From: Lennart Poettering Date: Thu, 11 Mar 2021 16:49:18 +0000 (+0100) Subject: man: document in nspawn docs how to make use of the new firstboot/sysusers features X-Git-Tag: v249-rc1~507^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6ab6199a2e8cbda64fe2574af572b8800da48bd;p=thirdparty%2Fsystemd.git man: document in nspawn docs how to make use of the new firstboot/sysusers features --- diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 6a27bab1e30..c4732507df0 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -1487,7 +1487,31 @@ After=sys-subsystem-net-devices-ens1.device In order to embed binary data into the credential data for use C-style escaping (i.e. \n to embed a newline, or \x00 to embed a NUL byte. Note that the invoking shell might already apply unescaping - once, hence this might require double escaping!). + once, hence this might require double escaping!). + + The + systemd-sysusers.service8 + and + systemd-firstboot1 + services read credentials configured this way for the purpose of configuring the container's root + user's password and shell, as well as system locale, keymap and timezone during the first boot + process of the container. This is particularly useful in combination with + where every single boot appears as first boot, since configuration + applied to /etc/ is lost on container reboot cycles. See the respective man + pages for details. Example: + + # systemd-nspawn -i image.raw \ + --volatile=yes \ + --set-credential=firstboot.locale:de_DE.UTF-8 \ + --set-credential=passwd.hashed-password.root:'$y$j9T$yAuRJu1o5HioZAGDYPU5d.$F64ni6J2y2nNQve90M/p0ZP0ECP/qqzipNyaY9fjGpC' \ + -b + + The above command line will invoke the specified image file image.raw in + volatile mode, i.e with an empty /etc/ and /var/, so that + the container's payload recognizes this as first boot condition, and will invoke + systemd-firstboot.service, which then read the two passed credentials to + configure the system's initial locale and root password. +