Hi there!
On Sat, 02 Aug 2014 14:35:33 +0100, Simon McVittie wrote:
> On 02/08/14 08:03, Charles Plessy wrote:
> > A straightforward way is exemplified by the case of SSH, where the server keys
> > are regenerated if they are absent. It then only takes to delete the keys when
> > preparing images to avoid the problem of duplicated IDs or privacy leaks.
>
> D-Bus (/var/lib/dbus/machine-id) also regenerates its machine ID during
> boot if required, although systemd (/etc/machine-id)
Thank you, I was not aware of the two aboves (even if only the first one
matters in a default wheezy).
BTW, /me wonders why two different files...
> Perhaps it would be good to define a "reset-machine-state" dpkg trigger
> or something; then tools like live-build could trigger it, and dbus
> could take responsibility for deleting /var/lib/dbus/machine-id when it
> is triggered? live-build etc. would have to keep their current hooks for
> now.
Is there a list of such files somewhere? The current configure-host.sh
we use ATM after Clonezilla via debconf-set-selections (be aware of [1])
and dpkg-reconfigure deals with the following:
[AFAIK not managed by any debconf setting]
- /etc/hostname
- /etc/hosts
[debconf:
postfix postfix/mailname string HOSTNAME.DOMAIN
postfix postfix/destinations string HOSTNAME.DOMAIN, localhost.DOMAIN, localhost]
- /etc/mailname
- /etc/postfix/main.cf
[AFAIK not managed by any debconf setting]
- /etc/ssh/ssh_host_*_key
- /etc/ssh/ssh_host_*_key.pub
[debconf:
ssl-cert make-ssl-cert/hostname string HOSTNAME]
- /etc/ssl/certs/ssl-cert-snakeoil.pem
- /etc/ssl/private/ssl-cert-snakeoil.key
Obviously, I have now added the D-Bus machine-id as well.
As Lucas wrote for Kadeploy, the above should be done by Clonezilla
itself, which is not ATM. Another Clonezilla problem is that it deals
with installing GRUB in the destination disk, but not with setting the
debconf installation device (which is currently missing in our script as
well, simply assuming /dev/sda is not always true).
Thx, bye,
Gismo / Luca
[1] debconf preseeding is useless, as explained in:
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568577#35>
Attachment:
signature.asc
Description: Digital signature