| Message ID | 20241021085802.234809-1-felix.moessbauer@siemens.com |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | [1/1] move expand-on-first-boot to /usr/lib | expand |
On Mon, 2024-10-21 at 10:58 +0200, 'Felix Moessbauer' via isar-users wrote: > All non-example, non user / admin executables belong to > /usr/lib/<package>. > Hence, move the expand-on-first-boot script there as well. This > solves an > issue in hardened systems where /usr/share is marked non-executable. > > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> > --- > .../expand-on-first-boot/expand-on-first-boot_1.5.bb | 4 > ++-- > .../expand-on-first-boot/files/expand-on-first-boot.service | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-support/expand-on-first-boot/expand-on- > first-boot_1.5.bb b/meta/recipes-support/expand-on-first-boot/expand- > on-first-boot_1.5.bb > index ebb22c84..2596706d 100644 > --- a/meta/recipes-support/expand-on-first-boot/expand-on-first- > boot_1.5.bb > +++ b/meta/recipes-support/expand-on-first-boot/expand-on-first- > boot_1.5.bb > @@ -29,6 +29,6 @@ SRC_URI = " \ > file://expand-last-partition.sh" > > do_install() { > - install -d -m 755 ${D}/usr/share/expand-on-first-boot > - install -m 755 ${WORKDIR}/expand-last-partition.sh > ${D}/usr/share/expand-on-first-boot/ > + install -d -m 755 ${D}/usr/lib/expand-on-first-boot > + install -m 755 ${WORKDIR}/expand-last-partition.sh > ${D}/usr/lib/expand-on-first-boot/ > } > diff --git a/meta/recipes-support/expand-on-first-boot/files/expand- > on-first-boot.service b/meta/recipes-support/expand-on-first- > boot/files/expand-on-first-boot.service > index 58f4b55b..6f1799b9 100644 > --- a/meta/recipes-support/expand-on-first-boot/files/expand-on- > first-boot.service > +++ b/meta/recipes-support/expand-on-first-boot/files/expand-on- > first-boot.service > @@ -14,7 +14,7 @@ ConditionPathIsReadWrite=/tmp > > [Service] > Type=oneshot > -ExecStart=/usr/share/expand-on-first-boot/expand-last-partition.sh > +ExecStart=/usr/lib/expand-on-first-boot/expand-last-partition.sh > ExecStartPost=-/bin/systemctl disable expand-on-first-boot.service > ExecStopPost=-/bin/systemctl disable expand-on-first-boot.service > > -- > 2.39.5 > Applied to next, thanks.
diff --git a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb index ebb22c84..2596706d 100644 --- a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb +++ b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb @@ -29,6 +29,6 @@ SRC_URI = " \ file://expand-last-partition.sh" do_install() { - install -d -m 755 ${D}/usr/share/expand-on-first-boot - install -m 755 ${WORKDIR}/expand-last-partition.sh ${D}/usr/share/expand-on-first-boot/ + install -d -m 755 ${D}/usr/lib/expand-on-first-boot + install -m 755 ${WORKDIR}/expand-last-partition.sh ${D}/usr/lib/expand-on-first-boot/ } diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service index 58f4b55b..6f1799b9 100644 --- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service +++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service @@ -14,7 +14,7 @@ ConditionPathIsReadWrite=/tmp [Service] Type=oneshot -ExecStart=/usr/share/expand-on-first-boot/expand-last-partition.sh +ExecStart=/usr/lib/expand-on-first-boot/expand-last-partition.sh ExecStartPost=-/bin/systemctl disable expand-on-first-boot.service ExecStopPost=-/bin/systemctl disable expand-on-first-boot.service
All non-example, non user / admin executables belong to /usr/lib/<package>. Hence, move the expand-on-first-boot script there as well. This solves an issue in hardened systems where /usr/share is marked non-executable. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> --- .../expand-on-first-boot/expand-on-first-boot_1.5.bb | 4 ++-- .../expand-on-first-boot/files/expand-on-first-boot.service | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)