Benjamin Drung [Sun, 8 Feb 2026 01:01:53 +0000 (02:01 +0100)]
ci: also run container manifest step for by workflow_dispatch
The container CI jobs might be run manually (using the
`workflow_dispatch` trigger). In this case the `manifest` step is
skipped. This makes manually runnings the container job useless.
Also run the container manifest step for `workflow_dispatch`.
Benjamin Drung [Sat, 7 Feb 2026 13:26:29 +0000 (14:26 +0100)]
test: rename overlay directory to rootfs
Several tests use `build_ext4_image` to generate a rootfs and do not
rely on `test-makeroot` any more (where the `overlay` directory name was
used).
To make the test code more readable, rename the `overlay` directory to
`rootfs`. In case there are client and server rootfs, use
`client-rootfs` and `server-rootfs`.
Benjamin Drung [Fri, 6 Feb 2026 23:53:44 +0000 (00:53 +0100)]
test: prevent overlay/source being added in test_dracut
The function `test_dracut()` will include `$TESTDIR/overlay` into the
test `initramfs.testing` if available. Several tests create
`$TESTDIR/overlay/source` for creating rootfs using `test-makeroot`.
Delete `$TESTDIR/overlay` after being used by `test-makeroot` to avoid
adding `$TESTDIR/overlay/source` to the client test initrd.
Benjamin Drung [Fri, 6 Feb 2026 22:00:14 +0000 (23:00 +0100)]
fix(dracut): also check libraries when resolving lazy
Dracut might resolve executable dependencies lazy. In this case all
libraries are installed without resolving their dependencies.
Later Dracut will resolve dependencies of the included executables, but
it will not explicitly check libraries. This will miss resolving
dependencies of libraries that are used via `dlopen()`.
There is no requirement for library files to be executable. So resolve
dependencies all files. `resolve_deps()` will check if the file is
either an ELF file or a script.
This will also resolve dependencies of scripts that are not marked
executable, which might be an undesired side effect. In this case users
are advised to either call `dracut-install` without `-l` or not include
those files at all.
chore(dracut): switch to /usr/lib from /lib for hooks
The current tendency is to move towards "hermetic /usr" and not
introduce new things outside of it. For distro shipped hooks and
for the testsuite move the location from /lib to /usr/lib.
Benjamin Drung [Tue, 3 Feb 2026 21:24:46 +0000 (22:24 +0100)]
fix: avoid leading spaces in systemd units
Some `sed` commands insert multiple lines into systemd units. Using
backslash followed by a newline and spaces (for indentation) will
include those spaces in the systemd unit.
feat(systemd-import): introducing the systemd-import module
This new module takes advantage of the features provided by
systemd-import-generator(8), systemd-importd.service(8) and
systemd-loop@.service(8), especifically the `rd.systemd.pull=` kernel command
line option, to download a disk image (tar/raw) into memory, optionally validate
its checksum or signature, and directly boot into it.
It allows to:
- Download a tar disk image into /run/machines and bind mount it into /sysroot
(via `root=bind:...`).
- Download a raw image into memory and attach it to a loopback block device, so
we can point `root=` to a known label or to the proper `/dev/disk/by-loop-ref/`
device.
Notes:
- It needs enough RAM to save and unpack/decompress the image.
- The image can be compressed with xz, gzip, bzip2, zstd.
- It supports btrfs, erofs, ext4, f2fs, squashfs, vfat, or xfs filesystems.
Introduce tests for Dracut hooks that mainly checks two things:
- Hooks from all hooks locations: `/var/lib/dracut/hooks`, `/etc/dracut/hooks`,
`/lib/dracut/hooks` execute.
- Hooks with the same name execute from the top priority location.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Tweaked-by: Benjamin Drung <benjamin.drung@canonical.com>
Dracut init supports running custom hooks which are placed to
/var/lib/dracut/hooks/. The location was previously changed to /var
as the place needs to be writeable as some hooks are created and removed
in runtime. The current location, however, may come inconvenient in some
scenarios when the user wants to extend initramfs with custom scripts. In
particular, systemd allows extending initrd with 'sysext' and 'confext'
mechanism. This comes handy for extending e.g. UKI's initramfs without
the need to rebuild (and re-sign) the UKI. The problem is that 'sysext' can
only be used to extend /usr and /opt and 'confext/ can only extend /etc.
Both services make the location read-only and thus can't be used for the
main dracut hooks location even if we move it somewhere.
