shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-06 13:17:44 +03:00
Code
13c02e7bd5
systemd-stable/shell-completion/bash/systemd-analyze

176 lines
5.9 KiB
Plaintext
Raw Normal View History

add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
# systemd-analyze(1) completion -*- shell-script -*-
license: LGPL-2.1+ -> LGPL-2.1-or-later
2020-11-09 07:23:58 +03:00
# SPDX-License-Identifier: LGPL-2.1-or-later
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
#
# This file is part of systemd.
#
tree-wide: beautify remaining copyright statements Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
2018-06-12 20:00:24 +03:00
# Copyright © 2010 Ran Benita
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# systemd is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
__contains_word () {
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
local w word=$1; shift
for w in "$@"; do
[[ $w = "$word" ]] && return
done
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
}
update bash completion for systemd-analyze
2014-03-04 01:01:42 +04:00
__get_machines() {
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
local a b
bash-completion: do not ellipsize machine name
2020-01-10 06:29:02 +03:00
machinectl list --full --no-legend --no-pager | { while read a b; do echo " $a"; done; };
update bash completion for systemd-analyze
2014-03-04 01:01:42 +04:00
}
bash-completion: analyze: support 'security'
2018-12-06 20:51:56 +03:00
__get_services() {
systemctl: hide first column with --plain instead of --no-legend Hiding the first column, which may contain bullet circles, with --no-legend is undocumented and potentially unexpected. On the other hand, not printing bullet circles with --plain is documented so hiding the column with that switch is sensible. The combination "--full --no-legend --no-pager --plain" is appropriate for automated processing of systemctl output.
2020-04-17 12:40:03 +03:00
systemctl list-units --no-legend --no-pager --plain -t service --all $1 | \
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
{ while read -r a b c; do [[ $b == "loaded" ]]; echo " $a"; done }
bash-completion: analyze: support 'security'
2018-12-06 20:51:56 +03:00
}
bash-completion: analyze: complete system call sets
2018-09-30 23:27:27 +03:00
__get_syscall_sets() {
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
local line
systemd-analyze syscall-filter --no-pager | while IFS= read -r line; do
if [[ $line == @* ]]; then
printf '%s\n' "$line"
fi
done
bash-completion: analyze: complete system call sets
2018-09-30 23:27:27 +03:00
}
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
_systemd_analyze() {
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
local i verb comps mode
bash-completion: localize words and cword variables The words and cword variables are not localized in all Bash completion scripts that call _init_completion. cur, prev, words, and cword (and split if using the -s flag) are all variables that should be localized in Bash completion scripts before calling _init_completion (even if they don't otherwise appear in the calling script). This is done for cur and prev, but not for words and cword. Letting words and cword remain unlocalized may clobber variables the user is using for other purposes, which is bad. This issue can be resolved by declaring words and cword as local variables. Resolves #19188.
2021-04-03 06:33:59 +03:00
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
update bash completion for systemd-analyze
2014-03-04 01:01:42 +04:00
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
local -A OPTS=(
[STANDALONE]='-h --help --version --system --user --global --order --require --no-pager
analyze: add --quiet option This is useful for shell completion, but also for users who don't care about the extra output.
2021-11-16 14:19:42 +03:00
--man=no --generators=yes --quiet'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
[ARG]='-H --host -M --machine --fuzz --from-pattern --to-pattern --root'
)
local -A VERBS=(
mkosi: Add zsh to Arch packages Useful for testing zsh completion changes.
2021-08-23 18:44:58 +03:00
[STANDALONE]='time blame plot dump unit-paths exit-status calendar timestamp timespan'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
[CRITICAL_CHAIN]='critical-chain'
[DOT]='dot'
[VERIFY]='verify'
[SECCOMP_FILTER]='syscall-filter'
[CAT_CONFIG]='cat-config'
[SECURITY]='security'
mkosi: Add zsh to Arch packages Useful for testing zsh completion changes.
2021-08-23 18:44:58 +03:00
[CONDITION]='condition'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
)
local CONFIGS='systemd/bootchart.conf systemd/coredump.conf systemd/journald.conf
bash-completion: analyze: support cat-config verb Follow-up for 854a42fb2e9db1b9eaa381559d7671f2e9b3a0f1.
2018-05-10 22:11:56 +03:00
systemd/journal-remote.conf systemd/journal-upload.conf systemd/logind.conf
systemd/resolved.conf systemd/networkd.conf systemd/resolved.conf
systemd/sleep.conf systemd/system.conf systemd/timedated.conf
systemd/timesyncd.conf systemd/user.conf udev/udev.conf'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
_init_completion || return
for ((i=0; i < COMP_CWORD; i++)); do
if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
verb=${COMP_WORDS[i]}
break
update bash completion for systemd-analyze
2014-03-04 01:01:42 +04:00
fi
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
done
if __contains_word "$prev" ${OPTS[ARG]}; then
case $prev in
--host|-H)
comps=$(compgen -A hostname)
;;
--machine|-M)
comps=$( __get_machines )
;;
esac
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
fi
completion: fix 'unbound variables' errors Fixes https://github.com/systemd/systemd/issues/19987
2021-06-22 16:56:19 +03:00
if [[ -z ${verb-} && $cur = -* ]]; then
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
return 0
fi
completion: fix 'unbound variables' errors Fixes https://github.com/systemd/systemd/issues/19987
2021-06-22 16:56:19 +03:00
if [[ -z ${verb-} ]]; then
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
comps=${VERBS[*]}
update bash completion for systemd-analyze
2014-03-04 01:01:42 +04:00
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
if [[ $cur = -* ]]; then
comps='--help --version --system --user --global --no-pager'
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
fi
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
elif __contains_word "$verb" ${VERBS[CRITICAL_CHAIN]}; then
if [[ $cur = -* ]]; then
comps='--help --version --system --user --fuzz --no-pager'
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
fi
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
elif __contains_word "$verb" ${VERBS[DOT]}; then
if [[ $cur = -* ]]; then
comps='--help --version --system --user --global --from-pattern --to-pattern --order --require'
fi
elif __contains_word "$verb" ${VERBS[SECCOMP_FILTER]}; then
if [[ $cur = -* ]]; then
comps='--help --version --no-pager'
else
comps=$( __get_syscall_sets )
fi
elif __contains_word "$verb" ${VERBS[VERIFY]}; then
if [[ $cur = -* ]]; then
systemd-analyze: option to exit with an error when 'verify' fails The commit introduces a callback invoked from log_syntax_internal. Use it from systemd-analyze to gather a list of units that contain syntax warnings. A new command line option is added to make use of this. The new option --recursive-errors takes in three possible modes: 1. yes - which is the default. systemd-analyze exits with an error when syntax warnings arise during verification of the specified units or any of their dependencies. 3. no - systemd-analyze exits with an error when syntax warnings arise during verification of only the selected unit. Analyzing and loading any dependencies will be skipped. 4. one - systemd-analyze exits with an error when syntax warnings arise during verification of only the selected units and their direct dependencies. Below are two service unit files that I created for the purposes of testing: 1. First, we run the commands on a unit that does not have dependencies but has a non-existing key-value setting (i.e. foo = bar). > cat <<EOF>testcase.service [Unit] foo = bar [Service] ExecStart = echo hello EOF OUTPUT: maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify testcase.service /home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring. /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=yes testcase.service /home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring. /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=no testcase.service /home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=one testcase.service /home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring. /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 2. Next, we run the commands on a unit that is syntactically valid but has a non-existing dependency (i.e. foo2.service) > cat <<EOF>foobar.service [Unit] Requires = foo2.service [Service] ExecStart = echo hello EOF OUTPUT: maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify foobar.service /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. foobar.service: Failed to create foobar.service/start: Unit foo2.service not found. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=yes foobar.service /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. foobar.service: Failed to create foobar.service/start: Unit foo2.service not found. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=no foobar.service maanya-goenka@debian:~/systemd (log-error)$ echo $? 0 maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=one foobar.service /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. foobar.service: Failed to create foobar.service/start: Unit foo2.service not found. maanya-goenka@debian:~/systemd (log-error)$ echo $? 1
2021-07-26 23:02:17 +03:00
comps='--help --version --system --user --global --man=no --generators=yes --root --image --recursive-errors=no --recursive-errors=yes --recursive-errors=one'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
else
comps=$( compgen -A file -- "$cur" )
compopt -o filenames
fi
elif __contains_word "$verb" ${VERBS[CAT_CONFIG]}; then
if [[ $cur = -* ]]; then
comps='--help --version --root --no-pager'
elif [[ -z $cur ]]; then
comps="$CONFIGS"
compopt -o filenames
else
comps="$CONFIGS $( compgen -A file -- "$cur" )"
compopt -o filenames
fi
elif __contains_word "$verb" ${VERBS[SECURITY]}; then
if [[ $cur = -* ]]; then
systemd-analyze: add new option to generate JSON output of security analysis table The new option --json= works with the 'security' verb and takes in one of three format flags. These are off which is the default, pretty and short which use JSON format flags for output. When set to true, it generates a JSON formatted output of the security analysis table. The format is a JSON array with objects containing the following fields: set which indicates if the id has been set or not, name which is what is used to refer to the id, json_field which is the equivalent JSON formatted id name only used for JSON outputs, description which is an outline of the id state, and exposure which is an unsigned integer in the range 0.0..10.0, where a higher value corresponds to a higher security threat. The JSON version of the table is printed on the standard output file. Example Run: The unit file testfile.service was created to test the --json= option maanya-goenka@debian:~/systemd (json-security)$ cat <<EOF >testfile.service > [Service] > ExecStart = echo hello > PrivateNetwork = yes > PrivateMounts = yes > PrivateDevices = yes > EOF Both the JSON output and the security analysis table below have been truncated to increase readability. 1. Testing for when --json=off maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=off --root= --offline=true testfile.service --no-pager /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. /home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring. NAME DESCRIPTION EXPOSURE ✓ PrivateNetwork= Service has no access to the host's network ✗ User=/DynamicUser= Service runs as root user 0.4 ✗ CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP) Service may change UID/GID identities/capabilities 0.3 ✗ CapabilityBoundingSet=~CAP_NET_ADMIN Service has administrator privileges 0.3 → Overall exposure level for testfile.service: 8.3 EXPOSED 🙁 2. Testing for when --json=pretty maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=pretty --root= --offline=true testfile.service /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. /home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring. [ { "set" : true, "name" : "PrivateNetwork=", "json-field" : "PrivateNetwork", "description" : "Service has no access to the host's network", "exposure" : null }, { "set" : false, "name" : "User=/DynamicUser=", "json-field" : "UserOrDynamicUser", "decsription" : "Service runs as root user", "exposure" : "0.4" }, { "set" : false, "name" : "CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP)", "json_field" : "CapabilityBoundingSet_CAP_SET_UID_GID_PCAP", "description" : "Service may change UID/GID identities/capabilities", "exposure" : "0.3" }, { "set" : false, "name" : "CapabilityBoundingSet=~CAP_NET_ADMIN", "json_field" : "CapabilityBoundingSet_CAP_NET_ADMIN", "description" : "Service has administrator privileges", "exposure" : "0.3" }, ... ] 3. Testing for when --json=short maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=short --root= --offline=true testfile.service /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly. /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. /home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring. [{"set":true,"name":"PrivateNetwork=", "json_field":"PrivateNetwork", "description":"Service has no access to the host's network","exposure":null}, ...]
2021-08-26 10:17:32 +03:00
comps='--help --version --no-pager --system --user -H --host -M --machine --offline --threshold --security-policy --json=off --json=pretty --json=short'
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
else
if __contains_word "--user" ${COMP_WORDS[*]}; then
mode=--user
else
mode=--system
fi
comps=$( __get_services $mode )
fi
mkosi: Add zsh to Arch packages Useful for testing zsh completion changes.
2021-08-23 18:44:58 +03:00
elif __contains_word "$verb" ${VERBS[CONDITION]}; then
if [[ $cur = -* ]]; then
comps='--help --version --system --user --global --no-pager --root --image'
elif [[ $prev = "-u" ]] || [[ $prev = "--unit" ]]; then
if __contains_word "--user" ${COMP_WORDS[*]}; then
mode=--user
else
mode=--system
fi
comps=$( __get_services $mode )
fi
shell-completion: use 4 space indentation too The same as in other places, indentation levels were all over the place.
2019-04-05 12:39:14 +03:00
fi
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
add bash completion for systemd-analyze
2013-04-24 18:44:44 +04:00
}
complete -F _systemd_analyze systemd-analyze
Copy Permalink