Hi,
I've been successfully experimenting with ostree-ifying debian, using the
attached script with initramfs-tools.
It's not particularly polished, and essentially assumes:
- The `systemd-remount-fs.service` unit is masked
- You passed `boot=ostree` on the cmdline, so initramfs-tools sources the script
- That you want to use the `sysroot.readonly=true` option
Ideally the `/usr/lib/ostree/ostree-prepare-root` utility could be used, but I
found it easier start experimenting with manually mounting everything.
Perhaps that script is of use to someone.
I'm not sure how much interest there is in building something similar to Fedora
Silverblue using Debian, but there are a couple of other things, that would be
useful:
- A udeb with just the ostree utility for use in the installer, that would
allow building a installer using the existing d-i components.
I currently use the `copy_exec` function from initramfs-tools to build such a
udeb, and while some libraries are already packaged as udeb, ostree has a lot
of dependencies, and gpg verification doesn't work.
- Shipping sysuser and tmpfiles for every debian package
--
bauen1#!/bin/sh
# Author: Jonathan Hettwer (bauen1)
PREREQS=""
prereqs() {
echo "$PREREQS" ;
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
# The local script is sourced unconditionally, so in most places we defer to it.
ostree_top()
{
local_top
}
ostree_block()
{
local_block
}
ostree_premount()
{
local_premount
}
ostree_bottom()
{
local_bottom
}
ostree_mount_root()
{
# Force the initial mount to be read-only
readonly=y
# First use the local boot script to mount the actual $rootmnt
log_warning_msg "ostree: before local_mount_root"
local_mount_root
log_warning_msg "ostree: after local_mount_root"
# FIXME: this may not be the most appropiate place to parse the cmdline:
export ostree_deploy_tree=
for x in $(cat /proc/cmdline); do
case $x in
ostree=*)
ostree_deploy_tree=${x#ostree=}
;;
esac
done
if [ -z "${ostree_deploy_tree}" ]; then
panic "No ostree deployment path specified!"
fi
log_warning_msg "ostree_deploy_tree: ${ostree_deploy_tree}"
# TODO: We don't really respect the rw cmdline argument, or the
sysroot.readonly configuration
# in the ostree repository, we simply assume that
sysroot.readonly is set and mount accordingly
# TODO: Most of this could be replaced by the
/usr/lib/ostree/ostree-prepare-root
# XXX: The ostree system I'm using this has the
`systemd-remount-fs.service` unit masked, enabling it could mess up the mount
setup, see the ostree-boot package.
# Bind mount the ostree deployment in preparation of moving it onto /
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}"
"${rootmnt}${ostree_deploy_tree}"; then
panic "Failed to bind mount ${rootmnt}${ostree_deploy_tree}"
fi
if ! mount -o remount,ro dummy "${rootmnt}${ostree_deploy_tree}"; then
panic "Failed to make ${rootmnt}${ostree_deploy_tree} mount
read-only"
fi
# Bind mount the actual root onto the /sysroot directory in the
deployment
if ! mount -o bind "${rootmnt}"
"${rootmnt}${ostree_deploy_tree}/sysroot"; then
panic "Failed to bind mount the physical root (${rootmnt}) onto
the ostree deployment /sysroot directory
(${rootmnt}${ostree_deploy_tree}/sysroot)"
fi
# Prepare /boot
if ! read_fstab_entry /boot; then
log_warning_msg "Found /boot entry in fstab, not mounting"
# If we where to bind-mount here, systemd would not mount /boot
itself
else
log_warning "Found no /boot entry in fstab, bind mounting"
if ! mount -o bind "${rootmnt}/boot"
"${rootmnt}${ostree_deploy_tree}/boot"; then
panic "Failed to bind mount /boot from physical root to
deployment root /boot!"
fi
fi
# Prepare /etc
log_warning_msg "ostree: attempting to bind mount
${rootmnt}${ostree_deploy_tree}/etc"
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}"/etc
"${rootmnt}${ostree_deploy_tree}"/etc ; then
panic "Failed to bind mount /etc while preparing /sysroot"
fi
if ! mount -o remount,rw dummy "${rootmnt}${ostree_deploy_tree}"/etc ;
then
# It might be possible to continue at this point
panic "Failed to make /etc read-write"
fi
# Prepare /usr
if ! mount -o bind "${rootmnt}${ostree_deploy_tree}"/usr
"${rootmnt}${ostree_deploy_tree}"/usr ; then
panic "Failed to bind mount /usr while preparing /sysroot"
fi
if ! mount -o remount,ro dummy
