diff options
-rw-r--r-- | sys-kernel/dracut/dracut-044-r6.ebuild (renamed from sys-kernel/dracut/dracut-044-r5.ebuild) | 10 | ||||
-rw-r--r-- | sys-kernel/dracut/files/dracut-044-bash-4.4.patch | 80 | ||||
-rw-r--r-- | sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch | 51 |
3 files changed, 137 insertions, 4 deletions
diff --git a/sys-kernel/dracut/dracut-044-r5.ebuild b/sys-kernel/dracut/dracut-044-r6.ebuild index 0b3c7d17..6f6d3854 100644 --- a/sys-kernel/dracut/dracut-044-r5.ebuild +++ b/sys-kernel/dracut/dracut-044-r6.ebuild @@ -62,10 +62,12 @@ QA_MULTILIB_PATHS=" " PATCHES=( - "${FILESDIR}"/044-0001-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch - "${FILESDIR}"/044-0002-systemd-initrd-add-initrd-root-device.target.patch - "${FILESDIR}"/044-0003-50-dracut.install-use-bin-bash-shebang.patch - "${FILESDIR}"/044-0004-redcore-change-default-initramfs-name.patch + ""${FILESDIR}"/044-0001-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch" + ""${FILESDIR}"/044-0002-systemd-initrd-add-initrd-root-device.target.patch" + ""${FILESDIR}"/044-0003-50-dracut.install-use-bin-bash-shebang.patch" + ""${FILESDIR}"/044-0004-redcore-change-default-initramfs-name.patch" + ""${FILESDIR}"/"${P}"-bash-4.4.patch" + ""${FILESDIR}"/"${P}"-preserve-xattrs-when-copying.patch" ) # diff --git a/sys-kernel/dracut/files/dracut-044-bash-4.4.patch b/sys-kernel/dracut/files/dracut-044-bash-4.4.patch new file mode 100644 index 00000000..3144c8e6 --- /dev/null +++ b/sys-kernel/dracut/files/dracut-044-bash-4.4.patch @@ -0,0 +1,80 @@ +diff -urN dracut-044.orig/modules.d/50drm/module-setup.sh dracut-044/modules.d/50drm/module-setup.sh +--- dracut-044.orig/modules.d/50drm/module-setup.sh 2015-11-25 16:22:28.000000000 +0300 ++++ dracut-044/modules.d/50drm/module-setup.sh 2016-09-28 02:50:08.914967926 +0300 +@@ -24,9 +24,9 @@ + local _fname _fcont + while read _fname || [ -n "$_fname" ]; do + case "$_fname" in +- *.ko) _fcont="$(< $_fname)" ;; +- *.ko.gz) _fcont="$(gzip -dc $_fname)" ;; +- *.ko.xz) _fcont="$(xz -dc $_fname)" ;; ++ *.ko) _fcont="$(< $_fname tr -d \\0)" ;; ++ *.ko.gz) _fcont="$(gzip -dc $_fname | tr -d \\0)" ;; ++ *.ko.xz) _fcont="$(xz -dc $_fname | tr -d \\0)" ;; + esac + [[ $_fcont =~ $_drm_drivers + && ! $_fcont =~ iw_handler_get_spy ]] \ +diff -urN dracut-044.orig/modules.d/90kernel-modules/module-setup.sh dracut-044/modules.d/90kernel-modules/module-setup.sh +--- dracut-044.orig/modules.d/90kernel-modules/module-setup.sh 2015-11-25 16:22:28.000000000 +0300 ++++ dracut-044/modules.d/90kernel-modules/module-setup.sh 2016-09-28 02:49:11.725390294 +0300 +@@ -10,9 +10,9 @@ + function bmf1() { + local _f + while read _f || [ -n "$_f" ]; do case "$_f" in +- *.ko) [[ $(< $_f) =~ $_blockfuncs ]] && echo "$_f" ;; +- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_blockfuncs ]] && echo "$_f" ;; +- *.ko.xz) [[ $(xz -dc <$_f) =~ $_blockfuncs ]] && echo "$_f" ;; ++ *.ko) [[ $(< $_f tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;; ++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;; ++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;; + esac + done + return 0 +diff -urN dracut-044.orig/modules.d/90kernel-network-modules/module-setup.sh dracut-044/modules.d/90kernel-network-modules/module-setup.sh +--- dracut-044.orig/modules.d/90kernel-network-modules/module-setup.sh 2015-11-25 16:22:28.000000000 +0300 ++++ dracut-044/modules.d/90kernel-network-modules/module-setup.sh 2016-09-28 02:51:08.202422231 +0300 +@@ -26,9 +26,9 @@ + while read _fname; do + [[ $_fname =~ $_unwanted_drivers ]] && continue + case "$_fname" in +- *.ko) _fcont="$(< $_fname)" ;; +- *.ko.gz) _fcont="$(gzip -dc $_fname)" ;; +- *.ko.xz) _fcont="$(xz -dc $_fname)" ;; ++ *.ko) _fcont="$(< $_fname tr -d \\0)" ;; ++ *.ko.gz) _fcont="$(gzip -dc $_fname | tr -d \\0)" ;; ++ *.ko.xz) _fcont="$(xz -dc $_fname | tr -d \\0)" ;; + esac + [[ $_fcont =~ $_net_drivers + && ! $_fcont =~ iw_handler_get_spy ]] \ +diff -urN dracut-044.orig/modules.d/90multipath/module-setup.sh dracut-044/modules.d/90multipath/module-setup.sh +--- dracut-044.orig/modules.d/90multipath/module-setup.sh 2015-11-25 16:22:28.000000000 +0300 ++++ dracut-044/modules.d/90multipath/module-setup.sh 2016-09-28 02:49:11.726390235 +0300 +@@ -58,9 +58,9 @@ + local _f + while read _f || [ -n "$_f" ]; do + case "$_f" in +- *.ko) [[ $(< $_f) =~ $_funcs ]] && echo "$_f" ;; +- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_funcs ]] && echo "$_f" ;; +- *.ko.xz) [[ $(xz -dc <$_f) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko) [[ $(< $_f tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; + esac + done + return 0 +diff -urN dracut-044.orig/modules.d/95iscsi/module-setup.sh dracut-044/modules.d/95iscsi/module-setup.sh +--- dracut-044.orig/modules.d/95iscsi/module-setup.sh 2015-11-25 16:22:28.000000000 +0300 ++++ dracut-044/modules.d/95iscsi/module-setup.sh 2016-09-28 02:49:11.726390235 +0300 +@@ -168,9 +168,9 @@ + local _f + while read _f || [ -n "$_f" ]; do + case "$_f" in +- *.ko) [[ $(< $_f) =~ $_funcs ]] && echo "$_f" ;; +- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_funcs ]] && echo "$_f" ;; +- *.ko.xz) [[ $(xz -dc <$_f) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko) [[ $(< $_f tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; ++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;; + esac + done + return 0 diff --git a/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch b/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch new file mode 100644 index 00000000..3146d848 --- /dev/null +++ b/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch @@ -0,0 +1,51 @@ +From 61c761bc2c35fb244d46fbbde97161f5927071dc Mon Sep 17 00:00:00 2001 +From: Stefan Berger <stefanb@us.ibm.com> +Date: Tue, 25 Oct 2016 15:09:49 -0400 +Subject: [PATCH] dracut-install: preserve extended attributes when copying + files + +Preserve extended attributes when copying files using dracut-install. + +The copying of extended attributes avoids file execution denials when +the Linux Integrity Measurement's Appraisal mode is active. In that mode +executables need their file signatures copied. In particular, this patch +solves the problem that dependent libaries are not included in the +initramfs since the copied programs could not be executed due to missing +signatures. The following audit record shows the type of failure that +is now prevented: + +type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0 + auid=4294967295 ses=4294967295 + subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 + op="appraise_data" cause="IMA-signature-required" + comm="ld-linux-x86-64" + name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl" + dev="dm-0" ino=37136 res=0 + +Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> +--- + install/dracut-install.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/install/dracut-install.c b/install/dracut-install.c +index fe30bba..c0f1c17 100644 +--- a/install/dracut-install.c ++++ b/install/dracut-install.c +@@ -294,7 +294,7 @@ static int cp(const char *src, const char *dst) + normal_copy: + pid = fork(); + if (pid == 0) { +- execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps", "-fL", src, dst, ++ execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps,xattr", "-fL", src, dst, + NULL); + _exit(EXIT_FAILURE); + } +@@ -302,7 +302,7 @@ static int cp(const char *src, const char *dst) + while (waitpid(pid, &ret, 0) < 0) { + if (errno != EINTR) { + ret = -1; +- log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps -fL %s %s", src, ++ log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps,xattr -fL %s %s", src, + dst); + break; + } |