You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
4.4 KiB
84 lines
4.4 KiB
2 years ago
|
From c5ec0be7b693e3ac05ea8438ca4ca2e9591db171 Mon Sep 17 00:00:00 2001
|
||
|
From: Lennart Poettering <lennart@poettering.net>
|
||
|
Date: Wed, 9 Feb 2022 13:59:36 +0100
|
||
|
Subject: [PATCH] kernel-install: don't try to persist used machine ID locally
|
||
|
|
||
|
This reworks the how machine ID used by the boot loader spec snippet
|
||
|
generation logic. Instead of persisting it automatically to /etc/ we'll
|
||
|
append it via systemd.machined_id= to the kernel command line, and thus
|
||
|
persist it in the generated boot loader spec snippets instead. This has
|
||
|
nice benefits:
|
||
|
|
||
|
1. We do not collide with read-only root
|
||
|
2. The machine ID remains stable across factory reset, so that we can
|
||
|
safely recognize the path in $BOOT we drop our kernel images in
|
||
|
again, i.e. kernel updates will work correctly and safely across
|
||
|
kernel factory resets.
|
||
|
3. Previously regular systems had different machine IDs while in
|
||
|
initrd and after booting into the host system. With this change
|
||
|
they will now have the same.
|
||
|
|
||
|
This then drops implicit persisting of KERNEL_INSTALL_MACHINE_ID, as its
|
||
|
unnecessary then. The field is still honoured though, for compat
|
||
|
reasons.
|
||
|
|
||
|
This also drops the "Default" fallback previously used, as it actually
|
||
|
is without effect, the randomized ID generation already took precedence
|
||
|
in all cases. This means $MACHNE_ID/KERNEL_INSTALL_MACHINE_ID are now
|
||
|
guaranteed to look like a proper machine ID, which is useful for us,
|
||
|
given you need it that way to be able to pass it to the
|
||
|
systemd.machine_id= kernel command line option.
|
||
|
|
||
|
(cherry picked from commit 11ce3ea2f2219ab9c0700bcf7f8ed4312d80e937)
|
||
|
|
||
|
Related: #2065061
|
||
|
---
|
||
|
src/kernel-install/90-loaderentry.install | 6 +++++-
|
||
|
src/kernel-install/kernel-install | 16 +++++++---------
|
||
|
2 files changed, 12 insertions(+), 10 deletions(-)
|
||
|
|
||
|
diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
|
||
|
index 3edefdefb4..046771169c 100644
|
||
|
--- a/src/kernel-install/90-loaderentry.install
|
||
|
+++ b/src/kernel-install/90-loaderentry.install
|
||
|
@@ -68,7 +68,11 @@ elif [ -r /usr/lib/kernel/cmdline ]; then
|
||
|
else
|
||
|
BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
|
||
|
fi
|
||
|
-BOOT_OPTIONS="${BOOT_OPTIONS% }"
|
||
|
+
|
||
|
+# Suffix with the machine ID we use, so that the machine ID remains stable,
|
||
|
+# even during factory reset, in the initrd (where the system's machine ID is
|
||
|
+# not directly accessible yet), and if the root file system is volatile.
|
||
|
+BOOT_OPTIONS="${BOOT_OPTIONS% } systemd.machine_id=$MACHINE_ID"
|
||
|
|
||
|
if [ -r /etc/kernel/tries ]; then
|
||
|
read -r TRIES </etc/kernel/tries
|
||
|
diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
|
||
|
index 8cfef3208d..e94aa79bc6 100755
|
||
|
--- a/src/kernel-install/kernel-install
|
||
|
+++ b/src/kernel-install/kernel-install
|
||
|
@@ -89,15 +89,13 @@ elif [ -r "/usr/lib/kernel/install.conf" ]; then
|
||
|
. /usr/lib/kernel/install.conf
|
||
|
fi
|
||
|
|
||
|
-# Prefer to use an existing machine ID from /etc/machine-info or /etc/machine-id. If we're using the machine
|
||
|
-# ID /etc/machine-id, try to persist it in /etc/machine-info. If no machine ID is found, try to generate
|
||
|
-# a new machine ID in /etc/machine-info. If that fails, use "Default".
|
||
|
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
||
|
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
|
||
|
-[ -n "$MACHINE_ID" ] && [ -z "$KERNEL_INSTALL_MACHINE_ID" ] && echo "KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID" >>/etc/machine-info
|
||
|
-[ -z "$MACHINE_ID" ] && NEW_MACHINE_ID="$(systemd-id128 new)" && echo "KERNEL_INSTALL_MACHINE_ID=$NEW_MACHINE_ID" >>/etc/machine-info
|
||
|
-[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
||
|
-[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
|
||
|
+# If /etc/machine-id is initialized we'll use it, otherwise we'll use a freshly
|
||
|
+# generated one. If the user configured an explicit machine ID to use in
|
||
|
+# /etc/machine-info to use for our purpose, we'll use that instead (for
|
||
|
+# compatibility).
|
||
|
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
||
|
+[ -z "$MACHINE_ID" ] && [ -r /etc/machine-id ] && read -r MACHINE_ID </etc/machine-id
|
||
|
+[ -z "$MACHINE_ID" ] && MACHINE_ID="$(systemd-id128 new)"
|
||
|
|
||
|
[ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "loader/entries"; do
|
||
|
for pref in "/efi" "/boot" "/boot/efi" ; do
|