From patchwork Wed Oct 22 15:06:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Quirin Gylstorff X-Patchwork-Id: 4430 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 22 Oct 2025 17:08:16 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f60.google.com (mail-wm1-f60.google.com [209.85.128.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 59MF8EcH020245 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Oct 2025 17:08:14 +0200 Received: by mail-wm1-f60.google.com with SMTP id 5b1f17b1804b1-47107fcb257sf94748795e9.0 for ; Wed, 22 Oct 2025 08:08:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1761145689; cv=pass; d=google.com; s=arc-20240605; b=dk/fbk4gu9Ni2pCnbIC34K4Gqji/yshvl/EYeMtNgqzrJKoC7XHNas+/C2EwfOLQYv 6Lh6QRVHwiLnKIisOLxtiKSrpQF4ZeRoWc8VyQnbLwiM+jvVftpD2HGipqtg/sKgVYg4 WcIzwqE8UeigjU9d/lKkVTJOVumpbF+J69GvyxzC4NT2vDuwdmt+lvsn+lZ8xyeek0hb Rp398essV1zDSnQKBw2yhlAYN23V2PeveslnwBR6Qyz1+hoy+GQvR59BBtd6rdt+x9tt Dd5it6jY9nzxDlBmfjzBXVtt/yXDb9Q6sir/Ynly0a0FlnMW9t5GRXgxttaZpsY41VYf j2gw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=uIeB36rTOgejvVaIAaxzMWb1Fq3CBILLFk8WbO4OQIc=; fh=RMWX2Uqkbfv62DwLzJzZ7zwma4AuobKnHR+HvdsMY5A=; b=FymVucJdFKqI2nZ3tB3tckQaYW0IDZ73C2NIohpD0VYp8rVJHbDiSjba2D25ghvuRS ACpRCCVPW92E7iG1yoi+kpyEWHN9E/HXKysoLUhtj7LP+L4AjhQLBy/neR5xrB6ExVV2 MFJGLMpErDtD+AoIZVXQ4sShj2q1hznbpHIrDuPhamciDkXTSB1xpoWOZp5EkFlaqU1J vOID7JEOg6G8EZM0kap8h0sk0SFRTDj0WMjAU22BT8fiLUDgmqWGT8QN+bwtBMB2YlSf Vfa9Jrr4U+XfgHhpHx9MpN1wrQNXAwuomttSFV7ChY1BhiENW9lLJfOAPMqSToTFayf5 OHUg==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=mDbFZhwL; spf=pass (google.com: domain of fm-51332-20251022150805f27e83d6f80002076d-1vhcty@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-51332-20251022150805f27e83d6f80002076d-1VHcty@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1761145689; x=1761750489; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:to:from :from:to:cc:subject:date:message-id:reply-to; bh=uIeB36rTOgejvVaIAaxzMWb1Fq3CBILLFk8WbO4OQIc=; b=xg0uMxFJk4ut3HiG5j4OGOiBUrOBpipe5fdqm8MqZSHeigMC38LXEd5fOMKtFU/uGY 9g76n2VnEIjSRX0l2w7royOgpBPFrcUhUB5MlLHRzylc8jlrklfTuoG1rh8sJr4R+NXy 8tVtqklulCbTWJZN+Ji4qGSvvvw77h4a37s4NuurfGDVrM991MgOuuxWR2tU/3ue3QRa M/scmvZizY/W+aMdQILmClaMqO3b5CLtJhBnAZGL+gNz7gAHWWoYeDKgu3wyp9RMFcDO WJJsHPen4tTGq2E8qhgFu0+r9TFEIPDb7EXPuV8Em5e8QpTmdCEyLNwjRuEohdlbO6Or voiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761145689; x=1761750489; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uIeB36rTOgejvVaIAaxzMWb1Fq3CBILLFk8WbO4OQIc=; b=lLQGU0pIMKSCRoyD1dWq2VD5kPpVWo/ezYNubt2D+vNhFxLfwbhTHOMLUYJy2yqz9f cxnjb1ydJ+RvjeI5akD2E5suckLJsw6a1k6PBpesl17DFP1odyJ1aNrciOxSAs5r4WNK LIX3Li3qfCkijZ/WRE26uJU18yjNwV6pWWiBi1P/8/d357DVV9U44HQDexwlCETdGewJ u87kaBaKUfGPYFQGGI/EjzgDI50qnJv7KeudLoaYaNQKpFDFv/jsxQFoRQl78WHJiWXX oPKQRBeKRm4l80RLl1ljHcyEHs7cKzSgCRt/yGV1X386LvLBoza0htGqDQHh59OJtxrM Pibw== X-Forwarded-Encrypted: i=2; AJvYcCVG823GjXzhNr1339Do4ZuyCkjoS3ZQkOOvnOA0Wk4Qqg+D5Vg/NNVWdf+daqpGXHC7D2qqLIw=@isar-build.org X-Gm-Message-State: AOJu0YwNegiSIVa0S5zU4QmSLTnw/DvxGHd4q+8Gs81vXU+3bf3923kI LGXTVQdfmxdWIhdDre5bPCgJbdg1ZnnyjWiWs+HBwuQdLX3fcOoWVY16 X-Google-Smtp-Source: AGHT+IGBapA1iqGcNDg0CCUS92xBN+4nREPktixSmOp9cjV4xv1LrnV44WETEYGvKXoLswX07IWl/Q== X-Received: by 2002:a05:600c:64cf:b0:471:12ed:f698 with SMTP id 5b1f17b1804b1-4711786c793mr170093685e9.8.1761145689285; Wed, 22 Oct 2025 08:08:09 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd7FF+Tudc84ylTF0ddCB6AWo1CQ1/7KpHcfFUaAE+2opQ==" Received: by 2002:a05:600c:6c8f:b0:459:ddca:2012 with SMTP id 5b1f17b1804b1-47110b6985dls45713825e9.2.-pod-prod-05-eu; Wed, 22 Oct 2025 08:08:06 -0700 (PDT) X-Received: by 2002:a05:600c:64cf:b0:471:12ed:f698 with SMTP id 5b1f17b1804b1-4711786c793mr170091845e9.8.1761145686053; Wed, 22 Oct 2025 08:08:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1761145686; cv=none; d=google.com; s=arc-20240605; b=CYfWiq4VnnbVu/gX9ochwbogRaoiVT4pHwoX/cDDzV3il4xEKefo0jKdqZWXz1eQmb BUzAxwikC24HiftpdY5iH0SKpQGQ1vxLeoIgZIilzGQ2vEQxReaKNM/AzdgpXGAZaFIZ NdpfPM1vbJTBS35QeNLo13O1ZiMejjWbQFZBqW1w0kJXvnkLD7QOH2Rw4JWJhwFDmWLK O0yP9PeLsLGj0v7c2N4M8nooFaib1/afjqHIGK9Mnfifsr2x66Qy6BLxUY5Yo4jfRRrM 9VwTZ3jdzR3Xj8JYuts0dTm6q1tRH1ytX6ZaLG1x8oRs2+b+bv8dV1pY9m7PYE6qIlMZ Ehcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=AKAAhGkyoS5+gX+oImFNyIiKnnkKzYWoSEoFUThYBMs=; fh=AzWnWRpmCf4IZdBJvbC6ssKrEpudtaH0OvZvfrmMWYg=; b=BzPolXvW+S8RzhpRFypuw8REsB1SvY5NElGEE3l9k2yCy6eOk077czhcHrHiHW/lyA 6m1hPN1nI7ip5oN4hMgIvoy1S4eTXnwAECS9c4oELXjLhDFZwYsG+lSzamB2/9OFYkgW cZwbBbFxpPX+idYN1OPtEST5mp2GZm4ZRG+RiMcVFlDf5sFaF15JRQaT9YIaA8FT8Ozv SNHcZfVwoBz3hy8goSKApXjppsvU39wftWRIVUq1WTjBvm547vsLsY6qA+nOG1F8fk4i VBTCyT6lfECGkqlK0PpPq3vLU0IKi4e4fIaElMfBzeVlPX9g5zxAmttPenY47kEHih/N yNQw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=mDbFZhwL; spf=pass (google.com: domain of fm-51332-20251022150805f27e83d6f80002076d-1vhcty@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-51332-20251022150805f27e83d6f80002076d-1VHcty@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-47496b28e1esi1383985e9.2.2025.10.22.08.08.05 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Oct 2025 08:08:05 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20251022150805f27e83d6f80002076d-1vhcty@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226; Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20251022150805f27e83d6f80002076d for ; Wed, 22 Oct 2025 17:08:05 +0200 X-Patchwork-Original-From: "'Quirin Gylstorff' via isar-users" From: Quirin Gylstorff To: isar-users@googlegroups.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, felix.moessbauer@siemens.com Subject: [PATCH v4 09/10] Use lighttpd as a example how to add a dracut module Date: Wed, 22 Oct 2025 17:06:59 +0200 Message-ID: <20251022150737.3639891-10-Quirin.Gylstorff@siemens.com> In-Reply-To: <20251022150737.3639891-1-Quirin.Gylstorff@siemens.com> References: <20251022150737.3639891-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=mDbFZhwL; spf=pass (google.com: domain of fm-51332-20251022150805f27e83d6f80002076d-1vhcty@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-51332-20251022150805f27e83d6f80002076d-1VHcty@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Quirin Gylstorff Reply-To: Quirin Gylstorff Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Quirin Gylstorff Signed-off-by: Quirin Gylstorff --- .../dracut-example-lighttpd_0.1.bb | 26 ++++++++++ .../dracut-example-lighttpd/files/install.sh | 21 ++++++++ .../files/lighttpd.conf | 52 +++++++++++++++++++ .../files/lighttpd.service | 13 +++++ .../files/sysuser-lighttpd.conf | 3 ++ .../recipes-initramfs/images/isar-dracut.bb | 3 ++ 6 files changed, 118 insertions(+) create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb new file mode 100644 index 00000000..7895e689 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb @@ -0,0 +1,26 @@ +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +require recipes-initramfs/dracut-module/dracut-module.inc + +DEBIAN_DEPENDS:append = ",lighttpd" +SRC_URI += "file://install.sh \ + file://lighttpd.conf \ + file://lighttpd.service \ + file://sysuser-lighttpd.conf \ + " +DRACUT_REQUIRED_BINARIES = "lighttpd" +DRACUT_MODULE_DEPENDENCIES = "systemd-network-management" + +do_install[cleandirs] += "${D}/usr/lib/sysusers.d/" +do_install:append() { + install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH} + install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH} + install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf +} + diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh new file mode 100644 index 00000000..e7e50ad4 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh @@ -0,0 +1,21 @@ +install() { + inst_binary /usr/sbin/lighttpd + inst_binary /usr/sbin/lighttpd-angel + inst_binary /usr/sbin/lighttpd-disable-mod + inst_binary /usr/sbin/lighttpd-enable-mod + inst_multiple -o /usr/lib/lighttpd/*.so + inst_multiple -o /usr/share/lighttpd/* + inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service" + mkdir -p -m 0700 "$initdir/etc/lighttpd/" + mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress" + mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads" + mkdir -p -m 0700 "$initdir/var/log/lighttpd/" + mkdir -p -m 0755 "$initdir/var/www/html" + /usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html" + touch "$moddir"/error.log + /usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log" + chown -R www-data:www-data "$initdir/var/log/lighttpd/" + inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf + inst_sysusers lighttpd.conf + systemctl -q --root "$initdir" enable lighttpd +} diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf new file mode 100644 index 00000000..3a1bb351 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf @@ -0,0 +1,52 @@ +server.modules = ( + "mod_indexfile", + "mod_access", + "mod_alias", + "mod_redirect", +) + +server.document-root = "/var/www/html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/run/lighttpd.pid" +server.username = "www-data" +server.groupname = "www-data" +server.port = 80 + +# features +#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails +server.feature-flags += ("server.h2proto" => "enable") +server.feature-flags += ("server.h2c" => "enable") +server.feature-flags += ("server.graceful-shutdown-timeout" => 5) +#server.feature-flags += ("server.graceful-restart-bg" => "enable") + +# strict parsing and normalization of URL for consistency and security +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails +# (might need to explicitly set "url-path-2f-decode" = "disable" +# if a specific application is encoding URLs inside url-path) +server.http-parseopts = ( + "header-strict" => "enable",# default + "host-strict" => "enable",# default + "host-normalize" => "enable",# default + "url-normalize-unreserved"=> "enable",# recommended highly + "url-normalize-required" => "enable",# recommended + "url-ctrls-reject" => "enable",# recommended + "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) + #"url-path-2f-reject" => "enable", + "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) + #"url-path-dotseg-reject" => "enable", + #"url-query-20-plus" => "enable",# consistency in query string +) + +index-file.names = ( "index.php", "index.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +# default listening port for IPv6 falls back to the IPv4 port +include "/etc/lighttpd/conf-enabled/*.conf" + +#server.compat-module-load = "disable" +server.modules += ( + "mod_dirlisting", + "mod_staticfile", +) diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service new file mode 100644 index 00000000..da8c9033 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Lighttpd Daemon +DefaultDependencies=no + +[Service] +Type=simple +PIDFile=/run/lighttpd.pid +ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf +ExecReload=/bin/kill -USR1 $MAINPID +Restart=on-failure +[Install] +WantedBy=sysinit.target diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf new file mode 100644 index 00000000..6507ccf3 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf @@ -0,0 +1,3 @@ +g www-data - - +u www-data - - /var/www /usr/sbin/nologin + diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb index 226fdeaa..95739b12 100644 --- a/meta-isar/recipes-initramfs/images/isar-dracut.bb +++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb @@ -14,4 +14,7 @@ INITRAMFS_PREINSTALL += " \ # Recipes that should be installed into the initramfs build rootfs. INITRAMFS_INSTALL += " \ + dracut-example-lighttpd \ " + +DRACUT_EXTRA_MODULES += "example-lighttpd"