1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

784 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
2a9b4bbe3e Move rpm stuff into a separate src/rpm/ directory
It is only of interest to rpm-based distros, we can move it out of src/core/
which is pretty busy.
2021-02-15 20:49:14 +01:00
Yu Watanabe
e5bc5f1f5a fundamental: move several macros and functions into src/fundamental/
sd-boot has a copy of a subset of codes from libbasic. This makes
sd-boot share the code with libbasic, and dedup the code.

Note, startswith_no_case() is dropped from sd-boot, as
- it is not used,
- the previous implementation is not correct,
- gnu-efi does not have StrniCmp() or so.
2021-02-09 14:22:54 +09:00
Zbigniew Jędrzejewski-Szmek
9afd5e7b97 Deprecate builds with split-usr, prepare for removal
There is no technical reason to support systems with split-usr, except for
backwards compatibility. Even though systemd itself makes an effort to support
this, many other tools aren't as careful. Despite those efforts, we
(collectively) get it wrong often, because doing it "wrong" on systems with
merged-usr has no consequences. Since almost all developers are on such
systems, any issues are only discovered late. Supporting this split-usr mode
makes both code and documentation more complicated. The split is purely
artificial and has no justification except to allow old installation to not
update. Mechanisms to update existing systems are available though: Fedora
did that in https://fedoraproject.org/wiki/Features/UsrMove, Debian has
the usrmerge package.

The next version of Debian will only support systems with split-usr=false,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978636#178:

  The Technical Committee resolves that Debian 'bookworm' should
  support only the merged-usr root filesystem layout, dropping support
  for the non-merged-usr layout.

Let's start warning if split-usr mode is used, in preparation to removing the
split in one of the future releases.
2021-02-03 22:08:35 +00:00
Zbigniew Jędrzejewski-Szmek
0411a11811 meson: use ellipses for ranges
C.f. 1d3a473b4a.
2021-02-02 14:39:48 +01:00
Zbigniew Jędrzejewski-Szmek
ea8b9b2f8a meson: take oomd out of the doghouse
It's on by default in Fedora 34 [1], so we can't say it's just a preview.

[1] https://fedoraproject.org/wiki/Changes/EnableSystemdOomd
2021-02-02 14:38:19 +01:00
Zbigniew Jędrzejewski-Szmek
d3821a339e tools: rename helper to match target name
The target is update-syscall-tables, so let's call the script
update-syscall-tables.sh to reduce the cognitive overhead when
trying to find the right file.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
2bc48bbdd7 docs: expose GVARIANT-SERIALIZATION as markdown 2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
816f31d018 meson: rename target to update-hwdb-autosuspend
The script is renamed to match.

Now all targets are named uniformly in a tab-completion-friendly fashion, with
the exception of systemd-update-po which is generated by the i18n module
automatically:

$ ninja -C build -t targets | grep update
systemd-update-po: phony
update-syscall-tables: phony
update-syscall-header: phony
update-hwdb: phony
update-hwdb-autosuspend: phony
update-dbus-docs: CUSTOM_COMMAND
update-man-rules: CUSTOM_COMMAND
2021-01-27 09:24:30 +01:00
Zbigniew Jędrzejewski-Szmek
4095cff07e meson: rename target to update-hwdb
The goal is to have all "update-*" targets named uniformly so that
tab-completion works. The script is renamed to match.
2021-01-27 09:22:15 +01:00
Zbigniew Jędrzejewski-Szmek
e3c368f63c meson: rename target to update-man-rules
Same justification as for update-dbus-docs.
2021-01-27 09:10:25 +01:00
Zbigniew Jędrzejewski-Szmek
4c890ad3cc meson: rename target to update-dbus-docs
Very old versions of meson did not include the subdirectory name in the
target name, so we started adding various "top-level" custom targets in
subdirectories. This was nice because the main meson.build file wasn't
as cluttered. But then meson started including the subdir name in the
target name. So let's move the definition to the root so we can have all
targets named uniformly.
2021-01-27 08:46:42 +01:00
Yu Watanabe
3cc6b14a87 udev: stop to use LOG_REALM_UDEV
Before this commit, udevd is built with LOG_REALM=LOG_REALM_UDEV.
However, log level specified by e.g. environment variable or kernel
command line option are also passed to LOG_REALM_SYSTEMD. So, the
maximum log level for the two realms are always equivalent, and it is
not necessary to specify the build option. Hence drop it.
2021-01-25 20:32:18 +09:00
Luca Boccassi
aac5fbff0b sysext: install in rootbindir, remove template from unit
This reverts commit 71ad75f306.
2021-01-20 15:25:03 +01:00
Luca Boccassi
71ad75f306 sysext: install in /usr/lib/systemd/ for now
This is a brand new binary, and the CI packaging doesn't pick it up,
causing the upstream testrun to fail (sysext is pulled in by the unit).
2021-01-19 13:41:42 +01:00
Lennart Poettering
a1fd722b5d meson: bindir is the default install_dir, no need to mention it 2021-01-19 13:41:42 +01:00
Lennart Poettering
9bca4ae4cd sysext: new tool for managing "system extensions" for /usr/ + /opt/ 2021-01-19 13:41:42 +01:00
Yu Watanabe
024e9084c1 meson: move several definitions related libsystemd to src/libsystemd/meson.build 2021-01-19 07:06:32 +09:00
Yu Watanabe
40dbce36df meson: use static_libsystemd_pic 2021-01-19 07:06:32 +09:00
Yu Watanabe
8d40961c3c meson: slightly disentangle code dependencies
But, still sd-id128 is used in src/basic.
2021-01-19 07:06:32 +09:00
Yu Watanabe
b61016f207 meson: sort inclusion of meson.build files in subdirectories 2021-01-19 07:06:32 +09:00
Yu Watanabe
529642936b meson: move libjournal_core definition to src/journal/meson.build 2021-01-19 07:06:32 +09:00
Yu Watanabe
3976f372ae meson: move libudev related definitions to src/libudev/meson.build
Also, this makes libudev.so built in build directory.
2021-01-19 07:06:32 +09:00
Yu Watanabe
f6fe732ff3 meson: move and gather find_program() 2021-01-19 07:06:32 +09:00
Yu Watanabe
73e994f291 meson: drop redundant source files in executable() 2021-01-19 07:06:32 +09:00
Yu Watanabe
0275e918af meson: move source file list for systemd-xdg-autostart-generator and its tests 2021-01-19 07:06:32 +09:00
Yu Watanabe
f98df767e1 meson: move source file list for busctl 2021-01-19 07:06:32 +09:00
Yu Watanabe
2ad279cfa4 meson: move source file list for systemd-cryptenroll 2021-01-19 07:06:32 +09:00
Yu Watanabe
b4d1892aac meson: move source file list for systemd-cryptsetup 2021-01-19 07:06:32 +09:00
Yu Watanabe
18b49798a6 meson: show standalone-binaries setting in the summary 2021-01-19 07:06:32 +09:00
Yu Watanabe
cbaaf7b9dd meson: drop redundant directory specification in additional source files 2021-01-19 07:06:32 +09:00
Yu Watanabe
c35125732f meson: move definition of systemctl source files 2021-01-19 07:06:29 +09:00
Yu Watanabe
f5a5284ea1 meson: introduce libtimesyncd_core library 2021-01-19 07:04:19 +09:00
Yu Watanabe
5acb3cabd1 meson: make the second and third elements of tests or fuzzers optional
Then, we can shorten many test definitions.
2021-01-19 07:04:19 +09:00
Yu Watanabe
bac11cd667 core: move several source files to src/shared
As, the files are used by many executables, fstab-generator, remount-fs,
machine-id-setup, and etc.
With this change, the total size of the relevant executables and
libshared slightly decreases.

Before:
```
$ ll systemd-fstab-generator systemd-remount-fs systemd-machine-id-setup systemd-shutdown systemd-nspawn systemd src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 watanabe watanabe 7577800 Jan  5 13:35 src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 watanabe watanabe 4608360 Jan  5 13:35 systemd
-rwxrwxr-x 1 watanabe watanabe  117240 Jan  5 13:35 systemd-fstab-generator
-rwxrwxr-x 1 watanabe watanabe   61576 Jan  5 13:35 systemd-machine-id-setup
-rwxrwxr-x 1 watanabe watanabe  853080 Jan  5 13:35 systemd-nspawn
-rwxrwxr-x 1 watanabe watanabe   70600 Jan  5 13:35 systemd-remount-fs
-rwxrwxr-x 1 watanabe watanabe  172624 Jan  5 13:35 systemd-shutdown
```
Total: 13461280

After:
```
$ ll systemd-fstab-generator systemd-remount-fs systemd-machine-id-setup systemd-shutdown systemd-nspawn systemd src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 watanabe watanabe 7658336 Jan  5 13:32 src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 watanabe watanabe 4523560 Jan  5 13:32 systemd
-rwxrwxr-x 1 watanabe watanabe   78288 Jan  5 13:32 systemd-fstab-generator
-rwxrwxr-x 1 watanabe watanabe   30984 Jan  5 13:32 systemd-machine-id-setup
-rwxrwxr-x 1 watanabe watanabe  840384 Jan  5 13:32 systemd-nspawn
-rwxrwxr-x 1 watanabe watanabe   39104 Jan  5 13:32 systemd-remount-fs
-rwxrwxr-x 1 watanabe watanabe  117160 Jan  5 13:32 systemd-shutdown
```
Total: 13287816
2021-01-19 07:04:19 +09:00
Yu Watanabe
cf2423503b time-wait-sync: move time-wait-sync.c -> src/timesync/wait-sync.c
As wait-online is located under src/network.
2021-01-19 07:04:19 +09:00
Yu Watanabe
99b9f8fddd sd-journal: move source files for sd-journal to src/libsystemd/sd-journal 2021-01-19 07:04:18 +09:00
Luca Boccassi
5e8deb94c6 core: add DBUS method to bind mount new nodes without service restart
Allow to setup new bind mounts for a service at runtime (via either
DBUS or a new 'systemctl bind' verb) with a new helper that forks into
the unit's mount namespace.
Add a new integration test to cover this.

Useful for zero-downtime addition to services that are running inside
mount namespaces, especially when using RootImage/RootDirectory.

If a service runs with a read-only root, a tmpfs is added on /run
to ensure we can create the airlock directory for incoming mounts
under /run/host/incoming.
2021-01-18 17:24:05 +00:00
Lennart Poettering
3dc536e0c5
Merge pull request #17576 from gportay/veritysetup-add-support-for-dm-verity-flags
veritysetup: add support for veritytab
2021-01-17 11:18:25 +01:00
Zbigniew Jędrzejewski-Szmek
2b5a1402f6
Merge pull request #18263 from keszybz/syscalls-auto
Generate missing syscalls headers programatically
2021-01-16 17:21:34 +01:00
Daan De Meyer
064b8e2c99 meson: Use configure_file when version-tag is specified
vcs_tag() is slow. When the version-tag meson option is set,
we can use configure_file() directly to speed up incremental
builds.

Before (with version-tag set to v247):

```
‣ Running build script...
[1/418] Generating version.h with a custom command

real    0m0.521s
user    0m0.229s
sys     0m0.067s
```

After (with version-tag set to v247):

```
‣ Running build script...
ninja: no work to do.

real    0m0.094s
user    0m0.048s
sys     0m0.022s
```
2021-01-15 19:34:44 +01:00
Zbigniew Jędrzejewski-Szmek
9a6da617db meson: download full syscall tables from hrw/syscalls-table
The target is renamed to 'update-syscall-tables'. (Other targets
with similar names will be added later.)
2021-01-15 18:35:02 +01:00
Gaël PORTAY
08b04ec7e7 veritysetup-generator: add support for veritytab
This adds the support for veritytab.

The veritytab file contains at most five fields, the first four are
mandatory, the last one is optional:
 - The first field contains the name of the resulting verity volume; its
   block device is set up /dev/mapper/</filename>.
 - The second field contains a path to the underlying block data device,
   or a specification of a block device via UUID= followed by the UUID.
 - The third field contains a path to the underlying block hash device,
   or a specification of a block device via UUID= followed by the UUID.
 - The fourth field is the roothash in hexadecimal.
 - The fifth field, if present, is a comma-delimited list of options.
   The following options are recognized only: ignore-corruption,
   restart-on-corruption, panic-on-corruption, ignore-zero-blocks,
   check-at-most-once and root-hash-signature. The others options will
   be implemented later.

Also, this adds support for the new kernel verity command line boolean
option "veritytab" which enables the read for veritytab, and the new
environment variable SYSTEMD_VERITYTAB which sets the path to the file
veritytab to read.
2021-01-15 11:06:11 -05:00
Josh Triplett
225d08b879 Add install-sysconfdir=no-samples option for (non-)installation of sample configs
By default, systemd installs various sample configuration files
containing commented-out defaults. Systems seeking to minimize the
number of files in /etc may wish to install directories and
configuration files that have semantic effects, but not install not
commented-out sample configuration files.

Turn install-sysconfdir into a multi-valued option, with a "no-samples"
value to skip installing sample-only configuration files.
2021-01-14 15:22:06 +09:00
Matthias Klumpp
8f20232fcb localed: Run locale-gen if available to generate missing locale
This change improves integration with distributions using locale-gen to
generate missing locale on-demand, like Debian-based distributions
(Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
We only ever enable new locales for generation, and never disable them.
Furthermore, we only generate UTF-8 locale.

This feature is only used if explicitly enabled at compile-time, and
will also be inert at runtime if the locale-gen binary is missing.
2021-01-12 23:15:12 +01:00
Karel Zak
4fcc033b54 udev-builtin-blkid: add support for --hint offsets
The next libblkid v2.37 is going to support session offsets for
multi-session CD/DVDs. This feature is implemented by "hint offsets".

These offsets are optional and prober specific (e.g., iso, udf, ...).
For this purpose, the library provides a new function
blkid_probe_set_hint(), and blkid(8) provides a new command-line
option --hint <name>=<offset>. For CD/DVD, the offset name is
"session_offset".

The difference between classic --offset and the new --hint is that
--offset is very restrictive and defines the probing area and the rest
of the device is invisible to the library. The new --hint works
like a suggestion, it provides a hint where the user assumes the
filesystem, but the rest of the device is still readable for the
library (for example, to get some additional superblock information
etc.).

If the --hint is without a value then it defaults to zero.

The option --hint implementation in udev-builtin-blkid.c is backwardly
compatible. If compiled against old libblkid, then the option is used in
the same way as --offset.

Addresses: https://github.com/karelzak/util-linux/issues/1161
Addresses: https://github.com/systemd/systemd/pull/17424
2021-01-13 00:58:43 +09:00
Zbigniew Jędrzejewski-Szmek
a412ec5714 meson: fix git ls-files invocations during rebase
Normally ls-files prints the full path to files from the repo root. But when
$GIT_WORK_TREE is set, ls-files prints paths relative to the current
directory. When rebasing, $GIT_WORK_TREE is set in the commands executed from
'rebase -x'. This causes problems if meson config is touched and the meson
reconfigures itself. ($GIT_WORK_TREE shouldn't be relevant, since the paths that
ls-files reports don't depend on the work tree, but whatever.) Let's unset
GIT_WORK_TREE to avoid the issue.

$ (cd test; git --git-dir=$PWD/../.git ls-files ':/test/dmidecode-dumps/*.bin')
test/dmidecode-dumps/HP-Z600.bin
test/dmidecode-dumps/Lenovo-ThinkPad-X280.bin
test/dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin

$ (cd test; GIT_WORK_TREE=$PWD/.. git --git-dir=$PWD/../.git ls-files ':/test/dmidecode-dumps/*.bin')
dmidecode-dumps/HP-Z600.bin
dmidecode-dumps/Lenovo-ThinkPad-X280.bin
dmidecode-dumps/Lenovo-Thinkcentre-m720s.bin

Fixes #18148.
2021-01-09 09:22:26 +09:00
Luca Boccassi
3c2c8e62c9 cryptsetup: use crypt_token_max if available
New API added upstream:

8a12f6dc2c
2021-01-05 12:16:07 +00:00
Lennart Poettering
18843ecc2a cryptsetup: add support for TPM2 unlocking of volumes 2020-12-17 20:02:03 +01:00
Lennart Poettering
d2fafc423d cryptenroll: support listing and wiping tokens 2020-12-17 20:01:52 +01:00
Lennart Poettering
5e521624f2 cryptenroll: add support for TPM2 enrolling 2020-12-17 20:01:31 +01:00
Lennart Poettering
8710a6818e cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 security tokens 2020-12-17 20:00:51 +01:00
Lennart Poettering
2bc5c425e6 cryptsetup: add fido2 support 2020-12-17 20:00:41 +01:00
Lennart Poettering
69cb28965b homed: turn libfido2 into a dlopen() type dependency 2020-12-17 19:59:32 +01:00
Yu Watanabe
e4b127e2cc meson: do not link with libudev 2020-12-16 02:31:44 +09:00
Khem Raj
5bb20fd3d3 meson: Fix reallocarray check
reallocarray() is defined in stdlib.h, so that would be right header to
check for its presense.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-13 09:44:29 +01:00
Zbigniew Jędrzejewski-Szmek
3c94f71472 Drop compat "gateway" name
Back in 5248e7e1f1 (July 2017) we moved over to
"_gateway", with the old name declared to be temporary measure. Since we're
doing a bunch of changes to resolved now, it seems to be a good moment to make
this simplification and not add support for the compat name in new code.
2020-12-10 20:44:41 +01:00
Luca Boccassi
a6c7811f0d meson: specify correct libqrencode version in meson dep 2020-12-09 13:34:53 +01:00
Zbigniew Jędrzejewski-Szmek
7e0079f95f Make support for nscd flushing optional
Fedora will deprecate support for nscd in the upcoming release [1] and plans to
drop it in the next one [2]. At that point we might as well build systemd
without that support too, since there'll be nothing to talk too.

[1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD
[2] https://fedoraproject.org/wiki/Changes/RemoveNSCD
2020-12-07 19:46:02 +01:00
Lennart Poettering
6dd16814a5
Merge pull request #17079 from keszybz/late-exec-resolution
Resolve executable paths before execution, use fexecve()
2020-12-03 14:58:20 +01:00
Yu Watanabe
f01a3b79fa
Merge pull request #17810 from systemd/meson-allows-fuzzer-building
meson: always allow fuzzers to be built
2020-12-03 07:36:43 +09:00
Zbigniew Jędrzejewski-Szmek
7e299ffe10 meson: allow fuzzers to be built even if fuzz testing is disabled
This makes commands like 'ninja -C build fuzz-journal-remote' or
'ninja -C build fuzzers' work, even if we have -Dfuzz-tests=false.
Two advantages: correctness of the meson declarations is verified even
if fuzzers are not built, and it easier to do a one-off build to check for
regressions or such.

Follow-up for 1763ef1d49.
2020-12-02 13:51:31 +01:00
Yu Watanabe
0f82a2ab5c meson: use '_' as separator in fuzz test names
Follow-up for d448888924 and ca121e20c4.

Fixes #17568.
2020-12-02 11:14:26 +01:00
Zbigniew Jędrzejewski-Szmek
ce9067697b meson: add missing "S" to SYSTEMD_CGROUPS_AGENT_PATH
Other similar variables use the binary name underscorified and upppercased
(with "_BINARY" appended in some cases to avoid ambiguity). Add "S" to follow
the same pattern for systemd-cgroups-agent.

Based on the discussion in #16715.
2020-12-01 09:34:17 +01:00
Yu Watanabe
0d5eb02134
Merge pull request #17478 from yuwata/split-network-internal
libsystemd-network: split network-internal.c
2020-11-27 09:04:19 +09:00
Yu Watanabe
435b5ba8d5 meson: set CURL_NO_OLDIES in developer mode 2020-11-21 01:55:41 +09:00
Zbigniew Jędrzejewski-Szmek
1598b07da3
Merge pull request #17640 from keszybz/meson-test-c++20
Also test headers against c++20
2020-11-17 17:14:49 +01:00
Zbigniew Jędrzejewski-Szmek
e318c2a444 meson: use proper variable for libudev.h path 2020-11-17 10:01:05 +01:00
Yu Watanabe
1763ef1d49 meson: do not build fuzzers when fuzz-tests=false
Closes #17578.
2020-11-13 18:15:37 +09:00
Zbigniew Jędrzejewski-Szmek
08c1864f0d meson: allow oomd to be enabled even in release mode
A distro (Fedora in particular) may want to enable oomd in a unstable
branch for testing, even though the package as a whole is compiled in release
mode. Let's emit a warning but otherwise allow this.
2020-11-12 13:25:40 +01:00
Jörg Thalheim
d7aa78c32f meson: add option to skip installing to $sysconfdir
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.

Alternative to https://github.com/systemd/systemd/pull/17501

tested with:

$ mkdir inst build && cd build
$ meson \
  -Dcreate-log-dirs=false \
  -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \
  -Dsysvinit-path=$(realpath ../inst)/etc/init.d \
  -Drootprefix=$(realpath ../inst) \
  -Dinstall-sysconfdir=false \
  --prefix=$(realpath ../inst) ..
$ ninja install
2020-11-12 11:21:46 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
ceedbf8185 meson: add option for fexecve use
There are downsides to using fexecve:

when fexecve is used (for normal executables), /proc/pid/status shows Name: 3,
which means that ps -C foobar doesn't work. pidof works, because it checks
/proc/self/cmdline. /proc/self/exe also shows the correct link, but requires
privileges to read. /proc/self/comm also shows "3".

I think this can be considered a kernel deficiency: when O_CLOEXEC is used, this
"3" is completely meaningless. It could be any number. The kernel should use
argv[0] instead, which at least has *some* meaning.

I think the approach with fexecve/execveat is instersting, so let's provide it
as opt-in.
2020-11-06 15:20:34 +01:00
Zbigniew Jędrzejewski-Szmek
8939eeae52 shared/exec-util: use our own execveat() wrapper instead of fexecve()
For scripts, when we call fexecve(), on new kernels glibc calls execveat(),
which fails with ENOENT, and then we fall back to execve() which succeeds:
[pid 63039] execveat(3, "", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory)
[pid 63039] execve("/home/zbyszek/src/systemd/test/test-path-util/script.sh", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */) = 0

But on older kernels glibc (some versions?) implement a fallback which falls
into the same trap with bash $0:
[pid 13534] execve("/proc/self/fd/3", ["/home/test/systemd/test/test-path-util/script.sh", "--version"], 0x7fff84995870 /* 0 vars */) = 0

We don't want that, so let's call execveat() ourselves. Then we can do the
execve() fallback as we want.
2020-11-06 15:20:34 +01:00
Yu Watanabe
26f4d32365 meson: drop libsystemd_network from several binaries
This reduces the size of udevadm:

Before:
```
$ ll udevadm
-rwxrwxr-x 1 watanabe watanabe 1203800 Oct 29 01:36 udevadm
```

After:
```
$ ll udevadm
-rwxrwxr-x 1 watanabe watanabe 1094384 Oct 29 01:38 udevadm
```
2020-10-29 14:23:49 +09:00
Zbigniew Jędrzejewski-Szmek
a1989bd84b
Merge pull request #17454 from keszybz/journal-dlopen-cleanup
Journal dlopen cleanup and qrcode printing test
2020-10-28 18:20:27 +01:00
Zbigniew Jędrzejewski-Szmek
a881d96183 meson: fix setting of ENABLE_OOMD
-Doomd=auto (the default) didn't work as intended because the initial correct
value was overwritten later by logic that didn't check for 'auto'.
2020-10-27 18:42:49 +01:00
Zbigniew Jędrzejewski-Szmek
9337945233 meson: sort include dirs
Our headers should have unique names, so the sort order shouldn't matter.
2020-10-23 20:33:28 +02:00
Lennart Poettering
a53225670d build-sys: prepare 247-rc1
Interestingly, the libudev so version was already bumped.
2020-10-23 13:44:33 +02:00
Lennart Poettering
f93ba37530 test: add heavy load loopback block device test 2020-10-22 15:10:03 +02:00
Zbigniew Jędrzejewski-Szmek
b8ee3493a5 meson: convert developer_mode boolean to an enum
I initially changed this to add a third state. But even with two values having
an explicit name instead of just 0/1 is mode descriptive.
2020-10-22 11:05:17 +02:00
Michael Biebl
427103f7a6
Merge pull request #17297 from keszybz/tmpfiles-sysusers-disable-standalone-image
tmpfiles,sysusers: disable --image= support in standalone versions
2020-10-20 23:07:16 +02:00
Zbigniew Jędrzejewski-Szmek
d58c5f0fe7 meson: enable oomd by default in developer mode
We want to compile the new code in CI without having to explicitly specify
-Doomd=true everywhere. Let's enable it by default, and rely on distros
setting -Dmode=release to not have it enabled by default.
2020-10-15 15:53:57 +02:00
Zbigniew Jędrzejewski-Szmek
69c0807432
Merge pull request #15206 from anitazha/systoomd-v0
systemd-oomd
2020-10-15 14:16:52 +02:00
Anita Zhang
c199dd3fd7 meson: disable systemd-oomd by default
systemd-oomd can be enabled when in developer mode (-Dmode=developer)
2020-10-14 23:14:24 -07:00
Lennart Poettering
441e0fdb90 missing: add close_range() wrapper
The syscall was added in 5.9 and is not yet exposed in glibc, hence
define our own wrapper.
2020-10-14 10:40:10 +02:00
Zbigniew Jędrzejewski-Szmek
4b6f74f5a0 basic/selinux: work around mallinfo deprecation
Latest glibc has deprecated mallinfo(), so it might become unavailable at some point
in the future. There is malloc_info(), but it returns XML, ffs. I think the information
that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and
not otherwise.
2020-10-12 15:51:39 +02:00
Zbigniew Jędrzejewski-Szmek
3537577c37 tmpfiles,sysusers: disable --image= support in standalone versions
Fixes #17278.
2020-10-09 18:03:04 +02:00
Anita Zhang
5c616ecfcd systemd-oomd: dbus hook ups and oomctl CLI 2020-10-07 17:12:24 -07:00
Anita Zhang
9de5e32136 systemd-oomd: manager/daemon 2020-10-07 17:12:24 -07:00
Anita Zhang
61ff7397d0 systemd-oomd: unit testable helper functions
Helpers used by the systemd-oomd daemon to read/fill in various contexts and
make detection and kill decisions.

i.e. a simplified/less configurable version of
https://github.com/facebookincubator/oomd/tree/master/src/oomd.
2020-10-07 17:12:22 -07:00
Lennart Poettering
daf71ef61c systemctl: split up humungous systemctl.c file
This is just some refactoring: shifting around of code, not change in
codeflow.

This splits up the way too huge systemctl.c in multiple more easily
digestable files. It roughly follows the rule that each family of verbs
gets its own .c/.h file pair, and so do all the compat executable names
we support. Plus three extra files for sysv compat (which existed before
already, but I renamed slightly, to get the systemctl- prefix lik
everything else), a -util file with generic stuff everything uses, and a
-logind file with everything that talks directly to logind instead of
PID1.

systemctl is still a bit too complex for my taste, but I think this way
itc omes in a more digestable bits at least.

No change of behaviour, just reshuffling of some code.
2020-10-07 23:12:15 +02:00
Lennart Poettering
c14ebe07a9
Merge pull request #17172 from keszybz/read-login-defs
Read /etc/login.defs
2020-10-02 11:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
aa25270cb2 sysusers: look at login.defs when setting the default range to allocate users
Also, even if login.defs are not present, don't start allocating at 1, but at
SYSTEM_UID_MIN.

Fixes #9769.

The test is adjusted. Actually, it was busted before, because sysusers would
never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than
SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are
equal, so we didn't notice. Since sysusers now always uses the minimum of the
two, we only need to substitute one value.
2020-10-01 19:53:45 +02:00
Zbigniew Jędrzejewski-Szmek
bd7e6aa73a test/TEST-21-SYSUSERS: turn into a unit test
All this test does is manipulate text files in a subdir specified with --testroot.
It can be a normal unittest without the overhead of creating a machine image.

As a bonus, also test the .standalone version.
2020-10-01 17:52:51 +02:00
Zbigniew Jędrzejewski-Szmek
fc1a5d1a70 Also parse the minimum uid/gid values
We don't (and shouldn't I think) look at them when determining the type of the
user, but they should be used during user/group allocation. (For example, an
admin may specify SYS_UID_MIN==200 to allow statically numbered users that are
shared with other systems in the range 1–199.)
2020-10-01 17:52:41 +02:00
Zbigniew Jędrzejewski-Szmek
53393c894d Look at /etc/login.defs for the system_max_[ug]id values
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
  500 for a long time. Systems which are upgraded over time might have users
  in the wrong range, but changing existing systems is complicated and
  expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
  one value and others another.
So let's make this boundary overridable using /etc/login.defs.

Fixes #3855, #10184.
2020-10-01 17:49:31 +02:00
Luca Boccassi
feee7f6288 libcrypt-util: use build-time check for crypt_preferred_method
After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra
is checked, but there are cases where that function is available but crypt_preferred_method
is not, and they are used in the same ifdef.
Add a check for the latter as well.
2020-09-28 10:23:48 +02:00
Lennart Poettering
36f8cf0163
Merge pull request #17086 from keszybz/developer-mode-default
Update dbus docs, make developer mode default
2020-09-22 16:29:28 +02:00
Anita Zhang
06ca077ba2 meson: remove multi-line statement with trailing '\'
Error on meson 0.47:
```
meson.build:885:47: ERROR:  Expecting colon got eol_cont.
crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? \
                                               ^
```

This seems to have been fixed in meson 0.50 after a report from
https://github.com/mesonbuild/meson/issues/4720
2020-09-21 21:20:39 +02:00
Lennart Poettering
3f440b13b7
Merge pull request #16981 from keszybz/use-crypt_ra
Use crypt_ra to allocate scratch area for password hashing
2020-09-18 19:46:08 +02:00
Zbigniew Jędrzejewski-Szmek
4c8e5f442b meson: make "developer" mode the default
This means that the dbus doc consistency checks will be enabled by default,
including in the CI. I think that will work better than current state where
people do not enable them and them follow-up patches for the docs like the
parent commit must be had.
2020-09-17 09:02:29 +02:00
Zbigniew Jędrzejewski-Szmek
452d2dfd52 meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH
RC_LOCAL_SCRIPT_PATH_START and RC_LOCAL_SCRIPT_PATH_STOP were was originally
added in the conversion to meson based on the autotools name. In
4450894653 RC_LOCAL_SCRIPT_PATH_STOP was dropped.
We don't need to use such a long name.
2020-09-15 17:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
2b49f0ca83 Check for crypt_gensalt_ra() instead of relying on libxcrypt presence
Since the loop to check various xcrypt functions is already in place,
adding one more is cheap. And it is nicer to check for the function
directly. People like to backport things, so we might get lucky even
without having libxcrypt.
2020-09-15 11:52:30 +02:00
Zbigniew Jędrzejewski-Szmek
e8644a414a meson: test if we have libcrypt_ra
We always seem to have either libcrypt_r and not the other two, or all
three. So the fallback for libcrypt_ra needs to be based on libcrypt_r.
2020-09-15 11:52:30 +02:00
Lennart Poettering
b612c26ceb sd-path: use ROOTPREFIX without suffixed slash
We already have rootprefix_noslash as meson variable, export it so that
we can also use it in C code.

Fixes: #16773
2020-09-11 13:08:30 +02:00
Lennart Poettering
bae66f4bda systemd-user: move pam snippet default location to /usr/lib/pam.d 2020-09-10 12:47:07 +02:00
Lennart Poettering
0d12936d9a shared: make libcryptsetup dep dlopen
Let's make libcryptsetup a dlopen() style dep for PID 1 (i.e. for
RootImage= and stuff), systemd-growfs and systemd-repart. (But leave to
be a regulra dep in systemd-cryptsetup, systemd-veritysetup and
systemd-homed since for them the libcryptsetup support is not auxiliary
but pretty much at the core of what they do.)

This should be useful for container images that want systemd in the
payload but don't care for the cryptsetup logic since dm-crypt and stuff
isn't available in containers anyway.

Fixes: #8249
2020-09-02 15:04:06 +02:00
Lennart Poettering
1e2f32305c shared: rename crypt-util.c → cryptsetup-util.c
"crypt-util.c" is such a generic name, let's avoid that, in particular
as libc's/libcrypt's crypt() function is so generically named too that
one might thing this is about that. Let's hence be more precise, and
make clear that this is about cryptsetup, and nothing else.

We already had cryptsetup-util.[ch] in src/cryptsetup/ doing keyfile
management. To avoid the needless confusion, let's rename that file to
cryptsetup-keyfile.[ch].
2020-09-02 15:00:32 +02:00
Lennart Poettering
3b684be04b libudev: also expose API to check for current tags in libudev 2020-09-01 17:40:12 +02:00
Zbigniew Jędrzejewski-Szmek
4cc73cf9c1 test: verify that dbus docs are fresh
This makes use of the developer mode switch: the test is only done
if the user opted-in into developer mode.

Before the man/update-dbus-docs was using the argument form where
we don't need to run find_command(), but that doesn't work with test(),,
so find_command() is used and we get one more line in the config log.
2020-08-27 21:30:22 +02:00
Zbigniew Jędrzejewski-Szmek
839bdf2505 meson: add "develop mode" config switch 2020-08-27 20:20:23 +02:00
Lennart Poettering
da3920c3a4 journal: move qrcode printing code to src/shared/
That way we can make use of it in homctl, too.
2020-08-25 17:58:02 +02:00
Zbigniew Jędrzejewski-Szmek
9f56c88aeb
Merge pull request #16819 from keszybz/seccomp-enosys
Return ENOSYS in nspawn for "unknown" syscalls
2020-08-25 09:18:46 +02:00
Zbigniew Jędrzejewski-Szmek
2aed63f427 tree-wide: fix spelling of "fallback"
Similarly to "setup" vs. "set up", "fallback" is a noun, and "fall back"
is the verb. (This is pretty clear when we construct a sentence in the
present continous: "we are falling back" not "we are fallbacking").
2020-08-20 17:45:32 +02:00
Zbigniew Jędrzejewski-Szmek
b3259a6e5f meson: add ENABLE_ANALYZE conditional 2020-08-20 17:42:13 +02:00
Lennart Poettering
1b13600948
Merge pull request #16771 from poettering/dyn-pwq
make libpwquality a dlopen() dependency + use it in systemd-firstboot, too
2020-08-19 15:40:41 +02:00
Zbigniew Jędrzejewski-Szmek
47354b440e meson: add syscall-names-update target
The calls to find_program("tools/*") are moved earlier so they can be used
in libshared/ (and it doesn't make sense to split them).
2020-08-19 15:30:24 +02:00
Anita Zhang
e71f5585b9 meson: add min version for libfdisk
Was trying to run src/partition/test-repart.sh on CentOS 8 and the first
resize call kept failing with ERANGE. Turned out that CentOS 8 comes
with libfdisk-devel-2.32.1 which is missing
2f35c1ead6
(in libfdisk 2.33 and up).
2020-08-19 10:18:33 +02:00
Lennart Poettering
679badd7ba home: make libpwquality dep a runtime dlopen() one
Also, let's move the glue for this to src/shared/ so that we later can
reuse this in sysemd-firstboot.

Given that libpwquality is a more a leaf dependency, let's make it
runtime optional, so that downstream distros can downgrade their package
deps from Required to Recommended.
2020-08-19 10:03:24 +02:00
Lennart Poettering
5a151082d7 meson: move systemd-dissect to /usr/bin 2020-08-11 22:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
1472b58835
Merge pull request #16260 from poettering/pcre2-dlopen
turn pcre2 dependency into dlopen() dependency
2020-08-04 15:37:48 +02:00
Zbigniew Jędrzejewski-Szmek
3a4378cb9e
Merge pull request #16145 from poettering/qrcode-dlopen
journalctl: make libqrencode a weak (dlopen() style) dependency
2020-08-04 15:25:50 +02:00
Zbigniew Jędrzejewski-Szmek
2d2d0a57e7 repart: adjust --help and test output width 2020-07-30 16:02:45 +02:00
Zbigniew Jędrzejewski-Szmek
0390b094f5 meson: do not choke on time epoch when there are no git tags
github ci was failing with:

meson.build:685:16: ERROR: String '' cannot be converted to int
2020-07-23 12:25:14 +02:00
Daan De Meyer
bd190899bb Get SOURCE_EPOCH from the latest git tag instead of NEWS
Currently, each change to NEWS triggers a meson reconfigure that
changes SOURCE_EPOCH which causes a full rebuild. Since NEWS changes
relatively often, we have a full rebuild each time we pull from
master even if we pull semi-regularly. This is further compounded
when using branches since NEWS has a relatively high chance to
differ between branches which causes git to update the modification
time, leading to a full rebuild when switching between branches.

We fix this by using the creation time of the latest git tag instead.
2020-07-23 08:38:30 +02:00
Lennart Poettering
9200bb30d0 journalctl: make pcre2 a dlopen() dependency
Let's make use of the library if it is installed, but otherwise just
generate a nice error and provide all other functionality.
2020-07-21 10:37:54 +02:00
Norbert Lange
55678b9eae build: skip installation of 2 files if feature is disabled
dont install systemd-update-utmp if utmp is disabled.
dont install systemd-initctl.service if sysv is disabled.
2020-07-18 13:50:39 +09:00
Zbigniew Jędrzejewski-Szmek
3994922baf meson: bump version numbers for v246 2020-07-08 17:35:54 +02:00
Lennart Poettering
7b78db28e5 homed: add support for authenticating with fido2 hmac-secret tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
1c0c4a43c6 homectl: add support for enrolling FIDO2 HMAC-SECRET tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
af4fbd463f build-sys: add libfido2 as optional dependency 2020-07-01 11:17:28 +02:00
Lennart Poettering
d80b051cea tree-wide: add new HAVE_COMPRESSION compile time flag
let's simplify the checks for ZSTD/LZ4/XZ

As suggested:

https://github.com/systemd/systemd/pull/16096#discussion_r440705585
2020-06-25 15:02:45 +02:00
Luca Boccassi
c2923fdcd7 dissect/nspawn: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
2020-06-25 08:45:21 +01:00
Lennart Poettering
e44b500484 journalctl: make libqrencode a weak dependency
This way journalctl can make use of libqrencode if it's there, but will
quietly not use it if it isn't.

This means libqrencode remains a build-time dep, but not a strict
runtime dependency.

I figure we should do something similar for a bunch of other "leaf"
libraries we only use few symbols of. Specifically the following are
probably good candidates:

* pcre2
* libpwquality
* p11kit
* elfutils

and possibly:

* libcryptsetup (only in some parts. i.e. building systemd-cryptsetup
  without it makes no sense. However building the dissect option with
  libcryptsetup as optional dep does make sense)
* possibly the compression libraries (at least the ones we never use for
  compression, but only as alternative ones for decompression)

Already covered like this is:

* libxkcommon
2020-06-25 09:28:27 +02:00
Lennart Poettering
7bf6babfa2
Merge pull request #16112 from poettering/nss-systemd-block-fix
rework nss-systemd recursion lock
2020-06-24 08:39:44 +02:00
Lennart Poettering
037b0a47b0 userdb: replace recursion lock
Previously we'd used the existance of a specific AF_UNIX socket in the
abstract namespace as lock for disabling lookup recursions. (for
breaking out of the loop: userdb synthesized from nss → nss synthesized
from userdb → userdb synthesized from nss → …)

I did it like that because it promised to work the same both in static
and in dynmically linked environments and is accessible easily from any
programming language.

However, it has a weakness regarding reuse attacks: the socket is
securely hashed (siphash) from the thread ID in combination with the
AT_RANDOM secret. Thus it should not be guessable from an attacker in
advance. That's only true if a thread takes the lock only once and
keeps it forever. However, if a thread takes and releases it multiple
times an attacker might monitor that and quickly take the lock
after the first iteration for follow-up iterations.

It's not a big issue given that userdb (as the primary user for this)
never released the lock and we never made the concept a public
interface, and it was only included in one release so far, but it's
something that deserves fixing. (moreover it's a local DoS only, only
permitting to disable native userdb lookups)

With this rework the libnss_systemd.so.2 module will now export two
additional symbols. These symbols are not used by glibc, but can be used
by arbitrary programs: one can be used to disable nss-systemd, the other
to check if it is currently disabled.

The lock is per-thread. It's slightly less pretty, since it requires
people to manually link against C code via dlopen()/dlsym(), but it
should work safely without the aforementioned weakness.
2020-06-23 17:24:24 +02:00
Filipe Brandenburger
db64ba81c6 meson: build standalone version of systemd-tmpfiles
Use -Dstandalone-binaries=yes to enable building and installing this standalone
version of the binary without a dependency on the systemd-shared solib.

Also move the list of sources for systemd-tmpfiles to its own meson.build file.
2020-06-10 10:54:29 -07:00
Filipe Brandenburger
8ef8f3d5a7 meson: add a new -Dstandalone-binaries=true option
This adds an option to build standalone binaries that do not depend on the
systemd-shared library. This option can be handy to build binaries that can be
useful on a non-systemd system, binaries such as systemd-sysusers and
systemd-tmpfiles have been previously requested, but installing them with all
the required dependencies pulls in too much code that isn't really relevant for
those use cases. The standalone use case is also relevant in containers, where
minimizing the size of the container image is quite relevant.

For now, only `systemd-sysusers` is also built as a standalone binary.

The standalone binaries are installed as `/usr/bin/%{name}.standalone`, the
packaging system is reponsible for renaming those into the correct names
during the packaging step. RPM is able to do so with RemovePathPostfixes:

The default behavior is to build shared binaries only, since this option is
mainly intended for building distribution packages.

Tested that a proper separate binary is built when using this option and
that having it disabled (or using the default Meson configuration) does not
produce a binary for this option.
2020-06-10 10:54:29 -07:00
YmrDtnJu
2ffadd3cee AppArmor: Support for loading a set of pre-compiled profiles at startup time
Let systemd load a set of pre-compiled AppArmor profile files from a policy
cache at /etc/apparmor/earlypolicy. Maintenance of that policy cache must be
done outside of systemd.

After successfully loading the profiles systemd will attempt to change to a
profile named systemd.

If systemd is already confined in a profile, it will not load any profile files
and will not attempt to change it's profile.

If anything goes wrong, systemd will only log failures. It will not fail to
start.
2020-06-09 20:27:47 +02:00
Norbert Lange
63e2d1714e udev: single binary replacing udevd and udevadm
Since the separate binaries contain mostly the same code,
this almost halves the size of the installation.

before:
398K /bin/udevadm
391K /lib/systemd/systemd-udevd

after:
431K /bin/udevadm
0    /lib/systemd/systemd-udevd -> ../../bin/udevadm

Fixes: #14200
2020-06-01 09:41:21 +02:00
Benjamin Berg
8feca2472c xdg-autostart-generator: Add a generator for XDG autostart files
This generator can be used by desktop environments to launch autostart
applications and services. The feature is an opt-in, triggered by
xdg-desktop-autostart.target being activated.

Also included is the new binary xdg-autostart-condition. This binary is
used as an ExecCondition to test the OnlyShowIn and NotShowIn XDG
desktop file keys. These need to be evaluated against the
XDG_CURRENT_DESKTOP environment variable which may not be known at
generation time.

Co-authored-by: Henri Chain <henri.chain@enioka.com>
2020-05-27 09:02:10 +02:00
Norbert Lange
6589a56972 dont install systemd-initctl, runlevel, telinit if no SYSV compat
systemd-initctl executable is still built.
2020-05-26 15:04:36 +02:00
Frantisek Sumsal
c56463fdb4 meson: add fuzz-tests= option
The slow-tests= option already enables fuzzers as well, however, this
option can't be used in the "fully sanitized" runs, as certain slow
tests are affected by the performance quite significantly.

This option allows us to enable only fuzzers without the slow tests to
meet the needs of such runs.
2020-05-21 16:59:40 +02:00
Evgeny Vereshchagin
8976715804 build-system: build the fuzz targets with both ASan and UBSan
Just a follow-up to https://github.com/systemd/systemd/pull/15860
2020-05-20 16:07:13 +02:00
Lennart Poettering
23769fb371 cryptsetup: split out key loading from pkcs11 code and teach search path logic
Let's do some rearrangements, so that we can later on use this to
automatically search for a key file.
2020-05-19 17:28:16 +02:00
Norbert Lange
cdf7ad38b6 allow removal of initrd services 2020-05-19 10:19:18 +02:00
Dimitri John Ledkov
6dbf352cfb meson: initialize time-epoch to reproducible builds compatible value
Debian Policy encourages to preserve timestamps whenever possible in the
tarballs, thus stable release updates of systemd usually do not bump NEWS file
timestamp. And thus time-epoch remains the same for the lifetime of a release.

It would be better, if each new stable release rebuild of systemd would bump
the time epoch a bit. But at the same time remain
reproducible. SOURCE_DATE_EPOCH is an environmnet variable defined for this
purpose. Thus if available, prefer that, instead of the NEWS file modification
time.

For example, on Debian/Ubuntu under the reproducible builds the
SOURCE_DATE_EPOCH is set to the timestamp from the packaging metadata, thus it
is incremented on every new stable release update, whilst preserving
reproducible builds capability.

Reference: https://reproducible-builds.org/docs/timestamps/
2020-05-18 08:45:01 +02:00
Zbigniew Jędrzejewski-Szmek
94c0c5b7ea shared/ethtool-util: hush gcc warnings about array bounds
[127/1355] Compiling C object 'src/shared/5afaae1@@systemd-shared-245@sta/ethtool-util.c.o'
../src/shared/ethtool-util.c: In function ‘ethtool_get_permanent_macaddr’:
../src/shared/ethtool-util.c:260:60: warning: array subscript 5 is outside the bounds of an interior zero-length array ‘__u8[0]’ {aka ‘unsigned char[]’} [-Wzero-length-bounds]
  260 |                 ret->ether_addr_octet[i] = epaddr.addr.data[i];
      |                                            ~~~~~~~~~~~~~~~~^~~
In file included from ../src/shared/ethtool-util.c:5:
../src/shared/linux/ethtool.h:704:7: note: while referencing ‘data’
  704 |  __u8 data[0];
      |       ^~~~
../src/shared/ethtool-util.c: In function ‘ethtool_set_features’:
../src/shared/ethtool-util.c:488:31: warning: array subscript 0 is outside the bounds of an interior zero-length array ‘__u32[0]’ {aka ‘unsigned int[]’} [-Wzero-length-bounds]
  488 |         len = buffer.info.data[0];
      |               ~~~~~~~~~~~~~~~~^~~
In file included from ../src/shared/ethtool-util.c:5:
../src/shared/linux/ethtool.h:631:8: note: while referencing ‘data’
  631 |  __u32 data[0];
      |        ^~~~

The kernel should not define the length of the array, but it does. We can't fix
that, so let's use a cast to avoid the warning.

For https://github.com/systemd/systemd/issues/6119#issuecomment-626073743.

v2:
- use #pragma instead of a cast. It seems the cast only works in some cases, and
  gcc is "smart" enough to see beyond the cast. Unfortunately clang does not support
  this warning, so we need to do a config check whether to try to suppress.
2020-05-11 13:57:11 +02:00
Zbigniew Jędrzejewski-Szmek
f2a8372e37
Merge pull request #15703 from poettering/homed-tweak-default-storage
homed: avoid double encryption
2020-05-08 16:57:14 +02:00
Zbigniew Jędrzejewski-Szmek
165bda37ba
Merge pull request #15718 from poettering/tmpfiles-offline
tmpfiles: read /etc/passwd + /etc/group with fgetpwent()/fgetgrent() if --root= is specified
2020-05-08 11:22:19 +02:00
Lennart Poettering
c76dd733af homed: make default storage/file system type configurable in homed.conf 2020-05-07 23:33:09 +02:00
Zbigniew Jędrzejewski-Szmek
eef4b80033 Add a basic test that the configured fallback hostname is OK
Ideally, assert_cc() would be used for this, so that it is not possible to even
compile systemd with something like '-Dfallback-hostname=.foo'. But to do a
proper check we need to call hostname_is_valid(), and we cannot depend on being
able to run code (e.g. during cross-compilation). So let's do a very superficial
check in meson, and a proper on in test-util.
2020-05-07 17:35:26 +02:00
Lennart Poettering
a3451c2c4c tmpfiles: optionally, read /etc/passwd + /etc/group without NSS
There are two libc APIs for accessing the user database: NSS/getpwuid(),
and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's
use the latter. Otherwise the former. This means tmpfiles can use the
database included in the root environment for chowning, which is a lot
more appropriate.

Fixes: #14806
2020-05-07 16:35:20 +02:00
Zbigniew Jędrzejewski-Szmek
dd1e33c8dc meson: drop "meson-" prefix from various helper script filenames
In a few cases, the prefix was originally necessary because a different helper
script was used for automake, and a different one for meson. But now we use
meson exclusively, and the prefix isn't useful. This also synchronizes the
target name, file name, and variable name in meson.build. The targets exposed
by meson didn't have the prefix, so the user interface is unchanged.

(The prefix is retained in the few tools that are used for meson itself,
e.g. meosn-vcs-tag.sh, meson-make-symlink.sh, etc.)
2020-05-07 13:57:48 +02:00
Benjamin Robin
0454681395 meson: Do not drop warnings (unused variable) when NDEBUG is defined
This is no longer needed, since there is now no warning with NDEBUG
defined
2020-05-06 23:03:25 +02:00
Zbigniew Jędrzejewski-Szmek
ba5a389d24 Merge pull request #15473 from keszybz/bus-introspection 2020-05-06 15:00:07 +02:00
Evgeny Vereshchagin
7f3a5eb70e build-system: bring back 'nonnull'
Having taken a look at https://github.com/systemd/systemd/runs/645252074?check_suite_focus=true
where fuzz-journal-remote failed with
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==16==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f864f98948e bp 0x7ffde5c6b7c0 sp 0x7ffde5c6b560 T0)
==16==The signal is caused by a READ memory access.
==16==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x7f864f98948e in output_short /work/build/../../src/systemd/src/shared/logs-show.c
    #1 0x7f864f984624 in show_journal_entry /work/build/../../src/systemd/src/shared/logs-show.c:1154:15
    #2 0x7f864f984b63 in show_journal /work/build/../../src/systemd/src/shared/logs-show.c:1239:21
    #3 0x4cabab in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:67:21
    #4 0x51fd16 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #5 0x51c330 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
    #6 0x523700 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:765:7
    #7 0x5246cd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:792:3
    #8 0x4de3d1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6
    #9 0x4cfb47 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #10 0x7f864e69782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x41f2a8 in _start (out/fuzz-journal-remote+0x41f2a8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /work/build/../../src/systemd/src/shared/logs-show.c in output_short
==16==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x44,0x3d,0xa,0x5f,0x5f,0x52,0x45,0x41,0x4c,0x54,0x49,0x4d,0x45,0x5f,0x54,0x49,0x4d,0x45,0x53,0x54,0x41,0x4d,0x50,0x3d,0x31,0xa,0xa,
D=\x0a__REALTIME_TIMESTAMP=1\x0a\x0a
artifact_prefix='./'; Test unit written to ./crash-d635b9dd31cceff3c912fd45e1a58d7e90f0ad73
Base64: RD0KX19SRUFMVElNRV9USU1FU1RBTVA9MQoK
```
I was wondering why it hadn't been caught by the compiler even though clang should have failed to compile it with
```
../src/shared/logs-show.c:624:25: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
                        print_multiline(f, 4 + fieldlen + 1, 0, OUTPUT_FULL_WIDTH, 0, false,
                        ^
../src/shared/logs-show.c:161:24: note: callee declares array parameter as static here
                size_t highlight[static 2]) {
                       ^        ~~~~~~~~~~
../src/shared/logs-show.c:1239:21: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
                r = show_journal_entry(f, j, mode, n_columns, flags, NULL, NULL, ellipsized);
                    ^                                                      ~~~~
../src/shared/logs-show.c:1133:30: note: callee declares array parameter as static here
                const size_t highlight[static 2],
                             ^        ~~~~~~~~~~
2 warnings generated.
```

Given that judging by https://github.com/systemd/systemd/issues/13039 it doesn't seem to be
the first time issues like that have been missed I think it would be better to turn nonnull on
and get around false positives on a case-by-case basis with DISABLE_WARNING_NONNULL .. REENABLE_WARNING

Reopens https://github.com/systemd/systemd/issues/6119
2020-05-06 09:50:57 +02:00
Zbigniew Jędrzejewski-Szmek
81e06775be meson: add man/update-dbus-docs target 2020-05-05 22:41:23 +02:00
Norbert Lange
ef5924aa31 coredump: add zstandard support for coredumps
this will hook libzstd into coredump,
using this format as default.
2020-05-04 10:59:43 +02:00
Zbigniew Jędrzejewski-Szmek
460e5af05d meson: test userdbctl and homectl --help 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
6164ec4c93 meson: modernize indentation
By using a newline after executable( and run_target(, we get less
indentation and the indentation level does not change when the returned
object is saved to a variable.
2020-04-28 09:53:51 +02:00
Jakov Smolic
f30bf4d937
Include new configure options in features list
Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2020-04-16 10:40:31 +02:00
Jakov Smolic
dd0f79523f
Add new meson configure option for controlling systemd-analyze support
Enables building systemd without systemd-analyze, which in
return saves approx. 4 MB of space upon installing systemd.

Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2020-04-15 17:53:43 +02:00
Zbigniew Jędrzejewski-Szmek
3614df0575 meson,resolved: make default LLMNR= and MulticastDNS= values configurable
For https://fedoraproject.org/wiki/Changes/systemd-resolved.
2020-04-15 14:37:21 +02:00
Frantisek Sumsal
15529f5cea
Merge pull request #14338 from keszybz/functional-test-rework
Functional test rework
2020-03-30 16:25:12 +02:00
Evgeny Vereshchagin
6b8d32ea7b ci: turn off FuzzBuzz
I don't think anyone uses it.
2020-03-30 14:57:22 +02:00
Zbigniew Jędrzejewski-Szmek
e2d612a8e4 meson: use find_program() for add-git-hook.sh
On azure systemd.systemd ci, the build would fail with:
meson.build:53:0: ERROR: Program or command '/home/appuser/fuzzer/tools/add-git-hook.sh' not found or not executable

We use find_program() for all helpers, so let's do it for this one too.
This should solve the issue, whatever it exactly is.
2020-03-28 12:37:28 +01:00
Zbigniew Jędrzejewski-Szmek
e29e4d5742 test: convert TEST-45 to a normal meson test
On my laptop, it now takes 0.23 s. We don't need the overhead of creating
an image and spawning a machine to mangle a file in /tmp.
2020-03-28 11:50:38 +01:00
Zbigniew Jędrzejewski-Szmek
fbaa11372b test: convert TEST-35-NETWORK-GENERATOR into a unit test 2020-03-28 11:46:48 +01:00
Zbigniew Jędrzejewski-Szmek
96d33e4ac0 Rename _PATH variables to _DIR when they refer to a directory
We were very inconsistent in this, but in general _PATH signifies
a search path (separated with :), and _DIR signifies a single directory.
2020-03-27 20:12:45 +01:00
Zbigniew Jędrzejewski-Szmek
b6261be84d meson: report -Dinstall-tests in summary 2020-03-22 10:22:42 +01:00
Florian Klink
f14266c843 meson.build: drop unused SYSTEMD_SLEEP_BINARY_PATH
seems usage was dropped in ddcbc87378.
2020-03-09 14:52:30 +01:00
Robert Scheck
fd74a13e85 timesync, meson: allow statically linked build
Build option "link-timesyncd-shared" to build a statically linked
systemd-timesyncd by using

  -Dlink-udev-shared=false -Dlink-timesyncd-shared=false

on systems with full systemd stack except systemd-timesyncd, such
as RHEL/CentOS 8.
2020-03-04 10:46:10 +01:00
Zbigniew Jędrzejewski-Szmek
6ffeca8c8f meson: explain GIT_VERSION and PROJECT_VERSION
Fixes #11415.
2020-02-28 16:54:33 +01:00
Zbigniew Jędrzejewski-Szmek
384db814ee meson: bump version numbers for v245 2020-02-05 10:20:56 +01:00
Zbigniew Jędrzejewski-Szmek
ce4121c6ff meson: update efi path detection to gnu-efi-3.0.11
Fixes systemd build in Fedora rawhide.

The old ldsdir option is not useful, because both the directory and the
file name changed. Let's remove the option and try to autodetect the file
name. If this turns out to be not enough, a new option to simply specify
the full path to the file can be added.

F31:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib64/gnuefi/elf_x64_efi.lds
         EFI crt0:                          /usr/lib64/gnuefi/crt0-efi-x64.o
         EFI include directory:             /usr/include/efi
F32:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib/gnuefi/x64/efi.lds
         EFI crt0:                          /usr/lib/gnuefi/x64/crt0.o
         EFI include directory:             /usr/include/efi
2020-02-04 23:43:21 +09:00
Yu Watanabe
60d0a5098b util: uid_t, gid_t, and pid_t must be 32bit
We already have assert_cc(sizeof(uid_t) == sizeof(uint32_t)) or friends
at various places.
2020-02-02 17:13:08 +01:00
Yu Watanabe
c757517d98 meson: fix feature list 2020-02-02 17:09:28 +01:00
Yu Watanabe
af06ddf51a meson, man: do not install pam_systemd_home(8) when pam or homed is disabled
Fixes #14725.
2020-02-01 12:13:45 +01:00
Lennart Poettering
26cf9fb7f8 home: add pam_systemd_home.so PAM hookup
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:41 +01:00
Lennart Poettering
4aa0a8ac3e home: add homectl client tool 2020-01-28 22:36:30 +01:00
Lennart Poettering
70a5db5822 home: add new systemd-homed service that can manage LUKS homes
Fixes more or less: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:07 +01:00
Lennart Poettering
e594a3b154 repart: add new systemd-repart tool
Fixes: #14052
2020-01-20 17:42:03 +01:00
Zbigniew Jędrzejewski-Szmek
cdc6804b60 units: drop full paths for utilities in $PATH
This makes things a bit simpler and the build a bit faster, because we don't
have to rewrite files to do the trivial substitution. @rootbindir@ is always in
our internal $PATH that we use for non-absolute paths, so there should be no
functional change.
2020-01-20 16:50:16 +01:00
Lennart Poettering
1684c56f40 nss: hook up nss-systemd with userdb varlink bits
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.

(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).

Fixes: #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering
1604937f83 userdbd: add userdbctl tool as client for userdbd 2020-01-15 15:28:42 +01:00
Lennart Poettering
d093b62c94 userdbd: add new service that can merge userdb queries from multiple clients 2020-01-15 15:28:17 +01:00
Zbigniew Jędrzejewski-Szmek
5425f8a57c Revert "docs: rename HACKING → Hacking"
This reverts commit 8c5cd27dd1.
2020-01-15 13:45:04 +01:00
Zbigniew Jędrzejewski-Szmek
8c5cd27dd1 docs: rename HACKING → Hacking
Let's see if this works at all.
2020-01-15 12:38:12 +01:00
Robert Scheck
5ac8b50d58 network, meson: allow statically linked build
Build option "link-networkd-shared" to build a statically linked
systemd-networkd by using

  -Dlink-udev-shared=false -Dlink-networkd-shared=false

on systems with full systemd stack except systemd-networkd, such
as RHEL/CentOS 8.
2020-01-08 09:50:32 +01:00
Lennart Poettering
086697094e cryptsetup: add native pkcs#11 support to cryptsetup
This adds a new crypttab option for volumes "pkcs11-uri=" which takes a
PKCS#11 URI. When used the key stored in the line's key file is
decrypted with the private key the PKCS#11 URI indiciates.

This means any smartcard that can store private RSA keys is usable for
unlocking LUKS devices.
2019-12-09 19:25:25 +01:00
Lennart Poettering
839fddbe50 shared: add pkcs11-util.[ch] 2019-12-09 19:25:25 +01:00
Lennart Poettering
5ead4e85f6 missing: add rt_sigqueueinfo() syscall definition
This is not a new system call at all (since kernel 2.2), however it's
not exposed in glibc (a wrapper is exposed however in sigqueue(), but it
substantially simplifies the system call). Since we want a nice fallback
for sending signals on non-pidfd systems for pidfd_send_signal() let's
wrap rt_sigqueueinfo() since it takes the same siginfo_t parameter.
2019-12-04 10:34:03 +01:00
Lennart Poettering
5f152f43d0 missing: define new pidfd syscalls 2019-12-04 10:33:41 +01:00
Zbigniew Jędrzejewski-Szmek
78af8a798a meson: bump version numbers for v244 2019-11-22 14:41:10 +01:00
Zbigniew Jędrzejewski-Szmek
62d3999518 meson: add target to update the chromiumos rules
There is no change in the file right now, but the download seems to work
OK.

It's funny that the biggest company in the world cannot provide a
download link in plain text.
2019-11-15 11:36:59 +01:00
Zbigniew Jędrzejewski-Szmek
67f5b9e06e
Merge pull request #14003 from keszybz/user-path-configurable
meson: make user $PATH configurable
2019-11-14 10:08:40 +01:00
Zbigniew Jędrzejewski-Szmek
5bc655cd20 meson: avoid ternary op in .format()
meson 0.49 can't parse that for some reason. I'm keeping this separate so it
can be reverted easily when we bump required meson version.
2019-11-13 22:34:33 +01:00
Zbigniew Jędrzejewski-Szmek
3602ca6f0c meson: make user $PATH configurable
This partially reverts db11487d10 (the logic to
calculate the correct value is removed, we always use the same setting as for
the system manager). Distributions have an easy mechanism to override this if
they wish.

I think making this configurable is better, because different distros clearly
want different defaults here, and making this configurable is nice and clean.
If we don't make it configurable, distros which either have to carry patches,
or what would be worse, rely on some other configuration mechanism, like
/etc/profile. Those other solutions do not apply everywhere (they usually
require the shell to be used at some point), so it is better if we provide
a nice way to override the default.

Fixes  #13469.
2019-11-13 22:34:14 +01:00
Zbigniew Jędrzejewski-Szmek
e9f4f5667d meson: apply our -Wno-* options also in c++ calls
We compile some c++ code for tests. We would simply use the default options for
those. When the previous commit raised the default warning level, we started
getting warnings from c++ code. Let's add the most important options to the c++
command, so that we get a compilation without any warnings again.

I don't think it makes sense to add *all* the options that we add for c to the
c++ flags, because testing them takes quite a while, and the c++ compilations
are for small amounts of code, mostly to check that the headers have compatible
syntax.
2019-11-12 09:23:31 +01:00