IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This handles a Debian-specific quirk where /etc/default/locale is used
instead of /etc/locale.conf. There is currently special handling for
this in testsuite-73.sh, so the quirk should be handled here too for
consistency.
(cherry picked from commit bb59fdc1e3)
(cherry picked from commit 9b42646b22)
Binutils 2.38 added support for efi-app-aarch64
Still use binary mode if we have an older objcopy
Add check for incompatible gnu-efi crt0 containing the header section
which gets added by objcopy and if used results in duplicate header
and subsequently a broken binary
Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
(cherry picked from commit 9c100c4e70)
(cherry picked from commit 953e5fc093)
If we add a drop-in for init.scope (e.g.: to set some memory limit),
it will be loaded long after the cgroup has already been realized.
Do it again when creating the special unit.
(cherry picked from commit 020b2e41ea)
(cherry picked from commit 786b7a7208)
As 30s might be not enough on busy systems (and we already bumped the
reboot timeout from 30s to 60s for this reason).
(cherry picked from commit d932022ddf)
(cherry picked from commit c2fef536d5)
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:
```
[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[ 226.332965] testsuite-71.sh[576]: + set +ex
[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[ 228.910782] sh[577]: + systemctl poweroff --no-block
[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 237.931415] systemd[1]: Failed to start testsuite-71.service.
[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[ 238.181030] systemd[1]: Reached target testsuite.target.
```
Let's override the timeout in sd-bus as well to mitigate this.
Follow-up to c78d18215b.
(cherry picked from commit e0cbb73911)
(cherry picked from commit e4ed752f23)
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
(cherry picked from commit b9f976fb45)
(cherry picked from commit 80e8340ec4)
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.
Fixes#25984.
(cherry picked from commit 841dfd3dc0)
(cherry picked from commit a674a398e7)
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
(cherry picked from commit 218cfe2335)
(cherry picked from commit 25e30725d7)
This patch merge the TPM2 detection paths when we are inside and outside
an initrd.
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e37dfcec52)
(cherry picked from commit 78ffc39f9e)
During the credentials encryption, if systemd it is compiled with TPM2
support, it will try to use it depending on the key flags passed.
The current code only checks if the system has a functional TPM2 if the
case of the INITRD flag.
This patch do a similar check in the case that it is outside initrd (but
still automatic).
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e653a194e4)
(cherry picked from commit 4f420958f9)
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2). This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.
This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.
Non-root users can now create per-user credentials with:
export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
systemd-creds setup
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f27)
(cherry picked from commit 432ec5a654)
CURLOPT_PROTOCOLS [0] was deprecated in libcurl 7.85.0 with
CURLOPT_PROTOCOLS_STR [1] as a replacement, causing build warnings/errors:
../build/src/import/curl-util.c: In function ‘curl_glue_make’:
../build/src/import/curl-util.c:255:9: error: ‘CURLOPT_PROTOCOLS’ is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations]
255 | if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK)
| ^~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/curl-util.c:6:
/usr/include/curl/curl.h:1749:3: note: declared here
1749 | CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181,
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since there's no grace period between the two symbols, let's resort
to a light if-def-ery to resolve this.
[0] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html
[1] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html
(cherry picked from commit e61a4c0b7c)
(cherry picked from commit 14f573175a)
CURLINFO_PROTOCOL has been deprecated in curl 7.85.0 causing compilation
warnings/errors:
../build/src/import/pull-job.c: In function ‘pull_job_curl_on_finished’:
../build/src/import/pull-job.c:142:9: error: ‘CURLINFO_PROTOCOL’ is deprecated: since 7.85.0. Use CURLINFO_SCHEME [-Werror=deprecated-declarations]
142 | code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
| ^~~~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/pull-job.h:6,
from ../build/src/import/pull-common.h:7,
from ../build/src/import/pull-job.c:16:
/usr/include/curl/curl.h:2896:3: note: declared here
2896 | CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME")
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since both CURLINFO_SCHEME and CURLINFO_PROTOCOL were introduced in
the same curl version (7.52.0 [0][1]) we don't have to worry about
backwards compatibility.
[0] https://curl.se/libcurl/c/CURLINFO_SCHEME.html
[1] https://curl.se/libcurl/c/CURLINFO_PROTOCOL.html
(cherry picked from commit 2285c462eb)
(cherry picked from commit 4ab37502b3)
Inspired by #25957 there's one other place where we don't guard
acl_free() calls with a NULL check.
Fix that.
(cherry picked from commit 34680637e8)
(cherry picked from commit 4dabf90526)
When built with ACL support, we might be processing a tmpfiles
entry where there's no cause for us to call parse_acls_from_arg,
then we get to the end of parse_line without having ever populated
i.{acl_access, acl_default}.
Then we pass a null pointer into acl_free().
From UBSAN w/ GCC 13.0.0_pre20230101:
```
$ systemd-tmpfiles --clean
/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer
#0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44
#1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855
#2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158
#3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897
#4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985
#5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157
#6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218
#7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289)
#8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344)
#9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900)
```
(cherry picked from commit 9f804ab04d)
(cherry picked from commit a11a949c43)
Let's pass USEC_INFINITY from sd_event_source_set_time_relative() to
sd_event_source_set_time() instead of raising EOVERFLOW.
We should raise EOVERFLOW only if your addition fails, but not if the
input already is USEC_INFINITY, since it's an entirely valid operation
to have an infinite time-out, and we should support that.
(cherry picked from commit ef8591951a)
(cherry picked from commit 9769d84fe5)
The second argument to dump_list() actually ends up in a TABLE_FIELD
cell now, where we implicitly append a ":". Hence drop it from the
strings.
Follow-up for: 37a50123fa
(cherry picked from commit ef503f1cec)
(cherry picked from commit c01cdcfb8a)
Previously, if a client disconnected after sending a lookup request but
before waiting for the reply we'd log at LOG_ERR level. That's
confusing, since it's entirely OK for the client to lose interest.
Hence, let's downgrade to debug level.
Fixes: #25892
(cherry picked from commit 40557509be)
(cherry picked from commit a3ceaf0f1d)
cannot pass false as argument because function wants a pointer to bool
instead, use NULL instead
(cherry picked from commit 2cc697d740)
(cherry picked from commit e78a1489a8)
GCC-13 -std=gnu2x FTBS with:
error: incompatible type for argument 3 of ‘_hashmap_free’
(cherry picked from commit a4a1569ff1)
(cherry picked from commit 921bff2f85)
../src/basic/cgroup-util.c: In function ‘skip_session’:
../src/basic/cgroup-util.c:1241:32: error: incompatible types when returning type ‘_Bool’ but ‘const char *’ was expected
1241 | return false;
(cherry picked from commit db8e720984)
(cherry picked from commit ad647734c7)
We treat any negative value as "invalid fd", but signalfd only
accepts -1.
(cherry picked from commit cbff793ffb)
(cherry picked from commit 54c840ea58)
If the page size of a swap space doesn't match the page size of the
currently running kernel, swapon will fail. Let's instruct it to
reinitialize the swap space instead.
(cherry picked from commit cc137d53e3)
(cherry picked from commit a0ac79bce9)
After #25268, it is now possible to check whether a credential
is present on a FIDO2 token without actually attempting to retrieve said
credential. However, when cryptsetup plugins are not enabled, the
fallback unlock routines are not able to make multiple attempts with
multiple different FIDO2 key slots.
Instead of looking for one FIDO2 key slot when trying to unlock, we now
attempt to use all key slots applicable.
Fixes#19208.
(cherry picked from commit e6319a102e)
(cherry picked from commit 892cb01c2b)
This ensures that services with `RemainAfterExit` but without any
process running won't cause failure during freeze.
(cherry picked from commit fcb0878f75)
(cherry picked from commit 2eb040f36f)
Explicitly set __attribute__ ((noinline)) so that the compiler does not
attempt to inline expand_to_usable, even with LTO.
(cherry picked from commit 4f79f545b3)
(cherry picked from commit e998c9d7c1)
systemd uses malloc_usable_size() everywhere to use memory blocks
obtained through malloc, but that is abuse since the
malloc_usable_size() interface isn't meant for this kind of use, it is
for diagnostics only. This is also why systemd behaviour is flaky when
built with _FORTIFY_SOURCE.
One way to make this more standard (and hence safer) is to, at every
malloc_usable_size() call, also 'reallocate' the block so that the
compiler can see the larger size. This is done through a dummy
reallocator whose only purpose is to tell the compiler about the larger
usable size, it doesn't do any actual reallocation.
Florian Weimer pointed out that this doesn't solve the problem of an
allocator potentially growing usable size at will, which will break the
implicit assumption in systemd use that the value returned remains
constant as long as the object is valid. The safest way to fix that is
for systemd to step away from using malloc_usable_size() like this.
Resolves#22801.
(cherry picked from commit 7929e180aa)
(cherry picked from commit 34b9eddfc1)
Commit 1b86c7c59e ("virt: make virtualization enum a named type")
made the conversion from `if (!r)` to `if (v != VIRTUALIZATION_NONE)`.
However, the initial test was meaning "if r is null", IOW "if r IS
`VIRTUALIZATION_NONE`).
The test is wrong and this can lead to false detection of the container
environment (when calling `systemctl exit`).
For example, https://gitlab.freedesktop.org/whot/libevdev/-/jobs/34207974
is calling `systemctl exit 0`, and systemd terminates with the exit code
`130`.
Fixing that typo makes `systemctl exit 0` returns `0`.
Fixes: 1b86c7c59e.
(cherry picked from commit a91078bc57)
This reverts commit 64f0e53851.
On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote:
> That patch made things worse and is disfunctional for both, usb drive and
> password.
>
> No idea if more patches are needed, but this build does not unlock a drive
> at all, if usb is configured.
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
(cherry picked from commit 3e4d0f6cf9)
(cherry picked from commit 9b75a3d050)
