[Buildroot] [PATCH v2 10/14] package/systemd: invoke systemd-tmpfilesd on final image

Mon Sep 28 19:00:24 UTC 2020

Am Montag, 28. September 2020 schrieb Adam Duskett <aduskett at gmail.com>:

>
>
> On Mon, Jun 15, 2020 at 7:59 AM Norbert Lange <nolange79 at gmail.com> wrote:
>
>>
>>
>> Am Mo., 15. Juni 2020 um 16:32 Uhr schrieb Jérémy ROSEN <
>> jeremy.rosen at smile.fr>:
>>
>>> I wonder how that would work with lines that contain %b (boot id)
>>> and %m (machine-id)
>>> my educated guest would be that it would create files with the host's
>>> boot-id/machine-id. Thus leaking the host's information. This is not
>>> good, especially the machine-id of the host which is confidential
>>> information (not crypto-grade, but still shouldn't be leaked)
>>>
>>
>>> if systemd-tmpile supports that correctly (maybe skipping all %b %m
>>> when --root is used) it's all fine. But I don't remember seeing that.
>>>
>>> does it ?
>>>
>>
>> The default config files don't create files with machine-id, and %b is
>> not replaced at all AFAIR.
>> But I believe you are right that systemd-tmpfiles picks up the host
>> machine-id and would replace it.
>> Good catch, need to check.
>>
>
>
>>  FYI, this issue is being worked on:
>> https://github.com/systemd/systemd/pull/16187
>>
>
That PR is from a guy with an username matching my initials. Weird ;)

I seem to be unable to get simple questions about the how unanswered (until
pushes that raises issues that I wanted to solve before spending time
coding, testing and adhering to coding guidelines).

Now I am thinking, that maybe a small separate tool supporting the
systemd-tmpfiles, systemd-sysusers and busybox makeusers "setup
functionality" might get done faster and might allow the config to be used.

I'm not motivated to face this head on for a while, at any rate.

Norbert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200928/db2f0eae/attachment.html>