[PATCH openbmc 00/32] Update openbmc initfs to add temporary run from RAM

[PATCH openbmc 00/32] Update openbmc initfs to add temporary run from RAM

[OpenBMC Patches]

This series adds support to the openbmc phosphor initfs scripts to support the BMC running with either or both of the read-write and read-only layers of the root file system to be in RAM instead of in the flash.
This decision is made via u-boot firmware variables and the kernel command line, and is designed to have a persistent and one time option.

Also included is a systemd service called clear-once that clears the variable meant for one time use.  The host-ipmid service is modified to want to run after the clear-once service in anticipation of the a OEM command that will set the variable.

When running in RAM the read-write layer can be replaced with updated content.  If both layers are in memory the BMC will not be accessing the flash except by explicit action, which include a shutdown and reboot.

This series includes support to copy the read-only layer from the existing flash at boot, and to copy the white listed files from the read-write file system at boot and restore them at shutdown along with the u-boot environment.  Also included is support for using images sourced from elsewhere either by manual intervention at the debug-init-sh shell prompt or via a shell command line stored in a u-boot environment variable (only executed if an option is found on the command line or in the previously mentioned u-boot variables).  This can be used to download the read-only layer from the network to test or run a new read-only layer while updating the flash.  The packaged initfs supports HTTP ant TFTP transfers via the busybox commands.

The updated flash update script can run while the BMC is at system runtime if both layers are in RAM.  Future updates will allow it to update one layer while the other is mounted.  The error handling in the update script still is designed for use at shutdown with a console to debug and fix unexpected conditions.  Future updates could also support leaving the watchdog timer enabled during flash, but a reset during an update to u-boot will always be fatal without a redundant flash chip and the corresponding strapping and support.

The options and variable names were listed in this prior email https://lists.ozlabs.org/pipermail/openbmc/2016-March/002119.html


. Documentation for this and network booting will be written.


https://github.com/openbmc/openbmc/pull/200

Milton D. Miller II (32):
  shutdown: Conditionally unmount proc
  shutdown: Correct comment on the reason to invoke stty
  shutdown: Test equality with =
  shutdown: Complain if update images exist without update script
  shutdown: Call update from /run/initramfs directory
  shutdown: request saved files be cleaned
  update: Add command line parsing to clean or preserve saved files
  update: Add options to skip the save and restore phases
  update: Do not check if the whitelist is empty
  update: Read whitelist from the /run/initramfs directory
  update: Save files in run filesystem
  update: Restore files via an alternate mount directory
  update: Make cow directory before restoring saved files.
  update: Save files using the same mount path as init
  update: Save whitelist files from RAM or mounted read-write filesystem
  update: Add option to copy files to runtime cow directory
  update: Remove images as they are successfully flashed
  update: Skip calling flashcp for empty files
  init: Read options from a file
  init: Use image of read only file system in RAM if present
  init: Suppress fsck command not present error by file system type
  init: Run from RAM if file system type is specified as none
  init: Always move images from root
  init: Add option to run with writable overlay in RAM
  init: Add option to copy base read-only filesystem into RAM
  init: Be explicit about saving and restoring files.
  init: Call update from initramfs directory
  init: Add option to copy files into memory
  init: Look for options in u-boot environment
  init: Add a hook to download files
  Add clear-once service
  host-ipmid: OEM command will require clear-once service

 .../recipes-phosphor/clear-once/clear-once.bb      |   8 ++
 .../clear-once/clear-once/clear-once.service       |  15 +++
 .../recipes-phosphor/host-ipmid/host-ipmid.bb      |   1 +
 .../host-ipmid/host-ipmid/host-ipmid.service       |   2 +
 .../obmc-phosphor-initfs/files/obmc-init.sh        | 113 ++++++++++++++++++---
 .../obmc-phosphor-initfs/files/obmc-shutdown.sh    |  17 +++-
 .../obmc-phosphor-initfs/files/obmc-update.sh      |  91 ++++++++++++++---
 7 files changed, 215 insertions(+), 32 deletions(-)
 create mode 100644 meta-phosphor/common/recipes-phosphor/clear-once/clear-once.bb
 create mode 100644 meta-phosphor/common/recipes-phosphor/clear-once/clear-once/clear-once.service

-- 
2.7.1

[PATCH openbmc 01/32] shutdown: Conditionally unmount proc

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

The intention was to test the flag variable set when proc was
mounted earlier in the script, not the constant string containing
the name of the variable.

The unnecessary unmount is not noticeable when a normal shutdown
or reboot is being performed while executing after systemd, but
results in a less usable environment when invoked manually.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index fc359c5..216e7e4 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -45,7 +45,7 @@ fi
 echo Remaining mounts:
 cat /proc/mounts
 
-test "umount_proc" && umount /proc && rmdir /proc
+test "$umount_proc" && umount /proc && rmdir /proc
 
 # ioctl(TIOC_DRAIN) to drain tty messages to console
 test -t 1 && stty cooked 0<&1
-- 
2.7.1

[PATCH openbmc 02/32] shutdown: Correct comment on the reason to invoke stty

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

The desired system call is not an ioctl but tcsetattr with
second parameter TCSADRAIN.

