required to repair and enlarge the overlay offline. Non-persistent overlays
+are sparse files in RAM that only consume content space as required blocks are
+allocated. They default to an apparent size of 32 GiB in RAM. The size can be
+adjusted with the **rd.live.overlay.size=** kernel command line option.
+
The filesystem structure is expected to be:
+
squashfs.img | Squashfs from LiveCD .iso downloaded via network
!(mount)
/LiveOS
- |- ext3fs.img | Filesystem image to mount read-only
+ |- rootfs.img | Filesystem image to mount read-only
!(mount)
/bin | Live filesystem
/boot |
Uncompressed live filesystem image:::
When the live system was installed with the '--skipcompress' option of the
__livecd-iso-to-disk__ installation script for Live USB devices, the root
-filesystem image, `ext3fs.img`, is expanded on installation and no SquashFS
+filesystem image, `rootfs.img`, is expanded on installation and no SquashFS
is involved during boot.
+
- If **rd.live.ram=1** is used in this situation, the full, uncompressed
Enables debug output from the live boot process.
**rd.live.dir=**__<path>__::
-Specifies the directory within the squashfs where the ext3fs.img or rootfs.img
-can be found. By default, this is __LiveOS__.
+Specifies the directory within the boot device where the squashfs.img or
+rootfs.img can be found. By default, this is __LiveOS__.
**rd.live.squashimg=**__<filename of SquashFS image>__::
Specifies the filename for a SquashFS image of the root filesystem.
**root=live:__<url>__** option.
- _none_ specifies no overlay when an uncompressed live root filesystem is
available.
+If a persistent overlay is detected at the standard LiveOS path, the overlay &
+overlay type detected (whether Device-mapper or OverlayFS) will be used.
+
[listing]
.Example
--
**rd.live.overlay.size=**__<size_MiB>__::
-Specifies a non-persistent overlay size in MiB. The default is _512_.
+Specifies a non-persistent overlay size in MiB. The default is _32768_.
**rd.live.overlay.readonly=**1::
Specifies a non-persistent, writable snapshot overlay to be stacked over a
-read-only snapshot of the root filesystem, `/dev/mapper/live-ro`.
+read-only snapshot of the root filesystem, `/dev/mapper/live-ro`, or a read-
+only loop device of a writable `rootfs.img`.
**rd.live.overlay.reset=**1::
Specifies that a persistent overlay should be reset on boot. All root
that memory is given back to the kernel when the filesystem does not claim it
anymore.
+**rd.live.overlay.overlayfs=**1::
+Enables the use of the **OverlayFS** kernel module, if available, to provide a
+copy-on-write union directory for the root filesystem. OverlayFS overlays are
+directories of the files that have changed on the read-only base (lower)
+filesystem. The root filesystem is provided through a special overlay type
+mount that merges the lower and upper directories. If an OverlayFS upper
+directory is not present on the boot device, a tmpfs directory will be created
+at /run/overlayfs to provide temporary storage. Persistent storage can be
+provided on vfat or msdos formatted devices by supplying the OverlayFS upper
+directory within an embedded filesystem that supports the creation of trusted.*
+extended attributes and provides a valid d_type in readdir responses, such as
+with ext4 and xfs. On non-vfat-formatted devices, a persistent OverlayFS
+overlay can extend the available root filesystem storage up to the capacity of
+the LiveOS device.
+
+If a persistent overlay is detected at the standard LiveOS path, the overlay &
+overlay type detected (whether OverlayFS or Device-mapper) will be used.
+
+The **rd.live.overlay.readonly** option, which allows a persistent overlayfs to
+be mounted read only through a higher level transient overlay directory, has
+been implemented through the multiple lower layers feature of OverlayFS.
+
Plymouth Boot Splash
~~~~~~~~~~~~~~~~~~~~
if ! [[ -s $uefi_stub ]]; then
for uefi_stub in \
- "/lib/systemd/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub" \
+ "${systemdutildir}/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub" \
"/usr/lib/gummiboot/linux${EFI_MACHINE_TYPE_NAME}.efi.stub"; do
[[ -s $uefi_stub ]] || continue
break
# strip binaries
if [[ $do_strip = yes ]] ; then
- for p in strip xargs find; do
+ # Prefer strip from elfutils for package size
+ declare strip_cmd=$(command -v eu-strip)
+ test -z "$strip_cmd" && strip_cmd="strip"
+
+ for p in $strip_cmd xargs find; do
if ! type -P $p >/dev/null; then
dinfo "Could not find '$p'. Not stripping the initramfs."
do_strip=no
dinfo "*** Stripping files ***"
find "$initdir" -type f \
-executable -not -path '*/lib/modules/*.ko' -print0 \
- | xargs -r -0 strip -g 2>/dev/null
+ | xargs -r -0 $strip_cmd -g 2>/dev/null
# strip kernel modules, but do not touch signed modules
find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
| while read -r -d $'\0' f || [ -n "$f" ]; do
- SIG=$(tail -c 28 "$f")
+ SIG=$(tail -c 28 "$f" | tr -d '\000')
[[ $SIG == '~Module signature appended~' ]] || { printf "%s\000" "$f"; }
- done | xargs -r -0 strip -g
+ done | xargs -r -0 $strip_cmd -g
dinfo "*** Stripping files done ***"
fi
**-k**Â _<kernel_list>_::
List of kernel images for which initrd files are created (relative
- to _boot_dir_), defaults to _vmlinux_ on ppc/ppc64, _image_ on s390/s390x
- and _vmlinuz_ for everything else.
+ to _boot_dir_), Image name should begin with the following string,
+ defaults to _vmlinux_ on ppc/ppc64, _image_ on s390/s390x and _vmlinuz_
+ for everything else.
**-i**Â _<initrd_list>_::
List of file names (relative to _boot_dir_) for the initrd; positions
local prefix=$1
[ -z "$prefix" ] && return
- mask=$(echo "(2 ^ 32) - (2 ^ $prefix)" | bc -l)
+ mask=$(( 0xffffffff << (32 - $prefix) ))
byte1=$(( mask >> 24 ))
byte2=$(( mask >> 16 ))
byte3=$(( mask >> 8 ))
-k) # Would be nice to get a list of images here
read_arg kernel_images "$@" || shift $?
for kernel_image in $kernel_images;do
+ [ -L "/boot/$kernel_image" ] && kernel_image="$(readlink "/boot/$kernel_image")"
kernels="$kernels ${kernel_image#*-}"
done
;;
-i) read_arg initrd_images "$@" || shift $?
for initrd_image in $initrd_images;do
+ [ -L "/boot/$initrd_image" ] && initrd_image="$(readlink "/boot/$initrd_image")"
# Check if the initrd_image contains a path.
# if not, then add the default boot_dir
dname=`dirname $initrd_image`
$systemdsystemunitdir/sys-kernel-config.mount \
\
$systemdsystemunitdir/kmod-static-nodes.service \
+ $systemdsystemunitdir/systemd-tmpfiles-setup.service \
$systemdsystemunitdir/systemd-tmpfiles-setup-dev.service \
$systemdsystemunitdir/systemd-ask-password-console.path \
$systemdsystemunitdir/systemd-udevd-control.socket \
$systemdsystemunitdir/sysinit.target.wants/systemd-udevd.service \
$systemdsystemunitdir/sysinit.target.wants/systemd-udev-trigger.service \
$systemdsystemunitdir/sysinit.target.wants/kmod-static-nodes.service \
+ $systemdsystemunitdir/sysinit.target.wants/systemd-tmpfiles-setup.service \
$systemdsystemunitdir/sysinit.target.wants/systemd-tmpfiles-setup-dev.service \
$systemdsystemunitdir/sysinit.target.wants/systemd-sysctl.service \
\
grep '^systemd-journal:' /etc/group >> "$initdir/etc/group"
grep '^wheel:' /etc/group >> "$initdir/etc/group"
grep '^adm:' /etc/group >> "$initdir/etc/group"
+ grep '^utmp:' /etc/group >> "$initdir/etc/group"
+ grep '^root:' /etc/group >> "$initdir/etc/group"
+
+ # we don't use systemd-networkd, but the user is in systemd.conf tmpfiles snippet
+ grep '^systemd-network:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+ grep '^systemd-network:' /etc/group >> "$initdir/etc/group"
ln_r $systemdutildir/systemd "/init"
ln_r $systemdutildir/systemd "/sbin/init"
_fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
_fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
_fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "
- _fipsmodules+="aes_s390 des_s390 prng sha256_s390 sha_common des_check_key ghash_s390 sha1_s390 sha512_s390"
+ _fipsmodules+="aes_s390 des_s390 prng sha256_s390 sha_common des_check_key ghash_s390 sha1_s390 sha512_s390 cmac"
fi
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
# This is from 10redhat-i18n.
findkeymap () {
local MAP=$1
+ local MAPNAME=${1%.map*}
[[ ! -f $MAP ]] && \
- MAP=$(find ${kbddir}/keymaps -type f -name $MAP -o -name $MAP.\* | head -n1)
+ MAP=$(find ${kbddir}/keymaps -type f -name ${MAPNAME} -o -name ${MAPNAME}.map -o -name ${MAPNAME}.map.\* | head -n1)
[[ " $KEYMAPS " = *" $MAP "* ]] && return
KEYMAPS="$KEYMAPS $MAP"
case $MAP in
PREINIT6)
echo "dhcp: PREINIT6 $netif up"
linkup $netif
- wait_for_ipv6_dad $netif
+ wait_for_ipv6_dad_link $netif
;;
BOUND)
echo '. /lib/net-lib.sh'
echo "setup_net $netif"
if [ -n "$new_classless_static_routes" ]; then
- modify_routes add "$(parse_option_121 $new_classless_static_routes)"
+ parse_option_121 $new_classless_static_routes
fi
echo "source_hook initqueue/online $netif"
[ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif"
if strglobin $ip '*:*:*'; then
# note no ip addr flush for ipv6
ip addr add $ip/$mask ${srv:+peer $srv} dev $netif
+ echo 0 > /proc/sys/net/ipv6/conf/$netif/forwarding
+ echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_ra
+ echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects
wait_for_ipv6_dad $netif
else
if command -v arping2 >/dev/null; then
NO_BRIDGE_MASTER=yes NO_AUTO_DHCP=yes ifup $ethname
linkup $ethname
if [ ! -e /tmp/bridge.$bridgename.up ]; then
- brctl addbr $bridgename
- brctl setfd $bridgename 0
+ ip link add name $bridgename type bridge
+ echo 0 > /sys/devices/virtual/net/$bridgename/bridge/forward_delay
> /tmp/bridge.$bridgename.up
fi
- brctl addif $bridgename $ethname
+ ip link set dev $ethname master $bridgename
ifup $bridgename
exit 0
done
linkup $slave
done
+ # Set mtu on bond master
+ [ -n "$bondmtu" ] && ip link set mtu $bondmtu dev $netif
+
# add the bits to setup the needed post enslavement parameters
for arg in $bondoptions ; do
key=${arg%%=*};
# wait for all slaves to show up
for slave in $teamslaves ; do
# try to create the slave (maybe vlan or bridge)
- NO_BOND_MASTER=yes NO_AUTO_DHCP=yes ifup $slave
+ NO_TEAM_MASTER=yes NO_AUTO_DHCP=yes ifup $slave
if ! ip link show dev $slave >/dev/null 2>&1; then
# wait for the last slave to show up
# in case of some slave is gone in active-backup mode
working_slaves=""
for slave in $teamslaves ; do
- ip link set $slave up 2>/dev/null
+ teamdctl ${teammaster} port present ${slave} 2>/dev/null \
+ && continue
+ ip link set dev $slave up 2>/dev/null
if wait_for_if_up $slave; then
working_slaves="$working_slaves$slave "
fi
done
# Do not add slaves now
- teamd -d -U -n -N -t $teammaster -f /etc/teamd/$teammaster.conf
+ teamd -d -U -n -N -t $teammaster -f /etc/teamd/${teammaster}.conf
for slave in $working_slaves; do
# team requires the slaves to be down before joining team
- ip link set $slave down
+ ip link set dev $slave down
+ (
+ unset TEAM_PORT_CONFIG
+ _hwaddr=$(cat /sys/class/net/$slave/address)
+ _subchannels=$(iface_get_subchannels "$slave")
+ if [ -n "$_hwaddr" ] && [ -e "/etc/sysconfig/network-scripts/mac-${_hwaddr}.conf" ]; then
+ . "/etc/sysconfig/network-scripts/mac-${_hwaddr}.conf"
+ elif [ -n "$_subchannels" ] && [ -e "/etc/sysconfig/network-scripts/ccw-${_subchannels}.conf" ]; then
+ . "/etc/sysconfig/network-scripts/ccw-${_subchannels}.conf"
+ elif [ -e "/etc/sysconfig/network-scripts/ifcfg-${slave}" ]; then
+ . "/etc/sysconfig/network-scripts/ifcfg-${slave}"
+ fi
+
+ if [ -n "${TEAM_PORT_CONFIG}" ]; then
+ /usr/bin/teamdctl ${teammaster} port config update ${slave} "${TEAM_PORT_CONFIG}"
+ fi
+ )
teamdctl $teammaster port add $slave
done
- ip link set $teammaster up
+ ip link set dev $teammaster up
> /tmp/team.$teammaster.up
NO_TEAM_MASTER=yes ifup $teammaster
# If this option isn't directed at our interface, skip it
[ -n "$dev" ] && [ "$dev" != "$netif" ] && continue
+ # Store config for later use
+ for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do
+ eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
+ done > /tmp/net.$netif.override
+
for autoopt in $(str_replace "$autoconf" "," " "); do
case $autoopt in
dhcp|on|any)
echo nameserver $s >> /tmp/net.$netif.resolv.conf
done
- # Store config for later use
- for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do
- eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
- done > /tmp/net.$netif.override
-
if [ $ret -eq 0 ]; then
> /tmp/net.${netif}.up
inst_multiple ip dhclient sed awk
inst_multiple -o arping arping2
inst_multiple -o ping ping6
- inst_multiple -o brctl
inst_multiple -o teamd teamdctl teamnl
inst_simple /etc/libnl/classid
inst_script "$moddir/ifup.sh" "/sbin/ifup"
inst_hook cmdline 99 "$moddir/parse-ifname.sh"
inst_hook cleanup 10 "$moddir/kill-dhclient.sh"
+ # install all config files for teaming
+ unset TEAM_MASTER
+ unset TEAM_CONFIG
+ unset TEAM_PORT_CONFIG
+ unset HWADDR
+ unset SUBCHANNELS
+ for i in /etc/sysconfig/network-scripts/ifcfg-*; do
+ [ -e "$i" ] || continue
+ case "$i" in
+ *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
+ continue
+ ;;
+ esac
+ (
+ . "$i"
+ if ! [ "${ONBOOT}" = "no" -o "${ONBOOT}" = "NO" ] \
+ && [ -n "${TEAM_MASTER}${TEAM_CONFIG}${TEAM_PORT_CONFIG}" ]; then
+ if [ -n "$TEAM_CONFIG" ] && [ -n "$DEVICE" ]; then
+ mkdir -p $initdir/etc/teamd
+ printf -- "%s" "$TEAM_CONFIG" > "$initdir/etc/teamd/${DEVICE}.conf"
+ elif [ -n "$TEAM_PORT_CONFIG" ]; then
+ inst_simple "$i"
+
+ HWADDR="$(echo $HWADDR | sed 'y/ABCDEF/abcdef/')"
+ if [ -n "$HWADDR" ]; then
+ ln_r "$i" "/etc/sysconfig/network-scripts/mac-${HWADDR}.conf"
+ fi
+
+ SUBCHANNELS="$(echo $SUBCHANNELS | sed 'y/ABCDEF/abcdef/')"
+ if [ -n "$SUBCHANNELS" ]; then
+ ln_r "$i" "/etc/sysconfig/network-scripts/ccw-${SUBCHANNELS}.conf"
+ fi
+ fi
+ fi
+ )
+ done
+
_arch=$(uname -m)
inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libnss_dns.so.*" \
return 1
}
+wait_for_ipv6_dad_link() {
+ local cnt=0
+ local timeout="$(getargs rd.net.timeout.ipv6dad=)"
+ timeout=${timeout:-50}
+ timeout=$(($timeout*10))
+
+ while [ $cnt -lt $timeout ]; do
+ [ -z "$(ip -6 addr show dev "$1" scope link tentative)" ] \
+ && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+ && return 0
+ [ -n "$(ip -6 addr show dev "$1" scope link dadfailed)" ] \
+ && return 1
+ sleep 0.1
+ cnt=$(($cnt+1))
+ done
+ return 1
+}
+
wait_for_ipv6_dad() {
local cnt=0
- local li
local timeout="$(getargs rd.net.timeout.ipv6dad=)"
timeout=${timeout:-50}
timeout=$(($timeout*10))
while [ $cnt -lt $timeout ]; do
- li=$(ip -6 addr show dev $1 scope link)
- strstr "$li" "tentative" || return 0
+ [ -z "$(ip -6 addr show dev "$1" tentative)" ] \
+ && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+ && return 0
+ [ -n "$(ip -6 addr show dev "$1" dadfailed)" ] \
+ && return 1
sleep 0.1
cnt=$(($cnt+1))
done
wait_for_ipv6_auto() {
local cnt=0
- local li
local timeout="$(getargs rd.net.timeout.ipv6auto=)"
timeout=${timeout:-40}
timeout=$(($timeout*10))
