Date: Monday, March 6, 2023 @ 07:44:55 Author: eworm Revision: 470279
upgpkg: dracut 056-2: fix for systemd 253 (FS#77569) Added: dracut/trunk/dracut-systemd-253.patch Modified: dracut/trunk/PKGBUILD --------------------------+ PKGBUILD | 14 ++ dracut-systemd-253.patch | 225 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 236 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2023-03-06 03:45:48 UTC (rev 470278) +++ PKGBUILD 2023-03-06 07:44:55 UTC (rev 470279) @@ -1,7 +1,7 @@ # Maintainer: Giancarlo Razzolini <grazzol...@archlinux.org> pkgname=dracut pkgver=056 -pkgrel=1 +pkgrel=2 pkgdesc="An event driven initramfs infrastructure" arch=('x86_64') url="https://dracut.wiki.kernel.org" @@ -16,13 +16,21 @@ 'sbsigntools: uefi_secureboot_cert/key configuration option support') provides=('initramfs') backup=('etc/dracut.conf') -source=(https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-${pkgver}.tar{.gz,.sign}) +source=(https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-${pkgver}.tar{.gz,.sign} + dracut-systemd-253.patch) sha512sums=('3a5b82976bfff9d71ca305b786fd9218849d28e0ef36356b19e558e50fefcca540dc15e6d93a15c7a8ade58d51dc32db8e4b0af924b5a9d85fa56a223501a9b6' - 'SKIP') + 'SKIP' + 'dfbef5ee06fd0f7b51bfd3571eb284272d7694754eaf232cf1a14f3b2f95a67c87098fabf6d88068ef7e235e717bec26024a3b342c5dba940b8600799cef0791') validpgpkeys=( '7F3D64824AC0B6B8009E50504BC0896FB5693595' # Harald Hoyer <har...@redhat.com> ) +prepare() { + cd "$srcdir/${pkgname}-${pkgver}" + + patch -Np1 < ../dracut-systemd-253.patch +} + build() { local prefix=/usr sysconfdir=/etc Added: dracut-systemd-253.patch =================================================================== --- dracut-systemd-253.patch (rev 0) +++ dracut-systemd-253.patch 2023-03-06 07:44:55 UTC (rev 470279) @@ -0,0 +1,225 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.fei...@suse.com> +Date: Mon, 9 Jan 2023 11:47:06 +0100 +Subject: [PATCH 1/4] fix(dracut-systemd): remove unused argument + +The `generator_wait_for_dev` function of the dracut rootfs systemd generator +only uses the first argument. Moreover, RDRETRY is unset at this point. + +(cherry picked from commit eb75861c2a1c05eb142616da1891a7fa5a2a34e1) +--- + modules.d/98dracut-systemd/rootfs-generator.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh +index e1d365df..3238b495 100755 +--- a/modules.d/98dracut-systemd/rootfs-generator.sh ++++ b/modules.d/98dracut-systemd/rootfs-generator.sh +@@ -104,7 +104,7 @@ esac + GENERATOR_DIR="$1" + + if [ "$rootok" = "1" ]; then +- generator_wait_for_dev "${root#block:}" "$RDRETRY" ++ generator_wait_for_dev "${root#block:}" + generator_fsck_after_pre_mount "${root#block:}" + strstr "$(cat /proc/cmdline)" 'root=' || generator_mount_rootfs "${root#block:}" "$(getarg rootfstype=)" "$(getarg rootflags=)" + fi + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.fei...@suse.com> +Date: Wed, 1 Mar 2023 11:21:16 +0100 +Subject: [PATCH 2/4] fix(dracut-systemd): do not hardcode the systemd + generator directory + +The normal directory is the first argument passed to the systemd generator, +so use it instead of hardcoding /run/systemd/generator. + +(cherry picked from commit a2b32ed976898188bc98d9b6c7eec3dc45f4abf0) +--- + modules.d/98dracut-systemd/rootfs-generator.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh +index 3238b495..5b85d8c5 100755 +--- a/modules.d/98dracut-systemd/rootfs-generator.sh ++++ b/modules.d/98dracut-systemd/rootfs-generator.sh +@@ -17,7 +17,7 @@ generator_wait_for_dev() { + # after remote-fs-pre.target since the initqueue is ordered before it so + # it will never actually show up (think Tang-pinned rootfs). + cat > "$hookdir/initqueue/finished/devexists-${_name}.sh" << EOF +-if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then ++if ! grep -q After=remote-fs-pre.target "$GENERATOR_DIR"/systemd-cryptsetup@*.service 2>/dev/null; then + [ -e "$1" ] + fi + EOF +@@ -77,12 +77,12 @@ generator_fsck_after_pre_mount() { + [ -z "$1" ] && return 0 + + _name=$(dev_unit_name "$1") +- [ -d /run/systemd/generator/systemd-fsck@"${_name}".service.d ] || mkdir -p /run/systemd/generator/systemd-fsck@"${_name}".service.d +- if ! [ -f /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ]; then ++ [ -d "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d ] || mkdir -p "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d ++ if ! [ -f "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ]; then + { + echo "[Unit]" + echo "After=dracut-pre-mount.service" +- } > /run/systemd/generator/systemd-fsck@"${_name}".service.d/after-pre-mount.conf ++ } > "$GENERATOR_DIR"/systemd-fsck@"${_name}".service.d/after-pre-mount.conf + fi + + } + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.fei...@suse.com> +Date: Wed, 1 Mar 2023 12:07:29 +0100 +Subject: [PATCH 3/4] fix(dracut-systemd): check and create generator dir + outside of inner function + +(cherry picked from commit e21f8f7d5abaae37ada8c7a6dc91c2d878e0b501) +--- + modules.d/98dracut-systemd/rootfs-generator.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh +index 5b85d8c5..c3f60ad4 100755 +--- a/modules.d/98dracut-systemd/rootfs-generator.sh ++++ b/modules.d/98dracut-systemd/rootfs-generator.sh +@@ -51,7 +51,6 @@ generator_mount_rootfs() { + [ -z "$1" ] && return 0 + + _name=$(dev_unit_name "$1") +- [ -d "$GENERATOR_DIR" ] || mkdir -p "$GENERATOR_DIR" + if ! [ -f "$GENERATOR_DIR"/sysroot.mount ]; then + { + echo "[Unit]" +@@ -101,9 +100,11 @@ case "${root#block:}" in + ;; + esac + +-GENERATOR_DIR="$1" +- + if [ "$rootok" = "1" ]; then ++ GENERATOR_DIR="$1" ++ [ -z "$GENERATOR_DIR" ] && exit 1 ++ [ -d "$GENERATOR_DIR" ] || mkdir -p "$GENERATOR_DIR" ++ + generator_wait_for_dev "${root#block:}" + generator_fsck_after_pre_mount "${root#block:}" + strstr "$(cat /proc/cmdline)" 'root=' || generator_mount_rootfs "${root#block:}" "$(getarg rootfstype=)" "$(getarg rootflags=)" + +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo <antonio.fei...@suse.com> +Date: Fri, 3 Mar 2023 16:06:30 +0100 +Subject: [PATCH 4/4] fix(dracut-systemd): rootfs-generator cannot write + outside of generator dir + +Altough it was already documented in systemd.generator(7) that generators must +not write to locations other than those passed as arguments, since +https://github.com/systemd/systemd/commit/ca6ce62d systemd executes generators +in a mount namespace "sandbox", so now the hooks created by the rootfs-generator +are lost. + +These hooks are created using the root= cmdline argument, so this patch moves +the creation of these hooks to a cmdline hook. + +Fixes issue #2211 +Fixes issue #2225 + +(cherry picked from commit 4bde75fabe31a5c048fd75e533b94e91c3faa83b) +--- + modules.d/98dracut-systemd/module-setup.sh | 2 + + .../98dracut-systemd/parse-root.sh (new +x) | 38 +++++++++++++++++++ + .../98dracut-systemd/rootfs-generator.sh | 20 +--------- + 3 files changed, 41 insertions(+), 19 deletions(-) + +diff --git a/modules.d/98dracut-systemd/module-setup.sh b/modules.d/98dracut-systemd/module-setup.sh +index b7da86db..e66fc956 100755 +--- a/modules.d/98dracut-systemd/module-setup.sh ++++ b/modules.d/98dracut-systemd/module-setup.sh +@@ -37,6 +37,8 @@ install() { + + inst_script "$moddir/rootfs-generator.sh" "$systemdutildir"/system-generators/dracut-rootfs-generator + ++ inst_hook cmdline 10 "$moddir/parse-root.sh" ++ + for i in \ + dracut-cmdline.service \ + dracut-cmdline-ask.service \ +diff --git a/modules.d/98dracut-systemd/parse-root.sh b/modules.d/98dracut-systemd/parse-root.sh +new file mode 100755 +index 00000000..deeeff3f +--- /dev/null ++++ b/modules.d/98dracut-systemd/parse-root.sh +@@ -0,0 +1,38 @@ ++#!/bin/sh ++ ++type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh ++ ++root=$(getarg root=) ++case "${root#block:}" in ++ LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) ++ root="block:$(label_uuid_to_dev "$root")" ++ rootok=1 ++ ;; ++ /dev/nfs) # ignore legacy /dev/nfs ++ ;; ++ /dev/*) ++ root="block:${root}" ++ rootok=1 ++ ;; ++esac ++ ++if [ "$rootok" = "1" ]; then ++ root_dev="${root#block:}" ++ root_name="$(str_replace "$root_dev" '/' '\x2f')" ++ if ! [ -e "$hookdir/initqueue/finished/devexists-${root_name}.sh" ]; then ++ ++ # If a LUKS device needs unlocking via systemd in the initrd, assume ++ # it's for the root device. In that case, don't block on it if it's ++ # after remote-fs-pre.target since the initqueue is ordered before it so ++ # it will never actually show up (think Tang-pinned rootfs). ++ cat > "$hookdir/initqueue/finished/devexists-${root_name}.sh" << EOF ++if ! grep -q After=remote-fs-pre.target /run/systemd/generator/systemd-cryptsetup@*.service 2>/dev/null; then ++ [ -e "$root_dev" ] ++fi ++EOF ++ { ++ printf '[ -e "%s" ] || ' "$root_dev" ++ printf 'warn "\"%s\" does not exist"\n' "$root_dev" ++ } >> "$hookdir/emergency/80-${root_name}.sh" ++ fi ++fi +diff --git a/modules.d/98dracut-systemd/rootfs-generator.sh b/modules.d/98dracut-systemd/rootfs-generator.sh +index c3f60ad4..bcfd2b89 100755 +--- a/modules.d/98dracut-systemd/rootfs-generator.sh ++++ b/modules.d/98dracut-systemd/rootfs-generator.sh +@@ -6,28 +6,10 @@ generator_wait_for_dev() { + local _name + local _timeout + +- _name="$(str_replace "$1" '/' '\x2f')" ++ _name=$(dev_unit_name "$1") + _timeout=$(getarg rd.timeout) + _timeout=${_timeout:-0} + +- if ! [ -e "$hookdir/initqueue/finished/devexists-${_name}.sh" ]; then +- +- # If a LUKS device needs unlocking via systemd in the initrd, assume +- # it's for the root device. In that case, don't block on it if it's +- # after remote-fs-pre.target since the initqueue is ordered before it so +- # it will never actually show up (think Tang-pinned rootfs). +- cat > "$hookdir/initqueue/finished/devexists-${_name}.sh" << EOF +-if ! grep -q After=remote-fs-pre.target "$GENERATOR_DIR"/systemd-cryptsetup@*.service 2>/dev/null; then +- [ -e "$1" ] +-fi +-EOF +- { +- printf '[ -e "%s" ] || ' "$1" +- printf 'warn "\"%s\" does not exist"\n' "$1" +- } >> "$hookdir/emergency/80-${_name}.sh" +- fi +- +- _name=$(dev_unit_name "$1") + if ! [ -L "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device ]; then + [ -d "$GENERATOR_DIR"/initrd.target.wants ] || mkdir -p "$GENERATOR_DIR"/initrd.target.wants + ln -s ../"${_name}".device "$GENERATOR_DIR"/initrd.target.wants/"${_name}".device