docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images

author Lennart Poettering <lennart@poettering.net>

Fri, 22 Apr 2022 13:00:48 +0000 (15:00 +0200)

committer Luca Boccassi <luca.boccassi@gmail.com>

Fri, 22 Apr 2022 14:51:50 +0000 (16:51 +0200)
author Lennart Poettering <lennart@poettering.net>
Fri, 22 Apr 2022 13:00:48 +0000 (15:00 +0200)
committer Luca Boccassi <luca.boccassi@gmail.com>
Fri, 22 Apr 2022 14:51:50 +0000 (16:51 +0200)
diff --git a/docs/BUILDING_IMAGES.md b/docs/BUILDING_IMAGES.md

index 268c8cdb3972f5ce561346d22b9baaa3b5dfbfa6..878f38f2e6935e6e21fa7d30021f37019b1ea0cf 100644 (file)
--- a/docs/BUILDING_IMAGES.md
+++ b/docs/BUILDING_IMAGES.md
@@ -53,6 +53,15 @@ boot. For that it's essential to:
     [`/etc/machine-info`](https://www.freedesktop.org/software/systemd/man/machine-info.html)
     which carry additional identifying information about the OS image.
  
+5. Remove `/var/lib/systemd/credential.secret` which is used for protecting
+   service credentials, see
+   [`systemd.exec(5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Credentials)
+   and
+   [`systemd-creds(1)`](https://www.freedesktop.org/software/systemd/man/systemd-creds.html)
+   for details. Note that by removing this file access to previously encrypted
+   credentials from this image is lost. The file is automatically generated if
+   a new credential is encrypted and the file does not exist yet.
+
  ## Boot Menu Entry Identifiers
  
  The
author	Lennart Poettering <lennart@poettering.net>
	Fri, 22 Apr 2022 13:00:48 +0000 (15:00 +0200)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 22 Apr 2022 14:51:50 +0000 (16:51 +0200)