This pulls in https://github.com/flatcar/bootengine/pull/114
just to be sure that we tried all available modules based on the
modalias when we don't make progress in the minimal initrd. So far we
don't know if this helps (it won't for completly missing kernel modules
of course) but it's good to have this done automatically instead of
having to ask users if it helps for them when they hit an issue. It also
prints the current state again which otherwise might be a bit hidden if
a kernel message gets printed after the initial message.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This is a hack - the ebuild will disappear on next weekly updates,
unless Gentoo gets the 2.1.5 ebuild by then.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
The Fusion MPT SCSI storage drivers were missing from the new minimal
initrd because they are not together with the other storage driver
modules but live in their own "message/fusion/" folder.
Add the "message/fusion/" folder to the initrd modules so that we can
load the disk. Dependencies will be resolved by dracut-install as
needed.
Fixes https://github.com/flatcar/Flatcar/issues/1924
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The most significant change here is to drop our manual service
enabling in favor of invoking systemctl preset-all and moving the
generated symlinks to /usr.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
We can add sec-policy/selinux-ntp to package.provided in overlay
profiles - that way we don't need to modify the dependencies of the
sys-apps/systemd package.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
- Drop unused systemd-256.9 ebuild.
- Drop unused patches and regenerate the rest.
- Pull in a patch from Gentoo.
- Drop Flatcar modifications related to split-usr. We kept those
because SDK used to use split-dir.
- Drop meson options related to quota utilities - the values we
specified were the same as systemd's defaults.
- Disable LLMNR and DNSSEC by default - we are disabling it with
drop-ins in the init repo. We probably could just drop them.
- Preserved keepdir for directories inside /usr and /var. For the
latter, dropped the related entries from our tmpfiles - we are
generating tmpfiles for directories inside /var during image build.
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
In Flatcar we are using modprobe helpers that run depmod in temporary
overlay. systemd-udevd.service may try to load drivers for some block
devices (e.g. ZFS), which ends up calling our helpers, which invoke
mount command. The mount syscalls are forbidden by the default
systemd-udevd syscall filter.
Signed-off-by: Daniel Zatovic <daniel.zatovic@gmail.com>
The kernel now includes a script for installing the files needed to
build out-of-tree modules, rendering our existing code obsolete. The
layout is different, but we were following Ubuntu's non-standard layout
when there was no need to. Ubuntu's approach is seemingly designed to
save space by symlinking common files across different platforms, but
Flatcar doesn't need to do this.
More importantly, our previous approach relied on a kernel patch we have
carried for years that no longer applies from v6.13. The patch cannot
simply be reworked as the underlying mechanism has changed.
This clears the last major blocker for the arm64 SDK as the previous
approach also relied on implicit execution by QEMU.
There has been concern that this may break compatibility with some
modules, but I have not seen any issues in practise. I have symlinked
`source` to `build` even though we don't install the full kernel sources
because this is what Fedora does, and it makes the layout resemble
Ubuntu a little more. Should any issues arise, I will gladly work with
upstreams to resolve them or otherwise make adjustments.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
When --input-xml is on and --payload-url is off to pass XML data
offline, we need to set payload_url to None and continue running
the DownloadVerify builder instead of returning there.
Pulls in https://github.com/flatcar/ue-rs/pull/93.
Signed-off-by: Dongsu Park <dongsu@dpark.io>
Containerd-2.0 is out of support next week, containerd-2.1 has 6 more months of
support and requires runc-1.3. Containerd-2.1 also supports the erofs
snapshotter.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The initrd itself is already compressed with xz, so compressing the
modules within with xz as well just makes the image bigger and slower.
Not compressing all the kernel modules in the first place is not such a
clear win because it is zlib and zstd compression that is applied
elsewhere.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This pulls https://github.com/flatcar/bootengine/pull/113 to fix a
kernel boot warning being printed for three modules that are loaded
explicitly.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This pulls in https://github.com/flatcar/init/pull/136 to prevent the
default network setup to conflict with TUN/TAP device configuration
from other tools.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
