Three fixes discovered during end-to-end boot testing on Firecracker:
- Install udev + dbus alongside systemd. Both are Recommends of the
systemd package, skipped by --no-install-recommends. Without udev,
systemd never activates device units (dev-vdb.device stays inactive
even after the kernel enumerates /dev/vdb) and the work-disk mount
hangs forever. dbus is required by a growing set of services
(logind, systemd-resolved shim, etc.).
- Ship /usr/lib/tmpfiles.d/sshd.conf creating /run/sshd. Debian's
openssh-server package doesn't ship one, and ssh.service's own
RuntimeDirectory=sshd fires too late for the ExecStartPre config
check, which blows up with 'Missing privilege separation directory'.
The tmpfiles entry runs in systemd-tmpfiles-setup.service well
before ssh.service starts.
- Rewrite the ssh.service drop-in to reset the main unit's
ExecStartPre list. Debian ships `sshd -t` as ExecStartPre #1; that
fails without host keys and terminates the service before our
`ssh-keygen -A` fires. Reset + re-add in the correct order: mkdir,
keygen, then the test.
StandardOutput/Error=journal+console on ssh.service so future sshd
failures surface in the firecracker console log too, not only in the
(unreachable) guest journal.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Thales Maciel
49c5c862b2