image: setup debugd as a separate systemd unit

image/Makefile

@@ -4,11 +4,14 @@ BASE_PATH                        ?= $(SRC_PATH)
 BOOTSTRAPPER_BINARY              ?= $(BASE_PATH)/../build/bootstrapper
 DISK_MAPPER_BINARY               ?= $(BASE_PATH)/../build/disk-mapper
 UPGRADE_AGENT_BINARY             ?= $(BASE_PATH)/../build/upgrade-agent
+DEBUGD_BINARY                    ?= $(BASE_PATH)/../build/debugd
 PKI                              ?= $(BASE_PATH)/pki
 MKOSI_EXTRA                      ?= $(BASE_PATH)/mkosi.extra
 IMAGE_VERSION                    ?= v0.0.0
+DEBUG                            ?= false
 AUTOLOGIN                        ?= false
 AUTOLOGIN_ARGS                   := $(if $(filter true,$(AUTOLOGIN)),--autologin) # set "--autologin" if AUTOLOGIN is true
+export INSTALL_DEBUGD			 ?= $(DEBUG)
 export CONSOLE_MOTD = $(AUTOLOGIN)
 -include $(CURDIR)/config.mk
 csps := aws qemu gcp azure
@@ -36,7 +39,12 @@ prebuilt/rpms/azure/%.rpm:
 	@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
 
 mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
-	mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) $(AUTOLOGIN_ARGS) --environment=CONSOLE_MOTD build
+	mkosi --config mkosi.files/mkosi.$*.conf \
+		--image-version=$(IMAGE_VERSION) \
+		$(AUTOLOGIN_ARGS) \
+		--environment=INSTALL_DEBUGD \
+		--environment=CONSOLE_MOTD \
+		build
 	secure-boot/signed-shim.sh $@
 	@if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \
 		chown -R $(SUDO_UID):$(SUDO_GID) mkosi.output.$*; \
@@ -46,9 +54,15 @@ mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-
 inject-bins: $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_GCP)
 	mkdir -p $(MKOSI_EXTRA)/usr/bin
 	mkdir -p $(MKOSI_EXTRA)/usr/sbin
-	cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper
 	cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
 	cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper
+	if [ "$(DEBUG)" = "true" ]; then \
+		cp $(DEBUGD_BINARY) $(MKOSI_EXTRA)/usr/bin/debugd; \
+		rm -f $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
+	else \
+		cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
+		rm -f $(MKOSI_EXTRA)/usr/bin/debugd; \
+	fi
 
 inject-certs: $(certs)
 	# for auto enrollment using systemd-boot (not working yet)

image/README.md

@@ -69,7 +69,7 @@ After that, you can build the image with:
 
 ```sh
 # OPTIONAL: to create a debug image, export the following line
-# export BOOTSTRAPPER_BINARY=$(realpath ${PWD}/../../build/debugd)
+# export DEBUG=true
 # OPTIONAL: to enable the serial console, export the following line
 # export AUTOLOGIN=true
 # OPTIONAL: symlink custom path to secure boot PKI to ./pki

image/mkosi.prepare

@@ -6,3 +6,28 @@ sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
 
 # backport of https://github.com/dracutdevs/dracut/commit/dcbe23c14d13ca335ad327b7bb985071ca442f12
 sed -i 's/WantedBy=multi-user.target/WantedBy=basic.target/' /usr/lib/systemd/system/systemd-resolved.service
+
+# write  + enable debugd.service if INSTALL_DEBUGD is set
+if [[ ${INSTALL_DEBUGD:-false} == "true" ]]; then
+  cat << EOF > /usr/lib/systemd/system/debugd.service
+[Unit]
+Description=Constellation Debug Daemon
+Wants=network-online.target
+After=network-online.target configure-constel-csp.service
+
+[Service]
+Type=simple
+RemainAfterExit=yes
+Restart=on-failure
+EnvironmentFile=/run/constellation.env
+Environment=PATH=/run/state/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+ExecStart=/usr/bin/debugd
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  echo "enable debugd.service" > /usr/lib/systemd/system-preset/31-constellation-debug.preset
+  systemctl enable debugd.service
+  # ensure constellation-bootstrapper.service uses downloaded binaries on reboots
+  sed -i 's#ExecStart=.*#ExecStart=/run/state/bin/bootstrapper#' /usr/lib/systemd/system/constellation-bootstrapper.service
+fi