init/machine-info.conf - chromiumos/platform/login_manager - Git at Google

 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Extract Chrome OS machine info for Enterprise enrollment"
 author        "chromium-os-dev@chromium.org"

 # /tmp/machine-info contains the serial number and other information that may
 # identify the device. This information is required by OOBE and enterprise
 # enrollment, but we don't want it around otherwise for privacy reasons. Thus,
 # we generate as long as /home/.shadow/install_attributes.pb is not present.
 # That file is created by cryptohome once the device has been
 # enterprise-enrolled or been claimed by a local user.
 #
 # Old versions of Chromium OS (11 and earlier) didn't have the code generating
 # install_attributes.pb in cryptohome when claiming the device, so the check
 # would fail for users upgrading from devices that have been setup originally
 # on these versions. Our best-effort attmept at catching this is to also check
 # for /var/lib/whitelist/owner.key. Note that this may not work perfectly once
 # we have support for transitioning ownership.

 # This starts every time the UI (re)starts in order to restore
 # /tmp/machine-info if needed.
 start on starting ui

 # Remove /tmp/machine-info when a user logs in, in which case session_manager
 # emits the start-user-session signal. Also stop when the ui terminates so
 # restarts of the ui job trigger a full stop/start cycle.
 stop on start-user-session or stopping ui

 env MACHINE_INFO=/tmp/machine-info

 # This is a pre-start so that this task will run before the "start" stanza
 # of the ui job.
 pre-start script
   if [ -e /var/lib/enterprise_serial_number_recovery -o \
        ! -e /var/lib/whitelist/owner.key ]; then
     touch $MACHINE_INFO
     chmod 0644 $MACHINE_INFO
     if crossystem "mainfw_type?nonchrome"; then
       echo "serial_number=\"nonchrome-$(date -u +%s)\""
     else
       # Dump full information in the VPD, including the serial number.
       dump_vpd_log --full --stdout
     fi >> $MACHINE_INFO

     # Dump the disk serial number. It is used to generate non-predictable
     # opaque machine identifiers by running it through a cryptographic hash
     # function along with other stable machine information and a time stamp.
     # The disk serial number is chosen here because it provides some entropy
     # only known to the device. Device serial numbers, MAC addresses etc. are
     # public identifiers potentially known to the environment and/or servers.
     # Solely relying on public identifiers for opaque identifier derivation
     # would increase the chances of external parties being able to forge valid
     # opaque identifiers and defeat non-predictability.
     udevadm info --query=property --name=$(rootdev -d) |\
         awk -F = '/^ID_SERIAL=/ { print "root_disk_serial_number=" $2 }' \
         >> $MACHINE_INFO
   fi
 end script

 post-stop exec rm -f $MACHINE_INFO
	# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Extract Chrome OS machine info for Enterprise enrollment"
	author "chromium-os-dev@chromium.org"

	# /tmp/machine-info contains the serial number and other information that may
	# identify the device. This information is required by OOBE and enterprise
	# enrollment, but we don't want it around otherwise for privacy reasons. Thus,
	# we generate as long as /home/.shadow/install_attributes.pb is not present.
	# That file is created by cryptohome once the device has been
	# enterprise-enrolled or been claimed by a local user.
	#
	# Old versions of Chromium OS (11 and earlier) didn't have the code generating
	# install_attributes.pb in cryptohome when claiming the device, so the check
	# would fail for users upgrading from devices that have been setup originally
	# on these versions. Our best-effort attmept at catching this is to also check
	# for /var/lib/whitelist/owner.key. Note that this may not work perfectly once
	# we have support for transitioning ownership.

	# This starts every time the UI (re)starts in order to restore
	# /tmp/machine-info if needed.
	start on starting ui

	# Remove /tmp/machine-info when a user logs in, in which case session_manager
	# emits the start-user-session signal. Also stop when the ui terminates so
	# restarts of the ui job trigger a full stop/start cycle.
	stop on start-user-session or stopping ui

	env MACHINE_INFO=/tmp/machine-info

	# This is a pre-start so that this task will run before the "start" stanza
	# of the ui job.
	pre-start script
	if [ -e /var/lib/enterprise_serial_number_recovery -o \
	! -e /var/lib/whitelist/owner.key ]; then
	touch $MACHINE_INFO
	chmod 0644 $MACHINE_INFO
	if crossystem "mainfw_type?nonchrome"; then
	echo "serial_number=\"nonchrome-$(date -u +%s)\""
	else
	# Dump full information in the VPD, including the serial number.
	dump_vpd_log --full --stdout
	fi >> $MACHINE_INFO

	# Dump the disk serial number. It is used to generate non-predictable
	# opaque machine identifiers by running it through a cryptographic hash
	# function along with other stable machine information and a time stamp.
	# The disk serial number is chosen here because it provides some entropy
	# only known to the device. Device serial numbers, MAC addresses etc. are
	# public identifiers potentially known to the environment and/or servers.
	# Solely relying on public identifiers for opaque identifier derivation
	# would increase the chances of external parties being able to forge valid
	# opaque identifiers and defeat non-predictability.
	udevadm info --query=property --name=$(rootdev -d) \|\
	awk -F = '/^ID_SERIAL=/ { print "root_disk_serial_number=" $2 }' \
	>> $MACHINE_INFO
	fi
	end script

	post-stop exec rm -f $MACHINE_INFO