1
0
mirror of https://github.com/systemd/systemd.git synced 2025-03-14 04:58:28 +03:00

78272 Commits

Author SHA1 Message Date
Luca Boccassi
5ce1c02abc meson: bump version to 257.4 v257.4 2025-03-06 14:38:30 +00:00
Daan De Meyer
4c18caaa75 test: Connect test unit to console when running interactively
When running interactively, let's connect the test unit directly
to the console. This enables adding "bash" anywhere within an
integration test to get a shell within the test environment.

(cherry picked from commit fe7413d1955bbf0f8fe869543c423025a22a4671)
2025-03-04 21:28:53 +00:00
Daan De Meyer
b629b7100e test: Disable status messages when we start running a test
As soon as we start running a test, we want pid 1 to stop showing
status messages so let's tell pid 1 to stop showing status messages.

(cherry picked from commit 070de658a9f2bf48d26035ddbe861f79dfff2be4)
2025-03-04 21:28:53 +00:00
Daan De Meyer
3e474451a8 test: Move getty-pre.target logic into integration-test-wrapper.py
Also pull in getty-pre.target via Wants= so it actually gets pulled
into the transaction.

(cherry picked from commit 854a8c21d00e070bffd0c754812b29c5a4acd324)
2025-03-04 21:28:53 +00:00
Daan De Meyer
829af7b1e0 test: Check stdin for interactivity, not stderr
(cherry picked from commit c9a50ebd8f2142808fca45dc2acff8ddc391cf7e)
2025-03-04 21:28:53 +00:00
Daan De Meyer
edfb2eb497 network: Use RTNH_COMPARE_MASK in route_can_update() (#36585)
Let's only compare flags that can be set by userspace and not all flags.

Fixes a bug introduced by 7027cdbd79c26d5a8890759a37d70165c8aeb214 (v256).
Fixes #36544

(cherry picked from commit 9fd25fd3ce4012e737688f0f1f3400c3e21c99f7)
2025-03-04 21:28:53 +00:00
Lennart Poettering
11da52785c dns-stream: only read DNS packet data if we identified the peer properly
If we use TCP fastopen to connect to a DNS server via TCP, and it
responds really quickly between our connection attempt and our immediate
check back, then we have not identified the peer yet, and will not be
able to use the peer metadata to fill in our packet info.

Let's fix that, and simply not read from the socket until identification
is complete.

Fixes: #34956
(cherry picked from commit facc9439a76b4c3a5c273c71bd7a676e4c74778c)
2025-03-04 21:28:53 +00:00
Lennart Poettering
961e351061 resolved: pick up new DNSSEC KSC from 2024
Import thew new key from https://data.iana.org/root-anchors/root-anchors.xml.

The old one remains valid, as per provided data.

Fixes: #36260
(cherry picked from commit 8113361e82eea2741290f7117034d356acb3ab4d)
2025-03-04 21:28:53 +00:00
Yu Watanabe
244790adfa hwdb-util: drop unused value assignment
The values assigned to 'r' were never used, and overwritten by the next
call of read_line_full().

Fixes CID#1548043 and CID#1548064.

(cherry picked from commit 00575cfd696a2a335decb66580727fafd3c152aa)
2025-03-04 21:28:53 +00:00
Yu Watanabe
73986494b6 pe-binary: fix array overrun
This is a kind of paranoia, as memeqzero() does not read anyting if
length is zero. But, strictly speaking C language does not allow such,
and Coverity warn about that.

Fixes CID#1561177.

(cherry picked from commit 6529ab0b066c93a6b8a8bf24b999d67e67a261f5)
2025-03-04 21:28:53 +00:00
Yu Watanabe
2e742418e5 pe-binary: trivial coding style fixlets
(cherry picked from commit 2bf5d698d641afb1cec0b9ffb397722622afa8ea)
2025-03-04 21:28:53 +00:00
Yu Watanabe
3ba2ed7e03 generator: insert parentheses to make the code clearer
Silence CID#1563781.

(cherry picked from commit 3428c4b818fcd303997deb0dbcaf7cea60942bcf)
2025-03-04 21:28:53 +00:00
Yu Watanabe
dce29c0c5f async: voidify call of fsync()
Fixes CID#1564787.

(cherry picked from commit b0e5cde687dacf885e4000da804ddcd900a83152)
2025-03-04 21:28:53 +00:00
Michal Koutný
f45b42ea5d TEST-13-NSPAWN.nss-mymachines: Use negative matching switch
The test expects _not_ to find the patterns but the run_and_grep would
still print 'FAIL:' message. Use the dedicated -n option that inverts
the semantics cleaner than shell's !.

(cherry picked from commit c4b75966075e01d39556a87caa778eb63d96d6f6)
2025-03-04 21:28:53 +00:00
Jörg Behrmann
9a389ae535 tests: remove cache=unsafe from TEST-64-UDEV-STORAGE
mkosi switch to the newer -blockdev qemu option in systemd/mkosi#3557 [1], but
cache=unsafe is an option only -drive supports.

Since the qemu-system_x86-64 man page [2] says this, cache.writeback=on is the
default and mkosi setting the other two options to the values corresponding to
unsafe, it should be fine to drop the cache=unsafe option.

┌─────────────┬─────────────────┬──────────────┬────────────────┐
│             │ cache.writeback │ cache.direct │ cache.no-flush │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│writeback    │ on              │ off          │ off            │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│none         │ on              │ on           │ off            │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│writethrough │ off             │ off          │ off            │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│directsync   │ off             │ on           │ off            │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│unsafe       │ on              │ off          │ on             │
└─────────────┴─────────────────┴──────────────┴────────────────┘

[1] https://github.com/systemd/mkosi/pull/3557
[2] https://manpages.ubuntu.com/manpages/noble/en/man1/qemu-system-x86_64.1.html

(cherry picked from commit 759fdb3a35f96906de471b2c6c2bc2864dc25564)
2025-03-04 21:28:53 +00:00
Lennart Poettering
a2abc3b8ec sd-id128: gracefully handle systems where kernel keyring access is blocked
In various scenarios we invoke containers with access to the kernel
keyring blocked. Let's make sure we can handle this properly: when the
invocation ID is stored in in the kernel keyring and we try to read it
and get EPERM we should handle it gracefully, like EOPNOTSUPP.

(cherry picked from commit f2e38b01e052ebd50eaf98763bd9709e880c0a75)
2025-03-04 21:28:53 +00:00
Jörg Behrmann
59f2d9b2cc vmspawn: switch from -drive to -blockdev option
(cherry picked from commit 369655330d57a82b6f346a77798968f135221c99)
2025-03-04 21:28:53 +00:00
dependabot[bot]
f7b5e94a1a build(deps): bump github/codeql-action from 3.27.5 to 3.28.10
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.5 to 3.28.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f09c1c0a94...b56ba49b26)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit a60cb5c4251a984423a68e35d9202ca758018030)
2025-03-04 21:28:53 +00:00
dependabot[bot]
e7642ae3f7 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.4.0 to 5.5.3.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](cc6721c45a...dd551ce780)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit c736862058018859a5e3d4f827d2df8b49fb85e5)
2025-03-04 21:28:53 +00:00
Yu Watanabe
ee7e9ac11c tmpfiles: fix output value assignment
Fixes a bug in 7eeda1da90c79ba420a6d82c1d9589b23048d79f (v256).

(cherry picked from commit 914d1ec171eb0e27ced472aed2d05eae19b265da)
2025-03-04 21:28:53 +00:00
Yu Watanabe
349012c493 recurse-dir: fix wrong assertion and error code in log
Fixes a bug in b5a07e524e42d2594174ca1a5b72aa4fdb9af94c (v250).

(cherry picked from commit 91421f8379b66316f937d56c60c2e782b7a79eca)
2025-03-04 21:28:53 +00:00
Dan McGregor
4cdaff292c machine-id-setup: bhyve also provides a uuid
When using UEFI with bhyve it behaves similarly to qemu, and provides
a product_uuid. Use it if found, just like with qemu.

(cherry picked from commit 113c159ba9c4e8052ae162e12faba28b102a90d0)
2025-03-04 21:28:53 +00:00
Daan De Meyer
5998f1dc19 test: Do not add integration tests if want_tests == 'false'
(cherry picked from commit 890e1ad3183458aa0337e4e6a1a9afa26d706e36)
2025-03-04 15:45:13 +01:00
Martin Wilck
f2054b8aee libfido2-util: accept cached pin in fido2_generate_hmac_hash()
fido2_generate_hmac_hash() sets req->keyring to "fido2-pin" when
calling ask_password_auto(), suggesting that a key by this name
can be read from the kernel keyring. But the keyring is never
opened because the ASK_PASSWORD_ACCEPT_CACHED flag is not set.

Set ASK_PASSWORD_ACCEPT_CACHED to allow automated / scripted
setup of encrypted volumes with FIDO2. If the PIN turns out to
be invalid, clear ASK_PASSWORD_ACCEPT_CACHED to avoid retrying
and possible lockout.

(cherry picked from commit 505c2f21377019c058de16aa9e2d8db005e97e6f)
2025-03-04 15:45:13 +01:00
Daan De Meyer
559d6b3165 sbsign: Fix wrong variable being passed to log_error_errno()
(cherry picked from commit ba6a904442bd6b6e0fad9910fb5e69c44bddfa47)
2025-03-04 15:45:13 +01:00
Daan De Meyer
6a4934ed59 exec-invoke: Fix invalid use of error variable
Follow up for 406f1775017a5631bc91a1f53ac5e50f4fbfac0c

(cherry picked from commit f215835cb88fd18fca68561b8ff1149632939e94)
2025-03-04 15:45:13 +01:00
Daan De Meyer
014b7f987f exec-invoke: Fix unshare() error handling
Follow up for cd58b5a13537fc89b669ff9232ba2206214c9fa1

(cherry picked from commit c78b06b1d23b95e4ea5f507a719bded6a2737581)
2025-03-04 15:45:13 +01:00
Daan De Meyer
cd727da491 meson: Add missing dbus_programs dependency on update-dbus-docs
All dbus programs have to be up-to-date for update-dbus-docs to
produce the expected output, so add the missing dependency.

(cherry picked from commit 461bd9277a69833a534518c263d00443f2f6fbf4)
2025-03-04 15:45:13 +01:00
Mike Yuan
aef4adde62 core/service: do not propagate reload for combined RELOADING=1 + READY=1 when notify-reload
Follow-up for 3bd28bf721dc70722ff1c675026ed0b44ad968a3

SERVICE_RELOAD_SIGNAL state can only be reached via explicit reload jobs,
and we have a clear distinction between that and plain RELOADING=1
notifications, the latter of which is issued by clients doing reload
outside of our job engine. I.e. upon SERVICE_RELOAD_SIGNAL + RELOADING=1
we don't propagate reload jobs again, since that's done during transaction
construction stage already. The handling of combined RELOADING=1 + READY=1
so far is bogus however, as it tries to propagate duplicate reload jobs.
Amend this by following the logic for standalone RELOADING=1.

(cherry picked from commit c337a1301f2de4105fc8023e45db20238c6a895a)
2025-03-04 15:45:13 +01:00
Daan De Meyer
f99cd5e65b docs: Use mkosi -R instead of mkosi -t none
mkosi now supports -R to rerun build scripts without rebuilding the
image so let's document that instead of the current hack to prevent
the rebuild by changing the output format.

(cherry picked from commit 031a474c916758f906ed556c7d2ea3e92ff481a6)
2025-03-04 15:45:13 +01:00
Daan De Meyer
9ab546bf85 mkosi: Update to latest
(cherry picked from commit 6ccb14af882673dd488ec86ef9f9e8421b126300)
2025-03-04 15:45:13 +01:00
Antonio Alvarez Feijoo
6d3621d38e import/pull-tar: fix flag set
There is a typo passing flags to `install_file()`, if `IMPORT_READ_ONLY` is set,
`IMPORT_SYNC` is never checked.

(cherry picked from commit 5d2d0c055b1ec68d4fc5d4ec85390fc427171ff3)
2025-03-04 15:45:13 +01:00
Lennart Poettering
e23c2e8bed tpm2-setup: add missing O_CLOEXEC at two places
(cherry picked from commit f4e5a730002fa7ed714b89775c3e5fae6d003aae)
2025-03-04 15:45:13 +01:00
Andreas Stührk
9e2ba7eb05 copy: Invoke hardlink context cleanup before restoring timestamps
When hardlink recreation is requested, it creates temporary files that
will be deleted once the context is destroyed. The deletion
(potentially) updates the directory's timestamps, so it's crucial that
the deletion happens before the directory timestamps are restored when
`COPY_RESTORE_DIRECTORY_TIMESTAMPS` is requested.

(cherry picked from commit b66291444b8d4022ce68121af8e6f99d29ebefd0)
2025-03-04 15:45:13 +01:00
Daan De Meyer
aff9626fc0 packit: Switch to meson.version for the current version
(cherry picked from commit 6a558625162591b34f6daf7e8878d79f78e3e8be)
2025-03-04 15:45:13 +01:00
Daan De Meyer
859348d7e5 mkosi: update fedora commit reference
* 9b6884d2e1 Stop using version_no_tilde for github archives
* 5671cf6132 List the fallback Source0 first

(cherry picked from commit 89a5ea6583840261896b2d5e8ac60dedde7da422)
2025-03-04 15:45:13 +01:00
Daan De Meyer
55ef38e007 mkosi: Enable History= option
This option makes mkosi "remember" all the CLI options specified on
the command line when building an image. This means they don't need
to be specified again when booting the image afterwards or doing any
other operation on the image with "mkosi xxx".

As an example of how this is useful, currently, when running "mkosi
-d opensuse -f" to build an opensuse image and then running "mkosi
sandbox -- meson test -C build TEST-86-MULTI-UKI-PROFILE", running
the test will try to add virtiofs mounts of the fedora~rawhide build
directory on my machine instead of the opensuse one. With the History=
option enabled, it will use the opensuse tumbleweed directory as expected.

We stop setting --extra-search-path and --output-dir in the integration test
wrapper as these are settings that are "remembered" by enabling the History=
option.

(cherry picked from commit 75cf5b0d3a6045e72dacd90f90ae14fa6d817be1)
2025-03-04 15:45:13 +01:00
Daan De Meyer
2cbc67e476 TEST-64-UDEV-STORAGE: Stop using mkosi configure scripts
Now that we have mkosi sandbox, meson runs with the mkosi tools tree
mounted (if one is used at all), so we can implement all the qemu feature
checks in meson itself, removing the need for mkosi configure scripts.

(cherry picked from commit ba29de84cf3967ac3b06707348493d5ddc65c7d8)
2025-03-04 15:45:13 +01:00
Daan De Meyer
985b2e7868 TEST-53-ISSUE-16347: Implement rtc via custom argument
Let's get rid of the configure script for this use case by just
implementing the necessary logic in integration-test-wrapper.py.
We need to get rid of our usage of configure scripts to allow enabling
the History= setting.

(cherry picked from commit 2db2cb3034e71600d25ab1c181f692265d3833fe)
2025-03-04 15:45:13 +01:00
Daan De Meyer
33f3e200e8 mkosi: Update to latest
(cherry picked from commit 4b8edc68f9f4111ccb5ba40c048431874ce8afab)
2025-03-04 15:45:13 +01:00
Luca Boccassi
b92ea51d00 repart: when using erofs and log level is not debug, use --quiet
mkfs.erofs is extremely verbose and will log every single file added
to the filesystem, which is a lot of them when building a rootfs.

(cherry picked from commit 323213cfea8b78d44f63b8a83f74fbd1f79f1775)
2025-03-04 15:45:13 +01:00
Yu Watanabe
16c3e3eac0 fuzz: tentatively disable fuzz-compress on oss-fuzz
It does not work on oss-fuzz for some reasons. See #11018.

(cherry picked from commit 0656b3a083b48a2cccb90ee1f7fed949d9283b76)
2025-03-04 15:45:13 +01:00
Luca Boccassi
1265368eea test: split VM-only subtests from TEST-74-AUX-UTILS to new VM-only test
TEST-74-AUX-UTILS covers many subtests, as it's a catch-all job, and a few
need a VM to run. The job is thus marked VM-only. But that means in settings
where we can't run VM tests (no KVM available), the entire thing is skipped,
losing tons of coverage that doesn't need skipping.

Move the VM-only subtests to TEST-87-AUX-UTILS-VM that is configured to only
run in VMs under both runners. This way we keep the existing tests as-is, and
we can add new VM-only tests without worrying. This is how the rest of the
tests are organized.

Follow-up for f4faac20730cbb339ae05ed6e20da687a2868e76

(cherry picked from commit 3f9539a97f3b4747ff22a530bac39dec24ac58af)
2025-03-04 15:45:13 +01:00
Yu Watanabe
5e00d957ba fuzz: decompress_startswith() may return zero
Fixes #36472.

(cherry picked from commit 339f2f2eeb883b201f59076900e3bee7ff143460)
2025-03-04 15:45:13 +01:00
Yu Watanabe
228dff8f43 test-network: add test case for KeepConfiguration=yes with RTPROT_BOOT
For issue #36411.

(cherry picked from commit 1cac0676dafb45c64940c36d7d75ce1e04eb831c)
2025-02-22 12:15:12 +01:00
Yu Watanabe
39e68c03c8 network/route: do not remove any foreign routes when KeepConfiguration=yes
Without this change, only foreign routes with RTPROT_KERNEL, RTPROT_STATIC,
RTPROT_DHCP, RTPROT_RA, and RTPROT_REDIRECT are kept, and foreign routes with
other protocol e.g. RTPROT_BOOT are removed even if KeepConfiguration=yes.

Fixes a regression in dd6d53a8dc58c5e6e310b09ba7f7a22600a87ba9 (v257).
Fixes #36411.

(cherry picked from commit 724faccf45b6933bb30c56cf99acf6373fffbc70)
2025-02-22 12:15:12 +01:00
Daan De Meyer
575c975842 sbsign: Don't set bit in SpcPeImageData->flags
Neither sbsign nor pesign set this flag in SpcPeImageData->flags,
which is about which resources should be included specifying "Which
portions of the Windows PE file are hashed." according to the
authenticode spec. However, this is followed by "Although flags is
always present, it is ignored when calculating the file hash for both
signing and verification purposes". So as it doesn't seem to do
anything useful and the other tools don't set any of these flags
either, let's follow suite and not set this flag ourselves either.

(cherry picked from commit 66584a9335f9a3be5666209ddb34ae7d7f547189)
2025-02-22 12:15:12 +01:00
Lin Jian
77af82eeb7 docs/CONTROL_GROUP_INTERFACE: fix typo
(cherry picked from commit 7593173c947d7ac2a4a890c570501034f3a4f9b1)
2025-02-22 12:15:12 +01:00
Philip Withnall
afc6244bb1 docs: Clarify that login1 signals are not emitted for convenience objects
While this is obvious if you spend a few minutes thinking about how
D-Bus signals work (in this case, they are broadcast from a system
service, so cannot apply to a specific user/session/seat), it’s a bit
easy to overlook this while putting code together which uses the login1
D-Bus API, so it’s helpful to point this hazard out specifically in the
docs.

The signals can only be emitted on the canonical objects. The
convenience objects are useful for method calls, as the calling context
can be used to dereference ‘self’ and ‘auto’, but this can’t work for
signals.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 82b32b997c51e259ddf66a0ec6bd7631b0ea781d)
2025-02-22 12:15:12 +01:00
Philip Withnall
8ef9fdf79b docs: Fix some confusing wording in various D-Bus docs
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 5fe4edd3fccd2a14ec3488daeac80ddb33bc71db)
2025-02-22 12:15:12 +01:00