On Tue, Sep 22, 2015 at 2:35 PM, David Herrmann <[email protected]> wrote: > Hi > > On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreau <[email protected]> > wrote: >> On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann <[email protected]> >> wrote: >>> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau <[email protected]> >>> wrote: >> [...] >>>> >>>> Well during package installation done by the installer, some packages, >>>> usually the ones that installs daemons/services, populates >>>> /etc/shadow. >>>> >>>> On Archlinux, after creating a minimal rootfs, shadow file is containing: >>>> >>>> bin:x:14871:::::: >>>> daemon:x:14871:::::: >>>> mail:x:14871:::::: >>>> ftp:x:14871:::::: >>>> http:x:14871:::::: >>>> uuidd:x:14871:::::: >>>> dbus:x:14871:::::: >>>> nobody:x:14871:::::: >>>> systemd-journal-gateway:x:14871:::::: >>>> systemd-timesync:x:14871:::::: >>>> systemd-network:x:14871:::::: >>>> systemd-bus-proxy:x:14871:::::: >>> >>> Then "fix" the installer? These entries look like no-ops to me. We >>> assume that if the installer touches /etc, then it can as well prompt >>> for a root-password. If you want to make use of firstboot, we >>> recommend to adopt an "empty /etc" installer. >> >> That's not about the installer, it's about packages and I suspect that >> very few are ready to run without /etc. > > Ok, then fix those packages. > >> And then if it's really the case, I think the man page of >> systemd-firstboot should be fixed because it never mentions the words >> "stateless" or "empty", which is quite fundamental in the design of >> firstboot then. >> >>> >>> If we support looking for "root" in shadow files and prompt if >>> non-present, we start supporting legacy setups where /etc is >>> half-populated. We don't want that. Either go full legacy and make >>> your installer prompt for everything, or go "empty /etc" and firstboot >>> will take over. >>> >> >> What you're calling legacy systems are actually *all* systems >> available out there: I don't think there's a actually a lot of >> packages which are prepared to do that. > > We fix the packages we care about. I encourage everyone to do the > same. All upstream systemd can do is provide a guideline. > >>>>> >>>>>> BTW, I don't know if recovering when /etc/ has been deleted is >>>>>> possible even if systemd-firstboot will restore a couple of conf >>>>>> files... >>>>> >>>>> Depending on your distribution, it is. >>>> >>>> Just out of curiosity, which distros are supposed to support that ? >>> >>> I can trash /etc on Archlinux and boot it as a container just fine. It >>> doesn't work as a full system, yet. >> >> Sure but what's your point ? your container is running no service at >> all, so it's pretty useless. > > Why? You can store static configuration in /usr just fine. The point > is to get rid of _runtime_ configuration in /etc that can be modified.
You mean here put runtime configuration in /etc. don't you ? > Instead, you should ship vendor configuration via /usr (or > /usr/factory if packages are broken), and make it *read-only*. > The condition to run systemd-firstboot.service is ConditionFirstBoot=yes which means /etc/machine-id should not exist. But that's different from /etc/ should be empty. Also the man page doesnt mention the need of an emtpy /etc or a stateless system. I can understand your point of systemd-firstboot is for stateless systems, but again this should be documented. Thanks. -- Francis _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
