gistfile1.txt

FROM quay.io/centos-bootc/fedora-bootc:eln

COPY rpmbuild/RPMS/x86_64/flightctl-agent-0.0.1-1.el9.x86_64.rpm /tmp/

COPY flightctl_rsa.pub /usr/etc-system/root.keys
RUN touch /etc/ssh/sshd_config.d/30-auth-system.conf; \
    mkdir -p /usr/etc-system/; \
    echo 'AuthorizedKeysFile /usr/etc-system/%u.keys' >> /etc/ssh/sshd_config.d/30-auth-system.conf; \
    chmod 0600 /usr/etc-system/root.keys
VOLUME /var/roothome

COPY .flightctl/config.yaml /etc/flightctl/
COPY .flightctl/certs/ca.crt /etc/flightctl
COPY .flightctl/certs/client-enrollment.* /etc/flightctl/

RUN rpm-ostree install -y /tmp/flightctl-agent-0.0.1-1.el9.x86_64.rpm
RUN ln -s /usr/lib/systemd/system/flightctl-agent.service /etc/systemd/system/multi-user.target.wants/
RUN ln -s /usr/lib/systemd/system/podman.service /etc/systemd/system/multi-user.target.wants/
RUN systemctl enable podman.service && \
    systemctl enable flightctl-agent.service && \
    ostree container commit

RUN ln -s /usr/lib/systemd/system/flightctl-agent.service /etc/systemd/system/multi-user.target.wants/

https://github.com/coreos/layering-examples/blob/5755f366c7d163cead6253211a726b760577a5cd/inject-go-binary/Containerfile#L13
is a better best practice for static systemd units right now; notably it puts the enablement under /usr and not /etc.

That said I think what you're doing here should still work...what result are you seeing? Is the service just not starting on boot?

RUN ln -s /usr/lib/systemd/system/podman.service /etc/systemd/system/multi-user.target.wants/

I think you should enable podman.socket instead...the service is activated by the socket.

Thanks for the tip @cgwalters. I was suspecting a problem with /etc and ostree. Let me try the symlink to /usr anyways.

Yes, after building the container image, I convert it to qcow2 using the image-builder-bootc project, and both services (podman and flightctl-agent which is my own app) are disabled on boot. Let me report back in a bit!

ok, symlinks to /usr/lib seem to work now. Thanks for the tip.