[PATCH V2 0/3] Support 'read-only-rootfs' IMAGE_FEATURES for systemd based systems

[PATCH V2 0/3] Support 'read-only-rootfs' IMAGE_FEATURES for systemd based systems

[Chen Qi]

This patchset mainly comes from https://github.com/MentorEmbedded/meta-ro-rootfs with only a little
modification.

//Chen Qi

The following changes since commit 3f7fcbc167c13bdaa6c12a81c7851530d72f02e0:

  directfb-examples: Fix building with new autoconf (2014-07-27 08:30:13 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib ChenQi/systemd_readonly
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/systemd_readonly

Chen Qi (3):
  volatile-binds: add recipe
  systemd: add volatile-binds to RDEPENDS
  image.bbclass: tweak read_only_rootfs_hook to also support systemd
    based systems

 meta/classes/image.bbclass                         |    5 +-
 meta/recipes-core/systemd/systemd_213.bb           |    1 +
 meta/recipes-core/volatile-binds/files/COPYING.MIT |   17 +++++
 .../volatile-binds/files/mount-copybind            |   34 ++++++++++
 .../volatile-binds/files/volatile-binds.service.in |   19 ++++++
 meta/recipes-core/volatile-binds/volatile-binds.bb |   69 ++++++++++++++++++++
 6 files changed, 143 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/volatile-binds/files/COPYING.MIT
 create mode 100755 meta/recipes-core/volatile-binds/files/mount-copybind
 create mode 100644 meta/recipes-core/volatile-binds/files/volatile-binds.service.in
 create mode 100644 meta/recipes-core/volatile-binds/volatile-binds.bb

-- 
1.7.9.5

[PATCH V2 1/3] volatile-binds: add recipe

[Chen Qi]

This recipe is designed to play a key role in a read-only rootfs
of systemd based systems. It generates service files from a template,
volatile-binds.service.in and the VOLATILE_BINDS variable.

By default, VOLATILE_BINDS takes the value of "/var/volatile/lib /var/lib\n",
which leads to the generation of volatile-var-lib.service file.
This file doesn't have any effect in a read-write system, as it
has "ConditionPathIsReadWrite = !/var/lib" in the [Unit] section.
In other words, this file only has effect in a read-only rootfs.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/recipes-core/volatile-binds/files/COPYING.MIT |   17 +++++
 .../volatile-binds/files/mount-copybind            |   34 ++++++++++
 .../volatile-binds/files/volatile-binds.service.in |   19 ++++++
 meta/recipes-core/volatile-binds/volatile-binds.bb |   69 ++++++++++++++++++++
 4 files changed, 139 insertions(+)
 create mode 100644 meta/recipes-core/volatile-binds/files/COPYING.MIT
 create mode 100755 meta/recipes-core/volatile-binds/files/mount-copybind
 create mode 100644 meta/recipes-core/volatile-binds/files/volatile-binds.service.in
 create mode 100644 meta/recipes-core/volatile-binds/volatile-binds.bb

