Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dracut for openSUSE:Factory checked in at 2026-05-13 17:19:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dracut (Old) and /work/SRC/openSUSE:Factory/.dracut.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dracut" Wed May 13 17:19:00 2026 rev:259 rq:1352771 version:110+suse.31.ga81148a Changes: -------- --- /work/SRC/openSUSE:Factory/dracut/dracut.changes 2026-05-08 16:42:28.861971772 +0200 +++ /work/SRC/openSUSE:Factory/.dracut.new.1966/dracut.changes 2026-05-13 17:20:02.981070481 +0200 @@ -1,0 +2,9 @@ +Tue May 12 13:59:10 UTC 2026 - [email protected] + +- Update to version 110+suse.31.ga81148a: + + Support NTP configuration for airgapped scenarios (jsc#PED-16110): + * feat(chrony): introducing the chrony module + * feat(network-manager): write info about NTP servers in dhcpopts file + +------------------------------------------------------------------- Old: ---- dracut-110+suse.29.g16072cee.tar.xz New: ---- dracut-110+suse.31.ga81148a.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dracut.spec ++++++ --- /var/tmp/diff_new_pack.jksXoG/_old 2026-05-13 17:20:04.581136817 +0200 +++ /var/tmp/diff_new_pack.jksXoG/_new 2026-05-13 17:20:04.589137148 +0200 @@ -1,7 +1,7 @@ # # spec file for package dracut # -# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif Name: dracut -Version: 110+suse.29.g16072cee +Version: 110+suse.31.ga81148a Release: 0 Summary: Event driven initramfs infrastructure License: GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later @@ -442,6 +442,7 @@ %ifarch s390 s390x %{dracutlibdir}/modules.d/73zipl %endif +%{dracutlibdir}/modules.d/74chrony %{dracutlibdir}/modules.d/74cifs %ifarch s390 s390x %{dracutlibdir}/modules.d/74dcssblk ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jksXoG/_old 2026-05-13 17:20:04.757144113 +0200 +++ /var/tmp/diff_new_pack.jksXoG/_new 2026-05-13 17:20:04.765144445 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/opensuse/dracut-ng.git</param> - <param name="changesrevision">16072cee22ea9fbab6656e786712803928b43b7b</param></service></servicedata> + <param name="changesrevision">a81148a387dd868462599746dc106d42ab8e1a89</param></service></servicedata> (No newline at EOF) ++++++ dracut-110+suse.29.g16072cee.tar.xz -> dracut-110+suse.31.ga81148a.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/.github/labeler.yml new/dracut-110+suse.31.ga81148a/.github/labeler.yml --- old/dracut-110+suse.29.g16072cee/.github/labeler.yml 2026-05-07 08:40:48.000000000 +0200 +++ new/dracut-110+suse.31.ga81148a/.github/labeler.yml 2026-05-12 15:56:32.000000000 +0200 @@ -411,6 +411,10 @@ - changed-files: - any-glob-to-any-file: 'modules.d/[0-9][0-9]zipl/*' +chrony: + - changed-files: + - any-glob-to-any-file: 'modules.d/[0-9][0-9]chrony/*' + cifs: - changed-files: - any-glob-to-any-file: 'modules.d/[0-9][0-9]cifs/*' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/doc_site/modules/ROOT/pages/modules/network.adoc new/dracut-110+suse.31.ga81148a/doc_site/modules/ROOT/pages/modules/network.adoc --- old/dracut-110+suse.29.g16072cee/doc_site/modules/ROOT/pages/modules/network.adoc 2026-05-07 08:40:48.000000000 +0200 +++ new/dracut-110+suse.31.ga81148a/doc_site/modules/ROOT/pages/modules/network.adoc 2026-05-12 15:56:32.000000000 +0200 @@ -6,6 +6,9 @@ |=== | Module | Description +| chrony +| Adds support for synchronizing the internal clock via Network Time Protocol (NTP) + | cifs | https://docs.kernel.org/admin-guide/cifs/index.html[CIFS], https://repology.org/project/cifs-utils[cifs-utils] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/man/dracut.cmdline.7.adoc new/dracut-110+suse.31.ga81148a/man/dracut.cmdline.7.adoc --- old/dracut-110+suse.29.g16072cee/man/dracut.cmdline.7.adoc 2026-05-07 08:40:48.000000000 +0200 +++ new/dracut-110+suse.31.ga81148a/man/dracut.cmdline.7.adoc 2026-05-12 15:56:32.000000000 +0200 @@ -729,6 +729,27 @@ list of physical (ethernet) interfaces. Bridge without parameters assumes bridge=br0:eth0 +NTP +~~~ +Requires the dracut 'chrony' module. + +**rd.ntp=**__{server|pool|peer}__:__<hostname-or-ip>__[:__<option>__[,<option>...]]:: + This parameter can be specified multiple times. + IPv6 addresses have to be put in brackets. + See man:chrony.conf[5,external] for more information about server, pool and + peer options. ++ +[listing] +.Examples +-- + rd.ntp=pool:2.europe.pool.ntp.org:iburst + rd.ntp=server:185.177.150.95:iburst,prefer + rd.ntp=server:[2600:1f18:631e:db00:363d:d9d7:5c80:d560]:iburst,maxdelay,0.3 +-- + +**rd.ntp.nodhcp**:: + Disable using NTP sources from DHCP. + NFS ~~~ Requires the dracut 'nfs' module. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/35network-manager/nm-run.sh new/dracut-110+suse.31.ga81148a/modules.d/35network-manager/nm-run.sh --- old/dracut-110+suse.29.g16072cee/modules.d/35network-manager/nm-run.sh 2026-05-07 08:40:48.000000000 +0200 +++ new/dracut-110+suse.31.ga81148a/modules.d/35network-manager/nm-run.sh 2026-05-12 15:56:32.000000000 +0200 @@ -53,6 +53,8 @@ kf_parse root-path new_root_path < "$1" kf_parse next-server new_next_server < "$1" kf_parse dhcp-bootfile filename < "$1" + kf_parse dhcp4.ntp_servers new_ntp_servers < "$1" + kf_parse dhcp6.ntp_servers new_dhcp6_ntp_servers < "$1" } for _i in /sys/class/net/*; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony-ntp-source.sh new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony-ntp-source.sh --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony-ntp-source.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony-ntp-source.sh 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,32 @@ +#!/bin/sh + +command -v getargbool > /dev/null || . /lib/dracut-lib.sh + +if getargbool 0 rd.ntp.nodhcp; then + info "rd.ntp.nodhcp=1: not adding NTP sources from DHCP." + return 0 +fi + +_ifname=$1 +[ -n "$_ifname" ] || return 0 + +_dhcpopts_file="/tmp/dhclient.$_ifname.dhcpopts" +[ -s "$_dhcpopts_file" ] || return 0 + +( + # shellcheck disable=SC1090 + . "$_dhcpopts_file" + [ -n "$new_ntp_servers" ] || [ -n "$new_dhcp6_ntp_servers" ] || return 0 + + info "Adding NTP sources from DHCP ($_ifname)." + + [ -d /run/chrony-dhcp ] || mkdir -p /run/chrony-dhcp + for _srv in $new_ntp_servers $new_dhcp6_ntp_servers; do + echo "server $_srv iburst" >> "/run/chrony-dhcp/$_ifname.sources" + done + + chronyc reload sources > /dev/null 2>&1 \ + || warn "chronyc failed to reload NTP sources" +) + +unset _ifname _dhcpopts_file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony-wait.service new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony-wait.service --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony-wait.service 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony-wait.service 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,44 @@ +[Unit] +Description=Wait for chrony to synchronize system clock (initrd) +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +After=chronyd.service +Requires=chronyd.service +Before=time-sync.target +Wants=time-sync.target + +[Service] +Type=oneshot +# Wait for chronyd to update the clock and the remaining +# correction to be less than 0.1 seconds +ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 0 0.1 0.0 1 +# Wait for at most 3 minutes +TimeoutStartSec=180 +RemainAfterExit=yes +StandardOutput=null + +CapabilityBoundingSet= +DevicePolicy=closed +DynamicUser=yes +IPAddressAllow=localhost +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +PrivateDevices=yes +PrivateUsers=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0777 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony.conf new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony.conf --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chrony.conf 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chrony.conf 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,24 @@ +# This file is part of dracut chrony module. +# SPDX-License-Identifier: GPL-2.0-or-later + +# Record the rate at which the system clock gains/losses time. +driftfile /run/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Save NTS keys and cookies. +ntsdumpdir /run/chrony + +# Specify directory for log files. +logdir /run/chrony/log + +# First, use NTP sources parsed by dracut from the kernel command line. +sourcedir /run/chrony/dracut.sources.d + +# Second, use NTP sources from DHCP. +sourcedir /run/chrony-dhcp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chronyd.service new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chronyd.service --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/chronyd.service 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/chronyd.service 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,46 @@ +[Unit] +Description=NTP client/server (initrd) +AssertPathExists=/etc/initrd-release +DefaultDependencies=no +After=dracut-cmdline.service network.target nss-lookup.target +Before=time-sync.target +Conflicts=ntpd.service systemd-timesyncd.service +Wants=network.target time-sync.target +ConditionCapability=CAP_SYS_TIME + +[Service] +Type=notify +PIDFile=/run/chrony/chronyd.pid +Environment="OPTIONS=" +EnvironmentFile=-/etc/sysconfig/chronyd +# The default location for chrony.conf can be set at build with the +# --sysconfdir configuration option, so force /etc/chrony.conf with -f +ExecStart=/usr/sbin/chronyd -f /etc/chrony.conf -n $OPTIONS + +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_MKNOD CAP_SYS_ADMIN +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_SYS_PTRACE CAP_SYS_RAWIO CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM +DeviceAllow=char-pps rw +DeviceAllow=char-ptp rw +DeviceAllow=char-rtc rw +DevicePolicy=closed +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +ReadWritePaths=/run +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictNamespaces=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @swap diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/module-setup.sh new/dracut-110+suse.31.ga81148a/modules.d/74chrony/module-setup.sh --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/module-setup.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/module-setup.sh 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,75 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later + +check() { + require_binaries \ + chronyd \ + || return 1 + + return 255 +} + +depends() { + echo systemd network + return 0 +} + +install() { + # openSUSE/Fedora: chrony + # Ubuntu: _chrony + grep -s -E '^(_chrony|chrony):' "${dracutsysrootdir-}"/etc/passwd \ + | sed 's/\/var\/lib\/chrony/\/run\/chrony/' >> "$initdir/etc/passwd" + grep -s -E '^(_chrony|chrony):' "${dracutsysrootdir-}"/etc/group >> "$initdir/etc/group" + + inst_hook cmdline 01 "$moddir/parse-ntp.sh" + inst_hook initqueue/online 01 "$moddir/chrony-ntp-source.sh" + + inst_multiple -o \ + "$systemdntpunits"/50-chronyd.list \ + "$systemdsystemunitdir"/time-sync.target \ + chronyd chronyc mkdir chown + + inst_simple "$moddir/chrony.conf" /etc/chrony.conf + + for i in \ + chronyd.service \ + chrony-wait.service; do + inst_simple "$moddir/$i" "$systemdsystemunitdir/$i" + $SYSTEMCTL -q --root "$initdir" add-wants initrd.target "$i" + done + + if [[ $hostonly ]]; then + local _i _directives _keyfile _source_dirs=() + + # Install the file pointed by the "keyfile" directive, used for NTP + # authentication. This directive is intended to be unique, chrony would + # end up using the last one processed. + readarray -t _directives < <(grep -r -h '^keyfile ' "${dracutsysrootdir-}"/etc/chrony*) + if ((${#_directives[@]})); then + printf "\n# Specify file containing keys for NTP authentication.\n%s\n" "${_directives[-1]}" >> "$initdir/etc/chrony.conf" + _keyfile="${_directives[-1]/#keyfile /}" + fi + + # chrony allows to configure directories with .sources files using the + # "sourcedir" directive, used to specify NTP sources (server, pool, and + # peer directives). + readarray -t _directives < <(grep -r -h '^sourcedir /etc' "${dracutsysrootdir-}"/etc/chrony*) + if ((${#_directives[@]})); then + printf "\n# Use NTP sources configured on the host.\n" >> "$initdir/etc/chrony.conf" + for _i in "${_directives[@]}"; do + echo "$_i" >> "$initdir/etc/chrony.conf" + _source_dirs+=("$(echo "$_i" | sed -e 's/sourcedir //' -e 's/$/\/*.sources/')") + done + fi + + # We do not want to include /etc/chrony.conf or ".conf" files specified + # with "include" or "confdir" directives from the host, because they + # can override "driftfile", "ntsdumpdir" or "logdir" directives, + # intended to point to /run in the initrd. + + inst_multiple -H -o "$_keyfile" "${_source_dirs[@]}" \ + /etc/sysconfig/chronyd \ + "$systemdsystemconfdir"/time-sync.target \ + "$systemdsystemconfdir/time-sync.target.wants/*.target" + fi +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dracut-110+suse.29.g16072cee/modules.d/74chrony/parse-ntp.sh new/dracut-110+suse.31.ga81148a/modules.d/74chrony/parse-ntp.sh --- old/dracut-110+suse.29.g16072cee/modules.d/74chrony/parse-ntp.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/dracut-110+suse.31.ga81148a/modules.d/74chrony/parse-ntp.sh 2026-05-12 15:56:32.000000000 +0200 @@ -0,0 +1,65 @@ +#!/bin/sh + +command -v getargs > /dev/null || . /lib/dracut-lib.sh + +# format: rd.ntp={server|pool|peer}:<hostname-or-ip>[:<option>[,<option>...]] +parse_ntp_source() { + local v="${1}": + local i + local src addr opts + + set -- + while [ -n "$v" ]; do + if [ "${v#\[*:*:*\]:}" != "$v" ]; then + # handle IPv6 address + i="${v%%\]:*}" + i="${i##\[}" + set -- "$@" "$i" + v=${v#\["$i"\]:} + else + set -- "$@" "${v%%:*}" + v=${v#*:} + fi + done + + if [ $# -lt 2 ]; then + warn "Failed to parse NTP time source" + return 1 + fi + + case "$1" in + server | pool | peer) + src=$1 + ;; + *) + warn "Invalid time source '$1'. Valid options: server, pool, peer" + return 1 + ;; + esac + + [ -n "$2" ] && addr=$2 + [ -n "$3" ] && opts="$(str_replace "$3" "," " ")" + + echo "${src} ${addr}${opts:+ $opts}" + return 0 +} + +mkdir -p -m 0750 /run/chrony +chown chrony: /run/chrony +mkdir /run/chrony/dracut.sources.d + +for _i in $(getargs rd.ntp); do + _src=$(parse_ntp_source "$_i") + if [ -n "$_src" ]; then + echo "$_src" >> /run/chrony/dracut.sources.d/dracut.sources + fi +done + +if [ "$(ls -A /run/chrony/dracut.sources.d)" ] && ! getargbool 0 rd.neednet; then + echo "rd.neednet=1" > /etc/cmdline.d/01-chrony.conf + if ! getarg "ip="; then + echo "ip=dhcp" >> /etc/cmdline.d/01-chrony.conf + fi +fi + +unset _i _src
