From patchwork Mon Jan 18 00:07:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harald Seiler X-Patchwork-Id: 272 Return-Path: Delivered-To: ilbers.mnt@gmail.com Received: by 2002:a4a:b386:0:0:0:0:0 with SMTP id p6csp2288831ooo; Mon, 18 Jan 2021 02:08:46 -0800 (PST) X-Received: by 2002:a7b:c4c5:: with SMTP id g5mr7320417wmk.170.1610964525968; Mon, 18 Jan 2021 02:08:45 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1610964525; cv=pass; d=google.com; s=arc-20160816; b=wZjoKUxxut4X1a/v4tC8qNvAHXbi/rZuClGkN3RlmjpZoEOHdR1vUvAiabGTVIN7zj N3anc+Y4gJ3YDCArABmIC/9c3r3+2TjFLGBaC9AHvwDZ/KyuumJHFLHf206ajFMSrh5p +HzS5xVpDkGePM/XY1XPOloz/4uxDWKcmKpGaS7HgLv+/NnQAZ0ZhdPlMRoggFPsdCiB OR9fd6v/XCQNIxPA9rqUom+aJgsqD7DyahVm2cB9pUyJjqEx/RUlRJO41O8sq5oE+C/G aCYzjtDaLHpJHCzjwGO/qIltqRZf6Z2jlHW8/7hWr1IW8QX3cIF9eZWnM7nUeWIOTuZy E5gA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=bRVz02yMLj5keX3PSCx+MwekgP45INpJHvSckhJ/InQ=; b=v9LfIPrcrMnMbOUDCm+RV454yZmuAgo55Gl66N80cgkV4q1YgAnWyb56FqAxbW2Pii vjds741biZoE5NVK3+o8lypxn74QHP0ucFhIXkpGPODXE9GTYiS+r8K8rACF0FuIAEaF uoIL2QIRJD9wTld6aB0QeD/bYA74F1GNi2l8QTk23N187HDp0q+193OUyFLiVl3FuLKi lGQCes7T16dBu5PTwJxK1jmjdtrFBvLXK06noejqV6KmRT9abDTjGSTycOUB4iuU0xbM mzZq1mAC2acfS9BvEKFnFmSf80nuJqnouDNymUyGtP7vJuPfDXPVV2cIDJmrgxc+joR4 LHcQ== ARC-Authentication-Results: i=3; mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b="AX/nSry8"; arc=pass (i=2); spf=pass (google.com: domain of isar-users+bncbczlpqw3rykrbln4swaamgqech4juqa@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCZLPQW3RYKRBLN4SWAAMGQECH4JUQA@googlegroups.com Received: from mail-sor-f55.google.com (mail-sor-f55.google.com. [209.85.220.55]) by mx.google.com with SMTPS id j15sor3877895wmi.0.2021.01.18.02.08.45 (Google Transport Security); Mon, 18 Jan 2021 02:08:45 -0800 (PST) Received-SPF: pass (google.com: domain of isar-users+bncbczlpqw3rykrbln4swaamgqech4juqa@googlegroups.com designates 209.85.220.55 as permitted sender) client-ip=209.85.220.55; Authentication-Results: mx.google.com; dkim=pass header.i=@googlegroups.com header.s=20161025 header.b="AX/nSry8"; arc=pass (i=2); spf=pass (google.com: domain of isar-users+bncbczlpqw3rykrbln4swaamgqech4juqa@googlegroups.com designates 209.85.220.55 as permitted sender) smtp.mailfrom=isar-users+bncBCZLPQW3RYKRBLN4SWAAMGQECH4JUQA@googlegroups.com ARC-Seal: i=2; a=rsa-sha256; t=1610964525; cv=pass; d=google.com; s=arc-20160816; b=VJutclhbefQ92Af8WmQ4BLiWHNzTD54UvvKRUJIqwdSZHNinRbVUvu82NzWWVparhp tHcgzxScY6ABd0iawomg8t5iqoJ0ZeFOphR9ip6ao0sFsGDzSjO6LQQumivZADLkVNYD zLxAT0roPetQjW3Mf9S62hxxwIsEccRT210/x+o4AcM0ueJAMPBmrs1HA+pxMgoH1OuT VyW4G0/ckobxBI9bxrp41dX4+eF/M+GUQ4Qtfd3UHilXEzn5Oi0udKQ3hBmgCCGe3aCZ jcAFg5Ig7RkY5xjrFobfW8Z6Ut+ODHxDZNreSCkv2ejMVLCL5fdeuZW9ZKp1N5b7B+af NgyQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=bRVz02yMLj5keX3PSCx+MwekgP45INpJHvSckhJ/InQ=; b=rnDIAXaa9KaORPmWAPBWhxF+zeK2CU87MSkYpoaxAZJNIGAupJeY3sQk0apy0VUHUF 1MzBX65OZvpyP4M59pwV370xxWHqNpQPTHSRtG9GTrODxaz0yVovHBadVlgxgPSGkUCl Wi7EALxAtFacEj6DQ7wPupY3ch3GLR2dWN6ZYJm11+AaWokq6AhFcQD4jodDjZhYKe2X 56SKcN/Kc1fhXWh5LED8oONO5sC9a4CU4/x6zIVL2EW0kt38xVLXLRUIyjQMK8XhbEJn Kbg3w+eeRMQkwTShkz9O61JIOlnyridSuyv3vAXV2/4fuflJ+bPHABrdwt7S/+l3Oj/E SrSg== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=bRVz02yMLj5keX3PSCx+MwekgP45INpJHvSckhJ/InQ=; b=AX/nSry8VOxHVV5Ccz8XG/4mIi3j2Kvi1ev2RPn/4tuqM79enYiPyiMIEvNKkPiSSW ksezWW9WAubsbC/dzy+unCj0fK2oUp+mEXcyL+r+YjFxEz/ztd/80DuCFI3q5to7yFug 8sNRWDaiRLnfzhXCyrubCychCA9vJCQKv4Eu456lDiBIZevF3ZUrbd78zvF2mF4jT+N+ AZhESTz+CaRknKDFuRPlsh/WbRb8w+N43faZDHcudSrenIZt+Bmai8OQb2yewZZbdh2V Gr/q1Jel7PCAVi+NVaw9VYfhIFNUv8vtONEybTdGDYCl4/IFxZA0t1NUCRdQIjKuZBVt ITjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=bRVz02yMLj5keX3PSCx+MwekgP45INpJHvSckhJ/InQ=; b=ICdNNgRmtB1BU5Sg34OqKS5gCc1L4BYOhiVZIzyIIXC/0wcH6bKZTwJthpq4B5z9fD +b7lub4XOXMQkh3lcokjo7qrgGFS5nNxuwdKGw/FjdLv7eaym+eV296JqItLFWIeenzM 83ayOWvC8T7+PgmhHU0EQ+JtBtHPt0NDrTqAo40IBp60p7R8E9ghWl1OueGOdF2uH8oP U1ZKc0atM5cotRclOJHFwxVToWx5WBolvQF5QT0ESTCOqWrJf6EtcUh4Rs+eJBeGFqC2 yJEtGKPIqqd0Tgb8BVfYQ1IadmaRQF0KJFKm5VQdZKCTEHnA9LMsPjJotM51rpOrNmhe 9TMA== Sender: isar-users@googlegroups.com X-Gm-Message-State: AOAM532n16bFwyNUoIUfZB/+eQeJKqllNJxFGT11lGm65pkCFjWVCl1X FdEeafLjl3lZra2Libp3pLw= X-Google-Smtp-Source: ABdhPJxvj2FyiAay7BHXFuBN+7GqfaB0BCrvevTP6ACnbLPqASyuXE4NCtwPN0XovSslSnMrNx6XWw== X-Received: by 2002:a05:600c:21cb:: with SMTP id x11mr4356828wmj.29.1610964525711; Mon, 18 Jan 2021 02:08:45 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:bb0b:: with SMTP id l11ls5262752wmf.0.gmail; Mon, 18 Jan 2021 02:08:44 -0800 (PST) X-Received: by 2002:a7b:c018:: with SMTP id c24mr18955085wmb.41.1610964524918; Mon, 18 Jan 2021 02:08:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610964524; cv=none; d=google.com; s=arc-20160816; b=IenOV/tAAY7fkhjej6EkX8o6nudgUOIKFiMvKIK72Bf+Xb4usltcdyJZmmAKVtNQVp x48shZgnCV03me50XOYmUBd/L2ZGsRv8CwXgnnf+aM6x0x6KYpVjeyqCZbrBhwdZloZS JM5T5PKCSJ8lX5ch1m8vH0QMW1nbo6oqXwPnXBwu/EV7wOCbe4oAphBzu5VYYZElCvTs egLi/0pXik9+mzw6U7pt3vJoj3xG1Yc0/9xhriEANaYhtiaB4oLng1p1CzWu8Y+m1lkh MewvfWkTXxilHfe7009YP5I0zRt/jdaMiDu7w4IM6wRJboj/ssmzxmLdtx7geMyl3Gq1 zuHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=1G1/+m9Q3W6gNAgtQ/j7MXyklTfOFBe6nhNdxG2A7SI=; b=C5jb6qE0te+O58/QGHblGRp9ESXPTsRzyWF33Eqs57xUgSBEIJgSMypq+vr9EmO4c6 gEfKx8E0/y+fx6KsIMQ+7pjHEMxwLkhXpu6cNDGiAkFaeOV3NcuuFrbX3MiygMYzInSx S4x8b6MTnRnNvv0M1GVkD8HXHVFp8ErrBn52qv7JpYpnaAUZGUdJgoGRvYHxXLgwivaI SDuwdZ+Q2wSxpT4yZ4GTOTvUrP3CTW/EVa0Aq1Y7QwKQ6eEZVg57e7gXkE0ZYWKxTOiR Oww6KRFfzm4+58EbY3y8DW1pCQRxR53295bRh8z2CZg4+IRkI6GhQNBzt/cMtaDiZRdX jtRg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id y1si773550wrl.4.2021.01.18.02.08.44 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Jan 2021 02:08:44 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=212.18.0.9; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4DK6v04Xrjz1qs3P; Mon, 18 Jan 2021 11:08:44 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4DK6v04CF9z1tSQn; Mon, 18 Jan 2021 11:08:44 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id 36vuJ85oTk-4; Mon, 18 Jan 2021 11:08:43 +0100 (CET) X-Auth-Info: X3LQtA+qypJQK3P9OAiRUc7obMS1Va9h4PIdKlQfCJU= Received: from maia.denx.de (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Mon, 18 Jan 2021 11:08:43 +0100 (CET) From: Harald Seiler To: isar-users@googlegroups.com Cc: Harald Seiler , Jan Kiszka , "florian . bezdeka @ siemens . com" Subject: [PATCH v4 1/3] classes: Add initramfs class Date: Mon, 18 Jan 2021 11:07:27 +0100 Message-Id: <20210118100729.138523-1-hws@denx.de> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-Original-Sender: hws@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1688856574816061426?= X-GMAIL-MSGID: =?utf-8?q?1689218738541676172?= Add a new "image" class for generating a custom initramfs. It works like this: A new minimal debian rootfs is bootstrapped and all dependency packages for the new initramfs are installed. Then, an initramfs is generated from this rootfs and deployed like usual. This new initramfs.bbclass "image" class should be pulled in by an "initramfs image" recipe. Said recipe then specifies all dependencies of the initramfs via INITRAMFS_INSTALL and INITRAMFS_PREINSTALL (which are analogous to the respective IMAGE_* variables). initramfs.bbclass intentionally does _not_ expose a mechanism to change /etc/initramfs-tools/initramfs.conf and /etc/initramfs-tools/modules. Changes to their settings are better done via packages that deploy conf-hooks to /usr/share/initramfs-tools/conf-hooks.d/ and module fragment files to /usr/share/initramfs-tools/modules.d/. Signed-off-by: Harald Seiler --- Notes: I had this idea while searching for a way to build an initramfs that uses dm-verity to assert integrity of the rootfs. To me, this feels like a much cleaner solution than anything else I tried and I'm happy to report that, using this approach, I got everything working nicely in the original project. In my opinion, this design has a number of advantages over the previous solutions we have seen so far: - It does not suffer any kind of initramfs pollution, caused by packages installed into a rootfs. This is a big problem when trying to generated an initramfs from e.g. `buildchroot-target` as many unrelated packaged could be installed there which would all get pulled into the initrd (if they install hooks/scripts). This also means, with this new approach, the integrator has maximum control over the contents of the initramfs. - There are no needs to change the initramfs generation process in any way, the debian tooling can be used exactly like its meant to. - As most isar-generated images will never regenerate the initramfs from the running system, all initramfs related packages are dead-weight to the image. This is a problem when trying to generate the initramfs from the actual image rootfs. When it is necessary to rebuild the initramfs in a running system, the packages designed for this new class could just be installed into the rootfs, without any changes necessary. This means, any generic initramfs module packages can be used both with the in-rootfs mechanism and initramfs.bbclass. - Because of this complete isolation and independence, implementation of complex logic is much easier: For example dm-verity needs a root-hash that is only available after the rootfs has been cast into a filesystem image. With this new approach, this can be modelled with a simple task dependency. Changes in v2: - None (just added examples in new patches) Changes in v3: - None Changes in v4: - Add ${DEPLOY_DIR_IMAGE} to task [dirs] to ensure it is present. meta/classes/initramfs.bbclass | 42 ++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 meta/classes/initramfs.bbclass diff --git a/meta/classes/initramfs.bbclass b/meta/classes/initramfs.bbclass new file mode 100644 index 000000000000..10a642b1a6be --- /dev/null +++ b/meta/classes/initramfs.bbclass @@ -0,0 +1,42 @@ +# This software is a part of ISAR. + +# Make workdir and stamps machine-specific without changing common PN target +WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}-${MACHINE}/${PV}-${PR}" +STAMP = "${STAMPS_DIR}/${DISTRO}-${DISTRO_ARCH}/${PN}-${MACHINE}/${PV}-${PR}" +STAMPCLEAN = "${STAMPS_DIR}/${DISTRO}-${DISTRO_ARCH}/${PN}-${MACHINE}/*-*" + +INITRAMFS_INSTALL ?= "" +INITRAMFS_PREINSTALL ?= "" +INITRAMFS_ROOTFS ?= "${WORKDIR}/rootfs" +INITRAMFS_IMAGE_FILE = "${DEPLOY_DIR_IMAGE}/${INITRAMFS_FULLNAME}.initrd.img" + +# Install proper kernel +INITRAMFS_INSTALL += "${@ ("linux-image-" + d.getVar("KERNEL_NAME", True)) if d.getVar("KERNEL_NAME", True) else ""}" + +# Name of the initramfs including distro&machine names +INITRAMFS_FULLNAME = "${PN}-${DISTRO}-${MACHINE}" + +DEPENDS += "${INITRAMFS_INSTALL}" + +ROOTFSDIR = "${INITRAMFS_ROOTFS}" +ROOTFS_FEATURES = "" +ROOTFS_PACKAGES = "initramfs-tools ${INITRAMFS_PREINSTALL} ${INITRAMFS_INSTALL}" + +inherit rootfs + +do_generate_initramfs[dirs] = "${DEPLOY_DIR_IMAGE}" +do_generate_initramfs() { + rootfs_do_mounts + rootfs_do_qemu + + sudo -E chroot "${INITRAMFS_ROOTFS}" \ + update-initramfs -u -v + + if [ ! -e "${INITRAMFS_ROOTFS}/initrd.img" ]; then + die "No initramfs was found after generation!" + fi + + rm -rf "${INITRAMFS_IMAGE_FILE}" + cp "${INITRAMFS_ROOTFS}/initrd.img" "${INITRAMFS_IMAGE_FILE}" +} +addtask generate_initramfs after do_rootfs before do_build