1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

531 Commits

Author SHA1 Message Date
Frantisek Sumsal
4651e1428d ci: build with clang-18 2024-03-26 03:14:33 +09:00
Evgeny Vereshchagin
ae0e1cb989 CI: revert the mmap_rnd_bits kludge
This reverts commit 2e0c2fb8fb and commit
b7c7498de8 now that
https://github.com/actions/runner-images/issues/9491 is closed.
2024-03-21 10:22:43 +01:00
Jan Macku
ec8c80eddb ci(freezer): update devel-freezer GHA to v1.1.0
The new version of `devel-freezer` GitHub Action adds support for milestones, labels, and more. Now, when the `rc` tag is published, it won't post a development freeze comment on PRs included in the next milestone.

This commit also sets a delay of the 20s for PR validation to give some time for updating labels and milestones on submitted PRs.
2024-03-20 12:37:18 +01:00
Jan Macku
2547791075 ci(freezer): update metadata and development_freeze workflow
use custom action to gather PR metadata and download artifact rather then inline script
2024-03-20 10:44:31 +01:00
Jan Macku
b026b9edf5 ci(metadata): remove fetch-depth: 0 it's not needed anymore 2024-03-20 10:35:40 +01:00
Daan De Meyer
e48c170f51 mkosi: Do disk space cleanup asynchronously
This can actually take a rather long time (multiple minutes) so
make sure we do it asynchronously.
2024-03-16 05:31:25 +09:00
Evgeny Vereshchagin
2e0c2fb8fb cifuzz,cflite: set mmap_rnd_bits to 28
to get MSan jobs to work with the latest Ubuntu images.

https://github.com/google/sanitizers/issues/1614
https://github.com/actions/runner-images/issues/9491
2024-03-15 21:58:41 +09:00
Daan De Meyer
e399efea79 mkosi: Enable KVM
Since https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/,
it seems that KVM is supported on GA runners, so let's explicitly
enable it to make sure it is used.

We update mkosi to latest and set QemuFirmware=uefi to disable
secure boot which crashes qemu until https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038777
is fixed.
2024-03-13 23:45:11 +01:00
dependabot[bot]
a17ae1f8d5 build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8a470fddaf...3ab4101902)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 23:16:19 +01:00
dependabot[bot]
e065f1c41b build(deps): bump actions/checkout from 4.1.1 to 4.1.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 20:15:20 +01:00
dependabot[bot]
660efa717c build(deps): bump meson from 1.3.2 to 1.4.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.2...1.4.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:52 +01:00
dependabot[bot]
9daa5b2a96 build(deps): bump softprops/action-gh-release from 1 to 2
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](de2c0eb89a...9d7c94cfd0)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:03 +01:00
Daan De Meyer
37bd860c22 mkosi: Introduce packaging sources as submodules
By always cloning the latest branch commit, we can't bisect properly
using mkosi as when bisecting wildly different packaging sources will
be used compared to when the commit was merged. By using submodules, we
track individual commits which means when bisecting the same packaging
sources will be used.

We use git submodules as dependabot has support for automatically making
PRs to update git submodules. This commit also includes the necessary
dependabot configuration to enable this.

We make ubuntu/debian use the same submodule instead of adding the debian
packaging sources twice by introducing a new $PKG_SUBDIR environment variable
and using it instead of $DISTRIBUTION.
2024-03-13 12:07:49 +01:00
Frantisek Sumsal
b7c7498de8 ci: reduce ASLR entropy
The latest GH Action runners started using 32-bit entropy for ASLR,
which makes it incompatible with llvm-14. This was fixed in later llvm
releases, but these aren't available on Ubuntu Jammy (22.04). Let's
reduce the ASLR entropy to 28-bit, which should make llvm happy again,
until the issue is resolved.

See: https://github.com/actions/runner-images/issues/9491
2024-03-12 16:17:46 +00:00
Daan De Meyer
61fbdd441f
Merge pull request #31345 from DaanDeMeyer/mkosi-packages
Build distribution packages in mkosi
2024-03-07 11:12:14 +01:00
Daan De Meyer
4d0f1451b5 Build distribution packages in mkosi
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:

- Vastly simplified mkosi scripts since we don't need a separate initrd
  image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
  anymore for the initrd and as such we don't need to care about the
  size anymore.
- The systemd packages that get pulled in as dependencies of other
  packages get properly uninstalled and replaced with our packages that
  we built instead of just installing on top of an existing systemd
  installation with no guarantee that everything from that previous
  installation was removed.
- Much better testing coverage as what we're testing is much closer
  to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
  use the proper directories and such instead of having to hack this
  into a mkosi build script.
- ...
2024-03-07 10:47:19 +01:00
Daan De Meyer
542bad6552 mkosi: Update to v21 2024-03-07 10:47:01 +01:00
Frantisek Sumsal
7161af9612 ci: explicitly change oom-{score}-adj before running tests
For some reason root in GH actions is able to _decrease_ its oom score
even after dropping all capabilities (including CAP_SYS_RESOURCE), until
the oom score is changed explicitly after sudo:

$ systemd-detect-virt
microsoft
$ sudo su -
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
 secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
pid 22180's OOM score adjust value changed from 500 to -101
~# choom -p $$ -n 500
pid 22027's OOM score adjust value changed from 500 to 500
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
...
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
choom: failed to set score adjust value: Permission denied

I have no idea what's going on, but it breaks
exec-oomscoreadjust-negative.service from test-execute when running
unprivileged.
2024-03-06 16:10:47 +01:00
Frantisek Sumsal
c538fecc61 ci: make the build dir accessible when running w/o privileges
Otherwise the unprivileged part of test-execute gets silently skipped:

/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
2024-03-06 16:10:47 +01:00
Luca Boccassi
5e39dc2f30 CI: free up diskspace before mkosi jobs
The runner has a lot of useless things installed, taking ~10GB, and
jobs have started to fail when booting images due to lack of disk
space, so delete some directories to make room.

2024-02-27T20:20:58.0998709Z ##[warning]You are running out of disk space. The runner will stop working when the machine runs out of disk space. Free space left: 0 MB

Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-03-01 20:04:13 +00:00
dependabot[bot]
5346a81024 build(deps): bump meson from 1.3.1 to 1.3.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.1...1.3.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 12:08:07 +01:00
dependabot[bot]
99e59d24f3 build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](26f96dfa69...5d5d22a312)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 11:57:31 +01:00
dependabot[bot]
ba959322a4 build(deps): bump github/codeql-action from 3.22.12 to 3.24.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](012739e508...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 11:06:02 +01:00
dependabot[bot]
04dd8258b4 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](91e2582e40...b9df2a9417)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 10:57:00 +01:00
Zbigniew Jędrzejewski-Szmek
ab95ba1558
Merge pull request #31511 from jamacku/prepare-for-diff-shellcheck
Prepare for new version of Differential ShellCheck & scanning of shell completion scripts
2024-02-28 10:28:56 +01:00
Jan Macku
c1631d4e49 ci(labeler): add rule for shell-completion label 2024-02-27 15:26:45 +00:00
Jan Macku
464b03d23c ci(lint): temporarily disable ShellCheck for bash-completion
This commit should be reverted once bash completion is in better shape when it comes to ShellCheck.
2024-02-27 15:41:28 +01:00
Jan Macku
b2e0caf882 ci(lint): exclude zsh completion from ShellCheck
zsh is not supported by ShellCheck
2024-02-27 15:41:28 +01:00
Jan Macku
a62013b382 ci(freezer): use GitHub Markdown magic for messages
It should make messages easier to notice.

GitHub docs: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts
2024-02-23 08:44:10 +00:00
Jan Macku
12af0efba5 ci(labeler): add policy for escape labeler 2024-02-19 16:09:15 +01:00
dependabot[bot]
0279c0abf3 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from dbce89aabda438ba58080366631b2c242e365f21 to 070528fec478fc93af7ec057a5d2fd0045123c99.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](dbce89aabd...070528fec4)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-09 16:28:12 +01:00
dependabot[bot]
f6f00383ff build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](c7d193f32e...26f96dfa69)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 12:18:13 +01:00
dependabot[bot]
12d1e448b2 build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 2.0.6 to 3.0.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](71bcf99aef...9e55064634)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-01 10:57:02 +01:00
Luca Boccassi
431f836bd4 CI: set TZ= in a unit test run to ensure tests don't break 2024-01-26 00:25:04 +00:00
Luca Boccassi
ddf934cf04
Merge pull request #30972 from mrc0mmand/ci-unit-tests-ukify
ci: install python3-pytest for ukify tests
2024-01-17 11:46:45 +00:00
Frantisek Sumsal
ee23a85561 ci: install python3-pytest for ukify tests 2024-01-16 21:36:05 +01:00
Mike Yuan
50d5f64632 labeler: add bsod, hibernate-resume, nspawn and vmspawn 2024-01-16 16:13:26 +00:00
Daan De Meyer
52842bb2c5 mkosi: Build a directory image by default
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.

In CI, we stick to a disk image to make sure that keeps working as
well.

The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:

```
[Output]
Format=disk
```
2024-01-12 16:19:48 +01:00
Daan De Meyer
8c018edb0a mkosi: Update to latest
The mkosi github action doesn't set up the host machine for building
full images anymore. Instead, only sufficient packages are installed
to be able to build tools trees so we configure a fedora tools tree
to build the actual images.
2024-01-09 14:58:34 +00:00
Frantisek Sumsal
96e4c62698 ci: build with -O2 and -Wmaybe-uninitialized
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Mike Yuan
42e6ad1684 labeler: add matches for login and logind 2024-01-03 15:00:36 +00:00
Frantisek Sumsal
b3fb73a5f2 ci: allow testing changes made to labeler configuration 2024-01-02 12:52:03 +01:00
Frantisek Sumsal
17b056a340 ci: use a boolean value for the boolean field
The issue[0] behind this workaround has been resolved[1], so we can set it
to a proper boolean field.

[0] https://github.com/systemd/systemd/issues/18671
[1] https://github.com/actions/labeler/pull/480
2024-01-02 12:42:03 +01:00
Frantisek Sumsal
d151d6ce6f ci: migrate labeler configuration to the new format
Turns out updating the labeler action is a bit annoying[0], so the
breaking change wasn't detected in the version bump PR.

[0] https://github.com/actions/labeler/#notes-regarding-pull_request_target-event

Follow-up to f88c9b0728.
2024-01-02 12:42:03 +01:00
dependabot[bot]
01b50b4aaf build(deps): bump github/codeql-action from 2.22.8 to 3.22.12
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.8 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](407ffafae6...012739e508)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:52:09 +00:00
dependabot[bot]
f88c9b0728 build(deps): bump actions/labeler from 4.3.0 to 5.0.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](ac9175f8a1...8558fd7429)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:22:27 +00:00
dependabot[bot]
94ce8e248e build(deps): bump actions/upload-artifact from 3.1.2 to 4.0.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b7f8abb15...c7d193f32e)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:19:03 +00:00
dependabot[bot]
13efb5cbd3 build(deps): bump meson from 1.3.0 to 1.3.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.0...1.3.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:17:28 +00:00
Yu Watanabe
ab84005cb2 github: bump version in template 2023-12-25 02:23:14 +09:00
dependabot[bot]
ba47598aef build(deps): bump meson from 1.2.3 to 1.3.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.3...1.3.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:49:19 +00:00