1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

4134 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
063c838206 analyze/cat-config: add switch to print only "interesting" parts of config files
When looking at configuration, often a user wants to suppress the comments and
just look at the parts that actually configure something, roughly equivalent to
  systemd-analyze cat-config … | rg -v '^(#|;|$)
This switch implements this natively, skipping lines that start with a comment
character or only contain whitespace.

For formats that have section headers, section headers are skipped, if only
followed by stuff that would be skipped. (The last section header is printed
when we're about to print some actual output.)

Note that the caller doesn't know if the format has headers or not. We do format
type detection in pretty-print.c. So the caller only specifies tldr=true|false, and
conf_files_cat() figures out if the format has headers and whether those should
be handled specially.

The comments that show the file name are always printed, even if all of the file
is suppressed.

This is a partial answer to the discussions in
https://github.com/systemd/systemd/pull/28919,
https://github.com/systemd/systemd/pull/29248. If the default config is shown in
config files, the user can conveniently use '--tldr' to show the relevant parts.
2023-10-24 15:59:34 +02:00
Yu Watanabe
cb0e97e7de test-network: drop unnecessary explicit stop of dnsmasq 2023-10-12 18:34:20 +09:00
Yu Watanabe
aa7336f1d3 test-network: add test case for renewing DHCP lease 2023-10-12 18:33:52 +09:00
Yu Watanabe
9a551ccd1f
Merge pull request #29472 from yuwata/network-dhcp-ipv6-only-mode
network/dhcp: add IPv6 only mode support
2023-10-12 13:06:54 +09:00
Michael Biebl
6f9409eebb test: use kill-whom instead of kill-who (the latter is deprecated) 2023-10-12 13:06:12 +09:00
Yu Watanabe
46f2eb517c test-network: add tests for DHCP IPv6 only mode
For [DHCPv4] IPv6OnlyMode= and [DHCPServer] IPv6OnlyPreferredSec=.
2023-10-11 21:42:13 +09:00
Dan Streetman
adcd3266ec test: add tests for systemd-cryptenroll --tpm2-seal-key-handle
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.

In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
2023-10-10 05:56:45 -04:00
Frantisek Sumsal
c4eb888740 test: make the DDI tests work with older openssl
Older openssl unfortunately insists on having a config file with certain
fields, so let's reuse the one we already create in previous tests.

Should address following error on C8S:

[  407.812039] testsuite-50.sh[654]: + openssl req -config /dev/null -subj=/CN=waldo -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout /tmp/test-50-privkey.key -out /tmp/test-50-cert.crt
[  407.849089] testsuite-50.sh[2325]: Generating a RSA private key
[  408.947853] testsuite-50.sh[2325]: ..................................++++
[  423.100903] testsuite-50.sh[2325]: ..........++++
[  423.111036] testsuite-50.sh[2325]: writing new private key to '/tmp/test-50-privkey.key'
[  423.115036] testsuite-50.sh[2325]: -----
[  423.117842] testsuite-50.sh[2325]: unable to find 'distinguished_name' in config
[  423.120863] testsuite-50.sh[2325]: problems making Certificate Request
[  423.123448] testsuite-50.sh[2325]: 140737354091984:error:0E06D06C:configuration file routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:273:group=req name=distinguished_name

Follow-up to 99d9edf0bd.
2023-10-09 18:54:23 +01:00
Luca Boccassi
00dd4e78f6
Merge pull request #29495 from yuwata/network-manager-state-file
network: fixlets for manager state file
2023-10-08 22:46:44 +01:00
Yu Watanabe
2d7ca6b45d test-network: add test for DHCPv6 information requesting mode
For issue #28566.
2023-10-08 16:31:59 +09:00
Yu Watanabe
34290c6aa9 test-network: test for NTP servers by DHCPv6 protocol
For issue #29148.
2023-10-08 15:45:35 +09:00
Yu Watanabe
8fc7e073e3 test-network: extend testcase for tbf
For issue #29485.
2023-10-07 21:35:16 +09:00
Yu Watanabe
34ba0f5150
Merge pull request #29325 from poettering/varlink-introspect
varlink: add introspection support + varlinkctl + varlinkify one first command line tool (systemd-pcrextend)
2023-10-06 21:58:17 +09:00
Lennart Poettering
8525de1365 test: extend some existing tests with varlinkctl lines, to test varlinkctl + new PCRExtend service 2023-10-06 11:49:38 +02:00
Yu Watanabe
e081ffc114 test-network: move get_dbus_dhcp_client_state() and friends to global 2023-10-06 10:16:27 +01:00
Lennart Poettering
99d9edf0bd test: test the new --make-ddi= logic 2023-10-05 19:18:36 +02:00
Yu Watanabe
6b524d70e3 test-network: add tests for [DHCPv4] RequestAddress= setting 2023-10-05 11:14:29 +09:00
Yu Watanabe
b5c8f47102 test-network: test SIP servers obtained by DHCP
For issue #29145.
2023-10-04 08:41:26 +02:00
Yu Watanabe
fcdd21ec6a tree-wide: fix typo 2023-10-04 08:58:10 +09:00
Frantisek Sumsal
2f397514ad test: spawn the to-be-killed-on-soft-reboot units with --collect
Otherwise they might leave stuff behind if they don't respond fast
enough to the first SIGTERM and get SIGKILLEd, which then breaks reusing
the unit name further in the test:

[ 2993.620849] H testsuite-82.sh[43]: + systemd-run -p Type=exec -p DefaultDependencies=no -p IgnoreOnIsolate=yes --unit=testsuite-82-nosurvive.service sleep infinity
[ 2993.628686] H systemd[1]: testsuite-82-nosurvive.service: About to execute: /usr/bin/sleep infinity
[ 2993.628886] H systemd[1]: testsuite-82-nosurvive.service: Forked /usr/bin/sleep as 65
[ 2993.629328] H systemd[1]: testsuite-82-nosurvive.service: Changed dead -> start
...
[ 2993.699892] H testsuite-82.sh[43]: + systemctl --no-block --check-inhibitors=yes soft-reboot
[ 2993.704326] H systemd-logind[41]: The system will soft-reboot now!
...
[ 3001.249302] H systemd[1]: Sending SIGKILL to PID 65 (sleep).
...
[ 3001.303158] H testsuite-82.sh[136]: + systemd-notify '--status=Second Boot'
...
[ 3001.409504] H testsuite-82.sh[136]: + systemd-run -p Type=exec --unit=testsuite-82-nosurvive.service sleep infinity
[ 3001.414061] H testsuite-82.sh[165]: Failed to start transient service unit: Unit testsuite-82-nosurvive.service was already loaded or has a fragment file.

Spotted in Ubuntu CI.
2023-10-03 16:40:49 +02:00
Frantisek Sumsal
399a8a5eb1 test: use --service-type= instead of -p Type= 2023-10-03 16:38:35 +02:00
Luca Boccassi
df3e378a5d
Merge pull request #29339 from bluca/mount_namespace_new_api
Use new mount API for bind/image mount tunnel
2023-10-02 16:04:26 +01:00
Luca Boccassi
e428f1dd8a
Merge pull request #29400 from yuwata/network-limit-read-size
network: limit read size
2023-10-02 14:23:51 +01:00
Luca Boccassi
c7986bc9b6 test: fix check in test unit in TEST-50-DISSECT
'[[ not found'
2023-10-02 14:02:32 +01:00
Yu Watanabe
185e201690 journalctl: find boot ID more gracefully in corrupted journal
In discover_next_boot(), first we find a new boot ID based on the value
stored in the entry object. Then, find the tail (or head when we are going
upwards) entry of the boot based on the _BOOT_ID= field data.

If boot IDs of an entry in the entry object and _BOOT_ID field data
are inconsistent, which may happen on corrupted journal, then previously
discover_next_boot() failed with -ENODATA.

This makes the function check if the two boot IDs in each entry are
consistent, and skip the entry if not.

Fixes the failure of `journalctl -b -1` for 'truncated' journal:
https://github.com/systemd/systemd/pull/29334#issuecomment-1736567951
2023-10-02 10:59:33 +09:00
Yu Watanabe
4ed95fafad network: set maximum length to be read by read_full_file_full()
Fixes #29264 and oss-fuzz#62556
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62556).
2023-10-02 10:36:43 +09:00
Frantisek Sumsal
e11fd4df14
Merge pull request #29378 from mrc0mmand/more-test-tweaks
test: a couple of TEST-82-SOFTREBOOT tweaks
2023-09-30 07:35:35 +00:00
Frantisek Sumsal
bd0f9858f7 test: don't pipe the whole journal through jq
Doing that in VMs without acceleration is prohibitively expensive (i.e.
20+ seconds in the C8S job). Thankfully, the recent [0] --lines=+n syntax
makes this all quite easy to fix.

[0] 8d6791d2aa
2023-09-29 23:26:15 +02:00
Frantisek Sumsal
82abce7a89 test: use Type=exec for the auxiliary services
To make sure the respective binaries are exec()ed before moving further
with the test.
2023-09-29 22:10:42 +02:00
Frantisek Sumsal
47f6baccfe test: shutdown the machine on fail after soft-reboot
Since the soft-reboot drops the enqueued end.service, we won't shutdown
the test VM if the test fails and have to wait for the watchdog to kill
us (which may take quite a long time). Let's just forcibly kill the
machine instead to save CI resources.
2023-09-29 22:07:12 +02:00
Lennart Poettering
68849251a2
Merge pull request #29344 from poettering/tpm2-setup
tpm2-setup: set up TPM2 Storage Root Key (SRK) in a separate service
2023-09-29 21:56:28 +02:00
Luca Boccassi
16f094cfbb
Merge pull request #29374 from mrc0mmand/test-tweaks
test: use "test-" prefix for units
2023-09-29 19:07:59 +01:00
Lennart Poettering
2e64cb71b9 tpm2-setup: add new early boot tool for initializing the SRK
This adds an explicit service for initializing the TPM2 SRK. This is
implicitly also done by systemd-cryptsetup, hence strictly speaking
redundant, but doing this early has the benefit that we can parallelize
this in a nicer way. This also write a copy of the SRK public key in PEM
format to /run/ + /var/lib/, thus pinning the disk image to the TPM.
Making the SRK public key is also useful for allowing easy offline
encryption for a specific TPM.

Sooner or later we should probably grow what this service does, the
above is just the first step. For example, the service should probably
offer the ability to reset the TPM (clear the owner hierarchy?) on a
factory reset, if such a policy is needed. And we might want to install
some default AK (?).

Fixes: #27986
Also see: #22637
2023-09-29 19:36:04 +02:00
Frantisek Sumsal
d1e8485b4a test: use /run/ for test configuration 2023-09-29 16:07:05 +02:00
Frantisek Sumsal
6bbc1a2464 test: use "test-" prefix for units
So the coverage-related drop-in [0] can kick in to avoid errors with
DynamicUser=true. Also, to not make the test confusing with this change,
replace "nft-test" with "test-nft" everywhere.

[0] See test/README.testsuite, section "Code coverage"
2023-09-29 15:55:53 +02:00
Lennart Poettering
9551aa707d tpm2: move measurement log to /run/log/ (from /var/log/)
I have no idea what went on in my mind when I used a path in /var/ for
the tpm2 event log we now keep for userspace measurements. The
measurements are only valid for the current boot, hence should not be
persisted (in particular as they cannot be rotated, hence should not
grow without bounds).

Fix that, simply move from /var/log/ to /run/log/.
2023-09-29 14:35:56 +02:00
Daan De Meyer
4444564a95
Merge pull request #29193 from keszybz/path-util-adjustment
Make unit mangling follow paths
2023-09-29 11:33:12 +02:00
Maanya Goenka
f660c7fa56 fix: do not check/verify slice units if recursive errors are to be ignored
Before this fix, when recursive-errors was set to 'no' during a systemd-analyze
verification, the parent slice was checked regardless. The 'no' setting means that,
only the specified unit should be looked at and verified and errors in the slices should be
ignored. This commit fixes that issue.

Example:

Say we have a sample.service file:

[Unit]
Description=Sample Service

[Service]
ExecStart=/bin/echo "a"
Slice=support.slice

Before Change:

systemd-analyze verify --recursive-errors=no maanya/sample.service
Assertion 'u' failed at src/core/unit.c:153, function unit_has_name(). Aborting.
Aborted (core dumped)

After Change:
systemd-analyze verify --recursive-errors=no maanya/sample.service
{No errors}
2023-09-28 23:32:02 +01:00
Luca Boccassi
1e49f4ed8b
Merge pull request #28545 from bluca/softreboot_survive
pid1: add SurviveFinalKillSignal= to skip units on final sigterm/sigkill spree
2023-09-28 17:12:03 +01:00
Luca Boccassi
3cb5d34ce0
Merge pull request #29295 from valentindavid/valentindavid/sysupdate-patterns-in-directory
sysupdate: Allow patterns to match path with directories
2023-09-28 15:18:45 +01:00
Frantisek Sumsal
d37b9154a7 test: check soft-reboot behavior wrt argv[0][0] == '@' 2023-09-28 13:48:14 +01:00
Luca Boccassi
559214cbbd pid1: add SurviveFinalKillSignal= to skip units on final sigterm/sigkill spree
Add a new boolean for units, SurviveFinalKillSignal=yes/no. Units that
set it will not have their process receive the final sigterm/sigkill in
the shutdown phase.

This is implemented by checking if a process is part of a cgroup marked
with a user.survive_final_kill_signal xattr (or a trusted xattr if we
can't set a user one, which were added only in kernel v5.7 and are not
supported in CentOS 8).
2023-09-28 13:48:14 +01:00
Zbigniew Jędrzejewski-Szmek
5342eb4633 Rework unit_name_mangle_with_suffix() to (very slightly) simplify the path
'systemctl status /../dev' now looks for 'dev.mount', not '-..-dev.service',
and 'systemctl status /../foo' looks for 'foo.mount', not '-..-foo.service'. I
think this much more useful. I think the escaping is not very useful, so I plan
to submit a later series which changes that behaviour. But I think this first
step here is already useful on its own.

Note that the patch is smaller than it seems: before, is_device_path() would
return true only for absolute paths, so moving of is_device_path() under the
path_is_absolute() conditional doesn't influence the logic.
2023-09-28 13:09:25 +02:00
Bertrand Jacquin
bdf58b47c3 resolved: never respond to .alt pseudo-TLD.
From RFC 9476:

Because names beneath .alt are in an alternative namespace, they have no
significance in the regular DNS context. DNS stub and recursive
resolvers do not need to look them up in the DNS context.

See: https://datatracker.ietf.org/doc/html/rfc9476#name-the-alt-namespace
2023-09-28 12:07:47 +02:00
Valentin David
8b051623cd
sysupdate: Allow patterns to match path with directories
`MatchPattern` for regular-file and directory as target can now match
subdirectories This is useful to install files for examples in `.extra.d`
directories:

```
[Target]
Type=regular-file
Path=/EFI/Linux
PathRelativeTo=boot
MatchPattern=gnomeos_@v.efi.extra.d/apparmor.addon.efi
```

The if the directories in the path do not exist, they will be created.  Whereas
the part in `Path` is not created.
2023-09-28 11:41:29 +02:00
Topi Miettinen
435d523956 test: testing for core NFTSet= feature 2023-09-27 18:10:11 +00:00
Zbigniew Jędrzejewski-Szmek
e071384dc5 Merge pull request #29296 from yuwata/sd-journal-several-cleanups-for-boot-id 2023-09-27 14:56:48 +02:00
Frantisek Sumsal
c1b129f4ad test: introduce TEST-09-REBOOT
To test stuff involving state preserved across (multiple) reboots, like
journal boot IDs.
2023-09-27 14:50:19 +02:00
Luca Boccassi
578840bdf9
Merge pull request #29296 from keszybz/make-cryptsetup-offical-and-add-docs
Make cryptsetup offical and add docs
2023-09-27 13:31:11 +01:00
Zbigniew Jędrzejewski-Szmek
ab68c6fb08 TEST-70: use new cryptsetup path 2023-09-26 17:03:26 +02:00