[Pkg-utopia-maintainers] Bug#824651: ostree: initramfs-tools integration
bauen1
j2468h at googlemail.com
Fri Mar 24 14:59:32 GMT 2023
Hi,
I've been successfully experimenting with ostree-ifying debian, using the attached script with initramfs-tools.
It's not particularly polished, and essentially assumes:
- The `systemd-remount-fs.service` unit is masked
- You passed `boot=ostree` on the cmdline, so initramfs-tools sources the script
- That you want to use the `sysroot.readonly=true` option
Ideally the `/usr/lib/ostree/ostree-prepare-root` utility could be used, but I found it easier start experimenting with manually mounting everything.
Perhaps that script is of use to someone.
I'm not sure how much interest there is in building something similar to Fedora Silverblue using Debian, but there are a couple of other things, that would be useful:
- A udeb with just the ostree utility for use in the installer, that would allow building a installer using the existing d-i components.
I currently use the `copy_exec` function from initramfs-tools to build such a udeb, and while some libraries are already packaged as udeb, ostree has a lot of dependencies, and gpg verification doesn't work.
- Shipping sysuser and tmpfiles for every debian package
--
bauen1
-------------- next part --------------
#!/bin/sh
# Author: Jonathan Hettwer (bauen1) <j2468h at gmail.com>
PREREQS=""
prereqs() {
echo "$PREREQS" ;
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
# The local script is sourced unconditionally, so in most places we defer to it.
ostree_top()
{
local_top
}
ostree_block()
{
local_block
}
ostree_premount()
{
local_premount
}
ostree_bottom()
{
local_bottom
}
ostree_mount_root()
{
# Force the initial mount to be read-only
readonly=y
# First use the local boot script to mount the actual $rootmnt
log_warning_msg "ostree: before local_mount_root"
local_mount_root
log_warning_msg "ostree: after local_mount_root"
# FIXME: this may not be the most appropiate place to parse the cmdline:
export ostree_deploy_tree=
for x in $(cat /proc/cmdline); do
case $x in
ostree=*)
ostree_deploy_tree=${x#ostree=}
;;
esac
done
if [ -z "${ostree_deploy_tree}" ]; then
panic "No ostree deployment path specified!"
fi
log_warning_msg "ostree_deploy_tree: ${ostree_deploy_tree}"
# TODO: We don't really respect the rw cmdline argument, or the sysroot.readonly configuration
# in the ostree repository, we simply assume that sysroot.readonly is set and mount accordingly
# TODO: Most of this could be replaced by the /usr/lib/ostree/ostree-prepare-root
# XXX: The ostree system I'm using this has the `systemd-remount-fs.service` unit masked, enabling it could mess up the mount setup, see the ostree-boot package.
# Bind mount the ostree deployment in preparation of moving it onto /
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}" "${rootmnt}${ostree_deploy_tree}"; then
panic "Failed to bind mount ${rootmnt}${ostree_deploy_tree}"
fi
if ! mount -o remount,ro dummy "${rootmnt}${ostree_deploy_tree}"; then
panic "Failed to make ${rootmnt}${ostree_deploy_tree} mount read-only"
fi
# Bind mount the actual root onto the /sysroot directory in the deployment
if ! mount -o bind "${rootmnt}" "${rootmnt}${ostree_deploy_tree}/sysroot"; then
panic "Failed to bind mount the physical root (${rootmnt}) onto the ostree deployment /sysroot directory (${rootmnt}${ostree_deploy_tree}/sysroot)"
fi
# Prepare /boot
if ! read_fstab_entry /boot; then
log_warning_msg "Found /boot entry in fstab, not mounting"
# If we where to bind-mount here, systemd would not mount /boot itself
else
log_warning "Found no /boot entry in fstab, bind mounting"
if ! mount -o bind "${rootmnt}/boot" "${rootmnt}${ostree_deploy_tree}/boot"; then
panic "Failed to bind mount /boot from physical root to deployment root /boot!"
fi
fi
# Prepare /etc
log_warning_msg "ostree: attempting to bind mount ${rootmnt}${ostree_deploy_tree}/etc"
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}"/etc "${rootmnt}${ostree_deploy_tree}"/etc ; then
panic "Failed to bind mount /etc while preparing /sysroot"
fi
if ! mount -o remount,rw dummy "${rootmnt}${ostree_deploy_tree}"/etc ; then
# It might be possible to continue at this point
panic "Failed to make /etc read-write"
fi
# Prepare /usr
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}"/usr "${rootmnt}${ostree_deploy_tree}"/usr ; then
panic "Failed to bind mount /usr while preparing /sysroot"
fi
if ! mount -o remount,ro dummy "${rootmnt}${ostree_deploy_tree}"/usr ; then
panic "Failed to make /usr read-only"
fi
# Prepare /var
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}/../../var" "${rootmnt}${ostree_deploy_tree}/var"; then
panic "Failed to bind mount os state directory onto deployment var directroy"
fi
if ! mount -o remount,rw dummy "${rootmnt}${ostree_deploy_tree}/var"; then
panic "Failed to make ${rootmnt}${ostree_deploy_tree}/var mount read-write!"
fi
# Finally make the deployment chroot the new root
if ! mount -o move "${rootmnt}${ostree_deploy_tree}" "${rootmnt}" ; then
panic "Failed to move ostree deployment directory onto root!"
fi
# FIXME: systemd will undo this
#if ! mount -o remount,private "${rootmnt}"; then
# panic "Failed to set private flag on rootmount (${rootmount})"
#fi
# Inform e.g. systemd that we have booted an ostree system.
echo "" > /run/ostree-booted
unset ostree_deploy_tree
}
# Actual hooks
mountroot()
{
ostree_mount_root
}
mountfs()
{
# This would probably mess things up!
panic "mountfs should most likely not be used with ostree !"
}
mount_top()
{
ostree_top
}
mount_premount()
{
ostree_premount
}
mount_bottom()
{
ostree_bottom
}
More information about the Pkg-utopia-maintainers
mailing list