[systemd-devel] systemd enables custom service units on firstboot

Martin Petzold martin.petzold at tavla.de
Sat Apr 29 15:47:39 UTC 2023 

Dear Daan,

Am 29.04.23 um 17:43 schrieb Daan De Meyer:
> Systemd does a preset on first boot when there's no machine ID yet. If 
> no preset from a preset file applies, the default is to enable it. 
> Since debian does not ship a 99-disable.preset with disable * in it, 
> all services are enabled on firstboot on Debian.
>
What would you then suggest:

a. Disable every single service unit after copy to the 
/lib/systemd/system location manually?
b. Add a 99-disable.preset file with 'disable *'? (I wonder why Debian 
does not have it and if it then may brake something)

Thanks,

Martin

>
> On Sat, 29 Apr 2023, 17:27 Martin Petzold, <martin.petzold at tavla.de> 
> wrote:
>
>     Dear Paul,
>
>     Am 29.04.23 um 17:13 schrieb Paul Menzel:
>     > Dear Martin,
>     >
>     >
>     > Am 29.04.23 um 16:12 schrieb Martin Petzold:
>     >
>     >> we are building our OS with debootstrap (Debian bullseye). Our
>     image
>     >> shall be flashed on embedded devices. In order to get a unique
>     >> machine-id we removed '/etc/machine-id' as instructed in [1]
>     and also
>     >> removed '/var/lib/dbus/machine-id' as instructed in [2]) from the
>     >> golden image.
>     >>
>     >> After we flash the image and boot it, new machine-ids are
>     created and
>     >> identical.
>     >>
>     >> However, now we realized that some of our systemd service units
>     added
>     >> to '/lib/systemd/system' are enabled and starting on boot. We
>     did not
>     >> enable them, we just copied them to that location at the end of
>     our
>     >> rootfs build. They are just there to be used in some special
>     test cases.
>     >>
>     >> We already checked '/lib/systemd/system-preset/*'. But there is
>     only
>     >> a single file '90-systemd.preset' and there is no rule which
>     matches
>     >> our service units.
>     >>
>     >> 1. Why are our service units placed in '/lib/systemd/system'
>     enabled?
>     > Sorry, you provide not enough information.
>     >
>     > Please provide an example `systemctl status X` and `systemctl
>     cat X`
>     > for service X, that is started but does not. Does that happen
>     with all
>     > services you add?
>     =========================================
>
>     tavla at tavla:~$ sudo systemctl status tavla-test
>
>     × tavla-test.service - TAVLA Platform OS Tester Service
>           Loaded: loaded (/lib/systemd/system/tavla-test.service;
>     enabled;
>     preset: enabled)
>           Active: failed (Result: signal) since Sat 2023-04-29 15:52:12
>     CEST; 17min ago
>          Process: 388 ExecStart=/opt/tavla/bin/test (code=killed,
>     signal=HUP)
>         Main PID: 388 (code=killed, signal=HUP)
>              CPU: 118ms
>
>     Apr 29 15:52:12 tavla systemd[1]: Starting tavla-test.service - TAVLA
>     Platform OS Tester Service...
>     Apr 29 15:52:12 tavla systemd[1]: tavla-test.service: Main process
>     exited, code=killed, status=1/HUP
>     Apr 29 15:52:12 tavla systemd[1]: tavla-test.service: Failed with
>     result
>     'signal'.
>     Apr 29 15:52:12 tavla systemd[1]: Failed to start
>     tavla-test.service -
>     TAVLA Platform OS Tester Service.
>
>     =========================================
>
>     tavla-test.service is 'enabled' (and started), but I never enabled
>     it.
>     It was enabled after I removed machine-id and did a reboot. Before
>     that,
>     it was disabled. The service unit
>     ('/lib/systemd/system/tavla-test.service') was copied to this
>     location
>     during image build after debootstrap and apt installation of systemd.
>
>     Here is the only preset ('90-systemd.preset'):
>
>     =========================================
>
>     enable remote-fs.target
>     enable remote-cryptsetup.target
>     enable machines.target
>
>     enable getty at .service
>     enable systemd-timesyncd.service
>     enable systemd-networkd.service
>     enable systemd-network-generator.service
>     enable systemd-resolved.service
>     enable systemd-homed.service
>     enable systemd-userdbd.socket
>     enable systemd-pstore.service
>     enable systemd-boot-update.service
>
>     disable console-getty.service
>     disable debug-shell.service
>
>     disable halt.target
>     disable kexec.target
>     disable poweroff.target
>     enable reboot.target
>     disable rescue.target
>     disable exit.target
>
>     disable systemd-networkd-wait-online.service
>     disable systemd-time-wait-sync.service
>     disable systemd-boot-check-no-failures.service
>     disable proc-sys-fs-binfmt_misc.mount
>
>     disable syslog.socket
>
>     disable systemd-journal-gatewayd.*
>     disable systemd-journal-remote.*
>     disable systemd-journal-upload.*
>
>     =========================================
>
>     >
>     >> Platform:
>     >>
>     >> systemd 252.5-2~bpo11+1 (from bullseye-backports)
>     >> systemd-resolved and systemd-networkd with iwd (all from
>     >> bullseye-backports)
>     >> Custom Debian bullseye (with some packages from bullseye-backports)
>     >> Custom Kernel 5.10
>     >> U-Boot
>     >>
>     >> [1] https://systemd.io/BUILDING_IMAGES/
>     >> [2] https://wiki.debian.org/MachineId
>
>     Best regards,
>
>     Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230429/45322b2e/attachment-0001.htm>

More information about the systemd-devel mailing list