1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-05 09:17:44 +03:00
Commit Graph

60933 Commits

Author SHA1 Message Date
msizanoen1
7d4ea095d5 udev: match device tags in rules using current device tags
This ensures that udev scripts using `TAG-="..."` and expecting later
udev rules to honor it will work properly. An use case is removing the
`uaccess` tag from a device without overriding the original file and
ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later.

(cherry picked from commit 3102499039)
2023-02-10 20:28:11 +00:00
Jia Zhang
6882211df7 boot: don't convert the trailing newline in mangle_stub_cmdline()
It is pretty convenient to add .cmdline using /proc/cmdline like
this:
  --add-section .cmdline=/proc/cmdline --change-section-vma .cmdline=0x25000

However, it always returns a trailing newline, and stub will
convert it to a whitespace by mangle_stub_cmdline() in next boot.
Thus the resulting /proc/cmdline would contain a trailing
whitespace. When /proc/cmdline is used to generate .cmdline again,
the resulting UKI is mangled.

To address this kind of inconvenience, mangle_stub_cmdline() should
skip converting the trailing newline, and try to chomp all the
trailing whitespaces.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
(cherry picked from commit 486cf22c35)
2023-02-10 20:28:11 +00:00
Lennart Poettering
f3d620f5d2 docs: remove /dev/tty* confusion
The text said /dev/tty* as a whole was the VT subsystem and that VT is
not supported in containers.

But that's not accurate as /dev/tty* will match /dev/tty too and that
one device node is special and is not related to VT: it always points to
the current process own controlling tty, regardless what that is.

hence, rewrite /dev/tty* as /dev/tty[0-9]*.

(cherry picked from commit 6ae5c39af1)
2023-02-10 20:28:11 +00:00
Lennart Poettering
3856b97f8b units: pull in loop.ko and dm-mod.ko before repart
We want to make use of that when formatting file systems, hence let's
pull in these modules explicitly.

(This is necessary because we are an early boot service that might run
before systemd-tmpfiles-dev.service, which creates /dev/loop-control and
/dev/mapper/control.)

Alternatively we could just order ourselves after
systemd-tmpfiles-dev.service, but I think there's value in adding an
explicit minimal ordering here, since we know what we'll need.

Fixes: #25775
(cherry picked from commit ce7dcfd6b0)
2023-02-10 20:28:11 +00:00
Lennart Poettering
67467efd58 units: change modprobe@dm-mod.service → modprobe@dm_mod.service
Follow-up for 8f1359bf85

(cherry picked from commit 143a1f1039)
2023-02-10 20:28:11 +00:00
Lennart Poettering
2d495affef pcrphase: gracefully exit if TPM2 support is incomplete
If everything points to the fact that TPM2 should work, but then the
driver fails to initialize we should handle this gracefully and not
cause failing services all over the place.

Fixes: #25700
(cherry picked from commit 0318d54539)
2023-02-10 20:28:11 +00:00
Yu Watanabe
c6f2f5a90d sleep: enumerate only existing and non-device batteries
The enumerator is now mostly consistent with on_ac_power() in
udev-util.c.

(cherry picked from commit fe8e0f8e79)
2023-02-10 17:00:49 +01:00
Yu Watanabe
6753be212f sleep: fix indentation
(cherry picked from commit 3332cfe176)
2023-02-10 17:00:49 +01:00
Yu Watanabe
036b72b593 sleep: introduce siphash24_compress_id128()
Also, rename get_battery_identifier() to siphash24_compress_device_sysattr().

This also makes any errors in sd_id128_get_machine() or id128_get_product()
ignored. For the machine ID, the failure should not be significant unless
the file stored in the discharge level is reused by another system, which
is quite unusual. For the product ID, if the firmware provides useless
ID (all zero or all 0xFF), then loading/storing the discharge rate
becomes completely broken, that should be avoided.

Note, now sysattrs are used instead of properties in uevent files, but
both provide the same information, hence no functionality should be
changed.

(cherry picked from commit a7795a4ecf)
2023-02-10 17:00:49 +01:00
Yu Watanabe
a251e6aa47 sleep: simplify code a bit
- use device_get_sysattr_int(),
- drop redundant log message.

(cherry picked from commit 3d9ca76f36)
2023-02-10 17:00:49 +01:00
Yu Watanabe
b84a05fc57 sleep: coding style fixlets
(cherry picked from commit 3c3f46013e)
2023-02-10 17:00:49 +01:00
Yu Watanabe
eea08d150c sleep: introduce SuspendEstimationSec=
Before v252, HibernateDelaySec= specifies the maximum timespan that the
system in suspend state, and the system hibernate after the timespan.

However, after 96d662fa4c, the setting is
repurposed as the default interval to measure battery charge level and
estimate the battery discharging late. And if the system has enough
battery capacity, then the system will stay in suspend state and not
hibernate even if the time passed. See issue #25269.

To keep the backward compatibility, let's introduce another setting
SuspendEstimationSec= for controlling the interval to measure
battery charge level, and make HibernateDelaySec= work as of v251.

This also drops implementation details from the man page.

Fixes #25269.

(cherry picked from commit 4f58b656d9)
2023-02-10 17:00:49 +01:00
Yu Watanabe
1baf68d728 sleep: drop unnecessary temporal vaiable and initialization
(cherry picked from commit 2ed56afeb3)
2023-02-10 17:00:49 +01:00
Yu Watanabe
792a1be91c sleep: fetch_batteries_capacity_by_name() does not return -ENOENT
(cherry picked from commit d812e104c7)
2023-02-10 17:00:49 +01:00
Yu Watanabe
40c997ae1d sleep: rename hibernate_delay_sec -> _usec
(cherry picked from commit 3d23df005e)
2023-02-10 17:00:49 +01:00
Yu Watanabe
856a02f338 rules: add missing line continuation
Fixes a bug introduced by 953c928c24.

Fixes #25811.

(cherry picked from commit de8409ac43)
2023-02-10 17:00:49 +01:00
Luca Boccassi
61f5710d0b packit: remove ukify handling
added in v253
2023-01-26 09:12:21 +01:00
Daan De Meyer
4dc37994e2 test-execute: Skip when /sys is read-only
The test depends on /sys being writable, so let's skip it when /sys
is read-only.

(cherry picked from commit 34b5977015)
2023-01-26 09:12:21 +01:00
Michael Biebl
9605a45763 test: skip firstboot --prompt-keymap check if keymaps are missing
Fixes: #26165
(cherry picked from commit d173c9ebb0)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
8f84df0da3 partition: fix build with newer linux/btrfs.h uapi header
linux/btrfs.h needs  to be included after sys/mount.h, as since [0]
linux/btrfs.h includes linux/fs.h causing build errors:

```
In file included from /usr/include/linux/fs.h:19,
                 from ../src/basic/linux/btrfs.h:29,
                 from ../src/partition/growfs.c:6:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
   35 |   MS_RDONLY = 1,                /* Mount read-only.  */
      |   ^~~~~~~~~
[1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o
ninja: build stopped: subcommand failed.
```

See: https://github.com/systemd/systemd/issues/8507

[0] a28135303a

(cherry picked from commit ed614f17fc)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
240513ceca basic/linux: update linux uapi headers
IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's
reflect that change to fix build with newer kernels:

```
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10:
../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror]
   16 | #define IPPROTO_L2TP            115
      |
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3:
/usr/include/netinet/in.h:85: note: this is the location of the previous definition
   85 | #define IPPROTO_L2TP            IPPROTO_L2TP
      |
cc1: all warnings being treated as errors
```

When at it, update the rest of the headers we ship as well.

[0] 65b32f801b

(cherry picked from commit a95ff98ec4)
2023-01-26 09:12:21 +01:00
Nick Rosbrook
9b42646b22 test: handle Debian's /etc/default/locale in testsuite-74.firstboot.sh
This handles a Debian-specific quirk where /etc/default/locale is used
instead of /etc/locale.conf. There is currently special handling for
this in testsuite-73.sh, so the quirk should be handled here too for
consistency.

(cherry picked from commit bb59fdc1e3)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
97ebe90879 test: cover some interactive/error paths in firstboot
(cherry picked from commit dbd8dbdfc1)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
ddc1898ebd test: re-enable skipped systemd-firstboot --locale-messages= test
Since the original issue should be resolved by #25253.

(cherry picked from commit 59377dbef2)
2023-01-26 09:12:21 +01:00
Nick Rosbrook
07e4787106 test: make sure mount point exists in testsuite-64.sh
(cherry picked from commit 84e5b9225d)
2023-01-26 09:12:21 +01:00
Callum Farmer
953e5fc093 boot: Use objcopy with arm64
Binutils 2.38 added support for efi-app-aarch64
Still use binary mode if we have an older objcopy
Add check for incompatible gnu-efi crt0 containing the header section
which gets added by objcopy and if used results in duplicate header
and subsequently a broken binary

Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
(cherry picked from commit 9c100c4e70)
2023-01-26 09:12:21 +01:00
Zbigniew Jędrzejewski-Szmek
34157bba08 sleep: fix memleak
Those hashmaps are created anew in each iteration of the loop. The
leak wasn't really a problem, because the loop is bounded and the
hashmaps were not huge, but it's nicer to be correct.

