From 37109fdf9808ffc87cfff5604c8ca445ffdec64c Mon Sep 17 00:00:00 2001 From: "David Kaspar [Dee'Kej]" Date: Wed, 30 May 2018 17:01:59 +0200 Subject: fedora-* services renamed to more general names This removes the OS flavour embedded into the initscripts. See also: https://bugzilla.redhat.com/show_bug.cgi?id=1584645 Resolves: #161 --- initscripts.spec | 11 +- po/Makefile | 5 +- po/initscripts.pot | 72 ++++---- usr/lib/systemd/fedora-domainname | 9 - usr/lib/systemd/fedora-import-state | 39 ---- usr/lib/systemd/fedora-loadmodules | 11 -- usr/lib/systemd/fedora-readonly | 204 --------------------- usr/lib/systemd/import-state | 39 ++++ usr/lib/systemd/loadmodules | 11 ++ usr/lib/systemd/nis-domainname | 9 + usr/lib/systemd/readonly-root | 204 +++++++++++++++++++++ usr/lib/systemd/system/fedora-domainname.service | 13 -- usr/lib/systemd/system/fedora-import-state.service | 17 -- usr/lib/systemd/system/fedora-loadmodules.service | 16 -- usr/lib/systemd/system/fedora-readonly.service | 15 -- usr/lib/systemd/system/import-state.service | 17 ++ usr/lib/systemd/system/loadmodules.service | 16 ++ usr/lib/systemd/system/nis-domainname.service | 13 ++ usr/lib/systemd/system/readonly-root.service | 15 ++ 19 files changed, 371 insertions(+), 365 deletions(-) delete mode 100755 usr/lib/systemd/fedora-domainname delete mode 100755 usr/lib/systemd/fedora-import-state delete mode 100755 usr/lib/systemd/fedora-loadmodules delete mode 100755 usr/lib/systemd/fedora-readonly create mode 100755 usr/lib/systemd/import-state create mode 100755 usr/lib/systemd/loadmodules create mode 100755 usr/lib/systemd/nis-domainname create mode 100755 usr/lib/systemd/readonly-root delete mode 100644 usr/lib/systemd/system/fedora-domainname.service delete mode 100644 usr/lib/systemd/system/fedora-import-state.service delete mode 100644 usr/lib/systemd/system/fedora-loadmodules.service delete mode 100644 usr/lib/systemd/system/fedora-readonly.service create mode 100644 usr/lib/systemd/system/import-state.service create mode 100644 usr/lib/systemd/system/loadmodules.service create mode 100644 usr/lib/systemd/system/nis-domainname.service create mode 100644 usr/lib/systemd/system/readonly-root.service diff --git a/initscripts.spec b/initscripts.spec index ae9a65c8..0a3209b4 100644 --- a/initscripts.spec +++ b/initscripts.spec @@ -131,7 +131,7 @@ touch %{buildroot}%{_sbindir}/ifdown # --------------- %post -%systemd_post fedora-domainname.service fedora-import-state.service fedora-loadmodules.service fedora-readonly.service +%systemd_post nis-domainname.service import-state.service loadmodules.service readonly-root.service chkconfig --add network > /dev/null 2>&1 || : chkconfig --add netconsole > /dev/null 2>&1 || : @@ -146,7 +146,7 @@ chkconfig --add netconsole > /dev/null 2>&1 || : # --------------- %preun -%systemd_preun fedora-domainname.service fedora-import-state.service fedora-loadmodules.service fedora-readonly.service +%systemd_preun nis-domainname.service import-state.service loadmodules.service readonly-root.service if [ $1 -eq 0 ]; then chkconfig --del network > /dev/null 2>&1 || : @@ -157,7 +157,7 @@ fi # --------------- %postun -%systemd_postun fedora-domainname.service fedora-import-state.service fedora-loadmodules.service fedora-readonly.service +%systemd_postun nis-domainname.service import-state.service loadmodules.service readonly-root.service # === PACKAGING INSTRUCTIONS ================================================== @@ -211,7 +211,10 @@ fi %attr(4755,root,root) %{_sbindir}/usernetctl -%{_prefix}/lib/systemd/fedora-* +%{_prefix}/lib/systemd/import-state +%{_prefix}/lib/systemd/loadmodules +%{_prefix}/lib/systemd/nis-domainname +%{_prefix}/lib/systemd/readonly-root %{_prefix}/lib/systemd/system/* %{_prefix}/lib/udev/rename_device diff --git a/po/Makefile b/po/Makefile index dedfc494..0855db87 100644 --- a/po/Makefile +++ b/po/Makefile @@ -29,7 +29,10 @@ FMTCATALOGS = $(patsubst %.po,%.mo,$(CATALOGS)) POTFILES = $(shell ls ../network-scripts/* | grep -v ifcfg-) \ ..$(sbindir)/service \ - ..$(libdir)/systemd/fedora-* \ + ..$(libdir)/systemd/import-state \ + ..$(libdir)/systemd/loadmodules \ + ..$(libdir)/systemd/nis-domainname \ + ..$(libdir)/systemd/readonly-root \ ..$(sysconfdir)/rc.d/init.d/*\ diff --git a/po/initscripts.pot b/po/initscripts.pot index 5d4ec9c9..a4c1e33a 100644 --- a/po/initscripts.pot +++ b/po/initscripts.pot @@ -87,23 +87,23 @@ msgstr "" msgid "error iN $FILE: didn't specify netmask or prefix" msgstr "" -#: ../network-scripts/ifup-aliases:239 ../network-scripts/ifup-aliases:250 +#: ../network-scripts/ifup-aliases:238 ../network-scripts/ifup-aliases:249 msgid "error in ifcfg-${parent_device}: files" msgstr "" -#: ../network-scripts/ifup-aliases:271 +#: ../network-scripts/ifup-aliases:269 msgid "Determining if ip address ${IPADDR} is already in use for device ${parent_device}..." msgstr "" -#: ../network-scripts/ifup-aliases:275 +#: ../network-scripts/ifup-aliases:273 msgid "Error, some other host ($ARPINGMAC) already uses address ${IPADDR}." msgstr "" -#: ../network-scripts/ifup-aliases:337 +#: ../network-scripts/ifup-aliases:334 msgid "error in $FILE: IPADDR_START and IPADDR_END don't agree" msgstr "" -#: ../network-scripts/ifup-aliases:342 +#: ../network-scripts/ifup-aliases:339 msgid "error in $FILE: IPADDR_START greater than IPADDR_END" msgstr "" @@ -251,43 +251,43 @@ msgstr "" msgid "Usage: $0 {start|stop|reload|restart|showsysctl}" msgstr "" -#: ../network-scripts/network-functions:416 +#: ../network-scripts/network-functions:398 msgid "Both 'DHCP_HOSTNAME=${DHCP_HOSTNAME}' and 'DHCP_FQDN=${DHCP_FQDN}' are configured... Using DHCP_FQDN." msgstr "" -#: ../network-scripts/network-functions:584 +#: ../network-scripts/network-functions:566 msgid "Failed to set value '$value' [mode] to ${DEVICE} bonding device" msgstr "" -#: ../network-scripts/network-functions:590 +#: ../network-scripts/network-functions:572 msgid "Failed to set value '$value' [miimon] to ${DEVICE} bonding device" msgstr "" -#: ../network-scripts/network-functions:610 +#: ../network-scripts/network-functions:592 msgid "Failed to set '$arp_ip' value [arp_ip_target] to ${DEVICE} bonding device" msgstr "" -#: ../network-scripts/network-functions:618 +#: ../network-scripts/network-functions:600 msgid "Failed to set '$value' value [arp_ip_target] to ${DEVICE} bonding device" msgstr "" -#: ../network-scripts/network-functions:623 +#: ../network-scripts/network-functions:605 msgid "Failed to set '$value' value [$key] to ${DEVICE} bonding device" msgstr "" -#: ../network-scripts/network-functions:696 +#: ../network-scripts/network-functions:678 msgid "DEBUG " msgstr "" -#: ../network-scripts/network-functions:699 +#: ../network-scripts/network-functions:681 msgid "ERROR " msgstr "" -#: ../network-scripts/network-functions:702 +#: ../network-scripts/network-functions:684 msgid "WARN " msgstr "" -#: ../network-scripts/network-functions:705 +#: ../network-scripts/network-functions:687 msgid "INFO " msgstr "" @@ -487,87 +487,87 @@ msgstr "" msgid "Reloading systemd: " msgstr "" -#: ../etc/rc.d/init.d/functions:248 ../etc/rc.d/init.d/functions:286 +#: ../etc/rc.d/init.d/functions:235 ../etc/rc.d/init.d/functions:273 msgid "$0: Usage: daemon [+/-nicelevel] {program}" msgstr "" -#: ../etc/rc.d/init.d/functions:329 ../etc/rc.d/init.d/functions:329 +#: ../etc/rc.d/init.d/functions:316 ../etc/rc.d/init.d/functions:316 msgid "$base startup" msgstr "" -#: ../etc/rc.d/init.d/functions:339 ../etc/rc.d/init.d/functions:358 +#: ../etc/rc.d/init.d/functions:326 ../etc/rc.d/init.d/functions:345 msgid "Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]" msgstr "" -#: ../etc/rc.d/init.d/functions:348 ../etc/rc.d/init.d/functions:475 +#: ../etc/rc.d/init.d/functions:335 ../etc/rc.d/init.d/functions:462 msgid "-b option can be used only with -p" msgstr "" -#: ../etc/rc.d/init.d/functions:349 +#: ../etc/rc.d/init.d/functions:336 msgid "Usage: killproc -p pidfile -b binary program" msgstr "" -#: ../etc/rc.d/init.d/functions:378 ../etc/rc.d/init.d/functions:388 ../etc/rc.d/init.d/functions:388 ../etc/rc.d/init.d/functions:403 +#: ../etc/rc.d/init.d/functions:365 ../etc/rc.d/init.d/functions:375 ../etc/rc.d/init.d/functions:375 ../etc/rc.d/init.d/functions:390 msgid "$base shutdown" msgstr "" -#: ../etc/rc.d/init.d/functions:394 ../etc/rc.d/init.d/functions:394 +#: ../etc/rc.d/init.d/functions:381 ../etc/rc.d/init.d/functions:381 msgid "$base $killlevel" msgstr "" -#: ../etc/rc.d/init.d/functions:421 +#: ../etc/rc.d/init.d/functions:408 msgid "Usage: pidfileofproc {program}" msgstr "" -#: ../etc/rc.d/init.d/functions:436 +#: ../etc/rc.d/init.d/functions:423 msgid "Usage: pidofproc [-p pidfile] {program}" msgstr "" -#: ../etc/rc.d/init.d/functions:462 +#: ../etc/rc.d/init.d/functions:449 msgid "Usage: status [-p pidfile] {program}" msgstr "" -#: ../etc/rc.d/init.d/functions:476 +#: ../etc/rc.d/init.d/functions:463 msgid "Usage: status -p pidfile -b binary program" msgstr "" -#: ../etc/rc.d/init.d/functions:503 ../etc/rc.d/init.d/functions:509 +#: ../etc/rc.d/init.d/functions:490 ../etc/rc.d/init.d/functions:496 msgid "${base} (pid $pid) is running..." msgstr "" -#: ../etc/rc.d/init.d/functions:513 +#: ../etc/rc.d/init.d/functions:500 msgid "${base} dead but pid file exists" msgstr "" -#: ../etc/rc.d/init.d/functions:517 +#: ../etc/rc.d/init.d/functions:504 msgid "${base} status unknown due to insufficient privileges." msgstr "" -#: ../etc/rc.d/init.d/functions:526 +#: ../etc/rc.d/init.d/functions:513 msgid "${base} dead but subsys locked" msgstr "" -#: ../etc/rc.d/init.d/functions:529 +#: ../etc/rc.d/init.d/functions:516 msgid "${base} is stopped" msgstr "" -#: ../etc/rc.d/init.d/functions:537 +#: ../etc/rc.d/init.d/functions:524 msgid " OK " msgstr "" -#: ../etc/rc.d/init.d/functions:548 +#: ../etc/rc.d/init.d/functions:535 msgid "FAILED" msgstr "" -#: ../etc/rc.d/init.d/functions:559 +#: ../etc/rc.d/init.d/functions:546 msgid "PASSED" msgstr "" -#: ../etc/rc.d/init.d/functions:570 +#: ../etc/rc.d/init.d/functions:557 msgid "WARNING" msgstr "" -#: ../etc/rc.d/init.d/functions:620 ../etc/rc.d/init.d/functions:620 +#: ../etc/rc.d/init.d/functions:607 ../etc/rc.d/init.d/functions:607 msgid "$STRING" msgstr "" diff --git a/usr/lib/systemd/fedora-domainname b/usr/lib/systemd/fedora-domainname deleted file mode 100755 index 5c934584..00000000 --- a/usr/lib/systemd/fedora-domainname +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/bash -. /etc/sysconfig/network - -if [ -n "${NISDOMAIN}" ] && [ -x /usr/bin/domainname ]; then - domainname ${NISDOMAIN} - exit $? -fi - -exit 0 diff --git a/usr/lib/systemd/fedora-import-state b/usr/lib/systemd/fedora-import-state deleted file mode 100755 index 85bc4817..00000000 --- a/usr/lib/systemd/fedora-import-state +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# fedora-import-state: import state files from initramfs (e.g. network config) - -# Copy state into root folder: -# ============================ -cd /run/initramfs/state - -IFS_backup=$IFS -IFS=$'\n' # Process find's results line by line - -dirs_found=$(find . -type d) - -for dir in $dirs_found; do - pushd "$dir" > /dev/null - - # Remove initial '.' char from the find's result: - dest_dir="${dir/\./}" - - # Create destination folder if it does not exist (with the same rights): - if [[ -n "$dest_dir" && ! -d "$dest_dir" ]]; then - mkdir -p "$dest_dir" - chmod --reference="$PWD" "$dest_dir" - chown --reference="$PWD" "$dest_dir" - fi - - # Copy all files that are not directory: - find . -mindepth 1 -maxdepth 1 -not -type d -exec cp -av -t "$dest_dir" {} \; > /dev/null - - popd > /dev/null -done - -IFS=$IFS_backup - - -# Run restorecon on the copied files: -# =================================== -if [ -e /sys/fs/selinux/enforce ] && [ -x /usr/sbin/restorecon ]; then - find . -mindepth 1 -print0 | { cd / && xargs --null restorecon -iF; } -fi diff --git a/usr/lib/systemd/fedora-loadmodules b/usr/lib/systemd/fedora-loadmodules deleted file mode 100755 index 4fd167c4..00000000 --- a/usr/lib/systemd/fedora-loadmodules +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# Load other user-defined modules -for file in /etc/sysconfig/modules/*.modules ; do - [ -x $file ] && $file -done - -# Load modules (for backward compatibility with VARs) -if [ -f /etc/rc.modules ]; then - /etc/rc.modules -fi diff --git a/usr/lib/systemd/fedora-readonly b/usr/lib/systemd/fedora-readonly deleted file mode 100755 index a3679580..00000000 --- a/usr/lib/systemd/fedora-readonly +++ /dev/null @@ -1,204 +0,0 @@ -#!/bin/bash -# -# Set up readonly-root support. -# - -. /etc/init.d/functions - -# We need to initialize the $HOSTNAME variable by ourselves now: -# (It was previously done for RHEL-6 branch, but got lost in time.) -HOSTNAME="$(hostname)" - -# Check SELinux status -SELINUX_STATE= -if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current | tr -d '\000' )" != "kernel" ]; then - if [ -r "/sys/fs/selinux/enforce" ] ; then - SELINUX_STATE=$(cat "/sys/fs/selinux/enforce") - else - # assume enforcing if you can't read it - SELINUX_STATE=1 - fi -fi - -selinux_fixup() { - if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then - restorecon -R "$1" - fi -} - -# Only read this once. -[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline) - -READONLY= -if [ -f /etc/sysconfig/readonly-root ]; then - . /etc/sysconfig/readonly-root -fi -if strstr "$cmdline" readonlyroot ; then - READONLY=yes - [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable - [ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state -fi -if strstr "$cmdline" noreadonlyroot ; then - READONLY=no -fi - -MOUNTS=() -if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then - - add_mount() { - mnt=${1%/} - MOUNTS=("${MOUNTS[@]}" "$mnt") - } - - cp_empty() { - if [ -e "$1" ]; then - echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null - add_mount $1 - fi - } - - cp_dirs() { - if [ -e "$1" ]; then - mkdir -p "$RW_MOUNT$1" - find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null - add_mount $1 - fi - } - - cp_files() { - if [ -e "$1" ]; then - cp -a --parents "$1" "$RW_MOUNT" - add_mount $1 - fi - } - - # Common mount options for scratch space regardless of - # type of backing store - mountopts= - - # Scan partitions for local scratch storage - rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device) - - bindmountopts= - [ "$SLAVE_MOUNTS" = "yes" ] && bindmountopts="--make-slave" - - # First try to mount scratch storage from /etc/fstab, then any - # partition with the proper label. If either succeeds, be sure - # to wipe the scratch storage clean. If both fail, then mount - # scratch storage via tmpfs. - if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then - rm -rf "$RW_MOUNT" > /dev/null 2>&1 - elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then - rm -rf "$RW_MOUNT" > /dev/null 2>&1 - else - mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT" - fi - - for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do - is_ignored_file "$file" && continue - [ -f $file ] && while read type path ; do - case "$type" in - empty) - cp_empty $path - ;; - files) - cp_files $path - ;; - dirs) - cp_dirs $path - ;; - *) - ;; - esac - done < <(cat $file) - done - - for m in "${MOUNTS[@]}"; do - prefix=0 - for mount_point in "${MOUNTS[@]}"; do - [[ $m = $mount_point ]] && continue - if [[ $m =~ ^$mount_point/.