[PATCH] isar-installer: Mount /tmp as tmpfs for read-only boot fix

[Badrikesh Prusty]

Fix image installation when isar-image-installer rootfs is booted as read-only
by ensuring /tmp is mounted as tmpfs.
This change utilizes systemd's tmp.mount to mount /tmp as tmpfs. Since systemd
versions up to Debian Bookworm ship tmp.mount in /usr/share/systemd/, the file
must be copied to a directory where systemctl can enable it.
For systemd versions 256.x and newer, tmp.mount is shipped in the appropriate
location: /usr/lib/systemd/system/tmp.mount

Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com>
---
.../deploy-image/deploy-image_0.1.bb | 3 ++-
.../systemd-tmpfs-tmp/files/postinst | 15 +++++++++++++++
.../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 10 ++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb

diff --git a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
index 54e521b5..e67feae5 100644
--- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
+++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
@@ -11,7 +11,8 @@ SRC_URI = "file://usr/bin/deploy-image-wic.sh \
file://usr/lib/deploy-image-wic/handle-config.sh \
"
DEPENDS:bookworm += "bmap-tools"
-DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, xz-utils, pbzip2, zstd"
+DEPENDS:append = " systemd-tmpfs-tmp"
+DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
do_install[cleandirs] = "${D}/usr/bin/ \
${D}/usr/lib/deploy-image-wic \
"
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
new file mode 100644
index 00000000..be1594e6
--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+# Enable tmp.mount if /tmp is NOT configured in /etc/fstab
+if ! grep -q '/tmp' /etc/fstab; then
+ # Ensure tmp.mount exists in systemd path
+ if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -e /etc/systemd/system/tmp.mount ]; then
+ cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+ fi
+
+ # Enable the mount unit using deb-systemd-helper
+ deb-systemd-helper enable tmp.mount || true
+fi
+
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb
new file mode 100644
index 00000000..821cdd5f
--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb
@@ -0,0 +1,10 @@
+# This software is a part of ISAR.
+# Copyright (C) Siemens AG, 2024
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+
+SRC_URI = "file://postinst"
+
+DEBIAN_DEPENDS = "systemd"
--
2.39.5

[Badrikesh Prusty]

Fix image installation when isar-image-installer rootfs is booted as read-only
by ensuring /tmp is mounted as tmpfs.

With the latest isar installer, Bmaptool now creates the /tmp/progress pipe to
track and display installation progress in a progress bar.

index 00000000..a1410f65

--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb
@@ -0,0 +1,10 @@
+# This software is a part of ISAR.

+# Copyright (C) Siemens AG, 2025

[MOESSBAUER, Felix]

On Fri, 2025-06-13 at 13:23 -0400, 'Badrikesh Prusty' via isar-users
wrote:

The combination of DEPENDS:bookworm += ... and DEPENDS:append is
dangerous. We better refactor this to DEPENDS:append:bookworm = " ...",
DEPENDS:append = " ...".

Please also set the DESCRIPTION and MAINTAINER fields.

Felix

> --
> 2.39.5

--
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany

[Badrikesh Prusty]

Fix image installation when isar-image-installer rootfs is booted as read-only
by ensuring /tmp is mounted as tmpfs.

With the latest isar installer, Bmaptool now creates the /tmp/progress pipe to
track and display installation progress in a progress bar.

This change utilizes systemd's tmp.mount to mount /tmp as tmpfs. Since systemd
versions up to Debian Bookworm ship tmp.mount in /usr/share/systemd/, the file
must be copied to a directory where systemctl can enable it.
For systemd versions 256.x and newer, tmp.mount is shipped in the appropriate
location: /usr/lib/systemd/system/tmp.mount

Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com>
---

.../deploy-image/deploy-image_0.1.bb | 6 ++++--
.../systemd-tmpfs-tmp/files/postinst | 15 +++++++++++++++
.../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 13 +++++++++++++
3 files changed, 32 insertions(+), 2 deletions(-)

create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb

diff --git a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb

index 54e521b5..b287a8d1 100644
--- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
+++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
@@ -10,8 +10,10 @@ inherit dpkg-raw

SRC_URI = "file://usr/bin/deploy-image-wic.sh \
file://usr/lib/deploy-image-wic/handle-config.sh \
"

-DEPENDS:bookworm += "bmap-tools"

-DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, xz-utils, pbzip2, zstd"
+

+DEPENDS:append:bookworm = " bmap-tools"
+DEPENDS:append = " systemd-tmpfs-tmp"

+DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
do_install[cleandirs] = "${D}/usr/bin/ \
${D}/usr/lib/deploy-image-wic \
"
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
new file mode 100644

index 00000000..cb979303

--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+

+# Enable tmp.mount if /tmp is not configured in /etc/fstab

+if ! grep -q '/tmp' /etc/fstab; then
+ # Ensure tmp.mount exists in systemd path
+ if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -e /etc/systemd/system/tmp.mount ]; then
+ cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+ fi
+
+ # Enable the mount unit using deb-systemd-helper
+ deb-systemd-helper enable tmp.mount || true
+fi
+
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb

new file mode 100644
index 00000000..c0ab1bcf
--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb
@@ -0,0 +1,13 @@

+# This software is a part of ISAR.

+# Copyright (C) Siemens AG, 2025

+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+

+DESCRIPTION = "Configures /tmp as systemd-managed temporary filesystem (tmpfs), ensuring read-write access even if rootfs is read-only"
+MAINTAINER = "isar-users <isar-...@googlegroups.com>"

+
+SRC_URI = "file://postinst"
+
+DEBIAN_DEPENDS = "systemd"

--
2.39.5

[Badrikesh Prusty]

Hi,

Thanks for your feedback. Added DESCRIPTION and MAINTAINER field and updated to DEPENDS:append:bookworm.

I had the same feeling when DEPENDS += wasn't working while DEPENDS:bookworm += was set, but I didn't investigate much since DEPENDS:append worked. Thank you for the clarification.

Badrikesh

[Heinisch, Alexander]

On Mon, 2025-06-16 at 03:01 -0700, 'Badrikesh Prusty' via isar-users

Systemd already provides some predefined behaviour to manage common
mounts like `/tmp`. [1]

"If a mount point is configured in both /etc/fstab and a unit file that
is stored below /usr/, the former will take precedence. If the unit
file is stored below /etc/, it will take precedence. This means: native
unit files take precedence over traditional configuration files, but
this is superseded by the rule that configuration in /etc/ will always
take precedence over configuration in /usr/."
- [2]

TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
takes care about fstab vs tmp.mount precedence as you try to enforce it
here.
Besides that, as this check is executed as postinst, it possibly leads
to undesired mount results, depending on package install order. e.g.
later packages modify `/etc/fstab`.

> > > > > > +if ! grep -q '/tmp' /etc/fstab; then
> > > > > > +    # Ensure tmp.mount exists in systemd path
> > > > > > +    if [ ! -e /usr/lib/systemd/system/tmp.mount ] && [ ! -
> > > > > > e
> > > > > > /etc/systemd/system/tmp.mount ]; then
> > > > > > +        cp /usr/share/systemd/tmp.mount
> > > > > > /etc/systemd/system/tmp.mount
> > > > > > +    fi
> > > > > > +
> > > > > > +    # Enable the mount unit using deb-systemd-helper
> > > > > > +    deb-systemd-helper enable tmp.mount || true
> > > > > > +fi
> > > > > > +
> > > > > > diff --git
> > > > > > a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-
> > > > > > tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-
> > > > > > tmpfs-
> > > > > > tmp/systemd-tmpfs-tmp_0.1.bb
> > > >
> > > > > > new file mode 100644
> > > > > > index 00000000..821cdd5f
> > > > > > --- /dev/null
> > > > > > +++

Is this recipe somehow aligned with the one already available in isar-
cip-core?
[3] CC: Quirin

Imo, this recipe aims for a similar result, but provides more complete
dependencies. Both overrule systemd filesystem api semantics [1,2] as
they put the unit file under `/etc/systemd/system/` (as described
above).

1: https://systemd.io/API_FILE_SYSTEMS/
2:
https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html#
3:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/recipes-core/tmp-fs/tmp-fs_0.2.bb?ref_type=heads

> > > > > > b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-

> > > > > > tmpfs-
> > > > > > tmp_0.1.bb
> > > >
> > > > > > @@ -0,0 +1,10 @@
> > > > > > +# This software is a part of ISAR.
> > > > > > +# Copyright (C) Siemens AG, 2024
> > > > > > +#
> > > > > > +# SPDX-License-Identifier: MIT
> > > > > > +
> > > > > > +inherit dpkg-raw
> > > > > > +
> > > > > > +SRC_URI = "file://postinst"
> > > > > > +
> > > > > > +DEBIAN_DEPENDS = "systemd"
> > > >
> > > > Please also set the DESCRIPTION and MAINTAINER fields.
> > > >
> > > > Felix
> > > >
> > > > > > --
> > > > > > 2.39.5
> > > >
> > > > --
> > > > Siemens AG
> > > > Linux Expert Center
> > > > Friedrich-Ludwig-Bauer-Str. 3
> > > > 85748 Garching, Germany
> > > >

BR Alexander

--
Alexander Heinisch
Siemens AG
www.siemens.com

--
Alexander Heinisch
Siemens AG
www.siemens.com

[Badrikesh Prusty]

Hi,

Sorry for the delay.

Thanks for your feedback. I just tried few use cases based on your comment.

On Debian Bookworm, works as expected.

On Debian Trixie, I assumed tmp.mount from /usr/lib/systemd/system/ gets symlinked to /etc/systemd/system/ when we do systemctl enable, but it didn't work.

Case 1: /tmp defined in /etc/fstab, service file: /usr/lib/systemd/system/tmp.mount, systemctl enable didn't work as /tmp is managed by fstab

Result: The /etc/fstab entry for /tmp is in effect.

Case 2: /tmp defined in /etc/fstab, service file: /usr/lib/systemd/system/tmp.mount copied to /etc/systemd/system/tmp.mount

Result: The unit file /etc/systemd/system/tmp.mount configuration for /tmp is in effect.

Will send an updated patch soon.

Thanks,

Badrikesh

[Badrikesh Prusty]

From: badrikesh prusty <badrikes...@siemens.com>

Fix image installation when isar-image-installer rootfs is booted as read-only
by ensuring /tmp is mounted as tmpfs.

With the latest isar installer, Bmaptool now creates the /tmp/progress pipe to
track and display installation progress in a progress bar.

To mount /tmp as tmpfs, this change utilizes systemd's tmp.mount. As tmp.mount
is located in /usr/share/systemd/ for systemd versions up to Debian Bookworm,
and in /usr/lib/systemd/system/tmp.mount for versions 256.x and newer, the file
must be copied to /etc/systemd/system/.

Placing tmp.mount unit file in /etc/systemd/system/ ensures its configuration
for /tmp takes precedence, overriding any entry found in /etc/fstab.

Signed-off-by: badrikesh prusty <badrikes...@siemens.com>
---
.../deploy-image/deploy-image_0.1.bb | 6 ++++--
.../systemd-tmpfs-tmp/files/postinst | 16 ++++++++++++++++
.../systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb | 13 +++++++++++++
3 files changed, 33 insertions(+), 2 deletions(-)

create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb

diff --git a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb

index 54e521b5..b287a8d1 100644
--- a/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb
+++ b/meta-isar/recipes-installer/deploy-image/deploy-image_0.1.bb

@@ -10,8 +10,10 @@ inherit dpkg-raw

SRC_URI = "file://usr/bin/deploy-image-wic.sh \
file://usr/lib/deploy-image-wic/handle-config.sh \
"

-DEPENDS:bookworm += "bmap-tools"

-DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, xz-utils, pbzip2, zstd"

+
+DEPENDS:append:bookworm = " bmap-tools"
+DEPENDS:append = " systemd-tmpfs-tmp"

+DEBIAN_DEPENDS = "bmap-tools, pv, dialog, util-linux, parted, fdisk, gdisk, pigz, systemd-tmpfs-tmp, xz-utils, pbzip2, zstd"
do_install[cleandirs] = "${D}/usr/bin/ \
${D}/usr/lib/deploy-image-wic \
"
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
new file mode 100644

index 00000000..9d75025d
--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/files/postinst
@@ -0,0 +1,16 @@

+#!/bin/sh
+
+set -e
+

+DEST="/etc/systemd/system/tmp.mount"
+
+if [ ! -e "${DEST}" ]; then
+ # Possible source paths for tmp.mount
+ for SRC in /usr/share/systemd/tmp.mount /usr/lib/systemd/system/tmp.mount; do
+ # If the source file exists, copy it to the destination and exit the loop
+ [ -e "${SRC}" ] && cp ${SRC} ${DEST} && break
+ done
+fi
+
+# Enable the mount unit using deb-systemd-helper; ignore errors if it fails
+deb-systemd-helper enable tmp.mount || true
diff --git a/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb
new file mode 100644

index 00000000..c0ab1bcf
--- /dev/null
+++ b/meta-isar/recipes-installer/systemd-tmpfs-tmp/systemd-tmpfs-tmp_0.1.bb

@@ -0,0 +1,13 @@

+# This software is a part of ISAR.

+# Copyright (C) Siemens AG, 2025

+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg-raw
+

+DESCRIPTION = "Configures /tmp as systemd-managed temporary filesystem (tmpfs), ensuring read-write access even if rootfs is read-only"
+MAINTAINER = "isar-users <isar-...@googlegroups.com>"

+
+SRC_URI = "file://postinst"
+
+DEBIAN_DEPENDS = "systemd"

--
2.47.2

[Heinisch, Alexander]

On Sun, 2025-06-29 at 16:28 -0400, 'Badrikesh Prusty' via isar-users
wrote:

>  create mode 100644 meta-isar/recipes-installer/systemd-tmpfs-
> tmp/systemd-tmpfs-tmp_0.1.b
> b
>
> diff --git a/meta-isar/recipes-installer/deploy-image/deploy-
> image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy-
> image_0.1.bb

Do we really want to overrule /etc/fstab?
Wouldn't `DEST="/usr/lib/systemd/system/tmp.mount"` be a more defensive
approach?

Repost from previous thread:
---

Systemd already provides some predefined behaviour to manage common
mounts like `/tmp`. [1]

"If a mount point is configured in both /etc/fstab and a unit file that
is stored below /usr/, the former will take precedence. If the unit
file is stored below /etc/, it will take precedence. This means: native
unit files take precedence over traditional configuration files, but
this is superseded by the rule that configuration in /etc/ will always
take precedence over configuration in /usr/."
- [2]

TL;DR: If we put `tmp.mount` at `/usr/lib/systemd/system/` systemd
takes care about fstab vs tmp.mount precedence as you try to enforce it
here.
Besides that, as this check is executed as postinst, it possibly leads
to undesired mount results, depending on package install order. e.g.
later packages modify `/etc/fstab`.

---

[Badrikesh Prusty]

Hi,

I'm unsure why a defensive approach to avoid overruling /etc/fstab.

My goal for systemd-tmpfs-tmp package (as it is configuration package) was for it to be an out-of-the-box solution requiring no additional configuration. Since users can choose whether to pre-install this package during build time, and if /tmp is already configured in /etc/fstab (if users aren't aware of), installing it will be ineffective, which could lead users to think it's not working as intended.

Furthermore, systemd versions >= 256 now ship the tmp.mount unit file at /usr/lib/systemd/system/tmp.mount.

Any suggestions are welcome.

Thanks,

Badrikesh

[Heinisch, Alexander]

On Tue, 2025-07-01 at 23:00 -0700, 'Badrikesh Prusty' via isar-users
wrote:

> Hi,
>
> I'm unsure why a defensive approach to avoid overruling /etc/fstab.

I thought this package is used to fill the gap for what comes with
later systemd versions >=256 as default.

>

> My goal for systemd-tmpfs-tmp package (as it is configuration
> package) was for it to be an out-of-the-box solution requiring no
> additional configuration. Since users can choose whether to pre-
> install this package during build time, and if /tmp is already
> configured in /etc/fstab (if users aren't aware of), installing it
> will be ineffective, which could lead users to think it's not working
> as intended.

Valid argument.

> > > --- a/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb
> >
> > > +++ b/meta-isar/recipes-installer/deploy-image/deploy-
> > > image_0.1.bb
> >

[Baurzhan Ismagulov]

On 2025-06-29 16:28, 'Badrikesh Prusty' via isar-users wrote:
> Fix image installation when isar-image-installer rootfs is booted as read-only
> by ensuring /tmp is mounted as tmpfs.
>
> With the latest isar installer, Bmaptool now creates the /tmp/progress pipe to
> track and display installation progress in a progress bar.
>
> To mount /tmp as tmpfs, this change utilizes systemd's tmp.mount. As tmp.mount
> is located in /usr/share/systemd/ for systemd versions up to Debian Bookworm,
> and in /usr/lib/systemd/system/tmp.mount for versions 256.x and newer, the file
> must be copied to /etc/systemd/system/.
>
> Placing tmp.mount unit file in /etc/systemd/system/ ensures its configuration
> for /tmp takes precedence, overriding any entry found in /etc/fstab.

Applied to next, thanks.

With kind regards,
Baurzhan