machined: Don't insist on 0:0 for the state directory

We now support running machined unprivileged, so don't pass in 0:0
as the uid/gid unconditionally but just use the UID/GID we're running
as.

src/machine/machine.c

@@ -176,7 +176,7 @@ int machine_save(Machine *m) {
                         return log_oom();
         }
 
-        r = mkdir_safe_label(m->manager->state_dir, 0755, 0, 0, MKDIR_WARN_MODE);
+        r = mkdir_safe_label(m->manager->state_dir, 0755, UID_INVALID, GID_INVALID, MKDIR_WARN_MODE);
         if (r < 0)
                 return log_error_errno(r, "Failed to create '%s': %m", m->manager->state_dir);
 

src/shared/mkfs-util.c

@@ -421,12 +421,19 @@ int make_filesystem(
 
         /* When changing this conditional, also adjust the log statement below. */
         if (STR_IN_SET(fstype, "ext2", "ext3", "ext4")) {
+                const char *ext_e_opts;
+
+                /* Set hash_seed to the same value as the filesystem UUID for reproducibility */
+                ext_e_opts = strjoina(FLAGS_SET(flags, MKFS_DISCARD) ? "discard" : "nodiscard",
+                                      ",lazy_itable_init=1,hash_seed=",
+                                      vol_id);
+
                 argv = strv_new(mkfs,
                                 "-L", label,
                                 "-U", vol_id,
                                 "-I", "256",
                                 "-m", "0",
-                                "-E", FLAGS_SET(flags, MKFS_DISCARD) ? "discard,lazy_itable_init=1" : "nodiscard,lazy_itable_init=1",
+                                "-E", ext_e_opts,
                                 "-b", "4096",
                                 "-T", "default");
                 if (!argv)

test/units/TEST-58-REPART.sh

@@ -1899,6 +1899,46 @@ testcase_luks2_integrity() {
     _test_luks2_integrity "hmac-sha512"
 }
 
+testcase_ext_reproducibility() {
+    local defs imgs
+
+    # Online mode mounts the filesystem which updates inode timestamps non-deterministically
+    if [[ "$OFFLINE" != "yes" ]]; then
+        echo "Skipping ext reproducibility test in online mode."
+        return 0
+    fi
+
+    defs="$(mktemp --directory "/tmp/test-repart.defs.XXXXXXXXXX")"
+    imgs="$(mktemp --directory "/var/tmp/test-repart.imgs.XXXXXXXXXX")"
+    # shellcheck disable=SC2064
+    trap "rm -rf '$defs' '$imgs'" RETURN
+
+    tee "$defs/root.conf" <<EOF
+[Partition]
+Type=root
+Format=ext4
+EOF
+
+    # Build the image twice with the same seed and verify they are identical
+    systemd-repart --offline="$OFFLINE" \
+                   --definitions="$defs" \
+                   --empty=create \
+                   --size=50M \
+                   --seed="$seed" \
+                   --dry-run=no \
+                   "$imgs/test1.img"
+
+    systemd-repart --offline="$OFFLINE" \
+                   --definitions="$defs" \
+                   --empty=create \
+                   --size=50M \
+                   --seed="$seed" \
+                   --dry-run=no \
+                   "$imgs/test2.img"
+
+    cmp "$imgs/test1.img" "$imgs/test2.img"
+}
+
 OFFLINE="yes"
 run_testcases