1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

Merge pull request #19507 from nabijaczleweli/bootctlpsko-lite

bootctl: take --make-machine-id-directory=yes|no|auto and make/remove \$MACHINE_ID accordingly
This commit is contained in:
Yu Watanabe 2021-05-06 12:44:21 +09:00 committed by GitHub
commit f0373df1a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 119 additions and 12 deletions

View File

@ -237,6 +237,19 @@
cannot be written. Currently only applies to random seed operations.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--make-machine-id-directory=yes|no|auto</option></term>
<listitem><para>Control creation and deletion of <literal>$ESP/$MACHINE_ID</literal> during
<option>install</option> and <option>remove</option>, respectively.
<literal>auto</literal> is equivalent to to <literal>yes</literal> if <literal>/etc/machine-id</literal>
resides on a filesystem other than tmpfs and <literal>no</literal> otherwise.
Defaults to <literal>auto</literal>.</para>
<para>Overriding this may be desired to hide the machine ID from the (unencrypted) ESP,
configure a <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> script, or,
conversely, commit a machine-id that only appears transient.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager"/>
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>

View File

@ -722,7 +722,7 @@ if time_epoch == -1
if time_epoch == '' and git.found() and run_command('test', '-e', '.git').returncode() == 0
# If we're in a git repository, use the creation time of the latest git tag.
latest_tag = run_command('git', 'describe', '--abbrev=0', '--tags').stdout().strip()
time_epoch = run_command('git', 'log', '-1', '--format=%at', latest_tag).stdout()
time_epoch = run_command('git', 'log', '--no-show-signature', '-1', '--format=%at', latest_tag).stdout()
endif
if time_epoch == ''
NEWS = files('NEWS')

View File

@ -29,6 +29,7 @@
#include "main-func.h"
#include "mkdir.h"
#include "pager.h"
#include "parse-argument.h"
#include "parse-util.h"
#include "pretty-print.h"
#include "random-util.h"
@ -52,6 +53,7 @@ static bool arg_print_dollar_boot_path = false;
static bool arg_touch_variables = true;
static PagerFlags arg_pager_flags = 0;
static bool arg_graceful = false;
static int arg_make_machine_id_directory = -1;
STATIC_DESTRUCTOR_REGISTER(arg_esp_path, freep);
STATIC_DESTRUCTOR_REGISTER(arg_xbootldr_path, freep);
@ -112,6 +114,19 @@ static int acquire_xbootldr(bool unprivileged_mode, sd_id128_t *ret_uuid) {
return 1;
}
static void settle_make_machine_id_directory(void) {
int r;
if (arg_make_machine_id_directory >= 0)
return;
r = path_is_temporary_fs("/etc/machine-id");
if (r < 0)
log_debug_errno(r, "Couldn't determine whether /etc/machine-id is on a temporary file system, assuming so.");
arg_make_machine_id_directory = r == 0;
}
/* search for "#### LoaderInfo: systemd-boot 218 ####" string inside the binary */
static int get_file_version(int fd, char **v) {
struct stat st;
@ -888,6 +903,24 @@ static int remove_subdirs(const char *root, const char *const *subdirs) {
return r < 0 ? r : q;
}
static int remove_machine_id_directory(const char *root) {
sd_id128_t machine_id;
char buf[SD_ID128_STRING_MAX];
int r;
assert(root);
assert(arg_make_machine_id_directory >= 0);
if (!arg_make_machine_id_directory)
return 0;
r = sd_id128_get_machine(&machine_id);
if (r < 0)
return log_error_errno(r, "Failed to get machine id: %m");
return rmdir_one(root, sd_id128_to_string(machine_id, buf));
}
static int remove_binaries(const char *esp_path) {
const char *p;
int r, q;
@ -974,9 +1007,13 @@ static int install_loader_config(const char *esp_path) {
_cleanup_(unlink_and_freep) char *t = NULL;
_cleanup_fclose_ FILE *f = NULL;
_cleanup_close_ int fd = -1;
sd_id128_t machine_id;
char machine_string[SD_ID128_STRING_MAX];
const char *p;
int r;
assert(arg_make_machine_id_directory >= 0);
p = prefix_roota(esp_path, "/loader/loader.conf");
if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
return 0;
@ -991,6 +1028,13 @@ static int install_loader_config(const char *esp_path) {
fprintf(f, "#timeout 3\n"
"#console-mode keep\n");
if (arg_make_machine_id_directory) {
r = sd_id128_get_machine(&machine_id);
if (r < 0)
return log_error_errno(r, "Failed to get machine id: %m");
fprintf(f, "default %s-*\n", sd_id128_to_string(machine_id, machine_string));
}
r = fflush_sync_and_check(f);
if (r < 0)
@ -1006,6 +1050,24 @@ static int install_loader_config(const char *esp_path) {
return 1;
}
static int install_machine_id_directory(const char *root) {
sd_id128_t machine_id;
char buf[SD_ID128_STRING_MAX];
int r;
assert(root);
assert(arg_make_machine_id_directory >= 0);
if (!arg_make_machine_id_directory)
return 0;
r = sd_id128_get_machine(&machine_id);
if (r < 0)
return log_error_errno(r, "Failed to get machine id: %m");
return mkdir_one(root, sd_id128_to_string(machine_id, buf));
}
static int help(int argc, char *argv[], void *userdata) {
_cleanup_free_ char *link = NULL;
int r;
@ -1043,6 +1105,8 @@ static int help(int argc, char *argv[], void *userdata) {
" --no-pager Do not pipe output into a pager\n"
" --graceful Don't fail when the ESP cannot be found or EFI\n"
" variables cannot be written\n"
" --make-machine-id-directory=yes|no|auto\n"
" Create $BOOT/$MACHINE_ID\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@ -1062,6 +1126,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_NO_VARIABLES,
ARG_NO_PAGER,
ARG_GRACEFUL,
ARG_MAKE_MACHINE_ID_DIRECTORY,
};
static const struct option options[] = {
@ -1076,10 +1141,12 @@ static int parse_argv(int argc, char *argv[]) {
{ "no-variables", no_argument, NULL, ARG_NO_VARIABLES },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{ "graceful", no_argument, NULL, ARG_GRACEFUL },
{ "make-machine-id-directory", required_argument, NULL, ARG_MAKE_MACHINE_ID_DIRECTORY },
{}
};
int c, r;
bool b;
assert(argc >= 0);
assert(argv);
@ -1132,6 +1199,17 @@ static int parse_argv(int argc, char *argv[]) {
arg_graceful = true;
break;
case ARG_MAKE_MACHINE_ID_DIRECTORY:
if (streq(optarg, "auto"))
arg_make_machine_id_directory = -1; /* default */
else {
r = parse_boolean_argument("--make-machine-id-directory=", optarg, &b);
if (r < 0)
return r;
arg_make_machine_id_directory = b;
}
break;
case '?':
return -EINVAL;
@ -1530,6 +1608,8 @@ static int verb_install(int argc, char *argv[], void *userdata) {
if (r < 0)
return r;
settle_make_machine_id_directory();
install = streq(argv[0], "install");
RUN_WITH_UMASK(0002) {
@ -1555,6 +1635,10 @@ static int verb_install(int argc, char *argv[], void *userdata) {
if (r < 0)
return r;
r = install_machine_id_directory(arg_dollar_boot_path());
if (r < 0)
return r;
r = install_random_seed(arg_esp_path);
if (r < 0)
return r;
@ -1584,6 +1668,8 @@ static int verb_remove(int argc, char *argv[], void *userdata) {
if (r < 0)
return r;
settle_make_machine_id_directory();
r = remove_binaries(arg_esp_path);
q = remove_file(arg_esp_path, "/loader/loader.conf");
@ -1602,11 +1688,19 @@ static int verb_remove(int argc, char *argv[], void *userdata) {
if (q < 0 && r >= 0)
r = q;
q = remove_machine_id_directory(arg_esp_path);
if (q < 0 && r >= 0)
r = 1;
if (arg_xbootldr_path) {
/* Remove the latter two also in the XBOOTLDR partition if it exists */
q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
if (q < 0 && r >= 0)
r = q;
q = remove_machine_id_directory(arg_xbootldr_path);
if (q < 0 && r >= 0)
r = q;
}
(void) sync_everything();