Reported-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index 216e7e4..097d9e0 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -47,7 +47,7 @@ cat /proc/mounts
 
 test "$umount_proc" && umount /proc && rmdir /proc
 
-# ioctl(TIOC_DRAIN) to drain tty messages to console
+# tcsattr(tty, TIOCDRAIN, mode) to drain tty messages to console
 test -t 1 && stty cooked 0<&1
 
 # Execute the command systemd told us to ...
-- 
2.7.1

[PATCH openbmc 03/32] shutdown: Test equality with =

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

The test command is documented as taking = and not == to test
two strings for equality.  While both appear to work use the
documented comparison operator.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index 097d9e0..99a7432 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -53,7 +53,7 @@ test -t 1 && stty cooked 0<&1
 # Execute the command systemd told us to ...
 if test -d /oldroot  && test "$1"
 then
-	if test "$1" == kexec
+	if test "$1" = kexec
 	then
 		$1 -f -e
 	else
-- 
2.7.1

[PATCH openbmc 04/32] shutdown: Complain if update images exist without update script

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Complain if the update program is missing if flash update images
are present.  This is similar to the message in root and will
inform a serial console reader why the update images are not
being applied.

The update script is copied from the initramfs to the run tmpfs
ram file system.  It is built and packaged with the init and
shutdown script.  It would have been removed, unpackaged, or
init changed for unknown reasons by root or the build system
for this to occur.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index 99a7432..bae572b 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -37,9 +37,14 @@ then
 	ln -sn /run/fw_env ${image}u-boot-env
 fi
 
-if test -x /update && ls $image* > /dev/null 2>&1
+if ls $image* > /dev/null 2>&1
 then
-	/update ${1+"$@"}
+	if test -x /update
+	then
+		/update
+	else
+		echo 1>&2 "Flash update requested but /update program missing!"
+	fi
 fi
 
 echo Remaining mounts:
-- 
2.7.1

[PATCH openbmc 05/32] shutdown: Call update from /run/initramfs directory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

While both are the same directory via bind mount when shutdown
is executing from systemd use the full pathname to the script.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh  | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index bae572b..7d79cf0 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -30,7 +30,9 @@ do
 done
 set +x
 
+update=/run/initramfs/update
 image=/run/initramfs/image-
+
 if test -s /run/fw_env -a -c /run/mtd:u-boot-env -a ! -e ${image}u-boot-env &&
 	! cmp /run/mtd:u-boot-env /run/fw_env
 then
@@ -39,11 +41,11 @@ fi
 
 if ls $image* > /dev/null 2>&1
 then
-	if test -x /update
+	if test -x $update
 	then
-		/update
+		$update
 	else
-		echo 1>&2 "Flash update requested but /update program missing!"
+		echo 1>&2 "Flash update requested but $update program missing!"
 	fi
 fi
 
-- 
2.7.1

[PATCH openbmc 06/32] shutdown: request saved files be cleaned

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

We don't need to hold saved files for a future restore.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
index 7d79cf0..8d5d0c9 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-shutdown.sh
@@ -43,7 +43,7 @@ if ls $image* > /dev/null 2>&1
 then
 	if test -x $update
 	then
-		$update
+		$update --clean-saved-files
 	else
 		echo 1>&2 "Flash update requested but $update program missing!"
 	fi
-- 
2.7.1

[PATCH openbmc 07/32] update: Add command line parsing to clean or preserve saved files

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Because update now returns to shutdown for the final halt or
reboot system call it does not need to handle systemd arguments.
Instead update is being invoked from multiple environments, and
further environments will need alternate behaviors.

Add a code to start parsing the command line.  Start wtih a flag
to clean the saved files at the end of the update process.

This will reclaim the space and prevent stale saved files
from being restored without requiring the calling script to
know the location of the saved files directory.

Parse true and complement actions in case we decide to change
the defaults later.

For now keep the user feature of calling update, flashing some
files by hand, then a final call to update with a possibly
empty image file will have the original saved files merged
into the rwfs.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-update.sh      | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 367c302..060073b 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -59,6 +59,23 @@ rwdir=rw
 upper=$rwdir/cow
 save=save/${upper##*/}
 
+doclean=
+
+while test "$1" != "${1#-}"
+do
+	case "$1" in
+	--no-clean-saved-files)
+		doclean=
+		shift ;;
+	--clean-saved-files)
+		doclean=y
+		shift ;;
+	*)
+		echo 2>&1 "Unknown option $1"
+		exit 1 ;;
+	esac
+done
+
 if test -n "$rwfs" && test -s whitelist
 then
 
@@ -105,6 +122,11 @@ then
 	umount $rwdir
 fi
 
+if test "x$doclean" = xy
+then
+	rm -rf $save
+fi
+
 exit
 
 # NOT REACHED without edit
-- 
2.7.1

[PATCH openbmc 08/32] update: Add options to skip the save and restore phases

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Allow the save and/or restore of whitelisted files to be
suppressed.

This reduces the noise and possible problems trying to mount the
read-write filesystem read-write when its dirty.  The filesystem
may be cleaned or repaired between the backup and restore.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-update.sh         | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 060073b..dff23d5 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -60,6 +60,8 @@ upper=$rwdir/cow
 save=save/${upper##*/}
 
 doclean=
+dosave=y
+dorestore=y
 
 while test "$1" != "${1#-}"
 do
@@ -70,15 +72,26 @@ do
 	--clean-saved-files)
 		doclean=y
 		shift ;;
+	--no-save-files)
+		dosave=
+		shift ;;
+	--save-files)
+		dosave=y
+		shift ;;
+	--no-restore-files)
+		dorestore=
+		shift ;;
+	--restore-files)
+		dorestore=y
+		shift ;;
 	*)
 		echo 2>&1 "Unknown option $1"
 		exit 1 ;;
 	esac
 done
 
-if test -n "$rwfs" && test -s whitelist
+if test "x$dosave" = xy -a -n "$rwfs" -a -s whitelist
 then
-
 	mkdir -p $rwdir
 	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rorwopts
 
@@ -115,7 +128,7 @@ do
 	flashcp -v $f /dev/$m
 done
 
-if test -d $save
+if test -d $save -a "x$dorestore" = xy
 then
 	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rwopts
 	cp -rp $save/. $upper/
-- 
2.7.1

[PATCH openbmc 09/32] update: Do not check if the whitelist is empty

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Let the copy loop execute zero times instead of checking if
the whitelist is empty.

Suppressing the mount and copying the files can be achieved via
command line options.  This removes a condition and prepares for
splitting the whitelist into component files with support for
commented out lines.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index dff23d5..f40a546 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -90,7 +90,7 @@ do
 	esac
 done
 
-if test "x$dosave" = xy -a -n "$rwfs" -a -s whitelist
+if test "x$dosave" = xy -a -n "$rwfs"
 then
 	mkdir -p $rwdir
 	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rorwopts
-- 
2.7.1

[PATCH openbmc 10/32] update: Read whitelist from the /run/initramfs directory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Find the whitelist under /run/initramfs directory instead of
looking in root directory.  This results in the whitelist always
existing and being the same instance (copy) in all environments.

Currently the update script is invoked from two places: from
shutdown, where systemd bind-mounted the initramfs directory on
itself and made it root (with its parent /run mounted underneath
it in a twist), and from the initramfs init script where it
copied the files from its root directory into the /run/initramfs
directory for use at shutdown time when the original rootfs is
no longer reachable.

By looking under /run/initramfs we will always look at one copy
of the whitelist.  This will also allow future modes where the
update script can be invoked while running from a copies of
the file systems located in RAM.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index f40a546..efdd913 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -63,6 +63,9 @@ doclean=
 dosave=y
 dorestore=y
 
+whitelist=/run/initramfs/whitelist
+image=/run/initramfs/image-
+
 while test "$1" != "${1#-}"
 do
 	case "$1" in
@@ -104,12 +107,11 @@ then
 		d="$save/$f"
 		mkdir -p "${d%/*}"
 		cp -rp $upper/$f "${d%/*}/"
-	done < whitelist
+	done < $whitelist
 
 	umount $rwdir
 fi
 
-image=/run/initramfs/image-
 for f in $image*
 do
 	m=$(findmtd ${f#$image})
-- 
2.7.1

[PATCH openbmc 11/32] update: Save files in run filesystem

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Instead of in saving files in root which is messy and logically
part of the cow space, save the files in a directory under /run
which will be mounted during init, runtime, and shutdown.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index efdd913..b066471 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -57,7 +57,7 @@ rorwopts=ro${rwopts#rw}
 
 rwdir=rw
 upper=$rwdir/cow
-save=save/${upper##*/}
+save=/run/save/${upper##*/}
 
 doclean=
 dosave=y
-- 
2.7.1

[PATCH openbmc 12/32] update: Restore files via an alternate mount directory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

This will allow us to restore or check-point the whitelisted files
to the read-write filesystem device without causing confusion by
mounting over the upperdir location while at runtime.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index b066471..cab33e9 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -132,9 +132,15 @@ done
 
 if test -d $save -a "x$dorestore" = xy
 then
+	odir=$rwdir
+	rwdir=/run/rw
+	upper=$rwdir${upper#$odir}
+
+	mkdir -p $rwdir
 	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rwopts
 	cp -rp $save/. $upper/
 	umount $rwdir
+	rmdir $rwdir
 fi
 
 if test "x$doclean" = xy
-- 
2.7.1

[PATCH openbmc 13/32] update: Make cow directory before restoring saved files.

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

This will ensure the cp command always writes to an existing
directory but will also make any future component directories if
the upper directory is later moved from the root of the filesystem.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index cab33e9..1a11953 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -138,6 +138,7 @@ then
 
 	mkdir -p $rwdir
 	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rwopts
+	mkdir -p $upper
 	cp -rp $save/. $upper/
 	umount $rwdir
 	rmdir $rwdir
-- 
2.7.1

[PATCH openbmc 14/32] update: Save files using the same mount path as init

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Use the full /run/initramfs/rw path for the mount point of the
read-write filesystem.

This prevents creating and directories in / when it is invoked
before shutdown.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 1a11953..e580561 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -55,7 +55,7 @@ rwdev=/dev/mtdblock${rwfs#mtd}
 rwopts=rw
 rorwopts=ro${rwopts#rw}
 
-rwdir=rw
+rwdir=/run/initramfs/rw
 upper=$rwdir/cow
 save=/run/save/${upper##*/}
 
-- 
2.7.1

[PATCH openbmc 15/32] update: Save whitelist files from RAM or mounted read-write filesystem

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Skip mounting and unmounting the read-write file system when
saving files if the upper directory exists.  Instead interpret
this as a sign the system either is or was running from RAM (or
from some future alternative and maybe temporary mounted file
system) and save the files from that upper directory.

It is possible some other filesystem is mounted on the read-write
mountpoint that is not a mtd device, either a tmpfs or some
other future media, so only try to unmount the file system if
this update script mounted it.

Each boot an empty /run filesytem is created and populated by init
with selected directories and mount points for the read-only and
read-write file systems and mounts them on these points.

The upper directory is under the read-write mount point, so if it
exists then either a file system is mounted there or the system
was prepared to run from RAM using the run tmpfs file system and
updates may have been made there.  In either case the files to
be saved exist in that directory.

Background on overlayfs:

The upper directory contains files and directory entries that were
either opened for write or had meta data changed.  Before this
happens the overlayfs copies each file or directory by name into
the work directory then atomically moves it into the corresponding
upper directory.

To form a read-write overlayfs mount, the upper directory must be,
by definition, in a read-write file system along with the work
directory, and both are required to be in the same filesystem.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-update.sh            | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index e580561..6f26550 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -59,6 +59,7 @@ rwdir=/run/initramfs/rw
 upper=$rwdir/cow
 save=/run/save/${upper##*/}
 
+mounted=
 doclean=
 dosave=y
 dorestore=y
@@ -93,10 +94,14 @@ do
 	esac
 done
 
-if test "x$dosave" = xy -a -n "$rwfs"
+if test "x$dosave" = xy
 then
-	mkdir -p $rwdir
-	mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rorwopts
+	if test ! -d $upper -a -n "$rwfs"
+	then
+		mkdir -p $rwdir
+		mount $rwdev $rwdir -t $(probe_fs_type $rwdev) -o $rorwopts
+		mounted=$rwdir
+	fi
 
 	while read f
 	do
@@ -109,7 +114,10 @@ then
 		cp -rp $upper/$f "${d%/*}/"
 	done < $whitelist
 
-	umount $rwdir
+	if test -n "$mounted"
+	then
+		umount $mounted
+	fi
 fi
 
 for f in $image*
-- 
2.7.1

[PATCH openbmc 16/32] update: Add option to copy files to runtime cow directory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Add an option to copy files to the runtime copy-on-write upper
directory from the saved directory to allow init to request the
files for use without knowing the saved files directory.

This will be used to initialize the cow directory from the
persistent rwfs file system when choosing to run in RAM.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 6f26550..6b0d7a0 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -63,6 +63,7 @@ mounted=
 doclean=
 dosave=y
 dorestore=y
+toram=
 
 whitelist=/run/initramfs/whitelist
 image=/run/initramfs/image-
@@ -88,6 +89,9 @@ do
 	--restore-files)
 		dorestore=y
 		shift ;;
+	--copy-files)
+		toram=y
+		shift ;;
 	*)
 		echo 2>&1 "Unknown option $1"
 		exit 1 ;;
@@ -138,6 +142,12 @@ do
 	flashcp -v $f /dev/$m
 done
 
+if test "x$toram" = xy
+then
+	mkdir -p $upper
+	cp -rp $save/. $upper/
+fi
+
 if test -d $save -a "x$dorestore" = xy
 then
 	odir=$rwdir
-- 
2.7.1

[PATCH openbmc 17/32] update: Remove images as they are successfully flashed

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Remove image files as they are flashed so a repeated call to
update does not erase and write the image again.

As we add the ability to call update at runtime repeated calls
are expected.  This both signals successful copy and removes the
need for callers to cleanup.

Also remove commented alternate flash method using eraseall
that was not tested.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index 6b0d7a0..edaf195 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -138,8 +138,7 @@ for f in $image*
 do
 	m=$(findmtd ${f#$image})
 	echo "Updating ${f#$image}..."
-	# flasheraseall /dev/$m && dd if=$f of=/dev/$m
-	flashcp -v $f /dev/$m
+	flashcp -v $f /dev/$m && rm $f
 done
 
 if test "x$toram" = xy
-- 
2.7.1

[PATCH openbmc 18/32] update: Skip calling flashcp for empty files

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Note explicitly when an empty image is provided that will not
alter a flash partition.

While using flashcp on an empty file succeeds and does not alter
the flash, it may be confusing to see 0/0 messages for the erase,
write, and verify phases.

These empty files are used to trigger the save and restore phases
and may also be used by developers to cause the update to fail
and break into a shell at shutdown for maintence.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
index edaf195..aa8fd89 100755
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-update.sh
@@ -136,6 +136,12 @@ done
 
 for f in $image*
 do
+	if test ! -s $f
+	then
+		echo "Skipping empty update of ${f#$image}."
+		rm $f
+		continue
+	fi
 	m=$(findmtd ${f#$image})
 	echo "Updating ${f#$image}..."
 	flashcp -v $f /dev/$m && rm $f
-- 
2.7.1

[PATCH openbmc 19/32] init: Read options from a file

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Grep options from a file instead of directly from /proc/cmdline
which will allow additonal sources for options.

Initially the options file is just a copy of the kernel command
line, but it may be edited at debug-init-sh or via a later
debug_takeover point or before restarting init.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh   | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 12c5a2f..d3b4b9f 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -101,10 +101,16 @@ init=/sbin/init
 fsckbase=/sbin/fsck.
 fsck=$fsckbase$rwfst
 fsckopts=-a
+optfile=/run/initramfs/init-options
+
+if test ! -f $optfile
+then
+	cat /proc/cmdline > $optfile
+fi
 
 echo rofs = $rofs $rofst   rwfs = $rwfs $rwfst
 
-if grep -w debug-init-sh /proc/cmdline
+if grep -w debug-init-sh $optfile
 then
 	debug_takeover "Debug initial shell requested by command line."
 fi
@@ -118,7 +124,7 @@ then
 	mv /${imagebasename}* ${image%$imagebasename}
 fi
 
-if grep -w clean-rwfs-filesystem /proc/cmdline
+if grep -w clean-rwfs-filesystem $optfile
 then
 	echo "Cleaning of read-write overlay filesystem requested."
 	touch $trigger
-- 
2.7.1

[PATCH openbmc 20/32] init: Use image of read only file system in RAM if present

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

If a read-only file system image is in /run, specifically
/run/image-rofs, then mount it instead of the mtd partition.

