IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Newer binutils versions currently trigger the following warnings due to
a bug in gnu-efi
on arm64:
/usr/bin/ld.bfd: warning: src/boot/efi/systemd-bootaa64.elf has a LOAD segment with RWX permissions
on amd64:
/usr/bin/ld.bfd: warning: /usr/lib/crt0-efi-x86_64.o: missing .note.GNU-stack section implies executable stack
This results in a build failure due to --fatal-warnings.
Work around this issue by suppressing those warnings until gnu-efi has
been fixed.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013341
(cherry picked from commit b0e5bf0451)
(cherry picked from commit 8a6f966be4)
dm-crypt device units generated by systemd-cryptsetup-generator
habe BindsTo= dependencies on their backend devices. The dm-crypt
devices have the db_persist flag set, and thus survive the udev db
cleanup while switching root. But backend devices usually don't survive.
These devices are neither mounted nor used for swap, thus they will
seen as DEVICE_NOT_FOUND after switching root.
The BindsTo dependency will cause systemd to schedule a stop
job for the dm-crypt device, breaking boot:
[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device.
[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace
[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343
Avoid this by not setting the state of the backend devices to
DEVICE_DEAD.
Fixes the LUKS setup issue reported in #23429.
(cherry picked from commit cf1ac0cfe4)
(cherry picked from commit 4f86dd2849)
Commit 70e74a5997 ("pstore: Run after modules are loaded") added After=
and Wants= entries for all known kernel modules providing a pstore.
While adding these dependencies on systems where one of the modules is
not present, or not configured, should not have a real affect on the
system, it can produce annoying error messages in the kernel log. E.g.
"mtd device must be supplied (device name is empty)" when the mtdpstore
module is not configured correctly.
Since dependencies cannot be removed with drop-ins, if a distro wants to
remove some of these modules from systemd-pstore.service, they need to
patch units/systemd-pstore.service.in. On the other hand, if they want
to append to the dependencies this can be done by shipping a drop-in.
Since the original intent of the previous commit was to fix [1], which
only requires the efi_pstore module, remove all other kernel module
dependencies from systemd-pstore.service, and let distros ship drop-ins
to add dependencies if needed.
[1] https://github.com/systemd/systemd/issues/18540
(cherry picked from commit 8b8bd621e1)
The systemd-pstore service takes pstore files on boot and transfers them
to disk. It only does it once on boot and only if it finds any. The typical
location of the pstore on modern systems is the UEFI variable store.
Most distributions ship with CONFIG_EFI_VARS_PSTORE=m. That means, the
UEFI variable store is only available on boot after the respective module
is loaded.
In most situations, the pstore service gets loaded before the UEFI pstore,
so we don't get to transfer logs. Instead, they accumulate, filling up the
pstore over time, potentially breaking the UEFI variable store.
Let's add a service dependency on any kernel module that can provide a
pstore to ensure we only scan for pstate after we can actually see pstate.
I have seen live occurences of systems breaking because we did not erase
the pstates and ran out of UEFI nvram space.
Fixes https://github.com/systemd/systemd/issues/18540
(cherry picked from commit 70e74a5997)
On switching root, a device may have a persistent databse. In that case,
Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not
necessary to downgrade the Device.deserialized_found and
Device.deserialized_state. Otherwise, the state of the device unit may
be changed plugged -> dead -> plugged, if the device has not been mounted.
Fixes#23429.
[mwilck: cherry-picked from #23437]
(cherry picked from commit 4fc69e8a09)
(cherry picked from commit 131206de78)
The issue #12953 is caused by the following:
On switching root,
- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT,
- deserialized_state == DEVICE_PLUGGED,
- enumerated_found == DEVICE_FOUND_MOUNT,
On switching root, most devices are not found by the enumeration process.
Hence, the device state is set to plugged by device_coldplug(), and then
changed to the dead state in device_catchup(). So the corresponding
mount point is unmounted. Later when the device is processed by udevd, it
will be changed to plugged state again.
The issue #23208 is caused by the fact that generated udev database in
initramfs and the main system are often different.
So, the two issues have the same root; we should not honor
DEVICE_FOUND_UDEV bit in the deserialized_found on switching root.
This partially reverts c6e892bc0e.
Fixes#12953 and #23208.
Replaces #23215.
Co-authored-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 75d7b5989f)
If file is world readable, then `read_full_file_full()` will warn
about that.
(cherry picked from commit d5ad2ec1d4)
(cherry picked from commit c87c7e7231)
it's enabled units, and they might be started by various forms of
activation, not just "at boot".
Fix that.
(cherry picked from commit 0c772b1cc1)
(cherry picked from commit 81d33ab7f6)
This fixes formatting of JSON real values, and uses C locale for them.
It's kinda interesting that this wasn't noticed before: the C locale
object we allocated was not used, hence doing the dance had zero effect.
This makes "test-varlink" pass again on systems with non-C locale.
(My guess: noone noticed this because "long double" was used before by
the JSON code and that had no locale supporting printer or so?)
(cherry picked from commit 93258c7d72)
(cherry picked from commit 2e6e30a92f)
If Parallels virtualization is detected from DMI, then trust that over CPUID.
Fixes issue caused by 28b1a3eac2.
Fixes#23856.
(cherry picked from commit 840a49f3dc)
(cherry picked from commit 0c36233a84)
Previously, even if there is buffered inotify data, sd_event_prepare()
did not process the data when there is no pending event source.
Fixes#23826.
(cherry picked from commit 067fc91702)
(cherry picked from commit 632ba5b2f0)
Without the terminating colon we wouldn't match anything, so the loop over
properties was skipped.
(cherry picked from commit 6b0485c29a)
(cherry picked from commit 09e0ccf293)
They are various cases where the same module might be repeatedly
loaded in a short time frame, for example if a service depending on a
module keep restarting, or if many instances of such service get
started at the same time. If this happend the modprobe@.service
instance will be marked as failed because it hit the restart limit.
Overall it doesn't seems to make much sense to have a restart limit on
the modprobe service so just disable it.
Fixes: #23742
(cherry picked from commit 9625350e53)
(cherry picked from commit 8539a62207)
Fixes build with musl:
| ../git/src/shared/dissect-image.c: In function 'mount_image_privately_interactively':
| ../git/src/shared/dissect-image.c:2986:34: error: 'LOCK_SH' undeclared (first use in this function)
| 2986 | r = loop_device_flock(d, LOCK_SH);
| | ^~~~~~~
(cherry picked from commit 19df770fe1)
(cherry picked from commit b777390814)
Commit 0307afc681 ("networkctl: add support to display Transmit/Recieve queue
length (#12633)") added the display of the number of RX and TX Queues to the
output of `networkctl status $DEV`. However the row description says "Queue
Length".
This patch fixes the output by replacing "Queue Length" by "Number of Queues".
Fixes: 0307afc681 ("networkctl: add support to display Transmit/Recieve queue length (#12633)")
(cherry picked from commit 25ed7633b1)
(cherry picked from commit 16b8ae51b0)
@known is generated from syscall-list.txt, which generated from kernel
headers. So, some syscalls in @obsolete may not be listed in
syscall-list.txt.
(cherry picked from commit 6d6a08547c)
(cherry picked from commit 996979f513)
This reverts dd51e725df and fixes bugs
introduced by 1624114d74.
Previously,
- On online scan, the syscall filter was a string Hashmap, but it
might contain syscall name with errno or error action. Hence, we need
to drop the errno or error action in the string.
- On offline scan, the syscall filter was a Hashmap of syscall ID, so
hashmap_contains() with syscall name did not work. We need to convert
syscall IDs to syscall names.
- If hashmap_contains() in syscall_names_in_filter() is true, then
the syscall is allowed when the list is an allow-list, and vice versa.
Hence, the condition in syscall_names_in_filter() was errnously
inverted by dd51e725df.
This makes syscalls are always stored with its name, instead of ID,
and also correct the condition.
Fixes#23663.
(cherry picked from commit 5862e5561c)
(cherry picked from commit 20a265b416)
Note, if `n != SIZE_MAX`, we cannot check the existence of the specified
string in the set without duplicating the string. And, set_consume() also
checks the existence of the string. Hence, it is not necessary to call
set_contains() if `n != SIZE_MAX`.
(cherry picked from commit cb649d12bf)
(cherry picked from commit a64c080ccf)
We send/recv the set of payload uid, host uid, payload gid, host gid.
Hence, the index must be incremented with 4, instead of 2.
Fixes#23664.
(cherry picked from commit 05ab439a62)
(cherry picked from commit 20037219b7)
Fixes: CID#1469712
CID 1469712 (#1 of 1): Unused value (UNUSED_VALUE)
returned_value: Assigning value from sd_id128_from_string(word + 2, &boot_id) to r here,
but that stored value is overwritten before it can be used.
(cherry picked from commit c9f5ac0917)
(cherry picked from commit 73a327d2f4)
The USB ID v0483pDF11 is used by the ROM code in many STMicroelectronics
devices (for firmware download) and not just signal analyzers.
(cherry picked from commit 5d049ff920)
(cherry picked from commit adcd345156)
dns_label_unescape() does not nul-terminate the buffer if it does not
have enough space. Hence, if a lable is enough long, then strjoin()
triggers buffer-overflow.
Fixes#23705.
(cherry picked from commit 9db01ca5b0)
(cherry picked from commit 25158b2944)
We would use a relative path, looking for globs like
'lib/systemd/libsystemd-shared-*.so' under the build directory, and never find
anything.
The test was supposed to find library in the current installation. But we
cannot assume that the right library is installed, so the test only printed the
result for manual inspection. Thus nobody noticed when it broke. I think it
broke in c6134d3e2f, path-util: get rid of prefix_root().
But that commit doesn't compile because of changes in meson, so this is just
a guess.
Before:
/* test_systemd_installation_has_version */
Current installation has systemd >= 0: no
Current installation has systemd >= 231: no
Current installation has systemd >= 249: no
Current installation has systemd >= 999: no
With the fix:
$ build/test-nspawn-util
/* test_systemd_installation_has_version */
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK).
Current installation has systemd >= 0: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (OK).
Current installation has systemd >= 231: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (OK).
Current installation has systemd >= 251: yes
Found libsystemd shared at "/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old).
Found libsystemd shared at "/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-245.so.so", version 245 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-251.so.so", version 251 (too old).
Found libsystemd shared at "/usr/lib/systemd/libsystemd-shared-250.so.so", version 250 (too old).
Current installation has systemd >= 999: no
$ build/test-nspawn-util /var/lib/machines/rawhide
/* test_systemd_installation_has_version */
/* test_systemd_installation_has_version */
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 0: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 231: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (OK).
/var/lib/machines/rawhide has systemd >= 251: yes
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old).
Found libsystemd shared at "/var/lib/machines/rawhide/usr/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251 (too old).
/var/lib/machines/rawhide has systemd >= 999: no
While at it, NULSTR_FOREACH → FOREACH_STRING.
(cherry picked from commit 0643001c28)
See a2b0cd3f5a. When -Dshared-lib-tag is used,
libsystemd-shared.so and libsystemd-core.so get a suffix which breaks the
parsing done by systemd_installation_has_version(). We can assume that the
tag will be something like "251-rc1-1.fc37" that is currently used in Fedora.
(Anything that does *not* start with the version would be completely crazy.)
By switching to strverscmp_improved() we simplify the code and fix comparisons
with such versions.
$ build/test-nspawn-util /var/lib/machines/rawhide
...
Found libsystemd shared at "/var/lib/machines/rawhide/lib/systemd/libsystemd-shared-251-rc1-1.fc37.so.so", version 251-rc1-1.fc37 (OK).
/var/lib/machines/rawhide has systemd >= 251: yes
...
I noticed this when I started a systemd-nspawn container with Redora rawhide
and got the message "Not running with unified cgroup hierarchy, LSM BPF is not
supported". I thought the message is in error, but it was actually correct:
nspawn was misdetecting that the container does not sport new-enough systemd
to support cgroups-v2.
(cherry picked from commit 7e6821ed4e)
This function implements a heuristic that is only used by nspawn. It doesn't
belong in basic. I opted for a new file "nspawn-utils.c", because it seems
likely that we'll need some other new utilities like that in the future.
No functional change.
(cherry picked from commit c9394f4f93)
The commit 1cf4ed142d makes the IPv4 ACD
enabled unconditionally for IPv4 link-local addresses even if users
explicitly disable ACD.
This makes the IPv4 ACD is enabled by default, but honor user setting.
Fixes#22763.
(cherry picked from commit 2859932bd6)
1449b0f8a9 fixed seccomp arch check for the offline case,
but broke it for the normal case, as when coming from D-Bus the
list of seccomp architectures is already converted to string.
Fixes https://github.com/systemd/systemd/issues/23224
(cherry picked from commit e22f2cfa5e79135d9abf53152a292357fe807dc9)
People (and build systems) sometimes set flags through -Dc_args=… or $CFLAGS.
Let's catch this common case too. meson will set c_args from $CFLAGS, so we
only need to check the former.
(cherry picked from commit b528a62863)
