From nobody Sat Mar 04 15:20:17 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PTT752fHYz3w7bG for ; Sat, 4 Mar 2023 15:20:33 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic312-23.consmr.mail.gq1.yahoo.com (sonic312-23.consmr.mail.gq1.yahoo.com [98.137.69.204]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PTT746rh6z3KpM for ; Sat, 4 Mar 2023 15:20:32 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1677943231; bh=bZjK2x6VsyMxsgbCJnwKbGEOWB9NFoUiHfMANRxTKT8=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject:Reply-To; b=dqWDAKN4+GAQqdEB+d7vQ6+fR27GlkuoM0fBUFN5glhk7a2xUG+UvFvswhltlgQmlRMYY7QTm3Dh+JgEHJ1fFNNp6uHW1fy8dzBwttSbxaPM7qR5ZIQpz37roiRSCK3SrIQPZWD9zC+9VuBTfbVY6wl5XIh4B/iogo/VsZ3VDE1Qg7AwSx8AJ2dE36pIl+ZR25yBpdFYuBL8DXGPxs9MypUw1MvrLUoSK5MGOp7Qy4rydYwl+enOJZ30SWiJ21VUZcaEUxjGbKH9dFQb07FJNE5fBn6UIuiz+1JzrlzlopOBz1UW6SlBqeW/UZy7sQ6weZ8GIBeZ4JyjRwaR6+ipwg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1677943231; bh=OFCnkG09Dpwc1a6uYUnFjZwE4UE2SOepEYP502LESXX=; h=X-Sonic-MF:Subject:From:Date:To:From:Subject; b=GNsCYJSuplOtpWw6wfNTs3GOsjgTnFA30GO6ZhRoXPitqHEZR3g8hRAp25/qiL/SuBLA2hPUUHr84pOCnyj6h675eyxobrspNOTaRBKKhdQZ7ScHeYCLiCpvIZ/VOd775603PJBfuZenTVDvyd+WrN82b0uGAq+CRljQ0gPWOqjseSccvi9x+vz+zSajV7/fyUhZlmb4EKnXmwyKAsdGRcW6ZOPeA7Za6L9veJH95lKTGuBlDJ2mTE0/2+anNT0BqIAvpNUDfUry//6lD8gwVOH/KUVrldwApSRalpKlTzPYL7ClDe6fca66vWFVda/G6o/uzHFpTXdIXCOUMM7ocA== X-YMail-OSG: 54nEdjAVM1m8aFMt1g7FPgTeEv1GXPsKYPaDpNSXnPMXmzZj72O1hSnmn_0Zs1R JhxYtsxuRj8bbmp.YzQGn0XBg4bonBpqEC0f9pvVatpz2hh2_273yWY3p8.SToR6izswYN.CssH8 aKI_XrNLJcVxn63wIhR0LtY7g5l1XjrzfalM_AvYYUl.JL3d896W6kUPEa9p2J3A90TRjJG.uCVR gNMrhOqLCPsgbIZsD8ZD1OmL5.3mzAaPMxRUCfTnHxUpKPsW2MlB2vwNpGNoUQp6a5Oyj0p7IgNE DOpj60cFgzUTS_CE9LWIvkNkGs8m_jFUb3KEW.1qn4p9ZrSveIj.zcH4WrREzsxoABlQI4EjpUFs hYIcW3vbMQI.wZHdklWL.AoNY1T6Zf.SJWVQC39vr9nmx3g8XUoK0D3heFADKcsriPxFZxD6vZxH 7a9vilDeIC0swGBq8UsPo9vNRjuqMbUI4nP4Mq7.WTD2HR.nj85AsESGYNHZIbVan.clKfHsISF. Scmjf9Di54KngGU3JTI9hEbo5x.c.fUR3TYWGIDwCGCy4EyI7rxqybQPY9CS7oOtsnhu4B7Kj7T. 70NilV29KoYxXW4vH.bbDLAxPzSnHmWQ24mTNXo1tnOy0jFcvhMMUWZlpGoKQ5SMG3vzczDqN.l6 0L4mV8MBIouWpK_YydtGo10tfC3Agp2KmMu9kHUMyYeNSF5gOiUhPbSh7DixpXkXVGww_GdPIGM1 3MYeG_dTqHcaOPwaCvk1GgNRAzTfe5hdhlyC9gaqzUXfNenQlcGQeUOQXkFZLN8.UlC.x3ga8uD1 oRPb2NJ28LMob_cp9IZCSXOFogelkPj7jpZi2vjzDdpPc6W6iEUDH5oVW3KyeGYlOUlXWZ7aZ_oo 5QBxV1iH0toMhKLO98YRPdfzF9wc1oHenIm6DVpKkEm3isa0Rh8BxHrY4J954vktbhrU3rx9MqY3 0Co0usqOzy8gjE3VoR9c2fTVKNg5sGvHMU2jfltGRoNN_GmMXk1tZJRReD5tw1R4.GIZJFNpJXw3 cA1RUKpP51xdZOVhDTChXxEvAZG7LTdHrPUYwwcrNoChNtmrzcpQ90QwEql3HNyir3aPHFIzHWti .kU69gET68WrCgCNn_IxYG70e.E1WQKUbnBr9d0yf8St8LcfQKt7_KRqv88.LVvwGZ4N8DwznmF3 ZJJaarq52kDgHHJHFYxbPmqnRS4vtnfHr1h7eoSkpc53vFdCNbR245QmyganxNIHpAkeEgtCGzLa SRSJQjm.jsutO6cMmHXkC5KGg83dAPcKohfNjRDrvIWQszKUSfLJChYrPM7YlEYJHobSFU0Wwe84 Ow.9F8O3scQgoNBaTj_tKe7Va_ZrawZUgDa1yDn.1wrhRzTyE4GyndCcci7jKs7_jCYlEW1kA62W 5N1ZnihZM8m31GhPqybekbO.k1Q1nIjlb1IEaiRFnbhelZRFSJpKLq00REGH2mb11vycViv0GKxW avOExSIr8kG6TwQVG.iY68NvUzSrzC1CARxc3By1hi5y7BdQXj8CG4a4_sCG5S5f4zuA_V_ZMq5. 8ByHyzK8LKGNN3HC4taDW6oCT9Jck0PKXG7199b0ZYs45U3yjlUD9eevucLKOdjB.3mnGVWAW.nR lwd4C09TZQTcAcJWJlq_5d57FXnW2cdCIiHg_PBsZIQxt.j5aE9dLTlIb0nL0KQgQJOktTB6eVli XvQB8E8Gxe3kXStRt8MoZ8lOK1nf3JhK_q5JMBCiAnVJNwe9Bj8vizQSkSkxZ1Xn1x7CpofwpX.8 vl.wubgN6mgUOXTwyanp8kMTCRDQIG9YfMtID87xdf.lP.g3mPOTC2Rk1kGDh3RuHDACeXzO1swY eonxYC.DVw_F.iHwKh2PHEHytKnK1563MrBuG5PrKZD0zvkP4ruLnOsWDBIXRwKmOqSVhHdfqKBP k.5TcrjAvXmeskTKOnXT.z69CkoVRoULCIn2fh907NKC.GEO5AAC8lhdo9CT3Cagm.MqZ8jsQZFu exWW2XL2KJbyYMS0ER16bQVwB3WpSOD0b9VvfGBTLMK9mX2Ef_xeSlQHUvIkiyEHFQaQjNBFZvsj EsLeEw3jQcDbtqzQP6tASYf3rls0fUrF0WuPZeYy5jKGyZ0MBJpLBRUlRtGLFT0APSQyMM_58Yvd aMwPdWQPAW6bRiLESNn.410c237cOHrsG2V0H3KV9WD_mVFb1k.2bSThiLndkRUs0sIWQDe9AzC4 PYunZXUSmw8PufTXboaKIauH8xNFLQ_.kCIfLSO8OVN9FUU4GPzCEXJu_oGMFu9nkoDXkbPZ5ab5 RtJY- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.gq1.yahoo.com with HTTP; Sat, 4 Mar 2023 15:20:31 +0000 Received: by hermes--production-gq1-6cf7749bc8-frkdq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7d7750c3bdafcd0467063d3696d5b944; Sat, 04 Mar 2023 15:20:28 +0000 (UTC) Content-Type: text/plain; charset=utf-8 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\)) Subject: Re: git: a28ccb32bf56 - main - machine-id: generate a compact version of the uuid From: Mark Millard In-Reply-To: <20230304153254.077542bd@hal.tijl.coosemans.org> Date: Sat, 4 Mar 2023 07:20:17 -0800 Cc: Mike Karels , dev-commits-src-main@freebsd.org, "bapt@freebsd.org" , FreeBSD-STABLE Mailing List , Current FreeBSD Content-Transfer-Encoding: quoted-printable Message-Id: <08640BC2-2DD0-440F-A70D-D5302F7B70F5@yahoo.com> References: <6227093D-3D45-4300-97B9-2F2D76C083BE.ref@yahoo.com> <6227093D-3D45-4300-97B9-2F2D76C083BE@yahoo.com> <20230304153254.077542bd@hal.tijl.coosemans.org> To: =?utf-8?Q?T=C4=B3l_Coosemans?= X-Mailer: Apple Mail (2.3731.400.51.1.1) X-Rspamd-Queue-Id: 4PTT746rh6z3KpM X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Mar 4, 2023, at 06:32, T=C4=B3l Coosemans wrote: >=20 > On Fri, 3 Mar 2023 10:36:20 -0800 Mark Millard = wrote: >> What are the properties for the content of /etc/hostid >> in FreeBSD? Where are they documented? >>=20 >> /etc/machine-id has strong property guarnatee >> requirements in linux and dbus (which linux indicates >> it has adopted requirements from): >>=20 >> https://man7.org/linux/man-pages/man5/machine-id.5.html >>=20 >> reports: >>=20 >> QUOTE >> The machine ID does not change based on local or network >> configuration or when hardware is replaced. Due to this and its >> greater length, it is a more useful replacement for the >> gethostid(3) call that POSIX specifies. >>=20 >> This machine ID adheres to the same format and logic as the D-Bus >> machine ID. >> END QUOTE >=20 > /etc/hostid is written once. It does not change with network or > hardware changes. >=20 >> https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html reports: >> ( used via dbus-uuidgen --ensure=3D/etc/machine-id as one way >> to get a linux-comaptibile /etc/machine-id for at least >> some types of contexts ) >>=20 >> QUOTE >> The important properties of the machine UUID are that 1) it remains >> unchanged until the next reboot and 2) it is different for any two >> running instances of the OS kernel. That is, if two processes see >> the same UUID, they should also see the same shared memory, UNIX >> domain sockets, local X displays, localhost.localdomain resolution, >> process IDs, and so forth >> END QUOTE >>=20 >>=20 >> Does /etc/hostid generated the normal way in FreeBSD have such >> properties? (How do I look that up?) >=20 > Yes. It's `kenv smbios.system.uuid` if that's available and generated > by uuidgen otherwise. The code is in /etc/rc.d/hostid and > /etc/rc.d/hostid_save. I probably also should have quoted the below for completeness: QUOTE Also, don't make it the same on two different systems; it needs to be different anytime there are two different kernels running. END QUOTE There are implications for some virtual environments. >> Returning to: >>=20 >> https://man7.org/linux/man-pages/man5/machine-id.5.html >>=20 >> QUOTE >> This ID uniquely identifies the host. It should be considered >> "confidential", and must not be exposed in untrusted >> environments, in particular on the network. If a stable unique >> identifier that is tied to the machine is needed for some >> application, the machine ID or any part of it must not be used >> directly. Instead the machine ID should be hashed with a >> cryptographic, keyed hash function, using a fixed, >> application-specific key. That way the ID will be properly >> unique, and derived in a constant way from the machine ID but >> there will be no way to retrieve the original machine ID from the >> application-specific one. >> END QUOTE >>=20 >> Is that at least recommended for handling FreeBSD's /etc/hostid >> content? >=20 > No, the file is not documented at all, but this is a recommendation on > how to use the file not a restriction on the content like the other > quotes so this isn't an impediment to using the same ID in > /etc/machine-id. That presumes that what FreeBSD does with /etc/hostid content keeps the content confidential by default, such as using hashing to avoid there being a way to "retrieve the original machine ID". (It may well, but that is not documented.) Otherwise following the recommendation would be an impossibility for /etc/hostid content. >> Is FreeBSD going to document /etc/machine-id content properties >> in a similar manor? >>=20 >>=20 >> If FreeBSD ends up with a /etc/machine-id that does not have >> the properties and recommended principles of use, it would >> appear that the /etc/machine-id path would be highly misleading >> and, so, inappropriate. Thanks for the notes. =3D=3D=3D Mark Millard marklmi at yahoo.com