IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This makes it easier to pass it around in preparation for future changes.
While at it, let's rename InstallContext c → ctx, and InstallInfo i → info.
'c' and 'i' are bad names for variables that are passed through multiple layers
of functions calls. It's easier to follow what is happening with a meaningful
variable names.
ENOENT is easily confused with the file that we're working on not being
present, e.g. when the file contains %o or something else that requires
os-release to be present. Let's use -EUNATCH instead to reduce that chances of
confusion if the context of the error is lost.
And once we have pinpointed the reason, let's provide a proper error message:
+ build/systemctl --root=/tmp/systemctl-test.TO7Mcb enable some-some-link6@.socket
/tmp/systemctl-test.TO7Mcb/etc/systemd/system/some-some-link6@.socket: Failed to resolve alias "target@A:%A.socket": Protocol driver not attached
Failed to enable unit, cannot resolve specifiers in "target@A:%A.socket".
In systemd.unit we document that unset fields resolve to "". But we didn't
directly test this, so let's do that. Also, we return -ENOENT if the file
is missing, which we didn't document or test.
The test for the variable is added in test-systemctl-enable because there we
can do it almost for free, and the variable is most likely to be used with
'systemctl enable --root' anyway.
When we are printing a valid unit name, quoting isn't necessary, because
unit names cannot contain whitespace or other confusing characters. In particular
if the unit name is prefixed by " unit " or something else that clearly
identifies the string as a unit name, quoting would just add unnecessary
noise. But when we're printing paths or invalid names, it's better to add
quotes for clarity.
We save a few lines, but the important thing is that we don't have two
different implementations with slightly different rules used for enablement
and loading. Fixes#22000.
Tested with:
- the report in #22000, it now says:
$ SYSTEMD_LOG_LEVEL=debug systemctl --root=/ enable test.service
Suspicious symlink /etc/systemd/system/test.service→/etc/systemd/system/myown.d/test.service, treating as alias.
unit_file_resolve_symlink: self-alias: /etc/systemd/system/test.service → test.service, ignoring.
running_in_chroot(): Permission denied
Suspicious symlink /etc/systemd/system/test.service→/etc/systemd/system/myown.d/test.service, treating as alias.
unit_file_resolve_symlink: self-alias: /etc/systemd/system/test.service → test.service, ignoring.
Failed to enable unit, refusing to operate on linked unit file test.service
- a symlink to /dev/null:
...
unit_file_resolve_symlink: linked unit file: /etc/systemd/system/test3.service → /dev/null
Failed to enable unit, unit /etc/systemd/system/test3.service is masked.
- the same from the host:
...
unit_file_resolve_symlink: linked unit file: /var/lib/machines/rawhide/etc/systemd/system/test3.service → /var/lib/machines/rawhide/dev/null
Failed to enable unit, unit /var/lib/machines/rawhide/etc/systemd/system/test3.service is masked.
- through the manager:
$ sudo systemctl enable test.service
Failed to enable unit: Refusing to operate on alias name or linked unit file: test.service
$ sudo systemctl enable test3.service
Failed to enable unit: Unit file /etc/systemd/system/test3.service is masked.
As seen in the first example, the warning is repeated. This is because we call
the lookup logic twice: first for sysv-compat, and then again for real. I think
that since this is only for broken setups, and when sysv-compat is enabled, and
in an infrequent manual operation, at debug level, this is OK.
A reattach might go from img.raw to img_0.1.raw or viceversa, but this is
not allowed right now as we try to match the full name.
Also take into account that running strcspn(a, '/') on an image name, without
leading path, will return the length of the full string, but the versions
might be different so they won't match, eg:
img_0.1.raw -> 12
img_0.1.1.raw -> 14
So adjust the check to take that into account, and skip it if we are not
dealing with directories
The old logs used __func__, but this doesn't make sense now, because the
low-level function will be used in other places. So those are adjusted to be
more generic.
Follow-up for 00adc340bb.
This fixes the wrong "Received invalid inotify event, ignoring." warnings
caused by the missing curly brackets and the priorities of `&&` and `?:`.
This also replaces the ternary operators with `||`.
Let's raise our supported baseline a bit: CLOCK_BOOTTIME started to work
with timerfd in kernel 3.15 (i.e. back in 2014), let's require support
for it now.
This will raise our baseline only modestly from 3.13 → 3.15.
This normalizes naming of functions operating on BootConfig objects.
Let's always call them boot_config_xyz(), like our usual way to name
stuff.
moreover, move the BootConfig parameter to the beginning, as it's not a
return value (which we typically move to the end of the parameter list),
but simply an object, that even happens to be initialized already.
With these changes the functions are more like our usual way to call
things, and less surprises are good.
the function contains a loop and if expressions and whatnot. Let's
define it as regular function, to make the header easier to read and let
the compiler more freedom on whether to inline this or not.
This just got too confusing for me. With this change we'll now have
_unified as common suffix for stuff loading unified kernels (i.e. type
1), and _type1 as common suffix for type1 entries.
Just some renaming.
For testing purposes I run one of my system symlinking /boot/loader/ to
/efi/loader/. This triggers annoying behaviour in boot entry
enumeration: the code ends up iterating through the 'entries' subdir of
both, thinking one was actually in the ESP and the other in XBOOTLDR,
and thus distinct. This would result in duplicate entries.
Let's address that, and filter out duplicates via their inode numbers:
never process the same inode twice. This should protect us from any
confusion effectively, regardless which inodes are symlinked (or even
bind mounted).
We can't really use conf_files_list() for finding type #1 entries, since
it is case-sensitive, but type #1 entries are typically placed on VFAT,
i.e. are case-insensitive.
hence, use readdir_all() instead, which is quite similar, but gives us
all files, and allows us to do a case-insensitive check.
While we are at it, use openat() on the open dir to open the file, and
pass that around, to make things a tiny bit more race-free.
Defaults to /bin/bash, no changes in the default configuration
The fallback shell for non-root users is as-specified,
and the interactive shell for nspawn sessions is started as
exec(default-user-shell, "-" + basename(default-user-shell), ...)
before falling through to bash and sh
Instead of escaping each component separately, we can instead use
quote_command_line. Doing so simplifies the code and fixes an issue
where spaces inside the executable name were not escaped.
Co-Authored-By: David Edmundson <kde@davidedmundson.co.uk>
This fixes a bug introduced by 7be4b23649.
The function `efi_loader_get_device_part_uuid()` handles NULL
gracefully, and it is called with NULL in gpt-auto-generator.
Fixes#22862.
Previously, if a block device is locked by another process, then the
corresponding worker skip to process the corresponding event, and does
not broadcast the uevent to libudev listners. This causes several issues:
- During a period of a device being locked by a process, if a user trigger
an event with `udevadm trigger --settle`, then it never returned.
- When there is a delay between close and unlock in a process, then the
synthesized events triggered by inotify may not be processed. This can
happens easily by wrapping mkfs with flock. This causes severe issues
e.g. new devlinks are not created, or old devlinks are not removed.
This commit makes events are requeued with a tiny delay when the corresponding
block devices are locked by other processes. With this way, the triggered
uevent may be delayed but is always processed by udevd. Hence, the above
issues can be solved. Also, it is not necessary to watch a block device
unconditionally when it is already locked. Hence, the logic is dropped.
Let's be more precise here. Otherwise people might think this describes
the software system or so. We already expose this via hostnamed as
HardwareVendor/HardwareModel hence use the exact same wording.
(Note that the relevant props on the dmi device are just VENDOR/MODEL,
but that's OK given that DMI really is about hardware anyway,
unconditionally, hence no chance of confusion there.)
Follow-up for 4fc7e4f374
Previously, `event_run()` was called repeatedly in one `event_queue_start()`
invocation. Hence, the SELinux label database is reloaded many times needlessly.
Other settings, e.g. udev rules or hwdata, are tried to be reloaded in the
beginning of `event_queue_start()`. Let's also do so for the SELinux database.
Previously, if udevd failed to resolve event dependency, the event is
ignored and libudev listeners did not receive the event. This is
inconsistent with the case when a worker failed to process a event,
in that case, the original uevent sent by the kernel is broadcasted to
listeners.
The ENOENT, ENXIO, and ENODEV error can happen easily when a block
device appears and soon removed. So, it is reasonable to ignore the
error. But other errors should not occur here, and hence let's handle
them as critical.
When the last queued event is processed, information about subsequent
events may be already queued in the netlink socket of sd-device-monitor.
In that case, previously we once removed /run/udev/queue and touch the
file soon later, and `udevadm settle` mistakenly considered all events
are processed.
To mitigate such situation, this makes /run/udev/queue removed in on_post().
Some refactoring: split efi-loader.[ch] in two: isolate the calls that
implement out boot loader interface spec, and those which implement
access to upstream UEFI firmware features.
They are quite different in nature and behaviour, and even semantically
it makes to keep these two separate. At the very least because the
previous name "efi-loader.[ch]" suggests all was about loader-specific
APIs, but much of it is generic uefi stuff...
While we are at it, I renamed a bunch of return parameters to follow our
usual ret_xyz naming. But besides renaming no real code changes.
On systems lacking EFI or the SecureBoot efi var the caching of this
info didn#t work, since we'd see ENOENT when reading the var, and cache
that, which we then use as reason to retry next time.
Let's fix that and convert ENOENT to "secure boot", because that's what
it really means. All other errors are left as is (and reason to retry).
But let's add some debug logging for that case.
The commit 1cf4ed142d makes the IPv4 ACD
enabled unconditionally for IPv4 link-local addresses even if users
explicitly disable ACD.
This makes the IPv4 ACD is enabled by default, but honor user setting.
Fixes#22763.
Same idea as 03677889f0.
No functional change intended. The type of the iterator is generally changed to
be 'const char*' instead of 'char*'. Despite the type commonly used, modifying
the string was not allowed.
I adjusted the naming of some short variables for clarity and reduced the scope
of some variable declarations in code that was being touched anyway.
Our coding style dictates that return parameters should be initialized
always on success, hence do so here also in the shortcut codepath.
Issue discovered by @fbuihuu:
ca8503f168 (r831911069)
