IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As explained in [0] the 'hosts' database uses deprecated
gethostbyname2() which uses AF_INET6 instead of AF_UNSPEC for IPv6
lookups which is broken and makes the test fail with disabled IPv6.
[0] https://github.com/systemd/systemd/pull/28136#issuecomment-1974901039
(cherry picked from commit 4e5a7e19232bb91b0bc4d2c34146245926de9ed4)
(cherry picked from commit 7e53b1e7bb649f5a8caba1cf0fa7ddafbd0e4fca)
(cherry picked from commit c7a9083b023a6ddaa6916a94390ba1ed8916f726)
Due to systemd/systemd#30886, relying on _SYSTEMD_UNIT= matching might
be unreliable in some cases (with glibc 2.39+) as the journal message
might be missing certain metadata. Since the fix for that issue is too
risky to backport, let's just fall back to SYSLOG_IDENTIFIER= matching
that doesn't seem to have this issue, so we can still run the
"problematic" tests just with some minimal tweaks.
This leaves the skip (from 2d6e263) for the LogFilteringPatterns= stuff
in place, because falling back to SYSLOG_IDENTIFIER= matching doesn't
work there - the output from that tests becomes very weird and I suspect
there's a bug somewhere. However, the same behavior occurs even with the
latest main, so it's not something that's caused by the v255-stable
branch.
v255-only
Partially reverts 2d6e26342997dfc03753e6e6787f950f2fed30df.
(cherry picked from commit 8c0e504eb5d0d0a18296a18a288c9dc611f2c45d)
(cherry picked from commit af9f6b471b299826db3ea66b98e1fdf0f8a5ddd0)
Since [0] delv no longer does that automagically, so we have to that
explicitly with each delv invocation.
Resolves: #30477
[0] c144fd2871
(cherry picked from commit 438c7cb20e83a3b88f6accc3e78d3da5e21f6db2)
(cherry picked from commit d62f1bbe31e45059113fcc82957e4c5cb0d7d69e)
(cherry picked from commit e7b9528e3ab9aa98e2b0e18cc7c56295b0cc05a5)
In etc_hosts_lookup_by_name(), return the canonical name of the resolved
address instead of the name used to obtain that address.
Resolves: #20158
(cherry picked from commit 1ddc2f7fbceea4fb051eeb50d356285c7ef9519b)
In etc_hosts_lookup_by_address(), make sure the canonical name of the given
address is returned first in the list of names that address resolves to.
Resolves: #25088
(cherry picked from commit 0ff8f2a33a8f7c225860388faf43fa83f106cfe3)
Without enabling itx, there's no symlink to the org.freedesktop.resolve1
dbus service, so there exists a tiny window in which the sequence of
`systemctl start` and `systemctl service-log-level` commands might fail:
[ 1127.615151] H systemd[1]: Started Network Name Resolution.
[ 1127.617768] H testsuite-75.sh[34]: + systemctl service-log-level systemd-resolved.service debug
[ 1127.621251] H dbus-daemon[54]: [system] Activating via systemd: service name='org.freedesktop.resolve1' unit='dbus-org.freedesktop.resolve1.service' requested by ':1.24' (uid=0 pid=119 comm="systemctl service-log-level systemd-resolved>
[ 1127.621336] H systemd[1]: dbus-org.freedesktop.resolve1.service: Failed to load configuration: No such file or directory
[ 1127.621364] H systemd[1]: dbus-org.freedesktop.resolve1.service: Trying to enqueue job dbus-org.freedesktop.resolve1.service/start/replace
[ 1127.621395] H systemd[1]: D-Bus activation failed for dbus-org.freedesktop.resolve1.service: Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.621965] H dbus-daemon[54]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.resolve1.service': Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.622046] H systemd[1]: systemd-resolved.service: D-Bus name org.freedesktop.resolve1 now owned by :1.25
[ 1127.622130] H systemctl[119]: Failed to set log level of org.freedesktop.resolve1 to debug: Unit dbus-org.freedesktop.resolve1.service not found.
Spotted in a couple of recent Ubuntu CI runs.
(cherry picked from commit 6de63760756b489fda4790644fcbb99a3b2aff81)
This reverts commit 5dd34c2604567320707625bc009cf01c3769605f.
`resolvectl monitor` sends notify event, and systemd-run wait for the
service being in active state. Hence, the loop is not necessary.
Let's remove some sleep loops, and instead:
1. Use Type=notify to wait until "resolvectl monitor" successfully
installed its monitor, so that we know that queries enqueued later
will definitely be seen.
2. Use "grep -m1" to watch "journalctl -f" output to wait precisely for
the RR data we want to see, and immediately exit.
This shortens code quite a bit, and should make it more robust.
Let's parse the resolved JSON notifications via `jq` and check them in a
bit more "controlled" manner - e.g. until now the `grep` was checking just
a one gigantic JSON string, as all received notifications via the
varlink socket are terminated by a NUL character, not a newline.
Also, as the notification delivery is asynchronous, retry the check
a couple of times if it fails (spotted in C8S jobs):
```
[ 2891.935879] testsuite-75.sh[36]: + : '--- nss-resolve/nss-myhostname tests'
[ 2891.935988] testsuite-75.sh[36]: + run getent -s resolve hosts ns1.unsigned.test
[ 2891.936542] testsuite-75.sh[177]: + getent -s resolve hosts ns1.unsigned.test
[ 2891.937499] testsuite-75.sh[178]: + tee /tmp/tmp.pqjNvbQ2eS
[ 2891.939977] testsuite-75.sh[178]: 10.0.0.1 ns1.unsigned.test
[ 2891.940258] testsuite-75.sh[36]: + grep -qE '^10\.0\.0\.1\s+ns1\.unsigned\.test' /tmp/tmp.pqjNvbQ2eS
[ 2891.942235] testsuite-75.sh[189]: + grep -qF '[10,0,0,1]'
[ 2891.942577] testsuite-75.sh[188]: + grep -aF ns1.unsigned.test /tmp/notifications.txt
[ 2891.943978] systemd[1]: testsuite-75.service: Child 36 belongs to testsuite-75.service.
[ 2891.944112] systemd[1]: testsuite-75.service: Main process exited, code=exited, status=1/FAILURE
[ 2891.944215] systemd[1]: testsuite-75.service: Failed with result 'exit-code'.
```
* The new varlink interface exposes a method to subscribe to DNS
resolutions on the system. The socket permissions are open for owner and
group only.
* Notifications are sent to subscriber(s), if any, after successful
resolution of A and AAAA records.
This feature could be used by applications for auditing/logging services
downstream of the resolver. It could also be used to asynchronously
update the firewall. For example, a system that has a tightly configured
firewall could open up connections selectively to known good hosts based
on a known allow-list of hostnames. Of course, updating the firewall
asynchronously will require other design considerations (such as
queueing packets in the user space while a verdict is made).
See also:
https://lists.freedesktop.org/archives/systemd-devel/2022-August/048202.htmlhttps://lists.freedesktop.org/archives/systemd-devel/2022-February/047441.html
delv on Ubuntu defaults to /etc/bind/bind.keys instead of /etc/bind.keys
when reading trust anchors, so let's create a symlink to make the test
work there as well.
Resolves: #24453
