* [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay
@ 2022-04-21 11:52 Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm
This addresses the problem of current read-only rootfs + /etc overlay as
used for the SWUpdate setups.
Due to ordering issues in systemd startup between machine-id handling
vs. making /etc writable via the overlay, various things are broken down
the line, e.g. journal reporting. Reading [1], it appeared to be best to
move the overlay mounting into the initramfs. And this implementation
proves this to be right: simpler and working smoothly.
As a by-product, this also unifies the initramfs-abrootfs-hook, and
makes it simpler as well.
Jan
[1] https://www.spinics.net/lists/systemd-devel/msg05670.html
Jan Kiszka (3):
wic: Align kernel command line of qemu-amd64-efibootguard*
initramfs-abrootfs-hook: Convert to an initramfs-class recipe
Convert /etc overlay from systemd mount unit to initramfs hook
classes/image_uuid.bbclass | 6 +-
classes/secure-wic-swu-img.bbclass | 4 --
classes/wic-swu-img.bbclass | 6 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 1 +
kas/opt/ebg-swu.yml | 2 +-
.../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 ---------
.../etc-overlay-fs/files/etc-hostname.service | 14 ----
.../files/etc-sshd-regen-keys.conf | 6 --
.../etc-overlay-fs/files/etc-sysusers.conf | 4 --
recipes-core/etc-overlay-fs/files/etc.mount | 13 ----
recipes-core/etc-overlay-fs/files/postinst | 4 --
.../cip-core-initramfs/cip-core-initramfs.bb | 2 +-
.../{initramfs.lsblk.hook => abrootfs.hook} | 11 +---
.../files/abrootfs.script | 66 +++++++++++++++++++
.../files/initramfs.image_uuid.hook | 33 ----------
.../initramfs-abrootfs-hook/files/postinst | 6 --
.../initramfs-abrootfs-hook_0.1.bb | 41 +++++++-----
.../files/etc-overlay.script | 24 +++++++
.../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++
wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
20 files changed, 156 insertions(+), 148 deletions(-)
delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%)
create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard*
2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka
@ 2022-04-21 11:52 ` Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka
2 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm
From: Jan Kiszka <jan.kiszka@siemens.com>
"rw" is meaningless and misleading for the read-only rootfs we have.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index 54f7143..affa299 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -12,4 +12,4 @@ part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G
-bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait rw earlyprintk"
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe
2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka
@ 2022-04-21 11:52 ` Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka
2 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm
From: Jan Kiszka <jan.kiszka@siemens.com>
This unifies the pattern we generate initramfs images for non-secure and
secure SWUpdate images. Besides cleaning up the related abrootfs
selection hook, the unification is a precondition for adding another
initramfs recipe later that will be shared between both image types
The pattern followed in the new initramfs-abrootfs-hook script is now
similar to initramfs-verity-hook: a local-top hook is used, rather than
a patch for Debian's local script. This hook looks for the matching
rootfs by read-only mounting candidates, comparing the contained UUID
against the one stored in the initramfs, unmounting again, and then
setting the ROOT variable on match.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
classes/image_uuid.bbclass | 6 +-
classes/secure-wic-swu-img.bbclass | 4 --
classes/wic-swu-img.bbclass | 6 ++
kas/opt/ebg-secure-boot-snakeoil.yml | 1 +
kas/opt/ebg-swu.yml | 2 +-
.../cip-core-initramfs/cip-core-initramfs.bb | 4 --
.../{initramfs.lsblk.hook => abrootfs.hook} | 11 +---
.../files/abrootfs.script | 66 +++++++++++++++++++
.../files/initramfs.image_uuid.hook | 33 ----------
.../initramfs-abrootfs-hook/files/postinst | 6 --
.../initramfs-abrootfs-hook_0.1.bb | 41 +++++++-----
11 files changed, 104 insertions(+), 76 deletions(-)
rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%)
create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst
diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass
index 2813ed9..7294eb3 100644
--- a/classes/image_uuid.bbclass
+++ b/classes/image_uuid.bbclass
@@ -1,10 +1,11 @@
#
# CIP Core, generic profile
#
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2022
#
# Authors:
# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+# Jan Kiszka <jan.kiszka@siemens.com>
#
# SPDX-License-Identifier: MIT
#
@@ -27,7 +28,6 @@ do_generate_image_uuid() {
sudo tee -a '${IMAGE_ROOTFS}/etc/os-release'
image_do_mounts
- # update initramfs to add uuid
- sudo chroot '${IMAGE_ROOTFS}' update-initramfs -u
+ echo "TARGET_IMAGE_UUID=\"${IMAGE_UUID}\"" > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.uuid.env"
}
addtask generate_image_uuid before do_copy_boot_files after do_rootfs_install
diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
index 85342fe..5e8e48a 100644
--- a/classes/secure-wic-swu-img.bbclass
+++ b/classes/secure-wic-swu-img.bbclass
@@ -9,10 +9,6 @@
# SPDX-License-Identifier: MIT
#
-INITRAMFS_RECIPE ?= "cip-core-initramfs"
-do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
-INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
-
inherit verity-img
inherit wic-swu-img
diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
index 231b249..b93a96a 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/wic-swu-img.bbclass
@@ -16,6 +16,12 @@ inherit wic-img
inherit swupdate-img
IMAGE_INSTALL += "etc-overlay-fs"
+
+INITRAMFS_RECIPE ?= "cip-core-initramfs"
+INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
+
+do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
+
IMAGE_INSTALL += "home-fs"
IMAGE_INSTALL += "tmp-fs"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 14a5d6a..b329f41 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -25,6 +25,7 @@ local_conf_header:
secure-boot-image: |
IMAGE_FSTYPES = "secure-wic-swu-img"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
+ INITRAMFS_INSTALL_append = " initramfs-verity-hook"
secure-boot: |
# Add snakeoil binaries for qemu
diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml
index d811929..5e4e771 100644
--- a/kas/opt/ebg-swu.yml
+++ b/kas/opt/ebg-swu.yml
@@ -17,7 +17,7 @@ header:
local_conf_header:
initramfs: |
- IMAGE_INSTALL += "initramfs-abrootfs-hook"
+ INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook"
image-option-uuid: |
CIP_IMAGE_OPTIONS_append = " image-uuid.inc"
diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
index 825fb9f..649daa2 100644
--- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
+++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
@@ -10,7 +10,3 @@
#
inherit initramfs
-
-INITRAMFS_INSTALL += " \
- initramfs-verity-hook \
- "
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
similarity index 62%
rename from recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook
rename to recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
index cf32404..bacbc2e 100644
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook
+++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook
@@ -1,9 +1,8 @@
-# This software is a part of ISAR.
-# Copyright (C) Siemens AG, 2020
+#!/bin/sh
+# Copyright (C) Siemens AG, 2020-2022
#
# SPDX-License-Identifier: MIT
-#!/bin/sh
PREREQ=""
prereqs()
@@ -21,9 +20,5 @@ esac
. /usr/share/initramfs-tools/scripts/functions
. /usr/share/initramfs-tools/hook-functions
-if [ ! -x /usr/bin/lsblk ]; then
- echo "Warning: couldn't find /usr/bin/lsblk!"
- exit 0
-fi
-
copy_exec /usr/bin/lsblk
+copy_file library /usr/share/abrootfs/image-uuid.env /usr/share/abrootfs/image-uuid.env
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
new file mode 100644
index 0000000..b61fe30
--- /dev/null
+++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2020-2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+prereqs()
+{
+ # Make sure that this script is run last in local-top
+ local req
+ for req in "${0%/*}"/*; do
+ script="${req##*/}"
+ if [ "$script" != "${0##*/}" ]; then
+ printf '%s\n' "$script"
+ fi
+ done
+}
+case $1 in
+prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+. /usr/share/abrootfs/image-uuid.env
+
+# Even if this script fails horribly, make sure there won't be a chance the
+# current $ROOT will be attempted. As this device most likely contains a
+# perfectly valid filesystem, it would be mounted successfully, leading to a
+# broken boot.
