[ptxdist] More collected changes

[ptxdist] More collected changes

[Juergen Borleis]

The first two changes are V2 after honoring the comments, all the remaining
changes are V1 and most of them are related to the "overlay RAM disk feature
on /var" introduced in the first change.

The last change in this list updates and fixes the autotools based templates.

Comments are welcome.

Juergen



_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 01/20] rootfs: keep /var writable, even if the rootfs is read-only

[Juergen Borleis]

Having a read-only root filesystem is always a source of pain and trouble.
Many applications and tools expect to be able to store their state or
caching data or at least their logs somewhere in the filesystem.

The '/var' directory tree has a well known structure according to the
"File System Hierarchy Standard" and is used by all carefully designed
programs. Thus, this change provides a way to have this '/var' directory
tree writable, even if the main root filesystem is mounted read-only. It
uses an overlay filesystem and by default a RAM disk to store changed and
added data to this directory tree in a non persistent manner.

Due to the nature of the overlay filesystem the underlaying files from the
main root filesystem can still be accessed.

This approach requires the overlay filesystem support from the Linux
kernel. In order to use it, the feature CONFIG_OVERLAY_FS must be enabled.

The ugly details to establish the required overlaying filesystem are hidden
behind a "mount helper" for a dummy filesystem (here called 'varoverlayfs').
Thus, a BSP can change the overlaying filesystem by providing its own
'run-varoverlay.mount' in order to restrict the default RAM disk
differently or to switch to a different local storage.

The '/etc/fstab' file gets touched in this change, to enable some already
used RAM disks on demand, to gain backward compatibility if no overlay
approach is used.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 doc/daily_work.inc                            | 97 +++++++++++++++++++
 projectroot/etc/fstab                         |  6 +-
 .../lib/systemd/system/run-varoverlayfs.mount | 10 ++
 projectroot/usr/lib/systemd/system/var.mount  | 10 ++
 projectroot/usr/sbin/mount.varoverlayfs       | 11 +++
 rules/rootfs.in                               | 58 ++++++-----
 rules/rootfs.make                             | 19 +++-
 7 files changed, 180 insertions(+), 31 deletions(-)
 create mode 100644 projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
 create mode 100644 projectroot/usr/lib/systemd/system/var.mount
 create mode 100644 projectroot/usr/sbin/mount.varoverlayfs

diff --git a/doc/daily_work.inc b/doc/daily_work.inc
index 74da11953..470c14f93 100644
--- a/doc/daily_work.inc
+++ b/doc/daily_work.inc
@@ -1371,3 +1371,100 @@ in the build machine's filesystem also for the target filesystem image. With
 a different ``umask`` than ``0022`` at build-time this may fail badly at
 run-time with strange erroneous behaviour (for example some daemons with
 regular user permissions cannot acces their own configuration files).
+
+Read Only Filesystem
+--------------------
+
+A system can run a read-only root filesystem in order to have a unit which
+can be powered off at any time, without any previous shut down sequence.
+
+But many applications and tools are still expecting a writable filesystem to
+temporarily store some kind of data or logging information for example. All
+these write attempts will fail and thus, the applications and tools will fail,
+too.
+
+According to the *Filesystem Hierarchy Standard 2.3* the directory tree in
+``/var/`` is traditionally writable and its content is persistent across system
+restarts. Thus, this directory tree is used by most applications and tools to
+store their data.
+
+The *Filesystem Hierarchy Standard 2.3* defines the following directories
+below ``/var/``:
+
+- ``cache/``: Application specific cache data
+- ``crash/``: System crash dumps
+- ``lib/``:   Application specific variable state information
+- ``lock/``:  Lock files
+- ``log/``:   Log files and directories
+- ``run/``:   Data relevant to running processes
+- ``spool/``: Application spool data
+- ``tmp/``:   Temporary files preserved between system reboots
+
+Although this writable directory tree is useful and valid for full blown host
+machines, an embedded system can behave differently here: For example a
+requirement can drop the persistency of changed data across reboots and always
+start with empty directories.
+
+Partially RAM Disks
+~~~~~~~~~~~~~~~~~~~
+
+This is the default behaviour of PTXdist: it mounts a couple of RAM disks over
+directories in ``/var`` expected to be writable by various applications and
+tools. These RAM disks start always in an empty state and are defined as follows:
+
++-------------+---------------------------------------------------------------+
+| mount point | mount options                                                 |
++=============+===============================================================+
+| /var/log    | nosuid,nodev,noexec,mode=0755,size=10%                        |
++-------------+---------------------------------------------------------------+
+| /var/lock   | nosuid,nodev,noexec,mode=0755,size=1M                         |
++-------------+---------------------------------------------------------------+
+| /var/tmp    | nosuid,nodev,mode=1777,size=20%                               |
++-------------+---------------------------------------------------------------+
+
+This is a very simple and optimistic approach and works for surprisingly many use
+cases. But some applications expect a writable ``/var/lib`` and will fail due
+to this setup. Using an additional RAM disk for ``/var/lib`` might not help in
+this use case, because it will bury all build-time generated data already present
+in this directory tree (``opkg`` package information for example or other
+packages pre-defined configuration files).
+
+Overlay RAM Disk
+~~~~~~~~~~~~~~~~
+
+A different approach to have a writable ``/var`` without persistency is to use
+a so called *overlay filesystem*. This *overlay filesystem* is a transparent
+writable layer on top of the read-only filesystem. After the system's start the
+*overlay filesystem layer* is empty and all reads will be satisfied by the
+underlaying read-only filesystem. Writes (new files, directories, changes of
+existing files) are stored in the *overlay filesystem layer* and on the
+next read satisfied by this layer, instead of the underlaying read-only
+filesystem.
+
+PTXdist supports this use case, by enabling the *overlay* feature for the ``/var``
+directory in its configuration menu:
+
+.. code-block:: text
+
+   Root Filesystem                 --->
+      directories in rootfs           --->
+         [*]     overlay '/var' with RAM disk
+
+Keep in mind: this approach just enables write support to the ``/var`` directory
+tree, but nothing stored/changed in there at run-time will be persistent and is
+always lost if the system restarts. And each additional RAM disk consumes
+additional main memory, and if applications and tools will fill up the directory
+tree in ``/var`` the machine might run short on memory and slows down
+dramatically.
+
+Thus, it is a good idea to check the amount of data written by applications and
+tools to the ``/var`` directory tree and limit it by default.
+You can limit the size of the *overlay filesystem* RAM disk as well. For this
+you can provide your own
+``projectroot/usr/lib/systemd/system/run-varoverlayfs.mount`` with restrictive
+settings. But then the used applications and tools must deal with the
+"no space left on device" error correctly...
+
+This *overlay filesystem* approach requires the *overlay filesystem feature*
+from the Linux kernel. In order to use it, the feature CONFIG_OVERLAY_FS must
+be enabled.
diff --git a/projectroot/etc/fstab b/projectroot/etc/fstab
index 0121c3076..c79c8de4d 100644
--- a/projectroot/etc/fstab
+++ b/projectroot/etc/fstab
@@ -11,6 +11,6 @@ debugfs	/sys/kernel/debug	debugfs	noauto					0 0
 # ramdisks
 tmpfs	/tmp			tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
 tmpfs	/run			tmpfs	nosuid,nodev,strictatime,mode=0755	0 0
-tmpfs	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
-tmpfs	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
-tmpfs	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
+#log	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
+#lock	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
+#tmp	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
diff --git a/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
new file mode 100644
index 000000000..034dbfee1
--- /dev/null
+++ b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
@@ -0,0 +1,10 @@
+[Unit]
+Description=Overlay for '/var'
+Before=local-fs.target
+OnFailure=rescue.service
+
+[Mount]
+Where=/run/varoverlayfs
+What=tmpfs
+Type=tmpfs
+Options=nosuid,nodev,noexec,mode=0755,size=10%,nr_inodes=100
diff --git a/projectroot/usr/lib/systemd/system/var.mount b/projectroot/usr/lib/systemd/system/var.mount
new file mode 100644
index 000000000..764108924
--- /dev/null
+++ b/projectroot/usr/lib/systemd/system/var.mount
@@ -0,0 +1,10 @@
+[Unit]
+Description=Writable support for '/var'
+Before=local-fs.target
+OnFailure=rescue.service
+
+[Mount]
+Where=/var
+# note: this is a dummy filesystem only to trigger the corresponding mount helper
+What=varoverlayfs
+Type=varoverlayfs
diff --git a/projectroot/usr/sbin/mount.varoverlayfs b/projectroot/usr/sbin/mount.varoverlayfs
new file mode 100644
index 000000000..afd5f2076
--- /dev/null
+++ b/projectroot/usr/sbin/mount.varoverlayfs
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Mount helper tool to mount some kind of writable filesystem over '/var'
+# (which might be read-only).
+# What kind of filesystem is used to mount over '/var' can be controlled via
+# the 'run-varoverlayfs.mount' mount unit and is usually a RAM disk.
+
+systemctl start run-varoverlayfs.mount
+mkdir -p /run/varoverlayfs/upper
+mkdir -p /run/varoverlayfs/work
+mount -t overlay overlay -olowerdir=/var,upperdir=/run/varoverlayfs/upper,workdir=/run/varoverlayfs/work /var
+systemctl stop run-varoverlayfs.mount
diff --git a/rules/rootfs.in b/rules/rootfs.in
index 04f7a5287..d844f825e 100644
--- a/rules/rootfs.in
+++ b/rules/rootfs.in
@@ -179,76 +179,82 @@ config ROOTFS_VAR
 
 if ROOTFS_VAR
 
+config ROOTFS_VAR_OVERLAYFS
+	bool
+	prompt "overlay '/var' with RAM disk"
+	depends on INITMETHOD_SYSTEMD && !ROOTFS_VAR_VOLATILE
+	help
+	  This lets the whole '/var' content be writable transparently via an
+	  'overlayfs'.
+	  Reading content happens from the underlaying root filesystem, while
+	  changed content gets stored into a RAM disk instead. This enables all
+	  applications to read initial data (configuration files for example)
+	  and let them change this data even if the root filesystem is read-only.
+	  Due to this behavior all changes made at run-time aren't persistent
+	  by default.
+	  Read documentation chapter 'Read Only Filesystem' for further details.
+
 config ROOTFS_VAR_RUN
 	bool
 	select ROOTFS_RUN
 	prompt "/var/run"
 	default y
 	help
-	  This will not create a directory but a symlink to /run.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  Ensure a '/var/run' directory is available at run-time. This will
+	  always be a symlink to '/run'.
 
 config ROOTFS_VAR_LOG
 	bool
 	prompt "/var/log"
 	default y
 	help
-	  Create a /var/log directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  This directory is intended for log files and directories. Say 'y' here
+	  to ensure a '/var/log' directory is available at run-time.
 
 config ROOTFS_VAR_LOCK
 	bool
 	prompt "/var/lock"
 	default y
 	help
-	  Create a /var/lock directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  This directory is intended for application lock files. Say 'y' here
+	  to ensure a '/var/lock' directory is available at run-time.
 
 config ROOTFS_VAR_LIB
 	bool
 	prompt "/var/lib"
 	help
-	  Create a /var/lib directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
-	  If you are going to run an NFS server with file locking
-	  support this folder must be persistent!
+	  This directory is intended for application variable state information.
+	  Say 'y' here to ensure a '/var/lib' directory is available at
+	  run-time.
 
 config ROOTFS_VAR_CACHE
 	bool
 	prompt "/var/cache"
 	help
-	  Create a /var/cache directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  This directory is intended for application cache data. Say 'y' here
+	  to ensure a '/var/cache' directory is available at run-time.
 
 config ROOTFS_VAR_SPOOL
 	bool
 	prompt "/var/spool"
 	help
-	  Create a /var/spool directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  This directory is intended for application spool data. Say 'y' here to
+	  ensure a '/var/spool' directory is available at run-time.
 
 config ROOTFS_VAR_SPOOL_CRON
 	bool
 	prompt "/var/spool/cron"
 	help
-	  Create a /var/spool/cron directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  Create a '/var/spool/cron' directory in the root filesystem.
 
 config ROOTFS_VAR_TMP
 	bool
 	prompt "/var/tmp"
 	default y
 	help
-	  Create a /var/tmp directory in the root filesystem.
-	  Unless you want to mount a tmpfs on /var you should
-	  say yes here.
+	  This directory is intended for temporary files preserved between
+	  system reboots. Say 'y' here to ensure a '/var/tmp' directory is
+	  available at run-time.
 
 endif # ROOTFS_VAR
 endif # ROOTFS
diff --git a/rules/rootfs.make b/rules/rootfs.make
index ef5bba7df..21250e775 100644
--- a/rules/rootfs.make
+++ b/rules/rootfs.make
@@ -30,7 +30,7 @@ $(STATEDIR)/rootfs.targetinstall:
 	@$(call install_fixup, rootfs,PRIORITY,optional)
 	@$(call install_fixup, rootfs,SECTION,base)
 	@$(call install_fixup, rootfs,AUTHOR,"Robert Schwebel <r.schwebel@pengutronix.de>")
-	@$(call install_fixup, rootfs,DESCRIPTION,missing)
+	@$(call install_fixup, rootfs,DESCRIPTION, "Filesystem Hierarchy Standard")
 
 #	#
 #	# install directories in rootfs
@@ -123,7 +123,11 @@ endif
 ifdef PTXCONF_ROOTFS_VAR_TMP
 	@$(call install_copy, rootfs, 0, 0, 0755, /var/tmp)
 endif
-
+ifdef PTXCONF_ROOTFS_VAR_OVERLAYFS
+	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/run-varoverlayfs.mount)
+	@$(call install_alternative, rootfs, 0, 0, 0755, /usr/sbin/mount.varoverlayfs)
+	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/var.mount)
+endif
 
 #	#
 #	# install files in rootfs
@@ -142,7 +146,18 @@ ifdef PTXCONF_ROOTFS_GSHADOW
 endif
 ifdef PTXCONF_ROOTFS_FSTAB
 	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/fstab)
+ifndef PTXCONF_ROOTFS_VAR_OVERLAYFS
+ifdef PTXCONF_ROOTFS_VAR_TMP
+	@$(call install_replace, rootfs, /etc/fstab, #tmp, "tmpfs")
+endif
+ifdef PTXCONF_ROOTFS_VAR_LOG
+	@$(call install_replace, rootfs, /etc/fstab, #log, "tmpfs")
+endif
+ifdef PTXCONF_ROOTFS_VAR_LOCK
+	@$(call install_replace, rootfs, /etc/fstab, #lock, "tmpfs")
 endif
+endif # PTXCONF_ROOTFS_VAR_OVERLAYFS
+endif # PTXCONF_ROOTFS_FSTAB
 ifdef PTXCONF_ROOTFS_MTAB_FILE
 	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/mtab)
 endif
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 02/20] rootfs: keep '/var/tmp' permissions in sync with 'systemd'

[Juergen Borleis]

This avoids 'systemd' warnings at run-time if a read-only filesystem is
in use.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/rootfs.make | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/rootfs.make b/rules/rootfs.make
index 21250e775..8f0c61f52 100644
--- a/rules/rootfs.make
+++ b/rules/rootfs.make
@@ -121,7 +121,7 @@ ifdef PTXCONF_ROOTFS_VAR_SPOOL_CRON
 	@$(call install_copy, rootfs, 0, 0, 0755, /var/spool/cron)
 endif
 ifdef PTXCONF_ROOTFS_VAR_TMP
-	@$(call install_copy, rootfs, 0, 0, 0755, /var/tmp)
+	@$(call install_copy, rootfs, 0, 0, 01777, /var/tmp)
 endif
 ifdef PTXCONF_ROOTFS_VAR_OVERLAYFS
 	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/run-varoverlayfs.mount)
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 03/20] rootfs: '/var' is a mandatory directory according to FHS

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/fake-overlayfs.in    |  4 ----
 rules/initmethod-bbinit.in |  1 -
 rules/rootfs.in            | 12 ++----------
 rules/rootfs.make          |  2 --
 4 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/rules/fake-overlayfs.in b/rules/fake-overlayfs.in
index c328bc0fb..2469ddfad 100644
--- a/rules/fake-overlayfs.in
+++ b/rules/fake-overlayfs.in
@@ -18,23 +18,19 @@ comment "Copy the content of these directories"
 
 config FAKE_OVERLAYFS_VAR
 	bool "/var"
-	select ROOTFS_VAR	if ROOTFS
 
 if !FAKE_OVERLAYFS_VAR
 
 config FAKE_OVERLAYFS_VAR_LIB
 	bool "/var/lib"
-	select ROOTFS_VAR	if ROOTFS
 	select ROOTFS_VAR_LIB	if ROOTFS
 
 config FAKE_OVERLAYFS_VAR_TMP
 	bool "/var/tmp"
-	select ROOTFS_VAR	if ROOTFS
 	select ROOTFS_VAR_TMP	if ROOTFS
 
 config FAKE_OVERLAYFS_VAR_CACHE
 	bool "/var/cache"
-	select ROOTFS_VAR	if ROOTFS
 	select ROOTFS_VAR_CACHE	if ROOTFS
 
 endif
diff --git a/rules/initmethod-bbinit.in b/rules/initmethod-bbinit.in
index 383add59f..e0b3be178 100644
--- a/rules/initmethod-bbinit.in
+++ b/rules/initmethod-bbinit.in
@@ -33,7 +33,6 @@ config INITMETHOD_BBINIT_ETC_INITD_NETWORKING
 config INITMETHOD_BBINIT_ETC_INITD_RT_SET_BANDWIDTH
 	bool
 	prompt "install /etc/init.d/rt-set-bandwidth"
-	select ROOTFS_VAR
 	select ROOTFS_VAR_RUN
 	default y
 	help
diff --git a/rules/rootfs.in b/rules/rootfs.in
index d844f825e..3ea4bde60 100644
--- a/rules/rootfs.in
+++ b/rules/rootfs.in
@@ -169,15 +169,7 @@ config ROOTFS_TMP
 	  Create a /tmp directory in the root filesystem.
 	  You should say yes here.
 
-config ROOTFS_VAR
-	bool
-	prompt "/var"
-	default y
-	help
-	  Create a /var directory in the root filesystem.
-	  You should say yes here.
-
-if ROOTFS_VAR
+menu "/var                        "
 
 config ROOTFS_VAR_OVERLAYFS
 	bool
@@ -256,7 +248,7 @@ config ROOTFS_VAR_TMP
 	  system reboots. Say 'y' here to ensure a '/var/tmp' directory is
 	  available at run-time.
 
-endif # ROOTFS_VAR
+endmenu
 endif # ROOTFS
 
 # ----------------------------------------------------------------------------
diff --git a/rules/rootfs.make b/rules/rootfs.make
index 8f0c61f52..8183d0288 100644
--- a/rules/rootfs.make
+++ b/rules/rootfs.make
@@ -96,9 +96,7 @@ endif
 ifdef PTXCONF_ROOTFS_TMP
 	@$(call install_copy, rootfs, 0, 0, 1777, /tmp)
 endif
-ifdef PTXCONF_ROOTFS_VAR
 	@$(call install_copy, rootfs, 0, 0, 0755, /var)
-endif
 ifdef PTXCONF_ROOTFS_VAR_LOG
 	@$(call install_copy, rootfs, 0, 0, 0755, /var/log)
 endif
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 04/20] conman: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 projectroot/usr/lib/systemd/system/connman-ignore.service | 1 +
 projectroot/usr/lib/systemd/system/connman.service        | 1 +
 rules/connman.in                                          | 3 ++-
 rules/connman.make                                        | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/projectroot/usr/lib/systemd/system/connman-ignore.service b/projectroot/usr/lib/systemd/system/connman-ignore.service
index b31df07fb..df52faaed 100644
--- a/projectroot/usr/lib/systemd/system/connman-ignore.service
+++ b/projectroot/usr/lib/systemd/system/connman-ignore.service
@@ -7,6 +7,7 @@ ConditionPathExists=!/run/connman-ignore
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/systemd/connman-ignore
+StateDirectory=conman
 
 [Install]
 WantedBy=connman.service
diff --git a/projectroot/usr/lib/systemd/system/connman.service b/projectroot/usr/lib/systemd/system/connman.service
index 4353276b5..c7fc639d6 100644
--- a/projectroot/usr/lib/systemd/system/connman.service
+++ b/projectroot/usr/lib/systemd/system/connman.service
@@ -10,6 +10,7 @@ Restart=on-failure
 EnvironmentFile=-/run/connman-ignore
 ExecStart=/usr/sbin/connmand -n $CONNMAN_IGNORE_OPTS
 StandardOutput=null
+StateDirectory=conman
 
 [Install]
 WantedBy=multi-user.target
diff --git a/rules/connman.in b/rules/connman.in
index 9d4b1dbd3..3c2eb11a0 100644
--- a/rules/connman.in
+++ b/rules/connman.in
@@ -13,7 +13,8 @@ menuconfig CONNMAN
 	select DBUS_PYTHON			if CONNMAN_TESTS && RUNTIME
 	select WPA_SUPPLICANT			if CONNMAN_WIFI && RUNTIME
 	select WPA_SUPPLICANT_CTRL_IFACE_DBUS	if CONNMAN_WIFI
-	select BUSYBOX_START_STOP_DAEMON	if CONNMAN_STARTSCRIPT
+	select BUSYBOX_START_STOP_DAEMON	if CONNMAN_STARTSCRIPT && RUNTIME
+	select ROOTFS_VAR_LIB			if RUNTIME
 	prompt "connman                       "
 	help
 	  The Connection Manager project provides a daemon for
diff --git a/rules/connman.make b/rules/connman.make
index 2f671f7d4..313098d1c 100644
--- a/rules/connman.make
+++ b/rules/connman.make
@@ -167,6 +167,7 @@ ifdef PTXCONF_CONNMAN_POLKIT
 endif
 
 #	# ship settings which enable wired interfaces per default
+	@$(call install_copy, connman, 0, 0, 0755, /var/lib/connman)
 	@$(call install_alternative, connman, 0, 0, 0600, \
 		/var/lib/connman/settings)
 
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 05/20] networkmanager: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <juergen@kreuzholzen.de>
---
 .../usr/lib/systemd/system/NetworkManager-unmanage.service    | 1 +
 projectroot/usr/lib/systemd/system/NetworkManager.service     | 1 +
 rules/networkmanager.in                                       | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/projectroot/usr/lib/systemd/system/NetworkManager-unmanage.service b/projectroot/usr/lib/systemd/system/NetworkManager-unmanage.service
index 180af2992..fd11686ba 100644
--- a/projectroot/usr/lib/systemd/system/NetworkManager-unmanage.service
+++ b/projectroot/usr/lib/systemd/system/NetworkManager-unmanage.service
@@ -7,6 +7,7 @@ ConditionPathExists=!/var/run/NetworkManager.conf
 [Service]
 Type=oneshot
 ExecStart=/usr/lib/init/nm-unmanage.sh
+StateDirectory=NetworkManager
 
 [Install]
 WantedBy=NetworkManager.service
diff --git a/projectroot/usr/lib/systemd/system/NetworkManager.service b/projectroot/usr/lib/systemd/system/NetworkManager.service
index 7c56d8e24..45973692d 100644
--- a/projectroot/usr/lib/systemd/system/NetworkManager.service
+++ b/projectroot/usr/lib/systemd/system/NetworkManager.service
@@ -21,6 +21,7 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SE
 
 ProtectSystem=true
 ProtectHome=read-only
+StateDirectory=NetworkManager
 
 [Install]
 WantedBy=multi-user.target
diff --git a/rules/networkmanager.in b/rules/networkmanager.in
index 26e9fff9d..e966aa2c7 100644
--- a/rules/networkmanager.in
+++ b/rules/networkmanager.in
@@ -26,6 +26,7 @@ menuconfig NETWORKMANAGER
 	select UDEV_LIBUDEV
 	select WPA_SUPPLICANT			if NETWORKMANAGER_WIRELESS && RUNTIME
 	select WPA_SUPPLICANT_CTRL_IFACE_DBUS	if NETWORKMANAGER_WIRELESS && RUNTIME
+	select ROOTFS_VAR_LIB			if RUNTIME
 	prompt "networkmanager                "
 	help
 	  NetworkManager is a tool to automate network configuration as far as
@@ -33,6 +34,9 @@ menuconfig NETWORKMANAGER
 
 	  http://projects.gnome.org/NetworkManager/
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib'.
+
 if NETWORKMANAGER
 
 config NETWORKMANAGER_STARTSCRIPT
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 06/20] ntp: adapt package's '/var/lib' and '/var/log' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 projectroot/usr/lib/systemd/system/ntpd.service | 2 ++
 rules/ntp.in                                    | 5 +++++
 rules/ntp.make                                  | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/projectroot/usr/lib/systemd/system/ntpd.service b/projectroot/usr/lib/systemd/system/ntpd.service
index 64fce1cb7..917456339 100644
--- a/projectroot/usr/lib/systemd/system/ntpd.service
+++ b/projectroot/usr/lib/systemd/system/ntpd.service
@@ -3,6 +3,8 @@ Description=ntpd
 
 [Service]
 ExecStart=/usr/sbin/ntpd -n -c /etc/ntp-server.conf
+StateDirectory=ntp
+LogsDirectory=ntpstats
 
 [Install]
 WantedBy=multi-user.target
diff --git a/rules/ntp.in b/rules/ntp.in
index c211c91cd..55bf38b94 100644
--- a/rules/ntp.in
+++ b/rules/ntp.in
@@ -10,10 +10,15 @@ menuconfig NTP
 	select LIBC_M
 	select LIBC_RT
 	select GCCLIBS_GCC_S
+	select ROOTFS_VAR_LIB	if RUNTIME
+	select ROOTFS_VAR_LOG	if RUNTIME
 	help
 	  Build the standard NTP Daemon Process and supplementary programs.
 	  This conflicts with BSD openntpd.
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' and '/var/log'.
+
 # ----- Compile Options
 
 if NTP
diff --git a/rules/ntp.make b/rules/ntp.make
index 5d51ae4fc..411ad2ecf 100644
--- a/rules/ntp.make
+++ b/rules/ntp.make
@@ -160,7 +160,7 @@ $(STATEDIR)/ntp.targetinstall:
 	@$(call install_fixup, ntp,PRIORITY,optional)
 	@$(call install_fixup, ntp,SECTION,base)
 	@$(call install_fixup, ntp,AUTHOR,"Robert Schwebel")
-	@$(call install_fixup, ntp,DESCRIPTION,missing)
+	@$(call install_fixup, ntp,DESCRIPTION, "Network Time Protocol Daemon")
 
 #	#
 #	# ntpdate
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 07/20] dnsmasq: version bump 2.79 -> 2.80

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 ...the-pkg-config-file-is-lua-no-lua5.2.patch |   4 +-
 patches/{dnsmasq-2.79 => dnsmasq-2.80}/series |   0
 projectroot/etc/dnsmasq.conf                  | 275 ++++++++++++++----
 rules/dnsmasq.in                              |   3 +-
 rules/dnsmasq.make                            |   8 +-
 5 files changed, 232 insertions(+), 58 deletions(-)
 rename patches/{dnsmasq-2.79 => dnsmasq-2.80}/0001-the-pkg-config-file-is-lua-no-lua5.2.patch (93%)
 rename patches/{dnsmasq-2.79 => dnsmasq-2.80}/series (100%)

diff --git a/patches/dnsmasq-2.79/0001-the-pkg-config-file-is-lua-no-lua5.2.patch b/patches/dnsmasq-2.80/0001-the-pkg-config-file-is-lua-no-lua5.2.patch
similarity index 93%
rename from patches/dnsmasq-2.79/0001-the-pkg-config-file-is-lua-no-lua5.2.patch
rename to patches/dnsmasq-2.80/0001-the-pkg-config-file-is-lua-no-lua5.2.patch
index 42fe46a88..a30a5755f 100644
--- a/patches/dnsmasq-2.79/0001-the-pkg-config-file-is-lua-no-lua5.2.patch
+++ b/patches/dnsmasq-2.80/0001-the-pkg-config-file-is-lua-no-lua5.2.patch
@@ -8,10 +8,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 73ea23e11d07..1dba188f9c30 100644
+index e71cf86908d3..c4945c0b44e8 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -59,8 +59,8 @@ idn2_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI
+@@ -60,8 +60,8 @@ idn2_cflags =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI
  idn2_libs =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2`
  ct_cflags =     `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack`
  ct_libs =       `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
diff --git a/patches/dnsmasq-2.79/series b/patches/dnsmasq-2.80/series
similarity index 100%
rename from patches/dnsmasq-2.79/series
rename to patches/dnsmasq-2.80/series
diff --git a/projectroot/etc/dnsmasq.conf b/projectroot/etc/dnsmasq.conf
index 1856481d1..8548b43ed 100644
--- a/projectroot/etc/dnsmasq.conf
+++ b/projectroot/etc/dnsmasq.conf
@@ -4,17 +4,34 @@
 # as the long options legal on the command line. See
 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
 
+# Listen on this specific port instead of the standard DNS port
+# (53). Setting this to zero completely disables DNS function,
+# leaving only DHCP and/or TFTP.
+#port=5353
+
 # The following two options make you a better netizen, since they
 # tell dnsmasq to filter out queries which the public DNS cannot
 # answer, and which load the servers (especially the root servers)
-# uneccessarily. If you have a dial-on-demand link they also stop
-# these requests from bringing up the link uneccessarily.
+# unnecessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link unnecessarily.
 
 # Never forward plain names (without a dot or domain part)
 #domain-needed
 # Never forward addresses in the non-routed address spaces.
 #bogus-priv
 
+# Uncomment these to enable DNSSEC validation and caching:
+# (Requires dnsmasq to be built with DNSSEC option.)
+#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
+#dnssec
+
+# Replies which are not DNSSEC signed may be legitimate, because the domain
+# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
+# check that an unsigned reply is OK, by finding a secure proof that a DS
+# record somewhere between the root and the domain does not exist.
+# The cost of setting this is that even queries in unsigned domains will need
+# one or more extra DNS queries to verify.
+#dnssec-check-unsigned
 
 # Uncomment this to filter useless windows-originated DNS requests
 # which can trigger dial-on-demand links needlessly.
@@ -57,21 +74,25 @@
 #local=/localnet/
 
 # Add domains which you want to force to an IP address here.
-# The example below send any host in doubleclick.net to a local
-# webserver.
-#address=/doubleclick.net/127.0.0.1
+# The example below send any host in double-click.net to a local
+# web-server.
+#address=/double-click.net/127.0.0.1
 
 # --address (and --server) work with IPv6 addresses too.
 #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
 
+# Add the IPs of all queries to yahoo.com, google.com, and their
+# subdomains to the vpn and search ipsets:
+#ipset=/yahoo.com/google.com/vpn,search
+
 # You can control how dnsmasq talks to a server: this forces
 # queries to 10.1.2.3 to be routed via eth1
-# --server=10.1.2.3@eth1
+# server=10.1.2.3@eth1
 
 # and this sets the source (ie local) address used to talk to
-# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
 # IP on the machine, obviously).
-# --server=10.1.2.3@192.168.1.1#55
+# server=10.1.2.3@192.168.1.1#55
 
 # If you want dnsmasq to change uid and gid to something other
 # than the default, edit the following lines.
@@ -90,7 +111,7 @@
 #listen-address=
 # If you want dnsmasq to provide only DNS service on an interface,
 # configure it as shown above, and then use the following line to
-# disable DHCP on it.
+# disable DHCP and TFTP on it.
 #no-dhcp-interface=
 
 # On systems which support it, dnsmasq binds the wildcard address,
@@ -141,17 +162,68 @@
 # don't need to worry about this.
 #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
 
-# This is an example of a DHCP range with a network-id, so that
+# This is an example of a DHCP range which sets a tag, so that
 # some DHCP options may be set only for this network.
-#dhcp-range=red,192.168.0.50,192.168.0.150
+#dhcp-range=set:red,192.168.0.50,192.168.0.150
+
+# Use this DHCP range only when the tag "green" is set.
+#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
+
+# Specify a subnet which can't be used for dynamic address allocation,
+# is available for hosts with matching --dhcp-host lines. Note that
+# dhcp-host declarations will be ignored unless there is a dhcp-range
+# of some type for the subnet in question.
+# In this case the netmask is implied (it comes from the network
+# configuration on the machine running dnsmasq) it is possible to give
+# an explicit netmask instead.
+#dhcp-range=192.168.0.0,static
+
+# Enable DHCPv6. Note that the prefix-length does not need to be specified
+# and defaults to 64 if missing/
+#dhcp-range=1234::2, 1234::500, 64, 12h
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+#dhcp-range=1234::, ra-only
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
+# hosts. Use the DHCPv4 lease to derive the name, network segment and
+# MAC address and assume that the host will also have an
+# IPv6 address calculated using the SLAAC algorithm.
+#dhcp-range=1234::, ra-names
+
+# Do Router Advertisements, BUT NOT DHCP for this subnet.
+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
+#dhcp-range=1234::, ra-only, 48h
+
+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
+# so that clients can use SLAAC addresses as well as DHCP ones.
+#dhcp-range=1234::2, 1234::500, slaac
+
+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
+# not get addresses from DHCP, but they will get other configuration information.
+# They will use SLAAC for addresses.
+#dhcp-range=1234::, ra-stateless
+
+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
+# from DHCPv4 leases.
+#dhcp-range=1234::, ra-stateless, ra-names
+
+# Do router advertisements for all subnets where we're doing DHCPv6
+# Unless overridden by ra-stateless, ra-names, et al, the router
+# advertisements will have the M and O bits set, so that the clients
+# get addresses and configuration from DHCPv6, and the A bit reset, so the
+# clients don't use SLAAC addresses.
+#enable-ra
 
 # Supply parameters for specified hosts using DHCP. There are lots
 # of valid alternatives, so we will give examples of each. Note that
 # IP addresses DO NOT have to be in the range given above, they just
 # need to be on the same network. The order of the parameters in these
-# do not matter, it's permissible to give name,address and MAC in any order
+# do not matter, it's permissible to give name, address and MAC in any
+# order.
 
