diff --git a/micro-activate.rs b/micro-activate.rs index bb2dd24..d9d829c 100644 --- a/micro-activate.rs +++ b/micro-activate.rs @@ -16,6 +16,20 @@ unsafe extern "C" { flags: c_ulong, data: *const c_void, ) -> c_int; + fn getrandom(buf: *mut u8, buflen: usize, flags: u32) -> c_int; +} + +fn gen_machine_id() -> String { + use std::fmt::Write as _; + let mut bytes: [u8; 16] = [0; 16]; + if unsafe { getrandom(bytes.as_mut_ptr(), 16, 0) } == -1 { + eprintln!("[micro-activate] getrandom failed!"); + } + let mut result = String::with_capacity(32); + for b in bytes { + let _ = write!(result, "{:02x}", b); + } + result } fn parse_tmpfiles_line(line: &str) -> Option<(&str, &str)> { @@ -57,7 +71,6 @@ fn main() -> Result<(), std::io::Error> { // // Let's preserve the fixed passed-in files and set up the NixOS symlinks in the new mount. let resolv_conf = std::fs::read("/run/resolv.conf")?; - let machine_id = std::fs::read("/run/machine-id")?; assert_eq!( unsafe { mount( @@ -71,7 +84,7 @@ fn main() -> Result<(), std::io::Error> { 0 ); std::fs::write("/run/resolv.conf", &resolv_conf)?; - std::fs::write("/run/machine-id", &machine_id)?; + std::fs::write("/run/machine-id", &gen_machine_id())?; std::os::unix::fs::symlink(&closure, "/run/current-system")?; if let Ok(tmp_graphics) = std::fs::read(format!("{closure}/etc/tmpfiles.d/graphics-driver.conf")) diff --git a/munix b/munix index 18d3013..3921ca9 100755 --- a/munix +++ b/munix @@ -195,7 +195,6 @@ bwrap --unshare-all --share-net \ --symlink "$MICROVM_CLOSURE/sw/bin/env" /usr/bin/env \ --symlink "$MICROVM_CLOSURE" /run/current-system \ --ro-bind /nix/store /nix/store \ - --file 12 /run/machine-id \ --file 13 /run/resolv.conf \ --dir "$XDG_RUNTIME_DIR" \ --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \ @@ -207,5 +206,4 @@ bwrap --unshare-all --share-net \ -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \ -e MICROVM_UID="$MICROVM_UID" -e MICROVM_GID="$MICROVM_GID" \ -i -t "${MICROVM_COMMAND[@]}" \ - 12< /etc/machine-id \ 13< /etc/resolv.conf