[PATCH V3 0/4] read-only rootfs support

[PATCH V3 0/4] read-only rootfs support

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

The series of patches add support to read-only rootfs.

The main idea is to use symbolic links to create the illuion that some
directories are writable in case of a read-only rootfs.

This set of patches have been tested on minimal images with and without
'read-only-rootfs' image feature enabled. Everything is OK.

For sato images, everything is the same as before if 'read-only-rootfs' is not enabled.
With 'read-only-rootfs' enabled, sato image could work if graphic interface is diabled.
When all postinstall problems are resolved, sato image should work well (maybe with some
small changes in volatiles-readonly-sato conf file).


The following changes since commit 90c0eb29f0b41e4ac2d3d17ebad7295c2ebdc02a:

  rootfs_rpm.bbclass: remove debug code (2012-12-19 21:43:55 +0000)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib ChenQi/readonly-rootfs
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=ChenQi/readonly-rootfs

Chen Qi (4):
  sysvinit: add ROOTFS_READ_ONLY variable to rcS-default
  image.bbclass: add two hook funtions to support read-only rootfs
  core-image.bbclass: support read-only-rootfs image feature
  initscripts: support read-only rootfs

 meta/classes/core-image.bbclass                    |    7 +-
 meta/classes/image.bbclass                         |   29 ++
 .../initscripts/initscripts-1.0/bootmisc.sh        |    9 +-
 .../initscripts-1.0/populate-volatile.sh           |  281 ++++++++++----------
 .../initscripts/initscripts-1.0/volatiles          |    1 +
 .../initscripts-1.0/volatiles-readonly-minimal     |    8 +
 .../initscripts-1.0/volatiles-readonly-sato        |   14 +
 meta/recipes-core/initscripts/initscripts_1.0.bb   |   11 +-
 meta/recipes-core/sysvinit/sysvinit/rcS-default    |    4 +
 meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb     |    2 +-
 10 files changed, 210 insertions(+), 156 deletions(-)
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-minimal
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-sato

-- 
1.7.9.5

[PATCH 1/4] sysvinit: add ROOTFS_READ_ONLY variable to rcS-default

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

This variable indicates whether the rootfs is intended to be read-only
or not. Changing this value from 'no' to 'yes' on a currently running
system with read-write rootfs and rebooting will give the user a working
system with read-only rootfs.

However, it is not suggested to change its value. Normally, if a read-only
rootfs is required, we should build an image with 'read-only-rootfs' image
feature.

[YOCTO #3406]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/recipes-core/sysvinit/sysvinit/rcS-default |    4 ++++
 meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb  |    2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/sysvinit/sysvinit/rcS-default b/meta/recipes-core/sysvinit/sysvinit/rcS-default
index 3c9dea9..88907a5 100644
--- a/meta/recipes-core/sysvinit/sysvinit/rcS-default
+++ b/meta/recipes-core/sysvinit/sysvinit/rcS-default
@@ -23,3 +23,7 @@ FSCKFIX=yes
 #TICKADJ=10000
 # Enable caching in populate-volatile.sh
 VOLATILE_ENABLE_CACHE=yes
+# Indicate whether the rootfs is intended to be read-only or not.
+# Setting ROOTFS_READ_ONLY to yes and rebooting will give you a read-only rootfs.
+# Normally you should not change this value.
+ROOTFS_READ_ONLY=no
\ No newline at end of file
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
index de073b8..bf6a29b 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
@@ -5,7 +5,7 @@ SECTION = "base"
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe \
                     file://COPYRIGHT;endline=15;md5=349c872e0066155e1818b786938876a4"
-PR = "r9"
+PR = "r10"
 
 RDEPENDS_${PN} = "${PN}-inittab"
 
-- 
1.7.9.5

[PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

read_only_rootfs_hook: this funtion is invoked only if 'read-only-rootfs'
is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
volatile.sh script run at rootfs time.

choose_volatile_conf_file: this function properly chooses the right
conf file for volatile storage handling according to the IMAGE_FEATURES.

[YOCTO #3406]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 8bf718a..15d42d0 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -394,6 +394,35 @@ zap_root_password () {
 	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
 } 
 
+# A hook function to support read-only-rootfs IMAGE_FEATURES
+read_only_rootfs_hook () {
+	# Tweak the mount option in fstab
+	sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > ${IMAGE_ROOTFS}/etc/fstab.new
+	mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
+	# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
+	sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
+	mv ${IMAGE_ROOTFS}/etc/default/rcS.new ${IMAGE_ROOTFS}/etc/default/rcS
+	# Run populate-volatile.sh at rootfs time to set up basic files
+	# and directories to support read-only rootfs.
+	if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
+		echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh doesn't exist."
+		exit 1
+	else
+		${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
+	fi
+}
+
+# Choose the correct config file for volatile storage handling according to the image type
+choose_volatile_conf_file () {
+	if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", "false" ,d)}; then
+		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
+			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
+	else
+		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
+			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
+	fi
+}
+
 # allow openssh accept login with empty password string
 openssh_allow_empty_password () {
 	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
-- 
1.7.9.5

[PATCH 3/4] core-image.bbclass: support read-only-rootfs image feature

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

Two hook functions are appended to ROOTFS_POSTPROCESS_COMMAND
properly to support the 'read-only-rootfs' image feature.

[YOCTO #3406]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 meta/classes/core-image.bbclass |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/meta/classes/core-image.bbclass b/meta/classes/core-image.bbclass
index 2e67018..dc8fdc3 100644
--- a/meta/classes/core-image.bbclass
+++ b/meta/classes/core-image.bbclass
@@ -28,6 +28,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3
 # - dev-pkgs            - development packages (headers, etc.) for all installed packages in the rootfs
 # - dbg-pkgs            - debug symbol packages for all installed packages in the rootfs
 # - doc-pkgs            - documentation packages for all installed packages in the rootfs
+# - read-only-rootfs    - tweaks an image to support read-only rootfs
 #
 PACKAGE_GROUP_x11 = "packagegroup-core-x11"
 PACKAGE_GROUP_x11-base = "packagegroup-core-x11-base"
@@ -73,9 +74,11 @@ inherit image
 
 # Create /etc/timestamp during image construction to give a reasonably sane default time setting
 ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
-
+# Choose the correct configuartion files for volatile storage handling
+ROOTFS_POSTPROCESS_COMMAND += "choose_volatile_conf_file ; "
 # Zap the root password if debug-tweaks feature is not enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks", "", "zap_root_password ; ",d)}'
 # Allow openssh accept empty password login if both debug-tweaks and ssh-server-openssh are enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "debug-tweaks ssh-server-openssh", "openssh_allow_empty_password; ", "",d)}'
-
+# Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
+ROOTFS_POSTPROCESS_COMMAND += '${@base_contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
-- 
1.7.9.5

[PATCH 4/4] initscripts: support read-only rootfs

[Qi.Chen]

From: Chen Qi <Qi.Chen@windriver.com>

To support a read-only rootfs, we use symbolic links which point
to volatile storage to create the illusion that some directories
are writable.

Improve populate-volatile.sh script to support read-only rootfs.
Add two default config files specific to read-only-rootfs image.

[YOCTO #3406]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 .../initscripts/initscripts-1.0/bootmisc.sh        |    9 +-
 .../initscripts-1.0/populate-volatile.sh           |  281 ++++++++++----------
 .../initscripts/initscripts-1.0/volatiles          |    1 +
 .../initscripts-1.0/volatiles-readonly-minimal     |    8 +
 .../initscripts-1.0/volatiles-readonly-sato        |   14 +
 meta/recipes-core/initscripts/initscripts_1.0.bb   |   11 +-
 6 files changed, 171 insertions(+), 153 deletions(-)
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-minimal
 create mode 100644 meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-sato

diff --git a/meta/recipes-core/initscripts/initscripts-1.0/bootmisc.sh b/meta/recipes-core/initscripts/initscripts-1.0/bootmisc.sh
index 4f76cb4..3b5a47f 100755
--- a/meta/recipes-core/initscripts/initscripts-1.0/bootmisc.sh
+++ b/meta/recipes-core/initscripts/initscripts-1.0/bootmisc.sh
@@ -54,14 +54,7 @@ fi
 
 #
 # This is as good a place as any for a sanity check
-# /tmp should be a symlink to /var/tmp to cut down on the number
-# of mounted ramdisks.
-if test ! -L /tmp && test -d /var/tmp
-then
-	rm -rf /tmp
-	ln -sf /var/tmp /tmp
-fi
-
+#
 # Set the system clock from hardware clock
 # If the timestamp is more recent than the current time,
 # use the timestamp instead.
diff --git a/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh b/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
index d2175d7..2691173 100755
--- a/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
+++ b/meta/recipes-core/initscripts/initscripts-1.0/populate-volatile.sh
@@ -8,192 +8,187 @@
 # Short-Description:  Populate the volatile filesystem
 ### END INIT INFO
 
-. /etc/default/rcS
-
-CFGDIR="/etc/default/volatiles"
-TMPROOT="/var/tmp"
+# Get ROOT_DIR
+DIRNAME=`dirname $0`
+ROOT_DIR=`echo $DIRNAME | sed -ne 's:etc/.*::p'`
+
+. ${ROOT_DIR}/etc/default/rcS
+# When running populat-volatile.sh at rootfs time, disable cache.
+[ "$ROOT_DIR" != "/" ] && VOLATILE_ENABLE_CACHE=no
+# If rootfs is read-only, disable cache.
+[ "$ROOTFS_READ_ONLY" = "yes" ] && VOLATILE_ENABLE_CACHE=no
+# All above statements will be moved to a central place, say var.sh which
+# encapsulates '. /etc/default/rcS'. 
+
+CFGDIR="${ROOT_DIR}/etc/default/volatiles"
+TMPROOT="${ROOT_DIR}/var/volatile/tmp"
 COREDEF="00_core"
+COREDEF_READONLY="00_core_readonly"
 
-[ "${VERBOSE}" != "no" ] && echo "Populating volatile Filesystems."
+[ "${VERBOSE}" != "no" ] && echo "Setting up basic files related to volatile storage under ${ROOT_DIR}."
 
 create_file() {
-	EXEC=" 
-	touch \"$1\"; 
-	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; 
-	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 " 
+	EXEC="
+	touch \"$1\";
+	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" > /dev/null 2>&1;
+	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" > /dev/null 2>&1 "
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
 
 	[ -e "$1" ] && {
-	  [ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
+		[ "${VERBOSE}" != "no" ] && echo "Target $1 already exists. Skipping."
 	} || {
-	  eval $EXEC &
+		if [ "$ROOT_DIR" = "/" ]; then
+			eval $EXEC
+		else
+			# Some operations at rootfs time may fail and should fail,
+		        # but these failures should not be logged.
+			eval $EXEC > /dev/null 2>&1
+		fi
 	}
 }
 
 mk_dir() {
 	EXEC=" 
 	mkdir -p \"$1\"; 
-	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; 
-	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
+	chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" 2>&1; 
+	chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" 2>&1 "
 
 	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
 	
 	[ -e "$1" ] && {
-	  [ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
+		[ "${VERBOSE}" != "no" ] && echo "Target ${1} already exists. Skipping."
 	} || {
-	  eval $EXEC
+		if [ "$ROOT_DIR" = "/" ]; then
+			eval $EXEC
+		else
+			# Some operations at rootfs time may fail and should fail,
+                        # but these failures should not be logged.
+			eval $EXEC > /dev/null 2>&1
+		fi
 	}
 }
 
 link_file() {
-	EXEC="test -e \"$2\" -o -L $2 || ln -s \"$1\" \"$2\" >/dev/tty0 2>&1" 
-
-	test "$VOLATILE_ENABLE_CACHE" = yes && echo "	$EXEC" >> /etc/volatile.cache.build
-	
-	[ -e "$2" ] && {
-	  echo "Cannot create link over existing -${TNAME}-." >&2
-	} || {
-	  eval $EXEC &
-	}
+	EXEC="
+	if [ -L \"$2\" ]; then
+		[ \"$(readlink -f \"$2\")\" != \"$(readlink -f \"$1\")\" ] && { rm -f \"$2\"; ln -sf \"$1\" \"$2\"; };
+	elif [ -d \"$2\" ]; then
+		rm -rf \"$2\";
+                ln -sf \"$1\" \"$2\";
+        else
+                ln -sf \"$1\" \"$2\";
+	fi
+        "
+        test "$VOLATILE_ENABLE_CACHE" = yes && echo "   $EXEC" >> /etc/volatile.cache.build
+	if [ "$ROOT_DIR" = "/" ]; then
+		eval $EXEC
+	else
+		# Some operations at rootfs time may fail and should fail,
+                # but these failures should not be logged
+		eval $EXEC > /dev/null 2>&1
+	fi
 }
 
 check_requirements() {
+	cleanup() {
+		rm "${TMP_INTERMED}"
+		rm "${TMP_DEFINED}"
+		rm "${TMP_COMBINED}"
+	}
+	
+	CFGFILE="$1"
+	[ `basename "${CFGFILE}"` = "${COREDEF}" ] && return 0
+	# $COREDEF_READONLY conf file should only be applied when rootfs is read-only
+	if [ `basename "${CFGFILE}"` = "${COREDEF_READONLY}" ]; then
+		[ "$ROOTFS_READ_ONLY" = "yes" ] && return 0 || return 1
+	fi
+
+	TMP_INTERMED="${TMPROOT}/tmp.$$"
+	TMP_DEFINED="${TMPROOT}/tmpdefined.$$"
+	TMP_COMBINED="${TMPROOT}/tmpcombined.$$"
+
+	cat ${ROOT_DIR}/etc/passwd | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
+	cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 2 > "${TMP_INTERMED}"
+	cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
+	NR_DEFINED_USERS="`cat "${TMP_DEFINED}" | wc -l`"
+	NR_COMBINED_USERS="`cat "${TMP_COMBINED}" | wc -l`"
+
+	[ "${NR_DEFINED_USERS}" -ne "${NR_COMBINED_USERS}" ] && {
+		echo "Undefined users:"
+		diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
+		cleanup
+		return 1
+	}
 
-  cleanup() {
-    rm "${TMP_INTERMED}"
-    rm "${TMP_DEFINED}"
-    rm "${TMP_COMBINED}"
-    }
-    
-  CFGFILE="$1"
-
-  [ `basename "${CFGFILE}"` = "${COREDEF}" ] && return 0
-
-  TMP_INTERMED="${TMPROOT}/tmp.$$"
-  TMP_DEFINED="${TMPROOT}/tmpdefined.$$"
-  TMP_COMBINED="${TMPROOT}/tmpcombined.$$"
-
-
-  cat /etc/passwd | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
-  cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 2 > "${TMP_INTERMED}"
-  cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
-
-  NR_DEFINED_USERS="`cat "${TMP_DEFINED}" | wc -l`"
-  NR_COMBINED_USERS="`cat "${TMP_COMBINED}" | wc -l`"
-
-  [ "${NR_DEFINED_USERS}" -ne "${NR_COMBINED_USERS}" ] && {
-    echo "Undefined users:"
-    diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
-    cleanup
-    return 1
-    }
-
-
-  cat /etc/group | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
-  cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 3 > "${TMP_INTERMED}"
-  cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
 
-  NR_DEFINED_GROUPS="`cat "${TMP_DEFINED}" | wc -l`"
-  NR_COMBINED_GROUPS="`cat "${TMP_COMBINED}" | wc -l`"
+	cat ${ROOT_DIR}/etc/group | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
+	cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 3 > "${TMP_INTERMED}"
+	cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
 
-  [ "${NR_DEFINED_GROUPS}" -ne "${NR_COMBINED_GROUPS}" ] && {
-    echo "Undefined groups:"
-    diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
-    cleanup
-    return 1
-    }
+	NR_DEFINED_GROUPS="`cat "${TMP_DEFINED}" | wc -l`"
+	NR_COMBINED_GROUPS="`cat "${TMP_COMBINED}" | wc -l`"
 
-  # Add checks for required directories here
+	[ "${NR_DEFINED_GROUPS}" -ne "${NR_COMBINED_GROUPS}" ] && {
+		echo "Undefined groups:"
+		diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
+		cleanup
+		return 1
+	}
 
-  cleanup
-  return 0
-  }
+	cleanup
+	return 0
+}
 
 apply_cfgfile() {
+	CFGFILE="$1"
+	[ ${VERBOSE} != "no" ] && echo "Applying config file: $CFGFILE"
+	
+	check_requirements "${CFGFILE}" || {
+		echo "Skipping ${CFGFILE}"
+		return 1
+	}
+
+	cat ${CFGFILE} | grep -v "^#" | sed -e '/^$/ d' | \
+		while read LINE; do
+		eval `echo "$LINE" | sed -n "s/\(.*\)\ \(.*\) \(.*\)\ \(.*\)\ \(.*\)\ \(.*\)/TTYPE=\1 ; TUSER=\2; TGROUP=\3; TMODE=\4; TNAME=\5 TLTARGET=\6/p"`
+		TNAME=${ROOT_DIR}/${TNAME}
+		[ "${VERBOSE}" != "no" ] && echo "Checking for -${TNAME}-."
+
+		[ "${TTYPE}" = "l" ] && {
+			TSOURCE="$TLTARGET"
+			[ "${VERBOSE}" != "no" ] && echo "Creating link -${TNAME}- pointing to -${TSOURCE}-."
+			link_file "${TSOURCE}" "${TNAME}"
+			continue
+		}
+		case "${TTYPE}" in
+			"f")  [ "${VERBOSE}" != "no" ] && echo "Creating file -${TNAME}-."
+				create_file "${TNAME}"
+				;;
+			"d")  [ "${VERBOSE}" != "no" ] && echo "Creating directory -${TNAME}-."
+				mk_dir "${TNAME}"
+				;;
+			*)    [ "${VERBOSE}" != "no" ] && echo "Invalid type -${TTYPE}-."
+				continue
+				;;
+		esac
+	done
+	return 0
+}
 
-  CFGFILE="$1"
-
-  check_requirements "${CFGFILE}" || {
-    echo "Skipping ${CFGFILE}"
-    return 1
-    }
-
-  cat ${CFGFILE} | grep -v "^#" | \
-  while read LINE; do
-
-    eval `echo "$LINE" | sed -n "s/\(.*\)\ \(.*\) \(.*\)\ \(.*\)\ \(.*\)\ \(.*\)/TTYPE=\1 ; TUSER=\2; TGROUP=\3; TMODE=\4; TNAME=\5 TLTARGET=\6/p"`
-
-    [ "${VERBOSE}" != "no" ] && echo "Checking for -${TNAME}-."
-
-
-    [ "${TTYPE}" = "l" ] && {
-      TSOURCE="$TLTARGET"
-      [ -L "${TNAME}" ] || {
-        [ "${VERBOSE}" != "no" ] && echo "Creating link -${TNAME}- pointing to -${TSOURCE}-."
-        link_file "${TSOURCE}" "${TNAME}" &
-        }
-      continue
-      }
-
-    [ -L "${TNAME}" ] && {
-      [ "${VERBOSE}" != "no" ] && echo "Found link."
-      NEWNAME=`ls -l "${TNAME}" | sed -e 's/^.*-> \(.*\)$/\1/'`
-      echo ${NEWNAME} | grep -v "^/" >/dev/null && {
-        TNAME="`echo ${TNAME} | sed -e 's@\(.*\)/.*@\1@'`/${NEWNAME}"
-        [ "${VERBOSE}" != "no" ] && echo "Converted relative linktarget to absolute path -${TNAME}-."
-        } || {
-        TNAME="${NEWNAME}"
-        [ "${VERBOSE}" != "no" ] && echo "Using absolute link target -${TNAME}-."
-        }
-      }
-
-    case "${TTYPE}" in
-      "f")  [ "${VERBOSE}" != "no" ] && echo "Creating file -${TNAME}-."
-            create_file "${TNAME}" &
-	    ;;
-      "d")  [ "${VERBOSE}" != "no" ] && echo "Creating directory -${TNAME}-."
-            mk_dir "${TNAME}"
-	    # Add check to see if there's an entry in fstab to mount.
-	    ;;
-      *)    [ "${VERBOSE}" != "no" ] && echo "Invalid type -${TTYPE}-."
-            continue
-	    ;;
-    esac
-
-
-    done
-
-  return 0
-
-  }
-
-clearcache=0
-exec 9</proc/cmdline
-while read line <&9
-do
-	case "$line" in
-		*clearcache*)  clearcache=1
-			       ;;
-		*)	       continue
-			       ;;
-	esac
-done
-exec 9>&-
-
-if test -e /etc/volatile.cache -a "$VOLATILE_ENABLE_CACHE" = "yes" -a "x$1" != "xupdate" -a "x$clearcache" = "x0"
+if test -e ${ROOT_DIR}/etc/volatile.cache -a $VOLATILE_ENABLE_CACHE = yes -a x$1 != xupdate
 then
-	sh /etc/volatile.cache
+	sh ${ROOT_DIR}/etc/volatile.cache
 else	
-	rm -f /etc/volatile.cache /etc/volatile.cache.build
+	rm -f ${ROOT_DRI}/etc/volatile.cache ${ROOT_DIR}/etc/volatile.cache.build
 	for file in `ls -1 "${CFGDIR}" | sort`; do
 		apply_cfgfile "${CFGDIR}/${file}"
 	done
 
-	[ -e /etc/volatile.cache.build ] && sync && mv /etc/volatile.cache.build /etc/volatile.cache
+	[ -e ${ROOT_DIR}/etc/volatile.cache.build ] && sync && mv ${ROOT_DIR}/etc/volatile.cache.build ${ROOT_DIR}/etc/volatile.cache
 fi
 
-if test -f /etc/ld.so.cache -a ! -f /var/run/ld.so.cache
+if [ "${ROOT_DIR}" = "/" ] && [ -f /etc/ld.so.cache ] && [ ! -f /var/run/ld.so.cache ]
 then
 	ln -s /etc/ld.so.cache /var/run/ld.so.cache
 fi
diff --git a/meta/recipes-core/initscripts/initscripts-1.0/volatiles b/meta/recipes-core/initscripts/initscripts-1.0/volatiles
index e0741aa..f7e2ef7 100644
--- a/meta/recipes-core/initscripts/initscripts-1.0/volatiles
+++ b/meta/recipes-core/initscripts/initscripts-1.0/volatiles
@@ -31,6 +31,7 @@ l root root 1777 /var/lock /var/volatile/lock
 l root root 0755 /var/log /var/volatile/log
 l root root 0755 /var/run /var/volatile/run
 l root root 1777 /var/tmp /var/volatile/tmp
+l root root 1777 /tmp /var/tmp
 d root root 0755 /var/lock/subsys none
 f root root 0664 /var/log/wtmp none
 f root root 0664 /var/run/utmp none
diff --git a/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-minimal b/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-minimal
new file mode 100644
index 0000000..aea5a53
--- /dev/null
+++ b/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-minimal
@@ -0,0 +1,8 @@
+# This configuration file lists filesystem objects specific to minimal image
+# with read-only rootfs.
+# This configuration file will only be applied if the image is minimal and the
+# rootfs is read-only.
+# For the detailed format information, refer to /etc/default/volatiles/00_core.
+d root root 0755 /var/volatile/lib/ none
+d root root 0755 /var/volatile/lib/urandom/ none
+l root root 0755 /var/lib/urandom /var/volatile/lib/urandom
\ No newline at end of file
diff --git a/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-sato b/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-sato
new file mode 100644
index 0000000..4a56b81
--- /dev/null
+++ b/meta/recipes-core/initscripts/initscripts-1.0/volatiles-readonly-sato
@@ -0,0 +1,14 @@
+# This configuration file lists filesystem objects specific to sato image
+# with read-only rootfs.
+# This configuration file will only be applied if the image is sato and the
+# rootfs is read-only.
+# For the detailed format information, refer to /etc/default/volatiles/00_core.
+d root root 0755 /var/volatile/lib/ none
+d root root 0755 /var/volatile/lib/urandom/ none
+d root root 0755 /var/volatile/lib/dropbear/ none
+d root root 0755 /var/volatile/lib/nfs/ none
+d root root 0755 /var/volatile/lib/dbus/ none
+l root root 0755 /var/lib/urandom /var/volatile/lib/urandom
+l root root 0755 /var/lib/dropbear /var/volatile/lib/dropbear
+l root root 0755 /var/lib/nfs /var/volatile/lib/nfs
+l root root 0755 /var/lib/dbus /var/volatile/lib/dbus
diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb
index 39be9a8..f111e91 100644
--- a/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "Initscripts provide the basic system startup initialization scrip
 SECTION = "base"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-PR = "r138"
+PR = "r139"
 
 INHIBIT_DEFAULT_DEPS = "1"
 
@@ -30,8 +30,10 @@ SRC_URI = "file://functions \
            file://device_table.txt \
            file://populate-volatile.sh \
            file://volatiles \
+           file://volatiles-readonly-minimal \
+           file://volatiles-readonly-sato \
            file://save-rtc.sh \
-	   file://GPLv2.patch"
+           file://GPLv2.patch"
 
 SRC_URI_append_arm = " file://alignment.sh"
 
@@ -65,6 +67,7 @@ do_install () {
 	install -d ${D}${sysconfdir}/rc6.d
 	install -d ${D}${sysconfdir}/default
 	install -d ${D}${sysconfdir}/default/volatiles
+	install -d ${D}${sysconfdir}/default/volatiles_stage
 
 	install -m 0644    ${WORKDIR}/functions		${D}${sysconfdir}/init.d
 	install -m 0755    ${WORKDIR}/bootmisc.sh	${D}${sysconfdir}/init.d
@@ -86,6 +89,10 @@ do_install () {
 	install -m 0755    ${WORKDIR}/populate-volatile.sh ${D}${sysconfdir}/init.d
 	install -m 0755    ${WORKDIR}/save-rtc.sh	${D}${sysconfdir}/init.d
 	install -m 0644    ${WORKDIR}/volatiles		${D}${sysconfdir}/default/volatiles/00_core
+        # Install read-only rootfs specific config files
+	install -m 0644 ${WORKDIR}/volatiles-readonly-sato ${D}${sysconfdir}/default/volatiles_stage/volatiles-readonly-sato
+	install -m 0644 ${WORKDIR}/volatiles-readonly-minimal ${D}${sysconfdir}/default/volatiles_stage/volatiles-readonly-minimal
+
 	if [ "${TARGET_ARCH}" = "arm" ]; then
 		install -m 0755 ${WORKDIR}/alignment.sh	${D}${sysconfdir}/init.d
 	fi
-- 
1.7.9.5

Re: [PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3094 bytes --]

On Thu, Dec 27, 2012 at 10:57:39AM +0800, Qi.Chen@windriver.com wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
> 
> read_only_rootfs_hook: this funtion is invoked only if 'read-only-rootfs'
> is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
> volatile.sh script run at rootfs time.
> 
> choose_volatile_conf_file: this function properly chooses the right
> conf file for volatile storage handling according to the IMAGE_FEATURES.

choose_volatile_conf_file is always called from core-image with or
without read-only-rootfs in IMAGE_FEATURES.

So it will use /etc/default/volatiles_stage/volatiles-readonly-minimal
without read-only-rootfs.

Cheers,

> 
> [YOCTO #3406]
> 
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
>  meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index 8bf718a..15d42d0 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -394,6 +394,35 @@ zap_root_password () {
>  	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>  } 
>  
> +# A hook function to support read-only-rootfs IMAGE_FEATURES
> +read_only_rootfs_hook () {
> +	# Tweak the mount option in fstab
> +	sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > ${IMAGE_ROOTFS}/etc/fstab.new
> +	mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
> +	# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
> +	sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
> +	mv ${IMAGE_ROOTFS}/etc/default/rcS.new ${IMAGE_ROOTFS}/etc/default/rcS
> +	# Run populate-volatile.sh at rootfs time to set up basic files
> +	# and directories to support read-only rootfs.
> +	if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
> +		echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh doesn't exist."
> +		exit 1
> +	else
> +		${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
> +	fi
> +}
> +
> +# Choose the correct config file for volatile storage handling according to the image type
> +choose_volatile_conf_file () {
> +	if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", "false" ,d)}; then
> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
> +	else
> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
> +	fi
> +}
> +
>  # allow openssh accept login with empty password string
>  openssh_allow_empty_password () {
>  	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
> -- 
> 1.7.9.5
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]

Re: [PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[ChenQi]

On 12/27/2012 04:42 PM, Martin Jansa wrote:
> On Thu, Dec 27, 2012 at 10:57:39AM +0800, Qi.Chen@windriver.com wrote:
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> read_only_rootfs_hook: this funtion is invoked only if 'read-only-rootfs'
>> is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
>> volatile.sh script run at rootfs time.
>>
>> choose_volatile_conf_file: this function properly chooses the right
>> conf file for volatile storage handling according to the IMAGE_FEATURES.
> choose_volatile_conf_file is always called from core-image with or
> without read-only-rootfs in IMAGE_FEATURES.
>
> So it will use /etc/default/volatiles_stage/volatiles-readonly-minimal
> without read-only-rootfs.
>
> Cheers,
Yes. And I did this on purpose.

