diff --git a/.dracut.metadata b/.dracut.metadata index 67d9f97..4ebbd4c 100644 --- a/.dracut.metadata +++ b/.dracut.metadata @@ -1 +1 @@ -0e004ae0a4b910b1bd3e2f1d86dd0649f8f2addd SOURCES/102.tar.gz +6da4d27d768f049332b3b4f9ff36a4a494eda4fc SOURCES/103.tar.gz diff --git a/.gitignore b/.gitignore index 141d7dd..24eab14 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/102.tar.gz +SOURCES/103.tar.gz diff --git a/SOURCES/0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch b/SOURCES/0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch deleted file mode 100644 index f2b57ec..0000000 --- a/SOURCES/0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 3bcb0a9f06bac7fa62dc7241860deb8b671f17cd Mon Sep 17 00:00:00 2001 -From: Pavel Valena -Date: Tue, 25 Apr 2023 14:56:59 +0200 -Subject: [PATCH 01/24] feat(hwdb): add hwdb module to install hwdb.bin on - demand - -Module to install hwdb.bin. Further extensions might make only selected -part of hwdb installable to save space. The module is not included by default. - -Including the module adds 2MB of compressed data (on Fedora, the file has 12MB). - -Installing hwdb.bin is needed in case of custom HW like a keyboard/mouse, or various interfaces. - -Original PR: https://github.com/dracutdevs/dracut/pull/1681 ---- - modules.d/95hwdb/module-setup.sh | 26 ++++++++++++++++++++++++++ - 1 file changed, 26 insertions(+) - create mode 100755 modules.d/95hwdb/module-setup.sh - -diff --git a/modules.d/95hwdb/module-setup.sh b/modules.d/95hwdb/module-setup.sh -new file mode 100755 -index 00000000..5d3250f3 ---- /dev/null -+++ b/modules.d/95hwdb/module-setup.sh -@@ -0,0 +1,26 @@ -+#!/bin/bash -+# This file is part of dracut. -+# SPDX-License-Identifier: GPL-2.0-or-later -+ -+check() { -+ return 255 -+} -+ -+# called by dracut -+install() { -+ local hwdb_bin -+ -+ # Follow the same priority as `systemd-hwdb`; `/etc` is the default -+ # and `/usr/lib` an alternative location. -+ hwdb_bin="${udevconfdir}"/hwdb.bin -+ -+ if [[ ! -r ${hwdb_bin} ]]; then -+ hwdb_bin="${udevdir}"/hwdb.bin -+ fi -+ -+ if [[ $hostonly ]]; then -+ inst_multiple -H "${hwdb_bin}" -+ else -+ inst_multiple "${hwdb_bin}" -+ fi -+} --- -2.42.0 - diff --git a/SOURCES/0002-fix-rngd-install-system-service-file.patch b/SOURCES/0001-fix-rngd-install-system-service-file.patch similarity index 93% rename from SOURCES/0002-fix-rngd-install-system-service-file.patch rename to SOURCES/0001-fix-rngd-install-system-service-file.patch index bdd3d3b..9177ffe 100644 --- a/SOURCES/0002-fix-rngd-install-system-service-file.patch +++ b/SOURCES/0001-fix-rngd-install-system-service-file.patch @@ -1,7 +1,7 @@ -From d14d724620fe4810930d1c2f07d10fa6b8bc9557 Mon Sep 17 00:00:00 2001 +From f75ae29afc829e19834c4cb99ca51b8ebe8481bf Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Sun, 23 Jul 2023 19:44:17 +0200 -Subject: [PATCH 02/24] fix(rngd): install system service file +Subject: [PATCH 01/32] fix(rngd): install system service file as there's no reason to keep a copy; there shouldn't be any modifications. diff --git a/SOURCES/0003-revert-fix-install.d-correctly-install-pre-genned-im.patch b/SOURCES/0002-revert-fix-install.d-correctly-install-pre-genned-im.patch similarity index 98% rename from SOURCES/0003-revert-fix-install.d-correctly-install-pre-genned-im.patch rename to SOURCES/0002-revert-fix-install.d-correctly-install-pre-genned-im.patch index e1a62aa..2ab6cfd 100644 --- a/SOURCES/0003-revert-fix-install.d-correctly-install-pre-genned-im.patch +++ b/SOURCES/0002-revert-fix-install.d-correctly-install-pre-genned-im.patch @@ -1,7 +1,7 @@ -From 6fa596ca039300e5f4bb3cca14768976efe95eac Mon Sep 17 00:00:00 2001 +From 9b7740eaf33357cc087c83d95d089bdf8ead07dd Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Wed, 12 Jun 2024 06:30:42 +0200 -Subject: [PATCH 03/24] revert: "fix(install.d): correctly install pre-genned +Subject: [PATCH 02/32] revert: "fix(install.d): correctly install pre-genned image and die if no args" revert: "fix(install.d): simplify and use what kernel-install gives us" diff --git a/SOURCES/0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch b/SOURCES/0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch similarity index 96% rename from SOURCES/0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch rename to SOURCES/0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch index 7f68517..938aa1f 100644 --- a/SOURCES/0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch +++ b/SOURCES/0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch @@ -1,7 +1,7 @@ -From c6d18c3c71597e78572378fc4dde391f1845b8bd Mon Sep 17 00:00:00 2001 +From 0d2983f7dbc1f5fbaa60735c839ea111d3f5d4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jan 2022 18:08:42 +0100 -Subject: [PATCH 04/24] feat(kernel-install): do nothing when +Subject: [PATCH 03/32] feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so dracut may be installed without being actually used. This is very common in diff --git a/SOURCES/0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch b/SOURCES/0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch similarity index 90% rename from SOURCES/0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch rename to SOURCES/0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch index 37f69b2..d02e856 100644 --- a/SOURCES/0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch +++ b/SOURCES/0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch @@ -1,7 +1,7 @@ -From 1bd81956dc050db071c5885cfbcde393370468ae Mon Sep 17 00:00:00 2001 +From 65d5bd785458da98b0388ddf3f8e67e569af67c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Jan 2022 18:58:58 +0100 -Subject: [PATCH 05/24] fix(kernel-install): do not generate an initrd when one +Subject: [PATCH 04/32] fix(kernel-install): do not generate an initrd when one was specified According to the synopsis, kernel-install can be called with an diff --git a/SOURCES/0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch b/SOURCES/0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch similarity index 95% rename from SOURCES/0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch rename to SOURCES/0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch index 3b642c7..b5e1ac3 100644 --- a/SOURCES/0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch +++ b/SOURCES/0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch @@ -1,7 +1,7 @@ -From 30e7870504d09183bb9d99ed04f148c7dfb0c645 Mon Sep 17 00:00:00 2001 +From 35326479721f8b439f291bf8ff35354107144012 Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Thu, 11 Jul 2024 07:33:05 +0200 -Subject: [PATCH 07/24] fix: incorrectly applied patch in commit +Subject: [PATCH 05/32] fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8 named: "feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so" diff --git a/SOURCES/0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch b/SOURCES/0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch deleted file mode 100644 index e84385c..0000000 --- a/SOURCES/0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6cb58e86ae65cf9922023b12e889446323a89080 Mon Sep 17 00:00:00 2001 -From: Laszlo Gombos -Date: Sat, 15 Jun 2024 15:21:44 -0400 -Subject: [PATCH 06/24] fix(crypt): decryption when rd.luks.name is set - ---- - modules.d/90crypt/parse-crypt.