* ]] ; then - prefix=1 - break - fi - done - [[ $prefix -eq 1 ]] && continue - - mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m" - selinux_fixup "$m" - done - - # Use any state passed by initramfs - [ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT - - # In theory there should be no more than one network interface active - # this early in the boot process -- the one we're booting from. - # Use the network address to set the hostname of the client. This - # must be done even if we have local storage. - ipaddr= - if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then - ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }') - for ip in $ipaddr ; do - HOSTNAME= - eval $(ipcalc -h $ipaddr 2>/dev/null) - [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; } - done - fi - - # Clients with read-only root filesystems may be provided with a - # place where they can place minimal amounts of persistent - # state. SSH keys or puppet certificates for example. - # - # Ideally we'll use puppet to manage the state directory and to - # create the bind mounts. However, until that's all ready this - # is sufficient to build a working system. - - # First try to mount persistent data from /etc/fstab, then any - # partition with the proper label, then fallback to NFS - state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device) - if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then - /bin/true - elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then - /bin/true - elif [ ! -z "$CLIENTSTATE" ]; then - # No local storage was found. Make a final attempt to find - # state on an NFS server. - - mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock - fi - - if [ -w "$STATE_MOUNT" ]; then - - mount_state() { - if [ -e "$1" ]; then - [ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT" - mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1" - fi - } - - for file in /etc/statetab /etc/statetab.d/* ; do - is_ignored_file "$file" && continue - [ ! -f "$file" ] && continue - - if [ -f "$STATE_MOUNT/$file" ] ; then - mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file" - fi - - for path in $(grep -v "^#" "$file" 2>/dev/null); do - mount_state "$path" - selinux_fixup "$path" - done - done - - if [ -f "$STATE_MOUNT/files" ] ; then - for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do - mount_state "$path" - selinux_fixup "$path" - done - fi - fi - - if mount | grep -q /var/lib/nfs/rpc_pipefs ; then - mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs - fi -fi diff --git a/usr/lib/systemd/import-state b/usr/lib/systemd/import-state new file mode 100755 index 00000000..be2d13eb --- /dev/null +++ b/usr/lib/systemd/import-state @@ -0,0 +1,39 @@ +#!/bin/bash +# import-state: import state files from initramfs (e.g. network config) + +# Copy state into root folder: +# ============================ +cd /run/initramfs/state + +IFS_backup=$IFS +IFS=$'\n' # Process find's results line by line + +dirs_found=$(find . -type d) + +for dir in $dirs_found; do + pushd "$dir" > /dev/null + + # Remove initial '.' char from the find's result: + dest_dir="${dir/\./}" + + # Create destination folder if it does not exist (with the same rights): + if [[ -n "$dest_dir" && ! -d "$dest_dir" ]]; then + mkdir -p "$dest_dir" + chmod --reference="$PWD" "$dest_dir" + chown --reference="$PWD" "$dest_dir" + fi + + # Copy all files that are not directory: + find . -mindepth 1 -maxdepth 1 -not -type d -exec cp -av -t "$dest_dir" {} \; > /dev/null + + popd > /dev/null +done + +IFS=$IFS_backup + + +# Run restorecon on the copied files: +# =================================== +if [ -e /sys/fs/selinux/enforce ] && [ -x /usr/sbin/restorecon ]; then + find . -mindepth 1 -print0 | { cd / && xargs --null restorecon -iF; } +fi diff --git a/usr/lib/systemd/loadmodules b/usr/lib/systemd/loadmodules new file mode 100755 index 00000000..4fd167c4 --- /dev/null +++ b/usr/lib/systemd/loadmodules @@ -0,0 +1,11 @@ +#!