release,os: ensure data partition label/resize services only run once

This adds additional safeguards to prevent a different data partition from being labeled and resized if the host has ever booted successfully in the past with an original data partition.
bottlerocket-os · Mar 8, 2023 · 1ccd37c · 1ccd37c
1 parent b13cab0
commit 1ccd37c
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/packages/os/has-boot-ever-succeeded.service b/packages/os/has-boot-ever-succeeded.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Checks and marks if boot has ever succeeded before
+DefaultDependencies=no
+Before=label-data-alternative.service label-data-preferred.service
+RequiresMountsFor=/etc
+
+[Service]
+Type=oneshot
+# Check if boot has ever succeeded before
+ExecStart=/bin/signpost has-boot-ever-succeeded
+RemainAfterExit=true
+# If boot has succeeded before, the marker file will be non-zero-sized
+StandardOutput=file:/etc/has-boot-ever-succeeded
+
+[Install]
+WantedBy=local-fs.target
diff --git a/packages/os/os.spec b/packages/os/os.spec
@@ -47,6 +47,7 @@ Source118: generate-network-config.service
 Source119: reboot-if-required.service
 Source120: warm-pool-wait.service
 Source121: disable-udp-offload.service
+Source122: has-boot-ever-succeeded.service
 
 # 2xx sources: tmpfilesd configs
 Source200: migration-tmpfiles.conf
@@ -411,7 +412,7 @@ install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 \
   %{S:100} %{S:101} %{S:102} %{S:103} %{S:105} \
   %{S:106} %{S:107} %{S:110} %{S:111} %{S:112} \
-  %{S:113} %{S:114} %{S:118} %{S:119} \
+  %{S:113} %{S:114} %{S:118} %{S:119} %{S:122} \
   %{buildroot}%{_cross_unitdir}
 
 %if %{with nvidia_flavor}
@@ -526,6 +527,7 @@ install -p -m 0644 %{S:121} %{buildroot}%{_cross_unitdir}
 %files -n %{_cross_os}signpost
 %{_cross_bindir}/signpost
 %{_cross_unitdir}/mark-successful-boot.service
+%{_cross_unitdir}/has-boot-ever-succeeded.service
 
 %files -n %{_cross_os}updog
 %{_cross_bindir}/updog

diff --git a/packages/release/label-data-a.service b/packages/release/label-data-a.service
@@ -4,6 +4,8 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 # Only run this if a partition labeled 'BOTTLEROCKET-DATA' does not exist already.
 ConditionPathIsSymbolicLink=!/dev/disk/by-partlabel/BOTTLEROCKET-DATA
+# Only run if this boot has never succeeded before
+ConditionFileNotEmpty=!/etc/has-boot-ever-succeeded
 # This is the partition GUID for the DATA-A partition.
 Wants=dev-disk-by\x2dpartuuid-5b94e8df\x2d28b8\x2d485c\x2d9d19\x2d362263b5944c.device
 After=dev-disk-by\x2dpartuuid-5b94e8df\x2d28b8\x2d485c\x2d9d19\x2d362263b5944c.device

diff --git a/packages/release/label-data-b.service b/packages/release/label-data-b.service
@@ -4,7 +4,9 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 # Only run this if a partition labeled 'BOTTLEROCKET-DATA' does not exist already.
 ConditionPathIsSymbolicLink=!/dev/disk/by-partlabel/BOTTLEROCKET-DATA
-# This is the partition GUID for the fallback data partition.
+# Only run if this boot has never succeeded before
+ConditionFileNotEmpty=!/etc/has-boot-ever-succeeded
+# This is the partition GUID for DATA-B data partition.
 Wants=dev-disk-by\x2dpartuuid-69040874\x2d417d\x2d4e26\x2da764\x2d7885f22007ea.device
 After=dev-disk-by\x2dpartuuid-69040874\x2d417d\x2d4e26\x2da764\x2d7885f22007ea.device