Systemd-based systems do not use the global /etc/sysctl.conf file. Instead,
they read configuration from individual files under /etc/sysctl.d. This
change installs our sysctl settings as /etc/sysctl.d/console.conf when
systemd is enabled.
For systems that do not use systemd, the configuration file is still
installed at /etc/sysctl.conf. The CONFFILES entry is also updated.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit fixes a build issue by including the procps recipe which also
installs the sysctl.conf file. Since adding this config file in base-file
recipe is something custom from DEY, we include this file only for "dey"
distribution to avoid conflicts.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Previously, TRUSTFENCE_INITRAMFS_IMAGE was the only variable used to configure
rootfs encryption. Now that any partition can be encrypted and the rootfs
encryption still needs to be handled differently, use two variables instead.
* TRUSTFENCE_ENCRYPT_PARTITIONS to control partition encryption in general
* TRUSTFENCE_ENCRYPT_ROOTFS to control rootfs encryption
As with most trustfence functionality, enable both by default. Leave
TRUSTFENCE_INITRAMFS_IMAGE as an internal variable only.
https://onedigi.atlassian.net/browse/DEL-7174
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
MMC core block has changed in kernel 5.4 so Replay Protected Memory Block (RPMB)
and boot partitions are not listed under /proc/partitions anymore.
get_emmc_block_device() function in pkg_postinst_ontarget() method was looking
for these entries to identify the MMC partition where to execute resize2fs.
This function has been modified to do the checks inside /dev/mmcblk* where RPMB
and boot entries are still listed.
https://jira.digi.com/browse/DEL-7094
Signed-off-by: Hector Bujanda <hector.bujanda@digi.com>
This commit disables file system check on the root file system when it is encrypted.
This prevents the service from failing on encrypted rootfs with the message:
[FAILED] Failed to mount /run/media/mmcblk0p3.
See 'systemctl status run-media-mmcblk0p3.mount' for details.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-6655
The Replay Protected Memory Block (RPMB) is an special storage
partition that cannot be accessed via standard block layer.
When a user space tool like blkid, tries to read it the kernel
suffers buffer I/O errors and timeouts.
This commit modifies the post installation script to filter the RPMB
partitions from the mmc block devices, to avoid multiple kernel
errors during the script execution.
https://jira.digi.com/browse/DEL-6609
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Removed the platform dependency to apply the resize to all platforms.
https://jira.digi.com/browse/DEL-6609
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This is needed so the encrypted rootfs is properly resized to the
partition size.
https://jira.digi.com/browse/DEL-2765
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
ccimx51js and ccimx53js are not supported in this version of DEY.
Support for those platforms is in previous versions of DEY.
https://jira.digi.com/browse/DEL-1890
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Yocto 1.7 Dizzy added support for os-release file in a new recipe, so
we need to remove it from our base-files bbappend in order to avoid
conflicts between both packages.
https://jira.digi.com/browse/DEL-1390
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Use the package manager postinst framework to run the rootfs resize
script on first boot after the image has been flashed to the EMMC.
https://jira.digi.com/browse/DEL-1317
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This cleans following warning:
Use of PRINC is deprecated.
The PR server should be used to automatically increment the PR.
See: https://wiki.yoctoproject.org/wiki/PR_Service
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
These files were needed in previous versions of Yocto to overcome
different problems. Remove them as the default ones in current Yocto
version are good enough for our platforms.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Remount the rootfs with 'noatime' option to minimize writes (avoiding
wearing-out the flash).
This also improves slightly the system performance.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
The final product will be called "Digi Embedded for Yocto" or DEY for
short.
This commit renames all relevant files.
https://jira.digi.com/browse/DEL-474
Signed-off-by: Alex Gonzalez <alex.gonzalez@digi.com>
Javier Viguera
Arturo Buzarra
Isaac Hermida
Gabriel Valcazar
Hector Bujanda
Mike Engel
Jose Diaz de Grenu
Alex Gonzalez