]>
Commit | Line | Data |
---|---|---|
a4023a43 | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
12b42c76 | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
a4023a43 | 5 | |
7d6b2723 | 6 | <refentry id="sd_id128_get_machine" xmlns:xi="http://www.w3.org/2001/XInclude"> |
a4023a43 | 7 | |
798d3a52 ZJS |
8 | <refentryinfo> |
9 | <title>sd_id128_get_machine</title> | |
10 | <productname>systemd</productname> | |
798d3a52 ZJS |
11 | </refentryinfo> |
12 | ||
13 | <refmeta> | |
14 | <refentrytitle>sd_id128_get_machine</refentrytitle> | |
15 | <manvolnum>3</manvolnum> | |
16 | </refmeta> | |
17 | ||
18 | <refnamediv> | |
19 | <refname>sd_id128_get_machine</refname> | |
b5c27ebc | 20 | <refname>sd_id128_get_app_specific</refname> |
70fc4f57 | 21 | <refname>sd_id128_get_machine_app_specific</refname> |
798d3a52 | 22 | <refname>sd_id128_get_boot</refname> |
65d410c7 | 23 | <refname>sd_id128_get_boot_app_specific</refname> |
4b58153d | 24 | <refname>sd_id128_get_invocation</refname> |
798d3a52 ZJS |
25 | <refpurpose>Retrieve 128-bit IDs</refpurpose> |
26 | </refnamediv> | |
27 | ||
28 | <refsynopsisdiv> | |
29 | <funcsynopsis> | |
30 | <funcsynopsisinfo>#include <systemd/sd-id128.h></funcsynopsisinfo> | |
31 | ||
32 | <funcprototype> | |
33 | <funcdef>int <function>sd_id128_get_machine</function></funcdef> | |
34 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
35 | </funcprototype> | |
36 | ||
b5c27ebc ZJS |
37 | <funcprototype> |
38 | <funcdef>int <function>sd_id128_get_app_specific</function></funcdef> | |
39 | <paramdef>sd_id128_t <parameter>base</parameter></paramdef> | |
40 | <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef> | |
41 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
42 | </funcprototype> | |
43 | ||
70fc4f57 LP |
44 | <funcprototype> |
45 | <funcdef>int <function>sd_id128_get_machine_app_specific</function></funcdef> | |
46 | <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef> | |
47 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
48 | </funcprototype> | |
49 | ||
798d3a52 ZJS |
50 | <funcprototype> |
51 | <funcdef>int <function>sd_id128_get_boot</function></funcdef> | |
52 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
53 | </funcprototype> | |
54 | ||
65d410c7 ZJS |
55 | <funcprototype> |
56 | <funcdef>int <function>sd_id128_get_boot_app_specific</function></funcdef> | |
57 | <paramdef>sd_id128_t <parameter>app_id</parameter></paramdef> | |
58 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
59 | </funcprototype> | |
60 | ||
4b58153d LP |
61 | <funcprototype> |
62 | <funcdef>int <function>sd_id128_get_invocation</function></funcdef> | |
63 | <paramdef>sd_id128_t *<parameter>ret</parameter></paramdef> | |
64 | </funcprototype> | |
65 | ||
798d3a52 ZJS |
66 | </funcsynopsis> |
67 | </refsynopsisdiv> | |
68 | ||
69 | <refsect1> | |
70 | <title>Description</title> | |
71 | ||
70fc4f57 LP |
72 | <para><function>sd_id128_get_machine()</function> returns the machine ID of the executing host. This reads and |
73 | parses the <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
74 | file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID | |
75 | may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID | |
76 | as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific | |
86b52a39 | 77 | ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy |
70fc4f57 LP |
78 | <function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para> |
79 | ||
b5c27ebc ZJS |
80 | <para><function>sd_id128_get_app_specific()</function> returns a machine ID that is a combination of the |
81 | <parameter>base</parameter> and <parameter>app_id</parameter> parameters. Internally, this function | |
82 | calculates HMAC-SHA256 of the <parameter>app_id</parameter> parameter keyed by the | |
