Systemd first boot with rw rootfs
26 views
Skip to first unread message
Gylstorff Quirin
Nov 29, 2022, 4:51:16 AM11/29/22
to isar-users, Moessbauer, Felix (T RDA IOT SES-DE), Kiszka, Jan (CT RDA IOT SES-DE)
Hi all,
currently we trigger a first boot by removing the machine-id from the
root file system[1]. In case of a writable root filesystem systemd will
enable all units in /usr/lib/systemd/system with the vendor preset
enable. This will also enable units in /usr/lib/systemd/system which are
disable during the installation like ssh.socket[2].
This will not happen in a Debian installation as first boot is the
installation boot as defined by:
"For normal operating system installations, where a custom image is
created for a specific machine, /etc/machine-id should be populated
during installation."[3]
If a first boot is not detected, e.g. by using an empty /etc/machine-id,
the units are started as defined during the installation [4].
Another possibility is to mask the units during the the installation.
[1]:
https://github.com/ilbers/isar/blob/49854b625a6b0dc9339a33c3b4d78b2ce418b377/meta/classes/image-postproc-extension.bbclass#L57
[2]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/48
[3]:
https://manpages.debian.org/bullseye/systemd/machine-id.5.en.html#INITIALIZATION
[4]:
https://manpages.debian.org/bullseye/systemd/machine-id.5.en.html#FIRST_BOOT_SEMANTICS
--
With best regards,
Quirin Gylstorff
Siemens AG
Technology
currently we trigger a first boot by removing the machine-id from the
root file system[1]. In case of a writable root filesystem systemd will
enable all units in /usr/lib/systemd/system with the vendor preset
enable. This will also enable units in /usr/lib/systemd/system which are
disable during the installation like ssh.socket[2].
This will not happen in a Debian installation as first boot is the
installation boot as defined by:
"For normal operating system installations, where a custom image is
created for a specific machine, /etc/machine-id should be populated
during installation."[3]
If a first boot is not detected, e.g. by using an empty /etc/machine-id,
the units are started as defined during the installation [4].
Another possibility is to mask the units during the the installation.
[1]:
https://github.com/ilbers/isar/blob/49854b625a6b0dc9339a33c3b4d78b2ce418b377/meta/classes/image-postproc-extension.bbclass#L57
[2]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/issues/48
[3]:
https://manpages.debian.org/bullseye/systemd/machine-id.5.en.html#INITIALIZATION
[4]:
https://manpages.debian.org/bullseye/systemd/machine-id.5.en.html#FIRST_BOOT_SEMANTICS
--
With best regards,
Quirin Gylstorff
Siemens AG
Technology
Quirin Gylstorff
Nov 29, 2022, 5:46:57 AM11/29/22
to isar-...@googlegroups.com, felix.mo...@siemens.com, jan.k...@siemens.com
From: Quirin Gylstorff <quirin.g...@siemens.com>
The Default implementation will not trigger the first boot condition.
In case of a writable root file system systemd will enable all
This will not happen in a Debian installation as first boot is
the installation boot as defined by:
"For normal operating system installations, where a custom image
is created for a specific machine, /etc/machine-id should be
populated during installation."
Signed-off-by: Quirin Gylstorff <quirin.g...@siemens.com>
---
meta/classes/image-postproc-extension.bbclass | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
index 4a901cb..7e3b8e0 100644
--- a/meta/classes/image-postproc-extension.bbclass
+++ b/meta/classes/image-postproc-extension.bbclass
@@ -53,15 +53,14 @@ image_postprocess_mark() {
--build-id "${BUILD_ID}" --variant "${DESCRIPTION}" --version "${PV}"
}
+ENABLE_SYSTEMD_FIRST_BOOT ??= "0"
ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id"
image_postprocess_machine_id() {
- # systemd(1) takes care of recreating the machine-id on first boot
- # for systemd < v247, set to empty string, else set to uninitialized
- # (required if initramfs with ro root is used)
SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" )
- MACHINE_ID="uninitialized"
- if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then
- MACHINE_ID=""
+ MACHINE_ID=""
+ if [ "${ENABLE_SYSTEMD_FIRST_BOOT}" = "1" ] && \
+ dpkg --compare-versions "$SYSTEMD_VERSION" "gt" "247"; then
+ MACHINE_ID="uninitialized"
fi
echo "$MACHINE_ID" | sudo tee '${IMAGE_ROOTFS}/etc/machine-id'
sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id'
--
2.35.1
The Default implementation will not trigger the first boot condition.
