Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filesystem-deploy action should handle creation of read-only/verity-protected filesystems #492

Open
obbardc opened this issue Mar 22, 2024 · 1 comment

Comments

@obbardc
Copy link
Member

obbardc commented Mar 22, 2024

Regular read-write filesystems (e.g. ext4, vfat) are created early with the image-partition action (using mkfs tools) and mounted inside the fakemachine container. The filesystem-deploy action may simply copy the files into the mounted tree and everything works fine.

For read-only filesystems (e.g. squashfs, EROFS) however, this is not the case. The files are generally built up in a temporary directory, then turned into an image using the squashfs tool (e.g. mksquashfs <dir> out.squashfs).

So for these kinds of RO filesystems, we need to:

  1. carve out space for the image in the image-partition action (by simply skipping over RO partitions, or by requireing filesystem: none).
  2. when the filesystem-deploy action is called, build up each RO partition image using the correct tooling.
  3. flash the RO partitions to the image file.
  4. mount the RO partitions as per the image-partition action configuration (as read-only) for the remainder of the run.

We also need to be careful with filesystem hierarchy (e.g. nested images).

@obbardc
Copy link
Member Author

obbardc commented May 1, 2024

The same syntax could be used to create ext2,3,4 read-only images, as well as partitions which have verity hash-tree appended to them.

@obbardc obbardc changed the title filesystem-deploy action should handle creation of read-only filesystems filesystem-deploy action should handle creation of read-only/verity-protected filesystems May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant