Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Install full OSTree into the initramfs #106

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jdiez17
Copy link
Contributor

@jdiez17 jdiez17 commented Aug 7, 2024

Hi, I'm opening this PR mostly just to start a discussion about how ostree-prepare-root should be used.

I spent some time integrating meta-updater into my Yocto build and I ran into an issue where ostree-prepare-root (as called from the init.sh script of the initrd) would throw an assert failure on this line: https://github.com/ostreedev/ostree/blob/main/src/switchroot/ostree-prepare-root-static.c#L166. It expects to be running as PID 1, which is not the case as the init.sh is our PID 1.

The top-level comment of ostree-prepare-static says:

[...]
 * This -static.c variant of ostree-prepare-root is designed for
 * the case where an initrd isn't used - instead the binary must be statically linked (and the
 * kernel must have mounted the rootfs itself) - then we set things up and exec the real init
 * directly.  
[...]

Since it seems that using an initrd is the intended way of using meta-updater, I added this to ostree_%.bbappend in my layer:

PACKAGECONFIG:remove = "static"

And I also changed initramfs-ostree-image.bb to install the full ostree (including shared libraries) into the initramfs.

This results in a change in size of the initramfs from 2MB to 10MB. I think it's possible to reduce it further by removing other PACKAGECONFIG options (like curl) for the ostree package intended for the initramfs. I haven't looked further into this yet.

@ricardosalveti
Copy link
Collaborator

I think it is indeed the correct approach to move away from the static build, as it is not really that well supported upstream and incorrectly used on newer ostree revisions (as we do use the initrd script).

But I think we can probably just bring prepare-root + libostree and not the entire package (need to compare the size differences). Having a different package for the initrd (with a custom pkgconfig) is possible, but it will require a bit more work as you will probably have to duplicate the recipe in a way.

@jdiez17
Copy link
Contributor Author

jdiez17 commented Aug 13, 2024

I think it is indeed the correct approach to move away from the static build, as it is not really that well supported upstream

I'm not sure if this is the case. I think most upstream users (i.e. Fedora Silverblue) have ostree-prepare-root as PID1 which then goes and calls systemd. I don't think they use an initramfs. But I could be totally wrong, I haven't checked this.

We could think whether it makes sense for meta-updater to migrate to the approach of having ostree-prepare-root-static as PID1 or continue with the initramfs approach.

Pros of initramfs:

  • easier to support secure boot?
  • can also add other stuff like resize-fs-on-first-boot to the initramfs

Cons:

  • unusual configuration compared to main users of ostree?

In general I am curious to know how people are using meta-updater "in the wild".

But I think we can probably just bring prepare-root + libostree and not the entire package (need to compare the size differences). Having a different package for the initrd (with a custom pkgconfig) is possible, but it will require a bit more work as you will probably have to duplicate the recipe in a way.

Agreed. I haven't looked further into this yet because I have a working setup with the full-fat ostree in the initramfs, but I may try to improve this later.

@jdiez17
Copy link
Contributor Author

jdiez17 commented Aug 14, 2024

I spent some time reading the ostree documentation and indeed the standard approach is to use an initramfs.

@ricardosalveti
Copy link
Collaborator

I'm not sure if this is the case. I think most upstream users (i.e. Fedora Silverblue) have ostree-prepare-root as PID1 which then goes and calls systemd. I don't think they use an initramfs. But I could be totally wrong, I haven't checked this.

On fedora (and a few other distros) the initrd is actually a lot more complex than what we have in OE, some even bringing systemd as part of the initrd itself.

@ricardosalveti
Copy link
Collaborator

In general I am curious to know how people are using meta-updater "in the wild".

In our case we're using the initrd framework as well, so we will have the same issue as described here once we migrate to a newer ostree version (or scarthgap)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants