2016-03-08 13:42:20 -06:00
|
|
|
#!/bin/sh -e
|
2017-09-06 22:07:32 -05:00
|
|
|
|
|
|
|
PREREQS="varlog"
|
|
|
|
|
|
|
|
prereqs() { echo "$PREREQS"; }
|
|
|
|
|
2016-03-08 13:42:20 -06:00
|
|
|
case $1 in
|
|
|
|
prereqs)
|
2017-09-06 22:07:32 -05:00
|
|
|
prereqs
|
2016-03-08 13:42:20 -06:00
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
esac
|
2016-07-26 14:01:58 -05:00
|
|
|
|
2019-04-15 00:46:26 -05:00
|
|
|
set_tmpfs_log_partition_size()
|
|
|
|
{
|
|
|
|
varlogsize=128
|
|
|
|
|
|
|
|
# NOTE: certain platforms, when reaching initramfs stage, have a small
|
|
|
|
# limit of mounting tmpfs partition, potentially due to amount
|
2019-07-02 13:52:43 -05:00
|
|
|
# of RAM available in this stage. e.g. Arista 7050-qx32[s] and 7060-cx32s
|
2019-04-15 00:46:26 -05:00
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7050_qx32" ] && return
|
2019-07-02 13:52:43 -05:00
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7050_qx32s" ] && return
|
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7060_cx32s" ] && return
|
2020-03-27 19:28:27 -05:00
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7060cx2_32s" ] && return
|
2019-04-15 00:46:26 -05:00
|
|
|
|
|
|
|
# set varlogsize to existing var-log.ext4 size
|
|
|
|
if [ -f ${rootmnt}/host/disk-img/var-log.ext4 ]; then
|
|
|
|
varlogsize=$(ls -l ${rootmnt}/host/disk-img/var-log.ext4 | awk '{print $5}')
|
|
|
|
varlogsize=$(($varlogsize/1024/1024))
|
|
|
|
fi
|
|
|
|
|
|
|
|
# make sure varlogsize is between 5% to 10% of total memory size
|
|
|
|
memkb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
|
|
|
memmb=$(($memkb/1024))
|
|
|
|
minsize=$(($memmb*5/100))
|
|
|
|
maxsize=$(($memmb*10/100))
|
|
|
|
|
|
|
|
[ $minsize -ge $varlogsize ] && varlogsize=$minsize
|
|
|
|
[ $maxsize -le $varlogsize ] && varlogsize=$maxsize
|
|
|
|
}
|
|
|
|
|
2020-06-13 02:10:13 -05:00
|
|
|
remove_not_in_allowlist_files()
|
|
|
|
{
|
|
|
|
image_dir=$1
|
|
|
|
allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
|
|
|
|
|
|
|
|
# Return if the secure_boot_enable option is not set
|
|
|
|
if ! (cat /proc/cmdline | grep -i -q "secure_boot_enable=[y1]"); then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Return if the allowlist file does not exist
|
|
|
|
if ! test -f "${allowlist_file}"; then
|
|
|
|
echo "The file ${allowlist_file} is missing, failed to mount rw folder." 1>&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
rw_dir=${rootmnt}/host/$image_dir/rw
|
|
|
|
|
|
|
|
# Set the grep pattern file, remove the blank line in config file
|
|
|
|
allowlist_pattern_file=${rootmnt}/host/$image_dir/allowlist_paths.pattern
|
|
|
|
awk -v rw_dir="$rw_dir" 'NF {print rw_dir"/"$0"$"}' ${allowlist_file} > $allowlist_pattern_file
|
|
|
|
|
|
|
|
# Find the files in the rw folder, and remove the files not in the allowlist
|
|
|
|
find ${rw_dir} -type f | grep -v -f $allowlist_pattern_file | xargs /bin/rm -f
|
|
|
|
rm -f $allowlist_pattern_file
|
|
|
|
}
|
|
|
|
|
2017-09-02 17:32:31 -05:00
|
|
|
## Mount the overlay file system: rw layer over squashfs
|
2017-04-21 19:23:36 -05:00
|
|
|
image_dir=$(cat /proc/cmdline | sed -e 's/.*loop=\(\S*\)\/.*/\1/')
|
|
|
|
mkdir -p ${rootmnt}/host/$image_dir/rw
|
2017-09-02 17:32:31 -05:00
|
|
|
mkdir -p ${rootmnt}/host/$image_dir/work
|
2020-06-13 02:10:13 -05:00
|
|
|
## Remove the files not in allowlist in the rw folder
|
|
|
|
remove_not_in_allowlist_files "$image_dir"
|
|
|
|
## Remove the executable permission for all the files in rw folder except home folder
|
|
|
|
rw_dir=${rootmnt}/host/$image_dir/rw
|
|
|
|
find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
|
|
|
|
|
2017-09-02 17:32:31 -05:00
|
|
|
mount -n -o lowerdir=${rootmnt},upperdir=${rootmnt}/host/$image_dir/rw,workdir=${rootmnt}/host/$image_dir/work -t overlay root-overlay ${rootmnt}
|
2017-02-16 01:18:02 -06:00
|
|
|
## Check if the root block device is still there
|
|
|
|
[ -b ${ROOT} ] || mdev -s
|
2020-01-15 10:25:01 -06:00
|
|
|
case "${ROOT}" in
|
|
|
|
ubi*)
|
|
|
|
mtd=$(cat /proc/cmdline | sed -e 's/.*ubi.mtd=\([0-9]\) .*/\1/')
|
|
|
|
if [ ! -f /dev/${ROOT}_0 ]; then
|
|
|
|
ubiattach /dev/ubi_ctrl -m $mtd || true
|
|
|
|
fi
|
|
|
|
mount -t ubifs /dev/${ROOT}_0 ${rootmnt}/host
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
## Mount the raw partition again
|
|
|
|
mount ${ROOT} ${rootmnt}/host
|
|
|
|
;;
|
|
|
|
esac
|
2019-08-07 01:04:00 -05:00
|
|
|
|
2016-07-26 14:01:58 -05:00
|
|
|
mkdir -p ${rootmnt}/var/lib/docker
|
2019-08-07 01:04:00 -05:00
|
|
|
if [ -f ${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }} ]; then
|
|
|
|
## mount tmpfs and extract docker into it
|
|
|
|
mount -t tmpfs -o rw,nodev,size={{ DOCKER_RAMFS_SIZE }} tmpfs ${rootmnt}/var/lib/docker
|
|
|
|
tar xz --numeric-owner -f ${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }} -C ${rootmnt}/var/lib/docker
|
|
|
|
else
|
|
|
|
## Mount the working directory of docker engine in the raw partition, bypass the overlay
|
|
|
|
mount --bind ${rootmnt}/host/$image_dir/{{ DOCKERFS_DIR }} ${rootmnt}/var/lib/docker
|
|
|
|
fi
|
|
|
|
|
2017-09-02 17:32:31 -05:00
|
|
|
## Mount the boot directory in the raw partition, bypass the overlay
|
2016-07-26 14:01:58 -05:00
|
|
|
mkdir -p ${rootmnt}/boot
|
2017-04-21 19:23:36 -05:00
|
|
|
mount --bind ${rootmnt}/host/$image_dir/boot ${rootmnt}/boot
|
2019-04-15 00:46:26 -05:00
|
|
|
## Mount loop device or tmpfs for /var/log
|
|
|
|
onie_platform=""
|
|
|
|
aboot_platform=""
|
|
|
|
. ${rootmnt}/host/machine.conf
|
|
|
|
if [ X"$aboot_platform" = X"x86_64-arista_7050_qx32" ] ||
|
2019-07-02 13:52:43 -05:00
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7050_qx32s" ] ||
|
|
|
|
[ X"$aboot_platform" = X"x86_64-arista_7060_cx32s" ]
|
2019-04-15 00:46:26 -05:00
|
|
|
then
|
|
|
|
set_tmpfs_log_partition_size
|
|
|
|
mount -t tmpfs -o rw,nosuid,nodev,size=${varlogsize}M tmpfs ${rootmnt}/var/log
|
|
|
|
[ -f ${rootmnt}/host/disk-img/var-log.ext4 ] && rm -rf ${rootmnt}/host/disk-img/var-log.ext4
|
|
|
|
else
|
2020-04-30 02:33:20 -05:00
|
|
|
[ -f ${rootmnt}/host/disk-img/var-log.ext4 ] && fsck.ext4 -v -p ${rootmnt}/host/disk-img/var-log.ext4 2>&1 \
|
|
|
|
| gzip -c >> /tmp/fsck.log.gz
|
2019-04-15 00:46:26 -05:00
|
|
|
[ -f ${rootmnt}/host/disk-img/var-log.ext4 ] && mount -t ext4 -o loop,rw ${rootmnt}/host/disk-img/var-log.ext4 ${rootmnt}/var/log
|
|
|
|
fi
|
2020-04-30 02:33:20 -05:00
|
|
|
|
|
|
|
## fscklog file: /tmp will be lost when overlayfs is mounted
|
|
|
|
if [ -f /tmp/fsck.log.gz ]; then
|
|
|
|
mv /tmp/fsck.log.gz ${rootmnt}/var/log
|
|
|
|
fi
|