while [ $cnt -lt $timeout ]; do
- li=$(ip -6 addr show dev $1)
- if ! strstr "$li" "tentative"; then
- strstr "$li" "dynamic" && return 0
- fi
+ [ -z "$(ip -6 addr show dev "$1" tentative)" ] \
+ && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+ && return 0
sleep 0.1
cnt=$(($cnt+1))
done
esac
}
+
+iface_get_subchannels() {
+ local _netif
+ local _subchannels
+
+ _netif="$1"
+
+ _subchannels=$({
+ for i in /sys/class/net/$_netif/device/cdev[0-9]*; do
+ [ -e $i ] || continue
+ channel=$(readlink -f $i)
+ printf -- "%s" "${channel##*/},"
+ done
+ })
+ [ -n "$_subchannels" ] || return 1
+
+ printf -- "%s" ${_subchannels%,}
+}
#!/bin/sh
#
# Format:
-# bond=<bondname>[:<bondslaves>:[:<options>]]
+# bond=<bondname>[:<bondslaves>:[:<options>[:<mtu>]]]
#
# bondslaves is a comma-separated list of physical (ethernet) interfaces
# options is a comma-separated list on bonding options (modinfo bonding for details) in format compatible with initscripts
#
# bond without parameters assumes bond=bond0:eth0,eth1:mode=balance-rr
#
+# if the mtu is specified, it will be set on the bond master
+#
# We translate list of slaves to space-separated here to mwke it easier to loop over them in ifup
# Ditto for bonding options
1) bondname=$1; bondslaves="eth0 eth1" ;;
2) bondname=$1; bondslaves=$(str_replace "$2" "," " ") ;;
3) bondname=$1; bondslaves=$(str_replace "$2" "," " "); bondoptions=$(str_replace "$3" "," " ") ;;
+ 4) bondname=$1; bondslaves=$(str_replace "$2" "," " "); bondoptions=$(str_replace "$3" "," " "); bondmtu=$4;;
*) die "bond= requires zero to four parameters" ;;
esac
}
-# Parse bond for bondname, bondslaves, bondmode and bondoptions
+# Parse bond for bondname, bondslaves, bondmode, bondoptions and bondmtu
for bond in $(getargs bond=); do
unset bondname
unset bondslaves
unset bondoptions
+ unset bondmtu
if [ "$bond" != "bond" ]; then
parsebond "$bond"
fi
echo "bondname=$bondname" > /tmp/bond.${bondname}.info
echo "bondslaves=\"$bondslaves\"" >> /tmp/bond.${bondname}.info
echo "bondoptions=\"$bondoptions\"" >> /tmp/bond.${bondname}.info
+ echo "bondmtu=\"$bondmtu\"" >> /tmp/bond.${bondname}.info
done
2) teammaster=$1; teamslaves=$(str_replace "$2" "," " ") ;;
*) die "team= requires two parameters" ;;
esac
+ return 0
}
+for team in $(getargs team); do
+ [ "$team" = "team" ] && continue
-for team in $(getargs team=); do
- unset teammaster teamslaves
- parseteam "$(getarg team=)"
+ unset teammaster
+ unset teamslaves
+
+ parseteam "$team" || continue
echo "teammaster=$teammaster" > /tmp/team.${teammaster}.info
echo "teamslaves=\"$teamslaves\"" >> /tmp/team.${teammaster}.info
+
+ if ! [ -e /etc/teamd/${teammaster}.conf ]; then
+ warn "Team master $teammaster specified, but no /etc/teamd/$teammaster.conf present. Using activebackup."
+ mkdir -p /etc/teamd
+ printf -- "%s" '{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}' > "/etc/teamd/${teammaster}.conf"
+ fi
done
+
unset bondoptions
unset bridgename
unset bridgeslaves
+ unset team
unset uuid
unset ip
unset gw
[ -e /tmp/bond.${netif}.info ] && . /tmp/bond.${netif}.info
[ -e /tmp/bridge.${netif}.info ] && . /tmp/bridge.${netif}.info
+ [ -e /tmp/team.${netif}.info ] && . /tmp/team.${netif}.info
uuid=$(cat /proc/sys/kernel/random/uuid)
if [ "$netif" = "$bridgename" ]; then
bridge=yes
+ elif [ "$netif" = "$teammaster" ]; then
+ team=yes
elif [ "$netif" = "$bondname" ]; then
# $netif can't be bridge and bond at the same time
bond=yes
break
done
+ # skip team interfaces for now, the host config must be in sync
+ [ "$netif" = "$teammaster" ] && continue
+
{
echo "# Generated by dracut initrd"
echo "NAME=\"$netif\""
} > /tmp/ifcfg/ifcfg-$netif
# bridge needs different things written to ifcfg
- if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ]; then
+ if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ] && [ -z "$team" ]; then
# standard interface
- {
- echo "TYPE=Ethernet"
- [ -n "$mtu" ] && echo "MTU=\"$mtu\""
- } >> /tmp/ifcfg/ifcfg-$netif
+ echo "TYPE=Ethernet" >> /tmp/ifcfg/ifcfg-$netif
fi
if [ -n "$vlan" ] ; then
# called by dracut
install() {
- local _dir _crt _found _lib
+ local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
inst_multiple -o ctorrent
inst_multiple curl
[[ -d $_dir ]] || continue
for _lib in $_dir/libcurl.so.*; do
[[ -e $_lib ]] || continue
+ [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
_crt=$(grep -F --binary-files=text -z .crt $_lib)
[[ $_crt ]] || continue
[[ $_crt == /*/* ]] || continue
_found=1
done
done
- [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle; HTTPS won't work."
+ # If we found no cert bundle files referenced in libcurl but we
+ # *did* find a mention of libnssckbi (checked above), install it.
+ # If its truly NSS libnssckbi, it includes its own trust bundle,
+ # but if it's really p11-kit-trust.so, we need to find the dirs
+ # where it will look for a trust bundle and install them too.
+ if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
+ _found=1
+ inst_libdir_file "libnssckbi.so*" || _found=
+ for _dir in $libdirs; do
+ [[ -e $_dir/libnssckbi.so ]] || continue
+ # this looks for directory-ish strings in the file
+ for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $_dir/libnssckbi.so) ; do
+ # the string can be a :-separated list of dirs
+ for _p11root in $(echo "$_p11roots" | tr ':' '\n') ; do
+ # check if it's actually a directory (there are
+ # several false positives in the results)
+ [[ -d "$_p11root" ]] || continue
+ # check if it has some specific subdirs that all
+ # p11-kit trust dirs have
+ [[ -d "${_p11root}/anchors" ]] || continue
+ [[ -d "${_p11root}/blacklist" ]] || continue
+ # so now we know it's really a p11-kit trust dir;
+ # install everything in it
+ for _p11item in $(find "$_p11root") ; do
+ if ! inst "$_p11item" ; then
+ dwarn "Couldn't install '$_p11item' from p11-kit trust dir '$_p11root'; HTTPS might not work."
+ continue
+ fi
+ done
+ done
+ done
+ done
+ fi
+ [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
}
local _modname
# Include KMS capable drm drivers
- if [[ "$(uname -p)" == arm* ]]; then
- # arm specific modules needed by drm
+ if [[ "$(uname -m)" == arm* || "$(uname -m)" == aarch64 ]]; then
+ # arm/aarch64 specific modules needed by drm
instmods \
"=drivers/gpu/drm/i2c" \
"=drivers/gpu/drm/panel" \
- "=drivers/pwm" \
+ "=drivers/gpu/drm/bridge" \
"=drivers/video/backlight" \
- "=drivers/video/fbdev/omap2/displays-new" \
${NULL}
fi
- instmods amdkfd hyperv_fb
+ instmods amdkfd hyperv_fb "=drivers/pwm"
# if the hardware is present, include module even if it is not currently loaded,
# as we could e.g. be in the installer; nokmsboot boot parameter will disable
local keydev="$2"
local device="$3"
- # This creates a unique single mountpoint for *, or several for explicitly
- # given LUKS devices. It accomplishes unlocking multiple LUKS devices with
- # a single password entry.
- local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"
-
- if [ ! -d "$mntp" ]; then
- mkdir "$mntp"
- mount -r "$keydev" "$mntp" || die 'Mounting rem. dev. failed!'
+ # No mounting needed if the keyfile resides inside the initrd
+ if [ "/" == "$keydev" ]; then
+ local mntp=/
+ else
+ # This creates a unique single mountpoint for *, or several for explicitly
+ # given LUKS devices. It accomplishes unlocking multiple LUKS devices with
+ # a single password entry.
+ local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"
+
+ if [ ! -d "$mntp" ]; then
+ mkdir "$mntp"
+ mount -r "$keydev" "$mntp" || die 'Mounting rem. dev. failed!'
+ fi
fi
case "${keypath##*.}" in
*) cat "$mntp/$keypath" ;;
esac
- # General unmounting mechanism, modules doing custom cleanup should return earlier
- # and install a pre-pivot cleanup hook
- umount "$mntp"
- rmdir "$mntp"
+ # No unmounting if the keyfile resides inside the initrd
+ if [ "/" != "$keydev" ]; then
+ # General unmounting mechanism, modules doing custom cleanup should return earlier
+ # and install a pre-pivot cleanup hook
+ umount "$mntp"
+ rmdir "$mntp"
+ fi
}
continue
fi
- if [ -n "$keydev" ]; then
+ # A keydev of '/' is treated as the initrd itself
+ if [ "/" == "$keydev" ]; then
+ [ -z "$luksdev" ] && luksdev='*'
+ echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys
+ continue
+ elif [ -n "$keydev" ]; then
udevmatch "$keydev" >&7 || {
warn 'keydev incorrect!'
continue
return $ret
}
-if command -v dmsetup >/dev/null; then
+if command -v dmsetup >/dev/null &&
+ [ "x$(dmsetup status)" != "xNo devices found" ]; then
_do_dm_shutdown $1
else
:
#!/bin/sh
-if [ -b /dev/mapper/live-rw ] && [ -d /run/initramfs/live/updates -o -d /updates ]; then
+if [ -L /run/rootfsbase ] && [ -d /run/initramfs/live/updates -o -d /updates ]; then
info "Applying updates to live image..."
mount -o bind /run $NEWROOT/run
# avoid overwriting symlinks (e.g. /lib -> /usr/lib) with directories
GENERATOR_DIR="$2"
[ -z "$GENERATOR_DIR" ] && exit 1
-
[ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR"
+getargbool 0 rd.live.overlay.overlayfs && overlayfs="yes"
+[ -e /xor_overlayfs ] && xor_overlayfs="yes"
ROOTFLAGS="$(getarg rootflags)"
{
echo "[Unit]"
echo "Before=initrd-root-fs.target"
echo "[Mount]"
echo "Where=/sysroot"
- echo "What=/dev/mapper/live-rw"
- [ -n "$ROOTFLAGS" ] && echo "Options=${ROOTFLAGS}"
+ if [ "$overlayfs$xor_overlayfs" = "yes" ]; then
+ echo "What=LiveOS_rootfs"
+ echo "Options=${ROOTFLAGS},lowerdir=/run/rootfsbase,upperdir=/run/overlayfs,workdir=/run/ovlwork"
+ echo "Type=overlay"
+ _dev=LiveOS_rootfs
+ else
+ echo "What=/dev/mapper/live-rw"
+ [ -n "$ROOTFLAGS" ] && echo "Options=${ROOTFLAGS}"
+ _dev=dev-mapper-live\x2drw
+ fi
} > "$GENERATOR_DIR"/sysroot.mount
-mkdir -p "$GENERATOR_DIR/dev-mapper-live\x2drw.device.d"
+mkdir -p "$GENERATOR_DIR/$_dev.device.d"
{
echo "[Unit]"
echo "JobTimeoutSec=3000"
-} > "$GENERATOR_DIR/dev-mapper-live\x2drw.device.d/timeout.conf"
+} > "$GENERATOR_DIR/$_dev.device.d/timeout.conf"
overlay=$(getarg rd.live.overlay -d overlay)
getargbool 0 rd.writable.fsimg -d -y writable_fsimg && writable_fsimg="yes"
overlay_size=$(getarg rd.live.overlay.size=)
-[ -z "$overlay_size" ] && overlay_size=512
+[ -z "$overlay_size" ] && overlay_size=32768
getargbool 0 rd.live.overlay.thin && thin_snapshot="yes"
+getargbool 0 rd.live.overlay.overlayfs && overlayfs="yes"
# CD/DVD media check
[ -b $livedev ] && fs=$(blkid -s TYPE -o value $livedev)
# create a sparse file for the overlay
# overlay: if non-ram overlay searching is desired, do it,
# otherwise, create traditional overlay in ram
- OVERLAY_LOOPDEV=$( losetup -f )
l=$(blkid -s LABEL -o value $livedev) || l=""
u=$(blkid -s UUID -o value $livedev) || u=""
devspec=$( echo $overlay | sed -e 's/:.*$//' )
# need to know where to look for the overlay
- setup=""
- if [ -n "$devspec" -a -n "$pathspec" -a -n "$overlay" ]; then
+ if [ -z "$setup" -a -n "$devspec" -a -n "$pathspec" -a -n "$overlay" ]; then
mkdir -m 0755 /run/initramfs/overlayfs
+ opt=''
+ [ -n "$readonly_overlay" ] && opt=-r
mount -n -t auto $devspec /run/initramfs/overlayfs || :
if [ -f /run/initramfs/overlayfs$pathspec -a -w /run/initramfs/overlayfs$pathspec ]; then
- losetup $OVERLAY_LOOPDEV /run/initramfs/overlayfs$pathspec
- if [ -n "$reset_overlay" ]; then
- dd if=/dev/zero of=$OVERLAY_LOOPDEV bs=64k count=1 conv=fsync 2>/dev/null
+ OVERLAY_LOOPDEV=$(losetup -f --show $opt /run/initramfs/overlayfs$pathspec)
+ over=$OVERLAY_LOOPDEV
+ umount -l /run/initramfs/overlayfs || :
+ oltype=$(det_img_fs $OVERLAY_LOOPDEV)
+ if [ -z "$oltype" ] || [ "$oltype" = DM_snapshot_cow ]; then
+ if [ -n "$reset_overlay" ]; then
+ info "Resetting the Device-mapper overlay."
+ dd if=/dev/zero of=$OVERLAY_LOOPDEV bs=64k count=1 conv=fsync 2>/dev/null
+ fi
+ if [ -n "$overlayfs" ]; then
+ unset -v overlayfs
+ [ -n "$DRACUT_SYSTEMD" ] && reloadsysrootmountunit="yes"
+ fi
+ setup="yes"
+ else
+ mount -n -t $oltype $opt $OVERLAY_LOOPDEV /run/initramfs/overlayfs
+ if [ -d /run/initramfs/overlayfs/overlayfs ] &&
+ [ -d /run/initramfs/overlayfs/ovlwork ]; then
+ ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs$opt
+ ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork$opt
+ if [ -z "$overlayfs" ]; then
+ overlayfs="yes"
+ [ -n "$DRACUT_SYSTEMD" ] && reloadsysrootmountunit="yes"
+ fi
+ setup="yes"
+ fi
+ fi
+ elif [ -d /run/initramfs/overlayfs$pathspec ] &&
+ [ -d /run/initramfs/overlayfs$pathspec/../ovlwork ]; then
+ ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs$opt
+ ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork$opt
+ if [ -z "$overlayfs" ]; then
+ overlayfs="yes"
+ [ -n "$DRACUT_SYSTEMD" ] && reloadsysrootmountunit="yes"
fi
setup="yes"
fi
- umount -l /run/initramfs/overlayfs || :
+ fi
+ if [ -n "$overlayfs" ]; then
+ modprobe overlay
+ if [ $? != 0 ]; then
+ m='OverlayFS is not available; using temporary Device-mapper overlay.'
+ unset -v overlayfs setup
+ [ -n "$reloadsysrootmountunit" ] && unset -v reloadsysrootmountunit
+ fi
fi
if [ -z "$setup" -o -n "$readonly_overlay" ]; then
if [ -n "$setup" ]; then
warn "Using temporary overlay."
elif [ -n "$devspec" -a -n "$pathspec" ]; then
- warn "Unable to find persistent overlay; using temporary"
- sleep 5
+ [ -z "$m" ] &&
+ m=' Unable to find a persistent overlay; using a temporary one.'
+ m=($'\n' "$m" $'\n'
+ ' All root filesystem changes will be lost on shutdown.'
+ $'\n' ' Press any key to continue')
+ echo -e "\n\n\n${m[*]}\n\n\n" > /dev/kmsg
+ if [ -n "$DRACUT_SYSTEMD" ]; then
+ if plymouth --ping ; then
+ if getargbool 0 rhgb || getargbool 0 splash ; then
+ m[0]='>>>'$'\n''>>>'$'\n''>>>'$'\n\n'
+ m[5]=$'\n''<<<'$'\n''<<<'$'\n''<<<'
+ plymouth display-message --text="${m[*]}"
+ else
+ plymouth ask-question --prompt="${m[*]}" --command=true
+ fi
+ else
+ m[0]='>>>'
+ m[5]='<<<'
+ unset -v m[2] m[4]
+ systemd-ask-password --timeout=0 "${m[*]}"
+ fi
+ else
+ plymouth --ping && plymouth --quit
+ read -s -r -p $'\n\n'"${m[*]}:" -n 1 reply
+ fi
fi
-
- dd if=/dev/null of=/overlay bs=1024 count=1 seek=$((overlay_size*1024)) 2> /dev/null
- if [ -n "$setup" -a -n "$readonly_overlay" ]; then
- RO_OVERLAY_LOOPDEV=$( losetup -f )
- losetup $RO_OVERLAY_LOOPDEV /overlay
+ if [ -n "$overlayfs" ]; then
+ mkdir -m 0755 /run/overlayfs
+ mkdir -m 0755 /run/ovlwork
else
- losetup $OVERLAY_LOOPDEV /overlay
+ dd if=/dev/null of=/overlay bs=1024 count=1 seek=$((overlay_size*1024)) 2> /dev/null
+ if [ -n "$setup" -a -n "$readonly_overlay" ]; then
+ RO_OVERLAY_LOOPDEV=$(losetup -f --show /overlay)
+ over=$RO_OVERLAY_LOOPDEV
+ else
+ OVERLAY_LOOPDEV=$(losetup -f --show /overlay)
+ over=$OVERLAY_LOOPDEV
+ fi
fi
fi
# set up the snapshot
- sz=$(blockdev --getsz $BASE_LOOPDEV)
- if [ -n "$readonly_overlay" ]; then
- echo 0 $sz snapshot $BASE_LOOPDEV $OVERLAY_LOOPDEV N 8 | dmsetup create --readonly live-ro
- base="/dev/mapper/live-ro"
- over=$RO_OVERLAY_LOOPDEV
- else
- base=$BASE_LOOPDEV
- over=$OVERLAY_LOOPDEV
+ if [ -z "$overlayfs" ]; then
+ if [ -n "$readonly_overlay" ] && [ -n "$OVERLAY_LOOPDEV" ]; then
+ echo 0 $sz snapshot $BASE_LOOPDEV $OVERLAY_LOOPDEV P 8 | dmsetup create --readonly live-ro
+ base="/dev/mapper/live-ro"
+ else
+ base=$BASE_LOOPDEV
+ fi
fi
if [ -n "$thin_snapshot" ]; then
modprobe dm_thin_pool
- mkdir /run/initramfs/thin-overlay
+ mkdir -m 0755 /run/initramfs/thin-overlay
# In block units (512b)
thin_data_sz=$(( $overlay_size * 1024 * 1024 / 512 ))
# Create a snapshot of the base image
echo 0 $sz thin /dev/mapper/live-overlay-pool 0 $base | dmsetup create live-rw
- else
+ elif [ -z "$overlayfs" ]; then
echo 0 $sz snapshot $base $over PO 8 | dmsetup create live-rw
fi
# Create a device that always points to a ro base image
- echo 0 $sz linear $BASE_LOOPDEV 0 | dmsetup create --readonly live-base
-}
-
-# live cd helper function
-do_live_from_base_loop() {
- do_live_overlay
+ if [ -n "$overlayfs" ]; then
+ BASE_LOOPDUP=$(losetup -f --show -r $BASE_LOOPDEV)
+ echo 0 $sz linear $BASE_LOOPDUP 0 | dmsetup create --readonly live-base
+ else
+ echo 0 $sz linear $BASE_LOOPDEV 0 | dmsetup create --readonly live-base
+ fi
}
# we might have a genMinInstDelta delta file for anaconda to take advantage of
if [ -e /run/initramfs/live/${live_dir}/osmin.img ]; then
OSMINSQFS=/run/initramfs/live/${live_dir}/osmin.img
-fi
-
-if [ -n "$OSMINSQFS" ]; then
# decompress the delta data
dd if=$OSMINSQFS of=/run/initramfs/osmin.img 2> /dev/null
OSMIN_SQUASHED_LOOPDEV=$( losetup -f )
if [ -e /run/initramfs/live/${live_dir}/${squash_image} ]; then
SQUASHED="/run/initramfs/live/${live_dir}/${squash_image}"
fi
-
-if [ -e "$SQUASHED" ] ; then
+if [ -e "$SQUASHED" ]; then
if [ -n "$live_ram" ]; then
- echo "Copying live image to RAM..."
- echo "(this may take a few minutes)"
+ echo 'Copying live image to RAM...' > /dev/kmsg
+ echo ' (this may take a minute)' > /dev/kmsg
dd if=$SQUASHED of=/run/initramfs/squashed.img bs=512 2> /dev/null
- echo "Done copying live image to RAM."
+ echo 'Done copying live image to RAM.' > /dev/kmsg
SQUASHED="/run/initramfs/squashed.img"
fi
mkdir -m 0755 -p /run/initramfs/squashfs
mount -n -t squashfs -o ro $SQUASHED_LOOPDEV /run/initramfs/squashfs
- if [ -f /run/initramfs/squashfs/LiveOS/ext3fs.img ]; then
- FSIMG="/run/initramfs/squashfs/LiveOS/ext3fs.img"
- elif [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
+ if [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
FSIMG="/run/initramfs/squashfs/LiveOS/rootfs.img"
+ elif [ -f /run/initramfs/squashfs/LiveOS/ext3fs.img ]; then
+ FSIMG="/run/initramfs/squashfs/LiveOS/ext3fs.img"
fi
else
# we might have an embedded fs image to use as rootfs (uncompressed live)
- if [ -e /run/initramfs/live/${live_dir}/ext3fs.img ]; then
- FSIMG="/run/initramfs/live/${live_dir}/ext3fs.img"
- elif [ -e /run/initramfs/live/${live_dir}/rootfs.img ]; then
+ if [ -e /run/initramfs/live/${live_dir}/rootfs.img ]; then
FSIMG="/run/initramfs/live/${live_dir}/rootfs.img"
+ elif [ -e /run/initramfs/live/${live_dir}/ext3fs.img ]; then
+ FSIMG="/run/initramfs/live/${live_dir}/ext3fs.img"
fi
if [ -n "$live_ram" ]; then
- echo 'Copying live image to RAM...'
- echo '(this may take a few minutes)'
+ echo 'Copying live image to RAM...' > /dev/kmsg
+ echo ' (this may take a minute or so)' > /dev/kmsg
dd if=$FSIMG of=/run/initramfs/rootfs.img bs=512 2> /dev/null
- echo 'Done copying live image to RAM.'
+ echo 'Done copying live image to RAM.' > /dev/kmsg
FSIMG='/run/initramfs/rootfs.img'
fi
fi
if [ -n "$FSIMG" ] ; then
- BASE_LOOPDEV=$( losetup -f )
-
if [ -n "$writable_fsimg" ] ; then
# mount the provided filesystem read/write
- echo "Unpacking live filesystem (may take some time)"
- mkdir /run/initramfs/fsimg/
+ echo "Unpacking live filesystem (may take some time)" > /dev/kmsg
+ mkdir -m 0755 /run/initramfs/fsimg/
if [ -n "$SQUASHED" ]; then
cp -v $FSIMG /run/initramfs/fsimg/rootfs.img
else
fi
FSIMG=/run/initramfs/fsimg/rootfs.img
fi
- if [ -n "$writable_fsimg" ] || [ -z "$SQUASHED" -a -n "$live_ram" ] ||
+ opt=-r
+ # For writable DM images...
+ if [ -z "$SQUASHED" -a -n "$live_ram" -a -z "$overlayfs" ] ||
+ [ -n "$writable_fsimg" ] ||
[ "$overlay" = none -o "$overlay" = None -o "$overlay" = NONE ]; then
- losetup $BASE_LOOPDEV $FSIMG
- sz=$(blockdev --getsz $BASE_LOOPDEV)
+ if [ -z "$readonly_overlay" ]; then
+ opt=''
+ setup=rw
+ else
+ setup=yes
+ fi
+ fi
+ BASE_LOOPDEV=$(losetup -f --show $opt $FSIMG)
+ sz=$(blockdev --getsz $BASE_LOOPDEV)
+ if [ "$setup" == rw ]; then
echo 0 $sz linear $BASE_LOOPDEV 0 | dmsetup create live-rw
else
- # mount the filesystem read-only and add a dm snapshot for writes
- losetup -r $BASE_LOOPDEV $FSIMG
- do_live_from_base_loop
+ # Add a DM snapshot or OverlayFS for writes.
+ do_live_overlay
fi
fi
-[ -e "$SQUASHED" ] && umount -l /run/initramfs/squashfs
+[ -e "$SQUASHED" ] && [ -z "$overlayfs" ] && umount -l /run/initramfs/squashfs
if [ -b "$OSMIN_LOOPDEV" ]; then
# set up the devicemapper snapshot device, which will merge
# the normal live fs image, and the delta, into a minimzied fs image
- echo "0 $( blockdev --getsz $BASE_LOOPDEV ) snapshot $BASE_LOOPDEV $OSMIN_LOOPDEV N 8" | dmsetup create --readonly live-osimg-min
+ echo "0 $sz snapshot $BASE_LOOPDEV $OSMIN_LOOPDEV P 8" | dmsetup create --readonly live-osimg-min
fi
-ROOTFLAGS="$(getarg rootflags)"
-if [ -n "$ROOTFLAGS" ]; then
- ROOTFLAGS="-o $ROOTFLAGS"
+if [ -n "$reloadsysrootmountunit" ]; then
+ > /xor_overlayfs
+ systemctl daemon-reload
fi
-ln -s /dev/mapper/live-rw /dev/root
+ROOTFLAGS="$(getarg rootflags)"
-if [ -z "$DRACUT_SYSTEMD" ]; then
- printf 'mount %s /dev/mapper/live-rw %s\n' "$ROOTFLAGS" "$NEWROOT" > $hookdir/mount/01-$$-live.sh
+if [ -n "$overlayfs" ]; then
+ mkdir -m 0755 /run/rootfsbase
+ if [ -n "$reset_overlay" ] && [ -L /run/overlayfs ]; then
+ ovlfs=$(readlink /run/overlayfs)
+ info "Resetting the OverlayFS overlay directory."
+ rm -r -- ${ovlfs}/* ${ovlfs}/.* >/dev/null 2>&1
+ fi
+ if [ -n "$readonly_overlay" ]; then
+ mkdir -m 0755 /run/rootfsbase-r
+ mount -r $FSIMG /run/rootfsbase-r
+ mount -t overlay LiveOS_rootfs-r -oro,lowerdir=/run/overlayfs-r:/run/rootfsbase-r /run/rootfsbase
+ else
+ mount -r $FSIMG /run/rootfsbase
+ fi
+ if [ -z "$DRACUT_SYSTEMD" ]; then
+ #FIXME What to link to /dev/root? Is it even needed?
+ printf 'mount -t overlay LiveOS_rootfs -o%s,%s %s\n' "$ROOTFLAGS" \
+ 'lowerdir=/run/rootfsbase,upperdir=/run/overlayfs,workdir=/run/ovlwork' \
+ "$NEWROOT" > $hookdir/mount/01-$$-live.sh
+ fi
+else
+ ln -s /dev/mapper/live-rw /dev/root
+ if [ -z "$DRACUT_SYSTEMD" ]; then
+ [ -n "$ROOTFLAGS" ] && ROOTFLAGS="-o $ROOTFLAGS"
+ printf 'mount %s /dev/mapper/live-rw %s\n' "$ROOTFLAGS" "$NEWROOT" > $hookdir/mount/01-$$-live.sh
+ fi
+ ln -s $BASE_LOOPDEV /run/rootfsbase
fi
need_shutdown
# called by dracut
installkernel() {
- instmods squashfs loop iso9660
+ instmods squashfs loop iso9660 overlay
}
# called by dracut
# make sure that init doesn't complain
[ -z "$root" ] && root="live"
-wait_for_dev -n /dev/mapper/live-rw
+wait_for_dev -n /run/rootfsbase
return 0
ohci-hcd ohci-pci \
uhci-hcd \
xhci-hcd xhci-pci xhci-plat-hcd \
+ pinctrl-cherryview \
"=drivers/hid" \
"=drivers/input/serio" \
"=drivers/input/keyboard" \
virtio virtio_blk virtio_ring virtio_pci virtio_scsi \
"=drivers/pcmcia" =ide nvme
- if [[ "$(uname -p)" == arm* ]]; then
- # arm specific modules
+ if [[ "$(uname -m)" == arm* || "$(uname -m)" == aarch64 ]]; then
+ # arm/aarch64 specific modules
instmods \
"=drivers/clk" \
+ "=drivers/dma" \
"=drivers/i2c/busses" \
"=drivers/phy" \
"=drivers/power" \
"=drivers/usb/host" \
"=drivers/usb/musb" \
"=drivers/usb/phy" \
+ "=drivers/scsi/hisi_sas" \
${NULL}
fi
#!/bin/sh
-type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
-_md_force_run() {
+type getargs >/dev/null 2>&1 || . /lib/dracut-lib.sh
+
+_md_start() {
local _udevinfo
local _path_s
local _path_d
+ local _md="$1"
+ local _offroot="$2"
+
+ _udevinfo="$(udevadm info --query=env --name="${_md}")"
+ strstr "$_udevinfo" "MD_LEVEL=container" && continue
+ strstr "$_udevinfo" "DEVTYPE=partition" && continue
+
+ _path_s="/sys/$(udevadm info -q path -n "${_md}")/md/array_state"
+ [ ! -r "$_path_s" ] && continue
+
+ # inactive ?
+ [ "$(cat "$_path_s")" != "inactive" ] && continue
+
+ mdadm $_offroot -R "${_md}" 2>&1 | vinfo
+
+ # still inactive ?
+ [ "$(cat "$_path_s")" = "inactive" ] && continue
+
+ _path_d="${_path_s%/*}/degraded"
+ [ ! -r "$_path_d" ] && continue
+ > $hookdir/initqueue/work
+}
+
+_md_force_run() {
local _offroot
- _offroot=$(strstr "$(mdadm --help-options 2>&1)" offroot && echo --offroot)
- # try to force-run anything not running yet
- for md in /dev/md[0-9_]*; do
- [ -b "$md" ] || continue
- _udevinfo="$(udevadm info --query=env --name="$md")"
- strstr "$_udevinfo" "MD_LEVEL=container" && continue
- strstr "$_udevinfo" "DEVTYPE=partition" && continue
+ local _md
+ local _UUID
+ local _MD_UUID=$(getargs rd.md.uuid -d rd_MD_UUID=)
+ [ -n "$_MD_UUID" ] || getargbool 0 rd.auto || return
- _path_s="/sys/$(udevadm info -q path -n "$md")/md/array_state"
- [ ! -r "$_path_s" ] && continue
+ _offroot=$(strstr "$(mdadm --help-options 2>&1)" offroot && echo --offroot)
- # inactive ?
- [ "$(cat "$_path_s")" != "inactive" ] && continue
+ if [ -n "$_MD_UUID" ]; then
+ for _md in /dev/md[0-9_]*; do
+ [ -b "$_md" ] || continue
+ _UUID=$(
+ /sbin/mdadm -D --export "$_md" \
+ | while read line || [ -n "$line" ]; do
+ str_starts "$line" "MD_UUID=" || continue
+ printf "%s" "${line#MD_UUID=}"
+ done
+ )
- mdadm $_offroot -R "$md" 2>&1 | vinfo
+ [ -z "$_UUID" ] && continue
- # still inactive ?
- [ "$(cat "$_path_s")" = "inactive" ] && continue
+ # check if we should handle this device
+ strstr " $_MD_UUID " " $_UUID " || continue
- _path_d="${_path_s%/*}/degraded"
- [ ! -r "$_path_d" ] && continue
- > $hookdir/initqueue/work
- done
+ _md_start "${_md}" "${_offroot}"
+ done
+ else
+ # try to force-run anything not running yet
+ for _md in /dev/md[0-9_]*; do
+ [ -b "$_md" ] || continue
+ _md_start "${_md}" "${_offroot}"
+ done
+ fi
}
_md_force_run
if [ -e $systemdsystemunitdir/mdmon@.service ]; then
inst_simple $systemdsystemunitdir/mdmon@.service
fi
+ if [ -e $systemdsystemunitdir/mdadm-last-resort@.service ]; then
+ inst_simple $systemdsystemunitdir/mdadm-last-resort@.service
+ fi
+ if [ -e $systemdsystemunitdir/mdadm-last-resort@.timer ]; then
+ inst_simple $systemdsystemunitdir/mdadm-last-resort@.timer
+ fi
fi
inst_hook pre-shutdown 30 "$moddir/mdmon-pre-shutdown.sh"
dracut_need_initqueue
done < "${f}" > "${f}.new"
mv "${f}.new" "$f"
done
+ for uuid in $MD_UUID; do
+ wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}"
+ done
fi
fi
--- /dev/null
+# Directions for changing a system from password-based gpg keyfile
+# to smartcard-based gpg keyfile
+
+# Be sure that you meet the following requirements:
+# 1. GnuPG >= 2.1 installed with
+# * Smartcard support enabled (scdaemon must be built)
+# * Direct CCID access built into scdaemon
+# 2. A password-based gpg keyfile ${KEYFILE} (e.g. "keyfile.gpg"):
+# That is, a file containing the slot key for LUKS, which
+# has been encrypted symmetrically with GnuPG using
+# a password.
+# 3. Your public OpenPGP identity ${RECIPIENT} (e.g. "3A696356")
+# 4. An OpenPGP smartcard holding the decryption key associated
+# with your public identity
+# 5. A CCID smartcard reader
+
+# Notes: Requirement 4. and 5. can of course be one device, e.g.
+# a USB token with an integrated OpenPGP smartcard
+
+# Make a backup of your keyfile (assuming it lies on the boot partition)
+$ cp /boot/${KEYFILE} /safe/place/keyfile.bak.gpg
+
+# Change your keyfile from purely password-based to both
+# password-based and key-based (you can then decrypt the keyfile
+# with either method). As an example aes256 is chosen, the cipher
+# is not important to this guide, but do note that your kernel
+# must support it at boot time (be it built into the kernel image
+# or loaded as a module from the initramfs).
+$ cat /safe/place/keyfile.bak.gpg | gpg -d | gpg --encrypt --recipient ${RECIPIENT} --cipher-algo aes256 --armor -c > /safe/place/keyfile_sc.gpg
+
+# Verify that you can decrypt your new keyfile both with the password
+# and your smartcard.
+# (with smartcard inserted, you should be prompted for your PIN, unless
+# you already did so and have not yet timed out)
+$ gpg -d /safe/place/keyfile_sc.gpg
+# (with smartcard disconnected, you should be prompted for your password)
+$ gpg -d /safe/place/keyfile_sc.gpg
+
+# After verification, replace your old keyfile with your new one
+$ su -c 'cp /safe/place/keyfile_sc.gpg /boot/${KEYFILE}'
+
+# Export your public key to where crypt-gpg can find it
+$ gpg --armor --export-options export-minimal --export ${RECIPIENT} > /safe/place/crypt-public-key.gpg
+$ su -c 'cp /safe/place/crypt-public-key.gpg /etc/dracut.conf.d/crypt-public-key.gpg'
+
+# Rebuild your initramfs as usual
+# When booting with any of the requirements not met, crypt-gpg will default to password-based keyfile unlocking.
+# If all requirements are met and smartcard support is not disabled by setting the kernel option "rd.luks.smartcard=0"
+# crypt-gpg will try find and use a connected OpenPGP smartcard by prompting you for the PIN and then
+# unlocking the gpg keyfile with the smartcard.
# gpg_decrypt mnt_point keypath keydev device
#
-# Decrypts encrypted symmetrically key to standard output.
+# Decrypts symmetrically encrypted (password or OpenPGP smartcard) key to standard output.
#
# mnt_point - mount point where <keydev> is already mounted
# keypath - GPG encrypted key path relative to <mnt_point>
mkdir -m 0700 -p "$gpghome"
+ # Setup GnuPG home and gpg-agent for usage of OpenPGP smartcard.
+ # This requires GnuPG >= 2.1, as it uses the new ,,pinentry-mode´´
+ # feature, which - when set to ,,loopback´´ - allows us to pipe
+ # the smartcard's pin to GnuPG (instead of using a normal pinentry
+ # program needed with GnuPG < 2.1), making for uncomplicated
+ # integration with the existing codebase.
+ local useSmartcard="0"
+ local gpgMajorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')"
+ local gpgMinorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')"
+
+ if [ "${gpgMajorVersion}" -ge 2 ] && [ "${gpgMinorVersion}" -ge 1 ] \
+ && [ -f /root/crypt-public-key.gpg ] && getargbool 1 rd.luks.smartcard ; then
+ useSmartcard="1"
+ echo "allow-loopback-pinentry" >> "$gpghome/gpg-agent.conf"
+ GNUPGHOME="$gpghome" gpg-agent --quiet --daemon
+ GNUPGHOME="$gpghome" gpg --quiet --no-tty --import < /root/crypt-public-key.gpg
+ local smartcardSerialNumber="$(GNUPGHOME=$gpghome gpg --no-tty --card-status \
+ | sed -n -r -e 's|Serial number.*: ([0-9]*)|\1|p' | tr -d '\n')"
+ if [ -n "${smartcardSerialNumber}" ]; then
+ inputPrompt="PIN (OpenPGP card ${smartcardSerialNumber})"
+ fi
+ GNUPGHOME="$gpghome" gpg-connect-agent 1>/dev/null learn /bye
+ opts="$opts --pinentry-mode=loopback"
+ fi
+
ask_for_password \
--cmd "gpg $opts --decrypt $mntp/$keypath" \
- --prompt "Password ($keypath on $keydev for $device)" \
+ --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \
--tries 3 --tty-echo-off
+ # Clean up the smartcard gpg-agent
+ if [ "${useSmartcard}" == "1" ]; then
+ GNUPGHOME="$gpghome" gpg-connect-agent 1>/dev/null killagent /bye
+ fi
+
rm -rf -- "$gpghome"
}
check() {
require_binaries gpg || return 1
+ if sc_requested; then
+ if ! sc_supported; then
+ dwarning "crypt-gpg: GnuPG >= 2.1 with scdaemon and libusb required for ccid smartcard support"
+ return 1
+ fi
+ return 0
+ fi
+
return 255
}
install() {
inst_multiple gpg
inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh"
+
+ if sc_requested; then
+ inst_multiple gpg-agent
+ inst_multiple gpg-connect-agent
+ inst_multiple /usr/libexec/scdaemon
+ cp "$(sc_public_key)" "${initdir}/root/"
+ fi
+}
+
+sc_public_key() {
+ echo -n "/etc/dracut.conf.d/crypt-public-key.gpg"
+}
+
+# CCID Smartcard support requires GnuPG >= 2.1 with scdaemon and libusb
+sc_supported() {
+ local gpgMajor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')"
+ local gpgMinor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')"
+ if [[ "${gpgMajor}" -gt 2 || "${gpgMajor}" -eq 2 && "${gpgMinor}" -ge 1 ]] && \
+ require_binaries gpg-agent &&
+ require_binaries gpg-connect-agent &&
+ require_binaries /usr/libexec/scdaemon &&
+ (ldd /usr/libexec/scdaemon | grep libusb > /dev/null); then
+ return 0
+ else
+ return 1
+ fi
+}
+
+sc_requested() {
+ if [ -f "$(sc_public_key)" ]; then
+ return 0
+ else
+ return 1
+ fi
}
# called by dracut
installkernel() {
instmods cifs ipv6
+ # hash algos
+ instmods md4 md5 sha256
+ # ciphers
+ instmods aes arc4 des ecb
+ # macs
+ instmods hmac cmac
}
# called by dracut
# If driver is bnx2x, do not use /sys/module/fcoe/parameters/create but fipvlan
modprobe 8021q
udevadm settle --timeout=30
- # Sleep for 3 s to allow dcb negotiation
- sleep 3
+ # Sleep for 13 s to allow dcb negotiation
+ sleep 13
fipvlan "$netif" -c -s
else
vlan="no"
local _i
local _nsslibs
inst_multiple -o portmap rpcbind rpc.statd mount.nfs \
- mount.nfs4 umount rpc.idmapd sed /etc/netconfig chmod
+ mount.nfs4 umount rpc.idmapd sed /etc/netconfig chmod "$tmpfilesdir/rpcbind.conf"
inst_multiple /etc/services /etc/nsswitch.conf /etc/rpc /etc/protocols /etc/idmapd.conf
if [[ $hostonly_cmdline == "yes" ]]; then
# Start rpcbind or rpcbind
# FIXME occasionally saw 'rpcbind: fork failed: No such device' -- why?
command -v portmap >/dev/null && [ -z "$(pidof portmap)" ] && portmap
- command -v rpcbind >/dev/null && [ -z "$(pidof rpcbind)" ] && rpcbind
+ if command -v rpcbind >/dev/null && [ -z "$(pidof rpcbind)" ]; then
+ mkdir -p /run/rpcbind
+ rpcbind
+ fi
# Start rpc.statd as mount won't let us use locks on a NFSv4
# filesystem without talking to it. NFSv4 does locks internally,
. ${IMACONFIG}
fi
- if [ -z "${IMAKEYDIR}" ]; then
+ if [ -z "${IMAKEYSDIR}" ]; then
IMAKEYSDIR="/etc/keys/ima"
fi
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient \
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient \
umount strace less setsid
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
mkdir -p -- var/lib/nfs/rpc_pipefs
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient \
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient \
umount strace less setsid
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient \
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient \
umount strace less setsid
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
ln -sfn /run "$initdir/var/run"
ln -sfn /run/lock "$initdir/var/lock"
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient \
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient \
umount strace less setsid tree systemctl reset
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
done
mkdir -p -- var/lib/nfs/rpc_pipefs
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
done
mkdir -p -- var/lib/nfs/rpc_pipefs
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
done
mkdir -p -- var/lib/nfs/rpc_pipefs
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
ln -sfnr usr/$i $i
done
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient \
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient \
umount strace less
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[[ -f ${_terminfodir}/l/linux ]] && break
done
mkdir -p -- var/lib/nfs/rpc_pipefs
)
- inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip route \
- mount dmesg ifconfig dhclient mkdir cp ping dhclient
+ inst_multiple sh df free ls shutdown poweroff stty cat ps ln ip \
+ mount dmesg dhclient mkdir cp ping dhclient
for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do
[ -f ${_terminfodir}/l/linux ] && break
done
echo > /dev/watchdog
[ -x /sbin/portmap ] && portmap
echo > /dev/watchdog
+mkdir -p /run/rpcbind
[ -x /sbin/rpcbind ] && rpcbind
echo > /dev/watchdog
modprobe nfsd
-display none \
-net socket,listen=127.0.0.1:12320 \
-net nic,macaddr=52:54:00:12:34:56,model=e1000 \
- -serial ${SERIAL:-null} \
+ ${SERIAL:+-serial "$SERIAL"} \
+ ${SERIAL:--serial file:"$TESTDIR"/server.log} \
-watchdog i6300esb -watchdog-action poweroff \
-no-reboot \
-append "panic=1 rd.debug loglevel=77 root=/dev/sda rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0" \
#DEBUGFAIL="rd.shell rd.break rd.debug loglevel=7 "
#DEBUGFAIL="rd.debug loglevel=7 "
#SERVER_DEBUG="rd.debug loglevel=7"
-SERIAL="tcp:127.0.0.1:9999"
-SERIAL="null"
+#SERIAL="tcp:127.0.0.1:9999"
run_server() {
# Start server first
-drive format=raw,index=3,media=disk,file=$TESTDIR/iscsidisk3.img \
-m 512M -smp 2 \
-display none \
- -serial $SERIAL \
+ ${SERIAL:+-serial "$SERIAL"} \
+ ${SERIAL:--serial file:"$TESTDIR"/server.log} \
-net nic,macaddr=52:54:00:12:34:56,model=e1000 \
-net nic,macaddr=52:54:00:12:34:57,model=e1000 \
-net socket,listen=127.0.0.1:12330 \
# Uncomment this to debug failures
#DEBUGFAIL="rd.shell rd.break rd.debug"
-SERIAL="tcp:127.0.0.1:9999"
-SERIAL="null"
+#SERIAL="tcp:127.0.0.1:9999"
run_server() {
# Start server first
-display none \
-net nic,macaddr=52:54:00:12:34:56,model=e1000 \
-net socket,listen=127.0.0.1:12340 \
- -serial $SERIAL \
+ ${SERIAL:+-serial "$SERIAL"} \
+ ${SERIAL:--serial file:"$TESTDIR"/server.log} \
-no-reboot \
-append "panic=1 root=/dev/sda rootfstype=ext2 rw quiet console=ttyS0,115200n81 selinux=0" \
-initrd $TESTDIR/initramfs.server -pidfile $TESTDIR/server.pid -daemonize || return 1
>/dev/watchdog
[ -x /sbin/portmap ] && portmap
>/dev/watchdog
+mkdir -p /run/rpcbind
[ -x /sbin/rpcbind ] && rpcbind
>/dev/watchdog
modprobe nfsd
-display none \
-net socket,listen=127.0.0.1:12350 \
-net nic,macaddr=52:54:01:12:34:56,model=e1000 \
- -serial ${SERIAL:-null} \
+ ${SERIAL:+-serial "$SERIAL"} \
+ ${SERIAL:--serial file:"$TESTDIR"/server.log} \
-watchdog i6300esb -watchdog-action poweroff \
-no-reboot \
-append "panic=1 loglevel=7 root=/dev/sda rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0" \
fi
$testdir/run-qemu -drive format=raw,index=0,media=disk,file="$TESTDIR"/client.img -m 512M -smp 2 -nographic \
- -net socket,connect=127.0.0.1:12350 \
- -net nic,macaddr=52:54:00:12:34:$mac1,model=e1000 \
- -net nic,macaddr=52:54:00:12:34:$mac2,model=e1000 \
- -net nic,macaddr=52:54:00:12:34:$mac3,model=e1000 \
+ -net socket,vlan=0,connect=127.0.0.1:12350 \
+ -net nic,vlan=0,macaddr=52:54:00:12:34:$mac1,model=e1000 \
+ -net nic,vlan=0,macaddr=52:54:00:12:34:$mac2,model=e1000 \
+ -net nic,vlan=0,macaddr=52:54:00:12:34:$mac3,model=e1000 \
+ -net nic,vlan=1,macaddr=52:54:00:12:34:98,model=e1000 \
+ -net nic,vlan=2,macaddr=52:54:00:12:34:99,model=e1000 \
-watchdog i6300esb -watchdog-action poweroff \
-no-reboot \
-append "panic=1 rd.shell=0 $cmdline $DEBUGFAIL rd.retry=5 ro console=ttyS0,115200n81 selinux=0 init=/sbin/init rd.debug systemd.log_target=console loglevel=7" \
client_test "MULTINIC bridging" \
00 01 02 \
- "root=nfs:192.168.50.1:/nfs/client ip=bridge0:dhcp bridge=bridge0:ens3,ens4,ens5" \
+ "root=nfs:192.168.50.1:/nfs/client ip=bridge0:dhcp bridge=bridge0:ens3,ens6,ens7" \
"bridge0" || return 1
return 0
}
>/dev/watchdog
[ -x /sbin/portmap ] && portmap
>/dev/watchdog
+mkdir -p /run/rpcbind
[ -x /sbin/rpcbind ] && rpcbind
>/dev/watchdog
modprobe nfsd
${SERIAL:+-serial "$SERIAL"} \
${SERIAL:--serial file:"$TESTDIR"/server.log} \
-watchdog i6300esb -watchdog-action poweroff \
- -kernel /boot/vmlinuz-"$KVERSION" \
-no-reboot \
-append "panic=1 loglevel=7 root=/dev/sda rootfstype=ext3 rw console=ttyS0,115200n81 selinux=0 rd.debug" \
-initrd "$TESTDIR"/initramfs.server \
-net nic,vlan=2,macaddr=52:54:00:12:34:04,model=e1000 \
-net nic,vlan=3,macaddr=52:54:00:12:34:05,model=e1000 \
-watchdog i6300esb -watchdog-action poweroff \
- -kernel /boot/vmlinuz-"$KVERSION" \
-no-reboot \
-append "panic=1 $cmdline rd.debug $DEBUGFAIL rd.retry=5 rw console=ttyS0,115200n81 selinux=0 init=/sbin/init" \
-initrd "$TESTDIR"/initramfs.testing