From patchwork Wed Mar 5 10:27:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002357 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41BF5C282D9 for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net [185.136.64.226]) by mx.groups.io with SMTP id smtpd.web11.10350.1741170491160672886 for ; Wed, 05 Mar 2025 02:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=A2ZwzTdK; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226, mailfrom: fm-51332-202503051028088e1dac173ad9a4d294-msxxqm@rts-flowmailer.siemens.com) Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 202503051028088e1dac173ad9a4d294 for ; Wed, 05 Mar 2025 11:28:08 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=nHYAPP3CyTaZk6BaGjFPkDA8bXbweSDg3U+tTje8F6Y=; b=A2ZwzTdKcywAX5/O7zKkNtKVhb+kyH3Bb3tBzfhqXrhWlnIIANc58tmAhMeMWtmT9tlt1j Aa2XTfTVT93bQ+G/gPWlwczYxpumws51NmOJH4hFBo9A7CnGqeW3mWYGtnPkLJXVrNAbHUNN vpbiNWS2J9gxxshy0FsClmcGDRU/EkQxABs5rl2VjBsG9pNixwNseztdnak9J8NtrVYOHeuu dilIYQ21UHz9ObZrrU7KsSUFYRD7CwtyDIffnNnsM2CPCMvs2/7Ci8piiU7wT5CwXOCF8TET VhZHHas54kWkjlqeZS+3hUv5YRymjPObWWR1CRaQ2vm9zFhejoyQuDFg==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 1/6] read-only-rootfs: Make IMMUTABLE_DATA_DIR configurable Date: Wed, 5 Mar 2025 11:27:40 +0100 Message-ID: <20250305102807.2614514-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18034 From: Quirin Gylstorff This allows the user to set the variable IMMUTABLE_DATA_DIR. This allows to set directory as requested by issue #124. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/124 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 4 +++- .../immutable-rootfs/files/immutable-rootfs.tmpfiles | 2 -- .../immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl | 2 ++ .../{immutable-rootfs_0.1.bb => immutable-rootfs_0.2.bb} | 6 +++++- 4 files changed, 10 insertions(+), 4 deletions(-) delete mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles create mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl rename recipes-core/immutable-rootfs/{immutable-rootfs_0.1.bb => immutable-rootfs_0.2.bb} (73%) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 35a3ab3..0db398f 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -28,8 +28,10 @@ IMAGE_INSTALL:remove:bullseye = " immutable-rootfs" ROOTFS_POSTPROCESS_COMMAND:append =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:buster =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:bullseye =" copy_dpkg_state" + +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" copy_dpkg_state() { - IMMUTABLE_VAR_LIB="${ROOTFSDIR}/usr/share/immutable-data/var/lib" + IMMUTABLE_VAR_LIB="${ROOTFSDIR}${IMMUTABLE_DATA_DIR}/var/lib" sudo mkdir -p "$IMMUTABLE_VAR_LIB" sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles deleted file mode 100644 index 2f7c338..0000000 --- a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -L /var/lib/dpkg - - - - /usr/share/immutable-data/var/lib/dpkg -d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl new file mode 100644 index 0000000..001dbb1 --- /dev/null +++ b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl @@ -0,0 +1,2 @@ +L /var/lib/dpkg - - - - ${IMMUTABLE_DATA_DIR}/var/lib/dpkg +d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb b/recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb similarity index 73% rename from recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb rename to recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb index 2dbda6d..c847f44 100644 --- a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb +++ b/recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb @@ -15,9 +15,13 @@ inherit dpkg-raw MAINTAINER = "Felix Moessbauer " DESCRIPTION = "Config to link volatile data to immutable copies" -SRC_URI = "file://${BPN}.tmpfiles" +SRC_URI = "file://${BPN}.tmpfiles.tmpl" DPKG_ARCH = "all" +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + do_prepare_build:append() { cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ } From patchwork Wed Mar 5 10:27:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CFC0C282EC for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web11.10349.1741170491075705358 for ; Wed, 05 Mar 2025 02:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=BWY9zcos; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-20250305102808af467bc1d041239cf4-jut411@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20250305102808af467bc1d041239cf4 for ; Wed, 05 Mar 2025 11:28:08 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=fnd2eu8pbRAuhnLyLrlbeVkxG2hZ9AO74XiA5WEtXM8=; b=BWY9zcosIhXoG6gD88kVb4bgkEqyBkRTV+fL8UUInsmOHGzv9Ha2Mhw26qq99DJoyIRUN+ v85meVKYfwPi9X21bZtjubC/w2MA4an/tKKGImmKKMbmLMVL1gZiMzjTuTpdJAO7hbrWIuTw eI3RRjdU0+KVHhnuZZMq/TntgtCG+G42ZpcFbw/3CFsS0Oq7K2ehUmweIOwIQE1rfrqmw9OQ X1JX0Yc2o/snLiwd1SC7fZE/ctWshuazyRAmXapHd/qAs7S0Se844rmGPpFAz2lIoyNrvA96 Mh7T/1Q00xQ8Qi9aEXs2Hd4H/gXm1QbKFLAg+9tLm/l6S80ZK7hQGiVA==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 2/6] read-only-rootfs: add home partition with a variable Date: Wed, 5 Mar 2025 11:27:41 +0100 Message-ID: <20250305102807.2614514-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18038 From: Quirin Gylstorff This allows the user to disable the home partition to simplify the partition layout. Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 1 + wic/bbb-efibootguard.wks.in | 4 ++-- wic/hihope-rzg2m-efibootguard.wks.in | 5 ++--- wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 ++-- wic/qemu-arm64-efibootguard.wks.in | 4 ++-- wic/qemu-riscv64-efibootguard.wks.in | 4 ++-- wic/x86-uefi-efibootguard-secureboot.wks.in | 4 ++-- wic/x86-uefi-efibootguard.wks.in | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 0db398f..0c8ae24 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -15,6 +15,7 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" IMAGE_INSTALL += "home-fs" +WIC_HOME_PARTITION = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" diff --git a/wic/bbb-efibootguard.wks.in b/wic/bbb-efibootguard.wks.in index 6c30a8a..c623623 100644 --- a/wic/bbb-efibootguard.wks.in +++ b/wic/bbb-efibootguard.wks.in @@ -14,8 +14,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 9947ed57-102f-4038-880c-9cf5cacaf153 bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0" diff --git a/wic/hihope-rzg2m-efibootguard.wks.in b/wic/hihope-rzg2m-efibootguard.wks.in index 311fbd0..9df0de5 100644 --- a/wic/hihope-rzg2m-efibootguard.wks.in +++ b/wic/hihope-rzg2m-efibootguard.wks.in @@ -6,9 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions - -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 43a29d19-005f-49d9-9108-51ad0861d724 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 7e20a7d5-5578-4ced-a7f1-5ee494dbaf72 bootloader --ptable gpt --append="console=tty0 console=ttySC0,115200 rootwait earlyprintk" diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in index 955a6b6..7ff7068 100644 --- a/wic/qemu-arm64-efibootguard-secureboot.wks.in +++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid e869413d-dc84-4822-b50d-00c5aab7d6fc +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 815406da-387f-4e89-a0fb-6e617605c8c3 bootloader --ptable gpt --append="panic=5" diff --git a/wic/qemu-arm64-efibootguard.wks.in b/wic/qemu-arm64-efibootguard.wks.in index ce6253e..38db84b 100644 --- a/wic/qemu-arm64-efibootguard.wks.in +++ b/wic/qemu-arm64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 7346faa7-d6d4-49fa-a03e-82ee469cb1e5 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 423f0a2e-b9b3-4615-85be-2a4261fa32d9 bootloader --ptable gpt diff --git a/wic/qemu-riscv64-efibootguard.wks.in b/wic/qemu-riscv64-efibootguard.wks.in index 1166ea1..6423bf4 100644 --- a/wic/qemu-riscv64-efibootguard.wks.in +++ b/wic/qemu-riscv64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid e578254c-bd99-4442-bc51-4935cd0ef522 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 0209689d-672f-4254-8b92-566d6d9fd1ae bootloader --ptable gpt diff --git a/wic/x86-uefi-efibootguard-secureboot.wks.in b/wic/x86-uefi-efibootguard-secureboot.wks.in index 71b0103..d7b5cbd 100644 --- a/wic/x86-uefi-efibootguard-secureboot.wks.in +++ b/wic/x86-uefi-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 94593121-6f5f-4b04-98db-39aace692682 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 686a2e06-7f96-495b-beac-1731cb98eb0e bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 panic=5" diff --git a/wic/x86-uefi-efibootguard.wks.in b/wic/x86-uefi-efibootguard.wks.in index 962eaac..380e828 100644 --- a/wic/x86-uefi-efibootguard.wks.in +++ b/wic/x86-uefi-efibootguard.wks.in @@ -6,9 +6,9 