From patchwork Tue Oct 18 19:43:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 1691685 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MsPSy2kRvz23jp for ; Wed, 19 Oct 2022 06:44:34 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 9B87583F0D; Tue, 18 Oct 2022 19:44:32 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 9B87583F0D X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWlpX5o4lgOw; Tue, 18 Oct 2022 19:44:31 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp1.osuosl.org (Postfix) with ESMTP id 8F4E483F06; Tue, 18 Oct 2022 19:44:30 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 8F4E483F06 X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 34B801BF95F for ; Tue, 18 Oct 2022 19:43:27 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 10201402C3 for ; Tue, 18 Oct 2022 19:43:27 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 10201402C3 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xV5rjOuVk4WB for ; Tue, 18 Oct 2022 19:43:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org CB6D640111 Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) by smtp2.osuosl.org (Postfix) with ESMTPS id CB6D640111 for ; Tue, 18 Oct 2022 19:43:25 +0000 (UTC) Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr22.francetelecom.fr (ESMTP service) with ESMTPS id 4MsPRc0Xftz10WB; Tue, 18 Oct 2022 21:43:24 +0200 (CEST) Received: by tl-lnx-nyma7486 (sSMTP sendmail emulation); Tue, 18 Oct 2022 21:43:21 +0200 From: To: Date: Tue, 18 Oct 2022 21:43:09 +0200 Message-ID: <14736_1666122204_634F01DB_14736_494_1_b3efa290e26b85b54ab27728bf190316cf2ab1ee.1666122184.git.yann.morin@orange.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.115.26.50] X-ClientProxiedBy: OPE16NORMBX607.corporate.adroot.infra.ftgroup (10.115.27.31) To OPE16NORMBX305.corporate.adroot.infra.ftgroup (10.115.27.10) X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1666122204; bh=TjLa1V45CZsku8HrMT6E+hUYUIRojzYijczAD/dTmgM=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=j4RfRIytTYrwQMLFMaWBuf6IdkRyZ1fqaohX4B/MfadJ9B2McPzBIWNG5+wu1Yh5Z yegXelWs8fZs37sHOIip0lIvJO4XVm3rnquoaf1ZTK0fB5+TRqDJbgIXqrXc6m8Mmj 7pLrAXH3FSD7WqukU9O6e5qvLN3x/tkyeq1lxmEkrty7OCvnFuDyPykiEnceIuKwjf dFO1ZgI2W3N3INZZzfvIhUvyYEzyswJy8Ejd1NIygBH8hocOkUoEmUCm9BL9jsJCTi 1OGf6ka+y5aYXaIP8KlAdzBh0mwCs6Zxn96893fiHZPNnVFr+oHlvUtdyRvSYwaIOy V+MxPA34u/AvQ== X-Mailman-Original-Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=orange.com header.i=@orange.com header.a=rsa-sha256 header.s=ORANGE001 header.b=j4RfRIyt Subject: [Buildroot] [PATCH 6/6 v3] system: add option to use an overlayfs on /var on a r/o root w/ systemd X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Norbert Lange , yann.morin@orange.com, =?utf-8?q?Je?= =?utf-8?q?=CC=81re=CC=81my_Rosen?= , Romain Naour Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" While the /var factory seems to be working in most cases, there have been suggestions that it may be slightly and subtely borken in some (rare? edge?) cases, especially about symlinks. An other solution is to pre-populate /var at build time, by way of calling systemd-tmpfiles, and mounting an overlayfs on-top of it at runtime. This is slightly accrobatic, though, and requires a few hoops: - first, we create a tmpfs - there, we create three directories: - the first to bind-mount /var as it is, i.e. read-only - the second as the read-write upper for the overlayfs - the third as the "working area" for the overlays This is done with two systemd units: - rootfs-bindmount-var.service: prepares up to bind-mounting /var into the tmpfs - var.mount: a mount unit which actually mounts the overlayfs. Users who want to provide an actual storage to keep /var across reboots, will have to provide their own mount units and make it RequiredBy and BoundBy our var.mount unit. Systemd units courtesy Norbert, with slight tweaks and cleanups. Signed-off-by: Yann E. MORIN Cc: Norbert Lange Cc: Romain Naour Cc: Jérémy Rosen --- .../{ => factory}/var.mount | 0 .../overlayfs/rootfs-bindmount-var.service | 21 ++++++++++++++++ .../skeleton-init-systemd/overlayfs/var.mount | 15 ++++++++++++ .../skeleton-init-systemd.mk | 20 +++++++++++++--- system/Config.in | 24 +++++++++++++------ 5 files changed, 70 insertions(+), 10 deletions(-) rename package/skeleton-init-systemd/{ => factory}/var.mount (100%) create mode 100644 package/skeleton-init-systemd/overlayfs/rootfs-bindmount-var.service create mode 100644 package/skeleton-init-systemd/overlayfs/var.mount diff --git a/package/skeleton-init-systemd/var.mount b/package/skeleton-init-systemd/factory/var.mount similarity index 100% rename from package/skeleton-init-systemd/var.mount rename to package/skeleton-init-systemd/factory/var.mount diff --git a/package/skeleton-init-systemd/overlayfs/rootfs-bindmount-var.service b/package/skeleton-init-systemd/overlayfs/rootfs-bindmount-var.service new file mode 100644 index 0000000000..e412a56c49 --- /dev/null +++ b/package/skeleton-init-systemd/overlayfs/rootfs-bindmount-var.service @@ -0,0 +1,21 @@ +[Unit] +Description=Bind-mount variable storage (/var) +Documentation=man:file-hierarchy(7) +ConditionPathIsSymbolicLink=!/var +# ConditionPathIsReadWrite=!/var +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=local-fs-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=-/bin/mkdir /run/varoverlay +ExecStartPre=/bin/mount --make-private -n -t tmpfs tmpfs_root_ovl /run/varoverlay +ExecStartPre=/bin/mkdir /run/varoverlay/lower /run/varoverlay/upper /run/varoverlay/work +ExecStart=/bin/mount --make-private -n --bind /var /run/varoverlay/lower + +ExecStop=/bin/umount -n /run/varoverlay/lower +ExecStopPost=/bin/umount -n /run/varoverlay +ExecStopPost=/bin/rmdir /run/varoverlay diff --git a/package/skeleton-init-systemd/overlayfs/var.mount b/package/skeleton-init-systemd/overlayfs/var.mount new file mode 100644 index 0000000000..fab223c27b --- /dev/null +++ b/package/skeleton-init-systemd/overlayfs/var.mount @@ -0,0 +1,15 @@ +[Unit] +Description=variable storage (/var) +Documentation=man:file-hierarchy(7) +ConditionPathIsSymbolicLink=!/var +After=rootfs-bindmount-var.service +BindsTo=rootfs-bindmount-var.service + +[Mount] +What=overlay_var +Where=/var +Type=overlay +Options=lowerdir=/run/varoverlay/lower,upperdir=/run/varoverlay/upper,workdir=/run/varoverlay/work,redirect_dir=on,index=on,xino=on + +[Install] +WantedBy=local-fs.target diff --git a/package/skeleton-init-systemd/skeleton-init-systemd.mk b/package/skeleton-init-systemd/skeleton-init-systemd.mk index 69991265a5..07a4180db0 100644 --- a/package/skeleton-init-systemd/skeleton-init-systemd.mk +++ b/package/skeleton-init-systemd/skeleton-init-systemd.mk @@ -33,7 +33,7 @@ define SKELETON_INIT_SYSTEMD_ROOT_RO_OR_RW endef ifeq ($(BR2_INIT_SYSTEMD_VAR_FACTORY),y) -define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR +define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR_FACTORY rm -rf $(TARGET_DIR)/usr/share/factory/var mv $(TARGET_DIR)/var $(TARGET_DIR)/usr/share/factory/var mkdir -p $(TARGET_DIR)/var @@ -52,11 +52,25 @@ define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR || exit 1; \ fi; \ done >$(TARGET_DIR)/usr/lib/tmpfiles.d/buildroot-factory.conf - $(INSTALL) -D -m 0644 $(SKELETON_INIT_SYSTEMD_PKGDIR)/var.mount \ + $(INSTALL) -D -m 0644 $(SKELETON_INIT_SYSTEMD_PKGDIR)/factory/var.mount \ $(TARGET_DIR)/usr/lib/systemd/system/var.mount endef -SKELETON_INIT_SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR +SKELETON_INIT_SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR_FACTORY endif # BR2_INIT_SYSTEMD_VAR_FACTORY + +ifeq ($(BR2_INIT_SYSTEMD_VAR_OVERLAYFS),y) +define SKELETON_INIT_SYSTEMD_LINUX_CONFIG_FIXUPS + $(call KCONFIG_ENABLE_OPT,CONFIG_OVERLAY_FS) +endef +define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR_OVERLAYFS + $(INSTALL) -D -m 0644 $(SKELETON_INIT_SYSTEMD_PKGDIR)/overlayfs/var.mount \ + $(TARGET_DIR)/usr/lib/systemd/system/var.mount + $(INSTALL) -D -m 0644 $(SKELETON_INIT_SYSTEMD_PKGDIR)/overlayfs/rootfs-bindmount-var.service \ + $(TARGET_DIR)/usr/lib/systemd/system/rootfs-bindmount-var.service +endef +SKELETON_INIT_SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR_OVERLAYFS +endif # BR2_INIT_SYSTEMD_VAR_OVERLAYFS + endif # BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW ifeq ($(BR2_INIT_SYSTEMD_POPULATE_TMPFILES),y) diff --git a/system/Config.in b/system/Config.in index 074fda509c..0c064b8211 100644 --- a/system/Config.in +++ b/system/Config.in @@ -164,6 +164,14 @@ choice Select how Buildroot provides a read-write /var when the rootfs is not remounted read-write. + Note: Buildroot uses a tmpfs, either as a mount point or as + the upper of an overlayfs, so as to at least make the system + bootable out of the box; mounting a filesystem from actual + storage is left to the integration, as it is too specific and + may need preparatory work like partitionning a device and/or + formatting a filesystem first, which falls out of the scope + of Buildroot. + config BR2_INIT_SYSTEMD_VAR_FACTORY bool "build a factory to populate a tmpfs" help @@ -176,17 +184,19 @@ config BR2_INIT_SYSTEMD_VAR_FACTORY It probably does not play very well with triggering a call to systemd-tmpfiles at build time (below). - Note: Buildroot mounts a tmpfs on /var to at least make the - system bootable out of the box; mounting a filesystem from - actual storage is left to the integration, as it is too - specific and may need preparatory work like partitionning a - device and/or formatting a filesystem first, so that falls - out of the scope of Buildroot. - To use persistent storage, provide a systemd dropin for the var.mount unit, that overrides the What and Type, and possibly the Options and After, fields. +config BR2_INIT_SYSTEMD_VAR_OVERLAYFS + bool "mount an overlayfs backed by a tmpfs" + help + Mount an overlayfs on /var, with the upper as a tmpfs. + + To use a persistent storage, provide your own systemd unit(s) + that eventually mount that persistent storage on + /run/varoverlay/upper/ + config BR2_INIT_SYSTEMD_VAR_CUSTOM bool "something else" help