Ensure machine-id is not included in images

Two bugs are addressed.

1) The sysprep element was broken in that it only truncates
   /etc/machine-id, but not /var/lib/dbus/machine-id. systemd will
   not generate a new machine-id if /var/lib/dbus/machine-id is
   present[1], it will simply copy it to /etc/machine-id.

   We observed machine-ids being packaged in /var/lib/dbus/machine-id
   on several distros: Ubuntu Bionic, Fedora 29, Debian Stretch.

   CentOS 7 and Ubuntu Xenial do not contain packaged machine-id as
   far as I can tell.

   All test builds were performed using -minimal elements.

2) A second bug existed where debian-minimal did not run the sysprep
   element at all, so a stretch image I tested contained a populated
   /etc/machine-id AND a populated /var/lib/dbus/machine-id.

[1] https://www.freedesktop.org/software/systemd/man/machine-id.html#Initialization

Change-Id: Ibb28b6e90d966a845de38a2cd5a1e8babd2604bc
This commit is contained in:
Logan V 2019-09-19 22:10:55 -05:00
parent b907ecf15c
commit c7e907794c
3 changed files with 16 additions and 1 deletions

View File

@ -1,4 +1,4 @@
dpkg dpkg
modprobe modprobe
pkg-map pkg-map
sysprep

View File

@ -9,3 +9,7 @@ set -o pipefail
if [ -e /etc/machine-id ]; then if [ -e /etc/machine-id ]; then
> /etc/machine-id > /etc/machine-id
fi fi
if [ -e /var/lib/dbus/machine-id ]; then
> /var/lib/dbus/machine-id
fi

View File

@ -0,0 +1,11 @@
---
fixes:
- |
The sysprep element has been fixed to truncate ``/var/lib/dpkg/machine-id``
(``/etc/machine-id`` was already being truncated). This ensures a
machine-id is not packaged in the image and systemd will be forced to
generate a new one upon first boot.
- |
The sysprep element is added as a dependency to the ``debootstrap`` element to
ensure that it runs on all Debian builds, including debian-minimal based
images.