mirror of
https://github.com/systemd/systemd.git
synced 2025-01-04 09:18:12 +03:00
v257 batch up to b5ea69f5ac
(#35682)
This includes a revert of
2736295ddb
as that was identified as the first commit that introduced the boot
regression https://github.com/systemd/systemd/issues/35499
This commit is contained in:
commit
47eea9ee9f
@ -8,7 +8,7 @@ set -o pipefail
|
|||||||
DISTRO="${DISTRO:-debian}"
|
DISTRO="${DISTRO:-debian}"
|
||||||
RELEASE="${RELEASE:-bookworm}"
|
RELEASE="${RELEASE:-bookworm}"
|
||||||
SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}"
|
SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}"
|
||||||
BRANCH="${BRANCH:-debian/master}"
|
BRANCH="${BRANCH:-ci/v257-stable}"
|
||||||
ARCH="${ARCH:-amd64}"
|
ARCH="${ARCH:-amd64}"
|
||||||
CONTAINER="${RELEASE}-${ARCH}"
|
CONTAINER="${RELEASE}-${ARCH}"
|
||||||
CACHE_DIR=/var/tmp
|
CACHE_DIR=/var/tmp
|
||||||
@ -109,9 +109,6 @@ EOF
|
|||||||
--env DPKG_DEB_COMPRESSOR_TYPE="none" \
|
--env DPKG_DEB_COMPRESSOR_TYPE="none" \
|
||||||
--env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
|
--env DEB_BUILD_PROFILES="pkg.systemd.upstream noudeb nodoc" \
|
||||||
--env TEST_UPSTREAM=1 \
|
--env TEST_UPSTREAM=1 \
|
||||||
--skip-test localed-locale \
|
|
||||||
--skip-test localed-x11-keymap \
|
|
||||||
--skip-test build-with-static-libsystemd \
|
|
||||||
../systemd_*.dsc \
|
../systemd_*.dsc \
|
||||||
-o "$ARTIFACTS_DIR" \
|
-o "$ARTIFACTS_DIR" \
|
||||||
-- lxc -s "$CONTAINER" \
|
-- lxc -s "$CONTAINER" \
|
||||||
|
@ -15,7 +15,7 @@ auto_cancel:
|
|||||||
when: "true"
|
when: "true"
|
||||||
|
|
||||||
execution_time_limit:
|
execution_time_limit:
|
||||||
hours: 1
|
hours: 2
|
||||||
|
|
||||||
blocks:
|
blocks:
|
||||||
- name: "Setup & test"
|
- name: "Setup & test"
|
||||||
|
@ -64,6 +64,10 @@
|
|||||||
override existing definitions. For tests, generators may be called with just one argument; the generator
|
override existing definitions. For tests, generators may be called with just one argument; the generator
|
||||||
should assume that all three paths are the same in that case.</para>
|
should assume that all three paths are the same in that case.</para>
|
||||||
|
|
||||||
|
<para>Generators executed by the system manager are invoked in a sandbox with a private writable
|
||||||
|
<filename>/tmp/</filename> directory and where most of the file system is read-only except for the
|
||||||
|
generator output directories.</para>
|
||||||
|
|
||||||
<para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
|
<para>Directory paths for generator output differ by priority: <filename>…/generator.early</filename> has
|
||||||
priority higher than the admin configuration in <filename>/etc/</filename>, while
|
priority higher than the admin configuration in <filename>/etc/</filename>, while
|
||||||
<filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than
|
<filename>…/generator</filename> has lower priority than <filename>/etc/</filename> but higher than
|
||||||
|
@ -74,7 +74,8 @@ KernelCommandLine=
|
|||||||
oops=panic
|
oops=panic
|
||||||
panic=-1
|
panic=-1
|
||||||
softlockup_panic=1
|
softlockup_panic=1
|
||||||
panic_on_warn=1
|
# Disabled due to BTRFS issue, waiting for the fix to become available
|
||||||
|
panic_on_warn=0
|
||||||
psi=1
|
psi=1
|
||||||
|
|
||||||
KernelModulesInitrdExclude=.*
|
KernelModulesInitrdExclude=.*
|
||||||
|
@ -15,7 +15,7 @@ ToolsTreePackages=
|
|||||||
pkgconfig(libmicrohttpd)
|
pkgconfig(libmicrohttpd)
|
||||||
pkgconfig(mount)
|
pkgconfig(mount)
|
||||||
python3-ruff
|
python3-ruff
|
||||||
tss2-devel
|
tpm2-0-tss-devel
|
||||||
python3-jinja2
|
python3-jinja2
|
||||||
python3-pytest
|
python3-pytest
|
||||||
ShellCheck
|
ShellCheck
|
||||||
|
@ -3,5 +3,5 @@
|
|||||||
[Match]
|
[Match]
|
||||||
Environment=NO_BUILD=1
|
Environment=NO_BUILD=1
|
||||||
|
|
||||||
[Content]
|
[Build]
|
||||||
WithNetwork=yes
|
WithNetwork=yes
|
||||||
|
@ -8,8 +8,8 @@ Distribution=|ubuntu
|
|||||||
Environment=
|
Environment=
|
||||||
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
|
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
|
||||||
GIT_SUBDIR=debian
|
GIT_SUBDIR=debian
|
||||||
GIT_BRANCH=debian/master
|
GIT_BRANCH=ci/v257-stable
|
||||||
GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
|
GIT_COMMIT=20150867b7123aa825e3320227aed642e6cc9a08
|
||||||
PKG_SUBDIR=debian
|
PKG_SUBDIR=debian
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
|
@ -60,6 +60,9 @@ fi
|
|||||||
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
|
# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
|
||||||
sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
|
sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec"
