IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We had several users, that wrote their unit files with
WantedBy=default.target because it should be started "every time".
But for example in Fedora/CentOS/RHEL, this often breaks for
example selinux relabels (where we just want to do a relabel and reboot).
(cherry picked from commit 67b6404b80cf8078f3d9ec6d4c2f34ac25b15077)
bpftrace nudges the Fedora Rawhide images towards compiler-rt18 while the
sanitizer builds pull in clang19, leading to the sanitizer libraries
not being found at runtime. Let's drop bpftrace for now so that compiler-rt19
is pulled in in the main image.
(cherry picked from commit d98b6c66ffaccbef1c86fc729f2f9601bfb02fd5)
systemd built with sanitizers is installed in subimages and tools
might get invoked in postinstall scripts so we have to disable ASAN
in the subimages as well during the image build.
(cherry picked from commit 345a4fcbb6ed16ab19d0d5b0c7344e5cdfe29efd)
The latest clang has started catching more integer promotions which
cause us to pass the wrong type to printf() format specifiers so let's
fix those.
(cherry picked from commit c73d14c43e7998ca54011875ad25afc634d57498)
We don't support "split /usr" systems anymore, hence no point in
mentioning /bin/ anymore as being part of the binary search path.
(cherry picked from commit f39e66b85a4a97818a618758e34019d052aeb772)
So far we supported this syntax:
ExecStart=foo ; bar
as equivalent to:
ExecStart=foo
ExecStart=bar
With this change we'll "soft" deprecate the first syntax. i.e. it's
still supported in code, but not documented anymore.
The concept was originally added to make things easier for 3rd party
.ini readers, as it allowed writing unit files with a .ini framework
that doesn't allow multiple assignments for the same key. But frankly,
this is kinda pointless, as so many other of our knobs require the
double assignment.
Hence, let's just stop advertising the concept, let's simplify the docs,
by removing one entirely redundant feature from it.
Replaces: #34570
(cherry picked from commit 225f18b9a9d39331ea862478ab2ff893678e249d)
Let's systematically use RTL_NOW|RLTD_NODELETE as flags passed to
dlopen(), across our codebase.
Various distros build with "-z now" anyway, hence it's weird to specify
RTLD_LAZY trying to override that (which it doesn't). Hence, let's
follow suit, and just do what everybody else does.
Also set RTLD_NODELETE, which is apparently what distros will probably
end up implying sooner or later anyway. Given that for pretty much all
our dlopen() calls we never call dlclose() anyway, let's just set this
everywhere too, to make things systematic.
This way, the flags we use by default match what distros such as fedora
do, there are no surprises, and read-only relocations can be a thing.
Fixes: #34537
(cherry picked from commit bd4beaa2ebfbbec0a1263a7091a91e528ce8cf13)
For compiling bpf code, the system include directory needs to be
constructed. On Debian-like systems, this requires passing a multiarch
directory. Since clang's -dump-machine prints something other that the
multiarch triplet, gcc was interrogated earlier, but that also yields a
wrong result for cross compilation and was thus skipped resulting in
clang not finding asm/types.h.
Rather than, -dump-machine we should ask for -print-multiarch (which
rarely differs). Whenever gcc is in use, this is right (even for cross
building). Since clang does not support -print-multiarch and its
-dump-machine never matches Debian's multiarch, we resort to asking gcc
when building natively. For cross builds using clang, we are out of
luck.
(cherry picked from commit 608009dc6218f7c41420f665586f2449b64a08f7)
On upgrades, only the %postun scriptlets of the old package version
run. This means that any changes related to restarting daemons require
two releases before they're actually used.
%postun is used because it runs after the old package has been removed,
which is important as it means any lingering dropins from the old package
will have been removed as well.
To allow deploying fixes in just a single release while still running after
the old package has been removed, let's introduce %posttrans versions of these
scriptlets as %posttrans of the new package runs on upgrade and install after
the old package has been removed.
(cherry picked from commit 9fd8a9dffe9b8f29da52e4e1481926bceed5ce6c)
Just to tighten the language a bit, why people should care about where
they place their inodes.
(cherry picked from commit 5b53894123b9d01f5738b02befd4189625c5451f)
(And specifically mention /usr/include + /var/spool as not covered here,
but being OK to add downstream)
(cherry picked from commit fd6e079e7b296696028c161224d2a86fce70726f)
Today it seems this is mostly used by mail and printer servers, and it's
not clear to me at all what the property is that makes
/var/spool/<package> the better place for the relevant data than
/var/lib/<package>.
Hence, in the interest of shortening the spec, let's not mention the dir
anymore. In particular as the dir really isn't used by us much, for
example we do not have a counterpart for RuntimeDirectory=,
StateDirectory=, … that would cover the spool.
Since most systems these days we care about probably come *without* a
printer or mail server, let's maybe no mention this in the man page that
is supposed to discuss the rough skeleton how things are set up. After
all, people are supposed to exend the skeleton with their stuff, and
this sounds more like a case for an extension of the skeleton instead of
being considered part of the skeleton itself.
(cherry picked from commit b0201b36d2e0181d08530aaad496322812c4e77e)
The man page is supposed to provide a "generalized, though minimal and
modernized subset" (as per introductory pargapraghs), from a systemd
perspective. But the thing is that /usr/include/ really doesn't matter
to us. It's a development thing, and slightly weird (because it arguably
would be better places in /usr/share/include/ or so). It's not going to
be there on 95% of deployed systems, and we really don't want people to
bother with it on such systems.
We only define the skeleton of directories in this document, and it's
expected that people extend it, and I think this really should be one of
those dirs that is an extension of our skeleton, but not part of the
skeleton, if that makes any sense.
(cherry picked from commit 9e7b691073922433a71cf49dcaaf7f9f61f58e6d)
Every services and containers should be able to protect their users and
limit the impact of security bugs thanks to the security syscalls
provided by seccomp and Landlock. The goal of these syscalls is to
improve security with additional restrictions. They are designed to be
safely used by unprivileged (and then potentially malicious) users.
Remove the now-redundant "seccomp" entry for nspawn.
(cherry picked from commit e9966634754b8c9ee3f3c579f25d938e185c282e)
Somebody wrapped the text, but whitespace is preserved in <programlisting>, so
the output was mangled. It also doesn't make sense to run systemd-path as root
(as indicated by '#'), so drop that. Also, this chunk should be a separate
paragraph.
(cherry picked from commit 1ca81b2e005ccef6e9ddf06c3e3441bae0a6e1d5)
I encountered this race condition while working on TEST-13-NSPAWN.varlinkctl.sh.
The long-running machine's init script sometimes does not have time to start and
register signals. As result, occasiounally failed tests.
(cherry picked from commit e826a8bed447f3b3f9ad487f96ab7f8c7620c75b)
Verity= is an image build concept, not a first boot concept, whereas
a partition designator is always available, so let's do the size stuff
based on that.
(cherry picked from commit e11745d000d7e9b3112bb336735c1bdfa77e9add)
Different device paths may resolve to same device node
(lookup_block_device()), e.g.
IOReadBandwidthMax=/dev/sda1 18879
IOReadBandwidthMax=/dev/sda2 18878
where both partitions resolve to /dev/sda and when these values are
applied (they are associated with original paths, i.e. as if applied for
different device) in the order from io_device_limits.
The parsing code prepends, so they end up in reverse order wrt config
file. Switch the direction so that the order of application matches the
order of configuration -- i.e. semantics in all other unit file
directives.
Apply same change to all directives that use per-device lists. (The
question whether partitions should be resolved to base device is
independent.)
And apply the changes equally to DBus properties write handlers.
Fixes#34126
(cherry picked from commit 0fa0dfa04465651a18107d503f9967f84bd761d1)
When removing a cgroup in unit_prune_cgroup(), read IO metrics to cache
them similar to the existing treatment of the CPU and memory usage data.
Note that we do not do this for the IP metrics as the firewall objects
are only destroyed in unit_free() and thus stay alive long enough to
be read out directly by all interested parties.
Fixes#26988.
(cherry picked from commit 17bbdefd8c49617d7596bbf708c818a9773a9b44)
The name of the parameter is misleading and it does not save us much
work because it is not used during regular unit property queries.
It is only used during unit_log_resources(), and the cgroup is already
dead by that point so it won't be read anyway.
(cherry picked from commit a0020ad84bb092fc72cde7dca5784a0a4e613fd7)
We generally do _not_ want the same sysexts to be loaded in both initrd and
exitrd phases. The environment is completely different and it's unlikely that
the same code can be useful in both places. Nevertheless, it can be useful in
_some_ cases, for example when the sysexts contains debugging tools.
I think we don't need to differentiate between initrds and exitrds through
SYSEXT_SCOPE, because the two types are made available in completely different
locations and loaded through a different mechanism, with very little chance of
an initrd being loaded as an exitrd without an explicit admin action (or the
other way around). So let's not complicate our code or definitions by an
explicit "exitrd" sysext designator, but just clarify that "initrd" also
encompasses exitrds in this context.
(cherry picked from commit 7352a0093f4ef96c361be22337cde3296d79da01)
The concept is fairly well established and present in our docs in various
places.
Say that the exitrd is also marked by the presence of /etc/initrd-release.
(cherry picked from commit ace26a511ff63dbc15f1b2b0b941cbd3294a288c)
This allows hacking on systemd without installing any build
dependencies except mkosi on the host machine.
(cherry picked from commit 6d862a9dc08285fffb9da29055235b5c9935dcf8)
dbff64ddf06f64ab94bd314df27d6c089b75de52 bumped the hash to
a commit after 24.3, so let's tell the users that 25~devel is
the minimum required.
(cherry picked from commit 3a157e7cb4b1ec6fb822a014d67161ecfee546a2)
When a network is busy, an ARP may be received before the timer event
source triggered first time.
Fixes#34489.
(cherry picked from commit 146b44d0a0001712ced2f22ca76d242eedac26ad)
Various tests skip themselves when running in a container so make
sure the test runs in a virtual machine so we get full coverage.
(cherry picked from commit f4faac20730cbb339ae05ed6e20da687a2868e76)
This breaks TEST-74-AUX-UTILS when run in a VM as the user gets access
to journal files that the test expects it can't access.
(cherry picked from commit 1d5b4317cd0140c043495f946e5352b188f3bec0)
