01fips: trim off GRUB boot device from BOOT_IMAGE

E.g. in RHCOS, the `BOOT_IMAGE` from the cmdline is: (hd0,gpt1)/ostree/rhcos-e493371e5ee8407889029ec979955a2b86fd7e3cae5a0591b9db1cd248d966e8/vmlinuz-4.18.0-146.el8.x86_64 Which of course is a GRUB thing, not an actual pathname we'll be able to resolve. In fact, we can simply scrap it off from the variable. Our code is already able to handle both cases: whether the device refers to a separate boot partition, or just the root filesystem with a regular `/boot` directory.
01fips: add / in BOOT_IMAGE_HMAC filename for clarity
2019-10-31 11:19:02 +01:00 · 2019-10-31 11:18:56 +01:00 · 2019-10-31 11:18:51 +01:00 · 2019-10-31 11:18:47 +01:00 · 2019-10-01 09:56:15 +02:00 · 2019-09-11 15:26:26 +02:00
316 changed files with 11057 additions and 3238 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -1,3 +1,7 @@
-((nil . ((sh-basic-offset . 4)
-         (indent-tabs-mode . nil)
-         )))
+;;; Directory Local Variables
+;;; For more information see (info "(emacs) Directory Variables")
+
+((sh-mode
+  (indent-tabs-mode)
+  (sh-basic-offset . 4)))
+
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,8 @@
 /dracut-gencmdline.8
 /dracut.html
 /dracut.kernel.7
+/dracut.pc
+/dracut-install
 /modules.d/99base/switch_root
 /test/*/test.log
 test*.img
@@ -15,5 +17,7 @@ test*.img
 /install/dracut-install
 /*.rpm
 /*.[0-9]
-/modules.d/98systemd/*.service.8
+/modules.d/98dracut-systemd/*.service.8
 /*.sign
+*.o
+skipcpio/skipcpio
--- a/.kateproject
+++ b/.kateproject
@@ -1,8 +1,8 @@
 {
-  "name": "Kate"
+  "name": "Dracut"
  , "files": [ { "git": 1 } ]
  , "build": {
-    "directory": "build"
+    "directory": "./"
  , "build": "make -j $(getconf _NPROCESSORS_ONLN) all"
  , "clean": "make clean"
  }
--- a/.mailmap
+++ b/.mailmap
@@ -4,6 +4,7 @@ Philippe Seewer <philippe.seewer@bfh.ch> 	<philippe.seewer@bfh.ch>
 Victor Lowther <victor.lowther@gmail.com> 	<victor.lowther-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
 Harald Hoyer <harald@redhat.com> 		<harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
 Harald Hoyer <harald@redhat.com> 		<harald@eeepc.(none)>
+Harald Hoyer <harald@redhat.com> 		<harald@hoyer.xyz>
 Mike Snitzer <snitzer@redhat.com> 		<msnitzer@redhat.com>
 Amerigo Wang <amwang@redhat.com> 		<xiyou.wangcong@gmail.com>
 Andrey Borzenkov <arvidjaar@gmail.com> 		<arvidjaar@mail.ru>
@@ -16,3 +17,17 @@ Frederick Grose <fgrose@sugarlabs.org> 		<fgrose@gmail.com>
 Frederic Crozat <fcrozat@suse.com> 		<fcrozat@mandriva.com>
 Shawn W Dunn <sfalken@opensuse.org> 		<sfalken@opensuse.org>
 Kyle McMartin <kmcmarti@redhat.com>             <kyle@redhat.com>
+Angelo "pallotron" Failla <pallotron@fb.com>     <pallotron@fb.com>
+Yu Watanabe <watanabe.yu+github@gmail.com>
+Martin Wilck <mwilck@suse.de>   <mwilck@suse.com>
+Thomas Renninger <trenn@suse.com>   <trenn@suse.de>
+Andrey Borzenkov <arvidjaar@gmail.com>
+Cristian Rodríguez <crrodriguez@opensuse.org>
+Daniel Drake <drake@endlessm.com> <dsd@laptop.org>
+Fabian Vogt <fvogt@suse.com>
+Hannes Reinecke <hare@suse.com>  <hare@suse.de>
+Julian Wolf <juwolf@suse.com>  <juwolf@suse.de>
+Lidong Zhong <lidong.zhong@suse.com> <lzhong@suse.com>
+Nikoli <nikoli@gmx.us> <nikoli@lavabit.com>
+Peter Robinson <pbrobinson@fedoraproject.org> <pbrobinson@gmail.com>
+Xunlei Pang <xlpang@redhat.com> <xpang@redhat.com>
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,48 @@
+language: generic
+sudo: required
+services:
+- docker
+env:
+  matrix:
+  - IMAGE=latest
+  - IMAGE=latest TESTS=01
+  - IMAGE=latest TESTS=12
+  - IMAGE=latest TESTS=20
+  - IMAGE=latest TESTS=50
+  - IMAGE=latest TESTS=30
+  - IMAGE=latest TESTS=31
+  - IMAGE=latest TESTS=60
+  - IMAGE=latest TESTS=70
+  - IMAGE=latest TESTS=99
+  - IMAGE=latest TESTS=02
+  - IMAGE=latest TESTS=03
+  - IMAGE=latest TESTS=04
+  - IMAGE=latest TESTS=10
+  - IMAGE=latest TESTS=11
+  - IMAGE=29 TESTS=13
+  - IMAGE=29 TESTS=14
+  - IMAGE=latest TESTS=15
+  - IMAGE=latest TESTS=17
+
+before_script:
+  - docker pull fedora:$IMAGE
+  - |
+    sudo modprobe kvm-intel nested=1 || :
+    sudo modprobe kvm-amd nested=1 || :
+    dmesg | tail || :
+  - git fetch --tags --unshallow
+  - |
+    git describe --abbrev=0 --tags || :
+    git describe --tags || :
+
+script:
+- docker run --privileged -it -v $(pwd)/:/dracut fedora:$IMAGE /dracut/fedora-test.sh $IMAGE-$$ "$TESTS"
+
+notifications:
+  webhooks:
+    urls:
+    - https://webhooks.gitter.im/e/effa917ca3e0ed5fd00e
+    on_success: change  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: never     # options: [always|never|change] default: always
+
--- a/50-dracut.install
+++ b/50-dracut.install
@@ -1,10 +1,23 @@
-#!/bin/sh
+#!/bin/bash

 COMMAND="$1"
 KERNEL_VERSION="$2"
 BOOT_DIR_ABS="$3"
 KERNEL_IMAGE="$4"

+# If KERNEL_INSTALL_MACHINE_ID is defined but empty, BOOT_DIR_ABS is a fake directory.
+# So, let's skip to create initrd.
+if ! [[ ${KERNEL_INSTALL_MACHINE_ID-x} ]]; then
+    exit 0
+fi
+
+if [[ -d "$BOOT_DIR_ABS" ]]; then
+    INITRD="initrd"
+else
+    BOOT_DIR_ABS="/boot"
+    INITRD="initramfs-${KERNEL_VERSION}.img"
+fi
+
 ret=0
 case "$COMMAND" in
    add)
@@ -12,9 +25,9 @@ case "$COMMAND" in
        if [[ -f ${INITRD_IMAGE_PREGENERATED} ]]; then
            # we found an initrd at the same place as the kernel
            # use this and don't generate a new one
-            cp --reflink=auto "$INITRD_IMAGE_PREGENERATED" "$BOOT_DIR_ABS/initrd" \
-                && chown root:root "$BOOT_DIR_ABS/initrd" \
-                && chmod 0600 "$BOOT_DIR_ABS/initrd" \
+            cp "$INITRD_IMAGE_PREGENERATED" "$BOOT_DIR_ABS/$INITRD" \
+                && chown root:root "$BOOT_DIR_ABS/$INITRD" \
+                && chmod 0600 "$BOOT_DIR_ABS/$INITRD" \
                && exit 0
        fi

@@ -36,11 +49,11 @@ case "$COMMAND" in
                break
            fi
        done
-	dracut ${noimageifnotneeded:+--noimageifnotneeded} "$BOOT_DIR_ABS"/initrd "$KERNEL_VERSION"
+	dracut -f ${noimageifnotneeded:+--noimageifnotneeded} "$BOOT_DIR_ABS/$INITRD" "$KERNEL_VERSION"
        ret=$?
 	;;
    remove)
-        rm -f -- "$BOOT_DIR_ABS"/initrd
+        rm -f -- "$BOOT_DIR_ABS/$INITRD"
        ret=$?
 	;;
 esac
--- a/51-dracut-rescue-postinst.sh
+++ b/51-dracut-rescue-postinst.sh
@@ -57,7 +57,7 @@ if [[ ! -f $INITRDFILE ]]; then
 fi

 if [[ ! -f $NEW_KERNEL_IMAGE ]]; then
-    cp --reflink=auto "$KERNEL_IMAGE" "$NEW_KERNEL_IMAGE"
+    cp "$KERNEL_IMAGE" "$NEW_KERNEL_IMAGE"
    ((ret+=$?))
 fi

--- a/51-dracut-rescue.install
+++ b/51-dracut-rescue.install
@@ -33,11 +33,15 @@ dropindirs_sort()

 [[ -f /etc/os-release ]] && . /etc/os-release

-if [[ ! -f /etc/machine-id ]] || [[ ! -s /etc/machine-id ]]; then
-    systemd-machine-id-setup
+if [[ ${KERNEL_INSTALL_MACHINE_ID+x} ]]; then
+    MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
+elif [[ -f /etc/machine-id ]] ; then
+    read MACHINE_ID < /etc/machine-id
 fi

-[[ -f /etc/machine-id ]] && read MACHINE_ID < /etc/machine-id
+if ! [[ $MACHINE_ID ]]; then
+    exit 0
+fi

 if [[ -f /etc/kernel/cmdline ]]; then
    read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
@@ -59,16 +63,26 @@ if ! [[ ${BOOT_OPTIONS[*]} ]]; then
    exit 1
 fi

-LOADER_ENTRY="/boot/loader/entries/${MACHINE_ID}-0-rescue.conf"
-BOOT_DIR="/${MACHINE_ID}/0-rescue"
+if [[ -d "${BOOT_DIR_ABS%/*}" ]]; then
+    BOOT_DIR="/${MACHINE_ID}/0-rescue"
+    BOOT_ROOT=${BOOT_DIR_ABS%$BOOT_DIR}
+    LOADER_ENTRY="$BOOT_ROOT/loader/entries/${MACHINE_ID}-0-rescue.conf"
+    KERNEL="linux"
+    INITRD="initrd"
+else
+    BLS_DIR="/boot/loader/entries"
+    BOOT_DIR_ABS="/boot"
+    LOADER_ENTRY="$BLS_DIR/${MACHINE_ID}-0-rescue.conf"
+    KERNEL="vmlinuz-0-rescue-${MACHINE_ID}"
+    INITRD="initramfs-0-rescue-${MACHINE_ID}.img"
+fi

 ret=0

 case "$COMMAND" in
    add)
-        for i in "/boot/loader/entries/${MACHINE_ID}-0-rescue.conf"; do
-            [[ -f $i ]] && exit 0
-        done
+        [[ -f "$LOADER_ENTRY" ]] && [[ -f "$BOOT_DIR_ABS/$KERNEL" ]] \
+            && [[ -f "$BOOT_DIR_ABS/$INITRD" ]] && exit 0

        # source our config dir
        for f in $(dropindirs_sort ".conf" "/etc/dracut.conf.d" "/usr/lib/dracut/dracut.conf.d"); do
@@ -79,21 +93,29 @@ case "$COMMAND" in

        [[ -d "$BOOT_DIR_ABS" ]] || mkdir -p "$BOOT_DIR_ABS"

-        if ! cp --reflink=auto "$KERNEL_IMAGE" "$BOOT_DIR_ABS"/linux; then
-            echo "Can't copy '$KERNEL_IMAGE to '$BOOT_DIR_ABS/linux'!" >&2
+        if ! cp "$KERNEL_IMAGE" "$BOOT_DIR_ABS/$KERNEL"; then
+            echo "Can't copy '$KERNEL_IMAGE to '$BOOT_DIR_ABS/$KERNEL'!" >&2
        fi

-        dracut --no-hostonly -a "rescue" "$BOOT_DIR_ABS"/initrd "$KERNEL_VERSION"
-        ((ret+=$?))
+        if [[ ! -f "$BOOT_DIR_ABS/$INITRD" ]]; then
+            dracut -f --no-hostonly -a "rescue" "$BOOT_DIR_ABS/$INITRD" "$KERNEL_VERSION"
+            ((ret+=$?))
+        fi
+
+        if [[ "${BOOT_DIR_ABS}" != "/boot" ]]; then
+            {
+                echo "title      $PRETTY_NAME - Rescue Image"
+                echo "version    $KERNEL_VERSION"
+                echo "machine-id $MACHINE_ID"
+                echo "options    ${BOOT_OPTIONS[@]} rd.auto=1"
+                echo "linux      $BOOT_DIR/linux"
+                echo "initrd     $BOOT_DIR/initrd"
+            } > $LOADER_ENTRY
+        else
+            cp -aT "${KERNEL_IMAGE%/*}/bls.conf" $LOADER_ENTRY
+            sed -i 's/'$KERNEL_VERSION'/0-rescue-'${MACHINE_ID}'/' $LOADER_ENTRY
+        fi

-        {
-            echo "title      $PRETTY_NAME - Rescue Image"
-            echo "version    $KERNEL_VERSION"
-            echo "machine-id $MACHINE_ID"
-            echo "options    ${BOOT_OPTIONS[@]} rd.auto=1"
-            echo "linux      $BOOT_DIR/linux"
-            echo "initrd     $BOOT_DIR/initrd"
-        } > $LOADER_ENTRY
        ((ret+=$?))
        ;;

@@ -106,6 +128,4 @@ case "$COMMAND" in
        ret=1;;
 esac

-((ret+=$?))
-
 exit $ret
--- a/130
+++ b/130
@@ -1,35 +1,51 @@
 Harald Hoyer <harald@redhat.com>
 Victor Lowther <victor.lowther@gmail.com>
 Amadeusz Żołnowski <aidecoe@aidecoe.name>
+Hannes Reinecke <hare@suse.com>
 Will Woods <wwoods@redhat.com>
 Philippe Seewer <philippe.seewer@bfh.ch>
 Warren Togami <wtogami@redhat.com>
 Dave Young <dyoung@redhat.com>
 Jeremy Katz <katzj@redhat.com>
 David Dillow <dave@thedillows.org>
-Hannes Reinecke <hare@suse.de>
 Michal Soltys <soltys@ziu.info>
 Colin Guthrie <colin@mageia.org>
+Daniel Molkentin <dmolkentin@suse.com>
 Amerigo Wang <amwang@redhat.com>
-Thomas Renninger <trenn@suse.de>
-WANG Chao <chaowang@redhat.com>
-Andrey Borzenkov <arvidjaar@gmail.com>
-Peter Jones <pjones@redhat.com>
+Thomas Renninger <trenn@suse.com>
+Lukas Nykryn <lnykryn@redhat.com>
 Alexander Tsoy <alexander@tsoy.me>
-Andreas Thienemann <andreas@bawue.net>
+Frederick Grose <fgrose@sugarlabs.org>
+WANG Chao <chaowang@redhat.com>
+Yu Watanabe <watanabe.yu+github@gmail.com>
+Andrey Borzenkov <arvidjaar@gmail.com>
 Hans de Goede <hdegoede@redhat.com>
+Peter Jones <pjones@redhat.com>
+Andreas Thienemann <andreas@bawue.net>
+Peter Robinson <pbrobinson@fedoraproject.org>
+Fabian Vogt <fvogt@suse.com>
+Kairui Song <kasong@redhat.com>
 John Reiser <jreiser@bitwagon.com>
 Luca Berra <bluca@vodka.it>
+Xunlei Pang <xlpang@redhat.com>
+Daniel Drake <drake@endlessm.com>
+Lubomir Rintel <lkundrak@v3.sk>
+Angelo "pallotron" Failla <pallotron@fb.com>
 Brian C. Lane <bcl@redhat.com>
-Daniel Drake <dsd@laptop.org>
-Dan Horák <dhorak@redhat.com>
-Frederick Grose <fgrose@sugarlabs.org>
-Baoquan He <bhe@redhat.com>
-Leho Kraav <leho@kraav.com>
-Colin Walters <walters@verbum.org>
+Ville Skyttä <ville.skytta@iki.fi>
 Cristian Rodríguez <crrodriguez@opensuse.org>
+Dan Horák <dhorak@redhat.com>
+Baoquan He <bhe@redhat.com>
+Brendan Germain <brendan.germain@nasdaqomx.com>
+Colin Walters <walters@verbum.org>
+Leho Kraav <leho@kraav.com>
+Moritz Maxeiner <moritz@ucworks.org>
+Nicolas Chauvet <kwizart@gmail.com>
+Ondrej Mosnacek <omosnace@redhat.com>
 Fabian Deutsch <fabiand@fedoraproject.org>
+Javier Martinez Canillas <javierm@redhat.com>
 Kamil Rytarowski <n54@gmx.com>
+Lidong Zhong <lidong.zhong@suse.com>
 Marc Grimme <grimme@atix.de>
 NeilBrown <neilb@suse.de>
 Peter Rajnoha <prajnoha@redhat.com>
@@ -39,11 +55,13 @@ Chao Wang <chaowang@redhat.com>
 Frederic Crozat <fcrozat@suse.com>
 James Lee <jlee@thestaticvoid.com>
 Jesse Keating <jkeating@redhat.com>
+Martin Wilck <mwilck@suse.de>
+Mike Gilbert <floppym@gentoo.org>
 Milan Broz <mbroz@redhat.com>
 Mimi Zohar <zohar@linux.vnet.ibm.com>
-Nicolas Chauvet <kwizart@gmail.com>
 Roberto Sassu <roberto.sassu@polito.it>
 Stefan Reimer <it@startux.de>
+Adam Williamson <awilliam@redhat.com>
 Anton Blanchard <anton@samba.org>
 Bill Nottingham <notting@redhat.com>
 Chapman Flack <g2@anastigmatix.net>
@@ -54,105 +72,157 @@ Jan Synacek <jsynacek@redhat.com>
 Jon Ander Hernandez <jonan.h@gmail.com>
 Juan RP <xtraeme@gmail.com>
 Lance Albertson <lance@osuosl.org>
-Lidong Zhong <lzhong@suse.com>
+Marcos Mello <marcosfrm@gmail.com>
 Marian Ganisin <mganisin@redhat.com>
+Matthias Gerstner <matthias.gerstner@suse.de>
 Michael Ploujnikov <plouj@somanetworks.com>
-Peter Robinson <pbrobinson@gmail.com>
+Pratyush Anand <panand@redhat.com>
 Silvio Fricke <silvio.fricke@gmail.com>
+Steven Brudenell <steven.brudenell@gmail.com>
 Stig Telfer <stelfer@cray.com>
+Thomas Backlund <tmb@mageia.org>
 Vasiliy Tolstov <v.tolstov@selfip.ru>
-Ville Skyttä <ville.skytta@iki.fi>
 Wim Muskee <wimmuskee@gmail.com>
-yuwata <watanabe.yu+github@gmail.com>
+tpgxyz <tpgxyz@gmail.com>
 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
 Alan Pevec <apevec@redhat.com>
 Alex Harpin <development@landsofshadow.co.uk>
+Ankit Kumar <ankit@linux.vnet.ibm.com>
 Antony Messerli <amesserl@rackspace.com>
 Chao Fan <cfan@redhat.com>
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Daniel Schaal <farbing@web.de>
+Denis Silakov <dsilakov@virtuozzo.com>
 Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
 Erwan Velu <erwan.velu@enovance.com>
+Evgeny Vereshchagin <evvers@ya.ru>
+Guido Trentalancia <guido@trentalancia.net>
 Hari Bathini <hbathini@linux.vnet.ibm.com>
 Ian Dall <ian@beware.dropbear.id.au>
+Imran Haider <imran1008@gmail.com>
 James Buren <ryuo@frugalware.org>
 Joey Boggs <jboggs@redhat.com>
+Julian Wolf <juwolf@suse.com>
 Koen Kooi <koen@dominion.thruhere.net>
 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 Kyle McMartin <kmcmarti@redhat.com>
-Lubomir Rintel <lkundrak@v3.sk>
 Lukas Wunner <lukas@wunner.de>
-Mike Gilbert <floppym@gentoo.org>
 Mike Snitzer <snitzer@redhat.com>
 Minfei Huang <mhuang@redhat.com>
+Nikoli <nikoli@gmx.us>
+Pingfan Liu <piliu@redhat.com>
 Przemysław Rudy <prudy1@o2.pl>
-Thomas Backlund <tmb@mageia.org>
+Robert LeBlanc <robert@leblancnet.us>
+Robert Scheck <robert@fedoraproject.org>
+Stefan Berger <stefanb@us.ibm.com>
 Thomas Lange <lange@informatik.uni-koeln.de>
 Till Maas <opensource@till.name>
+Tony Asleson <tasleson@redhat.com>
 Vivek Goyal <vgoyal@redhat.com>
 Vladislav Bogdanov <bubble@hoster-ok.com>
-Adam Williamson <awilliam@redhat.com>
+Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+Alexander Kurtz <alexander@kurtz.be>
 Alexander Todorov <atodorov@redhat.com>
-Andrei Borzenkov <arvidjaar@gmail.com>
+Andreas Stieger <astieger@suse.com>
 Andy Lutomirski <luto@mit.edu>
 Anssi Hannula <anssi@mageia.org>
+Artem Savkov <asavkov@redhat.com>
+B. Wilson <x@wilsonb.com>
 Brandon Philips <brandon@ifup.co>
+Bryn M. Reeves <bmr@redhat.com>
 Canek Peláez Valdés <caneko@gmail.com>
+Carlo Caione <carlo@endlessm.com>
+Chad Dupuis <chad.dupuis@cavium.com>
 Christian Heinz <christian.ch.heinz@gmail.com>
-Christian Rodrigues <crrodriguez@opensuse.org>
 Cong Wang <amwang@redhat.com>
-Daniel Drake <drake@endlessm.com>
+Dan Fuhry <dfuhry@datto.com>
 Dave Jones <davej@redhat.com>
+David Disseldorp <ddiss@suse.de>
+David Michael <david.michael@coreos.com>
 Dennis Schridde <devurandom@gmx.net>
+Derek Higgins <derekh@redhat.com>
 Duane Griffin <duaneg@dghda.com>
-Fabian <fvogt@suse.com>
+Elan Ruusamäe <glen@delfi.ee>
+Enno Boland <g@s01.de>
+Eugene Syromiatnikov <esyr@redhat.com>
+Florian Albrechtskirchinger <falbrechtskirchinger@gmail.com>
+Florian Gamböck <mail@floga.de>
+François Cami <fcami@fedoraproject.org>
 Gerd von Egidy <gerd.von.egidy@intra2net.com>
 Glen Gray <slaine@slaine.org>
 HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
+Hendrik Brueckner <brueckner@linux.ibm.com>
 Hermann Gausterer <git-dracut-2012@mrq1.org>
+Hiroaki Mizuguchi <hiroaki-m@iij.ad.jp>
+Hui Wang <john.wanghui@huawei.com>
+Ignaz Forster <iforster@suse.com>
 James Laska <jlaska@redhat.com>
 Jan Stodola <jstodola@redhat.com>
+Jason Dana <jasondana@quarksecurity.com>
+Jeremy Linton <lintonrjeremy@gmail.com>
 Jiri Pirko <jiri@resnulli.us>
 Joe Lawrence <Joe.Lawrence@stratus.com>
+Johannes Thumshirn <jthumshirn@suse.com>
 Jonas Jonsson <jonas@websystem.se>
-Julian Wolf <juwolf@suse.com>
 Kevin Yung <Kevin.Yung@myob.com>
 Lars R. Damerow <lars@pixar.com>
 Lennert Buytenhek <buytenh@wantstofly.org>
-Lukas Nykryn <lnykryn@redhat.com>
 Major Hayden <major@mhtx.net>
+Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 Marian Csontos <mcsontos@redhat.com>
+Mark Fasheh <mfasheh@suse.de>
 Marko Myllynen <myllynen@redhat.com>
 Matt <smoothsailing72@hotmail.com>
 Matt Smith <shadowfax@gmx.com>
+Matthew Thode <mthode@mthode.org>
 Mei Liu <liumbj@linux.vnet.ibm.com>
+Michael Chapman <mike@very.puzzling.org>
+Michael McCracken <michael.mccracken@gmail.com>
+Michal Koutný <mkoutny@suse.com>
 Michal Schmidt <mschmidt@redhat.com>
+Michal Sekletar <msekleta@redhat.com>
 Mike Gorse <mgorse@suse.com>
 Moritz 'Morty' Strübe <morty@gmx.net>
 Munehiro Matsuda <haro@kgt.co.jp>
-Nikoli <nikoli@gmx.us>
-Nikoli <nikoli@lavabit.com>
+Nicolas Porcel <nicolasporcel06@gmail.com>
 Olivier Blin <dev@blino.org>
 P J P <ppandit@redhat.com>
 Paolo Bonzini <pbonzini@redhat.com>
-Peter Robinson <pbrobinson@fedoraproject.org>
+Pavel Zhukov <pzhukov@redhat.com>
+Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>
+Pekka Wallendahl <wyrmiyu@gmail.com>
+Prarit Bhargava <prarit@redhat.com>
 Praveen_Paladugu@Dell.com <Praveen_Paladugu@Dell.com>
 Pádraig Brady <P@draigBrady.com>
 Quentin Armitage <quentin@armitage.org.uk>
+Renaud Métrich <rmetrich@redhat.com>
 Robert Buchholz <rbu@goodpoint.de>
+Ruben Kerkhof <ruben@rubenkerkhof.com>
 Rusty Bird <rustybird@openmailbox.org>
 Sergey Fionov <fionov@gmail.com>
 Shawn W Dunn <sfalken@opensuse.org>
 Srinivasa T N <seenutn@linux.vnet.ibm.com>
 Stijn Hoop <stijn@sandcat.nl>
+Sullivan (CTR), Austin <austin.sullivan.ctr@progeny.net>
 Thilo Bangert <thilo.bangert@gmx.net>
+Thomas Blume <thomas.blume@suse.com>
 Tobias Geerinckx <tobias.geerinckx@gmail.com>
+Tobias Klauser <tklauser@distanz.ch>
 Tom Gundersen <teg@jklm.no>
+Tomasz Paweł Gajc <tpgxyz@gmail.com>
 Tomasz Torcz <tomek@pipebreaker.pl>
+Tong Li <tonli@redhat.com>
 Vadim Kuznetsov <vadimk@gentoo.org>
 Vaughan Cao <vaughan.cao@oracle.com>
 Vratislav Podzimek <vpodzime@redhat.com>
 Yanko Kaneti <yaneti@declera.com>
 Zhiguo Deng <bjzgdeng@linux.vnet.ibm.com>
+Ziyue Yang <ziyang@redhat.com>
+honza801 <honza801@gmail.com>
 jloeser <jloeser@suse.de>
+johannes <johannes.brechtmann@gmail.com>
+jonathan-teh <30538043+jonathan-teh@users.noreply.github.com>
 maximilian attems <max@stro.at>
+privb0x23 <privb0x23@users.noreply.github.com>
+tpg <tpgxyz@gmail.com>
 xtraeme <xtraeme@voidlinux.eu>
--- a/25
+++ b/25
@@ -1,7 +1,7 @@
 -include dracut-version.sh

-VERSION ?= $(shell [ -d .git ] && git describe --abbrev=0 --tags 2>/dev/null || echo $(DRACUT_VERSION))
-GITVERSION ?= $(shell [ -d .git ] && { v=$$(git describe --tags 2>/dev/null); [ -n "$$v" ] && [ $${v\#*-} != $$v ] && echo -$${v\#*-}; } )
+VERSION ?= $(shell [ -d .git ] && git describe --abbrev=0 --tags --always 2>/dev/null || echo $(DRACUT_VERSION))
+GITVERSION ?= $(shell [ -d .git ] && { v=$$(git describe --tags --always 2>/dev/null); [ -n "$$v" ] && [ $${v\#*-} != $$v ] && echo -$${v\#*-}; } )

 -include Makefile.inc

@@ -13,7 +13,7 @@ sysconfdir ?= ${prefix}/etc
 bindir ?= ${prefix}/bin
 mandir ?= ${prefix}/share/man
 CFLAGS ?= -O2 -g -Wall
-CFLAGS += -std=gnu99 -D_FILE_OFFSET_BITS=64 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
+CFLAGS += -std=gnu99 -D_FILE_OFFSET_BITS=64 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 $(KMOD_CFLAGS)
 bashcompletiondir ?= ${datadir}/bash-completion/completions
 pkgconfigdatadir ?= $(datadir)/pkgconfig

@@ -40,7 +40,7 @@ man8pages = dracut.8 \

 manpages = $(man1pages) $(man5pages) $(man7pages) $(man8pages)

-.PHONY: install clean archive rpm testimage test all check AUTHORS doc dracut-version.sh
+.PHONY: install clean archive rpm srpm testimage test all check AUTHORS doc dracut-version.sh

 all: dracut-version.sh dracut.pc dracut-install skipcpio/skipcpio

@@ -61,6 +61,10 @@ install/util.o: install/util.c install/util.h install/macro.h install/log.h
 install/strv.o: install/strv.c install/strv.h install/util.h install/macro.h install/log.h

 install/dracut-install: $(DRACUT_INSTALL_OBJECTS)
+	$(CC) $(LDFLAGS) -o $@ $(DRACUT_INSTALL_OBJECTS) $(LDLIBS) $(KMOD_LIBS)
+
+logtee: logtee.c
+	$(CC) $(LDFLAGS) -o $@ $<

 dracut-install: install/dracut-install
 	ln -fs $< $@
@@ -210,7 +214,18 @@ rpm: dracut-$(VERSION).tar.xz syncheck
 	rpmbuild --define "_topdir $$PWD" --define "_sourcedir $$PWD" \
 	        --define "_specdir $$PWD" --define "_srcrpmdir $$PWD" \
 		--define "_rpmdir $$PWD" -ba dracut.spec; ) && \
-	( mv "$$rpmbuild"/$$(arch)/*.rpm .; mv "$$rpmbuild"/*.src.rpm .;rm -fr -- "$$rpmbuild"; ls *.rpm )
+	( mv "$$rpmbuild"/{,$$(arch)/}*.rpm $(DESTDIR).; rm -fr -- "$$rpmbuild"; ls $(DESTDIR)*.rpm )
+
+srpm: dracut-$(VERSION).tar.xz syncheck
+	rpmbuild=$$(mktemp -d -t rpmbuild-dracut.XXXXXX); src=$$(pwd); \
+	cp dracut-$(VERSION).tar.xz "$$rpmbuild"; \
+	LC_MESSAGES=C $$src/git2spec.pl $(VERSION) "$$rpmbuild" < dracut.spec > $$rpmbuild/dracut.spec; \
+	(cd "$$rpmbuild"; \
+	[ -f $$src/lgpl-2.1.txt ] && cp $$src/lgpl-2.1.txt . || wget https://www.gnu.org/licenses/lgpl-2.1.txt; \
+	rpmbuild --define "_topdir $$PWD" --define "_sourcedir $$PWD" \
+	        --define "_specdir $$PWD" --define "_srcrpmdir $$PWD" \
+		--define "_rpmdir $$PWD" -bs dracut.spec; ) && \
+	( mv "$$rpmbuild"/*.src.rpm $(DESTDIR).; rm -fr -- "$$rpmbuild"; ls $(DESTDIR)*.rpm )

 syncheck:
 	@ret=0;for i in dracut-initramfs-restore.sh modules.d/*/*.sh; do \
--- a/456
+++ b/456
@@ -1,3 +1,459 @@
+dracut-049
+==========
+lsinitrd:
+- record loaded kernel modules when hostonly mode is enabled
+  lsinitrd $image -f */lib/dracut/loaded-kernel-modules.txt
+- allow to only unpack certain files
+
+kernel-modules:
+- add gpio and pinctrl drivers for arm*/aarch64
+- add nfit
+
+kernel-network-modules:
+- add vlan kernel modules
+
+ifcfg/write-ifcfg.sh:
+- aggregate resolv.conf
+
+livenet:
+- Enable OverlayFS overlay in sysroot.mount generator.
+
+dmsquash-live:
+- Support a flattened squashfs.img
+
+dracut-systemd:
+- Start systemd-vconsole-setup before dracut-cmdline-ask
+
+iscsi:
+- do not install all of /etc/iscsi unless hostonly
+- start iscsid even w/o systemd
+
+multipath:
+- fixed shutdown
+
+network:
+- configure NetworkManager to use dhclient
+
+mdraid:
+- fixed uuid handling ":" versus "-"
+
+stratis:
+- Add additional binaries
+
+new modules:
+- 00warpclock
+- 99squash
+  Adds support for building a squashed initramfs
+- 35network-legacy
+  the old 40network
+- 35network-manager
+  alternative to 35network-legacy
+- 90kernel-modules-extra
+  adds out-of-tree kernel modules
+
+testsuite:
+- now runs on travis
+- support new qemu device options
+- even runs without kvm now
+
+dracut-048
+==========
+
+dracut.sh:
+- fixed finding of btrfs devices
+- harden dracut against BASH_ENV environment variable
+- no more prelinking
+- scan and install "external" kernel modules
+- fixed instmods with zero input
+- rdsosreport: best effort to strip out passwords
+- introduce tri-state hostonly mode
+
+   Add a new option --hostonly-mode which accept an <mode> parameter, so we have a tri-state hostonly mode:
+
+        * generic: by passing "--no-hostonly" or not passing anything.
+                   "--hostonly-mode" has no effect in such case.
+        * sloppy: by passing "--hostonly --hostonly-mode sloppy". This
+                  is also the default mode when only "--hostonly" is given.
+        * strict: by passing "--hostonly --hostonly-mode strict".
+
+    Sloppy mode is the original hostonly mode, the new introduced strict
+    mode will allow modules to ignore more drivers or do some extra job to
+    save memory and disk space, while making the image less portable.
+
+    Also introduced a helper function "optional_hostonly" to make it
+    easier for modules to leverage new hostonly mode.
+
+    To force install modules only in sloppy hostonly mode, use the form:
+
+    hostonly="$(optional_hostonly)" instmods <modules>
+
+dracut-install:
+- don't error out, if no modules were installed
+- support modules.softdep
+
+lsinitrd.sh:
+- fixed zstd file signature
+
+kernel:
+- include all pci/host modules
+- add mmc/core for arm
+- Include Intel Volume Management Device support
+
+plymouth:
+- fix detection of plymouth directory
+
+drm:
+- make failing installation of drm modules nonfatal
+- include virtio DRM drivers in hostonly initramfs
+
+stratis:
+- initial Stratis support
+
+crypt:
+- correct s390 arch to include arch-specific crypto modules
+- add cmdline rd.luks.partuuid
+- add timeout option rd.luks.timeout
+
+shutdown:
+- sleep a little, if a process was killed
+
+network:
+- introduce ip=either6 option
+
+iscsi:
+- replace iscsistart with iscsid
+
+qeth_rules:
+- new module to copy qeth rules
+
+multipath-hostonly:
+- merged back into multipath
+
+mdraid:
+- fixed case if rd.md.uuid is in ID_FS_UUID format
+
+dracut-047
+==========
+dracut.sh:
+- sync initramfs to filesystem with fsfreeze
+- introduce "--no-hostonly-default-device"
+- disable lsinitrd logging when quiet
+- add support for Zstandard compression
+- fixed relative paths in --kerneldir
+- if /boot/vmlinuz-$version exists use /boot/ as default output dir
+- make qemu and qemu-net a default module in non-hostonly mode
+- fixed relative symlinks
+- support microcode updates for all AMD CPU families
+- install all modules-load.d regardless of hostonly
+- fixed parsing of "-i" and "--include"
+- bump kmod version to >= 23
+- enable 'early_microcode' by default
+- fixed check_block_and_slaves() for nvme
+
+lsinitrd.sh:
+- dismiss "cat" error messages
+
+systemd-bootchart:
+- removed
+
+i18n:
+- install all keymaps for a given locale
+- add correct fontmaps
+
+dmsquash-live:
+- fixed systemd unit escape
+
+systemd:
+- enable core dumps with systemd from initrd
+- fixed setting of timeouts for device units
+- emergency.service: use Type=idle and fixed task limit
+
+multipath:
+- include files from /etc/multipath/conf.d
+- do not fail startup on missing configuration
+- start daemon after udev settle
+- add shutdown script
+- parse kernel commandline option 'multipath=off'
+- start before local-fs-pre.target
+
+dracut-emergency:
+- optionally print filesystem help
+
+network:
+- fixed MTU for bond master
+- fixed race condition when wait for networks
+
+fcoe:
+- handle CNAs with DCB firmware support
+- allow to specify the FCoE mode via the fcoe= parameter
+- always set AUTO_VLAN for fcoemon
+- add shutdown script
+- fixup fcoe-genrules.sh for VN2VN mode
+- switch back to using fipvlan for bnx2fc
+- add timeout mechanism
+
+crypt:
+- add basic LUKS detached header support
+- escape backslashes for systemd unit names correctly
+- put block_uuid.map into initramfs
+
+dmraid:
+- do not delete partitions
+
+dasd_mod:
+- do not set module parameters if dasd_cio_free is not present
+
+nfs:
+- fix mount if IPv4 address is used in /etc/fstab
+- support host being a DNS ALIAS
+
+fips:
+- fixed creating path to .hmac of kernel based on BOOT_IMAGE
+
+lunmask:
+- add module to handle LUN masking
+
+s390:
+- add rd.cio_accept
+
+dcssblk:
+- add new module for DCSS block devices
+
+zipl:
+- add new module to update s390x configuration
+
+iscsi:
+- no more iscsid, either iscsistart or iscsid
+
+integrity:
+- support loading x509 into the trusted/builtin .evm keyring
+- support X.509-only EVM configuration
+
+plymouth:
+- improve distro compatibility
+
+dracut-046
+==========
+
+dracut.sh:
+- bail out if module directory does not exist
+  if people want to build the initramfs without kernel modules,
+  then --no-kernel should be specified
+- add early microcode support for AMD family 16h
+- collect also all modaliases modules from sysfs for hostonly modules
+- sync initramfs after creation
+
+network:
+- wait for IPv6 RA if using none/static IPv6 assignment
+- ipv6 improvements
+- Handle curl using libnssckbi for TLS
+- fix dhcp classless_static_routes
+- dhclient: send client-identifier matching hardware address
+- don't arping for point-to-point connections
+- only bring up wired network interfaces (no wlan and wwan)
+
+mraid:
+- mdraid: wait for rd.md.uuid specified devices to be assembled
+
+crypt:
+- handle rd.luks.name
+
+crypt-gpg:
+- For GnuPG >= 2.1 support OpenPGP smartcards
+
+kernel-install:
+- Skip to create initrd if /etc/machine-id is missing or empty
+
+nfs:
+- handle rpcbind /run/rpcbind directory
+
+s390:
+- various fixes
+
+dmsquash-live:
+- add NTFS support
+
+multipath:
+- split out multipath-hostonly module
+
+lvmmerge:
+- new module, see README.md in the module directory
+
+dracut-systemd:
+- fixed dependencies
+
+
+dracut-045
+==========
+
+Important: dracut now requires libkmod for the dracut-install binary helper,
+           which nows handles kernel module installing and filtering.
+
+dracut.sh:
+- restorecon final image file
+- fail hard, if we find modules and modules.dep is missing
+- support --tmpdir as a relative path
+- add default path for --uefi
+
+dracut-functions.sh:
+- fix check_vol_slaves() volume group name stripping
+
+dracut-install:
+- catch ldd message "cannot execute binary file"
+- added kernel module handling with libkmod
+  Added parameters:
+    --module,-m
+    --mod-filter-path, -p
+    --mod-filter-nopath, -P
+    --mod-filter-symbol, -s
+    --mod-filter-nosymbol, -S
+    --mod-filter-noname, -N
+    --silent
+    --kerneldir
+    --firmwaredirs
+- fallback to non-hostonly mode if lsmod fails
+
+lsinitrd:
+- new option "--unpack"
+- new option "--unpackearly"
+- and "--verbose"
+
+general initramfs fixes:
+- don't remove 99-cmdline-ask on 'hostonly' cleanup
+- call dracut-cmdline-ask.service, if /etc/cmdline.d/*.conf exists
+- break at switch_root only for bare rd.break
+- add rd.emergency=[reboot|poweroff|halt]
+  specifies what action to execute in case of a critical failure
+- rd.memdebug=4 gives information, about kernel module memory consumption
+  during loading
+
+dmsquash-live:
+- fixed livenet-generator execution flag
+  and include only, if systemd is used
+- fixed dmsquash-live-root.sh for cases where the fstype of the liveimage is squashfs
+- fixed typo for rootfs.img
+- enable the use of the OverlayFS for the LiveOS root filesystem
+  Patch notes:
+    Integrate the option to use an OverlayFS as the root filesystem
+    into the 90dmsquash-live module for testing purposes.
+
+    The rd.live.overlay.overlayfs option allows one to request an
+    OverlayFS overlay.  If a persistent overlay is detected at the
+    standard LiveOS path, the overlay & type detected will be used.
+
+    Tested primarily with transient, in-RAM overlay boots on vfat-
+    formatted Live USB devices, with persistent overlay directories
+    on ext4-formatted Live USB devices, and with embedded, persistent
+    overlay directories on vfat-formatted devices. (Persistent overlay
+    directories on a vfat-formatted device must be in an embedded
+    filesystem that supports the creation of trusted.* extended
+    attributes, and must provide valid d_type in readdir responses.)
+
+    The rd.live.overlay.readonly option, which allows a persistent
+    overlayfs to be mounted read only through a higher level transient
+    overlay directory, has been implemented through the multiple lower
+    layers feature of OverlayFS.
+
+    The default transient DM overlay size has been adjusted up to 32 GiB.
+    This change supports comparison of transient Device-mapper vs.
+    transient OverlayFS overlay performance.  A transient DM overlay
+    is a sparse file in memory, so this setting does not consume more
+    RAM for legacy applications.  It does permit a user to use all of
+    the available root filesystem storage, and fails gently when it is
+    consumed, as the available free root filesystem storage on a typical
+    LiveOS build is only a few GiB.  Thus, when booted on other-
+    than-small RAM systems, the transient DM overlay should not overflow.
+
+    OverlayFS offers the potential to use all of the available free RAM
+    or all of the available free disc storage (on non-vfat-devices)
+    in its overlay, even beyond the root filesystem available space,
+    because the OverlayFS root filesystem is a union of directories on
+    two different partitions.
+
+    This patch also cleans up some message spew at shutdown, shortens
+    the execution path in a couple of places, and uses persistent
+    DM targets where required.
+
+dmraid:
+- added "nowatch" option in udev rule, otherwise udev would reread partitions for raid members
+- allow booting from degraded MD RAID arrays
+
+shutdown:
+- handle readonly /run on shutdown
+
+kernel-modules:
+- add all HID drivers, regardless of hostonly mode
+  people swap keyboards sometimes and should be able to enter their disk password
+- add usb-storage
+  To save the rdsosreport.txt to a USB stick, the usb-storage module is needed.
+- add xennet
+- add nvme
+
+systemd:
+- add /etc/machine-info
+- fixed systemd-escape call for names beginning with "-"
+- install missing drop-in configuration files for
+    /etc/systemd/{journal.conf,system.conf}
+
+filesystems:
+- add support to F2FS filesystem (fsck and modules)
+
+network:
+- fix carrier detection
+- correctly set mac address for ip=...:<mtu>:<mac>
+- fixed vlan, bonding, bridging, team logic
+  call ifup for the slaves and assemble afterwards
+- add mtu to list of variables to store in override
+- for rd.neednet=0 a bootdev is not needed anymore
+- dhclient-script.sh: add classless-static-routes support
+- support for iBFT IPv6
+- support macaddr in brackets [] (commit 740c46c0224a187d6b5a42b4aa56e173238884cc)
+- use arping2, if available
+- support multiple default gateways from DHCP server
+- fixup VLAN handling
+- enhance team support
+- differ between ipv6 local and global tentative
+- ipv6: wait for a router advertised route
+- add 'mtu' parameter for bond options
+- use 'ip' instead of 'brctl'
+
+nbd:
+- add systemd generator
+- use export names instead of port numbers, because port number based
+  exports are deprecated and were removed.
+
+fcoe:
+- no more /dev/shm state copying
+
+multipath:
+- check all /dev/mapper devices if they are multipath devices, not only mpath*
+
+fips:
+- fixed .hmac installation in FIPS mode
+
+plymouth:
+- also trigger the acpi subsystem
+
+syslog:
+- add imjournal.so to read systemd journal
+- move start from udev to initqueue/online
+
+caps:
+- make it a non default module
+
+livenet:
+- support nfs:// urls in livenet-generator
+
+nfs:
+- install all nfs modules non-hostonly
+
+crypt:
+- support keyfiles embedded in the initramfs
+
+testsuite:
+- add TEST-70-BONDBRIDGETEAMVLAN
+- make "-cpu host" the default
+
 dracut-044
 ==========
 creation:
--- a/24
+++ b/24
@@ -1,9 +1,10 @@
 dracut
 ------
-dracut is a new initramfs infrastructure.
+dracut is an event driven initramfs infrastructure.