-# Always allocate the host with ethernet address 11:22:33:44:55:66
+# Always allocate the host with Ethernet address 11:22:33:44:55:66
 # The IP address 192.168.0.60
 #dhcp-host=11:22:33:44:55:66,192.168.0.60
 
@@ -159,13 +231,13 @@
 # 11:22:33:44:55:66 to be "fred"
 #dhcp-host=11:22:33:44:55:66,fred
 
-# Always give the host with ethernet address 11:22:33:44:55:66
+# Always give the host with Ethernet address 11:22:33:44:55:66
 # the name fred and IP address 192.168.0.60 and lease time 45 minutes
 #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
 
-# Give a host with ethernet address 11:22:33:44:55:66 or
+# Give a host with Ethernet address 11:22:33:44:55:66 or
 # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
-# that these two ethernet interfaces will never be in use at the same
+# that these two Ethernet interfaces will never be in use at the same
 # time, and give the IP address to the second, even if it is already
 # in use by the first. Useful for laptops with wired and wireless
 # addresses.
@@ -179,6 +251,13 @@
 # the IP address 192.168.0.60
 #dhcp-host=id:01:02:02:04,192.168.0.60
 
+# Always give the InfiniBand interface with hardware address
+# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
+# ip address 192.168.0.61. The client id is derived from the prefix
+# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
+# hex digits of the hardware address.
+#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
+
 # Always give the host with client identifier "marjorie"
 # the IP address 192.168.0.60
 #dhcp-host=id:marjorie,192.168.0.60
@@ -188,41 +267,47 @@
 # it asks for a DHCP lease.
 #dhcp-host=judge
 
-# Never offer DHCP service to a machine whose ethernet
+# Never offer DHCP service to a machine whose Ethernet
 # address is 11:22:33:44:55:66
 #dhcp-host=11:22:33:44:55:66,ignore
 
-# Ignore any client-id presented by the machine with ethernet
+# Ignore any client-id presented by the machine with Ethernet
 # address 11:22:33:44:55:66. This is useful to prevent a machine
 # being treated differently when running under different OS's or
 # between PXE boot and OS boot.
 #dhcp-host=11:22:33:44:55:66,id:*
 
 # Send extra options which are tagged as "red" to
-# the machine with ethernet address 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,net:red
+# the machine with Ethernet address 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,set:red
 
 # Send extra options which are tagged as "red" to
-# any machine with ethernet address starting 11:22:33:
-#dhcp-host=11:22:33:*:*:*,net:red
+# any machine with Ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,set:red
 
-# Ignore any clients which are specified in dhcp-host lines
-# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
+# Give a fixed IPv6 address and name to client with
+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
+# Note also that the [] around the IPv6 address are obligatory.
+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
+
+# Ignore any clients which are not specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
 # This relies on the special "known" tag which is set when
 # a host is matched.
-#dhcp-ignore=#known
+#dhcp-ignore=tag:!known
 
 # Send extra options which are tagged as "red" to any machine whose
 # DHCP vendorclass string includes the substring "Linux"
-#dhcp-vendorclass=red,Linux
+#dhcp-vendorclass=set:red,Linux
 
 # Send extra options which are tagged as "red" to any machine one
 # of whose DHCP userclass strings includes the substring "accounts"
-#dhcp-userclass=red,accounts
+#dhcp-userclass=set:red,accounts
 
 # Send extra options which are tagged as "red" to any machine whose
 # MAC address matches the pattern.
-#dhcp-mac=red,00:60:8C:*:*:*
+#dhcp-mac=set:red,00:60:8C:*:*:*
 
 # If this line is uncommented, dnsmasq will read /etc/ethers and act
 # on the ethernet-address/IP pairs found there just as if they had
@@ -257,6 +342,24 @@
 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 
+# Send DHCPv6 option. Note [] around IPv6 addresses.
+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
+
+# Send DHCPv6 option for namservers as the machine running
+# dnsmasq and another.
+#dhcp-option=option6:dns-server,[::],[1234::88]
+
+# Ask client to poll for option changes every six hours. (RFC4242)
+#dhcp-option=option6:information-refresh-time,6h
+
+# Set option 58 client renewal time (T1). Defaults to half of the
+# lease time if not specified. (RFC2132)
+#dhcp-option=option:T1,1m
+
+# Set option 59 rebinding time (T2). Defaults to 7/8 of the
+# lease time if not specified. (RFC2132)
+#dhcp-option=option:T2,2m
+
 # Set the NTP time server address to be the same machine as
 # is running dnsmasq
 #dhcp-option=42,0.0.0.0
@@ -276,8 +379,8 @@
 
 # Specify an option which will only be sent to the "red" network
 # (see dhcp-range for the declaration of the "red" network)
-# Note that the net: part must precede the option: part.
-#dhcp-option = net:red, option:ntp-server, 192.168.1.1
+# Note that the tag: part must precede the option: part.
+#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
 
 # The following DHCP options set up dnsmasq in the same way as is specified
 # for the ISC dhcpcd in
@@ -291,6 +394,9 @@
 #dhcp-option=45,0.0.0.0     # netbios datagram distribution server
 #dhcp-option=46,8           # netbios node type
 
+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
+#dhcp-option=252,"\n"
+
 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
 # probably doesn't support this......
 #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
@@ -329,20 +435,23 @@
 # Reboot time. (Note 'i' to send 32-bit value)
 #dhcp-option-force=211,30i
 
-# Set the boot filename for BOOTP. You will only need
-# this is you want to boot machines over the network and you will need
-# a TFTP server; either dnsmasq's built in TFTP server or an
+# Set the boot filename for netboot/PXE. You will only need
+# this if you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built-in TFTP server or an
 # external one. (See below for how to enable the TFTP server.)
 #dhcp-boot=pxelinux.0
 
-# Boot for Etherboot gPXE. The idea is to send two different
-# filenames, the first loads gPXE, and the second tells gPXE what to
-# load. The dhcp-match sets the gpxe tag for requests from gPXE.
-#dhcp-match=gpxe,175 # gPXE sends a 175 option.
-#dhcp-boot=net:#gpxe,undionly.kpxe
-#dhcp-boot=mybootimage
+# The same as above, but use custom tftp-server instead machine running dnsmasq
+#dhcp-boot=pxelinux,server.name,192.168.1.100
 
-# Encapsulated options for Etherboot gPXE. All the options are
+# Boot for iPXE. The idea is to send two different
+# filenames, the first loads iPXE, and the second tells iPXE what to
+# load. The dhcp-match sets the ipxe tag for requests from iPXE.
+#dhcp-boot=undionly.kpxe
+#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
+#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
+
+# Encapsulated options for iPXE. All the options are
 # encapsulated within option 175
 #dhcp-option=encap:175, 1, 5b         # priority code
 #dhcp-option=encap:175, 176, 1b       # no-proxydhcp
@@ -358,22 +467,67 @@
 #dhcp-match=hammers, option:client-arch, 6 #x86-64
 #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
 
+# Do real PXE, rather than just booting a single file, this is an
+# alternative to dhcp-boot.
+#pxe-prompt="What system shall I netboot?"
+# or with timeout before first available action is taken:
+#pxe-prompt="Press F8 for menu.", 60
+
+# Available boot services. for PXE.
+#pxe-service=x86PC, "Boot from local disk"
+
+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
+#pxe-service=x86PC, "Install Linux", pxelinux
+
+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
+# Beware this fails on old PXE ROMS.
+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
+
+# Use bootserver on network, found my multicast or broadcast.
+#pxe-service=x86PC, "Install windows from RIS server", 1
+
+# Use bootserver at a known IP address.
+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
+
+# If you have multicast-FTP available,
+# information for that can be passed in a similar way using options 1
+# to 5. See page 19 of
+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
+
+
 # Enable dnsmasq's built-in TFTP server
 #enable-tftp
 
-# Set the root directory for files availble via FTP.
-#tftp-root=/var/ftpd
+# Set the root directory for files available via FTP.
+#tftp-root=/var/lib/misc/ftpd
+
+# Do not abort if the tftp-root is unavailable
+#tftp-no-fail
 
 # Make the TFTP server more secure: with this set, only files owned by
 # the user dnsmasq is running as will be send over the net.
 #tftp-secure
 
+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
+# transfers. It will slow things down, but may rescue some broken TFTP
+# clients.
+#tftp-no-blocksize
+
 # Set the boot file name only when the "red" tag is set.
-#dhcp-boot=net:red,pxelinux.red-net
+#dhcp-boot=tag:red,pxelinux.red-net
 
-# An example of dhcp-boot with an external server: the name and IP
+# An example of dhcp-boot with an external TFTP server: the name and IP
 # address of the server are given after the filename.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
+# Can fail with old PXE ROMS. Overridden by --pxe-service.
+#dhcp-boot=/var/lib/misc/ftpd/pxelinux.0,boothost,192.168.0.3
+
+# If there are multiple external tftp servers having a same name
+# (using /etc/hosts) then that name can be specified as the
+# tftp_servername (the third option to dhcp-boot) and in that
+# case dnsmasq resolves this name and returns the resultant IP
+# addresses in round robin fashion. This facility can be used to
+# load balance the tftp load among a set of servers.
+#dhcp-boot=/var/lib/misc/ftpd/pxelinux.0,boothost,tftp_server_name
 
 # Set the limit on DHCP leases, the default is 150
 #dhcp-lease-max=150
@@ -387,12 +541,20 @@
 # and take over the lease for any client which broadcasts on the network,
 # whether it has a record of the lease or not. This avoids long timeouts
 # when a machine wakes up on a new network. DO NOT enable this if there's
-# the slighest chance that you might end up accidentally configuring a DHCP
+# the slightest chance that you might end up accidentally configuring a DHCP
 # server for your campus/company accidentally. The ISC server uses
 # the same option, and this URL provides more information:
-# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
+# http://www.isc.org/files/auth.html
 #dhcp-authoritative
 
+# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
+# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
+# option with a DHCPACK including a Rapid Commit option and fully committed address
+# and configuration information. This must only be enabled if either the server is
+# the only server for the subnet, or multiple servers are present and they each
+# commit a binding for all clients.
+#dhcp-rapid-commit
+
 # Run an executable when a DHCP lease is created or destroyed.
 # The arguments sent to the script are "add" or "del",
 # then the MAC address, the IP address and finally the hostname
@@ -405,7 +567,7 @@
 # If you want to disable negative caching, uncomment this.
 #no-negcache
 
-# Normally responses which come form /etc/hosts and the DHCP lease
+# Normally responses which come from /etc/hosts and the DHCP lease
 # file have Time-To-Live set as zero, which conventionally means
 # do not cache further. If you are happy to trade lower load on the
 # server for potentially stale date, you can set a time-to-live (in
@@ -456,11 +618,11 @@
 # set for this to work.)
 
 # A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289
+# ldapserver.example.com port 389
 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
 
 # A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289 (using domain=)
+# ldapserver.example.com port 389 (using domain=)
 #domain=example.com
 #srv-host=_ldap._tcp,ldapserver.example.com,389
 
@@ -501,6 +663,17 @@
 # Log lots of extra information about DHCP transactions.
 #log-dhcp
 
-# Include a another lot of configuration options.
+# Include another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
 #conf-dir=/etc/dnsmasq.d
+
+# Include all the files in a directory except those ending in .bak
+#conf-dir=/etc/dnsmasq.d,.bak
+
+# Include all files in a directory which end in .conf
+#conf-dir=/etc/dnsmasq.d/,*.conf
+
+# If a DHCP client claims that its name is "wpad", ignore that.
+# This fixes a security hole. see CERT Vulnerability VU#598349
+#dhcp-name-match=set:wpad-ignore,wpad
+#dhcp-ignore-names=tag:wpad-ignore
diff --git a/rules/dnsmasq.in b/rules/dnsmasq.in
index c8de883f3..65f68f738 100644
--- a/rules/dnsmasq.in
+++ b/rules/dnsmasq.in
@@ -77,6 +77,7 @@ comment "runtime options   ---"
 
 choice
 	prompt "Kind of startup"
+	depends on !INITMETHOD_SYSTEMD
 
 	config DNSMASQ_INETD
 		bool
@@ -106,7 +107,7 @@ endchoice
 config DNSMASQ_SYSTEMD_UNIT
 	bool
 	default y
-	depends on SYSTEMD
+	depends on INITMETHOD_SYSTEMD
 	prompt "install systemd unit files for dnsmasq"
 
 endif
diff --git a/rules/dnsmasq.make b/rules/dnsmasq.make
index 5d04f7ec2..113392f02 100644
--- a/rules/dnsmasq.make
+++ b/rules/dnsmasq.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_DNSMASQ) += dnsmasq
 #
 # Paths and names
 #
-DNSMASQ_VERSION		:= 2.79
-DNSMASQ_MD5		:= 64010c9734f5e275eb591374a6dad924
+DNSMASQ_VERSION		:= 2.80
+DNSMASQ_MD5		:= e040e72e6f377a784493c36f9e788502
 DNSMASQ			:= dnsmasq-$(DNSMASQ_VERSION)
 DNSMASQ_SUFFIX		:= tar.xz
 DNSMASQ_URL		:= http://www.thekelleys.org.uk/dnsmasq/$(DNSMASQ).$(DNSMASQ_SUFFIX)
@@ -59,7 +59,7 @@ ifdef DNSMASQ_DNSSEC
 DNSMASQ_COPT += -DHAVE_DNSSEC
 endif
 
-DNSMASQ_MAKEVARS := PREFIX=/usr AWK=awk COPTS='$(DNSMASQ_COPT)'
+DNSMASQ_MAKEVARS := PREFIX=/usr AWK=awk COPTS='$(DNSMASQ_COPT)' "CFLAGS+=-Wall -Wextra -ggdb3 -O2"
 
 $(STATEDIR)/dnsmasq.prepare:
 	@$(call targetinfo)
@@ -76,7 +76,7 @@ $(STATEDIR)/dnsmasq.targetinstall:
 	@$(call install_fixup, dnsmasq,PRIORITY,optional)
 	@$(call install_fixup, dnsmasq,SECTION,base)
 	@$(call install_fixup, dnsmasq,AUTHOR,"Robert Schwebel <r.schwebel@pengutronix.de>")
-	@$(call install_fixup, dnsmasq,DESCRIPTION,missing)
+	@$(call install_fixup, dnsmasq,DESCRIPTION,"Low Requirements DNS/DHCP daemon")
 
 	@$(call install_copy, dnsmasq, 0, 0, 0755, -, /usr/sbin/dnsmasq)
 
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 08/20] dnsmasq: clean up rule file

[Juergen Borleis]

The 'n' feature is autodetected in the meantime...

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/dnsmasq.make | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/dnsmasq.make b/rules/dnsmasq.make
index 113392f02..861936329 100644
--- a/rules/dnsmasq.make
+++ b/rules/dnsmasq.make
@@ -81,12 +81,12 @@ $(STATEDIR)/dnsmasq.targetinstall:
 	@$(call install_copy, dnsmasq, 0, 0, 0755, -, /usr/sbin/dnsmasq)
 
 ifdef PTXCONF_DNSMASQ_INETD
-	@$(call install_alternative, dnsmasq, 0, 0, 0644, /etc/inetd.conf.d/dnsmasq, n)
+	@$(call install_alternative, dnsmasq, 0, 0, 0644, /etc/inetd.conf.d/dnsmasq)
 endif
 
 ifdef PTXCONF_INITMETHOD_BBINIT
 ifdef PTXCONF_DNSMASQ_STARTSCRIPT
-	@$(call install_alternative, dnsmasq, 0, 0, 0755, /etc/init.d/dnsmasq, n)
+	@$(call install_alternative, dnsmasq, 0, 0, 0755, /etc/init.d/dnsmasq)
 
 ifneq ($(call remove_quotes,$(PTXCONF_DNSMASQ_BBINIT_LINK)),)
 	@$(call install_link, dnsmasq, \
@@ -102,7 +102,7 @@ ifdef PTXCONF_DNSMASQ_SYSTEMD_UNIT
 		/usr/lib/systemd/system/network.target.wants/dnsmasq.service)
 endif
 
-	@$(call install_alternative, dnsmasq, 0, 0, 0644, /etc/dnsmasq.conf, n)
+	@$(call install_alternative, dnsmasq, 0, 0, 0644, /etc/dnsmasq.conf)
 
 # for the 'dnsmasq.leases' file
 	@$(call install_copy, dnsmasq, 0, 0, 0755, /var/lib/misc)
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 09/20] dnsmasq: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 projectroot/usr/lib/systemd/system/dnsmasq.service | 2 ++
 rules/dnsmasq.in                                   | 9 ++++++---
 rules/dnsmasq.make                                 | 5 +++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/projectroot/usr/lib/systemd/system/dnsmasq.service b/projectroot/usr/lib/systemd/system/dnsmasq.service
index c663e018c..2da3a7250 100644
--- a/projectroot/usr/lib/systemd/system/dnsmasq.service
+++ b/projectroot/usr/lib/systemd/system/dnsmasq.service
@@ -6,6 +6,8 @@ ExecStart=/usr/sbin/dnsmasq --pid-file=/run/dnsmasq.pid
 ExecReload=/bin/kill -HUP $MAINPID
 Type=forking
 PIDFile=/run/dnsmasq.pid
+# for the 'dnsmasq.leases' file
+StateDirectory=misc
 
 [Install]
 WantedBy=network.target
diff --git a/rules/dnsmasq.in b/rules/dnsmasq.in
index 65f68f738..aec63dd0f 100644
--- a/rules/dnsmasq.in
+++ b/rules/dnsmasq.in
@@ -5,9 +5,9 @@
 menuconfig DNSMASQ
 	tristate
 	prompt "dnsmasq                       "
-	select DBUS	if DNSMASQ_DBUS
-	select LUA	if DNSMASQ_SCRIPT_LUA
-	select ROOTFS_VAR_LIB
+	select DBUS		if DNSMASQ_DBUS
+	select LUA		if DNSMASQ_SCRIPT_LUA
+	select ROOTFS_VAR_LIB	if DNSMASQ_DHCP && RUNTIME
 	help
 	  A small caching DNS proxy and DHCP server.
 
