Since we are using `actions/labeler@main`, its format changed, displaying the
following error with every new PR:
```
Run actions/labeler@main
The configuration file (path: .github/labeler.yml) was not found locally, fetching via the api
Error: Error: found unexpected type for label 'repository' (should be array of config options)
Error: found unexpected type for label 'repository' (should be array of config options)
```
Nothing in dracut appears to define the '$libdir' environment
variable when module scripts are being run. As a result when
the 01-systemd-repart module script runs, it fails to copy any
of the config files into the initrd. Replace it with '/usr/lib'
which reflects where systemd-repart expects its global config
files.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
David Cassany [Fri, 22 Sep 2023 14:28:48 +0000 (16:28 +0200)]
fix(overlayfs): split overlayfs mount in two steps
This commit splits the creation of required overlayfs underlaying
directories and the actual overlayfs mount. This way it is still
possible to mount the overlayfs with the generated sysroot.mount that
dmsquash-live creates.
The overlayfs tree is created in a pre-mount hook so it is executed
before sysroot.mount is started. Otherwise sysroot.mount starts and
fails before mount hooks are executed.
fix(install.d): do not create initramfs if the supplied image is UKI
When the supplied kernel image is a UKI, there's no point in creating
initramfs as the UKI has it built-in already. This is the situation when
dracut.install is called for a distro shipped UKI.
Note, KERNEL_INSTALL_IMAGE_TYPE == "uki" is different from
KERNEL_INSTALL_LAYOUT == "uki", the later can be used to create UKI upon
installing a standard kernel image.
Frantisek Sumsal [Sat, 14 Oct 2023 21:45:57 +0000 (23:45 +0200)]
feat(systemd): install systemd-executor
In [0] systemd gained a new binary - systemd-executor - that's used to
spawn processes forked off systemd. Let's copy it into the initrd if
it's available.
fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL]
`CONFIG_MICROCODE_AMD` and `CONFIG_MICROCODE_INTEL` are hidden since
https://lore.kernel.org/all/20230810160805.081212701@linutronix.de/, therefore
this check is wrong and early microcode is always disabled.
Benjamin Drung [Sat, 19 Aug 2023 14:34:52 +0000 (16:34 +0200)]
docs: set KVERSION for running test suite
Running the test suite in podman will most likely require setting
`KVERSION` because the running Linux kernel version will most likely be
different to the kernel version in the container.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Andrew Ammerlaan [Sun, 20 Aug 2023 10:19:10 +0000 (12:19 +0200)]
feat(install.d): allow using dracut in combination with ukify
This can be simply accomplished with the KERNEL_INSTALL_INITRD_GENERATOR
and KERNEL_INSTALL_UKI_GENERATOR variables. `60-ukify.install` looks for
the initrd in the KERNEL_INSTALL_STAGING_AREA and then takes care of building
the uki.
This change makes it possible to use a configuration like this:
/etc/kernel/install.conf
layout=uki
uki_generator=ukify
initrd_generator=dracut
Without this change this configuration will fail since dracut would also
generate an uki instead of initrd, which will cause a problem in
`60-ukify.install` since it can't find an initrd to use.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Benjamin Drung [Wed, 16 Aug 2023 11:56:41 +0000 (13:56 +0200)]
test: skip test 98 if dracut-util is not available
Building `dracut-util` requires the source code to be present and
prevents running the test against the installed system. Check that
`dracut-util` and rely on the test environment to build `dracut-util`
beforehand.
Benjamin Drung [Wed, 16 Aug 2023 11:50:47 +0000 (13:50 +0200)]
test: make package libdir configurable
Make the package libdir configurable to allow running the test suite
out-of-tree. `PKGLIBDIR` can be pointed to the installed dracut libdir.
Use `PKGLIBDIR` for the location of `dracut-init.sh`, `dracut-install`,
`dracut-util`, `dracut-cpio`, and `modules.d`.
This change is used to run the test suite against the installed dracut
in an autopkgtest for the Debian/Ubuntu package.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
fix(systemd): add new systemd-tmpfiles-setup-dev-early.service
`systemd-tmpfiles-setup-dev.service`, `kmod-static-nodes.service` and
`systemd-sysusers.service` have an ordering dependency on this new service since
https://github.com/systemd/systemd/commit/353c849
fix(dracut-install): protect against broken links pointing to themselves
`readlink` does not return an error if a symbolic link points to itself, which
can cause a stack overflow due to infinite recursion in the `get_real_file`
function.
Although this type of recursive links should not exist, we discovered this
issue on a real system. It can be reproduced as follows:
fix(dracut.sh): exit if resolving executable dependencies fails
We came across an issue where, when resolving executable dependencies, a call to
a buggy glib function in `dracut-install` was causing a termination with
SIGSEGV, but dracut didn't stop the build process, which resulted in an
unbootable initrd, due to missing required libraries.
feat(dracut): add --sbat option to add sbat policy to UKI
Take existing .sbat section from the uefi stub and merge it
with vmlinux .sbat (if it exists) and user-provided .sbat parameters
using the new --sbat option.
For some reasons, --update-section in objcopy does not resize the
.sbat section, so remove the section from the stub and add it
to the UKI as new one, to avoid having incomplete SBAT strings.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
David Disseldorp [Wed, 26 Jul 2023 13:49:41 +0000 (15:49 +0200)]
refactor(install): log about missing firmware only once
When attempting to locate a firmware path under each of the firwaredirs
parent directories, Dracut logs an error for every missing path.
Instead, only log the error if the firmware path isn't found under any
of the firmwaredirs.
When the `module_check` method is called passing 3 arguments (all calls right
now), the `forced` option is ignored, so the `hostonly` variable is never unset
before the module's `check` method is called.
fix(man): add missing initrd-root-device.target to flow chart
This target was added since https://github.com/dracutdevs/dracut/commit/d4efc0ae
and is ordered between `basic.target` and `sysroot.mount`, see `man bootup.7`
(`dracut-pre-mount.service` starts after).
Thomas Blume [Mon, 17 Apr 2023 13:41:07 +0000 (15:41 +0200)]
feat(livenet): add memory size check depending on live image size
For writeable live images, the memory must hold the complete image.
That means it must be at least the size of the image plus some RAM
necessary to run processes.
With too small RAM, the OOM Killer steps in and makes the boot hang.
This patch lets the system go into the emergency shell instead.
The default minimum RAM after subtracting the live image size is set to 1G.
The parameter rd.minmem is added to modify this.
Michał Zegan [Wed, 26 Oct 2022 16:10:38 +0000 (18:10 +0200)]
fix(modsign): load keys to correct keyring
Until now, 03modsign module was loading keys from /lib/modules/keys/* into the
current session keyring.
This change makes it add keys to the secondary trusted keyring. This works
only as long as added certificate is signed by key from the same keyring.
Martin Wilck [Fri, 16 Sep 2022 19:36:52 +0000 (21:36 +0200)]
feat(nvmf): add code for parsing the NBFT
Add code to parse the Nvme-oF Boot Firmware Table (NBFT) according
to the NVM Express Boot Specification 1.0 [1]. The implementation in
dracut follows a similar general approach as iBFT support in the
iscsi module.
NBFT support requires two steps:
(1) Setting up the network and routing according to the
HFI ("Host Fabric Interface") records in the NBFT,
(2) Establishing the actual NVMe-oF connection.
(1) is accomplished by reading the NBFT using JSON output from
the "nvme nbft show" command, and transforming it into command
line options ("ip=", "rd.neednet", etc.) understood by dracut's
network module and its backends. The resulting network setup code
is backend-agnostic. It has been tested with the "network-legacy"
and "network-manager" network backend modules. The network setup
code supports IPv4 and IPv6 with static, RA, or DHCP configurations,
802.1q VLANs, and simple routing / gateway setup.
(2) is done using the "nvme connect-all" command [2] in the netroot handler,
which is invoked by networking backends when an interface gets fully
configured. This patch adds support for "netboot=nbft". The "nbftroot"
handler calls nvmf-autoconnect.sh, which contains the actual connect
logic. nvmf-autoconnect.sh itself is preserved, because there are
other NVMe-oF setups like NVMe over FC which don't depend on the
network.
The various ways to configure NVMe-oF are prioritized like this:
1 FC autoconnect from kernel commandline (rd.nvmf.discover=fc,auto)
2 NBFT, if present
3 discovery.conf or config.json, if present, and cmdline.d parameters,
if present (rd.nvmf.discovery=...)
