Benjamin Drung [Fri, 27 Mar 2026 19:53:54 +0000 (20:53 +0100)]
fix(dracut): enable hostonly_cmdline in hostonly mode again
A fresh Ubuntu 26.04 installation with a RAID 1 fails to boot due to not
assembling the RAID, because it neither sets `rd.auto` nor includes the
cmdline (with `rd.md.uuid` set).
The documentation for `hostonly_cmdline` says:
> If **hostonly="yes"** and this option is not configured, it's
> automatically set to "yes".
When `hostonly=yes` was made the default, `hostonly_cmdline` was not set
to `yes` any more in the default case.
Bug-Ubuntu: https://launchpad.net/bugs/2144948 Fixes: 24fb4c28538b ("feat(dracut): make hostonly the default")
Benjamin Drung [Fri, 20 Mar 2026 14:54:36 +0000 (15:54 +0100)]
fix(base): move initrd.target.wants symlink creation to wait_for_dev
Commit 4d9d767da2e5 ("crypt/parse-crypt.sh: hide encrypted devices from
systemd timeout warnings.") split parts of `wait_for_dev` into
`set_systemd_timeout_for_dev` to allow setting the systemd timeout
separately. `parse-crypt.sh` is the only direct caller of
`set_systemd_timeout_for_dev`.
Fixes: 4d9d767da2e5 ("crypt/parse-crypt.sh: hide encrypted devices from systemd timeout warnings.")
Benjamin Drung [Tue, 17 Mar 2026 11:18:54 +0000 (12:18 +0100)]
test(SYSTEMD-INITRD): increase device timeout to infinity
Test 42 fails to boot on very slow systems like an emulated nested VM
with riscv64. `dev-disk-by\x2dlabel-dracut.device` runs into the 90
seconds timeout:
```
[ TIME ] Timed out waiting for device dev-d…device - /dev/disk/by-label/dracut.
[DEPEND] Dependency failed for sysroot.mount - /sysroot.
[ 343.011821] systemd[1]: dev-disk-by\x2dlabel-dracut.device: Job dev-disk-by\x2dlabel-dracut.device/start timed out.
[DEPEND] Dependency failed for initrd-root-fs.target - Initrd Root File System.
[DEPEND] Dependency failed for initrd-parse…points Configured in the Real Root.
[ 345.255798] systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-dracut.device - /dev/disk/by-label/dracut.
[ 346.279436] systemd[1]: Dependency failed for sysroot.mount - /sysroot.
[ 349.048942] systemd[1]: Dependency failed for initrd-root-fs.target - Initrd Root File System.
[DEPEND] Dependency failed for initrd-root-device.target - Initrd Root Device.
[ 350.551967] systemd[1]: Dependency failed for initrd-parse-etc.service - Mountpoints Configured in the Real Root.
[ 352.855207] systemd[1]: initrd-parse-etc.service: Job initrd-parse-etc.service/start failed with result 'dependency'.
[ 354.805576] systemd[1]: initrd-parse-etc.service: Triggering OnFailure= dependencies.
[ 356.883912] systemd[1]: initrd-parse-etc.service: Failed to enqueue OnFailure=emergency.target job, ignoring: Unit emergency.service not found.
[ 359.654920] systemd[1]: initrd-root-fs.target: Job initrd-root-fs.target/start failed with result 'dependency'.
[ 363.225631] systemd[1]: initrd-root-fs.target: Triggering OnFailure= dependencies.
[ 365.516207] systemd[1]: initrd-root-fs.target: Failed to enqueue OnFailure=emergency.target job, ignoring: Unit emergency.service not found.
[ 367.211266] systemd[1]: sysroot.mount: Job sysroot.mount/start failed with result 'dependency'.
[ 369.327748] systemd[1]: Dependency failed for initrd-root-device.target - Initrd Root Device.
[ 371.703782] systemd[1]: initrd-root-device.target: Job initrd-root-device.target/start failed with result 'dependency'.
```
Full log: https://ci.debian.net/packages/d/dracut/testing/riscv64/69536717/#L19714
So increase the device timeout to infinity to make the test succeed on
slow systems.
Benjamin Drung [Wed, 18 Mar 2026 11:45:43 +0000 (12:45 +0100)]
fix(systemd-networkd): create /run/systemd/network if missing
During testing this error could be found in the logs:
```
[FAILED] Failed to start systemd-network-generator.service - Generate Network Units from Kernel Command Line.
[...]
[ 3.034981] dracut-cmdline[198]: + cp -a /usr/lib/dracut/dracut-default.network /run/systemd/network/zzzz-dracut-default.network
[ 3.038326] dracut-cmdline[301]: cp: cannot create regular file '/run/systemd/network/zzzz-dracut-default.network': No such file or directory
```
`systemd-network-generator` creates `/run/systemd/network` in
`context_save` by calling `mkdir_p(p, 0755)`. In case
`systemd-network-generator.service` fails this directory might not have
been created.
Benjamin Drung [Tue, 17 Mar 2026 16:40:21 +0000 (17:40 +0100)]
test: use TEST_KERNEL_CMDLINE in test 72 as well
All tests add `TEST_KERNEL_CMDLINE` to their kernel command line
options except for test 72. Setting `DEBUGFAIL` in test 72 has no
effect, because this will only be added to `TEST_KERNEL_CMDLINE`.
Benjamin Drung [Mon, 16 Mar 2026 10:22:33 +0000 (11:22 +0100)]
fix(dracut.sh): use printf instead of echo in mark_hostonly
POSIX requires to interpreted escape sequences. The filenames passed to
`mark_hostonly` might contain backslashes and therefore might be
interpreted (dash 0.5.13.1 will do that).
So use `printf` instead to avoid escaping the filenames.
Nadzeya Hutsko [Tue, 24 Feb 2026 16:46:48 +0000 (17:46 +0100)]
feat(overlayfs): support tmpfs size parameter in rd.overlay
When rd.overlay=tmpfs:size=<size> is passed on the kernel command line,
mount a dedicated tmpfs at /run/initramfs/overlay with the specified
options for the OverlayFS upper directory, instead of using the default
/run tmpfs.
Supported options (comma-separated after tmpfs:) are size=, nr_blocks=
and nr_inodes=. If mounting fails, the script falls back gracefully to
the default /run tmpfs overlay.
fix(network-legacy): add input validation to RFC 3442 route parser
The parse_option_121() function that parses DHCP option 121 (classless
static routes) could fail with shell errors when processing malformed
or truncated data:
- "integer expression expected" when comparing non-numeric mask values
- "shift count out of range" when not enough arguments remain
Add validation to:
- Verify mask is a number between 0-32
- Pre-calculate required argument count before consuming
- Validate destination octets are numeric before multicast check
- Add bounds checking before shifts
Tested with Hetzner cloud infrastructure which sends RFC 3442 routes.
Sidharth Sankar [Wed, 11 Mar 2026 13:27:56 +0000 (18:57 +0530)]
fix(crypt): use -d instead of -f to check for $NEWROOT/proc directory
All other instances of checks for the existence of $NEWROOT/proc use
-d or at least -e, but incorrectly using -f to check for the existence
of just a file at that path would fail to exit as it should if the
directory exists.
Fixes: d0d1ea3 ("prompt the crypto disk, when asking for a password") Signed-off-by: Sidharth Sankar <sidstuffhere@gmail.com>
Benjamin Drung [Fri, 13 Mar 2026 13:45:50 +0000 (14:45 +0100)]
fix(crypt): honor timeout setting when using UUID, LABEL, etc
Test 20 fails on slow architectures, because it runs into a timeout:
```
[ TIME ] Timed out waiting for device dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device - /dev/disk/by-uuid/1dc514cd-8268-4a33-873f-84f8eb02d3e0.
[DEPEND] Dependency failed for systemd-cryptsetup@testluks.service - Cryptography Setup for testluks.
[DEPEND] Dependency failed for cryptsetup.target - Local Encrypted Volumes.
[ 118.452336] systemd[1]: dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device: Job dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device/start timed out.
[ 118.465917] systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device - /dev/disk/by-uuid/1dc514cd-8268-4a33-873f-84f8eb02d3e0.
[ 118.483854] systemd[1]: Dependency failed for systemd-cryptsetup@testluks.service - Cryptography Setup for testluks.
[ 118.500894] systemd[1]: Dependency failed for cryptsetup.target - Local Encrypted Volumes.
[ 118.519552] systemd[1]: cryptsetup.target: Job cryptsetup.target/start failed with result 'dependency'.
[ 118.535383] systemd[1]: systemd-cryptsetup@testluks.service: Job systemd-cryptsetup@testluks.service/start failed with result 'dependency'.
[ 118.549404] systemd[1]: dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device: Job dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device/start failed with result 'timeout'.
```
`parse-crypt.sh` is supposed to set the timeout for this device
(defaulting to `infinity`), but it uses the wrong unit name in case the
source device in `/etc/crypttab` uses `UUID`, `PARTLABEL`, `LABEL`, or
`PARTUUID`. For example: it converts
`UUID=1dc514cd-8268-4a33-873f-84f8eb02d3e0` to
`UUID\x3d1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device`
instead of
`dev-disk-by\x2duuid-1dc514cd\x2d8268\x2d4a33\x2d873f\x2d84f8eb02d3e0.device`.
Use `label_uuid_to_dev` to map the source device from `/etc/crypttab` to
a device path.
Benjamin Drung [Fri, 13 Mar 2026 14:02:09 +0000 (15:02 +0100)]
revert(ci): skip void:latest due to dash 0.5.13.1 bug
As dash has not acknowledged the bug report yet, and more issues with
that version of dash were reported, void have reverted to the previous
version 0.5.12.
ci(opensuse): install libarchive13 for TEST-45-SYSTEMD-IMPORT
This should fix the recent CI failure:
```
2026-03-12T13:16:04.1863272Z dracut-install: WARNING: could not locate dlopen dependency for archive feature requested by '/usr/lib64/systemd/libsystemd-shared-259.3-1.1.so'
```
Benjamin Drung [Thu, 5 Mar 2026 23:20:04 +0000 (00:20 +0100)]
test: drop poweroff call where poweroff is called by EXIT trap
Several scripts set an EXIT trap to call `poweroff -f`. So these scripts
do not need to call `poweroff -f` at the end any more. They can just
rely on the EXIT trap.
Benjamin Drung [Thu, 5 Mar 2026 23:05:04 +0000 (00:05 +0100)]
test: use EXIT trap in server-init.sh to poweroff on exit
Use an EXIT trap in `server-init.sh` to poweroff on exit to make the
code similar to the client init scripts. This will allow to run those
scripts with `set -e`.
Benjamin Drung [Thu, 5 Mar 2026 21:23:24 +0000 (22:23 +0100)]
test: build minimal server rootfs for test 70-72
Build a minimal server rootfs for test 70 to 72 using
`build_rootfs_base` and functions from `dracut-functions.sh` instead of
using `dracut.sh` (which would build a bigger rootfs).
Benjamin Drung [Sat, 7 Feb 2026 18:54:02 +0000 (19:54 +0100)]
fix(dracut): remove unused dracut_no_switch_root
Commit 19e575859086 ("squash: also squash systemctl if switch-root is
not needed") added the function `dracut_no_switch_root` but never used
it. https://codesearch.debian.net shows no user as well.
So remove the unused `dracut_no_switch_root` function.
Benjamin Drung [Wed, 4 Mar 2026 17:09:40 +0000 (18:09 +0100)]
test: switch QEMU network backend to dgram (UDP)
When replacing isc-dhcp-server by dnsmasq, test 60 starts to fail on
some distributions. The second client test hangs for several seconds on
shutdown and the third client test fails to get an IP adress. The client
sends a DHCP discover packet, but that never reaches dnsmasq.
Adding tcpdump to `server-init.sh` let the tests succeed:
```
tcpdump -v -Z root -i enx525400123456 -n port 67 or port 68 &
```
Running the client tests individually let them succeed as well.
The assumption is that the host kernel keeps the QEMU netdev TCP socket
in a TIME_WAIT or FIN_WAIT_2 state following a client shutdown which
leads to a socket deadlock: the next client may successfully connect to
the host socket, but the server QEMU process fails to re-initialize the
virtual link correctly.
Switch to `-netdev dgram` (UDP) to eliminate the connection state
management entirely.
See also https://github.com/dracut-ng/dracut-ng/pull/2271#issuecomment-3997945175
Benjamin Drung [Wed, 4 Mar 2026 18:43:54 +0000 (19:43 +0100)]
test: use different MAC addresses for all NFS client tests
Having two separate client tests use the same MAC address might not work
with dnsmasq. To ease debugging use a separate MAC address for each
client test. Update the DHCP config to reflect the test case name and
make the numbering consecutive.
Benjamin Drung [Tue, 10 Feb 2026 13:32:45 +0000 (14:32 +0100)]
test: make including assertion.sh explicitly
The function `build_client_rootfs` includes the `assertion.sh` file in
case it can be found. This automatic behavior is fragile and a missing
`assertion.sh` will not be noticed.
So explicitly specify the assertion file to include when calling
`build_client_rootfs`.
The dbus-broker and dbus-daemon Dracut modules want to remove
`After=sysinit.target` and `Requires=sysinit.target` from `dbus.service`
and `dbus.socket`. This is done by setting `DefaultDependencies=no` and
specifying the remaining default dependencies. The relevant code has
been there since the introduction (see commit e1845955ff3d).
