From 0eda15ceff5e75a6f0614219a45a537d69fccbe1 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 13 Jul 2023 07:56:29 -0400
Subject: [PATCH] Use /run/ostree-booted metadata for sysroot-ro state passing

Just like we did with composefs, use the new metadata instead
of a "stamp file".
---
 src/libotcore/otcore.h               | 2 ++
 src/switchroot/ostree-prepare-root.c | 8 +++-----
 src/switchroot/ostree-remount.c      | 4 +++-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/libotcore/otcore.h b/src/libotcore/otcore.h
index 7bb6364b..1b2973e5 100644
--- a/src/libotcore/otcore.h
+++ b/src/libotcore/otcore.h
@@ -54,3 +54,5 @@ gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes
 // This key if present contains the public key successfully used
 // to verify the signature.
 #define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed"
+// This key will be present if the sysroot-ro flag was found
+#define OTCORE_RUN_BOOTED_KEY_SYSROOT_RO "sysroot-ro"
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index bbb20716..69ebd237 100644
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -441,12 +441,10 @@ main (int argc, char *argv[])
       if (!sysroot_currently_writable)
         errx (EXIT_FAILURE, "sysroot.readonly=true requires %s to be writable at this point",
               root_arg);
-      /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
-      int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);
-      if (fd < 0)
-        err (EXIT_FAILURE, "failed to create %s", _OSTREE_SYSROOT_READONLY_STAMP);
-      (void)close (fd);
     }
+  /* Pass on the state for use by ostree-prepare-root */
+  g_variant_builder_add (&metadata_builder, "{sv}", OTCORE_RUN_BOOTED_KEY_SYSROOT_RO,
+                         g_variant_new_boolean (sysroot_readonly));
 
   /* Prepare /boot.
    * If /boot is on the same partition, use a bind mount to make it visible
diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
index 38af0889..d8b01f68 100644
--- a/src/switchroot/ostree-remount.c
+++ b/src/switchroot/ostree-remount.c
@@ -134,7 +134,9 @@ main (int argc, char *argv[])
   /* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in)
    * then ensure it's readonly, otherwise mount writable, the same as /
    */
-  bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0;
+  gboolean sysroot_configured_readonly = FALSE;
+  g_variant_dict_lookup (ostree_run_metadata, OTCORE_RUN_BOOTED_KEY_SYSROOT_RO, "b",
+                         &sysroot_configured_readonly);
   do_remount ("/sysroot", !sysroot_configured_readonly);
 
   /* And also make sure to make /etc rw again. We make this conditional on
-- 
2.30.2