nanobsd: Avoid read-only file system warnings
ClosedPublic
Actions

Authored by jlduran on Nov 10 2024, 2:28 AM.

Details

Reviewers

imp
emaste

Commits

rGa641dd41fcaf: nanobsd: Avoid read-only file system warnings
rG6df2857eaa53: nanobsd: Avoid read-only file system warnings
rGe5579f98c02f: nanobsd: Avoid read-only file system warnings

Summary

The default setting of some loader or rc variables generate warnings
because the file system is read-only:

Set the following options to avoid printing these warnings:

/boot/defaults/loader.conf:

hostuuid_load="NO" to disable loading /etc/hostid early at boot time
entropy_cache_load="NO" to disable loading cached entropy at boot time

/etc/defaults/rc.conf:

kldxref_enable="NO" to disable building linker.hints files with kldxref(8)
entropy_boot_file="NO" to disable very early (used at early boot-time) entropy caching through reboots
~~entropy_file="NO" to disable late (used when going multi-user) entropy through reboots~~ (already configured)
entropy_dir="NO" to disable caching entropy via cron

PR: 277601

Test Plan

# dmesg -a | grep -i read-only

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jlduran created this revision.Nov 10 2024, 2:28 AM

Herald added a subscriber: imp. · View Herald TranscriptNov 10 2024, 2:28 AM

jlduran requested review of this revision.Nov 10 2024, 2:28 AM

Harbormaster completed remote builds in B60472: Diff 146225.Nov 10 2024, 2:28 AM

jlduran edited the test plan for this revision. (Show Details)Nov 10 2024, 2:29 AM

jlduran added reviewers: imp, emaste.

These additions were kept in /boot/defaults/loader.conf and /etc/defaults/rc.conf respectively, to follow the current style. However, my preferred option would have been /boot/loader.conf.d/nanobsd.conf and /etc/defaults/vendor.conf respectively. It avoids triggering warnings about mismatches in the checksums of these files when compared with the originals (by freebsd-update IDS or similar integrity-checking scripts).
The /etc/hostid is created by /etc/rc.d/hostid start, and could be written to the disk manually with save_cfg.
The entropy files (/entropy and /var/db/entropy) can be saved to the disk by remounting the root partition with read/write access (mount -uw /). This can be useful on systems where the number of disk writes is not a problem.
The linker.hints file should be generated by the nanobsd.sh script IMO, given the immutable nature of a NanoBSD build. It currently fails to create a temporary file because none of the kern.module_paths are writable.
A separate patch could be proposed to address the last two issues, essentially by wrapping the scripts with:

checkyesno root_rw_mount || mount -uw /
...
checkyesno root_rw_mount || mount -ur /

For both, random and kldxref scripts, as is currently done in /etc/rc to remove the firstboot_sentinel files. Adding a trap to remount read-only the root file system would be ideal, however adding traps to the rc.d system sounds risky.
A popular NanoBSD-based appliance (BSDRP) has another approach:
https://github.com/ocochard/BSDRP/blob/master/BSDRP/patches/freebsd.random.patch
A well-known entropy file is shipped with the original image, and replaced once with a random string upon the first reboot. The contents of the file will not change afterwards.

Move NanoBSD rc.conf options before the sourcing of /etc/defaults/vendor.conf, otherwise vendor options will not be able to override NanoBSD's.

I like your preferred style better. It didn't exist when nanobsd was created and is a better fit for changing the defaults.

I'd recommend landing this as is and then culling all the others out into two nanobsd.conf files in the .d dirs as appropriate.

imp accepted this revision.Nov 11 2024, 4:21 AM

This revision is now accepted and ready to land.Nov 11 2024, 4:21 AM

In D47502#1083595, @imp wrote:

I like your preferred style better. It didn't exist when nanobsd was created and is a better fit for changing the defaults.
I'd recommend landing this as is and then culling all the others out into two nanobsd.conf files in the .d dirs as appropriate.

Thank you! Will do.
As usual, I leave the review for a little while to see if something comes up: I think I'll switch from ed to awk, just because I can make awk fail if the "anchor" pattern is not found. I want it to fail, otherwise, root_rw_mount will silently not get set.

Add kern.random.initial_seeding.disable_bypass_warnings="1", to avoid another warning, per random(4)
Fail if the regexp pattern in the rc.conf file is not found; if it fails silently, the image will ship without root_rw_mount="NO", which is bad

This revision now requires review to proceed.Nov 11 2024, 10:23 PM

imp accepted this revision.Nov 11 2024, 10:40 PM

This revision is now accepted and ready to land.Nov 11 2024, 10:40 PM