Skip to content

ephemeral: Use SMBIOS credentials for systemd units #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 3, 2025
Merged

ephemeral: Use SMBIOS credentials for systemd units #107

merged 2 commits into from
Nov 3, 2025

Conversation

@cgwalters
Copy link
Collaborator

@cgwalters cgwalters commented Oct 30, 2025

Clean up systemd credentials handling

Create a new credentials module that consolidates systemd credential
injection functionality.

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters walters@verbum.org

ephemeral: Use SMBIOS credentials for systemd units

Fix ephemeral mode to use SMBIOS credentials (systemd.extra-unit.*) instead
of writing systemd units directly to /run/source-image/etc/systemd/system/.
This addresses ConditionFirstBoot issues on Fedora CoreOS where directly
written units trigger systemd preset cleanup.

The libvirt mode already uses SMBIOS credentials successfully. This change
aligns ephemeral mode with that proven approach.

Fixes: #106

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters walters@verbum.org

@cgwalters
Clean up systemd credentials handling
3fd4098 
Create a new credentials module that consolidates systemd credential
injection functionality.

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 30, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request is a significant improvement, refactoring the ephemeral mode to use SMBIOS credentials for systemd units instead of writing them to the guest filesystem. This aligns it with the libvirt mode and addresses potential issues with ConditionFirstBoot. The consolidation of logic into a new credentials module is also a great step for maintainability. The changes are well-executed and align with the PR's goals. I have one minor suggestion to improve code clarity.

@cgwalters cgwalters mentioned this pull request Oct 30, 2025
Merged
@cgwalters cgwalters force-pushed the extra-unit-ephemeral branch from cc495a9 to af46809 Compare October 30, 2025 14:28
@HuijingHei
Copy link

HuijingHei commented Oct 30, 2025

Cool, to-disk works now, will do more testing about image tomorrow, thank you for the quickly fixing!
$ bcvk to-disk --format=qcow2 --disk-size 20G --filesystem xfs localhost/test:latest fcos.qcow2

@cgwalters cgwalters enabled auto-merge (rebase) October 30, 2025 15:05
HuijingHei
HuijingHei approved these changes Oct 30, 2025
View reviewed changes
Copy link

@HuijingHei HuijingHei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cgwalters
Copy link
Collaborator Author

cgwalters commented Oct 30, 2025

OK this doesn't work on stream9 because there's no support for systemd.extra-unit.* there...in ephemeral we have "choices", from appending to the initramfs or arbitrarily adding a new generator into /usr/lib/systemd/system-generator...there might be something else I'm missing.

@cgwalters
ephemeral: Use SMBIOS credentials for systemd units
3f1e614 
Fix ephemeral mode to use SMBIOS credentials (systemd.extra-unit.*) instead
of writing systemd units directly to `/run/source-image/etc/systemd/system/`.
This addresses ConditionFirstBoot issues on Fedora CoreOS where directly
written units trigger systemd preset cleanup.

The libvirt mode already uses SMBIOS credentials successfully. This change
aligns ephemeral mode with that proven approach.

Fixes: bootc-dev#106

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters cgwalters force-pushed the extra-unit-ephemeral branch from af46809 to 3f1e614 Compare October 30, 2025 22:07
@cgwalters
Copy link
Collaborator Author

cgwalters commented Oct 30, 2025

Well I just hacked it for now in to-disk

This was referenced Oct 31, 2025
Open
Draft
@cgwalters cgwalters merged commit e0a14a6 into bootc-dev:main Nov 3, 2025
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeckersb jeckersb jeckersb approved these changes

+2 more reviewers

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

@HuijingHei HuijingHei HuijingHei approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ephemeral: change systemd units to handle ConditionFirstBoot

3 participants

@cgwalters @HuijingHei @jeckersb