This will allow running from ram to allow the flash to be updated,
either from a downloaded image, a packaged image, or an image
copied at boot.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index d3b4b9f..538299e 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -159,6 +159,12 @@ then
 	fsck=$fsckbase$rwfst
 fi
 
+if test -s /run/image-rofs
+then
+	rodev=/run/image-rofs
+	roopts=$roopts,loop
+fi
+
 mount $rodev $rodir -t $rofst -o $roopts
 
 if test -x $rodir$fsck
-- 
2.7.1

[PATCH openbmc 21/32] init: Suppress fsck command not present error by file system type

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Decide lack of fsck is not a problem by the type of the rwfs image
instead of the full name of the fsck command.  This eliminates
duplicates knowledge of how the fsck path is formed.

Suggested-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 538299e..d4d2cc1 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -183,7 +183,7 @@ then
 	then
 		debug_takeover "fsck of read-write fs on $rwdev failed (rc=$rc)"
 	fi
-elif test $fsck != /sbin/fsck.jffs2
+elif test "$rwfst" != jffs2
 then
 	echo "No '$fsck' in read only fs, skipping fsck."
 fi
-- 
2.7.1

[PATCH openbmc 22/32] init: Run from RAM if file system type is specified as none

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Allow file system type none for rwfst, which means do not mount a
separate file system but just use the directory in the tmpfs /run.

This will be used to allow the flash controller to not be used by
the running image, allowing flash updates while the BMC is running
the main application.

It could also be used for a file system less prone to corruption
where the read-write overlay is only updated with whitelisted files
at specific points in time with updates to the update script.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index d4d2cc1..89e4538 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -183,12 +183,16 @@ then
 	then
 		debug_takeover "fsck of read-write fs on $rwdev failed (rc=$rc)"
 	fi
-elif test "$rwfst" != jffs2
+elif test "$rwfst" != jffs2 -a "$rwfst" != none
 then
 	echo "No '$fsck' in read only fs, skipping fsck."
 fi
 
-if ! mount $rwdev $rwdir -t $rwfst -o $rwopts
+if test "$rwfst" = none
+then
+	echo "Running with read-write overlay in RAM for this boot."
+	echo "No state will be preserved unless flash update performed."
+elif ! mount $rwdev $rwdir -t $rwfst -o $rwopts
 then
 	msg="$(cat)" << HERE
 
-- 
2.7.1

[PATCH openbmc 23/32] init: Always move images from root

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

If images are to be updated before init continue to move them
to /run/initramfs.  However, if they are not to be flashed before
init instead move them to /run.

This will result in the image-rofs being loop mounted for this run,
and all images will be available at runtime for flash update at
runtime.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-init.sh               | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 89e4538..7953176 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -115,13 +115,18 @@ then
 	debug_takeover "Debug initial shell requested by command line."
 fi
 
-# If there are images in root move them to run/initramfs/ now.
+# If there are images in root move them to /run/initramfs/ or /run/ now.
 imagebasename=${image##*/}
-if test -n "${imagebasename}" -a "x$flash_images_before_init" = xy &&
-	ls /${imagebasename}* > /dev/null 2>&1
+if test -n "${imagebasename}" && ls /${imagebasename}* > /dev/null 2>&1
 then
-	echo "Pending flash updates found."
-	mv /${imagebasename}* ${image%$imagebasename}
+	if test "x$flash_images_before_init" = xy
+	then
+		echo "Flash images found, will update before starting init."
+		mv /${imagebasename}* ${image%$imagebasename}
+	else
+		echo "Flash images found, will use but deferring flash update."
+		mv /${imagebasename}* /run/
+	fi
 fi
 
 if grep -w clean-rwfs-filesystem $optfile
-- 
2.7.1

[PATCH openbmc 24/32] init: Add option to run with writable overlay in RAM

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

If overlay-filesystem-in-ram is found set rwfst=none suppressing
the rwfs mount.

Signed-off-by:  Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 7953176..2e8467c 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -164,6 +164,11 @@ then
 	fsck=$fsckbase$rwfst
 fi
 
+if grep -w overlay-filesystem-in-ram $optfile
+then
+	rwfst=none
+fi
+
 if test -s /run/image-rofs
 then
 	rodev=/run/image-rofs
-- 
2.7.1

[PATCH openbmc 25/32] init: Add option to copy base read-only filesystem into RAM

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

If copy-base-filesystem-to-ram is found copy the read-only
filesystem source device to /run/image-rofs.  If the copy fails
then remove the partial copy and invoke debug takeover.

This will allow a new image to be downloaded and flashed while
running from the existing copy for the duration of this boot.

Alternatively with the overlay also in RAM pflash could be used
to update the flash from the host as the BMC would no longer need
the flash or flash controller.

Signed-off-by:  Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 2e8467c..82cc77e 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -169,6 +169,18 @@ then
 	rwfst=none
 fi
 
+if grep -w copy-base-filesystem-to-ram $optfile &&
+	test ! -e /run/image-rofs && ! cp $rodev /run/image-rofs 
+then
+	# Remove any partial copy to avoid attempted usage later
+	if test -e  /run/image-rofs
+	then
+		ls -l /run/image-rofs
+		rm -f /run/image-rofs
+	fi
+	debug_takeover "Copying $rodev to /run/image-rofs failed."
+fi
+
 if test -s /run/image-rofs
 then
 	rodev=/run/image-rofs
-- 
2.7.1

[PATCH openbmc 26/32] init: Be explicit about saving and restoring files.

