else/clan-munix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

micro-activate: generate machine-id randomly

Browse source 
D-Bus is supposed to (?) use it to decide whether it can use FD passing,
shared memory, etc. and while we do a lot of cross-domain magic it's not
quite seamless :) so let's not reuse the host one.
This commit is contained in:
Val Packett 2025-12-09 06:46:51 -03:00
parent 1d864e0ded
commit f336a0d5ff
2 changed files with 15 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

17
micro-activate.rs
View file

@ -16,6 +16,20 @@ unsafe extern "C" {
flags: c_ulong, flags: c_ulong,
data: *const c_void, data: *const c_void,
) -> c_int; ) -> c_int;
fn getrandom(buf: *mut u8, buflen: usize, flags: u32) -> c_int;
}
fn gen_machine_id() -> String {
use std::fmt::Write as _;
let mut bytes: [u8; 16] = [0; 16];
if unsafe { getrandom(bytes.as_mut_ptr(), 16, 0) } == -1 {
eprintln!("[micro-activate] getrandom failed!");
}
let mut result = String::with_capacity(32);
for b in bytes {
let _ = write!(result, "{:02x}", b);
}
result
} }
fn parse_tmpfiles_line(line: &str) -> Option<(&str, &str)> { fn parse_tmpfiles_line(line: &str) -> Option<(&str, &str)> {
@ -57,7 +71,6 @@ fn main() -> Result<(), std::io::Error> {
// //
// Let's preserve the fixed passed-in files and set up the NixOS symlinks in the new mount. // Let's preserve the fixed passed-in files and set up the NixOS symlinks in the new mount.
let resolv_conf = std::fs::read("/run/resolv.conf")?; let resolv_conf = std::fs::read("/run/resolv.conf")?;
let machine_id = std::fs::read("/run/machine-id")?;
assert_eq!( assert_eq!(
unsafe { unsafe {
mount( mount(
@ -71,7 +84,7 @@ fn main() -> Result<(), std::io::Error> {
0 0
); );
std::fs::write("/run/resolv.conf", &resolv_conf)?; std::fs::write("/run/resolv.conf", &resolv_conf)?;
std::fs::write("/run/machine-id", &machine_id)?; std::fs::write("/run/machine-id", &gen_machine_id())?;
std::os::unix::fs::symlink(&closure, "/run/current-system")?; std::os::unix::fs::symlink(&closure, "/run/current-system")?;
if let Ok(tmp_graphics) = if let Ok(tmp_graphics) =
std::fs::read(format!("{closure}/etc/tmpfiles.d/graphics-driver.conf")) std::fs::read(format!("{closure}/etc/tmpfiles.d/graphics-driver.conf"))

2
munix
View file

@ -195,7 +195,6 @@ bwrap --unshare-all --share-net \
--symlink "$MICROVM_CLOSURE/sw/bin/env" /usr/bin/env \ --symlink "$MICROVM_CLOSURE/sw/bin/env" /usr/bin/env \
--symlink "$MICROVM_CLOSURE" /run/current-system \ --symlink "$MICROVM_CLOSURE" /run/current-system \
--ro-bind /nix/store /nix/store \ --ro-bind /nix/store /nix/store \
--file 12 /run/machine-id \
--file 13 /run/resolv.conf \ --file 13 /run/resolv.conf \
--dir "$XDG_RUNTIME_DIR" \ --dir "$XDG_RUNTIME_DIR" \
--setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \ --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \
@ -207,5 +206,4 @@ bwrap --unshare-all --share-net \
-e MICROVM_CLOSURE="$MICROVM_CLOSURE" \ -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \
-e MICROVM_UID="$MICROVM_UID" -e MICROVM_GID="$MICROVM_GID" \ -e MICROVM_UID="$MICROVM_UID" -e MICROVM_GID="$MICROVM_GID" \
-i -t "${MICROVM_COMMAND[@]}" \ -i -t "${MICROVM_COMMAND[@]}" \
12< /etc/machine-id \
13< /etc/resolv.conf 13< /etc/resolv.conf