summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJesse Hathaway <jesse@mbuki-mvuki.org>2007-10-23 16:56:43 -0400
committerDaniel Baumann <daniel@debian.org>2011-03-09 18:22:28 +0100
commita7491e13497b24d20517535ae7c767c7f32c40a1 (patch)
tree1105c23f66cc7491fd92be00c7893f576f822bd5
parent2a75e5b712d7b9ed4d6680a59e0dcdfa335bc8f5 (diff)
downloadvyos-live-build-a7491e13497b24d20517535ae7c767c7f32c40a1.tar.gz
vyos-live-build-a7491e13497b24d20517535ae7c767c7f32c40a1.zip
add exposedroot option which exposes the root fs as ro
This option allows you to expose the root read only. Using this option a person could upgrade the root filesystem or add packages without requiring the user to reboot. The root filesystem could be kept on an nfs volume or some other persistent medium. Multiple clients could then be booted off the same root fs. I used LTSP as a template to determine which directories to make rw.
-rwxr-xr-xfunctions/defaults.sh3
-rwxr-xr-xhelpers/lh_binary_grub5
-rwxr-xr-xhelpers/lh_binary_syslinux5
-rwxr-xr-xhelpers/lh_binary_yaboot5
-rwxr-xr-xhelpers/lh_chroot_hacks39
-rwxr-xr-xhelpers/lh_chroot_hosts5
-rwxr-xr-xhelpers/lh_config12
7 files changed, 71 insertions, 3 deletions
diff --git a/functions/defaults.sh b/functions/defaults.sh
index 715e568ae..8a876f0ea 100755
--- a/functions/defaults.sh
+++ b/functions/defaults.sh
@@ -298,6 +298,9 @@ Set_defaults ()
# Setting chroot filesystem
LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM:-squashfs}"
+ # Setting whether to expose root filesystem as read only
+ LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT:-disabled}"
+
# Setting union filesystem
if [ -z "${LH_UNION_FILESYSTEM}" ]
then
diff --git a/helpers/lh_binary_grub b/helpers/lh_binary_grub
index 9ba328660..1c05962e4 100755
--- a/helpers/lh_binary_grub
+++ b/helpers/lh_binary_grub
@@ -178,6 +178,11 @@ then
LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
fi
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+ LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/ //')"
# Parameters are listed at: linux/Documentation/kernel-parameters.txt
diff --git a/helpers/lh_binary_syslinux b/helpers/lh_binary_syslinux
index 68fa0f3d0..a6eb4000f 100755
--- a/helpers/lh_binary_syslinux
+++ b/helpers/lh_binary_syslinux
@@ -403,6 +403,11 @@ then
LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
fi
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+ LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
if [ "${LH_BINARY_IMAGES}" = "net" ]
then
case "${LH_NET_FILESYSTEM}" in
diff --git a/helpers/lh_binary_yaboot b/helpers/lh_binary_yaboot
index 8cffb3f7c..93fc0bbbb 100755
--- a/helpers/lh_binary_yaboot
+++ b/helpers/lh_binary_yaboot
@@ -186,6 +186,11 @@ then
LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
fi
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+ LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/ //')"
# Parameters are listed at: linux/Documentation/kernel-parameters.txt
diff --git a/helpers/lh_chroot_hacks b/helpers/lh_chroot_hacks
index da2be1723..6eaef4f04 100755
--- a/helpers/lh_chroot_hacks
+++ b/helpers/lh_chroot_hacks
@@ -111,5 +111,44 @@ then
chown -R --quiet 999:999 chroot/home/${LH_USERNAME}
fi
+if [ "${LH_EXPOSED_ROOT}" = "enabled" ]
+then
+ # Make sure RW dirs exist so that the initramfs script has
+ # a directory in which to bind the tmpfs filesystems
+ COW_DIRS='/tmp /var/tmp /var/lock /var/run /var/lib/live /var/log
+ /var/spool /home /live'
+ for DIR in ${COW_DIRS}; do
+ mkdir -p chroot${DIR}
+ done
+
+ # Config files which need to be RW
+ CONFIG_FILES='/etc/hostname /etc/hosts /etc/resolv.conf /etc/fstab
+ /etc/live.conf /etc/network/interfaces /etc/X11/xorg.conf
+ /etc/udev/rules.d/z25_persistent-net.rules
+ /etc/udev/rules.d/z25_persistent-cd.rules'
+
+ # Where we will store RW config files
+ RW_DIR='/var/lib/live'
+
+ for FILE_PATH in ${CONFIG_FILES}
+ do
+ # Touch files in case they don't yet exist
+ FILE_DIR=$(dirname ${FILE_PATH})
+ mkdir -p chroot${FILE_DIR}
+ touch chroot${FILE_PATH}
+ FILE_NAME=$(basename ${FILE_PATH})
+ mkdir -p chroot${RW_DIR}${FILE_DIR}
+ mv chroot${FILE_PATH} chroot${RW_DIR}${FILE_DIR}
+ # Create a symbolic link to RW config file
+ RELATIVE_PATH=$(echo ${FILE_DIR}|sed 's/[^\/]\+/../g; s/^\///g')
+ ln -s ${RELATIVE_PATH}${RW_DIR}${FILE_PATH} chroot${FILE_PATH}
+ done
+
+ # Mount doesn't write to a symlink so use /proc/mounts instead,
+ # see debian bug #154438 for more info
+ rm chroot/etc/mtab
+ ln -s /proc/mounts chroot/etc/mtab
+fi
+
# Creating stage file
Create_stagefile .stage/chroot_hacks
diff --git a/helpers/lh_chroot_hosts b/helpers/lh_chroot_hosts
index c4d633e35..848038369 100755
--- a/helpers/lh_chroot_hosts
+++ b/helpers/lh_chroot_hosts
@@ -87,8 +87,9 @@ EOF
# Restore hosts file
mv chroot/etc/hosts.orig chroot/etc/hosts
else
- # Remove hosts file
- rm -f chroot/etc/hosts
+ # Blank out hosts file, don't remove in case
+ # its a symlink, as in the case of exposedroot mode
+ cat /dev/null > chroot/etc/hosts
fi
# Removing stage file
diff --git a/helpers/lh_config b/helpers/lh_config
index 5fc2f7cf5..c702b7d86 100755
--- a/helpers/lh_config
+++ b/helpers/lh_config
@@ -96,12 +96,13 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
\t [--tasks TASK]\n\
\t [--templates PATH]\n\
\t [--union-filesystem aufs|unionfs]\n\
+\t [--exposed-root enabled|disabled]\n\
\t [--username NAME]\n\
\t [--verbose]"
Local_arguments ()
{
- ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"
+ ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,exposed-root:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"
if [ "${?}" != "0" ]
then
@@ -317,6 +318,11 @@ Local_arguments ()
shift 2
;;
+ --exposed-root)
+ LH_EXPOSED_ROOT="${2}"
+ shift 2
+ ;;
+
--hooks)
LH_HOOKS="${2}"
shift 2
@@ -773,6 +779,10 @@ LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM}"
# (Default: ${LH_UNION_FILESYSTEM}
LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM}"
+# \$LH_EXPOSED_ROOT: expose root as read only
+# (Default: ${LH_EXPOSED_ROOT})
+LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT}"
+
# \$LH_HOOKS: set hook commands
# (Default: empty)
LH_HOOKS="${LH_HOOKS}"