| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deleting a variable with a long value exposed a duplicate
openbmcinitdownloadurl variable resulting in two lines in the
url file, and wget was not happy.
The u-boot environment ends with a double NUL character like
many operating environments. Using strings to separate on the
NUL bytes was loosing this information.
The fw_printenv command does not clear the remainder of the
environment when deleting variables. Instead it just makes sure
it is terminated with a double NUL byte.
Switch from strings to tr to separate the strings. Translate NL
to CR to avoid false matches, and use sed to detect a blank line.
Also use tail to skip over the CRC bytes. We don't have the
config file to know if a flag exists so assume 1 copy for now.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Install the init-option and init-download-url if they exist in
the build directory.
This change to the bitbake recipe allows an override layer to
simply add these files to the SRC_URI variable and then have them
appear in the initramfs.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a hook to download a read-only file system image file from
a URL using TFTP, HTTP, or FTP. The URL is retrieved from a
u-boot environment variable unless the file is already in the
initramfs image. Only execute this command if the previously
established options file has a keyword trigger. Do not even
consider the option if a build option flag is not set to y,
and allow each protocol to be disabled by simiar build options.
This allows one to specify at u-boot commands that would download
a read-only file system into memory for execution this boot instead
of needing to create a custom initramfs to netboot or specifying
debug-init-sh, entering the password, and doing the download from
the shell.
Note: Access to set u-boot environment variables implys the
ability to replace the kernel and initramfs session. Access to
the variables and the serial console likely gives full root access
to the system at this time. The existing shutdown and update
scripts have paths that expose a root shell to the serial port
without a prior password challenge.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the file /init-options exists copy it to the runtime location
/run/initramfs/init-options.
This allows an initramfs image to be built that will not parse
any u-boot or command line variables by adding a file into the
the image. This can be done either through a recipe overlay or
additonal package today and could also be a cpio merged into the
initrd in the future.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Look in the saved u-boot environment for init options in addition
to the kernel command line. This allows setting options to run
in the u-boot environment instead of setting bootargs.
Look at specific variables but not the whole environment so that
users can setup variable to run. Look at two variables so scripts
can automatically clear one on successful boot as one-time options
(defer that to the full filesystem).
Instead of having the full fw_setenv / fw_getenv binaries which
would overflow the existing space for the initramfs, just use the
busybox strings command to extract the variables. The oldest
variable might get a crc32 character or flag byte if redundant
environment were configured for nand but that is not expected
to be these user defined variables.
[1] The environment consists of a crc32, a flag byte if a
redundant environment is configured, then a series of var=value
strings separated by NUL bytes. The flag byte is 1 (active) or 0
(obsolete) for NOR flash, or a counter 0-255 in nand, the flag
byte cycles through 0-255.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Add an option to copy files from the rwfs to ram then run in ram.
This allows customizations like user ids and network settings to
be initialized from the read-write filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
| |
Use the copy in /run/initramfs/update to call update to be consistent
with other uses.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
When calling update for save and restore phases be explicitly tell
update to clean saved files when we are done and not bother trying
to save or restore when we know we will do a split save, erase, and
restore sequence.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If copy-base-filesystem-to-ram is found copy the read-only
filesystem source device to /run/image-rofs. If the copy fails
then remove the partial copy and invoke debug takeover.
This will allow a new image to be downloaded and flashed while
running from the existing copy for the duration of this boot.
Alternatively with the overlay also in RAM pflash could be used
to update the flash from the host as the BMC would no longer need
the flash or flash controller.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
| |
If overlay-filesystem-in-ram is found set rwfst=none suppressing
the rwfs mount.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If images are to be updated before init continue to move them
to /run/initramfs. However, if they are not to be flashed before
init instead move them to /run.
This will result in the image-rofs being loop mounted for this run,
and all images will be available at runtime for flash update at
runtime.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow file system type none for rwfst, which means do not mount a
separate file system but just use the directory in the tmpfs /run.