-Information about the initial goals and aims can be found at
-https://fedoraproject.org/wiki/Initrdrewrite
+dracut (the tool) is used to create an initramfs image by copying tools
+and files from an installed system and combining it with the
+dracut framework, usually found in /usr/lib/dracut/modules.d.

 Unlike existing initramfs's, this is an attempt at having as little as
 possible hard-coded into the initramfs as possible.  The initramfs has
@@ -51,7 +52,7 @@ possible.  Every distribution has their own tool here and it's not
 something which is really interesting to have separate across them.
 So contributions to help decrease the distro-dependencies are welcome.

-Currently dracut lives on kernel.org.
+Currently dracut lives on github.com and kernel.org.

 The tarballs can be found here:
 	http://www.kernel.org/pub/linux/utils/boot/dracut/
@@ -62,21 +63,14 @@ Git:
 	http://git.kernel.org/pub/scm/boot/dracut/dracut.git
 	https://git.kernel.org/pub/scm/boot/dracut/dracut.git

-	git://github.com/haraldh/dracut.git
-
-	git://dracut.git.sourceforge.net/gitroot/dracut/dracut
+	git@github.com:dracutdevs/dracut.git

 Git Web:
-	http://git.kernel.org/?p=boot/dracut/dracut.git
+	https://github.com/dracutdevs/dracut.git

-	https://haraldh@github.com/haraldh/dracut.git
+        http://git.kernel.org/?p=boot/dracut/dracut.git

-	http://dracut.git.sourceforge.net/git/gitweb.cgi?p=dracut/dracut
-
-Git Web RSS Feed:
-	http://git.kernel.org/?p=boot/dracut/dracut.git;a=rss
-
-Project Page:
+Project Documentation:
 	http://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html

 Project Wiki:
--- a/README.md
+++ b/README.md
@@ -0,0 +1,31 @@
+# dracut - master branch
+
+dracut is an initramfs infrastructure.
+
+## Travis
+
+[![Build Status](https://travis-ci.org/dracutdevs/dracut.svg?branch=master)](https://travis-ci.org/dracutdevs/dracut)
+
+## CentOS CI
+
+[![Build Status](https://ci.centos.org/job/dracut-push-master/badge/icon)](https://ci.centos.org/job/dracut-push-master/)
+
+- Test 01: [![Test 01](https://ci.centos.org/job/dracut-matrix-master/TESTS=01,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=01,label=dracut-ci-slave01/)
+- Test 02: [![Test 02](https://ci.centos.org/job/dracut-matrix-master/TESTS=02,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=02,label=dracut-ci-slave01/)
+- Test 03: [![Test 03](https://ci.centos.org/job/dracut-matrix-master/TESTS=03,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=03,label=dracut-ci-slave01/)
+- Test 04: [![Test 04](https://ci.centos.org/job/dracut-matrix-master/TESTS=04,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=04,label=dracut-ci-slave01/)
+- Test 10: [![Test 10](https://ci.centos.org/job/dracut-matrix-master/TESTS=10,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=10,label=dracut-ci-slave01/)
+- Test 11: [![Test 11](https://ci.centos.org/job/dracut-matrix-master/TESTS=11,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=11,label=dracut-ci-slave01/)
+- Test 12: [![Test 12](https://ci.centos.org/job/dracut-matrix-master/TESTS=12,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=12,label=dracut-ci-slave01/)
+- Test 13: [![Test 13](https://ci.centos.org/job/dracut-matrix-master/TESTS=13,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=13,label=dracut-ci-slave01/)
+- Test 14: [![Test 14](https://ci.centos.org/job/dracut-matrix-master/TESTS=14,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=14,label=dracut-ci-slave01/)
+- Test 15: [![Test 15](https://ci.centos.org/job/dracut-matrix-master/TESTS=15,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=15,label=dracut-ci-slave01/)
+- Test 16: [![Test 16](https://ci.centos.org/job/dracut-matrix-master/TESTS=16,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=16,label=dracut-ci-slave01/)
+- Test 17: [![Test 17](https://ci.centos.org/job/dracut-matrix-master/TESTS=17,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=17,label=dracut-ci-slave01/)
+- Test 20: [![Test 20](https://ci.centos.org/job/dracut-matrix-master/TESTS=20,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=20,label=dracut-ci-slave01/)
+- Test 30: [![Test 30](https://ci.centos.org/job/dracut-matrix-master/TESTS=30,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=30,label=dracut-ci-slave01/)
+- Test 31: [![Test 31](https://ci.centos.org/job/dracut-matrix-master/TESTS=31,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=31,label=dracut-ci-slave01/)
+- Test 40: [![Test 40](https://ci.centos.org/job/dracut-matrix-master/TESTS=40,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=40,label=dracut-ci-slave01/)
+- Test 50: [![Test 50](https://ci.centos.org/job/dracut-matrix-master/TESTS=50,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=50,label=dracut-ci-slave01/)
+- Test 60: [![Test 60](https://ci.centos.org/job/dracut-matrix-master/TESTS=60,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=60,label=dracut-ci-slave01/)
+- Test 70: [![Test 70](https://ci.centos.org/job/dracut-matrix-master/TESTS=70,label=dracut-ci-slave01/badge/icon)](https://ci.centos.org/job/dracut-matrix-master/TESTS=70,label=dracut-ci-slave01/)
--- a/README.testsuite
+++ b/README.testsuite
@@ -1,16 +1,28 @@
 For the testsuite to work, you will have to install at least the following software packages:
 dash \
-bridge-utils \
 asciidoc \
 mdadm \
 lvm2 \
+dmraid \
 cryptsetup \
 nfs-utils \
 nbd \
 dhcp-server \
 scsi-target-utils \
-iscsi-initiator-utils
-
+iscsi-initiator-utils \
+strace \
+syslinux \
+python-imgcreate \
+genisoimage \
+btrfs-progs \
+kmod-devel \
+gcc \
+bzip2 \
+xz \
+tar \
+wget \
+rpm-build \
+${NULL}

 TEST-04-FULL-SYSTEMD: systemd >= 187

--- a/3
+++ b/3
@@ -18,11 +18,8 @@ INITRAMFS TODO
 - put mount hook in main initqueue loop / careful about resume!
 - the hard-coded list of udev rules that we care about is kind of lame.
 - panic fallback
- bridging/bonding without "netroot=" https://bugzilla.redhat.com/show_bug.cgi?id=822750
 - progress indication for fsck https://bugzilla.redhat.com/show_bug.cgi?id=827118
 - domain, searchdomain https://bugzilla.redhat.com/show_bug.cgi?id=840778
- disable write-ifcfg https://bugzilla.redhat.com/show_bug.cgi?id=840784
- check for /var to be mounted in convertfs https://bugzilla.redhat.com/show_bug.cgi?id=848172
 - probably fix "--include" https://bugzilla.redhat.com/show_bug.cgi?id=849338

 GENERATOR TODO
--- a/9
+++ b/9
@@ -7,6 +7,8 @@ prefix=/usr

 enable_documentation=yes

+PKG_CONFIG="${PKG_CONFIG:-pkg-config}"
+
 # Little helper function for reading args from the commandline.
 # it automatically handles -a b and -a=b variants, and returns 1 if
 # we need to shift $3.
@@ -50,6 +52,11 @@ while (($# > 0)); do
    shift
 done

+if ! ${PKG_CONFIG} --exists --print-errors " libkmod >= 23 "; then
+    echo "dracut needs pkg-config and libkmod >= 23." >&2
+    exit 1
+fi
+
 cat > Makefile.inc.$$ <<EOF
 prefix ?= ${prefix}
 libdir ?= ${libdir:-${prefix}/lib}
@@ -59,6 +66,8 @@ sbindir ?= ${sbindir:-${prefix}/sbin}
 mandir ?= ${mandir:-${prefix}/share/man}
 enable_documentation ?= ${enable_documentation:-yes}
 bindir ?= ${bindir:-${prefix}/bin}
+KMOD_CFLAGS ?= $(${PKG_CONFIG} --cflags " libkmod >= 23 ")
+KMOD_LIBS ?= $(${PKG_CONFIG} --libs " libkmod >= 23 ")
 EOF

 {
--- a/dracut-bash-completion.sh
+++ b/dracut-bash-completion.sh
@@ -29,11 +29,9 @@ _dracut() {
                              --hardlink --nohardlink --noprefix --mdadmconf --nomdadmconf
                              --lvmconf --nolvmconf --debug --profile --verbose --quiet
                              --local --hostonly --no-hostonly --fstab --help --bzip2 --lzma
-                              --xz --no-compress --gzip --list-modules --show-modules --keep
+                              --xz --zstd --no-compress --gzip --list-modules --show-modules --keep
                              --printsize --regenerate-all --noimageifnotneeded --early-microcode
-                              --no-early-microcode --print-cmdline --prelink --noprelink --reproducible
-                              --uefi
-                              '
+                              --no-early-microcode --print-cmdline --reproducible --uefi'

                       [ARG]='-a -m -o -d -I -k -c -L --kver --add --force-add --add-drivers
                              --omit-drivers --modules --omit --drivers --filesystems --install
--- a/dracut-functions.sh
+++ b/dracut-functions.sh
@@ -167,18 +167,6 @@ convert_abs_rel() {
    printf "%s\n" "$__newpath"
 }

-if [[ "$(ln --help)" == *--relative* ]]; then
-    ln_r() {
-        ln -sfnr "${initdir}/$1" "${initdir}/$2"
-    }
-else
-    ln_r() {
-        local _source=$1
-        local _dest=$2
-        [[ -d "${_dest%/*}" ]] && _dest=$(readlink -f "${_dest%/*}")/${_dest##*/}
-        ln -sfn -- "$(convert_abs_rel "${_dest}" "${_source}")" "${initdir}/${_dest}"
-    }
-fi

 # get_fs_env <device>
 # Get and the ID_FS_TYPE variable from udev for a device.
@@ -235,14 +223,20 @@ get_devpath_block() {

 # get a persistent path from a device
 get_persistent_dev() {
-    local i _tmp _dev
+    local i _tmp _dev _pol

    _dev=$(get_maj_min "$1")
    [ -z "$_dev" ] && return

+    if [[ -n "$persistent_policy" ]]; then
+	_pol="/dev/disk/${persistent_policy}/*"
+    else
+	_pol=
+    fi
+
    for i in \
+        $_pol \
        /dev/mapper/* \
-        /dev/disk/${persistent_policy:-by-uuid}/* \
        /dev/disk/by-uuid/* \
        /dev/disk/by-label/* \
        /dev/disk/by-partuuid/* \
@@ -480,7 +474,8 @@ for_each_host_dev_fs()
    local _dev
    local _ret=1

-    [[ "${#host_fs_types[@]}" ]] || return 0
+    [[ "${#host_fs_types[@]}" ]] || return 2
+

    for _dev in "${!host_fs_types[@]}"; do
        $_func "$_dev" "${host_fs_types[$_dev]}" && _ret=0
@@ -502,13 +497,14 @@ check_block_and_slaves() {
    [[ -b /dev/block/$2 ]] || return 1 # Not a block device? So sorry.
    if ! lvm_internal_dev $2; then "$1" $2 && return; fi
    check_vol_slaves "$@" && return 0
-    if [[ -f /sys/dev/block/$2/../dev ]]; then
+    if [[ -f /sys/dev/block/$2/../dev ]] && [[ /sys/dev/block/$2/../subsystem -ef /sys/class/block ]]; then
        check_block_and_slaves $1 $(<"/sys/dev/block/$2/../dev") && return 0
    fi
    [[ -d /sys/dev/block/$2/slaves ]] || return 1
-    for _x in /sys/dev/block/$2/slaves/*/dev; do
-        [[ -f $_x ]] || continue
-        check_block_and_slaves $1 $(<"$_x") && return 0
+    for _x in /sys/dev/block/$2/slaves/*; do
+        [[ -f $_x/dev ]] || continue
+        [[ $_x/subsystem -ef /sys/class/block ]] || continue
+        check_block_and_slaves $1 $(<"$_x/dev") && return 0
    done
    return 1
 }
@@ -519,14 +515,15 @@ check_block_and_slaves_all() {
    if ! lvm_internal_dev $2 && "$1" $2; then
        _ret=0
    fi
-    check_vol_slaves "$@" && return 0
-    if [[ -f /sys/dev/block/$2/../dev ]]; then
+    check_vol_slaves_all "$@" && return 0
+    if [[ -f /sys/dev/block/$2/../dev ]] && [[ /sys/dev/block/$2/../subsystem -ef /sys/class/block ]]; then
        check_block_and_slaves_all $1 $(<"/sys/dev/block/$2/../dev") && _ret=0
    fi
    [[ -d /sys/dev/block/$2/slaves ]] || return 1
-    for _x in /sys/dev/block/$2/slaves/*/dev; do
-        [[ -f $_x ]] || continue
-        check_block_and_slaves_all $1 $(<"$_x") && _ret=0
+    for _x in /sys/dev/block/$2/slaves/*; do
+        [[ -f $_x/dev ]] || continue
+        [[ $_x/subsystem -ef /sys/class/block ]] || continue
+        check_block_and_slaves_all $1 $(<"$_x/dev") && _ret=0
    done
    return $_ret
 }
@@ -539,7 +536,7 @@ for_each_host_dev_and_slaves_all()
    local _dev
    local _ret=1

-    [[ "${host_devs[@]}" ]] || return 0
+    [[ "${host_devs[@]}" ]] || return 2

    for _dev in "${host_devs[@]}"; do
        [[ -b "$_dev" ]] || continue
@@ -555,7 +552,7 @@ for_each_host_dev_and_slaves()
    local _func="$1"
    local _dev

-    [[ "${host_devs[@]}" ]] || return 0
+    [[ "${host_devs[@]}" ]] || return 2

    for _dev in "${host_devs[@]}"; do
        [[ -b "$_dev" ]] || continue
@@ -571,27 +568,44 @@ for_each_host_dev_and_slaves()
 # but you cannot create the logical volume without the volume group.
 # And the volume group might be bigger than the devices the LV needs.
 check_vol_slaves() {
-    local _lv _vg _pv _dm
-    for i in /dev/mapper/*; do
-        [[ $i == /dev/mapper/control ]] && continue
-        _lv=$(get_maj_min $i)
-        _dm=/sys/dev/block/$_lv/dm
-        [[ -f $_dm/uuid  && $(<$_dm/uuid) =~ LVM-* ]] || continue
-        if [[ $_lv = $2 ]]; then
-            _vg=$(lvm lvs --noheadings -o vg_name $i 2>/dev/null)
-            # strip space
-            _vg=$(printf "%s\n" "$_vg")
-            if [[ $_vg ]]; then
-                for _pv in $(lvm vgs --noheadings -o pv_name "$_vg" 2>/dev/null)
-                do
-                    check_block_and_slaves $1 $(get_maj_min $_pv) && return 0
-                done
-            fi
-        fi
-    done
+    local _lv _vg _pv _dm _majmin
+    _majmin="$2"
+    _lv="/dev/block/$_majmin"
+    _dm=/sys/dev/block/$_majmin/dm
+    [[ -f $_dm/uuid  && $(<$_dm/uuid) =~ LVM-* ]] || return 1
+    _vg=$(dmsetup splitname --noheadings -o vg_name $(<"$_dm/name") )
+    # strip space
+    _vg="${_vg//[[:space:]]/}"
+    if [[ $_vg ]]; then
+        for _pv in $(lvm vgs --noheadings -o pv_name "$_vg" 2>/dev/null)
+        do
+            check_block_and_slaves $1 $(get_maj_min $_pv) && return 0
+        done
+    fi
    return 1
 }

+check_vol_slaves_all() {
+    local _lv _vg _pv _majmin
+    _majmin="$2"
+    _lv="/dev/block/$_majmin"
+    _dm="/sys/dev/block/$_majmin/dm"
+    [[ -f $_dm/uuid  && $(<$_dm/uuid) =~ LVM-* ]] || return 1
+    _vg=$(dmsetup splitname --noheadings -o vg_name $(<"$_dm/name") )
+    # strip space
+    _vg="${_vg//[[:space:]]/}"
+    if [[ $_vg ]]; then
+        for _pv in $(lvm vgs --noheadings -o pv_name "$_vg" 2>/dev/null)
+        do
+            check_block_and_slaves_all $1 $(get_maj_min $_pv)
+        done
+        return 0
+    fi
+    return 1
+}
+
+
+
 # fs_get_option <filesystem options> <search for option>
 # search for a specific option in a bunch of filesystem options
 # and return the value
@@ -650,9 +664,8 @@ get_ucode_file ()
    local stepping=`grep -E "stepping" /proc/cpuinfo | head -1 | sed s/.*:\ //`

    if [[ "$(get_cpu_vendor)" == "AMD" ]]; then
-        # If family greater or equal than 0x15
        if [[ $family -ge 21 ]]; then
-            printf "microcode_amd_fam15h.bin"
+            printf "microcode_amd_fam%xh.bin" $family
        else
            printf "microcode_amd.bin"
        fi
@@ -663,6 +676,17 @@ get_ucode_file ()
    fi
 }

+# Get currently loaded modules
+# sorted, and delimited by newline
+get_loaded_kernel_modules ()
+{
+    local modules=( )
+    while read _module _size _used _used_by; do
+        modules+=( "$_module" )
+    done <<< "$(lsmod | sed -n '1!p')"
+    printf '%s\n' "${modules[@]}" | sort
+}
+
 # Not every device in /dev/mapper should be examined.
 # If it is an LVM device, touch only devices which have /dev/VG/LV symlink.
 lvm_internal_dev() {
--- a/dracut-init.sh
+++ b/dracut-init.sh
@@ -19,6 +19,12 @@
 #
 export LC_MESSAGES=C

+if [[ "$EUID" = "0" ]]; then
+    export DRACUT_CP="cp --reflink=auto --sparse=auto --preserve=mode,timestamps,xattr,links -dfr"
+else
+    export DRACUT_CP="cp --reflink=auto --sparse=auto --preserve=mode,timestamps,links -dfr"
+fi
+
 # is_func <command>
 # Check whether $1 is a function.
 is_func() {
@@ -46,13 +52,6 @@ if ! [[ -d $initdir ]]; then
    mkdir -p "$initdir"
 fi

-if [[ $DRACUT_KERNEL_LAZY ]] && ! [[ $DRACUT_KERNEL_LAZY_HASHDIR ]]; then
-    if ! [[ -d "$initdir/.kernelmodseen" ]]; then
-        mkdir -p "$initdir/.kernelmodseen"
-    fi
-    DRACUT_KERNEL_LAZY_HASHDIR="$initdir/.kernelmodseen"
-fi
-
 if ! [[ $kernel ]]; then
    kernel=$(uname -r)
    export kernel
@@ -69,6 +68,8 @@ srcmods="/lib/modules/$kernel/"
 }
 export srcmods

+[[ $DRACUT_FIRMWARE_PATH ]] || export DRACUT_FIRMWARE_PATH="/lib/firmware/updates:/lib/firmware:/lib/firmware/$kernel"
+
 # export standard hookdirs
 [[ $hookdirs ]] || {
    hookdirs="cmdline pre-udev pre-trigger netroot "
@@ -149,6 +150,14 @@ dracut_module_included() {
    [[ " $mods_to_load $modules_loaded " == *\ $*\ * ]]
 }

+dracut_no_switch_root() {
+    >"$initdir/lib/dracut/no-switch-root"
+}
+
+dracut_module_path() {
+    echo ${dracutbasedir}/modules.d/??${1} | { read a b; echo "$a"; }
+}
+
 if ! [[ $DRACUT_INSTALL ]]; then
    DRACUT_INSTALL=$(find_binary dracut-install)
 fi
@@ -164,11 +173,18 @@ if ! [[ -x $DRACUT_INSTALL ]]; then
    exit 10
 fi

+if [[ $hostonly == "-h" ]]; then
+    if ! [[ $DRACUT_KERNEL_MODALIASES ]] || ! [[ -f "$DRACUT_KERNEL_MODALIASES" ]]; then
+        export DRACUT_KERNEL_MODALIASES="${DRACUT_TMPDIR}/modaliases"
+        $DRACUT_INSTALL ${srcmods:+--kerneldir "$srcmods"} --modalias > "$DRACUT_KERNEL_MODALIASES"
+    fi
+fi
+
 [[ $DRACUT_RESOLVE_LAZY ]] || export DRACUT_RESOLVE_DEPS=1
 inst_dir() {
    [[ -e ${initdir}/"$1" ]] && return 0  # already there
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} -d "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} -d "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} -d "$@" || :
 }

 inst() {
@@ -179,7 +195,7 @@ inst() {
    fi
    [[ -e ${initdir}/"${2:-$1}" ]] && return 0  # already there
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
 }

 inst_simple() {
@@ -191,7 +207,7 @@ inst_simple() {
    [[ -e ${initdir}/"${2:-$1}" ]] && return 0  # already there
    [[ -e $1 ]] || return 1  # no source
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${_hostonly_install:+-H} "$@" || :
 }

 inst_symlink() {
@@ -203,14 +219,14 @@ inst_symlink() {
    [[ -e ${initdir}/"${2:-$1}" ]] && return 0  # already there
    [[ -L $1 ]] || return 1
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
 }

 inst_multiple() {
    local _ret
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@"
    _ret=$?
-    (($_ret != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
+    (($_ret != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
    return $_ret
 }

@@ -218,6 +234,19 @@ dracut_install() {
    inst_multiple "$@"
 }

+dracut_instmods() {
+    local _silent=0;
+    local i;
+    [[ $no_kernel = yes ]] && return
+    for i in "$@"; do
+        [[ $i == "--silent" ]] && _silent=1
+    done
+
+    $DRACUT_INSTALL \
+        ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${hostonly:+-H} ${omit_drivers:+-N "$omit_drivers"} ${srcmods:+--kerneldir "$srcmods"} -m "$@"
+    (($? != 0)) && (($_silent == 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${hostonly:+-H} ${omit_drivers:+-N "$omit_drivers"} ${srcmods:+--kerneldir "$srcmods"} -m "$@" || :
+}
+
 inst_library() {
    local _hostonly_install
    if [[ "$1" == "-H" ]]; then
@@ -227,17 +256,35 @@ inst_library() {
    [[ -e ${initdir}/"${2:-$1}" ]] && return 0  # already there
    [[ -e $1 ]] || return 1  # no source
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" || :
 }

 inst_binary() {
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@" || :
 }

 inst_script() {
    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} "$@"
-    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@" || :
+    (($? != 0)) && derror FAILED: $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$@" || :
+}
+
+inst_fsck_help() {
+    local _helper="/run/dracut/fsck/fsck_help_$1.txt"
+    $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} "$2" $_helper
+    (($? != 0)) && derror $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l}  ${DRACUT_FIPS_MODE:+-f} "$2" $_helper || :
+}
+
+# Use with form hostonly="$(optional_hostonly)" inst_xxxx <args>
+# If hosotnly mode is set to "strict", hostonly restrictions will still
+# be applied, else will ignore hostonly mode and try to install all
+# given modules.
+optional_hostonly() {
+    if [[ $hostonly_mode = "strict" ]]; then
+        printf -- "$hostonly"
+    else
+        printf ""
+    fi
 }

 mark_hostonly() {
@@ -275,71 +322,61 @@ rev_lib_symlinks() {
 inst_rule_programs() {
    local _prog _bin

-    if grep -qE 'PROGRAM==?"[^ "]+' "$1"; then
-        for _prog in $(grep -E 'PROGRAM==?"[^ "]+' "$1" | sed -r 's/.*PROGRAM==?"([^ "]+).*/\1/'); do
-            _bin=""
-            if [ -x ${udevdir}/$_prog ]; then
-                _bin=${udevdir}/$_prog
-            elif [[ "${_prog/\$env\{/}" == "$_prog" ]]; then
-                _bin=$(find_binary "$_prog") || {
-                    dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
-                    continue;
-                }
-            fi
+    for _prog in $(sed -nr 's/.*PROGRAM==?"([^ "]+).*/\1/p' "$1"); do
+        _bin=""
+        if [ -x ${udevdir}/$_prog ]; then
+            _bin=${udevdir}/$_prog
+        elif [[ "${_prog/\$env\{/}" == "$_prog" ]]; then
+            _bin=$(find_binary "$_prog") || {
+                dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
+                continue;
+            }
+        fi

-            [[ $_bin ]] && inst_binary "$_bin"
-        done
-    fi
-    if grep -qE 'RUN[+=]=?"[^ "]+' "$1"; then
-        for _prog in $(grep -E 'RUN[+=]=?"[^ "]+' "$1" | sed -r 's/.*RUN[+=]=?"([^ "]+).*/\1/'); do
-            _bin=""
-            if [ -x ${udevdir}/$_prog ]; then
-                _bin=${udevdir}/$_prog
-            elif [[ "${_prog/\$env\{/}" == "$_prog" ]] && [[ "${_prog}" != "/sbin/initqueue" ]]; then
-                _bin=$(find_binary "$_prog") || {
-                    dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
-                    continue;
-                }
-            fi
+        [[ $_bin ]] && inst_binary "$_bin"
+    done
+    for _prog in $(sed -nr 's/.*RUN[+=]=?"([^ "]+).*/\1/p' "$1"); do
+        _bin=""
+        if [ -x ${udevdir}/$_prog ]; then
+            _bin=${udevdir}/$_prog
+        elif [[ "${_prog/\$env\{/}" == "$_prog" ]] && [[ "${_prog}" != "/sbin/initqueue" ]]; then
+            _bin=$(find_binary "$_prog") || {
+                dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
+                continue;
+            }
+        fi

-            [[ $_bin ]] && inst_binary "$_bin"
-        done
-    fi
-    if grep -qE 'IMPORT\{program\}==?"[^ "]+' "$1"; then
-        for _prog in $(grep -E 'IMPORT\{program\}==?"[^ "]+' "$1" | sed -r 's/.*IMPORT\{program\}==?"([^ "]+).*/\1/'); do
-            _bin=""
-            if [ -x ${udevdir}/$_prog ]; then
-                _bin=${udevdir}/$_prog
-            elif [[ "${_prog/\$env\{/}" == "$_prog" ]]; then
-                _bin=$(find_binary "$_prog") || {
-                    dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
-                    continue;
-                }
-            fi
+        [[ $_bin ]] && inst_binary "$_bin"
+    done
+    for _prog in $(sed -nr 's/.*IMPORT\{program\}==?"([^ "]+).*/\1/p' "$1"); do
+        _bin=""
+        if [ -x ${udevdir}/$_prog ]; then
+            _bin=${udevdir}/$_prog
+        elif [[ "${_prog/\$env\{/}" == "$_prog" ]]; then
+            _bin=$(find_binary "$_prog") || {
+                dinfo "Skipping program $_prog using in udev rule ${1##*/} as it cannot be found"
+                continue;
+            }
+        fi

-            [[ $_bin ]] && dracut_install "$_bin"
-        done
-    fi
+        [[ $_bin ]] && dracut_install "$_bin"
+    done
 }

 # attempt to install any programs specified in a udev rule
 inst_rule_group_owner() {
    local i

-    if grep -qE 'OWNER=?"[^ "]+' "$1"; then
-        for i in $(grep -E 'OWNER=?"[^ "]+' "$1" | sed -r 's/.*OWNER=?"([^ "]+).*/\1/'); do
-            if ! egrep -q "^$i:" "$initdir/etc/passwd" 2>/dev/null; then
-                egrep "^$i:" /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
-            fi
-        done
-    fi
-    if grep -qE 'GROUP=?"[^ "]+' "$1"; then
-        for i in $(grep -E 'GROUP=?"[^ "]+' "$1" | sed -r 's/.*GROUP=?"([^ "]+).*/\1/'); do
-            if ! egrep -q "^$i:" "$initdir/etc/group" 2>/dev/null; then
-                egrep "^$i:" /etc/group 2>/dev/null >> "$initdir/etc/group"
-            fi
-        done
-    fi
+    for i in $(sed -nr 's/.*OWNER=?"([^ "]+).*/\1/p' "$1"); do
+        if ! grep -Eq "^$i:" "$initdir/etc/passwd" 2>/dev/null; then
+            grep -E "^$i:" /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+        fi
+    done
+    for i in $(sed -nr 's/.*GROUP=?"([^ "]+).*/\1/p' "$1"); do
+        if ! grep -Eq "^$i:" "$initdir/etc/group" 2>/dev/null; then
+            grep -E "^$i:" /etc/group 2>/dev/null >> "$initdir/etc/group"
+        fi
+    done
 }

 inst_rule_initqueue() {
@@ -857,11 +894,6 @@ install_kmod_with_fw() {
    [[ -e "${initdir}/lib/modules/$kernel/${1##*/lib/modules/$kernel/}" ]] \
        && return 0

-    if [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && [[ -e "$DRACUT_KERNEL_LAZY_HASHDIR/${1##*/}" ]]; then
-        read ret < "$DRACUT_KERNEL_LAZY_HASHDIR/${1##*/}"
-        return $ret
-    fi
-
    if [[ $omit_drivers ]]; then
        local _kmod=${1##*/}
        _kmod=${_kmod%.ko*}
@@ -886,9 +918,6 @@ install_kmod_with_fw() {

    inst_simple "$1" "/lib/modules/$kernel/${1##*/lib/modules/$kernel/}"
    ret=$?
-    [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && \
-        [[ -d "$DRACUT_KERNEL_LAZY_HASHDIR" ]] && \
-        echo $ret > "$DRACUT_KERNEL_LAZY_HASHDIR/${1##*/}"
    (($ret != 0)) && return $ret

    local _modname=${1##*/} _fwdir _found _fw
@@ -932,56 +961,8 @@ for_each_kmod_dep() {
 }

 dracut_kernel_post() {
-    local _moddirname=${srcmods%%/lib/modules/*}
-    local _pid
-
-    if [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && [[ -f "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist" ]]; then
-        xargs -r modprobe -a ${_moddirname:+-d ${_moddirname}/} \
-            --ignore-install --show-depends --set-version $kernel \
-            < "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist" 2>/dev/null \
-            | sort -u \
-            | while read _cmd _modpath _options || [ -n "$_cmd" ]; do
-            [[ $_cmd = insmod ]] || continue
-            echo "$_modpath"
-        done > "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist.dep"
-
-        (
-            if [[ $DRACUT_INSTALL ]] && [[ -z $_moddirname ]]; then
-                xargs -r $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} -a < "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist.dep"
-            else
-                while read _modpath || [ -n "$_modpath" ]; do
-                    local _destpath=$_modpath
-                    [[ $_moddirname ]] && _destpath=${_destpath##$_moddirname/}
-                    _destpath=${_destpath##*/lib/modules/$kernel/}
-                    inst_simple "$_modpath" "/lib/modules/$kernel/${_destpath}" || exit $?
-                done < "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist.dep"
-            fi
-        ) &
-        _pid=$(jobs -p | while read a  || [ -n "$a" ]; do printf ":$a";done)
-        _pid=${_pid##*:}
-
-        if [[ $DRACUT_INSTALL ]]; then
-            xargs -r modinfo -k $kernel -F firmware < "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist.dep" \
-                | while read line || [ -n "$line" ]; do
-                for _fwdir in $fw_dir; do
-                    echo $_fwdir/$line;
-                done;
-            done | xargs -r $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${loginstall:+-L "$loginstall"} -a -o
-        else
-            for _fw in $(xargs -r modinfo -k $kernel -F firmware < "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist.dep"); do
-                for _fwdir in $fw_dir; do
-                    [[ -d $_fwdir && -f $_fwdir/$_fw ]] || continue
-                    inst_simple "$_fwdir/$_fw" "/lib/firmware/$_fw"
-                    break
-                done
-            done
-        fi
-
-        wait $_pid
-    fi
-
    for _f in modules.builtin.bin modules.builtin modules.order; do
-        [[ $srcmods/$_f ]] && inst_simple "$srcmods/$_f" "/lib/modules/$kernel/$_f"
+        [[ -e $srcmods/$_f ]] && inst_simple "$srcmods/$_f" "/lib/modules/$kernel/$_f"
    done

    # generate module dependencies for the initrd
@@ -991,170 +972,76 @@ dracut_kernel_post() {
        exit 1
    fi

-    [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && rm -fr -- "$DRACUT_KERNEL_LAZY_HASHDIR"
 }

-[[ "$kernel_current" ]] || export kernel_current=$(uname -r)
-
-module_is_host_only() {
-    local _mod=$1
-    local _modenc a i _k _s _v _aliases
-    _mod=${_mod##*/}
-    _mod=${_mod%.ko*}
-    _modenc=${_mod//-/_}
-
-    [[ " $add_drivers " == *\ ${_mod}\ * ]] && return 0
-
-    # check if module is loaded
-    [[ ${host_modules["$_modenc"]} ]] && return 0
-
-    [[ "$kernel_current" ]] || export kernel_current=$(uname -r)
-
-    if [[ "$kernel_current" != "$kernel" ]]; then
-        # check if module is loadable on the current kernel
-        # this covers the case, where a new module is introduced
-        # or a module was renamed
-        # or a module changed from builtin to a module
-
-        if [[ -d /lib/modules/$kernel_current ]]; then
-            # if the modinfo can be parsed, but the module
-            # is not loaded, then we can safely return 1
-            modinfo -F filename "$_mod" &>/dev/null && return 1
-        fi
-
-        # just install the module, better safe than sorry
-        return 0
-    fi
-
-    return 1
-}
-
-find_kernel_modules_by_path () {
-    local _OLDIFS
-
-    [[ -f "$srcmods/modules.dep" ]] || return 0
-
-    _OLDIFS=$IFS
-    IFS=:
-    while read a rest || [ -n "$a" ]; do
-        [[ $a = */$1/* ]] || [[ $a = updates/* ]] || continue
-        printf "%s\n" "$srcmods/$a"
-    done < "$srcmods/modules.dep"
-    IFS=$_OLDIFS
-    return 0
-}
-
-find_kernel_modules () {
-    find_kernel_modules_by_path  drivers
-}
-
-# instmods [-c [-s]] <kernel module> [<kernel module> ... ]
-# instmods [-c [-s]] <kernel subsystem>
-# install kernel modules along with all their dependencies.
-# <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"
 instmods() {
+    # instmods [-c [-s]] <kernel module> [<kernel module> ... ]
+    # instmods [-c [-s]] <kernel subsystem>
+    # install kernel modules along with all their dependencies.
+    # <kernel subsystem> can be e.g. "=block" or "=drivers/usb/storage"
+    # -c check
+    # -s silent
+    local _optional="-o"
+    local _silent
+    local _ret
+
    [[ $no_kernel = yes ]] && return
-    # called [sub]functions inherit _fderr
-    local _fderr=9
-    local _check=no
-    local _silent=no
+
    if [[ $1 = '-c' ]]; then
-        _check=yes
+        unset _optional
        shift
    fi
-
    if [[ $1 = '-s' ]]; then
-        _silent=yes
+        _silent=1
        shift
    fi

-    function inst1mod() {
-        local _ret=0 _mod="$1"
-        case $_mod in
-            =*)
-                ( [[ "$_mpargs" ]] && echo $_mpargs
-                    find_kernel_modules_by_path "${_mod#=}" ) \
-                        | instmods
-                ((_ret+=$?))
-                ;;
-            --*) _mpargs+=" $_mod" ;;
-            *)
-                _mod=${_mod##*/}
-                # Check for aliased modules
-                _modalias=$(modinfo -k $kernel -F filename $_mod 2> /dev/null)
-                _modalias=${_modalias%.ko*}
-                if [[ $_modalias ]] && [ "${_modalias##*/}" != "${_mod%.ko*}" ] ; then
-                    _mod=${_modalias##*/}
-                fi
+    if (($# == 0)); then
+        read -r -d '' -a args
+        set -- "${args[@]}"
+    fi

-                # if we are already installed, skip this module and go on
-                # to the next one.
-                if [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && \
-                    [[ -f "$DRACUT_KERNEL_LAZY_HASHDIR/${_mod%.ko*}" ]]; then
-                    read _ret <"$DRACUT_KERNEL_LAZY_HASHDIR/${_mod%.ko*}"
-                    return $_ret
-                fi
-
-                _mod=${_mod/-/_}
-                if [[ $omit_drivers ]] && [[ "$_mod" =~ $omit_drivers ]]; then
-                    dinfo "Omitting driver ${_mod##$srcmods}"
-                    return 0
-                fi
-
-                # If we are building a host-specific initramfs and this
-                # module is not already loaded, move on to the next one.
-                [[ $hostonly ]] \
-                    && ! module_is_host_only "$_mod" \
-                    && return 0
-
-                if [[ "$_check" = "yes" ]] || ! [[ $DRACUT_KERNEL_LAZY_HASHDIR ]]; then
-                    # We use '-d' option in modprobe only if modules prefix path
-                    # differs from default '/'.  This allows us to use dracut with
-                    # old version of modprobe which doesn't have '-d' option.
-                    local _moddirname=${srcmods%%/lib/modules/*}
-                    [[ -n ${_moddirname} ]] && _moddirname="-d ${_moddirname}/"
-
-                    # ok, load the module, all its dependencies, and any firmware
-                    # it may require
-                    for_each_kmod_dep install_kmod_with_fw $_mod \
-                        --set-version $kernel ${_moddirname} $_mpargs
-                    ((_ret+=$?))
-                else
-                    [[ $DRACUT_KERNEL_LAZY_HASHDIR ]] && \
-                        echo ${_mod%.ko*} >> "$DRACUT_KERNEL_LAZY_HASHDIR/lazylist"
-                fi
-                ;;
-        esac
-        return $_ret
-    }
-
-    function instmods_1() {
-        local _mod _mpargs
-        if (($# == 0)); then  # filenames from stdin
-            while read _mod || [ -n "$_mod" ]; do
-                inst1mod "${_mod%.ko*}" || {
-                    if [[ "$_check" == "yes" ]] && [[ "$_silent" == "no" ]]; then
-                        dfatal "Failed to install module $_mod"
-                    fi
-                }
-            done
-        fi
-        while (($# > 0)); do  # filenames as arguments
-            inst1mod ${1%.ko*} || {
-                if [[ "$_check" == "yes" ]] && [[ "$_silent" == "no" ]]; then
-                    dfatal "Failed to install module $1"
-                fi
-            }
-            shift
-        done
+    if (($# == 0)); then
        return 0
-    }
+    fi

-    local _ret _filter_not_found='FATAL: Module .* not found.'
-    # Capture all stderr from modprobe to _fderr. We could use {var}>...
-    # redirections, but that would make dracut require bash4 at least.
-    eval "( instmods_1 \"\$@\" ) ${_fderr}>&1" \
-        | while read line || [ -n "$line" ]; do [[ "$line" =~ $_filter_not_found ]] || echo $line;done | derror
+    $DRACUT_INSTALL \
+        ${initdir:+-D "$initdir"} \
+        ${loginstall:+-L "$loginstall"} \
+        ${hostonly:+-H} \
+        ${omit_drivers:+-N "$omit_drivers"} \
+        ${srcmods:+--kerneldir "$srcmods"} \
+        ${_optional:+-o} \
+        ${_silent:+--silent} \
+        -m "$@"
    _ret=$?
+
+    if (($_ret != 0)) && [[ -z "$_silent" ]]; then
+        derror "FAILED: " \
+            $DRACUT_INSTALL \
+                ${initdir:+-D "$initdir"} \
+                ${loginstall:+-L "$loginstall"} \
+                ${hostonly:+-H} \
+                ${omit_drivers:+-N "$omit_drivers"} \
+                ${srcmods:+--kerneldir "$srcmods"} \
+                ${_optional:+-o} \
+                ${_silent:+--silent} \
+                -m "$@"
+    fi
+
+    [[ "$optional" ]] && return 0
    return $_ret
 }
+
+if [[ "$(ln --help)" == *--relative* ]]; then
+    ln_r() {
+        ln -sfnr "${initdir}/$1" "${initdir}/$2"
+    }
+else
+    ln_r() {
+        local _source=$1
+        local _dest=$2
+        [[ -d "${_dest%/*}" ]] && _dest=$(readlink -f "${_dest%/*}")/${_dest##*/}
+        ln -sfn -- "$(convert_abs_rel "${_dest}" "${_source}")" "${initdir}/${_dest}"
+    }
+fi
--- a/dracut-initramfs-restore.sh
+++ b/dracut-initramfs-restore.sh
@@ -31,6 +31,8 @@ elif $SKIP "$IMG" | xzcat | cpio -id --no-absolute-filenames --quiet >/dev/null;
    rm -f -- .need_shutdown
 elif $SKIP "$IMG" | lz4 -d -c | cpio -id --no-absolute-filenames --quiet >/dev/null; then
    rm -f -- .need_shutdown
+elif $SKIP "$IMG" | zstd -d -c | cpio -id --no-absolute-filenames --quiet >/dev/null; then
+    rm -f -- .need_shutdown
 else
    # something failed, so we clean up
    echo "Unpacking of $IMG to /run/initramfs failed" >&2
--- a/dracut.8.asc
+++ b/dracut.8.asc
@@ -243,12 +243,6 @@ example:
 **--nostrip**::
    do not strip binaries in the initramfs

-**--prelink**::
-    prelink binaries in the initramfs (default)
-
-**--noprelink**::
-    do not prelink binaries in the initramfs
-
 **--hardlink**::
    hardlink files in the initramfs (default)

@@ -323,6 +317,16 @@ provide a valid _/etc/fstab_.
 **--no-hostonly-cmdline**:
    Do not store kernel command line arguments needed in the initramfs

+**--no-hostonly-default-device**:
+    Do not generate implicit host devices like root, swap, fstab, etc.
+    Use "--mount" or "--add-device" to explicitly add devices as needed.
+
+**--hostonly-i18n**:
+    Install only needed keyboard and font files according to the host configuration (default).
+
+**--no-hostonly-i18n**:
+    Install all keyboard and font files available.
+
 **--persistent-policy** _<policy>_::
    Use _<policy>_ to address disks and partitions.
    _<policy>_ can be any directory name found in /dev/disk.
@@ -422,12 +426,21 @@ Make sure your kernel has lz4 decompression support compiled in, otherwise you
 will not be able to boot.
 ====

+**--zstd**::
+    Compress the generated initramfs using Zstandard.
+[WARNING]
+====
+Make sure your kernel has zstd decompression support compiled in, otherwise you
+will not be able to boot.
+====
+
 **--compress** _<compressor>_::
    Compress the generated initramfs using the passed compression program. If
    you pass it just the name of a compression program, it will call that
    program with known-working arguments. If you pass a quoted string with
    arguments, it will be called with exactly those arguments. Depending on what
    you pass, this may result in an initramfs that the kernel cannot decompress.
+    The default value can also be set via the _INITRD_COMPRESS_ environment variable.

 **--no-compress**::
    Do not compress the generated initramfs. This will override any other
@@ -478,18 +491,32 @@ will not be able to boot.

 **--uefi**::
    Instead of creating an initramfs image, dracut will create an UEFI executable,
-    which can be executed by an UEFI BIOS.
+    which can be executed by an UEFI BIOS. The default output filename is
+    _<EFI>/EFI/Linux/linux-$kernel$-<MACHINE_ID>-<BUILD_ID>.efi_. <EFI> might be
+    _/efi_, _/boot_ or _/boot/efi_ depending on where the ESP partition is mounted.
+    The <BUILD_ID> is taken from BUILD_ID in _/usr/lib/os-release_ or if it exists
+    _/etc/os-release_ and is left out, if BUILD_ID is non-existant or empty.
+
+**--no-machineid**::
+    affects the default output filename of **--uefi** and will discard the <MACHINE_ID>
+    part.

 **--uefi-stub _<FILE>_**::
    Specifies the UEFI stub loader, which will load the attached kernel, initramfs and
    kernel command line and boots the kernel. The default is
-    _/lib/systemd/boot/efi/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
-    or _/usr/lib/gummiboot/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
+    _$prefix/lib/systemd/boot/efi/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_
+    or _$prefix/lib/gummiboot/linux<EFI-MACHINE-TYPE-NAME>.efi.stub_

 **--kernel-image _<FILE>_**::
    Specifies the kernel image, which to include in the UEFI executable. The default is
    _/lib/modules/<KERNEL-VERSION>/vmlinuz_ or _/boot/vmlinuz-<KERNEL-VERSION>_

+ENVIRONMENT
+-----------
+
+_INITRD_COMPRESS_::
+    sets the default compression program. See **--compress**.
+
 FILES
 -----
 _/var/log/dracut.log_::
--- a/dracut.asc
+++ b/dracut.asc
@@ -132,7 +132,7 @@ The following steps are executed during a shutdown:

 * systemd switches to the shutdown.target
 * systemd starts
-  /lib/systemd/system/shutdown.target.wants/dracut-shutdown.service
+  $prefix/lib/systemd/system/shutdown.target.wants/dracut-shutdown.service
 * dracut-shutdown.service executes /usr/lib/dracut/dracut-initramfs-restore
  which unpacks the initramfs to /run/initramfs
 * systemd finishes shutdown.target
--- a/dracut.cmdline.7.asc
+++ b/dracut.cmdline.7.asc
@@ -32,7 +32,7 @@ line is the value, which is honored.
 Standard
 ~~~~~~~~
 **init=**__<path to real init>__::
-    specify the path to the init programm to be started after the initramfs has
+    specify the path to the init program to be started after the initramfs has
    finished

 **root=**__<path to blockdevice>__::
@@ -129,6 +129,10 @@ menuentry 'Live Fedora 20' --class fedora --class gnu-linux --class gnu --class

 Misc
 ~~~~
+**rd.emergency=**__[reboot|poweroff|halt]__::
+    specify, what action to execute in case of a critical failure. rd.shell=0 also
+    be specified.
+
 **rd.driver.blacklist=**__<drivername>__[,__<drivername>__,...]::
    do not load kernel module <drivername>. This parameter can be specified
    multiple times.
@@ -183,8 +187,8 @@ It should be attached to any report about dracut problems.
    _/run/initramfs/init.log_.
    If "quiet" is set, it also logs to the console.

-**rd.memdebug=[0-3]**::
-    Print memory usage info at various points, set the verbose level from 0 to 3.
+**rd.memdebug=[0-4]**::
+    Print memory usage info at various points, set the verbose level from 0 to 4.
 +    
    Higher level means more debugging output:
 +
@@ -193,6 +197,10 @@ It should be attached to any report about dracut problems.
    1 - partial /proc/meminfo
    2 - /proc/meminfo
    3 - /proc/meminfo + /proc/slabinfo
+    4 - /proc/meminfo + /proc/slabinfo + tracekomem
+        NOTE: tracekomem is a shell script utilizing kernel trace to track
+              the rough total memory consumption of kernel modules during
+              loading. It may override other trace configurations.
 ----

 **rd.break**::
@@ -303,6 +311,11 @@ crypto LUKS
 **rd.luks.crypttab=0**::
    do not check, if LUKS partition is in _/etc/crypttab_

+**rd.luks.timeout=**__<seconds>__::
+    specify how long dracut should wait when waiting for the user to enter the
+    password. This avoid blocking the boot if no password is entered. It does
+    not apply to luks key. The default is '0', which means 'forever'.
+
 crypto LUKS - key on removable device support
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 **rd.luks.key=**__<keypath>__:__<keydev>__:__<luksdev>__::
@@ -472,7 +485,7 @@ USB Android phone::
 * enp0s29u1u2
 =====================

-**ip=**__{dhcp|on|any|dhcp6|auto6}__::
+**ip=**__{dhcp|on|any|dhcp6|auto6|either6}__::
    dhcp|on|any::: get ip from dhcp server from all interfaces. If root=dhcp,
    loop sequentially through all interfaces (eth0, eth1, ...) and use the first
    with a valid DHCP root-path.
@@ -481,6 +494,8 @@ USB Android phone::

    dhcp6::: IPv6 DHCP

+    either6::: if auto6 fails, then dhcp6
+
 **ip=**__<interface>__:__{dhcp|on|any|dhcp6|auto6}__[:[__<mtu>__][:__<macaddr>__]]::
    This parameter can be specified multiple times.
 +
@@ -492,7 +507,7 @@ cannot be used in conjunction with the **ifname** argument for the
 same <interface>.
 =====================

-**ip=**__<client-IP>__:[__<peer>__]:__<gateway-IP>__:__<netmask>__:__<client_hostname>__:__<interface>__:__{none|off|dhcp|on|any|dhcp6|auto6|ibft}__:[:[__<mtu>__][:__<macaddr>__]]::
+**ip=**__<client-IP>__:[__<peer>__]:__<gateway-IP>__:__<netmask>__:__<client_hostname>__:__<interface>__:__{none|off|dhcp|on|any|dhcp6|auto6|ibft}__[:[__<mtu>__][:__<macaddr>__]]::
    explicit network configuration. If you want do define a IPv6 address, put it
    in brackets (e.g. [2001:DB8::1]). This parameter can be specified multiple
    times. __<peer>__ is optional and is the address of the remote endpoint
@@ -561,13 +576,14 @@ interface name. Better name it "bootnet" or "bluesocket".
    VLAN_PLUS_VID_NO_PAD (vlan5), DEV_PLUS_VID (eth0.0005),
    DEV_PLUS_VID_NO_PAD (eth0.5)

-**bond=**__<bondname>__[:__<bondslaves>__:[:__<options>__]]::
+**bond=**__<bondname>__[:__<bondslaves>__:[:__<options>__[:<mtu>]]]::
    Setup bonding device <bondname> on top of <bondslaves>.
    <bondslaves> is a comma-separated list of physical (ethernet) interfaces.
    <options> is a comma-separated list on bonding options (modinfo bonding for
    details) in format compatible with initscripts. If <options> includes
    multi-valued arp_ip_target option, then its values should be separated by
-    semicolon. Bond without parameters assumes
+    semicolon. if the mtu is specified, it will be set on the bond master.
+    Bond without parameters assumes
    bond=bond0:eth0,eth1:mode=balance-rr

 **team=**__<teammaster>__:__<teamslaves>__::
@@ -585,7 +601,7 @@ NFS
    mount nfs share from <server-ip>:/<root-dir>, if no server-ip is given, use
    dhcp next_server. If server-ip is an IPv6 address it has to be put in
    brackets, e.g. [2001:DB8::1]. NFS options can be appended with the prefix
-    ":" or "," and are seperated by ",".
+    ":" or "," and are separated by ",".

 **root=**nfs:\[_<server-ip>_:]__<root-dir>__[:__<nfs-options>__], **root=**nfs4:\[_<server-ip>_:]__<root-dir>__[:__<nfs-options>__], **root=**__{dhcp|dhcp6}__::
    root=dhcp alone directs initrd to look at the DHCP root-path where NFS
@@ -604,7 +620,7 @@ NFS
    method. This is supported by dracut, but not recommended.

 **rd.nfs.domain=**__<NFSv4 domain name>__::
-    Set the NFSv4 domain name. Will overwrite the settings in _/etc/idmap.conf_.
+    Set the NFSv4 domain name. Will override the settings in _/etc/idmap.conf_.

 **rd.net.dhcp.retry=**__<cnt>__::
    If this option is set, dracut will try to connect via dhcp <cnt> times before failing.
@@ -718,6 +734,9 @@ You may want to use rd.iscsi.firmware.
 **root=**_???_ **netroot=**iscsi **rd.iscsi.firmware=1**::
 will read the iscsi parameter from the BIOS firmware

+**rd.iscsi.login_retry_max=**__<num>__::
+    maximum number of login retries
+
 **rd.iscsi.param=**__<param>__::
    <param> will be passed as "--param <param>" to iscsistart.
    This parameter can be specified multiple times.
@@ -746,22 +765,32 @@ iscsistart -b --param node.session.timeo.replacement_timeout=30

 FCoE
 ~~~~
-**fcoe=**__<edd|interface|MAC>__:__{dcb|nodcb}__::
+**fcoe=**__<edd|interface|MAC>__:__{dcb|nodcb}__:__{fabric|vn2vn}__::
    Try to connect to a FCoE SAN through the NIC specified by _<interface>_ or
-    _<MAC>_ or EDD settings. For the second argument, currently only nodcb is
-    supported. This parameter can be specified multiple times.
+    _<MAC>_ or EDD settings. The second argument specifies if DCB
+    should be used. The optional third argument specifies whether
+    fabric or VN2VN mode should be used.
+    This parameter can be specified multiple times.
 +
 NOTE: letters in the MAC-address must be lowercase!

 NBD
 ~~~
-**root=**??? **netroot=**nbd:__<server>__:__<port>__[:__<fstype>__[:__<mountopts>__[:__<nbdopts>__]]]::
-    mount nbd share from <server>
+**root=**??? **netroot=**nbd:__<server>__:__<port/exportname>__[:__<fstype>__[:__<mountopts>__[:__<nbdopts>__]]]::
+    mount nbd share from <server>.
+
+NOTE:
+    If "exportname" instead of "port" is given the standard port is used.
+    Newer versions of nbd are only supported with "exportname".

-**root=dhcp** with **dhcp** **root-path=**nbd:__<server>__:__<port>__[:__<fstype>__[:__<mountopts>__[:__<nbdopts>__]]]::
+**root=dhcp** with **dhcp** **root-path=**nbd:__<server>__:__<port/exportname>__[:__<fstype>__[:__<mountopts>__[:__<nbdopts>__]]]::
    root=dhcp alone directs initrd to look at the DHCP root-path where NBD
    options can be specified. This syntax is only usable in cases where you are
    directly mounting the volume as the rootfs.
+
+NOTE:
+    If "exportname" instead of "port" is given the standard port is used.
+    Newer versions of nbd are only supported with "exportname".

 DASD
 ~~~~
@@ -771,12 +800,19 @@ DASD
 ZFCP
 ~~~~
 **rd.zfcp=**__<zfcp adaptor device bus ID>__,__<WWPN>__,__<FCPLUN>__::
-    rd.zfcp can be specified multiple times on the kernel command line.
+    rd.zfcp can be specified multiple times on the kernel command
+    line.
+
+**rd.zfcp=**__<zfcp adaptor device bus ID>__::
+    If NPIV is enabled and the 'allow_lun_scan' parameter to the zfcp
+    module is set to 'Y' then the zfcp adaptor will be initiating a
+    scan internally and the <WWPN> and <FCPLUN> parameters can be omitted.
 +
 [listing]
 .Example
 --
 rd.zfcp=0.0.4000,0x5005076300C213e9,0x5022000000000000
+rd.zfcp=0.0.4000
 --

 **rd.zfcp.conf=0**::
@@ -785,6 +821,9 @@ rd.zfcp=0.0.4000,0x5005076300C213e9,0x5022000000000000
 ZNET
 ~~~~
 **rd.znet=**__<nettype>__,__<subchannels>__,__<options>__::
+    The whole parameter is appended to /etc/ccw.conf, which is used on
+    RHEL/Fedora with ccw_init, which is called from udev for certain
+    devices on z-series.
    rd.znet can be specified multiple times on the kernel command line.
 +
 [listing]
@@ -799,24 +838,27 @@ Booting live images
 Dracut offers multiple options for live booted images:

 =====================
-SquashFS with read-only filesystem image::: The system will boot with a read
-only filesystem from the SquashFS and apply a writable device-mapper snapshot
-over the read only filesystem.  Using this method ensures a relatively fast
-boot and lower RAM usage. Users **must be careful** to avoid writing too many
-blocks to the snapshot volume.  Once the blocks of the snapshot overlay are
-exhausted, the root filesystem becomes unusable and requires a reboot.  A
-persistent overlay is marked Invalid, and requires a difficult recovery.
-Non-persistent overlays default to 512 MiB in RAM, but the size can be adjusted
-with the **rd.live.overlay.size=** kernel command line option.
+SquashFS with read-only filesystem image::: The system will boot with a
+read-only filesystem from the SquashFS and apply a writable Device-mapper
+snapshot or an OverlayFS overlay mount for the read-only base filesystem.  This
+method ensures a relatively fast boot and lower RAM usage. Users **must be
+careful** to avoid writing too many blocks to a snapshot volume.  Once the
+blocks of the snapshot overlay are exhausted, the root filesystem becomes
+read-only and may cause application failures.  The snapshot overlay file is
+marked 'Overflow', and a difficult recovery is required to repair and enlarge
+the overlay offline.  Non-persistent overlays are sparse files in RAM that only
+consume content space as required blocks are allocated.  They default to an
+apparent size of 32 GiB in RAM.  The size can be adjusted with the
+**rd.live.overlay.size=** kernel command line option.
 +
-The filesystem structure is expected to be:
+The filesystem structure is traditionally expected to be:
 +
 [listing]
 --
-squashfs.img          |  Squashfs from LiveCD .iso downloaded via network
+squashfs.img          |  SquashFS from LiveCD .iso
   !(mount)
   /LiveOS
-       |- ext3fs.img  |  Filesystem image to mount read-only
+       |- rootfs.img  |  Filesystem image to mount read-only
            !(mount)
            /bin      |  Live filesystem
            /boot     |
@@ -824,21 +866,35 @@ squashfs.img          |  Squashfs from LiveCD .iso downloaded via network
            ...       |
 --
 +
-Dracut uses this method of live booting by default.  No additional command line
-options are required other than **root=live:<URL>** to specify the location
-of your squashed filesystem.
+For OverlayFS mount overlays, the filesystem structure may also be a direct
+compression of the root filesystem:
+
+[listing]
+--
+squashfs.img          |  SquashFS from LiveCD .iso
+   !(mount)
+   /bin               |  Live filesystem
+   /boot              |
+   /dev               |
+   ...                |
+--
+
+Dracut uses one of the overlay methods of live booting by default.  No
+additional command line options are required other than **root=live:<URL>** to
+specify the location of your squashed filesystem.
 +
 - The compressed SquashFS image can be copied during boot to RAM at
 `/run/initramfs/squashed.img` by using the **rd.live.ram=1** option.
- A device with a persistent overlay can be booted read only by using the
+- A device with a persistent overlay can be booted read-only by using the
 **rd.live.overlay.readonly** option on the kernel command line.  This will
-cause a temporary, writable overlay to be stacked over a read-only snapshot
-of the root filesystem.
+either cause a temporary, writable overlay to be stacked over a read-only
+snapshot of the root filesystem or the OverlayFS mount will use an additional
+lower layer with the root filesystem.
 +
 Uncompressed live filesystem image:::
 When the live system was installed with the '--skipcompress' option of the
 __livecd-iso-to-disk__ installation script for Live USB devices, the root
-filesystem image, `ext3fs.img`, is expanded on installation and no SquashFS
+filesystem image, __rootfs.img__, is expanded on installation and no SquashFS
 is involved during boot.
 +
 - If **rd.live.ram=1** is used in this situation, the full, uncompressed
@@ -846,12 +902,12 @@ root filesystem is copied during boot to `/run/initramfs/rootfs.img` in the
 `/run` tmpfs.
 +
 - If **rd.live.overlay=none** is provided as a kernel command line option,
-a writable, linear device-mapper target is created on boot with no overlay.
+a writable, linear Device-mapper target is created on boot with no overlay.

-writable filesystem image:::
+Writable filesystem image:::
 The system will retrieve a compressed filesystem image, extract it to
 `/run/initramfs/fsimg/rootfs.img`, connect it to a loop device, create a
-writable, linear device-mapper target at `/dev/mapper/live-rw`, and mount that
+writable, linear Device-mapper target at `/dev/mapper/live-rw`, and mount that
 as a writable volume at `/`.  More RAM is required during boot but the live
 filesystem is easier to manage if it becomes full.  Users can make a filesystem
 image of any size and that size will be maintained when the system boots. There
@@ -861,7 +917,7 @@ The filesystem structure is expected to be:
 +
 [listing]
 --
-rootfs.tgz            |  Compressed tarball containing fileystem image
+rootfs.tgz            |  Compressed tarball containing filesystem image
   !(unpack)
   /rootfs.img        |  Filesystem image at /run/initramfs/fsimg/
      !(mount)
@@ -889,10 +945,11 @@ NOTE: There must be enough free RAM available to hold the complete image.
 This method is very suitable for diskless boots.

 **root=**live:__<url>__::
-Boots a live image retrieved from __<url>__.  Valid handlers: __http, https, ftp, torrent, tftp__.
+Boots a live image retrieved from __<url>__.  Requires the dracut 'livenet'
+module.  Valid handlers: __http, https, ftp, torrent, tftp__.
 +
 [listing]
-.Example
+.Examples
 --
 root=live:http://example.com/liveboot.img
 root=live:ftp://ftp.example.com/liveboot.img
@@ -903,8 +960,8 @@ root=live:torrent://example.com/liveboot.img.torrent
 Enables debug output from the live boot process.

 **rd.live.dir=**__<path>__::
-Specifies the directory within the squashfs where the ext3fs.img or rootfs.img
-can be found.  By default, this is __LiveOS__.
+Specifies the directory within the boot device where the squashfs.img or
+rootfs.img can be found.  By default, this is `/LiveOS`.

 **rd.live.squashimg=**__<filename of SquashFS image>__::
 Specifies the filename for a SquashFS image of the root filesystem.
@@ -912,32 +969,52 @@ By default, this is __squashfs.img__.

 **rd.live.ram=**1::
 Copy the complete image to RAM and use this for booting. This is useful
-when the image resides on, i.e., a DVD which needs to be ejected later on.
+when the image resides on, e.g., a DVD which needs to be ejected later on.

-**rd.live.overlay=**__<devspec>__:__(<pathspec>|auto)__|__none__::
-Allow the usage of a permanent overlay.
- _<devspec>_ specifies the path to a device with a mountable filesystem.
- _<pathspec>_ is the path to a file within that filesystem, which shall be
+**rd.live.overlay={**__<devspec>__[:__{<pathspec>|auto}__]|__none__}::
+Manage the usage of a permanent overlay.
+
+--
+* _<devspec>_ specifies the path to a device with a mountable filesystem.
+* _<pathspec>_ is the path to a file within that filesystem, which shall be
 used to persist the changes made to the device specified by the
 **root=live:__<url>__** option.
- _none_ specifies no overlay when an uncompressed live root filesystem is
-available.
+
+The default _pathspec_, when _auto_ or no _:<pathspec>_ is given, is
+`/<+++<b>rd.live.dir</b>+++>/overlay-<label>-<uuid>`, where _<label>_ is the
+device LABEL, and _<uuid>_ is the device UUID.
+* _none_ (the word itself) specifies that no overlay will be used, such as when
+an uncompressed, writable live root filesystem is available.
+
+If a persistent overlay __is detected__ at the standard LiveOS path, the
+overlay & overlay type detected, whether Device-mapper or OverlayFS, will be
+used.
+--
 +
 [listing]
-.Example
+.Examples
 --
 rd.live.overlay=/dev/sdb1:persistent-overlay.img
+rd.live.overlay=UUID=99440c1f-8daa-41bf-b965-b7240a8996f4
 --

 **rd.live.overlay.size=**__<size_MiB>__::
-Specifies a non-persistent overlay size in MiB.  The default is _512_.
+Specifies a non-persistent Device-mapper overlay size in MiB.  The default is
+_32768_.

 **rd.live.overlay.readonly=**1::
-Specifies a non-persistent, writable snapshot overlay to be stacked over a
-read-only snapshot of the root filesystem, `/dev/mapper/live-ro`.
+This is used to boot with a normally read-write persistent overlay in a
+read-only mode.  With this option, either an additional, non-persistent,
+writable snapshot overlay will be stacked over a read-only snapshot,
+`/dev/mapper/live‑ro`, of the base filesystem with the persistent overlay, or a
+read-only loop device, in the case of a writable __rootfs.img__, or an OverlayFS
+mount will use the persistent overlay directory linked at `/run/overlayfs‑r` as
+an additional lower layer along with the base root filesystem and apply a
+transient, writable upper directory overlay, in order to complete the booted
+root filesystem.

 **rd.live.overlay.reset=**1::
-Specifies that a persistent overlay should be reset on boot.  All root
+Specifies that a persistent overlay should be reset on boot.  All previous root
 filesystem changes are vacated by this action.

 **rd.live.overlay.thin=**1::
@@ -947,6 +1024,57 @@ blocks that are not claimed by the filesystem. In this use case, this means
 that memory is given back to the kernel when the filesystem does not claim it
 anymore.

+**rd.live.overlay.overlayfs=**1::
+Enables the use of the *OverlayFS* kernel module, if available, to provide a
+copy-on-write union directory for the root filesystem.  OverlayFS overlays are
+directories of the files that have changed on the read-only base (lower)
+filesystem.  The root filesystem is provided through a special overlay type
+mount that merges the lower and upper directories.  If an OverlayFS upper
+directory is not present on the boot device, a tmpfs directory will be created
+at `/run/overlayfs` to provide temporary storage.  Persistent storage can be
+provided on vfat or msdos formatted devices by supplying the OverlayFS upper
+directory within an embedded filesystem that supports the creation of trusted.*
+extended attributes and provides a valid d_type in readdir responses, such as
+with ext4 and xfs.  On non-vfat-formatted devices, a persistent OverlayFS
+overlay can extend the available root filesystem storage up to the capacity of
+the LiveOS disk device.
+
+If a persistent overlay is detected at the standard LiveOS path, the overlay &
+overlay type detected, whether OverlayFS or Device-mapper, will be used.
+
+The **rd.live.overlay.readonly** option, which allows a persistent overlayfs to
+be mounted read-only through a higher level transient overlay directory, has
+been implemented through the multiple lower layers feature of OverlayFS.
+
+
+ZIPL
+~~~~
+**rd.zipl=**__<path to blockdevice>__::
+    Update the dracut commandline with the values found in the
+    _dracut-cmdline.conf_ file on the given device.
+    The values are merged into the existing commandline values
+    and the udev events are regenerated.
+
+[listing]
+.Example
+--
+rd.zipl=UUID=0fb28157-99e3-4395-adef-da3f7d44835a
+--
+
+CIO_IGNORE
+~~~~~~~~~~
+**rd.cio_accept=**__<device-ids>__::
+    Remove the devices listed in <device-ids> from the default
+    cio_ignore kernel command-line settings.
+    <device-ids> is a list of comma-separated CCW device ids.
+    The default for this value is taken from the
+    _/boot/zipl/active_devices.txt_ file.
+
+[listing]
+.Example
+--
+rd.cio_accept=0.0.0180,0.0.0800,0.0.0801,0.0.0802
+--

 Plymouth Boot Splash
 ~~~~~~~~~~~~~~~~~~~~
@@ -1001,7 +1129,8 @@ their new replacement.

 rdbreak:: rd.break

-rd_CCW:: rd.ccw
+rd.ccw:: rd.znet
+rd_CCW:: rd.znet

 rd_DASD_MOD:: rd.dasd

--- a/dracut.conf.5.asc
+++ b/dracut.conf.5.asc
@@ -17,17 +17,17 @@ _/usr/lib/dracut/dracut.conf.d/*.conf_
 Description
 -----------
 _dracut.conf_ is loaded during the initialisation phase of dracut. Command line
-parameter will overwrite any values set here.
+parameter will override any values set here.

 _*.conf_ files are read from /usr/lib/dracut/dracut.conf.d and
 /etc/dracut.conf.d. Files with the same name in /etc/dracut.conf.d will replace
 files in /usr/lib/dracut/dracut.conf.d.
-The files are then read in alphanumerical order and will overwrite parameters
+The files are then read in alphanumerical order and will override parameters
 set in _/etc/dracut.conf_. Each line specifies an attribute and a value. A '#'
 indicates the beginning of a comment; following characters, up to the end of the
 line are not interpreted.

-dracut command line options will overwrite any values set here.
+dracut command line options will override any values set here.

 Configuration files must have the extension .conf; other extensions are ignored.

@@ -79,7 +79,7 @@ Configuration files must have the extension .conf; other extensions are ignored.
    Specify additional files to include in the initramfs, separated by spaces,
    if they exist.

-*compress=*"__{bzip2|lzma|xz|gzip|lzo|lz4|<compressor [args ...]>}__"::
+*compress=*"__{bzip2|lzma|xz|gzip|lzo|lz4|zstd|<compressor [args ...]>}__"::
    Compress the generated initramfs using the passed compression program. If
    you pass it just the name of a compression program, it will call that
    program with known-working arguments. If you pass arguments, it will be called
@@ -89,15 +89,12 @@ Configuration files must have the extension .conf; other extensions are ignored.
 *do_strip=*"__{yes|no}__"::
    Strip binaries in the initramfs (default=yes)

-*do_prelink=*"__{yes|no}__"::
-    Prelink binaries in the initramfs (default=yes)
-
 *hostonly=*"__{yes|no}__"::
    Host-Only mode: Install only what is needed for booting the local host
    instead of a generic host and generate host-specific configuration.

 *hostonly_cmdline=*"__{yes|no}__"::
-    If set, store the kernel command line arguments needed in the initramfs
+    If set to "yes", store the kernel command line arguments needed in the initramfs

 *persistent_policy=*"__<policy>__"::
    Use _<policy>_ to address disks and partitions.
@@ -167,7 +164,7 @@ provide a valid _/etc/fstab_.
    Directory to search for ACPI tables if acpi_override= is set to yes.

 *early_microcode=*"{yes|no}"::
-    Combine early microcode with ramdisk (default=no)
+    Combine early microcode with ramdisk (default=yes)

 *stdloglvl*="__\{0-6\}__"::
    Set logging to standard error level.
@@ -184,7 +181,7 @@ provide a valid _/etc/fstab_.
 *show_modules=*"__{yes|no}__"::
    Print the name of the included modules to standard output during build.

-*i18n_vars="__<variable mapping>__"::
+*i18n_vars=*"__<variable mapping>__"::
    Distribution specific variable mapping.
    See dracut/modules.d/10i18n/README for a detailed description.

@@ -218,7 +215,7 @@ _/etc/dracut.conf_::
    _/etc/dracut.conf.d/_.

 _/etc/dracut.conf.d/_::
-    Any _/etc/dracut.conf.d/*.conf_ file can overwrite the values in
+    Any _/etc/dracut.conf.d/*.conf_ file can override the values in
    _/etc/dracut.conf_. The configuration files are read in alphanumerical
    order.

--- a/dracut.modules.7.asc
+++ b/dracut.modules.7.asc
@@ -168,7 +168,7 @@ inst_hook cmdline 20 "$moddir/parse-insmodpost.sh"
 inst_simple "$moddir/insmodpost.sh" /sbin/insmodpost.sh
 ----

-The _pase-instmodpost.sh_ parses the kernel command line for a argument
+The _parse-instmodpost.sh_ parses the kernel command line for a argument
 rd.driver.post, blacklists the module from being autoloaded and installs the
 hook _insmodpost.sh_ in the _initqueue/settled_.

@@ -212,7 +212,7 @@ check() should return with:

 0:: Include the dracut module in the initramfs.

-1:: Do not include the dracut module. The requirements are not fullfilled
+1:: Do not include the dracut module. The requirements are not fulfilled
 (missing tools, etc.)

 255:: Only include the dracut module, if another module requires it or if
@@ -255,7 +255,9 @@ not lead to an error.
 ==== inst <src> [<dst>]

 installs _one_ file <src> either to the same place in the initramfs or to an
-optional <dst>.
+optional <dst>. inst with more than two arguments is treated the same as
+inst_multiple, all arguments are treated as files to install and none as
+install destinations.

 ==== inst_hook <hookdir> <prio> <src>

--- a/dracut.png
+++ b/dracut.png
--- a/dracut.sh
+++ b/dracut.sh
@@ -1,4 +1,4 @@
-#!/bin/bash --norc
+#!/bin/bash -p
 #
 # Generator script for a dracut initramfs
 # Tries to retain some degree of compatibility with the command line
@@ -23,6 +23,8 @@

 # store for logging

+unset BASH_ENV
+
 # Verify bash version, current minimum is 4
 if (( BASH_VERSINFO[0] < 4 )); then
    printf -- 'You need at least Bash 4 to use dracut, sorry.' >&2
@@ -108,8 +110,6 @@ Creates initial ramdisk images for preloading modules
  --kernel-cmdline [PARAMETERS] Specify default kernel command line parameters
  --strip               Strip binaries in the initramfs
  --nostrip             Do not strip binaries in the initramfs
-  --prelink             Prelink binaries in the initramfs
-  --noprelink           Do not prelink binaries in the initramfs
  --hardlink            Hardlink files in the initramfs
  --nohardlink          Do not hardlink files in the initramfs
  --prefix [DIR]        Prefix initramfs files with [DIR]
@@ -147,10 +147,32 @@ Creates initial ramdisk images for preloading modules
  -H, --hostonly        Host-Only mode: Install only what is needed for
                        booting the local host instead of a generic host.
  -N, --no-hostonly     Disables Host-Only mode
+  --hostonly-mode <mode>
+                        Specify the hostonly mode to use. <mode> could be
+                        one of "sloppy" or "strict". "sloppy" mode is used
+                        by default.
+                        In "sloppy" hostonly mode, extra drivers and modules
+                        will be installed, so minor hardware change won't make
+                        the image unbootable (eg. changed keyboard), and the
+                        image is still portable among similar hosts.
+                        With "strict" mode enabled, anything not necessary
+                        for booting the local host in its current state will
+                        not be included, and modules may do some extra job
+                        to save more space. Minor change of hardware or
+                        environment could make the image unbootable.
+                        DO NOT use "strict" mode unless you know what you
+                        are doing.
  --hostonly-cmdline    Store kernel command line arguments needed
                        in the initramfs
  --no-hostonly-cmdline Do not store kernel command line arguments needed
                        in the initramfs
+  --no-hostonly-default-device
+                        Do not generate implicit host devices like root,
+                        swap, fstab, etc. Use "--mount" or "--add-device"
+                        to explicitly add devices as needed.
+  --hostonly-i18n       Install only needed keyboard and font files according
+                        to the host configuration (default).
+  --no-hostonly-i18n    Install all keyboard and font files available.
  --persistent-policy [POLICY]
                        Use [POLICY] to address disks and partitions.
                        POLICY can be any directory name found in /dev/disk.
@@ -190,6 +212,9 @@ Creates initial ramdisk images for preloading modules
  --lz4                 Compress the generated initramfs using lz4.
                         Make sure that your kernel has lz4 support compiled
                         in, otherwise you will not be able to boot.
+  --zstd                Compress the generated initramfs using Zstandard.
+                         Make sure that your kernel has zstd support compiled
+                         in, otherwise you will not be able to boot.
  --compress [COMPRESSION] Compress the generated initramfs with the
                         passed compression program.  Make sure your kernel
                         knows how to decompress the generated initramfs,
@@ -276,11 +301,15 @@ dropindirs_sort()
 rearrange_params()
 {
    # Workaround -i, --include taking 2 arguments
-    set -- "${@/--include/++include}"
-
-    # This prevents any long argument ending with "-i"
-    # -i, like --opt-i but I think we can just prevent that
-    set -- "${@/%-i/++include}"
+    newat=()
+    for i in "$@"; do
+      if [[ $i == "-i" ]] || [[ $i == "--include" ]]; then
+            newat+=("++include") # Replace --include by ++include
+        else
+            newat+=("$i")
+        fi
+    done
+    set -- "${newat[@]}" # Set new $@

    TEMP=$(unset POSIXLY_CORRECT; getopt \
        -o "a:m:o:d:I:k:c:L:fvqlHhMN" \
@@ -303,7 +332,7 @@ rearrange_params()
        --long mount: \
        --long device: \
        --long add-device: \
-        --long nofscks: \
+        --long nofscks \
        --long ro-mnt \
        --long kmoddir: \
        --long conf: \
@@ -320,8 +349,6 @@ rearrange_params()
        --long kernel-cmdline: \
        --long strip \
        --long nostrip \
-        --long prelink \
-        --long noprelink \
        --long hardlink \
        --long nohardlink \
        --long noprefix \
@@ -340,8 +367,10 @@ rearrange_params()
        --long host-only \
        --long no-hostonly \
        --long no-host-only \
+        --long hostonly-mode: \
        --long hostonly-cmdline \
        --long no-hostonly-cmdline \
+        --long no-hostonly-default-device \
        --long persistent-policy: \
        --long fstab \
        --long help \
@@ -350,6 +379,7 @@ rearrange_params()
        --long xz \
        --long lzo \
        --long lz4 \
+        --long zstd \
        --long no-compress \
        --long gzip \
        --long list-modules \
@@ -368,6 +398,7 @@ rearrange_params()
        --long kernel-image: \
        --long no-hostonly-i18n \
        --long hostonly-i18n \
+        --long no-machineid \
        -- "$@")

    if (( $? != 0 )); then
@@ -443,9 +474,6 @@ if [[ $append_args_l == "yes" ]]; then
        eval set -- "$TEMP"
        rearrange_params "$@"
    fi
-
-    # clean the temporarily used scratch-pad directory
-    rm -rf $scratch_dir
 fi

 unset PARMS_TO_STORE
@@ -503,8 +531,6 @@ while :; do
                       early_microcode_l="no";;
        --strip)       do_strip_l="yes";;
        --nostrip)     do_strip_l="no";;
-        --prelink)     do_prelink_l="yes";;
-        --noprelink)   do_prelink_l="no";;
        --hardlink)    do_hardlink_l="yes";;
        --nohardlink)  do_hardlink_l="no";;
        --noprefix)    prefix_l="/";;
@@ -527,6 +553,8 @@ while :; do
                       hostonly_l="yes" ;;
        -N|--no-hostonly|--no-host-only)
                       hostonly_l="no" ;;
+        --hostonly-mode)
+                       hostonly_mode_l="$2";           PARMS_TO_STORE+=" '$2'"; shift;;
        --hostonly-cmdline)
                       hostonly_cmdline_l="yes" ;;
        --hostonly-i18n)
@@ -535,6 +563,8 @@ while :; do
                       i18n_install_all_l="yes" ;;
        --no-hostonly-cmdline)
                       hostonly_cmdline_l="no" ;;
+        --no-hostonly-default-device)
+                       hostonly_default_device="no" ;;
        --persistent-policy)
                       persistent_policy_l="$2";       PARMS_TO_STORE+=" '$2'"; shift;;
        --fstab)       use_fstab_l="yes" ;;
@@ -546,6 +576,7 @@ while :; do
        --xz)          compress_l="xz";;
        --lzo)         compress_l="lzo";;
        --lz4)         compress_l="lz4";;
+        --zstd)        compress_l="zstd";;
        --no-compress) _no_compress_l="cat";;
        --gzip)        compress_l="gzip";;
        --list-modules) do_list="yes";;
@@ -563,6 +594,8 @@ while :; do
                       uefi_stub_l="$2";               PARMS_TO_STORE+=" '$2'"; shift;;
        --kernel-image)
                       kernel_image_l="$2";            PARMS_TO_STORE+=" '$2'"; shift;;
+        --no-machineid)
+                       machine_id_l="no";;
        --) shift; break;;

        *)  # should not even reach this point
@@ -615,26 +648,10 @@ if ! [[ $kernel ]]; then
    kernel=$(uname -r)
 fi

-if [[ $kernel ]]; then
-    if ! [[ -d /lib/modules/$kernel ]] && [[ $no_kernel != yes ]]; then
-        printf -- "Kernel version $kernel has no module directory /lib/modules/$kernel\n" >&2
-    fi
-fi
-
-if ! [[ $outfile ]]; then
-    [[ -f /etc/machine-id ]] && read MACHINE_ID < /etc/machine-id
-
-    if [[ $MACHINE_ID ]] && ( [[ -d /boot/${MACHINE_ID} ]] || [[ -L /boot/${MACHINE_ID} ]] ); then
-        outfile="/boot/${MACHINE_ID}/$kernel/initrd"
-    else
-        outfile="/boot/initramfs-$kernel.img"
-    fi
-fi
-
-unset LC_MESSAGES
-unset LC_CTYPE
 export LC_ALL=C
 export LANG=C
+unset LC_MESSAGES
+unset LC_CTYPE
 unset LD_LIBRARY_PATH
 unset LD_PRELOAD
 unset GREP_OPTIONS
@@ -718,14 +735,13 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $drivers_dir_l ]] && drivers_dir=$drivers_dir_l
 [[ $do_strip_l ]] && do_strip=$do_strip_l
 [[ $do_strip ]] || do_strip=yes
-[[ $do_prelink_l ]] && do_prelink=$do_prelink_l
-[[ $do_prelink ]] || do_prelink=yes
 [[ $do_hardlink_l ]] && do_hardlink=$do_hardlink_l
 [[ $do_hardlink ]] || do_hardlink=yes
 [[ $prefix_l ]] && prefix=$prefix_l
 [[ $prefix = "/" ]] && unset prefix
 [[ $hostonly_l ]] && hostonly=$hostonly_l
 [[ $hostonly_cmdline_l ]] && hostonly_cmdline=$hostonly_cmdline_l
+[[ $hostonly_mode_l ]] && hostonly_mode=$hostonly_mode_l
 [[ "$hostonly" == "yes" ]] && ! [[ $hostonly_cmdline ]] && hostonly_cmdline="yes"
 [[ $i18n_install_all_l ]] && i18n_install_all=$i18n_install_all_l
 [[ $persistent_policy_l ]] && persistent_policy=$persistent_policy_l
@@ -733,7 +749,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $mdadmconf_l ]] && mdadmconf=$mdadmconf_l
 [[ $lvmconf_l ]] && lvmconf=$lvmconf_l
 [[ $dracutbasedir ]] || dracutbasedir=/usr/lib/dracut
-[[ $fw_dir ]] || fw_dir="/lib/firmware/updates /lib/firmware /lib/firmware/$kernel"
+[[ $fw_dir ]] || fw_dir="/lib/firmware/updates:/lib/firmware:/lib/firmware/$kernel"
 [[ $tmpdir_l ]] && tmpdir="$tmpdir_l"
 [[ $tmpdir ]] || tmpdir=/var/tmp
 [[ $INITRD_COMPRESS ]] && compress=$INITRD_COMPRESS
@@ -742,14 +758,47 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
 [[ $nofscks_l ]] && nofscks="yes"
 [[ $ro_mnt_l ]] && ro_mnt="yes"
 [[ $early_microcode_l ]] && early_microcode=$early_microcode_l
-[[ $early_microcode ]] || early_microcode=no
+[[ $early_microcode ]] || early_microcode=yes
 [[ $logfile_l ]] && logfile="$logfile_l"
 [[ $reproducible_l ]] && reproducible="$reproducible_l"
 [[ $loginstall_l ]] && loginstall="$loginstall_l"
 [[ $uefi_stub_l ]] && uefi_stub="$uefi_stub_l"
 [[ $kernel_image_l ]] && kernel_image="$kernel_image_l"
+[[ $machine_id_l ]] && machine_id="$machine_id_l"
+
+if ! [[ $outfile ]]; then
+    if [[ $machine_id != "no" ]]; then
+        [[ -f /etc/machine-id ]] && read MACHINE_ID < /etc/machine-id
+    fi
+
+    if [[ $uefi == "yes" ]]; then
+        BUILD_ID=$(cat /etc/os-release /usr/lib/os-release \
+                       | while read -r line || [[ $line ]]; do \
+                       [[ $line =~ BUILD_ID\=* ]] && eval "$line" && echo "$BUILD_ID" && break; \
+                   done)
+        if [[ -d /efi ]] && mountpoint -q /efi; then
+            efidir=/efi
+        else
+            efidir=/boot/EFI
+            if [[ -d /boot/efi/EFI ]] && mountpoint -q /boot/efi; then
+                efidir=/boot/efi/EFI
+            fi
+        fi
+        mkdir -p "$efidir/Linux"
+        outfile="$efidir/Linux/linux-$kernel${MACHINE_ID:+-${MACHINE_ID}}${BUILD_ID:+-${BUILD_ID}}.efi"
+    else
+        if [[ -e "/boot/vmlinuz-$kernel" ]]; then
+            outfile="/boot/initramfs-$kernel.img"
+        elif [[ $MACHINE_ID ]] && ( [[ -d /boot/${MACHINE_ID} ]] || [[ -L /boot/${MACHINE_ID} ]] ); then
+            outfile="/boot/${MACHINE_ID}/$kernel/initrd"
+        else
+            outfile="/boot/initramfs-$kernel.img"
+        fi
+    fi
+fi

