system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-22 18:55:10 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
systemd/man/sd_id128_get_machine.xml

282 lines
14 KiB
XML
Raw Normal View History

man: Split sd_randomize(3) from sd_id128_get_{machine,boot}(3) They have too little to do with each other...
2012-07-13 20:55:52 +00:00
<?xml version='1.0'?> <!--*-nxml-*-->
man: use same header for all files The "include" files had type "book" for some raeason. I don't think this is meaningful. Let's just use the same everywhere. $ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
2019-03-14 13:40:58 +00:00
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
man: use same version in public and system ident.
2023-12-25 14:48:33 +00:00
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
license: LGPL-2.1+ -> LGPL-2.1-or-later
2020-11-09 04:23:58 +00:00
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
man: Split sd_randomize(3) from sd_id128_get_{machine,boot}(3) They have too little to do with each other...
2012-07-13 20:55:52 +00:00
man: xinclude the generic text to talk about libsystemd pkgconfig The only difference is that functions are not individually listed by name, but that seems completely pointless, since all functions that are documented are always exported, so the generic text tells the user all she or he needs to know.
2018-06-06 09:59:04 +00:00
<refentry id="sd_id128_get_machine" xmlns:xi="http://www.w3.org/2001/XInclude">
man: Split sd_randomize(3) from sd_id128_get_{machine,boot}(3) They have too little to do with each other...
2012-07-13 20:55:52 +00:00
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<refentryinfo>
<title>sd_id128_get_machine</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>sd_id128_get_machine</refentrytitle>
<manvolnum>3</manvolnum>
</refmeta>
<refnamediv>
<refname>sd_id128_get_machine</refname>
man: document sd_id128_get_app_specific
2023-08-26 11:07:32 +00:00
<refname>sd_id128_get_app_specific</refname>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<refname>sd_id128_get_machine_app_specific</refname>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<refname>sd_id128_get_boot</refname>
sd-id128: add sd_id128_get_boot_app_specific()
2018-10-02 12:25:24 +00:00
<refname>sd_id128_get_boot_app_specific</refname>
core: add "invocation ID" concept to service manager This adds a new invocation ID concept to the service manager. The invocation ID identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is generated each time a unit moves from and inactive to an activating or active state. The primary usecase for this concept is to connect the runtime data PID 1 maintains about a service with the offline data the journal stores about it. Previously we'd use the unit name plus start/stop times, which however is highly racy since the journal will generally process log data after the service already ended. The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel, except that it applies to an individual unit instead of the whole system. The invocation ID is passed to the activated processes as environment variable. It is additionally stored as extended attribute on the cgroup of the unit. The latter is used by journald to automatically retrieve it for each log logged message and attach it to the log entry. The environment variable is very easily accessible, even for unprivileged services. OTOH the extended attribute is only accessible to privileged processes (this is because cgroupfs only supports the "trusted." xattr namespace, not "user."). The environment variable may be altered by services, the extended attribute may not be, hence is the better choice for the journal. Note that reading the invocation ID off the extended attribute from journald is racy, similar to the way reading the unit name for a logging process is. This patch adds APIs to read the invocation ID to sd-id128: sd_id128_get_invocation() may be used in a similar fashion to sd_id128_get_boot(). PID1's own logging is updated to always include the invocation ID when it logs information about a unit. A new bus call GetUnitByInvocationID() is added that allows retrieving a bus path to a unit by its invocation ID. The bus path is built using the invocation ID, thus providing a path for referring to a unit that is valid only for the current runtime cycleof it. Outlook for the future: should the kernel eventually allow passing of cgroup information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we can alter the invocation ID to be generated as hash from that rather than entirely randomly. This way we can derive the invocation race-freely from the messages.
2016-08-30 21:18:46 +00:00
<refname>sd_id128_get_invocation</refname>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<refpurpose>Retrieve 128-bit IDs</refpurpose>
</refnamediv>
<refsynopsisdiv>
<funcsynopsis>
<funcsynopsisinfo>#include &lt;systemd/sd-id128.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>sd_id128_get_machine</function></funcdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
man: document sd_id128_get_app_specific
2023-08-26 11:07:32 +00:00
<funcprototype>
<funcdef>int <function>sd_id128_get_app_specific</function></funcdef>
<paramdef>sd_id128_t <parameter>base</parameter></paramdef>
<paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<funcprototype>
<funcdef>int <function>sd_id128_get_machine_app_specific</function></funcdef>
<paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<funcprototype>
<funcdef>int <function>sd_id128_get_boot</function></funcdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
sd-id128: add sd_id128_get_boot_app_specific()
2018-10-02 12:25:24 +00:00
<funcprototype>
<funcdef>int <function>sd_id128_get_boot_app_specific</function></funcdef>
<paramdef>sd_id128_t <parameter>app_id</parameter></paramdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
core: add "invocation ID" concept to service manager This adds a new invocation ID concept to the service manager. The invocation ID identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is generated each time a unit moves from and inactive to an activating or active state. The primary usecase for this concept is to connect the runtime data PID 1 maintains about a service with the offline data the journal stores about it. Previously we'd use the unit name plus start/stop times, which however is highly racy since the journal will generally process log data after the service already ended. The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel, except that it applies to an individual unit instead of the whole system. The invocation ID is passed to the activated processes as environment variable. It is additionally stored as extended attribute on the cgroup of the unit. The latter is used by journald to automatically retrieve it for each log logged message and attach it to the log entry. The environment variable is very easily accessible, even for unprivileged services. OTOH the extended attribute is only accessible to privileged processes (this is because cgroupfs only supports the "trusted." xattr namespace, not "user."). The environment variable may be altered by services, the extended attribute may not be, hence is the better choice for the journal. Note that reading the invocation ID off the extended attribute from journald is racy, similar to the way reading the unit name for a logging process is. This patch adds APIs to read the invocation ID to sd-id128: sd_id128_get_invocation() may be used in a similar fashion to sd_id128_get_boot(). PID1's own logging is updated to always include the invocation ID when it logs information about a unit. A new bus call GetUnitByInvocationID() is added that allows retrieving a bus path to a unit by its invocation ID. The bus path is built using the invocation ID, thus providing a path for referring to a unit that is valid only for the current runtime cycleof it. Outlook for the future: should the kernel eventually allow passing of cgroup information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we can alter the invocation ID to be generated as hash from that rather than entirely randomly. This way we can derive the invocation race-freely from the messages.
2016-08-30 21:18:46 +00:00
<funcprototype>
<funcdef>int <function>sd_id128_get_invocation</function></funcdef>
<paramdef>sd_id128_t *<parameter>ret</parameter></paramdef>
</funcprototype>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
</funcsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<para><function>sd_id128_get_machine()</function> returns the machine ID of the executing host. This reads and
parses the <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
tree-wide: fix spelling errors Based on a report from Fossies.org using Codespell. Followup to #15436
2020-04-21 18:46:53 +00:00
ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
man: document sd_id128_get_app_specific
2023-08-26 11:07:32 +00:00
<para><function>sd_id128_get_app_specific()</function> returns a machine ID that is a combination of the
<parameter>base</parameter> and <parameter>app_id</parameter> parameters. Internally, this function
calculates HMAC-SHA256 of the <parameter>app_id</parameter> parameter keyed by the
<parameter>base</parameter> parameter, and truncates this result to fit in
<structname>sd_id128_t</structname> and turns it into a valid Variant 1 Version 4 UUID, in accordance
with <ulink url="https://tools.ietf.org/html/rfc4122">RFC 4122</ulink>. Neither of the two input
parameters can be calculated from the output parameter <parameter>ret</parameter>.</para>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<para><function>sd_id128_get_machine_app_specific()</function> is similar to
man: document sd_id128_get_app_specific
2023-08-26 11:07:32 +00:00
<function>sd_id128_get_machine()</function>, but retrieves a machine ID that is specific to the
application that is identified by the indicated application ID. It is recommended to use this function
instead of <function>sd_id128_get_machine()</function> when passing an ID to untrusted environments, in
order to make sure that the original machine ID may not be determined externally. This way, the ID used
by the application remains stable on a given machine, but cannot be easily correlated with IDs used in
other applications on the same machine. The application-specific ID should be generated via a tool like
<command>systemd-id128 new</command>, and may be compiled into the application. This function will return
the same application-specific ID for each combination of machine ID and application ID. Internally, this
function calls <function>sd_id128_get_app_specific()</function> with the result from
<function>sd_id128_get_machine()</function> and the <parameter>app_id</parameter> parameter.</para>
sd-id128: add sd_id128_get_boot_app_specific()
2018-10-02 12:25:24 +00:00
<para><function>sd_id128_get_boot()</function> returns the boot ID of the executing kernel. This reads and parses
the <filename>/proc/sys/kernel/random/boot_id</filename> file exposed by the kernel. It is randomly generated early
at boot and is unique for every running kernel instance. See <citerefentry
project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry> for more
information. This function also internally caches the returned ID to make this call a cheap operation. It is
recommended to use this ID as-is only in trusted environments. In untrusted environments it is recommended to
man: correct reference to sd_id128_get_boot_app_specific The function sd_id128_get_boot_app_specific is the app specific variant of sd_id128_get_boot. Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
2023-06-22 10:59:33 +00:00
derive an application specific ID using <function>sd_id128_get_boot_app_specific()</function>, see below.</para>
sd-id128: add sd_id128_get_boot_app_specific()
2018-10-02 12:25:24 +00:00
<para><function>sd_id128_get_boot_app_specific()</function> is analogous to
man: document sd_id128_get_app_specific
2023-08-26 11:07:32 +00:00
<function>sd_id128_get_machine_app_specific()</function>, but returns an ID that changes between
boots. Some machines may be used for a long time without rebooting, hence the boot ID may remain constant
for a long time, and has properties similar to the machine ID during that time.</para>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
core: add "invocation ID" concept to service manager This adds a new invocation ID concept to the service manager. The invocation ID identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is generated each time a unit moves from and inactive to an activating or active state. The primary usecase for this concept is to connect the runtime data PID 1 maintains about a service with the offline data the journal stores about it. Previously we'd use the unit name plus start/stop times, which however is highly racy since the journal will generally process log data after the service already ended. The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel, except that it applies to an individual unit instead of the whole system. The invocation ID is passed to the activated processes as environment variable. It is additionally stored as extended attribute on the cgroup of the unit. The latter is used by journald to automatically retrieve it for each log logged message and attach it to the log entry. The environment variable is very easily accessible, even for unprivileged services. OTOH the extended attribute is only accessible to privileged processes (this is because cgroupfs only supports the "trusted." xattr namespace, not "user."). The environment variable may be altered by services, the extended attribute may not be, hence is the better choice for the journal. Note that reading the invocation ID off the extended attribute from journald is racy, similar to the way reading the unit name for a logging process is. This patch adds APIs to read the invocation ID to sd-id128: sd_id128_get_invocation() may be used in a similar fashion to sd_id128_get_boot(). PID1's own logging is updated to always include the invocation ID when it logs information about a unit. A new bus call GetUnitByInvocationID() is added that allows retrieving a bus path to a unit by its invocation ID. The bus path is built using the invocation ID, thus providing a path for referring to a unit that is valid only for the current runtime cycleof it. Outlook for the future: should the kernel eventually allow passing of cgroup information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we can alter the invocation ID to be generated as hash from that rather than entirely randomly. This way we can derive the invocation race-freely from the messages.
2016-08-30 21:18:46 +00:00
<para><function>sd_id128_get_invocation()</function> returns the invocation ID of the currently executed
man: update documents for sd_id128_get_invocation()
2022-12-14 05:29:25 +00:00
service. In its current implementation, this tries to read and parse the following:
<itemizedlist>
<listitem>
<para>The <varname>$INVOCATION_ID</varname> environment variable that the service manager sets when
activating a service.</para>
</listitem>
<listitem>
<para>An entry in the kernel keyring that the system service manager sets when activating a service.
</para>
</listitem>
</itemizedlist>
See <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. The ID is cached internally. In future a different mechanism to determine the invocation ID
may be added.</para>
core: add "invocation ID" concept to service manager This adds a new invocation ID concept to the service manager. The invocation ID identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is generated each time a unit moves from and inactive to an activating or active state. The primary usecase for this concept is to connect the runtime data PID 1 maintains about a service with the offline data the journal stores about it. Previously we'd use the unit name plus start/stop times, which however is highly racy since the journal will generally process log data after the service already ended. The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel, except that it applies to an individual unit instead of the whole system. The invocation ID is passed to the activated processes as environment variable. It is additionally stored as extended attribute on the cgroup of the unit. The latter is used by journald to automatically retrieve it for each log logged message and attach it to the log entry. The environment variable is very easily accessible, even for unprivileged services. OTOH the extended attribute is only accessible to privileged processes (this is because cgroupfs only supports the "trusted." xattr namespace, not "user."). The environment variable may be altered by services, the extended attribute may not be, hence is the better choice for the journal. Note that reading the invocation ID off the extended attribute from journald is racy, similar to the way reading the unit name for a logging process is. This patch adds APIs to read the invocation ID to sd-id128: sd_id128_get_invocation() may be used in a similar fashion to sd_id128_get_boot(). PID1's own logging is updated to always include the invocation ID when it logs information about a unit. A new bus call GetUnitByInvocationID() is added that allows retrieving a bus path to a unit by its invocation ID. The bus path is built using the invocation ID, thus providing a path for referring to a unit that is valid only for the current runtime cycleof it. Outlook for the future: should the kernel eventually allow passing of cgroup information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we can alter the invocation ID to be generated as hash from that rather than entirely randomly. This way we can derive the invocation race-freely from the messages.
2016-08-30 21:18:46 +00:00
man: document that it is guaranteed that generated ID128 are never all-zero or all-one This is the case because the ID128 we generate are all marked as v4 UUID which requires that some bits are zero and others are one. Let's document this so that people can rely on SD_ID128_NULL being a special value for "uninitialized" that is always distinguishable from generated UUIDs.
2021-05-26 14:07:55 +00:00
<para>Note that <function>sd_id128_get_machine_app_specific()</function>,
<function>sd_id128_get_boot()</function>, <function>sd_id128_get_boot_app_specific()</function>, and
sd-id128: document everywhere that we treat all UUIDs as Variant 1 So in theory UUID Variant 2 (i.e. microsoft GUIDs) are supposed to be displayed in native endian. That is of course a bad idea, and Linux userspace generally didn't implement that, i.e. uuidd and similar. Hence, let's not bother either, but let's document that we treat everything the same as Variant 1, even if it declares something else.
2021-06-15 15:55:17 +00:00
<function>sd_id128_get_invocation()</function> always return UUID Variant 1 Version 4 compatible IDs.
<function>sd_id128_get_machine()</function> will also return a UUID Variant 1 Version 4 compatible ID on
new installations but might not on older. It is possible to convert the machine ID non-reversibly into a
UUID Variant 1 Version 4 compatible one. For more information, see
man: document that it is guaranteed that generated ID128 are never all-zero or all-one This is the case because the ID128 we generate are all marked as v4 UUID which requires that some bits are zero and others are one. Let's document this so that people can rely on SD_ID128_NULL being a special value for "uninitialized" that is always distinguishable from generated UUIDs.
2021-05-26 14:07:55 +00:00
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It is
tree-wide: fix typo
2021-05-28 10:52:12 +00:00
hence guaranteed that these functions will never return the ID consisting of all zero or all one bits
man: document that it is guaranteed that generated ID128 are never all-zero or all-one This is the case because the ID128 we generate are all marked as v4 UUID which requires that some bits are zero and others are one. Let's document this so that people can rely on SD_ID128_NULL being a special value for "uninitialized" that is always distinguishable from generated UUIDs.
2021-05-26 14:07:55 +00:00
(<constant>SD_ID128_NULL</constant>, <constant>SD_ID128_ALLF</constant>) — with the possible exception of
<function>sd_id128_get_machine()</function>, as mentioned.</para>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<para>For more information about the <literal>sd_id128_t</literal>
type see
<citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>Return Value</title>
sd-id128: return -ENOMEDIUM on null id We currently return -ENOMEDIUM when /etc/machine-id is empty, and -EINVAL when it is all zeros. But -EINVAL is also used for invalid args. The distinction between empty and all-zero is not very important, let's use the same return code. Also document -ENOENT and -ENOMEDIUM since they can be a bit surprising.
2018-05-16 11:55:12 +00:00
<para>Those calls return 0 on success (in which case <parameter>ret</parameter> is filled in),
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
or a negative errno-style error code.</para>
<refsect2>
<title>Errors</title>
<para>Returned errors may indicate the following problems:</para>
<variablelist>
<varlistentry>
<term><constant>-ENOENT</constant></term>
man: mention that sd_id128_get_boot() and friend may return -ENOSYS And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a file in the procfs, which is a kind of the kernel API. Hence the failures are caused only when the system has wrong setup.
2022-12-08 06:49:02 +00:00
<listitem><para>Returned by <function>sd_id128_get_machine()</function> and
<function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename>
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
is missing.</para>
<xi:include href="version-info.xml" xpointer="v242"/></listitem>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
</varlistentry>
<varlistentry>
<term><constant>-ENOMEDIUM</constant></term>
man: mention that sd_id128_get_boot() and friend may return -ENOSYS And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a file in the procfs, which is a kind of the kernel API. Hence the failures are caused only when the system has wrong setup.
2022-12-08 06:49:02 +00:00
<listitem><para>Returned by <function>sd_id128_get_machine()</function> and
<function>sd_id128_get_machine_app_specific()</function> when <filename>/etc/machine-id</filename>
sd-id128: also refuse an empty invocation ID
2022-12-14 04:40:42 +00:00
is empty or all zeros. Also returned by <function>sd_id128_get_invocation()</function> when the
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
invocation ID is all zeros.</para>
<xi:include href="version-info.xml" xpointer="v242"/></listitem>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
</varlistentry>
man: mention sd_id128_get_machine() or friend may return -ENOPKG
2022-12-08 06:43:26 +00:00
<varlistentry>
<term><constant>-ENOPKG</constant></term>
<listitem><para>Returned by <function>sd_id128_get_machine()</function> and
<function>sd_id128_get_machine_app_specific()</function> when the content of
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
<filename>/etc/machine-id</filename> is <literal>uninitialized</literal>.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
man: mention sd_id128_get_machine() or friend may return -ENOPKG
2022-12-08 06:43:26 +00:00
</varlistentry>
man: mention that sd_id128_get_boot() and friend may return -ENOSYS And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a file in the procfs, which is a kind of the kernel API. Hence the failures are caused only when the system has wrong setup.
2022-12-08 06:49:02 +00:00
<varlistentry>
<term><constant>-ENOSYS</constant></term>
<listitem><para>Returned by <function>sd_id128_get_boot()</function> and
<function>sd_id128_get_boot_app_specific()</function> when <filename>/proc/</filename> is not
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
mounted.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
man: mention that sd_id128_get_boot() and friend may return -ENOSYS And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a file in the procfs, which is a kind of the kernel API. Hence the failures are caused only when the system has wrong setup.
2022-12-08 06:49:02 +00:00
</varlistentry>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
<varlistentry>
<term><constant>-ENXIO</constant></term>
<listitem><para>Returned by <function>sd_id128_get_invocation()</function> if no invocation ID is
sd-id128: do not allow null 'app_id' param If it is null, we get the 'base' param unchanged: $ build/systemd-id128 show 00000000000000000000000000000001 \ --app-specific=00000000000000000000000000000000 00000000000000000000000000000001 This is not good, because it breaks our promise that the base (usually either machine-id or boot-id) cannot be derived from the result. Some application using the library could use a null app id, inadvertently exposing the machine or boot id. (This could happen because of forgotten initialization, or maybe because the app id is configurable, and the user configures it wrongly.) Note: the other way the secret is not exposed: $ build/systemd-id128 show 00000000000000000000000000000000 \ --app-specific=00000000000000000000000000000002 4f63080959264900b0d88d999dae2d3a Normally systemd would not allow a null machine-id or boot-id, but we can let the user do the calculation that if they want to.
2023-08-26 12:03:14 +00:00
set. Also returned by <function>sd_id128_get_app_specific()</function>,
<function>sd_id128_get_machine_app_specific()</function>, and
<function>sd_id128_get_boot_app_specific()</function> when the <parameter>app_id</parameter>
parameter is all zeros.</para>
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
<xi:include href="version-info.xml" xpointer="v242"/></listitem>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
</varlistentry>
<varlistentry>
sd-id128: make sd_id128_get_machine() or friends return -EUCLEAN when an ID is in an invalid format EINVAL suggests that the caller passes an invalid argument. EIO is for "input/output error", i.e. the error you'd get if the disk or file system is borked, and this error code could be returned by the underlying read/write functions. Let's make the functions return an unambiguous error code.
2022-12-14 05:31:09 +00:00
<term><constant>-EUCLEAN</constant></term>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
<listitem><para>Returned by any of the functions described here when the configured value has
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
invalid format.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
</varlistentry>
<varlistentry>
<term><constant>-EPERM</constant></term>
<listitem><para>Requested information could not be retrieved because of insufficient permissions.
man: add version info This tries to add information about when each option was added. It goes back to version 183. The version info is included from a separate file to allow generating it, which would allow more control on the formatting of the final output.
2023-08-22 16:52:36 +00:00
</para>
<xi:include href="version-info.xml" xpointer="v242"/></listitem>
man: document error values for sd_id128_get_*()
2019-03-21 13:08:34 +00:00
</varlistentry>
</variablelist>
</refsect2>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
</refsect1>
man: xinclude the generic text to talk about libsystemd pkgconfig The only difference is that functions are not individually listed by name, but that seems completely pointless, since all functions that are documented are always exported, so the generic text tells the user all she or he needs to know.
2018-06-06 09:59:04 +00:00
<xi:include href="libsystemd-pkgconfig.xml" />
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
<refsect1>
<title>Examples</title>
<example>
<title>Application-specific machine ID</title>
man: add man page for systemd-id128
2018-08-21 14:25:21 +00:00
<para>First, generate the application ID:</para>
<programlisting>$ systemd-id128 -p new
As string:
c273277323db454ea63bb96e79b53e97
As UUID:
c2732773-23db-454e-a63b-b96e79b53e97
As man:sd-id128(3) macro:
#define MESSAGE_XYZ SD_ID128_MAKE(c2,73,27,73,23,db,45,4e,a6,3b,b9,6e,79,b5,3e,97)
...
</programlisting>
<para>Then use the new identifier in an example application:</para>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
man: move more examples to stand-alone files and use 2-space indentation consistenty Moving them out makes it easier to run them through a compiler, use automatic indentation, and opens the possibility to provide a download link in the future. I verified that all examples compile cleanly. (2-space indentation is used because the examples are already significantly indented in the man page, and we need to keep them narrow so that they display well on standard terminals.)
2018-07-27 06:24:45 +00:00
<programlisting><xi:include href="id128-app-specific.c" parse="text" /></programlisting>
sd-id128: add new sd_id128_get_machine_app_specific() API This adds an API for retrieving an app-specific machine ID to sd-id128. Internally it calculates HMAC-SHA256 with an 128bit app-specific ID as payload and the machine ID as key. (An alternative would have been to use siphash for this, which is also cryptographically strong. However, as it only generates 64bit hashes it's not an obvious choice for generating 128bit IDs.) Fixes: #4667
2016-11-17 16:07:46 +00:00
</example>
</refsect1>
man: add version information for functions
2023-09-04 12:46:35 +00:00
<refsect1>
<title>History</title>
man: condense version information for functions Use a more compact form like 'a, b, and c were added in version x'
2023-09-18 16:44:26 +00:00
<para><function>sd_id128_get_machine()</function> and
<function>sd_id128_get_boot()</function> were added in version 187.</para>
man: add version information for functions
2023-09-04 12:46:35 +00:00
<para><function>sd_id128_get_invocation()</function> was added in version 232.</para>
<para><function>sd_id128_get_machine_app_specific()</function> was added in version 233.</para>
<para><function>sd_id128_get_boot_app_specific()</function> was added in version 240.</para>
<para><function>sd_id128_get_app_specific()</function> was added in version 255.</para>
</refsect1>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
<refsect1>
<title>See Also</title>
man: use <simplelist> for 'See also' sections This is just a slight markup improvement; there should be no difference in rendering.
2023-12-22 18:09:32 +00:00
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-id128</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_id128_randomize</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry></member>
</simplelist></para>
Reindent man pages to 2ch
2015-02-04 02:14:13 +00:00
</refsect1>
man: Split sd_randomize(3) from sd_id128_get_{machine,boot}(3) They have too little to do with each other...
2012-07-13 20:55:52 +00:00
</refentry>
Reference in a new issue Copy permalink