9 files changed, 87 insertions, 57 deletions

diff --git a/meta-netboot/README b/meta-netboot/README
index 4918276ba..a30238b9d 100644
--- a/meta-netboot/README
+++ b/meta-netboot/README
@@ -3,6 +3,19 @@ meta-netboot
 
 This layer contains some recipes and configuration adjustments to allow network boot through NBD (network block device).
 
+Maintenance
+-----------
+
+All patches must be submitted via the AGL Gerrit instance at
+https://gerrit.automotivelinux.org.  See this wiki page for
+details:
+
+https://wiki.automotivelinux.org/agl-distro/contributing
+
+Layer maintainers:
+    Jan-Simon Möller <jsmoeller@linuxfoundation.org>
+
+
 Content and usage
 -----------------
 
diff --git a/meta-netboot/conf/include/agl-netboot.inc b/meta-netboot/conf/include/agl-netboot.inc
index 555629537..2c1307e81 100644
--- a/meta-netboot/conf/include/agl-netboot.inc
+++ b/meta-netboot/conf/include/agl-netboot.inc
@@ -1,3 +1,6 @@
 INHERIT += "netboot"
 
-IMAGE_INSTALL:append:netboot = " curl"
+IMAGE_INSTALL:append:netboot = " \
+    curl \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'resolv-conf-relabel policycoreutils-loadpolicy', '', d)} \
+"
diff --git a/meta-netboot/conf/layer.conf b/meta-netboot/conf/layer.conf
index 2af752805..a41406cbb 100644
--- a/meta-netboot/conf/layer.conf
+++ b/meta-netboot/conf/layer.conf
@@ -9,5 +9,5 @@ BBFILE_COLLECTIONS += "meta-netboot"
 BBFILE_PATTERN_meta-netboot = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-netboot = "60"
 
-LAYERSERIES_COMPAT_meta-netboot = "dunfell"
+LAYERSERIES_COMPAT_meta-netboot = "scarthgap"
 LAYERDEPENDS_meta-netboot = "core networking-layer"
diff --git a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
index 92927df47..87a1acb80 100644
--- a/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
+++ b/meta-netboot/recipes-core/initramfs-netboot/files/init.sh
@@ -154,6 +154,22 @@ fi
 rm -f /etc/resolv.conf
 grep -v bootserver /proc/net/pnp | sed 's/^domain/search/g' >/etc/resolv.conf
 
+# Do SELinux relabeling if required, to avoid a reboot that would complicate CI
+if [ -f /.autorelabel ]; then
+	# Nothing SELinux related works w/o the fs mounted
+	do_mount_fs selinuxfs /sys/fs/selinux
+
+	# Labeling requires the policy to be loaded
+        log_info "Loading SELinux policy"
+	/usr/sbin/load_policy
+
+	/usr/bin/selinux-autorelabel.sh
+
+	# Will get remounted by systemd startup, unmount to keep that behavior
+	# more like the non-netboot case.
+        umount /sys/fs/selinux
+fi
+
 # unmount tmp and run to let systemd remount them
 log_info "Unmounting /tmp and /run"
 umount /tmp
diff --git a/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb b/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
index 264b21492..dd61a1ea8 100644
--- a/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
+++ b/meta-netboot/recipes-core/initramfs-netboot/initramfs-netboot_1.0.bb
@@ -8,14 +8,14 @@ S = "${WORKDIR}"
 RDEPENDS:${PN} += "nbd-client"
 
 do_install() {
-	install -dm 0755 ${D}/etc
-	touch ${D}/etc/initrd-release
+	install -dm 0755 ${D}${sysconfdir}
+	touch ${D}${sysconfdir}/initrd-release
 	install -dm 0755 ${D}/dev
-	install -dm 0755 ${D}/sbin
-	install -m 0755 ${WORKDIR}/init.sh ${D}/sbin/init
+	install -dm 0755 ${D}${sbindir}
+	install -m 0755 ${WORKDIR}/init.sh ${D}${sbindir}/init
 }
 
 inherit allarch
 
-FILES:${PN} += " /dev /etc/initrd-release /sbin/init "
+FILES:${PN} += " /dev ${sysconfdir}/initrd-release ${sbindir}/init "
 
diff --git a/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service
new file mode 100644
index 000000000..5d9216cc2
--- /dev/null
+++ b/meta-netboot/recipes-core/systemd/files/resolv-conf-relabel.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=SELinux resolv.conf relabeling
+DefaultDependencies=no
+ConditionKernelCommandLine=ip
+ConditionKernelCommandLine=nbd.server
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/restorecon -Fi /etc/resolv.conf
+
+[Install]
+WantedBy=sysinit.target
diff --git a/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb
new file mode 100644
index 000000000..36d096b44
--- /dev/null
+++ b/meta-netboot/recipes-core/systemd/resolv-conf-relabel.bb
@@ -0,0 +1,21 @@
+SUMMARY     = "System unit to relabel resolve.conf"
+LICENSE     = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://resolv-conf-relabel.service"
+
+inherit systemd allarch features_check
+
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
+
+REQUIRED_DISTRO_FEATURES = "systemd"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+    install -d ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/resolv-conf-relabel.service ${D}${systemd_system_unitdir}/
+}
+
+FILES:${PN} += "${systemd_system_unitdir}"
diff --git a/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh b/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh
deleted file mode 100755
index 4e814f51f..000000000
--- a/meta-netboot/scripts/run-yocto-check-layer-flags-enabled.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-#set -x
-
-SCRIPTPATH="$( cd $(dirname $0) >/dev/null 2>&1 ; pwd -P )"
-echo $SCRIPTPATH
-AGLROOT="$SCRIPTPATH/../../.."
-POKYDIR="$AGLROOT/external/poky"
-TMPROOT=`mktemp -d`
-
-rm -rf ${TMPROOT}/testbuild-ycl || true
-mkdir -p ${TMPROOT}/testbuild-ycl
-cd ${TMPROOT}/testbuild-ycl
-
-source $POKYDIR/oe-init-build-env .
-
-cat << EOF >> conf/local.conf
-# just define defaults
-AGL_FEATURES ?= ""
-AGL_EXTRA_IMAGE_FSTYPES ?= ""
-
-# important settings imported from poky-agl.conf
-# we do not import 
-DISTRO_FEATURES:append = " systemd"
-DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit"
-VIRTUAL-RUNTIME_init_manager = "systemd"
-
-NETBOOT_ENABLED = "1"
-NETBOOT_FSTYPES ??= "ext4.gz"
-
-EOF
-
-
-yocto-check-layer \
-	--dependency \
-	    $AGLROOT/external/meta-openembedded/meta-oe \
-	    $AGLROOT/external/meta-openembedded/meta-python \
-	    $AGLROOT/external/meta-openembedded/meta-networking \
-	-- \
-	$AGLROOT/meta-agl/meta-netboot/
-
-
-[ $? = 0 ] && rm -rf ${TMPROOT}/testbuild-ycl
diff --git a/meta-netboot/scripts/run-yocto-check-layer.sh b/meta-netboot/scripts/run-yocto-check-layer.sh
index b36788a99..979c76838 100755
--- a/meta-netboot/scripts/run-yocto-check-layer.sh
+++ b/meta-netboot/scripts/run-yocto-check-layer.sh
@@ -19,21 +19,26 @@ AGL_FEATURES ?= ""
 AGL_EXTRA_IMAGE_FSTYPES ?= ""
 
 # important settings imported from poky-agl.conf
-# we do not import 
-DISTRO_FEATURES:append = " systemd"
+# we cannot import the distro config right away
+# as the initial values are poky only till the layer
+# is added in
+
+AGL_DEFAULT_DISTRO_FEATURES = "usrmerge largefile opengl wayland pam bluetooth bluez5 3g polkit"
+DISTRO_FEATURES:append = " systemd wayland pam \${AGL_DEFAULT_DISTRO_FEATURES}"
 DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit"
 VIRTUAL-RUNTIME_init_manager = "systemd"
 
 EOF
 
-
-yocto-check-layer \
+yocto-check-layer --no-auto-dependency \
 	--dependency \
-	    $AGLROOT/external/meta-openembedded/meta-oe \
-	    $AGLROOT/external/meta-openembedded/meta-python \
-	    $AGLROOT/external/meta-openembedded/meta-networking \
+	$AGLROOT/external/meta-openembedded/meta-oe \
+	$AGLROOT/external/meta-openembedded/meta-python \
+	$AGLROOT/external/meta-openembedded/meta-networking \
 	-- \
-	$AGLROOT/meta-agl/meta-netboot/
+	$AGLROOT/meta-agl/meta-netboot
 
 
 [ $? = 0 ] && rm -rf ${TMPROOT}/testbuild-ycl
+
+exit 0