[isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay

[isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay

[Jan Kiszka]

This addresses the problem of current read-only rootfs + /etc overlay as
used for the SWUpdate setups.

Due to ordering issues in systemd startup between machine-id handling
vs. making /etc writable via the overlay, various things are broken down
the line, e.g. journal reporting. Reading [1], it appeared to be best to
move the overlay mounting into the initramfs. And this implementation
proves this to be right: simpler and working smoothly.

As a by-product, this also unifies the initramfs-abrootfs-hook, and
makes it simpler as well.

Jan

[1] https://www.spinics.net/lists/systemd-devel/msg05670.html

Jan Kiszka (3):
  wic: Align kernel command line of qemu-amd64-efibootguard*
  initramfs-abrootfs-hook: Convert to an initramfs-class recipe
  Convert /etc overlay from systemd mount unit to initramfs hook

 classes/image_uuid.bbclass                    |  6 +-
 classes/secure-wic-swu-img.bbclass            |  4 --
 classes/wic-swu-img.bbclass                   |  6 +-
 kas/opt/ebg-secure-boot-snakeoil.yml          |  1 +
 kas/opt/ebg-swu.yml                           |  2 +-
 .../etc-overlay-fs/etc-overlay-fs_0.1.bb      | 32 ---------
 .../etc-overlay-fs/files/etc-hostname.service | 14 ----
 .../files/etc-sshd-regen-keys.conf            |  6 --
 .../etc-overlay-fs/files/etc-sysusers.conf    |  4 --
 recipes-core/etc-overlay-fs/files/etc.mount   | 13 ----
 recipes-core/etc-overlay-fs/files/postinst    |  4 --
 .../cip-core-initramfs/cip-core-initramfs.bb  |  2 +-
 .../{initramfs.lsblk.hook => abrootfs.hook}   | 11 +---
 .../files/abrootfs.script                     | 66 +++++++++++++++++++
 .../files/initramfs.image_uuid.hook           | 33 ----------
 .../initramfs-abrootfs-hook/files/postinst    |  6 --
 .../initramfs-abrootfs-hook_0.1.bb            | 41 +++++++-----
 .../files/etc-overlay.script                  | 24 +++++++
 .../initramfs-etc-overlay-hook_0.1.bb         | 27 ++++++++
 wic/qemu-amd64-efibootguard-secureboot.wks.in |  2 +-
 20 files changed, 156 insertions(+), 148 deletions(-)
 delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
 delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
 rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%)
 create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
 delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
 delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst
 create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
 create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb

-- 
2.34.1

[isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard*

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

"rw" is meaningless and misleading for the read-only rootfs we have.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 54f7143..affa299 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -12,4 +12,4 @@ part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE
 part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
 part /var  --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var  --fstype=ext4 --label var  --align 1024 --size 2G
 
-bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait rw earlyprintk"
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"
-- 
2.34.1

[isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

This unifies the pattern we generate initramfs images for non-secure and
secure SWUpdate images. Besides cleaning up the related abrootfs
selection hook, the unification is a precondition for adding another
initramfs recipe later that will be shared between both image types

The pattern followed in the new initramfs-abrootfs-hook script is now
similar to initramfs-verity-hook: a local-top hook is used, rather than
a patch for Debian's local script. This hook looks for the matching
rootfs by read-only mounting candidates, comparing the contained UUID
against the one stored in the initramfs, unmounting again, and then
setting the ROOT variable on match.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 classes/image_uuid.bbclass                    |  6 +-
 classes/secure-wic-swu-img.bbclass            |  4 --
 classes/wic-swu-img.bbclass                   |  6 ++
 kas/opt/ebg-secure-boot-snakeoil.yml          |  1 +
 kas/opt/ebg-swu.yml                           |  2 +-
 .../cip-core-initramfs/cip-core-initramfs.bb  |  4 --
 .../{initramfs.lsblk.hook => abrootfs.hook}   | 11 +---
 .../files/abrootfs.script                     | 66 +++++++++++++++++++
 .../files/initramfs.image_uuid.hook           | 33 ----------
 .../initramfs-abrootfs-hook/files/postinst    |  6 --
 .../initramfs-abrootfs-hook_0.1.bb            | 41 +++++++-----
 11 files changed, 104 insertions(+), 76 deletions(-)
 rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%)
 create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
 delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
 delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst

diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
index 2813ed9..7294eb3 100644
--- a/classes/image_uuid.bbclass
+++ b/classes/image_uuid.bbclass
@@ -1,10 +1,11 @@
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2022
 #
 # Authors:
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#  Jan Kiszka <jan.kiszka@siemens.com>
 #
 # SPDX-License-Identifier: MIT
 #
@@ -27,7 +28,6 @@ do_generate_image_uuid() {
         sudo tee -a '${IMAGE_ROOTFS}/etc/os-release'
     image_do_mounts
 
-    # update initramfs to add uuid
-    sudo chroot '${IMAGE_ROOTFS}' update-initramfs -u
+    echo "TARGET_IMAGE_UUID=\"${IMAGE_UUID}\"" > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.uuid.env"
 }
 addtask generate_image_uuid before do_copy_boot_files after do_rootfs_install
diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
index 85342fe..5e8e48a 100644
--- a/classes/secure-wic-swu-img.bbclass
+++ b/classes/secure-wic-swu-img.bbclass
@@ -9,10 +9,6 @@
 # SPDX-License-Identifier: MIT
 #
 
-INITRAMFS_RECIPE ?= "cip-core-initramfs"
-do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
-INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
-
 inherit verity-img
 inherit wic-swu-img
 
diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
index 231b249..b93a96a 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/wic-swu-img.bbclass
@@ -16,6 +16,12 @@ inherit wic-img
 inherit swupdate-img
 
 IMAGE_INSTALL += "etc-overlay-fs"
+
+INITRAMFS_RECIPE ?= "cip-core-initramfs"
+INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
+
+do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
+
 IMAGE_INSTALL += "home-fs"
 IMAGE_INSTALL += "tmp-fs"
 
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 14a5d6a..b329f41 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -25,6 +25,7 @@ local_conf_header:
   secure-boot-image: |
     IMAGE_FSTYPES = "secure-wic-swu-img"
     WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
+    INITRAMFS_INSTALL_append = " initramfs-verity-hook"
 
   secure-boot: |
     # Add snakeoil binaries for qemu
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index d811929..5e4e771 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -17,7 +17,7 @@ header:
 
 local_conf_header:
   initramfs: |
-    IMAGE_INSTALL += "initramfs-abrootfs-hook"
+    INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"
 
   image-option-uuid: |
     CIP_IMAGE_OPTIONS_append = " image-uuid.inc"
diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
index 825fb9f..649daa2 100644
--- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
+++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
@@ -10,7 +10,3 @@
 #
 
 inherit initramfs
-
-INITRAMFS_INSTALL += " \
-    initramfs-verity-hook \
-    "
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
similarity index 62%
rename from recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook
rename to recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
index cf32404..bacbc2e 100644
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook
+++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
@@ -1,9 +1,8 @@
-# This software is a part of ISAR.
-# Copyright (C) Siemens AG, 2020
+#!/bin/sh
+# Copyright (C) Siemens AG, 2020-2022
 #
 # SPDX-License-Identifier: MIT
 
-#!/bin/sh
 PREREQ=""
 
 prereqs()
@@ -21,9 +20,5 @@ esac
 . /usr/share/initramfs-tools/scripts/functions
 . /usr/share/initramfs-tools/hook-functions
 
-if [ ! -x /usr/bin/lsblk ]; then
-	echo "Warning: couldn't find /usr/bin/lsblk!"
-	exit 0
-fi
-
 copy_exec /usr/bin/lsblk
+copy_file library /usr/share/abrootfs/image-uuid.env /usr/share/abrootfs/image-uuid.env
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
new file mode 100644
index 0000000..b61fe30
--- /dev/null
+++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020-2022
+#
+# Authors:
+#  Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+prereqs()
+{
+    # Make sure that this script is run last in local-top
+    local req
+    for req in "${0%/*}"/*; do
+        script="${req##*/}"
+        if [ "$script" != "${0##*/}" ]; then
+            printf '%s\n' "$script"
+        fi
+    done
+}
+case $1 in
+prereqs)
+    prereqs
+    exit 0
+    ;;
+esac
+
+. /scripts/functions
+. /usr/share/abrootfs/image-uuid.env
+
+# Even if this script fails horribly, make sure there won't be a chance the
+# current $ROOT will be attempted.  As this device most likely contains a
+# perfectly valid filesystem, it would be mounted successfully, leading to a
+# broken boot.
+echo "ROOT=/dev/null" >/conf/param.conf
+wait_for_udev 10
+case "$ROOT" in
+    PART*)
+        # root was given as PARTUUID= or PARTLABEL=. Use blkid to find the matching
+        # partition
+        ROOT=$(blkid --list-one --output device --match-token "$ROOT")
+        ;;
+    "")
+        # No Root device was given. Use find the matching IMAGE_UUID
+        partitions=$(blkid -o device)
+        for part in $partitions; do
+            if [ "$(blkid -p ${part} --match-types novfat -s USAGE -o value)" = "filesystem" ]; then
+                mount -o ro -t $(get_fstype $part) $part ${rootmnt}
+                . ${rootmnt}/etc/os-release
+                umount ${rootmnt}
+                if [ "${IMAGE_UUID}" = "${TARGET_IMAGE_UUID}" ]; then
+                    ROOT="$part"
+                    break
+                fi
+            fi
+        done
+        ;;
+esac
+
+if [ -z "${ROOT}" ]; then
+    panic "Can't find the root device with matching UUID!"
+fi
+
+echo "ROOT=${ROOT}" >/conf/param.conf
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
deleted file mode 100644
index 910ce84..0000000
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
+++ /dev/null
@@ -1,33 +0,0 @@
-# This software is a part of ISAR.
-# Copyright (C) Siemens AG, 2020
-#
-# SPDX-License-Identifier: MIT
-
-#!/bin/sh
-set -x
-PREREQ=""
-
-prereqs()
-{
-     echo "$PREREQ"
-}
-
-case $1 in
-prereqs)
-     prereqs
-     exit 0
-     ;;
-esac
-
-. /usr/share/initramfs-tools/scripts/functions
-. /usr/share/initramfs-tools/hook-functions
-
-if [ ! -e /etc/os-release ]; then
-	echo "Warning: couldn't find /etc/os-release!"
-	exit 0
-fi
-
-IMAGE_UUID=$(sed -n 's/^IMAGE_UUID="\(.*\)"/\1/p' /etc/os-release)
-echo "${IMAGE_UUID}" > "${DESTDIR}/conf/image_uuid"
-
-exit 0
\ No newline at end of file
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst b/recipes-initramfs/initramfs-abrootfs-hook/files/postinst
deleted file mode 100644
index e065524..0000000
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-# patch local script
-patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/initramfs-abrootfs-hook/debian-local.patch
-
-update-initramfs -v -u
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
index 9c1776a..1693e85 100644
--- a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
@@ -1,33 +1,40 @@
 #
 # CIP Core, generic profile
 #
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2022
 #
 # Authors:
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#  Jan Kiszka <jan.kiszka@siemens.com>
 #
 # SPDX-License-Identifier: MIT
 
 
 inherit dpkg-raw
 
-DEBIAN_DEPENDS += ", busybox, patch"
+DEBIAN_DEPENDS = "initramfs-tools"
 
-SRC_URI += "file://postinst \
-            file://initramfs.lsblk.hook \
-            file://initramfs.image_uuid.hook \
-            file://debian-local-patch"
+SRC_URI += "file://abrootfs.hook \
+            file://abrootfs.script"
+
+ABROOTFS_IMAGE_RECIPE ?= "cip-core-image"
+
+IMAGE_UUID_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${ABROOTFS_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.uuid.env"
+
+do_install[depends] += "${ABROOTFS_IMAGE_RECIPE}:do_generate_image_uuid"
+do_install[cleandirs] += " \
+    ${D}/usr/share/initramfs-tools/hooks \
+    ${D}/usr/share/abrootfs \
+    ${D}/usr/share/initramfs-tools/scripts/local-top"
 
 do_install() {
-    # add patch for local to /usr/share/initramfs-abrootfs-hook
-    TARGET=${D}/usr/share/initramfs-abrootfs-hook
-    install -m 0755 -d ${TARGET}
-    install -m 0644 ${WORKDIR}/debian-local-patch ${TARGET}/debian-local.patch
-
-    # add hooks for secure boot
-    HOOKS=${D}/etc/initramfs-tools/hooks
-    install -m 0755 -d ${HOOKS}
-    install -m 0740 ${WORKDIR}/initramfs.lsblk.hook ${HOOKS}/lsblk.hook
-    install -m 0740 ${WORKDIR}/initramfs.image_uuid.hook ${HOOKS}/image_uuid.hook
+    if [ -f "${IMAGE_UUID_ENV_FILE}" ]; then
+        install -m 0600 "${IMAGE_UUID_ENV_FILE}" "${D}/usr/share/abrootfs/image-uuid.env"
+    else
+        bberror "Did not find ${IMAGE_UUID_ENV_FILE}. initramfs will not be build correctly!"
+    fi
+    install -m 0755 "${WORKDIR}/abrootfs.script" \
+        "${D}/usr/share/initramfs-tools/scripts/local-top/abrootfs"
+    install -m 0755 "${WORKDIR}/abrootfs.hook" \
+        "${D}/usr/share/initramfs-tools/hooks/abrootfs"
 }
-addtask do_install after do_transform_template
-- 
2.34.1

[isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

As systemd is not well prepared for read-only rootfs, specifically /wrt
machine-id management and anything that depends on it, it's best to
mount the /etc overlay already in the initramfs. This implies that also
/var is mounted at that level. We still keep the fstab setup done by
wic-swu-img class so that systemd will recognize the rootfs as read-only
and not try to remount it rw which will only fail with underlying
squashfs.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 classes/wic-swu-img.bbclass                   |  2 --
 .../etc-overlay-fs/etc-overlay-fs_0.1.bb      | 32 -------------------
 .../etc-overlay-fs/files/etc-hostname.service | 14 --------
 .../files/etc-sshd-regen-keys.conf            |  6 ----
 .../etc-overlay-fs/files/etc-sysusers.conf    |  4 ---
 recipes-core/etc-overlay-fs/files/etc.mount   | 13 --------
 recipes-core/etc-overlay-fs/files/postinst    |  4 ---
 .../cip-core-initramfs/cip-core-initramfs.bb  |  4 +++
 .../files/etc-overlay.script                  | 24 ++++++++++++++
 .../initramfs-etc-overlay-hook_0.1.bb         | 27 ++++++++++++++++
 10 files changed, 55 insertions(+), 75 deletions(-)
 delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
 delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
 delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
 create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
 create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb

diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
index b93a96a..41b2164 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/wic-swu-img.bbclass
@@ -15,8 +15,6 @@ inherit squashfs-img
 inherit wic-img
 inherit swupdate-img
 
-IMAGE_INSTALL += "etc-overlay-fs"
-
 INITRAMFS_RECIPE ?= "cip-core-initramfs"
 INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
 
diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
deleted file mode 100644
index 4e2b80b..0000000
--- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2021
-#
-# Authors:
-#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-
-inherit dpkg-raw
-
-SRC_URI = "file://postinst \
-           file://etc.mount \
-           file://etc-hostname.service \
-           file://etc-sshd-regen-keys.conf \
-           file://etc-sysusers.conf"
-
-do_install[cleandirs]+="${D}/usr/lib/systemd/system \
-                        ${D}/usr/lib/systemd/system/local-fs.target.wants \
-                        ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
-                        ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
-                        ${D}/var/local/etc \
-                        ${D}/var/local/.atomic \
-                        "
-do_install() {
-    TARGET=${D}/usr/lib/systemd/system
-    install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
-    install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
-    install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
-    install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
-}
diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
deleted file mode 100644
index 2306b9f..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=set hostname /etc overlay-aware
-Before=network-pre.target
-Wants=network-pre.target
-Requires=etc.mount
-After=etc.mount
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/hostname --boot --file /etc/hostname
-
-[Install]
-WantedBy=basic.target
diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
deleted file mode 100644
index b386c12..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-# set hostname /etc overlay-aware
-Before=network-pre.target
-Wants=network-pre.target
-Requires=etc.mount
-After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
deleted file mode 100644
index ad45d7f..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-[Unit]
-# make systemd-sysusers /etc overlay aware
-Requires=etc.mount
-After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
deleted file mode 100644
index f0ae3c5..0000000
--- a/recipes-core/etc-overlay-fs/files/etc.mount
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Overlay-mount /etc
-Requires=var.mount
-After=var.mount
-
-[Mount]
-What=overlay
-Where=/etc
-Type=overlay
-Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
-
-[Install]
-WantedBy=local-fs.target
diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
deleted file mode 100755
index e436b53..0000000
--- a/recipes-core/etc-overlay-fs/files/postinst
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-deb-systemd-helper enable etc.mount  || true
-deb-systemd-helper enable etc-hostname.service || true
diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
index 649daa2..9e0ee26 100644
--- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
+++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
@@ -10,3 +10,7 @@
 #
 
 inherit initramfs
+
+INITRAMFS_INSTALL += " \
+    initramfs-etc-overlay-hook \
+    "
diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
new file mode 100644
index 0000000..08271cd
--- /dev/null
+++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs()
+{
+	echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+	prereqs
+	exit 0
+	;;
+esac
+
+. /scripts/functions
+
+mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var ${rootmnt}/var
+
+mkdir -p ${rootmnt}/var/local/etc
+mkdir -p ${rootmnt}/var/local/.atomic
+mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc
diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
new file mode 100644
index 0000000..19e9261
--- /dev/null
+++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
@@ -0,0 +1,27 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+#  Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+SRC_URI += " \
+    file://etc-overlay.script \
+    "
+
+DEBIAN_DEPENDS = "initramfs-tools"
+
+do_install[cleandirs] += " \
+    ${D}/usr/share/initramfs-tools/hooks \
+    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+
+do_install() {
+    install -m 0755 "${WORKDIR}/etc-overlay.script" \
+        "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay"
+}
-- 
2.34.1

Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook

[Gylstorff Quirin]

On 4/21/22 13:52, Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> As systemd is not well prepared for read-only rootfs, specifically /wrt
> machine-id management and anything that depends on it, it's best to
> mount the /etc overlay already in the initramfs. This implies that also
> /var is mounted at that level. We still keep the fstab setup done by
> wic-swu-img class so that systemd will recognize the rootfs as read-only
> and not try to remount it rw which will only fail with underlying
> squashfs.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>   classes/wic-swu-img.bbclass                   |  2 --
>   .../etc-overlay-fs/etc-overlay-fs_0.1.bb      | 32 -------------------
>   .../etc-overlay-fs/files/etc-hostname.service | 14 --------
>   .../files/etc-sshd-regen-keys.conf            |  6 ----
>   .../etc-overlay-fs/files/etc-sysusers.conf    |  4 ---
>   recipes-core/etc-overlay-fs/files/etc.mount   | 13 --------
>   recipes-core/etc-overlay-fs/files/postinst    |  4 ---
>   .../cip-core-initramfs/cip-core-initramfs.bb  |  4 +++
>   .../files/etc-overlay.script                  | 24 ++++++++++++++
>   .../initramfs-etc-overlay-hook_0.1.bb         | 27 ++++++++++++++++
>   10 files changed, 55 insertions(+), 75 deletions(-)
>   delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
>   delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
>   create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>   create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
> 
> diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
> index b93a96a..41b2164 100644
> --- a/classes/wic-swu-img.bbclass
> +++ b/classes/wic-swu-img.bbclass
> @@ -15,8 +15,6 @@ inherit squashfs-img
>   inherit wic-img
>   inherit swupdate-img
>   
> -IMAGE_INSTALL += "etc-overlay-fs"
> -
>   INITRAMFS_RECIPE ?= "cip-core-initramfs"
>   INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>   
> diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
> deleted file mode 100644
> index 4e2b80b..0000000
> --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -#
> -# CIP Core, generic profile
> -#
> -# Copyright (c) Siemens AG, 2021
> -#
> -# Authors:
> -#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> -#
> -# SPDX-License-Identifier: MIT
> -
> -inherit dpkg-raw
> -
> -SRC_URI = "file://postinst \
> -           file://etc.mount \
> -           file://etc-hostname.service \
> -           file://etc-sshd-regen-keys.conf \
> -           file://etc-sysusers.conf"
> -
> -do_install[cleandirs]+="${D}/usr/lib/systemd/system \
> -                        ${D}/usr/lib/systemd/system/local-fs.target.wants \
> -                        ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
> -                        ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
> -                        ${D}/var/local/etc \
> -                        ${D}/var/local/.atomic \
> -                        "
> -do_install() {
> -    TARGET=${D}/usr/lib/systemd/system
> -    install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
> -    install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
> -    install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
> -    install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
> -}
> diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
> deleted file mode 100644
> index 2306b9f..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -[Unit]
> -Description=set hostname /etc overlay-aware
> -Before=network-pre.target
> -Wants=network-pre.target
> -Requires=etc.mount
> -After=etc.mount
> -
> -[Service]
> -Type=oneshot
> -RemainAfterExit=yes
> -ExecStart=/bin/hostname --boot --file /etc/hostname
> -
> -[Install]
> -WantedBy=basic.target
> diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
> deleted file mode 100644
> index b386c12..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -[Unit]
> -# set hostname /etc overlay-aware
> -Before=network-pre.target
> -Wants=network-pre.target
> -Requires=etc.mount
> -After=etc.mount
> diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
> deleted file mode 100644
> index ad45d7f..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -[Unit]
> -# make systemd-sysusers /etc overlay aware
> -Requires=etc.mount
> -After=etc.mount
> diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
> deleted file mode 100644
> index f0ae3c5..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc.mount
> +++ /dev/null
> @@ -1,13 +0,0 @@
> -[Unit]
> -Description=Overlay-mount /etc
> -Requires=var.mount
> -After=var.mount
> -
> -[Mount]
> -What=overlay
> -Where=/etc
> -Type=overlay
> -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
> -
> -[Install]
> -WantedBy=local-fs.target
> diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
> deleted file mode 100755
> index e436b53..0000000
> --- a/recipes-core/etc-overlay-fs/files/postinst
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -#!/bin/sh
> -
> -deb-systemd-helper enable etc.mount  || true
> -deb-systemd-helper enable etc-hostname.service || true
> diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> index 649daa2..9e0ee26 100644
> --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> @@ -10,3 +10,7 @@
>   #
>   
>   inherit initramfs
> +
> +INITRAMFS_INSTALL += " \
> +    initramfs-etc-overlay-hook \
> +    "
> diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
> new file mode 100644
> index 0000000..08271cd
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
> @@ -0,0 +1,24 @@
> +#!/bin/sh
> +
> +PREREQ=""
> +
> +prereqs()
> +{
> +	echo "$PREREQ"
> +}
> +
> +case $1 in
> +# get pre-requisites
> +prereqs)
> +	prereqs
> +	exit 0
> +	;;
> +esac
> +
> +. /scripts/functions
> + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var 
${rootmnt}/var

should there be a check for existence for /dev/disk/by-label/var?

