shaba/ostree
1
0
Fork 0
mirror of https://github.com/ostreedev/ostree.git synced 2025-01-11 09:18:20 +03:00
Code Issues Projects Releases Wiki Activity

Use /run/ostree-booted metadata for sysroot-ro state passing

Browse Source 
Just like we did with composefs, use the new metadata instead
of a "stamp file".
This commit is contained in:
Colin Walters 2023-07-13 07:56:29 -04:00
parent b8d66964a8
commit 0eda15ceff
3 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libotcore/otcore.h
View File

@ -54,3 +54,5 @@ gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes
// This key if present contains the public key successfully used // This key if present contains the public key successfully used
// to verify the signature. // to verify the signature.
#define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed" #define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed"
// This key will be present if the sysroot-ro flag was found
#define OTCORE_RUN_BOOTED_KEY_SYSROOT_RO "sysroot-ro"

8
src/switchroot/ostree-prepare-root.c
View File

@ -441,12 +441,10 @@ main (int argc, char *argv[])
if (!sysroot_currently_writable) if (!sysroot_currently_writable)
errx (EXIT_FAILURE, "sysroot.readonly=true requires %s to be writable at this point", errx (EXIT_FAILURE, "sysroot.readonly=true requires %s to be writable at this point",
root_arg); root_arg);
/* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);
if (fd < 0)
err (EXIT_FAILURE, "failed to create %s", _OSTREE_SYSROOT_READONLY_STAMP);
(void)close (fd);
} }
/* Pass on the state for use by ostree-prepare-root */
g_variant_builder_add (&metadata_builder, "{sv}", OTCORE_RUN_BOOTED_KEY_SYSROOT_RO,
g_variant_new_boolean (sysroot_readonly));
/* Prepare /boot. /* Prepare /boot.
* If /boot is on the same partition, use a bind mount to make it visible * If /boot is on the same partition, use a bind mount to make it visible

4
src/switchroot/ostree-remount.c
View File

@ -134,7 +134,9 @@ main (int argc, char *argv[])
/* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in) /* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in)
* then ensure it's readonly, otherwise mount writable, the same as / * then ensure it's readonly, otherwise mount writable, the same as /
*/ */
bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0; gboolean sysroot_configured_readonly = FALSE;
g_variant_dict_lookup (ostree_run_metadata, OTCORE_RUN_BOOTED_KEY_SYSROOT_RO, "b",
&sysroot_configured_readonly);
do_remount ("/sysroot", !sysroot_configured_readonly); do_remount ("/sysroot", !sysroot_configured_readonly);
/* And also make sure to make /etc rw again. We make this conditional on /* And also make sure to make /etc rw again. We make this conditional on