This will be used to allow the flash controller to not be used by
the running image, allowing flash updates while the BMC is running
the main application.
It could also be used for a file system less prone to corruption
where the read-write overlay is only updated with whitelisted files
at specific points in time with updates to the update script.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Decide lack of fsck is not a problem by the type of the rwfs image
instead of the full name of the fsck command. This eliminates
duplicates knowledge of how the fsck path is formed.
Suggested-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If a read-only file system image is in /run, specifically
/run/image-rofs, then mount it instead of the mtd partition.
This will allow running from ram to allow the flash to be updated,
either from a downloaded image, a packaged image, or an image
copied at boot.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Grep options from a file instead of directly from /proc/cmdline
which will allow additonal sources for options.
Initially the options file is just a copy of the kernel command
line, but it may be edited at debug-init-sh or via a later
debug_takeover point or before restarting init.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note explicitly when an empty image is provided that will not
alter a flash partition.
While using flashcp on an empty file succeeds and does not alter
the flash, it may be confusing to see 0/0 messages for the erase,
write, and verify phases.
These empty files are used to trigger the save and restore phases
and may also be used by developers to cause the update to fail
and break into a shell at shutdown for maintence.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove image files as they are flashed so a repeated call to
update does not erase and write the image again.
As we add the ability to call update at runtime repeated calls
are expected. This both signals successful copy and removes the
need for callers to cleanup.
Also remove commented alternate flash method using eraseall
that was not tested.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add an option to copy files to the runtime copy-on-write upper
directory from the saved directory to allow init to request the
files for use without knowing the saved files directory.
This will be used to initialize the cow directory from the
persistent rwfs file system when choosing to run in RAM.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Skip mounting and unmounting the read-write file system when
saving files if the upper directory exists. Instead interpret
this as a sign the system either is or was running from RAM (or
from some future alternative and maybe temporary mounted file
system) and save the files from that upper directory.
It is possible some other filesystem is mounted on the read-write
mountpoint that is not a mtd device, either a tmpfs or some
other future media, so only try to unmount the file system if
this update script mounted it.
Each boot an empty /run filesytem is created and populated by init
with selected directories and mount points for the read-only and
read-write file systems and mounts them on these points.
The upper directory is under the read-write mount point, so if it
exists then either a file system is mounted there or the system
was prepared to run from RAM using the run tmpfs file system and
updates may have been made there. In either case the files to
be saved exist in that directory.
Background on overlayfs:
The upper directory contains files and directory entries that were
either opened for write or had meta data changed. Before this
happens the overlayfs copies each file or directory by name into
the work directory then atomically moves it into the corresponding
upper directory.
To form a read-write overlayfs mount, the upper directory must be,
by definition, in a read-write file system along with the work
directory, and both are required to be in the same filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Use the full /run/initramfs/rw path for the mount point of the
read-write filesystem.
This prevents creating and directories in / when it is invoked
before shutdown.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
This will ensure the cp command always writes to an existing
directory but will also make any future component directories if
the upper directory is later moved from the root of the filesystem.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
This will allow us to restore or check-point the whitelisted files
to the read-write filesystem device without causing confusion by
mounting over the upperdir location while at runtime.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Instead of in saving files in root which is messy and logically
part of the cow space, save the files in a directory under /run
which will be mounted during init, runtime, and shutdown.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Find the whitelist under /run/initramfs directory instead of
looking in root directory. This results in the whitelist always
existing and being the same instance (copy) in all environments.
Currently the update script is invoked from two places: from
shutdown, where systemd bind-mounted the initramfs directory on
itself and made it root (with its parent /run mounted underneath
it in a twist), and from the initramfs init script where it
copied the files from its root directory into the /run/initramfs
directory for use at shutdown time when the original rootfs is
no longer reachable.
By looking under /run/initramfs we will always look at one copy
of the whitelist. This will also allow future modes where the
update script can be invoked while running from a copies of
the file systems located in RAM.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let the copy loop execute zero times instead of checking if
the whitelist is empty.
Suppressing the mount and copying the files can be achieved via
command line options. This removes a condition and prepares for
splitting the whitelist into component files with support for
commented out lines.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the save and/or restore of whitelisted files to be
suppressed.
This reduces the noise and possible problems trying to mount the
read-write filesystem read-write when its dirty. The filesystem
may be cleaned or repaired between the backup and restore.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because update now returns to shutdown for the final halt or
reboot system call it does not need to handle systemd arguments.
Instead update is being invoked from multiple environments, and
further environments will need alternate behaviors.
Add a code to start parsing the command line. Start wtih a flag
to clean the saved files at the end of the update process.
This will reclaim the space and prevent stale saved files
from being restored without requiring the calling script to
know the location of the saved files directory.
Parse true and complement actions in case we decide to change
the defaults later.
For now keep the user feature of calling update, flashing some
files by hand, then a final call to update with a possibly
empty image file will have the original saved files merged
into the rwfs.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
| |
We don't need to hold saved files for a future restore.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
| |
While both are the same directory via bind mount when shutdown
is executing from systemd use the full pathname to the script.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Complain if the update program is missing if flash update images
are present. This is similar to the message in root and will
inform a serial console reader why the update images are not
being applied.
The update script is copied from the initramfs to the run tmpfs
ram file system. It is built and packaged with the init and
shutdown script. It would have been removed, unpackaged, or
init changed for unknown reasons by root or the build system
for this to occur.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
The test command is documented as taking = and not == to test
two strings for equality. While both appear to work use the
documented comparison operator.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
The desired system call is not an ioctl but tcsetattr with
second parameter TCSADRAIN.
Reported-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention was to test the flag variable set when proc was
mounted earlier in the script, not the constant string containing
the name of the variable.
The unnecessary unmount is not noticeable when a normal shutdown
or reboot is being performed while executing after systemd, but
results in a less usable environment when invoked manually.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To see all the messages during shutdown call stty cooked.
A side effect of setting any mode is it will call ioctl(TIOC_DRAIN)
to drain the buffers first without regard to any change in the mode.
Shutdown and flash update now show the final ouptut and "Rebooting"
message before the reboot system call.
Before:
+ set +x
Remaining mounts:
tmpfs / tmpfs rw,nosuid,nodev,mode=755 0 0
dev /dev devtmpfs rw,relatime,size=126384k,nr_inodes=31596,mode=755 0 0
proc /proc proc rw,relatime 0 0
sys /s
U-Boot 2013.07 (Feb 23 2016 - 10:21:23)
After:
+ set +x
Remaining mounts:
tmpfs / tmpfs rw,nosuid,nodev,mode=755 0 0
dev /dev devtmpfs rw,relatime,size=126384k,nr_inodes=31596,mode=755 0 0
proc /proc proc rw,relatime 0 0
sys /sys sysfs rw,relatime 0 0
tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0
reboot: Restarting system
U-Boot 2013.07 (Feb 23 2016 - 10:21:23)
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add code to clear the rwfs (preserving files from the whitelist)
during init, by a command line option.
Also allow it to be triggered by the file system not being a jffs2.
A console user can download images to /run/initramfs/ at the
debug-init-sh prompt for manual update.
Also add code but do not enable detecting images loaded into
initramfs / for future update options. If enabled a custom initrd
with update images can be bulit (it would not fit in flash and
need to be netbooted).
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
We know there is no command and we plan to have this the default.
Suppress the message to avoid user questions and concerns.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Busybox's blkid is a little hamstrung, requiring some processing of the
output to emulate what can be achieved with a couple of options with
blkid from util-linux.
Similar to findmtd(), the code for probe_fs_type() and blkid_fs_type()
is duplicated between obmc-{init,update}.sh. Some consideration should
be given to splitting out common functionality into well-defined
sourcable scripts.
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
| |
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Enable the /var/lib/obmc/events in the whitelist
Move pointers up for event manager and object manager
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If one sets rodir=/run/image-rofs roopts=ro,loop and transfers
an image one can run from a base image in ram. However, the
shutdown will fail to unmount /run because it is busy and then
fails to unmount /cow which causes oldroot to be still mounted.
By moving the mount to the side everything cleans up (as long
as there are no other mounts under run, and systemd-shutdown
tried to do as much as possible).
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
The update script has replicated logic to do the final reboot, kexec,
halt, or poweroff command. Instead of transferring control via exec
just call it as a normal command, and return to shutdown for the
final mounted fs debug print and command.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Good practice is to run fsck to repair minor damage and make a
filesystem consistent before mounting it. We don't have space
in the initramfs to add fsck, but we can mount the read-only
reference partition first and run fsck from there.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Factor out sulogin and init takeover with a message. This is
mostly a refactor and message update. It also makes the repair
opportunity logic consistent in asking for a password during init
and looping over the chroot verification.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create variables for all mount parameters and paths related to
the read-only and read-write mounts, including fs type, full
device name, and options. Reorder mount arguments to always
place options last.
Also add variables for update save directory and real init.
This allows easy testing of a file systems by changing a few
parameters including making the rofs an image in ram.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Teach update to look for /run/initramfs/image- not /image-*.
When describing how to recover from a corrupted flash by grabbing
the images and running update from the init debug shell, it
became apparent that while at systemd shutdown /run/initramfs/
is mounted at /, it is not the case during init. Use the
variable image to hold this pathname.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
| |
In init, check the new init is an executable file with non-zero
size in addition to the shell being executable with its shared
libraries.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In shutdown, cd to / like init and update, but do not switch
paths to assume this. Instead switch a few more paths to be
absolute. This will clarify the expcted execution environment
and the location of files being tested. It also provides
consistency when calling /update and creating and testing
the /image- symlinks.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
| |
When creating the synlink for the u-boot-env image, don't
follow any symlinks.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fw_setenv is not working with the kernel mtd driver. It works
on a plain flat file, and flashcp which is used in /update works.
Find the u-boot-env mtd, link it in run and copy the contents to a
plain file in /run during init. In shutdown, check for the link,
the file having data, no current image update for the u-boot-env,
and that the content differs from the mtd via the link. If all
are true create a symlink to the file and trigger the update.
Along wtih changing the fw_env.config this causes the fw_setenv
and fw_printenv utilities to set and update this cached file which
will be synced during a normal bmc reboot. This will allow us to
set the ethaddr variable which already requires a reboot to activate.
Note: the links are directly in /run because the fw_{set,print}env
utilities limit the env file name to 16 characters.
Signed-off-by: Milton Miller <miltonmm@us.ibm.com>
|
|
This recipe holds the key scripts for an initramfs image.
Written in sh to run with busybox, these three scripts handle
mounting, unmounting, and updating a set of mtd partitions to
form a read-write overlay on a read-only compressed base.
The init script will mount the base sysfs, proc, and devtmpfs as
well as run. It copies the filesystem to run/initramfs to create
the shutdown and update environment. It then mounts a base
read-only and read-write file system and then an overlay of them
combined, then continues with chroot into the overlay and execute
the normal /sbin/init.
The shutdown script will unmount the remaining nodev and root
filesystems from oldroot where systemd-shutdown pivots the old
file system, then looks for image- files. If any are found it
invokes update otherwise it performs the final reboot, powerdown,
or kexec, or halt.
The update script will attempt to mount the read/write overlay
and preserve selected files and directories based on a whitelist.
It then unmounts that fs and writes all image files to their
named mtd partition using flashcp, mounts and restores the saved
files, and finally unmounts the fs and performs the final reboot,
shutdown, kexec, or halt.
Signed-off-by: Milton Miller <miltonm@us.ibm.com>
|