Re: [PATCH v4] isar-installer: Mount /tmp as tmpfs for read-only boot fix

["'Heinisch, Alexander' via isar-users" <isar-users@googlegroups.com>]

On Sun, 2025-06-29 at 16:28 -0400, 'Badrikesh Prusty' via isar-users
wrote:
> From: badrikesh prusty <badrikesh.prusty@siemens.com>
> 
> Fix image installation when isar-image-installer rootfs is booted as
> read-only
> by ensuring /tmp is mounted as tmpfs.
> 
> With the latest isar installer, Bmaptool now creates the
> /tmp/progress pipe to
> track and display installation progress in a progress bar.
> 
> To mount /tmp as tmpfs, this change utilizes systemd's tmp.mount. As
> tmp.mount
> is located in /usr/share/systemd/ for systemd versions up to Debian
> Bookworm,
> and in /usr/lib/systemd/system/tmp.mount for versions 256.x and
> newer, the file
> must be copied to /etc/systemd/system/.
> 
> Placing tmp.mount unit file in /etc/systemd/system/ ensures its
> configuration
> for /tmp takes precedence, overriding any entry found in /etc/fstab.
> 
> Signed-off-by: badrikesh prusty <badrikesh.prusty@siemens.com>
> ---
>  .../deploy-image/deploy-image_0.1.bb             |  6 ++++--
>  .../systemd-tmpfs-tmp/files/postinst             | 16
> ++++++++++++++++
>  .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb   | 13 +++++++++++++
>  3 files changed, 33 insertions(+), 2 deletions(-)
>  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> tmp/files/postinst
>  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> tmp/systemd-tmpfs-tmp_0.1.b
> b
> 
> diff --git a/meta-isar/recipes-installer/deploy-image/deploy-
> image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-
> image_0.1.bb
> index 54e521b5..b287a8d1 100644
> --- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
> +++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
> @@ -10,8 +10,10 @@ inherit dpkg-raw
>  SRC_URI = "file://usr/bin/deploy-image-wic.sh \
>             file://usr/lib/deploy-image-wic/handle-config.sh \
>            "
> -DEPENDS:bookworm += "bmap-tools"
> -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk,
> gdisk, pigz, xz-utils, pbzip2, zstd"
> +
> +DEPENDS:append:bookworm = " bmap-tools"
> +DEPENDS:append = " systemd-tmpfs-tmp"
> +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk,
> gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
>  do_install[cleandirs] = "${D}/usr/bin/ \
>                           ${D}/usr/lib/deploy-image-wic \
>                          "
> diff --git a/meta-isar/recipes-installer/systemd-tmpfs-
> tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-
> tmp/files/postinst
> new file mode 100644
> index 00000000..9d75025d
> --- /dev/null
> +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
> @@ -0,0 +1,16 @@
> +#!/bin/sh
> +
> +set -e
> +
> +DEST="/etc/systemd/system/tmp.mount"
Do we really want to overrule /etc/fstab?
Wouldn't `DEST="/usr/lib/systemd/system/tmp.mount"` be a more defensive
approach?

Repost from previous thread:
---
Systemd already provides some predefined behaviour to manage common
mounts like `/tmp`. [1]

"If a mount point is configured in both /etc/fstab and a unit file that
is stored below /usr/, the former will take precedence. If the unit
file is stored below /etc/, it will take precedence. This means: native
unit files take precedence over traditional configuration files, but
this is superseded by the rule that configuration in /etc/ will always
take precedence over configuration in /usr/."
- [2]

TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
takes care about fstab vs tmp.mount precedence as you try to enforce it
here.
Besides that, as this check is executed as postinst, it possibly leads
to undesired mount results, depending on package install order. e.g.
later packages modify `/etc/fstab`.
---
> +
> +if [ ! -e "${DEST}" ]; then
> +    # Possible source paths for tmp.mount
> +    for SRC in /usr/share/systemd/tmp.mount
> /usr/lib/systemd/system/tmp.mount; do
> +        # If the source file exists, copy it to the destination and
> exit the loop
> +        [ -e "${SRC}" ] && cp ${SRC} ${DEST} && break
> +    done
> +fi
> +
> +# Enable the mount unit using deb-systemd-helper; ignore errors if
> it fails
> +deb-systemd-helper enable tmp.mount || true
> diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-
> tmp/systemd-tmpfs-tmp_0.1.bb
> new file mode 100644
> index 00000000..c0ab1bcf
> --- /dev/null
> +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-
> tmp_0.1.bb
> @@ -0,0 +1,13 @@
> +# This software is a part of ISAR.
> +# Copyright (C) Siemens AG, 2025
> +#
> +# SPDX-License-Identifier: MIT
> +
> +inherit dpkg-raw
> +
> +DESCRIPTION = "Configures /tmp as systemd-managed temporary
> filesystem (tmpfs), ensuring read-write access even if rootfs is
> read-only"
> +MAINTAINER = "isar-users <isar-users@googlegroups.com>"
> +
> +SRC_URI = "file://postinst"
> +
> +DEBIAN_DEPENDS = "systemd"
> -- 
> 2.47.2
> 

-- 
Alexander Heinisch
Siemens AG
www.siemens.com

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/af0ea7ffa089cf03fcea247631c1b03ba375f850.camel%40siemens.com.