bootstrap: chore: extract fn mount_modules

2025-07-18 08:19:15 +02:00
parent 423a9c53e6
commit e484802284
2 changed files with 25 additions and 42 deletions
--- a/src/cmd/init.rs
+++ b/src/cmd/init.rs
@ -75,7 +75,7 @@ pub async fn run() {
            let arch = lz4::Decoder::new(zarch.as_slice())?;
            extract_cpio(arch).await
        } else {
-            return Ok(());
+            Ok(())
        }
    })
    .await;
@ -96,24 +96,8 @@ pub async fn run() {
    // tokio::spawn(child_reaper());
    // mount modules
-    if let Some(ref modules) = cfg.modules {
+    if let Some(modules) = cfg.modules.as_deref() {
-        retry_or_ignore(async || {
+        retry_or_ignore(async || mount_modules(modules, &kernel_version).await).await;
            info!("mounting modules");
            mount(Some(modules), "/modules", "squashfs", None).await;
            fs::create_dir_all("/lib/modules").await?;
            let modules_path = &format!("/modules/lib/modules/{kernel_version}");
            if !std::fs::exists(modules_path)? {
                return Err(format_err!(
                    "invalid modules package: {modules_path} should exist"
                ));
            }
            symlink(modules_path, format!("/lib/modules/{kernel_version}"))?;
            Ok(())
        })
        .await;
    } else {
        warn!("modules NOT mounted (not configured)");
    }
@ -181,6 +165,23 @@ pub async fn run() {
 use std::path::Path;
 async fn mount_modules(modules: &str, kernel_version: &str) -> Result<()> {
    info!("mounting modules");
    mount(Some(modules), "/modules", "squashfs", None).await;
    fs::create_dir_all("/lib/modules").await?;
    let modules_path = &format!("/modules/lib/modules/{kernel_version}");
    if !std::fs::exists(modules_path)? {
        return Err(format_err!(
            "invalid modules package: {modules_path} should exist"
        ));
    }
    symlink(modules_path, format!("/lib/modules/{kernel_version}"))?;
    Ok(())
 }
 async fn chmod(path: impl AsRef<Path>, mode: u32) -> std::io::Result<()> {
    use std::fs::Permissions;
    use std::os::unix::fs::PermissionsExt;
--- a/src/cmd/init/bootstrap.rs
+++ b/src/cmd/init/bootstrap.rs
@ -18,11 +18,7 @@ pub async fn bootstrap(cfg: Config) {
    let verifier = retry(async || Verifier::from_config(&cfg)).await;
    let bs = cfg.bootstrap;
    retry_or_ignore(async || {
    mount(Some(&bs.dev), "/bootstrap", "ext4", None).await;
        Ok(())
    })
    .await;
    let boot_version = utils::param("version").unwrap_or("current");
    let base_dir = &format!("/bootstrap/{boot_version}");
@ -104,15 +100,8 @@ impl Verifier {
        let mut openssl = Command::new("openssl")
            .stdin(Stdio::piped())
-            .args(&[
+            .args(&["dgst", "-sha512", "-verify", "/dev/stdin"])
-                "dgst",
+            .args(&["-signature", &sig, path])
                "-sha512",
                "-verify",
                "/dev/stdin",
                "-signature",
                &sig,
                path,
            ])
            .spawn()?;
        tokio::io::copy(&mut pubkey, openssl.stdin.as_mut().unwrap()).await?;
@ -232,15 +221,8 @@ async fn mount_system(cfg: &dkl::Config, bs_dir: &str, verifier: &Verifier) {
    })
    .await;
-    mount(
+    let opts = format!("lowerdir={lower_dir},upperdir={upper_dir},workdir={work_dir}");
-        None,
+    mount(None, "/system", "overlay", Some(&opts)).await;
        "/system",
        "overlay",
        Some(&format!(
            "lowerdir={lower_dir},upperdir={upper_dir},workdir={work_dir}"
        )),
    )
    .await;
    // make root rshared (default in systemd, required by Kubernetes 1.10+)
    // equivalent to "mount --make-rshared /"