1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 02:21:44 +03:00
Commit Graph

544 Commits

Author SHA1 Message Date
Lennart Poettering
daf71ef61c systemctl: split up humungous systemctl.c file
This is just some refactoring: shifting around of code, not change in
codeflow.

This splits up the way too huge systemctl.c in multiple more easily
digestable files. It roughly follows the rule that each family of verbs
gets its own .c/.h file pair, and so do all the compat executable names
we support. Plus three extra files for sysv compat (which existed before
already, but I renamed slightly, to get the systemctl- prefix lik
everything else), a -util file with generic stuff everything uses, and a
-logind file with everything that talks directly to logind instead of
PID1.

systemctl is still a bit too complex for my taste, but I think this way
itc omes in a more digestable bits at least.

No change of behaviour, just reshuffling of some code.
2020-10-07 23:12:15 +02:00
Lennart Poettering
c14ebe07a9
Merge pull request #17172 from keszybz/read-login-defs
Read /etc/login.defs
2020-10-02 11:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
aa25270cb2 sysusers: look at login.defs when setting the default range to allocate users
Also, even if login.defs are not present, don't start allocating at 1, but at
SYSTEM_UID_MIN.

Fixes #9769.

The test is adjusted. Actually, it was busted before, because sysusers would
never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than
SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are
equal, so we didn't notice. Since sysusers now always uses the minimum of the
two, we only need to substitute one value.
2020-10-01 19:53:45 +02:00
Zbigniew Jędrzejewski-Szmek
bd7e6aa73a test/TEST-21-SYSUSERS: turn into a unit test
All this test does is manipulate text files in a subdir specified with --testroot.
It can be a normal unittest without the overhead of creating a machine image.

As a bonus, also test the .standalone version.
2020-10-01 17:52:51 +02:00
Zbigniew Jędrzejewski-Szmek
fc1a5d1a70 Also parse the minimum uid/gid values
We don't (and shouldn't I think) look at them when determining the type of the
user, but they should be used during user/group allocation. (For example, an
admin may specify SYS_UID_MIN==200 to allow statically numbered users that are
shared with other systems in the range 1–199.)
2020-10-01 17:52:41 +02:00
Zbigniew Jędrzejewski-Szmek
53393c894d Look at /etc/login.defs for the system_max_[ug]id values
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
  500 for a long time. Systems which are upgraded over time might have users
  in the wrong range, but changing existing systems is complicated and
  expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
  one value and others another.
So let's make this boundary overridable using /etc/login.defs.

Fixes #3855, #10184.
2020-10-01 17:49:31 +02:00
Luca Boccassi
feee7f6288 libcrypt-util: use build-time check for crypt_preferred_method
After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra
is checked, but there are cases where that function is available but crypt_preferred_method
is not, and they are used in the same ifdef.
Add a check for the latter as well.
2020-09-28 10:23:48 +02:00
Lennart Poettering
36f8cf0163
Merge pull request #17086 from keszybz/developer-mode-default
Update dbus docs, make developer mode default
2020-09-22 16:29:28 +02:00
Anita Zhang
06ca077ba2 meson: remove multi-line statement with trailing '\'
Error on meson 0.47:
```
meson.build:885:47: ERROR:  Expecting colon got eol_cont.
crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? \
                                               ^
```

This seems to have been fixed in meson 0.50 after a report from
https://github.com/mesonbuild/meson/issues/4720
2020-09-21 21:20:39 +02:00
Lennart Poettering
3f440b13b7
Merge pull request #16981 from keszybz/use-crypt_ra
Use crypt_ra to allocate scratch area for password hashing
2020-09-18 19:46:08 +02:00
Zbigniew Jędrzejewski-Szmek
4c8e5f442b meson: make "developer" mode the default
This means that the dbus doc consistency checks will be enabled by default,
including in the CI. I think that will work better than current state where
people do not enable them and them follow-up patches for the docs like the
parent commit must be had.
2020-09-17 09:02:29 +02:00
Zbigniew Jędrzejewski-Szmek
452d2dfd52 meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH
RC_LOCAL_SCRIPT_PATH_START and RC_LOCAL_SCRIPT_PATH_STOP were was originally
added in the conversion to meson based on the autotools name. In
4450894653 RC_LOCAL_SCRIPT_PATH_STOP was dropped.
We don't need to use such a long name.
2020-09-15 17:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
2b49f0ca83 Check for crypt_gensalt_ra() instead of relying on libxcrypt presence
Since the loop to check various xcrypt functions is already in place,
adding one more is cheap. And it is nicer to check for the function
directly. People like to backport things, so we might get lucky even
without having libxcrypt.
2020-09-15 11:52:30 +02:00
Zbigniew Jędrzejewski-Szmek
e8644a414a meson: test if we have libcrypt_ra
We always seem to have either libcrypt_r and not the other two, or all
three. So the fallback for libcrypt_ra needs to be based on libcrypt_r.
2020-09-15 11:52:30 +02:00
Lennart Poettering
b612c26ceb sd-path: use ROOTPREFIX without suffixed slash
We already have rootprefix_noslash as meson variable, export it so that
we can also use it in C code.

Fixes: #16773
2020-09-11 13:08:30 +02:00
Lennart Poettering
bae66f4bda systemd-user: move pam snippet default location to /usr/lib/pam.d 2020-09-10 12:47:07 +02:00
Lennart Poettering
0d12936d9a shared: make libcryptsetup dep dlopen
Let's make libcryptsetup a dlopen() style dep for PID 1 (i.e. for
RootImage= and stuff), systemd-growfs and systemd-repart. (But leave to
be a regulra dep in systemd-cryptsetup, systemd-veritysetup and
systemd-homed since for them the libcryptsetup support is not auxiliary
but pretty much at the core of what they do.)

This should be useful for container images that want systemd in the
payload but don't care for the cryptsetup logic since dm-crypt and stuff
isn't available in containers anyway.

Fixes: #8249
2020-09-02 15:04:06 +02:00
Lennart Poettering
1e2f32305c shared: rename crypt-util.c → cryptsetup-util.c
"crypt-util.c" is such a generic name, let's avoid that, in particular
as libc's/libcrypt's crypt() function is so generically named too that
one might thing this is about that. Let's hence be more precise, and
make clear that this is about cryptsetup, and nothing else.

We already had cryptsetup-util.[ch] in src/cryptsetup/ doing keyfile
management. To avoid the needless confusion, let's rename that file to
cryptsetup-keyfile.[ch].
2020-09-02 15:00:32 +02:00
Lennart Poettering
3b684be04b libudev: also expose API to check for current tags in libudev 2020-09-01 17:40:12 +02:00
Zbigniew Jędrzejewski-Szmek
4cc73cf9c1 test: verify that dbus docs are fresh
This makes use of the developer mode switch: the test is only done
if the user opted-in into developer mode.

Before the man/update-dbus-docs was using the argument form where
we don't need to run find_command(), but that doesn't work with test(),,
so find_command() is used and we get one more line in the config log.
2020-08-27 21:30:22 +02:00
Zbigniew Jędrzejewski-Szmek
839bdf2505 meson: add "develop mode" config switch 2020-08-27 20:20:23 +02:00
Lennart Poettering
da3920c3a4 journal: move qrcode printing code to src/shared/
That way we can make use of it in homctl, too.
2020-08-25 17:58:02 +02:00
Zbigniew Jędrzejewski-Szmek
9f56c88aeb
Merge pull request #16819 from keszybz/seccomp-enosys
Return ENOSYS in nspawn for "unknown" syscalls
2020-08-25 09:18:46 +02:00
Zbigniew Jędrzejewski-Szmek
2aed63f427 tree-wide: fix spelling of "fallback"
Similarly to "setup" vs. "set up", "fallback" is a noun, and "fall back"
is the verb. (This is pretty clear when we construct a sentence in the
present continous: "we are falling back" not "we are fallbacking").
2020-08-20 17:45:32 +02:00
Zbigniew Jędrzejewski-Szmek
b3259a6e5f meson: add ENABLE_ANALYZE conditional 2020-08-20 17:42:13 +02:00
Lennart Poettering
1b13600948
Merge pull request #16771 from poettering/dyn-pwq
make libpwquality a dlopen() dependency + use it in systemd-firstboot, too
2020-08-19 15:40:41 +02:00
Zbigniew Jędrzejewski-Szmek
47354b440e meson: add syscall-names-update target
The calls to find_program("tools/*") are moved earlier so they can be used
in libshared/ (and it doesn't make sense to split them).
2020-08-19 15:30:24 +02:00
Anita Zhang
e71f5585b9 meson: add min version for libfdisk
Was trying to run src/partition/test-repart.sh on CentOS 8 and the first
resize call kept failing with ERANGE. Turned out that CentOS 8 comes
with libfdisk-devel-2.32.1 which is missing
2f35c1ead6
(in libfdisk 2.33 and up).
2020-08-19 10:18:33 +02:00
Lennart Poettering
679badd7ba home: make libpwquality dep a runtime dlopen() one
Also, let's move the glue for this to src/shared/ so that we later can
reuse this in sysemd-firstboot.

Given that libpwquality is a more a leaf dependency, let's make it
runtime optional, so that downstream distros can downgrade their package
deps from Required to Recommended.
2020-08-19 10:03:24 +02:00
Lennart Poettering
5a151082d7 meson: move systemd-dissect to /usr/bin 2020-08-11 22:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
1472b58835
Merge pull request #16260 from poettering/pcre2-dlopen
turn pcre2 dependency into dlopen() dependency
2020-08-04 15:37:48 +02:00
Zbigniew Jędrzejewski-Szmek
3a4378cb9e
Merge pull request #16145 from poettering/qrcode-dlopen
journalctl: make libqrencode a weak (dlopen() style) dependency
2020-08-04 15:25:50 +02:00
Zbigniew Jędrzejewski-Szmek
2d2d0a57e7 repart: adjust --help and test output width 2020-07-30 16:02:45 +02:00
Zbigniew Jędrzejewski-Szmek
0390b094f5 meson: do not choke on time epoch when there are no git tags
github ci was failing with:

meson.build:685:16: ERROR: String '' cannot be converted to int
2020-07-23 12:25:14 +02:00
Daan De Meyer
bd190899bb Get SOURCE_EPOCH from the latest git tag instead of NEWS
Currently, each change to NEWS triggers a meson reconfigure that
changes SOURCE_EPOCH which causes a full rebuild. Since NEWS changes
relatively often, we have a full rebuild each time we pull from
master even if we pull semi-regularly. This is further compounded
when using branches since NEWS has a relatively high chance to
differ between branches which causes git to update the modification
time, leading to a full rebuild when switching between branches.

We fix this by using the creation time of the latest git tag instead.
2020-07-23 08:38:30 +02:00
Lennart Poettering
9200bb30d0 journalctl: make pcre2 a dlopen() dependency
Let's make use of the library if it is installed, but otherwise just
generate a nice error and provide all other functionality.
2020-07-21 10:37:54 +02:00
Norbert Lange
55678b9eae build: skip installation of 2 files if feature is disabled
dont install systemd-update-utmp if utmp is disabled.
dont install systemd-initctl.service if sysv is disabled.
2020-07-18 13:50:39 +09:00
Zbigniew Jędrzejewski-Szmek
3994922baf meson: bump version numbers for v246 2020-07-08 17:35:54 +02:00
Lennart Poettering
7b78db28e5 homed: add support for authenticating with fido2 hmac-secret tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
1c0c4a43c6 homectl: add support for enrolling FIDO2 HMAC-SECRET tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
af4fbd463f build-sys: add libfido2 as optional dependency 2020-07-01 11:17:28 +02:00
Lennart Poettering
d80b051cea tree-wide: add new HAVE_COMPRESSION compile time flag
let's simplify the checks for ZSTD/LZ4/XZ

As suggested:

https://github.com/systemd/systemd/pull/16096#discussion_r440705585
2020-06-25 15:02:45 +02:00
Luca Boccassi
c2923fdcd7 dissect/nspawn: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
2020-06-25 08:45:21 +01:00
Lennart Poettering
e44b500484 journalctl: make libqrencode a weak dependency
This way journalctl can make use of libqrencode if it's there, but will
quietly not use it if it isn't.

This means libqrencode remains a build-time dep, but not a strict
runtime dependency.

I figure we should do something similar for a bunch of other "leaf"
libraries we only use few symbols of. Specifically the following are
probably good candidates:

* pcre2
* libpwquality
* p11kit
* elfutils

and possibly:

* libcryptsetup (only in some parts. i.e. building systemd-cryptsetup
  without it makes no sense. However building the dissect option with
  libcryptsetup as optional dep does make sense)
* possibly the compression libraries (at least the ones we never use for
  compression, but only as alternative ones for decompression)

Already covered like this is:

* libxkcommon
2020-06-25 09:28:27 +02:00
Lennart Poettering
7bf6babfa2
Merge pull request #16112 from poettering/nss-systemd-block-fix
rework nss-systemd recursion lock
2020-06-24 08:39:44 +02:00
Lennart Poettering
037b0a47b0 userdb: replace recursion lock
Previously we'd used the existance of a specific AF_UNIX socket in the
abstract namespace as lock for disabling lookup recursions. (for
breaking out of the loop: userdb synthesized from nss → nss synthesized
from userdb → userdb synthesized from nss → …)

I did it like that because it promised to work the same both in static
and in dynmically linked environments and is accessible easily from any
programming language.

However, it has a weakness regarding reuse attacks: the socket is
securely hashed (siphash) from the thread ID in combination with the
AT_RANDOM secret. Thus it should not be guessable from an attacker in
advance. That's only true if a thread takes the lock only once and
keeps it forever. However, if a thread takes and releases it multiple
times an attacker might monitor that and quickly take the lock
after the first iteration for follow-up iterations.

It's not a big issue given that userdb (as the primary user for this)
never released the lock and we never made the concept a public
interface, and it was only included in one release so far, but it's
something that deserves fixing. (moreover it's a local DoS only, only
permitting to disable native userdb lookups)

With this rework the libnss_systemd.so.2 module will now export two
additional symbols. These symbols are not used by glibc, but can be used
by arbitrary programs: one can be used to disable nss-systemd, the other
to check if it is currently disabled.

The lock is per-thread. It's slightly less pretty, since it requires
people to manually link against C code via dlopen()/dlsym(), but it
should work safely without the aforementioned weakness.
2020-06-23 17:24:24 +02:00
Filipe Brandenburger
db64ba81c6 meson: build standalone version of systemd-tmpfiles
Use -Dstandalone-binaries=yes to enable building and installing this standalone
version of the binary without a dependency on the systemd-shared solib.

Also move the list of sources for systemd-tmpfiles to its own meson.build file.
2020-06-10 10:54:29 -07:00
Filipe Brandenburger
8ef8f3d5a7 meson: add a new -Dstandalone-binaries=true option
This adds an option to build standalone binaries that do not depend on the
systemd-shared library. This option can be handy to build binaries that can be
useful on a non-systemd system, binaries such as systemd-sysusers and
systemd-tmpfiles have been previously requested, but installing them with all
the required dependencies pulls in too much code that isn't really relevant for
those use cases. The standalone use case is also relevant in containers, where
minimizing the size of the container image is quite relevant.

For now, only `systemd-sysusers` is also built as a standalone binary.

The standalone binaries are installed as `/usr/bin/%{name}.standalone`, the
packaging system is reponsible for renaming those into the correct names
during the packaging step. RPM is able to do so with RemovePathPostfixes:

The default behavior is to build shared binaries only, since this option is
mainly intended for building distribution packages.

Tested that a proper separate binary is built when using this option and
that having it disabled (or using the default Meson configuration) does not
produce a binary for this option.
2020-06-10 10:54:29 -07:00
YmrDtnJu
2ffadd3cee AppArmor: Support for loading a set of pre-compiled profiles at startup time
Let systemd load a set of pre-compiled AppArmor profile files from a policy
cache at /etc/apparmor/earlypolicy. Maintenance of that policy cache must be
done outside of systemd.

After successfully loading the profiles systemd will attempt to change to a
profile named systemd.

If systemd is already confined in a profile, it will not load any profile files
and will not attempt to change it's profile.

If anything goes wrong, systemd will only log failures. It will not fail to
start.
2020-06-09 20:27:47 +02:00
Norbert Lange
63e2d1714e udev: single binary replacing udevd and udevadm
Since the separate binaries contain mostly the same code,
this almost halves the size of the installation.

before:
398K /bin/udevadm
391K /lib/systemd/systemd-udevd

after:
431K /bin/udevadm
0    /lib/systemd/systemd-udevd -> ../../bin/udevadm

Fixes: #14200
2020-06-01 09:41:21 +02:00