[UBUNTU 20.04] chzdev -e is rebuilding initramfs even with zdev:early=0 set

This was implemented around 2020, mainly to catch any ccw config changes in a user friendly way:
https://bugs.launchpad.net/bugs/1892367
https://i527439087.restricted.launchpadlibrarian.net/527439087/20f6c87a-829f-11eb-9412-002481e91f22.txt?token=zC4n7TlCmffBDHm9Dl002PsfchDXC3Dk

Regarding:
"1) Have the generic udev initramfs script not copy zdev-generated Udev rules,"
we need to be super careful here to not break stuff ...

How to best identify the zdev-generated Udev rules,
since these are not all the rules generated by chzdev (indicated by first line in rule), are they?

I'm not very sure if initramfs(-tools) maintainer(s) are very happy ...

------- Comment From <email address hidden> 2023-11-22 09:17 EDT-------
(In reply to comment #19)
> This was implemented around 2020, mainly to catch any ccw config changes in
> a user friendly way:
> https://bugs.launchpad.net/bugs/1892367
> https://i527439087.restricted.launchpadlibrarian.net/527439087/20f6c87a-829f-
> 11eb-9412-002481e91f22.txt?token=zC4n7TlCmffBDHm9Dl002PsfchDXC3Dk
>
> Regarding:
> "1) Have the generic udev initramfs script not copy zdev-generated Udev
> rules,"
> we need to be super careful here to not break stuff ...
>
> How to best identify the zdev-generated Udev rules,
> since these are not all the rules generated by chzdev (indicated by first
> line in rule), are they?

chzdev creates udev rules that can most easily be recognized via their name:
- 41-<device-type>-<device-id>.rules
- 41-cio-ignore.rules
- 40-zdev-id.rules

So a simple filter would be to skip rules named 41-*.rules on s390x in the initramfs udev hook.

As an alternative, the s390-tools zdev initramfs hook could try to delete specifically those rules with zdev:early=0 that the upstream udev hook created. While this should work correctly, it is also a kind of a workaround, where one hook adds files that another hook removes again...

If this approach is more likely to be acceptable, it could be achieved by adding something like the following to /usr/share/initramfs-tools/hooks/s390-tools-zdev:

# Remove zdev rules not intended for early boot that were copied by udev hook
chzdev --disable --persistent --by-attr zdev:early=0 \
--base "/etc/udev/rules.d/=$DESTDIR/lib/udev/rules.d/" \
--yes --quiet --no-root-update --force >/dev/null 2>&1

Tagging this to discuss this during the Foundations weekly meeting

With my initramfs-tools maintainer hat on, I suggest/support following solution:

Modify /usr/share/initramfs-tools/hooks/udev (shipped by udev, source: systemd) to not copy the udev rules generated by chzdev. So changing:

```
for rules in /etc/udev/rules.d/*.rules; do
  if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then
    cp -p "$rules" "$DESTDIR/lib/udev/rules.d/"
  fi
done
```

to something like:

```
for rules in /etc/udev/rules.d/*.rules; do
  if [ -e /sbin/chzdev ] && /sbin/chzdev --is-author-of-udev-rule "$rules"; then
    continue
  fi
  if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then
    cp -p "$rules" "$DESTDIR/lib/udev/rules.d/"
  fi
done
```

Then `/sbin/chzdev --is-author-of-udev-rule "$rules"` should produce the correct exit code. The tool that generates the udev rules should be queried (is that chzdev or something else?) or a separate helper should be used.

Re-assinging from initramfs-tools to systemd, because /usr/share/initramfs-tools/hooks/udev is shipped by udev.

------- Comment From <email address hidden> 2024-01-31 04:28 EDT-------
(In reply to comment #22)
> Then `/sbin/chzdev --is-author-of-udev-rule "$rules"` should produce the
> correct exit code. The tool that generates the udev rules should be queried
> (is that chzdev or something else?) or a separate helper should be used.
>
> Re-assinging from initramfs-tools to systemd, because
> /usr/share/initramfs-tools/hooks/udev is shipped by udev.

I agree with this approach.

Yes, the udev rules are generated by chzdev, so we'll work on adding a chzdev command line option that can be used to query ownership of a udev rule/configuration file similar to what is as outlined above.

I'll update this bug report once the option as available in upstream s390-tools.

Hi Peter,
is this now incl. in s390-tools v2.33.0
https://github.com/ibm-s390-linux/s390-tools/releases/tag/v2.33.0
and what I read as:
"chzdev: Add --is-owner to identify files created by zdev"
?

------- Comment From <email address hidden> 2024-05-28 04:26 EDT-------
(In reply to comment #26)
> Hi Peter,
> is this now incl. in s390-tools v2.33.0
> https://github.com/ibm-s390-linux/s390-tools/releases/tag/v2.33.0
> and what I read as:
> "chzdev: Add --is-owner to identify files created by zdev"
> ?

Peter is currently on vacation, but I can confirm that this feature/commit is now
included as part of the 2.33.0 release.

Okay, thanks Vineeth for jumping in!

In other words this will become unblocked once we have s390-tools >= 2.33.0 in, which I am currently working on (v2.33.1 - based on LP#2067355).

------- Comment From <email address hidden> 2024-05-28 05:00 EDT-------
(In reply to comment #28)
> Okay, thanks Vineeth for jumping in!
>
> In other words this will become unblocked once we have s390-tools >= 2.33.0
> in, which I am currently working on (v2.33.1 - based on LP#2067355).

Yes. That's right. Thank you.

oracular has s390-tools 2.33.1-0ubuntu3. Is there any further change needed on that package, or should that task be marked resolved?

@vorlon yes, that's correct. (This bug became a bit abandoned ...)
I just changed the target release to oracular and set s390-tools to Fix Released.

Where are the initramfs-tools gone? Added it again ... (sorry)

See comment #4 and #5: /usr/share/initramfs-tools/hooks/udev is shipped by the udev package (not by initramfs-tools)

Modify /usr/share/initramfs-tools/hooks/udev (shipped by udev, source: system) to not copy the udev rules generated by chzdev. So changing:

Where are the initramfs-tools gone? Added them again ...

I see Benjamin - thought that I had accidentally removed it by updating the bug (since it was still there in my old browser tab), removed it again.

(Btw. looks like comment #10 is an iisue with the bugzilla-launchpad bridge ...)

------- Comment From <email address hidden> 2024-09-05 04:23 EDT-------
The problem seems fixed meanwhile for Oracular (24.10) see here https://launchpad.net/ubuntu/+source/s390-tools
Are you thinking of backports for the LTS releases 22.04 and 20.04 ?

This bug was fixed in the package systemd - 256.5-2ubuntu2

---------------
systemd (256.5-2ubuntu2) oracular; urgency=medium

  * initramfs-tools: ensure rules file exists before invoking chzdev (LP: #2079993)

systemd (256.5-2ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/tests/tests-in-lxd: run some autopkgtests in LXD too
    - debian/tests/boot-and-services:
      + skip apparmor tests on armhf
      + consume stderr in systemctl status call in test_service
      + drop test_no_failed
    - debian/systemd.postinst:
      + skip daemon-reexec and try-restarts during shutdown
      + manually call systemd-tmpfiles --create in postinst
    - debian/systemd-resolved.postinst: copy existing /etc/resolv.conf to
      /run/systemd/resolve/stub-resolv.conf
    - debian/rules:
      + Remove unneeded efi artifacts on i386 to avoid debugedit errors
    - debian/rules,debian/control,debian/tests/control:
      + Do not build with tpm libraries on i386
      + Do not build with libqrencode on i386
    - debian/gbp.conf,debian/extra/wrap_cl.py:
      Use a customization script to add LP commit links to changelog
    - debian/control:
      + Add Recommends: networkd-dispatcher systemd-resolved to systemd package
      + Give systemd-resolved Priority: important
      + Add Recommends: systemd-hwe-hwdb to udev package
      + Add Breaks: systemd (<< ${binary:Version}) to udev package so that
        systemd is upgraded as well when upgrading udev
      + Make systemd-sysv Depends: on matching version of systemd
      + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved
      + Build-Depends: linux-tools-generic
    - debian/tests/upstream: export QEMU_MEM="1024M" for all tests
    - debian/systemd.links: mask systemd-gpt-auto-generator by default
    - debian/systemd.install: exclude files that are not built for i386
    - debian/systemd.manpages: do not ship un-built manpages on i386
    - debian/tests/control: only install systemd-boot-efi for supported arches
    - switch-root: use MS_MOVE for /run when switchig from initrd
    - debian/systemd.postinst: do not create /etc/tmpfiles.d/tmp.conf on upgrades.
      We want the upgrades on Ubuntu to be aligned with what a new install
      would look like.
    - d/control: do not build systemd-boot-efi-{amd64,arm64}-signed-template
  * New changes:
    - Keep utmp support for this release, since we are passed Feature Freeze
      in Ubuntu.
    - Filter out zdev rules in the initramfs hook (LP: #2044104)
    - d/t/upstream: honor /etc/apt configured by autopkgtest

systemd (256.5-2) unstable; urgency=medium

  [ Helmut Grohne ]
  * Fix stage1 build (Closes: #1078821)

  [ Luca Boccassi ]
  * Disable utmp support, replaced by wtmpdb. utmp is not y2038-safe, util-
    linux has now turned it off and relies on logind, so disable utmp
    support in logind too, as it is no longer necessary. wtmpdb replaces
    the functionality.

systemd (256.5-1) unstable; urgency=medium

  * New upstream version 256.5
  * Drop patch merged upstream
  * autopkgtest: skip TEST-64-UDEV-STORAGE due to qemu crash. This tests
    randomly causes qemu to cr...

Uh, good catch Nick (with that it looks like it's since oracular ?!)

And yes, the names may indeed look a bit cryptic,
since these are for s390x specific (so called CCW) devices (here in this case disk devices, but there are more types; cio-ignore is to mask out a range of CCW devices).
One difference between these CCW devices and devices on s390x, and let's say devices in the PC world is, that even if CCW devices are visible and available (means they got detected), they need to be explicitly enabled before usage - and that is what these rules are supposed to do (e.g. "chzdev -e 271d" enables DASD disk device #271d).

I vaguely remember LP#2044104, but need to re-read it to get the full details again ...
(Looks to me like this is a case on non-DPM system (that do not support auto configuration), that was not properly considered. Guess we need to somehow identify if it's an autoconfigure rule - then skip/continue - or not - then copy.)

------- Comment From <email address hidden> 2025-04-29 07:49 EDT-------
Hi @Frank,
could we try to get this SRUed to noble? Thanks for your help.

debdiff for noble s390-tools and systemd

Default Comment by Bridge

well, due to the confusing two versions with the debdiffs.tgz for noble (one came from the bridge), I'm uploading better a v2 for clarity.

Packages s390-tools and s390-tools-signed uploaded
(with fixes not only for LP#2044104, but also for LP#2103414 ad LP#2078347).

I think s390-tools can indeed be accepted before systemd, but your test plan currently only tests the integration.

Please add a test plan for s390-tools only, e.g. exercising the new --is-owner flag directly, along with some other typical usage of that tool.

Hi Nick, ok - I've now added a more direct test that uses the --is-owner directly; a positive and a negative test, based on real world udev rules.
Other typical usage scenarios are mainly enabling and disabling devices, what is done in the more end2end test at the beginning of the test plan.
Since this is mainly used at install time, another test could be to start an installation, at the initial subiquity screen navigate the to installer shell and update the s390-tools there to the latest version, leave the installer shell and proceed with the installation, that then runs through the zDev activation screen.
I'm adding this to the Tet Plan on top ...

Hello bugproxy, or anyone else affected,

Accepted s390-tools into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools/2.31.0-0ubuntu5.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello bugproxy, or anyone else affected,

Accepted s390-tools-signed into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools-signed/2.31.0-0ubuntu5.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I've successfully verified the s390-tools part:
https://pastebin.canonical.com/p/Ff5dBn7CRb/

... and I've updated the tags.

Successfully verified on plucky too: https://pastebin.canonical.com/p/BNZt4pvWnQ/

Hello bugproxy, or anyone else affected,

Accepted s390-tools into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools/2.31.0-0ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello bugproxy, or anyone else affected,

Accepted s390-tools-signed into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools-signed/2.31.0-0ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

s390-tools successfully verified on noble.
Updating the tags accordingly.

