From 9ab78ad1097a8ee3cc04416bd8749acad0cfcf8e Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 25 May 2024 01:45:07 +0900 Subject: [PATCH 1/3] machine-id-setup: use isempty() instead of empty_or_root() This effectively reverts ba540e9f1c29b430ac916918410c27171d14ab95. https://github.com/systemd/systemd/pull/32915#discussion_r1608258136 > In many cases we allow --root=/ as a mechanism for forcing an "offline" mode, > while still operating on the root dir. if we do the getenv_for_pid() thing > below I'd claim this is very much an "online" operation, and hence --root=/ > should really disable that. --- src/shared/machine-id-setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index 48ee2dd306..66d2f300df 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -57,7 +57,7 @@ static int acquire_machine_id(const char *root, sd_id128_t *ret) { /* First, try reading the machine ID from /run/machine-id, which may not be mounted on * /etc/machine-id yet. This is important on switching root, Otherwise, machine ID may be changed * after the transition. */ - if (empty_or_root(root) && running_in_chroot() <= 0 && + if (isempty(root) && running_in_chroot() <= 0 && id128_read("/run/machine-id", ID128_FORMAT_PLAIN, ret) >= 0) { log_info("Reusing machine ID stored in /run/machine-id."); return 1; /* Indicate that the machine ID is reused. */ @@ -70,7 +70,7 @@ static int acquire_machine_id(const char *root, sd_id128_t *ret) { return 0; } - if (empty_or_root(root) && running_in_chroot() <= 0) { + if (isempty(root) && running_in_chroot() <= 0) { /* Let's use a system credential for the machine ID if we can */ if (acquire_machine_id_from_credential(ret) >= 0) return 0; From 4c42df8166387578b3dbe72256e949b801c071d7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 25 May 2024 02:01:53 +0900 Subject: [PATCH 2/3] man: update machine-id-setup(1) - mention that /run/machine-id is used if exist. - mention system.machine_id credential, - credential, VM uuid, and container uuid are not read when --root= is specified or running in a chroot environment. --- man/systemd-machine-id-setup.xml | 33 +++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml index 8ece65eacc..bb53cc7069 100644 --- a/man/systemd-machine-id-setup.xml +++ b/man/systemd-machine-id-setup.xml @@ -43,24 +43,31 @@ ID will be acquired in the following fashion: - If a valid D-Bus machine ID is already - configured for the system, the D-Bus machine ID is copied and - used to initialize the machine ID in - /etc/machine-id. + If a valid machine ID is stored in /run/machine-id, the machine ID + is copied and used to initialize the machine ID in /etc/machine-id. This step is + skipped if is specified or running in a chroot environment. - If run inside a KVM virtual machine and a UUID - is configured (via the - option), this UUID is used to initialize the machine ID. The - caller must ensure that the UUID passed is sufficiently unique - and is different for every booted instance of the - VM. + If a valid D-Bus machine ID is already configured for the system, the D-Bus machine ID + is copied and used to initialize the machine ID in /etc/machine-id. + + + If a valid machine ID is provided through credential, + the machine ID is copied and used to initialize the machine ID in /etc/machine-id. + This step is skipped if is specified or running in a chroot environment. + + + If run inside a KVM virtual machine and a UUID is configured (via the + option), this UUID is used to initialize the machine ID. The caller must ensure + that the UUID passed is sufficiently unique and is different for every booted instance of the VM. This + step is skipped if is specified or running in a chroot environment. + Similarly, if run inside a Linux container environment and a UUID is configured for the container, this is used to initialize the machine ID. For details, see the documentation of the Container Interface. + url="https://systemd.io/CONTAINER_INTERFACE">Container Interface. This step is skipped if + is specified or running in a chroot environment. - Otherwise, a new ID is randomly - generated. + Otherwise, a new ID is randomly generated. The switch may be used to commit a From d2a11fd3ff5d558292f111b5c28439acdb92ceec Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 25 May 2024 01:47:23 +0900 Subject: [PATCH 3/3] machine-id-setup: update comment If an initrd has an empty or uninitialized /etc/machine-id file, then PID1 write a valid machine ID. So, the logic is important only on soft-reboot. Let's mention that explicitly. Follow-up for 16718dcf78a90faf8c5f53d7bf63e3575bc78be7. --- src/shared/machine-id-setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/shared/machine-id-setup.c b/src/shared/machine-id-setup.c index 66d2f300df..1a63794756 100644 --- a/src/shared/machine-id-setup.c +++ b/src/shared/machine-id-setup.c @@ -55,8 +55,8 @@ static int acquire_machine_id(const char *root, sd_id128_t *ret) { assert(ret); /* First, try reading the machine ID from /run/machine-id, which may not be mounted on - * /etc/machine-id yet. This is important on switching root, Otherwise, machine ID may be changed - * after the transition. */ + * /etc/machine-id yet. This is important on switching root especially on soft-reboot, Otherwise, + * machine ID may be changed after the transition. */ if (isempty(root) && running_in_chroot() <= 0 && id128_read("/run/machine-id", ID128_FORMAT_PLAIN, ret) >= 0) { log_info("Reusing machine ID stored in /run/machine-id.");