Re: [PATCH] meta-isar/example-raw: Remove /etc/resolv.conf in postinst

[Jan Kiszka <jan.kiszka@siemens.com>]

On 2018-04-17 15:20, Henning Schild wrote:
> Am Tue, 17 Apr 2018 15:03:28 +0200
> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> 
>> On 2018-04-17 14:46, [ext] Henning Schild wrote:
>>> Issue: debootstrap copies /etc/resolv.conf from the host into the
>>> rootfs, and we need it there to use apt-get. But we do not always
>>> want it there after we are done installing
>>>
>>> Fix: remove the leaked file in our image customization package, to
>>> reach a defined state. That happens to be the state we had with
>>> multistrap.
>>>
>>> Impact: images will not contain a resolv.conf anymore, just like in
>>> the multistrap days. If you want one do not install example-raw and
>>> customize in your own hook
>>>
>>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
>>> ---
>>>  meta-isar/recipes-app/example-raw/files/postinst | 4 ++++
>>>  1 file changed, 4 insertions(+)
>>>
>>> diff --git a/meta-isar/recipes-app/example-raw/files/postinst
>>> b/meta-isar/recipes-app/example-raw/files/postinst index
>>> f60be8c..385473e 100644 ---
>>> a/meta-isar/recipes-app/example-raw/files/postinst +++
>>> b/meta-isar/recipes-app/example-raw/files/postinst @@ -19,4 +19,8
>>> @@ chown -R isar:isar /var/lib/isar # but we take the same password
>>> for this example echo "root:root" | chpasswd
>>>  
>>> +# debootstrap will leak these two files from the build host, get
>>> them +# into a defined state
>>> +# every image will have to handle these two somehow
>>>  echo "isar" > /etc/hostname
>>> +rm -f /etc/resolv.conf  
>>
>> That cleaning should go into the generic images. It's not a
>> customization.
> 
> Just discussed that with Claudius offline. And we came to the
> conclusion that it can not really go anywhere else.
> 
> Instead our conclusion was, that these two files are special and every
> image should contain a customization script to bring those two into a
> defined state. We read debootstrap code and confirmed that it is these
> two files only. In fact we found resolv.conf after a question around
> hostname appeared.
> 
> If you delete them in the image-recipe, you can not tune them in hooks
> anymore. And the image needs them as long as it needs internet ... want
> to use apt-get.
> 
> We could handle them in a post do_rootfs task that end-users would
> override to customize. The bb-task would not be very debian-like and
> would open a tempting hack-vector that end-users might use to smuggle
> rootfs-changes around apt.

Host state shall not go into the image. Thus at least emptying that file
is mandatory. In case someone forgets that or is in no need for
networking, this should be done generically, not per customization. A
customization package can still ship its own file, I don't see the
problem here.

Jan
-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux