From patchwork Sun Feb 18 09:43:14 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dave.elek.96@gmail.com
X-Patchwork-Id: 39635
Return-Path: <dave.elek.96@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D4EBDC4829E
	for <webhook@archiver.kernel.org>; Sun, 18 Feb 2024 09:43:21 +0000 (UTC)
Subject: systemd-firstboot not triggered on read/write /etc folder
To: openembedded-core@lists.openembedded.org
From: dave.elek.96@gmail.com
X-Originating-Location: Budapest, HU (31.46.251.245)
X-Originating-Platform: Linux Firefox 122
User-Agent: GROUPS.IO Web Poster
MIME-Version: 1.0
Date: Sun, 18 Feb 2024 01:43:14 -0800
Message-ID: <vkHb.1708249394873752860.quep@lists.openembedded.org>
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Sun, 18 Feb 2024 09:43:21 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/195823

Hi!

In the systemd-systemctl there is a *systemctl* script used for some configuration/settings for the systemd services (e.g. enabling services).

In this script if we call the *preset_all* command, it will create an empty /etc/machine-id file. This is required on read-only /etc folder, otherwise the systemd will fail to boot. However on read-write /etc folder this file is still created, which prevents systemd to satisfy the ConditionFirstBoot condition. This is used in systemd services, for example for systemd-firstboot, where you can configure the root password, localization, hostname, etc.

The preset_all command is triggered from the image.bbclass file. A quick solution in my case was to add a task in my own layer, which deletes the /etc/machine-id file, but I think it would be great, to prevent others from the headache it can cause to investigate/fix this.

I attached the patch file about my proposed solution.

Waiting for you reply soon,
David

From 137e3bab6ad5d228105e9936f020a49eaaa4c943 Mon Sep 17 00:00:00 2001
From: "Elek, David" <dave.elek.96@gmail.com>
Date: Sat, 17 Feb 2024 18:39:20 +0100
Subject: [PATCH] image.bbclass: add readonly parameter in systemd_preset_all

If IMAGE_FEATURES contains read-only-rootfs call the systemctl script
with --readonly argument.

systemd-systemctl/systemctl: check for readonly argument
if the script was called with this argument, it will prevent creating
the /etc/machine-id file when executing the preset_all command

If the system is read-write and the /etc/machine-id file exists, the
systemd-firstboot is not triggered (ConditionFirstBoot=yes condition is
not met). In readonly rootfs the empty machine-id file must be created,
because of the systemd.

Signed-off-by: Elek, David <dave.elek.96@gmail.com>
---
 meta/classes/image.bbclass                            | 2 +-
 meta/recipes-core/systemd/systemd-systemctl/systemctl | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 00413d56d1..e68cf780e6 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -669,7 +669,7 @@ reproducible_final_image_task () {
 
 systemd_preset_all () {
     if [ -e ${IMAGE_ROOTFS}${root_prefix}/lib/systemd/systemd ]; then
-	systemctl --root="${IMAGE_ROOTFS}" --preset-mode=enable-only preset-all
+	systemctl --root="${IMAGE_ROOTFS}" --preset-mode=enable-only preset-all ${@bb.utils.contains('IMAGE_FEATURES', 'read-only-rootfs', '--readonly', '', d)}
     fi
 }
 
diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 0fd7e24085..0850a37575 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -273,7 +273,7 @@ def collect_services(root):
     return services
 
 
-def preset_all(root):
+def preset_all(root, readonly):
     presets = Presets('system-preset', root)
     services = collect_services(root)
 
@@ -293,7 +293,8 @@ def preset_all(root):
     # For the stateless configuration, where /etc is generated at runtime
     # (for example on a tmpfs), this script shouldn't run at all and we
     # allow systemd to completely populate /etc.
-    (root / SYSCONFDIR / "machine-id").touch()
+    if readonly:
+        (root / SYSCONFDIR / "machine-id").touch()
 
 
 def main():
@@ -308,6 +309,7 @@ def main():
     parser.add_argument('--preset-mode',
                         choices=['full', 'enable-only', 'disable-only'],
                         default='full')
+    parser.add_argument('--readonly', action='store_true')
 
     args = parser.parse_args()
 
@@ -341,7 +343,7 @@ def main():
             sys.exit("Too many arguments.")
         if args.preset_mode != "enable-only":
             sys.exit("Only enable-only is supported as preset-mode.")
-        preset_all(root)
+        preset_all(root, args.readonly)
     else:
         raise RuntimeError()
 
-- 
2.25.1