[Buildroot] [PATCH 1/6 v3] package/skeleton-systemd: move /var factory tmpfiles out of /etc

Norbert Lange nolange79 at gmail.com
Sun Nov 6 15:40:03 UTC 2022 

Am Di., 18. Okt. 2022 um 21:43 Uhr schrieb <yann.morin at orange.com>:
>
> When the rootfs is not remounted read-write (thus assuming a read-only
> rootfs like squashfs), we create a tmpfiles.d factory for /var.
>
> However, we register those in /etc/tmpfiles.d/, but /etc could also be
> a tmpfs (for full state-less systems, or easy factory-reset, see [0]).
>
> So, we move our var factory to /usr/lib/tmpfiles.d/, which is also the
> location where systemd itself places its own tmpfiles, and where we
> already put all our other tmpfiles (see audit, avahi, cryptsetup, dhcp,
> lighttpd, nfs-utils, quagga, samba4, swupdate) and our handling of
> systemd's catalog files too. We also rename the file to a better name,
> so that it is obvious it is generated by us (systemd already installs a
> var.conf of its own, so we want to avoid name clashing).
>
> Last little detail: there is no need or reason to create .../tmpfiles.d/
> at install time; it is only needed in the rootfs-pre-cmd hook, so we
> only create it just before we need it.
>
> [0] http://0pointer.de/blog/projects/stateless.html
>
> Signed-off-by: Yann E. MORIN <yann.morin at orange.com>
> Cc: Norbert Lange <nolange79 at gmail.com>
> Cc: Romain Naour <romain.naour at smile.fr>
> Cc: Jérémy Rosen <jeremy.rosen at smile.fr>
> [yann.morin.1998 at free.fr:
>   - split original patch in two
>   - this one only moves out of /etc and into /usr/lib
>   - adapt commit log accordingly
> ]
> Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
> ---
>  package/skeleton-init-systemd/skeleton-init-systemd.mk | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/skeleton-init-systemd/skeleton-init-systemd.mk b/package/skeleton-init-systemd/skeleton-init-systemd.mk
> index 795a171809..7b66732ef4 100644
> --- a/package/skeleton-init-systemd/skeleton-init-systemd.mk
> +++ b/package/skeleton-init-systemd/skeleton-init-systemd.mk
> @@ -29,7 +29,6 @@ else
>  # a real (but empty) directory, and the "factory files" will be copied
>  # back there by the tmpfiles.d mechanism.
>  define SKELETON_INIT_SYSTEMD_ROOT_RO_OR_RW
> -       mkdir -p $(TARGET_DIR)/etc/systemd/tmpfiles.d
>         echo "/dev/root / auto ro 0 1" >$(TARGET_DIR)/etc/fstab
>         echo "tmpfs /var tmpfs mode=1777 0 0" >>$(TARGET_DIR)/etc/fstab
>  endef
> @@ -38,6 +37,7 @@ define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
>         rm -rf $(TARGET_DIR)/usr/share/factory/var
>         mv $(TARGET_DIR)/var $(TARGET_DIR)/usr/share/factory/var
>         mkdir -p $(TARGET_DIR)/var
> +       mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
>         for i in $(TARGET_DIR)/usr/share/factory/var/* \
>                  $(TARGET_DIR)/usr/share/factory/var/lib/* \
>                  $(TARGET_DIR)/usr/share/factory/var/lib/systemd/*; do \
> @@ -51,7 +51,7 @@ define SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
>                         printf "C! %s - - - -\n" "$${j}" \
>                         || exit 1; \
>                 fi; \

>From tmpfiles.d docs: "C ... Recursively copy a file or directory, if
the destination files or directories do not
  exist yet or the destination directory is empty. Note that this
command will not descend into subdirectories
  if the destination directory already exists and is not empty.
Instead, the entire copy operation is skipped."

So all the drama could be just replaced with "C! /var - - - -\n" imho.

(non standard permissions/owner are probably gone either way)

> -       done >$(TARGET_DIR)/etc/tmpfiles.d/var-factory.conf
> +       done >$(TARGET_DIR)/usr/lib/tmpfiles.d/buildroot-factory.conf

How about naming this something like 00-buildroot-var.conf, so hopefully any
*.conf that might expect something in /var existing is executed later.

>  endef
>  SKELETON_INIT_SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SKELETON_INIT_SYSTEMD_PRE_ROOTFS_VAR
>
> --
> 2.25.1
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>

Regardless, the changes are an improvement, buildroot is the "distro"
and its special sauce
should reside inside /usr as much as possible.
Id highly recommend atleast changing the name to
00-buildroot-var.conf, other than that:

Acked-by: Norbert Lange <nolange79 at gmail.com>

More information about the buildroot mailing list