David Disseldorp [Thu, 10 Feb 2022 19:08:11 +0000 (20:08 +0100)]
fix(cpio): correct dev_t -> rmajor/rminor mapping
dev_t -> major/minor number mapping is more complicated than the
incorrect major=(dev_t >> 8) minor=(dev_t & 0xff) mapping that we
currently perform. Fix mapping to match Linux / glibc behaviour.
Fixes: https://github.com/dracutdevs/dracut/issues/1695 Reported-by: Ethan Wu <ethanwu10@gmail.com> Signed-off-by: David Disseldorp <ddiss@suse.de>
David Disseldorp [Thu, 10 Feb 2022 17:05:21 +0000 (18:05 +0100)]
ci(cpio): add test_archive_dev_maj_min
This tests dracut-cpio's handling of rmajor / rminor values compared to
GNU cpio. The test requires root, due to mknod invocation for block
device node creation.
Renaud Métrich [Thu, 6 Jan 2022 18:50:28 +0000 (19:50 +0100)]
fix(dracut): be more robust when using 'set -u'
From bash manpage, FUNCNAME exists only inside functions. When in debug
mode, make sure to use an empty default value as FUNCNAME[0] when
outside of functions.
With bash4 this wasn't an issue, but is with bash5 with hardening option
'set -u' used, as shown in the example below:
This hardening enables sourcing dracut-lib.sh from external utilities
executing in the initramfs such as clevis-luks-askpass, which uses
hardening option 'set -u' internally.
(see Clevis PR https://github.com/latchset/clevis/pull/340)
Kairui Song [Fri, 7 Jan 2022 06:03:20 +0000 (14:03 +0800)]
feat(dracut.sh): add --aggresive-strip option
Dracut currently calls `eu-strip` or `strip` with -g, which only strips
out .debug_* sections. symtab and strtab are kept, but are not required
for runtime, and people will rarely need to do binary level debugging
work in initramfs.
So introduce a --aggresive-strip options, try strip out all sections
that are not required for runtime. This can help reduce the binary size
by a lot.
For example, the size of libc.so is reduced by a lot when stripped
with no option than with -g.
Renaud Métrich [Thu, 13 Jan 2022 16:35:59 +0000 (17:35 +0100)]
fix(dracut-shutdown): add cleanup handler on failure
It may happen that dracut-shutdown.service fails, for example on timeout
due to very low bandwidth.
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
unit doing dracut-shutdown.service cleanup needs to execute to make sure
switching root to an incomplete initramfs won't occur later.
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
The regular expression here is trying to handle various kernel
module compression schemas and was missing the zst extension
which indicates use of zstd.
Adrien Thierry [Mon, 20 Dec 2021 14:41:07 +0000 (09:41 -0500)]
fix(kernel-modules): add mailbox drivers for arm
Mailbox drivers might be needed by some of the devices used in the
initrd. For example, on the Raspberry Pi 4, the MMC 'sdhci-iproc' driver
depends on 'bcm2835-mailbox'.
David Teigland [Fri, 17 Dec 2021 18:14:51 +0000 (12:14 -0600)]
fix(lvm): restore setting LVM_MD_PV_ACTIVATED
The 69-dm-lvm-metad.rules udev rule has been removed from
the initrd, because it's been dropped by recent upstream
lvm versions, and it never performed any primary function
within the initrd. But, it did have the job of setting
LVM_MD_PV_ACTIVATED=1 for active md devices used by PVs.
That step needs to be restored, and is now included in
64-lvm.rules.
David Teigland [Fri, 10 Dec 2021 18:51:26 +0000 (12:51 -0600)]
feat(lvm): only run lvchange for LV that is seen on devices
Change the command listing LVs from lvscan to lvs, and list
only the LV names that are being activated. Before attempting
to activate an LV, check that that LV name appears in the
lvs command output. This avoids wasting time running an
lvchange command that we know will fail.
David Teigland [Wed, 8 Dec 2021 21:16:03 +0000 (15:16 -0600)]
feat(lvm): use generated filter when none is set
Previously, the lvm device filter generated by dracut
would not be used if any lvm.conf file existed in the
initrd. Change this so that the generated filter will
be used when the included lvm.conf has no filter set.
David Teigland [Wed, 8 Dec 2021 20:14:27 +0000 (14:14 -0600)]
fix(lvm): replace --partial option
The --partial option will activate a linear (or other) LV
without segments for missing devices, which is unlikely to
be useful. The intention was to activate raid LVs in a useful
form while missing devices, which is specified with the option
--activationmode degraded.
David Teigland [Wed, 8 Dec 2021 20:11:13 +0000 (14:11 -0600)]
revert(lvm): remove 69-dm-lvm-metad.rules
This udev rule runs pvscan to autoactivate VGs, which dracut
does not want to do, and previously disabled by editing the
rule file and commenting out lines.
This also stops /dev/disk/by-id/lvm-pv-uuid-* symlinks from
being created in the initrd.
David Teigland [Wed, 8 Dec 2021 20:07:42 +0000 (14:07 -0600)]
revert(lvm): remove lvmetad config changes
Remove support for modifying use_lvmetad and locking_type
settings in lvm.conf for lvm versions 2.2.*. Recent lvm
versions (2.3.*) do not include lvmetad or locking_type.
This cleanup simplifies code maintenance.
To use the lvm module with older versions (2.2), a user
would need to ensure that lvmetad settings are disabled
in the initrd's lvm.conf rather than relying on the lvm
dracut mode to modify their lvm.conf.
Martin Wilck [Tue, 7 Dec 2021 17:30:16 +0000 (18:30 +0100)]
fix(multipath): check if mpathconf is available
Not all distributions utilize and ship the mpathconf utilitiy.
Avoid error messages and systemd complaints about
multipathd-configure.service in this case.
Martin Wilck [Tue, 7 Dec 2021 16:59:25 +0000 (17:59 +0100)]
fix(multipathd.service): adapt to upstream multipath-tools unit file
In the long run, it's desirable to be able to drop dracut's copy of
multipathd.service and use the upstream one from multipath-tools instead.
This patch makes a step in that direction.
With these changes, the only remaining difference is the support for
rd.multipath=0 and rd_NO_MULTIPATH, which must obviously be ignored in the
upstream unit.
The modifications in this patch are minor and will have no effect in the
initramfs.
Martin Wilck [Tue, 7 Dec 2021 10:43:26 +0000 (11:43 +0100)]
fix(multipathd.service): remove dependency on systemd-udev-settle
The dependency of multipathd on "udev settle" has recently been removed in c9689b6 ("multipathd: Remove dependency on systemd-udev-settle.service").
But this dependency has never been necessary in the initramfs environment. It
was only required after switching root, because multipathd would potentially
tear down valid multipath maps after switching from initrd to root FS. This can
happen because dm devices "survive" the root FS switch in the udev data
base (they have the "db_persist" flag set), whereas their component devices
(SCSI etc) do not. But this can only happen after initrd-udevadm-cleanup-db.service
has been run, which happens after initrd processing.
The only dependency that's really needed is that on
systemd-udevd-kernel.socket, because multipathd depends on uevents for
devices being delivered via systemd-udevd.
joshuacov1 [Fri, 26 Nov 2021 10:40:51 +0000 (05:40 -0500)]
fix(base): do not change the provided UUID
During boot dracut parses the provided UUID to lower case and thus starts an
endless loop wating for the devise to appear. The device is actually mapped
correctly by the kernel (which doesn't tweak the UUID) but because we are
waiting for a name with lower charachters the expeted device never appers which
drops us at the emergency shell leaving the system unbootable.
This happens especially on nfts/fat filesystems because technically those don't
have a UUID but searial numbers which are used by the linux tools as UUID.
Laszlo Gombos [Fri, 3 Dec 2021 16:48:03 +0000 (11:48 -0500)]
fix(dmsquash-live): option to use overlayfs on a block device root
An example kernel command line option for this configuration
root=/dev/sda1 ro rd.live.image rd.live.overlay.overlayfs=1
The change checks if $FSIMG is empty and adds a symlink from
/run/rootfsbase to /run/initramfs/live and changes the place
of the creation of the required mount point directories.
The current detection routine for openssl-based libcurl assumes that
libcurl has its own hardcoded path to the ca-bundle. Fix the
cases where curl is compiled with:
In this case, we must also grep in OpenSSLs libcrypto.
Other changes:
- Filter reported but non-existant paths.
- Strip nul bytes returned by grep.
- Consider that ca-bundles might use '.pem' instead of '.crt'.
Original-patch-by: Daniel Molkentin <daniel.molkentin@suse.com>
Hans de Goede [Thu, 9 Dec 2021 15:35:11 +0000 (16:35 +0100)]
fix(drm): add privacy screen modules to the initrd
Starting with kernel 5.17 the kernel supports the builtin privacy screens
built into the LCD panel of some new laptop models.
This means that the drm drivers will now return -EPROBE_DEFER from their
probe() method on models with a builtin privacy screen when the privacy
screen provider driver has not been loaded yet.