+echo "ROOT=/dev/null" >/conf/param.conf
+wait_for_udev 10
+case "$ROOT" in
+ PART*)
+ # root was given as PARTUUID= or PARTLABEL=. Use blkid to find the matching
+ # partition
+ ROOT=$(blkid --list-one --output device --match-token "$ROOT")
+ ;;
+ "")
+ # No Root device was given. Use find the matching IMAGE_UUID
+ partitions=$(blkid -o device)
+ for part in $partitions; do
+ if [ "$(blkid -p ${part} --match-types novfat -s USAGE -o value)" = "filesystem" ]; then
+ mount -o ro -t $(get_fstype $part) $part ${rootmnt}
+ . ${rootmnt}/etc/os-release
+ umount ${rootmnt}
+ if [ "${IMAGE_UUID}" = "${TARGET_IMAGE_UUID}" ]; then
+ ROOT="$part"
+ break
+ fi
+ fi
+ done
+ ;;
+esac
+
+if [ -z "${ROOT}" ]; then
+ panic "Can't find the root device with matching UUID!"
+fi
+
+echo "ROOT=${ROOT}" >/conf/param.conf
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
deleted file mode 100644
index 910ce84..0000000
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
+++ /dev/null
@@ -1,33 +0,0 @@
-# This software is a part of ISAR.
-# Copyright (C) Siemens AG, 2020
-#
-# SPDX-License-Identifier: MIT
-
-#!/bin/sh
-set -x
-PREREQ=""
-
-prereqs()
-{
- echo "$PREREQ"
-}
-
-case $1 in
-prereqs)
- prereqs
- exit 0
- ;;
-esac
-
-. /usr/share/initramfs-tools/scripts/functions
-. /usr/share/initramfs-tools/hook-functions
-
-if [ ! -e /etc/os-release ]; then
- echo "Warning: couldn't find /etc/os-release!"
- exit 0
-fi
-
-IMAGE_UUID=$(sed -n 's/^IMAGE_UUID="\(.*\)"/\1/p' /etc/os-release)
-echo "${IMAGE_UUID}" > "${DESTDIR}/conf/image_uuid"
-
-exit 0
\ No newline at end of file
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst b/recipes-initramfs/initramfs-abrootfs-hook/files/postinst
deleted file mode 100644
index e065524..0000000
--- a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-# patch local script
-patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/initramfs-abrootfs-hook/debian-local.patch
-
-update-initramfs -v -u
diff --git a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
index 9c1776a..1693e85 100644
--- a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb
@@ -1,33 +1,40 @@
#
# CIP Core, generic profile
#
-# Copyright (c) Siemens AG, 2020
+# Copyright (c) Siemens AG, 2020-2022
#
# Authors:
# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+# Jan Kiszka <jan.kiszka@siemens.com>
#
# SPDX-License-Identifier: MIT
inherit dpkg-raw
-DEBIAN_DEPENDS += ", busybox, patch"
+DEBIAN_DEPENDS = "initramfs-tools"
-SRC_URI += "file://postinst \
- file://initramfs.lsblk.hook \
- file://initramfs.image_uuid.hook \
- file://debian-local-patch"
+SRC_URI += "file://abrootfs.hook \
+ file://abrootfs.script"
+
+ABROOTFS_IMAGE_RECIPE ?= "cip-core-image"
+
+IMAGE_UUID_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${ABROOTFS_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.uuid.env"
+
+do_install[depends] += "${ABROOTFS_IMAGE_RECIPE}:do_generate_image_uuid"
+do_install[cleandirs] += " \
+ ${D}/usr/share/initramfs-tools/hooks \
+ ${D}/usr/share/abrootfs \
+ ${D}/usr/share/initramfs-tools/scripts/local-top"
do_install() {
- # add patch for local to /usr/share/initramfs-abrootfs-hook
- TARGET=${D}/usr/share/initramfs-abrootfs-hook
- install -m 0755 -d ${TARGET}
- install -m 0644 ${WORKDIR}/debian-local-patch ${TARGET}/debian-local.patch
-
- # add hooks for secure boot
- HOOKS=${D}/etc/initramfs-tools/hooks
- install -m 0755 -d ${HOOKS}
- install -m 0740 ${WORKDIR}/initramfs.lsblk.hook ${HOOKS}/lsblk.hook
- install -m 0740 ${WORKDIR}/initramfs.image_uuid.hook ${HOOKS}/image_uuid.hook
+ if [ -f "${IMAGE_UUID_ENV_FILE}" ]; then
+ install -m 0600 "${IMAGE_UUID_ENV_FILE}" "${D}/usr/share/abrootfs/image-uuid.env"
+ else
+ bberror "Did not find ${IMAGE_UUID_ENV_FILE}. initramfs will not be build correctly!"
+ fi
+ install -m 0755 "${WORKDIR}/abrootfs.script" \
+ "${D}/usr/share/initramfs-tools/scripts/local-top/abrootfs"
+ install -m 0755 "${WORKDIR}/abrootfs.hook" \
+ "${D}/usr/share/initramfs-tools/hooks/abrootfs"
}
-addtask do_install after do_transform_template
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook
2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka
@ 2022-04-21 11:52 ` Jan Kiszka
2022-04-21 13:18 ` Gylstorff Quirin
2 siblings, 1 reply; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm
From: Jan Kiszka <jan.kiszka@siemens.com>
As systemd is not well prepared for read-only rootfs, specifically /wrt
machine-id management and anything that depends on it, it's best to
mount the /etc overlay already in the initramfs. This implies that also
/var is mounted at that level. We still keep the fstab setup done by
wic-swu-img class so that systemd will recognize the rootfs as read-only
and not try to remount it rw which will only fail with underlying
squashfs.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
classes/wic-swu-img.bbclass | 2 --
.../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 -------------------
.../etc-overlay-fs/files/etc-hostname.service | 14 --------
.../files/etc-sshd-regen-keys.conf | 6 ----
.../etc-overlay-fs/files/etc-sysusers.conf | 4 ---
recipes-core/etc-overlay-fs/files/etc.mount | 13 --------
recipes-core/etc-overlay-fs/files/postinst | 4 ---
.../cip-core-initramfs/cip-core-initramfs.bb | 4 +++
.../files/etc-overlay.script | 24 ++++++++++++++
.../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++
10 files changed, 55 insertions(+), 75 deletions(-)
delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
index b93a96a..41b2164 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/wic-swu-img.bbclass
@@ -15,8 +15,6 @@ inherit squashfs-img
inherit wic-img
inherit swupdate-img
-IMAGE_INSTALL += "etc-overlay-fs"
-
INITRAMFS_RECIPE ?= "cip-core-initramfs"
INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
deleted file mode 100644
index 4e2b80b..0000000
--- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2021
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-
-inherit dpkg-raw
-
-SRC_URI = "file://postinst \
- file://etc.mount \
- file://etc-hostname.service \
- file://etc-sshd-regen-keys.conf \
- file://etc-sysusers.conf"
-
-do_install[cleandirs]+="${D}/usr/lib/systemd/system \
- ${D}/usr/lib/systemd/system/local-fs.target.wants \
- ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
- ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
- ${D}/var/local/etc \
- ${D}/var/local/.atomic \
- "
-do_install() {
- TARGET=${D}/usr/lib/systemd/system
- install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
- install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
- install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
- install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
-}
diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
deleted file mode 100644
index 2306b9f..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=set hostname /etc overlay-aware
-Before=network-pre.target
-Wants=network-pre.target
-Requires=etc.mount
-After=etc.mount
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/hostname --boot --file /etc/hostname
-
-[Install]
-WantedBy=basic.target
diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
deleted file mode 100644
index b386c12..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-# set hostname /etc overlay-aware
-Before=network-pre.target
-Wants=network-pre.target
-Requires=etc.mount
-After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
deleted file mode 100644
index ad45d7f..0000000
--- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-[Unit]
-# make systemd-sysusers /etc overlay aware
-Requires=etc.mount
-After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
deleted file mode 100644
index f0ae3c5..0000000
--- a/recipes-core/etc-overlay-fs/files/etc.mount
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Overlay-mount /etc
-Requires=var.mount
-After=var.mount
-
-[Mount]
-What=overlay
-Where=/etc
-Type=overlay
-Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
-
-[Install]
-WantedBy=local-fs.target
diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
deleted file mode 100755
index e436b53..0000000
--- a/recipes-core/etc-overlay-fs/files/postinst
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-deb-systemd-helper enable etc.mount || true
-deb-systemd-helper enable etc-hostname.service || true
diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
index 649daa2..9e0ee26 100644
--- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
+++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
@@ -10,3 +10,7 @@
#
inherit initramfs
+
+INITRAMFS_INSTALL += " \
+ initramfs-etc-overlay-hook \
+ "
diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
new file mode 100644
index 0000000..08271cd
--- /dev/null
+++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs()
+{
+ echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+
+mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var ${rootmnt}/var
+
+mkdir -p ${rootmnt}/var/local/etc
+mkdir -p ${rootmnt}/var/local/.atomic
+mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc
diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
new file mode 100644
index 0000000..19e9261
--- /dev/null
+++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
@@ -0,0 +1,27 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2022
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit dpkg-raw
+
+SRC_URI += " \
+ file://etc-overlay.script \
+ "
+
+DEBIAN_DEPENDS = "initramfs-tools"
+
+do_install[cleandirs] += " \
+ ${D}/usr/share/initramfs-tools/hooks \
+ ${D}/usr/share/initramfs-tools/scripts/local-bottom"
+
+do_install() {
+ install -m 0755 "${WORKDIR}/etc-overlay.script" \
+ "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay"
+}
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook
2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka
@ 2022-04-21 13:18 ` Gylstorff Quirin
2022-04-21 13:38 ` Jan Kiszka
0 siblings, 1 reply; 6+ messages in thread
From: Gylstorff Quirin @ 2022-04-21 13:18 UTC (permalink / raw)
To: Jan Kiszka, cip-dev; +Cc: Christian Storm
On 4/21/22 13:52, Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
>
> As systemd is not well prepared for read-only rootfs, specifically /wrt
> machine-id management and anything that depends on it, it's best to
> mount the /etc overlay already in the initramfs. This implies that also
> /var is mounted at that level. We still keep the fstab setup done by
> wic-swu-img class so that systemd will recognize the rootfs as read-only
> and not try to remount it rw which will only fail with underlying
> squashfs.
>
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> classes/wic-swu-img.bbclass | 2 --
> .../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 -------------------
> .../etc-overlay-fs/files/etc-hostname.service | 14 --------
> .../files/etc-sshd-regen-keys.conf | 6 ----
> .../etc-overlay-fs/files/etc-sysusers.conf | 4 ---
> recipes-core/etc-overlay-fs/files/etc.mount | 13 --------
> recipes-core/etc-overlay-fs/files/postinst | 4 ---
> .../cip-core-initramfs/cip-core-initramfs.bb | 4 +++
> .../files/etc-overlay.script | 24 ++++++++++++++
> .../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++
> 10 files changed, 55 insertions(+), 75 deletions(-)
> delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
> delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
> delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
> delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
> delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
> delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
> create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
> create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
>
> diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
> index b93a96a..41b2164 100644
> --- a/classes/wic-swu-img.bbclass
> +++ b/classes/wic-swu-img.bbclass
> @@ -15,8 +15,6 @@ inherit squashfs-img
> inherit wic-img
> inherit swupdate-img
>
> -IMAGE_INSTALL += "etc-overlay-fs"
> -
> INITRAMFS_RECIPE ?= "cip-core-initramfs"
> INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>
> diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
> deleted file mode 100644
> index 4e2b80b..0000000
> --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -#
> -# CIP Core, generic profile
> -#
> -# Copyright (c) Siemens AG, 2021
> -#
> -# Authors:
> -# Quirin Gylstorff <quirin.gylstorff@siemens.com>
> -#
> -# SPDX-License-Identifier: MIT
> -
> -inherit dpkg-raw
> -
> -SRC_URI = "file://postinst \
> - file://etc.mount \
> - file://etc-hostname.service \
> - file://etc-sshd-regen-keys.conf \
> - file://etc-sysusers.conf"
> -
> -do_install[cleandirs]+="${D}/usr/lib/systemd/system \
> - ${D}/usr/lib/systemd/system/local-fs.target.wants \
> - ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
> - ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
> - ${D}/var/local/etc \
> - ${D}/var/local/.atomic \
> - "
> -do_install() {
> - TARGET=${D}/usr/lib/systemd/system
> - install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
> - install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
> - install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
> - install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
> -}
> diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
> deleted file mode 100644
> index 2306b9f..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -[Unit]
> -Description=set hostname /etc overlay-aware
> -Before=network-pre.target
> -Wants=network-pre.target
> -Requires=etc.mount
> -After=etc.mount
> -
> -[Service]
> -Type=oneshot
> -RemainAfterExit=yes
> -ExecStart=/bin/hostname --boot --file /etc/hostname
> -
> -[Install]
> -WantedBy=basic.target
> diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
> deleted file mode 100644
> index b386c12..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -[Unit]
> -# set hostname /etc overlay-aware
> -Before=network-pre.target
> -Wants=network-pre.target
> -Requires=etc.mount
> -After=etc.mount
> diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
> deleted file mode 100644
> index ad45d7f..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -[Unit]
> -# make systemd-sysusers /etc overlay aware
> -Requires=etc.mount
> -After=etc.mount
> diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
> deleted file mode 100644
> index f0ae3c5..0000000
> --- a/recipes-core/etc-overlay-fs/files/etc.mount
> +++ /dev/null
> @@ -1,13 +0,0 @@
> -[Unit]
> -Description=Overlay-mount /etc
> -Requires=var.mount
> -After=var.mount
> -
> -[Mount]
> -What=overlay
> -Where=/etc
> -Type=overlay
> -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
> -
> -[Install]
> -WantedBy=local-fs.target
> diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
> deleted file mode 100755
> index e436b53..0000000
> --- a/recipes-core/etc-overlay-fs/files/postinst
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -#!/bin/sh
> -
> -deb-systemd-helper enable etc.mount || true
> -deb-systemd-helper enable etc-hostname.service || true
> diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> index 649daa2..9e0ee26 100644
> --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
> @@ -10,3 +10,7 @@
> #
>
> inherit initramfs
> +
> +INITRAMFS_INSTALL += " \
> + initramfs-etc-overlay-hook \
> + "
> diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
> new file mode 100644
> index 0000000..08271cd
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
> @@ -0,0 +1,24 @@
> +#!/bin/sh
> +
> +PREREQ=""
> +
> +prereqs()
> +{
> + echo "$PREREQ"
> +}
> +
> +case $1 in
> +# get pre-requisites
> +prereqs)
> + prereqs
> + exit 0
> + ;;
> +esac
> +
> +. /scripts/functions
> + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var
${rootmnt}/var
should there be a check for existence for /dev/disk/by-label/var?
> +
> +mkdir -p ${rootmnt}/var/local/etc
> +mkdir -p ${rootmnt}/var/local/.atomic
> +mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc
> diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
> new file mode 100644
> index 0000000..19e9261
> --- /dev/null
> +++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
> @@ -0,0 +1,27 @@
> +#
> +# CIP Core, generic profile
> +#
> +# Copyright (c) Siemens AG, 2022
> +#
> +# Authors:
> +# Jan Kiszka <jan.kiszka@siemens.com>
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +inherit dpkg-raw
> +
> +SRC_URI += " \
> + file://etc-overlay.script \
> + "
> +
> +DEBIAN_DEPENDS = "initramfs-tools"
> +
> +do_install[cleandirs] += " \
> + ${D}/usr/share/initramfs-tools/hooks \
> + ${D}/usr/share/initramfs-tools/scripts/local-bottom"
> +
> +do_install() {
> + install -m 0755 "${WORKDIR}/etc-overlay.script" \
> + "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay"
> +}
Quirin
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook
2022-04-21 13:18 ` Gylstorff Quirin
@ 2022-04-21 13:38 ` Jan Kiszka
0 siblings, 0 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 13:38 UTC (permalink / raw)
To: Gylstorff Quirin, cip-dev; +Cc: Christian Storm
On 21.04.22 15:18, Gylstorff Quirin wrote:
>
>
> On 4/21/22 13:52, Jan Kiszka wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> As systemd is not well prepared for read-only rootfs, specifically /wrt
>> machine-id management and anything that depends on it, it's best to
>> mount the /etc overlay already in the initramfs. This implies that also
>> /var is mounted at that level. We still keep the fstab setup done by
>> wic-swu-img class so that systemd will recognize the rootfs as read-only
>> and not try to remount it rw which will only fail with underlying
>> squashfs.
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>> classes/wic-swu-img.bbclass | 2 --
>> .../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 -------------------
>> .../etc-overlay-fs/files/etc-hostname.service | 14 --------
>> .../files/etc-sshd-regen-keys.conf | 6 ----
>> .../etc-overlay-fs/files/etc-sysusers.conf | 4 ---
>> recipes-core/etc-overlay-fs/files/etc.mount | 13 --------
>> recipes-core/etc-overlay-fs/files/postinst | 4 ---
>> .../cip-core-initramfs/cip-core-initramfs.bb | 4 +++
>> .../files/etc-overlay.script | 24 ++++++++++++++
>> .../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++
>> 10 files changed, 55 insertions(+), 75 deletions(-)
>> delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> delete mode 100644
>> recipes-core/etc-overlay-fs/files/etc-hostname.service
>> delete mode 100644
>> recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
>> delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
>> create mode 100644
>> recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>> create mode 100644
>> recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
>>
>>
>> diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass
>> index b93a96a..41b2164 100644
>> --- a/classes/wic-swu-img.bbclass
>> +++ b/classes/wic-swu-img.bbclass
>> @@ -15,8 +15,6 @@ inherit squashfs-img
>> inherit wic-img
>> inherit swupdate-img
>> -IMAGE_INSTALL += "etc-overlay-fs"
>> -
>> INITRAMFS_RECIPE ?= "cip-core-initramfs"
>> INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>> diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> deleted file mode 100644
>> index 4e2b80b..0000000
>> --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
>> +++ /dev/null
>> @@ -1,32 +0,0 @@
>> -#
>> -# CIP Core, generic profile
>> -#
>> -# Copyright (c) Siemens AG, 2021
>> -#
>> -# Authors:
>> -# Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> -#
>> -# SPDX-License-Identifier: MIT
>> -
>> -inherit dpkg-raw
>> -
>> -SRC_URI = "file://postinst \
>> - file://etc.mount \
>> - file://etc-hostname.service \
>> - file://etc-sshd-regen-keys.conf \
>> - file://etc-sysusers.conf"
>> -
>> -do_install[cleandirs]+="${D}/usr/lib/systemd/system \
>> -
>> ${D}/usr/lib/systemd/system/local-fs.target.wants \
>> -
>> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
>> -
>> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
>> - ${D}/var/local/etc \
>> - ${D}/var/local/.atomic \
>> - "
>> -do_install() {
>> - TARGET=${D}/usr/lib/systemd/system
>> - install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
>> - install -m 0644 ${WORKDIR}/etc-hostname.service
>> ${TARGET}/etc-hostname.service
>> - install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf
>> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
>>
>> - install -m 0644 ${WORKDIR}/etc-sysusers.conf
>> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
>>
>> -}
>> diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> b/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> deleted file mode 100644
>> index 2306b9f..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service
>> +++ /dev/null
>> @@ -1,14 +0,0 @@
>> -[Unit]
>> -Description=set hostname /etc overlay-aware
>> -Before=network-pre.target
>> -Wants=network-pre.target
>> -Requires=etc.mount
>> -After=etc.mount
>> -
>> -[Service]
>> -Type=oneshot
>> -RemainAfterExit=yes
>> -ExecStart=/bin/hostname --boot --file /etc/hostname
>> -
>> -[Install]
>> -WantedBy=basic.target
>> diff --git
>> a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> deleted file mode 100644
>> index b386c12..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
>> +++ /dev/null
>> @@ -1,6 +0,0 @@
>> -[Unit]
>> -# set hostname /etc overlay-aware
>> -Before=network-pre.target
>> -Wants=network-pre.target
>> -Requires=etc.mount
>> -After=etc.mount
>> diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> deleted file mode 100644
>> index ad45d7f..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -[Unit]
>> -# make systemd-sysusers /etc overlay aware
>> -Requires=etc.mount
>> -After=etc.mount
>> diff --git a/recipes-core/etc-overlay-fs/files/etc.mount
>> b/recipes-core/etc-overlay-fs/files/etc.mount
>> deleted file mode 100644
>> index f0ae3c5..0000000
>> --- a/recipes-core/etc-overlay-fs/files/etc.mount
>> +++ /dev/null
>> @@ -1,13 +0,0 @@
>> -[Unit]
>> -Description=Overlay-mount /etc
>> -Requires=var.mount
>> -After=var.mount
>> -
>> -[Mount]
>> -What=overlay
>> -Where=/etc
>> -Type=overlay
>> -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
>>
>> -
>> -[Install]
>> -WantedBy=local-fs.target
>> diff --git a/recipes-core/etc-overlay-fs/files/postinst
>> b/recipes-core/etc-overlay-fs/files/postinst
>> deleted file mode 100755
>> index e436b53..0000000
>> --- a/recipes-core/etc-overlay-fs/files/postinst
>> +++ /dev/null
>> @@ -1,4 +0,0 @@
>> -#!/bin/sh
>> -
>> -deb-systemd-helper enable etc.mount || true
>> -deb-systemd-helper enable etc-hostname.service || true
>> diff --git
>> a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> index 649daa2..9e0ee26 100644
>> --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb
>> @@ -10,3 +10,7 @@
>> #
>> inherit initramfs
>> +
>> +INITRAMFS_INSTALL += " \
>> + initramfs-etc-overlay-hook \
>> + "
>> diff --git
>> a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>>
>> new file mode 100644
>> index 0000000..08271cd
>> --- /dev/null
>> +++
>> b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
>> @@ -0,0 +1,24 @@
>> +#!/bin/sh
>> +
>> +PREREQ=""
>> +
>> +prereqs()
>> +{
>> + echo "$PREREQ"
>> +}
>> +
>> +case $1 in
>> +# get pre-requisites
>> +prereqs)
>> + prereqs
>> + exit 0
>> + ;;
>> +esac
>> +
>> +. /scripts/functions
>> + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var
> ${rootmnt}/var
>
> should there be a check for existence for /dev/disk/by-label/var?
>
mount will fail - and we likely want to panic in that case, true. Will
write a v2 for that.
Thanks,
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-04-21 16:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka
2022-04-21 13:18 ` Gylstorff Quirin
2022-04-21 13:38 ` Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.