Re: git: a28ccb32bf56 - main - machine-id: generate a compact version of the uuid
Date: Fri, 03 Mar 2023 18:36:20 UTC
Mike Karels <mike_at_karels.net> wrote on Date: Fri, 03 Mar 2023 16:12:50 UTC : > On 3 Mar 2023, at 9:40, Tijl Coosemans wrote: > > > On Wed, 1 Mar 2023 18:18:33 GMT Baptiste Daroussin <bapt@FreeBSD.org> wrote: > >> The branch main has been updated by bapt: > >> > >> URL: https://cgit.FreeBSD.org/src/commit/?id=a28ccb32bf5678fc401f1602865ee9b37ca4c990 > >> > >> commit a28ccb32bf5678fc401f1602865ee9b37ca4c990 > >> Author: Baptiste Daroussin <bapt@FreeBSD.org> > >> AuthorDate: 2023-02-28 10:31:06 +0000 > >> Commit: Baptiste Daroussin <bapt@FreeBSD.org> > >> CommitDate: 2023-03-01 18:16:25 +0000 > >> > >> machine-id: generate a compact version of the uuid > >> > >> dbus and other actually expect an uuid without hyphens > >> > >> Reported by: tijl > >> MFC After: 3 days > >> --- > >> libexec/rc/rc.d/machine_id | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libexec/rc/rc.d/machine_id b/libexec/rc/rc.d/machine_id > >> index 7cfd7b2d92f8..8bf3e41d0603 100644 > >> --- a/libexec/rc/rc.d/machine_id > >> +++ b/libexec/rc/rc.d/machine_id > >> @@ -23,7 +23,7 @@ machine_id_start() > >> if [ ! -f ${machine_id_file} ] ; then > >> startmsg -n "Creating ${machine_id_file} " > >> t=$(mktemp -t machine-id) > >> - /bin/uuidgen -r -o $t > >> + /bin/uuidgen -r -c -o $t > >> install -C -o root -g wheel -m ${machine_id_perms} "$t" "${machine_id_file}" > >> rm -f "$t" > >> startmsg 'done.' > > > > I really think this file should be defined to contain the same UUID as > > /etc/hostid such that there's one and only one UUID per machine. Having > > two different IDs needlessly complicates things if they end up in logs > > etc. > > > > It also looks like on Linux virtual machines this file contains the > > SMBIOS UUID just like our /etc/hostid. If /etc/machine-id is supposed > > to be a portable way to obtain that UUID it should be the same as > > /etc/hostid. > > I agree. I had the same reaction when the machine-id was added, but > thought the requirements were different (in particular, the UUID version). > If at all possible, the two should be the same except for hyphens. > > > Please have another look at https://reviews.freebsd.org/D38811. This > > file is supposed to remain constant across updates. If we get this > > wrong in 13.2, applications may have to deal with the complications for > > a very long time. > > This should be resolved for 13.2 if at all possible. What are the properties for the content of /etc/hostid in FreeBSD? Where are they documented? /etc/machine-id has strong property guarnatee requirements in linux and dbus (which linux indicates it has adopted requirements from): https://man7.org/linux/man-pages/man5/machine-id.5.html reports: QUOTE The machine ID does not change based on local or network configuration or when hardware is replaced. Due to this and its greater length, it is a more useful replacement for the gethostid(3) call that POSIX specifies. This machine ID adheres to the same format and logic as the D-Bus machine ID. END QUOTE https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html reports: ( used via dbus-uuidgen --ensure=/etc/machine-id as one way to get a linux-comaptibile /etc/machine-id for at least some types of contexts ) QUOTE The important properties of the machine UUID are that 1) it remains unchanged until the next reboot and 2) it is different for any two running instances of the OS kernel. That is, if two processes see the same UUID, they should also see the same shared memory, UNIX domain sockets, local X displays, localhost.localdomain resolution, process IDs, and so forth END QUOTE Does /etc/hostid generated the normal way in FreeBSD have such properties? (How do I look that up?) Returning to: https://man7.org/linux/man-pages/man5/machine-id.5.html QUOTE This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key. That way the ID will be properly unique, and derived in a constant way from the machine ID but there will be no way to retrieve the original machine ID from the application-specific one. END QUOTE Is that at least recommended for handling FreeBSD's /etc/hostid content? Is FreeBSD going to document /etc/machine-id content properties in a similar manor? If FreeBSD ends up with a /etc/machine-id that does not have the properties and recommended principles of use, it would appear that the /etc/machine-id path would be highly misleading and, so, inappropriate. === Mark Millard marklmi at yahoo.com