1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

53751 Commits

Author SHA1 Message Date
Frantisek Sumsal
1c71302f70 ci: use the system llvm-11 package on Focal
ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
provided by the apt.llvm.org repositories. Let's use the system
llvm package if available in such cases to avoid that.
2021-10-12 08:17:56 +02:00
Lennart Poettering
de3ef2524e
Merge pull request #20968 from poettering/homed-pin
homed: pin+lock homes while logged in + keep trying to unmount on logging out + optionally drop caches on logging out
2021-10-11 23:11:03 +02:00
Lennart Poettering
5c791053e3
Merge pull request #20776 from medhefgo/boot-timeout
sd-boot: Allow disabling timeout
2021-10-11 23:05:37 +02:00
Yu Watanabe
16614bebd8 test: shorten code a bit 2021-10-12 03:31:54 +09:00
Yu Watanabe
165a654e29 network: radv: extends lifetime for DNS servers or domains propagated from uplink
Previously, the lifetime was 30 minutes. But it is not necessary to set
to such short time compared with prefix or route prefix lifetime.
Note that the propagated DNS servers and domains are all 'static',
that is, configured in a .network file, and not provided dynamically.
So, it should be safe to use longer lifetime.
2021-10-12 03:10:30 +09:00
Yu Watanabe
9fa25e0791 network: radv: set non-zero lifetime for DNS servers and domains by default
Closes #20850.
2021-10-12 03:10:30 +09:00
Yu Watanabe
2110040b2d network: radv: verify [IPv6Prefix] and [IPv6RoutePrefix] sections 2021-10-12 03:10:30 +09:00
Yu Watanabe
cf72568ae4 network: radv: mask unnecessary part of specified addresses 2021-10-12 03:10:30 +09:00
Yu Watanabe
2ac4167900 network: radv: make conf parsers not set values into sd_radv_prefix/sd_radv_route_prefix
Preparation for later commits.
2021-10-12 03:10:30 +09:00
Yu Watanabe
7ebb14313f sd-radv: rename sd_radv_prefix_set_route_prefix() -> sd_radv_route_prefix_set_prefix() 2021-10-12 03:10:30 +09:00
Yu Watanabe
e660d66e1c test: add more node enumerator tests 2021-10-12 03:05:24 +09:00
Yu Watanabe
f533135c6c
Merge pull request #20981 from poettering/glibc-less-internal
various clean-ups: use less glibc internal symbols, modernize some other stuff
2021-10-12 02:10:49 +09:00
Yu Watanabe
10285219ea
Merge pull request #20965 from poettering/getdents
recurse-dir: use getdents64()
2021-10-12 02:03:12 +09:00
Lennart Poettering
40258ae061
Merge pull request #20970 from poettering/token-timeout
cryptsetup: add a timeout for waiting for FIDO2/PKCS#11/TPM2 devices
2021-10-11 16:28:58 +02:00
Lennart Poettering
c4fb47365c update TODO 2021-10-11 16:00:34 +02:00
Lennart Poettering
2700fecdb3 homed: allow overriding the root directory for home dirs via env var (i.e. use a different path than /home/)
This is a debugging feature. It's sometimes incredibly useful to be able
to run a second instance of homed that operates on another dir than
/home/.

Specifically, if you build homed from the source tree you can now run an
instance of it pretty reasonably directly from the build tree via:

  sudo SYSTEMD_HOME_DEBUG_SUFFIX=foo SYSTEMD_HOMEWORK_PATH=$(pwd)/build/systemd-homework SYSTEMD_HOME_ROOT=/home/foo ./build/systemd-homed

And then talk to it via

  sudo SYSTEMD_HOME_DEBUG_SUFFIX=foo homectl …

(you might need to tweak your dbus policy for this to work fully though)
2021-10-11 16:00:34 +02:00
Lennart Poettering
86019efa44 homed: optionally, drop caches on logout
Fixes: #20857
2021-10-11 16:00:34 +02:00
Lennart Poettering
2aaf565a2d homed: take BSD file lock on LUKS file while activated
Fixes: #19758
2021-10-11 16:00:34 +02:00
Lennart Poettering
23cff6d4fe homed: retry deactivation every 15s until successful
Fixes: #17445
2021-10-11 16:00:34 +02:00
Lennart Poettering
0c71e3ef24 homed: keep "pinning" fd open while home dir active
The pin fd keeps the mount busy, ensuring that unmount requests need to
go through us.

