// This key if present contains the public key successfully used
// to verify the signature.
#define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed"
+// This key will be present if the sysroot-ro flag was found
+#define OTCORE_RUN_BOOTED_KEY_SYSROOT_RO "sysroot-ro"
if (!sysroot_currently_writable)
errx (EXIT_FAILURE, "sysroot.readonly=true requires %s to be writable at this point",
root_arg);
- /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
- int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);
- if (fd < 0)
- err (EXIT_FAILURE, "failed to create %s", _OSTREE_SYSROOT_READONLY_STAMP);
- (void)close (fd);
}
+ /* Pass on the state for use by ostree-prepare-root */
+ g_variant_builder_add (&metadata_builder, "{sv}", OTCORE_RUN_BOOTED_KEY_SYSROOT_RO,
+ g_variant_new_boolean (sysroot_readonly));
/* Prepare /boot.
* If /boot is on the same partition, use a bind mount to make it visible
/* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in)
* then ensure it's readonly, otherwise mount writable, the same as /
*/
- bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0;
+ gboolean sysroot_configured_readonly = FALSE;
+ g_variant_dict_lookup (ostree_run_metadata, OTCORE_RUN_BOOTED_KEY_SYSROOT_RO, "b",
+ &sysroot_configured_readonly);
do_remount ("/sysroot", !sysroot_configured_readonly);
/* And also make sure to make /etc rw again. We make this conditional on
projects / ostree.git / commitdiff