Source: dracut
Version: 060+5-8
Followup-For: Bug #1071182
Tags: patch
The following patch addresses the case where /usr and possibly /etc are
mounted read-only in the initrd, and therefore fixes the error messsages
mentioned in my previous email.
From: Holger Weiss <holger.we...@fu-berlin.de>
Date: Thu, 30 May 2024 21:14:59 +0200
Subject: [PATCH] Cope with /usr and/or /etc being mounted read-only
This fixes the remaining systemd 256 compatiblity issues mentioned in:
https://github.com/dracut-ng/dracut-ng/issues/253
---
debian/changelog | 6 +
debian/patches/move-hooks-to-var.patch | 66 +++++++++
debian/patches/move-modprobe.d-to-run.patch | 156 ++++++++++++++++++++
debian/patches/series | 2 +
4 files changed, 230 insertions(+)
create mode 100644 debian/patches/move-hooks-to-var.patch
create mode 100644 debian/patches/move-modprobe.d-to-run.patch
diff --git a/debian/changelog b/debian/changelog
index ac35fdaf..905feb14 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dracut (060+5-9) unstable; urgency=low
+
+ * cope with /usr and/or /etc being mounted read-only in the initrd
+
+ -- Holger Weiss <holger.we...@fu-berlin.de> Thu, 30 May 2024 21:08:24 +0200
+
dracut (060+5-8) unstable; urgency=low
* control: adjust breaks, replaces, Closes: #1071208, #1071244
diff --git a/debian/patches/move-hooks-to-var.patch
b/debian/patches/move-hooks-to-var.patch
new file mode 100644
index 00000000..7388726f
--- /dev/null
+++ b/debian/patches/move-hooks-to-var.patch
@@ -0,0 +1,66 @@
+Description: Move hooks directory from /usr/lib to /var/lib
+ Since https://github.com/systemd/systemd/commit/ffc1ec73, /usr is mounted as
+ read-only in the initramfs by default.
+Author: Laszlo Gombos <laszlo.gom...@gmail.com>
+Origin: upstream, https://github.com/dracut-ng/dracut-ng
+Bug: https://github.com/dracutdevs/dracut/issues/2588
+Applied-Upstream:
https://github.com/dracut-ng/dracut-ng/commit/a45048b80c27ee5a45a380052a6d29ab1925f7f9
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/dracut-init.sh
++++ b/dracut-init.sh
+@@ -630,7 +630,7 @@
+ dfatal "No such hook type $1. Aborting initrd creation."
+ exit 1
+ fi
+- hook="/lib/dracut/hooks/${1}/${2}-${3##*/}"
++ hook="/var/lib/dracut/hooks/${1}/${2}-${3##*/}"
+ inst_simple "$3" "$hook"
+ chmod u+x "$initdir/$hook"
+ }
+--- a/dracut.sh
++++ b/dracut.sh
+@@ -1882,7 +1882,11 @@
+
+ if [[ $kernel_only != yes ]]; then
+ mkdir -p "${initdir}/etc/cmdline.d"
+- mkdir -m 0755 "${initdir}"/lib/dracut/hooks
++ mkdir -m 0755 -p "${initdir}"/var/lib/dracut/hooks
++
++ # symlink to old hooks location for compatibility
++ ln_r /var/lib/dracut/hooks /lib/dracut/hooks
++
+ for _d in $hookdirs; do
+ # shellcheck disable=SC2174
+ mkdir -m 0755 -p "${initdir}/lib/dracut/hooks/$_d"
+--- a/modules.d/99base/module-setup.sh
++++ b/modules.d/99base/module-setup.sh
+@@ -45,7 +45,10 @@
+
+ [ -e "${initdir}/lib" ] || mkdir -m 0755 -p "${initdir}"/lib
+ mkdir -m 0755 -p "${initdir}"/lib/dracut
+- mkdir -m 0755 -p "${initdir}"/lib/dracut/hooks
++ mkdir -m 0755 -p "${initdir}"/var/lib/dracut/hooks
++
++ # symlink to old hooks location for compatibility
++ ln_r /var/lib/dracut/hooks /lib/dracut/hooks
+
+ mkdir -p "${initdir}"/tmp
+
+--- a/modules.d/99shutdown/module-setup.sh
++++ b/modules.d/99shutdown/module-setup.sh
+@@ -17,9 +17,11 @@
+ inst_multiple umount poweroff reboot halt losetup stat sleep timeout
+ inst_multiple -o kexec
+ inst "$moddir/shutdown.sh" "$prefix/shutdown"
+- [ -e "${initdir}/lib" ] || mkdir -m 0755 -p "${initdir}"/lib
+- mkdir -m 0755 -p "${initdir}"/lib/dracut
+- mkdir -m 0755 -p "${initdir}"/lib/dracut/hooks
++ mkdir -m 0755 -p "${initdir}"/var/lib/dracut/hooks
++
++ # symlink to old hooks location for compatibility
++ ln_r /var/lib/dracut/hooks /lib/dracut/hooks
++
+ for _d in $hookdirs shutdown shutdown-emergency; do
+ mkdir -m 0755 -p "${initdir}"/lib/dracut/hooks/"$_d"
+ done
diff --git a/debian/patches/move-modprobe.d-to-run.patch
b/debian/patches/move-modprobe.d-to-run.patch
new file mode 100644
index 00000000..17295491
--- /dev/null
+++ b/debian/patches/move-modprobe.d-to-run.patch
@@ -0,0 +1,156 @@
+Description: Move /etc/modprobe.d to /run/modprobe.d
+ Change /etc/modprobe.d path to /run/modprobe.d in hooks, as /etc might be
+ mounted as read-only.
+Author: Laszlo Gombos <laszlo.gom...@gmail.com>
+Origin: upstream, https://github.com/dracut-ng/dracut-ng
+Applied-Upstream:
https://github.com/dracut-ng/dracut-ng/commit/424717af8e0a86dac7a9898bf161f04e35abd2c2
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/man/dracut.modules.7.asc
++++ b/man/dracut.modules.7.asc
+@@ -181,7 +181,7 @@
+ _parse-insmodpost.sh_:
+ ----
+ for p in $(getargs rd.driver.post=); do
+- echo "blacklist $p" >> /etc/modprobe.d/initramfsblacklist.conf
++ echo "blacklist $p" >> /run/modprobe.d/initramfsblacklist.conf
+ _do_insmodpost=1
+ done
+
+--- a/modules.d/01fips/fips-boot.sh
++++ b/modules.d/01fips/fips-boot.sh
+@@ -3,7 +3,7 @@
+ type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+ if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then
+- rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1
++ :
+ elif [ -z "$fipsmode" ]; then
+ die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
+ elif getarg boot= > /dev/null; then
+--- a/modules.d/01fips/fips-load-crypto.sh
++++ b/modules.d/01fips/fips-load-crypto.sh
+@@ -3,7 +3,7 @@
+ type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+ if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then
+- rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1
++ :
+ elif [ -z "$fipsmode" ]; then
+ die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
+ else
+--- a/modules.d/01fips/fips-noboot.sh
++++ b/modules.d/01fips/fips-noboot.sh
+@@ -3,7 +3,7 @@
+ type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
+
+ if ! fipsmode=$(getarg fips) || [ "$fipsmode" = "0" ]; then
+- rm -f -- /etc/modprobe.d/fips.conf > /dev/null 2>&1
++ :
+ elif [ -z "$fipsmode" ]; then
+ die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
+ elif ! [ -f /tmp/fipsdone ]; then
+--- a/modules.d/01fips/fips.sh
++++ b/modules.d/01fips/fips.sh
+@@ -97,7 +97,6 @@
+ read -d '' -r FIPSMODULES < /etc/fipsmodules
+
+ fips_info "Loading and integrity checking all crypto modules"
+- mv /etc/modprobe.d/fips.conf /etc/modprobe.d/fips.conf.bak
+ for _module in $FIPSMODULES; do
+ if [ "$_module" != "tcrypt" ]; then
+ if ! nonfatal_modprobe "${_module}" 2> /tmp/fips.modprobe_err;
then
+@@ -113,7 +112,10 @@
+ fi
+ fi
+ done
+- mv /etc/modprobe.d/fips.conf.bak /etc/modprobe.d/fips.conf
++ if [ -f /etc/fips.conf ]; then
++ mkdir -p /run/modprobe.d
++ cp /etc/fips.conf /run/modprobe.d/fips.conf
++ fi
+
+ fips_info "Self testing crypto algorithms"
+ modprobe tcrypt || return 1
+--- a/modules.d/01fips/module-setup.sh
++++ b/modules.d/01fips/module-setup.sh
+@@ -39,13 +39,10 @@
+ _fipsmodules+="aead cryptomgr tcrypt crypto_user "
+ fi
+
+- # shellcheck disable=SC2174
+- mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
+-
+ for _mod in $_fipsmodules; do
+ if hostonly='' instmods -c -s "$_mod"; then
+ echo "$_mod" >> "${initdir}/etc/fipsmodules"
+- echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
++ echo "blacklist $_mod" >> "${initdir}/etc/fips.conf"
+ fi
+ done
+
+--- a/modules.d/90kernel-modules/parse-kernel.sh
++++ b/modules.d/90kernel-modules/parse-kernel.sh
+@@ -1,11 +1,7 @@
+ #!/bin/sh
+
+-_modprobe_d=/etc/modprobe.d
+-if [ -d /usr/lib/modprobe.d ]; then
+- _modprobe_d=/usr/lib/modprobe.d
+-elif [ -d /lib/modprobe.d ]; then
+- _modprobe_d=/lib/modprobe.d
+-elif [ ! -d $_modprobe_d ]; then
++_modprobe_d=/run/modprobe.d
++if [ ! -d $_modprobe_d ]; then
+ mkdir -p $_modprobe_d
+ fi
+
+@@ -18,8 +14,6 @@
+ )
+ done
+
+-[ -d /etc/modprobe.d ] || mkdir -p /etc/modprobe.d
+-
+ for i in $(getargs rd.driver.blacklist -d rdblacklist=); do
+ (
+ IFS=,
+--- a/modules.d/95lunmask/parse-lunmask.sh
++++ b/modules.d/95lunmask/parse-lunmask.sh
+@@ -32,8 +32,9 @@
+ IFS="$OLDIFS"
+ if [ -d /sys/module/scsi_mod ]; then
+ printf "manual" > /sys/module/scsi_mod/parameters/scan
+- elif [ ! -f /etc/modprobe.d/95lunmask.conf ]; then
+- echo "options scsi_mod scan=manual" >
/etc/modprobe.d/95lunmask.conf
++ elif [ ! -f /run/modprobe.d/95lunmask.conf ]; then
++ mkdir -p /run/modprobe.d
++ echo "options scsi_mod scan=manual" >
/run/modprobe.d/95lunmask.conf
+ fi
+ create_udev_rule "$1" "$2" "$3"
+ )
+--- a/modules.d/98dracut-systemd/dracut-pre-udev.sh
++++ b/modules.d/98dracut-systemd/dracut-pre-udev.sh
+@@ -13,12 +13,8 @@
+ getarg 'rd.break=pre-udev' 'rdbreak=pre-udev' && emergency_shell -n pre-udev
"Break before pre-udev"
+ source_hook pre-udev
+
+-_modprobe_d=/etc/modprobe.d
+-if [ -d /usr/lib/modprobe.d ]; then
+- _modprobe_d=/usr/lib/modprobe.d
+-elif [ -d /lib/modprobe.d ]; then
+- _modprobe_d=/lib/modprobe.d
+-elif [ ! -d $_modprobe_d ]; then
++_modprobe_d=/run/modprobe.d
++if [ ! -d $_modprobe_d ]; then
+ mkdir -p $_modprobe_d
+ fi
+
+@@ -31,8 +27,6 @@
+ )
+ done
+
+-[ -d /etc/modprobe.d ] || mkdir -p /etc/modprobe.d
+-
+ for i in $(getargs rd.driver.blacklist -d rdblacklist=); do
+ (
+ IFS=,
diff --git a/debian/patches/series b/debian/patches/series
index ae21e647..d0000a98 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,5 @@ microcode
initrd-not-initramfs.patch
fix-test-running-tests-no-longer-requires-to-be-root.patch
test-FULL-SYSTEMD-no-need-to-include-dbus-to-the-target-r.patch
+move-hooks-to-var.patch
+move-modprobe.d-to-run.patch
