From 32400243a8adf3a62d14cde9d05d7164294d1a12 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 2 Apr 2026 14:46:07 +0200 Subject: [PATCH 1/5] initrd-setup-root: Drop workarounds for systemd <259 We are updating systemd to 259, so these are not necessary anymore. Signed-off-by: Krzesimir Nowak --- dracut/99setup-root/initrd-setup-root | 10 ++++------ dracut/99setup-root/initrd-setup-root-after-ignition | 4 ++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/dracut/99setup-root/initrd-setup-root b/dracut/99setup-root/initrd-setup-root index d028b33..7dd34fb 100755 --- a/dracut/99setup-root/initrd-setup-root +++ b/dracut/99setup-root/initrd-setup-root @@ -32,8 +32,8 @@ COREOS_BLANK_MACHINE_ID="42000000000000000000000000000042" MACHINE_ID_FILE="/sysroot/etc/machine-id" # Allow to rerun the script -if SYSTEMD_IN_INITRD=0 systemd-confext --root=/sysroot status | grep flatcar-default; then - SYSTEMD_IN_INITRD=0 systemd-confext --root=/sysroot unmerge +if systemd-confext --root=/sysroot status | grep flatcar-default; then + systemd-confext --root=/sysroot unmerge fi function selectiveosreset() { @@ -165,10 +165,8 @@ mkdir -p /sysroot/var/lib/extensions.mutable/ if [ ! -L /sysroot/var/lib/extensions.mutable/etc ] && [ ! -e /sysroot/var/lib/extensions.mutable/etc ]; then ln -s /etc /sysroot/var/lib/extensions.mutable/etc fi -# Workaround until 259: Set SYSTEMD_IN_INITRD because even with --root= -# this would otherwise look for initrd extension metadata. -SYSTEMD_IN_INITRD=0 systemd-confext --root=/sysroot merge -SYSTEMD_IN_INITRD=0 systemd-confext --root=/sysroot status | grep flatcar-default || { echo "error: flatcar-default confext not loaded" ; exit 1 ; } +systemd-confext --root=/sysroot merge +systemd-confext --root=/sysroot status | grep flatcar-default || { echo "error: flatcar-default confext not loaded" ; exit 1 ; } # Even when the planned sysext/confext .services units are there # the above call should stay because we first need confext for Ignition # to have default files but then we need to reload for any user confexts diff --git a/dracut/99setup-root/initrd-setup-root-after-ignition b/dracut/99setup-root/initrd-setup-root-after-ignition index 6c6af0e..13a0d79 100755 --- a/dracut/99setup-root/initrd-setup-root-after-ignition +++ b/dracut/99setup-root/initrd-setup-root-after-ignition @@ -168,11 +168,11 @@ for NAME in $(grep -h -o '^[^#]*' /sysroot/etc/flatcar/enabled-sysext.conf /sysr done # Here we load a second time so that any user-supplied configuration extensions are present at boot -SYSTEMD_IN_INITRD=0 systemd-confext --root=/sysroot refresh +systemd-confext --root=/sysroot refresh # Then for the first time we can also apply system extensions so that the final system has them at boot # (done here until we have an upstream systemd unit doing it). if [ $(readlink -f /sysroot/etc/systemd/system/systemd-sysext.service 2>/dev/null) != "/dev/null" ]; then - if ! SYSTEMD_IN_INITRD=0 systemd-sysext --root=/sysroot merge ; then + if ! systemd-sysext --root=/sysroot merge ; then echo "ERROR: systemd-sysext failed to set up extensions in initrd, continuing boot" >&2 fi fi From c20c464119a366301959a45cf2dd7ac7a86944bd Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Fri, 24 Apr 2026 16:49:58 +0200 Subject: [PATCH 2/5] dracut/99flatcar-debloat: Hijack the module to add necessary libraries Systemd 259 started dlopening more and more libraries instead of linking to them at build time. It mentions them in a so-called ELF notes, but current dracut does not parse those. This caused some libraries to be missing from initrd and systemd complaining about them missing. It is a temporary hack that we can drop once we update dracut to 110 - this is where parsing of ELF notes was introduced. Signed-off-by: Krzesimir Nowak --- dracut/99flatcar-debloat/module-setup.