I want to ship the conf file no matter we're building a 
'read-only-rootfs' image or not.
In this way, changing 'ROOTFS_READ_ONLY' to 'yes' on a currently running 
system and rebooting will give the user a working system with read-only 
rootfs.

If the rootfs is not read-only, this conf file will not be applied, both 
at rootfs construction time and at system startup time.

Best Regards,
Chen Qi

>> [YOCTO #3406]
>>
>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>> ---
>>   meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
>>   1 file changed, 29 insertions(+)
>>
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index 8bf718a..15d42d0 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -394,6 +394,35 @@ zap_root_password () {
>>   	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>>   }
>>   
>> +# A hook function to support read-only-rootfs IMAGE_FEATURES
>> +read_only_rootfs_hook () {
>> +	# Tweak the mount option in fstab
>> +	sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > ${IMAGE_ROOTFS}/etc/fstab.new
>> +	mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
>> +	# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
>> +	sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
>> +	mv ${IMAGE_ROOTFS}/etc/default/rcS.new ${IMAGE_ROOTFS}/etc/default/rcS
>> +	# Run populate-volatile.sh at rootfs time to set up basic files
>> +	# and directories to support read-only rootfs.
>> +	if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
>> +		echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh doesn't exist."
>> +		exit 1
>> +	else
>> +		${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
>> +	fi
>> +}
>> +
>> +# Choose the correct config file for volatile storage handling according to the image type
>> +choose_volatile_conf_file () {
>> +	if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", "false" ,d)}; then
>> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
>> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +	else
>> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
>> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +	fi
>> +}
>> +
>>   # allow openssh accept login with empty password string
>>   openssh_allow_empty_password () {
>>   	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
>> -- 
>> 1.7.9.5
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[ChenQi]

On 12/27/2012 04:42 PM, Martin Jansa wrote:
> On Thu, Dec 27, 2012 at 10:57:39AM +0800, Qi.Chen@windriver.com wrote:
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> read_only_rootfs_hook: this funtion is invoked only if 'read-only-rootfs'
>> is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
>> volatile.sh script run at rootfs time.
>>
>> choose_volatile_conf_file: this function properly chooses the right
>> conf file for volatile storage handling according to the IMAGE_FEATURES.
> choose_volatile_conf_file is always called from core-image with or
> without read-only-rootfs in IMAGE_FEATURES.
>
> So it will use /etc/default/volatiles_stage/volatiles-readonly-minimal
> without read-only-rootfs.
>
> Cheers,
Thanks for your review  :)

The commit message here is kind of misleading.
Maybe I should modify the commit message here?

Thanks,
Chen Qi

>> [YOCTO #3406]
>>
>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>> ---
>>   meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
>>   1 file changed, 29 insertions(+)
>>
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index 8bf718a..15d42d0 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -394,6 +394,35 @@ zap_root_password () {
>>   	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>>   }
>>   
>> +# A hook function to support read-only-rootfs IMAGE_FEATURES
>> +read_only_rootfs_hook () {
>> +	# Tweak the mount option in fstab
>> +	sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > ${IMAGE_ROOTFS}/etc/fstab.new
>> +	mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
>> +	# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
>> +	sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
>> +	mv ${IMAGE_ROOTFS}/etc/default/rcS.new ${IMAGE_ROOTFS}/etc/default/rcS
>> +	# Run populate-volatile.sh at rootfs time to set up basic files
>> +	# and directories to support read-only rootfs.
>> +	if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
>> +		echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh doesn't exist."
>> +		exit 1
>> +	else
>> +		${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
>> +	fi
>> +}
>> +
>> +# Choose the correct config file for volatile storage handling according to the image type
>> +choose_volatile_conf_file () {
>> +	if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", "false" ,d)}; then
>> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
>> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +	else
>> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
>> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +	fi
>> +}
>> +
>>   # allow openssh accept login with empty password string
>>   openssh_allow_empty_password () {
>>   	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
>> -- 
>> 1.7.9.5
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[Saul Wold]

