diff options
author | Claudius Heine <ch@denx.de> | 2016-11-23 09:45:27 +0100 |
---|---|---|
committer | Claudius Heine <ch@denx.de> | 2016-11-23 09:45:27 +0100 |
commit | 139fd5320d48998e2c06141dd6105a6cd2eaea0e (patch) | |
tree | 253503d7a8342b5baa133adc62638f7922f306e9 | |
parent | 4140a324c3b505f309f01f67a83285ddec1f62e4 (diff) | |
download | meta-readonly-rootfs-overlay-139fd5320d48998e2c06141dd6105a6cd2eaea0e.tar.gz |
fixed README.md
-rw-r--r-- | README.md | 48 |
1 files changed, 30 insertions, 18 deletions
@@ -1,15 +1,15 @@ | |||
1 | # meta-readonly-rootfs-overlay | 1 | # meta-readonly-rootfs-overlay |
2 | 2 | ||
3 | This yocto layer provides the necessary scripts and configurations to setup a | 3 | This yocto layer provides the necessary scripts and configurations to setup a |
4 | writable root file system overlay on top of a read-only root filesystem. | 4 | writable root file system overlay on top of a read-only root file system. |
5 | 5 | ||
6 | ## Why does this exists? | 6 | ## Why does this exists? |
7 | 7 | ||
8 | Having a read-only root file system is useful for many scenarios: | 8 | Having a read-only root file system is useful for many scenarios: |
9 | 9 | ||
10 | - Have a unmodifiable factory root file system | 10 | - Separate user specific changes from system configuration, and being able to |
11 | - Seperate user specific changes from system configuration | 11 | find differences |
12 | - Allow factory reset, by deleting the user specfic changes | 12 | - Allow factory reset, by deleting the user specific changes |
13 | - Have a fallback image in case the user specific changes made the root file | 13 | - Have a fallback image in case the user specific changes made the root file |
14 | system no longer bootable. | 14 | system no longer bootable. |
15 | 15 | ||
@@ -25,12 +25,15 @@ changed data to another writable partition. | |||
25 | 25 | ||
26 | To implement the first solution, the developer needs to analyse which file | 26 | To implement the first solution, the developer needs to analyse which file |
27 | needs to change and then create symlinks for them. When doing factory reset, | 27 | needs to change and then create symlinks for them. When doing factory reset, |
28 | the developer "empties" every file that is linked, to avoid dangling | 28 | the developer needs to overwrite every file that is linked with the factory |
29 | symlinks/binds. While this is more work on the developer side, it might | 29 | configuration, to avoid dangling symlinks/binds. While this is more work on the |
30 | increase the security, because only files that are symlinked/bind-mounted can | 30 | developer side, it might increase the security, because only files that are |
31 | be changed. | 31 | symlinked/bind-mounted can be changed. However, IMO that is better left to file |
32 | permissions. | ||
32 | 33 | ||
33 | This meta-layer provides the second solution. | 34 | This meta-layer provides the second solution. Here no investigation of writable |
35 | files are needed and factory reset can be done by just deleting all files or | ||
36 | formatting the writable volume. | ||
34 | 37 | ||
35 | # Dependencies | 38 | # Dependencies |
36 | 39 | ||
@@ -79,6 +82,15 @@ other layers needed. e.g.: | |||
79 | " | 82 | " |
80 | ``` | 83 | ``` |
81 | 84 | ||
85 | To add the script to your image, just add: | ||
86 | |||
87 | ``` | ||
88 | IMAGE_INSTALL_append = " initscripts-readonly-rootfs-overlay" | ||
89 | ``` | ||
90 | |||
91 | to your `local.conf` or image recipe. Or use | ||
92 | `core-image-rorootfs-overlay-initramfs` as initrd. | ||
93 | |||
82 | ## Read-only root filesystem | 94 | ## Read-only root filesystem |
83 | 95 | ||
84 | If you use this layer you do *not* need to set `read-only-rootfs` in the | 96 | If you use this layer you do *not* need to set `read-only-rootfs` in the |
@@ -93,7 +105,7 @@ root=/dev/sda1 rootrw=/dev/sda2 | |||
93 | ``` | 105 | ``` |
94 | 106 | ||
95 | This cmd line start `/sbin/init` with the `/dev/sda1` partition as the read-only | 107 | This cmd line start `/sbin/init` with the `/dev/sda1` partition as the read-only |
96 | rootfs and the `/dev/sda2` partition as the read-write persistend state. | 108 | rootfs and the `/dev/sda2` partition as the read-write persistent state. |
97 | 109 | ||
98 | ``` | 110 | ``` |
99 | root=/dev/sda1 rootrw=/dev/sda2 init=/bin/sh | 111 | root=/dev/sda1 rootrw=/dev/sda2 init=/bin/sh |
@@ -108,7 +120,7 @@ root=/dev/sda1 rootrw=/dev/sda2 init=/init | |||
108 | ``` | 120 | ``` |
109 | 121 | ||
110 | This cmd line starts `/sbin/init` with `/dev/sda1` partition as the read-only | 122 | This cmd line starts `/sbin/init` with `/dev/sda1` partition as the read-only |
111 | rootfs and the `/dev/sda2` partition as the read-write persistend state. When | 123 | rootfs and the `/dev/sda2` partition as the read-write persistent state. When |
112 | using this init script without an initrd, `init=/init` has to be set. | 124 | using this init script without an initrd, `init=/init` has to be set. |
113 | 125 | ||
114 | ``` | 126 | ``` |
@@ -119,20 +131,20 @@ The same as before but it now starts `/bin/sh` instead of `/sbin/init` | |||
119 | 131 | ||
120 | ### Details | 132 | ### Details |
121 | 133 | ||
122 | `root=` specifies the read-only root filesystem device. If this is not | 134 | `root=` specifies the read-only root file system device. If this is not |
123 | specified, the current rootfs is used. | 135 | specified, the current rootfs is used. |
124 | 136 | ||
125 | `rootfstype=` if support for the-read only filesystem is not build into the | 137 | `rootfstype=` if support for the-read only file system is not build into the |
126 | kernel, you can specifiy the required module name here. | 138 | kernel, you can specify the required module name here. |
127 | 139 | ||
128 | `rootinit=` if the `init` parameter was used to specify this init script, | 140 | `rootinit=` if the `init` parameter was used to specify this init script, |
129 | `rootinit` can be used to overwrite the default (`/sbin/init`). | 141 | `rootinit` can be used to overwrite the default (`/sbin/init`). |
130 | 142 | ||
131 | `rootrw=` specifies the read-write filesystem device. If this is not | 143 | `rootrw=` specifies the read-write file system device. If this is not |
132 | specified, `tmpfs` is used. | 144 | specified, `tmpfs` is used. |
133 | 145 | ||
134 | `rootrwfstype=` if support for the read-write filesystem is not build into the | 146 | `rootrwfstype=` if support for the read-write file system is not build into the |
135 | kernel, you can specifiy the required module name here. | 147 | kernel, you can specify the required module name here. |
136 | 148 | ||
137 | `rootrwreset=` set to `yes` if you want to delete all the files in the | 149 | `rootrwreset=` set to `yes` if you want to delete all the files in the |
138 | read-write filesystem prior to building the overlay root files system. | 150 | read-write file system prior to building the overlay root files system. |