From 0a4afa37fb314d24cdb3bc3da11eea01c6474eb5 Mon Sep 17 00:00:00 2001
From: Jakob Meng <code@jakobmeng.de>
Date: Tue, 3 Oct 2023 10:04:42 +0200
Subject: [PATCH] overlay.d/05core: Writeable root fs for Live ISOs booted from
 RAM

Previously, karg coreos.liveiso.fromram would cause live-generator to
copy rootfs.img to a tmpfs and then mount it to /sysroot. Because
rootfs.img contains a squashfs, /sysroot will be mounted read-only,
preventing rpm-ostree operations such as install and rebase which are
required by OKD/FCOS [0].

Now, with karg coreos.liveiso.fromram (Live ISO) or coreos.live.\
fromram (PXE boot) the rootfs.img will be mounted to /isoroot. The
contents of /isoroot will be copied to /run/ephemeral and the latter
will be bind-\ mounted to /sysroot. Because /run/ephemeral is a
writeable xfs, both sysroot-etc.mount and sysroot-var.mount are not
required in this case.

For example, to rebase a FCOS/OKD bootimage first boot a Live ISO
with Fedora 39 from RAM and then rebase and soft-reboot [1] (requires
systemd v254) it with:

    rpm-ostree rebase fedora:fedora/x86_64/coreos/next
    rpm-ostree apply-live --allow-replacement
    systemctl soft-reboot

[0] https://github.com/coreos/rpm-ostree/issues/4547
[1] https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html
---
 .../modules.d/35coreos-live/live-generator    | 126 +++++++++++-------
 1 file changed, 78 insertions(+), 48 deletions(-)

diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
index add4e6dcca..c59bd13fc5 100755
--- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
@@ -28,8 +28,6 @@ fi
 > /run/ostree-live
 
 add_requires sysroot.mount     initrd-root-fs.target
-add_requires sysroot-etc.mount initrd-root-fs.target
-add_requires sysroot-var.mount initrd-root-fs.target
 # make sure we enable network if required for coreos-livepxe-rootfs
 # https://github.com/coreos/fedora-coreos-tracker/issues/1423
 add_requires coreos-enable-network.service initrd-root-fs.target
@@ -53,12 +51,22 @@ ExecStartPre=/usr/sbin/ostree-cmdline start
 ExecStartPost=/usr/sbin/ostree-cmdline stop
 EOF
 
+# Determine what to mount in sysroot.mount based on if we were asked to run
+# completely from RAM via coreos.liveiso.fromram or coreos.live.fromram karg.
+if getargbool 0 coreos.liveiso.fromram || getargbool 0 coreos.live.fromram; then
+    isorootmount=isoroot
+    isorootwhere=/isoroot
+else
+    isorootmount=sysroot
+    isorootwhere=/sysroot
+fi
+
 isoroot=$(getarg coreos.liveiso= ||:)
 
 if [ -z "${isoroot}" ]; then
     # In this case, the rootfs is already unpacked into the initrd, or we need
     # to retrieve it
-    cat >"${UNIT_DIR}/sysroot.mount" <<EOF
+    cat >"${UNIT_DIR}/${isorootmount}.mount" <<EOF
 # Automatically generated by live-generator
 
 [Unit]
@@ -69,7 +77,7 @@ Before=initrd-root-fs.target
 
 [Mount]
 What=/root.squashfs
-Where=/sysroot
+Where=${isorootwhere}
 Type=squashfs
 Options=loop
 EOF
@@ -109,45 +117,17 @@ Options=ro
 Type=iso9660
 EOF
 
-    # Determine what to mount in sysroot.mount based on if we were asked to run
-    # completely from RAM via coreos.liveiso.fromram karg.
-    if getargbool 0 coreos.liveiso.fromram; then
-        sysrootrequiresmountsfor=""
-        sysrootfsimg=/rootfs.img
-        # Add service to copy the rootfs.img from the ISO to memory
-        cat >"${UNIT_DIR}/coreos-liveiso-run-media-iso-cp-rootfsimg.service" <<EOF
-# Automatically generated by live-generator
-
-[Unit]
-RequiresMountsFor=/run/media/iso
-Before=sysroot.mount
-# DefaultDependencies=true so this unit gets stopped on switchroot to
-# allow for /run/media/iso to get unmounted.
-DefaultDependencies=true
-
-[Service]
-Type=oneshot
-ExecStart=cp -v /run/media/iso/images/pxeboot/rootfs.img /rootfs.img
-RemainAfterExit=yes
-EOF
-        add_requires coreos-liveiso-run-media-iso-cp-rootfsimg.service default.target
-    else
-        sysrootrequiresmountsfor="RequiresMountsFor=/run/media/iso"
-        sysrootfsimg=/run/media/iso/images/pxeboot/rootfs.img
-    fi
-
-    cat >"${UNIT_DIR}/sysroot.mount" <<EOF
+    cat >"${UNIT_DIR}/${isorootmount}.mount" <<EOF
 # Automatically generated by live-generator
 
 [Unit]
 DefaultDependencies=false
 Before=initrd-root-fs.target
-After=coreos-liveiso-run-media-iso-cp-rootfsimg.service
-${sysrootrequiresmountsfor}
+RequiresMountsFor=/run/media/iso
 
 [Mount]
-What=${sysrootfsimg}
-Where=/sysroot
+What=/run/media/iso/images/pxeboot/rootfs.img
+Where=${isorootwhere}
 Type=squashfs
 # Offset of the squashfs within the rootfs cpio.  Assumes newc format
 # and that a file named "root.squashfs" is the first member.  This offset
@@ -205,7 +185,56 @@ Type=xfs
 Options=loop,discard
 EOF
 
-cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
+if getargbool 0 coreos.liveiso.fromram || getargbool 0 coreos.live.fromram; then
+    cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
+[Unit]
+DefaultDependencies=false
+RequiresMountsFor=/run/ephemeral
+RequiresMountsFor=/isoroot
+ConditionPathExists=/usr/lib/initrd-release
+ConditionPathExists=!/run/ephemeral/usr
+# We want to run before ostree will be set up
+Before=ostree-prepare-root.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/cp -a ${isorootwhere}/. /run/ephemeral/
+EOF
+
+    cat >>"${UNIT_DIR}/sysroot.mount" <<EOF
+# Automatically generated by live-generator
+[Unit]
+DefaultDependencies=false
+# Make sure our tmpfs is available
+Requires=sysroot-xfs-ephemeral-setup.service
+After=sysroot-xfs-ephemeral-setup.service
+# We're part of assembling the root fs
+Before=initrd-root-fs.target
+
+[Mount]
+What=/run/ephemeral
+Where=/sysroot
+Type=none
+Options=bind
+EOF
+    cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
+[Unit]
+DefaultDependencies=false
+RequiresMountsFor=/sysroot
+Before=initrd-root-fs.target
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+# We don't need the full relabeling spam by default for these
+StandardOutput=null
+ExecStart=/bin/coreos-relabel /
+EOF
+    add_requires sysroot-relabel.service initrd-root-fs.target
+
+else # ! getargbool 0 coreos.liveiso.fromram && ! getargbool 0 coreos.live.fromram
+
+    cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
 [Unit]
 DefaultDependencies=false
 RequiresMountsFor=/run/ephemeral
@@ -222,8 +251,8 @@ ExecStart=/bin/cp -a /sysroot/etc /run/ephemeral/etc
 ExecStart=/bin/mkdir /run/ephemeral/var
 EOF
 
-common_etcvar_unit() {
-    cat << EOF
+    common_etcvar_unit() {
+        cat << EOF
 # Automatically generated by live-generator
 [Unit]
 DefaultDependencies=false
@@ -233,29 +262,29 @@ After=sysroot-xfs-ephemeral-setup.service
 # We're part of assembling the root fs
 Before=initrd-root-fs.target
 EOF
-}
+    }
 
-common_etcvar_unit > "${UNIT_DIR}/sysroot-etc.mount"
-cat >>"${UNIT_DIR}/sysroot-etc.mount" <<EOF
+    common_etcvar_unit > "${UNIT_DIR}/sysroot-etc.mount"
+    cat >>"${UNIT_DIR}/sysroot-etc.mount" <<EOF
 [Mount]
 What=/run/ephemeral/etc
 Where=/sysroot/etc
 Type=none
 Options=bind
 EOF
-add_requires sysroot-etc.mount initrd-root-fs.target
+    add_requires sysroot-etc.mount initrd-root-fs.target
 
-common_etcvar_unit >"${UNIT_DIR}/sysroot-var.mount"
-cat >>"${UNIT_DIR}/sysroot-var.mount" <<EOF
+    common_etcvar_unit >"${UNIT_DIR}/sysroot-var.mount"
+    cat >>"${UNIT_DIR}/sysroot-var.mount" <<EOF
 [Mount]
 What=/run/ephemeral/var
 Where=/sysroot/var
 Type=none
 Options=bind
 EOF
-add_requires sysroot-var.mount initrd-root-fs.target
+    add_requires sysroot-var.mount initrd-root-fs.target
 
-cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
+    cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
 [Unit]
 DefaultDependencies=false
 RequiresMountsFor=/sysroot/etc /sysroot/var
@@ -268,4 +297,5 @@ StandardOutput=null
 ExecStart=/bin/coreos-relabel /etc
 ExecStart=/bin/coreos-relabel /var
 EOF
-add_requires sysroot-relabel.service initrd-root-fs.target
+    add_requires sysroot-relabel.service initrd-root-fs.target
+fi