From 4bf40b2d322e34a5e3be28486987cc7bbb9125f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
Date: Mon, 2 Apr 2018 23:53:38 +0200
Subject: [PATCH] udev-udisks-rules-rpi: Hide initial boot partition from
 udisks2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If I am not mistaken, many desktops (kde/lxqt/xfce..) use udisks2 to ask for
devices which can be mounted. Without this patch the initial boot partition
can be mounted by a single click on folder displayed on desktop or file manager.

Why it is suggested to add this recipe to an image:
* It removes annoying icon in desktop/file manager.
* The initial boot partition is vfat. Unpriviledged users can modify
  content. E.g by removing files accidently, images can be turned into
  non-booting condition easily. And from security point of view, it is a
  disaster.

FWIW: Have similar in all my BSPs vor very long time.

Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
---
 .../udev/udev-rules-udisks-rpi/80-udisks-rpi.rules    | 10 ++++++++++
 recipes-core/udev/udev-rules-udisks-rpi_1.0.bb        | 11 +++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 recipes-core/udev/udev-rules-udisks-rpi/80-udisks-rpi.rules
 create mode 100644 recipes-core/udev/udev-rules-udisks-rpi_1.0.bb

diff --git a/recipes-core/udev/udev-rules-udisks-rpi/80-udisks-rpi.rules b/recipes-core/udev/udev-rules-udisks-rpi/80-udisks-rpi.rules
new file mode 100644
index 0000000..3eff66d
--- /dev/null
+++ b/recipes-core/udev/udev-rules-udisks-rpi/80-udisks-rpi.rules
@@ -0,0 +1,10 @@
+##############################################################################################################
+
+# Partitions which desktops should not display
+#
+
+# boot partition
+ENV{ID_FS_TYPE}=="vfat", ENV{ID_FS_LABEL}=="raspberrypi", \
+  ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
+
+##############################################################################################################
diff --git a/recipes-core/udev/udev-rules-udisks-rpi_1.0.bb b/recipes-core/udev/udev-rules-udisks-rpi_1.0.bb
new file mode 100644
index 0000000..a238f52
--- /dev/null
+++ b/recipes-core/udev/udev-rules-udisks-rpi_1.0.bb
@@ -0,0 +1,11 @@
+DESCRIPTION = "add udisk/udev rule to hide boot partition from udev"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+SRC_URI = "file://80-udisks-rpi.rules"
+
+do_install () {
+	install -d ${D}${base_libdir}/udev/rules.d
+	install -m 644 ${WORKDIR}/80-udisks-rpi.rules ${D}${base_libdir}/udev/rules.d
+}
+
+FILES_${PN} = "${base_libdir}/udev/rules.d"