1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

52528 Commits

Author SHA1 Message Date
Yu Watanabe
0cddb53c85 core/cgroup: fix error handling of cg_remove_xattr() 2021-08-05 03:13:48 +09:00
Yu Watanabe
801cf85935
Merge pull request #20377 from yuwata/network-bridge-fdb-20305
network: always append new bridge FDB entries
2021-08-05 02:44:24 +09:00
Zbigniew Jędrzejewski-Szmek
b176d4d377
Merge pull request #19944 from yuwata/network-radv-introduce-uplink-interface
network: introduce UplinkInterface= in [IPv6SendRA]
2021-08-04 19:36:42 +02:00
Yu Watanabe
4a906586f8 test-network: add a testcase for UplinkInterface= in [IPv6SendRA] 2021-08-04 22:21:00 +09:00
Yu Watanabe
63295b42ae network: introduce UplinkInterface= in [IPv6SendRA] 2021-08-04 22:20:56 +09:00
Yu Watanabe
a254fab20d network: use request queue to configure IPv6 RA engine 2021-08-04 22:19:14 +09:00
Yu Watanabe
2b24292692 network: update comment and man page 2021-08-04 22:19:14 +09:00
Luca Boccassi
57777c9e61
Merge pull request #18567 from Werkov/mkosi-opensuse-v9+
CI for openSUSE Tumbleweed
2021-08-04 11:35:13 +01:00
Yu Watanabe
cca07d910a test-network: add a testcase for vxlan with IPv6 local address 2021-08-04 18:33:23 +09:00
Michal Koutný
3ec4fccb37 ci: Add openSUSE Tumbleweed among tested distros 2021-08-04 11:16:48 +02:00
Michal Koutný
7e5e604393 ci: Detect shell prompt with higher specificity
The current pattern '#' triggers on the openSUSE kernel version that is
printed early during boot when no actual prompt is ready
> [    0.000000] Linux version 5.12.10-1-default (geeko@buildhost) (gcc (SUSE Linux) 11.1.1 20210510 [revision 23855a176609fe8dda6abaf2b21846b4517966eb], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.36.1.20210326-4) #1 SMP Fri Jun 11 05:05:06 UTC 2021 (b92eaf7)

Instead wait for pattern that: a) should have fewer false positives, b)
still be with working on distro shells:

openSUSE (red color)
^[[1m^[[31mimage:~ #^[[m^O

arch
[root@image ~]#

debian
root@image:~#

ubuntu
root@image:~#

fedora
[root@image ~]#
2021-08-04 11:16:48 +02:00
Michal Koutný
2e9055ab6a ci: Do not require network in test images
The current boot test relies on terminal login, therefore network setup
inside image is unnecessary. This opens up possibility to test images
that don't support the network setup via veth devices.
2021-08-04 11:16:48 +02:00
Michal Koutný
7c87fb219e ci: Bump mkosi version to v10
Use mkosi GH action that includes fixes for openSUSE builds. This
enables testing openSUSE builds in CI.
2021-08-04 11:16:48 +02:00
Yu Watanabe
74c1ab841f sd-netlink: always append new bridge FDB entries
This partially reverts 192a9d95ea (#19432).

Fixes #20305.
2021-08-04 18:16:47 +09:00
Yu Watanabe
10e417b3ea network: use address_equal()/route_equal() to compare addresses or routes configured by NDisc
Fixes #20244.
2021-08-04 09:22:38 +01:00
Luca Boccassi
42a45446bb
Merge pull request #20372 from keszybz/veritysetup-help
Document veritysetup syntax
2021-08-04 00:05:28 +01:00
Luca Boccassi
788733428d
Merge pull request #20368 from keszybz/drop-assert-not-reached-text
Drop the text argument from assert_not_reached()
2021-08-03 21:15:25 +01:00
Luca Boccassi
1c32b76996
Merge pull request #20371 from bluca/coverity
Two small coverity fixes
2021-08-03 21:14:31 +01:00
Zbigniew Jędrzejewski-Szmek
d53285d551 man: describe veritysetup command syntax
It makes it easier to diagnose what the generated units actually do.
2021-08-03 16:02:55 +02:00
Zbigniew Jędrzejewski-Szmek
5d5e43cc33 veritysetup: print help for --help/-h/help
In general our commands print help on --help, but here this would trigger
the error that two arguments are needed. Let's make this more user-friendly.
2021-08-03 16:02:54 +02:00
Luca Boccassi
b87dfaa2fa tree-wide: voidify unchecked close_nointr calls
These have ignored the return value forever. Two are public APIs so
we can't really change what they return anyway, and the other one is
a cleanup path and the existing error code is more important.

CID#1461274
CID#1461275
CID#1461276
2021-08-03 15:02:19 +01:00
Luca Boccassi
8954e89195 creds: assert that credential read from file fits in data struct
Coverity CID#1458114
2021-08-03 14:56:28 +01:00
Zbigniew Jędrzejewski-Szmek
9bc0173275 basic/log: use appropriate glyph in log_assert_failed_unreachable()
Per popular demand.
2021-08-03 15:46:21 +02:00
Zbigniew Jędrzejewski-Szmek
04499a70fb Drop the text argument from assert_not_reached()
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.

We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.

Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
2021-08-03 10:05:10 +02:00
Yu Watanabe
c7cfde640d
Merge pull request #20346 from poettering/strlen-unsigned-fix
CONST_MAX() integer size fix
2021-08-03 11:03:29 +09:00
Egor Ignatov
b10abe4bba time-set: adjust system clock if rtc is far in future 2021-08-02 20:33:01 +01:00
Luca Boccassi
f121bd7818
Merge pull request #20352 from poettering/copy-tweaks
various tweaks to copy.c
2021-08-02 20:31:42 +01:00
David Seifert
2b6c0bb2a3 Use correct <poll.h> include
* `<sys/poll.h>` is not specified in POSIX
2021-08-02 17:31:32 +01:00
Lennart Poettering
28ba7e36d0 btrfs-util: expose COPY_SIGTERM for btrfs_snapshot() too 2021-08-02 17:24:23 +02:00
Lennart Poettering
1ac404cac0 copy: add COPY_SIGTERM, matching the existing COPY_SIGINT 2021-08-02 17:24:18 +02:00
Lennart Poettering
864e406256 copy: add COPY_SYNCFS flag
When copying large directory trees it should be a better idea to sync
the whole fs once when we are done instead of individually for each
file, hence add COPY_SYNCFS.

As opposed to COPY_FSYNC/COPY_FSYNC_FULL this only really applies to the
top-level directory, after completion of the whole copy.
2021-08-02 17:24:09 +02:00
Lennart Poettering
06a40b52d9 copy: optionally fsync() files after copying them
As a safety precaution it makes sense to fsync() files after copying
them, and maybe even the directories they are contained in. Let's add a
flag for these two cases.
2021-08-02 17:24:03 +02:00
Lennart Poettering
2f78204498 copy: tighten destination checks when copying files
let's make sure we only operate on regular files when copying files.

Also, make sure to copy file attributes only over if target is a regular
file (so that copying a file to /dev/null won't alter the access
mode/ownership of that device node...)
2021-08-02 17:23:58 +02:00
Lennart Poettering
5c9d961e79 copy: move to single clean-up path
(This might not look like a big improvement, but will shortly, when we
add fsync() support to the copy logic, at which point there are more
error paths we can unify that way.)

While we are at it, tweak a clean-up path: only unlink a copied file if
we are definitely the ones who created them, i.e. if O_EXCL is set.
2021-08-02 17:23:52 +02:00
David Tardon
feac9a1d1b machined-varlink: fix double free
Fixes: #18599
2021-08-02 16:19:17 +01:00
David Seifert
f8d54f7810 Use correct <fcntl.h> include
* `<sys/fcntl.h>` is not specified in POSIX
2021-08-02 14:51:50 +02:00
Lennart Poettering
b98855d90b cryptsetup: unbreak CI build
PR #20176 broke building of the cryptsetup token logic. This wasn't
noticed before the PR was merged, because the only CIs new enough to be
able to build the token logic (the Fedora Rawhide ones) didn't actually
run at all on the PR.

Let's add the missing hookup for the TPM2 PCR bank logic also to the
token module, to make the CI pass again.
2021-08-01 10:43:36 +02:00
Sergei Trofimovich
1da3eef262 coredump/stacktrace.c: avoid crash on binaries without NHDR
Observed as a crash on binaries built with gcc-master:

```
 3  0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0,
    elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157
 4  0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=<optimized out>,
    name=0x5573b901a620 "/a", start=<optimized out>, arg=0x7fffc688f790)
    at ../systemd-stable-249.2/src/coredump/stacktrace.c:306
 5  0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0,
    callback=callback@entry=0x5573b8841eb0 <module_callback>, arg=arg@entry=0x7fffc688f790, offset=offset@entry=0)
    at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86
 6  0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850,
    executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366
 7  coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850,
    ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848)
    at ../systemd-stable-249.2/src/coredump/stacktrace.c:406
 8  0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990,
    input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827
 9  0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041
 10 run (argv=<optimized out>, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416
 11 main (argc=-964101648, argv=<optimized out>) at ../systemd-stable-249.2/src/coredump/coredump.c:1422
```

Happens only on enabled elfutils symbolizer.

Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
2021-07-31 19:17:49 +01:00
Lennart Poettering
e3709627e6 signal-util: fix typo
Noticed by @behrmann: https://github.com/systemd/systemd/pull/20156#discussion_r667451006
2021-07-30 21:55:47 +02:00
Lennart Poettering
c37e0100d8
Merge pull request #20121 from poettering/bootctl-auto
units: run "bootctl update" automatically after boot, to ensure boot loader is regularly updated
2021-07-30 21:36:40 +02:00
Lennart Poettering
7d963260a1
Merge pull request #20172 from poettering/import-util-tweaks
Import-util: URL processing tweaks
2021-07-30 19:05:06 +02:00
Lennart Poettering
ee96d41eba
Merge pull request #20170 from poettering/moar-glyphs
util: define more emoji glyphs
2021-07-30 19:03:59 +02:00
Lennart Poettering
07697bfee6 tpm2-util: auto-detect supported PCR banks
Previously, we'd encode PCR policies strictly with the SHA256 PCR bank
set. However, as it appears not all hw implement those. Sad.

Let's add some minimal logic to auto-detect supported PCR banks: if
SHA256 is supported, use that. But if not, automatically fall back to
SHA1.

This then changes both the LUKS code, and the credentials code to
serialize the selected bank, along with the rest of the data in order to
make this robust.

This extends the LUK2 JSON metadata in a compatible way. The credentials
encryption format is modified in an incompatible way however, but given
that this is not part of any official release should be OK.

Fixes: #20134
2021-07-30 19:03:35 +02:00
Lennart Poettering
adc0733c2c update TODO 2021-07-30 17:19:55 +02:00
Lennart Poettering
71c8bf2837 boot: optionally update sd-boot on boot
Boot loaders are software like any other, and hence muse be updated in
regular intervals. Let's add a simple (optional) service that updates
sd-boot automatically from the host if it is found installed but
out-of-date in the ESP.

Note that traditional distros probably should invoke "bootctl update"
directly from the package scripts whenver they update the sd-boot
package. This new service is primarily intended for image-based update
systems, i.e. where the rootfs or /usr are atomically updated in A/B
style and where the current boot loader should be synced into the ESP
from the currently booted image every now and then. It can also act as
safety net if the packaging scripts in classic systems are't doing the
bootctl update stuff themselves.

Since updating boot loaders mit be a tiny bit risky (even though we try
really hard to make them robust, by fsck'ing the ESP and mounting it only on
demand, by doing updates mostly as single file updates and by fsync()ing
heavily) this is an optional feature, i.e. subject to "systemctl
enable". However, since it's the right thing to do I think, it's enabled
by default via the preset logic.

Note that the updating logic is implemented gracefully: i.e. it's a NOP
if the boot loader is already new enough, or was never installed.
2021-07-30 17:19:55 +02:00
Lennart Poettering
e5a8b4b593 bootctl: tweak "bootctl update" to be a NOP when boot loader is already current and --graceful is given
Previously, the "bootctl update" logic would refrain from downrgading a
boot loader, but if the boot loader that is installed already matched
the version we could install we'd install it anyway, under the
assumption this was effectively without effect. This behaviour was handy
while developing boot loaders, since installing a modified boot loader
didn't require a version bump.

However, outside of the systems of boot loader developers I don't think
this behaviour makes much sense: we should always emphasize doing
minimal changes to the ESP, hence when an update is supposedly not
necessary, then don't do it. Only update if it really makes sense, to
minimize writes to the ESP. Updating the boot loader is a good thing
after all, but doing so redundantly is not.

Also, downgrade the message about this to LOG_NOTICE, given this
shouldn't be a reason to log.

Finally, exit cleanly in this cases (or if another boot loader is
detected)
2021-07-30 16:48:24 +02:00
Lennart Poettering
9554c51425 test: add simple test for import-util 2021-07-30 16:31:24 +02:00
Lennart Poettering
56ce4adafe import-util: tweak url patching helper
let's share some code between import_url_last_component() and
import_url_change_last_component(), and make sure we never eat up the
hostname component of the URL when parsing out the last component.

Let's also make import_url_change_last_component() more generic so that
we can also use it for append components to paths, instead of replacing
suffixes.
2021-07-30 16:23:20 +02:00
Lennart Poettering
30763a32b2 util: add one more helper for generating colored check mark glyphs
This one is useful for a outputs with a slightly more "positive"
outlook, i.e. where only the checkmarks are shown but the crossmarks are
replaced by spaces.

(Usecase: a larger table with many checkmarks, where the red crossmarks
might just be too much negative noise)
2021-07-30 16:18:40 +02:00
Lennart Poettering
bf18f4b671 glyph-util: add three more emojis to emoji list 2021-07-30 16:18:05 +02:00