Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread David Herrmann 
Hi

On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau  wrote:
> Hello,
>
> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann  wrote:
>> Hi
>>
>> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau  
>> wrote:
>>> Hi,
>>>
>>> I find odd that systemd-firstboot skips root password init if
>>> /etc/shadow exists because AFAICS this file is always part of a
>>> minimal rootfs after being setup by an installer. Indeed it's
>>> populated during package installation.
>>>
>>> So I can't see a case where systemd-firstboot would prompt for a root 
>>> password.
>>
>> If an installer ships a shadow file, then we expect the installer to
>> populate it. The firstboot tool will recover situations where you
>> deleted /etc entirely (eg., factory reset).
>
> From the man page " systemd-firstboot initializes the most basic
> system settings interactively on the first boot, or optionally
> non-interactively when a system image is created."
>
> And when a system image is created, usually root password won't be set
> but it's *very* unlikely that /etc/shadow will be missing. That's the
> reason why I don't think its going to work in real life.

Why would an installer create an empty shadow file?

> BTW, I don't know if recovering when /etc/ has been deleted is
> possible even if systemd-firstboot will restore a couple of conf
> files...

Depending on your distribution, it is.

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread Francis Moreau 
Hello,

On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann  wrote:
> Hi
>
> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau  
> wrote:
>> Hi,
>>
>> I find odd that systemd-firstboot skips root password init if
>> /etc/shadow exists because AFAICS this file is always part of a
>> minimal rootfs after being setup by an installer. Indeed it's
>> populated during package installation.
>>
>> So I can't see a case where systemd-firstboot would prompt for a root 
>> password.
>
> If an installer ships a shadow file, then we expect the installer to
> populate it. The firstboot tool will recover situations where you
> deleted /etc entirely (eg., factory reset).

From the man page " systemd-firstboot initializes the most basic
system settings interactively on the first boot, or optionally
non-interactively when a system image is created."

And when a system image is created, usually root password won't be set
but it's *very* unlikely that /etc/shadow will be missing. That's the
reason why I don't think its going to work in real life.

BTW, I don't know if recovering when /etc/ has been deleted is
possible even if systemd-firstboot will restore a couple of conf
files...

Thanks.
-- 
Francis
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread Francis Moreau 
On Tue, Sep 22, 2015 at 11:16 AM, David Herrmann  wrote:
> Hi
>
> On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau  
> wrote:
>> Hello,
>>
>> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann  
>> wrote:
>>> Hi
>>>
>>> On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau  
>>> wrote:
 Hi,

 I find odd that systemd-firstboot skips root password init if
 /etc/shadow exists because AFAICS this file is always part of a
 minimal rootfs after being setup by an installer. Indeed it's
 populated during package installation.

 So I can't see a case where systemd-firstboot would prompt for a root 
 password.
>>>
>>> If an installer ships a shadow file, then we expect the installer to
>>> populate it. The firstboot tool will recover situations where you
>>> deleted /etc entirely (eg., factory reset).
>>
>> From the man page " systemd-firstboot initializes the most basic
>> system settings interactively on the first boot, or optionally
>> non-interactively when a system image is created."
>>
>> And when a system image is created, usually root password won't be set
>> but it's *very* unlikely that /etc/shadow will be missing. That's the
>> reason why I don't think its going to work in real life.
>
> Why would an installer create an empty shadow file?

Well during package installation done by the installer, some packages,
usually the ones that installs daemons/services, populates
/etc/shadow.

On Archlinux, after creating a minimal rootfs, shadow file is containing:

bin:x:14871::
daemon:x:14871::
mail:x:14871::
ftp:x:14871::
http:x:14871::
uuidd:x:14871::
dbus:x:14871::
nobody:x:14871::
systemd-journal-gateway:x:14871::
systemd-timesync:x:14871::
systemd-network:x:14871::
systemd-bus-proxy:x:14871::


>
>> BTW, I don't know if recovering when /etc/ has been deleted is
>> possible even if systemd-firstboot will restore a couple of conf
>> files...
>
> Depending on your distribution, it is.

Just out of curiosity, which distros are supposed to support that ?

Thanks
-- 
Francis
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread David Herrmann 
Hi

On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau  wrote:
> On Tue, Sep 22, 2015 at 11:16 AM, David Herrmann  
> wrote:
>> Hi
>>
>> On Tue, Sep 22, 2015 at 11:07 AM, Francis Moreau  
>> wrote:
>>> Hello,
>>>
>>> On Mon, Sep 21, 2015 at 7:45 PM, David Herrmann  
>>> wrote:
 Hi

 On Fri, Sep 18, 2015 at 6:31 PM, Francis Moreau  
 wrote:
> Hi,
>
> I find odd that systemd-firstboot skips root password init if
> /etc/shadow exists because AFAICS this file is always part of a
> minimal rootfs after being setup by an installer. Indeed it's
> populated during package installation.
>
> So I can't see a case where systemd-firstboot would prompt for a root 
> password.

 If an installer ships a shadow file, then we expect the installer to
 populate it. The firstboot tool will recover situations where you
 deleted /etc entirely (eg., factory reset).
>>>
>>> From the man page " systemd-firstboot initializes the most basic
>>> system settings interactively on the first boot, or optionally
>>> non-interactively when a system image is created."
>>>
>>> And when a system image is created, usually root password won't be set
>>> but it's *very* unlikely that /etc/shadow will be missing. That's the
>>> reason why I don't think its going to work in real life.
>>
>> Why would an installer create an empty shadow file?
>
> Well during package installation done by the installer, some packages,
> usually the ones that installs daemons/services, populates
> /etc/shadow.
>
> On Archlinux, after creating a minimal rootfs, shadow file is containing:
>
> bin:x:14871::
> daemon:x:14871::
> mail:x:14871::
> ftp:x:14871::
> http:x:14871::
> uuidd:x:14871::
> dbus:x:14871::
> nobody:x:14871::
> systemd-journal-gateway:x:14871::
> systemd-timesync:x:14871::
> systemd-network:x:14871::
> systemd-bus-proxy:x:14871::

Then "fix" the installer? These entries look like no-ops to me. We
assume that if the installer touches /etc, then it can as well prompt
for a root-password. If you want to make use of firstboot, we
recommend to adopt an "empty /etc" installer.

If we support looking for "root" in shadow files and prompt if
non-present, we start supporting legacy setups where /etc is
half-populated. We don't want that. Either go full legacy and make
your installer prompt for everything, or go "empty /etc" and firstboot
will take over.

>>
>>> BTW, I don't know if recovering when /etc/ has been deleted is
>>> possible even if systemd-firstboot will restore a couple of conf
>>> files...
>>
>> Depending on your distribution, it is.
>
> Just out of curiosity, which distros are supposed to support that ?

I can trash /etc on Archlinux and boot it as a container just fine. It
doesn't work as a full system, yet. Not all packages have adopted
empty /etc support.

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread Francis Moreau 
On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann  wrote:
> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau  
> wrote:
[...]
>>
>> Well during package installation done by the installer, some packages,
>> usually the ones that installs daemons/services, populates
>> /etc/shadow.
>>
>> On Archlinux, after creating a minimal rootfs, shadow file is containing:
>>
>> bin:x:14871::
>> daemon:x:14871::
>> mail:x:14871::
>> ftp:x:14871::
>> http:x:14871::
>> uuidd:x:14871::
>> dbus:x:14871::
>> nobody:x:14871::
>> systemd-journal-gateway:x:14871::
>> systemd-timesync:x:14871::
>> systemd-network:x:14871::
>> systemd-bus-proxy:x:14871::
>
> Then "fix" the installer? These entries look like no-ops to me. We
> assume that if the installer touches /etc, then it can as well prompt
> for a root-password. If you want to make use of firstboot, we
> recommend to adopt an "empty /etc" installer.

That's not about the installer, it's about packages and I suspect that
very few are ready to run without /etc.

And then if it's really the case, I think the man page of
systemd-firstboot should be fixed because it never mentions the words
"stateless" or "empty", which is quite fundamental in the design of
firstboot then.

>
> If we support looking for "root" in shadow files and prompt if
> non-present, we start supporting legacy setups where /etc is
> half-populated. We don't want that. Either go full legacy and make
> your installer prompt for everything, or go "empty /etc" and firstboot
> will take over.
>

What you're calling legacy systems are actually *all* systems
available out there: I don't think there's a actually a lot of
packages which are prepared to do that.

>>>
 BTW, I don't know if recovering when /etc/ has been deleted is
 possible even if systemd-firstboot will restore a couple of conf
 files...
>>>
>>> Depending on your distribution, it is.
>>
>> Just out of curiosity, which distros are supposed to support that ?
>
> I can trash /etc on Archlinux and boot it as a container just fine. It
> doesn't work as a full system, yet.

Sure but what's your point ? your container is running no service at
all, so it's pretty useless.

> Not all packages have adopted empty /etc support.

You meant almost none of them ?

Thanks
-- 
Francis
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread David Herrmann 
Hi

On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreau  wrote:
> On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann  
> wrote:
>> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau  
>> wrote:
> [...]
>>>
>>> Well during package installation done by the installer, some packages,
>>> usually the ones that installs daemons/services, populates
>>> /etc/shadow.
>>>
>>> On Archlinux, after creating a minimal rootfs, shadow file is containing:
>>>
>>> bin:x:14871::
>>> daemon:x:14871::
>>> mail:x:14871::
>>> ftp:x:14871::
>>> http:x:14871::
>>> uuidd:x:14871::
>>> dbus:x:14871::
>>> nobody:x:14871::
>>> systemd-journal-gateway:x:14871::
>>> systemd-timesync:x:14871::
>>> systemd-network:x:14871::
>>> systemd-bus-proxy:x:14871::
>>
>> Then "fix" the installer? These entries look like no-ops to me. We
>> assume that if the installer touches /etc, then it can as well prompt
>> for a root-password. If you want to make use of firstboot, we
>> recommend to adopt an "empty /etc" installer.
>
> That's not about the installer, it's about packages and I suspect that
> very few are ready to run without /etc.

Ok, then fix those packages.

> And then if it's really the case, I think the man page of
> systemd-firstboot should be fixed because it never mentions the words
> "stateless" or "empty", which is quite fundamental in the design of
> firstboot then.
>
>>
>> If we support looking for "root" in shadow files and prompt if
>> non-present, we start supporting legacy setups where /etc is
>> half-populated. We don't want that. Either go full legacy and make
>> your installer prompt for everything, or go "empty /etc" and firstboot
>> will take over.
>>
>
> What you're calling legacy systems are actually *all* systems
> available out there: I don't think there's a actually a lot of
> packages which are prepared to do that.

We fix the packages we care about. I encourage everyone to do the
same. All upstream systemd can do is provide a guideline.


> BTW, I don't know if recovering when /etc/ has been deleted is
> possible even if systemd-firstboot will restore a couple of conf
> files...

 Depending on your distribution, it is.
>>>
>>> Just out of curiosity, which distros are supposed to support that ?
>>
>> I can trash /etc on Archlinux and boot it as a container just fine. It
>> doesn't work as a full system, yet.
>
> Sure but what's your point ? your container is running no service at
> all, so it's pretty useless.

Why? You can store static configuration in /usr just fine. The point
is to get rid of _runtime_ configuration in /etc that can be modified.
Instead, you should ship vendor configuration via /usr (or
/usr/factory if packages are broken), and make it *read-only*.

>> Not all packages have adopted empty /etc support.
>
> You meant almost none of them ?

No.

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-22 Thread Francis Moreau 
On Tue, Sep 22, 2015 at 2:35 PM, David Herrmann  wrote:
> Hi
>
> On Tue, Sep 22, 2015 at 2:26 PM, Francis Moreau  
> wrote:
>> On Tue, Sep 22, 2015 at 12:19 PM, David Herrmann  
>> wrote:
>>> On Tue, Sep 22, 2015 at 11:59 AM, Francis Moreau  
>>> wrote:
>> [...]

 Well during package installation done by the installer, some packages,
 usually the ones that installs daemons/services, populates
 /etc/shadow.

 On Archlinux, after creating a minimal rootfs, shadow file is containing:

 bin:x:14871::
 daemon:x:14871::
 mail:x:14871::
 ftp:x:14871::
 http:x:14871::
 uuidd:x:14871::
 dbus:x:14871::
 nobody:x:14871::
 systemd-journal-gateway:x:14871::
 systemd-timesync:x:14871::
 systemd-network:x:14871::
 systemd-bus-proxy:x:14871::
>>>
>>> Then "fix" the installer? These entries look like no-ops to me. We
>>> assume that if the installer touches /etc, then it can as well prompt
>>> for a root-password. If you want to make use of firstboot, we
>>> recommend to adopt an "empty /etc" installer.
>>
>> That's not about the installer, it's about packages and I suspect that
>> very few are ready to run without /etc.
>
> Ok, then fix those packages.
>
>> And then if it's really the case, I think the man page of
>> systemd-firstboot should be fixed because it never mentions the words
>> "stateless" or "empty", which is quite fundamental in the design of
>> firstboot then.
>>
>>>
>>> If we support looking for "root" in shadow files and prompt if
>>> non-present, we start supporting legacy setups where /etc is
>>> half-populated. We don't want that. Either go full legacy and make
>>> your installer prompt for everything, or go "empty /etc" and firstboot
>>> will take over.
>>>
>>
>> What you're calling legacy systems are actually *all* systems
>> available out there: I don't think there's a actually a lot of
>> packages which are prepared to do that.
>
> We fix the packages we care about. I encourage everyone to do the
> same. All upstream systemd can do is provide a guideline.
>
>
>> BTW, I don't know if recovering when /etc/ has been deleted is
>> possible even if systemd-firstboot will restore a couple of conf
>> files...
>
> Depending on your distribution, it is.

 Just out of curiosity, which distros are supposed to support that ?
>>>
>>> I can trash /etc on Archlinux and boot it as a container just fine. It
>>> doesn't work as a full system, yet.
>>
>> Sure but what's your point ? your container is running no service at
>> all, so it's pretty useless.
>
> Why? You can store static configuration in /usr just fine. The point
> is to get rid of _runtime_ configuration in /etc that can be modified.

You mean here put runtime configuration in /etc. don't you ?

> Instead, you should ship vendor configuration via /usr (or
> /usr/factory if packages are broken), and make it *read-only*.
>

The condition to run systemd-firstboot.service is
ConditionFirstBoot=yes which means /etc/machine-id should not exist.
But that's different from /etc/ should be empty.

Also the man page doesnt mention the need of an emtpy /etc or a
stateless system.

I can understand your point of systemd-firstboot is for stateless
systems, but again this should be documented.

Thanks.
-- 
Francis
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] systemd-firstboot skip root password initialisation if /etc/shadow is present

2015-09-18 Thread Francis Moreau 
Hi,

I find odd that systemd-firstboot skips root password init if
/etc/shadow exists because AFAICS this file is always part of a
minimal rootfs after being setup by an installer. Indeed it's
populated during package installation.

So I can't see a case where systemd-firstboot would prompt for a root password.

Thanks.
-- 
Francis
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel