diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index aebcfffc83..0842bae55f 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -652,6 +652,7 @@ sys-fs/xfsprogs sys-fs/zfs sys-fs/zfs-kmod +sys-kernel/dracut sys-kernel/linux-headers sys-libs/binutils-libs diff --git a/changelog/bugfixes/2025-04-17-cpu-microcode.md b/changelog/bugfixes/2025-04-17-cpu-microcode.md new file mode 100644 index 0000000000..14b8478597 --- /dev/null +++ b/changelog/bugfixes/2025-04-17-cpu-microcode.md @@ -0,0 +1 @@ +- Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago. diff --git a/changelog/changes/2025-04-17-systemd-crypt.md b/changelog/changes/2025-04-17-systemd-crypt.md new file mode 100644 index 0000000000..ac341e986b --- /dev/null +++ b/changelog/changes/2025-04-17-systemd-crypt.md @@ -0,0 +1 @@ +- systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar. diff --git a/changelog/updates/2025-04-17-dracut-update.md b/changelog/updates/2025-04-17-dracut-update.md new file mode 100644 index 0000000000..45f53cc7b7 --- /dev/null +++ b/changelog/updates/2025-04-17-dracut-update.md @@ -0,0 +1 @@ +- dracut ([106](https://github.com/dracut-ng/dracut-ng/releases/tag/106) (includes [105](https://github.com/dracut-ng/dracut-ng/releases/tag/105), [104](https://github.com/dracut-ng/dracut-ng/releases/tag/104), [103](https://github.com/dracut-ng/dracut-ng/releases/tag/103), [102](https://github.com/dracut-ng/dracut-ng/releases/tag/102), [101](https://github.com/dracut-ng/dracut-ng/releases/tag/101), [100](https://github.com/dracut-ng/dracut-ng/releases/tag/100), [060](https://github.com/dracut-ng/dracut-ng/releases/tag/060), [059](https://github.com/dracut-ng/dracut-ng/releases/tag/059), [058](https://github.com/dracut-ng/dracut-ng/releases/tag/058), [057](https://github.com/dracut-ng/dracut-ng/releases/tag/057), [056](https://github.com/dracut-ng/dracut-ng/releases/tag/056), [055](https://github.com/dracut-ng/dracut-ng/releases/tag/055), [054](https://github.com/dracut-ng/dracut-ng/releases/tag/054))) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch new file mode 100644 index 0000000000..a9811e6dd8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch @@ -0,0 +1,980 @@ +From 62c75393ea18b65ba0f7f224070c3bb94d3bd930 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Fri, 7 Feb 2025 20:24:39 -0500 +Subject: [PATCH 01/22] fix(systemd-sysusers): always silence stdout + +systemd-sysusers does not have quiet option, so +always silence stdout (but not stderr). + +Fixes: https://github.com/dracut-ng/dracut-ng/issues/1195 +--- + modules.d/60systemd-sysusers/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/60systemd-sysusers/module-setup.sh b/modules.d/60systemd-sysusers/module-setup.sh +index 05680553..977695e6 100755 +--- a/modules.d/60systemd-sysusers/module-setup.sh ++++ b/modules.d/60systemd-sysusers/module-setup.sh +@@ -15,5 +15,5 @@ check() { + install() { + inst_sysusers basic.conf + +- systemd-sysusers --root="$initdir" ++ systemd-sysusers --root="$initdir" > /dev/null + } +-- +2.48.1 + + +From 9b822c31e3c096a276904c0d6ebfd379ec443e23 Mon Sep 17 00:00:00 2001 +From: Brian Fjeldstad +Date: Tue, 4 Feb 2025 22:09:04 +0000 +Subject: [PATCH 02/22] fix(dracut): avoid mktemp collisions with find filter + +--- + dracut.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index 88b14f3e..ef959021 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1324,10 +1324,10 @@ if findmnt --raw -n --target "$tmpdir" --output=options | grep -q noexec; then + noexec=1 + fi + +-DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.XXXXXX)" ++DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.dXXXXXX)" + readonly DRACUT_TMPDIR + [ -d "$DRACUT_TMPDIR" ] || { +- printf "%s\n" "dracut[F]: mktemp -p '$TMPDIR/' -d -t dracut.XXXXXX failed." >&2 ++ printf "%s\n" "dracut[F]: mktemp -p '$TMPDIR/' -d -t dracut.dXXXXXX failed." >&2 + exit 1 + } + +-- +2.48.1 + + +From 89da4257a6ffa737a69f7095bb41d5ae3f247d82 Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Wed, 12 Feb 2025 11:10:30 +0100 +Subject: [PATCH 03/22] fix(dracut-lib): support "set -e" in setdebug + +A `return` statement will return with the exit code of the previous +command if no exit code is specified. In case `/usr/lib/initrd-release` +does not exist, `setdebug` will return with the exit code 1. + +Return this function with code 0 in that case to support `set -e` users. + +Fixes: 2b125c69cc80 ("base/dracut-lib.sh: do not setdebug, if not in initramfs") +--- + modules.d/99base/dracut-lib.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh +index acedea98..05c361c6 100755 +--- a/modules.d/99base/dracut-lib.sh ++++ b/modules.d/99base/dracut-lib.sh +@@ -340,7 +340,7 @@ splitsep() { + } + + setdebug() { +- [ -f /usr/lib/initrd-release ] || return ++ [ -f /usr/lib/initrd-release ] || return 0 + if [ -z "$RD_DEBUG" ]; then + if [ -e /proc/cmdline ]; then + RD_DEBUG=no +-- +2.48.1 + + +From 57911e76e2826fa6d9f2b80915cf99c6eb0e05b0 Mon Sep 17 00:00:00 2001 +From: You-Sheng Yang +Date: Wed, 22 Jan 2025 23:37:53 +0800 +Subject: [PATCH 04/22] fix(dracut-install): install compressed blobs that + match wildcard fwpath + +dracut-install tries to invoke `glob()` with full path expanded from +"intel/ish/ish_*.bin", but while all the binaries were compressed, this +matches no file and none of the custom ISH firmware blobs will be +installed. + +Closes: #1150 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095518 +Signed-off-by: You-Sheng Yang +--- + src/install/dracut-install.c | 42 +++++++++++++++++++++++++++--------- + 1 file changed, 32 insertions(+), 10 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 96bc2eb6..bacbe86e 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -1437,12 +1437,15 @@ static int install_all(int argc, char **argv) + return r; + } + +-static int install_firmware_fullpath(const char *fwpath) ++static int install_firmware_fullpath(const char *fwpath, bool maybe_compressed) + { + const char *fw = fwpath; + _cleanup_free_ char *fwpath_compressed = NULL; + int ret; + if (access(fwpath, F_OK) != 0) { ++ if (!maybe_compressed) ++ return 1; ++ + _asprintf(&fwpath_compressed, "%s.zst", fwpath); + if (access(fwpath_compressed, F_OK) != 0) { + strcpy(fwpath_compressed + strlen(fwpath) + 1, "xz"); +@@ -1460,6 +1463,23 @@ static int install_firmware_fullpath(const char *fwpath) + return ret; + } + ++static bool install_firmware_glob(const char *fwpath) ++{ ++ size_t i; ++ _cleanup_globfree_ glob_t globbuf; ++ bool found = false; ++ int ret; ++ ++ glob(fwpath, 0, NULL, &globbuf); ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ ret = install_firmware_fullpath(globbuf.gl_pathv[i], false); ++ if (ret == 0) ++ found = true; ++ } ++ ++ return found; ++} ++ + static int install_firmware(struct kmod_module *mod) + { + struct kmod_list *l = NULL; +@@ -1490,17 +1510,19 @@ static int install_firmware(struct kmod_module *mod) + + if (strpbrk(value, "*?[") != NULL + && access(fwpath, F_OK) != 0) { +- size_t i; +- _cleanup_globfree_ glob_t globbuf; +- +- glob(fwpath, 0, NULL, &globbuf); +- for (i = 0; i < globbuf.gl_pathc; i++) { +- ret = install_firmware_fullpath(globbuf.gl_pathv[i]); +- if (ret == 0) +- found_this = true; ++ found_this = install_firmware_glob(fwpath); ++ if (!found_this) { ++ _cleanup_free_ char *fwpath_compressed = NULL; ++ ++ _asprintf(&fwpath_compressed, "%s.zst", fwpath); ++ found_this = install_firmware_glob(fwpath_compressed); ++ if (!found_this) { ++ strcpy(fwpath_compressed + strlen(fwpath) + 1, "xz"); ++ found_this = install_firmware_glob(fwpath_compressed); ++ } + } + } else { +- ret = install_firmware_fullpath(fwpath); ++ ret = install_firmware_fullpath(fwpath, true); + if (ret == 0) + found_this = true; + } +-- +2.48.1 + + +From ddbeed81b2d43a03a16dc60ff76fd0355d4be5b9 Mon Sep 17 00:00:00 2001 +From: Mark Harmstone +Date: Thu, 23 Jan 2025 11:39:13 +0000 +Subject: [PATCH 05/22] feat(btrfs): also install btrfstune + +--- + modules.d/90btrfs/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh +index 5d881332..80bba155 100755 +--- a/modules.d/90btrfs/module-setup.sh ++++ b/modules.d/90btrfs/module-setup.sh +@@ -55,6 +55,6 @@ install() { + inst_hook initqueue/timeout 10 "$moddir/btrfs_timeout.sh" + fi + +- inst_multiple -o btrfsck btrfs-zero-log ++ inst_multiple -o btrfsck btrfs-zero-log btrfstune + inst "$(command -v btrfs)" /sbin/btrfs + } +-- +2.48.1 + + +From cb8fb9641feec8ee3e0ce249da98becc6cdbb98b Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Fri, 21 Feb 2025 23:49:04 +0100 +Subject: [PATCH 06/22] fix(systemd-sysusers): silence "Creating " on stderr + +dracut prints 20 lines when creating users and groups even with +`--quiet` option. Sample output: + +``` +Creating group 'nobody' with GID 65534. +Creating group 'audio' with GID 997. +Creating group 'disk' with GID 995. +Creating group 'input' with GID 994. +Creating group 'kmem' with GID 993. +Creating group 'kvm' with GID 992. +Creating group 'lp' with GID 991. +Creating group 'optical' with GID 990. +Creating group 'render' with GID 989. +Creating group 'sgx' with GID 988. +Creating group 'storage' with GID 987. +Creating group 'tty' with GID 5. +Creating group 'uucp' with GID 986. +Creating group 'video' with GID 985. +Creating group 'users' with GID 984. +Creating group 'systemd-journal' with GID 983. +Creating user 'root' (Super User) with UID 0 and GID 0. +Creating user 'nobody' (Kernel Overflow User) with UID 65534 and GID 65534. +Creating group 'nobody' with GID 65534. +Creating group 'audio' with GID 997. +``` + +Filter "Creating " messages from stderr, but keep the other messages on +stderr and all messages on stdout untouched. + +Fixes: https://github.com/dracut-ng/dracut-ng/issues/1195 +Fixes: f3dacc013d90 ("feat(systemd-sysusers): run systemd-sysusers as part of the build process") +--- + modules.d/60systemd-sysusers/module-setup.sh | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/modules.d/60systemd-sysusers/module-setup.sh b/modules.d/60systemd-sysusers/module-setup.sh +index 977695e6..0bddd19d 100755 +--- a/modules.d/60systemd-sysusers/module-setup.sh ++++ b/modules.d/60systemd-sysusers/module-setup.sh +@@ -15,5 +15,9 @@ check() { + install() { + inst_sysusers basic.conf + +- systemd-sysusers --root="$initdir" > /dev/null ++ # redirect stdout temporarily to FD 3 to use filter stderr ++ { ++ set -o pipefail ++ systemd-sysusers --root="$initdir" 2>&1 >&3 | grep -v "^Creating " >&2 ++ } 3>&1 + } +-- +2.48.1 + + +From f3fffa1edce2fd5e542c115296c9b0856611faa7 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Thu, 20 Feb 2025 11:20:36 +0100 +Subject: [PATCH 07/22] fix(systemd-veritysetup): install dm-verity kernel + module + +--- + modules.d/01systemd-veritysetup/module-setup.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index fecfecc8..9dad8d4f 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Install kernel module(s). ++installkernel() { ++ instmods dm-verity ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +-- +2.48.1 + + +From 3d5bab815570d2a271a45ceb9135f7cb3bde11f1 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Wed, 26 Feb 2025 14:54:51 +0100 +Subject: [PATCH 08/22] fix(iscsi): don't require network setup for qedi + +This adds the logic of cc2c48a ("fix(iscsi): don't require network setup +for bnx2i") for the qedi iSCSI offload driver. Testing has shown +that for qedi, network setup in the initrd is even more superfluous +as it is for bnx2i. qedi devices are usually separate PCI functions +that don't show up as ethernet interfaces at all. + +While at it, simplify the conditional a bit. + +Signed-off-by: Martin Wilck +--- + modules.d/95iscsi/parse-iscsiroot.sh | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95iscsi/parse-iscsiroot.sh b/modules.d/95iscsi/parse-iscsiroot.sh +index 2dace3a6..a388bec1 100755 +--- a/modules.d/95iscsi/parse-iscsiroot.sh ++++ b/modules.d/95iscsi/parse-iscsiroot.sh +@@ -79,8 +79,9 @@ fi + + # iscsi_firmware does not need argument checking + if [ -n "$iscsi_firmware" ]; then +- if [ "$root" != "dhcp" ] && [ "$netroot" != "dhcp" ]; then +- [ -z "$netroot" ] && [ "$iscsi_transport" != bnx2i ] && netroot=iscsi: ++ if [ "$root" != "dhcp" ] && [ -z "$netroot" ] \ ++ && [ "$iscsi_transport" != bnx2i ] && [ "$iscsi_transport" != qedi ]; then ++ netroot=iscsi: + fi + modprobe -b -q iscsi_boot_sysfs 2> /dev/null + modprobe -b -q iscsi_ibft +-- +2.48.1 + + +From fcde3355456323be9674aac1d00e3c66683b7f99 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Wed, 26 Feb 2025 14:59:44 +0100 +Subject: [PATCH 09/22] fix(iscsi): make sure services are shut down when + switching root + +When systemd prepares switching root, it starts 'initrd-cleanup.service', +which runs 'systemctl --no-block isolate initrd-switch-root.target'. +This will stop all units on which initrd-switch-root.target does not +depend, including iscsid.service and iscsiuio.service. But systemd +doesn't guarantee a time ordering in this case. It can happen that +systemd switches root (i.e. restarts itself on the new root) before +iscsiuio is actually stopped, or at least before PID 1 receives +the notification that it has stopped. In this case, it considers +iscsiuio still running, and will not start it later in the boot +sequence when iscsid is coming up. + +A typical log excerpt with systemd.log_level=debug looks like this: + +[ 36.470761] worker2 systemd[1]: initrd-cleanup.service: Trying to enqueue job initrd-cleanup.service/start/replace +[ 36.765241] worker2 systemd[1]: initrd-switch-root.target: Trying to enqueue job initrd-switch-root.target/start/isolate +[ 36.765337] worker2 systemd[1]: iscsid.service: Installed new job iscsid.service/stop as 139 +[ 36.765535] worker2 systemd[1]: iscsiuio.service: Installed new job iscsiuio.service/stop as 138 +[ 36.824789] worker2 systemd[1]: iscsid.socket: stopping held back, waiting for: iscsid.service +[ 36.824813] worker2 systemd[1]: iscsiuio.socket: stopping held back, waiting for: iscsiuio.service +[ 36.888759] worker2 systemd[1]: iscsid.service: Thawing unit. +[ 36.888882] worker2 systemd[1]: iscsid.service: Changed running -> stop-sigterm +[ 36.889355] worker2 systemd[1]: Stopping Open-iSCSI... +[ 36.889413] worker2 systemd[1]: iscsiuio.service: stopping held back, waiting for: iscsid.service +[ 37.512072] worker2 systemd[1]: Reached target Switch Root. +[ 37.549512] worker2 @ystemctl[1614]: Switching root - root: /sysroot; init: n/a +[ 37.577264] worker2 systemd[1]: Switching root. + +When iscsid is started later on in the real root, it resets all existing iSCSI +connections, causing the root FS to come offline. In iSCSI offload scenarios +if iscsiuio is already running, it will re-establish the session after a few +seconds. But if iscsiuio has not been started at this point in time, it can't +be loaded any more from the root FS, and booting fails. + +To avoid this problem, add "Conflicts" and a "Before" dependencies against +initrd-cleanup.service to the iSCSI service units. + +See also https://github.com/systemd/systemd/issues/3436 + +Signed-off-by: Martin Wilck +--- + modules.d/95iscsi/module-setup.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/modules.d/95iscsi/module-setup.sh b/modules.d/95iscsi/module-setup.sh +index 1b2ea110..3bb9a63d 100755 +--- a/modules.d/95iscsi/module-setup.sh ++++ b/modules.d/95iscsi/module-setup.sh +@@ -234,8 +234,8 @@ install() { + { + echo "[Unit]" + echo "DefaultDependencies=no" +- echo "Conflicts=shutdown.target" +- echo "Before=shutdown.target" ++ echo "Conflicts=shutdown.target initrd-cleanup.service" ++ echo "Before=shutdown.target initrd-cleanup.service" + } > "${initdir}/$systemdsystemunitdir/iscsid.service.d/dracut.conf" + + mkdir -p "${initdir}/$systemdsystemunitdir/iscsid.socket.d" +@@ -250,8 +250,8 @@ install() { + { + echo "[Unit]" + echo "DefaultDependencies=no" +- echo "Conflicts=shutdown.target" +- echo "Before=shutdown.target" ++ echo "Conflicts=shutdown.target initrd-cleanup.service" ++ echo "Before=shutdown.target initrd-cleanup.service" + } > "${initdir}/$systemdsystemunitdir/iscsiuio.service.d/dracut.conf" + + mkdir -p "${initdir}/$systemdsystemunitdir/iscsiuio.socket.d" +-- +2.48.1 + + +From 20cc20d2ac9c2908da6735b04dba49c1cb1b0bab Mon Sep 17 00:00:00 2001 +From: Xinhui Yang +Date: Sat, 1 Mar 2025 00:54:31 +0800 +Subject: [PATCH 10/22] fix(90kernel-modules): explicitly include + xhci-pci-renesas + +Since Linux v6.12-rc1 (commit 25f51b76f90f), xhci-pci no longer depends +on xhci-pci-renesas, causing the Renesas driver to be omitted during +initramfs generation (when built as a module). + +This makes platforms with such xHCI controllers unavailable during +initrd, and unable to boot from a USB drive. There are SuperSpeed ports +routed through such controller on some platforms, too, which also +renders the USB keyboard and mouse unusable. + +Here's a snippet of the kernel log from such platform, showing a +keyboard and a mouse being detected only after the initrd switched root: + +[ 9.352608] systemd-journald[187]: Received SIGTERM from PID 1 (systemd). +[ 9.500146] systemd[1]: systemd 257.2 running in system mode (OMITTED) +... +[ 11.187756] xhci-pci-renesas 0000:04:00.0: xHCI Host Controller +[ 11.187870] xhci-pci-renesas 0000:04:00.0: new USB bus registered, assigned bus number 7 +[ 11.193261] xhci-pci-renesas 0000:04:00.0: hcc params 0x014051cf hci version 0x100 quirks 0x0000000100000010 +[ 11.194806] xhci-pci-renesas 0000:04:00.0: xHCI Host Controller +[ 11.196601] xhci-pci-renesas 0000:04:00.0: new USB bus registered, assigned bus number 8 +[ 11.196613] xhci-pci-renesas 0000:04:00.0: Host supports USB 3.0 SuperSpeed +[ 11.196927] usb usb7: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.13 +[ 11.196931] usb usb7: New USB device strings: Mfr=3, Product=2, SerialNumber=1 +[ 11.196935] usb usb7: Product: xHCI Host Controller +[ 11.196938] usb usb7: Manufacturer: Linux 6.13.3-aosc-main xhci-hcd +[ 11.196941] usb usb7: SerialNumber: 0000:04:00.0 +[ 11.199598] hub 7-0:1.0: USB hub found +[ 11.199630] hub 7-0:1.0: 4 ports detected +... +[ 11.439561] usb 7-2: new high-speed USB device number 2 using xhci-pci-renesas +[ 11.568361] usb 7-2: New USB device found, idVendor=1532, idProduct=0114, bcdDevice= 1.00 +[ 11.568369] usb 7-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 +[ 11.568372] usb 7-2: Product: DeathStalker Ultimate +[ 11.568376] usb 7-2: Manufacturer: Razer +[ 11.600474] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.0/0003:1532:0114.0001/input/input12 +[ 11.600686] hid-generic 0003:1532:0114.0001: input,hidraw0: USB HID v1.11 Mouse [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input0 +[ 11.601137] input: Razer DeathStalker Ultimate Keyboard as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.1/0003:1532:0114.0002/input/input13 +[ 11.652148] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.1/0003:1532:0114.0002/input/input14 +[ 11.652409] hid-generic 0003:1532:0114.0002: input,hidraw1: USB HID v1.11 Keyboard [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input1 +[ 11.653054] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.2/0003:1532:0114.0003/input/input15 +[ 11.703768] hid-generic 0003:1532:0114.0003: input,hidraw2: USB HID v1.11 Keyboard [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input2 +--- + modules.d/90kernel-modules/module-setup.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh +index f159f0be..1ac91d02 100755 +--- a/modules.d/90kernel-modules/module-setup.sh ++++ b/modules.d/90kernel-modules/module-setup.sh +@@ -39,12 +39,15 @@ installkernel() { + hostonly='' instmods \ + hid_generic unix + ++ # xhci-pci-renesas is needed for the USB to be available during ++ # initrd on platforms with such USB controllers since Linux ++ # 6.12-rc1 (commit 25f51b76f90f). + hostonly=$(optional_hostonly) instmods \ + ehci-hcd ehci-pci ehci-platform \ + ohci-hcd ohci-pci \ + uhci-hcd \ + usbhid \ +- xhci-hcd xhci-pci xhci-plat-hcd \ ++ xhci-hcd xhci-pci xhci-pci-renesas xhci-plat-hcd \ + "=drivers/hid" \ + "=drivers/tty/serial" \ + "=drivers/input/serio" \ +-- +2.48.1 + + +From 4402aeb271933e6b542f5d9a4ff13f6e8b97e6c2 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 26 Feb 2025 08:20:09 +0100 +Subject: [PATCH 11/22] feat(systemd-integritysetup): add + remote-integritysetup.target + +Required since https://github.com/systemd/systemd/commit/810708f4b820543b8585a36e84ccca4bc5b18fee +--- + modules.d/01systemd-integritysetup/module-setup.sh | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index 3d176404..dffc88ac 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -26,6 +26,7 @@ depends() { + + } + ++# Install kernel module(s). + installkernel() { + instmods dm-integrity + } +@@ -36,9 +37,11 @@ install() { + inst_multiple -o \ + "$systemdutildir"/systemd-integritysetup \ + "$systemdutildir"/system-generators/systemd-integritysetup-generator \ ++ "$systemdsystemunitdir"/remote-integritysetup.target \ + "$systemdsystemunitdir"/integritysetup-pre.target \ + "$systemdsystemunitdir"/integritysetup.target \ +- "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target ++ "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target \ ++ "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-integritysetup.target + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +@@ -48,8 +51,11 @@ install() { + "$systemdsystemconfdir/integritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/integritysetup-pre.target \ + "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \ ++ "$systemdsystemconfdir"/remote-integritysetup.target \ ++ "$systemdsystemconfdir/remote-integritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \ +- "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target" ++ "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target" \ ++ "$systemdsystemconfdir"/initrd-root-device.target.wants/remote-integritysetup.target + fi + + # Install required libraries. +-- +2.48.1 + + +From c43b79056ffdb7b410e70550a8ad8d137b4720c0 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski +Date: Wed, 26 Mar 2025 18:04:25 -0400 +Subject: [PATCH 13/22] fix(multipath): skip default multipath.conf with + mpathconf + +Commit 1e802f15f creates a default multipath.conf file with +"find_multipaths strict" when run in non-hostonly mode if there are no +multipath devices and no multipath.conf. Unfortunately for systems that +want to use mpathconf to create a multipath.conf file (e.g. Fedora and +Centos) either through multipathd-configure.service or multipathd.sh, +this default file keeps that from occurring. To make sure mpathconf is +called to create the config file, do not install a default config file +if mpathconf is installed. + +Fixes: ("fix(multipath): include module with find_multipaths strict") +Signed-off-by: Benjamin Marzinski +--- + modules.d/90multipath/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index 5fdbb9a7..a05df018 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -122,7 +122,7 @@ install() { + fi + } + +- [[ $hostonly ]] || { ++ [[ $hostonly ]] || mpathconf_installed || { + for_each_host_dev_and_slaves is_mpath \ + || [[ -f /etc/multipath.conf ]] || { + cat > "${initdir}"/etc/multipath.conf << EOF +-- +2.48.1 + + +From e6b2c882af61a804f7658ed6e2f84f02277c7b8a Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Mon, 24 Mar 2025 09:12:13 -0400 +Subject: [PATCH 14/22] chore(network-legacy): no need to call chmod on ifup.sh + +This is a small optimization, with the goal of avoiding +calling chmod for a file that is already guaranteed to be +an executable. +--- + modules.d/35network-legacy/ifup.sh | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/modules.d/35network-legacy/ifup.sh b/modules.d/35network-legacy/ifup.sh +index 1cd27b14..59629f11 100755 +--- a/modules.d/35network-legacy/ifup.sh ++++ b/modules.d/35network-legacy/ifup.sh +@@ -47,7 +47,6 @@ do_dhcp_parallel() { + echo 'dhcp=dhclient' >> /run/NetworkManager/conf.d/10-dracut-dhclient.conf + fi + +- chmod +x /sbin/dhcp-multi.sh + /sbin/dhcp-multi.sh "$netif" "$DO_VLAN" "$@" & + return 0 + } +-- +2.48.1 + + +From ddc1f54d3ec96c55c444af22a0a964cb48266a21 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Mon, 24 Mar 2025 09:23:22 -0400 +Subject: [PATCH 15/22] perf(base): move the chmod dependency from base to + systemd + +base dracut module no longer requires chmod. +--- + modules.d/00systemd/module-setup.sh | 1 + + modules.d/95ssh-client/module-setup.sh | 2 +- + modules.d/99base/module-setup.sh | 1 - + 3 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 1f35a73c..283a39af 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -84,6 +84,7 @@ install() { + "$systemdsystemunitdir"/-.slice \ + systemctl \ + echo swapoff \ ++ chmod \ + mount umount reboot poweroff \ + systemd-run systemd-escape \ + systemd-cgls +diff --git a/modules.d/95ssh-client/module-setup.sh b/modules.d/95ssh-client/module-setup.sh +index 75fc94f3..662ad177 100755 +--- a/modules.d/95ssh-client/module-setup.sh ++++ b/modules.d/95ssh-client/module-setup.sh +@@ -65,7 +65,7 @@ inst_sshenv() { + install() { + local _nsslibs + +- inst_multiple ssh scp ++ inst_multiple ssh scp chmod + inst_sshenv + + _nsslibs=$( +diff --git a/modules.d/99base/module-setup.sh b/modules.d/99base/module-setup.sh +index 4a86e90d..12194964 100755 +--- a/modules.d/99base/module-setup.sh ++++ b/modules.d/99base/module-setup.sh +@@ -9,7 +9,6 @@ depends() { + # called by dracut + install() { + inst_multiple \ +- chmod \ + cp \ + dmesg \ + flock \ +-- +2.48.1 + + +From 2ae73d639834758a88b34033693bd97a7b1ed2f0 Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Thu, 3 Apr 2025 14:14:07 +0200 +Subject: [PATCH 16/22] feat: add simpledrm module (as subset of drm module) + +Plymouth doesn't always show a splash screen if DRM drivers are +installed in initrd. + +Provide a `simpledrm` module that only installs the SimpleDRM module +and the potentially needed privacy screen providers. This `simpledrm` +module is a subset of the `drm` module. It could be used instead of +`drm` to avoid pulling in drivers like amdgpu, nouveau, or nvidia-drm. + +Bug-Ubuntu: https://launchpad.net/bugs/2105377 +--- + modules.d/45simpledrm/module-setup.sh | 28 +++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100755 modules.d/45simpledrm/module-setup.sh + +diff --git a/modules.d/45simpledrm/module-setup.sh b/modules.d/45simpledrm/module-setup.sh +new file mode 100755 +index 00000000..aa5fcd33 +--- /dev/null ++++ b/modules.d/45simpledrm/module-setup.sh +@@ -0,0 +1,28 @@ ++#!/bin/bash ++ ++# called by dracut ++check() { ++ return 255 ++} ++ ++# called by dracut ++installkernel() { ++ # Include simple DRM driver ++ instmods simpledrm ++ ++ if [[ $hostonly ]]; then ++ # if there is a privacy screen then its driver must be loaded before the ++ # kms driver will bind, otherwise its probe() will return -EPROBE_DEFER ++ # note privacy screens always register, even with e.g. nokmsboot ++ for i in /sys/class/drm/privacy_screen-*/device/driver/module; do ++ [[ -L $i ]] || continue ++ modlink=$(readlink "$i") ++ modname=$(basename "$modlink") ++ instmods "$modname" ++ done ++ else ++ # include privacy screen providers (see above comment) ++ # atm all providers live under drivers/platform/x86 ++ dracut_instmods -o -s "drm_privacy_screen_register" "=drivers/platform/x86" ++ fi ++} +-- +2.48.1 + + +From 1b5669c1d89e0cc1134ad5b0aa5c091144d24b84 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Fri, 4 Apr 2025 10:18:07 +0200 +Subject: [PATCH 17/22] feat(systemd): add new systemd-validatefs@.service + +Introduced in https://github.com/systemd/systemd/commit/0bdd5ccc8145af8dae9779751d3e7a34c4fa6aa5 +Used internally in fstab-generator (new `x-systemd.validatefs` mount option) and +gpt-auto-generator: https://github.com/systemd/systemd/commit/f872373a26dcaa0818b49220abfe35611d12fa82 +--- + modules.d/00systemd/module-setup.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 283a39af..8f25475e 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -35,6 +35,7 @@ install() { + "$systemdutildir"/systemd-shutdown \ + "$systemdutildir"/systemd-reply-password \ + "$systemdutildir"/systemd-fsck \ ++ "$systemdutildir"/systemd-validatefs \ + "$systemdutildir"/systemd-volatile-root \ + "$systemdutildir"/systemd-sysroot-fstab-check \ + "$systemdutildir"/system-generators/systemd-debug-generator \ +@@ -76,6 +77,7 @@ install() { + "$systemdsystemunitdir"/systemd-reboot.service \ + "$systemdsystemunitdir"/systemd-kexec.service \ + "$systemdsystemunitdir"/systemd-fsck@.service \ ++ "$systemdsystemunitdir"/systemd-validatefs@.service \ + "$systemdsystemunitdir"/systemd-volatile-root.service \ + "$systemdsystemunitdir"/ctrl-alt-del.target \ + "$systemdsystemunitdir"/syslog.socket \ +-- +2.48.1 + + +From e8f72ed9bed9f80c976867953a3eb92e62f9df2f Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 3 Mar 2025 15:22:14 +0100 +Subject: [PATCH 18/22] chore(multipath): remove `rd_NO_MULTIPATH` kernel + command line option + +Deprecated since 778b3543609d8c9d32df7111229f4072d00d02f0 (Nov 25, 2014). +--- + modules.d/90multipath/multipathd.service | 1 - + modules.d/90multipath/multipathd.sh | 2 +- + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/modules.d/90multipath/multipathd.service b/modules.d/90multipath/multipathd.service +index 1680cdfb..3248fa97 100644 +--- a/modules.d/90multipath/multipathd.service ++++ b/modules.d/90multipath/multipathd.service +@@ -11,7 +11,6 @@ Conflicts=shutdown.target + Conflicts=initrd-cleanup.service + ConditionKernelCommandLine=!nompath + ConditionKernelCommandLine=!rd.multipath=0 +-ConditionKernelCommandLine=!rd_NO_MULTIPATH + ConditionKernelCommandLine=!multipath=off + ConditionVirtualization=!container + +diff --git a/modules.d/90multipath/multipathd.sh b/modules.d/90multipath/multipathd.sh +index e17fd921..68bd0383 100755 +--- a/modules.d/90multipath/multipathd.sh ++++ b/modules.d/90multipath/multipathd.sh +@@ -8,7 +8,7 @@ if [ "$(getarg rd.multipath)" = "default" ] && [ ! -e /etc/multipath.conf ]; the + mpathconf --enable + fi + +-if getargbool 1 rd.multipath -d -n rd_NO_MULTIPATH && [ -e /etc/multipath.conf ]; then ++if getargbool 1 rd.multipath && [ -e /etc/multipath.conf ]; then + modprobe dm-multipath + multipathd -B || multipathd + need_shutdown +-- +2.48.1 + + +From 5e87b68cfb706b499a4d6814e3414d954db46083 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 3 Mar 2025 15:23:41 +0100 +Subject: [PATCH 19/22] refactor(multipath): remove custom multipathd.service + +Install `multipathd.service` provided by upstream, and add a dropin to support +`rd.multipath=0`. +--- + modules.d/90multipath/module-setup.sh | 3 ++- + modules.d/90multipath/multipathd-dracut.conf | 2 ++ + modules.d/90multipath/multipathd.service | 26 -------------------- + 3 files changed, 4 insertions(+), 27 deletions(-) + create mode 100644 modules.d/90multipath/multipathd-dracut.conf + delete mode 100644 modules.d/90multipath/multipathd.service + +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index a05df018..5a7f91fa 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -91,6 +91,7 @@ install() { + [[ -d $config_dir ]] || config_dir=/etc/multipath/conf.d + + inst_multiple \ ++ "$systemdsystemunitdir"/multipathd.service \ + pkill \ + kpartx \ + dmsetup \ +@@ -151,7 +152,7 @@ EOF + inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service" + $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service + fi +- inst_simple "${moddir}/multipathd.service" "${systemdsystemunitdir}/multipathd.service" ++ inst_simple "$moddir/multipathd-dracut.conf" "$systemdsystemunitdir/multipathd.service.d/multipathd-dracut.conf" + $SYSTEMCTL -q --root "$initdir" enable multipathd.service + else + inst_hook pre-trigger 02 "$moddir/multipathd.sh" +diff --git a/modules.d/90multipath/multipathd-dracut.conf b/modules.d/90multipath/multipathd-dracut.conf +new file mode 100644 +index 00000000..783b05d5 +--- /dev/null ++++ b/modules.d/90multipath/multipathd-dracut.conf +@@ -0,0 +1,2 @@ ++[Unit] ++ConditionKernelCommandLine=!rd.multipath=0 +diff --git a/modules.d/90multipath/multipathd.service b/modules.d/90multipath/multipathd.service +deleted file mode 100644 +index 3248fa97..00000000 +--- a/modules.d/90multipath/multipathd.service ++++ /dev/null +@@ -1,26 +0,0 @@ +-[Unit] +-Description=Device-Mapper Multipath Device Controller +-Before=lvm2-activation-early.service +-Before=local-fs-pre.target blk-availability.service shutdown.target +-Wants=systemd-udevd-kernel.socket +-After=systemd-udevd-kernel.socket +-After=multipathd.socket systemd-remount-fs.service +-Before=initrd-cleanup.service +-DefaultDependencies=no +-Conflicts=shutdown.target +-Conflicts=initrd-cleanup.service +-ConditionKernelCommandLine=!nompath +-ConditionKernelCommandLine=!rd.multipath=0 +-ConditionKernelCommandLine=!multipath=off +-ConditionVirtualization=!container +- +-[Service] +-Type=notify +-NotifyAccess=main +-ExecStartPre=-/sbin/modprobe dm-multipath +-ExecStart=/sbin/multipathd -d -s +-ExecReload=/sbin/multipathd reconfigure +-TasksMax=infinity +- +-[Install] +-WantedBy=sysinit.target +-- +2.48.1 + + +From 6b30662e6e4720428f0efb0ab85c80303dd34afd Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 25 Mar 2025 15:20:48 +0100 +Subject: [PATCH 20/22] fix(nfs): libnfsidmap plugins not added in some + distributions + +`nfs-utils` can be configured using `--with-pluginpath` to avoid using the +default `/usr/lib/libnfsidmap`. For example, Fedora sets +`--with-pluginpath=%{_libdir}/libnfsidmap`, which is covered by the current +glob, but openSUSE sets `--with-pluginpath=%{_libdir}/libnfsidmap-1.0.0`. + +Also, remove reference to the old `libnfsidmap_.so` path. +--- + modules.d/95nfs/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 039b4e4c..6c76faf4 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -139,5 +139,5 @@ install() { + + dracut_need_initqueue + +- inst_libdir_file 'libnfsidmap_nsswitch.so*' 'libnfsidmap/*.so' 'libnfsidmap*.so*' ++ inst_libdir_file 'libnfsidmap*/*.so' 'libnfsidmap*.so*' + } +-- +2.48.1 + + +From 2f5a759f490bb813ec24a685f015b15ff196783b Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 1 Apr 2025 14:33:38 +0200 +Subject: [PATCH 21/22] fix(nfs): use `DRACUT_CP` instead of `cp` + +Using `cp` directly ignores `DRACUT_NO_XATTR`. +--- + modules.d/95nfs/module-setup.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 6c76faf4..d097cd38 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -120,9 +120,15 @@ install() { + mkdir -m 0770 -p "$initdir/var/lib/rpcbind" + + # use the same directory permissions as the host +- [ -d "/var/lib/nfs/statd" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/statd "${initdir}"/var/lib/nfs/ && rm -rf "${initdir}"/var/lib/nfs/statd/* +- [ -d "/var/lib/nfs/statd/sm" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/statd/sm "${initdir}"/var/lib/nfs/statd/ && rm -rf "${initdir}"/var/lib/nfs/statd/sm/* +- [ -d "/var/lib/nfs/sm" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/sm "${initdir}"/var/lib/nfs/ && rm -rf "${initdir}"/var/lib/nfs/sm/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/statd ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs "$dracutsysrootdir"/var/lib/nfs/statd \ ++ && rm -rf "$initdir"/var/lib/nfs/statd/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/statd/sm ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs/statd "$dracutsysrootdir"/var/lib/nfs/statd/sm \ ++ && rm -rf "$initdir"/var/lib/nfs/statd/sm/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/sm ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs "$dracutsysrootdir"/var/lib/nfs/sm \ ++ && rm -rf "$initdir"/var/lib/nfs/sm/* + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +-- +2.48.1 + + +From 7eaa8536fae73aa65fae604820f10e842a18bc88 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 1 Apr 2025 14:34:04 +0200 +Subject: [PATCH 22/22] fix(nfs): add possible `statd` user and group + +Some distributions use the `statd` user (openSUSE, Ubuntu) and group (openSUSE) +to handle `rpc.statd` directories. +--- + modules.d/95nfs/module-setup.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index d097cd38..b34c75c0 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -136,10 +136,10 @@ install() { + local _confdir + for _confdir in etc usr/lib; do + +- grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \ ++ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser|statd):' "${dracutsysrootdir}/${_confdir}/passwd" \ + >> "$initdir/${_confdir}/passwd" + +- grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \ ++ grep -sE '^(nogroup|rpc|nobody|statd):' "${dracutsysrootdir}/${_confdir}/group" \ + >> "$initdir/${_confdir}/group" + done + +-- +2.48.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch new file mode 100644 index 0000000000..bcb0e3054f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch @@ -0,0 +1,2781 @@ +From 7e6a4cf62af3d8e05dd2dec6bb3301fe52031bf2 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 5 Sep 2024 11:55:35 +0100 +Subject: [PATCH 01/12] fix(dracut): respect PKG_CONFIG env var instead of + hardcoding pkg-config + +When using a sysroot, we should use pkg-config data from the sysroot. +While we could set PKG_CONFIG_LIBDIR, the lib directory can vary. +Distributions typically set up pkg-config wrappers for this purpose and +it is customary to respect the PKG_CONFIG variable in build systems. +Users can still set simply PKG_CONFIG_LIBDIR instead if they prefer that +approach. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 1 + + dracut.sh | 2 +- + man/dracut.8.adoc | 7 +++++++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index be8eb9fb..de3ae324 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -81,6 +81,7 @@ export srcmods + DRACUT_LDD=${DRACUT_LDD:-ldd} + DRACUT_TESTBIN=${DRACUT_TESTBIN:-/bin/sh} + DRACUT_LDCONFIG=${DRACUT_LDCONFIG:-ldconfig} ++PKG_CONFIG=${PKG_CONFIG:-pkg-config} + + # shellcheck source=./dracut-functions.sh + . "$dracutbasedir"/dracut-functions.sh +diff --git a/dracut.sh b/dracut.sh +index ef959021..aff721f0 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1489,7 +1489,7 @@ set_global_var() { + local _pkgvar="${2%:*}" + local _var="${2#*:}" + [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]] \ +- && export "$_var"="$(pkg-config "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" ++ && export "$_var"="$($PKG_CONFIG "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" + if [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]]; then + shift 2 + if (($# == 1)); then +diff --git a/man/dracut.8.adoc b/man/dracut.8.adoc +index a6d044a9..ba33ab19 100644 +--- a/man/dracut.8.adoc ++++ b/man/dracut.8.adoc +@@ -655,6 +655,13 @@ _DRACUT_LDD_:: + Default: + _ldd_ + ++_PKG_CONFIG_:: ++ sets the _pkg-config_ program path and options. Optional. ++ Most useful together with **--sysroot**. +++ ++Default: ++ _pkg-config_ ++ + _DRACUT_TESTBIN_:: + sets the initially tested binary for detecting library paths. + Optional. Used for **--sysroot**. In the cross-compiled sysroot, +-- +2.48.1 + + +From e5d3ef60f880bd9a35b0b13c667252bdb209a54e Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 5 Sep 2024 12:19:09 +0100 +Subject: [PATCH 02/12] feat(dracut): set systemdversion global var using + pkg-config + +This falls back to 0 if the version cannot be determined. The version +isn't a regular pkg-config variable like the others, but we still want +the ability to override this through the Dracut config, so make +"modversion" a special case. + +Signed-off-by: James Le Cuirot +--- + dracut.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index aff721f0..45527bcd 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1488,9 +1488,14 @@ set_global_var() { + local _pkgconfig="$1" + local _pkgvar="${2%:*}" + local _var="${2#*:}" +- [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]] \ +- && export "$_var"="$($PKG_CONFIG "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" +- if [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]]; then ++ if [[ $_pkgvar == modversion ]]; then ++ local _vararg=--modversion ++ else ++ local _vararg=--variable=$_pkgvar ++ fi ++ [[ -z ${!_var} || ($3 == /* && ! -d ${dracutsysrootdir}${!_var}) ]] \ ++ && export "$_var"="$($PKG_CONFIG "$_pkgconfig" "$_vararg" 2> /dev/null)" ++ if [[ -z ${!_var} || ($3 == /* && ! -d ${dracutsysrootdir}${!_var}) ]]; then + shift 2 + if (($# == 1)); then + export "$_var"="$1" +@@ -1550,6 +1555,7 @@ set_global_var "systemd" "sysusers" "/usr/lib/sysusers.d" + set_global_var "systemd" "sysusersconfdir" "/etc/sysusers.d" + set_global_var "systemd" "tmpfilesdir" "/lib/tmpfiles.d" "/usr/lib/tmpfiles.d" + set_global_var "systemd" "tmpfilesconfdir" "/etc/tmpfiles.d" ++set_global_var "systemd" "modversion:systemdversion" "0" + + # libkmod global variables + set_global_var "libkmod" "depmodd" "/usr/lib/depmod.d" +-- +2.48.1 + + +From 80c8d6909788d718d0aa48bd70af049c43f0c67f Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Mon, 10 Mar 2025 13:11:05 +0000 +Subject: [PATCH 03/12] fix(dracut-install): plug memory leak on kerneldir + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index bacbe86e..9bfddb83 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -68,6 +68,7 @@ static bool arg_modalias = false; + static bool arg_resolvelazy = false; + static bool arg_resolvedeps = false; + static bool arg_hostonly = false; ++static bool arg_kerneldir = false; + static bool no_xattr = false; + static char *destrootdir = NULL; + static char *sysrootdir = NULL; +@@ -1202,6 +1203,7 @@ static int parse_argv(int argc, char *argv[]) + break; + case ARG_KERNELDIR: + kerneldir = optarg; ++ arg_kerneldir = true; + break; + case ARG_FIRMWAREDIRS: + firmwaredirs = strv_split(optarg, ":"); +@@ -2407,6 +2409,9 @@ int main(int argc, char **argv) + finish1: + free(destrootdir); + finish2: ++ if (!arg_kerneldir) ++ free(kerneldir); ++ + if (logfile_f) + fclose(logfile_f); + +-- +2.48.1 + + +From fb77a76ab8736807a9b5305528fde5275ce15c5b Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 5 Mar 2025 17:29:51 +0000 +Subject: [PATCH 04/12] fix(dracut-install): rework broken destination + existence logic + +The return code of `stat` is checked twice when it only needs to be +checked once. The `dst_exists` condition will also never be true, making +the variable redundant. + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 26 ++++++++------------------ + 1 file changed, 8 insertions(+), 18 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 9bfddb83..83041e40 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -821,7 +821,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + bool src_islink = false; + bool src_isdir = false; + mode_t src_mode = 0; +- bool dst_exists = true; + char *i = NULL; + const char *src, *dst; + +@@ -871,15 +870,13 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + + ret = stat(fulldstpath, &sb); +- if (ret != 0) { +- dst_exists = false; +- if (errno != ENOENT) { +- log_error("ERROR: stat '%s': %m", fulldstpath); ++ ++ if (ret == 0) { ++ if (src_isdir && !S_ISDIR(sb.st_mode)) { ++ log_error("dest dir '%s' already exists but is not a directory", fulldstpath); + return 1; + } +- } + +- if (ret == 0) { + if (resolvedeps && S_ISREG(sb.st_mode) && (sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { + log_debug("'%s' already exists, but checking for any deps", fulldstpath); + if (sysrootdirlen && (strncmp(fulldstpath, sysrootdir, sysrootdirlen) == 0)) +@@ -888,9 +885,11 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + ret = resolve_deps(fullsrcpath); + } else + log_debug("'%s' already exists", fulldstpath); +- +- /* dst does already exist */ + } else { ++ if (errno != ENOENT) { ++ log_error("ERROR: stat '%s': %m", fulldstpath); ++ return 1; ++ } + + /* check destination directory */ + fulldstdir = strndup(fulldstpath, dir_len(fulldstpath)); +@@ -923,15 +922,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (src_isdir) { +- if (dst_exists) { +- if (S_ISDIR(sb.st_mode)) { +- log_debug("dest dir '%s' already exists", fulldstpath); +- return 0; +- } +- log_error("dest dir '%s' already exists but is not a directory", fulldstpath); +- return 1; +- } +- + log_info("mkdir '%s'", fulldstpath); + ret = dracut_mkdir(fulldstpath); + if (ret == 0) { +-- +2.48.1 + + +From 9bc6e43632ed5c9807e40aab684fe37a6d8b3bb0 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 18 Feb 2025 17:24:05 +0000 +Subject: [PATCH 05/12] feat(dracut-install): parse ELF .note.dlopen entries + for extra deps + +Unlike traditional DT_NEEDED dependencies, there has not been a way to +determine what libraries an ELF may dlopen until recently. systemd has +documented a convention to declare such dependencies using JSON in the +ELF metadata. See https://systemd.io/ELF_DLOPEN_METADATA/ for details. + +This metadata references sonames rather than full paths, so Dracut needs +to determine the full paths by itself. It cannot use ldd to do this as +that relies on DT_NEEDED. ldconfig can show the paths for all sonames in +the cache, but that relies on the cache having already been generated, +it isn't cross-friendly, and musl doesn't even have ldconfig. It +therefore makes sense for Dracut to parse the ELF headers directly. This +also paves the way for removing the dependency on ldd entirely, making +Dracut more cross-friendly as a whole. + +To avoid adding an entirely new dependency, the JSON parsing is done by +libsystemd's sd-json API. This has been exposed since systemd v257. If +libsystemd is too old or not present at all, then this dlopen handling +is simply skipped. This is currently not an issue for non-systemd +distributions as systemd is the only project using this convention. If +that were to change, libsystemd can still be used without the rest of +systemd, as demonstrated by Gentoo. + +The metadata itself has only been included by systemd since v256. If an +earlier version is detected, Dracut will unconditionally install the +same libraries that it did before. + +There are different structs for 32-bit and 64-bit ELF headers, so this +new code makes heavy use of C macros to avoid a lot of code duplication. +One macro is also used heavily for endian conversion, as almost every +field needs to be adjusted. + +See the code comments for the remaining details. + +Closes: https://github.com/dracut-ng/dracut-ng/issues/154 +Signed-off-by: James Le Cuirot +--- + Makefile | 4 +- + configure | 3 + + dracut.sh | 11 + + modules.d/00systemd/module-setup.sh | 1 - + modules.d/01systemd-bsod/module-setup.sh | 4 +- + modules.d/01systemd-coredump/module-setup.sh | 10 +- + .../01systemd-integritysetup/module-setup.sh | 5 +- + modules.d/01systemd-journald/module-setup.sh | 12 +- + .../01systemd-veritysetup/module-setup.sh | 5 +- + src/install/dracut-install.c | 572 +++++++++++++++++- + 10 files changed, 592 insertions(+), 35 deletions(-) + +diff --git a/Makefile b/Makefile +index 5ce30d5f..d53d6a41 100644 +--- a/Makefile ++++ b/Makefile +@@ -53,7 +53,7 @@ manpages = $(man1pages) $(man5pages) $(man7pages) $(man8pages) + all: dracut.pc dracut-install src/skipcpio/skipcpio dracut-util + + %.o : %.c +- $(CC) -c $(CFLAGS) $(CPPFLAGS) $(KMOD_CFLAGS) $< -o $@ ++ $(CC) -c $(CFLAGS) $(CPPFLAGS) $(KMOD_CFLAGS) $(SYSTEMD_CFLAGS) $(if $(SYSTEMD_LIBS),-DHAVE_SYSTEMD) $< -o $@ + + DRACUT_INSTALL_OBJECTS = \ + src/install/dracut-install.o \ +@@ -72,7 +72,7 @@ src/install/util.o: src/install/util.c src/install/util.h src/install/macro.h sr + src/install/strv.o: src/install/strv.c src/install/strv.h src/install/util.h src/install/macro.h src/install/log.h + + src/install/dracut-install: $(DRACUT_INSTALL_OBJECTS) +- $(CC) $(LDFLAGS) -o $@ $(DRACUT_INSTALL_OBJECTS) $(LDLIBS) $(FTS_LIBS) $(KMOD_LIBS) ++ $(CC) $(LDFLAGS) -o $@ $(DRACUT_INSTALL_OBJECTS) $(LDLIBS) $(FTS_LIBS) $(KMOD_LIBS) $(SYSTEMD_LIBS) + + dracut-install: src/install/dracut-install + ln -fs $< $@ +diff --git a/configure b/configure +index 5095078b..8a966333 100755 +--- a/configure ++++ b/configure +@@ -191,6 +191,9 @@ bindir ?= ${bindir:-${prefix}/bin} + KMOD_CFLAGS ?= $(${PKG_CONFIG} --cflags " libkmod >= 23 ") ${KMOD_CFLAGS_EXTRA} + KMOD_LIBS ?= $(${PKG_CONFIG} --libs " libkmod >= 23 ") + FTS_LIBS ?= ${FTS_LIBS} ++# For the sd-json API, which was added in systemd v257. This is optional. ++SYSTEMD_CFLAGS ?= $(${PKG_CONFIG} --cflags "libsystemd >= 257") ++SYSTEMD_LIBS ?= $(${PKG_CONFIG} --libs "libsystemd >= 257") + EOF + + { +diff --git a/dracut.sh b/dracut.sh +index 45527bcd..e544cafb 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1561,6 +1561,17 @@ set_global_var "systemd" "modversion:systemdversion" "0" + set_global_var "libkmod" "depmodd" "/usr/lib/depmod.d" + set_global_var "libkmod" "depmodconfdir" "/etc/depmod.d" + ++# Modules should check for JSON support in dracut-install before using it. ++DRACUT_INSTALL_JSON= ++$DRACUT_INSTALL --json-supported &> /dev/null && DRACUT_INSTALL_JSON=1 ++ ++# systemd started declaring its dlopen dependencies in v256. Checking for these ++# requires JSON support in dracut-install, provided by libsystemd v257. The ++# version in the sysroot may be different to the one used by dracut-install. ++USE_SYSTEMD_DLOPEN_DEPS= ++# shellcheck disable=SC2034 # USE_SYSTEMD_DLOPEN_DEPS is used in modules ++[[ $DRACUT_INSTALL_JSON && ${systemdversion%%.*} -ge 256 ]] && USE_SYSTEMD_DLOPEN_DEPS=1 ++ + if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then + if ! [[ -f $srcmods/modules.dep ]]; then + if [[ -n "$(find "$srcmods" -name '*.ko*')" ]]; then +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 8f25475e..482bdfa1 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -144,7 +144,6 @@ EOF + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libbpf.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ + {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" +diff --git a/modules.d/01systemd-bsod/module-setup.sh b/modules.d/01systemd-bsod/module-setup.sh +index 91b28d7f..cf562ca6 100755 +--- a/modules.d/01systemd-bsod/module-setup.sh ++++ b/modules.d/01systemd-bsod/module-setup.sh +@@ -26,5 +26,7 @@ install() { + "$systemdsystemunitdir"/initrd.target.wants/systemd-bsod.service \ + "$systemdutildir"/systemd-bsod + +- inst_libdir_file "libqrencode.so*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file "libqrencode.so*" ++ fi + } +diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh +index 6acbe75f..3083f851 100755 +--- a/modules.d/01systemd-coredump/module-setup.sh ++++ b/modules.d/01systemd-coredump/module-setup.sh +@@ -44,10 +44,12 @@ install() { + + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ fi + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index dffc88ac..804b856e 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -60,6 +60,7 @@ install() { + + # Install required libraries. + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" +- ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" ++ fi + } +diff --git a/modules.d/01systemd-journald/module-setup.sh b/modules.d/01systemd-journald/module-setup.sh +index 77d6a2e9..9f546d1a 100755 +--- a/modules.d/01systemd-journald/module-setup.sh ++++ b/modules.d/01systemd-journald/module-setup.sh +@@ -53,11 +53,13 @@ install() { + + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ fi + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index 9dad8d4f..e3b95303 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -60,6 +60,7 @@ install() { + + # Install required libraries. + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" +- ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" ++ fi + } +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 83041e40..8769d1a1 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -23,8 +23,10 @@ + #define _GNU_SOURCE + #endif + #include ++#include + #include + #include ++#include + #include + #include + #include +@@ -43,6 +45,11 @@ + #include + #include + #include ++#include ++ ++#ifdef HAVE_SYSTEMD ++#include ++#endif + + #include "log.h" + #include "hashmap.h" +@@ -168,6 +175,25 @@ static inline void destroy_hashmap(Hashmap **hashmap) + + #define _cleanup_destroy_hashmap_ _cleanup_(destroy_hashmap) + ++/* Check whether the given key exists in the hash before duplicating and ++ inserting it. Assumes the value has already been duplicated and is no longer ++ needed if the insertion fails. */ ++static int hashmap_put_strdup_key(Hashmap *h, const char *key, char *value) ++{ ++ if (hashmap_get(h, key)) ++ return 0; ++ ++ char *nkey = strdup(key); ++ ++ if (nkey && hashmap_put(h, nkey, value) != -ENOMEM) ++ return 0; ++ ++ log_error("Out of memory"); ++ free(nkey); ++ free(value); ++ return -ENOMEM; ++} ++ + static size_t dir_len(char const *file) + { + size_t length; +@@ -517,7 +543,7 @@ static char *get_real_file(const char *src, bool fullyresolve) + if (lstat(fullsrcpath, &sb) < 0) + return NULL; + +- switch (sb.st_mode & S_IFMT) { ++ switch (sb.st_mode &S_IFMT) { + case S_IFDIR: + case S_IFREG: + return strdup(fullsrcpath); +@@ -561,18 +587,328 @@ static char *get_real_file(const char *src, bool fullyresolve) + return TAKE_PTR(abspath); + } + +-static int resolve_deps(const char *src) ++/* Check that the ELF header (ehdr) matches the other given ELF header in bits, ++ endianness, OS ABI, and soname, where B is 64 or 32 bit. The SYSV and GNU OS ++ ABIs are compatible, so allow either. Returns libpath if there is a match. */ ++#define CHECK_LIB_MATCH_FOR_BITS(B, match) do { \ ++ if (!match) \ ++ goto finish; \ ++\ ++ Elf##B##_Ehdr *ehdr = (Elf##B##_Ehdr *)map; \ ++ if (ehdr->e_ident[EI_CLASS] == match->e_ident[EI_CLASS] && \ ++ ehdr->e_ident[EI_DATA] == match->e_ident[EI_DATA] && \ ++ (ehdr->e_ident[EI_OSABI] == match->e_ident[EI_OSABI] || \ ++ ehdr->e_ident[EI_OSABI] == ELFOSABI_SYSV || \ ++ ehdr->e_ident[EI_OSABI] == ELFOSABI_GNU) && \ ++ ehdr->e_machine == match->e_machine) { \ ++ if (strcmp(basename, soname) == 0) { \ ++ munmap(map, sb.st_size); \ ++ return libpath; \ ++ } \ ++ } \ ++} while (0) ++ ++/* Check that the given path (dirname + basename) with the given soname matches ++ the given (64 or 32 bit) ELF header. Returns the path if there is a match. */ ++static char *check_lib_match(const char *dirname, const char *basename, const char *soname, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ char *libpath = NULL; ++ _asprintf(&libpath, "%s/%s", dirname, basename); ++ ++ _cleanup_close_ int fd = open(libpath, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) ++ goto finish2; ++ ++ struct stat sb; ++ if (fstat(fd, &sb) < 0) ++ goto finish2; ++ ++ void *map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (map == MAP_FAILED) ++ goto finish2; ++ ++ unsigned char *e_ident = (unsigned char *)map; ++ if (e_ident[EI_MAG0] != ELFMAG0 || ++ e_ident[EI_MAG1] != ELFMAG1 || ++ e_ident[EI_MAG2] != ELFMAG2 || ++ e_ident[EI_MAG3] != ELFMAG3) ++ goto finish; ++ ++ switch (e_ident[EI_CLASS]) { ++ case ELFCLASS32: ++ CHECK_LIB_MATCH_FOR_BITS(32, match32); ++ break; ++ case ELFCLASS64: ++ CHECK_LIB_MATCH_FOR_BITS(64, match64); ++ break; ++ } ++ ++finish: ++ munmap(map, sb.st_size); ++finish2: ++ free(libpath); ++ return NULL; ++} ++ ++/* Search the given library directory (within the sysroot) for a library ++ matching the given soname and (64 or 32 bit) ELF header. Returns the path ++ (with the sysroot) if there is a match. */ ++static char *search_libdir(const char *libdir, const char *soname, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++{ ++ _cleanup_free_ char *sysroot_libdir; ++ _asprintf(&sysroot_libdir, "%s%s", sysrootdir ?: "", libdir); ++ log_debug("Searching '%s' to find %s", sysroot_libdir, soname); ++ ++ /* First check for a filename matching the soname. This is likely to ++ succeed and is very much faster than checking the sonames of every ++ library in the directory below. */ ++ char *res = check_lib_match(sysroot_libdir, soname, soname, match64, match32); ++ if (res) ++ return res; ++ ++ _cleanup_closedir_ DIR *dirp = opendir(sysroot_libdir); ++ if (!dirp) ++ return NULL; ++ ++ struct dirent *entry; ++ while ((entry = readdir(dirp)) != NULL) { ++ if (entry->d_type != DT_REG && entry->d_type != DT_LNK) ++ continue; ++ ++ if (fnmatch("*.so*", entry->d_name, 0) != 0) ++ continue; ++ ++ res = check_lib_match(sysroot_libdir, entry->d_name, soname, match64, match32); ++ if (res) ++ return res; ++ } ++ ++ return NULL; ++} ++ ++/* Read the given ldconf file(s) (within the sysroot, can be a glob pattern) to ++ search for a library matching the given soname and (64 or 32 bit) ELF header. ++ Returns the path (with the sysroot) if there is a match. */ ++static char *search_via_ldconf(const char *conf_pattern, const char *soname, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ char line[PATH_MAX]; ++ const char *include_prefix = "include "; ++ size_t include_prefix_len = strlen(include_prefix); ++ ++ _cleanup_free_ char *sysroot_conf_pattern = NULL; ++ _asprintf(&sysroot_conf_pattern, "%s%s", sysrootdir ?: "", conf_pattern); ++ log_debug("Reading '%s' to find %s", sysroot_conf_pattern, soname); ++ ++ _cleanup_globfree_ glob_t globbuf; ++ if (glob(sysroot_conf_pattern, 0, NULL, &globbuf) == 0) { ++ for (size_t i = 0; i < globbuf.gl_pathc; i++) { ++ char *conf_path = globbuf.gl_pathv[i]; ++ _cleanup_fclose_ FILE *file = fopen(conf_path, "r"); ++ if (!file) { ++ log_error("ERROR: cannot open '%s': %m", conf_path); ++ return NULL; ++ } ++ ++ const char *conf_dir = dirname(conf_path); ++ ++ while (fgets(line, sizeof(line), file)) { ++ /* glibc and musl separate with newlines. */ ++ char *newline = strchr(line, '\n'); ++ if (newline) ++ *newline = '\0'; ++ ++ /* musl also separates with colons. Do the same ++ with glibc for simplicity. */ ++ char *colon = strchr(line, ':'); ++ if (colon) ++ *colon = '\0'; ++ ++ /* Ignore any comments. */ ++ char *comment = strchr(line, '#'); ++ if (comment) ++ *comment = '\0'; ++ ++ /* Skip empty lines. */ ++ if (line[0] == '\0') ++ continue; ++ ++ char *result; ++ if (strncmp(line, include_prefix, include_prefix_len) == 0) { ++ const char *include_path = line + include_prefix_len; ++ /* include directives can be absolute or ++ relative. Prepend the current file's ++ directory if relative. */ ++ if (include_path[0] == '/') { ++ result = search_via_ldconf(include_path, soname, match64, match32); ++ } else { ++ _cleanup_free_ char *abs_include_path = NULL; ++ _asprintf(&abs_include_path, "%s/%s", conf_dir + sysrootdirlen, include_path); ++ result = search_via_ldconf(abs_include_path, soname, match64, match32); ++ } ++ } else { ++ result = search_libdir(line, soname, match64, match32); ++ } ++ if (result) ++ return result; ++ } ++ } ++ } ++ ++ return NULL; ++} ++ ++/* Expand $ORIGIN and $LIB variables in the given R(UN)PATH entry. $ORIGIN ++ expands to the directory of the given src path. $LIB expands to lib if ++ match64 is NULL or lib64 otherwise. Returns a newly allocated string even if ++ no expansion was necessary. */ ++static char *expand_runpath(char *input, const char *src, const Elf64_Ehdr *match64) ++{ ++ regex_t regex; ++ regmatch_t rmatch[3]; /* 0: full match, 1: without brackets, 2: with brackets */ ++ ++ if (regcomp(®ex, "\\$([A-Z]+|\\{([A-Z]+)\\})", REG_EXTENDED) != 0) { ++ log_error("ERROR: Could not compile RUNPATH regex"); ++ return NULL; ++ } ++ ++ char *result = NULL, *current = input; ++ int offset = 0; ++ ++ while (regexec(®ex, current + offset, 3, rmatch, 0) == 0) { ++ char *varname = NULL; ++ _cleanup_free_ char *varval = NULL; ++ size_t varname_len, varval_len; ++ ++ /* Determine which group matched, with or without brackets. */ ++ int rgroup = rmatch[1].rm_so != -1 ? 1 : 2; ++ varname_len = rmatch[rgroup].rm_eo - rmatch[rgroup].rm_so; ++ varname = current + offset + rmatch[rgroup].rm_so; ++ ++ if (strncmp(varname, "ORIGIN", varname_len) == 0) { ++ varval = dirname_malloc(src); ++ } else if (strncmp(varname, "LIB", varname_len) == 0) { ++ varval = strdup(match64 ? "lib64" : "lib"); ++ } else { ++ /* If the variable is unrecognised, leave it as-is. */ ++ offset += rmatch[0].rm_eo; ++ continue; ++ } ++ ++ if (!varval) ++ goto oom; ++ ++ varval_len = strlen(varval); ++ size_t prefix_len = offset + rmatch[0].rm_so; ++ size_t suffix_len = strlen(current) - (offset + rmatch[0].rm_eo); ++ ++ char *replaced = realloc(result, prefix_len + varval_len + suffix_len + 1); ++ if (!replaced) ++ goto oom; ++ ++ result = replaced; ++ strcpy(result + prefix_len, varval); ++ strcpy(result + prefix_len + varval_len, current + offset + rmatch[0].rm_eo); ++ ++ current = result; ++ offset = prefix_len + varval_len; ++ } ++ ++ regfree(®ex); ++ return result ?: strdup(current); ++ ++oom: ++ log_error("Out of memory"); ++ free(result); ++ regfree(®ex); ++ return NULL; ++} ++ ++/* Adjust the endianness of the given value of the given SIZE using ELF header ++ ehdr. The size sadly cannot be determined automatically using sizeof because ++ that is expanded using the C compiler rather than the preprocessor. */ ++#define ELF_BYTESWAP(SIZE, value) (ehdr->e_ident[EI_DATA] == ELFDATA2MSB ? be##SIZE##toh(value) : le##SIZE##toh(value)) ++ ++/* Get a pointer to the ELF header map's section header string table, where B is ++ 64 or 32 bit. Sanity checks the ELF structure to avoid crashes. */ ++#define PARSE_ELF_START(B, map) \ ++ Elf##B##_Ehdr *ehdr = (Elf##B##_Ehdr *)map; \ ++\ ++ if (sizeof(Elf##B##_Ehdr) > src_len || \ ++ ELF_BYTESWAP(B, ehdr->e_shoff) > src_len || \ ++ ELF_BYTESWAP(16, ehdr->e_shstrndx) >= ELF_BYTESWAP(16, ehdr->e_shnum)) \ ++ break; \ ++\ ++ Elf##B##_Shdr *shdr = (Elf##B##_Shdr *)((char *)map + ELF_BYTESWAP(B, ehdr->e_shoff)); \ ++ const char *shstrtab = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(16, ehdr->e_shstrndx)].sh_offset); ++ ++/* Expand the R(UN)PATH of the ELF header map and search it for a library ++ matching soname and match64/match32. map must point to the same header as ++ match64/match32. Returns the path (with the sysroot) if there is a match. */ ++#define FIND_LIBRARY_RUNPATH_FOR_BITS(B, map) do { \ ++ PARSE_ELF_START(B, map); \ ++ bool seen_runpath = false; \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ for (Elf##B##_Dyn *d = dyn; ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if (ELF_BYTESWAP(B, d->d_tag) == DT_RUNPATH) \ ++ seen_runpath = true; /* RUNPATH has precedence over RPATH. */ \ ++ else if (seen_runpath || ELF_BYTESWAP(B, d->d_tag) != DT_RPATH) \ ++ continue; \ ++\ ++ char *runpath = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ _cleanup_free_ char *expanded = expand_runpath(runpath, src, match64); \ ++ if (!expanded) \ ++ continue; \ ++\ ++ for (char *token = strtok(expanded, ":"); token; token = strtok(NULL, ":")) { \ ++ char *res = search_libdir(token, soname, match64, match32); \ ++ if (res) \ ++ return res; \ ++ } \ ++ } \ ++ } \ ++} while (0) ++ ++/* Given an soname and (64 or 32 bit) ELF header, search for a matching library ++ in the R(UN)PATH of that header, the directories referenced by ldconf files, ++ and some default locations. src must be the path (with the sysroot) to the ++ ELF file and src_len must be that file's length in bytes. Returns the path ++ (with the sysroot) if there is a match. */ ++static char *find_library(const char *soname, const char *src, size_t src_len, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ if (match64) ++ FIND_LIBRARY_RUNPATH_FOR_BITS(64, match64); ++ else if (match32) ++ FIND_LIBRARY_RUNPATH_FOR_BITS(32, match32); ++ ++ /* There is no definitive way to determine the libc so just check for ++ musl and glibc ldconf files. musl hardcodes its default locations. It ++ is impossible to determine glibc's default locations, but this set is ++ practically universal. It is safe to check lib64 for 32-bit libraries ++ because we include the class (64-bit or 32-bit) when matching. */ ++ return search_via_ldconf("/etc/ld-musl-*.path", soname, match64, match32) ?: ++ search_via_ldconf("/etc/ld.so.conf", soname, match64, match32) ?: ++ search_libdir("/lib64", soname, match64, match32) ?: ++ search_libdir("/usr/lib64", soname, match64, match32) ?: ++ search_libdir("/usr/local/lib64", soname, match64, match32) ?: ++ search_libdir("/lib", soname, match64, match32) ?: ++ search_libdir("/usr/lib", soname, match64, match32) ?: ++ search_libdir("/usr/local/lib", soname, match64, match32); ++} ++ ++static int resolve_deps_ldd(const char *src, const char *fullsrcpath) + { + int ret = 0, err; + + _cleanup_free_ char *buf = NULL; + size_t linesize = LINE_MAX + 1; +- _cleanup_free_ char *fullsrcpath = NULL; +- +- fullsrcpath = get_real_file(src, true); +- log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); +- if (!fullsrcpath) +- return 0; + + buf = malloc(linesize); + if (buf == NULL) +@@ -704,6 +1040,195 @@ static int resolve_deps(const char *src) + return ret; + } + ++#ifdef HAVE_SYSTEMD ++ ++/* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) ++ in the given note index and find each dependent library, ensuring it matches ++ the given (64 or 32 bit) ELF header. Each library found is added to deps. ++ Dependencies already found in this chain must be given in pdeps. Failure to ++ parse the JSON or find a library is considered non-fatal. */ ++static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *fullsrcpath, size_t src_len, ++ const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++{ ++ _cleanup_(sd_json_variant_unrefp) sd_json_variant *dlopen_json = NULL; ++ if (sd_json_parse(json, 0, &dlopen_json, NULL, NULL) != 0 || !sd_json_variant_is_array(dlopen_json)) { ++ log_warning("WARNING: .note.dlopen entry #%zd is not a JSON array in '%s'", note_idx, fullsrcpath); ++ return; ++ } ++ ++ for (size_t entry_idx = 0; entry_idx < sd_json_variant_elements(dlopen_json); entry_idx++) { ++ sd_json_variant *entry = sd_json_variant_by_index(dlopen_json, entry_idx); ++ sd_json_variant *sonames = sd_json_variant_by_key(entry, "soname"); ++ if (!sonames || !sd_json_variant_is_array(sonames)) { ++ log_warning("WARNING: soname array missing from .note.dlopen entry #%zd.%zd in '%s'", note_idx, entry_idx, fullsrcpath); ++ return; ++ } ++ ++ for (size_t soname_idx = 0; soname_idx < sd_json_variant_elements(sonames); soname_idx++) { ++ sd_json_variant *soname_json = sd_json_variant_by_index(sonames, soname_idx); ++ if (!sd_json_variant_is_string(soname_json)) { ++ log_warning("WARNING: soname #%zd of .note.dlopen entry #%zd.%zd is not a string in '%s'", soname_idx, note_idx, ++ entry_idx, fullsrcpath); ++ return; ++ } ++ ++ const char *soname = sd_json_variant_string(soname_json); ++ if (hashmap_get(pdeps, soname)) ++ continue; ++ ++ char *library = find_library(soname, fullsrcpath, src_len, match64, match32); ++ if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) ++ log_warning("WARNING: could not locate dlopen dependency %s requested by '%s'", soname, fullsrcpath); ++ } ++ } ++} ++ ++/* Given the ELF header map, also represented by match64/match32 and where B is ++ 64 or 32 bit, check .note.dlopen entries for dependencies. See above. */ ++#define RESOLVE_DEPS_DLOPEN_FOR_BITS(B, match64, match32) do { \ ++ PARSE_ELF_START(B, map); \ ++ size_t note_idx = -1; \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)shdr + i * sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".note.dlopen") != 0) \ ++ continue; \ ++\ ++ const char *note_offset = (char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset); \ ++ const char *note_end = note_offset + ELF_BYTESWAP(32, shdr[i].sh_size); \ ++\ ++ if (note_offset < (char*)map || note_end > (char*)map + src_len || note_end < note_offset) \ ++ continue; \ ++\ ++ while (note_offset < note_end) { \ ++ Elf##B##_Nhdr *nhdr = (Elf##B##_Nhdr *)note_offset; \ ++ note_offset += sizeof(Elf##B##_Nhdr); \ ++\ ++ /* We don't need the name, checking the type is enough. */ \ ++ note_offset += (ELF_BYTESWAP(32, nhdr->n_namesz) + 3) & ~3; /* Align to 4 bytes */ \ ++\ ++ const char *note_desc = note_offset; \ ++ note_offset += (ELF_BYTESWAP(32, nhdr->n_descsz) + 3) & ~3; /* Align to 4 bytes */ \ ++ if (note_offset > (char*)map + src_len) \ ++ break; \ ++\ ++ if (ELF_BYTESWAP(32, nhdr->n_type) != 0x407c0c0a) \ ++ continue; \ ++\ ++ note_idx++; \ ++ resolve_deps_dlopen_parse_json(pdeps, deps, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ ++ } \ ++ } \ ++} while (0) ++ ++static int resolve_deps(const char *src, Hashmap *pdeps); ++ ++static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap *pdeps) ++{ ++ _cleanup_close_ int fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) { ++ log_error("ERROR: cannot open '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ struct stat sb; ++ if (fstat(fd, &sb) < 0) { ++ log_error("ERROR: cannot stat '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ size_t src_len = sb.st_size; ++ void *map = mmap(NULL, src_len, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (map == MAP_FAILED) { ++ log_error("ERROR: cannot mmap '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ /* It would be easiest to blindly install dependencies as we find them ++ depth-first, but this does not work in practise. We need to track ++ which dependencies are already found to avoid loops. We also need to ++ install them breadth-first because of how RUNPATH works. systemd is a ++ good example. libsystemd-core depends on libsystemd-shared. Neither ++ is in the default library path, but libsystemd-core lacks a RUNPATH, ++ so it cannot find libsystemd-shared by itself. See for yourself with ++ ldd. It must be found in the context of an executable with a RUNPATH ++ that also depends on libsystemd-shared, such as systemd-executor. The ++ RUNPATH only applies to direct dependencies, not subdependencies, so ++ libsystemd-shared needs to be found as a direct dependency of ++ systemd-executor before we check libsystemd-core's dependencies. ++ Therefore, pdeps above holds the dependencies we have already found, ++ deps holds the dependencies found in this iteration, and ndeps is ++ used to combine them into the next iteration's pdeps. */ ++ Hashmap *ndeps = hashmap_new(string_hash_func, string_compare_func); ++ Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); ++ int ret = 0; ++ ++ unsigned char *e_ident = (unsigned char *)map; ++ if (e_ident[EI_MAG0] != ELFMAG0 || ++ e_ident[EI_MAG1] != ELFMAG1 || ++ e_ident[EI_MAG2] != ELFMAG2 || ++ e_ident[EI_MAG3] != ELFMAG3) ++ goto finish; ++ ++ switch (e_ident[EI_CLASS]) { ++ case ELFCLASS32: ++ RESOLVE_DEPS_DLOPEN_FOR_BITS(32, NULL, ehdr); ++ break; ++ case ELFCLASS64: ++ RESOLVE_DEPS_DLOPEN_FOR_BITS(64, ehdr, NULL); ++ break; ++ default: ++ log_error("ERROR: '%s' has an unknown ELF class", fullsrcpath); ++ ret = -1; ++ } ++ ++ if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) ++ goto finish; ++ ++ char *key, *library; ++ Iterator i; ++ HASHMAP_FOREACH(library, deps, i) { ++ ret += library_install(src, library); ++ ret += resolve_deps(library, ndeps); ++ } ++ ++finish: ++ munmap(map, src_len); ++ hashmap_free(ndeps); ++ ++ HASHMAP_FOREACH(library, deps, i) { ++ item_free(library); ++ } ++ ++ while ((key = hashmap_steal_first_key(deps))) ++ item_free(key); ++ ++ hashmap_free(deps); ++ return ret; ++} ++ ++#endif ++ ++/* Recursively check the given file for dependencies and install them. pdeps is ++ for dependencies already found in this chain and should initially be NULL. ++ Both ELF binaries and scripts with shebangs are handled. */ ++static int resolve_deps(const char *src, Hashmap *pdeps) ++{ ++ _cleanup_free_ char *fullsrcpath = NULL; ++ ++ fullsrcpath = get_real_file(src, true); ++ log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); ++ if (!fullsrcpath) ++ return 0; ++ ++ return resolve_deps_ldd(src, fullsrcpath) ++#ifdef HAVE_SYSTEMD ++ ?: resolve_deps_dlopen(src, fullsrcpath, pdeps) ++#endif ++ ; ++} ++ + /* Install "..hmac" file for FIPS self-checks */ + static int hmac_install(const char *src, const char *dst, const char *hmacpath) + { +@@ -880,9 +1405,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + if (resolvedeps && S_ISREG(sb.st_mode) && (sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { + log_debug("'%s' already exists, but checking for any deps", fulldstpath); + if (sysrootdirlen && (strncmp(fulldstpath, sysrootdir, sysrootdirlen) == 0)) +- ret = resolve_deps(fulldstpath + sysrootdirlen); ++ ret = resolve_deps(fulldstpath + sysrootdirlen, NULL); + else +- ret = resolve_deps(fullsrcpath); ++ ret = resolve_deps(fullsrcpath, NULL); + } else + log_debug("'%s' already exists", fulldstpath); + } else { +@@ -975,9 +1500,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + if (resolvedeps) { + /* ensure fullsrcpath contains sysrootdir */ + if (sysrootdirlen && (strncmp(fullsrcpath, sysrootdir, sysrootdirlen) == 0)) +- ret += resolve_deps(fullsrcpath + sysrootdirlen); ++ ret += resolve_deps(fullsrcpath + sysrootdirlen, NULL); + else +- ret += resolve_deps(fullsrcpath); ++ ret += resolve_deps(fullsrcpath, NULL); + } + if (arg_hmac) { + /* copy .hmac files also */ +@@ -1058,10 +1583,11 @@ static void usage(int status) + " -S --mod-filter-nosymbol Exclude kernel modules by symbol regexp\n" + " -N --mod-filter-noname Exclude kernel modules by name regexp\n" + "\n" +- " -v --verbose Show more output\n" +- " --debug Show debug output\n" +- " --version Show package version\n" +- " -h --help Show this help\n" ++ " --json-supported Show whether this build supports JSON\n" ++ " -v --verbose Show more output\n" ++ " --debug Show debug output\n" ++ " --version Show package version\n" ++ " -h --help Show this help\n" + "\n", program_invocation_short_name, program_invocation_short_name, program_invocation_short_name); + exit(status); + } +@@ -1076,7 +1602,8 @@ static int parse_argv(int argc, char *argv[]) + ARG_MODALIAS, + ARG_KERNELDIR, + ARG_FIRMWAREDIRS, +- ARG_DEBUG ++ ARG_DEBUG, ++ ARG_JSON_SUPPORTED, + }; + + static struct option const options[] = { +@@ -1104,6 +1631,7 @@ static int parse_argv(int argc, char *argv[]) + {"silent", no_argument, NULL, ARG_SILENT}, + {"kerneldir", required_argument, NULL, ARG_KERNELDIR}, + {"firmwaredirs", required_argument, NULL, ARG_FIRMWAREDIRS}, ++ {"json-supported", no_argument, NULL, ARG_JSON_SUPPORTED}, + {NULL, 0, NULL, 0} + }; + +@@ -1207,6 +1735,14 @@ static int parse_argv(int argc, char *argv[]) + case 'h': + usage(EXIT_SUCCESS); + break; ++ case ARG_JSON_SUPPORTED: ++#ifdef HAVE_SYSTEMD ++ puts("JSON is supported"); ++ return 0; ++#else ++ puts("JSON is not supported"); ++ return -1; ++#endif + default: + usage(EXIT_FAILURE); + } +@@ -1293,7 +1829,7 @@ static int resolve_lazy(int argc, char **argv) + item = strdup(p); + hashmap_put(items, item, item); + +- ret += resolve_deps(src); ++ ret += resolve_deps(src, NULL); + } + return ret; + } +-- +2.48.1 + + +From 2af7fbafaa02d7edfe387829bb49ed3d5bb47454 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 4 Mar 2025 11:09:32 +0000 +Subject: [PATCH 06/12] feat(dracut-install): extend new ELF parsing code to + replace ldd calls + +Now that dracut-install has its own ELF parsing code to handle dlopen +dependencies, it is only a small additional step to also handle +traditional DT_NEEDED dependencies, removing the need to call ldd, which +is not cross-friendly. + +This avoids the earlier issue seen with musl in #1087. + +We should no longer directly install libsystemd*.so because +libsystemd-core does not have the RUNPATH to find libsystemd-shared by +itself. Both get pulled in by the main systemd binary anyway. ldd had +the same issue, dracut-install silently ignored the failure. + +Signed-off-by: James Le Cuirot +--- + dracut.sh | 6 +- + modules.d/00systemd/module-setup.sh | 3 +- + src/install/dracut-install.c | 288 ++++++++++------------------ + 3 files changed, 106 insertions(+), 191 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index e544cafb..75d92738 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1357,11 +1357,7 @@ if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi + mkdir "$early_cpio_dir" + fi + +-if ${DRACUT_LDD:-ldd} "${dracutsysrootdir}/bin/sh" | grep -q musl &> /dev/null; then +- musl=1 +-fi +- +-[[ "$dracutsysrootdir" ]] || [[ "$noexec" ]] || [[ "$musl" ]] || export DRACUT_RESOLVE_LAZY="1" ++[[ "$dracutsysrootdir" ]] || [[ "$noexec" ]] || export DRACUT_RESOLVE_LAZY="1" + + if [[ $print_cmdline ]]; then + stdloglvl=0 +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 482bdfa1..747f09f0 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -145,6 +145,5 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libbpf.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" + } +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 8769d1a1..f194532f 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -84,7 +84,6 @@ static char *kerneldir = NULL; + static size_t kerneldirlen = 0; + static char **firmwaredirs = NULL; + static char **pathdirs; +-static char *ldd = NULL; + static char *logdir = NULL; + static char *logfile = NULL; + FILE *logfile_f = NULL; +@@ -903,143 +902,6 @@ static char *find_library(const char *soname, const char *src, size_t src_len, c + search_libdir("/usr/local/lib", soname, match64, match32); + } + +-static int resolve_deps_ldd(const char *src, const char *fullsrcpath) +-{ +- int ret = 0, err; +- +- _cleanup_free_ char *buf = NULL; +- size_t linesize = LINE_MAX + 1; +- +- buf = malloc(linesize); +- if (buf == NULL) +- return -errno; +- +- if (strstr(src, ".so") == NULL) { +- _cleanup_close_ int fd = -1; +- fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); +- if (fd < 0) +- return -errno; +- +- ret = read(fd, buf, linesize - 1); +- if (ret == -1) +- return -errno; +- +- buf[ret] = '\0'; +- if (buf[0] == '#' && buf[1] == '!') { +- /* we have a shebang */ +- char *p, *q; +- for (p = &buf[2]; *p && isspace(*p); p++) ; +- for (q = p; *q && (!isspace(*q)); q++) ; +- *q = '\0'; +- log_debug("Script install: '%s'", p); +- ret = dracut_install(p, p, false, true, false); +- if (ret != 0) +- log_error("ERROR: failed to install '%s'", p); +- return ret; +- } +- } +- +- int fds[2]; +- FILE *fptr; +- if (pipe2(fds, O_CLOEXEC) == -1 || (fptr = fdopen(fds[0], "r")) == NULL) { +- log_error("ERROR: pipe stream initialization for '%s' failed: %m", ldd); +- exit(EXIT_FAILURE); +- } +- +- log_debug("%s %s", ldd, fullsrcpath); +- pid_t ldd_pid; +- if ((ldd_pid = fork()) == 0) { +- dup2(fds[1], 1); +- dup2(fds[1], 2); +- putenv("LC_ALL=C"); +- execlp(ldd, ldd, fullsrcpath, (char *)NULL); +- _exit(errno == ENOENT ? 127 : 126); +- } +- close(fds[1]); +- +- ret = 0; +- +- while (getline(&buf, &linesize, fptr) >= 0) { +- char *p; +- +- log_debug("ldd: '%s'", buf); +- +- if (strstr(buf, "you do not have execution permission")) { +- log_error("%s", buf); +- ret += 1; +- break; +- } +- +- /* errors from cross-compiler-ldd */ +- if (strstr(buf, "unable to find sysroot")) { +- log_error("%s", buf); +- ret += 1; +- break; +- } +- +- /* musl ldd */ +- if (strstr(buf, "Not a valid dynamic program")) +- break; +- +- /* glibc */ +- if (strstr(buf, "cannot execute binary file")) +- continue; +- +- if (strstr(buf, "not a dynamic executable")) +- break; +- +- if (strstr(buf, "loader cannot load itself")) +- break; +- +- if (strstr(buf, "not regular file")) +- break; +- +- if (strstr(buf, "cannot read header")) +- break; +- +- if (strstr(buf, "cannot be preloaded")) +- continue; +- +- if (strstr(buf, destrootdir)) +- break; +- +- p = buf; +- if (strchr(p, '$')) { +- /* take ldd variable expansion into account */ +- p = strstr(p, "=>"); +- if (!p) +- p = buf; +- } +- p = strchr(p, '/'); +- +- if (p) { +- char *q; +- +- for (q = p; *q && *q != ' ' && *q != '\n'; q++) ; +- *q = '\0'; +- +- ret += library_install(src, p); +- +- } +- } +- +- fclose(fptr); +- while (waitpid(ldd_pid, &err, 0) == -1) { +- if (errno != EINTR) { +- log_error("ERROR: waitpid() failed: %m"); +- return 1; +- } +- } +- err = WIFSIGNALED(err) ? 128 + WTERMSIG(err) : WEXITSTATUS(err); +- /* ldd has error conditions we largely don't care about ("not a dynamic executable", &c.): +- only error out on hard errors (ENOENT, ENOEXEC, signals) */ +- if (err >= 126) { +- log_error("ERROR: '%s %s' failed with %d", ldd, fullsrcpath, err); +- return err; +- } else +- return ret; +-} +- + #ifdef HAVE_SYSTEMD + + /* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) +@@ -1122,10 +984,79 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + } \ + } while (0) + +-static int resolve_deps(const char *src, Hashmap *pdeps); ++#endif + +-static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap *pdeps) ++/* Given the ELF header map, also represented by match64/match32 and where B is ++ 64 or 32 bit, check PT_INTERP and DT_NEEDED entries for dependencies. */ ++#define RESOLVE_DEPS_NEEDED_FOR_BITS(B, match64, match32) do { \ ++ PARSE_ELF_START(B, map); \ ++\ ++ if (ELF_BYTESWAP(16, ehdr->e_type) == ET_EXEC || ELF_BYTESWAP(16, ehdr->e_type) == ET_DYN) { \ ++ for (size_t ph_idx = 0; ph_idx < ELF_BYTESWAP(16, ehdr->e_phnum); ph_idx++) { \ ++ Elf##B##_Phdr *phdr = (Elf##B##_Phdr *)((char *)map + ELF_BYTESWAP(B, ehdr->e_phoff) + ph_idx * ELF_BYTESWAP(16, ehdr->e_phentsize)); \ ++ if ((char *)phdr < (char *)map || (char *)phdr + sizeof(Elf##B##_Phdr) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(32, phdr->p_type) != PT_INTERP) \ ++ continue; \ ++\ ++ const char *interpreter = (const char *)map + ELF_BYTESWAP(B, phdr->p_offset); \ ++ if (interpreter < (char *)map || interpreter > (char *)map + src_len) \ ++ break; \ ++ if (hashmap_get(pdeps, interpreter)) \ ++ continue; \ ++\ ++ char *value = strdup(interpreter); \ ++ if (!value || hashmap_put_strdup_key(deps, interpreter, value) < 0) { \ ++ log_error("ERROR: could not handle interpreter for '%s'", fullsrcpath); \ ++ ret = -1; \ ++ } \ ++ break; \ ++ } \ ++ } \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)&shdr[i] < (char*)map || (char*)&shdr[i] + sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ if ((char *)dyn < (char *)map || (char *)dyn > (char *)map + src_len) \ ++ break; \ ++\ ++ for (Elf##B##_Dyn *d = dyn; ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if ((char *)d < (char *)map || (char *)d + sizeof(Elf##B##_Dyn) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(B, d->d_tag) != DT_NEEDED) \ ++ continue; \ ++\ ++ const char *soname = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ if ((char *)soname < (char *)map || (char *)soname > (char *)map + src_len) \ ++ break; \ ++ if (hashmap_get(pdeps, soname)) \ ++ continue; \ ++\ ++ char* library = find_library(soname, fullsrcpath, src_len, match64, match32); \ ++ if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) { \ ++ log_error("ERROR: could not locate dependency %s requested by '%s'", soname, fullsrcpath); \ ++ ret = -1; \ ++ } \ ++ } \ ++ } \ ++} while (0) ++ ++/* Recursively check the given file for dependencies and install them. pdeps is ++ for dependencies already found in this chain and should initially be NULL. ++ Both ELF binaries and scripts with shebangs are handled. */ ++static int resolve_deps(const char *src, Hashmap *pdeps) + { ++ _cleanup_free_ char *fullsrcpath = NULL; ++ ++ fullsrcpath = get_real_file(src, true); ++ log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); ++ if (!fullsrcpath) ++ return 0; ++ + _cleanup_close_ int fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); + if (fd < 0) { + log_error("ERROR: cannot open '%s': %m", fullsrcpath); +@@ -1164,6 +1095,18 @@ static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap + Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); + int ret = 0; + ++ char *shebang = (char *)map; ++ if (shebang[0] == '#' && shebang[1] == '!') { ++ char *p, *q; ++ for (p = &shebang[2]; *p && isspace(*p); p++) ; ++ for (q = p; *q && (!isspace(*q)); q++) ; ++ char *interpreter = strndup(p, q - p); ++ log_debug("Script install: '%s'", interpreter); ++ ret = dracut_install(interpreter, interpreter, false, true, false); ++ free(interpreter); ++ goto finish; ++ } ++ + unsigned char *e_ident = (unsigned char *)map; + if (e_ident[EI_MAG0] != ELFMAG0 || + e_ident[EI_MAG1] != ELFMAG1 || +@@ -1173,10 +1116,16 @@ static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap + + switch (e_ident[EI_CLASS]) { + case ELFCLASS32: ++ RESOLVE_DEPS_NEEDED_FOR_BITS(32, NULL, ehdr); ++#ifdef HAVE_SYSTEMD + RESOLVE_DEPS_DLOPEN_FOR_BITS(32, NULL, ehdr); ++#endif + break; + case ELFCLASS64: ++ RESOLVE_DEPS_NEEDED_FOR_BITS(64, ehdr, NULL); ++#ifdef HAVE_SYSTEMD + RESOLVE_DEPS_DLOPEN_FOR_BITS(64, ehdr, NULL); ++#endif + break; + default: + log_error("ERROR: '%s' has an unknown ELF class", fullsrcpath); +@@ -1208,27 +1157,6 @@ finish: + return ret; + } + +-#endif +- +-/* Recursively check the given file for dependencies and install them. pdeps is +- for dependencies already found in this chain and should initially be NULL. +- Both ELF binaries and scripts with shebangs are handled. */ +-static int resolve_deps(const char *src, Hashmap *pdeps) +-{ +- _cleanup_free_ char *fullsrcpath = NULL; +- +- fullsrcpath = get_real_file(src, true); +- log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); +- if (!fullsrcpath) +- return 0; +- +- return resolve_deps_ldd(src, fullsrcpath) +-#ifdef HAVE_SYSTEMD +- ?: resolve_deps_dlopen(src, fullsrcpath, pdeps) +-#endif +- ; +-} +- + /* Install "..hmac" file for FIPS self-checks */ + static int hmac_install(const char *src, const char *dst, const char *hmacpath) + { +@@ -1346,7 +1274,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + bool src_islink = false; + bool src_isdir = false; + mode_t src_mode = 0; +- char *i = NULL; ++ char *hash_path = NULL; + const char *src, *dst; + + if (sysrootdirlen) { +@@ -1381,8 +1309,10 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + if (lstat(fullsrcpath, &sb) < 0) { + if (!isdir) { +- i = strdup(src); +- hashmap_put(items_failed, i, i); ++ hash_path = strdup(src); ++ if (!hash_path) ++ return -ENOMEM; ++ hashmap_put(items_failed, hash_path, hash_path); + /* src does not exist */ + return 1; + } +@@ -1392,6 +1322,15 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + src_mode = sb.st_mode; + } + ++ /* The install hasn't succeeded yet, but mark this item as successful ++ now. If it fails once, it will probably fail every time. Doing this ++ could avoid dependency loops, but this is actually handled elsewhere. ++ It also avoids an elusive memory leak detected by valgrind. */ ++ hash_path = strdup(dst); ++ if (!hash_path) ++ return -ENOMEM; ++ hashmap_put(items, hash_path, hash_path); ++ + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + + ret = stat(fulldstpath, &sb); +@@ -1448,15 +1387,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + if (src_isdir) { + log_info("mkdir '%s'", fulldstpath); +- ret = dracut_mkdir(fulldstpath); +- if (ret == 0) { +- i = strdup(dst); +- if (!i) +- return -ENOMEM; +- +- hashmap_put(items, i, i); +- } +- return ret; ++ return dracut_mkdir(fulldstpath); + } + + /* ready to install src */ +@@ -1525,12 +1456,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (ret == 0) { +- i = strdup(dst); +- if (!i) +- return -ENOMEM; +- +- hashmap_put(items, i, i); +- + if (logfile_f) + dracut_log_cp(src); + } +@@ -2848,11 +2773,6 @@ int main(int argc, char **argv) + + log_debug("PATH=%s", path); + +- ldd = getenv("DRACUT_LDD"); +- if (isempty(ldd)) +- ldd = "ldd"; +- log_debug("LDD=%s", ldd); +- + env_no_xattr = getenv("DRACUT_NO_XATTR"); + if (env_no_xattr != NULL) + no_xattr = true; +-- +2.48.1 + + +From 4166b0c62428e0363e54c99d5c6a1748d408305a Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 4 Mar 2025 17:21:27 +0000 +Subject: [PATCH 07/12] feat(dracut-install): add --dry-run option to replace + external ldd usage + +To remove the remaining use of ldd, we need a way to show which +libraries a binary requires. I initially considered adding another small +tool, sharing code with dracut-install, but then I realised that adding +a --dry-run option to dracut-install would also meet that need with a +lot less effort. + +It simply shows what would be installed and doesn't require you to +specify a destination directory. It is similar to the existing --logdir +option, but that cannot log to stdout and includes additional output. + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 65 +++++++++++++++++++++++++----------- + 1 file changed, 46 insertions(+), 19 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index f194532f..46bc0a25 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -72,6 +72,7 @@ static bool arg_silent = false; + static bool arg_all = false; + static bool arg_module = false; + static bool arg_modalias = false; ++static bool arg_dry_run = false; + static bool arg_resolvelazy = false; + static bool arg_resolvedeps = false; + static bool arg_hostonly = false; +@@ -294,6 +295,9 @@ static char *convert_abs_rel(const char *from, const char *target) + + static int ln_r(const char *src, const char *dst) + { ++ if (arg_dry_run) ++ return 0; ++ + int ret; + _cleanup_free_ const char *points_to = convert_abs_rel(src, dst); + +@@ -373,6 +377,9 @@ static bool use_clone = true; + + static int cp(const char *src, const char *dst) + { ++ if (arg_dry_run) ++ return 0; ++ + pid_t pid; + int ret = 0; + +@@ -1189,6 +1196,9 @@ static int hmac_install(const char *src, const char *dst, const char *hmacpath) + + void mark_hostonly(const char *path) + { ++ if (arg_dry_run) ++ return; ++ + _cleanup_free_ char *fulldstpath = NULL; + _cleanup_fclose_ FILE *f = NULL; + +@@ -1226,6 +1236,9 @@ static bool check_hashmap(Hashmap *hm, const char *item) + + static int dracut_mkdir(const char *src) + { ++ if (arg_dry_run) ++ return 0; ++ + _cleanup_free_ char *parent = NULL; + char *path; + struct stat sb; +@@ -1333,7 +1346,8 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + +- ret = stat(fulldstpath, &sb); ++ errno = ENOENT; ++ ret = arg_dry_run ? -1 : stat(fulldstpath, &sb); + + if (ret == 0) { + if (src_isdir && !S_ISDIR(sb.st_mode)) { +@@ -1362,7 +1376,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + return 1; + } + +- ret = access(fulldstdir, F_OK); ++ ret = arg_dry_run ? 0 : access(fulldstdir, F_OK); + + if (ret < 0) { + _cleanup_free_ char *dname = NULL; +@@ -1405,12 +1419,12 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + return 1; + } + +- if (faccessat(AT_FDCWD, abspath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ if (!arg_dry_run && faccessat(AT_FDCWD, abspath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { + log_debug("lstat '%s': %m", abspath); + return 1; + } + +- if (faccessat(AT_FDCWD, fulldstpath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ if (!arg_dry_run && faccessat(AT_FDCWD, fulldstpath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { + _cleanup_free_ char *absdestpath = NULL; + + _asprintf(&absdestpath, "%s/%s", destrootdir, +@@ -1456,6 +1470,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (ret == 0) { ++ if (arg_dry_run) ++ puts(src); ++ + if (logfile_f) + dracut_log_cp(src); + } +@@ -1486,6 +1503,7 @@ static void usage(int status) + " -d --dir SOURCE is a directory\n" + " -l --ldd Also install shebang executables and libraries\n" + " -L --logdir Log files, which were installed from the host to \n" ++ " -n --dry-run Don't actually copy files, just show what would be installed\n" + " -R --resolvelazy Only install shebang executables and libraries\n" + " for all SOURCE files\n" + " -H --hostonly Mark all SOURCE files as hostonly\n\n" +@@ -1557,6 +1575,7 @@ static int parse_argv(int argc, char *argv[]) + {"kerneldir", required_argument, NULL, ARG_KERNELDIR}, + {"firmwaredirs", required_argument, NULL, ARG_FIRMWAREDIRS}, + {"json-supported", no_argument, NULL, ARG_JSON_SUPPORTED}, ++ {"dry-run", no_argument, NULL, 'n'}, + {NULL, 0, NULL, 0} + }; + +@@ -1668,6 +1687,9 @@ static int parse_argv(int argc, char *argv[]) + puts("JSON is not supported"); + return -1; + #endif ++ case 'n': ++ arg_dry_run = true; ++ break; + default: + usage(EXIT_FAILURE); + } +@@ -2781,24 +2803,28 @@ int main(int argc, char **argv) + + umask(0022); + +- if (destrootdir == NULL || strlen(destrootdir) == 0) { +- destrootdir = getenv("DESTROOTDIR"); ++ if (arg_dry_run) { ++ destrootdir = "/nonexistent"; ++ } else { + if (destrootdir == NULL || strlen(destrootdir) == 0) { +- log_error("Environment DESTROOTDIR or argument -D is not set!"); +- usage(EXIT_FAILURE); ++ destrootdir = getenv("DESTROOTDIR"); ++ if (destrootdir == NULL || strlen(destrootdir) == 0) { ++ log_error("Environment DESTROOTDIR or argument -D is not set!"); ++ usage(EXIT_FAILURE); ++ } + } +- } + +- if (strcmp(destrootdir, "/") == 0) { +- log_error("Environment DESTROOTDIR or argument -D is set to '/'!"); +- usage(EXIT_FAILURE); +- } ++ if (strcmp(destrootdir, "/") == 0) { ++ log_error("Environment DESTROOTDIR or argument -D is set to '/'!"); ++ usage(EXIT_FAILURE); ++ } + +- i = destrootdir; +- if (!(destrootdir = realpath(i, NULL))) { +- log_error("Environment DESTROOTDIR or argument -D is set to '%s': %m", i); +- r = EXIT_FAILURE; +- goto finish2; ++ i = destrootdir; ++ if (!(destrootdir = realpath(i, NULL))) { ++ log_error("Environment DESTROOTDIR or argument -D is set to '%s': %m", i); ++ r = EXIT_FAILURE; ++ goto finish2; ++ } + } + + items = hashmap_new(string_hash_func, string_compare_func); +@@ -2853,7 +2879,8 @@ int main(int argc, char **argv) + r = EXIT_SUCCESS; + + finish1: +- free(destrootdir); ++ if (!arg_dry_run) ++ free(destrootdir); + finish2: + if (!arg_kerneldir) + free(kerneldir); +-- +2.48.1 + + +From 6cdb49857ff1c9f798e35eded3673bd0a6e2c349 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 5 Mar 2025 11:53:18 +0000 +Subject: [PATCH 08/12] feat(dracut): replace ldd with dracut-install --dry-run + or header check + +One instance checks whether */lib64/* is used by /bin/sh and another +checks whether libusb is used by scdaemon. These can be handled by the +new dracut-install --dry-run option. + +find_binary currently uses ldd to check whether a given *.so* is a valid +ELF. ldd exits successfully even when libraries are missing, so it is +sufficient to replace this check with one that looks at the first 4 +bytes. + +Closes: https://github.com/dracut-ng/dracut-ng/issues/338 +Closes: https://github.com/dracut-ng/dracut-ng/issues/1257 +Signed-off-by: James Le Cuirot +--- + dracut-functions.sh | 10 ++++- + dracut-init.sh | 63 ++++++++++++--------------- + man/dracut.8.adoc | 7 --- + modules.d/91crypt-gpg/module-setup.sh | 2 +- + 4 files changed, 36 insertions(+), 46 deletions(-) + +diff --git a/dracut-functions.sh b/dracut-functions.sh +index 94f0228f..e6b8e958 100755 +--- a/dracut-functions.sh ++++ b/dracut-functions.sh +@@ -44,6 +44,12 @@ trim() { + printf "%s" "$var" + } + ++# is_elf ++# Returns success if the given path is an ELF. Only checks the first 4 bytes. ++is_elf() { ++ [[ $(head --bytes=4 "$1") == $'\x7fELF' ]] ++} ++ + # find a binary. If we were not passed the full path directly, + # search in the usual places to find the binary. + find_binary() { +@@ -56,13 +62,13 @@ find_binary() { + if [[ $1 == *.so* ]]; then + for l in $libdirs; do + _path="${l}${_delim}${1}" +- if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &> /dev/null; }; then ++ if is_elf "${dracutsysrootdir}${_path}"; then + printf "%s\n" "${_path}" + return 0 + fi + done + _path="${_delim}${1}" +- if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &> /dev/null; }; then ++ if is_elf "${dracutsysrootdir}${_path}"; then + printf "%s\n" "${_path}" + return 0 + fi +diff --git a/dracut-init.sh b/dracut-init.sh +index de3ae324..cd821163 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -78,7 +78,6 @@ export srcmods + export hookdirs + } + +-DRACUT_LDD=${DRACUT_LDD:-ldd} + DRACUT_TESTBIN=${DRACUT_TESTBIN:-/bin/sh} + DRACUT_LDCONFIG=${DRACUT_LDCONFIG:-ldconfig} + PKG_CONFIG=${PKG_CONFIG:-pkg-config} +@@ -86,9 +85,35 @@ PKG_CONFIG=${PKG_CONFIG:-pkg-config} + # shellcheck source=./dracut-functions.sh + . "$dracutbasedir"/dracut-functions.sh + ++if ! [[ $DRACUT_INSTALL ]]; then ++ DRACUT_INSTALL=$(find_binary dracut-install) ++fi ++ ++if ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/dracut-install ]]; then ++ DRACUT_INSTALL=$dracutbasedir/dracut-install ++elif ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/src/install/dracut-install ]]; then ++ DRACUT_INSTALL=$dracutbasedir/src/install/dracut-install ++fi ++ ++# Test if dracut-install is a standalone executable with no options. ++# E.g. DRACUT_INSTALL may be set externally as: ++# DRACUT_INSTALL="valgrind dracut-install" ++# or ++# DRACUT_INSTALL="dracut-install --debug" ++# in which case the string cannot be tested for being executable. ++DRINSTALLPARTS=0 ++for i in $DRACUT_INSTALL; do ++ DRINSTALLPARTS=$((DRINSTALLPARTS + 1)) ++done ++ ++if [[ $DRINSTALLPARTS == 1 ]] && ! command -v "$DRACUT_INSTALL" > /dev/null 2>&1; then ++ dfatal "dracut-install not found!" ++ exit 10 ++fi ++ + # Detect lib paths + if ! [[ $libdirs ]]; then +- if [[ $("$DRACUT_LDD" "$dracutsysrootdir$DRACUT_TESTBIN") == */lib64/* ]] &> /dev/null \ ++ if [[ $($DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} --dry-run -R "$DRACUT_TESTBIN") == */lib64/* ]] &> /dev/null \ + && [[ -d $dracutsysrootdir/lib64 ]]; then + libdirs+=" /lib64" + [[ -d $dracutsysrootdir/usr/lib64 ]] && libdirs+=" /usr/lib64" +@@ -105,14 +130,6 @@ if ! [[ $libdirs ]]; then + export libdirs + fi + +-# ldd needs LD_LIBRARY_PATH pointing to the libraries within the sysroot directory +-if [[ -n $dracutsysrootdir ]]; then +- for lib in $libdirs; do +- LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+"$LD_LIBRARY_PATH":}$dracutsysrootdir$lib" +- done +- export LD_LIBRARY_PATH +-fi +- + # helper function for check() in module-setup.sh + # to check for required installed binaries + # issues a standardized warning message +@@ -205,32 +222,6 @@ dracut_module_path() { + return 1 + } + +-if ! [[ $DRACUT_INSTALL ]]; then +- DRACUT_INSTALL=$(find_binary dracut-install) +-fi +- +-if ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/dracut-install ]]; then +- DRACUT_INSTALL=$dracutbasedir/dracut-install +-elif ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/src/install/dracut-install ]]; then +- DRACUT_INSTALL=$dracutbasedir/src/install/dracut-install +-fi +- +-# Test if dracut-install is a standalone executable with no options. +-# E.g. DRACUT_INSTALL may be set externally as: +-# DRACUT_INSTALL="valgrind dracut-install" +-# or +-# DRACUT_INSTALL="dracut-install --debug" +-# in which case the string cannot be tested for being executable. +-DRINSTALLPARTS=0 +-for i in $DRACUT_INSTALL; do +- DRINSTALLPARTS=$((DRINSTALLPARTS + 1)) +-done +- +-if [[ $DRINSTALLPARTS == 1 ]] && ! command -v "$DRACUT_INSTALL" > /dev/null 2>&1; then +- dfatal "dracut-install not found!" +- exit 10 +-fi +- + if [[ $hostonly == "-h" ]]; then + if ! [[ $DRACUT_KERNEL_MODALIASES ]] || ! [[ -f $DRACUT_KERNEL_MODALIASES ]]; then + export DRACUT_KERNEL_MODALIASES="${DRACUT_TMPDIR}/modaliases" +diff --git a/man/dracut.8.adoc b/man/dracut.8.adoc +index ba33ab19..1dd6ae76 100644 +--- a/man/dracut.8.adoc ++++ b/man/dracut.8.adoc +@@ -648,13 +648,6 @@ _DRACUT_LDCONFIG_:: + Default: + _ldconfig_ + +-_DRACUT_LDD_:: +- sets the _ldd_ program path and options. Optional. +- Used for **--sysroot**. +-+ +-Default: +- _ldd_ +- + _PKG_CONFIG_:: + sets the _pkg-config_ program path and options. Optional. + Most useful together with **--sysroot**. +diff --git a/modules.d/91crypt-gpg/module-setup.sh b/modules.d/91crypt-gpg/module-setup.sh +index 501869a2..df4c2c52 100755 +--- a/modules.d/91crypt-gpg/module-setup.sh ++++ b/modules.d/91crypt-gpg/module-setup.sh +@@ -57,7 +57,7 @@ sc_supported() { + if [[ ${gpgMajor} -gt 2 || ${gpgMajor} -eq 2 && ${gpgMinor} -ge 1 ]] \ + && require_binaries gpg-agent \ + && require_binaries gpg-connect-agent \ +- && ($DRACUT_LDD "${dracutsysrootdir}${scdaemon}" | grep libusb > /dev/null); then ++ && [[ $($DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} --dry-run -R "${scdaemon}") == *libusb* ]]; then + return 0 + else + return 1 +-- +2.48.1 + + +From b52ce3eb8996efac35b6ecc883c184de003fa6c8 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 26 Mar 2025 13:02:35 +0000 +Subject: [PATCH 09/12] feat(dracut): allow users to choose which dlopen + dependencies they want + +Handling dlopen dependencies is nice, but installing these +unconditionally will install more than before rather than less, leading +to bigger images and unhappy users. + +This introduces the add_dlopen_features and omit_dlopen_features +configuration options. Modules that are successfully loaded set the +default set of features to add_dlopen_features in the config() function. +Users can request additional features by appending to this variable. +They can also omit features by appending to omit_dlopen_features, which +takes precedence. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 51 +++-- + dracut.sh | 10 + + man/dracut.conf.5.adoc | 13 ++ + modules.d/00systemd/module-setup.sh | 5 + + modules.d/01systemd-bsod/module-setup.sh | 5 + + modules.d/01systemd-coredump/module-setup.sh | 5 + + .../01systemd-integritysetup/module-setup.sh | 5 + + modules.d/01systemd-journald/module-setup.sh | 5 + + .../01systemd-veritysetup/module-setup.sh | 5 + + src/install/dracut-install.c | 182 +++++++++++++++++- + 10 files changed, 266 insertions(+), 20 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index cd821163..d650fac8 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -674,6 +674,15 @@ inst_opt_decompress() { + done + } + ++module_functions=( ++ check ++ depends ++ cmdline ++ config ++ install ++ installkernel ++) ++ + # module_check [] [] + # execute the check() function of module-setup.sh of + # or the "check" script, if module-setup.sh is not found +@@ -686,7 +695,7 @@ module_check() { + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [ $# -ge 2 ] && _forced=$2 + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + check() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh +@@ -696,7 +705,7 @@ module_check() { + # shellcheck disable=SC2086 + moddir="$_moddir" check $hostonly + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + hostonly=$_hostonly + return $_ret + } +@@ -711,13 +720,13 @@ module_check_mount() { + export mount_needs=1 + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + check() { false; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir=$_moddir check 0 + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + unset mount_needs + return "$_ret" + } +@@ -730,13 +739,13 @@ module_depends() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + depends() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir=$_moddir depends + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -748,13 +757,31 @@ module_cmdline() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + cmdline() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" cmdline + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" ++ return $_ret ++} ++ ++# module_config [] ++# execute the config() function of module-setup.sh of ++# or the "config" script, if module-setup.sh is not found ++module_config() { ++ local _moddir=$2 ++ local _ret ++ [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") ++ [[ -f $_moddir/module-setup.sh ]] || return 1 ++ unset "${module_functions[@]}" ++ config() { true; } ++ # shellcheck disable=SC1090 ++ . "$_moddir"/module-setup.sh ++ moddir="$_moddir" config ++ _ret=$? ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -766,13 +793,13 @@ module_install() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + install() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" install + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -784,13 +811,13 @@ module_installkernel() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + installkernel() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" installkernel + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +diff --git a/dracut.sh b/dracut.sh +index 75d92738..737bf58c 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -927,6 +927,9 @@ export DRACUT_LOG_LEVEL=warning + + [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut + ++# These config variables needs to be exported for dracut-install. ++export add_dlopen_features="" omit_dlopen_features="" ++ + # if we were not passed a config file, try the default one + if [[ -z $conffile ]]; then + if [[ $allowlocal ]]; then +@@ -2007,6 +2010,13 @@ dracut_module_included "squash-lib" && mkdir -p "$squashdir" + + _isize=0 #initramfs size + modules_loaded=" " ++# Allow all modules to update the config. Do this before installing anything. ++for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do ++ _d_mod=${moddir##*/} ++ _d_mod=${_d_mod#[0-9][0-9]} ++ [[ $mods_to_load == *\ $_d_mod\ * ]] || continue ++ module_config "$_d_mod" "$moddir" ++done + # source our modules. + for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do + _d_mod=${moddir##*/} +diff --git a/man/dracut.conf.5.adoc b/man/dracut.conf.5.adoc +index ae8a6903..5a282853 100644 +--- a/man/dracut.conf.5.adoc ++++ b/man/dracut.conf.5.adoc +@@ -75,6 +75,19 @@ This option forces dracut to only include the specified kernel modules. + In most cases the "--add-drivers" option is what you want to use. + This option is not recommended to use (use at your own risk). + ++*add_dlopen_features+=*" __:__[__,__...] ... ":: ++Specify a space-separated list of binaries matching _pattern_ against a ++comma-separated list of features to install dependencies for. For example, ++"libsystemd-shared-*.so:idn,ip4tc" will install the dependencies for systemd's ++international domain name and iptables support. _pattern_ should match the ++soname for libraries or the filename for executables. ++ ++*omit_dlopen_features+=*" __:__[__,__...] ... ":: ++Specify a space-separated list of binaries matching _pattern_ against a ++comma-separated list of features to omit dependencies for. Some dracut modules ++add certain features by default. This takes precedence over add_dlopen_features ++above. ++ + *filesystems+=*" ____ ":: + Specify a space-separated list of kernel filesystem modules to exclusively + include in the generic initramfs. +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 747f09f0..1506f64f 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -14,6 +14,11 @@ check() { + return 255 + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:kmod " ++} ++ + installkernel() { + hostonly='' instmods autofs4 ipv6 dmi-sysfs + instmods -s efivarfs +diff --git a/modules.d/01systemd-bsod/module-setup.sh b/modules.d/01systemd-bsod/module-setup.sh +index cf562ca6..f702792c 100755 +--- a/modules.d/01systemd-bsod/module-setup.sh ++++ b/modules.d/01systemd-bsod/module-setup.sh +@@ -19,6 +19,11 @@ depends() { + return 0 + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:qrencode " ++} ++ + # Install the required file(s) for the module in the initramfs. + install() { + inst_multiple \ +diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh +index 3083f851..4014b074 100755 +--- a/modules.d/01systemd-coredump/module-setup.sh ++++ b/modules.d/01systemd-coredump/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:lz4,lzma,zstd " ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index 804b856e..aba99371 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:cryptsetup " ++} ++ + # Install kernel module(s). + installkernel() { + instmods dm-integrity +diff --git a/modules.d/01systemd-journald/module-setup.sh b/modules.d/01systemd-journald/module-setup.sh +index 9f546d1a..807c7ab3 100755 +--- a/modules.d/01systemd-journald/module-setup.sh ++++ b/modules.d/01systemd-journald/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:gcrypt,lz4,lzma,zstd " ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index e3b95303..1f0c0355 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:cryptsetup " ++} ++ + # Install kernel module(s). + installkernel() { + instmods dm-verity +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 46bc0a25..0f431a40 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -94,6 +94,9 @@ static Hashmap *modules_loaded = NULL; + static Hashmap *modules_suppliers = NULL; + static Hashmap *processed_suppliers = NULL; + static Hashmap *modalias_to_kmod = NULL; ++static Hashmap *add_dlopen_features = NULL; ++static Hashmap *omit_dlopen_features = NULL; ++static Hashmap *dlopen_features[2] = {NULL}; + static regex_t mod_filter_path; + static regex_t mod_filter_nopath; + static regex_t mod_filter_symbol; +@@ -913,11 +916,14 @@ static char *find_library(const char *soname, const char *src, size_t src_len, c + + /* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) + in the given note index and find each dependent library, ensuring it matches +- the given (64 or 32 bit) ELF header. Each library found is added to deps. +- Dependencies already found in this chain must be given in pdeps. Failure to +- parse the JSON or find a library is considered non-fatal. */ +-static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *fullsrcpath, size_t src_len, +- const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++ the given (64 or 32 bit) ELF header. Dependencies are skipped if the ++ corresponding feature is present in omit_dlopen_features or missing from ++ add_dlopen_features. Those hashmaps are keyed by wildcard patterns, which are ++ compared against the source's soname or filename. Each library found is added ++ to deps. Dependencies already found in this chain must be given in pdeps. ++ Failure to parse the JSON or find a library is considered non-fatal. */ ++static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *src_soname, char *fullsrcpath, ++ size_t src_len, const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) + { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *dlopen_json = NULL; + if (sd_json_parse(json, 0, &dlopen_json, NULL, NULL) != 0 || !sd_json_variant_is_array(dlopen_json)) { +@@ -927,6 +933,28 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + + for (size_t entry_idx = 0; entry_idx < sd_json_variant_elements(dlopen_json); entry_idx++) { + sd_json_variant *entry = sd_json_variant_by_index(dlopen_json, entry_idx); ++ sd_json_variant *feature_json = sd_json_variant_by_key(entry, "feature"); ++ ++ if (feature_json && sd_json_variant_is_string(feature_json)) { ++ const char *feature = sd_json_variant_string(feature_json); ++ const char *name = src_soname ?: basename(fullsrcpath); ++ ++ Iterator i; ++ char ***features; ++ const char *pattern; ++ HASHMAP_FOREACH_KEY(features, pattern, omit_dlopen_features, i) { ++ if (fnmatch(pattern, name, 0) == 0 && strv_contains(*features, feature)) ++ goto skip; ++ } ++ int skip = 1; ++ HASHMAP_FOREACH_KEY(features, pattern, add_dlopen_features, i) { ++ if (fnmatch(pattern, name, 0) == 0 && strv_contains(*features, feature)) ++ skip = 0; ++ } ++ if (skip) ++ goto skip; ++ } ++ + sd_json_variant *sonames = sd_json_variant_by_key(entry, "soname"); + if (!sonames || !sd_json_variant_is_array(sonames)) { + log_warning("WARNING: soname array missing from .note.dlopen entry #%zd.%zd in '%s'", note_idx, entry_idx, fullsrcpath); +@@ -949,6 +977,7 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) + log_warning("WARNING: could not locate dlopen dependency %s requested by '%s'", soname, fullsrcpath); + } ++skip: + } + } + +@@ -956,7 +985,32 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + 64 or 32 bit, check .note.dlopen entries for dependencies. See above. */ + #define RESOLVE_DEPS_DLOPEN_FOR_BITS(B, match64, match32) do { \ + PARSE_ELF_START(B, map); \ ++ const char *soname = NULL; \ + size_t note_idx = -1; \ ++\ ++ for (size_t i = 0; !soname && i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)&shdr[i] < (char*)map || (char*)&shdr[i] + sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ if ((char *)dyn < (char *)map || (char *)dyn > (char *)map + src_len) \ ++ break; \ ++\ ++ for (Elf##B##_Dyn *d = dyn; !soname && ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if ((char *)d < (char *)map || (char *)d + sizeof(Elf##B##_Dyn) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(B, d->d_tag) != DT_SONAME) \ ++ continue; \ ++\ ++ soname = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ if ((char *)soname < (char *)map || (char *)soname > (char *)map + src_len) { \ ++ soname = NULL; \ ++ break; \ ++ } \ ++ } \ ++ } \ + \ + for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ + if ((char*)shdr + i * sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ +@@ -986,7 +1040,7 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + continue; \ + \ + note_idx++; \ +- resolve_deps_dlopen_parse_json(pdeps, deps, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ ++ resolve_deps_dlopen_parse_json(pdeps, deps, soname, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ + } \ + } \ + } while (0) +@@ -1102,6 +1156,11 @@ static int resolve_deps(const char *src, Hashmap *pdeps) + Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); + int ret = 0; + ++ if (!ndeps || !deps) { ++ ret = -1; ++ goto finish; ++ } ++ + char *shebang = (char *)map; + if (shebang[0] == '#' && shebang[1] == '!') { + char *p, *q; +@@ -1139,8 +1198,10 @@ static int resolve_deps(const char *src, Hashmap *pdeps) + ret = -1; + } + +- if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) ++ if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) { ++ ret = -1; + goto finish; ++ } + + char *key, *library; + Iterator i; +@@ -2751,6 +2812,87 @@ static int install_modules(int argc, char **argv) + return EXIT_SUCCESS; + } + ++/* Parse the add_dlopen_features and omit_dlopen_features environment variables, ++ and store their contents in the corresponding char* -> char*** hashmaps. Each ++ variable holds multiple entries, separated by whitespace, and each entry ++ takes the form "libfoo.so.*:feature1,feature2". */ ++static int parse_dlopen_features() ++{ ++ const char *add_env = getenv("add_dlopen_features"); ++ const char *omit_env = getenv("omit_dlopen_features"); ++ const char *envs[] = {add_env, omit_env}; ++ char **features_array; ++ ++ for (size_t i = 0; i < 2; i++) { ++ if (!envs[i]) ++ continue; ++ ++ /* We cannot let strtok modify the environment. */ ++ _cleanup_free_ char *env_copy = strdup(envs[i]); ++ if (!env_copy) ++ return -ENOMEM; ++ ++ for (char *token = strtok(env_copy, " \t\n"); token; token = strtok(NULL, " \t\n")) { ++ char *colon = strchr(token, ':'); ++ if (!colon) { ++ log_warning("Invalid format in dlopen features: '%s'", token); ++ continue; ++ } ++ ++ *colon = '\0'; ++ const char *key = token; ++ const char *features = colon + 1; ++ ++ features_array = strv_split(features, ","); ++ if (!features_array) ++ return -ENOMEM; ++ ++ /* There may be entries with the same name/pattern. */ ++ char ***existing = hashmap_get(dlopen_features[i], key); ++ ++ if (existing) { ++ char **feature; ++ STRV_FOREACH(feature, features_array) { ++ /* Free feature if already present. */ ++ if (strv_contains(*existing, *feature)) ++ free(*feature); ++ /* Otherwise push onto existing array ++ without duplicating the string. */ ++ else if (strv_push(existing, *feature) == -ENOMEM) ++ goto oom; ++ } ++ /* All features have been freed or pushed to the ++ existing array, so just free array itself. */ ++ free(features_array); ++ } else { ++ /* The hashmaps store strvs as char*** rather ++ than char** because strv_push above calls ++ realloc. The latter would then leave the ++ hashmap with a stale pointer. */ ++ char ***features_arrayp = (char ***) malloc(sizeof(char ***)); ++ char *nkey = strdup(key); ++ if (!features_arrayp || !nkey) { ++ free(features_arrayp); ++ goto oom; ++ } ++ *features_arrayp = features_array; ++ if (hashmap_put(dlopen_features[i], nkey, features_arrayp) == -ENOMEM) { ++ free(features_arrayp); ++ free(nkey); ++ goto oom; ++ } ++ } ++ } ++ } ++ ++ return 0; ++ ++oom: ++ log_error("Out of memory"); ++ strv_free(features_array); ++ return -ENOMEM; ++} ++ + int main(int argc, char **argv) + { + int r; +@@ -2832,7 +2974,11 @@ int main(int argc, char **argv) + processed_suppliers = hashmap_new(string_hash_func, string_compare_func); + modalias_to_kmod = hashmap_new(string_hash_func, string_compare_func); + +- if (!items || !items_failed || !processed_suppliers || !modules_loaded) { ++ dlopen_features[0] = add_dlopen_features = hashmap_new(string_hash_func, string_compare_func); ++ dlopen_features[1] = omit_dlopen_features = hashmap_new(string_hash_func, string_compare_func); ++ ++ if (!items || !items_failed || !processed_suppliers || !modules_loaded || ++ !add_dlopen_features || !omit_dlopen_features) { + log_error("Out of memory"); + r = EXIT_FAILURE; + goto finish1; +@@ -2864,6 +3010,11 @@ int main(int argc, char **argv) + } + } + ++ if (parse_dlopen_features() < 0) { ++ r = EXIT_FAILURE; ++ goto finish1; ++ } ++ + if (arg_module) { + r = install_modules(argc - optind, &argv[optind]); + } else if (arg_resolvelazy) { +@@ -2908,6 +3059,21 @@ finish2: + while ((i = hashmap_steal_first(processed_suppliers))) + item_free(i); + ++ for (size_t j = 0; j < 2; j++) { ++ char ***array; ++ Iterator it; ++ ++ HASHMAP_FOREACH(array, dlopen_features[j], it) { ++ strv_free(*array); ++ free(array); ++ } ++ ++ while ((i = hashmap_steal_first_key(dlopen_features[j]))) ++ item_free(i); ++ ++ hashmap_free(dlopen_features[j]); ++ } ++ + /* + * Note: modalias_to_kmod's values are freed implicitly by the kmod context destruction + * in kmod_unref(). +-- +2.48.1 + + +From 4cba538e9218b33c068f9a7ac463133152e0b9b4 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Fri, 14 Mar 2025 14:08:00 +0000 +Subject: [PATCH 10/12] fix: add $dracutsysrootdir to paths where it should be + present + +inst_simpl is sometimes called with the sysroot (particular via moddir) +and sometimes without. dracut-install knows how to handle this, so the +inst_simpl existence check needs to handle it too. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 8 ++++++-- + dracut.sh | 2 +- + modules.d/01systemd-cryptsetup/module-setup.sh | 2 +- + modules.d/01systemd-sysext/module-setup.sh | 2 +- + modules.d/03modsign/module-setup.sh | 2 +- + modules.d/95iscsi/module-setup.sh | 2 +- + 6 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index d650fac8..394ad658 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -267,7 +267,11 @@ inst_simple() { + shift + fi + [[ -e ${dstdir}/"${2:-$1}" ]] && return 0 # already there +- [[ -e $1 ]] || return 1 # no source ++ if [[ $1 == /* ]]; then ++ [[ -e $dracutsysrootdir/${1#"$dracutsysrootdir"} ]] || return 1 # no source ++ else ++ [[ -e $1 ]] || return 1 # no source ++ fi + if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"; then + return 0 + else +@@ -526,7 +530,7 @@ build_ld_cache() { + local dstdir="${dstdir:-"$initdir"}" + + for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do +- [[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}" ++ [[ -f $f ]] && inst_simple "${f}" + done + if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then + if [[ $EUID == 0 ]]; then +diff --git a/dracut.sh b/dracut.sh +index 737bf58c..58fe08c5 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1114,7 +1114,7 @@ drivers_dir="${drivers_dir%"${drivers_dir##*[!/]}"}" + [[ $ro_mnt_l ]] && ro_mnt="yes" + [[ $early_microcode_l ]] && early_microcode=$early_microcode_l + [[ $early_microcode ]] || early_microcode=yes +-[[ $early_microcode_image_dir ]] || early_microcode_image_dir=('/boot') ++[[ $early_microcode_image_dir ]] || early_microcode_image_dir=("$dracutsysrootdir"/boot) + [[ $early_microcode_image_name ]] \ + || early_microcode_image_name=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') + [[ $logfile_l ]] && logfile="$logfile_l" +diff --git a/modules.d/01systemd-cryptsetup/module-setup.sh b/modules.d/01systemd-cryptsetup/module-setup.sh +index 023c65d1..dd8618a2 100755 +--- a/modules.d/01systemd-cryptsetup/module-setup.sh ++++ b/modules.d/01systemd-cryptsetup/module-setup.sh +@@ -70,7 +70,7 @@ install() { + _luksfile="/run/cryptsetup-keys.d/$_mapper.key" + fi + +- find "$systemdsystemunitdir" "$systemdsystemconfdir" -type f -name "*.socket" | while read -r socket_unit; do ++ find "$dracutsysrootdir$systemdsystemunitdir" "$dracutsysrootdir$systemdsystemconfdir" -type f -name "*.socket" | while read -r socket_unit; do + # systemd-cryptsetup utility only supports SOCK_STREAM (ListenStream) sockets, so we ignore + # other types like SOCK_DGRAM (ListenDatagram), SOCK_SEQPACKET (ListenSequentialPacket), etc. + if ! grep -E -q "^ListenStream\s*=\s*$_luksfile$" "$socket_unit"; then +diff --git a/modules.d/01systemd-sysext/module-setup.sh b/modules.d/01systemd-sysext/module-setup.sh +index 379d0aa1..cc52d855 100755 +--- a/modules.d/01systemd-sysext/module-setup.sh ++++ b/modules.d/01systemd-sysext/module-setup.sh +@@ -29,7 +29,7 @@ install() { + local _suffix= + + # systemd >= v258 +- [[ -e "$systemdsystemunitdir"/systemd-sysext-initrd.service ]] && _suffix="-initrd" ++ [[ -e "$dracutsysrootdir$systemdsystemunitdir"/systemd-sysext-initrd.service ]] && _suffix="-initrd" + + # It's intended to work only with raw binary disk images contained in + # regular files, but not with directory trees. +diff --git a/modules.d/03modsign/module-setup.sh b/modules.d/03modsign/module-setup.sh +index 7a22a752..7fffad83 100755 +--- a/modules.d/03modsign/module-setup.sh ++++ b/modules.d/03modsign/module-setup.sh +@@ -28,6 +28,6 @@ install() { + + for x in "$dracutsysrootdir"/lib/modules/keys/*; do + [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && break +- inst_simple "${x#"$dracutsysrootdir"}" ++ inst_simple "${x}" + done + } +diff --git a/modules.d/95iscsi/module-setup.sh b/modules.d/95iscsi/module-setup.sh +index 3bb9a63d..ba57dbbe 100755 +--- a/modules.d/95iscsi/module-setup.sh ++++ b/modules.d/95iscsi/module-setup.sh +@@ -220,7 +220,7 @@ install() { + "$systemdsystemunitdir"/iscsiuio.socket \ + "$systemdsystemunitdir"/sockets.target.wants/iscsid.socket \ + "$systemdsystemunitdir"/sockets.target.wants/iscsiuio.socket +- if grep -q '^ExecStartPre=/usr/lib/open-iscsi/startup-checks.sh$' "$systemdsystemunitdir/iscsid.service"; then ++ if grep -q '^ExecStartPre=/usr/lib/open-iscsi/startup-checks.sh$' "$dracutsysrootdir$systemdsystemunitdir/iscsid.service"; then + inst_simple /usr/lib/open-iscsi/startup-checks.sh + fi + +-- +2.48.1 + + +From 03c766c1e93026e4a454a56ccf87d6aba39d903d Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 1 Apr 2025 11:51:19 +0100 +Subject: [PATCH 11/12] fix: don't use command -v to find binaries in the + sysroot + +If the binaries were missing outside the sysroot, "" was passed to +dracut-install, which then created an empty directory instead! + +dracut-install will automatically search the sysroot for a named binary +if it is given without a path anyway. + +Signed-off-by: James Le Cuirot +--- + modules.d/90btrfs/module-setup.sh | 2 +- + modules.d/90dmraid/module-setup.sh | 2 +- + modules.d/90mdraid/module-setup.sh | 4 ++-- + modules.d/90multipath/module-setup.sh | 4 ++-- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh +index 80bba155..fbf3c1db 100755 +--- a/modules.d/90btrfs/module-setup.sh ++++ b/modules.d/90btrfs/module-setup.sh +@@ -56,5 +56,5 @@ install() { + fi + + inst_multiple -o btrfsck btrfs-zero-log btrfstune +- inst "$(command -v btrfs)" /sbin/btrfs ++ inst btrfs /sbin/btrfs + } +diff --git a/modules.d/90dmraid/module-setup.sh b/modules.d/90dmraid/module-setup.sh +index 482ae96a..e7c6be60 100755 +--- a/modules.d/90dmraid/module-setup.sh ++++ b/modules.d/90dmraid/module-setup.sh +@@ -73,7 +73,7 @@ install() { + + inst_multiple dmraid + inst_multiple -o kpartx +- inst "$(command -v partx)" /sbin/partx ++ inst partx /sbin/partx + + inst "$moddir/dmraid.sh" /sbin/dmraid_scan + +diff --git a/modules.d/90mdraid/module-setup.sh b/modules.d/90mdraid/module-setup.sh +index b0ab8411..0d0a57f6 100755 +--- a/modules.d/90mdraid/module-setup.sh ++++ b/modules.d/90mdraid/module-setup.sh +@@ -67,8 +67,8 @@ cmdline() { + install() { + inst_multiple cat expr + inst_multiple -o mdmon +- inst "$(command -v partx)" /sbin/partx +- inst "$(command -v mdadm)" /sbin/mdadm ++ inst partx /sbin/partx ++ inst mdadm /sbin/mdadm + + if [[ $hostonly_cmdline == "yes" ]]; then + local _raidconf +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index 5a7f91fa..a16313c0 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -61,7 +61,7 @@ installkernel() { + } + + mpathconf_installed() { +- command -v mpathconf &> /dev/null ++ find_binary mpathconf &> /dev/null + } + + # called by dracut +@@ -136,7 +136,7 @@ EOF + } + } + +- inst "$(command -v partx)" /sbin/partx ++ inst partx /sbin/partx + + inst_libdir_file "libmultipath*" "multipath/*" + inst_libdir_file 'libgcc_s.so*' +-- +2.48.1 + + +From 1ceb679410a75c8d245e692471aa5d7fa16df7b7 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 10 Apr 2025 11:37:01 +0100 +Subject: [PATCH 12/12] fix(systemd-cryptsetup): don't pull in + fido2/pkcs11/tpm2-tss if omitted + +These modules have some large dependencies. Allow users to explicitly +omit them if desired. Other modules like systemd-udevd also do this. + +Signed-off-by: James Le Cuirot +--- + modules.d/01systemd-cryptsetup/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/01systemd-cryptsetup/module-setup.sh b/modules.d/01systemd-cryptsetup/module-setup.sh +index dd8618a2..719df0e8 100755 +--- a/modules.d/01systemd-cryptsetup/module-setup.sh ++++ b/modules.d/01systemd-cryptsetup/module-setup.sh +@@ -33,7 +33,7 @@ depends() { + elif [[ ! $hostonly ]]; then + for module in fido2 pkcs11 tpm2-tss; do + module_check $module > /dev/null 2>&1 +- if [[ $? == 255 ]]; then ++ if [[ $? == 255 ]] && ! [[ " $omit_dracutmodules " == *\ $module\ * ]]; then + deps+=" $module" + fi + done +-- +2.48.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-change-network-dep-iscsi.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/050-change-network-dep-iscsi.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-change-network-dep-iscsi.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/050-change-network-dep-iscsi.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md new file mode 100644 index 0000000000..e9801411e5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md @@ -0,0 +1,11 @@ +`001-dracut-post-106.patch` is the merged upstream changes from v106 to current +main for some potentially important fixes and to provide a clean base for +`002-dracut-sysroot.patch`. This can be dropped when bumping to v107. + +`002-dracut-sysroot.patch` is Chewi's new Dracut improvements, which allow it to +parse the ELF .note.dlopen dependency metadata used by JSON and reliably +determine dependencies across foreign architectures. They will hopefully be +merged in v108. See https://github.com/dracut-ng/dracut-ng/pull/1260. + +`050-change-network-dep-iscsi.patch` is a Flatcar-specific dependency tweak to +use flatcar-network instead of network. diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 2b4a14af3c..9b987284ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -156,9 +156,20 @@ sys-libs/libsemanage -python sys-fs/zfs minimal -rootfs # Do not tinker with /boot partition at installation time. -sys-firmware/intel-microcode -initramfs sys-fs/zfs-kmod -initramfs +# Only needed for direct loading by the kernel, which is dangerous, and we +# include all the microcode in the initrd anyway. +sys-firmware/intel-microcode -split-ucode + # For sys-auth/sssd net-dns/bind gssapi net-dns/bind-tools gssapi + +# Flatcar can't benefit from this performance boost for several reasons, the +# main one being the use of binary packages. +sys-kernel/dracut -dracut-cpio + +# Avoid initrd bloat by using OpenSSL instead of gcrypt in systemd. +# systemd-journal's FSS feature requires gcrypt, but Flatcar doesn't need it. +sys-apps/systemd -gcrypt diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r36.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r37.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r36.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r37.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index c58fc8d446..cc56634903 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="9b57178c5390855d10c09a21278467ada35df767" # flatcar-master + EGIT_COMMIT="26231c67c14aa6032a85c2d15c7a6c15c62348a5" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild index f63fe81030..43910e4500 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild @@ -1,15 +1,21 @@ # Copyright 2014-2016 CoreOS, Inc. # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 COREOS_SOURCE_REVISION="" -inherit coreos-kernel +inherit coreos-kernel toolchain-funcs DESCRIPTION="CoreOS Linux kernel" KEYWORDS="amd64 arm64" +RESTRICT="userpriv" # dracut (via bootengine) needs root RDEPEND="=sys-kernel/coreos-modules-${PVR}" -DEPEND="${RDEPEND} +BDEPEND=" + sys-kernel/dracut +" +DEPEND=" + ${RDEPEND} + ${BDEPEND} app-alternatives/awk app-alternatives/gzip app-arch/xz-utils @@ -36,53 +42,52 @@ DEPEND="${RDEPEND} sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs + >=sys-kernel/bootengine-0.0.38-r37:= >=sys-kernel/coreos-firmware-20180103-r1:= - >=sys-kernel/bootengine-0.0.4:= - sys-kernel/dracut virtual/udev - amd64? ( sys-firmware/intel-microcode:= )" - -# We are bad, we want to get around the sandbox. So do the creation of the -# cpio image in pkg_setup() where we are free to mount filesystems, chroot, -# and other fun stuff. -pkg_setup() { - coreos-kernel_pkg_setup - - [[ "${MERGE_TYPE}" == binary ]] && return + amd64? ( sys-firmware/intel-microcode:= ) +" +src_prepare() { # Fail early if we didn't detect the build installed by coreos-modules [[ -n "${KV_OUT_DIR}" ]] || die "Failed to detect modules build tree" - if [[ "${ROOT:-/}" != / ]]; then - # TMPDIR needs to be corrected for chroot - TMPDIR=${TMPDIR#${ROOT}} ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} -k "${KV_FULL}" || die - else - update-bootengine -k "${KV_FULL}" || die - fi -} - -src_prepare() { default + # KV_OUT_DIR points to the minimal build tree installed by coreos-modules # Pull in the config and public module signing key - KV_OUT_DIR="${SYSROOT%/}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" + KV_OUT_DIR="${ESYSROOT}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" cp -v "${KV_OUT_DIR}/.config" build/ || die local sig_key="$(getconfig MODULE_SIG_KEY)" mkdir -p "build/${sig_key%/*}" || die cp -v "${KV_OUT_DIR}/${sig_key}" "build/${sig_key}" || die - # Symlink to bootengine.cpio so we can stick with relative paths in .config - ln -sv "${SYSROOT%/}"/usr/share/bootengine/bootengine.cpio build/ || die config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' # include all intel and amd microcode files, avoiding the signatures - local fw_dir="${SYSROOT%/}/lib/firmware" + local fw_dir="${ESYSROOT}/lib/firmware" use amd64 && config_update "CONFIG_EXTRA_FIRMWARE=\"$(find ${fw_dir} -type f \ \( -path ${fw_dir}'/intel-ucode/*' -o -path ${fw_dir}'/amd-ucode/*' \) -printf '%P ')\"" use amd64 && config_update "CONFIG_EXTRA_FIRMWARE_DIR=\"${fw_dir}\"" } src_compile() { + local BE_ARGS=() + + if [[ -n ${SYSROOT} ]]; then + BE_ARGS+=( -r "${SYSROOT}" ) + export DRACUT_ARCH="${CHOST%%-*}" + + # We may need to run ldconfig via QEMU, so use the wrapper. Dracut calls + # it with -r, which chroots and confuses the sandbox, so calm it down. + export DRACUT_LDCONFIG="${CHOST}-ldconfig" + local f; for f in /etc/ld.so.cache{,~} /var/cache/ldconfig/aux-cache{,~}; do + addwrite "${f}" + done + fi + + tc-export PKG_CONFIG + "${ESYSROOT}"/usr/bin/update-bootengine -k "${KV_FULL}" -o "${S}"/build/bootengine.cpio "${BE_ARGS[@]}" || die kmake "$(kernel_target)" # sanity check :) @@ -104,5 +109,5 @@ src_install() { # For easy access to vdso debug symbols in gdb: # set debug-file-directory /usr/lib/debug/usr/lib/modules/${KV_FULL}/vdso/ - kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" vdso_install + kmake INSTALL_MOD_PATH="${ED}/usr/lib/debug/usr" vdso_install } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest deleted file mode 100644 index 6aa8281547..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -DIST dracut-050.tar.xz 333592 BLAKE2B cb0bfa5a8e7547260b8a80a3606eb284182c062926269c85b09e07d26ad177df0eeaa64b17005bff9290611f1c83fc8cd8e2216cfe14b5e66ec7f659d4c2fa7b SHA512 eba046cf1c8013369a398e585e0bff233daa8595d469ce9acc8bbc6a32d55c6a5429d4219db19abbf6001104be05b357f0961f9e66b7f926039a5d3ee7c2b850 -DIST dracut-051.tar.xz 346500 BLAKE2B 38129b6b713b3338bbb2554fffd611f80216969eebac9fca7fb72df2db2036d4fbe66ebd54e646e562e24801e61064e54b62f066bab9e77ca88814100ebdd8ff SHA512 f3533430e479bc91c538e0a198ca97450ec449a7d661d876ecd0ad3e417e22f7e4abf0a384fc676a63a4d3479f25d717c8acdcd1bdec7d0a5714298c5c4ea6b8 -DIST dracut-053.tar.xz 354668 BLAKE2B d20d0f1675e18cf44615a98255c8b1a73f23e9c665a771a1fe99716d3bf0b6082961ab20fe058bf31c106c4f521d9e8708e2ae98cff00f613197bbf9dd3abda3 SHA512 4736f84442bda208a38d3285ffeb8b845f06e52e3bf60d2aaea121240cf695e1369208c2d2cee1137a6c1d3f8f7794385675006beaf5cd86ade259d5f42d039a -DIST dracut-055.tar.xz 361752 BLAKE2B 9fcb0bce9ead2e079c70a377ea53701e4634d3dc64ae163e0e157d7d85822a274813e05f6079768640e1807818fad7a8158626413d773686a8d52fcd95fb5680 SHA512 2d2ea2889d9013bc94245bd7d1a2154f24d02bd9c2f7dbb28e5968e17d918e6598c68d85b0f551f968218980a80b19361ca0c9e8e94997ba54f4c09afcd6d866 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild deleted file mode 100644 index 7b8172dca5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 sparc x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS HACKING NEWS README.md README.generic README.kernel README.modules - README.testsuite TODO ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/050-Makefile-merge-main-version-and-git-version-earlier.patch - "${FILESDIR}"/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch - "${FILESDIR}"/050-Makefile-fix-VERSION-again.patch - "${FILESDIR}"/050-btrfs-force-preload-btrfs-module.patch - "${FILESDIR}"/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch - "${FILESDIR}"/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch - "${FILESDIR}"/050-busybox-module-fix.patch - "${FILESDIR}"/050-systemd-remove-obsolete-syslog-parameter.patch - "${FILESDIR}"/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch - "${FILESDIR}"/050-gentoo-ldconfig-paths.patch - # Flatcar: override iscsi network dependency - "${FILESDIR}"/050-change-network-dep-iscsi.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - insinto /etc/logrotate.d - newins dracut.logrotate dracut - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild deleted file mode 100644 index 4c6865f557..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS HACKING NEWS README.md README.generic README.kernel README.modules - README.testsuite TODO ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/051-dracut.sh-move-ldconfig.patch - "${FILESDIR}"/gentoo-ldconfig-paths.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - insinto /etc/logrotate.d - newins dracut.logrotate dracut - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild deleted file mode 100644 index ff309e2485..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 sparc x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS README.md README.generic README.kernel ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/053-network-manager.patch - "${FILESDIR}"/gentoo-ldconfig-paths.patch - # Flatcar: override iscsi network dependency - "${FILESDIR}"/050-change-network-dep-iscsi.patch - # Add required systemd 255 binary - "${FILESDIR}"/059-systemd-executor.patch - # Add systemd vconsole setup fix using i118n - "${FILESDIR}"/0001-systemd-initrd-install-only-keymap-required-by-syste.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild deleted file mode 100644 index 3b042f3de7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild +++ /dev/null @@ -1,173 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux test" - -RESTRICT="!test? ( test )" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_test() { - if [[ ${EUID} != 0 ]]; then - # Tests need root privileges, bug #298014 - ewarn "Skipping tests: Not running as root." - elif [[ ! -w /dev/kvm ]]; then - ewarn "Skipping tests: Unable to access /dev/kvm." - else - emake -C test check - fi -} - -src_install() { - local DOCS=( - AUTHORS - NEWS.md - README.md - docs/README.cross - docs/README.generic - docs/README.kernel - docs/SECURITY.md - ) - - default - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch deleted file mode 100644 index 819639b1e4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 6d7e4b88c21f45cf1695e4495004a12cacd58d0c Mon Sep 17 00:00:00 2001 -From: Adrian Vladu -Date: Thu, 7 Mar 2024 11:17:54 +0000 -Subject: [PATCH] systemd: initrd: install only keymap required by - systemd-vconsole-setup - -Signed-off-by: Adrian Vladu ---- - modules.d/10i18n/module-setup.sh | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/modules.d/10i18n/module-setup.sh b/modules.d/10i18n/module-setup.sh -index d6688b47..516883be 100755 ---- a/modules.d/10i18n/module-setup.sh -+++ b/modules.d/10i18n/module-setup.sh -@@ -4,7 +4,7 @@ - check() { - [[ "$mount_needs" ]] && return 1 - -- require_binaries setfont loadkeys kbd_mode || return 1 -+ require_binaries loadkeys || return 1 - - return 0 - } -@@ -164,6 +164,10 @@ install() { - fi - shopt -q -u nocasematch - -+ # install only one keymap: us -+ KEYMAP=us -+ -+ - # Gentoo user may have KEYMAP set to something like "-u pl2", - KEYMAP=${KEYMAP#-* } - -@@ -267,10 +271,7 @@ install() { - inst_simple ${VCONFIG_CONF} - fi - -- if [[ ${hostonly} ]] && ! [[ ${i18n_install_all} == "yes" ]]; then -- install_local_i18n || install_all_kbd -- else -- install_all_kbd -- fi -+ # install only one keyboard map -+ install_local_i18n - fi - } --- -2.43.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch deleted file mode 100644 index a091e4c9fa..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a76aa8e39016a8564adb0f18f93bbf2e15d3243f Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Sun, 8 Mar 2020 05:47:50 +0300 -Subject: [PATCH] Makefile: fix VERSION again - -The variable is not undefined anymore after the first assignment, so -we should check if variable is empty instead. ---- - Makefile | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index c69e2dfc..02e2c4b5 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,9 +1,13 @@ - -include dracut-version.sh - - DRACUT_MAIN_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --abbrev=0 --tags --always 2>/dev/null || :) --DRACUT_MAIN_VERSION ?= $(DRACUT_VERSION) -+ifeq ($(DRACUT_MAIN_VERSION),) -+DRACUT_MAIN_VERSION = $(DRACUT_VERSION) -+endif - DRACUT_FULL_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --tags --always 2>/dev/null || :) --DRACUT_FULL_VERSION ?= $(DRACUT_VERSION) -+ifeq ($(DRACUT_FULL_VERSION),) -+DRACUT_FULL_VERSION = $(DRACUT_VERSION) -+endif - - -include Makefile.inc - --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch deleted file mode 100644 index 49c532b929..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch +++ /dev/null @@ -1,78 +0,0 @@ -From eb8a7a96351b6e1cfd9dc34f1e854333a8f4a4e0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= - -Date: Fri, 6 Mar 2020 08:46:36 +0700 -Subject: [PATCH] Makefile: merge main-version and git-version earlier - -With GNU Make 4.3 on both ArchLinux, and VoidLinux, -GITVERION is always empty because of bad substitution. -Change '\#' to simply '#' can fix it, -but we don't need that complation. - -We can merge DRACUT_MAIN_VERSION and GITVERSION into DRACUT_FULL_VERSION. -Because, GITVERSION will be attached back to DRACUT_MAIN_VERSION in all -situation. - -While we're at it, detect if we're in git worktree by: -limiting GIT_CEILING_DIRECTORIES to parent directory of -dracut's top level directory; instead of checking for .git directory, -in order to support git-worktree, in such case, .git will be a file, see -gitrepository-layout(5) ---- - Makefile | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/Makefile b/Makefile -index 22b584f1..c69e2dfc 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,8 +1,9 @@ - -include dracut-version.sh - --DRACUT_MAIN_VERSION ?= $(shell [ -d .git ] && git describe --abbrev=0 --tags --always 2>/dev/null || :) -+DRACUT_MAIN_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --abbrev=0 --tags --always 2>/dev/null || :) - DRACUT_MAIN_VERSION ?= $(DRACUT_VERSION) --GITVERSION ?= $(shell [ -d .git ] && { v=$$(git describe --tags --always 2>/dev/null); [ -n "$$v" ] && [ $${v\#*-} != $$v ] && echo -$${v\#*-}; } ) -+DRACUT_FULL_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --tags --always 2>/dev/null || :) -+DRACUT_FULL_VERSION ?= $(DRACUT_VERSION) - - -include Makefile.inc - -@@ -92,14 +93,14 @@ endif - - %.xml: %.asc - @rm -f -- "$@" -- asciidoc -a "version=$(DRACUT_MAIN_VERSION)$(GITVERSION)" -d manpage -b docbook -o "$@" $< -+ asciidoc -a "version=$(DRACUT_FULL_VERSION)" -d manpage -b docbook -o "$@" $< - - dracut.8: dracut.usage.asc dracut.8.asc - - dracut.html: dracut.asc $(manpages) dracut.css dracut.usage.asc - @rm -f -- dracut.xml - asciidoc -a "mainversion=$(DRACUT_MAIN_VERSION)" \ -- -a "version=$(DRACUT_MAIN_VERSION)$(GITVERSION)" \ -+ -a "version=$(DRACUT_FULL_VERSION)" \ - -a numbered \ - -d book -b docbook -o dracut.xml dracut.asc - @rm -f -- dracut.html -@@ -112,7 +113,7 @@ dracut.html: dracut.asc $(manpages) dracut.css dracut.usage.asc - dracut.pc: Makefile.inc Makefile - @echo "Name: dracut" > dracut.pc - @echo "Description: dracut" >> dracut.pc -- @echo "Version: $(DRACUT_MAIN_VERSION)$(GITVERSION)" >> dracut.pc -+ @echo "Version: $(DRACUT_FULL_VERSION)" >> dracut.pc - @echo "dracutdir=$(pkglibdir)" >> dracut.pc - @echo "dracutmodulesdir=$(pkglibdir)/modules.d" >> dracut.pc - @echo "dracutconfdir=$(pkglibdir)/dracut.conf.d" >> dracut.pc -@@ -182,7 +183,7 @@ endif - - dracut-version.sh: - @rm -f dracut-version.sh -- @echo "DRACUT_VERSION=$(DRACUT_MAIN_VERSION)$(GITVERSION)" > dracut-version.sh -+ @echo "DRACUT_VERSION=$(DRACUT_FULL_VERSION)" > dracut-version.sh - - clean: - $(RM) *~ --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch deleted file mode 100644 index 386722c2ae..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0402b3777b1c64bd716f588ff7457b905e98489d Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Wed, 11 Mar 2020 12:56:52 +0100 -Subject: [PATCH] btrfs: force preload btrfs module - -fixes https://github.com/dracutdevs/dracut/issues/658 - -raid6_pq and xor takes time doing benchmarking - -[ 3.983009] request_module fs-btrfs succeeded, but still no fs? ---- - modules.d/90btrfs/module-setup.sh | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh -index b0d0058b..66a254e1 100755 ---- a/modules.d/90btrfs/module-setup.sh -+++ b/modules.d/90btrfs/module-setup.sh -@@ -48,5 +48,7 @@ install() { - - inst_multiple -o btrfsck btrfs-zero-log - inst $(command -v btrfs) /sbin/btrfs -+ # Hack for slow machines -+ # see https://github.com/dracutdevs/dracut/issues/658 -+ echo "rd.driver.pre=btrfs" > ${initdir}/etc/cmdline.d/00-btrfs.conf - } -- --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch deleted file mode 100644 index faaf026e53..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch +++ /dev/null @@ -1,102 +0,0 @@ -From f769154bccf22d2b5caf5e4888f88bf7edde2662 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 25 May 2020 19:02:05 +0300 -Subject: [PATCH 1/2] dracut-functions: fix find_binary() to return full path - -Fixes: a01204202b30 (Allow running on a cross-compiled rootfs) ---- - dracut-functions.sh | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index 3cb9c7af..b5c28248 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -41,31 +41,36 @@ str_ends() { [ "${1%*"$2"}" != "$1" ]; } - # search in the usual places to find the binary. - find_binary() { - local _delim -+ local _path - local l - local p - [[ -z ${1##/*} ]] || _delim="/" - - if [[ "$1" == *.so* ]]; then - for l in libdirs ; do -- if { $DRACUT_LDD "$dracutsysrootdir$l$_delim$1" &>/dev/null; }; then -- printf "%s\n" "$1" -+ _path="${l}${_delim}${1}" -+ if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &>/dev/null; }; then -+ printf "%s\n" "${_path}" - return 0 - fi - done -- if { $DRACUT_LDD "$dracutsysrootdir$_delim$1" &>/dev/null; }; then -- printf "%s\n" "$1" -+ _path="${_delim}${1}" -+ if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &>/dev/null; }; then -+ printf "%s\n" "${_path}" - return 0 - fi - fi - if [[ "$1" == */* ]]; then -- if [[ -L $dracutsysrootdir$_delim$1 ]] || [[ -x $dracutsysrootdir$_delim$1 ]]; then -- printf "%s\n" "$1" -+ _path="${_delim}${1}" -+ if [[ -L ${dracutsysrootdir}${_path} ]] || [[ -x ${dracutsysrootdir}${_path} ]]; then -+ printf "%s\n" "${_path}" - return 0 - fi - fi - for p in $DRACUT_PATH ; do -- if [[ -L $dracutsysrootdir$p$_delim$1 ]] || [[ -x $dracutsysrootdir$p$_delim$1 ]]; then -- printf "%s\n" "$1" -+ _path="${p}${_delim}${1}" -+ if [[ -L ${dracutsysrootdir}${_path} ]] || [[ -x ${dracutsysrootdir}${_path} ]]; then -+ printf "%s\n" "${_path}" - return 0 - fi - done --- -2.26.2 - -From 50cc23ba32b0fda63eff7623b529dbeb4e6a38c6 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 25 May 2020 17:49:20 +0300 -Subject: [PATCH 2/2] busybox: simplify listing of supported utilities - -'--list' option is supported since busybox-1.20.0, which was released -in 2010. ---- - modules.d/05busybox/module-setup.sh | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/modules.d/05busybox/module-setup.sh b/modules.d/05busybox/module-setup.sh -index ecbd6a13..5d88c5d1 100755 ---- a/modules.d/05busybox/module-setup.sh -+++ b/modules.d/05busybox/module-setup.sh -@@ -14,15 +14,16 @@ depends() { - - # called by dracut - install() { -- local _i _progs _path _busybox -+ local _i _path _busybox -+ local _progs=() - _busybox=$(type -P busybox) - inst $_busybox /usr/bin/busybox -- for _i in $($_busybox | sed -ne '1,/Currently/!{s/,//g; s/busybox//g; p}') -- do -- _progs="$_progs $_i" -+ for _i in $($_busybox --list); do -+ [[ ${_i} == busybox ]] && continue -+ _progs+=("${_i}") - done - -- for _i in $_progs; do -+ for _i in "${_progs[@]}"; do - _path=$(find_binary "$_i") - [ -z "$_path" ] && continue - ln_r /usr/bin/busybox $_path --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch deleted file mode 100644 index 11ca7add6d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 8e1a4dc5f8a777fc718db490414ffdc9dc755f66 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Sat, 18 Apr 2020 14:55:41 +0200 -Subject: [PATCH] dracut-lib.sh: quote variables in parameter expansion - patterns - -According to POSIX.1-2017, 2.6.2 Parameter Expansion: - -${parameter%[word]} [...] The word shall be expanded to produce a -pattern. - -This means if word contains variables that itself contain special -characters like asterisks or backslashes, these are treated as pattern -characters unless the variable is quoted. Try e.g. the following example -in bash, dash or (busybox) ash: - -i='a\c'; j='\'; echo "${i%$j*}" - -This prints "a\c" because "$j*" is expanded to "\*", escaping the -asterisk. In contrast, - -i='a\c'; j='\'; echo "${i%"$j"*}" - -produces the expected result "a" because the backslash is not specially -treated any more after quoting. - -The quotes that this commit adds have been previously removed in commit -f9c96cf56fed390841eac05c43826e62014c9188, citing issues with busybox -hush without further specifying the actual error. I tested a recent -busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b) -and couldn't find any problems. Note that the above example always -produces "a\c" in hush regardless of quoting $j, making hush unsuitable -for use with dracut, but using quotes in parameter expansions generally -works. - -The unquoted variables break the "rd.luks.uuid/name" kernel command line -options in dracut 050 because - -str_replace "$luksname" '\' '\\' - -in modules.d/90crypt/parse-crypt.sh is not able to escape the -backslashes any more, see GH-723, GH-727: backslashes in the -systemd-cryptsetup@.service unit name stay unescaped for use in udev -(cf. commit 0f6d93eb9d63695a64002ec8b0421fbc9fc8a7a3), leading to -failures in starting the unit. - -This partially reverts commit f9c96cf56fed390841eac05c43826e62014c9188. ---- - modules.d/99base/dracut-lib.sh | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh -index c53cd13b..c57523d3 100755 ---- a/modules.d/99base/dracut-lib.sh -+++ b/modules.d/99base/dracut-lib.sh -@@ -24,7 +24,7 @@ debug_on() { - - # returns OK if $1 contains literal string $2 (and isn't empty) - strstr() { -- [ "${1##*$2*}" != "$1" ] -+ [ "${1##*"$2"*}" != "$1" ] - } - - # returns OK if $1 matches (completely) glob pattern $2 -@@ -43,18 +43,18 @@ strglobin() { - - # returns OK if $1 contains literal string $2 at the beginning, and isn't empty - str_starts() { -- [ "${1#$2*}" != "$1" ] -+ [ "${1#"$2"*}" != "$1" ] - } - - # returns OK if $1 contains literal string $2 at the end, and isn't empty - str_ends() { -- [ "${1%*$2}" != "$1" ] -+ [ "${1%*"$2"}" != "$1" ] - } - - trim() { - local var="$*" -- var="${var#${var%%[![:space:]]*}}" # remove leading whitespace characters -- var="${var%${var##*[![:space:]]}}" # remove trailing whitespace characters -+ var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters -+ var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters - printf "%s" "$var" - } - -@@ -108,9 +108,9 @@ str_replace() { - local out='' - - while strstr "${in}" "$s"; do -- chop="${in%%$s*}" -+ chop="${in%%"$s"*}" - out="${out}${chop}$r" -- in="${in#*$s}" -+ in="${in#*"$s"}" - done - echo "${out}${in}" - } -@@ -396,7 +396,7 @@ splitsep() { - while [ -n "$str" -a "$#" -gt 1 ]; do - tmp="${str%%$sep*}" - eval "$1='${tmp}'" -- str="${str#$tmp}" -+ str="${str#"$tmp"}" - str="${str#$sep}" - shift - done --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch deleted file mode 100644 index cf54cabb5e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0386e4627779cb51f4292b3c642d90586d5e71b4 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Wed, 29 Jan 2020 23:53:29 +0100 -Subject: [PATCH] dracut.sh: don't call fsfreeze on subvol of root file system - -dracut.sh already doesn't call fsfreeze if the output file is on -the root file system. For btrfs, however, this is not sufficient. -Because fsfreeze is a superblock operation, and all btrfs subvolumes -share the same superblock, fsfreeze may freeze the entire system -if the subvolume on which the output file is written and / are -subvolumes of the same file system. Avoid this by comparing file -system UUIDs for btrfs. - -Fixes: de576db3c225 ("call fsfreeze(8) on /boot to flush initramfs data & metadata to media") ---- - dracut.sh | 36 +++++++++++++++++++++++++++++++++++- - 1 file changed, 35 insertions(+), 1 deletion(-) - -diff --git a/dracut.sh b/dracut.sh -index af346f3a..c14f6c0b 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -2075,6 +2075,40 @@ fi - - command -v restorecon &>/dev/null && restorecon -- "$outfile" - -+btrfs_uuid() { -+ btrfs filesystem show "$1" | sed -n '1s/^.*uuid: //p' -+} -+ -+freeze_ok_for_btrfs() { -+ local mnt uuid1 uuid2 -+ # If the output file is on btrfs, we need to make sure that it's -+ # not on a subvolume of the same file system as the root FS. -+ # Otherwise, fsfreeze() might freeze the entire system. -+ # This is most conveniently checked by comparing the FS uuid. -+ -+ [[ "$(stat -f -c %T -- "/")" == "btrfs" ]] || return 0 -+ mnt=$(stat -c %m -- "$1") -+ uuid1=$(btrfs_uuid "$mnt") -+ uuid2=$(btrfs_uuid "/") -+ [[ "$uuid1" && "$uuid2" && "$uuid1" != "$uuid2" ]] -+} -+ -+freeze_ok_for_fstype() { -+ local outfile=$1 -+ local fstype -+ -+ [[ "$(stat -c %m -- "$outfile")" == "/" ]] && return 1 -+ fstype=$(stat -f -c %T -- "$outfile") -+ case $fstype in -+ msdos) -+ return 1;; -+ btrfs) -+ freeze_ok_for_btrfs "$outfile";; -+ *) -+ return 0;; -+ esac -+} -+ - # We sync/fsfreeze only if we're operating on a live booted system. - # It's possible for e.g. `kernel` to be installed as an RPM BuildRequires or equivalent, - # and there's no reason to sync, and *definitely* no reason to fsfreeze. -@@ -2087,7 +2121,7 @@ if test -d $dracutsysrootdir/run/systemd/system; then - fi - - # use fsfreeze only if we're not writing to / -- if [[ "$(stat -c %m -- "$outfile")" != "/" && "$(stat -f -c %T -- "$outfile")" != "msdos" ]]; then -+ if [[ "$(stat -c %m -- "$outfile")" != "/" ]] && freeze_ok_for_fstype "$outfile"; then - if ! $(fsfreeze -f $(dirname "$outfile") 2>/dev/null && fsfreeze -u $(dirname "$outfile") 2>/dev/null); then - dinfo "dracut: warning: could not fsfreeze $(dirname "$outfile")" - fi --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch deleted file mode 100644 index 8b93afc358..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 07417b7fc5cb261187519c916e4735189f20f4c6 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Sat, 23 May 2020 18:03:47 +0300 -Subject: [PATCH] lvm: fix removal of pvscan from udev rules - -udev rules provided by lvm 2.02.128 and newer uses '+=' instead of '='. ---- - modules.d/90lvm/module-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules.d/90lvm/module-setup.sh b/modules.d/90lvm/module-setup.sh -index d6d2c185..52c803f7 100755 ---- a/modules.d/90lvm/module-setup.sh -+++ b/modules.d/90lvm/module-setup.sh -@@ -101,7 +101,7 @@ install() { - sed -i -e 's/^ENV{SYSTEMD_ALIAS}=.*/# No LVM pvscan in dracut - lvmetad is not running yet/' \ - ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules - sed -i -e 's/^ENV{ID_MODEL}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules -- sed -i -e 's/^ENV{SYSTEMD_WANTS}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules -+ sed -i -e 's/^ENV{SYSTEMD_WANTS}+\?=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules - else - sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' \ - ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch deleted file mode 100644 index d97193c9b1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 3dcaa97ca4dcfa8092252a22df62c60941e59ce3 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 11 Mar 2020 09:40:50 +0100 -Subject: [PATCH] network-manager: ensure that nm-run.sh is executed when - needed - -The network-manager command line hook must install a -initqueue/finished hook to ensure that nm-run.sh is executed when -there are network connections to activate. - -Fixes: #694 ---- - modules.d/35network-manager/nm-config.sh | 11 +++++++++++ - modules.d/35network-manager/nm-run.sh | 2 ++ - 2 files changed, 13 insertions(+) - -diff --git a/modules.d/35network-manager/nm-config.sh b/modules.d/35network-manager/nm-config.sh -index 1efa737c..39a1c8bd 100755 ---- a/modules.d/35network-manager/nm-config.sh -+++ b/modules.d/35network-manager/nm-config.sh -@@ -5,3 +5,14 @@ if [ -n "$netroot" ] || [ -e /tmp/net.ifaces ]; then - fi - - /usr/libexec/nm-initrd-generator -- $(getcmdline) -+ -+if getargbool 0 rd.neednet; then -+ for i in /usr/lib/NetworkManager/system-connections/* \ -+ /run/NetworkManager/system-connections/* \ -+ /etc/NetworkManager/system-connections/* \ -+ /etc/sysconfig/network-scripts/ifcfg-*; do -+ [ -f "$i" ] || continue -+ echo '[ -f /tmp/nm.done ]' >$hookdir/initqueue/finished/nm.sh -+ break -+ done -+fi -diff --git a/modules.d/35network-manager/nm-run.sh b/modules.d/35network-manager/nm-run.sh -index 4079b735..fc5280a1 100755 ---- a/modules.d/35network-manager/nm-run.sh -+++ b/modules.d/35network-manager/nm-run.sh -@@ -22,3 +22,5 @@ do - source_hook initqueue/online $ifname - /sbin/netroot $ifname - done -+ -+> /tmp/nm.done --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch deleted file mode 100644 index f24cf11b37..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 265f696b532f63f0ac1f9f341e0469a6eafe2fdd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:26:00 +0000 -Subject: [PATCH 01/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/90stratis/stratisd-init.service | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/modules.d/90stratis/stratisd-init.service b/modules.d/90stratis/stratisd-init.service -index 318e8c27..1be2e33b 100644 ---- a/modules.d/90stratis/stratisd-init.service -+++ b/modules.d/90stratis/stratisd-init.service -@@ -8,8 +8,6 @@ DefaultDependencies=no - Type=simple - ExecStart=/sbin/stratisd-init --debug - KillSignal=SIGINT --StandardOutput=syslog --StandardError=syslog - - [Install] - WantedBy=sysinit.target --- -2.26.2 - -From 38ba90bf88b38228e128c65be40a2da287c0b1ed Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:29:34 +0000 -Subject: [PATCH 02/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/99squash/squash-mnt-clear.service | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/modules.d/99squash/squash-mnt-clear.service b/modules.d/99squash/squash-mnt-clear.service -index 84441f60..9d94c524 100644 ---- a/modules.d/99squash/squash-mnt-clear.service -+++ b/modules.d/99squash/squash-mnt-clear.service -@@ -12,6 +12,6 @@ ConditionPathExists=/squash/root - Type=oneshot - RemainAfterExit=no - StandardInput=null --StandardOutput=syslog+console --StandardError=syslog+console -+StandardOutput=journal+console -+StandardError=journal+console - ExecStart=/squash/clear-squash.sh --- -2.26.2 - -From 5cb2a4004d18e4b96ddc18f221fae922350a9000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:31:17 +0000 -Subject: [PATCH 03/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-trigger.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-trigger.service b/modules.d/98dracut-systemd/dracut-pre-trigger.service -index 7bf16167..6f1ba521 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-trigger.service -+++ b/modules.d/98dracut-systemd/dracut-pre-trigger.service -@@ -20,8 +20,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-trigger - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 317d841c788e841d3533515ceda5597a099eb64e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:31:59 +0000 -Subject: [PATCH 04/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-initqueue.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-initqueue.service b/modules.d/98dracut-systemd/dracut-initqueue.service -index 207d545d..3a8679a5 100644 ---- a/modules.d/98dracut-systemd/dracut-initqueue.service -+++ b/modules.d/98dracut-systemd/dracut-initqueue.service -@@ -21,8 +21,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-initqueue - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 0c1bd016ecfb9c6d194c4356199b509d90db4071 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:32:44 +0000 -Subject: [PATCH 05/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-pivot.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-pivot.service b/modules.d/98dracut-systemd/dracut-pre-pivot.service -index 9a1f0854..e893d1dd 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-pivot.service -+++ b/modules.d/98dracut-systemd/dracut-pre-pivot.service -@@ -27,8 +27,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-pivot - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From e1130a83405648777210fdc99f7eee087eebaadc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:33:33 +0000 -Subject: [PATCH 06/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-udev.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-udev.service b/modules.d/98dracut-systemd/dracut-pre-udev.service -index 570ec02d..e4092e35 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-udev.service -+++ b/modules.d/98dracut-systemd/dracut-pre-udev.service -@@ -24,8 +24,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-udev - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From c437933cb0490e800e776cb7695d2ea0e95056a2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:34:17 +0000 -Subject: [PATCH 07/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-mount.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-mount.service b/modules.d/98dracut-systemd/dracut-pre-mount.service -index d3909689..18c9730c 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-mount.service -+++ b/modules.d/98dracut-systemd/dracut-pre-mount.service -@@ -19,8 +19,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-mount - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From d9149c6ca7c52c204c1b346e9b6a32bbadd0b2ff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:35:02 +0000 -Subject: [PATCH 08/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-cmdline.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-cmdline.service b/modules.d/98dracut-systemd/dracut-cmdline.service -index e577ec88..a8078bd2 100644 ---- a/modules.d/98dracut-systemd/dracut-cmdline.service -+++ b/modules.d/98dracut-systemd/dracut-cmdline.service -@@ -23,8 +23,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-cmdline - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 8cb5ac1b30be458df9497911ba601d90e68f4d5b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:35:38 +0000 -Subject: [PATCH 09/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-mount.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-mount.service b/modules.d/98dracut-systemd/dracut-mount.service -index 77d34f62..c88e6d84 100644 ---- a/modules.d/98dracut-systemd/dracut-mount.service -+++ b/modules.d/98dracut-systemd/dracut-mount.service -@@ -19,8 +19,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-mount - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch deleted file mode 100644 index d6d97f7bb9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 48258fae9fa58046d7d1a246ea3d821530180643 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Fri, 18 Dec 2020 00:01:32 +0300 -Subject: [PATCH] dracut.sh: Move ldconfig after library workaround - -This fixes boot failures when libgcc_s.so.1 is in a non-standard -directory. - -Bug: https://bugs.gentoo.org/760249 -Fixes: de3cb0e3214c (dracut.sh: Move the library workaround after squash) ---- - dracut.sh | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/dracut.sh b/dracut.sh -index 0f4648397..c6c361acc 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -1724,20 +1724,6 @@ for ((i=0; i < ${#include_src[@]}; i++)); do - fi - done - --if [[ $kernel_only != yes ]]; then -- # make sure that library links are correct and up to date -- for f in $dracutsysrootdir/etc/ld.so.conf $dracutsysrootdir/etc/ld.so.conf.d/*; do -- [[ -f $f ]] && inst_simple "${f#$dracutsysrootdir}" -- done -- if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then -- if [[ $EUID = 0 ]]; then -- derror "ldconfig exited ungracefully" -- else -- derror "ldconfig might need uid=0 (root) for chroot()" -- fi -- fi --fi -- - if [[ $do_hardlink = yes ]] && command -v hardlink >/dev/null; then - dinfo "*** Hardlinking files ***" - hardlink "$initdir" 2>&1 -@@ -1920,6 +1906,20 @@ if [[ $kernel_only != yes ]]; then - fi - fi - -+if [[ $kernel_only != yes ]]; then -+ # make sure that library links are correct and up to date -+ for f in $dracutsysrootdir/etc/ld.so.conf $dracutsysrootdir/etc/ld.so.conf.d/*; do -+ [[ -f $f ]] && inst_simple "${f#$dracutsysrootdir}" -+ done -+ if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then -+ if [[ $EUID = 0 ]]; then -+ derror "ldconfig exited ungracefully" -+ else -+ derror "ldconfig might need uid=0 (root) for chroot()" -+ fi -+ fi -+fi -+ - if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then - dinfo "*** Stripping files ***" - find "$initdir" -type f \ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch deleted file mode 100644 index c3b337733b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch +++ /dev/null @@ -1,24 +0,0 @@ -From ba4bcf5f4f11ad624c647ddf4f566997186135e7 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Wed, 31 Mar 2021 16:11:41 +0200 -Subject: [PATCH] fix(network-manager): no default deps for nm-run.service - -Otherwise nm-run.service will run only in basic.target, which is too -late in the initramfs. ---- - modules.d/35network-manager/nm-run.service | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/modules.d/35network-manager/nm-run.service b/modules.d/35network-manager/nm-run.service -index 63fe7564d0..f3493c41a3 100644 ---- a/modules.d/35network-manager/nm-run.service -+++ b/modules.d/35network-manager/nm-run.service -@@ -2,6 +2,8 @@ - # SPDX-License-Identifier: GPL-2.0-or-later - - [Unit] -+DefaultDependencies=no -+ - #make sure all devices showed up - Wants=systemd-udev-settle.service - After=systemd-udev-settle.service diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch deleted file mode 100644 index 5ec1a13861..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch +++ /dev/null @@ -1,31 +0,0 @@ -From bee1c4824a8cd47ce6c01892a548bdc07b1fa678 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sat, 14 Oct 2023 23:45:57 +0200 -Subject: [PATCH] feat(systemd): install systemd-executor - -In [0] systemd gained a new binary - systemd-executor - that's used to -spawn processes forked off systemd. Let's copy it into the initrd if -it's available. - -[0] https://github.com/systemd/systemd/pull/27890 - -Signed-off-by: Brian Harring ---- - modules.d/00systemd/module-setup.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh -index 554c25a08..9a13a1dbb 100755 ---- a/modules.d/00systemd/module-setup.sh -+++ b/modules.d/00systemd/module-setup.sh -@@ -34,6 +34,7 @@ install() { - "$systemdutildir"/systemd \ - "$systemdutildir"/systemd-coredump \ - "$systemdutildir"/systemd-cgroups-agent \ -+ "$systemdutildir"/systemd-executor \ - "$systemdutildir"/systemd-shutdown \ - "$systemdutildir"/systemd-reply-password \ - "$systemdutildir"/systemd-fsck \ --- -2.41.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch deleted file mode 100644 index 15522ef4fc..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0674b9136831b1beb6a7ec91147fd5c280c693a3 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 9 Mar 2020 02:47:07 +0300 -Subject: [PATCH] Remove redundant gcc paths in ldconfig_paths() - -Bug: https://bugs.gentoo.org/705728 ---- - dracut-functions.sh | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index 3cb9c7af..5337ff6c 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -76,7 +76,20 @@ find_binary() { - - ldconfig_paths() - { -- $DRACUT_LDCONFIG ${dracutsysrootdir:+-r ${dracutsysrootdir} -f /etc/ld.so.conf} -pN 2>/dev/null | grep -E -v '/(lib|lib64|usr/lib|usr/lib64)/[^/]*$' | sed -n 's,.* => \(.*\)/.*,\1,p' | sort | uniq -+ local gccpath -+ -+ if type -P gcc-config &>/dev/null; then -+ gccpath=$(gcc-config -c) -+ gccpath=/usr/lib/gcc/${gccpath%-*}/${gccpath##*-} -+ fi -+ -+ while read -r line; do -+ if [[ ${line} != /usr/lib/gcc/* || -z ${gccpath} ]]; then -+ echo ${line} -+ elif [[ ${line} == ${gccpath} ]]; then -+ echo ${line} -+ fi -+ done < <($DRACUT_LDCONFIG ${dracutsysrootdir:+-r ${dracutsysrootdir} -f /etc/ld.so.conf} -pN 2>/dev/null | grep -E -v '/(lib|lib64|usr/lib|usr/lib64)/[^/]*$' | sed -n 's,.* => \(.*\)/.*,\1,p' | sort | uniq) - } - - # Version comparision function. Assumes Linux style version scheme. --- -2.24.1 - diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest new file mode 100644 index 0000000000..1befd67dbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest @@ -0,0 +1,3 @@ +DIST dracut-060_pre20240104.tar.gz 499965 BLAKE2B 935e0e5da348426d69c6dab6b91078f126cadd9ffc6a32378e79cd93b1dbadff35899efc3786fc12bf5a6741843d3637b0c98cc71fe4a96a8caf053ae887bac3 SHA512 f7818265f082e9c05ebb81a91b67fb9b1d3bf8b2433b7e6ea9be6bee43d28cd1ee48577648e1d9b3729c17608b028d294c13bf5d4db4cc5a18e3b007eb2cd67e +DIST dracut-103.tar.gz 567713 BLAKE2B 7781c0b7fc83a2c0c461f6398687e053226b489fb5405b3132b30d8e7a4f3cea2bb73aa0fe6e4c4b27187d6270ba623f403916ec38025a912930ae347a7e25ce SHA512 ba0dbefbcbecb09c44ce240664bc4f4ee25dfb8be7bc060028ae3b1ccf7d70410491c105e64fcef3d6f44d2794cb6162bcea9404125906be46bf3dff098e0277 +DIST dracut-106.tar.gz 527743 BLAKE2B 837621da329500b88b0c81a724990702a9f4e816a4818c26622b2bc5e3885c908f0bbba682a262f967d9a08a912cfd63a33270143560a30e3d067dc4217c5262 SHA512 ab17f9440129e2db7c2902115459309132ce7f7b29bbb3172002b7a8ea8ab54799d62d89fbf3f84581a5c14196f6754d33669b583b9d758ab4686a3443a3c4ad diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild similarity index 62% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild index 3b042f3de7..37f2df1f08 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild @@ -1,30 +1,36 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs +inherit bash-completion-r1 edo optfeature systemd toolchain-funcs if [[ ${PV} == 9999 ]] ; then inherit git-r3 EGIT_REPO_URI="https://github.com/dracutdevs/dracut" else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" + if [[ ${PV} == *_p* ]] ; then + EGIT_COMMIT="4980bad34775da715a2639b736cba5e65a8a2604" + SRC_URI="https://github.com/dracutdevs/dracut/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}"/${PN}-${EGIT_COMMIT} + else + SRC_URI="https://github.com/dracutdevs/dracut/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + fi fi DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" +HOMEPAGE="https://github.com/dracutdevs/dracut/wiki" LICENSE="GPL-2" SLOT="0" +if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86" +fi IUSE="selinux test" - RESTRICT="!test? ( test )" RDEPEND=" - app-arch/cpio + app-alternatives/cpio >=app-shells/bash-4.0:0 sys-apps/coreutils[xattr(-)] >=sys-apps/kmod-23[tools] @@ -32,9 +38,10 @@ RDEPEND=" >=sys-apps/sysvinit-2.87-r3 sys-apps/openrc[sysv-utils(-),selinux?] sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] ) >=sys-apps/util-linux-2.21 - virtual/pkgconfig + virtual/pkgconfig[native-symlinks(+)] virtual/udev elibc_musl? ( sys-libs/fts-standalone ) @@ -61,6 +68,10 @@ QA_MULTILIB_PATHS="usr/lib/dracut/.*" PATCHES=( "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + "${FILESDIR}"/dracut-060-fix-resume-hostonly.patch + "${FILESDIR}"/dracut-060-grub-layout.patch + "${FILESDIR}"/dracut-060-systemd-255.patch + "${FILESDIR}"/dracut-059-install-new-systemd-hibernate-resume.service.patch ) src_configure() { @@ -73,13 +84,7 @@ src_configure() { tc-export CC PKG_CONFIG - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi + edo ./configure "${myconf[@]}" } src_test() { @@ -111,39 +116,9 @@ src_install() { } pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - optfeature "Networking support" net-misc/networkmanager optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs optfeature "Load kernel modules and drop this privilege for real init" \ sys-libs/libcap @@ -155,19 +130,29 @@ pkg_postinst() { optfeature \ "Allows use of dash instead of default bash (on your own risk)" \ app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm + sys-fs/mdadm sys-fs/dmraid optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' optfeature "Support network block devices" sys-block/nbd optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind optfeature \ "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh + virtual/openssh optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq optfeature \ "Enable rngd service to help generating entropy early during boot" \ sys-apps/rng-tools + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" } diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild new file mode 100644 index 0000000000..82e81230a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~mips ppc ppc64 ~riscv sparc x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-103-acct-user-group-gentoo.patch + # https://github.com/dracut-ng/dracut-ng/pull/507 + "${FILESDIR}"/${PN}-103-systemd-udev-256-kmod.patch + # libsystemd-core is sometimes missing + "${FILESDIR}"/${PN}-103-always-install-libsystemd.patch +) + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + docs/HACKING.md + docs/README.cross + docs/README.kernel + docs/RELEASE.md + docs/SECURITY.md + ) + + default + + docinto html + dodoc dracut.html +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild new file mode 100644 index 0000000000..88d06b6e36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild @@ -0,0 +1,236 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +CARGO_OPTIONAL=1 + +inherit cargo flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~mips ~ppc ppc64 ~riscv ~sparc x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+dracut-cpio selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + dracut-cpio? ( ${RUST_DEPEND} ) + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-106-acct-user-group-gentoo.patch + # https://github.com/dracut-ng/dracut-ng/pull/1207 + "${FILESDIR}"/${PN}-106-fix-rngd-module.patch + # https://github.com/dracut-ng/dracut-ng/pull/1250 + "${FILESDIR}"/${PN}-106-fix-mdraid-module.patch +) + +pkg_setup() { + use dracut-cpio && rust_pkg_setup +} + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + --disable-dracut-cpio + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" + if use dracut-cpio; then + cargo_gen_config + cargo_src_configure + fi +} + +src_compile() { + default + if use dracut-cpio; then + pushd src/dracut-cpio >/dev/null || die + cargo_src_compile + popd >/dev/null || die + fi +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + ) + default + if use dracut-cpio; then + exeinto /usr/lib/dracut + doexe "src/dracut-cpio/$(cargo_target_dir)/dracut-cpio" + fi +} + +pkg_preinst() { + # Remove directory/symlink conflicts + # https://bugs.gentoo.org/943007 + local save_nullglob=$(shopt -p nullglob) + shopt -s nullglob + local module + for module in "${EROOT}"/usr/lib/dracut/modules.d/{80test,80test-makeroot,80test-root}; do + if [[ ! -L ${module} && -d ${module} ]]; then + rm -rv "${module}" || die + fi + local backups=( "${module}".backup.* ) + if [[ ${#backups[@]} -gt 0 ]]; then + rm -v "${backups[@]}" || die + fi + done + eval "${save_nullglob}" +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild new file mode 100644 index 0000000000..a9a2d38f29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild @@ -0,0 +1,232 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +CARGO_OPTIONAL=1 + +inherit cargo flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+dracut-cpio selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + dracut-cpio? ( ${RUST_DEPEND} ) + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-106-acct-user-group-gentoo.patch +) + +pkg_setup() { + use dracut-cpio && rust_pkg_setup +} + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + --disable-dracut-cpio + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" + if use dracut-cpio; then + cargo_gen_config + cargo_src_configure + fi +} + +src_compile() { + default + if use dracut-cpio; then + pushd src/dracut-cpio >/dev/null || die + cargo_src_compile + popd >/dev/null || die + fi +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + ) + default + if use dracut-cpio; then + exeinto /usr/lib/dracut + doexe "src/dracut-cpio/$(cargo_target_dir)/dracut-cpio" + fi +} + +pkg_preinst() { + # Remove directory/symlink conflicts + # https://bugs.gentoo.org/943007 + local save_nullglob=$(shopt -p nullglob) + shopt -s nullglob + local module + for module in "${EROOT}"/usr/lib/dracut/modules.d/{80test,80test-makeroot,80test-root}; do + if [[ ! -L ${module} && -d ${module} ]]; then + rm -rv "${module}" || die + fi + local backups=( "${module}".backup.* ) + if [[ ${#backups[@]} -gt 0 ]]; then + rm -v "${backups[@]}" || die + fi + done + eval "${save_nullglob}" +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch new file mode 100644 index 0000000000..124bd6a994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch @@ -0,0 +1,21 @@ +From https://github.com/dracutdevs/dracut/pull/2527 +From a2fe89116db4b286fbf515f26bd1773b5e6ee8ad Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 26 Sep 2023 09:43:37 +0200 +Subject: [PATCH] fix(resume): add new systemd-hibernate-resume.service + +Since https://github.com/systemd/systemd/commit/a628d933, the generator only +does the initial validation of the system info and then enables the new +`systemd-hibernate-resume.service`. + +Fixes #2513 +--- a/modules.d/95resume/module-setup.sh ++++ b/modules.d/95resume/module-setup.sh +@@ -44,6 +44,7 @@ install() { + if dracut_module_included "systemd" && [[ -x $dracutsysrootdir$systemdutildir/systemd-hibernate-resume ]]; then + inst_multiple -o \ + "$systemdutildir"/system-generators/systemd-hibernate-resume-generator \ ++ "$systemdsystemunitdir"/systemd-hibernate-resume.service \ + "$systemdsystemunitdir"/systemd-hibernate-resume@.service \ + "$systemdutildir"/systemd-hibernate-resume + return 0 diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch new file mode 100644 index 0000000000..3563f85293 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/917000 +https://github.com/dracutdevs/dracut/pull/2494 + +From b88d0bab791bdc4ca75d13802f0391caf537650d Mon Sep 17 00:00:00 2001 +From: Andrew Ammerlaan +Date: Sun, 20 Aug 2023 11:47:22 +0200 +Subject: [PATCH] fix(resume): include in hostonly mode if resume= on cmdline + +The grep introduced in commit e3a7112bef794e2f2dd741ec2c74fa9cb9117651 +does not work as intended. The resume module is always excluded in hostonly +mode. + +Made this a bit more explicit with if/else so it is more clear what is going +on. The in-line ||/&& makes the line really long and makes it more difficult +to understand what is going on. + +Bug: https://github.com/dracutdevs/dracut/issues/924 +Signed-off-by: Andrew Ammerlaan +--- + modules.d/95resume/module-setup.sh | 32 +++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/modules.d/95resume/module-setup.sh b/modules.d/95resume/module-setup.sh +index d255103366..2d48043827 100755 +--- a/modules.d/95resume/module-setup.sh ++++ b/modules.d/95resume/module-setup.sh +@@ -10,13 +10,31 @@ check() { + return 1 + } + +- # Only support resume if hibernation is currently on +- # and no swap is mounted on a net device +- [[ $hostonly ]] || [[ $mount_needs ]] && { +- swap_on_netdevice || [[ -f /sys/power/resume && "$(< /sys/power/resume)" == "0:0" ]] || grep -rq '^\|[[:space:]]resume=' /proc/cmdline /etc/cmdline /etc/cmdline.d /etc/kernel/cmdline /usr/lib/kernel/cmdline 2> /dev/null && return 255 +- } +- +- return 0 ++ # If hostonly check if we want to include the resume module ++ if [[ $hostonly ]] || [[ $mount_needs ]]; then ++ # Resuming won't work if swap is on a netdevice ++ swap_on_netdevice && return 255 ++ if grep -rq 'resume=' /proc/cmdline /etc/cmdline /etc/cmdline.d /etc/kernel/cmdline /usr/lib/kernel/cmdline 2> /dev/null; then ++ # hibernation support requested on kernel command line ++ return 0 ++ else ++ # resume= not set on kernel command line ++ if [[ -f /sys/power/resume ]]; then ++ if [[ "$(< /sys/power/resume)" == "0:0" ]]; then ++ # hibernation supported by the kernel, but not enabled ++ return 255 ++ else ++ # hibernation supported by the kernel and enabled ++ return 0 ++ fi ++ else ++ # resume file doesn't exist, hibernation not supported by kernel ++ return 255 ++ fi ++ fi ++ else ++ return 0 ++ fi + } + + # called by dracut diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch new file mode 100644 index 0000000000..543efa1eef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch @@ -0,0 +1,31 @@ +Ensures that the generated initrd is installed in the "new" way via the +staging area in the grub layout. This prevents accidentally creating +an UKI named initrd, and also ensures that BOOT_ROOT and +KERNEL_INSTALL_INITRD_GENERATOR are respected when the layout is set to grub. + +Downstream only since the grub layout for using grub with systemd's +kernel-install is not supported by systemd upstream and therefore this +patch is unlikely to be accepted by dracut upstream. + +diff --git a/install.d/50-dracut.install b/install.d/50-dracut.install +index 441414ac..a98449fe 100755 +--- a/install.d/50-dracut.install ++++ b/install.d/50-dracut.install +@@ -38,6 +38,17 @@ elif [[ $KERNEL_INSTALL_LAYOUT == "bls" && -n $KERNEL_INSTALL_STAGING_AREA ]]; t + else + exit 0 + fi ++elif [[ $KERNEL_INSTALL_LAYOUT == "grub" || $KERNEL_INSTALL_LAYOUT == "compat" || $KERNEL_INSTALL_LAYOUT == "efistub" ]]; then ++ BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA" ++ if [[ -z $KERNEL_INSTALL_UKI_GENERATOR || $KERNEL_INSTALL_UKI_GENERATOR == "dracut" ]]; then ++ IMAGE="uki.efi" ++ UEFI_OPTS="--uefi" ++ elif [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then ++ IMAGE="initrd" ++ UEFI_OPTS="--no-uefi" ++ else ++ exit 0 ++ fi + else + # No layout information, use users --uefi/--no-uefi preference + UEFI_OPTS="" diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch new file mode 100644 index 0000000000..9d577e9504 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch @@ -0,0 +1,26 @@ +https://github.com/dracutdevs/dracut/pull/2586/files +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +index fa960a42c1..87efd0c1a6 100755 +--- a/modules.d/01systemd-pcrphase/module-setup.sh ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -6,7 +6,11 @@ + check() { + + # If the binary(s) requirements are not fulfilled the module can't be installed. +- require_binaries "$systemdutildir"/systemd-pcrphase || return 1 ++ # systemd-255 renamed the binary, check for old and new location. ++ if ! require_binaries "$systemdutildir"/systemd-pcrphase && \ ++ ! require_binaries "$systemdutildir"/systemd-pcrextend; then ++ return 1 ++ fi + + # Return 255 to only include the module, if another module requires it. + return 255 +@@ -28,6 +32,7 @@ install() { + + inst_multiple -o \ + "$systemdutildir"/systemd-pcrphase \ ++ "$systemdutildir"/systemd-pcrextend \ + "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch new file mode 100644 index 0000000000..045528bb0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch @@ -0,0 +1,30 @@ +diff --git a/dracut-init.sh b/dracut-init.sh +index 986da96b..bd47bc92 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -711,10 +711,10 @@ inst_libdir_file() { + + # install sysusers files + inst_sysusers() { +- inst_multiple -o "$sysusers/$*" ++ inst_multiple -o "$sysusers/acct-*-$*" + + if [[ $hostonly ]]; then +- inst_multiple -H -o "$sysusersconfdir/$*" ++ inst_multiple -H -o "$sysusersconfdir/acct-*-$*" + fi + } + +diff --git a/modules.d/91tpm2-tss/module-setup.sh b/modules.d/91tpm2-tss/module-setup.sh +index 4441f552..4b5654d5 100755 +--- a/modules.d/91tpm2-tss/module-setup.sh ++++ b/modules.d/91tpm2-tss/module-setup.sh +@@ -30,7 +30,7 @@ installkernel() { + + # Install the required file(s) and directories for the module in the initramfs. + install() { +- inst_sysusers tpm2-tss.conf ++ inst_sysusers tss.conf + + inst_multiple -o \ + "$tmpfilesdir"/tpm2-tss-fapi.conf \ diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch new file mode 100644 index 0000000000..f2533e14d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch @@ -0,0 +1,21 @@ +From 921792f201e954de461d3b551e01b5369d666db8 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 10 Sep 2024 15:51:46 +0200 +Subject: [PATCH] feat(systemd): always install libsystemd libraries + +--- + modules.d/00systemd/module-setup.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 498cd7edd..fb8a8200b 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -156,5 +156,6 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" + } diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch new file mode 100644 index 0000000000..7a1fc1c8da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch @@ -0,0 +1,41 @@ +From e16195f28669264227c169d45107ea95b83d8f48 Mon Sep 17 00:00:00 2001 +From: Alexander Tsoy +Date: Tue, 16 Jul 2024 08:48:54 +0300 +Subject: [PATCH] fix(systemd): move installation of libkmod to udev-rules + module + +libkmod library should be installed even if systemd module is +omitted, so move its installation to udev-rules module. +--- + modules.d/00systemd/module-setup.sh | 1 - + modules.d/95udev-rules/module-setup.sh | 6 +++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index ce7bb520c..e4fb9a586 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -171,6 +171,5 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libkmod.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" + } +diff --git a/modules.d/95udev-rules/module-setup.sh b/modules.d/95udev-rules/module-setup.sh +index d82ed5eb9..6078751f6 100755 +--- a/modules.d/95udev-rules/module-setup.sh ++++ b/modules.d/95udev-rules/module-setup.sh +@@ -93,7 +93,11 @@ install() { + "${udevdir}"/usb_id \ + "${udevdir}"/v4l_id + +- inst_libdir_file "libnss_files*" ++ # Install required libraries. ++ _arch=${DRACUT_ARCH:-$(uname -m)} ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libkmod.so*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_files*" + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch new file mode 100644 index 0000000000..aefd8be67e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch @@ -0,0 +1,48 @@ +From 1579bb0c77d9e1e4599623a165c54a0dccdaf875 Mon Sep 17 00:00:00 2001 +From: Andrew Ammerlaan +Date: Thu, 31 Oct 2024 11:28:37 +0100 +Subject: [PATCH] fix(dracut.sh): ensure abs path for objcopy args + +Closes: https://github.com/dracut-ng/dracut-ng/issues/833 +Signed-off-by: Andrew Ammerlaan +--- + dracut.sh | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index 90927136e..8b666a1ac 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -35,6 +35,19 @@ readonly dracut_cmd=$(readlink -f "$0") + + set -o pipefail + ++# below we sometimes cd, which causes problems if we're building an UKI ++# and relative paths are passed on to us. Store the pwd before we do anything. ++pwd=$(pwd) ++path_rel_to_abs() { ++ for var in "$@"; do ++ if [[ $var == /* ]]; then ++ echo "$var" ++ else ++ echo "$pwd/$var" ++ fi ++ done ++} ++ + usage() { + [[ $sysroot_l ]] && dracutsysrootdir="$sysroot_l" + [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut +@@ -1095,9 +1108,9 @@ drivers_dir="${drivers_dir%"${drivers_dir##*[!/]}"}" + [[ $reproducible_l ]] && reproducible="$reproducible_l" + [[ $loginstall_l ]] && loginstall="$loginstall_l" + [[ $uefi_l ]] && uefi=$uefi_l +-[[ $uefi_stub_l ]] && uefi_stub="$uefi_stub_l" +-[[ $uefi_splash_image_l ]] && uefi_splash_image="$uefi_splash_image_l" +-[[ $kernel_image_l ]] && kernel_image="$kernel_image_l" ++[[ $uefi_stub_l ]] && uefi_stub=$(path_rel_to_abs "$uefi_stub_l") ++[[ $uefi_splash_image_l ]] && uefi_splash_image=$(path_rel_to_abs "$uefi_splash_image_l") ++[[ $kernel_image_l ]] && kernel_image=$(path_rel_to_abs "$kernel_image_l") + [[ $sbat_l ]] && sbat="$sbat_l" + [[ $machine_id_l ]] && machine_id="$machine_id_l" + diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch new file mode 100644 index 0000000000..558bd388b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch @@ -0,0 +1,28 @@ +From b90eda4b431af23d1101f1ea68b656929c6a82b2 Mon Sep 17 00:00:00 2001 +From: Nowa Ammerlaan +Date: Fri, 8 Nov 2024 20:01:54 +0100 +Subject: [PATCH] fix(dracut-functions.sh): check for modules in --kmoddir, not + in --sysroot + +Modules are installed from the directory specified by --kmoddir, but currently +the check_kernel_module() function is checking for the module in +--sysroot/lib/modules. This is notably not the same when kernels packages are +being built inside some docker container. We should check for the modules +existence in the directory we are actually going to install it from. +--- + dracut-functions.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dracut-functions.sh b/dracut-functions.sh +index 865c31290..245c69cb6 100755 +--- a/dracut-functions.sh ++++ b/dracut-functions.sh +@@ -761,7 +761,7 @@ check_kernel_config() { + # 0 if the kernel module is either built-in or available + # 1 if the kernel module is not enabled + check_kernel_module() { +- modprobe -d "$dracutsysrootdir" -S "$kernel" --dry-run "$1" &> /dev/null || return 1 ++ modprobe -d "$drivers_dir/../../../" -S "$kernel" --dry-run "$1" &> /dev/null || return 1 + } + + # get_cpu_vendor diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch new file mode 100644 index 0000000000..154bd21ca1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch @@ -0,0 +1,29 @@ +https://github.com/dracut-ng/dracut-ng/pull/921 +https://bugs.gentoo.org/943035 + +From 2d4b550c71cc79ac7a3f18afc09d8263963d5de2 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Sat, 9 Nov 2024 14:06:57 -0500 +Subject: [PATCH] fix(dracut-systemd): check systemd-cryptsetup before + including + +--- + modules.d/98dracut-systemd/module-setup.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules.d/98dracut-systemd/module-setup.sh b/modules.d/98dracut-systemd/module-setup.sh +index 0438e40f0..f2502cd78 100755 +--- a/modules.d/98dracut-systemd/module-setup.sh ++++ b/modules.d/98dracut-systemd/module-setup.sh +@@ -19,7 +19,10 @@ depends() { + # systemd-cryptsetup is mandatory dependency + # see https://github.com/dracut-ng/dracut-ng/issues/563 + if dracut_module_included "crypt"; then +- deps+=" systemd-cryptsetup" ++ module_check systemd-cryptsetup > /dev/null 2>&1 ++ if [[ $? == 255 ]]; then ++ deps+=" systemd-cryptsetup" ++ fi + fi + + echo "$deps" diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch new file mode 100644 index 0000000000..25792a5445 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch @@ -0,0 +1,13 @@ +diff --git a/modules.d/91tpm2-tss/module-setup.sh b/modules.d/91tpm2-tss/module-setup.sh +index 4441f5528..4b5654d56 100755 +--- a/modules.d/91tpm2-tss/module-setup.sh ++++ b/modules.d/91tpm2-tss/module-setup.sh +@@ -30,7 +30,7 @@ installkernel() { + + # Install the required file(s) and directories for the module in the initramfs. + install() { +- inst_sysusers tpm2-tss.conf ++ inst_sysusers tss.conf + + inst_multiple -o \ + "$tmpfilesdir"/tpm2-tss-fapi.conf \ diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch new file mode 100644 index 0000000000..3692d1fc2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch @@ -0,0 +1,17 @@ +https://github.com/dracut-ng/dracut-ng/pull/1250 +diff --git a/modules.d/90mdraid/module-setup.sh b/modules.d/90mdraid/module-setup.sh +index 8ce5f2ee..b0ab8411 100755 +--- a/modules.d/90mdraid/module-setup.sh ++++ b/modules.d/90mdraid/module-setup.sh +@@ -46,7 +46,7 @@ cmdline() { + [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue + + UUID=$( +- /sbin/mdadm --examine --export "$dev" \ ++ mdadm --examine --export "$dev" \ + | while read -r line || [[ "$line" ]]; do + [[ ${line#MD_UUID=} == "$line" ]] && continue + printf "%s" "${line#MD_UUID=} " +-- +2.48.1 + diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch new file mode 100644 index 0000000000..8163ba28ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch @@ -0,0 +1,14 @@ +https://github.com/dracut-ng/dracut-ng/pull/1207 +diff --git a/modules.d/06rngd/module-setup.sh b/modules.d/06rngd/module-setup.sh +index 1fcc831c4..064379242 100755 +--- a/modules.d/06rngd/module-setup.sh ++++ b/modules.d/06rngd/module-setup.sh +@@ -21,7 +21,7 @@ + check() { + # if there's no rngd binary, no go. + require_binaries rngd || return 1 +- require_binaries "${systemdsystemunitdir}/rngd.service" || return 1 ++ [[ -e "${systemdsystemunitdir}/rngd.service" ]] || return 1 + + return 0 + } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml similarity index 50% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml index d8b0651a40..4ccd31e3ca 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml @@ -1,10 +1,6 @@ - + - - chutzpah@gentoo.org - Patrick McLean - alexander@tsoy.me Alexander Tsoy @@ -13,4 +9,14 @@ floppym@gentoo.org Mike Gilbert + + nowa@gentoo.org + Nowa Ammerlaan + + + Build the enhanced 'dracut-cpio' program, written in Rust. + + + dracut-ng/dracut-ng +