[v2,10/14] package/systemd: invoke systemd-tmpfilesd on final image

Especially for read-only filesystems it is helpfull to
pre-create all folders for non-volatile paths.

This needs to run under fakeroot to allow setting
uids/gids/perms for the target fs.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/systemd/systemd.mk | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

I wonder how that would work with lines that contain %b (boot id)
and %m (machine-id)
my educated guest would be that it would create files with the host's
boot-id/machine-id. Thus leaking the host's information. This is not
good, especially the machine-id of the host which is confidential
information (not crypto-grade, but still shouldn't be leaked)

if systemd-tmpile supports that correctly (maybe skipping all %b %m
when --root is used) it's all fine. But I don't remember seeing that.

does it ?

Cheers
Jeremy


Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a écrit :

> Especially for read-only filesystems it is helpfull to
> pre-create all folders for non-volatile paths.
>
> This needs to run under fakeroot to allow setting
> uids/gids/perms for the target fs.
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/systemd/systemd.mk | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index e117e3a082..cb0278f3b7 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
>  endif
>  SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
>
> +define SYSTEMD_CREATE_TMPFILES_HOOK
> +       $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create
> --boot \
> +               $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp)
> || :
> +endef
> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
> +
>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>
> @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \
>         -Dvconsole=false \
>         -Dquotacheck=false \
>         -Dsysusers=false \
> -       -Dtmpfiles=false \
> +       -Dtmpfiles=true \
>         -Dimportd=false \
>         -Dhwdb=false \
>         -Drfkill=false \
> --
> 2.27.0
>
>

Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <
jeremy.rosen@smile.fr>:

> I wonder how that would work with lines that contain %b (boot id)
> and %m (machine-id)
> my educated guest would be that it would create files with the host's
> boot-id/machine-id. Thus leaking the host's information. This is not
> good, especially the machine-id of the host which is confidential
> information (not crypto-grade, but still shouldn't be leaked)
>

> if systemd-tmpile supports that correctly (maybe skipping all %b %m
> when --root is used) it's all fine. But I don't remember seeing that.
>
> does it ?
>

The default config files don't create files with machine-id, and %b is not
replaced at all AFAIR.
But I believe you are right that systemd-tmpfiles picks up the host
machine-id and would replace it.
Good catch, need to check.


>
> Cheers
> Jeremy
>
>
> Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a
> écrit :
>
>> Especially for read-only filesystems it is helpfull to
>> pre-create all folders for non-volatile paths.
>>
>> This needs to run under fakeroot to allow setting
>> uids/gids/perms for the target fs.
>>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> ---
>>  package/systemd/systemd.mk | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>> index e117e3a082..cb0278f3b7 100644
>> --- a/package/systemd/systemd.mk
>> +++ b/package/systemd/systemd.mk
>> @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
>>  endif
>>  SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
>>
>> +define SYSTEMD_CREATE_TMPFILES_HOOK
>> +       $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create
>> --boot \
>> +               $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp)
>> || :
>> +endef
>> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
>> +
>>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>>
>> @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \
>>         -Dvconsole=false \
>>         -Dquotacheck=false \
>>         -Dsysusers=false \
>> -       -Dtmpfiles=false \
>> +       -Dtmpfiles=true \
>>         -Dimportd=false \
>>         -Dhwdb=false \
>>         -Drfkill=false \
>> --
>> 2.27.0
>>
>>
>
> --
> [image: SMILE]  <http://www.smile.eu/>
>
> 20 rue des Jardins
> 92600 Asnières-sur-Seine
> *Jérémy ROSEN*
> Architecte technique
>
> [image: email] jeremy.rosen@smile.fr
> [image: phone]  +33 6 88 25 87 42
> [image: url] http://www.smile.eu
>
> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
> <https://www.facebook.com/smileopensource> [image: LinkedIn]
> <https://www.linkedin.com/company/smile> [image: Github]
> <https://github.com/Smile-SA>
>
> [image: Découvrez l’univers Smile, rendez-vous sur smile.eu]
> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>

On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote:

>
>
> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <
> jeremy.rosen@smile.fr>:
>
>> I wonder how that would work with lines that contain %b (boot id)
>> and %m (machine-id)
>> my educated guest would be that it would create files with the host's
>> boot-id/machine-id. Thus leaking the host's information. This is not
>> good, especially the machine-id of the host which is confidential
>> information (not crypto-grade, but still shouldn't be leaked)
>>
>
>> if systemd-tmpile supports that correctly (maybe skipping all %b %m
>> when --root is used) it's all fine. But I don't remember seeing that.
>>
>> does it ?
>>
>
> The default config files don't create files with machine-id, and %b is not
> replaced at all AFAIR.
> But I believe you are right that systemd-tmpfiles picks up the host
> machine-id and would replace it.
> Good catch, need to check.
>


>  FYI, this issue is being worked on:
> https://github.com/systemd/systemd/pull/16187
>


>
>> Cheers
>> Jeremy
>>
>>
>> Le lun. 15 juin 2020 à 09:21, Norbert Lange <nolange79@gmail.com> a
>> écrit :
>>
>>> Especially for read-only filesystems it is helpfull to
>>> pre-create all folders for non-volatile paths.
>>>
>>> This needs to run under fakeroot to allow setting
>>> uids/gids/perms for the target fs.
>>>
>>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>>> ---
>>>  package/systemd/systemd.mk | 8 +++++++-
>>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
>>> index e117e3a082..cb0278f3b7 100644
>>> --- a/package/systemd/systemd.mk
>>> +++ b/package/systemd/systemd.mk
>>> @@ -599,6 +599,12 @@ SYSTEMD_TARGET_FINALIZE_HOOKS += PURGE_LOCALES
>>>  endif
>>>  SYSTEMD_TARGET_FINALIZE_HOOKS += SYSTEMD_UPDATE_CATALOGS
>>>
>>> +define SYSTEMD_CREATE_TMPFILES_HOOK
>>> +       $(HOST_DIR)/bin/systemd-tmpfiles --root=$(TARGET_DIR) --create
>>> --boot \
>>> +               $(addprefix --exclude-prefix=/,dev mnt proc run sys tmp)
>>> || :
>>> +endef
>>> +SYSTEMD_ROOTFS_PRE_CMD_HOOKS += SYSTEMD_CREATE_TMPFILES_HOOK
>>> +
>>>  SYSTEMD_CONF_ENV = $(HOST_UTF8_LOCALE_ENV)
>>>  SYSTEMD_NINJA_ENV = $(HOST_UTF8_LOCALE_ENV)
>>>
>>> @@ -652,7 +658,7 @@ HOST_SYSTEMD_CONF_OPTS = \
>>>         -Dvconsole=false \
>>>         -Dquotacheck=false \
>>>         -Dsysusers=false \
>>> -       -Dtmpfiles=false \
>>> +       -Dtmpfiles=true \
>>>         -Dimportd=false \
>>>         -Dhwdb=false \
>>>         -Drfkill=false \
>>> --
>>> 2.27.0
>>>
>>>
>>
>> --
>> [image: SMILE]  <http://www.smile.eu/>
>>
>> 20 rue des Jardins
>> 92600 Asnières-sur-Seine
>> *Jérémy ROSEN*
>> Architecte technique
>>
>> [image: email] jeremy.rosen@smile.fr
>> [image: phone]  +33 6 88 25 87 42
>> [image: url] http://www.smile.eu
>>
>> [image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
>> <https://www.facebook.com/smileopensource> [image: LinkedIn]
>> <https://www.linkedin.com/company/smile> [image: Github]
>> <https://github.com/Smile-SA>
>>
>> [image: Découvrez l’univers Smile, rendez-vous sur smile.eu]
>> <https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
>>
>

Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>:

>
>
> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote:
>
>>
>>
>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <
>> jeremy.rosen@smile.fr>:
>>
>>> I wonder how that would work with lines that contain %b (boot id)
>>> and %m (machine-id)
>>> my educated guest would be that it would create files with the host's
>>> boot-id/machine-id. Thus leaking the host's information. This is not
>>> good, especially the machine-id of the host which is confidential
>>> information (not crypto-grade, but still shouldn't be leaked)
>>>
>>
>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m
>>> when --root is used) it's all fine. But I don't remember seeing that.
>>>
>>> does it ?
>>>
>>
>> The default config files don't create files with machine-id, and %b is
>> not replaced at all AFAIR.
>> But I believe you are right that systemd-tmpfiles picks up the host
>> machine-id and would replace it.
>> Good catch, need to check.
>>
>
>
>>  FYI, this issue is being worked on:
>> https://github.com/systemd/systemd/pull/16187
>>
>
That PR is from a guy with an username matching my initials. Weird ;)

I seem to be unable to get simple questions about the how unanswered (until
pushes that raises issues that I wanted to solve before spending time
coding, testing and adhering to coding guidelines).

Now I am thinking, that maybe a small separate tool supporting the
systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup
functionality" might get done faster and might allow the config to be used.

I'm not motivated to face this head on for a while, at any rate.

Norbert

On Mon, Sep 28, 2020 at 12:00 PM Norbert Lange <nolange79@gmail.com> wrote:
>
>
>
> Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>:
>>
>>
>>
>> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com> wrote:
>>>
>>>
>>>
>>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
>>>>
>>>> I wonder how that would work with lines that contain %b (boot id)
>>>> and %m (machine-id)
>>>> my educated guest would be that it would create files with the host's
>>>> boot-id/machine-id. Thus leaking the host's information. This is not
>>>> good, especially the machine-id of the host which is confidential
>>>> information (not crypto-grade, but still shouldn't be leaked)
>>>>
>>>>
>>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m
>>>> when --root is used) it's all fine. But I don't remember seeing that.
>>>>
>>>> does it ?
>>>
>>>
>>> The default config files don't create files with machine-id, and %b is not replaced at all AFAIR.
>>> But I believe you are right that systemd-tmpfiles picks up the host machine-id and would replace it.
>>> Good catch, need to check.
>>
>>
>>>
>>>  FYI, this issue is being worked on:
>>> https://github.com/systemd/systemd/pull/16187
>
>
> That PR is from a guy with an username matching my initials. Weird ;)
>
Crazy coincidence!

> I seem to be unable to get simple questions about the how unanswered (until pushes that raises issues that I wanted to solve before spending time coding, testing and adhering to coding guidelines).
>
> Now I am thinking, that maybe a small separate tool supporting the systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup functionality" might get done faster and might allow the config to be used.
>
> I'm not motivated to face this head on for a while, at any rate.
>
To be fair, I did test your PR (updated to work with 246.5) and it
works perfectly. It's a shame it's so difficult to get Pottering
to respond to these things.


Adam
> Norbert

Agreed, he seems to have trouble grasping the embedded use-case...
(I am monitoring this PR too...)

The only thing I can say is "Hang on there, Norbert" these kind of things
take an unfortunate amount of time, but the systemd project tends to not
forget patches... even after a long time asleep.

Le lun. 28 sept. 2020 à 22:27, Adam Duskett <aduskett@gmail.com> a écrit :

> On Mon, Sep 28, 2020 at 12:00 PM Norbert Lange <nolange79@gmail.com>
> wrote:
> >
> >
> >
> > Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett@gmail.com>:
> >>
> >>
> >>
> >> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79@gmail.com>
> wrote:
> >>>
> >>>
> >>>
> >>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <
> jeremy.rosen@smile.fr>:
> >>>>
> >>>> I wonder how that would work with lines that contain %b (boot id)
> >>>> and %m (machine-id)
> >>>> my educated guest would be that it would create files with the host's
> >>>> boot-id/machine-id. Thus leaking the host's information. This is not
> >>>> good, especially the machine-id of the host which is confidential
> >>>> information (not crypto-grade, but still shouldn't be leaked)
> >>>>
> >>>>
> >>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m
> >>>> when --root is used) it's all fine. But I don't remember seeing that.
> >>>>
> >>>> does it ?
> >>>
> >>>
> >>> The default config files don't create files with machine-id, and %b is
> not replaced at all AFAIR.
> >>> But I believe you are right that systemd-tmpfiles picks up the host
> machine-id and would replace it.
> >>> Good catch, need to check.
> >>
> >>
> >>>
> >>>  FYI, this issue is being worked on:
> >>> https://github.com/systemd/systemd/pull/16187
> >
> >
> > That PR is from a guy with an username matching my initials. Weird ;)
> >
> Crazy coincidence!
>
> > I seem to be unable to get simple questions about the how unanswered
> (until pushes that raises issues that I wanted to solve before spending
> time coding, testing and adhering to coding guidelines).
> >
> > Now I am thinking, that maybe a small separate tool supporting the
> systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup
> functionality" might get done faster and might allow the config to be used.
> >
> > I'm not motivated to face this head on for a while, at any rate.
> >
> To be fair, I did test your PR (updated to work with 246.5) and it
> works perfectly. It's a shame it's so difficult to get Pottering
> to respond to these things.
>
>
> Adam
> > Norbert
>