On Fri, Mar 10, 2017 at 4:33 AM, Patrick Ohly <patrick.o...@intel.com> wrote: > On Thu, 2017-03-09 at 18:11 -0300, Otavio Salvador wrote: ... >> While discussing this with Fabio here, at O.S. Systems, we ended >> agreeing that wic touching the fstab is wrong. The fstab should be >> prepare as part of the image and not mangled during the disk >> generation. > > I agree that it is a hack, and I also would prefer to not have wic > modify the existing rootfs. That also breaks when IMA is enabled, > because then the content of the /etc/fstab must match the security.ima > xattr that was calculated for the unmodified content.
Exactly! the generated rootfs should not be modified. This is critical for IMA but also for root-only fs and delta-based upgrades. > However, it's a problem that doesn't have a good solution. The image > recipe which describes what goes into the rootfs and thus determines the > content of /etc/fstab has little control over the IMAGE_FSTYPES - that's > typically set by the BSP or the user. Yes but the /etc/fstab should be modified by the metadata and not during the image generation. The format used (ext4, fsfs, wic...) should not impact in the contents inside of the image. > Suppose IMAGE_FSTYPES = "ext4 wic", and the WKS_FILE has multiple > partitions and thus needs more entries in /etc/fstab than the > single-partition "ext4" - the result of do_rootfs simply cannot work for > both. That is the point. If the machine requires to use multiple partitions the ext4 should have the /etc/fstab ready for use when deployed. > Right now, all one can do is assume (or perhaps check) that the right > IMAGE_FSTYPES are set. > >> The mangled fstab is disastrous if someone uses an image upgrade. The >> generated tarball or filesystem WILL NOT be the same running on the >> device as wic will add entries. > > When do you take a snapshot of the rootfs? Is it as another do_image_* > task, via an IMAGE_FSTYPE entry? We generally use the pristine ext4 filesystem, for example. -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core