 # eliminate IFS hackery when messing with fw_dir
+export DRACUT_FIRMWARE_PATH=${fw_dir// /:}
 fw_dir=${fw_dir//:/ }

 # check for logfile and try to create one if it doesn't exist
@@ -769,7 +818,7 @@ fi

 if ! [[ $compress ]]; then
    # check all known compressors, if none specified
-    for i in pigz gzip lz4 lzop lzma xz lbzip2 bzip2 cat; do
+    for i in pigz gzip lz4 lzop zstd lzma xz lbzip2 bzip2 cat; do
        command -v "$i" &>/dev/null || continue
        compress="$i"
        break
@@ -809,26 +858,40 @@ case $compress in
    lz4)
        compress="lz4 -l -9"
        ;;
+    zstd)
+       compress="zstd -15 -q -T0"
+       ;;
 esac

 [[ $hostonly = yes ]] && hostonly="-h"
 [[ $hostonly != "-h" ]] && unset hostonly

+case $hostonly_mode in
+    '')
+        [[ $hostonly ]] && hostonly_mode="sloppy" ;;
+    sloppy|strict)
+        if [[ ! $hostonly ]]; then
+            unset hostonly_mode
+        fi
+        ;;
+    *)
+        printf "%s\n" "dracut: Invalid hostonly mode '$hostonly_mode'." >&2
+        exit 1
+esac
+
 [[ $reproducible == yes ]] && DRACUT_REPRODUCIBLE=1

-readonly TMPDIR="$tmpdir"
+readonly TMPDIR="$(realpath -e "$tmpdir")"
+[ -d "$TMPDIR" ] || {
+    printf "%s\n" "dracut: Invalid tmpdir '$tmpdir'." >&2
+    exit 1
+}
 readonly DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.XXXXXX)"
 [ -d "$DRACUT_TMPDIR" ] || {
    printf "%s\n" "dracut: mktemp -p '$TMPDIR/' -d -t dracut.XXXXXX failed." >&2
    exit 1
 }
-readonly initdir="${DRACUT_TMPDIR}/initramfs"
-mkdir "$initdir"

-if [[ $early_microcode = yes ]] || ( [[ $acpi_override = yes ]] && [[ -d $acpi_table_dir ]] ); then
-    readonly early_cpio_dir="${DRACUT_TMPDIR}/earlycpio"
-    mkdir "$early_cpio_dir"
-fi
 # clean up after ourselves no matter how we die.
 trap '
    ret=$?;
@@ -839,7 +902,14 @@ trap '
 # clean up after ourselves no matter how we die.
 trap 'exit 1;' SIGINT

-export DRACUT_KERNEL_LAZY="1"
+readonly initdir="${DRACUT_TMPDIR}/initramfs"
+mkdir "$initdir"
+
+if [[ $early_microcode = yes ]] || ( [[ $acpi_override = yes ]] && [[ -d $acpi_table_dir ]] ); then
+    readonly early_cpio_dir="${DRACUT_TMPDIR}/earlycpio"
+    mkdir "$early_cpio_dir"
+fi
+
 export DRACUT_RESOLVE_LAZY="1"

 if [[ $print_cmdline ]]; then
@@ -862,6 +932,12 @@ else
    exit 1
 fi

+if [[ $no_kernel != yes ]] && ! [[ -d $srcmods ]]; then
+    printf "%s\n" "dracut: Cannot find module directory $srcmods" >&2
+    printf "%s\n" "dracut: and --no-kernel was not specified" >&2
+    exit 1
+fi
+
 if ! [[ $print_cmdline ]]; then
    inst /bin/sh
    if ! $DRACUT_INSTALL ${initdir:+-D "$initdir"} -R "$initdir/bin/sh" &>/dev/null; then
@@ -925,7 +1001,12 @@ abs_outfile=$(readlink -f "$outfile") && outfile="$abs_outfile"

 if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then
    if ! [[ -f $srcmods/modules.dep ]]; then
-        dwarn "$srcmods/modules.dep is missing. Did you run depmod?"
+        if [[ -n "$(find "$srcmods" -name '*.ko*')" ]]; then
+            dfatal "$srcmods/modules.dep is missing. Did you run depmod?"
+            exit 1
+        else
+            dwarn "$srcmods/modules.dep is missing. Did you run depmod?"
+        fi
    elif ! ( command -v gzip &>/dev/null && command -v xz &>/dev/null); then
        read _mod < $srcmods/modules.dep
        _mod=${_mod%%:*}
@@ -992,7 +1073,7 @@ if [[ ! $print_cmdline ]]; then

        if ! [[ -s $uefi_stub ]]; then
            for uefi_stub in \
-                "/lib/systemd/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub" \
+                "${systemdutildir}/boot/efi/linux${EFI_MACHINE_TYPE_NAME}.efi.stub" \
                    "/usr/lib/gummiboot/linux${EFI_MACHINE_TYPE_NAME}.efi.stub"; do
                [[ -s $uefi_stub ]] || continue
                break
@@ -1016,8 +1097,8 @@ if [[ ! $print_cmdline ]]; then
    fi
 fi

-if [[ $acpi_override = yes ]] && ! check_kernel_config CONFIG_ACPI_INITRD_TABLE_OVERRIDE; then
-    dwarn "Disabling ACPI override, because kernel does not support it. CONFIG_ACPI_INITRD_TABLE_OVERRIDE!=y"
+if [[ $acpi_override = yes ]] && ! ( check_kernel_config CONFIG_ACPI_TABLE_UPGRADE ||  check_kernel_config CONFIG_ACPI_INITRD_TABLE_OVERRIDE ); then
+    dwarn "Disabling ACPI override, because kernel does not support it. CONFIG_ACPI_INITRD_TABLE_OVERRIDE!=y or CONFIG_ACPI_TABLE_UPGRADE!=y"
    unset acpi_override
 fi

@@ -1096,9 +1177,7 @@ if (( ${#add_device_l[@]} )); then
    push_host_devs "${add_device_l[@]}"
 fi

-declare -A host_modules
-
-if [[ $hostonly ]]; then
+if [[ $hostonly ]] && [[ "$hostonly_default_device" != "no" ]]; then
    # in hostonly mode, determine all devices, which have to be accessed
    # and examine them for filesystem types

@@ -1116,6 +1195,7 @@ if [[ $hostonly ]]; then
        "/usr/lib64" \
        "/boot" \
        "/boot/efi" \
+        "/boot/zipl" \
        ;
    do
        mp=$(readlink -f "$mp")
@@ -1179,17 +1259,12 @@ if [[ $hostonly ]]; then

            push_host_devs "$_dev"
            if [[ "$_t" == btrfs ]]; then
-                for i in $(find_btrfs_devs "$_m"); do
+                for i in $(btrfs_devs "$_m"); do
                    push_host_devs "$i"
                done
            fi
        done < /etc/fstab
    fi
-
-    # check /proc/modules
-    while read m rest || [ -n "$m" ]; do
-        host_modules["$m"]=1
-    done </proc/modules
 fi

 unset m
@@ -1236,16 +1311,16 @@ done
 [[ -d $udevdir ]] \
    || udevdir="$(pkg-config udev --variable=udevdir 2>/dev/null)"
 if ! [[ -d "$udevdir" ]]; then
-    [[ ! -h /lib ]] && [[ -d /lib/udev ]] && udevdir=/lib/udev
-    [[ -d /usr/lib/udev ]] && udevdir=/usr/lib/udev
+    [[ -e /lib/udev/collect ]] && udevdir=/lib/udev
+    [[ -e /usr/lib/udev/collect ]] && udevdir=/usr/lib/udev
 fi

 [[ -d $systemdutildir ]] \
    || systemdutildir=$(pkg-config systemd --variable=systemdutildir 2>/dev/null)

 if ! [[ -d "$systemdutildir" ]]; then
-    [[ ! -h /lib ]] && [[ -d /lib/systemd ]] && systemdutildir=/lib/systemd
-    [[ -d /usr/lib/systemd ]] && systemdutildir=/usr/lib/systemd
+    [[ -e /lib/systemd/systemd-udevd ]] && systemdutildir=/lib/systemd
+    [[ -e /usr/lib/systemd/systemd-udevd ]] && systemdutildir=/usr/lib/systemd
 fi

 [[ -d $systemdsystemunitdir ]] \
@@ -1262,21 +1337,21 @@ fi
    || tmpfilesdir=$(pkg-config systemd --variable=tmpfilesdir 2>/dev/null)

 if ! [[ -d "$tmpfilesdir" ]]; then
-    [[ -f /lib/tmpfiles.d ]] && tmpfilesdir=/lib/tmpfiles.d
-    [[ -f /usr/lib/tmpfiles.d ]] && tmpfilesdir=/usr/lib/tmpfiles.d
+    [[ -d /lib/tmpfiles.d ]] && tmpfilesdir=/lib/tmpfiles.d
+    [[ -d /usr/lib/tmpfiles.d ]] && tmpfilesdir=/usr/lib/tmpfiles.d
 fi

 export initdir dracutbasedir \
    dracutmodules force_add_dracutmodules add_dracutmodules omit_dracutmodules \
    mods_to_load \
    fw_dir drivers_dir debug no_kernel kernel_only \
-    omit_drivers mdadmconf lvmconf root_dev \
+    omit_drivers mdadmconf lvmconf root_devs \
    use_fstab fstab_lines libdirs fscks nofscks ro_mnt \
    stdloglvl sysloglvl fileloglvl kmsgloglvl logfile \
    debug host_fs_types host_devs swap_devs sshkey add_fstab \
    DRACUT_VERSION udevdir prefix filesystems drivers \
    systemdutildir systemdsystemunitdir systemdsystemconfdir \
-    host_modules hostonly_cmdline loginstall \
+    hostonly_cmdline loginstall \
    tmpfilesdir

 mods_to_load=""
@@ -1298,7 +1373,7 @@ do_print_cmdline()
    for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do
        _d_mod=${moddir##*/}; _d_mod=${_d_mod#[0-9][0-9]}
        [[ ${_mods_to_print[$_d_mod]} ]] || continue
-        module_cmdline "$_d_mod"
+        module_cmdline "$_d_mod" "$moddir"
    done
    unset moddir
 }
@@ -1358,10 +1433,12 @@ if [[ $kernel_only != yes ]]; then
    for _d in $hookdirs; do
        mkdir -m 0755 -p ${initdir}/lib/dracut/hooks/$_d
    done
-    if [[ "$UID" = "0" ]]; then
+    if [[ "$EUID" = "0" ]]; then
        [ -c ${initdir}/dev/null ] || mknod ${initdir}/dev/null c 1 3
        [ -c ${initdir}/dev/kmsg ] || mknod ${initdir}/dev/kmsg c 1 11
        [ -c ${initdir}/dev/console ] || mknod ${initdir}/dev/console c 5 1
+        [ -c ${initdir}/dev/random ] || mknod ${initdir}/dev/random c 1 8
+        [ -c ${initdir}/dev/urandom ] || mknod ${initdir}/dev/urandom c 1 9
    fi
 fi

@@ -1377,14 +1454,14 @@ for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do
        dinfo "*** Including module: $_d_mod ***"
    fi
    if [[ $kernel_only == yes ]]; then
-        module_installkernel "$_d_mod" || {
+        module_installkernel "$_d_mod" "$moddir" || {
            dfatal "installkernel failed in module $_d_mod"
            exit 1
        }
    else
-        module_install "$_d_mod"
+        module_install "$_d_mod" "$moddir"
        if [[ $no_kernel != yes ]]; then
-            module_installkernel "$_d_mod" || {
+            module_installkernel "$_d_mod" "$moddir" || {
                dfatal "installkernel failed in module $_d_mod"
                exit 1
            }
@@ -1412,12 +1489,15 @@ dinfo "*** Including modules done ***"

 ## final stuff that has to happen
 if [[ $no_kernel != yes ]]; then
+    if [[ $hostonly ]]; then
+        echo "$(get_loaded_kernel_modules)" > $initdir/lib/dracut/loaded-kernel-modules.txt
+    fi

    if [[ $drivers ]]; then
        hostonly='' instmods $drivers
    fi

-    if [[ $add_drivers ]]; then
+    if [[ -n "${add_drivers// }" ]]; then
        hostonly='' instmods -c $add_drivers
    fi
    if [[ $force_drivers ]]; then
@@ -1431,9 +1511,9 @@ if [[ $no_kernel != yes ]]; then
        hostonly='' instmods -c $filesystems
    fi

-    dinfo "*** Installing kernel module dependencies and firmware ***"
+    dinfo "*** Installing kernel module dependencies ***"
    dracut_kernel_post
-    dinfo "*** Installing kernel module dependencies and firmware done ***"
+    dinfo "*** Installing kernel module dependencies done ***"

    if [[ $noimageifnotneeded == yes ]] && [[ $hostonly ]]; then
        if [[ ! -f "$initdir/lib/dracut/need-initqueue" ]] && \
@@ -1491,10 +1571,14 @@ if [[ $kernel_only != yes ]]; then
    if [[ $DRACUT_RESOLVE_LAZY ]] && [[ $DRACUT_INSTALL ]]; then
        dinfo "*** Resolving executable dependencies ***"
        find "$initdir" -type f -perm /0111 -not -path '*.ko' -print0 \
-        | xargs -r -0 $DRACUT_INSTALL ${initdir:+-D "$initdir"} -R ${DRACUT_FIPS_MODE:+-H} --
+        | xargs -r -0 $DRACUT_INSTALL ${initdir:+-D "$initdir"} -R ${DRACUT_FIPS_MODE:+-f} --
        dinfo "*** Resolving executable dependencies done***"
    fi

+    # Now we are done with lazy resolving, always install dependencies
+    unset DRACUT_RESOLVE_LAZY
+    export DRACUT_RESOLVE_DEPS=1
+
    # libpthread workaround: pthread_cancel wants to dlopen libgcc_s.so
    for _dir in $libdirs; do
        for _f in "$_dir/libpthread.so"*; do
@@ -1527,9 +1611,9 @@ for ((i=0; i < ${#include_src[@]}; i++)); do
                        mkdir -m 0755 -p "$object_destdir"
                        chmod --reference="$objectname" "$object_destdir"
                    fi
-                    cp --reflink=auto --sparse=auto -fa -t "$object_destdir" "$objectname"/*
+                    $DRACUT_CP -t "$object_destdir" "$objectname"/*
                else
-                    cp --reflink=auto --sparse=auto -fa -t "$destdir" "$objectname"
+                    $DRACUT_CP -t "$destdir" "$objectname"
                fi
            done
        fi
@@ -1542,7 +1626,7 @@ if [[ $kernel_only != yes ]]; then
        [[ -f $f ]] && inst_simple "$f"
    done
    if ! ldconfig -r "$initdir"; then
-        if [[ $UID = 0 ]]; then
+        if [[ $EUID = 0 ]]; then
            derror "ldconfig exited ungracefully"
        else
            derror "ldconfig might need uid=0 (root) for chroot()"
@@ -1550,21 +1634,6 @@ if [[ $kernel_only != yes ]]; then
    fi
 fi

-PRELINK_BIN="$(command -v prelink)"
-if [[ $UID = 0 ]] && [[ $PRELINK_BIN ]]; then
-    if [[ $DRACUT_FIPS_MODE ]]; then
-        dinfo "*** Installing prelink files ***"
-        inst_multiple -o prelink /etc/prelink.conf /etc/prelink.conf.d/*.conf /etc/prelink.cache
-    elif [[ $do_prelink == yes ]]; then
-        dinfo "*** Pre-linking files ***"
-        inst_multiple -o prelink /etc/prelink.conf /etc/prelink.conf.d/*.conf
-        chroot "$initdir" "$PRELINK_BIN" -a
-        rm -f -- "$initdir/$PRELINK_BIN"
-        rm -fr -- "$initdir"/etc/prelink.*
-        dinfo "*** Pre-linking files done ***"
-    fi
-fi
-
 if [[ $do_hardlink = yes ]] && command -v hardlink >/dev/null; then
    dinfo "*** Hardlinking files ***"
    hardlink "$initdir" 2>&1
@@ -1573,7 +1642,11 @@ fi

 # strip binaries
 if [[ $do_strip = yes ]] ; then
-    for p in strip xargs find; do
+    # Prefer strip from elfutils for package size
+    declare strip_cmd=$(command -v eu-strip)
+    test -z "$strip_cmd" && strip_cmd="strip"
+
+    for p in $strip_cmd xargs find; do
        if ! type -P $p >/dev/null; then
            dinfo "Could not find '$p'. Not stripping the initramfs."
            do_strip=no
@@ -1581,18 +1654,23 @@ if [[ $do_strip = yes ]] ; then
    done
 fi

+# cleanup empty ldconfig_paths directories
+for d in $(ldconfig_paths); do
+    rmdir -p --ignore-fail-on-non-empty "$initdir/$d" >/dev/null 2>&1
+done
+
 if [[ $do_strip = yes ]] && ! [[ $DRACUT_FIPS_MODE ]]; then
    dinfo "*** Stripping files ***"
    find "$initdir" -type f \
        -executable -not -path '*/lib/modules/*.ko' -print0 \
-        | xargs -r -0 strip -g 2>/dev/null
+        | xargs -r -0 $strip_cmd -g 2>/dev/null

    # strip kernel modules, but do not touch signed modules
    find "$initdir" -type f -path '*/lib/modules/*.ko' -print0 \
        | while read -r -d $'\0' f || [ -n "$f" ]; do
-        SIG=$(tail -c 28 "$f")
+        SIG=$(tail -c 28 "$f" | tr -d '\000')
        [[ $SIG == '~Module signature appended~' ]] || { printf "%s\000" "$f"; }
-    done | xargs -r -0 strip -g
+    done | xargs -r -0 $strip_cmd -g

    dinfo "*** Stripping files done ***"
 fi
@@ -1641,7 +1719,7 @@ if [[ $acpi_override = yes ]] && [[ -d $acpi_table_dir ]]; then
    mkdir -p $_dest_dir
    for table in $acpi_table_dir/*.aml; do
        dinfo "   Adding ACPI table: $table"
-        cp -a $table $_dest_dir
+        $DRACUT_CP $table $_dest_dir
        create_early_cpio="yes"
    done
 fi
@@ -1652,7 +1730,7 @@ if ! ( echo $PARMS_TO_STORE > $initdir/lib/dracut/build-parameter.txt ); then
    exit 1
 fi

-if [[ $hostonly_cmdline ]] ; then
+if [[ $hostonly_cmdline == "yes" ]] ; then
    unset _stored_cmdline
    if [ -d $initdir/etc/cmdline.d ];then
        dinfo "Stored kernel commandline:"
@@ -1669,6 +1747,122 @@ fi

 dinfo "*** Creating image file '$outfile' ***"

+if dracut_module_included "squash"; then
+    if ! check_kernel_config CONFIG_SQUASHFS; then
+        dfatal "CONFIG_SQUASHFS have to be enabled for dracut squash module to work"
+        exit 1
+    fi
+    if ! check_kernel_config CONFIG_OVERLAY_FS; then
+        dfatal "CONFIG_OVERLAY_FS have to be enabled for dracut squash module to work"
+        exit 1
+    fi
+    if ! check_kernel_config CONFIG_DEVTMPFS; then
+        dfatal "CONFIG_DEVTMPFS have to be enabled for dracut squash module to work"
+        exit 1
+    fi
+
+    readonly squash_dir="${DRACUT_TMPDIR}/squashfs"
+    readonly squash_img=$initdir/squash/root.img
+
+    # Currently only move "usr" "etc" to squashdir
+    readonly squash_candidate=( "usr" "etc" )
+
+    mkdir -m 0755 -p $squash_dir
+    for folder in "${squash_candidate[@]}"; do
+        mv $initdir/$folder $squash_dir/$folder
+    done
+
+    # Move some files out side of the squash image, including:
+    # - Files required to boot and mount the squashfs image
+    # - Files need to be accessable without mounting the squash image
+    required_in_root() {
+        local file=$1
+        local _sqsh_file=$squash_dir/$file
+        local _init_file=$initdir/$file
+
+        if [[ -e $_init_file ]]; then
+            return
+        fi
+
+        if [[ ! -e $_sqsh_file ]] && [[ ! -L $_sqsh_file ]]; then
+            derror "$file is required to boot a squashed initramfs but it's not installed!"
+            return
+        fi
+
+        if [[ ! -d $(dirname $_init_file) ]]; then
+            required_in_root $(dirname $file)
+        fi
+
+        if [[ -L $_sqsh_file ]]; then
+          cp --preserve=all -P $_sqsh_file $_init_file
+          _sqsh_file=$(realpath $_sqsh_file 2>/dev/null)
+          if [[ -e $_sqsh_file ]] && [[ "$_sqsh_file" == "$squash_dir"* ]]; then
+            # Relative symlink
+            required_in_root ${_sqsh_file#$squash_dir/}
+            return
+          fi
+          if [[ -e $squash_dir$_sqsh_file ]]; then
+            # Absolute symlink
+            required_in_root ${_sqsh_file#/}
+            return
+          fi
+          required_in_root ${module_spec#$squash_dir/}
+        else
+          if [[ -d $_sqsh_file ]]; then
+            mkdir $_init_file
+          else
+            mv $_sqsh_file $_init_file
+          fi
+        fi
+    }
+
+    required_in_root etc/initrd-release
+
+    for module_spec in $squash_dir/usr/lib/modules/*/modules.*;
+    do
+        required_in_root ${module_spec#$squash_dir/}
+    done
+
+    for dracut_spec in $squash_dir/usr/lib/dracut/*;
+    do
+        required_in_root ${dracut_spec#$squash_dir/}
+    done
+
+    mv $initdir/init $initdir/init.stock
+    mv $initdir/shutdown $initdir/shutdown.stock
+    ln -s squash/init.sh $initdir/init
+    ln -s squash/shutdown.sh $initdir/shutdown
+
+    # Reinstall required files for the squash image setup script.
+    # We have moved them inside the squashed image, but they need to be
+    # accessible before mounting the image.
+    inst_multiple "echo" "sh" "mount" "modprobe" "mkdir"
+    hostonly="" instmods "loop" "squashfs" "overlay"
+
+    # Only keep systemctl outsite if we need switch root
+    if [[ ! -f "$initdir/lib/dracut/no-switch-root" ]]; then
+      inst "systemctl"
+    fi
+
+    for folder in "${squash_candidate[@]}"; do
+        # Remove duplicated files in squashfs image, save some more space
+        [[ ! -d $initdir/$folder/ ]] && continue
+        for file in $(find $initdir/$folder/ -not -type d);
+        do
+            if [[ -e $squash_dir${file#$initdir} ]]; then
+                mv $squash_dir${file#$initdir} $file
+            fi
+        done
+    done
+
+    mksquashfs $squash_dir $squash_img -comp xz -b 64K -Xdict-size 100% &> /dev/null
+
+    if [[ $? != 0 ]]; then
+        dfatal "dracut: Failed making squash image"
+        exit 1
+    fi
+fi
+
 if [[ $uefi = yes ]]; then
    readonly uefi_outdir="$DRACUT_TMPDIR/uefi"
    mkdir "$uefi_outdir"
@@ -1685,7 +1879,7 @@ if [[ $DRACUT_REPRODUCIBLE ]]; then
    fi
 fi

-[[ "$UID" != 0 ]] && cpio_owner_root="-R 0:0"
+[[ "$EUID" != 0 ]] && cpio_owner_root="-R 0:0"

 if [[ $create_early_cpio = yes ]]; then
    echo 1 > "$early_cpio_dir/d/early_cpio"
@@ -1697,7 +1891,7 @@ if [[ $create_early_cpio = yes ]]; then

    # The microcode blob is _before_ the initramfs blob, not after
    if ! (
-            cd "$early_cpio_dir/d"
+            umask 077; cd "$early_cpio_dir/d"
            find . -print0 | sort -z \
                | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
        ); then
@@ -1716,7 +1910,7 @@ if ! (
    exit 1
 fi

-if (( maxloglvl >= 5 )); then
+if (( maxloglvl >= 5 )) && (( verbosity_mod_l >= 0 )); then
    if [[ $allowlocal ]]; then
 	"$dracutbasedir/lsinitrd.sh" "${DRACUT_TMPDIR}/initramfs.img"| ddebug
    else
@@ -1724,6 +1918,8 @@ if (( maxloglvl >= 5 )); then
    fi
 fi

+umask 077
+
 if [[ $uefi = yes ]]; then
    if [[ $kernel_cmdline ]]; then
        echo -n "$kernel_cmdline" > "$uefi_outdir/cmdline.txt"
@@ -1749,7 +1945,7 @@ if [[ $uefi = yes ]]; then
           --add-section .linux="$kernel_image" --change-section-vma .linux=0x40000 \
           --add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd=0x3000000 \
           "$uefi_stub" "${uefi_outdir}/linux.efi" \
-            && mv "${uefi_outdir}/linux.efi" "$outfile"; then
+            && cp --reflink=auto "${uefi_outdir}/linux.efi" "$outfile"; then
        dinfo "*** Creating UEFI image file '$outfile' done ***"
    else
        rm -f -- "$outfile"
@@ -1757,7 +1953,7 @@ if [[ $uefi = yes ]]; then
        exit 1
    fi
 else
-    if mv "${DRACUT_TMPDIR}/initramfs.img" "$outfile"; then
+    if cp --reflink=auto "${DRACUT_TMPDIR}/initramfs.img" "$outfile"; then
        dinfo "*** Creating initramfs image file '$outfile' done ***"
    else
        rm -f -- "$outfile"
@@ -1766,5 +1962,25 @@ else
    fi
 fi

+command -v restorecon &>/dev/null && restorecon -- "$outfile"
+
+# We sync/fsfreeze only if we're operating on a live booted system.
+# It's possible for e.g. `kernel` to be installed as an RPM BuildRequires or equivalent,
+# and there's no reason to sync, and *definitely* no reason to fsfreeze.
+# Another case where this happens is rpm-ostree, which performs its own sync/fsfreeze
+# globally.  See e.g. https://github.com/ostreedev/ostree/commit/8642ef5ab3fec3ac8eb8f193054852f83a8bc4d0
+if test -d /run/systemd/system; then
+    if ! sync "$outfile" 2> /dev/null; then
+        dinfo "dracut: sync operation on newly created initramfs $outfile failed"
+        exit 1
+    fi
+
+    # use fsfreeze only if we're not writing to /
+    if [[ "$(stat -c %m -- "$outfile")" != "/" && "$(stat -f -c %T -- "$outfile")" != "msdos" ]]; then
+        if ! $(fsfreeze -f $(dirname "$outfile") 2>/dev/null && fsfreeze -u $(dirname "$outfile") 2>/dev/null); then
+            dinfo "dracut: warning: could not fsfreeze $(dirname "$outfile")"
+        fi
+    fi
+fi

 exit 0
--- a/dracut.spec
+++ b/dracut.spec
@@ -5,18 +5,11 @@
 # strip the automatically generated dep here and instead co-own the
 # directory.
 %global __requires_exclude pkg-config
-
-# Variables must be defined
-%define with_nbd                1
-
-# nbd in Fedora only
-%if 0%{?rhel} >= 6
-%define with_nbd 0
-%endif
+%define dist_free_release xxx

 Name: dracut
 Version: xxx
-Release: xxx
+Release: %{dist_free_release}%{?dist}

 Summary: Initramfs generator using udev
 %if 0%{?fedora} || 0%{?rhel}
@@ -33,24 +26,21 @@ License: GPLv2+ and LGPLv2+
 URL: https://dracut.wiki.kernel.org/

 # Source can be generated by
-# http://git.kernel.org/?p=boot/dracut/dracut.git;a=snapshot;h=%{version};sf=tgz
+# http://git.kernel.org/?p=boot/dracut/dracut.git;a=snapshot;h=%%{version};sf=tgz
 Source0: http://www.kernel.org/pub/linux/utils/boot/dracut/dracut-%{version}.tar.xz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt

-
-BuildRequires: bash git
+BuildRequires: bash
+BuildRequires: git
+BuildRequires: kmod-devel >= 23
+BuildRequires: gcc

 %if 0%{?fedora} || 0%{?rhel}
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: pkgconfig
+BuildRequires: systemd
 %endif
 %if 0%{?fedora}
 BuildRequires: bash-completion
-BuildRequires: pkgconfig
-%endif
-
-%if 0%{?suse_version}
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
 %endif

 %if %{with doc}
@@ -59,36 +49,28 @@ BuildRequires: docbook-style-xsl docbook-dtds libxslt
 %endif

 %if 0%{?suse_version}
-BuildRequires: docbook-xsl-stylesheets libxslt
+BuildRequires: docbook-xsl-stylesheets libxslt
 %endif

 BuildRequires: asciidoc
 %endif

-%if 0%{?fedora} > 12 || 0%{?rhel}
-# no "provides", because dracut does not offer
-# all functionality of the obsoleted packages
-Obsoletes: mkinitrd <= 6.0.93
-Obsoletes: mkinitrd-devel <= 6.0.93
-Obsoletes: nash <= 6.0.93
-Obsoletes: libbdevid-python <= 6.0.93
-%endif
-
-%if 0%{?fedora} > 16 || 0%{?rhel} > 6
-BuildRequires: systemd-units
-%endif
-
 %if 0%{?suse_version} > 9999
 Obsoletes: mkinitrd < 2.6.1
 Provides: mkinitrd = 2.6.1
 %endif

+Obsoletes: dracut-fips <= 047
+Provides:  dracut-fips = %{version}-%{release}
+Obsoletes: dracut-fips-aesni <= 047
+Provides:  dracut-fips-aesni = %{version}-%{release}
+
 Obsoletes: dracut-kernel < 005
 Provides:  dracut-kernel = %{version}-%{release}

-Obsoletes: dracut <= 029
-Obsoletes: dracut-norescue
-Provides:  dracut-norescue
+Obsoletes: dracut < 030
+Obsoletes: dracut-norescue < 030
+Provides:  dracut-norescue = %{version}-%{release}

 Requires: bash >= 4
 Requires: coreutils
@@ -101,42 +83,45 @@ Requires: sed
 Requires: xz
 Requires: gzip

-%if 0%{?fedora} > 22
-Recommends: grubby
+%if 0%{?fedora} || 0%{?rhel}
 Recommends: hardlink
 Recommends: pigz
 Recommends: kpartx
+Requires: util-linux >= 2.21
+Requires: systemd >= 219
+Requires: systemd-udev >= 219
+Requires: procps-ng
 %else
 Requires: hardlink
 Requires: gzip
 Requires: kpartx
-%endif
-
-%if 0%{?fedora} || 0%{?rhel} > 6
-Requires: util-linux >= 2.21
-Requires: systemd >= 219
-Requires: procps-ng
-Conflicts: grubby < 8.23
-Conflicts: initscripts < 8.63-1
-Conflicts: plymouth < 0.8.0-0.2009.29.09.19.1
-Conflicts: bcache-tools < 0-0.14.20130909git
-%else
 Requires: udev > 166
 Requires: util-linux-ng >= 2.21
 %endif

-Conflicts: mdadm < 3.2.6-14
+%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version}
+Requires: libkcapi-hmaccalc
+%endif

 %description
-dracut contains tools to create a bootable initramfs for 2.6 Linux kernels.
-Unlike existing implementations, dracut does hard-code as little as possible
-into the initramfs. dracut contains various modules which are driven by the
-event-based udev. Having root on MD, DM, LVM2, LUKS is supported as well as
-NFS, iSCSI, NBD, FCoE with the dracut-network package.
+dracut contains tools to create bootable initramfses for the Linux
+kernel. Unlike previous implementations, dracut hard-codes as little
+as possible into the initramfs. dracut contains various modules which
+are driven by the event-based udev. Having root on MD, DM, LVM2, LUKS
+is supported as well as NFS, iSCSI, NBD, FCoE with the dracut-network
+package.

 %package network
 Summary: dracut modules to build a dracut initramfs with network support
+%if 0%{?_module_build}
+# In the module-build-service, we have pieces of dracut provided by different
+# modules ("base-runtime" provides most functionality, but we need
+# dracut-network in "installer". Since these two modules build with separate
+# dist-tags, we need to reduce this strict requirement to ignore the dist-tag.
+Requires: %{name} >= %{version}-%{dist_free_release}
+%else
 Requires: %{name} = %{version}-%{release}
+%endif
 Requires: iputils
 Requires: iproute
 Requires: dhclient
@@ -147,32 +132,6 @@ Provides:  dracut-generic = %{version}-%{release}
 This package requires everything which is needed to build a generic
 all purpose initramfs with network support with dracut.

-%if 0%{?fedora} || 0%{?rhel} >= 6 || 0%{?suse_version}
-%package fips
-Summary: dracut modules to build a dracut initramfs with an integrity check
-Requires: %{name} = %{version}-%{release}
-Requires: hmaccalc
-%if 0%{?rhel} > 5
-# For Alpha 3, we want nss instead of nss-softokn
-Requires: nss
-%else
-Requires: nss-softokn
-%endif
-Requires: nss-softokn-freebl
-
-%description fips
-This package requires everything which is needed to build an
-initramfs with dracut, which does an integrity check.
-%endif
-
-%package fips-aesni
-Summary: dracut modules to build a dracut initramfs with an integrity check with aesni-intel
-Requires: %{name}-fips = %{version}-%{release}
-
-%description fips-aesni
-This package requires everything which is needed to build an
-initramfs with dracut, which does an integrity check and adds the aesni-intel kernel module.
-
 %package caps
 Summary: dracut modules to build a dracut initramfs which drops capabilities
 Requires: %{name} = %{version}-%{release}
@@ -184,9 +143,17 @@ initramfs with dracut, which drops capabilities.

 %package live
 Summary: dracut modules to build a dracut initramfs with live image capabilities
+%if 0%{?_module_build}
+# See the network subpackage comment.
+Requires: %{name} >= %{version}-%{dist_free_release}
+%else
 Requires: %{name} = %{version}-%{release}
+%endif
 Requires: %{name}-network = %{version}-%{release}
 Requires: tar gzip coreutils bash device-mapper curl
+%if 0%{?fedora}
+Requires: fuse ntfs-3g
+%endif

 %description live
 This package requires everything which is needed to build an
@@ -195,8 +162,8 @@ initramfs with dracut, with live image capabilities, like Live CDs.
 %package config-generic
 Summary: dracut configuration to turn off hostonly image generation
 Requires: %{name} = %{version}-%{release}
-Obsoletes: dracut-nohostonly
-Provides:  dracut-nohostonly
+Obsoletes: dracut-nohostonly < 030
+Provides:  dracut-nohostonly = %{version}-%{release}

 %description config-generic
 This package provides the configuration to turn off the host specific initramfs
@@ -205,7 +172,7 @@ generation with dracut and generates a generic image by default.
 %package config-rescue
 Summary: dracut configuration to turn on rescue image generation
 Requires: %{name} = %{version}-%{release}
-Obsoletes: dracut <= 029
+Obsoletes: dracut < 030

 %description config-rescue
 This package provides the configuration to turn on the rescue initramfs
@@ -218,22 +185,32 @@ Requires: %{name} = %{version}-%{release}
 %description tools
 This package contains tools to assemble the local initrd and host configuration.

+%package squash
+Summary: dracut module to build an initramfs with most files in a squashfs image
+Requires: %{name} = %{version}-%{release}
+Requires: squashfs-tools
+
+%description squash
+This package provides a dracut module to build an initramfs, but store most files
+in a squashfs image, result in a smaller initramfs size and reduce runtime memory
+usage.
+
 %prep
 %autosetup -n %{name}-%{version} -S git_am
 cp %{SOURCE1} .

 %build
-%configure --systemdsystemunitdir=%{_unitdir} --bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) --libdir=%{_prefix}/lib \
+%configure  --systemdsystemunitdir=%{_unitdir} \
+            --bashcompletiondir=$(pkg-config --variable=completionsdir bash-completion) \
+            --libdir=%{_prefix}/lib \
 %if %{without doc}
-     --disable-documentation
+            --disable-documentation \
 %endif
+            ${NULL}

 make %{?_smp_mflags}

 %install
-%if 0%{?fedora} || 0%{?rhel}
-rm -rf -- $RPM_BUILD_ROOT
-%endif
 make %{?_smp_mflags} install \
     DESTDIR=$RPM_BUILD_ROOT \
     libdir=%{_prefix}/lib
@@ -242,7 +219,6 @@ echo "DRACUT_VERSION=%{version}-%{release}" > $RPM_BUILD_ROOT/%{dracutlibdir}/dr

 %if 0%{?fedora} == 0 && 0%{?rhel} == 0 && 0%{?suse_version} == 0
 rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/01fips
-rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/02fips-aesni
 %endif

 %if %{defined _unitdir}
@@ -263,6 +239,23 @@ rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/97masterkey
 rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/98integrity
 %endif

+%ifnarch s390 s390x
+# remove architecture specific modules
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/80cms
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/81cio_ignore
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/91zipl
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95dasd
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95dasd_mod
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95dasd_rules
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95dcssblk
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95qeth_rules
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95zfcp
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95zfcp_rules
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/95znet
+%else
+rm -fr -- $RPM_BUILD_ROOT/%{dracutlibdir}/modules.d/00warpclock
+%endif
+
 mkdir -p $RPM_BUILD_ROOT/boot/dracut
 mkdir -p $RPM_BUILD_ROOT/var/lib/dracut/overlay
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log
@@ -277,33 +270,21 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man?/*suse*
 install -m 0644 dracut.conf.d/suse.conf.example   $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/01-dist.conf
 %endif

-%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version}
-install -m 0644 dracut.conf.d/fips.conf.example $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/40-fips.conf
-%endif
-
-%if 0%{?fedora} <= 12 && 0%{?rhel} < 6 && 0%{?suse_version} <= 9999
+%if 0%{?fedora} == 0 && 0%{?rhel} == 0 && 0%{?suse_version} <= 9999
 rm -f -- $RPM_BUILD_ROOT%{_bindir}/mkinitrd
 rm -f -- $RPM_BUILD_ROOT%{_bindir}/lsinitrd
 %endif

-%if 0%{?fedora} || 0%{?rhel} > 6
-# FIXME: remove after F19
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/kernel/postinst.d
-install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kernel/postinst.d/51-dracut-rescue-postinst.sh
-
+%if 0%{?fedora} || 0%{?rhel}
 echo 'hostonly="no"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/02-generic-image.conf
 echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/02-rescue.conf
-%endif

-%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version}
-> $RPM_BUILD_ROOT/etc/system-fips
+# FIXME: remove after F30
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/kernel/postinst.d
+install -m 0755 51-dracut-rescue-postinst.sh $RPM_BUILD_ROOT%{_sysconfdir}/kernel/postinst.d/51-dracut-rescue-postinst.sh
 %endif

-%clean
-rm -rf -- $RPM_BUILD_ROOT
-
 %files
-%defattr(-,root,root,0755)
 %if %{with doc}
 %doc README HACKING TODO AUTHORS NEWS dracut.html dracut.png dracut.svg
 %endif
@@ -312,7 +293,7 @@ rm -rf -- $RPM_BUILD_ROOT
 %{_bindir}/dracut
 %{_datadir}/bash-completion/completions/dracut
 %{_datadir}/bash-completion/completions/lsinitrd
-%if 0%{?fedora} > 12 || 0%{?rhel} >= 6 || 0%{?suse_version} > 9999
+%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version} > 9999
 %{_bindir}/mkinitrd
 %{_bindir}/lsinitrd
 %endif
@@ -338,7 +319,7 @@ rm -rf -- $RPM_BUILD_ROOT
 %if %{with doc}
 %{_mandir}/man8/dracut.8*
 %{_mandir}/man8/*service.8*
-%if 0%{?fedora} > 12 || 0%{?rhel} >= 6 || 0%{?suse_version} > 9999
+%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version} > 9999
 %{_mandir}/man8/mkinitrd.8*
 %{_mandir}/man1/lsinitrd.1*
 %endif
@@ -349,58 +330,73 @@ rm -rf -- $RPM_BUILD_ROOT
 %{_mandir}/man5/dracut.conf.5*
 %endif

-%if %{defined _unitdir}
-%{dracutlibdir}/modules.d/00systemd-bootchart
-%else
+%if %{undefined _unitdir}
 %{dracutlibdir}/modules.d/00bootchart
 %endif
 %{dracutlibdir}/modules.d/00bash
 %{dracutlibdir}/modules.d/00systemd
+%ifnarch s390 s390x
+%{dracutlibdir}/modules.d/00warpclock
+%endif
+%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version}
+%{dracutlibdir}/modules.d/01fips
+%endif
 %{dracutlibdir}/modules.d/01systemd-initrd
 %{dracutlibdir}/modules.d/03modsign
 %{dracutlibdir}/modules.d/03rescue
 %{dracutlibdir}/modules.d/04watchdog
 %{dracutlibdir}/modules.d/05busybox
+%{dracutlibdir}/modules.d/06rngd
 %{dracutlibdir}/modules.d/10i18n
 %{dracutlibdir}/modules.d/30convertfs
 %{dracutlibdir}/modules.d/45url-lib
 %{dracutlibdir}/modules.d/50drm
 %{dracutlibdir}/modules.d/50plymouth
-%{dracutlibdir}/modules.d/80cms
+%{dracutlibdir}/modules.d/80lvmmerge
 %{dracutlibdir}/modules.d/90btrfs
 %{dracutlibdir}/modules.d/90crypt
 %{dracutlibdir}/modules.d/90dm
 %{dracutlibdir}/modules.d/90dmraid
 %{dracutlibdir}/modules.d/90kernel-modules
+%{dracutlibdir}/modules.d/90kernel-modules-extra
 %{dracutlibdir}/modules.d/90lvm
 %{dracutlibdir}/modules.d/90mdraid
 %{dracutlibdir}/modules.d/90multipath
+%{dracutlibdir}/modules.d/90stratis
 %{dracutlibdir}/modules.d/90qemu
 %{dracutlibdir}/modules.d/91crypt-gpg
 %{dracutlibdir}/modules.d/91crypt-loop
 %{dracutlibdir}/modules.d/95debug
+%{dracutlibdir}/modules.d/95fstab-sys
+%{dracutlibdir}/modules.d/95lunmask
 %{dracutlibdir}/modules.d/95resume
 %{dracutlibdir}/modules.d/95rootfs-block
-%{dracutlibdir}/modules.d/95dasd
-%{dracutlibdir}/modules.d/95dasd_mod
-%{dracutlibdir}/modules.d/95dasd_rules
-%{dracutlibdir}/modules.d/95fstab-sys
-%{dracutlibdir}/modules.d/95zfcp
-%{dracutlibdir}/modules.d/95zfcp_rules
 %{dracutlibdir}/modules.d/95terminfo
 %{dracutlibdir}/modules.d/95udev-rules
 %{dracutlibdir}/modules.d/95virtfs
+%ifarch s390 s390x
+%{dracutlibdir}/modules.d/80cms
+%{dracutlibdir}/modules.d/81cio_ignore
+%{dracutlibdir}/modules.d/91zipl
+%{dracutlibdir}/modules.d/95dasd
+%{dracutlibdir}/modules.d/95dasd_mod
+%{dracutlibdir}/modules.d/95dasd_rules
+%{dracutlibdir}/modules.d/95dcssblk
+%{dracutlibdir}/modules.d/95qeth_rules
+%{dracutlibdir}/modules.d/95zfcp
+%{dracutlibdir}/modules.d/95zfcp_rules
+%endif
 %if %{undefined _unitdir}
 %{dracutlibdir}/modules.d/96securityfs
 %{dracutlibdir}/modules.d/97masterkey
 %{dracutlibdir}/modules.d/98integrity
 %endif
 %{dracutlibdir}/modules.d/97biosdevname
+%{dracutlibdir}/modules.d/98dracut-systemd
 %{dracutlibdir}/modules.d/98ecryptfs
 %{dracutlibdir}/modules.d/98pollcdrom
 %{dracutlibdir}/modules.d/98selinux
 %{dracutlibdir}/modules.d/98syslog
-%{dracutlibdir}/modules.d/98dracut-systemd
 %{dracutlibdir}/modules.d/98usrmount
 %{dracutlibdir}/modules.d/99base
 %{dracutlibdir}/modules.d/99fs-lib
@@ -426,52 +422,40 @@ rm -rf -- $RPM_BUILD_ROOT
 %{_unitdir}/initrd.target.wants/dracut-pre-udev.service

 %endif
-%if 0%{?fedora} || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel}
 %{_prefix}/lib/kernel/install.d/50-dracut.install
 %endif

 %files network
-%defattr(-,root,root,0755)
 %{dracutlibdir}/modules.d/02systemd-networkd
+%{dracutlibdir}/modules.d/35network-manager
+%{dracutlibdir}/modules.d/35network-legacy
 %{dracutlibdir}/modules.d/40network
+%{dracutlibdir}/modules.d/45ifcfg
 %{dracutlibdir}/modules.d/90kernel-network-modules
-%{dracutlibdir}/modules.d/95fcoe
-%{dracutlibdir}/modules.d/95iscsi
 %{dracutlibdir}/modules.d/90qemu-net
 %{dracutlibdir}/modules.d/95cifs
+%{dracutlibdir}/modules.d/95fcoe
+%{dracutlibdir}/modules.d/95fcoe-uefi
+%{dracutlibdir}/modules.d/95iscsi
 %{dracutlibdir}/modules.d/95nbd
 %{dracutlibdir}/modules.d/95nfs
 %{dracutlibdir}/modules.d/95ssh-client
-%{dracutlibdir}/modules.d/45ifcfg
+%ifarch s390 s390x
 %{dracutlibdir}/modules.d/95znet
-%{dracutlibdir}/modules.d/95fcoe-uefi
+%endif
 %{dracutlibdir}/modules.d/99uefi-lib

-%if 0%{?fedora} || 0%{?rhel} || 0%{?suse_version}
-%files fips
-%defattr(-,root,root,0755)
-%{dracutlibdir}/modules.d/01fips
-%{dracutlibdir}/dracut.conf.d/40-fips.conf
-%config(missingok) /etc/system-fips
-%endif
-
-%files fips-aesni
-%defattr(-,root,root,0755)
-%{dracutlibdir}/modules.d/02fips-aesni
-
 %files caps
-%defattr(-,root,root,0755)
 %{dracutlibdir}/modules.d/02caps

 %files live
-%defattr(-,root,root,0755)
 %{dracutlibdir}/modules.d/99img-lib
 %{dracutlibdir}/modules.d/90dmsquash-live
+%{dracutlibdir}/modules.d/90dmsquash-live-ntfs
 %{dracutlibdir}/modules.d/90livenet

 %files tools
-%defattr(-,root,root,0755)
-
 %if %{with doc}
 %doc %{_mandir}/man8/dracut-catimages.8*
 %endif
@@ -481,15 +465,17 @@ rm -rf -- $RPM_BUILD_ROOT
 %dir /var/lib/dracut
 %dir /var/lib/dracut/overlay

+%files squash
+%{dracutlibdir}/modules.d/99squash
+
 %files config-generic
-%defattr(-,root,root,0755)
 %{dracutlibdir}/dracut.conf.d/02-generic-image.conf

 %files config-rescue
-%defattr(-,root,root,0755)
 %{dracutlibdir}/dracut.conf.d/02-rescue.conf
-%if 0%{?fedora} || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel}
 %{_prefix}/lib/kernel/install.d/51-dracut-rescue.install
+# FIXME: remove after F30
 %{_sysconfdir}/kernel/postinst.d/51-dracut-rescue-postinst.sh
 %endif

--- a/dracut.usage.asc
+++ b/dracut.usage.asc
@@ -243,7 +243,7 @@ If your root partition is on a network drive, you have to have the network
 dracut modules installed to create a network aware initramfs image.

 If you specify ip=dhcp on the kernel command line, then dracut asks a dhcp
-server about the ip adress for the machine. The dhcp server can also serve an
+server about the ip address for the machine. The dhcp server can also serve an
 additional root-path, which will set the root device for dracut. With this
 mechanism, you have static configuration on your client machine and a
 centralized boot configuration on your TFTP/DHCP server. If you can't pass a
@@ -252,7 +252,7 @@ method described in <<Injecting>>.

 ==== Reducing the Image Size

-To reduce the size of the initramfs, you should create it with by ommitting all
+To reduce the size of the initramfs, you should create it with by omitting all
 dracut modules, which you know, you don't need to boot the machine.

 You can also specify the exact dracut and kernel modules to produce a very tiny
--- a/fedora-test.sh
+++ b/fedora-test.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+set -ex
+
+[[ -d ${0%/*} ]] && cd ${0%/*}
+
+RUN_ID="$1"
+TESTS=$2
+
+dnf -y update --best --allowerasing &>/dev/null
+
+dnf -y install --best --allowerasing \
+    dash \
+    asciidoc \
+    mdadm \
+    lvm2 \
+    dmraid \
+    cryptsetup \
+    nfs-utils \
+    nbd \
+    dhcp-server \
+    scsi-target-utils \
+    iscsi-initiator-utils \
+    strace \
+    btrfs-progs \
+    kmod-devel \
+    gcc \
+    bzip2 \
+    xz \
+    tar \
+    wget \
+    rpm-build \
+    make \
+    git \
+    bash-completion \
+    sudo \
+    kernel \
+    dhcp-client \
+    /usr/bin/qemu-kvm \
+    /usr/bin/qemu-system-$(uname -i) \
+    e2fsprogs \
+    $NULL &>/dev/null
+
+./configure
+
+NCPU=$(getconf _NPROCESSORS_ONLN)
+
+if ! [[ $TESTS ]]; then
+    make -j$NCPU all syncheck rpm logtee
+else
+    make -j$NCPU all logtee
+
+    cd test
+
+    time sudo make \
+         KVERSION=$(rpm -qa kernel --qf '%{VERSION}-%{RELEASE}.%{ARCH}\n' | sort -rn | head -1) \
+         TEST_RUN_ID=$RUN_ID \
+         ${TESTS:+TESTS="$TESTS"} \
+         -k V=2 \
+         check
+fi
--- a/git2spec.pl
+++ b/git2spec.pl
@@ -3,10 +3,28 @@
 sub create_patches {
    my $tag=shift;
    my $pdir=shift;
-    my $num=0;
-    open( GIT, 'git format-patch -M -N --no-signature -o "'.$pdir.'" '.$tag.' |');
-    @lines=<GIT>;
-    close GIT;         # be done
+    my $n=1;
+    my @lines;
+    my $fname;
+    my $f=0;
+
+    mkdir $pdir, 0755;
+
+    open( GIT, 'git log -p --pretty=email --stat -m --first-parent --reverse '.$tag.'..HEAD |');
+
+    while (<GIT>) {
+        if (/^From [a-z0-9]{40} .*$/) {
+            $fname = sprintf("%04d", $n++).".patch";
+            open FH, ">".$pdir."/".$fname;
+            $f=1;
+        }
+        if (/^---$/ && $f == 1) {
+            push @lines, $fname;
+            $f=0;
+        }
+        print FH;
+    }
+
    return @lines;
 };

@@ -19,7 +37,7 @@ $tag=`git describe --abbrev=0 --tags` if not defined $tag;
 chomp($tag);
 my @patches=&create_patches($tag, $pdir);
 my $num=$#patches + 2;
-$tag=~s/[^0-9]+?([0-9]+)/$1/;
+$tag=~s/[^0-9]+?([0-9]+)/$1/ if $tag !~ /\b[0-9a-f]{5,40}\b/;
 my $release="$num.git$datestr";
 $release="1" if $num == 1;

@@ -27,15 +45,15 @@ while(<>) {
    if (/^Version:/) {
 	print "Version: $tag\n";
    }
-    elsif (/^Release:/) {
-	print "Release: $release%{?dist}\n";
+    elsif (/^%define dist_free_release/) {
+	print "%define dist_free_release $release\n";
    }
    elsif ((/^Source0:/) || (/^Source:/)) {
 	print $_;
 	$num=1;
 	for(@patches) {
 	    s/.*\///g;
-	    print "Patch$num: $_";
+	    print "Patch$num: $_\n";
 	    $num++;
 	}
 	print "\n";
--- a/install/dracut-install.c
+++ b/install/dracut-install.c
--- a/install/util.h
+++ b/install/util.h
@@ -167,7 +167,7 @@ int safe_atoi(const char *s, int *ret_i);
 int safe_atollu(const char *s, unsigned long long *ret_u);
 int safe_atolli(const char *s, long long int *ret_i);

-#if __WORDSIZE == 32
+#if LONG_MAX == INT_MAX
 static inline int safe_atolu(const char *s, unsigned long *ret_u) {
        assert_cc(sizeof(unsigned long) == sizeof(unsigned));
        return safe_atou(s, (unsigned*) ret_u);
--- a/logtee.c
+++ b/logtee.c
@@ -0,0 +1,54 @@
+#define _GNU_SOURCE
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <limits.h>
+
+#define BUFLEN 4096
+
+int
+main(int argc, char *argv[])
+{
+	int fd;
+	int len, slen;
+
+	if (argc != 2) {
+		fprintf(stderr, "Usage: %s <file>\n", argv[0]);
+		exit(EXIT_FAILURE);
+	}
+
+	fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC, 0644);
+	if (fd == -1) {
+		perror("open");
+		exit(EXIT_FAILURE);
+	}
+
+	fprintf(stderr, "Logging to %s: ", argv[1]);
+
+	slen = 0;
+
+	do {
+		len = splice(STDIN_FILENO, NULL, fd, NULL,
+			     BUFLEN, SPLICE_F_MOVE);
+
+		if (len < 0) {
+			if (errno == EAGAIN)
+				continue;
+			perror("tee");
+			exit(EXIT_FAILURE);
+		} else
+			if (len == 0)
+				break;
+		slen += len;
+		if ((slen/BUFLEN) > 0) {
+			fprintf(stderr, ".");
+		}
+		slen = slen % BUFLEN;
+
+	} while (1);
+	close(fd);
+	fprintf(stderr, "\n");
+	exit(EXIT_SUCCESS);
+}
--- a/lsinitrd.1.asc
+++ b/lsinitrd.1.asc
@@ -34,6 +34,21 @@ OPTIONS
 **-k, --kver** _<kernel version>_::
    inspect the initramfs of <kernel version>.

+**-m, --mod**::
+    list dracut modules included of the initramfs image.
+
+**--unpack**::
+    unpack the initramfs to the current directory, instead of displaying the contents.
+    If optional filenames are given, will only unpack specified files, else the whole image will be unpacked.
+    Won't unpack anything from early cpio part.
+
+**--unpackearly**::
+    unpack the early microcode initramfs to the current directory, instead of displaying the contents.
+    Same as --unpack, but only unpack files from early cpio part.
+
+**-v, --verbose**::
+    unpack verbosely
+
 AVAILABILITY
 ------------
 The lsinitrd command is part of the dracut package and is available from
--- a/lsinitrd.sh
+++ b/lsinitrd.sh
@@ -27,6 +27,12 @@ usage()
        echo "-s, --size                  sort the contents of the initramfs by size."
        echo "-m, --mod                   list modules."
        echo "-f, --file <filename>       print the contents of <filename>."
+        echo "--unpack                    unpack the initramfs, instead of displaying the contents."
+        echo "                            If optional filenames are given, will only unpack specified files,"
+        echo "                            else the whole image will be unpacked. Won't unpack anything from early cpio part."
+        echo "--unpackearly               unpack the early microcode part of the initramfs."
+        echo "                            Same as --unpack, but only unpack files from early cpio part."
+        echo "-v, --verbose               unpack verbosely."
        echo "-k, --kver <kernel version> inspect the initramfs of <kernel version>."
        echo
    } >&2
@@ -37,16 +43,20 @@ usage()

 sorted=0
 modules=0
+unset verbose
 declare -A filenames

 unset POSIXLY_CORRECT
 TEMP=$(getopt \
-    -o "shmf:k:" \
+    -o "vshmf:k:" \
    --long kver: \
    --long file: \
    --long mod \
    --long help \
    --long size \
+    --long unpack \
+    --long unpackearly \
+    --long verbose \
    -- "$@")

 if (( $? != 0 )); then
@@ -58,13 +68,16 @@ eval set -- "$TEMP"

 while (($# > 0)); do
    case $1 in
-        -k|--kver)  KERNEL_VERSION="$2"; shift;;
-        -f|--file)  filenames[${2#/}]=1; shift;;
-        -s|--size)  sorted=1;;
-        -h|--help)  usage; exit 0;;
-        -m|--mod)   modules=1;;
-        --)         shift;break;;
-        *)          usage; exit 1;;
+        -k|--kver)     KERNEL_VERSION="$2"; shift;;
+        -f|--file)     filenames[${2#/}]=1; shift;;
+        -s|--size)     sorted=1;;
+        -h|--help)     usage; exit 0;;
+        -m|--mod)      modules=1;;
+        -v|--verbose)  verbose="--verbose";;
+        --unpack)      unpack=1;;
+        --unpackearly) unpackearly=1;;
+        --)            shift;break;;
+        *)             usage; exit 1;;
    esac
    shift
 done
@@ -120,7 +133,7 @@ extract_files()
    for f in "${!filenames[@]}"; do
        [[ $nofileinfo ]] || echo "initramfs:/$f"
        [[ $nofileinfo ]] || echo "========================================================================"
-        $CAT $image | cpio --extract --verbose --quiet --to-stdout $f 2>/dev/null
+        $CAT "$image" 2>/dev/null | cpio --extract --verbose --quiet --to-stdout "$f" 2>/dev/null
        ((ret+=$?))
        [[ $nofileinfo ]] || echo "========================================================================"
        [[ $nofileinfo ]] || echo
@@ -139,16 +152,29 @@ list_files()
 {
    echo "========================================================================"
    if [ "$sorted" -eq 1 ]; then
-        $CAT "$image" | cpio --extract --verbose --quiet --list | sort -n -k5
+        $CAT "$image" 2>/dev/null | cpio --extract --verbose --quiet --list | sort -n -k5
    else
-        $CAT "$image" | cpio --extract --verbose --quiet --list | sort -k9
+        $CAT "$image" 2>/dev/null | cpio --extract --verbose --quiet --list | sort -k9
    fi
    ((ret+=$?))
    echo "========================================================================"
 }

+unpack_files()
+{
+    if (( ${#filenames[@]} > 0 )); then
+        for f in "${!filenames[@]}"; do
+            $CAT "$image" 2>/dev/null | cpio -id --quiet $verbose $f
+            ((ret+=$?))
+        done
+    else
+        $CAT "$image" 2>/dev/null | cpio -id --quiet $verbose
+        ((ret+=$?))
+    fi
+}

-if (( ${#filenames[@]} <= 0 )); then
+
+if (( ${#filenames[@]} <= 0 )) && [[ -z "$unpack" ]] && [[ -z "$unpackearly" ]]; then
    echo "Image: $image: $(du -h $image | while read a b || [ -n "$a" ]; do echo $a;done)"
    echo "========================================================================"
 fi
@@ -159,13 +185,22 @@ case $bin in
        CAT="cat --"
        is_early=$(cpio --extract --verbose --quiet --to-stdout -- 'early_cpio' < "$image" 2>/dev/null)
        if [[ "$is_early" ]]; then
-            if (( ${#filenames[@]} > 0 )); then
+            if [[ -n "$unpack" ]]; then
+                # should use --unpackearly for early CPIO
+                :
+            elif [[ -n "$unpackearly" ]]; then
+                unpack_files
+            elif (( ${#filenames[@]} > 0 )); then
                extract_files
            else
                echo "Early CPIO image"
                list_files
            fi
-            SKIP="$dracutbasedir/skipcpio"
+            if [[ -d "$dracutbasedir/skipcpio" ]]; then
+                SKIP="$dracutbasedir/skipcpio/skipcpio"
+            else
+                SKIP="$dracutbasedir/skipcpio"
+            fi
            if ! [[ -x $SKIP ]]; then
                echo
                echo "'$SKIP' not found, cannot display remaining contents!" >&2
@@ -197,6 +232,9 @@ case $bin in
    $'\x89'LZO$'\0'*)
        CAT="lzop -d -c"
        ;;
+    $'\x28\xB5\x2F\xFD'*)
+        CAT="zstd -d -c"
+        ;;
    *)
        if echo "test"|xz|xzcat --single-stream >/dev/null 2>&1; then
            CAT="xzcat --single-stream --"
@@ -216,9 +254,22 @@ if [[ $SKIP ]]; then
    CAT=skipcpio
 fi

+if (( ${#filenames[@]} > 1 )); then
+    TMPFILE="$(mktemp -t --suffix=.cpio lsinitrd.XXXXXX)"
+    $CAT "$image" 2>/dev/null > $TMPFILE
+    trap "rm -f '$TMPFILE'" EXIT
+    pre_decompress()
+    {
+        cat $TMPFILE
+    }
+    CAT=pre_decompress
+fi
+
 ret=0

-if (( ${#filenames[@]} > 0 )); then
+if [[ -n "$unpack" ]]; then
+    unpack_files
+elif (( ${#filenames[@]} > 0 )); then
    extract_files
 else
    version=$($CAT "$image" | cpio --extract --verbose --quiet --to-stdout -- \
--- a/mkinitrd-suse.8.asc
+++ b/mkinitrd-suse.8.asc
@@ -18,7 +18,7 @@ DESCRIPTION
 version <kernel-version> by calling *dracut*.

 [IMPORTANT]
-This version of mkinitrd is provided for compability with older
+This version of mkinitrd is provided for compatibility with older
 versions of mkinitrd. If a more fine grained control over the
 resulting image is needed, *dracut* should be called directly.

@@ -29,8 +29,9 @@ OPTIONS

 **-k** _<kernel_list>_::
    List of kernel images for which initrd files are created (relative
-    to _boot_dir_), defaults to _vmlinux_ on ppc/ppc64, _image_ on s390/s390x
-    and _vmlinuz_ for everything else.
+    to _boot_dir_), Image name should begin with the following string,
+    defaults to _vmlinux_ on ppc/ppc64, _image_ on s390/s390x and _vmlinuz_
+    for everything else.

 **-i** _<initrd_list>_::
    List of file names (relative to _boot_dir_) for the initrd; positions
@@ -50,7 +51,7 @@ OPTIONS

 **-d** _<root_device>_::
    Root device, defaults to the device from which the root_dir is
-    mounted; overwrites the rootdev enviroment variable if set
+    mounted; overwrites the rootdev environment variable if set

 **-s** _<size>_::
    Add splash animation and bootscreen to initrd.
--- a/mkinitrd-suse.sh
+++ b/mkinitrd-suse.sh
@@ -104,7 +104,7 @@ calc_netmask() {
    local prefix=$1

    [ -z "$prefix" ] && return
-    mask=$(echo "(2 ^ 32) - (2 ^ $prefix)" | bc -l)
+    mask=$(( 0xffffffff << (32 - $prefix) ))
    byte1=$(( mask >> 24 ))
    byte2=$(( mask >> 16 ))
    byte3=$(( mask >> 8 ))
@@ -237,11 +237,13 @@ while (($# > 0)); do
 	-k) # Would be nice to get a list of images here
 	    read_arg kernel_images "$@" || shift $?
 	    for kernel_image in $kernel_images;do
+		[ -L "/boot/$kernel_image" ] && kernel_image="$(readlink "/boot/$kernel_image")"
 		kernels="$kernels ${kernel_image#*-}"
 	    done
 	    ;;
 	-i) read_arg initrd_images "$@" || shift $?
 	    for initrd_image in $initrd_images;do
+		[ -L "/boot/$initrd_image" ] && initrd_image="$(readlink "/boot/$initrd_image")"
 		# Check if the initrd_image contains a path.
 		# if not, then add the default boot_dir
 		dname=`dirname $initrd_image`
@@ -263,7 +265,7 @@ while (($# > 0)); do
 	    ;;
 	-M) read_arg map_file "$@" || shift $?
 	    ;;
-	-A) host_only=0;;
+	-A) dracut_args="${dracut_args} --no-host-only";;
 	-B) skip_update_bootloader=1;;
        -v|--verbose) dracut_args="${dracut_args} -v";;
 	-L) logfile=;;
--- a/modules.d/00systemd-bootchart/module-setup.sh
+++ b/modules.d/00systemd-bootchart/module-setup.sh
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-# called by dracut
-check() {
-    [[ "$mount_needs" ]] && return 1
-    require_binaries $systemdutildir/systemd-bootchart || return 1
-    return 255
-}
-
-# called by dracut
-depends() {
-    return 0
-}
-
-# called by dracut
-install() {
-    inst_symlink /init /sbin/init
-    inst_multiple $systemdutildir/systemd-bootchart
-}
--- a/modules.d/00systemd/module-setup.sh
+++ b/modules.d/00systemd/module-setup.sh
@@ -18,7 +18,7 @@ depends() {
 }

 installkernel() {
-    hostonly='' instmods autofs4 ipv6
+    hostonly='' instmods autofs4 ipv6 algif_hash hmac sha256
    instmods -s efivarfs
 }

@@ -33,6 +33,7 @@ install() {

    inst_multiple -o \
        $systemdutildir/systemd \
+        $systemdutildir/systemd-coredump \
        $systemdutildir/systemd-cgroups-agent \
        $systemdutildir/systemd-shutdown \
        $systemdutildir/systemd-reply-password \
@@ -77,6 +78,7 @@ install() {
        $systemdsystemunitdir/sys-kernel-config.mount \
        \
        $systemdsystemunitdir/kmod-static-nodes.service \
+        $systemdsystemunitdir/systemd-tmpfiles-setup.service \
        $systemdsystemunitdir/systemd-tmpfiles-setup-dev.service \
        $systemdsystemunitdir/systemd-ask-password-console.path \
        $systemdsystemunitdir/systemd-udevd-control.socket \
@@ -112,6 +114,7 @@ install() {
        $systemdsystemunitdir/sysinit.target.wants/systemd-udevd.service \
        $systemdsystemunitdir/sysinit.target.wants/systemd-udev-trigger.service \
        $systemdsystemunitdir/sysinit.target.wants/kmod-static-nodes.service \
+        $systemdsystemunitdir/sysinit.target.wants/systemd-tmpfiles-setup.service \
        $systemdsystemunitdir/sysinit.target.wants/systemd-tmpfiles-setup-dev.service \
        $systemdsystemunitdir/sysinit.target.wants/systemd-sysctl.service \
        \
@@ -122,6 +125,7 @@ install() {
        \
        $systemdsystemunitdir/slices.target \
        $systemdsystemunitdir/system.slice \
+        $systemdsystemunitdir/-.slice \
        \
        $tmpfilesdir/systemd.conf \
        \
@@ -130,7 +134,9 @@ install() {
        kmod insmod rmmod modprobe modinfo depmod lsmod \
        mount umount reboot poweroff \
        systemd-run systemd-escape \
-        systemd-cgls systemd-tmpfiles
+        systemd-cgls systemd-tmpfiles \
+        /etc/udev/udev.hwdb \
+        ${NULL}

    inst_multiple -o \
        /usr/lib/modules-load.d/*.conf \
@@ -154,22 +160,27 @@ install() {
    }

    _mods=$(modules_load_get /usr/lib/modules-load.d)
-    [[ $_mods ]] && instmods $_mods
+    [[ $_mods ]] && hostonly='' instmods $_mods

    if [[ $hostonly ]]; then
        inst_multiple -H -o \
            /etc/systemd/journald.conf \
+            /etc/systemd/journald.conf.d/*.conf \
            /etc/systemd/system.conf \
+            /etc/systemd/system.conf.d/*.conf \
            /etc/hostname \
            /etc/machine-id \
+            /etc/machine-info \
            /etc/vconsole.conf \
            /etc/locale.conf \
            /etc/modules-load.d/*.conf \
            /etc/sysctl.d/*.conf \
-            /etc/sysctl.conf
+            /etc/sysctl.conf \
+            /etc/udev/udev.conf \
+            ${NULL}

        _mods=$(modules_load_get /etc/modules-load.d)
-        [[ $_mods ]] && instmods $_mods
+        [[ $_mods ]] && hostonly='' instmods $_mods
    fi

    if ! [[ -e "$initdir/etc/machine-id" ]]; then
@@ -178,11 +189,17 @@ install() {

    # install adm user/group for journald
    inst_multiple nologin
-    egrep '^systemd-journal:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
-    egrep '^adm:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
-    egrep '^systemd-journal:' /etc/group >> "$initdir/etc/group"
-    egrep '^wheel:' /etc/group >> "$initdir/etc/group"
-    egrep '^adm:' /etc/group >> "$initdir/etc/group"
+    grep '^systemd-journal:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+    grep '^adm:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+    grep '^systemd-journal:' /etc/group >> "$initdir/etc/group"
+    grep '^wheel:' /etc/group >> "$initdir/etc/group"
+    grep '^adm:' /etc/group >> "$initdir/etc/group"
+    grep '^utmp:' /etc/group >> "$initdir/etc/group"
+    grep '^root:' /etc/group >> "$initdir/etc/group"
+
+    # we don't use systemd-networkd, but the user is in systemd.conf tmpfiles snippet
+    grep '^systemd-network:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+    grep '^systemd-network:' /etc/group >> "$initdir/etc/group"

    ln_r $systemdutildir/systemd "/init"
    ln_r $systemdutildir/systemd "/sbin/init"
@@ -195,7 +212,8 @@ install() {
        71-seat.rules \
        73-seat-late.rules \
        90-vconsole.rules \
-        99-systemd.rules
+        99-systemd.rules \
+        ${NULL}

    for i in \
        emergency.target \
@@ -209,9 +227,10 @@ install() {
    done

    mkdir -p "$initdir/etc/systemd"
-    # turn off RateLimit for journal
+    # We must use a volatile journal, and we don't want rate-limiting
    {
        echo "[Journal]"
+        echo "Storage=volatile"
        echo "RateLimitInterval=0"
        echo "RateLimitBurst=0"
    } >> "$initdir/etc/systemd/journald.conf"
--- a/modules.d/00warpclock/module-setup.sh
+++ b/modules.d/00warpclock/module-setup.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# called by dracut
+check() {
+    # hwclock does not exist on S390(x), bail out silently then
+    local _arch=$(uname -m)
+    [ "$_arch" = "s390" -o "$_arch" = "s390x" ] && return 1
+
+    [ -e /etc/localtime -a -e /etc/adjtime ] || return 1
+    require_binaries /sbin/hwclock || return 1
+
+    return 255
+}
+
+# called by dracut
+depends() {
+    return 0
+}
+
+# called by dracut
+install() {
+    inst /usr/share/zoneinfo/UTC
+    inst /etc/localtime
+    inst /etc/adjtime
+    inst_hook pre-trigger 00 "$moddir/warpclock.sh"
+    inst /sbin/hwclock
+}
--- a/modules.d/00warpclock/warpclock.sh
+++ b/modules.d/00warpclock/warpclock.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if test -e /etc/adjtime ; then
+    while read line ; do
+	if test "$line" = LOCAL ; then
+	    hwclock --systz
+	fi
+    done < /etc/adjtime
+fi
--- a/modules.d/01fips/fips-load-crypto.sh
+++ b/modules.d/01fips/fips-load-crypto.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if ! fipsmode=$(getarg fips) || [ $fipsmode = "0" ]; then
+    rm -f -- /etc/modprobe.d/fips.conf >/dev/null 2>&1
+else
+    . /sbin/fips.sh
+    fips_load_crypto || die "FIPS integrity test failed"
+fi
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -69,20 +69,8 @@ do_rhevh_check()
    return 0
 }

-do_fips()
+fips_load_crypto()
 {
-    local _v
-    local _s
-    local _v
-    local _module
-
-    KERNEL=$(uname -r)
-
-    if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
-        warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
-        return 1
-    fi
-
    FIPSMODULES=$(cat /etc/fipsmodules)

    info "Loading and integrity checking all crypto modules"
@@ -107,6 +95,16 @@ do_fips()
    info "Self testing crypto algorithms"
    modprobe tcrypt || return 1
    rmmod tcrypt
+}
+
+do_fips()
+{
+    local _v
+    local _s
+    local _v
+    local _module
+
+    KERNEL=$(uname -r)

    info "Checking integrity of kernel"
    if [ -e "/run/initramfs/live/vmlinuz0" ]; then
@@ -114,7 +112,34 @@ do_fips()
    elif [ -e "/run/initramfs/live/isolinux/vmlinuz0" ]; then
        do_rhevh_check /run/initramfs/live/isolinux/vmlinuz0 || return 1
    else
-        sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1
+        BOOT_IMAGE="$(getarg BOOT_IMAGE)"
+
+        # Trim off any leading GRUB boot device (e.g. ($root) )
+        BOOT_IMAGE="$(echo "${BOOT_IMAGE}" | sed 's/^(.*)//')"
+
+        BOOT_IMAGE_NAME="${BOOT_IMAGE##*/}"
+        BOOT_IMAGE_PATH="${BOOT_IMAGE%${BOOT_IMAGE_NAME}}"
+
+        if [ -z "$BOOT_IMAGE_NAME" ]; then
+            BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
+        elif ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
+            #if /boot is not a separate partition BOOT_IMAGE might start with /boot
+            BOOT_IMAGE_PATH=${BOOT_IMAGE_PATH#"/boot"}
+            #on some achitectures BOOT_IMAGE does not contain path to kernel
+            #so if we can't find anything, let's treat it in the same way as if it was empty
+            if ! [ -e "/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE_NAME}" ]; then
+                BOOT_IMAGE_NAME="vmlinuz-${KERNEL}"
+                BOOT_IMAGE_PATH=""
+            fi
+        fi
+
+        BOOT_IMAGE_HMAC="/boot/${BOOT_IMAGE_PATH}/.${BOOT_IMAGE_NAME}.hmac"
+        if ! [ -e "${BOOT_IMAGE_HMAC}" ]; then
+            warn "${BOOT_IMAGE_HMAC} does not exist"
+            return 1
+        fi
+
+        (cd "${BOOT_IMAGE_HMAC%/*}" && sha512hmac -c "${BOOT_IMAGE_HMAC}") || return 1
    fi

    info "All initrd crypto checks done"
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -12,13 +12,32 @@ depends() {

 # called by dracut
 installkernel() {
-    local _fipsmodules _mod
-    _fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 authenc authencesn blowfish camellia cast6 cbc ccm "
-    _fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod drbg "
-    _fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
-    _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
-    _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
-    _fipsmodules+="aes_s390 des_s390 prng sha256_s390 sha_common des_check_key ghash_s390 sha1_s390 sha512_s390"
+    local _fipsmodules _mod _bootfstype
+    if [[ -f "${srcmods}/modules.fips" ]]; then
+        _fipsmodules="$(cat "${srcmods}/modules.fips")"
+    else
+        _fipsmodules=""
+
+        # Hashes:
+        _fipsmodules+="sha1 sha224 sha256 sha384 sha512 "
+        _fipsmodules+="sha3-224 sha3-256 sha3-384 sha3-512 "
+        _fipsmodules+="crc32c crct10dif ghash "
+
+        # Ciphers:
+        _fipsmodules+="cipher_null des3_ede aes cfb "
+
+        # Modes/templates:
+        _fipsmodules+="ecb cbc ctr xts gcm ccm authenc hmac cmac "
+
+        # Compression algs:
+        _fipsmodules+="deflate lzo zlib "
+
+        # PRNG algs:
+        _fipsmodules+="ansi_cprng "
+
+        # Misc:
+        _fipsmodules+="aead cryptomgr tcrypt crypto_user "
+    fi

    mkdir -m 0755 -p "${initdir}/etc/modprobe.d"

@@ -28,6 +47,16 @@ installkernel() {
            echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
        fi
    done
+
+    # with hostonly_default_device fs module for /boot is not installed by default
+    if [[ $hostonly ]] && [[ "$hostonly_default_device" == "no" ]]; then
+        _bootfstype=$(find_mp_fstype /boot)
+        if [[ -n "$_bootfstype" ]]; then
+            hostonly='' instmods $_bootfstype
+        else
+            dwarning "Can't determine fs type for /boot, FIPS check may fail."
+        fi
+    fi
 }

 # called by dracut
@@ -35,16 +64,22 @@ install() {
    local _dir
    inst_hook pre-trigger 01 "$moddir/fips-boot.sh"
    inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
+    inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
    inst_script "$moddir/fips.sh" /sbin/fips.sh

-    inst_multiple sha512hmac rmmod insmod mount uname umount fipscheck
+    inst_multiple sha512hmac rmmod insmod mount uname umount

-    inst_libdir_file libsoftokn3.so libsoftokn3.so \
-        libsoftokn3.chk libfreebl3.so libfreebl3.chk \
-        libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 \
-        libfreeblpriv3.so libfreeblpriv3.chk
-
-    inst_multiple -o prelink
    inst_simple /etc/system-fips
+    [ -c ${initdir}/dev/random ] || mknod ${initdir}/dev/random c 1 8 \
+        || {
+            dfatal "Cannot create /dev/random"
+            dfatal "To create an initramfs with fips support, dracut has to run as root"
+            return 1
+        }
+    [ -c ${initdir}/dev/urandom ] || mknod ${initdir}/dev/urandom c 1 9 \
+        || {
+            dfatal "Cannot create /dev/random"
+            dfatal "To create an initramfs with fips support, dracut has to run as root"
+            return 1
+        }
 }
-
--- a/modules.d/01systemd-initrd/module-setup.sh
+++ b/modules.d/01systemd-initrd/module-setup.sh
@@ -28,6 +28,7 @@ install() {
    inst_multiple -o \
        $systemdsystemunitdir/initrd.target \
        $systemdsystemunitdir/initrd-fs.target \
+        $systemdsystemunitdir/initrd-root-device.target \
        $systemdsystemunitdir/initrd-root-fs.target \
        $systemdsystemunitdir/initrd-switch-root.target \
        $systemdsystemunitdir/initrd-switch-root.service \
@@ -37,13 +38,12 @@ install() {

    ln_r "${systemdsystemunitdir}/initrd.target" "${systemdsystemunitdir}/default.target"

+    local VERSION=""
+    local PRETTY_NAME=""
    if [ -e /etc/os-release ]; then
        . /etc/os-release
-        VERSION+=" "
-        PRETTY_NAME+=" "
-    else
-        VERSION=""
-        PRETTY_NAME=""
+        [[ -n ${VERSION} ]] && VERSION+=" "
+        [[ -n ${PRETTY_NAME} ]] && PRETTY_NAME+=" "
    fi
    NAME=dracut
    ID=dracut
--- a/modules.d/02caps/module-setup.sh
+++ b/modules.d/02caps/module-setup.sh
@@ -3,6 +3,7 @@
 # called by dracut
 check() {
    require_binaries capsh
+    return 255
 }

 # called by dracut
--- a/modules.d/02fips-aesni/module-setup.sh
+++ b/modules.d/02fips-aesni/module-setup.sh
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-# called by dracut
-check() {
-    return 255
-}
-
-# called by dracut
-depends() {
-    return 0
-}
-
-# called by dracut
-installkernel() {
-    local _fipsmodules _mod
-    _fipsmodules="aesni-intel ghash_clmulni_intel"
-
-    mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
-
-    for _mod in $_fipsmodules; do
-        if instmods $_mod; then
-            echo $_mod >> "${initdir}/etc/fipsmodules"
-            echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
-        fi
-    done
-}
-
-# called by dracut
-install() {
-    return 0
-}
-
--- a/modules.d/02systemd-networkd/module-setup.sh
+++ b/modules.d/02systemd-networkd/module-setup.sh
@@ -48,10 +48,10 @@ install() {

    # inst_dir /var/lib/systemd/clock

-    egrep '^systemd-network:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
-    egrep '^systemd-network:' /etc/group >> "$initdir/etc/group"
-    # egrep '^systemd-timesync:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
-    # egrep '^systemd-timesync:' /etc/group >> "$initdir/etc/group"
+    grep '^systemd-network:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+    grep '^systemd-network:' /etc/group >> "$initdir/etc/group"
+    # grep '^systemd-timesync:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+    # grep '^systemd-timesync:' /etc/group >> "$initdir/etc/group"

    _arch=$(uname -m)
    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libnss_dns.so.*" \
--- a/modules.d/03rescue/module-setup.sh
+++ b/modules.d/03rescue/module-setup.sh
@@ -15,6 +15,6 @@ depends() {
 install() {
    inst_multiple -o ps grep more cat rm strace free showmount \
        ping netstat rpcinfo vi scp ping6 ssh \
-        fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.vfat e2fsck
+        fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.f2fs fsck.vfat e2fsck
 }

--- a/modules.d/04watchdog/module-setup.sh
+++ b/modules.d/04watchdog/module-setup.sh
@@ -12,18 +12,68 @@ depends() {

 # called by dracut
 install() {
-    inst_hook cmdline   00 "$moddir/watchdog.sh"
-    inst_hook cmdline   50 "$moddir/watchdog.sh"
-    inst_hook pre-trigger 00 "$moddir/watchdog.sh"
-    inst_hook initqueue 00 "$moddir/watchdog.sh"
-    inst_hook mount     00 "$moddir/watchdog.sh"
-    inst_hook mount     50 "$moddir/watchdog.sh"
-    inst_hook mount     99 "$moddir/watchdog.sh"
-    inst_hook pre-pivot 00 "$moddir/watchdog.sh"
-    inst_hook pre-pivot 99 "$moddir/watchdog.sh"
-    inst_hook cleanup   00 "$moddir/watchdog.sh"
-    inst_hook cleanup   99 "$moddir/watchdog.sh"
+    # Do not add watchdog hooks if systemd module is included
+    # In that case, systemd will manage watchdog kick
+    if ! dracut_module_included "systemd"; then
+        inst_hook cmdline   00 "$moddir/watchdog.sh"
+        inst_hook cmdline   50 "$moddir/watchdog.sh"
+        inst_hook pre-trigger 00 "$moddir/watchdog.sh"
+        inst_hook initqueue 00 "$moddir/watchdog.sh"
+        inst_hook mount     00 "$moddir/watchdog.sh"
+        inst_hook mount     50 "$moddir/watchdog.sh"
+        inst_hook mount     99 "$moddir/watchdog.sh"
+        inst_hook pre-pivot 00 "$moddir/watchdog.sh"
+        inst_hook pre-pivot 99 "$moddir/watchdog.sh"
+        inst_hook cleanup   00 "$moddir/watchdog.sh"
+        inst_hook cleanup   99 "$moddir/watchdog.sh"
+    fi
    inst_hook emergency 02 "$moddir/watchdog-stop.sh"
    inst_multiple -o wdctl
 }

+installkernel() {
+    local -A _drivers
+    local _alldrivers _active _wdtdrv _wdtppath _dir
+    [[ -d /sys/class/watchdog/ ]] || return
+    for _dir in /sys/class/watchdog/*; do
+        [[ -d "$_dir" ]] || continue
+        [[ -f "$_dir/state" ]] || continue
+        _active=$(< "$_dir/state")
+        ! [[ $hostonly ]] || [[ "$_active" =  "active" ]] || continue
+        # device/modalias will return driver of this device
+        _wdtdrv=$(< "$_dir/device/modalias")
+        # There can be more than one module represented by same
+        # modalias. Currently load all of them.
+        # TODO: Need to find a way to avoid any unwanted module
+        # represented by modalias
+        _wdtdrv=$(modprobe --set-version "$kernel" -R $_wdtdrv 2>/dev/null)
+        if [[ $_wdtdrv ]]; then
+            instmods $_wdtdrv
+            for i in $_wdtdrv; do
+                _drivers[$i]=1
+            done
+        fi
+        # however in some cases, we also need to check that if there is
+        # a specific driver for the parent bus/device.  In such cases
+        # we also need to enable driver for parent bus/device.
+        _wdtppath=$(readlink -f "$_dir/device")
+        while [[ -d "$_wdtppath" ]] && [[ "$_wdtppath" != "/sys" ]]; do
+            _wdtppath=$(readlink -f "$_wdtppath/..")
+            [[ -f "$_wdtppath/modalias" ]] || continue
+
+            _wdtdrv=$(< "$_wdtppath/modalias")
+            _wdtdrv=$(modprobe --set-version "$kernel" -R $_wdtdrv 2>/dev/null)
+            if [[ $_wdtdrv ]]; then
+                instmods $_wdtdrv
+                for i in $_wdtdrv; do
+                    _drivers[$i]=1
+                done
+            fi
+        done
+    done
+    # ensure that watchdog module is loaded as early as possible
+    _alldrivers="${!_drivers[*]}"
+    [[ $_alldrivers ]] && echo "rd.driver.pre=${_alldrivers// /,}" > ${initdir}/etc/cmdline.d/00-watchdog.conf
+
+    return 0
+}
--- a/modules.d/06rngd/module-setup.sh
+++ b/modules.d/06rngd/module-setup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
+#
+# Copyright (c) 2019 Red Hat, Inc.
+# Author: Renaud Métrich <rmetrich@redhat.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+depends() {
+    echo systemd
+    return 0
+}
+
+check() {
+    # if there's no rngd binary, no go.
+    require_binaries rngd || return 1
+
+    return 0
+}
+
+install() {
+    inst rngd
+    inst_simple "${moddir}/rngd.service" "${systemdsystemunitdir}/rngd.service"
+    mkdir -p "${initdir}${systemdsystemunitdir}/sysinit.target.wants"
+    ln -rfs "${initdir}${systemdsystemunitdir}/rngd.service" \
+        "${initdir}${systemdsystemunitdir}/sysinit.target.wants/rngd.service"
+}
--- a/modules.d/06rngd/rngd.service
+++ b/modules.d/06rngd/rngd.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Hardware RNG Entropy Gatherer Daemon
+DefaultDependencies=no
+Before=systemd-udevd.service
+
+[Service]
+ExecStart=/usr/sbin/rngd -f
--- a/modules.d/10i18n/module-setup.sh
+++ b/modules.d/10i18n/module-setup.sh
@@ -29,20 +29,24 @@ install() {

    # This is from 10redhat-i18n.
    findkeymap () {
-        local MAP=$1
-        [[ ! -f $MAP ]] && \
-            MAP=$(find ${kbddir}/keymaps -type f -name $MAP -o -name $MAP.\* | head -n1)
-        [[ " $KEYMAPS " = *" $MAP "* ]] && return
-        KEYMAPS="$KEYMAPS $MAP"
-        case $MAP in
-            *.gz) cmd=zgrep;;
-            *.bz2) cmd=bzgrep;;
-            *) cmd=grep ;;
-        esac
+        local MAPS=$1
+        local MAPNAME=${1%.map*}
+        local map
+        [[ ! -f $MAPS ]] && \
+            MAPS=$(find ${kbddir}/keymaps -type f -name ${MAPNAME} -o -name ${MAPNAME}.map -o -name ${MAPNAME}.map.\*)

-        for INCL in $($cmd "^include " $MAP | while read a a b || [ -n "$a" ]; do echo ${a//\"/}; done); do
-            for FN in $(find ${kbddir}/keymaps -type f -name $INCL\*); do
-                findkeymap $FN
+        for map in $MAPS; do
+            KEYMAPS="$KEYMAPS $map"
+            case $map in
+                *.gz) cmd=zgrep;;
+                *.bz2) cmd=bzgrep;;
+                *) cmd=grep ;;
+            esac
+
+            for INCL in $($cmd "^include " $map | while read a a b || [ -n "$a" ]; do echo ${a//\"/}; done); do
+                for FN in $(find ${kbddir}/keymaps -type f -name $INCL\*); do
+                    strstr "$KEYMAPS" "$FN" || findkeymap $FN
+                done
            done
        done
    }
@@ -100,6 +104,13 @@ install() {
            inst_rules ${moddir}/10-console.rules
            inst_hook cmdline 20 "${moddir}/parse-i18n.sh"
        fi
+
+        if [[ ${kbddir} != "/usr/share" ]]; then
+            inst_dir /usr/share
+            for _src in $(eval echo {${KBDSUBDIRS}}); do
+                [ ! -e "${initdir}/usr/share/${_src}" ] && ln -s "${kbddir}/${_src}" "${initdir}/usr/share/${_src}"
+            done
+        fi
    }

    install_all_kbd() {
@@ -107,7 +118,7 @@ install() {

        for _src in $(eval echo ${kbddir}/{${KBDSUBDIRS}}); do
            inst_dir "$_src"
-            cp --reflink=auto --sparse=auto -prfL -t "${initdir}/${_src}" "$_src"/*
+            $DRACUT_CP -L -t "${initdir}/${_src}" "$_src"/*
        done

        # remove unnecessary files
@@ -183,7 +194,9 @@ install() {
            findkeymap ${map}
        done

-        inst_opt_decompress ${KEYMAPS}
+        for keymap in ${KEYMAPS}; do
+            inst_opt_decompress ${keymap}
+        done

        inst_opt_decompress ${kbddir}/consolefonts/${DEFAULT_FONT}.*

@@ -196,7 +209,11 @@ install() {
        if [[ ${FONT_MAP} ]]
        then
            FONT_MAP=${FONT_MAP%.trans}
-            inst_simple ${kbddir}/consoletrans/${FONT_MAP}.trans
+            # There are three different formats that setfont supports
+            inst_simple ${kbddir}/consoletrans/${FONT_MAP} \
+            || inst_simple ${kbddir}/consoletrans/${FONT_MAP}.trans \
+            || inst_simple ${kbddir}/consoletrans/${FONT_MAP}_to_uni.trans \
+            || dwarn "Could not find FONT_MAP ${FONT_MAP}!"
        fi

        if [[ ${FONT_UNIMAP} ]]
--- a/modules.d/35network-legacy/dhclient-script.sh
+++ b/modules.d/35network-legacy/dhclient-script.sh
@@ -48,7 +48,16 @@ setup_interface() {
            # point-to-point connection => set explicit route to gateway
            echo ip route add $gw dev $netif > /tmp/net.$netif.gw
        fi
-        echo ip route replace default via $gw dev $netif >> /tmp/net.$netif.gw
+
+        echo "$gw" | {
+            IFS=' ' read -r main_gw other_gw
+            echo ip route replace default via $main_gw dev $netif >> /tmp/net.$netif.gw
+            if [ -n "$other_gw" ] ; then
+                for g in $other_gw; do
+                    echo ip route add default via $g dev $netif >> /tmp/net.$netif.gw
+                done
+            fi
+        }
    fi

    if getargbool 1 rd.peerdns; then
@@ -95,6 +104,51 @@ setup_interface6() {
    [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
 }

+parse_option_121() {
+    while [ $# -ne 0 ]; do
+        mask="$1"
+        shift
+
+        # Is the destination a multicast group?
+        if [ $1 -ge 224 -a $1 -lt 240 ]; then
+            multicast=1
+        else
+            multicast=0
+        fi
+
+        # Parse the arguments into a CIDR net/mask string
+        if [ $mask -gt 24 ]; then
+            destination="$1.$2.$3.$4/$mask"
+            shift; shift; shift; shift
+        elif [ $mask -gt 16 ]; then
+            destination="$1.$2.$3.0/$mask"
+            shift; shift; shift
+        elif [ $mask -gt 8 ]; then
+            destination="$1.$2.0.0/$mask"
+            shift; shift
+        else
+            destination="$1.0.0.0/$mask"
+            shift
+        fi
+
+        # Read the gateway
+        gateway="$1.$2.$3.$4"
+        shift; shift; shift; shift
+
+        # Multicast routing on Linux
+        #  - If you set a next-hop address for a multicast group, this breaks with Cisco switches
+        #  - If you simply leave it link-local and attach it to an interface, it works fine.
+        if [ $multicast -eq 1 ]; then
+            temp_result="$destination dev $interface"
+        else
+            temp_result="$destination via $gateway dev $interface"
+        fi
+
+        echo "/sbin/ip route add $temp_result"
+    done
+}
+
+
 case $reason in
    PREINIT)
        echo "dhcp: PREINIT $netif up"
@@ -104,7 +158,7 @@ case $reason in
    PREINIT6)
        echo "dhcp: PREINIT6 $netif up"
        linkup $netif
-        wait_for_ipv6_dad $netif
+        wait_for_ipv6_dad_link $netif
        ;;

    BOUND)
@@ -114,9 +168,16 @@ case $reason in
            read layer2 < /sys/class/net/$netif/device/layer2
        fi
        if [ "$layer2" != "0" ]; then
-            if ! arping -f -q -D -c 2 -I $netif $new_ip_address ; then
-                warn "Duplicate address detected for $new_ip_address while doing dhcp. retrying"
-                exit 1
+            if command -v arping2 >/dev/null; then
+                if arping2 -q -C 1 -c 2 -I $netif -0 $new_ip_address ; then
+                    warn "Duplicate address detected for $new_ip_address while doing dhcp. retrying"
+                    exit 1
+                fi
+            else
+                if ! arping -f -q -D -c 2 -I $netif $new_ip_address ; then
+                    warn "Duplicate address detected for $new_ip_address while doing dhcp. retrying"
+                    exit 1
+                fi
            fi
        fi
        unset layer2
@@ -129,6 +190,12 @@ case $reason in
        {
            echo '. /lib/net-lib.sh'
            echo "setup_net $netif"
+            if [ -n "$new_classless_static_routes" ]; then
+                OLDIFS="$IFS"
+                IFS=".$IFS"
+                parse_option_121 $new_classless_static_routes
+                IFS="$OLDIFS"
+            fi
            echo "source_hook initqueue/online $netif"
            [ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif"
            echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh"
--- a/modules.d/35network-legacy/dhclient.conf
+++ b/modules.d/35network-legacy/dhclient.conf
@@ -0,0 +1,8 @@
+
+option classless-static-routes code 121 = array of unsigned integer 8;
+
+send dhcp-client-identifier = hardware;
+
+request subnet-mask, broadcast-address, time-offset, routers,
+        domain-name, domain-name-servers, domain-search, host-name,
+        root-path, interface-mtu, classless-static-routes;
--- a/modules.d/35network-legacy/ifup.sh
+++ b/modules.d/35network-legacy/ifup.sh
@@ -0,0 +1,488 @@
+#!/bin/sh
+#
+# We don't need to check for ip= errors here, that is handled by the
+# cmdline parser script
+#
+# without $2 means this is for real netroot case
+# or it is for manually bring up network ie. for kdump scp vmcore
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+
+type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
+type ip_to_var >/dev/null 2>&1 || . /lib/net-lib.sh
+
+# Huh? No $1?
+[ -z "$1" ] && exit 1
+
+# $netif reads easier than $1
+netif=$1
+
+# loopback is always handled the same way
+if [ "$netif" = "lo" ] ; then
+    ip link set lo up
+    ip addr add 127.0.0.1/8 dev lo
+    exit 0
+fi
+
+# Run dhclient
+do_dhcp() {
+    # dhclient-script will mark the netif up and generate the online
+    # event for nfsroot
+    # XXX add -V vendor class and option parsing per kernel
+
+    local _COUNT=0
+    local _timeout=$(getargs rd.net.timeout.dhcp=)
+    local _DHCPRETRY=$(getargs rd.net.dhcp.retry=)
+    _DHCPRETRY=${_DHCPRETRY:-1}
+
+    [ -e /tmp/dhclient.$netif.pid ] && return 0
+
+    if ! iface_has_carrier $netif; then
+        warn "No carrier detected on interface $netif"
+        return 1
+    fi
+
+    if [ ! -e /run/NetworkManager/conf.d/10-dracut-dhclient.conf ]; then
+        mkdir -p /run/NetworkManager/conf.d
+        echo '[main]' > /run/NetworkManager/conf.d/10-dracut-dhclient.conf
+        echo 'dhcp=dhclient' >>/run/NetworkManager/conf.d/10-dracut-dhclient.conf
+    fi
+
+    while [ $_COUNT -lt $_DHCPRETRY ]; do
+        info "Starting dhcp for interface $netif"
+        dhclient "$@" \
+                 ${_timeout:+-timeout $_timeout} \
+                 -q \
+                 -cf /etc/dhclient.conf \
+                 -pf /tmp/dhclient.$netif.pid \
+                 -lf /tmp/dhclient.$netif.lease \
+                 $netif \
+            && return 0
+        _COUNT=$(($_COUNT+1))
+        [ $_COUNT -lt $_DHCPRETRY ] && sleep 1
+    done
+    warn "dhcp for interface $netif failed"
+    return 1
+}
+
+load_ipv6() {
+    [ -d /proc/sys/net/ipv6 ] && return
+    modprobe ipv6
+    i=0
+    while [ ! -d /proc/sys/net/ipv6 ]; do
+        i=$(($i+1))
+        [ $i -gt 10 ] && break
+        sleep 0.1
+    done
+}
+
+do_ipv6auto() {
+    local ret
+    load_ipv6
+    echo 0 > /proc/sys/net/ipv6/conf/$netif/forwarding
+    echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_ra
+    echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects
+    linkup $netif
+    wait_for_ipv6_auto $netif
+    ret=$?
+
+    [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
+
+    return $ret
+}
+
+# Handle static ip configuration
+do_static() {
+    strglobin $ip '*:*:*' && load_ipv6
+
+    if ! iface_has_carrier "$netif"; then
+        warn "No carrier detected on interface $netif"
+        return 1
+    elif ! linkup "$netif"; then
+        warn "Could not bring interface $netif up!"
+        return 1
+    fi
+
+    ip route get "$ip" | {
+        read a rest
+        if [ "$a" = "local" ]; then
+            warn "Not assigning $ip to interface $netif, cause it is already assigned!"
+            return 1
+        fi
+        return 0
+    } || return 1
+
+    [ -n "$macaddr" ] && ip link set address $macaddr dev $netif
+    [ -n "$mtu" ] && ip link set mtu $mtu dev $netif
+    if strglobin $ip '*:*:*'; then
+        # note no ip addr flush for ipv6
+        ip addr add $ip/$mask ${srv:+peer $srv} dev $netif
+        echo 0 > /proc/sys/net/ipv6/conf/$netif/forwarding
+        echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_ra
+        echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects
+        wait_for_ipv6_dad $netif
+    else
+        if [ -z "$srv" ]; then
+            if command -v arping2 >/dev/null; then
+                if arping2 -q -C 1 -c 2 -I $netif -0 $ip ; then
+                    warn "Duplicate address detected for $ip for interface $netif."
+                    return 1
+                fi
+            else
+                if ! arping -f -q -D -c 2 -I $netif $ip ; then
+                    warn "Duplicate address detected for $ip for interface $netif."
+                    return 1
+                fi
+            fi
+        fi
+        ip addr flush dev $netif
+        ip addr add $ip/$mask ${srv:+peer $srv} brd + dev $netif
+    fi
+
+    [ -n "$gw" ] && echo ip route replace default via $gw dev $netif > /tmp/net.$netif.gw
+    [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
+
+    return 0
+}
+
+get_vid() {
+    case "$1" in
+    vlan*)
+        echo ${1#vlan}
+        ;;
+    *.*)
+        echo ${1##*.}
+        ;;
+    esac
+}
+
+# check, if we need VLAN's for this interface
+if [ -z "$DO_VLAN_PHY" ] && [ -e /tmp/vlan.${netif}.phy ]; then
+    unset DO_VLAN
+    NO_AUTO_DHCP=yes DO_VLAN_PHY=yes ifup "$netif"
+    modprobe -b -q 8021q
+
+    for i in /tmp/vlan.*.${netif}; do
+        [ -e "$i" ] || continue
+        unset vlanname
+        unset phydevice
+        . "$i"
+        if [ -n "$vlanname" ]; then
+            linkup "$phydevice"
+            ip link add dev "$vlanname" link "$phydevice" type vlan id "$(get_vid $vlanname)"
+            ifup "$vlanname"
+        fi
+    done
+    exit 0
+fi
+
+# Check, if interface is VLAN interface
+if ! [ -e /tmp/vlan.${netif}.phy ]; then
+    for i in /tmp/vlan.${netif}.*; do
+        [ -e "$i" ] || continue
+        export DO_VLAN=yes
+        break
+    done
+fi
+
+
+# bridge this interface?
+if [ -z "$NO_BRIDGE_MASTER" ]; then
+    for i in /tmp/bridge.*.info; do
+        [ -e "$i" ] || continue
+        unset bridgeslaves
+        unset bridgename
+        . "$i"
+        for ethname in $bridgeslaves ; do
+            [ "$netif" != "$ethname" ] && continue
+
+            NO_BRIDGE_MASTER=yes NO_AUTO_DHCP=yes ifup $ethname
+            linkup $ethname
+            if [ ! -e /tmp/bridge.$bridgename.up ]; then
+                ip link add name $bridgename type bridge
+                echo 0 > /sys/devices/virtual/net/$bridgename/bridge/forward_delay
+                > /tmp/bridge.$bridgename.up
+            fi
+            ip link set dev $ethname master $bridgename
+            ifup $bridgename
+            exit 0
+        done
+    done
+fi
+
+# enslave this interface to bond?
+if [ -z "$NO_BOND_MASTER" ]; then
+    for i in /tmp/bond.*.info; do
+        [ -e "$i" ] || continue
+        unset bondslaves
+        unset bondname
+        . "$i"
+        for slave in $bondslaves ; do
+            [ "$netif" != "$slave" ] && continue
+
+            # already setup
+            [ -e /tmp/bond.$bondname.up ] && exit 0
+
+            # wait for all slaves to show up
+            for slave in $bondslaves ; do
+                # try to create the slave (maybe vlan or bridge)
+                NO_BOND_MASTER=yes NO_AUTO_DHCP=yes ifup $slave
+
+                if ! ip link show dev $slave >/dev/null 2>&1; then
+                    # wait for the last slave to show up
+                    exit 0
+                fi
+            done
+
+            modprobe -q -b bonding
+            echo "+$bondname" >  /sys/class/net/bonding_masters 2>/dev/null
+            ip link set $bondname down
+
+            # Stolen from ifup-eth
+            # add the bits to setup driver parameters here
+            for arg in $bondoptions ; do
+                key=${arg%%=*};
+                value=${arg##*=};
+                # %{value:0:1} is replaced with non-bash specific construct
+                if [ "${key}" = "arp_ip_target" -a "${#value}" != "0" -a "+${value%%+*}" != "+" ]; then
+                    OLDIFS=$IFS;
+                    IFS=',';
+                    for arp_ip in $value; do
+                        echo +$arp_ip > /sys/class/net/${bondname}/bonding/$key
+                    done
+                    IFS=$OLDIFS;
+                else
+                    echo $value > /sys/class/net/${bondname}/bonding/$key
+                fi
+            done
+
+            linkup $bondname
+
+            for slave in $bondslaves ; do
+                cat /sys/class/net/$slave/address > /tmp/net.${bondname}.${slave}.hwaddr
+                ip link set $slave down
+                echo "+$slave" > /sys/class/net/$bondname/bonding/slaves
+                linkup $slave
+            done
+
+            # Set mtu on bond master
+            [ -n "$bondmtu" ] && ip link set mtu $bondmtu dev $bondname
+
+            # add the bits to setup the needed post enslavement parameters
+            for arg in $bondoptions ; do
+                key=${arg%%=*};
+                value=${arg##*=};
+                if [ "${key}" = "primary" ]; then
+                    echo $value > /sys/class/net/${bondname}/bonding/$key
+                fi
+            done
+
+            > /tmp/bond.$bondname.up
+
+            NO_BOND_MASTER=yes ifup $bondname
+            exit $?
+        done
+    done
+fi
+
+if [ -z "$NO_TEAM_MASTER" ]; then
+    for i in /tmp/team.*.info; do
+        [ -e "$i" ] || continue
+        unset teammaster
+        unset teamslaves
+        . "$i"
+        for slave in $teamslaves ; do
+            [ "$netif" != "$slave" ] && continue
+
+            [ -e /tmp/team.$teammaster.up ] && exit 0
+
+            # wait for all slaves to show up
+            for slave in $teamslaves ; do
+                # try to create the slave (maybe vlan or bridge)
+                NO_TEAM_MASTER=yes NO_AUTO_DHCP=yes ifup $slave
+
+                if ! ip link show dev $slave >/dev/null 2>&1; then
+                    # wait for the last slave to show up
+                    exit 0
+                fi
+            done
+
+            if [ ! -e /tmp/team.$teammaster.up ] ; then
+                # We shall only bring up those _can_ come up
+                # in case of some slave is gone in active-backup mode
+                working_slaves=""
+                for slave in $teamslaves ; do
+                    teamdctl ${teammaster} port present ${slave} 2>/dev/null \
+                        && continue
+                    ip link set dev $slave up 2>/dev/null
+                    if wait_for_if_up $slave; then
+                        working_slaves="$working_slaves$slave "
+                    fi
+                done
+                # Do not add slaves now
+                teamd -d -U -n -N -t $teammaster -f /etc/teamd/${teammaster}.conf
+                for slave in $working_slaves; do
+                    # team requires the slaves to be down before joining team
+                    ip link set dev $slave down
+                    (
+                        unset TEAM_PORT_CONFIG
+                        _hwaddr=$(cat /sys/class/net/$slave/address)
+                        _subchannels=$(iface_get_subchannels "$slave")
+                        if [ -n "$_hwaddr" ] && [ -e "/etc/sysconfig/network-scripts/mac-${_hwaddr}.conf" ]; then
+                            . "/etc/sysconfig/network-scripts/mac-${_hwaddr}.conf"
+                        elif [ -n "$_subchannels" ] && [ -e "/etc/sysconfig/network-scripts/ccw-${_subchannels}.conf" ]; then
+                            . "/etc/sysconfig/network-scripts/ccw-${_subchannels}.conf"
+                        elif [ -e "/etc/sysconfig/network-scripts/ifcfg-${slave}" ]; then
+                            . "/etc/sysconfig/network-scripts/ifcfg-${slave}"
+                        fi
+
+                        if [ -n "${TEAM_PORT_CONFIG}" ]; then
+                            /usr/bin/teamdctl ${teammaster} port config update ${slave} "${TEAM_PORT_CONFIG}"
+                        fi
+                    )
+                    teamdctl $teammaster port add $slave
+                done
+
+                ip link set dev $teammaster up
+
+                > /tmp/team.$teammaster.up
+                NO_TEAM_MASTER=yes ifup $teammaster
+                exit $?
+            fi
+        done
+    done
+fi
+
+# all synthetic interfaces done.. now check if the interface is available
+if ! ip link show dev $netif >/dev/null 2>&1; then
+    exit 1
+fi
+
+# disable manual ifup while netroot is set for simplifying our logic
+# in netroot case we prefer netroot to bringup $netif automaticlly
+[ -n "$2" -a "$2" = "-m" ] && [ -z "$netroot" ] && manualup="$2"
+
+if [ -n "$manualup" ]; then
+    >/tmp/net.$netif.manualup
+    rm -f /tmp/net.${netif}.did-setup
+else
+    [ -e /tmp/net.${netif}.did-setup ] && exit 0
+    [ -z "$DO_VLAN" ] && \
+    [ -e /sys/class/net/$netif/address ] && \
+        [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && exit 0
+fi
+
+
+# No ip lines default to dhcp
+ip=$(getarg ip)
+
+if [ -z "$NO_AUTO_DHCP" ] && [ -z "$ip" ]; then
+    if [ "$netroot" = "dhcp6" ]; then
+        do_dhcp -6
+    else
+        do_dhcp -4
+    fi
+
+    for s in $(getargs nameserver); do
+        [ -n "$s" ] || continue
+        echo nameserver $s >> /tmp/net.$netif.resolv.conf
+    done
+fi
+
+
+# Specific configuration, spin through the kernel command line
+# looking for ip= lines
+for p in $(getargs ip=); do
+    ip_to_var $p
+    # skip ibft
+    [ "$autoconf" = "ibft" ] && continue
+
+    case "$dev" in
+        ??:??:??:??:??:??)  # MAC address
+            _dev=$(iface_for_mac $dev)
+            [ -n "$_dev" ] && dev="$_dev"
+            ;;
+        ??-??-??-??-??-??)  # MAC address in BOOTIF form
+            _dev=$(iface_for_mac $(fix_bootif $dev))
+            [ -n "$_dev" ] && dev="$_dev"
+            ;;
+    esac
+
+    # If this option isn't directed at our interface, skip it
+    if [ -n "$dev" ]; then
+        [ "$dev" != "$netif" ] && continue
+    else
+        iface_is_enslaved "$netif" && continue
+    fi
+
+    # Store config for later use
+    for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do
+        eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
+    done > /tmp/net.$netif.override
+
+    for autoopt in $(str_replace "$autoconf" "," " "); do
+        case $autoopt in
+            dhcp|on|any)
+                do_dhcp -4 ;;
+            dhcp6)
+                load_ipv6
+                do_dhcp -6 ;;
+            auto6)
+                do_ipv6auto ;;
+            either6)
+                do_ipv6auto || do_dhcp -6 ;;
+            *)
+                do_static ;;
+        esac
+    done
+    ret=$?
+
+    # setup nameserver
+    for s in "$dns1" "$dns2" $(getargs nameserver); do
+        [ -n "$s" ] || continue
+        echo nameserver $s >> /tmp/net.$netif.resolv.conf
+    done
+
+    if [ $ret -eq 0 ]; then
+        > /tmp/net.${netif}.up
+
+        if  [ -z "$DO_VLAN" ] && [ -e /sys/class/net/${netif}/address ]; then
+            > /tmp/net.$(cat /sys/class/net/${netif}/address).up
+        fi
+
+        case $autoconf in
+            dhcp|on|any|dhcp6)
+            ;;
+            *)
+                if [ $ret -eq 0 ]; then
+                    setup_net $netif
+                    source_hook initqueue/online $netif
+                    if [ -z "$manualup" ]; then
+                        /sbin/netroot $netif
+                    fi
+                fi
+                ;;
+        esac
+        exit $ret
+    fi
+done
+
+# no ip option directed at our interface?
+if [ -z "$NO_AUTO_DHCP" ] && [ ! -e /tmp/net.${netif}.up ]; then
+    if [ -e /tmp/net.bootdev ]; then
+        BOOTDEV=$(cat /tmp/net.bootdev)
+        if [ "$netif" = "$BOOTDEV" ] || [ "$BOOTDEV" = "$(cat /sys/class/net/${netif}/address)" ]; then
+            load_ipv6
+            do_dhcp
+        fi
+    else
+        if getargs 'ip=dhcp6'; then
+            load_ipv6
+            do_dhcp -6
+        fi
+        if getargs 'ip=dhcp'; then
+            do_dhcp -4
+        fi
+    fi
+fi
+
+exit 0
--- a/modules.d/35network-legacy/kill-dhclient.sh
+++ b/modules.d/35network-legacy/kill-dhclient.sh
--- a/modules.d/35network-legacy/module-setup.sh
+++ b/modules.d/35network-legacy/module-setup.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# called by dracut
+check() {
+    local _program
+
+    require_binaries ip dhclient sed awk grep || return 1
+    require_any_binary arping arping2 || return 1
+
+    return 255
+}
+
+# called by dracut
+depends() {
+    return 0
+}
+
+# called by dracut
+installkernel() {
+    return 0
+}
+
+# called by dracut
+install() {
+    local _arch _i _dir
+    inst_multiple ip dhclient sed awk grep
+
+    inst_multiple -o arping arping2
+    strstr "$(arping 2>&1)" "ARPing 2" && mv "$initdir/bin/arping" "$initdir/bin/arping2"
+
+    inst_multiple -o ping ping6
+    inst_multiple -o teamd teamdctl teamnl
+    inst_simple /etc/libnl/classid
+    inst_script "$moddir/ifup.sh" "/sbin/ifup"
+    inst_script "$moddir/dhclient-script.sh" "/sbin/dhclient-script"
+    inst_simple -H "/etc/dhclient.conf"
+    cat "$moddir/dhclient.conf" >> "${initdir}/etc/dhclient.conf"
+    inst_hook pre-udev 60 "$moddir/net-genrules.sh"
+    inst_hook cmdline 92 "$moddir/parse-ibft.sh"
+    inst_hook cmdline 95 "$moddir/parse-vlan.sh"
+    inst_hook cmdline 96 "$moddir/parse-bond.sh"
+    inst_hook cmdline 96 "$moddir/parse-team.sh"
+    inst_hook cmdline 97 "$moddir/parse-bridge.sh"
+    inst_hook cmdline 98 "$moddir/parse-ip-opts.sh"
+    inst_hook cmdline 99 "$moddir/parse-ifname.sh"
+    inst_hook cleanup 10 "$moddir/kill-dhclient.sh"
+
+    # install all config files for teaming
+    unset TEAM_MASTER
+    unset TEAM_CONFIG
+    unset TEAM_PORT_CONFIG
+    unset HWADDR
+    unset SUBCHANNELS
+    for i in /etc/sysconfig/network-scripts/ifcfg-*; do
+        [ -e "$i" ] || continue
+        case "$i" in
+            *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
+                continue
+                ;;
+        esac
+        (
+            . "$i"
+            if ! [ "${ONBOOT}" = "no" -o "${ONBOOT}" = "NO" ] \
+                    && [ -n "${TEAM_MASTER}${TEAM_CONFIG}${TEAM_PORT_CONFIG}" ]; then
+                if [ -n "$TEAM_CONFIG" ] && [ -n "$DEVICE" ]; then
+                    mkdir -p $initdir/etc/teamd
+                    printf -- "%s" "$TEAM_CONFIG" > "$initdir/etc/teamd/${DEVICE}.conf"
+                elif [ -n "$TEAM_PORT_CONFIG" ]; then
+                    inst_simple "$i"
+
+                    HWADDR="$(echo $HWADDR | sed 'y/ABCDEF/abcdef/')"
+                    if [ -n "$HWADDR" ]; then
+                        ln_r "$i" "/etc/sysconfig/network-scripts/mac-${HWADDR}.conf"
+                    fi
+
+                    SUBCHANNELS="$(echo $SUBCHANNELS | sed 'y/ABCDEF/abcdef/')"
+                    if [ -n "$SUBCHANNELS" ]; then
+                        ln_r "$i" "/etc/sysconfig/network-scripts/ccw-${SUBCHANNELS}.conf"
+                    fi
+                fi
+            fi
+        )
+    done
+
+    _arch=$(uname -m)
+
+    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libnss_dns.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libnss_mdns4_minimal.so.*"
+
+    dracut_need_initqueue
+}
+
--- a/modules.d/35network-legacy/net-genrules.sh
+++ b/modules.d/35network-legacy/net-genrules.sh
@@ -12,11 +12,14 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
 # Write udev rules
 {
    # bridge: attempt only the defined interface
-    if [ -e /tmp/bridge.info ]; then
-        . /tmp/bridge.info
-        IFACES="$IFACES ${bridgeslaves%% *}"
+    for i in /tmp/bridge.*.info; do
+        [ -e "$i" ] || continue
+        unset bridgeslaves
+        unset bridgename
+        . "$i"
+        RAW_IFACES="$RAW_IFACES $bridgeslaves"
        MASTER_IFACES="$MASTER_IFACES $bridgename"
-    fi
+    done

    # bond: attempt only the defined interface (override bridge defines)
    for i in /tmp/bond.*.info; do
@@ -25,21 +28,34 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
        unset bondname
        . "$i"
        # It is enough to fire up only one
-        IFACES="$IFACES ${bondslaves%% *}"
+        RAW_IFACES="$RAW_IFACES $bondslaves"
        MASTER_IFACES="$MASTER_IFACES ${bondname}"
    done

-    if [ -e /tmp/team.info ]; then
-        . /tmp/team.info
-        IFACES="$IFACES ${teamslaves}"
+    for i in /tmp/team.*.info; do
+        [ -e "$i" ] || continue
+        unset teamslaves
+        unset teammaster
+        . "$i"
+        RAW_IFACES="$RAW_IFACES ${teamslaves}"
        MASTER_IFACES="$MASTER_IFACES ${teammaster}"
-    fi
+    done

-    if [ -e /tmp/vlan.info ]; then
-        . /tmp/vlan.info
-        IFACES="$IFACES $phydevice"
-        MASTER_IFACES="$MASTER_IFACES ${vlanname}"
-    fi
+    for i in /tmp/vlan.*.phy; do
+        [ -e "$i" ] || continue
+        unset phydevice
+        . "$i"
+        RAW_IFACES="$RAW_IFACES $phydevice"
+        for j in /tmp/vlan.*.${phydevice}; do
+            [ -e "$j" ] || continue
+            unset vlanname
+            . "$j"
+            MASTER_IFACES="$MASTER_IFACES ${vlanname}"
+        done
+    done
+
+    MASTER_IFACES="$(trim "$MASTER_IFACES")"
+    RAW_IFACES="$(trim "$RAW_IFACES")"

    if [ -z "$IFACES" ]; then
        [ -e /tmp/net.ifaces ] && read IFACES < /tmp/net.ifaces
@@ -54,10 +70,10 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
    runcmd="RUN+=\"/sbin/initqueue --name ifup-\$env{INTERFACE} --unique --onetime $ifup\""

    # We have some specific interfaces to handle
-    if [ -n "$IFACES" ]; then
+    if [ -n "${RAW_IFACES}${IFACES}" ]; then
        echo 'SUBSYSTEM!="net", GOTO="net_end"'
        echo 'ACTION!="add|change|move", GOTO="net_end"'
-        for iface in $IFACES; do
+        for iface in $IFACES $RAW_IFACES; do
            case "$iface" in
                ??:??:??:??:??:??)  # MAC address
                    cond="ATTR{address}==\"$iface\""
@@ -78,13 +94,7 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
        done
        echo 'LABEL="net_end"'

-        if [ -n "$MASTER_IFACES" ]; then
-            wait_ifaces=$MASTER_IFACES
-        else
-            wait_ifaces=$IFACES
-        fi
-
-        for iface in $wait_ifaces; do
+        for iface in $IFACES; do
            if [ "$bootdev" = "$iface" ] || [ "$NEEDNET" = "1" ]; then
                echo "[ -f /tmp/net.${iface}.did-setup ]" >$hookdir/initqueue/finished/wait-$iface.sh
            fi
@@ -92,9 +102,12 @@ command -v fix_bootif >/dev/null || . /lib/net-lib.sh
    # Default: We don't know the interface to use, handle all
    # Fixme: waiting for the interface as well.
    else
-        cond='ACTION=="add", SUBSYSTEM=="net"'
+        cond='ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}!="wlan|wwan"'
        # if you change the name of "91-default-net.rules", also change modules.d/80cms/cmssetup.sh
        echo "$cond, $runcmd" > /etc/udev/rules.d/91-default-net.rules
+        if [ "$NEEDNET" = "1" ]; then
+            echo 'for i in /tmp/net.*.did-setup; do [ -f "$i" ]  && exit 0; done; exit 1' >$hookdir/initqueue/finished/wait-network.sh
+        fi
    fi

 # if you change the name of "90-net.rules", also change modules.d/80cms/cmssetup.sh
--- a/modules.d/35network-legacy/parse-bond.sh
+++ b/modules.d/35network-legacy/parse-bond.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # Format:
-#       bond=<bondname>[:<bondslaves>:[:<options>]]
+#       bond=<bondname>[:<bondslaves>[:<options>[:<mtu>]]]
 #
 #       bondslaves is a comma-separated list of physical (ethernet) interfaces
 #       options is a comma-separated list on bonding options (modinfo bonding for details) in format compatible with initscripts
@@ -9,16 +9,10 @@
 #
 #       bond without parameters assumes bond=bond0:eth0,eth1:mode=balance-rr
 #
+#       if the mtu is specified, it will be set on the bond master
+#

-# return if bond already parsed
-[ -n "$bondname" ] && return
-
-# Check if bond parameter is valid
-if getarg bond= >/dev/null ; then
-    :
-fi
-
-# We translate list of slaves to space-separated here to mwke it easier to loop over them in ifup
+# We translate list of slaves to space-separated here to make it easier to loop over them in ifup
 # Ditto for bonding options
 parsebond() {
    local v=${1}:
@@ -28,24 +22,24 @@ parsebond() {
        v=${v#*:}
    done

-    unset bondname bondslaves bondoptions
    case $# in
    0)  bondname=bond0; bondslaves="eth0 eth1" ;;
    1)  bondname=$1; bondslaves="eth0 eth1" ;;
    2)  bondname=$1; bondslaves=$(str_replace "$2" "," " ") ;;
    3)  bondname=$1; bondslaves=$(str_replace "$2" "," " "); bondoptions=$(str_replace "$3" "," " ") ;;
+    4)  bondname=$1; bondslaves=$(str_replace "$2" "," " "); bondoptions=$(str_replace "$3" "," " "); bondmtu=$4;;
    *)  die "bond= requires zero to four parameters" ;;
    esac
 }

-unset bondname bondslaves bondoptions
-
-# Parse bond for bondname, bondslaves, bondmode and bondoptions
-if getarg bond >/dev/null; then
-    # Read bond= parameters if they exist
-    bond="$(getarg bond=)"
-    if [ ! "$bond" = "bond" ]; then
-        parsebond "$(getarg bond=)"
+# Parse bond for bondname, bondslaves, bondmode, bondoptions and bondmtu
+for bond in $(getargs bond=); do
+    unset bondname
+    unset bondslaves
+    unset bondoptions
+    unset bondmtu
+    if [ "$bond" != "bond" ]; then
+        parsebond "$bond"
    fi
    # Simple default bond
    if [ -z "$bondname" ]; then
@@ -57,5 +51,5 @@ if getarg bond >/dev/null; then
    echo "bondname=$bondname" > /tmp/bond.${bondname}.info
    echo "bondslaves=\"$bondslaves\"" >> /tmp/bond.${bondname}.info
    echo "bondoptions=\"$bondoptions\"" >> /tmp/bond.${bondname}.info
-    return
-fi
+    echo "bondmtu=\"$bondmtu\"" >> /tmp/bond.${bondname}.info
+done
--- a/modules.d/35network-legacy/parse-bridge.sh
+++ b/modules.d/35network-legacy/parse-bridge.sh
@@ -7,14 +7,6 @@
 #       bridge without parameters assumes bridge=br0:eth0
 #

-# return if bridge already parsed
-[ -n "$bridgename" ] && return
-
-# Check if bridge parameter is valid
-if getarg bridge= >/dev/null ; then
-    command -v brctl >/dev/null 2>&1 || die "No 'brctl' installed" 
-fi
-
 parsebridge() {
    local v=${1}:
    set --
@@ -22,8 +14,6 @@ parsebridge() {
        set -- "$@" "${v%%:*}"
        v=${v#*:}
    done
-
-    unset bridgename bridgeslaves
    case $# in
        0)  bridgename=br0; bridgeslaves=$iface ;;
        1)  die "bridge= requires two parameters" ;;
@@ -32,14 +22,13 @@ parsebridge() {
    esac
 }

-unset bridgename bridgeslaves
-
-iface=eth0
-
 # Parse bridge for bridgename and bridgeslaves
-if bridge="$(getarg bridge)"; then
+for bridge in $(getargs bridge=); do
+    unset bridgename
+    unset bridgeslaves
+    iface=eth0
    # Read bridge= parameters if they exist
-    if [ -n "$bridge" ]; then
+    if [ "$bridge" != "bridge" ]; then
        parsebridge $bridge
    fi
    # Simple default bridge
@@ -47,7 +36,6 @@ if bridge="$(getarg bridge)"; then
        bridgename=br0
        bridgeslaves=$iface
    fi
-    echo "bridgename=$bridgename" > /tmp/bridge.info
-    echo "bridgeslaves=\"$bridgeslaves\"" >> /tmp/bridge.info
-    return
-fi
+    echo "bridgename=$bridgename" > /tmp/bridge.${bridgename}.info
+    echo "bridgeslaves=\"$bridgeslaves\"" >> /tmp/bridge.${bridgename}.info
+done
--- a/modules.d/35network-legacy/parse-ibft.sh
+++ b/modules.d/35network-legacy/parse-ibft.sh
--- a/modules.d/35network-legacy/parse-ifname.sh
+++ b/modules.d/35network-legacy/parse-ifname.sh
--- a/modules.d/35network-legacy/parse-ip-opts.sh
+++ b/modules.d/35network-legacy/parse-ip-opts.sh
@@ -40,6 +40,8 @@ if [ -n "$NEEDBOOTDEV" ] && getargbool 1 rd.neednet; then
    #[ -z "$BOOTDEV" ] && warn "Please supply bootdev argument for multiple ip= lines"
    echo "rd.neednet=1" > /etc/cmdline.d/dracut-neednet.conf
    info "Multiple ip= arguments: assuming rd.neednet=1"
+else
+    unset NEEDBOOTDEV
 fi

 # Check ip= lines
@@ -48,17 +50,14 @@ for p in $(getargs ip=); do
    ip_to_var $p

    # make first device specified the BOOTDEV
-    if [ -z "$BOOTDEV" ] && [ -n "$dev" ]; then
+    if [ -n "$NEEDBOOTDEV" ] && [ -z "$BOOTDEV" ] && [ -n "$dev" ]; then
        BOOTDEV="$dev"
-        [ -n "$NEEDBOOTDEV" ] && info "Setting bootdev to '$BOOTDEV'"
+        info "Setting bootdev to '$BOOTDEV'"
    fi

    # skip ibft since we did it above
    [ "$autoconf" = "ibft" ] && continue

-    # We need to have an ip= line for the specified bootdev
-    [ -n "$NEEDBOOTDEV" ] && [ "$dev" = "$BOOTDEV" ] && BOOTDEVOK=1
-
    # Empty autoconf defaults to 'dhcp'
    if [ -z "$autoconf" ] ; then
        warn "Empty autoconf values default to dhcp"
@@ -77,6 +76,7 @@ for p in $(getargs ip=); do
                    die "Sorry, automatic calculation of netmask is not yet supported"
                ;;
            auto6);;
+            either6);;
            dhcp|dhcp6|on|any) \
                [ -n "$NEEDBOOTDEV" ] && [ -z "$dev" ] && \
                    die "Sorry, 'ip=$p' does not make sense for multiple interface configurations"
--- a/modules.d/35network-legacy/parse-team.sh
+++ b/modules.d/35network-legacy/parse-team.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# Format:
+#       team=<teammaster>:<teamslaves>
+#
+#       teamslaves is a comma-separated list of physical (ethernet) interfaces
+#
+
+parseteam() {
+    local v=${1}:
+    set --
+    while [ -n "$v" ]; do
+        set -- "$@" "${v%%:*}"
+        v=${v#*:}
+    done
+
+    case $# in
+    2)  teammaster=$1; teamslaves=$(str_replace "$2" "," " ") ;;
+    *)  die "team= requires two parameters" ;;
+    esac
+    return 0
+}
+
+for team in $(getargs team); do
+    [ "$team" = "team" ] && continue
+
+    unset teammaster
+    unset teamslaves
+
+    parseteam "$team" || continue
+
+    echo "teammaster=$teammaster" > /tmp/team.${teammaster}.info
+    echo "teamslaves=\"$teamslaves\"" >> /tmp/team.${teammaster}.info
+
+    if ! [ -e /etc/teamd/${teammaster}.conf ]; then
+        warn "Team master $teammaster specified, but no /etc/teamd/$teammaster.conf present. Using activebackup."
+        mkdir -p /etc/teamd
+        printf -- "%s" '{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}' > "/etc/teamd/${teammaster}.conf"
+    fi
+done
+
--- a/modules.d/35network-legacy/parse-vlan.sh
+++ b/modules.d/35network-legacy/parse-vlan.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# Format:
+#	vlan=<vlanname>:<phydevice>
+#
+
+parsevlan() {
+    local v=${1}:
+    set --
+    while [ -n "$v" ]; do
+        set -- "$@" "${v%%:*}"
+        v=${v#*:}
+    done
+
+    unset vlanname phydevice
+    case $# in
+    2)  vlanname=$1; phydevice=$2 ;;
+    *)  die "vlan= requires two parameters" ;;
+    esac
+}
+
+for vlan in $(getargs vlan=); do
+    unset vlanname
+    unset phydevice
+    if [ ! "$vlan" = "vlan" ]; then
+        parsevlan "$vlan"
+    fi
+
+    echo "phydevice=\"$phydevice\"" > /tmp/vlan.${phydevice}.phy
+    {
+        echo "vlanname=\"$vlanname\""
+        echo "phydevice=\"$phydevice\""
+    } > /tmp/vlan.${vlanname}.${phydevice}
+done
--- a/modules.d/35network-manager/module-setup.sh
+++ b/modules.d/35network-manager/module-setup.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# called by dracut
+check() {
+    local _program
+
+    require_binaries sed grep || return 1
+
+    # do not add this module by default
+    return 255
+}
+
+# called by dracut
+depends() {
+    return 0
+}
+
+# called by dracut
+installkernel() {
+    return 0
+}
+
+# called by dracut
+install() {
+    local _nm_version
+
+    _nm_version=$(NetworkManager --version)
+
+    inst_multiple sed grep
+
+    inst NetworkManager
+    inst /usr/libexec/nm-initrd-generator
+    inst_multiple -o teamd dhclient
+    inst_hook cmdline 99 "$moddir/nm-config.sh"
+    inst_hook initqueue/settled 99 "$moddir/nm-run.sh"
+    inst_rules 85-nm-unmanaged.rules
+    inst_libdir_file "NetworkManager/$_nm_version/libnm-device-plugin-team.so"
+
+    if [[ -x "$initdir/usr/sbin/dhclient" ]]; then
+        inst /usr/libexec/nm-dhcp-helper
+    elif ! [[ -e "$initdir/etc/machine-id" ]]; then
+        # The internal DHCP client silently fails if we
+        # have no machine-id
+        systemd-machine-id-setup --root="$initdir"
+    fi
+
+    # We don't install the ifcfg files from the host automatically.
+    # But if the user chooses to include them, we pull in the machinery to read them.
+    if ! [[ -d "$initdir/etc/sysconfig/network-scripts" ]]; then
+        inst_libdir_file "NetworkManager/$_nm_version/libnm-settings-plugin-ifcfg-rh.so"
+    fi
+}
--- a/modules.d/35network-manager/nm-config.sh
+++ b/modules.d/35network-manager/nm-config.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -n "$netroot" ] || [ -e /tmp/net.ifaces ]; then
+    echo rd.neednet >> /etc/cmdline.d/35-neednet.conf
+fi
+
+/usr/libexec/nm-initrd-generator -- $(getcmdline)
--- a/modules.d/35network-manager/nm-run.sh
+++ b/modules.d/35network-manager/nm-run.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if getargbool 0 rd.debug -d -y rdinitdebug -d -y rdnetdebug; then
+    /usr/sbin/NetworkManager --configure-and-quit=initrd --debug --log-level=trace
+else
+    /usr/sbin/NetworkManager --configure-and-quit=initrd --no-daemon
+fi
+
+for _i in /sys/class/net/*/
+do
+    state=/run/NetworkManager/devices/$(cat $_i/ifindex)
+    grep -q connection-uuid= $state 2>/dev/null || continue
+    ifname=${_i##*/}
+    sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p' <$state >/tmp/dhclient.$ifname.dhcpopts
+    source_hook initqueue/online $ifname
+    /sbin/netroot $ifname
+done
--- a/modules.d/40network/dhclient.conf
+++ b/modules.d/40network/dhclient.conf
@@ -1,3 +0,0 @@
-request subnet-mask, broadcast-address, time-offset, routers,
-        domain-name, domain-name-servers, domain-search, host-name,
-        root-path, interface-mtu;
--- a/modules.d/40network/ifup.sh
+++ b/modules.d/40network/ifup.sh
@@ -1,427 +0,0 @@
-#!/bin/sh
-#
-# We don't need to check for ip= errors here, that is handled by the
-# cmdline parser script
-#
-# without $2 means this is for real netroot case
-# or it is for manually bring up network ie. for kdump scp vmcore
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-
-type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
-type ip_to_var >/dev/null 2>&1 || . /lib/net-lib.sh
-
-# Huh? No $1?
-[ -z "$1" ] && exit 1
-
-# $netif reads easier than $1
-netif=$1
-use_bridge='false'
-use_vlan='false'
-
-# enslave this interface to bond?
-for i in /tmp/bond.*.info; do
-    [ -e "$i" ] || continue
-    unset bondslaves
-    unset bondname
-    . "$i"
-    for slave in $bondslaves ; do
-        if [ "$netif" = "$slave" ] ; then
-            netif=$bondname
-            break 2
-        fi
-    done
-done
-
-if [ -e /tmp/team.info ]; then
-    . /tmp/team.info
-    for slave in $teamslaves ; do
-        if [ "$netif" = "$slave" ] ; then
-            netif=$teammaster
-        fi
-    done
-fi
-
-if [ -e /tmp/vlan.info ]; then
-    . /tmp/vlan.info
-    if [ "$netif" = "$phydevice" ]; then
-        if [ "$netif" = "$bondname" ] && [ -n "$DO_BOND_SETUP" ] ; then
-            : # We need to really setup bond (recursive call)
-        elif [ "$netif" = "$teammaster" ] && [ -n "$DO_TEAM_SETUP" ] ; then
-            : # We need to really setup team (recursive call)
-        else
-            netif="$vlanname"
-            use_vlan='true'
-        fi
-    fi
-fi
-
-# bridge this interface?
-if [ -e /tmp/bridge.info ]; then
-    . /tmp/bridge.info
-    for ethname in $bridgeslaves ; do
-        if [ "$netif" = "$ethname" ]; then
-            if [ "$netif" = "$bondname" ] && [ -n "$DO_BOND_SETUP" ] ; then
-                : # We need to really setup bond (recursive call)
-            elif [ "$netif" = "$teammaster" ] && [ -n "$DO_TEAM_SETUP" ] ; then
-                : # We need to really setup team (recursive call)
-            elif [ "$netif" = "$vlanname" ] && [ -n "$DO_VLAN_SETUP" ]; then
-                : # We need to really setup vlan (recursive call)
-            else
-                netif="$bridgename"
-                use_bridge='true'
-            fi
-        fi
-    done
-fi
-
-# disable manual ifup while netroot is set for simplifying our logic
-# in netroot case we prefer netroot to bringup $netif automaticlly
-[ -n "$2" -a "$2" = "-m" ] && [ -z "$netroot" ] && manualup="$2"
-
-if [ -n "$manualup" ]; then
-    >/tmp/net.$netif.manualup
-    rm -f /tmp/net.${netif}.did-setup
-else
-    [ -e /tmp/net.${netif}.did-setup ] && exit 0
-    [ -e /sys/class/net/$netif/address ] && \
-        [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && exit 0
-fi
-
-# Run dhclient
-do_dhcp() {
-    # dhclient-script will mark the netif up and generate the online
-    # event for nfsroot
-    # XXX add -V vendor class and option parsing per kernel
-
-    local _COUNT=0
-    local _timeout=$(getargs rd.net.timeout.dhcp=)
-    local _DHCPRETRY=$(getargs rd.net.dhcp.retry=)
-    _DHCPRETRY=${_DHCPRETRY:-1}
-
-    [ -e /tmp/dhclient.$netif.pid ] && return 0
-
-    if ! iface_has_link $netif; then
-        warn "No carrier detected on interface $netif"
-        return 1
-    fi
-
-    while [ $_COUNT -lt $_DHCPRETRY ]; do
-        info "Starting dhcp for interface $netif"
-        dhclient "$@" \
-                 ${_timeout:+-timeout $_timeout} \
-                 -q \
-                 -cf /etc/dhclient.conf \
-                 -pf /tmp/dhclient.$netif.pid \
-                 -lf /tmp/dhclient.$netif.lease \
-                 $netif \
-            && return 0
-        _COUNT=$(($_COUNT+1))
-        [ $_COUNT -lt $_DHCPRETRY ] && sleep 1
-    done
-    warn "dhcp for interface $netif failed"
-    return 1
-}
-
-load_ipv6() {
-    [ -d /proc/sys/net/ipv6 ] && return
-    modprobe ipv6
-    i=0
-    while [ ! -d /proc/sys/net/ipv6 ]; do
-        i=$(($i+1))
-        [ $i -gt 10 ] && break
-        sleep 0.1
-    done
-}
-
-do_ipv6auto() {
-    load_ipv6
-    echo 0 > /proc/sys/net/ipv6/conf/$netif/forwarding
-    echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_ra
-    echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects
-    linkup $netif
-    wait_for_ipv6_auto $netif
-
-    [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
-
-    return 0
-}
-
-# Handle static ip configuration
-do_static() {
-    strglobin $ip '*:*:*' && load_ipv6
-
-    if ! linkup $netif; then
-        warn "Could not bring interface $netif up!"
-        return 1
-    fi
-
-    ip route get "$ip" | {
-        read a rest
-        if [ "$a" = "local" ]; then
-            warn "Not assigning $ip to interface $netif, cause it is already assigned!"
-            return 1
-        fi
-        return 0
-    } || return 1
-
-    [ -n "$macaddr" ] && ip link set address $macaddr dev $netif
-    [ -n "$mtu" ] && ip link set mtu $mtu dev $netif
-    if strglobin $ip '*:*:*'; then
-        # note no ip addr flush for ipv6
-        ip addr add $ip/$mask ${srv:+peer $srv} dev $netif
-        wait_for_ipv6_dad $netif
-    else
-        if ! arping -f -q -D -c 2 -I $netif $ip; then
-            warn "Duplicate address detected for $ip for interface $netif."
-            return 1
-        fi
-        ip addr flush dev $netif
-        ip addr add $ip/$mask ${srv:+peer $srv} brd + dev $netif
-    fi
-
-    [ -n "$gw" ] && echo ip route replace default via $gw dev $netif > /tmp/net.$netif.gw
-    [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
-
-    return 0
-}
-
-# loopback is always handled the same way
-if [ "$netif" = "lo" ] ; then
-    ip link set lo up
-    ip addr add 127.0.0.1/8 dev lo
-    exit 0
-fi
-
-# start bond if needed
-if [ -e /tmp/bond.${netif}.info ]; then
-    . /tmp/bond.${netif}.info
-
-    if [ "$netif" = "$bondname" ] && [ ! -e /tmp/net.$bondname.up ] ; then # We are master bond device
-        modprobe bonding
-        echo "+$netif" >  /sys/class/net/bonding_masters
-        ip link set $netif down
-
-        # Stolen from ifup-eth
-        # add the bits to setup driver parameters here
-        for arg in $bondoptions ; do
-            key=${arg%%=*};
-            value=${arg##*=};
-            # %{value:0:1} is replaced with non-bash specific construct
-            if [ "${key}" = "arp_ip_target" -a "${#value}" != "0" -a "+${value%%+*}" != "+" ]; then
-                OLDIFS=$IFS;
-                IFS=',';
-                for arp_ip in $value; do
-                    echo +$arp_ip > /sys/class/net/${netif}/bonding/$key
-                done
-                IFS=$OLDIFS;
-            else
-                echo $value > /sys/class/net/${netif}/bonding/$key
-            fi
-        done
-
-        linkup $netif
-
-        for slave in $bondslaves ; do
-            ip link set $slave down
-            cat /sys/class/net/$slave/address > /tmp/net.${netif}.${slave}.hwaddr
-            echo "+$slave" > /sys/class/net/$bondname/bonding/slaves
-            linkup $slave
-        done
-
-        # add the bits to setup the needed post enslavement parameters
-        for arg in $BONDING_OPTS ; do
-            key=${arg%%=*};
-            value=${arg##*=};
-            if [ "${key}" = "primary" ]; then
-                echo $value > /sys/class/net/${netif}/bonding/$key
-            fi
-        done
-    fi
-fi
-
-if [ -e /tmp/team.info ]; then
-    . /tmp/team.info
-    if [ "$netif" = "$teammaster" ] && [ ! -e /tmp/net.$teammaster.up ] ; then
-        # We shall only bring up those _can_ come up
-        # in case of some slave is gone in active-backup mode
-        working_slaves=""
-        for slave in $teamslaves ; do
-            ip link set $slave up 2>/dev/null
-            if wait_for_if_up $slave; then
-                working_slaves+="$slave "
-            fi
-        done
-        # Do not add slaves now
-        teamd -d -U -n -N -t $teammaster -f /etc/teamd/$teammaster.conf
-        for slave in $working_slaves; do
-            # team requires the slaves to be down before joining team
-            ip link set $slave down
-            teamdctl $teammaster port add $slave
-        done
-        ip link set $teammaster up
-    fi
-fi
-
-# XXX need error handling like dhclient-script
-
-if [ -e /tmp/bridge.info ]; then
-    . /tmp/bridge.info
-# start bridge if necessary
-    if [ "$netif" = "$bridgename" ] && [ ! -e /tmp/net.$bridgename.up ]; then
-        brctl addbr $bridgename
-        brctl setfd $bridgename 0
-        for ethname in $bridgeslaves ; do
-            if [ "$ethname" = "$bondname" ] ; then
-                DO_BOND_SETUP=yes ifup $bondname -m
-            elif [ "$ethname" = "$teammaster" ] ; then
-                DO_TEAM_SETUP=yes ifup $teammaster -m
-            elif [ "$ethname" = "$vlanname" ]; then
-                DO_VLAN_SETUP=yes ifup $vlanname -m
-            else
-                linkup $ethname
-            fi
-            brctl addif $bridgename $ethname
-        done
-    fi
-fi
-
-get_vid() {
-    case "$1" in
-    vlan*)
-        echo ${1#vlan}
-        ;;
-    *.*)
-        echo ${1##*.}
-        ;;
-    esac
-}
-
-if [ "$netif" = "$vlanname" ] && [ ! -e /tmp/net.$vlanname.up ]; then
-    modprobe 8021q
-    if [ "$phydevice" = "$bondname" ] ; then
-        DO_BOND_SETUP=yes ifup $phydevice -m
-    elif [ "$phydevice" = "$teammaster" ] ; then
-        DO_TEAM_SETUP=yes ifup $phydevice -m
-    else
-        linkup "$phydevice"
-    fi
-    ip link add dev "$vlanname" link "$phydevice" type vlan id "$(get_vid $vlanname)"
-    ip link set "$vlanname" up
-fi
-
-# No ip lines default to dhcp
-ip=$(getarg ip)
-
-if [ -z "$ip" ]; then
-    for s in $(getargs nameserver); do
-        [ -n "$s" ] || continue
-        echo nameserver $s >> /tmp/net.$netif.resolv.conf
-    done
-
-    if [ "$netroot" = "dhcp6" ]; then
-        do_dhcp -6
-    else
-        do_dhcp -4
-    fi
-fi
-
-
-# Specific configuration, spin through the kernel command line
-# looking for ip= lines
-for p in $(getargs ip=); do
-    ip_to_var $p
-    # skip ibft
-    [ "$autoconf" = "ibft" ] && continue
-
-    case "$dev" in
-        ??:??:??:??:??:??)  # MAC address
-            _dev=$(iface_for_mac $dev)
-            [ -n "$_dev" ] && dev="$_dev"
-            ;;
-        ??-??-??-??-??-??)  # MAC address in BOOTIF form
-            _dev=$(iface_for_mac $(fix_bootif $dev))
-            [ -n "$_dev" ] && dev="$_dev"
-            ;;
-    esac
-
-    # If this option isn't directed at our interface, skip it
-    [ -n "$dev" ] && [ "$dev" != "$netif" ] && \
-    [ "$use_bridge" != 'true' ] && \
-    [ "$use_vlan" != 'true' ] && continue
-
-    # setup nameserver
-    for s in "$dns1" "$dns2" $(getargs nameserver); do
-        [ -n "$s" ] || continue
-        echo nameserver $s >> /tmp/net.$netif.resolv.conf
-    done
-
-    # Store config for later use
-    for i in ip srv gw mask hostname macaddr dns1 dns2; do
-        eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
-    done > /tmp/net.$netif.override
-
-    for autoopt in $(str_replace "$autoconf" "," " "); do
-        case $autoopt in
-            dhcp|on|any)
-                do_dhcp -4 ;;
-            dhcp6)
-                load_ipv6
-                do_dhcp -6 ;;
-            auto6)
-                do_ipv6auto ;;
-            *)
-                do_static ;;
-        esac
-    done
-    ret=$?
-
-    > /tmp/net.${netif}.up
-
-    if [ -e /sys/class/net/${netif}/address ]; then
-        > /tmp/net.$(cat /sys/class/net/${netif}/address).up
-    fi
-
-    case $autoconf in
-        dhcp|on|any|dhcp6)
-            ;;
-        *)
-            if [ $ret -eq 0 ]; then
-                setup_net $netif
-                source_hook initqueue/online $netif
-                if [ -z "$manualup" ]; then
-                    /sbin/netroot $netif
-                fi
-            fi
-            ;;
-    esac
-
-    exit 0
-done
-
-# netif isn't the top stack? Then we should exit here.
-# eg. netif is bond0. br0 is on top of it. dhcp br0 is correct but dhcp
-#     bond0 doesn't make sense.
-if [ -n "$DO_BOND_SETUP" -o -n "$DO_TEAM_SETUP" -o -n "$DO_VLAN_SETUP" ]; then
-    exit 0
-fi
-
-# no ip option directed at our interface?
-if [ ! -e /tmp/net.${netif}.up ]; then
-    if [ -e /tmp/net.bootdev ]; then
-        BOOTDEV=$(cat /tmp/net.bootdev)
-        if [ "$netif" = "$BOOTDEV" ] || [ "$BOOTDEV" = "$(cat /sys/class/net/${netif}/address)" ]; then
-            load_ipv6
-            do_dhcp
-        fi
-    else
-        if getargs 'ip=dhcp6'; then
-            load_ipv6
-            do_dhcp -6
-        fi
-        if getargs 'ip=dhcp'; then
-            do_dhcp -4
-        fi
-    fi
-fi
-
-exit 0
--- a/modules.d/40network/module-setup.sh
+++ b/modules.d/40network/module-setup.sh
@@ -2,16 +2,17 @@

 # called by dracut
 check() {
-    local _program
-
-    require_binaries ip arping dhclient || return 1
-
    return 255
 }

 # called by dracut
 depends() {
-    echo "kernel-network-modules"
+    echo -n "kernel-network-modules "
+    # RHEL 8.1: Default to network-legacy unless the user chose
+    # network-manager manually
+    if ! dracut_module_included "network-manager" ; then
+        echo "network-legacy"
+    fi
    return 0
 }

@@ -23,34 +24,11 @@ installkernel() {
 # called by dracut
 install() {
    local _arch _i _dir
-    inst_multiple ip arping dhclient sed
-    inst_multiple -o ping ping6
-    inst_multiple -o brctl
-    inst_multiple -o teamd teamdctl teamnl
-    inst_simple /etc/libnl/classid
-    inst_script "$moddir/ifup.sh" "/sbin/ifup"
+
    inst_script "$moddir/netroot.sh" "/sbin/netroot"
-    inst_script "$moddir/dhclient-script.sh" "/sbin/dhclient-script"
    inst_simple "$moddir/net-lib.sh" "/lib/net-lib.sh"
-    inst_simple -H "/etc/dhclient.conf"
-    cat "$moddir/dhclient.conf" >> "${initdir}/etc/dhclient.conf"
    inst_hook pre-udev 50 "$moddir/ifname-genrules.sh"
-    inst_hook pre-udev 60 "$moddir/net-genrules.sh"
    inst_hook cmdline 91 "$moddir/dhcp-root.sh"
-    inst_hook cmdline 92 "$moddir/parse-ibft.sh"
-    inst_hook cmdline 95 "$moddir/parse-vlan.sh"
-    inst_hook cmdline 96 "$moddir/parse-bond.sh"
-    inst_hook cmdline 96 "$moddir/parse-team.sh"
-    inst_hook cmdline 97 "$moddir/parse-bridge.sh"
-    inst_hook cmdline 98 "$moddir/parse-ip-opts.sh"
-    inst_hook cmdline 99 "$moddir/parse-ifname.sh"
-    inst_hook cleanup 10 "$moddir/kill-dhclient.sh"
-
-    _arch=$(uname -m)
-
-    inst_libdir_file {"tls/$_arch/",tls/,"$_arch/",}"libnss_dns.so.*" \
-        {"tls/$_arch/",tls/,"$_arch/",}"libnss_mdns4_minimal.so.*"

    dracut_need_initqueue
 }
-
--- a/modules.d/40network/net-lib.sh
+++ b/modules.d/40network/net-lib.sh
@@ -101,7 +101,8 @@ ifdown() {
    ip addr flush dev $netif
    echo "#empty" > /etc/resolv.conf
    rm -f -- /tmp/net.$netif.did-setup
-    [ -e /sys/class/net/$netif/address ] && \
+    [ -z "$DO_VLAN" ] && \
+	[ -e /sys/class/net/$netif/address ] && \
        rm -f -- /tmp/net.$(cat /sys/class/net/$netif/address).did-setup
    # TODO: send "offline" uevent?
 }
@@ -110,7 +111,8 @@ setup_net() {
    local netif="$1" f="" gw_ip="" netroot_ip="" iface="" IFACES=""
    local _p
    [ -e /tmp/net.$netif.did-setup ] && return
-    [ -e /sys/class/net/$netif/address ] && \
+    [ -z "$DO_VLAN" ] && \
+	[ -e /sys/class/net/$netif/address ] && \
        [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && return
    [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces
    [ -z "$IFACES" ] && IFACES="$netif"
@@ -120,7 +122,7 @@ setup_net() {
    [ -e /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts
    # set up resolv.conf
    [ -e /tmp/net.$netif.resolv.conf ] && \
-        cp -f /tmp/net.$netif.resolv.conf /etc/resolv.conf
+        awk '!array[$0]++' /tmp/net.$netif.resolv.conf > /etc/resolv.conf
    [ -e /tmp/net.$netif.gw ]            && . /tmp/net.$netif.gw

    # add static route
@@ -169,12 +171,17 @@ setup_net() {
    fi

    if [ "$layer2" != "0" ] && [ -n "$dest" ] && ! strstr "$dest" ":"; then
-        arping -q -f -w 60 -I $netif $dest || info "Resolving $dest via ARP on $netif failed"
+        if command -v arping2 >/dev/null; then
+            arping2 -q -C 1 -c 60 -I $netif $dest || info "Resolving $dest via ARP on $netif failed"
+        else
+            arping -q -f -w 60 -I $netif $dest || info "Resolving $dest via ARP on $netif failed"
+        fi
    fi
    unset layer2

    > /tmp/net.$netif.did-setup
-    [ -e /sys/class/net/$netif/address ] && \
+    [ -z "$DO_VLAN" ] && \
+	[ -e /sys/class/net/$netif/address ] && \
        > /tmp/net.$(cat /sys/class/net/$netif/address).did-setup
 }

@@ -241,23 +248,55 @@ ibft_to_cmdline() {

            [ -e /tmp/net.${dev}.has_ibft_config ] && continue

+            [ -e ${iface}/flags ] && flags=$(read a < ${iface}/flags; echo $a)
+            # Skip invalid interfaces
+            (( $flags & 1 )) || continue
+            # Skip interfaces not used for booting
+            (( $flags & 2 )) || continue
            [ -e ${iface}/dhcp ] && dhcp=$(read a < ${iface}/dhcp; echo $a)
+            [ -e ${iface}/origin ] && origin=$(read a < ${iface}/origin; echo $a)
+            [ -e ${iface}/ip-addr ] && ip=$(read a < ${iface}/ip-addr; echo $a)

-            if [ -n "$dhcp" ]; then
-                echo "ip=$dev:dhcp"
+            if [ -n "$ip" ] ; then
+                case "$ip" in
+                    *.*.*.*)
+                        family=ipv4
+                        ;;
+                    *:*)
+                        family=ipv6
+                        ;;
+                esac
+            fi
+            if [ -n "$dhcp" ] || [ "$origin" -eq 3 ]; then
+                if [ "$family" = "ipv6" ] ; then
+                    echo "ip=$dev:dhcp6"
+                else
+                    echo "ip=$dev:dhcp"
+                fi
            elif [ -e ${iface}/ip-addr ]; then
-                [ -e ${iface}/ip-addr ] && ip=$(read a < ${iface}/ip-addr; echo $a)
                # skip not assigned ip adresses
                [ "$ip" = "0.0.0.0" ] && continue
                [ -e ${iface}/gateway ] && gw=$(read a < ${iface}/gateway; echo $a)
                [ "$gateway" = "0.0.0.0" ] && unset $gateway
                [ -e ${iface}/subnet-mask ] && mask=$(read a < ${iface}/subnet-mask; echo $a)
+                [ -e ${iface}/prefix-len ] && prefix=$(read a < ${iface}/prefix-len; echo $a)
                [ -e ${iface}/primary-dns ] && dns1=$(read a < ${iface}/primary-dns; echo $a)
                [ "$dns1" = "0.0.0.0" ] && unset $dns1
                [ -e ${iface}/secondary-dns ] && dns2=$(read a < ${iface}/secondary-dns; echo $a)
                [ "$dns2" = "0.0.0.0" ] && unset $dns2
                [ -e ${iface}/hostname ] && hostname=$(read a < ${iface}/hostname; echo $a)
-                if [ -n "$ip" ] && [ -n "$mask" ]; then
+                if [ "$family" = "ipv6" ] ; then
+                    if [ -n "$ip" ] ; then
+                        ip="[$ip]"
+                        [ -n "$prefix" ] || prefix=64
+                        ip="[${ip}/${prefix}]"
+                        mask=
+                    fi
+                    if [ -n "$gw" ] ; then
+                        gw="[${gw}]"
+                    fi
+                fi
+                if [ -n "$ip" ] && [ -n "$mask" -o -n "$prefix" ]; then
                    echo "ip=$ip::$gw:$mask:$hostname:$dev:none${dns1:+:$dns1}${dns2:+:$dns2}"
                else
                    warn "${iface} does not contain a valid iBFT configuration"
@@ -412,50 +451,84 @@ ip_to_var() {
    done

    unset ip srv gw mask hostname dev autoconf macaddr mtu dns1 dns2
-    case $# in
-        0)  autoconf="error" ;;
-        1)  autoconf=$1 ;;
-        2)  [ -n "$1" ] && dev=$1; [ -n "$2" ] && autoconf=$2 ;;
-        3)  [ -n "$1" ] && dev=$1; [ -n "$2" ] && autoconf=$2; [ -n "$3" ] && mtu=$3 ;;
-        4)  [ -n "$1" ] && dev=$1; [ -n "$2" ] && autoconf=$2; [ -n "$3" ] && mtu=$3; [ -n "$4" ] && macaddr=$4 ;;
-        *)  [ -n "$1" ] && ip=$1; [ -n "$2" ] && srv=$2; [ -n "$3" ] && gw=$3; [ -n "$4" ] && mask=$4;
-            [ -n "$5" ] && hostname=$5; [ -n "$6" ] && dev=$6; [ -n "$7" ] && autoconf=$7;
-            case "$8" in
-                [0-9]*:*|[0-9]*.[0-9]*.[0-9]*.[0-9]*)
-                    dns1="$8"
-                    [ -n "$9" ] && dns2="$9"
-                    ;;
-                [0-9]*)
-                    mtu="$8"
-                    ;;
-                *)
-                    if [ -n "${9}" -a -n "${10}" -a -n "${11}" -a -n "${12}" -a -n "${13}" -a -n "${14}" ]; then
-                        macaddr="${9}:${10}:${11}:${12}:${13}:${14}"
-                    fi
-                    ;;
-            esac
-            ;;
-    esac

-    # ip=<ipv4-address> means anaconda-style static config argument cluster:
-    # ip=<ip> gateway=<gw> netmask=<nm> hostname=<host> mtu=<mtu>
-    # ksdevice={link|bootif|ibft|<MAC>|<ifname>}
-    if strglob "$autoconf" "*.*.*.*"; then
-        ip="$autoconf"
-        gw=$(getarg gateway=)
-        mask=$(getarg netmask=)
-        hostname=$(getarg hostname=)
-        dev=$(getarg ksdevice=)
-        autoconf="none"
-        mtu=$(getarg mtu=)
-
-        # handle special values for ksdevice
-        case "$dev" in
-            bootif|BOOTIF) dev=$(fix_bootif $(getarg BOOTIF=)) ;;
-            link) dev="" ;; # FIXME: do something useful with this
-            ibft) dev="" ;; # ignore - ibft is handled elsewhere
-        esac
+    if [ $# -eq 0 ]; then
+        autoconf="error"
+        return 0
    fi
+
+    if [ $# -eq 1 ]; then
+        # format: ip={dhcp|on|any|dhcp6|auto6|either6}
+        # or
+        #         ip=<ipv4-address> means anaconda-style static config argument cluster
+        autoconf="$1"
+
+        if strglob "$autoconf" "*.*.*.*"; then
+            # ip=<ipv4-address> means anaconda-style static config argument cluster:
+            # ip=<ip> gateway=<gw> netmask=<nm> hostname=<host> mtu=<mtu>
+            # ksdevice={link|bootif|ibft|<MAC>|<ifname>}
+            ip="$autoconf"
+            gw=$(getarg gateway=)
+            mask=$(getarg netmask=)
+            hostname=$(getarg hostname=)
+            dev=$(getarg ksdevice=)
+            autoconf="none"
+            mtu=$(getarg mtu=)
+
+            # handle special values for ksdevice
+            case "$dev" in
+                bootif|BOOTIF) dev=$(fix_bootif $(getarg BOOTIF=)) ;;
+                link) dev="" ;; # FIXME: do something useful with this
+                ibft) dev="" ;; # ignore - ibft is handled elsewhere
+            esac
+        fi
+        return 0
+    fi
+
+    if [ "$2" = "dhcp" -o "$2" = "on" -o "$2" = "any" -o "$2" = "dhcp6" -o "$2" = "auto6" -o "$2" = "either6" ]; then
+        # format: ip=<interface>:{dhcp|on|any|dhcp6|auto6}[:[<mtu>][:<macaddr>]]
+        [ -n "$1" ] && dev="$1"
+        [ -n "$2" ] && autoconf="$2"
+        [ -n "$3" ] && mtu=$3
+        if [ -z "$5" ]; then
+            macaddr="$4"
+        else
+            macaddr="${4}:${5}:${6}:${7}:${8}:${9}"
+        fi
+        return 0
+    fi
+
+    # format: ip=<client-IP>:[<peer>]:<gateway-IP>:<netmask>:<client_hostname>:<interface>:{none|off|dhcp|on|any|dhcp6|auto6|ibft}:[:[<mtu>][:<macaddr>]]
+
+    [ -n "$1" ] && ip=$1
+    [ -n "$2" ] && srv=$2
+    [ -n "$3" ] && gw=$3
+    [ -n "$4" ] && mask=$4
+    [ -n "$5" ] && hostname=$5
+    [ -n "$6" ] && dev=$6
+    [ -n "$7" ] && autoconf=$7
+    case "$8" in
+        [0-9]*:*|[0-9]*.[0-9]*.[0-9]*.[0-9]*)
+            dns1="$8"
+            [ -n "$9" ] && dns2="$9"
+            ;;
+        [0-9]*)
+            mtu="$8"
+            if [ -n "${9}" -a -z "${10}" ]; then
+                macaddr="${9}"
+            elif [ -n "${9}" -a -n "${10}" -a -n "${11}" -a -n "${12}" -a -n "${13}" -a -n "${14}" ]; then
+                macaddr="${9}:${10}:${11}:${12}:${13}:${14}"
+            fi
+            ;;
+        *)
+            if [ -n "${9}" -a -z "${10}" ]; then
+                macaddr="${9}"
+            elif [ -n "${9}" -a -n "${10}" -a -n "${11}" -a -n "${12}" -a -n "${13}" -a -n "${14}" ]; then
+                macaddr="${9}:${10}:${11}:${12}:${13}:${14}"
+            fi
+	    ;;
+    esac
+    return 0
 }

 route_to_var() {
@@ -537,22 +610,20 @@ wait_for_if_up() {

    while [ $cnt -lt $timeout ]; do
        li=$(ip -o link show up dev $1)
-        if ! strstr "$li" "NO-CARRIER"; then
-            if [ -n "$li" ]; then
-                case "$li" in
-                    *\<UP*)
-                        return 0;;
-                    *\<*,UP\>*)
-                        return 0;;
-                    *\<*,UP,*\>*)
-                        return 0;;
-                esac
-            fi
-            if strstr "$li" "LOWER_UP" \
-                    && strstr "$li" "state UNKNOWN" \
-                    && ! strstr "$li" "DORMANT"; then
-                return 0
-            fi
+        if [ -n "$li" ]; then
+            case "$li" in
+                *\<UP*)
+                    return 0;;
+                *\<*,UP\>*)
+                    return 0;;
+                *\<*,UP,*\>*)
+                    return 0;;
+            esac
+        fi
+        if strstr "$li" "LOWER_UP" \
+                && strstr "$li" "state UNKNOWN" \
+                && ! strstr "$li" "DORMANT"; then
+            return 0
        fi
        sleep 0.1
        cnt=$(($cnt+1))
@@ -575,16 +646,36 @@ wait_for_route_ok() {
    return 1
 }

-wait_for_ipv6_dad() {
+wait_for_ipv6_dad_link() {
    local cnt=0
-    local li
    local timeout="$(getargs rd.net.timeout.ipv6dad=)"
    timeout=${timeout:-50}
    timeout=$(($timeout*10))

    while [ $cnt -lt $timeout ]; do
-        li=$(ip -6 addr show dev $1 scope link)
-        strstr "$li" "tentative" || return 0
+        [ -z "$(ip -6 addr show dev "$1" scope link tentative)" ] \
+            && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+            && return 0
+        [ -n "$(ip -6 addr show dev "$1" scope link dadfailed)" ] \
+            && return 1
+        sleep 0.1
+        cnt=$(($cnt+1))
+    done
+    return 1
+}
+
+wait_for_ipv6_dad() {
+    local cnt=0
+    local timeout="$(getargs rd.net.timeout.ipv6dad=)"
+    timeout=${timeout:-50}
+    timeout=$(($timeout*10))
+
+    while [ $cnt -lt $timeout ]; do
+        [ -z "$(ip -6 addr show dev "$1" tentative)" ] \
+            && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+            && return 0
+        [ -n "$(ip -6 addr show dev "$1" dadfailed)" ] \
+            && return 1
        sleep 0.1
        cnt=$(($cnt+1))
    done
@@ -593,16 +684,14 @@ wait_for_ipv6_dad() {

 wait_for_ipv6_auto() {
    local cnt=0
-    local li
    local timeout="$(getargs rd.net.timeout.ipv6auto=)"
    timeout=${timeout:-40}
    timeout=$(($timeout*10))

    while [ $cnt -lt $timeout ]; do
-        li=$(ip -6 addr show dev $1)
-        if ! strstr "$li" "tentative"; then
-            strstr "$li" "dynamic" && return 0
-        fi
+        [ -z "$(ip -6 addr show dev "$1" tentative)" ] \
+            && [ -n "$(ip -6 route list proto ra dev "$1" | grep ^default)" ] \
+            && return 0
        sleep 0.1
        cnt=$(($cnt+1))
    done
@@ -620,7 +709,7 @@ type hostname >/dev/null 2>&1 || \
    cat /proc/sys/kernel/hostname
 }

-iface_has_link() {
+iface_has_carrier() {
    local cnt=0
    local interface="$1" flags=""
    [ -n "$interface" ] || return 2
@@ -631,14 +720,38 @@ iface_has_link() {
    timeout=$(($timeout*10))

    linkup "$1"
+
+    li=$(ip -o link show up dev $1)
+    strstr "$li" "NO-CARRIER" && _no_carrier_flag=1
+
    while [ $cnt -lt $timeout ]; do
-        [ "$(cat $interface/carrier)" = 1 ] && return 0
+        if [ -n "$_no_carrier_flag" ]; then
+            li=$(ip -o link show up dev $1)
+            # NO-CARRIER flag was cleared
+            strstr "$li" "NO-CARRIER" || return 0
+        elif ! [ -e "$interface/carrier" ]; then
+            # sysfs not available and "NO-CARRIER" not displayed
+            return 0
+        fi
+        # double check the syscfs carrier flag
+        [ -e "$interface/carrier" ] && [ "$(cat $interface/carrier)" = 1 ] && return 0
        sleep 0.1
        cnt=$(($cnt+1))
    done
    return 1
 }

+iface_has_link() {
+    iface_has_carrier "$@"
+}
+
+iface_is_enslaved() {
+    local _li
+    _li=$(ip -o link show dev $1)
+    strstr "$_li" " master " || return 1
+    return 0
+}
+
 find_iface_with_link() {
    local iface_path="" iface=""
    for iface_path in /sys/class/net/*; do
@@ -717,3 +830,21 @@ is_kernel_ethernet_name() {
    esac

 }
+
+iface_get_subchannels() {
+    local _netif
+    local _subchannels
+
+    _netif="$1"
+
+    _subchannels=$({
+                      for i in /sys/class/net/$_netif/device/cdev[0-9]*; do
+                          [ -e $i ] || continue
+                          channel=$(readlink -f $i)
+                          printf -- "%s" "${channel##*/},"
+                      done
+                  })
+    [ -n "$_subchannels" ] || return 1
+
+    printf -- "%s" ${_subchannels%,}
+}
--- a/modules.d/40network/netroot.sh
+++ b/modules.d/40network/netroot.sh
@@ -46,7 +46,7 @@ if [ -z "$2" ]; then
        # we die. Otherwise we just warn
        if [ -z "$new_root_path" ] ; then
            [ -n "$BOOTDEV" ] && die "No dhcp root-path received for '$BOOTDEV'"
-            warn "No dhcp root-path received for '$BOOTDEV' trying other interfaces if available"
+            warn "No dhcp root-path received for '$netif' trying other interfaces if available"
            exit 1
        fi

--- a/modules.d/40network/parse-team.sh
+++ b/modules.d/40network/parse-team.sh
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# Format:
-#       team=<teammaster>:<teamslaves>
-#
-#       teamslaves is a comma-separated list of physical (ethernet) interfaces
-#
-
-# return if team already parsed
-[ -n "$teammaster" ] && return
-
-# Check if team parameter is valid
-if getarg team= >/dev/null ; then
-    :
-fi
-
-parseteam() {
-    local v=${1}:
-    set --
-    while [ -n "$v" ]; do
-        set -- "$@" "${v%%:*}"
-        v=${v#*:}
-    done
-
-    unset teammaster teamslaves
-    case $# in
-    2)  teammaster=$1; teamslaves=$(str_replace "$2" "," " ") ;;
-    *)  die "team= requires two parameters" ;;
-    esac
-}
-
-unset teammaster teamslaves
-
-if getarg team>/dev/null; then
-    # Read team= parameters if they exist
-    team="$(getarg team=)"
-    if [ ! "$team" = "team" ]; then
-        parseteam "$(getarg team=)"
-    fi
-
-    echo "teammaster=$teammaster" > /tmp/team.info
-    echo "teamslaves=\"$teamslaves\"" >> /tmp/team.info
-    return
-fi
--- a/modules.d/40network/parse-vlan.sh
+++ b/modules.d/40network/parse-vlan.sh
@@ -1,42 +0,0 @@
-#!/bin/sh
-#
-# Format:
-#	vlan=<vlanname>:<phydevice>
-#
-
-# return if vlan already parsed
-[ -n "$vlanname" ] && return
-
-# Check if vlan parameter is valid
-if getarg vlan= >/dev/null ; then
-    :
-fi
-
-parsevlan() {
-    local v=${1}:
-    set --
-    while [ -n "$v" ]; do
-        set -- "$@" "${v%%:*}"
-        v=${v#*:}
-    done
-
-    unset vlanname phydevice
-    case $# in
-    2)  vlanname=$1; phydevice=$2 ;;
-    *)  die "vlan= requires two parameters" ;;
-    esac
-}
-
-unset vlanname phydevice
-
-if getarg vlan >/dev/null; then
-    # Read vlan= parameters if they exist
-    vlan="$(getarg vlan=)"
-    if [ ! "$vlan" = "vlan" ]; then
-        parsevlan "$(getarg vlan=)"
-    fi
-
-    echo "vlanname=\"$vlanname\"" > /tmp/vlan.info
-    echo "phydevice=\"$phydevice\"" >> /tmp/vlan.info
-    return
-fi
--- a/modules.d/45ifcfg/module-setup.sh
+++ b/modules.d/45ifcfg/module-setup.sh
@@ -14,6 +14,7 @@ depends() {

 # called by dracut
 install() {
+    inst_binary sort
    inst_hook pre-pivot 85 "$moddir/write-ifcfg.sh"
 }

--- a/modules.d/45ifcfg/write-ifcfg.sh
+++ b/modules.d/45ifcfg/write-ifcfg.sh
@@ -5,14 +5,6 @@ type is_persistent_ethernet_name >/dev/null 2>&1 || . /lib/net-lib.sh

 udevadm settle --timeout=30

-if [ -e /tmp/bridge.info ]; then
-    . /tmp/bridge.info
-fi
-
-if [ -e /tmp/vlan.info ]; then
-    . /tmp/vlan.info
-fi
-
 mkdir -m 0755 -p /tmp/ifcfg/
 mkdir -m 0755 -p /tmp/ifcfg-leases/

@@ -129,6 +121,9 @@ for netup in /tmp/net.*.did-setup ; do
    unset bondslaves
    unset bondname
    unset bondoptions
+    unset bridgename
+    unset bridgeslaves
+    unset team
    unset uuid
    unset ip
    unset gw
@@ -138,24 +133,37 @@ for netup in /tmp/net.*.did-setup ; do
    unset slave
    unset ethname
    unset vlan
+    unset vlanname
+    unset phydevice

    [ -e /tmp/bond.${netif}.info ] && . /tmp/bond.${netif}.info
+    [ -e /tmp/bridge.${netif}.info ] && . /tmp/bridge.${netif}.info
+    [ -e /tmp/team.${netif}.info ] && . /tmp/team.${netif}.info

    uuid=$(cat /proc/sys/kernel/random/uuid)
    if [ "$netif" = "$bridgename" ]; then
        bridge=yes
+    elif [ "$netif" = "$teammaster" ]; then
+        team=yes
    elif [ "$netif" = "$bondname" ]; then
-    # $netif can't be bridge and bond at the same time
+        # $netif can't be bridge and bond at the same time
        bond=yes
    fi
-    if [ "$netif" = "$vlanname" ]; then
+
+    for i in /tmp/vlan.${netif}.*; do
+        [ ! -e "$i" ] && continue
+        . "$i"
        vlan=yes
-    fi
+        break
+    done
+
+    # skip team interfaces for now, the host config must be in sync
+    [ "$netif" = "$teammaster" ] && continue

    {
        echo "# Generated by dracut initrd"
        echo "NAME=\"$netif\""
-        interface_bind "$netif" "$macaddr"
+        [ -z "$vlan" ] && interface_bind "$netif" "$macaddr"
        echo "ONBOOT=yes"
        echo "NETBOOT=yes"
        echo "UUID=\"$uuid\""
@@ -198,18 +206,15 @@ for netup in /tmp/net.*.did-setup ; do
    } > /tmp/ifcfg/ifcfg-$netif

    # bridge needs different things written to ifcfg
-    if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ]; then
+    if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ] && [ -z "$team" ]; then
        # standard interface
-        {
-            echo "TYPE=Ethernet"
-            [ -n "$mtu" ] && echo "MTU=\"$mtu\""
-        } >> /tmp/ifcfg/ifcfg-$netif
+        echo "TYPE=Ethernet" >> /tmp/ifcfg/ifcfg-$netif
    fi

    if [ -n "$vlan" ] ; then
        {
            echo "TYPE=Vlan"
-            echo "NAME=\"$netif\""
+            echo "DEVICE=\"$netif\""
            echo "VLAN=yes"
            echo "PHYSDEV=\"$phydevice\""
        } >> /tmp/ifcfg/ifcfg-$netif
@@ -281,7 +286,10 @@ echo "files /etc/sysconfig/network-scripts" >> /run/initramfs/rwtab
 echo "files /var/lib/dhclient" >> /run/initramfs/rwtab
 {
    cp /tmp/net.* /run/initramfs/
-    cp /tmp/net.$netif.resolv.conf /run/initramfs/state/etc/resolv.conf
+    for i in /tmp/net.*.resolv.conf; do
+             [ -f "$i" ] && cat "$i"
+    done | sort -u > /run/initramfs/state/etc/resolv.conf
+    [ -s /run/initramfs/state/etc/resolv.conf ] || rm -f /run/initramfs/state/etc/resolv.conf
    copytree /tmp/ifcfg /run/initramfs/state/etc/sysconfig/network-scripts
    cp /tmp/ifcfg-leases/* /run/initramfs/state/var/lib/dhclient
 } > /dev/null 2>&1
--- a/modules.d/45url-lib/module-setup.sh
+++ b/modules.d/45url-lib/module-setup.sh
@@ -15,7 +15,7 @@ depends() {

 # called by dracut
 install() {
-    local _dir _crt _found _lib
+    local _dir _crt _found _lib _nssckbi _p11roots _p11root _p11item
    inst_simple "$moddir/url-lib.sh" "/lib/url-lib.sh"
    inst_multiple -o ctorrent
    inst_multiple curl
@@ -29,16 +29,50 @@ install() {
 	[[ -d $_dir ]] || continue
        for _lib in $_dir/libcurl.so.*; do
 	    [[ -e $_lib ]] || continue
+            [[ $_nssckbi ]] || _nssckbi=$(grep -F --binary-files=text -z libnssckbi $_lib)
            _crt=$(grep -F --binary-files=text -z .crt $_lib)
            [[ $_crt ]] || continue
            [[ $_crt == /*/* ]] || continue
-            if ! inst_simple "$_crt"; then
+            if ! inst "$_crt"; then
                dwarn "Couldn't install '$_crt' SSL CA cert bundle; HTTPS might not work."
                continue
            fi
            _found=1
        done
    done
-    [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle; HTTPS won't work."
+    # If we found no cert bundle files referenced in libcurl but we
+    # *did* find a mention of libnssckbi (checked above), install it.
+    # If its truly NSS libnssckbi, it includes its own trust bundle,
+    # but if it's really p11-kit-trust.so, we need to find the dirs
+    # where it will look for a trust bundle and install them too.
+    if ! [[ $_found ]] && [[ $_nssckbi ]] ; then
+        _found=1
+        inst_libdir_file "libnssckbi.so*" || _found=
+        for _dir in $libdirs; do
+            [[ -e $_dir/libnssckbi.so ]] || continue
+            # this looks for directory-ish strings in the file
+            for _p11roots in $(grep -o --binary-files=text "/[[:alpha:]][[:print:]]*" $_dir/libnssckbi.so) ; do
+                # the string can be a :-separated list of dirs
+                for _p11root in $(echo "$_p11roots" | tr ':' '\n') ; do
+                    # check if it's actually a directory (there are
+                    # several false positives in the results)
+                    [[ -d "$_p11root" ]] || continue
+                    # check if it has some specific subdirs that all
+                    # p11-kit trust dirs have
+                    [[ -d "${_p11root}/anchors" ]] || continue
+                    [[ -d "${_p11root}/blacklist" ]] || continue
+                    # so now we know it's really a p11-kit trust dir;
+                    # install everything in it
+                    for _p11item in $(find "$_p11root") ; do
+                        if ! inst "$_p11item" ; then
+                            dwarn "Couldn't install '$_p11item' from p11-kit trust dir '$_p11root'; HTTPS might not work."
+                            continue
+                        fi
+                    done
+                done
+            done
+        done
+    fi
+    [[ $_found ]] || dwarn "Couldn't find SSL CA cert bundle or libnssckbi.so; HTTPS won't work."
 }

--- a/modules.d/50drm/module-setup.sh
+++ b/modules.d/50drm/module-setup.sh
@@ -15,67 +15,31 @@ installkernel() {
    local _modname
    # Include KMS capable drm drivers

-    drm_module_filter() {
-        local _drm_drivers='drm_crtc_init'
-        local _ret
-        # subfunctions inherit following FDs
-        local _merge=8 _side2=9
-        function nmf1() {
-            local _fname _fcont
-            while read _fname || [ -n "$_fname" ]; do
-                case "$_fname" in
-                    *.ko)    _fcont="$(<        $_fname)" ;;
-                    *.ko.gz) _fcont="$(gzip -dc $_fname)" ;;
-                    *.ko.xz) _fcont="$(xz -dc   $_fname)" ;;
-                esac
-                [[   $_fcont =~ $_drm_drivers
-                && ! $_fcont =~ iw_handler_get_spy ]] \
-                && echo "$_fname"
-            done
-        }
-        function rotor() {
-            local _f1 _f2
-            while read _f1 || [ -n "$_f1" ]; do
-                echo "$_f1"
-                if read _f2; then
-                    echo "$_f2" 1>&${_side2}
-                fi
-            done | nmf1 1>&${_merge}
-        }
-        # Use two parallel streams to filter alternating modules.
-        set +x
-        eval "( ( rotor ) ${_side2}>&1 | nmf1 ) ${_merge}>&1"
-        [[ $debug ]] && set -x
-        return 0
-    }
-
-    if [[ "$(uname -p)" == arm* ]]; then
-        # arm specific modules needed by drm
+    if [[ "$(uname -m)" == arm* || "$(uname -m)" == aarch64 ]]; then
+        # arm/aarch64 specific modules needed by drm
        instmods \
            "=drivers/gpu/drm/i2c" \
            "=drivers/gpu/drm/panel" \
-            "=drivers/pwm" \
+            "=drivers/gpu/drm/bridge" \
            "=drivers/video/backlight" \
-            "=drivers/video/fbdev/omap2/displays-new" \
            ${NULL}
    fi

-    instmods amdkfd hyperv_fb
+    instmods amdkfd hyperv_fb "=drivers/pwm"

-    for _modname in $(find_kernel_modules_by_path drivers/gpu/drm \
-        | drm_module_filter) ; do
-        # if the hardware is present, include module even if it is not currently loaded,
-        # as we could e.g. be in the installer; nokmsboot boot parameter will disable
-        # loading of the driver if needed
-        if [[ $hostonly ]] && modinfo -F alias $_modname | sed -e 's,\?,\.,g' -e 's,\*,\.\*,g' \
-            | grep -qxf - /sys/bus/{pci/devices,soc/devices/soc?}/*/modalias 2>/dev/null; then
-            hostonly='' instmods $_modname
-            # if radeon.ko is installed, we want amdkfd also
-            if strstr "$_modname" radeon.ko; then
-                hostonly='' instmods amdkfd
+    # if the hardware is present, include module even if it is not currently loaded,
+    # as we could e.g. be in the installer; nokmsboot boot parameter will disable
+    # loading of the driver if needed
+    if [[ $hostonly ]]; then
+        for i in /sys/bus/{pci/devices,virtio/devices,soc/devices/soc?}/*/modalias; do
+            [[ -e $i ]] || continue
+            if hostonly="" dracut_instmods --silent -s "drm_crtc_init" -S "iw_handler_get_spy" $(<$i); then
+                if strstr "$(modinfo -F filename $(<$i) 2>/dev/null)" radeon.ko; then
+                    hostonly='' instmods amdkfd
+                fi
            fi
-            continue
-        fi
-        instmods $_modname
-    done
+        done
+    else
+        dracut_instmods -o -s "drm_crtc_init" "=drivers/gpu/drm" "=drivers/staging"
+    fi
 }
--- a/modules.d/50plymouth/module-setup.sh
+++ b/modules.d/50plymouth/module-setup.sh
@@ -1,8 +1,23 @@
 #!/bin/bash

+pkglib_dir() {
+    local _dirs="/usr/lib/plymouth /usr/libexec/plymouth/"
+    if type -P dpkg-architecture &>/dev/null; then
+        _dirs+=" /usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/plymouth"
+    fi
+    for _dir in $_dirs; do
+        if [ -x $_dir/plymouth-populate-initrd ]; then
+            echo $_dir
+            return
+        fi
+    done
+}
+
 # called by dracut
 check() {
    [[ "$mount_needs" ]] && return 1
+    [ -z $(pkglib_dir) ] && return 1
+
    require_binaries plymouthd plymouth plymouth-set-default-theme
 }

@@ -13,12 +28,7 @@ depends() {

 # called by dracut
 install() {
-    PKGLIBDIR="/usr/lib/plymouth"
-    if type -P dpkg-architecture &>/dev/null; then
-        PKGLIBDIR="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/plymouth"
-    fi
-    [ -x /usr/libexec/plymouth/plymouth-populate-initrd ] && PKGLIBDIR="/usr/libexec/plymouth"
-
+    PKGLIBDIR=$(pkglib_dir)
    if grep -q nash ${PKGLIBDIR}/plymouth-populate-initrd \
        || [ ! -x ${PKGLIBDIR}/plymouth-populate-initrd ]; then
        . "$moddir"/plymouth-populate-initrd.sh
--- a/modules.d/50plymouth/plymouth-populate-initrd.sh
+++ b/modules.d/50plymouth/plymouth-populate-initrd.sh
@@ -4,9 +4,10 @@ PLYMOUTH_LOGO_FILE="/usr/share/pixmaps/system-logo-white.png"
 PLYMOUTH_THEME=$(plymouth-set-default-theme)

 inst_multiple plymouthd plymouth \
-    "${PLYMOUTH_LOGO_FILE}" \
    /etc/system-release

+test -e "${PLYMOUTH_LOGO_FILE}" && inst_simple "${PLYMOUTH_LOGO_FILE}"
+
 mkdir -m 0755 -p "${initdir}/usr/share/plymouth"

 inst_libdir_file "plymouth/text.so" "plymouth/details.so"
--- a/modules.d/50plymouth/plymouth-pretrigger.sh
+++ b/modules.d/50plymouth/plymouth-pretrigger.sh
@@ -5,9 +5,14 @@ if type plymouthd >/dev/null 2>&1 && [ -z "$DRACUT_SYSTEMD" ]; then
        # first trigger graphics subsystem
        udevadm trigger --action=add --attr-match=class=0x030000 >/dev/null 2>&1
        # first trigger graphics and tty subsystem
-        udevadm trigger --action=add --subsystem-match=graphics --subsystem-match=drm --subsystem-match=tty >/dev/null 2>&1
+        udevadm trigger --action=add \
+            --subsystem-match=graphics \
+            --subsystem-match=drm \
+            --subsystem-match=tty \
+            --subsystem-match=acpi \
+            >/dev/null 2>&1

-        udevadm settle --timeout=30 2>&1 | vinfo
+        udevadm settle --timeout=180 2>&1 | vinfo

        info "Starting plymouth daemon"
        mkdir -m 0755 /run/plymouth
--- a/modules.d/80lvmmerge/README.md
+++ b/modules.d/80lvmmerge/README.md
@@ -0,0 +1,61 @@
+# lvmmerge - dracut module
+
+## Preparation
+- ensure that the lvm thin pool is big enough
+- backup any (most likely /boot and /boot/efi) device with:
+```
+# mkdir /restoredev
+# dev=<device>; umount $dev; dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev"); mount $dev
+```
+- backup the MBR
+```
+# dev=<device>; dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") bs=446 count=1
+# ls -l /dev/disk/by-path/virtio-pci-0000\:00\:07.0
+lrwxrwxrwx. 1 root root 9 Jul 24 04:27 /dev/disk/by-path/virtio-pci-0000:00:07.0 -> ../../vda
+```
+- backup some partitions
+```
+# dev=/dev/disk/by-path/virtio-pci-0000:00:07.0
+# dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev") bs=446 count=1
+# umount /boot/efi
+# dev=/dev/disk/by-partuuid/687177a8-86b3-4e37-a328-91d20db9563c
+# dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev")
+# umount /boot
+# dev=/dev/disk/by-partuuid/4fdf99e9-4f28-4207-a26f-c76546824eaf
+# dd if="$dev" of=/restoredev/$(systemd-escape -p "$dev")
+```
+Final /restoredev
+```
+# ls -al /restoredev/
+total 1253380
+drwx------.  2 root root        250 Jul 24 04:38 .
+dr-xr-xr-x. 18 root root        242 Jul 24 04:32 ..
+-rw-------. 1 root root  209715200 Jul 24 04:34 dev-disk-by\x2dpartuuid-4fdf99e9\x2d4f28\x2d4207\x2da26f\x2dc76546824eaf
+-rw-------. 1 root root 1073741824 Jul 24 04:34 dev-disk-by\x2dpartuuid-687177a8\x2d86b3\x2d4e37\x2da328\x2d91d20db9563c
+-rw-------. 1 root root        446 Jul 24 04:38 dev-disk-by\x2dpath-virtio\x2dpci\x2d0000:00:07.0
+```
+- make a thin snapshot
+```
+# lvm lvcreate -pr -s rhel/root --name reset
+```
+
+- mark the snapshot with a tag
+```
+# lvm lvchange --addtag reset rhel/reset
+```
+
+- remove /restoredev
+```
+# rm -fr /restoredev
+```
+
+## Operation
+
+If a boot entry with ```rd.lvm.mergetags=<tag>``` is selected and there are LVs with ```<tag>```
+dracut will
+- make a copy of the snapshot
+- merge it back to the original
+- rename the copy back to the name of the snapshot
+- if /restordev appears in the root, then it will restore the images
+  found in that directory. This can be used to restore /boot and /boot/efi and the
+  MBR of the boot device
--- a/modules.d/80lvmmerge/lvmmerge.sh
+++ b/modules.d/80lvmmerge/lvmmerge.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
+
+do_merge() {
+    sed -i -e 's/\(^[[:space:]]*\)locking_type[[:space:]]*=[[:space:]]*[[:digit:]]/\1locking_type = 1/' \
+        /etc/lvm/lvm.conf
+
+    systemctl --no-block stop sysroot.mount
+    swapoff -a
+    umount -R /sysroot
+
+    for tag in $(getargs rd.lvm.mergetags); do
+        lvm vgs --noheadings -o vg_name | \
+            while read -r vg || [[ -n $vg ]]; do
+                unset LVS
+                declare -a LVS
+                lvs=$(lvm lvs --noheadings -o lv_name "$vg")
+                for lv in $lvs; do
+                    lvm lvchange -an "$vg/$lv"
+
+                    tags=$(trim "$(lvm lvs --noheadings -o lv_tags "$vg/$lv")")
+                    strstr ",${tags}," ",${tag}," || continue
+
+                    if ! lvm lvs --noheadings -o lv_name "${vg}/${lv}_dracutsnap" &>/dev/null; then
+                        info "Creating backup ${lv}_dracutsnap of ${vg}/${lv}"
+                        lvm lvcreate -pr -s "${vg}/${lv}" --name "${lv}_dracutsnap"
+                    fi
+                    lvm lvchange --addtag "$tag" "${vg}/${lv}_dracutsnap"
+
+                    info "Merging back ${vg}/${lv} to the original LV"
+                    lvm lvconvert --merge "${vg}/${lv}"
+
+                    LVS+=($lv)
+                done
+
+                systemctl --no-block stop sysroot.mount
+                udevadm settle
+
+                for ((i=0; i < 100; i++)); do
+                    lvm vgchange -an "$vg" && break
+                    sleep 0.5
+                done
+
+                udevadm settle
+                lvm vgchange -ay "$vg"
+                udevadm settle
+                for lv in "${LVS[@]}"; do
+                    info "Renaming ${lv}_dracutsnap backup to ${vg}/${lv}"
+                    lvm lvrename "$vg" "${lv}_dracutsnap" "${lv}"
+                done
+                udevadm settle
+            done
+    done
+
+    systemctl --no-block reset-failed systemd-fsck-root
+    systemctl --no-block start systemd-fsck-root
+    systemctl --no-block reset-failed sysroot.mount
+    systemctl --no-block start sysroot.mount
+
+    for ((i=0; i < 100; i++)); do
+        [[ -d /sysroot/dev ]] && break
+        sleep 0.5
+        systemctl --no-block start sysroot.mount
+    done
+
+    if [[ -d /sysroot/restoredev ]]; then
+        (
+            if cd /sysroot/restoredev; then
+                # restore devices and partitions
+                for i in *; do
+                    target=$(systemd-escape -pu "$i")
+                    if ! [[ -b $target ]]; then
+                        warn "Not restoring $target, as the device does not exist"
+                        continue
+                    fi
+
+                    # Just in case
+                    umount "$target" &> /dev/null
+
+                    info "Restoring $target"
+                    dd if="$i" of="$target" |& vinfo
+                done
+            fi
+        )
+        mount -o remount,rw /sysroot
+        rm -fr /sysroot/restoredev
+    fi
+    info "Rebooting"
+    reboot
+}
+
+if getarg rd.lvm.mergetags; then
+    do_merge
+fi
+
--- a/modules.d/80lvmmerge/module-setup.sh
+++ b/modules.d/80lvmmerge/module-setup.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# called by dracut
+check() {
+    # No point trying to support lvm if the binaries are missing
+    require_binaries lvm dd swapoff || return 1
+
+    return 255
+}
+
+# called by dracut
+depends() {
+    echo lvm dracut-systemd systemd
+    return 0
+}
+
+installkernel() {
+    hostonly="" instmods dm-snapshot
+}
+
+# called by dracut
+install() {
+    inst_multiple dd swapoff
+    inst_hook cleanup 01 "$moddir/lvmmerge.sh"
+}
--- a/modules.d/81cio_ignore/module-setup.sh
+++ b/modules.d/81cio_ignore/module-setup.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# called by dracut
+check() {
+# do not add this module by default
+    local arch=$(uname -m)
+    [ "$arch" = "s390" -o "$arch" = "s390x" ] || return 1
+    return 0
+}
+
+cmdline() {
+    local cio_accept
+
+    if [ -e /boot/zipl/active_devices.txt ] ; then
+        while read dev etc ; do
+            [ "$dev" = "#" -o "$dev" = "" ] && continue;
+            if [ -z "$cio_accept" ] ; then
+                cio_accept="$dev"
+            else
+                cio_accept="${cio_accept},${dev}"
+            fi
+        done < /boot/zipl/active_devices.txt
+    fi
+    if [ -n "$cio_accept" ] ; then
+	echo "rd.cio_accept=${cio_accept}"
+    fi
+}
+
+# called by dracut
+install() {
+    if [[ $hostonly_cmdline == "yes" ]] ; then
+        local _cio_accept=$(cmdline)
+        [[ $_cio_accept ]] && printf "%s\n" "$_cio_accept" >> "${initdir}/etc/cmdline.d/01cio_accept.conf"
+    fi
+
+    inst_hook cmdline 20 "$moddir/parse-cio_accept.sh"
+    inst_multiple cio_ignore
+}
--- a/modules.d/81cio_ignore/parse-cio_accept.sh
+++ b/modules.d/81cio_ignore/parse-cio_accept.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+CIO_IGNORE=$(getarg cio_ignore)
+CIO_ACCEPT=$(getarg rd.cio_accept)
+
+if [ -z $CIO_IGNORE ] ; then
+    info "cio_ignored disabled on commandline"
+    return
+fi
+if [ -n "$CIO_ACCEPT" ] ; then
+    OLDIFS="$IFS"
+    IFS=,
+    set -- $CIO_ACCEPT
+    while (($# > 0)) ; do
+        info "Enabling device $1"
+        cio_ignore --remove $1
+        shift
+    done
+    IFS="$OLDIFS"
+fi
--- a/modules.d/90btrfs/module-setup.sh
+++ b/modules.d/90btrfs/module-setup.sh
@@ -26,6 +26,8 @@ depends() {
 # called by dracut
 installkernel() {
    instmods btrfs
+    # Make sure btfs can use fast crc32c implementations where available (bsc#1011554)
+    instmods crc32c-intel
 }

 # called by dracut
--- a/modules.d/90crypt/crypt-lib.sh
+++ b/modules.d/90crypt/crypt-lib.sh
@@ -12,10 +12,18 @@ crypttab_contains() {
            strstr "${l##luks-}" "${luks##luks-}" && return 0
            strstr "$d" "${luks##luks-}" && return 0
            if [ -n "$dev" ]; then
-                for _dev in "$(devnames $d)"; do
+                for _dev in $(devnames $d); do
                    [ "$dev" -ef "$_dev" ] && return 0
                done
            fi
+            if [ -e /etc/block_uuid.map ]; then
+                # search for line starting with $d
+                _line=$(sed -n "\,^$d .*$,{p}" /etc/block_uuid.map)
+                [ -z "$_line" ] && continue
+                # get second column with uuid
+                _uuid="$(echo $_line | sed 's,^.* \(.*$\),\1,')"
+                strstr "$_uuid" "${luks##luks-}" && return 0
+            fi
        done < /etc/crypttab
    fi
    return 1
@@ -182,14 +190,19 @@ readkey() {
    local keydev="$2"
    local device="$3"

-    # This creates a unique single mountpoint for *, or several for explicitly
-    # given LUKS devices. It accomplishes unlocking multiple LUKS devices with
-    # a single password entry.
-    local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"
+    # No mounting needed if the keyfile resides inside the initrd
+    if [ "/" == "$keydev" ]; then
+        local mntp=/
+    else
+        # This creates a unique single mountpoint for *, or several for explicitly
+        # given LUKS devices. It accomplishes unlocking multiple LUKS devices with
+        # a single password entry.
+        local mntp="/mnt/$(str_replace "keydev-$keydev-$keypath" '/' '-')"

-    if [ ! -d "$mntp" ]; then
-        mkdir "$mntp"
-        mount -r "$keydev" "$mntp" || die 'Mounting rem. dev. failed!'
+        if [ ! -d "$mntp" ]; then
+            mkdir "$mntp"
+            mount -r "$keydev" "$mntp" || die 'Mounting rem. dev. failed!'
+        fi
    fi

    case "${keypath##*.}" in
@@ -205,8 +218,7 @@ readkey() {
            if [ -f /lib/dracut-crypt-loop-lib.sh ]; then
                . /lib/dracut-crypt-loop-lib.sh
                loop_decrypt "$mntp" "$keypath" "$keydev" "$device"
-                initqueue --onetime --finished --unique --name "crypt-loop-cleanup-99-${mntp##*/}" \
-                    $(command -v umount) "$mntp; " $(command -v rmdir) "$mntp"
+                printf "%s\n" "umount \"$mntp\"; rmdir \"$mntp\";" > ${hookdir}/cleanup/"crypt-loop-cleanup-99-${mntp##*/}".sh
                return 0
            else
                die "No loop file support to decrypt '$keypath' on '$keydev'."
@@ -215,8 +227,11 @@ readkey() {
        *) cat "$mntp/$keypath" ;;
    esac

-    # General unmounting mechanism, modules doing custom cleanup should return earlier
-    # and install a pre-pivot cleanup hook
-    umount "$mntp"
-    rmdir "$mntp"
+    # No unmounting if the keyfile resides inside the initrd
+    if [ "/" != "$keydev" ]; then
+        # General unmounting mechanism, modules doing custom cleanup should return earlier
+        # and install a pre-pivot cleanup hook
+        umount "$mntp"
+        rmdir "$mntp"
+    fi
 }
--- a/modules.d/90crypt/cryptroot-ask.sh
+++ b/modules.d/90crypt/cryptroot-ask.sh
@@ -29,13 +29,27 @@ if [ -f /etc/crypttab ] && getargbool 1 rd.luks.crypttab -d -n rd_NO_CRYPTTAB; t
            continue
        fi

+        # PARTUUID used in crypttab
+        if [ "${dev%%=*}" = "PARTUUID" ]; then
+            if [ "luks-${dev##PARTUUID=}" = "$luksname" ]; then
+                luksname="$name"
+                break
+            fi
+
        # UUID used in crypttab
-        if [ "${dev%%=*}" = "UUID" ]; then
+        elif [ "${dev%%=*}" = "UUID" ]; then
            if [ "luks-${dev##UUID=}" = "$luksname" ]; then
                luksname="$name"
                break
            fi

+        # ID used in crypttab
+        elif [ "${dev%%=*}" = "ID" ]; then
+            if [ "luks-${dev##ID=}" = "$luksname" ]; then
+                luksname="$name"
+                break
+            fi
+
        # path used in crypttab
        else
            cdev=$(readlink -f $dev)
@@ -88,6 +102,10 @@ while [ $# -gt 0 ]; do
            ;;
        allow-discards)
            allowdiscards="--allow-discards"
+            ;;
+        header=*)
+            cryptsetupopts="${cryptsetupopts} --${1}"
+            ;;
    esac
    shift
 done
@@ -147,12 +165,15 @@ fi

 if [ $ask_passphrase -ne 0 ]; then
    luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen"
+    _timeout=$(getargs "rd.luks.timeout")
+    _timeout=${_timeout:-0}
    ask_for_password --ply-tries 5 \
        --ply-cmd "$luks_open -T1 $device $luksname" \
        --ply-prompt "Password ($device)" \
        --tty-tries 1 \
-        --tty-cmd "$luks_open -T5 $device $luksname"
+        --tty-cmd "$luks_open -T5 -t $_timeout $device $luksname"
    unset luks_open
+    unset _timeout
 fi

 unset device luksname luksfile
--- a/modules.d/90crypt/module-setup.sh
+++ b/modules.d/90crypt/module-setup.sh
@@ -4,7 +4,7 @@
 check() {
    local _rootdev
    # if cryptsetup is not installed, then we cannot support encrypted devices.
-    require_binaries cryptsetup || return 1
+    require_any_binary $systemdutildir/systemd-cryptsetup cryptsetup || return 1

    [[ $hostonly ]] || [[ $mount_needs ]] && {
        for fs in "${host_fs_types[@]}"; do
@@ -24,8 +24,11 @@ depends() {

 # called by dracut
 installkernel() {
-    instmods dm_crypt =crypto
    hostonly="" instmods drbg
+    arch=$(arch)
+    [[ $arch == x86_64 ]] && arch=x86
+    [[ $arch == s390x ]] && arch=s390
+    instmods dm_crypt =crypto =drivers/crypto =arch/$arch/crypto
 }

 # called by dracut
@@ -55,31 +58,61 @@ install() {
        [[ $_cryptconf ]] && printf "%s\n" "$_cryptconf" >> "${initdir}/etc/cmdline.d/90crypt.conf"
    fi

-    inst_multiple cryptsetup rmdir readlink umount
-    inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
-    inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev
-    inst_hook cmdline 10 "$moddir/parse-keydev.sh"
    inst_hook cmdline 30 "$moddir/parse-crypt.sh"
    if ! dracut_module_included "systemd"; then
+        inst_multiple cryptsetup rmdir readlink umount
+        inst_script "$moddir"/cryptroot-ask.sh /sbin/cryptroot-ask
+        inst_script "$moddir"/probe-keydev.sh /sbin/probe-keydev
+        inst_hook cmdline 10 "$moddir/parse-keydev.sh"
        inst_hook cleanup 30 "$moddir/crypt-cleanup.sh"
    fi

    if [[ $hostonly ]] && [[ -f /etc/crypttab ]]; then
        # filter /etc/crypttab for the devices we need
-        while read _mapper _dev _rest || [ -n "$_mapper" ]; do
+        while read _mapper _dev _luksfile _luksoptions || [ -n "$_mapper" ]; do
            [[ $_mapper = \#* ]] && continue
            [[ $_dev ]] || continue

+            [[ $_dev == PARTUUID=* ]] && \
+                _dev="/dev/disk/by-partuuid/${_dev#PARTUUID=}"
+
            [[ $_dev == UUID=* ]] && \
                _dev="/dev/disk/by-uuid/${_dev#UUID=}"

-            for _hdev in "${!host_fs_types[@]}"; do
-                [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
-                if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
-                    echo "$_mapper $_dev $_rest"
-                    break
-                fi
+            [[ $_dev == ID=* ]] && \
+                _dev="/dev/disk/by-id/${_dev#ID=}"
+
+            echo "$_dev $(blkid $_dev -s UUID -o value)" >> "${initdir}/etc/block_uuid.map"
+
+            # loop through the options to check for the force option
+            luksoptions=${_luksoptions}
+            OLD_IFS="${IFS}"
+            IFS=,
+            set -- ${luksoptions}
+            IFS="${OLD_IFS}"
+
+            while [ $# -gt 0 ]; do
+                case $1 in
+                    force)
+                        forceentry="yes"
+                        break
+                        ;;
+                esac
+                shift
            done
+
+            # include the entry regardless
+            if [ "${forceentry}" = "yes" ]; then
+                echo "$_mapper $_dev $_luksfile $_luksoptions"
+            else
+                for _hdev in "${!host_fs_types[@]}"; do
+                    [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
+                    if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev ]]; then
+                        echo "$_mapper $_dev $_luksfile $_luksoptions"
+                        break
+                    fi
+                done
+            fi
        done < /etc/crypttab > $initdir/etc/crypttab
        mark_hostonly /etc/crypttab
    fi
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -2,6 +2,30 @@

 type crypttab_contains >/dev/null 2>&1 || . /lib/dracut-crypt-lib.sh

+
+_cryptgetargsname() {
+    debug_off
+    local _o _found _key
+    unset _o
+    unset _found
+    CMDLINE=$(getcmdline)
+    _key="$1"
+    set --
+    for _o in $CMDLINE; do
+        if [ "$_o" = "$_key" ]; then
+            _found=1;
+        elif [ "${_o%=*}" = "${_key%=}" ]; then
+            [ -n "${_o%=*}" ] && set -- "$@" "${_o#*=}";
+            _found=1;
+        fi
+    done
+    if [ -n "$_found" ]; then
+        [ $# -gt 0 ] && printf '%s' "$*"
+        return 0
+    fi
+    return 1;
+}
+
 if ! getargbool 1 rd.luks -d -n rd_NO_LUKS; then
    info "rd.luks=0: removing cryptoluks activation"
    rm -f -- /etc/udev/rules.d/70-luks.rules
@@ -11,36 +35,110 @@ else
        echo 'ACTION!="add|change", GOTO="luks_end"'
    } > /etc/udev/rules.d/70-luks.rules.new

+    PARTUUID=$(getargs rd.luks.partuuid -d rd_LUKS_PARTUUID)
+    SERIAL=$(getargs rd.luks.serial -d rd_LUKS_SERIAL)
    LUKS=$(getargs rd.luks.uuid -d rd_LUKS_UUID)
    tout=$(getarg rd.luks.key.tout)

    if [ -e /etc/crypttab ]; then
-        while read _mapper _dev _rest ; do
-            set_systemd_timeout_for_dev $_dev
+        while read -r _ _dev _ || [ -n "$_dev" ]; do
+            set_systemd_timeout_for_dev "$_dev"
        done < /etc/crypttab
    fi

-    if [ -n "$LUKS" ]; then
+    if [ -n "$PARTUUID" ]; then
+        for uuid in $PARTUUID; do
+
+            uuid=${uuid##luks-}
+            if luksname=$(_cryptgetargsname "rd.luks.name=$uuid="); then
+                luksname="${luksname#$uuid=}"
+            else
+                luksname="luks-$uuid"
+            fi
+
+            if [ -z "$DRACUT_SYSTEMD" ]; then
+                {
+                    printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
+                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
+                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
+                } >> /etc/udev/rules.d/70-luks.rules.new
+            else
+                luksname=$(dev_unit_name "$luksname")
+                luksname="$(str_replace "$luksname" '\' '\\')"
+
+                if ! crypttab_contains "$uuid"; then
+                    {
+                        printf -- 'ENV{ID_PART_ENTRY_UUID}=="*%s*", ' "$uuid"
+                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
+                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
+                    } >> /etc/udev/rules.d/70-luks.rules.new
+                fi
+            fi
+        done
+
+    elif [ -n "$SERIAL" ]; then
+        for serialid in $SERIAL; do
+
+            serialid=${serialid##luks-}
+            if luksname=$(_cryptgetargsname "rd.luks.name=$serialid="); then
+                luksname="${luksname#$serialid=}"
+            else
+                luksname="luks-$serialid"
+            fi
+
+            if [ -z "$DRACUT_SYSTEMD" ]; then
+                {
+                    printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
+                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
+                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
+                } >> /etc/udev/rules.d/70-luks.rules.new
+            else
+                luksname=$(dev_unit_name "$luksname")
+                luksname="$(str_replace "$luksname" '\' '\\')"
+
+                if ! crypttab_contains "$serialid"; then
+                    {
+                        printf -- 'ENV{ID_SERIAL_SHORT}=="*%s*", ' "$serialid"
+                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
+                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
+                    } >> /etc/udev/rules.d/70-luks.rules.new
+                fi
+            fi
+        done
+
+    elif [ -n "$LUKS" ]; then
        for luksid in $LUKS; do

            luksid=${luksid##luks-}
+            if luksname=$(_cryptgetargsname "rd.luks.name=$luksid="); then
+                luksname="${luksname#$luksid=}"
+            else
+                luksname="luks-$luksid"
+            fi

            if [ -z "$DRACUT_SYSTEMD" ]; then
                {
                    printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
-                    printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
-                    printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
-                    printf -- '--name cryptroot-ask-%%k %s ' $(command -v cryptroot-ask)
-                    printf -- '$env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $tout
+                    printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
+                    printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                    printf -- '--name cryptroot-ask-%%k %s ' "$(command -v cryptroot-ask)"
+                    printf -- '$env{DEVNAME} %s %s"\n' "$luksname" "$tout"
                } >> /etc/udev/rules.d/70-luks.rules.new
            else
+                luksname=$(dev_unit_name "$luksname")
+                luksname="$(str_replace "$luksname" '\' '\\')"
+
                if ! crypttab_contains "$luksid"; then
                    {
                        printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", '
-                        printf -- 'ENV{ID_FS_UUID}=="*%s*", ' $luksid
-                        printf -- 'RUN+="%s --settled --unique --onetime ' $(command -v initqueue)
-                        printf -- '--name systemd-cryptsetup-%%k %s start ' $(command -v systemctl)
-                        printf -- 'systemd-cryptsetup@luks$$(dev_unit_name -$env{ID_FS_UUID}).service"\n'
+                        printf -- 'ENV{ID_FS_UUID}=="*%s*", ' "$luksid"
+                        printf -- 'RUN+="%s --settled --unique --onetime ' "$(command -v initqueue)"
+                        printf -- '--name systemd-cryptsetup-%%k %s start ' "$(command -v systemctl)"
+                        printf -- 'systemd-cryptsetup@%s.service"\n' "$luksname"
                    } >> /etc/udev/rules.d/70-luks.rules.new
                fi
            fi
@@ -48,25 +146,25 @@ else
            uuid=$luksid
            while [ "$uuid" != "${uuid#*-}" ]; do uuid=${uuid%%-*}${uuid#*-}; done
            printf -- '[ -e /dev/disk/by-id/dm-uuid-CRYPT-LUKS?-*%s*-* ] || exit 1\n' $uuid \
-                >> $hookdir/initqueue/finished/90-crypt.sh
+                >> "$hookdir/initqueue/finished/90-crypt.sh"

            {
                printf -- '[ -e /dev/disk/by-uuid/*%s* ] || ' $luksid
                printf -- 'warn "crypto LUKS UUID "%s" not found"\n' $luksid
-            } >> $hookdir/emergency/90-crypt.sh
+            } >> "$hookdir/emergency/90-crypt.sh"
        done
    elif getargbool 0 rd.auto; then
        if [ -z "$DRACUT_SYSTEMD" ]; then
            {
-                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
+                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
                printf -- '--unique --settled --onetime --name cryptroot-ask-%%k '
-                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' $(command -v cryptroot-ask) $tout
+                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID} %s"\n' "$(command -v cryptroot-ask)" "$tout"
            } >> /etc/udev/rules.d/70-luks.rules.new
        else
            {
-                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' $(command -v initqueue)
+                printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
                printf -- '--unique --settled --onetime --name crypt-run-generator-%%k '
-                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' $(command -v crypt-run-generator)
+                printf -- '%s $env{DEVNAME} luks-$env{ID_FS_UUID}"\n' "$(command -v crypt-run-generator)"
            } >> /etc/udev/rules.d/70-luks.rules.new
        fi
    fi
--- a/modules.d/90crypt/parse-keydev.sh
+++ b/modules.d/90crypt/parse-keydev.sh
@@ -17,7 +17,12 @@ if getargbool 1 rd.luks -n rd_NO_LUKS && \
            continue
        fi

-        if [ -n "$keydev" ]; then
+        # A keydev of '/' is treated as the initrd itself
+        if [ "/" == "$keydev" ]; then
+            [ -z "$luksdev" ] && luksdev='*'
+            echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys
+            continue
+        elif [ -n "$keydev" ]; then
            udevmatch "$keydev" >&7 || {
                warn 'keydev incorrect!'
                continue
--- a/modules.d/90dm/59-persistent-storage-dm.rules
+++ b/modules.d/90dm/59-persistent-storage-dm.rules
@@ -1,7 +1,7 @@
 SUBSYSTEM!="block", GOTO="dm_end"
 ACTION!="add|change", GOTO="dm_end"
 # Also don't process disks that are slated to be a multipath device
-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="dm_end"
+ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end"

 KERNEL!="dm-[0-9]*", GOTO="dm_end"
 ACTION=="add", GOTO="dm_end"
--- a/modules.d/90dm/dm-shutdown.sh
+++ b/modules.d/90dm/dm-shutdown.sh
@@ -1,11 +1,42 @@
 #!/bin/sh

+_remove_dm() {
+    local dev=$1
+    local s
+    local devname
+
+    for s in /sys/block/${dev}/holders/dm-* ; do
+        [ -e ${s} ] || continue
+        _remove_dm ${s##*/}
+    done
+    # multipath devices might have MD devices on top,
+    # which are removed after this script. So do not
+    # remove those to avoid spurious errors
+    case $(cat /sys/block/${dev}/dm/uuid) in
+        mpath-*)
+            return 0
+            ;;
+        *)
+            devname=$(cat /sys/block/${dev}/dm/name)
+            dmsetup -v --noudevsync remove "$devname" || return $?
+            ;;
+    esac
+    return 0
+}
+
 _do_dm_shutdown() {
    local ret=0
    local final=$1
+    local dev
+
    info "Disassembling device-mapper devices"
-    for dev in $(dmsetup info -c --noheadings -o name) ; do
-        dmsetup -v --noudevsync remove "$dev" || ret=$?
+    for dev in /sys/block/dm-* ; do
+        [ -e ${dev} ] || continue
+        if [ "x$final" != "x" ]; then
+            _remove_dm ${dev##*/} || ret=$?
+        else
+            _remove_dm ${dev##*/} >/dev/null 2>&1 || ret=$?
+        fi
    done
    if [ "x$final" != "x" ]; then
        info "dmsetup ls --tree"
@@ -14,7 +45,8 @@ _do_dm_shutdown() {
    return $ret
 }

-if command -v dmsetup >/dev/null; then
+if command -v dmsetup >/dev/null &&
+    [ "x$(dmsetup status)" != "xNo devices found" ]; then
    _do_dm_shutdown $1
 else
    :
--- a/modules.d/90dm/module-setup.sh
+++ b/modules.d/90dm/module-setup.sh
@@ -13,8 +13,7 @@ depends() {

 # called by dracut
 installkernel() {
-    instmods =drivers/md
-    instmods dm_mod dm-cache dm-cache-mq dm-cache-cleaner
+    instmods =drivers/md dm_mod dm-cache dm-cache-mq dm-cache-cleaner
 }

 # called by dracut
@@ -39,6 +38,6 @@ install() {
    inst_rules "$moddir/59-persistent-storage-dm.rules"
    prepare_udev_rules 59-persistent-storage-dm.rules

-    inst_hook shutdown 30 "$moddir/dm-shutdown.sh"
+    inst_hook shutdown 25 "$moddir/dm-shutdown.sh"
 }

--- a/modules.d/90dmraid/61-dmraid-imsm.rules
+++ b/modules.d/90dmraid/61-dmraid-imsm.rules
@@ -5,7 +5,7 @@
 SUBSYSTEM!="block", GOTO="dm_end"
 ACTION!="add|change", GOTO="dm_end"
 # Also don't process disks that are slated to be a multipath device
-ENV{DM_MULTIPATH_DEVICE_PATH}=="?*", GOTO="dm_end"
+ENV{DM_MULTIPATH_DEVICE_PATH}=="1", GOTO="dm_end"

 ENV{ID_FS_TYPE}=="linux_raid_member", GOTO="dm_end"

@@ -16,14 +16,13 @@ ENV{ID_FS_TYPE}=="ddf_raid_member", ENV{rd_NO_MDDDF}!="?*", GOTO="dm_end"

 ENV{rd_NO_DM}=="?*", GOTO="dm_end"

+OPTIONS:="nowatch"
+
 ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", GOTO="dm_end"

 PROGRAM=="/bin/sh -c 'for i in $sys/$devpath/holders/dm-[0-9]*; do [ -e $$i ] && exit 0; done; exit 1;' ", \
    GOTO="dm_end"

-ENV{DEVTYPE}!="partition", \
-    RUN+="/sbin/partx -d --nr 1-1024 $env{DEVNAME}"
-
 RUN+="/sbin/initqueue --onetime --unique --settled /sbin/dmraid_scan $env{DEVNAME}"

 LABEL="dm_end"
--- a/modules.d/90dmraid/dmraid.sh
+++ b/modules.d/90dmraid/dmraid.sh
@@ -33,8 +33,6 @@ if [ -n "$DM_RAIDS" ] || getargbool 0 rd.auto; then
                if [ "${s##$r}" != "$s" ]; then
                    info "Activating $s"
                    dmraid -ay -i -p --rm_partitions "$s" 2>&1 | vinfo
-                    [ -e "/dev/mapper/$s" ] && kpartx -a "/dev/mapper/$s" 2>&1 | vinfo
-                    udevsettle
                fi
            done
        done
--- a/Show More
+++ b/Show More