diff --git a/meta/recipes-core/volatile-binds/files/COPYING.MIT b/meta/recipes-core/volatile-binds/files/COPYING.MIT
new file mode 100644
index 0000000..7e7d574
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
new file mode 100755
index 0000000..2aeaf84
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# Perform a bind mount, copying existing files as we do so to ensure the
+# overlaid path has the necessary content.
+
+if [ $# -lt 2 ]; then
+    echo >&2 "Usage: $0 spec mountpoint [OPTIONS]"
+    exit 1
+fi
+
+spec=$1
+mountpoint=$2
+
+if [ $# -gt 2 ]; then
+    options=$3
+else
+    options=
+fi
+
+[ -n "$options" ] && options=",$options"
+
+mkdir -p "${spec%/*}"
+if [ -d "$mountpoint" ]; then
+    if [ ! -d "$spec" ]; then
+        mkdir "$spec"
+        cp -pPR "$mountpoint"/. "$spec/"
+    fi
+elif [ -f "$mountpoint" ]; then
+    if [ ! -f "$spec" ]; then
+        cp -pP "$mountpoint" "$spec"
+    fi
+fi
+
+mount -o "bind$options" "$spec" "$mountpoint"
diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
new file mode 100644
index 0000000..32be5b4
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=Bind mount volatile @where@
+DefaultDependencies=false
+Before=local-fs.target
+RequiresMountsFor=@whatparent@ @whereparent@
+ConditionPathIsReadWrite=@whatparent@
+ConditionPathExists=@where@
+ConditionPathIsReadWrite=!@where@
+
+[Service]
+Type=oneshot
+RemainAfterExit=Yes
+StandardOutput=syslog
+TimeoutSec=0
+ExecStart=/sbin/mount-copybind @what@ @where@
+ExecStop=/sbin/umount @where@
+
+[Install]
+WantedBy=local-fs.target
diff --git a/meta/recipes-core/volatile-binds/volatile-binds.bb b/meta/recipes-core/volatile-binds/volatile-binds.bb
new file mode 100644
index 0000000..4080ff7
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/volatile-binds.bb
@@ -0,0 +1,69 @@
+SUMMARY = "Volatile bind mount setup and configuration for read-only-rootfs"
+DESCRIPTION = "${SUMMARY}"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://../COPYING.MIT;md5=5750f3aa4ea2b00c2bf21b2b2a7b714d"
+
+SRC_URI = "\
+    file://mount-copybind \
+    file://COPYING.MIT \
+    file://volatile-binds.service.in \
+"
+
+inherit allarch systemd distro_features_check
+
+REQUIRED_DISTRO_FEATURES = "systemd"
+
+VOLATILE_BINDS ?= "\
+    /var/volatile/lib /var/lib\n\
+"
+VOLATILE_BINDS[type] = "list"
+VOLATILE_BINDS[separator] = "\n"
+
+def volatile_systemd_services(d):
+    services = []
+    for line in oe.data.typed_value("VOLATILE_BINDS", d):
+        if not line:
+            continue
+        what, where = line.split(None, 1)
+        services.append("%s.service" % what[1:].replace("/", "-"))
+    return " ".join(services)
+
+SYSTEMD_SERVICE_volatile-binds = "${@volatile_systemd_services(d)}"
+
+FILES_${PN} += "${systemd_unitdir}/system/*.service"
+
+do_compile () {
+    while read spec mountpoint; do
+        if [ -z "$spec" ]; then
+            continue
+        fi
+
+        servicefile="${spec#/}"
+        servicefile="$(echo "$servicefile" | tr / -).service"
+        sed -e "s#@what@#$spec#g; s#@where@#$mountpoint#g" \
+            -e "s#@whatparent@#${spec%/*}#g; s#@whereparent@#${mountpoint%/*}#g" \
+            volatile-binds.service.in >$servicefile
+    done <<END
+${@d.getVar('VOLATILE_BINDS', True).replace("\\n", "\n")}
+END
+
+    if [ -e var-volatile-lib.service ]; then
+        # As the seed is stored under /var/lib, ensure that this service runs
+        # after the volatile /var/lib is mounted.
+        sed -i -e "/^Before=/s/\$/ systemd-random-seed.service/" \
+               -e "/^WantedBy=/s/\$/ systemd-random-seed.service/" \
+               var-volatile-lib.service
+    fi
+}
+do_compile[dirs] = "${WORKDIR}"
+
+do_install () {
+    install -d ${D}${base_sbindir}
+    install -m 0755 mount-copybind ${D}${base_sbindir}/
+
+    install -d ${D}${systemd_unitdir}/system
+    for service in ${SYSTEMD_SERVICE_volatile-binds}; do
+        install -m 0644 $service ${D}${systemd_unitdir}/system/
+    done
+}
+do_install[dirs] = "${WORKDIR}"
-- 
1.7.9.5

[PATCH V2 2/3] systemd: add volatile-binds to RDEPENDS

[Chen Qi]

This services generated from volatile-binds.bb recipe file only have
effect in a read-only filesystem. So if the rootfs is read-write, the
related service are not started.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/recipes-core/systemd/systemd_213.bb |    1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/systemd/systemd_213.bb b/meta/recipes-core/systemd/systemd_213.bb
index 5de7cdc..4fb7ffc 100644
--- a/meta/recipes-core/systemd/systemd_213.bb
+++ b/meta/recipes-core/systemd/systemd_213.bb
@@ -243,6 +243,7 @@ FILES_${PN}-dbg += "${rootlibdir}/.debug ${systemd_unitdir}/.debug ${systemd_uni
 FILES_${PN}-dev += "${base_libdir}/security/*.la ${datadir}/dbus-1/interfaces/ ${sysconfdir}/rpm/macros.systemd"
 
 RDEPENDS_${PN} += "kmod dbus util-linux-mount udev (= ${EXTENDPKGV})"
+RDEPENDS_${PN} += "volatile-binds"
 
 RRECOMMENDS_${PN} += "systemd-serialgetty systemd-compat-units udev-hwdb\
                       util-linux-agetty \
-- 
1.7.9.5

[PATCH V2 3/3] image.bbclass: tweak read_only_rootfs_hook to also support systemd based systems

[Chen Qi]

Modify the read_only_rootfs_hook function to make it also have effect
on systemd based systems.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/classes/image.bbclass |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index da13bb8..82605f2 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -199,9 +199,10 @@ do_rootfs[umask] = "022"
 # A hook function to support read-only-rootfs IMAGE_FEATURES
 # Currently, it only supports sysvinit system.
 read_only_rootfs_hook () {
+	# Tweak the mount option and fs_passno for rootfs in fstab
+	sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${IMAGE_ROOTFS}/etc/fstab
+
 	if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then
-	        # Tweak the mount option and fs_passno for rootfs in fstab
-		sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${IMAGE_ROOTFS}/etc/fstab
 	        # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
 		if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then
 			sed -i 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' ${IMAGE_ROOTFS}/etc/default/rcS
-- 
1.7.9.5