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid f12faa7c-a9ef-4b3f-b63d-1c74bd5c2b1c +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid be5ae5e0-91d3-46ec-a7f7-c1ebfc0a7c28 bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 " From patchwork Wed Mar 5 10:27:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 687FDC28B22 for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net [185.136.64.226]) by mx.groups.io with SMTP id smtpd.web10.10445.1741170491179514611 for ; Wed, 05 Mar 2025 02:28:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=OWEsxdov; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226, mailfrom: fm-51332-202503051028084583d8a8c45407a6ad-krie_6@rts-flowmailer.siemens.com) Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 202503051028084583d8a8c45407a6ad for ; Wed, 05 Mar 2025 11:28:08 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=ybGc/jMJ37jlEN0Iz4Q9OTgDghwOVjLn3UkN3xc3wmA=; b=OWEsxdov0sv3HEtui9MF5Y04usHeD4XOU2W5mPeQNDG0xQezpWXHflT5jUB5Yh7u6ruISI 4CBnS/IFRQk75iUxElU1Y1VQJOw3UgwY/q2rgVE+yMcVtqddMHAjT3AJM20el9gTTD408m5G FFz7uTDDfvG1lW01cbYbdS5LSJmB9zKkQgNaEp2P0JEd1LRkzitYoFN6QRxY5xvFpEfxZLV/ 3Tr9JVE+Y+WhkA/rj/qfp8pY38R2SOAIPT8XVElABL21bkGSynCxy6+M8rms782kg5oApDNB QVCqKUmqw1WZMfnk9mpndnatMiZW5gGR9YD7kr3eEVmBbyxsFeuxHrTA==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 3/6] add move-homedir-var package Date: Wed, 5 Mar 2025 11:27:42 +0100 Message-ID: <20250305102807.2614514-4-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18040 From: Quirin Gylstorff This creates a tmpfiles to copy /usr/share/immutable-data/home to /var. Also the recipe moves /home to /var/home and creates a symbolic link between them. This is prerequisite to move the home partition to /var as requested by issue #123. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- .../files/move-homedir-var.tmpfiles.tmpl | 3 +++ .../move-homedir-var/move-homedir-var_0.1.bb | 23 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl create mode 100644 recipes-core/move-homedir-var/move-homedir-var_0.1.bb diff --git a/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl new file mode 100644 index 0000000..8a3e535 --- /dev/null +++ b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl @@ -0,0 +1,3 @@ +L /home - - - - /var/home +C /var/home - - - - ${IMMUTABLE_DATA_DIR}/home + diff --git a/recipes-core/move-homedir-var/move-homedir-var_0.1.bb b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb new file mode 100644 index 0000000..8848df6 --- /dev/null +++ b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb @@ -0,0 +1,23 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT + +inherit dpkg-raw + +DEBIAN_CONFLICTS = "home-fs" +SRC_URI = "file://${BPN}.tmpfiles.tmpl" +DPKG_ARCH = "all" + +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + +do_prepare_build:append() { + cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ +} From patchwork Wed Mar 5 10:27:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002358 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41BB2C19F32 for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.10353.1741170491589976520 for ; Wed, 05 Mar 2025 02:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=bRgvFFsF; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-51332-2025030510280935a26166f0f3ddb9f2-3gdp7x@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 2025030510280935a26166f0f3ddb9f2 for ; Wed, 05 Mar 2025 11:28:09 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=ChgNhI75iMWBUuVZq7Vqv8F55jjFE0fX9jyhiCRLcWY=; b=bRgvFFsFGFEwzrdF8HNZcflaZI2AF1JF1DHS4OGeUHZNZeNOEsT6fh+fUnWgV7SMJxQFmz 2e9uPEAW7fClF1KwDFeiwhEPunhgZ/jYUzUr4DojZ9k8TcA7bKrbNthX3o6KJKB95hFRlBDu SIchsHflqRZFPRpuZFCrRs3uM4PIGAnBkxCXJ3KmGIwc5FVvM8XOS8dyzVu01aAAxXKx/AAR wwTcb6F4YuYPtfZNVUZEqNsGCjMahXi1TXfrGT+iU7WSk5+XG+sAQSfT+G2vbfJNrEScmqsw jw6KfRazIFTfx/QOpfip7sYfADqAzFiN1deY4ahsAEpOMpK9FdSH9rvw==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 4/6] Move content of home to IMMUTABLE_DATA_DIR Date: Wed, 5 Mar 2025 11:27:43 +0100 Message-ID: <20250305102807.2614514-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18039 From: Quirin Gylstorff This reduces the amount of necessary partitions. It also simplifies possible update strategies for the persistent partitions, e.g. for the `A/B snapshot support for persistent /var` [1]. This fixes issue #123. [1]: https://lists.cip-project.org/g/cip-dev/message/17703. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 19 +++++++++++++++-- kas/opt/encrypt-all.yml | 2 +- kas/opt/separate-home-partition.yml | 21 +++++++++++++++++++ ...ook_0.6.bb => initramfs-crypt-hook_0.7.bb} | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 kas/opt/separate-home-partition.yml rename recipes-initramfs/initramfs-crypt-hook/{initramfs-crypt-hook_0.6.bb => initramfs-crypt-hook_0.7.bb} (98%) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 0c8ae24..4e70d81 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -14,8 +14,12 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" -IMAGE_INSTALL += "home-fs" -WIC_HOME_PARTITION = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" +WIC_HOME_PARTITION:separate-home-part = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" + +WIC_HOME_PARTITION = "" +IMAGE_INSTALL += " move-homedir-var" +IMAGE_INSTALL:append:separate-home-part = " home-fs" +IMAGE_INSTALL:remove:separate-home-part = " move-homedir-var" IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" @@ -37,6 +41,17 @@ copy_dpkg_state() { sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } +ROOTFS_POSTPROCESS_COMMAND:append = " copy_home_to_immutable_data" +ROOTFS_POSTPROCESS_COMMAND:remove:separate-home-part = " copy_home_to_immutable_data" +copy_home_to_immutable_data() { + IMMUTABLE_HOME_DIR="${ROOTFSDIR}${IMMUTABLE_DATA_DIR}/" + sudo mkdir -p "$IMMUTABLE_HOME_DIR" + sudo mv ${ROOTFSDIR}/home "$IMMUTABLE_HOME_DIR/" + # as the rootfs is read-only we need to create the link + # between /var/home and /home during creation. + sudo chroot ${IMAGE_ROOTFS} ln -s /var/home /home +} + RO_ROOTFS_EXCLUDE_DIRS ??= "" EROFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" SQUASHFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" diff --git a/kas/opt/encrypt-all.yml b/kas/opt/encrypt-all.yml index b6d4041..faf7206 100644 --- a/kas/opt/encrypt-all.yml +++ b/kas/opt/encrypt-all.yml @@ -20,4 +20,4 @@ local_conf_header: # As we use a weak default assignment in the intramfs-crypt-hook recipe we need # to set all partitions CRYPT_PARTITIONS = "${ABROOTFS_PART_UUID_A}::reencrypt ${ABROOTFS_PART_UUID_B}::reencrypt \ - home:/home:reencrypt var:/var:reencrypt" + var:/var:reencrypt" diff --git a/kas/opt/separate-home-partition.yml b/kas/opt/separate-home-partition.yml new file mode 100644 index 0000000..194b132 --- /dev/null +++ b/kas/opt/separate-home-partition.yml @@ -0,0 +1,21 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +# This kas file adds a separate home partition an image. +# This provide backward compability to the previous isar-cip-core +# versions. +header: + version: 14 + +local_conf_header: + separate-home-partition: | + OVERRIDES .= ":separate-home-part" + add-home-partition-to-crypt: | + CRYPT_PARTITIONS:append:separate-home-part = " home:/home:reencrypt" diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb similarity index 98% rename from recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb rename to recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb index df335c9..80a4755 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb @@ -70,7 +70,7 @@ SRC_URI += "file://encrypt_partition.env.tmpl \ file://pwquality.conf" # CRYPT_PARTITIONS elements are ::[:expand] -CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" +CRYPT_PARTITIONS ??= "var:/var:reencrypt" # CRYPT_CREATE_FILE_SYSTEM_CMD contains the shell command to create the filesystem # in a newly formatted LUKS Partition CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4" From patchwork Wed Mar 5 10:27:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5323BC28B21 for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web11.10351.1741170491195440577 for ; Wed, 05 Mar 2025 02:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=U0LSx96x; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-20250305102809f698b4bd7a8909e2de-1buo5o@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20250305102809f698b4bd7a8909e2de for ; Wed, 05 Mar 2025 11:28:09 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=mfp83q5KqANMRRxWkCBcUXp7NHghhl0lLoz2b8hZihI=; b=U0LSx96xH0uFCOXiR1/NEabYMglGqtiyIfc8lqC73J+8OwF2JcX6jxk1ZI3WeNxVN5J+0T VfHaJNzy7G/wyhDvZGQmqPZjEC6uHA1ZUM5T0CkG8kEE1Fhlk+cDngy0OGscZogonzBDmM8a BylUE687MczTQEfBIYe2tAhBGcMsQr3FIGOlcABgdnXOvZo25N81eUO86kRGo21aieBxM2ax /4nidnY7YNhIPydNzTgD12dtZEe5J39e49UfAxQbZqh0EYcX0nuYXomHTicdPMB8DOx7e1KW gTiajIZzjn26SeXCDKpzx31kRjqavTqwREUXE7C6IlC7lUFwCMUBWMrw==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 5/6] Add Kconfig option for separate home partition Date: Wed, 5 Mar 2025 11:27:44 +0100 Message-ID: <20250305102807.2614514-6-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18037 From: Quirin Gylstorff Signed-off-by: Quirin Gylstorff --- Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Kconfig b/Kconfig index 3c246fa..40eee9d 100644 --- a/Kconfig +++ b/Kconfig @@ -241,6 +241,12 @@ config IMAGE_FULL_ENCRYPTION If the partitions contain secrets the first boot must occur in a secure location. +config SEPARATE_HOME_PARTITION + bool "Separate Home Partition" + help + This adds a separate home partition to the build image instead of moving + home to the var partition. + config KAS_INCLUDE_DATA_ENCRYPTION string default "kas/opt/encrypt-data.yml" if IMAGE_DATA_ENCRYPTION @@ -249,6 +255,10 @@ config KAS_INCLUDE_FULL_ENCRYPTION string default "kas/opt/encrypt-all.yml" if IMAGE_FULL_ENCRYPTION +config KAS_INCLUDE_HOME_PARTITION + string + default "kas/opt/separate-home-partition.yml" if SEPARATE_HOME_PARTITION + config WDOG_TIMEOUT int "EFI Boot Guard watchdog timeout in seconds" default 60 From patchwork Wed Mar 5 10:27:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 14002359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48029C282E3 for ; Wed, 5 Mar 2025 10:28:12 +0000 (UTC) Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net [185.136.65.227]) by mx.groups.io with SMTP id smtpd.web11.10352.1741170491347955657 for ; Wed, 05 Mar 2025 02:28:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=GWjWRhIb; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.227, mailfrom: fm-51332-202503051028098623b9e296d82d5974-30f8dc@rts-flowmailer.siemens.com) Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 202503051028098623b9e296d82d5974 for ; Wed, 05 Mar 2025 11:28:09 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=9pc9QZZQMSQa7lOYFyJM6LfH3ztkuRZUeWsEgyn7DcA=; b=GWjWRhIblKcZ+V8pyAGqsXytP0swT4+ofJXyHM9Dj7OQYoSlXssR/WzvqLeDHmxKIXbe6x YMay51NgjWlkDw7FHinCDdzjG43ivP+Fbw+7cqDkjqGdL5W4jNyZIiiT05XpwfUivN76Brti hl+QgYpop56Svd2XaBBYifwNmnjN7qb4vomB7CoH80RTLgbowqgxfakYekUaDi/pMU/+b6R1 huzDI7xi0BC4Cu+c78vIgFh5Ln9D/2ojvxtoDpTHcGdBRt59yBLkwUznOoV/24Gt8L5vLrOu TegD4oQ6feTzNdw6v43NU/c5Hhe3kdj4pK17GQ7gv9XT4vfVwF5DwgRQ==; From: Quirin Gylstorff To: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cip-dev@lists.cip-project.org Subject: [cip-dev][isar-cip-core][PATCH v3 6/6] add ci variable for separate home partition Date: Wed, 5 Mar 2025 11:27:45 +0100 Message-ID: <20250305102807.2614514-7-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> References: <20250305102807.2614514-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 05 Mar 2025 10:28:12 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18035 From: Quirin Gylstorff Signed-off-by: Quirin Gylstorff --- .gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4df521b..72d3af8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,6 +27,7 @@ variables: build_swu_v2: disable swupdate_version: default test_function: swupdate + separate_home_partition: disable stages: - build @@ -59,6 +60,7 @@ default: - if [ "${use_rt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/rt.yml"; fi - if [ "${extension}" != "none" ]; then base_yaml="${base_yaml}:kas/opt/${extension}.yml"; fi - if [ "${targz}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/targz.yml"; fi + - if [ "${separate_home_partition}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/separate-home-partition.yml"; fi - if [ "${release}" = "buster" ]; then base_yaml="${base_yaml}:kas/opt/buster.yml"; fi - if [ "${release}" = "bullseye" ]; then base_yaml="${base_yaml}:kas/opt/bullseye.yml"; fi - if [ "${release}" = "bookworm" ]; then base_yaml="${base_yaml}:kas/opt/bookworm.yml"; fi @@ -232,6 +234,7 @@ build:x86-uefi-secure-boot: watchdog: disable security_test: enable build_swu_v2: enable + separate_home_partition: enable build:qemu-amd64-swupdate: extends: