From 562bfbc8bb69729ba8c2e6e95b32bac568c3314e Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sun, 23 Jul 2023 14:33:51 -0400 Subject: [PATCH] prepare-root: Default sysroot.readonly=true if composefs Not because it's logically required or anything, but because it's just a good idea. --- src/switchroot/ostree-prepare-root.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index 30baa9869d..12ade9ff3c 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -344,8 +344,18 @@ main (int argc, char *argv[]) errx (EXIT_FAILURE, "Failed to parse config: %s", error->message); gboolean sysroot_readonly = FALSE; - if (!ot_keyfile_get_boolean_with_default (config, SYSROOT_KEY, READONLY_KEY, FALSE, - &sysroot_readonly, &error)) + + // We always parse the composefs config, because we want to detect and error + // out if it's enabled, but not supported at compile time. + g_autoptr (ComposefsConfig) composefs_config = load_composefs_config (&error); + if (!composefs_config) + errx (EXIT_FAILURE, "%s", error->message); + + // If composefs is enabled, that also implies sysroot.readonly=true because it's + // the new default we want to use (not because it's actually required) + const bool sysroot_readonly_default = composefs_config->enabled == OT_TRISTATE_YES; + if (!ot_keyfile_get_boolean_with_default (config, SYSROOT_KEY, READONLY_KEY, + sysroot_readonly_default, &sysroot_readonly, &error)) errx (EXIT_FAILURE, "Failed to parse sysroot.readonly value: %s", error->message); /* This is the final target where we should prepare the rootfs. The usual @@ -393,11 +403,6 @@ main (int argc, char *argv[]) GVariantBuilder metadata_builder; g_variant_builder_init (&metadata_builder, G_VARIANT_TYPE ("a{sv}")); - // We always parse the composefs config, because we want to detect and error - // out if it's enabled, but not supported at compile time. - g_autoptr (ComposefsConfig) composefs_config = load_composefs_config (&error); - if (!composefs_config) - errx (EXIT_FAILURE, "%s", error->message); // Tracks if we did successfully enable it at runtime bool using_composefs = false;