Re: [isar-cip-core][PATCH] Bullseye: Fix journalctl on read-only


Jan Kiszka
 

On 19.04.22 17:49, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

If an image with a read-only partition and etc overlay
is build journalctl does not display the system log in
Debian Bullseye.

The log is available with the command `journalctl --merged'.

The root cause is overwriting the mount point for /etc/machine-id
by the etc-overlay. This leads to the usage of multiple machine-ids
and journalctl does not match the current used journal file to
the machine.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas-cip.yml | 4 ++
...stproc-extension-Remove-etc-machine-.patch | 37 +++++++++++++++++++
2 files changed, 41 insertions(+)
create mode 100644 patches/isar/0001-classes-image-postproc-extension-Remove-etc-machine-.patch

diff --git a/kas-cip.yml b/kas-cip.yml
index fce176b..2c2b7d7 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -29,6 +29,10 @@ repos:
fix-pseudo:
repo: cip-core
path: patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
+ fix-machine-id:
+ repo: cip-core
+ path: patches/isar/0001-classes-image-postproc-extension-Remove-etc-machine-.patch
+

bblayers_conf_header:
standard: |
diff --git a/patches/isar/0001-classes-image-postproc-extension-Remove-etc-machine-.patch b/patches/isar/0001-classes-image-postproc-extension-Remove-etc-machine-.patch
new file mode 100644
index 0000000..95b49ae
--- /dev/null
+++ b/patches/isar/0001-classes-image-postproc-extension-Remove-etc-machine-.patch
@@ -0,0 +1,37 @@
+From 6e72a422c52f9995f5ee3acca293b92a7c0194d9 Mon Sep 17 00:00:00 2001
+From: kas <kas@...>
+Date: Tue, 19 Apr 2022 14:52:54 +0000
+Subject: [PATCH] classes/image-postproc-extension: Remove /etc/machine-id
+
+In a read-only system the machine id should be deleted or
+set to `unitialized\n`[1].
+
+Systemd will generate a new machine-id during the first boot.
+In the case of a read-only root file system Systemd generates a mount point with
+the machine id. If an overlay for /etc is used this creates a mount conflict.
+To avoid the conflict between the overlay filesystem and systemd /etc/machine-id
+mount point deleted the file /etc/machine-id.
+
+[1]: https://systemd.io/BUILDING_IMAGES/
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
+---
+ meta/classes/image-postproc-extension.bbclass | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
+index ca520273..0c412c0d 100644
+--- a/meta/classes/image-postproc-extension.bbclass
++++ b/meta/classes/image-postproc-extension.bbclass
+@@ -57,7 +57,7 @@ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id"
+ image_postprocess_machine_id() {
+ # systemd(1) takes care of recreating the machine-id on first boot
+ sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id'
+- sudo install -m 644 '/dev/null' '${IMAGE_ROOTFS}/etc/machine-id'
++ sudo rm -f '${IMAGE_ROOTFS}/etc/machine-id'
+ }
+
+ ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen"
+--
+2.35.1
+
As discussed directly already: It takes more than that to make systemd
happy, and the easiest approach will be mounting /etc overlay from
within the initramfs. I have a prototype working, but it will also need
a conversion of image-uuid to a cip-core-initramfs recipe so that it can
be applied to both secure and non-secure read-only setups. I'm on it.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux

Join cip-dev@lists.cip-project.org to automatically receive all group messages.