[dracut/f17] dracut-018-105.git20120927
Harald Hoyer
harald at fedoraproject.org
Thu Sep 27 09:16:26 UTC 2012
commit cb9c0e87838fdb980b09daf8ab8c271f02f47a7f
Author: Harald Hoyer <harald at redhat.com>
Date: Thu Sep 27 11:15:57 2012 +0200
dracut-018-105.git20120927
- enable the use of the nbd port with e.g. '-N ltsp'
- actually make reset_overlay working for squash overlays
- fixed FIPS
- if any mdraid found, make dracut run on shutdown
- make the initramfs non-world readable
0098-unquote-nbd-port.patch | 26 ++++++++
...ve-dmsquash-live-root.sh-Physically-write.patch | 23 +++++++
0100-FIPS-workaround-for-fipscheck-dir.patch | 63 ++++++++++++++++++++
0101-mdraid-catch-nested-md-raids.patch | 27 ++++++++
...ot-as-symlink-to-sysroot-boot-if-no-boot-.patch | 48 +++++++++++++++
...ys-create-need_shutdown-if-we-have-assemb.patch | 60 +++++++++++++++++++
...h-create-the-initramfs-non-world-readable.patch | 24 ++++++++
dracut.spec | 16 +++++-
8 files changed, 286 insertions(+), 1 deletions(-)
---
diff --git a/0098-unquote-nbd-port.patch b/0098-unquote-nbd-port.patch
new file mode 100644
index 0000000..9d19cf7
--- /dev/null
+++ b/0098-unquote-nbd-port.patch
@@ -0,0 +1,26 @@
+From dd180c4f7a8ed05530b632627dada5ce36d0aa32 Mon Sep 17 00:00:00 2001
+From: Wim Muskee <wimmuskee at gmail.com>
+Date: Sat, 25 Aug 2012 13:42:12 +0200
+Subject: [PATCH] unquote nbd port
+
+Name based connects fail because of the quotes around the $nbdport.
+For name based connects, the -N option also gets included. For
+instance nbd-client 192.168.0.1 '-N ltsp' /dev/nbd0.
+I believe the quotes are not necessary for actual port numbers.
+---
+ modules.d/95nbd/nbdroot.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/95nbd/nbdroot.sh b/modules.d/95nbd/nbdroot.sh
+index 7656120..4d06425 100755
+--- a/modules.d/95nbd/nbdroot.sh
++++ b/modules.d/95nbd/nbdroot.sh
+@@ -95,7 +95,7 @@ while [ ! -b /dev/nbd0 ]; do
+ i=$(( $i + 1))
+ done
+
+-nbd-client $preopts "$nbdserver" "$nbdport" /dev/nbd0 $opts || exit 1
++nbd-client $preopts "$nbdserver" $nbdport /dev/nbd0 $opts || exit 1
+
+ # If we didn't get a root= on the command line, then we need to
+ # add the udev rules for mounting the nbd0 device
diff --git a/0099-dmsquash-live-dmsquash-live-root.sh-Physically-write.patch b/0099-dmsquash-live-dmsquash-live-root.sh-Physically-write.patch
new file mode 100644
index 0000000..a2b1460
--- /dev/null
+++ b/0099-dmsquash-live-dmsquash-live-root.sh-Physically-write.patch
@@ -0,0 +1,23 @@
+From 99a1f385e06e4ea4c1ecfa7d36e3e0d51878ca71 Mon Sep 17 00:00:00 2001
+From: Frederick Grose <fgrose at gmail.com>
+Date: Thu, 6 Sep 2012 10:48:37 +0200
+Subject: [PATCH] dmsquash-live/dmsquash-live-root.sh: Physically write
+ overlay reset at time of request
+
+---
+ modules.d/90dmsquash-live/dmsquash-live-root.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh
+index fdbd6f5..ec84b32 100755
+--- a/modules.d/90dmsquash-live/dmsquash-live-root.sh
++++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh
+@@ -99,7 +99,7 @@ do_live_overlay() {
+ if [ -f /run/initramfs/overlayfs$pathspec -a -w /run/initramfs/overlayfs$pathspec ]; then
+ losetup $OVERLAY_LOOPDEV /run/initramfs/overlayfs$pathspec
+ if [ -n "$reset_overlay" ]; then
+- dd if=/dev/zero of=$OVERLAY_LOOPDEV bs=64k count=1 2>/dev/null
++ dd if=/dev/zero of=$OVERLAY_LOOPDEV bs=64k count=1 conv=fsync 2>/dev/null
+ fi
+ setup="yes"
+ fi
diff --git a/0100-FIPS-workaround-for-fipscheck-dir.patch b/0100-FIPS-workaround-for-fipscheck-dir.patch
new file mode 100644
index 0000000..311f248
--- /dev/null
+++ b/0100-FIPS-workaround-for-fipscheck-dir.patch
@@ -0,0 +1,63 @@
+From 0bb277e2d48e9a2279c5d70defa6a8fed616f063 Mon Sep 17 00:00:00 2001
+From: Milan Broz <mbroz at redhat.com>
+Date: Fri, 24 Aug 2012 13:31:57 +0200
+Subject: [PATCH] FIPS workaround for fipscheck dir
+
+Also patch old install path... (used in Fedora 17)
+
+Signed-off-by: Milan Broz <mbroz at redhat.com>
+---
+ dracut-functions.sh | 12 ++++++++++++
+ modules.d/01fips/module-setup.sh | 3 ++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/dracut-functions.sh b/dracut-functions.sh
+index fc60f32..746b03e 100755
+--- a/dracut-functions.sh
++++ b/dracut-functions.sh
+@@ -406,6 +406,12 @@ inst_simple() {
+ if [[ -e "${_src%/*}/.${_src##*/}.hmac" ]]; then
+ inst "${_src%/*}/.${_src##*/}.hmac" "${target%/*}/.${target##*/}.hmac"
+ fi
++ if [[ -e "/lib/fipscheck/${_src##*/}.hmac" ]]; then
++ inst "/lib/fipscheck/${_src##*/}.hmac" "/lib/fipscheck/${target##*/}.hmac"
++ fi
++ if [[ -e "/lib64/fipscheck/${_src##*/}.hmac" ]]; then
++ inst "/lib64/fipscheck/${_src##*/}.hmac" "/lib64/fipscheck/${target##*/}.hmac"
++ fi
+ ddebug "Installing $_src"
+ cp --sparse=always -pfL "$_src" "${initdir}/$target"
+ }
+@@ -447,6 +453,12 @@ inst_library() {
+ if [[ -e "${_src%/*}/.${_src##*/}.hmac" ]]; then
+ inst "${_src%/*}/.${_src##*/}.hmac" "${_dest%/*}/.${_dest##*/}.hmac"
+ fi
++ if [[ -e "/lib/fipscheck/${_src##*/}.hmac" ]]; then
++ inst "/lib/fipscheck/${_src##*/}.hmac" "/lib/fipscheck/${_dest##*/}.hmac"
++ fi
++ if [[ -e "/lib64/fipscheck/${_src##*/}.hmac" ]]; then
++ inst "/lib64/fipscheck/${_src##*/}.hmac" "/lib64/fipscheck/${_dest##*/}.hmac"
++ fi
+ _reallib=$(readlink -f "$_src")
+ inst_simple "$_reallib" "$_reallib"
+ inst_dir "${_dest%/*}"
+diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
+index 3197611..2f107e6 100755
+--- a/modules.d/01fips/module-setup.sh
++++ b/modules.d/01fips/module-setup.sh
+@@ -32,13 +32,14 @@ install() {
+ inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
+ inst "$moddir/fips.sh" /sbin/fips.sh
+
+- dracut_install sha512hmac rmmod insmod mount uname umount
++ dracut_install sha512hmac rmmod insmod mount uname umount fipscheck
+
+ inst_libdir_file libsoftokn3.so
+ inst_libdir_file libsoftokn3.so
+ inst_libdir_file libsoftokn3.chk
+ inst_libdir_file libfreebl3.so
+ inst_libdir_file libfreebl3.chk
++ inst_libdir_file libssl.so.10
+
+ dracut_install $usrlibdir/hmaccalc/sha512hmac.hmac
+ if command -v prelink >/dev/null; then
diff --git a/0101-mdraid-catch-nested-md-raids.patch b/0101-mdraid-catch-nested-md-raids.patch
new file mode 100644
index 0000000..768a108
--- /dev/null
+++ b/0101-mdraid-catch-nested-md-raids.patch
@@ -0,0 +1,27 @@
+From 7e71815c3e1ce9d6fa7255383384ebf05927221b Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald at redhat.com>
+Date: Wed, 22 Aug 2012 13:01:53 +0200
+Subject: [PATCH] mdraid: catch nested md raids
+
+Thanks to Ian Dall!
