Re: git: a28ccb32bf56 - main - machine-id: generate a compact version of the uuid

Reply: Tĳl Coosemans : "Re: git: a28ccb32bf56 - main - machine-id: generate a compact version of the uuid"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Millard <marklmi_at_yahoo.com>
Date: Fri, 03 Mar 2023 18:36:20 UTC
Mike Karels <mike_at_karels.net> wrote on
Date: Fri, 03 Mar 2023 16:12:50 UTC :

> On 3 Mar 2023, at 9:40, Tĳl Coosemans wrote:
> 
> > On Wed, 1 Mar 2023 18:18:33 GMT Baptiste Daroussin <bapt@FreeBSD.org> wrote:
> >> The branch main has been updated by bapt:
> >>
> >> URL: https://cgit.FreeBSD.org/src/commit/?id=a28ccb32bf5678fc401f1602865ee9b37ca4c990
> >>
> >> commit a28ccb32bf5678fc401f1602865ee9b37ca4c990
> >> Author: Baptiste Daroussin <bapt@FreeBSD.org>
> >> AuthorDate: 2023-02-28 10:31:06 +0000
> >> Commit: Baptiste Daroussin <bapt@FreeBSD.org>
> >> CommitDate: 2023-03-01 18:16:25 +0000
> >>
> >> machine-id: generate a compact version of the uuid
> >>
> >> dbus and other actually expect an uuid without hyphens
> >>
> >> Reported by: tijl
> >> MFC After: 3 days
> >> ---
> >> libexec/rc/rc.d/machine_id | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libexec/rc/rc.d/machine_id b/libexec/rc/rc.d/machine_id
> >> index 7cfd7b2d92f8..8bf3e41d0603 100644
> >> --- a/libexec/rc/rc.d/machine_id
> >> +++ b/libexec/rc/rc.d/machine_id
> >> @@ -23,7 +23,7 @@ machine_id_start()
> >> if [ ! -f ${machine_id_file} ] ; then
> >> startmsg -n "Creating ${machine_id_file} "
> >> t=$(mktemp -t machine-id)
> >> - /bin/uuidgen -r -o $t
> >> + /bin/uuidgen -r -c -o $t
> >> install -C -o root -g wheel -m ${machine_id_perms} "$t" "${machine_id_file}"
> >> rm -f "$t"
> >> startmsg 'done.'
> >
> > I really think this file should be defined to contain the same UUID as
> > /etc/hostid such that there's one and only one UUID per machine. Having
> > two different IDs needlessly complicates things if they end up in logs
> > etc.
> >
> > It also looks like on Linux virtual machines this file contains the
> > SMBIOS UUID just like our /etc/hostid. If /etc/machine-id is supposed
> > to be a portable way to obtain that UUID it should be the same as
> > /etc/hostid.
> 
> I agree. I had the same reaction when the machine-id was added, but
> thought the requirements were different (in particular, the UUID version).
> If at all possible, the two should be the same except for hyphens.
> 
> > Please have another look at https://reviews.freebsd.org/D38811. This
> > file is supposed to remain constant across updates. If we get this
> > wrong in 13.2, applications may have to deal with the complications for
> > a very long time.
> 
> This should be resolved for 13.2 if at all possible.


What are the properties for the content of /etc/hostid
in FreeBSD? Where are they documented?

/etc/machine-id has strong property guarnatee
requirements in linux and dbus (which linux indicates
it has adopted requirements from):

https://man7.org/linux/man-pages/man5/machine-id.5.html

reports:

QUOTE
The machine ID does not change based on local or network
configuration or when hardware is replaced. Due to this and its
greater length, it is a more useful replacement for the
gethostid(3) call that POSIX specifies.

This machine ID adheres to the same format and logic as the D-Bus
machine ID.
END QUOTE

https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html reports:
( used via dbus-uuidgen --ensure=/etc/machine-id as one way
to get a linux-comaptibile /etc/machine-id for at least
some types of contexts )

QUOTE
The important properties of the machine UUID are that 1) it remains
unchanged until the next reboot and 2) it is different for any two
running instances of the OS kernel. That is, if two processes see
the same UUID, they should also see the same shared memory, UNIX
domain sockets, local X displays, localhost.localdomain resolution,
process IDs, and so forth
END QUOTE


Does /etc/hostid generated the normal way in FreeBSD have such
properties? (How do I look that up?)


Returning to:

https://man7.org/linux/man-pages/man5/machine-id.5.html

QUOTE
This ID uniquely identifies the host. It should be considered
"confidential", and must not be exposed in untrusted
environments, in particular on the network. If a stable unique
identifier that is tied to the machine is needed for some
application, the machine ID or any part of it must not be used
directly. Instead the machine ID should be hashed with a
cryptographic, keyed hash function, using a fixed,
application-specific key. That way the ID will be properly
unique, and derived in a constant way from the machine ID but
there will be no way to retrieve the original machine ID from the
application-specific one.
END QUOTE

Is that at least recommended for handling FreeBSD's /etc/hostid
content?


Is FreeBSD going to document /etc/machine-id content properties
in a similar manor?


If FreeBSD ends up with a /etc/machine-id that does not have
the properties and recommended principles of use, it would
appear that the /etc/machine-id path would be highly misleading
and, so, inappropriate.


===
Mark Millard
marklmi at yahoo.com