14766779411

Committed 30 Apr 2025 04:55PM UTC coverage: 72.225% (-0.06%) from 72.282%

Build # 14766779411

Build Type

push

github

Committed by

web-flow

Commit Message

wait-online: handle varlink connection errors while waiting for DNS (#37283)

Currently, if systemd-networkd-wait-online is started with --dns, and
systemd-resolved is not running, it will exit with an error right away.
Similarly, if systemd-resolved is restarted while waiting for DNS
configuration, systemd-networkd-wait-online will not attempt to
re-connect, and will potentially never see subsequent DNS
configurations.

Improve this by adding socket units for the systemd-resolved varlink
servers, and re-establish the connection in systemd-networkd-wait-online
when we receive `SD_VARLINK_ERROR_DISCONNECTED`.

Coverage Stats

8 of 16 new or added lines in 2 files covered. (50.0%)

5825 existing lines in 217 files now uncovered.

297168 of 411450 relevant lines covered (72.22%)

695892.62 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.79

/src/shared/machine-id-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <fcntl.h>
#include <sched.h>
#include <sys/mount.h>
#include <unistd.h>

#include "sd-daemon.h"
#include "sd-id128.h"

#include "alloc-util.h"
#include "chase.h"
#include "creds-util.h"
#include "fd-util.h"
#include "id128-util.h"
#include "initrd-util.h"
#include "io-util.h"
#include "log.h"
#include "machine-id-setup.h"
#include "macro.h"
#include "mkdir.h"
#include "mount-util.h"
#include "mountpoint-util.h"
#include "namespace-util.h"
#include "path-util.h"
#include "process-util.h"
#include "stat-util.h"
#include "string-util.h"
#include "sync-util.h"
#include "umask-util.h"
#include "virt.h"

static int acquire_machine_id_from_credential(sd_id128_t *ret_machine_id) {
        _cleanup_free_ char *buf = NULL;
        int r;

        assert(ret_machine_id);

        r = read_credential_with_decryption("system.machine_id", (void**) &buf, /* ret_size= */ NULL);
        if (r < 0)
                return log_warning_errno(r, "Failed to read system.machine_id credential, ignoring: %m");
        if (r == 0) {
                /* not found */
                *ret_machine_id = SD_ID128_NULL;
                return 0;
        }

        if (streq(buf, "firmware")) {
                *ret_machine_id = SD_ID128_NULL;
                return 1;
        }

        r = sd_id128_from_string(buf, ret_machine_id);
        if (r < 0)
                return log_warning_errno(r, "Failed to parse system.machine_id credential, ignoring: %m");

        log_info("Initializing machine ID from credential.");
        return 1;
}

static int acquire_machine_id(const char *root, bool machine_id_from_firmware, sd_id128_t *ret) {
        _cleanup_close_ int fd = -EBADF;
        int r;

        assert(ret);

        /* First, try reading the machine ID from /run/machine-id, which may not be mounted on
         * /etc/machine-id yet. This is important on switching root especially on soft-reboot, Otherwise,
         * machine ID may be changed after the transition. */
        if (isempty(root) && running_in_chroot() <= 0 &&
            id128_read("/run/machine-id", ID128_FORMAT_PLAIN, ret) >= 0) {
                log_info("Reusing machine ID stored in /run/machine-id.");
                return 1; /* Indicate that the machine ID is reused. */
        }

        /* Then, try reading the D-Bus machine ID, unless it is a symlink */
        fd = chase_and_open("/var/lib/dbus/machine-id", root, CHASE_PREFIX_ROOT|CHASE_NOFOLLOW|CHASE_MUST_BE_REGULAR, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL);
        if (fd >= 0 && id128_read_fd(fd, ID128_FORMAT_PLAIN | ID128_REFUSE_NULL, ret) >= 0) {
                log_info("Initializing machine ID from D-Bus machine ID.");
                return 0;
        }

        if (isempty(root) && running_in_chroot() <= 0) {
                /* Let's use a system credential for the machine ID if we can */
                sd_id128_t from_credential;
                r = acquire_machine_id_from_credential(&from_credential);
                if (r > 0) {
                        if (!sd_id128_is_null(from_credential)) {
                                /* got a valid machine id from creds */
                                *ret = from_credential;
                                return 0;
                        }

                        /* We got a credential, and it was set to "firmware", hence definitely try that */
                        machine_id_from_firmware = true;
                }

                /* If that didn't work, see if we are running in a container,
                 * and a machine ID was passed in via $container_uuid the way
                 * libvirt/LXC does it */

                if (detect_container() > 0) {
                        _cleanup_free_ char *e = NULL;

                        if (getenv_for_pid(1, "container_uuid", &e) > 0 &&
                            sd_id128_from_string(e, ret) >= 0) {
                                log_info("Initializing machine ID from container UUID.");
                                return 0;
                        }

                } else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU, VIRTUALIZATION_XEN, VIRTUALIZATION_BHYVE) || machine_id_from_firmware) {

                        /* If we are not running in a container, see if we are running in a VM that provides
                         * a system UUID via the SMBIOS/DMI interfaces.  Such environments include QEMU/KVM
                         * with the -uuid on the qemu command line or the Amazon EC2 Nitro hypervisor. */

                        if (id128_get_product(ret) >= 0) {
                                log_info("Initializing machine ID from SMBIOS/DMI UUID.");
                                return 0;
                        }
                }
        }

        /* If that didn't work, generate a random machine ID */
        r = sd_id128_randomize(ret);
        if (r < 0)
                return log_error_errno(r, "Failed to generate randomized machine ID: %m");

        log_info("Initializing machine ID from random generator.");
        return 0;
}

int machine_id_setup(const char *root, sd_id128_t machine_id, MachineIdSetupFlags flags, sd_id128_t *ret) {
        _cleanup_free_ char *etc_machine_id = NULL, *run_machine_id = NULL;
        bool writable, write_run_machine_id = true;
        _cleanup_close_ int fd = -EBADF, run_fd = -EBADF;
        bool unlink_run_machine_id = false;
        int r;

        WITH_UMASK(0000) {
                _cleanup_close_ int inode_fd = -EBADF;

                r = chase("/etc/machine-id", root, CHASE_PREFIX_ROOT|CHASE_MUST_BE_REGULAR, &etc_machine_id, &inode_fd);
                if (r == -ENOENT) {
                        _cleanup_close_ int etc_fd = -EBADF;
                        _cleanup_free_ char *etc = NULL;

                        r = chase("/etc/", root, CHASE_PREFIX_ROOT|CHASE_MKDIR_0755|CHASE_MUST_BE_DIRECTORY, &etc, &etc_fd);
                        if (r < 0)
                                return log_error_errno(r, "Failed to open '/etc/': %m");

                        etc_machine_id = path_join(etc, "machine-id");
                        if (!etc_machine_id)
                                return log_oom();

                        /* We create this 0444, to indicate that this isn't really something you should ever
                         * modify. Of course, since the file will be owned by root it doesn't matter much, but maybe
                         * people look. */

                        fd = openat(etc_fd, "machine-id", O_CREAT|O_EXCL|O_RDWR|O_NOFOLLOW|O_CLOEXEC, 0444);
                        if (fd < 0) {
                                if (errno == EROFS)
                                        return log_error_errno(errno,
                                                               "System cannot boot: Missing %s and %s/ is read-only.\n"
                                                               "Booting up is supported only when:\n"
                                                               "1) /etc/machine-id exists and is populated.\n"
                                                               "2) /etc/machine-id exists and is empty.\n"
                                                               "3) /etc/machine-id is missing and /etc/ is writable.",
                                                               etc_machine_id,
                                                               etc);

                                return log_error_errno(errno, "Cannot create '%s': %m", etc_machine_id);
                        }

                        log_debug("Successfully opened new '%s' file.", etc_machine_id);
                        writable = true;
                } else if (r < 0)
                        return log_error_errno(r, "Cannot open '/etc/machine-id': %m");
                else {
                        /* We pinned the inode, now try to convert it into a writable file */

                        fd = xopenat_full(inode_fd, /* path= */ NULL, O_RDWR|O_CLOEXEC, XO_REGULAR, 0444);
                        if (fd < 0) {
                                log_debug_errno(fd, "Failed to open '%s' in writable mode, retrying in read-only mode: %m", etc_machine_id);

                                /* If that didn't work, convert it into a readable file */
                                fd = xopenat_full(inode_fd, /* path= */ NULL, O_RDONLY|O_CLOEXEC, XO_REGULAR, MODE_INVALID);
                                if (fd < 0)
                                        return log_error_errno(fd, "Cannot open '%s' in neither writable nor read-only mode: %m", etc_machine_id);

                                log_debug("Successfully opened existing '%s' file in read-only mode.", etc_machine_id);
                                writable = false;
                        } else {
                                log_debug("Successfully opened existing '%s' file in writable mode.", etc_machine_id);
                                writable = true;
                        }
                }
        }

        /* A we got a valid machine ID argument, that's what counts */
        if (sd_id128_is_null(machine_id) || FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_FIRMWARE)) {

                /* Try to read any existing machine ID */
                r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &machine_id);
                if (r >= 0)
                        goto finish;

                log_debug_errno(r, "Unable to read current machine ID, acquiring new one: %m");

                /* Hmm, so, the id currently stored is not useful, then let's acquire one. */
                r = acquire_machine_id(root, FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_FIRMWARE), &machine_id);
                if (r < 0)
                        return r;

                write_run_machine_id = !r; /* acquire_machine_id() returns 1 in case we read this machine ID
                                            * from /run/machine-id */
        }

        if (writable) {
                if (lseek(fd, 0, SEEK_SET) < 0)
                        return log_error_errno(errno, "Failed to seek %s: %m", etc_machine_id);

                if (ftruncate(fd, 0) < 0)
                        return log_error_errno(errno, "Failed to truncate %s: %m", etc_machine_id);

                /* If the caller requested a transient machine-id, write the string "uninitialized\n" to
                 * disk and overmount it with a transient file.
                 *
                 * Otherwise write the machine-id directly to disk. */
                if (FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_TRANSIENT)) {
                        r = loop_write(fd, "uninitialized\n", SIZE_MAX);
                        if (r < 0)
                                return log_error_errno(r, "Failed to write uninitialized %s: %m", etc_machine_id);

                        r = fsync_full(fd);
                        if (r < 0)
                                return log_error_errno(r, "Failed to sync %s: %m", etc_machine_id);
                } else {
                        r = id128_write_fd(fd, ID128_FORMAT_PLAIN | ID128_SYNC_ON_WRITE, machine_id);
                        if (r < 0)
                                return log_error_errno(r, "Failed to write %s: %m", etc_machine_id);

                        goto finish;
                }
        }

        /* Hmm, we couldn't or shouldn't write the machine-id to /etc/? So let's write it to /run/machine-id
         * as a replacement */

        if (write_run_machine_id) {
                _cleanup_free_ char *run = NULL;

                r = chase("/run/", root, CHASE_PREFIX_ROOT|CHASE_MKDIR_0755|CHASE_MUST_BE_DIRECTORY, &run, &run_fd);
                if (r < 0)
                        return log_error_errno(r, "Failed to open '/run/': %m");

                run_machine_id = path_join(run, "machine-id");
                if (!run_machine_id)
                        return log_oom();

                WITH_UMASK(0022) {
                        r = id128_write_at(run_fd, "machine-id", ID128_FORMAT_PLAIN, machine_id);
                        if (r < 0) {
                                (void) unlinkat(run_fd, "machine-id", /* flags = */ 0);
                                return log_error_errno(r, "Cannot write '%s': %m", run_machine_id);
                        }
                }

                unlink_run_machine_id = true;
        } else {
                r = chase("/run/machine-id", root, CHASE_PREFIX_ROOT|CHASE_MUST_BE_REGULAR, &run_machine_id, /* ret_inode_fd= */ NULL);
                if (r < 0)
                        return log_error_errno(r, "Failed to open '/run/machine-id': %m");
        }

        /* And now, let's mount it over */
        r = mount_follow_verbose(LOG_ERR, run_machine_id, FORMAT_PROC_FD_PATH(fd), /* fstype= */ NULL, MS_BIND, /* options= */ NULL);
        if (r < 0) {
                if (unlink_run_machine_id)
                        (void) unlinkat(ASSERT_FD(run_fd), "machine-id", /* flags = */ 0);
                return r;
        }

        log_full(FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_TRANSIENT) ? LOG_DEBUG : LOG_INFO, "Installed transient '%s' file.", etc_machine_id);

        /* Mark the mount read-only (note: we are not going via FORMAT_PROC_FD_PATH() here because that fd is not updated to our new bind mount) */
        (void) mount_follow_verbose(LOG_WARNING, /* source= */ NULL, etc_machine_id, /* fstype= */ NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, /* options= */ NULL);

finish:
        if (!in_initrd())
                (void) sd_notifyf(/* unset_environment= */ false, "X_SYSTEMD_MACHINE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(machine_id));

        if (ret)
                *ret = machine_id;

        return 0;
}

int machine_id_commit(const char *root) {
        sd_id128_t id;
        int r;

        if (empty_or_root(root)) {
                /* Before doing anything, sync everything to ensure any changes by first-boot units are
                 * persisted.
                 *
                 * First, explicitly sync the file systems we care about and check if it worked. */
                FOREACH_STRING(sync_path, "/etc/", "/var/") {
                        r = syncfs_path(AT_FDCWD, sync_path);
                        if (r < 0)
                                return log_error_errno(r, "Cannot sync %s: %m", sync_path);
                }

                /* Afterwards, sync() the rest too, but we can't check the return value for these. */
                sync();
        }

        /* Replaces a tmpfs bind mount of /etc/machine-id by a proper file, atomically. For this, the umount is removed
         * in a mount namespace, a new file is created at the right place. Afterwards the mount is also removed in the
         * original mount namespace, thus revealing the file that was just created. */

        _cleanup_close_ int etc_fd = -EBADF;
        _cleanup_free_ char *etc = NULL;
        r = chase("/etc/", root, CHASE_PREFIX_ROOT|CHASE_MUST_BE_DIRECTORY, &etc, &etc_fd);
        if (r < 0)
                return log_error_errno(r, "Failed to open /etc/: %m");

        _cleanup_free_ char *etc_machine_id = path_join(etc, "machine-id");
        if (!etc_machine_id)
                return log_oom();

        r = is_mount_point_at(etc_fd, "machine-id", /* flags= */ 0);
        if (r < 0)
                return log_error_errno(r, "Failed to determine whether %s is a mount point: %m", etc_machine_id);
        if (r == 0) {
                log_debug("%s is not a mount point. Nothing to do.", etc_machine_id);
                return 0;
        }

        /* Read existing machine-id */

        _cleanup_close_ int fd = xopenat_full(etc_fd, "machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, MODE_INVALID);
        if (fd < 0)
                return log_error_errno(fd, "Cannot open %s: %m", etc_machine_id);

        etc_fd = safe_close(etc_fd);

        r = fd_is_temporary_fs(fd);
        if (r < 0)
                return log_error_errno(r, "Failed to determine whether %s is on a temporary file system: %m", etc_machine_id);
        if (r == 0)
                return log_error_errno(SYNTHETIC_ERRNO(EROFS),
                                       "%s is not on a temporary file system.",
                                       etc_machine_id);

        r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &id);
        if (r < 0)
                return log_error_errno(r, "We didn't find a valid machine ID in %s: %m", etc_machine_id);

        /* Store current mount namespace */
        _cleanup_close_ int initial_mntns_fd = namespace_open_by_type(NAMESPACE_MOUNT);
        if (initial_mntns_fd < 0)
                return log_error_errno(initial_mntns_fd, "Can't fetch current mount namespace: %m");

        /* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
        r = detach_mount_namespace();
        if (r < 0)
                return log_error_errno(r, "Failed to set up new mount namespace: %m");

        /* Open /etc/ again after we transitioned into our own private mount namespace */
        _cleanup_close_ int etc_fd_again = -EBADF;
        r = chase("/etc/", root, CHASE_PREFIX_ROOT|CHASE_MUST_BE_DIRECTORY, /* ret_path= */ NULL, &etc_fd_again);
        if (r < 0)
                return log_error_errno(r, "Failed to open /etc/: %m");

        r = umountat_detach_verbose(LOG_ERR, etc_fd_again, "machine-id");
        if (r < 0)
                return r;

        /* Update a persistent version of etc_machine_id */
        r = id128_write_at(etc_fd_again, "machine-id", ID128_FORMAT_PLAIN | ID128_SYNC_ON_WRITE, id);
        if (r < 0)
                return log_error_errno(r, "Cannot write %s. This is mandatory to get a persistent machine ID: %m", etc_machine_id);

        etc_fd_again = safe_close(etc_fd_again);

        /* Return to initial namespace and proceed a lazy tmpfs unmount */
        r = namespace_enter(/* pidns_fd = */ -EBADF,
                            initial_mntns_fd,
                            /* netns_fd = */ -EBADF,
                            /* userns_fd = */ -EBADF,
                            /* root_fd = */ -EBADF);
        if (r < 0)
                return log_warning_errno(r,
                                         "Failed to switch back to initial mount namespace: %m.\n"
                                         "We'll keep transient %s file until next reboot.", etc_machine_id);

        r = umountat_detach_verbose(LOG_DEBUG, fd, /* filename= */ NULL);
        if (r < 0)
                return log_warning_errno(r,
                                         "Failed to unmount transient %s file: %m.\n"
                                         "We keep that mount until next reboot.", etc_machine_id);

        return 0;
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <fcntl.h>
4	#include <sched.h>
5	#include <sys/mount.h>
6	#include <unistd.h>
7
8	#include "sd-daemon.h"
9	#include "sd-id128.h"
10
11	#include "alloc-util.h"
12	#include "chase.h"
13	#include "creds-util.h"
14	#include "fd-util.h"
15	#include "id128-util.h"
16	#include "initrd-util.h"
17	#include "io-util.h"
18	#include "log.h"
19	#include "machine-id-setup.h"
20	#include "macro.h"
21	#include "mkdir.h"
22	#include "mount-util.h"
23	#include "mountpoint-util.h"
24	#include "namespace-util.h"
25	#include "path-util.h"
26	#include "process-util.h"
27	#include "stat-util.h"
28	#include "string-util.h"
29	#include "sync-util.h"
30	#include "umask-util.h"
31	#include "virt.h"
32
33	static int acquire_machine_id_from_credential(sd_id128_t *ret_machine_id) {	26✔
34	_cleanup_free_ char *buf = NULL;	26✔
35	int r;	26✔
36
37	assert(ret_machine_id);	26✔
38
39	r = read_credential_with_decryption("system.machine_id", (void*) &buf, / ret_size= */ NULL);	26✔
40	if (r < 0)	26✔
41	return log_warning_errno(r, "Failed to read system.machine_id credential, ignoring: %m");	×
42	if (r == 0) {	26✔
43	/* not found */
44	*ret_machine_id = SD_ID128_NULL;	26✔
45	return 0;	26✔
46	}
47
48	if (streq(buf, "firmware")) {	×
49	*ret_machine_id = SD_ID128_NULL;	×
50	return 1;	×
51	}
52
53	r = sd_id128_from_string(buf, ret_machine_id);	×
54	if (r < 0)	×
55	return log_warning_errno(r, "Failed to parse system.machine_id credential, ignoring: %m");	×
56
UNCOV 57	log_info("Initializing machine ID from credential.");	×
58	return 1;
59	}
60
61	static int acquire_machine_id(const char root, bool machine_id_from_firmware, sd_id128_t ret) {	30✔
62	_cleanup_close_ int fd = -EBADF;	30✔
63	int r;	30✔
64
65	assert(ret);	30✔
66
67	/* First, try reading the machine ID from /run/machine-id, which may not be mounted on
68	* /etc/machine-id yet. This is important on switching root especially on soft-reboot, Otherwise,
69	* machine ID may be changed after the transition. */
70	if (isempty(root) && running_in_chroot() <= 0 &&	30✔
71	id128_read("/run/machine-id", ID128_FORMAT_PLAIN, ret) >= 0) {	26✔
72	log_info("Reusing machine ID stored in /run/machine-id.");	×
73	return 1; /* Indicate that the machine ID is reused. */	×
74	}
75
76	/* Then, try reading the D-Bus machine ID, unless it is a symlink */
77	fd = chase_and_open("/var/lib/dbus/machine-id", root, CHASE_PREFIX_ROOT\|CHASE_NOFOLLOW\|CHASE_MUST_BE_REGULAR, O_RDONLY\|O_CLOEXEC\|O_NOCTTY, NULL);	30✔
78	if (fd >= 0 && id128_read_fd(fd, ID128_FORMAT_PLAIN \| ID128_REFUSE_NULL, ret) >= 0) {	30✔
79	log_info("Initializing machine ID from D-Bus machine ID.");	×
80	return 0;	×
81	}
82
83	if (isempty(root) && running_in_chroot() <= 0) {	30✔
84	/* Let's use a system credential for the machine ID if we can */
85	sd_id128_t from_credential;	26✔
86	r = acquire_machine_id_from_credential(&from_credential);	26✔
87	if (r > 0) {	26✔
88	if (!sd_id128_is_null(from_credential)) {	×
89	/* got a valid machine id from creds */
90	*ret = from_credential;	×
91	return 0;	12✔
92	}
93
94	/* We got a credential, and it was set to "firmware", hence definitely try that */
95	machine_id_from_firmware = true;
96	}
97
98	/* If that didn't work, see if we are running in a container,
99	* and a machine ID was passed in via $container_uuid the way
100	* libvirt/LXC does it */
101
102	if (detect_container() > 0) {	26✔
103	_cleanup_free_ char *e = NULL;	12✔
104
105	if (getenv_for_pid(1, "container_uuid", &e) > 0 &&	24✔
106	sd_id128_from_string(e, ret) >= 0) {	12✔
107	log_info("Initializing machine ID from container UUID.");	12✔
108	return 0;	12✔
109	}
110
111	} else if (IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_AMAZON, VIRTUALIZATION_QEMU, VIRTUALIZATION_XEN, VIRTUALIZATION_BHYVE) \|\| machine_id_from_firmware) {	14✔
112
113	/* If we are not running in a container, see if we are running in a VM that provides
114	* a system UUID via the SMBIOS/DMI interfaces. Such environments include QEMU/KVM
115	* with the -uuid on the qemu command line or the Amazon EC2 Nitro hypervisor. */
116
117	if (id128_get_product(ret) >= 0) {	14✔
118	log_info("Initializing machine ID from SMBIOS/DMI UUID.");	×
119	return 0;	×
120	}
121	}
122	}
123
124	/* If that didn't work, generate a random machine ID */
125	r = sd_id128_randomize(ret);	18✔
126	if (r < 0)	18✔
127	return log_error_errno(r, "Failed to generate randomized machine ID: %m");	×
128
129	log_info("Initializing machine ID from random generator.");	18✔
130	return 0;
131	}
132
133	int machine_id_setup(const char root, sd_id128_t machine_id, MachineIdSetupFlags flags, sd_id128_t ret) {	41✔
134	_cleanup_free_ char etc_machine_id = NULL, run_machine_id = NULL;	41✔
135	bool writable, write_run_machine_id = true;	41✔
136	_cleanup_close_ int fd = -EBADF, run_fd = -EBADF;	82✔
137	bool unlink_run_machine_id = false;	41✔
138	int r;	41✔
139
140	WITH_UMASK(0000) {	82✔
141	_cleanup_close_ int inode_fd = -EBADF;	41✔
142
143	r = chase("/etc/machine-id", root, CHASE_PREFIX_ROOT\|CHASE_MUST_BE_REGULAR, &etc_machine_id, &inode_fd);	41✔
144	if (r == -ENOENT) {	41✔
145	_cleanup_close_ int etc_fd = -EBADF;	2✔
146	_cleanup_free_ char *etc = NULL;	2✔
147
148	r = chase("/etc/", root, CHASE_PREFIX_ROOT\|CHASE_MKDIR_0755\|CHASE_MUST_BE_DIRECTORY, &etc, &etc_fd);	2✔
149	if (r < 0)	2✔
150	return log_error_errno(r, "Failed to open '/etc/': %m");	×
151
152	etc_machine_id = path_join(etc, "machine-id");	2✔
153	if (!etc_machine_id)	2✔
154	return log_oom();	×
155
156	/* We create this 0444, to indicate that this isn't really something you should ever
157	* modify. Of course, since the file will be owned by root it doesn't matter much, but maybe
158	* people look. */
159
160	fd = openat(etc_fd, "machine-id", O_CREAT\|O_EXCL\|O_RDWR\|O_NOFOLLOW\|O_CLOEXEC, 0444);	2✔
161	if (fd < 0) {	2✔
162	if (errno == EROFS)	×
163	return log_error_errno(errno,	×
164	"System cannot boot: Missing %s and %s/ is read-only.\n"
165	"Booting up is supported only when:\n"
166	"1) /etc/machine-id exists and is populated.\n"
167	"2) /etc/machine-id exists and is empty.\n"
168	"3) /etc/machine-id is missing and /etc/ is writable.",
169	etc_machine_id,
170	etc);
171
172	return log_error_errno(errno, "Cannot create '%s': %m", etc_machine_id);	×
173	}
174
175	log_debug("Successfully opened new '%s' file.", etc_machine_id);	2✔
176	writable = true;	2✔
177	} else if (r < 0)	39✔
178	return log_error_errno(r, "Cannot open '/etc/machine-id': %m");	×
179	else {
180	/* We pinned the inode, now try to convert it into a writable file */
181
182	fd = xopenat_full(inode_fd, /* path= */ NULL, O_RDWR\|O_CLOEXEC, XO_REGULAR, 0444);	39✔
183	if (fd < 0) {	39✔
184	log_debug_errno(fd, "Failed to open '%s' in writable mode, retrying in read-only mode: %m", etc_machine_id);	1✔
185
186	/* If that didn't work, convert it into a readable file */
187	fd = xopenat_full(inode_fd, /* path= */ NULL, O_RDONLY\|O_CLOEXEC, XO_REGULAR, MODE_INVALID);	1✔
188	if (fd < 0)	1✔
189	return log_error_errno(fd, "Cannot open '%s' in neither writable nor read-only mode: %m", etc_machine_id);	×
190
191	log_debug("Successfully opened existing '%s' file in read-only mode.", etc_machine_id);	1✔
192	writable = false;
193	} else {
194	log_debug("Successfully opened existing '%s' file in writable mode.", etc_machine_id);	38✔
195	writable = true;
196	}
197	}
198	}
199
200	/* A we got a valid machine ID argument, that's what counts */
201	if (sd_id128_is_null(machine_id) \|\| FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_FIRMWARE)) {	82✔
202
203	/* Try to read any existing machine ID */
204	r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &machine_id);	41✔
205	if (r >= 0)	41✔
206	goto finish;	11✔
207
208	log_debug_errno(r, "Unable to read current machine ID, acquiring new one: %m");	30✔
209
210	/* Hmm, so, the id currently stored is not useful, then let's acquire one. */
211	r = acquire_machine_id(root, FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_FIRMWARE), &machine_id);	30✔
212	if (r < 0)	30✔
213	return r;
214
215	write_run_machine_id = !r; /* acquire_machine_id() returns 1 in case we read this machine ID	30✔
216	* from /run/machine-id */
217	}
218
219	if (writable) {	30✔
220	if (lseek(fd, 0, SEEK_SET) < 0)	29✔
221	return log_error_errno(errno, "Failed to seek %s: %m", etc_machine_id);	×
222
223	if (ftruncate(fd, 0) < 0)	29✔
224	return log_error_errno(errno, "Failed to truncate %s: %m", etc_machine_id);	×
225
226	/* If the caller requested a transient machine-id, write the string "uninitialized\n" to
227	* disk and overmount it with a transient file.
228	*
229	* Otherwise write the machine-id directly to disk. */
230	if (FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_TRANSIENT)) {	29✔
231	r = loop_write(fd, "uninitialized\n", SIZE_MAX);	17✔
232	if (r < 0)	17✔
233	return log_error_errno(r, "Failed to write uninitialized %s: %m", etc_machine_id);	×
234
235	r = fsync_full(fd);	17✔
236	if (r < 0)	17✔
237	return log_error_errno(r, "Failed to sync %s: %m", etc_machine_id);	×
238	} else {
239	r = id128_write_fd(fd, ID128_FORMAT_PLAIN \| ID128_SYNC_ON_WRITE, machine_id);	12✔
240	if (r < 0)	12✔
241	return log_error_errno(r, "Failed to write %s: %m", etc_machine_id);	×
242
243	goto finish;	12✔
244	}
245	}
246
247	/* Hmm, we couldn't or shouldn't write the machine-id to /etc/? So let's write it to /run/machine-id
248	* as a replacement */
249
250	if (write_run_machine_id) {	18✔
251	_cleanup_free_ char *run = NULL;	18✔
252
253	r = chase("/run/", root, CHASE_PREFIX_ROOT\|CHASE_MKDIR_0755\|CHASE_MUST_BE_DIRECTORY, &run, &run_fd);	18✔
254	if (r < 0)	18✔
255	return log_error_errno(r, "Failed to open '/run/': %m");	×
256
257	run_machine_id = path_join(run, "machine-id");	18✔
258	if (!run_machine_id)	18✔
259	return log_oom();	×
260
261	WITH_UMASK(0022) {	36✔
262	r = id128_write_at(run_fd, "machine-id", ID128_FORMAT_PLAIN, machine_id);	18✔
263	if (r < 0) {	18✔
264	(void) unlinkat(run_fd, "machine-id", /* flags = */ 0);	×
265	return log_error_errno(r, "Cannot write '%s': %m", run_machine_id);	×
266	}
267	}
268
269	unlink_run_machine_id = true;	18✔
270	} else {
271	r = chase("/run/machine-id", root, CHASE_PREFIX_ROOT\|CHASE_MUST_BE_REGULAR, &run_machine_id, /* ret_inode_fd= */ NULL);	×
272	if (r < 0)	×
273	return log_error_errno(r, "Failed to open '/run/machine-id': %m");	×
274	}
275
276	/* And now, let's mount it over */
277	r = mount_follow_verbose(LOG_ERR, run_machine_id, FORMAT_PROC_FD_PATH(fd), /* fstype= / NULL, MS_BIND, / options= */ NULL);	18✔
278	if (r < 0) {	18✔
279	if (unlink_run_machine_id)	×
280	(void) unlinkat(ASSERT_FD(run_fd), "machine-id", /* flags = */ 0);	×
281	return r;	×
282	}
283
284	log_full(FLAGS_SET(flags, MACHINE_ID_SETUP_FORCE_TRANSIENT) ? LOG_DEBUG : LOG_INFO, "Installed transient '%s' file.", etc_machine_id);	18✔
285
286	/* Mark the mount read-only (note: we are not going via FORMAT_PROC_FD_PATH() here because that fd is not updated to our new bind mount) */
287	(void) mount_follow_verbose(LOG_WARNING, /* source= / NULL, etc_machine_id, / fstype= / NULL, MS_BIND\|MS_RDONLY\|MS_REMOUNT, / options= */ NULL);	18✔
288
289	finish:	41✔
290	if (!in_initrd())	41✔
291	(void) sd_notifyf(/* unset_environment= */ false, "X_SYSTEMD_MACHINE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(machine_id));	32✔
292
293	if (ret)	41✔
294	*ret = machine_id;	8✔
295
296	return 0;
297	}
298
299	int machine_id_commit(const char *root) {	101✔
300	sd_id128_t id;	101✔
301	int r;	101✔
302
303	if (empty_or_root(root)) {	101✔
304	/* Before doing anything, sync everything to ensure any changes by first-boot units are
305	* persisted.
306	*
307	* First, explicitly sync the file systems we care about and check if it worked. */
308	FOREACH_STRING(sync_path, "/etc/", "/var/") {	300✔
309	r = syncfs_path(AT_FDCWD, sync_path);	200✔
310	if (r < 0)	200✔
311	return log_error_errno(r, "Cannot sync %s: %m", sync_path);	×
312	}
313
314	/* Afterwards, sync() the rest too, but we can't check the return value for these. */
315	sync();	100✔
316	}
317
318	/* Replaces a tmpfs bind mount of /etc/machine-id by a proper file, atomically. For this, the umount is removed
319	* in a mount namespace, a new file is created at the right place. Afterwards the mount is also removed in the
320	* original mount namespace, thus revealing the file that was just created. */
321
322	_cleanup_close_ int etc_fd = -EBADF;	101✔
323	_cleanup_free_ char *etc = NULL;	101✔
324	r = chase("/etc/", root, CHASE_PREFIX_ROOT\|CHASE_MUST_BE_DIRECTORY, &etc, &etc_fd);	101✔
325	if (r < 0)	101✔
326	return log_error_errno(r, "Failed to open /etc/: %m");	×
327
328	_cleanup_free_ char *etc_machine_id = path_join(etc, "machine-id");	202✔
329	if (!etc_machine_id)	101✔
330	return log_oom();	×
331
332	r = is_mount_point_at(etc_fd, "machine-id", /* flags= */ 0);	101✔
333	if (r < 0)	101✔
334	return log_error_errno(r, "Failed to determine whether %s is a mount point: %m", etc_machine_id);	×
335	if (r == 0) {	101✔
336	log_debug("%s is not a mount point. Nothing to do.", etc_machine_id);	×
337	return 0;	×
338	}
339
340	/* Read existing machine-id */
341
342	_cleanup_close_ int fd = xopenat_full(etc_fd, "machine-id", O_RDONLY\|O_CLOEXEC\|O_NOCTTY\|O_NOFOLLOW, XO_REGULAR, MODE_INVALID);	202✔
343	if (fd < 0)	101✔
344	return log_error_errno(fd, "Cannot open %s: %m", etc_machine_id);	×
345
346	etc_fd = safe_close(etc_fd);	101✔
347
348	r = fd_is_temporary_fs(fd);	101✔
349	if (r < 0)	101✔
350	return log_error_errno(r, "Failed to determine whether %s is on a temporary file system: %m", etc_machine_id);	×
351	if (r == 0)	101✔
352	return log_error_errno(SYNTHETIC_ERRNO(EROFS),	×
353	"%s is not on a temporary file system.",
354	etc_machine_id);
355
356	r = id128_read_fd(fd, ID128_FORMAT_PLAIN, &id);	101✔
357	if (r < 0)	101✔
358	return log_error_errno(r, "We didn't find a valid machine ID in %s: %m", etc_machine_id);	×
359
360	/* Store current mount namespace */
361	_cleanup_close_ int initial_mntns_fd = namespace_open_by_type(NAMESPACE_MOUNT);	202✔
362	if (initial_mntns_fd < 0)	101✔
363	return log_error_errno(initial_mntns_fd, "Can't fetch current mount namespace: %m");	×
364
365	/* Switch to a new mount namespace, isolate ourself and unmount etc_machine_id in our new namespace */
366	r = detach_mount_namespace();	101✔
367	if (r < 0)	101✔
368	return log_error_errno(r, "Failed to set up new mount namespace: %m");	×
369
370	/* Open /etc/ again after we transitioned into our own private mount namespace */
371	_cleanup_close_ int etc_fd_again = -EBADF;	101✔
372	r = chase("/etc/", root, CHASE_PREFIX_ROOT\|CHASE_MUST_BE_DIRECTORY, /* ret_path= */ NULL, &etc_fd_again);	101✔
373	if (r < 0)	101✔
374	return log_error_errno(r, "Failed to open /etc/: %m");	×
375
376	r = umountat_detach_verbose(LOG_ERR, etc_fd_again, "machine-id");	101✔
377	if (r < 0)	101✔
378	return r;
379
380	/* Update a persistent version of etc_machine_id */
381	r = id128_write_at(etc_fd_again, "machine-id", ID128_FORMAT_PLAIN \| ID128_SYNC_ON_WRITE, id);	101✔
382	if (r < 0)	101✔
383	return log_error_errno(r, "Cannot write %s. This is mandatory to get a persistent machine ID: %m", etc_machine_id);	×
384
385	etc_fd_again = safe_close(etc_fd_again);	101✔
386
387	/* Return to initial namespace and proceed a lazy tmpfs unmount */
388	r = namespace_enter(/* pidns_fd = */ -EBADF,	101✔
389	initial_mntns_fd,
390	/* netns_fd = */ -EBADF,
391	/* userns_fd = */ -EBADF,
392	/* root_fd = */ -EBADF);
393	if (r < 0)	101✔
394	return log_warning_errno(r,	×
395	"Failed to switch back to initial mount namespace: %m.\n"
396	"We'll keep transient %s file until next reboot.", etc_machine_id);
397
398	r = umountat_detach_verbose(LOG_DEBUG, fd, /* filename= */ NULL);	101✔
399	if (r < 0)	101✔
400	return log_warning_errno(r,	×
401	"Failed to unmount transient %s file: %m.\n"
402	"We keep that mount until next reboot.", etc_machine_id);
403
404	return 0;
405	}

systemd / systemd / 14766779411

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous