diskimage-builder/releasenotes/notes/sysprep-fixes-8890b968a8fa7ac1.yaml
Logan V c7e907794c Ensure machine-id is not included in images
Two bugs are addressed.

1) The sysprep element was broken in that it only truncates
   /etc/machine-id, but not /var/lib/dbus/machine-id. systemd will
   not generate a new machine-id if /var/lib/dbus/machine-id is
   present[1], it will simply copy it to /etc/machine-id.

   We observed machine-ids being packaged in /var/lib/dbus/machine-id
   on several distros: Ubuntu Bionic, Fedora 29, Debian Stretch.

   CentOS 7 and Ubuntu Xenial do not contain packaged machine-id as
   far as I can tell.

   All test builds were performed using -minimal elements.

2) A second bug existed where debian-minimal did not run the sysprep
   element at all, so a stretch image I tested contained a populated
   /etc/machine-id AND a populated /var/lib/dbus/machine-id.

[1] https://www.freedesktop.org/software/systemd/man/machine-id.html#Initialization

Change-Id: Ibb28b6e90d966a845de38a2cd5a1e8babd2604bc
2019-09-20 03:17:50 +00:00

11 lines
459 B
YAML

---
fixes:
- |
The sysprep element has been fixed to truncate ``/var/lib/dpkg/machine-id``
(``/etc/machine-id`` was already being truncated). This ensures a
machine-id is not packaged in the image and systemd will be forced to
generate a new one upon first boot.
- |
The sysprep element is added as a dependency to the ``debootstrap`` element to
ensure that it runs on all Debian builds, including debian-minimal based
images.