On Fri, 26 Apr 2019 at 14:47, Dan Nicholson <nicholson@xxxxxxxxxxxx> wrote:
> I think /etc is the only guaranteed to be writable location that's
> generic to all ostree systems. If possible, I'd get systemd to honor
> /etc/system-update.
Lennart, is the attached going to be acceptable to you (of course as a
PR with docs...), or do you want me to build a generator and ship
something in fwupd? Another completely acceptable answer might be:
just run the firmware update After=final.target as a one-shot
service...
If the /etc/system-update isn't too bad as a concept I'd really like
to keep everything in systemd so that if there are any changes to how
this works they are all done in one project, not two.
Richard
From f190efefb00c73087c8ceafd1ca0fdab100cfa36 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@xxxxxxxxxxx>
Date: Fri, 26 Apr 2019 14:53:34 +0100
Subject: [PATCH] Support /etc/system-update for OSTree systems
This is required when / is immutable and cannot be written at runtime.
---
.../system-update-generator.c | 3 +-
units/meson.build | 1 +
units/system-update-sysroot-cleanup.service | 35 +++++++++++++++++++
3 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 units/system-update-sysroot-cleanup.service
diff --git a/src/system-update-generator/system-update-generator.c b/src/system-update-generator/system-update-generator.c
index 77e265d710..c90374d01b 100644
--- a/src/system-update-generator/system-update-generator.c
+++ b/src/system-update-generator/system-update-generator.c
@@ -20,7 +20,8 @@ static const char *arg_dest = NULL;
static int generate_symlink(void) {
const char *p = NULL;
- if (laccess("/system-update", F_OK) < 0) {
+ if (laccess("/system-update", F_OK) < 0 &&
+ laccess("/etc/system-update", F_OK) < 0) {
if (errno == ENOENT)
return 0;
diff --git a/units/meson.build b/units/meson.build
index a5610506d5..8111dd963e 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -77,6 +77,7 @@ units = [
['system-update.target', ''],
['system-update-pre.target', ''],
['system-update-cleanup.service', ''],
+ ['system-update-sysroot-cleanup.service',''],
['systemd-ask-password-console.path', '',
'sysinit.target.wants/'],
['systemd-ask-password-wall.path', '',
diff --git a/units/system-update-sysroot-cleanup.service b/units/system-update-sysroot-cleanup.service
new file mode 100644
index 0000000000..f0dea64f19
--- /dev/null
+++ b/units/system-update-sysroot-cleanup.service
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: LGPL-2.1+
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Remove the Offline System Updates symlink
+Documentation=man:systemd.special(7) man:systemd.offline-updates(7)
+After=system-update.target
+DefaultDependencies=no
+Conflicts=shutdown.target
+Before=shutdown.target
+SuccessAction=reboot
+
+# system-update-generator uses laccess("/etc/system-update"), while a plain
+# ConditionPathExists=/system-update uses access("/etc/system-update"), so
+# we need an alternate condition to cover the case of a dangling symlink.
+#
+# This service is only invoked if /etc/system-update exists, i.e. if the
+# condition tested by system-update-generator remains true and the system
+# would be diverted into system-update.target again after reboot. This way
+# we guard against being diverted into system-update.target again, which
+# works as a safety measure, but we will not step on the toes of the
+# update script if it successfully removed the symlink and scheduled a
+# reboot or some other action on its own.
+ConditionPathExists=|/etc/system-update
+ConditionPathIsSymbolicLink=|/etc/system-update
+
+[Service]
+Type=oneshot
+ExecStart=/bin/rm -fv /etc/system-update
--
2.21.0
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
