From patchwork Sat May 31 11:00:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: SCHNEIDER Johannes X-Patchwork-Id: 63958 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5EC7C5AE59 for ; Sat, 31 May 2025 11:00:44 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.46]) by mx.groups.io with SMTP id smtpd.web11.3642.1748689238740352089 for ; Sat, 31 May 2025 04:00:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@leica-geosystems.com header.s=selector1 header.b=Eq9r0j0J; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 52.101.70.46, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HTVCe3cFu1cGEqcANq32PFddVMxd/aWq1NNmB8731fyEE6gHjTFsBJ6vl8CXxiqrKajhbaLwGjSv7/lYCIin7iRz8MdOp0/RaKauCQMpg7g1nlFyhX0NEPTBb2tRJeeUQSp+bMtc16FHOk7emcV4PUeSlCWPrrQr70AG0ZoV11n2DWigQQo6No0QLOHu5shZ6NF/GKBlDDTUgS65Cn9GAmtDCWJF31+bUlUBItP0J2au3egkfRXp6liavuRvRF/ag+bvU9VSp0uiKDvC+PKz5sUwmfkdx7ET7NKaBx6bJS7kkOEGoEJ2tM4s1hsmZ/pnRT9zTRFMBG2uDr/tOD7Qfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=90IHeF/pMe/IBc9dti9g2umYzQEiez637B6Fm+iXHpo=; b=Mp3vHdVVrV1bbaoqeE7cwoeE6WZ3evuvdFhk9uBcxoOknSZQtkN3ijwU8DmrnPt3sgviOVl5p/NqUtT2/juw6N2E7rCEmDi4IqYqGyzGdj8I6DHs0d5JF1/QZfkOyTSYQGZjNsyx8OWFZnMoETsZlpt/VUTmKIBX4MSeV1QBE9IoUvEPhaBHjh/7pV/byABvwG4dj/4n+2ux28UrxeJK5xwUin6odX4+AtdH52u/BA4d/5qZ6S1QqgUInzzYz7bloe8Yr949CM0F7C1WxE7ezuo2DhX9dLnntElp/6eOINhevl5/1hwSfn/j9i17U9l2tj9ZYGI+AxrO4jk5oEC8tA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=90IHeF/pMe/IBc9dti9g2umYzQEiez637B6Fm+iXHpo=; b=Eq9r0j0JfM0gdDkU6uB8xMhCtjAS9GOr9Ae1XBCAqFbGJovBhgQhImHdnniNPMiyvPtk4pShCyLhWtfCt3jnEJ8+2gPifjtqi8JnLmZx8nHbY2kLXU1OLg3F3mDnxi7BJq4qYX4gxhBwzsEfG57tQYhkFcF405KofQqcd9UaSbo= Received: from DU7P189CA0019.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:552::19) by AS5PR06MB8704.eurprd06.prod.outlook.com (2603:10a6:20b:67c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.31; Sat, 31 May 2025 11:00:32 +0000 Received: from DB1PEPF00039230.eurprd03.prod.outlook.com (2603:10a6:10:552:cafe::86) by DU7P189CA0019.outlook.office365.com (2603:10a6:10:552::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8792.24 via Frontend Transport; Sat, 31 May 2025 11:00:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by DB1PEPF00039230.mail.protection.outlook.com (10.167.8.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.29 via Frontend Transport; Sat, 31 May 2025 11:00:30 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 31 May 2025 13:00:30 +0200 From: Johannes Schneider To: openembedded-devel@lists.openembedded.org, raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com CC: bsp-development.geo@leica-geosystems.com, Johannes Schneider Subject: [meta-oe][PATCH v1 1/3] systemd: add recipe for systemd-repart-native 257.6 Date: Sat, 31 May 2025 13:00:20 +0200 Message-ID: <20250531110022.3843938-2-johannes.schneider@leica-geosystems.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> References: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> MIME-Version: 1.0 X-OriginalArrivalTime: 31 May 2025 11:00:30.0340 (UTC) FILETIME=[3936BC40:01DBD21B] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF00039230:EE_|AS5PR06MB8704:EE_ X-MS-Office365-Filtering-Correlation-Id: a9a7b543-c6f4-497d-4216-08dda0325be0 X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|13003099007; X-Microsoft-Antispam-Message-Info: Lo0fA0qehJsx5VkqpRvySvPpPUu6p7gZwXFYWjDwUGXNCx/y8ukmL/OUPI+jPZvgk09sdP8hPgBw1tehDLfkCQxp3cJZdCrm3U7lmndRIFVbkhZiVTeUUo6avCaAYA4HdakBN0yaJD3fkhN5b2aAfjOXlZNbpueMhUBglmpvK8fTT8DVtB12WTITeTqS+0XJYOESz+/NWFWWiwOPGMlMAS0zaEFAJQZ/bJtw+VtgG2AE0B2aMCkWK2EyMlQvXc1diWhRVlT/HgpqIVOSmbLWKfGaABV5aF7zDR7PNNzwLIeb4IlHGCcQcorwLEkaHWNiq4ihD9Y8qWY62rM8phzyCS0Pk3eP5gugQV9m7oeA1piBZCJT7ETEauAbvBEkjS0tE4TIybu0qyBEhBQ5Rv0/zTZAnWPYh49LLzdIQY8mtx9145snIzdF/p6z+4KOAeuUIfMeLtKZJBa+kCU3GSF3/3XMYMs7yH0uHe4AJ7i7pHTJXV+kYMvhcrukpTt1y8IK1oeA2CZH9m8QO9SmnyMjLyrnRy4Otfe+V3Gg6mLjGzD/u0o5wVRWEF4I/Ivx05yKKY9P4F+283s4Sp4A0ngg/Saw52fwfgtmesmIWi1eHYIsh9T1eTBUD4JYi+y5IYSi/DnYoXnYKdOFsw6d0yc0hGga+7h3aMXmT3QhF0I1CbJKNeCz+j2X/IEkB3jF+W3oiB0OWsxVYS4SRuqJAmHJn4c1gR6la6EbCFiSeJ+T0qEDecMYmtpg/6bWmn6xNuKF/VvsXjSwfzc58TWEad+5W9ujdaAmgc8WShWBuBX+zRDLmObPhZIQtdDLmlle3XJIKZccLzS/bCtfvekws3LTSQqm5F8WSgkf+5T8Mmt+s6623uVm3BcrTMBlyEDJBlSyA6tIODiWdyd4sG8Z7qqe/6j0jJcdDeIVof8rP7M/tgmt0aYhv5xCtTlhKyo0tKsXYnYlu63EvfVRHz/q3YtHPr6Hgqa+CmLj7L5VZb9qIsLaMmvTwd3sl1h+tJeVY9ig9alEvqSmKbYupgxIqt24i9Q7HHOGOzc4NGQkdCJBr5lsm8MWbIdB9VgYr19olEJfQqfU3EG2+mmQH37Ktms64/B8fmqVMa/60khyy2uwrAe7EN4t19JM8+LwafpruBViwnx4hsv9viy5Mp99idtdSzN8Azn33bL3sChtfxLiSo2n+O4mY83bcuI9d2gQUeZSYVjS3SUViUjJ4cXCmLUejvfQF3KD+HinjxDLxaXZhBy0gvB1NrrpizfuN35OzjkCJt475BpkvMNC5/T7uay44yjySa3M3t7GajmW6MSRNU0nKwqjfrHAsJWTis4PsEBTQJwvB6uEzS8ivhlFbs1/WAc3W3t1BUNwaMnmxmUvJw6155sHlvl8Wnijo52PW0m1+kc5Bnrsfd8jYKWJF6c1S1CHk80JysPJ3c+nwliFrXvvwSPz18nEdLW3f+KWCCGc5p2uKbmKmTSoti1bWFs6Yw== X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2025 11:00:30.6068 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a9a7b543-c6f4-497d-4216-08dda0325be0 X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF00039230.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS5PR06MB8704 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 31 May 2025 11:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/117679 Add a recipe to build systemd-repart-native. The chosen version is a relatively recent one, to support: 1) PKCS#11 uris [1] to pass in the private key when creating a discoverable disk image (as·--private-key-source). 2) setting Compression=/CompressionLevel= in the configuration [2], which is then passed over to a (recent version of) mkfs.erofs The recipe was adapted from an incomplete 'systemd-tools' patch [3] that is floating upstream. Link: [1]: https://github.com/systemd/systemd/commit/0a8264080a5d4b5e13e65eed80ac98a476f7fe43 Link: [2]: https://github.com/systemd/systemd/commit/27cacec939a46f61706d7b48a51b6f5880be4662 Link: [3]: https://lists.openembedded.org/g/openembedded-core/topic/108223984#msg204065 Signed-off-by: Johannes Schneider --- .../systemd/systemd-repart-native_257.6.bb | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb diff --git a/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb b/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb new file mode 100644 index 0000000000..15b60af02e --- /dev/null +++ b/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: MIT +# +# Copyright Leica Geosystems AG +# + +SUMMARY = "systemd-repart" +DESCRIPTION = "systemd-repart grows and adds partitions to a partition table, based on the configuration files described in repart.d(5), or generates a Discoverable Disk Image (DDI) for a system extension (sysext, see systemd-sysext(8))." +HOMEPAGE = "http://www.freedesktop.org/wiki/Software/systemd" + +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later" +LICENSE:libsystemd = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ + file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" + +SRCREV = "00a12c234e2506f5cab683460199575f13c454db" +SRCBRANCH = "v257-stable" +SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}" + +S = "${WORKDIR}/git" + +DEPENDS = " \ + cryptsetup-native \ + gperf-native \ + libcap \ + python3-jinja2-native \ + util-linux \ +" + +inherit meson pkgconfig gettext native + +MESON_TARGET = "systemd-repart" + +# Helper variables to clarify locations. This mirrors the logic in systemd's +# build system. +rootprefix ?= "${root_prefix}" +rootlibdir ?= "${base_libdir}" +rootlibexecdir = "${rootprefix}/lib" + +EXTRA_OEMESON += "-Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Drootlibdir=${rootlibdir} \ + -Drootprefix=${rootprefix} \ + -Ddefault-locale=C \ + -Dmode=release \ + -Dsystem-alloc-uid-min=101 \ + -Dsystem-uid-max=999 \ + -Dsystem-alloc-gid-min=101 \ + -Dsystem-gid-max=999 \ +" + +do_install() { + install -d ${D}${bindir}/ + install -m 0755 ${B}/systemd-repart ${D}${bindir}/systemd-repart + install -d ${D}${libdir}/ + install -m 0644 ${B}/src/shared/libsystemd-shared-257.so ${D}${libdir}/libsystemd-shared-257.so + + install -d ${D}${libdir}/systemd/repart/ + cp -r ${S}/src/repart/definitions ${D}${libdir}/systemd/repart/ +} From patchwork Sat May 31 11:00:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: SCHNEIDER Johannes X-Patchwork-Id: 63957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDF37C5B556 for ; Sat, 31 May 2025 11:00:44 +0000 (UTC) Received: from DB3PR0202CU003.outbound.protection.outlook.com (DB3PR0202CU003.outbound.protection.outlook.com [52.101.84.31]) by mx.groups.io with SMTP id smtpd.web10.3725.1748689242393863809 for ; Sat, 31 May 2025 04:00:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@leica-geosystems.com header.s=selector1 header.b=qufW0sQ2; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 52.101.84.31, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Hos3AT5v6RRFKduNv388ryDTz9tH0UAnhakef2XHW/e+T1q+fT0yS9PWs22Jsj4whKWhSA425dZ40bm/IyG+TmAyn3Ht/8UifI9gfB0KJjuprB3cwlzVgJyFYggL6ZIV0rZRG+8H3lGKEArpLXUFg/HXx7vSsQRA/v/MXH5J1+3Nm9DNQZ9PpAXhaw28jWvcwHSiZV5aUhoH9/TmaIWS5AYOpRh0DSDx0YEzExoH1RfTRCUDtZKzuRKILcL5KafVn0PBYY2fwn/JuHiVHbkUaJBHlNynczshfwgq4AVeolDTQqe9R6ca65xJ4ngnFcGr8/NOYKi10UXRyFX0u/V7mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w5h9IvqyI4NBPDC4gxMdQhlyYw21euYgm4a6FxJrSLQ=; b=eeVo65WM03kPeXia3Kzsw5SWypy7+D4BdzftqI5YKnC9s0q2eguFE+FlcmhhzMnDrFR+ZA4BU8bfFCv4Rl1k401jTY+DybyHRZC4htIHL8pOJX4NgAOGjXm11u4T0dMSENHS8YI/zJjZ+ZxetBGBXShAelSZVmHodbbdPqTeEh48/a0A74nsa6gMHw/2A/Whs4aoNxrmhPDhEwzNHfy6lnn+dkpCz6zDLBcsriRFVp7sQvcrgaAu6O6J/VxwcP5yivm0ZSH1qch9/Lk9+bXE3q+dx/n4UcpC22S+UzhVEZsxElKNe63yQIUPi7FhWsv+puRXRBmI8q1apsv0GS/z0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w5h9IvqyI4NBPDC4gxMdQhlyYw21euYgm4a6FxJrSLQ=; b=qufW0sQ2IxjryBOvjmATFbgztuAj9jYoCGSdZRL5k8yfKlIsSO4xwH2e08/TcpLmD+aQRGmfZr6IB+AM9bkw/vd3iX9mmJxlr81r10scb06QaH07M+mH2MsprL/sC3wN9wUIE8TbJseCgBBkTzza6fkUhFNWJc/wmNkO/fpNUZc= Received: from DU7P189CA0028.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:552::33) by VI1PR06MB6576.eurprd06.prod.outlook.com (2603:10a6:800:128::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.31; Sat, 31 May 2025 11:00:34 +0000 Received: from DB1PEPF00039230.eurprd03.prod.outlook.com (2603:10a6:10:552:cafe::b6) by DU7P189CA0028.outlook.office365.com (2603:10a6:10:552::33) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8792.27 via Frontend Transport; Sat, 31 May 2025 11:00:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by DB1PEPF00039230.mail.protection.outlook.com (10.167.8.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.29 via Frontend Transport; Sat, 31 May 2025 11:00:32 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 31 May 2025 13:00:31 +0200 From: Johannes Schneider To: openembedded-devel@lists.openembedded.org, raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com CC: bsp-development.geo@leica-geosystems.com, Johannes Schneider Subject: [meta-oe][PATCH v1 2/3] classes: add discoverable disk image class Date: Sat, 31 May 2025 13:00:21 +0200 Message-ID: <20250531110022.3843938-3-johannes.schneider@leica-geosystems.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> References: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> MIME-Version: 1.0 X-OriginalArrivalTime: 31 May 2025 11:00:31.0574 (UTC) FILETIME=[39F30760:01DBD21B] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF00039230:EE_|VI1PR06MB6576:EE_ X-MS-Office365-Filtering-Correlation-Id: 52de995c-efe8-4276-4186-08dda0325d47 X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|82310400026|36860700013|13003099007; X-Microsoft-Antispam-Message-Info: VcfgC9TnAQHB/rh7YV9SLOOtemihfMFs+gJk0HgOUjmhA7x5mmDbnWZqZrCiGZEiP2fIzBtk1q7lkIq5F1zuJGzHEDuKcu012sdLUNpHKY8TvJ7pxK4Gu0mBSKwe8qfmogsUsXBEgNvz5etJYBPj9OjDJ8y+NgfunFH9pXBeo3E5Q/KtPubBOutZSShS3rooNdF0TnSK8/sp6BHozXgIQqfu3xZJqZGE+GGPtrZtAxBaxPeaOPvWnWrQfc1ZpmIFpB17C7N1pHEluowxOcn8T2ruHON0hvoKdqgzBLABKRLBOTlz7SpyBfupqMOU6y4XHkVrpdwT/zXPvwFT5DvItmo2Ue7wvh26GXqI57sJ1oRYaE5Q1xgJQqWegm2BH5APOfm38iSV6IWjzBPg1PaEdN/MirGTkWTAKjzLvQwwiu4yP5VmThywTZh9SVACNTmb6n0jaVAIhpziwkDDJiUEd8b/f5fNZ7cssJ55yNRagFGUe1yjLhjQ7QRq1bcSg5UvvZGp4z6VCE4e8g8u23IAcv8ahv36OI1BELOPjinYEA4ZrkyYauLuOxvnoa6g5HnLQyqHpClEjDzRxnmucC53OmdVjZf8l+9e1kD1Xh361qWXKoKwWi7jf/ubXZNL/sUkn6JEbvNxTVyVu6ppvBhF2itDYP7Ieiffc4iGNl9HMayUtU1NTW0o6q+lr3l3gP+k2kLqanmke3OOctpKlaTL2Y269LQcNkIHAYpaxaVx7lnkeLVNL+QJ1n8JRbnr4Io3IhP6F8dLB91Gh1hv1KwzjpWiY7k5a1BR2maYh+w68K58PGwXrbcmQEx+k1R9BPZjozEedoiaI1i1jwsY7nzD94XcaxYeOFuMN1SWXScK1t/VbxfXNm7zCM1mHGbgnntFEo6A7cU6Trd+mbC3iq0hQv3MF6pc0vLCjxPCOr6K/2IryDSaSpMiF9IkzaX5sIY3XCTbJvxtjUJGVmv23jrgfufH3/SVzh5wsBUaoPfpefGFXZPFNK1Ht3k69pYWYIXNyt/GkZzt+nmlCXLorqA5OXHF2oT3i5yjJyZ2Dua5RwaiHIlDE6gggdvyBJribuWEMTm4HYFXHylv1uGQL26WUbALPJRIn5zKF+aiFt+s2RFxMFjQe6nZ/67XewY94AllnzA5nbScBlH4bEgNOMtUISG3XDGrN8qEnEJLpVmYlLihKJFkUmYP+BPIGj6I9O7BL1NQZjj4uJwGvxsJv3Ztl7F/MzDZO+896u/8q73uepN5WIe5ojbsur/kCdyedQUoIBB6RqSUtmFAOGwHe5Ap81WvWplxfNMl+KiPJwyj3RgYReDuzWgTbN24y+s21di0FflxbkH8ttdgYXHHxG+BweUU0ra3JXOXSb8tWW9VgMIfLRu6mJGo4erUpp4MPn9VORnf/KbStARHJhXSCBM62WUJ3UrUx639meFDdaM8+V491BO6YbI8izoOhafBRtn40SGBeqSu0q9fgWIeqbNhtQ== X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(1800799024)(376014)(82310400026)(36860700013)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2025 11:00:32.9609 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 52de995c-efe8-4276-4186-08dda0325d47 X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF00039230.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB6576 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 31 May 2025 11:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/117681 Add a class to build discoverable disk images [1] through systemd-repart(-native). Note that systemd >= 256 is required for '--private-key-source' The class was adapted from a patch [2] floating upstream. Link: [1]: https://uapi-group.org/specifications/specs/discoverable_disk_image/ Link: [2]: https://lists.openembedded.org/g/openembedded-core/message/198724 Signed-off-by: Johannes Schneider --- .../classes/discoverable-disk-image.bbclass | 132 ++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 meta-oe/classes/discoverable-disk-image.bbclass diff --git a/meta-oe/classes/discoverable-disk-image.bbclass b/meta-oe/classes/discoverable-disk-image.bbclass new file mode 100644 index 0000000000..e601bf452f --- /dev/null +++ b/meta-oe/classes/discoverable-disk-image.bbclass @@ -0,0 +1,132 @@ +## +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# +# +# Discoverable Disk Image (DDI) +# +# "DDIs (Discoverable Disk Images) are self-describing file system +# images that follow the DPS ( Discoverable Partitions Specification), +# wrapped in a GPT partition table, that may contain root (or /usr/) +# filesystems for bootable OS images, system extensions, configuration +# extensions, portable services, containers and more, and shall be +# protected by signed dm-verity all combined into one. They are +# designed to be composable and stackable, and provide security by +# default." +# https://uapi-group.org/specifications/specs/discoverable_disk_image/ +# https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ +# https://www.freedesktop.org/software/systemd/man/latest/systemd.image-policy.html + +# To be able to use discoverable-disk-images with a +# root-verity-sig or usr-verity-sig configuration: +# - systemd needs to include the PACKAGECONFIG 'cryptsetup', and +# - the kernel needs the following features enabled: +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING=y +# CONFIG_EROFS_FS=y +# CONFIG_EROFS_FS_XATTR=y +# CONFIG_EROFS_FS_ZIP=y +# CONFIG_EROFS_FS_ZIP_LZMA=y +# CONFIG_INTEGRITY_SIGNATURE=y +# CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +# CONFIG_INTEGRITY_PLATFORM_KEYRING=y +# CONFIG_SYSTEM_BLACKLIST_KEYRING=y +# CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# CONFIG_SIGNATURE=y + +# To sign DDIs, a key and certificate need to be provided by setting +# the variables: +# REPART_PRIVATE_KEY +# private key so sign the verity-hash +# REPART_PRIVATE_KEY_SOURCE +# optional, can be "engine:pkcs11" when using a (soft)hsm +# REPART_CERTIFICATE +# corresponding public certificate, in .pem format +# + +# For signature verification, systemd-sysext expects the matching +# certificate to reside in /etc/verity.d as PEM formated .crt file. +# +# To enforce loading of only signed extension images, an appropriate +# image policy has to be passed to systemd-sysext, e.g.: +# systemd-sysext --image-policy='root=signed+absent:usr=signed+absent:=unused+absent' merge + +# 'systemd-dissect' can be used to inspect, manually mount, ... a DDI. + +inherit image + +IMAGE_FSTYPES = "ddi" + +DEPENDS += " \ + systemd-repart-native \ + erofs-utils-native \ + openssl-native \ +" + +# systemd-repart --make-ddi takes one of "sysext", "confext" or "portable", +# which it then takes and looks up definitions in the host os; which we need +# to divert to the sysroot-native by setting '--definitions=' instead. +# +REPART_DDI_TYPE ?= "sysext" + +REPART_DDI_EXTENSION ?= "ddi" + +# systemd-repart creates temporary directoryies under /var/tmp/.#repartXXXXXXX/, +# to estimate partition size etc. Since files are copied there from the image/rootfs +# folder - which are owned by pseudo-root - this temporary location has to be +# added to the directories handled by pseudo; otherwise calls to e.g. +# fchown(0,0) inside systemd git/src/shared/copy.c end up failing. +PSEUDO_INCLUDE_PATHS .= ",/var/tmp/" + +oe_image_systemd_repart_make_ddi() { + + local additional_args="" + + if [ -n "${REPART_PRIVATE_KEY}" ] + then + if [ -n "${REPART_PRIVATE_KEY_SOURCE}" ] + then + additional_args="$additional_args --private-key-source=${REPART_PRIVATE_KEY_SOURCE}" + fi + additional_args="$additional_args --private-key=${REPART_PRIVATE_KEY}" + fi + + if [ -n "${REPART_CERTIFICATE}" ] + then + additional_args="$additional_args --certificate=${REPART_CERTIFICATE}" + fi + + # map architectures to systemd's expected values + local systemd_arch="${TARGET_ARCH}" + case "${systemd_arch}" in + aarch64) + systemd_arch=arm64 + ;; + x86_64) + systemd_arch=x86-64 + ;; + esac + + # prepare system-repart configuration + mkdir -p ${B}/definitions.repart.d + cp ${STAGING_LIBDIR_NATIVE}/systemd/repart/definitions/${REPART_DDI_TYPE}.repart.d/* ${B}/definitions.repart.d/ + # enable erofs compression + sed -i "/^Compression/d" ${B}/definitions.repart.d/10-root.conf + echo "Compression=lzma\nCompressionLevel=3" >> ${B}/definitions.repart.d/10-root.conf + # disable verity signature partition creation, if no key is provided + if [ -z "${REPART_PRIVATE_KEY}" ]; then + rm ${B}/definitions.repart.d/30-root-verity-sig.conf + fi + + systemd-repart \ + --definitions="${B}/definitions.repart.d/" \ + --copy-source="${IMAGE_ROOTFS}" \ + --empty=create --size=auto --dry-run=no --offline=yes \ + --architecture="${systemd_arch}" \ + --json=pretty --no-pager $additional_args \ + "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${REPART_DDI_EXTENSION}" +} + +IMAGE_CMD:ddi = "oe_image_systemd_repart_make_ddi" +do_image_ddi[deptask] += "do_unpack" From patchwork Sat May 31 11:00:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: SCHNEIDER Johannes X-Patchwork-Id: 63959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBDEFC5B543 for ; Sat, 31 May 2025 11:00:44 +0000 (UTC) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.61]) by mx.groups.io with SMTP id smtpd.web10.3724.1748689241685023080 for ; Sat, 31 May 2025 04:00:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@leica-geosystems.com header.s=selector1 header.b=TRt09mVq; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 40.107.21.61, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Rj/q2knmr2gHUbJWF1GPYpPgA9NdgJziIOCrqRQ6VLN5TuXwEOQMAZhBFR5m2pzpaXaR6BFDqnbH9Upsx6W6yQlPXFmtZ3CC48oyrsb/EntX/yQ9KbF41y3TJPw4OB6rpKxYIuMo8wCdoBf/tva+hmNAwEAc+PCknWCB71iNGGjy4aoP3aZSFtpYISdYR3FuZeEaFmjrri63jOxwy3Y69ElNfJxnL5W3m+X8M5H+cysOn4Y/ke0/7nRiPz4oeYLMdvLBYBGvDxgWjL+V2AIJIWjzSiKsHNTpS5vGZW+HG5GMl7D6OSUx5aSqOT+WVt49Vo10OyUPlQiY/YyKJbj2ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0HqfXlJSrnk+R/mh7gdHOgi3SqwL7ur+oT5MA6+3rio=; b=YWwUTiLYEoG0sbALkfuyaetqVKIcZflnQ8Jl5cuhJ+bN4Vou+vluaun7g+cEK/V7KsOzBXLrwis7oz9LjIPaDbYvOY0MT6zmDary65gQjq5kBr6VVn8pPq8OQkuEOAEA7m3HaJpGdOREXDsIrDOLApJEyQuAXhYrlHLZlKFsBl+VpNPlbt8QDPrclNjpGGRCzgB+E3lqHcAEwYLnVeKi4um7v1b+hzlTtIdTxz/tgtbVP5qYqfvoVhS/YEMHFsVxROpAerSovSrOnqF9uCM7cR7zfgEMRvyPLQBhTUO3ItaEvugyrCeHsLgdADJgoJVabZGeISbkNyfQxmTw5yMPyQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0HqfXlJSrnk+R/mh7gdHOgi3SqwL7ur+oT5MA6+3rio=; b=TRt09mVqTyehy2d179f6fUd0u0V/4ZMR9OvSEzMLPD3otOhRpfH8rSUnnv76gB+c/BKn45jPz5qwjElvc4BYeKEM6BBMJ4Wj1YfIkwxU5xY4+Jp/0A3t+4akII2U0fhWuMdmZMFfqRNzLHgfCULNpSYp97CzRFA0NDN2LNfzPEQ= Received: from DU7P189CA0004.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:552::20) by PA2PR06MB9540.eurprd06.prod.outlook.com (2603:10a6:102:405::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.34; Sat, 31 May 2025 11:00:36 +0000 Received: from DB1PEPF00039230.eurprd03.prod.outlook.com (2603:10a6:10:552:cafe::77) by DU7P189CA0004.outlook.office365.com (2603:10a6:10:552::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8792.24 via Frontend Transport; Sat, 31 May 2025 11:00:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by DB1PEPF00039230.mail.protection.outlook.com (10.167.8.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8792.29 via Frontend Transport; Sat, 31 May 2025 11:00:35 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 31 May 2025 13:00:31 +0200 From: Johannes Schneider To: openembedded-devel@lists.openembedded.org, raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com CC: bsp-development.geo@leica-geosystems.com, Johannes Schneider Subject: [meta-oe][PATCH v1 3/3] classes: add a systemd-sysext image class Date: Sat, 31 May 2025 13:00:22 +0200 Message-ID: <20250531110022.3843938-4-johannes.schneider@leica-geosystems.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> References: <20250531110022.3843938-1-johannes.schneider@leica-geosystems.com> MIME-Version: 1.0 X-OriginalArrivalTime: 31 May 2025 11:00:31.0621 (UTC) FILETIME=[39FA3350:01DBD21B] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF00039230:EE_|PA2PR06MB9540:EE_ X-MS-Office365-Filtering-Correlation-Id: b038bdb9-06c7-4e3a-8c5a-08dda0325efb X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|82310400026|1800799024|13003099007; X-Microsoft-Antispam-Message-Info: COchoCBwaW4aaY4jv+U9RXTv4mUMw3CW4dsDiF2rYprywLUWRsOGAShdoT00tLfJM/SzB9qoNOwv15j/MEGrcg+Mm4Prm4Z+Ix0wQCk5WTkn94tw67gKb4N2idvDUTvzSNQVyTs+NXVcL1G0OqPVPDWFTf10GOM2LNaKgneruY/SmEtuLvrhGwh++vTe3anAWbq3tsJPv2KCpEUIAF32gwe2WzilFSlXvZE2/2wVYn4qbbSvWac2M++VS59y7BYJFBL1G2JeVuNV2xWJRWtOwTRNYamO2oBO2HPmDzKM+rqHnc/gzfYC1rvxXe2mOlN7sG5UNLqW+6B0B5RRE7ZvqyjjpFWUoirCqIpry6X0FHi39CWEI0B+bqSudCBnOWQbyf4eDGS4VrFIQ1twKI+gh2mxMoOwoD1B3NCbgIjhwgWbUz8PWwevcJZ8SwlDIAkrJ4zSfYEPA5N3PrDvj9zq2lPIb2aTdLJXAbvbC0bJdxNOPFoUcycWkVHZhLqchwUrL/wzWuSYU9dXSg//VLzdsBFuu3A1J83IEFPPRhBrkOtzTLPwMMYiC3U7bjoy3iolmxY4V+GzixfUoJa2li/NOmbyimNJ9vlc+lttFr9S9mHK08jlqVs0wFTw7RamrAqcmFLz8JA3z/bIkr8T+S8EhYPHzJ736Bea7AHrXkI/3t+rfheYHJd/4spyvVV1d81FufBqEdTsLrtA6G+doNvvLQD0A7ty59zVX0tPd5Rnn6r/zW4WyeO0wMNl/sLc96qQ5Y0bB6rP6RUAWG/SzpMP/u94smwB3nw2MuTbWIILU7hbBzgvyYMggpIaVLpQLPnFsHvfUQEaG7FwcvFa89OpLnTpdJjIXEdoJ2Wbubet9ioRP/Ez/5BVIo/7GrWk7e/EVgZBHDtYl0DEUjzDKE2dZiegNVoZNG9fZR5i1wOyqoRJFVL8bqiKHecWAYUdB2S6W39izvo9q2Y/MnCmEUAI3feYPHsjoYn03yWI3UP07O/o3Z3iQUKHMsMumtiVb1U3Nc1NWf08Zo9W7NoeNBubtqtaeJzjNgMN9EXNACRk2mWcOtR49tT6PnT8QwCOsOamyY1Bd3+jqyZWKfSozgTVlHgRmm+iwh+CgiqsLEB0FhVMuumlfKu2eT3Sw4YVBGRdvCbuPfxuDQ7D9JlNJa6l29kzJmryIgcFUT1nhlIYFVtJAd1xUxKH8JvV9Mg+dvWFwD/Dp04pu6cG4cM9wiAi8s8VtzVplnvVBSLhcn04URmoBwSuVYGDgybjiYNKEY5EbCZqsGsKeWH7jWiL3m61L0W/hFgAzd8VwNO2mLoZYjyc8UJ+fpdK256KjTRCV2WyNjIZlvamk00kicI+REFa0XFdvqWD5drY883+xaRiwEJjKA0ZqzLRXhpgRksZ5HJCFPj2VEqjTig4pKDN0cVSG6k/d/UXCzqidxQn8FRROG7i5IavC0ThLNjg6TG3KaS8uvNgj2kE/q+iUjcfdoM+cg== X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(36860700013)(376014)(82310400026)(1800799024)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2025 11:00:35.8203 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b038bdb9-06c7-4e3a-8c5a-08dda0325efb X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF00039230.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA2PR06MB9540 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 31 May 2025 11:00:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/117680 systemd-sysext can load a raw-image containing usr/ and opt/ folders to mount them as RO overlay over the rootfs, to "extend" the systems. This class provides the necessary changes/additions to the enclosed filesystem so that systemd-sysext accepts the extension for "merge" into the rootfs. With such a created image, placed into the correct folder (see [1]), `systemd-sysext list` should be able to list the "extension" and `systemd-sysext merge` should enable the overlay. On both commands a preceding "SYSTEMD_LOG_LEVEL=debug" can aide in figuring out what is amiss. Link: https://www.freedesktop.org/software/systemd/man/latest/systemd-sysext.html Link: https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html Signed-off-by: Johannes Schneider --- meta-oe/classes/sysext-image.bbclass | 76 ++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 meta-oe/classes/sysext-image.bbclass diff --git a/meta-oe/classes/sysext-image.bbclass b/meta-oe/classes/sysext-image.bbclass new file mode 100644 index 0000000000..4d97b59ce3 --- /dev/null +++ b/meta-oe/classes/sysext-image.bbclass @@ -0,0 +1,76 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +# System extension images may – dynamically at runtime — extend the +# /usr/ and /opt/ directory hierarchies with additional files. This is +# particularly useful on immutable system images where a /usr/ and/or +# /opt/ hierarchy residing on a read-only file system shall be +# extended temporarily at runtime without making any persistent +# modifications. + +# Example usage: +## place a symlink into the systemd-sysext image search path: +# $> mkdir /run/extensions +# $> ln -s /tmp/extension-example.sysext.ddi /run/extensions/example.raw +## list all available extensions: +# $> systemd-sysext list +## and enable the found extensions: +# $> SYSTEMD_LOG_LEVEL=debug systemd-sysext merge + +# Note: PACKAGECONFIG:pn-systemd needs to include 'sysext' + +# systemd-sysext [1] has a simple mechanism for version compatibility: +# the extension to be loaded has to contain a file named +# /usr/lib/extension-release.d/extension-release.NAME +# with "NAME" part *exactly* matching the filename of the extensions +# raw-device filename/ +# +# From the extension-release file the "ID" and "VERSION_ID" fields are +# matched against same fields present in `os-release` and the extension +# is "merged" only if values in both fields from both files are an +# exact match. +# +# Link: https://www.freedesktop.org/software/systemd/man/latest/systemd-sysext.html + +inherit image + +# Include '.sysext' in the deployed image filename and symlink +IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}.sysext" +IMAGE_LINK_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}.sysext" +EXTENSION_NAME = "${IMAGE_LINK_NAME}.${IMAGE_FSTYPES}" + +# Base extension identification fields +EXTENSION_ID_FIELD ?= "${DISTRO}" +EXTENSION_VERSION_FIELD ?= "${DISTRO_VERSION}" + +sysext_image_add_version_identifier_file() { + # Use matching based on Distro name and version + echo 'ID=${EXTENSION_ID_FIELD}' > ${WORKDIR}/extension-release.base + # os-release.bb does "sanitise_value(ver)", which needs to be done here too + echo 'VERSION_ID=${EXTENSION_VERSION_FIELD}' \ + | sed 's,+,-,g;s, ,_,g' \ + >> ${WORKDIR}/extension-release.base + + # Instruct `systemd-sysext` to perform re-load once extension image is verified + echo 'EXTENSION_RELOAD_MANAGER=1' >> ${WORKDIR}/extension-release.base + + install -d ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d + install -m 0644 ${WORKDIR}/extension-release.base \ + ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d/extension-release.${EXTENSION_NAME} + + # systemd-sysext expects an extension-release file of the exact same name as the image; + # by setting a xattr we allow renaming of the extension image file. + # (Kernel: this requires xattr support in the used filesystem) + setfattr -n user.extension-release.strict -v false \ + ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d/extension-release.${EXTENSION_NAME} +} + +ROOTFS_POSTPROCESS_COMMAND += "sysext_image_add_version_identifier_file" + +# remove 'os-release' from the packages to be installed into the image. +# systemd-sysext otherwise raises the error: +# Extension contains '/usr/lib/os-release', which is not allowed, refusing. +PACKAGE_EXCLUDE += "os-release"