From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 6 Mar 2025 11:18:59 +0000 (+0100)
Subject: Revert 9f4d174daac954aaa9e18ee9bb58c6d7a946ec9d
X-Git-Tag: v26~327
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec2739908365f6e3c863efd6cb0bf2e1e9e39f5f;p=thirdparty%2Fmkosi.git

Revert 9f4d174daac954aaa9e18ee9bb58c6d7a946ec9d

The declarative package pulls in perl which is not ideal, let's
switch back to the previous approach.
---

diff --git a/mkosi/distributions/debian.py b/mkosi/distributions/debian.py
index dfa4413eb..1b09fc457 100644
--- a/mkosi/distributions/debian.py
+++ b/mkosi/distributions/debian.py
@@ -144,13 +144,6 @@ class Installer(DistributionInstaller):
                     f"-oDPkg::Pre-Install-Pkgs::=cat >{workdir(Path(f.name))}",
                     "?essential",
                     "base-files",
-                    # Debian policy is to start daemons by default. The policy-rc.d script can be used choose
-                    # which ones to start. Let's install the necessary packages to deny all daemon startups.
-                    # Instead, systemd presets should be used to decide which daemons are enabled and which
-                    # are not. See https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt for
-                    # more information.
-                    "policy-rcd-declarative",
-                    "policy-rcd-declarative-deny-all",
                 ],
                 options=["--bind", f.name, workdir(Path(f.name))],
             )
diff --git a/mkosi/installer/apt.py b/mkosi/installer/apt.py
index d53bb83bf..becb6d38e 100644
--- a/mkosi/installer/apt.py
+++ b/mkosi/installer/apt.py
@@ -237,8 +237,21 @@ class Apt(PackageManager):
         *,
         apivfs: bool = True,
     ) -> None:
+        # Debian policy is to start daemons by default. The policy-rc.d script can be used choose which ones
+        # to start. Let's install one that denies all daemon startups.
+        # See https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt for more information.
+        # Note: despite writing in /usr/sbin, this file is not shipped by the OS and instead should be
+        # managed by the admin.
+        policyrcd = context.root / "usr/sbin/policy-rc.d"
+        with umask(~0o755):
+            policyrcd.parent.mkdir(parents=True, exist_ok=True)
+        with umask(~0o644):
+            policyrcd.write_text("#!/bin/sh\nexit 101\n")
+
         cls.invoke(context, "install", packages, apivfs=apivfs)
 
+        policyrcd.unlink()
+
         # systemd-gpt-auto-generator is disabled by default in Ubuntu:
         # https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/systemd.links?h=ubuntu/noble-proposed.
         # Let's make sure it is enabled by default in our images.