1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

Merge pull request #15520 from mrc0mmand/various-codebase-improvements

tree-wide: various codebase improvements
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-04-22 08:41:38 +02:00 committed by GitHub
commit 2807b68019
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 78 additions and 66 deletions

6
NEWS
View File

@ -995,7 +995,7 @@ CHANGES WITH 243:
space if there are multiple devices with the highest priority. space if there are multiple devices with the highest priority.
* /etc/crypttab support has learnt a new keyfile-timeout= per-device * /etc/crypttab support has learnt a new keyfile-timeout= per-device
option that permits selecting the timout how long to wait for a option that permits selecting the timeout how long to wait for a
device with an encryption key before asking for the password. device with an encryption key before asking for the password.
* IOWeight= has learnt to properly set the IO weight when using the * IOWeight= has learnt to properly set the IO weight when using the
@ -3520,7 +3520,7 @@ CHANGES WITH 233:
that is removed when the container dies. Specifically, if the source that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay example usage is --overlay=+/var::/var, which creates an overlay
mount based on the original /var contained in the image, overlayed mount based on the original /var contained in the image, overlaid
with a temporary directory in the host's /var/tmp. This way changes with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down. to /var are automatically flushed when the container shuts down.
@ -6507,7 +6507,7 @@ CHANGES WITH 217:
* Calendar time specifications in .timer units now also * Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting "minutely" as shortcuts (in addition to the preexisting
"anually", "hourly", ...). "annually", "hourly", ...).
* systemd-tmpfiles will now correctly create files in /dev * systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is at boot which are marked for creation only at boot. It is

10
TODO
View File

@ -43,7 +43,7 @@ Features:
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it * systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates creates
* homed/userdb: distuingish passwords and recovery keys in the records, since * homed/userdb: distinguish passwords and recovery keys in the records, since
we probably want to use different PBKDF algorithms/settings for them: we probably want to use different PBKDF algorithms/settings for them:
passwords have low entropy but recovery keys should have good entropy key passwords have low entropy but recovery keys should have good entropy key
hence we can make them quicker to work. hence we can make them quicker to work.
@ -66,7 +66,7 @@ Features:
systemd-makefs.service instead. systemd-makefs.service instead.
* socket units: allow creating a udev monitor socket with ListenDevices= or so, * socket units: allow creating a udev monitor socket with ListenDevices= or so,
with matches, then actviate app thorugh that passing socket oveer with matches, then activate app through that passing socket over
* unify on openssl: * unify on openssl:
- port sd_id128_get_machine_app_specific() over from khash - port sd_id128_get_machine_app_specific() over from khash
@ -90,11 +90,11 @@ Features:
that the device paths stay the same, regardless if crypto is used or not. that the device paths stay the same, regardless if crypto is used or not.
* systemd-repart: by default generate minimized partition tables (i.e. tables * systemd-repart: by default generate minimized partition tables (i.e. tables
that only covere the space actually used, excluding any free space at the that only cover the space actually used, excluding any free space at the
end), in order to maximize dd'ability. Requires libfdisk work, see end), in order to maximize dd'ability. Requires libfdisk work, see
https://github.com/karelzak/util-linux/issues/907 https://github.com/karelzak/util-linux/issues/907
* systemd-repart: optionally, allow specifiying a path to initialize new * systemd-repart: optionally, allow specifying a path to initialize new
partitions from, i.e. an fs image file or a source device node. This would partitions from, i.e. an fs image file or a source device node. This would
then turn systemd-repart into a simple installer: with a few .repart files then turn systemd-repart into a simple installer: with a few .repart files
you could replicate the host system on another device. a full installer would you could replicate the host system on another device. a full installer would
@ -230,7 +230,7 @@ Features:
systemd --user is shut down. systemd --user is shut down.
- logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service - logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
- maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine) - maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
- distuingish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory) - distinguish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
- in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work - in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
- fingerprint authentication, pattern authentication, … - fingerprint authentication, pattern authentication, …
- make sure "classic" user records can also be managed by homed - make sure "classic" user records can also be managed by homed

View File

@ -1,6 +1,18 @@
@@ @@
/* Avoid running this transformation on the strempty function itself */ /* Avoid running this transformation on the strempty function itself and
position p : script:python() { p[0].current_element != "strempty" }; * on the "make_expression" macro in src/libsystemd/sd-bus/bus-convenience.c.
* As Coccinelle's Location object doesn't support macro "detection", use
* a pretty horrifying combo of specifying a file and a special "something_else"
* position element, which is, apparently, the default value of
* "current_element" before it's set (according to the source code), thus
* matching any "top level" position, including macros. Let's hope we never
* introduce a function called "something_else"...
*/
position p : script:python() {
not (p[0].current_element == "strempty" or
(p[0].file == "src/libsystemd/sd-bus/bus-convenience.c" and
p[0].current_element == "something_else"))
};
expression s; expression s;
@@ @@
( (

View File

@ -95,7 +95,7 @@ Note that the `$BOOT` partition is not supposed to be exclusive territory of
this specification. This specification only defines semantics of the `/loader/` this specification. This specification only defines semantics of the `/loader/`
directory inside the file system (see below), but it doesn't intend to define directory inside the file system (see below), but it doesn't intend to define
ownership of the whole file system exclusively. Boot loaders, firmware, and ownership of the whole file system exclusively. Boot loaders, firmware, and
other software implementating this specification may choose to place other other software implementing this specification may choose to place other
files and directories in the same file system. For example, boot loaders that files and directories in the same file system. For example, boot loaders that
implement this specification might install their own boot code into the `$BOOT` implement this specification might install their own boot code into the `$BOOT`
partition. On systems where `$BOOT` is the ESP this is a particularly common partition. On systems where `$BOOT` is the ESP this is a particularly common

View File

@ -39,7 +39,7 @@ The purpose of this grouping is to assign different priorities to the
applications. applications.
This could e.g. mean reserving memory to session processes, This could e.g. mean reserving memory to session processes,
preferentially killing background tasks in out-of-memory situations preferentially killing background tasks in out-of-memory situations
or assinging different memory/CPU/IO priorities to ensure that the session or assigning different memory/CPU/IO priorities to ensure that the session
runs smoothly under load. runs smoothly under load.
TODO: Will there be a default to place units into e.g. `apps.slice` by default TODO: Will there be a default to place units into e.g. `apps.slice` by default

View File

@ -147,7 +147,7 @@ directory-based storage mechanisms (`directory`, `subvolume` and `fscrypt`)
this is a bind mount, in case of `cifs` this is a CIFS network mount, and in this is a bind mount, in case of `cifs` this is a CIFS network mount, and in
case of the LUKS2 backend a regular block device mount of the file system case of the LUKS2 backend a regular block device mount of the file system
contained in the LUKS2 image. By requiring a mount for all cases (even for contained in the LUKS2 image. By requiring a mount for all cases (even for
those that already are a directory) a clear logic is defined to distuingish those that already are a directory) a clear logic is defined to distinguish
active and inactive home directories, so that the directories become active and inactive home directories, so that the directories become
inaccessible under their regular path the instant they are inaccessible under their regular path the instant they are
deactivated. Moreover, the `nosuid`, `nodev` and `noexec` flags configured in deactivated. Moreover, the `nosuid`, `nodev` and `noexec` flags configured in

View File

@ -95,7 +95,7 @@ services are listening there, that have special relevance:
2. `io.systemd.Multiplexer` → This service multiplexes client queries to all 2. `io.systemd.Multiplexer` → This service multiplexes client queries to all
other running services. It's supposed to simplify client development: in other running services. It's supposed to simplify client development: in
order to look up or enumerate user/group records it's sufficient to talk to order to look up or enumerate user/group records it's sufficient to talk to
one service instead of all of them in parallel. Note that it is not availabe one service instead of all of them in parallel. Note that it is not available
during earliest boot and final shutdown phases, hence for programs running during earliest boot and final shutdown phases, hence for programs running
in that context it is preferable to implement the parallel lookup in that context it is preferable to implement the parallel lookup
themselves. themselves.

View File

@ -157,7 +157,7 @@ it creates ambiguity in traditional `chown` syntax (which is still accepted
today) that uses it to separate user and group names in the command's today) that uses it to separate user and group names in the command's
parameter: without consulting the user/group databases it is not possible to parameter: without consulting the user/group databases it is not possible to
determine if a `chown` invocation would change just the owning user or both the determine if a `chown` invocation would change just the owning user or both the
owning user and group. It also allows embeddeding `@` (which is confusing to owning user and group. It also allows embedding `@` (which is confusing to
MTAs). MTAs).
## Common Core ## Common Core

View File

@ -170,7 +170,7 @@ emergency.service | | |
user units. For non-graphical sessions, <filename>default.target</filename> is used. Whenever the user user units. For non-graphical sessions, <filename>default.target</filename> is used. Whenever the user
logs into a graphical session, the login manager will start the logs into a graphical session, the login manager will start the
<filename>graphical-session.target</filename> target that is used to pull in units required for the <filename>graphical-session.target</filename> target that is used to pull in units required for the
grahpical session. A number of targets (shown on the right side) are started when specific hardware is graphical session. A number of targets (shown on the right side) are started when specific hardware is
available to the user.</para> available to the user.</para>
<programlisting> <programlisting>

View File

@ -50,7 +50,7 @@
<listitem><para>An individual LUKS2 encrypted loopback file for a user, stored in <listitem><para>An individual LUKS2 encrypted loopback file for a user, stored in
<filename>/home/*.home</filename>. At login the file system contained in this files is mounted, after <filename>/home/*.home</filename>. At login the file system contained in this files is mounted, after
the LUKS2 encrypted volume has been attached. The user's password is identical to the encryption the LUKS2 encrypted volume has been attached. The user's password is identical to the encryption
passphrase of the LUKS2 volume. Access to data without preceeding user authentication is thus not passphrase of the LUKS2 volume. Access to data without preceding user authentication is thus not
possible, even for the system administrator. This storage mechanism provides the strongest data possible, even for the system administrator. This storage mechanism provides the strongest data
security and is thus recommended.</para></listitem> security and is thus recommended.</para></listitem>
@ -267,7 +267,7 @@
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
independently, for example with <citerefentry independently, for example with <citerefentry
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
non-existant groups that are listed there are ignored. This option may be used more than once, in non-existent groups that are listed there are ignored. This option may be used more than once, in
which case all specified group lists are combined.</para></listitem> which case all specified group lists are combined.</para></listitem>
</varlistentry> </varlistentry>
@ -467,7 +467,7 @@
project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> or a project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> or a
similar tool. Use <option>--rlimit=LIMIT_NPROC=</option> to place a limit on the tasks actually similar tool. Use <option>--rlimit=LIMIT_NPROC=</option> to place a limit on the tasks actually
running under the UID of the user, thus excluding any child processes that might have changed user running under the UID of the user, thus excluding any child processes that might have changed user
identity. This controls the <varname>TasksMax=</varname> settting of the per-user systemd slice unit identity. This controls the <varname>TasksMax=</varname> setting of the per-user systemd slice unit
<filename>user-$UID.slice</filename>. See <filename>user-$UID.slice</filename>. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for further details.</para></listitem> for further details.</para></listitem>
@ -707,7 +707,7 @@
<varlistentry> <varlistentry>
<term><command>passwd</command> <replaceable>USER</replaceable></term> <term><command>passwd</command> <replaceable>USER</replaceable></term>
<listitem><para>Change the password of the specified home direcory/user account.</para></listitem> <listitem><para>Change the password of the specified home directory/user account.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -631,7 +631,7 @@
<varlistentry> <varlistentry>
<term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term> <term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term>
<listitem><para>Make pattern matching case sensitive or case insenstive.</para> <listitem><para>Make pattern matching case sensitive or case insensitive.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

View File

@ -70,7 +70,7 @@
<para>Turning this option on by default is highly recommended for all sessions, but only if the <para>Turning this option on by default is highly recommended for all sessions, but only if the
service managing these sessions correctly implements the aforementioned re-authentication. Note that service managing these sessions correctly implements the aforementioned re-authentication. Note that
the re-authentication must take place from a component runing outside of the user's context, so that the re-authentication must take place from a component running outside of the user's context, so that
it does not require access to the user's home directory for operation. Traditionally, most desktop it does not require access to the user's home directory for operation. Traditionally, most desktop
environments do not implement screen locking this way, and need to be updated environments do not implement screen locking this way, and need to be updated
accordingly.</para></listitem> accordingly.</para></listitem>

View File

@ -194,7 +194,7 @@
<listitem><para>When set to <literal>1</literal>, this device automatically <listitem><para>When set to <literal>1</literal>, this device automatically
generates a new and independent seat, which is named after the path of the generates a new and independent seat, which is named after the path of the
device. This is set for specialized USB hubs like the Plugable devices, which when device. This is set for specialized USB hubs like the Pluggable devices, which when
plugged in should create a hotplug seat without further configuration.</para> plugged in should create a hotplug seat without further configuration.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

View File

@ -50,7 +50,7 @@
<refsect1> <refsect1>
<title>Return Value</title> <title>Return Value</title>
<para>On success, theis functions return 0 or a positive integer. On failure, it returns a <para>On success, this functions return 0 or a positive integer. On failure, it returns a
negative errno-style error code.</para> negative errno-style error code.</para>
<refsect2> <refsect2>

View File

@ -86,7 +86,7 @@
<para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines <para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines
<function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is <function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is
performed and interation simply stops on error. See the example below.</para> performed and iteration simply stops on error. See the example below.</para>
</refsect1> </refsect1>
<refsect1> <refsect1>

View File

@ -66,7 +66,7 @@
file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
ID from this machine ID, in an irreversable (cryptographically secure) way. To make this easy ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy
<function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para> <function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
<para><function>sd_id128_get_machine_app_specific()</function> is similar to <para><function>sd_id128_get_machine_app_specific()</function> is similar to

View File

@ -1634,7 +1634,7 @@ RestrictNamespaces=~cgroup net</programlisting>
points of the file system namespace created for each process of this unit. Other file system namespacing unit points of the file system namespace created for each process of this unit. Other file system namespacing unit
settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and
unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount
points in the unit's file system namepace to <option>slave</option> first. Setting this option to points in the unit's file system namespace to <option>slave</option> first. Setting this option to
<option>shared</option> does not reestablish propagation in that case.</para> <option>shared</option> does not reestablish propagation in that case.</para>
<para>If not set but file system namespaces are enabled through another file system namespace unit setting <para>If not set but file system namespaces are enabled through another file system namespace unit setting

View File

@ -622,7 +622,7 @@
trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
routers are found on the link. The default is to disable RA reception for bridge devices or when IP routers are found on the link. The default is to disable RA reception for bridge devices or when IP
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
local adressing is disabled.</para> local addressing is disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the <para>Further settings for the IPv6 RA support may be configured in the
<literal>[IPv6AcceptRA]</literal> section, see below.</para> <literal>[IPv6AcceptRA]</literal> section, see below.</para>
@ -1625,7 +1625,7 @@
<varlistentry> <varlistentry>
<term><varname>SendDecline=</varname></term> <term><varname>SendDecline=</varname></term>
<listitem> <listitem>
<para>A boolen. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server. <para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again. the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.

View File

@ -199,7 +199,7 @@
option is used without <varname>RemainAfterExit=</varname> the service will never enter option is used without <varname>RemainAfterExit=</varname> the service will never enter
<literal>active</literal> unit state, but directly transition from <literal>activating</literal> <literal>active</literal> unit state, but directly transition from <literal>activating</literal>
to <literal>deactivating</literal> or <literal>dead</literal> since no process is configured that to <literal>deactivating</literal> or <literal>dead</literal> since no process is configured that
shall run continously. In particular this means that after a service of this type ran (and which shall run continuously. In particular this means that after a service of this type ran (and which
has <varname>RemainAfterExit=</varname> not set) it will not show up as started afterwards, but has <varname>RemainAfterExit=</varname> not set) it will not show up as started afterwards, but
as dead.</para></listitem> as dead.</para></listitem>
@ -568,7 +568,7 @@
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause <para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the start time to be extended beyond <varname>TimeoutStartSec=</varname>. The first receipt of this message the start time to be extended beyond <varname>TimeoutStartSec=</varname>. The first receipt of this message
must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has exended beyond must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has extended beyond
<varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start, provided <varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
startup status is finished by <literal>READY=1</literal>. (see startup status is finished by <literal>READY=1</literal>. (see
@ -595,7 +595,7 @@
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause <para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the stop time to be extended beyond <varname>TimeoutStopSec=</varname>. The first receipt of this message the stop time to be extended beyond <varname>TimeoutStopSec=</varname>. The first receipt of this message
must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has exended beyond must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has extended beyond
<varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop, provided <varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>). (see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
@ -624,7 +624,7 @@
<para>If a service of <varname>Type=notify</varname> handles <constant>SIGABRT</constant> itself (instead of relying <para>If a service of <varname>Type=notify</varname> handles <constant>SIGABRT</constant> itself (instead of relying
on the kernel to write a core dump) it can send <literal>EXTEND_TIMEOUT_USEC=…</literal> to on the kernel to write a core dump) it can send <literal>EXTEND_TIMEOUT_USEC=…</literal> to
extended the abort time beyond <varname>TimeoutAbortSec=</varname>. The first receipt of this message extended the abort time beyond <varname>TimeoutAbortSec=</varname>. The first receipt of this message
must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has exended beyond must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has extended beyond
<varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort, provided <varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>). (see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
@ -650,7 +650,7 @@
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause <para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the runtime to be extended beyond <varname>RuntimeMaxSec=</varname>. The first receipt of this message the runtime to be extended beyond <varname>RuntimeMaxSec=</varname>. The first receipt of this message
must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has exended beyond must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has extended beyond
<varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run, provided <varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see

View File

@ -1,4 +1,4 @@
# Make sure noone can read the files we generate but us # Make sure no one can read the files we generate but us
umask 077 umask 077
# Destroy any old key on the Yubikey (careful!) # Destroy any old key on the Yubikey (careful!)
@ -40,7 +40,7 @@ shred -u plaintext.bin plaintext.base64
rm pubkey.pem rm pubkey.pem
# Test: Let's run systemd-cryptsetup to test if this all worked. The option string should contain the full # Test: Let's run systemd-cryptsetup to test if this all worked. The option string should contain the full
# PKCS#11 URI we have in the clipboard, it tells the tool how to decypher the encrypted LUKS key. # PKCS#11 URI we have in the clipboard, it tells the tool how to decipher the encrypted LUKS key.
sudo systemd-cryptsetup attach mytest /dev/sdXn /etc/encrypted-luks-key.bin 'pkcs11-uri=pkcs11:…' sudo systemd-cryptsetup attach mytest /dev/sdXn /etc/encrypted-luks-key.bin 'pkcs11-uri=pkcs11:…'
# If that worked, let's now add the same line persistently to /etc/crypttab, for the future. # If that worked, let's now add the same line persistently to /etc/crypttab, for the future.

View File

@ -1201,7 +1201,7 @@ static VOID config_entry_parse_tries(
} }
new_factor = factor * 10; new_factor = factor * 10;
if (new_factor < factor) /* overflow chck */ if (new_factor < factor) /* overflow check */
return; return;
factor = new_factor; factor = new_factor;

View File

@ -1061,7 +1061,7 @@ int bus_foreach_bus(
/* Send to all direct buses, unconditionally */ /* Send to all direct buses, unconditionally */
SET_FOREACH(b, m->private_buses, i) { SET_FOREACH(b, m->private_buses, i) {
/* Don't bother with enqueing these messages to clients that haven't started yet */ /* Don't bother with enqueuing these messages to clients that haven't started yet */
if (sd_bus_is_ready(b) <= 0) if (sd_bus_is_ready(b) <= 0)
continue; continue;

View File

@ -2566,7 +2566,7 @@ static bool insist_on_sandboxing(
assert(n_bind_mounts == 0 || bind_mounts); assert(n_bind_mounts == 0 || bind_mounts);
/* Checks whether we need to insist on fs namespacing. i.e. whether we have settings configured that /* Checks whether we need to insist on fs namespacing. i.e. whether we have settings configured that
* would alter the view on the file system beyond making things read-only or invisble, i.e. would * would alter the view on the file system beyond making things read-only or invisible, i.e. would
* rearrange stuff in a way we cannot ignore gracefully. */ * rearrange stuff in a way we cannot ignore gracefully. */
if (context->n_temporary_filesystems > 0) if (context->n_temporary_filesystems > 0)

View File

@ -2860,13 +2860,13 @@ bool unit_job_is_applicable(Unit *u, JobType j) {
case JOB_START: case JOB_START:
case JOB_NOP: case JOB_NOP:
/* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
* startable by us but may appear due to external events, and it thus makes sense to permit enqueing * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
* jobs for it. */ * jobs for it. */
return true; return true;
case JOB_STOP: case JOB_STOP:
/* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
* external events), hence it makes no sense to permit enqueing such a request either. */ * external events), hence it makes no sense to permit enqueuing such a request either. */
return !u->perpetual; return !u->perpetual;
case JOB_RESTART: case JOB_RESTART:

View File

@ -1521,7 +1521,7 @@ static int home_may_change_password(
r = user_record_test_password_change_required(h->record); r = user_record_test_password_change_required(h->record);
if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED)) if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
return 0; /* expired in some form, but chaning is allowed */ return 0; /* expired in some form, but changing is allowed */
if (IN_SET(r, -EKEYREJECTED, -EROFS)) if (IN_SET(r, -EKEYREJECTED, -EROFS))
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name); return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
if (r < 0) if (r < 0)

View File

@ -1038,10 +1038,9 @@ static int home_remove(UserRecord *h) {
if (deleted) if (deleted)
log_info("Everything completed."); log_info("Everything completed.");
else { else
log_notice("Nothing to remove."); return log_notice_errno(SYNTHETIC_ERRNO(EALREADY),
return -EALREADY; "Nothing to remove.");
}
return 0; return 0;
} }

View File

@ -351,7 +351,7 @@ static int help(void) {
" -p --priority=RANGE Show entries with the specified priority\n" " -p --priority=RANGE Show entries with the specified priority\n"
" --facility=FACILITY... Show entries with the specified facilities\n" " --facility=FACILITY... Show entries with the specified facilities\n"
" -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n" " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
" --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n" " --case-sensitive[=BOOL] Force case sensitive or insensitive matching\n"
" -e --pager-end Immediately jump to the end in the pager\n" " -e --pager-end Immediately jump to the end in the pager\n"
" -f --follow Follow the journal\n" " -f --follow Follow the journal\n"
" -n --lines[=INTEGER] Number of journal entries to show\n" " -n --lines[=INTEGER] Number of journal entries to show\n"

View File

@ -141,8 +141,8 @@ int sd_dhcp_lease_get_servers(
return (int) lease->smtp_server_size; return (int) lease->smtp_server_size;
default: default:
log_debug("Uknown DHCP lease info item %d.", what); return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
return -ENXIO; "Unknown DHCP lease info item %d.", what);
} }
} }

View File

@ -1162,8 +1162,8 @@ int sd_dhcp_server_set_servers(
break; break;
default: default:
log_debug("Uknown DHCP lease info item %d.", what); return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
return -ENXIO; "Unknown DHCP lease info item %d.", what);
} }
if (*n_a == n_addresses && if (*n_a == n_addresses &&

View File

@ -106,7 +106,7 @@ _public_ struct udev *udev_unref(struct udev *udev) {
assert(udev->n_ref > 0); assert(udev->n_ref > 0);
udev->n_ref--; udev->n_ref--;
if (udev->n_ref > 0) if (udev->n_ref > 0)
/* This is different from our convetion, but let's keep backward /* This is different from our convention, but let's keep backward
* compatibility. So, do not use DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC() * compatibility. So, do not use DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC()
* macro to define this function. */ * macro to define this function. */
return udev; return udev;

View File

@ -128,7 +128,7 @@ static int link_push_uplink_to_dhcp_server(
break; break;
default: default:
assert_not_reached("Uknown DHCP lease info item"); assert_not_reached("Unknown DHCP lease info item");
} }
char **a; char **a;

View File

@ -51,7 +51,7 @@
* cgrouspv1 crap: kernel, kernelTCP, swapiness, disableOOMKiller, swap, devices, leafWeight * cgrouspv1 crap: kernel, kernelTCP, swapiness, disableOOMKiller, swap, devices, leafWeight
* general: it shouldn't leak lower level abstractions this obviously * general: it shouldn't leak lower level abstractions this obviously
* unmanagable cgroups stuff: realtimeRuntime/realtimePeriod * unmanagable cgroups stuff: realtimeRuntime/realtimePeriod
* needs to say what happense when some option is not specified, i.e. which defautls apply * needs to say what happense when some option is not specified, i.e. which defaults apply
* no architecture? no personality? * no architecture? no personality?
* seccomp example and logic is simply broken: there's no constant "SCMP_ACT_ERRNO". * seccomp example and logic is simply broken: there's no constant "SCMP_ACT_ERRNO".
* spec should say what to do with unknown props * spec should say what to do with unknown props

View File

@ -151,7 +151,7 @@ int bind_remount_recursive_with_mountinfo(
* operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to * operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
* all submounts we can access, too. When mounts are stacked on the same mount point we only care for each * all submounts we can access, too. When mounts are stacked on the same mount point we only care for each
* individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We * individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We
* do not have any effect on future submounts that might get propagated, they migt be writable. This includes * do not have any effect on future submounts that might get propagated, they might be writable. This includes
* future submounts that have been triggered via autofs. * future submounts that have been triggered via autofs.
* *
* If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the * If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the

View File

@ -1334,7 +1334,7 @@ int varlink_invoke(Varlink *v, const char *method, JsonVariant *parameters) {
if (v->state == VARLINK_DISCONNECTED) if (v->state == VARLINK_DISCONNECTED)
return -ENOTCONN; return -ENOTCONN;
/* We allow enqueing multiple method calls at once! */ /* We allow enqueuing multiple method calls at once! */
if (!IN_SET(v->state, VARLINK_IDLE_CLIENT, VARLINK_AWAITING_REPLY)) if (!IN_SET(v->state, VARLINK_IDLE_CLIENT, VARLINK_AWAITING_REPLY))
return -EBUSY; return -EBUSY;

View File

@ -124,7 +124,7 @@ usec_t watchdog_runtime_wait(void) {
if (!timestamp_is_set(watchdog_timeout)) if (!timestamp_is_set(watchdog_timeout))
return USEC_INFINITY; return USEC_INFINITY;
/* Sleep half the watchdog timeout since the last succesful ping at most */ /* Sleep half the watchdog timeout since the last successful ping at most */
if (timestamp_is_set(watchdog_last_ping)) { if (timestamp_is_set(watchdog_last_ping)) {
ntime = now(clock_boottime_or_monotonic()); ntime = now(clock_boottime_or_monotonic());
assert(ntime >= watchdog_last_ping); assert(ntime >= watchdog_last_ping);

View File

@ -30,7 +30,7 @@
_SD_BEGIN_DECLARATIONS; _SD_BEGIN_DECLARATIONS;
/* Neightbor Discovery Options, RFC 4861, Section 4.6 and /* Neighbor Discovery Options, RFC 4861, Section 4.6 and
* https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 */ * https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 */
enum { enum {
SD_NDISC_OPTION_SOURCE_LL_ADDRESS = 1, SD_NDISC_OPTION_SOURCE_LL_ADDRESS = 1,

View File

@ -1058,7 +1058,8 @@ static void verify_one(
r = unit_file_verify_alias(i, alias, &alias2); r = unit_file_verify_alias(i, alias, &alias2);
log_info_errno(r, "alias %s ← %s: %d/%m (expected %d)%s%s%s", log_info_errno(r, "alias %s ← %s: %d/%m (expected %d)%s%s%s",
i->name, alias, r, expected, i->name, alias, r, expected,
alias2 ? " [" : "", alias2 ?: "", alias2 ? "]" : ""); alias2 ? " [" : "", strempty(alias2),
alias2 ? "]" : "");
assert(r == expected); assert(r == expected);
/* This is is test for "instance propagation". This propagation matters mostly for WantedBy= and /* This is is test for "instance propagation". This propagation matters mostly for WantedBy= and

View File

@ -30,7 +30,7 @@ static void test_proc_cmdline_override(void) {
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert_se(putenv((char*) "SYSTEMD_PROC_CMDLINE=foo_bar=quux wuff-piep=tuet zumm some_arg_with_space='foo bar' and_one_more=\"zzz aaa\"") == 0); assert_se(putenv((char*) "SYSTEMD_PROC_CMDLINE=foo_bar=quux wuff-piep=tuet zumm some_arg_with_space='foo bar' and_one_more=\"zzz aaa\"") == 0);
assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=differnt") == 0); assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=different") == 0);
/* First test if the overrides for /proc/cmdline still work */ /* First test if the overrides for /proc/cmdline still work */
_cleanup_free_ char *line = NULL, *value = NULL; _cleanup_free_ char *line = NULL, *value = NULL;

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -e set -e
TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over proccesses with ExecStopPost=" TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over processes with ExecStopPost="
. $TEST_BASE_DIR/test-functions . $TEST_BASE_DIR/test-functions
do_test "$@" 47 do_test "$@" 47

View File

@ -119,13 +119,13 @@ machinectl remove scratch4
! test -f /var/lib/machines/scratch4 ! test -f /var/lib/machines/scratch4
! machinectl image-status scratch4 ! machinectl image-status scratch4
# Test import-tar hypen/stdin pipe behavior # Test import-tar hyphen/stdin pipe behavior
cat /var/tmp/scratch.tar.gz | machinectl import-tar - scratch5 cat /var/tmp/scratch.tar.gz | machinectl import-tar - scratch5
test -d /var/lib/machines/scratch5 test -d /var/lib/machines/scratch5
machinectl image-status scratch5 machinectl image-status scratch5
diff -r /var/tmp/scratch/ /var/lib/machines/scratch5 diff -r /var/tmp/scratch/ /var/lib/machines/scratch5
# Test export-tar hypen/stdout pipe behavior # Test export-tar hyphen/stdout pipe behavior
mkdir -p /var/tmp/extract mkdir -p /var/tmp/extract
machinectl export-tar scratch5 - | tar xvf - -C /var/tmp/extract/ machinectl export-tar scratch5 - | tar xvf - -C /var/tmp/extract/
diff -r /var/tmp/scratch/ /var/tmp/extract/ diff -r /var/tmp/scratch/ /var/tmp/extract/

View File

@ -163,7 +163,7 @@ TEMPLATE = '''\
<refsect1> <refsect1>
<title>D-Bus interfaces</title> <title>D-Bus interfaces</title>
<para>Interaces exposed over D-Bus.</para> <para>Interfaces exposed over D-Bus.</para>
<variablelist id='dbus-interface' /> <variablelist id='dbus-interface' />
</refsect1> </refsect1>

View File

@ -279,7 +279,7 @@ def process(page):
subst_output(xml, pl) subst_output(xml, pl)
out_text = etree.tostring(xml, encoding='unicode') out_text = etree.tostring(xml, encoding='unicode')
# massage format to avoid some lxml whitespace handling idiosyncracies # massage format to avoid some lxml whitespace handling idiosyncrasies
# https://bugs.launchpad.net/lxml/+bug/526799 # https://bugs.launchpad.net/lxml/+bug/526799
out_text = (src[:src.find('<refentryinfo')] + out_text = (src[:src.find('<refentryinfo')] +
out_text[out_text.find('<refentryinfo'):] + out_text[out_text.find('<refentryinfo'):] +

View File

@ -36,7 +36,7 @@ else
FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}" FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
fi fi
# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys # Because we want Fuzzit to run on every pull-request and Travis/Azure doesn't support encrypted keys
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future # on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so" FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"