Note that this doesn't change too much IRL, since a logged in user
generally has processes keeping the home dir busy anyway. However, in
some corner cases it is safer to protect from accidental unmounts this
way. (e.g. if user manually called "homectl activate" first).
2021-10-11 16:00:34 +02:00
Lennart Poettering
bdfe7ada0d rm-rf: optionally fsync() after removing directory tree 2021-10-11 16:00:34 +02:00
Lennart Poettering
678ca2133c varlink: make one more parameter const 2021-10-11 15:37:59 +02:00
Lennart Poettering
a995ce4768 util: define initializer for 'struct ucred' that properly invalidates all fields
i.e. let's make sure to invalid uid/gid to UID_INVAID + GID_INVALID
instead of zero.
2021-10-11 15:37:37 +02:00
Bogdan Seniuc
599be274c1 virt: Fix Xen PV detection when nested inside another hypervisor
Currently, when Xen PV domains are nested within a hypervisor which is
detected through CPUID (such as VMware), the detected hypervisor might
not be Xen, because we don't check for Xen until after the CPUID check.

This change moves the Xen check before CPUID checks to fix the issue,
and moves Dom0 checking to detect_vm_xen so that we keep ignoring Xen
when we are in Dom0.
2021-10-11 15:10:46 +02:00
Luca Boccassi
87bd39508b LICENSES/README.md: fix typo 2021-10-11 14:06:51 +01:00
Max Resch
a6089431d5 sd-stub: Provide initrd with LINUX_EFI_INITRD_MEDIA_GUID
Register a LINUX_EFI_INITRD_MEDIA_GUID DevicePath with a LoadFile2Protocol interface and serve the initrd to a supported Linux kernel (Version 5.8+)
Leave the x86 code for older kernels in place until supported kernels become more mainstream
2021-10-11 14:40:49 +02:00
Lennart Poettering
d8f1673700 sort-util: avoid using glibc's internal __compar_d_fn_t type 2021-10-11 14:33:02 +02:00
Lennart Poettering
6393b847f4 recuse-dir: rework to use getdents64() instead of readdir()
Let's use the underlying Linux API directly, instead of
opendir()/readdir(). This makes it possible for us to do a single memory
allocation for all directory entries in common cases, instead of one for
each entry.
2021-10-11 14:31:34 +02:00
Lennart Poettering
25d7a71774 test-recurse-dir: output some simple timing info, comparing recurse_dir() and nftw() 2021-10-11 14:31:34 +02:00
Lennart Poettering
aab35b1e59 missing: add getdents64() syscall wrapper
glibc 2.30 (Aug 2019) added a wrapper for getdents64(). For older
versions let's define our own.

(This syscall exists since Linux 2.4, hence should be safe to use for
us)
2021-10-11 14:31:34 +02:00
Lennart Poettering
11c8b1f103 localed: use PROJECT_FILE rather than __FILE__ for logging
All our log.h code uses PROJECT_FILE for this, let's hence use it here
too.
2021-10-11 14:10:48 +02:00
Lennart Poettering
95fe7b28d3 ethtool-util: let's use userspace types in userspace code
Using kernel types __u32 is fine for headers shared by the kernel, but
if we define something in userspace and only use it in userspace, in our
own .c files, let's stick to userspace fixed-length types.
2021-10-11 14:10:44 +02:00
Lennart Poettering
7fbae5b706 tree-wide: use C99 __func__ rather than obsolete __FUNCTION__
We use __func__ almost everywhere, but there are some holdouts. Fix
that.
2021-10-11 14:10:39 +02:00
Lennart Poettering
fe92eb795b network: use official bswap_32() rather than inofficial __bswap_32()
The former is a macro for the latter, but let's use the official API
(the one that has an API).
2021-10-11 14:10:07 +02:00
Lennart Poettering
899c1c0a34 macro: also use trailing __ for alignof use in attributes
While the underscore is optional, the docs say we should suffix and we
do that everywher else. Do so here too.
2021-10-11 14:09:33 +02:00
Lennart Poettering
2ccd598635 stub: also move magic string in stub into .sdmagic PE section
We already did that for sd-boot, hence do it for sd-stub the same way.

Also, move the __attribute__ stuff to the beginning of the statement,
rather than the middle. Mostly just because we usually put it first for
implementations for identifiers (for prototypes we put it last).
2021-10-11 14:09:28 +02:00
Lennart Poettering
f0c4f94453 sort-util: use comparison_fn_t instead of __compar_fn_t
Let's avoid using the internal type of glibc, and rather use the one
they officially export.

https://www.gnu.org/software/libc/manual/html_node/Comparison-Functions.html
2021-10-11 14:09:18 +02:00
Lennart Poettering
f8cc16fd53 signal-util: don't introduce symbols with double underscores
ANSI C reserves identifiers beginning with an underscore for compiler
internal stuff. We already invade that namespace plenty and probably
should not. But even going for the doubly underscore prefixed namespace
is a bit too much. Let's just rename the offending table as
"static_signal_table[]", since it lists the static defined signals
rather than the "dynamic" RTSIGMIN/RTSIGMAX signals.
2021-10-11 14:08:58 +02:00
Lennart Poettering
b1967fb83a
Merge pull request #20979 from poettering/ac-power-tweak
tweaks to ac_power()
2021-10-11 14:04:51 +02:00
Lennart Poettering
c19a51bec4 util: invert ac_power() source type check
So far we assumed every power source was a battery except for the ones
which definitely are not. I think this logic makes little sense, as
"battery" is kinda the exceptional case here, not the other way round.
Hence let's invert the type check, and denylist "Battery" devices rather
than allowlist "Mains" devices.

This should increase compatibility with alternative types of power
sources, in particular USB ones.

This takes into account that additional power types have been added
since we wrote the original code, and in particular should cover the
siutation discussed here OK:

https://sources.debian.org/src/powermgmt-base/1.36/power_supply.txt/#L31
https://sources.debian.org/src/powermgmt-base/1.36/on_ac_power/#L25

Also, modernizes the code in various was ways.

Inspired by and fixes: #20964
2021-10-11 11:31:52 +02:00
Lennart Poettering
ccd25f41f5 docs: document $SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE 2021-10-11 11:15:08 +02:00
Lennart Poettering
2c7ec8203e man: document new token-timeout= setting 2021-10-11 11:12:29 +02:00
Lennart Poettering
a2236110c3 cryptsetup: minor modernizations 2021-10-11 11:12:29 +02:00
Lennart Poettering
5cbe70af02 cryptsetup: add a configurable token waiting timeout
Let's add  configurable timeout how long to wait for FIDO2/PKCS#11
devices to show up. Once the timeout is hit, let's automatically revert
to querying via passphrase.

Fixes: #19739
2021-10-11 11:12:29 +02:00
Lennart Poettering
40091021c3 cryptsetup: before querying user for a PIN, check if a FIDO2 device is actually plugged in
Before we'd already ask for a PIN just because we know we'll need it
when the token is plugged in. We'd only the try to talk to the device
and notice it actually isn't plugged in. This is quite confusing, as
querying for the PIN suggests we already had a device we are talking to.

Let's hence check if there's actually device before we ask the PIN
question. And if there is none, let's immediately inform the caller, so
that they watch udev and retry once a device has shown up.
2021-10-11 11:12:29 +02:00
Lennart Poettering
4f0cfa7741 libfido2-util: add helper that checks whether a FIDO2 device is plugged in 2021-10-11 11:12:29 +02:00
Lennart Poettering
64c590fb06 cryptsetup: optionally turn off token module support in libcryptsetup
This is useful for debugging purposes.
2021-10-11 11:12:29 +02:00
Lennart Poettering
92828080fb cryptsetup: don't repeat exact same code twice
let's move turning off of the cache bit into the for loop, so that we
can eliminate a copy of the loop body.
2021-10-11 11:12:29 +02:00
Lennart Poettering
6bfd44ee04 fileio: add read_virtual_file_at() flavour that takes dir_fd/path pair 2021-10-11 10:58:50 +02:00
Zbigniew Jędrzejewski-Szmek
54ccd706ba
Merge pull request #20744 from yuwata/udev-netlink
udev: use netlink more aggressively

I'm pasting the comment from https://github.com/systemd/systemd/pull/20744#issuecomment-934485287
which is quite informative. The code wasn't changed significantly since then:

atenart commented 6 days ago:
> I ran tests without (93caec7) and with this PR (06735f2) on Fedora, having a few udev rules
> using attributes eligible to be cached and creating 50 veth on 4 CPUs. Although the time spent
> running the test is variable between runs, I generally saw an improvement when using this PR, e.g:
>
> 249-910-g93caec7:
> real	0m3.691s
> user	0m0.022s
> sys	0m1.338s
> 
> 249-920-g06735f2:
> real	0m2.950s
> user	0m0.005s
> sys	0m0.399s
> 
> On a different system than the one used above, I even saw a 40% improvement; results depend
> on many parameters (distro, udev rules, concurrent daemons accessing sysfs, etc.).
> 
> Because it's quite hard to measure the improvement here (as the kernel behave differently between
> the two test cases), I also ran tests using a modified kernel not hitting the trylock logic. There was
> an improvement with this PR as well. (Take this with a grain of salt though, as the kernel was
> modified not using patches approved upstream).
2021-10-11 09:40:43 +02:00