In case of a writable root file system systemd will enable all
units in /usr/lib/systemd/system with the vendor preset enable.
This will also enable units in /usr/lib/systemd/system which are
disable during the installation like ssh.socket.
This will also enable units in /usr/lib/systemd/system which are
This will not happen in a Debian installation as first boot is
the installation boot as defined by:
"For normal operating system installations, where a custom image
is created for a specific machine, /etc/machine-id should be
populated during installation."
---
meta/classes/image-postproc-extension.bbclass | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
index 4a901cb..7e3b8e0 100644
--- a/meta/classes/image-postproc-extension.bbclass
+++ b/meta/classes/image-postproc-extension.bbclass
@@ -53,15 +53,14 @@ image_postprocess_mark() {
--build-id "${BUILD_ID}" --variant "${DESCRIPTION}" --version "${PV}"
}
+ENABLE_SYSTEMD_FIRST_BOOT ??= "0"
ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_machine_id"
image_postprocess_machine_id() {
- # systemd(1) takes care of recreating the machine-id on first boot
- # for systemd < v247, set to empty string, else set to uninitialized
- # (required if initramfs with ro root is used)
SYSTEMD_VERSION=$( sudo chroot ${IMAGE_ROOTFS} dpkg-query --showformat='${source:Upstream-Version}' --show systemd || echo "0" )
- MACHINE_ID="uninitialized"
- if dpkg --compare-versions "$SYSTEMD_VERSION" "lt" "247"; then
- MACHINE_ID=""
+ MACHINE_ID=""
+ if [ "${ENABLE_SYSTEMD_FIRST_BOOT}" = "1" ] && \
+ dpkg --compare-versions "$SYSTEMD_VERSION" "gt" "247"; then
+ MACHINE_ID="uninitialized"
fi
echo "$MACHINE_ID" | sudo tee '${IMAGE_ROOTFS}/etc/machine-id'
sudo rm -f '${IMAGE_ROOTFS}/var/lib/dbus/machine-id'
--
2.35.1
Gylstorff Quirin
Aug 4, 2023, 7:07:52 AM8/4/23
to isar-...@googlegroups.com, Uladzimir Bely, felix.mo...@siemens.com, jan.k...@siemens.com, ADLER MICHAEL Z003XM1Z
Quirin
Michael Adler
Aug 4, 2023, 7:35:18 AM8/4/23
to Gylstorff Quirin, isar-...@googlegroups.com, Uladzimir Bely, felix.mo...@siemens.com, jan.k...@siemens.com
Hi Quirin,
> In case of a writable root file system systemd will enable all
> units in /usr/lib/systemd/system with the vendor preset enable.
> This will also enable units in /usr/lib/systemd/system which are
> disable during the installation like ssh.socket.
I've stumbled upon the same problem. It took me quite a while to figure out
why systemd services which where explicitly *not* enabled at build time where
somehow still enabled and started on system boot. I did not suspect systemd to
be the culprit! This behavior is unexpected and irritating to say the least.
> The Default implementation will not trigger the first boot condition.
That makes sense. After all, we are fully in control of the root filesystem at
build time. I don't want to deal with surprises at boot time.
Kind Regards,
Michael
--
Michael Adler
Siemens AG
Technology
Connectivity & Edge
Smart Embedded Systems
T CED SES-DE
Otto-Hahn-Ring 6
81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
> In case of a writable root file system systemd will enable all
> units in /usr/lib/systemd/system with the vendor preset enable.
> This will also enable units in /usr/lib/systemd/system which are
> disable during the installation like ssh.socket.
why systemd services which where explicitly *not* enabled at build time where
somehow still enabled and started on system boot. I did not suspect systemd to
be the culprit! This behavior is unexpected and irritating to say the least.
> The Default implementation will not trigger the first boot condition.
build time. I don't want to deal with surprises at boot time.
Kind Regards,
Michael
--
Michael Adler
Siemens AG
Technology
Connectivity & Edge
Smart Embedded Systems
T CED SES-DE
Otto-Hahn-Ring 6
81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
Reply all
Reply to author
Forward
0 new messages