mbox series

[isar-cip-core,RFC,0/2] Deploy swupdate images with empty var partition

Message ID 20240130115648.311177-1-felix.moessbauer@siemens.com (mailing list archive)
Headers show
Series Deploy swupdate images with empty var partition | expand

Message

Felix Moessbauer Jan. 30, 2024, 11:56 a.m. UTC 
This patch series prepares and switches the rootfs configuration to be
deployed with an empty /var partition. For now, I send this as an RFC,
as this needs to be tested by a broader audience.

A couple notes about the implementation:

- the /var partition is deployed as empty file system
  (and not included in the squashfs)
- no warnings are issued on files / dirs that are pre-populated in /var.
  It has been tested if this is possible, but unfortunately many packages
  use both tmpdirs.d as well as postinstall scripts to create the files.
  This might be the result of a transition phase, but makes it impossible
  to detect potential issues. Also the tmpdirs.d configuration does not
  necessarily come from the same package as the dir creation in postinst.
- The dpkg database is copied to /usr/share/cip/var/lib/dpkg and a symlink
  is created on /var/lib/dpkg (using tmpdirs.d). By that, dpkg -l can still
  be used to query the installed packages and their versions. This feature
  is bookworm only due to the required debhelper-compat 13.

Note: This series needs to be applied on top of "refactor: use change-dir
to split rootfs parts"

References:

- https://lists.debian.org/debian-policy/2023/06/msg00016.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039979
- https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/75
- https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/50

Best regards,
Felix

Felix Moessbauer (2):
  copy and symlink dpkg db to ro-rootfs
  swupdate images: initially deploy empty var part

 classes/read-only-rootfs.bbclass              | 10 +++++++
 .../cip-read-only-rootfs_0.1.bb               | 26 +++++++++++++++++++
 .../files/cip-read-only-rootfs.tmpfiles       |  1 +
 .../cip-read-only-rootfs/files/control        | 11 ++++++++
 wic/bbb-efibootguard.wks.in                   |  2 +-
 wic/hihope-rzg2m-efibootguard.wks.in          |  2 +-
 wic/qemu-amd64-efibootguard-secureboot.wks.in |  2 +-
 wic/qemu-arm64-efibootguard-secureboot.wks.in |  2 +-
 wic/qemu-arm64-efibootguard.wks.in            |  2 +-
 wic/qemu-riscv64-efibootguard.wks.in          |  2 +-
 wic/x86-efibootguard.wks.in                   |  2 +-
 11 files changed, 55 insertions(+), 7 deletions(-)
 create mode 100644 recipes-core/cip-read-only-rootfs/cip-read-only-rootfs_0.1.bb
 create mode 100644 recipes-core/cip-read-only-rootfs/files/cip-read-only-rootfs.tmpfiles
 create mode 100644 recipes-core/cip-read-only-rootfs/files/control