diff --git a/SOURCES/0009.patch b/SOURCES/0009.patch index fadc930..c93daeb 100644 --- a/SOURCES/0009.patch +++ b/SOURCES/0009.patch @@ -27,3 +27,4 @@ index ae1924cc..79af4a47 100755 fi inst_dir /var/lib/iscsi + diff --git a/SOURCES/0010.patch b/SOURCES/0010.patch new file mode 100644 index 0000000..59fca50 --- /dev/null +++ b/SOURCES/0010.patch @@ -0,0 +1,26 @@ +From c787ad30ab5467c9f3c740a1cd7ed8b3198b9719 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 21 May 2019 17:58:38 +0200 +Subject: [PATCH] net-lib: strstr is not for globs + +(cherry picked from commit 1a3dcc8b46c967445794e679280a3fb3b8e77ae0) + +Resolves: #1712469 +--- + modules.d/40network/net-lib.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh +index 1e7f1b33..7b93f25e 100755 +--- a/modules.d/40network/net-lib.sh ++++ b/modules.d/40network/net-lib.sh +@@ -463,7 +463,7 @@ ip_to_var() { + # ip= means anaconda-style static config argument cluster + autoconf="$1" + +- if strstr "$autoconf" "*.*.*.*"; then ++ if strglob "$autoconf" "*.*.*.*"; then + # ip= means anaconda-style static config argument cluster: + # ip= gateway= netmask= hostname= mtu= + # ksdevice={link|bootif|ibft||} + diff --git a/SOURCES/0011.patch b/SOURCES/0011.patch new file mode 100644 index 0000000..190a00d --- /dev/null +++ b/SOURCES/0011.patch @@ -0,0 +1,40 @@ +From 81b59fbbd6ebeee05b5d6869ae4f36bb9e486f72 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 8 Jan 2019 17:16:07 +0100 +Subject: [PATCH] 95iscsi: rd.iscsi.initiator should have priority over stored + configuration + +(cherry picked from commit 61afc704548cecc7f7d2fa3b5f1319e790cc5bee) + +Resolves: #1664062 +--- + modules.d/95iscsi/parse-iscsiroot.sh | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/modules.d/95iscsi/parse-iscsiroot.sh b/modules.d/95iscsi/parse-iscsiroot.sh +index 7a64d888..f00a83bb 100755 +--- a/modules.d/95iscsi/parse-iscsiroot.sh ++++ b/modules.d/95iscsi/parse-iscsiroot.sh +@@ -107,14 +107,13 @@ if arg=$(getarg rd.iscsi.initiator -d iscsi_initiator=) && [ -n "$arg" ] && ! [ + iscsi_initiator=$arg + echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi + ln -fs /run/initiatorname.iscsi /dev/.initiatorname.iscsi +- if ! [ -e /etc/iscsi/initiatorname.iscsi ]; then +- mkdir -p /etc/iscsi +- ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi +- if [ -n "$DRACUT_SYSTEMD" ]; then +- systemctl try-restart iscsid +- # FIXME: iscsid is not yet ready, when the service is :-/ +- sleep 1 +- fi ++ rm -f /etc/iscsi/initiatorname.iscsi ++ mkdir -p /etc/iscsi ++ ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi ++ if [ -n "$DRACUT_SYSTEMD" ]; then ++ systemctl try-restart iscsid ++ # FIXME: iscsid is not yet ready, when the service is :-/ ++ sleep 1 + fi + fi + + diff --git a/SOURCES/0012.patch b/SOURCES/0012.patch new file mode 100644 index 0000000..92e1758 --- /dev/null +++ b/SOURCES/0012.patch @@ -0,0 +1,86 @@ +From 9c54932f590fd7accadc780c6ee946a94286b7e6 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 14 May 2019 09:23:55 +0200 +Subject: [PATCH] fips: split loading the crypto modules and checking the + kernel + +In e54ab383 we moved the fips script to a later pahse of boot, since +the /boot might not be available early on. + +The problem is that systemd-cryptsetup* services could be run now +started before the do_fips is executed and need the crypto modules +to decrypted the devices. + +So let's split the do_fips and load the module before udev does the +trigger. +--- + modules.d/01fips/fips-load-crypto.sh | 8 ++++++++ + modules.d/01fips/fips.sh | 19 +++++++++++-------- + modules.d/01fips/module-setup.sh | 1 + + 3 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/modules.d/01fips/fips-load-crypto.sh b/modules.d/01fips/fips-load-crypto.sh +new file mode 100644 +index 00000000..82cbeee4 +--- /dev/null ++++ b/modules.d/01fips/fips-load-crypto.sh +@@ -0,0 +1,8 @@ ++#!/bin/sh ++ ++if ! fipsmode=$(getarg fips) || [ $fipsmode = "0" ]; then ++ rm -f -- /etc/modprobe.d/fips.conf >/dev/null 2>&1 ++else ++ . /sbin/fips.sh ++ fips_load_crypto || die "FIPS integrity test failed" ++fi +diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh +index 9bc089f2..beaa692b 100755 +--- a/modules.d/01fips/fips.sh ++++ b/modules.d/01fips/fips.sh +@@ -69,15 +69,8 @@ do_rhevh_check() + return 0 + } + +-do_fips() ++fips_load_crypto() + { +- local _v +- local _s +- local _v +- local _module +- +- KERNEL=$(uname -r) +- + FIPSMODULES=$(cat /etc/fipsmodules) + + info "Loading and integrity checking all crypto modules" +@@ -102,6 +95,16 @@ do_fips() + info "Self testing crypto algorithms" + modprobe tcrypt || return 1 + rmmod tcrypt ++} ++ ++do_fips() ++{ ++ local _v ++ local _s ++ local _v ++ local _module ++ ++ KERNEL=$(uname -r) + + info "Checking integrity of kernel" + if [ -e "/run/initramfs/live/vmlinuz0" ]; then +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index f3af4d90..18186d62 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -54,6 +54,7 @@ install() { + local _dir + inst_hook pre-trigger 01 "$moddir/fips-boot.sh" + inst_hook pre-pivot 01 "$moddir/fips-noboot.sh" ++ inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh" + inst_script "$moddir/fips.sh" /sbin/fips.sh + + inst_multiple sha512hmac rmmod insmod mount uname umount + diff --git a/SOURCES/0013.patch b/SOURCES/0013.patch new file mode 100644 index 0000000..b15e070 --- /dev/null +++ b/SOURCES/0013.patch @@ -0,0 +1,51 @@ +From a1435c3d535707f1d21aaf85e62175ff2bb1ad2b Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Thu, 14 Mar 2019 18:54:10 +0800 +Subject: [PATCH] fips: ensure fs module for /boot is installed + +When using dracut with --hostonly and --no-hostonly-default-device, +/boot will be inaccessible as dracut will most fs modules unless +specified. But FIPS require /boot to be accessible, and it will try +to mount it on boot. It will fail if corresponding fs module is missing. + +For most case /boot will be a simple partition, include the fs module +will be enough for FIPS to mount it. For other cases users have to pass +extra parameters by themselves. + +Suggested-by: Kenneth Dsouza +Signed-off-by: Kairui Song +--- + modules.d/01fips/module-setup.sh | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 18186d62..89734a09 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -12,7 +12,7 @@ depends() { + + # called by dracut + installkernel() { +- local _fipsmodules _mod ++ local _fipsmodules _mod _bootfstype + if [[ -f "${srcmods}/modules.fips" ]]; then + _fipsmodules="$(cat "${srcmods}/modules.fips")" + else +@@ -47,6 +47,16 @@ installkernel() { + echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf" + fi + done ++ ++ # with hostonly_default_device fs module for /boot is not installed by default ++ if [[ $hostonly ]] && [[ "$hostonly_default_device" == "no" ]]; then ++ _bootfstype=$(find_mp_fstype /boot) ++ if [[ -n "$_bootfstype" ]]; then ++ hostonly='' instmods $_bootfstype ++ else ++ dwarning "Can't determine fs type for /boot, FIPS check may fail." ++ fi ++ fi + } + + # called by dracut + diff --git a/SOURCES/0014.patch b/SOURCES/0014.patch new file mode 100644 index 0000000..4247482 --- /dev/null +++ b/SOURCES/0014.patch @@ -0,0 +1,49 @@ +From 7c35556da4c803bbb08c96e96262e598d5c42274 Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Tue, 21 Aug 2018 13:14:44 +0200 +Subject: [PATCH] network: skip already enslaved interfaces + +(cherry picked from commit f6e3b59e5ea6f52a25631557badc7f4dfabbd7ee) + +Resolves: #1625042 +--- + modules.d/35network-legacy/ifup.sh | 6 +++++- + modules.d/40network/net-lib.sh | 7 +++++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/modules.d/35network-legacy/ifup.sh b/modules.d/35network-legacy/ifup.sh +index ea2a67ff..b4f5bf10 100755 +--- a/modules.d/35network-legacy/ifup.sh ++++ b/modules.d/35network-legacy/ifup.sh +@@ -408,7 +408,11 @@ for p in $(getargs ip=); do + esac + + # If this option isn't directed at our interface, skip it +- [ -n "$dev" ] && [ "$dev" != "$netif" ] && continue ++ if [ -n "$dev" ]; then ++ [ "$dev" != "$netif" ] && continue ++ else ++ iface_is_enslaved "$netif" && continue ++ fi + + # Store config for later use + for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do +diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh +index 7b93f25e..f9569573 100755 +--- a/modules.d/40network/net-lib.sh ++++ b/modules.d/40network/net-lib.sh +@@ -745,6 +745,13 @@ iface_has_link() { + iface_has_carrier "$@" + } + ++iface_is_enslaved() { ++ local _li ++ _li=$(ip -o link show dev $1) ++ strstr "$li" " master " || return 1 ++ return 0 ++} ++ + find_iface_with_link() { + local iface_path="" iface="" + for iface_path in /sys/class/net/*; do + diff --git a/SOURCES/0015.patch b/SOURCES/0015.patch new file mode 100644 index 0000000..f79f1e7 --- /dev/null +++ b/SOURCES/0015.patch @@ -0,0 +1,24 @@ +From 4971a2c4eb4526cb88a5c9aff30c57527a746036 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 16 Jul 2019 08:27:01 +0100 +Subject: [PATCH] 01fips: add cfb cipher + +Required by FIPS standard +--- + modules.d/01fips/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh +index 89734a09..f011f15d 100755 +--- a/modules.d/01fips/module-setup.sh ++++ b/modules.d/01fips/module-setup.sh +@@ -24,7 +24,7 @@ installkernel() { + _fipsmodules+="crc32c crct10dif ghash " + + # Ciphers: +- _fipsmodules+="cipher_null des3_ede aes " ++ _fipsmodules+="cipher_null des3_ede aes cfb " + + # Modes/templates: + _fipsmodules+="ecb cbc ctr xts gcm ccm authenc hmac cmac " + diff --git a/SOURCES/0016.patch b/SOURCES/0016.patch new file mode 100644 index 0000000..57aed12 --- /dev/null +++ b/SOURCES/0016.patch @@ -0,0 +1,86 @@ +From 31116110ff0090324a568ce2aba6519a860d66b3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Renaud=20M=C3=A9trich?= +Date: Thu, 11 Jul 2019 10:50:40 +0200 +Subject: [PATCH] rngd: new module running early during boot to help generating + entropy when system's default entropy sources are poor (e.g. use of SSD disks + or UEFI RNG not available) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On systems with low entropy at boot, the boot can take up to several +hours, specially when NBDE is used (e.g. clevis) which makes use of +the random number generator. + +Enabling rngd service at boot early, because dracut-initqueue runs, +enables to initialize the random number generator in a couple of seconds +instead of minutes or hours. + +Signed-off-by: Renaud Métrich +(cherry picked from commit adee5b97bc5418b6e357342bb3be20568668aa55) + +Resolves: #1726617 +--- + modules.d/06rngd/module-setup.sh | 39 +++++++++++++++++++++++++++++++++++++++ + modules.d/06rngd/rngd.service | 7 +++++++ + 2 files changed, 46 insertions(+) + +diff --git a/modules.d/06rngd/module-setup.sh b/modules.d/06rngd/module-setup.sh +new file mode 100644 +index 00000000..43d5c2d3 +--- /dev/null ++++ b/modules.d/06rngd/module-setup.sh +@@ -0,0 +1,39 @@ ++#!/bin/bash ++# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: ++# ++# Copyright (c) 2019 Red Hat, Inc. ++# Author: Renaud Métrich ++# ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++# ++ ++depends() { ++ echo systemd ++ return 0 ++} ++ ++check() { ++ # if there's no rngd binary, no go. ++ require_binaries rngd || return 1 ++ ++ return 0 ++} ++ ++install() { ++ inst rngd ++ inst_simple "${moddir}/rngd.service" "${systemdsystemunitdir}/rngd.service" ++ mkdir -p "${initdir}${systemdsystemunitdir}/sysinit.target.wants" ++ ln -rfs "${initdir}${systemdsystemunitdir}/rngd.service" \ ++ "${initdir}${systemdsystemunitdir}/sysinit.target.wants/rngd.service" ++} +diff --git a/modules.d/06rngd/rngd.service b/modules.d/06rngd/rngd.service +new file mode 100644 +index 00000000..570fbedb +--- /dev/null ++++ b/modules.d/06rngd/rngd.service +@@ -0,0 +1,7 @@ ++[Unit] ++Description=Hardware RNG Entropy Gatherer Daemon ++DefaultDependencies=no ++Before=systemd-udevd.service ++ ++[Service] ++ExecStart=/usr/sbin/rngd -f + diff --git a/SOURCES/0017.patch b/SOURCES/0017.patch new file mode 100644 index 0000000..899efb3 --- /dev/null +++ b/SOURCES/0017.patch @@ -0,0 +1,22 @@ +From d86dfcd148e5d726f00b8a83eeadb11aa0017fba Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Mon, 22 Jul 2019 14:07:26 +0200 +Subject: [PATCH] dracut.spec: add 06rngd + +--- + dracut.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/dracut.spec b/dracut.spec +index de57703c..92c7f7bf 100644 +--- a/dracut.spec ++++ b/dracut.spec +@@ -346,6 +346,7 @@ install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kerne + %{dracutlibdir}/modules.d/03rescue + %{dracutlibdir}/modules.d/04watchdog + %{dracutlibdir}/modules.d/05busybox ++%{dracutlibdir}/modules.d/06rngd + %{dracutlibdir}/modules.d/10i18n + %{dracutlibdir}/modules.d/30convertfs + %{dracutlibdir}/modules.d/45url-lib + diff --git a/SOURCES/0018.patch b/SOURCES/0018.patch new file mode 100644 index 0000000..8e21561 --- /dev/null +++ b/SOURCES/0018.patch @@ -0,0 +1,49 @@ +From 927428e6a5e90b2214ee9edf15d4eb6c0fc5c203 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Mon, 11 Mar 2019 18:44:02 +0800 +Subject: [PATCH] squash: squash systemd binary and udevadm + +systemd binary and udevadm are not needed to be outside the squash +image. Some binaries are kept outside because they are required before +mounting the image, or after umounting the image (when switching root), +or they may block umounting the image. But we are using lazy umounting, +so actually nothing will block the umount. + +Keep more binaries outside the squash image won't hurt but cost extra +memories, the idea of squash image is to save memory usage. + +So, there is no reason to keep udevadm outside, that should be a debug +left over. For systemd binary, it's running when switch root happens, +But we have lazy umounted the image and overlay, once systemd process +exec the new systemd in new root, everything will be cleared by kernel. + +Also tidy up the comment make it less confussing. + +Signed-off-by: Kairui Song +(cherry picked from commit e1e1f6e8e6747d8f32c065e267e0a57587818c9e) + +Resolves: #1691705 +--- + dracut.sh | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index e683a9bc..a0158f22 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1772,9 +1772,11 @@ if dracut_module_included "squash"; then + mv $initdir/$folder $squash_dir/$folder + done + +- # Reinstall required files, because we have moved some important folders to $squash_dir +- inst_multiple "echo" "sh" "mount" "modprobe" "mkdir" \ +- "systemctl" "udevadm" "$systemdutildir/systemd" ++ # Reinstall required files for the squash image setup script. ++ # We have moved them inside the squashed image, but they need to be ++ # accessible before mounting the image. Also install systemctl, ++ # it's requires for switch-root, but we will umount the image before switch-root ++ inst_multiple "echo" "sh" "mount" "modprobe" "mkdir" "systemctl" + hostonly="" instmods "loop" "squashfs" "overlay" + + for folder in "${squash_candidate[@]}"; do + diff --git a/SOURCES/0019.patch b/SOURCES/0019.patch new file mode 100644 index 0000000..6b7cac8 --- /dev/null +++ b/SOURCES/0019.patch @@ -0,0 +1,71 @@ +From b6d52b504fc7eefc3f405f75463d9e818471ee99 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Mon, 11 Mar 2019 19:46:19 +0800 +Subject: [PATCH] squash: fix and simplify required_in_root + +If required target is a symbol link, create the link then following the +link. If it's a directory, create new directory, else just move it. + +Signed-off-by: Kairui Song +(cherry picked from commit 11ce69e4bd9172cf54251ea62bb4a5ead1700fd6) + +Resolves: #1691705 +--- + dracut.sh | 42 +++++++++++++++++++----------------------- + 1 file changed, 19 insertions(+), 23 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index a0158f22..6de88b3e 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1811,30 +1811,26 @@ if dracut_module_included "squash"; then + required_in_root $(dirname $file) + fi + +- if [[ -d $_sqsh_file ]]; then +- if [[ -L $_sqsh_file ]]; then +- cp --preserve=all -P $_sqsh_file $_init_file +- else +- mkdir $_init_file +- fi ++ if [[ -L $_sqsh_file ]]; then ++ cp --preserve=all -P $_sqsh_file $_init_file ++ _sqsh_file=$(realpath $_sqsh_file 2>/dev/null) ++ if [[ -e $_sqsh_file ]] && [[ "$_sqsh_file" == "$squash_dir"* ]]; then ++ # Relative symlink ++ required_in_root ${_sqsh_file#$squash_dir/} ++ return ++ fi ++ if [[ -e $squash_dir$_sqsh_file ]]; then ++ # Absolute symlink ++ required_in_root ${_sqsh_file#/} ++ return ++ fi ++ required_in_root ${module_spec#$squash_dir/} + else +- if [[ -L $_sqsh_file ]]; then +- cp --preserve=all -P $_sqsh_file $_init_file +- _sqsh_file=$(realpath $_sqsh_file 2>/dev/null) +- if [[ -e $_sqsh_file ]] && [[ "$_sqsh_file" == "$squash_dir"* ]]; then +- # Relative symlink +- required_in_root ${_sqsh_file#$squash_dir/} +- return +- fi +- if [[ -e $squash_dir$_sqsh_file ]]; then +- # Absolute symlink +- required_in_root ${_sqsh_file#/} +- return +- fi +- required_in_root ${module_spec#$squash_dir/} +- else +- mv $_sqsh_file $_init_file +- fi ++ if [[ -d $_sqsh_file ]]; then ++ mkdir $_init_file ++ else ++ mv $_sqsh_file $_init_file ++ fi + fi + } + + diff --git a/SOURCES/0020.patch b/SOURCES/0020.patch new file mode 100644 index 0000000..64dfdff --- /dev/null +++ b/SOURCES/0020.patch @@ -0,0 +1,94 @@ +From 829ed8ef5cca250fac475ad6b0265c792c3af015 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Wed, 13 Mar 2019 17:36:53 +0800 +Subject: [PATCH] squash: also squash systemctl if switch-root is not needed + +systemctl need to be accessible on switch-root, but we unmount the +squash image on switch-root, so it will fail. systemctl depends on a lot +of libraries, squash them can save more RAM. So allow modules +(eg. kdump) to tell dracut that switch-root will be intercepted, +then we don't need to take care of that. + +Signed-off-by: Kairui Song +(cherry picked from commit 3ee0ca5eb74be5d1fbd0e6d643f6fff06234177f) + +Resolves: #1691705 +--- + dracut-init.sh | 4 ++++ + dracut.sh | 40 ++++++++++++++++++++++------------------ + 2 files changed, 26 insertions(+), 18 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index 50d23e2d..b1ac9966 100644 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -150,6 +150,10 @@ dracut_module_included() { + [[ " $mods_to_load $modules_loaded " == *\ $*\ * ]] + } + ++dracut_no_switch_root() { ++ >"$initdir/lib/dracut/no-switch-root" ++} ++ + if ! [[ $DRACUT_INSTALL ]]; then + DRACUT_INSTALL=$(find_binary dracut-install) + fi +diff --git a/dracut.sh b/dracut.sh +index 6de88b3e..8144a16e 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1772,24 +1772,6 @@ if dracut_module_included "squash"; then + mv $initdir/$folder $squash_dir/$folder + done + +- # Reinstall required files for the squash image setup script. +- # We have moved them inside the squashed image, but they need to be +- # accessible before mounting the image. Also install systemctl, +- # it's requires for switch-root, but we will umount the image before switch-root +- inst_multiple "echo" "sh" "mount" "modprobe" "mkdir" "systemctl" +- hostonly="" instmods "loop" "squashfs" "overlay" +- +- for folder in "${squash_candidate[@]}"; do +- # Remove duplicated files in squashfs image, save some more space +- [[ ! -d $initdir/$folder/ ]] && continue +- for file in $(find $initdir/$folder/ -not -type d); +- do +- if [[ -e $squash_dir${file#$initdir} ]]; then +- mv $squash_dir${file#$initdir} $file +- fi +- done +- done +- + # Move some files out side of the squash image, including: + # - Files required to boot and mount the squashfs image + # - Files need to be accessable without mounting the squash image +@@ -1851,6 +1833,28 @@ if dracut_module_included "squash"; then + ln -s squash/init.sh $initdir/init + ln -s squash/shutdown.sh $initdir/shutdown + ++ # Reinstall required files for the squash image setup script. ++ # We have moved them inside the squashed image, but they need to be ++ # accessible before mounting the image. ++ inst_multiple "echo" "sh" "mount" "modprobe" "mkdir" ++ hostonly="" instmods "loop" "squashfs" "overlay" ++ ++ # Only keep systemctl outsite if we need switch root ++ if [[ ! -f "$initdir/lib/dracut/no-switch-root" ]]; then ++ inst "systemctl" ++ fi ++ ++ for folder in "${squash_candidate[@]}"; do ++ # Remove duplicated files in squashfs image, save some more space ++ [[ ! -d $initdir/$folder/ ]] && continue ++ for file in $(find $initdir/$folder/ -not -type d); ++ do ++ if [[ -e $squash_dir${file#$initdir} ]]; then ++ mv $squash_dir${file#$initdir} $file ++ fi ++ done ++ done ++ + mksquashfs $squash_dir $squash_img -comp xz -b 64K -Xdict-size 100% &> /dev/null + + if [[ $? != 0 ]]; then + diff --git a/SOURCES/0021.patch b/SOURCES/0021.patch new file mode 100644 index 0000000..ed54a76 --- /dev/null +++ b/SOURCES/0021.patch @@ -0,0 +1,94 @@ +From 7ee74e539dba61c3765afe34426b085eff0de027 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Thu, 21 Feb 2019 13:18:37 +0800 +Subject: [PATCH] dracut: let module handling function accept optional path + option + +Let the caller pass in the module path instead of try to find the module +path everytime. This helps optimize the overall runtime. + +Test results (3 rounds) on Fedora 30 in KVM VM with 8 CPUs, 2G memory, HDD: + + $ time ./dracut.sh --local --quiet --hostonly --hostonly-cmdline --hostonly-i18n --hostonly-mode 'strict' -o 'plymouth dash resume ifcfg' --mount '/dev/mapper/fedora-root /sysroot xfs defaults' --no-hostonly-default-device -f initramfs.img + Before the commit: + real 0m11.782s | real 0m11.505s | real 0m11.958s + user 0m9.169s | user 0m9.218s | user 0m9.327s + sys 0m10.839s | sys 0m10.829s | sys 0m10.925s + + After this commit: + real 0m9.866s | real 0m9.580s | real 0m9.638s + user 0m9.048s | user 0m9.142s | user 0m9.120s + sys 0m7.411s | sys 0m7.775s | sys 0m7.745s + +Test result of building a ordinary image: + + $ time ./dracut.sh --local --quiet -f initramfs.img + Before the commit: + real 0m34.697s | real 0m34.371s | real 0m35.122s + user 0m27.608s | user 0m27.524s | user 0m27.705s + sys 0m22.341s | sys 0m22.032s | sys 0m22.246s + + After the commit: + real 0m31.914s | real 0m31.006 | real 0m31.289ss + user 0m27.315s | user 0m27.324 | user 0m27.290ss + sys 0m19.051s | sys 0m18.916 | sys 0m19.022ss + +This will have an ~2s speed up. + +Signed-off-by: Kairui Song +(cherry picked from commit 5916d31b24ad9eb21fd376929a96c459813315a1) + +Cherry-picked from: 5916d31b +Resolves: #1734047 +--- + dracut-init.sh | 4 ++++ + dracut.sh | 8 ++++---- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index b1ac9966..ab07cabf 100644 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -154,6 +154,10 @@ dracut_no_switch_root() { + >"$initdir/lib/dracut/no-switch-root" + } + ++dracut_module_path() { ++ echo ${dracutbasedir}/modules.d/??${1} | { read a b; echo "$a"; } ++} ++ + if ! [[ $DRACUT_INSTALL ]]; then + DRACUT_INSTALL=$(find_binary dracut-install) + fi +diff --git a/dracut.sh b/dracut.sh +index 8144a16e..f270af76 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1373,7 +1373,7 @@ do_print_cmdline() + for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do + _d_mod=${moddir##*/}; _d_mod=${_d_mod#[0-9][0-9]} + [[ ${_mods_to_print[$_d_mod]} ]] || continue +- module_cmdline "$_d_mod" ++ module_cmdline "$_d_mod" "$moddir" + done + unset moddir + } +@@ -1454,14 +1454,14 @@ for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do + dinfo "*** Including module: $_d_mod ***" + fi + if [[ $kernel_only == yes ]]; then +- module_installkernel "$_d_mod" || { ++ module_installkernel "$_d_mod" "$moddir" || { + dfatal "installkernel failed in module $_d_mod" + exit 1 + } + else +- module_install "$_d_mod" ++ module_install "$_d_mod" "$moddir" + if [[ $no_kernel != yes ]]; then +- module_installkernel "$_d_mod" || { ++ module_installkernel "$_d_mod" "$moddir" || { + dfatal "installkernel failed in module $_d_mod" + exit 1 + } + diff --git a/SOURCES/0022.patch b/SOURCES/0022.patch new file mode 100644 index 0000000..4bcd5e4 --- /dev/null +++ b/SOURCES/0022.patch @@ -0,0 +1,36 @@ +From 17cd55169c3549d85ba3e4d7e0e81c496d1b2940 Mon Sep 17 00:00:00 2001 +From: Lianbo Jiang +Date: Mon, 13 May 2019 16:09:25 +0800 +Subject: [PATCH] 99base: enable the initqueue in both 'dracut --add-device' + and 'dracut --mount' cases. + +The commit 9f3c31cd8d68 ("99base: enable initqueue if extra devices are added") +only covers 'dracut --add-device' case, but it did not cover 'dracut --mount' +case, which causes the kdump failure in the Amazon virtual machine. + +Lets make sure that the initqueue is enabled in both cases in order to wake up +the device in time. + +Reported-by: Xiao Liang +Signed-off-by: Lianbo Jiang +(cherry picked from commit e0fc62f619ba55a96179382e22f7665e969c3d42) + +Resolves: #1678094 +--- + modules.d/99base/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/99base/module-setup.sh b/modules.d/99base/module-setup.sh +index 21523fc9..c9ead01d 100755 +--- a/modules.d/99base/module-setup.sh ++++ b/modules.d/99base/module-setup.sh +@@ -93,7 +93,7 @@ install() { + + ## save host_devs which we need bring up + if [[ $hostonly_cmdline == "yes" ]]; then +- if [[ -n $add_device ]]; then ++ if [[ -n "${host_devs[@]}" ]]; then + dracut_need_initqueue + fi + if [[ -f "$initdir/lib/dracut/need-initqueue" ]] || ! dracut_module_included "systemd"; then + diff --git a/SOURCES/0023.patch b/SOURCES/0023.patch new file mode 100644 index 0000000..e0d31d5 --- /dev/null +++ b/SOURCES/0023.patch @@ -0,0 +1,34 @@ +From 1851348709df5413a767faecdee908534baf0da1 Mon Sep 17 00:00:00 2001 +From: Kairui Song +Date: Wed, 12 Jun 2019 14:27:44 +0800 +Subject: [PATCH] 95fcoe: load 'libfcoe' module as a fallback + +The kernel may only enable 'libfcoe' module. Some modules like bnx2fc +provides FCoE but only depend on 'libfcoe'. Loading 'fcoe' module may +fail but the kernel do support FCoE. + +'libfcoe' will be installed as a dependency when installing block device +drivers if it's required. So no need to install it in installkernel. + +Signed-off-by: Kairui Song +(cherry picked from commit 65fe1af2eca7d0ed340520577ab861fcd695b34a) + +Resolves: #1719645 +--- + modules.d/95fcoe/parse-fcoe.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/95fcoe/parse-fcoe.sh b/modules.d/95fcoe/parse-fcoe.sh +index 75cca9a5..12701cdb 100755 +--- a/modules.d/95fcoe/parse-fcoe.sh ++++ b/modules.d/95fcoe/parse-fcoe.sh +@@ -18,7 +18,7 @@ + # If it's not set we don't continue + [ -z "$fcoe" ] && return + +-[ -e /sys/bus/fcoe/ctlr_create ] || modprobe -b -a fcoe || die "FCoE requested but kernel/initrd does not support FCoE" ++[ -e /sys/bus/fcoe/ctlr_create ] || modprobe -b -a fcoe || modprobe -b -a libfcoe || die "FCoE requested but kernel/initrd does not support FCoE" + + initqueue --onetime modprobe -b -q bnx2fc + + diff --git a/SOURCES/0025.patch b/SOURCES/0025.patch new file mode 100644 index 0000000..664f9be --- /dev/null +++ b/SOURCES/0025.patch @@ -0,0 +1,26 @@ +From 3464297288b50a062e1094e57d46ad21e51b351b Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn +Date: Tue, 6 Aug 2019 10:54:09 +0200 +Subject: [PATCH] net-lib: fix typo $li -> $_li + +(cherry picked from commit cd97d8d2c0646b95aee47efd5eee39f29d617a67) + +Resolves: #1625042 +--- + modules.d/40network/net-lib.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh +index f9569573..ad78d225 100755 +--- a/modules.d/40network/net-lib.sh ++++ b/modules.d/40network/net-lib.sh +@@ -748,7 +748,7 @@ iface_has_link() { + iface_is_enslaved() { + local _li + _li=$(ip -o link show dev $1) +- strstr "$li" " master " || return 1 ++ strstr "$_li" " master " || return 1 + return 0 + } + + diff --git a/SOURCES/0026.patch b/SOURCES/0026.patch new file mode 100644 index 0000000..9055552 --- /dev/null +++ b/SOURCES/0026.patch @@ -0,0 +1,114 @@ +From f93681073cae4cfa118cfb3a2acb8cf78ce30646 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski +Date: Tue, 3 Sep 2019 10:44:36 -0500 +Subject: [PATCH] modules.d: fix udev rules detection of multipath devices + +Starting with the 0.7.7 release of the multipath tools, the multipath +udev rules always set a value in ENV{DM_MULTIPATH_DEVICE_PATH} for any +device that multipath scans. A value of 0 means that the device is not +claimed by multipath, and a value of 1 means that it is. Because of +this, udev rules that check ENV{DM_MULTIPATH_DEVICE_PATH}=="?*" will +always return True, and act as if every scanned device is claimed by +multipath. Checking ENV{DM_MULTIPATH_DEVICE_PATH}=="1" will work +correctly for both the old and new versions of the multipath tools. +--- + modules.d/90dm/59-persistent-storage-dm.rules | 2 +- + modules.d/90dmraid/61-dmraid-imsm.rules | 2 +- + modules.d/90lvm/64-lvm.rules | 2 +- + modules.d/90mdraid/59-persistent-storage-md.rules | 2 +- + modules.d/90mdraid/65-md-incremental-imsm.rules | 2 +- + modules.d/95udev-rules/59-persistent-storage.rules | 2 +- + modules.d/95udev-rules/61-persistent-storage.rules | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/modules.d/90dm/59-persistent-storage-dm.rules b/modules.d/90dm/59-persistent-storage-dm.rules +index 73b09376..2be11227 100644 +--- a/modules.d/90dm/59-persistent-storage-dm.rules ++++ b/modules.d/90dm/59-persistent-storage-dm.rules +@@ -1,7 +1,7 @@ + SUBSYSTEM!="block", GOTO="dm_end" + ACTION!="add|change", GOTO="dm_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="dm_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end" + + KERNEL!="dm-[0-9]*", GOTO="dm_end" + ACTION=="add", GOTO="dm_end" +diff --git a/modules.d/90dmraid/61-dmraid-imsm.rules b/modules.d/90dmraid/61-dmraid-imsm.rules +index 72267d3c..8a6b215e 100644 +--- a/modules.d/90dmraid/61-dmraid-imsm.rules ++++ b/modules.d/90dmraid/61-dmraid-imsm.rules +@@ -5,7 +5,7 @@ + SUBSYSTEM!="block", GOTO="dm_end" + ACTION!="add|change", GOTO="dm_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="dm_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end" + + ENV{ID_FS_TYPE}=="linux_raid_member", GOTO="dm_end" + +diff --git a/modules.d/90lvm/64-lvm.rules b/modules.d/90lvm/64-lvm.rules +index 3ce0c1f6..65f65249 100644 +--- a/modules.d/90lvm/64-lvm.rules ++++ b/modules.d/90lvm/64-lvm.rules +@@ -7,7 +7,7 @@ + SUBSYSTEM!="block", GOTO="lvm_end" + ACTION!="add|change", GOTO="lvm_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="lvm_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="lvm_end" + KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end" + ENV{ID_FS_TYPE}!="LVM?_member", GOTO="lvm_end" + +diff --git a/modules.d/90mdraid/59-persistent-storage-md.rules b/modules.d/90mdraid/59-persistent-storage-md.rules +index 6ef858aa..96b10108 100644 +--- a/modules.d/90mdraid/59-persistent-storage-md.rules ++++ b/modules.d/90mdraid/59-persistent-storage-md.rules +@@ -1,7 +1,7 @@ + SUBSYSTEM!="block", GOTO="md_end" + ACTION!="add|change", GOTO="md_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="md_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="md_end" + + KERNEL!="md[0-9]*|md_d[0-9]*|md/*", KERNEL!="md*", GOTO="md_end" + +diff --git a/modules.d/90mdraid/65-md-incremental-imsm.rules b/modules.d/90mdraid/65-md-incremental-imsm.rules +index d66dd012..52f5b195 100644 +--- a/modules.d/90mdraid/65-md-incremental-imsm.rules ++++ b/modules.d/90mdraid/65-md-incremental-imsm.rules +@@ -9,7 +9,7 @@ KERNEL=="md*", ENV{ID_FS_TYPE}!="linux_raid_member", GOTO="md_end" + KERNEL=="md*", ACTION!="change", GOTO="md_end" + + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="md_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="md_end" + + ENV{ID_FS_TYPE}=="ddf_raid_member|isw_raid_member|linux_raid_member", GOTO="md_try" + GOTO="md_end" +diff --git a/modules.d/95udev-rules/59-persistent-storage.rules b/modules.d/95udev-rules/59-persistent-storage.rules +index 47ff6edd..8d8650f7 100644 +--- a/modules.d/95udev-rules/59-persistent-storage.rules ++++ b/modules.d/95udev-rules/59-persistent-storage.rules +@@ -1,7 +1,7 @@ + SUBSYSTEM!="block", GOTO="ps_end" + ACTION!="add|change", GOTO="ps_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="ps_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="ps_end" + + KERNEL=="cciss[0-9]*", IMPORT BLKID + KERNEL=="nbd[0-9]*", IMPORT BLKID +diff --git a/modules.d/95udev-rules/61-persistent-storage.rules b/modules.d/95udev-rules/61-persistent-storage.rules +index 37148b07..895ecebd 100644 +--- a/modules.d/95udev-rules/61-persistent-storage.rules ++++ b/modules.d/95udev-rules/61-persistent-storage.rules +@@ -1,7 +1,7 @@ + SUBSYSTEM!="block", GOTO="pss_end" + ACTION!="add|change", GOTO="pss_end" + # Also don't process disks that are slated to be a multipath device +-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="pss_end" ++ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="pss_end" + + ACTION=="change", KERNEL=="dm-[0-9]*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}!="1", GOTO="do_pss" + KERNEL=="cciss[0-9]*", GOTO="do_pss" diff --git a/SPECS/dracut.spec b/SPECS/dracut.spec index 4fecf8a..6545820 100644 --- a/SPECS/dracut.spec +++ b/SPECS/dracut.spec @@ -5,11 +5,11 @@ # strip the automatically generated dep here and instead co-own the # directory. %global __requires_exclude pkg-config -%define dist_free_release 10.git20190115 +%define dist_free_release 27.git20190906 Name: dracut Version: 049 -Release: %{dist_free_release}%{?dist}.1 +Release: %{dist_free_release}%{?dist} Summary: Initramfs generator using udev %if 0%{?fedora} || 0%{?rhel} @@ -37,7 +37,23 @@ Patch6: 0006.patch Patch7: 0007.patch Patch8: 0008.patch Patch9: 0009.patch -Patch10: 0024.patch +Patch10: 0010.patch +Patch11: 0011.patch +Patch12: 0012.patch +Patch13: 0013.patch +Patch14: 0014.patch +Patch15: 0015.patch +Patch16: 0016.patch +Patch17: 0017.patch +Patch18: 0018.patch +Patch19: 0019.patch +Patch20: 0020.patch +Patch21: 0021.patch +Patch22: 0022.patch +Patch23: 0023.patch +Patch24: 0024.patch +Patch25: 0025.patch +Patch26: 0026.patch Source1: https://www.gnu.org/licenses/lgpl-2.1.txt @@ -357,6 +373,7 @@ install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kerne %{dracutlibdir}/modules.d/03rescue %{dracutlibdir}/modules.d/04watchdog %{dracutlibdir}/modules.d/05busybox +%{dracutlibdir}/modules.d/06rngd %{dracutlibdir}/modules.d/10i18n %{dracutlibdir}/modules.d/30convertfs %{dracutlibdir}/modules.d/45url-lib @@ -490,8 +507,44 @@ install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kerne %endif %changelog -* Wed Sep 25 2019 Lukas Nykryn - 049-10.git20190115.1 -- rebuilt +* Fri Sep 06 2019 Lukas Nykryn - 049-27.git20190906 +- modules.d: fix udev rules detection of multipath devices + +* Tue Aug 06 2019 Lukas Nykryn - 049-26.git20190806 +- net-lib: fix typo $li -> $_li + +* Tue Aug 06 2019 Lukas Nykryn - 049-25.git20190806 +- 90kernel-modules-extra: don't resolve symlinks before instmod + +* Fri Aug 02 2019 Lukas Nykryn - 049-24.git20190802 +- 95fcoe: load 'libfcoe' module as a fallback +- 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases +- dracut: let module handling function accept optional path option +- squash: also squash systemctl if switch-root is not needed +- squash: fix and simplify required_in_root +- squash: squash systemd binary and udevadm + +* Thu Jul 25 2019 Lukas Nykryn - 049-18.git20190725 +- dracut.spec: add 06rngd + +* Thu Jul 25 2019 Lukas Nykryn - 049-17.git20190725 +- rngd: new module running early during boot to help generating entropy when system's default entropy sources are poor (e.g. use of SSD disks or UEFI RNG not available) + +* Tue Jul 16 2019 Lukas Nykryn - 049-16.git20190716 +- 01fips: add cfb cipher + +* Mon Jul 08 2019 Lukas Nykryn - 049-15.git20190708 +- network: skip already enslaved interfaces + +* Wed Jun 26 2019 Lukas Nykryn - 049-14.git20190626 +- fips: ensure fs module for /boot is installed + +* Fri Jun 14 2019 Lukas Nykryn - 049-13.git20190614 +- fips: split loading the crypto modules and checking the kernel + +* Mon Jun 03 2019 Lukas Nykryn - 049-12.git20190603 +- 95iscsi: rd.iscsi.initiator should have priority over stored configuration +- net-lib: strstr is not for globs * Tue Jan 15 2019 Lukas Nykryn - 049-10.git20190115 - 95iscsi: decouple iscsi from sysinit.target