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

When calling update for save and restore phases be explicitly tell
update to clean saved files when we are done and not bother trying
to save or restore when we know we will do a split save, erase, and
restore sequence.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh       | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 82cc77e..725c19c 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -149,15 +149,14 @@ then
 	elif test -f $trigger -a ! -s $trigger
 	then
 		echo "Saving selected files from read-write overlay filesystem."
-		/update && rm -f $image*
+		/update --no-restore-files
 		echo "Clearing read-write overlay filesystem."
 		flash_eraseall /dev/$rwfs
 		echo "Restoring saved files to read-write overlay filesystem."
 		touch $trigger
-		/update 
-		rm -rf /save $trigger
+		/update --no-save-files --clean-saved-files
 	else
-		/update && rm -f $image*
+		/update --clean-saved-files
 	fi
 
 	rwfst=$(probe_fs_type $rwdev)
-- 
2.7.1

[PATCH openbmc 27/32] init: Call update from initramfs directory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Use the copy in /run/initramfs/update to call update to be consistent
with other uses.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 725c19c..7f82d9b 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -102,6 +102,7 @@ fsckbase=/sbin/fsck.
 fsck=$fsckbase$rwfst
 fsckopts=-a
 optfile=/run/initramfs/init-options
+update=/run/initramfs/update
 
 if test ! -f $optfile
 then
@@ -143,20 +144,20 @@ fi
 
 if ls $image* > /dev/null 2>&1
 then
-	if ! test -x /update
+	if ! test -x $update
 	then
-		debug_takeover "Flash update requested but /update missing!"
+		debug_takeover "Flash update requested but $update missing!"
 	elif test -f $trigger -a ! -s $trigger
 	then
 		echo "Saving selected files from read-write overlay filesystem."
-		/update --no-restore-files
+		$update --no-restore-files
 		echo "Clearing read-write overlay filesystem."
 		flash_eraseall /dev/$rwfs
 		echo "Restoring saved files to read-write overlay filesystem."
 		touch $trigger
-		/update --no-save-files --clean-saved-files
+		$update --no-save-files --clean-saved-files
 	else
-		/update --clean-saved-files
+		$update --clean-saved-files
 	fi
 
 	rwfst=$(probe_fs_type $rwdev)
-- 
2.7.1

[PATCH openbmc 28/32] init: Add option to copy files into memory

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Add an option to copy files from the rwfs to ram then run in ram.

This allows customizations like user ids and network settings to
be initialized from the read-write filesystem.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-init.sh               | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 7f82d9b..ecf3377 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -169,6 +169,21 @@ then
 	rwfst=none
 fi
 
+copyfiles=
+if grep -w copy-files-to-ram $optfile
+then
+	rwfst=none
+	copyfiles=y
+fi
+
+# It would be nice to do this after fsck but that mean rofs is mounted
+# which triggers the mtd is mounted check
+if test "$rwfst$copyfiles" = noney
+then
+	touch $trigger
+	$update --copy-files --clean-saved-files --no-restore-files
+fi
+
 if grep -w copy-base-filesystem-to-ram $optfile &&
 	test ! -e /run/image-rofs && ! cp $rodev /run/image-rofs 
 then
-- 
2.7.1

[PATCH openbmc 29/32] init: Look for options in u-boot environment

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Look in the saved u-boot environment for init options in addition
to the kernel command line.  This allows setting options to run
in the u-boot environment instead of setting bootargs.

Look at specific variables but not the whole environment so that
users can setup variable to run.  Look at two variables so scripts
can automatically clear one on successful boot as one-time options
(defer that to the full filesystem).

Instead of having the full fw_setenv / fw_getenv binaries which
would overflow the existing space for the initramfs, just use the
busybox strings command to extract the variables.  The oldest
variable might get a crc32 character or flag byte if redundant
environment were configured for nand but that is not expected
to be these user defined variables.

[1] The environment consists of a crc32, a flag byte if a
redundant environment is configured, then a series of var=value
strings seperated by NUL bytes.  The flag byte is 1 (active) or 0
(obsolete) for NOR flash, or a counter 0-255 in nand, the flag
byte cycles through 0-255.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../obmc-phosphor-initfs/files/obmc-init.sh               | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index ecf3377..87f71e6 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -44,6 +44,19 @@ probe_fs_type() {
 	echo ${fst:=jffs2}
 }
 
+# This fw_get_env_var is a simple but slightly broken version of fw_printenv: 
+# The u-boot environemnt starts with a crc32, followed by a flag byte
+# when a redundannt environment is configured, followed by var=value\0 sets.
+# The flag byte for nand is a 1 byte counter; for nor it is a 1 or 0 byte.
+# The crc and/or nand flag byte can contain printable characters and be
+# considered part of the first string and parsed as part of the variable
+# name.  In addition a variable could have a "\n" embedded in it, this code
+# would split that variable.  Ignore for now, the last set var is at the end.
+
+get_fw_env_var() {
+	strings /run/fw_env | sed -ne "s/^$1=//p"
+}
+
 debug_takeover() {
 	echo "$@"
 	test -n "$@" && echo Enter password to try to manually fix.
@@ -107,6 +120,8 @@ update=/run/initramfs/update
 if test ! -f $optfile
 then
 	cat /proc/cmdline > $optfile
+	get_fw_env_var openbmcinit >> $optfile
+	get_fw_env_var openbmconce >> $optfile
 fi
 
 echo rofs = $rofs $rofst   rwfs = $rwfs $rwfst
-- 
2.7.1

[PATCH openbmc 30/32] init: Add a hook to download files

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Add a hook to run a shell command line that is stored in a u-boot
environment variable.  Only execute this command if the previously
established options file has a keyword trigger.  Do not even consider
the option if a build option flag is not set to y.

This allows one to specify at u-boot commands that would download
a read-only file system into memory for execution this boot instead
of needing to create a custom initramfs to netboot or specifing
debug-init-sh, entering the password, and doing the download from
the shell.

If the u-boot environment variable is empty or missing but both
the build variable is set and the keyword trigger are set print
a diagnostic message.  If the command fails invoke standard
debug_takeover for corrective action.

An example script:
fw_setenv openbmcinitdownload 'cp /proc/net/pnp /run/resolv.conf ; ln -snf ../run/resolv.conf /etc/resolv.conf ; wget -O /run/image-rofs http://server.example.com/path/image-test-rofs'
---
 .../obmc-phosphor-initfs/files/obmc-init.sh               | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
index 87f71e6..71a72fb 100644
--- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
+++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
@@ -101,6 +101,7 @@ rwdev=/dev/mtdblock${rwfs#mtd}
 # Set to y for yes, anything else for no.
 force_rwfst_jffs2=y
 flash_images_before_init=n
+consider_openbmc_download_files=y
 
 rofst=squashfs
 rwfst=$(probe_fs_type $rwdev)
@@ -131,6 +132,20 @@ then
 	debug_takeover "Debug initial shell requested by command line."
 fi
 
+if test "x$consider_openbmc_download_files" = xy &&
+	grep -w openbmc-init-download-files $optfile
+then
+	echo "Executing download hook..."
+	cmd="$(get_fw_env_var openbmcinitdownload)"
+	if test -z "$cmd"
+	then
+		echo 2>&1 "Download command not found or empty, skipping."
+	elif ! sh -xc "$cmd"
+	then
+		debug_takeover "Download command '$cmd' failed."
+	fi
+fi
+
 # If there are images in root move them to /run/initramfs/ or /run/ now.
 imagebasename=${image##*/}
 if test -n "${imagebasename}" && ls /${imagebasename}* > /dev/null 2>&1
-- 
2.7.1

[PATCH openbmc 31/32] Add clear-once service

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Create a service unit to clear the openbmconce variable in the
the u-boot environment with fw_setenv.

Set the timeout to allow the flash to be written, even though we
currently just update the ram shadow file.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 .../common/recipes-phosphor/clear-once/clear-once.bb      |  8 ++++++++
 .../clear-once/clear-once/clear-once.service              | 15 +++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 meta-phosphor/common/recipes-phosphor/clear-once/clear-once.bb
 create mode 100644 meta-phosphor/common/recipes-phosphor/clear-once/clear-once/clear-once.service

diff --git a/meta-phosphor/common/recipes-phosphor/clear-once/clear-once.bb b/meta-phosphor/common/recipes-phosphor/clear-once/clear-once.bb
new file mode 100644
index 0000000..61e3c20
--- /dev/null
+++ b/meta-phosphor/common/recipes-phosphor/clear-once/clear-once.bb
@@ -0,0 +1,8 @@
+
+SUMMARY = "Clear boot-once variables"
+DESCRIPTION = "Clear u-boot variables used for one-time boot flow"
+
+RPROVIDES_${PN} += "clear-once"
+
+inherit obmc-phosphor-systemd
+inherit obmc-phosphor-license
diff --git a/meta-phosphor/common/recipes-phosphor/clear-once/clear-once/clear-once.service b/meta-phosphor/common/recipes-phosphor/clear-once/clear-once/clear-once.service
new file mode 100644
index 0000000..a7641e6
--- /dev/null
+++ b/meta-phosphor/common/recipes-phosphor/clear-once/clear-once/clear-once.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Clear one time boot overrides
+
+ConditionFileNotEmpty=/etc/fw_env.config
+RequiresMountsFor=/run /sbin /etc
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+
+# It took 7 seconds to erase and write flash, be conservative
+TimeoutStartSec=60
+Restart=no
+
+ExecStart=/sbin/fw_setenv openbmconce
-- 
2.7.1

[PATCH openbmc 32/32] host-ipmid: OEM command will require clear-once service

[OpenBMC Patches]

From: "Milton D. Miller II" <miltonm@us.ibm.com>

Tell systemd the host-ipmid service wants the clear-once service
to be started, and that it wants to run after the clear-once
service.

The new OEM command will use the openbmc init run once variables
set in the u-boot environment.  We want the u-boot variable
cleared before the host can request it be set again.

Tell bitbake to require the clean-once package.

Signed-off-by: Milton Miller <miltonm@us.ibm.com>
---
 meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid.bb          | 1 +
 .../common/recipes-phosphor/host-ipmid/host-ipmid/host-ipmid.service    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid.bb b/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid.bb
index 68bd38b..9e25cd2 100644
--- a/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid.bb
+++ b/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid.bb
@@ -14,6 +14,7 @@ inherit obmc-phosphor-c-daemon
 
 TARGET_CFLAGS   += "-fpic"
 
+RDEPENDS_${PN} += "clear-once"
 RDEPENDS_${PN} += "settings"
 RDEPENDS_${PN} += "network"
 SRC_URI += "git://github.com/openbmc/phosphor-host-ipmid"
diff --git a/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid/host-ipmid.service b/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid/host-ipmid.service
index ee9ce1a..ce96dbc 100644
--- a/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid/host-ipmid.service
+++ b/meta-phosphor/common/recipes-phosphor/host-ipmid/host-ipmid/host-ipmid.service
@@ -1,5 +1,7 @@
 [Unit]
 Description=Phosphor OpenBMC IPMI daemon
+Wants=clear-once.service
+After=clear-once.service
 
 [Service]
 ExecStart=/usr/sbin/ipmid
-- 
2.7.1

Re: [PATCH openbmc 30/32] init: Add a hook to download files

[Joel Stanley]

On Sat, Mar 5, 2016 at 11:00 PM, OpenBMC Patches
<openbmc-patches@stwcx.xyz> wrote:
> From: "Milton D. Miller II" <miltonm@us.ibm.com>
>
> Add a hook to run a shell command line that is stored in a u-boot
> environment variable.  Only execute this command if the previously
> established options file has a keyword trigger.  Do not even consider
> the option if a build option flag is not set to y.

This patch should not be merged. It creates a worrying backdoor into
our system where the boot process will run arbitrary commands from
untrusted u-boot variables.

If we need to set state in u-boot in order to trigger an update, then
I can imagine we might allow a flag to be set that says "do_update=1",
and the system can pick up on this and grab updates from it's
configured update source.

Cheers,

Joel

>
> This allows one to specify at u-boot commands that would download
> a read-only file system into memory for execution this boot instead
> of needing to create a custom initramfs to netboot or specifing
> debug-init-sh, entering the password, and doing the download from
> the shell.
>
> If the u-boot environment variable is empty or missing but both
> the build variable is set and the keyword trigger are set print
> a diagnostic message.  If the command fails invoke standard
> debug_takeover for corrective action.
>
> An example script:
> fw_setenv openbmcinitdownload 'cp /proc/net/pnp /run/resolv.conf ; ln -snf ../run/resolv.conf /etc/resolv.conf ; wget -O /run/image-rofs http://server.example.com/path/image-test-rofs'
> ---
>  .../obmc-phosphor-initfs/files/obmc-init.sh               | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
>
> diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
> index 87f71e6..71a72fb 100644
> --- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
> +++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh
> @@ -101,6 +101,7 @@ rwdev=/dev/mtdblock${rwfs#mtd}
>  # Set to y for yes, anything else for no.
>  force_rwfst_jffs2=y
>  flash_images_before_init=n
> +consider_openbmc_download_files=y
>
>  rofst=squashfs
>  rwfst=$(probe_fs_type $rwdev)
> @@ -131,6 +132,20 @@ then
>         debug_takeover "Debug initial shell requested by command line."
>  fi
>
> +if test "x$consider_openbmc_download_files" = xy &&
> +       grep -w openbmc-init-download-files $optfile
> +then
> +       echo "Executing download hook..."
> +       cmd="$(get_fw_env_var openbmcinitdownload)"
> +       if test -z "$cmd"
> +       then
> +               echo 2>&1 "Download command not found or empty, skipping."
> +       elif ! sh -xc "$cmd"
> +       then
> +               debug_takeover "Download command '$cmd' failed."
> +       fi
> +fi
> +
>  # If there are images in root move them to /run/initramfs/ or /run/ now.
>  imagebasename=${image##*/}
>  if test -n "${imagebasename}" && ls /${imagebasename}* > /dev/null 2>&1
> --
> 2.7.1
>
>
> _______________________________________________
> openbmc mailing list
> openbmc@lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/openbmc

Re: [PATCH openbmc 30/32] init: Add a hook to download files

[Andrew Jeffery]

[-- Attachment #1: Type: text/plain, Size: 1748 bytes --]

On Mon, 2016-03-07 at 11:03 +1030, Joel Stanley wrote:
> On Sat, Mar 5, 2016 at 11:00 PM, OpenBMC Patches
> <openbmc-patches@stwcx.xyz> wrote:
> > From: "Milton D. Miller II" <miltonm@us.ibm.com>
> >
> > Add a hook to run a shell command line that is stored in a u-boot
> > environment variable.  Only execute this command if the previously
> > established options file has a keyword trigger.  Do not even consider
> > the option if a build option flag is not set to y.
> 
> This patch should not be merged. It creates a worrying backdoor into
> our system where the boot process will run arbitrary commands from
> untrusted u-boot variables.

+1

> 
> If we need to set state in u-boot in order to trigger an update, then
> I can imagine we might allow a flag to be set that says "do_update=1",
> and the system can pick up on this and grab updates from it's
> configured update source.

+1

However, how should we define the update source? Is burning it into the
current boot environment too restrictive? Can we make it less
restrictive but not go as far as arbitrary command execution? I take it
there's something driving the inclusion of a automated network-fetch
-and-update-at-init feature for it to be included at all? We can
already update the partitions during shutdown, and if we boot from the
flash to trigger this process then we won't be running an updated
kernel or initrd until the following reboot, right? I guess it does
avoid multiple reboots to, say, resolve a kernel bug and then update
the remaining partitions (i.e. update the kernel/initrd at shutdown,
update the remainder at init), but I don't think that's worth executing
arbitrary untrusted commands if it's the only use-case.

Andrew

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]