Re: [PATCH 1/2] initramfs: add hook for data-reset

[Jan Kiszka <jan.kiszka@siemens.com>]

On 28.04.25 10:23, Quirin Gylstorff wrote:
> 
> 
> On 4/28/25 08:35, Jan Kiszka wrote:
>> On 24.04.25 11:22, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> This allows to reset the device data by deleting
>>> all files in the persistent partitions.
>>>
>>> The reset occurs if a file defined by the variable
>>> INITRAMFS_DATA_RESET_MARKER
>>> exists in the device INITRAMFS_DATA_RESET_MARKER_DEVICE.
>>>
>>> This feature allows to add device specific trigger to restore
>>> the persistent file system to the first-boot state.
>>>
>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> ---
>>>   .../files/local-bottom-complete.tmpl          | 76 +++++++++++++++++++
>>>   .../initramfs-data-reset-hook_0.1.bb          | 36 +++++++++
>>>   2 files changed, 112 insertions(+)
>>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>> files/local-bottom-complete.tmpl
>>>   create mode 100644 recipes-initramfs/initramfs-factory-reset-hook/
>>> initramfs-data-reset-hook_0.1.bb
>>>
>>> diff --git a/recipes-initramfs/initramfs-factory-reset-hook/files/
>>> local-bottom-complete.tmpl b/recipes-initramfs/initramfs-factory-
>>> reset-hook/files/local-bottom-complete.tmpl
>>> new file mode 100644
>>> index 0000000..f02f95c
>>> --- /dev/null
>>> +++ b/recipes-initramfs/initramfs-factory-reset-hook/files/local-
>>> bottom-complete.tmpl
>>> @@ -0,0 +1,76 @@
>>> +#!/bin/sh
>>> +#
>>> +# CIP Core, generic profile
>>> +#
>>> +# Copyright (c) Siemens AG, 2025
>>> +#
>>> +# Authors:
>>> +#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> +#
>>> +prereqs()
>>> +{
>>> +    # Make sure that this script is run last in local-top
>>
>> But it is called "local-bottom-complete"...
>>
>>> +    # but before overlay
>>> +    local req
>>> +    for req in "${0%/*}"/*; do
>>> +        script="${req##*/}"
>>> +        if [ "$script" != "${0##*/}" ] &&
>>> +            [ "$script" != "overlay" ] ; then
>>> +            printf '%s\n' "$script"
>>> +        fi
>>
>> Will create undefined dependencies between this and the crypt hook.
>> Please sort that out.
> 
> I will move this before the crypt hook for now.

Don't you need crypt to run first to unlock the data partition?

>  >> +    done
>>> +}
>>> +case $1 in
>>> +prereqs)
>>> +    prereqs
>>> +    exit 0
>>> +    ;;
>>> +esac
>>> +
>>> +. /scripts/functions
>>> +
>>> +marker="${INITRAMFS_DATA_RESET_MARKER}"
>>> +marker_storage_device="${INITRAMFS_DATA_RESET_MARKER_STORAGE_DEVICE}"
>>> +target_devices="${INITRAMFS_DATA_RESET_DEVICES}"
>>> +
>>> +storage_mnt="$(findmnt "${marker_storage_device}")"
>>> +factory_reset=false
>>
>> I thought you didn't want to call it "factory reset"?
> As the hook does not to a complete factory reset ( the disk encryption
> stays) I used data reset for now. If we add formatting a throw a way
>  the disk keys I can rename it.
> 
> 
>>
>>> +tmp_mount=$(mktemp -d)
>>> +# check for marker
>>> +if [ -z "${storage_mnt}" ]; then
>>> +    if ! mount -t "$(get_fstype "${marker_storage_device}")" \
>>> +         "${marker_storage_device}" \
>>> +         "${tmp_mount}"; then
>>> +        panic "Can't mount ${marker_storage_device}!"
>>> +    fi
>>> +    storage_mnt="$tmp_mount"
>>> +fi
>>> +if [ -e "${storage_mnt}${marker}" ]; then
>>> +    factory_reset=true
>>> +fi
>>> +if mountpoint -q "$tmp_mount"; then
>>> +    umount "$tmp_mount"
>>> +fi
>>> +if [ "${factory_reset}" = "true" ]; then
>>> +    log_begin_msg "Factory Reset"
>>> +    for target in ${target_devices}; do
>>> +        target_mnt="$(findmnt "${target}")"
>>> +        if [ -z "$target_mnt" ]; then
>>> +            if ! mount -t "$(get_fstype "${target}")" \
>>> +                 "${marker_storage_device}" \
>>> +                 "${tmp_mount}"; then
>>> +                panic "Can't mount ${target}!"
>>> +            fi
>>> +            target_mnt="$tmp_mount"
>>> +        fi
>>> +
>>> +        # delete all files in the target mount point
>>> +        find "${target_mnt}" ! -wholename "${target_mnt}" \
>>> +            ! -name "lost+found" -exec rm -rf {} +
>>
>> rm --one-file-system
>>
>> But wouldn't reformatting be simpler?
>>
> That is the question - My first thought was reformatting but then we
> lose the information from snapshot based file systems (e.g. btrfs).
> 

Which information? Aren't snapshot considered data here as well - which
we want to reset?

For a future solution that uses a/b btrfs plus some factory reset
snapshot state, this logic here will surely need adjustments. Or we
won't use the hook but rather embed related logic into some a/b data
partition hook.

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center