1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

996 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
25757715fe shared/cryptsetup-util: build problematic code only in developer mode
This code doesn't link when gcc+lld is used:

$ LDFLAGS=-fuse-ld=lld meson setup build-lld && ninja -C build-lld udevadm
...
ld.lld: error: src/shared/libsystemd-shared-255.a(libsystemd-shared-255.a.p/cryptsetup-util.c.o):
  symbol crypt_token_external_path@@ has undefined version
collect2: error: ld returned 1 exit status

As a work-around, restrict it to developer mode.

Closes https://github.com/systemd/systemd/issues/30218.
2023-11-28 20:23:45 +00:00
Daan De Meyer
bcb335ac68 Update to mkosi v19
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
  for local configuration
2023-11-28 19:54:58 +01:00
Luca Boccassi
094d85a6bb docs/RELEASE.md: retain systemd.io in IRC topic update 2023-11-14 20:18:50 +00:00
Vito Caputo
8c5f6494bc doc: some trivial cleanups to MEMORY_PRESSURE.md 2023-11-14 09:46:57 +00:00
Lennart Poettering
abc19a6ffa storagetm: expose more useful metadata for nvme block devices
don't let the devices to be announced just as model "Linux". Let's instead
propagate the underlying block device's model. Also do something
reasonably smart for the serial and firmware version fields.
2023-11-13 19:32:34 +00:00
Jeremy Fleischman
121cb88292 Fix some typos in RESOLVED-VPNS.md 2023-11-12 12:55:29 +00:00
Lennart Poettering
7480859a11 man,doc: document some aspects of user record management/homed a bit better
Fixes: #29759
2023-11-08 12:40:08 +01:00
Zbigniew Jędrzejewski-Szmek
55e40b0be8 tree-wide: s/life-cycle/lifecycle/g 2023-11-06 20:16:34 +01:00
Zbigniew Jędrzejewski-Szmek
f04aac3d5a docs: fix title levels, remove unneded words
The title applies to the whole page, not just the first section.
And there should be just one title ('# foo') in a given document.
2023-11-06 20:16:34 +01:00
Maanya Goenka
db776f6935 portable: add support for confext
Support confexts for portable services
2023-11-03 16:59:58 +00:00
Frantisek Sumsal
d4317fe172 nspawn: allow disabling os-release check
Introduce a new env variable $SYSTEMD_NSPAWN_CHECK_OS_RELEASE, that can
be used to disable the os-release check for bootable OS trees. Useful
when trying to boot a container with empty /etc/ and bind-mounted /usr/.

Resolves: #29185
2023-11-03 16:05:14 +00:00
Lennart Poettering
d54c747f7e firewall: allow selecting firewall backend via env var 2023-11-03 09:34:02 +01:00
Lennart Poettering
0631eac96d crytsetup: allow overriding the token .so library path via an env var
I tried to get something similar upstream:

https://gitlab.com/cryptsetup/cryptsetup/-/issues/846

But no luck, it was suggested I use ELF interposition instead. Hence,
let's do so (but not via ugly LD_PRELOAD, but simply by overriding the
relevant symbol natively in our own code).

This makes debugging tokens a ton easier.
2023-11-02 18:18:00 +00:00
Lennart Poettering
df586a49bb doc: document explicitly when we require specific top-level mounts to be established 2023-10-30 11:10:50 +00:00
Raul Cheleguini
813dbff4d5 nspawn: allow user-specified MAC address on container side
Introduce the environment variable SYSTEMD_NSPAWN_NETWORK_MAC to allow
user-specified MAC address on container side.
2023-10-25 13:59:46 +01:00
Mike Yuan
5d4072d0ed
man,docs: suffix directories with / 2023-10-21 06:25:35 +08:00
Daan De Meyer
26204e1a4a
Merge pull request #29630 from DaanDeMeyer/manager-json
Various refactoring in preparation for adding JSON dump to pid 1
2023-10-20 16:42:12 +02:00
Luca Boccassi
f455365031
Merge pull request #29626 from bluca/auto_soft_reboot
systemctl: automatically softreboot/kexec if set up on reboot
2023-10-20 13:46:46 +01:00
Luca Boccassi
665a3d6d15 systemctl: automatically softreboot/kexec if set up on reboot
Automatically softreboot if the nextroot has been set up with an OS
tree, or automatically kexec if a kernel has been loaded with kexec
--load.

Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to
skip the automated switchover.
2023-10-20 11:45:37 +01:00
Joerg Behrmann
cf37171890 credentials: document that their path is stable for system services 2023-10-20 11:44:46 +01:00
Daan De Meyer
ee7304df5d mkosi: Use RuntimeTrees= to mount sources
Instead of using ExtraTrees=, let's use the new RuntimeTrees= option
to mount the full repository into the VM/container. Let's also store
the sources under /usr/src/systemd and update the gdbinit file and
vscode HACKING guide section to match the new location.
2023-10-20 12:43:57 +02:00
Emil Velikov
6efdd7fec5 sd-boot: add way to disable the 100ms delay when timeout=0
Currently we have a 100ms delay which allows for people to enter/show
the boot menu even when timeout is set to zero.

In a handful of cases, that may not be needed - both in terms of access
policy, as well as latency.

For example: the option to provide the boot menu may be hidden behind an
"expert only" UX in the OS, to avoid end users from accidentally
entering it.

In addition, the current 100ms input polling may cause unexpected
additional delays in the boot. Some example numbers from my SteamDeck:

 - boot counting/rename/flush doubles 300us -> 600us
 - seed/hash setup doubles 900us -> 1800us
 - kernel/image load gets ~40% slower 107ms -> 167ms

It's not entirely clear why the UEFI calls gets slower, nevertheless the
information in itself proves useful.

This commit introduces a new option "menu-disabled", which omits the
100ms delay. The option is documented throughout the manual pages as
well as the Boot Loader Specification.

v2:
 - use STR_IN_SET

v3:
 - drop erroneous whitespace

v4:
 - add a new LoaderFeature bit,
 - don't change ABI keep TIMEOUT_* tokens the same
 - move new token in the 64bit range, update API and storage for it
 - change inc/dec behaviour to TIMEOUT_MIN : TIMEOUT_MENU_FORCE
 - user cannot opt-in from sd-boot itself, add assert_not_reached()

v5:
 - s/Menu disablement control/Menu can be disabled/
 - rewrap comments to 109
 - use SYNTHETIC_ERRNO(EOPNOTSUPP)

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-17 15:09:53 +01:00
Emil Velikov
b9de6a7b94 docs/BOOT_LOADER_INTERFACE: mention that menu-* options are strings
To be on the safe side, explicitly mention that apart from the numerical
entries we can allow string ones.

Implementation-wise, bootctl will use internal numerical values that
match sd-boot's ABI. The latter also accepts the string options.

Going forward we'd like to avoid adding more internal magic and be more
explicit.

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
2023-10-17 14:59:26 +01:00
Mike Yuan
74b2c22fd7 docs/FILE_DESCRIPTOR_STORE: NotifyAccess=cgroup -> all
Fixes #29590
2023-10-17 11:59:38 +01:00
Lennart Poettering
cde8cc946b
Merge pull request #29272 from enr0n/coredump-container
coredump: support forwarding coredumps to containers
2023-10-16 16:13:16 +02:00
Daan De Meyer
36d87065f2
Merge pull request #29558 from mrc0mmand/varlinkctl-tests
varlink: add a couple of tests + accompanying fixes
2023-10-16 09:49:42 +02:00
Frantisek Sumsal
d04af6aaca docs: update fuzzers docs 2023-10-14 17:55:29 +02:00
Nick Rosbrook
cfc015f09e man: document CoredumpReceive= setting 2023-10-13 15:28:50 -04:00
Luca Boccassi
bb5232b6a3 core: add systemd-executor binary
Currently we spawn services by forking a child process, doing a bunch
of work, and then exec'ing the service executable.

There are some advantages to this approach:

- quick: we immediately have access to all the enourmous amount of
  state simply by virtue of sharing the memory with the parent
- easy to refactor and add features
- part of the same binary, will never be out of sync

There are however significant drawbacks:

- doing work after fork and before exec is against glibc's supported
  case for several APIs we call
- copy-on-write trap: anytime any memory is touched in either parent
  or child, a copy of that page will be triggered
- memory footprint of the child process will be memory footprint of
  PID1, but using the cgroup memory limits of the unit

The last issue is especially problematic on resource constrained
systems where hard memory caps are enforced and swap is not allowed.
As soon as PID1 is under load, with no page out due to no swap, and a
service with a low MemoryMax= tries to start, hilarity ensues.

Add a new systemd-executor binary, that is able to receive all the
required state via memfd, deserialize it, prepare the appropriate
data structures and call exec_child.

Use posix_spawn which uses CLONE_VM + CLONE_VFORK, to ensure there is
no copy-on-write (same address space will be used, and parent process
will be frozen, until exec).
The sd-executor binary is pinned by FD on startup, so that we can
guarantee there will be no incompatibilities during upgrades.
2023-10-12 15:01:51 +01:00
Lennart Poettering
ce4801c42b doc: readd vanished ```
This disappeared in 1e8f5f79e1, let's
restore it.
2023-10-11 11:41:56 +02:00
Lennart Poettering
22d7fb6646 docs: document that in future we'll do EV_EVENT_TAG only, no EV_IPL 2023-10-10 23:31:33 +01:00
Abderrahim Kitouni
e8868e8354 doc-sync: add support for uploading the documentation for main
It will refuse running on any other branch than main or stable branches.

Also update the release instructions to run it on the stable branch.
2023-10-10 17:50:04 +01:00
Luca Boccassi
795e80c7ed
Merge pull request #29507 from abderrahim/doc-sync-improvement
Improvements to the doc-sync target
2023-10-10 08:59:33 +01:00
Luca Boccassi
12de4ed1ca boot: measure loader.conf in PCR5
Results in:

- EventNum: 26
  PCRIndex: 5
  EventType: EV_EVENT_TAG
  DigestCount: 4
  Digests:
  - AlgorithmId: sha1
    Digest: 155fb999ca61ba8c7b1f1d87cee821f772ef084a
  - AlgorithmId: sha256
    Digest: 4c26adf231603613afc00bb3d5cad046aec6a525ca01262417c7085caab452b5
  - AlgorithmId: sha384
    Digest: 3e0758cb6605ac274e55d747bf29ee3474fc4413cd5e7a451d1375219cd7f08a30fc915a8df7131657ca78b82b9ccec8
  - AlgorithmId: sha512
    Digest: e32d905b9092c543802f386db9a397d9b6593bdb8360fb747a6d23e491a09595fec8699184cc790d0873a3d52ed16d045538f0c73ece48278fae0fb6ed9b4ed6
  EventSize: 32
  Event: 2a58bcf5180000006c006f0061006400650072002e0063006f006e0066000000
2023-10-09 22:22:09 +01:00
Luca Boccassi
3e6f010e03 stub: measure all cmdline addons together 2023-10-09 22:22:09 +01:00
Luca Boccassi
68f85761e2 stub: add support for dtb addons
Same as kernel command line addons.
2023-10-09 22:22:09 +01:00
Abderrahim Kitouni
00fc4a3945 doc-sync: automatically detect whether we're updating the latest version
also update the release instructions to push release candidates to -stable
2023-10-09 18:37:41 +01:00
Daan De Meyer
f478b6e97d Update HACKING instructions
Let's mention that we just need the latest stable release of mkosi,
not the latest git commit. We also split the instructions for building
on the host and the instructions for building with mkosi into two blocks,
as it's not required to build on the host anymore to build with mkosi.
2023-10-06 09:16:33 +02:00
Lennart Poettering
e59049d7a9 repart: add simple mechanism to override fstype choices
This is very useful for quickly testing things when building DDIs, in
particular in the CI, and trivial to add.
2023-10-05 19:18:36 +02:00
Mike Yuan
ba96ba0420 docs/HACKING: Arch has dropped asp in favor of pkgctl
Prompted by #29461

See also: https://wiki.archlinux.org/title/Arch_build_system#Using_the_pkgctl_tool
2023-10-05 17:54:37 +02:00
Lennart Poettering
4c376e58da markdown: add document listing TPM2 PCR measurements we make comprehensively
This is useful to write TPM event log decoders.
2023-10-04 15:38:48 +02:00
Yu Watanabe
52afaee74b sd-netlink: make the default timeout configurable by environment variable
On normal systems, triggering a timeout should be a bug in code or
configuration error, so I do not think we should extend the default
timeout. Also, we should not introduce a 'first class' configuration
option about that. But, making it configurable may be useful for cases
such that "an extremely highly utilized system (lots of OOM kills,
very high CPU utilization, etc)".

Closes #25441.
2023-10-01 12:41:10 +09:00
Luca Boccassi
2c0ca3e398 docs: note root storage daemons can now also use SurviveFinalKillSignal=yes 2023-09-28 13:48:14 +01:00
Lennart Poettering
32295fa08f pcrphase: rename binary to pcrextend
The tool initially just measured the boot phase, but was subsequently
extended to measure file system and machine IDs, too. At AllSystemsGo
there were request to add more, and make the tool generically
accessible.

Hence, let's rename the binary (but not the pcrphase services), to make
clear the tool is not just measureing the boot phase, but a lot of other
things too.

The tool is located in /usr/lib/ and still relatively new, hence let's
just rename the binary and be done with it, while keeping the unit names
stable.

While we are at it, also move the tool out of src/boot/ and into its own
src/pcrextend/ dir, since it's not really doing boot related stuff
anymore.
2023-09-25 17:17:20 +02:00
Zbigniew Jędrzejewski-Szmek
61afc53924 docs/FDS: add missing article and reword sentence 2023-09-25 11:30:02 +01:00
Lennart Poettering
1df74d1cea docs: various updates to the fdstore docs
ispell made some suggestions which I applied.

Addresses: https://github.com/systemd/systemd/pull/29209#pullrequestreview-1632623460

Also adds a brief paragraph about initrd transitions. (Plymouth really
should start using the fdstore for pinning DRM objects, and stop trying
to survive the initrd→host transition)
2023-09-20 09:17:43 +02:00
Joerg Behrmann
7227dd816f treewide: fix typos
- mostly: usecase -> use case
- continously -> continuously
- single typos in docs/FILE_DESCRIPTOR_STORE.md
2023-09-19 10:05:38 +02:00
Lennart Poettering
0959847af5 doc: add a markdown doc giving an overview over the fdstore
And link it up everywhere.
2023-09-18 14:47:07 +02:00
Gioele Barabucci
4a899c5a23 docs/NETWORK_ONLINE: Use until instead of while !
`until` is the standard POSIX shell builtin to be used when waiting for
a condition to appear.
2023-08-14 09:15:31 +02:00
Gioele Barabucci
3078ece8c4 docs/NETWORK_ONLINE: Move Type=, RemainAfterExit= to [Service]
`Type=` and `RemainAfterExit=` belong in `[Service]`, not `[Unit]`.

Fixes #28826
2023-08-14 09:15:21 +02:00
Jan Macku
e868f5efae docs: update link to RHEL/CentOS Stream tracker
Also update link to systemd downstream GitHub repo.
2023-08-11 09:55:10 +01:00
Yu Watanabe
ec88da9146 docs: fix typo 2023-08-01 15:53:32 +09:00
Luca Boccassi
fdacce7421 docs: note that Github Pages configuration has to be updated after a release 2023-07-28 23:42:20 +01:00
Luca Boccassi
b0d3095fd6 Drop split-usr and unmerged-usr support
As previously announced, execute order 66:

https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

The meson options split-usr, rootlibdir and rootprefix become no-ops
that print a warning if they are set to anything other than the
default values. We can remove them in a future release.
2023-07-28 19:34:03 +01:00
David Tardon
85fe60b9e8 docs: fix order 2023-07-13 09:37:00 +00:00
Micah Abbott
2262cbf9fd docs: cleanups to ROOT_STORAGE_DAEMONS
There were a couple spelling/grammatical errors in the docs that made
it hard to read and understand parts of this doc. I cleaned up those
errors and reflowed the line breaks to keep to the 80 char limit.
2023-07-12 15:49:05 +01:00
Yu Watanabe
627cdcc785 tree-wide: fix typos reported by Fossies Codespell report 2023-07-12 10:14:50 +09:00
Joerg Behrmann
5bc9ea070f treewide: fix "an" before consonant U sounds
The article "a" goes before consonant sounds and "an" goes before vowel
sounds. This commit changes an to a for UKI, UDP, UTF-8, URL, UUID, U-Label, UI
and USB, since they start with the sound /ˌjuː/.
2023-07-06 11:59:41 +01:00
Lennart Poettering
de70ecb328 import-creds: add support for binary credentials specified on the kernel cmdline 2023-07-04 23:19:48 +02:00
Lennart Poettering
df5f51c3fe doc: document inird credentials + and how to consume credentials in generators
(as well as various other fixes)
2023-07-04 23:17:17 +02:00
Zbigniew Jędrzejewski-Szmek
da89046643 tree-wide: "<n>bit" → "<n>-bit"
In some places, "<n> bits" is used when more appropriate.
2023-07-02 11:10:12 +01:00
Daan De Meyer
2fe24cccde mkosi: Enable Incremental= mode by default
Since mkosi is now smart enough to drop the caches when the list of
packages changes, let's enable Incremental= mode by default to ensure
a good experience for anyone new to hacking on systemd with mkosi.
2023-06-29 13:11:39 +01:00
Lennart Poettering
fba84e121b journalctl: read env vars that override compiled catalog database and source files
This makes it a bit easier to test catalog files without installing
systemd.
2023-06-27 23:20:15 +02:00
Frantisek Sumsal
dc7e580e64 tree-wide: use https for the 0pointer.de doc links 2023-06-23 13:46:56 +01:00
Lennart Poettering
2499d32022 docs: document threading situation in coding style 2023-06-23 10:05:16 +02:00
Lennart Poettering
7e81ce6bb8 docs: describe $TESTFUNCS briefly
Follow-up for f1a83e41ae
2023-06-22 15:14:47 +01:00
Zbigniew Jędrzejewski-Szmek
5811490a3f docs/CREDENTIALS: fix confusion of i.e. and e.g. 2023-06-19 13:36:30 +02:00
Daan De Meyer
bbfb25f4b9 creds: Add ImportCredential=
ImportCredential= takes a credential name and searches for a matching
credential in all the credential stores we know about it. It supports
globs which are expanded so that all matching credentials are loaded.
2023-06-08 14:09:18 +02:00
Zbigniew Jędrzejewski-Szmek
badea0d6df sd-boot,sd-stub: also print version after the address
The kernel, systemd, and many other things print their version during boot.
sd-boot and sd-stub are also important, so let's print the version if EFI_DEBUG.
(If !EFI_DEBUG, continue to be quiet.)

When updating the docs, I saw that that the text in HACKING.md was out of date.
Instead of trying to update the instructions there, make it shorter and refer
the reader to tools/debug-sd-boot.sh for details.
2023-05-24 04:34:56 +09:00
Zbigniew Jędrzejewski-Szmek
bd3beda283 shared/condition: add envvar override for the check for first-boot
Before 7cd43e34c5, it was possible to use
SYSTEMD_PROC_CMDLINE=systemd.condition-first-boot to override autodetection.
But now this doesn't work anymore, and it's useful to be able to do that for
testing.
2023-05-23 15:09:39 +02:00
Zbigniew Jędrzejewski-Szmek
7ecce0e571 docs: list all public headers in stability promise
We provide the same stability for all the headers that are public.

Also, mark id128 as portable to other systems. There is really nothing in the
code that would make it hard. It would probably work out-of-the-box.
2023-05-16 08:50:11 +02:00
Daan De Meyer
47e5e12866 mkosi: Package a erofs usr partition with signed verity
Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.

The root partition is generated on boot with systemd-repart.

CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.

We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
2023-05-13 10:49:17 +02:00
Klaus
ab13274a19
docs: add correct pacman command (#27486)
The `pacman` command in order to install packages on Arch in the documentation is invalid.
This PR fixes the command.
2023-05-02 17:18:10 +08:00
Lennart Poettering
a8b993dc11 core: add DelegateSubgroup= setting
This implements a minimal subset of #24961, but in a lot more
restrictive way: we only allow one level of subcgroup (as that's enough
to address the no-processes in inner cgroups rule), and does not change
anything about threaded cgroup logic or similar, or make any of this new
behaviour mandatory.

All this does is this: all non-control processes we invoke for a unit
we'll invoke in a subgroup by the specified name.

We'll later port all our current services that use cgroup delegation
over to this, i.e. user@.service, systemd-nspawn@.service and
systemd-udevd.service.
2023-04-27 12:18:32 +02:00
Lawrence Thorpe
08b61b40ed
docs: fix LoadCredentialEncrypted example (#27387)
Embedded credential name 'ciphertext.cred' does not match filename 'foobar', refusing.
2023-04-25 15:41:01 +02:00
Lennart Poettering
4d26b2277a doc: say in CODING_STYLE that AT_EMPTY_PATH should be implied on openat() style APIs (and NULL path is OK)
As discussed here:

https://github.com/systemd/systemd/pull/27397#issuecomment-1521630044
2023-04-25 14:05:08 +02:00
07416
f6e94c5f7d
a colloquial abbreviation 'btw' in TEMPORARY_DIRECTORIES.md (#27365)
* Update TEMPORARY_DIRECTORIES.md
2023-04-23 10:48:17 +01:00
Frantisek Sumsal
94d82b5980 tree-wide: code spelling fixes
As reported by Fossies.
2023-04-20 21:54:59 +02:00
Frantisek Sumsal
e24c6676c7 docs: add a missing $ sign
Addresses https://github.com/systemd/systemd/pull/27283#pullrequestreview-1386816102.
Follow-up to 1a127aa02b.
2023-04-16 20:31:33 +02:00
Frantisek Sumsal
1a127aa02b docs: a couple of typo fixes & formatting tweaks 2023-04-15 13:12:43 +02:00
Yu Watanabe
5cf69e709e os-util: make $SYSTEMD_OS_RELEASE prefixed with the root directory
To make it consistent with other env vars, e.g. $SYSTEMD_ESP_PATH or
$SYSTEMD_XBOOTLDR_PATH.

This is useful when the root is specified by a file descriptor, instead
of a path.
2023-04-11 18:49:23 +09:00
Zbigniew Jędrzejewski-Szmek
1e094cb4ba
Merge pull request #27126 from yuwata/journal-compress
sd-journal: allow to specify compression algorithm through env
2023-04-07 09:28:27 +02:00
maanyagoenka
1f4f166690 confext: documentation and man page updates for confext 2023-04-05 21:50:04 +00:00
Yu Watanabe
1f06ea747b sd-journal: allow to specify compression algorithm through env
Fixes RHBZ#2183546 (https://bugzilla.redhat.com/show_bug.cgi?id=2183546).

Previously, journal file is always compressed with the default algorithm
set at compile time. So, if a newer algorithm is used, journal files
cannot be read by older version of journalctl that does not support the
algorithm.

Co-authored-by: Colin Walters <walters@verbum.org>
2023-04-04 18:32:12 +09:00
Ludwig Nussel
6fb595bc2f docs: fix coredump legacy example 2023-03-31 11:47:17 +02:00
Lennart Poettering
b6bd98ebd5 docs: add a document with an overview over systemd's coredump handling 2023-03-30 16:11:26 +02:00
Daan De Meyer
65e179a1e7 tmpfiles: Try to take a BSD lock on files as well
Similar to what we do for directories, just before we remove a file,
let's try to take a BSD lock on it. If that fails, skip removing the
file.
2023-03-30 11:45:05 +02:00
Daan De Meyer
94c9855a18 mkosi: Update to latest
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
  .gdbinit to make gdb work properly
2023-03-29 13:27:19 +02:00
Luca Boccassi
e8114a4f86 portable: add PORTABLE_NAME_AND_VERSION= and other metadata to LogsExtraFields=
This is useful to identify log messages with metadata from the images
they run on. Look for ID/VERSION_ID/IMAGE_ID/IMAGE_VERSION/BUILD_ID,
with a SYSEXT_ prefix if we are looking at an extension, and append via
LogExtraFields= as respectively PORTABLE_NAME_AND_VERSION= in case of a
single image. In case of extensions, append as PORTABLE_ROOT_NAME_AND_VERSION=
for the base and one PORTABLE_EXTENSION_AND_VERSION= for each extension.

Example with a base and two extensions, with the unit coming from the
first extension:

[Service]
RootImage=/home/bluca/git/systemd/base.raw
Environment=PORTABLE=app0.raw
BindReadOnlyPaths=/etc/os-release:/run/host/os-release
LogExtraFields=PORTABLE=app0.raw
Environment=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT_NAME_AND_VERSION=debian_10

ExtensionImages=/home/bluca/git/systemd/app0.raw
LogExtraFields=PORTABLE_EXTENSION=app0.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_0

ExtensionImages=/home/bluca/git/systemd/app1.raw
LogExtraFields=PORTABLE_EXTENSION=app1.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_1
2023-03-28 12:14:21 +01:00
Luca Boccassi
8c8331fc50 portable: include base and extension images in log fields
When a portable service uses extensions, we use the 'main' image name
(the one where the unit was found in) as PORTABLE=. It is useful to
also list all the images actually used at runtime, as they might
contain libraries and so on.

Use PORTABLE_ROOT= for the image/directory that is used as RootImage=
or RootDirectory=, and PORTABLE_EXTENSION= for the image/directory that
is used as ExtensionImages= or ExtensionDirectories=.

Note that these new fields are only added if extensions are used,
there's no change for single-DDI portables.

Example with a base and two extensions, with the unit coming from the
first extension:

[Service]
RootImage=/home/bluca/git/systemd/base.raw
Environment=PORTABLE=app0.raw
BindReadOnlyPaths=/etc/os-release:/run/host/os-release
LogExtraFields=PORTABLE=app0.raw
LogExtraFields=PORTABLE_ROOT=base.raw

ExtensionImages=/home/bluca/git/systemd/app0.raw
LogExtraFields=PORTABLE_EXTENSION=app0.raw

ExtensionImages=/home/bluca/git/systemd/app1.raw
LogExtraFields=PORTABLE_EXTENSION=app1.raw
2023-03-28 10:36:01 +01:00
Frantisek Sumsal
13bf321610 docs: s/authorized_key/authorized_keys/ 2023-03-24 16:16:50 +01:00
Daan De Meyer
1441a6a751 docs: Explicitly tell developers to enable mkosi required meson options
We need repart, bootctl, analyze and ukify for mkosi so let's make
sure those get built in the HACKING guide.
2023-03-23 13:09:09 +00:00
Daan De Meyer
c84d14c525 docs: Fix vscode debugging section in HACKING.md
Let's account for the recent changes in mkosi in the debugging
with vscode section.
2023-03-21 17:47:51 +00:00
Mike Yuan
7d33146dbc
docs: update unit name for sd-tmpfiles-setup 2023-03-19 01:32:50 +08:00
Luca Boccassi
e0b8bbbdbe doc: update ELF_PACKAGE_METADATA to use linker flag instead of manual script
bfd/gold/mold/lld support this flag, so document it explicitly, and drop the
manually written linker script which is no longer necessary
2023-03-16 08:38:39 +01:00
Daan De Meyer
4b8ce14f6c repart: Add support for reading mkfs options from environment 2023-03-10 09:33:39 +01:00
Zbigniew Jędrzejewski-Szmek
ba0e70673c
Merge pull request #26038 from lilyinstarlight/fix/fstab-generator-sysroot-without-cmdline
fstab-generator: use correct targets when /sysroot is specificied in fstab only
2023-03-09 08:51:31 +01:00
Dmitry V. Levin
ba1ca5ef26 CODING_STYLE: note that 'unsigned' form is preferred over 'unsigned int' 2023-03-08 21:17:23 +00:00
Jan Engelhardt
18fe76eba5 doc: correct wrong use "'s" contractions 2023-03-07 13:39:31 +01:00
Lennart Poettering
206f0f397e journal-file: journal-file: extend journal header to always carry offset of most recent entry
This way we can quickly find the most recent entry, without searching or
traversing entry array chains.

This is relevant later, as it it allows us to quickly determine the most
recent timestamps of each journal file, in a roughly atomic way.
2023-03-02 10:03:15 +01:00
Lennart Poettering
a4b13ae1be doc: add document explaining memory pressure handling 2023-03-01 09:43:24 +01:00
Lennart Poettering
f010478168 docs: document the new HEADER_COMPATIBLE_TAIL_ENTRY_BOOT_ID flag 2023-02-21 10:47:53 +01:00
Daan De Meyer
e9c47453d2 Drop mkosi + clang section from HACKING
We removed a few features that made this work, will be added back
in the future when we restructure the way mkosi does build images.
2023-02-16 20:06:27 +01:00
Daan De Meyer
2edcf8e7db Update HACKING for latest mkosi 2023-02-16 20:05:55 +01:00
Luca Boccassi
6f97aae029
Merge pull request #26213 from poettering/journal-rework-seqnum
journal sequence number rework
2023-02-15 19:58:58 +00:00
Dmitry V. Levin
30fd9a2dab treewide: fix a few typos in NEWS, docs and comments 2023-02-15 10:41:03 +00:00
Yu Watanabe
0b75493da0 tree-wide: fix typo and comment style update 2023-02-15 10:08:16 +09:00
Geert Lorang
d5e3d3465c docs/NETWORK_ONLINE: fix example
Type=oneshot is necessary for systemd to actually wait for the service
to return. With RemainAfterExit=yes it won't be started again.

Fixes #26342.
2023-02-08 16:53:53 +00:00
Lennart Poettering
11181f8a5a man: document __SEQNUM=/__SEQNUM_ID= journal pseudo fields 2023-02-08 13:42:30 +01:00
Zbigniew Jędrzejewski-Szmek
1e8f5f79e1 docs/CODING_STYLE: add sentence about redirection operators 2023-02-06 09:19:04 +01:00
Zbigniew Jędrzejewski-Szmek
7a17e41dcf test: drop whitespace after shell redirection operators
(The one case that is left unchanged is '< <(subcommand)'.)

This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.

In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
2023-02-06 09:19:04 +01:00
wouter bolsterlee
3d3e51eff2 docs: tweak rsync flags for moving existing home dir to systemd-homed
The documentation on moving an existing homedir into a systemd-homed managed
one suggests using rsync(1) with a bunch of flags to preserve as much metadata
as possible: permissions, xattrs, timestamps, etc. The previously suggested
flags were:

    rsync -aHAXv --remove-source-files …

… which does include mtimes, but not ctimes and atimes, because -a does not
include those:

    --archive, -a            archive mode is -rlptgoD (no -A,-X,-U,-N,-H)

This change adds the -N and -U flags to preserve even more file timestamps,
turning the command into:

    rsync -aHANUXv --remove-source-files …

The new flags are:

