- module-setup.sh file permission corrected
- comment section cleaned up
- removal of dependency on systemd module
- added inclution of the unit into the sysinit target
- removal of systemctl enablement of type unit
Stefan Berger [Thu, 29 Apr 2021 22:23:26 +0000 (18:23 -0400)]
fix(integrity): properly set up EVM when using an x509 cert
The current EVM script does not handle the EVM setup properly when X509
certificates are involved. In this patch we extend the setup and add
the necessary flags for support of EVM activation that include
x509 certificates, possibly in conjunction with an HMAC key. We also
first try activating EVM for x509 certificates using
EVM_ALLOW_METADATA_WRITES for newer kernels, then without it for older
ones that did not support this flag.
We add support for additional EVM activation bits to be set, such
as EVM_SETUP_COMPLETE (0x80000000) via the config file and
EVM_ACTIVATION_BITS variable.
To avoid error messages related to unloading the HMAC key if none is
used, only attempt to unload the HMAC key if one was actually set.
We add documentation about the variables that can be set in the EVM
config file.
fix(udev-rules): remove sourcing of network link files
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
fix(network): use wicked unit instead of find_binary
dracut-install triggers "ERROR: installing '/usr/lib/wicked/bin/*'"
when find_binary is being used to determine if wicked is installed
so let's just check for the wicked type service unit instead.
Kairui Song [Thu, 22 Apr 2021 14:04:37 +0000 (22:04 +0800)]
fix: search for btrfs devices from actual mount poiont
Currently when dracut search for btrfs device used for initramfs, it
assumes the mount points passed in with "--mount" are all mounted with
given mount path. If user want the device to be mounted to a different
location in initramfs, this will not be true.
eg. with "--mount '/dev/mapper/vol /sysroot btrfs rw,relatime,subvolid=256,subvol=/root'"
and having '/dev/mapper/vol' currently mounted on '/', will raise an
error:
ERROR: cannot access '/sysroot': No such file or directory
Introducing the systemd-network-management meta module which will
allow distribution users and vendors to easily include
systemd + systemd's network management modules by simply include this
module instead of systemd network modules individually.
Obviously if the intent is to glue together somekind of network stack
out of random existing modules such as NetworkManager and or Wicked,
this meta module should not be enabled.
- Removing dependency on the systemd meta module since it causes circular dependency,
prevents the existance of multiple systemd based meta modules and is redunant.
- Removing directory creation for modules-load since it should not be
necessary and if it turns out that it is, it will be re-introduced in the
form of a systemd tmpfile instead of inst_dir.
- Add a missing inclusion of configuration files placed in /usr/lib/modules-load.d
and /etc/modules-load.d ( hostonly ) directories.
- Fix a spelling error in the systemd type unit file conf directory overwrite
in the hostonly section.
Harald Hoyer [Thu, 22 Apr 2021 07:06:23 +0000 (09:06 +0200)]
fix(network-manager): create /run directories
Create the `/run/NetworkManager/initrd` directory before creating
`/run/NetworkManager/initrd/neednet`. Somehow on Fedora 32 this
directory is missing, when the script is running.
This fixes all NetworkManager tests for Fedora 32.
Harald Hoyer [Tue, 20 Apr 2021 14:16:14 +0000 (16:16 +0200)]
ci: use /dev/disk/by-id
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
Peter Robinson [Wed, 21 Apr 2021 11:50:41 +0000 (12:50 +0100)]
fix(90kernel-modules): add watchdog drivers for generic initrd
The watchdog module pulls in the device specific watchdog if that
module is enabled, but in the case where we need a generic initrd
we don't get all watchdog drivers which means if we have a watchdog
enabled for that usecase it may get kicked too late in the boot
process so we need the drivers in the initrd for the generic case too.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Harald Hoyer [Mon, 19 Apr 2021 14:34:05 +0000 (16:34 +0200)]
ci: use disk ids for TEST 35 ISCSI MULTI
Due to parallel probing of the linux kernel `/dev/sd*` can't be used to
reliably address a hard disk. This can be seen by the many spurious
failures of the dracut CI, where `mdadm` failed with error 524 or tests
failed due to the success marker message written to the wrong disk.
* don't rely on `/dev/sd*` but use disk ids and `/dev/disk/by-id/ata-disk_<name>`
* specify the exact qemu machine architecture `-M q35` needed for the
disk ids. A later patch will move this to `run-qemu`, when all tests are converted
* due to `-M q35` the interface names have changed from
`ens2` -> `enp0s1` and `ens3` -> `enp0s2`
Harald Hoyer [Mon, 19 Apr 2021 14:30:50 +0000 (16:30 +0200)]
ci: add function to generate qemu disk arguments
`qemu_add_drive_args` can be used to generate arguments to specify disks
for a qemu machine (`-M q35`).
This is mostly useful to address those raw disks via `/dev/disk/by-id`,
because due to parallel probing in the kernel `/dev/sd*` can point to
anything.
Harald Hoyer [Sat, 17 Apr 2021 11:20:56 +0000 (13:20 +0200)]
fix(dbus-daemon): only error out in install()
Don't hard exit in `check()`. The transaction logic only checks if it
should/can include the module. Just return `255` and the `dbus` meta
module will pick its dependency.
Adam Alves [Fri, 22 Feb 2019 02:35:39 +0000 (23:35 -0300)]
feat(bluetooth): implement bluetooth support in initrd
- Included a bluetooth module that installs modules, firmware, udev rules and bluetoothd.
- systemd and dbus are required by bluetoothd
- Include bluetooth by default if BT keyboard or combo found
Harald Hoyer [Mon, 12 Apr 2021 09:13:21 +0000 (11:13 +0200)]
fix(TEST ISCSI): try to debug md error 524
While creating the striped md raid0 sometimes this error occures:
```
mdadm: Defaulting to version 1.2 metadata
mdadm: RUN_ARRAY failed: Unknown error 524
Failed to clear hint file.
Device /dev/md0 not found.
Powering off.
```
This commit changes how NM is started inside the initrd. Instead of running NM
in the special --configure-and-quit=initrd mode, which sets up network and
quits, start it as a daemon.
This has multiple advantages. First, we no longer need to run NM in a special
mode that requires additional code and maintenance. NetworkManager works
exactly as in the real root.
One problem of the current configure-and-quit approach is that once NM has
quit, dynamic addresses can expire if the initrd setup takes longer than the
DHCP lease interval or than the IPv6 address lifetime. Running NM as a service
solves this problem.
Now NM runs with D-Bus support and therefore its API can be used by other
modules. This open the possibility, for example, to integrate nm-cloud-setup to
automatically configure networking based on cloud metadata.
Use the NetworkManager-wait-online.service, ordered before
dracut-initqueue.service, to delay the initqueue until NM has terminated its
configuration.
fix(network-manager): use /run/NetworkManager/initrd/neednet in initqueue
We don't want to start NetworkManager if networking is not needed.
Right now nm-config.sh lays down /usr/lib/dracut/hooks/initqueue/finished/nm.sh
which will cause the initqueue to run. If nothing exists in
/usr/lib/dracut/hooks/initqueue/finished/ then it will short circuit and
the initqueue won't run anything. But what if something else needed
something to run in the initqueue? nm-run.sh would still get started,
even though /usr/lib/dracut/hooks/initqueue/finished/nm.sh didn't exist.
In this case let's just trigger off of /run/NetworkManager/initrd/neednet
like we are doing in the systemd unit (nm-run.service).
fix(network-manager): only run NetworkManager if rd.neednet=1
Don't run the new systemd unit (nm-run.service) if rd.neednet=1
isn't set. nm-initrd-generator will generate configuration even
without rd.neednet=1 so determining if we should start based on
just if connection profiles exist isn't enough. We need some other
indicator. In this case we lay down a /run/NetworkManager/initrd/neednet
if rd.neednet=1, which is used by nm-run.service to determine the
need to run.
If teaming is set up via NetworkManager we don't want systemd to take
down the userspace teamd process when NetworkManager quits. `KillMode=process`
will allow it to leave those processes behind.
This is fallout from the change to run NetworkManager via systemd (c17c5b7).
With `KillMode=process` we get something like:
```
sh-5.1# journalctl -u nm-run -o cat | tail
<info> [1618411262.7030] quitting now that startup is complete
<info> [1618411262.7030] device (team0): carrier: link connected
<info> [1618411262.7033] device (team0): team port ens2 was released
<info> [1618411262.7033] device (team0): team port ens3 was released
<info> [1618411262.7033] manager: NetworkManager state is now CONNECTED_SITE
<info> [1618411262.7034] exiting (success)
nm-run.service: Deactivated successfully.
nm-run.service: Unit process 476 (teamd) remains running after unit stopped.
Finished nm-run.service.
```
On system that doesn't have either consolefonts, consoletrans, keymaps,
or unimaps, "kbddir" is empty, thus the followed installation will
broken with errors like:
cp: cannot stat '/consolefonts/*': No such file or directory
Let's report the checks as failure if "kbddir" is empty.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
fix(dracut.sh): omission is an addition to other omissions in conf files
When omitting a module from the command line via -o or --omit
it's expected that it behaves in the same manner as adding a module from the
command line as in it does not overwrite existing omissions of other modules in
configuration file(s).
Harald Hoyer [Wed, 31 Mar 2021 14:16:52 +0000 (16:16 +0200)]
fix(base): source hooks without exec
Patch 2fabaaa62dcfd31e593ca changed the behaviour for `dash`
under the assumption, that dash does not take parameters for `.` aka
`source`. Although this is true, the original positional parameters of
the `source_all` function are still in place, so everything is
fine with the old way of sourcing.
projects / thirdparty / dracut.git / log
