1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

69602 Commits

Author SHA1 Message Date
Yu Watanabe
36013380a9 core/executor: use log level specified in LogLevelMax=
Follow-up for cc9f4cad8c.

Otherwise, still unexpected lines may be logged by executor.
2023-12-24 06:44:03 +09:00
Yu Watanabe
08ba85c71e systemctl: swap cached_id_map and cached_name_map at one more place
Follow-up for 2962a50850.
Fortunately, this does not change any behavior.

Replaces #30601.
Fixes CID#1532831.
2023-12-24 03:41:09 +09:00
Yu Watanabe
d24d9a3786
Merge pull request #30604 from mrc0mmand/test-journal-shenanigans
test: redirect stdout/stderr of TEST-04-JOURNAL to console as well
2023-12-24 03:40:50 +09:00
Yu Watanabe
c4d501d060
Merge pull request #30587 from mrc0mmand/test-stuff
test: slightly extend uid0's coverage
2023-12-24 03:40:22 +09:00
Raito Bezarius
b49595503d networkd: support proxy_arp_pvlan sysctl
The proxy ARP private VLAN sysctl is useful for VLAN aggregation, see
https://sysctl-explorer.net/net/ipv4/proxy_arp_pvlan/ for details.
2023-12-24 03:40:03 +09:00
Yu Watanabe
b6c424a2f2
Merge pull request #30049 from yuwata/assert-return-critical
test: make assert_return() critical by default
2023-12-24 03:39:18 +09:00
Yu Watanabe
b5dd61e3c1 network: use json_variant_append_arrayb()
No functional change, just refactoring and shortening code.
2023-12-23 17:30:54 +00:00
Yu Watanabe
fce9e8a168 log: make assert_return() critical when -Dmode=developer
Triggering assert_return() should be a bug in general, and we should
really fix that.  But, previously, it is hard to notice such bug, as
it was not critical.
This is for making CI or our testing environment fail if we unexpectedly
trigger assert_return(). So, hopefully we can easily find such bugs.
2023-12-24 02:03:30 +09:00
Yu Watanabe
8161f6086e test: make assert_return() critical by default on fuzzer and unit tests
Several test cases intentionally trigger assert_return(). So, to avoid
the entire test fails, this introduces several macros that tentatively
make assert_return() not critical.
2023-12-24 02:02:18 +09:00
Yu Watanabe
93bb67090c log: introduce a knob to make assert_return() critical
These can be used to check if we trigger assert_return()
unexpectedly.

Co-authored-by: Frantisek Sumsal <frantisek@sumsal.cz>
2023-12-24 01:52:26 +09:00
Frantisek Sumsal
addbe898a7 test: make the variable names slightly more descriptive
Follow-up for 5ca8d2474c.
2023-12-23 16:37:30 +01:00
Frantisek Sumsal
7de2118916 test: slightly extend uid0's coverage 2023-12-23 16:37:30 +01:00
Frantisek Sumsal
a6fb61be77 test: make the test actually test
Follow-up for dd25a95763.
2023-12-23 16:37:30 +01:00
Yu Watanabe
354171a5db
Merge pull request #30603 from mrc0mmand/openssl-shenanigans
test/ukify: make the tests happy with OpenSSL 3.2.0+
2023-12-24 00:27:20 +09:00
Frantisek Sumsal
b3ed0808d1 test: redirect stdout/stderr of TEST-04-JOURNAL to console as well
This effectively reverts fa6f37c043 just for TEST-04, as we nuke the
journal repeatedly in this test which makes it particularly hard to
debug. Let's hope the issue behind fa6f37c043 won't bite us back in this
case.

Follow-up for: fa6f37c043
Reverts: 8f7c876bdc
2023-12-23 15:54:51 +01:00
Frantisek Sumsal
eb3cdf49b1 test: don't truncate the final journal
This is no longer necessary, as the test for which this was introduced
in the first place has this handled explicitly (testsuite-04.journal.sh).

Follow-up to 9457dd8bae.
2023-12-23 15:35:08 +01:00
Frantisek Sumsal
4e5984f027 test: make sure the dummy CA certificate is marked as such
With OpenSSL 3.2.0+ this is necessary, otherwise the verification
of such CA certificate fails badly:

$ openssl s_client -CAfile /run/systemd/remote-pki/ca.crt -connect localhost:19532
...
Connecting to ::1
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C=CZ, L=Brno, O=Foo, OU=Bar, CN=Test CA
verify error:num=79:invalid CA certificate
verify return:1
depth=1 C=CZ, L=Brno, O=Foo, OU=Bar, CN=Test CA
verify error:num=26:unsuitable certificate purpose
verify return:1
...
---
SSL handshake has read 1566 bytes and written 409 bytes
Verification error: unsuitable certificate purpose
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 26 (unsuitable certificate purpose)
2023-12-23 13:42:09 +01:00
Frantisek Sumsal
338ed5bea4 ukify: make the test happy with the latest OpenSSL
Which dropped some whitespaces in the output:

$ openssl version
OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023)
$ openssl x509 -in cert.pem -text -noout | grep Issuer
        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd

$ openssl version
OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)
$ openssl x509 -in cert.pem -text -noout | grep Issuer
        Issuer: C = XX, L = Default City, O = Default Company Ltd

Making test-ukify unhappy:

>       assert 'Issuer: CN = SecureBoot signing key on host' in out
E       AssertionError: assert 'Issuer: CN = SecureBoot signing key on host' in '<...snip...>Issuer: CN=SecureBoot signing key on host archlinux2\n...'
2023-12-23 12:32:31 +01:00
Yu Watanabe
24f4144a08
Merge pull request #30600 from dtardon/see-also-simplelist
man: use `<simplelist>` for 'See also' sections
2023-12-23 19:08:31 +09:00
Luca Boccassi
d45ca9a905 man: conditionalize sd-pcrlock and sd-measure on the same variable as their binaries
The binaries are built and installed if HAVE_TPM2 is set, and ignore ENABLE_BOOTLOADER,
so do the same for the manpages.

For the sd-pcrlock case this also installs the manpage aliases for the units, which
are not installed with -Dbootloader=disabled, but there's no way to conditionalize
the aliases, so on balance it's better to have too much documentation rather than
too little.

Fixes https://github.com/systemd/systemd/issues/30588
2023-12-23 18:04:08 +08:00
David Tardon
59b4437973 man: capitalize "also" for consistency
Almost all our man pages write it that way.
2023-12-23 08:28:57 +01:00
David Tardon
13a69c120b man: use <simplelist> for 'See also' sections
This is just a slight markup improvement; there should be no difference
in rendering.
2023-12-23 08:28:57 +01:00
Yu Watanabe
60d52f219e udev: use SD_EVENT_SIGNAL_PROCMASK 2023-12-23 00:32:48 +01:00
Luca Boccassi
bc22b7be0a
Merge pull request #30590 from yuwata/backlight-cleanups
backlight: several cleanups and use dispatch_verb()
2023-12-22 23:35:27 +01:00
Yu Watanabe
bdc79e5fcd TODO: fix typo 2023-12-23 04:49:26 +09:00
Matt Layher
4591eccfc7 network: use varlink for networkctl check_netns_match()
Use varlink to detect networkd's network namespace when executing
networkctl rather than the D-Bus interface.

Signed-off-by: Matt Layher <mdlayher@gmail.com>
2023-12-23 04:25:13 +09:00
Yu Watanabe
f8f59f3280 backlight: split out verb_load() and verb_save(), then use dispatch_verb()
No functional change, just refactoring.
2023-12-23 03:53:28 +09:00
Yu Watanabe
48de55c38c backlight: use WRITE_STRING_FILE_MKDIR_0755 flag on save
No functional change, just refactoring.
2023-12-23 03:53:28 +09:00
Yu Watanabe
78b4ff5df4 backlight: split out read_saved_brightness()
No functional change, just refactoring.
2023-12-23 03:53:28 +09:00
Yu Watanabe
69ba99f9f3 backlight: split out device_new_from_arg()
While at it, this replaces strndupa_safe() with strndup(), as the input
is a user-controlled string.

No functional change, just refactoring.
2023-12-23 03:53:28 +09:00
Yu Watanabe
7135e6291d backlight: split out build_save_file_path()
No functional change, just refactoring.
2023-12-23 03:53:28 +09:00
Yu Watanabe
0e1564a261 backlight: move validity check of max_brightness to get_max_brightness()
Also rename get_max_brightness() -> read_max_brightness() for
consistency with read_brightness().
2023-12-23 03:53:28 +09:00
Yu Watanabe
2b575c0c95
Merge pull request #30585 from YHNdnzj/isatty-handling
various: clean up isatty() handling
2023-12-23 03:19:19 +09:00
Mike Yuan
dd9c8da865
various: clean up isatty() handling
As per https://github.com/systemd/systemd/pull/30547#discussion_r1434371627
2023-12-22 23:06:49 +08:00
Mike Yuan
76270f5c09
terminal-util: introduce isatty_safe that rejects EBADF 2023-12-22 23:06:48 +08:00
Mike Yuan
d3f818fea6
terminal-util: use RET_GATHER more 2023-12-22 23:04:47 +08:00
Luca Boccassi
4f276e97de test: fix check for device in test-execute
The unit actually uses /dev/kmsg, not /dev/kvm

Follow-up for ae7482b994
2023-12-22 15:32:28 +01:00
Luca Boccassi
12b6b3cfd9
Merge pull request #30550 from yuwata/network-nexthop-cleanups-3
network: several cleanups for nexthop (part3)
2023-12-22 10:44:39 +01:00
Yu Watanabe
2962a50850 systemctl: swap cached_id_map and cached_name_map
These are unused or used in the same order. So, this patch does not
change any behavior, just for naming consistency with the function
prototype.

Closes #30570.
2023-12-22 12:34:01 +09:00
Lennart Poettering
c5c74d85d3 networkd: add basic Varlink interface
Let's get networkd onto Varlink. This only adds the most basic of
operations.

I'd love to see networkd do Varlink for all its basic operations so that
networkctl can use that, and work correctly before D-Bus is up. Right
now, many of networkctls calls simply don't work before D-Bus, and I'd
like to see that improved.
2023-12-22 11:54:43 +09:00
Lennart Poettering
8017ed7e0e service: don't try to determine selinux label for socket activation if RootImage= is used
We cannot determine the SELinux label ahead of time if RootImage= is
used, since we'd have to mount the image then, hence don't, and handle
this cleanly, and gracefully.

While we are at it, stop "reaching over" so much from the socket code to
the service code, and instead provide function that most of the hard
work in service.c that socket.c just calls.

While we are at it, add debug logging and stuff.

I noticed the issue when also noticing #30560, but that one is harder to
fix, hence I avoided it for now.
2023-12-22 11:51:51 +09:00
Yu Watanabe
a16335cd17
Merge pull request #30553 from yuwata/network-post-event-source
network: merge two post event sources
2023-12-22 11:50:56 +09:00
Yu Watanabe
4e22097489
Merge pull request #30541 from yuwata/network-address-empty
network/address: make Address= in [Network] support an empty string
2023-12-22 11:50:44 +09:00
Luca Boccassi
eb2afc75e0
Merge pull request #30575 from arthurzam/bash
bash-completion: add some missing options
2023-12-21 23:44:17 +01:00
Lennart Poettering
66f3da245b
Merge pull request #30284 from YHNdnzj/fstab-wantedby-defaultdeps
fstab-generator: disable default deps if x-systemd.{wanted,required}-by= is used
2023-12-21 22:47:54 +01:00
Lennart Poettering
dc6522b18f
Merge pull request #28658 from H5117/enroll_with_ec
cryptsetup: Add support for EC keys in PKCS#11 tokens
2023-12-21 22:45:40 +01:00
Lennart Poettering
aafd495af8
Merge pull request #30547 from poettering/uid0
add new "uid0" command as alternative multi-call interface for systemd-run, as sudo replacement
2023-12-21 22:45:15 +01:00
Daan De Meyer
bacad14f94 Drop /dev test in test-mountpoint-util
Even /dev isn't always guaranteed to be a mount point, so let's drop
this part of the test.
2023-12-22 06:28:01 +09:00
Arthur Zamarin
8546a4af00
bash-completion: add missing option to systemd-confext
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
2023-12-21 23:23:13 +02:00
Arthur Zamarin
bd97ae259d
bash-completion: add missing option to systemd-cgls
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
2023-12-21 23:13:35 +02:00