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dracut/99flatcar-debloat/module-setup.sh b/dracut/99flatcar-debloat/module-setup.sh index 0a43327..97c2eb5 100755 --- a/dracut/99flatcar-debloat/module-setup.sh +++ b/dracut/99flatcar-debloat/module-setup.sh @@ -18,4 +18,9 @@ install() { # We maybe should include this, but more work is needed for compliance. rm "${initdir}"/usr/lib*/ossl-modules/fips.so + + # drop it when updating to dracut 110 + inst_libdir_file "libaudit.so*" + inst_libdir_file "libpam.so*" + inst_libdir_file "libseccomp.so*" } From 9a184f72829fc339d1a6853560d6800ae76bfff1 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Mon, 27 Apr 2026 17:31:34 +0200 Subject: [PATCH 3/5] dracut/99switch-root: Drop obsolete systemd settings DefaultBlockIOAccounting was a cgroupv1 setting, DefaultCPUAccounting is ignored because CPU accounting is always available on the unified cgroup hierarchy. Signed-off-by: Krzesimir Nowak --- dracut/99switch-root/nocgroup.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/dracut/99switch-root/nocgroup.conf b/dracut/99switch-root/nocgroup.conf index efc20ea..b567b3c 100644 --- a/dracut/99switch-root/nocgroup.conf +++ b/dracut/99switch-root/nocgroup.conf @@ -1,7 +1,5 @@ [Manager] -DefaultCPUAccounting=no DefaultIOAccounting=no DefaultIPAccounting=no -DefaultBlockIOAccounting=no DefaultMemoryAccounting=no DefaultTasksAccounting=no From 900a86ab02eb4b089e795f879d42b83460fce848 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 6 May 2026 13:41:36 +0200 Subject: [PATCH 4/5] update-bootengine: Skip bluetooth to silence dracut warnings We don't have bluetoothd in Flatcar. Signed-off-by: Krzesimir Nowak --- update-bootengine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-bootengine b/update-bootengine index 946f6b2..8ea6c63 100755 --- a/update-bootengine +++ b/update-bootengine @@ -20,7 +20,7 @@ DRACUT_ARGS=( --force --no-hostonly --no-compress - --omit "fido2 lvm multipath network pkcs11 tpm2-tss zfs" + --omit "bluetooth fido2 lvm multipath network pkcs11 tpm2-tss zfs" --add "i18n iscsi" --add-drivers "loop brd drbd nbd rbd mmc_block xen-blkfront zram libarc4 lru_cache zsmalloc" --kernel-cmdline "SYSTEMD_SULOGIN_FORCE=1" From 2fa792caa4aaefe44ca72160894f52f6264b482d Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 6 May 2026 14:01:26 +0200 Subject: [PATCH 5/5] update-bootengine: Skip some more modules that depend on network module Signed-off-by: Krzesimir Nowak --- update-bootengine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-bootengine b/update-bootengine index 8ea6c63..5cc0605 100755 --- a/update-bootengine +++ b/update-bootengine @@ -20,7 +20,7 @@ DRACUT_ARGS=( --force --no-hostonly --no-compress - --omit "bluetooth fido2 lvm multipath network pkcs11 tpm2-tss zfs" + --omit "bluetooth cifs fido2 lvm multipath network nfs nvmf pkcs11 tpm2-tss zfs" --add "i18n iscsi" --add-drivers "loop brd drbd nbd rbd mmc_block xen-blkfront zram libarc4 lru_cache zsmalloc" --kernel-cmdline "SYSTEMD_SULOGIN_FORCE=1"