|
 |
1e7cac |
#!/bin/bash
|
|
|
1e7cac |
# Update an existing system to use a read only sysroot
|
|
|
1e7cac |
# and https://bugzilla.redhat.com/show_bug.cgi?id=2060976
|
|
|
1e7cac |
|
|
|
1e7cac |
set -euo pipefail
|
|
|
1e7cac |
|
|
|
1e7cac |
main() {
|
|
|
1e7cac |
# Used to condition execution of this unit at the systemd level
|
|
|
1e7cac |
local -r stamp_file="/var/lib/.ostree-readonly-sysroot"
|
|
|
1e7cac |
|
|
|
1e7cac |
if [[ -f "${stamp_file}" ]]; then
|
|
|
1e7cac |
exit 0
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
|
|
|
1e7cac |
local -r ostree_sysroot_readonly="$(ostree config --repo=/sysroot/ostree/repo get "sysroot.readonly" &> /dev/null || echo "false")"
|
|
|
1e7cac |
if [[ "${ostree_sysroot_readonly}" == "true" ]]; then
|
|
|
1e7cac |
# Nothing to do
|
|
|
1e7cac |
touch "${stamp_file}"
|
|
|
1e7cac |
exit 0
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
|
|
|
1e7cac |
local -r boot_entries="$(ls -A /boot/loader/entries/ | wc -l)"
|
|
|
1e7cac |
|
|
|
1e7cac |
# Ensure that we can read BLS entries to avoid touching systems where /boot
|
|
|
1e7cac |
# is not mounted
|
|
|
1e7cac |
if [[ "${boot_entries}" -eq 0 ]]; then
|
|
|
1e7cac |
echo "No BLS entry found: Maybe /boot is not mounted?" 1>&2
|
|
|
1e7cac |
echo "This is unexpected thus no migration will be performed" 1>&2
|
|
|
1e7cac |
touch "${stamp_file}"
|
|
|
1e7cac |
exit 0
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
|
|
|
1e7cac |
# Check if any existing deployment is still missing the rw karg
|
|
|
1e7cac |
local rw_kargs_found=0
|
|
|
1e7cac |
local count=0
|
|
|
1e7cac |
for f in "/boot/loader/entries/"*; do
|
|
|
1e7cac |
count="$(grep -c "^options .* rw" "${f}" || true)"
|
|
|
1e7cac |
if [[ "${count}" -ge 1 ]]; then
|
|
|
1e7cac |
rw_kargs_found=$((rw_kargs_found + 1))
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
done
|
|
|
1e7cac |
|
|
|
1e7cac |
# Some deployments are still missing the rw karg. Let's try to update them
|
|
|
1e7cac |
if [[ "${boot_entries}" -ne "${rw_kargs_found}" ]]; then
|
|
|
1e7cac |
ostree admin kargs edit-in-place --append-if-missing=rw || \
|
|
|
1e7cac |
echo "Failed to edit kargs in place with ostree" 1>&2
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
|
|
|
1e7cac |
# Re-check if any existing deployment is still missing the rw karg
|
|
|
1e7cac |
rw_kargs_found=0
|
|
|
1e7cac |
count=0
|
|
|
1e7cac |
for f in "/boot/loader/entries/"*; do
|
|
|
1e7cac |
count="$(grep -c "^options .* rw" "${f}" || true)"
|
|
|
1e7cac |
if [[ "${count}" -ge 1 ]]; then
|
|
|
1e7cac |
rw_kargs_found=$((rw_kargs_found + 1))
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
done
|
|
|
1e7cac |
unset count
|
|
|
1e7cac |
|
|
|
1e7cac |
# If all deployments are good, then we can set the sysroot.readonly option
|
|
|
1e7cac |
# in the ostree repo config
|
|
|
1e7cac |
if [[ "${boot_entries}" -eq "${rw_kargs_found}" ]]; then
|
|
|
1e7cac |
echo "Setting up the sysroot.readonly option in the ostree repo config"
|
|
|
1e7cac |
ostree config --repo=/sysroot/ostree/repo set "sysroot.readonly" "true"
|
|
|
1e7cac |
touch "${stamp_file}"
|
|
|
1e7cac |
exit 0
|
|
|
1e7cac |
fi
|
|
|
1e7cac |
|
|
|
1e7cac |
# If anything else before failed, we will retry on next boot
|
|
|
1e7cac |
echo "Will retry next boot" 1>&2
|
|
|
1e7cac |
exit 0
|
|
|
1e7cac |
}
|
|
|
1e7cac |
|
|
|
1e7cac |
main "${@}"
|