@@ -23,6 +23,9 @@ menuconfig DNSMASQ
 	  Note: In order to make dnsmasq work as DHCP, you have to enable
 	  the following kernel features: FIXME
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' for its leases database (DHCP feature enabled).
+
 if DNSMASQ
 
 comment "build options   ---"
diff --git a/rules/dnsmasq.make b/rules/dnsmasq.make
index 861936329..d9a134cdf 100644
--- a/rules/dnsmasq.make
+++ b/rules/dnsmasq.make
@@ -104,9 +104,10 @@ endif
 
 	@$(call install_alternative, dnsmasq, 0, 0, 0644, /etc/dnsmasq.conf)
 
-# for the 'dnsmasq.leases' file
+ifdef PTXCONF_DNSMASQ_DHCP
+#	# for the 'dnsmasq.leases' file
 	@$(call install_copy, dnsmasq, 0, 0, 0755, /var/lib/misc)
-
+endif
 	@$(call install_finish, dnsmasq)
 
 	@$(call touch)
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 10/20] mariadb: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 projectroot/usr/lib/systemd/system/mariadb-init.service | 2 +-
 projectroot/usr/lib/systemd/system/mariadb.service      | 1 +
 rules/mariadb.in                                        | 4 ++++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/projectroot/usr/lib/systemd/system/mariadb-init.service b/projectroot/usr/lib/systemd/system/mariadb-init.service
index af18afa0a..71e37b658 100644
--- a/projectroot/usr/lib/systemd/system/mariadb-init.service
+++ b/projectroot/usr/lib/systemd/system/mariadb-init.service
@@ -21,7 +21,6 @@
 
 [Unit]
 Description=MariaDB Server Initialization Service
-RequiresMountsFor=/var/lib/mysql
 ConditionPathExists=!/var/lib/mysql/data
 
 [Service]
@@ -29,6 +28,7 @@ User=root
 Group=root
 Type=oneshot
 RemainAfterExit=yes
+StateDirectory=mysql
 
 ExecStart=/bin/chown -R mysql:mysql /var/lib/mysql
 ExecStart=/bin/chmod 0755 /var/lib/mysql
diff --git a/projectroot/usr/lib/systemd/system/mariadb.service b/projectroot/usr/lib/systemd/system/mariadb.service
index 120bfefe6..5d00d9119 100644
--- a/projectroot/usr/lib/systemd/system/mariadb.service
+++ b/projectroot/usr/lib/systemd/system/mariadb.service
@@ -7,6 +7,7 @@ After=mariadb-init.service
 User=mysql
 Group=mysql
 PrivateDevices=true
+StateDirectory=mysql
 
 ExecStart=/usr/bin/mysqld
 
diff --git a/rules/mariadb.in b/rules/mariadb.in
index b2127ea34..06cf4b9ad 100644
--- a/rules/mariadb.in
+++ b/rules/mariadb.in
@@ -16,10 +16,14 @@ config MARIADB
 	select NCURSES
 	select SYSTEMD		if MARIADB_SYSTEMD
 	select ZLIB
+	select ROOTFS_VAR_LIB	if RUNTIME
 	prompt "mariadb" if ALLYES
 	help
 	  MariaDB, a SQL database engine
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' for the database.
+
 if MARIADB
 
 config MARIADB_SYSTEMD
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 11/20] samba: adapt package's '/var/lib' and '/var/cache' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 ...ate-expected-directories-at-run-time.patch | 38 +++++++++++++++++++
 patches/samba-4.9.5/series                    |  4 ++
 rules/samba.in                                |  9 ++++-
 3 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
 create mode 100644 patches/samba-4.9.5/series

diff --git a/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch b/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
new file mode 100644
index 000000000..8569e0737
--- /dev/null
+++ b/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
@@ -0,0 +1,38 @@
+From: Juergen Borleis <juergen@kreuzholzen.de>
+Date: Tue, 4 Jun 2019 20:24:15 +0200
+Subject: [PATCH] Lets systemd create expected directories at run-time
+
+'samba' requires '/var/lib/samba' and '/var/cache/samba'.
+
+Signed-off-by: Juergen Borleis <juergen@kreuzholzen.de>
+---
+ packaging/systemd/nmb.service.in | 2 ++
+ packaging/systemd/smb.service.in | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/packaging/systemd/nmb.service.in b/packaging/systemd/nmb.service.in
+index a30812320c05..c9373d2ba0a6 100644
+--- a/packaging/systemd/nmb.service.in
++++ b/packaging/systemd/nmb.service.in
+@@ -8,6 +8,8 @@ After=network.target network-online.target
+ Type=notify
+ NotifyAccess=all
+ PIDFile=@PIDDIR@/nmbd.pid
++StateDirectory=samba
++CacheDirectory=samba
+ EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
+ ExecStart=@SBINDIR@/nmbd --foreground --no-process-group $NMBDOPTIONS
+ ExecReload=/bin/kill -HUP $MAINPID
+diff --git a/packaging/systemd/smb.service.in b/packaging/systemd/smb.service.in
+index 18912ef0e98f..76aedfa20337 100644
+--- a/packaging/systemd/smb.service.in
++++ b/packaging/systemd/smb.service.in
+@@ -9,6 +9,8 @@ Type=notify
+ NotifyAccess=all
+ PIDFile=@PIDDIR@/smbd.pid
+ LimitNOFILE=16384
++StateDirectory=samba
++CacheDirectory=samba
+ EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
+ ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS
+ ExecReload=/bin/kill -HUP $MAINPID
diff --git a/patches/samba-4.9.5/series b/patches/samba-4.9.5/series
new file mode 100644
index 000000000..b2dcdc0a4
--- /dev/null
+++ b/patches/samba-4.9.5/series
@@ -0,0 +1,4 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-Lets-systemd-create-expected-directories-at-run-time.patch
+# 2d2f83b2911fe3f43bff610738827040  - git-ptx-patches magic
diff --git a/rules/samba.in b/rules/samba.in
index ec5423661..822a9758a 100644
--- a/rules/samba.in
+++ b/rules/samba.in
@@ -17,8 +17,10 @@ menuconfig SAMBA
 	select LIBCAP
 	select LIBPOPT
 	select READLINE
-	select SYSTEMD				if SAMBA_SYSTEMD_UNIT
+	select SYSTEMD				if SAMBA_SYSTEMD_UNIT && RUNTIME
 	select ZLIB
+	select ROOTFS_VAR_LIB			if RUNTIME
+	select ROOTFS_VAR_CACHE			if RUNTIME
 	help
 	  Samba is an Open Source/Free Software suite that has, since
 	  1992, provided file and print services to all manner of
@@ -28,6 +30,9 @@ menuconfig SAMBA
 
 	  See http://www.samba.org for details.
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' and '/var/cache'.
+
 if SAMBA
 
 config SAMBA_COMMON
@@ -64,7 +69,7 @@ config SAMBA_CUPS
 config SAMBA_STARTSCRIPT
 	bool
 	default y
-	depends on SAMBA_SERVER
+	depends on SAMBA_SERVER && !INITMETHOD_SYSTEMD
 	prompt "install /etc/init.d/samba"
 
 config SAMBA_SYSTEMD_UNIT
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 12/20] polkit: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/polkit.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rules/polkit.in b/rules/polkit.in
index ef7b1fae2..97b81e0c8 100644
--- a/rules/polkit.in
+++ b/rules/polkit.in
@@ -10,12 +10,16 @@ menuconfig POLKIT
 	select GLIB
 	select DBUS_GLIB
 	select EGGDBUS
-	select SYSTEMD if POLKIT_SYSTEMD
-	select SYSTEMD_LOGIND if POLKIT_SYSTEMD
+	select SYSTEMD		if POLKIT_SYSTEMD
+	select SYSTEMD_LOGIND	if POLKIT_SYSTEMD
+	select ROOTFS_VAR_LIB	if RUNTIME
 	help
 	  PolicyKit offers an infrastructure for security policies for
 	  dbus applications.
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' for its run-time information.
+
 if POLKIT
 
 config POLKIT_SYSTEMD
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 13/20] nfsutils: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/nfsutils.in   | 12 +++++++++---
 rules/nfsutils.make |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/rules/nfsutils.in b/rules/nfsutils.in
index bd1052ebb..ed62b6d08 100644
--- a/rules/nfsutils.in
+++ b/rules/nfsutils.in
@@ -9,11 +9,15 @@ menuconfig NFSUTILS
 	select RPCBIND			if RUNTIME
 	select LIBTIRPC			if GLOBAL_IPV6
 	select ROOTFS_PROTOCOLS		if NFSUTILS_CLIENT
+	select ROOTFS_VAR_LIB		if RUNTIME
+	select SYSTEMD			if RUNTIME && NFSUTILS_SYSTEMD_UNIT
 	help
 	  The Sun Network Filesystem (NFS) protocol provides transparent remote
 	  access to shared files across networks. The NFS protocol is designed
 	  to be portable across different machines, operating systems, network
 	  architectures, and transport protocols.
+	  Note: this package expects write permissions to '/var/lib/nfs' for
+	  its state information.
 
 if NFSUTILS
 
@@ -27,18 +31,20 @@ config NFSUTILS_SERVER
 	bool
 	prompt "server"
 	help
-	  Install all tools and daemons to run a NFS server.
+	  Install all tools and daemons to run an NFS server.
 
 config NFSUTILS_NFSD_STARTSCRIPT
 	bool
-	depends on NFSUTILS_SERVER
+	depends on NFSUTILS_SERVER && !INITMETHOD_SYSTEMD
 	default y
 	prompt "install /etc/init.d/nfsd"
 
 config NFSUTILS_SYSTEMD_UNIT
 	bool
 	default y
-	depends on SYSTEMD
+	depends on INITMETHOD_SYSTEMD
 	prompt "install systemd unit files"
+	help
+	  Install all systemd related unit files to run the 'nfsutils'.
 
 endif
diff --git a/rules/nfsutils.make b/rules/nfsutils.make
index 929f53c72..4ce01c4e3 100644
--- a/rules/nfsutils.make
+++ b/rules/nfsutils.make
@@ -76,7 +76,7 @@ $(STATEDIR)/nfsutils.targetinstall:
 	@$(call install_fixup, nfsutils,PRIORITY,optional)
 	@$(call install_fixup, nfsutils,SECTION,base)
 	@$(call install_fixup, nfsutils,AUTHOR,"Robert Schwebel <r.schwebel@pengutronix.de>")
-	@$(call install_fixup, nfsutils,DESCRIPTION,missing)
+	@$(call install_fixup, nfsutils,DESCRIPTION,"Network Filesystem Support")
 
 	@$(call install_copy, nfsutils, 0, 0, 0755, -, /usr/sbin/nfsstat)
 	@$(call install_copy, nfsutils, 0, 0, 0755, -, /usr/sbin/nfsiostat)
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 14/20] logrotate: adapt package's '/var/lib' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 projectroot/usr/lib/systemd/system/logrotate.service | 1 +
 rules/logrotate.in                                   | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/projectroot/usr/lib/systemd/system/logrotate.service b/projectroot/usr/lib/systemd/system/logrotate.service
index 722eb85de..40f2a7608 100644
--- a/projectroot/usr/lib/systemd/system/logrotate.service
+++ b/projectroot/usr/lib/systemd/system/logrotate.service
@@ -2,4 +2,5 @@
 Description=logrotate
 
 [Service]
+StateDirectory=logrotate
 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf
diff --git a/rules/logrotate.in b/rules/logrotate.in
index 202dee573..097804017 100644
--- a/rules/logrotate.in
+++ b/rules/logrotate.in
@@ -5,6 +5,7 @@ menuconfig LOGROTATE
 	prompt "logrotate                     "
 	select LIBPOPT
 	select ACL if LOGROTATE_ACL
+	select ROOTFS_VAR_LIB		if RUNTIME
 	help
 	  The logrotate utility is designed to simplify the
 	  administration of log files on a system which generates a lot
@@ -14,6 +15,9 @@ menuconfig LOGROTATE
 	  log file gets to a certain size. Normally, logrotate runs as
 	  a daily cron job.
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' for its run-time information.
+
 if LOGROTATE
 
 config LOGROTATE_ACL
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 15/20] systemd: adapt package's '/var/lib' and '/var/cache' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/systemd.in | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rules/systemd.in b/rules/systemd.in
index c6b8848f4..5ce43b99c 100644
--- a/rules/systemd.in
+++ b/rules/systemd.in
@@ -30,6 +30,8 @@ menuconfig SYSTEMD
 	select ROOTFS_DEV
 	select LIBBLKID
 	select HOST_SYSTEMD	if SYSTEMD_UDEV_HWDB
+	select ROOTFS_VAR_LIB	if RUNTIME
+	select ROOTFS_VAR_CACHE	if RUNTIME
 	prompt "systemd                       "
 	help
 	  systemd is a system and session manager for Linux, compatible with SysV
@@ -43,6 +45,9 @@ menuconfig SYSTEMD
 
 	  http://www.freedesktop.org/wiki/Software/systemd
 
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/lib' and '/var/cache' for its run-time information.
+
 if SYSTEMD
 
 comment "D-Bus is needed for the enabled features"
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 16/20] sysstat: adapt package's '/var/log' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/sysstat.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/sysstat.in b/rules/sysstat.in
index 2c6e02d85..ff1f152df 100644
--- a/rules/sysstat.in
+++ b/rules/sysstat.in
@@ -4,6 +4,7 @@ config SYSSTAT
 	tristate
 	prompt "sysstat"
 	select GCCLIBS_GCC_S
+	select ROOTFS_VAR_LOG	if RUNTIME
 	help
 	  sar, iostat and mpstat - system performance tools for Linux
 
@@ -23,3 +24,6 @@ config SYSSTAT
 	  others. Both UP and SMP machines are fully supported.
 
 	  Homepage: http://pagesperso-orange.fr/sebastien.godard/
+
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/log'.
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 17/20] minicoredumper: adapt package's '/var/cache' requirements

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/minicoredumper.in | 4 ++++
 rules/rootfs.in         | 7 +++++++
 rules/rootfs.make       | 3 +++
 3 files changed, 14 insertions(+)

diff --git a/rules/minicoredumper.in b/rules/minicoredumper.in
index cc8008d1c..9fc3b63ed 100644
--- a/rules/minicoredumper.in
+++ b/rules/minicoredumper.in
@@ -5,6 +5,7 @@ config MINICOREDUMPER
 	prompt "minicoredumper"
 	select LIBELF
 	select JSON_C
+	select ROOTFS_VAR_CRASH	if RUNTIME
 	help
 	  The minicoredumper project provides a program that handles the
 	  creation of core dump files on Linux. It can produce much smaller
@@ -19,3 +20,6 @@ config MINICOREDUMPER
 	  	echo '|/usr/sbin/minicoredumper %P %u %g %s %t %h %e' > /proc/sys/kernel/core_pattern
 
 	  by hand to actually make use of it.
+
+	  Note: on a read-only root filesystem this package still requires a
+	  writable '/var/crash'.
diff --git a/rules/rootfs.in b/rules/rootfs.in
index 3ea4bde60..2ec7104c2 100644
--- a/rules/rootfs.in
+++ b/rules/rootfs.in
@@ -226,6 +226,13 @@ config ROOTFS_VAR_CACHE
 	  This directory is intended for application cache data. Say 'y' here
 	  to ensure a '/var/cache' directory is available at run-time.
 
+config ROOTFS_VAR_CRASH
+	bool
+	prompt "/var/crash"
+	help
+	  This directory is intended for core dumps. Say 'y' here to ensure a
+	  '/var/crash' directory is available at run-time.
+
 config ROOTFS_VAR_SPOOL
 	bool
 	prompt "/var/spool"
diff --git a/rules/rootfs.make b/rules/rootfs.make
index 8183d0288..a1002cfcd 100644
--- a/rules/rootfs.make
+++ b/rules/rootfs.make
@@ -112,6 +112,9 @@ endif
 ifdef PTXCONF_ROOTFS_VAR_CACHE
 	@$(call install_copy, rootfs, 0, 0, 0755, /var/cache)
 endif
+ifdef PTXCONF_ROOTFS_VAR_CRASH
+	@$(call install_copy, rootfs, 0, 0, 0755, /var/crash)
+endif
 ifdef PTXCONF_ROOTFS_VAR_SPOOL
 	@$(call install_copy, rootfs, 0, 0, 0755, /var/spool)
 endif
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 18/20] opkg: move opkg-database to a read-only location

[Juergen Borleis]

The directory tree in '/var/lib' might not be persistent and thus,
not in sync with the root filesystem. In this case it's required
to store the opkg database at a location which has a fixed
relation to the root filesystem's content it describes.

This change moves the opkg's database to a read-only location in
'/usr/share/opkg', which is then always in sync with the root
filesystem's content.