/bin/bash + +# Load other user-defined modules +for file in /etc/sysconfig/modules/*.modules ; do + [ -x $file ] && $file +done + +# Load modules (for backward compatibility with VARs) +if [ -f /etc/rc.modules ]; then + /etc/rc.modules +fi diff --git a/usr/lib/systemd/nis-domainname b/usr/lib/systemd/nis-domainname new file mode 100755 index 00000000..5c934584 --- /dev/null +++ b/usr/lib/systemd/nis-domainname @@ -0,0 +1,9 @@ +#!/usr/bin/bash +. /etc/sysconfig/network + +if [ -n "${NISDOMAIN}" ] && [ -x /usr/bin/domainname ]; then + domainname ${NISDOMAIN} + exit $? +fi + +exit 0 diff --git a/usr/lib/systemd/readonly-root b/usr/lib/systemd/readonly-root new file mode 100755 index 00000000..a3679580 --- /dev/null +++ b/usr/lib/systemd/readonly-root @@ -0,0 +1,204 @@ +#!/bin/bash +# +# Set up readonly-root support. +# + +. /etc/init.d/functions + +# We need to initialize the $HOSTNAME variable by ourselves now: +# (It was previously done for RHEL-6 branch, but got lost in time.) +HOSTNAME="$(hostname)" + +# Check SELinux status +SELINUX_STATE= +if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current | tr -d '\000' )" != "kernel" ]; then + if [ -r "/sys/fs/selinux/enforce" ] ; then + SELINUX_STATE=$(cat "/sys/fs/selinux/enforce") + else + # assume enforcing if you can't read it + SELINUX_STATE=1 + fi +fi + +selinux_fixup() { + if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then + restorecon -R "$1" + fi +} + +# Only read this once. +[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline) + +READONLY= +if [ -f /etc/sysconfig/readonly-root ]; then + . /etc/sysconfig/readonly-root +fi +if strstr "$cmdline" readonlyroot ; then + READONLY=yes + [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable + [ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state +fi +if strstr "$cmdline" noreadonlyroot ; then + READONLY=no +fi + +MOUNTS=() +if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then + + add_mount() { + mnt=${1%/} + MOUNTS=("${MOUNTS[@]}" "$mnt") + } + + cp_empty() { + if [ -e "$1" ]; then + echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null + add_mount $1 + fi + } + + cp_dirs() { + if [ -e "$1" ]; then + mkdir -p "$RW_MOUNT$1" + find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null + add_mount $1 + fi + } + + cp_files() { + if [ -e "$1" ]; then + cp -a --parents "$1" "$RW_MOUNT" + add_mount $1 + fi + } + + # Common mount options for scratch space regardless of + # type of backing store + mountopts= + + # Scan partitions for local scratch storage + rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device) + + bindmountopts= + [ "$SLAVE_MOUNTS" = "yes" ] && bindmountopts="--make-slave" + + # First try to mount scratch storage from /etc/fstab, then any + # partition with the proper label. If either succeeds, be sure + # to wipe the scratch storage clean. If both fail, then mount + # scratch storage via tmpfs. + if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then + rm -rf "$RW_MOUNT" > /dev/null 2>&1 + elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then + rm -rf "$RW_MOUNT" > /dev/null 2>&1 + else + mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT" + fi + + for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do + is_ignored_file "$file" && continue + [ -f $file ] && while read type path ; do + case "$type" in + empty) + cp_empty $path + ;; + files) + cp_files $path + ;; + dirs) + cp_dirs $path + ;; + *) + ;; + esac + done < <(cat $file) + done + + for m in "${MOUNTS[@]}"; do + prefix=0 + for mount_point in "${MOUNTS[@]}"; do + [[ $m = $mount_point ]] && continue + if [[ $m =~ ^$mount_point/.* ]] ; then + prefix=1 + break + fi + done + [[ $prefix -eq 1 ]] && continue + + mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m" + selinux_fixup "$m" + done + + # Use any state passed by initramfs + [ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT + + # In theory there should be no more than one network interface active + # this early in the boot process -- the one we're booting from. + # Use the network address to set the hostname of the client. This + # must be done even if we have local storage. + ipaddr= + if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then + ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }') + for ip in $ipaddr ; do + HOSTNAME= + eval $(ipcalc -h $ipaddr 2>/dev/null) + [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; } + done + fi + + # Clients with read-only root filesystems may be provided with a + # place where they can place minimal amounts of persistent + # state. SSH keys or puppet certificates for example. + # + # Ideally we'll use puppet to manage the state directory and to + # create the bind mounts. However, until that's all ready this + # is sufficient to build a working system. + + # First try to mount persistent data from /etc/fstab, then any + # partition with the proper label, then fallback to NFS + state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device) + if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then + /bin/true + elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then + /bin/true + elif [ ! -z "$CLIENTSTATE" ]; then + # No local storage was found. Make a final attempt to find + # state on an NFS server. + + mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock + fi + + if [ -w "$STATE_MOUNT" ]; then + + mount_state() { + if [ -e "$1" ]; then + [ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT" + mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1" + fi + } + + for file in /etc/statetab /etc/statetab.d/* ; do + is_ignored_file "$file" && continue + [ ! -f "$file" ] && continue + + if [ -f "$STATE_MOUNT/$file" ] ; then + mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file" + fi + + for path in $(grep -v "^#" "$file" 2>/dev/null); do + mount_state "$path" + selinux_fixup "$path" + done + done + + if [ -f "$STATE_MOUNT/files" ] ; then + for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do + mount_state "$path" + selinux_fixup "$path" + done + fi + fi + + if mount | grep -q /var/lib/nfs/rpc_pipefs ; then + mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs + fi +fi diff --git a/usr/lib/systemd/system/fedora-domainname.service b/usr/lib/systemd/system/fedora-domainname.service deleted file mode 100644 index b62e52b1..00000000 --- a/usr/lib/systemd/system/fedora-domainname.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Read and set NIS domainname from /etc/sysconfig/network -Before=ypbind.service yppasswdd.service ypserv.service ypxfrd.service sysinit.target -DefaultDependencies=no -Conflicts=shutdown.target - -[Service] -ExecStart=/usr/lib/systemd/fedora-domainname -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/fedora-import-state.service b/usr/lib/systemd/system/fedora-import-state.service deleted file mode 100644 index b43ac29f..00000000 --- a/usr/lib/systemd/system/fedora-import-state.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Import network configuration from initramfs -DefaultDependencies=no -ConditionPathIsReadWrite=/ -ConditionDirectoryNotEmpty=/run/initramfs/state -Conflicts=shutdown.target -Before=shutdown.target emergency.service emergency.target systemd-tmpfiles-setup.service sysinit.target -After=local-fs.target - -[Service] -ExecStart=/usr/lib/systemd/fedora-import-state -Type=oneshot -TimeoutSec=0 -RemainAfterExit=yes - -[Install] -WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/fedora-loadmodules.service b/usr/lib/systemd/system/fedora-loadmodules.service deleted file mode 100644 index 641e7711..00000000 --- a/usr/lib/systemd/system/fedora-loadmodules.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Load legacy module configuration -DefaultDependencies=no -Conflicts=shutdown.target -Before=sysinit.target shutdown.target -ConditionPathExists=|/etc/rc.modules -ConditionDirectoryNotEmpty=|/etc/sysconfig/modules/ - -[Service] -ExecStart=/usr/lib/systemd/fedora-loadmodules -Type=oneshot -TimeoutSec=0 -RemainAfterExit=yes - -[Install] -WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/fedora-readonly.service b/usr/lib/systemd/system/fedora-readonly.service deleted file mode 100644 index 30530219..00000000 --- a/usr/lib/systemd/system/fedora-readonly.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Configure read-only root support -DefaultDependencies=no -Conflicts=shutdown.target -Before=shutdown.target emergency.service emergency.target systemd-tmpfiles-setup.service local-fs.target systemd-random-seed.service -After=systemd-remount-fs.service - -[Service] -ExecStart=/usr/lib/systemd/fedora-readonly -Type=oneshot -TimeoutSec=0 -RemainAfterExit=yes - -[Install] -WantedBy=local-fs.target diff --git a/usr/lib/systemd/system/import-state.service b/usr/lib/systemd/system/import-state.service new file mode 100644 index 00000000..2aab4301 --- /dev/null +++ b/usr/lib/systemd/system/import-state.service @@ -0,0 +1,17 @@ +[Unit] +Description=Import network configuration from initramfs +DefaultDependencies=no +ConditionPathIsReadWrite=/ +ConditionDirectoryNotEmpty=/run/initramfs/state +Conflicts=shutdown.target +Before=shutdown.target emergency.service emergency.target systemd-tmpfiles-setup.service sysinit.target +After=local-fs.target + +[Service] +ExecStart=/usr/lib/systemd/import-state +Type=oneshot +TimeoutSec=0 +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/loadmodules.service b/usr/lib/systemd/system/loadmodules.service new file mode 100644 index 00000000..cba281a5 --- /dev/null +++ b/usr/lib/systemd/system/loadmodules.service @@ -0,0 +1,16 @@ +[Unit] +Description=Load legacy module configuration +DefaultDependencies=no +Conflicts=shutdown.target +Before=sysinit.target shutdown.target +ConditionPathExists=|/etc/rc.modules +ConditionDirectoryNotEmpty=|/etc/sysconfig/modules/ + +[Service] +ExecStart=/usr/lib/systemd/loadmodules +Type=oneshot +TimeoutSec=0 +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/nis-domainname.service b/usr/lib/systemd/system/nis-domainname.service new file mode 100644 index 00000000..3f8412ae --- /dev/null +++ b/usr/lib/systemd/system/nis-domainname.service @@ -0,0 +1,13 @@ +[Unit] +Description=Read and set NIS domainname from /etc/sysconfig/network +Before=ypbind.service yppasswdd.service ypserv.service ypxfrd.service sysinit.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Service] +ExecStart=/usr/lib/systemd/nis-domainname +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/usr/lib/systemd/system/readonly-root.service b/usr/lib/systemd/system/readonly-root.service new file mode 100644 index 00000000..83af6acd --- /dev/null +++ b/usr/lib/systemd/system/readonly-root.service @@ -0,0 +1,15 @@ +[Unit] +Description=Configure read-only root support +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target emergency.service emergency.target systemd-tmpfiles-setup.service local-fs.target systemd-random-seed.service +After=systemd-remount-fs.service + +[Service] +ExecStart=/usr/lib/systemd/readonly-root +Type=oneshot +TimeoutSec=0 +RemainAfterExit=yes + +[Install] +WantedBy=local-fs.target -- cgit v1.2.1