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh -index 39fc6d21..9567a4a9 100755 ---- a/modules.d/90crypt/parse-crypt.sh -+++ b/modules.d/90crypt/parse-crypt.sh -@@ -174,7 +174,7 @@ else - } >> "$hookdir/emergency/90-crypt.sh" - fi - done -- elif getargbool 1 rd.auto; then -+ elif getargbool 1 rd.auto && [ -z "$(getargs rd.luks.name)" ]; then - if [ -z "$DRACUT_SYSTEMD" ]; then - { - printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)" --- -2.42.0 - diff --git a/SOURCES/0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch b/SOURCES/0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch similarity index 87% rename from SOURCES/0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch rename to SOURCES/0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch index 99282e8..13e2b45 100644 --- a/SOURCES/0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch +++ b/SOURCES/0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch @@ -1,7 +1,7 @@ -From 93937d805f8166d9f708f9163fc93839fc1437d3 Mon Sep 17 00:00:00 2001 +From afcfd7378110969cce445d7613d9e81c9d85cac0 Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Thu, 11 Jul 2024 16:24:14 +0200 -Subject: [PATCH 08/24] revert: "fix(crypt): unlock encrypted devices by +Subject: [PATCH 06/32] revert: "fix(crypt): unlock encrypted devices by default during boot" This reverts commit 2339acfaeee60d6bb26a1103db2e53bc8f9cb2d1. diff --git a/SOURCES/0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch b/SOURCES/0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch similarity index 86% rename from SOURCES/0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch rename to SOURCES/0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch index d9dd8cc..0cfed75 100644 --- a/SOURCES/0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch +++ b/SOURCES/0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch @@ -1,7 +1,7 @@ -From aded658821983ba7d92def26793813c1b3a83475 Mon Sep 17 00:00:00 2001 +From 02bc9391cfdf7f3b16c49cde9d881642c13fc8c0 Mon Sep 17 00:00:00 2001 From: Laszlo Gombos Date: Sat, 20 Jul 2024 18:49:38 -0400 -Subject: [PATCH 10/24] test: do not force include dash, let sh module make a +Subject: [PATCH 07/32] test: do not force include dash, let sh module make a selection This is important for alpine, so that it does not install both diff --git a/SOURCES/0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch b/SOURCES/0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch similarity index 77% rename from SOURCES/0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch rename to SOURCES/0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch index 16cc6c8..a0ebb22 100644 --- a/SOURCES/0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch +++ b/SOURCES/0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch @@ -1,7 +1,7 @@ -From a891ae527aaf3c015d3b4b0290655b89fdf8f03d Mon Sep 17 00:00:00 2001 +From bdfdbdee356cb83dad86f1d49fc21df9117ba8eb Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Thu, 8 Aug 2024 01:30:50 +0200 -Subject: [PATCH 11/24] fix(dracut-functions): allow for \ in get_maj_min file +Subject: [PATCH 08/32] fix(dracut-functions): allow for \ in get_maj_min file path as the path might be f.e. /dev/disk/by-partlabel/EFI\x20System\x20Partition @@ -14,15 +14,15 @@ Resolves: RHEL-47145 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dracut-functions.sh b/dracut-functions.sh -index f9e5d3bc..c8cb2e15 100755 +index 1f7a9052..d436a357 100755 --- a/dracut-functions.sh +++ b/dracut-functions.sh @@ -243,7 +243,7 @@ get_maj_min() { local _out if [[ $get_maj_min_cache_file ]]; then -- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" -+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" +- _out="$(grep -m1 -oE "^$1 \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")" ++ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")" fi if ! [[ "$_out" ]]; then diff --git a/SOURCES/0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch b/SOURCES/0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch deleted file mode 100644 index 87df5db..0000000 --- a/SOURCES/0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e02ef9afa1ede698623f25d5694949e9b4fedb4e Mon Sep 17 00:00:00 2001 -From: Pavel Valena -Date: Tue, 6 Dec 2022 21:46:01 +0100 -Subject: [PATCH 09/24] fix(90kernel-modules): install blk modules using symbol - blk_alloc_disk - -Corresponding kernel symbol blk_cleanup_disk is no longer used in the nvdimm -driver and calls are made directly instead. - -blk_alloc_disk is used: -https://elixir.bootlin.com/linux/v6.1-rc8/source/drivers/nvdimm/pmem.c#L522 - -Resolves: RHEL-32237 ---- - modules.d/90kernel-modules/module-setup.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh -index ec60f393..89f33231 100755 ---- a/modules.d/90kernel-modules/module-setup.sh -+++ b/modules.d/90kernel-modules/module-setup.sh -@@ -2,7 +2,7 @@ - - # called by dracut - installkernel() { -- local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk' -+ local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_alloc_disk|blk_mq_alloc_disk|blk_mq_alloc_request|blk_mq_destroy_queue|blk_cleanup_disk' - local -A _hostonly_drvs - - record_block_dev_drv() { --- -2.42.0 - diff --git a/SOURCES/0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch b/SOURCES/0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch similarity index 89% rename from SOURCES/0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch rename to SOURCES/0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch index f72e622..63a6fc8 100644 --- a/SOURCES/0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch +++ b/SOURCES/0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch @@ -1,7 +1,7 @@ -From 821ffb39cd0c3003b2711d30302b713ab9b5da9b Mon Sep 17 00:00:00 2001 +From 31fe330589cfd564790c4255c951567a3479df94 Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Mon, 5 Aug 2024 11:28:32 +0200 -Subject: [PATCH 12/24] fix(dracut-functions.sh): only return block devices +Subject: [PATCH 09/32] fix(dracut-functions.sh): only return block devices from get_persistent_dev With udev 256, there are now directories such as @@ -24,7 +24,7 @@ Resolves: RHEL-49744 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dracut-functions.sh b/dracut-functions.sh -index c8cb2e15..43d905e3 100755 +index d436a357..b4d57454 100755 --- a/dracut-functions.sh +++ b/dracut-functions.sh @@ -294,8 +294,7 @@ get_persistent_dev() { diff --git a/SOURCES/0013-feat-systemd-include-systemd-config-files-from-usr-l.patch b/SOURCES/0010-feat-systemd-include-systemd-config-files-from-usr-l.patch similarity index 92% rename from SOURCES/0013-feat-systemd-include-systemd-config-files-from-usr-l.patch rename to SOURCES/0010-feat-systemd-include-systemd-config-files-from-usr-l.patch index bc98fa7..e3e06b8 100644 --- a/SOURCES/0013-feat-systemd-include-systemd-config-files-from-usr-l.patch +++ b/SOURCES/0010-feat-systemd-include-systemd-config-files-from-usr-l.patch @@ -1,7 +1,7 @@ -From 3e4a22f2b72d0723fd43ca917b8aa9003c6c7f8f Mon Sep 17 00:00:00 2001 +From e90249443fe2285f221849359e9066aefff29eff Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Wed, 12 Jun 2024 06:06:32 +0200 -Subject: [PATCH 13/24] feat(systemd*): include systemd config files from +Subject: [PATCH 10/32] feat(systemd*): include systemd config files from /usr/lib/systemd and also use proper variables for the paths, and fixup invalid paths. @@ -26,7 +26,7 @@ Resolves: RHEL-32506 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/modules.d/00systemd/module-setup.sh b/modules.d/00systemd/module-setup.sh -index d173c99f..0f151289 100755 +index ce7bb520..70a2a78f 100755 --- a/modules.d/00systemd/module-setup.sh +++ b/modules.d/00systemd/module-setup.sh @@ -42,6 +42,8 @@ install() { @@ -50,10 +50,10 @@ index d173c99f..0f151289 100755 /etc/hostname \ /etc/nsswitch.conf \ diff --git a/modules.d/01systemd-coredump/module-setup.sh b/modules.d/01systemd-coredump/module-setup.sh -index 47666b6c..17deb088 100755 +index 0c5cbcfb..6acbe75f 100755 --- a/modules.d/01systemd-coredump/module-setup.sh +++ b/modules.d/01systemd-coredump/module-setup.sh -@@ -33,6 +33,7 @@ install() { +@@ -35,6 +35,7 @@ install() { inst_multiple -o \ "$sysctld"/50-coredump.conf \ "$systemdutildir"/coredump.conf \ @@ -61,7 +61,7 @@ index 47666b6c..17deb088 100755 "$systemdutildir"/systemd-coredump \ "$systemdsystemunitdir"/systemd-coredump.socket \ "$systemdsystemunitdir"/systemd-coredump@.service \ -@@ -51,7 +52,7 @@ install() { +@@ -52,7 +53,7 @@ install() { if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdutilconfdir"/coredump.conf \ @@ -84,10 +84,10 @@ index 67034bbf..5de5db4b 100755 "$systemdsystemunitdir"/systemd-pstore.service \ "$systemdsystemunitdir/systemd-pstore.service.d/*.conf" diff --git a/modules.d/01systemd-resolved/module-setup.sh b/modules.d/01systemd-resolved/module-setup.sh -index 0c2e8c28..7b4b26e8 100755 +index b354bc6c..d20f211c 100755 --- a/modules.d/01systemd-resolved/module-setup.sh +++ b/modules.d/01systemd-resolved/module-setup.sh -@@ -49,6 +49,7 @@ install() { +@@ -50,6 +50,7 @@ install() { # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ @@ -96,10 +96,10 @@ index 0c2e8c28..7b4b26e8 100755 "$systemdutilconfdir/resolved.conf.d/*.conf" \ "$systemdsystemconfdir"/systemd-resolved.service \ diff --git a/modules.d/01systemd-timesyncd/module-setup.sh b/modules.d/01systemd-timesyncd/module-setup.sh -index a2c67540..77f7b113 100755 +index 0c065af6..82902b3b 100755 --- a/modules.d/01systemd-timesyncd/module-setup.sh +++ b/modules.d/01systemd-timesyncd/module-setup.sh -@@ -38,6 +38,7 @@ install() { +@@ -40,6 +40,7 @@ install() { "$systemdntpunits/*.list" \ "$systemdutildir"/systemd-timesyncd \ "$systemdutildir"/systemd-time-wait-sync \ diff --git a/SOURCES/0014-fix-resume-always-include-the-resume-module.patch b/SOURCES/0011-fix-resume-always-include-the-resume-module.patch similarity index 84% rename from SOURCES/0014-fix-resume-always-include-the-resume-module.patch rename to SOURCES/0011-fix-resume-always-include-the-resume-module.patch index 3df298c..ad98ace 100644 --- a/SOURCES/0014-fix-resume-always-include-the-resume-module.patch +++ b/SOURCES/0011-fix-resume-always-include-the-resume-module.patch @@ -1,7 +1,7 @@ -From 53d78f4eb236500465279c424c296ff576421c7c Mon Sep 17 00:00:00 2001 +From 91f878a4fe4ed694baad59cdb1c7366b002cf1da Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Thu, 8 Aug 2024 00:21:12 +0200 -Subject: [PATCH 14/24] fix(resume): always include the resume module +Subject: [PATCH 11/32] fix(resume): always include the resume module as we can't determine with certainity that it won't be needed. diff --git a/SOURCES/0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch b/SOURCES/0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch similarity index 95% rename from SOURCES/0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch rename to SOURCES/0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch index dd265bc..58af470 100644 --- a/SOURCES/0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch +++ b/SOURCES/0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch @@ -1,7 +1,7 @@ -From b8b7e0245bb3c645b45d4a31847ed227a8431ec8 Mon Sep 17 00:00:00 2001 +From 5ed57d866f2be5dc73c7c70a70f51ccae9bdd47d Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Mon, 22 Jul 2024 16:46:47 +0200 -Subject: [PATCH 15/24] feat(dracut-init.sh): allow changing the destination +Subject: [PATCH 12/32] feat(dracut-init.sh): allow changing the destination directory for inst et al When using 99squash dracut actually builds two separate initrds. The @@ -53,7 +53,7 @@ Related: RHEL-43460 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/dracut-init.sh b/dracut-init.sh -index 863df0cb..58e657b5 100755 +index 986da96b..8e943493 100755 --- a/dracut-init.sh +++ b/dracut-init.sh @@ -240,34 +240,36 @@ inst_dir() { @@ -129,7 +129,7 @@ index 863df0cb..58e657b5 100755 for f in "$dracutsysrootdir"/etc/ld.so.conf "$dracutsysrootdir"/etc/ld.so.conf.d/*; do [[ -f $f ]] && inst_simple "${f#"$dracutsysrootdir"}" done -@@ -1047,13 +1052,15 @@ for_each_module_dir() { +@@ -1056,13 +1061,15 @@ for_each_module_dir() { } dracut_kernel_post() { @@ -147,7 +147,7 @@ index 863df0cb..58e657b5 100755 dfatal "\"depmod -a $kernel\" failed." exit 1 fi -@@ -1067,6 +1074,7 @@ instmods() { +@@ -1076,6 +1083,7 @@ instmods() { # can be e.g. "=block" or "=drivers/usb/storage" # -c check # -s silent @@ -155,7 +155,7 @@ index 863df0cb..58e657b5 100755 local _optional="-o" local _silent local _ret -@@ -1092,7 +1100,7 @@ instmods() { +@@ -1101,7 +1109,7 @@ instmods() { fi $DRACUT_INSTALL \ @@ -164,7 +164,7 @@ index 863df0cb..58e657b5 100755 ${dracutsysrootdir:+-r "$dracutsysrootdir"} \ ${loginstall:+-L "$loginstall"} \ ${hostonly:+-H} \ -@@ -1106,7 +1114,7 @@ instmods() { +@@ -1115,7 +1123,7 @@ instmods() { if ((_ret != 0)) && [[ -z $_silent ]]; then derror "FAILED: " \ "$DRACUT_INSTALL" \ @@ -173,7 +173,7 @@ index 863df0cb..58e657b5 100755 ${dracutsysrootdir:+-r "$dracutsysrootdir"} \ ${loginstall:+-L "$loginstall"} \ ${hostonly:+-H} \ -@@ -1123,14 +1131,16 @@ instmods() { +@@ -1132,14 +1140,16 @@ instmods() { if [[ "$(ln --help)" == *--relative* ]]; then ln_r() { diff --git a/SOURCES/0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch b/SOURCES/0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch similarity index 88% rename from SOURCES/0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch rename to SOURCES/0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch index eff9951..2965b4e 100644 --- a/SOURCES/0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch +++ b/SOURCES/0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch @@ -1,7 +1,7 @@ -From c81d6422d71b02ed9158a67c00fa0a5eec232f37 Mon Sep 17 00:00:00 2001 +From 150e428c0e8d40257a983c2f82be5e8e0f30920f Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Thu, 25 Jul 2024 12:47:00 +0200 -Subject: [PATCH 16/24] fix(dracut-init.sh): add module to mods_to_load before +Subject: [PATCH 13/32] fix(dracut-init.sh): add module to mods_to_load before checking dependencies When implementing erofs support for 99squash we end up with three @@ -34,10 +34,10 @@ Related: RHEL-43460 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dracut-init.sh b/dracut-init.sh -index 58e657b5..840c6167 100755 +index 8e943493..746362d1 100755 --- a/dracut-init.sh +++ b/dracut-init.sh -@@ -915,6 +915,9 @@ check_mount() { +@@ -924,6 +924,9 @@ check_mount() { fi fi @@ -47,7 +47,7 @@ index 58e657b5..840c6167 100755 for _moddep in $(module_depends "$_mod" "$_moddir"); do # handle deps as if they were manually added [[ " $dracutmodules " == *\ $_mod\ * ]] \ -@@ -933,9 +936,6 @@ check_mount() { +@@ -942,9 +945,6 @@ check_mount() { fi done @@ -57,7 +57,7 @@ index 58e657b5..840c6167 100755 return 0 } -@@ -990,6 +990,9 @@ check_module() { +@@ -999,6 +999,9 @@ check_module() { fi fi @@ -67,7 +67,7 @@ index 58e657b5..840c6167 100755 for _moddep in $(module_depends "$_mod" "$_moddir"); do # handle deps as if they were manually added [[ " $dracutmodules " == *\ $_mod\ * ]] \ -@@ -1008,9 +1011,6 @@ check_module() { +@@ -1017,9 +1020,6 @@ check_module() { fi done diff --git a/SOURCES/0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch b/SOURCES/0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch similarity index 94% rename from SOURCES/0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch rename to SOURCES/0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch index ebd3dbc..c008443 100644 --- a/SOURCES/0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch +++ b/SOURCES/0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch @@ -1,7 +1,7 @@ -From bbb64f449a4f3cd76ea63d73ebc1043a3dd14118 Mon Sep 17 00:00:00 2001 +From 2d851d7d1709f5a03d8dab847aa42770bff2644b Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Mon, 22 Jul 2024 16:30:50 +0200 -Subject: [PATCH 17/24] feat(squash): move mksquashfs to 99squash/modules-setup +Subject: [PATCH 14/32] feat(squash): move mksquashfs to 99squash/modules-setup When using 99squash dracut actually builds two separat initrds. The "normal" one, that gets squashed into a squashfs image, and a @@ -32,10 +32,10 @@ Related: RHEL-43460 2 files changed, 49 insertions(+), 44 deletions(-) diff --git a/dracut.sh b/dracut.sh -index cc6d6f28..68bdf33b 100755 +index 856b884e..4d2e3df2 100755 --- a/dracut.sh +++ b/dracut.sh -@@ -1277,6 +1277,7 @@ trap ' +@@ -1260,6 +1260,7 @@ trap ' trap 'exit 1;' SIGINT readonly initdir="${DRACUT_TMPDIR}/initramfs" @@ -43,7 +43,7 @@ index cc6d6f28..68bdf33b 100755 mkdir -p "$initdir" if [[ $early_microcode == yes ]] || { [[ $acpi_override == yes ]] && [[ -d $acpi_table_dir ]]; }; then -@@ -1804,7 +1805,8 @@ export initdir dracutbasedir \ +@@ -1787,7 +1788,8 @@ export initdir dracutbasedir \ host_fs_types host_devs swap_devs sshkey add_fstab \ DRACUT_VERSION \ prefix filesystems drivers \ @@ -53,7 +53,7 @@ index cc6d6f28..68bdf33b 100755 mods_to_load="" # check all our modules to see if they should be sourced. -@@ -1909,6 +1911,8 @@ if [[ $kernel_only != yes ]]; then +@@ -1892,6 +1894,8 @@ if [[ $kernel_only != yes ]]; then fi fi @@ -62,7 +62,7 @@ index cc6d6f28..68bdf33b 100755 _isize=0 #initramfs size modules_loaded=" " # source our modules. -@@ -2255,14 +2259,6 @@ if [[ $kernel_only != yes ]]; then +@@ -2243,14 +2247,6 @@ if [[ $kernel_only != yes ]]; then build_ld_cache fi @@ -77,7 +77,7 @@ index cc6d6f28..68bdf33b 100755 if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then # stripping files negates (dedup) benefits of using reflink [[ -n $enhanced_cpio ]] && ddebug "strip is enabled alongside cpio reflink" -@@ -2282,25 +2278,8 @@ fi +@@ -2270,25 +2266,8 @@ fi if dracut_module_included "squash"; then dinfo "*** Squashing the files inside the initramfs ***" diff --git a/SOURCES/0018-feat-squash-split-95squash-squashfs-from-99squash.patch b/SOURCES/0015-feat-squash-split-95squash-squashfs-from-99squash.patch similarity index 97% rename from SOURCES/0018-feat-squash-split-95squash-squashfs-from-99squash.patch rename to SOURCES/0015-feat-squash-split-95squash-squashfs-from-99squash.patch index b1ee453..aee2a4f 100644 --- a/SOURCES/0018-feat-squash-split-95squash-squashfs-from-99squash.patch +++ b/SOURCES/0015-feat-squash-split-95squash-squashfs-from-99squash.patch @@ -1,7 +1,7 @@ -From 1ef53f9d5ea7f74730b27b8016304c58b2d31871 Mon Sep 17 00:00:00 2001 +From dd3daa0560e4e4f809b42a901cd79076d3577f96 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 23 Jul 2024 16:39:13 +0200 -Subject: [PATCH 18/24] feat(squash): split 95squash-squashfs from 99squash +Subject: [PATCH 15/32] feat(squash): split 95squash-squashfs from 99squash 99squash only allows squashing the files using squashfs. In order to make the implementation for different filesystems easier split out the diff --git a/SOURCES/0019-feat-squash-add-module-95squash-erofs.patch b/SOURCES/0016-feat-squash-add-module-95squash-erofs.patch similarity index 96% rename from SOURCES/0019-feat-squash-add-module-95squash-erofs.patch rename to SOURCES/0016-feat-squash-add-module-95squash-erofs.patch index e0e7171..17e1eb7 100644 --- a/SOURCES/0019-feat-squash-add-module-95squash-erofs.patch +++ b/SOURCES/0016-feat-squash-add-module-95squash-erofs.patch @@ -1,7 +1,7 @@ -From 4e8ea763cb10ab4f3b65e865d2ad03c8a5393e04 Mon Sep 17 00:00:00 2001 +From fcc73940a1e21fa79b7133e12ed0f8ed13645a54 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 23 Jul 2024 17:42:33 +0200 -Subject: [PATCH 19/24] feat(squash): add module 95squash-erofs +Subject: [PATCH 16/32] feat(squash): add module 95squash-erofs Allow squashing the image in 99squash using erofs. Keep squashfs as default to not change existing systems. I.e. only use erofs if the user diff --git a/SOURCES/0020-feat-lsinitrd-add-support-for-erofs-images.patch b/SOURCES/0017-feat-lsinitrd-add-support-for-erofs-images.patch similarity index 96% rename from SOURCES/0020-feat-lsinitrd-add-support-for-erofs-images.patch rename to SOURCES/0017-feat-lsinitrd-add-support-for-erofs-images.patch index f00fbf8..39cd22e 100644 --- a/SOURCES/0020-feat-lsinitrd-add-support-for-erofs-images.patch +++ b/SOURCES/0017-feat-lsinitrd-add-support-for-erofs-images.patch @@ -1,7 +1,7 @@ -From 327adc7782fd43f4cf9848f1c24f196c496b6b53 Mon Sep 17 00:00:00 2001 +From fc5efe96e0ffbfa447d27ba28245420f91b638dc Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 23 Jul 2024 18:33:37 +0200 -Subject: [PATCH 20/24] feat(lsinitrd): add support for erofs images +Subject: [PATCH 17/32] feat(lsinitrd): add support for erofs images Add support to handle erofs images in lsinitrd. Unfortunately the erofs tooling is missing some functionality of unsquashfs, esp. the ability to @@ -22,10 +22,10 @@ Resolves: RHEL-43460 1 file changed, 113 insertions(+), 54 deletions(-) diff --git a/lsinitrd.sh b/lsinitrd.sh -index 1329ab70..952dbc9f 100755 +index b36d0e12..6799f938 100755 --- a/lsinitrd.sh +++ b/lsinitrd.sh -@@ -172,10 +172,47 @@ dracutlibdirs() { +@@ -174,10 +174,47 @@ dracutlibdirs() { done } @@ -76,7 +76,7 @@ index 1329ab70..952dbc9f 100755 ((${#filenames[@]} == 1)) && nofileinfo=1 for f in "${!filenames[@]}"; do -@@ -183,18 +220,24 @@ extract_files() { +@@ -185,18 +222,24 @@ extract_files() { [[ $nofileinfo ]] || echo "========================================================================" # shellcheck disable=SC2001 [[ $f == *"\\x"* ]] && f=$(echo "$f" | sed 's/\\x.\{2\}/????/g') @@ -113,7 +113,7 @@ index 1329ab70..952dbc9f 100755 [[ $nofileinfo ]] || echo "========================================================================" [[ $nofileinfo ]] || echo done -@@ -220,66 +263,82 @@ list_files() { +@@ -222,66 +265,82 @@ list_files() { } list_squash_content() { diff --git a/SOURCES/0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch b/SOURCES/0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch similarity index 90% rename from SOURCES/0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch rename to SOURCES/0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch index 0e88594..bb44c8e 100644 --- a/SOURCES/0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch +++ b/SOURCES/0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch @@ -1,7 +1,7 @@ -From 0d90ae671e130b631383fb481a1f38a175167eff Mon Sep 17 00:00:00 2001 +From ac4b18bf89bfa440ff741557fe9928cd2b19b66e Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 30 Jul 2024 17:24:28 +0200 -Subject: [PATCH 21/24] feat(dracut-initramfs-restore): unpack erofs images +Subject: [PATCH 18/32] feat(dracut-initramfs-restore): unpack erofs images Follow the example for squashfs images and also unpack erofs images in dracut-initramfs-restore. @@ -17,10 +17,10 @@ Resolves: RHEL-43460 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/dracut-initramfs-restore.sh b/dracut-initramfs-restore.sh -index cc561b22..015160b7 100755 +index 74725308..98cfaed7 100755 --- a/dracut-initramfs-restore.sh +++ b/dracut-initramfs-restore.sh -@@ -74,12 +74,18 @@ else +@@ -81,12 +81,18 @@ else exit 1 fi diff --git a/SOURCES/0022-fix-squash-explicitly-create-required-directories.patch b/SOURCES/0019-fix-squash-explicitly-create-required-directories.patch similarity index 93% rename from SOURCES/0022-fix-squash-explicitly-create-required-directories.patch rename to SOURCES/0019-fix-squash-explicitly-create-required-directories.patch index 6cd8b5f..c6d6ed3 100644 --- a/SOURCES/0022-fix-squash-explicitly-create-required-directories.patch +++ b/SOURCES/0019-fix-squash-explicitly-create-required-directories.patch @@ -1,7 +1,7 @@ -From a3ca60929c50f1a1d41cf4567e3a4a8231a92642 Mon Sep 17 00:00:00 2001 +From c0bd2334708d9bfc6fbeb1c63eae0037eb4157b6 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 30 Jul 2024 13:35:17 +0200 -Subject: [PATCH 22/24] fix(squash): explicitly create required directories +Subject: [PATCH 19/32] fix(squash): explicitly create required directories At the moment 99squash relies on dracut-install to create the required directories it later links to. This approach is error prone and will diff --git a/SOURCES/0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch b/SOURCES/0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch similarity index 94% rename from SOURCES/0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch rename to SOURCES/0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch index fa4d6c0..cbff394 100644 --- a/SOURCES/0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch +++ b/SOURCES/0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch @@ -1,7 +1,7 @@ -From a6e8e41cd1d67bb4ee64b2bf107e98c18bf8afdf Mon Sep 17 00:00:00 2001 +From eef65961330c8fb68493d9a3eab55171482984c1 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 30 Jul 2024 13:44:32 +0200 -Subject: [PATCH 23/24] fix(squash): use 99busybox instead of installing it +Subject: [PATCH 20/32] fix(squash): use 99busybox instead of installing it manually Make use of 99busybox in 99squash rather than installing it manually. diff --git a/SOURCES/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch b/SOURCES/0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch similarity index 90% rename from SOURCES/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch rename to SOURCES/0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch index d45aea4..b408e1b 100644 --- a/SOURCES/0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch +++ b/SOURCES/0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch @@ -1,7 +1,7 @@ -From 458e2a42d6921cedb67623b68f6e310145f4b129 Mon Sep 17 00:00:00 2001 +From c6c9f871b87cdc334be989b42e9a5d2070ae17c5 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 19 Jul 2021 11:27:28 +0200 -Subject: [PATCH 25/31] fix(nfs): set correct ownership and permissions for +Subject: [PATCH 21/32] fix(nfs): set correct ownership and permissions for statd directory The directory ownership for the statd directory should be @@ -15,7 +15,7 @@ Resolves: RHEL-53361 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh -index abe1ee59..da6549d1 100755 +index 5cc42892..fbaeeb00 100755 --- a/modules.d/95nfs/module-setup.sh +++ b/modules.d/95nfs/module-setup.sh @@ -120,8 +120,13 @@ install() { diff --git a/SOURCES/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch b/SOURCES/0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch similarity index 89% rename from SOURCES/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch rename to SOURCES/0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch index 07efa7f..bee218c 100644 --- a/SOURCES/0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch +++ b/SOURCES/0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch @@ -1,7 +1,7 @@ -From 23a7d5d4752dd4273f406cf1729b2d98f39d0aa5 Mon Sep 17 00:00:00 2001 +From 4a6806efae05b453bb9b93efe961fb1033bb562b Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Sat, 17 Aug 2024 00:39:17 +0200 -Subject: [PATCH 26/31] fix(resume): do not include resume if swap is on +Subject: [PATCH 22/32] fix(resume): do not include resume if swap is on netdevice Additional fix, restoring previous behavior identical to RHEL-9. diff --git a/SOURCES/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch b/SOURCES/0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch similarity index 87% rename from SOURCES/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch rename to SOURCES/0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch index 2e1ef5f..5b4ebec 100644 --- a/SOURCES/0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch +++ b/SOURCES/0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch @@ -1,7 +1,7 @@ -From 101ee8a01d36d93b23749a67c337a2833f8ce1d3 Mon Sep 17 00:00:00 2001 +From 2f3c9cb56cc7ccdccbd8f8056b21d39fa736da1e Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Sat, 17 Aug 2024 01:43:50 +0200 -Subject: [PATCH 27/31] feat(dracut-init.sh): give --force-add precedence over +Subject: [PATCH 23/32] feat(dracut-init.sh): give --force-add precedence over --omit This gives precedence of force_add_dracutmodules to omit_dracutmodules, @@ -23,10 +23,10 @@ Resolves: RHEL-53791 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dracut-init.sh b/dracut-init.sh -index 840c6167..5d5fc081 100755 +index 746362d1..3917bb0d 100755 --- a/dracut-init.sh +++ b/dracut-init.sh -@@ -960,8 +960,10 @@ check_module() { +@@ -969,8 +969,10 @@ check_module() { [[ $2 ]] || mods_checked_as_dep+=" $_mod " if [[ " $omit_dracutmodules " == *\ $_mod\ * ]]; then diff --git a/SOURCES/0024-feat-dmdquash-live-add-support-for-using-erofs.patch b/SOURCES/0024-feat-dmdquash-live-add-support-for-using-erofs.patch deleted file mode 100644 index fb9fc51..0000000 --- a/SOURCES/0024-feat-dmdquash-live-add-support-for-using-erofs.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 3b4fe88a4259ec576a41d98b6aaee324a6b48b0f Mon Sep 17 00:00:00 2001 -From: "Brian C. Lane" -Date: Wed, 10 Jul 2024 16:30:09 -0700 -Subject: [PATCH 24/24] feat(dmdquash-live): add support for using erofs - -This adds support for rootfs compressed with erofs. Either as a plain -erofs image or a LiveOS/rootfs.img ext4 filesystem compressed with -erofs. - -This patch does not make any attempt to change the squashfs directory -naming (or variable names) in order to make these changes as small as -possible and easy to review. It also does not make any attempt to -support the multitude of available options other than what is needed by -anaconda-dracut calling this script to setup the boot.iso root -filesystem. - -(which isn't to say it doesn't work, it just hasn't been tested and is -outside the scope of this change). - -(cherry picked commit ca5ae5d3466eec40d118fc96d450478aa6faebb6) - -Resolves: RHEL-43460 ---- - modules.d/90dmsquash-live/dmsquash-live-root.sh | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh -index 4518852b..a376185e 100755 ---- a/modules.d/90dmsquash-live/dmsquash-live-root.sh -+++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh -@@ -97,7 +97,6 @@ det_img_fs() { - blkid -s TYPE -u noraid -o value "$1" - } - --load_fstype squashfs - CMDLINE=$(getcmdline) - for arg in $CMDLINE; do - case $arg in -@@ -112,14 +111,15 @@ if [ -f "$livedev" ]; then - # check filesystem type and handle accordingly - fstype=$(det_img_fs "$livedev") - case $fstype in -- squashfs) SQUASHED=$livedev ;; -- auto) die "cannot mount live image (unknown filesystem type)" ;; -+ squashfs | erofs) SQUASHED=$livedev ;; -+ auto) die "cannot mount live image (unknown filesystem type $fstype)" ;; - *) FSIMG=$livedev ;; - esac - load_fstype "$fstype" - else - livedev_fstype=$(det_fs "$livedev") -- if [ "$livedev_fstype" = "squashfs" ]; then -+ load_fstype "$livedev_fstype" -+ if [ "$livedev_fstype" = "squashfs" ] || [ "$livedev_fstype" = "erofs" ]; then - # no mount needed - we've already got the LiveOS image in $livedev - SQUASHED=$livedev - elif [ "$livedev_fstype" != "ntfs" ]; then -@@ -336,7 +336,7 @@ if [ -e "$SQUASHED" ]; then - SQUASHED_LOOPDEV=$(losetup -f) - losetup -r "$SQUASHED_LOOPDEV" $SQUASHED - mkdir -m 0755 -p /run/initramfs/squashfs -- mount -n -t squashfs -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs -+ mount -n -o ro "$SQUASHED_LOOPDEV" /run/initramfs/squashfs - - if [ -d /run/initramfs/squashfs/LiveOS ]; then - if [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then --- -2.42.0 - diff --git a/SOURCES/0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch b/SOURCES/0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch new file mode 100644 index 0000000..62fbeff --- /dev/null +++ b/SOURCES/0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch @@ -0,0 +1,38 @@ +From 226de396c97d483380bd0604bfe2ff7f6a2ef48c Mon Sep 17 00:00:00 2001 +From: Pavel Valena +Date: Fri, 16 Aug 2024 20:40:15 +0200 +Subject: [PATCH 24/32] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ + +Introduce new path for lsinitrd.sh to look into: + +/usr/lib/modules/$kver/initramfs.img + +Which is valid on all ostree-based systems, and also other image based +systems with pre-generated initramfs. + +Ref: https://issues.redhat.com/browse/RHEL-35890 +(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282) + +Resolves: RHEL-54650 +--- + lsinitrd.sh | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lsinitrd.sh b/lsinitrd.sh +index 6799f938..35314b78 100755 +--- a/lsinitrd.sh ++++ b/lsinitrd.sh +@@ -125,6 +125,10 @@ find_initrd_for_kernel_version() { + echo "/lib/modules/${kernel_version}/initrd" + elif [[ -f /lib/modules/${kernel_version}/initramfs.img ]]; then + echo "/lib/modules/${kernel_version}/initramfs.img" ++ elif [[ -f /usr/lib/modules/${kernel_version}/initrd ]]; then ++ echo "/usr/lib/modules/${kernel_version}/initrd" ++ elif [[ -f /usr/lib/modules/${kernel_version}/initramfs.img ]]; then ++ echo "/usr/lib/modules/${kernel_version}/initramfs.img" + elif [[ -f /boot/initramfs-${kernel_version}.img ]]; then + echo "/boot/initramfs-${kernel_version}.img" + else +-- +2.42.0 + diff --git a/SOURCES/0029-feat-fips-include-fips-module-unconditionally.patch b/SOURCES/0025-feat-fips-include-fips-module-unconditionally.patch similarity index 75% rename from SOURCES/0029-feat-fips-include-fips-module-unconditionally.patch rename to SOURCES/0025-feat-fips-include-fips-module-unconditionally.patch index 983b00b..766f52a 100644 --- a/SOURCES/0029-feat-fips-include-fips-module-unconditionally.patch +++ b/SOURCES/0025-feat-fips-include-fips-module-unconditionally.patch @@ -1,7 +1,7 @@ -From 833ca2c3832f1939a9a9729ed66c20d2a5fbf1fa Mon Sep 17 00:00:00 2001 +From 3e25517a0d1f0054e69409eb89484879251f47a3 Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Mon, 19 Aug 2024 09:41:27 +0200 -Subject: [PATCH 29/31] feat(fips): include fips module unconditionally +Subject: [PATCH 25/32] feat(fips): include fips module unconditionally rhel-only @@ -11,7 +11,7 @@ Resolves: RHEL-39404 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh -index 83fcd564..5ce1f201 100755 +index 1e0c9d09..005f0b6d 100755 --- a/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh @@ -2,7 +2,7 @@ diff --git a/SOURCES/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch b/SOURCES/0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch similarity index 82% rename from SOURCES/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch rename to SOURCES/0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch index 34e7aa1..c6a8033 100644 --- a/SOURCES/0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch +++ b/SOURCES/0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch @@ -1,7 +1,7 @@ -From e1ae840425837004bacafe53c53468207aa513e3 Mon Sep 17 00:00:00 2001 +From 4dfd0c8de071f074c813a87cc06335fa43e93a9d Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Thu, 8 Aug 2024 00:55:03 +0200 -Subject: [PATCH 30/31] fix(nfs): include also entries from +Subject: [PATCH 26/32] fix(nfs): include also entries from /usr/lib/{passwd,group} as those paths are used by bootc instead of the /etc ones. @@ -14,14 +14,14 @@ Resolves: RHEL-53431 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules.d/95nfs/module-setup.sh b/modules.d/95nfs/module-setup.sh -index da6549d1..df2d0e05 100755 +index fbaeeb00..df2d0e05 100755 --- a/modules.d/95nfs/module-setup.sh +++ b/modules.d/95nfs/module-setup.sh @@ -130,8 +130,15 @@ install() { # Rather than copy the passwd file in, just set a user for rpcbind # We'll save the state and restart the daemon from the root anyway -- grep -E '^nfsnobody:|^rpc:|^rpcuser:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" +- grep -E '^(nfsnobody|_rpc|rpc|rpcuser):' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" - grep -E '^nogroup:|^rpc:|^nobody:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" + local _confdir + for _confdir in etc usr/lib; do diff --git a/SOURCES/0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch b/SOURCES/0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch similarity index 85% rename from SOURCES/0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch rename to SOURCES/0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch index 16ced21..7b83a3d 100644 --- a/SOURCES/0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch +++ b/SOURCES/0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch @@ -1,7 +1,7 @@ -From 7a580a481f8b2d2df60a5e7b9da5c4a11ed9ecbf Mon Sep 17 00:00:00 2001 +From f26573ec709c7703863e8affdec990b100c25598 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Mon, 26 Aug 2024 15:58:54 +0200 -Subject: [PATCH 32/35] revert(dracut-init.sh): add module to mods_to_load +Subject: [PATCH 27/32] revert(dracut-init.sh): add module to mods_to_load before checking dependencies Commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before @@ -25,10 +25,10 @@ Resolves: RHEL-43460 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dracut-init.sh b/dracut-init.sh -index 5d5fc081..756a0a75 100755 +index 3917bb0d..644825c9 100755 --- a/dracut-init.sh +++ b/dracut-init.sh -@@ -915,9 +915,6 @@ check_mount() { +@@ -924,9 +924,6 @@ check_mount() { fi fi @@ -38,7 +38,7 @@ index 5d5fc081..756a0a75 100755 for _moddep in $(module_depends "$_mod" "$_moddir"); do # handle deps as if they were manually added [[ " $dracutmodules " == *\ $_mod\ * ]] \ -@@ -936,6 +933,9 @@ check_mount() { +@@ -945,6 +942,9 @@ check_mount() { fi done @@ -48,7 +48,7 @@ index 5d5fc081..756a0a75 100755 return 0 } -@@ -992,9 +992,6 @@ check_module() { +@@ -1001,9 +1001,6 @@ check_module() { fi fi @@ -58,7 +58,7 @@ index 5d5fc081..756a0a75 100755 for _moddep in $(module_depends "$_mod" "$_moddir"); do # handle deps as if they were manually added [[ " $dracutmodules " == *\ $_mod\ * ]] \ -@@ -1013,6 +1010,9 @@ check_module() { +@@ -1022,6 +1019,9 @@ check_module() { fi done diff --git a/SOURCES/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch b/SOURCES/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch deleted file mode 100644 index a8fbd8c..0000000 --- a/SOURCES/0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch +++ /dev/null @@ -1,36 +0,0 @@ -From afd17820980728f18a5cc96e794d4c56a8694698 Mon Sep 17 00:00:00 2001 -From: Pavel Valena -Date: Fri, 16 Aug 2024 20:40:15 +0200 -Subject: [PATCH 28/31] feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ - -Introduce new path for lsinitrd.sh to look into: - -/usr/lib/modules/$kver/initramfs.img - -Which is valid on all ostree-based systems, and also other image based -systems with pre-generated initramfs. - -Ref: https://issues.redhat.com/browse/RHEL-35890 -(cherry picked from commit 22ae6ecaf9ecdb9db3e79aa9a72d527e7436c282) - -Resolves: RHEL-54650 ---- - lsinitrd.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lsinitrd.sh b/lsinitrd.sh -index 952dbc9f..429cce7e 100755 ---- a/lsinitrd.sh -+++ b/lsinitrd.sh -@@ -136,6 +136,8 @@ else - image="/lib/modules/${KERNEL_VERSION}/initramfs.img" - elif [[ -f /boot/initramfs-${KERNEL_VERSION}.img ]]; then - image="/boot/initramfs-${KERNEL_VERSION}.img" -+ elif [[ -f /usr/lib/modules/${KERNEL_VERSION}/initramfs.img ]]; then -+ image="/usr/lib/modules/${KERNEL_VERSION}/initramfs.img" - elif [[ $MACHINE_ID ]] \ - && mountpoint -q /efi; then - image="/efi/${MACHINE_ID}/${KERNEL_VERSION}/initrd" --- -2.42.0 - diff --git a/SOURCES/0033-fix-squash-remove-cyclic-dependency.patch b/SOURCES/0028-fix-squash-remove-cyclic-dependency.patch similarity index 97% rename from SOURCES/0033-fix-squash-remove-cyclic-dependency.patch rename to SOURCES/0028-fix-squash-remove-cyclic-dependency.patch index 8ee18e9..44ea2c9 100644 --- a/SOURCES/0033-fix-squash-remove-cyclic-dependency.patch +++ b/SOURCES/0028-fix-squash-remove-cyclic-dependency.patch @@ -1,7 +1,7 @@ -From 7e1598536003caf9c6b68e9a4eaf3cef8bfcfeb9 Mon Sep 17 00:00:00 2001 +From 043aef3a9dee83818d67697fb6ad203dc3e87c39 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Mon, 26 Aug 2024 15:23:41 +0200 -Subject: [PATCH 33/35] fix(squash): remove cyclic dependency +Subject: [PATCH 28/32] fix(squash): remove cyclic dependency With commit d0f8fde5 ("fix(dracut-init.sh): add module to mods_to_load before checking dependencies") reverted 99squash can no longer rely on @@ -36,10 +36,10 @@ Resolves: RHEL-43460 create mode 100755 modules.d/99squash-lib/module-setup.sh diff --git a/dracut.sh b/dracut.sh -index 68bdf33b..71568fe0 100755 +index 4d2e3df2..db6713a9 100755 --- a/dracut.sh +++ b/dracut.sh -@@ -1911,7 +1911,7 @@ if [[ $kernel_only != yes ]]; then +@@ -1894,7 +1894,7 @@ if [[ $kernel_only != yes ]]; then fi fi @@ -48,7 +48,7 @@ index 68bdf33b..71568fe0 100755 _isize=0 #initramfs size modules_loaded=" " -@@ -2276,9 +2276,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then +@@ -2264,9 +2264,9 @@ if [[ $do_strip == yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then dinfo "*** Stripping files done ***" fi diff --git a/SOURCES/0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch b/SOURCES/0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch similarity index 86% rename from SOURCES/0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch rename to SOURCES/0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch index 6b6a3e6..3ddcf42 100644 --- a/SOURCES/0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch +++ b/SOURCES/0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch @@ -1,7 +1,7 @@ -From 8fe64408bd8349e28b7257f93880527a93c63fa2 Mon Sep 17 00:00:00 2001 +From 2ce3f3ff72e608d7a3d42b566f9772393e313df4 Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Tue, 27 Aug 2024 12:14:40 +0200 -Subject: [PATCH 34/35] fix(dracut.sh): exit when installing the squash loader +Subject: [PATCH 29/32] fix(dracut.sh): exit when installing the squash loader fails The postinstall phase in 99squash-lib can fail, e.g. when 99squash-lib @@ -21,10 +21,10 @@ Resolves: RHEL-43460 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dracut.sh b/dracut.sh -index 71568fe0..3d73fe43 100755 +index db6713a9..c5ef61ad 100755 --- a/dracut.sh +++ b/dracut.sh -@@ -2278,7 +2278,7 @@ fi +@@ -2266,7 +2266,7 @@ fi if dracut_module_included "squash-lib"; then dinfo "*** Squashing the files inside the initramfs ***" diff --git a/SOURCES/0035-fix-squash-lib-harden-against-empty-initdir.patch b/SOURCES/0030-fix-squash-lib-harden-against-empty-initdir.patch similarity index 90% rename from SOURCES/0035-fix-squash-lib-harden-against-empty-initdir.patch rename to SOURCES/0030-fix-squash-lib-harden-against-empty-initdir.patch index 5d36886..405f109 100644 --- a/SOURCES/0035-fix-squash-lib-harden-against-empty-initdir.patch +++ b/SOURCES/0030-fix-squash-lib-harden-against-empty-initdir.patch @@ -1,7 +1,7 @@ -From 85235ab58df8343a1a0314333b360648a5d0f452 Mon Sep 17 00:00:00 2001 +From e391c64afd187a81861301c949db5ffd1f9a3e5d Mon Sep 17 00:00:00 2001 From: Philipp Rudo Date: Mon, 26 Aug 2024 15:29:01 +0200 -Subject: [PATCH 35/35] fix(squash-lib): harden against empty $initdir +Subject: [PATCH 30/32] fix(squash-lib): harden against empty $initdir The postinstall phase of 99squash-lib has the potential to delete the whole rootfs if $initdir is empty. This should(tm) never happen. diff --git a/SOURCES/0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch b/SOURCES/0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch new file mode 100644 index 0000000..db954ba --- /dev/null +++ b/SOURCES/0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch @@ -0,0 +1,158 @@ +From 626280f62a8f05e68e70b8db81eeffe196642bf3 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 8 Aug 2024 16:43:31 +0200 +Subject: [PATCH 31/32] feat(fips-crypto-policies): make c-p follow FIPS mode + automatically + +For a system that uses crypto-policies to be switched to FIPS mode +correctly, it needs to be + +- booted with `fips=1` on the kernel command line +- switched to the FIPS crypto-policy (or a policy derived from it) +- have the fips dracut module enabled + +On older systems, there were additional steps, for example, creating +`/etc/system-fips`. + +We have repeatedly seen inconsistencies between those different toggles, +either because the user space tooling to switch between those does not +(for reliability, maintainability, and compliance reasons) undo some of +the steps it does when disabling FIPS mode, or because other +installation methods (bootc, containers, image builder) independently do +some of those steps. Eventually, all of these ended with user confusion. + +We can avoid this situation by eliminating the difference by treating +the `fips=1` kernel command line switch as a single source of truth, and +making all others follow automatically. This module provides this for +crypto-policies, by adding bind-mounts before pivot if the system has +not already been switched to a FIPS-based crypto-policy. + +This requires some support from the crypto-policies package (because it +needs to deal with the bind mounts when a user calls +`update-crypto-policies --set`), so make it a no-op unless + + - `fips=1` is on the kernel command line + - crypto-policies is installed + - crypto-policies supports the bind-mounts (indicated by the presence + of the `default-fips-config` file) + - the policy isn't already FIPS + +These checks should make this safe to add to the initramfs on all +current systems. + +The bind-mounts also need to happen in the initramfs already, because +systemd links against OpenSSL, and doing them later means that systemd +will start with an OpenSSL configuration that isn't tailored for FIPS. + +See also [1], which adds the user space support to crypto-policies, +along with a systemd service that does the same steps in case dracut +hasn't already done them (which is useful for environments that don't +use an initramfs like containers). + + [1]: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/merge_requests/191 + +Signed-off-by: Clemens Lang +(cherry picked from commit bd3c1e1cc2f656f7ee4ff47e00ca716d52a86a3d) + +Resolves: RHEL-59678 +--- + .../fips-crypto-policies.sh | 52 +++++++++++++++++++ + .../01fips-crypto-policies/module-setup.sh | 27 ++++++++++ + 2 files changed, 79 insertions(+) + create mode 100755 modules.d/01fips-crypto-policies/fips-crypto-policies.sh + create mode 100755 modules.d/01fips-crypto-policies/module-setup.sh + +diff --git a/modules.d/01fips-crypto-policies/fips-crypto-policies.sh b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh +new file mode 100755 +index 00000000..ff298298 +--- /dev/null ++++ b/modules.d/01fips-crypto-policies/fips-crypto-policies.sh +@@ -0,0 +1,52 @@ ++#!/usr/bin/sh ++ ++type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh ++ ++if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ] || [ -z "$fipsmode" ]; then ++ # Do nothing if not in FIPS mode ++ return 0 ++fi ++ ++policyfile=/etc/crypto-policies/config ++fipspolicyfile=/usr/share/crypto-policies/default-fips-config ++backends=/etc/crypto-policies/back-ends ++fipsbackends=/usr/share/crypto-policies/back-ends/FIPS ++ ++# When in FIPS mode, check the active crypto policy by reading the ++# $root/etc/crypto-policies/config file. If it is not "FIPS", or does not start ++# with "FIPS:", automatically switch to the FIPS policy by creating ++# bind-mounts. ++ ++if ! [ -r "${NEWROOT}${policyfile}" ]; then ++ # No crypto-policies configured, possibly not a system that uses ++ # crypto-policies? ++ return 0 ++fi ++ ++if ! [ -f "${NEWROOT}${fipspolicyfile}" ]; then ++ # crypto-policies is too old to deal with automatic bind-mounting of the ++ # FIPS policy over the normal policy, do not attempt to do the bind-mount. ++ return 0 ++fi ++ ++policy=$(cat "${NEWROOT}${policyfile}") ++ ++# Remove the largest suffix pattern matching ":*" from the string (i.e., the ++# complete list of active policy modules), then check for FIPS. This is part of ++# POSIX sh (https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_06_02). ++if [ "${policy%%:*}" = "FIPS" ]; then ++ return 0 ++fi ++ ++# Current crypto policy is not FIPS or FIPS-based, but the system is in FIPS ++# mode; this is an inconsistent configuration. Automatically bind-mount a FIPS ++# configuration over this. ++if ! mount -o bind,ro "${NEWROOT}${fipsbackends}" "${NEWROOT}${backends}"; then ++ warn "Failed to bind-mount FIPS policy over ${backends} (the system is in FIPS mode, but the crypto-policy is not)." ++ # If this bind-mount failed, don't attempt to do the other one to avoid ++ # a system that seems to be in FIPS crypto-policy but actually is not. ++ return 0 ++fi ++ ++mount -o bind,ro "${NEWROOT}${fipspolicyfile}" "${NEWROOT}${policyfile}" \ ++ || warn "Failed to bind-mount FIPS crypto-policy state file over ${policyfile} (the system is in FIPS mode, but the crypto-policy is not)." +diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh +new file mode 100755 +index 00000000..ee00452e +--- /dev/null ++++ b/modules.d/01fips-crypto-policies/module-setup.sh +@@ -0,0 +1,27 @@ ++#!/usr/bin/bash ++ ++# called by dracut ++check() { ++ # only enable on systems that use crypto-policies ++ [ -d "$dracutsysrootdir/etc/crypto-policies" ] && return 0 ++ ++ # include when something else depends on it or it is explicitly requested ++ return 255 ++} ++ ++# called by dracut ++depends() { ++ return 0 ++} ++ ++# called by dracut ++installkernel() { ++ return 0 ++} ++ ++# called by dracut ++install() { ++ inst_hook pre-pivot 01 "$moddir/fips-crypto-policies.sh" ++ ++ inst_multiple mount ++} +-- +2.42.0 + diff --git a/SOURCES/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch b/SOURCES/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch deleted file mode 100644 index 684cb25..0000000 --- a/SOURCES/0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch +++ /dev/null @@ -1,39 +0,0 @@ -From d18bbc304e838ecf3b888ce4d70f1d96d21821f5 Mon Sep 17 00:00:00 2001 -From: Daniel McIlvaney -Date: Fri, 7 Jun 2024 11:38:54 -0700 -Subject: [PATCH 31/31] fix(dracut-functions): avoid awk in get_maj_min() - -The `get_maj_min()` cache lookup is commonly used -across many flows. While `awk` should be available, -some highly constrained environments may not have it. -A second call to `grep` can provide the same behaviour -without adding a dependnecy. - -Lines in the cache will be of the form "/dev/sda2 8:2". -`awk '{print $NF}'` returns the last word of a matching line. Since -the initial matching regex is so specific a second call to grep can -easily extract the last word. - -(cherry picked commit ec7efd5701e9a1b24f2e85666d625fb1fe46ce86) - -Related: RHEL-47145 ---- - dracut-functions.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dracut-functions.sh b/dracut-functions.sh -index 43d905e3..b4d57454 100755 ---- a/dracut-functions.sh -+++ b/dracut-functions.sh -@@ -243,7 +243,7 @@ get_maj_min() { - local _out - - if [[ $get_maj_min_cache_file ]]; then -- _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | awk '{print $NF}')" -+ _out="$(grep -m1 -oE "^${1//\\/\\\\} \S+$" "$get_maj_min_cache_file" | grep -oE "\S+$")" - fi - - if ! [[ "$_out" ]]; then --- -2.42.0 - diff --git a/SOURCES/0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch b/SOURCES/0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch new file mode 100644 index 0000000..7fb10a8 --- /dev/null +++ b/SOURCES/0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch @@ -0,0 +1,34 @@ +From cd5dbe004652d88b5d73418cba1e45c54ff9fd12 Mon Sep 17 00:00:00 2001 +From: Jo Zzsi +Date: Thu, 5 Sep 2024 09:09:36 -0400 +Subject: [PATCH 32/32] fix(fips-crypto-policies): make it depend on fips + dracut module + +(cherry picked from commit a2096dafdbfc88eed91ce34b1f4d27e7eb7ca839) + +Conflicts: + modules.d/01fips-crypto-policies/module-setup.sh + Due to upstream e6117b92fa0108dbaf9ea3ac0ec8f5a02487c812, which + was not cherry-picked. Resolved the conflict by keeping the + functions (i.e., undoing the cleanup of the upstream commit). + +Resolves: RHEL-59678 +--- + modules.d/01fips-crypto-policies/module-setup.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules.d/01fips-crypto-policies/module-setup.sh b/modules.d/01fips-crypto-policies/module-setup.sh +index ee00452e..140eae00 100755 +--- a/modules.d/01fips-crypto-policies/module-setup.sh ++++ b/modules.d/01fips-crypto-policies/module-setup.sh +@@ -11,6 +11,7 @@ check() { + + # called by dracut + depends() { ++ echo fips + return 0 + } + +-- +2.42.0 + diff --git a/SPECS/dracut.spec b/SPECS/dracut.spec index ad7660d..9304aeb 100644 --- a/SPECS/dracut.spec +++ b/SPECS/dracut.spec @@ -7,8 +7,8 @@ %global __requires_exclude pkg-config Name: dracut -Version: 102 -Release: 4%{?dist} +Version: 103 +Release: 1%{?dist} Summary: Initramfs generator using udev @@ -22,111 +22,102 @@ URL: https://github.com/dracut-ng/dracut-ng/wiki/ Source0: https://github.com/dracut-ng/dracut-ng/archive/refs/tags/%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -# feat(hwdb): add hwdb module to install hwdb.bin on demand -# Author: Pavel Valena -Patch1: 0001-feat-hwdb-add-hwdb-module-to-install-hwdb.bin-on-dem.patch # fix(rngd): install system service file # Author: Pavel Valena -Patch2: 0002-fix-rngd-install-system-service-file.patch +Patch1: 0001-fix-rngd-install-system-service-file.patch # revert: "fix(install.d): correctly install pre-genned image and die if no args" # Author: Pavel Valena -Patch3: 0003-revert-fix-install.d-correctly-install-pre-genned-im.patch +Patch2: 0002-revert-fix-install.d-correctly-install-pre-genned-im.patch # feat(kernel-install): do nothing when $KERNEL_INSTALL_INITRD_GENERATOR says so # Author: Zbigniew Jędrzejewski-Szmek -Patch4: 0004-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch +Patch3: 0003-feat-kernel-install-do-nothing-when-KERNEL_INSTALL_I.patch # fix(kernel-install): do not generate an initrd when one was specified # Author: Zbigniew Jędrzejewski-Szmek -Patch5: 0005-fix-kernel-install-do-not-generate-an-initrd-when-on.patch -# fix(crypt): decryption when rd.luks.name is set -# Author: Laszlo Gombos -Patch6: 0006-fix-crypt-decryption-when-rd.luks.name-is-set.patch +Patch4: 0004-fix-kernel-install-do-not-generate-an-initrd-when-on.patch # fix: incorrectly applied patch in commit c6d18c3c71597e78572378fc4dde391f1845b8 # Author: Pavel Valena -Patch7: 0007-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch +Patch5: 0005-fix-incorrectly-applied-patch-in-commit-c6d18c3c7159.patch # revert: "fix(crypt): unlock encrypted devices by default during boot" # Author: Pavel Valena -Patch8: 0008-revert-fix-crypt-unlock-encrypted-devices-by-default.patch -# fix(90kernel-modules): install blk modules using symbol blk_alloc_disk -# Author: Pavel Valena -Patch9: 0009-fix-90kernel-modules-install-blk-modules-using-symbo.patch +Patch6: 0006-revert-fix-crypt-unlock-encrypted-devices-by-default.patch # test: do not force include dash, let sh module make a selection # Author: Laszlo Gombos -Patch10: 0010-test-do-not-force-include-dash-let-sh-module-make-a-.patch +Patch7: 0007-test-do-not-force-include-dash-let-sh-module-make-a-.patch # fix(dracut-functions): allow for \ in get_maj_min file path # Author: Pavel Valena -Patch11: 0011-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch +Patch8: 0008-fix-dracut-functions-allow-for-in-get_maj_min-file-p.patch # fix(dracut-functions.sh): only return block devices from get_persistent_dev # Author: Fabian Vogt -Patch12: 0012-fix-dracut-functions.sh-only-return-block-devices-fr.patch +Patch9: 0009-fix-dracut-functions.sh-only-return-block-devices-fr.patch # feat(systemd*): include systemd config files from /usr/lib/systemd # Author: Pavel Valena -Patch13: 0013-feat-systemd-include-systemd-config-files-from-usr-l.patch +Patch10: 0010-feat-systemd-include-systemd-config-files-from-usr-l.patch # fix(resume): always include the resume module # Author: Pavel Valena -Patch14: 0014-fix-resume-always-include-the-resume-module.patch +Patch11: 0011-fix-resume-always-include-the-resume-module.patch # feat(dracut-init.sh): allow changing the destination directory for inst et al # Author: Philipp Rudo -Patch15: 0015-feat-dracut-init.sh-allow-changing-the-destination-d.patch +Patch12: 0012-feat-dracut-init.sh-allow-changing-the-destination-d.patch # fix(dracut-init.sh): add module to mods_to_load before checking dependencies # Author: Philipp Rudo -Patch16: 0016-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch +Patch13: 0013-fix-dracut-init.sh-add-module-to-mods_to_load-before.patch # feat(squash): move mksquashfs to 99squash/modules-setup # Author: Philipp Rudo -Patch17: 0017-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch +Patch14: 0014-feat-squash-move-mksquashfs-to-99squash-modules-setu.patch # feat(squash): split 95squash-squashfs from 99squash # Author: Philipp Rudo -Patch18: 0018-feat-squash-split-95squash-squashfs-from-99squash.patch +Patch15: 0015-feat-squash-split-95squash-squashfs-from-99squash.patch # feat(squash): add module 95squash-erofs # Author: Philipp Rudo -Patch19: 0019-feat-squash-add-module-95squash-erofs.patch +Patch16: 0016-feat-squash-add-module-95squash-erofs.patch # feat(lsinitrd): add support for erofs images # Author: Philipp Rudo -Patch20: 0020-feat-lsinitrd-add-support-for-erofs-images.patch +Patch17: 0017-feat-lsinitrd-add-support-for-erofs-images.patch # feat(dracut-initramfs-restore): unpack erofs images # Author: Philipp Rudo -Patch21: 0021-feat-dracut-initramfs-restore-unpack-erofs-images.patch +Patch18: 0018-feat-dracut-initramfs-restore-unpack-erofs-images.patch # fix(squash): explicitly create required directories # Author: Philipp Rudo -Patch22: 0022-fix-squash-explicitly-create-required-directories.patch +Patch19: 0019-fix-squash-explicitly-create-required-directories.patch # fix(squash): use 99busybox instead of installing it manually # Author: Philipp Rudo -Patch23: 0023-fix-squash-use-99busybox-instead-of-installing-it-ma.patch -# feat(dmdquash-live): add support for using erofs -# Author: Brian C. Lane -Patch24: 0024-feat-dmdquash-live-add-support-for-using-erofs.patch +Patch20: 0020-fix-squash-use-99busybox-instead-of-installing-it-ma.patch # fix(nfs): set correct ownership and permissions for statd directory # Author: Lukas Nykryn -Patch25: 0025-fix-nfs-set-correct-ownership-and-permissions-for-st.patch +Patch21: 0021-fix-nfs-set-correct-ownership-and-permissions-for-st.patch # fix(resume): do not include resume if swap is on netdevice # Author: Pavel Valena -Patch26: 0026-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch +Patch22: 0022-fix-resume-do-not-include-resume-if-swap-is-on-netde.patch # feat(dracut-init.sh): give --force-add precedence over --omit # Author: Pavel Valena -Patch27: 0027-feat-dracut-init.sh-give-force-add-precedence-over-o.patch +Patch23: 0023-feat-dracut-init.sh-give-force-add-precedence-over-o.patch # feat(lsinitrd.sh): look for initrd in /usr/lib/modules/ # Author: Pavel Valena -Patch28: 0028-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch +Patch24: 0024-feat-lsinitrd.sh-look-for-initrd-in-usr-lib-modules.patch # feat(fips): include fips module unconditionally # Author: Pavel Valena -Patch29: 0029-feat-fips-include-fips-module-unconditionally.patch +Patch25: 0025-feat-fips-include-fips-module-unconditionally.patch # fix(nfs): include also entries from /usr/lib/{passwd,group} # Author: Pavel Valena -Patch30: 0030-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch -# fix(dracut-functions): avoid awk in get_maj_min() -# Author: Daniel McIlvaney -Patch31: 0031-fix-dracut-functions-avoid-awk-in-get_maj_min.patch +Patch26: 0026-fix-nfs-include-also-entries-from-usr-lib-passwd-gro.patch # revert(dracut-init.sh): add module to mods_to_load before checking dependencies # Author: Philipp Rudo -Patch32: 0032-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch +Patch27: 0027-revert-dracut-init.sh-add-module-to-mods_to_load-bef.patch # fix(squash): remove cyclic dependency # Author: Philipp Rudo -Patch33: 0033-fix-squash-remove-cyclic-dependency.patch +Patch28: 0028-fix-squash-remove-cyclic-dependency.patch # fix(dracut.sh): exit when installing the squash loader fails # Author: Philipp Rudo -Patch34: 0034-fix-dracut.sh-exit-when-installing-the-squash-loader.patch +Patch29: 0029-fix-dracut.sh-exit-when-installing-the-squash-loader.patch # fix(squash-lib): harden against empty $initdir # Author: Philipp Rudo -Patch35: 0035-fix-squash-lib-harden-against-empty-initdir.patch +Patch30: 0030-fix-squash-lib-harden-against-empty-initdir.patch +# feat(fips-crypto-policies): make c-p follow FIPS mode automatically +# Author: Clemens Lang +Patch31: 0031-feat-fips-crypto-policies-make-c-p-follow-FIPS-mode-.patch +# fix(fips-crypto-policies): make it depend on fips dracut module +# Author: Jo Zzsi +Patch32: 0032-fix-fips-crypto-policies-make-it-depend-on-fips-drac.patch # Please use source-git to work with this spec file: # HowTo: https://packit.dev/source-git/work-with-source-git @@ -357,6 +348,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{dracutlibdir}/modules.d/00warpclock %endif %{dracutlibdir}/modules.d/01fips +%{dracutlibdir}/modules.d/01fips-crypto-policies %{dracutlibdir}/modules.d/01systemd-ac-power %{dracutlibdir}/modules.d/01systemd-ask-password %{dracutlibdir}/modules.d/01systemd-bsod @@ -535,6 +527,12 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/ %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install %changelog +* Fri Nov 01 2024 Pavel Valena - 103-1 +- Update to dracut 103. +- feat(fips-crypto-policies): make c-p follow FIPS mode automatically +- fix(fips-crypto-policies): make it depend on fips dracut module + Resolves: RHEL-59678,RHEL-65204 + * Tue Oct 29 2024 Troy Dawson - 102-4 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018