Frederick Grose [Mon, 20 Aug 2018 13:47:50 +0000 (09:47 -0400)]
dmsquash-live: Support a flattened squashfs.img
A simplified root filesystem structure may be provided for OverlayFS
overlays by squashing the root filesystem directly instead of squashing
an embedded image file at /LiveOS/rootfs.img. Detect and configure
such a squashed root filesystem for live booting.
For OverlayFS boots, avoid the read-only Device-mapper linear device
at /dev/mapper/live-base.
Create a consistent device link at /dev/live-base for the read-only
base loop device for all overlayed live root filesystems.
Consistently provide a link at /dev/root for wait_for_dev.
Frederick Grose [Wed, 1 Aug 2018 22:40:20 +0000 (18:40 -0400)]
livenet: Enable OverlayFS overlay in sysroot.mount generator.
Adjust sysroot.mount configuration for rd.live.overlay.overlayfs option.
Use link at /dev/root as a consistent flag for wait_for_dev.
Adjust documentation.
Kairui Song [Wed, 25 Jul 2018 08:47:37 +0000 (16:47 +0800)]
lsinitrd: optimize performance when handling multiple files
Currently, when trying to unpack or print the content of multiple
files, lsinitrd will decompress the image and pipe the decompressed
content to cpio to retrive each file if the image is compressed.
Which mean if we want to extract 10 files the image will be decompressed
10 times, which is a waste of time.
This patch will let lsinitrd decompress the image file to a temp file
first if multiple file names are given, then cpio will read from the
decompressed temp file, which will speed up a lot.
Time consumption test for command:
`lsinitrd initramfs-4.16.15-300.fc28.x86_64.img \
usr/lib/dracut/build-parameter.txt \
usr/lib/dracut/modules.txt \
etc/machine-id \
etc/hostname \
usr/lib/udev/rules.d/99-systemd.rules`
Before the patch:
2.37user 0.33system 0:02.12elapsed
After the patch:
0.50user 0.42system 0:00.72elapsed
There would be a more significant time difference if we try to
extract more files.
Kairui Song [Wed, 25 Jul 2018 08:34:08 +0000 (16:34 +0800)]
lsinitrd: allow to only unpack certain files
Before this patch, "--unpack" will always unpack the whole image.
Make "--unpack" be able to unpack only certain files, it will be
easier to retrieve files from initramfs image.
Kairui Song [Tue, 17 Jul 2018 09:16:07 +0000 (17:16 +0800)]
Record loaded kernel modules when hostonly mode is enabled
A hostonly image will not include every possibly required kernel module,
so if any hardware or configuration changed, the image may fail to boot.
One way to know if there are any hardware change or configuration change
that will require an image rebuild or not is to check the loaded kernel
module list. If the loaded kernel module list differs from last build
time, then the image may require to be rebuilt.
This commit will let dracut record the loaded kernel module list when
the image is being built, so other tools or services can compare this
list with currently loaded kernel modules to decide if dracut should be
called to rebuild the image.
To retrieve the loaded kernel modules list when an image is built, use
lsinitrd command:
Mike Gilbert [Tue, 4 Jul 2017 02:39:42 +0000 (22:39 -0400)]
dracut.sh: improve udevdir and systemdutildir fallback logic
Check for a common binary in systemdutildir. This resolves an issue on
split-usr systems, where it is common to have both /lib/systemd[/system]
and /usr/lib/systemd[/user] present.
Check for systemd-udevd specifically, since some distros (Gentoo) allow
udev to be installed without the rest of the systemd stack.
Similar logic is applied to udevdir simply for consistency.
90-multipath-hostonly module was added in 5ce7cc73, because if hostonly
mode is enabled, multipath module will always hardcode wwids which
causes problems when the initramfs is cloned to another system with same
hardware.
Now with tri-state hostonly mode, the two modules could be merged and only
hardcode wwids when "strict" hostonly mode is enabled.
Daniel Molkentin [Mon, 29 Jan 2018 13:58:31 +0000 (08:58 -0500)]
95qeth_rules: Add new module to copy qeth rules
Only pick rules for interfaces which have a carrier in the running
system. Those interfaces will be assembled by udev to allow booting
from those devices (i.e. iSCSI).
Kairui Song [Wed, 4 Jul 2018 09:21:37 +0000 (17:21 +0800)]
Introduce tri-state hostonly mode
Add a new option --hostonly-mode which accept an <mode> parameter, so we have a tri-state hostonly mode:
* generic: by passing "--no-hostonly" or not passing anything.
"--hostonly-mode" has no effect in such case.
* sloppy: by passing "--hostonly --hostonly-mode sloppy". This
is also the default mode when only "--hostonly" is given.
* strict: by passing "--hostonly --hostonly-mode strict".
Sloppy mode is the original hostonly mode, the new introduced strict
mode will allow modules to ignore more drivers or do some extra job to
save memory and disk space, while making the image less portable.
Also introduced a helper function "optional_hostonly" to make it
easier for modules to leverage new hostonly mode.
To force install modules only in sloppy hostonly mode, use the form:
Jeremy Linton [Tue, 3 Jul 2018 04:25:05 +0000 (23:25 -0500)]
dracut-install: Support modules.softdep
Dracut uses the module deps to determine module dependencies
but that only works for modules with hard symbolic dependencies.
Some modules have dependencies created via callback API's or other
methods which aren't reflected in the modules.dep but rather in
modules.softdep through the use of "pre:" and "post:" commands
created in the kernel with MODULE_SOFTDEP().
Since in dracut we are only concerned about early boot, this patch
only looks at the pre: section of modules which are already being
inserted in the initrd under the assumption that the pre: section
lists dependencies required for the functionality of the module being
installed in the initrd.
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
Adam Williamson [Fri, 22 Jun 2018 18:25:04 +0000 (11:25 -0700)]
Include virtio DRM drivers in hostonly initramfs
The code in 50drm which tries to include all DRM drivers for
hardware attached to the system did not look for virtio devices.
So if the system is a VM using the 'virtio' graphics adapter,
the 'virtio-gpu' module which should be included is not. This
extends the code to also look for virtio devices.
Ondrej Mosnacek [Fri, 8 Jun 2018 11:38:34 +0000 (13:38 +0200)]
fips: only install FIPS-compliant crypto modules
Since the kernel doesn't allow using any non-FIPS-compliant crypto
algorithms, it doesn't make sense to install them. Even if they are
installed, tcrypt will not test them anyway.
Tested on Fedora 28 x86_64 by booting with fips=1 (with hand-patched
module-setup.sh).