diff options
author | Thomas Haller <thaller@redhat.com> | 2020-09-02 13:19:11 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2020-09-02 15:12:53 +0200 |
commit | b1e7fb975758c2d1f6bbaed686dbe4339b78b700 (patch) | |
tree | 86cea8662399ead575b80a5b2db1a6d5e5df40e6 | |
parent | 40185042472163550054eb9f3011f92fc6464689 (diff) | |
download | NetworkManager-b1e7fb975758c2d1f6bbaed686dbe4339b78b700.tar.gz |
core: log message about secret-key version and filename
-rw-r--r-- | src/nm-core-utils.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index 674f5de135..1f976f2c30 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2467,10 +2467,17 @@ again: } if (nm_utils_host_id_get (&seed_bin, &seed_len)) { - /* we have no valid machine-id. Generate a fake one by hashing - * the secret-key. This key is commonly persisted, so it should be - * stable across reboots (despite having a broken system without - * proper machine-id). */ + /* We have no valid machine-id but we have a valid secrey_key. + * Generate a fake machine ID by hashing the secret-key. The secret_key + * is commonly persisted, so it should be stable across reboots (despite + * having a broken system without proper machine-id). + * + * Note that we access the host-id here, which is based on secret_key. + * Also not that the secret_key may be generated based on the machine-id, + * so we have to be careful that they don't depend on each other (and + * no infinite recursion happens. This is done correctly, because the secret-key + * will call _machine_id_get(FALSE), so it won't allow accessing a fake + * machine-id, thus avoiding the problem. */ fake_type = "secret-key"; hash_seed = "ab085f06-b629-46d1-a553-84eeba5683b6"; } else { @@ -2653,11 +2660,13 @@ _host_id_read (guint8 **out_host_id, secret_arr = _host_id_hash_v2 (file_content.bin, file_content.len, sha256_digest); secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256; success = TRUE; + nm_log_dbg (LOGD_CORE, "secret-key: v2 secret key loaded from \"%s\" (%zu bytes)", SECRET_KEY_FILE, file_content.len); goto out; } else if (file_content.len >= 16) { secret_arr = file_content.bin; secret_len = file_content.len; success = TRUE; + nm_log_dbg (LOGD_CORE, "secret-key: v1 secret key loaded from \"%s\" (%zu bytes)", SECRET_KEY_FILE, file_content.len); goto out; } else { /* the secret key is borked. Log a warning, but proceed below to generate @@ -2713,7 +2722,7 @@ _host_id_read (guint8 **out_host_id, g_clear_error (&error); success = FALSE; } else - nm_log_dbg (LOGD_CORE, "secret-key: persist new secret key to \"%s\"", SECRET_KEY_FILE); + nm_log_dbg (LOGD_CORE, "secret-key: persist new v2 secret key to \"%s\" (%zu bytes)", SECRET_KEY_FILE, len); nm_explicit_bzero (rnd_buf, sizeof (rnd_buf)); nm_explicit_bzero (new_content, sizeof (new_content)); |