[PATCH] Add exposed root option
> This patch allows you to expose the root read only, this
> way you could upgrade the root filesystem without requiring
> the user to reboot. The root filesystem could be kept on
> an nfs volume or some other persistent medium. Multiple
> clients could then be booted off the same root fs. I used
> ltsp as a template to determine which directories to make rw.
>
> This is the first cut, suggestions are welcome.
>
> Bugs:
>
> X will not work because xdebconfigurator uses debconf to
> change values. You can still set things up manually with
> X -configure
Daniel,
any thoughts or suggestions on this patch?
thanks,
Jesse
> commit 516fc6fad24b0114376886a2f2847e790f1c5ad0
> Author: Jesse Hathaway <jesse at mbuki-mvuki.org>
> Date: Tue Oct 2 12:18:40 2007 -0400
>
> add option --exposed-root which allows the root
> filesystem to be read only and not covered by
> the union filesystem
>
> diff --git a/functions/defaults.sh b/functions/defaults.sh
> index 5d971d8..611c88c 100755
> --- a/functions/defaults.sh
> +++ b/functions/defaults.sh
> @@ -432,6 +432,9 @@ Set_defaults ()
> # Setting chroot filesystem
> LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM:-squashfs}"
>
> + # Setting whether to expose root filesystem as read only
> + LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT:-disabled}"
> +
> # Setting union filesystem
> LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM:-unionfs}"
>
> diff --git a/helpers/lh_binary_grub b/helpers/lh_binary_grub
> index 4bb5f7d..6ba7937 100755
> --- a/helpers/lh_binary_grub
> +++ b/helpers/lh_binary_grub
> @@ -172,6 +172,11 @@ then
> esac
> fi
>
> +if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
> +then
> + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
> +fi
> +
> if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
> then
> LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
> diff --git a/helpers/lh_binary_syslinux b/helpers/lh_binary_syslinux
> index 92963ea..2b964c9 100755
> --- a/helpers/lh_binary_syslinux
> +++ b/helpers/lh_binary_syslinux
> @@ -236,6 +236,11 @@ then
> esac
> fi
>
> +if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
> +then
> + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
> +fi
> +
> if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
> then
> LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
> diff --git a/helpers/lh_binary_yaboot b/helpers/lh_binary_yaboot
> index e3f8df3..646349a 100755
> --- a/helpers/lh_binary_yaboot
> +++ b/helpers/lh_binary_yaboot
> @@ -180,6 +180,11 @@ then
> esac
> fi
>
> +if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
> +then
> + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
> +fi
> +
> if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
> then
> LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
> diff --git a/helpers/lh_chroot_hacks b/helpers/lh_chroot_hacks
> index da2be17..ba94ee8 100755
> --- a/helpers/lh_chroot_hacks
> +++ b/helpers/lh_chroot_hacks
> @@ -113,3 +113,40 @@ fi
>
> # Creating stage file
> Create_stagefile .stage/chroot_hacks
> +
> +if [ "${LH_EXPOSED_ROOT}" = "enabled" ]
> +then
> + # make sure rw dirs exist so that the initramfs script has
> + # directory in which to bind the tmpfs filesystems
> + cow_dirs='/tmp /var/tmp /var/lock /var/run /var/lib/live /var/log
> + /var/spool /home /live'
> + for dir in ${cow_dirs}; do
> + mkdir -p chroot${dir}
> + done
> +
> + # config rw files
> + config_files='/etc/hostname /etc/hosts /etc/resolv.conf /etc/fstab
> + /etc/live.conf /etc/network/interfaces /etc/X11/xorg.conf
> + /etc/udev/rules.d/z25_persistent-net.rules
> + /etc/udev/rules.d/z25_persistent-cd.rules'
> +
> + rw_dir='/var/lib/live'
> +
> + for file_path in ${config_files}; do
> + # touch files in case they don't yet exist
> + file_dir=${file_path%/*}
> + mkdir -p chroot${file_dir}
> + touch chroot${file_path}
> + file_name=$(basename $file_path)
> + mkdir -p chroot${rw_dir}${file_dir}
> + mv chroot${file_path} chroot${rw_dir}${file_dir}
> + relative_path=$(echo $file_dir|sed 's/[^\/]\+/../g; s/^\///g')
> + ln -s ${relative_path}${rw_dir}${file_path} chroot${file_path}
> + done
> +
> + # mount doesnt write to a symlink so use /proc/mounts instead
> + # see debian bug #154438 for more info
> + rm chroot/etc/mtab
> + ln -s /proc/mounts chroot/etc/mtab
> +
> +fi
> diff --git a/helpers/lh_config b/helpers/lh_config
> index 0c4c256..be092a0 100755
> --- a/helpers/lh_config
> +++ b/helpers/lh_config
> @@ -53,6 +53,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
> \t [--debug]\n\
> \t [-d|--distribution CODENAME]\n\
> \t [-e|--encryption aes128|aes192|aes256]\n\
> +\t [--exposed-root enabled|disabled]\n\
> \t [--force]\n\
> \t [--genisoimage genisomage|mkisofs]\n\
> \t [--grub-splash FILE]\n\
> @@ -101,7 +102,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
>
> Local_arguments ()
> {
> - ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,iso-memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"
> + ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,exposed-root:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,iso-memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"
>
> if [ "${?}" != "0" ]
> then
> @@ -317,6 +318,11 @@ Local_arguments ()
> shift 2
> ;;
>
> + --exposed-root)
> + LH_EXPOSED_ROOT="${2}"
> + shift 2
> + ;;
> +
> --union-filesystem)
> LH_UNION_FILESYSTEM="${2}"
> shift 2
> @@ -769,6 +775,10 @@ cat > config/chroot << EOF
> # (Default: ${LH_CHROOT_FILESYSTEM})
> LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM}"
>
> +# \$LH_EXPOSED_ROOT: expose root as read only
> +# (Default: ${LH_EXPOSED_ROOT})
> +LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT}"
> +
> # \$LH_UNION_FILESYSTEM: set union filesystem
> # (Default: ${LH_UNION_FILESYSTEM}
> LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM}"
> commit 17c2f2f1739edb845a62e428f554ff750dbed000
> Author: Jesse Hathaway <jesse at mbuki-mvuki.org>
> Date: Tue Oct 2 12:20:02 2007 -0400
>
> add code to support --exposed-root in live-helper
>
> diff --git a/scripts/live b/scripts/live
> index d4b253b..16c7eea 100755
> --- a/scripts/live
> +++ b/scripts/live
> @@ -362,6 +362,11 @@ Arguments ()
> export TORAM MODULETORAM
> ;;
>
> + exposedroot)
> + EXPOSED_ROOT="Yes"
> + export EXPOSED_ROOT
> + ;;
> +
> union=*)
> UNIONTYPE="${ARGUMENT#union=}"
> export UNIONTYPE
> @@ -927,9 +932,26 @@ setup_unionfs ()
> fi
> fi
>
> - mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
> + if [ -n "${EXPOSED_ROOT}" ]
> + then
> + rofsstring=${rofsstring%%=*}
> +
> + mount --bind ${rofsstring} ${rootmnt} || panic "bind mount failed"
> +
> + cow_dirs='/tmp /var/tmp /var/lock /var/run /var/log /var/spool
> + /home /live /var/lib/live'
> +
> + mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
> +
> + for dir in ${cow_dirs}; do
> + mkdir -p /cow${dir}
> + mount -t ${UNIONTYPE} -o dirs=/cow${dir}=rw:${rofsstring}${dir}=ro ${UNIONTYPE} "${rootmnt}${dir}" || panic "${UNIONTYPE} mount failed"
> + done
> + else
> + mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
>
> - mount -t ${UNIONTYPE} -o dirs=/cow=rw:${rofsstring} ${UNIONTYPE} "${rootmnt}" || panic "${UNIONTYPE} mount failed"
> + mount -t ${UNIONTYPE} -o dirs=/cow=rw:${rofsstring} ${UNIONTYPE} "${rootmnt}" || panic "${UNIONTYPE} mount failed"
> + fi
>
> # Adding other custom mounts
> if [ -n "${PERSISTENT}" ]
--
The trenchant blade, Toledo trusty,
For want of fighting was grown rusty,
And ate into itself, for lack
Of somebody to hew and hack.
-- Samuel Butler
Reply to: