repart: do not enforce 10M min size for immutable file systems by default

Commit b6d499768394
("Add --entry-type=type1|type2 option to kernel-install.")

Skip removing UKI related contents when BOOT_ENTRY_TYPE=type1

Signed-off-by: Li Tian <litian@redhat.com>

docs/TEMPORARY_DIRECTORIES.md

@@ -143,7 +143,7 @@ strategies to avoid these issues:
    the sticky bit has a different meaning for them.
 
 6. Don't use `/tmp/` or `/var/tmp/`, but use your own sub-directory under
-   `/run/` or `$XDG_RUNTIME_DIRECTORY` (the former if privileged, the latter if
+   `/run/` or `$XDG_RUNTIME_DIR` (the former if privileged, the latter if
    unprivileged), or `/var/lib/` and `~/.config/` (similar, but with
    persistency and suitable for larger data). The two temporary directories
    `/tmp/` and `/var/tmp/` come with the implicit clean-up semantics described

src/basic/parse-util.c

@@ -13,6 +13,7 @@
 #include "log.h"
 #include "missing-network.h"
 #include "parse-util.h"
+#include "path-util.h"
 #include "process-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -369,6 +370,29 @@ int parse_fd(const char *t) {
         return fd;
 }
 
+int parse_user_shell(const char *s, char **ret_sh, bool *ret_copy) {
+        char *sh;
+        int r;
+
+        if (path_is_absolute(s) && path_is_normalized(s)) {
+                sh = strdup(s);
+                if (!sh)
+                        return -ENOMEM;
+
+                *ret_sh = sh;
+                *ret_copy = false;
+        } else {
+                r = parse_boolean(s);
+                if (r < 0)
+                        return r;
+
+                *ret_sh = NULL;
+                *ret_copy = r;
+        }
+
+        return 0;
+}
+
 static const char *mangle_base(const char *s, unsigned *base) {
         const char *k;
 

src/basic/parse-util.h

@@ -20,6 +20,7 @@ int parse_sector_size(const char *t, uint64_t *ret);
 int parse_range(const char *t, unsigned *lower, unsigned *upper);
 int parse_errno(const char *t);
 int parse_fd(const char *t);
+int parse_user_shell(const char *s, char **ret_sh, bool *ret_copy);
 
 #define SAFE_ATO_REFUSE_PLUS_MINUS (1U << 30)
 #define SAFE_ATO_REFUSE_LEADING_ZERO (1U << 29)

src/kernel-install/90-uki-copy.install

@@ -33,6 +33,11 @@ UKI_DIR="$BOOT_ROOT/EFI/Linux"
 
 case "$COMMAND" in
     remove)
+        if [ "$KERNEL_INSTALL_BOOT_ENTRY_TYPE" = "type1" ]; then
+            [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+                echo "BOOT_ENTRY_TYPE=type1, not removing UKI related."
+            exit 0
+        fi
         [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
             echo "Removing $UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION*.efi and extras"
         exec rm -rf \

src/login/pam_systemd.c

@@ -1569,7 +1569,7 @@ static int setup_environment(
                 /* Also create a per-area subdirectory for $XDG_RUNTIME_DIR, so that each area has their own
                  * set of runtime services. We follow the same directory structure as for $HOME. Note that we
                  * do not define any form of automatic clean-up for the per-aera subdirs beyond the regular
-                 * clean-up of the whole $XDG_RUNTIME_DIRECTORY hierarchy when the user finally logs out. */
+                 * clean-up of the whole $XDG_RUNTIME_DIR hierarchy when the user finally logs out. */
 
                 r = make_area_runtime_directory(handle, ur, runtime_directory, area, &per_area_runtime_directory);
                 if (r != PAM_SUCCESS)

src/machine/machine.c

@@ -1605,8 +1605,8 @@ int machine_open_root_directory(Machine *machine) {
 
 static const char* const machine_class_table[_MACHINE_CLASS_MAX] = {
         [MACHINE_CONTAINER] = "container",
-        [MACHINE_VM] = "vm",
+        [MACHINE_VM]        = "vm",
-        [MACHINE_HOST] = "host",
+        [MACHINE_HOST]      = "host",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(machine_class, MachineClass);

src/machine/machined.c

@@ -198,15 +198,13 @@ static int manager_enumerate_machines(Manager *m) {
 
                 k = manager_add_machine(m, de->d_name, &machine);
                 if (k < 0) {
-                        r = log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name);
+                        RET_GATHER(r, log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name));
                         continue;
                 }
 
                 machine_add_to_gc_queue(machine);
 
-                k = machine_load(machine);
+                RET_GATHER(r, machine_load(machine));
-                if (k < 0)
-                        r = k;
         }
 
         return r;

src/nspawn/nspawn-settings.c

@@ -1003,29 +1003,6 @@ int config_parse_bind_user(
         return 0;
 }
 
-int parse_bind_user_shell(const char *s, char **ret_sh, bool *ret_copy) {
-        char *sh;
-        int r;
-
-        if (path_is_absolute(s) && path_is_normalized(s)) {
-                sh = strdup(s);
-                if (!sh)
-                        return -ENOMEM;
-
-                *ret_sh = sh;
-                *ret_copy = false;
-        } else {
-                r = parse_boolean(s);
-                if (r < 0)
-                        return r;
-
-                *ret_sh = NULL;
-                *ret_copy = r;
-        }
-
-        return 0;
-}
-
 int config_parse_bind_user_shell(
                 const char *unit,
                 const char *filename,
@@ -1053,7 +1030,7 @@ int config_parse_bind_user_shell(
                 return 0;
         }
 
-        r = parse_bind_user_shell(rvalue, &sh, &copy);
+        r = parse_user_shell(rvalue, &sh, &copy);
         if (r == -ENOMEM)
                 return log_oom();
         if (r < 0) {

src/nspawn/nspawn-settings.h

@@ -276,8 +276,6 @@ CONFIG_PARSER_PROTOTYPE(config_parse_userns_ownership);
 CONFIG_PARSER_PROTOTYPE(config_parse_bind_user);
 CONFIG_PARSER_PROTOTYPE(config_parse_bind_user_shell);
 
-int parse_bind_user_shell(const char *s, char **ret_sh, bool *ret_copy);
-
 const char* resolv_conf_mode_to_string(ResolvConfMode a) _const_;
 ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
 

src/nspawn/nspawn.c

@@ -1542,7 +1542,7 @@ static int parse_argv(int argc, char *argv[]) {
                 case ARG_BIND_USER_SHELL: {
                         bool copy = false;
                         char *sh = NULL;
-                        r = parse_bind_user_shell(optarg, &sh, &copy);
+                        r = parse_user_shell(optarg, &sh, &copy);
                         if (r == -ENOMEM)
                                 return log_oom();
                         if (r < 0)

src/repart/repart.c

@@ -955,7 +955,7 @@ static uint64_t partition_fstype_min_size(const Context *c, const Partition *p)
 }
 
 static uint64_t partition_min_size(const Context *context, const Partition *p) {
-        uint64_t sz, override_min;
+        uint64_t sz;
 
         assert(context);
         assert(p);
@@ -997,9 +997,17 @@ static uint64_t partition_min_size(const Context *context, const Partition *p) {
                         sz = d;
         }
 
-        override_min = p->suppressing ? MAX(p->size_min, p->suppressing->size_min) : p->size_min;
+        uint64_t min_size = p->size_min;
+        if (p->suppressing && (min_size == UINT64_MAX || p->suppressing->size_min > min_size))
+                min_size = p->suppressing->size_min;
 
-        return MAX(round_up_size(override_min != UINT64_MAX ? override_min : DEFAULT_MIN_SIZE, context->grain_size), sz);
+        /* Default to 10M min size, except if the file system is read-only, in which case let's not enforce a
+         * minimum size, because even if we wanted to we couldn't take possession of the extra space
+         * allocated. */
+        if (min_size == UINT64_MAX)
+                min_size = (p->format && fstype_is_ro(p->format)) || p->verity != VERITY_OFF ? 1 : DEFAULT_MIN_SIZE;
+
+        return MAX(round_up_size(min_size, context->grain_size), sz);
 }
 
 static uint64_t partition_max_size(const Context *context, const Partition *p) {