systemd: Default to non-stateless images

When creating images, for anything other than the explicitly stateless
case, touch /etc/machine-id so that the images can be booted without an
initramfs and with `ro` set on the kernel command line, otherwise system
refuses to start:

  [    7.222134] systemd[1]: No hostname configured.
  [    7.227266] systemd[1]: Set hostname to <localhost>.
  [    7.232622] systemd[1]: System cannot boot: Missing /etc/machine-id and /etc is mounted read-only.
  [    7.241750] systemd[1]: Booting up is supported only when:
  [    7.247362] systemd[1]: 1) /etc/machine-id exists and is populated.
  [    7.253752] systemd[1]: 2) /etc/machine-id exists and is empty.
  [    7.259757] systemd[1]: 3) /etc/machine-id is missing and /etc is writable.

If IMAGE_FEATURES includes `stateless-rootfs` then systemctl-native is
not run on the image leaving the image for population at runtime by
systemd.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index a23403c0827a6b6263de463629786b7ec3bcbd0a..d2b2fb979e5fe8c3c7d0c559ba914e0d545ae1a2 100644 (file)
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -33,7 +33,7 @@ INHIBIT_DEFAULT_DEPS = "1"
 # IMAGE_FEATURES may contain any available package group
 IMAGE_FEATURES ?= ""
 IMAGE_FEATURES[type] = "list"
-IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs empty-root-password allow-empty-password allow-root-login post-install-logging"
+IMAGE_FEATURES[validitems] += "debug-tweaks read-only-rootfs stateless-rootfs empty-root-password allow-empty-password allow-root-login post-install-logging"
 
 # Generate companion debugfs?
 IMAGE_GEN_DEBUGFS ?= "0"
@@ -665,12 +665,11 @@ reproducible_final_image_task () {
     fi
 }
 
-IMAGE_EXTRADEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-systemctl-native', '', d)}"
-
 systemd_preset_all () {
-       systemctl --root="${IMAGE_ROOTFS}" --preset-mode=enable-only preset-all
+    systemctl --root="${IMAGE_ROOTFS}" --preset-mode=enable-only preset-all
 }
 
-IMAGE_PREPROCESS_COMMAND_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd_preset_all;', '', d)} reproducible_final_image_task; "
+IMAGE_EXTRADEPENDS += "${@ 'systemd-systemctl-native' if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else ''}"
+IMAGE_PREPROCESS_COMMAND_append = " ${@ 'systemd_preset_all;' if bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d) and not bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else ''} reproducible_final_image_task; "
 
 CVE_PRODUCT = ""

diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index d7d4e0d29a097d30d6a59e5ba7dc0acad5c40853..7fdaf8ce03d99e675bf70e1e51b400510018d078 100755 (executable)
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -241,6 +241,15 @@ def preset_all(root):
         if state == "enable" or state is None:
             enable(root, service, location, services)
 
+    # If we populate the systemd links we also create /etc/machine-id, which
+    # allows systemd to boot with the filesystem read-only before generating
+    # a real value and then committing it back.
+    #
+    # For the stateless configuration, where /etc is generated at runtime
+    # (for example on a tmpfs), this script shouldn't run at all and we
+    # allow systemd to completely populate /etc.
+    (root / SYSCONFDIR / "machine-id").touch()
+
 
 def mask(root, *services):
     systemdir = root / SYSCONFDIR / "systemd" / "system"