IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The prototype was static, but the implementation was not. Make both
static, this is otherwise too confusing. (This doesn't actually change
anything, since the prototype decides about this anyway, but it makes
things easier to read.)
While stracing PID1's forking off of children I noticed that every
single forked off child reads cap_last_cap from procfs. That value is a
kernel constant, hence we can save a lot of work if we'd cache it.
Thing is, we actually do cache it, in a thread_local cache field. This
means that the forked off processes (which are considered new threads)
will have to re-query it, even though we already know the result.
Hence, let's get rid of the thread_local stuff (given that the value is
going to be the same for all threads anyway, and we pretty much have a
single thread only anyway). Use an C11 atomic_int instead, which ensures
the value is either initialized or not initialized, but we don't need to
be concerned of partial initialization.
This makes the cap_last_cap reading go away in the children, as strace
shows (since cap_last_cap() is already called by PID 1 before
fork()ing, anyway).
If an assert in systemd fails it can't shut down normally.
By default it freezes. For interactive runs we want the crash shell
to enable further debugging, but during test runs we want it to exit
without having to wait for the test timeout.
By deactivating the crash shell, enabling reboot, and configuring qemu
so that it shuts down instead of rebooting we can shut down instead.
Because by default UEFI will enroll keys and then reboot
we also have to set --qemu-firmware-variables=custom
so it doesn't need to auto-enroll.
Because mkosi has to handle not receiving an EXIT_STATUS notification
it falls back to the exit code of qemu, which in the case of reboot
would be 0, we also override the success exit status to 123
and check that we got that as an exit code from mkosi.
I cannot find any RFC that states we should not send multiple route
prefix or pref64 options that have intersection with others.
Moreover, each route prefix option has preference field, thus, user may
want to send e.g. a prefix with the normal preference, and another sub
prefix with the high preference. Previously, such configuration was
prohibited. Let's allow that now.
As the caller may want to update multiple prefixes and friends.
Let's not automatically announce on update in library side.
Currently, only prefix is updated during running. Hence, this does not
change any effective behavior.
With 1df4b21abd we started to default to
enrolling into the LUKS device backing the root fs if none was specified
(and no wipe operation is used). This changes to look for /var/ instead.
On most systems /var/ is going to be on the root fs, hence this change
is with little effect.
However, on systems where / and /var/ is separate it makes more sense to
default to /var/ because that's where the persistent and variable data
is placed (i.e. where LUKS should be used) while / doesn't really have
to be variable, could as well be immutable, or ephemeral. Hence /var/
should be a safer default.
Or to say this differently: I think it makes sense to support systems
with /var/ being on / well. I also think it makes sense to support
systems with them being separate, and /var/ being variable and
persistent. But any other kind of system I find much less interesting to
support, and in that case people should just specify the device name.
Also, while we are at it, tighten the checks a bit, insist on a dm-crypt
+ LUKS superblock before continuing.
And finally, let's print a short message indicating the device we
operate on.
When we fail to add an entry to a journal file, typically when the file
is full or corrupted, it is not necessary to rotate other journal files.
Not only that's unnecessary, rotating all journal files allows
unprivileged users to wipe system or other user's journals by writing
many journal entries to their own user journal file.
Let's rotate all journal files only when
- it is really requested by a privileged user (e.g. by journalctl --rotate), or
- the system time jumps backwards.
And, otherwise rotate only the journal file we are currently writing.
Doing this in reset_terminal_fd() is a bit too invasive, see
https://github.com/systemd/systemd/pull/32406#issuecomment-2070923583.
Let's only do this for /dev/console so that we work around weird firmwares
disabling line-wrapping, but avoid messing too much with other things.
While we're at it, let's handle more than just line wrapping, and do a
more general reset of stuff to get the terminal into a sane state.