4 files changed, 139 insertions, 0 deletions

diff --git a/meta/recipes-core/volatile-binds/files/COPYING.MIT b/meta/recipes-core/volatile-binds/files/COPYING.MIT
new file mode 100644
index 0000000000..7e7d57413d
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/COPYING.MIT
@@ -0,0 +1,17 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
new file mode 100755
index 0000000000..2aeaf84ddb
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# Perform a bind mount, copying existing files as we do so to ensure the
+# overlaid path has the necessary content.
+
+if [ $# -lt 2 ]; then
+    echo >&2 "Usage: $0 spec mountpoint [OPTIONS]"
+    exit 1
+fi
+
+spec=$1
+mountpoint=$2
+
+if [ $# -gt 2 ]; then
+    options=$3
+else
+    options=
+fi
+
+[ -n "$options" ] && options=",$options"
+
+mkdir -p "${spec%/*}"
+if [ -d "$mountpoint" ]; then
+    if [ ! -d "$spec" ]; then
+        mkdir "$spec"
+        cp -pPR "$mountpoint"/. "$spec/"
+    fi
+elif [ -f "$mountpoint" ]; then
+    if [ ! -f "$spec" ]; then
+        cp -pP "$mountpoint" "$spec"
+    fi
+fi
+
+mount -o "bind$options" "$spec" "$mountpoint"
diff --git a/meta/recipes-core/volatile-binds/files/volatile-binds.service.in b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
new file mode 100644
index 0000000000..32be5b4425
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/files/volatile-binds.service.in
@@ -0,0 +1,19 @@
+[Unit]
+Description=Bind mount volatile @where@
+DefaultDependencies=false
+Before=local-fs.target
+RequiresMountsFor=@whatparent@ @whereparent@
+ConditionPathIsReadWrite=@whatparent@
+ConditionPathExists=@where@
+ConditionPathIsReadWrite=!@where@
+
+[Service]
+Type=oneshot
+RemainAfterExit=Yes
+StandardOutput=syslog
+TimeoutSec=0
+ExecStart=/sbin/mount-copybind @what@ @where@
+ExecStop=/sbin/umount @where@
+
+[Install]
+WantedBy=local-fs.target
diff --git a/meta/recipes-core/volatile-binds/volatile-binds.bb b/meta/recipes-core/volatile-binds/volatile-binds.bb
new file mode 100644
index 0000000000..4080ff7ef2
--- /dev/null
+++ b/meta/recipes-core/volatile-binds/volatile-binds.bb
@@ -0,0 +1,69 @@
+SUMMARY = "Volatile bind mount setup and configuration for read-only-rootfs"
+DESCRIPTION = "${SUMMARY}"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://../COPYING.MIT;md5=5750f3aa4ea2b00c2bf21b2b2a7b714d"
+
+SRC_URI = "\
+    file://mount-copybind \
+    file://COPYING.MIT \
+    file://volatile-binds.service.in \
+"
+
+inherit allarch systemd distro_features_check
+
+REQUIRED_DISTRO_FEATURES = "systemd"
+
+VOLATILE_BINDS ?= "\
+    /var/volatile/lib /var/lib\n\
+"
+VOLATILE_BINDS[type] = "list"
+VOLATILE_BINDS[separator] = "\n"
+
+def volatile_systemd_services(d):
+    services = []
+    for line in oe.data.typed_value("VOLATILE_BINDS", d):
+        if not line:
+            continue
+        what, where = line.split(None, 1)
+        services.append("%s.service" % what[1:].replace("/", "-"))
+    return " ".join(services)
+
+SYSTEMD_SERVICE_volatile-binds = "${@volatile_systemd_services(d)}"
+
+FILES_${PN} += "${systemd_unitdir}/system/*.service"
+
+do_compile () {
+    while read spec mountpoint; do
+        if [ -z "$spec" ]; then
+            continue
+        fi
+
+        servicefile="${spec#/}"
+        servicefile="$(echo "$servicefile" | tr / -).service"
+        sed -e "s#@what@#$spec#g; s#@where@#$mountpoint#g" \
+            -e "s#@whatparent@#${spec%/*}#g; s#@whereparent@#${mountpoint%/*}#g" \
+            volatile-binds.service.in >$servicefile
+    done <<END
+${@d.getVar('VOLATILE_BINDS', True).replace("\\n", "\n")}
+END
+
+    if [ -e var-volatile-lib.service ]; then
+        # As the seed is stored under /var/lib, ensure that this service runs
+        # after the volatile /var/lib is mounted.
+        sed -i -e "/^Before=/s/\$/ systemd-random-seed.service/" \
+               -e "/^WantedBy=/s/\$/ systemd-random-seed.service/" \
+               var-volatile-lib.service
+    fi
+}
+do_compile[dirs] = "${WORKDIR}"
+
+do_install () {
+    install -d ${D}${base_sbindir}
+    install -m 0755 mount-copybind ${D}${base_sbindir}/
+
+    install -d ${D}${systemd_unitdir}/system
+    for service in ${SYSTEMD_SERVICE_volatile-binds}; do
+        install -m 0644 $service ${D}${systemd_unitdir}/system/
+    done
+}
+do_install[dirs] = "${WORKDIR}"