* [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay
@ 2022-04-21 11:52 Jan Kiszka
2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw)
To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm
This addresses the problem of current read-only rootfs + /etc overlay as
used for the SWUpdate setups.
Due to ordering issues in systemd startup between machine-id handling
vs. making /etc writable via the overlay, various things are broken down
the line, e.g. journal reporting. Reading [1], it appeared to be best to
move the overlay mounting into the initramfs. And this implementation
proves this to be right: simpler and working smoothly.
As a by-product, this also unifies the initramfs-abrootfs-hook, and
makes it simpler as well.
Jan
[1] https://www.spinics.net/lists/systemd-devel/msg05670.html
Jan Kiszka (3):
wic: Align kernel command line of qemu-amd64-efibootguard*
initramfs-abrootfs-hook: Convert to an initramfs-class recipe
Convert /etc overlay from systemd mount unit to initramfs hook
classes/image_uuid.bbclass | 6 +-
classes/secure-wic-swu-img.bbclass | 4 --
classes/wic-swu-img.bbclass | 6 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 1 +
kas/opt/ebg-swu.yml | 2 +-
.../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 ---------
.../etc-overlay-fs/files/etc-hostname.service | 14 ----
.../files/etc-sshd-regen-keys.conf | 6 --
.../etc-overlay-fs/files/etc-sysusers.conf | 4 --
recipes-core/etc-overlay-fs/files/etc.mount | 13 ----
recipes-core/etc-overlay-fs/files/postinst | 4 --
.../cip-core-initramfs/cip-core-initramfs.bb | 2 +-
.../{initramfs.lsblk.hook => abrootfs.hook} | 11 +---
.../files/abrootfs.script | 66 +++++++++++++++++++
.../files/initramfs.image_uuid.hook | 33 ----------
.../initramfs-abrootfs-hook/files/postinst | 6 --
.../initramfs-abrootfs-hook_0.1.bb | 41 +++++++-----
.../files/etc-overlay.script | 24 +++++++
.../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++
wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +-
20 files changed, 156 insertions(+), 148 deletions(-)
delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
delete mode 100755 recipes-core/etc-overlay-fs/files/postinst
rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%)
create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook
delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script
create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb
--
2.34.1
^ permalink raw reply [flat|nested] 6+ messages in thread* [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* 2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka @ 2022-04-21 11:52 ` Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka 2 siblings, 0 replies; 6+ messages in thread From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw) To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm From: Jan Kiszka <jan.kiszka@siemens.com> "rw" is meaningless and misleading for the read-only rootfs we have. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> --- wic/qemu-amd64-efibootguard-secureboot.wks.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in index 54f7143..affa299 100644 --- a/wic/qemu-amd64-efibootguard-secureboot.wks.in +++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in @@ -12,4 +12,4 @@ part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G part /var --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/var --fstype=ext4 --label var --align 1024 --size 2G -bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait rw earlyprintk" +bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk" -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe 2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka @ 2022-04-21 11:52 ` Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka 2 siblings, 0 replies; 6+ messages in thread From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw) To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm From: Jan Kiszka <jan.kiszka@siemens.com> This unifies the pattern we generate initramfs images for non-secure and secure SWUpdate images. Besides cleaning up the related abrootfs selection hook, the unification is a precondition for adding another initramfs recipe later that will be shared between both image types The pattern followed in the new initramfs-abrootfs-hook script is now similar to initramfs-verity-hook: a local-top hook is used, rather than a patch for Debian's local script. This hook looks for the matching rootfs by read-only mounting candidates, comparing the contained UUID against the one stored in the initramfs, unmounting again, and then setting the ROOT variable on match. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> --- classes/image_uuid.bbclass | 6 +- classes/secure-wic-swu-img.bbclass | 4 -- classes/wic-swu-img.bbclass | 6 ++ kas/opt/ebg-secure-boot-snakeoil.yml | 1 + kas/opt/ebg-swu.yml | 2 +- .../cip-core-initramfs/cip-core-initramfs.bb | 4 -- .../{initramfs.lsblk.hook => abrootfs.hook} | 11 +--- .../files/abrootfs.script | 66 +++++++++++++++++++ .../files/initramfs.image_uuid.hook | 33 ---------- .../initramfs-abrootfs-hook/files/postinst | 6 -- .../initramfs-abrootfs-hook_0.1.bb | 41 +++++++----- 11 files changed, 104 insertions(+), 76 deletions(-) rename recipes-initramfs/initramfs-abrootfs-hook/files/{initramfs.lsblk.hook => abrootfs.hook} (62%) create mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook delete mode 100644 recipes-initramfs/initramfs-abrootfs-hook/files/postinst diff --git a/classes/image_uuid.bbclass b/classes/image_uuid.bbclass index 2813ed9..7294eb3 100644 --- a/classes/image_uuid.bbclass +++ b/classes/image_uuid.bbclass @@ -1,10 +1,11 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2022 # # Authors: # Quirin Gylstorff <quirin.gylstorff@siemens.com> +# Jan Kiszka <jan.kiszka@siemens.com> # # SPDX-License-Identifier: MIT # @@ -27,7 +28,6 @@ do_generate_image_uuid() { sudo tee -a '${IMAGE_ROOTFS}/etc/os-release' image_do_mounts - # update initramfs to add uuid - sudo chroot '${IMAGE_ROOTFS}' update-initramfs -u + echo "TARGET_IMAGE_UUID=\"${IMAGE_UUID}\"" > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.uuid.env" } addtask generate_image_uuid before do_copy_boot_files after do_rootfs_install diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass index 85342fe..5e8e48a 100644 --- a/classes/secure-wic-swu-img.bbclass +++ b/classes/secure-wic-swu-img.bbclass @@ -9,10 +9,6 @@ # SPDX-License-Identifier: MIT # -INITRAMFS_RECIPE ?= "cip-core-initramfs" -do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build" -INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" - inherit verity-img inherit wic-swu-img diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass index 231b249..b93a96a 100644 --- a/classes/wic-swu-img.bbclass +++ b/classes/wic-swu-img.bbclass @@ -16,6 +16,12 @@ inherit wic-img inherit swupdate-img IMAGE_INSTALL += "etc-overlay-fs" + +INITRAMFS_RECIPE ?= "cip-core-initramfs" +INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" + +do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build" + IMAGE_INSTALL += "home-fs" IMAGE_INSTALL += "tmp-fs" diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml index 14a5d6a..b329f41 100644 --- a/kas/opt/ebg-secure-boot-snakeoil.yml +++ b/kas/opt/ebg-secure-boot-snakeoil.yml @@ -25,6 +25,7 @@ local_conf_header: secure-boot-image: | IMAGE_FSTYPES = "secure-wic-swu-img" WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in" + INITRAMFS_INSTALL_append = " initramfs-verity-hook" secure-boot: | # Add snakeoil binaries for qemu diff --git a/kas/opt/ebg-swu.yml b/kas/opt/ebg-swu.yml index d811929..5e4e771 100644 --- a/kas/opt/ebg-swu.yml +++ b/kas/opt/ebg-swu.yml @@ -17,7 +17,7 @@ header: local_conf_header: initramfs: | - IMAGE_INSTALL += "initramfs-abrootfs-hook" + INITRAMFS_INSTALL_append = " initramfs-abrootfs-hook" image-option-uuid: | CIP_IMAGE_OPTIONS_append = " image-uuid.inc" diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb index 825fb9f..649daa2 100644 --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb @@ -10,7 +10,3 @@ # inherit initramfs - -INITRAMFS_INSTALL += " \ - initramfs-verity-hook \ - " diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook similarity index 62% rename from recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook rename to recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook index cf32404..bacbc2e 100644 --- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.lsblk.hook +++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.hook @@ -1,9 +1,8 @@ -# This software is a part of ISAR. -# Copyright (C) Siemens AG, 2020 +#!/bin/sh +# Copyright (C) Siemens AG, 2020-2022 # # SPDX-License-Identifier: MIT -#!/bin/sh PREREQ="" prereqs() @@ -21,9 +20,5 @@ esac . /usr/share/initramfs-tools/scripts/functions . /usr/share/initramfs-tools/hook-functions -if [ ! -x /usr/bin/lsblk ]; then - echo "Warning: couldn't find /usr/bin/lsblk!" - exit 0 -fi - copy_exec /usr/bin/lsblk +copy_file library /usr/share/abrootfs/image-uuid.env /usr/share/abrootfs/image-uuid.env diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script new file mode 100644 index 0000000..b61fe30 --- /dev/null +++ b/recipes-initramfs/initramfs-abrootfs-hook/files/abrootfs.script @@ -0,0 +1,66 @@ +#!/bin/sh +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2020-2022 +# +# Authors: +# Jan Kiszka <jan.kiszka@siemens.com> +# +# SPDX-License-Identifier: MIT + +prereqs() +{ + # Make sure that this script is run last in local-top + local req + for req in "${0%/*}"/*; do + script="${req##*/}" + if [ "$script" != "${0##*/}" ]; then + printf '%s\n' "$script" + fi + done +} +case $1 in +prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions +. /usr/share/abrootfs/image-uuid.env + +# Even if this script fails horribly, make sure there won't be a chance the +# current $ROOT will be attempted. As this device most likely contains a +# perfectly valid filesystem, it would be mounted successfully, leading to a +# broken boot. +echo "ROOT=/dev/null" >/conf/param.conf +wait_for_udev 10 +case "$ROOT" in + PART*) + # root was given as PARTUUID= or PARTLABEL=. Use blkid to find the matching + # partition + ROOT=$(blkid --list-one --output device --match-token "$ROOT") + ;; + "") + # No Root device was given. Use find the matching IMAGE_UUID + partitions=$(blkid -o device) + for part in $partitions; do + if [ "$(blkid -p ${part} --match-types novfat -s USAGE -o value)" = "filesystem" ]; then + mount -o ro -t $(get_fstype $part) $part ${rootmnt} + . ${rootmnt}/etc/os-release + umount ${rootmnt} + if [ "${IMAGE_UUID}" = "${TARGET_IMAGE_UUID}" ]; then + ROOT="$part" + break + fi + fi + done + ;; +esac + +if [ -z "${ROOT}" ]; then + panic "Can't find the root device with matching UUID!" +fi + +echo "ROOT=${ROOT}" >/conf/param.conf diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook b/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook deleted file mode 100644 index 910ce84..0000000 --- a/recipes-initramfs/initramfs-abrootfs-hook/files/initramfs.image_uuid.hook +++ /dev/null @@ -1,33 +0,0 @@ -# This software is a part of ISAR. -# Copyright (C) Siemens AG, 2020 -# -# SPDX-License-Identifier: MIT - -#!/bin/sh -set -x -PREREQ="" - -prereqs() -{ - echo "$PREREQ" -} - -case $1 in -prereqs) - prereqs - exit 0 - ;; -esac - -. /usr/share/initramfs-tools/scripts/functions -. /usr/share/initramfs-tools/hook-functions - -if [ ! -e /etc/os-release ]; then - echo "Warning: couldn't find /etc/os-release!" - exit 0 -fi - -IMAGE_UUID=$(sed -n 's/^IMAGE_UUID="\(.*\)"/\1/p' /etc/os-release) -echo "${IMAGE_UUID}" > "${DESTDIR}/conf/image_uuid" - -exit 0 \ No newline at end of file diff --git a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst b/recipes-initramfs/initramfs-abrootfs-hook/files/postinst deleted file mode 100644 index e065524..0000000 --- a/recipes-initramfs/initramfs-abrootfs-hook/files/postinst +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -# patch local script -patch -s -p0 /usr/share/initramfs-tools/scripts/local /usr/share/initramfs-abrootfs-hook/debian-local.patch - -update-initramfs -v -u diff --git a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb index 9c1776a..1693e85 100644 --- a/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb +++ b/recipes-initramfs/initramfs-abrootfs-hook/initramfs-abrootfs-hook_0.1.bb @@ -1,33 +1,40 @@ # # CIP Core, generic profile # -# Copyright (c) Siemens AG, 2020 +# Copyright (c) Siemens AG, 2020-2022 # # Authors: # Quirin Gylstorff <quirin.gylstorff@siemens.com> +# Jan Kiszka <jan.kiszka@siemens.com> # # SPDX-License-Identifier: MIT inherit dpkg-raw -DEBIAN_DEPENDS += ", busybox, patch" +DEBIAN_DEPENDS = "initramfs-tools" -SRC_URI += "file://postinst \ - file://initramfs.lsblk.hook \ - file://initramfs.image_uuid.hook \ - file://debian-local-patch" +SRC_URI += "file://abrootfs.hook \ + file://abrootfs.script" + +ABROOTFS_IMAGE_RECIPE ?= "cip-core-image" + +IMAGE_UUID_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${ABROOTFS_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.uuid.env" + +do_install[depends] += "${ABROOTFS_IMAGE_RECIPE}:do_generate_image_uuid" +do_install[cleandirs] += " \ + ${D}/usr/share/initramfs-tools/hooks \ + ${D}/usr/share/abrootfs \ + ${D}/usr/share/initramfs-tools/scripts/local-top" do_install() { - # add patch for local to /usr/share/initramfs-abrootfs-hook - TARGET=${D}/usr/share/initramfs-abrootfs-hook - install -m 0755 -d ${TARGET} - install -m 0644 ${WORKDIR}/debian-local-patch ${TARGET}/debian-local.patch - - # add hooks for secure boot - HOOKS=${D}/etc/initramfs-tools/hooks - install -m 0755 -d ${HOOKS} - install -m 0740 ${WORKDIR}/initramfs.lsblk.hook ${HOOKS}/lsblk.hook - install -m 0740 ${WORKDIR}/initramfs.image_uuid.hook ${HOOKS}/image_uuid.hook + if [ -f "${IMAGE_UUID_ENV_FILE}" ]; then + install -m 0600 "${IMAGE_UUID_ENV_FILE}" "${D}/usr/share/abrootfs/image-uuid.env" + else + bberror "Did not find ${IMAGE_UUID_ENV_FILE}. initramfs will not be build correctly!" + fi + install -m 0755 "${WORKDIR}/abrootfs.script" \ + "${D}/usr/share/initramfs-tools/scripts/local-top/abrootfs" + install -m 0755 "${WORKDIR}/abrootfs.hook" \ + "${D}/usr/share/initramfs-tools/hooks/abrootfs" } -addtask do_install after do_transform_template -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook 2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka @ 2022-04-21 11:52 ` Jan Kiszka 2022-04-21 13:18 ` Gylstorff Quirin 2 siblings, 1 reply; 6+ messages in thread From: Jan Kiszka @ 2022-04-21 11:52 UTC (permalink / raw) To: cip-dev; +Cc: Quirin Gylstorff, Christian Storm From: Jan Kiszka <jan.kiszka@siemens.com> As systemd is not well prepared for read-only rootfs, specifically /wrt machine-id management and anything that depends on it, it's best to mount the /etc overlay already in the initramfs. This implies that also /var is mounted at that level. We still keep the fstab setup done by wic-swu-img class so that systemd will recognize the rootfs as read-only and not try to remount it rw which will only fail with underlying squashfs. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> --- classes/wic-swu-img.bbclass | 2 -- .../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 ------------------- .../etc-overlay-fs/files/etc-hostname.service | 14 -------- .../files/etc-sshd-regen-keys.conf | 6 ---- .../etc-overlay-fs/files/etc-sysusers.conf | 4 --- recipes-core/etc-overlay-fs/files/etc.mount | 13 -------- recipes-core/etc-overlay-fs/files/postinst | 4 --- .../cip-core-initramfs/cip-core-initramfs.bb | 4 +++ .../files/etc-overlay.script | 24 ++++++++++++++ .../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++ 10 files changed, 55 insertions(+), 75 deletions(-) delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount delete mode 100755 recipes-core/etc-overlay-fs/files/postinst create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass index b93a96a..41b2164 100644 --- a/classes/wic-swu-img.bbclass +++ b/classes/wic-swu-img.bbclass @@ -15,8 +15,6 @@ inherit squashfs-img inherit wic-img inherit swupdate-img -IMAGE_INSTALL += "etc-overlay-fs" - INITRAMFS_RECIPE ?= "cip-core-initramfs" INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb deleted file mode 100644 index 4e2b80b..0000000 --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb +++ /dev/null @@ -1,32 +0,0 @@ -# -# CIP Core, generic profile -# -# Copyright (c) Siemens AG, 2021 -# -# Authors: -# Quirin Gylstorff <quirin.gylstorff@siemens.com> -# -# SPDX-License-Identifier: MIT - -inherit dpkg-raw - -SRC_URI = "file://postinst \ - file://etc.mount \ - file://etc-hostname.service \ - file://etc-sshd-regen-keys.conf \ - file://etc-sysusers.conf" - -do_install[cleandirs]+="${D}/usr/lib/systemd/system \ - ${D}/usr/lib/systemd/system/local-fs.target.wants \ - ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \ - ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \ - ${D}/var/local/etc \ - ${D}/var/local/.atomic \ - " -do_install() { - TARGET=${D}/usr/lib/systemd/system - install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount - install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service - install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf - install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service -} diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service deleted file mode 100644 index 2306b9f..0000000 --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=set hostname /etc overlay-aware -Before=network-pre.target -Wants=network-pre.target -Requires=etc.mount -After=etc.mount - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/hostname --boot --file /etc/hostname - -[Install] -WantedBy=basic.target diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf deleted file mode 100644 index b386c12..0000000 --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -# set hostname /etc overlay-aware -Before=network-pre.target -Wants=network-pre.target -Requires=etc.mount -After=etc.mount diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf deleted file mode 100644 index ad45d7f..0000000 --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Unit] -# make systemd-sysusers /etc overlay aware -Requires=etc.mount -After=etc.mount diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount deleted file mode 100644 index f0ae3c5..0000000 --- a/recipes-core/etc-overlay-fs/files/etc.mount +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Overlay-mount /etc -Requires=var.mount -After=var.mount - -[Mount] -What=overlay -Where=/etc -Type=overlay -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic - -[Install] -WantedBy=local-fs.target diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst deleted file mode 100755 index e436b53..0000000 --- a/recipes-core/etc-overlay-fs/files/postinst +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -deb-systemd-helper enable etc.mount || true -deb-systemd-helper enable etc-hostname.service || true diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb index 649daa2..9e0ee26 100644 --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb @@ -10,3 +10,7 @@ # inherit initramfs + +INITRAMFS_INSTALL += " \ + initramfs-etc-overlay-hook \ + " diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script new file mode 100644 index 0000000..08271cd --- /dev/null +++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script @@ -0,0 +1,24 @@ +#!/bin/sh + +PREREQ="" + +prereqs() +{ + echo "$PREREQ" +} + +case $1 in +# get pre-requisites +prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var ${rootmnt}/var + +mkdir -p ${rootmnt}/var/local/etc +mkdir -p ${rootmnt}/var/local/.atomic +mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb new file mode 100644 index 0000000..19e9261 --- /dev/null +++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb @@ -0,0 +1,27 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2022 +# +# Authors: +# Jan Kiszka <jan.kiszka@siemens.com> +# +# SPDX-License-Identifier: MIT +# + +inherit dpkg-raw + +SRC_URI += " \ + file://etc-overlay.script \ + " + +DEBIAN_DEPENDS = "initramfs-tools" + +do_install[cleandirs] += " \ + ${D}/usr/share/initramfs-tools/hooks \ + ${D}/usr/share/initramfs-tools/scripts/local-bottom" + +do_install() { + install -m 0755 "${WORKDIR}/etc-overlay.script" \ + "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay" +} -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook 2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka @ 2022-04-21 13:18 ` Gylstorff Quirin 2022-04-21 13:38 ` Jan Kiszka 0 siblings, 1 reply; 6+ messages in thread From: Gylstorff Quirin @ 2022-04-21 13:18 UTC (permalink / raw) To: Jan Kiszka, cip-dev; +Cc: Christian Storm On 4/21/22 13:52, Jan Kiszka wrote: > From: Jan Kiszka <jan.kiszka@siemens.com> > > As systemd is not well prepared for read-only rootfs, specifically /wrt > machine-id management and anything that depends on it, it's best to > mount the /etc overlay already in the initramfs. This implies that also > /var is mounted at that level. We still keep the fstab setup done by > wic-swu-img class so that systemd will recognize the rootfs as read-only > and not try to remount it rw which will only fail with underlying > squashfs. > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > --- > classes/wic-swu-img.bbclass | 2 -- > .../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 ------------------- > .../etc-overlay-fs/files/etc-hostname.service | 14 -------- > .../files/etc-sshd-regen-keys.conf | 6 ---- > .../etc-overlay-fs/files/etc-sysusers.conf | 4 --- > recipes-core/etc-overlay-fs/files/etc.mount | 13 -------- > recipes-core/etc-overlay-fs/files/postinst | 4 --- > .../cip-core-initramfs/cip-core-initramfs.bb | 4 +++ > .../files/etc-overlay.script | 24 ++++++++++++++ > .../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++ > 10 files changed, 55 insertions(+), 75 deletions(-) > delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb > delete mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service > delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf > delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf > delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount > delete mode 100755 recipes-core/etc-overlay-fs/files/postinst > create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script > create mode 100644 recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb > > diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass > index b93a96a..41b2164 100644 > --- a/classes/wic-swu-img.bbclass > +++ b/classes/wic-swu-img.bbclass > @@ -15,8 +15,6 @@ inherit squashfs-img > inherit wic-img > inherit swupdate-img > > -IMAGE_INSTALL += "etc-overlay-fs" > - > INITRAMFS_RECIPE ?= "cip-core-initramfs" > INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" > > diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb > deleted file mode 100644 > index 4e2b80b..0000000 > --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb > +++ /dev/null > @@ -1,32 +0,0 @@ > -# > -# CIP Core, generic profile > -# > -# Copyright (c) Siemens AG, 2021 > -# > -# Authors: > -# Quirin Gylstorff <quirin.gylstorff@siemens.com> > -# > -# SPDX-License-Identifier: MIT > - > -inherit dpkg-raw > - > -SRC_URI = "file://postinst \ > - file://etc.mount \ > - file://etc-hostname.service \ > - file://etc-sshd-regen-keys.conf \ > - file://etc-sysusers.conf" > - > -do_install[cleandirs]+="${D}/usr/lib/systemd/system \ > - ${D}/usr/lib/systemd/system/local-fs.target.wants \ > - ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \ > - ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \ > - ${D}/var/local/etc \ > - ${D}/var/local/.atomic \ > - " > -do_install() { > - TARGET=${D}/usr/lib/systemd/system > - install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount > - install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service > - install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf > - install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service > -} > diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service > deleted file mode 100644 > index 2306b9f..0000000 > --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service > +++ /dev/null > @@ -1,14 +0,0 @@ > -[Unit] > -Description=set hostname /etc overlay-aware > -Before=network-pre.target > -Wants=network-pre.target > -Requires=etc.mount > -After=etc.mount > - > -[Service] > -Type=oneshot > -RemainAfterExit=yes > -ExecStart=/bin/hostname --boot --file /etc/hostname > - > -[Install] > -WantedBy=basic.target > diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf > deleted file mode 100644 > index b386c12..0000000 > --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf > +++ /dev/null > @@ -1,6 +0,0 @@ > -[Unit] > -# set hostname /etc overlay-aware > -Before=network-pre.target > -Wants=network-pre.target > -Requires=etc.mount > -After=etc.mount > diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf > deleted file mode 100644 > index ad45d7f..0000000 > --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf > +++ /dev/null > @@ -1,4 +0,0 @@ > -[Unit] > -# make systemd-sysusers /etc overlay aware > -Requires=etc.mount > -After=etc.mount > diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount > deleted file mode 100644 > index f0ae3c5..0000000 > --- a/recipes-core/etc-overlay-fs/files/etc.mount > +++ /dev/null > @@ -1,13 +0,0 @@ > -[Unit] > -Description=Overlay-mount /etc > -Requires=var.mount > -After=var.mount > - > -[Mount] > -What=overlay > -Where=/etc > -Type=overlay > -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic > - > -[Install] > -WantedBy=local-fs.target > diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst > deleted file mode 100755 > index e436b53..0000000 > --- a/recipes-core/etc-overlay-fs/files/postinst > +++ /dev/null > @@ -1,4 +0,0 @@ > -#!/bin/sh > - > -deb-systemd-helper enable etc.mount || true > -deb-systemd-helper enable etc-hostname.service || true > diff --git a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb > index 649daa2..9e0ee26 100644 > --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb > +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb > @@ -10,3 +10,7 @@ > # > > inherit initramfs > + > +INITRAMFS_INSTALL += " \ > + initramfs-etc-overlay-hook \ > + " > diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script > new file mode 100644 > index 0000000..08271cd > --- /dev/null > +++ b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script > @@ -0,0 +1,24 @@ > +#!/bin/sh > + > +PREREQ="" > + > +prereqs() > +{ > + echo "$PREREQ" > +} > + > +case $1 in > +# get pre-requisites > +prereqs) > + prereqs > + exit 0 > + ;; > +esac > + > +. /scripts/functions > + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var ${rootmnt}/var should there be a check for existence for /dev/disk/by-label/var? > + > +mkdir -p ${rootmnt}/var/local/etc > +mkdir -p ${rootmnt}/var/local/.atomic > +mount -t overlay -o lowerdir=${rootmnt}/etc,upperdir=${rootmnt}/var/local/etc,workdir=${rootmnt}/var/local/.atomic overlay ${rootmnt}/etc > diff --git a/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb > new file mode 100644 > index 0000000..19e9261 > --- /dev/null > +++ b/recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb > @@ -0,0 +1,27 @@ > +# > +# CIP Core, generic profile > +# > +# Copyright (c) Siemens AG, 2022 > +# > +# Authors: > +# Jan Kiszka <jan.kiszka@siemens.com> > +# > +# SPDX-License-Identifier: MIT > +# > + > +inherit dpkg-raw > + > +SRC_URI += " \ > + file://etc-overlay.script \ > + " > + > +DEBIAN_DEPENDS = "initramfs-tools" > + > +do_install[cleandirs] += " \ > + ${D}/usr/share/initramfs-tools/hooks \ > + ${D}/usr/share/initramfs-tools/scripts/local-bottom" > + > +do_install() { > + install -m 0755 "${WORKDIR}/etc-overlay.script" \ > + "${D}/usr/share/initramfs-tools/scripts/local-bottom/etc-overlay" > +} Quirin ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook 2022-04-21 13:18 ` Gylstorff Quirin @ 2022-04-21 13:38 ` Jan Kiszka 0 siblings, 0 replies; 6+ messages in thread From: Jan Kiszka @ 2022-04-21 13:38 UTC (permalink / raw) To: Gylstorff Quirin, cip-dev; +Cc: Christian Storm On 21.04.22 15:18, Gylstorff Quirin wrote: > > > On 4/21/22 13:52, Jan Kiszka wrote: >> From: Jan Kiszka <jan.kiszka@siemens.com> >> >> As systemd is not well prepared for read-only rootfs, specifically /wrt >> machine-id management and anything that depends on it, it's best to >> mount the /etc overlay already in the initramfs. This implies that also >> /var is mounted at that level. We still keep the fstab setup done by >> wic-swu-img class so that systemd will recognize the rootfs as read-only >> and not try to remount it rw which will only fail with underlying >> squashfs. >> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> >> --- >> classes/wic-swu-img.bbclass | 2 -- >> .../etc-overlay-fs/etc-overlay-fs_0.1.bb | 32 ------------------- >> .../etc-overlay-fs/files/etc-hostname.service | 14 -------- >> .../files/etc-sshd-regen-keys.conf | 6 ---- >> .../etc-overlay-fs/files/etc-sysusers.conf | 4 --- >> recipes-core/etc-overlay-fs/files/etc.mount | 13 -------- >> recipes-core/etc-overlay-fs/files/postinst | 4 --- >> .../cip-core-initramfs/cip-core-initramfs.bb | 4 +++ >> .../files/etc-overlay.script | 24 ++++++++++++++ >> .../initramfs-etc-overlay-hook_0.1.bb | 27 ++++++++++++++++ >> 10 files changed, 55 insertions(+), 75 deletions(-) >> delete mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb >> delete mode 100644 >> recipes-core/etc-overlay-fs/files/etc-hostname.service >> delete mode 100644 >> recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf >> delete mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf >> delete mode 100644 recipes-core/etc-overlay-fs/files/etc.mount >> delete mode 100755 recipes-core/etc-overlay-fs/files/postinst >> create mode 100644 >> recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script >> create mode 100644 >> recipes-initramfs/initramfs-etc-overlay-hook/initramfs-etc-overlay-hook_0.1.bb >> >> >> diff --git a/classes/wic-swu-img.bbclass b/classes/wic-swu-img.bbclass >> index b93a96a..41b2164 100644 >> --- a/classes/wic-swu-img.bbclass >> +++ b/classes/wic-swu-img.bbclass >> @@ -15,8 +15,6 @@ inherit squashfs-img >> inherit wic-img >> inherit swupdate-img >> -IMAGE_INSTALL += "etc-overlay-fs" >> - >> INITRAMFS_RECIPE ?= "cip-core-initramfs" >> INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" >> diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb >> b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb >> deleted file mode 100644 >> index 4e2b80b..0000000 >> --- a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb >> +++ /dev/null >> @@ -1,32 +0,0 @@ >> -# >> -# CIP Core, generic profile >> -# >> -# Copyright (c) Siemens AG, 2021 >> -# >> -# Authors: >> -# Quirin Gylstorff <quirin.gylstorff@siemens.com> >> -# >> -# SPDX-License-Identifier: MIT >> - >> -inherit dpkg-raw >> - >> -SRC_URI = "file://postinst \ >> - file://etc.mount \ >> - file://etc-hostname.service \ >> - file://etc-sshd-regen-keys.conf \ >> - file://etc-sysusers.conf" >> - >> -do_install[cleandirs]+="${D}/usr/lib/systemd/system \ >> - >> ${D}/usr/lib/systemd/system/local-fs.target.wants \ >> - >> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \ >> - >> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \ >> - ${D}/var/local/etc \ >> - ${D}/var/local/.atomic \ >> - " >> -do_install() { >> - TARGET=${D}/usr/lib/systemd/system >> - install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount >> - install -m 0644 ${WORKDIR}/etc-hostname.service >> ${TARGET}/etc-hostname.service >> - install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf >> ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf >> >> - install -m 0644 ${WORKDIR}/etc-sysusers.conf >> ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service >> >> -} >> diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service >> b/recipes-core/etc-overlay-fs/files/etc-hostname.service >> deleted file mode 100644 >> index 2306b9f..0000000 >> --- a/recipes-core/etc-overlay-fs/files/etc-hostname.service >> +++ /dev/null >> @@ -1,14 +0,0 @@ >> -[Unit] >> -Description=set hostname /etc overlay-aware >> -Before=network-pre.target >> -Wants=network-pre.target >> -Requires=etc.mount >> -After=etc.mount >> - >> -[Service] >> -Type=oneshot >> -RemainAfterExit=yes >> -ExecStart=/bin/hostname --boot --file /etc/hostname >> - >> -[Install] >> -WantedBy=basic.target >> diff --git >> a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf >> b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf >> deleted file mode 100644 >> index b386c12..0000000 >> --- a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf >> +++ /dev/null >> @@ -1,6 +0,0 @@ >> -[Unit] >> -# set hostname /etc overlay-aware >> -Before=network-pre.target >> -Wants=network-pre.target >> -Requires=etc.mount >> -After=etc.mount >> diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf >> b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf >> deleted file mode 100644 >> index ad45d7f..0000000 >> --- a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf >> +++ /dev/null >> @@ -1,4 +0,0 @@ >> -[Unit] >> -# make systemd-sysusers /etc overlay aware >> -Requires=etc.mount >> -After=etc.mount >> diff --git a/recipes-core/etc-overlay-fs/files/etc.mount >> b/recipes-core/etc-overlay-fs/files/etc.mount >> deleted file mode 100644 >> index f0ae3c5..0000000 >> --- a/recipes-core/etc-overlay-fs/files/etc.mount >> +++ /dev/null >> @@ -1,13 +0,0 @@ >> -[Unit] >> -Description=Overlay-mount /etc >> -Requires=var.mount >> -After=var.mount >> - >> -[Mount] >> -What=overlay >> -Where=/etc >> -Type=overlay >> -Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic >> >> - >> -[Install] >> -WantedBy=local-fs.target >> diff --git a/recipes-core/etc-overlay-fs/files/postinst >> b/recipes-core/etc-overlay-fs/files/postinst >> deleted file mode 100755 >> index e436b53..0000000 >> --- a/recipes-core/etc-overlay-fs/files/postinst >> +++ /dev/null >> @@ -1,4 +0,0 @@ >> -#!/bin/sh >> - >> -deb-systemd-helper enable etc.mount || true >> -deb-systemd-helper enable etc-hostname.service || true >> diff --git >> a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb >> b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb >> index 649daa2..9e0ee26 100644 >> --- a/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb >> +++ b/recipes-initramfs/cip-core-initramfs/cip-core-initramfs.bb >> @@ -10,3 +10,7 @@ >> # >> inherit initramfs >> + >> +INITRAMFS_INSTALL += " \ >> + initramfs-etc-overlay-hook \ >> + " >> diff --git >> a/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script >> >> new file mode 100644 >> index 0000000..08271cd >> --- /dev/null >> +++ >> b/recipes-initramfs/initramfs-etc-overlay-hook/files/etc-overlay.script >> @@ -0,0 +1,24 @@ >> +#!/bin/sh >> + >> +PREREQ="" >> + >> +prereqs() >> +{ >> + echo "$PREREQ" >> +} >> + >> +case $1 in >> +# get pre-requisites >> +prereqs) >> + prereqs >> + exit 0 >> + ;; >> +esac >> + >> +. /scripts/functions >> + > +mount -t $(get_fstype /dev/disk/by-label/var) /dev/disk/by-label/var > ${rootmnt}/var > > should there be a check for existence for /dev/disk/by-label/var? > mount will fail - and we likely want to panic in that case, true. Will write a v2 for that. Thanks, Jan -- Siemens AG, Technology Competence Center Embedded Linux ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-04-21 16:46 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-04-21 11:52 [isar-cip-core][PATCH 0/3] Fix read-only rootfs setup /wrt etc overlay Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 1/3] wic: Align kernel command line of qemu-amd64-efibootguard* Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 2/3] initramfs-abrootfs-hook: Convert to an initramfs-class recipe Jan Kiszka 2022-04-21 11:52 ` [isar-cip-core][PATCH 3/3] Convert /etc overlay from systemd mount unit to initramfs hook Jan Kiszka 2022-04-21 13:18 ` Gylstorff Quirin 2022-04-21 13:38 ` Jan Kiszka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox