| Message ID | 20250613172323.14644-1-badrikesh.prusty@siemens.com |
|---|---|
| State | Superseded, archived |
| Headers | show |
| Series | isar-installer: Mount /tmp as tmpfs for read-only boot fix | expand |
On Fri, 2025-06-13 at 13:23 -0400, 'Badrikesh Prusty' via isar-users wrote: > Fix image installation when isar-image-installer rootfs is booted as > read-only > by ensuring /tmp is mounted as tmpfs. > This change utilizes systemd's tmp.mount to mount /tmp as tmpfs. > Since systemd > versions up to Debian Bookworm ship tmp.mount in /usr/share/systemd/, > the file > must be copied to a directory where systemctl can enable it. > For systemd versions 256.x and newer, tmp.mount is shipped in the > appropriate > location: /usr/lib/systemd/system/tmp.mount > > Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com> > --- > .../deploy-image/deploy-image_0.1.bb | 3 ++- > .../systemd-tmpfs-tmp/files/postinst | 15 > +++++++++++++++ > .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 10 ++++++++++ > 3 files changed, 27 insertions(+), 1 deletion(-) > create mode 100644 meta-isar/recipes-installer/systemd-tmpfs- > tmp/files/postinst > create mode 100644 meta-isar/recipes-installer/systemd-tmpfs- > tmp/systemd-tmpfs-tmp_0.1.bb > > diff --git a/meta-isar/recipes-installer/deploy-image/deploy- > image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy- > image_0.1.bb > index 54e521b5..e67feae5 100644 > --- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb > +++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb > @@ -11,7 +11,8 @@ SRC_URI = "file://usr/bin/deploy-image-wic.sh \ > file://usr/lib/deploy-image-wic/handle-config.sh \ > " > DEPENDS:bookworm += "bmap-tools" > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, > gdisk, pigz, xz-utils, pbzip2, zstd" > +DEPENDS:append = " systemd-tmpfs-tmp" The combination of DEPENDS:bookworm += ... and DEPENDS:append is dangerous. We better refactor this to DEPENDS:append:bookworm = " ...", DEPENDS:append = " ...". > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd" > do_install[cleandirs] = "${D}/usr/bin/ \ > ${D}/usr/lib/deploy-image-wic \ > " > diff --git a/meta-isar/recipes-installer/systemd-tmpfs- > tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs- > tmp/files/postinst > new file mode 100644 > index 00000000..be1594e6 > --- /dev/null > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst > @@ -0,0 +1,15 @@ > +#!/bin/sh > + > +set -e > + > +# Enable tmp.mount if /tmp is NOT configured in /etc/fstab > +if ! grep -q '/tmp' /etc/fstab; then > + # Ensure tmp.mount exists in systemd path > + if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -e > /etc/systemd/system/tmp.mount ]; then > + cp /usr/share/systemd/tmp.mount > /etc/systemd/system/tmp.mount > + fi > + > + # Enable the mount unit using deb-systemd-helper > + deb-systemd-helper enable tmp.mount || true > +fi > + > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd- > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs- > tmp/systemd-tmpfs-tmp_0.1.bb > new file mode 100644 > index 00000000..821cdd5f > --- /dev/null > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs- > tmp_0.1.bb > @@ -0,0 +1,10 @@ > +# This software is a part of ISAR. > +# Copyright (C) Siemens AG, 2024 > +# > +# SPDX-License-Identifier: MIT > + > +inherit dpkg-raw > + > +SRC_URI = "file://postinst" > + > +DEBIAN_DEPENDS = "systemd" Please also set the DESCRIPTION and MAINTAINER fields. Felix > -- > 2.39.5
Hi, Thanks for your feedback. Added DESCRIPTION and MAINTAINER field and updated to DEPENDS:append:bookworm. I had the same feeling when DEPENDS += wasn't working while DEPENDS:bookworm += was set, but I didn't investigate much since DEPENDS:append worked. Thank you for the clarification. Badrikesh On Monday, June 16, 2025 at 12:09:34 PM UTC+5:30 MOESSBAUER, Felix wrote: > On Fri, 2025-06-13 at 13:23 -0400, 'Badrikesh Prusty' via isar-users > wrote: > > Fix image installation when isar-image-installer rootfs is booted as > > read-only > > by ensuring /tmp is mounted as tmpfs. > > This change utilizes systemd's tmp.mount to mount /tmp as tmpfs. > > Since systemd > > versions up to Debian Bookworm ship tmp.mount in /usr/share/systemd/, > > the file > > must be copied to a directory where systemctl can enable it. > > For systemd versions 256.x and newer, tmp.mount is shipped in the > > appropriate > > location: /usr/lib/systemd/system/tmp.mount > > > > Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com> > > --- > > .../deploy-image/deploy-image_0.1.bb | 3 ++- > > .../systemd-tmpfs-tmp/files/postinst | 15 > > +++++++++++++++ > > .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 10 ++++++++++ > > 3 files changed, 27 insertions(+), 1 deletion(-) > > create mode 100644 meta-isar/recipes-installer/systemd-tmpfs- > > tmp/files/postinst > > create mode 100644 meta-isar/recipes-installer/systemd-tmpfs- > > tmp/systemd-tmpfs-tmp_0.1.bb > > > > diff --git a/meta-isar/recipes-installer/deploy-image/deploy- > > image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy- > > image_0.1.bb > > index 54e521b5..e67feae5 100644 > > --- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb > > +++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb > > @@ -11,7 +11,8 @@ SRC_URI = "file://usr/bin/deploy-image-wic.sh \ > > file://usr/lib/deploy-image-wic/handle-config.sh \ > > " > > DEPENDS:bookworm += "bmap-tools" > > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, > > gdisk, pigz, xz-utils, pbzip2, zstd" > > +DEPENDS:append = " systemd-tmpfs-tmp" > > The combination of DEPENDS:bookworm += ... and DEPENDS:append is > dangerous. We better refactor this to DEPENDS:append:bookworm = " ...", > DEPENDS:append = " ...". > > > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, > > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd" > > do_install[cleandirs] = "${D}/usr/bin/ \ > > ${D}/usr/lib/deploy-image-wic \ > > " > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs- > > tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs- > > tmp/files/postinst > > new file mode 100644 > > index 00000000..be1594e6 > > --- /dev/null > > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst > > @@ -0,0 +1,15 @@ > > +#!/bin/sh > > + > > +set -e > > + > > +# Enable tmp.mount if /tmp is NOT configured in /etc/fstab > > +if ! grep -q '/tmp' /etc/fstab; then > > + # Ensure tmp.mount exists in systemd path > > + if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -e > > /etc/systemd/system/tmp.mount ]; then > > + cp /usr/share/systemd/tmp.mount > > /etc/systemd/system/tmp.mount > > + fi > > + > > + # Enable the mount unit using deb-systemd-helper > > + deb-systemd-helper enable tmp.mount || true > > +fi > > + > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd- > > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs- > > tmp/systemd-tmpfs-tmp_0.1.bb > > new file mode 100644 > > index 00000000..821cdd5f > > --- /dev/null > > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs- > > tmp_0.1.bb > > @@ -0,0 +1,10 @@ > > +# This software is a part of ISAR. > > +# Copyright (C) Siemens AG, 2024 > > +# > > +# SPDX-License-Identifier: MIT > > + > > +inherit dpkg-raw > > + > > +SRC_URI = "file://postinst" > > + > > +DEBIAN_DEPENDS = "systemd" > > Please also set the DESCRIPTION and MAINTAINER fields. > > Felix > > > -- > > 2.39.5 > > -- > Siemens AG > Linux Expert Center > Friedrich-Ludwig-Bauer-Str. 3 > 85748 Garching, Germany > >
On Mon, 2025-06-16 at 03:01 -0700, 'Badrikesh Prusty' via isar-users wrote: > > Hi, > > > > Thanks for your feedback. Added DESCRIPTION and MAINTAINER field > > and > > updated to DEPENDS:append:bookworm. > > I had the same feeling when DEPENDS += wasn't working while > > DEPENDS:bookworm += was set, but I didn't investigate much since > > DEPENDS:append worked. Thank you for the clarification. > > > > Badrikesh > > > > On Monday, June 16, 2025 at 12:09:34 PM UTC+5:30 MOESSBAUER, Felix > > wrote: > > > > On Fri, 2025-06-13 at 13:23 -0400, 'Badrikesh Prusty' via > > > > isar-users > > > > wrote: > > > > > > Fix image installation when isar-image-installer rootfs is > > > > > > booted > > > > > > as > > > > > > read-only > > > > > > by ensuring /tmp is mounted as tmpfs. > > > > > > This change utilizes systemd's tmp.mount to mount /tmp as > > > > > > tmpfs. > > > > > > Since systemd > > > > > > versions up to Debian Bookworm ship tmp.mount in > > > > > > /usr/share/systemd/, > > > > > > the file > > > > > > must be copied to a directory where systemctl can enable > > > > > > it. > > > > > > For systemd versions 256.x and newer, tmp.mount is shipped > > > > > > in the > > > > > > appropriate > > > > > > location: /usr/lib/systemd/system/tmp.mount > > > > > > > > > > > > Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com> > > > > > > --- > > > > > > .../deploy-image/deploy-image_0.1.bb | 3 ++- > > > > > > .../systemd-tmpfs-tmp/files/postinst | 15 > > > > > > +++++++++++++++ > > > > > > .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 10 > > > > > > ++++++++++ > > > > > > 3 files changed, 27 insertions(+), 1 deletion(-) > > > > > > create mode 100644 meta-isar/recipes-installer/systemd- > > > > > > tmpfs- > > > > > > tmp/files/postinst > > > > > > create mode 100644 meta-isar/recipes-installer/systemd- > > > > > > tmpfs- > > > > > > tmp/systemd-tmpfs-tmp_0.1.bb > > > > > > > > > > > > > > > > diff --git a/meta-isar/recipes-installer/deploy- > > > > > > image/deploy- > > > > > > image_0.1.bb b/meta-isar/recipes-installer/deploy- > > > > > > image/deploy- > > > > > > image_0.1.bb > > > > > > > > > > index 54e521b5..e67feae5 100644 > > > > > > --- > > > > > > a/meta-isar/recipes-installer/deploy-image/deploy- > > > > > > image_0.1.bb > > > > > > > > > > +++ > > > > > > b/meta-isar/recipes-installer/deploy-image/deploy- > > > > > > image_0.1.bb > > > > > > > > > > @@ -11,7 +11,8 @@ SRC_URI = > > > > > > "file://usr/bin/deploy-image-wic.sh \ > > > > > > > > > > > > file://usr/lib/deploy-image-wic/handle-config.sh \ > > > > > > " > > > > > > DEPENDS:bookworm += "bmap-tools" > > > > > > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, > > > > > > parted, > > > > > > fdisk, > > > > > > gdisk, pigz, xz-utils, pbzip2, zstd" > > > > > > +DEPENDS:append = " systemd-tmpfs-tmp" > > > > > > > > The combination of DEPENDS:bookworm += ... and DEPENDS:append > > > > is > > > > dangerous. We better refactor this to DEPENDS:append:bookworm = > > > > " > > > > ...", > > > > DEPENDS:append = " ...". > > > > > > > > > > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, > > > > > > parted, > > > > > > fdisk, > > > > > > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd" > > > > > > do_install[cleandirs] = "${D}/usr/bin/ \ > > > > > > ${D}/usr/lib/deploy-image-wic \ > > > > > > " > > > > > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs- > > > > > > tmp/files/postinst b/meta-isar/recipes-installer/systemd- > > > > > > tmpfs- > > > > > > tmp/files/postinst > > > > > > new file mode 100644 > > > > > > index 00000000..be1594e6 > > > > > > --- /dev/null > > > > > > +++ > > > > > > b/meta-isar/recipes-installer/systemd-tmpfs- > > > > > > tmp/files/postinst > > > > > > @@ -0,0 +1,15 @@ > > > > > > +#!/bin/sh > > > > > > + > > > > > > +set -e > > > > > > + > > > > > > +# Enable tmp.mount if /tmp is NOT configured in /etc/fstab > > > > > > Systemd already provides some predefined behaviour to manage common mounts like `/tmp`. [1] "If a mount point is configured in both /etc/fstab and a unit file that is stored below /usr/, the former will take precedence. If the unit file is stored below /etc/, it will take precedence. This means: native unit files take precedence over traditional configuration files, but this is superseded by the rule that configuration in /etc/ will always take precedence over configuration in /usr/." - [2] TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd takes care about fstab vs tmp.mount precedence as you try to enforce it here. Besides that, as this check is executed as postinst, it possibly leads to undesired mount results, depending on package install order. e.g. later packages modify `/etc/fstab`. > > > > > > +if ! grep -q '/tmp' /etc/fstab; then > > > > > > + # Ensure tmp.mount exists in systemd path > > > > > > + if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! - > > > > > > e > > > > > > /etc/systemd/system/tmp.mount ]; then > > > > > > + cp /usr/share/systemd/tmp.mount > > > > > > /etc/systemd/system/tmp.mount > > > > > > + fi > > > > > > + > > > > > > + # Enable the mount unit using deb-systemd-helper > > > > > > + deb-systemd-helper enable tmp.mount || true > > > > > > +fi > > > > > > + > > > > > > diff --git > > > > > > a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd- > > > > > > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd- > > > > > > tmpfs- > > > > > > tmp/systemd-tmpfs-tmp_0.1.bb > > > > > > > > > > new file mode 100644 > > > > > > index 00000000..821cdd5f > > > > > > --- /dev/null > > > > > > +++ Is this recipe somehow aligned with the one already available in isar- cip-core? [3] CC: Quirin Imo, this recipe aims for a similar result, but provides more complete dependencies. Both overrule systemd filesystem api semantics [1,2] as they put the unit file under `/etc/systemd/system/` (as described above). 1: https://systemd.io/API_FILE_SYSTEMS/ 2: https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html# 3: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/recipes-core/tmp-fs/tmp-fs_0.2.bb?ref_type=heads > > > > > > b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd- > > > > > > tmpfs- > > > > > > tmp_0.1.bb > > > > > > > > > > @@ -0,0 +1,10 @@ > > > > > > +# This software is a part of ISAR. > > > > > > +# Copyright (C) Siemens AG, 2024 > > > > > > +# > > > > > > +# SPDX-License-Identifier: MIT > > > > > > + > > > > > > +inherit dpkg-raw > > > > > > + > > > > > > +SRC_URI = "file://postinst" > > > > > > + > > > > > > +DEBIAN_DEPENDS = "systemd" > > > > > > > > Please also set the DESCRIPTION and MAINTAINER fields. > > > > > > > > Felix > > > > > > > > > > -- > > > > > > 2.39.5 > > > > > > > > -- > > > > Siemens AG > > > > Linux Expert Center > > > > Friedrich-Ludwig-Bauer-Str. 3 > > > > 85748 Garching, Germany > > > > BR Alexander
diff --git a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb index 54e521b5..e67feae5 100644 --- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb +++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb @@ -11,7 +11,8 @@ SRC_URI = "file://usr/bin/deploy-image-wic.sh \ file://usr/lib/deploy-image-wic/handle-config.sh \ " DEPENDS:bookworm += "bmap-tools" -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, xz-utils, pbzip2, zstd" +DEPENDS:append = " systemd-tmpfs-tmp" +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd" do_install[cleandirs] = "${D}/usr/bin/ \ ${D}/usr/lib/deploy-image-wic \ " diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst new file mode 100644 index 00000000..be1594e6 --- /dev/null +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +# Enable tmp.mount if /tmp is NOT configured in /etc/fstab +if ! grep -q '/tmp' /etc/fstab; then + # Ensure tmp.mount exists in systemd path + if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -e /etc/systemd/system/tmp.mount ]; then + cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount + fi + + # Enable the mount unit using deb-systemd-helper + deb-systemd-helper enable tmp.mount || true +fi + diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb new file mode 100644 index 00000000..821cdd5f --- /dev/null +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb @@ -0,0 +1,10 @@ +# This software is a part of ISAR. +# Copyright (C) Siemens AG, 2024 +# +# SPDX-License-Identifier: MIT + +inherit dpkg-raw + +SRC_URI = "file://postinst" + +DEBIAN_DEPENDS = "systemd"
Fix image installation when isar-image-installer rootfs is booted as read-only by ensuring /tmp is mounted as tmpfs. This change utilizes systemd's tmp.mount to mount /tmp as tmpfs. Since systemd versions up to Debian Bookworm ship tmp.mount in /usr/share/systemd/, the file must be copied to a directory where systemctl can enable it. For systemd versions 256.x and newer, tmp.mount is shipped in the appropriate location: /usr/lib/systemd/system/tmp.mount Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com> --- .../deploy-image/deploy-image_0.1.bb | 3 ++- .../systemd-tmpfs-tmp/files/postinst | 15 +++++++++++++++ .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 10 ++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb