<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>system.machine_id</varname></term>
+ <listitem>
+ <para>Takes a 128bit ID to initialize the machine ID from (if it is not set yet). Interpreted by
+ the service manager (PID 1). For details see
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
notification via VSOCK when a virtual machine has finished booting.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>system.machine_id</varname></term>
+ <listitem>
+ <para>Takes a 128bit hexadecimal ID to initialize <filename>/etc/machine-id</filename> from, if the
+ file is not set up yet. See
+ <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ details.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
return r;
}
+ /* Pull credentials from various sources into a common credential directory (we do
+ * this here, before setting up the machine ID, so that we can use credential info
+ * for setting up the machine ID) */
+ (void) import_credentials();
+
(void) os_release_status();
(void) hostname_setup(true);
/* Force transient machine-id on first boot. */
- machine_id_setup(NULL, /* force_transient= */ first_boot, arg_machine_id, NULL);
+ machine_id_setup(/* root= */ NULL, /* force_transient= */ first_boot, arg_machine_id, /* ret_machine_id */ NULL);
(void) loopback_setup();
bump_unix_max_dgram_qlen();
bump_file_max_and_nr_open();
(void) bump_rlimit_nofile(saved_rlimit_nofile);
(void) bump_rlimit_memlock(saved_rlimit_memlock);
- /* Pull credentials from various sources into a common credential directory */
- if (arg_runtime_scope == RUNTIME_SCOPE_SYSTEM && !skip_setup)
- (void) import_credentials();
-
return 0;
}
#include "alloc-util.h"
#include "chase.h"
+#include "creds-util.h"
#include "fd-util.h"
#include "id128-util.h"
#include "io-util.h"
#include "umask-util.h"
#include "virt.h"
+static int acquire_machine_id_from_credential(sd_id128_t *ret) {
+ _cleanup_free_ char *buf = NULL;
+ int r;
+
+ r = read_credential_with_decryption("system.machine_id", (void**) &buf, /* ret_size= */ NULL);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to read system.machine_id credential, ignoring: %m");
+ if (r == 0) /* not found */
+ return -ENXIO;
+
+ r = sd_id128_from_string(buf, ret);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to parse system.machine_id credential, ignoring: %m");
+
+ log_info("Initializing machine ID from credential.");
+ return 0;
+}
+
static int generate_machine_id(const char *root, sd_id128_t *ret) {
_cleanup_close_ int fd = -EBADF;
int r;
}
if (isempty(root) && running_in_chroot() <= 0) {
+ /* Let's use a system credential for the machine ID if we can */
+ r = acquire_machine_id_from_credential(ret);
+ if (r >= 0)
+ return r;
+
/* If that didn't work, see if we are running in a container,
* and a machine ID was passed in via $container_uuid the way
* libvirt/LXC does it */