4 FC autoconnect (without kernel command line)
The reason for this priorization is that in the initial RAM fs, we try
to activate only those connections that are necessary to mount the root
file system. This avoids confusion, possible contradicting or ambiguous
configuration, and timeouts from unavailable targets.
A retry logic is implemented for enabling the NVMe-oF connections,
using the "settled" initqueue, the netroot handler, and eventually, the
"timeout" initqueue. This is similar to the retry logic of the iscsi module.
In the "timeout" case, connection to all possible NVMe-oF subsystems
is attempted.
Two new command line parameters are introduced to make it possible to
change the priorities above:
- "rd.nvmf.nonbft" causes the NBFT to be ignored,
- "rd.nvmf.nostatic" causes any statically configured NVMe-oF targets
(config.json, discovery.conf, and cmdline.d) to be ignored.
These parameters may be helpful to skip attempts to set up broken
configurations.
At initramfs build time, the nvmf module is now enabled if an NBFT
table is detected in the system.
[1] https://nvmexpress.org/wp-content/uploads/NVM-Express-Boot-Specification-2022.11.15-Ratified.pdf
[2] NBFT support in nvme-cli requires the latest upstream code (> v2.4).
Signed-off-by: Martin Wilck <mwilck@suse.com> Co-authored-by: John Meneghini <jmeneghi@redhat.com> Co-authored-by: Charles Rose <charles.rose@dell.com>
Martin Wilck [Thu, 9 Mar 2023 15:55:36 +0000 (16:55 +0100)]
fix(nvmf): support /etc/nvme/config.json
Since nvme-cli 2.0, configuration of subsystems to connect to is
stored under `/etc/nvme` in either `discovery.conf` or `config.json`.
Attempt discovery also if the latter exists, but not the former.
Also, install "config.json" if it's present on the root FS.
As before, "rd.nvmf.discover=fc,auto" will force either file to be ignored,
and NBFT-defined targets take precedence if found.
Martin Wilck [Thu, 12 Jan 2023 10:06:35 +0000 (11:06 +0100)]
fix(nvmf): install 8021q module unconditionally
In NBFT setups, VLAN can be configured in the firmware.
Add the 8021q module in hostonly mode even if VLAN is currently
not used to be prepared for such configuration change.
Andrew Ammerlaan [Sat, 17 Jun 2023 06:18:55 +0000 (08:18 +0200)]
fix(install.d): respect more kernel-install env variables
- If kernel-install has defined a staging area for us
(KERNEL_INSTALL_STAGING_AREA) install generated initrd/uki.efi there.
The actual install is then handled by 90-loaderentry.install or
90-uki-copy-install.
- Also skip regeneration if an uki.efi already exists.
- Pass --kernel-image to dracut, this is required to generate an uki (uefi=yes)
- Add --no-uefi argument to dracut rescue image generation, this ensures that
it at least installs correctly. TODO: Rework 51-dracut-rescue.install to also
work with uki's.
This fixes installing a kernel with uefi=yes in dracut config and layout=uki
in kernel/install.conf.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
fix(bluetooth): include it if Appearance matches the value assigned for keyboard
Following the Bluetooth spec [1], Assigned Numbers Document, Rev. 2023-05-04,
Section 2.6.3, Appearance Sub-category, the Appearance value defined for
keyboards is 0x03C1.
This value must be checked to include the bluetooth module in hostonly mode,
because some Bluetooth keyboards do not set the Class attribute.
fix(dracut-init.sh): correct check in `is_qemu_virtualized` function
Do not redirect `systemd-detect-virt` to /dev/null, otherwise, the `vm` variable
is always empty. This function was working only thanks to the following /sys
check.
Henrik Gombos [Wed, 14 Jun 2023 19:17:20 +0000 (19:17 +0000)]
ci: add dependencies to Debian container
- add systemd-boot-efi for test 18
- tgt is needed for test 30 and 35
- nbd-server is needed for test 40
- gawk dependency has been introduced by f32e95bcadbc5158843530407adc1e7b700561b1
- install dracut instead of initramfs-tools to match actual usage
- remove workaround for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962300
as it is now fixed on Debian 12.
fix(systemd-pcrphase): only include systemd-pcrphase-initrd.service
The only systemd-pcrphase related unit configured to run in the initrd is
systemd-pcrphase-initrd.service.
Both systemd-pcrphase.service and systemd-pcrphase-sysinit.service contain
`ConditionPathExists=!/etc/initrd-release`.