(cherry picked from commit de5d8b40ed)
2023-01-26 09:12:21 +01:00
Zbigniew Jędrzejewski-Szmek
224f912cba sleep: reduce double logging and improve messages and comments a bit
read_battery_capacity_percentage() was already logging, but with a slightly
different wording.

More could be done, I just touched the most noticable places. Especially
in debug messages, it is much more useful to be direct about what couldn't
be accessed or parsed, instead of providing "descriptive names" which are
not useful to the user at all, who then needs to read the code to figure out
what was the actual property name.

(cherry picked from commit 099810a65b)
2023-01-26 09:12:21 +01:00
Zbigniew Jędrzejewski-Szmek
5c94225d0c sleep: do not abort if we try to query capacity of missing battery
Fixes #25584.

From the issue:
Assertion 'capacity >= 0' failed at src/shared/sleep-config.c:58, function PTR_TO_CAPACITY(). Aborting.

(gdb) bt

The problem is that PTR_TO_CAPACITY(hashmap_get(last_capacity, battery_name))
will abort if it's called with a name not present in the hashmap. We want to
skip the device silently in this case instead.

(cherry picked from commit 7ebbe4a5ce)
2023-01-26 09:12:21 +01:00
Luca Boccassi
786b7a7208 core: ensure init.scope is realized after drop-ins have been loaded
If we add a drop-in for init.scope (e.g.: to set some memory limit),
it will be loaded long after the cgroup has already been realized.
Do it again when creating the special unit.

(cherry picked from commit 020b2e41ea)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
c2fef536d5 test: bump the container spawn timeout to 60s
As 30s might be not enough on busy systems (and we already bumped the
reboot timeout from 30s to 60s for this reason).

(cherry picked from commit d932022ddf)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
e4ed752f23 test: bump the client-side timeout in sd-bus as well
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:

```
[  226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[  226.332965] testsuite-71.sh[576]: + set +ex
[  226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[  228.910782] sh[577]: + systemctl poweroff --no-block
[  232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[  236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[  237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[  237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[  237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[  237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[  237.931415] systemd[1]: Failed to start testsuite-71.service.
[  238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[  238.181030] systemd[1]: Reached target testsuite.target.
```

Let's override the timeout in sd-bus as well to mitigate this.

Follow-up to c78d18215b.

(cherry picked from commit e0cbb73911)
2023-01-26 09:12:21 +01:00
Michael Biebl
1c325f6d7f test: fix TEST-73-LOCALE on Debian
Fix incorrection assumption about the Debian patch being buggy and
actually making TEST-73-LOCALE fail on Debian.

```
 # localectl set-locale LANG=C.UTF-8
 # cat /etc/default/locale
 LANG=C.UTF-8
```

(cherry picked from commit a4bc35740a)
2023-01-26 09:12:21 +01:00
Zbigniew Jędrzejewski-Szmek
905705b280 shared/install: rework an assert to appease gcc-13
With the previous form, gcc is confused and thinks that .type might be unset.

Fixes #26118.

(cherry picked from commit 8f5d716a71)
2023-01-26 09:12:21 +01:00
Zbigniew Jędrzejewski-Szmek
9a9c5ca26f shared/install: rework InstallChange to always have .path set
We would set .path in all cases except INSTALL_CHANGE_AUXILIARY_FAILED, where
we would just just .source. This special case is just not worth it, because
we can't easily assert that .path is set. Let's remove this special case to
help the compiler know that .path is actually set.

Avoids a warning with gcc-13.0.1-0.1.fc38.x86_64.

(cherry picked from commit 4a4af850b3)
2023-01-26 09:12:21 +01:00
Yu Watanabe
728f083257 test-unit-name: fix fd leak
Fixes an issue reported at https://github.com/systemd/systemd/issues/22576#issuecomment-1396774385.

(cherry picked from commit 36f73b6c67)
2023-01-26 09:12:21 +01:00
Yu Watanabe
f6af7a4190 test-ndisc: fix memleak and fd leak
Fixes issues reported at #22576.

(cherry picked from commit 86d82cb888)
2023-01-26 09:12:21 +01:00
Michal Koutný
80e8340ec4 core: mount namespaces: Remove auxiliary bind mounts directory after unit termination
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).

Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.

(cherry picked from commit b9f976fb45)
2023-01-26 09:12:21 +01:00
Yu Watanabe
f2d84ca5f1 network: do not enter failed state when received an invalid RA
Fixes the issue reported at https://github.com/systemd/systemd/issues/25891#issuecomment-1368509262.

