Skip to content

Commit

Permalink
resin-mounts: only run non-encrypted mount if partition exists
Browse files Browse the repository at this point in the history 
When signed images are used without opting in secure boot, we don't want
the encrypted mount service to run and fail as there is no encrypted
boot partition.

This commit adds a condition to the encrypted boot mount service to only
run if the encrypted boot partition exists, similarly to what is
already done for EFI builds.

Change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
  • Loading branch information
@alexgg
alexgg committed Feb 18, 2025
1 parent da5f840 commit 8af0078
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions meta-balena-common/recipes-support/resin-mounts/resin-mounts.bb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ do_install:prepend () {
sed -i -e "s/@@BALENA_NONENC_BOOT_LABEL@@/${BALENA_NONENC_BOOT_LABEL}/g" "${D}${systemd_unitdir}/system/${BALENA_NONENC_BOOT_LABEL}.service"
if ${@bb.utils.contains('MACHINE_FEATURES','efi','true','false',d)}; then
sed -i '/^\[Unit\]/a ConditionPathIsSymbolicLink=/mnt/boot/EFI' "${D}${systemd_unitdir}/system/${BALENA_NONENC_BOOT_LABEL}.service"
else
sed -i "/^\[Unit\]/a ConditionPathExists=/dev/disk/by-state/${BALENA_NONENC_BOOT_LABEL}" "${D}${systemd_unitdir}/system/${BALENA_NONENC_BOOT_LABEL}.service"
fi
fi
for service in ${SYSTEMD_SERVICE:resin-mounts}; do
Expand Down

0 comments on commit 8af0078

Please sign in to comment.