From bd835a469864b24eba909eeae726443aeaa337b3 Mon Sep 17 00:00:00 2001
From: Caleb <yocalebo@gmail.com>
Date: Thu, 19 Dec 2024 12:23:58 -0500
Subject: [PATCH 1/2] add force_rw option to ReadonlyRootfsManager

---
 src/middlewared/middlewared/utils/rootfs.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/middlewared/middlewared/utils/rootfs.py b/src/middlewared/middlewared/utils/rootfs.py
index 258bfd9a2fbca..c1620d95570e3 100644
--- a/src/middlewared/middlewared/utils/rootfs.py
+++ b/src/middlewared/middlewared/utils/rootfs.py
@@ -32,12 +32,13 @@ def readonly_source(self):
 
 
 class ReadonlyRootfsManager:
-    def __init__(self, root="/"):
+    def __init__(self, root="/", force_rw=False):
         self.root = root
 
         self.initialized = False
         self.datasets: dict[str, Dataset] = {}
         self.use_functioning_dpkg_sysext = False
+        self.force_rw = force_rw
 
     def __enter__(self):
         return self
@@ -76,8 +77,7 @@ def _initialize(self):
             ("usr", usr_ds),
         ]:
             mountpoint = os.path.realpath("/".join(filter(None, (self.root, dataset))))
-
-            if mountpoint == "/usr":
+            if mountpoint == "/usr" and not self.force_rw:
                 # We make `/usr` writeable only to be able to temporary enable `dpkg` (`update-initramfs` needs it).
                 # If we are on live system, it's better to use `systemd-sysext`
                 self.use_functioning_dpkg_sysext = True

From 09f18082c6613002b2b8ecc8503872f58360bd0e Mon Sep 17 00:00:00 2001
From: Caleb <yocalebo@gmail.com>
Date: Fri, 20 Dec 2024 07:07:25 -0500
Subject: [PATCH 2/2] address review

---
 src/middlewared/middlewared/utils/rootfs.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/middlewared/middlewared/utils/rootfs.py b/src/middlewared/middlewared/utils/rootfs.py
index c1620d95570e3..13888d6ef91a9 100644
--- a/src/middlewared/middlewared/utils/rootfs.py
+++ b/src/middlewared/middlewared/utils/rootfs.py
@@ -32,20 +32,18 @@ def readonly_source(self):
 
 
 class ReadonlyRootfsManager:
-    def __init__(self, root="/", force_rw=False):
+    def __init__(self, root="/", force_usr_rw=False):
         self.root = root
-
         self.initialized = False
         self.datasets: dict[str, Dataset] = {}
         self.use_functioning_dpkg_sysext = False
-        self.force_rw = force_rw
+        self.force_usr_rw = force_usr_rw
 
     def __enter__(self):
         return self
 
     def make_writeable(self):
         self._initialize()
-
         self._set_state({
             name: False
             for name, dataset in self.datasets.items()
@@ -77,9 +75,16 @@ def _initialize(self):
             ("usr", usr_ds),
         ]:
             mountpoint = os.path.realpath("/".join(filter(None, (self.root, dataset))))
-            if mountpoint == "/usr" and not self.force_rw:
-                # We make `/usr` writeable only to be able to temporary enable `dpkg` (`update-initramfs` needs it).
-                # If we are on live system, it's better to use `systemd-sysext`
+            if mountpoint == "/usr" and not self.force_usr_rw:
+                # 1. We make `/usr` writeable only to be able to
+                #   temporary enable `dpkg` (`update-initramfs` needs it).
+                # 2. OR someone is using this context manager with `force_usr_rw`
+                #   set to True. This is needed, for example, when support team
+                #   flashes a Chelsio NIC to a different mode. Chelsio's provided
+                #   script needs write access to firmware files located in /lib.
+                #
+                # Otherwise, if we are on live system, it's better
+                # to use `systemd-sysext`
                 self.use_functioning_dpkg_sysext = True
                 continue