Skip to content

Commit

Permalink
[Endless] units: Do not enable systemd-boot-random-seed.service
Browse files Browse the repository at this point in the history 
This service stores a random-seed in the ESP so it can be passed to the
kernel by systemd-boot on the next boot, to seed the kernel's entropy
pool. This unit is only active if a boot loader fully supporting the
Boot Loader Specificiation is detected (via a LoaderFeatures EFI var),
which currently is only true for Endless PAYG images, which use
systemd-boot instead of GRUB. This random seed is stored in
/boot/loader/random-seed, with /boot/loader being created if it does not
exist.

The problem here is that in our systemd-boot + OSTree setup on PAYG
images we need /boot/loader to be a symbolic link pointing to either
/boot/loader.1 or /boot/loader.0 (OSTree requirement) living in the ESP
(systemd-boot requirement) which is FAT32 (UEFI spec) and does not
support symlinks. To solve that we implemented a fake symlink as a file
in /boot/loader.lnk containing the path that should be the /boot/loader
target, and taught OSTree about it, giving higher precedence to the real
/boot/loader in case it exists. So if systemd-boot-random-seed.service
creates /boot/loader, most OSTree operations break, because the entries/
directory is not found.

Let's disable this service here to avoid that problem. This unit is
enabled by the build system at install time instead of using the more
traditional approach of having a [Install] section and using systemctl
and the preset system, so we have to disable it in units/meson.build.

There is also an accompanying commit in the packaging branch that
removes the installation of the symbolic link in
sysinit.target.wants/systemd-boot-random-seed.service.

Note: According to NEWS [1], old "systemd-boot-system-token.service" is
renamed as "systemd-boot-random-seed.service".

[1]: https://github.com/systemd/systemd-stable/blob/v254.9/NEWS#L1019-L1022

https://phabricator.endlessm.com/T29475
https://phabricator.endlessm.com/T35070
  • Loading branch information
@jprvita @starnight
jprvita authored and starnight committed Mar 19, 2024
1 parent 691d795 commit d2c1ced
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion units/meson.build
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,6 @@ units = [
{
'file' : 'systemd-boot-random-seed.service',
'conditions' : ['ENABLE_BOOTLOADER'],
'symlinks' : ['sysinit.target.wants/'],
},
{
'file' : 'systemd-boot-update.service',
Expand Down

0 comments on commit d2c1ced

Please sign in to comment.