Benjamin Drung [Wed, 4 Mar 2026 17:09:40 +0000 (18:09 +0100)]
test: switch QEMU network backend to dgram (UDP)
When replacing isc-dhcp-server by dnsmasq, test 60 starts to fail on
some distributions. The second client test hangs for several seconds on
shutdown and the third client test fails to get an IP adress. The client
sends a DHCP discover packet, but that never reaches dnsmasq.
Adding tcpdump to `server-init.sh` let the tests succeed:
```
tcpdump -v -Z root -i enx525400123456 -n port 67 or port 68 &
```
Running the client tests individually let them succeed as well.
The assumption is that the host kernel keeps the QEMU netdev TCP socket
in a TIME_WAIT or FIN_WAIT_2 state following a client shutdown which
leads to a socket deadlock: the next client may successfully connect to
the host socket, but the server QEMU process fails to re-initialize the
virtual link correctly.
Switch to `-netdev dgram` (UDP) to eliminate the connection state
management entirely.
See also https://github.com/dracut-ng/dracut-ng/pull/2271#issuecomment-3997945175
Benjamin Drung [Wed, 4 Mar 2026 18:43:54 +0000 (19:43 +0100)]
test: use different MAC addresses for all NFS client tests
Having two separate client tests use the same MAC address might not work
with dnsmasq. To ease debugging use a separate MAC address for each
client test. Update the DHCP config to reflect the test case name and
make the numbering consecutive.
Benjamin Drung [Tue, 10 Feb 2026 13:32:45 +0000 (14:32 +0100)]
test: make including assertion.sh explicitly
The function `build_client_rootfs` includes the `assertion.sh` file in
case it can be found. This automatic behavior is fragile and a missing
`assertion.sh` will not be noticed.
So explicitly specify the assertion file to include when calling
`build_client_rootfs`.
The dbus-broker and dbus-daemon Dracut modules want to remove
`After=sysinit.target` and `Requires=sysinit.target` from `dbus.service`
and `dbus.socket`. This is done by setting `DefaultDependencies=no` and
specifying the remaining default dependencies. The relevant code has
been there since the introduction (see commit e1845955ff3d).
The Ubuntu package of dbus already removes some of the default
dependencies from the `dbus.service` and `dbus.socket` (see
https://launchpad.net/bugs/1438612):
This results in not removing the `sysinit.target` dependency on Ubuntu
and causes the dbus service to start too late. Since NetworkManager
depends on dbus, it will start too late as well. That causes the NBD
test cases to fail.
So remove the `After` and `Requires` entries from the `dbus.service` and
`dbus.socket` before setting `DefaultDependencies=no`. Also restore
`Before=sockets.target` in `dbus.socket`.
Benjamin Drung [Tue, 3 Mar 2026 19:49:38 +0000 (20:49 +0100)]
test: use verySecurePassword as cryptsetup password
The cryptsetup password `test` is not FIPS compliant. This causes test
20 to fail on Fedora:
```
systemd-cryptsetup[688]: Running in FIPS mode.
systemd-cryptsetup[688]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/aa12cc4c-b796-4c7f-a029-cf7f0120bb30.
systemd-cryptsetup[688]: Keyslot open failed.
systemd-cryptsetup[688]: Failed to activate with key file '/etc/key': Invalid argument
systemd[1]: systemd-cryptsetup@testluks.service: Main process exited, code=exited, status=1/FAILURE
```
So use `verySecurePassword` as password which makes FIPS happy.
Benjamin Drung [Mon, 2 Mar 2026 17:56:04 +0000 (18:56 +0100)]
test: create server log in the test directory
Store the server log in the test directory (similar to the test log)
instead of putting the server log in `/var/tmp`. This makes it easier to
access the server log in case of a failure.
Benjamin Drung [Mon, 2 Mar 2026 17:06:49 +0000 (18:06 +0100)]
test: use separate networks for different NICs
The iSCSI tests 70 and 71 use two network interfaces. The server
launches a DHCP server on both network interfaces providing different IP
addresses for both. This setup works for ISC dhcpd, but will cause
problems when switching to dnsmasq: dnsmasq would offer IP from both IP
ranges to the client.
As preparation for switching to dnsmasq use separate networks for the
two different network interfaces.
Hector Cao [Wed, 25 Feb 2026 11:12:34 +0000 (12:12 +0100)]
test: force cpu to neoverse-n1 for arm64 when QEMU_CPU not set
using cpu=max might expose new unstable features with qemu/edk2
upgrades, this unstability might cause test failures to happen
, we are experiencing that in Debian/Ubuntu with edk2 latest version
that enables LPA2 that is still unstable.
since using cpu=max is not required for dracut tests, using a
named model will offer a better stability for the tests for future
qemu/edk2 upgrades. the choosen cpu model for arm64 is neoverse-n1
since it is one of the most stable and proven CPU model from a
virtualization standpoint.
Co-authored-by: Benjamin Drung <bdrung@ubuntu.com>
Benjamin Drung [Mon, 23 Feb 2026 10:27:57 +0000 (11:27 +0100)]
ci: re-run tests 70 and 71 on debian:sid
mdadm 4.5 checks the last 32 MB for DDF, which causes the tests to run
into a timeout:
```
[ 65.132396] (udev-worker)[521]: sdb: Spawned process '/sbin/mdadm -I /dev/sdb' [920] is taking longer than 59s to complete.
[ 65.133321] systemd-udevd[512]: sdb: Worker [521] processing SEQNUM=1459 is taking a long time.
[ 65.133942] systemd-udevd[512]: sdc: Worker [516] processing SEQNUM=1471 is taking a long time.
```
Jo Zzsi [Tue, 10 Feb 2026 13:55:41 +0000 (08:55 -0500)]
fix(dracut): remove udevrulesconfdir variable
There is about 50 places in the dracut source code where the
`/etc/udev/rules.d` path is hardcoded.
Having a `udevrulesconfdir` dracut variable gives an impression
that dracut and dracut configuration files can configure and overwrite
udevrulesconfdir variable, this functionality however never was
supported and never worked.
Instead of making an attempt to fix the usage of udevrulesconfdir
variable, let's just remove it and require that udevrulesconfdir
always maps to /etc/udev/rules.d for dracut.
test: check if /dev/disk/by-id exists before trying to write the disk marker
Not all the tests require a disk marker, so verify that /dev/disk/by-id exists
before attempting to write it. E.g., on a successful run of
TEST-45-SYSTEMD-IMPORT the following error messages are always printed:
```
2026-02-13T00:12:28.5241893Z made it to the test rootfs!
2026-02-13T00:12:28.5358768Z dd: failed to open '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:12:28.5410929Z sync: error opening '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:12:28.5417101Z All OK
```
However, the wrong sync operation sometimes seems to affect the "All OK" print
and the final verification of the test result. E.g.:
```
2026-02-13T00:16:40.5815187Z made it to the test rootfs!
2026-02-13T00:16:40.5913208Z dd: failed to open '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:16:40.5932999Z /sbin/test-init: 57: echo: echo: I/O error
```
Benjamin Drung [Wed, 11 Feb 2026 13:53:55 +0000 (14:53 +0100)]
fix(ppcmac): use return instead of exit in pre-udev hook
The `load-thermal.sh` pre-udev hook calls `exit 0`. This causes the
sourcing script (`dracut-pre-udev.sh` on systemd or `init.sh` from the
base Dracut module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in the ppcmac pre-udev hook.
Benjamin Drung [Wed, 11 Feb 2026 13:52:03 +0000 (14:52 +0100)]
fix(memdisk): use return instead of exit in cmdline hook
The `memdisk.sh` cmdline hook calls `exit 0`. This causes the sourcing
script (`dracut-cmdline.sh` on systemd or `init.sh` from the base Dracut
module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in the memdisk cmdline hook.
Benjamin Drung [Wed, 11 Feb 2026 13:33:51 +0000 (14:33 +0100)]
fix(kernel-modules-export): use return instead of exit in pre-pivot hook
The `modules-export.sh` pre-pivot hook calls `exit 0`. This causes the
sourcing script (`dracut-pre-pivot.sh` on systemd or `init.sh` from the
base Dracut module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in kernel-modules-export pre-pivot hook.
Benjamin Drung [Sun, 8 Feb 2026 01:01:53 +0000 (02:01 +0100)]
ci: also run container manifest step for by workflow_dispatch
The container CI jobs might be run manually (using the
`workflow_dispatch` trigger). In this case the `manifest` step is
skipped. This makes manually runnings the container job useless.
Also run the container manifest step for `workflow_dispatch`.
Benjamin Drung [Sat, 7 Feb 2026 13:26:29 +0000 (14:26 +0100)]
test: rename overlay directory to rootfs
Several tests use `build_ext4_image` to generate a rootfs and do not
rely on `test-makeroot` any more (where the `overlay` directory name was
used).