Add additional locations where users can put dracut hooks:
- /lib/dracut/hooks -- this location is supposed to be used for
distro-specific static hooks.
- /etc/dracut/hooks -- this location can be used by users for locally
created hooks.
- /var/lib/dracut/hooks -- the default location which is supposed to be
used by dracut modules. This location is always writeable so modules
can place and remove hooks from there in runtime. The existing '$hookdir'
variable keeps pointing at this place.
Dracut also has support for /var/lib/dracut/hooks/initqueue/work flag and
in theory, it does not have to be in the hooks directory as it is not a
hook. The location, however, is documented and it is not entirely clear
if it would make sense to add support for /lib/dracut/hooks/initqueue/work
and /etc/dracut/hooks/initqueue/work as well: these locations can (and
probably should) be read-only so creating/removing flag there is hard. Keep
the status quo and only support '$hookdir/initqueue/work' for now.
Benjamin Drung [Wed, 4 Feb 2026 12:57:19 +0000 (13:57 +0100)]
feat: merge rd.overlayfs into rd.overlay
Having both `rd.overlayfs` and `rd.overlay` is confusing.
Standardize on using `rd.overlay` for the overlayfs Dracut module. Merge
`rd.overlayfs` into `rd.overlay`. `rd.overlay` can be a boolean or point
to a storage device now.
Commit b77ae7eb8523 ("feat: rename rd.live.overlay.overlayfs to
rd.overlayfs") introduced `rd.overlayfs` after the release 109. So no
Dracut release included `rd.overlayfs` and therefore no backward
compatility for `rd.overlayfs` is needed.
Benjamin Drung [Fri, 30 Jan 2026 23:53:19 +0000 (00:53 +0100)]
chore(dracut-logger): drop __DRACUT_LOGGER__
Commit d6d53f60b21e ("dracut-functions: use "type" to determine the need
of sourcing dracut-logger") removed checking `__DRACUT_LOGGER__`. There
is no code any more that checks this environment variable.
Benjamin Drung [Wed, 4 Feb 2026 12:45:36 +0000 (13:45 +0100)]
test: add commented DEBUGFAIL for debugging
To ease debugging add a commented `DEBUGFAIL` to all test cases.
Uncommenting `DEBUGFAIL` will be the first step of debugging in case the
logs are not enough.
Benjamin Drung [Sun, 1 Feb 2026 00:26:10 +0000 (01:26 +0100)]
fix(dracut-logger): do not require debug to be defined
In case `dracut-logger.sh` is used in combination with `set -u` the
logging functions can fail due to `debug` not being defined. `dracut.sh`
sets this variable, but other consumers might not.
So support `set -u` by not require `debug` to be defined.
erofs is blacklisted by default and not supported in openSUSE, so it does not
make sense to test anything related to erofs in the CI with the openSUSE
container.
Benjamin Drung [Tue, 3 Feb 2026 12:23:30 +0000 (13:23 +0100)]
test: print error in case root partition count mismatch
The dmsquash test case can fail by not creating an overlay partition. In
this case the test fails with exit code 1 without printing an error.
This is hard to debug.
So print an error message in case the root partition count mismatches.
Benjamin Drung [Sat, 31 Jan 2026 00:39:21 +0000 (01:39 +0100)]
fix(dracut-logger): do not export maxloglvl and syslogfacility
Commit 46265a9d3e0a ("dracut-logger: make $maxloglvl public") exports
the `maxloglvl` variable, but this is not needed. Exporting variables is
only needed when subprocesses need to access those variables.
`maxloglvl` is only used in `dracut-logger.sh` and `dracut.sh`.
`dracut.sh` sources `dracut-logger.sh`. So exporting `maxloglvl` is not
needed. `syslogfacility` is only used in `dracut-logger.sh`.
So do not export `maxloglvl` and `syslogfacility`.
Benjamin Drung [Fri, 30 Jan 2026 23:58:41 +0000 (00:58 +0100)]
test: unset DRACUT_NO_XATTR after build_client_rootfs
`build_client_rootfs` sets `DRACUT_NO_XATTR` to not require xattr
support which is noot needed for the client rootfs. To not influence the
test coverage for xattr support, unset `DRACUT_NO_XATTR` afterwards.
chore(dracut): finalize transition to /var/lib/dracut/hooks
Commit a45048b80c ("move hooks directory from /usr/lib to /var/lib")
moved hooks to /var/lib/dracut/hooks and created a symlink from /lib
to avoid the code churn. In preparation to supporting additional
hooks locations, finalize the transition and use /var/lib/dracut/hooks
everywhere.
Benjamin Drung [Wed, 4 Feb 2026 10:27:56 +0000 (11:27 +0100)]
Revert "refactor(overlayfs): move legacy option handing into a cmdline hook"
Moving parsing the legacy options into
`parse-legacy-overlayfs-options.sh` can break the backward
compatibility. Out of tree Dracut modules might want to write to
`/etc/cmdline.d` after `parse-legacy-overlayfs-options.sh`. That change
wouldn't be picked up then.
Benjamin Drung [Tue, 3 Feb 2026 11:34:14 +0000 (12:34 +0100)]
refactor(overlayfs): move legacy option handing into a cmdline hook
Reading the code and understanding the logic gets complicated by
supporting legacy kernel command line options. This will be especially
be true once `rd.overlayfs` gets merged into `rd.overlay`.
So move all the legacy kernel command line option handling into the
separate `parse-legacy-overlayfs-options.sh` script that is executed
during the cmdline stage.
Benjamin Drung [Tue, 3 Feb 2026 11:22:02 +0000 (12:22 +0100)]
feat(base): support cmdline options in /run/initramfs/cmdline.d
The command line options can be specified in `/etc/cmdline`,
`/etc/cmdline.d`, and on the kernel command line `/proc/cmdline`.
`/proc/cmdline` is read last and overrides options from `/etc`. There is
no way to override options from `/proc/cmdline`.
To allow overriding options from `/proc/cmdline` during boot also read
`/run/initramfs/cmdline.d`.
Benjamin Drung [Mon, 2 Feb 2026 15:04:49 +0000 (16:04 +0100)]
fix(livenet): correct check for deprecated rd.live.overlay.overlayfs
Commit b77ae7eb8523 ("feat: rename rd.live.overlay.overlayfs to
rd.overlayfs") made a mistake and looks for `rd.live.overlayfs.readonly`
instead of `rd.live.overlay.overlayfs` as deprecated option for
`rd.overlayfs`.
Benjamin Drung [Sun, 1 Feb 2026 22:52:28 +0000 (23:52 +0100)]
test: define test expectation in test.sh
Test 21 defines the test expectation in `assertion.sh` based on the boot
parameters. Every time a new kind of subtest is added in `test.sh` the
expectation in `assertion.sh` needs to be changed accordingly.
To avoid touching two places, define the test expectation in the kernel
boot parameter `test.expect` and let `assertion.sh` operate on that.
Jo Zzsi [Fri, 23 Jan 2026 21:57:46 +0000 (16:57 -0500)]
fix(systemd-cryptsetup): increase ordering to resolve regression
Support for `AF_UNIX` key files was added in 80480a7, in `90systemd-cryptsetup`
at that time. `90systemd-cryptsetup` depending on `90crypt` was ok, because
`90crypt` was evaluated before `90systemd-cryptsetup`, filling
`$initdir/etc/crypttab` before `90systemd-cryptsetup` tried to parse it.
But 43581cd changed the order to `01systemd-cryptsetup`, causing that the
install section of this module is evaluated before `90crypt`, that is,
before `$initdir/etc/crypttab` exists.
The systemd-cryptsetup dracut module needs to be ordered after the
crypt dracut module to ensure that "$initdir"/etc/crypttab is computed.
Benjamin Drung [Thu, 29 Jan 2026 23:19:02 +0000 (00:19 +0100)]
test: build the test rootfs without calling dracut
Build the test rootfs by using the functions from `dracut-functions.sh`
instead of calling dracut. Only include the bare minimum for the client
rootfs.
Tested the test execution time on a Raspberry Pi 5 running Ubuntu 26.04:
```
$ hyperfine -L commit 9d5f58b4,build-rootfs -p "git checkout {commit}" -w 1 "test/test.sh ubuntu:devel 10"
Benchmark 1: test/test.sh ubuntu:devel 10 (commit = 9d5f58b4)
Time (mean ± σ): 49.570 s ± 2.847 s [User: 0.185 s, System: 0.239 s]
Range (min … max): 46.697 s … 56.466 s 10 runs
Benchmark 2: test/test.sh ubuntu:devel 10 (commit = build-rootfs)
Time (mean ± σ): 46.627 s ± 0.625 s [User: 0.174 s, System: 0.220 s]
Range (min … max): 45.322 s … 47.210 s 10 runs
Summary
test/test.sh ubuntu:devel 10 (commit = build-rootfs) ran
1.06 ± 0.06 times faster than test/test.sh ubuntu:devel 10 (commit = 9d5f58b4)
```
Benjamin Drung [Tue, 27 Jan 2026 13:21:32 +0000 (14:21 +0100)]
test: determine kernel version from initramfs.makeroot
Determine the kernel version from `initramfs.makeroot` instead from the
client rootfs, because a minimal client rootfs might not contain kernel
modules.
Benjamin Drung [Thu, 29 Jan 2026 09:51:50 +0000 (10:51 +0100)]
feat: replace DRACUT_RESOLVE_DEPS by !DRACUT_RESOLVE_LAZY
The two variables `DRACUT_RESOLVE_DEPS` and `DRACUT_RESOLVE_LAZY` are
mutual exclusive (one must be set, the other must not).
Make the code easier by dropping `DRACUT_RESOLVE_DEPS` and replacing
those parts by checking if `DRACUT_RESOLVE_LAZY` is not set. This sets
the default to resolving dependencies in the `inst*` functions.
Nadzeya Hutsko [Wed, 28 Jan 2026 22:19:34 +0000 (09:19 +1100)]
feat(overlayfs): add persistent device overlay support
Extends the overlayfs module to support persistent overlay storage on
block devices using rd.overlay=. Supported formats: LABEL=, UUID=,
PARTUUID=, PARTLABEL=, and /dev/ paths.
Changes written to the overlay device persist across reboots. Falls
back to tmpfs if the device cannot be resolved or mounted.
Benjamin Drung [Tue, 27 Jan 2026 11:33:12 +0000 (12:33 +0100)]
fix(tpm2-tss): add tss user/group in addition to sysusers config
Test 10 on ubuntu:devel shows this warning:
```
[ 0.608623] systemd-tmpfiles[243]: /usr/lib/tmpfiles.d/systemd.conf:33: Duplicate line for path "/var/lib/systemd", ignoring.
[ 0.609389] systemd-tmpfiles[243]: /usr/lib/tmpfiles.d/tpm2-tss-fapi.conf:2: Failed to resolve user 'tss': Unknown user
[ 0.610114] systemd-tmpfiles[243]: Failed to parse ACL "default:group:tss:rwx", ignoring: Invalid argument
[ 0.610800] systemd-tmpfiles[243]: /usr/lib/tmpfiles.d/tpm2-tss-fapi.conf:4: Failed to resolve user 'tss': Unknown user
[ 0.611515] systemd-tmpfiles[243]: Failed to parse ACL "default:group:tss:rwx", ignoring: Invalid argument
[ 0.612262] systemd-tmpfiles[243]: /usr/lib/tmpfiles.d/tpm2-tss-fapi.conf:6: Failed to resolve group 'tss': Unknown group
[ 0.613564] systemd-tmpfiles[243]: /usr/lib/tmpfiles.d/tpm2-tss-fapi.conf:7: Failed to resolve group 'tss': Unknown group
[ 0.627211] systemd-udevd[245]: /usr/lib/udev/rules.d/60-tpm-udev.rules:3 Failed to resolve user 'tss', ignoring: Unknown user
[ 0.628065] systemd-udevd[245]: /usr/lib/udev/rules.d/60-tpm-udev.rules:4 Failed to resolve user 'tss', ignoring: Unknown user
```
Debian/Ubuntu does not ship a sysusers config for the tss user/group.
Instead the tpm-udev package creates a tss user and group in its
postinst script.
So copy the tss user and group into the initrd in addition to shipping
possible sysusers config for it.
Benjamin Drung [Tue, 27 Jan 2026 15:24:53 +0000 (16:24 +0100)]
test: consider SIGTERM of test-init.sh a successful termination
The `test-init.sh` will call `systemctl start poweroff.target` and get
an `SIGTERM` interrupt. Since `testsuite.service` is `Type=oneshot`
systemd will complain:
```
[ 1.892101] systemd[1]: testsuite.service: Main process exited, code=killed, status=15/TERM
[ 1.892708] systemd[1]: testsuite.service: Failed with result 'signal'.
```
Consider `SIGTERM` of `test-init.sh` a successful termination.
Benjamin Drung [Thu, 29 Jan 2026 11:38:52 +0000 (12:38 +0100)]
test: move start_webserver to test-functions
To allow re-using `start_webserver` in other test cases (for example for
systemd-import), move `start_webserver` to `test-functions` and add
`stop_webserver` for stopping it again.
Benjamin Drung [Wed, 28 Jan 2026 15:32:36 +0000 (16:32 +0100)]
docs: --remove/remove_items supports globbing
The dracut option `--remove` and the corresponding config option
`remove_items` support globbing (see https://launchpad.net/bugs/2139065
for a real-world usage example).
Benjamin Drung [Tue, 27 Jan 2026 22:43:49 +0000 (23:43 +0100)]
test: use build_ext4_image where possible
To speed up the test execution use `build_ext4_image` to build rootfs
ext4 images in cases where QEMU was only used to build an unencrypted
ext4 rootfs. This applies the improvement from commit 6e51e550abb8
("test(NFS): use build_ext4_image to build server rootfs") to all other
test cases.
Benjamin Drung [Tue, 27 Jan 2026 21:36:19 +0000 (22:36 +0100)]
test: remove fallback for id-name in qemu_add_drive
The documentation for `qemu_add_drive` says that `id-name` must be
specified and all consumers specify a name. So drop the fallback for
this parameter.
Benjamin Drung [Tue, 27 Jan 2026 19:33:06 +0000 (20:33 +0100)]
test(NFS): use build_ext4_image to build server rootfs
After commit d36012143c7c ("test: use systemd inside client test rootfs
if available") and commit 4aaf8f24110f ("test: include systemd-journald
in client test rootfs") the test 60 on opensuse:latest fails due to not
enough memory for starting the QEMU process to create the server rootfs
image.
Use `build_ext4_image` to build the server rootfs to completely avoid
needing to start a QEMU instance.
Benjamin Drung [Tue, 27 Jan 2026 14:52:53 +0000 (15:52 +0100)]
test: exclude systemd from server rootfs
After commit d36012143c7c ("test: use systemd inside client test rootfs
if available") and commit 4aaf8f24110f ("test: include systemd-journald
in client test rootfs") the test 60 on opensuse:latest fails due to not
enough memory on the server rootfs image.
So revert those two changes partially: create the server rootfs images
without systemd. Also create the client test rootfs without systemd.
Benjamin Drung [Tue, 27 Jan 2026 12:04:27 +0000 (13:04 +0100)]
test: include systemd-journald in client test rootfs
After commit d36012143c7c ("test: use systemd inside client test rootfs
if available") some tests became racy (for example test 20 on
debian:latest or fedora:latest). There is `made it to the test rootfs!`
in the logs but not the `All OK`.
Following warning can be found in the logs:
```
systemd[1]: systemd-journald.socket: Unit configuration changed while unit was running, and no socket file descriptors are open. Unit not functional until restarted.
systemd[1]: systemd-udevd-kernel.socket: Unit configuration changed while unit was running, and no socket file descriptors are open. Unit not functional until restarted.
systemd[1]: systemd-journald-dev-log.socket: Unit configuration changed while unit was running, and no socket file descriptors are open. Unit not functional until restarted.
```
Include `systemd-journald` in client test root file system when systemd
is used to ensure that systemd-journald continues working.
Benjamin Drung [Mon, 26 Jan 2026 15:54:40 +0000 (16:54 +0100)]
test: avoid printing wall message on shutdown
Calling `systemctl poweroff` in the client test rootfs causes this
warning:
```
Failed to connect to system scope bus via local transport: No such file or directory
```
Installing D-Bus in the client test rootfs changes the warning to:
```
Failed to set wall message, ignoring: Transport endpoint is not connected
Call to PowerOff failed: Transport endpoint is not connected
```
The man page for systemctl poweroff says: "Shut down and power-off the
system. This is mostly equivalent to systemctl start poweroff.target
--job-mode=replace-irreversibly --no-block, but also prints a wall
message to all users."
So call this equivalent command instead to not trying to print wall
message on shutdown.
Benjamin Drung [Mon, 26 Jan 2026 15:17:45 +0000 (16:17 +0100)]
test: use systemd inside client test rootfs if available
Some tests (for example test 10 on ubuntu:devel) show this warning:
```
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to system scope bus via local transport: Host is down
```
This is caused by calling `systemctl --failed` in the client test rootfs
where systemd is not available/used.
Use systemd inside the client test rootfs if available to allow querying
the failed services from the initrd.
projects / thirdparty / dracut-ng.git / log
