image: setup debugd as a separate systemd unit

This commit is contained in:
Malte Poll 2023-01-20 10:28:09 +01:00 committed by Malte Poll
parent f92a07821e
commit 5eb0b88bd7
3 changed files with 42 additions and 3 deletions

View File

@ -4,11 +4,14 @@ BASE_PATH ?= $(SRC_PATH)
BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper
DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper
UPGRADE_AGENT_BINARY ?= $(BASE_PATH)/../build/upgrade-agent UPGRADE_AGENT_BINARY ?= $(BASE_PATH)/../build/upgrade-agent
DEBUGD_BINARY ?= $(BASE_PATH)/../build/debugd
PKI ?= $(BASE_PATH)/pki PKI ?= $(BASE_PATH)/pki
MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra
IMAGE_VERSION ?= v0.0.0 IMAGE_VERSION ?= v0.0.0
DEBUG ?= false
AUTOLOGIN ?= false AUTOLOGIN ?= false
AUTOLOGIN_ARGS := $(if $(filter true,$(AUTOLOGIN)),--autologin) # set "--autologin" if AUTOLOGIN is true AUTOLOGIN_ARGS := $(if $(filter true,$(AUTOLOGIN)),--autologin) # set "--autologin" if AUTOLOGIN is true
export INSTALL_DEBUGD ?= $(DEBUG)
export CONSOLE_MOTD = $(AUTOLOGIN) export CONSOLE_MOTD = $(AUTOLOGIN)
-include $(CURDIR)/config.mk -include $(CURDIR)/config.mk
csps := aws qemu gcp azure csps := aws qemu gcp azure
@ -36,7 +39,12 @@ prebuilt/rpms/azure/%.rpm:
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm @curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) $(AUTOLOGIN_ARGS) --environment=CONSOLE_MOTD build mkosi --config mkosi.files/mkosi.$*.conf \
--image-version=$(IMAGE_VERSION) \
$(AUTOLOGIN_ARGS) \
--environment=INSTALL_DEBUGD \
--environment=CONSOLE_MOTD \
build
secure-boot/signed-shim.sh $@ secure-boot/signed-shim.sh $@
@if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \ @if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \
chown -R $(SUDO_UID):$(SUDO_GID) mkosi.output.$*; \ chown -R $(SUDO_UID):$(SUDO_GID) mkosi.output.$*; \
@ -46,9 +54,15 @@ mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-
inject-bins: $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_GCP) inject-bins: $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_GCP)
mkdir -p $(MKOSI_EXTRA)/usr/bin mkdir -p $(MKOSI_EXTRA)/usr/bin
mkdir -p $(MKOSI_EXTRA)/usr/sbin mkdir -p $(MKOSI_EXTRA)/usr/sbin
cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper
cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper
if [ "$(DEBUG)" = "true" ]; then \
cp $(DEBUGD_BINARY) $(MKOSI_EXTRA)/usr/bin/debugd; \
rm -f $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
else \
cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
rm -f $(MKOSI_EXTRA)/usr/bin/debugd; \
fi
inject-certs: $(certs) inject-certs: $(certs)
# for auto enrollment using systemd-boot (not working yet) # for auto enrollment using systemd-boot (not working yet)

View File

@ -69,7 +69,7 @@ After that, you can build the image with:
```sh ```sh
# OPTIONAL: to create a debug image, export the following line # OPTIONAL: to create a debug image, export the following line
# export BOOTSTRAPPER_BINARY=$(realpath ${PWD}/../../build/debugd) # export DEBUG=true
# OPTIONAL: to enable the serial console, export the following line # OPTIONAL: to enable the serial console, export the following line
# export AUTOLOGIN=true # export AUTOLOGIN=true
# OPTIONAL: symlink custom path to secure boot PKI to ./pki # OPTIONAL: symlink custom path to secure boot PKI to ./pki

View File

@ -6,3 +6,28 @@ sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
# backport of https://github.com/dracutdevs/dracut/commit/dcbe23c14d13ca335ad327b7bb985071ca442f12 # backport of https://github.com/dracutdevs/dracut/commit/dcbe23c14d13ca335ad327b7bb985071ca442f12
sed -i 's/WantedBy=multi-user.target/WantedBy=basic.target/' /usr/lib/systemd/system/systemd-resolved.service sed -i 's/WantedBy=multi-user.target/WantedBy=basic.target/' /usr/lib/systemd/system/systemd-resolved.service
# write + enable debugd.service if INSTALL_DEBUGD is set
if [[ ${INSTALL_DEBUGD:-false} == "true" ]]; then
cat << EOF > /usr/lib/systemd/system/debugd.service
[Unit]
Description=Constellation Debug Daemon
Wants=network-online.target
After=network-online.target configure-constel-csp.service
[Service]
Type=simple
RemainAfterExit=yes
Restart=on-failure
EnvironmentFile=/run/constellation.env
Environment=PATH=/run/state/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
ExecStart=/usr/bin/debugd
[Install]
WantedBy=multi-user.target
EOF
echo "enable debugd.service" > /usr/lib/systemd/system-preset/31-constellation-debug.preset
systemctl enable debugd.service
# ensure constellation-bootstrapper.service uses downloaded binaries on reboots
sed -i 's#ExecStart=.*#ExecStart=/run/state/bin/bootstrapper#' /usr/lib/systemd/system/constellation-bootstrapper.service
fi