summaryrefslogtreecommitdiffstats
path: root/meta-netboot/recipes-core
diff options
context:
space:
mode:
Diffstat (limited to 'meta-netboot/recipes-core')
-rw-r--r--meta-netboot/recipes-core/busybox/busybox_%.bbappend7
-rw-r--r--meta-netboot/recipes-core/busybox/busybox_netboot.inc6
-rw-r--r--meta-netboot/recipes-core/images/initramfs-netboot-image.bb23
-rw-r--r--meta-netboot/recipes-core/images/initramfs-netboot-image_netboot.inc23
-rw-r--r--meta-netboot/recipes-core/initramfs-netboot/files/init.sh31
-rw-r--r--meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb12
-rw-r--r--meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service14
-rw-r--r--meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb21
8 files changed, 89 insertions, 48 deletions
diff --git a/meta-netboot/recipes-core/busybox/busybox_%.bbappend b/meta-netboot/recipes-core/busybox/busybox_%.bbappend
index 358913448..fcf6acfd1 100644
--- a/meta-netboot/recipes-core/busybox/busybox_%.bbappend
+++ b/meta-netboot/recipes-core/busybox/busybox_%.bbappend
@@ -1,6 +1 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-
-SRC_URI += " \
- file://enable_nbd.cfg \
- "
-
+require ${@bb.utils.contains('NETBOOT_ENABLED', '1', 'busybox_netboot.inc', '', d)}
diff --git a/meta-netboot/recipes-core/busybox/busybox_netboot.inc b/meta-netboot/recipes-core/busybox/busybox_netboot.inc
new file mode 100644
index 000000000..836493834
--- /dev/null
+++ b/meta-netboot/recipes-core/busybox/busybox_netboot.inc
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI:append = " \
+ file://enable_nbd.cfg \
+ "
+
diff --git a/meta-netboot/recipes-core/images/initramfs-netboot-image.bb b/meta-netboot/recipes-core/images/initramfs-netboot-image.bb
index 965a0bd37..b5610f30d 100644
--- a/meta-netboot/recipes-core/images/initramfs-netboot-image.bb
+++ b/meta-netboot/recipes-core/images/initramfs-netboot-image.bb
@@ -1,23 +1,2 @@
-# Netboot initramfs image.
-DESCRIPTION = "Netboot initrd image"
-
-PACKAGE_INSTALL = "initramfs-netboot busybox base-passwd ${ROOTFS_BOOTSTRAP_INSTALL}"
-
-# Do not pollute the initrd image with rootfs features
-IMAGE_FEATURES = ""
-
-export IMAGE_BASENAME = "initramfs-netboot-image"
-IMAGE_LINGUAS = ""
-
LICENSE = "MIT"
-
-IMAGE_FSTYPES := "${NETBOOT_FSTYPES}"
-inherit core-image
-
-# hotfix for dragonboard (which uses _append in the bsp)
-IMAGE_FSTYPES_remove += "wic.gz"
-
-IMAGE_ROOTFS_SIZE = "8192"
-IMAGE_ROOTFS_EXTRA_SPACE = "256"
-
-BAD_RECOMMENDATIONS += "busybox-syslog"
+require ${@bb.utils.contains('NETBOOT_ENABLED', '1', 'initramfs-netboot-image_netboot.inc', '', d)}
diff --git a/meta-netboot/recipes-core/images/initramfs-netboot-image_netboot.inc b/meta-netboot/recipes-core/images/initramfs-netboot-image_netboot.inc
new file mode 100644
index 000000000..b98024de6
--- /dev/null
+++ b/meta-netboot/recipes-core/images/initramfs-netboot-image_netboot.inc
@@ -0,0 +1,23 @@
+# Netboot initramfs image.
+DESCRIPTION = "Netboot initrd image"
+
+PACKAGE_INSTALL = "initramfs-netboot busybox base-passwd ${ROOTFS_BOOTSTRAP_INSTALL}"
+
+# Do not pollute the initrd image with rootfs features
+IMAGE_FEATURES = ""
+
+export IMAGE_BASENAME = "initramfs-netboot-image"
+IMAGE_LINGUAS = ""
+
+LICENSE = "MIT"
+
+IMAGE_FSTYPES := "${NETBOOT_FSTYPES}"
+inherit core-image
+
+# hotfix for dragonboard (which uses _append in the bsp)
+IMAGE_FSTYPES:remove = "wic.gz"
+
+IMAGE_ROOTFS_SIZE = "8192"
+IMAGE_ROOTFS_EXTRA_SPACE = "256"
+
+BAD_RECOMMENDATIONS += "busybox-syslog"
diff --git a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
index 2b8bc63d0..87a1acb80 100644
--- a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
+++ b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
@@ -21,7 +21,6 @@ EOF
# global variables
-SMACK=n
NBD_SERVER=
NBD_PORT=10809
NBD_DEV=/dev/nbd0
@@ -109,17 +108,6 @@ check_debug "Debug point 1. Exit to continue initrd script (mount NBD device)."
log_info "NBD parameters: device $NBD_DEV, server $NBD_SERVER:$NBD_PORT"
-# check if smack is active (and if so, mount smackfs)
-grep -q smackfs /proc/filesystems && {
- SMACK=y
-
- do_mount_fs smackfs /sys/fs/smackfs
-
- # adjust current label and network label
- echo System >/proc/self/attr/current
- echo System >/sys/fs/smackfs/ambient
-}
-
# start nbd client
try=5
while :;do
@@ -165,9 +153,24 @@ fi
# also use /proc/net/pnp to generate /etc/resolv.conf
rm -f /etc/resolv.conf
grep -v bootserver /proc/net/pnp | sed 's/^domain/search/g' >/etc/resolv.conf
-chsmack -A /etc/resolv.conf
-# unmount tmp and run to let systemd remount them with correct smack labels (SPEC-2596)
+# Do SELinux relabeling if required, to avoid a reboot that would complicate CI
+if [ -f /.autorelabel ]; then
+ # Nothing SELinux related works w/o the fs mounted
+ do_mount_fs selinuxfs /sys/fs/selinux
+
+ # Labeling requires the policy to be loaded
+ log_info "Loading SELinux policy"
+ /usr/sbin/load_policy
+
+ /usr/bin/selinux-autorelabel.sh
+
+ # Will get remounted by systemd startup, unmount to keep that behavior
+ # more like the non-netboot case.
+ umount /sys/fs/selinux
+fi
+
+# unmount tmp and run to let systemd remount them
log_info "Unmounting /tmp and /run"
umount /tmp
umount /run
diff --git a/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb b/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
index f519694ed..dd61a1ea8 100644
--- a/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
+++ b/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
@@ -5,17 +5,17 @@ SRC_URI = "file://init.sh"
S = "${WORKDIR}"
-RDEPENDS_${PN} += "nbd-client"
+RDEPENDS:${PN} += "nbd-client"
do_install() {
- install -dm 0755 ${D}/etc
- touch ${D}/etc/initrd-release
+ install -dm 0755 ${D}${sysconfdir}
+ touch ${D}${sysconfdir}/initrd-release
install -dm 0755 ${D}/dev
- install -dm 0755 ${D}/sbin
- install -m 0755 ${WORKDIR}/init.sh ${D}/sbin/init
+ install -dm 0755 ${D}${sbindir}
+ install -m 0755 ${WORKDIR}/init.sh ${D}${sbindir}/init
}
inherit allarch
-FILES_${PN} += " /dev /etc/initrd-release /sbin/init "
+FILES:${PN} += " /dev ${sysconfdir}/initrd-release ${sbindir}/init "
diff --git a/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service
new file mode 100644
index 000000000..5d9216cc2
--- /dev/null
+++ b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=SELinux resolv.conf relabeling
+DefaultDependencies=no
+ConditionKernelCommandLine=ip
+ConditionKernelCommandLine=nbd.server
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/restorecon -Fi /etc/resolv.conf
+
+[Install]
+WantedBy=sysinit.target
diff --git a/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb
new file mode 100644
index 000000000..36d096b44
--- /dev/null
+++ b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb
@@ -0,0 +1,21 @@
+SUMMARY = "System unit to relabel resolve.conf"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://resolv-conf-relabel.service"
+
+inherit systemd allarch features_check
+
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
+
+REQUIRED_DISTRO_FEATURES = "systemd"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/resolv-conf-relabel.service ${D}${systemd_system_unitdir}/
+}
+
+FILES:${PN} += "${systemd_system_unitdir}"