IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
With gcc-14.0.1-0.13.fc40, when compiling with -O2, the compiler doesn't understand
that sd_bus_error_setf() always returns negative on error when <name> is provided:
[28/576] Compiling C object systemd-resolved.p/src_resolve_resolved-bus.c.o
../src/resolve/resolved-bus.c: In function ‘call_link_method’:
../src/resolve/resolved-bus.c:1763:16: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized]
1763 | return handler(message, l, error);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
../src/resolve/resolved-bus.c:1749:15: note: ‘l’ was declared here
1749 | Link *l;
| ^
../src/resolve/resolved-bus.c: In function ‘bus_method_get_link’:
../src/resolve/resolved-bus.c:1822:13: warning: ‘l’ may be used uninitialized [-Wmaybe-uninitialized]
1822 | p = link_bus_path(l);
| ^~~~~~~~~~~~~~~~
../src/resolve/resolved-bus.c:1810:15: note: ‘l’ was declared here
1810 | Link *l;
| ^
...
Let's make the assertion a bit more explicit. With this, the warning goes away,
but I think it's more obvious to a human reader too.
(cherry picked from commit 41733186c4a946dd92fcfe754ce0f8f3c0737538)
(cherry picked from commit f4d943f2bebb0be542e2f014cc41052e1963010a)
(cherry picked from commit 20702e63dcb8e81704245ee704b3d4940f5e1174)
When compiled with -O2, the compiler is not happy about dynamic_user_pop() and
would warn about the output variables not being set. It does have a point:
we were doing a cast from ssize_t to int, and theoretically there could be
wraparound. So let's add an explicit check that the cast to int is fine.
[540/2509] Compiling C object src/core/libsystemd-core-256.so.p/dynamic-user.c.o
../src/core/dynamic-user.c: In function ‘dynamic_user_close.isra’:
../src/core/dynamic-user.c:580:9: warning: ‘uid’ may be used uninitialized [-Wmaybe-uninitialized]
580 | unlink_uid_lock(lock_fd, uid, d->name);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/core/dynamic-user.c:560:15: note: ‘uid’ was declared here
560 | uid_t uid;
| ^~~
../src/core/dynamic-user.c: In function ‘dynamic_user_realize’:
../src/core/dynamic-user.c:476:29: warning: ‘new_uid’ may be used uninitialized [-Wmaybe-uninitialized]
476 | num = new_uid;
| ~~~~^~~~~~~~~
../src/core/dynamic-user.c:398:23: note: ‘new_uid’ was declared here
398 | uid_t new_uid;
| ^~~~~~~
(cherry picked from commit 741f6ae39be136f65fbc7fe424b7087f3ad23b0b)
(cherry picked from commit fcc33169501b1dc8d480faa16f9f3b2e4fac05d0)
(cherry picked from commit 7a99aba0f239627ed8e7aa8a49aa445216013183)
(cherry picked from commit a7d8cacce0cb0451701b81db818d9e5921574f51)
(cherry picked from commit 47b642c4cacd55760902b55ec8cd1502bc82a9af)
(cherry picked from commit 35b716dd23ed7e417ae1240f4dca99852c26d0d6)
On s390x both __s390__ and __s390x__ are defined, and with the original
order we'd go through the __s390__ branch and emit a warning:
[169/2118] Compiling C object src/shared/libsystemd-shared-256.a.p/base-filesystem.c.o
../src/shared/base-filesystem.c:136:11: note: ‘#pragma message: Please add an entry above specifying whether your architecture uses /lib64/, /lib32/, or no such links.’
136 | # pragma message "Please add an entry above specifying whether your architecture uses /lib64/, /lib32/, or no such links."
| ^~~~~~~
(cherry picked from commit 1d07188b159878fc025cbd81bcaad3ba333bbb1c)
(cherry picked from commit 23f1dbd8294f87bb38edf33ebddaea83e05f576b)
(cherry picked from commit 88ab8c4825d50f71b082b4b52fb10845ff47824a)
Follow-up for e0504dd011189d97a1ea813aabfe1e696742bcf5.
Hopefully, devices in PCI subsystem have some properties, thus have
their udev database file. But, that may not be true. Here, we only read
sysattrs of enumerated devices, hence it is not necessary to check if
the device is initialized or not.
(cherry picked from commit 9990552f9a26cfb07ef3edaad846543bdd013b10)
(cherry picked from commit 029341790ced0a82bbf075c923c196d405732541)
(cherry picked from commit e6e77739eb0b214ed9615d9e34d36d7c59e96f97)
This makes sure we mention the word "watchdog" in every log message
related to the watchdog.
Also, this uses the expression "hardware timeout" when referring to the
primary timeout of the watchdog, as opposed to the "pretimeout".
(Not ideal wording I know, but it's preexisting to some point, I just
continued it. I think it's OK though, in particular to underline the
difference to the software watchdog logic we implement via WATCHDOG= in
sd_notify().)
Fixes: #31662
(cherry picked from commit 99a1ef8c9cdcb0fc15265533dae2bbd8f2d7a3a5)
(cherry picked from commit 5a36f5eb49fc0e5ef2cfd1223f8c8b87699e57e3)
(cherry picked from commit f66d5d3a8b0bbcf44803bbe71a4b0f1d8923a267)
Useful to track what is being used and when
(cherry picked from commit dd6c0df65cd9c0c19cbd655772824c90125347b4)
(cherry picked from commit 68cd53ff2a475b7592ebe1e77e685ec47eeb292f)
(cherry picked from commit 560d6731b4f21408a02c4984f2118f42bc21931b)
Also restructure ifdef to avoid confusing vscode
Follow-up for 87e462f71361a47b154865dc14032a27580dd4cb
(cherry picked from commit e5d4adb173ccff55bad21238ef82914e0c9d6a1d)
(cherry picked from commit 9fa444041a5a61588a88af75343bf2198e18d147)
(cherry picked from commit 0dad8b47dbdbda172dd236312de53e1a45b15af1)
If SD_BUS_METHOD_WITH_ARGS() is set with SD_BUS_NO_ARGS and/or SD_BUS_NO_RESULT,
then it introduces
_SD_VARARGS_FOREACH_EVEN(_SD_ECHO, NULL)
-> _SD_VARARGS_FOREACH_SEQ(_01, …, _50, NULL)
Hence, the variadic argument `...` in _SD_VARARGS_FOREACH_SEQ() has no
argument, but it is not allowed if built without GNU extension, e.g. -std=c11.
Let's introduce one more unused dummy argument to support such situation.
(cherry picked from commit e10409ad55dccda89a1f1ca23c6dabca20488d51)
(cherry picked from commit a4777db300481c872d81baf7d0523b4b54202881)
(cherry picked from commit 4ebade123545fa553f2bfe64e03e97789d9be031)
(cherry picked from commit 2548ce6a30a1183a7bbbd699aafdf81249a5fe4e)
(cherry picked from commit 52f60014056dcf3e5efd5edf0c67b721a18e723c)
(cherry picked from commit ea8070be46548f23e863504737a01d39fab2050b)
STRLEN() and xsprintf() is our internal macros.
(cherry picked from commit 06d0dcc009f6d8b16d02f65fc20f7e1d76c77721)
(cherry picked from commit ea94162096cef586d3a1b03c45ea530a2dab2652)
(cherry picked from commit 4a7d09423ea721f40da72bef8ba34559f57758bb)
This patch fixes an issue where, when not specifiying either at least one
`SocketBindAllow` or `SocketBindDeny` rule, behavior for the bind syscall
filtering would be unexpected.
For example, when trying to bind to a port with only "SocketBindDeny=any"
given, the syscall would succeed:
> systemd-run -t -p "SocketBindDeny=any" nc -l 8080
Expected with this set of rules (also in accordance with the documentation)
would be an Operation not permitted error.
This behavior occurs because a default initialized socket_bind_rule struct
matches what "any" represents. When creating the bpf list all elements get
default initialized, as such represeting "any". Seemingly it is necressarry
to set the size of the map to at least one, as such if no allow rule is
given default initialization and minimal map size cause one any allow rule
to be in the map, causing the behavior observed above.
This patch solves this by introducing a new "match nothing" magic stored in
the rule's address family and setting such a rule as the first one if no
rule is given, making sure that default initialized rule structs are never
used.
Resolves#30556
(cherry picked from commit f2cb9d17da9c47d11ebeac00c75dd3d788ec1fc3)
(cherry picked from commit 30897ddf5018da21266e4b8a28a4a925c4681de4)
(cherry picked from commit a50552c443e5730446b2b907275f9b15b0cc8b1e)
(cherry picked from commit 245bd4af99094e5727727fb0459ed6cb7b78b56a)
(cherry picked from commit 892641af224218a7cae25ddc602d3fa2944de151)
(cherry picked from commit 6a7b65a6182f0ce7c1e663f76996deca5b38d6c6)
When validating, when we lookup a DNSKEY for validation we will almost
certainly need the corresponding DS to complete the chain of trust.
Let's go ahead and request it right away so that we don't have to wait
in this common case.
(cherry picked from commit ce5b9d5b3c2466dd35691be0a662c4e3353a2bbf)
(cherry picked from commit ec3f8748fc5566538e2acd39ddbe36cedd80923f)
(cherry picked from commit df41dfab419f2aef664f4fb2868e37786e687ea9)
When validating insecure delegations we don't actually need to request
the SOA for every single dns label. We need the DS records for the zone,
and we can seek them by querying for DS directly (in case we are at a
zone cut) and then following the SOA referrals or the parent name until
we have found a chain of trust.
Extra transactions and roundtrips, especially transactions for RRs that
aren't actually needed to validate and therefore aren't likely to be in
the recursive resolver's own cache are a big slowdown during validation.
Consequently, this change results in an enourmous speed up in validating
most names from our own cold-cache (10x or more), by eliminating a large
number of superfluous dnssec transactions.
(cherry picked from commit 47690634f157150e7b69c832d1f2d64d18b3f124)
(cherry picked from commit 186f9daf431ef4d1093241266b0af3b25cc62265)
(cherry picked from commit 7cbf8db2822629bc669497e5324cd65f6e020bc4)
For "kernel-install remove ..." only the kernel version is passed, not
the kernel image. So auto-detecting KERNEL_INSTALL_IMAGE_TYPE and
setting KERNEL_INSTALL_LAYOUT does not work for uninstall.
The 90-uki-copy.install plugin must consider this and *not* exit early
for the "remove" command, otherwise $BOOT_ROOT will be filled with stale
kernel images.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 3037616d8ed68f3263746e3c6399d4a05242068b)
(cherry picked from commit fc353a59c5e1c5d5454d8dc9f9f95c349d427519)
(cherry picked from commit e7a2e3854146881192f47d5d0e6d54f2f2df5bd0)
The RFC6763 § 9 recommendation is to advertise only the two-label
service names.
Fixes: 88123aa21c26 ("dnssd: support service subtypes")
(cherry picked from commit cd40efc671e9bfbefb70e409afc2fab62948ae1f)
(cherry picked from commit d5fbe960a89e8c8dbcbd58cbfbf1818da4665412)
(cherry picked from commit de72d21a52238445e3c84638eb14a1bc288ccb5b)
In some cases when a query completes there are still pending
transactions that are no longer useful to answer the query. But if this
query is repeated in the future and we don't have the answers cached,
we're going to ask and ignore the answer again.
Instead of purging these superfluous transactions, let's wait and see if
they produce an answer, since we already asked the question, and use it
to fill our cache.
(cherry picked from commit ce880172552534e7416ae3af697053c0df58b770)
(cherry picked from commit da474b440dc5952f32c598ad47306ed9a26c251a)
(cherry picked from commit 3423d79792bc4c377badc53900294482622a3503)
The service will use either, so let's make sure either of them starts
the service as well.
(cherry picked from commit c0aeff4b999318d4da48328fff0ea93c8c457ace)
(cherry picked from commit c15d8f5c4490e2a4646bd75d18ecd5baca1225c2)
(cherry picked from commit f6d8d6cb0599e9f742622acdbda52c3125975a90)
(cherry picked from commit 3623a7ea831b22105deb0d12114b00e666082708)
(cherry picked from commit 36ecc6f0ad48a38ca3c0ac5acdf80ef92734b043)
(cherry picked from commit b323db294a5a2c604f5772b58954695dbf252a4f)
The specified vendor UUID is not actually a UUID. This changes it to an actual UUID.
The new value matches the ones from the systemd-boot man page and [The Boot Loader Interface](https://systemd.io/BOOT_LOADER_INTERFACE/).
(cherry picked from commit c6d0c6688ee7b0bb4575ab3e96655fd316543c95)
(cherry picked from commit aa7b8471806136f52287b1737b88bed9d4f221a9)
(cherry picked from commit 53cc058d34a76ccf278ccefd1330a34b033a65bf)
(cherry picked from commit d3d880e558e608de351c0b518c10953cba2ed0b3)
(cherry picked from commit 5df96d470fea91b29279e3ae7ff31deff907f751)
(cherry picked from commit 995f8ea71b958c8cdca07330b75dd0374ebf45c1)
Pass the password into mount.cifs via a file descriptor, rather
than putting it into a plain-text file in /tmp. This uses the $PASSWD_FD
environment variable, which is undocumented but has existed since
forever (initial commit from 2010 [1] has it already)
[1]:
https://git.samba.org/?p=cifs-utils.git;a=blob;f=mount.cifs.c;hb=ce0b1609a9eedce6c5eb20eab287ea44217c0a6a#l1477
(cherry picked from commit 606a1f203c8871871bc8c5833d66ccbef870b010)
(cherry picked from commit 29b632ff675b371f6373463f7fd22904026c2d34)
(cherry picked from commit afe5978a5852e7896794aba08fd110872634ba12)
And convert some pieces of code over.
(cherry picked from commit b20e9dc51596f787b0e0c6c2d4d21485e8d670c9)
(cherry picked from commit 855cc5e81a9e3e3aeb21e4003e188e2cd734bf83)
(cherry picked from commit 9b6a2c0705f8b57a98721d726232501a4d4ceb82)
In some cases we refuse a query based on the RR type, mostly old
deprecated types. Let's return NOTIMP in this case, which best
communicates why the query failed.
(cherry picked from commit 591810c02eb01118961a4cd53c7f3ebf3e091a10)
(cherry picked from commit d06f2485ca73ad456a40a187cbb82678fec4f007)
(cherry picked from commit 187d3399ed9a8102902e56591499ff5aa8b78a5d)
In some cases there is no configured server to answer a given question,
because all scopes refused the query. In this case we currently return
rcode SERVFAIL.
In dns it is customary for authoritative nameservers to return REFUSED
where the question is outside of their authority. This is better than
SERVFAIL because it informs the client that they aren't likely to get an
answer out of us anytime soon, and either the configuration, or the
query, need to change.
Similar logic invites us to use use the rcode REFUSED on the stub if we
aren't configured with any suitable scope for this question.
(cherry picked from commit 4f2da49fcd333dcd1542278dce5b9642dcdeb984)
(cherry picked from commit 6669973c3f1bc9e93776da0a91e7e75c58630c3a)
(cherry picked from commit c7d8464d33b66211beaf95bf46314af233a40722)
The name resolver.arpa is reserved for RFC9462 "Discovery of Designated
Resolvers" (DDR). This relies on regular dns queries for SVCB records at
the special use domain name _dns.resolver.arpa. Unfortunately, older
nameservers (or broken ones) won't know about this SUDN and will likely
return NXDOMAIN. If this is cached, the cache entry will become an
impediment for any clients trying to discover designated resolvers
through the stub-resolver, or potentially even sd-resolved itself, were
it to implement DDR.
The RFC recommendation is that "clients MUST NOT perform A or AAAA
queries for resolver.arpa", and "resolvers SHOULD respond to queries of
any type other than SVCB for _dns.resolver.arpa. with NODATA and queries
of any type for any domain name under resolver.arpa with NODATA." which
should help avoid potential compatibility issues. This enforces that
condition within sd-resolved, and avoids caching any such erroneous
NXDOMAIN.
The RFC also recommends requests for this domain should never be
forwarded, to prevent authentication failures. Since there isn't much
point in establishing secure communication to the local stub, we still
allow SVCB to be forwarded from the stub, in case the client cares to
implement some other authentication method and understands the
consequences of skipping the local stub. Normal clients are not
expected to implement DDR, but this change will protect sd-resolved's
own caches in case they try.
Although A and AAAA are prohibited, I think validating resolvers
might reasonably query for dnssec records, even though the resolver.arpa
zone does not exist (it is declared to be a locally served zone). For
this reason, I have also added resolver.arpa to the builtin dnssec NTA.
(cherry picked from commit abcc94b351ad030bce63568f6c4bc3f97fbaa109)
(cherry picked from commit 434666dcd54f2cd0e347320b0ea623c6133303cd)
(cherry picked from commit ec80f083b6eed5498a9818e111855bfc650176d6)
From RFC 8880:
Because the 'ipv4only.arpa' zone has to be an insecure delegation,
DNSSEC cannot be used to protect these answers from tampering by
malicious devices on the path.
Consequently, the 'ipv4only.arpa' zone MUST be an insecure delegation to
give DNS64/NAT64 gateways the freedom to synthesize answers to those
queries at will, without the answers being rejected by DNSSEC-capable
resolvers. DNSSEC-capable resolvers that follow this specification MUST
NOT attempt to validate answers received in response to queries for the
IPv6 AAAA address records for 'ipv4only.arpa'. Note that the name
'ipv4only.arpa' has no use outside of being used for this special DNS
pseudo-query used to learn the DNS64/NAT64 address synthesis prefix, so
the lack of DNSSEC security for that name is not a problem.
See: https://datatracker.ietf.org/doc/html/rfc8880#name-security-considerations
(cherry picked from commit 7406ebd5b6949999e94d50dbce4ee7ff41fcced0)
(cherry picked from commit 7c8ec6493043d77a3bd58577455be3b15edee0d9)
(cherry picked from commit 22549ff4735d0820934b942998a066a6c612f7b2)
(cherry picked from commit a8e6d2fa362ddeefde83196fff2acbe88e7ee56c)
(cherry picked from commit 51ce64ed663cdd08c58b8812da8048ba9b718e00)
The service parsing/using this directory is systemd-timedated, not
systemd-timesyncd.
(cherry picked from commit 73d8990930b0d84067331c65f0f7731fd76822a4)
(cherry picked from commit 4985c7069e3848009a93791c0ae1d7c9574c93a7)
(cherry picked from commit 9b83f8a2f2f3401dc5998a07073c9daaf2738bf2)
Previously all queries to the reverse mapping domains (in-addr.arpa and
ip6.arpa) were considered to be in-scope for mdns and llmnr at the same
priority as DNS. This caused sd-resolved to ignore NXDOMAIN responses
from dns in favor of lengthy timeouts.
This narrows the scope of mdns and llmnr so they are not invariably
considered as fallbacks for these domains. Now, mdns/llmnr on a link
will only be used as a fallback when there is no suitable DNS scope, and
when that link is DefaultRoute.
(cherry picked from commit da920fe176bd77f2ab36024ed5002a32108fc144)
(cherry picked from commit 28472e792b44c7acc23e5441329b6a1379fa39af)
(cherry picked from commit a0e52716a3dbcd7d462b6a6f444ddc179f193490)
with ExitType=cgroup
It's not clear to me what the rationale of the logic was
when ExitType=cgroup got introduced. But similar to
the previous commit, I think we should not transition to
'start-post' on cgroup empty event. This is especially
important for Type=dbus/notify services.
(cherry picked from commit f52e9ed62bc27cbb04f8f41bb2c60d2b540e023e)
(cherry picked from commit 9f4f1a1a37dbf306fb3b4032fcf467d7d469dbaf)
(cherry picked from commit d7dfe88413830380e0d2413abbc0bcc6577f9dff)
when ExitType=cgroup and main process exits
Follow-up for ef4300654e70e76ed74f7d544e0f44c5d92fb698
(cherry picked from commit 1651ce09c049d7dae1b987f0a74d54e7c1bc3231)
(cherry picked from commit e2ac714783fca20abcbe721cba7cdfbf36a6635d)
(cherry picked from commit d4d2e5f47b53ec52b6ae8db080b9b51aa4fefb5a)
As explained in [0] the 'hosts' database uses deprecated
gethostbyname2() which uses AF_INET6 instead of AF_UNSPEC for IPv6
lookups which is broken and makes the test fail with disabled IPv6.
[0] https://github.com/systemd/systemd/pull/28136#issuecomment-1974901039
(cherry picked from commit 4e5a7e19232bb91b0bc4d2c34146245926de9ed4)
(cherry picked from commit 7e53b1e7bb649f5a8caba1cf0fa7ddafbd0e4fca)
(cherry picked from commit c7a9083b023a6ddaa6916a94390ba1ed8916f726)
Fixes: #13730 (original reporter's log shows the TCP connection needed
to time out first)
(cherry picked from commit 7addc530ac0ca1928103c715d9d6b1dafbcb36be)
(cherry picked from commit 98f21822d6c2fd042eca69889de298b8c3cd919b)
(cherry picked from commit 79451ab67ae0886808fea14788911478ae4b72b9)
When building with ENABLE_DEBUG_HASHMAP we can pack the hashmap iterator
structure a bit better.
Fixes: #31558
(cherry picked from commit e28b70a52752a3da6d517982f33a9b1ee85f3f37)
(cherry picked from commit cbfc0c772918b52d9b61a7b00e57b19f11972672)
(cherry picked from commit 417fe7b0dd9e456ec9fb175a802e6976d017417e)
SO_BINDTODEVICE was used during connect() to fix an issue where
IP_UNICAST_IF was improperly ignored for route lookups made by connect
in linux. This has since been resolved upstream [1][2], but as a result
we must apply the local socket excpetion to IP_UNICAST_IF as well.
The SO_BINDTODEVICE is no longer necessary, but left in place for 5.x
kernels.
[1] https://lore.kernel.org/all/20220829111554.GA1771@debian/
[2] https://lore.kernel.org/all/20221208145437.GA75680@debian/
(cherry picked from commit 51d056858eadc3068633b32c78acf248e0974f26)
(cherry picked from commit 78579f8b45ab22611ebc3b3e88564e83c38eac55)
(cherry picked from commit 3b711f7f64343b760163b899f594d7bef86b4095)
We should validate this explicitly and generate a clear error string,
rather then hit an assert() later in the code.
(cherry picked from commit 5f76155e65ac21aca1ccbe945f1bfdd7feeb270b)
(cherry picked from commit 39770716e0dbe684b75175b5ec98a9ec16eaaa0d)
(cherry picked from commit f0f984390175587ef33b327fcd7435b22652ee55)
This makes it easier for people packaging kernel-install plugins
to get the path right.
E.g. https://src.fedoraproject.org/rpms/python-virt-firmware/pull-request/3
fixes an issue where %{_libdir}/kernel/install.d was used,
which gives incorrect results on 64-bit architectures.
%_kernel_install_dir will make this even easier.
(cherry picked from commit 5248a0c5b344c0b8cb18dee5206836cd61e6bd46)
(cherry picked from commit b25bd391892112527597d00b82e96f0f0b6399ea)
(cherry picked from commit 2a34c7d60dbb37935169f903246b420f354aa114)
Follow-up for 143fadf369a18449464956206226761e49be1928
(cherry picked from commit 62b5bd3c8a17bad11cde728b0b592f9936e75648)
(cherry picked from commit 71e6fb4616f245a60fd5fbfe172cb3e878630355)
(cherry picked from commit fc17d9566ca57763378e6d3c3d90d9229d773d13)
Fixes: eccebf4b0dcb ("systemd-tmpfiles: deprecate F for f+")
(cherry picked from commit 0f1a5ecc1ae112fbc3a2536b70c6ee036f4126d3)
(cherry picked from commit 82f420cb0dcb2c5d214b4f27892c960d3ada729c)
(cherry picked from commit f58b817f2f76ccc4252f952cf76dbb0425618c96)
(cherry picked from commit c959e1782316f93464baf4f2fd15484bf84413ba)
(cherry picked from commit 4fb223fdc6c396b16d93f5288fb9a90d88c1a9c5)
(cherry picked from commit cff6c392c14de1a36cd95dbe7b8ae95091727679)
(cherry picked from commit da9e1f83222e618595279b3168473dfaa150ddb8)
(cherry picked from commit ffd829531c23b9e352e375a72458aa97352df9bc)
(cherry picked from commit 0ea962ea17253a866b1f06c483e6ddf8ccaf3790)
Due to systemd/systemd#30886, relying on _SYSTEMD_UNIT= matching might
be unreliable in some cases (with glibc 2.39+) as the journal message
might be missing certain metadata. Since the fix for that issue is too
risky to backport, let's just fall back to SYSLOG_IDENTIFIER= matching
that doesn't seem to have this issue, so we can still run the
"problematic" tests just with some minimal tweaks.
This leaves the skip (from 2d6e263) for the LogFilteringPatterns= stuff
in place, because falling back to SYSLOG_IDENTIFIER= matching doesn't
work there - the output from that tests becomes very weird and I suspect
there's a bug somewhere. However, the same behavior occurs even with the
latest main, so it's not something that's caused by the v255-stable
branch.
v255-only
Partially reverts 2d6e26342997dfc03753e6e6787f950f2fed30df.
(cherry picked from commit 8c0e504eb5d0d0a18296a18a288c9dc611f2c45d)
(cherry picked from commit af9f6b471b299826db3ea66b98e1fdf0f8a5ddd0)
The logs from TEST-69 still contain a lot of unnecessary shell
metacharacters, so to make the output more readable let's just set
TERM=dumb, instead of having to strip everything semi-manually. Also,
move the related --background= tweak to TEST-69, since it's relevant
only for that particular test.
Follow-up for 8d4bfd38ed941aa8003d7007145eccc01f52a5f6.
v255-only change: --background= is not supported in v255's sd-nspawn, so
that hunk is dropped
(cherry picked from commit 8d9cdb31f7cc41bb2252be70a2410030551aabde)
(cherry picked from commit 93c5ff05dcad782acdf87f4491b053c708a4eb45)
(cherry picked from commit 75d7263080c1c373666a334b873443118f047af2)
TEST-69 still occasionally times out in CI and appears to be stuck on
boot, so let's see if this helps the situation a bit.
(cherry picked from commit 515eb678a057099ee7e462ec83f71b199a368f8a)
(cherry picked from commit 67f620875294782cc4d8a029f97bb144979636bc)
(cherry picked from commit c77a839e9f9ad987c5f13b692d0c5de69bacfc8b)
So we capture the container's boot as well.
(cherry picked from commit 04f0c6752c10d152bc1884b2cc92b1f0b2df5de5)
(cherry picked from commit 8303b81fcdeb40cb39a810ce1c19d219b960f664)
(cherry picked from commit 0fd2f6cc93593322cd37195b140191368ea468b7)
Given that the test involves screen(1), sending various control sequences to
resize/clear the screen, most of the logs sent from the python script were
nearly impossible to read or mixed with other messages sent to the console
hence making the debug harder when the test is run manually.
This patch introduces an option to redirect the pexpect IOs into a file (to be
used in $STATEDIR/TEST-69-SHUTDOWN/run-nspawn).
The pexpect logs are also enabled later so the boot logs are skipped since
those are already included in the journal.
(cherry picked from commit cf14d1144717967ebdd150cb21ed5dc00e832a80)
(cherry picked from commit dcea9bc57852b6d86651fed02445cc1c9a772164)
(cherry picked from commit 9fbbd59f9d077b05e336cb511c61b4ff8e3d214f)
