From patchwork Sat Jun 21 20:46:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Johannes Schneider X-Patchwork-Id: 65427 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75BFAC7EE2A for ; Sat, 21 Jun 2025 20:46:56 +0000 (UTC) Received: from MRWPR03CU001.outbound.protection.outlook.com (MRWPR03CU001.outbound.protection.outlook.com [40.107.130.11]) by mx.groups.io with SMTP id smtpd.web11.14958.1750538811274934565 for ; Sat, 21 Jun 2025 13:46:51 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@leica-geosystems.com header.s=selector1 header.b=kPiEFdQW; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 40.107.130.11, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ri+zD72ZH6FtbfFqvuPjwYcaqSb+QM0djuY5Bweip7Ld8CsY1yYT73tByG6dL205sA92XK7rtQQmz/tgumc6R8sjJZpDTc+/L9pw64bsdtsUBUJzex78ux+pOB2diH/95HP97YIm0ZlGqVWIMQk9kwz3YBHx5CHQOHeu7dVh96zJHsp6Eh4mMZSlE614kmA6uFKivpvdkXLOUyHd+76bzFMCadLNoZCphJHTsU/RIQ45+wK1kRKsSgMbbCGs/IvynrnhSbRA0bBgDIFJWK4LmIkzGkLtxmBbqR6Bx98G+Wwo6tIGwD1CKx1g0ZsdMP/Z6xqlCCpBdL1FgTv4dCF9tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kFtYi5TWOGea4UuqN3fAw45WgKdwfHf+ptEwUgVFUTs=; b=I+XbTiF6IUu+RXIkKX3ODuZ61zWgKOdD1uzKEhhVW/OK34DJjSKzuUiCyXikg2WbHbpZBm1+WUTPX0x6zs0AsCr1gomHOr/fxN8unGpVGaipGkWwVB/fQCXhpnpTVh2X8W+F8rhj0WQcMRVHUhlTgGLr315mnecwBdgIQRbQr6/d0VhQ+IKA9E+G0bK4dAZhcaBfcCue4s/cIwbJ1u2ih2G0rDLSEfp+MFFWuwxv0TYiHwA8YiCmwV4u8gcoC/6pZHVj5RfeZ0WY1+cni9uMMtis6WUqqRgorV9L+7KF9SYJKx94R0c/QLJJ35+/MmSaWJ43MahzcDt5hf6mjfpxvg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kFtYi5TWOGea4UuqN3fAw45WgKdwfHf+ptEwUgVFUTs=; b=kPiEFdQW04RleYATFYMqSIcEeIcEJI+Icr/wNBYaE69GSZenVSc8dvvwL8tQcj1qSmtHGe6r4Vbc2evepFAxrPQa6i2n80qSUnNAUO92gvcK64OrfcBtnbN5CVA/vLyRBWqACv/9ttUZFR1DH2acZGIH08jGemC4vNklpcSCG88= Received: from AM0PR03CA0008.eurprd03.prod.outlook.com (2603:10a6:208:14::21) by PA2PR06MB9246.eurprd06.prod.outlook.com (2603:10a6:102:409::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.25; Sat, 21 Jun 2025 20:46:46 +0000 Received: from AM4PEPF00027A6A.eurprd04.prod.outlook.com (2603:10a6:208:14:cafe::41) by AM0PR03CA0008.outlook.office365.com (2603:10a6:208:14::21) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8857.27 via Frontend Transport; Sat, 21 Jun 2025 20:46:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by AM4PEPF00027A6A.mail.protection.outlook.com (10.167.16.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.14 via Frontend Transport; Sat, 21 Jun 2025 20:46:45 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 21 Jun 2025 22:46:42 +0200 From: Johannes Schneider Date: Sat, 21 Jun 2025 22:46:28 +0200 Subject: [PATCH meta-oe v2 1/3] systemd: add recipe for systemd-repart-native 257.6 MIME-Version: 1.0 Message-ID: <20250621-discoverable-disk-image-v2-1-52df3053fc1f@leica-geosystems.com> References: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> In-Reply-To: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> To: openembedded-devel@lists.openembedded.org CC: =?utf-8?q?Enrico_J=C3=B6rns?= , raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com, bsp-development.geo@leica-geosystems.com, Johannes Schneider X-Mailer: b4 0.14.2 X-OriginalArrivalTime: 21 Jun 2025 20:46:42.0641 (UTC) FILETIME=[9836B410:01DBE2ED] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00027A6A:EE_|PA2PR06MB9246:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f37b73f-8e50-4a6f-069f-08ddb104bc5b X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|36860700013|82310400026|13003099007; X-Microsoft-Antispam-Message-Info: L4TcokDZJjkDlGgSxtopMF12djFVPLtpI1bdQYkrVRPUVllMW41t0tY+jAdzq5H9y6qoMAPeYNeG/X0ecFj+0Qvd116LdhYllc4kAwgMpJjbdRB/HD8lEBDjzkyWReLru+U7+t9fMBgw8WJO8l+CPor3xMeXdyZ+DBmMDEdq1WBeIzsXNSu/ebQBINF1WXxYI+e9Ect+INJHu0rB6rQ9J7LEw8qSoIiyhgvogwJWx8116FK+WtUK3eel8WGxyfLh6UI/RrOirX1ee81q5Zbdpr9NBAb5XagaH2bnow8It/PIkf874a61p7TWHMQwhz7foW1yBy8G5UElJY1bS0Z3VlDpYuMdz/HN1LVUhlszBMIFAorkC6wN7LQKCSAxBGlmeAaJ6r/IxklCRwRcNnude41jgln0kE949Bg/obvOUMxzTRmAR3mXiDlqcm3Bd+Q+4SrQQX4YAZUpV2lRvhOsuEzfysc4YQ9yP+ZFAdT90ih4DSi1ZuKQDH0m6RokODu2ZelNGlbKNV5wQfJctFMk0YA+95AjcMsEkUtRnA3vPrctCJlYQssR7mOYJTse0Jpfm7+gftHCB3FOqiM4nDPZXE96fRsVdlX5BPlOCGebKIuSGknEkDaCsLTVdmfrpFBAyiMPrSPSkljj7FEG/bTgWKbma3WwWcYFUiStpyXXYZU9odG8tOTBldmnv7/lPt0pMVUKhjcqoMwPN/OL9yVZEsVHGme3R2b1MiqXlcfxqv0CHpQnDW39JXYN5ElH9egIPzzeJjDpevNN6ZPJklrALCnSq/Bnu24piNJgZD7jjYEBoTo4DAJaXUFByrdjV9XWeIGMCJd5PsGtJp75N9YToks6TmzennfpjtadBfRc3CI8mKyckStz8UhiguoAPS9YGmfYGu6EnZncrIJE+PruaMD17IiiJ131hC4vkuaF27Y9LBdFftEa0mRJlWnScL2On0N3iR+NJuEmkGQMqEj3C8vDktBprLhBPdQjMXGLJh6a0SI81FNRpOBFsmr0kxLw6J7I8pMM1XklndXEgH6OyKW2Ck4/PJsZSk6jjcK2o0jqjrfbGEtY2D64+IhYLRKk51/y1DSbikUJnIIrLw4jKJqSFb6aerVnmyQ7bczX6Ti2afPfdDfzB31rPg0lioD/jrNQaMQIhXCeUWqyAbxjn1GoXjOTijKSq+nqeqKB4kHcdJth2P3ObhwANC79AHcgwf++itWjyHRCW5iWbc7Fi7RoZBe38wtyprn0lnNB4avFIih3S/RAwYxLmh3yVWlP5zx1wNSwIPQLWr4+vvZx7EUlVyMMw50BI2aZDunJFMsL6IydIt+yYfAXFVh6Ydig256TyJrqWz2znDeAb5aDxUBbmCS+pcrHyZKFTzlJlVb5UBIsrD1bODxVHl6nvEYihOxO62/TZNh90Azsx5OvPrp7LBVgYk8c5E5u5t3gSl+sZ+XwUKlaP3zq7SBr2WQHa9G1C803xqSdOGVvMu2SkA== X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(1800799024)(376014)(36860700013)(82310400026)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2025 20:46:45.4204 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f37b73f-8e50-4a6f-069f-08ddb104bc5b X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00027A6A.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA2PR06MB9246 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 21 Jun 2025 20:46:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/118014 Add a recipe to build systemd-repart-native. The chosen version is a relatively recent one, to support: 1) PKCS#11 uris [1] to pass in the private key when creating a discoverable disk image (as·--private-key-source). 2) setting Compression=/CompressionLevel= in the configuration [2], which is then passed over to a (recent version of) mkfs.erofs The recipe was adapted from an incomplete 'systemd-tools' patch [3] that is floating upstream. Link: [1]: https://github.com/systemd/systemd/commit/0a8264080a5d4b5e13e65eed80ac98a476f7fe43 Link: [2]: https://github.com/systemd/systemd/commit/27cacec939a46f61706d7b48a51b6f5880be4662 Link: [3]: https://lists.openembedded.org/g/openembedded-core/topic/108223984#msg204065 Signed-off-by: Johannes Schneider --- .../systemd/systemd-repart-native_257.6.bb | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb b/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb new file mode 100644 index 0000000000000000000000000000000000000000..15b60af02ede966aa8266048cff1f1a4e7ddba21 --- /dev/null +++ b/meta-oe/recipes-core/systemd/systemd-repart-native_257.6.bb @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: MIT +# +# Copyright Leica Geosystems AG +# + +SUMMARY = "systemd-repart" +DESCRIPTION = "systemd-repart grows and adds partitions to a partition table, based on the configuration files described in repart.d(5), or generates a Discoverable Disk Image (DDI) for a system extension (sysext, see systemd-sysext(8))." +HOMEPAGE = "http://www.freedesktop.org/wiki/Software/systemd" + +LICENSE = "GPL-2.0-only & LGPL-2.1-or-later" +LICENSE:libsystemd = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ + file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" + +SRCREV = "00a12c234e2506f5cab683460199575f13c454db" +SRCBRANCH = "v257-stable" +SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}" + +S = "${WORKDIR}/git" + +DEPENDS = " \ + cryptsetup-native \ + gperf-native \ + libcap \ + python3-jinja2-native \ + util-linux \ +" + +inherit meson pkgconfig gettext native + +MESON_TARGET = "systemd-repart" + +# Helper variables to clarify locations. This mirrors the logic in systemd's +# build system. +rootprefix ?= "${root_prefix}" +rootlibdir ?= "${base_libdir}" +rootlibexecdir = "${rootprefix}/lib" + +EXTRA_OEMESON += "-Dnobody-user=nobody \ + -Dnobody-group=nogroup \ + -Drootlibdir=${rootlibdir} \ + -Drootprefix=${rootprefix} \ + -Ddefault-locale=C \ + -Dmode=release \ + -Dsystem-alloc-uid-min=101 \ + -Dsystem-uid-max=999 \ + -Dsystem-alloc-gid-min=101 \ + -Dsystem-gid-max=999 \ +" + +do_install() { + install -d ${D}${bindir}/ + install -m 0755 ${B}/systemd-repart ${D}${bindir}/systemd-repart + install -d ${D}${libdir}/ + install -m 0644 ${B}/src/shared/libsystemd-shared-257.so ${D}${libdir}/libsystemd-shared-257.so + + install -d ${D}${libdir}/systemd/repart/ + cp -r ${S}/src/repart/definitions ${D}${libdir}/systemd/repart/ +} From patchwork Sat Jun 21 20:46:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schneider X-Patchwork-Id: 65426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 713FCC71157 for ; Sat, 21 Jun 2025 20:46:56 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.6]) by mx.groups.io with SMTP id smtpd.web10.14977.1750538814598197521 for ; Sat, 21 Jun 2025 13:46:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@leica-geosystems.com header.s=selector1 header.b=YDNagRvz; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 52.101.70.6, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sQQfdrtCmrJMLwCXwFLBN7w/ghD1twehxxeqiYdvtchg/fgoMQYS5BhqE0R3fOUQ6fI7jmlPNY54EmORbJvxm5oEyUI+RB9mh0SwvGO+0J2giGJYuksIGjmgyzJovNwX6jW+T/wLFbKeY9H5Uvqq1rBZgefsoiEOLcUGQhdSam5tRi6FPX8+mMXXPGyliLavIUEYbwv7n5uOfT7pb9Q6h2ExlhF+XT9maAAJdGLrngxUL69BXCpZHA3xf2HbP8vmz58Q5AZCdxVxt9g350fVfEjkbUwFGFD6HkH6g1pDgDU/8hU60TVd/Tt455e2eWsjPeZdtZpmRri6X7NOelZM4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dukNFNmsQC4ezRKIkfNopSovl2/wnPiObD5wXHI1Iso=; b=ySQDwo0UQdzvloVMcKyDiPY+TrV7D47ci88FWwLBBMYEWtyKPX1L4SuDez23qlZ30WW6wui+hTEgRBOd7PWkhGe8bUn7f80tUaHi8rUofAv5drU29cfRkf4GCc98AlGoiHfq1lpTulos7C5+fNYBg/pXhmLTiBxBy4bDq0j3cW7qI9UtLZwIIW7d9ybyZTdv9ybD35yQLVclaxuUsuyd+Dv4tnEs+uheXaDTSMDcG9sFwi14Q/Q/zWSL7X40R59jHJmFezCcCjQQdyxRyBPlTTxeW7qsOz3M4+ShasVX4UGe5Vlrxchz3aH0JBvoM7scY0H4WKizmqa1579nja2oZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=temperror action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dukNFNmsQC4ezRKIkfNopSovl2/wnPiObD5wXHI1Iso=; b=YDNagRvz46I+yVNuHlVOwYe0W2Y/B9rVOE13glDteyVMV5DSZ+irazt66nA+8OOFuxCzPKECzDPLB2nRVFb9r7ycvvY9DhLX75q0YVe5d/e5WFyshmu4bJ2BrsTKfKgf4NDVkKKFS3ove5dBBaNOgyQ5/rxvfHqkNXdFbAOCtn8= Received: from AM0PR03CA0021.eurprd03.prod.outlook.com (2603:10a6:208:14::34) by OSKPR06MB10004.eurprd06.prod.outlook.com (2603:10a6:e10:9a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.26; Sat, 21 Jun 2025 20:46:48 +0000 Received: from AM4PEPF00027A6A.eurprd04.prod.outlook.com (2603:10a6:208:14:cafe::3e) by AM0PR03CA0021.outlook.office365.com (2603:10a6:208:14::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8857.27 via Frontend Transport; Sat, 21 Jun 2025 20:46:48 +0000 X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=temperror action=none header.from=leica-geosystems.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of leica-geosystems.com: DNS Timeout) Received: from hexagon.com (193.8.40.94) by AM4PEPF00027A6A.mail.protection.outlook.com (10.167.16.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.14 via Frontend Transport; Sat, 21 Jun 2025 20:46:46 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 21 Jun 2025 22:46:42 +0200 From: Johannes Schneider Date: Sat, 21 Jun 2025 22:46:29 +0200 Subject: [PATCH meta-oe v2 2/3] classes: add discoverable disk image class MIME-Version: 1.0 Message-Id: <20250621-discoverable-disk-image-v2-2-52df3053fc1f@leica-geosystems.com> References: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> In-Reply-To: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> To: openembedded-devel@lists.openembedded.org Cc: =?utf-8?q?Enrico_J=C3=B6rns?= , raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com, bsp-development.geo@leica-geosystems.com, Johannes Schneider X-Mailer: b4 0.14.2 X-OriginalArrivalTime: 21 Jun 2025 20:46:42.0641 (UTC) FILETIME=[9836B410:01DBE2ED] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00027A6A:EE_|OSKPR06MB10004:EE_ X-MS-Office365-Filtering-Correlation-Id: 9c9dd984-45c4-4f5e-4993-08ddb104bd35 X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014|13003099007; X-Microsoft-Antispam-Message-Info: =?utf-8?q?xGyvvoGi0DOhyzQ9hCdHpOkAfaFfoGS?= =?utf-8?q?wgWwMNGJskOHOLJCHNiXqNKGlM35yjWRbyEKR8dfwuLXmioa411LH9A7jhyGQU81s?= =?utf-8?q?sl+kzjh3xFtXiY8Wpgpu9kxgSBNw0lNadiAlX7lbb9lMnDqMGzpEGEAog/AtCYhr3?= =?utf-8?q?aMDgiiwmDqnQmOw/2WBnpSphajqW7euhXiVNsN/VAYbEQn3Ig/LTGYLhbHm7VeZ29?= =?utf-8?q?k/1F7LnlrxA0Qcb6yHHXXvowXNngTGgRQ5LbZRMqzucYV/CxG2s4n5pYpLMi269oL?= =?utf-8?q?kBXs2zNP1D2GmrElMrXtvBWRJgx4vU64uoXwns8rsTlLlSGxIEDC/ysuQjUI3fTDR?= =?utf-8?q?lV62rYN0HcwNYIYqdAILeYf978LitceaWLpqcNnL5CVbfIt5zfIsRkbr27e58G4oV?= =?utf-8?q?BfUKnPkd6nM7866v3UucffX4ky3hYEAGf79fdKVjyxsLE9UkEO30X8TXSJaKCkIul?= =?utf-8?q?6Ib2UZhnq4R0l2RwFx1fLLvOb2SfP5kBY6D4sT6GArrYbMZLmldFWesb/uwIPpdhE?= =?utf-8?q?Vjx+V4TEktmtH583GD1inPlYx1loJPMft2wfVLd0kLCRlEey+u987ZRirlcxuC+Kw?= =?utf-8?q?3KOx2LyfeJzdnmqKNyioTQzVJblbY1bgOMtoKoxBmKr6nsqNVMuMzAvMOxnBtp8Qw?= =?utf-8?q?867oPR1FGyoeGos7eNNsjALO1DAh4ctioIawSTDclTeayyiSMxz9GOezbYXhsv0DT?= =?utf-8?q?kGWW5a8327gBKlvqHRaNe7tjjwyPNHtSgSurQgBmUqIkpCzAISUK7CJ95GRZQ8pCM?= =?utf-8?q?+83GNb4KJ4zYjPs1xpDzHxX8LDYdO6krXxkaO+f77K+2KTaZc/pqQy/gF3pcGJIgC?= =?utf-8?q?uSDoq1XmFXWKdo8gIQUGEfNSEZaH7RH6YH7wM6l85UzETWDfY28y0+CMcxUiRVksQ?= =?utf-8?q?vn380KPFIgaJwJn9NYgMmbYQRizdOa9WkodUBkzNcJV0jQIHyEtd5UIAc4SqlB+Jx?= =?utf-8?q?DOsWXQ4sxQgYE9wbvY9rIvO8V/BeNu3lkyseGo7eundAJzMvp51BiHwxgacWyLlR2?= =?utf-8?q?Ejp8HCKbSFfz6sG9HScOii1v8vkGSPSRYEUJxLzRFjcp6sqYp07h955/xorj/1xTc?= =?utf-8?q?KAZzgyxZH6fhXQgyUQtPpIia9sQEvWUtTl5JiWzSVUehlVxIPXRlDXlgQLdnAdAy/?= =?utf-8?q?vuFos9IeBlgHHXzej+LTT/P/nuwo1Cc/Dpwqi1ezkR1TmBaFflE8qe0Q0mi8uygHl?= =?utf-8?q?jI8BlQivgODOI3h8y0xzPlHsNdZIGPXHNwQG2Zh41bVrZWEd+86t8YZRGB+/ZIFRQ?= =?utf-8?q?LuECB3e/zBHsXHPPxTHLCoBwiXsBHzSr9tJbNpUMfDGCuLVxQQIhaWuZh5z8wVHX0?= =?utf-8?q?aMZ/gS3LiVs8Cd6NeTSV9U9PfNEnhxKLk+PHtPcE+q4D4tYvAKYl7Q8YRCLuId9As?= =?utf-8?q?tF6KuTw31WQ8KrmyOVM6MmiHMdbP/ZQTQ=3D=3D?= X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2025 20:46:46.8507 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9c9dd984-45c4-4f5e-4993-08ddb104bd35 X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00027A6A.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSKPR06MB10004 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 21 Jun 2025 20:46:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/118016 Add a class to build discoverable disk images [1] through systemd-repart(-native). Note that systemd >= 256 is required for '--private-key-source' The class was adapted from a patch [2] floating upstream. Link: [1]: https://uapi-group.org/specifications/specs/discoverable_disk_image/ Link: [2]: https://lists.openembedded.org/g/openembedded-core/message/198724 Signed-off-by: Johannes Schneider --- meta-oe/classes/discoverable-disk-image.bbclass | 137 ++++++++++++++++++++++++ 1 file changed, 137 insertions(+) diff --git a/meta-oe/classes/discoverable-disk-image.bbclass b/meta-oe/classes/discoverable-disk-image.bbclass new file mode 100644 index 0000000000000000000000000000000000000000..1f3a7b08e153a34a37e859435574e6d577045832 --- /dev/null +++ b/meta-oe/classes/discoverable-disk-image.bbclass @@ -0,0 +1,137 @@ +## +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# +# +# Discoverable Disk Image (DDI) +# +# "DDIs (Discoverable Disk Images) are self-describing file system +# images that follow the DPS ( Discoverable Partitions Specification), +# wrapped in a GPT partition table, that may contain root (or /usr/) +# filesystems for bootable OS images, system extensions, configuration +# extensions, portable services, containers and more, and shall be +# protected by signed dm-verity all combined into one. They are +# designed to be composable and stackable, and provide security by +# default." +# https://uapi-group.org/specifications/specs/discoverable_disk_image/ +# https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ +# https://www.freedesktop.org/software/systemd/man/latest/systemd.image-policy.html + +# To be able to use discoverable-disk-images with a +# root-verity-sig or usr-verity-sig configuration: +# - systemd needs to include the PACKAGECONFIG 'cryptsetup', and +# - the kernel needs the following features enabled: +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING=y +# CONFIG_EROFS_FS=y +# CONFIG_EROFS_FS_XATTR=y +# CONFIG_EROFS_FS_ZIP=y +# CONFIG_EROFS_FS_ZIP_LZMA=y +# CONFIG_INTEGRITY_SIGNATURE=y +# CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y +# CONFIG_INTEGRITY_PLATFORM_KEYRING=y +# CONFIG_SYSTEM_BLACKLIST_KEYRING=y +# CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# CONFIG_SIGNATURE=y + +# To sign DDIs, a key and certificate need to be provided by setting +# the variables: +# REPART_PRIVATE_KEY +# private key so sign the verity-hash +# REPART_PRIVATE_KEY_SOURCE +# optional, can be "engine:pkcs11" when using a (soft)hsm +# REPART_CERTIFICATE +# corresponding public certificate, in .pem format +# + +# For signature verification, systemd-sysext expects the matching +# certificate to reside in /etc/verity.d as PEM formated .crt file. +# +# To enforce loading of only signed extension images, an appropriate +# image policy has to be passed to systemd-sysext, e.g.: +# systemd-sysext --image-policy='root=signed+absent:usr=signed+absent:=unused+absent' merge + +# 'systemd-dissect' can be used to inspect, manually mount, ... a DDI. + +inherit image + +IMAGE_FSTYPES = "ddi" + +DEPENDS += " \ + systemd-repart-native \ + erofs-utils-native \ + openssl-native \ +" + +# systemd-repart --make-ddi takes one of "sysext", "confext" or "portable", +# which it then takes and looks up definitions in the host os; which we need +# to divert to the sysroot-native by setting '--definitions=' instead. +# The chosen DDI_TYPE influences which parts of the rootfs are copied into +# the ddi by systemd-repart: +# sysext: /usr (and if it exists: /opt) +# confext: /etc +# portable: / +# For details see systemd/repart/definitions/${REPART_DDI_TYPE}.repart.d/* +REPART_DDI_TYPE ?= "sysext" + +REPART_DDI_EXTENSION ?= "ddi" + +# systemd-repart creates temporary directoryies under /var/tmp/.#repartXXXXXXX/, +# to estimate partition size etc. Since files are copied there from the image/rootfs +# folder - which are owned by pseudo-root - this temporary location has to be +# added to the directories handled by pseudo; otherwise calls to e.g. +# fchown(0,0) inside systemd git/src/shared/copy.c end up failing. +PSEUDO_INCLUDE_PATHS .= ",/var/tmp/" + +oe_image_systemd_repart_make_ddi() { + + local additional_args="" + + if [ -n "${REPART_PRIVATE_KEY}" ] + then + if [ -n "${REPART_PRIVATE_KEY_SOURCE}" ] + then + additional_args="$additional_args --private-key-source=${REPART_PRIVATE_KEY_SOURCE}" + fi + additional_args="$additional_args --private-key=${REPART_PRIVATE_KEY}" + fi + + if [ -n "${REPART_CERTIFICATE}" ] + then + additional_args="$additional_args --certificate=${REPART_CERTIFICATE}" + fi + + # map architectures to systemd's expected values + local systemd_arch="${TARGET_ARCH}" + case "${systemd_arch}" in + aarch64) + systemd_arch=arm64 + ;; + x86_64) + systemd_arch=x86-64 + ;; + esac + + # prepare system-repart configuration + mkdir -p ${B}/definitions.repart.d + cp ${STAGING_LIBDIR_NATIVE}/systemd/repart/definitions/${REPART_DDI_TYPE}.repart.d/* ${B}/definitions.repart.d/ + # enable erofs compression + sed -i "/^Compression/d" ${B}/definitions.repart.d/10-root.conf + echo "Compression=lzma\nCompressionLevel=3" >> ${B}/definitions.repart.d/10-root.conf + # disable verity signature partition creation, if no key is provided + if [ -z "${REPART_PRIVATE_KEY}" ]; then + rm ${B}/definitions.repart.d/30-root-verity-sig.conf + fi + + systemd-repart \ + --definitions="${B}/definitions.repart.d/" \ + --copy-source="${IMAGE_ROOTFS}" \ + --empty=create --size=auto --dry-run=no --offline=yes \ + --architecture="${systemd_arch}" \ + --json=pretty --no-pager $additional_args \ + "${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${REPART_DDI_EXTENSION}" +} + +IMAGE_CMD:ddi = "oe_image_systemd_repart_make_ddi" +do_image_ddi[deptask] += "do_unpack" From patchwork Sat Jun 21 20:46:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Johannes Schneider X-Patchwork-Id: 65428 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57389C7115C for ; Sat, 21 Jun 2025 20:47:06 +0000 (UTC) Received: from OSPPR02CU001.outbound.protection.outlook.com (OSPPR02CU001.outbound.protection.outlook.com [40.107.159.20]) by mx.groups.io with SMTP id smtpd.web10.14978.1750538815773840661 for ; Sat, 21 Jun 2025 13:46:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@leica-geosystems.com header.s=selector1 header.b=MFISNh5s; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: leica-geosystems.com, ip: 40.107.159.20, mailfrom: johannes.schneider@leica-geosystems.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PuthH5+JOdvGl0z6mUogms7bhn1uJ8Ptsn5ohpqMHE13hGBGAGE7BErFkk2+N24WUVDijh75DhgIxuvZmuSPBNIsFgXNrGk2ACQAzGk0Av+JO9xzF4rWA2CuMasSLA6nTM37ki95FXL+wiieTmQ6epJ+ycj6OcQVddRiRZw4Z7jY7CmjBqb9WlnFJZlJq4uONp7GXgfJOB8rKrHUbGd0WmmZ5PWqzhUH1jScedJrJZh6vC9IDVGvRoPWYq7UAm6qjVdwItwCOlW5HX8YlyXcXgTqDZa4jno2MgIgRqyxppR7ekqNQ03cyLx3JS0bqOgDOvZSl7x0M5FEdTulBuHqyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bz5PraUsv85pzidLV0l80cuwqvMCjQmxFASP9y1EonM=; b=Oac1KgkG3Px23R/WDG8ehdMKxgPJ4OtdHbcT3B19kRjcFZ8iKVnL9Ncpd/xhltIm9Ha41TDuRQGPKKOqu3TrzVKnGNppn8D1fPqDRZA8O4ExxIicdiQPVKRxGfZbOtEeavv7eN7gT1n3s+ae6Ac31/0niAz2lItjZO4GeRkqY2wPCkoiarF8VtJcJCuNKKnFXIr5P4CIJm0TD2f+tfr9n5hwL2f6ZdB8nDl9+tEp767Y7fhimIeL/DDlTND6iOnmXqd63TP9/DX+1nlUKIy0xoN1AyYKf5CvPYiPE7oD/oUEo0rhSHsBGPcZJMxAhlYBv6QntHGnf/ET53XTFCVUdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.8.40.94) smtp.rcpttodomain=lists.openembedded.org smtp.mailfrom=leica-geosystems.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=leica-geosystems.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leica-geosystems.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bz5PraUsv85pzidLV0l80cuwqvMCjQmxFASP9y1EonM=; b=MFISNh5sAV8PE/vwfKioquPSV/sT374QzK2kZxYh1up7Qkh84c7tV08z/Z3vWoLq7efbYtDdl58sNrC8PLv4YHt5ti6guoi9WDt9IQsqkaifJvAKJI4xmFehlp/XI2biFu+lyWYEYMXwgRB5PwdiO6AzMehKDU5jH2tcSNeiUCM= Received: from AM0PR03CA0035.eurprd03.prod.outlook.com (2603:10a6:208:14::48) by PA4PR06MB8547.eurprd06.prod.outlook.com (2603:10a6:102:2aa::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.26; Sat, 21 Jun 2025 20:46:50 +0000 Received: from AM4PEPF00027A6A.eurprd04.prod.outlook.com (2603:10a6:208:14:cafe::25) by AM0PR03CA0035.outlook.office365.com (2603:10a6:208:14::48) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8857.27 via Frontend Transport; Sat, 21 Jun 2025 20:46:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.8.40.94) smtp.mailfrom=leica-geosystems.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=leica-geosystems.com; Received-SPF: Pass (protection.outlook.com: domain of leica-geosystems.com designates 193.8.40.94 as permitted sender) receiver=protection.outlook.com; client-ip=193.8.40.94; helo=hexagon.com; pr=C Received: from hexagon.com (193.8.40.94) by AM4PEPF00027A6A.mail.protection.outlook.com (10.167.16.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8880.14 via Frontend Transport; Sat, 21 Jun 2025 20:46:50 +0000 Received: from aherlnxbspsrv01.lgs-net.com ([10.60.34.116]) by hexagon.com with Microsoft SMTPSVC(10.0.17763.1697); Sat, 21 Jun 2025 22:46:42 +0200 From: Johannes Schneider Date: Sat, 21 Jun 2025 22:46:30 +0200 Subject: [PATCH meta-oe v2 3/3] classes: add a systemd-sysext image class MIME-Version: 1.0 Message-ID: <20250621-discoverable-disk-image-v2-3-52df3053fc1f@leica-geosystems.com> References: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> In-Reply-To: <20250621-discoverable-disk-image-v2-0-52df3053fc1f@leica-geosystems.com> To: openembedded-devel@lists.openembedded.org CC: =?utf-8?q?Enrico_J=C3=B6rns?= , raj.khem@gmail.com, mikko.rapeli@linaro.org, erik@riscstar.com, bsp-development.geo@leica-geosystems.com, Johannes Schneider X-Mailer: b4 0.14.2 X-OriginalArrivalTime: 21 Jun 2025 20:46:42.0656 (UTC) FILETIME=[9838FE00:01DBE2ED] X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00027A6A:EE_|PA4PR06MB8547:EE_ X-MS-Office365-Filtering-Correlation-Id: 2217136e-f69b-416e-53d3-08ddb104bf3d X-SET-LOWER-SCL-SCANNER: YES X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|1800799024|36860700013|13003099007; X-Microsoft-Antispam-Message-Info: /Wjjh2aMnJzRBUTPBKy/K2WgSl6b42/TkdNehN85HnKRgoO1Zh5TUQw7bhUuysYESD4vOhionDv8NQ6JaBJCiP86EdyhWt6GnQOzBkqWv+W2aUQDrPmLRRtqBPuAyqFMFlAYnTYCsnsH7lqNCOmmtN1XV3ocjiWDND+79WPj7fOajm/yb5lJsBW2VwP9G9ePxCVSIMTF9W0m17Ii7KZiEb9F578TJ2g7x1DGlkmNMw8wq/qwVYac/bT2uEbHjanYovkQx+Rzf+D8+8Wvcm9LkAgxfUowds4832qpKTBap4E/gv49t+RveES+1AoySZsBfHUerdglEuDBArCWGVWI98zFuHOyX5PKVfsBfqICa0U7dFqgAq7y+RLj4FueRPonFiwL/1rxXSj99A7jzOu76WxGZvY59GlfwSXTeCZHB8jlrb9+rh2xsyyLMryp/3uV/HMwb0/rIR2ZgbpgSIEBJK98E5ImGc+WezDHL8FLsqhX2Aq3MF2RTT3agYAzYrAZiT8CGf7rK50a3tVYFVEcAycWjUFzEZ5uH4RLjTe1hHV7dZG/MHlmy9eBq7JzJC8trmz5e5GPFujWYEMvthHvgcS+KBYCom0wzcctlyJ12n55mnByHGfeZfGPfKD4myp3GjNGJq4KFNtIknp776TfNmvanqtmnNqxfsQtl1sTHE2ddh8So5Pcx9hDsGqVjgdC58f9pLJkdYNfZHJOsMlSVgq46GiEe3OKikwpz2ztpbKpmFv1SE+e8jWhaTs0tMZWF8xo98s/ZjZKbbctp2JtfNqAiSlyJGTjQC99WDbacEC31O8LYQO8kY7xhCPN8SIelM8klVp1M39e9cyMDGl9w0RxM2iXLCt+bQb4/GZ5loVaCgQjnomyQYeXSGSlzxfDu8nj7VSQLiccHF0ZmyVYKhkANvR2VsxgVKU8vqmsz1BZoVRoa01KYovGcdLl1HbTHCS5u03KRi1i0/Upro8BMJmMtXaTDAsO3BtTGGvP3Hig5lzW3Ah6mokehTZPrXWD/8GQ8Ddon3q1BIhhz7HvpaTTVwNIS6POhBxQLKQdJVTjUfx+aPbr2JtwzJzcjcdTrysNKc3IxDFtNcDdJ0qz5DnsWzuHK1GNuvYRyfX7A2SxGKxlvSwCYjrRO6RR9p3pzvAs43GnvcS+wSTX9ss0uwuMXPcqMChDBhunRdygAq16zhyriy6G04P0QnwtRQj3AsErS0EAIwlAIxnubKgRKSTLml1kP5Xeaz7SCQpd9k8aTHmlLWkwLHi8Fez8IRpeT4VBxkD/+NJ85rEiJy7kyXQMn4eZZFoq0nJmmaunvlCHKhJRTF7oxhI+JoTCLCkc7QUC3jIBwN3hRuIQXwm8m1Ae3PlSNJ9Lg1w6RtvGb4utUHamNvbp+RZC8NsHqje/fcgod/L/PcZVTzaA+v94fvRROrkrolWtywDJDTzzt6OQsl++Tku1nKL84TTE8KlTOJgTqOn+JAfXoN8ljNfP2w== X-Forefront-Antispam-Report: CIP:193.8.40.94;CTRY:CH;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:hexagon.com;PTR:ahersrvdom50.leica-geosystems.com;CAT:NONE;SFS:(13230040)(376014)(82310400026)(1800799024)(36860700013)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: leica-geosystems.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2025 20:46:50.2591 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2217136e-f69b-416e-53d3-08ddb104bf3d X-MS-Exchange-CrossTenant-Id: 1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1b16ab3e-b8f6-4fe3-9f3e-2db7fe549f6a;Ip=[193.8.40.94];Helo=[hexagon.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00027A6A.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR06MB8547 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 21 Jun 2025 20:47:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/118017 systemd-sysext can load a raw-image containing usr/ and opt/ folders to mount them as RO overlay over the rootfs, to "extend" the systems. This class provides the necessary changes/additions to the enclosed filesystem so that systemd-sysext accepts the extension for "merge" into the rootfs. With such a created image, placed into the correct folder (see [1]), `systemd-sysext list` should be able to list the "extension" and `systemd-sysext merge` should enable the overlay. On both commands a preceding "SYSTEMD_LOG_LEVEL=debug" can aide in figuring out what is amiss. Link: https://www.freedesktop.org/software/systemd/man/latest/systemd-sysext.html Link: https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html Signed-off-by: Johannes Schneider --- meta-oe/classes/sysext-image.bbclass | 87 ++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/meta-oe/classes/sysext-image.bbclass b/meta-oe/classes/sysext-image.bbclass new file mode 100644 index 0000000000000000000000000000000000000000..3771236c6ea35d8152b676ca915b14da57c38372 --- /dev/null +++ b/meta-oe/classes/sysext-image.bbclass @@ -0,0 +1,87 @@ +# +# Copyright OpenEmbedded Contributors +# +# SPDX-License-Identifier: MIT +# + +# System extension images may – dynamically at runtime — extend the +# /usr/ and /opt/ directory hierarchies with additional files. This is +# particularly useful on immutable system images where a /usr/ and/or +# /opt/ hierarchy residing on a read-only file system shall be +# extended temporarily at runtime without making any persistent +# modifications. + +## Example usage: +# extension-image-example.bb +#SUMMARY = "An example image to showcase a system extension image." +#LICENSE = "MIT" +#inherit discoverable-disk-image sysext-image +#IMAGE_FEATURES = "" +#IMAGE_LINGUAS = "" +#IMAGE_INSTALL = "gdb" +# +## After building, the resulting 'extension-image-example-*sysext.rootfs.ddi' +# can be deployed to an embedded system (running from a RO rootfs) and +# 'merged' into the OS by following steps: +## 1. place a symlink into the systemd-sysext image search path: +# $> mkdir /run/extensions +# $> ln -s /tmp/extension-example.sysext.ddi /run/extensions/example.raw +## 2. list all available extensions: +# $> systemd-sysext list +## 3. and enable the found extensions: +# $> SYSTEMD_LOG_LEVEL=debug systemd-sysext merge + +# Note: PACKAGECONFIG:pn-systemd needs to include 'sysext' + +# systemd-sysext [1] has a simple mechanism for version compatibility: +# the extension to be loaded has to contain a file named +# /usr/lib/extension-release.d/extension-release.NAME +# with "NAME" part *exactly* matching the filename of the extensions +# raw-device filename/ +# +# From the extension-release file the "ID" and "VERSION_ID" fields are +# matched against same fields present in `os-release` and the extension +# is "merged" only if values in both fields from both files are an +# exact match. +# +# Link: https://www.freedesktop.org/software/systemd/man/latest/systemd-sysext.html + +inherit image + +# Include '.sysext' in the deployed image filename and symlink +IMAGE_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}${IMAGE_VERSION_SUFFIX}.sysext" +IMAGE_LINK_NAME = "${IMAGE_BASENAME}${IMAGE_MACHINE_SUFFIX}.sysext" +EXTENSION_NAME = "${IMAGE_LINK_NAME}.${IMAGE_FSTYPES}" + +# Base extension identification fields +EXTENSION_ID_FIELD ?= "${DISTRO}" +EXTENSION_VERSION_FIELD ?= "${DISTRO_VERSION}" + +sysext_image_add_version_identifier_file() { + # Use matching based on Distro name and version + echo 'ID=${EXTENSION_ID_FIELD}' > ${WORKDIR}/extension-release.base + # os-release.bb does "sanitise_value(ver)", which needs to be done here too + echo 'VERSION_ID=${EXTENSION_VERSION_FIELD}' \ + | sed 's,+,-,g;s, ,_,g' \ + >> ${WORKDIR}/extension-release.base + + # Instruct `systemd-sysext` to perform re-load once extension image is verified + echo 'EXTENSION_RELOAD_MANAGER=1' >> ${WORKDIR}/extension-release.base + + install -d ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d + install -m 0644 ${WORKDIR}/extension-release.base \ + ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d/extension-release.${EXTENSION_NAME} + + # systemd-sysext expects an extension-release file of the exact same name as the image; + # by setting a xattr we allow renaming of the extension image file. + # (Kernel: this requires xattr support in the used filesystem) + setfattr -n user.extension-release.strict -v false \ + ${IMAGE_ROOTFS}${nonarch_libdir}/extension-release.d/extension-release.${EXTENSION_NAME} +} + +ROOTFS_POSTPROCESS_COMMAND += "sysext_image_add_version_identifier_file" + +# remove 'os-release' from the packages to be installed into the image. +# systemd-sysext otherwise raises the error: +# Extension contains '/usr/lib/os-release', which is not allowed, refusing. +PACKAGE_EXCLUDE += "os-release"