2012-02-06 01:02:44 +04:00
# Copyright (C) 2011 Colin Walters <walters@verbum.org>
#
2018-01-30 22:26:26 +03:00
# SPDX-License-Identifier: LGPL-2.0+
#
2012-02-06 01:02:44 +04:00
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
2021-12-07 04:20:55 +03:00
# License along with this library. If not, see <https://www.gnu.org/licenses/>.
2012-02-06 01:02:44 +04:00
2023-06-17 17:05:22 +03:00
ostree_prepare_root_SOURCES = \
src/switchroot/ostree-mount-util.h
ostree_prepare_root_CFLAGS =
ostree_prepare_root_CPPFLAGS = $(AM_CPPFLAGS)
ostree_prepare_root_LDADD =
2013-10-23 00:04:32 +04:00
if BUILDOPT_SYSTEMD
2016-08-09 16:23:04 +03:00
ostree_boot_PROGRAMS += ostree-remount
2016-11-28 22:05:53 +03:00
else
# It is built anyway as a side-effect of having the symlink in tests/,
# and if we declare it here, it gets cleaned up properly
check_PROGRAMS += ostree-remount
2012-08-26 20:46:14 +04:00
endif
2013-06-04 21:18:36 +04:00
2016-08-30 22:28:02 +03:00
if BUILDOPT_USE_STATIC_COMPILER
2023-06-17 17:05:22 +03:00
ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root-static.c
2016-08-30 22:28:02 +03:00
# ostree-prepare-root can be used as init in a system without a populated /lib.
# To support this use case we need to link statically as we will be unable to
# locate libc.so at run time if it's not installed in /lib.
#
# We support building ostree-prepare-root with a different compiler to the rest
# of ostree so we can use musl rather than glibc. This reduces the size of the
# executable significantly: from ~700K -> ~30K. We have to use _SCRIPTS here
# to get autotools to install this as an executable but without generating rules
# to make it itself which we have specified manually. See
# https://lists.gnu.org/archive/html/help-gnu-utils/2007-01/msg00007.html
2019-11-06 03:16:07 +03:00
ostree_boot_SCRIPTS += ostree-prepare-root
2016-08-30 22:28:02 +03:00
ostree-prepare-root : $(ostree_prepare_root_SOURCES)
2023-06-17 17:05:22 +03:00
$(STATIC_COMPILER) -o $@ -static $(top_srcdir)/src/switchroot/ostree-prepare-root-static.c $(ostree_prepare_root_CPPFLAGS) $(AM_CFLAGS) $(DEFAULT_INCLUDES) -DOSTREE_PREPARE_ROOT_STATIC=1
2023-06-27 13:26:08 +03:00
CLEANFILES += ostree-prepare-root
2016-08-30 22:28:02 +03:00
else
ostree_boot_PROGRAMS += ostree-prepare-root
2023-07-07 12:29:31 +03:00
ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/composefs -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil
2023-06-17 17:05:22 +03:00
ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c
2023-07-07 12:29:31 +03:00
ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx
ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la
2023-06-17 17:05:22 +03:00
endif # BUILDOPT_USE_STATIC_COMPILER
2012-02-06 01:02:44 +04:00
2016-08-31 00:49:15 +03:00
ostree_remount_SOURCES = \
src/switchroot/ostree-mount-util.h \
src/switchroot/ostree-remount.c \
$(NULL)
2023-07-13 14:47:32 +03:00
ostree_remount_CPPFLAGS = $(AM_CPPFLAGS) $(OT_INTERNAL_GIO_UNIX_CFLAGS) -Isrc/switchroot -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil -I$(srcdir)/libglnx
ostree_remount_LDADD = $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) libotcore.la libotutil.la libglnx.la
Switch to using a systemd generator for /var
If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.
There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.
Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`). I didn't really test that case though.
Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.
Closes: #859
Approved by: jlebon
2017-05-11 21:54:12 +03:00
Support transient /etc
If the `prepare-root.conf` file contains:
```
[etc]
transient=yes
```
Then during prepare-root, an overlayfs is mounted as /etc, with the
upper dir being in /run. If composefs is used, the lower dir is
`usr/etc` from the composefs image , or it is the deployed
`$deploydir/usr/etc`.
Note that for this to work with selinux, the commit must have been
built with OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC. Otherwise
the lowerdir (/usr/etc) will have the wrong selinux contexts for the
final location of the mount (/etc).
We also set the transient-etc key in the ostree-booted file, pointing it
to the directory that is used for the overlayfs.
There are some additional work happening in ostree-remount, mostly
related to selinux (as this needs to happen post selinux policy
load):
* Recent versions of selinux-poliy have issues with the overlayfs
mount being kernel_t, and that is not allowed to manage files as
needed. This is fixed in
https://github.com/fedora-selinux/selinux-policy/pull/1893
* Any /etc files created in the initramfs will not be labeled,
because the selinux policy has not been loaded. In addition, the
upper dir is on a tmpfs, and any manually set xattr-based selinux
labels on those are reset during policy load. To work around this
ostree-remount will relabel all files on /etc that have
corresponding files in overlayfs upper dir.
* During early boot, systemd mounts /run/machine-id on top of
/etc/machine-id (as /etc is readonly). Later during boot, when etc
is readwrite, systemd-machine-id-commit.service will remove the
mount and update the real file under it with the right content. To
ensure that this keeps working, we need to ensure that when we
relabel /etc/machine-id we relabel the real (covered) file, not the
temporary bind-mount.
* ostree-remount no longer needs to remount /etc read-only in the
transient-etc case.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2023-09-29 14:37:22 +03:00
if USE_SELINUX
ostree_remount_CPPFLAGS += $(OT_DEP_SELINUX_CFLAGS)
ostree_remount_LDADD += $(OT_DEP_SELINUX_LIBS)
endif
2022-06-30 15:53:13 +03:00
if USE_COMPOSEFS
2023-05-23 11:31:23 +03:00
ostree_prepare_root_LDADD += libcomposefs.la
2022-06-30 15:53:13 +03:00
endif
2018-09-25 22:42:28 +03:00
if BUILDOPT_SYSTEMD
ostree_prepare_root_CPPFLAGS += -DHAVE_SYSTEMD=1
2023-06-21 20:25:52 +03:00
ostree_prepare_root_LDADD += $(LIBSYSTEMD_LIBS)
2018-09-25 22:42:28 +03:00
endif
Switch to using a systemd generator for /var
If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.
There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.
Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`). I didn't really test that case though.
Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.
Closes: #859
Approved by: jlebon
2017-05-11 21:54:12 +03:00
# This is the "new mode" of using a generator for /var; see
# https://github.com/ostreedev/ostree/issues/855
if BUILDOPT_SYSTEMD_AND_LIBMOUNT
ostree_prepare_root_CPPFLAGS += -DHAVE_SYSTEMD_AND_LIBMOUNT=1
ostree_remount_CPPFLAGS += -DHAVE_SYSTEMD_AND_LIBMOUNT=1
systemdsystemgenerator_PROGRAMS = ostree-system-generator
GITIGNOREFILES += $(systemdsystemgenerator_PROGRAMS)
ostree_system_generator_SOURCES = src/switchroot/ostree-mount-util.h \
src/switchroot/ostree-system-generator.c
ostree_system_generator_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libostree
ostree_system_generator_CFLAGS = $(AM_CFLAGS) $(OT_INTERNAL_GIO_UNIX_CFLAGS)
ostree_system_generator_LDADD = $(AM_LDFLAGS) libglnx.la libostree-1.la $(OT_INTERNAL_GIO_UNIX_LIBS)
2017-08-22 20:32:43 +03:00
# Allow the distcheck install under $prefix test to pass
AM_DISTCHECK_CONFIGURE_FLAGS += --with-systemdsystemgeneratordir='$${libdir}/systemd/system-generators'
Switch to using a systemd generator for /var
If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.
There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.
Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`). I didn't really test that case though.
Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.
Closes: #859
Approved by: jlebon
2017-05-11 21:54:12 +03:00
endif