dracut.conf.d/50-nss-softokn.conf000064400000000101151054757350012555 0ustar00# turn on nss-softokn module add_dracutmodules+=" nss-softokn " dracut.conf.d/01-dist.conf000064400000003011151054757350011233 0ustar00# dracut config file customized for RedHat/Fedora. # i18n i18n_vars="/etc/sysconfig/keyboard:KEYTABLE-KEYMAP /etc/sysconfig/i18n:SYSFONT-FONT,FONTACM-FONT_MAP,FONT_UNIMAP" i18n_default_font="eurlatgr" i18n_install_all="yes" stdloglvl=3 sysloglvl=5 install_optional_items+=" vi /usr/libexec/vi /etc/virc ps grep cat rm " prefix="/" environment=/usr/lib/environment.d environmentconfdir=/etc/environment.d dbus=/usr/share/dbus-1 dbusinterfaces=/usr/share/dbus-1/interfaces dbusservices=/usr/share/dbus-1/services dbussession=/usr/share/dbus-1/session.d dbussystem=/usr/share/dbus-1/system.d dbussystemservices=/usr/share/dbus-1/system-services dbusconfdir=/etc/dbus-1 dbusinterfacesconfdir=/etc/dbus-1/interfaces dbusservicesconfdir=/etc/dbus-1/services dbussessionconfdir=/etc/dbus-1/session.d dbussystemconfdir=/etc/dbus-1/system.d dbussystemservicesconfdir=/etc/dbus-1/system-services sysctld=/usr/lib/sysctl.d sysctlconfdir=/etc/sysctl.d systemdutildir=/usr/lib/systemd systemdutilconfdir=/etc/systemd systemdcatalog=/usr/lib/systemd/catalog systemdntpunits=/usr/lib/systemd/ntp-units.d systemdntpunitsconfdir=/etc/systemd/ntp-units.d systemdportable=/usr/lib/systemd/portable systemdportableconfdir=/etc/systemd/portable systemdsystemunitdir=/usr/lib/systemd/system systemdsystemconfdir=/etc/systemd/system systemduser=/usr/lib/systemd/user systemduserconfdir=/etc/systemd/user sysusers=/usr/lib/sysusers.d sysusersconfdir=/etc/sysusers.d udevdir=/usr/lib/udev hostonly="yes" hostonly_cmdline="no" early_microcode="yes" reproducible="yes" dracut.conf.d/02-rescue.conf000064400000000032151054757350011557 0ustar00dracut_rescue_image="yes" dracut.conf.d/01-microcode.conf000064400000000026151054757350012237 0ustar00early_microcode="yes" dracut.conf.d/99-microcode-override.conf000064400000000425151054757350014100 0ustar00## Uncomment the following line in order to disable ## microcode_ctl module that is used for $fw_dir variable overriding. ## ## Please refer to /usr/share/doc/microcode_ctl/README.caveats ## for additional information. ## #omit_dracutmodules+=' microcode_ctl-fw_dir_override ' modules.d/05nss-softokn/module-setup.sh000075500000000447151054757350014072 0ustar00#!/usr/bin/bash # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- # ex: ts=8 sw=4 sts=4 et filetype=sh check() { return 255 } depends() { return 0 } install() { local _dir inst_libdir_file libfreeblpriv3.so libfreeblpriv3.chk \ libfreebl3.so } modules.d/00bash/module-setup.sh000075500000001341151054757350012510 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries bash || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst /bin/bash # Prefer bash as default shell if no other shell is preferred. [[ -L $initdir/bin/sh ]] || ln -sf bash "${initdir}/bin/sh" } modules.d/00systemd/module-setup.sh000075500000025234151054757350013272 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { [[ $mount_needs ]] && return 1 # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries "$systemdutildir"/systemd || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # called by dracut depends() { return 0 } installkernel() { hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256 sg instmods -s efivarfs } # called by dracut install() { local _mods if [[ $prefix == /run/* ]]; then dfatal 'systemd does not work with a prefix, which contains "/run"!!' exit 1 fi inst_multiple -o \ "$systemdutildir"/systemd \ "$systemdutildir"/systemd-coredump \ "$systemdutildir"/systemd-cgroups-agent \ "$systemdutildir"/systemd-executor \ "$systemdutildir"/systemd-shutdown \ "$systemdutildir"/systemd-reply-password \ "$systemdutildir"/systemd-fsck \ "$systemdutildir"/systemd-udevd \ "$systemdutildir"/systemd-journald \ "$systemdutildir"/systemd-sysctl \ "$systemdutildir"/systemd-modules-load \ "$systemdutildir"/systemd-vconsole-setup \ "$systemdutildir"/systemd-volatile-root \ "$systemdutildir"/systemd-sysroot-fstab-check \ "$systemdutildir"/system-generators/systemd-debug-generator \ "$systemdutildir"/system-generators/systemd-fstab-generator \ "$systemdutildir"/system-generators/systemd-gpt-auto-generator \ \ "$systemdsystemunitdir"/debug-shell.service \ "$systemdsystemunitdir"/cryptsetup.target \ "$systemdsystemunitdir"/cryptsetup-pre.target \ "$systemdsystemunitdir"/remote-cryptsetup.target \ "$systemdsystemunitdir"/emergency.target \ "$systemdsystemunitdir"/sysinit.target \ "$systemdsystemunitdir"/basic.target \ "$systemdsystemunitdir"/halt.target \ "$systemdsystemunitdir"/kexec.target \ "$systemdsystemunitdir"/local-fs.target \ "$systemdsystemunitdir"/local-fs-pre.target \ "$systemdsystemunitdir"/remote-fs.target \ "$systemdsystemunitdir"/remote-fs-pre.target \ "$systemdsystemunitdir"/multi-user.target \ "$systemdsystemunitdir"/network.target \ "$systemdsystemunitdir"/network-pre.target \ "$systemdsystemunitdir"/network-online.target \ "$systemdsystemunitdir"/nss-lookup.target \ "$systemdsystemunitdir"/nss-user-lookup.target \ "$systemdsystemunitdir"/poweroff.target \ "$systemdsystemunitdir"/reboot.target \ "$systemdsystemunitdir"/rescue.target \ "$systemdsystemunitdir"/rpcbind.target \ "$systemdsystemunitdir"/shutdown.target \ "$systemdsystemunitdir"/final.target \ "$systemdsystemunitdir"/sigpwr.target \ "$systemdsystemunitdir"/sockets.target \ "$systemdsystemunitdir"/swap.target \ "$systemdsystemunitdir"/timers.target \ "$systemdsystemunitdir"/paths.target \ "$systemdsystemunitdir"/umount.target \ \ "$systemdsystemunitdir"/sys-kernel-config.mount \ \ "$systemdsystemunitdir"/kmod-static-nodes.service \ "$systemdsystemunitdir"/systemd-tmpfiles-setup.service \ "$systemdsystemunitdir"/systemd-tmpfiles-setup-dev.service \ "$systemdsystemunitdir"/systemd-ask-password-console.path \ "$systemdsystemunitdir"/systemd-udevd-control.socket \ "$systemdsystemunitdir"/systemd-udevd-kernel.socket \ "$systemdsystemunitdir"/systemd-ask-password-plymouth.path \ "$systemdsystemunitdir"/systemd-journald.socket \ "$systemdsystemunitdir"/systemd-journald-audit.socket \ "$systemdsystemunitdir"/systemd-ask-password-console.service \ "$systemdsystemunitdir"/systemd-modules-load.service \ "$systemdsystemunitdir"/systemd-halt.service \ "$systemdsystemunitdir"/systemd-poweroff.service \ "$systemdsystemunitdir"/systemd-reboot.service \ "$systemdsystemunitdir"/systemd-kexec.service \ "$systemdsystemunitdir"/systemd-fsck@.service \ "$systemdsystemunitdir"/systemd-udevd.service \ "$systemdsystemunitdir"/systemd-udev-trigger.service \ "$systemdsystemunitdir"/systemd-udev-settle.service \ "$systemdsystemunitdir"/systemd-ask-password-plymouth.service \ "$systemdsystemunitdir"/systemd-journald.service \ "$systemdsystemunitdir"/systemd-vconsole-setup.service \ "$systemdsystemunitdir"/systemd-volatile-root.service \ "$systemdsystemunitdir"/systemd-random-seed-load.service \ "$systemdsystemunitdir"/systemd-random-seed.service \ "$systemdsystemunitdir"/systemd-sysctl.service \ \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-modules-load.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-ask-password-console.path \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-journald.service \ "$systemdsystemunitdir"/sockets.target.wants/systemd-udevd-control.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-udevd-kernel.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-audit.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-dev-log.socket \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-udevd.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-udev-trigger.service \ "$systemdsystemunitdir"/sysinit.target.wants/kmod-static-nodes.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-tmpfiles-setup.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-tmpfiles-setup-dev.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-sysctl.service \ \ "$systemdsystemunitdir"/ctrl-alt-del.target \ "$systemdsystemunitdir"/reboot.target \ "$systemdsystemunitdir"/systemd-reboot.service \ "$systemdsystemunitdir"/syslog.socket \ \ "$systemdsystemunitdir"/slices.target \ "$systemdsystemunitdir"/system.slice \ "$systemdsystemunitdir"/-.slice \ \ "$tmpfilesdir"/systemd.conf \ \ journalctl systemctl \ echo swapoff \ kmod insmod rmmod modprobe modinfo depmod lsmod \ mount umount reboot poweroff \ systemd-run systemd-escape \ systemd-cgls systemd-tmpfiles \ systemd-ask-password systemd-tty-ask-password-agent \ /etc/udev/udev.hwdb inst_multiple -o \ /usr/lib/modules-load.d/*.conf \ /usr/lib/sysctl.d/*.conf modules_load_get() { local _line i for i in "$dracutsysrootdir$1"/*.conf; do [[ -f $i ]] || continue while read -r _line || [ -n "$_line" ]; do case $_line in \#*) ;; \;*) ;; *) echo "$_line" ;; esac done < "$i" done } mapfile -t _mods < <(modules_load_get /usr/lib/modules-load.d) [[ ${#_mods[@]} -gt 0 ]] && hostonly='' instmods "${_mods[@]}" if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/systemd/journald.conf \ /etc/systemd/journald.conf.d/*.conf \ /etc/systemd/system.conf \ /etc/systemd/system.conf.d/*.conf \ /etc/hosts \ /etc/hostname \ /etc/nsswitch.conf \ /etc/machine-id \ /etc/machine-info \ /etc/vconsole.conf \ /etc/locale.conf \ /etc/modules-load.d/*.conf \ /etc/sysctl.d/*.conf \ /etc/sysctl.conf \ /etc/udev/udev.conf mapfile -t _mods < <(modules_load_get /etc/modules-load.d) [[ ${#_mods[@]} -gt 0 ]] && hostonly='' instmods "${_mods[@]}" fi if ! [[ -e "$initdir/etc/machine-id" ]]; then : > "$initdir/etc/machine-id" chmod 444 "$initdir/etc/machine-id" fi # install adm user/group for journald inst_multiple nologin { grep '^systemd-journal:' "$dracutsysrootdir"/etc/passwd 2> /dev/null grep '^adm:' "$dracutsysrootdir"/etc/passwd 2> /dev/null # we don't use systemd-networkd, but the user is in systemd.conf tmpfiles snippet grep '^systemd-network:' "$dracutsysrootdir"/etc/passwd 2> /dev/null } >> "$initdir/etc/passwd" { grep '^systemd-journal:' "$dracutsysrootdir"/etc/group 2> /dev/null grep '^wheel:' "$dracutsysrootdir"/etc/group 2> /dev/null grep '^adm:' "$dracutsysrootdir"/etc/group 2> /dev/null grep '^utmp:' "$dracutsysrootdir"/etc/group 2> /dev/null grep '^root:' "$dracutsysrootdir"/etc/group 2> /dev/null # we don't use systemd-networkd, but the user is in systemd.conf tmpfiles snippet grep '^systemd-network:' "$dracutsysrootdir"/etc/group 2> /dev/null } >> "$initdir/etc/group" local _systemdbinary="$systemdutildir"/systemd if ldd "$_systemdbinary" | grep -qw libasan; then local _wrapper="$systemdutildir"/systemd-asan-wrapper cat > "$initdir"/"$_wrapper" << EOF #!/bin/sh mount -t proc -o nosuid,nodev,noexec proc /proc exec $_systemdbinary EOF chmod 755 "$initdir"/"$_wrapper" _systemdbinary="$_wrapper" unset _wrapper fi ln_r "$_systemdbinary" "/init" ln_r "$_systemdbinary" "/sbin/init" unset _systemdbinary inst_binary true ln_r "$(find_binary true)" "/usr/bin/loginctl" ln_r "$(find_binary true)" "/bin/loginctl" inst_rules \ 70-uaccess.rules \ 71-seat.rules \ 73-seat-late.rules \ 90-vconsole.rules \ 99-systemd.rules for i in \ emergency.target \ rescue.target \ systemd-ask-password-console.service \ systemd-ask-password-plymouth.service; do [[ -f "$systemdsystemunitdir"/$i ]] || continue $SYSTEMCTL -q --root "$initdir" add-wants "$i" systemd-vconsole-setup.service done mkdir -p "$initdir/etc/systemd" # We must use a volatile journal, and we don't want rate-limiting { echo "[Journal]" echo "Storage=volatile" echo "RateLimitInterval=0" echo "RateLimitBurst=0" } >> "$initdir/etc/systemd/journald.conf" $SYSTEMCTL -q --root "$initdir" set-default multi-user.target # Install library file(s) _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"libnss_*" } modules.d/00systemd-network-management/module-setup.sh000075500000001024151054757350017062 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd systemd-hostnamed systemd-networkd systemd-resolved systemd-timedated systemd-timesyncd # Return 0 to include the dependent module(s) in the initramfs. return 0 } modules.d/00warpclock/module-setup.sh000064400000001640151054757350013557 0ustar00#!/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # hwclock does not exist on S390(x), bail out silently then local _arch=${DRACUT_ARCH:-$(uname -m)} [ "$_arch" = "s390" -o "$_arch" = "s390x" ] && return 1 # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries hwclock || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_hook pre-trigger 00 "$moddir/warpclock.sh" inst_multiple -o \ /usr/share/zoneinfo/UTC \ /etc/localtime \ /etc/adjtime \ hwclock } modules.d/00warpclock/warpclock.sh000064400000000535151054757350013123 0ustar00#!/bin/sh # This file is part of dracut warpclock module. # SPDX-License-Identifier: GPL-2.0-or-later # Set the kernel's timezone and reset the system time # if adjtime is set to LOCAL. if test -e /etc/adjtime; then while read -r line; do if test "$line" = LOCAL; then hwclock --systz fi done < /etc/adjtime fi modules.d/01fips/fips-boot.sh000075500000000752151054757350012021 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1 elif [ -z "$fipsmode" ]; then die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" elif getarg boot= > /dev/null; then . /sbin/fips.sh fips_info "fips-boot: start" if mount_boot; then do_fips || die "FIPS integrity test failed" fi fips_info "fips-boot: done!" fi modules.d/01fips/fips-load-crypto.sh000064400000000673151054757350013312 0ustar00#!/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1 elif [ -z "$fipsmode" ]; then die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" else . /sbin/fips.sh fips_info "fips-load-crypto: start" fips_load_crypto || die "FIPS integrity test failed" fips_info "fips-load-crypto: done!" fi modules.d/01fips/fips-noboot.sh000075500000000730151054757350012352 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1 elif [ -z "$fipsmode" ]; then die "FIPS mode have to be enabled by 'fips=1' not just 'fips'" elif ! [ -f /tmp/fipsdone ]; then . /sbin/fips.sh fips_info "fips-noboot: start" mount_boot do_fips || die "FIPS integrity test failed" fips_info "fips-noboot: done!" fi modules.d/01fips/fips.sh000075500000021160151054757350011054 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh # systemd lets stdout go to journal only, but the system # has to halt when the integrity check fails to satisfy FIPS. if [ -z "$DRACUT_SYSTEMD" ]; then fips_info() { info "$*" } else fips_info() { echo "$*" >&2 } fi # Checks if a systemd-based UKI is running and ESP UUID is set is_uki() { [ -f /sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ] \ && [ -f /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f ] } mount_boot() { boot=$(getarg boot=) if is_uki && [ -z "$boot" ]; then # efivar file has 4 bytes header and contain UCS-2 data. Note, 'cat' is required # as sys/firmware/efi/efivars/ files are 'special' and don't allow 'seeking'. # shellcheck disable=SC2002 boot="PARTUUID=$(cat /sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f | tail -c +5 | tr -d '\0' | tr 'A-F' 'a-f')" fi if [ -n "$boot" ]; then if [ -d /boot ] && ismounted /boot; then boot_dev= if command -v findmnt > /dev/null; then boot_dev=$(findmnt -n -o SOURCE /boot) fi fips_info "Ignoring 'boot=$boot' as /boot is already mounted ${boot_dev:+"from '$boot_dev'"}" return 0 fi case "$boot" in LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) boot="$(label_uuid_to_dev "$boot")" ;; /dev/*) ;; *) die "You have to specify boot= as a boot option for fips=1" ;; esac if ! [ -e "$boot" ]; then udevadm trigger --action=add > /dev/null 2>&1 i=0 while ! [ -e "$boot" ]; do udevadm settle --exit-if-exists="$boot" [ -e "$boot" ] && break sleep 0.5 i=$((i + 1)) [ $i -gt 40 ] && break done fi [ -e "$boot" ] || return 1 mkdir -p /boot fips_info "Mounting $boot as /boot" mount -oro "$boot" /boot || return 1 FIPS_MOUNTED_BOOT=1 elif ! ismounted /boot && [ -d "$NEWROOT/boot" ]; then # shellcheck disable=SC2114 rm -fr -- /boot ln -sf "$NEWROOT/boot" /boot else die "You have to specify boot= as a boot option for fips=1" fi } do_rhevh_check() { KERNEL=$(uname -r) kpath=${1} # If we're on RHEV-H, the kernel is in /run/initramfs/live/vmlinuz0 HMAC_SUM_ORIG=$(while read -r a _ || [ -n "$a" ]; do printf "%s\n" "$a"; done < "$NEWROOT/boot/.vmlinuz-${KERNEL}.hmac") HMAC_SUM_CALC=$(sha512hmac "$kpath" | while read -r a _ || [ -n "$a" ]; do printf "%s\n" "$a"; done || return 1) if [ -z "$HMAC_SUM_ORIG" ] || [ -z "$HMAC_SUM_CALC" ] || [ "${HMAC_SUM_ORIG}" != "${HMAC_SUM_CALC}" ]; then warn "HMAC sum mismatch" return 1 fi fips_info "rhevh_check OK" return 0 } do_uki_check() { local KVER local uki_checked=0 KVER="$(uname -r)" # UKI are placed in $ESP\EFI\Linux\-.efi if ! [ "$FIPS_MOUNTED_BOOT" = 1 ]; then warn "Failed to mount ESP for doing UKI integrity check" return 1 fi for UKIpath in /boot/EFI/Linux/*-"$KVER".efi; do # UKIs are installed to $ESP/EFI/Linux/-.efi # and in some cases (e.g. when the image is used as a template for creating new # VMs) entry-token-or-machine-id can change. To make sure the running UKI is # always checked, check all UKIs which match the 'uname -r' of the running kernel # and fail the whole check if any of the matching UKIs are corrupted. [ -r "$UKIpath" ] || break local UKI="${UKIpath##*/}" local UKIHMAC=."$UKI".hmac fips_info "checking $UKIHMAC" (cd /boot/EFI/Linux/ && sha512hmac -c "$UKIHMAC") || return 1 uki_checked=1 done if [ "$uki_checked" = 0 ]; then warn "Failed for find UKI for checking" return 1 fi return 0 } nonfatal_modprobe() { modprobe "$1" 2>&1 > /dev/stdout \ | while read -r line || [ -n "$line" ]; do echo "${line#modprobe: FATAL: }" >&2 done } fips_load_crypto() { local _k local _v local _module local _found FIPSMODULES=$(cat /etc/fipsmodules) fips_info "Loading and integrity checking all crypto modules" mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak for _module in $FIPSMODULES; do if [ "$_module" != "tcrypt" ]; then if ! nonfatal_modprobe "${_module}" 2> /tmp/fips.modprobe_err; then # check if kernel provides generic algo _found=0 while read -r _k _ _v || [ -n "$_k" ]; do [ "$_k" != "name" -a "$_k" != "driver" ] && continue [ "$_v" != "$_module" ] && continue _found=1 break done < /proc/crypto [ "$_found" = "0" ] && cat /tmp/fips.modprobe_err >&2 && return 1 fi fi done mv /etc/modprobe.d/fips.conf.bak /etc/modprobe.d/fips.conf fips_info "Self testing crypto algorithms" modprobe tcrypt || return 1 rmmod tcrypt } do_fips() { KERNEL=$(uname -r) if ! getarg rd.fips.skipkernel > /dev/null; then fips_info "Checking integrity of kernel" if [ -e "/run/initramfs/live/vmlinuz0" ]; then do_rhevh_check /run/initramfs/live/vmlinuz0 || return 1 elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1 elif [ -e "/run/install/repo/images/pxeboot/vmlinuz" ]; then # This is a boot.iso with the .hmac inside the install.img do_rhevh_check /run/install/repo/images/pxeboot/vmlinuz || return 1 elif is_uki; then # This is a UKI do_uki_check || return 1 else BOOT_IMAGE="$(getarg BOOT_IMAGE)" # On s390x, BOOT_IMAGE isn't a path but an integer representing the # entry number selected. Let's try the root of /boot first, and # otherwise fallback to trying to parse the BLS entries if it's a # BLS-based system. if [ "$(uname -m)" = s390x ]; then if [ -e "/boot/vmlinuz-${KERNEL}" ]; then BOOT_IMAGE="vmlinuz-${KERNEL}" elif [ -d /boot/loader/entries ]; then i=0 # shellcheck disable=SC2012 for bls in $(ls -d /boot/loader/entries/*.conf | sort -rV); do if [ "$i" -eq "${BOOT_IMAGE:-0}" ] && [ -r "$bls" ]; then BOOT_IMAGE="$(grep -e '^linux' "$bls" | grep -o ' .*$')" BOOT_IMAGE=${BOOT_IMAGE## } break fi i=$((i + 1)) done fi fi # Trim off any leading GRUB boot device (e.g. ($root) ) BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')" BOOT_IMAGE_NAME="${BOOT_IMAGE##*/}" BOOT_IMAGE_PATH="${BOOT_IMAGE%${BOOT_IMAGE_NAME}}" if [ -z "$BOOT_IMAGE_NAME" ]; then BOOT_IMAGE_NAME="vmlinuz-${KERNEL}" elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then #if /boot is not a separate partition BOOT_IMAGE might start with /boot BOOT_IMAGE_PATH=${BOOT_IMAGE_PATH#"/boot"} #on some achitectures BOOT_IMAGE does not contain path to kernel #so if we can't find anything, let's treat it in the same way as if it was empty if ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then BOOT_IMAGE_NAME="vmlinuz-${KERNEL}" BOOT_IMAGE_PATH="" fi fi BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}/.${BOOT_IMAGE_NAME}.hmac" if ! [ -e "${BOOT_IMAGE_HMAC}" ]; then warn "${BOOT_IMAGE_HMAC} does not exist" return 1 fi (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1 fi fi fips_info "All initrd crypto checks done" : > /tmp/fipsdone if [ "$FIPS_MOUNTED_BOOT" = 1 ]; then fips_info "Unmounting /boot" umount /boot > /dev/null 2>&1 else fips_info "Not unmounting /boot" fi return 0 } modules.d/01fips/module-setup.sh000075500000003676151054757350012552 0ustar00#!/usr/bin/bash # called by dracut check() { return 0 } depends() { echo openssl } # called by dracut installkernel() { local _fipsmodules _mod _bootfstype if [[ -f "${srcmods}/modules.fips" ]]; then _fipsmodules="$(cat "${srcmods}/modules.fips")" else _fipsmodules="" # Hashes: _fipsmodules+="sha1 sha224 sha256 sha384 sha512 " _fipsmodules+="sha3-224 sha3-256 sha3-384 sha3-512 " _fipsmodules+="crc32c crct10dif ghash " # Ciphers: _fipsmodules+="cipher_null des3_ede aes cfb dh ecdh " # Modes/templates: _fipsmodules+="ecb cbc ctr xts gcm ccm authenc hmac cmac ofb cts " # Compression algs: _fipsmodules+="deflate lzo zlib " # PRNG algs: _fipsmodules+="ansi_cprng " # Misc: _fipsmodules+="aead cryptomgr tcrypt crypto_user " fi # shellcheck disable=SC2174 mkdir -m 0755 -p "${initdir}/etc/modprobe.d" for _mod in $_fipsmodules; do if hostonly='' instmods -c -s "$_mod"; then echo "$_mod" >> "${initdir}/etc/fipsmodules" echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf" fi done # with hostonly_default_device fs module for /boot is not installed by default if [[ $hostonly ]] && [[ $hostonly_default_device == "no" ]]; then _bootfstype=$(find_mp_fstype /boot) if [[ -n $_bootfstype ]]; then hostonly='' instmods "$_bootfstype" else dwarning "Can't determine fs type for /boot, FIPS check may fail." fi fi } # called by dracut install() { inst_hook pre-pivot 00 "$moddir/fips-boot.sh" inst_hook pre-pivot 01 "$moddir/fips-noboot.sh" inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh" inst_script "$moddir/fips.sh" /sbin/fips.sh inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort cat tail tr inst_simple /etc/system-fips } modules.d/01fips/openssl.cnf000064400000000210151054757350011720 0ustar00openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] default = default_sect [default_sect] activate = 1 modules.d/01systemd-ac-power/99-initrd-power-targets.rules000064400000000451151054757350017423 0ustar00# This file is part of dracut systemd ac power module SUBSYSTEM=="power_supply", KERNEL=="AC", ATTR{online}=="0", RUN+="/usr/sbin/systemctl start initrd-on-battery-power.target" SUBSYSTEM=="power_supply", KERNEL=="AC", ATTR{online}=="1", RUN+="/usr/sbin/systemctl start initrd-on-ac-power.target" modules.d/01systemd-ac-power/initrd-on-ac-power.target000064400000000324151054757350016643 0ustar00# This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later [Unit] Description=Initial RAM Disk On AC Power ConditionPathExists=/usr/lib/initrd-release DefaultDependencies=no StopWhenUnneeded=yes modules.d/01systemd-ac-power/initrd-on-battery-power.target000064400000000331151054757350017730 0ustar00# This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later [Unit] Description=Initial RAM Disk On Battery Power ConditionPathExists=/usr/lib/initrd-release DefaultDependencies=no StopWhenUnneeded=yes modules.d/01systemd-ac-power/module-setup.sh000075500000001416151054757350015002 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_rules "$moddir/99-initrd-power-targets.rules" inst_simple "$systemdutildir"/systemd-ac-power inst_simple "$moddir/initrd-on-ac-power.target" "$systemdsystemunitdir/initrd-on-ac-power.target" inst_simple "$moddir/initrd-on-battery-power.target" "$systemdsystemunitdir/initrd-on-battery-power.target" } modules.d/01systemd-ask-password/module-setup.sh000075500000004163151054757350015705 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries \ systemd-ask-password \ systemd-tty-ask-password-agent \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) for the module in the initramfs. install() { inst_multiple -o \ "$systemdsystemunitdir"/systemd-ask-password-console.path \ "$systemdsystemunitdir"/systemd-ask-password-console.service \ "$systemdsystemunitdir"/multi-user.target.wants/systemd-ask-password-wall.path \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-ask-password-console.path \ systemd-ask-password \ systemd-tty-ask-password-agent # Enable the systemd type service unit for systemd-ask-password. $SYSTEMCTL -q --root "$initdir" enable systemd-ask-password-console.service # Install systemd-ask-password plymouth units if plymouth is enabled. if dracut_module_included "plymouth"; then inst_multiple -o \ "$systemdsystemunitdir"/systemd-ask-password-plymouth.path \ "$systemdsystemunitdir"/systemd-ask-password-plymouth.service $SYSTEMCTL -q --root "$initdir" enable systemd-ask-password-plymouth.service fi # Uncomment this section if the usecase for wall module in the initramfs arises. # Install systemd-ask-password wall units if is enabled. #if dracut_module_included ""; then # inst_multiple -o \ # $systemdsystemunitdir/systemd-ask-password-wall.path \ # $systemdsystemunitdir/systemd-ask-password-wall.service \ # $systemdsystemunitdir/multi-user.target.wants/systemd-ask-password-wall.path \ # # $SYSTEMCTL -q --root "$initdir" enable systemd-ask-password-wall.service #fi } modules.d/01systemd-coredump/module-setup.sh000075500000003527151054757350015110 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries \ coredumpctl \ "$systemdutildir"/systemd-coredump \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on the systemd module. echo systemd-journald systemd-sysctl systemd-sysusers # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_dir /var/lib/systemd/coredump inst_multiple -o \ "$sysctld"/50-coredump.conf \ "$systemdutildir"/coredump.conf \ "$systemdsystemunitdir"/systemd-coredump \ "$systemdsystemunitdir"/systemd-coredump.socket \ "$systemdsystemunitdir"/systemd-coredump@.service \ "$systemdsystemunitdir"/sockets.target.wants/systemd-coredump.socket \ "$sysusers"/systemd-coredump.conf \ coredumpctl # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdutilconfdir"/coredump.conf \ "$systemdsystemconfdir/coredump.conf.d/*.conf" \ "$systemdsystemconfdir"/systemd-coredump.socket \ "$systemdsystemconfdir/systemd-coredump.socket.d/*.conf" \ "$systemdsystemconfdir"/systemd-coredump@.service \ "$systemdsystemconfdir/systemd-coredump@.service.d/*.conf" \ "$systemdsystemconfdir"/sockets.target.wants/systemd-coredump.socket \ "$sysusersconfdir"/systemd-coredump.conf fi } modules.d/01systemd-hostnamed/99-systemd-networkd-dracut.conf000064400000000221151054757350020167 0ustar00# This file is part of dracut systemd-hostnamed module. [Service] User=systemd-network Group=systemd-hostname AmbientCapabilities=CAP_SYS_ADMIN modules.d/01systemd-hostnamed/module-setup.sh000075500000003311151054757350015243 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries \ hostnamectl \ "$systemdutildir"/systemd-hostnamed \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo dbus systemd-sysusers # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_simple "$moddir/systemd-hostname-dracut.conf" "$sysusers/systemd-hostname-dracut.conf" inst_simple "$moddir/org.freedesktop.hostname1_dracut.conf" "$dbussystem/org.freedesktop.hostname1_dracut.conf" inst_simple "$moddir/99-systemd-networkd-dracut.conf" "$systemdsystemunitdir/systemd-hostnamed.service.d/99-systemd-networkd-dracut.conf" inst_multiple -o \ "$dbussystem"/org.freedesktop.hostname1.conf \ "$dbussystemservices"/org.freedesktop.hostname1.service \ "$systemdutildir"/systemd-hostnamed \ "$systemdsystemunitdir"/systemd-hostnamed.service \ "$systemdsystemunitdir/systemd-hostnamed.service.d/*.conf" \ hostnamectl # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/hostname \ "$systemdsystemconfdir"/systemd-hostnamed.service \ "$systemdsystemconfdir/systemd-hostnamed.service.d/*.conf" fi } modules.d/01systemd-hostnamed/org.freedesktop.hostname1_dracut.conf000064400000001035151054757350021472 0ustar00 modules.d/01systemd-hostnamed/systemd-hostname-dracut.conf000064400000000140151054757350017711 0ustar00# This file is part of dracut systemd-hostnamed module. g systemd-hostname - "systemd hostname" modules.d/01systemd-initrd/module-setup.sh000075500000001555151054757350014562 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $mount_needs ]] && return 1 return 0 } # called by dracut depends() { echo "systemd" } installkernel() { return 0 } # called by dracut install() { inst_multiple -o \ "$systemdsystemunitdir"/initrd.target \ "$systemdsystemunitdir"/initrd-fs.target \ "$systemdsystemunitdir"/initrd-root-device.target \ "$systemdsystemunitdir"/initrd-root-fs.target \ "$systemdsystemunitdir"/initrd-usr-fs.target \ "$systemdsystemunitdir"/initrd-switch-root.target \ "$systemdsystemunitdir"/initrd-switch-root.service \ "$systemdsystemunitdir"/initrd-cleanup.service \ "$systemdsystemunitdir"/initrd-udevadm-cleanup-db.service \ "$systemdsystemunitdir"/initrd-parse-etc.service $SYSTEMCTL -q --root "$initdir" set-default initrd.target } modules.d/01systemd-integritysetup/module-setup.sh000075500000003642151054757350016367 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries \ "$systemdutildir"/systemd-integritysetup \ "$systemdutildir"/system-generators/systemd-integritysetup-generator \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd dm # Return 0 to include the dependent module(s) in the initramfs. return 0 } installkernel() { instmods dm-integrity } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$systemdutildir"/systemd-integritysetup \ "$systemdutildir"/system-generators/systemd-integritysetup-generator \ "$systemdsystemunitdir"/integritysetup-pre.target \ "$systemdsystemunitdir"/integritysetup.target \ "$systemdsystemunitdir"/sysinit.target.wants/integritysetup.target # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/integritytab \ "$systemdsystemconfdir"/integritysetup.target \ "$systemdsystemconfdir/integritysetup.target.wants/*.target" \ "$systemdsystemconfdir"/integritysetup-pre.target \ "$systemdsystemconfdir/integritysetup-pre.target.wants/*.target" \ "$systemdsystemconfdir"/sysinit.target.wants/integritysetup.target \ "$systemdsystemconfdir/sysinit.target.wants/integritysetup.target.wants/*.target" fi # Install required libraries. _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" } modules.d/01systemd-journald/initrd.conf000064400000000336151054757350014261 0ustar00# This file is part of dracut systemd-journal module. # SPDX-License-Identifier: GPL-2.0-or-later # # Dracut requires volatile journal without rate-limiting [Journal] Storage=volatile RateLimitInterval=0 RateLimitBurst=0 modules.d/01systemd-journald/module-setup.sh000075500000005450151054757350015105 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries \ journalctl \ "$systemdutildir"/systemd-journald \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_simple "$moddir/initrd.conf" "$systemdutildir/journald.conf.d/initrd.conf" inst_multiple -o \ "$systemdutildir"/journald.conf \ "$systemdutildir/journald.conf.d/*.conf" \ "$systemdutildir"/systemd-journald \ "$systemdsystemunitdir"/systemd-journald.service \ "$systemdsystemunitdir"/systemd-journald.socket \ "$systemdsystemunitdir"/systemd-journald@.service \ "$systemdsystemunitdir"/systemd-journald@.socket \ "$systemdsystemunitdir"/systemd-journald-audit.socket \ "$systemdsystemunitdir"/systemd-journald-dev-log.socket \ "$systemdsystemunitdir"/systemd-journald-varlink@.socket \ "$systemdsystemunitdir"/systemd-journal-flush.service \ "$systemdsystemunitdir"/systemd-journal-catalog-update.service \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-audit.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald-dev-log.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-journald.socket \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-journald.service \ "$sysusers"/systemd-journal.conf \ journalctl # Install library file(s) _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"liblz4.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libzstd.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"liblzma.so.*" # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdutilconfdir"/journald.conf \ "$systemdutilconfdir/journald.conf.d/*.conf" \ "$systemdsystemconfdir"/systemd-journald.service \ "$systemdsystemconfdir/systemd-journald.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-journal-flush.service \ "$systemdsystemconfdir/systemd-journal-flush.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-journal-catalog-update.service \ "$systemdsystemconfdir/systemd-journal-catalog-update.service.d/*.conf" \ "$sysusersconfdir"/systemd-journal.conf fi } modules.d/01systemd-ldconfig/module-setup.sh000075500000002521151054757350015050 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries ldconfig || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ /etc/ld.so.cache \ /etc/ld.so.conf \ "/etc/ld.so.conf.d/*.conf" \ "$systemdsystemunitdir"/ldconfig.service \ "$systemdsystemunitdir/ldconfig.service.d/*.conf" \ "$systemdsystemunitdir"/sysinit.target.wants/ldconfig.service \ ldconfig # Install required libraries. _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"ld.so" # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdsystemconfdir"/ldconfig.service \ "$systemdsystemconfdir/ldconfig.service.d/*.conf" fi } modules.d/01systemd-modules-load/module-setup.sh000064400000002404151054757350015645 0ustar00#!/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries "$systemdutildir"/systemd-modules-load || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$modulesload/*.conf" \ "$systemdutildir"/systemd-modules-load \ "$systemdsystemunitdir"/systemd-modules-load.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-modules-load.service # Enable systemd type unit(s) $SYSTEMCTL -q --root "$initdir" enable systemd-modules-load.service # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$modulesloadconfdir/*.conf" \ "$systemdsystemconfdir"/systemd-modules-load.service \ "$systemdsystemconfdir/systemd-modules-load.service.d/*.conf" fi } modules.d/01systemd-repart/module-setup.sh000075500000002112151054757350014554 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries systemd-repart || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) for the module in the initramfs. install() { inst_multiple -o \ "$libdir/repart.d/*.conf" \ "$systemdsystemunitdir"/systemd-repart.service \ "$systemdsystemunitdir"/initrd-root-fs.target.wants/systemd-repart.service \ systemd-repart # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "/etc/repart.d/*.conf" \ "$systemdsystemconfdir"/systemd-repart.service \ "$systemdsystemconfdir/systemd-repart.service.d/*.conf" fi } modules.d/01systemd-resolved/module-setup.sh000075500000003533151054757350015112 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries \ resolvectl \ "$systemdutildir"/systemd-resolved \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo dbus systemd-sysusers # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_simple "$moddir/resolved-tmpfile-dracut.conf" "$tmpfilesdir/resolved-tmpfile-dracut.conf" inst_multiple -o \ "$dbussystem"/org.freedesktop.resolve1.conf \ "$dbussystemservices"/org.freedesktop.resolve1.service \ "$systemdutildir"/resolv.conf \ "$systemdutildir"/resolved.conf \ "$systemdutildir/resolved.conf.d/*.conf" \ "$systemdutildir"/systemd-resolved \ "$systemdsystemunitdir"/systemd-resolved.service \ "$systemdsystemunitdir/systemd-resolved.service.d/*.conf" \ "$sysusers"/systemd-resolve.conf \ resolvectl # Enable systemd type unit(s) $SYSTEMCTL -q --root "$initdir" enable systemd-resolved.service # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdutilconfdir"/resolved.conf \ "$systemdutilconfdir/resolved.conf.d/*.conf" \ "$systemdsystemconfdir"/systemd-resolved.service \ "$systemdsystemconfdir/systemd-resolved.service/*.conf" \ "$sysusersconfdir"/systemd-resolve.conf fi } modules.d/01systemd-resolved/resolved-tmpfile-dracut.conf000064400000000173151054757350017535 0ustar00# This file is part of dracut systemd-resolved module. L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf modules.d/01systemd-rfkill/module-setup.sh000075500000002351151054757350014547 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries "$systemdutildir"/systemd-rfkill || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$systemdutildir"/systemd-rfkill \ "$systemdsystemunitdir"/systemd-rfkill.service \ "$systemdsystemunitdir"/systemd-rfkill.socket # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdsystemconfdir"/systemd-rfkill.service \ "$systemdsystemconfdir/systemd-rfkill.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-rfkill.socket \ "$systemdsystemconfdir/systemd-rfkill.socket.d/*.conf" fi } modules.d/01systemd-sysctl/module-setup.sh000075500000002525151054757350014610 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries "$systemdutildir"/systemd-sysctl || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd-modules-load # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) for the module in the initramfs. install() { inst_multiple -o \ "$sysctld/*.conf" \ "$systemdsystemunitdir"/systemd-sysctl.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-sysctl.service \ "$systemdutildir"/systemd-sysctl # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/sysctl.conf \ "$sysctlconfdir/*.conf" \ "$systemdsystemconfdir"/systemd-sysctl.service \ "$systemdsystemconfdir/systemd-sysctl.service.d/*.conf" fi # Enable the systemd type service unit for sysctl. $SYSTEMCTL -q --root "$initdir" enable systemd-sysctl.service } modules.d/01systemd-sysext/module-setup.sh000075500000002464151054757350014630 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries systemd-sysext || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "/usr/lib/extensions/*" \ "/usr/lib/extension-release.d/extension-release.