Hello bugproxy, or anyone else affected,

Accepted systemd into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/255.4-1ubuntu8.11 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted systemd (255.4-1ubuntu8.11) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

casper/1.498 (amd64)
collectd/5.12.0-17.1build2 (s390x)
exim4/4.97-4ubuntu4.3 (ppc64el)
haproxy/2.8.5-1ubuntu3.3 (s390x)
linux-azure-6.11/6.11.0-1018.18~24.04.1 (arm64)
linux-gke/6.8.0-1033.37 (arm64)
linux-hwe-6.11/6.11.0-29.29~24.04.1 (ppc64el)
linux-hwe-6.14/unknown (arm64)
linux-nvidia/6.8.0-1036.39 (amd64)
linux-nvidia-6.11/6.11.0-1013.13 (arm64)
linux-nvidia-6.14/6.14.0-1009.9 (amd64)
linux-nvidia-lowlatency/unknown (arm64)
linux-raspi-realtime/6.8.0-2019.20 (arm64)
linux-realtime/6.8.1-1015.16 (arm64)
linux-xilinx/6.8.0-1017.18 (arm64)
mariadb/1:10.11.13-0ubuntu0.24.04.1 (arm64)
ovn/24.03.2-0ubuntu0.24.04.2 (amd64)
sssd/2.9.4-1.1ubuntu6.3 (s390x)
udisks2/2.10.1-6ubuntu1.3 (ppc64el)
upower/1.90.3-1 (ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Now again successfully verified, with s390-tools and systemd.
Adjusting the tags accordingly ...

This bug was fixed in the package s390-tools - 2.31.0-0ubuntu5.3

---------------
s390-tools (2.31.0-0ubuntu5.3) noble; urgency=medium

  * Add missing commit/patch
    d/p/lp-2103414-cpumf-lscpumf-Add-support-for-IBM-z17-counter-sets.patch
    that caused a failed verification of 2.31.0-0ubuntu5.2 (LP: #2103414).

s390-tools (2.31.0-0ubuntu5.2) noble; urgency=medium

  * Add d/p/lp-2103414-s390-tools-libutil-Add-machine-type-3932.patch and
    d/p/lp-2103414-libutil-Add-machine-type-definition-for-z17.patch to
    achieve support for IBM z17 (and z16 GA2) hw specific CPU-MF counters
    (LP: #2103414).
  * Add d/p/lp-2078347-udev-Introduce-rule-to-set-newly-hotplugged-CPUs.patch
    that fixes CPUs from staying offline (LP: #2078347).
  * Add d/p/lp-2044104-zdev-option-to-identify-files-created-by-zdev.patch to
    avoid rebuild initramfs by chzdev -e if zdev:early=0 set (LP: #2044104).

 -- Frank Heimes <email address hidden> Fri, 08 Aug 2025 11:32:43 +0200

This bug was fixed in the package s390-tools-signed - 2.31.0-0ubuntu5.3

---------------
s390-tools-signed (2.31.0-0ubuntu5.3) noble; urgency=medium

  * * Rebuild against 2.31.0-0ubuntu5.3 (LP: #2103414)

s390-tools-signed (2.31.0-0ubuntu5.2) noble; urgency=medium

  * Rebuild against 2.31.0-0ubuntu5.2 (LP: #2103414, LP: #2078347, LP: #2044104)

 -- Frank Heimes <email address hidden> Fri, 08 Aug 2025 11:37:21 +0200

The verification of the Stable Release Update for s390-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

------- Comment From <email address hidden> 2025-09-10 06:40 EDT-------
With the fix being released, we can close this bug.

Thanks everyone for all your work!

==> Changing the status to "CLOSED"

This bug was fixed in the package systemd - 255.4-1ubuntu8.11

---------------
systemd (255.4-1ubuntu8.11) noble; urgency=medium

  [ Nick Rosbrook ]
  * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)
  * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)
    - d/t/control: add Depends: dnsmasq-base
      (Revealed by test progressing past previous failure)
  * initramfs-tools: filter out zdev rules in the initramfs hook (LP: #2044104)
    Backport the logic from plucky onward, but adjust the version string for
    noble.
  * test: fall back to SYSLOG_IDENTIFIER= matching in TEST-75-RESOLVED
    Partially backport the test fix from 49a954b08654dd06bab71224a2398a65c2555549,
    only targeting TEST-75-RESOLVED.

  [ Matthew Ruffell ]
  * pcrlock: handle measurement logs where hash algs in header.
    Fix pcrlock log to function correctly reading the TPM eventlog on hyper-v VMs
    (LP: #2115391)

  [ Chengen Du ]
  * network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
    (LP: #2115418)

  [ Mario Limonciello ]
  * Drop support for using actual brightness (LP: #2110585)

 -- Nick Rosbrook <email address hidden> Fri, 11 Jul 2025 14:52:59 -0400