From 092e50f8e3b424eb57a561df3b5be788b119f3db Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Sun, 11 Aug 2024 09:03:12 +0100 Subject: [PATCH 1/7] sys-kernel/dracut: Use Gentoo package instead, upgrading to 106 Apply our patch using user-patches instead. Signed-off-by: James Le Cuirot --- .../workflows/portage-stable-packages-list | 1 + changelog/updates/2025-04-17-dracut-update.md | 1 + .../050-change-network-dep-iscsi.patch | 0 .../user-patches/sys-kernel/dracut/README.md | 2 + .../coreos-overlay/sys-kernel/dracut/Manifest | 4 - .../sys-kernel/dracut/dracut-050-r2.ebuild | 170 ------------ .../sys-kernel/dracut/dracut-051-r1.ebuild | 160 ------------ .../sys-kernel/dracut/dracut-053-r1.ebuild | 162 ------------ .../sys-kernel/dracut/dracut-9999.ebuild | 173 ------------- ...nstall-only-keymap-required-by-syste.patch | 51 ---- .../050-Makefile-fix-VERSION-again.patch | 34 --- ...main-version-and-git-version-earlier.patch | 78 ------ ...050-btrfs-force-preload-btrfs-module.patch | 30 --- .../dracut/files/050-busybox-module-fix.patch | 102 -------- ...ote-variables-in-parameter-expansion.patch | 111 -------- ...call-fsfreeze-on-subvol-of-root-file.patch | 75 ------ ...ix-removal-of-pvscan-from-udev-rules.patch | 26 -- ...ensure-that-nm-run.sh-is-executed-wh.patch | 48 ---- ...emd-remove-obsolete-syslog-parameter.patch | 241 ------------------ .../files/051-dracut.sh-move-ldconfig.patch | 60 ----- .../dracut/files/053-network-manager.patch | 24 -- .../dracut/files/059-systemd-executor.patch | 31 --- .../dracut/files/gentoo-ldconfig-paths.patch | 39 --- .../portage-stable/sys-kernel/dracut/Manifest | 3 + .../dracut/dracut-060_pre20240104-r4.ebuild} | 85 +++--- .../sys-kernel/dracut/dracut-103-r4.ebuild | 203 +++++++++++++++ .../sys-kernel/dracut/dracut-106-r2.ebuild | 236 +++++++++++++++++ .../sys-kernel/dracut/dracut-9999.ebuild | 232 +++++++++++++++++ ...new-systemd-hibernate-resume.service.patch | 21 ++ .../dracut-060-fix-resume-hostonly.patch | 65 +++++ .../dracut/files/dracut-060-grub-layout.patch | 31 +++ .../dracut/files/dracut-060-systemd-255.patch | 26 ++ .../dracut-103-acct-user-group-gentoo.patch | 30 +++ ...dracut-103-always-install-libsystemd.patch | 21 ++ .../dracut-103-systemd-udev-256-kmod.patch | 41 +++ ...acut-105-ensure-abs-args-for-objcopy.patch | 48 ++++ .../dracut-105-fix-check_kernel_module.patch | 28 ++ .../files/dracut-105-systemd-cryptsetup.patch | 29 +++ .../dracut-106-acct-user-group-gentoo.patch | 13 + .../files/dracut-106-fix-mdraid-module.patch | 17 ++ .../files/dracut-106-fix-rngd-module.patch | 14 + .../files/gentoo-ldconfig-paths-r1.patch | 0 .../sys-kernel/dracut/metadata.xml | 16 +- 43 files changed, 1108 insertions(+), 1674 deletions(-) create mode 100644 changelog/updates/2025-04-17-dracut-update.md rename sdk_container/src/third_party/coreos-overlay/{sys-kernel/dracut/files => coreos/user-patches/sys-kernel/dracut}/050-change-network-dep-iscsi.patch (100%) create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest rename sdk_container/src/third_party/{coreos-overlay/sys-kernel/dracut/dracut-055.ebuild => portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild} (62%) create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch rename sdk_container/src/third_party/{coreos-overlay => portage-stable}/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch (100%) rename sdk_container/src/third_party/{coreos-overlay => portage-stable}/sys-kernel/dracut/metadata.xml (50%) diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index aebcfffc83..0842bae55f 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -652,6 +652,7 @@ sys-fs/xfsprogs sys-fs/zfs sys-fs/zfs-kmod +sys-kernel/dracut sys-kernel/linux-headers sys-libs/binutils-libs diff --git a/changelog/updates/2025-04-17-dracut-update.md b/changelog/updates/2025-04-17-dracut-update.md new file mode 100644 index 0000000000..45f53cc7b7 --- /dev/null +++ b/changelog/updates/2025-04-17-dracut-update.md @@ -0,0 +1 @@ +- dracut ([106](https://github.com/dracut-ng/dracut-ng/releases/tag/106) (includes [105](https://github.com/dracut-ng/dracut-ng/releases/tag/105), [104](https://github.com/dracut-ng/dracut-ng/releases/tag/104), [103](https://github.com/dracut-ng/dracut-ng/releases/tag/103), [102](https://github.com/dracut-ng/dracut-ng/releases/tag/102), [101](https://github.com/dracut-ng/dracut-ng/releases/tag/101), [100](https://github.com/dracut-ng/dracut-ng/releases/tag/100), [060](https://github.com/dracut-ng/dracut-ng/releases/tag/060), [059](https://github.com/dracut-ng/dracut-ng/releases/tag/059), [058](https://github.com/dracut-ng/dracut-ng/releases/tag/058), [057](https://github.com/dracut-ng/dracut-ng/releases/tag/057), [056](https://github.com/dracut-ng/dracut-ng/releases/tag/056), [055](https://github.com/dracut-ng/dracut-ng/releases/tag/055), [054](https://github.com/dracut-ng/dracut-ng/releases/tag/054))) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-change-network-dep-iscsi.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/050-change-network-dep-iscsi.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-change-network-dep-iscsi.patch rename to sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/050-change-network-dep-iscsi.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md new file mode 100644 index 0000000000..9e3f344bd4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md @@ -0,0 +1,2 @@ +`050-change-network-dep-iscsi.patch` is a Flatcar-specific dependency tweak to +use flatcar-network instead of network. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest deleted file mode 100644 index 6aa8281547..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -DIST dracut-050.tar.xz 333592 BLAKE2B cb0bfa5a8e7547260b8a80a3606eb284182c062926269c85b09e07d26ad177df0eeaa64b17005bff9290611f1c83fc8cd8e2216cfe14b5e66ec7f659d4c2fa7b SHA512 eba046cf1c8013369a398e585e0bff233daa8595d469ce9acc8bbc6a32d55c6a5429d4219db19abbf6001104be05b357f0961f9e66b7f926039a5d3ee7c2b850 -DIST dracut-051.tar.xz 346500 BLAKE2B 38129b6b713b3338bbb2554fffd611f80216969eebac9fca7fb72df2db2036d4fbe66ebd54e646e562e24801e61064e54b62f066bab9e77ca88814100ebdd8ff SHA512 f3533430e479bc91c538e0a198ca97450ec449a7d661d876ecd0ad3e417e22f7e4abf0a384fc676a63a4d3479f25d717c8acdcd1bdec7d0a5714298c5c4ea6b8 -DIST dracut-053.tar.xz 354668 BLAKE2B d20d0f1675e18cf44615a98255c8b1a73f23e9c665a771a1fe99716d3bf0b6082961ab20fe058bf31c106c4f521d9e8708e2ae98cff00f613197bbf9dd3abda3 SHA512 4736f84442bda208a38d3285ffeb8b845f06e52e3bf60d2aaea121240cf695e1369208c2d2cee1137a6c1d3f8f7794385675006beaf5cd86ade259d5f42d039a -DIST dracut-055.tar.xz 361752 BLAKE2B 9fcb0bce9ead2e079c70a377ea53701e4634d3dc64ae163e0e157d7d85822a274813e05f6079768640e1807818fad7a8158626413d773686a8d52fcd95fb5680 SHA512 2d2ea2889d9013bc94245bd7d1a2154f24d02bd9c2f7dbb28e5968e17d918e6598c68d85b0f551f968218980a80b19361ca0c9e8e94997ba54f4c09afcd6d866 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild deleted file mode 100644 index 7b8172dca5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-050-r2.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 sparc x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS HACKING NEWS README.md README.generic README.kernel README.modules - README.testsuite TODO ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/050-Makefile-merge-main-version-and-git-version-earlier.patch - "${FILESDIR}"/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch - "${FILESDIR}"/050-Makefile-fix-VERSION-again.patch - "${FILESDIR}"/050-btrfs-force-preload-btrfs-module.patch - "${FILESDIR}"/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch - "${FILESDIR}"/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch - "${FILESDIR}"/050-busybox-module-fix.patch - "${FILESDIR}"/050-systemd-remove-obsolete-syslog-parameter.patch - "${FILESDIR}"/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch - "${FILESDIR}"/050-gentoo-ldconfig-paths.patch - # Flatcar: override iscsi network dependency - "${FILESDIR}"/050-change-network-dep-iscsi.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - insinto /etc/logrotate.d - newins dracut.logrotate dracut - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild deleted file mode 100644 index 4c6865f557..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-051-r1.ebuild +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS HACKING NEWS README.md README.generic README.kernel README.modules - README.testsuite TODO ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/051-dracut.sh-move-ldconfig.patch - "${FILESDIR}"/gentoo-ldconfig-paths.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - insinto /etc/logrotate.d - newins dracut.logrotate dracut - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild deleted file mode 100644 index ff309e2485..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-053-r1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 sparc x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux" - -# Tests need root privileges, bug #298014 -RESTRICT="test" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -DOCS=( AUTHORS README.md README.generic README.kernel ) - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/053-network-manager.patch - "${FILESDIR}"/gentoo-ldconfig-paths.patch - # Flatcar: override iscsi network dependency - "${FILESDIR}"/050-change-network-dep-iscsi.patch - # Add required systemd 255 binary - "${FILESDIR}"/059-systemd-executor.patch - # Add systemd vconsole setup fix using i118n - "${FILESDIR}"/0001-systemd-initrd-install-only-keymap-required-by-syste.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_install() { - default - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild deleted file mode 100644 index 3b042f3de7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-9999.ebuild +++ /dev/null @@ -1,173 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs - -if [[ ${PV} == 9999 ]] ; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/dracutdevs/dracut" -else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" -fi - -DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" - -LICENSE="GPL-2" -SLOT="0" -IUSE="selinux test" - -RESTRICT="!test? ( test )" - -RDEPEND=" - app-arch/cpio - >=app-shells/bash-4.0:0 - sys-apps/coreutils[xattr(-)] - >=sys-apps/kmod-23[tools] - || ( - >=sys-apps/sysvinit-2.87-r3 - sys-apps/openrc[sysv-utils(-),selinux?] - sys-apps/systemd[sysv-utils] - ) - >=sys-apps/util-linux-2.21 - virtual/pkgconfig - virtual/udev - - elibc_musl? ( sys-libs/fts-standalone ) - selinux? ( - sec-policy/selinux-dracut - sys-libs/libselinux - sys-libs/libsepol - ) -" -DEPEND=" - >=sys-apps/kmod-23 - elibc_musl? ( sys-libs/fts-standalone ) -" - -BDEPEND=" - app-text/asciidoc - app-text/docbook-xml-dtd:4.5 - >=app-text/docbook-xsl-stylesheets-1.75.2 - >=dev-libs/libxslt-1.1.26 - virtual/pkgconfig -" - -QA_MULTILIB_PATHS="usr/lib/dracut/.*" - -PATCHES=( - "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch -) - -src_configure() { - local myconf=( - --prefix="${EPREFIX}/usr" - --sysconfdir="${EPREFIX}/etc" - --bashcompletiondir="$(get_bashcompdir)" - --systemdsystemunitdir="$(systemd_get_systemunitdir)" - ) - - tc-export CC PKG_CONFIG - - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi -} - -src_test() { - if [[ ${EUID} != 0 ]]; then - # Tests need root privileges, bug #298014 - ewarn "Skipping tests: Not running as root." - elif [[ ! -w /dev/kvm ]]; then - ewarn "Skipping tests: Unable to access /dev/kvm." - else - emake -C test check - fi -} - -src_install() { - local DOCS=( - AUTHORS - NEWS.md - README.md - docs/README.cross - docs/README.generic - docs/README.kernel - docs/SECURITY.md - ) - - default - - docinto html - dodoc dracut.html -} - -pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - - optfeature "Networking support" net-misc/networkmanager - optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ - sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct - optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs - optfeature "Load kernel modules and drop this privilege for real init" \ - sys-libs/libcap - optfeature "Support CIFS" net-fs/cifs-utils - optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ - "sys-fs/cryptsetup[-static-libs]" - optfeature "Support for GPG-encrypted keys for crypt module" \ - app-crypt/gnupg - optfeature \ - "Allows use of dash instead of default bash (on your own risk)" \ - app-shells/dash - optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 - optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm - optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools - optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' - optfeature "Support network block devices" sys-block/nbd - optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind - optfeature \ - "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh - optfeature "Enable logging with rsyslog" app-admin/rsyslog - optfeature \ - "Enable rngd service to help generating entropy early during boot" \ - sys-apps/rng-tools -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch deleted file mode 100644 index 819639b1e4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/0001-systemd-initrd-install-only-keymap-required-by-syste.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 6d7e4b88c21f45cf1695e4495004a12cacd58d0c Mon Sep 17 00:00:00 2001 -From: Adrian Vladu -Date: Thu, 7 Mar 2024 11:17:54 +0000 -Subject: [PATCH] systemd: initrd: install only keymap required by - systemd-vconsole-setup - -Signed-off-by: Adrian Vladu ---- - modules.d/10i18n/module-setup.sh | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/modules.d/10i18n/module-setup.sh b/modules.d/10i18n/module-setup.sh -index d6688b47..516883be 100755 ---- a/modules.d/10i18n/module-setup.sh -+++ b/modules.d/10i18n/module-setup.sh -@@ -4,7 +4,7 @@ - check() { - [[ "$mount_needs" ]] && return 1 - -- require_binaries setfont loadkeys kbd_mode || return 1 -+ require_binaries loadkeys || return 1 - - return 0 - } -@@ -164,6 +164,10 @@ install() { - fi - shopt -q -u nocasematch - -+ # install only one keymap: us -+ KEYMAP=us -+ -+ - # Gentoo user may have KEYMAP set to something like "-u pl2", - KEYMAP=${KEYMAP#-* } - -@@ -267,10 +271,7 @@ install() { - inst_simple ${VCONFIG_CONF} - fi - -- if [[ ${hostonly} ]] && ! [[ ${i18n_install_all} == "yes" ]]; then -- install_local_i18n || install_all_kbd -- else -- install_all_kbd -- fi -+ # install only one keyboard map -+ install_local_i18n - fi - } --- -2.43.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch deleted file mode 100644 index a091e4c9fa..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-fix-VERSION-again.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a76aa8e39016a8564adb0f18f93bbf2e15d3243f Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Sun, 8 Mar 2020 05:47:50 +0300 -Subject: [PATCH] Makefile: fix VERSION again - -The variable is not undefined anymore after the first assignment, so -we should check if variable is empty instead. ---- - Makefile | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index c69e2dfc..02e2c4b5 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,9 +1,13 @@ - -include dracut-version.sh - - DRACUT_MAIN_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --abbrev=0 --tags --always 2>/dev/null || :) --DRACUT_MAIN_VERSION ?= $(DRACUT_VERSION) -+ifeq ($(DRACUT_MAIN_VERSION),) -+DRACUT_MAIN_VERSION = $(DRACUT_VERSION) -+endif - DRACUT_FULL_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --tags --always 2>/dev/null || :) --DRACUT_FULL_VERSION ?= $(DRACUT_VERSION) -+ifeq ($(DRACUT_FULL_VERSION),) -+DRACUT_FULL_VERSION = $(DRACUT_VERSION) -+endif - - -include Makefile.inc - --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch deleted file mode 100644 index 49c532b929..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-Makefile-merge-main-version-and-git-version-earlier.patch +++ /dev/null @@ -1,78 +0,0 @@ -From eb8a7a96351b6e1cfd9dc34f1e854333a8f4a4e0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= - -Date: Fri, 6 Mar 2020 08:46:36 +0700 -Subject: [PATCH] Makefile: merge main-version and git-version earlier - -With GNU Make 4.3 on both ArchLinux, and VoidLinux, -GITVERION is always empty because of bad substitution. -Change '\#' to simply '#' can fix it, -but we don't need that complation. - -We can merge DRACUT_MAIN_VERSION and GITVERSION into DRACUT_FULL_VERSION. -Because, GITVERSION will be attached back to DRACUT_MAIN_VERSION in all -situation. - -While we're at it, detect if we're in git worktree by: -limiting GIT_CEILING_DIRECTORIES to parent directory of -dracut's top level directory; instead of checking for .git directory, -in order to support git-worktree, in such case, .git will be a file, see -gitrepository-layout(5) ---- - Makefile | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/Makefile b/Makefile -index 22b584f1..c69e2dfc 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,8 +1,9 @@ - -include dracut-version.sh - --DRACUT_MAIN_VERSION ?= $(shell [ -d .git ] && git describe --abbrev=0 --tags --always 2>/dev/null || :) -+DRACUT_MAIN_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --abbrev=0 --tags --always 2>/dev/null || :) - DRACUT_MAIN_VERSION ?= $(DRACUT_VERSION) --GITVERSION ?= $(shell [ -d .git ] && { v=$$(git describe --tags --always 2>/dev/null); [ -n "$$v" ] && [ $${v\#*-} != $$v ] && echo -$${v\#*-}; } ) -+DRACUT_FULL_VERSION ?= $(shell env GIT_CEILING_DIRECTORIES=$(CWD)/.. git describe --tags --always 2>/dev/null || :) -+DRACUT_FULL_VERSION ?= $(DRACUT_VERSION) - - -include Makefile.inc - -@@ -92,14 +93,14 @@ endif - - %.xml: %.asc - @rm -f -- "$@" -- asciidoc -a "version=$(DRACUT_MAIN_VERSION)$(GITVERSION)" -d manpage -b docbook -o "$@" $< -+ asciidoc -a "version=$(DRACUT_FULL_VERSION)" -d manpage -b docbook -o "$@" $< - - dracut.8: dracut.usage.asc dracut.8.asc - - dracut.html: dracut.asc $(manpages) dracut.css dracut.usage.asc - @rm -f -- dracut.xml - asciidoc -a "mainversion=$(DRACUT_MAIN_VERSION)" \ -- -a "version=$(DRACUT_MAIN_VERSION)$(GITVERSION)" \ -+ -a "version=$(DRACUT_FULL_VERSION)" \ - -a numbered \ - -d book -b docbook -o dracut.xml dracut.asc - @rm -f -- dracut.html -@@ -112,7 +113,7 @@ dracut.html: dracut.asc $(manpages) dracut.css dracut.usage.asc - dracut.pc: Makefile.inc Makefile - @echo "Name: dracut" > dracut.pc - @echo "Description: dracut" >> dracut.pc -- @echo "Version: $(DRACUT_MAIN_VERSION)$(GITVERSION)" >> dracut.pc -+ @echo "Version: $(DRACUT_FULL_VERSION)" >> dracut.pc - @echo "dracutdir=$(pkglibdir)" >> dracut.pc - @echo "dracutmodulesdir=$(pkglibdir)/modules.d" >> dracut.pc - @echo "dracutconfdir=$(pkglibdir)/dracut.conf.d" >> dracut.pc -@@ -182,7 +183,7 @@ endif - - dracut-version.sh: - @rm -f dracut-version.sh -- @echo "DRACUT_VERSION=$(DRACUT_MAIN_VERSION)$(GITVERSION)" > dracut-version.sh -+ @echo "DRACUT_VERSION=$(DRACUT_FULL_VERSION)" > dracut-version.sh - - clean: - $(RM) *~ --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch deleted file mode 100644 index 386722c2ae..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-btrfs-force-preload-btrfs-module.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0402b3777b1c64bd716f588ff7457b905e98489d Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Wed, 11 Mar 2020 12:56:52 +0100 -Subject: [PATCH] btrfs: force preload btrfs module - -fixes https://github.com/dracutdevs/dracut/issues/658 - -raid6_pq and xor takes time doing benchmarking - -[ 3.983009] request_module fs-btrfs succeeded, but still no fs? ---- - modules.d/90btrfs/module-setup.sh | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh -index b0d0058b..66a254e1 100755 ---- a/modules.d/90btrfs/module-setup.sh -+++ b/modules.d/90btrfs/module-setup.sh -@@ -48,5 +48,7 @@ install() { - - inst_multiple -o btrfsck btrfs-zero-log - inst $(command -v btrfs) /sbin/btrfs -+ # Hack for slow machines -+ # see https://github.com/dracutdevs/dracut/issues/658 -+ echo "rd.driver.pre=btrfs" > ${initdir}/etc/cmdline.d/00-btrfs.conf - } -- --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch deleted file mode 100644 index faaf026e53..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-busybox-module-fix.patch +++ /dev/null @@ -1,102 +0,0 @@ -From f769154bccf22d2b5caf5e4888f88bf7edde2662 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 25 May 2020 19:02:05 +0300 -Subject: [PATCH 1/2] dracut-functions: fix find_binary() to return full path - -Fixes: a01204202b30 (Allow running on a cross-compiled rootfs) ---- - dracut-functions.sh | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index 3cb9c7af..b5c28248 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -41,31 +41,36 @@ str_ends() { [ "${1%*"$2"}" != "$1" ]; } - # search in the usual places to find the binary. - find_binary() { - local _delim -+ local _path - local l - local p - [[ -z ${1##/*} ]] || _delim="/" - - if [[ "$1" == *.so* ]]; then - for l in libdirs ; do -- if { $DRACUT_LDD "$dracutsysrootdir$l$_delim$1" &>/dev/null; }; then -- printf "%s\n" "$1" -+ _path="${l}${_delim}${1}" -+ if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &>/dev/null; }; then -+ printf "%s\n" "${_path}" - return 0 - fi - done -- if { $DRACUT_LDD "$dracutsysrootdir$_delim$1" &>/dev/null; }; then -- printf "%s\n" "$1" -+ _path="${_delim}${1}" -+ if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &>/dev/null; }; then -+ printf "%s\n" "${_path}" - return 0 - fi - fi - if [[ "$1" == */* ]]; then -- if [[ -L $dracutsysrootdir$_delim$1 ]] || [[ -x $dracutsysrootdir$_delim$1 ]]; then -- printf "%s\n" "$1" -+ _path="${_delim}${1}" -+ if [[ -L ${dracutsysrootdir}${_path} ]] || [[ -x ${dracutsysrootdir}${_path} ]]; then -+ printf "%s\n" "${_path}" - return 0 - fi - fi - for p in $DRACUT_PATH ; do -- if [[ -L $dracutsysrootdir$p$_delim$1 ]] || [[ -x $dracutsysrootdir$p$_delim$1 ]]; then -- printf "%s\n" "$1" -+ _path="${p}${_delim}${1}" -+ if [[ -L ${dracutsysrootdir}${_path} ]] || [[ -x ${dracutsysrootdir}${_path} ]]; then -+ printf "%s\n" "${_path}" - return 0 - fi - done --- -2.26.2 - -From 50cc23ba32b0fda63eff7623b529dbeb4e6a38c6 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 25 May 2020 17:49:20 +0300 -Subject: [PATCH 2/2] busybox: simplify listing of supported utilities - -'--list' option is supported since busybox-1.20.0, which was released -in 2010. ---- - modules.d/05busybox/module-setup.sh | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/modules.d/05busybox/module-setup.sh b/modules.d/05busybox/module-setup.sh -index ecbd6a13..5d88c5d1 100755 ---- a/modules.d/05busybox/module-setup.sh -+++ b/modules.d/05busybox/module-setup.sh -@@ -14,15 +14,16 @@ depends() { - - # called by dracut - install() { -- local _i _progs _path _busybox -+ local _i _path _busybox -+ local _progs=() - _busybox=$(type -P busybox) - inst $_busybox /usr/bin/busybox -- for _i in $($_busybox | sed -ne '1,/Currently/!{s/,//g; s/busybox//g; p}') -- do -- _progs="$_progs $_i" -+ for _i in $($_busybox --list); do -+ [[ ${_i} == busybox ]] && continue -+ _progs+=("${_i}") - done - -- for _i in $_progs; do -+ for _i in "${_progs[@]}"; do - _path=$(find_binary "$_i") - [ -z "$_path" ] && continue - ln_r /usr/bin/busybox $_path --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch deleted file mode 100644 index 11ca7add6d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut-lib.sh-quote-variables-in-parameter-expansion.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 8e1a4dc5f8a777fc718db490414ffdc9dc755f66 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Sat, 18 Apr 2020 14:55:41 +0200 -Subject: [PATCH] dracut-lib.sh: quote variables in parameter expansion - patterns - -According to POSIX.1-2017, 2.6.2 Parameter Expansion: - -${parameter%[word]} [...] The word shall be expanded to produce a -pattern. - -This means if word contains variables that itself contain special -characters like asterisks or backslashes, these are treated as pattern -characters unless the variable is quoted. Try e.g. the following example -in bash, dash or (busybox) ash: - -i='a\c'; j='\'; echo "${i%$j*}" - -This prints "a\c" because "$j*" is expanded to "\*", escaping the -asterisk. In contrast, - -i='a\c'; j='\'; echo "${i%"$j"*}" - -produces the expected result "a" because the backslash is not specially -treated any more after quoting. - -The quotes that this commit adds have been previously removed in commit -f9c96cf56fed390841eac05c43826e62014c9188, citing issues with busybox -hush without further specifying the actual error. I tested a recent -busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b) -and couldn't find any problems. Note that the above example always -produces "a\c" in hush regardless of quoting $j, making hush unsuitable -for use with dracut, but using quotes in parameter expansions generally -works. - -The unquoted variables break the "rd.luks.uuid/name" kernel command line -options in dracut 050 because - -str_replace "$luksname" '\' '\\' - -in modules.d/90crypt/parse-crypt.sh is not able to escape the -backslashes any more, see GH-723, GH-727: backslashes in the -systemd-cryptsetup@.service unit name stay unescaped for use in udev -(cf. commit 0f6d93eb9d63695a64002ec8b0421fbc9fc8a7a3), leading to -failures in starting the unit. - -This partially reverts commit f9c96cf56fed390841eac05c43826e62014c9188. ---- - modules.d/99base/dracut-lib.sh | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh -index c53cd13b..c57523d3 100755 ---- a/modules.d/99base/dracut-lib.sh -+++ b/modules.d/99base/dracut-lib.sh -@@ -24,7 +24,7 @@ debug_on() { - - # returns OK if $1 contains literal string $2 (and isn't empty) - strstr() { -- [ "${1##*$2*}" != "$1" ] -+ [ "${1##*"$2"*}" != "$1" ] - } - - # returns OK if $1 matches (completely) glob pattern $2 -@@ -43,18 +43,18 @@ strglobin() { - - # returns OK if $1 contains literal string $2 at the beginning, and isn't empty - str_starts() { -- [ "${1#$2*}" != "$1" ] -+ [ "${1#"$2"*}" != "$1" ] - } - - # returns OK if $1 contains literal string $2 at the end, and isn't empty - str_ends() { -- [ "${1%*$2}" != "$1" ] -+ [ "${1%*"$2"}" != "$1" ] - } - - trim() { - local var="$*" -- var="${var#${var%%[![:space:]]*}}" # remove leading whitespace characters -- var="${var%${var##*[![:space:]]}}" # remove trailing whitespace characters -+ var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters -+ var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters - printf "%s" "$var" - } - -@@ -108,9 +108,9 @@ str_replace() { - local out='' - - while strstr "${in}" "$s"; do -- chop="${in%%$s*}" -+ chop="${in%%"$s"*}" - out="${out}${chop}$r" -- in="${in#*$s}" -+ in="${in#*"$s"}" - done - echo "${out}${in}" - } -@@ -396,7 +396,7 @@ splitsep() { - while [ -n "$str" -a "$#" -gt 1 ]; do - tmp="${str%%$sep*}" - eval "$1='${tmp}'" -- str="${str#$tmp}" -+ str="${str#"$tmp"}" - str="${str#$sep}" - shift - done --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch deleted file mode 100644 index cf54cabb5e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-dracut.sh-don-t-call-fsfreeze-on-subvol-of-root-file.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 0386e4627779cb51f4292b3c642d90586d5e71b4 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Wed, 29 Jan 2020 23:53:29 +0100 -Subject: [PATCH] dracut.sh: don't call fsfreeze on subvol of root file system - -dracut.sh already doesn't call fsfreeze if the output file is on -the root file system. For btrfs, however, this is not sufficient. -Because fsfreeze is a superblock operation, and all btrfs subvolumes -share the same superblock, fsfreeze may freeze the entire system -if the subvolume on which the output file is written and / are -subvolumes of the same file system. Avoid this by comparing file -system UUIDs for btrfs. - -Fixes: de576db3c225 ("call fsfreeze(8) on /boot to flush initramfs data & metadata to media") ---- - dracut.sh | 36 +++++++++++++++++++++++++++++++++++- - 1 file changed, 35 insertions(+), 1 deletion(-) - -diff --git a/dracut.sh b/dracut.sh -index af346f3a..c14f6c0b 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -2075,6 +2075,40 @@ fi - - command -v restorecon &>/dev/null && restorecon -- "$outfile" - -+btrfs_uuid() { -+ btrfs filesystem show "$1" | sed -n '1s/^.*uuid: //p' -+} -+ -+freeze_ok_for_btrfs() { -+ local mnt uuid1 uuid2 -+ # If the output file is on btrfs, we need to make sure that it's -+ # not on a subvolume of the same file system as the root FS. -+ # Otherwise, fsfreeze() might freeze the entire system. -+ # This is most conveniently checked by comparing the FS uuid. -+ -+ [[ "$(stat -f -c %T -- "/")" == "btrfs" ]] || return 0 -+ mnt=$(stat -c %m -- "$1") -+ uuid1=$(btrfs_uuid "$mnt") -+ uuid2=$(btrfs_uuid "/") -+ [[ "$uuid1" && "$uuid2" && "$uuid1" != "$uuid2" ]] -+} -+ -+freeze_ok_for_fstype() { -+ local outfile=$1 -+ local fstype -+ -+ [[ "$(stat -c %m -- "$outfile")" == "/" ]] && return 1 -+ fstype=$(stat -f -c %T -- "$outfile") -+ case $fstype in -+ msdos) -+ return 1;; -+ btrfs) -+ freeze_ok_for_btrfs "$outfile";; -+ *) -+ return 0;; -+ esac -+} -+ - # We sync/fsfreeze only if we're operating on a live booted system. - # It's possible for e.g. `kernel` to be installed as an RPM BuildRequires or equivalent, - # and there's no reason to sync, and *definitely* no reason to fsfreeze. -@@ -2087,7 +2121,7 @@ if test -d $dracutsysrootdir/run/systemd/system; then - fi - - # use fsfreeze only if we're not writing to / -- if [[ "$(stat -c %m -- "$outfile")" != "/" && "$(stat -f -c %T -- "$outfile")" != "msdos" ]]; then -+ if [[ "$(stat -c %m -- "$outfile")" != "/" ]] && freeze_ok_for_fstype "$outfile"; then - if ! $(fsfreeze -f $(dirname "$outfile") 2>/dev/null && fsfreeze -u $(dirname "$outfile") 2>/dev/null); then - dinfo "dracut: warning: could not fsfreeze $(dirname "$outfile")" - fi --- -2.24.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch deleted file mode 100644 index 8b93afc358..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-lvm-fix-removal-of-pvscan-from-udev-rules.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 07417b7fc5cb261187519c916e4735189f20f4c6 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Sat, 23 May 2020 18:03:47 +0300 -Subject: [PATCH] lvm: fix removal of pvscan from udev rules - -udev rules provided by lvm 2.02.128 and newer uses '+=' instead of '='. ---- - modules.d/90lvm/module-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules.d/90lvm/module-setup.sh b/modules.d/90lvm/module-setup.sh -index d6d2c185..52c803f7 100755 ---- a/modules.d/90lvm/module-setup.sh -+++ b/modules.d/90lvm/module-setup.sh -@@ -101,7 +101,7 @@ install() { - sed -i -e 's/^ENV{SYSTEMD_ALIAS}=.*/# No LVM pvscan in dracut - lvmetad is not running yet/' \ - ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules - sed -i -e 's/^ENV{ID_MODEL}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules -- sed -i -e 's/^ENV{SYSTEMD_WANTS}=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules -+ sed -i -e 's/^ENV{SYSTEMD_WANTS}+\?=.*//' ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules - else - sed -i -e 's/.*lvm pvscan.*/# No LVM pvscan for in dracut - lvmetad is not running yet/' \ - ${initdir}/lib/udev/rules.d/69-dm-lvm-metad.rules --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch deleted file mode 100644 index d97193c9b1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-network-manager-ensure-that-nm-run.sh-is-executed-wh.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 3dcaa97ca4dcfa8092252a22df62c60941e59ce3 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 11 Mar 2020 09:40:50 +0100 -Subject: [PATCH] network-manager: ensure that nm-run.sh is executed when - needed - -The network-manager command line hook must install a -initqueue/finished hook to ensure that nm-run.sh is executed when -there are network connections to activate. - -Fixes: #694 ---- - modules.d/35network-manager/nm-config.sh | 11 +++++++++++ - modules.d/35network-manager/nm-run.sh | 2 ++ - 2 files changed, 13 insertions(+) - -diff --git a/modules.d/35network-manager/nm-config.sh b/modules.d/35network-manager/nm-config.sh -index 1efa737c..39a1c8bd 100755 ---- a/modules.d/35network-manager/nm-config.sh -+++ b/modules.d/35network-manager/nm-config.sh -@@ -5,3 +5,14 @@ if [ -n "$netroot" ] || [ -e /tmp/net.ifaces ]; then - fi - - /usr/libexec/nm-initrd-generator -- $(getcmdline) -+ -+if getargbool 0 rd.neednet; then -+ for i in /usr/lib/NetworkManager/system-connections/* \ -+ /run/NetworkManager/system-connections/* \ -+ /etc/NetworkManager/system-connections/* \ -+ /etc/sysconfig/network-scripts/ifcfg-*; do -+ [ -f "$i" ] || continue -+ echo '[ -f /tmp/nm.done ]' >$hookdir/initqueue/finished/nm.sh -+ break -+ done -+fi -diff --git a/modules.d/35network-manager/nm-run.sh b/modules.d/35network-manager/nm-run.sh -index 4079b735..fc5280a1 100755 ---- a/modules.d/35network-manager/nm-run.sh -+++ b/modules.d/35network-manager/nm-run.sh -@@ -22,3 +22,5 @@ do - source_hook initqueue/online $ifname - /sbin/netroot $ifname - done -+ -+> /tmp/nm.done --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch deleted file mode 100644 index f24cf11b37..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/050-systemd-remove-obsolete-syslog-parameter.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 265f696b532f63f0ac1f9f341e0469a6eafe2fdd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:26:00 +0000 -Subject: [PATCH 01/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/90stratis/stratisd-init.service | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/modules.d/90stratis/stratisd-init.service b/modules.d/90stratis/stratisd-init.service -index 318e8c27..1be2e33b 100644 ---- a/modules.d/90stratis/stratisd-init.service -+++ b/modules.d/90stratis/stratisd-init.service -@@ -8,8 +8,6 @@ DefaultDependencies=no - Type=simple - ExecStart=/sbin/stratisd-init --debug - KillSignal=SIGINT --StandardOutput=syslog --StandardError=syslog - - [Install] - WantedBy=sysinit.target --- -2.26.2 - -From 38ba90bf88b38228e128c65be40a2da287c0b1ed Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:29:34 +0000 -Subject: [PATCH 02/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/99squash/squash-mnt-clear.service | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/modules.d/99squash/squash-mnt-clear.service b/modules.d/99squash/squash-mnt-clear.service -index 84441f60..9d94c524 100644 ---- a/modules.d/99squash/squash-mnt-clear.service -+++ b/modules.d/99squash/squash-mnt-clear.service -@@ -12,6 +12,6 @@ ConditionPathExists=/squash/root - Type=oneshot - RemainAfterExit=no - StandardInput=null --StandardOutput=syslog+console --StandardError=syslog+console -+StandardOutput=journal+console -+StandardError=journal+console - ExecStart=/squash/clear-squash.sh --- -2.26.2 - -From 5cb2a4004d18e4b96ddc18f221fae922350a9000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:31:17 +0000 -Subject: [PATCH 03/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-trigger.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-trigger.service b/modules.d/98dracut-systemd/dracut-pre-trigger.service -index 7bf16167..6f1ba521 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-trigger.service -+++ b/modules.d/98dracut-systemd/dracut-pre-trigger.service -@@ -20,8 +20,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-trigger - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 317d841c788e841d3533515ceda5597a099eb64e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:31:59 +0000 -Subject: [PATCH 04/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-initqueue.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-initqueue.service b/modules.d/98dracut-systemd/dracut-initqueue.service -index 207d545d..3a8679a5 100644 ---- a/modules.d/98dracut-systemd/dracut-initqueue.service -+++ b/modules.d/98dracut-systemd/dracut-initqueue.service -@@ -21,8 +21,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-initqueue - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 0c1bd016ecfb9c6d194c4356199b509d90db4071 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:32:44 +0000 -Subject: [PATCH 05/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-pivot.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-pivot.service b/modules.d/98dracut-systemd/dracut-pre-pivot.service -index 9a1f0854..e893d1dd 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-pivot.service -+++ b/modules.d/98dracut-systemd/dracut-pre-pivot.service -@@ -27,8 +27,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-pivot - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From e1130a83405648777210fdc99f7eee087eebaadc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:33:33 +0000 -Subject: [PATCH 06/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-udev.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-udev.service b/modules.d/98dracut-systemd/dracut-pre-udev.service -index 570ec02d..e4092e35 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-udev.service -+++ b/modules.d/98dracut-systemd/dracut-pre-udev.service -@@ -24,8 +24,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-udev - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From c437933cb0490e800e776cb7695d2ea0e95056a2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:34:17 +0000 -Subject: [PATCH 07/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-pre-mount.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-pre-mount.service b/modules.d/98dracut-systemd/dracut-pre-mount.service -index d3909689..18c9730c 100644 ---- a/modules.d/98dracut-systemd/dracut-pre-mount.service -+++ b/modules.d/98dracut-systemd/dracut-pre-mount.service -@@ -19,8 +19,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-pre-mount - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From d9149c6ca7c52c204c1b346e9b6a32bbadd0b2ff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:35:02 +0000 -Subject: [PATCH 08/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-cmdline.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-cmdline.service b/modules.d/98dracut-systemd/dracut-cmdline.service -index e577ec88..a8078bd2 100644 ---- a/modules.d/98dracut-systemd/dracut-cmdline.service -+++ b/modules.d/98dracut-systemd/dracut-cmdline.service -@@ -23,8 +23,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-cmdline - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - -From 8cb5ac1b30be458df9497911ba601d90e68f4d5b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?J=C3=B3hann=20B=2E=20Gu=C3=B0mundsson?= -Date: Wed, 15 Jul 2020 14:35:38 +0000 -Subject: [PATCH 09/10] As of v246 of systemd "syslog" and "syslog-console" - switches have been deprecated - ---- - modules.d/98dracut-systemd/dracut-mount.service | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/modules.d/98dracut-systemd/dracut-mount.service b/modules.d/98dracut-systemd/dracut-mount.service -index 77d34f62..c88e6d84 100644 ---- a/modules.d/98dracut-systemd/dracut-mount.service -+++ b/modules.d/98dracut-systemd/dracut-mount.service -@@ -19,8 +19,7 @@ Environment=NEWROOT=/sysroot - Type=oneshot - ExecStart=-/bin/dracut-mount - StandardInput=null --StandardOutput=syslog --StandardError=syslog+console -+StandardError=journal+console - KillMode=process - RemainAfterExit=yes - --- -2.26.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch deleted file mode 100644 index d6d97f7bb9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/051-dracut.sh-move-ldconfig.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 48258fae9fa58046d7d1a246ea3d821530180643 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Fri, 18 Dec 2020 00:01:32 +0300 -Subject: [PATCH] dracut.sh: Move ldconfig after library workaround - -This fixes boot failures when libgcc_s.so.1 is in a non-standard -directory. - -Bug: https://bugs.gentoo.org/760249 -Fixes: de3cb0e3214c (dracut.sh: Move the library workaround after squash) ---- - dracut.sh | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/dracut.sh b/dracut.sh -index 0f4648397..c6c361acc 100755 ---- a/dracut.sh -+++ b/dracut.sh -@@ -1724,20 +1724,6 @@ for ((i=0; i < ${#include_src[@]}; i++)); do - fi - done - --if [[ $kernel_only != yes ]]; then -- # make sure that library links are correct and up to date -- for f in $dracutsysrootdir/etc/ld.so.conf $dracutsysrootdir/etc/ld.so.conf.d/*; do -- [[ -f $f ]] && inst_simple "${f#$dracutsysrootdir}" -- done -- if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then -- if [[ $EUID = 0 ]]; then -- derror "ldconfig exited ungracefully" -- else -- derror "ldconfig might need uid=0 (root) for chroot()" -- fi -- fi --fi -- - if [[ $do_hardlink = yes ]] && command -v hardlink >/dev/null; then - dinfo "*** Hardlinking files ***" - hardlink "$initdir" 2>&1 -@@ -1920,6 +1906,20 @@ if [[ $kernel_only != yes ]]; then - fi - fi - -+if [[ $kernel_only != yes ]]; then -+ # make sure that library links are correct and up to date -+ for f in $dracutsysrootdir/etc/ld.so.conf $dracutsysrootdir/etc/ld.so.conf.d/*; do -+ [[ -f $f ]] && inst_simple "${f#$dracutsysrootdir}" -+ done -+ if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then -+ if [[ $EUID = 0 ]]; then -+ derror "ldconfig exited ungracefully" -+ else -+ derror "ldconfig might need uid=0 (root) for chroot()" -+ fi -+ fi -+fi -+ - if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then - dinfo "*** Stripping files ***" - find "$initdir" -type f \ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch deleted file mode 100644 index c3b337733b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/053-network-manager.patch +++ /dev/null @@ -1,24 +0,0 @@ -From ba4bcf5f4f11ad624c647ddf4f566997186135e7 Mon Sep 17 00:00:00 2001 -From: Harald Hoyer -Date: Wed, 31 Mar 2021 16:11:41 +0200 -Subject: [PATCH] fix(network-manager): no default deps for nm-run.service - -Otherwise nm-run.service will run only in basic.target, which is too -late in the initramfs. ---- - modules.d/35network-manager/nm-run.service | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/modules.d/35network-manager/nm-run.service b/modules.d/35network-manager/nm-run.service -index 63fe7564d0..f3493c41a3 100644 ---- a/modules.d/35network-manager/nm-run.service -+++ b/modules.d/35network-manager/nm-run.service -@@ -2,6 +2,8 @@ - # SPDX-License-Identifier: GPL-2.0-or-later - - [Unit] -+DefaultDependencies=no -+ - #make sure all devices showed up - Wants=systemd-udev-settle.service - After=systemd-udev-settle.service diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch deleted file mode 100644 index 5ec1a13861..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/059-systemd-executor.patch +++ /dev/null @@ -1,31 +0,0 @@ -From bee1c4824a8cd47ce6c01892a548bdc07b1fa678 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sat, 14 Oct 2023 23:45:57 +0200 -Subject: [PATCH] feat(systemd): install systemd-executor - -In [0] systemd gained a new binary - systemd-executor - that's used to -spawn processes forked off systemd. Let's copy it into the initrd if -it's available. - -[0] https://github.com/systemd/systemd/pull/27890 - -Signed-off-by: Brian Harring ---- - modules.d/00systemd/module-setup.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh -index 554c25a08..9a13a1dbb 100755 ---- a/modules.d/00systemd/module-setup.sh -+++ b/modules.d/00systemd/module-setup.sh -@@ -34,6 +34,7 @@ install() { - "$systemdutildir"/systemd \ - "$systemdutildir"/systemd-coredump \ - "$systemdutildir"/systemd-cgroups-agent \ -+ "$systemdutildir"/systemd-executor \ - "$systemdutildir"/systemd-shutdown \ - "$systemdutildir"/systemd-reply-password \ - "$systemdutildir"/systemd-fsck \ --- -2.41.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch deleted file mode 100644 index 15522ef4fc..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0674b9136831b1beb6a7ec91147fd5c280c693a3 Mon Sep 17 00:00:00 2001 -From: Alexander Tsoy -Date: Mon, 9 Mar 2020 02:47:07 +0300 -Subject: [PATCH] Remove redundant gcc paths in ldconfig_paths() - -Bug: https://bugs.gentoo.org/705728 ---- - dracut-functions.sh | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index 3cb9c7af..5337ff6c 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -76,7 +76,20 @@ find_binary() { - - ldconfig_paths() - { -- $DRACUT_LDCONFIG ${dracutsysrootdir:+-r ${dracutsysrootdir} -f /etc/ld.so.conf} -pN 2>/dev/null | grep -E -v '/(lib|lib64|usr/lib|usr/lib64)/[^/]*$' | sed -n 's,.* => \(.*\)/.*,\1,p' | sort | uniq -+ local gccpath -+ -+ if type -P gcc-config &>/dev/null; then -+ gccpath=$(gcc-config -c) -+ gccpath=/usr/lib/gcc/${gccpath%-*}/${gccpath##*-} -+ fi -+ -+ while read -r line; do -+ if [[ ${line} != /usr/lib/gcc/* || -z ${gccpath} ]]; then -+ echo ${line} -+ elif [[ ${line} == ${gccpath} ]]; then -+ echo ${line} -+ fi -+ done < <($DRACUT_LDCONFIG ${dracutsysrootdir:+-r ${dracutsysrootdir} -f /etc/ld.so.conf} -pN 2>/dev/null | grep -E -v '/(lib|lib64|usr/lib|usr/lib64)/[^/]*$' | sed -n 's,.* => \(.*\)/.*,\1,p' | sort | uniq) - } - - # Version comparision function. Assumes Linux style version scheme. --- -2.24.1 - diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest new file mode 100644 index 0000000000..1befd67dbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/Manifest @@ -0,0 +1,3 @@ +DIST dracut-060_pre20240104.tar.gz 499965 BLAKE2B 935e0e5da348426d69c6dab6b91078f126cadd9ffc6a32378e79cd93b1dbadff35899efc3786fc12bf5a6741843d3637b0c98cc71fe4a96a8caf053ae887bac3 SHA512 f7818265f082e9c05ebb81a91b67fb9b1d3bf8b2433b7e6ea9be6bee43d28cd1ee48577648e1d9b3729c17608b028d294c13bf5d4db4cc5a18e3b007eb2cd67e +DIST dracut-103.tar.gz 567713 BLAKE2B 7781c0b7fc83a2c0c461f6398687e053226b489fb5405b3132b30d8e7a4f3cea2bb73aa0fe6e4c4b27187d6270ba623f403916ec38025a912930ae347a7e25ce SHA512 ba0dbefbcbecb09c44ce240664bc4f4ee25dfb8be7bc060028ae3b1ccf7d70410491c105e64fcef3d6f44d2794cb6162bcea9404125906be46bf3dff098e0277 +DIST dracut-106.tar.gz 527743 BLAKE2B 837621da329500b88b0c81a724990702a9f4e816a4818c26622b2bc5e3885c908f0bbba682a262f967d9a08a912cfd63a33270143560a30e3d067dc4217c5262 SHA512 ab17f9440129e2db7c2902115459309132ce7f7b29bbb3172002b7a8ea8ab54799d62d89fbf3f84581a5c14196f6754d33669b583b9d758ab4686a3443a3c4ad diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild similarity index 62% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild index 3b042f3de7..37f2df1f08 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/dracut-055.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-060_pre20240104-r4.ebuild @@ -1,30 +1,36 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit bash-completion-r1 linux-info optfeature systemd toolchain-funcs +inherit bash-completion-r1 edo optfeature systemd toolchain-funcs if [[ ${PV} == 9999 ]] ; then inherit git-r3 EGIT_REPO_URI="https://github.com/dracutdevs/dracut" else - [[ "${PV}" = *_rc* ]] || \ - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://www.kernel.org/pub/linux/utils/boot/${PN}/${P}.tar.xz" + if [[ ${PV} == *_p* ]] ; then + EGIT_COMMIT="4980bad34775da715a2639b736cba5e65a8a2604" + SRC_URI="https://github.com/dracutdevs/dracut/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}"/${PN}-${EGIT_COMMIT} + else + SRC_URI="https://github.com/dracutdevs/dracut/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + fi fi DESCRIPTION="Generic initramfs generation tool" -HOMEPAGE="https://dracut.wiki.kernel.org" +HOMEPAGE="https://github.com/dracutdevs/dracut/wiki" LICENSE="GPL-2" SLOT="0" +if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv sparc x86" +fi IUSE="selinux test" - RESTRICT="!test? ( test )" RDEPEND=" - app-arch/cpio + app-alternatives/cpio >=app-shells/bash-4.0:0 sys-apps/coreutils[xattr(-)] >=sys-apps/kmod-23[tools] @@ -32,9 +38,10 @@ RDEPEND=" >=sys-apps/sysvinit-2.87-r3 sys-apps/openrc[sysv-utils(-),selinux?] sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] ) >=sys-apps/util-linux-2.21 - virtual/pkgconfig + virtual/pkgconfig[native-symlinks(+)] virtual/udev elibc_musl? ( sys-libs/fts-standalone ) @@ -61,6 +68,10 @@ QA_MULTILIB_PATHS="usr/lib/dracut/.*" PATCHES=( "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + "${FILESDIR}"/dracut-060-fix-resume-hostonly.patch + "${FILESDIR}"/dracut-060-grub-layout.patch + "${FILESDIR}"/dracut-060-systemd-255.patch + "${FILESDIR}"/dracut-059-install-new-systemd-hibernate-resume.service.patch ) src_configure() { @@ -73,13 +84,7 @@ src_configure() { tc-export CC PKG_CONFIG - echo ./configure "${myconf[@]}" - ./configure "${myconf[@]}" || die - - if [[ ${PV} != 9999 && ! -f dracut-version.sh ]] ; then - # Source tarball from github doesn't include this file - echo "DRACUT_VERSION=${PV}" > dracut-version.sh || die - fi + edo ./configure "${myconf[@]}" } src_test() { @@ -111,39 +116,9 @@ src_install() { } pkg_postinst() { - if linux-info_get_any_version && linux_config_exists; then - ewarn "" - ewarn "If the following test report contains a missing kernel" - ewarn "configuration option, you should reconfigure and rebuild your" - ewarn "kernel before booting image generated with this Dracut version." - ewarn "" - - local CONFIG_CHECK="~BLK_DEV_INITRD ~DEVTMPFS" - - # Kernel configuration options descriptions: - local ERROR_DEVTMPFS='CONFIG_DEVTMPFS: "Maintain a devtmpfs filesystem to mount at /dev" ' - ERROR_DEVTMPFS+='is missing and REQUIRED' - local ERROR_BLK_DEV_INITRD='CONFIG_BLK_DEV_INITRD: "Initial RAM filesystem and RAM disk ' - ERROR_BLK_DEV_INITRD+='(initramfs/initrd) support" is missing and REQUIRED' - - check_extra_config - echo - else - ewarn "" - ewarn "Your kernel configuration couldn't be checked." - ewarn "Please check manually if following options are enabled:" - ewarn "" - ewarn " CONFIG_BLK_DEV_INITRD" - ewarn " CONFIG_DEVTMPFS" - ewarn "" - fi - optfeature "Networking support" net-misc/networkmanager optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ sys-apps/iproute2 "net-misc/iputils[arping]" - optfeature \ - "Measure performance of the boot process for later visualisation" \ - app-benchmarks/bootchart2 app-admin/killproc sys-process/acct optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs optfeature "Load kernel modules and drop this privilege for real init" \ sys-libs/libcap @@ -155,19 +130,29 @@ pkg_postinst() { optfeature \ "Allows use of dash instead of default bash (on your own risk)" \ app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox optfeature "Support iSCSI" sys-block/open-iscsi - optfeature "Support Logical Volume Manager" sys-fs/lvm2 + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] optfeature "Support MD devices, also known as software RAID devices" \ - sys-fs/mdadm + sys-fs/mdadm sys-fs/dmraid optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' optfeature "Support network block devices" sys-block/nbd optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind optfeature \ "Install ssh and scp along with config files and specified keys" \ - net-misc/openssh + virtual/openssh optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq optfeature \ "Enable rngd service to help generating entropy early during boot" \ sys-apps/rng-tools + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" } diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild new file mode 100644 index 0000000000..82e81230a5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-103-r4.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~mips ppc ppc64 ~riscv sparc x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-103-acct-user-group-gentoo.patch + # https://github.com/dracut-ng/dracut-ng/pull/507 + "${FILESDIR}"/${PN}-103-systemd-udev-256-kmod.patch + # libsystemd-core is sometimes missing + "${FILESDIR}"/${PN}-103-always-install-libsystemd.patch +) + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + docs/HACKING.md + docs/README.cross + docs/README.kernel + docs/RELEASE.md + docs/SECURITY.md + ) + + default + + docinto html + dodoc dracut.html +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild new file mode 100644 index 0000000000..88d06b6e36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-106-r2.ebuild @@ -0,0 +1,236 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +CARGO_OPTIONAL=1 + +inherit cargo flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~mips ~ppc ppc64 ~riscv ~sparc x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+dracut-cpio selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + dracut-cpio? ( ${RUST_DEPEND} ) + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-106-acct-user-group-gentoo.patch + # https://github.com/dracut-ng/dracut-ng/pull/1207 + "${FILESDIR}"/${PN}-106-fix-rngd-module.patch + # https://github.com/dracut-ng/dracut-ng/pull/1250 + "${FILESDIR}"/${PN}-106-fix-mdraid-module.patch +) + +pkg_setup() { + use dracut-cpio && rust_pkg_setup +} + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + --disable-dracut-cpio + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" + if use dracut-cpio; then + cargo_gen_config + cargo_src_configure + fi +} + +src_compile() { + default + if use dracut-cpio; then + pushd src/dracut-cpio >/dev/null || die + cargo_src_compile + popd >/dev/null || die + fi +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + ) + default + if use dracut-cpio; then + exeinto /usr/lib/dracut + doexe "src/dracut-cpio/$(cargo_target_dir)/dracut-cpio" + fi +} + +pkg_preinst() { + # Remove directory/symlink conflicts + # https://bugs.gentoo.org/943007 + local save_nullglob=$(shopt -p nullglob) + shopt -s nullglob + local module + for module in "${EROOT}"/usr/lib/dracut/modules.d/{80test,80test-makeroot,80test-root}; do + if [[ ! -L ${module} && -d ${module} ]]; then + rm -rv "${module}" || die + fi + local backups=( "${module}".backup.* ) + if [[ ${#backups[@]} -gt 0 ]]; then + rm -v "${backups[@]}" || die + fi + done + eval "${save_nullglob}" +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild new file mode 100644 index 0000000000..a9a2d38f29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/dracut-9999.ebuild @@ -0,0 +1,232 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +CARGO_OPTIONAL=1 + +inherit cargo flag-o-matic bash-completion-r1 edo optfeature systemd toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/dracut-ng/dracut-ng" +else + if [[ "${PV}" != *_rc* ]]; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + fi + SRC_URI="https://github.com/dracut-ng/dracut-ng/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" + S="${WORKDIR}/${PN}-ng-${PV}" +fi + +DESCRIPTION="Generic initramfs generation tool" +HOMEPAGE="https://github.com/dracut-ng/dracut-ng/wiki" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+dracut-cpio selinux test" +RESTRICT="test" +PROPERTIES="test? ( test_privileged test_network )" + +RDEPEND=" + app-alternatives/cpio + >=app-shells/bash-4.0:0 + sys-apps/coreutils[xattr(-)] + >=sys-apps/kmod-23[tools] + || ( + >=sys-apps/sysvinit-2.87-r3 + sys-apps/openrc[sysv-utils(-),selinux?] + sys-apps/systemd[sysv-utils] + sys-apps/s6-linux-init[sysv-utils(-)] + ) + >=sys-apps/util-linux-2.21 + virtual/pkgconfig[native-symlinks(+)] + virtual/udev + + elibc_musl? ( sys-libs/fts-standalone ) + selinux? ( + sec-policy/selinux-dracut + sys-libs/libselinux + sys-libs/libsepol + ) +" +DEPEND=" + >=sys-apps/kmod-23 + elibc_musl? ( sys-libs/fts-standalone ) +" + +BDEPEND=" + app-text/asciidoc + app-text/docbook-xml-dtd:4.5 + >=app-text/docbook-xsl-stylesheets-1.75.2 + >=dev-libs/libxslt-1.1.26 + virtual/pkgconfig + dracut-cpio? ( ${RUST_DEPEND} ) + test? ( + net-nds/rpcbind + net-fs/nfs-utils + sys-block/open-iscsi + sys-fs/btrfs-progs + sys-fs/dmraid + sys-fs/lvm2[lvm,thin] + sys-fs/mdadm + sys-fs/multipath-tools + alpha? ( app-emulation/qemu[qemu_softmmu_targets_alpha] ) + amd64? ( app-emulation/qemu[qemu_softmmu_targets_x86_64] ) + arm? ( app-emulation/qemu[qemu_softmmu_targets_arm] ) + arm64? ( app-emulation/qemu[qemu_softmmu_targets_aarch64] ) + hppa? ( app-emulation/qemu[qemu_softmmu_targets_hppa] ) + loong? ( app-emulation/qemu[qemu_softmmu_targets_loongarch64] ) + mips? ( || ( + app-emulation/qemu[qemu_softmmu_targets_mips] + app-emulation/qemu[qemu_softmmu_targets_mips64] + app-emulation/qemu[qemu_softmmu_targets_mips64el] + ) ) + ppc? ( app-emulation/qemu[qemu_softmmu_targets_ppc] ) + ppc64? ( app-emulation/qemu[qemu_softmmu_targets_ppc64] ) + riscv? ( || ( + app-emulation/qemu[qemu_softmmu_targets_riscv32] + app-emulation/qemu[qemu_softmmu_targets_riscv64] + ) ) + sparc? ( || ( + app-emulation/qemu[qemu_softmmu_targets_sparc] + app-emulation/qemu[qemu_softmmu_targets_sparc64] + ) ) + x86? ( app-emulation/qemu[qemu_softmmu_targets_i386] ) + ) +" + +QA_MULTILIB_PATHS="usr/lib/dracut/.*" + +PATCHES=( + "${FILESDIR}"/gentoo-ldconfig-paths-r1.patch + # Gentoo specific acct-user and acct-group conf adjustments + "${FILESDIR}"/${PN}-106-acct-user-group-gentoo.patch +) + +pkg_setup() { + use dracut-cpio && rust_pkg_setup +} + +src_configure() { + local myconf=( + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --bashcompletiondir="$(get_bashcompdir)" + --systemdsystemunitdir="$(systemd_get_systemunitdir)" + --disable-dracut-cpio + ) + + # this emulates what the build system would be doing without us + append-cflags -D_FILE_OFFSET_BITS=64 + + tc-export CC PKG_CONFIG + + edo ./configure "${myconf[@]}" + if use dracut-cpio; then + cargo_gen_config + cargo_src_configure + fi +} + +src_compile() { + default + if use dracut-cpio; then + pushd src/dracut-cpio >/dev/null || die + cargo_src_compile + popd >/dev/null || die + fi +} + +src_test() { + addwrite /dev/kvm + # Translate ARCH so run-qemu can find the correct qemu-system-ARCH + local qemu_arch + if use amd64; then + qemu_arch=x86_64 + elif use arm64; then + qemu_arch=aarch64 + elif use loong; then + qemu_arch=loongarch64 + elif use x86; then + qemu_arch=i386 + else + qemu_arch=$(tc-arch) + fi + ARCH=${qemu_arch} emake -C test check +} + +src_install() { + local DOCS=( + AUTHORS + NEWS.md + README.md + ) + default + if use dracut-cpio; then + exeinto /usr/lib/dracut + doexe "src/dracut-cpio/$(cargo_target_dir)/dracut-cpio" + fi +} + +pkg_preinst() { + # Remove directory/symlink conflicts + # https://bugs.gentoo.org/943007 + local save_nullglob=$(shopt -p nullglob) + shopt -s nullglob + local module + for module in "${EROOT}"/usr/lib/dracut/modules.d/{80test,80test-makeroot,80test-root}; do + if [[ ! -L ${module} && -d ${module} ]]; then + rm -rv "${module}" || die + fi + local backups=( "${module}".backup.* ) + if [[ ${#backups[@]} -gt 0 ]]; then + rm -v "${backups[@]}" || die + fi + done + eval "${save_nullglob}" +} + +pkg_postinst() { + optfeature "Networking support" net-misc/networkmanager + optfeature "Legacy networking support" net-misc/curl "net-misc/dhcp[client]" \ + sys-apps/iproute2 "net-misc/iputils[arping]" + optfeature "Scan for Btrfs on block devices" sys-fs/btrfs-progs + optfeature "Load kernel modules and drop this privilege for real init" \ + sys-libs/libcap + optfeature "Support CIFS" net-fs/cifs-utils + optfeature "Decrypt devices encrypted with cryptsetup/LUKS" \ + "sys-fs/cryptsetup[-static-libs]" + optfeature "Support for GPG-encrypted keys for crypt module" \ + app-crypt/gnupg + optfeature \ + "Allows use of dash instead of default bash (on your own risk)" \ + app-shells/dash + optfeature \ + "Allows use of busybox instead of default bash (on your own risk)" \ + sys-apps/busybox + optfeature "Support iSCSI" sys-block/open-iscsi + optfeature "Support Logical Volume Manager" sys-fs/lvm2[lvm] + optfeature "Support MD devices, also known as software RAID devices" \ + sys-fs/mdadm sys-fs/dmraid + optfeature "Support Device Mapper multipathing" sys-fs/multipath-tools + optfeature "Plymouth boot splash" '>=sys-boot/plymouth-0.8.5-r5' + optfeature "Support network block devices" sys-block/nbd + optfeature "Support NFS" net-fs/nfs-utils net-nds/rpcbind + optfeature \ + "Install ssh and scp along with config files and specified keys" \ + virtual/openssh + optfeature "Enable logging with rsyslog" app-admin/rsyslog + optfeature "Support Squashfs" sys-fs/squashfs-tools + optfeature "Support TPM 2.0 TSS" app-crypt/tpm2-tools + optfeature "Support Bluetooth (experimental)" net-wireless/bluez + optfeature "Support BIOS-given device names" sys-apps/biosdevname + optfeature "Support network NVMe" sys-apps/nvme-cli app-misc/jq + optfeature \ + "Enable rngd service to help generating entropy early during boot" \ + sys-apps/rng-tools + optfeature "building Unified Kernel Images with dracut (--uefi)" \ + "sys-apps/systemd[boot]" "sys-apps/systemd-utils[boot]" + optfeature "automatically generating an initramfs on each kernel installation" \ + "sys-kernel/installkernel[dracut]" + optfeature "automatically generating an UKI on each kernel installation" \ + "sys-kernel/installkernel[dracut,uki]" +} diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch new file mode 100644 index 0000000000..124bd6a994 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-059-install-new-systemd-hibernate-resume.service.patch @@ -0,0 +1,21 @@ +From https://github.com/dracutdevs/dracut/pull/2527 +From a2fe89116db4b286fbf515f26bd1773b5e6ee8ad Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 26 Sep 2023 09:43:37 +0200 +Subject: [PATCH] fix(resume): add new systemd-hibernate-resume.service + +Since https://github.com/systemd/systemd/commit/a628d933, the generator only +does the initial validation of the system info and then enables the new +`systemd-hibernate-resume.service`. + +Fixes #2513 +--- a/modules.d/95resume/module-setup.sh ++++ b/modules.d/95resume/module-setup.sh +@@ -44,6 +44,7 @@ install() { + if dracut_module_included "systemd" && [[ -x $dracutsysrootdir$systemdutildir/systemd-hibernate-resume ]]; then + inst_multiple -o \ + "$systemdutildir"/system-generators/systemd-hibernate-resume-generator \ ++ "$systemdsystemunitdir"/systemd-hibernate-resume.service \ + "$systemdsystemunitdir"/systemd-hibernate-resume@.service \ + "$systemdutildir"/systemd-hibernate-resume + return 0 diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch new file mode 100644 index 0000000000..3563f85293 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-fix-resume-hostonly.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/917000 +https://github.com/dracutdevs/dracut/pull/2494 + +From b88d0bab791bdc4ca75d13802f0391caf537650d Mon Sep 17 00:00:00 2001 +From: Andrew Ammerlaan +Date: Sun, 20 Aug 2023 11:47:22 +0200 +Subject: [PATCH] fix(resume): include in hostonly mode if resume= on cmdline + +The grep introduced in commit e3a7112bef794e2f2dd741ec2c74fa9cb9117651 +does not work as intended. The resume module is always excluded in hostonly +mode. + +Made this a bit more explicit with if/else so it is more clear what is going +on. The in-line ||/&& makes the line really long and makes it more difficult +to understand what is going on. + +Bug: https://github.com/dracutdevs/dracut/issues/924 +Signed-off-by: Andrew Ammerlaan +--- + modules.d/95resume/module-setup.sh | 32 +++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/modules.d/95resume/module-setup.sh b/modules.d/95resume/module-setup.sh +index d255103366..2d48043827 100755 +--- a/modules.d/95resume/module-setup.sh ++++ b/modules.d/95resume/module-setup.sh +@@ -10,13 +10,31 @@ check() { + return 1 + } + +- # Only support resume if hibernation is currently on +- # and no swap is mounted on a net device +- [[ $hostonly ]] || [[ $mount_needs ]] && { +- swap_on_netdevice || [[ -f /sys/power/resume && "$(< /sys/power/resume)" == "0:0" ]] || grep -rq '^\|[[:space:]]resume=' /proc/cmdline /etc/cmdline /etc/cmdline.d /etc/kernel/cmdline /usr/lib/kernel/cmdline 2> /dev/null && return 255 +- } +- +- return 0 ++ # If hostonly check if we want to include the resume module ++ if [[ $hostonly ]] || [[ $mount_needs ]]; then ++ # Resuming won't work if swap is on a netdevice ++ swap_on_netdevice && return 255 ++ if grep -rq 'resume=' /proc/cmdline /etc/cmdline /etc/cmdline.d /etc/kernel/cmdline /usr/lib/kernel/cmdline 2> /dev/null; then ++ # hibernation support requested on kernel command line ++ return 0 ++ else ++ # resume= not set on kernel command line ++ if [[ -f /sys/power/resume ]]; then ++ if [[ "$(< /sys/power/resume)" == "0:0" ]]; then ++ # hibernation supported by the kernel, but not enabled ++ return 255 ++ else ++ # hibernation supported by the kernel and enabled ++ return 0 ++ fi ++ else ++ # resume file doesn't exist, hibernation not supported by kernel ++ return 255 ++ fi ++ fi ++ else ++ return 0 ++ fi + } + + # called by dracut diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch new file mode 100644 index 0000000000..543efa1eef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-grub-layout.patch @@ -0,0 +1,31 @@ +Ensures that the generated initrd is installed in the "new" way via the +staging area in the grub layout. This prevents accidentally creating +an UKI named initrd, and also ensures that BOOT_ROOT and +KERNEL_INSTALL_INITRD_GENERATOR are respected when the layout is set to grub. + +Downstream only since the grub layout for using grub with systemd's +kernel-install is not supported by systemd upstream and therefore this +patch is unlikely to be accepted by dracut upstream. + +diff --git a/install.d/50-dracut.install b/install.d/50-dracut.install +index 441414ac..a98449fe 100755 +--- a/install.d/50-dracut.install ++++ b/install.d/50-dracut.install +@@ -38,6 +38,17 @@ elif [[ $KERNEL_INSTALL_LAYOUT == "bls" && -n $KERNEL_INSTALL_STAGING_AREA ]]; t + else + exit 0 + fi ++elif [[ $KERNEL_INSTALL_LAYOUT == "grub" || $KERNEL_INSTALL_LAYOUT == "compat" || $KERNEL_INSTALL_LAYOUT == "efistub" ]]; then ++ BOOT_DIR_ABS="$KERNEL_INSTALL_STAGING_AREA" ++ if [[ -z $KERNEL_INSTALL_UKI_GENERATOR || $KERNEL_INSTALL_UKI_GENERATOR == "dracut" ]]; then ++ IMAGE="uki.efi" ++ UEFI_OPTS="--uefi" ++ elif [[ -z $KERNEL_INSTALL_INITRD_GENERATOR || $KERNEL_INSTALL_INITRD_GENERATOR == "dracut" ]]; then ++ IMAGE="initrd" ++ UEFI_OPTS="--no-uefi" ++ else ++ exit 0 ++ fi + else + # No layout information, use users --uefi/--no-uefi preference + UEFI_OPTS="" diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch new file mode 100644 index 0000000000..9d577e9504 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-060-systemd-255.patch @@ -0,0 +1,26 @@ +https://github.com/dracutdevs/dracut/pull/2586/files +diff --git a/modules.d/01systemd-pcrphase/module-setup.sh b/modules.d/01systemd-pcrphase/module-setup.sh +index fa960a42c1..87efd0c1a6 100755 +--- a/modules.d/01systemd-pcrphase/module-setup.sh ++++ b/modules.d/01systemd-pcrphase/module-setup.sh +@@ -6,7 +6,11 @@ + check() { + + # If the binary(s) requirements are not fulfilled the module can't be installed. +- require_binaries "$systemdutildir"/systemd-pcrphase || return 1 ++ # systemd-255 renamed the binary, check for old and new location. ++ if ! require_binaries "$systemdutildir"/systemd-pcrphase && \ ++ ! require_binaries "$systemdutildir"/systemd-pcrextend; then ++ return 1 ++ fi + + # Return 255 to only include the module, if another module requires it. + return 255 +@@ -28,6 +32,7 @@ install() { + + inst_multiple -o \ + "$systemdutildir"/systemd-pcrphase \ ++ "$systemdutildir"/systemd-pcrextend \ + "$systemdsystemunitdir"/systemd-pcrphase-initrd.service \ + "$systemdsystemunitdir/systemd-pcrphase-initrd.service.d/*.conf" \ + "$systemdsystemunitdir"/initrd.target.wants/systemd-pcrphase-initrd.service diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch new file mode 100644 index 0000000000..045528bb0c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-acct-user-group-gentoo.patch @@ -0,0 +1,30 @@ +diff --git a/dracut-init.sh b/dracut-init.sh +index 986da96b..bd47bc92 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -711,10 +711,10 @@ inst_libdir_file() { + + # install sysusers files + inst_sysusers() { +- inst_multiple -o "$sysusers/$*" ++ inst_multiple -o "$sysusers/acct-*-$*" + + if [[ $hostonly ]]; then +- inst_multiple -H -o "$sysusersconfdir/$*" ++ inst_multiple -H -o "$sysusersconfdir/acct-*-$*" + fi + } + +diff --git a/modules.d/91tpm2-tss/module-setup.sh b/modules.d/91tpm2-tss/module-setup.sh +index 4441f552..4b5654d5 100755 +--- a/modules.d/91tpm2-tss/module-setup.sh ++++ b/modules.d/91tpm2-tss/module-setup.sh +@@ -30,7 +30,7 @@ installkernel() { + + # Install the required file(s) and directories for the module in the initramfs. + install() { +- inst_sysusers tpm2-tss.conf ++ inst_sysusers tss.conf + + inst_multiple -o \ + "$tmpfilesdir"/tpm2-tss-fapi.conf \ diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch new file mode 100644 index 0000000000..f2533e14d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-always-install-libsystemd.patch @@ -0,0 +1,21 @@ +From 921792f201e954de461d3b551e01b5369d666db8 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 10 Sep 2024 15:51:46 +0200 +Subject: [PATCH] feat(systemd): always install libsystemd libraries + +--- + modules.d/00systemd/module-setup.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 498cd7edd..fb8a8200b 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -156,5 +156,6 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" + } diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch new file mode 100644 index 0000000000..7a1fc1c8da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-103-systemd-udev-256-kmod.patch @@ -0,0 +1,41 @@ +From e16195f28669264227c169d45107ea95b83d8f48 Mon Sep 17 00:00:00 2001 +From: Alexander Tsoy +Date: Tue, 16 Jul 2024 08:48:54 +0300 +Subject: [PATCH] fix(systemd): move installation of libkmod to udev-rules + module + +libkmod library should be installed even if systemd module is +omitted, so move its installation to udev-rules module. +--- + modules.d/00systemd/module-setup.sh | 1 - + modules.d/95udev-rules/module-setup.sh | 6 +++++- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index ce7bb520c..e4fb9a586 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -171,6 +171,5 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libkmod.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" + } +diff --git a/modules.d/95udev-rules/module-setup.sh b/modules.d/95udev-rules/module-setup.sh +index d82ed5eb9..6078751f6 100755 +--- a/modules.d/95udev-rules/module-setup.sh ++++ b/modules.d/95udev-rules/module-setup.sh +@@ -93,7 +93,11 @@ install() { + "${udevdir}"/usb_id \ + "${udevdir}"/v4l_id + +- inst_libdir_file "libnss_files*" ++ # Install required libraries. ++ _arch=${DRACUT_ARCH:-$(uname -m)} ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libkmod.so*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_files*" + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch new file mode 100644 index 0000000000..aefd8be67e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-ensure-abs-args-for-objcopy.patch @@ -0,0 +1,48 @@ +From 1579bb0c77d9e1e4599623a165c54a0dccdaf875 Mon Sep 17 00:00:00 2001 +From: Andrew Ammerlaan +Date: Thu, 31 Oct 2024 11:28:37 +0100 +Subject: [PATCH] fix(dracut.sh): ensure abs path for objcopy args + +Closes: https://github.com/dracut-ng/dracut-ng/issues/833 +Signed-off-by: Andrew Ammerlaan +--- + dracut.sh | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index 90927136e..8b666a1ac 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -35,6 +35,19 @@ readonly dracut_cmd=$(readlink -f "$0") + + set -o pipefail + ++# below we sometimes cd, which causes problems if we're building an UKI ++# and relative paths are passed on to us. Store the pwd before we do anything. ++pwd=$(pwd) ++path_rel_to_abs() { ++ for var in "$@"; do ++ if [[ $var == /* ]]; then ++ echo "$var" ++ else ++ echo "$pwd/$var" ++ fi ++ done ++} ++ + usage() { + [[ $sysroot_l ]] && dracutsysrootdir="$sysroot_l" + [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut +@@ -1095,9 +1108,9 @@ drivers_dir="${drivers_dir%"${drivers_dir##*[!/]}"}" + [[ $reproducible_l ]] && reproducible="$reproducible_l" + [[ $loginstall_l ]] && loginstall="$loginstall_l" + [[ $uefi_l ]] && uefi=$uefi_l +-[[ $uefi_stub_l ]] && uefi_stub="$uefi_stub_l" +-[[ $uefi_splash_image_l ]] && uefi_splash_image="$uefi_splash_image_l" +-[[ $kernel_image_l ]] && kernel_image="$kernel_image_l" ++[[ $uefi_stub_l ]] && uefi_stub=$(path_rel_to_abs "$uefi_stub_l") ++[[ $uefi_splash_image_l ]] && uefi_splash_image=$(path_rel_to_abs "$uefi_splash_image_l") ++[[ $kernel_image_l ]] && kernel_image=$(path_rel_to_abs "$kernel_image_l") + [[ $sbat_l ]] && sbat="$sbat_l" + [[ $machine_id_l ]] && machine_id="$machine_id_l" + diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch new file mode 100644 index 0000000000..558bd388b9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-fix-check_kernel_module.patch @@ -0,0 +1,28 @@ +From b90eda4b431af23d1101f1ea68b656929c6a82b2 Mon Sep 17 00:00:00 2001 +From: Nowa Ammerlaan +Date: Fri, 8 Nov 2024 20:01:54 +0100 +Subject: [PATCH] fix(dracut-functions.sh): check for modules in --kmoddir, not + in --sysroot + +Modules are installed from the directory specified by --kmoddir, but currently +the check_kernel_module() function is checking for the module in +--sysroot/lib/modules. This is notably not the same when kernels packages are +being built inside some docker container. We should check for the modules +existence in the directory we are actually going to install it from. +--- + dracut-functions.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dracut-functions.sh b/dracut-functions.sh +index 865c31290..245c69cb6 100755 +--- a/dracut-functions.sh ++++ b/dracut-functions.sh +@@ -761,7 +761,7 @@ check_kernel_config() { + # 0 if the kernel module is either built-in or available + # 1 if the kernel module is not enabled + check_kernel_module() { +- modprobe -d "$dracutsysrootdir" -S "$kernel" --dry-run "$1" &> /dev/null || return 1 ++ modprobe -d "$drivers_dir/../../../" -S "$kernel" --dry-run "$1" &> /dev/null || return 1 + } + + # get_cpu_vendor diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch new file mode 100644 index 0000000000..154bd21ca1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-105-systemd-cryptsetup.patch @@ -0,0 +1,29 @@ +https://github.com/dracut-ng/dracut-ng/pull/921 +https://bugs.gentoo.org/943035 + +From 2d4b550c71cc79ac7a3f18afc09d8263963d5de2 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Sat, 9 Nov 2024 14:06:57 -0500 +Subject: [PATCH] fix(dracut-systemd): check systemd-cryptsetup before + including + +--- + modules.d/98dracut-systemd/module-setup.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules.d/98dracut-systemd/module-setup.sh b/modules.d/98dracut-systemd/module-setup.sh +index 0438e40f0..f2502cd78 100755 +--- a/modules.d/98dracut-systemd/module-setup.sh ++++ b/modules.d/98dracut-systemd/module-setup.sh +@@ -19,7 +19,10 @@ depends() { + # systemd-cryptsetup is mandatory dependency + # see https://github.com/dracut-ng/dracut-ng/issues/563 + if dracut_module_included "crypt"; then +- deps+=" systemd-cryptsetup" ++ module_check systemd-cryptsetup > /dev/null 2>&1 ++ if [[ $? == 255 ]]; then ++ deps+=" systemd-cryptsetup" ++ fi + fi + + echo "$deps" diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch new file mode 100644 index 0000000000..25792a5445 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-acct-user-group-gentoo.patch @@ -0,0 +1,13 @@ +diff --git a/modules.d/91tpm2-tss/module-setup.sh b/modules.d/91tpm2-tss/module-setup.sh +index 4441f5528..4b5654d56 100755 +--- a/modules.d/91tpm2-tss/module-setup.sh ++++ b/modules.d/91tpm2-tss/module-setup.sh +@@ -30,7 +30,7 @@ installkernel() { + + # Install the required file(s) and directories for the module in the initramfs. + install() { +- inst_sysusers tpm2-tss.conf ++ inst_sysusers tss.conf + + inst_multiple -o \ + "$tmpfilesdir"/tpm2-tss-fapi.conf \ diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch new file mode 100644 index 0000000000..3692d1fc2f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-mdraid-module.patch @@ -0,0 +1,17 @@ +https://github.com/dracut-ng/dracut-ng/pull/1250 +diff --git a/modules.d/90mdraid/module-setup.sh b/modules.d/90mdraid/module-setup.sh +index 8ce5f2ee..b0ab8411 100755 +--- a/modules.d/90mdraid/module-setup.sh ++++ b/modules.d/90mdraid/module-setup.sh +@@ -46,7 +46,7 @@ cmdline() { + [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue + + UUID=$( +- /sbin/mdadm --examine --export "$dev" \ ++ mdadm --examine --export "$dev" \ + | while read -r line || [[ "$line" ]]; do + [[ ${line#MD_UUID=} == "$line" ]] && continue + printf "%s" "${line#MD_UUID=} " +-- +2.48.1 + diff --git a/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch new file mode 100644 index 0000000000..8163ba28ad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/dracut-106-fix-rngd-module.patch @@ -0,0 +1,14 @@ +https://github.com/dracut-ng/dracut-ng/pull/1207 +diff --git a/modules.d/06rngd/module-setup.sh b/modules.d/06rngd/module-setup.sh +index 1fcc831c4..064379242 100755 +--- a/modules.d/06rngd/module-setup.sh ++++ b/modules.d/06rngd/module-setup.sh +@@ -21,7 +21,7 @@ + check() { + # if there's no rngd binary, no go. + require_binaries rngd || return 1 +- require_binaries "${systemdsystemunitdir}/rngd.service" || return 1 ++ [[ -e "${systemdsystemunitdir}/rngd.service" ]] || return 1 + + return 0 + } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/files/gentoo-ldconfig-paths-r1.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml similarity index 50% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml rename to sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml index d8b0651a40..4ccd31e3ca 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/dracut/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-kernel/dracut/metadata.xml @@ -1,10 +1,6 @@ - + - - chutzpah@gentoo.org - Patrick McLean - alexander@tsoy.me Alexander Tsoy @@ -13,4 +9,14 @@ floppym@gentoo.org Mike Gilbert + + nowa@gentoo.org + Nowa Ammerlaan + + + Build the enhanced 'dracut-cpio' program, written in Rust. + + + dracut-ng/dracut-ng + From 9bdf3ef1fcea690c625fbdcb8b2adb0996ca1245 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 7 Apr 2025 18:25:03 +0100 Subject: [PATCH 2/7] sys-kernel/dracut: Disable the dracut-cpio feature, which requires Rust Flatcar can't benefit from this performance boost for several reasons, the main one being the use of binary packages. Signed-off-by: James Le Cuirot --- .../coreos-overlay/profiles/coreos/base/package.use | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 2b4a14af3c..340f92278d 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -162,3 +162,7 @@ sys-fs/zfs-kmod -initramfs # For sys-auth/sssd net-dns/bind gssapi net-dns/bind-tools gssapi + +# Flatcar can't benefit from this performance boost for several reasons, the +# main one being the use of binary packages. +sys-kernel/dracut -dracut-cpio From 841cf196d7fc0fc8f9bb9f5514dd339b69ac6e1a Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 7 Apr 2025 11:20:59 +0100 Subject: [PATCH 3/7] sys-kernel/dracut: Heavily patch for the better sysroot functionality This is code I have submitted upstream that has not yet been merged. This also includes a small "catch up" patch from 106 to current main for both a clean base and because these changes actually look important. Signed-off-by: James Le Cuirot --- .../dracut/001-dracut-post-106.patch | 980 ++++++ .../dracut/002-dracut-sysroot.patch | 2781 +++++++++++++++++ .../user-patches/sys-kernel/dracut/README.md | 9 + 3 files changed, 3770 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch new file mode 100644 index 0000000000..a9811e6dd8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/001-dracut-post-106.patch @@ -0,0 +1,980 @@ +From 62c75393ea18b65ba0f7f224070c3bb94d3bd930 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Fri, 7 Feb 2025 20:24:39 -0500 +Subject: [PATCH 01/22] fix(systemd-sysusers): always silence stdout + +systemd-sysusers does not have quiet option, so +always silence stdout (but not stderr). + +Fixes: https://github.com/dracut-ng/dracut-ng/issues/1195 +--- + modules.d/60systemd-sysusers/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/60systemd-sysusers/module-setup.sh b/modules.d/60systemd-sysusers/module-setup.sh +index 05680553..977695e6 100755 +--- a/modules.d/60systemd-sysusers/module-setup.sh ++++ b/modules.d/60systemd-sysusers/module-setup.sh +@@ -15,5 +15,5 @@ check() { + install() { + inst_sysusers basic.conf + +- systemd-sysusers --root="$initdir" ++ systemd-sysusers --root="$initdir" > /dev/null + } +-- +2.48.1 + + +From 9b822c31e3c096a276904c0d6ebfd379ec443e23 Mon Sep 17 00:00:00 2001 +From: Brian Fjeldstad +Date: Tue, 4 Feb 2025 22:09:04 +0000 +Subject: [PATCH 02/22] fix(dracut): avoid mktemp collisions with find filter + +--- + dracut.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index 88b14f3e..ef959021 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1324,10 +1324,10 @@ if findmnt --raw -n --target "$tmpdir" --output=options | grep -q noexec; then + noexec=1 + fi + +-DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.XXXXXX)" ++DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.dXXXXXX)" + readonly DRACUT_TMPDIR + [ -d "$DRACUT_TMPDIR" ] || { +- printf "%s\n" "dracut[F]: mktemp -p '$TMPDIR/' -d -t dracut.XXXXXX failed." >&2 ++ printf "%s\n" "dracut[F]: mktemp -p '$TMPDIR/' -d -t dracut.dXXXXXX failed." >&2 + exit 1 + } + +-- +2.48.1 + + +From 89da4257a6ffa737a69f7095bb41d5ae3f247d82 Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Wed, 12 Feb 2025 11:10:30 +0100 +Subject: [PATCH 03/22] fix(dracut-lib): support "set -e" in setdebug + +A `return` statement will return with the exit code of the previous +command if no exit code is specified. In case `/usr/lib/initrd-release` +does not exist, `setdebug` will return with the exit code 1. + +Return this function with code 0 in that case to support `set -e` users. + +Fixes: 2b125c69cc80 ("base/dracut-lib.sh: do not setdebug, if not in initramfs") +--- + modules.d/99base/dracut-lib.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/99base/dracut-lib.sh b/modules.d/99base/dracut-lib.sh +index acedea98..05c361c6 100755 +--- a/modules.d/99base/dracut-lib.sh ++++ b/modules.d/99base/dracut-lib.sh +@@ -340,7 +340,7 @@ splitsep() { + } + + setdebug() { +- [ -f /usr/lib/initrd-release ] || return ++ [ -f /usr/lib/initrd-release ] || return 0 + if [ -z "$RD_DEBUG" ]; then + if [ -e /proc/cmdline ]; then + RD_DEBUG=no +-- +2.48.1 + + +From 57911e76e2826fa6d9f2b80915cf99c6eb0e05b0 Mon Sep 17 00:00:00 2001 +From: You-Sheng Yang +Date: Wed, 22 Jan 2025 23:37:53 +0800 +Subject: [PATCH 04/22] fix(dracut-install): install compressed blobs that + match wildcard fwpath + +dracut-install tries to invoke `glob()` with full path expanded from +"intel/ish/ish_*.bin", but while all the binaries were compressed, this +matches no file and none of the custom ISH firmware blobs will be +installed. + +Closes: #1150 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2095518 +Signed-off-by: You-Sheng Yang +--- + src/install/dracut-install.c | 42 +++++++++++++++++++++++++++--------- + 1 file changed, 32 insertions(+), 10 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 96bc2eb6..bacbe86e 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -1437,12 +1437,15 @@ static int install_all(int argc, char **argv) + return r; + } + +-static int install_firmware_fullpath(const char *fwpath) ++static int install_firmware_fullpath(const char *fwpath, bool maybe_compressed) + { + const char *fw = fwpath; + _cleanup_free_ char *fwpath_compressed = NULL; + int ret; + if (access(fwpath, F_OK) != 0) { ++ if (!maybe_compressed) ++ return 1; ++ + _asprintf(&fwpath_compressed, "%s.zst", fwpath); + if (access(fwpath_compressed, F_OK) != 0) { + strcpy(fwpath_compressed + strlen(fwpath) + 1, "xz"); +@@ -1460,6 +1463,23 @@ static int install_firmware_fullpath(const char *fwpath) + return ret; + } + ++static bool install_firmware_glob(const char *fwpath) ++{ ++ size_t i; ++ _cleanup_globfree_ glob_t globbuf; ++ bool found = false; ++ int ret; ++ ++ glob(fwpath, 0, NULL, &globbuf); ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ ret = install_firmware_fullpath(globbuf.gl_pathv[i], false); ++ if (ret == 0) ++ found = true; ++ } ++ ++ return found; ++} ++ + static int install_firmware(struct kmod_module *mod) + { + struct kmod_list *l = NULL; +@@ -1490,17 +1510,19 @@ static int install_firmware(struct kmod_module *mod) + + if (strpbrk(value, "*?[") != NULL + && access(fwpath, F_OK) != 0) { +- size_t i; +- _cleanup_globfree_ glob_t globbuf; +- +- glob(fwpath, 0, NULL, &globbuf); +- for (i = 0; i < globbuf.gl_pathc; i++) { +- ret = install_firmware_fullpath(globbuf.gl_pathv[i]); +- if (ret == 0) +- found_this = true; ++ found_this = install_firmware_glob(fwpath); ++ if (!found_this) { ++ _cleanup_free_ char *fwpath_compressed = NULL; ++ ++ _asprintf(&fwpath_compressed, "%s.zst", fwpath); ++ found_this = install_firmware_glob(fwpath_compressed); ++ if (!found_this) { ++ strcpy(fwpath_compressed + strlen(fwpath) + 1, "xz"); ++ found_this = install_firmware_glob(fwpath_compressed); ++ } + } + } else { +- ret = install_firmware_fullpath(fwpath); ++ ret = install_firmware_fullpath(fwpath, true); + if (ret == 0) + found_this = true; + } +-- +2.48.1 + + +From ddbeed81b2d43a03a16dc60ff76fd0355d4be5b9 Mon Sep 17 00:00:00 2001 +From: Mark Harmstone +Date: Thu, 23 Jan 2025 11:39:13 +0000 +Subject: [PATCH 05/22] feat(btrfs): also install btrfstune + +--- + modules.d/90btrfs/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh +index 5d881332..80bba155 100755 +--- a/modules.d/90btrfs/module-setup.sh ++++ b/modules.d/90btrfs/module-setup.sh +@@ -55,6 +55,6 @@ install() { + inst_hook initqueue/timeout 10 "$moddir/btrfs_timeout.sh" + fi + +- inst_multiple -o btrfsck btrfs-zero-log ++ inst_multiple -o btrfsck btrfs-zero-log btrfstune + inst "$(command -v btrfs)" /sbin/btrfs + } +-- +2.48.1 + + +From cb8fb9641feec8ee3e0ce249da98becc6cdbb98b Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Fri, 21 Feb 2025 23:49:04 +0100 +Subject: [PATCH 06/22] fix(systemd-sysusers): silence "Creating " on stderr + +dracut prints 20 lines when creating users and groups even with +`--quiet` option. Sample output: + +``` +Creating group 'nobody' with GID 65534. +Creating group 'audio' with GID 997. +Creating group 'disk' with GID 995. +Creating group 'input' with GID 994. +Creating group 'kmem' with GID 993. +Creating group 'kvm' with GID 992. +Creating group 'lp' with GID 991. +Creating group 'optical' with GID 990. +Creating group 'render' with GID 989. +Creating group 'sgx' with GID 988. +Creating group 'storage' with GID 987. +Creating group 'tty' with GID 5. +Creating group 'uucp' with GID 986. +Creating group 'video' with GID 985. +Creating group 'users' with GID 984. +Creating group 'systemd-journal' with GID 983. +Creating user 'root' (Super User) with UID 0 and GID 0. +Creating user 'nobody' (Kernel Overflow User) with UID 65534 and GID 65534. +Creating group 'nobody' with GID 65534. +Creating group 'audio' with GID 997. +``` + +Filter "Creating " messages from stderr, but keep the other messages on +stderr and all messages on stdout untouched. + +Fixes: https://github.com/dracut-ng/dracut-ng/issues/1195 +Fixes: f3dacc013d90 ("feat(systemd-sysusers): run systemd-sysusers as part of the build process") +--- + modules.d/60systemd-sysusers/module-setup.sh | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/modules.d/60systemd-sysusers/module-setup.sh b/modules.d/60systemd-sysusers/module-setup.sh +index 977695e6..0bddd19d 100755 +--- a/modules.d/60systemd-sysusers/module-setup.sh ++++ b/modules.d/60systemd-sysusers/module-setup.sh +@@ -15,5 +15,9 @@ check() { + install() { + inst_sysusers basic.conf + +- systemd-sysusers --root="$initdir" > /dev/null ++ # redirect stdout temporarily to FD 3 to use filter stderr ++ { ++ set -o pipefail ++ systemd-sysusers --root="$initdir" 2>&1 >&3 | grep -v "^Creating " >&2 ++ } 3>&1 + } +-- +2.48.1 + + +From f3fffa1edce2fd5e542c115296c9b0856611faa7 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Thu, 20 Feb 2025 11:20:36 +0100 +Subject: [PATCH 07/22] fix(systemd-veritysetup): install dm-verity kernel + module + +--- + modules.d/01systemd-veritysetup/module-setup.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index fecfecc8..9dad8d4f 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Install kernel module(s). ++installkernel() { ++ instmods dm-verity ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +-- +2.48.1 + + +From 3d5bab815570d2a271a45ceb9135f7cb3bde11f1 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Wed, 26 Feb 2025 14:54:51 +0100 +Subject: [PATCH 08/22] fix(iscsi): don't require network setup for qedi + +This adds the logic of cc2c48a ("fix(iscsi): don't require network setup +for bnx2i") for the qedi iSCSI offload driver. Testing has shown +that for qedi, network setup in the initrd is even more superfluous +as it is for bnx2i. qedi devices are usually separate PCI functions +that don't show up as ethernet interfaces at all. + +While at it, simplify the conditional a bit. + +Signed-off-by: Martin Wilck +--- + modules.d/95iscsi/parse-iscsiroot.sh | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95iscsi/parse-iscsiroot.sh b/modules.d/95iscsi/parse-iscsiroot.sh +index 2dace3a6..a388bec1 100755 +--- a/modules.d/95iscsi/parse-iscsiroot.sh ++++ b/modules.d/95iscsi/parse-iscsiroot.sh +@@ -79,8 +79,9 @@ fi + + # iscsi_firmware does not need argument checking + if [ -n "$iscsi_firmware" ]; then +- if [ "$root" != "dhcp" ] && [ "$netroot" != "dhcp" ]; then +- [ -z "$netroot" ] && [ "$iscsi_transport" != bnx2i ] && netroot=iscsi: ++ if [ "$root" != "dhcp" ] && [ -z "$netroot" ] \ ++ && [ "$iscsi_transport" != bnx2i ] && [ "$iscsi_transport" != qedi ]; then ++ netroot=iscsi: + fi + modprobe -b -q iscsi_boot_sysfs 2> /dev/null + modprobe -b -q iscsi_ibft +-- +2.48.1 + + +From fcde3355456323be9674aac1d00e3c66683b7f99 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Wed, 26 Feb 2025 14:59:44 +0100 +Subject: [PATCH 09/22] fix(iscsi): make sure services are shut down when + switching root + +When systemd prepares switching root, it starts 'initrd-cleanup.service', +which runs 'systemctl --no-block isolate initrd-switch-root.target'. +This will stop all units on which initrd-switch-root.target does not +depend, including iscsid.service and iscsiuio.service. But systemd +doesn't guarantee a time ordering in this case. It can happen that +systemd switches root (i.e. restarts itself on the new root) before +iscsiuio is actually stopped, or at least before PID 1 receives +the notification that it has stopped. In this case, it considers +iscsiuio still running, and will not start it later in the boot +sequence when iscsid is coming up. + +A typical log excerpt with systemd.log_level=debug looks like this: + +[ 36.470761] worker2 systemd[1]: initrd-cleanup.service: Trying to enqueue job initrd-cleanup.service/start/replace +[ 36.765241] worker2 systemd[1]: initrd-switch-root.target: Trying to enqueue job initrd-switch-root.target/start/isolate +[ 36.765337] worker2 systemd[1]: iscsid.service: Installed new job iscsid.service/stop as 139 +[ 36.765535] worker2 systemd[1]: iscsiuio.service: Installed new job iscsiuio.service/stop as 138 +[ 36.824789] worker2 systemd[1]: iscsid.socket: stopping held back, waiting for: iscsid.service +[ 36.824813] worker2 systemd[1]: iscsiuio.socket: stopping held back, waiting for: iscsiuio.service +[ 36.888759] worker2 systemd[1]: iscsid.service: Thawing unit. +[ 36.888882] worker2 systemd[1]: iscsid.service: Changed running -> stop-sigterm +[ 36.889355] worker2 systemd[1]: Stopping Open-iSCSI... +[ 36.889413] worker2 systemd[1]: iscsiuio.service: stopping held back, waiting for: iscsid.service +[ 37.512072] worker2 systemd[1]: Reached target Switch Root. +[ 37.549512] worker2 @ystemctl[1614]: Switching root - root: /sysroot; init: n/a +[ 37.577264] worker2 systemd[1]: Switching root. + +When iscsid is started later on in the real root, it resets all existing iSCSI +connections, causing the root FS to come offline. In iSCSI offload scenarios +if iscsiuio is already running, it will re-establish the session after a few +seconds. But if iscsiuio has not been started at this point in time, it can't +be loaded any more from the root FS, and booting fails. + +To avoid this problem, add "Conflicts" and a "Before" dependencies against +initrd-cleanup.service to the iSCSI service units. + +See also https://github.com/systemd/systemd/issues/3436 + +Signed-off-by: Martin Wilck +--- + modules.d/95iscsi/module-setup.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/modules.d/95iscsi/module-setup.sh b/modules.d/95iscsi/module-setup.sh +index 1b2ea110..3bb9a63d 100755 +--- a/modules.d/95iscsi/module-setup.sh ++++ b/modules.d/95iscsi/module-setup.sh +@@ -234,8 +234,8 @@ install() { + { + echo "[Unit]" + echo "DefaultDependencies=no" +- echo "Conflicts=shutdown.target" +- echo "Before=shutdown.target" ++ echo "Conflicts=shutdown.target initrd-cleanup.service" ++ echo "Before=shutdown.target initrd-cleanup.service" + } > "${initdir}/$systemdsystemunitdir/iscsid.service.d/dracut.conf" + + mkdir -p "${initdir}/$systemdsystemunitdir/iscsid.socket.d" +@@ -250,8 +250,8 @@ install() { + { + echo "[Unit]" + echo "DefaultDependencies=no" +- echo "Conflicts=shutdown.target" +- echo "Before=shutdown.target" ++ echo "Conflicts=shutdown.target initrd-cleanup.service" ++ echo "Before=shutdown.target initrd-cleanup.service" + } > "${initdir}/$systemdsystemunitdir/iscsiuio.service.d/dracut.conf" + + mkdir -p "${initdir}/$systemdsystemunitdir/iscsiuio.socket.d" +-- +2.48.1 + + +From 20cc20d2ac9c2908da6735b04dba49c1cb1b0bab Mon Sep 17 00:00:00 2001 +From: Xinhui Yang +Date: Sat, 1 Mar 2025 00:54:31 +0800 +Subject: [PATCH 10/22] fix(90kernel-modules): explicitly include + xhci-pci-renesas + +Since Linux v6.12-rc1 (commit 25f51b76f90f), xhci-pci no longer depends +on xhci-pci-renesas, causing the Renesas driver to be omitted during +initramfs generation (when built as a module). + +This makes platforms with such xHCI controllers unavailable during +initrd, and unable to boot from a USB drive. There are SuperSpeed ports +routed through such controller on some platforms, too, which also +renders the USB keyboard and mouse unusable. + +Here's a snippet of the kernel log from such platform, showing a +keyboard and a mouse being detected only after the initrd switched root: + +[ 9.352608] systemd-journald[187]: Received SIGTERM from PID 1 (systemd). +[ 9.500146] systemd[1]: systemd 257.2 running in system mode (OMITTED) +... +[ 11.187756] xhci-pci-renesas 0000:04:00.0: xHCI Host Controller +[ 11.187870] xhci-pci-renesas 0000:04:00.0: new USB bus registered, assigned bus number 7 +[ 11.193261] xhci-pci-renesas 0000:04:00.0: hcc params 0x014051cf hci version 0x100 quirks 0x0000000100000010 +[ 11.194806] xhci-pci-renesas 0000:04:00.0: xHCI Host Controller +[ 11.196601] xhci-pci-renesas 0000:04:00.0: new USB bus registered, assigned bus number 8 +[ 11.196613] xhci-pci-renesas 0000:04:00.0: Host supports USB 3.0 SuperSpeed +[ 11.196927] usb usb7: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.13 +[ 11.196931] usb usb7: New USB device strings: Mfr=3, Product=2, SerialNumber=1 +[ 11.196935] usb usb7: Product: xHCI Host Controller +[ 11.196938] usb usb7: Manufacturer: Linux 6.13.3-aosc-main xhci-hcd +[ 11.196941] usb usb7: SerialNumber: 0000:04:00.0 +[ 11.199598] hub 7-0:1.0: USB hub found +[ 11.199630] hub 7-0:1.0: 4 ports detected +... +[ 11.439561] usb 7-2: new high-speed USB device number 2 using xhci-pci-renesas +[ 11.568361] usb 7-2: New USB device found, idVendor=1532, idProduct=0114, bcdDevice= 1.00 +[ 11.568369] usb 7-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 +[ 11.568372] usb 7-2: Product: DeathStalker Ultimate +[ 11.568376] usb 7-2: Manufacturer: Razer +[ 11.600474] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.0/0003:1532:0114.0001/input/input12 +[ 11.600686] hid-generic 0003:1532:0114.0001: input,hidraw0: USB HID v1.11 Mouse [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input0 +[ 11.601137] input: Razer DeathStalker Ultimate Keyboard as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.1/0003:1532:0114.0002/input/input13 +[ 11.652148] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.1/0003:1532:0114.0002/input/input14 +[ 11.652409] hid-generic 0003:1532:0114.0002: input,hidraw1: USB HID v1.11 Keyboard [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input1 +[ 11.653054] input: Razer DeathStalker Ultimate as /devices/pci0000:00/0000:00:0e.0/0000:04:00.0/usb7/7-2/7-2:1.2/0003:1532:0114.0003/input/input15 +[ 11.703768] hid-generic 0003:1532:0114.0003: input,hidraw2: USB HID v1.11 Keyboard [Razer DeathStalker Ultimate] on usb-0000:04:00.0-2/input2 +--- + modules.d/90kernel-modules/module-setup.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh +index f159f0be..1ac91d02 100755 +--- a/modules.d/90kernel-modules/module-setup.sh ++++ b/modules.d/90kernel-modules/module-setup.sh +@@ -39,12 +39,15 @@ installkernel() { + hostonly='' instmods \ + hid_generic unix + ++ # xhci-pci-renesas is needed for the USB to be available during ++ # initrd on platforms with such USB controllers since Linux ++ # 6.12-rc1 (commit 25f51b76f90f). + hostonly=$(optional_hostonly) instmods \ + ehci-hcd ehci-pci ehci-platform \ + ohci-hcd ohci-pci \ + uhci-hcd \ + usbhid \ +- xhci-hcd xhci-pci xhci-plat-hcd \ ++ xhci-hcd xhci-pci xhci-pci-renesas xhci-plat-hcd \ + "=drivers/hid" \ + "=drivers/tty/serial" \ + "=drivers/input/serio" \ +-- +2.48.1 + + +From 4402aeb271933e6b542f5d9a4ff13f6e8b97e6c2 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 26 Feb 2025 08:20:09 +0100 +Subject: [PATCH 11/22] feat(systemd-integritysetup): add + remote-integritysetup.target + +Required since https://github.com/systemd/systemd/commit/810708f4b820543b8585a36e84ccca4bc5b18fee +--- + modules.d/01systemd-integritysetup/module-setup.sh | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index 3d176404..dffc88ac 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -26,6 +26,7 @@ depends() { + + } + ++# Install kernel module(s). + installkernel() { + instmods dm-integrity + } +@@ -36,9 +37,11 @@ install() { + inst_multiple -o \ + "$systemdutildir"/systemd-integritysetup \ + "$systemdutildir"/system-generators/systemd-integritysetup-generator \ ++ "$systemdsystemunitdir"/remote-integritysetup.target \ + "$systemdsystemunitdir"/integritysetup-pre.target \ + "$systemdsystemunitdir"/integritysetup.target \ +- "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target ++ "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target \ ++ "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-integritysetup.target + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +@@ -48,8 +51,11 @@ install() { + "$systemdsystemconfdir/integritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/integritysetup-pre.target \ + "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \ ++ "$systemdsystemconfdir"/remote-integritysetup.target \ ++ "$systemdsystemconfdir/remote-integritysetup.target.wants/*.target" \ + "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \ +- "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target" ++ "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target" \ ++ "$systemdsystemconfdir"/initrd-root-device.target.wants/remote-integritysetup.target + fi + + # Install required libraries. +-- +2.48.1 + + +From c43b79056ffdb7b410e70550a8ad8d137b4720c0 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski +Date: Wed, 26 Mar 2025 18:04:25 -0400 +Subject: [PATCH 13/22] fix(multipath): skip default multipath.conf with + mpathconf + +Commit 1e802f15f creates a default multipath.conf file with +"find_multipaths strict" when run in non-hostonly mode if there are no +multipath devices and no multipath.conf. Unfortunately for systems that +want to use mpathconf to create a multipath.conf file (e.g. Fedora and +Centos) either through multipathd-configure.service or multipathd.sh, +this default file keeps that from occurring. To make sure mpathconf is +called to create the config file, do not install a default config file +if mpathconf is installed. + +Fixes: ("fix(multipath): include module with find_multipaths strict") +Signed-off-by: Benjamin Marzinski +--- + modules.d/90multipath/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index 5fdbb9a7..a05df018 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -122,7 +122,7 @@ install() { + fi + } + +- [[ $hostonly ]] || { ++ [[ $hostonly ]] || mpathconf_installed || { + for_each_host_dev_and_slaves is_mpath \ + || [[ -f /etc/multipath.conf ]] || { + cat > "${initdir}"/etc/multipath.conf << EOF +-- +2.48.1 + + +From e6b2c882af61a804f7658ed6e2f84f02277c7b8a Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Mon, 24 Mar 2025 09:12:13 -0400 +Subject: [PATCH 14/22] chore(network-legacy): no need to call chmod on ifup.sh + +This is a small optimization, with the goal of avoiding +calling chmod for a file that is already guaranteed to be +an executable. +--- + modules.d/35network-legacy/ifup.sh | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/modules.d/35network-legacy/ifup.sh b/modules.d/35network-legacy/ifup.sh +index 1cd27b14..59629f11 100755 +--- a/modules.d/35network-legacy/ifup.sh ++++ b/modules.d/35network-legacy/ifup.sh +@@ -47,7 +47,6 @@ do_dhcp_parallel() { + echo 'dhcp=dhclient' >> /run/NetworkManager/conf.d/10-dracut-dhclient.conf + fi + +- chmod +x /sbin/dhcp-multi.sh + /sbin/dhcp-multi.sh "$netif" "$DO_VLAN" "$@" & + return 0 + } +-- +2.48.1 + + +From ddc1f54d3ec96c55c444af22a0a964cb48266a21 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Mon, 24 Mar 2025 09:23:22 -0400 +Subject: [PATCH 15/22] perf(base): move the chmod dependency from base to + systemd + +base dracut module no longer requires chmod. +--- + modules.d/00systemd/module-setup.sh | 1 + + modules.d/95ssh-client/module-setup.sh | 2 +- + modules.d/99base/module-setup.sh | 1 - + 3 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 1f35a73c..283a39af 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -84,6 +84,7 @@ install() { + "$systemdsystemunitdir"/-.slice \ + systemctl \ + echo swapoff \ ++ chmod \ + mount umount reboot poweroff \ + systemd-run systemd-escape \ + systemd-cgls +diff --git a/modules.d/95ssh-client/module-setup.sh b/modules.d/95ssh-client/module-setup.sh +index 75fc94f3..662ad177 100755 +--- a/modules.d/95ssh-client/module-setup.sh ++++ b/modules.d/95ssh-client/module-setup.sh +@@ -65,7 +65,7 @@ inst_sshenv() { + install() { + local _nsslibs + +- inst_multiple ssh scp ++ inst_multiple ssh scp chmod + inst_sshenv + + _nsslibs=$( +diff --git a/modules.d/99base/module-setup.sh b/modules.d/99base/module-setup.sh +index 4a86e90d..12194964 100755 +--- a/modules.d/99base/module-setup.sh ++++ b/modules.d/99base/module-setup.sh +@@ -9,7 +9,6 @@ depends() { + # called by dracut + install() { + inst_multiple \ +- chmod \ + cp \ + dmesg \ + flock \ +-- +2.48.1 + + +From 2ae73d639834758a88b34033693bd97a7b1ed2f0 Mon Sep 17 00:00:00 2001 +From: Benjamin Drung +Date: Thu, 3 Apr 2025 14:14:07 +0200 +Subject: [PATCH 16/22] feat: add simpledrm module (as subset of drm module) + +Plymouth doesn't always show a splash screen if DRM drivers are +installed in initrd. + +Provide a `simpledrm` module that only installs the SimpleDRM module +and the potentially needed privacy screen providers. This `simpledrm` +module is a subset of the `drm` module. It could be used instead of +`drm` to avoid pulling in drivers like amdgpu, nouveau, or nvidia-drm. + +Bug-Ubuntu: https://launchpad.net/bugs/2105377 +--- + modules.d/45simpledrm/module-setup.sh | 28 +++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100755 modules.d/45simpledrm/module-setup.sh + +diff --git a/modules.d/45simpledrm/module-setup.sh b/modules.d/45simpledrm/module-setup.sh +new file mode 100755 +index 00000000..aa5fcd33 +--- /dev/null ++++ b/modules.d/45simpledrm/module-setup.sh +@@ -0,0 +1,28 @@ ++#!/bin/bash ++ ++# called by dracut ++check() { ++ return 255 ++} ++ ++# called by dracut ++installkernel() { ++ # Include simple DRM driver ++ instmods simpledrm ++ ++ if [[ $hostonly ]]; then ++ # if there is a privacy screen then its driver must be loaded before the ++ # kms driver will bind, otherwise its probe() will return -EPROBE_DEFER ++ # note privacy screens always register, even with e.g. nokmsboot ++ for i in /sys/class/drm/privacy_screen-*/device/driver/module; do ++ [[ -L $i ]] || continue ++ modlink=$(readlink "$i") ++ modname=$(basename "$modlink") ++ instmods "$modname" ++ done ++ else ++ # include privacy screen providers (see above comment) ++ # atm all providers live under drivers/platform/x86 ++ dracut_instmods -o -s "drm_privacy_screen_register" "=drivers/platform/x86" ++ fi ++} +-- +2.48.1 + + +From 1b5669c1d89e0cc1134ad5b0aa5c091144d24b84 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Fri, 4 Apr 2025 10:18:07 +0200 +Subject: [PATCH 17/22] feat(systemd): add new systemd-validatefs@.service + +Introduced in https://github.com/systemd/systemd/commit/0bdd5ccc8145af8dae9779751d3e7a34c4fa6aa5 +Used internally in fstab-generator (new `x-systemd.validatefs` mount option) and +gpt-auto-generator: https://github.com/systemd/systemd/commit/f872373a26dcaa0818b49220abfe35611d12fa82 +--- + modules.d/00systemd/module-setup.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 283a39af..8f25475e 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -35,6 +35,7 @@ install() { + "$systemdutildir"/systemd-shutdown \ + "$systemdutildir"/systemd-reply-password \ + "$systemdutildir"/systemd-fsck \ ++ "$systemdutildir"/systemd-validatefs \ + "$systemdutildir"/systemd-volatile-root \ + "$systemdutildir"/systemd-sysroot-fstab-check \ + "$systemdutildir"/system-generators/systemd-debug-generator \ +@@ -76,6 +77,7 @@ install() { + "$systemdsystemunitdir"/systemd-reboot.service \ + "$systemdsystemunitdir"/systemd-kexec.service \ + "$systemdsystemunitdir"/systemd-fsck@.service \ ++ "$systemdsystemunitdir"/systemd-validatefs@.service \ + "$systemdsystemunitdir"/systemd-volatile-root.service \ + "$systemdsystemunitdir"/ctrl-alt-del.target \ + "$systemdsystemunitdir"/syslog.socket \ +-- +2.48.1 + + +From e8f72ed9bed9f80c976867953a3eb92e62f9df2f Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 3 Mar 2025 15:22:14 +0100 +Subject: [PATCH 18/22] chore(multipath): remove `rd_NO_MULTIPATH` kernel + command line option + +Deprecated since 778b3543609d8c9d32df7111229f4072d00d02f0 (Nov 25, 2014). +--- + modules.d/90multipath/multipathd.service | 1 - + modules.d/90multipath/multipathd.sh | 2 +- + 2 files changed, 1 insertion(+), 2 deletions(-) + +diff --git a/modules.d/90multipath/multipathd.service b/modules.d/90multipath/multipathd.service +index 1680cdfb..3248fa97 100644 +--- a/modules.d/90multipath/multipathd.service ++++ b/modules.d/90multipath/multipathd.service +@@ -11,7 +11,6 @@ Conflicts=shutdown.target + Conflicts=initrd-cleanup.service + ConditionKernelCommandLine=!nompath + ConditionKernelCommandLine=!rd.multipath=0 +-ConditionKernelCommandLine=!rd_NO_MULTIPATH + ConditionKernelCommandLine=!multipath=off + ConditionVirtualization=!container + +diff --git a/modules.d/90multipath/multipathd.sh b/modules.d/90multipath/multipathd.sh +index e17fd921..68bd0383 100755 +--- a/modules.d/90multipath/multipathd.sh ++++ b/modules.d/90multipath/multipathd.sh +@@ -8,7 +8,7 @@ if [ "$(getarg rd.multipath)" = "default" ] && [ ! -e /etc/multipath.conf ]; the + mpathconf --enable + fi + +-if getargbool 1 rd.multipath -d -n rd_NO_MULTIPATH && [ -e /etc/multipath.conf ]; then ++if getargbool 1 rd.multipath && [ -e /etc/multipath.conf ]; then + modprobe dm-multipath + multipathd -B || multipathd + need_shutdown +-- +2.48.1 + + +From 5e87b68cfb706b499a4d6814e3414d954db46083 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Mon, 3 Mar 2025 15:23:41 +0100 +Subject: [PATCH 19/22] refactor(multipath): remove custom multipathd.service + +Install `multipathd.service` provided by upstream, and add a dropin to support +`rd.multipath=0`. +--- + modules.d/90multipath/module-setup.sh | 3 ++- + modules.d/90multipath/multipathd-dracut.conf | 2 ++ + modules.d/90multipath/multipathd.service | 26 -------------------- + 3 files changed, 4 insertions(+), 27 deletions(-) + create mode 100644 modules.d/90multipath/multipathd-dracut.conf + delete mode 100644 modules.d/90multipath/multipathd.service + +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index a05df018..5a7f91fa 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -91,6 +91,7 @@ install() { + [[ -d $config_dir ]] || config_dir=/etc/multipath/conf.d + + inst_multiple \ ++ "$systemdsystemunitdir"/multipathd.service \ + pkill \ + kpartx \ + dmsetup \ +@@ -151,7 +152,7 @@ EOF + inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service" + $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service + fi +- inst_simple "${moddir}/multipathd.service" "${systemdsystemunitdir}/multipathd.service" ++ inst_simple "$moddir/multipathd-dracut.conf" "$systemdsystemunitdir/multipathd.service.d/multipathd-dracut.conf" + $SYSTEMCTL -q --root "$initdir" enable multipathd.service + else + inst_hook pre-trigger 02 "$moddir/multipathd.sh" +diff --git a/modules.d/90multipath/multipathd-dracut.conf b/modules.d/90multipath/multipathd-dracut.conf +new file mode 100644 +index 00000000..783b05d5 +--- /dev/null ++++ b/modules.d/90multipath/multipathd-dracut.conf +@@ -0,0 +1,2 @@ ++[Unit] ++ConditionKernelCommandLine=!rd.multipath=0 +diff --git a/modules.d/90multipath/multipathd.service b/modules.d/90multipath/multipathd.service +deleted file mode 100644 +index 3248fa97..00000000 +--- a/modules.d/90multipath/multipathd.service ++++ /dev/null +@@ -1,26 +0,0 @@ +-[Unit] +-Description=Device-Mapper Multipath Device Controller +-Before=lvm2-activation-early.service +-Before=local-fs-pre.target blk-availability.service shutdown.target +-Wants=systemd-udevd-kernel.socket +-After=systemd-udevd-kernel.socket +-After=multipathd.socket systemd-remount-fs.service +-Before=initrd-cleanup.service +-DefaultDependencies=no +-Conflicts=shutdown.target +-Conflicts=initrd-cleanup.service +-ConditionKernelCommandLine=!nompath +-ConditionKernelCommandLine=!rd.multipath=0 +-ConditionKernelCommandLine=!multipath=off +-ConditionVirtualization=!container +- +-[Service] +-Type=notify +-NotifyAccess=main +-ExecStartPre=-/sbin/modprobe dm-multipath +-ExecStart=/sbin/multipathd -d -s +-ExecReload=/sbin/multipathd reconfigure +-TasksMax=infinity +- +-[Install] +-WantedBy=sysinit.target +-- +2.48.1 + + +From 6b30662e6e4720428f0efb0ab85c80303dd34afd Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 25 Mar 2025 15:20:48 +0100 +Subject: [PATCH 20/22] fix(nfs): libnfsidmap plugins not added in some + distributions + +`nfs-utils` can be configured using `--with-pluginpath` to avoid using the +default `/usr/lib/libnfsidmap`. For example, Fedora sets +`--with-pluginpath=%{_libdir}/libnfsidmap`, which is covered by the current +glob, but openSUSE sets `--with-pluginpath=%{_libdir}/libnfsidmap-1.0.0`. + +Also, remove reference to the old `libnfsidmap_.so` path. +--- + modules.d/95nfs/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 039b4e4c..6c76faf4 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -139,5 +139,5 @@ install() { + + dracut_need_initqueue + +- inst_libdir_file 'libnfsidmap_nsswitch.so*' 'libnfsidmap/*.so' 'libnfsidmap*.so*' ++ inst_libdir_file 'libnfsidmap*/*.so' 'libnfsidmap*.so*' + } +-- +2.48.1 + + +From 2f5a759f490bb813ec24a685f015b15ff196783b Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 1 Apr 2025 14:33:38 +0200 +Subject: [PATCH 21/22] fix(nfs): use `DRACUT_CP` instead of `cp` + +Using `cp` directly ignores `DRACUT_NO_XATTR`. +--- + modules.d/95nfs/module-setup.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index 6c76faf4..d097cd38 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -120,9 +120,15 @@ install() { + mkdir -m 0770 -p "$initdir/var/lib/rpcbind" + + # use the same directory permissions as the host +- [ -d "/var/lib/nfs/statd" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/statd "${initdir}"/var/lib/nfs/ && rm -rf "${initdir}"/var/lib/nfs/statd/* +- [ -d "/var/lib/nfs/statd/sm" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/statd/sm "${initdir}"/var/lib/nfs/statd/ && rm -rf "${initdir}"/var/lib/nfs/statd/sm/* +- [ -d "/var/lib/nfs/sm" ] && cp -a --attributes-only "$dracutsysrootdir"/var/lib/nfs/sm "${initdir}"/var/lib/nfs/ && rm -rf "${initdir}"/var/lib/nfs/sm/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/statd ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs "$dracutsysrootdir"/var/lib/nfs/statd \ ++ && rm -rf "$initdir"/var/lib/nfs/statd/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/statd/sm ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs/statd "$dracutsysrootdir"/var/lib/nfs/statd/sm \ ++ && rm -rf "$initdir"/var/lib/nfs/statd/sm/* ++ [[ -d "$dracutsysrootdir"/var/lib/nfs/sm ]] \ ++ && $DRACUT_CP -L --preserve=ownership -t "$initdir"/var/lib/nfs "$dracutsysrootdir"/var/lib/nfs/sm \ ++ && rm -rf "$initdir"/var/lib/nfs/sm/* + + # Rather than copy the passwd file in, just set a user for rpcbind + # We'll save the state and restart the daemon from the root anyway +-- +2.48.1 + + +From 7eaa8536fae73aa65fae604820f10e842a18bc88 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Tue, 1 Apr 2025 14:34:04 +0200 +Subject: [PATCH 22/22] fix(nfs): add possible `statd` user and group + +Some distributions use the `statd` user (openSUSE, Ubuntu) and group (openSUSE) +to handle `rpc.statd` directories. +--- + modules.d/95nfs/module-setup.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh +index d097cd38..b34c75c0 100755 +--- a/modules.d/95nfs/module-setup.sh ++++ b/modules.d/95nfs/module-setup.sh +@@ -136,10 +136,10 @@ install() { + local _confdir + for _confdir in etc usr/lib; do + +- grep -sE '^(nfsnobody|_rpc|rpc|rpcuser):' "${dracutsysrootdir}/${_confdir}/passwd" \ ++ grep -sE '^(nfsnobody|_rpc|rpc|rpcuser|statd):' "${dracutsysrootdir}/${_confdir}/passwd" \ + >> "$initdir/${_confdir}/passwd" + +- grep -sE '^(nogroup|rpc|nobody):' "${dracutsysrootdir}/${_confdir}/group" \ ++ grep -sE '^(nogroup|rpc|nobody|statd):' "${dracutsysrootdir}/${_confdir}/group" \ + >> "$initdir/${_confdir}/group" + done + +-- +2.48.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch new file mode 100644 index 0000000000..bcb0e3054f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/002-dracut-sysroot.patch @@ -0,0 +1,2781 @@ +From 7e6a4cf62af3d8e05dd2dec6bb3301fe52031bf2 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 5 Sep 2024 11:55:35 +0100 +Subject: [PATCH 01/12] fix(dracut): respect PKG_CONFIG env var instead of + hardcoding pkg-config + +When using a sysroot, we should use pkg-config data from the sysroot. +While we could set PKG_CONFIG_LIBDIR, the lib directory can vary. +Distributions typically set up pkg-config wrappers for this purpose and +it is customary to respect the PKG_CONFIG variable in build systems. +Users can still set simply PKG_CONFIG_LIBDIR instead if they prefer that +approach. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 1 + + dracut.sh | 2 +- + man/dracut.8.adoc | 7 +++++++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index be8eb9fb..de3ae324 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -81,6 +81,7 @@ export srcmods + DRACUT_LDD=${DRACUT_LDD:-ldd} + DRACUT_TESTBIN=${DRACUT_TESTBIN:-/bin/sh} + DRACUT_LDCONFIG=${DRACUT_LDCONFIG:-ldconfig} ++PKG_CONFIG=${PKG_CONFIG:-pkg-config} + + # shellcheck source=./dracut-functions.sh + . "$dracutbasedir"/dracut-functions.sh +diff --git a/dracut.sh b/dracut.sh +index ef959021..aff721f0 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1489,7 +1489,7 @@ set_global_var() { + local _pkgvar="${2%:*}" + local _var="${2#*:}" + [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]] \ +- && export "$_var"="$(pkg-config "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" ++ && export "$_var"="$($PKG_CONFIG "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" + if [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]]; then + shift 2 + if (($# == 1)); then +diff --git a/man/dracut.8.adoc b/man/dracut.8.adoc +index a6d044a9..ba33ab19 100644 +--- a/man/dracut.8.adoc ++++ b/man/dracut.8.adoc +@@ -655,6 +655,13 @@ _DRACUT_LDD_:: + Default: + _ldd_ + ++_PKG_CONFIG_:: ++ sets the _pkg-config_ program path and options. Optional. ++ Most useful together with **--sysroot**. +++ ++Default: ++ _pkg-config_ ++ + _DRACUT_TESTBIN_:: + sets the initially tested binary for detecting library paths. + Optional. Used for **--sysroot**. In the cross-compiled sysroot, +-- +2.48.1 + + +From e5d3ef60f880bd9a35b0b13c667252bdb209a54e Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 5 Sep 2024 12:19:09 +0100 +Subject: [PATCH 02/12] feat(dracut): set systemdversion global var using + pkg-config + +This falls back to 0 if the version cannot be determined. The version +isn't a regular pkg-config variable like the others, but we still want +the ability to override this through the Dracut config, so make +"modversion" a special case. + +Signed-off-by: James Le Cuirot +--- + dracut.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index aff721f0..45527bcd 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1488,9 +1488,14 @@ set_global_var() { + local _pkgconfig="$1" + local _pkgvar="${2%:*}" + local _var="${2#*:}" +- [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]] \ +- && export "$_var"="$($PKG_CONFIG "$_pkgconfig" --variable="$_pkgvar" 2> /dev/null)" +- if [[ -z ${!_var} || ! -d ${dracutsysrootdir}${!_var} ]]; then ++ if [[ $_pkgvar == modversion ]]; then ++ local _vararg=--modversion ++ else ++ local _vararg=--variable=$_pkgvar ++ fi ++ [[ -z ${!_var} || ($3 == /* && ! -d ${dracutsysrootdir}${!_var}) ]] \ ++ && export "$_var"="$($PKG_CONFIG "$_pkgconfig" "$_vararg" 2> /dev/null)" ++ if [[ -z ${!_var} || ($3 == /* && ! -d ${dracutsysrootdir}${!_var}) ]]; then + shift 2 + if (($# == 1)); then + export "$_var"="$1" +@@ -1550,6 +1555,7 @@ set_global_var "systemd" "sysusers" "/usr/lib/sysusers.d" + set_global_var "systemd" "sysusersconfdir" "/etc/sysusers.d" + set_global_var "systemd" "tmpfilesdir" "/lib/tmpfiles.d" "/usr/lib/tmpfiles.d" + set_global_var "systemd" "tmpfilesconfdir" "/etc/tmpfiles.d" ++set_global_var "systemd" "modversion:systemdversion" "0" + + # libkmod global variables + set_global_var "libkmod" "depmodd" "/usr/lib/depmod.d" +-- +2.48.1 + + +From 80c8d6909788d718d0aa48bd70af049c43f0c67f Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Mon, 10 Mar 2025 13:11:05 +0000 +Subject: [PATCH 03/12] fix(dracut-install): plug memory leak on kerneldir + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index bacbe86e..9bfddb83 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -68,6 +68,7 @@ static bool arg_modalias = false; + static bool arg_resolvelazy = false; + static bool arg_resolvedeps = false; + static bool arg_hostonly = false; ++static bool arg_kerneldir = false; + static bool no_xattr = false; + static char *destrootdir = NULL; + static char *sysrootdir = NULL; +@@ -1202,6 +1203,7 @@ static int parse_argv(int argc, char *argv[]) + break; + case ARG_KERNELDIR: + kerneldir = optarg; ++ arg_kerneldir = true; + break; + case ARG_FIRMWAREDIRS: + firmwaredirs = strv_split(optarg, ":"); +@@ -2407,6 +2409,9 @@ int main(int argc, char **argv) + finish1: + free(destrootdir); + finish2: ++ if (!arg_kerneldir) ++ free(kerneldir); ++ + if (logfile_f) + fclose(logfile_f); + +-- +2.48.1 + + +From fb77a76ab8736807a9b5305528fde5275ce15c5b Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 5 Mar 2025 17:29:51 +0000 +Subject: [PATCH 04/12] fix(dracut-install): rework broken destination + existence logic + +The return code of `stat` is checked twice when it only needs to be +checked once. The `dst_exists` condition will also never be true, making +the variable redundant. + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 26 ++++++++------------------ + 1 file changed, 8 insertions(+), 18 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 9bfddb83..83041e40 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -821,7 +821,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + bool src_islink = false; + bool src_isdir = false; + mode_t src_mode = 0; +- bool dst_exists = true; + char *i = NULL; + const char *src, *dst; + +@@ -871,15 +870,13 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + + ret = stat(fulldstpath, &sb); +- if (ret != 0) { +- dst_exists = false; +- if (errno != ENOENT) { +- log_error("ERROR: stat '%s': %m", fulldstpath); ++ ++ if (ret == 0) { ++ if (src_isdir && !S_ISDIR(sb.st_mode)) { ++ log_error("dest dir '%s' already exists but is not a directory", fulldstpath); + return 1; + } +- } + +- if (ret == 0) { + if (resolvedeps && S_ISREG(sb.st_mode) && (sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { + log_debug("'%s' already exists, but checking for any deps", fulldstpath); + if (sysrootdirlen && (strncmp(fulldstpath, sysrootdir, sysrootdirlen) == 0)) +@@ -888,9 +885,11 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + ret = resolve_deps(fullsrcpath); + } else + log_debug("'%s' already exists", fulldstpath); +- +- /* dst does already exist */ + } else { ++ if (errno != ENOENT) { ++ log_error("ERROR: stat '%s': %m", fulldstpath); ++ return 1; ++ } + + /* check destination directory */ + fulldstdir = strndup(fulldstpath, dir_len(fulldstpath)); +@@ -923,15 +922,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (src_isdir) { +- if (dst_exists) { +- if (S_ISDIR(sb.st_mode)) { +- log_debug("dest dir '%s' already exists", fulldstpath); +- return 0; +- } +- log_error("dest dir '%s' already exists but is not a directory", fulldstpath); +- return 1; +- } +- + log_info("mkdir '%s'", fulldstpath); + ret = dracut_mkdir(fulldstpath); + if (ret == 0) { +-- +2.48.1 + + +From 9bc6e43632ed5c9807e40aab684fe37a6d8b3bb0 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 18 Feb 2025 17:24:05 +0000 +Subject: [PATCH 05/12] feat(dracut-install): parse ELF .note.dlopen entries + for extra deps + +Unlike traditional DT_NEEDED dependencies, there has not been a way to +determine what libraries an ELF may dlopen until recently. systemd has +documented a convention to declare such dependencies using JSON in the +ELF metadata. See https://systemd.io/ELF_DLOPEN_METADATA/ for details. + +This metadata references sonames rather than full paths, so Dracut needs +to determine the full paths by itself. It cannot use ldd to do this as +that relies on DT_NEEDED. ldconfig can show the paths for all sonames in +the cache, but that relies on the cache having already been generated, +it isn't cross-friendly, and musl doesn't even have ldconfig. It +therefore makes sense for Dracut to parse the ELF headers directly. This +also paves the way for removing the dependency on ldd entirely, making +Dracut more cross-friendly as a whole. + +To avoid adding an entirely new dependency, the JSON parsing is done by +libsystemd's sd-json API. This has been exposed since systemd v257. If +libsystemd is too old or not present at all, then this dlopen handling +is simply skipped. This is currently not an issue for non-systemd +distributions as systemd is the only project using this convention. If +that were to change, libsystemd can still be used without the rest of +systemd, as demonstrated by Gentoo. + +The metadata itself has only been included by systemd since v256. If an +earlier version is detected, Dracut will unconditionally install the +same libraries that it did before. + +There are different structs for 32-bit and 64-bit ELF headers, so this +new code makes heavy use of C macros to avoid a lot of code duplication. +One macro is also used heavily for endian conversion, as almost every +field needs to be adjusted. + +See the code comments for the remaining details. + +Closes: https://github.com/dracut-ng/dracut-ng/issues/154 +Signed-off-by: James Le Cuirot +--- + Makefile | 4 +- + configure | 3 + + dracut.sh | 11 + + modules.d/00systemd/module-setup.sh | 1 - + modules.d/01systemd-bsod/module-setup.sh | 4 +- + modules.d/01systemd-coredump/module-setup.sh | 10 +- + .../01systemd-integritysetup/module-setup.sh | 5 +- + modules.d/01systemd-journald/module-setup.sh | 12 +- + .../01systemd-veritysetup/module-setup.sh | 5 +- + src/install/dracut-install.c | 572 +++++++++++++++++- + 10 files changed, 592 insertions(+), 35 deletions(-) + +diff --git a/Makefile b/Makefile +index 5ce30d5f..d53d6a41 100644 +--- a/Makefile ++++ b/Makefile +@@ -53,7 +53,7 @@ manpages = $(man1pages) $(man5pages) $(man7pages) $(man8pages) + all: dracut.pc dracut-install src/skipcpio/skipcpio dracut-util + + %.o : %.c +- $(CC) -c $(CFLAGS) $(CPPFLAGS) $(KMOD_CFLAGS) $< -o $@ ++ $(CC) -c $(CFLAGS) $(CPPFLAGS) $(KMOD_CFLAGS) $(SYSTEMD_CFLAGS) $(if $(SYSTEMD_LIBS),-DHAVE_SYSTEMD) $< -o $@ + + DRACUT_INSTALL_OBJECTS = \ + src/install/dracut-install.o \ +@@ -72,7 +72,7 @@ src/install/util.o: src/install/util.c src/install/util.h src/install/macro.h sr + src/install/strv.o: src/install/strv.c src/install/strv.h src/install/util.h src/install/macro.h src/install/log.h + + src/install/dracut-install: $(DRACUT_INSTALL_OBJECTS) +- $(CC) $(LDFLAGS) -o $@ $(DRACUT_INSTALL_OBJECTS) $(LDLIBS) $(FTS_LIBS) $(KMOD_LIBS) ++ $(CC) $(LDFLAGS) -o $@ $(DRACUT_INSTALL_OBJECTS) $(LDLIBS) $(FTS_LIBS) $(KMOD_LIBS) $(SYSTEMD_LIBS) + + dracut-install: src/install/dracut-install + ln -fs $< $@ +diff --git a/configure b/configure +index 5095078b..8a966333 100755 +--- a/configure ++++ b/configure +@@ -191,6 +191,9 @@ bindir ?= ${bindir:-${prefix}/bin} + KMOD_CFLAGS ?= $(${PKG_CONFIG} --cflags " libkmod >= 23 ") ${KMOD_CFLAGS_EXTRA} + KMOD_LIBS ?= $(${PKG_CONFIG} --libs " libkmod >= 23 ") + FTS_LIBS ?= ${FTS_LIBS} ++# For the sd-json API, which was added in systemd v257. This is optional. ++SYSTEMD_CFLAGS ?= $(${PKG_CONFIG} --cflags "libsystemd >= 257") ++SYSTEMD_LIBS ?= $(${PKG_CONFIG} --libs "libsystemd >= 257") + EOF + + { +diff --git a/dracut.sh b/dracut.sh +index 45527bcd..e544cafb 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1561,6 +1561,17 @@ set_global_var "systemd" "modversion:systemdversion" "0" + set_global_var "libkmod" "depmodd" "/usr/lib/depmod.d" + set_global_var "libkmod" "depmodconfdir" "/etc/depmod.d" + ++# Modules should check for JSON support in dracut-install before using it. ++DRACUT_INSTALL_JSON= ++$DRACUT_INSTALL --json-supported &> /dev/null && DRACUT_INSTALL_JSON=1 ++ ++# systemd started declaring its dlopen dependencies in v256. Checking for these ++# requires JSON support in dracut-install, provided by libsystemd v257. The ++# version in the sysroot may be different to the one used by dracut-install. ++USE_SYSTEMD_DLOPEN_DEPS= ++# shellcheck disable=SC2034 # USE_SYSTEMD_DLOPEN_DEPS is used in modules ++[[ $DRACUT_INSTALL_JSON && ${systemdversion%%.*} -ge 256 ]] && USE_SYSTEMD_DLOPEN_DEPS=1 ++ + if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then + if ! [[ -f $srcmods/modules.dep ]]; then + if [[ -n "$(find "$srcmods" -name '*.ko*')" ]]; then +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 8f25475e..482bdfa1 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -144,7 +144,6 @@ EOF + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libbpf.so*" \ + {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ + {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" +diff --git a/modules.d/01systemd-bsod/module-setup.sh b/modules.d/01systemd-bsod/module-setup.sh +index 91b28d7f..cf562ca6 100755 +--- a/modules.d/01systemd-bsod/module-setup.sh ++++ b/modules.d/01systemd-bsod/module-setup.sh +@@ -26,5 +26,7 @@ install() { + "$systemdsystemunitdir"/initrd.target.wants/systemd-bsod.service \ + "$systemdutildir"/systemd-bsod + +- inst_libdir_file "libqrencode.so*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file "libqrencode.so*" ++ fi + } +diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh +index 6acbe75f..3083f851 100755 +--- a/modules.d/01systemd-coredump/module-setup.sh ++++ b/modules.d/01systemd-coredump/module-setup.sh +@@ -44,10 +44,12 @@ install() { + + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ fi + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index dffc88ac..804b856e 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -60,6 +60,7 @@ install() { + + # Install required libraries. + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" +- ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" ++ fi + } +diff --git a/modules.d/01systemd-journald/module-setup.sh b/modules.d/01systemd-journald/module-setup.sh +index 77d6a2e9..9f546d1a 100755 +--- a/modules.d/01systemd-journald/module-setup.sh ++++ b/modules.d/01systemd-journald/module-setup.sh +@@ -53,11 +53,13 @@ install() { + + # Install library file(s) + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file \ +- {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libgcrypt.so*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" \ ++ {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" ++ fi + + # Install the hosts local user configurations if enabled. + if [[ $hostonly ]]; then +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index 9dad8d4f..e3b95303 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -60,6 +60,7 @@ install() { + + # Install required libraries. + _arch=${DRACUT_ARCH:-$(uname -m)} +- inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" +- ++ if [[ ! $USE_SYSTEMD_DLOPEN_DEPS ]]; then ++ inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" ++ fi + } +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 83041e40..8769d1a1 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -23,8 +23,10 @@ + #define _GNU_SOURCE + #endif + #include ++#include + #include + #include ++#include + #include + #include + #include +@@ -43,6 +45,11 @@ + #include + #include + #include ++#include ++ ++#ifdef HAVE_SYSTEMD ++#include ++#endif + + #include "log.h" + #include "hashmap.h" +@@ -168,6 +175,25 @@ static inline void destroy_hashmap(Hashmap **hashmap) + + #define _cleanup_destroy_hashmap_ _cleanup_(destroy_hashmap) + ++/* Check whether the given key exists in the hash before duplicating and ++ inserting it. Assumes the value has already been duplicated and is no longer ++ needed if the insertion fails. */ ++static int hashmap_put_strdup_key(Hashmap *h, const char *key, char *value) ++{ ++ if (hashmap_get(h, key)) ++ return 0; ++ ++ char *nkey = strdup(key); ++ ++ if (nkey && hashmap_put(h, nkey, value) != -ENOMEM) ++ return 0; ++ ++ log_error("Out of memory"); ++ free(nkey); ++ free(value); ++ return -ENOMEM; ++} ++ + static size_t dir_len(char const *file) + { + size_t length; +@@ -517,7 +543,7 @@ static char *get_real_file(const char *src, bool fullyresolve) + if (lstat(fullsrcpath, &sb) < 0) + return NULL; + +- switch (sb.st_mode & S_IFMT) { ++ switch (sb.st_mode &S_IFMT) { + case S_IFDIR: + case S_IFREG: + return strdup(fullsrcpath); +@@ -561,18 +587,328 @@ static char *get_real_file(const char *src, bool fullyresolve) + return TAKE_PTR(abspath); + } + +-static int resolve_deps(const char *src) ++/* Check that the ELF header (ehdr) matches the other given ELF header in bits, ++ endianness, OS ABI, and soname, where B is 64 or 32 bit. The SYSV and GNU OS ++ ABIs are compatible, so allow either. Returns libpath if there is a match. */ ++#define CHECK_LIB_MATCH_FOR_BITS(B, match) do { \ ++ if (!match) \ ++ goto finish; \ ++\ ++ Elf##B##_Ehdr *ehdr = (Elf##B##_Ehdr *)map; \ ++ if (ehdr->e_ident[EI_CLASS] == match->e_ident[EI_CLASS] && \ ++ ehdr->e_ident[EI_DATA] == match->e_ident[EI_DATA] && \ ++ (ehdr->e_ident[EI_OSABI] == match->e_ident[EI_OSABI] || \ ++ ehdr->e_ident[EI_OSABI] == ELFOSABI_SYSV || \ ++ ehdr->e_ident[EI_OSABI] == ELFOSABI_GNU) && \ ++ ehdr->e_machine == match->e_machine) { \ ++ if (strcmp(basename, soname) == 0) { \ ++ munmap(map, sb.st_size); \ ++ return libpath; \ ++ } \ ++ } \ ++} while (0) ++ ++/* Check that the given path (dirname + basename) with the given soname matches ++ the given (64 or 32 bit) ELF header. Returns the path if there is a match. */ ++static char *check_lib_match(const char *dirname, const char *basename, const char *soname, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ char *libpath = NULL; ++ _asprintf(&libpath, "%s/%s", dirname, basename); ++ ++ _cleanup_close_ int fd = open(libpath, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) ++ goto finish2; ++ ++ struct stat sb; ++ if (fstat(fd, &sb) < 0) ++ goto finish2; ++ ++ void *map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (map == MAP_FAILED) ++ goto finish2; ++ ++ unsigned char *e_ident = (unsigned char *)map; ++ if (e_ident[EI_MAG0] != ELFMAG0 || ++ e_ident[EI_MAG1] != ELFMAG1 || ++ e_ident[EI_MAG2] != ELFMAG2 || ++ e_ident[EI_MAG3] != ELFMAG3) ++ goto finish; ++ ++ switch (e_ident[EI_CLASS]) { ++ case ELFCLASS32: ++ CHECK_LIB_MATCH_FOR_BITS(32, match32); ++ break; ++ case ELFCLASS64: ++ CHECK_LIB_MATCH_FOR_BITS(64, match64); ++ break; ++ } ++ ++finish: ++ munmap(map, sb.st_size); ++finish2: ++ free(libpath); ++ return NULL; ++} ++ ++/* Search the given library directory (within the sysroot) for a library ++ matching the given soname and (64 or 32 bit) ELF header. Returns the path ++ (with the sysroot) if there is a match. */ ++static char *search_libdir(const char *libdir, const char *soname, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++{ ++ _cleanup_free_ char *sysroot_libdir; ++ _asprintf(&sysroot_libdir, "%s%s", sysrootdir ?: "", libdir); ++ log_debug("Searching '%s' to find %s", sysroot_libdir, soname); ++ ++ /* First check for a filename matching the soname. This is likely to ++ succeed and is very much faster than checking the sonames of every ++ library in the directory below. */ ++ char *res = check_lib_match(sysroot_libdir, soname, soname, match64, match32); ++ if (res) ++ return res; ++ ++ _cleanup_closedir_ DIR *dirp = opendir(sysroot_libdir); ++ if (!dirp) ++ return NULL; ++ ++ struct dirent *entry; ++ while ((entry = readdir(dirp)) != NULL) { ++ if (entry->d_type != DT_REG && entry->d_type != DT_LNK) ++ continue; ++ ++ if (fnmatch("*.so*", entry->d_name, 0) != 0) ++ continue; ++ ++ res = check_lib_match(sysroot_libdir, entry->d_name, soname, match64, match32); ++ if (res) ++ return res; ++ } ++ ++ return NULL; ++} ++ ++/* Read the given ldconf file(s) (within the sysroot, can be a glob pattern) to ++ search for a library matching the given soname and (64 or 32 bit) ELF header. ++ Returns the path (with the sysroot) if there is a match. */ ++static char *search_via_ldconf(const char *conf_pattern, const char *soname, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ char line[PATH_MAX]; ++ const char *include_prefix = "include "; ++ size_t include_prefix_len = strlen(include_prefix); ++ ++ _cleanup_free_ char *sysroot_conf_pattern = NULL; ++ _asprintf(&sysroot_conf_pattern, "%s%s", sysrootdir ?: "", conf_pattern); ++ log_debug("Reading '%s' to find %s", sysroot_conf_pattern, soname); ++ ++ _cleanup_globfree_ glob_t globbuf; ++ if (glob(sysroot_conf_pattern, 0, NULL, &globbuf) == 0) { ++ for (size_t i = 0; i < globbuf.gl_pathc; i++) { ++ char *conf_path = globbuf.gl_pathv[i]; ++ _cleanup_fclose_ FILE *file = fopen(conf_path, "r"); ++ if (!file) { ++ log_error("ERROR: cannot open '%s': %m", conf_path); ++ return NULL; ++ } ++ ++ const char *conf_dir = dirname(conf_path); ++ ++ while (fgets(line, sizeof(line), file)) { ++ /* glibc and musl separate with newlines. */ ++ char *newline = strchr(line, '\n'); ++ if (newline) ++ *newline = '\0'; ++ ++ /* musl also separates with colons. Do the same ++ with glibc for simplicity. */ ++ char *colon = strchr(line, ':'); ++ if (colon) ++ *colon = '\0'; ++ ++ /* Ignore any comments. */ ++ char *comment = strchr(line, '#'); ++ if (comment) ++ *comment = '\0'; ++ ++ /* Skip empty lines. */ ++ if (line[0] == '\0') ++ continue; ++ ++ char *result; ++ if (strncmp(line, include_prefix, include_prefix_len) == 0) { ++ const char *include_path = line + include_prefix_len; ++ /* include directives can be absolute or ++ relative. Prepend the current file's ++ directory if relative. */ ++ if (include_path[0] == '/') { ++ result = search_via_ldconf(include_path, soname, match64, match32); ++ } else { ++ _cleanup_free_ char *abs_include_path = NULL; ++ _asprintf(&abs_include_path, "%s/%s", conf_dir + sysrootdirlen, include_path); ++ result = search_via_ldconf(abs_include_path, soname, match64, match32); ++ } ++ } else { ++ result = search_libdir(line, soname, match64, match32); ++ } ++ if (result) ++ return result; ++ } ++ } ++ } ++ ++ return NULL; ++} ++ ++/* Expand $ORIGIN and $LIB variables in the given R(UN)PATH entry. $ORIGIN ++ expands to the directory of the given src path. $LIB expands to lib if ++ match64 is NULL or lib64 otherwise. Returns a newly allocated string even if ++ no expansion was necessary. */ ++static char *expand_runpath(char *input, const char *src, const Elf64_Ehdr *match64) ++{ ++ regex_t regex; ++ regmatch_t rmatch[3]; /* 0: full match, 1: without brackets, 2: with brackets */ ++ ++ if (regcomp(®ex, "\\$([A-Z]+|\\{([A-Z]+)\\})", REG_EXTENDED) != 0) { ++ log_error("ERROR: Could not compile RUNPATH regex"); ++ return NULL; ++ } ++ ++ char *result = NULL, *current = input; ++ int offset = 0; ++ ++ while (regexec(®ex, current + offset, 3, rmatch, 0) == 0) { ++ char *varname = NULL; ++ _cleanup_free_ char *varval = NULL; ++ size_t varname_len, varval_len; ++ ++ /* Determine which group matched, with or without brackets. */ ++ int rgroup = rmatch[1].rm_so != -1 ? 1 : 2; ++ varname_len = rmatch[rgroup].rm_eo - rmatch[rgroup].rm_so; ++ varname = current + offset + rmatch[rgroup].rm_so; ++ ++ if (strncmp(varname, "ORIGIN", varname_len) == 0) { ++ varval = dirname_malloc(src); ++ } else if (strncmp(varname, "LIB", varname_len) == 0) { ++ varval = strdup(match64 ? "lib64" : "lib"); ++ } else { ++ /* If the variable is unrecognised, leave it as-is. */ ++ offset += rmatch[0].rm_eo; ++ continue; ++ } ++ ++ if (!varval) ++ goto oom; ++ ++ varval_len = strlen(varval); ++ size_t prefix_len = offset + rmatch[0].rm_so; ++ size_t suffix_len = strlen(current) - (offset + rmatch[0].rm_eo); ++ ++ char *replaced = realloc(result, prefix_len + varval_len + suffix_len + 1); ++ if (!replaced) ++ goto oom; ++ ++ result = replaced; ++ strcpy(result + prefix_len, varval); ++ strcpy(result + prefix_len + varval_len, current + offset + rmatch[0].rm_eo); ++ ++ current = result; ++ offset = prefix_len + varval_len; ++ } ++ ++ regfree(®ex); ++ return result ?: strdup(current); ++ ++oom: ++ log_error("Out of memory"); ++ free(result); ++ regfree(®ex); ++ return NULL; ++} ++ ++/* Adjust the endianness of the given value of the given SIZE using ELF header ++ ehdr. The size sadly cannot be determined automatically using sizeof because ++ that is expanded using the C compiler rather than the preprocessor. */ ++#define ELF_BYTESWAP(SIZE, value) (ehdr->e_ident[EI_DATA] == ELFDATA2MSB ? be##SIZE##toh(value) : le##SIZE##toh(value)) ++ ++/* Get a pointer to the ELF header map's section header string table, where B is ++ 64 or 32 bit. Sanity checks the ELF structure to avoid crashes. */ ++#define PARSE_ELF_START(B, map) \ ++ Elf##B##_Ehdr *ehdr = (Elf##B##_Ehdr *)map; \ ++\ ++ if (sizeof(Elf##B##_Ehdr) > src_len || \ ++ ELF_BYTESWAP(B, ehdr->e_shoff) > src_len || \ ++ ELF_BYTESWAP(16, ehdr->e_shstrndx) >= ELF_BYTESWAP(16, ehdr->e_shnum)) \ ++ break; \ ++\ ++ Elf##B##_Shdr *shdr = (Elf##B##_Shdr *)((char *)map + ELF_BYTESWAP(B, ehdr->e_shoff)); \ ++ const char *shstrtab = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(16, ehdr->e_shstrndx)].sh_offset); ++ ++/* Expand the R(UN)PATH of the ELF header map and search it for a library ++ matching soname and match64/match32. map must point to the same header as ++ match64/match32. Returns the path (with the sysroot) if there is a match. */ ++#define FIND_LIBRARY_RUNPATH_FOR_BITS(B, map) do { \ ++ PARSE_ELF_START(B, map); \ ++ bool seen_runpath = false; \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ for (Elf##B##_Dyn *d = dyn; ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if (ELF_BYTESWAP(B, d->d_tag) == DT_RUNPATH) \ ++ seen_runpath = true; /* RUNPATH has precedence over RPATH. */ \ ++ else if (seen_runpath || ELF_BYTESWAP(B, d->d_tag) != DT_RPATH) \ ++ continue; \ ++\ ++ char *runpath = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ _cleanup_free_ char *expanded = expand_runpath(runpath, src, match64); \ ++ if (!expanded) \ ++ continue; \ ++\ ++ for (char *token = strtok(expanded, ":"); token; token = strtok(NULL, ":")) { \ ++ char *res = search_libdir(token, soname, match64, match32); \ ++ if (res) \ ++ return res; \ ++ } \ ++ } \ ++ } \ ++} while (0) ++ ++/* Given an soname and (64 or 32 bit) ELF header, search for a matching library ++ in the R(UN)PATH of that header, the directories referenced by ldconf files, ++ and some default locations. src must be the path (with the sysroot) to the ++ ELF file and src_len must be that file's length in bytes. Returns the path ++ (with the sysroot) if there is a match. */ ++static char *find_library(const char *soname, const char *src, size_t src_len, const Elf64_Ehdr *match64, ++ const Elf32_Ehdr *match32) ++{ ++ if (match64) ++ FIND_LIBRARY_RUNPATH_FOR_BITS(64, match64); ++ else if (match32) ++ FIND_LIBRARY_RUNPATH_FOR_BITS(32, match32); ++ ++ /* There is no definitive way to determine the libc so just check for ++ musl and glibc ldconf files. musl hardcodes its default locations. It ++ is impossible to determine glibc's default locations, but this set is ++ practically universal. It is safe to check lib64 for 32-bit libraries ++ because we include the class (64-bit or 32-bit) when matching. */ ++ return search_via_ldconf("/etc/ld-musl-*.path", soname, match64, match32) ?: ++ search_via_ldconf("/etc/ld.so.conf", soname, match64, match32) ?: ++ search_libdir("/lib64", soname, match64, match32) ?: ++ search_libdir("/usr/lib64", soname, match64, match32) ?: ++ search_libdir("/usr/local/lib64", soname, match64, match32) ?: ++ search_libdir("/lib", soname, match64, match32) ?: ++ search_libdir("/usr/lib", soname, match64, match32) ?: ++ search_libdir("/usr/local/lib", soname, match64, match32); ++} ++ ++static int resolve_deps_ldd(const char *src, const char *fullsrcpath) + { + int ret = 0, err; + + _cleanup_free_ char *buf = NULL; + size_t linesize = LINE_MAX + 1; +- _cleanup_free_ char *fullsrcpath = NULL; +- +- fullsrcpath = get_real_file(src, true); +- log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); +- if (!fullsrcpath) +- return 0; + + buf = malloc(linesize); + if (buf == NULL) +@@ -704,6 +1040,195 @@ static int resolve_deps(const char *src) + return ret; + } + ++#ifdef HAVE_SYSTEMD ++ ++/* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) ++ in the given note index and find each dependent library, ensuring it matches ++ the given (64 or 32 bit) ELF header. Each library found is added to deps. ++ Dependencies already found in this chain must be given in pdeps. Failure to ++ parse the JSON or find a library is considered non-fatal. */ ++static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *fullsrcpath, size_t src_len, ++ const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++{ ++ _cleanup_(sd_json_variant_unrefp) sd_json_variant *dlopen_json = NULL; ++ if (sd_json_parse(json, 0, &dlopen_json, NULL, NULL) != 0 || !sd_json_variant_is_array(dlopen_json)) { ++ log_warning("WARNING: .note.dlopen entry #%zd is not a JSON array in '%s'", note_idx, fullsrcpath); ++ return; ++ } ++ ++ for (size_t entry_idx = 0; entry_idx < sd_json_variant_elements(dlopen_json); entry_idx++) { ++ sd_json_variant *entry = sd_json_variant_by_index(dlopen_json, entry_idx); ++ sd_json_variant *sonames = sd_json_variant_by_key(entry, "soname"); ++ if (!sonames || !sd_json_variant_is_array(sonames)) { ++ log_warning("WARNING: soname array missing from .note.dlopen entry #%zd.%zd in '%s'", note_idx, entry_idx, fullsrcpath); ++ return; ++ } ++ ++ for (size_t soname_idx = 0; soname_idx < sd_json_variant_elements(sonames); soname_idx++) { ++ sd_json_variant *soname_json = sd_json_variant_by_index(sonames, soname_idx); ++ if (!sd_json_variant_is_string(soname_json)) { ++ log_warning("WARNING: soname #%zd of .note.dlopen entry #%zd.%zd is not a string in '%s'", soname_idx, note_idx, ++ entry_idx, fullsrcpath); ++ return; ++ } ++ ++ const char *soname = sd_json_variant_string(soname_json); ++ if (hashmap_get(pdeps, soname)) ++ continue; ++ ++ char *library = find_library(soname, fullsrcpath, src_len, match64, match32); ++ if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) ++ log_warning("WARNING: could not locate dlopen dependency %s requested by '%s'", soname, fullsrcpath); ++ } ++ } ++} ++ ++/* Given the ELF header map, also represented by match64/match32 and where B is ++ 64 or 32 bit, check .note.dlopen entries for dependencies. See above. */ ++#define RESOLVE_DEPS_DLOPEN_FOR_BITS(B, match64, match32) do { \ ++ PARSE_ELF_START(B, map); \ ++ size_t note_idx = -1; \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)shdr + i * sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".note.dlopen") != 0) \ ++ continue; \ ++\ ++ const char *note_offset = (char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset); \ ++ const char *note_end = note_offset + ELF_BYTESWAP(32, shdr[i].sh_size); \ ++\ ++ if (note_offset < (char*)map || note_end > (char*)map + src_len || note_end < note_offset) \ ++ continue; \ ++\ ++ while (note_offset < note_end) { \ ++ Elf##B##_Nhdr *nhdr = (Elf##B##_Nhdr *)note_offset; \ ++ note_offset += sizeof(Elf##B##_Nhdr); \ ++\ ++ /* We don't need the name, checking the type is enough. */ \ ++ note_offset += (ELF_BYTESWAP(32, nhdr->n_namesz) + 3) & ~3; /* Align to 4 bytes */ \ ++\ ++ const char *note_desc = note_offset; \ ++ note_offset += (ELF_BYTESWAP(32, nhdr->n_descsz) + 3) & ~3; /* Align to 4 bytes */ \ ++ if (note_offset > (char*)map + src_len) \ ++ break; \ ++\ ++ if (ELF_BYTESWAP(32, nhdr->n_type) != 0x407c0c0a) \ ++ continue; \ ++\ ++ note_idx++; \ ++ resolve_deps_dlopen_parse_json(pdeps, deps, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ ++ } \ ++ } \ ++} while (0) ++ ++static int resolve_deps(const char *src, Hashmap *pdeps); ++ ++static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap *pdeps) ++{ ++ _cleanup_close_ int fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) { ++ log_error("ERROR: cannot open '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ struct stat sb; ++ if (fstat(fd, &sb) < 0) { ++ log_error("ERROR: cannot stat '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ size_t src_len = sb.st_size; ++ void *map = mmap(NULL, src_len, PROT_READ, MAP_PRIVATE, fd, 0); ++ if (map == MAP_FAILED) { ++ log_error("ERROR: cannot mmap '%s': %m", fullsrcpath); ++ return -errno; ++ } ++ ++ /* It would be easiest to blindly install dependencies as we find them ++ depth-first, but this does not work in practise. We need to track ++ which dependencies are already found to avoid loops. We also need to ++ install them breadth-first because of how RUNPATH works. systemd is a ++ good example. libsystemd-core depends on libsystemd-shared. Neither ++ is in the default library path, but libsystemd-core lacks a RUNPATH, ++ so it cannot find libsystemd-shared by itself. See for yourself with ++ ldd. It must be found in the context of an executable with a RUNPATH ++ that also depends on libsystemd-shared, such as systemd-executor. The ++ RUNPATH only applies to direct dependencies, not subdependencies, so ++ libsystemd-shared needs to be found as a direct dependency of ++ systemd-executor before we check libsystemd-core's dependencies. ++ Therefore, pdeps above holds the dependencies we have already found, ++ deps holds the dependencies found in this iteration, and ndeps is ++ used to combine them into the next iteration's pdeps. */ ++ Hashmap *ndeps = hashmap_new(string_hash_func, string_compare_func); ++ Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); ++ int ret = 0; ++ ++ unsigned char *e_ident = (unsigned char *)map; ++ if (e_ident[EI_MAG0] != ELFMAG0 || ++ e_ident[EI_MAG1] != ELFMAG1 || ++ e_ident[EI_MAG2] != ELFMAG2 || ++ e_ident[EI_MAG3] != ELFMAG3) ++ goto finish; ++ ++ switch (e_ident[EI_CLASS]) { ++ case ELFCLASS32: ++ RESOLVE_DEPS_DLOPEN_FOR_BITS(32, NULL, ehdr); ++ break; ++ case ELFCLASS64: ++ RESOLVE_DEPS_DLOPEN_FOR_BITS(64, ehdr, NULL); ++ break; ++ default: ++ log_error("ERROR: '%s' has an unknown ELF class", fullsrcpath); ++ ret = -1; ++ } ++ ++ if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) ++ goto finish; ++ ++ char *key, *library; ++ Iterator i; ++ HASHMAP_FOREACH(library, deps, i) { ++ ret += library_install(src, library); ++ ret += resolve_deps(library, ndeps); ++ } ++ ++finish: ++ munmap(map, src_len); ++ hashmap_free(ndeps); ++ ++ HASHMAP_FOREACH(library, deps, i) { ++ item_free(library); ++ } ++ ++ while ((key = hashmap_steal_first_key(deps))) ++ item_free(key); ++ ++ hashmap_free(deps); ++ return ret; ++} ++ ++#endif ++ ++/* Recursively check the given file for dependencies and install them. pdeps is ++ for dependencies already found in this chain and should initially be NULL. ++ Both ELF binaries and scripts with shebangs are handled. */ ++static int resolve_deps(const char *src, Hashmap *pdeps) ++{ ++ _cleanup_free_ char *fullsrcpath = NULL; ++ ++ fullsrcpath = get_real_file(src, true); ++ log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); ++ if (!fullsrcpath) ++ return 0; ++ ++ return resolve_deps_ldd(src, fullsrcpath) ++#ifdef HAVE_SYSTEMD ++ ?: resolve_deps_dlopen(src, fullsrcpath, pdeps) ++#endif ++ ; ++} ++ + /* Install "..hmac" file for FIPS self-checks */ + static int hmac_install(const char *src, const char *dst, const char *hmacpath) + { +@@ -880,9 +1405,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + if (resolvedeps && S_ISREG(sb.st_mode) && (sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { + log_debug("'%s' already exists, but checking for any deps", fulldstpath); + if (sysrootdirlen && (strncmp(fulldstpath, sysrootdir, sysrootdirlen) == 0)) +- ret = resolve_deps(fulldstpath + sysrootdirlen); ++ ret = resolve_deps(fulldstpath + sysrootdirlen, NULL); + else +- ret = resolve_deps(fullsrcpath); ++ ret = resolve_deps(fullsrcpath, NULL); + } else + log_debug("'%s' already exists", fulldstpath); + } else { +@@ -975,9 +1500,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + if (resolvedeps) { + /* ensure fullsrcpath contains sysrootdir */ + if (sysrootdirlen && (strncmp(fullsrcpath, sysrootdir, sysrootdirlen) == 0)) +- ret += resolve_deps(fullsrcpath + sysrootdirlen); ++ ret += resolve_deps(fullsrcpath + sysrootdirlen, NULL); + else +- ret += resolve_deps(fullsrcpath); ++ ret += resolve_deps(fullsrcpath, NULL); + } + if (arg_hmac) { + /* copy .hmac files also */ +@@ -1058,10 +1583,11 @@ static void usage(int status) + " -S --mod-filter-nosymbol Exclude kernel modules by symbol regexp\n" + " -N --mod-filter-noname Exclude kernel modules by name regexp\n" + "\n" +- " -v --verbose Show more output\n" +- " --debug Show debug output\n" +- " --version Show package version\n" +- " -h --help Show this help\n" ++ " --json-supported Show whether this build supports JSON\n" ++ " -v --verbose Show more output\n" ++ " --debug Show debug output\n" ++ " --version Show package version\n" ++ " -h --help Show this help\n" + "\n", program_invocation_short_name, program_invocation_short_name, program_invocation_short_name); + exit(status); + } +@@ -1076,7 +1602,8 @@ static int parse_argv(int argc, char *argv[]) + ARG_MODALIAS, + ARG_KERNELDIR, + ARG_FIRMWAREDIRS, +- ARG_DEBUG ++ ARG_DEBUG, ++ ARG_JSON_SUPPORTED, + }; + + static struct option const options[] = { +@@ -1104,6 +1631,7 @@ static int parse_argv(int argc, char *argv[]) + {"silent", no_argument, NULL, ARG_SILENT}, + {"kerneldir", required_argument, NULL, ARG_KERNELDIR}, + {"firmwaredirs", required_argument, NULL, ARG_FIRMWAREDIRS}, ++ {"json-supported", no_argument, NULL, ARG_JSON_SUPPORTED}, + {NULL, 0, NULL, 0} + }; + +@@ -1207,6 +1735,14 @@ static int parse_argv(int argc, char *argv[]) + case 'h': + usage(EXIT_SUCCESS); + break; ++ case ARG_JSON_SUPPORTED: ++#ifdef HAVE_SYSTEMD ++ puts("JSON is supported"); ++ return 0; ++#else ++ puts("JSON is not supported"); ++ return -1; ++#endif + default: + usage(EXIT_FAILURE); + } +@@ -1293,7 +1829,7 @@ static int resolve_lazy(int argc, char **argv) + item = strdup(p); + hashmap_put(items, item, item); + +- ret += resolve_deps(src); ++ ret += resolve_deps(src, NULL); + } + return ret; + } +-- +2.48.1 + + +From 2af7fbafaa02d7edfe387829bb49ed3d5bb47454 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 4 Mar 2025 11:09:32 +0000 +Subject: [PATCH 06/12] feat(dracut-install): extend new ELF parsing code to + replace ldd calls + +Now that dracut-install has its own ELF parsing code to handle dlopen +dependencies, it is only a small additional step to also handle +traditional DT_NEEDED dependencies, removing the need to call ldd, which +is not cross-friendly. + +This avoids the earlier issue seen with musl in #1087. + +We should no longer directly install libsystemd*.so because +libsystemd-core does not have the RUNPATH to find libsystemd-shared by +itself. Both get pulled in by the main systemd binary anyway. ldd had +the same issue, dracut-install silently ignored the failure. + +Signed-off-by: James Le Cuirot +--- + dracut.sh | 6 +- + modules.d/00systemd/module-setup.sh | 3 +- + src/install/dracut-install.c | 288 ++++++++++------------------ + 3 files changed, 106 insertions(+), 191 deletions(-) + +diff --git a/dracut.sh b/dracut.sh +index e544cafb..75d92738 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1357,11 +1357,7 @@ if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi + mkdir "$early_cpio_dir" + fi + +-if ${DRACUT_LDD:-ldd} "${dracutsysrootdir}/bin/sh" | grep -q musl &> /dev/null; then +- musl=1 +-fi +- +-[[ "$dracutsysrootdir" ]] || [[ "$noexec" ]] || [[ "$musl" ]] || export DRACUT_RESOLVE_LAZY="1" ++[[ "$dracutsysrootdir" ]] || [[ "$noexec" ]] || export DRACUT_RESOLVE_LAZY="1" + + if [[ $print_cmdline ]]; then + stdloglvl=0 +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 482bdfa1..747f09f0 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -145,6 +145,5 @@ EOF + _arch=${DRACUT_ARCH:-$(uname -m)} + inst_libdir_file \ + {"tls/$_arch/",tls/,"$_arch/",}"libbpf.so*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" \ +- {"tls/$_arch/",tls/,"$_arch/",}"systemd/libsystemd*.so" ++ {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" + } +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 8769d1a1..f194532f 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -84,7 +84,6 @@ static char *kerneldir = NULL; + static size_t kerneldirlen = 0; + static char **firmwaredirs = NULL; + static char **pathdirs; +-static char *ldd = NULL; + static char *logdir = NULL; + static char *logfile = NULL; + FILE *logfile_f = NULL; +@@ -903,143 +902,6 @@ static char *find_library(const char *soname, const char *src, size_t src_len, c + search_libdir("/usr/local/lib", soname, match64, match32); + } + +-static int resolve_deps_ldd(const char *src, const char *fullsrcpath) +-{ +- int ret = 0, err; +- +- _cleanup_free_ char *buf = NULL; +- size_t linesize = LINE_MAX + 1; +- +- buf = malloc(linesize); +- if (buf == NULL) +- return -errno; +- +- if (strstr(src, ".so") == NULL) { +- _cleanup_close_ int fd = -1; +- fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); +- if (fd < 0) +- return -errno; +- +- ret = read(fd, buf, linesize - 1); +- if (ret == -1) +- return -errno; +- +- buf[ret] = '\0'; +- if (buf[0] == '#' && buf[1] == '!') { +- /* we have a shebang */ +- char *p, *q; +- for (p = &buf[2]; *p && isspace(*p); p++) ; +- for (q = p; *q && (!isspace(*q)); q++) ; +- *q = '\0'; +- log_debug("Script install: '%s'", p); +- ret = dracut_install(p, p, false, true, false); +- if (ret != 0) +- log_error("ERROR: failed to install '%s'", p); +- return ret; +- } +- } +- +- int fds[2]; +- FILE *fptr; +- if (pipe2(fds, O_CLOEXEC) == -1 || (fptr = fdopen(fds[0], "r")) == NULL) { +- log_error("ERROR: pipe stream initialization for '%s' failed: %m", ldd); +- exit(EXIT_FAILURE); +- } +- +- log_debug("%s %s", ldd, fullsrcpath); +- pid_t ldd_pid; +- if ((ldd_pid = fork()) == 0) { +- dup2(fds[1], 1); +- dup2(fds[1], 2); +- putenv("LC_ALL=C"); +- execlp(ldd, ldd, fullsrcpath, (char *)NULL); +- _exit(errno == ENOENT ? 127 : 126); +- } +- close(fds[1]); +- +- ret = 0; +- +- while (getline(&buf, &linesize, fptr) >= 0) { +- char *p; +- +- log_debug("ldd: '%s'", buf); +- +- if (strstr(buf, "you do not have execution permission")) { +- log_error("%s", buf); +- ret += 1; +- break; +- } +- +- /* errors from cross-compiler-ldd */ +- if (strstr(buf, "unable to find sysroot")) { +- log_error("%s", buf); +- ret += 1; +- break; +- } +- +- /* musl ldd */ +- if (strstr(buf, "Not a valid dynamic program")) +- break; +- +- /* glibc */ +- if (strstr(buf, "cannot execute binary file")) +- continue; +- +- if (strstr(buf, "not a dynamic executable")) +- break; +- +- if (strstr(buf, "loader cannot load itself")) +- break; +- +- if (strstr(buf, "not regular file")) +- break; +- +- if (strstr(buf, "cannot read header")) +- break; +- +- if (strstr(buf, "cannot be preloaded")) +- continue; +- +- if (strstr(buf, destrootdir)) +- break; +- +- p = buf; +- if (strchr(p, '$')) { +- /* take ldd variable expansion into account */ +- p = strstr(p, "=>"); +- if (!p) +- p = buf; +- } +- p = strchr(p, '/'); +- +- if (p) { +- char *q; +- +- for (q = p; *q && *q != ' ' && *q != '\n'; q++) ; +- *q = '\0'; +- +- ret += library_install(src, p); +- +- } +- } +- +- fclose(fptr); +- while (waitpid(ldd_pid, &err, 0) == -1) { +- if (errno != EINTR) { +- log_error("ERROR: waitpid() failed: %m"); +- return 1; +- } +- } +- err = WIFSIGNALED(err) ? 128 + WTERMSIG(err) : WEXITSTATUS(err); +- /* ldd has error conditions we largely don't care about ("not a dynamic executable", &c.): +- only error out on hard errors (ENOENT, ENOEXEC, signals) */ +- if (err >= 126) { +- log_error("ERROR: '%s %s' failed with %d", ldd, fullsrcpath, err); +- return err; +- } else +- return ret; +-} +- + #ifdef HAVE_SYSTEMD + + /* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) +@@ -1122,10 +984,79 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + } \ + } while (0) + +-static int resolve_deps(const char *src, Hashmap *pdeps); ++#endif + +-static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap *pdeps) ++/* Given the ELF header map, also represented by match64/match32 and where B is ++ 64 or 32 bit, check PT_INTERP and DT_NEEDED entries for dependencies. */ ++#define RESOLVE_DEPS_NEEDED_FOR_BITS(B, match64, match32) do { \ ++ PARSE_ELF_START(B, map); \ ++\ ++ if (ELF_BYTESWAP(16, ehdr->e_type) == ET_EXEC || ELF_BYTESWAP(16, ehdr->e_type) == ET_DYN) { \ ++ for (size_t ph_idx = 0; ph_idx < ELF_BYTESWAP(16, ehdr->e_phnum); ph_idx++) { \ ++ Elf##B##_Phdr *phdr = (Elf##B##_Phdr *)((char *)map + ELF_BYTESWAP(B, ehdr->e_phoff) + ph_idx * ELF_BYTESWAP(16, ehdr->e_phentsize)); \ ++ if ((char *)phdr < (char *)map || (char *)phdr + sizeof(Elf##B##_Phdr) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(32, phdr->p_type) != PT_INTERP) \ ++ continue; \ ++\ ++ const char *interpreter = (const char *)map + ELF_BYTESWAP(B, phdr->p_offset); \ ++ if (interpreter < (char *)map || interpreter > (char *)map + src_len) \ ++ break; \ ++ if (hashmap_get(pdeps, interpreter)) \ ++ continue; \ ++\ ++ char *value = strdup(interpreter); \ ++ if (!value || hashmap_put_strdup_key(deps, interpreter, value) < 0) { \ ++ log_error("ERROR: could not handle interpreter for '%s'", fullsrcpath); \ ++ ret = -1; \ ++ } \ ++ break; \ ++ } \ ++ } \ ++\ ++ for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)&shdr[i] < (char*)map || (char*)&shdr[i] + sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ if ((char *)dyn < (char *)map || (char *)dyn > (char *)map + src_len) \ ++ break; \ ++\ ++ for (Elf##B##_Dyn *d = dyn; ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if ((char *)d < (char *)map || (char *)d + sizeof(Elf##B##_Dyn) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(B, d->d_tag) != DT_NEEDED) \ ++ continue; \ ++\ ++ const char *soname = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ if ((char *)soname < (char *)map || (char *)soname > (char *)map + src_len) \ ++ break; \ ++ if (hashmap_get(pdeps, soname)) \ ++ continue; \ ++\ ++ char* library = find_library(soname, fullsrcpath, src_len, match64, match32); \ ++ if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) { \ ++ log_error("ERROR: could not locate dependency %s requested by '%s'", soname, fullsrcpath); \ ++ ret = -1; \ ++ } \ ++ } \ ++ } \ ++} while (0) ++ ++/* Recursively check the given file for dependencies and install them. pdeps is ++ for dependencies already found in this chain and should initially be NULL. ++ Both ELF binaries and scripts with shebangs are handled. */ ++static int resolve_deps(const char *src, Hashmap *pdeps) + { ++ _cleanup_free_ char *fullsrcpath = NULL; ++ ++ fullsrcpath = get_real_file(src, true); ++ log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); ++ if (!fullsrcpath) ++ return 0; ++ + _cleanup_close_ int fd = open(fullsrcpath, O_RDONLY | O_CLOEXEC); + if (fd < 0) { + log_error("ERROR: cannot open '%s': %m", fullsrcpath); +@@ -1164,6 +1095,18 @@ static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap + Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); + int ret = 0; + ++ char *shebang = (char *)map; ++ if (shebang[0] == '#' && shebang[1] == '!') { ++ char *p, *q; ++ for (p = &shebang[2]; *p && isspace(*p); p++) ; ++ for (q = p; *q && (!isspace(*q)); q++) ; ++ char *interpreter = strndup(p, q - p); ++ log_debug("Script install: '%s'", interpreter); ++ ret = dracut_install(interpreter, interpreter, false, true, false); ++ free(interpreter); ++ goto finish; ++ } ++ + unsigned char *e_ident = (unsigned char *)map; + if (e_ident[EI_MAG0] != ELFMAG0 || + e_ident[EI_MAG1] != ELFMAG1 || +@@ -1173,10 +1116,16 @@ static int resolve_deps_dlopen(const char *src, const char *fullsrcpath, Hashmap + + switch (e_ident[EI_CLASS]) { + case ELFCLASS32: ++ RESOLVE_DEPS_NEEDED_FOR_BITS(32, NULL, ehdr); ++#ifdef HAVE_SYSTEMD + RESOLVE_DEPS_DLOPEN_FOR_BITS(32, NULL, ehdr); ++#endif + break; + case ELFCLASS64: ++ RESOLVE_DEPS_NEEDED_FOR_BITS(64, ehdr, NULL); ++#ifdef HAVE_SYSTEMD + RESOLVE_DEPS_DLOPEN_FOR_BITS(64, ehdr, NULL); ++#endif + break; + default: + log_error("ERROR: '%s' has an unknown ELF class", fullsrcpath); +@@ -1208,27 +1157,6 @@ finish: + return ret; + } + +-#endif +- +-/* Recursively check the given file for dependencies and install them. pdeps is +- for dependencies already found in this chain and should initially be NULL. +- Both ELF binaries and scripts with shebangs are handled. */ +-static int resolve_deps(const char *src, Hashmap *pdeps) +-{ +- _cleanup_free_ char *fullsrcpath = NULL; +- +- fullsrcpath = get_real_file(src, true); +- log_debug("resolve_deps('%s') -> get_real_file('%s', true) = '%s'", src, src, fullsrcpath); +- if (!fullsrcpath) +- return 0; +- +- return resolve_deps_ldd(src, fullsrcpath) +-#ifdef HAVE_SYSTEMD +- ?: resolve_deps_dlopen(src, fullsrcpath, pdeps) +-#endif +- ; +-} +- + /* Install "..hmac" file for FIPS self-checks */ + static int hmac_install(const char *src, const char *dst, const char *hmacpath) + { +@@ -1346,7 +1274,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + bool src_islink = false; + bool src_isdir = false; + mode_t src_mode = 0; +- char *i = NULL; ++ char *hash_path = NULL; + const char *src, *dst; + + if (sysrootdirlen) { +@@ -1381,8 +1309,10 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + if (lstat(fullsrcpath, &sb) < 0) { + if (!isdir) { +- i = strdup(src); +- hashmap_put(items_failed, i, i); ++ hash_path = strdup(src); ++ if (!hash_path) ++ return -ENOMEM; ++ hashmap_put(items_failed, hash_path, hash_path); + /* src does not exist */ + return 1; + } +@@ -1392,6 +1322,15 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + src_mode = sb.st_mode; + } + ++ /* The install hasn't succeeded yet, but mark this item as successful ++ now. If it fails once, it will probably fail every time. Doing this ++ could avoid dependency loops, but this is actually handled elsewhere. ++ It also avoids an elusive memory leak detected by valgrind. */ ++ hash_path = strdup(dst); ++ if (!hash_path) ++ return -ENOMEM; ++ hashmap_put(items, hash_path, hash_path); ++ + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + + ret = stat(fulldstpath, &sb); +@@ -1448,15 +1387,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + if (src_isdir) { + log_info("mkdir '%s'", fulldstpath); +- ret = dracut_mkdir(fulldstpath); +- if (ret == 0) { +- i = strdup(dst); +- if (!i) +- return -ENOMEM; +- +- hashmap_put(items, i, i); +- } +- return ret; ++ return dracut_mkdir(fulldstpath); + } + + /* ready to install src */ +@@ -1525,12 +1456,6 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (ret == 0) { +- i = strdup(dst); +- if (!i) +- return -ENOMEM; +- +- hashmap_put(items, i, i); +- + if (logfile_f) + dracut_log_cp(src); + } +@@ -2848,11 +2773,6 @@ int main(int argc, char **argv) + + log_debug("PATH=%s", path); + +- ldd = getenv("DRACUT_LDD"); +- if (isempty(ldd)) +- ldd = "ldd"; +- log_debug("LDD=%s", ldd); +- + env_no_xattr = getenv("DRACUT_NO_XATTR"); + if (env_no_xattr != NULL) + no_xattr = true; +-- +2.48.1 + + +From 4166b0c62428e0363e54c99d5c6a1748d408305a Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 4 Mar 2025 17:21:27 +0000 +Subject: [PATCH 07/12] feat(dracut-install): add --dry-run option to replace + external ldd usage + +To remove the remaining use of ldd, we need a way to show which +libraries a binary requires. I initially considered adding another small +tool, sharing code with dracut-install, but then I realised that adding +a --dry-run option to dracut-install would also meet that need with a +lot less effort. + +It simply shows what would be installed and doesn't require you to +specify a destination directory. It is similar to the existing --logdir +option, but that cannot log to stdout and includes additional output. + +Signed-off-by: James Le Cuirot +--- + src/install/dracut-install.c | 65 +++++++++++++++++++++++++----------- + 1 file changed, 46 insertions(+), 19 deletions(-) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index f194532f..46bc0a25 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -72,6 +72,7 @@ static bool arg_silent = false; + static bool arg_all = false; + static bool arg_module = false; + static bool arg_modalias = false; ++static bool arg_dry_run = false; + static bool arg_resolvelazy = false; + static bool arg_resolvedeps = false; + static bool arg_hostonly = false; +@@ -294,6 +295,9 @@ static char *convert_abs_rel(const char *from, const char *target) + + static int ln_r(const char *src, const char *dst) + { ++ if (arg_dry_run) ++ return 0; ++ + int ret; + _cleanup_free_ const char *points_to = convert_abs_rel(src, dst); + +@@ -373,6 +377,9 @@ static bool use_clone = true; + + static int cp(const char *src, const char *dst) + { ++ if (arg_dry_run) ++ return 0; ++ + pid_t pid; + int ret = 0; + +@@ -1189,6 +1196,9 @@ static int hmac_install(const char *src, const char *dst, const char *hmacpath) + + void mark_hostonly(const char *path) + { ++ if (arg_dry_run) ++ return; ++ + _cleanup_free_ char *fulldstpath = NULL; + _cleanup_fclose_ FILE *f = NULL; + +@@ -1226,6 +1236,9 @@ static bool check_hashmap(Hashmap *hm, const char *item) + + static int dracut_mkdir(const char *src) + { ++ if (arg_dry_run) ++ return 0; ++ + _cleanup_free_ char *parent = NULL; + char *path; + struct stat sb; +@@ -1333,7 +1346,8 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + + _asprintf(&fulldstpath, "%s/%s", destrootdir, (dst[0] == '/' ? (dst + 1) : dst)); + +- ret = stat(fulldstpath, &sb); ++ errno = ENOENT; ++ ret = arg_dry_run ? -1 : stat(fulldstpath, &sb); + + if (ret == 0) { + if (src_isdir && !S_ISDIR(sb.st_mode)) { +@@ -1362,7 +1376,7 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + return 1; + } + +- ret = access(fulldstdir, F_OK); ++ ret = arg_dry_run ? 0 : access(fulldstdir, F_OK); + + if (ret < 0) { + _cleanup_free_ char *dname = NULL; +@@ -1405,12 +1419,12 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + return 1; + } + +- if (faccessat(AT_FDCWD, abspath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ if (!arg_dry_run && faccessat(AT_FDCWD, abspath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { + log_debug("lstat '%s': %m", abspath); + return 1; + } + +- if (faccessat(AT_FDCWD, fulldstpath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { ++ if (!arg_dry_run && faccessat(AT_FDCWD, fulldstpath, F_OK, AT_SYMLINK_NOFOLLOW) != 0) { + _cleanup_free_ char *absdestpath = NULL; + + _asprintf(&absdestpath, "%s/%s", destrootdir, +@@ -1456,6 +1470,9 @@ static int dracut_install(const char *orig_src, const char *orig_dst, bool isdir + } + + if (ret == 0) { ++ if (arg_dry_run) ++ puts(src); ++ + if (logfile_f) + dracut_log_cp(src); + } +@@ -1486,6 +1503,7 @@ static void usage(int status) + " -d --dir SOURCE is a directory\n" + " -l --ldd Also install shebang executables and libraries\n" + " -L --logdir Log files, which were installed from the host to \n" ++ " -n --dry-run Don't actually copy files, just show what would be installed\n" + " -R --resolvelazy Only install shebang executables and libraries\n" + " for all SOURCE files\n" + " -H --hostonly Mark all SOURCE files as hostonly\n\n" +@@ -1557,6 +1575,7 @@ static int parse_argv(int argc, char *argv[]) + {"kerneldir", required_argument, NULL, ARG_KERNELDIR}, + {"firmwaredirs", required_argument, NULL, ARG_FIRMWAREDIRS}, + {"json-supported", no_argument, NULL, ARG_JSON_SUPPORTED}, ++ {"dry-run", no_argument, NULL, 'n'}, + {NULL, 0, NULL, 0} + }; + +@@ -1668,6 +1687,9 @@ static int parse_argv(int argc, char *argv[]) + puts("JSON is not supported"); + return -1; + #endif ++ case 'n': ++ arg_dry_run = true; ++ break; + default: + usage(EXIT_FAILURE); + } +@@ -2781,24 +2803,28 @@ int main(int argc, char **argv) + + umask(0022); + +- if (destrootdir == NULL || strlen(destrootdir) == 0) { +- destrootdir = getenv("DESTROOTDIR"); ++ if (arg_dry_run) { ++ destrootdir = "/nonexistent"; ++ } else { + if (destrootdir == NULL || strlen(destrootdir) == 0) { +- log_error("Environment DESTROOTDIR or argument -D is not set!"); +- usage(EXIT_FAILURE); ++ destrootdir = getenv("DESTROOTDIR"); ++ if (destrootdir == NULL || strlen(destrootdir) == 0) { ++ log_error("Environment DESTROOTDIR or argument -D is not set!"); ++ usage(EXIT_FAILURE); ++ } + } +- } + +- if (strcmp(destrootdir, "/") == 0) { +- log_error("Environment DESTROOTDIR or argument -D is set to '/'!"); +- usage(EXIT_FAILURE); +- } ++ if (strcmp(destrootdir, "/") == 0) { ++ log_error("Environment DESTROOTDIR or argument -D is set to '/'!"); ++ usage(EXIT_FAILURE); ++ } + +- i = destrootdir; +- if (!(destrootdir = realpath(i, NULL))) { +- log_error("Environment DESTROOTDIR or argument -D is set to '%s': %m", i); +- r = EXIT_FAILURE; +- goto finish2; ++ i = destrootdir; ++ if (!(destrootdir = realpath(i, NULL))) { ++ log_error("Environment DESTROOTDIR or argument -D is set to '%s': %m", i); ++ r = EXIT_FAILURE; ++ goto finish2; ++ } + } + + items = hashmap_new(string_hash_func, string_compare_func); +@@ -2853,7 +2879,8 @@ int main(int argc, char **argv) + r = EXIT_SUCCESS; + + finish1: +- free(destrootdir); ++ if (!arg_dry_run) ++ free(destrootdir); + finish2: + if (!arg_kerneldir) + free(kerneldir); +-- +2.48.1 + + +From 6cdb49857ff1c9f798e35eded3673bd0a6e2c349 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 5 Mar 2025 11:53:18 +0000 +Subject: [PATCH 08/12] feat(dracut): replace ldd with dracut-install --dry-run + or header check + +One instance checks whether */lib64/* is used by /bin/sh and another +checks whether libusb is used by scdaemon. These can be handled by the +new dracut-install --dry-run option. + +find_binary currently uses ldd to check whether a given *.so* is a valid +ELF. ldd exits successfully even when libraries are missing, so it is +sufficient to replace this check with one that looks at the first 4 +bytes. + +Closes: https://github.com/dracut-ng/dracut-ng/issues/338 +Closes: https://github.com/dracut-ng/dracut-ng/issues/1257 +Signed-off-by: James Le Cuirot +--- + dracut-functions.sh | 10 ++++- + dracut-init.sh | 63 ++++++++++++--------------- + man/dracut.8.adoc | 7 --- + modules.d/91crypt-gpg/module-setup.sh | 2 +- + 4 files changed, 36 insertions(+), 46 deletions(-) + +diff --git a/dracut-functions.sh b/dracut-functions.sh +index 94f0228f..e6b8e958 100755 +--- a/dracut-functions.sh ++++ b/dracut-functions.sh +@@ -44,6 +44,12 @@ trim() { + printf "%s" "$var" + } + ++# is_elf ++# Returns success if the given path is an ELF. Only checks the first 4 bytes. ++is_elf() { ++ [[ $(head --bytes=4 "$1") == $'\x7fELF' ]] ++} ++ + # find a binary. If we were not passed the full path directly, + # search in the usual places to find the binary. + find_binary() { +@@ -56,13 +62,13 @@ find_binary() { + if [[ $1 == *.so* ]]; then + for l in $libdirs; do + _path="${l}${_delim}${1}" +- if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &> /dev/null; }; then ++ if is_elf "${dracutsysrootdir}${_path}"; then + printf "%s\n" "${_path}" + return 0 + fi + done + _path="${_delim}${1}" +- if { $DRACUT_LDD "${dracutsysrootdir}${_path}" &> /dev/null; }; then ++ if is_elf "${dracutsysrootdir}${_path}"; then + printf "%s\n" "${_path}" + return 0 + fi +diff --git a/dracut-init.sh b/dracut-init.sh +index de3ae324..cd821163 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -78,7 +78,6 @@ export srcmods + export hookdirs + } + +-DRACUT_LDD=${DRACUT_LDD:-ldd} + DRACUT_TESTBIN=${DRACUT_TESTBIN:-/bin/sh} + DRACUT_LDCONFIG=${DRACUT_LDCONFIG:-ldconfig} + PKG_CONFIG=${PKG_CONFIG:-pkg-config} +@@ -86,9 +85,35 @@ PKG_CONFIG=${PKG_CONFIG:-pkg-config} + # shellcheck source=./dracut-functions.sh + . "$dracutbasedir"/dracut-functions.sh + ++if ! [[ $DRACUT_INSTALL ]]; then ++ DRACUT_INSTALL=$(find_binary dracut-install) ++fi ++ ++if ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/dracut-install ]]; then ++ DRACUT_INSTALL=$dracutbasedir/dracut-install ++elif ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/src/install/dracut-install ]]; then ++ DRACUT_INSTALL=$dracutbasedir/src/install/dracut-install ++fi ++ ++# Test if dracut-install is a standalone executable with no options. ++# E.g. DRACUT_INSTALL may be set externally as: ++# DRACUT_INSTALL="valgrind dracut-install" ++# or ++# DRACUT_INSTALL="dracut-install --debug" ++# in which case the string cannot be tested for being executable. ++DRINSTALLPARTS=0 ++for i in $DRACUT_INSTALL; do ++ DRINSTALLPARTS=$((DRINSTALLPARTS + 1)) ++done ++ ++if [[ $DRINSTALLPARTS == 1 ]] && ! command -v "$DRACUT_INSTALL" > /dev/null 2>&1; then ++ dfatal "dracut-install not found!" ++ exit 10 ++fi ++ + # Detect lib paths + if ! [[ $libdirs ]]; then +- if [[ $("$DRACUT_LDD" "$dracutsysrootdir$DRACUT_TESTBIN") == */lib64/* ]] &> /dev/null \ ++ if [[ $($DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} --dry-run -R "$DRACUT_TESTBIN") == */lib64/* ]] &> /dev/null \ + && [[ -d $dracutsysrootdir/lib64 ]]; then + libdirs+=" /lib64" + [[ -d $dracutsysrootdir/usr/lib64 ]] && libdirs+=" /usr/lib64" +@@ -105,14 +130,6 @@ if ! [[ $libdirs ]]; then + export libdirs + fi + +-# ldd needs LD_LIBRARY_PATH pointing to the libraries within the sysroot directory +-if [[ -n $dracutsysrootdir ]]; then +- for lib in $libdirs; do +- LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+"$LD_LIBRARY_PATH":}$dracutsysrootdir$lib" +- done +- export LD_LIBRARY_PATH +-fi +- + # helper function for check() in module-setup.sh + # to check for required installed binaries + # issues a standardized warning message +@@ -205,32 +222,6 @@ dracut_module_path() { + return 1 + } + +-if ! [[ $DRACUT_INSTALL ]]; then +- DRACUT_INSTALL=$(find_binary dracut-install) +-fi +- +-if ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/dracut-install ]]; then +- DRACUT_INSTALL=$dracutbasedir/dracut-install +-elif ! [[ $DRACUT_INSTALL ]] && [[ -x $dracutbasedir/src/install/dracut-install ]]; then +- DRACUT_INSTALL=$dracutbasedir/src/install/dracut-install +-fi +- +-# Test if dracut-install is a standalone executable with no options. +-# E.g. DRACUT_INSTALL may be set externally as: +-# DRACUT_INSTALL="valgrind dracut-install" +-# or +-# DRACUT_INSTALL="dracut-install --debug" +-# in which case the string cannot be tested for being executable. +-DRINSTALLPARTS=0 +-for i in $DRACUT_INSTALL; do +- DRINSTALLPARTS=$((DRINSTALLPARTS + 1)) +-done +- +-if [[ $DRINSTALLPARTS == 1 ]] && ! command -v "$DRACUT_INSTALL" > /dev/null 2>&1; then +- dfatal "dracut-install not found!" +- exit 10 +-fi +- + if [[ $hostonly == "-h" ]]; then + if ! [[ $DRACUT_KERNEL_MODALIASES ]] || ! [[ -f $DRACUT_KERNEL_MODALIASES ]]; then + export DRACUT_KERNEL_MODALIASES="${DRACUT_TMPDIR}/modaliases" +diff --git a/man/dracut.8.adoc b/man/dracut.8.adoc +index ba33ab19..1dd6ae76 100644 +--- a/man/dracut.8.adoc ++++ b/man/dracut.8.adoc +@@ -648,13 +648,6 @@ _DRACUT_LDCONFIG_:: + Default: + _ldconfig_ + +-_DRACUT_LDD_:: +- sets the _ldd_ program path and options. Optional. +- Used for **--sysroot**. +-+ +-Default: +- _ldd_ +- + _PKG_CONFIG_:: + sets the _pkg-config_ program path and options. Optional. + Most useful together with **--sysroot**. +diff --git a/modules.d/91crypt-gpg/module-setup.sh b/modules.d/91crypt-gpg/module-setup.sh +index 501869a2..df4c2c52 100755 +--- a/modules.d/91crypt-gpg/module-setup.sh ++++ b/modules.d/91crypt-gpg/module-setup.sh +@@ -57,7 +57,7 @@ sc_supported() { + if [[ ${gpgMajor} -gt 2 || ${gpgMajor} -eq 2 && ${gpgMinor} -ge 1 ]] \ + && require_binaries gpg-agent \ + && require_binaries gpg-connect-agent \ +- && ($DRACUT_LDD "${dracutsysrootdir}${scdaemon}" | grep libusb > /dev/null); then ++ && [[ $($DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} --dry-run -R "${scdaemon}") == *libusb* ]]; then + return 0 + else + return 1 +-- +2.48.1 + + +From b52ce3eb8996efac35b6ecc883c184de003fa6c8 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Wed, 26 Mar 2025 13:02:35 +0000 +Subject: [PATCH 09/12] feat(dracut): allow users to choose which dlopen + dependencies they want + +Handling dlopen dependencies is nice, but installing these +unconditionally will install more than before rather than less, leading +to bigger images and unhappy users. + +This introduces the add_dlopen_features and omit_dlopen_features +configuration options. Modules that are successfully loaded set the +default set of features to add_dlopen_features in the config() function. +Users can request additional features by appending to this variable. +They can also omit features by appending to omit_dlopen_features, which +takes precedence. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 51 +++-- + dracut.sh | 10 + + man/dracut.conf.5.adoc | 13 ++ + modules.d/00systemd/module-setup.sh | 5 + + modules.d/01systemd-bsod/module-setup.sh | 5 + + modules.d/01systemd-coredump/module-setup.sh | 5 + + .../01systemd-integritysetup/module-setup.sh | 5 + + modules.d/01systemd-journald/module-setup.sh | 5 + + .../01systemd-veritysetup/module-setup.sh | 5 + + src/install/dracut-install.c | 182 +++++++++++++++++- + 10 files changed, 266 insertions(+), 20 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index cd821163..d650fac8 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -674,6 +674,15 @@ inst_opt_decompress() { + done + } + ++module_functions=( ++ check ++ depends ++ cmdline ++ config ++ install ++ installkernel ++) ++ + # module_check [] [] + # execute the check() function of module-setup.sh of + # or the "check" script, if module-setup.sh is not found +@@ -686,7 +695,7 @@ module_check() { + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [ $# -ge 2 ] && _forced=$2 + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + check() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh +@@ -696,7 +705,7 @@ module_check() { + # shellcheck disable=SC2086 + moddir="$_moddir" check $hostonly + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + hostonly=$_hostonly + return $_ret + } +@@ -711,13 +720,13 @@ module_check_mount() { + export mount_needs=1 + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + check() { false; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir=$_moddir check 0 + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + unset mount_needs + return "$_ret" + } +@@ -730,13 +739,13 @@ module_depends() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + depends() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir=$_moddir depends + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -748,13 +757,31 @@ module_cmdline() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + cmdline() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" cmdline + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" ++ return $_ret ++} ++ ++# module_config [] ++# execute the config() function of module-setup.sh of ++# or the "config" script, if module-setup.sh is not found ++module_config() { ++ local _moddir=$2 ++ local _ret ++ [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") ++ [[ -f $_moddir/module-setup.sh ]] || return 1 ++ unset "${module_functions[@]}" ++ config() { true; } ++ # shellcheck disable=SC1090 ++ . "$_moddir"/module-setup.sh ++ moddir="$_moddir" config ++ _ret=$? ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -766,13 +793,13 @@ module_install() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + install() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" install + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +@@ -784,13 +811,13 @@ module_installkernel() { + local _ret + [[ -z $_moddir ]] && _moddir=$(dracut_module_path "$1") + [[ -f $_moddir/module-setup.sh ]] || return 1 +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + installkernel() { true; } + # shellcheck disable=SC1090 + . "$_moddir"/module-setup.sh + moddir="$_moddir" installkernel + _ret=$? +- unset check depends cmdline install installkernel ++ unset "${module_functions[@]}" + return $_ret + } + +diff --git a/dracut.sh b/dracut.sh +index 75d92738..737bf58c 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -927,6 +927,9 @@ export DRACUT_LOG_LEVEL=warning + + [[ $dracutbasedir ]] || dracutbasedir="$dracutsysrootdir"/usr/lib/dracut + ++# These config variables needs to be exported for dracut-install. ++export add_dlopen_features="" omit_dlopen_features="" ++ + # if we were not passed a config file, try the default one + if [[ -z $conffile ]]; then + if [[ $allowlocal ]]; then +@@ -2007,6 +2010,13 @@ dracut_module_included "squash-lib" && mkdir -p "$squashdir" + + _isize=0 #initramfs size + modules_loaded=" " ++# Allow all modules to update the config. Do this before installing anything. ++for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do ++ _d_mod=${moddir##*/} ++ _d_mod=${_d_mod#[0-9][0-9]} ++ [[ $mods_to_load == *\ $_d_mod\ * ]] || continue ++ module_config "$_d_mod" "$moddir" ++done + # source our modules. + for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do + _d_mod=${moddir##*/} +diff --git a/man/dracut.conf.5.adoc b/man/dracut.conf.5.adoc +index ae8a6903..5a282853 100644 +--- a/man/dracut.conf.5.adoc ++++ b/man/dracut.conf.5.adoc +@@ -75,6 +75,19 @@ This option forces dracut to only include the specified kernel modules. + In most cases the "--add-drivers" option is what you want to use. + This option is not recommended to use (use at your own risk). + ++*add_dlopen_features+=*" __:__[__,__...] ... ":: ++Specify a space-separated list of binaries matching _pattern_ against a ++comma-separated list of features to install dependencies for. For example, ++"libsystemd-shared-*.so:idn,ip4tc" will install the dependencies for systemd's ++international domain name and iptables support. _pattern_ should match the ++soname for libraries or the filename for executables. ++ ++*omit_dlopen_features+=*" __:__[__,__...] ... ":: ++Specify a space-separated list of binaries matching _pattern_ against a ++comma-separated list of features to omit dependencies for. Some dracut modules ++add certain features by default. This takes precedence over add_dlopen_features ++above. ++ + *filesystems+=*" ____ ":: + Specify a space-separated list of kernel filesystem modules to exclusively + include in the generic initramfs. +diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh +index 747f09f0..1506f64f 100755 +--- a/modules.d/00systemd/module-setup.sh ++++ b/modules.d/00systemd/module-setup.sh +@@ -14,6 +14,11 @@ check() { + return 255 + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:kmod " ++} ++ + installkernel() { + hostonly='' instmods autofs4 ipv6 dmi-sysfs + instmods -s efivarfs +diff --git a/modules.d/01systemd-bsod/module-setup.sh b/modules.d/01systemd-bsod/module-setup.sh +index cf562ca6..f702792c 100755 +--- a/modules.d/01systemd-bsod/module-setup.sh ++++ b/modules.d/01systemd-bsod/module-setup.sh +@@ -19,6 +19,11 @@ depends() { + return 0 + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:qrencode " ++} ++ + # Install the required file(s) for the module in the initramfs. + install() { + inst_multiple \ +diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh +index 3083f851..4014b074 100755 +--- a/modules.d/01systemd-coredump/module-setup.sh ++++ b/modules.d/01systemd-coredump/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:lz4,lzma,zstd " ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +diff --git a/modules.d/01systemd-integritysetup/module-setup.sh b/modules.d/01systemd-integritysetup/module-setup.sh +index 804b856e..aba99371 100755 +--- a/modules.d/01systemd-integritysetup/module-setup.sh ++++ b/modules.d/01systemd-integritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:cryptsetup " ++} ++ + # Install kernel module(s). + installkernel() { + instmods dm-integrity +diff --git a/modules.d/01systemd-journald/module-setup.sh b/modules.d/01systemd-journald/module-setup.sh +index 9f546d1a..807c7ab3 100755 +--- a/modules.d/01systemd-journald/module-setup.sh ++++ b/modules.d/01systemd-journald/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:gcrypt,lz4,lzma,zstd " ++} ++ + # Install the required file(s) and directories for the module in the initramfs. + install() { + +diff --git a/modules.d/01systemd-veritysetup/module-setup.sh b/modules.d/01systemd-veritysetup/module-setup.sh +index e3b95303..1f0c0355 100755 +--- a/modules.d/01systemd-veritysetup/module-setup.sh ++++ b/modules.d/01systemd-veritysetup/module-setup.sh +@@ -26,6 +26,11 @@ depends() { + + } + ++# Config adjustments before installing anything. ++config() { ++ add_dlopen_features+=" libsystemd-shared-*.so:cryptsetup " ++} ++ + # Install kernel module(s). + installkernel() { + instmods dm-verity +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 46bc0a25..0f431a40 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -94,6 +94,9 @@ static Hashmap *modules_loaded = NULL; + static Hashmap *modules_suppliers = NULL; + static Hashmap *processed_suppliers = NULL; + static Hashmap *modalias_to_kmod = NULL; ++static Hashmap *add_dlopen_features = NULL; ++static Hashmap *omit_dlopen_features = NULL; ++static Hashmap *dlopen_features[2] = {NULL}; + static regex_t mod_filter_path; + static regex_t mod_filter_nopath; + static regex_t mod_filter_symbol; +@@ -913,11 +916,14 @@ static char *find_library(const char *soname, const char *src, size_t src_len, c + + /* Parse the given .note.dlopen JSON (https://systemd.io/ELF_DLOPEN_METADATA/) + in the given note index and find each dependent library, ensuring it matches +- the given (64 or 32 bit) ELF header. Each library found is added to deps. +- Dependencies already found in this chain must be given in pdeps. Failure to +- parse the JSON or find a library is considered non-fatal. */ +-static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *fullsrcpath, size_t src_len, +- const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) ++ the given (64 or 32 bit) ELF header. Dependencies are skipped if the ++ corresponding feature is present in omit_dlopen_features or missing from ++ add_dlopen_features. Those hashmaps are keyed by wildcard patterns, which are ++ compared against the source's soname or filename. Each library found is added ++ to deps. Dependencies already found in this chain must be given in pdeps. ++ Failure to parse the JSON or find a library is considered non-fatal. */ ++static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const char *src_soname, char *fullsrcpath, ++ size_t src_len, const char *json, size_t note_idx, const Elf64_Ehdr *match64, const Elf32_Ehdr *match32) + { + _cleanup_(sd_json_variant_unrefp) sd_json_variant *dlopen_json = NULL; + if (sd_json_parse(json, 0, &dlopen_json, NULL, NULL) != 0 || !sd_json_variant_is_array(dlopen_json)) { +@@ -927,6 +933,28 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + + for (size_t entry_idx = 0; entry_idx < sd_json_variant_elements(dlopen_json); entry_idx++) { + sd_json_variant *entry = sd_json_variant_by_index(dlopen_json, entry_idx); ++ sd_json_variant *feature_json = sd_json_variant_by_key(entry, "feature"); ++ ++ if (feature_json && sd_json_variant_is_string(feature_json)) { ++ const char *feature = sd_json_variant_string(feature_json); ++ const char *name = src_soname ?: basename(fullsrcpath); ++ ++ Iterator i; ++ char ***features; ++ const char *pattern; ++ HASHMAP_FOREACH_KEY(features, pattern, omit_dlopen_features, i) { ++ if (fnmatch(pattern, name, 0) == 0 && strv_contains(*features, feature)) ++ goto skip; ++ } ++ int skip = 1; ++ HASHMAP_FOREACH_KEY(features, pattern, add_dlopen_features, i) { ++ if (fnmatch(pattern, name, 0) == 0 && strv_contains(*features, feature)) ++ skip = 0; ++ } ++ if (skip) ++ goto skip; ++ } ++ + sd_json_variant *sonames = sd_json_variant_by_key(entry, "soname"); + if (!sonames || !sd_json_variant_is_array(sonames)) { + log_warning("WARNING: soname array missing from .note.dlopen entry #%zd.%zd in '%s'", note_idx, entry_idx, fullsrcpath); +@@ -949,6 +977,7 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + if (!library || hashmap_put_strdup_key(deps, soname, library) < 0) + log_warning("WARNING: could not locate dlopen dependency %s requested by '%s'", soname, fullsrcpath); + } ++skip: + } + } + +@@ -956,7 +985,32 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + 64 or 32 bit, check .note.dlopen entries for dependencies. See above. */ + #define RESOLVE_DEPS_DLOPEN_FOR_BITS(B, match64, match32) do { \ + PARSE_ELF_START(B, map); \ ++ const char *soname = NULL; \ + size_t note_idx = -1; \ ++\ ++ for (size_t i = 0; !soname && i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ ++ if ((char*)&shdr[i] < (char*)map || (char*)&shdr[i] + sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ ++ break; \ ++ if (strcmp(&shstrtab[ELF_BYTESWAP(32, shdr[i].sh_name)], ".dynamic") != 0) \ ++ continue; \ ++\ ++ Elf##B##_Dyn *dyn = (Elf##B##_Dyn *)((char *)map + ELF_BYTESWAP(B, shdr[i].sh_offset)); \ ++ if ((char *)dyn < (char *)map || (char *)dyn > (char *)map + src_len) \ ++ break; \ ++\ ++ for (Elf##B##_Dyn *d = dyn; !soname && ELF_BYTESWAP(32, d->d_tag) != DT_NULL; d++) { \ ++ if ((char *)d < (char *)map || (char *)d + sizeof(Elf##B##_Dyn) > (char *)map + src_len) \ ++ break; \ ++ if (ELF_BYTESWAP(B, d->d_tag) != DT_SONAME) \ ++ continue; \ ++\ ++ soname = (char *)map + ELF_BYTESWAP(B, shdr[ELF_BYTESWAP(32, shdr[i].sh_link)].sh_offset) + ELF_BYTESWAP(B, d->d_un.d_val); \ ++ if ((char *)soname < (char *)map || (char *)soname > (char *)map + src_len) { \ ++ soname = NULL; \ ++ break; \ ++ } \ ++ } \ ++ } \ + \ + for (size_t i = 0; i < ELF_BYTESWAP(16, ehdr->e_shnum); i++) { \ + if ((char*)shdr + i * sizeof(Elf##B##_Shdr) > (char*)map + src_len) \ +@@ -986,7 +1040,7 @@ static void resolve_deps_dlopen_parse_json(Hashmap *pdeps, Hashmap *deps, const + continue; \ + \ + note_idx++; \ +- resolve_deps_dlopen_parse_json(pdeps, deps, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ ++ resolve_deps_dlopen_parse_json(pdeps, deps, soname, fullsrcpath, src_len, note_desc, note_idx, match64, match32); \ + } \ + } \ + } while (0) +@@ -1102,6 +1156,11 @@ static int resolve_deps(const char *src, Hashmap *pdeps) + Hashmap *deps = hashmap_new(string_hash_func, string_compare_func); + int ret = 0; + ++ if (!ndeps || !deps) { ++ ret = -1; ++ goto finish; ++ } ++ + char *shebang = (char *)map; + if (shebang[0] == '#' && shebang[1] == '!') { + char *p, *q; +@@ -1139,8 +1198,10 @@ static int resolve_deps(const char *src, Hashmap *pdeps) + ret = -1; + } + +- if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) ++ if (hashmap_merge(ndeps, pdeps) < 0 || hashmap_merge(ndeps, deps) < 0) { ++ ret = -1; + goto finish; ++ } + + char *key, *library; + Iterator i; +@@ -2751,6 +2812,87 @@ static int install_modules(int argc, char **argv) + return EXIT_SUCCESS; + } + ++/* Parse the add_dlopen_features and omit_dlopen_features environment variables, ++ and store their contents in the corresponding char* -> char*** hashmaps. Each ++ variable holds multiple entries, separated by whitespace, and each entry ++ takes the form "libfoo.so.*:feature1,feature2". */ ++static int parse_dlopen_features() ++{ ++ const char *add_env = getenv("add_dlopen_features"); ++ const char *omit_env = getenv("omit_dlopen_features"); ++ const char *envs[] = {add_env, omit_env}; ++ char **features_array; ++ ++ for (size_t i = 0; i < 2; i++) { ++ if (!envs[i]) ++ continue; ++ ++ /* We cannot let strtok modify the environment. */ ++ _cleanup_free_ char *env_copy = strdup(envs[i]); ++ if (!env_copy) ++ return -ENOMEM; ++ ++ for (char *token = strtok(env_copy, " \t\n"); token; token = strtok(NULL, " \t\n")) { ++ char *colon = strchr(token, ':'); ++ if (!colon) { ++ log_warning("Invalid format in dlopen features: '%s'", token); ++ continue; ++ } ++ ++ *colon = '\0'; ++ const char *key = token; ++ const char *features = colon + 1; ++ ++ features_array = strv_split(features, ","); ++ if (!features_array) ++ return -ENOMEM; ++ ++ /* There may be entries with the same name/pattern. */ ++ char ***existing = hashmap_get(dlopen_features[i], key); ++ ++ if (existing) { ++ char **feature; ++ STRV_FOREACH(feature, features_array) { ++ /* Free feature if already present. */ ++ if (strv_contains(*existing, *feature)) ++ free(*feature); ++ /* Otherwise push onto existing array ++ without duplicating the string. */ ++ else if (strv_push(existing, *feature) == -ENOMEM) ++ goto oom; ++ } ++ /* All features have been freed or pushed to the ++ existing array, so just free array itself. */ ++ free(features_array); ++ } else { ++ /* The hashmaps store strvs as char*** rather ++ than char** because strv_push above calls ++ realloc. The latter would then leave the ++ hashmap with a stale pointer. */ ++ char ***features_arrayp = (char ***) malloc(sizeof(char ***)); ++ char *nkey = strdup(key); ++ if (!features_arrayp || !nkey) { ++ free(features_arrayp); ++ goto oom; ++ } ++ *features_arrayp = features_array; ++ if (hashmap_put(dlopen_features[i], nkey, features_arrayp) == -ENOMEM) { ++ free(features_arrayp); ++ free(nkey); ++ goto oom; ++ } ++ } ++ } ++ } ++ ++ return 0; ++ ++oom: ++ log_error("Out of memory"); ++ strv_free(features_array); ++ return -ENOMEM; ++} ++ + int main(int argc, char **argv) + { + int r; +@@ -2832,7 +2974,11 @@ int main(int argc, char **argv) + processed_suppliers = hashmap_new(string_hash_func, string_compare_func); + modalias_to_kmod = hashmap_new(string_hash_func, string_compare_func); + +- if (!items || !items_failed || !processed_suppliers || !modules_loaded) { ++ dlopen_features[0] = add_dlopen_features = hashmap_new(string_hash_func, string_compare_func); ++ dlopen_features[1] = omit_dlopen_features = hashmap_new(string_hash_func, string_compare_func); ++ ++ if (!items || !items_failed || !processed_suppliers || !modules_loaded || ++ !add_dlopen_features || !omit_dlopen_features) { + log_error("Out of memory"); + r = EXIT_FAILURE; + goto finish1; +@@ -2864,6 +3010,11 @@ int main(int argc, char **argv) + } + } + ++ if (parse_dlopen_features() < 0) { ++ r = EXIT_FAILURE; ++ goto finish1; ++ } ++ + if (arg_module) { + r = install_modules(argc - optind, &argv[optind]); + } else if (arg_resolvelazy) { +@@ -2908,6 +3059,21 @@ finish2: + while ((i = hashmap_steal_first(processed_suppliers))) + item_free(i); + ++ for (size_t j = 0; j < 2; j++) { ++ char ***array; ++ Iterator it; ++ ++ HASHMAP_FOREACH(array, dlopen_features[j], it) { ++ strv_free(*array); ++ free(array); ++ } ++ ++ while ((i = hashmap_steal_first_key(dlopen_features[j]))) ++ item_free(i); ++ ++ hashmap_free(dlopen_features[j]); ++ } ++ + /* + * Note: modalias_to_kmod's values are freed implicitly by the kmod context destruction + * in kmod_unref(). +-- +2.48.1 + + +From 4cba538e9218b33c068f9a7ac463133152e0b9b4 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Fri, 14 Mar 2025 14:08:00 +0000 +Subject: [PATCH 10/12] fix: add $dracutsysrootdir to paths where it should be + present + +inst_simpl is sometimes called with the sysroot (particular via moddir) +and sometimes without. dracut-install knows how to handle this, so the +inst_simpl existence check needs to handle it too. + +Signed-off-by: James Le Cuirot +--- + dracut-init.sh | 8 ++++++-- + dracut.sh | 2 +- + modules.d/01systemd-cryptsetup/module-setup.sh | 2 +- + modules.d/01systemd-sysext/module-setup.sh | 2 +- + modules.d/03modsign/module-setup.sh | 2 +- + modules.d/95iscsi/module-setup.sh | 2 +- + 6 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/dracut-init.sh b/dracut-init.sh +index d650fac8..394ad658 100755 +--- a/dracut-init.sh ++++ b/dracut-init.sh +@@ -267,7 +267,11 @@ inst_simple() { + shift + fi + [[ -e ${dstdir}/"${2:-$1}" ]] && return 0 # already there +- [[ -e $1 ]] || return 1 # no source ++ if [[ $1 == /* ]]; then ++ [[ -e $dracutsysrootdir/${1#"$dracutsysrootdir"} ]] || return 1 # no source ++ else ++ [[ -e $1 ]] || return 1 # no source ++ fi + if $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${dstdir:+-D "$dstdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"; then + return 0 + else +@@ -526,7 +530,7 @@ build_ld_cache() { + local dstdir="${dstdir:-"$initdir"}" + + for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do +- [[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}" ++ [[ -f $f ]] && inst_simple "${f}" + done + if ! $DRACUT_LDCONFIG -r "$initdir" -f /etc/ld.so.conf; then + if [[ $EUID == 0 ]]; then +diff --git a/dracut.sh b/dracut.sh +index 737bf58c..58fe08c5 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -1114,7 +1114,7 @@ drivers_dir="${drivers_dir%"${drivers_dir##*[!/]}"}" + [[ $ro_mnt_l ]] && ro_mnt="yes" + [[ $early_microcode_l ]] && early_microcode=$early_microcode_l + [[ $early_microcode ]] || early_microcode=yes +-[[ $early_microcode_image_dir ]] || early_microcode_image_dir=('/boot') ++[[ $early_microcode_image_dir ]] || early_microcode_image_dir=("$dracutsysrootdir"/boot) + [[ $early_microcode_image_name ]] \ + || early_microcode_image_name=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') + [[ $logfile_l ]] && logfile="$logfile_l" +diff --git a/modules.d/01systemd-cryptsetup/module-setup.sh b/modules.d/01systemd-cryptsetup/module-setup.sh +index 023c65d1..dd8618a2 100755 +--- a/modules.d/01systemd-cryptsetup/module-setup.sh ++++ b/modules.d/01systemd-cryptsetup/module-setup.sh +@@ -70,7 +70,7 @@ install() { + _luksfile="/run/cryptsetup-keys.d/$_mapper.key" + fi + +- find "$systemdsystemunitdir" "$systemdsystemconfdir" -type f -name "*.socket" | while read -r socket_unit; do ++ find "$dracutsysrootdir$systemdsystemunitdir" "$dracutsysrootdir$systemdsystemconfdir" -type f -name "*.socket" | while read -r socket_unit; do + # systemd-cryptsetup utility only supports SOCK_STREAM (ListenStream) sockets, so we ignore + # other types like SOCK_DGRAM (ListenDatagram), SOCK_SEQPACKET (ListenSequentialPacket), etc. + if ! grep -E -q "^ListenStream\s*=\s*$_luksfile$" "$socket_unit"; then +diff --git a/modules.d/01systemd-sysext/module-setup.sh b/modules.d/01systemd-sysext/module-setup.sh +index 379d0aa1..cc52d855 100755 +--- a/modules.d/01systemd-sysext/module-setup.sh ++++ b/modules.d/01systemd-sysext/module-setup.sh +@@ -29,7 +29,7 @@ install() { + local _suffix= + + # systemd >= v258 +- [[ -e "$systemdsystemunitdir"/systemd-sysext-initrd.service ]] && _suffix="-initrd" ++ [[ -e "$dracutsysrootdir$systemdsystemunitdir"/systemd-sysext-initrd.service ]] && _suffix="-initrd" + + # It's intended to work only with raw binary disk images contained in + # regular files, but not with directory trees. +diff --git a/modules.d/03modsign/module-setup.sh b/modules.d/03modsign/module-setup.sh +index 7a22a752..7fffad83 100755 +--- a/modules.d/03modsign/module-setup.sh ++++ b/modules.d/03modsign/module-setup.sh +@@ -28,6 +28,6 @@ install() { + + for x in "$dracutsysrootdir"/lib/modules/keys/*; do + [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && break +- inst_simple "${x#"$dracutsysrootdir"}" ++ inst_simple "${x}" + done + } +diff --git a/modules.d/95iscsi/module-setup.sh b/modules.d/95iscsi/module-setup.sh +index 3bb9a63d..ba57dbbe 100755 +--- a/modules.d/95iscsi/module-setup.sh ++++ b/modules.d/95iscsi/module-setup.sh +@@ -220,7 +220,7 @@ install() { + "$systemdsystemunitdir"/iscsiuio.socket \ + "$systemdsystemunitdir"/sockets.target.wants/iscsid.socket \ + "$systemdsystemunitdir"/sockets.target.wants/iscsiuio.socket +- if grep -q '^ExecStartPre=/usr/lib/open-iscsi/startup-checks.sh$' "$systemdsystemunitdir/iscsid.service"; then ++ if grep -q '^ExecStartPre=/usr/lib/open-iscsi/startup-checks.sh$' "$dracutsysrootdir$systemdsystemunitdir/iscsid.service"; then + inst_simple /usr/lib/open-iscsi/startup-checks.sh + fi + +-- +2.48.1 + + +From 03c766c1e93026e4a454a56ccf87d6aba39d903d Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Tue, 1 Apr 2025 11:51:19 +0100 +Subject: [PATCH 11/12] fix: don't use command -v to find binaries in the + sysroot + +If the binaries were missing outside the sysroot, "" was passed to +dracut-install, which then created an empty directory instead! + +dracut-install will automatically search the sysroot for a named binary +if it is given without a path anyway. + +Signed-off-by: James Le Cuirot +--- + modules.d/90btrfs/module-setup.sh | 2 +- + modules.d/90dmraid/module-setup.sh | 2 +- + modules.d/90mdraid/module-setup.sh | 4 ++-- + modules.d/90multipath/module-setup.sh | 4 ++-- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/modules.d/90btrfs/module-setup.sh b/modules.d/90btrfs/module-setup.sh +index 80bba155..fbf3c1db 100755 +--- a/modules.d/90btrfs/module-setup.sh ++++ b/modules.d/90btrfs/module-setup.sh +@@ -56,5 +56,5 @@ install() { + fi + + inst_multiple -o btrfsck btrfs-zero-log btrfstune +- inst "$(command -v btrfs)" /sbin/btrfs ++ inst btrfs /sbin/btrfs + } +diff --git a/modules.d/90dmraid/module-setup.sh b/modules.d/90dmraid/module-setup.sh +index 482ae96a..e7c6be60 100755 +--- a/modules.d/90dmraid/module-setup.sh ++++ b/modules.d/90dmraid/module-setup.sh +@@ -73,7 +73,7 @@ install() { + + inst_multiple dmraid + inst_multiple -o kpartx +- inst "$(command -v partx)" /sbin/partx ++ inst partx /sbin/partx + + inst "$moddir/dmraid.sh" /sbin/dmraid_scan + +diff --git a/modules.d/90mdraid/module-setup.sh b/modules.d/90mdraid/module-setup.sh +index b0ab8411..0d0a57f6 100755 +--- a/modules.d/90mdraid/module-setup.sh ++++ b/modules.d/90mdraid/module-setup.sh +@@ -67,8 +67,8 @@ cmdline() { + install() { + inst_multiple cat expr + inst_multiple -o mdmon +- inst "$(command -v partx)" /sbin/partx +- inst "$(command -v mdadm)" /sbin/mdadm ++ inst partx /sbin/partx ++ inst mdadm /sbin/mdadm + + if [[ $hostonly_cmdline == "yes" ]]; then + local _raidconf +diff --git a/modules.d/90multipath/module-setup.sh b/modules.d/90multipath/module-setup.sh +index 5a7f91fa..a16313c0 100755 +--- a/modules.d/90multipath/module-setup.sh ++++ b/modules.d/90multipath/module-setup.sh +@@ -61,7 +61,7 @@ installkernel() { + } + + mpathconf_installed() { +- command -v mpathconf &> /dev/null ++ find_binary mpathconf &> /dev/null + } + + # called by dracut +@@ -136,7 +136,7 @@ EOF + } + } + +- inst "$(command -v partx)" /sbin/partx ++ inst partx /sbin/partx + + inst_libdir_file "libmultipath*" "multipath/*" + inst_libdir_file 'libgcc_s.so*' +-- +2.48.1 + + +From 1ceb679410a75c8d245e692471aa5d7fa16df7b7 Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Thu, 10 Apr 2025 11:37:01 +0100 +Subject: [PATCH 12/12] fix(systemd-cryptsetup): don't pull in + fido2/pkcs11/tpm2-tss if omitted + +These modules have some large dependencies. Allow users to explicitly +omit them if desired. Other modules like systemd-udevd also do this. + +Signed-off-by: James Le Cuirot +--- + modules.d/01systemd-cryptsetup/module-setup.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/01systemd-cryptsetup/module-setup.sh b/modules.d/01systemd-cryptsetup/module-setup.sh +index dd8618a2..719df0e8 100755 +--- a/modules.d/01systemd-cryptsetup/module-setup.sh ++++ b/modules.d/01systemd-cryptsetup/module-setup.sh +@@ -33,7 +33,7 @@ depends() { + elif [[ ! $hostonly ]]; then + for module in fido2 pkcs11 tpm2-tss; do + module_check $module > /dev/null 2>&1 +- if [[ $? == 255 ]]; then ++ if [[ $? == 255 ]] && ! [[ " $omit_dracutmodules " == *\ $module\ * ]]; then + deps+=" $module" + fi + done +-- +2.48.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md index 9e3f344bd4..e9801411e5 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md +++ b/sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-kernel/dracut/README.md @@ -1,2 +1,11 @@ +`001-dracut-post-106.patch` is the merged upstream changes from v106 to current +main for some potentially important fixes and to provide a clean base for +`002-dracut-sysroot.patch`. This can be dropped when bumping to v107. + +`002-dracut-sysroot.patch` is Chewi's new Dracut improvements, which allow it to +parse the ELF .note.dlopen dependency metadata used by JSON and reliably +determine dependencies across foreign architectures. They will hopefully be +merged in v108. See https://github.com/dracut-ng/dracut-ng/pull/1260. + `050-change-network-dep-iscsi.patch` is a Flatcar-specific dependency tweak to use flatcar-network instead of network. From e5ef9e4f36c8e6b836eac3b454e71348ddaf7ec6 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 7 Apr 2025 15:04:45 +0100 Subject: [PATCH 4/7] sys-kernel/coreos-kernel: Adapt for new Dracut + bootengine with sysroot Dracut includes native binaries that are executed during the creation of the initrd, so it always needs to be installed to /. For now, it expects to find its modules in the sysroot, so it needs to be installed there too, though that may change. bootengine only needs to be installed to sysroot for its Dracut modules. The update-bootengine tool is a Bash script, so it doesn't really need to be installed to /. Signed-off-by: James Le Cuirot --- ...36.ebuild => bootengine-0.0.38-r37.ebuild} | 0 .../bootengine/bootengine-9999.ebuild | 2 +- .../coreos-kernel/coreos-kernel-6.6.87.ebuild | 61 ++++++++++--------- 3 files changed, 34 insertions(+), 29 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/{bootengine-0.0.38-r36.ebuild => bootengine-0.0.38-r37.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r36.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r37.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r36.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-0.0.38-r37.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild index c58fc8d446..cc56634903 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/bootengine/bootengine-9999.ebuild @@ -7,7 +7,7 @@ EGIT_REPO_URI="https://github.com/flatcar/bootengine.git" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - EGIT_COMMIT="9b57178c5390855d10c09a21278467ada35df767" # flatcar-master + EGIT_COMMIT="26231c67c14aa6032a85c2d15c7a6c15c62348a5" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild index f63fe81030..43910e4500 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.87.ebuild @@ -1,15 +1,21 @@ # Copyright 2014-2016 CoreOS, Inc. # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 COREOS_SOURCE_REVISION="" -inherit coreos-kernel +inherit coreos-kernel toolchain-funcs DESCRIPTION="CoreOS Linux kernel" KEYWORDS="amd64 arm64" +RESTRICT="userpriv" # dracut (via bootengine) needs root RDEPEND="=sys-kernel/coreos-modules-${PVR}" -DEPEND="${RDEPEND} +BDEPEND=" + sys-kernel/dracut +" +DEPEND=" + ${RDEPEND} + ${BDEPEND} app-alternatives/awk app-alternatives/gzip app-arch/xz-utils @@ -36,53 +42,52 @@ DEPEND="${RDEPEND} sys-fs/e2fsprogs sys-fs/mdadm sys-fs/xfsprogs + >=sys-kernel/bootengine-0.0.38-r37:= >=sys-kernel/coreos-firmware-20180103-r1:= - >=sys-kernel/bootengine-0.0.4:= - sys-kernel/dracut virtual/udev - amd64? ( sys-firmware/intel-microcode:= )" - -# We are bad, we want to get around the sandbox. So do the creation of the -# cpio image in pkg_setup() where we are free to mount filesystems, chroot, -# and other fun stuff. -pkg_setup() { - coreos-kernel_pkg_setup - - [[ "${MERGE_TYPE}" == binary ]] && return + amd64? ( sys-firmware/intel-microcode:= ) +" +src_prepare() { # Fail early if we didn't detect the build installed by coreos-modules [[ -n "${KV_OUT_DIR}" ]] || die "Failed to detect modules build tree" - if [[ "${ROOT:-/}" != / ]]; then - # TMPDIR needs to be corrected for chroot - TMPDIR=${TMPDIR#${ROOT}} ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} -k "${KV_FULL}" || die - else - update-bootengine -k "${KV_FULL}" || die - fi -} - -src_prepare() { default + # KV_OUT_DIR points to the minimal build tree installed by coreos-modules # Pull in the config and public module signing key - KV_OUT_DIR="${SYSROOT%/}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" + KV_OUT_DIR="${ESYSROOT}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" cp -v "${KV_OUT_DIR}/.config" build/ || die local sig_key="$(getconfig MODULE_SIG_KEY)" mkdir -p "build/${sig_key%/*}" || die cp -v "${KV_OUT_DIR}/${sig_key}" "build/${sig_key}" || die - # Symlink to bootengine.cpio so we can stick with relative paths in .config - ln -sv "${SYSROOT%/}"/usr/share/bootengine/bootengine.cpio build/ || die config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' # include all intel and amd microcode files, avoiding the signatures - local fw_dir="${SYSROOT%/}/lib/firmware" + local fw_dir="${ESYSROOT}/lib/firmware" use amd64 && config_update "CONFIG_EXTRA_FIRMWARE=\"$(find ${fw_dir} -type f \ \( -path ${fw_dir}'/intel-ucode/*' -o -path ${fw_dir}'/amd-ucode/*' \) -printf '%P ')\"" use amd64 && config_update "CONFIG_EXTRA_FIRMWARE_DIR=\"${fw_dir}\"" } src_compile() { + local BE_ARGS=() + + if [[ -n ${SYSROOT} ]]; then + BE_ARGS+=( -r "${SYSROOT}" ) + export DRACUT_ARCH="${CHOST%%-*}" + + # We may need to run ldconfig via QEMU, so use the wrapper. Dracut calls + # it with -r, which chroots and confuses the sandbox, so calm it down. + export DRACUT_LDCONFIG="${CHOST}-ldconfig" + local f; for f in /etc/ld.so.cache{,~} /var/cache/ldconfig/aux-cache{,~}; do + addwrite "${f}" + done + fi + + tc-export PKG_CONFIG + "${ESYSROOT}"/usr/bin/update-bootengine -k "${KV_FULL}" -o "${S}"/build/bootengine.cpio "${BE_ARGS[@]}" || die kmake "$(kernel_target)" # sanity check :) @@ -104,5 +109,5 @@ src_install() { # For easy access to vdso debug symbols in gdb: # set debug-file-directory /usr/lib/debug/usr/lib/modules/${KV_FULL}/vdso/ - kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" vdso_install + kmake INSTALL_MOD_PATH="${ED}/usr/lib/debug/usr" vdso_install } From 959e0715a9d1c4c088cea330e803de4dc33201f5 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Mon, 7 Apr 2025 18:35:18 +0100 Subject: [PATCH 5/7] sys-apps/systemd: Avoid initrd bloat by using OpenSSL instead of gcrypt systemd-journal's Forward Secure Sealing feature requires gcrypt, but Flatcar doesn't need it. Signed-off-by: James Le Cuirot --- changelog/changes/2025-04-17-systemd-crypt.md | 1 + .../coreos-overlay/profiles/coreos/base/package.use | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 changelog/changes/2025-04-17-systemd-crypt.md diff --git a/changelog/changes/2025-04-17-systemd-crypt.md b/changelog/changes/2025-04-17-systemd-crypt.md new file mode 100644 index 0000000000..ac341e986b --- /dev/null +++ b/changelog/changes/2025-04-17-systemd-crypt.md @@ -0,0 +1 @@ +- systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar. diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 340f92278d..9e82a092a9 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -166,3 +166,7 @@ net-dns/bind-tools gssapi # Flatcar can't benefit from this performance boost for several reasons, the # main one being the use of binary packages. sys-kernel/dracut -dracut-cpio + +# Avoid initrd bloat by using OpenSSL instead of gcrypt in systemd. +# systemd-journal's FSS feature requires gcrypt, but Flatcar doesn't need it. +sys-apps/systemd -gcrypt From 7b3aac22d44cff4f76ab62a8d3c1da2800c86fdb Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 15 Apr 2025 12:47:05 +0100 Subject: [PATCH 6/7] sys-firmware/intel-microcode: Fix inclusion of microcode in the initrd The microcode was accidentally dropped from Flatcar a while back because Gentoo started telling Dracut to not include it when USE=-initramfs. Flatcar disabled that flag because the microcode is installed to /boot. This is only done under the board root though, not in the final image, so there's no harm in enabling it. That Dracut setting also affected the AMD microcode, which is part of coreos-firmware, so this fixes that too. Signed-off-by: James Le Cuirot --- changelog/bugfixes/2025-04-17-cpu-microcode.md | 1 + .../third_party/coreos-overlay/profiles/coreos/base/package.use | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 changelog/bugfixes/2025-04-17-cpu-microcode.md diff --git a/changelog/bugfixes/2025-04-17-cpu-microcode.md b/changelog/bugfixes/2025-04-17-cpu-microcode.md new file mode 100644 index 0000000000..14b8478597 --- /dev/null +++ b/changelog/bugfixes/2025-04-17-cpu-microcode.md @@ -0,0 +1 @@ +- Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago. diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 9e82a092a9..7f8bcc05c7 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -156,7 +156,6 @@ sys-libs/libsemanage -python sys-fs/zfs minimal -rootfs # Do not tinker with /boot partition at installation time. -sys-firmware/intel-microcode -initramfs sys-fs/zfs-kmod -initramfs # For sys-auth/sssd From 2af957f377c141853825961ce817763bde917f8a Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Tue, 15 Apr 2025 12:48:26 +0100 Subject: [PATCH 7/7] sys-firmware/intel-microcode: Don't install the split microcode This is only needed for direct loading by the kernel, which is dangerous, and we include all the microcode in the initrd anyway. Signed-off-by: James Le Cuirot --- .../coreos-overlay/profiles/coreos/base/package.use | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 7f8bcc05c7..9b987284ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -158,6 +158,10 @@ sys-fs/zfs minimal -rootfs # Do not tinker with /boot partition at installation time. sys-fs/zfs-kmod -initramfs +# Only needed for direct loading by the kernel, which is dangerous, and we +# include all the microcode in the initrd anyway. +sys-firmware/intel-microcode -split-ucode + # For sys-auth/sssd net-dns/bind gssapi net-dns/bind-tools gssapi