man/sd_id128_get_machine.xml

   1 <?xml version='1.0'?> <!--*-nxml-*-->
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
   4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
   5
   6 <refentry id="sd_id128_get_machine" xmlns:xi="http://www.w3.org/2001/XInclude">
   7
   8   <refentryinfo>
   9     <title>sd_id128_get_machine</title>
  10     <productname>systemd</productname>
  11   </refentryinfo>
  12
  13   <refmeta>
  14     <refentrytitle>sd_id128_get_machine</refentrytitle>
  15     <manvolnum>3</manvolnum>
  16   </refmeta>
  17
  18   <refnamediv>
  19     <refname>sd_id128_get_machine</refname>
  20     <refname>sd_id128_get_app_specific</refname>
  21     <refname>sd_id128_get_machine_app_specific</refname>
  22     <refname>sd_id128_get_boot</refname>
  23     <refname>sd_id128_get_boot_app_specific</refname>
  24     <refname>sd_id128_get_invocation</refname>
  25     <refpurpose>Retrieve 128-bit IDs</refpurpose>
  26   </refnamediv>
  27
  28   <refsynopsisdiv>
  29     <funcsynopsis>
  30       <funcsynopsisinfo>#include &lt;systemd/sd-id128.h&gt;</funcsynopsisinfo>
  31
  32       <funcprototype>
  33         <funcdef>int <function>sd_id128_get_machine</function></funcdef>
  34         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  35       </funcprototype>
  36
  37       <funcprototype>
  38         <funcdef>int <function>sd_id128_get_app_specific</function></funcdef>
  39         <paramdef>sd_id128_t <parameter>base</parameter></paramdef>
  40         <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
  41         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  42       </funcprototype>
  43
  44       <funcprototype>
  45         <funcdef>int <function>sd_id128_get_machine_app_specific</function></funcdef>
  46         <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
  47         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  48       </funcprototype>
  49
  50       <funcprototype>
  51         <funcdef>int <function>sd_id128_get_boot</function></funcdef>
  52         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  53       </funcprototype>
  54
  55       <funcprototype>
  56         <funcdef>int <function>sd_id128_get_boot_app_specific</function></funcdef>
  57         <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
  58         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  59       </funcprototype>
  60
  61       <funcprototype>
  62         <funcdef>int <function>sd_id128_get_invocation</function></funcdef>
  63         <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
  64       </funcprototype>
  65
  66     </funcsynopsis>
  67   </refsynopsisdiv>
  68
  69   <refsect1>
  70     <title>Description</title>
  71
  72     <para><function>sd_id128_get_machine()</function> returns the machine ID of the executing host. This reads and
  73     parses the <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>
  74     file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
  75     may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
  76     as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
  77     ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy
  78     <function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
  79
  80     <para><function>sd_id128_get_app_specific()</function> returns a machine ID that is a combination of the
  81     <parameter>base</parameter> and <parameter>app_id</parameter> parameters. Internally, this function
  82     calculates HMAC-SHA256 of the <parameter>app_id</parameter> parameter keyed by the
  83     <parameter>base</parameter> parameter, and truncates this result to fit in
  84     <structname>sd_id128_t</structname> and turns it into a valid Variant 1 Version 4 UUID, in accordance
  85     with <ulink url="https://tools.ietf.org/html/rfc4122">RFC 4122</ulink>. Neither of the two input
  86     parameters can be calculated from the output parameter <parameter>ret</parameter>.</para>
  87
  88     <para><function>sd_id128_get_machine_app_specific()</function> is similar to
  89     <function>sd_id128_get_machine()</function>, but retrieves a machine ID that is specific to the
  90     application that is identified by the indicated application ID. It is recommended to use this function
  91     instead of <function>sd_id128_get_machine()</function> when passing an ID to untrusted environments, in
  92     order to make sure that the original machine ID may not be determined externally. This way, the ID used
  93     by the application remains stable on a given machine, but cannot be easily correlated with IDs used in
  94     other applications on the same machine. The application-specific ID should be generated via a tool like
  95     <command>systemd-id128 new</command>, and may be compiled into the application. This function will return
  96     the same application-specific ID for each combination of machine ID and application ID. Internally, this
  97     function calls <function>sd_id128_get_app_specific()</function> with the result from
  98     <function>sd_id128_get_machine()</function> and the <parameter>app_id</parameter> parameter.</para>
  99
 100     <para><function>sd_id128_get_boot()</function> returns the boot ID of the executing kernel. This reads and parses
 101     the <filename>/proc/sys/kernel/random/boot_id</filename> file exposed by the kernel. It is randomly generated early
 102     at boot and is unique for every running kernel instance. See <citerefentry
 103     project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more
 104     information. This function also internally caches the returned ID to make this call a cheap operation. It is
 105     recommended to use this ID as-is only in trusted environments. In untrusted environments it is recommended to
 106     derive an application specific ID using <function>sd_id128_get_boot_app_specific()</function>, see below.</para>
 107
 108     <para><function>sd_id128_get_boot_app_specific()</function> is analogous to
 109     <function>sd_id128_get_machine_app_specific()</function>, but returns an ID that changes between
 110     boots. Some machines may be used for a long time without rebooting, hence the boot ID may remain constant
 111     for a long time, and has properties similar to the machine ID during that time.</para>
 112
 113     <para><function>sd_id128_get_invocation()</function> returns the invocation ID of the currently executed
 114     service. In its current implementation, this tries to read and parse the following:
 115     <itemizedlist>
 116       <listitem>
 117         <para>The <varname>$INVOCATION_ID</varname> environment variable that the service manager sets when
 118         activating a service.</para>
 119       </listitem>
 120       <listitem>
 121         <para>An entry in the kernel keyring that the system service manager sets when activating a service.
 122         </para>
 123       </listitem>
 124     </itemizedlist>
 125     See <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
 126     for details. The ID is cached internally. In future a different mechanism to determine the invocation ID
 127     may be added.</para>
 128
 129     <para>Note that <function>sd_id128_get_machine_app_specific()</function>,
 130     <function>sd_id128_get_boot()</function>, <function>sd_id128_get_boot_app_specific()</function>, and
 131     <function>sd_id128_get_invocation()</function> always return UUID Variant 1 Version 4 compatible IDs.
 132     <function>sd_id128_get_machine()</function> will also return a UUID Variant 1 Version 4 compatible ID on
 133     new installations but might not on older. It is possible to convert the machine ID non-reversibly into a
 134     UUID Variant 1 Version 4 compatible one. For more information, see
 135     <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It is
 136     hence guaranteed that these functions will never return the ID consisting of all zero or all one bits
 137     (<constant>SD_ID128_NULL</constant>, <constant>SD_ID128_ALLF</constant>) — with the possible exception of
 138     <function>sd_id128_get_machine()</function>, as mentioned.</para>
 139
 140     <para>For more information about the <literal>sd_id128_t</literal>
 141     type see
 142     <citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
 143   </refsect1>
 144
 145   <refsect1>
 146     <title>Return Value</title>
 147
 148     <para>Those calls return 0 on success (in which case <parameter>ret</parameter> is filled in),
 149     or a negative errno-style error code.</para>
 150
 151     <refsect2>
 152       <title>Errors</title>
 153       <para>Returned errors may indicate the following problems:</para>
 154
 155       <variablelist>
 156         <varlistentry>
 157           <term><constant>-ENOENT</constant></term>
 158
 159           <listitem><para>Returned by <function>sd_id128_get_machine()</function> and
 160           <function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename>
 161           is missing.</para>
 162
 163           <xi:include href="version-info.xml" xpointer="v242"/></listitem>
 164         </varlistentry>
 165
 166         <varlistentry>
 167           <term><constant>-ENOMEDIUM</constant></term>
 168
 169           <listitem><para>Returned by <function>sd_id128_get_machine()</function> and
 170           <function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename>
 171           is empty or all zeros. Also returned by <function>sd_id128_get_invocation()</function> when the
 172           invocation ID is all zeros.</para>
 173
 174           <xi:include href="version-info.xml" xpointer="v242"/></listitem>
 175         </varlistentry>
 176
 177         <varlistentry>
 178           <term><constant>-ENOPKG</constant></term>
 179
 180           <listitem><para>Returned by <function>sd_id128_get_machine()</function> and
 181           <function>sd_id128_get_machine_app_specific()</function> when the content of
 182           <filename>/etc/machine-id</filename> is <literal>uninitialized</literal>.</para>
 183
 184           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
 185         </varlistentry>
 186
 187         <varlistentry>
 188           <term><constant>-ENOSYS</constant></term>
 189
 190           <listitem><para>Returned by <function>sd_id128_get_boot()</function> and
 191           <function>sd_id128_get_boot_app_specific()</function> when <filename>/proc/</filename> is not
 192           mounted.</para>
 193
 194           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
 195         </varlistentry>
 196
 197         <varlistentry>
 198           <term><constant>-ENXIO</constant></term>
 199
 200           <listitem><para>Returned by <function>sd_id128_get_invocation()</function> if no invocation ID is
 201           set. Also returned by <function>sd_id128_get_app_specific()</function>,
 202           <function>sd_id128_get_machine_app_specific()</function>, and
 203           <function>sd_id128_get_boot_app_specific()</function> when the <parameter>app_id</parameter>
 204           parameter is all zeros.</para>
 205
 206           <xi:include href="version-info.xml" xpointer="v242"/></listitem>
 207         </varlistentry>
 208
 209         <varlistentry>
 210           <term><constant>-EUCLEAN</constant></term>
 211
 212           <listitem><para>Returned by any of the functions described here when the configured value has
 213           invalid format.</para>
 214
 215           <xi:include href="version-info.xml" xpointer="v253"/></listitem>
 216         </varlistentry>
 217
 218         <varlistentry>
 219           <term><constant>-EPERM</constant></term>
 220
 221           <listitem><para>Requested information could not be retrieved because of insufficient permissions.
 222           </para>
 223
 224           <xi:include href="version-info.xml" xpointer="v242"/></listitem>
 225         </varlistentry>
 226       </variablelist>
 227     </refsect2>
 228   </refsect1>
 229
 230   <xi:include href="libsystemd-pkgconfig.xml" />
 231
 232   <refsect1>
 233     <title>Examples</title>
 234
 235     <example>
 236       <title>Application-specific machine ID</title>
 237
 238       <para>First, generate the application ID:</para>
 239       <programlisting>$ systemd-id128 -p new
 240 As string:
 241 c273277323db454ea63bb96e79b53e97
 242
 243 As UUID:
 244 c2732773-23db-454e-a63b-b96e79b53e97
 245
 246 As man:sd-id128(3) macro:
 247 #define MESSAGE_XYZ SD_ID128_MAKE(c2,73,27,73,23,db,45,4e,a6,3b,b9,6e,79,b5,3e,97)
 248 ...
 249 </programlisting>
 250
 251       <para>Then use the new identifier in an example application:</para>
 252
 253       <programlisting><xi:include href="id128-app-specific.c" parse="text" /></programlisting>
 254     </example>
 255   </refsect1>
 256
 257   <refsect1>
 258     <title>See Also</title>
 259
 260     <para>
 261       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
 262       <citerefentry><refentrytitle>systemd-id128</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
 263       <citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 264       <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
 265       <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
 266       <citerefentry><refentrytitle>sd_id128_randomize</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
 267       <citerefentry project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry>
 268     </para>
 269   </refsect1>
 270
 271 </refentry>