This changed opkg configuration works since commit
   a691341deb33077b9d5ede5fe349ee6b3fb99be1
 "ptxd_make_image_extract_xpkg_files: use ptxd_get_alternative to find opkg.conf"

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 doc/daily_work.inc             | 3 +--
 projectroot/etc/opkg/opkg.conf | 7 ++++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/doc/daily_work.inc b/doc/daily_work.inc
index 470c14f93..58cf69f49 100644
--- a/doc/daily_work.inc
+++ b/doc/daily_work.inc
@@ -1426,8 +1426,7 @@ This is a very simple and optimistic approach and works for surprisingly many us
 cases. But some applications expect a writable ``/var/lib`` and will fail due
 to this setup. Using an additional RAM disk for ``/var/lib`` might not help in
 this use case, because it will bury all build-time generated data already present
-in this directory tree (``opkg`` package information for example or other
-packages pre-defined configuration files).
+in this directory tree (package pre-defined configuration files for example).
 
 Overlay RAM Disk
 ~~~~~~~~~~~~~~~~
diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf
index 3ba17115b..67a64838f 100644
--- a/projectroot/etc/opkg/opkg.conf
+++ b/projectroot/etc/opkg/opkg.conf
@@ -6,7 +6,12 @@
 @SRC@
 
 dest	root	/
-option	lock_file /var/lock/opkg.lock
+option	lock_file /run/lock/opkg.lock
+
+# move away the ipkg database from the default "/var/lib/opkg" to a r/o location
+option lists_dir /usr/share/opkg/lists
+option status_file /usr/share/opkg/status
+option info_dir /usr/share/opkg/info
 
 arch	@ARCH@	10
 arch	all	1
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 19/20] dbus: adapt run-time socket path

[Juergen Borleis]

'dbus' defaults to '/var/run' to establish its socket and thus, 'systemd'
complains:

  /usr/lib/systemd/system/dbus.socket:4: ListenStream= references a path
  below legacy directory /var/run/, updating
  /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket;
  please update the unit file accordingly.

This change let the socket now defaults to '/run' instead.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/dbus.make | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/dbus.make b/rules/dbus.make
index 1458df957..da2135aef 100644
--- a/rules/dbus.make
+++ b/rules/dbus.make
@@ -42,6 +42,7 @@ DBUS_CONF_ENV	:= \
 DBUS_CONF_TOOL	:= autoconf
 DBUS_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
+	--runstatedir=/run \
 	--enable-silent-rules \
 	--disable-developer \
 	--disable-debug \
@@ -74,6 +75,7 @@ DBUS_CONF_OPT	:= \
 	--disable-relocation \
 	--disable-stats \
 	--$(call ptx/endis, PTXCONF_DBUS_SYSTEMD)-user-session \
+	--with-system-socket=/run/dbus/system_bus_socket \
 	--with-dbus-user=messagebus \
 	--without-valgrind \
 	--$(call ptx/wwo, PTXCONF_DBUS_X)-x$(call ptx/ifdef,PTXCONF_DBUS_X,=$(SYSROOT)/usr,) \
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 20/20] Update and sync autotools based package templates

[Juergen Borleis]

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
---
 rules/templates/src-autoconf-lib/Makefile.am  |   2 +-
 rules/templates/src-autoconf-lib/configure.ac |  35 +--
 rules/templates/src-autoconf-prog/Makefile.am |   3 +-
 .../templates/src-autoconf-prog/configure.ac  | 110 +++++++-
 .../src-autoconf-proglib/Makefile.am          |   2 +-
 .../src-autoconf-proglib/configure.ac         | 100 ++++++-
 .../template-m4-macros/attributes.m4          |   2 +-
 .../template-m4-macros/ax_armv7_detection.m4  |   8 +-
 ...mv4_detection.m4 => ax_armv8_detection.m4} |  60 ++--
 rules/templates/template-m4-macros/pkg.m4     | 256 +++++++++++++-----
 rules/templates/template-src-autoconf-make    |  37 +--
 11 files changed, 448 insertions(+), 167 deletions(-)
 rename rules/templates/template-m4-macros/{ax_armv4_detection.m4 => ax_armv8_detection.m4} (62%)

diff --git a/rules/templates/src-autoconf-lib/Makefile.am b/rules/templates/src-autoconf-lib/Makefile.am
index ae223891a..771b45454 100644
--- a/rules/templates/src-autoconf-lib/Makefile.am
+++ b/rules/templates/src-autoconf-lib/Makefile.am
@@ -28,10 +28,10 @@ EXTRA_DIST = \
 	autogen.sh \
 	m4/attributes.m4 \
 	m4/ptx.m4 \
-	m4/ax_armv4_detection.m4 \
 	m4/ax_armv5_detection.m4 \
 	m4/ax_armv6_detection.m4 \
 	m4/ax_armv7_detection.m4 \
+	m4/ax_armv8_detection.m4 \
 	m4/ax_floating_point.m4 \
 	m4/ax_code_coverage.m4 \
 	m4/pkg.m4 \
diff --git a/rules/templates/src-autoconf-lib/configure.ac b/rules/templates/src-autoconf-lib/configure.ac
index 24d0cb189..f062e6be5 100644
--- a/rules/templates/src-autoconf-lib/configure.ac
+++ b/rules/templates/src-autoconf-lib/configure.ac
@@ -14,9 +14,15 @@ AM_SILENT_RULES([yes])
 # TODO If you don't want the default installation path to be '/usr/local' change it here
 # AC_PREFIX_DEFAULT(<new prefix>)
 
-# TODO If possible, enable extensions to Posix
+# If possible, enable extensions to Posix
 AC_USE_SYSTEM_EXTENSIONS
 
+# support LFS
+AC_SYS_LARGEFILE
+
+AM_MAINTAINER_MODE
+AM_INIT_AUTOMAKE([foreign no-exeext dist-xz silent-rules subdir-objects])
+
 #
 # libtool library versioning stuff
 #
@@ -31,13 +37,10 @@ AC_SUBST(LT_CURRENT)
 AC_SUBST(LT_REVISION)
 AC_SUBST(LT_AGE)
 
-AM_MAINTAINER_MODE
-AM_INIT_AUTOMAKE([foreign no-exeext dist-xz silent-rules subdir-objects])
-
 #
 # Checks for programs.
 #
-AC_PROG_CC
+AC_PROG_CC_C99
 
 #
 # TODO to only build the static library uncomment the following line
@@ -120,15 +123,16 @@ PTX_LIBRARY_CHECKS
 # specific architectures.
 
 #AS_IF([test x${host_cpu} = "xarm"],
-#	[AX_DETECT_ARMV4([enable_arm4=yes], [enable_arm4=no])
-#	AX_DETECT_ARMV5([enable_arm5=yes], [enable_arm5=no])
+#	[AX_DETECT_ARMV5([enable_arm5=yes], [enable_arm5=no])
 #	AX_DETECT_ARMV6([enable_arm6=yes], [enable_arm6=no])
 #	AX_DETECT_ARMV7([enable_arm7=yes], [enable_arm7=no])
+#	AX_DETECT_ARMV8([enable_arm8=yes], [enable_arm8=no])
 #
 #	AS_IF([test x${enable_arm4} = "xyes"], [AC_MSG_NOTICE([ARMv4 target])])
 #	AS_IF([test x${enable_arm5} = "xyes"], [AC_MSG_NOTICE([ARMv5 target])])
 #	AS_IF([test x${enable_arm6} = "xyes"], [AC_MSG_NOTICE([ARMv6 target])])
-#	AS_IF([test x${enable_arm7} = "xyes"], [AC_MSG_NOTICE([ARMv7 target])])])
+#	AS_IF([test x${enable_arm7} = "xyes"], [AC_MSG_NOTICE([ARMv7 target])])
+#	AS_IF([test x${enable_arm8} = "xyes"], [AC_MSG_NOTICE([ARMv8 target])])])
 
 # -------------------------- use all the settings ----------------------------
 
@@ -177,14 +181,17 @@ AC_MSG_RESULT([
 	 Target CPU:		${host_cpu}
 	 Target OS:		${host_os}
 
-	Detected options:
+	User options:
 	------------------------------------------------------
-	 CPPFLAGS:		${CPPFLAGS}
 	 CFLAGS:		${CFLAGS}
+	 CPPFLAGS:		${CPPFLAGS}
 	 LDFLAGS:		${LDFLAGS}
+
+	Detected options:
+	------------------------------------------------------
 	 Debug:			${enable_debug}
 	 Hidden symbols		${enable_hide}
-	 Coverage:		${enable_coverage}
+	 Coverage:		${enable_code_coverage}
 		CPPFLAGS:	${CODE_COVERAGE_CPPFLAGS}
 		CFLAGS:		${CODE_COVERAGE_CFLAGS}
 		LDFLAGS:	${CODE_COVERAGE_LDFLAGS}
@@ -193,12 +200,6 @@ AC_MSG_RESULT([
 	 Private libs:		${LIBS}
 	 Use abort():		${enable_abort}
 
-	User options:
-	------------------------------------------------------
-	 CFLAGS:		${CFLAGS}
-	 CPPFLAGS:		${CPPFLAGS}
-	 LDFLAGS:		${LDFLAGS}
-
 	Install options:
 	------------------------------------------------------
 	 prefix:		${prefix}
diff --git a/rules/templates/src-autoconf-prog/Makefile.am b/rules/templates/src-autoconf-prog/Makefile.am
index 3b0782dac..2a197076b 100644
--- a/rules/templates/src-autoconf-prog/Makefile.am
+++ b/rules/templates/src-autoconf-prog/Makefile.am
@@ -16,12 +16,11 @@ EXTRA_DIST = \
 	autogen.sh \
 	m4/attributes.m4 \
 	m4/ptx.m4 \
-	m4/ax_armv4_detection.m4 \
 	m4/ax_armv5_detection.m4 \
 	m4/ax_armv6_detection.m4 \
 	m4/ax_armv7_detection.m4 \
+	m4/ax_armv8_detection.m4 \
 	m4/ax_floating_point.m4 \
-	m4/ax_am_jobserver.m4 \
 	m4/ax_code_coverage.m4 \
 	m4/pkg.m4 \
 	COPYING
diff --git a/rules/templates/src-autoconf-prog/configure.ac b/rules/templates/src-autoconf-prog/configure.ac
index 94f855859..8dcb7cf57 100644
--- a/rules/templates/src-autoconf-prog/configure.ac
+++ b/rules/templates/src-autoconf-prog/configure.ac
@@ -1,5 +1,6 @@
 AC_PREREQ(2.69)
 
+# TODO add useful information about this package
 AC_INIT([@name@], 0.0.0, [bugs@yourdomain.to], [@name@], [http://www.yourdomain.to/])
 AC_CONFIG_SRCDIR([@name@.c])
 AC_CONFIG_HEADERS([config.h])
@@ -25,18 +26,110 @@ AM_INIT_AUTOMAKE([foreign no-exeext dist-xz silent-rules subdir-objects])
 #
 # Checks for programs.
 #
-AC_PROG_CC
+AC_PROG_CC_C99
+
+#
+# Using additional preprocessor, compiler or linker flags:
+# - add them to AM_CPPFLAGS, AM_CFLAGS or AM_LDFLAGS if they should be used
+#   by all source files
+# - give the user a chance to setup her/his own flags with the CPPFLAGS, CFLAGS
+#   and LDFLAGS
+# - if some flags are specific to a file add the flags via the substitute macro
+#   into the Makefile
+#
+# Don't add the "-g" to the CFLAGS variable. It will be done automatically if
+# autoconf detects a GNU compiler.
+#
+
+#
+# Please note: 'configure' defaults the CFLAGS to "-O2 -g" if it detects a
+# GCC. If the user overwrites the CFLAGS externallly, there will be no default!
+# Keep the user informed about this behaviour.
+
+#
+# TODO Check here for mandadory external libraries
+#
+# Rule of thumb: when your library needs an external library, add it
+# to the 'LIBS' variable. Do _not_ add it manually into the Makefile.am files.
+# These libraries _must_ be listed in the *.pc file.
+#
+# Don't add libraries without a check. Even if you know the 'sqrt()' requires
+# 'libm' on most systems, check for its real need with 'AC_SEARCH_LIBS(sqrt, m)'.
+# Doing it in this way will ensure an embedded developer knows exactly what
+# dependencies your library has (because it gets listed in the *.pc file).
+#
+# Another way for checking libraries is the PKG_CHECK_MODULES macro. But please
+# honor if a user switches off a feature you also switch of the test for a
+# external component via PKG_CHECK_MODULES when it is no longer required!
+# PKG_CHECK_MODULES returns *_CFLAGS and *_LIBS. Again, add the *_LIBS to the
+# global 'LIBS', but for the CFLAGS you can decide if you add them to the
+# CFLAGS, AM_CFLAGS or as substitution variables in the Makefile.am.
 
-##
-# libsomething
-##
 #REQUIRES_LIBSOMETHING="libsomething >= 20090402-1"
 #AC_SUBST(REQUIRES_LIBSOMETHING)
 #PKG_CHECK_MODULES(libsomething, $REQUIRES_LIBSOMETHING)
 
+#
+# TODO Check for functions and header files. First write your code and then run
+# the 'autoscan' tool to get an idea what is still missing in your 'configure.ac'
+#
+
 PTX_COMMON_CHECKS
 PTX_APPLICATION_CHECKS
 
+# ---------------------------------------------------------------------------
+
+# TODO Checking if this CPU has a hardware floating point unit
+
+#AX_HARDWARE_FP([target_hardware_fp=yes], [target_hardware_fp=no])
+
+# When a hardware floating point unit seems available, then use it.
+# This will end in bad code on badly configured compilers which generates
+# floating point instructions even if the CPU has not hardware FP unit
+#
+#AS_IF([test x${target_hardware_fp} = "xyes"],
+#	[AC_MSG_NOTICE([FPU available])],
+#	[AC_MSG_NOTICE([FPU not available])])
+
+# ---------------------------------------------------------------------------
+
+# TODO discover on demand the special architecture this compiler builds code
+# for. This can be useful if the package provides some optimized code for
+# specific architectures.
+
+#AS_IF([test x${host_cpu} = "xarm"],
+#	[AX_DETECT_ARMV5([enable_arm5=yes], [enable_arm5=no])
+#	AX_DETECT_ARMV6([enable_arm6=yes], [enable_arm6=no])
+#	AX_DETECT_ARMV7([enable_arm7=yes], [enable_arm7=no])
+#	AX_DETECT_ARMV8([enable_arm8=yes], [enable_arm8=no])
+#
+#	AS_IF([test x${enable_arm4} = "xyes"], [AC_MSG_NOTICE([ARMv4 target])])
+#	AS_IF([test x${enable_arm5} = "xyes"], [AC_MSG_NOTICE([ARMv5 target])])
+#	AS_IF([test x${enable_arm6} = "xyes"], [AC_MSG_NOTICE([ARMv6 target])])
+#	AS_IF([test x${enable_arm7} = "xyes"], [AC_MSG_NOTICE([ARMv7 target])])
+#	AS_IF([test x${enable_arm8} = "xyes"], [AC_MSG_NOTICE([ARMv8 target])])])
+
+# -------------------------- use all the settings ----------------------------
+
+# substitute the settings valid for all source files
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_CPPFLAGS)
+AC_SUBST(AM_LDFLAGS)
+
+# add private libs to the pkg-config file
+# 'private libs' are those required to link this library
+# its used later on if someone wants to link this library statically
+AC_SUBST(LIBS)
+
+# add required lib information to the pkg-config file (on demand)
+AC_SUBST(REQUIRES)
+
+# add lib information which may conflicts with this libarry
+AC_SUBST(CONFLICTS)
+
+# add special compile flags on demand
+AC_SUBST(PRIVATE_CFLAGS)
+
 # be very silent on request
 AM_CONDITIONAL(BUILD_SILENTLY, test "x$AM_DEFAULT_VERBOSITY" = x0)
 
@@ -61,18 +154,21 @@ AC_MSG_RESULT([
 	 Target CPU:		${host_cpu}
 	 Target OS:		${host_os}
 
-	Detected options:
+	User options:
 	------------------------------------------------------
-	 CPPFLAGS:		${CPPFLAGS}
 	 CFLAGS:		${CFLAGS}
+	 CPPFLAGS:		${CPPFLAGS}
 	 LDFLAGS:		${LDFLAGS}
+
+	Detected options:
+	------------------------------------------------------
 	 Debug:			${enable_debug}
 	 Coverage:		${enable_code_coverage}
 		CPPFLAGS:	${CODE_COVERAGE_CPPFLAGS}
 		CFLAGS:		${CODE_COVERAGE_CFLAGS}
 		LDFLAGS:	${CODE_COVERAGE_LDFLAGS}
 	 Profiling:		${enable_profile}
-	 optimisation goal:	${with_goal}
+	 Optimisation goal:	${with_goal}
 	 Private libs:		${LIBS}
 	 Use abort():		${enable_abort}
 
diff --git a/rules/templates/src-autoconf-proglib/Makefile.am b/rules/templates/src-autoconf-proglib/Makefile.am
index c5c27b0af..2f666eae2 100644
--- a/rules/templates/src-autoconf-proglib/Makefile.am
+++ b/rules/templates/src-autoconf-proglib/Makefile.am
@@ -27,10 +27,10 @@ EXTRA_DIST = \
 	autogen.sh \
 	m4/attributes.m4 \
 	m4/ptx.m4 \
-	m4/ax_armv4_detection.m4 \
 	m4/ax_armv5_detection.m4 \
 	m4/ax_armv6_detection.m4 \
 	m4/ax_armv7_detection.m4 \
+	m4/ax_armv8_detection.m4 \
 	m4/ax_floating_point.m4 \
 	m4/ax_code_coverage.m4 \
 	m4/pkg.m4 \
diff --git a/rules/templates/src-autoconf-proglib/configure.ac b/rules/templates/src-autoconf-proglib/configure.ac
index cdbc182f1..ad873c9ca 100644
--- a/rules/templates/src-autoconf-proglib/configure.ac
+++ b/rules/templates/src-autoconf-proglib/configure.ac
@@ -17,6 +17,12 @@ AM_SILENT_RULES([yes])
 # If possible, enable extensions to Posix
 AC_USE_SYSTEM_EXTENSIONS
 
+# support LFS
+AC_SYS_LARGEFILE
+
+AM_MAINTAINER_MODE
+AM_INIT_AUTOMAKE([foreign no-exeext dist-xz silent-rules subdir-objects])
+
 #
 # libtool library versioning stuff
 #
@@ -31,17 +37,37 @@ AC_SUBST(LT_CURRENT)
 AC_SUBST(LT_REVISION)
 AC_SUBST(LT_AGE)
 
-AM_MAINTAINER_MODE
-AM_INIT_AUTOMAKE([foreign no-exeext dist-xz silent-rules subdir-objects])
-
 #
 # Checks for programs.
 #
-AC_PROG_CC
-AC_PROG_LIBTOOL
+AC_PROG_CC_C99
+
+#
+# TODO to only build the static library uncomment the following line
+# AC_DISABLE_SHARED([])
+# TODO to only build the shared library uncomment the following line
+# AC_DISABLE_STATIC([])
 
 LT_INIT
 
+#
+# Using additional preprocessor, compiler or linker flags:
+# - add them to AM_CPPFLAGS, AM_CFLAGS or AM_LDFLAGS if they should be used
+#   by all source files
+# - give the user a chance to setup her/his own flags with the CPPFLAGS, CFLAGS
+#   and LDFLAGS
+# - if some flags are specific to a file add the flags via the substitute macro
+#   into the Makefile
+#
+# Don't add the "-g" to the CFLAGS variable. It will be done automatically if
+# autoconf detects a GNU compiler.
+#
+
+#
+# Please note: 'configure' defaults the CFLAGS to "-O2 -g" if it detects a
+# GCC. If the user overwrites the CFLAGS externallly, there will be no default!
+# Keep the user informed about this behaviour.
+
 #
 # TODO Check here for mandadory external libraries
 #
@@ -60,7 +86,6 @@ LT_INIT
 # PKG_CHECK_MODULES returns *_CFLAGS and *_LIBS. Again, add the *_LIBS to the
 # global 'LIBS', but for the CFLAGS you can decide if you add them to the
 # CFLAGS, AM_CFLAGS or as substitution variables in the Makefile.am.
-#
 
 #REQUIRES_LIBSOMETHING="libsomething >= 20090402-1"
 #AC_SUBST(REQUIRES_LIBSOMETHING)
@@ -78,15 +103,65 @@ PTX_COMMON_CHECKS
 PTX_LIBRARY_CHECKS
 PTX_APPLICATION_CHECKS
 
-# be very silent on request
-AM_CONDITIONAL(BUILD_SILENTLY, test "x$AM_DEFAULT_VERBOSITY" = x0)
+# ---------------------------------------------------------------------------
+
+# TODO Checking if this CPU has a hardware floating point unit
+
+#AX_HARDWARE_FP([target_hardware_fp=yes], [target_hardware_fp=no])
+
+# When a hardware floating point unit seems available, then use it.
+# This will end in bad code on badly configured compilers which generates
+# floating point instructions even if the CPU has not hardware FP unit
+#
+#AS_IF([test x${target_hardware_fp} = "xyes"],
+#	[AC_MSG_NOTICE([FPU available])],
+#	[AC_MSG_NOTICE([FPU not available])])
+
+# ---------------------------------------------------------------------------
+
+# TODO discover on demand the special architecture this compiler builds code
+# for. This can be useful if the package provides some optimized code for
+# specific architectures.
+
+#AS_IF([test x${host_cpu} = "xarm"],
+#	[AX_DETECT_ARMV5([enable_arm5=yes], [enable_arm5=no])
+#	AX_DETECT_ARMV6([enable_arm6=yes], [enable_arm6=no])
+#	AX_DETECT_ARMV7([enable_arm7=yes], [enable_arm7=no])
+#	AX_DETECT_ARMV8([enable_arm8=yes], [enable_arm8=no])
+#
+#	AS_IF([test x${enable_arm4} = "xyes"], [AC_MSG_NOTICE([ARMv4 target])])
+#	AS_IF([test x${enable_arm5} = "xyes"], [AC_MSG_NOTICE([ARMv5 target])])
+#	AS_IF([test x${enable_arm6} = "xyes"], [AC_MSG_NOTICE([ARMv6 target])])
+#	AS_IF([test x${enable_arm7} = "xyes"], [AC_MSG_NOTICE([ARMv7 target])])
+#	AS_IF([test x${enable_arm8} = "xyes"], [AC_MSG_NOTICE([ARMv8 target])])])
+
+# -------------------------- use all the settings ----------------------------
+
+# substitute the settings valid for all source files
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_CPPFLAGS)
+AC_SUBST(AM_LDFLAGS)
+
+# add private libs to the pkg-config file
+# 'private libs' are those required to link this library
+# its used later on if someone wants to link this library statically
+AC_SUBST(LIBS)
 
 # add required lib information to the pkg-config file (on demand)
 AC_SUBST(REQUIRES)
 
+# add lib information which may conflicts with this libarry
+AC_SUBST(CONFLICTS)
+
+# add special compile flags on demand
+AC_SUBST(PRIVATE_CFLAGS)
+
+# be very silent on request
+AM_CONDITIONAL(BUILD_SILENTLY, test "x$AM_DEFAULT_VERBOSITY" = x0)
+
 AC_CONFIG_FILES([
-	lib@name@.pc
 	Makefile
+	lib@name@.pc
 ])
 AC_OUTPUT
 
@@ -107,11 +182,14 @@ AC_MSG_RESULT([
 	 Target CPU:		${host_cpu}
 	 Target OS:		${host_os}
 
-	Detected options:
+	User options:
 	------------------------------------------------------
-	 CPPFLAGS:		${CPPFLAGS}
 	 CFLAGS:		${CFLAGS}
+	 CPPFLAGS:		${CPPFLAGS}
 	 LDFLAGS:		${LDFLAGS}
+
+	Detected options:
+	------------------------------------------------------
 	 Debug:			${enable_debug}
 	 Hidden symbols		${enable_hide}
 	 Coverage:		${enable_code_coverage}
diff --git a/rules/templates/template-m4-macros/attributes.m4 b/rules/templates/template-m4-macros/attributes.m4
index 494584e7c..5ea0fd5e0 100644
--- a/rules/templates/template-m4-macros/attributes.m4
+++ b/rules/templates/template-m4-macros/attributes.m4
@@ -89,7 +89,7 @@ AC_DEFUN([CC_CHECK_LDFLAGS], [
     AS_TR_SH([cc_cv_ldflags_$1]),
     [ac_save_LDFLAGS="$LDFLAGS"
      LDFLAGS="$LDFLAGS $1"
-     AC_LINK_IFELSE(AC_LANG_SOURCE([int main(void); int main() { return 1; }]),
+     AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void); int main() { return 1; }])],
        [eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"],
        [eval "AS_TR_SH([cc_cv_ldflags_$1])="])
      LDFLAGS="$ac_save_LDFLAGS"
diff --git a/rules/templates/template-m4-macros/ax_armv7_detection.m4 b/rules/templates/template-m4-macros/ax_armv7_detection.m4
index 70050ec2b..b598bf887 100644
--- a/rules/templates/template-m4-macros/ax_armv7_detection.m4
+++ b/rules/templates/template-m4-macros/ax_armv7_detection.m4
@@ -12,7 +12,7 @@
 #   --disable-armv7core.
 #   It works by detecting the compiler's macros __ARM_ARCH_7A__, __ARM_ARCH_7M__.
 #   These are set in  gcc compilers when they are configured to create code for
-#   ARMv6 cores.
+#   ARMv7 cores.
 #   This macro cannot detect the correct target's features if the compiler is
 #   not correctly configured to reflect the target's features.
 #
@@ -58,7 +58,7 @@ dnl
 		[ax_armv7core=auto])
 
 	AC_CACHE_CHECK([for ARMv7 target core], [ax_cv_armv7core],
-		[ax_cv_armv7core=${ax_armv6core}])
+		[ax_cv_armv7core=${ax_armv7core}])
 dnl	AC_MSG_RESULT([${ax_cv_armv7core}])
 
 	if test "x${ax_cv_armv7core}" = "xauto"; then
@@ -71,7 +71,7 @@ dnl only for GCC we know it works in this way
 				[AC_LANG_PROGRAM([[]],
 					[[
 #undef THIS_IS_V7
-#if defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7M__)
+#if __ARM_ARCH==7 || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7M__)
 # define THIS_IS_V7 1
 #endif
 int foo = THIS_IS_V7;
@@ -79,7 +79,7 @@ int foo = THIS_IS_V7;
 				],
 				[ax_cv_armv7core=yes],
 				[ax_cv_armv7core=no],
-				[ARMv6 core]); dnl AC_COMPILE_IFELSE
+				[ARMv7 core]); dnl AC_COMPILE_IFELSE
 			AC_MSG_RESULT([${ax_cv_armv7core}]);
 		fi
 	fi
diff --git a/rules/templates/template-m4-macros/ax_armv4_detection.m4 b/rules/templates/template-m4-macros/ax_armv8_detection.m4
similarity index 62%
rename from rules/templates/template-m4-macros/ax_armv4_detection.m4
rename to rules/templates/template-m4-macros/ax_armv8_detection.m4
index 05b6ae0de..2afb0ddb3 100644
--- a/rules/templates/template-m4-macros/ax_armv4_detection.m4
+++ b/rules/templates/template-m4-macros/ax_armv8_detection.m4
@@ -1,24 +1,24 @@
 #
 # SYNOPSIS
 #
-#   AX_DETECT_ARMV4([ACTION-IF-ARMv4],[ACTION-IF-NO-ARMv4])
+#   AX_DETECT_ARMV8([ACTION-IF-ARMv8],[ACTION-IF-NO-ARMv8])
 #
 # DESCRIPTION
 #
-#   AX_DETECT_ARMV4 detects from the compiler settings if the target is of
-#   type ARMv4. It is intended mostly for cross compiling to be able to collect
+#   AX_DETECT_ARMV8 detects from the compiler settings if the target is of
+#   type ARMv8. It is intended mostly for cross compiling to be able to collect
 #   more information about the target architecture and features. The user can
-#   overwrite the detection by using the option --enable-armv4core or
-#   --disable-armv4core.
-#   It works by detecting the compiler's macros __ARM_ARCH_4__ and
-#   __ARM_ARCH_4T__. These are set in gcc compilers when they are configured
-#   to create code for ARMv4 cores.
+#   overwrite the detection by using the option --enable-armv8core or
+#   --disable-armv8core.
+#   It works by detecting the compiler's macro __ARM_ARCH=8 and __ARM_ARCH_8A.
+#   These are set in gcc compilers when they are configured to create code for
+#   ARMv8 cores.
 #   This macro cannot detect the correct target's features if the compiler is
 #   not correctly configured to reflect the target's features.
 #
 # LICENSE
 #
-#   Copyright (c) 2012 Juergen Borleis <jbe@pengutronix.de>
+#   Copyright (c) 2019 Juergen Borleis <jbe@pengutronix.de>
 #
 #   This program is free software; you can redistribute it and/or modify it
 #   under the terms of the GNU General Public License as published by the
@@ -46,45 +46,45 @@
 #   modified version of the Autoconf Macro, you may extend this special
 #   exception to the GPL to apply to your modified version as well.
 
-AC_DEFUN([AX_DETECT_ARMV4],
+AC_DEFUN([AX_DETECT_ARMV8],
 	[AC_REQUIRE([AC_PROG_CC])
 dnl
 dnl Give the user the possibility to overwrite the auto detection
 dnl
-	AC_ARG_ENABLE([armv4core],
-		[AS_HELP_STRING([--enable-armv4core],
-			[Enable optimizations for ARMv4 cores @<:@default=auto@:>@])],
-		[ax_armv4core="${enableval}"],
-		[ax_armv4core=auto])
+	AC_ARG_ENABLE([armv8core],
+		[AS_HELP_STRING([--enable-armv8core],
+			[Enable optimizations for ARMv8 cores @<:@default=auto@:>@])],
+		[ax_armv8core="${enableval}"],
+		[ax_armv8core=auto])
 
-	AC_CACHE_CHECK([for ARMv4 target core], [ax_cv_armv4core],
-		[ax_cv_armv4core=${ax_armv4core}])
-dnl	AC_MSG_RESULT([${ax_cv_armv4core}])
+	AC_CACHE_CHECK([for ARMv8 target core], [ax_cv_armv8core],
+		[ax_cv_armv8core=${ax_armv8core}])
+dnl	AC_MSG_RESULT([${ax_cv_armv8core}])
 
-	if test "x${ax_cv_armv4core}" = "xauto"; then
+	if test "x${ax_cv_armv8core}" = "xauto"; then
 		if test "x$GCC" != "xyes"; then
 dnl only for GCC we know it works in this way
 			AC_MSG_ERROR([Cannot autodetect the architecture for non GCC compilers])
 		else
-			AC_MSG_CHECKING(if target's core is of type ARMv4)
+			AC_MSG_CHECKING(if target's core is of type ARMv8)
 			AC_COMPILE_IFELSE(
 				[AC_LANG_PROGRAM([[]],
 					[[
-#undef THIS_IS_V4
-#if defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
-# define THIS_IS_V4 1
+#undef THIS_IS_V8
+#if __ARM_ARCH==8  || defined(__ARM_ARCH_8A__)
+# define THIS_IS_V8 1
 #endif
-int foo = THIS_IS_V4;
+int foo = THIS_IS_V8;
 					]]) dnl AC_LANG_PROGRAM
 				],
-				[ax_cv_armv4core=yes],
-				[ax_cv_armv4core=no],
-				[ARMv4 core]); dnl AC_COMPILE_IFELSE
-			AC_MSG_RESULT([${ax_cv_armv4core}]);
+				[ax_cv_armv8core=yes],
+				[ax_cv_armv8core=no],
+				[ARMv8 core]); dnl AC_COMPILE_IFELSE
+			AC_MSG_RESULT([${ax_cv_armv8core}]);
 		fi
 	fi
 
-	case "x${ax_cv_armv4core}" in
+	case "x${ax_cv_armv8core}" in
 	"xyes")
 		$1
 		;;
@@ -92,7 +92,7 @@ int foo = THIS_IS_V4;
 		$2
 		;;
 	*)
-		AC_MSG_ERROR([Unknown setting for ARMv4 architecture: '${ax_cv_armv4core}'.])
+		AC_MSG_ERROR([Unknown setting for ARMv8 architecture: '${ax_cv_armv8core}'.])
 		;;
 	esac
 ]) dnl AC_DEFUN
diff --git a/rules/templates/template-m4-macros/pkg.m4 b/rules/templates/template-m4-macros/pkg.m4
index 4d42fdd58..13a889017 100644
--- a/rules/templates/template-m4-macros/pkg.m4
+++ b/rules/templates/template-m4-macros/pkg.m4
@@ -1,32 +1,64 @@
-# pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
-# serial 1 (pkg-config-0.24)
-#
-# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# PKG_PROG_PKG_CONFIG([MIN-VERSION])
-# ----------------------------------
+# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
 AC_DEFUN([PKG_PROG_PKG_CONFIG],
 [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
 AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
 AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
 AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
@@ -44,18 +76,19 @@ if test -n "$PKG_CONFIG"; then
 		PKG_CONFIG=""
 	fi
 fi[]dnl
-])# PKG_PROG_PKG_CONFIG
-
-# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-#
-# Check to see whether a particular set of modules exists.  Similar
-# to PKG_CHECK_MODULES(), but does not set variables or print errors.
-#
-# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-# only at the first occurence in configure.ac, so if the first place
-# it's called might be skipped (such as if it is within an "if", you
-# have to call PKG_CHECK_EXISTS manually
-# --------------------------------------------------------------
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
 AC_DEFUN([PKG_CHECK_EXISTS],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 if test -n "$PKG_CONFIG" && \
@@ -65,22 +98,26 @@ m4_ifvaln([$3], [else
   $3])dnl
 fi])
 
-# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-# ---------------------------------------------
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
 m4_define([_PKG_CONFIG],
 [if test -n "$$1"; then
     pkg_cv_[]$1="$$1"
  elif test -n "$PKG_CONFIG"; then
     PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
 		     [pkg_failed=yes])
  else
     pkg_failed=untried
 fi[]dnl
-])# _PKG_CONFIG
+])dnl _PKG_CONFIG
 
-# _PKG_SHORT_ERRORS_SUPPORTED
-# -----------------------------
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
 AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -88,26 +125,24 @@ if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
 else
         _pkg_short_errors_supported=no
 fi[]dnl
-])# _PKG_SHORT_ERRORS_SUPPORTED
-
-
-# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-# [ACTION-IF-NOT-FOUND])
-#
-#
-# Note that if there is a possibility the first call to
-# PKG_CHECK_MODULES might not happen, you should be sure to include an
-# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-#
-#
-# --------------------------------------------------------------
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
 AC_DEFUN([PKG_CHECK_MODULES],
 [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
 AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
 AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
 
 pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
 
 _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
 _PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -117,13 +152,13 @@ and $1[]_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.])
 
 if test $pkg_failed = yes; then
-	AC_MSG_RESULT([no])
-	_PKG_SHORT_ERRORS_SUPPORTED
-	if test $_pkg_short_errors_supported = yes; then
-		$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
-	else
-		$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1`
-	fi
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
 	# Put the nasty error message in config.log where it belongs
 	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
 
@@ -138,7 +173,7 @@ installed software in a non-standard prefix.
 _PKG_TEXT])[]dnl
         ])
 elif test $pkg_failed = untried; then
-	AC_MSG_RESULT([no])
+        AC_MSG_RESULT([no])
 	m4_default([$4], [AC_MSG_FAILURE(
 [The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
@@ -147,11 +182,94 @@ path to pkg-config.
 _PKG_TEXT
 
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
-	])
+        ])
 else
 	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
 	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
         AC_MSG_RESULT([yes])
 	$3
 fi[]dnl
-])# PKG_CHECK_MODULES
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
diff --git a/rules/templates/template-src-autoconf-make b/rules/templates/template-src-autoconf-make
index 034ea2eb3..57b32ce8c 100644
--- a/rules/templates/template-src-autoconf-make
+++ b/rules/templates/template-src-autoconf-make
@@ -79,30 +79,19 @@ $(STATEDIR)/@package@.targetinstall:
 	@$(call install_fixup, @package@, PRIORITY, optional)
 	@$(call install_fixup, @package@, SECTION, base)
 	@$(call install_fixup, @package@, AUTHOR, "@AUTHOR@")
-	@$(call install_fixup, @package@, DESCRIPTION, missing)
-
-#	#
-#	# example code:; copy all libraries, links and binaries
-#	#
-
-	@for i in $(shell cd $(@PACKAGE@_PKGDIR) && find bin sbin usr/bin usr/sbin -type f); do \
-		$(call install_copy, @package@, 0, 0, 0755, -, /$$i); \
-	done
-	@for i in $(shell cd $(@PACKAGE@_PKGDIR) && find lib usr/lib -name "*.so*"); do \
-		$(call install_copy, @package@, 0, 0, 0644, -, /$$i); \
-	done
-	@links="$(shell cd $(@PACKAGE@_PKGDIR) && find lib usr/lib -type l)"; \
-	if [ -n "$$links" ]; then \
-		for i in $$links; do \
-			from="`readlink $(@PACKAGE@_PKGDIR)/$$i`"; \
-			to="/$$i"; \
-			$(call install_link, @package@, $$from, $$to); \
-		done; \
-	fi
-
-#	#
-#	# FIXME: add all necessary things here
-#	#
+	@$(call install_fixup, @package@, DESCRIPTION, "TODO @package@")
+
+#	# This is an example only. Adapt it to your requirements. Read the
+#	# documentation's section "Make it Work" in chapter "Adding new Packages"
+#	# how to prepare this content or/and read chapter
+#	# "Rule File Macro Reference" to get an idea of the available macros
+#	# you can use here and how to use them.
+
+#	# install library (note: may fail, if there is no library)
+	@$(call install_lib, @package@, 0, 0, 0644, lib@package@)
+
+#	# install binary (note: may fail, if there is no binary)
+	@$(call install_copy, @package@, 0, 0, 0755, -, /usr/bin/@package@)
 
 	@$(call install_finish, @package@)
 
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 11/20] samba: adapt package's '/var/lib' and '/var/cache' requirements

[Michael Olbrich]

On Wed, Jun 05, 2019 at 02:54:12PM +0200, Juergen Borleis wrote:
> Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> ---
>  ...ate-expected-directories-at-run-time.patch | 38 +++++++++++++++++++
>  patches/samba-4.9.5/series                    |  4 ++
>  rules/samba.in                                |  9 ++++-
>  3 files changed, 49 insertions(+), 2 deletions(-)
>  create mode 100644 patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
>  create mode 100644 patches/samba-4.9.5/series
> 
> diff --git a/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch b/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
> new file mode 100644
> index 000000000..8569e0737
> --- /dev/null
> +++ b/patches/samba-4.9.5/0001-Lets-systemd-create-expected-directories-at-run-time.patch
> @@ -0,0 +1,38 @@
> +From: Juergen Borleis <juergen@kreuzholzen.de>
> +Date: Tue, 4 Jun 2019 20:24:15 +0200
> +Subject: [PATCH] Lets systemd create expected directories at run-time
> +
> +'samba' requires '/var/lib/samba' and '/var/cache/samba'.
> +
> +Signed-off-by: Juergen Borleis <juergen@kreuzholzen.de>
> +---
> + packaging/systemd/nmb.service.in | 2 ++
> + packaging/systemd/smb.service.in | 2 ++
> + 2 files changed, 4 insertions(+)
> +
> +diff --git a/packaging/systemd/nmb.service.in b/packaging/systemd/nmb.service.in
> +index a30812320c05..c9373d2ba0a6 100644
> +--- a/packaging/systemd/nmb.service.in
> ++++ b/packaging/systemd/nmb.service.in
> +@@ -8,6 +8,8 @@ After=network.target network-online.target
> + Type=notify
> + NotifyAccess=all
> + PIDFile=@PIDDIR@/nmbd.pid
> ++StateDirectory=samba
> ++CacheDirectory=samba
> + EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
> + ExecStart=@SBINDIR@/nmbd --foreground --no-process-group $NMBDOPTIONS
> + ExecReload=/bin/kill -HUP $MAINPID
> +diff --git a/packaging/systemd/smb.service.in b/packaging/systemd/smb.service.in
> +index 18912ef0e98f..76aedfa20337 100644
> +--- a/packaging/systemd/smb.service.in
> ++++ b/packaging/systemd/smb.service.in
> +@@ -9,6 +9,8 @@ Type=notify
> + NotifyAccess=all
> + PIDFile=@PIDDIR@/smbd.pid
> + LimitNOFILE=16384
> ++StateDirectory=samba
> ++CacheDirectory=samba
> + EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba
> + ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS
> + ExecReload=/bin/kill -HUP $MAINPID
> diff --git a/patches/samba-4.9.5/series b/patches/samba-4.9.5/series
> new file mode 100644
> index 000000000..b2dcdc0a4
> --- /dev/null
> +++ b/patches/samba-4.9.5/series
> @@ -0,0 +1,4 @@
> +# generated by git-ptx-patches
> +#tag:base --start-number 1
> +0001-Lets-systemd-create-expected-directories-at-run-time.patch
> +# 2d2f83b2911fe3f43bff610738827040  - git-ptx-patches magic
> diff --git a/rules/samba.in b/rules/samba.in
> index ec5423661..822a9758a 100644
> --- a/rules/samba.in
> +++ b/rules/samba.in
> @@ -17,8 +17,10 @@ menuconfig SAMBA
>  	select LIBCAP
>  	select LIBPOPT
>  	select READLINE
> -	select SYSTEMD				if SAMBA_SYSTEMD_UNIT
> +	select SYSTEMD				if SAMBA_SYSTEMD_UNIT && RUNTIME

No, parts of samba link to libsystemd, so this is a build-time dependency
as well.

>  	select ZLIB
> +	select ROOTFS_VAR_LIB			if RUNTIME
> +	select ROOTFS_VAR_CACHE			if RUNTIME
>  	help
>  	  Samba is an Open Source/Free Software suite that has, since
>  	  1992, provided file and print services to all manner of
> @@ -28,6 +30,9 @@ menuconfig SAMBA
>  
>  	  See http://www.samba.org for details.
>  
> +	  Note: on a read-only root filesystem this package still requires a
> +	  writable '/var/lib' and '/var/cache'.
> +
>  if SAMBA
>  
>  config SAMBA_COMMON
> @@ -64,7 +69,7 @@ config SAMBA_CUPS
>  config SAMBA_STARTSCRIPT
>  	bool
>  	default y
> -	depends on SAMBA_SERVER
> +	depends on SAMBA_SERVER && !INITMETHOD_SYSTEMD

This should be separate. None of the start scripts conflict with
INITMETHOD_SYSTEMD so far.
I think, all of them should depend on INITMETHOD_BBINIT instead.

Michael

>  	prompt "install /etc/init.d/samba"
>  
>  config SAMBA_SYSTEMD_UNIT
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 13/20] nfsutils: adapt package's '/var/lib' requirements

[Michael Olbrich]

On Wed, Jun 05, 2019 at 02:54:14PM +0200, Juergen Borleis wrote:
> Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> ---
>  rules/nfsutils.in   | 12 +++++++++---
>  rules/nfsutils.make |  2 +-
>  2 files changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/rules/nfsutils.in b/rules/nfsutils.in
> index bd1052ebb..ed62b6d08 100644
> --- a/rules/nfsutils.in
> +++ b/rules/nfsutils.in
> @@ -9,11 +9,15 @@ menuconfig NFSUTILS
>  	select RPCBIND			if RUNTIME
>  	select LIBTIRPC			if GLOBAL_IPV6
>  	select ROOTFS_PROTOCOLS		if NFSUTILS_CLIENT
> +	select ROOTFS_VAR_LIB		if RUNTIME
> +	select SYSTEMD			if RUNTIME && NFSUTILS_SYSTEMD_UNIT
>  	help
>  	  The Sun Network Filesystem (NFS) protocol provides transparent remote
>  	  access to shared files across networks. The NFS protocol is designed
>  	  to be portable across different machines, operating systems, network
>  	  architectures, and transport protocols.
> +	  Note: this package expects write permissions to '/var/lib/nfs' for
> +	  its state information.
>  
>  if NFSUTILS
>  
> @@ -27,18 +31,20 @@ config NFSUTILS_SERVER
>  	bool
>  	prompt "server"
>  	help
> -	  Install all tools and daemons to run a NFS server.
> +	  Install all tools and daemons to run an NFS server.
>  
>  config NFSUTILS_NFSD_STARTSCRIPT
>  	bool
> -	depends on NFSUTILS_SERVER
> +	depends on NFSUTILS_SERVER && !INITMETHOD_SYSTEMD

Same as with samba.

>  	default y
>  	prompt "install /etc/init.d/nfsd"
>  
>  config NFSUTILS_SYSTEMD_UNIT
>  	bool
>  	default y
> -	depends on SYSTEMD
> +	depends on INITMETHOD_SYSTEMD

Hmm, originally all these options depended on SYSTEMD. That was before
INITMETHOD_SYSTEMD was fully established I think and later just copy/paste.
At some point this changed because packages needed so select SYSTEMD.

I think changing this makes sense but should happen globally for all
packages.

Michael

>  	prompt "install systemd unit files"
> +	help
> +	  Install all systemd related unit files to run the 'nfsutils'.
>  
>  endif
> diff --git a/rules/nfsutils.make b/rules/nfsutils.make
> index 929f53c72..4ce01c4e3 100644
> --- a/rules/nfsutils.make
> +++ b/rules/nfsutils.make
> @@ -76,7 +76,7 @@ $(STATEDIR)/nfsutils.targetinstall:
>  	@$(call install_fixup, nfsutils,PRIORITY,optional)
>  	@$(call install_fixup, nfsutils,SECTION,base)
>  	@$(call install_fixup, nfsutils,AUTHOR,"Robert Schwebel <r.schwebel@pengutronix.de>")
> -	@$(call install_fixup, nfsutils,DESCRIPTION,missing)
> +	@$(call install_fixup, nfsutils,DESCRIPTION,"Network Filesystem Support")
>  
>  	@$(call install_copy, nfsutils, 0, 0, 0755, -, /usr/sbin/nfsstat)
>  	@$(call install_copy, nfsutils, 0, 0, 0755, -, /usr/sbin/nfsiostat)
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 17/20] minicoredumper: adapt package's '/var/cache' requirements

[Michael Olbrich]

On Wed, Jun 05, 2019 at 02:54:18PM +0200, Juergen Borleis wrote:
> Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> ---
>  rules/minicoredumper.in | 4 ++++
>  rules/rootfs.in         | 7 +++++++
>  rules/rootfs.make       | 3 +++
>  3 files changed, 14 insertions(+)
> 
> diff --git a/rules/minicoredumper.in b/rules/minicoredumper.in
> index cc8008d1c..9fc3b63ed 100644
> --- a/rules/minicoredumper.in
> +++ b/rules/minicoredumper.in
> @@ -5,6 +5,7 @@ config MINICOREDUMPER
>  	prompt "minicoredumper"
>  	select LIBELF
>  	select JSON_C
> +	select ROOTFS_VAR_CRASH	if RUNTIME
>  	help
>  	  The minicoredumper project provides a program that handles the
>  	  creation of core dump files on Linux. It can produce much smaller
> @@ -19,3 +20,6 @@ config MINICOREDUMPER
>  	  	echo '|/usr/sbin/minicoredumper %P %u %g %s %t %h %e' > /proc/sys/kernel/core_pattern
>  
>  	  by hand to actually make use of it.
> +
> +	  Note: on a read-only root filesystem this package still requires a
> +	  writable '/var/crash'.
> diff --git a/rules/rootfs.in b/rules/rootfs.in
> index 3ea4bde60..2ec7104c2 100644
> --- a/rules/rootfs.in
> +++ b/rules/rootfs.in
> @@ -226,6 +226,13 @@ config ROOTFS_VAR_CACHE
>  	  This directory is intended for application cache data. Say 'y' here
>  	  to ensure a '/var/cache' directory is available at run-time.
>  
> +config ROOTFS_VAR_CRASH
> +	bool
> +	prompt "/var/crash"
> +	help
> +	  This directory is intended for core dumps. Say 'y' here to ensure a
> +	  '/var/crash' directory is available at run-time.
> +

No, this is not LSB or otherwise used by different packages. minicoredumper
should just create it directly.

Michael

>  config ROOTFS_VAR_SPOOL
>  	bool
>  	prompt "/var/spool"
> diff --git a/rules/rootfs.make b/rules/rootfs.make
> index 8183d0288..a1002cfcd 100644
> --- a/rules/rootfs.make
> +++ b/rules/rootfs.make
> @@ -112,6 +112,9 @@ endif
>  ifdef PTXCONF_ROOTFS_VAR_CACHE
>  	@$(call install_copy, rootfs, 0, 0, 0755, /var/cache)
>  endif
> +ifdef PTXCONF_ROOTFS_VAR_CRASH
> +	@$(call install_copy, rootfs, 0, 0, 0755, /var/crash)
> +endif
>  ifdef PTXCONF_ROOTFS_VAR_SPOOL
>  	@$(call install_copy, rootfs, 0, 0, 0755, /var/spool)
>  endif
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 04/20] conman: adapt package's '/var/lib' requirements

[Michael Olbrich]

On Wed, Jun 05, 2019 at 02:54:05PM +0200, Juergen Borleis wrote:
> Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> ---
>  projectroot/usr/lib/systemd/system/connman-ignore.service | 1 +
>  projectroot/usr/lib/systemd/system/connman.service        | 1 +
>  rules/connman.in                                          | 3 ++-
>  rules/connman.make                                        | 1 +
>  4 files changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/projectroot/usr/lib/systemd/system/connman-ignore.service b/projectroot/usr/lib/systemd/system/connman-ignore.service
> index b31df07fb..df52faaed 100644
> --- a/projectroot/usr/lib/systemd/system/connman-ignore.service
> +++ b/projectroot/usr/lib/systemd/system/connman-ignore.service
> @@ -7,6 +7,7 @@ ConditionPathExists=!/run/connman-ignore
>  Type=oneshot
>  RemainAfterExit=yes
>  ExecStart=/usr/lib/systemd/connman-ignore
> +StateDirectory=conman

I've dropped this patch and others that set StateDirectory= (and other
directories like it) from my test queue.
The problem ist that without the volatile /var the services fail to start
with 9p in qemu or nfsroot:
Systemd tries to change the permission of the directory and abort startup
because this fails on a read-only rootfs.

Michael

>  
>  [Install]
>  WantedBy=connman.service
> diff --git a/projectroot/usr/lib/systemd/system/connman.service b/projectroot/usr/lib/systemd/system/connman.service
> index 4353276b5..c7fc639d6 100644
> --- a/projectroot/usr/lib/systemd/system/connman.service
> +++ b/projectroot/usr/lib/systemd/system/connman.service
> @@ -10,6 +10,7 @@ Restart=on-failure
>  EnvironmentFile=-/run/connman-ignore
>  ExecStart=/usr/sbin/connmand -n $CONNMAN_IGNORE_OPTS
>  StandardOutput=null
> +StateDirectory=conman
>  
>  [Install]
>  WantedBy=multi-user.target
> diff --git a/rules/connman.in b/rules/connman.in
> index 9d4b1dbd3..3c2eb11a0 100644
> --- a/rules/connman.in
> +++ b/rules/connman.in
> @@ -13,7 +13,8 @@ menuconfig CONNMAN
>  	select DBUS_PYTHON			if CONNMAN_TESTS && RUNTIME
>  	select WPA_SUPPLICANT			if CONNMAN_WIFI && RUNTIME
>  	select WPA_SUPPLICANT_CTRL_IFACE_DBUS	if CONNMAN_WIFI
> -	select BUSYBOX_START_STOP_DAEMON	if CONNMAN_STARTSCRIPT
> +	select BUSYBOX_START_STOP_DAEMON	if CONNMAN_STARTSCRIPT && RUNTIME
> +	select ROOTFS_VAR_LIB			if RUNTIME
>  	prompt "connman                       "
>  	help
>  	  The Connection Manager project provides a daemon for
> diff --git a/rules/connman.make b/rules/connman.make
> index 2f671f7d4..313098d1c 100644
> --- a/rules/connman.make
> +++ b/rules/connman.make
> @@ -167,6 +167,7 @@ ifdef PTXCONF_CONNMAN_POLKIT
>  endif
>  
>  #	# ship settings which enable wired interfaces per default
> +	@$(call install_copy, connman, 0, 0, 0755, /var/lib/connman)
>  	@$(call install_alternative, connman, 0, 0, 0600, \
>  		/var/lib/connman/settings)
>  
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 18/20] opkg: move opkg-database to a read-only location

[Michael Olbrich]

On Wed, Jun 05, 2019 at 02:54:19PM +0200, Juergen Borleis wrote:
> The directory tree in '/var/lib' might not be persistent and thus,
> not in sync with the root filesystem. In this case it's required
> to store the opkg database at a location which has a fixed
> relation to the root filesystem's content it describes.
> 
> This change moves the opkg's database to a read-only location in
> '/usr/share/opkg', which is then always in sync with the root
> filesystem's content.
> 
> This changed opkg configuration works since commit
>    a691341deb33077b9d5ede5fe349ee6b3fb99be1
>  "ptxd_make_image_extract_xpkg_files: use ptxd_get_alternative to find opkg.conf"
> 
> Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
> ---
>  doc/daily_work.inc             | 3 +--
>  projectroot/etc/opkg/opkg.conf | 7 ++++++-
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/daily_work.inc b/doc/daily_work.inc
> index 470c14f93..58cf69f49 100644
> --- a/doc/daily_work.inc
> +++ b/doc/daily_work.inc
> @@ -1426,8 +1426,7 @@ This is a very simple and optimistic approach and works for surprisingly many us
>  cases. But some applications expect a writable ``/var/lib`` and will fail due
>  to this setup. Using an additional RAM disk for ``/var/lib`` might not help in
>  this use case, because it will bury all build-time generated data already present
> -in this directory tree (``opkg`` package information for example or other
> -packages pre-defined configuration files).
> +in this directory tree (package pre-defined configuration files for example).

I've applied this patch without the documentation changes. Please add it to
the volatile /var patch.
I've also applied several other patches that don't add a StateDirectory or
similar. Please rebase the rest.

Michael

>  
>  Overlay RAM Disk
>  ~~~~~~~~~~~~~~~~
> diff --git a/projectroot/etc/opkg/opkg.conf b/projectroot/etc/opkg/opkg.conf
> index 3ba17115b..67a64838f 100644
> --- a/projectroot/etc/opkg/opkg.conf
> +++ b/projectroot/etc/opkg/opkg.conf
> @@ -6,7 +6,12 @@
>  @SRC@
>  
>  dest	root	/
> -option	lock_file /var/lock/opkg.lock
> +option	lock_file /run/lock/opkg.lock
> +
> +# move away the ipkg database from the default "/var/lib/opkg" to a r/o location
> +option lists_dir /usr/share/opkg/lists
> +option status_file /usr/share/opkg/status
> +option info_dir /usr/share/opkg/info
>  
>  arch	@ARCH@	10
>  arch	all	1
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH] fixup! rootfs: keep /var writable, even if the rootfs is read-only

[Michael Olbrich]

---
 projectroot/etc/fstab                         |  6 ++---
 .../lib/systemd/system/run-varoverlayfs.mount |  3 +--
 projectroot/usr/lib/systemd/system/var.mount  |  3 ++-
 projectroot/usr/sbin/mount.varoverlayfs       |  6 ++---
 rules/rootfs.make                             | 26 +++++++++----------
 5 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/projectroot/etc/fstab b/projectroot/etc/fstab
index c79c8de4d896..364b495a9c8b 100644
--- a/projectroot/etc/fstab
+++ b/projectroot/etc/fstab
@@ -11,6 +11,6 @@ debugfs	/sys/kernel/debug	debugfs	noauto					0 0
 # ramdisks
 tmpfs	/tmp			tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
 tmpfs	/run			tmpfs	nosuid,nodev,strictatime,mode=0755	0 0
-#log	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
-#lock	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
-#tmp	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
+@VAR_OVERLAYFS@tmpfs	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
+@VAR_OVERLAYFS@tmpfs	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
+@VAR_OVERLAYFS@tmpfs	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
diff --git a/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
index 034dbfee1b84..c067b9b96f53 100644
--- a/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
+++ b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
@@ -1,10 +1,9 @@
 [Unit]
 Description=Overlay for '/var'
 Before=local-fs.target
-OnFailure=rescue.service
 
 [Mount]
 Where=/run/varoverlayfs
 What=tmpfs
 Type=tmpfs
-Options=nosuid,nodev,noexec,mode=0755,size=10%,nr_inodes=100
+Options=size=20%
diff --git a/projectroot/usr/lib/systemd/system/var.mount b/projectroot/usr/lib/systemd/system/var.mount
index 764108924b9d..bd635023704d 100644
--- a/projectroot/usr/lib/systemd/system/var.mount
+++ b/projectroot/usr/lib/systemd/system/var.mount
@@ -1,10 +1,11 @@
 [Unit]
 Description=Writable support for '/var'
+After=run-varoverlayfs.mount
 Before=local-fs.target
-OnFailure=rescue.service
 
 [Mount]
 Where=/var
 # note: this is a dummy filesystem only to trigger the corresponding mount helper
 What=varoverlayfs
 Type=varoverlayfs
+Options=metacopy=on
diff --git a/projectroot/usr/sbin/mount.varoverlayfs b/projectroot/usr/sbin/mount.varoverlayfs
index afd5f2076245..f8fc8c88f349 100644
--- a/projectroot/usr/sbin/mount.varoverlayfs
+++ b/projectroot/usr/sbin/mount.varoverlayfs
@@ -1,11 +1,11 @@
-#!/bin/sh
+#!/bin/sh -e
 # Mount helper tool to mount some kind of writable filesystem over '/var'
 # (which might be read-only).
 # What kind of filesystem is used to mount over '/var' can be controlled via
 # the 'run-varoverlayfs.mount' mount unit and is usually a RAM disk.
 
-systemctl start run-varoverlayfs.mount
 mkdir -p /run/varoverlayfs/upper
 mkdir -p /run/varoverlayfs/work
-mount -t overlay overlay -olowerdir=/var,upperdir=/run/varoverlayfs/upper,workdir=/run/varoverlayfs/work /var
+mount -t overlay -olowerdir=/var,upperdir=/run/varoverlayfs/upper,workdir=/run/varoverlayfs/work "${@}"
 systemctl stop run-varoverlayfs.mount
+rmdir /run/varoverlayfs
diff --git a/rules/rootfs.make b/rules/rootfs.make
index 8183d028886c..d7b7eccdc734 100644
--- a/rules/rootfs.make
+++ b/rules/rootfs.make
@@ -122,9 +122,16 @@ ifdef PTXCONF_ROOTFS_VAR_TMP
 	@$(call install_copy, rootfs, 0, 0, 01777, /var/tmp)
 endif
 ifdef PTXCONF_ROOTFS_VAR_OVERLAYFS
-	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/run-varoverlayfs.mount)
-	@$(call install_alternative, rootfs, 0, 0, 0755, /usr/sbin/mount.varoverlayfs)
-	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/var.mount)
+	@$(call install_alternative, rootfs, 0, 0, 0644, \
+		/usr/lib/systemd/system/run-varoverlayfs.mount)
+	@$(call install_link, rootfs, ../run-varoverlayfs.mount, \
+		/usr/lib/systemd/system/local-fs.target.requires/run-varoverlayfs.mount)
+	@$(call install_alternative, rootfs, 0, 0, 0755, \
+		/usr/sbin/mount.varoverlayfs)
+	@$(call install_alternative, rootfs, 0, 0, 0644, \
+		/usr/lib/systemd/system/var.mount)
+	@$(call install_link, rootfs, ../var.mount, \
+		/usr/lib/systemd/system/local-fs.target.requires/var.mount)
 endif
 
 #	#
@@ -144,17 +151,8 @@ ifdef PTXCONF_ROOTFS_GSHADOW
 endif
 ifdef PTXCONF_ROOTFS_FSTAB
 	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/fstab)
-ifndef PTXCONF_ROOTFS_VAR_OVERLAYFS
-ifdef PTXCONF_ROOTFS_VAR_TMP
-	@$(call install_replace, rootfs, /etc/fstab, #tmp, "tmpfs")
-endif
-ifdef PTXCONF_ROOTFS_VAR_LOG
-	@$(call install_replace, rootfs, /etc/fstab, #log, "tmpfs")
-endif
-ifdef PTXCONF_ROOTFS_VAR_LOCK
-	@$(call install_replace, rootfs, /etc/fstab, #lock, "tmpfs")
-endif
-endif # PTXCONF_ROOTFS_VAR_OVERLAYFS
+	@$(call install_replace, rootfs, /etc/fstab, @VAR_OVERLAYFS@, \
+		$(call ptx/ifdef,PTXCONF_ROOTFS_VAR_OVERLAYFS,#))
 endif # PTXCONF_ROOTFS_FSTAB
 ifdef PTXCONF_ROOTFS_MTAB_FILE
 	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/mtab)
-- 
2.20.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH] fixup! rootfs: keep /var writable, even if the rootfs is read-only

[Michael Olbrich]

Hi,

I've experimented with this a bit. Here are some changes I'd like to
squash into the patch.

On Mon, Jun 24, 2019 at 08:48:25AM +0200, Michael Olbrich wrote:
> ---
>  projectroot/etc/fstab                         |  6 ++---
>  .../lib/systemd/system/run-varoverlayfs.mount |  3 +--
>  projectroot/usr/lib/systemd/system/var.mount  |  3 ++-
>  projectroot/usr/sbin/mount.varoverlayfs       |  6 ++---
>  rules/rootfs.make                             | 26 +++++++++----------
>  5 files changed, 21 insertions(+), 23 deletions(-)
> 
> diff --git a/projectroot/etc/fstab b/projectroot/etc/fstab
> index c79c8de4d896..364b495a9c8b 100644
> --- a/projectroot/etc/fstab
> +++ b/projectroot/etc/fstab
> @@ -11,6 +11,6 @@ debugfs	/sys/kernel/debug	debugfs	noauto					0 0
>  # ramdisks
>  tmpfs	/tmp			tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
>  tmpfs	/run			tmpfs	nosuid,nodev,strictatime,mode=0755	0 0
> -#log	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
> -#lock	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
> -#tmp	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0
> +@VAR_OVERLAYFS@tmpfs	/var/log		tmpfs	nosuid,nodev,noexec,mode=0755,size=10%	0 0
> +@VAR_OVERLAYFS@tmpfs	/var/lock		tmpfs	nosuid,nodev,noexec,mode=0755,size=1M	0 0
> +@VAR_OVERLAYFS@tmpfs	/var/tmp		tmpfs	nosuid,nodev,mode=1777,size=20%		0 0

I want it to be very obvious that the file is modified.

> diff --git a/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
> index 034dbfee1b84..c067b9b96f53 100644
> --- a/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
> +++ b/projectroot/usr/lib/systemd/system/run-varoverlayfs.mount
> @@ -1,10 +1,9 @@
>  [Unit]
>  Description=Overlay for '/var'
>  Before=local-fs.target
> -OnFailure=rescue.service

Handled by local-fs.target.requires/... below.

>  
>  [Mount]
>  Where=/run/varoverlayfs
>  What=tmpfs
>  Type=tmpfs
> -Options=nosuid,nodev,noexec,mode=0755,size=10%,nr_inodes=100
> +Options=size=20%

The largest of the three filesystems has 20% so I want to keep that. 100
inodes by far not enough. I don't think there is a good limit.

The other options are not propagated to the overlayfs anyways, so they can
be skipped.

> diff --git a/projectroot/usr/lib/systemd/system/var.mount b/projectroot/usr/lib/systemd/system/var.mount
> index 764108924b9d..bd635023704d 100644
> --- a/projectroot/usr/lib/systemd/system/var.mount
> +++ b/projectroot/usr/lib/systemd/system/var.mount
> @@ -1,10 +1,11 @@
>  [Unit]
>  Description=Writable support for '/var'
> +After=run-varoverlayfs.mount

I wanted to use RequiresMountsFor=.. here but that conflicts with
unmounting the filesystem after mounting the overlayfs.

After= is useful because it makes the dependency explicit. This way systemd
knows about it an can detect dependency loops if run-varoverlayfs.mount is
changed and accidentally depends on var.mount.

>  Before=local-fs.target
> -OnFailure=rescue.service
>  
>  [Mount]
>  Where=/var
>  # note: this is a dummy filesystem only to trigger the corresponding mount helper
>  What=varoverlayfs
>  Type=varoverlayfs
> +Options=metacopy=on

This saves space on the ram disk. This requires a relatively new kernel.
Putting it here makes it easier to override if an older kernel is used.

> diff --git a/projectroot/usr/sbin/mount.varoverlayfs b/projectroot/usr/sbin/mount.varoverlayfs
> index afd5f2076245..f8fc8c88f349 100644
> --- a/projectroot/usr/sbin/mount.varoverlayfs
> +++ b/projectroot/usr/sbin/mount.varoverlayfs
> @@ -1,11 +1,11 @@
> -#!/bin/sh
> +#!/bin/sh -e
>  # Mount helper tool to mount some kind of writable filesystem over '/var'
>  # (which might be read-only).
>  # What kind of filesystem is used to mount over '/var' can be controlled via
>  # the 'run-varoverlayfs.mount' mount unit and is usually a RAM disk.
>  
> -systemctl start run-varoverlayfs.mount
>  mkdir -p /run/varoverlayfs/upper
>  mkdir -p /run/varoverlayfs/work
> -mount -t overlay overlay -olowerdir=/var,upperdir=/run/varoverlayfs/upper,workdir=/run/varoverlayfs/work /var
> +mount -t overlay -olowerdir=/var,upperdir=/run/varoverlayfs/upper,workdir=/run/varoverlayfs/work "${@}"

Propagate the options from the mount unit.

>  systemctl stop run-varoverlayfs.mount
> +rmdir /run/varoverlayfs
> diff --git a/rules/rootfs.make b/rules/rootfs.make
> index 8183d028886c..d7b7eccdc734 100644
> --- a/rules/rootfs.make
> +++ b/rules/rootfs.make
> @@ -122,9 +122,16 @@ ifdef PTXCONF_ROOTFS_VAR_TMP
>  	@$(call install_copy, rootfs, 0, 0, 01777, /var/tmp)
>  endif
>  ifdef PTXCONF_ROOTFS_VAR_OVERLAYFS
> -	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/run-varoverlayfs.mount)
> -	@$(call install_alternative, rootfs, 0, 0, 0755, /usr/sbin/mount.varoverlayfs)
> -	@$(call install_alternative, rootfs, 0, 0, 0644, /usr/lib/systemd/system/var.mount)
> +	@$(call install_alternative, rootfs, 0, 0, 0644, \
> +		/usr/lib/systemd/system/run-varoverlayfs.mount)
> +	@$(call install_link, rootfs, ../run-varoverlayfs.mount, \
> +		/usr/lib/systemd/system/local-fs.target.requires/run-varoverlayfs.mount)
> +	@$(call install_alternative, rootfs, 0, 0, 0755, \
> +		/usr/sbin/mount.varoverlayfs)
> +	@$(call install_alternative, rootfs, 0, 0, 0644, \
> +		/usr/lib/systemd/system/var.mount)
> +	@$(call install_link, rootfs, ../var.mount, \
> +		/usr/lib/systemd/system/local-fs.target.requires/var.mount)

Explicit dependencies. Without this, e.g. tmpfiles.d is started too early.
And it makes sure that errors are handled and dependency loops detected.

Any objections?

Michael

>  endif
>  
>  #	#
> @@ -144,17 +151,8 @@ ifdef PTXCONF_ROOTFS_GSHADOW
>  endif
>  ifdef PTXCONF_ROOTFS_FSTAB
>  	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/fstab)
> -ifndef PTXCONF_ROOTFS_VAR_OVERLAYFS
> -ifdef PTXCONF_ROOTFS_VAR_TMP
> -	@$(call install_replace, rootfs, /etc/fstab, #tmp, "tmpfs")
> -endif
> -ifdef PTXCONF_ROOTFS_VAR_LOG
> -	@$(call install_replace, rootfs, /etc/fstab, #log, "tmpfs")
> -endif
> -ifdef PTXCONF_ROOTFS_VAR_LOCK
> -	@$(call install_replace, rootfs, /etc/fstab, #lock, "tmpfs")
> -endif
> -endif # PTXCONF_ROOTFS_VAR_OVERLAYFS
> +	@$(call install_replace, rootfs, /etc/fstab, @VAR_OVERLAYFS@, \
> +		$(call ptx/ifdef,PTXCONF_ROOTFS_VAR_OVERLAYFS,#))
>  endif # PTXCONF_ROOTFS_FSTAB
>  ifdef PTXCONF_ROOTFS_MTAB_FILE
>  	@$(call install_alternative, rootfs, 0, 0, 0644, /etc/mtab)
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de