*" \ "$systemdsystemunitdir"/systemd-sysext.service \ "$systemdsystemunitdir/systemd-sysext.service.d/*.conf" \ systemd-sysext # Enable systemd type unit(s) $SYSTEMCTL -q --root "$initdir" enable systemd-sysext.service # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "/etc/extensions/*" \ "$systemdsystemconfdir"/systemd-sysext.service \ "$systemdsystemconfdir/systemd-sysext.service.d/*.conf" fi } modules.d/01systemd-sysusers/module-setup.sh000075500000002455151054757350015171 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries systemd-sysusers || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_simple "$moddir/sysusers-dracut.conf" "$systemdsystemunitdir/systemd-sysusers.service.d/sysusers-dracut.conf" inst_multiple -o \ "$sysusers"/basic.conf \ "$sysusers"/systemd.conf \ "$systemdsystemunitdir"/systemd-sysusers.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-sysusers.service \ systemd-sysusers # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$sysusersconfdir"/basic.conf \ "$sysusersconfdir"/systemd.conf \ "$systemdsystemconfdir"/systemd-sysusers.service \ "$systemdsystemconfdir/systemd-sysusers.service.d/*.conf" fi } modules.d/01systemd-sysusers/sysusers-dracut.conf000064400000000035151054757350016226 0ustar00[Unit] ConditionNeedsUpdate= modules.d/01systemd-timedated/module-setup.sh000075500000002361151054757350015225 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries \ timedatectl \ "$systemdutildir"/systemd-timedated \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo dbus # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$dbussystem"/org.freedesktop.timedate1.conf \ "$dbussystemservices"/org.freedesktop.timedate1.service \ "$systemdutildir"/systemd-timedated \ "$systemdsystemunitdir"/systemd-timedated.service \ timedatectl # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdsystemconfdir"/systemd-timedated.service \ "$systemdsystemconfdir/systemd-timedated.service/*.conf" fi } modules.d/01systemd-timesyncd/module-setup.sh000075500000004633151054757350015270 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries \ "$systemdutildir"/systemd-timesyncd \ "$systemdutildir"/systemd-time-wait-sync \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo dbus systemd-sysusers systemd-timedated # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # Enable this if networkd ( not the module ) is disabled at build time and you want to use timesyncd # inst_simple "$moddir/timesyncd-tmpfile-dracut.conf" "$tmpfilesdir/timesyncd-tmpfile-dracut.conf" inst_multiple -o \ "$dbussystem"/org.freedesktop.timesync1.conf \ "$dbussystemservices"/org.freedesktop.timesync1.service \ "$systemdntpunits/*.list" \ "$systemdutildir"/systemd-timesyncd \ "$systemdutildir"/systemd-time-wait-sync \ "$systemdutildir/timesyncd.conf.d/*.conf" \ "$systemdsystemunitdir"/systemd-timesyncd.service \ "$systemdsystemunitdir/systemd-timesyncd.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-time-wait-sync.service \ "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \ "$sysusers"/systemd-timesync.conf # Enable systemd type unit(s) for i in \ systemd-timesyncd.service \ systemd-time-wait-sync.service; do $SYSTEMCTL -q --root "$initdir" enable "$i" done # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$systemdntpunitsconfdir/*.list" \ "$systemdutilconfdir"/timesyncd.conf \ "$systemdutilconfdir/timesyncd.conf.d/*.conf" \ "$systemdsystemconfdir"/systemd-timesyncd.service \ "$systemdsystemconfdir/systemd-timesyncd.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-time-wait-sync.service \ "$systemdsystemunitdir/systemd-time-wait-sync.service.d/*.conf" \ "$sysusersconfdir"/systemd-timesync.conf fi } modules.d/01systemd-timesyncd/timesyncd-tmpfile-dracut.conf000064400000000144151054757350020063 0ustar00# This file is part of dracut systemd-timesyncd module. d /run/systemd/netif/links 0755 root root - modules.d/01systemd-tmpfiles/module-setup.sh000075500000005613151054757350015113 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries systemd-tmpfiles || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # Excluding "$tmpfilesdir/home.conf", sets up /home /srv # Excluding "$tmpfilesdir/portables.conf", belongs in seperated portables module # Excluding "$tmpfilesdir/journal-nocow.conf", requires spesific btrfs setup # Excluding "$tmpfilesdir/legacy.conf", belongs in seperated legacy module # Excluding "$tmpfilesdir/systemd-nologin.conf", belongs in seperated pam module # Excluding "$tmpfilesdir/systemd-nspawn.conf", belongs in seperated machined module # Excluding "$tmpfilesdir/systemd-pstore.conf", belongs in seperated pstore module # Excluding "$tmpfilesdir/x11.conf", belongs in seperated x11 module inst_multiple -o \ /usr/lib/group \ /usr/lib/passwd \ "$tmpfilesdir/etc.conf" \ "$tmpfilesdir/static-nodes-permissions.conf" \ "$tmpfilesdir/systemd-tmp.conf" \ "$tmpfilesdir/systemd.conf" \ "$tmpfilesdir/var.conf" \ "$systemdsystemunitdir"/systemd-tmpfiles-clean.service \ "$systemdsystemunitdir/systemd-tmpfiles-clean.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-tmpfiles-setup.service \ "$systemdsystemunitdir/systemd-tmpfiles-setup.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-tmpfiles-setup-dev.service \ "$systemdsystemunitdir/systemd-tmpfiles-setup-dev.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-tmpfiles-clean.timer \ "$systemdsystemunitdir"/timers.target.wants/systemd-tmpfiles-clean.timer \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-tmpfiles-setup-dev.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-tmpfiles-setup.service \ systemd-tmpfiles # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/group \ /etc/passwd \ "$tmpfilesconfdir/*.conf" \ "$systemdsystemconfdir"/systemd-tmpfiles-clean.service \ "$systemdsystemconfdir/systemd-tmpfiles-clean.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-tmpfiles-setup.service \ "$systemdsystemconfdir/systemd-tmpfiles-setup.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-tmpfiles-setup-dev.service \ "$systemdsystemconfdir/systemd-tmpfiles-setup-dev.service.d/*.conf" fi } modules.d/01systemd-udevd/module-setup.sh000075500000010640151054757350014373 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries \ udevadm \ "$systemdutildir"/systemd-udevd \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$udevdir"/hwdb.bin \ "$udevdir"/udev.conf \ "$udevdir"/ata_id \ "$udevdir"/cdrom_id \ "$udevdir"/dmi_memory_id \ "$udevdir"/fido_id \ "$udevdir"/mtd_probe \ "$udevdir"/mtp-probe \ "$udevdir"/scsi_id \ "$udevdir"/v4l_id \ "$udevrulesdir"/50-udev-default.rules \ "$udevrulesdir"/60-autosuspend.rules \ "$udevrulesdir"/60-block.rules \ "$udevrulesdir"/60-cdrom_id.rules \ "$udevrulesdir"/60-drm.rules \ "$udevrulesdir"/60-evdev.rules \ "$udevrulesdir"/60-fido-id.rules \ "$udevrulesdir"/60-input-id.rules \ "$udevrulesdir"/60-persistent-alsa.rules \ "$udevrulesdir"/60-persistent-input.rules \ "$udevrulesdir"/60-persistent-storage-tape.rules \ "$udevrulesdir"/60-persistent-storage.rules \ "$udevrulesdir"/60-persistent-v4l.rules \ "$udevrulesdir"/60-sensor.rules \ "$udevrulesdir"/60-serial.rules \ "$udevrulesdir"/64-btrfs.rules \ "$udevrulesdir"/70-joystick.rules \ "$udevrulesdir"/70-memory.rules \ "$udevrulesdir"/70-mouse.rules \ "$udevrulesdir"/70-touchpad.rules \ "$udevrulesdir"/75-net-description.rules \ "$udevrulesdir"/75-probe_mtd.rules \ "$udevrulesdir"/78-sound-card.rules \ "$udevrulesdir"/80-drivers.rules \ "$udevrulesdir"/80-net-setup-link.rules \ "$udevrulesdir"/81-net-dhcp.rules \ "$udevrulesdir"/99-systemd.rules \ "$systemdutildir"/systemd-udevd \ "$systemdsystemunitdir"/systemd-udevd.service \ "$systemdsystemunitdir/systemd-udevd.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-udev-trigger.service \ "$systemdsystemunitdir/systemd-udev-trigger.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-udev-settle.service \ "$systemdsystemunitdir/systemd-udev-settle.service.d/*.conf" \ "$systemdsystemunitdir"/systemd-udevd-control.socket \ "$systemdsystemunitdir"/systemd-udevd-kernel.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-udevd-control.socket \ "$systemdsystemunitdir"/sockets.target.wants/systemd-udevd-kernel.socket \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-udevd.service \ "$systemdsystemunitdir"/sysinit.target.wants/systemd-udev-trigger.service \ udevadm # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$udevconfdir"/hwdb.bin \ "$udevconfdir"/udev.conf \ "$udevrulesconfdir/*.rules" \ "$systemdutilconfdir"/hwdb/hwdb.bin \ "$systemdsystemconfdir"/systemd-udevd.service \ "$systemdsystemconfdir/systemd-udevd.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-udev-trigger.service \ "$systemdsystemconfdir/systemd-udev-trigger.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-udev-settle.service \ "$systemdsystemconfdir/systemd-udev-settle.service.d/*.conf" \ "$systemdsystemconfdir"/systemd-udevd-control.socket \ "$systemdsystemconfdir"/systemd-udevd-kernel.socket \ "$systemdsystemconfdir"/sockets.target.wants/systemd-udevd-control.socket \ "$systemdsystemconfdir"/sockets.target.wants/systemd-udevd-kernel.socket \ "$systemdsystemconfdir"/sysinit.target.wants/systemd-udevd.service \ "$systemdsystemconfdir"/sysinit.target.wants/systemd-udev-trigger.service fi # Install required libraries. _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libudev.so.*" } modules.d/01systemd-veritysetup/module-setup.sh000075500000004320151054757350015665 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries \ "$systemdutildir"/systemd-veritysetup \ "$systemdutildir"/system-generators/systemd-veritysetup-generator \ || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd dm # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$systemdutildir"/systemd-veritysetup \ "$systemdutildir"/system-generators/systemd-veritysetup-generator \ "$systemdsystemunitdir"/remote-veritysetup.target \ "$systemdsystemunitdir"/veritysetup-pre.target \ "$systemdsystemunitdir"/veritysetup.target \ "$systemdsystemunitdir"/sysinit.target.wants/veritysetup.target \ "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-veritysetup.target # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/veritytab \ "$systemdsystemconfdir"/veritysetup.target \ "$systemdsystemconfdir/veritysetup.target.wants/*.target" \ "$systemdsystemconfdir"/veritysetup-pre.target \ "$systemdsystemconfdir/veritysetup-pre.target.wants/*.target" \ "$systemdsystemconfdir"/remote-veritysetup.target \ "$systemdsystemconfdir/remote-veritysetup.target.wants/*.target" \ "$systemdsystemconfdir"/sysinit.target.wants/veritysetup.target \ "$systemdsystemconfdir/sysinit.target.wants/veritysetup.target.wants/*.target" \ "$systemdsystemconfdir"/initrd-root-device.target.wants/remote-veritysetup.target fi # Install required libraries. _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" } modules.d/03modsign/load-modsign-keys.sh000075500000000357151054757350014147 0ustar00#!/usr/bin/sh # # Licensed under the GPLv2 # # Copyright 2013 Red Hat, Inc. # Peter Jones for x in /lib/modules/keys/*; do [ "${x}" = "/lib/modules/keys/*" ] && break keyctl padd asymmetric "" @s < "${x}" done modules.d/03modsign/module-setup.sh000075500000001463151054757350013243 0ustar00#!/usr/bin/bash # # Licensed under the GPLv2 # # Copyright 2013 Red Hat, Inc. # Peter Jones # called by dracut check() { require_binaries keyctl || return 1 # do not include module in hostonly mode, # if no keys are present if [[ $hostonly ]]; then x=$(echo "$dracutsysrootdir"/lib/modules/keys/*) [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && return 255 fi return 0 } # called by dracut depends() { return 0 } # called by dracut install() { inst_dir /lib/modules/keys inst_binary keyctl inst_hook pre-trigger 01 "$moddir/load-modsign-keys.sh" for x in "$dracutsysrootdir"/lib/modules/keys/*; do [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && break inst_simple "${x#$dracutsysrootdir}" done } modules.d/03rescue/module-setup.sh000075500000000574151054757350013073 0ustar00#!/usr/bin/bash # called by dracut check() { # do not add this module by default return 255 } # called by dracut depends() { return 0 } # called by dracut install() { inst_multiple -o ps grep more cat rm strace free showmount \ ping netstat rpcinfo vi scp ping6 ssh \ fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.f2fs fsck.vfat e2fsck } modules.d/04watchdog/module-setup.sh000075500000001734151054757350013405 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { echo watchdog-modules return 0 } # called by dracut install() { # Do not add watchdog hooks if systemd module is included # In that case, systemd will manage watchdog kick if ! dracut_module_included "systemd"; then inst_hook cmdline 00 "$moddir/watchdog.sh" inst_hook cmdline 50 "$moddir/watchdog.sh" inst_hook pre-trigger 00 "$moddir/watchdog.sh" inst_hook initqueue 00 "$moddir/watchdog.sh" inst_hook mount 00 "$moddir/watchdog.sh" inst_hook mount 50 "$moddir/watchdog.sh" inst_hook mount 99 "$moddir/watchdog.sh" inst_hook pre-pivot 00 "$moddir/watchdog.sh" inst_hook pre-pivot 99 "$moddir/watchdog.sh" inst_hook cleanup 00 "$moddir/watchdog.sh" inst_hook cleanup 99 "$moddir/watchdog.sh" fi inst_hook emergency 02 "$moddir/watchdog-stop.sh" inst_multiple -o wdctl } modules.d/04watchdog/watchdog-stop.sh000075500000000101151054757350013530 0ustar00#!/usr/bin/sh [ -c /dev/watchdog ] && printf 'V' > /dev/watchdog modules.d/04watchdog/watchdog.sh000075500000000435151054757350012557 0ustar00#!/usr/bin/sh if [ -e /dev/watchdog ]; then if [ ! -e /tmp/watchdog_timeout ]; then wdctl -s 60 /dev/watchdog > /dev/null 2>&1 : > /tmp/watchdog_timeout fi info "Triggering watchdog" : > /dev/watchdog else modprobe ib700wdt modprobe i6300esb fi modules.d/04watchdog-modules/module-setup.sh000075500000001401151054757350015042 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { return 0 } # called by dracut install() { return 0 } installkernel() { local -A _drivers local _wdtdrv for _wd in /sys/class/watchdog/*; do ! [ -e "$_wd" ] && continue _wdtdrv=$(get_dev_module "$_wd") if [[ $_wdtdrv ]]; then instmods "$_wdtdrv" for i in $_wdtdrv; do _drivers[$i]=1 done fi done # ensure that watchdog module is loaded as early as possible if [[ ${!_drivers[*]} ]]; then echo "rd.driver.pre=\"$( IFS=, echo "${!_drivers[*]}" )\"" > "${initdir}"/etc/cmdline.d/00-watchdog.conf fi return 0 } modules.d/05busybox/module-setup.sh000075500000001101151054757350013265 0ustar00#!/usr/bin/bash # called by dracut check() { require_binaries busybox || return 1 return 255 } # called by dracut depends() { return 0 } # called by dracut install() { local _i _path _busybox local _progs=() _busybox=$(find_binary busybox) inst "$_busybox" /usr/bin/busybox for _i in $($_busybox --list); do [[ ${_i} == busybox ]] && continue _progs+=("${_i}") done for _i in "${_progs[@]}"; do _path=$(find_binary "$_i") [ -z "$_path" ] && continue ln_r /usr/bin/busybox "$_path" done } modules.d/06dbus-broker/module-setup.sh000075500000006255151054757350014031 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries busctl || return 1 require_binaries dbus-broker || return 1 require_binaries dbus-broker-launch || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on the systemd module. echo systemd systemd-sysusers # Return 0 to include the dependent systemd module in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # Create dbus related directories. inst_dir "$dbus" inst_dir "$dbusinterfaces" inst_dir "$dbusservices" inst_dir "$dbussession" inst_dir "$dbussystem" inst_dir "$dbussystemservices" inst_dir "$dbusconfdir" inst_dir "$dbusinterfacesconfdir" inst_dir "$dbusservicesconfdir" inst_dir "$dbussessionconfdir" inst_dir "$dbussystemconfdir" inst_dir "$dbussystemservicesconfdir" inst_multiple -o \ "$dbus"/session.conf \ "$dbus"/system.conf \ "$dbussystem"/org.freedesktop.systemd1.conf \ "$dbusservicesconfdir"/org.freedesktop.systemd1.service \ "$dbussystemservices"/org.freedesktop.systemd1.service \ "$sysusers"/dbus.conf \ "$systemdcatalog"/dbus-broker.catalog \ "$systemdcatalog"/dbus-broker-launch.catalog \ "$systemdsystemunitdir"/dbus-broker.service \ "$systemduser"/dbus-broker.service \ "$systemdsystemunitdir"/dbus.socket \ "$systemduser"/dbus.socket \ "$systemdsystemunitdir"/dbus.target.wants \ busctl dbus-broker dbus-broker-launch # Adjusting dependencies for initramfs in the dbus socket unit. # shellcheck disable=SC1004 sed -i -e \ '/^\[Unit\]/aDefaultDependencies=no\ Conflicts=shutdown.target\ Before=shutdown.target /^\[Socket\]/aRemoveOnStop=yes' \ "$initdir$systemdsystemunitdir/dbus.socket" $SYSTEMCTL -q --root "$initdir" enable dbus-broker.service # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$dbusconfdir"/session.conf \ "$dbusconfdir"/system.conf \ "$sysusersconfdir"/dbus.conf \ "$systemdsystemconfdir"/dbus.socket \ "$systemdsystemconfdir"/dbus.socket.d/*.conf \ "$systemdsystemconfdir"/dbus-broker.service \ "$systemdsystemconfdir"/dbus-broker.service.d/*.conf fi # We need to make sure that systemd-tmpfiles-setup.service->dbus.socket # will not wait for local-fs.target to start if swap is encrypted, # this would make dbus wait the timeout for the swap before loading. # This could delay sysinit services that are dependent on dbus.service. sed -i -Ee \ '/^After/s/(After[[:space:]]*=.*)(local-fs.target[[:space:]]*)(.*)/\1-\.mount \3/' \ "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service" } modules.d/06dbus-daemon/module-setup.sh000075500000006616151054757350014011 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_binaries busctl || return 1 require_binaries dbus-daemon || return 1 require_binaries dbus-send || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on the systemd module. echo systemd # Return 0 to include the dependent systemd module in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # dbus conflicts with dbus-broker. if dracut_module_included "dbus-broker"; then derror "dbus conflicts with dbus-broker in the initramfs." return 1 fi # Create dbus related directories. inst_dir "$dbus" inst_dir "$dbusinterfaces" inst_dir "$dbusservices" inst_dir "$dbussession" inst_dir "$dbussystem" inst_dir "$dbussystemservices" inst_dir "$dbusconfdir" inst_dir "$dbusinterfacesconfdir" inst_dir "$dbusservicesconfdir" inst_dir "$dbussessionconfdir" inst_dir "$dbussystemconfdir" inst_dir "$dbussystemservicesconfdir" inst_multiple -o \ "$dbus"/system.conf \ "$dbussystem"/org.freedesktop.systemd1.conf \ "$dbusservicesconfdir"/org.freedesktop.systemd1.service \ "$dbussystemservices"/org.freedesktop.systemd1.service \ "$systemdsystemunitdir"/dbus.service \ "$systemdsystemunitdir"/dbus.socket \ "$systemdsystemunitdir"/dbus.target.wants \ busctl dbus-send dbus-daemon # Adjusting dependencies for initramfs in the dbus service unit. # shellcheck disable=SC1004 sed -i -e \ '/^\[Unit\]/aDefaultDependencies=no\ Conflicts=shutdown.target\ Before=shutdown.target' \ "$initdir$systemdsystemunitdir/dbus.service" # Adjusting dependencies for initramfs in the dbus socket unit. # shellcheck disable=SC1004 sed -i -e \ '/^\[Unit\]/aDefaultDependencies=no\ Conflicts=shutdown.target\ Before=shutdown.target /^\[Socket\]/aRemoveOnStop=yes' \ "$initdir$systemdsystemunitdir/dbus.socket" # Adding the user and group for dbus grep '^\(d\|message\)bus:' "$dracutsysrootdir"/etc/passwd >> "$initdir/etc/passwd" grep '^\(d\|message\)bus:' "$dracutsysrootdir"/etc/group >> "$initdir/etc/group" # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ "$dbusconfdir"/system.conf \ "$systemdsystemconfdir"/dbus.socket \ "$systemdsystemconfdir"/dbus.socket.d/*.conf \ "$systemdsystemconfdir"/dbus.service \ "$systemdsystemconfdir"/dbus.service.d/*.conf fi # We need to make sure that systemd-tmpfiles-setup.service->dbus.socket # will not wait for local-fs.target to start if swap is encrypted, # this would make dbus wait the timeout for the swap before loading. # This could delay sysinit services that are dependent on dbus.service. sed -i -Ee \ '/^After/s/(After[[:space:]]*=.*)(local-fs.target[[:space:]]*)(.*)/\1-\.mount \3/' \ "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service" } modules.d/06rngd/module-setup.sh000064400000002457151054757350012541 0ustar00#!/bin/bash # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: # # Copyright (c) 2019 Red Hat, Inc. # Author: Renaud Métrich # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # check() { # if there's no rngd binary, no go. require_binaries rngd || return 1 return 0 } depends() { echo systemd return 0 } install() { inst rngd inst_simple "${systemdsystemunitdir}/rngd.service" if [ -r /etc/sysconfig/rngd ]; then inst_simple "${moddir}/sysconfig" "/etc/sysconfig/rngd" fi # make sure dependant libs are installed too inst_libdir_file opensc-pkcs11.so $SYSTEMCTL -q --root "$initdir" add-wants sysinit.target rngd.service } modules.d/06rngd/sysconfig000064400000000072151054757350011500 0ustar00RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt" modules.d/09dbus/module-setup.sh000075500000001251151054757350012541 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # We only want to return 255 since this is a meta module. return 255 } # Module dependency requirements. depends() { local _module # Add a dbus meta dependency based on the module in use. for _module in dbus-daemon dbus-broker; do if dracut_module_included "$_module"; then echo "$_module" return 0 fi done if find_binary dbus-broker &> /dev/null; then echo "dbus-broker" return 0 else echo "dbus-daemon" return 0 fi return 1 } modules.d/10i18n/10-console.rules000064400000000250151054757350012323 0ustar00# Console initialization - keyboard, font, etc. KERNEL=="tty0", RUN+="/sbin/initqueue --onetime --unique --name console_init_$name /lib/udev/console_init $root/$name" modules.d/10i18n/README000064400000010504151054757350010252 0ustar00dracut i18n module ------------------ INDEX 0. Introduction 1. Hostonly vs Generic 2. Configuration 2.1. Variables 2.2. Setting up mappings 2.3. Additional settings 3. Kernel parameters ~ 0. Introduction i18n module provides internationalization for initramfs at runtime. It is intended to be generic across different GNU/Linux distributions. i18n and keyboard settings are stored in different files among distributions. To deal with it avoiding hardcoding those differences in the installation script we handle it by mappings between variables used by dracut and the ones in the system. Package maintainer is expected to create those for his/her distribution and it's appreciated to share it with us, so we can include it in source package. 1. Hostonly vs Generic If you invoke dracut with '-H' option, i18n module install script will gather variables values from your configuration files using mappings provided in "/etc/dracut.conf.d/.conf". Those variables will be put in "etc/vconsole.conf" and "etc/locale.conf" files inside initramfs image. Next it will install only declared font, keymaps and so. When building generic image (dracut without '-H' option), install script copies all content of directories: consolefonts, consoletrans, unimaps and keymaps to image. Take into account that's about 4 MiB. 2. Configuration 2.1. Variables The following variables are used by i18n install script and at initramfs runtime: KEYMAP - keyboard translation table loaded by loadkeys KEYTABLE - base name for keyboard translation table; if UNICODE is true, Unicode version will be loaded. Overrides KEYMAP. EXT_KEYMAPS - list of extra keymaps to bo loaded (sep. by space) UNICODE - boolean, indicating UTF-8 mode FONT - console font FONT_MAP - see description of '-m' parameter in setfont manual FONT_UNIMAP - see description of '-u' parameter in setfont manual The following are appended to EXT_KEYMAPS only during build time: UNIKEYMAP GRP_TOGGLE They were used in 10redhat-i18n module, but not sure of its purpose. I'm leaving it in case... The following are taken from the environment: LANG LC_ALL If UNICODE variable is not provided, script indicates if UTF-8 should be used on the basis of LANG value (if it ends with ".utf8" or similar). 2.2. Setting up mappings Mappings between variables listed in 2.1. and the ones spread around your system are set up in /etc/dracut.conf.d/.conf. You need to assign mappings to i18n_vars. Here's an example: i18n_vars="/etc/conf.d/keymaps:KEYMAP,EXTENDED_KEYMAPS-EXT_KEYMAPS /etc/conf.d/consolefont:CONSOLEFONT-FONT,CONSOLETRANSLATION-FONT_MAP /etc/rc.conf:UNICODE" First we've got name of file in host file system tree. After colon there's mapping: -. If both variables have the same name you can enter just a single, but it's important to specify it! The module will source only variables you've listed. Below there's detailed description in BNF: ::= | " " ::= ":" ::= | "," ::= "-" | We assume no whitespace are allowed between symbols. is a file holding in your system. is a variable holding value of meaning the same as . is a variable which will be set up inside initramfs. If has the same name as we can omit . Example: /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS = /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS = /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS = /etc/conf.d/keymaps = KEYMAP,extended_keymaps-EXT_KEYMAPS = KEYMAP = KEYMAP = extended_keymaps-EXT_KEYMAPS = extended_keymaps = EXT_KEYMAPS 2.3. Additional settings If you encounter following error message: "Directories consolefonts, consoletrans, keymaps, unimaps not found.", you can provide path where those directories lie in your system by setting kbddir in configuration file (the same where you put mappings). 3. Kernel parameters If you create generic initramfs you can set up i18n by kernel parameters using variables listed in 2.1. (except of UNIKEYMAP and GRP_TOGGLE) The recommended minimum is: FONT and KEYMAP. modules.d/10i18n/console_init.sh000075500000003002151054757350012411 0ustar00#!/usr/bin/sh [ -n "$DRACUT_SYSTEMD" ] && exit 0 if [ -x "$systemdutildir"/systemd-vconsole-setup ]; then "$systemdutildir"/systemd-vconsole-setup "$@" fi [ -e /etc/vconsole.conf ] && . /etc/vconsole.conf DEFAULT_FONT=eurlatgr DEFAULT_KEYMAP=/etc/sysconfig/console/default.kmap set_keyboard() { local param [ "${UNICODE}" = 1 ] && param=-u || param=-a kbd_mode ${param} } set_terminal() { local dev=$1 if [ "${UNICODE}" = 1 ]; then printf '\033%%G' >&7 stty -F "${dev}" iutf8 else printf '\033%%@' >&7 stty -F "${dev}" -iutf8 fi } set_keymap() { local utf_switch if [ -z "${KEYMAP}" ]; then [ -f "${DEFAULT_KEYMAP}" ] && KEYMAP=${DEFAULT_KEYMAP} fi [ -n "${KEYMAP}" ] || return 1 [ "${UNICODE}" = 1 ] && utf_switch=-u # shellcheck disable=SC2086 loadkeys -q ${utf_switch} ${KEYMAP} ${EXT_KEYMAPS} } set_font() { setfont "${FONT-${DEFAULT_FONT}}" \ -C "${1}" \ ${FONT_MAP:+-m "${FONT_MAP}"} \ ${FONT_UNIMAP:+-u "${FONT_UNIMAP}"} } dev_close() { exec 6>&- exec 7>&- } dev_open() { local dev=$1 exec 6< "${dev}" \ && exec 7>> "${dev}" } dev=/dev/${1#/dev/} [ -c "${dev}" ] || { echo "Usage: $0 device" >&2 exit 1 } dev_open "${dev}" for fd in 6 7; do if ! [ -t ${fd} ]; then echo "ERROR: File descriptor not opened: ${fd}" >&2 dev_close exit 1 fi done set_keyboard set_terminal "${dev}" set_font "${dev}" set_keymap dev_close modules.d/10i18n/module-setup.sh000075500000022474151054757350012365 0ustar00#!/usr/bin/bash # called by dracut check() { [[ "$mount_needs" ]] && return 1 require_binaries setfont loadkeys kbd_mode || return 1 return 0 } # called by dracut depends() { return 0 } # called by dracut install() { declare -A KEYMAPS if dracut_module_included "systemd"; then unset FONT unset KEYMAP # shellcheck disable=SC1090 [[ -f "$dracutsysrootdir"/etc/vconsole.conf ]] && . "$dracutsysrootdir"/etc/vconsole.conf fi KBDSUBDIRS=(consolefonts consoletrans keymaps unimaps) DEFAULT_FONT="${i18n_default_font:-eurlatgr}" I18N_CONF="/etc/locale.conf" VCONFIG_CONF="/etc/vconsole.conf" findkeymap() { local -a MAPS local MAPNAME local INCLUDES local MAP local CMD local FN if [[ -f $dracutsysrootdir$1 ]]; then MAPS=("$1") else MAPNAME=${1%.map*} mapfile -t -d '' MAPS < <( find "${dracutsysrootdir}${kbddir}"/keymaps/ -type f \( -name "${MAPNAME}" -o -name "${MAPNAME}.map*" \) -print0 ) fi for MAP in "${MAPS[@]}"; do [[ -f $MAP ]] || continue [[ -v KEYMAPS["$MAP"] ]] && continue KEYMAPS["$MAP"]=1 case "$MAP" in *.gz) CMD="zgrep" ;; *.bz2) CMD="bzgrep" ;; *) CMD="grep" ;; esac readarray -t INCLUDES < <("$CMD" '^include ' "$MAP" | while read -r _ a _ || [ -n "$a" ]; do echo "${a//\"/}"; done) for INCL in "${INCLUDES[@]}"; do for FN in "$dracutsysrootdir""${kbddir}"/keymaps/**/"$INCL"*; do [[ -f $FN ]] || continue [[ -v KEYMAPS["$FN"] ]] || findkeymap "$FN" done done done } # Function gathers variables from distributed files among the tree, maps to # specified names and prints the result in format "new-name=value". # # $@ = list in format specified below (BNF notation) # # ::= | " " # ::= ":" # ::= | "," # ::= "-" | # # We assume no whitespace are allowed between symbols. # is a file holding in your system. # is a variable holding value of meaning the same as . # is a variable which will be set up inside initramfs. # If has the same name as we can omit . # # Example: # /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS # = /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS # = /etc/conf.d/keymaps:KEYMAP,extended_keymaps-EXT_KEYMAPS # = /etc/conf.d/keymaps # = KEYMAP,extended_keymaps-EXT_KEYMAPS # = KEYMAP # = KEYMAP # = extended_keymaps-EXT_KEYMAPS # = extended_keymaps # = EXT_KEYMAPS gather_vars() { local item map value # FIXME: double check # shellcheck disable=SC2068 for item in "$@"; do read -r -a item <<< "${item/:/ }" for map in ${item[1]//,/ }; do read -r -a map <<< "${map//-/ }" if [[ -f "$dracutsysrootdir${item[0]}" ]]; then value=$(grep "^${map[0]}=" "$dracutsysrootdir${item[0]}") value=${value#*=} echo "${map[1]:-${map[0]}}=${value}" fi unset map done done } install_base() { inst_multiple setfont loadkeys kbd_mode stty if ! dracut_module_included "systemd"; then inst "${moddir}"/console_init.sh /lib/udev/console_init inst_rules "${moddir}"/10-console.rules inst_hook cmdline 20 "${moddir}/parse-i18n.sh" fi if [[ ${kbddir} != "/usr/share" ]]; then inst_dir /usr/share for _src in "${KBDSUBDIRS[@]}"; do [ ! -e "${initdir}/usr/share/${_src}" ] && ln -s "${kbddir}/${_src}" "${initdir}/usr/share/${_src}" done fi } install_all_kbd() { local _src _line for _src in "${KBDSUBDIRS[@]}"; do inst_dir "${kbddir}/$_src" $DRACUT_CP -L -t "${initdir}/${kbddir}/$_src" "${dracutsysrootdir}${kbddir}/$_src"/* done # remove unnecessary files rm -f -- "${initdir}${kbddir}/consoletrans/utflist" find "${initdir}${kbddir}/" -name README\* -delete find "${initdir}${kbddir}/" -name '*.gz' -print -quit \ | while read -r _line || [ -n "$_line" ]; do inst_multiple gzip done find "${initdir}${kbddir}/" -name '*.bz2' -print -quit \ | while read -r _line || [ -n "$_line" ]; do inst_multiple bzip2 done } install_local_i18n() { local map # shellcheck disable=SC2086 eval "$(gather_vars ${i18n_vars})" # shellcheck disable=SC1090 [ -f "$dracutsysrootdir"$I18N_CONF ] && . "$dracutsysrootdir"$I18N_CONF # shellcheck disable=SC1090 [ -f "$dracutsysrootdir"$VCONFIG_CONF ] && . "$dracutsysrootdir"$VCONFIG_CONF shopt -q -s nocasematch if [[ ${UNICODE} ]]; then if [[ ${UNICODE} == YES || ${UNICODE} == 1 ]]; then UNICODE=1 elif [[ ${UNICODE} == NO || ${UNICODE} == 0 ]]; then UNICODE=0 else UNICODE='' fi fi if [[ ! ${UNICODE} && ${LANG} =~ .*\.UTF-?8 ]]; then UNICODE=1 fi shopt -q -u nocasematch # Gentoo user may have KEYMAP set to something like "-u pl2", KEYMAP=${KEYMAP#-* } # openSUSE user may have KEYMAP set to something like ".gz" KEYMAP=${KEYMAP/.gz/} # KEYTABLE is a bit special - it defines base keymap name and UNICODE # determines whether non-UNICODE or UNICODE version is used if [[ ${KEYTABLE} ]]; then if [[ ${UNICODE} == 1 ]]; then [[ ${KEYTABLE} =~ .*\.uni.* ]] || KEYTABLE=${KEYTABLE%.map*}.uni fi KEYMAP=${KEYTABLE} fi # I'm not sure of the purpose of UNIKEYMAP and GRP_TOGGLE. They were in # original redhat-i18n module. Anyway it won't hurt. EXT_KEYMAPS+=\ ${UNIKEYMAP}\ ${GRP_TOGGLE} [[ ${KEYMAP} ]] || { dinfo 'No KEYMAP configured.' return 1 } findkeymap "${KEYMAP}" for map in ${EXT_KEYMAPS}; do ddebug "Adding extra map: ${map}" findkeymap "${map}" done for keymap in "${!KEYMAPS[@]}"; do inst_opt_decompress "${keymap}" done inst_opt_decompress "${kbddir}"/consolefonts/"${DEFAULT_FONT}".* if [[ ${FONT} ]] && [[ ${FONT} != "${DEFAULT_FONT}" ]]; then FONT=${FONT%.psf*} inst_opt_decompress "${kbddir}"/consolefonts/"${FONT}".* fi if [[ ${FONT_MAP} ]]; then FONT_MAP=${FONT_MAP%.trans} # There are three different formats that setfont supports inst_simple "${kbddir}"/consoletrans/"${FONT_MAP}" \ || inst_simple "${kbddir}"/consoletrans/"${FONT_MAP}".trans \ || inst_simple "${kbddir}"/consoletrans/"${FONT_MAP}"_to_uni.trans \ || dwarn "Could not find FONT_MAP ${FONT_MAP}!" fi if [[ ${FONT_UNIMAP} ]]; then FONT_UNIMAP=${FONT_UNIMAP%.uni} inst_simple "${kbddir}"/unimaps/"${FONT_UNIMAP}".uni fi if dracut_module_included "systemd" && [[ -f $dracutsysrootdir${I18N_CONF} ]]; then inst_simple ${I18N_CONF} else mksubdirs "${initdir}"${I18N_CONF} print_vars LC_ALL LANG >> "${initdir}"${I18N_CONF} fi if ! dracut_module_included "systemd"; then mksubdirs "${initdir}"${VCONFIG_CONF} print_vars KEYMAP EXT_KEYMAPS UNICODE FONT FONT_MAP FONT_UNIMAP >> "${initdir}"${VCONFIG_CONF} fi return 0 } checks() { for kbddir in ${kbddir} /usr/lib/kbd /lib/kbd /usr/share /usr/share/kbd; do if [[ -d "$dracutsysrootdir${kbddir}" ]]; then for dir in "${KBDSUBDIRS[@]}"; do [[ -d "$dracutsysrootdir${kbddir}/${dir}" ]] && continue false done && break fi kbddir='' done [[ "$kbddir" ]] || return 1 [[ -f $dracutsysrootdir$I18N_CONF && -f $dracutsysrootdir$VCONFIG_CONF ]] \ || [[ ! ${hostonly} || ${i18n_vars} ]] || { derror 'i18n_vars not set! Please set up i18n_vars in ' \ 'configuration file.' } return 0 } if checks; then install_base # https://github.com/dracutdevs/dracut/issues/796 if dracut_module_included "systemd" && [[ -f $dracutsysrootdir${VCONFIG_CONF} ]]; then inst_simple ${VCONFIG_CONF} fi if [[ ${hostonly} ]] && ! [[ ${i18n_install_all} == "yes" ]]; then install_local_i18n || install_all_kbd else install_all_kbd fi fi } modules.d/10i18n/parse-i18n.sh000075500000002104151054757350011615 0ustar00#!/usr/bin/sh inst_key_val() { local _value local _file local _default _file="$1" shift _key="$1" shift _default="$1" shift _value="$(getarg "$@")" [ -z "${_value}" ] && _value=$_default if [ -n "${_value}" ]; then printf -- '%s="%s"\n' "${_key}" "${_value}" >> "$_file" fi unset _file unset _value } inst_key_val /etc/vconsole.conf KEYMAP '' rd.vconsole.keymap KEYMAP -d KEYTABLE inst_key_val /etc/vconsole.conf FONT '' rd.vconsole.font FONT -d SYSFONT inst_key_val /etc/vconsole.conf FONT_MAP '' rd.vconsole.font.map FONT_MAP -d CONTRANS inst_key_val /etc/vconsole.conf FONT_UNIMAP '' rd.vconsole.font.unimap FONT_UNIMAP -d UNIMAP inst_key_val /etc/vconsole.conf UNICODE 1 rd.vconsole.font.unicode UNICODE vconsole.unicode inst_key_val /etc/vconsole.conf EXT_KEYMAP '' rd.vconsole.keymap.ext EXT_KEYMAP inst_key_val /etc/locale.conf LANG '' rd.locale.LANG LANG inst_key_val /etc/locale.conf LC_ALL '' rd.locale.LC_ALL LC_ALL if [ -f /etc/locale.conf ]; then . /etc/locale.conf export LANG export LC_ALL fi modules.d/30convertfs/convertfs.sh000075500000014100151054757350013172 0ustar00#!/usr/bin/bash ROOT="$1" if [[ ! -d $ROOT ]]; then echo "Usage: $0 " exit 1 fi if [[ $ROOT -ef / ]]; then echo "Can't convert the running system." echo "Please boot with 'rd.convertfs' on the kernel command line," echo "to update with the help of the initramfs," echo "or run this script from a rescue system." exit 1 fi while [[ $ROOT != "${ROOT%/}" ]]; do ROOT=${ROOT%/} done if [ ! -L "$ROOT"/var/run -a -e "$ROOT"/var/run ]; then echo "Converting /var/run to symlink" mv -f "$ROOT"/var/run "$ROOT"/var/run.runmove~ ln -sfn ../run "$ROOT"/var/run fi if [ ! -L "$ROOT"/var/lock -a -e "$ROOT"/var/lock ]; then echo "Converting /var/lock to symlink" mv -f "$ROOT"/var/lock "$ROOT"/var/lock.lockmove~ ln -sfn ../run/lock "$ROOT"/var/lock fi needconvert() { for dir in "$ROOT/bin" "$ROOT/sbin" "$ROOT/lib" "$ROOT/lib64"; do if [[ -e $dir ]]; then [[ -L $dir ]] || return 0 fi done return 1 } if ! [ -e "$ROOT/usr/bin" ]; then echo "$ROOT/usr/bin does not exist!" echo "Make sure, the kernel command line has enough information" echo "to mount /usr (man dracut.cmdline)" exit 1 fi if ! needconvert; then echo "Your system is already converted." exit 0 fi testfile="$ROOT/.usrmovecheck$$" rm -f -- "$testfile" : > "$testfile" if [[ ! -e $testfile ]]; then echo "Cannot write to $ROOT/" exit 1 fi rm -f -- "$testfile" testfile="$ROOT/usr/.usrmovecheck$$" rm -f -- "$testfile" : > "$testfile" if [[ ! -e $testfile ]]; then echo "Cannot write to $ROOT/usr/" exit 1 fi rm -f -- "$testfile" find_mount() { local dev wanted_dev wanted_dev="$(readlink -e -q "$1")" while read -r dev _ || [ -n "$dev" ]; do [ "$dev" = "$wanted_dev" ] && echo "$dev" && return 0 done < /proc/mounts return 1 } # usage: ismounted # usage: ismounted /dev/ if command -v findmnt > /dev/null; then ismounted() { findmnt "$1" > /dev/null 2>&1 } else ismounted() { if [ -b "$1" ]; then find_mount "$1" > /dev/null && return 0 return 1 fi while read -r _ m _ || [ -n "$m" ]; do [ "$m" = "$1" ] && return 0 done < /proc/mounts return 1 } fi # clean up after ourselves no matter how we die. cleanup() { echo "Something failed. Move back to the original state" for dir in "$ROOT/bin" "$ROOT/sbin" "$ROOT/lib" "$ROOT/lib64" \ "$ROOT/usr/bin" "$ROOT/usr/sbin" "$ROOT/usr/lib" \ "$ROOT/usr/lib64"; do [[ -d "${dir}.usrmove-new" ]] && rm -fr -- "${dir}.usrmove-new" if [[ -d "${dir}.usrmove-old" ]]; then mv "$dir" "${dir}.del~" mv "${dir}.usrmove-old" "$dir" rm -fr -- "${dir}.del~" fi done } trap 'ret=$?; [[ $ret -ne 0 ]] && cleanup;exit $ret;' EXIT trap 'exit 1;' SIGINT ismounted "$ROOT/usr" || CP_HARDLINK="-l" set -e # merge / and /usr in new dir in /usr for dir in bin sbin lib lib64; do rm -rf -- "$ROOT/usr/${dir}.usrmove-new" [[ -L "$ROOT/$dir" ]] && continue [[ -d "$ROOT/$dir" ]] || continue echo "Make a copy of \`$ROOT/usr/$dir'." [[ -d "$ROOT/usr/$dir" ]] \ && cp -ax -l "$ROOT/usr/$dir" "$ROOT/usr/${dir}.usrmove-new" echo "Merge the copy with \`$ROOT/$dir'." [[ -d "$ROOT/usr/${dir}.usrmove-new" ]] \ || mkdir -p "$ROOT/usr/${dir}.usrmove-new" cp -axT $CP_HARDLINK --backup --suffix=.usrmove~ "$ROOT/$dir" "$ROOT/usr/${dir}.usrmove-new" echo "Clean up duplicates in \`$ROOT/usr/$dir'." # delete all symlinks that have been backed up find "$ROOT/usr/${dir}.usrmove-new" -type l -name '*.usrmove~' -delete || : # replace symlink with backed up binary # shellcheck disable=SC2156 find "$ROOT/usr/${dir}.usrmove-new" \ -name '*.usrmove~' \ -type f \ -exec bash -c 'p="{}";o=${p%%%%.usrmove~}; [[ -L "$o" ]] && mv -f "$p" "$o"' ';' || : done # switch over merged dirs in /usr for dir in bin sbin lib lib64; do [[ -d "$ROOT/usr/${dir}.usrmove-new" ]] || continue echo "Switch to new \`$ROOT/usr/$dir'." rm -fr -- "$ROOT/usr/${dir}.usrmove-old" mv "$ROOT/usr/$dir" "$ROOT/usr/${dir}.usrmove-old" mv "$ROOT/usr/${dir}.usrmove-new" "$ROOT/usr/$dir" done # replace dirs in / with links to /usr for dir in bin sbin lib lib64; do [[ -L "$ROOT/$dir" ]] && continue [[ -d "$ROOT/$dir" ]] || continue echo "Create \`$ROOT/$dir' symlink." rm -fr -- "$ROOT/${dir}.usrmove-old" || : mv "$ROOT/$dir" "$ROOT/${dir}.usrmove-old" ln -sfn usr/$dir "$ROOT/$dir" done echo "Clean up backup files." # everything seems to work; cleanup for dir in bin sbin lib lib64; do # if we get killed in the middle of "rm -rf", ensure not to leave # an incomplete directory, which is moved back by cleanup() [[ -d "$ROOT/usr/${dir}.usrmove-old" ]] \ && mv "$ROOT/usr/${dir}.usrmove-old" "$ROOT/usr/${dir}.usrmove-old~" [[ -d "$ROOT/${dir}.usrmove-old" ]] \ && mv "$ROOT/${dir}.usrmove-old" "$ROOT/${dir}.usrmove-old~" done for dir in bin sbin lib lib64; do if [[ -d "$ROOT/usr/${dir}.usrmove-old~" ]]; then rm -rf -- "$ROOT/usr/${dir}.usrmove-old~" fi if [[ -d "$ROOT/${dir}.usrmove-old~" ]]; then rm -rf -- "$ROOT/${dir}.usrmove-old~" fi done for dir in lib lib64; do [[ -d "$ROOT/$dir" ]] || continue for lib in "$ROOT"/usr/"${dir}"/lib*.so*.usrmove~; do [[ -f $lib ]] || continue mv "$lib" "${lib/.so/_so}" done done set +e echo "Run ldconfig." ldconfig -r "$ROOT" if [[ -f "$ROOT"/etc/selinux/config ]]; then # shellcheck disable=SC1090 . "$ROOT"/etc/selinux/config fi if [ -n "$(command -v setfiles)" ] && [ "$SELINUX" != "disabled" ] && [ -f /etc/selinux/"${SELINUXTYPE}"/contexts/files/file_contexts ]; then echo "Fixing SELinux labels" setfiles -r "$ROOT" -p /etc/selinux/"${SELINUXTYPE}"/contexts/files/file_contexts "$ROOT"/sbin "$ROOT"/bin "$ROOT"/lib "$ROOT"/lib64 "$ROOT"/usr/lib "$ROOT"/usr/lib64 "$ROOT"/etc/ld.so.cache "$ROOT"/var/cache/ldconfig || : fi echo "Done." exit 0 modules.d/30convertfs/do-convertfs.sh000075500000000306151054757350013575 0ustar00#!