> +
> +mkdir -p ${rootmnt}/var/local/etc
> +mkdir -p ${rootmnt}/var/local/.atomic
> +mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc
> diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
> new file mode 100644
> index 0000000..19e9261
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
> @@ -0,0 +1,27 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2022
> +#
> +# Authors:
> +#  Jan Kiszka <jan.kiszka@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +inherit dpkg-raw
> +
> +SRC_URI += " \
> +    file://etc-overlay.script \
> +    "
> +
> +DEBIAN_DEPENDS = "initramfs-tools"
> +
> +do_install[cleandirs] += " \
> +    ${D}/usr/share/initramfs-tools/hooks \
> +    ${D}/usr/share/initramfs-tools/scripts/local-bottom"
> +
> +do_install() {
> +    install -m 0755 "${WORKDIR}/etc-overlay.script" \
> +        "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay"
> +}

Quirin

Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook

[Jan Kiszka]

On 21.04.22 15:18, Gylstorff Quirin wrote:
> 
> 
> On 4/21/22 13:52, Jan Kiszka wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> As systemd is not well prepared for read-only rootfs, specifically /wrt
>> machine-id management and anything that depends on it, it's best to
>> mount the /etc overlay already in the initramfs. This implies that also
>> /var is mounted at that level. We still keep the fstab setup done by
>> wic-swu-img class so that systemd will recognize the rootfs as read-only
>> and not try to remount it rw which will only fail with underlying
>> squashfs.
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>>   classes/wic-swu-img.bbclass                   |  2 --
>>   .../etc-overlay-fs/etc-overlay-fs_0.1.bb      | 32 -------------------
>>   .../etc-overlay-fs/files/etc-hostname.service | 14 --------
>>   .../files/etc-sshd-regen-keys.conf            |  6 ----
>>   .../etc-overlay-fs/files/etc-sysusers.conf    |  4 ---
>>   recipes-core/etc-overlay-fs/files/etc.mount   | 13 --------
>>   recipes-core/etc-overlay-fs/files/postinst    |  4 ---
>>   .../cip-core-initramfs/cip-core-initramfs.bb  |  4 +++
>>   .../files/etc-overlay.script                  | 24 ++++++++++++++
>>   .../initramfs-etc-overlay-hook_0.1.bb         | 27 ++++++++++++++++
>>   10 files changed, 55 insertions(+), 75 deletions(-)
>>   delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>>   delete mode 100644
>> recipes-core/etc-overlay-fs/files/etc-hostname.service
>>   delete mode 100644
>> recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>>   delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
>>   delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
>>   create mode 100644
>> recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>>   create mode 100644
>> recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
>>
>>
>> diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
>> index b93a96a..41b2164 100644
>> --- a/classes/wic-swu-img.bbclass
>> +++ b/classes/wic-swu-img.bbclass
>> @@ -15,8 +15,6 @@ inherit squashfs-img
>>   inherit wic-img
>>   inherit swupdate-img
>>   -IMAGE_INSTALL += "etc-overlay-fs"
>> -
>>   INITRAMFS_RECIPE ?= "cip-core-initramfs"
>>   INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>>   diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> deleted file mode 100644
>> index 4e2b80b..0000000
>> --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> +++ /dev/null
>> @@ -1,32 +0,0 @@
>> -#
>> -# CIP Core, generic profile
>> -#
>> -# Copyright (c) Siemens AG, 2021
>> -#
>> -# Authors:
>> -#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> -#
>> -# SPDX-License-Identifier: MIT
>> -
>> -inherit dpkg-raw
>> -
>> -SRC_URI = "file://postinst \
>> -           file://etc.mount \
>> -           file://etc-hostname.service \
>> -           file://etc-sshd-regen-keys.conf \
>> -           file://etc-sysusers.conf"
>> -
>> -do_install[cleandirs]+="${D}/usr/lib/systemd/system \
>> -                       
>> ${D}/usr/lib/systemd/system/local-fs.target.wants \
>> -                       
>> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
>> -                       
>> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
>> -                        ${D}/var/local/etc \
>> -                        ${D}/var/local/.atomic \
>> -                        "
>> -do_install() {
>> -    TARGET=${D}/usr/lib/systemd/system
>> -    install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
>> -    install -m 0644 ${WORKDIR}/etc-hostname.service
>> ${TARGET}/etc-hostname.service
>> -    install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf
>> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
>>
>> -    install -m 0644 ${WORKDIR}/etc-sysusers.conf
>> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
>>
>> -}
>> diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> b/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> deleted file mode 100644
>> index 2306b9f..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> +++ /dev/null
>> @@ -1,14 +0,0 @@
>> -[Unit]
>> -Description=set hostname /etc overlay-aware
>> -Before=network-pre.target
>> -Wants=network-pre.target
>> -Requires=etc.mount
>> -After=etc.mount
>> -
>> -[Service]
>> -Type=oneshot
>> -RemainAfterExit=yes
>> -ExecStart=/bin/hostname --boot --file /etc/hostname
>> -
>> -[Install]
>> -WantedBy=basic.target
>> diff --git
>> a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> deleted file mode 100644
>> index b386c12..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> +++ /dev/null
>> @@ -1,6 +0,0 @@
>> -[Unit]
>> -# set hostname /etc overlay-aware
>> -Before=network-pre.target
>> -Wants=network-pre.target
>> -Requires=etc.mount
>> -After=etc.mount
>> diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> deleted file mode 100644
>> index ad45d7f..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -[Unit]
>> -# make systemd-sysusers /etc overlay aware
>> -Requires=etc.mount
>> -After=etc.mount
>> diff --git a/recipes-core/etc-overlay-fs/files/etc.mount
>> b/recipes-core/etc-overlay-fs/files/etc.mount
>> deleted file mode 100644
>> index f0ae3c5..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc.mount
>> +++ /dev/null
>> @@ -1,13 +0,0 @@
>> -[Unit]
>> -Description=Overlay-mount /etc
>> -Requires=var.mount
>> -After=var.mount
>> -
>> -[Mount]
>> -What=overlay
>> -Where=/etc
>> -Type=overlay
>> -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
>>
>> -
>> -[Install]
>> -WantedBy=local-fs.target
>> diff --git a/recipes-core/etc-overlay-fs/files/postinst
>> b/recipes-core/etc-overlay-fs/files/postinst
>> deleted file mode 100755
>> index e436b53..0000000
>> --- a/recipes-core/etc-overlay-fs/files/postinst
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -#!/bin/sh
>> -
>> -deb-systemd-helper enable etc.mount  || true
>> -deb-systemd-helper enable etc-hostname.service || true
>> diff --git
>> a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> index 649daa2..9e0ee26 100644
>> --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> @@ -10,3 +10,7 @@
>>   #
>>     inherit initramfs
>> +
>> +INITRAMFS_INSTALL += " \
>> +    initramfs-etc-overlay-hook \
>> +    "
>> diff --git
>> a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>>
>> new file mode 100644
>> index 0000000..08271cd
>> --- /dev/null
>> +++
>> b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>> @@ -0,0 +1,24 @@
>> +#!/bin/sh
>> +
>> +PREREQ=""
>> +
>> +prereqs()
>> +{
>> +    echo "$PREREQ"
>> +}
>> +
>> +case $1 in
>> +# get pre-requisites
>> +prereqs)
>> +    prereqs
>> +    exit 0
>> +    ;;
>> +esac
>> +
>> +. /scripts/functions
>> + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var 
> ${rootmnt}/var
> 
> should there be a check for existence for /dev/disk/by-label/var?
> 

mount will fail - and we likely want to panic in that case, true. Will
write a v2 for that.

Thanks,
Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux