Note that the casper script in question is also buggy if the user is booting with persistence enabled, as the ssl certificate will be regenerated on every boot.
In contrast, /etc/machine-id is an empty file in all of our live images (.... but I can't figure out HOW because I see no code for this in livecd-rootfs!), so a first-boot systemd unit would run each time a live image is booted without persistence, but if using persistence /etc/machine-id would be populated in the persistence layer the first time and the ssl cert would not subsequently be regenerated.
Also, as a side effect, fixing this properly will cause the desktop live images to boot a smidge faster because they're not running an entropy-dependent single-threaded operation in the initramfs and can instead run it a little bit more parallelized from the rootfs (or maybe it will be faster because there's more entropy available at that point)
Note that the casper script in question is also buggy if the user is booting with persistence enabled, as the ssl certificate will be regenerated on every boot.
In contrast, /etc/machine-id is an empty file in all of our live images (.... but I can't figure out HOW because I see no code for this in livecd-rootfs!), so a first-boot systemd unit would run each time a live image is booted without persistence, but if using persistence /etc/machine-id would be populated in the persistence layer the first time and the ssl cert would not subsequently be regenerated.
Also, as a side effect, fixing this properly will cause the desktop live images to boot a smidge faster because they're not running an entropy-dependent single-threaded operation in the initramfs and can instead run it a little bit more parallelized from the rootfs (or maybe it will be faster because there's more entropy available at that point)