On 12/26/2012 06:57 PM, Qi.Chen@windriver.com wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> read_only_rootfs_hook: this funtion is invoked only if 'read-only-rootfs'
> is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
> volatile.sh script run at rootfs time.
>
> choose_volatile_conf_file: this function properly chooses the right
> conf file for volatile storage handling according to the IMAGE_FEATURES.
>
> [YOCTO #3406]
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
>   meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
>   1 file changed, 29 insertions(+)
>
> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> index 8bf718a..15d42d0 100644
> --- a/meta/classes/image.bbclass
> +++ b/meta/classes/image.bbclass
> @@ -394,6 +394,35 @@ zap_root_password () {
>   	mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>   }
>
> +# A hook function to support read-only-rootfs IMAGE_FEATURES
> +read_only_rootfs_hook () {
> +	# Tweak the mount option in fstab
> +	sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > ${IMAGE_ROOTFS}/etc/fstab.new
> +	mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
> +	# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
> +	sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
> +	mv ${IMAGE_ROOTFS}/etc/default/rcS.new ${IMAGE_ROOTFS}/etc/default/rcS
For the above 2 sed/mv, can't you use sed -i instead, cuts down on the 
exec overhead.

Sau!

> +	# Run populate-volatile.sh at rootfs time to set up basic files
> +	# and directories to support read-only rootfs.
> +	if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
> +		echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh doesn't exist."
> +		exit 1
> +	else
> +		${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
> +	fi
> +}
> +
> +# Choose the correct config file for volatile storage handling according to the image type
> +choose_volatile_conf_file () {
> +	if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", "false" ,d)}; then
> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
> +	else
> +		cp ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
> +			${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
> +	fi
> +}
> +
>   # allow openssh accept login with empty password string
>   openssh_allow_empty_password () {
>   	if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
>

Re: [PATCH 2/4] image.bbclass: add two hook funtions to support read-only rootfs

[ChenQi]

On 12/28/2012 02:22 AM, Saul Wold wrote:
> On 12/26/2012 06:57 PM, Qi.Chen@windriver.com wrote:
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> read_only_rootfs_hook: this funtion is invoked only if 
>> 'read-only-rootfs'
>> is in IMAGE_FEATURES. It tweaks some basic files and makes populate-
>> volatile.sh script run at rootfs time.
>>
>> choose_volatile_conf_file: this function properly chooses the right
>> conf file for volatile storage handling according to the IMAGE_FEATURES.
>>
>> [YOCTO #3406]
>>
>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>> ---
>>   meta/classes/image.bbclass |   29 +++++++++++++++++++++++++++++
>>   1 file changed, 29 insertions(+)
>>
>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
>> index 8bf718a..15d42d0 100644
>> --- a/meta/classes/image.bbclass
>> +++ b/meta/classes/image.bbclass
>> @@ -394,6 +394,35 @@ zap_root_password () {
>>       mv ${IMAGE_ROOTFS}/etc/passwd.new ${IMAGE_ROOTFS}/etc/passwd
>>   }
>>
>> +# A hook function to support read-only-rootfs IMAGE_FEATURES
>> +read_only_rootfs_hook () {
>> +    # Tweak the mount option in fstab
>> +    sed '/rootfs/ s/defaults/ro/' < ${IMAGE_ROOTFS}/etc/fstab > 
>> ${IMAGE_ROOTFS}/etc/fstab.new
>> +    mv ${IMAGE_ROOTFS}/etc/fstab.new ${IMAGE_ROOTFS}/etc/fstab
>> +    # Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
>> +    sed 's/ROOTFS_READ_ONLY=no/ROOTFS_READ_ONLY=yes/' < 
>> ${IMAGE_ROOTFS}/etc/default/rcS > ${IMAGE_ROOTFS}/etc/default/rcS.new
>> +    mv ${IMAGE_ROOTFS}/etc/default/rcS.new 
>> ${IMAGE_ROOTFS}/etc/default/rcS
> For the above 2 sed/mv, can't you use sed -i instead, cuts down on the 
> exec overhead.
>
> Sau!
>
I've fixed this and sent out a V4.

Thanks,
Chen Qi
>> +    # Run populate-volatile.sh at rootfs time to set up basic files
>> +    # and directories to support read-only rootfs.
>> +    if [ ! -e ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
>> +        echo "${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh 
>> doesn't exist."
>> +        exit 1
>> +    else
>> +        ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
>> +    fi
>> +}
>> +
>> +# Choose the correct config file for volatile storage handling 
>> according to the image type
>> +choose_volatile_conf_file () {
>> +    if ${@base_contains("IMAGE_FEATURES", "x11-sato", "true", 
>> "false" ,d)}; then
>> +        cp 
>> ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-sato \
>> + ${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +    else
>> +        cp 
>> ${IMAGE_ROOTFS}/etc/default/volatiles_stage/volatiles-readonly-minimal \
>> + ${IMAGE_ROOTFS}/etc/default/volatiles/00_core_readonly
>> +    fi
>> +}
>> +
>>   # allow openssh accept login with empty password string
>>   openssh_allow_empty_password () {
>>       if [ -e ${IMAGE_ROOTFS}${sysconfdir}/ssh/sshd_config ]; then
>>
>
>