From patchwork Wed Nov 30 14:32:24 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 6221
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NMhW22wNRz3wgq
	for <patchwork@web04.haj.ipfire.org>; Wed, 30 Nov 2022 14:32:30 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4NMhW119R4z2f4;
	Wed, 30 Nov 2022 14:32:29 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NMhW070QBz2xv5;
	Wed, 30 Nov 2022 14:32:28 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NMhVz32qDz2xN0
 for <development@lists.ipfire.org>; Wed, 30 Nov 2022 14:32:27 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384))
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4NMhVy2J2Tz2f4
 for <development@lists.ipfire.org>; Wed, 30 Nov 2022 14:32:26 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1669818747;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=oIoGbPvp+60Tfu2EueS/yHZKMj/wkVV3gzYHlmfAsgY=;
 b=OUNUibDAex4I6VOogtKqE6OiiygnzW5LgBzw2dtwesEmF69aC7xy2CmYvMoc/G193rYaRm
 fmPV1bwSEISyrQAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1669818747;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=oIoGbPvp+60Tfu2EueS/yHZKMj/wkVV3gzYHlmfAsgY=;
 b=HzZWP1OynmqcE9B1OZR34IBLHwykjyI6u/e4Lpti3VIN++Qfs0hZPsOv62sm326qggvSFD
 /7JXBMpGtJlSjk8zAj6secdvY3BETS7g49+K6vpbzJDbgLjc0fSYC7btaF5Sq4fBH2pX26
 sRE5L3ZckRUdFs2oiS/UHMDrNq7mVKBEJpNvUALMPFoG41u4tY6hhRH0sjobd8e5tQ2fJh
 O1mVNknLuC4RCwZSkTKYt8SQLj2bDkfqLw0JOMqpzjKedA8IA40Dxj0zIzWxlkXtYMm4vx
 AA9vSRtjgaSwcEud1qMTbOs68xrgHw5U+0TRGx+bX7EyhdSmxYQieuwIS6sffA==
Message-ID: <eb36a5df-f8b4-06e9-cb06-c922614b66e6@ipfire.org>
Date: Wed, 30 Nov 2022 15:32:24 +0100
MIME-Version: 1.0
Content-Language: en-US
To: development@lists.ipfire.org
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH v2] dracut: Update to 056
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

This also drops the dracut-network package, since there is
no (legitimate) reason why an initial ramdisk of a firewall
machine should be capable of networking - particularly since
there is no firewall engine loaded at this point.

The second version of this patch takes into account that _all_
files in packages of IPFire 3 always go into the respective
package. Therefore, if we do not want to have them, deleting
the package section is not sufficient - we have to delete them
explicitly.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 dracut/dracut.nm | 49 ++++++++++++++----------------------------------
 1 file changed, 14 insertions(+), 35 deletions(-)

diff --git a/dracut/dracut.nm b/dracut/dracut.nm
index 8da9822dd..f2fef35df 100644
--- a/dracut/dracut.nm
+++ b/dracut/dracut.nm
@@ -4,11 +4,11 @@
 ###############################################################################
 
 name       = dracut
-version    = 048
+version    = 056
 release    = 1
 
 groups     = System/Boot
-url        = http://sourceforge.net/apps/trac/dracut/wiki
+url        = https://sourceforge.net/apps/trac/dracut/wiki
 license    = GPLv2+
 summary    = Initramfs generator using udev.
 
@@ -16,7 +16,7 @@ description
 	dracut is a new, event-driven initramfs infrastructure based around udev.
 end
 
-source_dl  = http://www.kernel.org/pub/linux/utils/boot/dracut/
+source_dl  = https://www.kernel.org/pub/linux/utils/boot/dracut/
 sources    = %{thisapp}.tar.xz
 
 build
@@ -49,21 +49,25 @@ build
 		mkdir -pv %{BUILDROOT}/etc/dracut.conf.d
 		cp -vf %{DIR_SOURCE}/ipfire.conf %{BUILDROOT}/etc/dracut.conf.d/ipfire.conf
 
-		# Save package version.
-		echo "DRACUT_VERSION=%{version}-%{release}" > \
-			%{BUILDROOT}/%{dracutlibdir}/dracut/dracut-version.sh
-
 		# Remove Gentoo specific module.
 		rm -rvf %{BUILDROOT}%{dracutlibdir}/modules.d/50gensplash
 
+		# Remove networking modules, since the initial ramdisk
+		# should not be capable of networking due to security reasons.
+		rm -rvf \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/40network \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/45ifcfg \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/95fcoe \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/95iscsi \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/95nbd \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/95nfs \
+			%{BUILDROOT}%{dracutlibdir}/modules.d/95znet
+
 		mkdir -pv %{BUILDROOT}/boot/dracut
 		mkdir -pv %{BUILDROOT}/var/lib/dracut/overlay
 		mkdir -pv %{BUILDROOT}/var/lib/initramfs
 		mkdir -pv %{BUILDROOT}%{localstatedir}/log
 		touch %{BUILDROOT}%{localstatedir}/log/dracut.log
-
-		mkdir -pv %{BUILDROOT}/etc/logrotate.d
-		install -m 0644 dracut.logrotate %{BUILDROOT}/etc/logrotate.d/dracut_log
 	end
 end
 
@@ -92,31 +96,6 @@ packages
 		end
 	end
 
-	package %{name}-network
-		summary = Network support for the initramdisk.
-		description
-			This package requires everything which is needed to build a generic
-			all purpose initramfs with network support with dracut.
-		end
-
-		requires
-			bridge-utils
-			dhclient
-			iproute2
-			nfs-utils
-		end
-
-		files
-			/usr/lib/dracut/modules.d/40network
-			/usr/lib/dracut/modules.d/95fcoe
-			/usr/lib/dracut/modules.d/95iscsi
-			/usr/lib/dracut/modules.d/95nbd
-			/usr/lib/dracut/modules.d/95nfs
-			/usr/lib/dracut/modules.d/45ifcfg
-			/usr/lib/dracut/modules.d/95znet
-		end
-	end
-
 	package %{name}-utils
 		summary = Command line utils for dracut.
 		description = %{summary}