Bug#1136383: Support 3cpio (not only cpio)

Trent W. Buck Tue, 12 May 2026 21:31:16 -0700

Package: amd64-microcode
Version: 3.20251202.1
Severity: minor

A couple of hours ago, forky (testing) got initramfs-tools 0.151.
Its hard dependency changed from cpio to 3cpio|cpio.
This causes SOME freshly built systems to silently omit AMD microcode.


I think this ONLY affects people who do ALL of the following:

  * opt-out of Recommends;
  * opt-out of Priority: standard; and
  * opt-out of dracut.

Here is the actual warning message:

    # update-initramfs -u -k all
    update-initramfs: Generating /boot/initrd.img-7.0.4+deb14-cloud-amd64
    /usr/share/initramfs-tools/hooks/amd64_microcode: 102: cpio: not found
    /usr/share/initramfs-tools/hooks/amd64_microcode: 104: cpio: not found
    E: amd64-microcode: failed to create or prepend the early initramfs to the 
initramfs
    live-boot: core filesystems dm-verity devices utils udev blockdev dns.

This is the relevant code:

    
https://sources.debian.org/src/amd64-microcode/3.20251202.1/debian/initramfs.hook#L94-L110

Here are minimum recipes to reproduce the problem:

    $ mmdebstrap forky /dev/null http://localhost:3142/debian --quiet 
--dpkgopt=force-confold --essential-hook='mkdir -p $1/etc/default; echo 
AMD64UCODE_INITRAMFS=early >$1/etc/default/amd64-microcode' 
--include=linux-image-cloud-amd64,initramfs-tools,amd64-microcode 
--components=main,non-free-firmware --customize-hook='chroot $1 lsinitramfs 
/initrd.img | grep microcode; DPKG_ROOT=$1 dpkg-query --show 
initramfs-tools-core cpio 3cpio'

    kernel/x86/microcode
    kernel/x86/microcode/AuthenticAMD.bin               [expected, all is well]
    etc/modprobe.d/amd64-microcode-blacklist.conf

    3cpio       
    cpio        2.15+dfsg-2.1
    initramfs-tools-core        0.151

    $ mmdebstrap forky /dev/null http://localhost:3142/debian --quiet 
--dpkgopt=force-confold --essential-hook='mkdir -p $1/etc/default; echo 
AMD64UCODE_INITRAMFS=early >$1/etc/default/amd64-microcode' 
--include=linux-image-cloud-amd64,initramfs-tools,amd64-microcode 
--components=main,non-free-firmware --customize-hook='chroot $1 lsinitramfs 
/initrd.img | grep microcode; DPKG_ROOT=$1 dpkg-query --show 
initramfs-tools-core cpio 3cpio' --variant=apt

    etc/modprobe.d/amd64-microcode-blacklist.conf
    [unexpected, AuthenticAMD.bin is missing, no fatal error!]

    3cpio       0.14.0-1+b1
    cpio        
    initramfs-tools-core        0.151

Here is the same test using the default initrd (dracut), working with both 
3cpio and cpio.

    $ mmdebstrap forky /dev/null http://localhost:3142/debian --quiet 
--dpkgopt=force-confold --essential-hook='mkdir -p $1/etc/default; echo 
AMD64UCODE_INITRAMFS=early >$1/etc/default/amd64-microcode' 
--include=linux-image-cloud-amd64,amd64-microcode 
--components=main,non-free-firmware --customize-hook='chroot $1 lsinitrd | grep 
microcode; DPKG_ROOT=$1 dpkg-query --show dracut-core cpio 3cpio'
    drwxr-xr-x   2 root     root            0 May 13 04:07 kernel/x86/microcode
    -rw-r--r--   1 root     root       304866 May 13 04:07 
kernel/x86/microcode/AuthenticAMD.bin
    3cpio       
    cpio        2.15+dfsg-2.1
    dracut-core 110-12

    $ mmdebstrap forky /dev/null http://localhost:3142/debian --quiet 
--dpkgopt=force-confold --essential-hook='mkdir -p $1/etc/default; echo 
AMD64UCODE_INITRAMFS=early >$1/etc/default/amd64-microcode' 
--include=linux-image-cloud-amd64,amd64-microcode 
--components=main,non-free-firmware --customize-hook='chroot $1 lsinitrd | grep 
microcode; DPKG_ROOT=$1 dpkg-query --show dracut-core cpio 3cpio' --variant=apt
    drwxr-xr-x   2 root     root            0 May 13 04:09 kernel/x86/microcode
    -rw-r--r--   1 root     root       304866 May 13 04:09 
kernel/x86/microcode/AuthenticAMD.bin
    3cpio       0.14.0-1+b1
    cpio        
    dracut-core 110-12

I did not test tiny-initramfs.

Can amd64-microcode's debian/initramfs.hook use 3cpio if it is installed (and 
cpio is not)?

Can "E: amd64-microcode: failed" exit non-zero, so
the build clearly fails,
instead of appearing to work but lacking microcode patches?

I would provide a patch, but I'm not yet familiar with 3cpio myself.

Can 3cpio provide a cpio-is-3cpio compatibility deb, like gpg-from-sq?
Then packages like amd64-microcode would continue to Just Work as-is.


-- System Information:
Debian Release: 13.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.85+deb13-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1136383: Support 3cpio (not only cpio)

Reply via email to