rpm2img, release: create /local filesystem at runtime

Before this change, we created the /local filesystem on the data partition at image build time. With this change, we create the /local ext4 filesystem on BOTTLEROCKET-DATA at runtime. This helps align the initial filesystem parameters with derived defaults from the running host. The impact to boot time seems to be negligible.
bottlerocket-os · Feb 16, 2023 · d60f6d5 · d60f6d5
1 parent 9904fe9
commit d60f6d5
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 28 deletions.
diff --git a/packages/release/local.mount b/packages/release/local.mount
@@ -2,6 +2,8 @@
 Description=Local Directory (/local)
 DefaultDependencies=no
 Conflicts=umount.target
+After=prepare-local-fs.service
+Requires=prepare-local-fs.service
 Before=local-fs.target umount.target
 
 [Mount]

diff --git a/packages/release/prepare-local-fs.service b/packages/release/prepare-local-fs.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Prepare Local Filesystem (/local)
+DefaultDependencies=no
+Wants=dev-disk-by\x2dpartlabel-BOTTLEROCKET\x2dDATA.device
+After=dev-disk-by\x2dpartlabel-BOTTLEROCKET\x2dDATA.device
+RefuseManualStart=true
+RefuseManualStop=true
+
+[Service]
+Type=oneshot
+
+# Create the filesystem on the partition, if it doesn't exist.
+ExecStart=/usr/lib/systemd/systemd-makefs ext4 /dev/disk/by-partlabel/BOTTLEROCKET-DATA
+
+RemainAfterExit=true
+StandardError=journal+console
+
+# systemd-repart returns 77 if there's no existing GPT partition table
+SuccessExitStatus=77
+
+[Install]
+WantedBy=local-fs.target
diff --git a/packages/release/release.spec b/packages/release/release.spec
@@ -60,6 +60,7 @@ Source1046: mask-local-var.service
 Source1047: label-data-alternative.service
 Source1048: label-data-preferred.service
 Source1049: finalize-data-part.service
+Source1050: prepare-local-fs.service
 
 # Services for kdump support
 Source1060: capture-kernel-dump.service
@@ -141,8 +142,8 @@ install -p -m 0644 \
   %{S:1001} %{S:1002} %{S:1003} %{S:1004} %{S:1005} %{S:1006} %{S:1007} \
   %{S:1008} %{S:1009} %{S:1010} %{S:1011} %{S:1012} %{S:1013} %{S:1015} \
   %{S:1040} %{S:1041} %{S:1042} %{S:1043} %{S:1044} %{S:1045} %{S:1046} \
-  %{S:1047} %{S:1048} %{S:1049} %{S:1060} %{S:1061} %{S:1062} %{S:1080} \
-  %{S:1014} \
+  %{S:1047} %{S:1048} %{S:1049} %{S:1050} %{S:1060} %{S:1061} %{S:1062} \
+  %{S:1080} %{S:1014} \
   %{buildroot}%{_cross_unitdir}
 
 install -d %{buildroot}%{_cross_unitdir}/systemd-tmpfiles-setup.service.d
@@ -205,6 +206,7 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 %{_cross_unitdir}/prepare-opt.service
 %{_cross_unitdir}/prepare-var.service
 %{_cross_unitdir}/repart-local.service
+%{_cross_unitdir}/prepare-local-fs.service
 %{_cross_unitdir}/var.mount
 %{_cross_unitdir}/opt.mount
 %{_cross_unitdir}/mnt.mount

diff --git a/packages/release/repart-local.service b/packages/release/repart-local.service
@@ -22,8 +22,5 @@ ExecStart=/usr/lib/systemd/systemd-growfs /local
 RemainAfterExit=true
 StandardError=journal+console
 
-# systemd-repart returns 77 if there's no existing GPT partition table
-SuccessExitStatus=77
-
 [Install]
 WantedBy=local-fs.target
diff --git a/tools/rpm2img b/tools/rpm2img
@@ -393,29 +393,7 @@ mkfs.ext4 -b 4096 -i 4096 -I 256 -d "${PRIVATE_MOUNT}" "${PRIVATE_IMAGE}" "${par
 dd if="${PRIVATE_IMAGE}" of="${OS_IMAGE}" conv=notrunc bs=1M seek="${partoff[PRIVATE]}"
 
 # BOTTLEROCKET-DATA-A and BOTTLEROCKET-DATA-B
-
-# If we build on a host with SELinux enabled, we could end up with labels that
-# do not match our policy. Since we allow replacing the data volume at runtime,
-# we can't count on these labels being correct in any case, and it's better to
-# remove them all.
-UNLABELED=$(find "${DATA_MOUNT}" \
-    | awk -v root="${DATA_MOUNT}" '{gsub(root"/","/"); gsub(root,"/"); print "ea_rm", $1, "security.selinux"}')
-mkfs.ext4 -d "${DATA_MOUNT}" "${BOTTLEROCKET_DATA_A}" "${partsize[DATA-A]}M"
-echo "${UNLABELED}" | debugfs -w -f - "${BOTTLEROCKET_DATA_A}"
-
-case "${PARTITION_PLAN}" in
-  split)
-    # Only append the DATA-B fallback data partition in "split" image layout configurations
-    mkfs.ext4 -d "${DATA_MOUNT}" "${BOTTLEROCKET_DATA_B}" "${partsize[DATA-B]}M"
-    echo "${UNLABELED}" | debugfs -w -f - "${BOTTLEROCKET_DATA_B}"
-    dd if="${BOTTLEROCKET_DATA_B}" of="${OS_IMAGE}" conv=notrunc bs=1M seek="${partoff[DATA-B]}"
-
-    dd if="${BOTTLEROCKET_DATA_A}" of="${DATA_IMAGE}" conv=notrunc bs=1M seek="${partoff[DATA-A]}"
-    ;;
-  unified)
-    dd if="${BOTTLEROCKET_DATA_A}" of="${OS_IMAGE}" conv=notrunc bs=1M seek="${partoff[DATA-A]}"
-    ;;
-esac
+# We're creating the filesystem on the data partition at runtime.
 
 sgdisk -v "${OS_IMAGE}"
 [ -s "${DATA_IMAGE}" ] && sgdisk -v "${DATA_IMAGE}"