Re: [PATCH v4] isar-installer: Mount /tmp as tmpfs for read-only boot fix

["'Badrikesh Prusty' via isar-users" <isar-users@googlegroups.com>]

[-- Attachment #1.1: Type: text/plain, Size: 6504 bytes --]

Hi,

I'm unsure why a defensive approach to avoid overruling /etc/fstab.

My goal for systemd-tmpfs-tmp package (as it is configuration package) was 
for it to be an out-of-the-box solution requiring no additional 
configuration. Since users can choose whether to pre-install this package 
during build time, and if /tmp is already configured in /etc/fstab (if 
users aren't aware of), installing it will be ineffective, which could lead 
users to think it's not working as intended.

Furthermore, systemd versions >= 256 now ship the tmp.mount unit file at 
/usr/lib/systemd/system/tmp.mount.

Any suggestions are welcome.

Thanks,
Badrikesh
On Wednesday, July 2, 2025 at 1:42:29 AM UTC+5:30 Heinisch, Alexander wrote:

> On Sun, 2025-06-29 at 16:28 -0400, 'Badrikesh Prusty' via isar-users
> wrote:
> > From: badrikesh prusty <badrikes...@siemens.com>
> > 
> > Fix image installation when isar-image-installer rootfs is booted as
> > read-only
> > by ensuring /tmp is mounted as tmpfs.
> > 
> > With the latest isar installer, Bmaptool now creates the
> > /tmp/progress pipe to
> > track and display installation progress in a progress bar.
> > 
> > To mount /tmp as tmpfs, this change utilizes systemd's tmp.mount. As
> > tmp.mount
> > is located in /usr/share/systemd/ for systemd versions up to Debian
> > Bookworm,
> > and in /usr/lib/systemd/system/tmp.mount for versions 256.x and
> > newer, the file
> > must be copied to /etc/systemd/system/.
> > 
> > Placing tmp.mount unit file in /etc/systemd/system/ ensures its
> > configuration
> > for /tmp takes precedence, overriding any entry found in /etc/fstab.
> > 
> > Signed-off-by: badrikesh prusty <badrikes...@siemens.com>
> > ---
> >  .../deploy-image/deploy-image_0.1.bb             |  6 ++++--
> >  .../systemd-tmpfs-tmp/files/postinst             | 16
> > ++++++++++++++++
> >  .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb   | 13 +++++++++++++
> >  3 files changed, 33 insertions(+), 2 deletions(-)
> >  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> > tmp/files/postinst
> >  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> > tmp/systemd-tmpfs-tmp_0.1.b
> > b
> > 
> > diff --git a/meta-isar/recipes-installer/deploy-image/deploy-
> > image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-
> > image_0.1.bb
> > index 54e521b5..b287a8d1 100644
> > --- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
> > +++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
> > @@ -10,8 +10,10 @@ inherit dpkg-raw
> >  SRC_URI = "file://usr/bin/deploy-image-wic.sh \
> >             file://usr/lib/deploy-image-wic/handle-config.sh \
> >            "
> > -DEPENDS:bookworm += "bmap-tools"
> > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk,
> > gdisk, pigz, xz-utils, pbzip2, zstd"
> > +
> > +DEPENDS:append:bookworm = " bmap-tools"
> > +DEPENDS:append = " systemd-tmpfs-tmp"
> > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk,
> > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
> >  do_install[cleandirs] = "${D}/usr/bin/ \
> >                           ${D}/usr/lib/deploy-image-wic \
> >                          "
> > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-
> > tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-
> > tmp/files/postinst
> > new file mode 100644
> > index 00000000..9d75025d
> > --- /dev/null
> > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
> > @@ -0,0 +1,16 @@
> > +#!/bin/sh
> > +
> > +set -e
> > +
> > +DEST="/etc/systemd/system/tmp.mount"
> Do we really want to overrule /etc/fstab?
> Wouldn't `DEST="/usr/lib/systemd/system/tmp.mount"` be a more defensive
> approach?
>
> Repost from previous thread:
> ---
> Systemd already provides some predefined behaviour to manage common
> mounts like `/tmp`. [1]
>
> "If a mount point is configured in both /etc/fstab and a unit file that
> is stored below /usr/, the former will take precedence. If the unit
> file is stored below /etc/, it will take precedence. This means: native
> unit files take precedence over traditional configuration files, but
> this is superseded by the rule that configuration in /etc/ will always
> take precedence over configuration in /usr/."
> - [2]
>
> TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
> takes care about fstab vs tmp.mount precedence as you try to enforce it
> here.
> Besides that, as this check is executed as postinst, it possibly leads
> to undesired mount results, depending on package install order. e.g.
> later packages modify `/etc/fstab`.
> ---
> > +
> > +if [ ! -e "${DEST}" ]; then
> > +    # Possible source paths for tmp.mount
> > +    for SRC in /usr/share/systemd/tmp.mount
> > /usr/lib/systemd/system/tmp.mount; do
> > +        # If the source file exists, copy it to the destination and
> > exit the loop
> > +        [ -e "${SRC}" ] && cp ${SRC} ${DEST} && break
> > +    done
> > +fi
> > +
> > +# Enable the mount unit using deb-systemd-helper; ignore errors if
> > it fails
> > +deb-systemd-helper enable tmp.mount || true
> > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-
> > tmp/systemd-tmpfs-tmp_0.1.bb
> > new file mode 100644
> > index 00000000..c0ab1bcf
> > --- /dev/null
> > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-
> > tmp_0.1.bb
> > @@ -0,0 +1,13 @@
> > +# This software is a part of ISAR.
> > +# Copyright (C) Siemens AG, 2025
> > +#
> > +# SPDX-License-Identifier: MIT
> > +
> > +inherit dpkg-raw
> > +
> > +DESCRIPTION = "Configures /tmp as systemd-managed temporary
> > filesystem (tmpfs), ensuring read-write access even if rootfs is
> > read-only"
> > +MAINTAINER = "isar-users <isar-...@googlegroups.com>"
> > +
> > +SRC_URI = "file://postinst"
> > +
> > +DEBIAN_DEPENDS = "systemd"
> > -- 
> > 2.47.2
> > 
>
> -- 
> Alexander Heinisch
> Siemens AG
> www.siemens.com
>

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/04d29557-40ed-4a02-a675-66ae292829e6n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 10533 bytes --]