The Ubuntu package of dbus already removes some of the default
dependencies from the `dbus.service` and `dbus.socket` (see
https://launchpad.net/bugs/1438612):
This results in not removing the `sysinit.target` dependency on Ubuntu
and causes the dbus service to start too late. Since NetworkManager
depends on dbus, it will start too late as well. That causes the NBD
test cases to fail.
So remove the `After` and `Requires` entries from the `dbus.service` and
`dbus.socket` before setting `DefaultDependencies=no`. Also restore
`Before=sockets.target` in `dbus.socket`.
Benjamin Drung [Tue, 3 Mar 2026 19:49:38 +0000 (20:49 +0100)]
test: use verySecurePassword as cryptsetup password
The cryptsetup password `test` is not FIPS compliant. This causes test
20 to fail on Fedora:
```
systemd-cryptsetup[688]: Running in FIPS mode.
systemd-cryptsetup[688]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/aa12cc4c-b796-4c7f-a029-cf7f0120bb30.
systemd-cryptsetup[688]: Keyslot open failed.
systemd-cryptsetup[688]: Failed to activate with key file '/etc/key': Invalid argument
systemd[1]: systemd-cryptsetup@testluks.service: Main process exited, code=exited, status=1/FAILURE
```
So use `verySecurePassword` as password which makes FIPS happy.
Benjamin Drung [Mon, 2 Mar 2026 17:56:04 +0000 (18:56 +0100)]
test: create server log in the test directory
Store the server log in the test directory (similar to the test log)
instead of putting the server log in `/var/tmp`. This makes it easier to
access the server log in case of a failure.
Benjamin Drung [Mon, 2 Mar 2026 17:06:49 +0000 (18:06 +0100)]
test: use separate networks for different NICs
The iSCSI tests 70 and 71 use two network interfaces. The server
launches a DHCP server on both network interfaces providing different IP
addresses for both. This setup works for ISC dhcpd, but will cause
problems when switching to dnsmasq: dnsmasq would offer IP from both IP
ranges to the client.
As preparation for switching to dnsmasq use separate networks for the
two different network interfaces.
Hector Cao [Wed, 25 Feb 2026 11:12:34 +0000 (12:12 +0100)]
test: force cpu to neoverse-n1 for arm64 when QEMU_CPU not set
using cpu=max might expose new unstable features with qemu/edk2
upgrades, this unstability might cause test failures to happen
, we are experiencing that in Debian/Ubuntu with edk2 latest version
that enables LPA2 that is still unstable.
since using cpu=max is not required for dracut tests, using a
named model will offer a better stability for the tests for future
qemu/edk2 upgrades. the choosen cpu model for arm64 is neoverse-n1
since it is one of the most stable and proven CPU model from a
virtualization standpoint.
Co-authored-by: Benjamin Drung <bdrung@ubuntu.com>
Benjamin Drung [Mon, 23 Feb 2026 10:27:57 +0000 (11:27 +0100)]
ci: re-run tests 70 and 71 on debian:sid
mdadm 4.5 checks the last 32 MB for DDF, which causes the tests to run
into a timeout:
```
[ 65.132396] (udev-worker)[521]: sdb: Spawned process '/sbin/mdadm -I /dev/sdb' [920] is taking longer than 59s to complete.
[ 65.133321] systemd-udevd[512]: sdb: Worker [521] processing SEQNUM=1459 is taking a long time.
[ 65.133942] systemd-udevd[512]: sdc: Worker [516] processing SEQNUM=1471 is taking a long time.
```
Jo Zzsi [Tue, 10 Feb 2026 13:55:41 +0000 (08:55 -0500)]
fix(dracut): remove udevrulesconfdir variable
There is about 50 places in the dracut source code where the
`/etc/udev/rules.d` path is hardcoded.
Having a `udevrulesconfdir` dracut variable gives an impression
that dracut and dracut configuration files can configure and overwrite
udevrulesconfdir variable, this functionality however never was
supported and never worked.
Instead of making an attempt to fix the usage of udevrulesconfdir
variable, let's just remove it and require that udevrulesconfdir
always maps to /etc/udev/rules.d for dracut.
test: check if /dev/disk/by-id exists before trying to write the disk marker
Not all the tests require a disk marker, so verify that /dev/disk/by-id exists
before attempting to write it. E.g., on a successful run of
TEST-45-SYSTEMD-IMPORT the following error messages are always printed:
```
2026-02-13T00:12:28.5241893Z made it to the test rootfs!
2026-02-13T00:12:28.5358768Z dd: failed to open '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:12:28.5410929Z sync: error opening '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:12:28.5417101Z All OK
```
However, the wrong sync operation sometimes seems to affect the "All OK" print
and the final verification of the test result. E.g.:
```
2026-02-13T00:16:40.5815187Z made it to the test rootfs!
2026-02-13T00:16:40.5913208Z dd: failed to open '/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_marker': No such file or directory
2026-02-13T00:16:40.5932999Z /sbin/test-init: 57: echo: echo: I/O error
```
Benjamin Drung [Wed, 11 Feb 2026 13:53:55 +0000 (14:53 +0100)]
fix(ppcmac): use return instead of exit in pre-udev hook
The `load-thermal.sh` pre-udev hook calls `exit 0`. This causes the
sourcing script (`dracut-pre-udev.sh` on systemd or `init.sh` from the
base Dracut module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in the ppcmac pre-udev hook.
Benjamin Drung [Wed, 11 Feb 2026 13:52:03 +0000 (14:52 +0100)]
fix(memdisk): use return instead of exit in cmdline hook
The `memdisk.sh` cmdline hook calls `exit 0`. This causes the sourcing
script (`dracut-cmdline.sh` on systemd or `init.sh` from the base Dracut
module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in the memdisk cmdline hook.
Benjamin Drung [Wed, 11 Feb 2026 13:33:51 +0000 (14:33 +0100)]
fix(kernel-modules-export): use return instead of exit in pre-pivot hook
The `modules-export.sh` pre-pivot hook calls `exit 0`. This causes the
sourcing script (`dracut-pre-pivot.sh` on systemd or `init.sh` from the
base Dracut module) to exit. The subsequent hooks are not executed.
Use `return` instead of `exit` in kernel-modules-export pre-pivot hook.
Benjamin Drung [Sun, 8 Feb 2026 01:01:53 +0000 (02:01 +0100)]
ci: also run container manifest step for by workflow_dispatch
The container CI jobs might be run manually (using the
`workflow_dispatch` trigger). In this case the `manifest` step is
skipped. This makes manually runnings the container job useless.
Also run the container manifest step for `workflow_dispatch`.
Benjamin Drung [Sat, 7 Feb 2026 13:26:29 +0000 (14:26 +0100)]
test: rename overlay directory to rootfs
Several tests use `build_ext4_image` to generate a rootfs and do not
rely on `test-makeroot` any more (where the `overlay` directory name was
used).
To make the test code more readable, rename the `overlay` directory to
`rootfs`. In case there are client and server rootfs, use
`client-rootfs` and `server-rootfs`.
Benjamin Drung [Fri, 6 Feb 2026 23:53:44 +0000 (00:53 +0100)]
test: prevent overlay/source being added in test_dracut
The function `test_dracut()` will include `$TESTDIR/overlay` into the
test `initramfs.testing` if available. Several tests create
`$TESTDIR/overlay/source` for creating rootfs using `test-makeroot`.
Delete `$TESTDIR/overlay` after being used by `test-makeroot` to avoid
adding `$TESTDIR/overlay/source` to the client test initrd.
Benjamin Drung [Fri, 6 Feb 2026 22:00:14 +0000 (23:00 +0100)]
fix(dracut): also check libraries when resolving lazy
Dracut might resolve executable dependencies lazy. In this case all
libraries are installed without resolving their dependencies.
Later Dracut will resolve dependencies of the included executables, but
it will not explicitly check libraries. This will miss resolving
dependencies of libraries that are used via `dlopen()`.
There is no requirement for library files to be executable. So resolve
dependencies all files. `resolve_deps()` will check if the file is
either an ELF file or a script.
This will also resolve dependencies of scripts that are not marked
executable, which might be an undesired side effect. In this case users
are advised to either call `dracut-install` without `-l` or not include
those files at all.
chore(dracut): switch to /usr/lib from /lib for hooks
The current tendency is to move towards "hermetic /usr" and not
introduce new things outside of it. For distro shipped hooks and
for the testsuite move the location from /lib to /usr/lib.
Benjamin Drung [Tue, 3 Feb 2026 21:24:46 +0000 (22:24 +0100)]
fix: avoid leading spaces in systemd units
Some `sed` commands insert multiple lines into systemd units. Using
backslash followed by a newline and spaces (for indentation) will
include those spaces in the systemd unit.
projects / thirdparty / dracut-ng.git / log
