Re: [PATCH v2] classes/rootfs: remove content of /dev, /run and vmlinux old

["MOESSBAUER, Felix" <felix.moessbauer@siemens.com>]

On Fri, 2024-04-26 at 10:55 +0200, Baurzhan Ismagulov wrote:
> On 2024-04-25 09:13, 'Quirin Gylstorff' via isar-users wrote:
> > `/dev` and `/run` contain artifacts from the ISAR build clean them
> > up for reproducability.
> 
> Suggest "Isar" and "reproducibility".
> 
> 
> > diff --git a/meta/classes/image.bbclass
> > b/meta/classes/image.bbclass
> > index 98741da0..4af0d448 100644
> > --- a/meta/classes/image.bbclass
> > +++ b/meta/classes/image.bbclass
> > @@ -427,12 +427,17 @@ do_rootfs_finalize() {
> >              rmdir --ignore-fail-on-non-empty ${ROOTFSDIR}/base-apt
> >  
> >          mountpoint -q '${ROOTFSDIR}/dev' && \
> > -            umount -l ${ROOTFSDIR}/dev
> > +            umount -l -R ${ROOTFSDIR}/dev && \
> > +            rm -rf ${ROOTFSDIR}/dev/*
> > +
> >          mountpoint -q '${ROOTFSDIR}/proc' && \
> >              umount -l ${ROOTFSDIR}/proc
> >          mountpoint -q '${ROOTFSDIR}/sys' && \
> >              umount -l ${ROOTFSDIR}/sys
> >  
> > +        rm -rf ${ROOTFSDIR}/run/*
> > +        rm -f ${ROOTFSDIR}/vmlinuz.old
> > +
> 
> Could you provide the list of the specific files that you want to
> have removed?
> 
> Debian normally has /dev populated even though devtmpfs is mounted
> later on top

This is probably just an artifact of the bootstrapping, but not written
in any debian policy. As debian uses systemd (and we anyways only
support this init system), we should follow the "man file-hierarchy".
There a devtmpfs is always mounted on /dev. What's the point then to
still keep the dirs and files there?

> of it. If the problem is that the entries have different timestamps
> on
> different builds, then the question is not limited to /dev but
> applies to any
> files created in postinstall scripts. I don't think the general
> approach should
> be to remove such files at the meta level.

The timestamps are already clamped by the rootfs postprocessing,
however this is a leak of host resources into the rootfs. Which files
are under /dev depends on the devtmpfs implementation - which depends
on the host kernel.

I propose to just clear these directories.

> 
> On an unrelated note, we've tested non-lazy mounts and haven't
> observed any
> issues; we'll share the patches for it as well as for recursive
> mounts.

That would be great.

Felix

> 
> With kind regards,
> Baurzhan

-- 
Siemens AG, Technology
Linux Expert Center