diff options
Diffstat (limited to 'meta-netboot')
7 files changed, 69 insertions, 52 deletions
diff --git a/meta-netboot/conf/include/agl-netboot.inc b/meta-netboot/conf/include/agl-netboot.inc index 555629537..2c1307e81 100644 --- a/meta-netboot/conf/include/agl-netboot.inc +++ b/meta-netboot/conf/include/agl-netboot.inc @@ -1,3 +1,6 @@ INHERIT += "netboot" -IMAGE_INSTALL:append:netboot = " curl" +IMAGE_INSTALL:append:netboot = " \ + curl \ + ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'resolv-conf-relabel policycoreutils-loadpolicy', '', d)} \ +" diff --git a/meta-netboot/conf/layer.conf b/meta-netboot/conf/layer.conf index ddf63c4a2..a41406cbb 100644 --- a/meta-netboot/conf/layer.conf +++ b/meta-netboot/conf/layer.conf @@ -9,5 +9,5 @@ BBFILE_COLLECTIONS += "meta-netboot" BBFILE_PATTERN_meta-netboot = "^${LAYERDIR}/" BBFILE_PRIORITY_meta-netboot = "60" -LAYERSERIES_COMPAT_meta-netboot = "kirkstone" +LAYERSERIES_COMPAT_meta-netboot = "scarthgap" LAYERDEPENDS_meta-netboot = "core networking-layer" diff --git a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh index 92927df47..87a1acb80 100644 --- a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh +++ b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh @@ -154,6 +154,22 @@ fi rm -f /etc/resolv.conf grep -v bootserver /proc/net/pnp | sed 's/^domain/search/g' >/etc/resolv.conf +# Do SELinux relabeling if required, to avoid a reboot that would complicate CI +if [ -f /.autorelabel ]; then + # Nothing SELinux related works w/o the fs mounted + do_mount_fs selinuxfs /sys/fs/selinux + + # Labeling requires the policy to be loaded + log_info "Loading SELinux policy" + /usr/sbin/load_policy + + /usr/bin/selinux-autorelabel.sh + + # Will get remounted by systemd startup, unmount to keep that behavior + # more like the non-netboot case. + umount /sys/fs/selinux +fi + # unmount tmp and run to let systemd remount them log_info "Unmounting /tmp and /run" umount /tmp diff --git a/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service new file mode 100644 index 000000000..5d9216cc2 --- /dev/null +++ b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service @@ -0,0 +1,14 @@ +[Unit] +Description=SELinux resolv.conf relabeling +DefaultDependencies=no +ConditionKernelCommandLine=ip +ConditionKernelCommandLine=nbd.server +After=local-fs.target +Before=sysinit.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/restorecon -Fi /etc/resolv.conf + +[Install] +WantedBy=sysinit.target diff --git a/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb new file mode 100644 index 000000000..36d096b44 --- /dev/null +++ b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb @@ -0,0 +1,21 @@ +SUMMARY = "System unit to relabel resolve.conf" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "file://resolv-conf-relabel.service" + +inherit systemd allarch features_check + +SYSTEMD_SERVICE:${PN} = "${BPN}.service" + +REQUIRED_DISTRO_FEATURES = "systemd" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/resolv-conf-relabel.service ${D}${systemd_system_unitdir}/ +} + +FILES:${PN} += "${systemd_system_unitdir}" diff --git a/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh b/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh deleted file mode 100755 index 4e814f51f..000000000 --- a/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -#set -x - -SCRIPTPATH="$( cd $(dirname $0) >/dev/null 2>&1 ; pwd -P )" -echo $SCRIPTPATH -AGLROOT="$SCRIPTPATH/../../.." -POKYDIR="$AGLROOT/external/poky" -TMPROOT=`mktemp -d` - -rm -rf ${TMPROOT}/testbuild-ycl || true -mkdir -p ${TMPROOT}/testbuild-ycl -cd ${TMPROOT}/testbuild-ycl - -source $POKYDIR/oe-init-build-env . - -cat << EOF >> conf/local.conf -# just define defaults -AGL_FEATURES ?= "" -AGL_EXTRA_IMAGE_FSTYPES ?= "" - -# important settings imported from poky-agl.conf -# we do not import -DISTRO_FEATURES:append = " systemd" -DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit" -VIRTUAL-RUNTIME_init_manager = "systemd" - -NETBOOT_ENABLED = "1" -NETBOOT_FSTYPES ??= "ext4.gz" - -EOF - - -yocto-check-layer \ - --dependency \ - $AGLROOT/external/meta-openembedded/meta-oe \ - $AGLROOT/external/meta-openembedded/meta-python \ - $AGLROOT/external/meta-openembedded/meta-networking \ - -- \ - $AGLROOT/meta-agl/meta-netboot/ - - -[ $? = 0 ] && rm -rf ${TMPROOT}/testbuild-ycl diff --git a/meta-netboot/scripts/run-yocto-check-layer.sh b/meta-netboot/scripts/run-yocto-check-layer.sh index b36788a99..979c76838 100755 --- a/meta-netboot/scripts/run-yocto-check-layer.sh +++ b/meta-netboot/scripts/run-yocto-check-layer.sh @@ -19,21 +19,26 @@ AGL_FEATURES ?= "" AGL_EXTRA_IMAGE_FSTYPES ?= "" # important settings imported from poky-agl.conf -# we do not import -DISTRO_FEATURES:append = " systemd" +# we cannot import the distro config right away +# as the initial values are poky only till the layer +# is added in + +AGL_DEFAULT_DISTRO_FEATURES = "usrmerge largefile opengl wayland pam bluetooth bluez5 3g polkit" +DISTRO_FEATURES:append = " systemd wayland pam \${AGL_DEFAULT_DISTRO_FEATURES}" DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit" VIRTUAL-RUNTIME_init_manager = "systemd" EOF - -yocto-check-layer \ +yocto-check-layer --no-auto-dependency \ --dependency \ - $AGLROOT/external/meta-openembedded/meta-oe \ - $AGLROOT/external/meta-openembedded/meta-python \ - $AGLROOT/external/meta-openembedded/meta-networking \ + $AGLROOT/external/meta-openembedded/meta-oe \ + $AGLROOT/external/meta-openembedded/meta-python \ + $AGLROOT/external/meta-openembedded/meta-networking \ -- \ - $AGLROOT/meta-agl/meta-netboot/ + $AGLROOT/meta-agl/meta-netboot [ $? = 0 ] && rm -rf ${TMPROOT}/testbuild-ycl + +exit 0 |