/usr/bin/bash if getargbool 0 rd.convertfs; then if getargbool 0 rd.debug; then bash -x convertfs "$NEWROOT" 2>&1 | vinfo else convertfs "$NEWROOT" 2>&1 | vinfo fi fi modules.d/30convertfs/module-setup.sh000075500000000541151054757350013610 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $mount_needs ]] && return 1 return 255 } # called by dracut depends() { echo bash return 0 } # called by dracut install() { inst_multiple bash find ldconfig mv rm cp ln inst_hook pre-pivot 99 "$moddir/do-convertfs.sh" inst_script "$moddir/convertfs.sh" /usr/bin/convertfs } modules.d/45url-lib/module-setup.sh000075500000007302151054757350013155 0ustar00#!/usr/bin/bash # module-setup for url-lib # called by dracut check() { require_binaries curl || return 1 return 255 } # called by dracut depends() { echo network return 0 } # called by dracut install() { local _dir _crt _crts _found _lib _nssckbi _p11roots _p11root inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh" inst_multiple -o ctorrent inst_multiple curl sed if curl --version | grep -qi '\bNSS\b'; then # also install libs for curl https inst_libdir_file "libnsspem.so*" inst_libdir_file "libnsssysinit.so*" inst_libdir_file "libsoftokn3.so*" inst_libdir_file "libsqlite3.so*" fi for _dir in $libdirs; do [[ -d $dracutsysrootdir$_dir ]] || continue for _lib in "$dracutsysrootdir$_dir"/libcurl.so.* "$dracutsysrootdir$_dir"/libcrypto.so.*; do [[ -e $_lib ]] || continue if ! [[ $_nssckbi ]]; then read -r -d '' _nssckbi < <(grep -F --binary-files=text -z libnssckbi "$_lib") fi read -r -d '' _crt < <(grep -E --binary-files=text -z "\.(pem|crt)" "$_lib" | sed 's/\x0//g') [[ $_crt ]] || continue [[ $_crt == /*/* ]] || continue if [[ -e $_crt ]]; then _crts="$_crts $_crt" _found=1 fi done done if [[ $_found ]] && [[ -n $_crts ]]; then for _crt in $_crts; do if ! inst "${_crt#$dracutsysrootdir}"; then dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work." continue fi done fi # If we found no cert bundle files referenced in libcurl but we # *did* find a mention of libnssckbi (checked above), install it. # If its truly NSS libnssckbi, it includes its own trust bundle, # but if it's really p11-kit-trust.so, we need to find the dirs # where it will look for a trust bundle and install them too. if ! [[ $_found ]] && [[ $_nssckbi ]]; then _found=1 inst_libdir_file "libnssckbi.so*" || _found= for _dir in $libdirs; do [[ -e $dracutsysrootdir$_dir/libnssckbi.so ]] || continue # this looks for directory-ish strings in the file grep -z -o --binary-files=text '/[[:alpha:]][[:print:]]*' "${dracutsysrootdir}${_dir}"/libnssckbi.so \ | while read -r -d '' _p11roots || [[ $_p11roots ]]; do IFS=":" read -r -a _p11roots <<< "$_p11roots" # the string can be a :-separated list of dirs for _p11root in "${_p11roots[@]}"; do # check if it's actually a directory (there are # several false positives in the results) [[ -d "$dracutsysrootdir$_p11root" ]] || continue # check if it has some specific subdirs that all # p11-kit trust dirs have [[ -d "$dracutsysrootdir${_p11root}/anchors" ]] || continue [[ -d "$dracutsysrootdir${_p11root}/blacklist" ]] || continue # so now we know it's really a p11-kit trust dir; # install everything in it mkdir -p -- "${initdir}/${_p11root}" if ! $DRACUT_CP -L -t "${initdir}/${_p11root}" "${dracutsysrootdir}${_p11root}"/*; then dwarn "Couldn't install from p11-kit trust dir '${_p11root#$dracutsysrootdir}'; HTTPS might not work." fi done done done fi [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work." } modules.d/45url-lib/url-lib.sh000075500000012462151054757350012103 0ustar00#!/usr/bin/sh # url-lib.sh - functions for handling URLs (file fetching etc.) # # Authors: # Will Woods type mkuniqdir > /dev/null 2>&1 || . /lib/dracut-lib.sh # fetch_url URL [OUTFILE] # fetch the given URL to a locally-visible location. # if OUTFILE is given, the URL will be fetched to that filename, # overwriting it if present. # If the URL is something mountable (e.g. nfs://) and no OUTFILE is given, # the server will be left mounted until pre-pivot. # the return values are as follows: # 0: success # 253: unknown error (file missing) # 254: unhandled URL scheme / protocol # 255: bad arguments / unparseable URLs # other: fetch command failure (whatever curl/mount/etc return) fetch_url() { local url="$1" outloc="$2" local handler handler="$(get_url_handler "$url")" [ -n "$handler" ] || return 254 [ -n "$url" ] || return 255 "$handler" "$url" "$outloc" } # get_url_handler URL # returns the first HANDLERNAME corresponding to the URL's scheme get_url_handler() { local scheme="${1%%:*}" item="" for item in $url_handler_map; do [ "$scheme" = "${item%%:*}" ] && echo "${item#*:}" && return 0 done return 1 } # add_url_handler HANDLERNAME SCHEME [SCHEME...] # associate the named handler with the named scheme(s). add_url_handler() { local handler="$1" shift local schemes="$*" scheme="" set -- for scheme in $schemes; do [ "$(get_url_handler "$scheme")" = "$handler" ] && continue set -- "$@" "$scheme:$handler" done set -- "$@" "$url_handler_map" # add new items to *front* of list url_handler_map="$*" } ### HTTP, HTTPS, FTP ################################################# export CURL_HOME="/run/initramfs/url-lib" mkdir -p $CURL_HOME curl_args="--globoff --location --retry 3 --retry-connrefused --fail --show-error" getargbool 0 rd.noverifyssl && curl_args="$curl_args --insecure" proxy=$(getarg proxy=) [ -n "$proxy" ] && curl_args="$curl_args --proxy $proxy" curl_fetch_url() { local url="$1" outloc="$2" echo "$url" > /proc/self/fd/0 if [ -n "$outloc" ]; then # shellcheck disable=SC2086 curl $curl_args --output "$outloc" -- "$url" || return $? else local outdir outdir="$(mkuniqdir /tmp curl_fetch_url)" ( cd "$outdir" || exit # shellcheck disable=SC2086 curl $curl_args --remote-name "$url" || return $? ) outloc="$outdir/$(ls -A "$outdir")" fi if ! [ -f "$outloc" ]; then warn "Downloading '$url' failed!" return 253 fi if [ -z "$2" ]; then echo "$outloc"; fi } add_url_handler curl_fetch_url http https ftp tftp set_http_header() { echo "header = \"$1: $2\"" >> $CURL_HOME/.curlrc } ### TORRENT ########################################################## ctorrent_args="-E 0 -e 0" ctorrent_fetch_url() { local url="$1" outloc="$2" url=${url#*//} torrent_outloc="$outloc.torrent" echo "$url" > /proc/self/fd/0 if [ -n "$outloc" ]; then # shellcheck disable=SC2086 curl $curl_args --output "$torrent_outloc" -- "$url" || return $? else local outdir outdir="$(mkuniqdir /tmp torrent_fetch_url)" ( cd "$outdir" || exit # shellcheck disable=SC2086 curl $curl_args --remote-name "$url" || return $? ) torrent_outloc="$outdir/$(ls -A "$outdir")" outloc=${torrent_outloc%.*} fi if ! [ -f "$torrent_outloc" ]; then warn "Downloading '$url' failed!" return 253 fi # shellcheck disable=SC2086 ctorrent $ctorrent_args -s "$outloc" "$torrent_outloc" >&2 if ! [ -f "$outloc" ]; then warn "Torrent download of '$url' failed!" return 253 fi if [ -z "$2" ]; then echo "$outloc"; fi } command -v ctorrent > /dev/null \ && add_url_handler ctorrent_fetch_url torrent ### NFS ############################################################## [ -e /lib/nfs-lib.sh ] && . /lib/nfs-lib.sh nfs_already_mounted() { local server="$1" path="$2" s="" p="" while read -r src mnt rest || [ -n "$src" ]; do splitsep ":" "$src" s p p=${p%/} if [ "$server" = "$s" ]; then if [ "$path" = "$p" ]; then echo "$mnt" elif str_starts "$path" "$p"; then echo "$mnt"/"${path#$p/}" fi fi done < /proc/mounts } nfs_fetch_url() { local url="$1" outloc="$2" nfs="" server="" path="" options="" nfs_to_var "$url" || return 255 local filepath="${path%/*}" filename="${path##*/}" mntdir="" # skip mount if server:/filepath is already mounted mntdir=$(nfs_already_mounted "$server" "$filepath") if [ -z "$mntdir" ]; then local mntdir mntdir="$(mkuniqdir /run nfs_mnt)" mount_nfs "$nfs:$server:$filepath${options:+:$options}" "$mntdir" # lazy unmount during pre-pivot hook inst_hook --hook pre-pivot --name 99url-lib-umount-nfs-"$(basename "$mntdir")" umount -l -- "$mntdir" fi if [ -z "$outloc" ]; then outloc="$mntdir/$filename" else cp -f -- "$mntdir/$filename" "$outloc" || return $? fi [ -f "$outloc" ] || return 253 if [ -z "$2" ]; then echo "$outloc"; fi } command -v nfs_to_var > /dev/null && add_url_handler nfs_fetch_url nfs nfs4 modules.d/50drm/module-setup.sh000075500000004250151054757350012364 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { return 0 } # called by dracut installkernel() { # Include KMS capable drm drivers if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 ]]; then # arm/aarch64 specific modules needed by drm instmods \ "=drivers/gpu/drm/i2c" \ "=drivers/gpu/drm/panel" \ "=drivers/gpu/drm/bridge" \ "=drivers/video/backlight" fi instmods amdkfd hyperv_fb "=drivers/pwm" # if the hardware is present, include module even if it is not currently loaded, # as we could e.g. be in the installer; nokmsboot boot parameter will disable # loading of the driver if needed if [[ $hostonly ]]; then local i modlink modname for i in /sys/bus/{pci/devices,platform/devices,virtio/devices,soc/devices/soc?,vmbus/devices}/*/modalias; do [[ -e $i ]] || continue [[ -n $(< "$i") ]] || continue # shellcheck disable=SC2046 if hostonly="" dracut_instmods --silent -s "drm_crtc_init|drm_dev_register|drm_encoder_init" -S "iw_handler_get_spy" $(< "$i"); then if strstr "$(modinfo -F filename $(< "$i") 2> /dev/null)" radeon.ko; then hostonly='' instmods amdkfd fi fi done # if there is a privacy screen then its driver must be loaded before the # kms driver will bind, otherwise its probe() will return -EPROBE_DEFER # note privacy screens always register, even with e.g. nokmsboot for i in /sys/class/drm/privacy_screen-*/device/driver/module; do [[ -L $i ]] || continue modlink=$(readlink "$i") modname=$(basename "$modlink") instmods "$modname" done else dracut_instmods -o -s "drm_crtc_init|drm_dev_register|drm_encoder_init" "=drivers/gpu/drm" "=drivers/staging" # also include privacy screen providers (see above comment) # atm all providers live under drivers/platform/x86 dracut_instmods -o -s "drm_privacy_screen_register" "=drivers/platform/x86" fi } modules.d/50plymouth/module-setup.sh000075500000002743151054757350013470 0ustar00#!/usr/bin/bash pkglib_dir() { local _dirs="/usr/lib/plymouth /usr/libexec/plymouth/" if find_binary dpkg-architecture &> /dev/null; then local _arch _arch=$(dpkg-architecture -qDEB_HOST_MULTIARCH 2> /dev/null) [ -n "$_arch" ] && _dirs+=" /usr/lib/$_arch/plymouth" fi for _dir in $_dirs; do if [ -x "$dracutsysrootdir""$_dir"/plymouth-populate-initrd ]; then echo "$_dir" return fi done } # called by dracut check() { [[ "$mount_needs" ]] && return 1 [[ $(pkglib_dir) ]] || return 1 require_binaries plymouthd plymouth plymouth-set-default-theme } # called by dracut depends() { echo drm } # called by dracut install() { PKGLIBDIR=$(pkglib_dir) if grep -q nash "$dracutsysrootdir""${PKGLIBDIR}"/plymouth-populate-initrd \ || [ ! -x "$dracutsysrootdir""${PKGLIBDIR}"/plymouth-populate-initrd ]; then # shellcheck disable=SC1090 . "$moddir"/plymouth-populate-initrd.sh else PLYMOUTH_POPULATE_SOURCE_FUNCTIONS="$dracutfunctions" \ "$dracutsysrootdir""${PKGLIBDIR}"/plymouth-populate-initrd -t "$initdir" fi inst_hook emergency 50 "$moddir"/plymouth-emergency.sh inst_multiple readlink inst_multiple plymouthd plymouth plymouth-set-default-theme if ! dracut_module_included "systemd"; then inst_hook pre-trigger 10 "$moddir"/plymouth-pretrigger.sh inst_hook pre-pivot 90 "$moddir"/plymouth-newroot.sh fi } modules.d/50plymouth/plymouth-emergency.sh000075500000000070151054757350014671 0ustar00#!/usr/bin/sh plymouth --hide-splash 2> /dev/null || : modules.d/50plymouth/plymouth-newroot.sh000075500000000170151054757350014411 0ustar00#!/usr/bin/sh if type plymouth > /dev/null 2>&1 && [ -z "$DRACUT_SYSTEMD" ]; then plymouth --newroot="$NEWROOT" fi modules.d/50plymouth/plymouth-populate-initrd.sh000075500000003175151054757350016044 0ustar00#!/usr/bin/bash PLYMOUTH_LOGO_FILE="/usr/share/pixmaps/system-logo-white.png" PLYMOUTH_THEME=$(plymouth-set-default-theme) inst_multiple plymouthd plymouth \ /etc/system-release test -e "${PLYMOUTH_LOGO_FILE}" && inst_simple "${PLYMOUTH_LOGO_FILE}" # shellcheck disable=SC2174 mkdir -m 0755 -p "${initdir}/usr/share/plymouth" inst_libdir_file "plymouth/text.so" "plymouth/details.so" if [[ $hostonly ]]; then inst_multiple \ "/usr/share/plymouth/themes/details/details.plymouth" \ "/usr/share/plymouth/themes/text/text.plymouth" if [[ -d $dracutsysrootdir/usr/share/plymouth/themes/${PLYMOUTH_THEME} ]]; then for x in "/usr/share/plymouth/themes/${PLYMOUTH_THEME}"/*; do [[ -f "$dracutsysrootdir$x" ]] || break inst "$x" done fi if [[ -L $dracutsysrootdir/usr/share/plymouth/themes/default.plymouth ]]; then inst /usr/share/plymouth/themes/default.plymouth # Install plugin for this theme PLYMOUTH_PLUGIN=$(grep "^ModuleName=" "$dracutsysrootdir"/usr/share/plymouth/themes/default.plymouth | while read -r _ b _ || [ -n "$b" ]; do echo "$b"; done) inst_libdir_file "plymouth/${PLYMOUTH_PLUGIN}.so" fi else for x in "$dracutsysrootdir"/usr/share/plymouth/themes/{text,details}/*; do [[ -f $x ]] || continue THEME_DIR=$(dirname "${x#$dracutsysrootdir}") # shellcheck disable=SC2174 mkdir -m 0755 -p "${initdir}/$THEME_DIR" inst_multiple "${x#$dracutsysrootdir}" done ( cd "${initdir}"/usr/share/plymouth/themes || exit ln -s text/text.plymouth default.plymouth 2>&1 ) fi modules.d/50plymouth/plymouth-pretrigger.sh000075500000002243151054757350015071 0ustar00#!/usr/bin/sh if type plymouthd > /dev/null 2>&1 && [ -z "$DRACUT_SYSTEMD" ]; then if getargbool 1 plymouth.enable && getargbool 1 rd.plymouth -d -n rd_NO_PLYMOUTH; then # first trigger graphics subsystem udevadm trigger --action=add --attr-match=class=0x030000 > /dev/null 2>&1 # first trigger graphics and tty subsystem udevadm trigger --action=add \ --subsystem-match=graphics \ --subsystem-match=drm \ --subsystem-match=tty \ --subsystem-match=acpi \ > /dev/null 2>&1 udevadm settle --timeout=180 2>&1 | vinfo info "Starting plymouth daemon" mkdir -m 0755 /run/plymouth read -r consoledev rest < /sys/class/tty/console/active consoledev=${consoledev:-tty0} [ -x /lib/udev/console_init -a -e "/dev/$consoledev" ] && /lib/udev/console_init "/dev/$consoledev" plymouthd --attach-to-session --pid-file /run/plymouth/pid plymouth --show-splash 2>&1 | vinfo # reset tty after plymouth messed with it [ -x /lib/udev/console_init -a -e "/dev/$consoledev" ] && /lib/udev/console_init "/dev/$consoledev" fi fi modules.d/62bluetooth/module-setup.sh000075500000005312151054757350013612 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed require_any_binary /usr/lib/bluetooth/bluetoothd /usr/libexec/bluetooth/bluetoothd || return 1 if [[ $hostonly ]]; then # Include by default if a Peripheral (0x500) is found of minor class: # * Keyboard (0x40) # * Keyboard/pointing (0xC0) grep -qiE 'Class=0x[0-9a-f]{3}5[4c]0' /var/lib/bluetooth/*/*/info 2> /dev/null && return 0 fi return 255 } # Module dependency requirements. depends() { # This module has external dependencies on the systemd and dbus modules. echo systemd dbus # Return 0 to include the dependent modules in the initramfs. return 0 } installkernel() { instmods bluetooth btrtl btintel btbcm bnep ath3k btusb rfcomm hidp inst_multiple -o \ /lib/firmware/ar3k/AthrBT* \ /lib/firmware/ar3k/ramps* \ /lib/firmware/ath3k-1.fw* \ /lib/firmware/BCM2033-MD.hex* \ /lib/firmware/bfubase.frm* \ /lib/firmware/BT3CPCC.bin* \ /lib/firmware/brcm/*.hcd* \ /lib/firmware/mediatek/mt7622pr2h.bin* \ /lib/firmware/qca/nvm* \ /lib/firmware/qca/crnv* \ /lib/firmware/qca/rampatch* \ /lib/firmware/qca/crbtfw* \ /lib/firmware/rtl_bt/* \ /lib/firmware/intel/ibt* \ /lib/firmware/ti-connectivity/TIInit_* \ /lib/firmware/nokia/bcmfw.bin* \ /lib/firmware/nokia/ti1273.bin* } # Install the required file(s) for the module in the initramfs. install() { # shellcheck disable=SC2064 trap "$(shopt -p globstar)" RETURN shopt -q -s globstar local -a var_lib_files inst_multiple -o \ "$dbussystem"/bluetooth.conf \ "${systemdsystemunitdir}/bluetooth.target" \ "${systemdsystemunitdir}/bluetooth.service" \ bluetoothctl inst_multiple -o \ /usr/libexec/bluetooth/bluetoothd \ /usr/lib/bluetooth/bluetoothd if [[ $hostonly ]]; then var_lib_files=("$dracutsysrootdir"/var/lib/bluetooth/**) inst_multiple -o \ /etc/bluetooth/main.conf \ "$dbussystemconfdir"/bluetooth.conf \ "${var_lib_files[@]#"$dracutsysrootdir"}" fi inst_rules 69-btattach-bcm.rules 60-persistent-input.rules # shellcheck disable=SC1004 sed -i -e \ '/^\[Unit\]/aDefaultDependencies=no\ Conflicts=shutdown.target\ Before=shutdown.target\ After=dbus.service' \ "${initdir}/${systemdsystemunitdir}/bluetooth.service" $SYSTEMCTL -q --root "$initdir" enable bluetooth.service } modules.d/80lvmmerge/README.md000064400000004055151054757350011723 0ustar00# lvmmerge - dracut module ## Preparation - ensure that the lvm thin pool is big enough - backup any (most likely /boot and /boot/efi) device with: ``` # mkdir /restoredev # dev=; umount $dev; dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev"); mount $dev ``` - backup the MBR ``` # dev=; dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") bs=446 count=1 # ls -l /dev/disk/by-path/virtio-pci-0000\:00\:07.0 lrwxrwxrwx. 1 root root 9 Jul 24 04:27 /dev/disk/by-path/virtio-pci-0000:00:07.0 -> ../../vda ``` - backup some partitions ``` # dev=/dev/disk/by-path/virtio-pci-0000:00:07.0 # dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") bs=446 count=1 # umount /boot/efi # dev=/dev/disk/by-partuuid/687177a8-86b3-4e37-a328-91d20db9563c # dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") # umount /boot # dev=/dev/disk/by-partuuid/4fdf99e9-4f28-4207-a26f-c76546824eaf # dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") ``` Final /restoredev ``` # ls -al /restoredev/ total 1253380 drwx------. 2 root root 250 Jul 24 04:38 . dr-xr-xr-x. 18 root root 242 Jul 24 04:32 .. -rw-------. 1 root root 209715200 Jul 24 04:34 dev-disk-by\x2dpartuuid-4fdf99e9\x2d4f28\x2d4207\x2da26f\x2dc76546824eaf -rw-------. 1 root root 1073741824 Jul 24 04:34 dev-disk-by\x2dpartuuid-687177a8\x2d86b3\x2d4e37\x2da328\x2d91d20db9563c -rw-------. 1 root root 446 Jul 24 04:38 dev-disk-by\x2dpath-virtio\x2dpci\x2d0000:00:07.0 ``` - make a thin snapshot ``` # lvm lvcreate -pr -s rhel/root --name reset ``` - mark the snapshot with a tag ``` # lvm lvchange --addtag reset rhel/reset ``` - remove /restoredev ``` # rm -fr /restoredev ``` ## Operation If a boot entry with ```rd.lvm.mergetags=``` is selected and there are LVs with `````` dracut will - make a copy of the snapshot - merge it back to the original - rename the copy back to the name of the snapshot - if /restordev appears in the root, then it will restore the images found in that directory. This can be used to restore /boot and /boot/efi and the MBR of the boot device modules.d/80lvmmerge/lvmmerge.sh000075500000006032151054757350012616 0ustar00#!/usr/bin/bash type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh do_merge() { sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type = 1/' \ /etc/lvm/lvm.conf systemctl --no-block stop sysroot.mount swapoff -a umount -R /sysroot for tag in $(getargs rd.lvm.mergetags); do lvm vgs --noheadings -o vg_name \ | while read -r vg || [[ -n $vg ]]; do unset LVS declare -a LVS lvs=$(lvm lvs --noheadings -o lv_name "$vg") for lv in $lvs; do lvm lvchange -an "$vg/$lv" tags=$(trim "$(lvm lvs --noheadings -o lv_tags "$vg/$lv")") strstr ",${tags}," ",${tag}," || continue if ! lvm lvs --noheadings -o lv_name "${vg}/${lv}_dracutsnap" &> /dev/null; then info "Creating backup ${lv}_dracutsnap of ${vg}/${lv}" lvm lvcreate -pr -s "${vg}/${lv}" --name "${lv}_dracutsnap" fi lvm lvchange --addtag "$tag" "${vg}/${lv}_dracutsnap" info "Merging back ${vg}/${lv} to the original LV" lvm lvconvert --merge "${vg}/${lv}" LVS+=("$lv") done systemctl --no-block stop sysroot.mount udevadm settle for ((i = 0; i < 100; i++)); do lvm vgchange -an "$vg" && break sleep 0.5 done udevadm settle lvm vgchange -ay "$vg" udevadm settle for lv in "${LVS[@]}"; do info "Renaming ${lv}_dracutsnap backup to ${vg}/${lv}" lvm lvrename "$vg" "${lv}_dracutsnap" "${lv}" done udevadm settle done done systemctl --no-block reset-failed systemd-fsck-root systemctl --no-block start systemd-fsck-root systemctl --no-block reset-failed sysroot.mount systemctl --no-block start sysroot.mount for ((i = 0; i < 100; i++)); do [[ -d /sysroot/dev ]] && break sleep 0.5 systemctl --no-block start sysroot.mount done if [[ -d /sysroot/restoredev ]]; then ( if cd /sysroot/restoredev; then # restore devices and partitions for i in *; do target=$(systemd-escape -pu "$i") if ! [[ -b $target ]]; then warn "Not restoring $target, as the device does not exist" continue fi # Just in case umount "$target" &> /dev/null info "Restoring $target" dd if="$i" of="$target" |& vinfo done fi ) mount -o remount,rw /sysroot rm -fr /sysroot/restoredev fi info "Rebooting" reboot } if getarg rd.lvm.mergetags; then do_merge fi modules.d/80lvmmerge/module-setup.sh000075500000000661151054757350013425 0ustar00#!/usr/bin/bash # called by dracut check() { # No point trying to support lvm if the binaries are missing require_binaries lvm dd swapoff || return 1 return 255 } # called by dracut depends() { echo lvm dracut-systemd systemd bash return 0 } installkernel() { hostonly="" instmods dm-snapshot } # called by dracut install() { inst_multiple dd swapoff inst_hook cleanup 01 "$moddir/lvmmerge.sh" } modules.d/80lvmthinpool-monitor/module-setup.sh000075500000001105151054757350015641 0ustar00#!/usr/bin/bash # called by dracut check() { # No point trying to support lvm if the binaries are missing require_binaries lvm sort tr awk || return 1 return 255 } # called by dracut depends() { echo lvm return 0 } # called by dracut install() { inst_multiple sort tr awk inst_script "$moddir/start-thinpool-monitor.sh" "/bin/start-thinpool-monitor" inst "$moddir/start-thinpool-monitor.service" "$systemdsystemunitdir/start-thinpool-monitor.service" $SYSTEMCTL -q --root "$initdir" add-wants initrd.target start-thinpool-monitor.service } modules.d/80lvmthinpool-monitor/start-thinpool-monitor.service000064400000000506151054757350020721 0ustar00[Unit] Description=Lvm thinpool monitor service Before=initrd.target After=initrd-fs.target Conflicts=shutdown.target emergency.target [Service] Type=forking ExecStart=/bin/start-thinpool-monitor PIDFile=/run/thinpool-moni.pid StandardInput=null StandardOutput=journal+console StandardError=journal+console KillSignal=SIGHUP modules.d/80lvmthinpool-monitor/start-thinpool-monitor.sh000075500000002731151054757350017700 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh LVS=$(getargs rd.lvm.lv -d rd_LVM_LV=) is_lvm2_thinp_device() { _device_path=$1 _lvm2_thin_device=$(lvm lvs -S 'lv_layout=sparse && lv_layout=thin' \ --nosuffix --noheadings -o vg_name,lv_name "$_device_path" 2> /dev/null) [ -n "$_lvm2_thin_device" ] && return $? } for LV in $LVS; do if is_lvm2_thinp_device "/dev/$LV"; then THIN_POOLS="$(lvm lvs -S 'lv_layout=sparse && lv_layout=thin' \ --nosuffix --noheadings -o vg_name,pool_lv "$LV" \ | awk '{printf("%s/%s",$1,$2);}') $THIN_POOLS" fi done THIN_POOLS=$(echo "$THIN_POOLS" | tr ' ' '\n' | sort -u | tr '\n' ' ') if [ -n "$THIN_POOLS" ]; then if [ -e "/etc/lvm/lvm.conf" ]; then # Use 'monitoring=0' to override the value in lvm.conf, in case # dmeventd monitoring been started after the calling. CONFIG="activation {monitoring=0}" else CONFIG="activation {monitoring=0 thin_pool_autoextend_threshold=70 thin_pool_autoextend_percent=20}" fi # Activate the thinpool in case the thinpool is in inactive state. # Otherwise lvextend will fail. for THIN_POOL in $THIN_POOLS; do lvm lvchange -ay "$THIN_POOL" --config "$CONFIG" done while true; do for THIN_POOL in $THIN_POOLS; do lvm lvextend --use-policies --config "$CONFIG" "$THIN_POOL" done sleep 5 done & echo $! > /run/thinpool-moni.pid fi modules.d/90btrfs/80-btrfs.rules000064400000000416151054757350012365 0ustar00SUBSYSTEM!="block", GOTO="btrfs_end" ACTION!="add|change", GOTO="btrfs_end" ENV{ID_FS_TYPE}!="btrfs", GOTO="btrfs_end" RUN+="/sbin/btrfs device scan $env{DEVNAME}" RUN+="/sbin/initqueue --finished --unique --name btrfs_finished /sbin/btrfs_finished" LABEL="btrfs_end" modules.d/90btrfs/btrfs_device_ready.sh000075500000000724151054757350014130 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh btrfs_check_complete() { local _rootinfo _dev _dev="${1:-/dev/root}" [ -e "$_dev" ] || return 0 _rootinfo=$(udevadm info --query=env "--name=$_dev" 2> /dev/null) if strstr "$_rootinfo" "ID_FS_TYPE=btrfs"; then info "Checking, if btrfs device complete" btrfs device ready "$_dev" > /dev/null 2>&1 return $? fi return 0 } btrfs_check_complete "$1" modules.d/90btrfs/btrfs_finished.sh000075500000001127151054757350013274 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh btrfs_check_complete() { local _rootinfo _dev _dev="${1:-/dev/root}" [ -e "$_dev" ] || return 0 _rootinfo=$(udevadm info --query=env "--name=$_dev" 2> /dev/null) if strstr "$_rootinfo" "ID_FS_TYPE=btrfs"; then info "Checking, if btrfs device complete" unset __btrfs_mount mount -o ro "$_dev" /tmp > /dev/null 2>&1 __btrfs_mount=$? [ $__btrfs_mount -eq 0 ] && umount "$_dev" > /dev/null 2>&1 return $__btrfs_mount fi return 0 } btrfs_check_complete "$1" modules.d/90btrfs/btrfs_timeout.sh000075500000000224151054757350013166 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh info "Scanning for all btrfs devices" /sbin/btrfs device scan > /dev/null 2>&1 modules.d/90btrfs/module-setup.sh000075500000002504151054757350012726 0ustar00#!/usr/bin/bash # called by dracut check() { # if we don't have btrfs installed on the host system, # no point in trying to support it in the initramfs. require_binaries btrfs || return 1 [[ $hostonly ]] || [[ $mount_needs ]] && { for fs in "${host_fs_types[@]}"; do [[ $fs == "btrfs" ]] && return 0 done return 255 } return 0 } # called by dracut depends() { echo udev-rules return 0 } # called by dracut installkernel() { instmods btrfs } # called by dracut install() { if ! inst_rules 64-btrfs.rules; then inst_rules "$moddir/80-btrfs.rules" case "$(btrfs --help)" in *device\ ready*) inst_script "$moddir/btrfs_device_ready.sh" /sbin/btrfs_finished ;; *) inst_script "$moddir/btrfs_finished.sh" /sbin/btrfs_finished ;; esac else inst_rules 64-btrfs-dm.rules fi if ! dracut_module_included "systemd"; then inst_hook initqueue/timeout 10 "$moddir/btrfs_timeout.sh" fi inst_multiple -o btrfsck btrfs-zero-log inst "$(command -v btrfs)" /sbin/btrfs # Hack for slow machines # see https://github.com/dracutdevs/dracut/issues/658 echo "rd.driver.pre=btrfs" > "${initdir}"/etc/cmdline.d/00-btrfs.conf } modules.d/90crypt/crypt-cleanup.sh000075500000000704151054757350013112 0ustar00#!/usr/bin/sh # close everything which is not busy rm -f -- /etc/udev/rules.d/70-luks.rules > /dev/null 2>&1 if ! getarg rd.luks.uuid -d rd_LUKS_UUID > /dev/null 2>&1 && getargbool 1 rd.luks -d -n rd_NO_LUKS > /dev/null 2>&1; then while true; do local do_break="y" for i in /dev/mapper/luks-*; do cryptsetup luksClose "$i" > /dev/null 2>&1 && do_break=n done [ "$do_break" = "y" ] && break done fi modules.d/90crypt/crypt-lib.sh000075500000017747151054757350012250 0ustar00#!/usr/bin/sh command -v getarg > /dev/null || . /lib/dracut-lib.sh # check if the crypttab contains an entry for a LUKS UUID crypttab_contains() { local luks="$1" local dev="$2" local l d rest if [ -f /etc/crypttab ]; then while read -r l d rest || [ -n "$l" ]; do strstr "${l##luks-}" "${luks##luks-}" && return 0 strstr "$d" "${luks##luks-}" && return 0 if [ -n "$dev" ]; then for _dev in $(devnames "$d"); do [ "$dev" -ef "$_dev" ] && return 0 done fi if [ -e /etc/block_uuid.map ]; then # search for line starting with $d _line=$(sed -n "\,^$d .*$,{p}" /etc/block_uuid.map) [ -z "$_line" ] && continue # get second column with uuid _uuid="$(echo "$_line" | sed 's,^.* \(.*$\),\1,')" strstr "$_uuid" "${luks##luks-}" && return 0 fi done < /etc/crypttab fi return 1 } # ask_for_password # # Wraps around plymouth ask-for-password and adds fallback to tty password ask # if plymouth is not present. # # --cmd command # Command to execute. Required. # --prompt prompt # Password prompt. Note that function already adds ':' at the end. # Recommended. # --tries n # How many times repeat command on its failure. Default is 3. # --ply-[cmd|prompt|tries] # Command/prompt/tries specific for plymouth password ask only. # --tty-[cmd|prompt|tries] # Command/prompt/tries specific for tty password ask only. # --tty-echo-off # Turn off input echo before tty command is executed and turn on after. # It's useful when password is read from stdin. ask_for_password() { local ply_cmd local ply_prompt local ply_tries=3 local tty_cmd local tty_prompt local tty_tries=3 local ret while [ $# -gt 0 ]; do case "$1" in --cmd) ply_cmd="$2" tty_cmd="$2" shift ;; --ply-cmd) ply_cmd="$2" shift ;; --tty-cmd) tty_cmd="$2" shift ;; --prompt) ply_prompt="$2" tty_prompt="$2" shift ;; --ply-prompt) ply_prompt="$2" shift ;; --tty-prompt) tty_prompt="$2" shift ;; --tries) ply_tries="$2" tty_tries="$2" shift ;; --ply-tries) ply_tries="$2" shift ;; --tty-tries) tty_tries="$2" shift ;; --tty-echo-off) tty_echo_off=yes ;; esac shift done { flock -s 9 # Prompt for password with plymouth, if installed and running. if type plymouth > /dev/null 2>&1 && plymouth --ping 2> /dev/null; then plymouth ask-for-password \ --prompt "$ply_prompt" --number-of-tries="$ply_tries" \ --command="$ply_cmd" ret=$? else if [ "$tty_echo_off" = yes ]; then stty_orig="$(stty -g)" stty -echo fi local i=1 while [ $i -le "$tty_tries" ]; do [ -n "$tty_prompt" ] \ && printf "%s" "$tty_prompt [$i/$tty_tries]:" >&2 eval "$tty_cmd" && ret=0 && break ret=$? i=$((i + 1)) [ -n "$tty_prompt" ] && printf '\n' >&2 done [ "$tty_echo_off" = yes ] && stty "$stty_orig" fi } 9> /.console_lock [ $ret -ne 0 ] && echo "Wrong password" >&2 return $ret } # Try to mount specified device (by path, by UUID or by label) and check # the path with 'test'. # # example: # test_dev -f LABEL="nice label" /some/file1 test_dev() { local test_op=$1 local dev="$2" local f="$3" local ret=1 local mount_point mount_point=$(mkuniqdir /mnt testdev) [ -n "$dev" -a -n "$*" ] || return 1 [ -d "$mount_point" ] || die 'Mount point does not exist!' if mount -r "$dev" "$mount_point" > /dev/null 2>&1; then test "$test_op" "${mount_point}/${f}" ret=$? umount "$mount_point" fi rmdir "$mount_point" return $ret } # match_dev devpattern dev # # Returns true if 'dev' matches 'devpattern'. Both 'devpattern' and 'dev' are # expanded to kernel names and then compared. If name of 'dev' is on list of # names of devices matching 'devpattern', the test is positive. 'dev' and # 'devpattern' may be anything which function 'devnames' recognizes. # # If 'devpattern' is empty or '*' then function just returns true. # # Example: # match_dev UUID=123 /dev/dm-1 # Returns true if /dev/dm-1 UUID starts with "123". match_dev() { [ -z "$1" -o "$1" = '*' ] && return 0 local devlist local dev devlist="$(devnames "$1")" || return 255 dev="$(devnames "$2")" || return 255 strstr " $devlist " " $dev " } # getkey keysfile for_dev # # Reads file produced by probe-keydev and looks for first line to # which device matches. The successful result is printed in format # ":". When nothing found, just false is returned. # # Example: # getkey /tmp/luks.keys /dev/sdb1 # May print: # /dev/sdc1:/keys/some.key getkey() { local keys_file="$1" local for_dev="$2" local luks_dev local key_dev local key_path [ -z "$keys_file" -o -z "$for_dev" ] && die 'getkey: wrong usage!' [ -f "$keys_file" ] || return 1 while IFS=: read -r luks_dev key_dev key_path _ || [ -n "$luks_dev" ]; do if match_dev "$luks_dev" "$for_dev"; then echo "${key_dev}:${key_path}" return 0 fi done < "$keys_file" return 1 } # readkey keypath keydev device # # Mounts , reads key from file , optionally processes it (e.g. # if encrypted with GPG) and prints to standard output which is supposed to be # read by cryptsetup. is just passed to helper function for # informational purpose. readkey() { local keypath="$1" local keydev="$2" local device="$3" # No mounting needed if the keyfile resides inside the initrd if [ "/" = "$keydev" ]; then local mntp=/ else # This creates a unique single mountpoint for *, or several for explicitly # given LUKS devices. It accomplishes unlocking multiple LUKS devices with # a single password entry. local mntp mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')" if [ ! -d "$mntp" ]; then mkdir -p "$mntp" mount -r "$keydev" "$mntp" || die 'Mounting rem. dev. failed!' fi fi case "${keypath##*.}" in gpg) if [ -f /lib/dracut-crypt-gpg-lib.sh ]; then . /lib/dracut-crypt-gpg-lib.sh gpg_decrypt "$mntp" "$keypath" "$keydev" "$device" else die "No GPG support to decrypt '$keypath' on '$keydev'." fi ;; img) if [ -f /lib/dracut-crypt-loop-lib.sh ]; then . /lib/dracut-crypt-loop-lib.sh loop_decrypt "$mntp" "$keypath" "$keydev" "$device" printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > "${hookdir}/cleanup/crypt-loop-cleanup-99-${mntp##*/}".sh return 0 else die "No loop file support to decrypt '$keypath' on '$keydev'." fi ;; *) cat "$mntp/$keypath" ;; esac # No unmounting if the keyfile resides inside the initrd if [ "/" != "$keydev" ]; then # General unmounting mechanism, modules doing custom cleanup should return earlier # and install a pre-pivot cleanup hook umount "$mntp" rmdir "$mntp" fi } modules.d/90crypt/crypt-run-generator.sh000075500000001444151054757350014255 0ustar00#!/usr/bin/sh . /lib/dracut-lib.sh type crypttab_contains > /dev/null 2>&1 || . /lib/dracut-crypt-lib.sh dev=$1 luks=$2 crypttab_contains "$luks" "$dev" && exit 0 allowdiscards="-" # parse for allow-discards if [ -n "$DRACUT_SYSTEMD" ] || strstr "$(cryptsetup --help)" "allow-discards"; then if discarduuids=$(getargs "rd.luks.allow-discards"); then discarduuids=$(str_replace "$discarduuids" 'luks-' '') if strstr " $discarduuids " " ${luks##luks-}"; then allowdiscards="discard" fi elif getargbool 0 rd.luks.allow-discards; then allowdiscards="discard" fi fi echo "$luks $dev - timeout=0,$allowdiscards" >> /etc/crypttab if command -v systemctl > /dev/null; then systemctl daemon-reload systemctl start cryptsetup.target fi exit 0 modules.d/90crypt/cryptroot-ask.sh000075500000012734151054757350013153 0ustar00#!/usr/bin/sh PATH=/usr/sbin:/usr/bin:/sbin:/bin NEWROOT=${NEWROOT:-"/sysroot"} # do not ask, if we already have root [ -f "$NEWROOT"/proc ] && exit 0 . /lib/dracut-lib.sh mkdir -p -m 0700 /run/cryptsetup # if device name is /dev/dm-X, convert to /dev/mapper/name if [ "${1##/dev/dm-}" != "$1" ]; then device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")" else device="$1" fi # default luksname - luks-UUID luksname=$2 # is_keysource - ask for passphrase even if a rd.luks.key argument is set is_keysource=${3:-0} # number of tries numtries=${4:-10} # TODO: improve to support what cmdline does if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; then while read -r name dev luksfile luksoptions || [ -n "$name" ]; do # ignore blank lines and comments if [ -z "$name" -o "${name#\#}" != "$name" ]; then continue fi # PARTUUID used in crypttab if [ "${dev%%=*}" = "PARTUUID" ]; then if [ "luks-${dev##PARTUUID=}" = "$luksname" ]; then luksname="$name" break fi # UUID used in crypttab elif [ "${dev%%=*}" = "UUID" ]; then if [ "luks-${dev##UUID=}" = "$luksname" ]; then luksname="$name" break fi # ID used in crypttab elif [ "${dev%%=*}" = "ID" ]; then if [ "luks-${dev##ID=}" = "$luksname" ]; then luksname="$name" break fi # path used in crypttab else cdev=$(readlink -f "$dev") mdev=$(readlink -f "$device") if [ "$cdev" = "$mdev" ]; then luksname="$name" break fi fi done < /etc/crypttab unset name dev fi # check if destination already exists [ -b /dev/mapper/"$luksname" ] && exit 0 # we already asked for this device asked_file=/tmp/cryptroot-asked-$luksname [ -f "$asked_file" ] && exit 0 # load dm_crypt if it is not already loaded [ -d /sys/module/dm_crypt ] || modprobe dm_crypt . /lib/dracut-crypt-lib.sh # # Open LUKS device # info "luksOpen $device $luksname $luksfile $luksoptions" OLD_IFS="$IFS" IFS=, # shellcheck disable=SC2086 set -- $luksoptions IFS="$OLD_IFS" while [ $# -gt 0 ]; do case $1 in noauto) # skip this exit 0 ;; swap) # skip this exit 0 ;; tmp) # skip this exit 0 ;; allow-discards) allowdiscards="--allow-discards" ;; header=*) cryptsetupopts="${cryptsetupopts} --${1}" ;; esac shift done # parse for allow-discards if strstr "$(cryptsetup --help)" "allow-discards"; then if discarduuids=$(getargs "rd.luks.allow-discards"); then discarduuids=$(str_replace "$discarduuids" 'luks-' '') if strstr " $discarduuids " " ${luksdev##luks-}"; then allowdiscards="--allow-discards" fi elif getargbool 0 rd.luks.allow-discards; then allowdiscards="--allow-discards" fi fi if strstr "$(cryptsetup --help)" "allow-discards"; then cryptsetupopts="$cryptsetupopts $allowdiscards" fi unset allowdiscards # fallback to passphrase ask_passphrase=1 if [ -n "$luksfile" -a "$luksfile" != "none" -a -e "$luksfile" ]; then # shellcheck disable=SC2086 if readkey "$luksfile" / "$device" \ | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname"; then ask_passphrase=0 fi elif [ "$is_keysource" -ne 0 ]; then info "Asking for passphrase because $device is a keysource." else while [ -n "$(getarg rd.luks.key)" ]; do if tmp=$(getkey /tmp/luks.keys "$device"); then keydev="${tmp%%:*}" keypath="${tmp#*:}" else if [ "$numtries" -eq 0 ]; then warn "No key found for $device. Fallback to passphrase mode." break fi sleep 1 info "No key found for $device. Will try $numtries time(s) more later." initqueue --unique --onetime --settled \ --name cryptroot-ask-"$luksname" \ "$(command -v cryptroot-ask)" "$device" "$luksname" "$is_keysource" "$((numtries - 1))" exit 0 fi unset tmp info "Using '$keypath' on '$keydev'" # shellcheck disable=SC2086 readkey "$keypath" "$keydev" "$device" \ | cryptsetup -d - $cryptsetupopts luksOpen "$device" "$luksname" \ && ask_passphrase=0 unset keypath keydev break done fi if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen" _timeout=$(getargs "rd.luks.timeout") _timeout=${_timeout:-0} ask_for_password --ply-tries 5 \ --ply-cmd "$luks_open -T1 $device $luksname" \ --ply-prompt "Password ($device)" \ --tty-tries 1 \ --tty-cmd "$luks_open -T5 -t $_timeout $device $luksname" unset luks_open unset _timeout fi if [ "$is_keysource" -ne 0 -a "${luksname##luks-}" != "$luksname" ]; then luks_close="$(command -v cryptsetup) close" { printf -- '[ -e /dev/mapper/%s ] && ' "$luksname" printf -- '%s "%s"\n' "$luks_close" "$luksname" } >> "$hookdir/cleanup/31-crypt-keysource.sh" unset luks_close fi unset device luksname luksfile # mark device as asked : >> "$asked_file" need_shutdown udevsettle exit 0 modules.d/90crypt/module-setup.sh000075500000014350151054757350012751 0ustar00#!/usr/bin/bash # called by dracut check() { local fs # if cryptsetup is not installed, then we cannot support encrypted devices. require_any_binary "$systemdutildir"/systemd-cryptsetup cryptsetup || return 1 [[ $hostonly ]] || [[ $mount_needs ]] && { for fs in "${host_fs_types[@]}"; do [[ $fs == "crypto_LUKS" ]] && return 0 done return 255 } return 0 } # called by dracut depends() { local deps deps="dm rootfs-block" if [[ $hostonly && -f "$dracutsysrootdir"/etc/crypttab ]]; then if grep -q -e "fido2-device=" -e "fido2-cid=" "$dracutsysrootdir"/etc/crypttab; then deps+=" fido2" fi if grep -q "pkcs11-uri" "$dracutsysrootdir"/etc/crypttab; then deps+=" pkcs11" fi if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then deps+=" tpm2-tss" fi fi echo "$deps" return 0 } # called by dracut installkernel() { hostonly="" instmods drbg instmods dm_crypt # in case some of the crypto modules moved from compiled in # to module based, try to install those modules # best guess if [[ $hostonly ]] || [[ $mount_needs ]]; then # dmsetup returns s.th. like # cryptvol: 0 2064384 crypt aes-xts-plain64 :64:logon:cryptsetup:.... dmsetup table | while read -r name _ _ is_crypt cipher _; do [[ $is_crypt == "crypt" ]] || continue # get the device name name=/dev/$(dmsetup info -c --noheadings -o blkdevname "${name%:}") # check if the device exists as a key in our host_fs_types (even with null string) # shellcheck disable=SC2030 # this is a shellcheck bug if [[ ${host_fs_types[$name]+_} ]]; then # split the cipher aes-xts-plain64 in pieces IFS='-:' read -ra mods <<< "$cipher" # try to load the cipher part with "crypto-" prepended # in non-hostonly mode hostonly='' instmods "${mods[@]/#/crypto-}" "crypto-$cipher" fi done else instmods "=crypto" fi return 0 } # called by dracut cmdline() { local dev UUID # shellcheck disable=SC2031 for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} != "crypto_LUKS" ]] && continue UUID=$( blkid -u crypto -o export "$dev" \ | while read -r line || [ -n "$line" ]; do [[ ${line#UUID} == "$line" ]] && continue printf "%s" "${line#UUID=}" break done ) [[ ${UUID} ]] || continue printf "%s" " rd.luks.uuid=luks-${UUID}" done } # called by dracut install() { if [[ $hostonly_cmdline == "yes" ]]; then local _cryptconf _cryptconf=$(cmdline) [[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf" fi inst_hook cmdline 30 "$moddir/parse-crypt.sh" if ! dracut_module_included "systemd"; then inst_multiple cryptsetup rmdir readlink umount inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev inst_hook cmdline 10 "$moddir/parse-keydev.sh" inst_hook cleanup 30 "$moddir/crypt-cleanup.sh" fi if [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/crypttab ]]; then # filter /etc/crypttab for the devices we need while read -r _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do [[ $_mapper == \#* ]] && continue [[ $_dev ]] || continue [[ $_dev == PARTUUID=* ]] \ && _dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}" [[ $_dev == UUID=* ]] \ && _dev="/dev/disk/by-uuid/${_dev#UUID=}" [[ $_dev == ID=* ]] \ && _dev="/dev/disk/by-id/${_dev#ID=}" echo "$_dev $(blkid "$_dev" -s UUID -o value)" >> "${initdir}/etc/block_uuid.map" # loop through the options to check for the force option luksoptions=${_luksoptions} OLD_IFS="${IFS}" IFS=, # shellcheck disable=SC2086 set -- ${luksoptions} IFS="${OLD_IFS}" forceentry="" while [ $# -gt 0 ]; do case $1 in force) forceentry="yes" break ;; esac shift done # include the entry regardless if [ "${forceentry}" = "yes" ]; then echo "$_mapper $_dev $_luksfile $_luksoptions" else # shellcheck disable=SC2031 for _hdev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then echo "$_mapper $_dev $_luksfile $_luksoptions" break fi done fi done < "$dracutsysrootdir"/etc/crypttab > "$initdir"/etc/crypttab mark_hostonly /etc/crypttab fi inst_simple "$moddir/crypt-lib.sh" "/lib/dracut-crypt-lib.sh" inst_script "$moddir/crypt-run-generator.sh" "/sbin/crypt-run-generator" if dracut_module_included "systemd"; then # the cryptsetup targets are already pulled in by 00systemd, but not # the enablement symlinks inst_multiple -o \ "$tmpfilesdir"/cryptsetup.conf \ "$systemdutildir"/system-generators/systemd-cryptsetup-generator \ "$systemdutildir"/systemd-cryptsetup \ "$systemdsystemunitdir"/systemd-ask-password-console.path \ "$systemdsystemunitdir"/systemd-ask-password-console.service \ "$systemdsystemunitdir"/cryptsetup.target \ "$systemdsystemunitdir"/sysinit.target.wants/cryptsetup.target \ "$systemdsystemunitdir"/remote-cryptsetup.target \ "$systemdsystemunitdir"/initrd-root-device.target.wants/remote-cryptsetup.target \ systemd-ask-password systemd-tty-ask-password-agent fi dracut_need_initqueue } modules.d/90crypt/parse-crypt.sh000075500000017627151054757350012611 0ustar00#!/usr/bin/sh type crypttab_contains > /dev/null 2>&1 || . /lib/dracut-crypt-lib.sh _cryptgetargsname() { debug_off local _o _found _key unset _o unset _found _key="$1" set -- for _o in $(getargs rd.luks.name); do if [ "${_o%=*}" = "${_key%=}" ]; then [ -n "${_o%=*}" ] && set -- "$@" "${_o#*=}" _found=1 fi done if [ -n "$_found" ]; then [ $# -gt 0 ] && printf '%s' "$*" return 0 fi return 1 } if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then info "rd.luks=0: removing cryptoluks activation" rm -f -- /etc/udev/rules.d/70-luks.rules else { echo 'SUBSYSTEM!="block", GOTO="luks_end"' echo 'ACTION!="add|change", GOTO="luks_end"' } > /etc/udev/rules.d/70-luks.rules.new PARTUUID=$(getargs rd.luks.partuuid -d rd_LUKS_PARTUUID) SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL) LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID) tout=$(getarg rd.luks.key.tout) if [ -e /etc/crypttab ]; then while read -r _ _dev _ || [ -n "$_dev" ]; do set_systemd_timeout_for_dev "$_dev" done < /etc/crypttab fi if [ -n "$PARTUUID" ]; then for uuid in $PARTUUID; do is_keysource=0 _uuid=$uuid uuid=${uuid#keysource:} [ "$uuid" != "$_uuid" ] && is_keysource=1 unset _uuid uuid=${uuid##luks-} if luksname=$(_cryptgetargsname "$uuid="); then luksname="${luksname#$uuid=}" else luksname="luks-$uuid" fi if [ -z "$DRACUT_SYSTEMD" ]; then { printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" # shellcheck disable=SC2016 printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout" } >> /etc/udev/rules.d/70-luks.rules.new else luksname=$(dev_unit_name "$luksname") # shellcheck disable=SC1003 luksname="$(str_replace "$luksname" '\' '\\')" if ! crypttab_contains "$uuid"; then { printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)" printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname" } >> /etc/udev/rules.d/70-luks.rules.new fi fi done elif [ -n "$SERIAL" ]; then for serialid in $SERIAL; do is_keysource=0 _serialid=$serialid serialid=${serialid#keysource:} [ "$serialid" != "$_serialid" ] && is_keysource=1 unset _serialid serialid=${serialid##luks-} if luksname=$(_cryptgetargsname "$serialid="); then luksname="${luksname#$serialid=}" else luksname="luks-$serialid" fi if [ -z "$DRACUT_SYSTEMD" ]; then { printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" # shellcheck disable=SC2016 printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout" } >> /etc/udev/rules.d/70-luks.rules.new else luksname=$(dev_unit_name "$luksname") # shellcheck disable=SC1003 luksname="$(str_replace "$luksname" '\' '\\')" if ! crypttab_contains "$serialid"; then { printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)" printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname" } >> /etc/udev/rules.d/70-luks.rules.new fi fi done elif [ -n "$LUKS" ]; then for luksid in $LUKS; do is_keysource=0 _luksid=$luksid luksid=${luksid#keysource:} [ "$luksid" != "$_luksid" ] && is_keysource=1 unset _luksid luksid=${luksid##luks-} if luksname=$(_cryptgetargsname "$luksid="); then luksname="${luksname#$luksid=}" else luksname="luks-$luksid" fi if [ -z "$DRACUT_SYSTEMD" ]; then { printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", ' printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)" # shellcheck disable=SC2016 printf -- '$env{DEVNAME} %s %s %s"\n' "$luksname" "$is_keysource" "$tout" } >> /etc/udev/rules.d/70-luks.rules.new else luksname=$(dev_unit_name "$luksname") # shellcheck disable=SC1003 luksname="$(str_replace "$luksname" '\' '\\')" if ! crypttab_contains "$luksid"; then { printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", ' printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid" printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)" printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)" printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname" } >> /etc/udev/rules.d/70-luks.rules.new fi fi if [ $is_keysource -eq 0 ]; then uuid=$luksid while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' "$uuid" \ >> "$hookdir/initqueue/finished/90-crypt.sh" { printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' "$luksid" printf -- 'warn "crypto LUKS UUID "%s" not found"\n' "$luksid" } >> "$hookdir/emergency/90-crypt.sh" fi done elif getargbool 0 rd.auto; then if [ -z "$DRACUT_SYSTEMD" ]; then { printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)" printf -- '--unique --settled --onetime --name cryptroot-ask-%%k ' # shellcheck disable=SC2016 printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} 0 %s"\n' "$(command -v cryptroot-ask)" "$tout" } >> /etc/udev/rules.d/70-luks.rules.new else { printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)" printf -- '--unique --settled --onetime --name crypt-run-generator-%%k ' # shellcheck disable=SC2016 printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)" } >> /etc/udev/rules.d/70-luks.rules.new fi fi echo 'LABEL="luks_end"' >> /etc/udev/rules.d/70-luks.rules.new mv /etc/udev/rules.d/70-luks.rules.new /etc/udev/rules.d/70-luks.rules fi modules.d/90crypt/parse-keydev.sh000075500000002545151054757350012730 0ustar00#!/usr/bin/sh if getargbool 1 rd.luks -n rd_NO_LUKS \ && [ -n "$(getarg rd.luks.key)" ]; then exec 7> /etc/udev/rules.d/65-luks-keydev.rules echo 'SUBSYSTEM!="block", GOTO="luks_keydev_end"' >&7 echo 'ACTION!="add|change", GOTO="luks_keydev_end"' >&7 for arg in $(getargs rd.luks.key); do unset keypath keydev luksdev splitsep : "$arg" keypath keydev luksdev info "rd.luks.key: keypath='$keypath' keydev='$keydev' luksdev='$luksdev'" if [ -z "$keypath" ]; then warn 'keypath required!' continue fi # A keydev of '/' is treated as the initrd itself if [ "/" = "$keydev" ]; then [ -z "$luksdev" ] && luksdev='*' echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys continue elif [ -n "$keydev" ]; then udevmatch "$keydev" >&7 || { warn 'keydev incorrect!' continue } printf ', ' >&7 fi { printf -- 'RUN+="%s --unique --onetime ' "$(command -v initqueue)" printf -- '--name probe-keydev-%%k ' printf -- '%s /dev/%%k %s %s"\n' \ "$(command -v probe-keydev)" "${keypath}" "${luksdev}" } >&7 done unset arg keypath keydev luksdev echo 'LABEL="luks_keydev_end"' >&7 exec 7>&- fi modules.d/90crypt/probe-keydev.sh000075500000000577151054757350012730 0ustar00#!/usr/bin/sh . /lib/dracut-crypt-lib.sh real_keydev="$1" keypath="$2" luksdev="$3" [ -z "$real_keydev" -o -z "$keypath" ] && die 'probe-keydev: wrong usage!' [ -z "$luksdev" ] && luksdev='*' info "Probing $real_keydev for $keypath..." test_dev -f "$real_keydev" "$keypath" || exit 1 info "Found $keypath on $real_keydev" echo "$luksdev:$real_keydev:$keypath" >> /tmp/luks.keys modules.d/90dm/11-dm.rules000064400000000216151054757350011115 0ustar00SUBSYSTEM!="block", GOTO="dm_end" KERNEL!="dm-[0-9]*", GOTO="dm_end" ACTION!="add|change", GOTO="dm_end" OPTIONS+="db_persist" LABEL="dm_end" modules.d/90dm/59-persistent-storage-dm.rules000064400000001235151054757350014773 0ustar00SUBSYSTEM!="block", GOTO="dm_end" ACTION!="add|change", GOTO="dm_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end" KERNEL!="dm-[0-9]*", GOTO="dm_end" ACTION=="add", GOTO="dm_end" IMPORT{program}="/sbin/dmsetup info -c --nameprefixes --unquoted --rows --noheadings -o name,uuid,suspended,readonly,major,minor,open,tables_loaded,names_using_dev -j%M -m%m" ENV{DM_NAME}!="?*", GOTO="dm_end" ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", GOTO="dm_end" ENV{DM_UUID}=="CRYPT-TEMP-?*", GOTO="dm_end" ENV{DM_UUID}!="?*", ENV{DM_NAME}=="temporary-cryptsetup-?*", GOTO="dm_end" IMPORT BLKID LABEL="dm_end" modules.d/90dm/dm-pre-udev.sh000075500000000153151054757350011706 0ustar00#!/usr/bin/sh strstr "$(cat /proc/misc)" device-mapper || modprobe dm_mod modprobe dm_mirror 2> /dev/null modules.d/90dm/dm-shutdown.sh000075500000002355151054757350012040 0ustar00#!/usr/bin/sh _remove_dm() { local dev=$1 local s local devname for s in /sys/block/"${dev}"/holders/dm-*; do [ -e "${s}" ] || continue _remove_dm "${s##*/}" done # multipath devices might have MD devices on top, # which are removed after this script. So do not # remove those to avoid spurious errors case $(cat /sys/block/"${dev}"/dm/uuid) in mpath-*) return 0 ;; *) devname=$(cat /sys/block/"${dev}"/dm/name) dmsetup -v --noudevsync remove "$devname" || return $? ;; esac return 0 } _do_dm_shutdown() { local ret=0 local final=$1 local dev info "Disassembling device-mapper devices" for dev in /sys/block/dm-*; do [ -e "${dev}" ] || continue if [ "x$final" != "x" ]; then _remove_dm "${dev##*/}" || ret=$? else _remove_dm "${dev##*/}" > /dev/null 2>&1 || ret=$? fi done if [ "x$final" != "x" ]; then info "dmsetup ls --tree" dmsetup ls --tree 2>&1 | vinfo fi return $ret } if command -v dmsetup > /dev/null \ && [ "x$(dmsetup status)" != "xNo devices found" ]; then _do_dm_shutdown "$1" else : fi modules.d/90dm/module-setup.sh000075500000001765151054757350012216 0ustar00#!/usr/bin/bash # called by dracut check() { require_binaries dmsetup || return 1 return 255 } # called by dracut depends() { return 0 } # called by dracut installkernel() { instmods '=drivers/md' dm_mod dm-cache dm-cache-mq dm-cache-cleaner } # called by dracut install() { modinfo -k "$kernel" dm_mod > /dev/null 2>&1 \ && inst_hook pre-udev 30 "$moddir/dm-pre-udev.sh" inst_multiple dmsetup inst_multiple -o dmeventd inst_libdir_file "libdevmapper-event.so*" inst_rules 10-dm.rules 13-dm-disk.rules 95-dm-notify.rules # Gentoo ebuild for LVM2 prior to 2.02.63-r1 doesn't install above rules # files, but provides the one below: inst_rules 64-device-mapper.rules # debian udev rules inst_rules 60-persistent-storage-dm.rules 55-dm.rules inst_rules "$moddir/11-dm.rules" inst_rules "$moddir/59-persistent-storage-dm.rules" prepare_udev_rules 59-persistent-storage-dm.rules inst_hook shutdown 25 "$moddir/dm-shutdown.sh" } modules.d/90dmraid/61-dmraid-imsm.rules000064400000001631151054757350013567 0ustar00# This file causes block devices with RAID (dmraid) signatures to # automatically cause dmraid_scan to be run. # See udev(8) for syntax SUBSYSTEM!="block", GOTO="dm_end" ACTION!="add|change", GOTO="dm_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end" ENV{ID_FS_TYPE}=="linux_raid_member", GOTO="dm_end" ENV{ID_FS_TYPE}!="*_raid_member", GOTO="dm_end" ENV{ID_FS_TYPE}=="isw_raid_member", ENV{rd_NO_MDIMSM}!="?*", GOTO="dm_end" ENV{ID_FS_TYPE}=="ddf_raid_member", ENV{rd_NO_MDDDF}!="?*", GOTO="dm_end" ENV{rd_NO_DM}=="?*", GOTO="dm_end" OPTIONS:="nowatch" ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", GOTO="dm_end" PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] && exit 0; done; exit 1;' ", \ GOTO="dm_end" RUN+="/sbin/initqueue --onetime --unique --settled /sbin/dmraid_scan $env{DEVNAME}" LABEL="dm_end" modules.d/90dmraid/dmraid.sh000075500000002256151054757350011667 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh devenc=$(str_replace "$1" '/' '\2f') [ -e /tmp/dmraid."$devenc" ] && exit 0 : > /tmp/dmraid."$devenc" DM_RAIDS=$(getargs rd.dm.uuid -d rd_DM_UUID=) if [ -n "$DM_RAIDS" ] || getargbool 0 rd.auto; then # run dmraid if udev has settled info "Scanning for dmraid devices $DM_RAIDS" SETS=$(dmraid -c -s) if [ "$SETS" = "no raid disks" -o "$SETS" = "no raid sets" ]; then return fi info "Found dmraid sets:" echo "$SETS" | vinfo if [ -n "$DM_RAIDS" ]; then # only activate specified DM RAIDS for r in $DM_RAIDS; do for s in $SETS; do if [ "${s##$r}" != "$s" ]; then info "Activating $s" dmraid -ay -i -p --rm_partitions "$s" 2>&1 | vinfo fi done done else # scan and activate all DM RAIDS for s in $SETS; do info "Activating $s" dmraid -ay -i -p --rm_partitions "$s" 2>&1 | vinfo [ -e "/dev/mapper/$s" ] && kpartx -a "/dev/mapper/$s" 2>&1 | vinfo udevsettle done fi need_shutdown fi modules.d/90dmraid/module-setup.sh000075500000004160151054757350013046 0ustar00#!/usr/bin/bash # called by dracut check() { local holder local dev # if we don't have dmraid installed on the host system, no point # in trying to support it in the initramfs. require_binaries dmraid || return 1 require_binaries kpartx || return 1 [[ $hostonly ]] || [[ $mount_needs ]] && { for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue DEVPATH=$(get_devpath_block "$dev") for holder in "$DEVPATH"/holders/*; do [[ -e $holder ]] || continue [[ -e "$holder/dm" ]] && return 0 break done done return 255 } return 0 } # called by dracut depends() { echo dm rootfs-block return 0 } # called by dracut cmdline() { local dev local -A _activated for dev in "${!host_fs_types[@]}"; do local holder DEVPATH DM_NAME [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue DEVPATH=$(get_devpath_block "$dev") for holder in "$DEVPATH"/holders/*; do [[ -e $holder ]] || continue dev="/dev/${holder##*/}" DM_NAME="$(dmsetup info -c --noheadings -o name "$dev" 2> /dev/null)" [[ ${DM_NAME} ]] && break done [[ ${DM_NAME} ]] || continue if ! [[ ${_activated[${DM_NAME}]} ]]; then printf "%s" " rd.dm.uuid=${DM_NAME}" _activated["${DM_NAME}"]=1 fi done } # called by dracut install() { local _raidconf if [[ $hostonly_cmdline == "yes" ]]; then _raidconf=$(cmdline) [[ $_raidconf ]] && printf "%s\n" "$_raidconf" >> "${initdir}/etc/cmdline.d/90dmraid.conf" fi inst_multiple dmraid inst_multiple -o kpartx inst "$(command -v partx)" /sbin/partx inst "$moddir/dmraid.sh" /sbin/dmraid_scan inst_rules 66-kpartx.rules 67-kpartx-compat.rules inst_libdir_file "libdmraid-events*.so*" inst_rules "$moddir/61-dmraid-imsm.rules" #inst "$moddir/dmraid-cleanup.sh" /sbin/dmraid-cleanup inst_hook pre-trigger 30 "$moddir/parse-dm.sh" } modules.d/90dmraid/parse-dm.sh000075500000001476151054757350012142 0ustar00#!/usr/bin/sh # nodmraid for anaconda / rc.sysinit compatibility if ! getargbool 1 rd.dm -d -n rd_NO_DM || getarg "rd.dm=0" -d nodmraid; then info "rd.dm=0: removing DM RAID activation" udevproperty rd_NO_DM=1 fi if ! command -v mdadm > /dev/null \ || ! getargbool 1 rd.md.imsm -d -n rd_NO_MDIMSM -n noiswmd \ || ! getargbool 1 rd.md -d -n rd_NO_MD; then info "rd.md.imsm=0: no MD RAID for imsm/isw raids" udevproperty rd_NO_MDIMSM=1 fi if ! command -v mdadm > /dev/null \ || ! getargbool 1 rd.md.ddf -n rd_NO_MDDDF -n noddfmd \ || ! getargbool 1 rd.md -d -n rd_NO_MD; then info "rd.md.ddf=0: no MD RAID for SNIA ddf raids" udevproperty rd_NO_MDDDF=1 fi DM_RAIDS=$(getargs rd.dm.uuid -d rd_DM_UUID=) if [ -z "$DM_RAIDS" ] && ! getargbool 0 rd.auto; then udevproperty rd_NO_DM=1 fi modules.d/90kernel-modules/insmodpost.sh000075500000000307151054757350014307 0ustar00#!/usr/bin/sh . /lib/dracut-lib.sh for modlist in $(getargs rd.driver.post -d rdinsmodpost=); do ( IFS=, for m in $modlist; do modprobe "$m" done ) done modules.d/90kernel-modules/module-setup.sh000075500000012563151054757350014542 0ustar00#!/usr/bin/bash # called by dracut installkernel() { local _blockfuncs='ahci_platform_get_resources|ata_scsi_ioctl|scsi_add_host|blk_cleanup_queue|register_mtd_blktrans|scsi_esp_register|register_virtio_device|usb_stor_disconnect|mmc_add_host|sdhci_add_host|scsi_add_host_with_dma|blk_alloc_disk|blk_mq_alloc_disk|blk_cleanup_disk' local -A _hostonly_drvs find_kernel_modules_external() { local a [[ -f "$srcmods/modules.dep" ]] || return 0 while IFS=: read -r a _ || [[ $a ]]; do [[ $a =~ ^/ ]] && printf "%s\n" "$a" done < "$srcmods/modules.dep" } record_block_dev_drv() { for _mod in $(get_dev_module /dev/block/"$1"); do _hostonly_drvs["$_mod"]="$_mod" done for _mod in $(get_blockdev_drv_through_sys "/sys/dev/block/$1"); do _hostonly_drvs["$_mod"]="$_mod" done ((${#_hostonly_drvs[@]} > 0)) && return 0 return 1 } install_block_modules_strict() { hostonly='' instmods "${_hostonly_drvs[@]}" } install_block_modules() { instmods \ scsi_dh_rdac scsi_dh_emc scsi_dh_alua \ =drivers/usb/storage \ =ide nvme vmd \ virtio_blk virtio_scsi dracut_instmods -o -s "${_blockfuncs}" "=drivers" } if [[ -z $drivers ]]; then hostonly='' instmods \ hid_generic unix \ ehci-hcd ehci-pci ehci-platform \ ohci-hcd ohci-pci \ uhci-hcd \ xhci-hcd xhci-pci xhci-plat-hcd hostonly=$(optional_hostonly) instmods \ "=drivers/hid" \ "=drivers/tty/serial" \ "=drivers/input/serio" \ "=drivers/input/keyboard" \ "=drivers/pci/host" \ "=drivers/pci/controller" \ "=drivers/pinctrl" \ "=drivers/usb/typec" \ "=drivers/watchdog" instmods \ yenta_socket \ atkbd i8042 usbhid firewire-ohci pcmcia hv-vmbus \ virtio virtio_ring virtio_pci pci_hyperv \ "=drivers/pcmcia" if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 || ${DRACUT_ARCH:-$(uname -m)} == riscv* ]]; then # arm/aarch64 specific modules _blockfuncs+='|dw_mc_probe|dw_mci_pltfm_register' instmods \ "=drivers/clk" \ "=drivers/devfreq" \ "=drivers/dma" \ "=drivers/extcon" \ "=drivers/gpio" \ "=drivers/hwmon" \ "=drivers/hwspinlock" \ "=drivers/i2c/busses" \ "=drivers/mailbox" \ "=drivers/memory" \ "=drivers/mfd" \ "=drivers/mmc/core" \ "=drivers/mmc/host" \ "=drivers/nvmem" \ "=drivers/phy" \ "=drivers/power" \ "=drivers/regulator" \ "=drivers/reset" \ "=drivers/rpmsg" \ "=drivers/rtc" \ "=drivers/soc" \ "=drivers/spi" \ "=drivers/usb/chipidea" \ "=drivers/usb/dwc2" \ "=drivers/usb/dwc3" \ "=drivers/usb/host" \ "=drivers/usb/isp1760" \ "=drivers/usb/misc" \ "=drivers/usb/musb" \ "=drivers/usb/phy" \ "=drivers/scsi/hisi_sas" fi find_kernel_modules_external | instmods # if not on hostonly mode, or there are hostonly block device # install block drivers if ! [[ $hostonly ]] \ || for_each_host_dev_and_slaves_all record_block_dev_drv; then hostonly='' instmods sg sr_mod sd_mod scsi_dh ata_piix if [[ $hostonly_mode == "strict" ]]; then install_block_modules_strict else install_block_modules fi fi # if not on hostonly mode, install all known filesystems, # if the required list is not set via the filesystems variable if ! [[ $hostonly ]]; then if [[ -z $filesystems ]]; then dracut_instmods -o -P ".*/(kernel/fs/nfs|kernel/fs/nfsd|kernel/fs/lockd)/.*" '=fs' fi elif [[ "${host_fs_types[*]}" ]]; then hostonly='' instmods "${host_fs_types[@]}" fi arch=${DRACUT_ARCH:-$(uname -m)} # We don't want to play catch up with hash and encryption algorithms. # To be safe, just use the hammer and include all crypto. [[ $arch == x86_64 ]] && arch=x86 [[ $arch == s390x ]] && arch=s390 [[ $arch == aarch64 ]] && arch=arm64 hostonly='' instmods "=crypto" instmods "=arch/$arch/crypto" "=drivers/crypto" fi inst_multiple -o "$depmodd/*.conf" if [[ $hostonly ]]; then inst_multiple -H -o "$depmodconfdir/*.conf" fi : } # called by dracut install() { [[ -d /lib/modprobe.d ]] && inst_multiple -o "/lib/modprobe.d/*.conf" [[ -d /usr/lib/modprobe.d ]] && inst_multiple -o "/usr/lib/modprobe.d/*.conf" [[ $hostonly ]] && inst_multiple -H -o /etc/modprobe.d/*.conf /etc/modprobe.conf if ! dracut_module_included "systemd"; then inst_hook cmdline 01 "$moddir/parse-kernel.sh" fi inst_simple "$moddir/insmodpost.sh" /sbin/insmodpost.sh } modules.d/90kernel-modules/parse-kernel.sh000075500000001631151054757350014501 0ustar00#!/usr/bin/sh _modprobe_d=/etc/modprobe.d if [ -d /usr/lib/modprobe.d ]; then _modprobe_d=/usr/lib/modprobe.d elif [ -d /lib/modprobe.d ]; then _modprobe_d=/lib/modprobe.d elif [ ! -d $_modprobe_d ]; then mkdir -p $_modprobe_d fi for i in $(getargs rd.driver.pre -d rdloaddriver=); do ( IFS=, for p in $i; do modprobe "$p" 2>&1 | vinfo done ) done [ -d /etc/modprobe.d ] || mkdir -p /etc/modprobe.d for i in $(getargs rd.driver.blacklist -d rdblacklist=); do ( IFS=, for p in $i; do echo "blacklist $p" >> $_modprobe_d/initramfsblacklist.conf done ) done for p in $(getargs rd.driver.post -d rdinsmodpost=); do echo "blacklist $p" >> $_modprobe_d/initramfsblacklist.conf _do_insmodpost=1 done [ -n "$_do_insmodpost" ] && initqueue --settled --unique --onetime insmodpost.sh unset _do_insmodpost _modprobe_d modules.d/90kernel-modules-extra/module-setup.sh000075500000014373151054757350015664 0ustar00#!/usr/bin/bash # called by dracut # # Parses depmod configuration and calls instmods for out-of-tree kernel # modules found. Specifically, kernel modules inside directories that # come from the following places are included (if these kernel modules # are present in modules.dep): # - "search" configuration option; # - "override" configuration option (matching an exact file name constructed # by concatenating the provided directory and the kernel module name); # - "external" configuration option (if "external" is a part of "search" # configuration). # (See depmod.d(5) for details.) # # This module has the following variables available for configuration: # - "depmod_modules_dep" - Path to the modules.dep file # ("$srcmods/modules.dep" by default); # - "depmod_module_dir" - Directory containing kernel modules ("$srcmods" # by default); # - "depmod_configs" - array of depmod configuration paths to parse # (as supplied to depmod -C, ("/run/depmod.d/" # "/etc/depmod.d/" "/lib/depmod.d/") by default). installkernel() { : "${depmod_modules_dep:=$srcmods/modules.dep}" : "${depmod_module_dir:=$srcmods}" [[ -f ${depmod_modules_dep} ]] || return 0 # Message printers with custom prefix local mod_name="kernel-modules-extra" prinfo() { dinfo " ${mod_name}: $*"; } prdebug() { ddebug " ${mod_name}: $*"; } # Escape a string for usage as a part of extended regular expression. # $1 - string to escape re_escape() { printf "%s" "$1" | sed 's/\([.+?^$\/\\|()\[]\|\]\)/\\\0/' } local cfg local cfgs=() local search_list="" local overrides=() local external_dirs=() local e f ## Gathering and sorting configuration file list [ -n "${depmod_configs[*]-}" ] \ || depmod_configs=(/run/depmod.d /etc/depmod.d /lib/depmod.d) for cfg in "${depmod_configs[@]}"; do [ -e "$cfg" ] || { prdebug "configuration source \"$cfg\" does not exist" continue } # '/' is used as a separator between configuration name and # configuration path if [ -d "$cfg" ]; then for f in "$cfg/"*.conf; do [[ -e $f && ! -d $f ]] || { prdebug "configuration source" \ "\"$cfg\" is ignored" \ "(directory or doesn't exist)" continue } cfgs+=("${f##*/}/$f") done else cfgs+=("${cfg##*/}/$cfg") fi done if ((${#cfgs[@]} > 0)); then mapfile -t cfgs < <(printf '%s\n' "${cfgs[@]}" | LANG=C sort -u -k1,1 -t '/' | cut -f 2- -d '/') fi ## Parse configurations for cfg in "${cfgs[@]}"; do prdebug "parsing configuration file \"$cfg\"" local k v mod kverpat path while read -r k v; do case "$k" in search) search_list="$search_list $v" prdebug "$cfg: added \"$v\" to the list of" \ "search directories" ;; override) # module_name kver_pattern dir read -r mod kverpat path <<< "$v" if [[ ! $mod || ! $kverpat || ! $path ]]; then prinfo "$cfg: ignoring incorrect" \ "override option: \"$k $v\"" continue fi if [[ '*' == "$kverpat" ]] \ || [[ $kernel =~ $kverpat ]]; then overrides+=("${path}/${mod}") prdebug "$cfg: added override" \ "\"${path}/${mod}\"" else prdebug "$cfg: override \"$v\" is" \ "ignored since \"$kverpat\"" \ "doesn't match \"$kernel\"" fi ;; external) # kverpat dir read -r kverpat path <<< "$v" if [[ ! $kverpat || ! $path ]]; then prinfo "$cfg: ignoring incorrect" \ "external option: \"$k $v\"" continue fi if [[ '*' == "$kverpat" || \ $kernel =~ $kverpat ]]; then external_dirs+=("$path") prdebug "$cfg: added external" \ "directory \"$path\"" else prdebug "$cfg: external directory" \ "\"$path\" is ignored since" \ "\"$kverpat\" doesn't match " \ "\"$kernel\"" fi ;; '#'* | '') # comments and empty strings ;; include | make_map_files) # ignored by depmod ;; *) prinfo "$cfg: unknown depmod configuration" \ "option \"$k $v\"" ;; esac done < "$cfg" done # "updates built-in" is the default search list : "${search_list:=updates}" ## Build a list of regular expressions for grepping modules.dep local pathlist=() for f in "${overrides[@]}"; do pathlist+=("^$(re_escape "$f")") done for f in $(printf "%s" "$search_list"); do # Ignoring builtin modules [[ $f == "built-in" ]] && continue if [[ $f == "external" ]]; then for e in "${external_dirs[@]}"; do pathlist+=("$(re_escape "${e%/}")/[^:]+") done fi pathlist+=("$(re_escape "${f%/}")/[^:]+") done ## Filter modules.dep, canonicalise the resulting filenames and supply ## them to instmods. ((${#pathlist[@]} > 0)) || return 0 printf "^%s\.ko(\.gz|\.bz2|\.xz|\.zst)?:\n" "${pathlist[@]}" \ | (LANG=C grep -E -o -f - -- "$depmod_modules_dep" || exit 0) \ | tr -d ':' \ | ( cd "$depmod_module_dir" || exit xargs -r realpath -se -- ) \ | instmods || return 1 return 0 } modules.d/90lvm/64-lvm.rules000064400000002434151054757350011525 0ustar00# hacky rules to try to activate lvm when we get new block devs... # # Copyright 2008, Red Hat, Inc. # Jeremy Katz SUBSYSTEM!="block", GOTO="lvm_end" ACTION!="add|change", GOTO="lvm_end" # If the md device is active (indicated by array_state), then set the flag # LVM_MD_PV_ACTIVATED=1 indicating that the md device for the PV is ready # to be used. The lvm udev rule running in root will check that this flag # is set before it will process the md device (it wants to avoid # processing an md device that exists but is not yet ready to be used.) KERNEL=="md[0-9]*", ACTION=="change", ENV{ID_FS_TYPE}=="LVM2_member", ENV{LVM_MD_PV_ACTIVATED}!="1", TEST=="md/array_state", ENV{LVM_MD_PV_ACTIVATED}="1" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="lvm_end" KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end" ENV{ID_FS_TYPE}!="LVM?_member", GOTO="lvm_end" PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] && exit 0; done; exit 1;' ", \ GOTO="lvm_end" RUN+="/sbin/initqueue --settled --onetime --unique /sbin/lvm_scan" RUN+="/sbin/initqueue --timeout --name 51-lvm_scan --onetime --unique /sbin/lvm_scan --activationmode degraded" RUN+="/bin/sh -c '>/tmp/.lvm_scan-%k;'" LABEL="lvm_end" modules.d/90lvm/lvm_scan.sh000075500000011236151054757350011565 0ustar00#!/usr/bin/sh # run lvm scan if udev has settled extraargs="$*" type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh VGS=$(getargs rd.lvm.vg -d rd_LVM_VG=) LVS=$(getargs rd.lvm.lv -d rd_LVM_LV=) # shellcheck disable=SC2174 [ -d /etc/lvm ] || mkdir -m 0755 -p /etc/lvm [ -d /run/lvm ] || mkdir -m 0755 -p /run/lvm # build a list of devices to scan lvmdevs=$( for f in /tmp/.lvm_scan-*; do [ -e "$f" ] || continue printf '%s' "${f##/tmp/.lvm_scan-} " done ) check_lvm_ver() { maj=$1 min=$2 ver=$3 # --poll is supported since 2.2.57 [ "$4" -lt "$maj" ] && return 1 [ "$4" -gt "$maj" ] && return 0 [ "$5" -lt "$min" ] && return 1 [ "$5" -gt "$min" ] && return 0 [ "$6" -ge "$ver" ] && return 0 return 1 } no_lvm_conf_filter() { if [ ! -e /etc/lvm/lvm.conf ]; then return 0 fi if [ -e /run/lvm/initrd_no_filter ]; then return 0 fi if [ -e /run/lvm/initrd_filter ]; then return 1 fi if [ -e /run/lvm/initrd_global_filter ]; then return 1 fi # Save lvm config results in /run to avoid running # lvm config commands for every PV that's scanned. filter=$(lvm config devices/filter 2> /dev/null | grep "$filter=") if [ -n "$filter" ]; then printf '%s\n' "$filter" > /run/lvm/initrd_filter return 1 fi global_filter=$(lvm config devices/global_filter 2> /dev/null | grep "$global_filter=") if [ -n "$global_filter" ]; then printf '%s\n' "$global_filter" > /run/lvm/initrd_global_filter return 1 fi # /etc/lvm/lvm.conf exists with no filter setting true > /run/lvm/initrd_no_filter return 0 } # If no lvm.conf exists, create a basic one with a global section. if [ ! -e /etc/lvm/lvm.conf ]; then { echo 'global {' echo '}' } > /etc/lvm/lvm.conf lvmwritten=1 fi # Save the original lvm.conf before appending a filter setting. if [ ! -e /etc/lvm/lvm.conf.orig ]; then cp /etc/lvm/lvm.conf /etc/lvm/lvm.conf.orig fi # If the original lvm.conf does not contain a filter setting, # then generate a filter and append it to the original lvm.conf. # The filter is generated from the list PVs that have been seen # so far (each has been processed by the lvm udev rule.) if no_lvm_conf_filter; then { echo 'devices {' printf ' filter = [ ' for dev in $lvmdevs; do printf '"a|^/dev/%s$|", ' "$dev" done echo '"r/.*/" ]' echo '}' } > /etc/lvm/lvm.conf.filter lvmfilter=1 cat /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf.filter > /etc/lvm/lvm.conf fi # hopefully this output format will never change, e.g.: # LVM version: 2.02.53(1) (2009-09-25) OLDIFS=$IFS IFS=. # shellcheck disable=SC2046 set -- $(lvm version 2> /dev/null) IFS=$OLDIFS maj=${1##*:} min=$2 sub=${3%% *} sub=${sub%%\(*} # For lvchange and vgchange use --sysinit which: # disables polling (--poll n) # ignores monitoring (--ignoremonitoring) # ignores locking failures (--ignorelockingfailure) # disables hints (--nohints) # # For lvs and vgscan: # disable locking (--nolocking) # disable hints (--nohints) activate_args="--sysinit $extraargs" unset extraargs export LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES=1 scan_args="--nolocking" check_lvm_ver 2 3 14 "$maj" "$min" "$sub" \ && scan_args="$scan_args --nohints" if [ -n "$LVS" ]; then info "Scanning devices $lvmdevs for LVM logical volumes $LVS" # shellcheck disable=SC2086 LVSLIST=$(lvm lvs $scan_args --noheading -o lv_full_name,segtype $LVS) info "$LVSLIST" # Only attempt to activate an LV if it appears in the lvs output. for LV in $LVS; do if strstr "$LVSLIST" "$LV"; then # This lvchange is expected to fail if all PVs used by # the LV are not yet present. Premature/failed lvchange # could be avoided by reporting if an LV is complete # from the lvs command above and skipping this lvchange # if the LV is not lised as complete. # shellcheck disable=SC2086 lvm lvchange --yes -K -ay $activate_args "$LV" 2>&1 | vinfo fi done fi if [ -z "$LVS" ] || [ -n "$VGS" ]; then info "Scanning devices $lvmdevs for LVM volume groups $VGS" # shellcheck disable=SC2086 lvm vgscan $scan_args 2>&1 | vinfo # shellcheck disable=SC2086 lvm vgchange -ay $activate_args $VGS 2>&1 | vinfo fi if [ "$lvmwritten" ]; then rm -f -- /etc/lvm/lvm.conf elif [ "$lvmfilter" ]; then # revert filter that was appended to existing lvm.conf cp /etc/lvm/lvm.conf.orig /etc/lvm/lvm.conf rm -f -- /etc/lvm/lvm.conf.filter fi unset lvmwritten unset lvmfilter udevadm settle need_shutdown modules.d/90lvm/module-setup.sh000075500000007464151054757350012416 0ustar00#!/usr/bin/bash # called by dracut check() { # No point trying to support lvm if the binaries are missing require_binaries lvm grep || return 1 [[ $hostonly ]] || [[ $mount_needs ]] && { for fs in "${host_fs_types[@]}"; do [[ $fs == LVM*_member ]] && return 0 done return 255 } return 0 } # called by dracut depends() { # We depend on dm_mod being loaded echo rootfs-block dm return 0 } # called by dracut cmdline() { local _activated declare -A _activated for dev in "${!host_fs_types[@]}"; do [[ -e /sys/block/${dev#/dev/}/dm/name ]] || continue [[ -e /sys/block/${dev#/dev/}/dm/uuid ]] || continue uuid=$(< "/sys/block/${dev#/dev/}/dm/uuid") [[ ${uuid#LVM-} == "$uuid" ]] && continue dev=$(< "/sys/block/${dev#/dev/}/dm/name") eval "$(dmsetup splitname --nameprefixes --noheadings --rows "$dev" 2> /dev/null)" [[ ${DM_VG_NAME} ]] && [[ ${DM_LV_NAME} ]] || return 1 if ! [[ ${_activated[DM_VG_NAME / DM_LV_NAME]} ]]; then printf " rd.lvm.lv=%s " "${DM_VG_NAME}/${DM_LV_NAME} " _activated["${DM_VG_NAME}/${DM_LV_NAME}"]=1 fi done } installkernel() { hostonly='' instmods dm-snapshot } # called by dracut install() { inst_multiple lvm grep if [[ $hostonly_cmdline == "yes" ]]; then local _lvmconf _lvmconf=$(cmdline) [[ $_lvmconf ]] && printf "%s\n" "$_lvmconf" >> "${initdir}/etc/cmdline.d/90lvm.conf" fi inst_rules "$moddir/64-lvm.rules" if [[ $hostonly ]] || [[ $lvmconf == "yes" ]]; then if [[ -f $dracutsysrootdir/etc/lvm/lvm.conf ]]; then inst_simple -H /etc/lvm/lvm.conf fi export LVM_SUPPRESS_FD_WARNINGS=1 # Also install any files needed for LVM system id support. if [[ -f $dracutsysrootdir/etc/lvm/lvmlocal.conf ]]; then inst_simple -H /etc/lvm/lvmlocal.conf fi eval "$(lvm dumpconfig global/system_id_source &> /dev/null)" if [ "$system_id_source" == "file" ]; then eval "$(lvm dumpconfig global/system_id_file)" if [ -f "$system_id_file" ]; then inst_simple -H "$system_id_file" fi fi unset LVM_SUPPRESS_FD_WARNINGS fi inst_rules 11-dm-lvm.rules # Gentoo ebuild for LVM2 prior to 2.02.63-r1 doesn't install above rules # files, but provides the one below: inst_rules 64-device-mapper.rules # debian udev rules inst_rules 56-lvm.rules 60-persistent-storage-lvm.rules inst_script "$moddir/lvm_scan.sh" /sbin/lvm_scan inst_hook cmdline 30 "$moddir/parse-lvm.sh" inst_libdir_file "libdevmapper-event-lvm*.so" if [[ $hostonly ]] && find_binary lvs &> /dev/null; then for dev in "${!host_fs_types[@]}"; do [[ -e /sys/block/${dev#/dev/}/dm/name ]] || continue dev=$(< "/sys/block/${dev#/dev/}/dm/name") eval "$(dmsetup splitname --nameprefixes --noheadings --rows "$dev" 2> /dev/null)" # shellcheck disable=SC2015 [[ ${DM_VG_NAME} ]] && [[ ${DM_LV_NAME} ]] || continue case "$(lvs --noheadings -o segtype "${DM_VG_NAME}" 2> /dev/null)" in *thin* | *cache* | *era*) inst_multiple -o thin_dump thin_restore thin_check thin_repair \ cache_dump cache_restore cache_check cache_repair \ era_check era_dump era_invalidate era_restore break ;; esac done fi if ! [[ $hostonly ]]; then inst_multiple -o thin_dump thin_restore thin_check thin_repair \ cache_dump cache_restore cache_check cache_repair \ era_check era_dump era_invalidate era_restore fi dracut_need_initqueue } modules.d/90lvm/parse-lvm.sh000075500000000753151054757350011673 0ustar00#!/usr/bin/sh if [ -e /etc/lvm/lvm.conf ] && ! getargbool 1 rd.lvm.conf -d -n rd_NO_LVMCONF; then rm -f -- /etc/lvm/lvm.conf fi LV_DEVS="$(getargs rd.lvm.vg -d rd_LVM_VG=) $(getargs rd.lvm.lv -d rd_LVM_LV=)" if ! getargbool 1 rd.lvm -d -n rd_NO_LVM \ || { [ -z "$LV_DEVS" ] && ! getargbool 0 rd.auto; }; then info "rd.lvm=0: removing LVM activation" rm -f -- /etc/udev/rules.d/64-lvm*.rules else for dev in $LV_DEVS; do wait_for_dev -n "/dev/$dev" done fi modules.d/90mdraid/59-persistent-storage-md.rules000064400000001512151054757360015632 0ustar00SUBSYSTEM!="block", GOTO="md_end" ACTION!="add|change", GOTO="md_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="md_end" KERNEL!="md[0-9]*|md_d[0-9]*|md/*", KERNEL!="md*", GOTO="md_end" # partitions have no md/{array_state,metadata_version} ENV{DEVTYPE}=="partition", GOTO="md_ignore_state" # container devices have a metadata version of e.g. 'external:ddf' and # never leave state 'inactive' ATTR{md/metadata_version}=="external:[A-Za-z]*", ATTR{md/array_state}=="inactive", GOTO="md_ignore_state" TEST!="md/array_state", GOTO="md_end" ATTR{md/array_state}=="|clear|inactive", GOTO="md_end" LABEL="md_ignore_state" IMPORT{program}="/sbin/mdadm --detail --export $tempnode" IMPORT BLKID OPTIONS+="link_priority=100" OPTIONS+="watch" OPTIONS+="db_persist" LABEL="md_end" modules.d/90mdraid/65-md-incremental-imsm.rules000064400000002657151054757360015244 0ustar00# This file causes block devices with Linux RAID (mdadm) signatures to # automatically cause mdadm to be run. # See udev(8) for syntax ACTION!="add|change", GOTO="md_end" SUBSYSTEM!="block", GOTO="md_end" ENV{rd_NO_MD}=="?*", GOTO="md_end" KERNEL=="md*", ENV{ID_FS_TYPE}!="linux_raid_member", GOTO="md_end" KERNEL=="md*", ACTION!="change", GOTO="md_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="md_end" ENV{ID_FS_TYPE}=="ddf_raid_member|isw_raid_member|linux_raid_member", GOTO="md_try" GOTO="md_end" LABEL="md_try" ENV{ID_FS_TYPE}=="isw_raid_member", ENV{rd_NO_MDIMSM}=="?*", GOTO="md_end" ENV{ID_FS_TYPE}=="ddf_raid_member", ENV{rd_NO_MDDDF}=="?*", GOTO="md_end" # already done ? PROGRAM="/bin/sh -c 'for i in $sys/$devpath/holders/md[0-9_]*; do [ -e $$i ] && exit 0; done; exit 1;' ", \ GOTO="md_end" # for native arrays - array's uuid has to be specified # for containers - container's uuid has to be specified # TODO : how to get embedded array's uuid having container's component ? # # UUID CHECK ENV{DEVTYPE}!="partition", \ RUN+="/sbin/partx -d --nr 1-1024 $env{DEVNAME}" RUN+="/sbin/initqueue --timeout --name 50-mdraid_start --onetime --unique /sbin/mdraid_start" # # Incrementally build the md array; this will automatically assemble # any eventual containers as well (imsm, ddf) # LABEL="md_incremental" RUN+="/sbin/mdadm -I $env{DEVNAME}" LABEL="md_end" modules.d/90mdraid/md-shutdown.sh000075500000000722151054757360012675 0ustar00#!/usr/bin/sh _do_md_shutdown() { local ret local final=$1 info "Waiting for mdraid devices to be clean." mdadm -vv --wait-clean --scan | vinfo ret=$? info "Disassembling mdraid devices." mdadm -vv --stop --scan | vinfo ret=$((ret + $?)) if [ "x$final" != "x" ]; then info "/proc/mdstat:" vinfo < /proc/mdstat fi return $ret } if command -v mdadm > /dev/null; then _do_md_shutdown "$1" else : fi modules.d/90mdraid/mdmon-pre-shutdown.sh000075500000000354151054757360014174 0ustar00#!/usr/bin/sh _do_mdmon_takeover() { local ret mdmon --takeover --all ret=$? [ $ret -eq 0 ] && info "Taking over mdmon processes." return $ret } if command -v mdmon > /dev/null; then _do_mdmon_takeover "$1" fi modules.d/90mdraid/mdmon-pre-udev.sh000075500000000211151054757360013254 0ustar00#!/usr/bin/sh # save state dir for mdmon/mdadm for the real root [ -d /run/mdadm ] || mkdir -m 0755 -p /run/mdadm # backward compat link modules.d/90mdraid/mdraid-cleanup.sh000075500000000766151054757360013321 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh containers="" for md in /dev/md[0-9_]*; do [ -b "$md" ] || continue udevinfo="$(udevadm info --query=env --name="$md")" strstr "$udevinfo" "DEVTYPE=partition" && continue if strstr "$udevinfo" "MD_LEVEL=container"; then containers="$containers $md" continue fi mdadm -S "$md" > /dev/null 2>&1 done for md in $containers; do mdadm -S "$md" > /dev/null 2>&1 done unset containers udevinfo modules.d/90mdraid/mdraid-needshutdown.sh000075500000000240151054757360014364 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh for md in /dev/md[0-9_]*; do [ -b "$md" ] || continue need_shutdown break done modules.d/90mdraid/mdraid-waitclean.sh000075500000001274151054757360013634 0ustar00#!/usr/bin/sh if getargbool 0 rd.md.waitclean; then type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh containers="" for md in /dev/md[0-9_]*; do [ -b "$md" ] || continue udevinfo="$(udevadm info --query=env --name="$md")" strstr "$udevinfo" "DEVTYPE=partition" && continue if strstr "$udevinfo" "MD_LEVEL=container"; then containers="$containers $md" continue fi info "Waiting for $md to become clean" mdadm -W "$md" > /dev/null 2>&1 done for md in $containers; do info "Waiting for $md to become clean" mdadm -W "$md" > /dev/null 2>&1 done unset containers udevinfo fi modules.d/90mdraid/mdraid_start.sh000075500000003505151054757360013103 0ustar00#!/usr/bin/sh type getargs > /dev/null 2>&1 || . /lib/dracut-lib.sh _md_start() { local _udevinfo local _path_s local _path_d local _md="$1" _udevinfo="$(udevadm info --query=env --name="${_md}")" strstr "$_udevinfo" "MD_LEVEL=container" && return 0 strstr "$_udevinfo" "DEVTYPE=partition" && return 0 _path_s="/sys/$(udevadm info -q path -n "${_md}")/md/array_state" [ ! -r "$_path_s" ] && return 0 # inactive ? [ "$(cat "$_path_s")" != "inactive" ] && return 0 mdadm -R "${_md}" 2>&1 | vinfo # still inactive ? [ "$(cat "$_path_s")" = "inactive" ] && return 0 _path_d="${_path_s%/*}/degraded" [ ! -r "$_path_d" ] && return 0 : > "$hookdir"/initqueue/work } _md_force_run() { local _md local _UUID local _MD_UUID _MD_UUID=$(getargs rd.md.uuid -d rd_MD_UUID=) [ -n "$_MD_UUID" ] || getargbool 0 rd.auto || return if [ -n "$_MD_UUID" ]; then _MD_UUID=$(str_replace "$_MD_UUID" "-" "") _MD_UUID=$(str_replace "$_MD_UUID" ":" "") for _md in /dev/md[0-9_]*; do [ -b "$_md" ] || continue _UUID=$( /sbin/mdadm -D --export "$_md" \ | while read -r line || [ -n "$line" ]; do str_starts "$line" "MD_UUID=" || continue printf "%s" "${line#MD_UUID=}" done ) [ -z "$_UUID" ] && continue _UUID=$(str_replace "$_UUID" ":" "") # check if we should handle this device strstr "$_MD_UUID" "$_UUID" || continue _md_start "${_md}" done else # try to force-run anything not running yet for _md in /dev/md[0-9_]*; do [ -b "$_md" ] || continue _md_start "${_md}" done fi } _md_force_run modules.d/90mdraid/module-setup.sh000075500000010743151054757360013053 0ustar00#!/usr/bin/bash # called by dracut check() { local dev holder # No mdadm? No mdraid support. require_binaries mdadm expr || return 1 [[ $hostonly ]] || [[ $mount_needs ]] && { for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue DEVPATH=$(get_devpath_block "$dev") for holder in "$DEVPATH"/holders/*; do [[ -e $holder ]] || continue [[ -e "$holder/md" ]] && return 0 break done done return 255 } return 0 } # called by dracut depends() { echo rootfs-block return 0 } # called by dracut installkernel() { instmods '=drivers/md' } # called by dracut cmdline() { local _activated dev line UUID declare -A _activated for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} != *_raid_member ]] && continue UUID=$( /sbin/mdadm --examine --export "$dev" \ | while read -r line || [[ "$line" ]]; do [[ ${line#MD_UUID=} == "$line" ]] && continue printf "%s" "${line#MD_UUID=} " done ) [[ -z $UUID ]] && continue if ! [[ ${_activated[${UUID}]} ]]; then printf "%s" " rd.md.uuid=${UUID}" _activated["${UUID}"]=1 fi done } # called by dracut install() { local rule rule_path inst_multiple cat expr inst_multiple -o mdmon inst "$(command -v partx)" /sbin/partx inst "$(command -v mdadm)" /sbin/mdadm if [[ $hostonly_cmdline == "yes" ]]; then local _raidconf _raidconf=$(cmdline) [[ $_raidconf ]] && printf "%s\n" "$_raidconf" >> "${initdir}/etc/cmdline.d/90mdraid.conf" fi # =mdadm-3.3 udev rules inst_rules 63-md-raid-arrays.rules 64-md-raid-assembly.rules # remove incremental assembly from stock rules, so they don't shadow # 65-md-inc*.rules and its fine-grained controls, or cause other problems # when we explicitly don't want certain components to be incrementally # assembled for rule in 64-md-raid.rules 64-md-raid-assembly.rules; do rule_path="${initdir}${udevdir}/rules.d/${rule}" # shellcheck disable=SC2016 [ -f "${rule_path}" ] && sed -i -r \ -e '/(RUN|IMPORT\{program\})\+?="[[:alpha:]/]*mdadm[[:blank:]]+(--incremental|-I)[[:blank:]]+(--export )?(\$env\{DEVNAME\}|\$tempnode|\$devnode)/d' \ "${rule_path}" done inst_rules "$moddir/65-md-incremental-imsm.rules" inst_rules "$moddir/59-persistent-storage-md.rules" prepare_udev_rules 59-persistent-storage-md.rules if [[ $hostonly ]] || [[ $mdadmconf == "yes" ]]; then if [[ -f $dracutsysrootdir/etc/mdadm.conf ]]; then inst -H /etc/mdadm.conf else [[ -f $dracutsysrootdir/etc/mdadm/mdadm.conf ]] && inst -H /etc/mdadm/mdadm.conf /etc/mdadm.conf fi if [[ -d $dracutsysrootdir/etc/mdadm.conf.d ]]; then local f inst_dir /etc/mdadm.conf.d for f in /etc/mdadm.conf.d/*.conf; do [[ -f "$dracutsysrootdir$f" ]] || continue inst -H "$f" done fi fi inst_hook pre-udev 30 "$moddir/mdmon-pre-udev.sh" inst_hook pre-trigger 30 "$moddir/parse-md.sh" inst_hook pre-mount 10 "$moddir/mdraid-waitclean.sh" inst_hook cleanup 99 "$moddir/mdraid-needshutdown.sh" inst_hook shutdown 30 "$moddir/md-shutdown.sh" inst_script "$moddir/mdraid-cleanup.sh" /sbin/mdraid-cleanup inst_script "$moddir/mdraid_start.sh" /sbin/mdraid_start if dracut_module_included "systemd"; then if [[ -e $dracutsysrootdir$systemdsystemunitdir/mdmon@.service ]]; then inst_simple "$systemdsystemunitdir"/mdmon@.service fi if [[ -e $dracutsysrootdir$systemdsystemunitdir/mdadm-last-resort@.service ]]; then inst_simple "$systemdsystemunitdir"/mdadm-last-resort@.service fi if [[ -e $dracutsysrootdir$systemdsystemunitdir/mdadm-last-resort@.timer ]]; then inst_simple "$systemdsystemunitdir"/mdadm-last-resort@.timer fi if [[ -e $dracutsysrootdir$systemdsystemunitdir/mdadm-grow-continue@.service ]]; then inst_simple "$systemdsystemunitdir"/mdadm-grow-continue@.service fi fi inst_hook pre-shutdown 30 "$moddir/mdmon-pre-shutdown.sh" dracut_need_initqueue } modules.d/90mdraid/parse-md.sh000075500000005304151054757360012135 0ustar00#!/usr/bin/sh # we really need to use `expr substr` with dash # shellcheck disable=SC2003 MD_UUID=$(getargs rd.md.uuid -d rd_MD_UUID=) # normalize the uuid MD_UUID=$(str_replace "$MD_UUID" "-" "") MD_UUID=$(str_replace "$MD_UUID" ":" "") if { [ -z "$MD_UUID" ] && ! getargbool 0 rd.auto; } || ! getargbool 1 rd.md -d -n rd_NO_MD; then info "rd.md=0: removing MD RAID activation" udevproperty rd_NO_MD=1 else # rewrite the md rules to only process the specified raid array if [ -n "$MD_UUID" ]; then for f in /etc/udev/rules.d/65-md-incremental*.rules; do [ -e "$f" ] || continue while read -r line || [ -n "$line" ]; do if [ "${line%%UUID CHECK}" != "$line" ]; then for uuid in $MD_UUID; do printf 'ENV{ID_FS_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8)-$(expr substr "$uuid" 9 4)-$(expr substr "$uuid" 13 4)-$(expr substr "$uuid" 17 4)-$(expr substr "$uuid" 21 12)" done # shellcheck disable=SC2016 printf 'IMPORT{program}="/sbin/mdadm --examine --export $tempnode"\n' for uuid in $MD_UUID; do printf 'ENV{MD_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" done printf 'GOTO="md_end"\n' printf 'LABEL="md_uuid_ok"\n' else echo "$line" fi done < "${f}" > "${f}.new" mv "${f}.new" "$f" done for uuid in $MD_UUID; do uuid="$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}" done fi fi if [ -e /etc/mdadm.conf ] && getargbool 1 rd.md.conf -d -n rd_NO_MDADMCONF; then udevproperty rd_MDADMCONF=1 rm -f -- "$hookdir"/pre-pivot/*mdraid-cleanup.sh fi if ! getargbool 1 rd.md.conf -d -n rd_NO_MDADMCONF; then rm -f -- /etc/mdadm/mdadm.conf /etc/mdadm.conf ln -s "$(command -v mdraid-cleanup)" "$hookdir"/pre-pivot/31-mdraid-cleanup.sh 2> /dev/null fi # noiswmd nodmraid for anaconda / rc.sysinit compatibility # note nodmraid really means nobiosraid, so we don't want MDIMSM then either if ! getargbool 1 rd.md.imsm -d -n rd_NO_MDIMSM -n noiswmd -n nodmraid; then info "no MD RAID for imsm/isw raids" udevproperty rd_NO_MDIMSM=1 fi # same thing with ddf containers if ! getargbool 1 rd.md.ddf -n rd_NO_MDDDF -n noddfmd -n nodmraid; then info "no MD RAID for SNIA ddf raids" udevproperty rd_NO_MDDDF=1 fi modules.d/90multipath/module-setup.sh000075500000010134151054757360013614 0ustar00#!/usr/bin/bash is_mpath() { local _dev=$1 [ -e /sys/dev/block/"$_dev"/dm/uuid ] || return 1 [[ $(cat /sys/dev/block/"$_dev"/dm/uuid) =~ mpath- ]] && return 0 return 1 } majmin_to_mpath_dev() { local _dev for i in /dev/mapper/*; do [[ $i == /dev/mapper/control ]] && continue _dev=$(get_maj_min "$i") if [ "$_dev" = "$1" ]; then echo "$i" return fi done } # called by dracut check() { [[ $hostonly ]] || [[ $mount_needs ]] && { for_each_host_dev_and_slaves is_mpath || return 255 } # if there's no multipath binary, no go. require_binaries multipath || return 1 require_binaries kpartx || return 1 return 0 } # called by dracut depends() { echo rootfs-block echo dm return 0 } # called by dracut cmdline() { for m in scsi_dh_alua scsi_dh_emc scsi_dh_rdac dm_multipath; do if grep -m 1 -q "$m" /proc/modules; then printf 'rd.driver.pre=%s ' "$m" fi done } # called by dracut installkernel() { local _arch=${DRACUT_ARCH:-$(uname -m)} local _funcs='scsi_register_device_handler|dm_dirty_log_type_register|dm_register_path_selector|dm_register_target' if [ "$_arch" = "s390" -o "$_arch" = "s390x" ]; then _s390drivers="=drivers/s390/scsi" fi hostonly='' dracut_instmods -o -s "$_funcs" "=drivers/scsi" "=drivers/md" ${_s390drivers:+"$_s390drivers"} } mpathconf_installed() { command -v mpathconf &> /dev/null } # called by dracut install() { local -A _allow local config_dir add_hostonly_mpath_conf() { if is_mpath "$1"; then local _dev _dev=$(majmin_to_mpath_dev "$1") [ -z "$_dev" ] && return _allow["$_dev"]="$_dev" fi } local k v while read -r k v; do if [[ $k == "config_dir" ]]; then v="${v#\"}" config_dir="${v%\"}" break fi done < <(multipath -t 2> /dev/null) [[ -d $config_dir ]] || config_dir=/etc/multipath/conf.d inst_multiple \ "$systemdsystemunitdir"/multipathd.service \ pkill \ pidof \ kpartx \ dmsetup \ multipath \ multipathd inst_multiple -o \ mpath_wait \ mpathconf \ mpathpersist \ xdrgetprio \ xdrgetuid \ /etc/xdrdevices.conf \ /etc/multipath.conf \ /etc/multipath/* \ "$config_dir"/* mpathconf_installed \ && [[ $hostonly ]] && [[ $hostonly_mode == "strict" ]] && { for_each_host_dev_and_slaves_all add_hostonly_mpath_conf if ((${#_allow[@]} > 0)); then local -a _args local _dev for _dev in "${_allow[@]}"; do _args+=("--allow" "$_dev") done mpathconf "${_args[@]}" --outfile "${initdir}"/etc/multipath.conf fi } inst "$(command -v partx)" /sbin/partx inst_libdir_file "libmultipath*" "multipath/*" inst_libdir_file 'libgcc_s.so*' if [[ $hostonly_cmdline ]]; then local _conf _conf=$(cmdline) [[ $_conf ]] && echo "$_conf" >> "${initdir}/etc/cmdline.d/90multipath.conf" fi if dracut_module_included "systemd"; then if mpathconf_installed; then inst_simple "${moddir}/multipathd-configure.service" "${systemdsystemunitdir}/multipathd-configure.service" $SYSTEMCTL -q --root "$initdir" enable multipathd-configure.service fi inst_simple "$moddir/multipathd-dracut.conf" "$systemdsystemunitdir/multipathd.service.d/multipathd-dracut.conf" $SYSTEMCTL -q --root "$initdir" enable multipathd.service else inst_hook pre-trigger 02 "$moddir/multipathd.sh" inst_hook cleanup 02 "$moddir/multipathd-stop.sh" fi inst_hook cleanup 80 "$moddir/multipathd-needshutdown.sh" inst_hook shutdown 20 "$moddir/multipath-shutdown.sh" inst_rules 40-multipath.rules 56-multipath.rules \ 62-multipath.rules 65-multipath.rules \ 66-kpartx.rules 67-kpartx-compat.rules \ 11-dm-mpath.rules 11-dm-parts.rules } modules.d/90multipath/multipath-shutdown.sh000075500000000261151054757360015051 0ustar00#!/usr/bin/sh for i in $(multipath -l -v1); do if ! dmsetup table "$i" | sed -n '/.*queue_if_no_path.*/q1'; then dmsetup message "$i" 0 fail_if_no_path fi done modules.d/90multipath/multipathd-configure.service000064400000001210151054757360016341 0ustar00[Unit] Description=Device-Mapper Multipath Default Configuration Before=iscsi.service iscsid.service lvm2-activation-early.service Wants=systemd-udev-trigger.service systemd-udev-settle.service local-fs-pre.target After=systemd-udev-trigger.service systemd-udev-settle.service Before=local-fs-pre.target multipathd.service DefaultDependencies=no Conflicts=shutdown.target ConditionKernelCommandLine=rd.multipath=default ConditionPathExists=!/etc/multipath.conf [Service] Type=oneshot ExecStartPre=-/usr/bin/mkdir -p /etc/multipath/multipath.conf.d ExecStart=/usr/sbin/mpathconf --enable --user_friendly_names n [Install] WantedBy=sysinit.target modules.d/90multipath/multipathd-needshutdown.sh000075500000000244151054757360016052 0ustar00#!/usr/bin/sh for i in $(multipath -l -v1); do if dmsetup table "$i" | sed -n '/.*queue_if_no_path.*/q1'; then need_shutdown break fi done modules.d/90multipath/multipathd-stop.sh000075500000000411151054757360014324 0ustar00#!/usr/bin/sh if [ -e /etc/multipath.conf ]; then pkill multipathd > /dev/null 2>&1 if pidof multipathd > /dev/null 2>&1; then sleep 0.2 fi if pidof multipathd > /dev/null 2>&1; then pkill -9 multipathd > /dev/null 2>&1 fi fi modules.d/90multipath/multipathd.service000064400000001421151054757360014366 0ustar00[Unit] Description=Device-Mapper Multipath Device Controller Before=lvm2-activation-early.service Before=local-fs-pre.target blk-availability.service shutdown.target Wants=systemd-udevd-kernel.socket After=systemd-udevd-kernel.socket After=multipathd.socket systemd-remount-fs.service Before=initrd-cleanup.service DefaultDependencies=no Conflicts=shutdown.target Conflicts=initrd-cleanup.service ConditionKernelCommandLine=!nompath ConditionKernelCommandLine=!rd.multipath=0 ConditionKernelCommandLine=!multipath=off ConditionVirtualization=!container [Service] Type=notify NotifyAccess=main ExecStartPre=-/sbin/modprobe dm-multipath ExecStart=/sbin/multipathd -d -s ExecReload=/sbin/multipathd reconfigure TasksMax=infinity [Install] WantedBy=sysinit.target Also=multipathd.socket modules.d/90multipath/multipathd.sh000075500000000623151054757360013346 0ustar00#!/usr/bin/sh if [ "$(getarg rd.multipath)" = "default" ] && [ ! -e /etc/multipath.conf ]; then mkdir -p /etc/multipath/multipath.conf.d mpathconf --enable --user_friendly_names n fi if getargbool 1 rd.multipath && [ -e /etc/multipath.conf ]; then modprobe dm-multipath multipathd -B || multipathd need_shutdown else rm -- /etc/udev/rules.d/??-multipath.rules 2> /dev/null fi modules.d/90multipath/multipathd-dracut.conf000064400000000062151054757360015133 0ustar00[Unit] ConditionKernelCommandLine=!rd.multipath=0 modules.d/90nvdimm/module-setup.sh000075500000001352151054757360013101 0ustar00#!/usr/bin/bash # called by dracut check() { if [[ ! $hostonly ]]; then return 0 fi [[ $DRACUT_KERNEL_MODALIASES && -f $DRACUT_KERNEL_MODALIASES ]] \ && grep -q libnvdimm "$DRACUT_KERNEL_MODALIASES" && return 0 return 255 } # called by dracut depends() { return 0 } # called by dracut installkernel() { # Directories to search for NVDIMM "providers" (firmware drivers) # These modules call "nvdimm_bus_register()". #instmods() will take care of hostonly dracut_instmods -o -s nvdimm_bus_register \ '=drivers/nvdimm' \ '=drivers/acpi' \ '=arch/powerpc' } # called by dracut install() { inst_multiple -o ndctl /etc/ndctl/keys/tpm.handle "/etc/ndctl/keys/*.blob" } modules.d/90ppcmac/load-thermal.sh000064400000001662151054757360013001 0ustar00#!/bin/sh # # This hook attempts to load the appropriate thermal modules # for PowerPC Macs depending on the specific machine you have. [ -r /proc/cpuinfo ] || exit 0 load_windfarm() { local pm_model pm_model="$(sed -n '/model/p' /proc/cpuinfo)" pm_model="${pm_model##*: }" # load quietly and respect the blacklist # this way if the modules are for some reason missing, it will # still exit successfully and not affect the boot process case "$pm_model" in PowerMac3,6) modprobe -b -q therm_windtunnel ;; PowerMac7,2 | PowerMac7,3) modprobe -b -q windfarm_pm72 ;; PowerMac8,1 | PowerMac8,2) modprobe -b -q windfarm_pm81 ;; PowerMac9,1) modprobe -b -q windfarm_pm91 ;; PowerMac11,2) modprobe -b -q windfarm_pm112 ;; PowerMac12,1) modprobe -b -q windfarm_pm121 ;; RackMac3,1) modprobe -b -q windfarm_rm31 ;; *) ;; esac return 0 } load_windfarm modules.d/90ppcmac/module-setup.sh000064400000005461151054757360013054 0ustar00#!/bin/bash # # This module attempts to properly deal with thermal behavior on PowerPC # based Mac systems, by installing the model-appropriate (when hostonly) # or all (when not) fan control/thermal kernel modules and loading them # in a hook. # # While this is not strictly necessary for all kernels, particularly # modular kernels will not autoload those drivers, even once the full # system is up, which results in the fans spinning up to 100%; this is # particularly annoying on live systems, where the system takes a while # to load, so it's best to load the drivers early in initramfs stage. # # The behavior of this is inspired by the thermal hook in Debian's # initramfs-tools, but written for dracut specifically and updated # for modern kernels (2012+). # called by dracut check() { local _arch=${DRACUT_ARCH:-$(uname -m)} # only for PowerPC Macs [[ $_arch == ppc* && $_arch != ppc64le ]] || return 1 return 0 } # called by dracut depends() { return 0 } # called by dracut installkernel() { pmac_model() { local pm_model pm_model="$(grep model /proc/cpuinfo)" echo "${pm_model##*: }" } # only PowerMac3,6 has a module, special case if [[ ${DRACUT_ARCH:-$(uname -m)} != ppc64* ]]; then if ! [[ $hostonly ]] || [[ "$(pmac_model)" == "PowerMac3,6" ]]; then instmods therm_windtunnel fi return 0 fi windfarm_modules() { if ! [[ $hostonly ]]; then # include all drivers when not hostonly instmods \ windfarm_pm72 windfarm_pm81 windfarm_pm91 windfarm_pm112 \ windfarm_pm121 windfarm_rm31 else # guess model specific module, then install the rest case "$(pmac_model)" in PowerMac7,2 | PowerMac7,3) instmods windfarm_pm72 ;; PowerMac8,1 | PowerMac8,2) instmods windfarm_pm81 ;; PowerMac9,1) instmods windfarm_pm91 ;; PowerMac11,2) instmods windfarm_pm112 ;; PowerMac12,1) instmods windfarm_pm121 ;; RackMac3,1) instmods windfarm_rm31 ;; # no match, so skip installation of the rest *) return 1 ;; esac fi return 0 } # hostonly and didn't match a model; skip installing other modules windfarm_modules || return 0 # these are all required by the assorted windfarm_pm* instmods \ windfarm_core windfarm_cpufreq_clamp windfarm_pid \ windfarm_smu_controls windfarm_smu_sat windfarm_smu_sensors \ windfarm_fcu_controls windfarm_ad7417_sensor windfarm_max6690_sensor \ windfarm_lm75_sensor windfarm_lm87_sensor } # called by dracut install() { # this will attempt to load the appropriate modules inst_hook pre-udev 99 "$moddir/load-thermal.sh" } modules.d/90qemu/module-setup.sh000075500000000745151054757360012563 0ustar00#!/usr/bin/bash # called by dracut check() { if [[ $hostonly ]] || [[ $mount_needs ]]; then is_qemu_virtualized && return 0 return 255 fi return 0 } # called by dracut installkernel() { # qemu specific modules hostonly='' instmods \ ata_piix ata_generic pata_acpi cdrom sr_mod ahci \ virtio_blk virtio virtio_ring virtio_pci \ virtio_scsi virtio_console virtio_rng virtio_mem \ spapr-vscsi \ qemu_fw_cfg } modules.d/91crypt-gpg/README000064400000005043151054757360011423 0ustar00# Directions for changing a system from password-based gpg keyfile # to smartcard-based gpg keyfile # Be sure that you meet the following requirements: # 1. GnuPG >= 2.1 installed with # * Smartcard support enabled (scdaemon must be built) # * Direct CCID access built into scdaemon # 2. A password-based gpg keyfile ${KEYFILE} (e.g. "keyfile.gpg"): # That is, a file containing the slot key for LUKS, which # has been encrypted symmetrically with GnuPG using # a password. # 3. Your public OpenPGP identity ${RECIPIENT} (e.g. "3A696356") # 4. An OpenPGP smartcard holding the decryption key associated # with your public identity # 5. A CCID smartcard reader # Notes: Requirement 4. and 5. can of course be one device, e.g. # a USB token with an integrated OpenPGP smartcard # Make a backup of your keyfile (assuming it lies on the boot partition) $ cp /boot/${KEYFILE} /safe/place/keyfile.bak.gpg # Change your keyfile from purely password-based to both # password-based and key-based (you can then decrypt the keyfile # with either method). As an example aes256 is chosen, the cipher # is not important to this guide, but do note that your kernel # must support it at boot time (be it built into the kernel image # or loaded as a module from the initramfs). $ cat /safe/place/keyfile.bak.gpg | gpg -d | gpg --encrypt --recipient ${RECIPIENT} --cipher-algo aes256 --armor -c > /safe/place/keyfile_sc.gpg # Verify that you can decrypt your new keyfile both with the password # and your smartcard. # (with smartcard inserted, you should be prompted for your PIN, unless # you already did so and have not yet timed out) $ gpg -d /safe/place/keyfile_sc.gpg # (with smartcard disconnected, you should be prompted for your password) $ gpg -d /safe/place/keyfile_sc.gpg # After verification, replace your old keyfile with your new one $ su -c 'cp /safe/place/keyfile_sc.gpg /boot/${KEYFILE}' # Export your public key to where crypt-gpg can find it $ gpg --armor --export-options export-minimal --export ${RECIPIENT} > /safe/place/crypt-public-key.gpg $ su -c 'cp /safe/place/crypt-public-key.gpg /etc/dracut.conf.d/crypt-public-key.gpg' # Rebuild your initramfs as usual # When booting with any of the requirements not met, crypt-gpg will default to password-based keyfile unlocking. # If all requirements are met and smartcard support is not disabled by setting the kernel option "rd.luks.smartcard=0" # crypt-gpg will try find and use a connected OpenPGP smartcard by prompting you for the PIN and then # unlocking the gpg keyfile with the smartcard. modules.d/91crypt-gpg/crypt-gpg-lib.sh000075500000005301151054757360013557 0ustar00#!/usr/bin/sh command -v ask_for_password > /dev/null || . /lib/dracut-crypt-lib.sh # gpg_decrypt mnt_point keypath keydev device # # Decrypts symmetrically encrypted (password or OpenPGP smartcard) key to standard output. # # mnt_point - mount point where is already mounted # keypath - GPG encrypted key path relative to # keydev - device on which key resides; only to display in prompt # device - device to be opened by cryptsetup; only to display in prompt gpg_decrypt() { local mntp="$1" local keypath="$2" local keydev="$3" local device="$4" local gpghome=/tmp/gnupg local opts="--homedir $gpghome --no-mdc-warning --skip-verify --quiet" opts="$opts --logger-file /dev/null --batch --no-tty --passphrase-fd 0" mkdir -m 0700 -p "$gpghome" # Setup GnuPG home and gpg-agent for usage of OpenPGP smartcard. # This requires GnuPG >= 2.1, as it uses the new ,,pinentry-mode´´ # feature, which - when set to ,,loopback´´ - allows us to pipe # the smartcard's pin to GnuPG (instead of using a normal pinentry # program needed with GnuPG < 2.1), making for uncomplicated # integration with the existing codebase. local useSmartcard="0" local gpgMajorVersion local gpgMinorVersion gpgMajorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')" gpgMinorVersion="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')" if [ "${gpgMajorVersion}" -ge 2 ] && [ "${gpgMinorVersion}" -ge 1 ] \ && [ -f /root/crypt-public-key.gpg ] && getargbool 1 rd.luks.smartcard; then useSmartcard="1" echo "allow-loopback-pinentry" >> "$gpghome/gpg-agent.conf" GNUPGHOME="$gpghome" gpg-agent --quiet --daemon GNUPGHOME="$gpghome" gpg --quiet --no-tty --import < /root/crypt-public-key.gpg local smartcardSerialNumber smartcardSerialNumber="$(GNUPGHOME=$gpghome gpg --no-tty --card-status \ | sed -n -r -e 's|Serial number.*: ([0-9]*)|\1|p' | tr -d '\n')" if [ -n "${smartcardSerialNumber}" ]; then inputPrompt="PIN (OpenPGP card ${smartcardSerialNumber})" fi GNUPGHOME="$gpghome" gpg-connect-agent 1> /dev/null learn /bye opts="$opts --pinentry-mode=loopback" fi ask_for_password \ --cmd "GNUPGHOME=$gpghome gpg --card-status --no-tty > /dev/null 2>&1; gpg $opts --decrypt $mntp/$keypath" \ --prompt "${inputPrompt:-Password ($keypath on $keydev for $device)}" \ --tries 3 --tty-echo-off # Clean up the smartcard gpg-agent if [ "${useSmartcard}" = "1" ]; then GNUPGHOME="$gpghome" gpg-connect-agent 1> /dev/null killagent /bye fi rm -rf -- "$gpghome" } modules.d/91crypt-gpg/module-setup.sh000075500000003461151054757360013527 0ustar00#!/usr/bin/bash # GPG support is optional # called by dracut check() { require_binaries gpg tr || return 1 if sc_requested; then if ! sc_supported; then dwarning "crypt-gpg: GnuPG >= 2.1 with scdaemon and libusb required for ccid smartcard support" return 1 fi return 0 fi return 255 } # called by dracut depends() { echo crypt } # called by dracut install() { inst_multiple gpg tr inst "$moddir/crypt-gpg-lib.sh" "/lib/dracut-crypt-gpg-lib.sh" if sc_requested; then inst_multiple gpg-agent inst_multiple gpg-connect-agent inst_multiple -o /usr/libexec/scdaemon /usr/lib/gnupg/scdaemon cp "$dracutsysrootdir$(sc_public_key)" "${initdir}/root/" fi } sc_public_key() { echo -n "/etc/dracut.conf.d/crypt-public-key.gpg" } # CCID Smartcard support requires GnuPG >= 2.1 with scdaemon and libusb sc_supported() { local gpgMajor local gpgMinor local scdaemon gpgMajor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* ([0-9]*).*|\1|p')" gpgMinor="$(gpg --version | sed -n 1p | sed -n -r -e 's|.* [0-9]*\.([0-9]*).*|\1|p')" if [[ -x "$dracutsysrootdir"/usr/libexec/scdaemon ]]; then scdaemon=/usr/libexec/scdaemon elif [[ -x "$dracutsysrootdir"/usr/lib/gnupg/scdaemon ]]; then scdaemon=/usr/lib/gnupg/scdaemon else return 1 fi if [[ ${gpgMajor} -gt 2 || ${gpgMajor} -eq 2 && ${gpgMinor} -ge 1 ]] \ && require_binaries gpg-agent \ && require_binaries gpg-connect-agent \ && ($DRACUT_LDD "${dracutsysrootdir}${scdaemon}" | grep libusb > /dev/null); then return 0 else return 1 fi } sc_requested() { if [ -f "$dracutsysrootdir$(sc_public_key)" ]; then return 0 else return 1 fi } modules.d/91crypt-loop/crypt-loop-lib.sh000075500000002456151054757360014157 0ustar00#!/usr/bin/sh command -v ask_for_password > /dev/null || . /lib/dracut-crypt-lib.sh # loop_decrypt mnt_point keypath keydev device # # Decrypts symmetrically encrypted key to standard output. # # mnt_point - mount point where is already mounted # keypath - LUKS encrypted loop file path relative to # keydev - device on which key resides; only to display in prompt # device - device to be opened by cryptsetup; only to display in prompt loop_decrypt() { local mntp="$1" local keypath="$2" local keydev="$3" local device="$4" local key key="/dev/mapper/$(str_replace "loop-$keydev-$mntp-$keypath" '/' '-')" if [ ! -b "$key" ]; then local loopdev local opts loopdev=$(losetup -f "${mntp}/${keypath}" --show) opts="-d - luksOpen $loopdev ${key##*/}" ask_for_password \ --cmd "cryptsetup $opts" \ --prompt "Password ($keypath on $keydev for $device)" \ --tty-echo-off [ -b "$key" ] || die "Failed to unlock $keypath on $keydev for $device." printf "%s\n" "cryptsetup luksClose \"$key\"" > "${hookdir}/cleanup/crypt-loop-cleanup-10-${key##*/}.sh" printf "%s\n" "losetup -d \"$loopdev\"" > "${hookdir}/cleanup/crypt-loop-cleanup-20-${loopdev##*/}.sh" fi cat "$key" } modules.d/91crypt-loop/module-setup.sh000075500000000573151054757360013724 0ustar00#!/usr/bin/bash # called by dracut check() { require_binaries losetup || return 1 return 255 } # called by dracut depends() { echo crypt } # called by dracut installkernel() { hostonly='' instmods loop } # called by dracut install() { inst_multiple losetup inst "$moddir/crypt-loop-lib.sh" "/lib/dracut-crypt-loop-lib.sh" dracut_need_initqueue } modules.d/91fido2/module-setup.sh000075500000001706151054757360012616 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd-udevd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # Install required libraries. _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"libfido2.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-fido2.so" \ {"tls/$_arch/",tls/,"$_arch/",}"libcbor.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libhidapi-hidraw.so.*" } modules.d/91pcsc/module-setup.sh000075500000003753151054757360012547 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries pcscd || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd-udevd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { inst_simple "$moddir/pcscd.service" "${systemdsystemunitdir}"/pcscd.service inst_simple "$moddir/pcscd.socket" "${systemdsystemunitdir}"/pcscd.socket inst_multiple -o \ pcscd # Enable systemd type unit(s) for i in \ pcscd.service \ pcscd.socket; do $SYSTEMCTL -q --root "$initdir" enable "$i" done # Install library file(s) _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"libopensc.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libsmm-local.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"opensc-pkcs11.so" \ {"tls/$_arch/",tls/,"$_arch/",}"onepin-opensc-pkcs11.so" \ {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/opensc-pkcs11.so" \ {"tls/$_arch/",tls/,"$_arch/",}"pkcs11/onepin-opensc-pkcs11.so" \ {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist" \ {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so" \ {"tls/$_arch/",tls/,"$_arch/",}"pcsc/drivers/serial/libccidtwin.so" \ {"tls/$_arch/",tls/,"$_arch/",}"libpcsclite.so.*" # Install the hosts local user configurations if enabled. if [[ $hostonly ]]; then inst_multiple -H -o \ /etc/opensc.conf \ "/etc/reader.conf.d/*" fi } modules.d/91pcsc/pcscd.service000064400000000433151054757360012233 0ustar00[Unit] DefaultDependencies=no Description=PC/SC Smart Card Daemon (Dracut) Documentation=man:pcscd(8) Requires=pcscd.socket [Service] ExecStart=/usr/sbin/pcscd --foreground --auto-exit ExecReload=/usr/sbin/pcscd --hotplug [Install] Also=pcscd.socket WantedBy=cryptsetup-pre.target modules.d/91pcsc/pcscd.socket000064400000000356151054757360012067 0ustar00[Unit] DefaultDependencies=no Description=PC/SC Smart Card Daemon Activation Socket (Dracut) Documentation=man:pcscd(8) [Socket] ListenStream=/run/pcscd/pcscd.comm SocketMode=0666 [Install] WantedBy=cryptsetup-pre.target sockets.target modules.d/91pkcs11/module-setup.sh000075500000001704151054757360012713 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd-udevd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install the required file(s) and directories for the module in the initramfs. install() { # Install library file(s) _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"libtasn1.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libffi.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libp11-kit.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-pkcs11.so.*" } modules.d/91tpm2-tss/module-setup.sh000075500000003753151054757360013310 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later # Prerequisite check(s) for module. check() { # If the binary(s) requirements are not fulfilled the module can't be installed. require_binaries tpm2 || return 1 # Return 255 to only include the module, if another module requires it. return 255 } # Module dependency requirements. depends() { # This module has external dependency on other module(s). echo systemd-sysusers systemd-udevd # Return 0 to include the dependent module(s) in the initramfs. return 0 } # Install kernel module(s). installkernel() { instmods '=drivers/char/tpm' } # Install the required file(s) and directories for the module in the initramfs. install() { inst_multiple -o \ "$sysusers"/tpm2-tss.conf \ "$tmpfilesdir"/tpm2-tss-fapi.conf \ "$udevrulesdir"/60-tpm-udev.rules \ tpm2_pcrread tpm2_pcrextend tpm2_createprimary tpm2_createpolicy \ tpm2_create tpm2_load tpm2_unseal tpm2 # Install library file(s) _arch=${DRACUT_ARCH:-$(uname -m)} inst_libdir_file \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-esys.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-fapi.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-mu.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-rc.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-sys.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-cmd.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-device.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-mssim.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-swtpm.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tctildr.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"/cryptsetup/libcryptsetup-token-systemd-tpm2.so" \ {"tls/$_arch/",tls/,"$_arch/",}"libcurl.so.*" \ {"tls/$_arch/",tls/,"$_arch/",}"libjson-c.so.*" } modules.d/95debug/module-setup.sh000075500000001047151054757360012703 0ustar00#!/usr/bin/bash # called by dracut check() { # do not add this module by default return 255 } # called by dracut depends() { return 0 } # called by dracut install() { inst_multiple -o ls ps grep more cat rm strace free showmount df du lsblk \ ping netstat rpcinfo vi scp ping6 ssh find \ tcpdump cp dd less hostname mkdir systemd-analyze \ fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.f2fs fsck.vfat e2fsck grep '^tcpdump:' "$dracutsysrootdir"/etc/passwd 2> /dev/null >> "$initdir/etc/passwd" } modules.d/95fstab-sys/module-setup.sh000075500000000530151054757360013524 0ustar00#!/usr/bin/bash # called by dracut check() { [[ -f $dracutsysrootdir/etc/fstab.sys ]] || [[ -n $add_fstab || -n $fstab_lines ]] } # called by dracut depends() { echo fs-lib } # called by dracut install() { [[ -f $dracutsysrootdir/etc/fstab.sys ]] && inst_simple /etc/fstab.sys inst_hook pre-pivot 00 "$moddir/mount-sys.sh" } modules.d/95fstab-sys/mount-sys.sh000075500000002424151054757360013063 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh type det_fs > /dev/null 2>&1 || . /lib/fs-lib.sh fstab_mount() { local _dev _mp _fs _opts _pass test -e "$1" || return 1 info "Mounting from $1" while read -r _dev _mp _fs _opts _ _pass _ || [ -n "$_dev" ]; do [ -z "${_dev%%#*}" ] && continue # Skip comment lines ismounted "$_mp" && continue # Skip mounted filesystem if [ "$_pass" -gt 0 ] && ! strstr "$_opts" _netdev; then fsck_single "$_dev" "$_fs" "$_opts" fi _fs=$(det_fs "$_dev" "$_fs") info "Mounting $_dev" if [ -d "$NEWROOT/$_mp" ]; then mount -v -t "$_fs" -o "$_opts" "$_dev" "$NEWROOT/$_mp" 2>&1 | vinfo else [ -d "$_mp" ] || mkdir -p "$_mp" mount -v -t "$_fs" -o "$_opts" "$_dev" "$_mp" 2>&1 | vinfo fi done < "$1" return 0 } # systemd will mount and run fsck from /etc/fstab and we don't want to # run into a race condition. if [ -z "$DRACUT_SYSTEMD" ]; then [ -f /etc/fstab ] && fstab_mount /etc/fstab fi # prefer $NEWROOT/etc/fstab.sys over local /etc/fstab.sys if [ -f "$NEWROOT"/etc/fstab.sys ]; then fstab_mount "$NEWROOT"/etc/fstab.sys elif [ -f /etc/fstab.sys ]; then fstab_mount /etc/fstab.sys fi modules.d/95hwdb/module-setup.sh000075500000001117151054757360012537 0ustar00#!/usr/bin/bash # This file is part of dracut. # SPDX-License-Identifier: GPL-2.0-or-later check() { return 255 } # called by dracut install() { local hwdb_bin # systemd-hwdb ships the file in /etc, with /usr/lib as an alternative. # The alternative location is preferred, as we can consider it being user # configuration. hwdb_bin="${udevdir}"/hwdb.bin if [[ ! -r ${hwdb_bin} ]]; then hwdb_bin="${udevconfdir}"/hwdb.bin fi if [[ $hostonly ]]; then inst_multiple -H "${hwdb_bin}" else inst_multiple "${hwdb_bin}" fi } modules.d/95lunmask/fc_transport_scan_lun.sh000075500000001076151054757360015234 0ustar00#!/usr/bin/sh # # fc_transport_lun_scan # # Selectively enable individual LUNs behind an FC remote port # # ACTION=="add", SUBSYSTEM=="fc_transport", ATTR{port_name}=="wwpn", \ # PROGRAM="fc_transport_lun_scan lun" # [ -z "$DEVPATH" ] && exit 1 if [ -n "$1" ]; then LUN=$1 else LUN=- fi ID=${DEVPATH##*/rport-} HOST=${ID%%:*} CHANNEL=${ID%%-*} CHANNEL=${CHANNEL#*:} if [ -f /sys"$DEVPATH"/scsi_target_id ]; then TARGET=$(cat /sys"$DEVPATH"/scsi_target_id) fi [ -z "$TARGET" ] && exit 1 echo "$CHANNEL" "$TARGET" $LUN > /sys/class/scsi_host/host"$HOST"/scan modules.d/95lunmask/module-setup.sh000075500000004401151054757360013264 0ustar00#!/usr/bin/bash # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- # ex: ts=8 sw=4 sts=4 et filetype=sh # called by dracut cmdline() { get_lunmask() { local _dev=$1 local _devpath _sdev _lun _rport _end_device _classdev _wwpn _sas_address _devpath=$( cd -P /sys/dev/block/"$_dev" || exit echo "$PWD" ) [ "${_devpath#*/sd}" == "$_devpath" ] && return 1 _sdev="${_devpath%%/block/*}" _lun="${_sdev##*:}" # Check for FibreChannel _rport="${_devpath##*/rport-}" if [ "$_rport" != "$_devpath" ]; then _rport="${_rport%%/*}" _classdev="/sys/class/fc_remote_ports/rport-${_rport}" [ -d "$_classdev" ] || return 1 _wwpn=$(cat "${_classdev}"/port_name) echo "rd.lunmask=fc,${_wwpn},${_lun}" return 0 fi # Check for SAS _end_device="${_devpath##*/end_device-}" if [ "$_end_device" != "$_devpath" ]; then _end_device="${_end_device%%/*}" _classdev="/sys/class/sas_device/end_device-${_end_device}" [ -e "$_classdev" ] || return 1 _sas_address=$(cat "${_classdev}"/sas_address) echo "rd.lunmask=sas,${_sas_address},${_lun}" return 0 fi return 1 } [[ $hostonly ]] || [[ $mount_needs ]] && { for_each_host_dev_and_slaves_all get_lunmask } | sort | uniq } # called by dracut check() { [[ $hostonly ]] || [[ $mount_needs ]] && { [ -w /sys/module/scsi_mod/parameters/scan ] || return 255 scan_type=$(cat /sys/module/scsi_mod/parameters/scan) [ "$scan_type" = "manual" ] && return 0 return 255 } return 0 } # called by dracut depends() { return 0 } # called by dracut install() { inst_script "$moddir/fc_transport_scan_lun.sh" /usr/lib/udev/fc_transport_scan_lun.sh inst_script "$moddir/sas_transport_scan_lun.sh" /usr/lib/udev/sas_transport_scan_lun.sh inst_hook cmdline 30 "$moddir/parse-lunmask.sh" if [[ $hostonly_cmdline == "yes" ]]; then local _lunmask for _lunmask in $(cmdline); do printf "%s\n" "$_lunmask" >> "${initdir}/etc/cmdline.d/95lunmask.conf" done fi } modules.d/95lunmask/parse-lunmask.sh000075500000002337151054757360013431 0ustar00#!/usr/bin/sh # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- # ex: ts=8 sw=4 sts=4 et filetype=sh create_udev_rule() { local transport=$1 local tgtid=$2 local lun=$3 local _rule=/etc/udev/rules.d/51-${transport}-lunmask-${tgtid}.rules [ -e "${_rule}" ] && return 0 if [ ! -f "$_rule" ]; then if [ "$transport" = "fc" ]; then cat > "$_rule" << EOF ACTION=="add", SUBSYSTEM=="fc_remote_ports", ATTR{port_name}=="$tgtid", PROGRAM="fc_transport_scan_lun.sh $lun" EOF elif [ "$transport" = "sas" ]; then cat > "$_rule" << EOF ACTION=="add", SUBSYSTEM=="sas_device", ATTR{sas_address}=="$tgtid", PROGRAM="sas_transport_scan_lun.sh $lun" EOF fi fi } for lunmask_arg in $(getargs rd.lunmask); do ( local OLDIFS="$IFS" local IFS="," # shellcheck disable=SC2086 set $lunmask_arg IFS="$OLDIFS" if [ -d /sys/module/scsi_mod ]; then printf "manual" > /sys/module/scsi_mod/parameters/scan elif [ ! -f /etc/modprobe.d/95lunmask.conf ]; then echo "options scsi_mod scan=manual" > /etc/modprobe.d/95lunmask.conf fi create_udev_rule "$1" "$2" "$3" ) done modules.d/95lunmask/sas_transport_scan_lun.sh000075500000001102151054757360015420 0ustar00#!/usr/bin/sh # # sas_transport_lun_scan # # Selectively enable individual LUNs behind a SAS end device # # ACTION=="add", SUBSYSTEM=="sas_transport", ATTR{sas_address}=="sas_addr", \ # PROGRAM="sas_transport_lun_scan lun" # [ -z "$DEVPATH" ] && exit 1 if [ -n "$1" ]; then LUN=$1 else LUN=- fi ID=${DEVPATH##*/end_device-} HOST=${ID%%:*} CHANNEL=${ID%%-*} CHANNEL=${CHANNEL#*:} if [ -f /sys"$DEVPATH"/scsi_target_id ]; then TARGET=$(cat /sys"$DEVPATH"/scsi_target_id) fi [ -z "$TARGET" ] && exit 1 echo 0 "$TARGET" $LUN > /sys/class/scsi_host/host"$HOST"/scan modules.d/95resume/module-setup.sh000075500000004101151054757360013107 0ustar00#!/usr/bin/bash # called by dracut check() { swap_on_netdevice() { local _dev for _dev in "${swap_devs[@]}"; do block_is_netdevice "$(get_maj_min "$_dev")" && return 0 done return 1 } # Only support resume if no swap is mounted on a net device [[ $hostonly ]] || [[ $mount_needs ]] && { swap_on_netdevice && return 255 } return 0 } # called by dracut cmdline() { local _resume for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} =~ ^(swap|swsuspend|swsupend)$ ]] || continue _resume=$(shorten_persistent_dev "$(get_persistent_dev "$dev")") [[ -n ${_resume} ]] && printf " resume=%s" "${_resume}" done } # called by dracut install() { local _bin local _resumeconf if [[ $hostonly_cmdline == "yes" ]]; then _resumeconf=$(cmdline) [[ $_resumeconf ]] && printf "%s\n" "$_resumeconf" >> "${initdir}/etc/cmdline.d/95resume.conf" fi # if systemd is included and has the hibernate-resume tool, use it and nothing else if dracut_module_included "systemd" && [[ -x $dracutsysrootdir$systemdutildir/systemd-hibernate-resume ]]; then inst_multiple -o \ "$systemdutildir"/system-generators/systemd-hibernate-resume-generator \ "$systemdsystemunitdir"/systemd-hibernate-resume@.service \ "$systemdutildir"/systemd-hibernate-resume return 0 fi # Optional uswsusp support for _bin in /usr/sbin/resume /usr/lib/suspend/resume /usr/lib64/suspend/resume /usr/lib/uswsusp/resume /usr/lib64/uswsusp/resume; do [[ -x $dracutsysrootdir${_bin} ]] && { inst "${_bin}" /usr/sbin/resume [[ $hostonly ]] && [[ -f $dracutsysrootdir/etc/suspend.conf ]] && inst -H /etc/suspend.conf break } done if ! dracut_module_included "systemd"; then inst_hook cmdline 10 "$moddir/parse-resume.sh" else inst_script "$moddir/parse-resume.sh" /lib/dracut/parse-resume.sh fi inst_script "$moddir/resume.sh" /lib/dracut/resume.sh } modules.d/95resume/parse-resume.sh000075500000006531151054757360013105 0ustar00#!/usr/bin/sh if resume=$(getarg resume=) && ! getarg noresume; then export resume echo "$resume" > /.resume else unset resume fi resume="$(label_uuid_to_dev "$resume")" if splash=$(getarg splash=); then export splash else unset splash fi case "$splash" in quiet) a_splash="-P splash=y" ;; *) a_splash="-P splash=n" ;; esac if ! getarg noresume; then if [ -n "$resume" ]; then wait_for_dev /dev/resume { printf "KERNEL==\"%s\", ACTION==\"add|change\", SYMLINK+=\"resume\"\n" \ "${resume#/dev/}" printf "SYMLINK==\"%s\", ACTION==\"add|change\", SYMLINK+=\"resume\"\n" \ "${resume#/dev/}" } >> /etc/udev/rules.d/99-resume-link.rules { if [ -x /usr/sbin/resume ]; then printf -- 'KERNEL=="%s", ' "${resume#/dev/}" printf -- '%s' 'ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' printf -- " RUN+=\"/sbin/initqueue --finished --unique --name 00resume /usr/sbin/resume %s \'%s\'\"\n" \ "$a_splash" "$resume" printf -- 'SYMLINK=="%s", ' "${resume#/dev/}" printf -- '%s' 'ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' printf -- " RUN+=\"/sbin/initqueue --finished --unique --name 00resume /usr/sbin/resume %s \'%s\'\"\n" \ "$a_splash" "$resume" fi printf -- 'KERNEL=="%s", ' "${resume#/dev/}" printf -- '%s' 'ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' printf -- '%s\n' ' RUN+="/sbin/initqueue --finished --unique --name 00resume echo %M:%m > /sys/power/resume"' printf -- 'SYMLINK=="%s", ' "${resume#/dev/}" printf -- '%s' 'ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' printf -- '%s\n' ' RUN+="/sbin/initqueue --finished --unique --name 00resume echo %M:%m > /sys/power/resume"' } >> /etc/udev/rules.d/99-resume.rules # shellcheck disable=SC2016 printf '[ -e "%s" ] && { ln -fs "%s" /dev/resume 2> /dev/null; rm -f -- "$job" "%s/initqueue/timeout/resume.sh"; }\n' \ "$resume" "$resume" "$hookdir" >> "$hookdir"/initqueue/settled/resume.sh { printf -- "%s" 'warn "Cancelling resume operation. Device not found.";' # shellcheck disable=SC2016 printf -- ' cancel_wait_for_dev /dev/resume; rm -f -- "$job" "%s/initqueue/settled/resume.sh";\n' "$hookdir" } >> "$hookdir"/initqueue/timeout/resume.sh mv /lib/dracut/resume.sh /lib/dracut/hooks/pre-mount/10-resume.sh else { if [ -x /usr/sbin/resume ]; then printf -- '%s' 'SUBSYSTEM=="block", ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' # shellcheck disable=SC2016 printf -- ' RUN+="/sbin/initqueue --finished --unique --name 00resume /usr/sbin/resume %s $tempnode"\n' "$a_splash" fi printf -- '%s' 'SUBSYSTEM=="block", ACTION=="add|change", ENV{ID_FS_TYPE}=="suspend|swsuspend|swsupend",' printf -- '%s\n' ' RUN+="/sbin/initqueue --finished --unique --name 00resume echo %M:%m > /sys/power/resume"' } >> /etc/udev/rules.d/99-resume.rules fi fi modules.d/95resume/resume.sh000075500000000666151054757360012000 0ustar00#!/usr/bin/sh PATH=/usr/sbin:/usr/bin:/sbin:/bin [ -s /.resume -a -b "$resume" ] && { # First try user level resume; it offers splash etc case "$splash" in quiet) a_splash="-P splash=y" ;; *) a_splash="-P splash=n" ;; esac [ -x "$(command -v resume)" ] && command resume "$a_splash" "$resume" (readlink -fn "$resume" > /sys/power/resume) > /.resume } modules.d/95rootfs-block/block-genrules.sh000075500000001073151054757360014511 0ustar00#!/usr/bin/sh # shellcheck disable=SC2154 if [ "${root%%:*}" = "block" ]; then { printf 'KERNEL=="%s", SYMLINK+="root"\n' \ "${root#block:/dev/}" printf 'SYMLINK=="%s", SYMLINK+="root"\n' \ "${root#block:/dev/}" } >> /etc/udev/rules.d/99-root.rules # shellcheck disable=SC2016 # shellcheck disable=SC2154 printf '[ -e "%s" ] && { ln -s "%s" /dev/root 2>/dev/null; rm "$job"; }\n' \ "${root#block:}" "${root#block:}" > "$hookdir"/initqueue/settled/blocksymlink.sh wait_for_dev "${root#block:}" fi modules.d/95rootfs-block/module-setup.sh000075500000005105151054757360014220 0ustar00#!/usr/bin/bash # called by dracut check() { return 0 } # called by dracut depends() { echo base fs-lib } cmdline_journal() { if [[ $hostonly ]]; then for dev in "${!host_fs_types[@]}"; do [[ ${host_fs_types[$dev]} == "reiserfs" ]] || [[ ${host_fs_types[$dev]} == "xfs" ]] || continue rootopts=$(find_dev_fsopts "$dev") if [[ ${host_fs_types[$dev]} == "reiserfs" ]]; then journaldev=$(fs_get_option "$rootopts" "jdev") elif [[ ${host_fs_types[$dev]} == "xfs" ]]; then journaldev=$(fs_get_option "$rootopts" "logdev") fi if [ -n "$journaldev" ]; then printf " root.journaldev=%s" "$journaldev" fi done fi return 0 } cmdline_rootfs() { local _block _block=$(find_root_block_device) local _dev=/dev/block/$_block local _fstype _flags _subvol # "--no-hostonly-default-device" can result in empty root_devs if [ "${#root_devs[@]}" -eq 0 ]; then return fi if [ -n "$_block" -a -b "$_dev" ]; then printf " root=%s" "$(shorten_persistent_dev "$(get_persistent_dev "$_dev")")" fi _fstype="$(find_mp_fstype /)" if [[ ${_fstype} == "zfs" ]]; then local _root_ds _root_ds="$(findmnt -n -o SOURCE /)" printf " root=zfs:%s" "${_root_ds// /+}" fi _flags="$(find_mp_fsopts /)" if [ -n "$_fstype" ]; then printf " rootfstype=%s" "$_fstype" fi if [[ $use_fstab != yes ]] && [[ $_fstype == btrfs ]]; then _subvol=$(findmnt -e -v -n -o FSROOT --target /) \ && _subvol=${_subvol#/} _flags="$_flags${_subvol:+,subvol=$_subvol}" fi if [ -n "$_flags" ]; then printf " rootflags=%s" "$_flags" fi } # called by dracut cmdline() { cmdline_rootfs cmdline_journal } # called by dracut install() { if [[ $hostonly_cmdline == "yes" ]]; then local _journaldev _journaldev=$(cmdline_journal) [[ $_journaldev ]] && printf "%s\n" "$_journaldev" >> "${initdir}/etc/cmdline.d/95root-journaldev.conf" local _rootdev _rootdev=$(cmdline_rootfs) [[ $_rootdev ]] && printf "%s\n" "$_rootdev" >> "${initdir}/etc/cmdline.d/95root-dev.conf" fi inst_multiple umount inst_multiple tr if ! dracut_module_included "systemd"; then inst_hook cmdline 95 "$moddir/parse-block.sh" inst_hook pre-udev 30 "$moddir/block-genrules.sh" inst_hook mount 99 "$moddir/mount-root.sh" fi inst_hook initqueue/timeout 99 "$moddir/rootfallback.sh" } modules.d/95rootfs-block/mount-root.sh000075500000010542151054757360013721 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh type det_fs > /dev/null 2>&1 || . /lib/fs-lib.sh mount_root() { local _rflags_ro # sanity - determine/fix fstype rootfs=$(det_fs "${root#block:}" "$fstype") journaldev=$(getarg "root.journaldev=") if [ -n "$journaldev" ]; then case "$rootfs" in xfs) rflags="${rflags:+${rflags},}logdev=$journaldev" ;; reiserfs) fsckoptions="-j $journaldev $fsckoptions" rflags="${rflags:+${rflags},}jdev=$journaldev" ;; *) ;; esac fi _rflags_ro="$rflags,ro" _rflags_ro="${_rflags_ro##,}" while ! mount -t "${rootfs}" -o "$_rflags_ro" "${root#block:}" "$NEWROOT"; do warn "Failed to mount -t ${rootfs} -o $_rflags_ro ${root#block:} $NEWROOT" fsck_ask_err done READONLY= fsckoptions= if [ -f "$NEWROOT"/etc/sysconfig/readonly-root ]; then # shellcheck disable=SC1090 . "$NEWROOT"/etc/sysconfig/readonly-root fi if getargbool 0 "readonlyroot=" -y readonlyroot; then READONLY=yes fi if getarg noreadonlyroot; then READONLY=no fi if [ -f "$NEWROOT"/fastboot ] || getargbool 0 fastboot; then fastboot=yes fi if ! getargbool 0 rd.skipfsck; then if [ -f "$NEWROOT"/fsckoptions ]; then fsckoptions=$(cat "$NEWROOT"/fsckoptions) fi if [ -f "$NEWROOT"/forcefsck ] || getargbool 0 forcefsck; then fsckoptions="-f $fsckoptions" elif [ -f "$NEWROOT"/.autofsck ]; then # shellcheck disable=SC1090 [ -f "$NEWROOT"/etc/sysconfig/autofsck ] \ && . "$NEWROOT"/etc/sysconfig/autofsck if [ "$AUTOFSCK_DEF_CHECK" = "yes" ]; then AUTOFSCK_OPT="$AUTOFSCK_OPT -f" fi if [ -n "$AUTOFSCK_SINGLEUSER" ]; then warn "*** Warning -- the system did not shut down cleanly. " warn "*** Dropping you to a shell; the system will continue" warn "*** when you leave the shell." emergency_shell fi fsckoptions="$AUTOFSCK_OPT $fsckoptions" fi fi rootopts= if getargbool 1 rd.fstab -d -n rd_NO_FSTAB \ && ! getarg rootflags > /dev/null \ && [ -f "$NEWROOT/etc/fstab" ] \ && ! [ -L "$NEWROOT/etc/fstab" ]; then # if $NEWROOT/etc/fstab contains special mount options for # the root filesystem, # remount it with the proper options rootopts="defaults" while read -r dev mp fs opts _ fsck || [ -n "$dev" ]; do # skip comments [ "${dev%%#*}" != "$dev" ] && continue if [ "$mp" = "/" ]; then # sanity - determine/fix fstype rootfs=$(det_fs "${root#block:}" "$fs") rootopts=$opts rootfsck=$fsck break fi done < "$NEWROOT/etc/fstab" fi # we want rootflags (rflags) to take precedence so prepend rootopts to # them rflags="${rootopts},${rflags}" rflags="${rflags#,}" rflags="${rflags%,}" # backslashes are treated as escape character in fstab # esc_root=$(echo ${root#block:} | sed 's,\\,\\\\,g') # printf '%s %s %s %s 1 1 \n' "$esc_root" "$NEWROOT" "$rootfs" "$rflags" >/etc/fstab if fsck_able "$rootfs" \ && [ "$rootfsck" != "0" -a -z "$fastboot" -a "$READONLY" != "yes" ] \ && ! strstr "${rflags}" _netdev \ && ! getargbool 0 rd.skipfsck; then umount "$NEWROOT" fsck_single "${root#block:}" "$rootfs" "$rflags" "$fsckoptions" fi echo "${root#block:} $NEWROOT $rootfs ${rflags:-defaults} 0 ${rootfsck:-0}" >> /etc/fstab if ! ismounted "$NEWROOT"; then info "Mounting ${root#block:} with -o ${rflags}" mount "$NEWROOT" 2>&1 | vinfo elif ! are_lists_eq , "$rflags" "$_rflags_ro" defaults; then info "Remounting ${root#block:} with -o ${rflags}" mount -o remount "$NEWROOT" 2>&1 | vinfo fi if ! getargbool 0 rd.skipfsck; then [ -f "$NEWROOT"/forcefsck ] && rm -f -- "$NEWROOT"/forcefsck 2> /dev/null [ -f "$NEWROOT"/.autofsck ] && rm -f -- "$NEWROOT"/.autofsck 2> /dev/null fi } if [ -n "$root" -a -z "${root%%block:*}" ]; then mount_root fi modules.d/95rootfs-block/parse-block.sh000075500000000532151054757360013776 0ustar00#!/usr/bin/sh case "${root#block:}" in LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) root="block:$(label_uuid_to_dev "$root")" rootok=1 ;; /dev/*) root="block:${root#block:}" # shellcheck disable=SC2034 rootok=1 ;; esac [ "${root%%:*}" = "block" ] && wait_for_dev "${root#block:}" modules.d/95rootfs-block/rootfallback.sh000075500000000717151054757360014244 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh for root in $(getargs rootfallback=); do root=$(label_uuid_to_dev "$root") if ! [ -b "$root" ]; then warn "Could not find rootfallback $root" continue fi if mount "$root" /sysroot; then info "Mounted rootfallback $root" exit 0 else warn "Failed to mount rootfallback $root" exit 1 fi done [ -e "$job" ] && rm -f "$job" modules.d/95terminfo/module-setup.sh000075500000001113151054757360013432 0ustar00#!/usr/bin/bash # called by dracut install() { local _terminfodir # terminfo bits make things work better if you fall into interactive mode for _terminfodir in /lib/terminfo /etc/terminfo /usr/share/terminfo; do [[ -f $dracutsysrootdir${_terminfodir}/l/linux ]] && break done if [[ -d $dracutsysrootdir${_terminfodir} ]]; then for i in "l/linux" "v/vt100" "v/vt102" "v/vt220"; do inst_dir "$_terminfodir/${i%/*}" $DRACUT_CP -L -t "${initdir}/${_terminfodir}/${i%/*}" "$dracutsysrootdir$_terminfodir/$i" done fi } modules.d/95udev-rules/59-persistent-storage.rules000064400000000423151054757360016074 0ustar00SUBSYSTEM!="block", GOTO="ps_end" ACTION!="add|change", GOTO="ps_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="ps_end" KERNEL=="cciss[0-9]*", IMPORT BLKID KERNEL=="nbd[0-9]*", IMPORT BLKID LABEL="ps_end" modules.d/95udev-rules/61-persistent-storage.rules000064400000001773151054757360016076 0ustar00SUBSYSTEM!="block", GOTO="pss_end" ACTION!="add|change", GOTO="pss_end" # Also don't process disks that are slated to be a multipath device ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="pss_end" ACTION=="change", KERNEL=="dm-[0-9]*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}!="1", GOTO="do_pss" KERNEL=="cciss[0-9]*", GOTO="do_pss" KERNEL=="nbd[0-9]*", GOTO="do_pss" KERNEL=="md[0-9]*|md_d[0-9]*|md/*", GOTO="do_pss" GOTO="pss_end" LABEL="do_pss" # by-path (parent device path) ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="", DEVPATH!="*/virtual/*", IMPORT PATH_ID ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" # by-label/by-uuid links (filesystem metadata) ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}" ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}" LABEL="pss_end" modules.d/95udev-rules/load-modules.sh000075500000000122151054757360013643 0ustar00#!/usr/bin/sh # Implement blacklisting for udev-loaded modules modprobe -b "$@" modules.d/95udev-rules/module-setup.sh000075500000006433151054757360013714 0ustar00#!/usr/bin/bash # called by dracut install() { local _i # Fixme: would be nice if we didn't have to guess, which rules to grab.... # ultimately, /lib/initramfs/rules.d or somesuch which includes links/copies # of the rules we want so that we just copy those in would be best inst_multiple udevadm cat uname blkid inst_dir /etc/udev inst_multiple -o /etc/udev/udev.conf [[ -d ${initdir}/$systemdutildir ]] || mkdir -p "${initdir}/$systemdutildir" for _i in "${systemdutildir}"/systemd-udevd "${udevdir}"/udevd /sbin/udevd; do [[ -x $dracutsysrootdir$_i ]] || continue inst "$_i" if ! [[ -f ${initdir}${systemdutildir}/systemd-udevd ]]; then ln -fs "$_i" "${initdir}${systemdutildir}"/systemd-udevd fi break done if ! [[ -e ${initdir}${systemdutildir}/systemd-udevd ]]; then derror "Cannot find [systemd-]udevd binary!" exit 1 fi inst_rules \ 40-redhat.rules \ 50-firmware.rules \ 50-udev.rules \ 50-udev-default.rules \ 55-scsi-sg3_id.rules \ 58-scsi-sg3_symlink.rules \ 59-scsi-sg3_utils.rules \ 60-block.rules \ 60-cdrom_id.rules \ 60-pcmcia.rules \ 60-persistent-storage.rules \ 61-persistent-storage-edd.rules \ 64-btrfs.rules \ 70-uaccess.rules \ 71-seat.rules \ 73-seat-late.rules \ 75-net-description.rules \ 80-drivers.rules 95-udev-late.rules \ 80-net-name-slot.rules 80-net-setup-link.rules \ 95-late.rules \ "$moddir/59-persistent-storage.rules" \ "$moddir/61-persistent-storage.rules" prepare_udev_rules 59-persistent-storage.rules 61-persistent-storage.rules # debian udev rules inst_rules 91-permissions.rules # eudev rules inst_rules 80-drivers-modprobe.rules # legacy persistent network device name rules [[ $hostonly ]] && inst_rules 70-persistent-net.rules { for i in cdrom tape dialout floppy; do if ! grep -q "^$i:" "$initdir"/etc/group 2> /dev/null; then if ! grep "^$i:" "$dracutsysrootdir"/etc/group 2> /dev/null; then case $i in cdrom) echo "$i:x:11:" ;; dialout) echo "$i:x:18:" ;; floppy) echo "$i:x:19:" ;; tape) echo "$i:x:33:" ;; esac fi fi done } >> "$initdir/etc/group" inst_multiple -o \ "${udevdir}"/ata_id \ "${udevdir}"/cdrom_id \ "${udevdir}"/create_floppy_devices \ "${udevdir}"/edd_id \ "${udevdir}"/firmware.sh \ "${udevdir}"/firmware \ "${udevdir}"/firmware.agent \ "${udevdir}"/hotplug.functions \ "${udevdir}"/fw_unit_symlinks.sh \ "${udevdir}"/hid2hci \ "${udevdir}"/path_id \ "${udevdir}"/input_id \ "${udevdir}"/scsi_id \ "${udevdir}"/usb_id \ "${udevdir}"/pcmcia-socket-startup \ "${udevdir}"/pcmcia-check-broken-cis inst_multiple -o /etc/pcmcia/config.opts [[ -f $dracutsysrootdir/etc/arch-release ]] \ && inst_script "$moddir/load-modules.sh" /lib/udev/load-modules.sh inst_libdir_file "libnss_files*" } modules.d/95virtfs/module-setup.sh000075500000001025151054757360013126 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $hostonly ]] || [[ $mount_needs ]] && { for fs in "${host_fs_types[@]}"; do [[ $fs == "9p" ]] && return 0 done return 255 } is_qemu_virtualized && return 0 return 255 } # called by dracut depends() { return 0 } # called by dracut installkernel() { instmods 9p 9pnet_virtio virtio_pci } # called by dracut install() { inst_hook cmdline 95 "$moddir/parse-virtfs.sh" inst_hook mount 99 "$moddir/mount-virtfs.sh" } modules.d/95virtfs/mount-virtfs.sh000075500000003567151054757360013175 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh filter_rootopts() { rootopts=$1 # strip ro and rw options local OLDIFS="$IFS" IFS=, # shellcheck disable=SC2086 set -- $rootopts IFS="$OLDIFS" local v while [ $# -gt 0 ]; do case $1 in rw | ro) ;; defaults) ;; *) v="$v,${1}" ;; esac shift done rootopts=${v#,} echo "$rootopts" } mount_root() { rootfs="9p" rflags="trans=virtio,version=9p2000.L" modprobe 9pnet_virtio mount -t ${rootfs} -o "$rflags",ro "${root#virtfs:}" "$NEWROOT" rootopts= if getargbool 1 rd.fstab -n rd_NO_FSTAB \ && ! getarg rootflags \ && [ -f "$NEWROOT/etc/fstab" ] \ && ! [ -L "$NEWROOT/etc/fstab" ]; then # if $NEWROOT/etc/fstab contains special mount options for # the root filesystem, # remount it with the proper options rootopts="defaults" while read -r dev mp _ opts rest || [ -n "$dev" ]; do # skip comments [ "${dev%%#*}" != "$dev" ] && continue if [ "$mp" = "/" ]; then rootopts=$opts break fi done < "$NEWROOT/etc/fstab" rootopts=$(filter_rootopts "$rootopts") fi # we want rootflags (rflags) to take precedence so prepend rootopts to # them; rflags is guaranteed to not be empty rflags="${rootopts:+${rootopts},}${rflags}" umount "$NEWROOT" info "Remounting ${root#virtfs:} with -o ${rflags}" mount -t ${rootfs} -o "$rflags" "${root#virtfs:}" "$NEWROOT" 2>&1 | vinfo [ -f "$NEWROOT"/forcefsck ] && rm -f -- "$NEWROOT"/forcefsck 2> /dev/null [ -f "$NEWROOT"/.autofsck ] && rm -f -- "$NEWROOT"/.autofsck 2> /dev/null } if [ -n "$root" -a -z "${root%%virtfs:*}" ]; then mount_root fi : modules.d/95virtfs/parse-virtfs.sh000075500000000200151054757360013122 0ustar00#!/usr/bin/sh if [ "${root%%:*}" = "virtfs" ]; then modprobe 9pnet_virtio # shellcheck disable=SC2034 rootok=1 fi modules.d/95virtiofs/module-setup.sh000075500000001023151054757360013454 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $hostonly ]] || [[ $mount_needs ]] && { is_qemu_virtualized && return 0 for fs in "${host_fs_types[@]}"; do [[ $fs == "virtiofs" ]] && return 0 done return 255 } return 0 } # called by dracut depends() { return 0 } # called by dracut installkernel() { instmods virtiofs } # called by dracut install() { inst_hook cmdline 95 "$moddir/parse-virtiofs.sh" inst_hook pre-mount 99 "$moddir/mount-virtiofs.sh" } modules.d/95virtiofs/mount-virtiofs.sh000075500000001175151054757360014046 0ustar00#!/usr/bin/sh if [ "${fstype}" = "virtiofs" -o "${root%%:*}" = "virtiofs" ]; then if ! { modprobe virtiofs || strstr "$(cat /proc/filesystems)" virtiofs; }; then die "virtiofs is required but not available." fi mount -t virtiofs -o "$rflags" "${root#virtiofs:}" "$NEWROOT" 2>&1 | vinfo if ! ismounted "$NEWROOT"; then die "virtiofs: failed to mount root fs" exit 1 fi info "virtiofs: root fs mounted (options: '${rflags}')" [ -f "$NEWROOT"/forcefsck ] && rm -f -- "$NEWROOT"/forcefsck 2> /dev/null [ -f "$NEWROOT"/.autofsck ] && rm -f -- "$NEWROOT"/.autofsck 2> /dev/null fi : modules.d/95virtiofs/parse-virtiofs.sh000075500000000320151054757360014005 0ustar00#!/usr/bin/sh # Accepted formats: # rootfstype=virtiofs root= # root=virtiofs: if [ "${fstype}" = "virtiofs" -o "${root%%:*}" = "virtiofs" ]; then # shellcheck disable=SC2034 rootok=1 fi modules.d/96securityfs/module-setup.sh000075500000000301151054757360014006 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { return 0 } # called by dracut install() { inst_hook cmdline 60 "$moddir/securityfs.sh" } modules.d/96securityfs/securityfs.sh000075500000000340151054757360013566 0ustar00#!/usr/bin/sh SECURITYFSDIR="/sys/kernel/security" export SECURITYFSDIR if ! findmnt "${SECURITYFSDIR}" > /dev/null 2>&1; then mount -t securityfs -o nosuid,noexec,nodev securityfs ${SECURITYFSDIR} > /dev/null 2>&1 fi modules.d/97biosdevname/module-setup.sh000075500000000442151054757360014111 0ustar00#!/usr/bin/bash # called by dracut check() { [[ "$mount_needs" ]] && return 1 require_binaries biosdevname || return 1 return 0 } # called by dracut depends() { return 0 } # called by dracut install() { inst_multiple biosdevname inst_rules 71-biosdevname.rules } modules.d/97biosdevname/parse-biosdevname.sh000075500000000470151054757360015073 0ustar00#!/usr/bin/sh if ! getargbool 1 biosdevname; then info "biosdevname=0: removing biosdevname network renaming" udevproperty UDEV_BIOSDEVNAME= rm -f -- /etc/udev/rules.d/71-biosdevname.rules else info "biosdevname=1: activating biosdevname network renaming" udevproperty UDEV_BIOSDEVNAME=1 fi modules.d/97masterkey/README000064400000006651151054757360011527 0ustar00# Directions for creating the kernel master key that will be used for # encrypting/decrypting other keys. # A trusted key is a TPM random number, which is only ever exposed to # userspace as an encrypted datablob. A trusted key can be sealed to a # set of PCR values. For more details on trusted keys, refer to the # kernel keys-trusted-encrypted.txt documentation. $ keyctl add trusted kmk-trusted "new 32" @u 801713097 # For those systems which don't have a TPM, but want to experiment with # encrypted keys, create a user key of 32 random bytes. Unlike # trusted/encrypted keys, user type key data is visible to userspace. $ keyctl add user kmk-user "`dd if=/dev/urandom bs=1 count=32 2>/dev/null`" @u 144468621 # Save the kernel master key (trusted type): $ su -c 'keyctl pipe `keyctl search @u trusted kmk-trusted` > /etc/keys/kmk-trusted.blob' # or (user type): $ su -c 'keyctl pipe `keyctl search @u user kmk-user` > /etc/keys/kmk-user.blob' # A useful feature of trusted keys is that it is possible to prevent their # unsealing at later time by providing the parameter 'pcrlock=' when # loading it, which causes the PCR # to be extended with a random value. # Actually, the variable is set to '11' to let users experiment with # this feature by using a register that is never extended during the boot, # making the re-sealing not necessary. In the future, the kernel master key will # be sealed to the PCR #14 which is extended, according to the TrustedGRUB # documentation[1], to the measure of the kernel and the initial ramdisk. # The kernel master key path name and type can be set in one of the following # ways (specified in the order in which variables are overwritten): 1) use default values: -------------------------------------------------------------------------- MULTIKERNELMODE="NO" MASTERKEYTYPE="trusted" MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}.blob" -------------------------------------------------------------------------- 2) create the configuration file '/etc/sysconfig/masterkey' to override the value of one or all variables; 3) specify these parameters in the kernel command line: - masterkey=, to override the MASTERKEY variable; - masterkeytype=, to override the MASTERKEYTYPE variable. # The variable MULTIKERNELMODE has been introduced to support multi boot # configurations, where a trusted/user key is tied to a specific kernel and # initial ramdisk. In this case, setting MULTIKERNELMODE to 'YES' will cause the # kernel version to be added to the default masterkey path name, so that the # MASTERKEY variable should not be overridden each time a different kernel is # chosen. The default value of MASTERKEY will be equal to: -------------------------------------------------------------------------- MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}-$(uname -r).blob" -------------------------------------------------------------------------- # The masterkey path name also depends on the value of MASTERKEYTYPE, as reported # in the default values for defined variables. For example, if only MASTERKEYTYPE # is overridden by setting it to 'user' in the configuration file or from the # kernel command line, the value of MASTERKEY will be: -------------------------------------------------------------------------- MASTERKEY="/etc/keys/kmk-user.blob" -------------------------------------------------------------------------- [1] https://projects.sirrix.com/trac/trustedgrub/ modules.d/97masterkey/masterkey.sh000075500000004165151054757360013210 0ustar00#!/usr/bin/sh # Licensed under the GPLv2 # # Copyright (C) 2011 Politecnico di Torino, Italy # TORSEC group -- http://security.polito.it # Roberto Sassu MASTERKEYSCONFIG="${NEWROOT}/etc/sysconfig/masterkey" MULTIKERNELMODE="NO" PCRLOCKNUM=11 load_masterkey() { # read the configuration from the config file # shellcheck disable=SC1090 [ -f "${MASTERKEYSCONFIG}" ] \ && . "${MASTERKEYSCONFIG}" # override the kernel master key path name from the 'masterkey=' parameter # in the kernel command line MASTERKEYARG=$(getarg masterkey=) && MASTERKEY=${MASTERKEYARG} # override the kernel master key type from the 'masterkeytype=' parameter # in the kernel command line MASTERKEYTYPEARG=$(getarg masterkeytype=) && MASTERKEYTYPE=${MASTERKEYTYPEARG} # set default values [ -z "${MASTERKEYTYPE}" ] \ && MASTERKEYTYPE="trusted" if [ -z "${MASTERKEY}" ]; then # append the kernel version to the default masterkey path name # if MULTIKERNELMODE is set to YES if [ "${MULTIKERNELMODE}" = "YES" ]; then MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}-$(uname -r).blob" else MASTERKEY="/etc/keys/kmk-${MASTERKEYTYPE}.blob" fi fi # set the kernel master key path name MASTERKEYPATH="${NEWROOT}${MASTERKEY}" # check for kernel master key's existence if [ ! -f "${MASTERKEYPATH}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "masterkey: kernel master key file not found: ${MASTERKEYPATH}" fi return 1 fi # read the kernel master key blob KEYBLOB=$(cat "${MASTERKEYPATH}") # add the 'load' prefix if the key type is 'trusted' [ "${MASTERKEYTYPE}" = "trusted" ] \ && KEYBLOB="load ${KEYBLOB} pcrlock=${PCRLOCKNUM}" # load the kernel master key info "Loading the kernel master key" keyctl add "${MASTERKEYTYPE}" "kmk-${MASTERKEYTYPE}" "${KEYBLOB}" @u > /dev/null || { info "masterkey: failed to load the kernel master key: kmk-${MASTERKEYTYPE}" return 1 } return 0 } load_masterkey modules.d/97masterkey/module-setup.sh000075500000000572151054757360013625 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $hostonly ]] && { require_binaries keyctl uname || return 1 } return 255 } # called by dracut depends() { return 0 } # called by dracut installkernel() { instmods trusted encrypted } # called by dracut install() { inst_multiple keyctl uname inst_hook pre-pivot 60 "$moddir/masterkey.sh" } modules.d/98dracut-systemd/dracut-pre-pivot.service.8000064400000003005151054757360016537 0ustar00'\" t .\" Title: dracut-pre-pivot.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-PRE\-PIVOT\&" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-pre-pivot.service \- runs the dracut hooks before switching root .SH "SYNOPSIS" .sp dracut\-pre\-pivot\&.service .SH "DESCRIPTION" .sp This service runs all dracut hooks before the system switched to the real root\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-pre-pivot.service.8.asc000064400000000655151054757360017314 0ustar00DRACUT-PRE-PIVOT.SERVICE(8) =========================== :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-pre-pivot.service - runs the dracut hooks before switching root SYNOPSIS -------- dracut-pre-pivot.service DESCRIPTION ----------- This service runs all dracut hooks before the system switched to the real root. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-pre-pivot.sh000075500000001607151054757360015354 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook pre-pivot" '1:shortmem' '2+:mem' '3+:slab' # pre pivot scripts are sourced just before we doing cleanup and switch over # to the new root. getarg 'rd.break=pre-pivot' 'rdbreak=pre-pivot' && emergency_shell -n pre-pivot "Break pre-pivot" source_hook pre-pivot # pre pivot cleanup scripts are sourced just before we switch over to the new root. getarg 'rd.break=cleanup' 'rdbreak=cleanup' && emergency_shell -n cleanup "Break cleanup" source_hook cleanup _bv=$(getarg rd.break -d rdbreak) && [ -z "$_bv" ] \ && emergency_shell -n switch_root "Break before switch_root" unset _bv # remove helper symlink [ -h /dev/root ] && rm -f -- /dev/root [ -h /dev/nfs ] && rm -f -- /dev/nfs exit 0 modules.d/98dracut-systemd/dracut-pre-trigger.service000064400000001555151054757360016703 0ustar00# This file is part of dracut. [Unit] Description=dracut pre-trigger hook Documentation=man:dracut-pre-trigger.service(8) man:dracut.bootup(7) DefaultDependencies=no Before=systemd-udev-trigger.service dracut-initqueue.service After=dracut-pre-udev.service systemd-udevd.service systemd-tmpfiles-setup-dev.service Wants=dracut-pre-udev.service systemd-udevd.service ConditionPathExists=/usr/lib/initrd-release ConditionDirectoryNotEmpty=|/lib/dracut/hooks/pre-trigger ConditionKernelCommandLine=|rd.break=pre-trigger Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-pre-trigger StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-pre-trigger.service.8000064400000003016151054757360017043 0ustar00'\" t .\" Title: dracut-pre-trigger.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-PRE\-TRIGGER" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-pre-trigger.service \- runs the dracut hooks before udevd is triggered .SH "SYNOPSIS" .sp dracut\-pre\-trigger\&.service .SH "DESCRIPTION" .sp This service runs all dracut hooks before udevd is triggered in the initramfs\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-pre-trigger.service.8.asc000064400000000670151054757360017613 0ustar00DRACUT-PRE-TRIGGER.SERVICE(8) ============================= :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-pre-trigger.service - runs the dracut hooks before udevd is triggered SYNOPSIS -------- dracut-pre-trigger.service DESCRIPTION ----------- This service runs all dracut hooks before udevd is triggered in the initramfs. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-pre-trigger.sh000075500000000732151054757360015654 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook pre-trigger" '1:shortmem' '2+:mem' '3+:slab' source_hook pre-trigger getarg 'rd.break=pre-trigger' 'rdbreak=pre-trigger' && emergency_shell -n pre-trigger "Break pre-trigger" udevadm control --reload > /dev/null 2>&1 || : export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-pre-udev.service000064400000001674151054757360016205 0ustar00# This file is part of dracut. [Unit] Description=dracut pre-udev hook Documentation=man:dracut-pre-udev.service(8) man:dracut.bootup(7) DefaultDependencies=no Before=systemd-udevd.service dracut-pre-trigger.service After=dracut-cmdline.service Wants=dracut-cmdline.service ConditionPathExists=/usr/lib/initrd-release ConditionDirectoryNotEmpty=|/lib/dracut/hooks/pre-udev ConditionKernelCommandLine=|rd.break=pre-udev ConditionKernelCommandLine=|rd.driver.blacklist ConditionKernelCommandLine=|rd.driver.pre ConditionKernelCommandLine=|rd.driver.post ConditionPathExistsGlob=|/etc/cmdline.d/*.conf Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-pre-udev StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-pre-udev.service.8000064400000003001151054757360016335 0ustar00'\" t .\" Title: dracut-pre-udev.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-PRE\-UDEV\&." "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-pre-udev.service \- runs the dracut hooks before udevd is started .SH "SYNOPSIS" .sp dracut\-pre\-udev\&.service .SH "DESCRIPTION" .sp This service runs all dracut hooks before udevd is started in the initramfs\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-pre-udev.service.8.asc000064400000000650151054757360017111 0ustar00DRACUT-PRE-UDEV.SERVICE(8) ========================== :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-pre-udev.service - runs the dracut hooks before udevd is started SYNOPSIS -------- dracut-pre-udev.service DESCRIPTION ----------- This service runs all dracut hooks before udevd is started in the initramfs. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-pre-udev.sh000075500000002607151054757360015157 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook pre-udev" '1:shortmem' '2+:mem' '3+:slab' # pre pivot scripts are sourced just before we doing cleanup and switch over # to the new root. getarg 'rd.break=pre-udev' 'rdbreak=pre-udev' && emergency_shell -n pre-udev "Break pre-udev" source_hook pre-udev _modprobe_d=/etc/modprobe.d if [ -d /usr/lib/modprobe.d ]; then _modprobe_d=/usr/lib/modprobe.d elif [ -d /lib/modprobe.d ]; then _modprobe_d=/lib/modprobe.d elif [ ! -d $_modprobe_d ]; then mkdir -p $_modprobe_d fi for i in $(getargs rd.driver.pre -d rdloaddriver=); do ( IFS=, for p in $i; do modprobe "$p" 2>&1 | vinfo done ) done [ -d /etc/modprobe.d ] || mkdir -p /etc/modprobe.d for i in $(getargs rd.driver.blacklist -d rdblacklist=); do ( IFS=, for p in $i; do echo "blacklist $p" >> $_modprobe_d/initramfsblacklist.conf done ) done for p in $(getargs rd.driver.post -d rdinsmodpost=); do echo "blacklist $p" >> $_modprobe_d/initramfsblacklist.conf _do_insmodpost=1 done [ -n "$_do_insmodpost" ] && initqueue --settled --unique --onetime insmodpost.sh unset _do_insmodpost _modprobe_d unset i export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-shutdown-onfailure.service000064400000000420151054757360020277 0ustar00# This file is part of dracut. [Unit] Description=Service executing upon dracut-shutdown failure to perform cleanup Documentation=man:dracut-shutdown.service(8) DefaultDependencies=no [Service] Type=oneshot ExecStart=-/bin/rm /run/initramfs/shutdown StandardError=null modules.d/98dracut-systemd/dracut-shutdown.service000064400000000623151054757360016322 0ustar00# This file is part of dracut. [Unit] Description=Restore /run/initramfs on shutdown Documentation=man:dracut-shutdown.service(8) After=local-fs.target boot.mount boot.automount Wants=local-fs.target ConditionPathExists=!/run/initramfs/bin/sh OnFailure=dracut-shutdown-onfailure.service [Service] RemainAfterExit=yes Type=oneshot ExecStart=/bin/true ExecStop=/usr/lib/dracut/dracut-initramfs-restore modules.d/98dracut-systemd/dracut-shutdown.service.8000064400000007345151054757360016500 0ustar00'\" t .\" Title: dracut-shutdown.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-SHUTDOWN\&.S" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-shutdown.service \- unpack the initramfs to /run/initramfs .SH "SYNOPSIS" .sp dracut\-shutdown\&.service .SH "DESCRIPTION" .sp This service unpacks the initramfs image to /run/initramfs\&. systemd pivots into /run/initramfs at shutdown, so the root filesystem can be safely unmounted\&. .sp The following steps are executed during a shutdown: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd switches to the shutdown\&.target .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd starts /lib/systemd/system/shutdown\&.target\&.wants/dracut\-shutdown\&.service .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} dracut\-shutdown\&.service executes /usr/lib/dracut/dracut\-initramfs\-restore which unpacks the initramfs to /run/initramfs .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd finishes shutdown\&.target .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd kills all processes .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd tries to unmount everything and mounts the remaining read\-only .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} systemd checks, if there is a /run/initramfs/shutdown executable .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} if yes, it does a pivot_root to /run/initramfs and executes \&./shutdown\&. The old root is then mounted on /oldroot\&. /usr/lib/dracut/modules\&.d/99shutdown/shutdown\&.sh is the shutdown executable\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} shutdown will try to umount every /oldroot mount and calls the various shutdown hooks from the dracut modules .RE .sp This ensures, that all devices are disassembled and unmounted cleanly\&. .sp To debug the shutdown process, you can get a shell in the shutdown procedure by injecting "rd\&.break=pre\-shutdown rd\&.shell" or "rd\&.break=shutdown rd\&.shell"\&. .sp .if n \{\ .RS 4 .\} .nf # mkdir \-p /run/initramfs/etc/cmdline\&.d # echo "rd\&.break=pre\-shutdown rd\&.shell" > /run/initramfs/etc/cmdline\&.d/debug\&.conf # touch /run/initramfs/\&.need_shutdown .fi .if n \{\ .RE .\} .sp In case the unpack of the initramfs fails, dracut\-shutdown\-onfailure\&.service executes to make sure switch root doesn\(cqt happen, since it would result in switching to an incomplete initramfs\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-shutdown.service.8.asc000064400000003530151054757360017235 0ustar00DRACUT-SHUTDOWN.SERVICE(8) =========================== :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-shutdown.service - unpack the initramfs to /run/initramfs SYNOPSIS -------- dracut-shutdown.service DESCRIPTION ----------- This service unpacks the initramfs image to /run/initramfs. systemd pivots into /run/initramfs at shutdown, so the root filesystem can be safely unmounted. The following steps are executed during a shutdown: * systemd switches to the shutdown.target * systemd starts /lib/systemd/system/shutdown.target.wants/dracut-shutdown.service * dracut-shutdown.service executes /usr/lib/dracut/dracut-initramfs-restore which unpacks the initramfs to /run/initramfs * systemd finishes shutdown.target * systemd kills all processes * systemd tries to unmount everything and mounts the remaining read-only * systemd checks, if there is a /run/initramfs/shutdown executable * if yes, it does a pivot_root to /run/initramfs and executes ./shutdown. The old root is then mounted on /oldroot. /usr/lib/dracut/modules.d/99shutdown/shutdown.sh is the shutdown executable. * shutdown will try to umount every /oldroot mount and calls the various shutdown hooks from the dracut modules This ensures, that all devices are disassembled and unmounted cleanly. To debug the shutdown process, you can get a shell in the shutdown procedure by injecting "rd.break=pre-shutdown rd.shell" or "rd.break=shutdown rd.shell". ---- # mkdir -p /run/initramfs/etc/cmdline.d # echo "rd.break=pre-shutdown rd.shell" > /run/initramfs/etc/cmdline.d/debug.conf # touch /run/initramfs/.need_shutdown ---- In case the unpack of the initramfs fails, dracut-shutdown-onfailure.service executes to make sure switch root doesn't happen, since it would result in switching to an incomplete initramfs. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut*(8) modules.d/98dracut-systemd/dracut-tmpfiles.conf000064400000000207151054757360015555 0ustar00d /run/initramfs 0755 root root - d /run/initramfs/log 0755 root root - L /var/log - - - - ../run/initramfs/log modules.d/98dracut-systemd/emergency.service000064400000001262151054757360015145 0ustar00# This file is part of dracut. [Unit] Description=Emergency Shell Documentation=man:dracut.bootup(7) DefaultDependencies=no After=systemd-vconsole-setup.service Wants=systemd-vconsole-setup.service Conflicts=shutdown.target Before=shutdown.target [Service] Environment=HOME=/ Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot WorkingDirectory=/ ExecStart=/bin/dracut-emergency ExecStopPost=-/usr/bin/systemctl --fail --no-block default Type=idle StandardInput=tty-force StandardOutput=inherit StandardError=inherit KillMode=process IgnoreSIGPIPE=no TasksMax=infinity # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/module-setup.sh000075500000003457151054757360014577 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $mount_needs ]] && return 1 return 0 } # called by dracut depends() { echo "systemd-initrd" return 0 } installkernel() { return 0 } # called by dracut install() { inst_script "$moddir/dracut-emergency.sh" /bin/dracut-emergency inst_simple "$moddir/emergency.service" "${systemdsystemunitdir}"/emergency.service inst_simple "$moddir/dracut-emergency.service" "${systemdsystemunitdir}"/dracut-emergency.service inst_simple "$moddir/emergency.service" "${systemdsystemunitdir}"/rescue.service ln_r "${systemdsystemunitdir}/initrd.target" "${systemdsystemunitdir}/default.target" inst_script "$moddir/dracut-cmdline.sh" /bin/dracut-cmdline inst_script "$moddir/dracut-cmdline-ask.sh" /bin/dracut-cmdline-ask inst_script "$moddir/dracut-pre-udev.sh" /bin/dracut-pre-udev inst_script "$moddir/dracut-pre-trigger.sh" /bin/dracut-pre-trigger inst_script "$moddir/dracut-initqueue.sh" /bin/dracut-initqueue inst_script "$moddir/dracut-pre-mount.sh" /bin/dracut-pre-mount inst_script "$moddir/dracut-mount.sh" /bin/dracut-mount inst_script "$moddir/dracut-pre-pivot.sh" /bin/dracut-pre-pivot inst_script "$moddir/rootfs-generator.sh" "$systemdutildir"/system-generators/dracut-rootfs-generator for i in \ dracut-cmdline.service \ dracut-cmdline-ask.service \ dracut-initqueue.service \ dracut-mount.service \ dracut-pre-mount.service \ dracut-pre-pivot.service \ dracut-pre-trigger.service \ dracut-pre-udev.service; do inst_simple "$moddir/${i}" "$systemdsystemunitdir/${i}" $SYSTEMCTL -q --root "$initdir" add-wants initrd.target "$i" done inst_simple "$moddir/dracut-tmpfiles.conf" "$tmpfilesdir/dracut-tmpfiles.conf" } modules.d/98dracut-systemd/rootfs-generator.sh000075500000007216151054757360015451 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh generator_wait_for_dev() { local _name local _timeout _name="$(str_replace "$1" '/' '\x2f')" _timeout=$(getarg rd.timeout) _timeout=${_timeout:-0} if ! [ -e "$hookdir/initqueue/finished/devexists-${_name}.sh" ]; then # If a LUKS device needs unlocking via systemd in the initrd, assume # it's for the root device. In that case, don't block on it if it's # after remote-fs-pre.target since the initqueue is ordered before it so # it will never actually show up (think Tang-pinned rootfs). cat > "$hookdir/initqueue/finished/devexists-${_name}.sh" << EOF if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then [ -e "$1" ] fi EOF { printf '[ -e "%s" ] || ' "$1" printf 'warn "\"%s\" does not exist"\n' "$1" } >> "$hookdir/emergency/80-${_name}.sh" fi _name=$(dev_unit_name "$1") if ! [ -L "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device ]; then [ -d "$GENERATOR_DIR"/initrd.target.wants ] || mkdir -p "$GENERATOR_DIR"/initrd.target.wants ln -s ../"${_name}".device "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device fi if ! [ -f "$GENERATOR_DIR"/"${_name}".device.d/timeout.conf ]; then mkdir -p "$GENERATOR_DIR"/"${_name}".device.d { echo "[Unit]" echo "JobTimeoutSec=$_timeout" echo "JobRunningTimeoutSec=$_timeout" } > "$GENERATOR_DIR"/"${_name}".device.d/timeout.conf fi } generator_mount_rootfs() { local _type=$2 local _flags=$3 local _name [ -z "$1" ] && return 0 _name=$(dev_unit_name "$1") [ -d "$GENERATOR_DIR" ] || mkdir -p "$GENERATOR_DIR" if ! [ -f "$GENERATOR_DIR"/sysroot.mount ]; then { echo "[Unit]" echo "Before=initrd-root-fs.target" echo "Requires=systemd-fsck@${_name}.service" echo "After=systemd-fsck@${_name}.service" echo "[Mount]" echo "Where=/sysroot" echo "What=$1" echo "Options=${_flags}" echo "Type=${_type}" } > "$GENERATOR_DIR"/sysroot.mount fi if ! [ -L "$GENERATOR_DIR"/initrd-root-fs.target.requires/sysroot.mount ]; then [ -d "$GENERATOR_DIR"/initrd-root-fs.target.requires ] || mkdir -p "$GENERATOR_DIR"/initrd-root-fs.target.requires ln -s ../sysroot.mount "$GENERATOR_DIR"/initrd-root-fs.target.requires/sysroot.mount fi } generator_fsck_after_pre_mount() { local _name [ -z "$1" ] && return 0 _name=$(dev_unit_name "$1") [ -d /run/systemd/generator/systemd-fsck@"${_name}".service.d ] || mkdir -p /run/systemd/generator/systemd-fsck@"${_name}".service.d if ! [ -f /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ]; then { echo "[Unit]" echo "After=dracut-pre-mount.service" } > /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf fi } root=$(getarg root=) case "${root#block:}" in LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) root="block:$(label_uuid_to_dev "$root")" rootok=1 ;; /dev/nfs) # ignore legacy /dev/nfs ;; /dev/*) root="block:${root}" rootok=1 ;; esac GENERATOR_DIR="$1" if [ "$rootok" = "1" ]; then generator_wait_for_dev "${root#block:}" "$RDRETRY" generator_fsck_after_pre_mount "${root#block:}" strstr "$(cat /proc/cmdline)" 'root=' || generator_mount_rootfs "${root#block:}" "$(getarg rootfstype=)" "$(getarg rootflags=)" fi exit 0 modules.d/98dracut-systemd/dracut-cmdline-ask.service000064400000001513151054757360016635 0ustar00# This file is part of dracut. [Unit] Description=dracut ask for additional cmdline parameters Documentation=man:dracut.bootup(7) DefaultDependencies=no Before=dracut-cmdline.service Wants=systemd-journald.socket After=systemd-journald.socket Wants=systemd-vconsole-setup.service After=systemd-vconsole-setup.service ConditionPathExists=/usr/lib/initrd-release ConditionKernelCommandLine=|rd.cmdline=ask ConditionPathExistsGlob=|/etc/cmdline.d/*.conf Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-cmdline-ask StandardInput=tty StandardOutput=inherit StandardError=inherit RemainAfterExit=yes KillMode=process IgnoreSIGPIPE=no # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-cmdline-ask.sh000075500000000657151054757360015622 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh getarg "rd.cmdline=ask" || exit 0 sleep 0.5 echo sleep 0.5 echo sleep 0.5 echo echo echo echo echo "Enter additional kernel command line parameter (end with ctrl-d or .)" while read -r -p "> " ${BASH:+-e} line || [ -n "$line" ]; do [ "$line" = "." ] && break [ -n "$line" ] && printf -- "%s\n" "$line" >> /etc/cmdline.d/99-cmdline-ask.conf done exit 0 modules.d/98dracut-systemd/dracut-cmdline.service000064400000001543151054757360016064 0ustar00# This file is part of dracut. [Unit] Description=dracut cmdline hook Documentation=man:dracut-cmdline.service(8) man:dracut.bootup(7) DefaultDependencies=no Before=dracut-pre-udev.service After=systemd-journald.socket Wants=systemd-journald.socket ConditionPathExists=/usr/lib/initrd-release ConditionPathExistsGlob=|/etc/cmdline.d/*.conf ConditionDirectoryNotEmpty=|/lib/dracut/hooks/cmdline ConditionKernelCommandLine=|rd.break=cmdline ConditionKernelCommandLine=|resume ConditionKernelCommandLine=|noresume Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-cmdline StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-cmdline.service.8000064400000003023151054757360016225 0ustar00'\" t .\" Title: dracut-cmdline.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-CMDLINE\&.SE" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-cmdline.service \- runs the dracut hooks to parse the kernel command line .SH "SYNOPSIS" .sp dracut\-cmdline\&.service .SH "DESCRIPTION" .sp This service runs all the dracut hooks to parse the kernel command line in the initramfs\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-cmdline.service.8.asc000064400000000672151054757360017001 0ustar00DRACUT-CMDLINE.SERVICE(8) ========================= :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-cmdline.service - runs the dracut hooks to parse the kernel command line SYNOPSIS -------- dracut-cmdline.service DESCRIPTION ----------- This service runs all the dracut hooks to parse the kernel command line in the initramfs. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-cmdline.sh000075500000004312151054757360015036 0ustar00#!/usr/bin/sh if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh [ -f /usr/lib/initrd-release ] && . /usr/lib/initrd-release [ -n "$VERSION" ] && info "dracut-$VERSION" if ! getargbool 1 'rd.hostonly'; then [ -f /etc/cmdline.d/99-cmdline-ask.conf ] && mv /etc/cmdline.d/99-cmdline-ask.conf /tmp/99-cmdline-ask.conf remove_hostonly_files [ -f /tmp/99-cmdline-ask.conf ] && mv /tmp/99-cmdline-ask.conf /etc/cmdline.d/99-cmdline-ask.conf fi info "Using kernel command line parameters:" "$(getcmdline)" getargbool 0 rd.udev.log-priority=info -d rd.udev.info -d -n -y rdudevinfo && echo 'udev_log="info"' >> /etc/udev/udev.conf getargbool 0 rd.udev.log-priority=debug -d rd.udev.debug -d -n -y rdudevdebug && echo 'udev_log="debug"' >> /etc/udev/udev.conf source_conf /etc/conf.d # Get the "root=" parameter from the kernel command line, but differentiate # between the case where it was set to the empty string and the case where it # wasn't specified at all. if ! root="$(getarg root=)"; then root_unset='UNSET' fi rflags="$(getarg rootflags=)" getargbool 0 ro && rflags="${rflags},ro" getargbool 0 rw && rflags="${rflags},rw" rflags="${rflags#,}" fstype="$(getarg rootfstype=)" if [ -z "$fstype" ]; then fstype="auto" fi export root export rflags export fstype make_trace_mem "hook cmdline" '1+:mem' '1+:iomem' '3+:slab' # run scriptlets to parse the command line getarg 'rd.break=cmdline' -d 'rdbreak=cmdline' && emergency_shell -n cmdline "Break before cmdline" source_hook cmdline [ -f /lib/dracut/parse-resume.sh ] && . /lib/dracut/parse-resume.sh case "${root#block:}${root_unset}" in LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) root="block:$(label_uuid_to_dev "${root#block:}")" rootok=1 ;; /dev/*) root="block:${root#block:}" rootok=1 ;; UNSET | gpt-auto | tmpfs) # systemd's gpt-auto-generator/fstab-generator handles this case. rootok=1 ;; esac [ -z "${root}${root_unset}" ] && die "Empty root= argument" [ -z "$rootok" ] && die "Don't know how to handle 'root=$root'" export root rflags fstype netroot NEWROOT export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-emergency.service000064400000001247151054757360016430 0ustar00# This file is part of dracut. [Unit] Description=Dracut Emergency Shell Documentation=man:dracut.bootup(7) DefaultDependencies=no After=systemd-vconsole-setup.service Wants=systemd-vconsole-setup.service Conflicts=shutdown.target emergency.target [Service] Environment=HOME=/ Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot WorkingDirectory=/ ExecStart=-/bin/dracut-emergency ExecStopPost=-/bin/rm -f -- /.console_lock Type=oneshot StandardInput=tty-force StandardOutput=inherit StandardError=inherit KillMode=process IgnoreSIGPIPE=no TasksMax=infinity # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-emergency.sh000075500000003146151054757360015405 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d type plymouth > /dev/null 2>&1 && plymouth quit export _rdshell_name="dracut" action="Boot" hook="emergency" _emergency_action=$(getarg rd.emergency) if getargbool 1 rd.shell -d -y rdshell || getarg rd.break -d rdbreak; then FSTXT="/run/dracut/fsck/fsck_help_$fstype.txt" RDSOSREPORT="$(rdsosreport)" source_hook "$hook" while read -r _tty rest; do ( echo echo "$RDSOSREPORT" echo echo echo 'Entering emergency mode. Exit the shell to continue.' echo 'Type "journalctl" to view system logs.' echo 'You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot' echo 'after mounting them and attach it to a bug report.' echo echo [ -f "$FSTXT" ] && cat "$FSTXT" ) > /dev/"$_tty" done < /proc/consoles [ -f /etc/profile ] && . /etc/profile [ -z "$PS1" ] && export PS1="$_name:\${PWD}# " exec sh -i -l else export hook="shutdown-emergency" warn "$action has failed. To debug this issue add \"rd.shell rd.debug\" to the kernel command line." source_hook "$hook" [ -z "$_emergency_action" ] && _emergency_action=halt fi /bin/rm -f -- /.console_lock case "$_emergency_action" in reboot) reboot || exit 1 ;; poweroff) poweroff || exit 1 ;; halt) halt || exit 1 ;; esac exit 0 modules.d/98dracut-systemd/dracut-initqueue.service000064400000001420151054757360016453 0ustar00# This file is part of dracut. [Unit] Description=dracut initqueue hook Documentation=man:dracut-initqueue.service(8) man:dracut.bootup(7) DefaultDependencies=no Before=remote-fs-pre.target Wants=remote-fs-pre.target After=systemd-udev-trigger.service Wants=systemd-udev-trigger.service ConditionPathExists=/usr/lib/initrd-release ConditionPathExists=|/lib/dracut/need-initqueue ConditionKernelCommandLine=|rd.break=initqueue Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-initqueue StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-initqueue.service.8000064400000003016151054757360016624 0ustar00'\" t .\" Title: dracut-initqueue.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-INITQUEUE\&." "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-initqueue.service \- runs the dracut main loop to find the real root .SH "SYNOPSIS" .sp dracut\-initqueue\&.service .SH "DESCRIPTION" .sp This service runs all the main loop of dracut in the initramfs to find the real root\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-initqueue.service.8.asc000064400000000667151054757360017402 0ustar00DRACUT-INITQUEUE.SERVICE(8) =========================== :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-initqueue.service - runs the dracut main loop to find the real root SYNOPSIS -------- dracut-initqueue.service DESCRIPTION ----------- This service runs all the main loop of dracut in the initramfs to find the real root. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-initqueue.sh000075500000005166151054757360015443 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook initqueue" '1:shortmem' '2+:mem' '3+:slab' getarg 'rd.break=initqueue' -d 'rdbreak=initqueue' && emergency_shell -n initqueue "Break before initqueue" RDRETRY=$(getarg rd.retry -d 'rd_retry=') RDRETRY=${RDRETRY:-180} RDRETRY=$((RDRETRY * 2)) export RDRETRY main_loop=0 export main_loop while :; do check_finished && break udevadm settle --exit-if-exists="$hookdir"/initqueue/work check_finished && break if [ -f "$hookdir"/initqueue/work ]; then rm -f -- "$hookdir/initqueue/work" fi for job in "$hookdir"/initqueue/*.sh; do [ -e "$job" ] || break # shellcheck disable=SC2097 disable=SC1090 disable=SC2098 job=$job . "$job" check_finished && break 2 done udevadm settle --timeout=0 > /dev/null 2>&1 || continue for job in "$hookdir"/initqueue/settled/*.sh; do [ -e "$job" ] || break # shellcheck disable=SC2097 disable=SC1090 disable=SC2098 job=$job . "$job" check_finished && break 2 done udevadm settle --timeout=0 > /dev/null 2>&1 || continue # no more udev jobs and queues empty. sleep 0.5 for i in /run/systemd/ask-password/ask.*; do [ -e "$i" ] && continue 2 done if [ $main_loop -gt $((2 * RDRETRY / 3)) ]; then warn "dracut-initqueue: timeout, still waiting for following initqueue hooks:" for _f in "$hookdir"/initqueue/finished/*.sh; do warn "$_f: \"$(cat "$_f")\"" done if [ "$(ls -A "$hookdir"/initqueue/finished)" ]; then warn "dracut-initqueue: starting timeout scripts" for job in "$hookdir"/initqueue/timeout/*.sh; do [ -e "$job" ] || break # shellcheck disable=SC2097 disable=SC1090 disable=SC2098 job=$job . "$job" udevadm settle --timeout=0 > /dev/null 2>&1 || main_loop=0 [ -f "$hookdir"/initqueue/work ] && main_loop=0 [ $main_loop -eq 0 ] && break done fi fi main_loop=$((main_loop + 1)) if [ $main_loop -gt $RDRETRY ]; then if ! [ -f /sysroot/etc/fstab ] || ! [ -e /sysroot/sbin/init ]; then emergency_shell "Could not boot." fi warn "Not all disks have been found." warn "You might want to regenerate your initramfs." break fi done unset job unset queuetriggered unset main_loop unset RDRETRY export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-mount.service000064400000001364151054757360015614 0ustar00# This file is part of dracut. [Unit] Description=dracut mount hook Documentation=man:dracut-mount.service(8) man:dracut.bootup(7) After=initrd-root-fs.target initrd-parse-etc.service After=dracut-initqueue.service dracut-pre-mount.service ConditionPathExists=/usr/lib/initrd-release ConditionDirectoryNotEmpty=|/lib/dracut/hooks/mount ConditionKernelCommandLine=|rd.break=mount DefaultDependencies=no Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-mount StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-mount.service.8000064400000002773151054757360015767 0ustar00'\" t .\" Title: dracut-mount.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-MOUNT\&.SERV" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-mount.service \- runs the dracut hooks after /sysroot is mounted .SH "SYNOPSIS" .sp dracut\-mount\&.service .SH "DESCRIPTION" .sp This service runs all dracut hooks after the real root is mounted on /sysroot\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-mount.service.8.asc000064400000000640151054757360016523 0ustar00DRACUT-MOUNT.SERVICE(8) ======================= :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-mount.service - runs the dracut hooks after /sysroot is mounted SYNOPSIS -------- dracut-mount.service DESCRIPTION ----------- This service runs all dracut hooks after the real root is mounted on /sysroot. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-mount.sh000075500000002107151054757360014565 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook mount" '1:shortmem' '2+:mem' '3+:slab' getarg 'rd.break=mount' -d 'rdbreak=mount' && emergency_shell -n mount "Break mount" # mount scripts actually try to mount the root filesystem, and may # be sourced any number of times. As soon as one suceeds, no more are sourced. i=0 while :; do if ismounted "$NEWROOT"; then usable_root "$NEWROOT" && break umount "$NEWROOT" fi for f in "$hookdir"/mount/*.sh; do # shellcheck disable=SC1090 [ -f "$f" ] && . "$f" if ismounted "$NEWROOT"; then usable_root "$NEWROOT" && break warn "$NEWROOT has no proper rootfs layout, ignoring and removing offending mount hook" umount "$NEWROOT" rm -f -- "$f" fi done i=$((i + 1)) [ $i -gt 20 ] && emergency_shell "Can't mount root filesystem" done export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-pre-mount.service000064400000001421151054757360016372 0ustar00# This file is part of dracut. [Unit] Description=dracut pre-mount hook Documentation=man:dracut-pre-mount.service(8) man:dracut.bootup(7) DefaultDependencies=no Before=initrd-root-fs.target sysroot.mount systemd-fsck-root.service After=dracut-initqueue.service cryptsetup.target ConditionPathExists=/usr/lib/initrd-release ConditionDirectoryNotEmpty=|/lib/dracut/hooks/pre-mount ConditionKernelCommandLine=|rd.break=pre-mount Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-pre-mount StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98dracut-systemd/dracut-pre-mount.service.8000064400000003012151054757360016536 0ustar00'\" t .\" Title: dracut-pre-mount.service .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/01/2022 .\" Manual: dracut .\" Source: dracut .\" Language: English .\" .TH "DRACUT\-PRE\-MOUNT\&" "8" "07/01/2022" "dracut" "dracut" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" dracut-pre-mount.service \- runs the dracut hooks before /sysroot is mounted .SH "SYNOPSIS" .sp dracut\-pre\-mount\&.service .SH "DESCRIPTION" .sp This service runs all dracut hooks before the real root is mounted on /sysroot\&. .SH "AUTHORS" .sp Harald Hoyer .SH "SEE ALSO" .sp \fBdracut\&.bootup\fR(7) \fBdracut\fR(8) modules.d/98dracut-systemd/dracut-pre-mount.service.8.asc000064400000000662151054757360017313 0ustar00DRACUT-PRE-MOUNT.SERVICE(8) =========================== :doctype: manpage :man source: dracut :man manual: dracut NAME ---- dracut-pre-mount.service - runs the dracut hooks before /sysroot is mounted SYNOPSIS -------- dracut-pre-mount.service DESCRIPTION ----------- This service runs all dracut hooks before the real root is mounted on /sysroot. AUTHORS ------- Harald Hoyer SEE ALSO -------- *dracut.bootup*(7) *dracut*(8) modules.d/98dracut-systemd/dracut-pre-mount.sh000075500000000774151054757360015361 0ustar00#!/usr/bin/sh export DRACUT_SYSTEMD=1 if [ -f /dracut-state.sh ]; then . /dracut-state.sh 2> /dev/null fi type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh source_conf /etc/conf.d make_trace_mem "hook pre-mount" '1:shortmem' '2+:mem' '3+:slab' # pre pivot scripts are sourced just before we doing cleanup and switch over # to the new root. getarg 'rd.break=pre-mount' 'rdbreak=pre-mount' && emergency_shell -n pre-mount "Break pre-mount" source_hook pre-mount export -p > /dracut-state.sh exit 0 modules.d/98dracut-systemd/dracut-pre-pivot.service000064400000002123151054757360016371 0ustar00# This file is part of dracut. [Unit] Description=dracut pre-pivot and cleanup hook Documentation=man:dracut-pre-pivot.service(8) man:dracut.bootup(7) DefaultDependencies=no After=initrd.target initrd-parse-etc.service sysroot.mount After=dracut-initqueue.service dracut-pre-mount.service dracut-mount.service Before=initrd-cleanup.service Wants=remote-fs.target After=remote-fs.target ConditionPathExists=/usr/lib/initrd-release ConditionDirectoryNotEmpty=|/lib/dracut/hooks/pre-pivot ConditionDirectoryNotEmpty=|/lib/dracut/hooks/cleanup ConditionKernelCommandLine=|rd.break=pre-pivot ConditionKernelCommandLine=|rd.break=cleanup ConditionKernelCommandLine=|rd.break ConditionPathExists=|/dev/root ConditionPathExists=|/dev/nfs Conflicts=shutdown.target emergency.target [Service] Environment=DRACUT_SYSTEMD=1 Environment=NEWROOT=/sysroot Type=oneshot ExecStart=-/bin/dracut-pre-pivot StandardInput=null StandardError=journal+console KillMode=process RemainAfterExit=yes KeyringMode=shared # Bash ignores SIGTERM, so we send SIGHUP instead, to ensure that bash # terminates cleanly. KillSignal=SIGHUP modules.d/98ecryptfs/README000064400000004447151054757360011364 0ustar00# Directions for creating the encrypted key that will be used to mount an # eCryptfs filesystem # Create the eCryptfs key (encrypted key type) # # The encrypted key type supports two formats: the 'default' format allows # to generate a random symmetric key of the length specified, the 'ecryptfs' # format generates an authentication token for the eCryptfs filesystem, # which contains a randomly generated key. Two requirements for the latter # format is that the key description must contain exactly 16 hexadecimal # characters and that the encrypted key length must be equal to 64. $ keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk-trusted 64" @u 782117972 # Save the encrypted key $ su -c 'keyctl pipe `keyctl search @u encrypted 1000100010001000` > /etc/keys/ecryptfs-trusted.blob' # The eCryptfs key path name can be set in one of the following ways (specified in # the order in which the variable is overwritten): 1) use the default value: -------------------------------------------------------------------------- ECRYPTFSKEY="/etc/keys/ecryptfs-trusted.blob" -------------------------------------------------------------------------- 2) create the configuration file '/etc/sysconfig/ecryptfs' and set the ECRYPTFSKEY variable; 3) specify the eCryptfs key path name in the 'ecryptfskey=' parameter of the kernel command line. # The configuration file '/etc/sysconfig/ecryptfs' is also used to specify # more options for mounting the eCryptfs filesystem: ECRYPTFSSRCDIR: existent directory in the lower root filesystem; ECRYPTFSDSTDIR: mount point directory for the eCryptfs filesystem (the directory must be created in the root filesystem before rebooting the platform); ECRYPTFS_EXTRA_MOUNT_OPTS: extra mount options for the eCryptfs filesystem (the 'ecryptfs_sig' option is automatically added by the dracut script). # Example of the configuration file: ----------- '/etc/sysconfig/ecryptfs' (with default values) ----------- ECRYPTFS_KEY="/etc/keys/ecryptfs-trusted.blob" ECRYPTFSSRCDIR="/secret" ECRYPTFSDSTDIR="${ECRYPTFSSRCDIR}" ECRYPTFS_EXTRA_MOUNT_OPTS="" ----------------------------------------------------------------------- # If the variable ECRYPTFSDSTDIR is not specified in the configuration file, # its value will be equal to that of ECRYPTFSSRCDIR. modules.d/98ecryptfs/ecryptfs-mount.sh000075500000005314151054757360014034 0ustar00#!/usr/bin/sh # Licensed under the GPLv2 # # Copyright (C) 2011 Politecnico di Torino, Italy # TORSEC group -- http://security.polito.it # Roberto Sassu ECRYPTFSCONFIG="${NEWROOT}/etc/sysconfig/ecryptfs" ECRYPTFSKEYTYPE="encrypted" ECRYPTFSKEYDESC="1000100010001000" ECRYPTFSKEYID="" ECRYPTFSSRCDIR="/secret" ECRYPTFS_EXTRA_MOUNT_OPTS="" load_ecryptfs_key() { # override the eCryptfs key path name from the 'ecryptfskey=' parameter in the kernel # command line if ECRYPTFSKEYARG=$(getarg ecryptfskey=); then ECRYPTFSKEY=${ECRYPTFSKEYARG} fi # set the default value [ -z "${ECRYPTFSKEY}" ] \ && ECRYPTFSKEY="/etc/keys/ecryptfs-trusted.blob" # set the eCryptfs key path name ECRYPTFSKEYPATH="${NEWROOT}${ECRYPTFSKEY}" # check for eCryptfs encrypted key's existence if [ ! -f "${ECRYPTFSKEYPATH}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "eCryptfs: key file not found: ${ECRYPTFSKEYPATH}" fi return 1 fi # read the eCryptfs encrypted key blob KEYBLOB=$(cat "${ECRYPTFSKEYPATH}") # load the eCryptfs encrypted key blob if ! ECRYPTFSKEYID=$(keyctl add ${ECRYPTFSKEYTYPE} ${ECRYPTFSKEYDESC} "load ${KEYBLOB}" @u); then info "eCryptfs: failed to load the eCryptfs key: ${ECRYPTFSKEYDESC}" return 1 fi return 0 } unload_ecryptfs_key() { # unlink the eCryptfs encrypted key keyctl unlink "${ECRYPTFSKEYID}" @u || { info "eCryptfs: failed to unlink the eCryptfs key: ${ECRYPTFSKEYDESC}" return 1 } return 0 } mount_ecryptfs() { # read the configuration from the config file # shellcheck disable=SC1090 [ -f "${ECRYPTFSCONFIG}" ] \ && . "${ECRYPTFSCONFIG}" # load the eCryptfs encrypted key load_ecryptfs_key || return 1 # set the default value for ECRYPTFSDSTDIR [ -z "${ECRYPTFSDSTDIR}" ] \ && ECRYPTFSDSTDIR=${ECRYPTFSSRCDIR} # set the eCryptfs filesystem mount point ECRYPTFSSRCMNT="${NEWROOT}${ECRYPTFSSRCDIR}" ECRYPTFSDSTMNT="${NEWROOT}${ECRYPTFSDSTDIR}" # build the mount options variable ECRYPTFS_MOUNT_OPTS="ecryptfs_sig=${ECRYPTFSKEYDESC}" [ -n "${ECRYPTFS_EXTRA_MOUNT_OPTS}" ] \ && ECRYPTFS_MOUNT_OPTS="${ECRYPTFS_MOUNT_OPTS},${ECRYPTFS_EXTRA_MOUNT_OPTS}" # mount the eCryptfs filesystem info "Mounting the configured eCryptfs filesystem" mount -i -t ecryptfs -o${ECRYPTFS_MOUNT_OPTS} "${ECRYPTFSSRCMNT}" "${ECRYPTFSDSTMNT}" > /dev/null || { info "eCryptfs: mount of the eCryptfs filesystem failed" return 1 } # unload the eCryptfs encrypted key unload_ecryptfs_key || return 1 return 0 } mount_ecryptfs modules.d/98ecryptfs/module-setup.sh000075500000000430151054757360013452 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { echo masterkey return 0 } # called by dracut installkernel() { instmods ecryptfs } # called by dracut install() { inst_hook pre-pivot 63 "$moddir/ecryptfs-mount.sh" } modules.d/98integrity/README000064400000005664151054757360011545 0ustar00# Directions for creating the encrypted key that will be used to initialize # the EVM software. # Create the EVM key (encrypted key type) # # The encrypted key is a random number encrypted/decrypted using the # kernel master key. The encrypted key is only exposed to userspace # as an encrypted datablob. $ keyctl add encrypted evm-key "new trusted:kmk-trusted 32" @u 782117972 # Save the encrypted key $ su -c 'keyctl pipe `keyctl search @u encrypted evm-key` > /etc/keys/evm-trusted.blob' # The EVM key path name can be set in one of the following ways (specified in # the order in which the variable is overwritten): 1) use the default value: -------------------------------------------------------------------------- EVMKEY="/etc/keys/evm-trusted.blob" -------------------------------------------------------------------------- 2) create the configuration file '/etc/sysconfig/evm' and set the EVMKEY variable; 3) specify the EVM key path name in the 'evmkey=' parameter of the kernel command line. # Directions for loading a custom IMA policy. # Write the policy following the instructions provided in the file # 'Documentation/ABI/testing/ima_policy' of the kernel documentation. # Save the policy in a file. # Create the configuration file '/etc/sysconfig/ima' to override the path name of # the IMA custom policy. ------------- '/etc/sysconfig/ima' (with the default value) ------------- IMAPOLICY="/etc/sysconfig/ima-policy" ------------------------------------------------------------------------- # Information on loading distro, third party or local keys on the trusted IMA keyring # Loading distro, third party or local keys on the trusted IMA keyring requires # creating a local certificate authority(local-CA), installing the local-CA's # public key on the system-keyring and signing the certificates with the local-CA # key. # # Many directions for creating a mini certificate authority exist on the web # (eg. openssl, yubikey). (Reminder: safely storing the private key offline is # really important, especially in the case of the local-CA's private key.) The # local-CA's public key can be loaded onto the system keyring either by building # the key into the kernel or, on Fedora, storing it in the UEFI/Mok keyring. (As # of writing, the patches for loading the UEFI/Mok keys on the system-keyring # have not been upstreamed.) # # To view the system keyring: keyctl show %keyring:.system_keyring # # Most on-line directions for signing certificates requires creating a Certificate # Signing Request (CSR). Creating such a request requires access to the private # key, which would not be available when signing distro or 3rd party certificates. # Openssl provides the "-ss_cert" option for directly signing certificates. # 98integrity/ima-keys-load.sh script loads the signed certificates stored # in the $IMAKEYSDIR onto the trusted IMA keyring. The default $IMAKEYSDIR # directory is /etc/keys/ima, but can be specified in the /etc/sysconfig/ima # policy. modules.d/98integrity/evm-enable.sh000075500000011311151054757360013221 0ustar00#!/usr/bin/sh # Licensed under the GPLv2 # # Copyright (C) 2011 Politecnico di Torino, Italy # TORSEC group -- http://security.polito.it # Roberto Sassu EVMSECFILE="${SECURITYFSDIR}/evm" EVMCONFIG="${NEWROOT}/etc/sysconfig/evm" EVMKEYDESC="evm-key" EVMKEYTYPE="encrypted" EVMKEYID="" EVM_ACTIVATION_BITS=0 # The following variables can be set in /etc/sysconfig/evm: # EVMKEY: path to the symmetric key; defaults to /etc/keys/evm-trusted.blob # EVMKEYDESC: Description of the symmetric key; default is 'evm-key' # EVMKEYTYPE: Type of the symmetric key; default is 'encrypted' # EVMX509: path to x509 cert; default is /etc/keys/x509_evm.der # EVM_ACTIVATION_BITS: additional EVM activation bits, such as # EVM_SETUP_COMPLETE; default is 0 # EVMKEYSDIR: Directory with more x509 certs; default is /etc/keys/evm/ load_evm_key() { # read the configuration from the config file # shellcheck disable=SC1090 [ -f "${EVMCONFIG}" ] \ && . "${EVMCONFIG}" # override the EVM key path name from the 'evmkey=' parameter in the kernel # command line if EVMKEYARG=$(getarg evmkey=); then EVMKEY=${EVMKEYARG} fi # set the default value [ -z "${EVMKEY}" ] \ && EVMKEY="/etc/keys/evm-trusted.blob" # set the EVM key path name EVMKEYPATH="${NEWROOT}${EVMKEY}" # check for EVM encrypted key's existence if [ ! -f "${EVMKEYPATH}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: EVM encrypted key file not found: ${EVMKEYPATH}" fi return 1 fi # read the EVM encrypted key blob KEYBLOB=$(cat "${EVMKEYPATH}") # load the EVM encrypted key if ! EVMKEYID=$(keyctl add ${EVMKEYTYPE} ${EVMKEYDESC} "load ${KEYBLOB}" @u); then info "integrity: failed to load the EVM encrypted key: ${EVMKEYDESC}" return 1 fi return 0 } load_evm_x509() { info "Load EVM IMA X509" # override the EVM key path name from the 'evmx509=' parameter in # the kernel command line if EVMX509ARG=$(getarg evmx509=); then EVMX509=${EVMX509ARG} fi # set the default value [ -z "${EVMX509}" ] \ && EVMX509="/etc/keys/x509_evm.der" # set the EVM public key path name EVMX509PATH="${NEWROOT}${EVMX509}" # check for EVM public key's existence if [ ! -f "${EVMX509PATH}" ]; then EVMX509PATH="" fi local evm_pubid line if line=$(keyctl describe %keyring:.evm); then # the kernel already setup a trusted .evm keyring so use that one evm_pubid=${line%%:*} else # look for an existing regular keyring evm_pubid=$(keyctl search @u keyring _evm) if [ -z "${evm_pubid}" ]; then # create a new regular _evm keyring evm_pubid=$(keyctl newring _evm @u) fi fi if [ -z "${EVMKEYSDIR}" ]; then EVMKEYSDIR="/etc/keys/evm" fi # load the default EVM public key onto the EVM keyring along # with all the other ones in $EVMKEYSDIR local key_imported=1 for PUBKEY in ${EVMX509PATH} "${NEWROOT}${EVMKEYSDIR}"/*; do if [ ! -f "${PUBKEY}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: EVM x509 cert file not found: ${PUBKEY}" fi continue fi if ! evmctl import "${PUBKEY}" "${evm_pubid}"; then info "integrity: failed to load the EVM X509 cert ${PUBKEY}" return 1 fi key_imported=0 done if [ "${RD_DEBUG}" = "yes" ]; then keyctl show @u fi return ${key_imported} } unload_evm_key() { # unlink the EVM encrypted key keyctl unlink "${EVMKEYID}" @u || { info "integrity: failed to unlink the EVM encrypted key: ${EVMKEYDESC}" return 1 } return 0 } enable_evm() { # check kernel support for EVM if [ ! -e "${EVMSECFILE}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: EVM kernel support is disabled" fi return 0 fi local evm_configured=0 local EVM_INIT_HMAC=1 EVM_INIT_X509=2 # try to load the EVM encrypted key load_evm_key && evm_configured=${EVM_INIT_HMAC} # try to load the EVM public key load_evm_x509 && evm_configured=$((evm_configured | EVM_INIT_X509)) # only enable EVM if a key or x509 certificate could be loaded if [ $evm_configured -eq 0 ]; then return 1 fi # initialize EVM info "Enabling EVM" echo $((evm_configured | EVM_ACTIVATION_BITS)) > "${EVMSECFILE}" if [ "$((evm_configured & EVM_INIT_HMAC))" -ne 0 ]; then # unload the EVM encrypted key unload_evm_key || return 1 fi return 0 } enable_evm modules.d/98integrity/ima-keys-load.sh000075500000002732151054757360013651 0ustar00#!/usr/bin/sh SECURITYFSDIR="/sys/kernel/security" IMASECDIR="${SECURITYFSDIR}/ima" IMACONFIG="${NEWROOT}/etc/sysconfig/ima" load_x509_keys() { KEYRING_ID=$1 # override the default configuration if [ -f "${IMACONFIG}" ]; then # shellcheck disable=SC1090 . "${IMACONFIG}" fi if [ -z "${IMAKEYSDIR}" ]; then IMAKEYSDIR="/etc/keys/ima" fi for PUBKEY in "${NEWROOT}${IMAKEYSDIR}"/*; do # check for public key's existence if [ ! -f "${PUBKEY}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: IMA x509 cert file not found: ${PUBKEY}" fi continue fi # FIXME: X509ID unused? # shellcheck disable=SC2034 if ! X509ID=$(evmctl import "${PUBKEY}" "${KEYRING_ID}"); then info "integrity: IMA x509 cert not loaded on keyring: ${PUBKEY}" fi done if [ "${RD_DEBUG}" = "yes" ]; then keyctl show "${KEYRING_ID}" fi return 0 } # check kernel support for IMA if [ ! -e "${IMASECDIR}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: IMA kernel support is disabled" fi return 0 fi # get the IMA keyring id if line=$(keyctl describe %keyring:.ima); then _ima_id=${line%%:*} else _ima_id=$(keyctl search @u keyring _ima) if [ -z "${_ima_id}" ]; then _ima_id=$(keyctl newring _ima @u) fi fi # load the IMA public key(s) load_x509_keys "${_ima_id}" modules.d/98integrity/ima-policy-load.sh000075500000002042151054757360014167 0ustar00#!/usr/bin/sh # Licensed under the GPLv2 # # Copyright (C) 2011 Politecnico di Torino, Italy # TORSEC group -- http://security.polito.it # Roberto Sassu IMASECDIR="${SECURITYFSDIR}/ima" IMACONFIG="${NEWROOT}/etc/sysconfig/ima" IMAPOLICY="/etc/sysconfig/ima-policy" load_ima_policy() { # check kernel support for IMA if [ ! -e "${IMASECDIR}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: IMA kernel support is disabled" fi return 0 fi # override the default configuration # shellcheck disable=SC1090 [ -f "${IMACONFIG}" ] \ && . "${IMACONFIG}" # set the IMA policy path name IMAPOLICYPATH="${NEWROOT}${IMAPOLICY}" # check the existence of the IMA policy file [ -f "${IMAPOLICYPATH}" ] && { info "Loading the provided IMA custom policy" printf '%s' "${IMAPOLICYPATH}" > "${IMASECDIR}"/policy \ || cat "${IMAPOLICYPATH}" > "${IMASECDIR}"/policy } return 0 } load_ima_policy modules.d/98integrity/module-setup.sh000075500000000563151054757360013640 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { echo masterkey securityfs return 0 } # called by dracut install() { dracut_install evmctl keyctl ls inst_hook pre-pivot 61 "$moddir/evm-enable.sh" inst_hook pre-pivot 61 "$moddir/ima-keys-load.sh" inst_hook pre-pivot 62 "$moddir/ima-policy-load.sh" } modules.d/98pollcdrom/module-setup.sh000075500000000312151054757360013605 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { return 0 } # called by dracut install() { inst_hook initqueue/settled 99 "$moddir/pollcdrom.sh" } modules.d/98pollcdrom/pollcdrom.sh000075500000001201151054757360013153 0ustar00#!/usr/bin/sh # # Licensed under the GPLv2 # # Copyright 2008-2012, Red Hat, Inc. # Harald Hoyer if [ ! -e /sys/module/block/parameters/events_dfl_poll_msecs ]; then # if the kernel does not support autopolling # then we have to do a # dirty hack for some cdrom drives, # which report no medium for quiet # some time. for cdrom in /sys/block/sr*; do [ -e "$cdrom" ] || continue # skip, if cdrom medium was already found strstr "$(udevadm info --query=env --path="${cdrom##/sys}")" \ ID_CDROM_MEDIA && continue echo change > "$cdrom/uevent" done fi modules.d/98selinux/module-setup.sh000075500000000350151054757360013303 0ustar00#!/usr/bin/bash # called by dracut check() { return 255 } # called by dracut depends() { return 0 } # called by dracut install() { inst_hook pre-pivot 50 "$moddir/selinux-loadpolicy.sh" inst_multiple setenforce } modules.d/98selinux/selinux-loadpolicy.sh000075500000004343151054757360014512 0ustar00#!/usr/bin/sh # FIXME: load selinux policy. this should really be done after we switchroot rd_load_policy() { # If SELinux is disabled exit now getarg "selinux=0" > /dev/null && return 0 SELINUX="enforcing" # shellcheck disable=SC1090 [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config" # Check whether SELinux is in permissive mode permissive=0 if getarg "enforcing=0" > /dev/null || [ "$SELINUX" = "permissive" ]; then permissive=1 fi # Attempt to load SELinux Policy if [ -x "$NEWROOT/usr/sbin/load_policy" -o -x "$NEWROOT/sbin/load_policy" ]; then local ret=0 local out info "Loading SELinux policy" mount -o bind /sys "$NEWROOT"/sys # load_policy does mount /proc and /sys/fs/selinux in # libselinux,selinux_init_load_policy() if [ -x "$NEWROOT/sbin/load_policy" ]; then out=$(LANG=C chroot "$NEWROOT" /sbin/load_policy -i 2>&1) ret=$? info "$out" else out=$(LANG=C chroot "$NEWROOT" /usr/sbin/load_policy -i 2>&1) ret=$? info "$out" fi umount "$NEWROOT"/sys/fs/selinux umount "$NEWROOT"/sys if [ "$SELINUX" = "disabled" ]; then return 0 fi if [ $ret -eq 0 -o $ret -eq 2 ]; then # If machine requires a relabel, force to permissive mode [ -e "$NEWROOT"/.autorelabel ] && LANG=C /usr/sbin/setenforce 0 mount --rbind /dev "$NEWROOT/dev" LANG=C chroot "$NEWROOT" /sbin/restorecon -R /dev umount -R "$NEWROOT/dev" return 0 fi warn "Initial SELinux policy load failed." if [ $ret -eq 3 -o $permissive -eq 0 ]; then warn "Machine in enforcing mode." warn "Not continuing" emergency_shell -n selinux exit 1 fi return 0 elif [ $permissive -eq 0 -a "$SELINUX" != "disabled" ]; then warn "Machine in enforcing mode and cannot execute load_policy." warn "To disable selinux, add selinux=0 to the kernel command line." warn "Not continuing" emergency_shell -n selinux exit 1 fi } rd_load_policy modules.d/98syslog/README000064400000001501151054757360011031 0ustar00Syslog support for dracut This module provides syslog functionality in the initrd. This is especially interesting when complex configuration being used to provide access to the device the rootfs resides on. When this module is installed into the ramfs it is triggered by the udev event from the nic being setup (online). Then if syslog is configured it is started and will forward all kernel messages to the given syslog server. The syslog implementation is detected automatically by finding the appropriate binary with the following order: rsyslogd syslogd syslog-ng Then if detected the syslog.conf is generated and syslog is started. Bootparameters: syslogserver=ip Where to syslog to sysloglevel=level What level has to be logged syslogtype=rsyslog|syslog|syslogng Don't auto detect syslog but set it modules.d/98syslog/module-setup.sh000075500000002213151054757360013134 0ustar00#!/usr/bin/bash # called by dracut check() { # do not add this module by default return 255 } # called by dracut depends() { return 0 } # called by dracut install() { local _installs if find_binary rsyslogd > /dev/null; then _installs="rsyslogd" inst_libdir_file rsyslog/lmnet.so rsyslog/imklog.so rsyslog/imuxsock.so rsyslog/imjournal.so elif find_binary syslogd > /dev/null; then _installs="syslogd" elif find_binary syslog-ng > /dev/null; then _installs="syslog-ng" else derror "Could not find any syslog binary although the syslogmodule" \ "is selected to be installed. Please check." fi if [ -n "$_installs" ]; then inst_multiple cat $_installs inst_hook cmdline 90 "$moddir/parse-syslog-opts.sh" inst_hook cleanup 99 "$moddir/syslog-cleanup.sh" inst_hook initqueue/online 70 "$moddir/rsyslogd-start.sh" inst_simple "$moddir/rsyslogd-stop.sh" /sbin/rsyslogd-stop mkdir -m 0755 -p "${initdir}"/etc/templates inst_simple "${moddir}/rsyslog.conf" /etc/templates/rsyslog.conf fi dracut_need_initqueue } modules.d/98syslog/parse-syslog-opts.sh000075500000002213151054757360014124 0ustar00#!/usr/bin/sh # Parses the syslog commandline options # #Bootparameters: #syslogserver=ip Where to syslog to #sysloglevel=level What level has to be logged #syslogtype=rsyslog|syslog|syslogng # Don't auto detect syslog but set it type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh detect_syslog() { syslogtype="" if [ -e /sbin/rsyslogd ]; then syslogtype="rsyslogd" elif [ -e /sbin/syslogd ]; then syslogtype="syslogd" elif [ -e /sbin/syslog-ng ]; then syslogtype="syslog-ng" else warn "Could not find any syslog binary although the syslogmodule is selected to be installed. Please check." fi echo "$syslogtype" [ -n "$syslogtype" ] } syslogserver=$(getarg syslog.server -d syslog) syslogfilters=$(getargs syslog.filter -d filter) syslogtype=$(getarg syslog.type -d syslogtype) [ -n "$syslogserver" ] && echo "$syslogserver" > /tmp/syslog.server [ -n "$syslogfilters" ] && echo "$syslogfilters" > /tmp/syslog.filters if [ -n "$syslogtype" ]; then echo "$syslogtype" > /tmp/syslog.type else syslogtype=$(detect_syslog) echo "$syslogtype" > /tmp/syslog.type fi modules.d/98syslog/rsyslog.conf000064400000001464151054757360012532 0ustar00#rsyslog v3 config file # if you experience problems, check # http://www.rsyslog.com/troubleshoot for assistance #### MODULES #### $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability # Provides UDP syslog reception #$ModLoad imudp.so #$UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp.so #$InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on #### RULES #### modules.d/98syslog/rsyslogd-start.sh000075500000002352151054757360013516 0ustar00#!/usr/bin/sh # Triggered by initqueue/online and starts rsyslogd with bootparameters type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh # prevent starting again if already running if [ -f /var/run/syslogd.pid ]; then read -r pid < /var/run/syslogd.pid kill -0 "$pid" && exit 0 fi rsyslog_config() { local server=$1 shift local syslog_template=$1 shift local filters=$* local filter= cat "$syslog_template" ( # disable shell expansion / globbing # since filters contain such characters set -f for filter in $filters; do echo "${filter} @${server}" done ) #echo "*.* /tmp/syslog" } [ -f /tmp/syslog.type ] && read -r type < /tmp/syslog.type [ -f /tmp/syslog.server ] && read -r server < /tmp/syslog.server [ -f /tmp/syslog.filters ] && read -r filters < /tmp/syslog.filters [ -z "$filters" ] && filters="kern.*" [ -f /tmp/syslog.conf ] && read -r conf < /tmp/syslog.conf [ -z "$conf" ] && conf="/etc/rsyslog.conf" && echo "$conf" > /tmp/syslog.conf if [ "$type" = "rsyslogd" ]; then template=/etc/templates/rsyslog.conf if [ -n "$server" ]; then rsyslog_config "$server" "$template" "$filters" > $conf rsyslogd -c3 fi fi modules.d/98syslog/rsyslogd-stop.sh000075500000000454151054757360013347 0ustar00#!/usr/bin/sh type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh # Kills rsyslogd if [ -f /var/run/syslogd.pid ]; then read -r pid < /var/run/syslogd.pid kill "$pid" kill -0 "$pid" && kill -9 "$pid" else warn "rsyslogd-stop: Could not find a pid for rsyslogd. Won't kill it." fi modules.d/98syslog/syslog-cleanup.sh000075500000000643151054757360013463 0ustar00#!/usr/bin/sh # Just cleans up a previously started syslogd type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh if [ -f /tmp/syslog.server ]; then read -r syslogtype < /tmp/syslog.type if command -v "${syslogtype}-stop" > /dev/null; then "${syslogtype}"-stop else warn "syslog-cleanup: Could not find script to stop syslog of type \"$syslogtype\". Syslog will not be stopped." fi fi modules.d/98usrmount/module-setup.sh000075500000000451151054757360013512 0ustar00#!/usr/bin/bash # called by dracut check() { [[ $mount_needs ]] && return 1 return 0 } # called by dracut depends() { echo 'fs-lib' } # called by dracut install() { if ! dracut_module_included "systemd"; then inst_hook pre-pivot 50 "$moddir/mount-usr.sh" fi : } modules.d/98usrmount/mount-usr.sh000075500000006716151054757360013052 0ustar00#!/usr/bin/sh type info > /dev/null 2>&1 || . /lib/dracut-lib.sh type fsck_single > /dev/null 2>&1 || . /lib/fs-lib.sh filtersubvol() { local _oldifs _oldifs="$IFS" local IFS="," # shellcheck disable=SC2086 set -- $1 IFS="$_oldifs" while [ $# -gt 0 ]; do case $1 in 'subvol='*) : ;; *) printf '%s' "${1}," ;; esac shift done } fsck_usr() { local _dev=$1 local _fs=$2 local _fsopts=$3 local _fsckoptions if [ -f "$NEWROOT"/fsckoptions ]; then _fsckoptions=$(cat "$NEWROOT"/fsckoptions) fi if [ -f "$NEWROOT"/forcefsck ] || getargbool 0 forcefsck; then _fsckoptions="-f $_fsckoptions" elif [ -f "$NEWROOT"/.autofsck ]; then # shellcheck disable=SC1090 [ -f "$NEWROOT"/etc/sysconfig/autofsck ] && . "$NEWROOT"/etc/sysconfig/autofsck if [ "$AUTOFSCK_DEF_CHECK" = "yes" ]; then AUTOFSCK_OPT="$AUTOFSCK_OPT -f" fi if [ -n "$AUTOFSCK_SINGLEUSER" ]; then warn "*** Warning -- the system did not shut down cleanly. " warn "*** Dropping you to a shell; the system will continue" warn "*** when you leave the shell." emergency_shell fi _fsckoptions="$AUTOFSCK_OPT $_fsckoptions" fi fsck_single "$_dev" "$_fs" "$_fsopts" "$_fsckoptions" } mount_usr() { local _dev _mp _fs _opts _ _usr_found _ _freq _passno # check, if we have to mount the /usr filesystem while read -r _dev _mp _fs _opts _freq _passno || [ -n "$_dev" ]; do [ "${_dev%%#*}" != "$_dev" ] && continue if [ "$_mp" = "/usr" ]; then case "$_dev" in LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) _dev="$(label_uuid_to_dev "$_dev")" ;; *) ;; esac if strstr "$_opts" "subvol=" \ && [ "${root#block:}" -ef "$_dev" ] \ && [ -n "$rflags" ]; then # for btrfs subvolumes we have to mount /usr with the same rflags rflags=$(filtersubvol "$rflags") rflags=${rflags%%,} _opts="${_opts:+${_opts},}${rflags}" elif getargbool 0 ro; then # if "ro" is specified, we want /usr to be mounted read-only _opts="${_opts:+${_opts},}ro" elif getargbool 0 rw; then # if "rw" is specified, we want /usr to be mounted read-write _opts="${_opts:+${_opts},}rw" fi echo "$_dev ${NEWROOT}${_mp} $_fs ${_opts} $_freq $_passno" _usr_found="1" break fi done < "$NEWROOT/etc/fstab" >> /etc/fstab if [ "$_usr_found" != "" ]; then # we have to mount /usr _fsck_ret=0 if ! getargbool 0 rd.skipfsck; then if [ "0" != "${_passno:-0}" ]; then fsck_usr "$_dev" "$_fs" "$_opts" _fsck_ret=$? [ $_fsck_ret -ne 255 ] && echo $_fsck_ret > /run/initramfs/usr-fsck fi fi info "Mounting /usr with -o $_opts" mount "$NEWROOT/usr" 2>&1 | vinfo if ! ismounted "$NEWROOT/usr"; then warn "Mounting /usr to $NEWROOT/usr failed" warn "*** Dropping you to a shell; the system will continue" warn "*** when you leave the shell." emergency_shell fi fi } if [ -f "$NEWROOT/etc/fstab" ]; then mount_usr fi modules.d/99base/dracut-dev-lib.sh000075500000007745151054757360012725 0ustar00#!/usr/bin/sh # replaces all occurrences of 'search' in 'str' with 'replacement' # # str_replace str search replacement # # example: # str_replace ' one two three ' ' ' '_' str_replace() { local in="$1" local s="$2" local r="$3" local out='' while [ "${in##*"$s"*}" != "$in" ]; do chop="${in%%"$s"*}" out="${out}${chop}$r" in="${in#*"$s"}" done echo "${out}${in}" } # get a systemd-compatible unit name from a path # (mimicks unit_name_from_path_instance()) dev_unit_name() { local dev="$1" if command -v systemd-escape > /dev/null; then systemd-escape -p -- "$dev" return $? fi if [ "$dev" = "/" -o -z "$dev" ]; then printf -- "-" return 0 fi dev="${1%%/}" dev="${dev##/}" # shellcheck disable=SC1003 dev="$(str_replace "$dev" '\' '\x5c')" dev="$(str_replace "$dev" '-' '\x2d')" if [ "${dev##.}" != "$dev" ]; then dev="\x2e${dev##.}" fi dev="$(str_replace "$dev" '/' '-')" printf -- "%s" "$dev" } # set_systemd_timeout_for_dev [-n] [] # Set 'rd.timeout' as the systemd timeout for set_systemd_timeout_for_dev() { local _name local _needreload local _noreload local _timeout [ -z "$DRACUT_SYSTEMD" ] && return 0 if [ "$1" = "-n" ]; then _noreload=1 shift fi if [ -n "$2" ]; then _timeout="$2" else _timeout=$(getarg rd.timeout) fi _timeout=${_timeout:-0} _name=$(dev_unit_name "$1") if ! [ -L "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device" ]; then [ -d "${PREFIX}"/etc/systemd/system/initrd.target.wants ] || mkdir -p "${PREFIX}"/etc/systemd/system/initrd.target.wants ln -s ../"${_name}".device "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device" type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/initrd.target.wants/"${_name}".device _needreload=1 fi if ! [ -f "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf" ]; then mkdir -p "${PREFIX}/etc/systemd/system/${_name}.device.d" { echo "[Unit]" echo "JobTimeoutSec=$_timeout" echo "JobRunningTimeoutSec=$_timeout" } > "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf" type mark_hostonly > /dev/null 2>&1 && mark_hostonly /etc/systemd/system/"${_name}".device.d/timeout.conf _needreload=1 fi if [ -z "$PREFIX" ] && [ "$_needreload" = 1 ] && [ -z "$_noreload" ]; then /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload fi } # wait_for_dev [] # # Installs a initqueue-finished script, # which will cause the main loop only to exit, # if the device is recognized by the system. wait_for_dev() { local _name local _noreload if [ "$1" = "-n" ]; then _noreload=-n shift fi _name="$(str_replace "$1" '/' '\x2f')" type mark_hostonly > /dev/null 2>&1 && mark_hostonly "$hookdir/initqueue/finished/devexists-${_name}.sh" [ -e "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh" ] && return 0 printf '[ -e "%s" ]\n' "$1" \ >> "${PREFIX}$hookdir/initqueue/finished/devexists-${_name}.sh" { printf '[ -e "%s" ] || ' "$1" printf 'warn "\"%s\" does not exist"\n' "$1" } >> "${PREFIX}$hookdir/emergency/80-${_name}.sh" set_systemd_timeout_for_dev $_noreload "$@" } cancel_wait_for_dev() { local _name _name="$(str_replace "$1" '/' '\x2f')" rm -f -- "$hookdir/initqueue/finished/devexists-${_name}.sh" rm -f -- "$hookdir/emergency/80-${_name}.sh" if [ -n "$DRACUT_SYSTEMD" ]; then _name=$(dev_unit_name "$1") rm -f -- "${PREFIX}/etc/systemd/system/initrd.target.wants/${_name}.device" rm -f -- "${PREFIX}/etc/systemd/system/${_name}.device.d/timeout.conf" /sbin/initqueue --onetime --unique --name daemon-reload systemctl daemon-reload fi } modules.d/99base/dracut-lib.sh000075500000070271151054757360012143 0ustar00#!/usr/bin/sh type wait_for_dev > /dev/null 2>&1 || . /lib/dracut-dev-lib.sh export DRACUT_SYSTEMD export NEWROOT if [ -n "$NEWROOT" ]; then [ -d "$NEWROOT" ] || mkdir -p -m 0755 "$NEWROOT" fi # shellcheck disable=SC2153 if [ -z "$PREFIX" ]; then if ! [ -d /run/initramfs ]; then mkdir -p -m 0755 /run/initramfs/log ln -sfn /run/initramfs/log /var/log fi [ -d /run/lock ] || mkdir -p -m 0755 /run/lock [ -d /run/log ] || mkdir -p -m 0755 /run/log fi debug_off() { set +x } debug_on() { [ "$RD_DEBUG" = "yes" ] && set -x } # returns OK if $1 contains literal string $2 (and isn't empty) strstr() { [ "${1##*"$2"*}" != "$1" ] } # returns OK if $1 matches (completely) glob pattern $2 # An empty $1 will not be considered matched, even if $2 is * which technically # matches; as it would match anything, it's not an interesting case. strglob() { [ -n "$1" -a -z "${1##$2}" ] } # returns OK if $1 contains (anywhere) a match of glob pattern $2 # An empty $1 will not be considered matched, even if $2 is * which technically # matches; as it would match anything, it's not an interesting case. strglobin() { [ -n "$1" -a -z "${1##*$2*}" ] } # returns OK if $1 contains literal string $2 at the beginning, and isn't empty str_starts() { [ "${1#"$2"*}" != "$1" ] } # returns OK if $1 contains literal string $2 at the end, and isn't empty str_ends() { [ "${1%*"$2"}" != "$1" ] } trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters printf "%s" "$var" } if [ -z "$DRACUT_SYSTEMD" ]; then warn() { check_quiet echo "<28>dracut Warning: $*" > /dev/kmsg echo "dracut Warning: $*" >&2 } info() { check_quiet echo "<30>dracut: $*" > /dev/kmsg if [ "$DRACUT_QUIET" != "yes" ]; then echo "dracut: $*" >&2 fi } else warn() { echo "Warning: $*" >&2 } info() { echo "$*" } fi vwarn() { while read -r line || [ -n "$line" ]; do warn "$line" done } vinfo() { while read -r line || [ -n "$line" ]; do info "$line" done } # replaces all occurrences of 'search' in 'str' with 'replacement' # # str_replace str search replacement # # example: # str_replace ' one two three ' ' ' '_' str_replace() { local in="$1" local s="$2" local r="$3" local out='' while strstr "${in}" "$s"; do chop="${in%%"$s"*}" out="${out}${chop}$r" in="${in#*"$s"}" done echo "${out}${in}" } killall_proc_mountpoint() { local _pid local _killed=0 for _pid in /proc/*; do _pid=${_pid##/proc/} case $_pid in *[!0-9]*) continue ;; esac [ -e "/proc/$_pid/exe" ] || continue [ -e "/proc/$_pid/root" ] || continue if strstr "$(ls -l -- "/proc/$_pid" "/proc/$_pid/fd" 2> /dev/null)" "$1"; then kill -9 "$_pid" _killed=1 fi done return $_killed } getcmdline() { local _line local _i local CMDLINE_ETC_D local CMDLINE_ETC local CMDLINE_PROC unset _line if [ -e /etc/cmdline ]; then while read -r _line || [ -n "$_line" ]; do CMDLINE_ETC="$CMDLINE_ETC $_line" done < /etc/cmdline fi for _i in /etc/cmdline.d/*.conf; do [ -e "$_i" ] || continue while read -r _line || [ -n "$_line" ]; do CMDLINE_ETC_D="$CMDLINE_ETC_D $_line" done < "$_i" done if [ -e /proc/cmdline ]; then while read -r _line || [ -n "$_line" ]; do CMDLINE_PROC="$CMDLINE_PROC $_line" done < /proc/cmdline fi CMDLINE="$CMDLINE_ETC_D $CMDLINE_ETC $CMDLINE_PROC" printf "%s" "$CMDLINE" } getarg() { debug_off local _deprecated _newoption CMDLINE=$(getcmdline) export CMDLINE while [ $# -gt 0 ]; do case $1 in -d) _deprecated=1 shift ;; -y) if dracut-getarg "$2" > /dev/null; then if [ "$_deprecated" = "1" ]; then if [ -n "$_newoption" ]; then warn "Kernel command line option '$2' is deprecated, use '$_newoption' instead." else warn "Option '$2' is deprecated." fi fi echo 1 debug_on return 0 fi _deprecated=0 shift 2 ;; -n) if dracut-getarg "$2" > /dev/null; then echo 0 if [ "$_deprecated" = "1" ]; then if [ -n "$_newoption" ]; then warn "Kernel command line option '$2' is deprecated, use '$_newoption=0' instead." else warn "Option '$2' is deprecated." fi fi debug_on return 1 fi _deprecated=0 shift 2 ;; *) if [ -z "$_newoption" ]; then _newoption="$1" fi if dracut-getarg "$1"; then if [ "$_deprecated" = "1" ]; then if [ -n "$_newoption" ]; then warn "Kernel command line option '$1' is deprecated, use '$_newoption' instead." else warn "Option '$1' is deprecated." fi fi debug_on return 0 fi _deprecated=0 shift ;; esac done debug_on return 1 } # getargbool # False if "getarg " returns "0", "no", or "off". # True if getarg returns any other non-empty string. # If not found, assumes - usually 0 for false, 1 for true. # example: getargbool 0 rd.info # true: rd.info, rd.info=1, rd.info=xxx # false: rd.info=0, rd.info=off, rd.info not present (default val is 0) getargbool() { local _b unset _b local _default _default="$1" shift _b=$(getarg "$@") || _b=${_b:-"$_default"} if [ -n "$_b" ]; then [ "$_b" = "0" ] && return 1 [ "$_b" = "no" ] && return 1 [ "$_b" = "off" ] && return 1 fi return 0 } isdigit() { case "$1" in *[!0-9]* | "") return 1 ;; esac return 0 } # getargnum # Will echo the arg if it's in range [minval - maxval]. # If it's not set or it's not valid, will set it . # Note all values are required to be >= 0 here. # should be with [minval -maxval]. getargnum() { local _b unset _b local _default _min _max _default="$1" shift _min="$1" shift _max="$1" shift _b=$(getarg "$1") || _b=${_b:-"$_default"} if [ -n "$_b" ]; then isdigit "$_b" && _b=$((_b)) \ && [ $_b -ge "$_min" ] && [ $_b -le "$_max" ] && echo $_b && return fi echo "$_default" } getargs() { debug_off CMDLINE=$(getcmdline) export CMDLINE local _val _i _gfound _deprecated unset _val unset _gfound _newoption="$1" for _i in "$@"; do if [ "$_i" = "-d" ]; then _deprecated=1 continue fi if _val="$(dracut-getargs "$_i")"; then if [ "$_deprecated" = "1" ]; then if [ -n "$_newoption" ]; then warn "Option '$_i' is deprecated, use '$_newoption' instead." else warn "Option $_i is deprecated!" fi fi if [ -n "$_val" ]; then printf '%s\n' "$_val" fi _gfound=1 fi _deprecated=0 done if [ -n "$_gfound" ]; then debug_on return 0 fi debug_on return 1 } # Prints value of given option. If option is a flag and it's present, # it just returns 0. Otherwise 1 is returned. # $1 = options separated by commas # $2 = option we are interested in # # Example: # $1 = cipher=aes-cbc-essiv:sha256,hash=sha256,verify # $2 = hash # Output: # sha256 getoptcomma() { local line=",$1," local opt="$2" local tmp case "${line}" in *,${opt}=*,*) tmp="${line#*,${opt}=}" echo "${tmp%%,*}" return 0 ;; *,${opt},*) return 0 ;; esac return 1 } # Splits given string 'str' with separator 'sep' into variables 'var1', 'var2', # 'varN'. If number of fields is less than number of variables, remaining are # not set. If number of fields is greater than number of variables, the last # variable takes remaining fields. In short - it acts similary to 'read'. # # splitsep sep str var1 var2 varN # # example: # splitsep ':' 'foo:bar:baz' v1 v2 # in result: # v1='foo', v2='bar:baz' # # TODO: ':' inside fields. splitsep() { debug_off local sep="$1" local str="$2" shift 2 local tmp while [ -n "$str" -a "$#" -gt 1 ]; do tmp="${str%%$sep*}" eval "$1='${tmp}'" str="${str#"$tmp"}" str="${str#$sep}" shift done [ -n "$str" -a -n "$1" ] && eval "$1='$str'" debug_on return 0 } setdebug() { [ -f /usr/lib/initrd-release ] || return if [ -z "$RD_DEBUG" ]; then if [ -e /proc/cmdline ]; then RD_DEBUG=no if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then RD_DEBUG=yes [ -n "$BASH" ] \ && export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]-}): ' fi fi export RD_DEBUG fi debug_on } setdebug source_all() { local f local _dir _dir=$1 shift [ "$_dir" ] && [ -d "/$_dir" ] || return for f in "/$_dir"/*.sh; do if [ -e "$f" ]; then # shellcheck disable=SC1090 # shellcheck disable=SC2240 . "$f" "$@" fi done } hookdir=/lib/dracut/hooks export hookdir source_hook() { local _dir _dir=$1 shift source_all "/lib/dracut/hooks/$_dir" "$@" } check_finished() { local f for f in "$hookdir"/initqueue/finished/*.sh; do [ "$f" = "$hookdir/initqueue/finished/*.sh" ] && return 0 # shellcheck disable=SC1090 { [ -e "$f" ] && (. "$f"); } || return 1 done return 0 } source_conf() { local f [ "$1" ] && [ -d "/$1" ] || return # shellcheck disable=SC1090 for f in "/$1"/*.conf; do [ -e "$f" ] && . "$f"; done } die() { { echo "<24>dracut: FATAL: $*" echo "<24>dracut: Refusing to continue" } > /dev/kmsg { echo "warn dracut: FATAL: \"$*\"" echo "warn dracut: Refusing to continue" } >> $hookdir/emergency/01-die.sh [ -d /run/initramfs ] || mkdir -p -- /run/initramfs : > /run/initramfs/.die if getargbool 0 "rd.shell"; then emergency_shell else source_hook "shutdown-emergency" fi if [ -n "$DRACUT_SYSTEMD" ]; then systemctl --no-block --force halt fi exit 1 } check_quiet() { if [ -z "$DRACUT_QUIET" ]; then DRACUT_QUIET="yes" getargbool 0 rd.info -d -y rdinfo && DRACUT_QUIET="no" getargbool 0 rd.debug -d -y rdinitdebug && DRACUT_QUIET="no" getarg quiet || DRACUT_QUIET="yes" a=$(getarg loglevel=) [ -n "$a" ] && [ "$a" -ge 28 ] && DRACUT_QUIET="yes" export DRACUT_QUIET fi } check_occurances() { # Count the number of times the character $ch occurs in $str # Return 0 if the count matches the expected number, 1 otherwise local str="$1" local ch="$2" local expected="$3" local count=0 while [ "${str#*$ch}" != "${str}" ]; do str="${str#*$ch}" count=$((count + 1)) done [ $count -eq "$expected" ] } incol2() { debug_off local check local file="$1" local str="$2" [ -z "$file" ] && return 1 [ -z "$str" ] && return 1 while read -r _ check _ || [ -n "$check" ]; do if [ "$check" = "$str" ]; then debug_on return 0 fi done < "$file" debug_on return 1 } udevsettle() { # shellcheck disable=SC2086 udevadm settle --exit-if-exists=$hookdir/initqueue/work $settle_exit_if_exists } udevproperty() { for i in "$@"; do udevadm control --property="$i" done } find_mount() { local dev wanted_dev wanted_dev="$(readlink -e -q "$1")" while read -r dev _ || [ -n "$dev" ]; do [ "$dev" = "$wanted_dev" ] && echo "$dev" && return 0 done < /proc/mounts return 1 } # usage: ismounted # usage: ismounted /dev/ if command -v findmnt > /dev/null; then ismounted() { findmnt "$1" > /dev/null 2>&1 } else ismounted() { if [ -b "$1" ]; then find_mount "$1" > /dev/null && return 0 return 1 fi while read -r _ m _ || [ -n "$m" ]; do [ "$m" = "$1" ] && return 0 done < /proc/mounts return 1 } fi # Create udev rule match for a device with its device name, or the udev property # ID_FS_UUID or ID_FS_LABEL # # example: # udevmatch LABEL=boot # prints: # ENV{ID_FS_LABEL}="boot" # # TODO: symlinks udevmatch() { case "$1" in UUID=????????-????-????-????-???????????? | LABEL=* | PARTLABEL=* | PARTUUID=????????-????-????-????-????????????) printf 'ENV{ID_FS_%s}=="%s"' "${1%%=*}" "${1#*=}" ;; UUID=*) printf 'ENV{ID_FS_UUID}=="%s*"' "${1#*=}" ;; PARTUUID=*) printf 'ENV{ID_FS_PARTUUID}=="%s*"' "${1#*=}" ;; /dev/?*) printf -- 'KERNEL=="%s"' "${1#/dev/}" ;; *) return 255 ;; esac } label_uuid_to_dev() { local _dev _dev="${1#block:}" case "$_dev" in LABEL=*) echo "/dev/disk/by-label/$(echo "${_dev#LABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')" ;; PARTLABEL=*) echo "/dev/disk/by-partlabel/$(echo "${_dev#PARTLABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')" ;; UUID=*) echo "/dev/disk/by-uuid/${_dev#UUID=}" ;; PARTUUID=*) echo "/dev/disk/by-partuuid/${_dev#PARTUUID=}" ;; *) echo "$_dev" ;; esac } # Prints unique path for potential file inside specified directory. It consists # of specified directory, prefix and number at the end which is incremented # until non-existing file is found. # # funiq dir prefix # # example: # # ls /mnt # cdrom0 cdrom1 # # # funiq /mnt cdrom # /mnt/cdrom2 funiq() { local dir="$1" local prefix="$2" local i=0 [ -d "${dir}" ] || return 1 while [ -e "${dir}/${prefix}$i" ]; do i=$((i + 1)) || return 1 done echo "${dir}/${prefix}$i" } # Creates unique directory and prints its path. It's using funiq to generate # path. # # mkuniqdir subdir new_dir_name mkuniqdir() { local dir="$1" local prefix="$2" local retdir local retdir_new [ -d "${dir}" ] || mkdir -m 0755 -p "${dir}" || return 1 retdir=$(funiq "${dir}" "${prefix}") || return 1 until mkdir -m 0755 "${retdir}" 2> /dev/null; do retdir_new=$(funiq "${dir}" "${prefix}") || return 1 [ "$retdir_new" = "$retdir" ] && return 1 retdir="$retdir_new" done echo "${retdir}" } # Copy the contents of SRC into DEST, merging the contents of existing # directories (kinda like rsync, or cpio -p). # Creates DEST if it doesn't exist. Overwrites files with the same names. # # copytree SRC DEST copytree() { local src="$1" dest="$2" [ -d "$src" ] || return 1 mkdir -p "$dest" || return 1 dest=$(readlink -e -q "$dest") || return 1 ( cd "$src" || exit 1 cp -af . -t "$dest" ) } # Evaluates command for UUIDs either given as arguments for this function or all # listed in /dev/disk/by-uuid. UUIDs doesn't have to be fully specified. If # beginning is given it is expanded to all matching UUIDs. To pass full UUID to # your command use '$___' as a place holder. Remember to escape '$'! # # foreach_uuid_until [ -p prefix ] command UUIDs # # prefix - string to put just before $___ # command - command to be evaluated # UUIDs - list of UUIDs separated by space # # The function returns after *first successful evaluation* of the given command # with status 0. If evaluation fails for every UUID function returns with # status 1. # # Example: # foreach_uuid_until "mount -U \$___ /mnt; echo OK; umount /mnt" \ # "01234 f512 a235567f-12a3-c123-a1b1-01234567abcb" foreach_uuid_until() ( cd /dev/disk/by-uuid || return 1 [ "$1" = -p ] && local prefix="$2" && shift 2 local cmd="$1" shift local uuids_list="$*" local uuid local full_uuid local ___ [ -n "${cmd}" ] || return 1 for uuid in ${uuids_list:-*}; do for full_uuid in "${uuid}"*; do [ -e "${full_uuid}" ] || continue # shellcheck disable=SC2034 ___="${prefix}${full_uuid}" eval "${cmd}" && return 0 done done return 1 ) # Get kernel name for given device. Device may be the name too (then the same # is returned), a symlink (full path), UUID (prefixed with "UUID=") or label # (prefixed with "LABEL="). If just a beginning of the UUID is specified or # even an empty, function prints all device names which UUIDs match - every in # single line. # # NOTICE: The name starts with "/dev/". # # Example: # devnames UUID=123 # May print: # /dev/dm-1 # /dev/sdb1 # /dev/sdf3 devnames() { local dev="$1" local d local names case "$dev" in UUID=*) # shellcheck disable=SC2016 dev="$(foreach_uuid_until '! blkid -U $___' "${dev#UUID=}")" \ && return 255 [ -z "$dev" ] && return 255 ;; LABEL=*) dev="$(blkid -L "${dev#LABEL=}")" || return 255 ;; /dev/?*) ;; *) return 255 ;; esac for d in $dev; do names="$names $(readlink -e -q "$d")" || return 255 done echo "${names# }" } usable_root() { local _i [ -d "$1" ] || return 1 for _i in "$1"/usr/lib*/ld-*.so "$1"/lib*/ld-*.so; do [ -e "$_i" ] && return 0 done for _i in proc sys dev; do [ -e "$1"/$_i ] || return 1 done return 0 } inst_hook() { local _hookname _unique _name _job _exe while [ $# -gt 0 ]; do case "$1" in --hook) _hookname="/$2" shift ;; --unique) _unique="yes" ;; --name) _name="$2" shift ;; *) break ;; esac shift done if [ -z "$_unique" ]; then _job="${_name}$$" else _job="${_name:-$1}" _job=${_job##*/} fi _exe=$1 shift [ -x "$_exe" ] || _exe=$(command -v "$_exe") if [ -n "$onetime" ]; then { # shellcheck disable=SC2016 echo '[ -e "$_job" ] && rm -f -- "$_job"' echo "$_exe $*" } > "/tmp/$$-${_job}.sh" else echo "$_exe $*" > "/tmp/$$-${_job}.sh" fi mv -f "/tmp/$$-${_job}.sh" "$hookdir/${_hookname}/${_job}.sh" } # inst_mount_hook