cOS bump (rancher#130)

⬆️ Bump cOS Signed-off-by: GitHub <[email protected]> Co-authored-by: mudler <[email protected]>
fgiudici · May 28, 2022 · e55d201 · e55d201
1 parent 3b06726
commit e55d201
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 7 deletions.
diff --git a/framework/cos/etc/cos/bootargs.cfg b/framework/cos/etc/cos/bootargs.cfg
@@ -2,7 +2,7 @@ set kernel=/boot/vmlinuz
 if [ -n "$recoverylabel" ]; then
     set kernelcmd="console=tty1 console=ttyS0 root=live:LABEL=$recoverylabel rd.live.dir=/ rd.live.squashimg=$img panic=5 rd.neednet=1 rd.cos.oemlabel=COS_OEM"
 else
-    set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label cos-img/filename=$img panic=5 security=selinux selinux=1 rd.neednet=1 rd.cos.oemlabel=COS_OEM"
+    set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label cos-img/filename=$img panic=5 security=selinux selinux=1 rd.neednet=1 rd.cos.oemlabel=COS_OEM fsck.mode=force fsck.repair=yes"
 fi
 
 set initramfs=/boot/initrd
diff --git a/framework/cos/etc/cos/config b/framework/cos/etc/cos/config
@@ -27,7 +27,7 @@
 
 # This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
 # check the artifact signatures
-#COSIGN_REPOSITORY="raccos/releases-green"
+#COSIGN_REPOSITORY="raccos/releases-teal"
 
 # This sets keyless verify on building packages with luet and the luet-cosign plugin.
 # 1  = enabled keyless, 0 = disabled, uses normal public key verification

diff --git a/framework/cos/system/oem/09_services.yaml b/framework/cos/system/oem/09_services.yaml
@@ -0,0 +1,8 @@
+name: "Default config"
+stages:
+   initramfs:
+     - name: "Default systemd config"
+       if: '[ -e "/sbin/systemctl" ] || [ -e "/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
+       systemctl:
+        enable:
+        - systemd-timesyncd
diff --git a/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/cos-loop-img.sh b/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/cos-loop-img.sh
@@ -9,16 +9,38 @@ function doLoopMount {
         label=$(basename "${dev}")
         [ -e "/tmp/cosloop-${label}" ] && continue
         > "/tmp/cosloop-${label}" 
+
         mount -t auto -o "${cos_root_perm}" "/dev/disk/by-label/${label}" "${cos_state}" || continue
         if [ -f "${cos_state}/${cos_img}" ]; then
-            losetup -f "${cos_state}/${cos_img}"
+
+            # FSCHECK if cos_root_perm == "ro" on both
+            if [ "$cos_root_perm" == "ro" ]; then
+               systemd-fsck "/dev/disk/by-label/${label}"
+            fi
+
+            dev=$(losetup --show -f "${cos_state}/${cos_img}")
+
+            # FSCHECK if cos_root_perm == "ro"
+            if [ "$cos_root_perm" == "ro" ]; then
+               systemd-fsck "$dev"
+            fi
+
             exit 0
         else
             umount "${cos_state}"
         fi
     done
 }
 
+function dofsCheck {
+    # Iterate over current partitions
+    # As fs corruption could lead to partitions with no label, we scan here for all partitions found and we run systemd-fsck
+    for dev in /dev/disk/by-partuuid/*; do
+        partuuid=$(basename "${dev}")
+        systemd-fsck "/dev/disk/by-partuuid/${partuuid}"
+    done
+}
+
 type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
 PATH=/usr/sbin:/usr/bin:/sbin:/bin
@@ -37,6 +59,7 @@ ismounted "${cos_state}" && exit 0
 
 mkdir -p "${cos_state}"
 
+dofsCheck
 doLoopMount
 
 rm -r "${cos_state}"

diff --git a/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/cos-mount-layout.sh b/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/cos-mount-layout.sh
@@ -248,6 +248,8 @@ for mount in "${mountpoints[@]}"; do
             fstab+=$(mountOverlay "${mount%%:*}")
         fi
     else
+        # FSCK
+        systemd-fsck "${mount}"
         fstab+=$(mountPersistent "${mount}")
     fi
 done

diff --git a/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/module-setup.sh b/framework/cos/usr/lib/dracut/modules.d/30cos-immutable-rootfs/module-setup.sh
@@ -2,12 +2,13 @@
 
 # called by dracut
 check() {
+    require_binaries "$systemdutildir"/systemd || return 1
     return 255
 }
 
-# called by dracut
+# called by dracut 
 depends() {
-    echo rootfs-block dm
+    echo systemd rootfs-block dm fs-lib
     return 0
 }
 
@@ -29,7 +30,7 @@ install() {
     # Include utilities required for cos-setup services,
     # probably a devoted cos-setup dracut module makes sense
     inst_multiple -o \
-        partprobe sync udevadm lsblk sgdisk parted mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.vfat mkfs.fat mkfs.xfs blkid e2fsck resize2fs mount xfs_growfs umount
+        "$systemdutildir"/systemd-fsck partprobe sync udevadm lsblk sgdisk parted mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.vfat mkfs.fat mkfs.xfs blkid e2fsck resize2fs mount xfs_growfs umount
     inst_hook cmdline 30 "${moddir}/parse-cos-cmdline.sh"
     inst_script "${moddir}/cos-generator.sh" \
         "${systemdutildir}/system-generators/dracut-cos-generator"
@@ -40,5 +41,7 @@ install() {
     mkdir -p "${initdir}/${systemdsystemunitdir}/initrd-fs.target.requires"
     ln_r "../cos-immutable-rootfs.service" \
         "${systemdsystemunitdir}/initrd-fs.target.requires/cos-immutable-rootfs.service"
+    ln_r "$systemdutildir"/systemd-fsck \
+        "/sbin/systemd-fsck"
     dracut_need_initqueue
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -248,6 +248,8 @@ for mount in "${mountpoints[@]}"; do @@
                 fstab+=$(mountOverlay "${mount%%:*}")
             fi
         else
+            # FSCK
+            systemd-fsck "${mount}"
             fstab+=$(mountPersistent "${mount}")
         fi
     done
@@ Expand Down @@