IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When running interactively, let's connect the test unit directly
to the console. This enables adding "bash" anywhere within an
integration test to get a shell within the test environment.
(cherry picked from commit fe7413d1955bbf0f8fe869543c423025a22a4671)
As soon as we start running a test, we want pid 1 to stop showing
status messages so let's tell pid 1 to stop showing status messages.
(cherry picked from commit 070de658a9f2bf48d26035ddbe861f79dfff2be4)
Also pull in getty-pre.target via Wants= so it actually gets pulled
into the transaction.
(cherry picked from commit 854a8c21d00e070bffd0c754812b29c5a4acd324)
Let's only compare flags that can be set by userspace and not all flags.
Fixes a bug introduced by 7027cdbd79c26d5a8890759a37d70165c8aeb214 (v256).
Fixes#36544
(cherry picked from commit 9fd25fd3ce4012e737688f0f1f3400c3e21c99f7)
If we use TCP fastopen to connect to a DNS server via TCP, and it
responds really quickly between our connection attempt and our immediate
check back, then we have not identified the peer yet, and will not be
able to use the peer metadata to fill in our packet info.
Let's fix that, and simply not read from the socket until identification
is complete.
Fixes: #34956
(cherry picked from commit facc9439a76b4c3a5c273c71bd7a676e4c74778c)
The values assigned to 'r' were never used, and overwritten by the next
call of read_line_full().
Fixes CID#1548043 and CID#1548064.
(cherry picked from commit 00575cfd696a2a335decb66580727fafd3c152aa)
This is a kind of paranoia, as memeqzero() does not read anyting if
length is zero. But, strictly speaking C language does not allow such,
and Coverity warn about that.
Fixes CID#1561177.
(cherry picked from commit 6529ab0b066c93a6b8a8bf24b999d67e67a261f5)
The test expects _not_ to find the patterns but the run_and_grep would
still print 'FAIL:' message. Use the dedicated -n option that inverts
the semantics cleaner than shell's !.
(cherry picked from commit c4b75966075e01d39556a87caa778eb63d96d6f6)
mkosi switch to the newer -blockdev qemu option in systemd/mkosi#3557 [1], but
cache=unsafe is an option only -drive supports.
Since the qemu-system_x86-64 man page [2] says this, cache.writeback=on is the
default and mkosi setting the other two options to the values corresponding to
unsafe, it should be fine to drop the cache=unsafe option.
┌─────────────┬─────────────────┬──────────────┬────────────────┐
│ │ cache.writeback │ cache.direct │ cache.no-flush │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│writeback │ on │ off │ off │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│none │ on │ on │ off │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│writethrough │ off │ off │ off │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│directsync │ off │ on │ off │
├─────────────┼─────────────────┼──────────────┼────────────────┤
│unsafe │ on │ off │ on │
└─────────────┴─────────────────┴──────────────┴────────────────┘
[1] https://github.com/systemd/mkosi/pull/3557
[2] https://manpages.ubuntu.com/manpages/noble/en/man1/qemu-system-x86_64.1.html
(cherry picked from commit 759fdb3a35f96906de471b2c6c2bc2864dc25564)
In various scenarios we invoke containers with access to the kernel
keyring blocked. Let's make sure we can handle this properly: when the
invocation ID is stored in in the kernel keyring and we try to read it
and get EPERM we should handle it gracefully, like EOPNOTSUPP.
(cherry picked from commit f2e38b01e052ebd50eaf98763bd9709e880c0a75)
When using UEFI with bhyve it behaves similarly to qemu, and provides
a product_uuid. Use it if found, just like with qemu.
(cherry picked from commit 113c159ba9c4e8052ae162e12faba28b102a90d0)
fido2_generate_hmac_hash() sets req->keyring to "fido2-pin" when
calling ask_password_auto(), suggesting that a key by this name
can be read from the kernel keyring. But the keyring is never
opened because the ASK_PASSWORD_ACCEPT_CACHED flag is not set.
Set ASK_PASSWORD_ACCEPT_CACHED to allow automated / scripted
setup of encrypted volumes with FIDO2. If the PIN turns out to
be invalid, clear ASK_PASSWORD_ACCEPT_CACHED to avoid retrying
and possible lockout.
(cherry picked from commit 505c2f21377019c058de16aa9e2d8db005e97e6f)
All dbus programs have to be up-to-date for update-dbus-docs to
produce the expected output, so add the missing dependency.
(cherry picked from commit 461bd9277a69833a534518c263d00443f2f6fbf4)
Follow-up for 3bd28bf721dc70722ff1c675026ed0b44ad968a3
SERVICE_RELOAD_SIGNAL state can only be reached via explicit reload jobs,
and we have a clear distinction between that and plain RELOADING=1
notifications, the latter of which is issued by clients doing reload
outside of our job engine. I.e. upon SERVICE_RELOAD_SIGNAL + RELOADING=1
we don't propagate reload jobs again, since that's done during transaction
construction stage already. The handling of combined RELOADING=1 + READY=1
so far is bogus however, as it tries to propagate duplicate reload jobs.
Amend this by following the logic for standalone RELOADING=1.
(cherry picked from commit c337a1301f2de4105fc8023e45db20238c6a895a)
mkosi now supports -R to rerun build scripts without rebuilding the
image so let's document that instead of the current hack to prevent
the rebuild by changing the output format.
(cherry picked from commit 031a474c916758f906ed556c7d2ea3e92ff481a6)
There is a typo passing flags to `install_file()`, if `IMPORT_READ_ONLY` is set,
`IMPORT_SYNC` is never checked.
(cherry picked from commit 5d2d0c055b1ec68d4fc5d4ec85390fc427171ff3)
When hardlink recreation is requested, it creates temporary files that
will be deleted once the context is destroyed. The deletion
(potentially) updates the directory's timestamps, so it's crucial that
the deletion happens before the directory timestamps are restored when
`COPY_RESTORE_DIRECTORY_TIMESTAMPS` is requested.
(cherry picked from commit b66291444b8d4022ce68121af8e6f99d29ebefd0)
* 9b6884d2e1 Stop using version_no_tilde for github archives
* 5671cf6132 List the fallback Source0 first
(cherry picked from commit 89a5ea6583840261896b2d5e8ac60dedde7da422)
This option makes mkosi "remember" all the CLI options specified on
the command line when building an image. This means they don't need
to be specified again when booting the image afterwards or doing any
other operation on the image with "mkosi xxx".
As an example of how this is useful, currently, when running "mkosi
-d opensuse -f" to build an opensuse image and then running "mkosi
sandbox -- meson test -C build TEST-86-MULTI-UKI-PROFILE", running
the test will try to add virtiofs mounts of the fedora~rawhide build
directory on my machine instead of the opensuse one. With the History=
option enabled, it will use the opensuse tumbleweed directory as expected.
We stop setting --extra-search-path and --output-dir in the integration test
wrapper as these are settings that are "remembered" by enabling the History=
option.
(cherry picked from commit 75cf5b0d3a6045e72dacd90f90ae14fa6d817be1)
Now that we have mkosi sandbox, meson runs with the mkosi tools tree
mounted (if one is used at all), so we can implement all the qemu feature
checks in meson itself, removing the need for mkosi configure scripts.
(cherry picked from commit ba29de84cf3967ac3b06707348493d5ddc65c7d8)
Let's get rid of the configure script for this use case by just
implementing the necessary logic in integration-test-wrapper.py.
We need to get rid of our usage of configure scripts to allow enabling
the History= setting.
(cherry picked from commit 2db2cb3034e71600d25ab1c181f692265d3833fe)
mkfs.erofs is extremely verbose and will log every single file added
to the filesystem, which is a lot of them when building a rootfs.
(cherry picked from commit 323213cfea8b78d44f63b8a83f74fbd1f79f1775)
TEST-74-AUX-UTILS covers many subtests, as it's a catch-all job, and a few
need a VM to run. The job is thus marked VM-only. But that means in settings
where we can't run VM tests (no KVM available), the entire thing is skipped,
losing tons of coverage that doesn't need skipping.
Move the VM-only subtests to TEST-87-AUX-UTILS-VM that is configured to only
run in VMs under both runners. This way we keep the existing tests as-is, and
we can add new VM-only tests without worrying. This is how the rest of the
tests are organized.
Follow-up for f4faac20730cbb339ae05ed6e20da687a2868e76
(cherry picked from commit 3f9539a97f3b4747ff22a530bac39dec24ac58af)
Without this change, only foreign routes with RTPROT_KERNEL, RTPROT_STATIC,
RTPROT_DHCP, RTPROT_RA, and RTPROT_REDIRECT are kept, and foreign routes with
other protocol e.g. RTPROT_BOOT are removed even if KeepConfiguration=yes.
Fixes a regression in dd6d53a8dc58c5e6e310b09ba7f7a22600a87ba9 (v257).
Fixes#36411.
(cherry picked from commit 724faccf45b6933bb30c56cf99acf6373fffbc70)
Neither sbsign nor pesign set this flag in SpcPeImageData->flags,
which is about which resources should be included specifying "Which
portions of the Windows PE file are hashed." according to the
authenticode spec. However, this is followed by "Although flags is
always present, it is ignored when calculating the file hash for both
signing and verification purposes". So as it doesn't seem to do
anything useful and the other tools don't set any of these flags
either, let's follow suite and not set this flag ourselves either.
(cherry picked from commit 66584a9335f9a3be5666209ddb34ae7d7f547189)
While this is obvious if you spend a few minutes thinking about how
D-Bus signals work (in this case, they are broadcast from a system
service, so cannot apply to a specific user/session/seat), it’s a bit
easy to overlook this while putting code together which uses the login1
D-Bus API, so it’s helpful to point this hazard out specifically in the
docs.
The signals can only be emitted on the canonical objects. The
convenience objects are useful for method calls, as the calling context
can be used to dereference ‘self’ and ‘auto’, but this can’t work for
signals.
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
(cherry picked from commit 82b32b997c51e259ddf66a0ec6bd7631b0ea781d)