To make the test code more readable, rename the `overlay` directory to
`rootfs`. In case there are client and server rootfs, use
`client-rootfs` and `server-rootfs`.
Benjamin Drung [Fri, 6 Feb 2026 23:53:44 +0000 (00:53 +0100)]
test: prevent overlay/source being added in test_dracut
The function `test_dracut()` will include `$TESTDIR/overlay` into the
test `initramfs.testing` if available. Several tests create
`$TESTDIR/overlay/source` for creating rootfs using `test-makeroot`.
Delete `$TESTDIR/overlay` after being used by `test-makeroot` to avoid
adding `$TESTDIR/overlay/source` to the client test initrd.
Benjamin Drung [Fri, 6 Feb 2026 22:00:14 +0000 (23:00 +0100)]
fix(dracut): also check libraries when resolving lazy
Dracut might resolve executable dependencies lazy. In this case all
libraries are installed without resolving their dependencies.
Later Dracut will resolve dependencies of the included executables, but
it will not explicitly check libraries. This will miss resolving
dependencies of libraries that are used via `dlopen()`.
There is no requirement for library files to be executable. So resolve
dependencies all files. `resolve_deps()` will check if the file is
either an ELF file or a script.
This will also resolve dependencies of scripts that are not marked
executable, which might be an undesired side effect. In this case users
are advised to either call `dracut-install` without `-l` or not include
those files at all.
chore(dracut): switch to /usr/lib from /lib for hooks
The current tendency is to move towards "hermetic /usr" and not
introduce new things outside of it. For distro shipped hooks and
for the testsuite move the location from /lib to /usr/lib.
Benjamin Drung [Tue, 3 Feb 2026 21:24:46 +0000 (22:24 +0100)]
fix: avoid leading spaces in systemd units
Some `sed` commands insert multiple lines into systemd units. Using
backslash followed by a newline and spaces (for indentation) will
include those spaces in the systemd unit.
feat(systemd-import): introducing the systemd-import module
This new module takes advantage of the features provided by
systemd-import-generator(8), systemd-importd.service(8) and
systemd-loop@.service(8), especifically the `rd.systemd.pull=` kernel command
line option, to download a disk image (tar/raw) into memory, optionally validate
its checksum or signature, and directly boot into it.
It allows to:
- Download a tar disk image into /run/machines and bind mount it into /sysroot
(via `root=bind:...`).
- Download a raw image into memory and attach it to a loopback block device, so
we can point `root=` to a known label or to the proper `/dev/disk/by-loop-ref/`
device.
Notes:
- It needs enough RAM to save and unpack/decompress the image.
- The image can be compressed with xz, gzip, bzip2, zstd.
- It supports btrfs, erofs, ext4, f2fs, squashfs, vfat, or xfs filesystems.
Introduce tests for Dracut hooks that mainly checks two things:
- Hooks from all hooks locations: `/var/lib/dracut/hooks`, `/etc/dracut/hooks`,
`/lib/dracut/hooks` execute.
- Hooks with the same name execute from the top priority location.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Tweaked-by: Benjamin Drung <benjamin.drung@canonical.com>
Dracut init supports running custom hooks which are placed to
/var/lib/dracut/hooks/. The location was previously changed to /var
as the place needs to be writeable as some hooks are created and removed
in runtime. The current location, however, may come inconvenient in some
scenarios when the user wants to extend initramfs with custom scripts. In
particular, systemd allows extending initrd with 'sysext' and 'confext'
mechanism. This comes handy for extending e.g. UKI's initramfs without
the need to rebuild (and re-sign) the UKI. The problem is that 'sysext' can
only be used to extend /usr and /opt and 'confext/ can only extend /etc.
Both services make the location read-only and thus can't be used for the
main dracut hooks location even if we move it somewhere.
Add additional locations where users can put dracut hooks:
- /lib/dracut/hooks -- this location is supposed to be used for
distro-specific static hooks.
- /etc/dracut/hooks -- this location can be used by users for locally
created hooks.
- /var/lib/dracut/hooks -- the default location which is supposed to be
used by dracut modules. This location is always writeable so modules
can place and remove hooks from there in runtime. The existing '$hookdir'
variable keeps pointing at this place.
Dracut also has support for /var/lib/dracut/hooks/initqueue/work flag and
in theory, it does not have to be in the hooks directory as it is not a
hook. The location, however, is documented and it is not entirely clear
if it would make sense to add support for /lib/dracut/hooks/initqueue/work
and /etc/dracut/hooks/initqueue/work as well: these locations can (and
probably should) be read-only so creating/removing flag there is hard. Keep
the status quo and only support '$hookdir/initqueue/work' for now.
Benjamin Drung [Wed, 4 Feb 2026 12:57:19 +0000 (13:57 +0100)]
feat: merge rd.overlayfs into rd.overlay
Having both `rd.overlayfs` and `rd.overlay` is confusing.
Standardize on using `rd.overlay` for the overlayfs Dracut module. Merge
`rd.overlayfs` into `rd.overlay`. `rd.overlay` can be a boolean or point
to a storage device now.
Commit b77ae7eb8523 ("feat: rename rd.live.overlay.overlayfs to
rd.overlayfs") introduced `rd.overlayfs` after the release 109. So no
Dracut release included `rd.overlayfs` and therefore no backward
compatility for `rd.overlayfs` is needed.
Benjamin Drung [Fri, 30 Jan 2026 23:53:19 +0000 (00:53 +0100)]
chore(dracut-logger): drop __DRACUT_LOGGER__
Commit d6d53f60b21e ("dracut-functions: use "type" to determine the need
of sourcing dracut-logger") removed checking `__DRACUT_LOGGER__`. There
is no code any more that checks this environment variable.
Benjamin Drung [Wed, 4 Feb 2026 12:45:36 +0000 (13:45 +0100)]
test: add commented DEBUGFAIL for debugging
To ease debugging add a commented `DEBUGFAIL` to all test cases.
Uncommenting `DEBUGFAIL` will be the first step of debugging in case the
logs are not enough.
Benjamin Drung [Sun, 1 Feb 2026 00:26:10 +0000 (01:26 +0100)]
fix(dracut-logger): do not require debug to be defined
In case `dracut-logger.sh` is used in combination with `set -u` the
logging functions can fail due to `debug` not being defined. `dracut.sh`
sets this variable, but other consumers might not.
So support `set -u` by not require `debug` to be defined.
erofs is blacklisted by default and not supported in openSUSE, so it does not
make sense to test anything related to erofs in the CI with the openSUSE
container.
Benjamin Drung [Tue, 3 Feb 2026 12:23:30 +0000 (13:23 +0100)]
test: print error in case root partition count mismatch
The dmsquash test case can fail by not creating an overlay partition. In
this case the test fails with exit code 1 without printing an error.
This is hard to debug.
So print an error message in case the root partition count mismatches.
Benjamin Drung [Sat, 31 Jan 2026 00:39:21 +0000 (01:39 +0100)]
fix(dracut-logger): do not export maxloglvl and syslogfacility
Commit 46265a9d3e0a ("dracut-logger: make $maxloglvl public") exports
the `maxloglvl` variable, but this is not needed. Exporting variables is
only needed when subprocesses need to access those variables.
`maxloglvl` is only used in `dracut-logger.sh` and `dracut.sh`.
`dracut.sh` sources `dracut-logger.sh`. So exporting `maxloglvl` is not
needed. `syslogfacility` is only used in `dracut-logger.sh`.
So do not export `maxloglvl` and `syslogfacility`.
Benjamin Drung [Fri, 30 Jan 2026 23:58:41 +0000 (00:58 +0100)]
test: unset DRACUT_NO_XATTR after build_client_rootfs
`build_client_rootfs` sets `DRACUT_NO_XATTR` to not require xattr
support which is noot needed for the client rootfs. To not influence the
test coverage for xattr support, unset `DRACUT_NO_XATTR` afterwards.
chore(dracut): finalize transition to /var/lib/dracut/hooks
Commit a45048b80c ("move hooks directory from /usr/lib to /var/lib")
moved hooks to /var/lib/dracut/hooks and created a symlink from /lib
to avoid the code churn. In preparation to supporting additional
hooks locations, finalize the transition and use /var/lib/dracut/hooks
everywhere.
Benjamin Drung [Wed, 4 Feb 2026 10:27:56 +0000 (11:27 +0100)]
Revert "refactor(overlayfs): move legacy option handing into a cmdline hook"
Moving parsing the legacy options into
`parse-legacy-overlayfs-options.sh` can break the backward
compatibility. Out of tree Dracut modules might want to write to
`/etc/cmdline.d` after `parse-legacy-overlayfs-options.sh`. That change
wouldn't be picked up then.
Benjamin Drung [Tue, 3 Feb 2026 11:34:14 +0000 (12:34 +0100)]
refactor(overlayfs): move legacy option handing into a cmdline hook
Reading the code and understanding the logic gets complicated by
supporting legacy kernel command line options. This will be especially
be true once `rd.overlayfs` gets merged into `rd.overlay`.
So move all the legacy kernel command line option handling into the
separate `parse-legacy-overlayfs-options.sh` script that is executed
during the cmdline stage.
Benjamin Drung [Tue, 3 Feb 2026 11:22:02 +0000 (12:22 +0100)]
feat(base): support cmdline options in /run/initramfs/cmdline.d
The command line options can be specified in `/etc/cmdline`,
`/etc/cmdline.d`, and on the kernel command line `/proc/cmdline`.
`/proc/cmdline` is read last and overrides options from `/etc`. There is
no way to override options from `/proc/cmdline`.
To allow overriding options from `/proc/cmdline` during boot also read
`/run/initramfs/cmdline.d`.
Benjamin Drung [Mon, 2 Feb 2026 15:04:49 +0000 (16:04 +0100)]
fix(livenet): correct check for deprecated rd.live.overlay.overlayfs
Commit b77ae7eb8523 ("feat: rename rd.live.overlay.overlayfs to
rd.overlayfs") made a mistake and looks for `rd.live.overlayfs.readonly`
instead of `rd.live.overlay.overlayfs` as deprecated option for
`rd.overlayfs`.
Benjamin Drung [Sun, 1 Feb 2026 22:52:28 +0000 (23:52 +0100)]
test: define test expectation in test.sh
Test 21 defines the test expectation in `assertion.sh` based on the boot
parameters. Every time a new kind of subtest is added in `test.sh` the
expectation in `assertion.sh` needs to be changed accordingly.
To avoid touching two places, define the test expectation in the kernel
boot parameter `test.expect` and let `assertion.sh` operate on that.
Jo Zzsi [Fri, 23 Jan 2026 21:57:46 +0000 (16:57 -0500)]
fix(systemd-cryptsetup): increase ordering to resolve regression
Support for `AF_UNIX` key files was added in 80480a7, in `90systemd-cryptsetup`
at that time. `90systemd-cryptsetup` depending on `90crypt` was ok, because
`90crypt` was evaluated before `90systemd-cryptsetup`, filling
`$initdir/etc/crypttab` before `90systemd-cryptsetup` tried to parse it.
But 43581cd changed the order to `01systemd-cryptsetup`, causing that the
install section of this module is evaluated before `90crypt`, that is,
before `$initdir/etc/crypttab` exists.
The systemd-cryptsetup dracut module needs to be ordered after the
crypt dracut module to ensure that "$initdir"/etc/crypttab is computed.
Benjamin Drung [Thu, 29 Jan 2026 23:19:02 +0000 (00:19 +0100)]
test: build the test rootfs without calling dracut
Build the test rootfs by using the functions from `dracut-functions.sh`
instead of calling dracut. Only include the bare minimum for the client
rootfs.
Tested the test execution time on a Raspberry Pi 5 running Ubuntu 26.04:
```
$ hyperfine -L commit 9d5f58b4,build-rootfs -p "git checkout {commit}" -w 1 "test/test.sh ubuntu:devel 10"
Benchmark 1: test/test.sh ubuntu:devel 10 (commit = 9d5f58b4)
Time (mean ± σ): 49.570 s ± 2.847 s [User: 0.185 s, System: 0.239 s]
Range (min … max): 46.697 s … 56.466 s 10 runs
Benchmark 2: test/test.sh ubuntu:devel 10 (commit = build-rootfs)
Time (mean ± σ): 46.627 s ± 0.625 s [User: 0.174 s, System: 0.220 s]
Range (min … max): 45.322 s … 47.210 s 10 runs
Summary
test/test.sh ubuntu:devel 10 (commit = build-rootfs) ran
1.06 ± 0.06 times faster than test/test.sh ubuntu:devel 10 (commit = 9d5f58b4)
```
Benjamin Drung [Tue, 27 Jan 2026 13:21:32 +0000 (14:21 +0100)]
test: determine kernel version from initramfs.makeroot
Determine the kernel version from `initramfs.makeroot` instead from the
client rootfs, because a minimal client rootfs might not contain kernel
modules.
projects / thirdparty / dracut-ng.git / log
