diff mbox series

[isar-cip-core,RFC,v3,6/9] Create systemd mount units for a etc overlay

Message ID 20211123145747.101549-7-Quirin.Gylstorff@siemens.com (mailing list archive)
State Handled Elsewhere
Headers show
Series Read-only root file system with dm-verity | expand

Commit Message

Quirin Gylstorff Nov. 23, 2021, 2:57 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

As /etc is read-only and needs to be accessed by the initrd
move the user defined settings to a overlay in /var/local/etc.

As systemd sets the hostname directly on start reread the /etc/hostname
after mounting the overlay.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .../etc-overlay-fs/etc-overlay-fs_0.1.bb      | 32 +++++++++++++++++++
 .../etc-overlay-fs/files/etc-hostname.service | 14 ++++++++
 .../files/etc-sshd-regen-keys.conf            |  7 ++++
 .../etc-overlay-fs/files/etc-sysusers.conf    |  4 +++
 recipes-core/etc-overlay-fs/files/etc.mount   | 13 ++++++++
 recipes-core/etc-overlay-fs/files/postinst    |  4 +++
 .../images/cip-core-image-read-only.bb        |  1 +
 7 files changed, 75 insertions(+)
 create mode 100644 recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
 create mode 100644 recipes-core/etc-overlay-fs/files/etc-hostname.service
 create mode 100644 recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
 create mode 100644 recipes-core/etc-overlay-fs/files/etc-sysusers.conf
 create mode 100644 recipes-core/etc-overlay-fs/files/etc.mount
 create mode 100755 recipes-core/etc-overlay-fs/files/postinst
diff mbox series

Patch

diff --git a/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
new file mode 100644
index 0000000..4e2b80b
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/etc-overlay-fs_0.1.bb
@@ -0,0 +1,32 @@ 
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Siemens AG, 2021
+#
+# Authors:
+#  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+
+SRC_URI = "file://postinst \
+           file://etc.mount \
+           file://etc-hostname.service \
+           file://etc-sshd-regen-keys.conf \
+           file://etc-sysusers.conf"
+
+do_install[cleandirs]+="${D}/usr/lib/systemd/system \
+                        ${D}/usr/lib/systemd/system/local-fs.target.wants \
+                        ${D}/usr/lib/systemd/system/systemd-sysusers.service.d \
+                        ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d \
+                        ${D}/var/local/etc \
+                        ${D}/var/local/.atomic \
+                        "
+do_install() {
+    TARGET=${D}/usr/lib/systemd/system
+    install -m 0644 ${WORKDIR}/etc.mount ${TARGET}/etc.mount
+    install -m 0644 ${WORKDIR}/etc-hostname.service ${TARGET}/etc-hostname.service
+    install -m 0644 ${WORKDIR}/etc-sshd-regen-keys.conf ${D}/usr/lib/systemd/system/sshd-regen-keys.service.d/etc-sshd-regen-keys.conf
+    install -m 0644 ${WORKDIR}/etc-sysusers.conf ${D}/usr/lib/systemd/system/systemd-sysusers.service.d/etc-sysusers.service
+}
diff --git a/recipes-core/etc-overlay-fs/files/etc-hostname.service b/recipes-core/etc-overlay-fs/files/etc-hostname.service
new file mode 100644
index 0000000..2306b9f
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-hostname.service
@@ -0,0 +1,14 @@ 
+[Unit]
+Description=set hostname /etc overlay-aware
+Before=network-pre.target
+Wants=network-pre.target
+Requires=etc.mount
+After=etc.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/hostname --boot --file /etc/hostname
+
+[Install]
+WantedBy=basic.target
diff --git a/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
new file mode 100644
index 0000000..014b5a6
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-sshd-regen-keys.conf
@@ -0,0 +1,7 @@ 
+[Unit]
+# set hostname /etc overlay-aware
+Before=network-pre.target
+Wants=network-pre.target
+Requires=etc.mount
+After=etc.mount
+
diff --git a/recipes-core/etc-overlay-fs/files/etc-sysusers.conf b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
new file mode 100644
index 0000000..ad45d7f
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc-sysusers.conf
@@ -0,0 +1,4 @@ 
+[Unit]
+# make systemd-sysusers /etc overlay aware
+Requires=etc.mount
+After=etc.mount
diff --git a/recipes-core/etc-overlay-fs/files/etc.mount b/recipes-core/etc-overlay-fs/files/etc.mount
new file mode 100644
index 0000000..f0ae3c5
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/etc.mount
@@ -0,0 +1,13 @@ 
+[Unit]
+Description=Overlay-mount /etc
+Requires=var.mount
+After=var.mount
+
+[Mount]
+What=overlay
+Where=/etc
+Type=overlay
+Options=noauto,x-systemd.automount,lowerdir=/etc,upperdir=/var/local/etc,workdir=/var/local/.atomic
+
+[Install]
+WantedBy=local-fs.target
diff --git a/recipes-core/etc-overlay-fs/files/postinst b/recipes-core/etc-overlay-fs/files/postinst
new file mode 100755
index 0000000..e436b53
--- /dev/null
+++ b/recipes-core/etc-overlay-fs/files/postinst
@@ -0,0 +1,4 @@ 
+#!/bin/sh
+
+deb-systemd-helper enable etc.mount  || true
+deb-systemd-helper enable etc-hostname.service || true
diff --git a/recipes-core/images/cip-core-image-read-only.bb b/recipes-core/images/cip-core-image-read-only.bb
index 7ef2dc2..ceb6ac4 100644
--- a/recipes-core/images/cip-core-image-read-only.bb
+++ b/recipes-core/images/cip-core-image-read-only.bb
@@ -2,6 +2,7 @@  require cip-core-image.bb
 
 SQUASHFS_EXCLUDE_DIRS += "home var"
 
+IMAGE_INSTALL += "etc-overlay-fs"
 IMAGE_INSTALL += "tmp-fs"
 IMAGE_INSTALL_remove += "initramfs-abrootfs-secureboot"