|
 |
aa0848 |
From c5ec0be7b693e3ac05ea8438ca4ca2e9591db171 Mon Sep 17 00:00:00 2001
|
|
|
aa0848 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
aa0848 |
Date: Wed, 9 Feb 2022 13:59:36 +0100
|
|
|
aa0848 |
Subject: [PATCH] kernel-install: don't try to persist used machine ID locally
|
|
|
aa0848 |
|
|
|
aa0848 |
This reworks the how machine ID used by the boot loader spec snippet
|
|
|
aa0848 |
generation logic. Instead of persisting it automatically to /etc/ we'll
|
|
|
aa0848 |
append it via systemd.machined_id= to the kernel command line, and thus
|
|
|
aa0848 |
persist it in the generated boot loader spec snippets instead. This has
|
|
|
aa0848 |
nice benefits:
|
|
|
aa0848 |
|
|
|
aa0848 |
1. We do not collide with read-only root
|
|
|
aa0848 |
2. The machine ID remains stable across factory reset, so that we can
|
|
|
aa0848 |
safely recognize the path in $BOOT we drop our kernel images in
|
|
|
aa0848 |
again, i.e. kernel updates will work correctly and safely across
|
|
|
aa0848 |
kernel factory resets.
|
|
|
aa0848 |
3. Previously regular systems had different machine IDs while in
|
|
|
aa0848 |
initrd and after booting into the host system. With this change
|
|
|
aa0848 |
they will now have the same.
|
|
|
aa0848 |
|
|
|
aa0848 |
This then drops implicit persisting of KERNEL_INSTALL_MACHINE_ID, as its
|
|
|
aa0848 |
unnecessary then. The field is still honoured though, for compat
|
|
|
aa0848 |
reasons.
|
|
|
aa0848 |
|
|
|
aa0848 |
This also drops the "Default" fallback previously used, as it actually
|
|
|
aa0848 |
is without effect, the randomized ID generation already took precedence
|
|
|
aa0848 |
in all cases. This means $MACHNE_ID/KERNEL_INSTALL_MACHINE_ID are now
|
|
|
aa0848 |
guaranteed to look like a proper machine ID, which is useful for us,
|
|
|
aa0848 |
given you need it that way to be able to pass it to the
|
|
|
aa0848 |
systemd.machine_id= kernel command line option.
|
|
|
aa0848 |
|
|
|
aa0848 |
(cherry picked from commit 11ce3ea2f2219ab9c0700bcf7f8ed4312d80e937)
|
|
|
aa0848 |
|
|
|
aa0848 |
Related: #2065061
|
|
|
aa0848 |
---
|
|
|
aa0848 |
src/kernel-install/90-loaderentry.install | 6 +++++-
|
|
|
aa0848 |
src/kernel-install/kernel-install | 16 +++++++---------
|
|
|
aa0848 |
2 files changed, 12 insertions(+), 10 deletions(-)
|
|
|
aa0848 |
|
|
|
aa0848 |
diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
|
|
|
aa0848 |
index 3edefdefb4..046771169c 100644
|
|
|
aa0848 |
--- a/src/kernel-install/90-loaderentry.install
|
|
|
aa0848 |
+++ b/src/kernel-install/90-loaderentry.install
|
|
|
aa0848 |
@@ -68,7 +68,11 @@ elif [ -r /usr/lib/kernel/cmdline ]; then
|
|
|
aa0848 |
else
|
|
|
aa0848 |
BOOT_OPTIONS="$(tr -s "$IFS" '\n'
|
|
|
aa0848 |
fi
|
|
|
aa0848 |
-BOOT_OPTIONS="${BOOT_OPTIONS% }"
|
|
|
aa0848 |
+
|
|
|
aa0848 |
+# Suffix with the machine ID we use, so that the machine ID remains stable,
|
|
|
aa0848 |
+# even during factory reset, in the initrd (where the system's machine ID is
|
|
|
aa0848 |
+# not directly accessible yet), and if the root file system is volatile.
|
|
|
aa0848 |
+BOOT_OPTIONS="${BOOT_OPTIONS% } systemd.machine_id=$MACHINE_ID"
|
|
|
aa0848 |
|
|
|
aa0848 |
if [ -r /etc/kernel/tries ]; then
|
|
|
aa0848 |
read -r TRIES
|
|
|
aa0848 |
diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
|
|
|
aa0848 |
index 8cfef3208d..e94aa79bc6 100755
|
|
|
aa0848 |
--- a/src/kernel-install/kernel-install
|
|
|
aa0848 |
+++ b/src/kernel-install/kernel-install
|
|
|
aa0848 |
@@ -89,15 +89,13 @@ elif [ -r "/usr/lib/kernel/install.conf" ]; then
|
|
|
aa0848 |
. /usr/lib/kernel/install.conf
|
|
|
aa0848 |
fi
|
|
|
aa0848 |
|
|
|
aa0848 |
-# Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine
|
|
|
aa0848 |
-# ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate
|
|
|
aa0848 |
-# a new machine ID in /etc/machine-info. If that fails, use "Default".
|
|
|
aa0848 |
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
|
|
aa0848 |
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID
|
|
|
aa0848 |
-[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ] && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
|
|
|
aa0848 |
-[ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info
|
|
|
aa0848 |
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
|
|
aa0848 |
-[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
|
|
|
aa0848 |
+# If /etc/machine-id is initialized we'll use it, otherwise we'll use a freshly
|
|
|
aa0848 |
+# generated one. If the user configured an explicit machine ID to use in
|
|
|
aa0848 |
+# /etc/machine-info to use for our purpose, we'll use that instead (for
|
|
|
aa0848 |
+# compatibility).
|
|
|
aa0848 |
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
|
|
aa0848 |
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID
|
|
|
aa0848 |
+[ -z "$MACHINE_ID" ] && MACHINE_ID="$(systemd-id128 new)"
|
|
|
aa0848 |
|
|
|
aa0848 |
[ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
|
|
|
aa0848 |
for pref in "/efi" "/boot" "/boot/efi" ; do
|