Use /run/ostree-booted metadata for sysroot-ro state passing

Just like we did with composefs, use the new metadata instead of a "stamp file".
ostreedev · Jul 13, 2023 · 0eda15c · 0eda15c
1 parent b8d6696
commit 0eda15c
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/src/libotcore/otcore.h b/src/libotcore/otcore.h
@@ -54,3 +54,5 @@ gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes
 // This key if present contains the public key successfully used
 // to verify the signature.
 #define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed"
+// This key will be present if the sysroot-ro flag was found
+#define OTCORE_RUN_BOOTED_KEY_SYSROOT_RO "sysroot-ro"
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
@@ -441,12 +441,10 @@ main (int argc, char *argv[])
       if (!sysroot_currently_writable)
         errx (EXIT_FAILURE, "sysroot.readonly=true requires %s to be writable at this point",
               root_arg);
-      /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
-      int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);
-      if (fd < 0)
-        err (EXIT_FAILURE, "failed to create %s", _OSTREE_SYSROOT_READONLY_STAMP);
-      (void)close (fd);
     }
+  /* Pass on the state for use by ostree-prepare-root */
+  g_variant_builder_add (&metadata_builder, "{sv}", OTCORE_RUN_BOOTED_KEY_SYSROOT_RO,
+                         g_variant_new_boolean (sysroot_readonly));
 
   /* Prepare /boot.
    * If /boot is on the same partition, use a bind mount to make it visible

diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
@@ -134,7 +134,9 @@ main (int argc, char *argv[])
   /* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in)
    * then ensure it's readonly, otherwise mount writable, the same as /
    */
-  bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0;
+  gboolean sysroot_configured_readonly = FALSE;
+  g_variant_dict_lookup (ostree_run_metadata, OTCORE_RUN_BOOTED_KEY_SYSROOT_RO, "b",
+                         &sysroot_configured_readonly);
   do_remount ("/sysroot", !sysroot_configured_readonly);
 
   /* And also make sure to make /etc rw again. We make this conditional on