]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/machine-id-setup.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/mount.h>
36 #include "machine-id-setup.h"
39 #include "path-util.h"
40 #include "process-util.h"
41 #include "string-util.h"
45 static int shorten_uuid ( char destination
[ 34 ], const char source
[ 36 ]) {
51 /* Converts a UUID into a machine ID, by lowercasing it and
52 * removing dashes. Validates everything. */
54 for ( i
= 0 , j
= 0 ; i
< 36 && j
< 32 ; i
++) {
57 t
= unhexchar ( source
[ i
]);
61 destination
[ j
++] = hexchar ( t
);
64 if ( i
!= 36 || j
!= 32 )
67 destination
[ 32 ] = ' \n ' ;
72 static int read_machine_id ( int fd
, char id
[ 34 ]) {
73 char id_to_validate
[ 34 ];
79 /* Reads a machine ID from a file, validates it, and returns
80 * it. The returned ID ends in a newline. */
82 r
= loop_read_exact ( fd
, id_to_validate
, 33 , false );
86 if ( id_to_validate
[ 32 ] != ' \n ' )
89 id_to_validate
[ 32 ] = 0 ;
91 if (! id128_is_valid ( id_to_validate
))
94 memcpy ( id
, id_to_validate
, 32 );
100 static int write_machine_id ( int fd
, char id
[ 34 ]) {
104 if ( lseek ( fd
, 0 , SEEK_SET
) < 0 )
107 return loop_write ( fd
, id
, 33 , false );
110 static int generate_machine_id ( char id
[ 34 ], const char * root
) {
115 const char * dbus_machine_id
;
120 dbus_machine_id
= "/var/lib/dbus/machine-id" ;
122 dbus_machine_id
= strjoina ( root
, "/var/lib/dbus/machine-id" );
124 /* First, try reading the D-Bus machine id, unless it is a symlink */
125 fd
= open ( dbus_machine_id
, O_RDONLY
| O_CLOEXEC
| O_NOCTTY
| O_NOFOLLOW
);
127 r
= read_machine_id ( fd
, id
);
131 log_info ( "Initializing machine ID from D-Bus machine ID." );
137 /* If that didn't work, see if we are running in a container,
138 * and a machine ID was passed in via $container_uuid the way
139 * libvirt/LXC does it */
141 if ( detect_container () > 0 ) {
142 _cleanup_free_
char * e
= NULL
;
144 r
= getenv_for_pid ( 1 , "container_uuid" , & e
);
146 r
= shorten_uuid ( id
, e
);
148 log_info ( "Initializing machine ID from container UUID." );
153 } else if ( detect_vm () == VIRTUALIZATION_KVM
) {
155 /* If we are not running in a container, see if we are
156 * running in qemu/kvm and a machine ID was passed in
157 * via -uuid on the qemu/kvm command line */
161 fd
= open ( "/sys/class/dmi/id/product_uuid" , O_RDONLY
| O_CLOEXEC
| O_NOCTTY
| O_NOFOLLOW
);
163 r
= loop_read_exact ( fd
, uuid
, 36 , false );
167 r
= shorten_uuid ( id
, uuid
);
169 log_info ( "Initializing machine ID from KVM UUID." );
177 /* If that didn't work, generate a random machine id */
178 r
= sd_id128_randomize (& buf
);
180 return log_error_errno ( r
, "Failed to open /dev/urandom: %m" );
182 for ( p
= buf
. bytes
, q
= id
; p
< buf
. bytes
+ sizeof ( buf
); p
++, q
+= 2 ) {
183 q
[ 0 ] = hexchar (* p
>> 4 );
184 q
[ 1 ] = hexchar (* p
& 15 );
190 log_info ( "Initializing machine ID from random generator." );
195 int machine_id_setup ( const char * root
) {
196 const char * etc_machine_id
, * run_machine_id
;
197 _cleanup_close_
int fd
= - 1 ;
198 bool writable
= true ;
199 char id
[ 34 ]; /* 32 + \n + \0 */
203 etc_machine_id
= "/etc/machine-id" ;
204 run_machine_id
= "/run/machine-id" ;
208 x
= strjoina ( root
, "/etc/machine-id" );
209 etc_machine_id
= path_kill_slashes ( x
);
211 x
= strjoina ( root
, "/run/machine-id" );
212 run_machine_id
= path_kill_slashes ( x
);
215 RUN_WITH_UMASK ( 0000 ) {
216 /* We create this 0444, to indicate that this isn't really
217 * something you should ever modify. Of course, since the file
218 * will be owned by root it doesn't matter much, but maybe
221 mkdir_parents ( etc_machine_id
, 0755 );
222 fd
= open ( etc_machine_id
, O_RDWR
| O_CREAT
| O_CLOEXEC
| O_NOCTTY
, 0444 );
224 int old_errno
= errno
;
226 fd
= open ( etc_machine_id
, O_RDONLY
| O_CLOEXEC
| O_NOCTTY
);
228 if ( old_errno
== EROFS
&& errno
== ENOENT
)
229 log_error_errno ( errno
,
230 "System cannot boot: Missing /etc/machine-id and /etc is mounted read-only. \n "
231 "Booting up is supported only when: \n "
232 "1) /etc/machine-id exists and is populated. \n "
233 "2) /etc/machine-id exists and is empty. \n "
234 "3) /etc/machine-id is missing and /etc is writable. \n " );
236 log_error_errno ( errno
, "Cannot open %s: %m" , etc_machine_id
);
245 if ( read_machine_id ( fd
, id
) >= 0 )
248 /* Hmm, so, the id currently stored is not useful, then let's
251 r
= generate_machine_id ( id
, root
);
256 if ( write_machine_id ( fd
, id
) >= 0 )
261 /* Hmm, we couldn't write it? So let's write it to
262 * /run/machine-id as a replacement */
264 RUN_WITH_UMASK ( 0022 ) {
265 r
= write_string_file ( run_machine_id
, id
, WRITE_STRING_FILE_CREATE
);
268 ( void ) unlink ( run_machine_id
);
269 return log_error_errno ( r
, "Cannot write %s: %m" , run_machine_id
);
272 /* And now, let's mount it over */
273 if ( mount ( run_machine_id
, etc_machine_id
, NULL
, MS_BIND
, NULL
) < 0 ) {
274 ( void ) unlink_noerrno ( run_machine_id
);
275 return log_error_errno ( errno
, "Failed to mount %s: %m" , etc_machine_id
);
278 log_info ( "Installed transient %s file." , etc_machine_id
);
280 /* Mark the mount read-only */
281 if ( mount ( NULL
, etc_machine_id
, NULL
, MS_BIND
| MS_RDONLY
| MS_REMOUNT
, NULL
) < 0 )
282 log_warning_errno ( errno
, "Failed to make transient %s read-only: %m" , etc_machine_id
);
287 int machine_id_commit ( const char * root
) {
288 _cleanup_close_
int fd
= - 1 , initial_mntns_fd
= - 1 ;
289 const char * etc_machine_id
;
290 char id
[ 34 ]; /* 32 + \n + \0 */
294 etc_machine_id
= "/etc/machine-id" ;
298 x
= strjoina ( root
, "/etc/machine-id" );
299 etc_machine_id
= path_kill_slashes ( x
);
302 r
= path_is_mount_point ( etc_machine_id
, 0 );
304 return log_error_errno ( r
, "Failed to determine whether %s is a mount point: %m" , etc_machine_id
);
306 log_debug ( "%s is is not a mount point. Nothing to do." , etc_machine_id
);
310 /* Read existing machine-id */
311 fd
= open ( etc_machine_id
, O_RDONLY
| O_CLOEXEC
| O_NOCTTY
);
313 return log_error_errno ( errno
, "Cannot open %s: %m" , etc_machine_id
);
315 r
= read_machine_id ( fd
, id
);
317 return log_error_errno ( r
, "We didn't find a valid machine ID in %s." , etc_machine_id
);
319 r
= fd_is_temporary_fs ( fd
);
321 return log_error_errno ( r
, "Failed to determine whether %s is on a temporary file system: %m" , etc_machine_id
);
323 log_error ( "%s is not on a temporary file system." , etc_machine_id
);
329 /* Store current mount namespace */
330 r
= namespace_open ( 0 , NULL
, & initial_mntns_fd
, NULL
, NULL
, NULL
);
332 return log_error_errno ( r
, "Can't fetch current mount namespace: %m" );
334 /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
335 if ( unshare ( CLONE_NEWNS
) < 0 )
336 return log_error_errno ( errno
, "Failed to enter new namespace: %m" );
338 if ( mount ( NULL
, "/" , NULL
, MS_SLAVE
| MS_REC
, NULL
) < 0 )
339 return log_error_errno ( errno
, "Couldn't make-rslave / mountpoint in our private namespace: %m" );
341 if ( umount ( etc_machine_id
) < 0 )
342 return log_error_errno ( errno
, "Failed to unmount transient %s file in our private namespace: %m" , etc_machine_id
);
344 /* Update a persistent version of etc_machine_id */
345 fd
= open ( etc_machine_id
, O_RDWR
| O_CREAT
| O_CLOEXEC
| O_NOCTTY
, 0444 );
347 return log_error_errno ( errno
, "Cannot open for writing %s. This is mandatory to get a persistent machine-id: %m" , etc_machine_id
);
349 r
= write_machine_id ( fd
, id
);
351 return log_error_errno ( r
, "Cannot write %s: %m" , etc_machine_id
);
355 /* Return to initial namespace and proceed a lazy tmpfs unmount */
356 r
= namespace_enter (- 1 , initial_mntns_fd
, - 1 , - 1 , - 1 );
358 return log_warning_errno ( r
, "Failed to switch back to initial mount namespace: %m. \n We'll keep transient %s file until next reboot." , etc_machine_id
);
360 if ( umount2 ( etc_machine_id
, MNT_DETACH
) < 0 )
361 return log_warning_errno ( errno
, "Failed to unmount transient %s file: %m. \n We keep that mount until next reboot." , etc_machine_id
);