|
||||||
|
|
||||||
|
# TODO: Drop when the opensuse spec uses README.md instead of README.testsuite.
|
||||||
|
sed --in-place 's/README.testsuite/README.md/' "pkg/$PKG_SUBDIR/systemd.spec"
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
IFS=
|
IFS=
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
|
@ -67,7 +67,7 @@ _systemd_analyze() {
|
|||||||
)
|
)
|
||||||
|
|
||||||
local -A VERBS=(
|
local -A VERBS=(
|
||||||
[STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2'
|
[STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2 smbios11'
|
||||||
[CRITICAL_CHAIN]='critical-chain'
|
[CRITICAL_CHAIN]='critical-chain'
|
||||||
[DOT]='dot'
|
[DOT]='dot'
|
||||||
[DUMP]='dump'
|
[DUMP]='dump'
|
||||||
|
@ -577,7 +577,7 @@ static int vt_reset_keyboard(int fd) {
|
|||||||
return RET_NERRNO(ioctl(fd, KDSKBMODE, kb));
|
return RET_NERRNO(ioctl(fd, KDSKBMODE, kb));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int terminal_reset_ioctl(int fd, bool switch_to_text) {
|
int terminal_reset_ioctl(int fd, bool switch_to_text) {
|
||||||
struct termios termios;
|
struct termios termios;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
@ -645,7 +645,7 @@ finish:
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int terminal_reset_ansi_seq(int fd) {
|
int terminal_reset_ansi_seq(int fd) {
|
||||||
int r, k;
|
int r, k;
|
||||||
|
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
@ -675,35 +675,6 @@ static int terminal_reset_ansi_seq(int fd) {
|
|||||||
return k < 0 ? k : r;
|
return k < 0 ? k : r;
|
||||||
}
|
}
|
||||||
|
|
||||||
void reset_dev_console_fd(int fd, bool switch_to_text) {
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(fd >= 0);
|
|
||||||
|
|
||||||
_cleanup_close_ int lock_fd = lock_dev_console();
|
|
||||||
if (lock_fd < 0)
|
|
||||||
log_debug_errno(lock_fd, "Failed to lock /dev/console, ignoring: %m");
|
|
||||||
|
|
||||||
r = terminal_reset_ioctl(fd, switch_to_text);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Failed to reset /dev/console, ignoring: %m");
|
|
||||||
|
|
||||||
unsigned rows, cols;
|
|
||||||
r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
|
|
||||||
else if (r > 0) {
|
|
||||||
r = terminal_set_size_fd(fd, NULL, rows, cols);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Failed to set configured terminal size on /dev/console, ignoring: %m");
|
|
||||||
} else
|
|
||||||
(void) terminal_fix_size(fd, fd);
|
|
||||||
|
|
||||||
r = terminal_reset_ansi_seq(fd);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
|
|
||||||
}
|
|
||||||
|
|
||||||
int lock_dev_console(void) {
|
int lock_dev_console(void) {
|
||||||
_cleanup_close_ int fd = -EBADF;
|
_cleanup_close_ int fd = -EBADF;
|
||||||
int r;
|
int r;
|
||||||
@ -737,7 +708,25 @@ int make_console_stdio(void) {
|
|||||||
return log_error_errno(r, "Failed to make /dev/null stdin/stdout/stderr: %m");
|
return log_error_errno(r, "Failed to make /dev/null stdin/stdout/stderr: %m");
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
reset_dev_console_fd(fd, /* switch_to_text= */ true);
|
unsigned rows, cols;
|
||||||
|
|
||||||
|
r = terminal_reset_ioctl(fd, /* switch_to_text= */ true);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
|
||||||
|
|
||||||
|
r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to get terminal size, ignoring: %m");
|
||||||
|
else if (r > 0) {
|
||||||
|
r = terminal_set_size_fd(fd, NULL, rows, cols);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to set configured terminal size, ignoring: %m");
|
||||||
|
} else
|
||||||
|
(void) terminal_fix_size(fd, fd);
|
||||||
|
|
||||||
|
r = terminal_reset_ansi_seq(fd);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to reset terminal using ANSI sequences, ignoring: %m");
|
||||||
|
|
||||||
r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */
|
r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
@ -39,6 +39,8 @@
|
|||||||
|
|
||||||
bool isatty_safe(int fd);
|
bool isatty_safe(int fd);
|
||||||
|
|
||||||
|
int terminal_reset_ioctl(int fd, bool switch_to_text);
|
||||||
|
int terminal_reset_ansi_seq(int fd);
|
||||||
int terminal_reset_defensive(int fd, bool switch_to_text);
|
int terminal_reset_defensive(int fd, bool switch_to_text);
|
||||||
int terminal_reset_defensive_locked(int fd, bool switch_to_text);
|
int terminal_reset_defensive_locked(int fd, bool switch_to_text);
|
||||||
|
|
||||||
@ -101,7 +103,6 @@ bool tty_is_console(const char *tty) _pure_;
|
|||||||
int vtnr_from_tty(const char *tty);
|
int vtnr_from_tty(const char *tty);
|
||||||
const char* default_term_for_tty(const char *tty);
|
const char* default_term_for_tty(const char *tty);
|
||||||
|
|
||||||
void reset_dev_console_fd(int fd, bool switch_to_text);
|
|
||||||
int lock_dev_console(void);
|
int lock_dev_console(void);
|
||||||
int make_console_stdio(void);
|
int make_console_stdio(void);
|
||||||
|
|
||||||
|
@ -123,14 +123,14 @@ static int run(int argc, char *argv[]) {
|
|||||||
|
|
||||||
log_setup();
|
log_setup();
|
||||||
|
|
||||||
r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
|
|
||||||
if (r < 0)
|
|
||||||
log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
|
|
||||||
|
|
||||||
r = parse_argv(argc, argv);
|
r = parse_argv(argc, argv);
|
||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
r = proc_cmdline_get_bool("systemd.battery_check", PROC_CMDLINE_STRIP_RD_PREFIX|PROC_CMDLINE_TRUE_WHEN_MISSING, &arg_doit);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to parse systemd.battery_check= kernel command line option, ignoring: %m");
|
||||||
|
|
||||||
if (!arg_doit) {
|
if (!arg_doit) {
|
||||||
log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution.");
|
log_info("Checking battery status and AC power existence is disabled by the kernel command line, skipping execution.");
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -131,10 +131,16 @@ static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_e
|
|||||||
assert(message);
|
assert(message);
|
||||||
assert_se(bus = sd_bus_message_get_bus(message));
|
assert_se(bus = sd_bus_message_get_bus(message));
|
||||||
|
|
||||||
if (bus == m->api_bus)
|
if (bus == m->api_bus) {
|
||||||
|
log_notice("Got disconnect on API bus.");
|
||||||
bus_done_api(m);
|
bus_done_api(m);
|
||||||
if (bus == m->system_bus)
|
}
|
||||||
|
if (bus == m->system_bus) {
|
||||||
|
/* If we are the system manager, this is already logged by the API bus. */
|
||||||
|
if (!MANAGER_IS_SYSTEM(m))
|
||||||
|
log_notice("Got disconnect on system bus.");
|
||||||
bus_done_system(m);
|
bus_done_system(m);
|
||||||
|
}
|
||||||
|
|
||||||
if (set_remove(m->private_buses, bus)) {
|
if (set_remove(m->private_buses, bus)) {
|
||||||
log_debug("Got disconnect on private connection.");
|
log_debug("Got disconnect on private connection.");
|
||||||
|
@ -245,18 +245,32 @@ unset:
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int console_setup(void) {
|
static int console_setup(void) {
|
||||||
|
|
||||||
if (getpid_cached() != 1)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
_cleanup_close_ int tty_fd = -EBADF;
|
_cleanup_close_ int tty_fd = -EBADF;
|
||||||
|
unsigned rows, cols;
|
||||||
|
int r;
|
||||||
|
|
||||||
tty_fd = open_terminal("/dev/console", O_RDWR|O_NOCTTY|O_CLOEXEC);
|
tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
|
||||||
if (tty_fd < 0)
|
if (tty_fd < 0)
|
||||||
return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
|
return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
|
||||||
|
|
||||||
/* We don't want to force text mode. Plymouth may be showing pictures already from initrd. */
|
/* We don't want to force text mode. plymouth may be showing
|
||||||
reset_dev_console_fd(tty_fd, /* switch_to_text= */ false);
|
* pictures already from initrd. */
|
||||||
|
r = terminal_reset_ioctl(tty_fd, false);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to reset /dev/console: %m");
|
||||||
|
|
||||||
|
r = proc_cmdline_tty_size("/dev/console", &rows, &cols);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to get /dev/console size, ignoring: %m");
|
||||||
|
else {
|
||||||
|
r = terminal_set_size_fd(tty_fd, NULL, rows, cols);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to set /dev/console size, ignoring: %m");
|
||||||
|
}
|
||||||
|
|
||||||
|
r = terminal_reset_ansi_seq(tty_fd);
|
||||||
|
if (r < 0)
|
||||||
|
log_warning_errno(r, "Failed to reset /dev/console using ANSI sequences, ignoring: %m");
|
||||||
|
|
||||||
save_console_winsize_in_environment(tty_fd);
|
save_console_winsize_in_environment(tty_fd);
|
||||||
|
|
||||||
@ -2977,7 +2991,7 @@ static void setup_console_terminal(bool skip_setup) {
|
|||||||
(void) release_terminal();
|
(void) release_terminal();
|
||||||
|
|
||||||
/* Reset the console, but only if this is really init and we are freshly booted */
|
/* Reset the console, but only if this is really init and we are freshly booted */
|
||||||
if (!skip_setup)
|
if (getpid_cached() == 1 && !skip_setup)
|
||||||
(void) console_setup();
|
(void) console_setup();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,6 +77,9 @@ static void manager_dump_header(Manager *m, FILE *f, const char *prefix) {
|
|||||||
timestamp_is_set(t->realtime) ? FORMAT_TIMESTAMP(t->realtime) :
|
timestamp_is_set(t->realtime) ? FORMAT_TIMESTAMP(t->realtime) :
|
||||||
FORMAT_TIMESPAN(t->monotonic, 1));
|
FORMAT_TIMESPAN(t->monotonic, 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (const char *n = sd_bus_track_first(m->subscribed); n; n = sd_bus_track_next(m->subscribed))
|
||||||
|
fprintf(f, "%sSubscribed: %s\n", strempty(prefix), n);
|
||||||
}
|
}
|
||||||
|
|
||||||
void manager_dump(Manager *m, FILE *f, char **patterns, const char *prefix) {
|
void manager_dump(Manager *m, FILE *f, char **patterns, const char *prefix) {
|
||||||
|
@ -97,16 +97,19 @@ int action_setup_keys(void) {
|
|||||||
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
|
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
|
||||||
state = alloca_safe(state_size);
|
state = alloca_safe(state_size);
|
||||||
|
|
||||||
|
if (!arg_quiet)
|
||||||
log_info("Generating seed...");
|
log_info("Generating seed...");
|
||||||
r = crypto_random_bytes(seed, seed_size);
|
r = crypto_random_bytes(seed, seed_size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to acquire random seed: %m");
|
return log_error_errno(r, "Failed to acquire random seed: %m");
|
||||||
|
|
||||||
|
if (!arg_quiet)
|
||||||
log_info("Generating key pair...");
|
log_info("Generating key pair...");
|
||||||
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
|
r = FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to generate key pair: %m");
|
return log_error_errno(r, "Failed to generate key pair: %m");
|
||||||
|
|
||||||
|
if (!arg_quiet)
|
||||||
log_info("Generating sealing key...");
|
log_info("Generating sealing key...");
|
||||||
r = FSPRG_GenState0(state, mpk, seed, seed_size);
|
r = FSPRG_GenState0(state, mpk, seed, seed_size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -122,7 +125,7 @@ int action_setup_keys(void) {
|
|||||||
|
|
||||||
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
|
r = chattr_secret(fd, CHATTR_WARN_UNSUPPORTED_FLAGS);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING,
|
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || arg_quiet ? LOG_DEBUG : LOG_WARNING,
|
||||||
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
|
r, "Failed to set file attributes on a temporary file for '%s', ignoring: %m", path);
|
||||||
|
|
||||||
struct FSSHeader h = {
|
struct FSSHeader h = {
|
||||||
@ -155,7 +158,7 @@ int action_setup_keys(void) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (!on_tty()) {
|
if (!on_tty() || arg_quiet) {
|
||||||
/* If we are not on a TTY, show only the key. */
|
/* If we are not on a TTY, show only the key. */
|
||||||
puts(key);
|
puts(key);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -407,10 +407,14 @@ int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) {
|
|||||||
int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
|
int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
|
||||||
Session *s;
|
Session *s;
|
||||||
bool idle_hint;
|
bool idle_hint;
|
||||||
dual_timestamp ts = DUAL_TIMESTAMP_NULL;
|
dual_timestamp ts;
|
||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
|
/* Initialize the baseline timestamp with the time the manager got initialized to avoid reporting
|
||||||
|
* unreasonable large idle periods starting with the Unix epoch. */
|
||||||
|
ts = m->init_ts;
|
||||||
|
|
||||||
idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, /* block= */ true, t, false, false, 0, NULL);
|
idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, /* block= */ true, t, false, false, 0, NULL);
|
||||||
|
|
||||||
HASHMAP_FOREACH(s, m->sessions) {
|
HASHMAP_FOREACH(s, m->sessions) {
|
||||||
|
@ -100,6 +100,8 @@ static int manager_new(Manager **ret) {
|
|||||||
|
|
||||||
(void) sd_event_set_watchdog(m->event, true);
|
(void) sd_event_set_watchdog(m->event, true);
|
||||||
|
|
||||||
|
dual_timestamp_now(&m->init_ts);
|
||||||
|
|
||||||
manager_reset_config(m);
|
manager_reset_config(m);
|
||||||
|
|
||||||
*ret = TAKE_PTR(m);
|
*ret = TAKE_PTR(m);
|
||||||
|
@ -145,6 +145,8 @@ struct Manager {
|
|||||||
struct stat efi_loader_entry_one_shot_stat;
|
struct stat efi_loader_entry_one_shot_stat;
|
||||||
|
|
||||||
CalendarSpec *maintenance_time;
|
CalendarSpec *maintenance_time;
|
||||||
|
|
||||||
|
dual_timestamp init_ts;
|
||||||
};
|
};
|
||||||
|
|
||||||
void manager_reset_config(Manager *m);
|
void manager_reset_config(Manager *m);
|
||||||
|
@ -1198,7 +1198,7 @@ static int wireguard_verify(NetDev *netdev, const char *filename) {
|
|||||||
r = wireguard_read_key_file(w->private_key_file, w->private_key);
|
r = wireguard_read_key_file(w->private_key_file, w->private_key);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_netdev_error_errno(netdev, r,
|
return log_netdev_error_errno(netdev, r,
|
||||||
"Failed to read private key from %s. Ignoring network device.",
|
"Failed to read private key from '%s', ignoring network device: %m",
|
||||||
w->private_key_file);
|
w->private_key_file);
|
||||||
|
|
||||||
if (eqzero(w->private_key)) {
|
if (eqzero(w->private_key)) {
|
||||||
|
@ -304,7 +304,7 @@ static int property_get_namespace_nsid(
|
|||||||
* number. */
|
* number. */
|
||||||
|
|
||||||
r = netns_get_nsid(/* netnsfd= */ -EBADF, &nsid);
|
r = netns_get_nsid(/* netnsfd= */ -EBADF, &nsid);
|
||||||
if (r < 0)
|
if (r < 0 && r != -ENODATA)
|
||||||
log_warning_errno(r, "Failed to query network nsid, ignoring: %m");
|
log_warning_errno(r, "Failed to query network nsid, ignoring: %m");
|
||||||
|
|
||||||
return sd_bus_message_append(reply, "u", nsid);
|
return sd_bus_message_append(reply, "u", nsid);
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
#include "resolved-dns-query.h"
|
#include "resolved-dns-query.h"
|
||||||
#include "resolved-dns-synthesize.h"
|
#include "resolved-dns-synthesize.h"
|
||||||
#include "resolved-etc-hosts.h"
|
#include "resolved-etc-hosts.h"
|
||||||
|
#include "resolved-timeouts.h"
|
||||||
#include "string-util.h"
|
#include "string-util.h"
|
||||||
|
|
||||||
#define QUERIES_MAX 2048
|
#define QUERIES_MAX 2048
|
||||||
@ -48,6 +49,8 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
|
|||||||
|
|
||||||
assert(c);
|
assert(c);
|
||||||
|
|
||||||
|
(void) event_source_disable(c->timeout_event_source);
|
||||||
|
|
||||||
/* Detach all the DnsTransactions attached to this query */
|
/* Detach all the DnsTransactions attached to this query */
|
||||||
|
|
||||||
while ((t = set_steal_first(c->transactions))) {
|
while ((t = set_steal_first(c->transactions))) {
|
||||||
@ -62,6 +65,8 @@ static void dns_query_candidate_abandon(DnsQueryCandidate *c) {
|
|||||||
|
|
||||||
assert(c);
|
assert(c);
|
||||||
|
|
||||||
|
(void) event_source_disable(c->timeout_event_source);
|
||||||
|
|
||||||
/* Abandon all the DnsTransactions attached to this query */
|
/* Abandon all the DnsTransactions attached to this query */
|
||||||
|
|
||||||
while ((t = set_steal_first(c->transactions))) {
|
while ((t = set_steal_first(c->transactions))) {
|
||||||
@ -94,6 +99,8 @@ static DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
|
|||||||
if (!c)
|
if (!c)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
|
c->timeout_event_source = sd_event_source_disable_unref(c->timeout_event_source);
|
||||||
|
|
||||||
dns_query_candidate_stop(c);
|
dns_query_candidate_stop(c);
|
||||||
dns_query_candidate_unlink(c);
|
dns_query_candidate_unlink(c);
|
||||||
|
|
||||||
@ -312,6 +319,30 @@ fail:
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c);
|
||||||
|
|
||||||
|
static int on_candidate_timeout(sd_event_source *s, usec_t usec, void *userdata) {
|
||||||
|
DnsQueryCandidate *c = userdata;
|
||||||
|
|
||||||
|
assert(s);
|
||||||
|
assert(c);
|
||||||
|
|
||||||
|
log_debug("Accepting incomplete query candidate after expedited timeout on partial success.");
|
||||||
|
dns_query_accept(c->query, c);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static bool dns_query_candidate_has_partially_succeeded(DnsQueryCandidate *c) {
|
||||||
|
DnsTransaction *t;
|
||||||
|
|
||||||
|
SET_FOREACH(t, c->transactions)
|
||||||
|
if (t->state == DNS_TRANSACTION_SUCCESS)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
void dns_query_candidate_notify(DnsQueryCandidate *c) {
|
void dns_query_candidate_notify(DnsQueryCandidate *c) {
|
||||||
DnsTransactionState state;
|
DnsTransactionState state;
|
||||||
int r;
|
int r;
|
||||||
@ -323,11 +354,24 @@ void dns_query_candidate_notify(DnsQueryCandidate *c) {
|
|||||||
|
|
||||||
state = dns_query_candidate_state(c);
|
state = dns_query_candidate_state(c);
|
||||||
|
|
||||||
if (DNS_TRANSACTION_IS_LIVE(state))
|
if (DNS_TRANSACTION_IS_LIVE(state)) {
|
||||||
|
if (dns_query_candidate_has_partially_succeeded(c))
|
||||||
|
(void) event_reset_time_relative(
|
||||||
|
c->query->manager->event,
|
||||||
|
&c->timeout_event_source,
|
||||||
|
CLOCK_BOOTTIME,
|
||||||
|
CANDIDATE_EXPEDITED_TIMEOUT_USEC, /* accuracy_usec= */ 0,
|
||||||
|
on_candidate_timeout, c,
|
||||||
|
/* priority= */ 0, "candidate-timeout",
|
||||||
|
/* force_reset= */ false);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
|
if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
|
||||||
|
|
||||||
|
(void) event_source_disable(c->timeout_event_source);
|
||||||
|
|
||||||
r = dns_query_candidate_next_search_domain(c);
|
r = dns_query_candidate_next_search_domain(c);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -25,6 +25,7 @@ struct DnsQueryCandidate {
|
|||||||
DnsSearchDomain *search_domain;
|
DnsSearchDomain *search_domain;
|
||||||
|
|
||||||
Set *transactions;
|
Set *transactions;
|
||||||
|
sd_event_source *timeout_event_source;
|
||||||
|
|
||||||
LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
|
LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
|
||||||
LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
|
LIST_FIELDS(DnsQueryCandidate, candidates_by_scope);
|
||||||
|
@ -16,6 +16,7 @@
|
|||||||
#include "resolved-dns-zone.h"
|
#include "resolved-dns-zone.h"
|
||||||
#include "resolved-llmnr.h"
|
#include "resolved-llmnr.h"
|
||||||
#include "resolved-mdns.h"
|
#include "resolved-mdns.h"
|
||||||
|
#include "resolved-timeouts.h"
|
||||||
#include "socket-util.h"
|
#include "socket-util.h"
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
|
|
||||||
|
@ -14,13 +14,10 @@
|
|||||||
#include "resolved-dns-transaction.h"
|
#include "resolved-dns-transaction.h"
|
||||||
#include "resolved-dnstls.h"
|
#include "resolved-dnstls.h"
|
||||||
#include "resolved-llmnr.h"
|
#include "resolved-llmnr.h"
|
||||||
|
#include "resolved-timeouts.h"
|
||||||
#include "string-table.h"
|
#include "string-table.h"
|
||||||
|
|
||||||
#define TRANSACTIONS_MAX 4096
|
#define TRANSACTIONS_MAX 4096
|
||||||
#define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC)
|
|
||||||
|
|
||||||
/* After how much time to repeat classic DNS requests */
|
|
||||||
#define DNS_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
|
|
||||||
|
|
||||||
static void dns_transaction_reset_answer(DnsTransaction *t) {
|
static void dns_transaction_reset_answer(DnsTransaction *t) {
|
||||||
assert(t);
|
assert(t);
|
||||||
@ -1632,13 +1629,10 @@ static usec_t transaction_get_resend_timeout(DnsTransaction *t) {
|
|||||||
|
|
||||||
case DNS_PROTOCOL_DNS:
|
case DNS_PROTOCOL_DNS:
|
||||||
|
|
||||||
/* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
|
|
||||||
* resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
|
|
||||||
* needlessly. */
|
|
||||||
if (t->stream)
|
if (t->stream)
|
||||||
return TRANSACTION_TCP_TIMEOUT_USEC;
|
return TRANSACTION_TCP_TIMEOUT_USEC;
|
||||||
|
|
||||||
return DNS_TIMEOUT_USEC;
|
return TRANSACTION_UDP_TIMEOUT_USEC;
|
||||||
|
|
||||||
case DNS_PROTOCOL_MDNS:
|
case DNS_PROTOCOL_MDNS:
|
||||||
if (t->probing)
|
if (t->probing)
|
||||||
|
@ -203,24 +203,3 @@ DnsTransactionState dns_transaction_state_from_string(const char *s) _pure_;
|
|||||||
|
|
||||||
const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
|
const char* dns_transaction_source_to_string(DnsTransactionSource p) _const_;
|
||||||
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
|
DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
|
||||||
|
|
||||||
/* LLMNR Jitter interval, see RFC 4795 Section 7 */
|
|
||||||
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
|
|
||||||
|
|
||||||
/* mDNS probing interval, see RFC 6762 Section 8.1 */
|
|
||||||
#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
|
|
||||||
|
|
||||||
/* Maximum attempts to send DNS requests, across all DNS servers */
|
|
||||||
#define DNS_TRANSACTION_ATTEMPTS_MAX 24
|
|
||||||
|
|
||||||
/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
|
|
||||||
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
|
|
||||||
|
|
||||||
/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
|
|
||||||
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
|
|
||||||
|
|
||||||
#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? \
|
|
||||||
LLMNR_TRANSACTION_ATTEMPTS_MAX : \
|
|
||||||
(p) == DNS_PROTOCOL_MDNS ? \
|
|
||||||
MDNS_TRANSACTION_ATTEMPTS_MAX : \
|
|
||||||
DNS_TRANSACTION_ATTEMPTS_MAX)
|
|
||||||
|
39
src/resolve/resolved-timeouts.h
Normal file
39
src/resolve/resolved-timeouts.h
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "time-util.h"
|
||||||
|
#include "resolved-def.h"
|
||||||
|
|
||||||
|
/* LLMNR Jitter interval, see RFC 4795 Section 7 */
|
||||||
|
#define LLMNR_JITTER_INTERVAL_USEC (100 * USEC_PER_MSEC)
|
||||||
|
|
||||||
|
/* mDNS probing interval, see RFC 6762 Section 8.1 */
|
||||||
|
#define MDNS_PROBING_INTERVAL_USEC (250 * USEC_PER_MSEC)
|
||||||
|
|
||||||
|
/* Maximum attempts to send DNS requests, across all DNS servers */
|
||||||
|
#define DNS_TRANSACTION_ATTEMPTS_MAX 24
|
||||||
|
|
||||||
|
/* Maximum attempts to send LLMNR requests, see RFC 4795 Section 2.7 */
|
||||||
|
#define LLMNR_TRANSACTION_ATTEMPTS_MAX 3
|
||||||
|
|
||||||
|
/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
|
||||||
|
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
|
||||||
|
|
||||||
|
#define TRANSACTION_ATTEMPTS_MAX(p) (\
|
||||||
|
(p) == DNS_PROTOCOL_LLMNR ? \
|
||||||
|
LLMNR_TRANSACTION_ATTEMPTS_MAX : \
|
||||||
|
(p) == DNS_PROTOCOL_MDNS ? \
|
||||||
|
MDNS_TRANSACTION_ATTEMPTS_MAX : \
|
||||||
|
DNS_TRANSACTION_ATTEMPTS_MAX)
|
||||||
|
|
||||||
|
/* After how much time to repeat classic DNS requests */
|
||||||
|
#define TRANSACTION_UDP_TIMEOUT_USEC (SD_RESOLVED_QUERY_TIMEOUT_USEC / DNS_TRANSACTION_ATTEMPTS_MAX)
|
||||||
|
|
||||||
|
/* When we do TCP, grant a much longer timeout, as in this case there's no need for us to quickly
|
||||||
|
* resend, as the kernel does that anyway for us, and we really don't want to interrupt it in that
|
||||||
|
* needlessly. */
|
||||||
|
#define TRANSACTION_TCP_TIMEOUT_USEC (10 * USEC_PER_SEC)
|
||||||
|
|
||||||
|
/* Should be longer than transaction timeout for a single UDP transaction, so we get at least
|
||||||
|
* one transaction retry before timeouting the whole candidate */
|
||||||
|
#define CANDIDATE_EXPEDITED_TIMEOUT_USEC (TRANSACTION_UDP_TIMEOUT_USEC + 1 * USEC_PER_SEC)
|
@ -18,12 +18,8 @@ int ask_password_agent_open(void) {
|
|||||||
if (agent_pid > 0)
|
if (agent_pid > 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* We check STDIN here, not STDOUT, since this is about input, not output */
|
/* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
|
||||||
if (!isatty_safe(STDIN_FILENO))
|
* interactively on a terminal, hence fail. */
|
||||||
return 0;
|
|
||||||
|
|
||||||
/* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
|
|
||||||
* interactively on a terminal, hence fail */
|
|
||||||
r = get_ctty_devnr(0, NULL);
|
r = get_ctty_devnr(0, NULL);
|
||||||
if (r == -ENXIO)
|
if (r == -ENXIO)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -544,7 +544,6 @@ int fexecve_or_execve(int executable_fd, const char *executable, char *const arg
|
|||||||
}
|
}
|
||||||
|
|
||||||
int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
|
int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
|
||||||
bool stdout_is_tty, stderr_is_tty;
|
|
||||||
size_t n, i;
|
size_t n, i;
|
||||||
va_list ap;
|
va_list ap;
|
||||||
char **l;
|
char **l;
|
||||||
@ -567,17 +566,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
|
|||||||
|
|
||||||
/* In the child: */
|
/* In the child: */
|
||||||
|
|
||||||
stdout_is_tty = isatty_safe(STDOUT_FILENO);
|
bool stdin_is_tty = isatty_safe(STDIN_FILENO),
|
||||||
|
stdout_is_tty = isatty_safe(STDOUT_FILENO),
|
||||||
stderr_is_tty = isatty_safe(STDERR_FILENO);
|
stderr_is_tty = isatty_safe(STDERR_FILENO);
|
||||||
|
|
||||||
if (!stdout_is_tty || !stderr_is_tty) {
|
if (!stdin_is_tty || !stdout_is_tty || !stderr_is_tty) {
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
/* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that
|
/* Detach from stdin/stdout/stderr and reopen /dev/tty for them. This is important to ensure
|
||||||
* when systemctl is started via popen() or a similar call that expects to read EOF we
|
* that when systemctl is started via popen() or a similar call that expects to read EOF we
|
||||||
* actually do generate EOF and not delay this indefinitely by keeping an unused copy of
|
* actually do generate EOF and not delay this indefinitely by keeping an unused copy of
|
||||||
* stdin around. */
|
* stdin around. */
|
||||||
fd = open("/dev/tty", O_WRONLY);
|
fd = open("/dev/tty", stdin_is_tty ? O_WRONLY : (stdout_is_tty && stderr_is_tty) ? O_RDONLY : O_RDWR);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
if (errno != ENXIO) {
|
if (errno != ENXIO) {
|
||||||
log_error_errno(errno, "Failed to open /dev/tty: %m");
|
log_error_errno(errno, "Failed to open /dev/tty: %m");
|
||||||
@ -588,13 +588,18 @@ int _fork_agent(const char *name, const int except[], size_t n_except, pid_t *re
|
|||||||
* connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
|
* connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
|
||||||
* skip the forking of the agents, given the TTY setup is not in order. */
|
* skip the forking of the agents, given the TTY setup is not in order. */
|
||||||
} else {
|
} else {
|
||||||
|
if (!stdin_is_tty && dup2(fd, STDIN_FILENO) < 0) {
|
||||||
|
log_error_errno(errno, "Failed to dup2 /dev/tty to STDIN: %m");
|
||||||
|
_exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
|
if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
|
||||||
log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
|
log_error_errno(errno, "Failed to dup2 /dev/tty to STDOUT: %m");
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
|
if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
|
||||||
log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
|
log_error_errno(errno, "Failed to dup2 /dev/tty to STDERR: %m");
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -31,12 +31,8 @@ int polkit_agent_open(void) {
|
|||||||
if (geteuid() == 0)
|
if (geteuid() == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* We check STDIN here, not STDOUT, since this is about input, not output */
|
/* Check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
|
||||||
if (!isatty_safe(STDIN_FILENO))
|
* interactively on a terminal, hence fail. */
|
||||||
return 0;
|
|
||||||
|
|
||||||
/* Also check if we have a controlling terminal. If not (ENXIO here), we aren't actually invoked
|
|
||||||
* interactively on a terminal, hence fail */
|
|
||||||
r = get_ctty_devnr(0, NULL);
|
r = get_ctty_devnr(0, NULL);
|
||||||
if (r == -ENXIO)
|
if (r == -ENXIO)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -475,7 +475,7 @@ int netns_get_nsid(int netnsfd, uint32_t *ret) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (u == UINT32_MAX) /* no NSID assigned yet */
|
if (u == (uint32_t) NETNSA_NSID_NOT_ASSIGNED) /* no NSID assigned yet */
|
||||||
return -ENODATA;
|
return -ENODATA;
|
||||||
|
|
||||||
if (ret)
|
if (ret)
|
||||||
|
@ -4015,6 +4015,9 @@ int tpm2_policy_pcr(
|
|||||||
ESYS_TR_NONE,
|
ESYS_TR_NONE,
|
||||||
NULL,
|
NULL,
|
||||||
pcr_selection);
|
pcr_selection);
|
||||||
|
if (rc == TPM2_RC_PCR_CHANGED)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
|
||||||
|
"Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
|
||||||
if (rc != TSS2_RC_SUCCESS)
|
if (rc != TSS2_RC_SUCCESS)
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
|
||||||
"Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
|
"Failed to add PCR policy to TPM: %s", sym_Tss2_RC_Decode(rc));
|
||||||
@ -5810,6 +5813,11 @@ int tpm2_unseal(Tpm2Context *c,
|
|||||||
!!pin,
|
!!pin,
|
||||||
(shard == 1 || !iovec_is_set(pubkey)) ? pcrlock_policy : NULL,
|
(shard == 1 || !iovec_is_set(pubkey)) ? pcrlock_policy : NULL,
|
||||||
&policy_digest);
|
&policy_digest);
|
||||||
|
if (r == -EUCLEAN && i > 0) {
|
||||||
|
log_debug("A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (%u tries left).", i);
|
||||||
|
retry = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -349,8 +349,8 @@ int verb_edit(int argc, char *argv[], void *userdata) {
|
|||||||
|
|
||||||
STRV_FOREACH(tmp, names) {
|
STRV_FOREACH(tmp, names) {
|
||||||
r = unit_is_masked(bus, *tmp);
|
r = unit_is_masked(bus, *tmp);
|
||||||
if (r < 0)
|
if (r < 0 && r != -ENOENT)
|
||||||
return r;
|
return log_error_errno(r, "Failed to check if unit %s is masked: %m", *tmp);
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit %s: unit is masked.", *tmp);
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot edit %s: unit is masked.", *tmp);
|
||||||
}
|
}
|
||||||
|
@ -224,15 +224,11 @@ static int run(int argc, char *argv[]) {
|
|||||||
dissected = dissected_image_unref(dissected);
|
dissected = dissected_image_unref(dissected);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0) {
|
if (geteuid() != 0 || have_effective_cap(CAP_SYS_ADMIN) <= 0)
|
||||||
log_tests_skipped("not running privileged");
|
return log_tests_skipped("not running privileged");
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (detect_container() > 0) {
|
if (detect_container() > 0)
|
||||||
log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
|
return log_tests_skipped("Test not supported in a container, requires udev/uevent notifications");
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);
|
assert_se(loop_device_make(fd, O_RDWR, 0, UINT64_MAX, 0, LO_FLAGS_PARTSCAN, LOCK_EX, &loop) >= 0);
|
||||||
|
|
||||||
|
@ -393,27 +393,31 @@ TEST(format_timestamp) {
|
|||||||
static void test_format_timestamp_impl(usec_t x) {
|
static void test_format_timestamp_impl(usec_t x) {
|
||||||
bool success, override;
|
bool success, override;
|
||||||
const char *xx, *yy;
|
const char *xx, *yy;
|
||||||
usec_t y;
|
usec_t y, x_sec, y_sec;
|
||||||
|
|
||||||
xx = FORMAT_TIMESTAMP(x);
|
xx = FORMAT_TIMESTAMP(x);
|
||||||
assert_se(xx);
|
ASSERT_NOT_NULL(xx);
|
||||||
assert_se(parse_timestamp(xx, &y) >= 0);
|
ASSERT_OK(parse_timestamp(xx, &y));
|
||||||
yy = FORMAT_TIMESTAMP(y);
|
yy = FORMAT_TIMESTAMP(y);
|
||||||
assert_se(yy);
|
ASSERT_NOT_NULL(yy);
|
||||||
|
|
||||||
success = (x / USEC_PER_SEC == y / USEC_PER_SEC) && streq(xx, yy);
|
x_sec = x / USEC_PER_SEC;
|
||||||
|
y_sec = y / USEC_PER_SEC;
|
||||||
|
success = (x_sec == y_sec) && streq(xx, yy);
|
||||||
/* Workaround for https://github.com/systemd/systemd/issues/28472
|
/* Workaround for https://github.com/systemd/systemd/issues/28472
|
||||||
* and https://github.com/systemd/systemd/pull/35471. */
|
* and https://github.com/systemd/systemd/pull/35471. */
|
||||||
override = !success &&
|
override = !success &&
|
||||||
(STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") ||
|
(STRPTR_IN_SET(tzname[0], "CAT", "EAT", "WET") ||
|
||||||
STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) &&
|
STRPTR_IN_SET(tzname[1], "CAT", "EAT", "WET")) &&
|
||||||
DIV_ROUND_UP(x > y ? x - y : y - x, USEC_PER_SEC) == 3600; /* 1 hour, ignore fractional second */
|
(x_sec > y_sec ? x_sec - y_sec : y_sec - x_sec) == 3600; /* 1 hour, ignore fractional second */
|
||||||
log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR,
|
log_full(success ? LOG_DEBUG : override ? LOG_WARNING : LOG_ERR,
|
||||||
"@" USEC_FMT " → %s → @" USEC_FMT " → %s%s",
|
"@" USEC_FMT " → %s → @" USEC_FMT " → %s%s",
|
||||||
x, xx, y, yy,
|
x, xx, y, yy,
|
||||||
override ? ", ignoring." : "");
|
override ? ", ignoring." : "");
|
||||||
if (!override) {
|
if (!override) {
|
||||||
assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC);
|
if (!success)
|
||||||
|
log_warning("tzname[0]=\"%s\", tzname[1]=\"%s\"", tzname[0], tzname[1]);
|
||||||
|
ASSERT_EQ(x_sec, y_sec);
|
||||||
ASSERT_STREQ(xx, yy);
|
ASSERT_STREQ(xx, yy);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3684,7 +3684,7 @@ static int parse_line(
|
|||||||
else {
|
else {
|
||||||
*invalid_config = true;
|
*invalid_config = true;
|
||||||
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
|
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
|
||||||
"Unknown modifiers in command '%s'.", action);
|
"Unknown modifiers in command: %s", action);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (boot && !arg_boot) {
|
if (boot && !arg_boot) {
|
||||||
|
@ -264,7 +264,7 @@ class UkifyConfig:
|
|||||||
sbat: Optional[list[str]]
|
sbat: Optional[list[str]]
|
||||||
sections: list['Section']
|
sections: list['Section']
|
||||||
sections_by_name: dict[str, 'Section']
|
sections_by_name: dict[str, 'Section']
|
||||||
sign_kernel: bool
|
sign_kernel: Optional[bool]
|
||||||
signing_engine: Optional[str]
|
signing_engine: Optional[str]
|
||||||
signing_provider: Optional[str]
|
signing_provider: Optional[str]
|
||||||
certificate_provider: Optional[str]
|
certificate_provider: Optional[str]
|
||||||
@ -1108,7 +1108,7 @@ def make_uki(opts: UkifyConfig) -> None:
|
|||||||
assert opts.signtool is not None
|
assert opts.signtool is not None
|
||||||
signtool = SignTool.from_string(opts.signtool)
|
signtool = SignTool.from_string(opts.signtool)
|
||||||
|
|
||||||
if not sign_kernel:
|
if sign_kernel is None:
|
||||||
# figure out if we should sign the kernel
|
# figure out if we should sign the kernel
|
||||||
sign_kernel = signtool.verify(opts)
|
sign_kernel = signtool.verify(opts)
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@ To make sure `mkosi` doesn't try to build systemd from source during the image b
|
|||||||
process, you can add the following to `mkosi.local.conf`:
|
process, you can add the following to `mkosi.local.conf`:
|
||||||
|
|
||||||
```
|
```
|
||||||
[Content]
|
[Build]
|
||||||
Environment=NO_BUILD=1
|
Environment=NO_BUILD=1
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -10,8 +10,10 @@ if ! journalctl --version | grep -qF +GCRYPT; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
journalctl --force --setup-keys --interval=2 |& tee /tmp/fss
|
# without --quiet, should be effectively equivalent to the below, as we are not on tty
|
||||||
FSS_VKEY="$(sed -rn '/([a-f0-9]{6}\-){3}[a-f0-9]{6}\/[a-f0-9]+\-[a-f0-9]+/p' /tmp/fss)"
|
journalctl --force --setup-keys --interval=2
|
||||||
|
|
||||||
|
FSS_VKEY=$(journalctl --force --setup-keys --interval=2 --quiet)
|
||||||
[[ -n "$FSS_VKEY" ]]
|
[[ -n "$FSS_VKEY" ]]
|
||||||
|
|
||||||
# Generate some buzz in the journal and wait until the FSS key is changed
|
# Generate some buzz in the journal and wait until the FSS key is changed
|
||||||
|
@ -21,6 +21,7 @@ at_exit() {
|
|||||||
# the 'revert' verb as well
|
# the 'revert' verb as well
|
||||||
export UNIT_NAME="systemctl-test-$RANDOM.service"
|
export UNIT_NAME="systemctl-test-$RANDOM.service"
|
||||||
export UNIT_NAME2="systemctl-test-$RANDOM.service"
|
export UNIT_NAME2="systemctl-test-$RANDOM.service"
|
||||||
|
export UNIT_NAME_TEMPLATE="systemctl-test-${RANDOM}@.service"
|
||||||
|
|
||||||
cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF
|
cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF
|
||||||
[Unit]
|
[Unit]
|
||||||
@ -65,6 +66,16 @@ EOF
|
|||||||
printf '%s\n' '[Unit]' 'Description=spectacular' '# this comment should remain' | \
|
printf '%s\n' '[Unit]' 'Description=spectacular' '# this comment should remain' | \
|
||||||
cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
|
cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
|
||||||
|
|
||||||
|
# Edit nonexistent template unit, see issue #35632.
|
||||||
|
systemctl edit "$UNIT_NAME_TEMPLATE" --stdin --runtime --force --full <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=template unit test
|
||||||
|
# this comment should remain
|
||||||
|
|
||||||
|
EOF
|
||||||
|
printf '%s\n' '[Unit]' 'Description=template unit test' '# this comment should remain' | \
|
||||||
|
cmp - "/run/systemd/system/$UNIT_NAME_TEMPLATE"
|
||||||
|
|
||||||
# Test simultaneous editing of two units and creation of drop-in for a nonexistent unit
|
# Test simultaneous editing of two units and creation of drop-in for a nonexistent unit
|
||||||
systemctl edit "$UNIT_NAME" "$UNIT_NAME2" --stdin --force --drop-in=override2.conf <<<'[X-Section]'
|
systemctl edit "$UNIT_NAME" "$UNIT_NAME2" --stdin --force --drop-in=override2.conf <<<'[X-Section]'
|
||||||
printf '%s\n' '[X-Section]' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
|
printf '%s\n' '[X-Section]' | cmp - "/etc/systemd/system/$UNIT_NAME.d/override2.conf"
|
||||||
|
@ -639,7 +639,7 @@ EOF
|
|||||||
|
|
||||||
journalctl --sync
|
journalctl --sync
|
||||||
assert_eq "$(journalctl -b -u systemd-logind.service --since="$ts" --grep "Session \"$id\" of user \"logind-test-user\" is idle, stopping." | wc -l)" 1
|
assert_eq "$(journalctl -b -u systemd-logind.service --since="$ts" --grep "Session \"$id\" of user \"logind-test-user\" is idle, stopping." | wc -l)" 1
|
||||||
assert_eq "$(loginctl --no-legend | grep -v manager | grep -c "logind-test-user")" 0
|
assert_eq "$(loginctl --no-legend | grep -v manager | grep tty | grep -c "logind-test-user")" 0
|
||||||
}
|
}
|
||||||
|
|
||||||
testcase_ambient_caps() {
|
testcase_ambient_caps() {
|
||||||
|
@ -13,7 +13,7 @@ def main():
|
|||||||
with open("/usr/lib/os-release") as f:
|
with open("/usr/lib/os-release") as f:
|
||||||
for line in f:
|
for line in f:
|
||||||
if line.startswith("ID="):
|
if line.startswith("ID="):
|
||||||
if "debian" in line:
|
if "debian" in line or "ubuntu" in line:
|
||||||
sys.exit(77)
|
sys.exit(77)
|
||||||
|
|
||||||
logger = logging.getLogger("test-shutdown")
|
logger = logging.getLogger("test-shutdown")
|
||||||
|
@ -26,7 +26,7 @@ NoNewPrivileges=yes
|
|||||||
OOMScoreAdjust=500
|
OOMScoreAdjust=500
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateNetwork=yes
|
PrivateNetwork=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=disconnected
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectHome=read-only
|
ProtectHome=read-only
|
||||||
ProtectHostname=yes
|
ProtectHostname=yes
|
||||||
|
@ -37,7 +37,7 @@ MemoryLow=64M
|
|||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
OOMScoreAdjust=-900
|
OOMScoreAdjust=-900
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=disconnected
|
||||||
ProtectClock=yes
|
ProtectClock=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
ProtectHostname=yes
|
ProtectHostname=yes
|
||||||
|
@ -29,7 +29,7 @@ LockPersonality=yes
|
|||||||
MemoryDenyWriteExecute=yes
|
MemoryDenyWriteExecute=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=disconnected
|
||||||
ProtectClock=yes
|
ProtectClock=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
|
@ -31,7 +31,7 @@ LockPersonality=yes
|
|||||||
MemoryDenyWriteExecute=yes
|
MemoryDenyWriteExecute=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=disconnected
|
||||||
ProtectProc=invisible
|
ProtectProc=invisible
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
|
Loading…
Reference in New Issue
Block a user