1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

49001 Commits

Author SHA1 Message Date
Evgeny Vereshchagin
9b25429cb4 GH Actions: switch to main
It's just a follow-up to https://github.com/systemd/systemd/issues/16834
2021-01-21 16:28:02 +01:00
corvusnix
fee6441601
hwdb: add Medion Akoya E2228T MD61900 (#18317)
Add a model-specific entry for Medion Akoya E2228T MD61900 accelerometer to 60-sensor.hwdb so the orientation is detected correctly.
2021-01-21 09:21:50 +01:00
Zbigniew Jędrzejewski-Szmek
fc9b937b44
Merge pull request #18327 from benzea/benzea/libfprint-autosuspend-hwdb
Pull libfprint autosuspend hwdb
2021-01-21 09:09:34 +01:00
Yu Watanabe
33f7b61ca5
Merge pull request #18329 from poettering/notify-chroot
chroot/sd_notify() fixes
2021-01-21 13:16:59 +09:00
Lennart Poettering
9807fdc1da varlink: make 'userdata' pointer inheritance from varlink server to connection optional
@keszybz's right on
https://github.com/systemd/systemd/pull/18248#issuecomment-760798473:
swapping out the userdata pointer of a live varlink connection is iffy.

Let's fix this by making the userdata inheritance from VarlinkServer
object to the Varlink connection object optional: we want it for most
cases, but not all, i.e. all those cases where the calls implemented as
varlink methods are stateless and can be answered synchronously. For the
other cases (i.e. where we want per-connection objects that wrap the
asynchronous operation as it goes on) let's not do such inheritance but
initialize the userdata pointer only once we have it. THis means the
original manager object must be manually retrieved from the
VarlinkServer object, which in turn needs to be requested from the
Varlink connection object.

The userdata inheritance is now controlled by the
VARLINK_INHERIT_USERDATA flag passed at VarlinkServer construction.

Alternative-to: #18248
2021-01-21 07:31:58 +09:00
Yu Watanabe
4723205968
Merge pull request #18311 from poettering/sysext-fixups
sysext: post-merge fixups
2021-01-21 07:20:04 +09:00
Lennart Poettering
fe239c7d7d portabled: update profiles to current semantics
MountAPIVFS= implicitly mounts /run as tmpfs now, no need to do this
explicitly.

The notification socket is now implicitly mounted too, if NotifyAccess=
and RootImage=/RootDirectory= are used together.
2021-01-20 22:39:53 +01:00
Lennart Poettering
09872a6e1a man: document how get logging to work in a RootDirectory=/RootImage= environment
Fixes: #18051
2021-01-20 22:39:33 +01:00
Lennart Poettering
3bdc25a4cf core: make NotifyAccess= in combination with RootDirectory=/RootImage= work
Previously if people enabled RootDirectory=/RootImage= and NotifyAccess=
together, things wouldn't work, they'd have to explicitly add
BindReadOnlyPaths=/run/systemd/notify too.

Let's make this implicit. Since both options are opt-in, if people use
them together it would be pointless not also defining the
BindReadOnlyPaths= entry, in which case we can just do it automatically.

See: #18051
2021-01-20 22:39:07 +01:00
Benjamin Berg
b25e76eada hwdb: Pull autosuspend rules from upstream libfprint
libfprint includes a list of known fingerprint readers that can be
autosuspended. Upstream libfprint generates this file from the USB IDs
registered to drivers and a list of well-known readers that are
currently unsupported.

Closes: #17663
2021-01-20 22:14:23 +01:00
Luca Boccassi
7504f599e1
Merge pull request #18325 from ssahani/more-cleanup
Tree wide various cleanup
2021-01-20 20:48:18 +00:00
Yu Watanabe
4dbc0be2e5 udev/cdrom_id: re-enable logging related functions
The logging related functions are mistakenly located in main() by
a084b38789, and dropped by
23afa884d4.
2021-01-20 18:31:10 +00:00
Lennart Poettering
301265ea10 man: document recent systemd-sysext interface changes 2021-01-20 17:50:23 +01:00
Lennart Poettering
8de42cb461 sysext: add --force swich for forcibly ignoring version incompatibilities 2021-01-20 17:50:23 +01:00
Lennart Poettering
8662fcbcf1 sysext: rework command line interface to be verb-based
As suggested by @yuwata:

https://github.com/systemd/systemd/pull/18181#pullrequestreview-570826113
2021-01-20 17:50:23 +01:00
Lennart Poettering
9901835d80 sysext: split version validation logic into function of its own
Just some simple refactoring to simplify the logic.
2021-01-20 17:44:53 +01:00
Lennart Poettering
1f3707aeea sysext: use log_setup_cli() 2021-01-20 17:44:53 +01:00
Yu Watanabe
888f65ace6 path-util: simplify check_x_access()
Follow-up for ece852c845.

This addresses the following comments by the Lennart:
---
hmm, so this now does two access() calls for the case where the fd is
not requested, and opens things up for races (theoretically, …). now,
the access() code path was in place for optimization, but if an optimization
is less sexy than the original (and i think it is less sexy, since more
than one syscall, and non-atomic), i think we shouldn't do the optimization.

maybe we should just always use open(O_PATH) now, and then fstat() it to
check if regular file, and then access_fd() it for checking if its executable.
2021-01-20 17:43:36 +01:00
Luca Boccassi
aac5fbff0b sysext: install in rootbindir, remove template from unit
This reverts commit 71ad75f306.
2021-01-20 15:25:03 +01:00
Susant Sahani
cecaba2003 btrfs-util: tighten variable scope used in loop 2021-01-20 15:14:30 +01:00
Susant Sahani
a67f102e79 analyze: tighten variable scope used in loop 2021-01-20 15:13:24 +01:00
Susant Sahani
c2484a7514 sd-event: Use hashmap_ensure_put 2021-01-20 15:13:21 +01:00
Susant Sahani
f656fdb623 sd-event: Use hashmap_ensure_put 2021-01-20 15:13:18 +01:00
Susant Sahani
639deab187 sd-device: Use TAKE_PTR 2021-01-20 15:13:13 +01:00
Susant Sahani
e8480482ca sd-device: Use hashmap_ensure_put 2021-01-20 15:13:08 +01:00
Susant Sahani
875038d5fe udev-rules: use ordered_hashmap_ensure_put 2021-01-20 15:13:02 +01:00
Susant Sahani
0c7bd7ecbd network: networkd-network use TAKE_PTR 2021-01-20 15:09:26 +01:00
Susant Sahani
6de530f2b8 network: Use hashmap_ensure_put 2021-01-20 15:09:20 +01:00
Susant Sahani
9b1fd1f55b network: ndisc - Use ordered_set_ensure_put 2021-01-20 15:09:14 +01:00
Susant Sahani
32ae5db60a machine: Use hashmap_ensure_put 2021-01-20 15:09:09 +01:00
Susant Sahani
9a8d1b455b logind: Use hashmap_ensure_put 2021-01-20 15:09:03 +01:00
Susant Sahani
8231485bc5 journal: Use cleanup_free 2021-01-20 15:08:59 +01:00
Susant Sahani
faa7e5a43b Journal: Use hashmap_ensure_put 2021-01-20 15:08:30 +01:00
Dan Streetman
23afa884d4 udev: use DEFINE_MAIN_FUNCTION in cdrom_id
This was failing s390x ubuntu ci due to an old version of binutils;
the binutils package in use for ubuntu ci tests has been updated and
the build no longer fails, so this can use the macro again.

Fixes: #18165
2021-01-20 08:31:47 +00:00
Lennart Poettering
741bfd7f4e tree-wide: ignore messages with too long control data
Apparently SELinux inserts control data into AF_UNIX datagrams where we
don't expect it, thus miscalculating the control data. This looks like
something to fix in SELinux, but we still should handle this gracefully
and just drop the offending datagram and continue.

recvmsg_safe() actually already drops the datagram, it's just a matter
of actually ignoring EXFULL (which it generates if control data is too
large) in the right places.

This does this wherever an AF_UNIX/SOCK_DGRAM socket is used with
recvmsg_safe() that is not just internal communication.

Fixes: #17795
Follow-up for: 3691bcf3c5
2021-01-20 14:05:45 +09:00
Zbigniew Jędrzejewski-Szmek
6eab0c6dba Revert "test-functions: make sure we test our own libudev instead of the host libudev"
This reverts commit 73484ecff9.

3976f372ae moved libudev.so to be built in the
main directory, so this addition to $LD_LIBRARY_PATH is now obsolete.

After that commit, we build the following shared libraries:

build/libnss_myhostname.so.2
build/libnss_mymachines.so.2
build/libnss_resolve.so.2
build/libnss_systemd.so.2
build/libsystemd.so.0.30.0
build/libudev.so.1.7.0
build/pam_systemd.so
build/pam_systemd_home.so
build/src/boot/efi/stub.so
build/src/boot/efi/systemd_boot.so
build/src/shared/libsystemd-shared-247.so

EFI stubs don't matter, and libsystemd-shared-nnn.so is loaded through rpath,
and is doesn't need to and shouldn't be in $LD_LIBRARY_PATH. In effect, we only
ever need to add the main build directory to the search path.
2021-01-20 14:04:52 +09:00
Lennart Poettering
e327382877 markdown: fix comment
Follow-up for 2d816c9804
2021-01-19 22:26:35 +01:00
Lennart Poettering
2d816c9804 markdown: suggest backticks around uname -a output
Fixes: #18238
2021-01-19 22:24:05 +01:00
Lennart Poettering
a631cbfae3 execute: for processes where creds logic is turned off, don't pass creds path to namespace logic
Otherwise, the namespace logic will try to mount a dir that doesn't
actually exist.

Fixes: #18116
2021-01-19 20:03:42 +01:00
Lennart Poettering
f6c9a7ab93
Merge pull request #18307 from poettering/import-verity-download
importd: when downloading raw image, also download .roothash.p7s and .verity along with it
2021-01-19 20:02:34 +01:00
Lennart Poettering
ac71ece3c6 import: refactor how we do gpg validation
Let's split out the actual gpg logic into a helper function, so that we
can add alternative validations later on.
2021-01-19 18:29:59 +01:00
Lennart Poettering
133b34f69a import: optionally pull .verity + .roothash.p7s data when downloading
We already had support for downlading a .nspawn and a .roothash file,
let's make the set complete, and also download .verity + roothash.p7s if
it exists, as nspawn consumes that.

Since there are now four kinds of additional resources to acquire, let's
introduce a PullFlags flags value for this instead of separate 'bool'
variables, it's just too many to always pass those around on the
function parameter list.
2021-01-19 18:29:59 +01:00
Lennart Poettering
6792cbbcf8 import: ignore non-successful HTTP codes for collecing image metadata
Previously we'd collect the data from redirects too, which wasn't
particularly terrible, since these typically don't carry the data we
were interested in, but it's still incorrect to do so.
2021-01-19 18:29:59 +01:00
Lennart Poettering
8dc0291c0d import: turn on HTTP logging in debug mode 2021-01-19 18:29:59 +01:00
Lennart Poettering
273cb07d1b import: small memory management simplification 2021-01-19 18:29:59 +01:00
Lennart Poettering
8bc3f0b89f import: reset PullJob properly
Properly reset all fields that have to do with the current GET job when
we restart things. Previously we freed/reset only some stuff, leaking
some memory even.
2021-01-19 18:29:59 +01:00
Lennart Poettering
f14717a7e2 import: rework how verification works
Previously the PullJob object took internal care of rerequested the
SHA256SUMS file, if requesting <image>.sha256 didn't work. This was a
weird a non-abstraction only used when actually getting the checksum
files.

Let's move this out of the PullJob, so that it is generic again, and
does roughly the same stuff for all resources it is used for: let's
define a generic .on_not_found() handler that can be set on a PullJob
object, and is called whenever with see HTTP 404, and may be used to
provide a new URL to try if the first didn't work.

This is also preparation for later work to support PKCS#7 signatures
instead of gpg signatures, where a similar logic is needed, and we thus
should have a generic infrastructure place.

This gets rid of the VerificationStyle field in the PullJob object:
instead of storing this non-generic field we just derive the same
information from the URL itself, which is safe, since we generated it
ourselves earlier.
2021-01-19 18:29:59 +01:00
Lennart Poettering
c20307fd34 import: use TAKE_PTR() where available 2021-01-19 18:29:59 +01:00
Lennart Poettering
c6cb8daf72 import: make scope of variable smaller 2021-01-19 18:29:59 +01:00
Lennart Poettering
7d41de2e94 import: comment indent fix 2021-01-19 18:29:59 +01:00