[PATCH] Add exposed root option

Tue, 02 Oct 2007 09:29:11 -0700 

This patch allows you to expose the root read only, this
way you could upgrade the root filesystem without requiring
the user to reboot. The root filesystem could be kept on
an nfs volume or some other persistent medium. Multiple
clients could then be booted off the same root fs. I used
ltsp as a template to determine which directories to make rw.

This is the first cut, suggestions are welcome.

Bugs:

X will not work because xdebconfigurator uses debconf to
change values. You can still set things up manually with
X -configure

thanks,

Jesse

commit 516fc6fad24b0114376886a2f2847e790f1c5ad0
Author: Jesse Hathaway <[EMAIL PROTECTED]>
Date:   Tue Oct 2 12:18:40 2007 -0400

    add option --exposed-root which allows the root
    filesystem to be read only and not covered by
    the union filesystem

diff --git a/functions/defaults.sh b/functions/defaults.sh
index 5d971d8..611c88c 100755
--- a/functions/defaults.sh
+++ b/functions/defaults.sh
@@ -432,6 +432,9 @@ Set_defaults ()
 	# Setting chroot filesystem
 	LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM:-squashfs}"
 
+	# Setting whether to expose root filesystem as read only
+	LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT:-disabled}"
+
 	# Setting union filesystem
 	LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM:-unionfs}"
 
diff --git a/helpers/lh_binary_grub b/helpers/lh_binary_grub
index 4bb5f7d..6ba7937 100755
--- a/helpers/lh_binary_grub
+++ b/helpers/lh_binary_grub
@@ -172,6 +172,11 @@ then
 	esac
 fi
 
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+   LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
 then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
diff --git a/helpers/lh_binary_syslinux b/helpers/lh_binary_syslinux
index 92963ea..2b964c9 100755
--- a/helpers/lh_binary_syslinux
+++ b/helpers/lh_binary_syslinux
@@ -236,6 +236,11 @@ then
 	esac
 fi
 
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+   LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
 then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
diff --git a/helpers/lh_binary_yaboot b/helpers/lh_binary_yaboot
index e3f8df3..646349a 100755
--- a/helpers/lh_binary_yaboot
+++ b/helpers/lh_binary_yaboot
@@ -180,6 +180,11 @@ then
 	esac
 fi
 
+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+   LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 if [ "${LH_UNION_FILESYSTEM}" != "unionfs" ]
 then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
diff --git a/helpers/lh_chroot_hacks b/helpers/lh_chroot_hacks
index da2be17..ba94ee8 100755
--- a/helpers/lh_chroot_hacks
+++ b/helpers/lh_chroot_hacks
@@ -113,3 +113,40 @@ fi
 
 # Creating stage file
 Create_stagefile .stage/chroot_hacks
+
+if [ "${LH_EXPOSED_ROOT}" = "enabled" ]
+then
+   # make sure rw dirs exist so that the initramfs script has
+   # directory in which to bind the tmpfs filesystems
+   cow_dirs='/tmp /var/tmp /var/lock /var/run /var/lib/live /var/log 
+      /var/spool /home /live'
+   for dir in ${cow_dirs}; do
+      mkdir -p chroot${dir}
+   done
+
+   # config rw files
+   config_files='/etc/hostname /etc/hosts /etc/resolv.conf /etc/fstab
+      /etc/live.conf /etc/network/interfaces /etc/X11/xorg.conf
+      /etc/udev/rules.d/z25_persistent-net.rules
+      /etc/udev/rules.d/z25_persistent-cd.rules'
+   
+   rw_dir='/var/lib/live'
+   
+   for file_path in ${config_files}; do
+      # touch files in case they don't yet exist
+      file_dir=${file_path%/*}
+      mkdir -p chroot${file_dir}
+      touch chroot${file_path}
+      file_name=$(basename $file_path)
+      mkdir -p chroot${rw_dir}${file_dir}
+      mv chroot${file_path} chroot${rw_dir}${file_dir}
+      relative_path=$(echo $file_dir|sed 's/[^\/]\+/../g; s/^\///g')
+      ln -s ${relative_path}${rw_dir}${file_path} chroot${file_path}
+   done
+   
+   # mount doesnt write to a symlink so use /proc/mounts instead
+   # see debian bug #154438 for more info
+   rm chroot/etc/mtab
+   ln -s /proc/mounts chroot/etc/mtab
+   
+fi
diff --git a/helpers/lh_config b/helpers/lh_config
index 0c4c256..be092a0 100755
--- a/helpers/lh_config
+++ b/helpers/lh_config
@@ -53,6 +53,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
 \t    [--debug]\n\
 \t    [-d|--distribution CODENAME]\n\
 \t    [-e|--encryption aes128|aes192|aes256]\n\
+\t    [--exposed-root enabled|disabled]\n\
 \t    [--force]\n\
 \t    [--genisoimage genisomage|mkisofs]\n\
 \t    [--grub-splash FILE]\n\
@@ -101,7 +102,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
 
 Local_arguments ()
 {
-	ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,iso-memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "[EMAIL PROTECTED]")"
+	ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,exposed-root:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,iso-memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "[EMAIL PROTECTED]")"
 
 	if [ "${?}" != "0" ]
 	then
@@ -317,6 +318,11 @@ Local_arguments ()
 				shift 2
 				;;
 
+			--exposed-root)
+				LH_EXPOSED_ROOT="${2}"
+				shift 2
+				;;
+
 			--union-filesystem)
 				LH_UNION_FILESYSTEM="${2}"
 				shift 2
@@ -769,6 +775,10 @@ cat > config/chroot << EOF
 # (Default: ${LH_CHROOT_FILESYSTEM})
 LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM}"
 
+# \$LH_EXPOSED_ROOT: expose root as read only
+# (Default: ${LH_EXPOSED_ROOT})
+LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT}"
+
 # \$LH_UNION_FILESYSTEM: set union filesystem
 # (Default: ${LH_UNION_FILESYSTEM}
 LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM}"

commit 17c2f2f1739edb845a62e428f554ff750dbed000
Author: Jesse Hathaway <[EMAIL PROTECTED]>
Date:   Tue Oct 2 12:20:02 2007 -0400

    add code to support --exposed-root in live-helper

diff --git a/scripts/live b/scripts/live
index d4b253b..16c7eea 100755
--- a/scripts/live
+++ b/scripts/live
@@ -362,6 +362,11 @@ Arguments ()
 				export TORAM MODULETORAM
 				;;
 
+			exposedroot)
+				EXPOSED_ROOT="Yes"
+				export EXPOSED_ROOT
+				;;
+
 			union=*)
 				UNIONTYPE="${ARGUMENT#union=}"
 				export UNIONTYPE
@@ -927,9 +932,26 @@ setup_unionfs ()
 		fi
 	fi
 
-	mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
+   if [ -n "${EXPOSED_ROOT}" ]
+   then
+      rofsstring=${rofsstring%%=*}
+
+      mount --bind ${rofsstring} ${rootmnt} || panic "bind mount failed"
+
+      cow_dirs='/tmp /var/tmp /var/lock /var/run /var/log /var/spool 
+         /home /live /var/lib/live'
+
+      mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
+
+      for dir in ${cow_dirs}; do
+         mkdir -p /cow${dir}
+         mount -t ${UNIONTYPE} -o dirs=/cow${dir}=rw:${rofsstring}${dir}=ro ${UNIONTYPE} "${rootmnt}${dir}" || panic "${UNIONTYPE} mount failed"
+      done
+   else
+      mount ${cowdevice} -t ${cow_fstype} -o rw /cow || panic "Can not mount ${cowdevice} on /cow"
 
-	mount -t ${UNIONTYPE} -o dirs=/cow=rw:${rofsstring} ${UNIONTYPE} "${rootmnt}" || panic "${UNIONTYPE} mount failed"
+      mount -t ${UNIONTYPE} -o dirs=/cow=rw:${rofsstring} ${UNIONTYPE} "${rootmnt}" || panic "${UNIONTYPE} mount failed"
+   fi
 
 	# Adding other custom mounts
 	if [ -n "${PERSISTENT}" ]

_______________________________________________
debian-live-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/debian-live-devel

Reply via email to