Fix hardware UUID caching #8616
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zwass
reviewed
Jun 3, 2025
2df7187 to
77449ae
Compare
getvictor
previously approved these changes
Jun 6, 2025
Contributor
getvictor
left a comment
There was a problem hiding this comment.
Approving, with comments.
osquery/core/system.cpp
Outdated
|
|
||
| if (!checked_hardware_uuid) { | ||
| // Attempt to get the hardware UUID from the system. | ||
| std::string hardware_uuid = osquery::generateHostUUID(); |
Contributor
There was a problem hiding this comment.
Nit. The function names make the code hard to read/maintain. The generateHostUUID function actually tries to get the UUID from hardware, and does not generate. While this function either gets from hardware, gets from DB, or generates. It would be nice to have better names.
Contributor
Author
There was a problem hiding this comment.
I'm ok updating this, it's only called from one spot.
77449ae to
835552b
Compare
835552b to
babae5c
Compare
sgress454
commented
Jun 10, 2025
Contributor
Author
sgress454
left a comment
There was a problem hiding this comment.
@getvictor updated generateHostUUID to getHardwareUUID as suggested, and addressed other comment.
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For #7509
For fleetdm/fleet#28535
Details
This PR updates the logic for generating, storing and returning host identifiers when
--host-identifier=uuidis used. Previously, once a UUID was determined (either by getting a valid hardware UUID from the device, or failing that, creating a random UUID) it was stored in the local db and returned henceforth on every call togetHostUUID(). With this update, the logic becomes:getHostUUID()is called.This handles the most pertinent cases of 1) moving an osquery db between two hosts with different hardware UUIDs and 2) the hardware UUID of a host changing (e.g. due to a motherboard being swapped out). It also maintains the behavior of randomly-generated UUIDs persisting across osquery restarts (provided that no hardware UUID is found) so that VMs using
--host-identifier=uuidget a consistent UUID.The behavior when moving from a system with a hardware UUID to a system without one (or moving between two VMs) may still be considered sub-optimal, but those use-cases don't seem as problematic and I'm not sure what a good solve would be.
Testing
I tested this manually with:
and manipulating the db using
ldb. I also simulated VM usage by temporarily adding my laptop's UUID to the "placeholders" list.I'd love to add a unit test for the new logic but the only way I can think to do that would be to change
getHostUUIDto use dependency-injection so I could mockgenerateNewUUID(),getDatabaseValue()andsetDatabaseValue(). I haven't seen that pattern elsewhere in osquery though.