Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-124058 / 24.04 / Stop doing runtime modifications of files in /usr #12075

Merged
merged 2 commits into from
Sep 13, 2023
Merged

NAS-124058 / 24.04 / Stop doing runtime modifications of files in /usr #12075

merged 2 commits into from
Sep 13, 2023

Conversation

anodos325
Copy link
Contributor

This PR makes several changes in preparation for using separate datasets for relevant portions of the root filesystem heirarchy.

  • Stop permissions checks on stub SMB configuration
  • Make static netdata configuration changes at install time rather than runtime.
  • Move local ca certificates path to /var/local rather than /usr/local in accordance with Linux FHS guidelines. Original path (/usr/local/share/ca-certificates) will be replaced with symlink to /var/local/ca-certificates.

@anodos325 anodos325 added the WIP label Sep 11, 2023
@anodos325 anodos325 mentioned this pull request Sep 11, 2023
Merged
@anodos325 anodos325 added jira and removed WIP labels Sep 11, 2023
@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-124058

@bugclerk bugclerk changed the title Stop doing runtime modifications of files in /usr NAS-124058 / 24.04 / Stop doing runtime modifications of files in /usr Sep 11, 2023
@anodos325
Copy link
Contributor Author

This is related to truenas/scale-build#494

@anodos325 anodos325 requested a review from a team September 12, 2023 13:20
themylogin
themylogin reviewed Sep 12, 2023
View reviewed changes
src/freenas/debian/preinst Outdated Show resolved Hide resolved
src/freenas/usr/bin/unlock-root-fs.py Outdated Show resolved Hide resolved
src/middlewared/middlewared/etc_files/generate_ssl_certs.py Show resolved Hide resolved
src/freenas/usr/bin/unlock-root-fs.py Outdated Show resolved Hide resolved
@anodos325
Stop doing runtime modifications of files in /usr
794fbc8 
This PR makes several changes in preparation for using separate
datasets for relevant portions of the root filesystem heirarchy.

* Stop permissions checks on stub SMB configuration
* Make static netdata configuration changes at install time rather
  than runtime.
* Move local ca certificates path to /var/local rather than
  /usr/local in accordance with Linux FHS guidelines. Original
  path (/usr/local/share/ca-certificates) will be replaced with
  symlink to /var/local/ca-certificates.

This PR adds new script that undoes the readonly parts of the
root filesystem (and sets custom ZFS user property indicating
that server OS is in "developer" mode).
@anodos325
Add recursive flag for BE clone
ddb80cb 
This is currently broken in zectl (have pending PR there to fix
it).
@anodos325
Copy link
Contributor Author

The zectl flag change depends on
truenas/zectl#12
and
truenas/zectl#11

Which should be merged tomorrow.

@yocalebo yocalebo requested a review from Qubad786 September 13, 2023 13:04
@yocalebo
Copy link
Contributor

@Qubad786 can you review this one since it's making changes to netdata configuration? This is the better approach to take, but I want to make sure you look at it.

@anodos325 anodos325 merged commit a221f27 into master Sep 13, 2023
@anodos325 anodos325 deleted the fhs-changes branch September 13, 2023 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Qubad786 Qubad786 Qubad786 approved these changes

@themylogin themylogin themylogin approved these changes

Assignees
No one assigned
Labels
jira no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@anodos325 @bugclerk @yocalebo @themylogin @Qubad786