83 | <parameter>base</parameter> parameter, and truncates this result to fit in | |
84 | <structname>sd_id128_t</structname> and turns it into a valid Variant 1 Version 4 UUID, in accordance | |
85 | with <ulink url="https://tools.ietf.org/html/rfc4122">RFC 4122</ulink>. Neither of the two input | |
86 | parameters can be calculated from the output parameter <parameter>ret</parameter>.</para> | |
87 | ||
70fc4f57 | 88 | <para><function>sd_id128_get_machine_app_specific()</function> is similar to |
b5c27ebc ZJS |
89 | <function>sd_id128_get_machine()</function>, but retrieves a machine ID that is specific to the |
90 | application that is identified by the indicated application ID. It is recommended to use this function | |
91 | instead of <function>sd_id128_get_machine()</function> when passing an ID to untrusted environments, in | |
92 | order to make sure that the original machine ID may not be determined externally. This way, the ID used | |
93 | by the application remains stable on a given machine, but cannot be easily correlated with IDs used in | |
94 | other applications on the same machine. The application-specific ID should be generated via a tool like | |
95 | <command>systemd-id128 new</command>, and may be compiled into the application. This function will return | |
96 | the same application-specific ID for each combination of machine ID and application ID. Internally, this | |
97 | function calls <function>sd_id128_get_app_specific()</function> with the result from | |
98 | <function>sd_id128_get_machine()</function> and the <parameter>app_id</parameter> parameter.</para> | |
65d410c7 ZJS |
99 | |
100 | <para><function>sd_id128_get_boot()</function> returns the boot ID of the executing kernel. This reads and parses | |
101 | the <filename>/proc/sys/kernel/random/boot_id</filename> file exposed by the kernel. It is randomly generated early | |
102 | at boot and is unique for every running kernel instance. See <citerefentry | |
103 | project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more | |
104 | information. This function also internally caches the returned ID to make this call a cheap operation. It is | |
105 | recommended to use this ID as-is only in trusted environments. In untrusted environments it is recommended to | |
173d47f7 | 106 | derive an application specific ID using <function>sd_id128_get_boot_app_specific()</function>, see below.</para> |
65d410c7 ZJS |
107 | |
108 | <para><function>sd_id128_get_boot_app_specific()</function> is analogous to | |
b5c27ebc ZJS |
109 | <function>sd_id128_get_machine_app_specific()</function>, but returns an ID that changes between |
110 | boots. Some machines may be used for a long time without rebooting, hence the boot ID may remain constant | |
111 | for a long time, and has properties similar to the machine ID during that time.</para> | |
798d3a52 | 112 | |
4b58153d | 113 | <para><function>sd_id128_get_invocation()</function> returns the invocation ID of the currently executed |
f0d8358c YW |
114 | service. In its current implementation, this tries to read and parse the following: |
115 | <itemizedlist> | |
116 | <listitem> | |
117 | <para>The <varname>$INVOCATION_ID</varname> environment variable that the service manager sets when | |
118 | activating a service.</para> | |
119 | </listitem> | |
120 | <listitem> | |
121 | <para>An entry in the kernel keyring that the system service manager sets when activating a service. | |
122 | </para> | |
123 | </listitem> | |
124 | </itemizedlist> | |
125 | See <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
126 | for details. The ID is cached internally. In future a different mechanism to determine the invocation ID | |
127 | may be added.</para> | |
4b58153d | 128 | |
6f753092 LP |
129 | <para>Note that <function>sd_id128_get_machine_app_specific()</function>, |
130 | <function>sd_id128_get_boot()</function>, <function>sd_id128_get_boot_app_specific()</function>, and | |
39d02a17 LP |
131 | <function>sd_id128_get_invocation()</function> always return UUID Variant 1 Version 4 compatible IDs. |
132 | <function>sd_id128_get_machine()</function> will also return a UUID Variant 1 Version 4 compatible ID on | |
133 | new installations but might not on older. It is possible to convert the machine ID non-reversibly into a | |
134 | UUID Variant 1 Version 4 compatible one. For more information, see | |
6f753092 | 135 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It is |
48008c1c | 136 | hence guaranteed that these functions will never return the ID consisting of all zero or all one bits |
6f753092 LP |
137 | (<constant>SD_ID128_NULL</constant>, <constant>SD_ID128_ALLF</constant>) — with the possible exception of |
138 | <function>sd_id128_get_machine()</function>, as mentioned.</para> | |
798d3a52 ZJS |
139 | |
140 | <para>For more information about the <literal>sd_id128_t</literal> | |
141 | type see | |
142 | <citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> | |
143 | </refsect1> | |
144 | ||
145 | <refsect1> | |
146 | <title>Return Value</title> | |
147 | ||
ea03f6ba | 148 | <para>Those calls return 0 on success (in which case <parameter>ret</parameter> is filled in), |
6d99c5d1 ZJS |
149 | or a negative errno-style error code.</para> |
150 | ||
151 | <refsect2> | |
152 | <title>Errors</title> | |
153 | <para>Returned errors may indicate the following problems:</para> | |
154 | ||
155 | <variablelist> | |
156 | <varlistentry> | |
157 | <term><constant>-ENOENT</constant></term> | |
158 | ||
c576920e YW |
159 | <listitem><para>Returned by <function>sd_id128_get_machine()</function> and |
160 | <function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename> | |
ec07c3c8 AK |
161 | is missing.</para> |
162 | ||
163 | <xi:include href="version-info.xml" xpointer="v242"/></listitem> | |
6d99c5d1 ZJS |
164 | </varlistentry> |
165 | ||
166 | <varlistentry> | |
167 | <term><constant>-ENOMEDIUM</constant></term> | |
168 | ||
c576920e YW |
169 | <listitem><para>Returned by <function>sd_id128_get_machine()</function> and |
170 | <function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename> | |
75fa1f25 | 171 | is empty or all zeros. Also returned by <function>sd_id128_get_invocation()</function> when the |
ec07c3c8 AK |
172 | invocation ID is all zeros.</para> |
173 | ||
174 | <xi:include href="version-info.xml" xpointer="v242"/></listitem> | |
6d99c5d1 ZJS |
175 | </varlistentry> |
176 | ||
a237c6e0 YW |
177 | <varlistentry> |
178 | <term><constant>-ENOPKG</constant></term> | |
179 | ||
180 | <listitem><para>Returned by <function>sd_id128_get_machine()</function> and | |
181 | <function>sd_id128_get_machine_app_specific()</function> when the content of | |
ec07c3c8 AK |
182 | <filename>/etc/machine-id</filename> is <literal>uninitialized</literal>.</para> |
183 | ||
184 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
a237c6e0 YW |
185 | </varlistentry> |
186 | ||
c576920e YW |
187 | <varlistentry> |
188 | <term><constant>-ENOSYS</constant></term> | |
189 | ||
190 | <listitem><para>Returned by <function>sd_id128_get_boot()</function> and | |
191 | <function>sd_id128_get_boot_app_specific()</function> when <filename>/proc/</filename> is not | |
ec07c3c8 AK |
192 | mounted.</para> |
193 | ||
194 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
c576920e YW |
195 | </varlistentry> |
196 | ||
6d99c5d1 ZJS |
197 | <varlistentry> |
198 | <term><constant>-ENXIO</constant></term> | |
199 | ||
200 | <listitem><para>Returned by <function>sd_id128_get_invocation()</function> if no invocation ID is | |
fa96afb4 ZJS |
201 | set. Also returned by <function>sd_id128_get_app_specific()</function>, |
202 | <function>sd_id128_get_machine_app_specific()</function>, and | |
203 | <function>sd_id128_get_boot_app_specific()</function> when the <parameter>app_id</parameter> | |
204 | parameter is all zeros.</para> | |
ec07c3c8 AK |
205 | |
206 | <xi:include href="version-info.xml" xpointer="v242"/></listitem> | |
6d99c5d1 ZJS |
207 | </varlistentry> |
208 | ||
209 | <varlistentry> | |
e8a66254 | 210 | <term><constant>-EUCLEAN</constant></term> |
6d99c5d1 ZJS |
211 | |
212 | <listitem><para>Returned by any of the functions described here when the configured value has | |
ec07c3c8 AK |
213 | invalid format.</para> |
214 | ||
215 | <xi:include href="version-info.xml" xpointer="v253"/></listitem> | |
6d99c5d1 ZJS |
216 | </varlistentry> |
217 | ||
218 | <varlistentry> | |
219 | <term><constant>-EPERM</constant></term> | |
220 | ||
221 | <listitem><para>Requested information could not be retrieved because of insufficient permissions. | |
ec07c3c8 AK |
222 | </para> |
223 | ||
224 | <xi:include href="version-info.xml" xpointer="v242"/></listitem> | |
6d99c5d1 ZJS |
225 | </varlistentry> |
226 | </variablelist> | |
227 | </refsect2> | |
798d3a52 ZJS |
228 | </refsect1> |
229 | ||
7d6b2723 | 230 | <xi:include href="libsystemd-pkgconfig.xml" /> |
798d3a52 | 231 | |
70fc4f57 LP |
232 | <refsect1> |
233 | <title>Examples</title> | |
234 | ||
235 | <example> | |
236 | <title>Application-specific machine ID</title> | |
237 | ||
adda90b0 ZJS |
238 | <para>First, generate the application ID:</para> |
239 | <programlisting>$ systemd-id128 -p new | |
240 | As string: | |
241 | c273277323db454ea63bb96e79b53e97 | |
242 | ||
243 | As UUID: | |
244 | c2732773-23db-454e-a63b-b96e79b53e97 | |
245 | ||
246 | As man:sd-id128(3) macro: | |
247 | #define MESSAGE_XYZ SD_ID128_MAKE(c2,73,27,73,23,db,45,4e,a6,3b,b9,6e,79,b5,3e,97) | |
248 | ... | |
249 | </programlisting> | |
250 | ||
251 | <para>Then use the new identifier in an example application:</para> | |
70fc4f57 | 252 | |
787f78b6 | 253 | <programlisting><xi:include href="id128-app-specific.c" parse="text" /></programlisting> |
70fc4f57 LP |
254 | </example> |
255 | </refsect1> | |
256 | ||
69106f47 AK |
257 | <refsect1> |
258 | <title>History</title> | |
259 | <para><function>sd_id128_get_boot()</function> was added in version 187.</para> | |
260 | <para><function>sd_id128_get_machine()</function> was added in version 187.</para> | |
261 | <para><function>sd_id128_get_invocation()</function> was added in version 232.</para> | |
262 | <para><function>sd_id128_get_machine_app_specific()</function> was added in version 233.</para> | |
263 | <para><function>sd_id128_get_boot_app_specific()</function> was added in version 240.</para> | |
264 | <para><function>sd_id128_get_app_specific()</function> was added in version 255.</para> | |
265 | </refsect1> | |
266 | ||
798d3a52 ZJS |
267 | <refsect1> |
268 | <title>See Also</title> | |
269 | ||
270 | <para> | |
271 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
0d1d512f | 272 | <citerefentry><refentrytitle>systemd-id128</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
798d3a52 ZJS |
273 | <citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
274 | <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
4b58153d LP |
275 | <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
276 | <citerefentry><refentrytitle>sd_id128_randomize</refentrytitle><manvolnum>3</manvolnum></citerefentry>, | |
277 | <citerefentry project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> | |
798d3a52 ZJS |
278 | </para> |
279 | </refsect1> | |
a4023a43 LP |
280 | |
281 | </refentry> |