From: "'Quirin Gylstorff' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com, jan.kiszka@siemens.com,
felix.moessbauer@siemens.com, cedric.hombourger@siemens.com
Subject: [PATCH v5 11/12] Use lighttpd as a example how to add a dracut module
Date: Thu, 30 Oct 2025 10:44:45 +0100 [thread overview]
Message-ID: <20251030094451.1303871-12-Quirin.Gylstorff@siemens.com> (raw)
In-Reply-To: <20251030094451.1303871-1-Quirin.Gylstorff@siemens.com>
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This example allows to add the lighttpd webserver to the
initrd. The example shows the following use cases:
- add a own service to the initrd
- add a user via systemd
- add file to configure a service
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
.../dracut-example-lighttpd_0.1.bb | 44 ++++++++++++++++
.../dracut-example-lighttpd/files/install.sh | 20 +++++++
.../files/lighttpd.conf | 52 +++++++++++++++++++
.../files/lighttpd.service | 13 +++++
.../files/sysuser-lighttpd.conf | 2 +
.../recipes-initramfs/images/isar-dracut.bb | 8 +++
6 files changed, 139 insertions(+)
create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
new file mode 100644
index 00000000..5889a5ed
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb
@@ -0,0 +1,44 @@
+#
+# Copyright (c) Siemens AG, 2025
+#
+# Authors:
+# Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#
+# SPDX-License-Identifier: MIT
+#
+# This example adds the lighttpd server to the dracut initrd
+
+require recipes-initramfs/dracut-module/dracut-module.inc
+
+# Additional install instructions
+DRACUT_INSTALL_CONTENT_FILE_NAME = "install.sh"
+
+DEBIAN_DEPENDS:append = ",lighttpd, kbd, passwd, \
+ dracut-network, dbus-daemon, iproute2, \
+ dracut-example-lighttpd, systemd-sysv, systemd-resolved, systemd-timesyncd"
+
+DEBIAN_DEPENDS:append:trixie = ", systemd-cryptsetup"
+
+
+SRC_URI += "file://lighttpd.conf \
+ file://lighttpd.service \
+ file://sysuser-lighttpd.conf \
+ "
+
+# lighttpd binaries
+DRACUT_REQUIRED_BINARIES = "lighttpd \
+ lighttpd-angel \
+ lighttpd-disable-mod \
+ lighttpd-enable-mod \
+ lighty-enable-mod \
+ "
+# we need networking
+DRACUT_MODULE_DEPENDENCIES = "systemd-network-management"
+
+do_install[cleandirs] += "${D}/usr/lib/sysusers.d/"
+do_install() {
+ install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH}
+ install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH}
+ # install sysuser to be used by dracut
+ install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf
+}
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
new file mode 100644
index 00000000..b7295b94
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh
@@ -0,0 +1,20 @@
+inst_multiple -o /usr/lib/lighttpd/*.so
+inst_multiple -o /usr/share/lighttpd/*
+
+inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service"
+inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf
+
+# use the sysuser lighttpd config to create the necessary user
+inst_sysusers lighttpd.conf
+
+mkdir -p -m 0700 "$initdir/etc/lighttpd/"
+mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress"
+mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads"
+mkdir -p -m 0700 "$initdir/var/log/lighttpd/"
+mkdir -p -m 0755 "$initdir/var/www/html"
+
+/usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html"
+touch "$moddir"/error.log
+/usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log"
+chown -R www-data:www-data "$initdir/var/log/lighttpd/"
+systemctl -q --root "$initdir" enable lighttpd
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
new file mode 100644
index 00000000..3a1bb351
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf
@@ -0,0 +1,52 @@
+server.modules = (
+ "mod_indexfile",
+ "mod_access",
+ "mod_alias",
+ "mod_redirect",
+)
+
+server.document-root = "/var/www/html"
+server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
+server.errorlog = "/var/log/lighttpd/error.log"
+server.pid-file = "/run/lighttpd.pid"
+server.username = "www-data"
+server.groupname = "www-data"
+server.port = 80
+
+# features
+#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
+server.feature-flags += ("server.h2proto" => "enable")
+server.feature-flags += ("server.h2c" => "enable")
+server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
+#server.feature-flags += ("server.graceful-restart-bg" => "enable")
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+# if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+ "header-strict" => "enable",# default
+ "host-strict" => "enable",# default
+ "host-normalize" => "enable",# default
+ "url-normalize-unreserved"=> "enable",# recommended highly
+ "url-normalize-required" => "enable",# recommended
+ "url-ctrls-reject" => "enable",# recommended
+ "url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject" => "enable",
+ "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject" => "enable",
+ #"url-query-20-plus" => "enable",# consistency in query string
+)
+
+index-file.names = ( "index.php", "index.html" )
+url.access-deny = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load = "disable"
+server.modules += (
+ "mod_dirlisting",
+ "mod_staticfile",
+)
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
new file mode 100644
index 00000000..da8c9033
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Lighttpd Daemon
+DefaultDependencies=no
+
+[Service]
+Type=simple
+PIDFile=/run/lighttpd.pid
+ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
+ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
+ExecReload=/bin/kill -USR1 $MAINPID
+Restart=on-failure
+[Install]
+WantedBy=sysinit.target
diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
new file mode 100644
index 00000000..37060a65
--- /dev/null
+++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf
@@ -0,0 +1,2 @@
+g www-data - -
+u www-data - - /var/www /usr/sbin/nologin
diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb
index 226fdeaa..aa55e360 100644
--- a/meta-isar/recipes-initramfs/images/isar-dracut.bb
+++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb
@@ -14,4 +14,12 @@ INITRAMFS_PREINSTALL += " \
# Recipes that should be installed into the initramfs build rootfs.
INITRAMFS_INSTALL += " \
+ dracut-example-lighttpd \
"
+
+# This option does not work with some of the dracut modules in Debian
+# as there is no standardized mapping between module name and package name
+DRACUT_EXTRACT_MODULES_FROM_PACKAGE_NAMES = "True"
+
+# Alternative is to add the example module manually
+#DRACUT_EXTRA_MODULES += "example-lighttpd"
--
2.51.0
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251030094451.1303871-12-Quirin.Gylstorff%40siemens.com.
next prev parent reply other threads:[~2025-10-30 9:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 9:44 [PATCH v5 00/12] Add support for dracut 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 01/12] Add dracut to custom kernel builds 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 02/12] rootfs: Allow to overwrite the initramfs generation cmds 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 03/12] rootfs: Add isar-work directory to rootfs mounts 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 04/12] rootfs: Copy the newly created initrd.img to the work directory 'Quirin Gylstorff' via isar-users
2025-10-30 12:04 ` 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 05/12] rootfs: Add dracut to initramfs generator 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 06/12] initramfs: allow to set the generator command 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 07/12] Add class to generate custom dracut initramfs 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 08/12] rootfs: add flag to use dracut if it is not part of the package list 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 09/12] Add example dracut initramfs 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` [PATCH v5 10/12] Add dracut module helper 'Quirin Gylstorff' via isar-users
2025-10-30 11:26 ` 'Jan Kiszka' via isar-users
2025-10-30 11:53 ` 'Quirin Gylstorff' via isar-users
2025-10-30 9:44 ` 'Quirin Gylstorff' via isar-users [this message]
2025-10-30 9:44 ` [PATCH v5 12/12] user_manual: Add dracut for initramfs generation 'Quirin Gylstorff' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251030094451.1303871-12-Quirin.Gylstorff@siemens.com \
--to=isar-users@googlegroups.com \
--cc=Quirin.Gylstorff@siemens.com \
--cc=cedric.hombourger@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox