Re: [PATCH v4] isar-installer: Mount /tmp as tmpfs for read-only boot fix

["'Heinisch, Alexander' via isar-users" <isar-users@googlegroups.com>]

On Tue, 2025-07-01 at 23:00 -0700, 'Badrikesh Prusty' via isar-users
wrote:
> Hi,
> 
> I'm unsure why a defensive approach to avoid overruling /etc/fstab.

I thought this package is used to fill the gap for what comes with
later systemd versions >=256 as default.

> 

> My goal for systemd-tmpfs-tmp package (as it is configuration
> package) was for it to be an out-of-the-box solution requiring no
> additional configuration. Since users can choose whether to pre-
> install this package during build time, and if /tmp is already
> configured in /etc/fstab (if users aren't aware of), installing it
> will be ineffective, which could lead users to think it's not working
> as intended.

Valid argument.
> 


> Furthermore, systemd versions >= 256 now ship the tmp.mount unit file
> at /usr/lib/systemd/system/tmp.mount.
> 
> Any suggestions are welcome.
> 
> Thanks,
> Badrikesh
> On Wednesday, July 2, 2025 at 1:42:29 AM UTC+5:30 Heinisch, Alexander
> wrote:
> > On Sun, 2025-06-29 at 16:28 -0400, 'Badrikesh Prusty' via isar-
> > users
> > wrote:
> > > From: badrikesh prusty <badrikes...@siemens.com>
> > > 
> > > Fix image installation when isar-image-installer rootfs is booted
> > > as
> > > read-only
> > > by ensuring /tmp is mounted as tmpfs.
> > > 
> > > With the latest isar installer, Bmaptool now creates the
> > > /tmp/progress pipe to
> > > track and display installation progress in a progress bar.
> > > 
> > > To mount /tmp as tmpfs, this change utilizes systemd's tmp.mount.
> > > As
> > > tmp.mount
> > > is located in /usr/share/systemd/ for systemd versions up to
> > > Debian
> > > Bookworm,
> > > and in /usr/lib/systemd/system/tmp.mount for versions 256.x and
> > > newer, the file
> > > must be copied to /etc/systemd/system/.
> > > 
> > > Placing tmp.mount unit file in /etc/systemd/system/ ensures its
> > > configuration
> > > for /tmp takes precedence, overriding any entry found in
> > > /etc/fstab.
> > > 
> > > Signed-off-by: badrikesh prusty <badrikes...@siemens.com>
> > > ---
> > >  .../deploy-image/deploy-image_0.1.bb             |  6 ++++--
> > >  .../systemd-tmpfs-tmp/files/postinst             | 16
> > > ++++++++++++++++
> > >  .../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb   | 13
> > > +++++++++++++
> > >  3 files changed, 33 insertions(+), 2 deletions(-)
> > >  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/files/postinst
> > >  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/systemd-tmpfs-tmp_0.1.b
> > > b
> > > 
> > > diff --git a/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb
> > 
> > > index 54e521b5..b287a8d1 100644
> > > --- a/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb
> > 
> > > +++ b/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb
> > 
> > > @@ -10,8 +10,10 @@ inherit dpkg-raw
> > >  SRC_URI = "file://usr/bin/deploy-image-wic.sh \
> > >             file://usr/lib/deploy-image-wic/handle-config.sh \
> > >            "
> > > -DEPENDS:bookworm += "bmap-tools"
> > > -DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted,
> > > fdisk,
> > > gdisk, pigz, xz-utils, pbzip2, zstd"
> > > +
> > > +DEPENDS:append:bookworm = " bmap-tools"
> > > +DEPENDS:append = " systemd-tmpfs-tmp"
> > > +DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted,
> > > fdisk,
> > > gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
> > >  do_install[cleandirs] = "${D}/usr/bin/ \
> > >                           ${D}/usr/lib/deploy-image-wic \
> > >                          "
> > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/files/postinst
> > > new file mode 100644
> > > index 00000000..9d75025d
> > > --- /dev/null
> > > +++ b/meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/files/postinst
> > > @@ -0,0 +1,16 @@
> > > +#!/bin/sh
> > > +
> > > +set -e
> > > +
> > > +DEST="/etc/systemd/system/tmp.mount"
> > Do we really want to overrule /etc/fstab?
> > Wouldn't `DEST="/usr/lib/systemd/system/tmp.mount"` be a more
> > defensive
> > approach?
> > 
> > Repost from previous thread:
> > ---
> > Systemd already provides some predefined behaviour to manage common
> > mounts like `/tmp`. [1]
> > 
> > "If a mount point is configured in both /etc/fstab and a unit file
> > that
> > is stored below /usr/, the former will take precedence. If the unit
> > file is stored below /etc/, it will take precedence. This means:
> > native
> > unit files take precedence over traditional configuration files,
> > but
> > this is superseded by the rule that configuration in /etc/ will
> > always
> > take precedence over configuration in /usr/."
> > - [2]
> > 
> > TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
> > takes care about fstab vs tmp.mount precedence as you try to
> > enforce it
> > here.
> > Besides that, as this check is executed as postinst, it possibly
> > leads
> > to undesired mount results, depending on package install order.
> > e.g.
> > later packages modify `/etc/fstab`.
> > ---
> > > +
> > > +if [ ! -e "${DEST}" ]; then
> > > +    # Possible source paths for tmp.mount
> > > +    for SRC in /usr/share/systemd/tmp.mount
> > > /usr/lib/systemd/system/tmp.mount; do
> > > +        # If the source file exists, copy it to the destination
> > > and
> > > exit the loop
> > > +        [ -e "${SRC}" ] && cp ${SRC} ${DEST} && break
> > > +    done
> > > +fi
> > > +
> > > +# Enable the mount unit using deb-systemd-helper; ignore errors
> > > if
> > > it fails
> > > +deb-systemd-helper enable tmp.mount || true
> > > diff --git a/meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/systemd-
> > > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-
> > > tmp/systemd-tmpfs-tmp_0.1.bb
> > 
> > > new file mode 100644
> > > index 00000000..c0ab1bcf
> > > --- /dev/null
> > > +++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> > > tmpfs-
> > > tmp_0.1.bb
> > 
> > > @@ -0,0 +1,13 @@
> > > +# This software is a part of ISAR.
> > > +# Copyright (C) Siemens AG, 2025
> > > +#
> > > +# SPDX-License-Identifier: MIT
> > > +
> > > +inherit dpkg-raw
> > > +
> > > +DESCRIPTION = "Configures /tmp as systemd-managed temporary
> > > filesystem (tmpfs), ensuring read-write access even if rootfs is
> > > read-only"
> > > +MAINTAINER = "isar-users <isar-...@googlegroups.com>"
> > > +
> > > +SRC_URI = "file://postinst"
> > > +
> > > +DEBIAN_DEPENDS = "systemd"
> > > -- 
> > > 2.47.2
> > > 
> > 
> > -- 
> > Alexander Heinisch
> > Siemens AG
> > www.siemens.com
> > 

-- 
Alexander Heinisch
Siemens AG
www.siemens.com

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/eec2deb5e40bed773ca1b6406665a0a30114793e.camel%40siemens.com.