From 224817fda9d686cc298c8ffe4439497cfc5cf517 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Thu, 28 Jun 2012 12:33:59 -0700
Subject: [PATCH] Relocate stateful_parition/var to
 stateful_partition/var_overlay

To avoid needing to migrate fresh dev images's /var contents when
using the encrypted partition, move the /var bits out of the old
stateful_partition/var location into stateful_partition/var_overlay.

The (initially empty) system /var will continue to either live
in stateful_partition/var (in the unencrypted case), or in
stateful_partition/encrypted/var (in the encrypted case).

The contents needed for gmerge will be symlinked into place at runtime
(via CL I6e68b1f334f5d5b3c4d2977008435bd929191ce7). While the installer
already makes sure that /var is not shipped on an image, this change
additionally make sure that the other contents installed by the ebuilds
will not show up in the actual /var either.

BUG=chromium-os:22172
TEST=link build, boot, install, manual testing.

Change-Id: Ie6480a59929818fe5d36a46abf533b648fb78850
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/26355
Reviewed-by: Chris Sosa <sosa@chromium.org>
---
 bin/cros_update_image.sh         | 4 ++--
 build_library/base_image_util.sh | 8 ++++----
 mount_gpt_image.sh               | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/bin/cros_update_image.sh b/bin/cros_update_image.sh
index 8dc7c80904..4ffe59ec1f 100755
--- a/bin/cros_update_image.sh
+++ b/bin/cros_update_image.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -53,7 +53,7 @@ cp ./part_* ./orig_partitions
 sudo mount -o loop part_3 rootfs
 sudo mount -o loop part_1 stateful_part
 sudo mount --bind stateful_part/dev_image rootfs/usr/local
-sudo mount --bind stateful_part/var rootfs/var
+sudo mount --bind stateful_part/var_overlay rootfs/var
 
 emerge-${BOARD} --root="./rootfs" \
    --root-deps=rdeps --nodeps --usepkgonly ${PKGS}
diff --git a/build_library/base_image_util.sh b/build_library/base_image_util.sh
index b924a7d867..5f67de0be9 100755
--- a/build_library/base_image_util.sh
+++ b/build_library/base_image_util.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -117,11 +117,11 @@ create_base_image() {
 
   # Prepare stateful partition with some pre-created directories.
   sudo mkdir -p "${DEV_IMAGE_ROOT}"
-  sudo mkdir -p "${STATEFUL_FS_DIR}/var"
+  sudo mkdir -p "${STATEFUL_FS_DIR}/var_overlay"
 
   # Create symlinks so that /usr/local/usr based directories are symlinked to
   # /usr/local/ directories e.g. /usr/local/usr/bin -> /usr/local/bin, etc.
-  setup_symlinks_on_root "${DEV_IMAGE_ROOT}" "${STATEFUL_FS_DIR}/var" \
+  setup_symlinks_on_root "${DEV_IMAGE_ROOT}" "${STATEFUL_FS_DIR}/var_overlay" \
     "${STATEFUL_FS_DIR}"
 
   # Perform binding rather than symlinking because directories must exist
@@ -130,7 +130,7 @@ create_base_image() {
   sudo mkdir -p "${ROOT_FS_DIR}/usr/local"
   sudo mount --bind "${DEV_IMAGE_ROOT}" "${ROOT_FS_DIR}/usr/local"
   sudo mkdir -p "${ROOT_FS_DIR}/var"
-  sudo mount --bind "${STATEFUL_FS_DIR}/var" "${ROOT_FS_DIR}/var"
+  sudo mount --bind "${STATEFUL_FS_DIR}/var_overlay" "${ROOT_FS_DIR}/var"
   sudo mkdir -p "${ROOT_FS_DIR}/dev"
 
   # We need to install libc manually from the cross toolchain.
diff --git a/mount_gpt_image.sh b/mount_gpt_image.sh
index 9df9b2bd6a..b8a0e21cff 100755
--- a/mount_gpt_image.sh
+++ b/mount_gpt_image.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -180,7 +180,7 @@ mount_image() {
   fi
 
   # Mount directories and setup symlinks.
-  sudo mount --bind "${FLAGS_stateful_mountpt}/var" \
+  sudo mount --bind "${FLAGS_stateful_mountpt}/var_overlay" \
     "${FLAGS_rootfs_mountpt}/var"
   sudo mount --bind "${FLAGS_stateful_mountpt}/dev_image" \
     "${FLAGS_rootfs_mountpt}/usr/local"
@@ -188,7 +188,7 @@ mount_image() {
 
   if [ ${FLAGS_read_only} -eq ${FLAGS_FALSE} ]; then
     setup_symlinks_on_root "${FLAGS_stateful_mountpt}/dev_image" \
-      "${FLAGS_stateful_mountpt}/var" "${FLAGS_stateful_mountpt}"
+      "${FLAGS_stateful_mountpt}/var_overlay" "${FLAGS_stateful_mountpt}"
   fi
   info "Image specified by ${FLAGS_from} mounted at"\
     "${FLAGS_rootfs_mountpt} successfully."