594167
From 7738d7793bc83421536f9962c794633006613725 Mon Sep 17 00:00:00 2001
aa0848
From: Lennart Poettering <lennart@poettering.net>
aa0848
Date: Wed, 9 Feb 2022 13:59:36 +0100
aa0848
Subject: [PATCH] kernel-install: don't try to persist used machine ID locally
aa0848
aa0848
This reworks the how machine ID used by the boot loader spec snippet
aa0848
generation logic. Instead of persisting it automatically to /etc/ we'll
aa0848
append it via systemd.machined_id= to the kernel command line, and thus
aa0848
persist it in the generated boot loader spec snippets instead. This has
aa0848
nice benefits:
aa0848
aa0848
  1. We do not collide with read-only root
aa0848
  2. The machine ID remains stable across factory reset, so that we can
aa0848
     safely recognize the path in $BOOT we drop our kernel images in
aa0848
     again, i.e. kernel updates will work correctly and safely across
aa0848
     kernel factory resets.
aa0848
  3. Previously regular systems had different machine IDs while in
aa0848
     initrd and after booting into the host system. With this change
aa0848
     they will now have the same.
aa0848
aa0848
This then drops implicit persisting of KERNEL_INSTALL_MACHINE_ID, as its
aa0848
unnecessary then. The field is still honoured though, for compat
aa0848
reasons.
aa0848
aa0848
This also drops the "Default" fallback previously used, as it actually
aa0848
is without effect, the randomized ID generation already took precedence
aa0848
in all cases. This means $MACHNE_ID/KERNEL_INSTALL_MACHINE_ID are now
aa0848
guaranteed to look like a proper machine ID, which is useful for us,
aa0848
given you need it that way to be able to pass it to the
aa0848
systemd.machine_id= kernel command line option.
aa0848
aa0848
(cherry picked from commit 11ce3ea2f2219ab9c0700bcf7f8ed4312d80e937)
aa0848
aa0848
Related: #2065061
aa0848
---
aa0848
 src/kernel-install/90-loaderentry.install |  6 +++++-
aa0848
 src/kernel-install/kernel-install         | 16 +++++++---------
aa0848
 2 files changed, 12 insertions(+), 10 deletions(-)
aa0848
aa0848
diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
aa0848
index 3edefdefb4..046771169c 100644
aa0848
--- a/src/kernel-install/90-loaderentry.install
aa0848
+++ b/src/kernel-install/90-loaderentry.install
aa0848
@@ -68,7 +68,11 @@ elif [ -r /usr/lib/kernel/cmdline ]; then
aa0848
 else
aa0848
     BOOT_OPTIONS="$(tr -s "$IFS" '\n' 
aa0848
 fi
aa0848
-BOOT_OPTIONS="${BOOT_OPTIONS% }"
aa0848
+
aa0848
+# Suffix with the machine ID we use, so that the machine ID remains stable,
aa0848
+# even during factory reset, in the initrd (where the system's machine ID is
aa0848
+# not directly accessible yet), and if the root file system is volatile.
aa0848
+BOOT_OPTIONS="${BOOT_OPTIONS% } systemd.machine_id=$MACHINE_ID"
aa0848
 
aa0848
 if [ -r /etc/kernel/tries ]; then
aa0848
     read -r TRIES 
aa0848
diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
aa0848
index 8cfef3208d..e94aa79bc6 100755
aa0848
--- a/src/kernel-install/kernel-install
aa0848
+++ b/src/kernel-install/kernel-install
aa0848
@@ -89,15 +89,13 @@ elif [ -r "/usr/lib/kernel/install.conf" ]; then
aa0848
     . /usr/lib/kernel/install.conf
aa0848
 fi
aa0848
 
aa0848
-# Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine
aa0848
-# ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate
aa0848
-# a new machine ID in /etc/machine-info. If that fails, use "Default".
aa0848
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ]              && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
aa0848
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ]                && read -r MACHINE_ID 
aa0848
-[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ]   && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
aa0848
-[ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info
aa0848
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ]              && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
aa0848
-[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
aa0848
+# If /etc/machine-id is initialized we'll use it, otherwise we'll use a freshly
aa0848
+# generated one. If the user configured an explicit machine ID to use in
aa0848
+# /etc/machine-info to use for our purpose, we'll use that instead (for
aa0848
+# compatibility).
aa0848
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
aa0848
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ]   && read -r MACHINE_ID 
aa0848
+[ -z "$MACHINE_ID" ] && MACHINE_ID="$(systemd-id128 new)"
aa0848
 
aa0848
 [ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
aa0848
     for pref in "/efi" "/boot" "/boot/efi" ; do