From patchwork Tue Feb 11 08:49:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13969940 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA5FCC021A5 for ; Tue, 11 Feb 2025 08:51:38 +0000 (UTC) Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net [185.136.64.228]) by mx.groups.io with SMTP id smtpd.web10.7694.1739263889280019617 for ; Tue, 11 Feb 2025 00:51:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2 header.b=WziA7x5U; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228, mailfrom: fm-51332-20250211085126944fc07bc75e763d48-v_mfq0@rts-flowmailer.siemens.com) Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20250211085126944fc07bc75e763d48 for ; Tue, 11 Feb 2025 09:51:26 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=6HleNXBOZXfF4SbVFskMc1up+/2RPByndKE13VuqYdc=; b=WziA7x5Ug+kHjgQCNBa8dbfjscZqRnWsj0KL4UjHBC7Ecw0eV4xveuAMxepeR4fmECpQr+ j9i4clcnDJO4K8xRbhd4QqFmTksrFvKcrKwy+oGv0SNkRsrvCj2mq5xWCm4DUp3EAD9dioSs 1H/fbYoCOoi6+KqD5qM9EpSalSA8zhSz5vRYHhH+mUy/idbU/iza6C3g+ubXq+AaHVV1OHIH 3cdd5q2pbB7qVp9hjuMPzSDG6l03YXkEr3Ze8HYpAFHt8kpC3GdQmbmhsYzUvs8hDO0xLzUp LG/3ah55WCQiyuucfn10jX5H5Gnh9E7VhdVqoNebd5k7EeQZRMuITj2Q==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][RFC 1/4] read-only-rootfs: Make IMMUTABLE_DATA_DIR configurable Date: Tue, 11 Feb 2025 09:49:08 +0100 Message-ID: <20250211085125.22154-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> References: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 11 Feb 2025 08:51:38 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17808 From: Quirin Gylstorff This allows the user to set the variable IMMUTABLE_DATA_DIR. This allows to set directory as requested by issue #124. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/124 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 4 +++- .../immutable-rootfs/files/immutable-rootfs.tmpfiles | 2 -- .../immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl | 2 ++ recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb | 6 +++++- 4 files changed, 10 insertions(+), 4 deletions(-) delete mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles create mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 35a3ab3..acc04e0 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -28,8 +28,10 @@ IMAGE_INSTALL:remove:bullseye = " immutable-rootfs" ROOTFS_POSTPROCESS_COMMAND:append =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:buster =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:bullseye =" copy_dpkg_state" + +IMMUTABLE_DATA_DIR ??= "usr/share/immutable-data" copy_dpkg_state() { - IMMUTABLE_VAR_LIB="${ROOTFSDIR}/usr/share/immutable-data/var/lib" + IMMUTABLE_VAR_LIB="${ROOTFSDIR}/${IMMUTABLE_DATA_DIR}/var/lib" sudo mkdir -p "$IMMUTABLE_VAR_LIB" sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles deleted file mode 100644 index 2f7c338..0000000 --- a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -L /var/lib/dpkg - - - - /usr/share/immutable-data/var/lib/dpkg -d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl new file mode 100644 index 0000000..de8a238 --- /dev/null +++ b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl @@ -0,0 +1,2 @@ +L /var/lib/dpkg - - - - /${IMMUTABLE_DATA_DIR}/var/lib/dpkg +d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb b/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb index 2dbda6d..c61005c 100644 --- a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb +++ b/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb @@ -15,9 +15,13 @@ inherit dpkg-raw MAINTAINER = "Felix Moessbauer " DESCRIPTION = "Config to link volatile data to immutable copies" -SRC_URI = "file://${BPN}.tmpfiles" +SRC_URI = "file://${BPN}.tmpfiles.tmpl" DPKG_ARCH = "all" +IMMUTABLE_DATA_DIR ??= "usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + do_prepare_build:append() { cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ } From patchwork Tue Feb 11 08:49:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13969941 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D70E8C021A4 for ; Tue, 11 Feb 2025 08:51:38 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.7769.1739263889084463938 for ; Tue, 11 Feb 2025 00:51:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2 header.b=EQzY1toG; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-51332-20250211085126dc479d1daa353746c5-rgxiur@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 20250211085126dc479d1daa353746c5 for ; Tue, 11 Feb 2025 09:51:26 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=rHuDQ4rWIfRzqC9iLwFvRf8swztnstNXfzfDBVdU7J4=; b=EQzY1toGlNwyTbYffPiaAGUqqBq/m4BLuYYL4yKqy1PWF4F58ICPeIL9G6HMWug7svj6cE YAMqY2ER1TkA4E1oZ9ETowpDng0Yzsj68ykAbdkMrMivlE3nKMF3oqDA+EQQ53mJacN6Flbd 2HI/xG0J/g4rqbkJ9jAX4TbgmatV5g7dhhDLjdzj9sD5COtXWwnKr+4B4CxLaWv4HSwNeWj5 mGOFNvlB3oE4hcHsB/z870GMkHJ39BeebUkRB00UIOM2kcsXDEuhLl159S4BFBr+S4mrLBxP 2zkrWFTXnSm2zn6QNNmjii7HX/LFP7lWEppzqozK0X6uycBoDVv3mkvg==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][RFC 2/4] read-only-rootfs: add home partition with a variable Date: Tue, 11 Feb 2025 09:49:09 +0100 Message-ID: <20250211085125.22154-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> References: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 11 Feb 2025 08:51:38 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17804 From: Quirin Gylstorff This allows the user to disable the home partition to simplify the partition layout. Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 1 + wic/bbb-efibootguard.wks.in | 4 ++-- wic/hihope-rzg2m-efibootguard.wks.in | 5 ++--- wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 ++-- wic/qemu-arm64-efibootguard.wks.in | 4 ++-- wic/qemu-riscv64-efibootguard.wks.in | 4 ++-- wic/x86-uefi-efibootguard-secureboot.wks.in | 4 ++-- wic/x86-uefi-efibootguard.wks.in | 5 ++--- 8 files changed, 15 insertions(+), 16 deletions(-) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index acc04e0..99a2909 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -15,6 +15,7 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" IMAGE_INSTALL += "home-fs" +HOME_PARTITION_CMD = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002" IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" diff --git a/wic/bbb-efibootguard.wks.in b/wic/bbb-efibootguard.wks.in index e6c3e15..b5325d4 100644 --- a/wic/bbb-efibootguard.wks.in +++ b/wic/bbb-efibootguard.wks.in @@ -14,8 +14,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0" diff --git a/wic/hihope-rzg2m-efibootguard.wks.in b/wic/hihope-rzg2m-efibootguard.wks.in index fb3f090..8ec6c84 100644 --- a/wic/hihope-rzg2m-efibootguard.wks.in +++ b/wic/hihope-rzg2m-efibootguard.wks.in @@ -6,9 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions - -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt --append="console=tty0 console=ttySC0,115200 rootwait earlyprintk" diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in index 00d627d..ba4619d 100644 --- a/wic/qemu-arm64-efibootguard-secureboot.wks.in +++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt --append="panic=5" diff --git a/wic/qemu-arm64-efibootguard.wks.in b/wic/qemu-arm64-efibootguard.wks.in index 17434d1..c6a0d8b 100644 --- a/wic/qemu-arm64-efibootguard.wks.in +++ b/wic/qemu-arm64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt diff --git a/wic/qemu-riscv64-efibootguard.wks.in b/wic/qemu-riscv64-efibootguard.wks.in index 1a2291e..0f951f2 100644 --- a/wic/qemu-riscv64-efibootguard.wks.in +++ b/wic/qemu-riscv64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt diff --git a/wic/x86-uefi-efibootguard-secureboot.wks.in b/wic/x86-uefi-efibootguard-secureboot.wks.in index 0f4d637..470e783 100644 --- a/wic/x86-uefi-efibootguard-secureboot.wks.in +++ b/wic/x86-uefi-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 panic=5" diff --git a/wic/x86-uefi-efibootguard.wks.in b/wic/x86-uefi-efibootguard.wks.in index 9d344f8..a940f26 100644 --- a/wic/x86-uefi-efibootguard.wks.in +++ b/wic/x86-uefi-efibootguard.wks.in @@ -6,9 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions - -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 +# var is a separate partition +${HOME_PARTITION_CMD} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 " From patchwork Tue Feb 11 08:49:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13969939 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B3F5C021A7 for ; Tue, 11 Feb 2025 08:51:39 +0000 (UTC) Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net [185.136.64.227]) by mx.groups.io with SMTP id smtpd.web10.7693.1739263889172002717 for ; Tue, 11 Feb 2025 00:51:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2 header.b=VkVY6hN4; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.227, mailfrom: fm-51332-20250211085126182583a17dc754aeb5-su4opj@rts-flowmailer.siemens.com) Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20250211085126182583a17dc754aeb5 for ; Tue, 11 Feb 2025 09:51:26 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=kl+6oAG+egWKDdttaMknqUe/abcHGhaxQ2X6KvyI9PY=; b=VkVY6hN4OJHAY5VGtMIDtfVrC4+ByaYxkX3JnxxFXyhitBq8JI7ulZoINXcJjafmW85Ou4 IR/uk1RlXBzc9qXtdy54YLOSMkD3GteHiBJwFIOjR8FQPnWHK85IbDE3X1txudqPhs+8Ljax d8RQZeQtOM/8ycIT/P+q6U3VKv0gQH59fZKrqR87qWbBt5PhR1M/fTfaDl5LA72oeouXpifq Awx6Ad4QWK2ySx+GneTVmvwRyxOOcEE+iyAeBnI/ad7TDU4Xom49L7y9jRpREWGg9UZ+Dxkb EVRrSzT2xdF6GZkHShiKefPBfc/VnHa9CgzoIpx2C3eM8WR3J05yqF8w==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][RFC 3/4] add move-homedir-var package Date: Tue, 11 Feb 2025 09:49:10 +0100 Message-ID: <20250211085125.22154-4-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> References: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 11 Feb 2025 08:51:39 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17805 From: Quirin Gylstorff This creates a tmpfiles to copy /usr/share/immutable-data/home to /var Also the recipe moves /home to /var/home and creates a symbolic link between them. This is prerequisite to move the home partition to /var as requested by issue #123. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- .../files/move-homedir-var.tmpfiles.tmpl | 3 +++ recipes-core/move-homedir-var/files/postinst | 20 ++++++++++++++++ .../move-homedir-var/move-homedir-var_0.1.bb | 24 +++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl create mode 100644 recipes-core/move-homedir-var/files/postinst create mode 100644 recipes-core/move-homedir-var/move-homedir-var_0.1.bb diff --git a/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl new file mode 100644 index 0000000..4dd691d --- /dev/null +++ b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl @@ -0,0 +1,3 @@ +L /home - - - - /var/home +C /var/home - - - - /${IMMUTABLE_DATA_DIR}/home + diff --git a/recipes-core/move-homedir-var/files/postinst b/recipes-core/move-homedir-var/files/postinst new file mode 100644 index 0000000..c2575a5 --- /dev/null +++ b/recipes-core/move-homedir-var/files/postinst @@ -0,0 +1,20 @@ +#!/bin/sh +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# + +set -e + +if [ ! -L /home ]; then + # usermod --move-home can not be used while the target user + # has running processes, also we keep a symlink here + mv /home /var/ + ln -s /var/home /home +fi diff --git a/recipes-core/move-homedir-var/move-homedir-var_0.1.bb b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb new file mode 100644 index 0000000..965de92 --- /dev/null +++ b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb @@ -0,0 +1,24 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT + +inherit dpkg-raw + +DEBIAN_CONFLICTS = "home-fs" +SRC_URI = "file://postinst \ + file://${BPN}.tmpfiles.tmpl" +DPKG_ARCH = "all" + +IMMUTABLE_DATA_DIR ??= "usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + +do_prepare_build:append() { + cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ +} From patchwork Tue Feb 11 08:49:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13969937 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4099C021A1 for ; Tue, 11 Feb 2025 08:51:38 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web11.7771.1739263889339041016 for ; Tue, 11 Feb 2025 00:51:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm2 header.b=RuAZYOpl; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-202502110851271b0200be61c0eb4e0e-jyjlne@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 202502110851271b0200be61c0eb4e0e for ; Tue, 11 Feb 2025 09:51:27 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=l0wpBrT4+8mTFHg21fCgJ1/xfdiCQxMA953gsnz7B84=; b=RuAZYOpllhPWc61Yndp3VdaEPK38Fksy8k3waQwEn7ZCGyBCOMcpO3n5nm0tZ5IwcdtaNt q+HhFXFY/93RDwDknrnQfqtBOjEOoxpsHKECI8JIaeT3JQJ78WwbTe0ZWTyD4Rb3HcuRff9F l60QR3rB5sDwf41QV7etvzSnfAUFr45nGNOs+9HpRgErCUkQouIg/qJ6lEtptoilZQ9Pxu3O +MWsW57eJt8lISBMlnNlQ+fsZXRxF8nrdPXXgcl3/YhaGglsto1l0BueUs/zk/OUxDFQmAI/ gpcsr3NVYDssqEPi12cVFPeFI7Y3Bha95LN0hMmWEx3sN4Pi9Gw4uU7w==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [RFC cip-dev][isar-cip-core][PATCH 4/4] Move content of home to IMMUTABLE_DATA_DIR Date: Tue, 11 Feb 2025 09:49:11 +0100 Message-ID: <20250211085125.22154-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> References: <20250211085125.22154-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 11 Feb 2025 08:51:38 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17807 From: Quirin Gylstorff This reduces the amount of necessary partitions. It also allows to use a A/B-update scheme for the var partition. This fixes issue #123. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 11 +++++++++++ kas/opt/home-to-var.yml | 21 +++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 kas/opt/home-to-var.yml diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 99a2909..c809187 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -17,6 +17,10 @@ do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" IMAGE_INSTALL += "home-fs" HOME_PARTITION_CMD = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002" +HOME_PARTITION_CMD:home-to-var = "" +IMAGE_INSTALL:remove:home-to-var = " home-fs" +IMAGE_INSTALL:append:home-to-var = " move-homedir-var" + IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" IMAGE_INSTALL:append:bookworm = " tmp-fs" @@ -37,6 +41,13 @@ copy_dpkg_state() { sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } +ROOTFS_POSTPROCESS_COMMAND:append:home-to-var =" copy_home_to_immutable_data" +copy_home_to_immutable_data() { + IMMUTABLE_HOME_DIR="${ROOTFSDIR}/${IMMUTABLE_DATA_DIR}/" + sudo mkdir -p "$IMMUTABLE_HOME_DIR" + sudo cp -a ${ROOTFSDIR}/var/home "$IMMUTABLE_HOME_DIR/" +} + RO_ROOTFS_EXCLUDE_DIRS ??= "" EROFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" SQUASHFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" diff --git a/kas/opt/home-to-var.yml b/kas/opt/home-to-var.yml new file mode 100644 index 0000000..c40b4cd --- /dev/null +++ b/kas/opt/home-to-var.yml @@ -0,0 +1,21 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +# This kas file adds swupdate and generates a ${IMAGE_NAME}.swu +# from the first wic partition + +header: + version: 14 + +local_conf_header: + move-home-to-var: | + OVERRIDES .= ":home-to-var" + remove-home-from-crypt: | + CRYPT_PARTITIONS:remove:home-to-var = "home:/home:reencrypt"