[Pkg-utopia-maintainers] Bug#994096: /var/lib/dbus/machine-id breaks reproducible-builds
Trent W. Buck
trentbuck at gmail.com
Sat Sep 11 18:04:27 BST 2021
Package: dbus
Version: 1.12.20-2
Severity: important
I am building Debian Live images using mmdebstrap.
I noticed they were not reproducible.
I eventually narrowed it down to dbus:
bash5$ for i in 1 2; do SOURCE_DATE_EPOCH=1 mmdebstrap bullseye $i.squashfs --logfile=$i.log || echo DERP; done && cksum 1.squashfs 2.squashfs
2581161214 57483264 1.squashfs
2581161214 57483264 2.squashfs
bash5$ for i in 1 2; do SOURCE_DATE_EPOCH=1 mmdebstrap bullseye $i.squashfs --logfile=$i.log --include=dbus || echo DERP; done && cksum 1.squashfs 2.squashfs
1368751007 57929728 1.squashfs
2280740337 57929728 2.squashfs
bash5$ mmdebstrap --version
mmdebstrap 0.7.5
After some investigation, I discovered that inside the image (1.squashfs), /etc/machine-id is absent, but /var/lib/dbus/machine-id is present.
An unreleased version of mmdebstrap changes sets /etc/machine-id to "uninitialized".
https://gitlab.mister-muffin.de/josch/mmdebstrap/commit/3c37d692a0d0bbc829b0832ad20ff472c74a7a62
This did NOT fix the problem:
bash5$ git pull
Already up to date.
bash5$ git describe --always --tags
0.7.5-50-g7d472ca
bash5$ export PATH=$PWD:$PATH
bash5$ which mmdebstrap
/home/twb/Desktop/mmdebstrap/mmdebstrap
bash5$ for i in 1 2; do SOURCE_DATE_EPOCH=1 mmdebstrap bullseye /tmp/$i.squashfs --verbose --logfile=/tmp/$i.log --include=dbus || echo DERP; done && cksum /tmp/[12].squashfs
3289132048 57929728 /tmp/1.squashfs
449302736 57929728 /tmp/2.squashfs
bash5$ sudo mkdir /tmp/1 /tmp/2
bash5$ sudo mount /tmp/1.squashfs /tmp/1
bash5$ sudo mount /tmp/2.squashfs /tmp/2
bash5$ sudo mount -t tmpfs none /tmp/1/dev
bash5$ sudo mount -t tmpfs none /tmp/2/dev
bash5$ sudo GIT_PAGER= git diff --no-index /tmp/1 /tmp/2
diff --git a/tmp/1/var/lib/dbus/machine-id b/tmp/2/var/lib/dbus/machine-id
index 3edc593..ec187b7 100644
--- a/tmp/1/var/lib/dbus/machine-id
+++ b/tmp/2/var/lib/dbus/machine-id
@@ -1 +1 @@
-0b51d6ce222c427f9cf10a49e2db92a7
+e003fd9d3ca240d786eda2c574f7b791
bash5$ cat /tmp/1/etc/machine-id
uninitializedbash5$ cat /tmp/2/etc/machine-id
uninitializedbash5$ sudo umount /tmp/1/dev /tmp/2/dev /tmp/1 /tmp/2
I also had a guess trying to run "dbus-uuiden --ensure", but it did not help:
bash5$ mmdebstrap bullseye /tmp/1.squashfs --include=dbus --customize-hook='grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false'
I: automatically chosen mode: unshare
I: chroot architecture amd64 is equal to the host's architecture
I: automatically chosen format: squashfs
I: using /tmp/mmdebstrap.CxI5RYbsZJ as tempdir
W: tar2sqfs does not support extended attributes from the 'system' namespace
I: running apt-get update...
done
I: downloading packages with apt...
done
I: extracting archives...
done
I: installing essential packages...
done
I: installing remaining packages inside the chroot...
done
done
I: running --customize-hook in shell: sh -c 'grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false' exec /tmp/mmdebstrap.CxI5RYbsZJ
/tmp/mmdebstrap.CxI5RYbsZJ/etc/machine-id:cb3779e3f4e64aebab438a1dee355b59
/tmp/mmdebstrap.CxI5RYbsZJ/var/lib/dbus/machine-id:cb3779e3f4e64aebab438a1dee355b59
4112969 4 -r--r--r-- 1 root root 12 2021-09-12 02:39 /tmp/mmdebstrap.CxI5RYbsZJ/etc/machine-id
4117680 4 -rw-r--r-- 1 root root 33 2021-09-12 02:39 /tmp/mmdebstrap.CxI5RYbsZJ/var/lib/dbus/machine-id
/tmp/mmdebstrap.CxI5RYbsZJ/etc/machine-id:uninitalized
/tmp/mmdebstrap.CxI5RYbsZJ/var/lib/dbus/machine-id:cb3779e3f4e64aebab438a1dee355b59
E: run_chroot failed: E: command failed: grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false
W: listening on child socket failed:
reading tar header: short read
W: creating tarball failed: E: failed to run tar2sqfs --quiet --no-skip --force --exportable --compressor xz --block-size 1048576 /tmp/1.squashfs
I: removing tempdir /tmp/mmdebstrap.CxI5RYbsZJ...
bash5$ cat /etc/machine-id
029d2e3fb4ee4d5eaa67c315db3ba66d
Let's just check this issue affects sid (latest dbus in Debian)...
bash5$ mmdebstrap sid /tmp/1.squashfs --include=dbus --customize-hook='grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false'
I: automatically chosen mode: unshare
I: chroot architecture amd64 is equal to the host's architecture
I: automatically chosen format: squashfs
I: using /tmp/mmdebstrap.ZLY1AQ7Gjd as tempdir
W: tar2sqfs does not support extended attributes from the 'system' namespace
I: running apt-get update...
done
I: downloading packages with apt...
done
I: extracting archives...
done
I: installing essential packages...
done
I: installing remaining packages inside the chroot...
done
done
I: running --customize-hook in shell: sh -c 'grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false' exec /tmp/mmdebstrap.ZLY1AQ7Gjd
/tmp/mmdebstrap.ZLY1AQ7Gjd/etc/machine-id:9a85960cbe9a4be78f6359211a35cddb
/tmp/mmdebstrap.ZLY1AQ7Gjd/var/lib/dbus/machine-id:9a85960cbe9a4be78f6359211a35cddb
4128767 4 -r--r--r-- 1 root root 12 2021-09-12 02:44 /tmp/mmdebstrap.ZLY1AQ7Gjd/etc/machine-id
4133499 4 -rw-r--r-- 1 root root 33 2021-09-12 02:44 /tmp/mmdebstrap.ZLY1AQ7Gjd/var/lib/dbus/machine-id
/tmp/mmdebstrap.ZLY1AQ7Gjd/etc/machine-id:uninitalized
/tmp/mmdebstrap.ZLY1AQ7Gjd/var/lib/dbus/machine-id:9a85960cbe9a4be78f6359211a35cddb
E: run_chroot failed: E: command failed: grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; printf uninitalized >$1/etc/machine-id; printf uninitalized >$1/etc/machine-id $1/var/lib/dbus/machine-id; chroot $1 dbus-uuidgen --ensure; ls -lids $1/etc/machine-id $1/var/lib/dbus/machine-id; grep ^ $1/etc/machine-id $1/var/lib/dbus/machine-id; false
W: listening on child socket failed:
reading tar header: short read
W: creating tarball failed: E: failed to run tar2sqfs --quiet --no-skip --force --exportable --compressor xz --block-size 1048576 /tmp/1.squashfs
I: removing tempdir /tmp/mmdebstrap.ZLY1AQ7Gjd...
I am not sure how to fix this.
The references to machine-id in the dbus sources confused me.
It seems like sometimes it's a link, sometimes it's a symlink, sometimes it's a copy.
AFAICT there's no mention of dbus's machine-id supporting "uninitialized".
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (990, 'stable-security'), (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dbus is related to:
ii dbus-x11 1.12.20-2
ii systemd 247.3-6
ii systemd-sysv 247.3-6
More information about the Pkg-utopia-maintainers
mailing list