Hi,

the last upload of src:systemd (251.5-1) enabled firstboot by default on Debian. From debian/changelog:

* Enable firstboot, disabled by default on Debian.
Currently the first-boot conditions are not met by any Debian
image (/etc/machine-id with content uninitialized, so we can
just enable the build and ship it in the main package.
This lets image builders (eg: cloud images) tinker with it.
https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics
(Closes: #844528)

This breaks a number of setups like:

- the sbuild autopkgtest
https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw
- the dropbear autopkgtest
https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz
- autopkgtest-virt-qemu image builders
- the MNT reform image builder
- the mmdebstrap testsuite which builds a qemu system image for its
local tests
- the mmdebstrap jenkins job

The scripts I found that broke will fail because they will idle forever waiting for user input with this message in the boot log:

Welcome to your new installation of Debian GNU/Linux bookworm/sid
Please configure your system!
-- Press any key to proceed --

One possible workaround is to write out an empty /etc/machine-id.

As you can see from the package selection above, this is just the part of the archive I'm interested in. I'm sharing this here so that others doing similar things can get a heads-up hopefully before they sink hours into figuring out why their qemu virtual machine suddenly stalls forever...

Thanks!

cheers, josch
--==============w15245824704095548=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmNCeyMACgkQ8sulx4+9 g+F26A/+OrbAHAvP+xtMH/Y1L8jwIlwypFYqQycTFcAxNEv2th5K9ssV9XicbFWl L6uGF0tqFksaWuqaZ7Q+4hPTb5iMx+cl3isn2y2seFtXbvV8CQF8/MQozEtwrshG 5+CyRhsV7C5MTw0YFZ4HvEYKEAFiyrrVC4v00XyJH6FfXEI869EU8VqtcTiAtDaN KONjiGZf0gmTLjz5+rKOfcN7oco8QXzMHjH/NNkHpS6Gsj6OP8tyha7hKYQIUfuU bXfmMf+zO8f+rtRkivWVNUveprDoSzCJcNXvtovNozwCGGGmpq/0R1tVXXuiGok3 /yXqmeVse6O4yD/eSkjoxkdT64b+rEhnU8jU9XSJ2V16y5/UYC+6T7SnnjLeHaFw x3Brdu+TLXRMIuB8mBZ9oAtiGGNQyaphy4jO1dMTGX5E87OHGVz0dJ/VBhjUw+Ya 2KpiwOLqbGkn7PRdJ8gtpAJjvfoRwn3JY9566mPZ2nI1X5EwY73rGVJKtD8KMv+k WSDIAyTCbKVcDoPo4ElFg+0wk+NmGTIhFt0sp0Ot7G6SsonXHUhhFK2ZLipPvsyk VaHfXWHYRqrzVsknsczGhszLMnANwkxQXznZIPqnZE/jfYK7hHDyCdO9WvjrwW0i SzBKFc1ik1+aXf8jqYAijKNjmBYi18g3DPwUc7x8c7c+LcGJgvY=
=nArV
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Oct 09, 2022 at 09:41:29AM +0200, Johannes Schauer Marin Rodrigues wrote:

This breaks a number of setups like:

- the sbuild autopkgtest
https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw
- the dropbear autopkgtest
https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz
- autopkgtest-virt-qemu image builders
- the MNT reform image builder
- the mmdebstrap testsuite which builds a qemu system image for its
local tests
- the mmdebstrap jenkins job

This is a bug in mmdebstrap:

| open my $fh, '>', "$options->{root}/etc/machine-id"
| or error "failed to open(): $!";
| print $fh "uninitialized\n";
| close $fh;

Bastian

--
The idea of male and female are universal constants.
-- Kirk, "Metamorphosis", stardate 3219.8

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Bastian Blank (2022-10-09 10:24:26)

On Sun, Oct 09, 2022 at 09:41:29AM +0200, Johannes Schauer Marin Rodrigues wrote:

This breaks a number of setups like:

- the sbuild autopkgtest
https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw
- the dropbear autopkgtest
https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz
- autopkgtest-virt-qemu image builders
- the MNT reform image builder
- the mmdebstrap testsuite which builds a qemu system image for its
local tests
- the mmdebstrap jenkins job

This is a bug in mmdebstrap:

| open my $fh, '>', "$options->{root}/etc/machine-id"
| or error "failed to open(): $!";
| print $fh "uninitialized\n";
| close $fh;

Yes, maybe. I saw that you filed #1021478 against mmdebstrap --thanks for that!

If this is a bug in mmdebstrap, then mmdebstrap should do the same thing as debootstrap which is currently being discussed in #1018740 which I see you also commented on.

I do not understand enough about systemd to be able to say whether an empty value or "uninitialized" is the correct default value for tools like debootstrap or mmdebstrap to set. If nobody else chimes in, I'll change mmdebstrap to write the empty string as suggested by Bastian.

Thanks!

cheers, josch
--==============g40866134893672276=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmNCktwACgkQ8sulx4+9 g+HPGxAApkegsFEN+iDeN3mdWOdPwcf8eN6k5MnZEu/sqshLTsi7Z4mX4q2NQvDX uWV/jTuLDpsWsmeHrxRNRxVd4fMQegkWbJc/b4oKXgpnoOsoGrA0bM7X1/Een6Oi /Ybg3MLXH7OCHw57AXJsY+AbUv761R/i23AM2kEms6wOMn9NCwybM6ZzaDGc4n2z Xl3it3qGT0uzP0ewm2NbmlrGj++ndilDoi+EAJnbDzBebB1OpQI5Ld4r3hMkZHX5 VUg6kAtu6KQyjsQXw4wxU4B8ABR1ftGigmVfwWd/EIY+BwBDDYhYzzoG7XLzTYNB 8wgQCCoE2agABUvXFq9B5zMVXL/zyy1edjWrUneVd8tueUcEXiv4cei4fWNDa6Uk hW7CwJMGWd2eaiBH0uwXFhoGjhw47YdSVGmgXDs/F/GyW33qgJLSC6QcXyBJpevQ Amj69wNkMc+vISSw3X68LrqcOU33fA8tXdkRggAigSPZOHnbG3MrCvLobqvp9vuP Y7fV+gWBxzQB1OJPlP+7y9Tfa0Gh50zzG3OhffzefaIPO10wIyS8nkmB34Rc3nSj GwKtnJrvdvjrxmcoa7IY5NRIXYHvmckia2Pp7i2xwp6J5dpRnHIluaZna8FX4BeN pdE4nElQd/ypbihm4KZPZ09ec4MK0IqngI1rKSnrLTCXqtoSZU8=
=5S1W
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Sun, 9 Oct 2022 at 08:41, Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:

the last upload of src:systemd (251.5-1) enabled firstboot by default on Debian. From debian/changelog:

* Enable firstboot, disabled by default on Debian.

I'm confused by the above, one part says "enabled firstboot by default
on Debian" and the other "disabled by default on Debian", which one is
it?

Regards,

--
Samuel Henrique <samueloph>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 9 Oct 2022, 10:23 Johannes Schauer Marin Rodrigues, <
josch@debian.org> wrote:

Quoting Bastian Blank (2022-10-09 10:24:26)

On Sun, Oct 09, 2022 at 09:41:29AM +0200, Johannes Schauer Marin

Rodrigues wrote:

This breaks a number of setups like:

- the sbuild autopkgtest
https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw
- the dropbear autopkgtest

https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz

- autopkgtest-virt-qemu image builders
- the MNT reform image builder
- the mmdebstrap testsuite which builds a qemu system image for its
local tests
- the mmdebstrap jenkins job

This is a bug in mmdebstrap:

| open my $fh, '>', "$options->{root}/etc/machine-id"
| or error "failed to open(): $!";
| print $fh "uninitialized\n";
| close $fh;

Yes, maybe. I saw that you filed #1021478 against mmdebstrap --thanks for that!

If this is a bug in mmdebstrap, then mmdebstrap should do the same thing as debootstrap which is currently being discussed in #1018740 which I see you also
commented on.

I do not understand enough about systemd to be able to say whether an empty value or "uninitialized" is the correct default value for tools like debootstrap or mmdebstrap to set. If nobody else chimes in, I'll change mmdebstrap to write the empty string as suggested by Bastian.

Thanks!

Empty machineid is the right default, we don't support firstboot semantics
in Debian for now (users that want to try it can opt in and change it).



<div dir="auto"><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Sun, 9 Oct 2022, 10:23 Johannes Schauer Marin Rodrigues, &lt;<a href="mailto:josch@debian.org">josch@debian.org</a>&gt; wrote:<br></div><blockquote class="gmail_
quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Bastian Blank (2022-10-09 10:24:26)<br>
&gt; On Sun, Oct 09, 2022 at 09:41:29AM +0200, Johannes Schauer Marin Rodrigues wrote:<br>
&gt; &gt; This breaks a number of setups like:<br>
&gt; &gt; <br>
&gt; &gt;  - the sbuild autopkgtest<br>
&gt; &gt;    <a href="https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw" rel="noreferrer noreferrer" target="_blank">https://salsa.debian.org/debian/sbuild/-/jobs/3353627/raw</a><br>
&gt; &gt;  - the dropbear autopkgtest<br>
&gt; &gt;    <a href="https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz" rel="noreferrer noreferrer" target="_blank">https://ci.debian.net/data/autopkgtest/unstable/amd64/d/dropbear/26716581/log.gz</a><br>
&gt; &gt;  - autopkgtest-virt-qemu image builders<br>
&gt; &gt;  - the MNT reform image builder<br>
&gt; &gt;  - the mmdebstrap testsuite which builds a qemu system image for its<br>
&gt; &gt;    local tests<br>
&gt; &gt;  - the mmdebstrap jenkins job<br>
&gt; <br>
&gt; This is a bug in mmdebstrap:<br>
&gt; <br>
&gt; |             open my $fh, &#39;&gt;&#39;, &quot;$options-&gt;{root}/etc/machine-id&quot;<br>
&gt; |               or error &quot;failed to open(): $!&quot;;<br> &gt; |             print $fh &quot;uninitialized\n&quot;;<br>
&gt; |             close $fh;<br>

Yes, maybe. I saw that you filed #1021478 against mmdebstrap --thanks for that!<br>

If this is a bug in mmdebstrap, then mmdebstrap should do the same thing as<br> debootstrap which is currently being discussed in #1018740 which I see you also<br>
commented on.<br>

I do not understand enough about systemd to be able to say whether an empty<br> value or &quot;uninitialized&quot; is the correct default value for tools like<br>
debootstrap or mmdebstrap to set. If nobody else chimes in, I&#39;ll change<br> mmdebstrap to write the empty string as suggested by Bastian.<br>

Thanks!<br></blockquote></div><div dir="auto"><br></div><div dir="auto">Empty machineid is the right default, we don&#39;t support firstboot semantics in Debian for now (users that want to try it can opt in and change it).</div><div class="gmail_quote"
dir="auto"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 9 Oct 2022, 11:19 Samuel Henrique, <samueloph@debian.org> wrote:

Hi,

On Sun, 9 Oct 2022 at 08:41, Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:

the last upload of src:systemd (251.5-1) enabled firstboot by default on Debian. From debian/changelog:

* Enable firstboot, disabled by default on Debian.

I'm confused by the above, one part says "enabled firstboot by default
on Debian" and the other "disabled by default on Debian", which one is
it?

The binaries and services are available but nothing sets the condition, see https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics



<div dir="auto"><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, 9 Oct 2022, 11:19 Samuel Henrique, &lt;<a href="mailto:samueloph@debian.org">samueloph@debian.org</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>

On Sun, 9 Oct 2022 at 08:41, Johannes Schauer Marin Rodrigues<br>
&lt;<a href="mailto:josch@debian.org" target="_blank" rel="noreferrer">josch@debian.org</a>&gt; wrote:<br>
&gt; the last upload of src:systemd (251.5-1) enabled firstboot by default on<br>
&gt; Debian. From debian/changelog:<br>
&gt;<br>
&gt;   * Enable firstboot, disabled by default on Debian.<br>

I&#39;m confused by the above, one part says &quot;enabled firstboot by default<br>
on Debian&quot; and the other &quot;disabled by default on Debian&quot;, which one is<br>
it?<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">The binaries and services are available but nothing sets the condition, see <a href="https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics">
https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics</a></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote></div></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 9 Oct 2022 at 12:55, Sven Mueller <sven@incase.de> wrote:

Am 09.10.2022 12:20 schrieb Luca Boccassi <luca.boccassi@gmail.com>:

On Sun, 9 Oct 2022, 10:23 Johannes Schauer Marin Rodrigues, <josch@debian.org> wrote:

I do not understand enough about systemd to be able to say whether an empty value or "uninitialized" is the correct default value for tools like debootstrap or mmdebstrap to set. If nobody else chimes in, I'll change mmdebstrap to write the empty string as suggested by Bastian.

Thanks!

Empty machineid is the right default, we don't support firstboot semantics in Debian for now (users that want to try it can opt in and change it).

Two main questions:

1) How can a user meaningfully change this? The only time this is relevant is during initial boot after installation.

Secondly, I know we ran into trouble with an empty (but existing) machine ID file, though I'd have to search for more info when I'm back at work. I seem to recall some issues with actually creating the systemid when the system booted for the first time,

but I'm far from sure. It might have been the semantics: as soon as /etc becomes writeable, systemd tries to commit the generated ID to the file and assumes that this will persist from then on. This is a different from the first boot semantics timing,
where it is only written once the first-boot-complete.target is reached.

Yes, that's how it's supposed to work, and how it already works, no
change here. By users here I meant image builders.

And (2) what exactly are the unsupported first boot semantics you talk about? Simply starting the firstboot service (which is basically a no-op unless you specifically hook into it, from what I understood)?

Side questions:

Who is "we"? The maintainers of specific packages? Debian as a whole? If the latter: seems I missed any discussion of this.

What is the downside of enabling the semantics of ConditionFirstBoot? As mentioned above, I've seen evidence that not doing so might be problematic. Since we modified our installation system to enable it, we haven't seen any issues, neither in physical

nor virtual systems.

If you are doing bootstrapping for a chroot, you are unlikely to actually start systemd there (well, for the use cases I know). If you are bootstrapping for a VM or physical system, you likely want the ability to do some stuff during first boot and can

easily skip doing anything, since you actively would need to hook up into the first boot semantics to use them. (ConditionFirstBoot).

Writing "uninitialized" into machine-id to trigger first boot
behaviour is not a first-class supported feature at this stage, and no
Debian tool does that (AFAIK). Debian's supported workflow is to use
the Debian installer image to get Debian onto a system.

Kind regards,
Luca Boccassi

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)