Add back MachineId= setting

To build an image with a dm-verity protected root partition that has
a persistent machine ID, the machine ID has to be embedded in the image,
so let's add back the MachineId= setting to support this use case.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 6737b792db732cc537531f619f2656c903c5b124..2a0f417167c699d4bdb859779981bbf4addff187 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -194,7 +194,12 @@ def install_distribution(context: Context) -> None:
         with complete_step(f"Installing {str(context.config.distribution).capitalize()}"):
             context.config.distribution.install(context)
 
-            if (context.root / "etc").exists() and not (context.root / "etc/machine-id").exists():
+            if context.config.machine_id:
+                with umask(~0o755):
+                    (context.root / "etc").mkdir(exist_ok=True)
+                with umask(~0o444):
+                    (context.root / "etc/machine-id").write_text(context.config.machine_id.hex)
+            elif (context.root / "etc").exists() and not (context.root / "etc/machine-id").exists():
                 # Uninitialized means we want it to get initialized on first boot.
                 with umask(~0o444):
                     (context.root / "etc/machine-id").write_text("uninitialized\n")

diff --git a/mkosi/config.py b/mkosi/config.py
index 894fb7d98838ed8cda4f1982c449dc159729cffa..0fc3067faecbcc8d03fb77a03f1ff8b38ee71e1b 100644 (file)
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -1515,6 +1515,7 @@ class Config:
     hostname: Optional[str]
     root_password: Optional[tuple[str, bool]]
     root_shell: Optional[str]
+    machine_id: Optional[uuid.UUID]
 
     autologin: bool
     make_initrd: bool
@@ -2577,6 +2578,15 @@ SETTINGS = (
         parse=config_parse_string,
         help="Set the shell for root",
     ),
+    ConfigSetting(
+        dest="machine_id",
+        metavar="MACHINE_ID",
+        section="Content",
+        parse=config_parse_uuid,
+        paths=("mkosi.machine-id",),
+        path_read_text=True,
+        help="Set the machine ID to use",
+    ),
     ConfigSetting(
         dest="autologin",
         short="-a",
@@ -4300,6 +4310,7 @@ def summary(config: Config) -> str:
                            Hostname: {none_to_default(config.hostname)}
                       Root Password: {("(set)" if config.root_password else "(default)")}
                          Root Shell: {none_to_default(config.root_shell)}
+                         Machine ID: {none_to_none(config.machine_id)}
 
                           Autologin: {yes_no(config.autologin)}
                         Make Initrd: {yes_no(config.make_initrd)}
@@ -4427,6 +4438,9 @@ def json_type_transformer(refcls: Union[type[Args], type[Config]]) -> Callable[[
     def uuid_transformer(uuidstr: str, fieldtype: type[uuid.UUID]) -> uuid.UUID:
         return uuid.UUID(uuidstr)
 
+    def optional_uuid_transformer(uuidstr: Optional[str], fieldtype: type[Optional[uuid.UUID]]) -> Optional[uuid.UUID]:
+        return uuid.UUID(uuidstr) if uuidstr is not None else None
+
     def root_password_transformer(
         rootpw: Optional[list[Union[str, bool]]], fieldtype: type[Optional[tuple[str, bool]]]
     ) -> Optional[tuple[str, bool]]:
@@ -4499,6 +4513,7 @@ def json_type_transformer(refcls: Union[type[Args], type[Config]]) -> Callable[[
         Optional[Path]: optional_path_transformer,
         list[Path]: path_list_transformer,
         uuid.UUID: uuid_transformer,
+        Optional[uuid.UUID]: optional_uuid_transformer,
         Optional[tuple[str, bool]]: root_password_transformer,
         list[ConfigTree]: config_tree_transformer,
         Architecture: enum_transformer,

diff --git a/mkosi/resources/man/mkosi.md b/mkosi/resources/man/mkosi.md
index ab63e31f4b5cc9ee9deff59943425872114011e0..08e007d41765e8c49b24c434fd21b8a50464b6ba 100644 (file)
--- a/mkosi/resources/man/mkosi.md
+++ b/mkosi/resources/man/mkosi.md
@@ -1098,6 +1098,14 @@ boolean argument: either `1`, `yes`, or `true` to enable, or `0`, `no`,
     a host system with the same SELinux policy as the image you're
     building.
 
+`MachineId=`, `--machine-id=`
+
+:  Takes a UUID or the special value `random`. Sets the machine ID of the
+   image to the specified UUID. If set to `random`, a random UUID will be
+   written to `/etc/machine-id`. If not specified explicitly and the file
+   `mkosi.machine-id` exists in the local directory, the UUID to use it
+   read from it. Otherwise, `uninitialized` will be written to `/etc/machine-id`.
+
 ### [Validation] Section
 
 `SecureBoot=`, `--secure-boot`

diff --git a/tests/test_json.py b/tests/test_json.py
index f887d3f800c459a4b78fd005ad8e92958fd7cd7c..896cc0482d68e4882ff2dfaa9f2be49ec79a19d7 100644 (file)
--- a/tests/test_json.py
+++ b/tests/test_json.py
@@ -185,6 +185,7 @@ def test_config() -> None:
             "Locale": "en_C.UTF-8",
             "LocaleMessages": "",
             "Machine": "machine",
+            "MachineId": "b58253b0-cc92-4a34-8782-bcd99b20d07f",
             "MakeInitrd": false,
             "ManifestFormat": [
                 "json",
@@ -420,6 +421,7 @@ def test_config() -> None:
         locale="en_C.UTF-8",
         locale_messages="",
         machine="machine",
+        machine_id=uuid.UUID("b58253b0cc924a348782bcd99b20d07f"),
         make_initrd=False,
         manifest_format=[ManifestFormat.json, ManifestFormat.changelog],
         minimum_version=GenericVersion("123"),