Page MenuHomeFreeBSD
Differential D47502

nanobsd: Avoid read-only file system warnings
AcceptedPublic
Actions

Authored by jlduran on Sun, Nov 10, 2:28 AM.
Tags
None
Referenced Files
F102610562: D47502.id.diff
Thu, Nov 14, 6:40 PM
Unknown Object (File)
Thu, Nov 14, 12:21 PM
Unknown Object (File)
Wed, Nov 13, 12:15 PM
Unknown Object (File)
Wed, Nov 13, 12:04 AM
Unknown Object (File)
Tue, Nov 12, 9:34 AM
Unknown Object (File)
Mon, Nov 11, 11:12 PM
Unknown Object (File)
Mon, Nov 11, 10:06 PM
Unknown Object (File)
Mon, Nov 11, 10:18 AM
View All 15 Files
Subscribers
imp

Details

Reviewers
imp
emaste
Summary

The default setting of some loader or rc variables generate warnings
because the file system is read-only:

Set the following options to avoid printing these warnings:

/boot/defaults/loader.conf:

  • hostuuid_load="NO" to disable loading /etc/hostid early at boot time
  • entropy_cache_load="NO" to disable loading cached entropy at boot time

/etc/defaults/rc.conf:

  • kldxref_enable="NO" to disable building linker.hints files with kldxref(8)
  • entropy_boot_file="NO" to disable very early (used at early boot-time) entropy caching through reboots
  • entropy_file="NO" to disable late (used when going multi-user) entropy through reboots (already configured)
  • entropy_dir="NO" to disable caching entropy via cron

PR: 277601

Test Plan
# dmesg -a | grep -i read-only

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

jlduran created this revision.Sun, Nov 10, 2:28 AM
Herald added a subscriber: imp. · View Herald TranscriptSun, Nov 10, 2:28 AM
jlduran requested review of this revision.Sun, Nov 10, 2:28 AM
Harbormaster completed remote builds in B60472: Diff 146225.Sun, Nov 10, 2:28 AM
jlduran edited the test plan for this revision. (Show Details)Sun, Nov 10, 2:29 AM
jlduran added reviewers: imp, emaste.
jlduran added a comment.Sun, Nov 10, 2:35 AM

These additions were kept in /boot/defaults/loader.conf and /etc/defaults/rc.conf respectively, to follow the current style. However, my preferred option would have been /boot/loader.conf.d/nanobsd.conf and /etc/defaults/vendor.conf respectively. It avoids triggering warnings about mismatches in the checksums of these files when compared with the originals (by freebsd-update IDS or similar integrity-checking scripts).
The /etc/hostid is created by /etc/rc.d/hostid start, and could be written to the disk manually with save_cfg.
The entropy files (/entropy and /var/db/entropy) can be saved to the disk by remounting the root partition with read/write access (mount -uw /). This can be useful on systems where the number of disk writes is not a problem.
The linker.hints file should be generated by the nanobsd.sh script IMO, given the immutable nature of a NanoBSD build. It currently fails to create a temporary file because none of the kern.module_paths are writable.
A separate patch could be proposed to address the last two issues, essentially by wrapping the scripts with:

checkyesno root_rw_mount || mount -uw /
...
checkyesno root_rw_mount || mount -ur /

For both, random and kldxref scripts, as is currently done in /etc/rc to remove the firstboot_sentinel files. Adding a trap to remount read-only the root file system would be ideal, however adding traps to the rc.d system sounds risky.
A popular NanoBSD-based appliance (BSDRP) has another approach:
https://github.com/ocochard/BSDRP/blob/master/BSDRP/patches/freebsd.random.patch
A well-known entropy file is shipped with the original image, and replaced once with a random string upon the first reboot. The contents of the file will not change afterwards.

jlduran updated this revision to Diff 146262.Mon, Nov 11, 4:00 AM
jlduran edited the summary of this revision. (Show Details)
  • Move NanoBSD rc.conf options before the sourcing of /etc/defaults/vendor.conf, otherwise vendor options will not be able to override NanoBSD's.
imp added a comment.Mon, Nov 11, 4:20 AM

I like your preferred style better. It didn't exist when nanobsd was created and is a better fit for changing the defaults.

I'd recommend landing this as is and then culling all the others out into two nanobsd.conf files in the .d dirs as appropriate.

imp accepted this revision.Mon, Nov 11, 4:21 AM
This revision is now accepted and ready to land.Mon, Nov 11, 4:21 AM
jlduran added a comment.Mon, Nov 11, 5:14 AM
In D47502#1083595, @imp wrote:

I like your preferred style better. It didn't exist when nanobsd was created and is a better fit for changing the defaults.
I'd recommend landing this as is and then culling all the others out into two nanobsd.conf files in the .d dirs as appropriate.

Thank you! Will do.
As usual, I leave the review for a little while to see if something comes up: I think I'll switch from ed to awk, just because I can make awk fail if the "anchor" pattern is not found. I want it to fail, otherwise, root_rw_mount will silently not get set.

jlduran updated this revision to Diff 146293.Mon, Nov 11, 10:23 PM
  • Add kern.random.initial_seeding.disable_bypass_warnings="1", to avoid another warning, per random(4)
  • Fail if the regexp pattern in the rc.conf file is not found; if it fails silently, the image will ship without root_rw_mount="NO", which is bad
This revision now requires review to proceed.Mon, Nov 11, 10:23 PM
imp accepted this revision.Mon, Nov 11, 10:40 PM
This revision is now accepted and ready to land.Mon, Nov 11, 10:40 PM
emaste added a comment.Mon, Nov 11, 11:06 PM

Mentor approved for commit (@imp's review is sufficient for me).

Revision Contents
Changeset List

PathSize
tools/
tools/
nanobsd/
41 lines

Diff 146293

View Options

tools/tools/nanobsd/defaults.sh

Loading...