Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Henning Schild <henning.schild@siemens.com>]

Am Tue, 17 Apr 2018 15:23:55 +0200
schrieb Jan Kiszka <jan.kiszka@siemens.com>:

> On 2018-04-17 15:20, Henning Schild wrote:
> > Am Tue, 17 Apr 2018 15:03:28 +0200
> > schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> >   
> >> On 2018-04-17 14:46, [ext] Henning Schild wrote:  
> >>> Issue: debootstrap copies /etc/resolv.conf from the host into the
> >>> rootfs, and we need it there to use apt-get. But we do not always
> >>> want it there after we are done installing
> >>>
> >>> Fix: remove the leaked file in our image customization package, to
> >>> reach a defined state. That happens to be the state we had with
> >>> multistrap.
> >>>
> >>> Impact: images will not contain a resolv.conf anymore, just like
> >>> in the multistrap days. If you want one do not install
> >>> example-raw and customize in your own hook
> >>>
> >>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> >>> ---
> >>>  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
> >>>  1 file changed, 4 insertions(+)
> >>>
> >>> diff --git a/meta-isar/recipes-app/example-raw/files/postinst
> >>> b/meta-isar/recipes-app/example-raw/files/postinst index
> >>> f60be8c..385473e 100644 ---
> >>> a/meta-isar/recipes-app/example-raw/files/postinst +++
> >>> b/meta-isar/recipes-app/example-raw/files/postinst @@ -19,4 +19,8
> >>> @@ chown -R isar:isar /var/lib/isar # but we take the same
> >>> password for this example echo "root:root" | chpasswd
> >>>  
> >>> +# debootstrap will leak these two files from the build host, get
> >>> them +# into a defined state
> >>> +# every image will have to handle these two somehow
> >>>  echo "isar" > /etc/hostname
> >>> +rm -f /etc/resolv.conf    
> >>
> >> That cleaning should go into the generic images. It's not a
> >> customization.  
> > 
> > Just discussed that with Claudius offline. And we came to the
> > conclusion that it can not really go anywhere else.
> > 
> > Instead our conclusion was, that these two files are special and
> > every image should contain a customization script to bring those
> > two into a defined state. We read debootstrap code and confirmed
> > that it is these two files only. In fact we found resolv.conf after
> > a question around hostname appeared.
> > 
> > If you delete them in the image-recipe, you can not tune them in
> > hooks anymore. And the image needs them as long as it needs
> > internet ... want to use apt-get.
> > 
> > We could handle them in a post do_rootfs task that end-users would
> > override to customize. The bb-task would not be very debian-like and
> > would open a tempting hack-vector that end-users might use to
> > smuggle rootfs-changes around apt.  
> 
> Host state shall not go into the image. Thus at least emptying that
> file is mandatory. In case someone forgets that or is in no need for
> networking, this should be done generically, not per customization. A
> customization package can still ship its own file, I don't see the
> problem here.

OK, came up with another approach that is still being tested. Stay
tuned.

Henning

> Jan