Description
It'd be useful for auditing purposes for us to emit journal messages on at least the first time a particular deployment is booted, including substantial metadata (basically at least all the image stuff: pull spec, digest, version, etc.).
We might as well also do this as part of ostree-finalize-staged.service. Today these services run C code from libostree which is unaware of the container bits, so to fix this we could either patch that code to be aware of the container refs (or call into ostree container commands if available, i.e. we put the logic in ostree-ext?). But this conflicts a bit with us doing the podman pull backend, so instead we could add units here (triggered by our new generator?) that "hook" ostree-boot-complete.service and ostree-finalize-staged.service via drop-ins say.
Activity