{{Header}}
{{title|title=
dracut
}}
{{#seo:
|description=dracut is an initial ramdisk (also called "initrd" or "initramfs") generator for Linux systems.
|image=Dracut.svg
}}
{{troubleshooting_mininav}}
[[File:Dracut.svg|thumb|100px|dracut logo]]
{{intro|
dracut is an initial ramdisk (also called initrd or initramfs) generator. It assembles the early userspace image used during boot.
}}
= Introduction =
This page documents dracut usage, terminology, and common tasks such as checking which initrd generator is installed, installing dracut, and re-generating the initrd. It also highlights important warnings, typical pitfalls, and where to look for upstream development and bug reports.
= Initial Ramdisk Based Encryption Password Prompt =
{{quotation
|quote=Please enter passphrase for disk ... (press TAB for no echo)
}}
'''Figure:''' ''initramfs (initramfs-tools or dracut) Based Encryption Password [[Full_Disk_Encryption#Pre-Boot_Authentication|Pre-Boot Authentication]] Prompt - Example (cropped)''
[[File:Dracutpass-cropped.png|frameless|1200px|alt={{project_name_short}} GRUB|initramfs (dracut) Based Encryption Password Prompt]]
'''Figure:''' ''initramfs (initramfs-tools or dracut) Based Encryption Password Prompt - Example (full)''
[[File:dracutpass.png|600px]]
This is related to [[Full Disk Encryption|{{fde}}]].
= Terminology =
{{anchor|show=true|initrd}}
initrd is the initial ramdisk. It is a small filesystem used as part of the boot process to provide an early userspace environment, so the system can load drivers and mount the real {{os}} root filesystem. A common synonym is initramfs. [
[https://docs.kernel.org/filesystems/ramfs-rootfs-initramfs.html Linux kernel documentation: Ramfs, rootfs and initramfs]
] [
{{quotation
|quote=Initramfs images are also called "initrd".
|context=dracut man page
}}
]
In modern Linux systems, the initramfs is typically a compressed cpio archive that the kernel unpacks into RAM and then runs /init from. Older systems used an initrd image as a RAM disk style filesystem image. [
[https://docs.kernel.org/filesystems/ramfs-rootfs-initramfs.html Linux kernel documentation: Ramfs, rootfs and initramfs]
]
{{anchor|show=true|exitrd}}
exitrd [
[https://man.archlinux.org/man/bootup.7.en#THE_EXITRD Arch Linux bootup(7): THE_EXITRD]
] is the shutdown ramdisk (also called a shutdown initramfs). It is conceptually symmetrical to initrd, but it is not a standalone kernel feature: it is implemented in user space (most commonly by systemd). During late shutdown, if /run/initramfs/shutdown exists, systemd can switch root into /run/initramfs and execute /shutdown from there, so the old root filesystem can be unmounted cleanly and complex storage stacks can be dismantled. [
[https://man7.org/linux/man-pages/man7/bootup.7.html man7.org bootup(7): THE EXITRD]
] [
[https://www.freedesktop.org/wiki/Software/systemd/InitrdInterface/ systemd Initrd Interface: shutdown hook via /run/initramfs/shutdown]
]
On systems using dracut, this commonly involves restoring (unpacking) an initramfs into /run/initramfs during shutdown, so it is available for the exitrd switch-root step. [
[https://man.archlinux.org/man/extra/dracut/dracut-shutdown.service.8.en dracut-shutdown.service(8): restore /run/initramfs on shutdown]
]
A synonym is initramfs-shutdown.
= Find out which initrd Generator is installed =
To check if dracut is already installed, run. On Debian based operating systems such as Kicksecure this can be done using the following commands.
{{CodeSelect|code=
dpkg -l {{!}} grep dracut
}}
To check if initramfs-tools is already installed, run.
{{CodeSelect|code=
dpkg -l {{!}} grep initramfs-tools
}}
= Installation =
{{IconSet|h1|1}} Notices.
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Platform specific.
* '''Debian:''' The following warning is applicable because dracut is not installed by default in Debian.
* '''Kicksecure:''' The following warning is only applicable if dracut is not yet installed. In newer Kicksecure versions, dracut is installed by default.
}}
To check your currently installed initrd generator, see [[Dracut#Find_out_which_initrd_Generator_is_installed|Find out which initrd Generator is installed]].
{{IconSet|h1|2}} Warning.
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px|warning]]
| text = '''Warning:'''
There is a risk of the system becoming unbootable due to changes in the initrd creation tool.
* '''General risk:''' The system may become unbootable when changing the initrd creation tool.
* '''Backups:''' Always maintain backups and proceed with caution when making changes.
* '''Dracut bug reports:''' If issues with dracut occur, do not report them here, as they are [[unspecific|unrelated to {{project_name_short}}]].
}}
{{IconSet|h1|3}} Create folder /etc/dracut.conf.d.
{{CodeSelect|code=
sudo mkdir --parents /etc/dracut.conf.d
}}
{{IconSet|h1|4}} Create a new configuration file. [
File name '60_user.conf' is important to override the configuration file 50-generic.conf by package 'dracut-config-generic', if installed.
]
{{Open with root rights|filename=
/etc/dracut.conf.d/60_user.conf
}}
{{IconSet|h1|5}} Paste.
{{CodeSelect|code=
hostonly=yes
hostonly_mode=sloppy
}}
{{IconSet|h1|6}} Save.
{{IconSet|h1|7}} Install dracut and systemd-cryptsetup.
{{CodeSelect|code=
sudo apt install --no-install-recommends dracut systemd-cryptsetup
}}
{{IconSet|h1|8}} Done.
Installation of dracut has been completed.
= Re-Generate dracut Initrd =
{{IconSet|h1|1}} Run.
{{CodeSelect|code=
sudo dracut -f
}}
{{IconSet|h1|2}} Done.
The dracut initrd has been re-generated.
= Development =
* [https://systemd.io/INITRD_INTERFACE/ The initrd Interface of systemd]
= Bugs =
* '''Specific risk:''' Issues may occur during migration to dracut if full disk encryption is used.
** Likely issues:
*** Package systemd-cryptsetup is not installed.
*** hostonly=yes configuration option is not used.
** Workaround: If boot fails: setting the kernel parameter rd.auto might help. (Tested on Debian 12/ bookworm.)
* Note on bug status: Closed bugs do not necessarily mean the issue is resolved in your distribution's APT repository. Fixes may have been reverted upstream, making bug status verification difficult.
* dracut (abandoned)
** [https://github.com/dracutdevs/dracut/pull/2520 fix(crypt): Encrypted root FS handling with generic initrd #2520] (abandoned pull request for dracut)
** [https://github.com/dracutdevs/dracut/issues/2437 Generic initrd does not work with encrypted root FS without further configuration]
* dracut-ng (maintained) upstream bug reports and pull requests:
** [https://github.com/dracut-ng/dracut-ng/issues/684 With encrypted root + unencrypted boot + systemd, dracut may generate an initrd incapable of decrypting the root disk without showing any warnings or errors #684]
** [https://github.com/dracut-ng/dracut-ng/pull/319 fix(systemd-crypt): add potentially needed modules to generic initrd #319]
** [https://github.com/dracut-ng/dracut-ng/pull/320 fix(crypt): unlock encrypted devices by default during boot #320]
** [https://github.com/dracut-ng/dracut-ng/pull/529 revert(crypt): do not unlock encrypted devices by default during boot #529]
* Debian upstream bug reports:
** [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041614 unbootable system after installing dracut on a standard Debian installation - #1]
** [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078792 unbootable system after installing dracut on a standard Debian installation - #2]
** [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029324 dracut: generic initrd does not work with encrypted root FS without further configuration]
** [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103457 Unable to boot LUKS-encrypted system]
* Forum discussion:
** https://forums.whonix.org/t/replacing-initramfs-tools-with-dracut/4487/23
* ram-wipe discussion:
** {{Github_link|repo=ram-wipe|path=/issues/2#issuecomment-2813730463}}
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]