IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is also not entirely obvious. I think the code I came
up with is pretty elegant ;] The final part of of the code that makes
use of the parsed data is kept very similar to the shell code on purpose,
even though it could be written a bit more idiomatically.
Let's order the fields from the most general to least: os name, os variant, os
version, machine-parseable version details, metadata, special settings. I added
section headers to roughly group the settings. The division is not strict,
because for example CPE_NAME also includes the version, and PRETTY_NAME may
too, but it still makes it easier to find the right name.
Also split out Examples to separate paragraphs:
almost all descriptions had "Example:" at the end, where multiple
examples were listed. Splitting this out to separate paragraphs
makes the whole thing much easier to read.
Add missing markup and punctuation while at it.
About
- If not set, defaults to <literal>NAME=Linux</literal>.
+ If not set, a default of <literal>NAME=Linux</literal> may be used.
and similar changes: in many circumstances, if this is not set, no value should
be used. The fallback mostly make sense when we need to present something to the
user. So let's reword this to not imply that the default is necessary.
This ensures that the fuzz test code is also built by default.
It also increases the test coverage a bit. Compiling the tests
*with* sanitizers is painfully slow, so this is not enabled. But
just compiling them sauté is hardly noticable. Running the tests
increases the test count and runtime:
622 tests, 26 s
to
922 tests, 35 s
I think this is acceptable.
Hardcoding major numbers sucks. And we generally don't do it, except
when determining whether something is a PTY. Thing though is that we
don't actually need to do that here either, hence don#t.
This new option does three things for a host user specified via
--bind-user=:
1. Bind mount the home directory from the host directory into
/run/host/home/<username>
2. Install an additional user namepace UID/GID mapping mapping the host
UID/GID of the host user to an unused one from the container in the range
60514…60577.
3. Synthesize a user/group record for the user/group under the same name
as on the host, with minimized information, and the UID/GID set to
the mapped UID/GID. This data is written to /run/host/userdb/ where
nss-system will pick it up.
This should make sharing users and home directories from host into the
container pretty seamless, under some conditions:
1. User namespacing must be used.
2. The host UID/GID of the user/group cannot be in the range assigned to
the container (kernel already refuses this, as this would mean two
host UIDs/GIDs might end up being mapped to the same continer
UID/GID.
3. There's a free UID/GID in the aforementioned range in the container,
and the name of the user/group is not used in the container.
4. Container payload is new enough to include an nss-systemd version
that picks up records from /run/host/userdb/
We recently started making more use of malloc_usable_size() and rely on
it (see the string_erase() story). Given that we don't really support
sytems where malloc_usable_size() cannot be trusted beyond statistics
anyway, let's go fully in and rework GREEDY_REALLOC() on top of it:
instead of passing around and maintaining the currenly allocated size
everywhere, let's just derive it automatically from
malloc_usable_size().
I am mostly after this for the simplicity this brings. It also brings
minor efficiency improvements I guess, but things become so much nicer
to look at if we can avoid these allocation size variables everywhere.
Note that the malloc_usable_size() man page says relying on it wasn't
"good programming practice", but I think it does this for reasons that
don't apply here: the greedy realloc logic specifically doesn't rely on
the returned extra size, beyond the fact that it is equal or larger than
what was requested.
(This commit was supposed to be a quick patch btw, but apparently we use
the greedy realloc stuff quite a bit across the codebase, so this ends
up touching *a*lot* of code.)
This is a wrapper around malloc_usable_size() but is typesafe, and
divides by the element size.
A test it is also added ensuring what it does it does correcly.
It's a wrapper around malloc_usable_size() that is supposed to be
compatible with _FORTIFY_SOURCES=1, by taking the
__builtin_object_size() data into account, the same way as the
_FORTIFY_SOURCES=1 logic does.
Fixes: #19203
m4 is required to build the test SELinux module:
```
[ 31.321789] sh[483]: /bin/sh: line 1: m4: command not found
[ 31.882668] sh[488]: Compiling targeted systemd_test module
[ 32.120862] sh[492]: /bin/sh: line 1: m4: command not found
[ 32.159897] sh[458]: make: *** [/usr/share/selinux/devel/include/Makefile:156: tmp/systemd_test.mod] Error 127
```
... and /usr/bin/ path for a library package which provides an executable we
care about (libxslt).
This way the mkosi dependency list corresponds directly to the names which are
used in the dependency() and find_program() lines in meson.build. It also makes
the thing more resilient to package splits and renames.
