Re: [Buildroot] [PATCH 2/6 v3] package/skeleton-systemd: systemd-ify mounting /var tmpfs with ro rootfs

From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: yann.morin@orange.com
Cc: "Norbert Lange" <nolange79@gmail.com>,
	"Jérémy Rosen" <jeremy.rosen@smile.fr>,
	"Romain Naour" <romain.naour@smile.fr>,
	buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 2/6 v3] package/skeleton-systemd: systemd-ify mounting /var tmpfs with ro rootfs
Date: Wed, 21 Dec 2022 22:17:39 +0100	[thread overview]
Message-ID: <20221221211739.GO2909@scaer> (raw)
In-Reply-To: <27491_1666122194_634F01D2_27491_495_1_cf89a104edc507c063e6f4716cc859891b489d27.1666122184.git.yann.morin@orange.com>

Yann, All,

On 2022-10-18 21:43 +0200, yann.morin@orange.com spake thusly:
> To mount our /var tmpfs when the rootfs is mounted read-only (really,
> not remounted reqd-write), we use an entry in fstab.
> 
> However, /etc could also be a tmpfs (for full state-less systems, or
> easy factory-reset, see [0]). It also prevents easily ordeting other
> systemd units until after /var is mounted 5not impossible, but less
> easy).
> 
> So, we register /var as a systemd mount unit, so that we can also have
> the /var factory populated and functional even when /etc is empty. The
> var.mount unit is heavily modelled after systemd's own tmp.mount one, so
> we carry the same license for that file (in case that may apply). We add
> an explicit reverse dependency to systemd-tmpfiles-setup.service, to
> ensure /var is mounted before we try to populate it.
> 
> This has two side effects:
>   - as hinted previously, it simplifies writing other systemd units to
>     order them after /var is mounted
>   - replace it with their own, which mounts an actual filesystem
> 
> [0] http://0pointer.de/blog/projects/stateless.html
> 
> Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
> Cc: Norbert Lange <nolange79@gmail.com>
> Cc: Romain Naour <romain.naour@smile.fr>
> Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
> [yann.morin.1998@free.fr:
>   - split original patch in two
>   - this one only handles converting /var mounting into a systemd unit
>   - adapt commit log accordingly
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

Applied to master with the tweaks suggested by Norbert, thanks.

Regards,
Yann E. MORIN.

> ---
>  .../skeleton-init-systemd.mk                   |  3 ++-
>  package/skeleton-init-systemd/var.mount        | 18 ++++++++++++++++++
>  2 files changed, 20 insertions(+), 1 deletion(-)
>  create mode 100644 package/skeleton-init-systemd/var.mount
> 
> diff --git a/package/skeleton-init-systemd/skeleton-init-systemd.mk b/package/skeleton-init-systemd/skeleton-init-systemd.mk
> index 7b66732ef4..970951d553 100644
> --- a/package/skeleton-init-systemd/skeleton-init-systemd.mk
> +++ b/package/skeleton-init-systemd/skeleton-init-systemd.mk
> @@ -30,7 +30,6 @@ else
>  # back there by the tmpfiles.d mechanism.
>  define SKELETON_INIT_SYSTEMD_ROOT_RO_OR_RW
>  	echo "/dev/root / auto ro 0 1" >$(TARGET_DIR)/etc/fstab
> -	echo "tmpfs /var tmpfs mode=1777 0 0" >>$(TARGET_DIR)/etc/fstab
>  endef
>  
>  define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
> @@ -52,6 +51,8 @@ define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
>  			|| exit 1; \
>  		fi; \
>  	done >$(TARGET_DIR)/usr/lib/tmpfiles.d/buildroot-factory.conf
> +	$(INSTALL) -D -m 0644 $(SKELETON_INIT_SYSTEMD_PKGDIR)/var.mount \
> +		$(TARGET_DIR)/usr/lib/systemd/system/var.mount
>  endef
>  SKELETON_INIT_SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
>  
> diff --git a/package/skeleton-init-systemd/var.mount b/package/skeleton-init-systemd/var.mount
> new file mode 100644
> index 0000000000..6b165dff6d
> --- /dev/null
> +++ b/package/skeleton-init-systemd/var.mount
> @@ -0,0 +1,18 @@
> +# SPDX-License-Identifier: LGPL-2.1-or-later
> +# Modelled after systemd's tmp.mount
> +
> +[Unit]
> +Description=Buildroot /var tmpfs
> +DefaultDependencies=no
> +Conflicts=umount.target
> +Before=basic.target local-fs.target umount.target systemd-tmpfiles-setup.service
> +After=swap.target
> +
> +[Mount]
> +What=tmpfs
> +Where=/var
> +Type=tmpfs
> +Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m
> +
> +[Install]
> +WantedBy=basic.target
> -- 
> 2.25.1
> 
> 
> _________________________________________________________________________________________________________________________
> 
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot