From patchwork Mon Oct 21 08:58:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Moessbauer <felix.moessbauer@siemens.com>
X-Patchwork-Id: 3877
Return-Path: <isar-users+bncBCZK33MGWUCRBJNP3C4AMGQEIQQE47Y@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	 by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
	 Mon, 21 Oct 2024 10:58:22 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-pg1-f183.google.com (mail-pg1-f183.google.com
 [209.85.215.183])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
 49L8wKZx032013
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <iupwgm@isar-build.org>; Mon, 21 Oct 2024 10:58:21 +0200
Received: by mail-pg1-f183.google.com with SMTP id
 41be03b00d2f7-7e9fb5352dfsf4842049a12.3
        for <iupwgm@isar-build.org>; Mon, 21 Oct 2024 01:58:20 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1729501094; cv=pass;
        d=google.com; s=arc-20240605;
        b=bfFkyEgbBbieXdAEOjcTlSi9Gn+1mhuIvd8ytd75YckAoxYqBgKmwQtkP12mCDlrgu
         vw9+tFm+uwpxicJweRBz8niY5xnTOJfozzSrsJ33qqIx9df80HxT7HLLVn2rCGybVEdE
         UUF164YQJ8WZZYWQ7Sopik5FFuAXOjBt6PsqObk2JGAYxmYLZYtgihsMUuBlFFWRx8UA
         WY7jmU8UFN6DcY15fbOS+9HkFHTid6pnDV375RWJZCEE4/i8KBMYu1INhgy8kQa7g65C
         UbA6Xi12cyM0tcoU7oOCC858j8w4tx5PxXIn/zuMvcC4oE9bZLpHJq5cEAaj8B+il5bJ
         Z5DQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=XgreXI2OM2kdrP5RmFRpU7H928PON0ERZbuorMFC5wI=;
        fh=Qm3ZygzAfB1LY/9f9jXy2WyJ38TflOU69o+1cRn9FG8=;
        b=Sj+7H3e23sAAtI3QR19rchUhB3dEiJBbtTccMHvyJLXwq/b6MwPtYEtCaz32vWff5E
         54DYDWzY561eoZEB2fPQElq952LeaoKdVguUDaRqaz9zFjruh2E04rah/3LGPIFVM0B8
         NOVGqlbG832crt7ACegGfevReAS8l3fTOUxoEMw17SAmxL8Zt56NEDCNcD8nxX5vii73
         st/VecZ6JpVB42OypEOsM2MpM/VUMZ+nAdxuCEmn5IGTMzgNL4u5F4DaY+/ivEM6230y
         wPPNBIcPRCcU93Nmq9ftvAqSsZZ/U4Gp0u97ExNy0zQ83N/QYPBoFHIzFGePxFuw/c/i
         F1Ew==;
        darn=isar-build.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=fk33jydd;
       spf=pass (google.com: domain of
 fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com
 designates 185.136.64.227 as permitted sender)
 smtp.mailfrom=fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1729501094; x=1730105894;
 darn=isar-build.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
         :date:message-id:reply-to;
        bh=XgreXI2OM2kdrP5RmFRpU7H928PON0ERZbuorMFC5wI=;
        b=DxpSFmDhPRL4G/Tu7Ij/KnYW1JpyvMsqzF/Lo+HMQFdgrzdN7A8O0KEm4sH6S2ndkN
         GbOhDcl4VB+IZHDrSA4x2ajAcH1PcBaxBPa2qbMzGBA3iJWVD6TYdLIYjX2c4O5zvMGs
         5ZvmKXaVrf1rJD+Pk88gXv/yervJIBY0/EIStHjLHxuVlRQ9jSyyNu+mXOP46LMkd8vx
         qv0MP1JBxDwu1nV56zVPixFNiMSWj5Fanuw9Xkvst13Sdgh7Q/rKOiZ1kq7bzcquAgt1
         KOqrwn7gs8r7GOT4koHCGKyEvxeM+36+ye8Irv957cV7RD1bnhJwNlJNdBxSU3icLbtF
         E8FQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729501094; x=1730105894;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:feedback-id
         :mime-version:message-id:date:subject:cc:to:from:x-beenthere
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=XgreXI2OM2kdrP5RmFRpU7H928PON0ERZbuorMFC5wI=;
        b=M2YJDvxDFeaCu+z31wDC6PJWNwTIfV1WqE9hjblcQwO7uAQsq4JI/UTBYHlRHJWn3v
         xvd7BNzHJRJnw02FdrLAtrHFtFvNAT5Ipnaab4G8PqL3HPqmVqqy2XL1u6Ob5F/8hPlM
         ZyRhwle4G/K534RihgWboQBf5HUT+yRw3RMaG38yBz4eYNFGI6uLsgqEQz5wepJ6kuCK
         uFT9XlrhSW7hRpXJ7lGVkcNzZRPxAXa/D5XVuv7SzUq4Amxz2uKAjwnddZl8WyeFqiZk
         fu2AaioHZc7lzMXryuTUZPsTzRqm+ZMYtDf6QBRLXbgTFxWd+LjZ0JKrLX2A5ILLMbGE
         4gSg==
X-Forwarded-Encrypted: i=2;
 AJvYcCUbyjCr2OJIoHsLmcBM/gxS72L0DvHHijR/H8z6kcHQW5m4GUYK7qSwUpzMK8zXuXGlQsjQFHw=@isar-build.org
X-Gm-Message-State: AOJu0Ywyhsi0p4Ogc2T8mgIRtZWNiBrm2P+EquMpKj//PKwWZ3w/z1i7
	YLkNtvo0SshstWbSdvOq8jWsY6DQvur7MS2QXf2Pvf+Qe9DvRQhw
X-Google-Smtp-Source: 
 AGHT+IGgdEFibxIxsl17ci/sdgUNDUopKQthAA/f+Qxl4k5dxD0nnW4XJerZ7oyYUpZUVrJHsBr6eA==
X-Received: by 2002:a05:6a21:3a94:b0:1d8:a7a8:8b71 with SMTP id
 adf61e73a8af0-1d92c4da7d7mr16702651637.11.1729501093969;
        Mon, 21 Oct 2024 01:58:13 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6a00:2394:b0:71e:5a75:ea30 with SMTP id
 d2e1a72fcca58-71e8fd43bbals612898b3a.1.-pod-prod-08-us; Mon, 21 Oct 2024
 01:58:11 -0700 (PDT)
X-Received: by 2002:a17:902:e845:b0:20b:ab4b:544a with SMTP id
 d9443c01a7336-20e5a8ee9e6mr142677705ad.43.1729501091251;
        Mon, 21 Oct 2024 01:58:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1729501090; cv=none;
        d=google.com; s=arc-20240605;
        b=ZqvpyQoFBVlOWK4iadEYolS2e6Zs24kUKuvvKrKy//CGNlC03jqPIYwYkTMv7XH3bB
         Lty5G1i4veCvLrSUl1fdkmwIMUISqckQJzuEH5w/JN9Tv3/iauu/hAIa1U4HMEvFPMog
         PLXijNcqRYY9vo+e0j2BrCvuqpHEpYVTprM0pZZfYPEzOZCdEcnKN2Wt+4lKFmn3K0OJ
         bdB+afxMTbItmLcqjlA90/4NZfDoSjXD/z8ZNDKCkJ2JoOKitAWWgT5jXo3dQQe5tD5R
         TE0ryOChLm1RSDtHbOd7zne6bb6hIFvTahFa7I+e215WoDZcCr1kcHhSjCMLQYRqonDX
         uE6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=feedback-id:content-transfer-encoding:mime-version:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=c1Q3lg0SfjRrf6h0uvRsA4b9+N0jM6Sib92rc/G3Ces=;
        fh=dWFKumMb31C26+PJa6vcB2ftw6NwdNo52k0UEVGombI=;
        b=ODkhBNYfFI0CVFqbkfRhZGKuHxYKPAWRvUcg6s0BNG/m0UpTCcyH24cVxBjOXhhU5k
         yli/PRev/3b6ZeYSDYZ0Hp++A8PB+6wLZ/StXNyLNRHNfhXacp/kHUV7tbZmadnghrrQ
         yf7YuN7q41Bo5jxgeYJ+K5XsbnpImfPw25ZXL++OT3v/hmBWmk9eb5X2pbdNs83kTds6
         o8wuTAmfk1/SpEF2ooo4R9IwGcheHlIcZsDF+jM1FguNTA358qz3V5U5RlfWkq2CJsk3
         e4BlxWAmQjssyp2btkexOw7YdDmhMJZRJvZFRBiSZautfaGnE4zZzi8680z8MIcUiiHq
         IJbw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=fm1 header.b=fk33jydd;
       spf=pass (google.com: domain of
 fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com
 designates 185.136.64.227 as permitted sender)
 smtp.mailfrom=fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from mta-64-227.siemens.flowmailer.net
 (mta-64-227.siemens.flowmailer.net. [185.136.64.227])
        by gmr-mx.google.com with ESMTPS id
 d9443c01a7336-20e7ef4484esi980035ad.4.2024.10.21.01.58.10
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 21 Oct 2024 01:58:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com
 designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227;
Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id
 202410210858083589798fa3198fd7b3
        for <isar-users@googlegroups.com>;
        Mon, 21 Oct 2024 10:58:08 +0200
X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users"
 <isar-users@googlegroups.com>
From: Felix Moessbauer <felix.moessbauer@siemens.com>
To: isar-users@googlegroups.com
Cc: quirin.gylstorff@siemens.com,
        Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH 1/1] move expand-on-first-boot to /usr/lib
Date: Mon, 21 Oct 2024 10:58:02 +0200
Message-Id: <20241021085802.234809-1-felix.moessbauer@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-1321639:519-21489:flowmailer
X-Original-Sender: felix.moessbauer@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@siemens.com header.s=fm1 header.b=fk33jydd;       spf=pass
 (google.com: domain of
 fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com
 designates 185.136.64.227 as permitted sender)
 smtp.mailfrom=fm-1321639-202410210858083589798fa3198fd7b3-_ha3ov@rts-flowmailer.siemens.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Felix Moessbauer <felix.moessbauer@siemens.com>
Reply-To: Felix Moessbauer <felix.moessbauer@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
 contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
 <mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
 <mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=

All non-example, non user / admin executables belong to /usr/lib/<package>.
Hence, move the expand-on-first-boot script there as well. This solves an
issue in hardened systems where /usr/share is marked non-executable.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 .../expand-on-first-boot/expand-on-first-boot_1.5.bb          | 4 ++--
 .../expand-on-first-boot/files/expand-on-first-boot.service   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
index ebb22c84..2596706d 100644
--- a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
+++ b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
@@ -29,6 +29,6 @@ SRC_URI = " \
     file://expand-last-partition.sh"
 
 do_install() {
-    install -d -m 755 ${D}/usr/share/expand-on-first-boot
-    install -m 755 ${WORKDIR}/expand-last-partition.sh ${D}/usr/share/expand-on-first-boot/
+    install -d -m 755 ${D}/usr/lib/expand-on-first-boot
+    install -m 755 ${WORKDIR}/expand-last-partition.sh ${D}/usr/lib/expand-on-first-boot/
 }
diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
index 58f4b55b..6f1799b9 100644
--- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
+++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
@@ -14,7 +14,7 @@ ConditionPathIsReadWrite=/tmp
 
 [Service]
 Type=oneshot
-ExecStart=/usr/share/expand-on-first-boot/expand-last-partition.sh
+ExecStart=/usr/lib/expand-on-first-boot/expand-last-partition.sh
 ExecStartPost=-/bin/systemctl disable expand-on-first-boot.service
 ExecStopPost=-/bin/systemctl disable expand-on-first-boot.service