From c7e907794c4b4bfd19ec02cf19194a8901443828 Mon Sep 17 00:00:00 2001 From: Logan V Date: Thu, 19 Sep 2019 22:10:55 -0500 Subject: [PATCH] Ensure machine-id is not included in images Two bugs are addressed. 1) The sysprep element was broken in that it only truncates /etc/machine-id, but not /var/lib/dbus/machine-id. systemd will not generate a new machine-id if /var/lib/dbus/machine-id is present[1], it will simply copy it to /etc/machine-id. We observed machine-ids being packaged in /var/lib/dbus/machine-id on several distros: Ubuntu Bionic, Fedora 29, Debian Stretch. CentOS 7 and Ubuntu Xenial do not contain packaged machine-id as far as I can tell. All test builds were performed using -minimal elements. 2) A second bug existed where debian-minimal did not run the sysprep element at all, so a stretch image I tested contained a populated /etc/machine-id AND a populated /var/lib/dbus/machine-id. [1] https://www.freedesktop.org/software/systemd/man/machine-id.html#Initialization Change-Id: Ibb28b6e90d966a845de38a2cd5a1e8babd2604bc --- diskimage_builder/elements/debootstrap/element-deps | 2 +- .../elements/sysprep/finalise.d/01-clear-machine-id | 4 ++++ .../notes/sysprep-fixes-8890b968a8fa7ac1.yaml | 11 +++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/sysprep-fixes-8890b968a8fa7ac1.yaml diff --git a/diskimage_builder/elements/debootstrap/element-deps b/diskimage_builder/elements/debootstrap/element-deps index a6555608..0f701cad 100644 --- a/diskimage_builder/elements/debootstrap/element-deps +++ b/diskimage_builder/elements/debootstrap/element-deps @@ -1,4 +1,4 @@ dpkg modprobe pkg-map - +sysprep diff --git a/diskimage_builder/elements/sysprep/finalise.d/01-clear-machine-id b/diskimage_builder/elements/sysprep/finalise.d/01-clear-machine-id index e3e4aac1..f9557fe8 100755 --- a/diskimage_builder/elements/sysprep/finalise.d/01-clear-machine-id +++ b/diskimage_builder/elements/sysprep/finalise.d/01-clear-machine-id @@ -9,3 +9,7 @@ set -o pipefail if [ -e /etc/machine-id ]; then > /etc/machine-id fi + +if [ -e /var/lib/dbus/machine-id ]; then + > /var/lib/dbus/machine-id +fi diff --git a/releasenotes/notes/sysprep-fixes-8890b968a8fa7ac1.yaml b/releasenotes/notes/sysprep-fixes-8890b968a8fa7ac1.yaml new file mode 100644 index 00000000..68c16e74 --- /dev/null +++ b/releasenotes/notes/sysprep-fixes-8890b968a8fa7ac1.yaml @@ -0,0 +1,11 @@ +--- +fixes: + - | + The sysprep element has been fixed to truncate ``/var/lib/dpkg/machine-id`` + (``/etc/machine-id`` was already being truncated). This ensures a + machine-id is not packaged in the image and systemd will be forced to + generate a new one upon first boot. + - | + The sysprep element is added as a dependency to the ``debootstrap`` element to + ensure that it runs on all Debian builds, including debian-minimal based + images.