summaryrefslogtreecommitdiff
path: root/sys-kernel
diff options
context:
space:
mode:
Diffstat (limited to 'sys-kernel')
-rw-r--r--sys-kernel/dracut/dracut-044-r6.ebuild (renamed from sys-kernel/dracut/dracut-044-r5.ebuild)10
-rw-r--r--sys-kernel/dracut/files/dracut-044-bash-4.4.patch80
-rw-r--r--sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch51
3 files changed, 137 insertions, 4 deletions
diff --git a/sys-kernel/dracut/dracut-044-r5.ebuild b/sys-kernel/dracut/dracut-044-r6.ebuild
index 0b3c7d17..6f6d3854 100644
--- a/sys-kernel/dracut/dracut-044-r5.ebuild
+++ b/sys-kernel/dracut/dracut-044-r6.ebuild
@@ -62,10 +62,12 @@ QA_MULTILIB_PATHS="
"
PATCHES=(
- "${FILESDIR}"/044-0001-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- "${FILESDIR}"/044-0002-systemd-initrd-add-initrd-root-device.target.patch
- "${FILESDIR}"/044-0003-50-dracut.install-use-bin-bash-shebang.patch
- "${FILESDIR}"/044-0004-redcore-change-default-initramfs-name.patch
+ ""${FILESDIR}"/044-0001-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch"
+ ""${FILESDIR}"/044-0002-systemd-initrd-add-initrd-root-device.target.patch"
+ ""${FILESDIR}"/044-0003-50-dracut.install-use-bin-bash-shebang.patch"
+ ""${FILESDIR}"/044-0004-redcore-change-default-initramfs-name.patch"
+ ""${FILESDIR}"/"${P}"-bash-4.4.patch"
+ ""${FILESDIR}"/"${P}"-preserve-xattrs-when-copying.patch"
)
#
diff --git a/sys-kernel/dracut/files/dracut-044-bash-4.4.patch b/sys-kernel/dracut/files/dracut-044-bash-4.4.patch
new file mode 100644
index 00000000..3144c8e6
--- /dev/null
+++ b/sys-kernel/dracut/files/dracut-044-bash-4.4.patch
@@ -0,0 +1,80 @@
+diff -urN dracut-044.orig/modules.d/50drm/module-setup.sh dracut-044/modules.d/50drm/module-setup.sh
+--- dracut-044.orig/modules.d/50drm/module-setup.sh 2015-11-25 16:22:28.000000000 +0300
++++ dracut-044/modules.d/50drm/module-setup.sh 2016-09-28 02:50:08.914967926 +0300
+@@ -24,9 +24,9 @@
+ local _fname _fcont
+ while read _fname || [ -n "$_fname" ]; do
+ case "$_fname" in
+- *.ko) _fcont="$(< $_fname)" ;;
+- *.ko.gz) _fcont="$(gzip -dc $_fname)" ;;
+- *.ko.xz) _fcont="$(xz -dc $_fname)" ;;
++ *.ko) _fcont="$(< $_fname tr -d \\0)" ;;
++ *.ko.gz) _fcont="$(gzip -dc $_fname | tr -d \\0)" ;;
++ *.ko.xz) _fcont="$(xz -dc $_fname | tr -d \\0)" ;;
+ esac
+ [[ $_fcont =~ $_drm_drivers
+ && ! $_fcont =~ iw_handler_get_spy ]] \
+diff -urN dracut-044.orig/modules.d/90kernel-modules/module-setup.sh dracut-044/modules.d/90kernel-modules/module-setup.sh
+--- dracut-044.orig/modules.d/90kernel-modules/module-setup.sh 2015-11-25 16:22:28.000000000 +0300
++++ dracut-044/modules.d/90kernel-modules/module-setup.sh 2016-09-28 02:49:11.725390294 +0300
+@@ -10,9 +10,9 @@
+ function bmf1() {
+ local _f
+ while read _f || [ -n "$_f" ]; do case "$_f" in
+- *.ko) [[ $(< $_f) =~ $_blockfuncs ]] && echo "$_f" ;;
+- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_blockfuncs ]] && echo "$_f" ;;
+- *.ko.xz) [[ $(xz -dc <$_f) =~ $_blockfuncs ]] && echo "$_f" ;;
++ *.ko) [[ $(< $_f tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;;
++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;;
++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_blockfuncs ]] && echo "$_f" ;;
+ esac
+ done
+ return 0
+diff -urN dracut-044.orig/modules.d/90kernel-network-modules/module-setup.sh dracut-044/modules.d/90kernel-network-modules/module-setup.sh
+--- dracut-044.orig/modules.d/90kernel-network-modules/module-setup.sh 2015-11-25 16:22:28.000000000 +0300
++++ dracut-044/modules.d/90kernel-network-modules/module-setup.sh 2016-09-28 02:51:08.202422231 +0300
+@@ -26,9 +26,9 @@
+ while read _fname; do
+ [[ $_fname =~ $_unwanted_drivers ]] && continue
+ case "$_fname" in
+- *.ko) _fcont="$(< $_fname)" ;;
+- *.ko.gz) _fcont="$(gzip -dc $_fname)" ;;
+- *.ko.xz) _fcont="$(xz -dc $_fname)" ;;
++ *.ko) _fcont="$(< $_fname tr -d \\0)" ;;
++ *.ko.gz) _fcont="$(gzip -dc $_fname | tr -d \\0)" ;;
++ *.ko.xz) _fcont="$(xz -dc $_fname | tr -d \\0)" ;;
+ esac
+ [[ $_fcont =~ $_net_drivers
+ && ! $_fcont =~ iw_handler_get_spy ]] \
+diff -urN dracut-044.orig/modules.d/90multipath/module-setup.sh dracut-044/modules.d/90multipath/module-setup.sh
+--- dracut-044.orig/modules.d/90multipath/module-setup.sh 2015-11-25 16:22:28.000000000 +0300
++++ dracut-044/modules.d/90multipath/module-setup.sh 2016-09-28 02:49:11.726390235 +0300
+@@ -58,9 +58,9 @@
+ local _f
+ while read _f || [ -n "$_f" ]; do
+ case "$_f" in
+- *.ko) [[ $(< $_f) =~ $_funcs ]] && echo "$_f" ;;
+- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_funcs ]] && echo "$_f" ;;
+- *.ko.xz) [[ $(xz -dc <$_f) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko) [[ $(< $_f tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
+ esac
+ done
+ return 0
+diff -urN dracut-044.orig/modules.d/95iscsi/module-setup.sh dracut-044/modules.d/95iscsi/module-setup.sh
+--- dracut-044.orig/modules.d/95iscsi/module-setup.sh 2015-11-25 16:22:28.000000000 +0300
++++ dracut-044/modules.d/95iscsi/module-setup.sh 2016-09-28 02:49:11.726390235 +0300
+@@ -168,9 +168,9 @@
+ local _f
+ while read _f || [ -n "$_f" ]; do
+ case "$_f" in
+- *.ko) [[ $(< $_f) =~ $_funcs ]] && echo "$_f" ;;
+- *.ko.gz) [[ $(gzip -dc <$_f) =~ $_funcs ]] && echo "$_f" ;;
+- *.ko.xz) [[ $(xz -dc <$_f) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko) [[ $(< $_f tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko.gz) [[ $(gzip -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
++ *.ko.xz) [[ $(xz -dc <$_f | tr -d \\0) =~ $_funcs ]] && echo "$_f" ;;
+ esac
+ done
+ return 0
diff --git a/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch b/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch
new file mode 100644
index 00000000..3146d848
--- /dev/null
+++ b/sys-kernel/dracut/files/dracut-044-preserve-xattrs-when-copying.patch
@@ -0,0 +1,51 @@
+From 61c761bc2c35fb244d46fbbde97161f5927071dc Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@us.ibm.com>
+Date: Tue, 25 Oct 2016 15:09:49 -0400
+Subject: [PATCH] dracut-install: preserve extended attributes when copying
+ files
+
+Preserve extended attributes when copying files using dracut-install.
+
+The copying of extended attributes avoids file execution denials when
+the Linux Integrity Measurement's Appraisal mode is active. In that mode
+executables need their file signatures copied. In particular, this patch
+solves the problem that dependent libaries are not included in the
+initramfs since the copied programs could not be executed due to missing
+signatures. The following audit record shows the type of failure that
+is now prevented:
+
+type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0
+ auid=4294967295 ses=4294967295
+ subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+ op="appraise_data" cause="IMA-signature-required"
+ comm="ld-linux-x86-64"
+ name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl"
+ dev="dm-0" ino=37136 res=0
+
+Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+---
+ install/dracut-install.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/install/dracut-install.c b/install/dracut-install.c
+index fe30bba..c0f1c17 100644
+--- a/install/dracut-install.c
++++ b/install/dracut-install.c
+@@ -294,7 +294,7 @@ static int cp(const char *src, const char *dst)
+ normal_copy:
+ pid = fork();
+ if (pid == 0) {
+- execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps", "-fL", src, dst,
++ execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps,xattr", "-fL", src, dst,
+ NULL);
+ _exit(EXIT_FAILURE);
+ }
+@@ -302,7 +302,7 @@ static int cp(const char *src, const char *dst)
+ while (waitpid(pid, &ret, 0) < 0) {
+ if (errno != EINTR) {
+ ret = -1;
+- log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps -fL %s %s", src,
++ log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps,xattr -fL %s %s", src,
+ dst);
+ break;
+ }