(cherry picked from commit 5908d86425)
2023-01-26 09:12:21 +01:00
Yu Watanabe
efc4cbaa7f test-network: reprocess the loopback network interface
Fixes the issue reported at https://github.com/systemd/systemd-centos-ci/pull/585#issuecomment-1385537641.

(cherry picked from commit df0a741cdd)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
1710948120 test: bump D-Bus service start timeout if we run without accel
The default (25s) doesn't seem to be enough in some cases (especially
in VMs without acceleration), causing spurious timeouts:

[  174.297658] dbus-daemon[647]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.0' (uid=0 pid=645 comm="hostnamectl " label="kernel")
[  184.202313] systemd[1]: systemd-update-utmp-runlevel.service: Consumed 1.253s CPU time.
[  197.335422] systemd[1]: Started dbus.service.
[  199.211468] testsuite-71.sh[639]: + assert_in 'Static hostname: H' ''
[  199.347192] dbus-daemon[647]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms)
[  199.394879] testsuite-71.sh[657]: + set +ex
[  199.438918] testsuite-71.sh[657]: FAIL: 'Static hostname: H' not found in:
[  200.966006] systemd-logind[631]: Watching system buttons on /dev/input/event0 (Power Button)
[  201.008178] systemd-logind[631]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
[  201.034106] systemd-logind[631]: New seat seat0.
[  201.238267] sh[658]: + systemctl poweroff --no-block
[  201.329890] systemd[1]: Starting systemd-hostnamed.service...
[  202.156622] systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully.
[  204.818913] hostnamectl[645]: Failed to query system properties: Connection timed out
[  205.195583] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[  205.227237] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[  205.712780] systemd[1]: Failed to start testsuite-71.service.

(cherry picked from commit c78d18215b)
2023-01-26 09:12:21 +01:00
Yu Watanabe
a674a398e7 sd-dhcp-client: gracefully handle invalid ether type client ID
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.

Fixes #25984.

(cherry picked from commit 841dfd3dc0)
2023-01-26 09:12:21 +01:00
Yu Watanabe
b10b9770d5 network: fix memleak
Fixes a bug introduced by af2aea8bb6.

Fixes #25883 and #25891.

(cherry picked from commit 303dfa73b3)
2023-01-26 09:12:21 +01:00
David Tardon
25e30725d7 mount: handle bind mount of file with non-existing target
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.

Fixes: #17184
(cherry picked from commit 218cfe2335)
2023-01-26 09:12:21 +01:00
Alberto Planas
78ffc39f9e creds-util: merge the TPM2 detection for initrd
This patch merge the TPM2 detection paths when we are inside and outside
an initrd.

Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e37dfcec52)
2023-01-26 09:12:21 +01:00
Alberto Planas
4f420958f9 creds-util: do not try TPM2 if there is not support
During the credentials encryption, if systemd it is compiled with TPM2
support, it will try to use it depending on the key flags passed.

The current code only checks if the system has a functional TPM2 if the
case of the INITRD flag.

This patch do a similar check in the case that it is outside initrd (but
still automatic).

Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e653a194e4)
2023-01-26 09:12:21 +01:00
Alberto Planas
432ec5a654 creds-util: check for CAP_DAC_READ_SEARCH
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2).  This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.

This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.

Non-root users can now create per-user credentials with:

  export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
  systemd-creds setup

Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f27)
2023-01-26 09:12:21 +01:00
Mike Yuan
49804cfb71 gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev"
When these partitions are probed by gpt-auto,
they will always be hardened with such options.

See also: https://github.com/systemd/systemd/issues/25776#issuecomment-1364115711

Closes #25776

(cherry picked from commit d708293d43)
2023-01-26 09:12:21 +01:00
Yu Watanabe
89e86ad8df busctl: fix introspecting DBus properties
Follow-up for f2f7785d7a.

Fixes #26033.

(cherry picked from commit 2cbb171d20)
2023-01-26 09:12:21 +01:00
Frantisek Sumsal
4ac9f178ea test: explicitly create the /etc/init.d directory
On RHEL/CentOS/Fedora this directory is provided by the chkconfig or
initscripts package, which might not be installed:

testsuite-26.sh[1225]: + [[ -x /usr/lib/systemd/system-generators/systemd-sysv-generator ]]
testsuite-26.sh[1225]: + cat
testsuite-26.sh[2330]: /usr/lib/systemd/tests/testdata/units/testsuite-26.sh: line 299: /etc/init.d/issue-24990: No such file or directory

Follow-up to 5f882cc3ab.

(cherry picked from commit 7fcf0fab07)
2023-01-26 09:12:21 +01:00