+---
+ modules.d/90mdraid/65-md-incremental-imsm.rules | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/modules.d/90mdraid/65-md-incremental-imsm.rules b/modules.d/90mdraid/65-md-incremental-imsm.rules
+index c4334db..d66dd01 100644
+--- a/modules.d/90mdraid/65-md-incremental-imsm.rules
++++ b/modules.d/90mdraid/65-md-incremental-imsm.rules
+@@ -5,7 +5,11 @@
+ ACTION!="add|change", GOTO="md_end"
+ SUBSYSTEM!="block", GOTO="md_end"
+ ENV{rd_NO_MD}=="?*", GOTO="md_end"
+-KERNEL=="md*", GOTO="md_end"
++KERNEL=="md*", ENV{ID_FS_TYPE}!="linux_raid_member", GOTO="md_end"
++KERNEL=="md*", ACTION!="change", GOTO="md_end"
++
++# Also don't process disks that are slated to be a multipath device
++ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="md_end"
+
+ ENV{ID_FS_TYPE}=="ddf_raid_member|isw_raid_member|linux_raid_member", GOTO="md_try"
+ GOTO="md_end"
diff --git a/0102-fips-set-boot-as-symlink-to-sysroot-boot-if-no-boot-.patch b/0102-fips-set-boot-as-symlink-to-sysroot-boot-if-no-boot-.patch
new file mode 100644
index 0000000..4f4c124
--- /dev/null
+++ b/0102-fips-set-boot-as-symlink-to-sysroot-boot-if-no-boot-.patch
@@ -0,0 +1,48 @@
+From 5edf0cb82b107e8aa8288d590508b4ed52cbc41c Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald at redhat.com>
+Date: Tue, 21 Aug 2012 15:01:08 +0200
+Subject: [PATCH] fips: set /boot as symlink to /sysroot/boot if no boot=
+ parameter
+
+otherwise sha512hmac will error out with:
+
+sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
+Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
+---
+ modules.d/01fips/fips.sh | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
+index 67eefb8..324e062 100755
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -45,23 +45,23 @@ mount_boot()
+ mkdir /boot
+ info "Mounting $boot as /boot"
+ mount -oro "$boot" /boot || return 1
++ elif [ -d "$NEWROOT/boot" ]; then
++ rm -fr /boot
++ ln -sf "$NEWROOT/boot" /boot
+ fi
+ }
+
+ do_fips()
+ {
+ info "Checking integrity of kernel"
+- newroot=$NEWROOT
+ KERNEL=$(uname -r)
+
+- [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ] || unset newroot
+-
+- if ! [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ]; then
+- warn "$newroot/boot/.vmlinuz-${KERNEL}.hmac does not exist"
++ if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
++ warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
+ return 1
+ fi
+
+- sha512hmac -c "$newroot/boot/.vmlinuz-${KERNEL}.hmac" || return 1
++ sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+
+ FIPSMODULES=$(cat /etc/fipsmodules)
+
diff --git a/0103-mdraid-always-create-need_shutdown-if-we-have-assemb.patch b/0103-mdraid-always-create-need_shutdown-if-we-have-assemb.patch
new file mode 100644
index 0000000..eafac08
--- /dev/null
+++ b/0103-mdraid-always-create-need_shutdown-if-we-have-assemb.patch
@@ -0,0 +1,60 @@
+From d0ec00165bcd4868ced5f41c75bb061e3f17fd4a Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald at redhat.com>
+Date: Tue, 14 Aug 2012 17:44:46 +0200
+Subject: [PATCH] mdraid: always create need_shutdown, if we have assembled a
+ raid
+
+---
+ modules.d/90mdraid/mdraid-cleanup.sh | 4 ++--
+ modules.d/90mdraid/mdraid-needshutdown.sh | 11 +++++++++++
+ modules.d/90mdraid/module-setup.sh | 1 +
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+ create mode 100755 modules.d/90mdraid/mdraid-needshutdown.sh
+
+diff --git a/modules.d/90mdraid/mdraid-cleanup.sh b/modules.d/90mdraid/mdraid-cleanup.sh
+index 9c4bc18..da86d65 100755
+--- a/modules.d/90mdraid/mdraid-cleanup.sh
++++ b/modules.d/90mdraid/mdraid-cleanup.sh
+@@ -14,11 +14,11 @@ for md in /dev/md[0-9_]*; do
+ containers="$containers $md"
+ continue
+ fi
+- mdadm $_offroot -S "$md" >/dev/null 2>&1 || need_shutdown
++ mdadm $_offroot -S "$md" >/dev/null 2>&1
+ done
+
+ for md in $containers; do
+- mdadm $_offroot -S "$md" >/dev/null 2>&1 || need_shutdown
++ mdadm $_offroot -S "$md" >/dev/null 2>&1
+ done
+
+ unset containers udevinfo _offroot
+diff --git a/modules.d/90mdraid/mdraid-needshutdown.sh b/modules.d/90mdraid/mdraid-needshutdown.sh
+new file mode 100755
+index 0000000..79f9852
+--- /dev/null
++++ b/modules.d/90mdraid/mdraid-needshutdown.sh
+@@ -0,0 +1,11 @@
++#!/bin/sh
++# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
++# ex: ts=8 sw=4 sts=4 et filetype=sh
++
++type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
++
++for md in /dev/md[0-9_]*; do
++ [ -b "$md" ] || continue
++ need_shutdown
++ break
++done
+diff --git a/modules.d/90mdraid/module-setup.sh b/modules.d/90mdraid/module-setup.sh
+index 90092a7..1cf25e4 100755
+--- a/modules.d/90mdraid/module-setup.sh
++++ b/modules.d/90mdraid/module-setup.sh
+@@ -94,6 +94,7 @@ install() {
+ inst_hook pre-trigger 30 "$moddir/parse-md.sh"
+ inst_hook pre-mount 10 "$moddir/mdraid-waitclean.sh"
+ inst "$moddir/mdraid-cleanup.sh" /sbin/mdraid-cleanup
++ inst_hook cleanup 99 "$moddir/mdraid-needshutdown.sh"
+ inst_hook shutdown 30 "$moddir/md-shutdown.sh"
+ }
+
diff --git a/0104-dracut.sh-create-the-initramfs-non-world-readable.patch b/0104-dracut.sh-create-the-initramfs-non-world-readable.patch
new file mode 100644
index 0000000..90928c4
--- /dev/null
+++ b/0104-dracut.sh-create-the-initramfs-non-world-readable.patch
@@ -0,0 +1,24 @@
+From d4d64e933224b79d80bc4ed671e6d159887e98c8 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald at redhat.com>
+Date: Thu, 27 Sep 2012 10:18:29 +0200
+Subject: [PATCH] dracut.sh: create the initramfs non-world readable
+
+---
+ dracut.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/dracut.sh b/dracut.sh
+index ed90311..a95e603 100755
+--- a/dracut.sh
++++ b/dracut.sh
+@@ -848,7 +848,9 @@ if strstr "$modules_loaded" " fips " && command -v prelink >/dev/null; then
+ done
+ fi
+
+-if ! ( cd "$initdir"; find . |cpio -R 0:0 -H newc -o --quiet| \
++rm -f "$outfile"
++dinfo "*** Creating image file ***"
++if ! ( umask 077; cd "$initdir"; find . |cpio -R 0:0 -H newc -o --quiet| \
+ $compress > "$outfile"; ); then
+ dfatal "dracut: creation of $outfile failed"
+ exit 1
diff --git a/dracut.spec b/dracut.spec
index a62f12a..b16b2cc 100644
--- a/dracut.spec
+++ b/dracut.spec
@@ -10,7 +10,7 @@
Name: dracut
Version: 018
-Release: 98.git20120813%{?dist}
+Release: 105.git20120927%{?dist}
Summary: Initramfs generator using udev
%if 0%{?fedora} || 0%{?rhel}
@@ -121,6 +121,13 @@ Patch94: 0094-resume-move-resume-in-the-initqueue-finished-hook.patch
Patch95: 0095-lvm-lvm_scan.sh-udevadm-settle-after-lvm-scan.patch
Patch96: 0096-include-the-omap_hsmmc-module-on-arm.patch
Patch97: 0097-i18n-module-setup.sh-fixed-include-parsing.patch
+Patch98: 0098-unquote-nbd-port.patch
+Patch99: 0099-dmsquash-live-dmsquash-live-root.sh-Physically-write.patch
+Patch100: 0100-FIPS-workaround-for-fipscheck-dir.patch
+Patch101: 0101-mdraid-catch-nested-md-raids.patch
+Patch102: 0102-fips-set-boot-as-symlink-to-sysroot-boot-if-no-boot-.patch
+Patch103: 0103-mdraid-always-create-need_shutdown-if-we-have-assemb.patch
+Patch104: 0104-dracut.sh-create-the-initramfs-non-world-readable.patch
BuildArch: noarch
@@ -436,6 +443,13 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/dracut/overlay
%changelog
+* Thu Sep 27 2012 Harald Hoyer <harald at redhat.com> 018-105.git20120927
+- enable the use of the nbd port with e.g. '-N ltsp'
+- actually make reset_overlay working for squash overlays
+- fixed FIPS
+- if any mdraid found, make dracut run on shutdown
+- make the initramfs non-world readable
+
* Mon Aug 13 2012 Harald Hoyer <harald at redhat.com> 018-98.git20120813
- fixed keymap include issues
Resolves: rhbz#845744
More information about the scm-commits
mailing list