From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 05 Nov 2025 13:14:16 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-ed1-f55.google.com (mail-ed1-f55.google.com [209.85.208.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5A5CEEbQ018818 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 5 Nov 2025 13:14:14 +0100 Received: by mail-ed1-f55.google.com with SMTP id 4fb4d7f45d1cf-640a03bb8afsf7592430a12.0 for ; Wed, 05 Nov 2025 04:14:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1762344846; cv=pass; d=google.com; s=arc-20240605; b=OqyouV1moKPWMi85aF0mybc5YgyKwJj+AG0MEc+HIrcxDXY0NPvCGTQfuvd/HM+TfF HWatEBfShArWetC1I9KyL4od/SqO+iO1Aq7XfeWmg5ViAPbjsE22Ip6H9NIHngXrs+oX nvlQ7YSV8yDGK2l4PuYvf8TKDqqb7QB6dJNHdTBunIxubsSl6pX9ORvlRLkiioYDN+3j Y3yMgeRfu3i453ZMQs8N/Nwex47jM85Wu+aAH8ooJK4NetozCwgrOs9TI5D74pM1HFLl 9IR5HfnGcuGhv0xxQhKegrrlZcW/WVxLsJI+qAHTFudknI0plU07GIMVgqw8ddwNF+jT orPw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=P6WWssgUHUbfZt6i56/A9CqlASTaaexrtSvN18SZ6wQ=; fh=vvaQLBvxQK9JFj/5Sh4UK91isnmwXjW3PCdFc4j+jHQ=; b=abnHx7BkoTDxrAazi3b9Xb0XgiqKCN4aXyy+en6YQWP7My0bCyBt6c+yxfP5wdYQiH 6mPgbUscjWHtInI33NNcYNgeJxP9px8D9OYON4EelyOp9P37WckUfghRn23lVLX8ujZu ESqrKhEV66LXJM+/TEbCX42jJR/aePYxijfh3fmOpfD6zJh371nyV6B4D6OPIUOxNaJL Saj0DzIm0HHExNC05miz1MIyn+8V8YF7wvtQ1FEj90HbDMP4PgdC5tmmUoQpsWC+Yarx sSnY6D7qyJa57+2+f1NL3gll3yggAUJG4sYEFh0vb/BEAtuGtgwDN2J2I35OudEqwtIK SVnw==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="PUKpR/ZY"; spf=pass (google.com: domain of fm-51332-2025110512140224c84dba1e00020705-yrxdgm@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-51332-2025110512140224c84dba1e00020705-YRXDgM@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1762344846; x=1762949646; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:to:from :from:to:cc:subject:date:message-id:reply-to; bh=P6WWssgUHUbfZt6i56/A9CqlASTaaexrtSvN18SZ6wQ=; b=uWPmTvYRBmZtB8grBj/nnLn48d2z1rgOeAovXIE1qHVqHxwWUkQ1ID7cGVJdPSWMqK a7yQ/L+3Dw/bKZNvmxqF59uXCdR2VWTG/YNkUG33drM+bHtcHplXgqzgvupwUkai1ZfG fYtVuLpN2EbwyDJQfrMaSTNRZxyThIvGnFXxk33SXYZHc/FJ+ukImkBB6yll0h4kaFdU S0XUtFS3zDxudFjflMrExxPZnQ65SrHNjZZY6ANxap1phz3BeIoJ30eFplqbkcOqQnX5 71foHw8W3+ubVhonsSJpmbdp4UU/PKvT8QekrUwQGnbCSpmkPFoLYT3yJQ/0cLSXAPlO QyJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762344846; x=1762949646; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P6WWssgUHUbfZt6i56/A9CqlASTaaexrtSvN18SZ6wQ=; b=nz+w9zNlOLxy48p3ePM6oNEaulGHBt3p4BuUcC7Tsr7OYMiyj6D3ZRwZp/ZZgBY1cC 0ae5at/swxsvTUPm/NrZHEaImv1W9hhawVyradyS4F5KvDfEehm51mgJWybTTX3b+eBv rlVhT2Gr+iwA0Qp6GzjG68Z2JovsYdKAmmV1D0+ICdsf0kqYboafaJMWPRdSDFsrQN9G j87DTKhlsx9KtUR11LynI/OX2Ba3svEIi78n2mJuz2P97v/2u2ArPI58Rk2asE7wKNKN why3mE5dMa6Zh8COcP0tq1WiGot6M0TMVjJAlI+uqL6iewzLmKSki46VS9Snglprsaak gVwA== X-Forwarded-Encrypted: i=2; AJvYcCVg8EC1O4cuBWqFN0j8ShI4hX5WfsvwW6v/CuVxGZau9g7MZg4YkqlDTT30UzxbOaOMqpER@ilbers.de X-Gm-Message-State: AOJu0Yy6G5kxkRG3TMW5vLVkgZYUPHtYe99Hmeqw5E8+Q8FZNjfwwpDV KKHE6vIlw+Imsd0qNLkkzsXARuMPlO/fat4tWwayXbiKM2qBMel9r9dZ X-Google-Smtp-Source: AGHT+IF1vFvygtDNKZRu4KEdRi0J98+rAnFh5Ubh6HxtqlGt+3UYz0+QZQ5CUp4IZBbOcv3C80mDlA== X-Received: by 2002:a05:6402:13cb:b0:640:976f:1397 with SMTP id 4fb4d7f45d1cf-64105b7a702mr2373587a12.37.1762344846035; Wed, 05 Nov 2025 04:14:06 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+aV8CirdXmLighIiF7SkW5F82Z53E8/8vwKlWgvNEY/Iw==" Received: by 2002:a05:6402:7d4:b0:640:fcbe:ef7f with SMTP id 4fb4d7f45d1cf-640fcbef264ls1392561a12.0.-pod-prod-08-eu; Wed, 05 Nov 2025 04:14:02 -0800 (PST) X-Received: by 2002:a17:906:b10a:b0:b72:6935:6bac with SMTP id a640c23a62f3a-b72693594ffmr158458766b.49.1762344842668; Wed, 05 Nov 2025 04:14:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1762344842; cv=none; d=google.com; s=arc-20240605; b=NzrHQOMjz8BuOCZ/GAjLF1sWbCASqRXiaaXg9oQPUY3eoZ8DaXj+oUpaYyEPZyKuiJ ZaUpdEO4E7LJJ69GYpL7Vieaq+hcD/RCReS28/Ux6bt4gRAaYait4NO/tEMb4lXlEnuT PG2GyELZh+iW/2Y6xU/u6QOgP45cHiUz69IhGczcLDqaNVCwidbqhX1tDfGIClFQmuDE Z6IJ2JpyviC/t4nDEZqj6EOd4Kwo7NK5FY6OnuXzHYLUscwwt3pO/O8jSLmIstS7Qrl5 7ZHnOmv7nxCNEYOEozd2XAsLJwQ2m3WPwPewf116tANxByEWqFw3OPk9lrJjNT5nBwKk j5ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=9AK/Q89c7bG0/dTk0F2KnvSOxa3FXjUl7TVc188GJr4=; fh=pD9NMAE6punlmxDz2SM7DMFwkWrKOHAvTYxfub7CxRs=; b=DG8vX/c55iJ4zi2JMUH/NexLV137Y0a5t0EBKTMU2rejD0I3ckBHpLUnHLotQnygMc gd40gBIeYZNrlBcR0amd8UWgicKrYBnKpyXPvshIDVBdTKW3EYIbCm8cfGYSCmF77x7C 3IKpJcFCT7x8/5E/J9Kf9IIqYIHI17lTlWxw2pj8pVToBgwW1bKhXJTi+kRXDJ8dY3D4 3F2jpTfG87b1shdxrVXyp0omsx/KmUOSrcwGfsOeeYTXl8YCH5oFLGFaKK1q9yyiW4JZ W7z0tUvBRXBR24cv3oy26DEQEvrc+DvmG476urcEfnfKEEaiuiDWfqAKHHqigmYBCbRv XnHQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="PUKpR/ZY"; spf=pass (google.com: domain of fm-51332-2025110512140224c84dba1e00020705-yrxdgm@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-51332-2025110512140224c84dba1e00020705-YRXDgM@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id a640c23a62f3a-b724130ff62si17951066b.3.2025.11.05.04.14.02 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Nov 2025 04:14:02 -0800 (PST) Received-SPF: pass (google.com: domain of fm-51332-2025110512140224c84dba1e00020705-yrxdgm@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 2025110512140224c84dba1e00020705 for ; Wed, 05 Nov 2025 13:14:02 +0100 From: "'Quirin Gylstorff' via isar-users" To: isar-users@googlegroups.com, jan.kiszka@siemens.com, felix.moessbauer@siemens.com, cedric.hombourger@siemens.com Subject: [PATCH v7 12/13] Use lighttpd as a example how to add a dracut module Date: Wed, 5 Nov 2025 13:12:43 +0100 Message-ID: <20251105121350.114449-13-Quirin.Gylstorff@siemens.com> In-Reply-To: <20251105121350.114449-1-Quirin.Gylstorff@siemens.com> References: <20251105121350.114449-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="PUKpR/ZY"; spf=pass (google.com: domain of fm-51332-2025110512140224c84dba1e00020705-yrxdgm@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-51332-2025110512140224c84dba1e00020705-YRXDgM@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Quirin Gylstorff Reply-To: Quirin Gylstorff Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: neU82PGzg6X5 From: Quirin Gylstorff This example allows to add the lighttpd webserver to the initrd. The example shows the following use cases: - add a own service to the initrd - add a user via systemd - add file to configure a service Signed-off-by: Quirin Gylstorff --- .../dracut-example-lighttpd_0.1.bb | 44 ++++++++++++++++ .../dracut-example-lighttpd/files/install.sh | 20 +++++++ .../files/lighttpd.conf | 52 +++++++++++++++++++ .../files/lighttpd.service | 13 +++++ .../files/sysuser-lighttpd.conf | 2 + .../recipes-initramfs/images/isar-dracut.bb | 8 +++ 6 files changed, 139 insertions(+) create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service create mode 100644 meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb new file mode 100644 index 00000000..847e8817 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/dracut-example-lighttpd_0.1.bb @@ -0,0 +1,44 @@ +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff +# +# SPDX-License-Identifier: MIT +# +# This example adds the lighttpd server to the dracut initrd + +inherit dracut-module + +# Additional install instructions +DRACUT_INSTALL_CONTENT_FILE_NAME = "install.sh" + +DEBIAN_DEPENDS:append = ",lighttpd, kbd, passwd, \ + dracut-network, dbus-daemon, iproute2, \ + dracut-example-lighttpd, systemd-sysv, systemd-resolved, systemd-timesyncd" + +DEBIAN_DEPENDS:append:trixie = ", systemd-cryptsetup" + + +SRC_URI += "file://lighttpd.conf \ + file://lighttpd.service \ + file://sysuser-lighttpd.conf \ + " + +# lighttpd binaries +DRACUT_REQUIRED_BINARIES = "lighttpd \ + lighttpd-angel \ + lighttpd-disable-mod \ + lighttpd-enable-mod \ + lighty-enable-mod \ + " +# we need networking +DRACUT_MODULE_DEPENDENCIES = "systemd-network-management" + +do_install[cleandirs] += "${D}/usr/lib/sysusers.d/" +do_install() { + install -m 666 ${WORKDIR}/lighttpd.conf ${DRACUT_MODULE_PATH} + install -m 666 ${WORKDIR}/lighttpd.service ${DRACUT_MODULE_PATH} + # install sysuser to be used by dracut + install -m 666 ${WORKDIR}/sysuser-lighttpd.conf ${D}/usr/lib/sysusers.d/lighttpd.conf +} diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh new file mode 100644 index 00000000..b7295b94 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/install.sh @@ -0,0 +1,20 @@ +inst_multiple -o /usr/lib/lighttpd/*.so +inst_multiple -o /usr/share/lighttpd/* + +inst_simple "${moddir}/lighttpd.service" "$systemdsystemunitdir/lighttpd.service" +inst_simple "${moddir}/lighttpd.conf" /etc/lighttpd/lighttpd.conf + +# use the sysuser lighttpd config to create the necessary user +inst_sysusers lighttpd.conf + +mkdir -p -m 0700 "$initdir/etc/lighttpd/" +mkdir -p -m 0700 "$initdir/var/cache/lighttpd/compress" +mkdir -p -m 0700 "$initdir/var/cache/lighttpd/uploads" +mkdir -p -m 0700 "$initdir/var/log/lighttpd/" +mkdir -p -m 0755 "$initdir/var/www/html" + +/usr/bin/install -m 0644 /usr/share/lighttpd/index.html "$initdir/var/www/html/index.html" +touch "$moddir"/error.log +/usr/bin/install -m 0644 "$moddir"/error.log "$initdir/var/log/lighttpd/error.log" +chown -R www-data:www-data "$initdir/var/log/lighttpd/" +systemctl -q --root "$initdir" enable lighttpd diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf new file mode 100644 index 00000000..3a1bb351 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.conf @@ -0,0 +1,52 @@ +server.modules = ( + "mod_indexfile", + "mod_access", + "mod_alias", + "mod_redirect", +) + +server.document-root = "/var/www/html" +server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/run/lighttpd.pid" +server.username = "www-data" +server.groupname = "www-data" +server.port = 80 + +# features +#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails +server.feature-flags += ("server.h2proto" => "enable") +server.feature-flags += ("server.h2c" => "enable") +server.feature-flags += ("server.graceful-shutdown-timeout" => 5) +#server.feature-flags += ("server.graceful-restart-bg" => "enable") + +# strict parsing and normalization of URL for consistency and security +# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails +# (might need to explicitly set "url-path-2f-decode" = "disable" +# if a specific application is encoding URLs inside url-path) +server.http-parseopts = ( + "header-strict" => "enable",# default + "host-strict" => "enable",# default + "host-normalize" => "enable",# default + "url-normalize-unreserved"=> "enable",# recommended highly + "url-normalize-required" => "enable",# recommended + "url-ctrls-reject" => "enable",# recommended + "url-path-2f-decode" => "enable",# recommended highly (unless breaks app) + #"url-path-2f-reject" => "enable", + "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app) + #"url-path-dotseg-reject" => "enable", + #"url-query-20-plus" => "enable",# consistency in query string +) + +index-file.names = ( "index.php", "index.html" ) +url.access-deny = ( "~", ".inc" ) +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +# default listening port for IPv6 falls back to the IPv4 port +include "/etc/lighttpd/conf-enabled/*.conf" + +#server.compat-module-load = "disable" +server.modules += ( + "mod_dirlisting", + "mod_staticfile", +) diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service new file mode 100644 index 00000000..da8c9033 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/lighttpd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Lighttpd Daemon +DefaultDependencies=no + +[Service] +Type=simple +PIDFile=/run/lighttpd.pid +ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf +ExecReload=/bin/kill -USR1 $MAINPID +Restart=on-failure +[Install] +WantedBy=sysinit.target diff --git a/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf new file mode 100644 index 00000000..37060a65 --- /dev/null +++ b/meta-isar/recipes-initramfs/dracut-example-lighttpd/files/sysuser-lighttpd.conf @@ -0,0 +1,2 @@ +g www-data - - +u www-data - - /var/www /usr/sbin/nologin diff --git a/meta-isar/recipes-initramfs/images/isar-dracut.bb b/meta-isar/recipes-initramfs/images/isar-dracut.bb index 226fdeaa..aa55e360 100644 --- a/meta-isar/recipes-initramfs/images/isar-dracut.bb +++ b/meta-isar/recipes-initramfs/images/isar-dracut.bb @@ -14,4 +14,12 @@ INITRAMFS_PREINSTALL += " \ # Recipes that should be installed into the initramfs build rootfs. INITRAMFS_INSTALL += " \ + dracut-example-lighttpd \ " + +# This option does not work with some of the dracut modules in Debian +# as there is no standardized mapping between module name and package name +DRACUT_EXTRACT_MODULES_FROM_PACKAGE_NAMES = "True" + +# Alternative is to add the example module manually +#DRACUT_EXTRA_MODULES += "example-lighttpd" -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251105121350.114449-13-Quirin.Gylstorff%40siemens.com.