    --crtimes, -N            preserve create times (newness)
    --atimes, -U             preserve access (use) times
2023-02-01 20:47:56 +00:00
cake03
98a6d8505d update footer to 2023 2023-01-29 20:26:28 +09:00
Lily Foster
905dd992f8
fstab-generator: add SYSTEMD_SYSFS_CHECK env var
This forces processing of /dev entries in fstab when running in a
container is detected (checked as the existence of read-only /sys).
2023-01-25 19:05:11 -05:00
Daan De Meyer
246fd4d2ed docs: Update HACKING.md to mention latest mkosi is needed
Let's require users to run mkosi from git so we can fix any issues
forward instead of trying to keep the configs working with older
versions.
2023-01-24 22:05:49 +01:00
Luca Boccassi
6a21cb2b60 docs: update instructions for translation strings 2023-01-24 13:30:02 +00:00
Luca Boccassi
7fafa15049 docs: drop manual rc PR warning step
it is not automated, yay
2023-01-24 12:34:00 +00:00
Dmitry V. Levin
5c7a4f21dd docs, man: consistently use comma after "For example" 2023-01-23 22:52:34 +00:00
Dmitry V. Levin
bed1feaf3a docs: fix formatting a bit 2023-01-23 22:52:34 +00:00
Dmitry V. Levin
e347d53ace docs: fix grammar a bit 2023-01-23 22:52:34 +00:00
Dmitry V. Levin
d8b67e05fb docs: fix a few typos 2023-01-23 22:52:34 +00:00
Luca Boccassi
71c6f0ac52
Merge pull request #23309 from DaanDeMeyer/log-context
basic: Add log context
2023-01-20 15:01:03 +00:00
Lennart Poettering
f591cf66f0 doc: document how we expect empty lines to be used 2023-01-17 21:26:13 +01:00
Lennart Poettering
6c51b49ce0 tpm2: add common helper for checking if we are running on UKI with TPM measurements
Let's introduce a common implementation of a function that checks
whether we are booted on a kernel with systemd-stub that has TPM PCR
measurements enabled. Do our own userspace measurements only if we
detect that.

PCRs are scarce and most likely there are projects which already make
use of them in other ways. Hence, instead of blindly stepping into their
territory let's conditionalize things so that people have to explicitly
buy into our PCR assignments before we start measuring things into them.
Specifically bind everything to an UKI that reported measurements.

This was previously already implemented in systemd-pcrphase, but with
this change we expand this to all tools that process PCR measurement
settings.

The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE,
to make it more generic (since we'll use it at multiple places now).
This is not a compat break, since the original env var for that was not
included in any stable release yet.
2023-01-17 09:42:16 +01:00
Luca Boccassi
f86d037623 docs/man: remove reference to default vsock CID
This was dropped on reviewers' request in the revision that got merged,
but reference in two documents was not updated. Fix it.

Follow-up for: https://github.com/systemd/systemd/pull/25918
2023-01-15 22:17:15 +00:00
Ludwig Nussel
2e76ca79b3 bootctl: honor $KERNEL_INSTALL_CONF_ROOT
Honor $KERNEL_INSTALL_CONF_ROOT for reading config files, as
kernel-install does.
2023-01-10 15:17:07 +01:00
Daan De Meyer
7c7a9138a2 basic: Add log context
This commit adds support for attaching extra metadata to log
messages written to the journal via log.h. We keep track of a
thread local log context in log.c onto which we can push extra
metadata fields that should be logged. Once a field is no longer
relevant, it can be popped again from the log context.

On top of this, we then add macros to allow pushing extra fields
onto the log context.

LOG_CONTEXT_PUSH() will push the provided field onto the log context
and pop the last field from the log context when the current block
ends. LOG_CONTEXT_PUSH_STRV() will do the same but for all fields in
the given strv.

Using the macros is as simple as putting them anywhere inside a block
to add a field to all following log messages logged from inside that
block.

void myfunction(...) {
	...

	LOG_CONTEXT_PUSH("MYMETADATA=abc");

	// Every journal message logged will now have the MYMETADATA=abc
        // field included.
}

For convenience, there's also LOG_CONTEXT_PUSHF() to allow constructing
the field to be logged using printf() syntax.

log_context_new()/log_context_free() can be used to attach a log context
to an async operation by storing it in the associated userdata struct.
2023-01-08 16:31:16 +01:00
Lennart Poettering
7122aee5ab
Merge pull request #25918 from bluca/smbios_sd_notify
Support AF_VSOCK in sd_notify and pick up notify_socket from creds
2023-01-06 15:21:27 +01:00
Sam James
4e11b54b31 CODING_STYLE: fix 'better' typo 2023-01-06 14:03:19 +01:00
Luca Boccassi
4a91ace5bc creds: import 'vmm.notify_socket' and use it to set
This is intended to be used with VSOCK, to notify the hypervisor/VMM, eg on the host:

qemu <...> -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42

(vsock:2:1234 -> send to host on vsock port 1234, default is to send to 0 which is
the hypervisor itself)

Also on the host:

$ socat - VSOCK-LISTEN:1234,socktype=5
READY=1
STATUS=Ready.
2023-01-05 23:07:16 +01:00
Lennart Poettering
6ae5c39af1 docs: remove /dev/tty* confusion
The text said /dev/tty* as a whole was the VT subsystem and that VT is
not supported in containers.

But that's not accurate as /dev/tty* will match /dev/tty too and that
one device node is special and is not related to VT: it always points to
the current process own controlling tty, regardless what that is.

hence, rewrite /dev/tty* as /dev/tty[0-9]*.
2022-12-23 21:17:31 +01:00
Lennart Poettering
80ce8580f5 dissect-image: let's lock down fstypes a bit
When we dissect images automatically, let's be a bit more conservative
with the file system types we are willing to mount: only mount common
file systems automatically.

Explicit mounts requested by admins should always be OK, but when we do
automatic mounts, let's not permit barely maintained, possibly legacy
file systems.

The list for now covers the four common writable and two common
read-only file systems. Sooner or later we might want to add more to the
list.

Also, it might make sense to eventually make this configurable via the
image dissection policy logic.
2022-12-22 10:30:35 +09:00
Zbigniew Jędrzejewski-Szmek
254d1313ae tree-wide: use -EBADF for fd initialization
-1 was used everywhere, but -EBADF or -EBADFD started being used in various
places. Let's make things consistent in the new style.

Note that there are two candidates:
EBADF 9 Bad file descriptor
EBADFD 77 File descriptor in bad state

Since we're initializating the fd, we're just assigning a value that means
"no fd yet", so it's just a bad file descriptor, and the first errno fits
better. If instead we had a valid file descriptor that became invalid because
of some operation or state change, the other errno would fit better.

In some places, initialization is dropped if unnecessary.
2022-12-19 15:00:57 +01:00
Aidan Dang
8f30c00c50 Implement SYSTEMD_HOME_MKFS_OPTIONS_* envvars to configure mkfs options for homed LUKS directories 2022-12-15 22:22:10 +01:00
Quentin Deslandes
523ea1237a journal: log filtering options support in PID1
Define new unit parameter (LogFilterPatterns) to filter logs processed by
journald.

This option is used to store a regular expression which is carried from
PID1 to systemd-journald through a cgroup xattrs:
`user.journald_log_filter_patterns`.
2022-12-15 09:57:39 +00:00
Yu Watanabe
a6e16d949c
Merge pull request #25723 from keszybz/generators-tmp
Run generators with / ro and /tmp mounted
2022-12-15 12:53:49 +09:00
Zbigniew Jędrzejewski-Szmek
9f563f2792 tree-wide: use mode=0nnn for mount option
This is an octal number. We used the 0 prefix in some places inconsistently.
The kernel always interprets in base-8, so this has no effect, but I think
it's nicer to use the 0 to remind the reader that this is not a decimal number.
2022-12-14 22:12:44 +01:00
Jiayi Chen
b1c4466bba doc: add language decorator on the code block
Add `c` decorator on the code block for applying syntax highlighting.
2022-12-14 18:07:07 +09:00
January
5537165879 doc: add an example code to lock the whole disk
add an example to leverage `libsystemd` infrastructure to get the whole disk of a block device and take BSD lock on it #25046
2022-12-13 14:55:57 +01:00
Lennart Poettering
09e917ea4d repart: support erofs
So, i think "erofs" is probably the better, more modern alternative to
"squashfs". Many of the benefits don't matter too much to us I guess,
but there's one thing that stands out: erofs has a UUID in the
superblock, squashfs has not. Having an UUID in the superblock matters
if the file systems are used in an overlayfs stack, as overlayfs uses
the UUIDs to robustly and persistently reference inodes on layers in
case of metadata copy-up.

Since we probably want to allow such uses in overlayfs as emplyoed by
sysext (and the future syscfg) we probably should ramp up our erofs game
early on. Hence let's natively support erofs, test it, and in fact
mention it in the docs before squashfs even.
2022-12-10 11:26:36 +01:00
Daan De Meyer
52c602d4c6 ci: Labeler improvements
- Mention "/please-review" in the contributing guide
- Remove "needs-rebase" on push
- Don't add "please-review" if a green label is set
- Don't add please-review label to draft PRs
- Add please-review when a PR moves out of draft
2022-12-09 15:37:43 +01:00
Aidan Dang
b04ff66b42 Implement --luks-pbkdf-force-iterations for homed 2022-12-06 15:56:11 +01:00
Luca Boccassi
f252ea9ae4
Merge pull request #25638 from bluca/rate_limit_config
pid1: add env var to override default mount rate limit burst
2022-12-06 02:07:47 +01:00
Luca Boccassi
24a4542cfa pid1: add env var to override default mount rate limit burst
I am hitting the rate limit on a busy system with low resources, and
it stalls the boot process which is Very Bad (TM).
2022-12-05 21:05:57 +00:00
Jan Macku
c0ee89ac7e doc: CentOS is EOL use CentOS stream 2022-12-05 18:35:47 +01:00
Jan Macku
efe05392f6 doc: fix markdown-lint issues in CONTRIBUTING.md 2022-12-05 16:33:57 +01:00
Jan Macku
f6f213acaf doc: update link to systemd-rhel GitHub repo
systemd-rhel GitHub repository has been moved to new location:

- https://github.com/redhat-plumbers
2022-12-05 16:33:57 +01:00
Michal Sekletar
88e4bfa62b core: add possibility to not track certain unit types 2022-11-24 09:28:22 +09:00
Jason A. Donenfeld
47b3e96647 boot: remove random-seed-mode
Now that the random seed is used on virtualized systems, there's no
point in having a random-seed-mode toggle switch. Let's just always
require it now, with the existing logic already being there to allow not
having it if EFI itself has an RNG. In other words, the logic for this
can now be automatic.
2022-11-22 01:30:03 +01:00
Luca Boccassi
a0c544ee09
Merge pull request #25379 from keszybz/update-doc-links
Update doc links
2022-11-22 01:07:13 +01:00