1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

52853 Commits

Author SHA1 Message Date
Jan Janssen
54af753f3a sd-boot: Fix marking EFI var default entry
Fixes: #18072
2021-08-17 13:49:22 +02:00
Lennart Poettering
7a6abbe937 env-util: add unsetenv_erase() helper
Let's unify how we remove secrets from the env block.
2021-08-17 13:17:44 +02:00
Lennart Poettering
8b474a437c
Merge pull request #20420 from poettering/import-beef-up
import: modernizations, and various additions
2021-08-17 11:53:18 +02:00
Lennart Poettering
1c926126ce import: drop some now unused functions from import-common.c 2021-08-17 10:09:17 +02:00
Lennart Poettering
23851640b8 docs: document how to turn off btrfs quota support in importd
Fixes: #18421 #15903
2021-08-17 10:09:13 +02:00
Lennart Poettering
7ade22c79b import-fs: make various options controllable via cmdline/env var
This basically does what the previous two commits did for systemd-import
+ systemd-pull but for systemd-import-fs.

This commit is a bit simpler though, as a --direct mode doesn't change
that much. It's mostly about not searching for existing, conflicting
images and not much else.
2021-08-17 10:09:09 +02:00
Lennart Poettering
c40d82abf7 pull: add --direct mode + make various eatures optional + explicit checksum verification
This does what the previous commit did for systemd-import the same way
for systemd-pull.

It also adds one more thing: the checksum validation is extended, in
addition of doing SHA256SUMS/gpg verification it is now possible to
immediately specify a hash value on the command line that the download
needs to match. This is particularly useful in --direct mode as we can
download/decompress/unpack arbitrary files and check the hash of the
downloaded file on-the-fly.
2021-08-17 10:09:04 +02:00
Lennart Poettering
d32a5841fb import: add new "--direct" mode + add controls for turning certain features on/off
This reworks/modernizes the tar/raw import logic and adds the following
new features:

- Adds the ability to control btrfs subvol and quota behaviour which was
  previously always on via an env var and cmdline arg

- Adds control whether to sync() stuff after writing it, similar via env
  var + cmdline arg

- Similar, the QCOW2 unpacking logic that was previously the implied
  default may now be controlled via env var + cmdline arg.

- adds a "direct" mode. In this mode, the systemd-import tool can be
  used as a simple tool for decompressing/unpacking/installing arbitrary
  files, without all the additional meta data and auxiliary resources,
  i.e.  outside of the immediate disk image context. Via the new
  --offset= and --size-max= switches the downloaded data can be written
  to specific locations of a file (which is particularly useful to use
  the tool to download fs images and write them to a partition location
  before actually creating the partition).

We'll later use the latter feature for "sysupdate" concept, where images
can be directly be written to partitions. That way the systemd-import
binary will be used as backend for both "systemd-importd" and
"systemd-sysupdate" and share most of the same code.
2021-08-17 10:08:58 +02:00
Lennart Poettering
235be6bcea shared: add generic helper tools for installing files/dir trees
This adds a bit of generic helper tools for installing files/dir trees.
"installing" is supposed to mean the final step when preparing a disk
image or directory tree, where the result is renamed to its final name.
It has some bells and whistles, as it is able to replace existing files
sanely, can fsync() things carefully and can mark things read-only in a
nice way.

This is supposed to be generic, unified code that can be used eventually
for any of our tools that prepare disk images/directory trees, including
importd, nspawn's --template= mechanism, the discover-image.c logic,
and more.
2021-08-17 10:08:48 +02:00
Gustavo Costa
78c23b065f po: Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: Gustavo Costa <xfgusta@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pt_BR/
Translation: systemd/main
2021-08-17 09:30:29 +02:00
Yu Watanabe
6f795ad2e2
Merge pull request #20450 from yuwata/ethtool-cleanups
ethtool: trivial cleanups
2021-08-17 05:22:40 +09:00
Yu Watanabe
7c58ee5f8c
Merge pull request #20443 from yuwata/network-conf-parser-cleanups
network: conf parser cleanups
2021-08-17 02:42:27 +09:00
Geass-LL
7dbd330c7e unit: coldplug both job and nop_job if possible
Sometimes, both job and nop_job are deserialized. In this case,
if we only cold plug the job, the nop_job will also stuck in the
job list.
2021-08-17 02:41:04 +09:00
Yu Watanabe
aa10fa8d3a
Merge pull request #20442 from yuwata/network-can-introduce-many-settings
network: introduce several CAN interface related settings
2021-08-17 02:40:32 +09:00
Maxime de Roucy
d419ef0243 network: add address label on dhcpv4
Fixes: #13967
2021-08-17 02:40:18 +09:00
Tom Yan
17a6a4ae2e network: allow users to forbid passthru MACVLAN from putting its link into promiscuous mode
While we haven't implemented a key for users to set MACVLAN/MACVTAP flags,
we can at least allow them to make use of the Promiscuous= key of
the corresponding link to set the nopromisc flag.
2021-08-16 17:26:59 +01:00
Yu Watanabe
c2f2250e5c ethtool: make ethtool_set_features() return earlier when nothing is requested 2021-08-17 00:49:01 +09:00
Yu Watanabe
0db68800c7 ethtool: make the size of 'features' array static 2021-08-17 00:48:18 +09:00
Yu Watanabe
80e41a68d6 man: address label can be set only for IPv4 addresses 2021-08-16 22:56:30 +09:00
Jan Janssen
64bb56e58b sd-boot: Allow automatic entries to be default 2021-08-16 15:52:15 +02:00
Jan Janssen
730b719406 sd-boot: Improve selection of initial entries to show 2021-08-16 15:52:09 +02:00
Lennart Poettering
682f952cd7
Merge pull request #20438 from medhefgo/boot
sd-boot: Better self-detection and windows loader title
2021-08-16 15:35:08 +02:00
Yu Watanabe
b164b570b4 network: can: allow to specify bit-timing with TimeQuantaNSec= and friends
Closes #19424 and #20435.
2021-08-16 22:30:38 +09:00
Yu Watanabe
817561cc60 network: SamplePoint= should be specified only when BitRate= is specified
See can_get_bittiming() in drivers/net/can/dev/bittiming.c of kernel.
2021-08-16 18:54:01 +09:00
Yu Watanabe
239f91f71c network: can: make Termination= optionally take a raw resistor value
Note that this slightly breaks backward compatibility when
Termination=1. Previously, this is handled as boolean true, then 120 ohm
was used. But now with this commit, it is handled as 1 ohm.
2021-08-16 18:52:24 +09:00
Yu Watanabe
6dd84c9e86 network: can: add missing control modes 2021-08-16 18:42:48 +09:00
Yu Watanabe
f1c141cb82 network: can: introduce config_parse_can_control_mode() 2021-08-16 18:42:48 +09:00
Yu Watanabe
0fa2984dad network: can: refuse too large restart sec earlier 2021-08-16 18:42:45 +09:00
Jan Janssen
4a59f399c9 sd-boot: Detect windows boot loader title from BCD 2021-08-16 10:51:02 +02:00
Jan Janssen
43ee1fe086 sd-boot: Add memmem_safe and memory_startswith 2021-08-16 10:50:58 +02:00
Jan Janssen
12450f2e77 sd-boot: Try harder to detect ourselves
By moving our magic string into its own PE section, we can forego
grepping for it.
2021-08-16 10:49:18 +02:00
Jan Janssen
1328150d85 sd-boot: Fix PE section parsing
We only need the PE header offset from the DOS header, not
its size. Previously, the section table could be cut off in the middle.

While we are at it, also modernize the remaining code.
2021-08-16 10:49:12 +02:00
Yu Watanabe
b40b8b06cb network: check validity before copying the input string
Prompted by https://github.com/systemd/systemd/pull/20440#discussion_r689136337.
2021-08-16 13:48:15 +09:00
Yu Watanabe
634815762d network: rebreak conf parser arguments 2021-08-16 12:54:09 +09:00
Yu Watanabe
952508abda network: can: move function 2021-08-16 01:07:06 +09:00
Yu Watanabe
4931217a67 basic/linux: update linux uapi headers 2021-08-16 01:07:06 +09:00
Milo Turner
d64441b669 Don't open /var journals in volatile mode when runtime_journal==NULL 2021-08-13 21:43:59 +02:00
Yu Watanabe
8908ceb7a8
Merge pull request #20432 from yuwata/network-recreate-stacked-netdevs
network: recreate stacked netdevs when underlying device is re-added
2021-08-13 17:31:28 +09:00
Jan Janssen
702d40270a meson: Make unused-function an error 2021-08-13 09:23:45 +02:00
Steven Siloti
8a33aa199d resolved: retry on SERVFAIL before downgrading feature level
The SERVFAIL RCODE can be generated for many reasons which may not be related
to lack of feature support. For example, the Stubby resolver generates
SERVFAIL when a request times out. Such transient failures can cause
unnecessary downgrades to both the transaction and the server's feature level.
The consequences of this are especially severe if the server is in DNSSEC
strict mode. In this case repeated downgrades eventually cause the server to
stop resolving entirely with the error "incompatible-server".

To avoid unnecessary downgrades the request should be retried once with the
current level before the transaction's feature level is downgraded.
2021-08-13 09:23:12 +02:00
Lennart Poettering
d8151fb949
Merge pull request #20233 from maanyagoenka/log-error
systemd-analyze: add option to return an error value when unit verification fails
2021-08-13 09:22:48 +02:00
Lennart Poettering
2c3735d6ba
Merge pull request #20350 from medhefgo/boot
Grab bag of sd-boot improvements
2021-08-13 09:22:12 +02:00
Maanya Goenka
3cc3dc7736 systemd-analyze: option to exit with an error when 'verify' fails
The commit introduces a callback invoked from log_syntax_internal.
Use it from systemd-analyze to gather a list of units that contain
syntax warnings. A new command line option is added to make use of this.

The new option --recursive-errors takes in three possible modes:

1. yes - which is the default. systemd-analyze exits with an error when syntax warnings arise during verification of the
	 specified units or any of their dependencies.
3. no - systemd-analyze exits with an error when syntax warnings arise during verification of only the selected unit.
	Analyzing and loading any dependencies will be skipped.
4. one - systemd-analyze exits with an error when syntax warnings arise during verification
	 of only the selected units and their direct dependencies.

Below are two service unit files that I created for the purposes of testing:

1. First, we run the commands on a unit that does not have dependencies but has a non-existing key-value setting (i.e. foo = bar).

> cat <<EOF>testcase.service

[Unit]
foo = bar

[Service]
ExecStart = echo hello
EOF

OUTPUT:

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify testcase.service
/home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring.
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=yes testcase.service
/home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring.
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=no testcase.service
/home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=one testcase.service
/home/maanya-goenka/systemd/testcase.service:2: Unknown key name 'foo' in section 'Unit', ignoring.
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

2. Next, we run the commands on a unit that is syntactically valid but has a non-existing dependency (i.e. foo2.service)

> cat <<EOF>foobar.service

[Unit]
Requires = foo2.service

[Service]
ExecStart = echo hello
EOF

OUTPUT:

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify foobar.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
foobar.service: Failed to create foobar.service/start: Unit foo2.service not found.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=yes foobar.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
foobar.service: Failed to create foobar.service/start: Unit foo2.service not found.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=no foobar.service
maanya-goenka@debian:~/systemd (log-error)$ echo $?
0

maanya-goenka@debian:~/systemd (log-error)$ sudo build/systemd-analyze verify --recursive-errors=one foobar.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
foobar.service: Failed to create foobar.service/start: Unit foo2.service not found.
maanya-goenka@debian:~/systemd (log-error)$ echo $?
1
2021-08-12 07:22:15 -07:00
Maanya Goenka
f14d6810e0 manager: add a test flag to ignore dependencies
The MANAGER_TEST_RUN_IGNORE_DEPENDENCIES flag was added in order to allow the caller
to skip the recursive loading of dependency units when loading specific
unit files. This includes the default dependencies, the specified dependencies, the slice.
This will be used by systemd-analyze to allow checking individual unit files in isolation.
2021-08-12 07:22:15 -07:00
Maanya Goenka
1545051c79 manager: use FLAGS_SET when checking for MANAGER_TEST_RUN_MINIMAL
Allows multiple flags to be set, for example, in systemd-analyze.
2021-08-12 07:22:15 -07:00
Jan Janssen
dba0c9832b sd-boot: Allow on/off and t/f for booleans too 2021-08-12 16:10:06 +02:00
Jan Janssen
ec97e40c29 sd-boot: Provide error messages when parsing a config option fails 2021-08-12 16:10:06 +02:00
Jan Janssen
e98d271e57 sd-boot: Rework console input handling
Fixes: #15847
Probably fixes: #19191
2021-08-12 16:10:02 +02:00
Lennart Poettering
ced10d4838
Merge pull request #20199 from ddstreet/unit_cgroup_catchup
cgroup: do 'catchup' for unit cgroup inotify watch files
2021-08-12 16:04:40 +02:00
Maanya Goenka
3da57008e7 systemd-analyze: parse ip_filters_custom_egress correctly
Fixed bug in original assignment of security_info variable: ip_filters_custom_egress.
2021-08-12 13:36:42 +02:00