From 357e33f2bba5d6d7175c803373327a9f5b736538 Mon Sep 17 00:00:00 2001
From: Nikita Dubrovskii <nikita@linux.ibm.com>
Date: Tue, 5 Nov 2024 15:51:24 +0100
Subject: [PATCH] coreos-secex-ignition-prepare: remount /usr rw if needed

Fedora 41 comes with systemd-256, where /usr is read-only during
initramfs time.

See similar issue description in https://github.com/coreos/ignition/issues/1891
---
 .../35coreos-ignition/coreos-secex-ignition-prepare.sh      | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh
index 018c640258..e42d655d22 100755
--- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh
@@ -15,6 +15,12 @@ cleanup() {
 
 trap cleanup EXIT
 
+# Fedora 41 comes with systemd-256, where /usr is read-only during initramfs time.
+# https://github.com/coreos/ignition/issues/1891
+if [ ! -w /usr ]; then
+    mount -o rw,remount /usr
+fi
+
 # copy base Secure Execution config (enables LUKS+dm-verity for boot and root partitions)
 cp /usr/lib/coreos/01-secex.ign /usr/lib/ignition/base.d/01-secex.ign