From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox 1/6] systemd: add support for machine-id generation
Date: Fri, 10 Apr 2026 12:02:18 +0200 [thread overview]
Message-ID: <20260410100326.3199377-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20260410100326.3199377-1-f.gruenbichler@proxmox.com>
the plain machine-id should not be leaked to external systems, but libsystemd
provides helpers for deriving application-id based identifiers that are useful
for identifying a machine externally.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
to be used in the next patch by proxmox-subscription
proxmox-systemd/src/lib.rs | 2 +
proxmox-systemd/src/sd_id128.rs | 70 +++++++++++++++++++++++++++++++++
proxmox-systemd/src/sys.rs | 6 +++
3 files changed, 78 insertions(+)
create mode 100644 proxmox-systemd/src/sd_id128.rs
diff --git a/proxmox-systemd/src/lib.rs b/proxmox-systemd/src/lib.rs
index 456d88c3..f79c204c 100644
--- a/proxmox-systemd/src/lib.rs
+++ b/proxmox-systemd/src/lib.rs
@@ -7,3 +7,5 @@ pub use escape::{escape_unit, unescape_unit, unescape_unit_path, UnescapeError};
pub mod journal;
pub mod notify;
+
+pub mod sd_id128;
diff --git a/proxmox-systemd/src/sd_id128.rs b/proxmox-systemd/src/sd_id128.rs
new file mode 100644
index 00000000..a98a6663
--- /dev/null
+++ b/proxmox-systemd/src/sd_id128.rs
@@ -0,0 +1,70 @@
+use std::fmt;
+
+use crate::sys::{self, sd_id128_t};
+
+#[derive(Debug, PartialEq, Eq)]
+pub enum SystemdId128Error {
+ InvalidAppId,
+ GenerationError,
+}
+
+impl std::error::Error for SystemdId128Error {
+ fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+ None
+ }
+}
+
+impl fmt::Display for SystemdId128Error {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ match self {
+ SystemdId128Error::InvalidAppId => f.write_str("Provided application ID is invalid."),
+ SystemdId128Error::GenerationError => {
+ f.write_str("Failed to generate machine-id based on application ID.")
+ }
+ }
+ }
+}
+
+pub fn get_app_specific_id(app_id: [u8; 16]) -> Result<[u8; 16], SystemdId128Error> {
+ let mut res = sd_id128_t { bytes: [0; 16] };
+
+ if app_id.iter().all(|b| *b == 0) {
+ return Err(SystemdId128Error::InvalidAppId);
+ }
+ unsafe {
+ sys::sd_id128_get_machine_app_specific(sd_id128_t { bytes: app_id }, &mut res);
+ }
+ if res.bytes.iter().all(|b| *b == 0) {
+ return Err(SystemdId128Error::GenerationError);
+ }
+ Ok(res.bytes)
+}
+
+#[test]
+fn test_invalid_app_id() {
+ let invalid = [0; 16];
+ let res = get_app_specific_id(invalid);
+ assert!(res.is_err());
+ assert_eq!(res, Err(SystemdId128Error::InvalidAppId));
+}
+
+#[test]
+fn test_valid_app_id() {
+ // no machine-id, no app-specific ID either..
+ if !std::path::Path::new("/etc/machine-id").exists() {
+ return;
+ }
+
+ // UUID generated with `systemd-id128 new` and converted from hex
+ let valid = 950247666410175165299169499632875718_u128.to_le_bytes();
+
+ let res = get_app_specific_id(valid);
+ assert!(res.is_ok());
+
+ let res2 = get_app_specific_id(valid);
+ assert!(res2.is_ok());
+
+ // cannot verify the expected result, since that depends on the machine the test runs on
+ // we can verify that two generations using the same machine and app-id give identical results
+ assert_eq!(res, res2);
+}
diff --git a/proxmox-systemd/src/sys.rs b/proxmox-systemd/src/sys.rs
index eabd44d1..ea2b6061 100644
--- a/proxmox-systemd/src/sys.rs
+++ b/proxmox-systemd/src/sys.rs
@@ -4,6 +4,11 @@ use std::os::fd::RawFd;
pub const LISTEN_FDS_START: RawFd = 3;
+#[repr(C)]
+pub struct sd_id128_t {
+ pub bytes: [u8; 16],
+}
+
#[link(name = "systemd")]
unsafe extern "C" {
pub fn sd_journal_stream_fd(
@@ -24,6 +29,7 @@ unsafe extern "C" {
unset_environment: c_int,
names: *mut *mut *mut c_char,
) -> c_int;
+ pub fn sd_id128_get_machine_app_specific(app_id: sd_id128_t, ret: *mut sd_id128_t) -> c_int;
}
pub fn check_call(ret: c_int) -> Result<c_int, io::Error> {
--
2.47.3
next prev parent reply other threads:[~2026-04-10 10:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 10:02 [RFC manager/proxmox{,-backup,-perl-rs} 0/6] adapt subscription handling to alternative server IDs Fabian Grünbichler
2026-04-10 10:02 ` Fabian Grünbichler [this message]
2026-04-10 10:02 ` [RFC proxmox 2/6] proxmox-subscription: add new machine-id based serverid Fabian Grünbichler
2026-04-10 10:02 ` [RFC proxmox-backup 3/6] subscription: adapt to multiple server ID variants Fabian Grünbichler
2026-04-10 10:02 ` [RFC proxmox-perl-rs 4/6] common: subscription: expose server ID candidates Fabian Grünbichler
2026-04-10 10:02 ` [RFC manager 5/6] subscription: adapt to multiple server ID variants Fabian Grünbichler
2026-04-10 10:02 ` [RFC manager 6/6] api2tools: remove unused get_hwaddress Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260410100326.3199377-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.