Make dracut add the privacy screen providing drivers to the initrd
(when necessary for hostmode=yes), so that drm drivers on affected
drivers can probe() successfully.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Martin Wilck [Fri, 19 Nov 2021 11:47:32 +0000 (12:47 +0100)]
fix(dracut.sh): check availability of configured compression
If the configured compression command is unavailable, reset $compress,
and fall back to auto-detection. This allows building an initramfs
even if the configured compression command is not installed. This can
happen e.g. if the distribution uses a preconfigured default, but the
user deinstalled the respective tool.
Martin Wilck [Fri, 19 Nov 2021 11:46:04 +0000 (12:46 +0100)]
fix(dracut.sh): inform user about auto-selected compression method
If the compression method is unset, or had to be reset because of
missing dependencies, inform the user what's being used. Also,
replace the printf in the "cat" case with a dwarn.
Martin Wilck [Fri, 19 Nov 2021 11:39:30 +0000 (12:39 +0100)]
fix(dracut.sh): drop pointless check for module compression method
There's no need to decompress the kernel modules in dracut, and
"$kcompress" is never referenced. dracut can build the initramfs
just fine if there's no tool for decompressing modules.
Pavel Valena [Mon, 22 Nov 2021 15:40:39 +0000 (16:40 +0100)]
fix(network): add errors and warnings when network interface does not exist
End with error, or show a warning when nonexistent device is specified for network setup like
`ip=10.12.8.12::10.12.255.254:255.255.0.0:xk12:eth0:off`.
I've added the error only for `write-ifcfg.sh`, as I think no such setup should be written.
fix(dracut-functions.sh): get block device driver if in a virtual subsystem
dracut does not install the kernel module of the block device that contains
the root filesystem if the following preconditions are met:
- Running in host-only mode.
- Symlinks of all block devices needed to boot the system pointing to virtual
subsystems.
The get_dev_module function uses "udevadm info -a" to get the corresponding
kernel modules of a /sys/class/*/* or /dev/* device. This function is called
in modules.d/90kernel-modules/module-setup.sh to detect if dracut must install
block device drivers in host-only mode. The symlinks in /sys/dev/block/
usually point to "real" devices in /sys/devices/pci*. But, we have come across
some NVMe systems where the kernel creates the symlinks in /sys/dev/block/
pointing to "virtual" devices instead. In this case, udevadm never finds any
"driver" attributes following up the chain of parent devices.
fix(mdraid): allow UUID comparison for more than one UUID
If the system provides more than one UUID, the _MD_UUID var
contains a line break after each UUID. Therefore the strstr
function could not find any UUID, caused by the additional
spaces provided to the function.
Furthermore this could lead to a boot interruption, because
the start of a degraded raid1 won't be executed. So, manual
interaction is necessary.
ci(TEST-63-DRACUT-CPIO): kernel extraction tests for dracut-cpio
dracut-cpio already carries a bunch of unit tests covering compression
and GNU cpio extraction. The purpose of these tests is to exercise the
dracut.sh --enhanced-cpio code-paths as well as kernel cpio archive
extraction.
David Disseldorp [Wed, 17 Feb 2021 00:05:37 +0000 (01:05 +0100)]
feat(dracut.sh): add "--enhanced-cpio" option for calling dracut-cpio
The new dracut-cpio binary is capable of performing copy-on-write
optimized initramfs archive creation, but due to the rust dependency
isn't built / installed by default.
This change adds a new "--enhanced-cpio" parameter for dracut which
sees dracut-cpio called for archive creation instead of GNU cpio.
David Disseldorp [Wed, 19 May 2021 11:46:25 +0000 (13:46 +0200)]
feat(cpio): add newc archive creation utility
dracut-cpio is a minimal cpio archive creation utility written in Rust.
It provides support for a minimal set of features needed to create
performant and space-efficient initramfs archives:
- "newc" archive format only
- reproducible; inode numbers, uid/gid and mtime can be explicitly set
- data segment copy-on-write reflinks
+ using Rust io::copy()'s native copy_file_range() support[1]
+ optional archive data segment alignment for optimal reflink use[2]
- hardlink support
- comprehensive tests asserting GNU cpio binary output compatibility
2. Data segment alignment
We're bending the newc spec a bit to inject zeros after the file path
to provide data segment alignment. These zeros are accounted for in
the namesize, but some applications may only expect a single
zero-terminator (and 4 byte alignment). GNU cpio and Linux initramfs
handle this fine as long as PATH_MAX isn't exceeded.
David Disseldorp [Fri, 28 May 2021 23:10:11 +0000 (01:10 +0200)]
feat(cpio): add rust argument parsing library from crosvm
Crosvm's rust argument library is very small and simple, while still
providing helpful functionality. It will be consumed by dracut-cpio in a
subsequent commit.
The unmodified, BSD licensed argument.rs source is lifted as-is from
https://chromium.googlesource.com/chromiumos/platform/crosvm
(release-R92-13982.B b6ae6517aeef9ae1e3a39c55b52f9ac6de8edb31).
The one-line crosvm.rs wrapper is needed to ensure that crosvm::argument
imports continue to work.
Dan Horák [Wed, 10 Nov 2021 11:14:15 +0000 (12:14 +0100)]
fix(resume): check for presence of /sys/power/resume
On platforms where the kernel is built without suspend/resume support we
see "cat: /sys/power/resume: No such file or directory" message when
creating an initrd image. Check for the presence of /sys/power/resume
first before reading it.
Laszlo Gombos [Fri, 19 Nov 2021 17:45:20 +0000 (12:45 -0500)]
fix(dmsquash-live): do not install systemd files when systemd is not enabled
Systemd is an optional module for the dmsquash-live module. This scenario
is properly handled for other modules (for example livenet module) but not
for dmsquash-live module.
Renaud Métrich [Tue, 16 Nov 2021 10:15:52 +0000 (11:15 +0100)]
fix(shutdown): be robust against forced shutdown
When a forced shutdown is issued through sending a burst of Ctrl-Alt-Del
keys, systemd sends SIGTERM to all processes. This ends up killing
dracut-initramfs-restore as well, preventing the script from detecting
that the unpack of the initramfs is incomplete, which later causes a
crash to happen when "shutdown" tries to execute from the unpacked
initramfs.
This fix makes sure dracut-initramfs-restore remains alive to detect
the unpack failed (because cpio was killed by systemd too).
Frantisek Sumsal [Fri, 12 Nov 2021 20:43:12 +0000 (21:43 +0100)]
test: don't use `-cpu max` in GH Actions
There appears to be an issue with newer QEMU versions (spotted with Arch
Linux and C9S containers) which causes the respective GH Action to hang
when booting a QEMU VM in combination with the `-cpu max` parameter.
During (a particularly painful) debugging session I once managed to get
some output from such "frozen" machine (using `earlycon` and
`earlyprintk` kernel cmdline options), and in that particular case the
VM died with a trap caused by an invalid opcode.
I couldn't reproduce this locally, only in GH Actions environment with
Arch Linux and C9S containers. Also, so far I haven't found out which
specific CPUID flag causes this, but using the `IvyBridge-v2` feature
set seems to mitigate the issue.
Peter Robinson [Sat, 16 Oct 2021 09:41:24 +0000 (10:41 +0100)]
fix(90kernel-modules): add isp1760 USB controller
Like the dwc/chipidea controllers the isp1760 can act in either
host or gadget mode so it ends up in it's own directory. Add this
driver into the initrd as it's part of some arm platforms and
is needed to be able to boot off USB storage.
Fixes issue #1619
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
fix(network-manager): disable tty output if the console is not usable
The network-manager module also writes logs to the console, so that it's easier
to debug network-related boot issues. If systemd can't open the console, the
service fails and network doesn't get configured.
Add a check to disable tty output when the console is not present or not
usable.
feat(systemd): enable support for systemd compiled with ASAN
When systemd is compiled with ASAN library to troubleshoot memory issues
within systemd code, the libasan library expects to have /proc be
available as soon as systemd starts, which isn't the case currently,
causing an assertion to fail, systemd to crash and kernel to panic:
Peter Robinson [Wed, 6 Oct 2021 10:05:49 +0000 (11:05 +0100)]
fix(90kernel-modules): add Type-C USB drivers for generic initrd
We need to pull in Type-C USB drivers as they can provide a number of
differnet bits of functionality in early boot including input, display
(altmode DP) and storage so we need to have them available to ensure
functionality attached to those buses/interfaces are available in early
boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Luca BRUNO [Thu, 23 Sep 2021 09:05:44 +0000 (09:05 +0000)]
fix(multipath): drop ExecStop= setting from service unit
This removes the 'ExecStop=' field from `multipathd.service`.
Sometimes CI runs do encounter a failure related to this
service in initrd, which seems to be stemming from a socket
I/O race between the client and the server on shutdown.
It looks like the client (`multipathd shutdown`) can lose the race,
hit an I/O error, and cause the whole unit to fail (even if the server
managed to shutdown properly already).
Notably, the upstream unit does not have such stop command
as the daemon can already perform a graceful exit through
its signal handler.
As such, this commit partially re-aligns the two units,
trying to sidestep any of the existing races.