Hi On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreau <[email protected]> wrote: > On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann <[email protected]> > wrote: >> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau <[email protected]> >> wrote: > [...] >>> >>> Well during package installation done by the installer, some packages, >>> usually the ones that installs daemons/services, populates >>> /etc/shadow. >>> >>> On Archlinux, after creating a minimal rootfs, shadow file is containing: >>> >>> bin:x:14871:::::: >>> daemon:x:14871:::::: >>> mail:x:14871:::::: >>> ftp:x:14871:::::: >>> http:x:14871:::::: >>> uuidd:x:14871:::::: >>> dbus:x:14871:::::: >>> nobody:x:14871:::::: >>> systemd-journal-gateway:x:14871:::::: >>> systemd-timesync:x:14871:::::: >>> systemd-network:x:14871:::::: >>> systemd-bus-proxy:x:14871:::::: >> >> Then "fix" the installer? These entries look like no-ops to me. We >> assume that if the installer touches /etc, then it can as well prompt >> for a root-password. If you want to make use of firstboot, we >> recommend to adopt an "empty /etc" installer. > > That's not about the installer, it's about packages and I suspect that > very few are ready to run without /etc.
Ok, then fix those packages. > And then if it's really the case, I think the man page of > systemd-firstboot should be fixed because it never mentions the words > "stateless" or "empty", which is quite fundamental in the design of > firstboot then. > >> >> If we support looking for "root" in shadow files and prompt if >> non-present, we start supporting legacy setups where /etc is >> half-populated. We don't want that. Either go full legacy and make >> your installer prompt for everything, or go "empty /etc" and firstboot >> will take over. >> > > What you're calling legacy systems are actually *all* systems > available out there: I don't think there's a actually a lot of > packages which are prepared to do that. We fix the packages we care about. I encourage everyone to do the same. All upstream systemd can do is provide a guideline. >>>> >>>>> BTW, I don't know if recovering when /etc/ has been deleted is >>>>> possible even if systemd-firstboot will restore a couple of conf >>>>> files... >>>> >>>> Depending on your distribution, it is. >>> >>> Just out of curiosity, which distros are supposed to support that ? >> >> I can trash /etc on Archlinux and boot it as a container just fine. It >> doesn't work as a full system, yet. > > Sure but what's your point ? your container is running no service at > all, so it's pretty useless. Why? You can store static configuration in /usr just fine. The point is to get rid of _runtime_ configuration in /etc that can be modified. Instead, you should ship vendor configuration via /usr (or /usr/factory if packages are broken), and make it *read-only*. >> Not all packages have adopted empty /etc support. > > You meant almost none of them ? No. Thanks David _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
