clearfog: RO rootfs, transient RW overlay at /etc
We cannot use systemd's volatile root because that one requires an
initrd which we do not have. Also, my attempts to do this via tmpfiles.d
run into issues with dependencies. Doing this manually is probably the
safest option.
IMHO, there's a lot of assumptions for the writability of /etc. Sysrepo
is just one of them; there's /etc/shadow for managing passwords, and so
on. It's true that many daemons support distincts set of configurations,
one in /etc and another in /run (a tmpfs), but still -- there's always
an issue in *where* to save these bits if we want a R/O rootfs. How do
we mount /etc early enough from within systemd? That appears to be
virtually impossible without an initrd, and I still haven't gotten up on
that idea to not require (and to not have to generate) an initrd...
FIXME: No changes are being saved, for now.
Change-Id: Id9e5110f2876d55b117570a3dfa2ed0520785ff4
diff --git a/board/czechlight/common/hack-systemd-rw-root.sh b/board/czechlight/common/hack-systemd-rw-root.sh
deleted file mode 100755
index 4416b20..0000000
--- a/board/czechlight/common/hack-systemd-rw-root.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-sed -i 's|^\(/dev/root.*\) ro|\1 rw|' ${TARGET_DIR}/etc/fstab
diff --git a/board/czechlight/common/kconfig b/board/czechlight/common/kconfig
index d2196e7..87a0c85 100644
--- a/board/czechlight/common/kconfig
+++ b/board/czechlight/common/kconfig
@@ -59,3 +59,6 @@
# Watchdog bits
CONFIG_WATCHDOG_NOWAYOUT=y
CONFIG_WATCHDOG_SYSFS=y
+
+# protecting /etc
+CONFIG_OVERLAY_FS=y
diff --git a/board/czechlight/common/overlay/.ov/.keep b/board/czechlight/common/overlay/.ov/.keep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/board/czechlight/common/overlay/.ov/.keep
diff --git a/board/czechlight/common/overlay/etc/fstab b/board/czechlight/common/overlay/etc/fstab
new file mode 100644
index 0000000..92681bd
--- /dev/null
+++ b/board/czechlight/common/overlay/etc/fstab
@@ -0,0 +1,3 @@
+/dev/root / auto ro 0 1
+tmpfs /var tmpfs mode=1777 0 0
+tmpfs /.ov tmpfs mode=0700 0 0
diff --git a/board/czechlight/common/overlay/usr/lib/systemd/system/etc-overlay.service b/board/czechlight/common/overlay/usr/lib/systemd/system/etc-overlay.service
new file mode 100644
index 0000000..625e72b
--- /dev/null
+++ b/board/czechlight/common/overlay/usr/lib/systemd/system/etc-overlay.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Overlay filesystem over /etc
+DefaultDependencies=no
+Conflicts=umount.target
+Before=local-fs.target umount.target
+After=swap.target \x2eov.mount
+
+[Service]
+Type=oneshot
+ExecStart=/bin/mkdir /.ov/etc-u
+ExecStart=/bin/mkdir /.ov/etc-w
+# Moving /etc/machine-id. Cannot --move, we have to --bind.
+ExecStart=/bin/touch /.ov/etc-machine-id
+ExecStart=/bin/mount --bind /etc/machine-id /.ov/etc-machine-id
+ExecStart=/bin/umount /etc/machine-id
+ExecStart=/bin/mount overlay -t overlay /etc -olowerdir=/etc,upperdir=/.ov/etc-u,workdir=/.ov/etc-w
+ExecStart=/bin/mount --bind /.ov/etc-machine-id /etc/machine-id
+ExecStart=/bin/umount /.ov/etc-machine-id
diff --git a/board/czechlight/common/overlay/usr/lib/systemd/system/local-fs.target.wants/etc-overlay.service b/board/czechlight/common/overlay/usr/lib/systemd/system/local-fs.target.wants/etc-overlay.service
new file mode 120000
index 0000000..081d54a
--- /dev/null
+++ b/board/czechlight/common/overlay/usr/lib/systemd/system/local-fs.target.wants/etc-overlay.service
@@ -0,0 +1 @@
+../etc-overlay.service
\ No newline at end of file
diff --git a/configs/czechlight_clearfog_defconfig b/configs/czechlight_clearfog_defconfig
index 305370a..863bed3 100644
--- a/configs/czechlight_clearfog_defconfig
+++ b/configs/czechlight_clearfog_defconfig
@@ -12,7 +12,6 @@
BR2_TARGET_GENERIC_GETTY_BAUDRATE_115200=y
# BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set
BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_CZECHLIGHT_PATH)/board/czechlight/common/overlay/ $(BR2_EXTERNAL_CZECHLIGHT_PATH)/board/czechlight/clearfog/overlay/"
-BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_CZECHLIGHT_PATH)/board/czechlight/common/hack-systemd-rw-root.sh"
BR2_ROOTFS_POST_IMAGE_SCRIPT="support/scripts/genimage.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="-c $(BR2_EXTERNAL_CZECHLIGHT_PATH)/board/czechlight/clearfog/genimage.cfg"
BR2_LINUX_KERNEL=y