Thanks: Javier Barroso <javibarroso@gmail.com> for the initial patch
Related-to: #717805

Otherwise fails with:

| mkinitramfs: for root /dev/nbd0p2 missing nbd /sys/block/ entry

Closes: #697368
Thanks: Ian Campbell <ijc@hellion.org.uk> for the patch

Closes: #689558
Thanks: Stephen Powell <zlinuxman@wowway.com> for the patch

This adds knowledge of the "drop_capabilities=..." option that kinit
supports. When set, it gets passed to run-init's new "-d" option.

This lets a system owner drop capabilities (like CAP_SYS_MODULE and
CAP_SYS_RAWIO) before the system init starts.

Closes: #679436
Thanks: Kees Cook <kees@debian.org> for the patch

E.g. mandos needs to use files which must be unreadable by any
other non-root process. Quoting from #633582:

| These files are therefore mode 0600 and owned by its own non-root
| user. When mkinitramfs changes the files to be owned by root,
| the unprivileged process can no longer read the files.

Using the same approach as dracut introduced as of
http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=c8a9a6b4a7dff76c66e84f65b2717632e1bb4505

Closes: #633582
Thanks: Harald Hoyer <harald@redhat.com> for providing the patch in dracut

Quoting Lukas Anzinger in #751488:

| I've set panic=0 as a kernel cmdline argument which should trigger a
| reboot instead of spawning a shell. However, the reboot seems to be
| uneffective and a shell is spawned nevertheless. This is unpleasing
| since spawn=0 is "marketed" as a security feature in
| initramfs-tools(8):
|
|     panic sets an timeout on panic.  panic=<sec> is a documented
|     security feature: it disables the debug shell.
|
| [...]
|
| The commands halt, reboot, etc. don't work either.
|
| To fix the security impact of an open shell I propose to at least add a
| return after the reboot command so that if the reboot is effectively a
| NOP still no shell is spawned.

Thanks: Lukas Anzinger <l.anzinger@gmail.com> for the analysis and patch
Closes: #751488

Quoting Markus Wanner in #748805:

| Since Linux 3.14 (or 0b947aff1599afbbd2ec07ada87b05af0f94cf10, to be
| precise), the btrfs module no longer depends on libcrc32c, but only on
| crc32c. However, this is one of the "hidden" dependencies, so
| modules.dep doesn't list it. If mkinitramfs doesn't happen to include
| crc32c for some other reason, an initrd without that module is
| generated, even if btrfs needs it to boot. For me, this led to the same
| error upon boot, as others have posted, before:
|
| modprobe: can't load module btrfs (kernel/fs/btrfs/btrfs.ko): unknown
| symbol in module, or unknown parametr
|
| (Without any further hints in dmegs, BTW)
|
| The attached patch adds an entry to the list of hidden dependencies to
| /usr/share/initramfs-tools/hook-functions to fix this issue. This also
| renders the work-around proposed by Tristan unnecessary.

Thanks: Markus Wanner <markus@bluegap.ch> for the analysis and patch
Closes: #748805

On most virtual machines it is possible to use the virtio interface
through the PCI bus to export for example block or net devices. On some
architectures the emulated machine does not have a PCI bus, and thus the
transport goes through an MMIO interface.

Currently initramfs-tools correctly handle the PCI case, but not the
MMIO on. In case of a virtio based root device, the virtio_mmio module
is not available in the initramfs causing the boot to fail. This commit
adds the virtio_mmio module if virtio is used (in dep mode), or by
default (in most mode).

Closes: #751143
Signed-off-by: Michael Prokop <mika@debian.org>

initramfs-tools could just use a check like

chroot /root test -x /sbin/init

Then it doesn't matter whether it's a relative or absolute symlink.

Closes: #750360

Tested-by: Dominik George <nik@naturalnet.de>
Suggested-by: Michael Biebl <biebl@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

On the hppa platform the fstype program from klibc crashed (details in Bug#745660) which exposed a problem in the
get_fstype() shell function in file scripts/functions.

In this script, fstype is called like this:
        eval $(fstype "${FS}" 2> /dev/null)
        if [ "$FSTYPE" = "unknown" ] ....
Since fstype crashed and returned nothing in the variable "FSTYPE", FSTYPE stayed empty instead of the value "unknown" and as such no further analysis via blkid was done.

I think it makes sense to pre-initialize FSTYPE to the value "unknown" before
calling fstype. That way the program logic will continue correctly if something
with the fstype program is wrong.

Closes: #745731

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: maximilian attems <maks@debian.org>

Signed-off-by: Michael Prokop <mika@debian.org>

Closes: #726957
Signed-off-by: Michael Prokop <mika@debian.org>

Simliar to root, adds device link for UUID.

Signed-off-by: maximilian attems <maks@debian.org>

The configure_networking() function in scripts/functions fails
to parse an "ip=" kernel option if it has more than one parameter
following the device name.  For example:

   ip=client-ip:server-ip:gw-ip:netmask:hostname:device:autoconf

works just fine, however,

   ip=client-ip:server-ip:gw-ip:netmask:hostname:device:autoconf:dns0:dns1

does not, and that happens to be the format described in
   https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt



A one character change to configure_networking() will make it immune to
any number of parameters following the device name.

Closes: #724644

Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

Due to a typo the device specified in $RESUME was always considered
invalid and thus auto-detected, thereby overriding any configuration by
the sysadmin in /etc/initramfs-tools/conf.d/resume.

Closes: #724554

Signed-off-by: Nikolaus Schulz <mail@microschulz.de>
Signed-off-by: maximilian attems <maks@debian.org>

While at it bump version standards to keep lintian happy.

Signed-off-by: maximilian attems <maks@debian.org>

Not used to shell syntax that needs a space between the not
and the function call.

This fixes:
/usr/share/initramfs-tools/hooks/resume: 53: /usr/share/initramfs-tools/hooks/resume: !chrooted: not found

Signed-off-by: maximilian attems <maks@debian.org>

If no shell is found in the initramfs copy over the system
default shell.

See: #707040

Suggested-by: Ben Love <blove+debianbugs@kylimar.com>
Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

The later might fail on noexec /tmp.
In consequence the initramfs has no shell to execute the init
and the boot fails.

Closes: #707040

Thanks-to: Ben Love <blove+debianbugs@kylimar.com>
Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

This is no longer set on install but with a hook on every
mkinitramfs call.

Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

As previously this was set by initramfs-tools just use it
if it is around. Also some admins might want to set it.

If the resume is not a valid swap partition (as recognised by
blkid) just ignore it.
Also while at it add defenses against empty RESUME variable.

Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

This logic is better run every time on update-initramfs,
as swap partition of a system might change.
Also there are scenarios where the preinstall picks up
a wrong value that stays wrongly hardcoded.
This results in a 5s useless wait on boot.

The biggest swap partition is used as valid guess.
This was previously the logic and is the logic used by ubiquity
(Ubuntu live installer) too.

Closes: #565225, LP 50437.

Thanks-to: Dmitrijs Ledkovs <launchpad@surgut.co.uk>
Reviewed-by: Martin Pitt <martin.pitt@ubuntu.com>
Reviewed-by: Michael Prokop <mika@debian.org>
Signed-off-by: maximilian attems <maks@debian.org>

This became a separate driver in v3.10 (a76dd463c58e), it is used on the Orion
and Kirkwood flavours.

Closes: #721519

Reviewed-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: maximilian attems <max@stro.at>

Signed-off-by: Michael Prokop <mika@debian.org>

lsinitramfs cannot deal with a multi-segmented initramfs archive, such
as one with an uncompressed early initramfs prepended to the main
compressed initramfs.  Document this in the manpage.

The kernel will parse all cpio archives it can find in the initramfs in
sequence, and it doesn't care if some of them are compressed and others
are not.

Signed-off-by: Henrique de Moraes Holschuh <hmh@debian.org>

Add a new hook function, prepend_earlyinitramfs(), which prepends
the content of the file passed as a parameter to the initramfs
that will be generated.

This will be used to pass system processor microcode and ACPI table
overrides to the kernel (requires Linux kernel v3.9 or later).

Signed-off-by: Henrique de Moraes Holschuh <hmh@debian.org>

Add myself to Uploaders, and upload this version to unstable.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Signed-off-by: Michael Prokop <mika@debian.org>

Exclude drivers for:
- software devices: dummy, ifb, tun, veth.
- layered devices: macvlan, macvtap, team
- physical devices unlikely to be useful at boot: hippi/*, sb1000, xen-netback

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Currently we're not including all the HID drivers that support
keyboards.  Further, there are occasional regressions when a keyboard
that was previously handled by the generic code gets a specialised
drivers that's not on our list.

Instead of trying to list all the HID driver modules, include the
whole drivers/hid tree and exclude specific modules that we know don't
support keyboards.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Closes: #697619

Signed-off-by: Michael Prokop <mika@debian.org>

Linux v3.8 changes the name of the PCI ehci driver from ehci-hcd to
ehci-pci. Ref

| commit adfa79d1c06a32650332930ca4c488ca570b3407
| Author: Alan Stern <stern@rowland.harvard.edu>
| Date:   Thu Nov 1 11:13:04 2012 -0400
|
|     USB: EHCI: make ehci-pci a separate driver
|
|     This patch (as1625) splits the PCI portion of ehci-hcd out into its
|     own separate driver module, called ehci-pci.  Consistently with the
|     current practice, the decision whether to build this module is not
|     user-configurable.  If EHCI and PCI are enabled then the module will
|     be built, always.
|
|     Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
|     CC: Felipe Balbi <balbi@ti.com>
|     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thanks: Bjørn Mork <bjorn@mork.no> for bug report + patch
Closes: #700572

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Starting with kernel version 3.6 the nfs module has been split
into version specific modules, so nfsv2, nfsv3 and nfsv4 are
also required to get the according NFS version working.
See kernel.git commit 1c606fb74c758beafd98cbad9a9133eadeec2371
("NFS: Convert v3 into a module") for further details.

Therefore also add the nfsv{2,3,4} kernel modules via
hook-functions' auto_add_modules() so netbooting works.

Thanks: Julien Cristau <jcristau@debian.org> for the hint regarding the split

Signed-off-by: Michael Prokop <mika@debian.org>