From 09edabe96ac664c9da856549b261715437d0739d Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Tue, 16 Jul 2024 16:53:08 +0100
Subject: [PATCH] id128: add 'var-partition-uuid' verb

As per DPS the UUID for /var/ should be keyed by the local machine-id,
which is non-trivial to do in a script. Enhance 'systemd-id128' to
take 'var-partition-uuid' as a verb, and if so perform the
calculation.
---
 man/systemd-gpt-auto-generator.xml    |  7 ++++++-
 man/systemd-id128.xml                 | 12 +++++++++++
 shell-completion/bash/systemd-id128   |  2 +-
 src/id128/id128.c                     | 30 +++++++++++++++++++++------
 test/units/TEST-74-AUX-UTILS.id128.sh |  2 ++
 5 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml
index 0893b3f4e82..07587f289b1 100644
--- a/man/systemd-gpt-auto-generator.xml
+++ b/man/systemd-gpt-auto-generator.xml
@@ -129,7 +129,12 @@
             <entry><constant>4d21b016-b534-45c2-a9fb-5c16e091fd2d</constant></entry>
             <entry>Variable Data Partition</entry>
             <entry><filename>/var/</filename></entry>
-            <entry>The first partition with this type UUID on the same disk as the root partition is mounted to <filename>/var/</filename> — under the condition its partition UUID matches the first 128 bit of the HMAC-SHA256 of the GPT type uuid of this partition keyed by the machine ID of the installation stored in <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry>
+            <entry>The first partition with this type UUID on the same disk as the root partition is mounted
+            to <filename>/var/</filename> — under the condition its partition UUID matches the first 128 bit
+            of the HMAC-SHA256 of the GPT type uuid of this partition keyed by the machine ID of the
+            installation stored in
+            <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+            This can be generated using <citerefentry><refentrytitle>systemd-id128</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</entry>
           </row>
           <row>
             <entry><constant>SD_GPT_TMP</constant></entry>
diff --git a/man/systemd-id128.xml b/man/systemd-id128.xml
index e23532d65d8..126facf7e96 100644
--- a/man/systemd-id128.xml
+++ b/man/systemd-id128.xml
@@ -45,6 +45,12 @@
       <arg choice="plain">invocation-id</arg>
     </cmdsynopsis>
 
+    <cmdsynopsis>
+      <command>systemd-id128</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
+      <arg choice="plain">var-partition-uuid</arg>
+    </cmdsynopsis>
+
     <cmdsynopsis>
       <command>systemd-id128</command>
       <arg choice="opt" rep="repeat">OPTIONS</arg>
@@ -88,6 +94,12 @@
     <citerefentry><refentrytitle>sd_id128_get_machine</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     for the discussion when this is useful. Support for <command>show --app-specific=</command> was added in
     version 255.</para>
+
+    <para><command>var-partition-uuid</command> prints a UUID which, following the <ulink
+    url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable
+    Partitions Specification</ulink>, should be used as the GPT partition UUID for
+    <filename>/var/</filename>, being derived from the GPT partition type, keyed by the local
+    <filename>/etc/machine-id</filename>. Added in version 257.</para>
   </refsect1>
 
   <refsect1>
diff --git a/shell-completion/bash/systemd-id128 b/shell-completion/bash/systemd-id128
index 54d4ec8f7a5..a072770438f 100644
--- a/shell-completion/bash/systemd-id128
+++ b/shell-completion/bash/systemd-id128
@@ -34,7 +34,7 @@ _systemd_id128() {
     )
 
     local -A VERBS=(
-        [STANDALONE]='new machine-id boot-id invocation-id help'
+        [STANDALONE]='new machine-id boot-id invocation-id var-partition-uuid help'
         [ARG]='show'
     )
 
diff --git a/src/id128/id128.c b/src/id128/id128.c
index 6d62538da95..ed444c8022e 100644
--- a/src/id128/id128.c
+++ b/src/id128/id128.c
@@ -71,6 +71,22 @@ static int verb_invocation_id(int argc, char **argv, void *userdata) {
         return id128_pretty_print(id, arg_mode);
 }
 
+static int verb_var_uuid(int argc, char **argv, void *userdata) {
+        sd_id128_t id;
+        int r;
+
+        if (!sd_id128_is_null(arg_app))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Verb \"var-partition-uuid\" cannot be combined with --app-specific=.");
+
+        /* The DPS says that the UUID for /var/ should be keyed with machine-id. */
+        r = sd_id128_get_machine_app_specific(SD_GPT_VAR, &id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate machine-specific /var/ UUID: %m");
+
+        return id128_pretty_print(id, arg_mode);
+}
+
 static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first) {
         int r;
 
@@ -180,6 +196,7 @@ static int help(void) {
                "  machine-id              Print the ID of current machine\n"
                "  boot-id                 Print the ID of current boot\n"
                "  invocation-id           Print the ID of current invocation\n"
+               "  var-partition-uuid      Print the UUID for the /var/ partition\n"
                "  show [NAME|UUID]        Print one or more UUIDs\n"
                "  help                    Show this help\n"
                "\nOptions:\n"
@@ -295,12 +312,13 @@ static int parse_argv(int argc, char *argv[]) {
 
 static int id128_main(int argc, char *argv[]) {
         static const Verb verbs[] = {
-                { "new",            VERB_ANY, 1,        0,  verb_new           },
-                { "machine-id",     VERB_ANY, 1,        0,  verb_machine_id    },
-                { "boot-id",        VERB_ANY, 1,        0,  verb_boot_id       },
-                { "invocation-id",  VERB_ANY, 1,        0,  verb_invocation_id },
-                { "show",           VERB_ANY, VERB_ANY, 0,  verb_show          },
-                { "help",           VERB_ANY, VERB_ANY, 0,  verb_help          },
+                { "new",                VERB_ANY, 1,        0,  verb_new           },
+                { "machine-id",         VERB_ANY, 1,        0,  verb_machine_id    },
+                { "boot-id",            VERB_ANY, 1,        0,  verb_boot_id       },
+                { "invocation-id",      VERB_ANY, 1,        0,  verb_invocation_id },
+                { "var-partition-uuid", VERB_ANY, 1,        0,  verb_var_uuid      },
+                { "show",               VERB_ANY, VERB_ANY, 0,  verb_show          },
+                { "help",               VERB_ANY, VERB_ANY, 0,  verb_help          },
                 {}
         };
 
diff --git a/test/units/TEST-74-AUX-UTILS.id128.sh b/test/units/TEST-74-AUX-UTILS.id128.sh
index f91cd5f78d6..b9db1f14542 100755
--- a/test/units/TEST-74-AUX-UTILS.id128.sh
+++ b/test/units/TEST-74-AUX-UTILS.id128.sh
@@ -28,6 +28,8 @@ systemd-id128 show --json=short
 systemd-id128 show --no-legend
 systemd-id128 show --no-pager --no-legend
 systemd-id128 show root -P -u
+[[ -n "$(systemd-id128 var-partition-uuid)" ]]
+[[ "$(systemd-id128 var-partition-uuid)" != "4d21b016b53445c2a9fb5c16e091fd2d" ]]
 
 [[ "$(systemd-id128 new | wc -c)" -eq 33 ]]
 systemd-id128 new -p