Re: [PATCH] wic: Prevent duplicate entries on fstab

[Patrick Ohly <patrick.ohly@intel.com>]

On Thu, 2017-03-09 at 18:11 -0300, Otavio Salvador wrote:
> On Mon, Mar 6, 2017 at 4:07 PM, Ed Bartosh <ed.bartosh@linux.intel.com> wrote:
> > On Mon, Mar 06, 2017 at 03:48:00PM -0300, Fabio Berton wrote:
> >> Hi Ed,
> >>
> >> The main motivation to my patch is prevent to duplicate entries. For
> >> example, if I add to my fstab line:
> >>
> >> LABEL=data           /data                auto defaults              0  1
> >>
> >> and add to wsk file:
> >>
> >> part /data --ondisk mmcblk0 --fstype=ext4 --label data --align 8192
> >> --size 500M --extra-space 0
> >>
> >> Final fstab will have two entries for /data.
> > This can be easily avoided if you remove leading slash:
> > part data --ondisk mmcblk0 --fstype=ext4 --label data --align 8192 --size 500M --extra-space 0
> 
> HACK ALERT!
> 
> >> In most Linux distros mount /boot partition, if we have kernel image
> >> or boot script to update we need to mount /boot partition. Why the
> >> reason to not mount /boot?
> >>
> > The code that skips / and /boot was brought to wic codebase more than 4
> > years ago: https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=75c143a7aef46ecea07cf33edd2b1a0192e10149
> >
> > I don't know exact reason to be honest. However, I think we need to be careful with this
> > kind of legacy. It doesn't mean we shouldn't remove it, but it should
> > not be done as a side effect of the patch addressing absolutely
> > different issue, I believe.
> 
> While discussing this with Fabio here, at O.S. Systems, we ended
> agreeing that wic touching the fstab is wrong. The fstab should be
> prepare as part of the image and not mangled during the disk
> generation.

I agree that it is a hack, and I also would prefer to not have wic
modify the existing rootfs. That also breaks when IMA is enabled,
because then the content of the /etc/fstab must match the security.ima
xattr that was calculated for the unmodified content.

However, it's a problem that doesn't have a good solution. The image
recipe which describes what goes into the rootfs and thus determines the
content of /etc/fstab has little control over the IMAGE_FSTYPES - that's
typically set by the BSP or the user.

Suppose IMAGE_FSTYPES = "ext4 wic", and the WKS_FILE has multiple
partitions and thus needs more entries in /etc/fstab than the
single-partition "ext4" - the result of do_rootfs simply cannot work for
both.

Right now, all one can do is assume (or perhaps check) that the right
IMAGE_FSTYPES are set.

> The mangled fstab is disastrous if someone uses an image upgrade. The
> generated tarball or filesystem WILL NOT be the same running on the
> device as wic will add entries.

When do you take a snapshot of the rootfs? Is it as another do_image_*
task, via an IMAGE_FSTYPE entry?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.