exclude /var/lib/dbus/machine-id from basefiles t…

[abezella]

this change updates the mk-basefile script to exclude /etc/machine-id and /var/lib/dbus/machine-id from basefiles to allow unique builds. in testing it appears that removing both is necessary (cf. SYSTEMD-MACHINE-ID-SETUP(1) "If a valid D-Bus machine ID is already configured [...]"). tested on a FOCAL64 basefile.

it is worth noting that the create_base function in bin/fai-make-nfsroot currently only excludes /etc/machine-id. likely this should be updated as well.

[Mrfai]

We already create an empty machine-id in the basefile. IIRC an empty file is needed (and better than excluding the machine-id file from the tar file) for the boot process to regenerate a new id during the first boot.

I cannot see that /var/lib/dbus/machine-id is included into the base files I create, so I wonder why this patch is needed.
Any ideas, logs that show why you have those files in a base file?

[abezella]

yes, the empty file looks like the right answer in the end (if you want a refresher on the question here was a good summary). currently fai-make-nfsroot creates base.tar withtar [...] --exclude etc/machine-id and then scripts/DEBIAN/40-misc accounts for the missing /etc/machine-id by creating an empty file and then running $ROOTCMD systemd-machine-id-setup. mk-basefile empties /etc/machine-id directly but wasn't sufficient for me w/FOCAL64.

i'll try to look further into the question of /var/lib/dbus/machine-id and its interaction with the emptied /etc/machine-id this week. as always, thank you!

[abezella]

apologies for the extended delay. i have looked into this further and it appears that for an ubuntu run debootstrap will pull in dbus, whereas for debian it will not. this was found by comparing the results from debootstrap --print-debs --arch amd64 focal [...] to debootstrap --print-debs --arch amd64 bullseye [...].

as part of /var/lib/dpkg/info/dbus.postinst, dbus-uuidgen is run which creates /var/lib/dbus/machine-id. if the generated /var/lib/dbus/machine-id is included in the basefile tarball then the empty /etc/machine-id is re-populated with the /var/lib/dbus/machine-id value and all hosts built from this basefile will have the same machine id.

since /etc/machine-id is previously emptied i have removed it from this MR for mk-basefile. however, as mentioned above please note that the create_base function in bin/fai-make-nfsroot has inconsistent behavior: it does exclude /etc/machine-id instead of emptying the file.

[abezella]

if excluding from the tarball isn't desired, an alternative is adding rm -f $xtmp/var/lib/dbus/machine-id to the cleanup-deb function

[abezella]

or a more aggressive approach in scripts/DEBIAN/40-misc as suggested in https://lists.uni-koeln.de/pipermail/linux-fai/2022-July/012877.html

[Mrfai]

If I get it correct, the best solution is to empty the /etc/machine-id file instead of excluding it from the tar in fai-make-nfsroot as I do in mk-basefiles.

So, FAI should always create an empty /etc/machine-id but not exlcude it.
FAI should exclude var/lib/dbus/machine-id.

Is this correct?

[abezella]

yes, i believe that is correct:

• /etc/machine-id should be an empty file in the generic tarball
• /var/lib/dbus/machine-id should be excluded from the generic tarball or removed prior to its creation

thank you!

[Mrfai]

I added the changes now to the master branch.