From patchwork Mon Mar 3 11:21:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13998618 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DAECC282D3 for ; Mon, 3 Mar 2025 11:23:54 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.51240.1741001026040591141 for ; Mon, 03 Mar 2025 03:23:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=OiLywbbu; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-51332-2025030311234306992efd9b23e2db98-8aynwr@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2025030311234306992efd9b23e2db98 for ; Mon, 03 Mar 2025 12:23:43 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=nHYAPP3CyTaZk6BaGjFPkDA8bXbweSDg3U+tTje8F6Y=; b=OiLywbbuoNLFvAmG/dYlSTQMHC2pGN2E9BVLpDhngZ7d57jnB9oCCmzh9BDm/xX877EEQZ SpGgEuvy5RPUoj06MQnoAVjz8HtYHdq84B0h5slkQHkuaER49Jt52k08UGe2xobmC2a8EnrT Okzks1ip2mbrwE/WJCDtBw1U3BicgVJ9ciwsedZqKfAr4ISSUCNvofEOTJtgWO4GO5xu56Nn OA0RwIaP8pkk0my/1wto3yNJOiDmHqqafPpMc2IyTAPyb4ezfGSj3h3+aPZrihBig+4W02ww dBqlYFCAVlrc+sNfOIZZMHXOjB/qmfT6M0i5G0MlV15nDSfmT1K6Su6Q==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v2 1/4] read-only-rootfs: Make IMMUTABLE_DATA_DIR configurable Date: Mon, 3 Mar 2025 12:21:45 +0100 Message-ID: <20250303112342.851020-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> References: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Mar 2025 11:23:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17997 From: Quirin Gylstorff This allows the user to set the variable IMMUTABLE_DATA_DIR. This allows to set directory as requested by issue #124. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/124 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 4 +++- .../immutable-rootfs/files/immutable-rootfs.tmpfiles | 2 -- .../immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl | 2 ++ .../{immutable-rootfs_0.1.bb => immutable-rootfs_0.2.bb} | 6 +++++- 4 files changed, 10 insertions(+), 4 deletions(-) delete mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles create mode 100644 recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl rename recipes-core/immutable-rootfs/{immutable-rootfs_0.1.bb => immutable-rootfs_0.2.bb} (73%) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 35a3ab3..0db398f 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -28,8 +28,10 @@ IMAGE_INSTALL:remove:bullseye = " immutable-rootfs" ROOTFS_POSTPROCESS_COMMAND:append =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:buster =" copy_dpkg_state" ROOTFS_POSTPROCESS_COMMAND:remove:bullseye =" copy_dpkg_state" + +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" copy_dpkg_state() { - IMMUTABLE_VAR_LIB="${ROOTFSDIR}/usr/share/immutable-data/var/lib" + IMMUTABLE_VAR_LIB="${ROOTFSDIR}${IMMUTABLE_DATA_DIR}/var/lib" sudo mkdir -p "$IMMUTABLE_VAR_LIB" sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles deleted file mode 100644 index 2f7c338..0000000 --- a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -L /var/lib/dpkg - - - - /usr/share/immutable-data/var/lib/dpkg -d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl new file mode 100644 index 0000000..001dbb1 --- /dev/null +++ b/recipes-core/immutable-rootfs/files/immutable-rootfs.tmpfiles.tmpl @@ -0,0 +1,2 @@ +L /var/lib/dpkg - - - - ${IMMUTABLE_DATA_DIR}/var/lib/dpkg +d /var/log/audit 0700 root adm - diff --git a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb b/recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb similarity index 73% rename from recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb rename to recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb index 2dbda6d..c847f44 100644 --- a/recipes-core/immutable-rootfs/immutable-rootfs_0.1.bb +++ b/recipes-core/immutable-rootfs/immutable-rootfs_0.2.bb @@ -15,9 +15,13 @@ inherit dpkg-raw MAINTAINER = "Felix Moessbauer " DESCRIPTION = "Config to link volatile data to immutable copies" -SRC_URI = "file://${BPN}.tmpfiles" +SRC_URI = "file://${BPN}.tmpfiles.tmpl" DPKG_ARCH = "all" +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + do_prepare_build:append() { cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ } From patchwork Mon Mar 3 11:21:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13998620 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D271C282CD for ; Mon, 3 Mar 2025 11:23:54 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.50856.1741001026226698447 for ; Mon, 03 Mar 2025 03:23:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=X1Sr6cRf; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-51332-202503031123436381f293ca6c55dcba-efg1ia@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 202503031123436381f293ca6c55dcba for ; Mon, 03 Mar 2025 12:23:43 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=fnd2eu8pbRAuhnLyLrlbeVkxG2hZ9AO74XiA5WEtXM8=; b=X1Sr6cRfC7F4gI4NNwbnlllRFPPwja7xxiPOyqGTKC55aFL1ZvkGcQtnFJol8qEAAZPUSP U5TgILe4cT2L4+5Yz0tyOCWXBDFRP/cxT20aK8PAO/dqywq9R2JTpIBeZggiH14mOBkjtrqW 6LBhqlyiAi12b+qChPGYtXm+ODzfoT0E/wm8UUXqbHV0esq6uyeItXvSLlRJFCHoT9ltreU+ k7yTX6jkiL7xsQR2xYnxIsPrjZVcMES14G521DhHj6SSDsbJ5KJcnFjBusMAlGFDo73/MyCu KfPAUaSnFZTxjaci4qGVSm546bE33ZzFDsKr7U8GoACiQ2QfrpOKcTGQ==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v2 2/4] read-only-rootfs: add home partition with a variable Date: Mon, 3 Mar 2025 12:21:46 +0100 Message-ID: <20250303112342.851020-3-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> References: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Mar 2025 11:23:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/17999 From: Quirin Gylstorff This allows the user to disable the home partition to simplify the partition layout. Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 1 + wic/bbb-efibootguard.wks.in | 4 ++-- wic/hihope-rzg2m-efibootguard.wks.in | 5 ++--- wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 ++-- wic/qemu-arm64-efibootguard.wks.in | 4 ++-- wic/qemu-riscv64-efibootguard.wks.in | 4 ++-- wic/x86-uefi-efibootguard-secureboot.wks.in | 4 ++-- wic/x86-uefi-efibootguard.wks.in | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 0db398f..0c8ae24 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -15,6 +15,7 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" IMAGE_INSTALL += "home-fs" +WIC_HOME_PARTITION = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" diff --git a/wic/bbb-efibootguard.wks.in b/wic/bbb-efibootguard.wks.in index 6c30a8a..c623623 100644 --- a/wic/bbb-efibootguard.wks.in +++ b/wic/bbb-efibootguard.wks.in @@ -14,8 +14,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 9947ed57-102f-4038-880c-9cf5cacaf153 bootloader --ptable gpt --append="rootwait console=ttyO0,115200 omap_wdt.early_enable=1 omap_wdt.nowayout=1 watchdog.handle_boot_enabled=0" diff --git a/wic/hihope-rzg2m-efibootguard.wks.in b/wic/hihope-rzg2m-efibootguard.wks.in index 311fbd0..9df0de5 100644 --- a/wic/hihope-rzg2m-efibootguard.wks.in +++ b/wic/hihope-rzg2m-efibootguard.wks.in @@ -6,9 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions - -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 43a29d19-005f-49d9-9108-51ad0861d724 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 7e20a7d5-5578-4ced-a7f1-5ee494dbaf72 bootloader --ptable gpt --append="console=tty0 console=ttySC0,115200 rootwait earlyprintk" diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in index 955a6b6..7ff7068 100644 --- a/wic/qemu-arm64-efibootguard-secureboot.wks.in +++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid e869413d-dc84-4822-b50d-00c5aab7d6fc +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 815406da-387f-4e89-a0fb-6e617605c8c3 bootloader --ptable gpt --append="panic=5" diff --git a/wic/qemu-arm64-efibootguard.wks.in b/wic/qemu-arm64-efibootguard.wks.in index ce6253e..38db84b 100644 --- a/wic/qemu-arm64-efibootguard.wks.in +++ b/wic/qemu-arm64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 7346faa7-d6d4-49fa-a03e-82ee469cb1e5 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 423f0a2e-b9b3-4615-85be-2a4261fa32d9 bootloader --ptable gpt diff --git a/wic/qemu-riscv64-efibootguard.wks.in b/wic/qemu-riscv64-efibootguard.wks.in index 1166ea1..6423bf4 100644 --- a/wic/qemu-riscv64-efibootguard.wks.in +++ b/wic/qemu-riscv64-efibootguard.wks.in @@ -6,8 +6,8 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid e578254c-bd99-4442-bc51-4935cd0ef522 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 0209689d-672f-4254-8b92-566d6d9fd1ae bootloader --ptable gpt diff --git a/wic/x86-uefi-efibootguard-secureboot.wks.in b/wic/x86-uefi-efibootguard-secureboot.wks.in index 71b0103..d7b5cbd 100644 --- a/wic/x86-uefi-efibootguard-secureboot.wks.in +++ b/wic/x86-uefi-efibootguard-secureboot.wks.in @@ -3,8 +3,8 @@ include ebg-signed-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid 94593121-6f5f-4b04-98db-39aace692682 +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid 686a2e06-7f96-495b-beac-1731cb98eb0e bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 panic=5" diff --git a/wic/x86-uefi-efibootguard.wks.in b/wic/x86-uefi-efibootguard.wks.in index 962eaac..380e828 100644 --- a/wic/x86-uefi-efibootguard.wks.in +++ b/wic/x86-uefi-efibootguard.wks.in @@ -6,9 +6,9 @@ include ebg-sysparts.inc part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${RO_ROOTFS_TYPE}" --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_A}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systema part --source empty --align 1024 --fixed-size 1G --uuid "${ABROOTFS_PART_UUID_B}" --part-type 0FC63DAF-8483-4772-8E79-3D69D8477DE4 --part-name systemb -# home and var are extra partitions -part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --extra-space=100M --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid f12faa7c-a9ef-4b3f-b63d-1c74bd5c2b1c +# var and optional home are extra partitions +${WIC_HOME_PARTITION} part /var --fstype=ext4 --label var --align 1024 --fixed-size 2G --fsuuid 96be3374-4258-11ee-be56-0242ac120002 --uuid be5ae5e0-91d3-46ec-a7f7-c1ebfc0a7c28 bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk watchdog.handle_boot_enabled=0 iTCO_wdt.nowayout=1 " From patchwork Mon Mar 3 11:21:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13998616 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90180C282C6 for ; Mon, 3 Mar 2025 11:23:54 +0000 (UTC) Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net [185.136.65.227]) by mx.groups.io with SMTP id smtpd.web11.50854.1741001026220557598 for ; Mon, 03 Mar 2025 03:23:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=RwXU+1XI; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.227, mailfrom: fm-51332-202503031123433597bc92d82222d49d-tlxyuz@rts-flowmailer.siemens.com) Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 202503031123433597bc92d82222d49d for ; Mon, 03 Mar 2025 12:23:43 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=xH3v7MwNrsf/lqFkcu/bTjtZPXcDMtqU/Ws2TGe4j1Y=; b=RwXU+1XIlNwruU+SvljeMwsLUIe2HAsZbtia5cJYBMh2U8P5KBrXqV/bdlx1L+9+FdgDA6 IM94Ta2BNnGWMP7m2zJAD2p22gr+RItjaITqOSaAZY3GQ7tkPL5tZDR+foSuzHvjmPFE9kVV Kvri4snHP7CzPoXFLcfU4nr5r5Myt3DAsrIinTAVHDwKHscFXly74bli4fbtw9qUIuQaVIZC HsPilTAp24lX1d6GvIlYWRbwyxkp4KdS7xa9wDT0Uhu0GSjnNKVlXqQ43UNVCvLbTi11Thoy kv5s/rMpbnujW2n2cSSDiK8hKppFwCyXv9iIeuxh4ugiaAlqpnUMRQ5Q==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v2 3/4] add move-homedir-var package Date: Mon, 3 Mar 2025 12:21:47 +0100 Message-ID: <20250303112342.851020-4-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> References: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Mar 2025 11:23:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18000 From: Quirin Gylstorff This creates a tmpfiles to copy /usr/share/immutable-data/home to /var Also the recipe moves /home to /var/home and creates a symbolic link between them. This is prerequisite to move the home partition to /var as requested by issue #123. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- .../files/move-homedir-var.tmpfiles.tmpl | 3 +++ .../move-homedir-var/move-homedir-var_0.1.bb | 23 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl create mode 100644 recipes-core/move-homedir-var/move-homedir-var_0.1.bb diff --git a/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl new file mode 100644 index 0000000..8a3e535 --- /dev/null +++ b/recipes-core/move-homedir-var/files/move-homedir-var.tmpfiles.tmpl @@ -0,0 +1,3 @@ +L /home - - - - /var/home +C /var/home - - - - ${IMMUTABLE_DATA_DIR}/home + diff --git a/recipes-core/move-homedir-var/move-homedir-var_0.1.bb b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb new file mode 100644 index 0000000..8848df6 --- /dev/null +++ b/recipes-core/move-homedir-var/move-homedir-var_0.1.bb @@ -0,0 +1,23 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT + +inherit dpkg-raw + +DEBIAN_CONFLICTS = "home-fs" +SRC_URI = "file://${BPN}.tmpfiles.tmpl" +DPKG_ARCH = "all" + +IMMUTABLE_DATA_DIR ??= "/usr/share/immutable-data" +TEMPLATE_VARS = "IMMUTABLE_DATA_DIR" +TEMPLATE_FILES += "${BPN}.tmpfiles.tmpl" + +do_prepare_build:append() { + cp ${WORKDIR}/${BPN}.tmpfiles ${S}/debian/ +} From patchwork Mon Mar 3 11:21:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 13998617 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90107C282C5 for ; Mon, 3 Mar 2025 11:23:54 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.web11.50853.1741001026117652234 for ; Mon, 03 Mar 2025 03:23:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=Quirin.Gylstorff@siemens.com header.s=fm1 header.b=VwlCRtvr; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-51332-202503031123443a13a9ae9536685fe0-kj2ckb@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 202503031123443a13a9ae9536685fe0 for ; Mon, 03 Mar 2025 12:23:44 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=XnKkV9GhlVxSjonR95p84vleAVeRntYAjoBNL8U53aw=; b=VwlCRtvrE2RZpkP4uyxq6TtSnu5ghyuGQrsUj04mj4syCgjT/OEi02zU+LpponiaDpBXy5 OQw+sUoKq8kFMkJTE7C8j4yKaDi9cO+gKYgVoW4EddB+uGKw1//pVaSg0rNmmpLvzvIG51X3 hSgVMNjA/fMO2sMjMI71CHXuy+42P5mB+ySPzcuqAMhBnhM4gqCtWemD9xJHov3rkpMEX2EK 7qXD3GyWoxhJr8/wGZS6DbirJCEH4PND0+n3QBiX64+nRcptKo0gYW4G/WT5Zoaw/pP3vcDV khp/6nrt940jfWfJ6ciuoEP4cOWI6V9Dj/8ZNSQi6eqigxD3r4oBjCsA==; From: Quirin Gylstorff To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, ludwig.nussel@siemens.com Subject: [cip-dev][isar-cip-core][PATCH v2 4/4] Move content of home to IMMUTABLE_DATA_DIR Date: Mon, 3 Mar 2025 12:21:48 +0100 Message-ID: <20250303112342.851020-5-Quirin.Gylstorff@siemens.com> In-Reply-To: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> References: <20250303112342.851020-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Mar 2025 11:23:54 -0000 X-Groupsio-URL: https://lists.cip-project.org/g/cip-dev/message/18001 From: Quirin Gylstorff This reduces the amount of necessary partitions. It also allows to use a A/B-update scheme for the var partition. This fixes issue #123. https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/123 Signed-off-by: Quirin Gylstorff --- classes/read-only-rootfs.bbclass | 19 +++++++++++++++-- kas/opt/encrypt-all.yml | 2 +- kas/opt/separate-home-partition.yml | 21 +++++++++++++++++++ ...ook_0.6.bb => initramfs-crypt-hook_0.7.bb} | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 kas/opt/separate-home-partition.yml rename recipes-initramfs/initramfs-crypt-hook/{initramfs-crypt-hook_0.6.bb => initramfs-crypt-hook_0.7.bb} (98%) diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass index 0c8ae24..4e70d81 100644 --- a/classes/read-only-rootfs.bbclass +++ b/classes/read-only-rootfs.bbclass @@ -14,8 +14,12 @@ INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img" do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build" -IMAGE_INSTALL += "home-fs" -WIC_HOME_PARTITION = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" +WIC_HOME_PARTITION:separate-home-part = "part /home --source rootfs --change-directory=home --fstype=ext4 --label home --align 1024 --size 1G --fsuuid 1f55d66a-40d8-11ee-be56-0242ac120002 --uuid c07d5e8f-3448-46dc-9c0f-58904f369524" + +WIC_HOME_PARTITION = "" +IMAGE_INSTALL += " move-homedir-var" +IMAGE_INSTALL:append:separate-home-part = " home-fs" +IMAGE_INSTALL:remove:separate-home-part = " move-homedir-var" IMAGE_INSTALL:append:buster = " tmp-fs" IMAGE_INSTALL:append:bullseye = " tmp-fs" @@ -37,6 +41,17 @@ copy_dpkg_state() { sudo cp -a ${ROOTFSDIR}/var/lib/dpkg "$IMMUTABLE_VAR_LIB/" } +ROOTFS_POSTPROCESS_COMMAND:append = " copy_home_to_immutable_data" +ROOTFS_POSTPROCESS_COMMAND:remove:separate-home-part = " copy_home_to_immutable_data" +copy_home_to_immutable_data() { + IMMUTABLE_HOME_DIR="${ROOTFSDIR}${IMMUTABLE_DATA_DIR}/" + sudo mkdir -p "$IMMUTABLE_HOME_DIR" + sudo mv ${ROOTFSDIR}/home "$IMMUTABLE_HOME_DIR/" + # as the rootfs is read-only we need to create the link + # between /var/home and /home during creation. + sudo chroot ${IMAGE_ROOTFS} ln -s /var/home /home +} + RO_ROOTFS_EXCLUDE_DIRS ??= "" EROFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" SQUASHFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}" diff --git a/kas/opt/encrypt-all.yml b/kas/opt/encrypt-all.yml index b6d4041..faf7206 100644 --- a/kas/opt/encrypt-all.yml +++ b/kas/opt/encrypt-all.yml @@ -20,4 +20,4 @@ local_conf_header: # As we use a weak default assignment in the intramfs-crypt-hook recipe we need # to set all partitions CRYPT_PARTITIONS = "${ABROOTFS_PART_UUID_A}::reencrypt ${ABROOTFS_PART_UUID_B}::reencrypt \ - home:/home:reencrypt var:/var:reencrypt" + var:/var:reencrypt" diff --git a/kas/opt/separate-home-partition.yml b/kas/opt/separate-home-partition.yml new file mode 100644 index 0000000..aaf349b --- /dev/null +++ b/kas/opt/separate-home-partition.yml @@ -0,0 +1,21 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +# This kas file adds swupdate and generates a ${IMAGE_NAME}.swu +# from the first wic partition + +header: + version: 14 + +local_conf_header: + separate-home-partition: | + OVERRIDES .= ":separate-home-part" + add-home-partition-to-crypt: | + CRYPT_PARTITIONS:append:separate-home-part = " home:/home:reencrypt" diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb similarity index 98% rename from recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb rename to recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb index df335c9..80a4755 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.6.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.7.bb @@ -70,7 +70,7 @@ SRC_URI += "file://encrypt_partition.env.tmpl \ file://pwquality.conf" # CRYPT_PARTITIONS elements are ::[:expand] -CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" +CRYPT_PARTITIONS ??= "var:/var:reencrypt" # CRYPT_CREATE_FILE_SYSTEM_CMD contains the shell command to create the filesystem # in a newly formatted LUKS Partition CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4"