functions: proper cloud-init.service full unit override in etc

System override drop-ins cannot redact dependencies (Before or After) and
thus require a full unit override. Avoid writing the unit file delivered
by cloud-init deb package in /lib/systemd/system/cloud-init.service because
it will generate warnings fron debsums -c about modified files.

The correct place to provide a full unit override is in
/etc/systemd/system/cloud-init.service in order to drop
Before=sysinit.target from the packaged cloud-init.service file.

Note vigilance will be needed across cloud-init SRU boundaries to ensure
we sync any cloud-init.service unit changes that are introduced to
stable releases because livecd-rootfs is overriding the whole file.

LP: #2069391

live-build/functions

@@ -1044,35 +1044,42 @@ EOF
         # any previous 50-cloud-init.yaml will be rendered inert.
 
         # Position cloud-init.service After=NetworkManager.service.
-        # (LP: #2008952).
+        # (LP: #2008952. Drop-in systemd files cannot redact existing
-        # We override the entire cloud-init.service definition because
+        # dependencies (Before= or After=). So, replace the entire unit
-        # systemd drop-in files only allow adding Before/After constraints
+        # with an override in /etc/systemd/system/cloud-init.service.
-        # yet we are dropping the Before=sysinit.target from the upstream
+        # Avoid issues reported by debsums (LP: #2069391) by not overwriting
-        # cloud-init.service.
+        # unit files delivered by the cloud-init deb.
+        # This drop-in will need to track any changes introduced by cloud-init
+        # SRUs which alter the cloud-init.service unit values.
         # This override can be dropped when NetworkManager.service can run
         # Before=sysinit.target when it drops strict dbus.service dependency.
-        cat <<EOF > chroot/lib/systemd/system/cloud-init.service
+        mkdir -p chroot/etc/systemd/system/
+        cat <<EOF > chroot/etc/systemd/system/cloud-init.service
 ${AUTOMATION_HEADER}
-# Based on cloud-init 23.1 for Desktop LiveCD
+# Based on cloud-init 24.2 for Desktop LiveCD
+# Redact sysinit.target from Before, add After=NetworkManager*.service
+# (LP: #2008952)
 [Unit]
-Description=Initial cloud-init job (metadata service crawler)
+# https://cloudinit.readthedocs.io/en/latest/explanation/boot.html
+Description=Cloud-init: Network Stage
 DefaultDependencies=no
 Wants=cloud-init-local.service
 Wants=sshd-keygen.service
 Wants=sshd.service
 After=cloud-init-local.service
 After=systemd-networkd-wait-online.service
-# Installer Added After=NetworkManager* ordering
-After=NetworkManager.service
-After=NetworkManager-wait-online.service
 After=networking.service
+After=NetworkManager.service NetworkManager-wait-online.service
 Before=network-online.target
 Before=sshd-keygen.service
 Before=sshd.service
-# Before=sysinit.target  Installer removed to allow for NM dependency
+Before=systemd-user-sessions.service
+# Before=sysinit.target Redacted due to NetworkManager.service dbus depends
 Before=shutdown.target
 Conflicts=shutdown.target
-Before=systemd-user-sessions.service
+ConditionPathExists=!/etc/cloud/cloud-init.disabled
+ConditionKernelCommandLine=!cloud-init=disabled
+ConditionEnvironment=!KERNEL_CMDLINE=cloud-init=disabled
 
 [Service]
 Type=oneshot