feat(crypt): force the inclusion of crypttab entries with x-initrd.attach
dracut has a "hidden" and undocumented `force` crypttab option (added with
commit b7058d0ce5e99cbc80b5f760a0b654d3ff03c094). This option forces the
inclusion of a crypttab entry in the initrd, which is useful in some cases where
the filesystem check (for whatever reason) does not report a required encrypted
device as "crypto_LUKS".
On the other hand, systemd provides the `x-initrd.attach` crypttab option since
v245. Excerpt from `crypttab(5)`:
```
x-initrd.attach
Setup this encrypted block device in the initrd, similarly to systemd.mount(5)
units marked with x-initrd.mount.
```
This crypttab option is commonly used to mark encrypted block devices that
contain filesystems mounted in the initrd. So, this patch aims to make use of
this well-known systemd crypttab option to match the functionality provided by
the not so well-known dracut crypttab option.
Lidong Zhong [Mon, 24 Jun 2024 01:57:44 +0000 (09:57 +0800)]
fix(mdraid): try to assemble the missing raid device
If some raid devices with specified UUIDs fail to be assembled in
initrd, we will try to assemble them again in this script to avoid
system falling into emergency mode. This patch is created because we can
offen see mdadm command failure during boot because of timing issue
introduced between mdadm and udevd.
Benjamin Drung [Mon, 24 Jun 2024 15:17:03 +0000 (17:17 +0200)]
fix(lsinitrd.sh): disable SC2317 for cat functions
shellcheck 0.10 complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). It fails to
detect that these functions are assigned to `CAT` and `$CAT` is called
later. Disable shellcheck in this case.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Mon, 24 Jun 2024 11:28:00 +0000 (13:28 +0200)]
fix(dracut): microcode loading named .initramfs
intel-microcode on Debian/Ubuntu uses the `.initramfs` suffix for the
ucode files (e.g. `/lib/firmware/intel-ucode/06-9e-0b.initramfs`).
`get_ucode_file` returns `family-model-stepping` on Intel (e.g.
`06-9e-0b`). If the microcode file is found, the loop is broken.
Otherwise `.early` is appended to the name (e.g. `06-9e-0b.early`) and
tried again. If that file is not found, `.initramfs` is appended to the
name (e.g. `06-9e-0b.early.initramfs`), but this suffix should be
appended to the initial name (e.g. `06-9e-0b.initramfs`).
Fixes: 16573680d1b6 ("fix(dracut): microcode loading") Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
The `get_maj_min()` cache lookup is commonly used
across many flows. While `awk` should be available,
some highly constrained environments may not have it.
A second call to `grep` can provide the same behaviour
without adding a dependnecy.
Lines in the cache will be of the form "/dev/sda2 8:2".
`awk '{print $NF}'` returns the last word of a matching line. Since
the initial matching regex is so specific a second call to grep can
easily extract the last word.
Benjamin Drung [Fri, 21 Jun 2024 23:55:17 +0000 (01:55 +0200)]
fix(dracut-logger.sh): disable SC2317 for logger functions
shellcheck 0.10 complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). It fails to
detect that these logger functions are called later by scripts that
source `dracut-logger.sh`. Disable shellcheck in this case.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Fri, 21 Jun 2024 23:37:04 +0000 (01:37 +0200)]
test: disable SC2317 in test 98
shellcheck 0.10 complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). It fails to
detect cases where a function is defined and later called by `getarg` or
existing functions are overridden. Disable shellcheck in these cases.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Fri, 21 Jun 2024 23:27:23 +0000 (01:27 +0200)]
fix(convertfs): disable SC2317 for EXIT trap function
shellcheck complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). It fails to
detect cases where a function is defined and later called by a trap.
Disable shellcheck in this case.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Thu, 20 Jun 2024 12:11:02 +0000 (14:11 +0200)]
feat(dracut): search for zstd compressor first
Searching for an available compressor was introduced in commit 693b7a32833b ("Cleanup compressor handling") but the order was not
justified.
Ubuntu uses zstd for compressing the packages, the kernel modules,
firmware files, and the initrd (when using initramfs-tools). zstd has a
good compromise between compression ratio and speed. Therefore search
for zstd first.
Further readings:
* https://lists.ubuntu.com/archives/ubuntu-devel/2021-December/041726.html
* analysis.ipynb on https://github.com/waveform80/compression
Benjamin Drung [Sat, 15 Jun 2024 20:17:51 +0000 (22:17 +0200)]
fix: disable SC2317 for calls by for_each_host_dev_and_slaves
shellcheck 0.10 complains about SC2317 (info): Command appears to be
unreachable. Check usage (or ignore if invoked indirectly). It fails to
detect cases where a function is defined and later called by
`for_each_host_dev_and_slaves`. Disable shellcheck in this case.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Sat, 15 Jun 2024 13:23:53 +0000 (15:23 +0200)]
fix(convertfs): quote single CP_HARDLINK variable
shellcheck complains about SC2086 (info): Double quote to prevent
globbing and word splitting.
The variable `CP_HARDLINK` contains either nothing or exactly one
parameter. Use shell substitution to quote this single parameter in case
it is not empty.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Sat, 15 Jun 2024 12:48:49 +0000 (14:48 +0200)]
fix(dmsquash-live-autooverlay): quote variables
shellcheck complains about SC2086 (info): Double quote to prevent
globbing and word splitting.
Instead of ignoring those complains fix them instead. The variable
`overlay` should be quoted since it might contain spaces. The variables
`rootDevice`, `rootDeviceAbsolutePath`, `rootDeviceSysfsPath`,
`fullDriveSysfsPath`, `blockDevice` refer to paths. Therefore they are
safe to quote.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Thu, 13 Jun 2024 22:41:53 +0000 (00:41 +0200)]
fix(iscsi): address shellcheck SC2319
shellcheck complains:
```
In modules.d/95iscsi/iscsiroot.sh line 232:
[ -z "$targets" ] && warn "Target discovery to $iscsi_target_ip:${iscsi_target_port:+$iscsi_target_port} failed with status $?" && return 1
^-- SC2319 (warning): This $? refers to a condition, not a command. Assign to a variable to avoid it being overwritten.
```
The `while` loop that gets the output from `iscsiadm` via a pipe will
exit with 0. Printing the exit code 0 does not help. So just drop it.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
```
In modules.d/80lvmthinpool-monitor/start-thinpool-monitor.sh line 12:
[ -n "$_lvm2_thin_device" ] && return $?
^-- SC2319 (warning): This $? refers to a condition, not a command. Assign to a variable to avoid it being overwritten.
```
Let `is_lvm2_thinp_device` directly return the test exit code.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Thu, 13 Jun 2024 11:28:23 +0000 (13:28 +0200)]
fix(01fips): replace read -d that is not supported by dash
shellcheck complains:
```
In modules.d/01fips/fips.sh line 97:
read -d '' -r FIPSMODULES < /etc/fipsmodules
^-- SC3045 (warning): In POSIX sh, read -d is undefined.
```
`read -d` is not supported by dash. `/etc/fipsmodules` is generated by
`installkernel` in `modules.d/01fips/module-setup.sh` and contains
kernel module names. So use a while read construct for reading this
file.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Use `-cpu max` by default to avoid those warnings.
Commit 3f56d481e8a3 ("test: don't use `-cpu max` in GH Actions") added
`-cpu IvyBridge-v2` in 2021. Let's try using `-cpu max` on GitHub
actions again.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Thu, 13 Jun 2024 18:32:48 +0000 (20:32 +0200)]
chore(shellcheck): remove retired SC2039
The shellcheck SC2039 warning has been retired in favor of individual
SC3xxx warnings for each individual issue. So remove the override from
`.shellcheckrc`.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
Benjamin Drung [Wed, 12 Jun 2024 22:49:57 +0000 (00:49 +0200)]
fix(shell-completion): remove hashbang from bash completions
Debian's lintian complains about bash-completion-with-hashbang: "This
file starts with the #! sequence that marks interpreted scripts, but it
is a bash completion script that is merely intended to be sourced.
Please remove the line with hashbang, including any designated
interpreter. Please refer to
https://salsa.debian.org/lintian/lintian/-/merge_requests/292#note_139494
for details."
Remove hashbang from bash completions and add a shellcheck directive
instead.
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
perf(dracut-install): preload kmod resources for quicker module lookup
libkmod reads the `modules.*.bin` files in the kernel dir every time we
call one of the `kmod_module_new_from_lookup()` function. We end up
calling it a lot especially in ARM64 systems where we handle fw_devlink
supplier relations, which slows down things by a significant margin.
Instead, have it read these files at the start of the dracut-install run
so the module information can be looked up quicker. We don't need to
unload these resources in the cleanup function because libkmod handles
that itself in `kmod_unref()`.
Kamil Szczęk [Sun, 19 May 2024 16:12:52 +0000 (18:12 +0200)]
feat(90dm): close crypt devices using cryptsetup
This commit changes the behavior of the shutdown script in the 90dm
module to use more specialized tools for removing dm-crypt mappers.
When dealing with a dm-crypt mapper, the shutdown script will try to use
systemd-cryptsetup, cryptsetup or dmsetup, whichever is available in the
specified order. This lets systemd-cryptsetup or cryptsetup perform any
necessary cleanup steps when detaching volumes activated by those tools.
Random device nodes were required to workaround libgcrypt initialization
problem (see https://bugzilla.redhat.com/show_bug.cgi?id=1401444) which
is gone since libgcrypt-1.10 (2022): modern Linux kernels (3.17+) support
getrandom() syscall and libgcrypt has switch to using getentropy()
(glibc-2.25+).
The requirement to run dracut as root (which is needed to mknod
/dev/{random,urandom}) is a particular problem for building UKIs in distro
build systems where packages are not built by a privileged user.
Note, dracut itself always pre-creates /dev/{null,kmsg,console,random,urandom}
devices when running privileged so the patch has no effect on 'traditional'
setup.
fix(systemd-ask-password): no graphical output in aarch64
A password cannot be entered if there is no graphical output during boot, as is
the case in aarch64, where efifb does not work with qemu-system-aarch64:
- virtio-gpu-pci does not expose a linear framebuffer
- virtio-vga is not supported
- ramfb is not enough
Therefore, depend on the drm module if virtio_gpu is loaded on the system.
projects / thirdparty / dracut-ng.git / log
