From 75c190ab38e653d5aceaf1b5e8559eaa369b9808 Mon Sep 17 00:00:00 2001
From: Samuel Dolt <samuel.dolt@netmodule.com>
Date: Wed, 1 Mar 2023 15:17:55 +0100
Subject: [PATCH] feat(coreos-container-image): systemd can be installed in the
 image

Allow to use systemd as an IMAGE_FEATURES inside a container image
---
 .../coreos-container-image-lighttpd.bb        |  6 ++++
 .../containers/coreos-container-lighttpd.bb   |  3 +-
 .../classes/coreos-container-image.bbclass    | 30 ++++++++++++++++---
 3 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-image-lighttpd.bb b/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-image-lighttpd.bb
index 7294138..f26a547 100644
--- a/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-image-lighttpd.bb
+++ b/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-image-lighttpd.bb
@@ -2,6 +2,12 @@ SUMMARY = "A lighttpd container image"
 
 inherit coreos-container-image
 
+# Install systemd in the container
+IMAGE_FEATURES += "systemd" 
+
+# Allow to log using systemd without password
+IMAGE_FEATURES += "empty-root-password"
+
 IMAGE_INSTALL:append = " \
     busybox \
     lighttpd \
diff --git a/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-lighttpd.bb b/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-lighttpd.bb
index fd1aa80..5425d63 100644
--- a/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-lighttpd.bb
+++ b/layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-lighttpd.bb
@@ -3,5 +3,4 @@ SUMMARY = "A lighttpd container package"
 inherit coreos-container-package
 
 CONTAINER_IMAGE = "coreos-container-image-lighttpd"
-PODMAN_RUN_OPTIONS = "-p 80:80 --entrypoint /usr/sbin/lighttpd"
-PODMAN_RUN_CMD = "-D -f /etc/lighttpd/lighttpd.conf"
+PODMAN_RUN_OPTIONS = "-p 80:80"
diff --git a/layers/meta-belden-coreos/classes/coreos-container-image.bbclass b/layers/meta-belden-coreos/classes/coreos-container-image.bbclass
index 7d68e40..a432b89 100644
--- a/layers/meta-belden-coreos/classes/coreos-container-image.bbclass
+++ b/layers/meta-belden-coreos/classes/coreos-container-image.bbclass
@@ -22,12 +22,24 @@ COREOS_CONTAINER_IMAGE_BASE_INSTALL = '\
 COREOS_CONTAINER_IMAGE_EXTRA_INSTALL ?= ""
 IMAGE_INSTALL ?= "${COREOS_CONTAINER_IMAGE_BASE_INSTALL} ${COREOS_CONTAINER_IMAGE_EXTRA_INSTALL}"
 
-# Images features for containers
+# OCI Parameters
 # ==============================================================================
 
+OCI_IMAGE_ENTRYPOINT ?= "${@bb.utils.contains('IMAGE_FEATURES', 'systemd', '/usr/sbin/init', '/usr/bin/sh', d)}"
+
 inherit image
 inherit image-oci
 
+# Images features for containers
+# ==============================================================================
+
+# Install systemd inside the container
+FEATURE_PACKAGES_systemd = "systemd"
+
+
+# Image Post processings
+# ==============================================================================
+
 IMAGE_CMD:oci:append() {
     # meta-virtualization default IMAGE_CMD doesn't create a symlink on kirkstone
     image_link_name="${IMAGE_LINK_NAME}${IMAGE_NAME_SUFFIX}-oci"
@@ -41,17 +53,27 @@ IMAGE_CMD:oci:append() {
 
 # Workaround /var/volatile for now
 # See layers/meta-virtualization/recipes-extended/images/container-base.bb
-ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('IMAGE_FEATURES', 'init-manager', '', 'rootfs_fixup_var_volatile ; ', d)}"
+ROOTFS_POSTPROCESS_COMMAND += "rootfs_fixup_var_volatile ; "
 rootfs_fixup_var_volatile () {
     install -m 1777 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/tmp
     install -m 755 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/log
 
-    # When using systemd, systemd is responsible to link /var/{log,tmp} to /var/volutile/{log,tmp}
-    # As container doesn't normally use systemd, we create the link by ourself here
+    # in rootfs-postcommands.bbclass, when using initscripts theses link
+    # are created by running ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
+    # When the distro is configured to systemd, this is not done, so we need to
+    # do it here manually (As systemd is not always included in the container)
     ln -sf ${localstatedir}/volatile/tmp ${IMAGE_ROOTFS}/${localstatedir}/tmp
     ln -sf ${localstatedir}/volatile/log ${IMAGE_ROOTFS}/${localstatedir}/log
 }
 
+ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('IMAGE_FEATURES', 'systemd', 'rootfs_fixup_systemd ; ', '', d)}"
+rootfs_fixup_systemd () {
+    # Mask systemd services that are not needed/doesn't work in a container
+    # This ensure that the container doesn't boot in systemd emergency mode
+    systemctl --root=${IMAGE_ROOTFS} mask systemd-remount-fs.service
+    systemctl --root=${IMAGE_ROOTFS} mask var-volatile.mount
+}
+
 # Add support for plugin classes like in coreos-image.bbclass
 COREOS_IMAGE_EXTRACLASSES ?= ""
 inherit ${COREOS_IMAGE_EXTRACLASSES}