1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-25 06:03:40 +03:00

58144 Commits

Author SHA1 Message Date
Avram Lubkin
9f2f391153 sysusers: add fsync for passwd (#24324)
https://github.com/systemd/systemd/pull/6636 added `fsync()` when
temporary shadow, group, and gshadow files are created, but it was
not added for passwd. As far as I can tell, this seems to have been
an oversight. I'm seeing real world issues where a blank /etc/passwd
file is being created if a machine loses power early in the boot process.

(cherry picked from commit 19193b489841a7bcccda7122ac0849cf6efe59fd)
2022-10-01 19:05:53 +02:00
Yu Watanabe
c966377c51 dhcp6: do not append ORO option when no option requested
Fixes #24292.

(cherry picked from commit 4c275f362fa11888682dfbf6ec7c8cfd6127597f)
2022-10-01 19:05:53 +02:00
Yu Watanabe
97474b03e7 dhcp6: gracefully handle NoBinding error
When we receive NoBinding status code, the requesting binding (address or
any other information) does not exist anymore in the server. Hence,
resending the request is meaningless. Let's restart the transaction from
the beginning in that case.

(cherry picked from commit 1929c1fcb2f305206c01a6fc79cd038d6d9615f5)
2022-10-01 19:05:53 +02:00
Yu Watanabe
c67a388aef udev/cdrom_id: check last track info
Fixes off-by-one issue.

Fixes #24306.

(cherry picked from commit 628998ecfa0d39b38874e1aecdb28022f80f3269)
2022-10-01 19:05:53 +02:00
bin456789
52c631b02e firstboot: fix can't overwrite timezone
(cherry picked from commit e56dc320d39ade1795118ebe400308a80511e9c9)
2022-10-01 19:05:53 +02:00
Lennart Poettering
f279a6f4d1 cryptenroll: fix memory leak
(cherry picked from commit 7e196e9aac41da206792d96a16b712dd300b0e82)
2022-10-01 19:05:53 +02:00
Yu Watanabe
66b060225d sd-device-enumerator: drop noisy log messages
These are not for failed tasks, and provide almost no information.

(cherry picked from commit 0186571c9f8ab34f003cf4eadfb70b4d60b52de3)
2022-10-01 19:05:53 +02:00
Yu Watanabe
6e1acfe818 sd-device-monitor: actually refuse to send invalid devices
Fixes an issue introduced by 9e79123884a36ce095b98d1c0fe247dddf02dbec.

(cherry picked from commit 8bb4989906a1659b0f6adfa03dc7585e294a392b)
2022-10-01 19:05:53 +02:00
Yu Watanabe
81339c45e8 sd-device-monitor: fix inversed condition
Fixes an issue introduced by b3d06b9226db96fddb6bb45a4708e2e8d413d91d.

(cherry picked from commit 133d78966fe8b1469e593bd467d9055f7afa5858)
2022-10-01 19:05:53 +02:00
exploide
1760559918 resolvctl: only remove protocol after last dot when mangling ifname for resolvconf
ifname_resolvconf_mangle is supposed to remove protocol suffixes like .dhcp
from interface names. But this removed also valid parts of the ifname like
VLAN IDs, e.g. enp2s0u4.72.dhcp -> enp2s0u4 instead of enp2s0u4.72

After this change, everything behind the last dot is removed instead of the first.

(cherry picked from commit e8d0eb3915ac33cc0d3da87a836cee6e61645227)
2022-10-01 19:05:53 +02:00
Yu Watanabe
a3348ba748 oom: drop invalid %m in the log message
Fixes https://github.com/systemd/systemd/issues/23785#issuecomment-1210030100.

(cherry picked from commit b6f6df4cb07ebf736f0f4b60a845049306088797)
2022-10-01 19:05:52 +02:00
Jan Janssen
b3dd66f32b meson: Test correct efi linker for supported args
Fixes: #24241
(cherry picked from commit 6a941db798e3c5d896f6732afb4e6e482d708900)
Closes https://github.com/systemd/systemd-stable/issues/216
2022-10-01 19:05:41 +02:00
Luca BRUNO
f9d936b865 sysusers: properly process user entries with an explicit GID
This tweaks user creation logic to properly take into consideration
an explicitly requested GID.
It fixes a bug where the creation flow would mistakenly fall back
to use the username instead, resulting in wrong lookups in case of
users and groups using the same name.

(cherry picked from commit 5ed47c4d230b9491339c16c6ea4181dfd293bc98)
2022-09-30 17:58:10 +02:00
Luca BRUNO
ec5a46ca34 sysusers: only check whether the requested GID is available
This relaxes the availability check when creating a group, if an
explicit GID has been requested.
It avoids mixing up users and groups entries with valid and unique
UIDs/GIDs, but each having the same ID number.

(cherry picked from commit 6b6e45eb7386bb4399746b70f6f606caea450fed)
2022-09-30 17:58:05 +02:00
Yu Watanabe
037b1a8acc dhcp: fix potential buffer overflow
Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315.

This also renames several macros for DHCP packet size.

(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b)
2022-09-30 17:54:29 +02:00
Yu Watanabe
ed2955f8fe udev-util: assume system is running on AC power when no battery found
Fixes #24214.

(cherry picked from commit 96788d2aa4f4b0b49874b4a240ce47d9e8485d1b)
2022-09-30 17:53:07 +02:00
João Loureiro
37b54927d3 Fix issue with system time set back (#24131)
Fixes #6036

(cherry picked from commit 5ded3917a161d87984d74d70b5eb2a254e54b44e)
2022-09-30 17:46:54 +02:00
undef
4fdca1ab9e shared/generator: Ensure growfs unit runs after repart
When deploying an image using systemd-repart and systemd-growfs one
should have the image expanded entirely and ready to use after the first
boot. This ensures that growfs does not occur before repart, thus
requiring a second boot.

(cherry picked from commit 7b45d6b6f64e9f5c006bdf31559a77294dbe00ad)
2022-09-30 17:46:35 +02:00
Jonathan Lebon
32f9d70f8b manager: optionally, do a full preset on first boot
A compile time option is added to select behaviour: by default
UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to
UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to
opt-in can use the config option to change the behaviour.

(The option is just a boolean: it would be possible to make it multi-valued,
and allow full, enable-only, disable-only, none. But so far nobody has asked
for this, and it's better not to complicate things needlessly.)

With the configuration option flipped, instead of only doing enablements,
perform a full preset on first boot. The reason is that although
`/etc/machine-id` might be missing, there may be other files provisioned in
`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of
those possible files include enablement symlinks even if presets dictate it
should be disabled.

Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS,
where we ship `/etc` as if `preset-all` were called. However, we want to
allow users to disable default-enabled services via Ignition, which does
this by creating preset dropins before switchroot. (For why we do
`preset-all` at compose time, see:
https://github.com/coreos/fedora-coreos-config/pull/77).

For example, the composed FCOS image has a `enable zincati.service`
preset and an enablement for that in `/etc`, while at boot time when we
switch root, there may be a `disable zincati.service` preset with higher
precedence. In that case, we want systemd to disable the service.

This is essentially a revert of 304b3079a203. It seems like systemd
*used* to do this, but it was changed to try to make the container
workflow a bit faster.

Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392

Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
(cherry picked from commit 93651582aef1ee626dc6f8d032195acd73bc9372)
2022-08-09 13:02:00 +02:00
Yu Watanabe
2a674b4b66 sd-dhcp6-client: fix off-by-one error in parsing dhcp6 options
This fixes error in parsing message when the rapid commit option is
located at the end of the message.

Fixes an issure reported in #24002.

(cherry picked from commit 68870a46b3b5d3d5b51d1c27b4128b8fb5188ecb)
v251.4
2022-08-08 11:10:00 +02:00
Yu Watanabe
35610398d7 sd-dhcp6-client: allow NULL option value when length is zero
(cherry picked from commit d81b5a191e6f06fe51befe7c7fb20cff4ff4f762)
2022-08-08 11:09:43 +02:00
Yu Watanabe
7888aeb959 sd-dhcp6-client: add more debugging logs on parsing message
(cherry picked from commit 50309ff7857b0dfcec07172bdbfd183ca3f4ca88)
2022-08-08 11:09:36 +02:00
Yu Watanabe
f078fe1b99 network: do not set invalid MAC address for non-ethernet interface
(cherry picked from commit 3be64aa462642de9fbe9f95536f8d167c19994bb)
2022-08-08 11:09:29 +02:00
Yu Watanabe
cd0a30861f network: NDisc does not require MAC address
This effectively revert ba4c7184b320bb8698d470530d46a6c94641cc6e.

Fixes #23546.

(cherry picked from commit 56bb67180a18562b04cb66e07f7fa53d6014ecf8)
2022-08-08 11:09:22 +02:00
Yu Watanabe
9951ea07d5 network: dhcp4: disable DHCPv4 client on interfaces with non-supported types
Replaces f42d41cc5f9cd8cac538a1c30fda04d346b5bae2.

(cherry picked from commit 7e2f684e1fa391bd511b52bbbe4a3971cdc5ec33)
2022-08-08 11:09:14 +02:00
Yu Watanabe
b743c775f0 Revert "network: configure DHCP clients after MAC address is assigned"
This reverts commit f42d41cc5f9cd8cac538a1c30fda04d346b5bae2.

DHCPv6 client does not require MAC address.
DHCPv4 client will be handled in a different way in a later commit.

Partially fixes #23546.

(cherry picked from commit 8f4f6307313ccad0b068697bb054a105e5a50e92)
2022-08-08 11:09:08 +02:00
Jan Janssen
b0da0d6102 boot: Build with at least -O1 as workaround
Fixes: #24202
(cherry picked from commit 2fb11652381c199ad19bb469e530543366d99dd4)
2022-08-08 11:06:45 +02:00
Ludwig Nussel
6a9cf204a7 pull: fix PullFlags numbering
(cherry picked from commit 5243331fb8b77812177cf327f7d8c86c2e4ce323)
2022-08-08 11:01:40 +02:00
Luca Boccassi
a27b694453 integritysetup: do not use crypt_init_data_device after crypt_init
crypt_init_data_device() replaces the crypt_device struct with a
new allocation, losing the old one, which we get from crypt_init().
Use crypt_set_data_device() instead.

Enhance the test to cover this option too.

(cherry picked from commit 872f9da4d8b67b012f1b1b227416d0c99bcdf43c)
2022-08-08 10:59:36 +02:00
Daan De Meyer
3814bd0e71 man: Clarify that tools should prefer mount units over editing fstab
(cherry picked from commit 29e804dffd52496aaad2d0fc6a50d18a9940010d)
2022-08-08 10:59:25 +02:00
Lennart Poettering
6b58b06c7d man: fix docbook
(cherry picked from commit 1374f5a03aec469ad2f0ce56650f26da285d8660)
2022-08-08 10:59:24 +02:00
James Hilliard
cdd3f180b0 bpf: fix is_allow_list section
The llvm bpf compiler appears to place const volatile variables in
a non-standard section which creates an incompatibility with the gcc
bpf compiler.

To fix this force GCC to also use the rodata section.

Note this does emit an assembler warning:
Generating src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o with a custom command
/tmp/ccM2b7jP.s: Assembler messages:
/tmp/ccM2b7jP.s:87: Warning: setting incorrect section attributes for .rodata

See:
https://github.com/llvm/llvm-project/issues/56468

Fixes:
../src/core/restrict-ifaces.c:45:14: error: ‘struct
restrict_ifaces_bpf’ has no member named ‘rodata’; did you mean
‘data’?
   45 |         obj->rodata->is_allow_list = is_allow_list;
      |              ^~~~~~
      |              data

(cherry picked from commit e8b1e9cf1095f9d6d0f1e2dce2503e25fec2e6c5)
2022-08-08 10:58:29 +02:00
Loïc Collignon
45faf77d4d Fix 24172: __STDC_VERSION__ may be defined in C++
According to the C++ ISO standard, a conformant compiler is allowed to
define this macro to any value for any reason as it is implementation
defined: https://timsong-cpp.github.io/cppwp/cpp.predefined#2.3

This mean that it cannot be assumed that it is not defined in a C++.
Change the condition to reflect that.

(cherry picked from commit 00852912edc69e652f4932fa536da60528f08ed3)
2022-08-08 10:58:18 +02:00
Lennart Poettering
0cfe2d7e88 systemctl: clarify that "status" is about the most recent invocation of a service
And point people to "journalctl --unit=" for information of prior runs.

Inspired by: #24159

(cherry picked from commit 157cb4337b83359267050bff43c1ad39b0303f10)
2022-08-08 10:56:45 +02:00
Lennart Poettering
d3e84e4703 repart: when keeping ref to backing inode/devnode, use fd_reopen() rathern than F_DUPFD
Via the "backing_fd" variable we intend to pin the backing inode through
our entire code. So far we typically created the fd via F_DUPFD_CLOEXEC,
and thus any BSD lock taken one the original fd is shared with our
backing_fd reference. And if the origina fd is closed but our backing_fd
is not, we'll keep the BSD lock open, even if we then reopen the block
device through the backing_fd. If hit, this results in a deadlock.

Let's fix that by creating the backing_fd via fd_reopen(), so that the
locks are no longer shared, and if the original fd is closed all BSD
locks on it that are in effect are auto-released.

(Note the deadlock is only triggered if multiple operations on the same
backing inode are executed, i.e. factory reset, resize and applying of
partitions.)

Replaces: #24181
(cherry picked from commit 38f81e937426993cfc899aa09298f69f00935852)
2022-08-08 10:56:33 +02:00
Jacek Migacz
7384d152c8 resolved: fix single-label resolution over DNS
Fixes: #23494 (when ResolveUnicastSingleLabel=yes)
(cherry picked from commit ff0a5070d45f20df7744b1090892be797bf18365)
2022-08-08 10:55:56 +02:00
Cristian Rodríguez
695eb67322 gcrypt: switch to system rng before gcry_check_version (#24162)
Current docs claim this must be done before gcry_check_version.

(cherry picked from commit 91375fb9cf38aca397a6d50e3f22dfb7a4aa1b98)
2022-08-08 10:53:20 +02:00
Max Gautier
79de67e2df docs: Correct StandartOutput documentation
fix #2114

(cherry picked from commit e0a12b96344b1d7ee499df1d0447b14ced62c1b4)
2022-08-08 10:53:02 +02:00
Eli Schwartz
3a382bf86b meson: fix broken boolean kwarg
Everywhere else that `conf.get('ENABLE_*')` is used as a boolean key for
something (for example in if statements) it always checks if == 1, but
in this one case it neglects to do so. This is important because
conf.get yields the same int that was stored, but if statements require
booleans.

So does executable's "install" kwarg, at least according to the
documentation. In actuality, it accepts all types without sanity
checking, then uses python "if bool(var)", so you can actually do
`install: 'do not'` and that's treated identical to `true`. This is a
type-checking bug which Meson will eventually fix.

muon fails on the same code, today.

(cherry picked from commit 9e4a50bcdf7a275766e4f5c7af012c32bc22128d)
2022-08-08 10:52:49 +02:00
Cristian Rodríguez
ca0ed3a78c gcrypt: prefer the OS RNG
by default, gcrypt defaults to an userspace RNG, this is
the wrong thing (tm) to do on linux.

Switch to the SYSTEM rng instead.

(cherry picked from commit 80f967311ac53ae43b5a26332f32cc6665661338)
2022-08-08 10:49:52 +02:00
Fei Li
e7d635f0b9 virt: detect KubeVirt instance
Kubevirt is currently technically based on KVM (but not xen yet[1]).
The systemd-detect-virt command, used to differentiate the current
virtualization environment, works fine on x86 relying on CPUID, while
fails to get the correct value (none instead of kvm) on aarch64.

Let's fix this by adding a new 'vendor[KubeVirt] = kvm' classification
considering the sys_vendor is always KubeVirt.

[1] https://groups.google.com/g/kubevirt-dev/c/C6cUgzTOsVg

Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
(cherry picked from commit c15d1ac2c4e8ce46c6d07621f7d5531cbc2160a8)
2022-08-08 10:49:39 +02:00
Yu Watanabe
2391c031a6 resolve: mdns: calculate required packet size to store questions and authorities
Otherwise, if we have many cached entries or pending transactions with
TYPE_ANY, then dns_transaction_make_packet_mdns() fails with -EMSGSIZE.

This also fixes use-after-free.

Fixes #23894.

(cherry picked from commit 325513bc776c739a814996cc5c483235ca92be86)
2022-08-08 10:44:15 +02:00
Vishal Chillara Srinivas
ef6c379089 RFC 6762 section 7.1: a Multicast DNS querier SHOULD NOT include records in the
Known-Answer list whose remaining TTL is less than half of their original TTL

(cherry picked from commit f941c124273ac1b3bce0029f69f9664ba6f01f7f)
2022-08-08 10:44:09 +02:00
Yu Watanabe
b61a61ec53 resolve: do not trigger assertions on invalid query
(cherry picked from commit 055acd4d8b385fd9ff29e49e0c46856a9e705433)
2022-08-08 10:43:05 +02:00
Yu Watanabe
0070302b3c resolve: mdns_packet_extract_matching_rrs() may return 0
Fixes the following assertion:
---
Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting.
---

(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad)
2022-08-08 10:43:00 +02:00
Yu Watanabe
d6a637fbe6 resolve: shorten code a bit
(cherry picked from commit d3887b2b484004f6d5b393f57b01fe2eb917981f)
2022-08-08 10:42:53 +02:00
Yu Watanabe
45c5fec1c0 resolve: introduce dns_transaction_setup_timeout()
This also fixes timeout in dns_transaction_make_packet_mdns(), which was
incremented multiple times.

(cherry picked from commit 87b91644dbc14d9cdf4c614a3ac2dd8c15733cf6)
2022-08-08 10:42:50 +02:00
Yu Watanabe
41810cb166 resolve: fix misuse of accuracy parameter in sd_event_add_time()
Also, this makes mDNS regular queries sent without delay (except for
one caused by the default accuracy of sd-event).

Note, RFC 6762 Section 5.2 is about continuous mDNS query, which is not
implemented yet.

(cherry picked from commit 765647ba805727e93ac8607e38c7b60da2aab2dd)
2022-08-08 10:42:41 +02:00
Yu Watanabe
a1edebfde0 resolve: drop unnecessary else, and add short comment
(cherry picked from commit 4b2ceb8a48c3aeef4147e335b5f31bc2ed4aa6fb)
2022-08-08 10:42:29 +02:00
Yu Watanabe
e832a277ea resolve: mdns: fix use-after-free
Fixes #23843 and #23873.

(cherry picked from commit d50a58e7252b763043485aa79a61094bfae9d7ff)
2022-08-08 10:42:07 +02:00