Re: [PATCH] isar-installer: Mount /tmp as tmpfs for read-only boot fix

["'Badrikesh Prusty' via isar-users" <isar-users@googlegroups.com>]

[-- Attachment #1.1: Type: text/plain, Size: 8986 bytes --]

Hi,

Sorry for the delay.
Thanks for your feedback. I just tried few use cases based on your comment.
On Debian Bookworm, works as expected.
On Debian Trixie, I assumed tmp.mount from /usr/lib/systemd/system/ gets 
symlinked to /etc/systemd/system/ when we do systemctl enable, but it 
didn't work.

Case 1: /tmp defined in /etc/fstab, service file: 
/usr/lib/systemd/system/tmp.mount, systemctl enable didn't work as /tmp is 
managed by fstab
Result: The /etc/fstab entry for /tmp is in effect.

Case 2: /tmp defined in /etc/fstab, service file: 
/usr/lib/systemd/system/tmp.mount copied to /etc/systemd/system/tmp.mount
Result: The unit file /etc/systemd/system/tmp.mount configuration for /tmp 
is in effect.

Will send an updated patch soon.

Thanks,
Badrikesh
On Monday, June 16, 2025 at 6:26:11 PM UTC+5:30 Heinisch, Alexander wrote:

> On Mon, 2025-06-16 at 03:01 -0700, 'Badrikesh Prusty' via isar-users
> wrote:
> > > Hi,
> > > 
> > > Thanks for your feedback. Added DESCRIPTION and MAINTAINER field
> > > and
> > > updated to DEPENDS:append:bookworm.
> > > I had the same feeling when DEPENDS += wasn't working while
> > > DEPENDS:bookworm += was set, but I didn't investigate much since
> > > DEPENDS:append worked. Thank you for the clarification.
> > > 
> > > Badrikesh
> > > 
> > > On Monday, June 16, 2025 at 12:09:34 PM UTC+5:30 MOESSBAUER, Felix
> > > wrote:
> > > > > On Fri, 2025-06-13 at 13:23 -0400, 'Badrikesh Prusty' via
> > > > > isar-users
> > > > > wrote:
> > > > > > > Fix image installation when isar-image-installer rootfs is
> > > > > > > booted
> > > > > > > as
> > > > > > > read-only
> > > > > > > by ensuring /tmp is mounted as tmpfs.
> > > > > > > This change utilizes systemd's tmp.mount to mount /tmp as
> > > > > > > tmpfs.
> > > > > > > Since systemd
> > > > > > > versions up to Debian Bookworm ship tmp.mount in
> > > > > > > /usr/share/systemd/,
> > > > > > > the file
> > > > > > > must be copied to a directory where systemctl can enable
> > > > > > > it.
> > > > > > > For systemd versions 256.x and newer, tmp.mount is shipped
> > > > > > > in the
> > > > > > > appropriate
> > > > > > > location: /usr/lib/systemd/system/tmp.mount
> > > > > > > 
> > > > > > > Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com>
> > > > > > > ---
> > > > > > >  .../deploy-image/deploy-image_0.1.bb              |  3 ++-
> > > > > > >  .../systemd-tmpfs-tmp/files/postinst              | 15
> > > > > > > +++++++++++++++
> > > > > > >  .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb    | 10
> > > > > > > ++++++++++
> > > > > > >  3 files changed, 27 insertions(+), 1 deletion(-)
> > > > > > >  create mode 100644 meta-isar/recipes-installer/systemd-
> > > > > > > tmpfs-
> > > > > > > tmp/files/postinst
> > > > > > >  create mode 100644 meta-isar/recipes-installer/systemd-
> > > > > > > tmpfs-
> > > > > > > tmp/systemd-tmpfs-tmp_0.1.bb
> > > > > 
> > > > > > > 
> > > > > > > diff --git a/meta-isar/recipes-installer/deploy-
> > > > > > > image/deploy-
> > > > > > > image_0.1.bb b/meta-isar/recipes-installer/deploy-
> > > > > > > image/deploy-
> > > > > > > image_0.1.bb
> > > > > 
> > > > > > > index 54e521b5..e67feae5 100644
> > > > > > > ---
> > > > > > > a/meta-isar/recipes-installer/deploy-image/deploy-
> > > > > > > image_0.1.bb
> > > > > 
> > > > > > > +++
> > > > > > > b/meta-isar/recipes-installer/deploy-image/deploy-
> > > > > > > image_0.1.bb
> > > > > 
> > > > > > > @@ -11,7 +11,8 @@ SRC_URI =
> > > > > > > "file://usr/bin/deploy-image-wic.sh \
> > > > > > >            
> > > > > > > file://usr/lib/deploy-image-wic/handle-config.sh \
> > > > > > >            "
> > > > > > >  DEPENDS:bookworm += "bmap-tools"
> > > > > > > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux,
> > > > > > > parted,
> > > > > > > fdisk,
> > > > > > > gdisk, pigz, xz-utils, pbzip2, zstd"
> > > > > > > +DEPENDS:append = " systemd-tmpfs-tmp"
> > > > > 
> > > > > The combination of DEPENDS:bookworm += ... and DEPENDS:append
> > > > > is
> > > > > dangerous. We better refactor this to DEPENDS:append:bookworm =
> > > > > "
> > > > > ...",
> > > > > DEPENDS:append = " ...".
> > > > > 
> > > > > > > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux,
> > > > > > > parted,
> > > > > > > fdisk,
> > > > > > > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
> > > > > > >  do_install[cleandirs] = "${D}/usr/bin/ \
> > > > > > >                           ${D}/usr/lib/deploy-image-wic \
> > > > > > >                          "
> > > > > > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-
> > > > > > > tmp/files/postinst b/meta-isar/recipes-installer/systemd-
> > > > > > > tmpfs-
> > > > > > > tmp/files/postinst
> > > > > > > new file mode 100644
> > > > > > > index 00000000..be1594e6
> > > > > > > --- /dev/null
> > > > > > > +++
> > > > > > > b/meta-isar/recipes-installer/systemd-tmpfs-
> > > > > > > tmp/files/postinst
> > > > > > > @@ -0,0 +1,15 @@
> > > > > > > +#!/bin/sh
> > > > > > > +
> > > > > > > +set -e
> > > > > > > +
> > > > > > > +# Enable tmp.mount if /tmp is NOT configured in /etc/fstab
> > > > > > > 
>
> Systemd already provides some predefined behaviour to manage common
> mounts like `/tmp`. [1]
>
> "If a mount point is configured in both /etc/fstab and a unit file that
> is stored below /usr/, the former will take precedence. If the unit
> file is stored below /etc/, it will take precedence. This means: native
> unit files take precedence over traditional configuration files, but
> this is superseded by the rule that configuration in /etc/ will always
> take precedence over configuration in /usr/."
> - [2]
>
> TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
> takes care about fstab vs tmp.mount precedence as you try to enforce it
> here.
> Besides that, as this check is executed as postinst, it possibly leads
> to undesired mount results, depending on package install order. e.g.
> later packages modify `/etc/fstab`.
>
> > > > > > > +if ! grep -q '/tmp' /etc/fstab; then
> > > > > > > +    # Ensure tmp.mount exists in systemd path
> > > > > > > +    if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -
> > > > > > > e
> > > > > > > /etc/systemd/system/tmp.mount ]; then
> > > > > > > +        cp /usr/share/systemd/tmp.mount
> > > > > > > /etc/systemd/system/tmp.mount
> > > > > > > +    fi
> > > > > > > +
> > > > > > > +    # Enable the mount unit using deb-systemd-helper
> > > > > > > +    deb-systemd-helper enable tmp.mount || true
> > > > > > > +fi
> > > > > > > +
> > > > > > > diff --git
> > > > > > > a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> > > > > > > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-
> > > > > > > tmpfs-
> > > > > > > tmp/systemd-tmpfs-tmp_0.1.bb
> > > > > 
> > > > > > > new file mode 100644
> > > > > > > index 00000000..821cdd5f
> > > > > > > --- /dev/null
> > > > > > > +++
>
> Is this recipe somehow aligned with the one already available in isar-
> cip-core?
> [3] CC: Quirin
>
> Imo, this recipe aims for a similar result, but provides more complete
> dependencies. Both overrule systemd filesystem api semantics [1,2] as
> they put the unit file under `/etc/systemd/system/` (as described
> above).
>
> 1: https://systemd.io/API_FILE_SYSTEMS/
> 2:
> https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html#
> 3:
>
> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/recipes-core/tmp-fs/tmp-fs_0.2.bb?ref_type=heads
>
> > > > > > > b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> > > > > > > tmpfs-
> > > > > > > tmp_0.1.bb
> > > > > 
> > > > > > > @@ -0,0 +1,10 @@
> > > > > > > +# This software is a part of ISAR.
> > > > > > > +# Copyright (C) Siemens AG, 2024
> > > > > > > +#
> > > > > > > +# SPDX-License-Identifier: MIT
> > > > > > > +
> > > > > > > +inherit dpkg-raw
> > > > > > > +
> > > > > > > +SRC_URI = "file://postinst"
> > > > > > > +
> > > > > > > +DEBIAN_DEPENDS = "systemd"
> > > > > 
> > > > > Please also set the DESCRIPTION and MAINTAINER fields.
> > > > > 
> > > > > Felix
> > > > > 
> > > > > > > -- 
> > > > > > > 2.39.5
> > > > > 
> > > > > -- 
> > > > > Siemens AG
> > > > > Linux Expert Center
> > > > > Friedrich-Ludwig-Bauer-Str. 3
> > > > > 85748 Garching, Germany
> > > > > 
>
> BR Alexander
>
> -- 
> Alexander Heinisch
> Siemens AG
> www.siemens.com
>
> -- 
> Alexander Heinisch
> Siemens AG
> www.siemens.com
>

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/76420668-ff1f-4d75-87e7-56bdf58b1393n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 16761 bytes --]