IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Unfortunately this needs a new binary to do the mount because there's just
too many special steps to outsource this to systemd-mount:
- EPERM needs to be treated specially
- UserRuntimeDir= setting must be obeyed
- SELinux label must be adjusted
This allows user@.service to be started independently of logind.
So 'systemctl start user@nnn' will start the user manager for user nnn.
Logind will start it too when the user logs in, and will stop it (unless
lingering is enabled) when the user logs out.
Fixes#7339.
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
Use `systemctl --user --force exit` to implement the systemd-exit
user service.
This removes our dependence on an external `kill` binary and the
concerns about whether they recognize SIGRTMIN+n by name or what their
interpretation of SIGRTMIN is.
Tested: `systemctl --user start systemd-exit.service` kills the
`systemd --user` instance for my user.
This is analogous to 8d3ae2bd4c, except that now
src/core/umount.c not src/core/mount.c is converted.
Might help with https://bugzilla.redhat.com/show_bug.cgi?id=1554943, or not.
In the patch, mnt_free_tablep and mnt_free_iterp are declared twice. It'd
be nicer to define them just once in mount-setup.h, but then libmount.h would
have to be included there. libmount.h seems to be buggy, and declares some
defines which break other headers, and working around this is more pain than
the two duplicate lines. So let's live with the duplication for now.
This fixes memleak of MountPoint in mount_points_list_get() on error, not that
it matters any.
We currently have just one sanitizer for tests, asan, but we may add more in
the future. So let's keep the loop over the sanitizers in meson.build, but
just enable all regression cases under all sanitizers. If it fails under one
of them, it might fail under a different one.
In subsequent commits I'll add test cases which might not fail under asan,
but it's good to commit them for future use.
The test names are made more verbose:
256/257 fuzz-dns-packet:oss-fuzz-5465:address OK 0.04 s
257/257 fuzz-dns-packet:issue-7888:address OK 0.03 s
meson.build:2907: WARNING: Trying to compare values of different types (bool, str) using ==.
The result of this is undefined and will become a hard error in a future Meson release.
This turns resolve-tool into a multi-call binary. When invoked as
"resolvconf" it provides minimal compatibility with the resolvconf(8)
tool of various distributions (and FreeBSD as it appears).
This new interface understands to varying degrees features of the two
major implementations of resolvconf(8): Debian's original one and
"openresolv". Specifically:
Fully supported:
-a -d (supported by all implementations)
-f (introduced by openresolv)
Somewhat supported:
-x (introduced by openresolv, mapped to a '~.' domain entry)
Unsupported and ignored:
-m -p (introduced by openresolv, not really necessary for us)
Unsupported and resulting in failure:
-u (supported by all other implementations)
-I -i -l -R -r -v -V
(all introduced by openresolv)
--enable-updates --disable-updates --updates-are-enabled
(specific to Debian's implementation)
Of course, resolvconf(8) is a tool with multiple backends, in our
implementation systemd-resolved is the only backend.
Fixes: #7202
Follow-up for ba7f4ae617.
By default, we detect if the real root has a separate /usr/sbin directory, but
this can be overrides with -Dsplit-bin=true|false. The check assumes that
/usr/sbin is split if it is not a symlink, so it'll return a false negative
with some more complicated setups. But that's OK, in those cases this should be
configured explicitly.
This will copy the structure of the directories in the root file system to
$DESTDIR. If a directory is a directory in $DESTDIR but a symlink in the root
file system, this script will fail. This means that it's not possible to reuse
a $DESTDIR from between ba7f4ae61 and this patch.
I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.
This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.
There isn't much difference, but in general we prefer to use the standard
functions. glibc provides reallocarray since version 2.26.
I moved explicit_bzero is configure test to the bottom, so that the two stdlib
functions are at the bottom.
The Linux kernel exposes the birth time now for files through statx()
hence make use of it where available. We keep the xattr logic in place
for this however, since only a subset of file systems on Linux currently
expose the birth time. NFS and tmpfs for example do not support it. OTOH
there are other file systems that do support the birth time but might
not support xattrs (smb…), hence make the best of the two, in particular
in order to deal with journal files copied between file system types and
to maintain compatibility with older file systems that are updated to
newer version of the file system.
Apply defaults for system_{uid,gid}_max even if the /etc/login.defs file
doesn't exist (e.g. in Clear Linux with no changes).
awk returns an empty string in case the file doesn't exist, causing meson to
fail in to_int(). So set the default if output is empty. This makes the BEGIN{}
blocks unnecessary, so remove them.
The single quote working with multiple lines is likely to be unintended. With
current versions of meson, it also causes error messages after it to report the
wrong line number. Use the documented syntax instead.
I used 'tags' before because this way we avoided a unnecessary
line about 'env' detection. But we cannot use 'env' in test(), so
previous commit added 'env' detection. We might just as well use
it in custom_target().
This is a bit painful because a separate build of systemd is necessary. The
tests are guarded by tests!=false and slow-tests==true. Running them is not
slow, but compilation certainly is. If this proves unwieldy, we can add a
separate option controlling those builds later.
The build for each sanitizer has its own directory, and we build all fuzzer
tests there, and then pull them out one-by-one by linking into the target
position as necessary. It would be nicer to just build the desired fuzzer, but
we need to build the whole nested build as one unit.
[I also tried making systemd and nested meson subproject. This would work
nicely, but meson does not allow that because the nested target names are the
same as the outer project names. If that is ever fixed, that would be the way
to go.]
v2:
- make sure things still work if memory sanitizer is not available
v3:
- switch to syntax which works with meson 0.42.1 found in Ubuntu
Add a new -Dllvm-fuzz=true option that can be used to build against
libFuzzer and update the oss-fuzz script to work outside of the
oss-fuzz build environment.
The fuzz targets are intended to be fast and only target systemd
code, so they don't need to call out to any dependencies. They also
shouldn't depend on shared libraries outside of libc, so we disable
every dependency when compiling against oss-fuzz. This also
simplifies the upstream build environment significantly.
The fuzzers will be used by oss-fuzz to automatically and
continuously fuzz systemd.
This commit includes the build tooling necessary to build fuzz
targets, and a fuzzer for the DNS packet parser.
Currently there is no way to prevent tests from building using meson.
This introduces two problems:
1) It adds a extra 381 files to compile.
2) One of these tests explicitly requires libgcrypt to be built even if systemd
is not using it.
3) It adds C++ to the requirements to build systemd.
When cross-compiling, this is uneccessary.
On a typical system running systemd, the telinit in PATH is very likely to be a symlink
to systemctl. Setting TELINIT to this may result in an infinite recursion if telinit is called
and sd_booted() == 0. This may commonly occur in a chroot environment.
Bug: https://bugs.gentoo.org/642724
[zj:
The path was originally hardcoded as "/lib/upstart/telinit", but was made configurable without
changing the default in 4ad61fd180. Then the default was
changed to `/lib/sysvinit/telinit` in abaaabf40a. Then it
started being autodetected when meson support was added in
5c23128dab. This patch restores the behaviour that was
implemented in configure.ac at the time of its removal.]
This reduces the man=false meson target count from 1281 to 1253.
--
A fully scientific test:
git grep _sources, :/*.build|cut -d: -f2|tr -d ' '|sort|uniq -c
reveals that libudev_sources is the only source list now reused twice. There's
some ugly circular dependency between libudev and libshared, and anyway I'm not
sure if we don't want to use different compilation options (LOG_REALM_…) in
those two cases, so I'm leaving that alone for now.
This reduces the meson man=false target count to 1281.
v2:
- link test-engine with libshared instead of libsystemd_static
Previous version built fine on F27, but fails on F26 with the following error:
/usr/bin/ld: /tmp/ccr8HRGw.ltrans6.ltrans.o: undefined reference to symbol '__start_BUS_ERROR_MAP@@SD_SHARED'
/home/zbyszek/fedora/systemd/systemd-9d5aae75c64f5583a110f03b94816aacc03bbf4d/x86_64-redhat-linux-gnu/src/shared/libsystemd-shared-236.so: error adding symbols: DSO missing from command line
v3:
- add libudev_basic
Instead of compiling those files twice, once for libsystemd and once for
libshared, compile once as a static archive and then link into both.
This reduce the meson target for man=no compile to 1291.
We were including gcrypt-util.[ch] by hand in the few places where it
was used. Create a convenience library to avoid compiling the same
files multiple times.
v2:
- use a separate static library instead of mergin into libbasic
gcrypt_util_sources had to be moved because otherwise they appeared twice
in libshared.so halfproducts, causing an error.
-fvisibility=default is added to libbasic, libshared_static so that the symbols
appear properly in the exported symbol list in libshared.
The advantage is that files are not compiled twice. When configured with -Dman=false,
the ninja target list is reduced from 1588 to 1347 targets. The difference in compilation
time is small (<10%). I think this is because of -O0 and ccache and multiple cores, and
in different settings the compilation time could be reduced. The main advantage is that
errors and warnings are not reported twice.
We of course don't know in which header glibc will export pivot_root()
and if it ever will. But there's a good chance they'll place it where
chroot() is located, given the similarity in the operations, hence let's
try our luck and look for it at the same place.
If we are lucky this means we don't have to patch our code if glibc
decides to expose the call one day.
This reworks how we set _GNU_SOURCE when checking for the availability
of functions:
1. We set it for most of the functions we look for. After all we set it
for our entire built anyway, and it's usually how Linux-specific
definitions in glibc are protected these days. Given that we usually
have checks for such modern stuff only anyway, let's just blanket enable
it.
2. Use "args" instead of "prefix" to set the macro. This is what is
suggested in the meson docs, hence let's do it.
Follow-up for bad7a0c81f501fbbcc79af9eaa4b8254441c4a1f of git
repository for glibc.
Recently glibc added `copy_file_range()`, but to use it,
`_GNU_SOURCE` needs to be defined. This adds the flag in
meson.build to detect the function by meson correctly.
This gets rid of recompilation, making things faster and avoids duplicated warnings.
The result seems to be the same:
$ ls -l build/libsystemd.so.0.20.0 build2/libsystemd.so.0.20.0
-rwxrwxr-x. 1 zbyszek zbyszek 3071312 Dec 19 11:45 build2/libsystemd.so.0.20.0
-rwxrwxr-x. 1 zbyszek zbyszek 3071760 Dec 19 11:11 build/libsystemd.so.0.20.0
$ diff -U1 <(objdump -T build/libsystemd.so.0.20.0|sed -r 's/[0-9a-f]{16}/________________/g') <(objdump -T build2/libsystemd.so.0.20.0|sed -r 's/[0-9a-f]{16}/________________/g')
-build/libsystemd.so.0.20.0: file format elf64-x86-64
+build2/libsystemd.so.0.20.0: file format elf64-x86-64
We already use the "_static" suffix for libshared_static ("shared" is the name
of the library, "static" is the format) and other libs, so let's rename for
consistency.
Also change libsystemd_static_sources to libsystemd_sources, since the same
list is used for both and shorter is better.
Otherwise, setting udev_log=debug in /etc/udev/udev.conf has no effects since
systemd-udevd is built with LOG_REALM=LOG_REALM_UDEV.
However using LOG_REALM_UDEV (for libudev_core) reveals another similar bug for
udevadm which should also define LOG_REALM_UDEV.
We might end up allocating mempools, and when we are unloaded we might
orphan them, thus leaking them. Hence, let's just stick around for good,
so the mempools remain referenced continously and for good, and thus no
memory is leaked (though the memory isn't cleaned up either).
Fixes: #7596
I want to add presets/user/ later. This mirrors the layout for units:
we have units/ and units/user. The advantage is that we avoid having yet
another directory at the top level.
To allow better integration with distributions requiring an explicitly
set gid for the `users` group, provide the new `-Dusers-gid` option to
set to a new numeric value.
In the absence of a specified gid, we'll fallback to the default existing
behaviour of `-` as the gid value, to automatically assign the next available
gid on the system.
In this way, individual errors in files can be treated differently than a
failure of the whole service.
A test is added to check that the expected value is returned.
Some parts are commented out, because it is not. This will be fixed in
a subsequent commit.
I opted to completely generate a unit for both mount points and swaps. For
swaps, it would be possible to use fixed template unit like systemd-mkswap@.service,
because there's no information passed except the device name. For mount points,
that's not possible because both the device name and file system type need to
be passed. Nevertheless, I expect that options will need to passed to both mkfs
and mkswap, in which case it'll be necessary to create units of both types
anyway.
Similar to the virtual ethernet driver veth, vxcan implements a
local CAN traffic tunnel between two virtual CAN network devices.
When creating a vxcan, two vxcan devices are created as pair
When one end receives the packet it appears on its pair and vice
versa. The vxcan can be used for cross namespace communication.
At some point before gcc-7 was released, -Wimplicit-fallthrough=3 was included
in -Wextra. The documentation for gcc-7.2.1-2.fc27.x86_64 still says that, but
empirical testing shows that it's not. The documentation also misstates that
-Wimplicit-fallthrough is equivalent to -Wimplicit-fallthrough=3.
Let's add -Wimplicit-fallthrough=3 explicitly to get the warnings if we regress.
Prompted by #7389.
So far I avoided adding license headers to meson files, but they are pretty
big and important and should carry license headers like everything else.
I added my own copyright, even though other people modified those files too.
But this is mostly symbolic, so I hope that's OK.
- Remove the uaccess tag from /dev/dri/renderD*.
- Change the owning group from video to render.
- Change default mode to 0666.
- Add an option to allow users to set the access mode for these devices at
compile time.
kmod upstream uses /lib/modprobe.d which means we need to use rootprefix
instead of prefix for installing the modprobe configuration file as
otherwise split-usr systems are broken.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879191
The configuration option was called -Dresolve, but the internal define
was …RESOLVED. This options governs more than just resolved itself, so
let's settle on the version without "d".
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
This is a legacy of autotools, where one detection routine used a different
prefix then the others.
$ git grep -e HAVE_DECL_ -l|xargs sed -i s/HAVE_DECL_/HAVE_/g
Fixes#4871.
The new libmount has two changes relevant for us:
- x-* options are propagated to /run/mount/utab and are visible through
libmount (fixes#4817).
- umount -c now really works (partially solves #6115).
Routing Policy rule manipulates rules in the routing policy database control the
route selection algorithm.
This work supports to configure Rule
```
[RoutingPolicyRule]
TypeOfService=0x08
Table=7
From= 192.168.100.18
```
```
ip rule show
0: from all lookup local
0: from 192.168.100.18 tos 0x08 lookup 7
```
V2 changes:
1. Added logic to handle duplicate rules.
2. If rules are changed or deleted and networkd restarted
then those are deleted when networkd restarts next time
V3:
1. Add parse_fwmark_fwmask
Seems to be some kind of confusion in gcc. Insteading of playing whack-a-mole and
adding work-arounds in code, let's adjust the compilation options instead.
Fixes#6119, replaces #6657.
some run_target() calls were using params from custom_target()
example message:
WARNING: Passed invalid keyword argument "input". This will become a hard error in the future.
New way to call targets:
ninja man/man
ninja man/html
ninja man/update-man-rules
This changes the symbolic name for the default gateway from "gateway" to
"_gateway". A new configuration option -Dcompat-gateway-hostname=true|false
is added. If it is set, the old name is also supported, but the new name
is used as the canonical name in either case. This is intended as a temporary
measure to make the transition easier, and the option should be removed
after a few releases, at which point only the new name will be used.
The old "gateway" name mostly works OK, but hasn't gained widespread acceptance
because of the following (potential) conflicts:
- it is completely legal to have a host called "gateway"
- there is no guarantee that "gateway" will not be registered as a TLD, even
though this currently seems unlikely. (Even then, there would be no
conflict except for the case when the top-level domain itself was being resolved.
The "gateway" or "_gateway" labels have only special meaning when the
whole name consists of a single label, so resolution of any subdomain
of the hypothetical gateway. TLD would still work OK. )
Moving to "_gateway" avoids those issues because underscores are not allowed
in host names (RFC 1123, §2.1) and avoids potential conflicts with local or
global names.
v2:
- simplify the logic to hardcode "_gateway" and allow
-Dcompat-gateway-hostname=true as a temporary measure.
This was done autogen.sh previously and was dropped in
72cdb3e783. Let's add it back.
The meson configuration step is the only reasonable place.
Note that this only works for the most standard git dirs, e.g.
the hook will not be installed if git worktree is used or if
$GIT_DIR is specified, etc. I think that's OK because most of
the time meson will be run at least once in the original cloned
dir.
This makes it more like other configure defines.
Also, it fixes meson status output which was looking for HAVE_ and ENABLE_
prefixes only (the define under meson was OK, just the summary message was
wrong.)
This is just the meson part, no functional change.
Use meson -D slow-tests=yes to set the default,
or SYSTEMD_SLOW_TESTS=yes build/test-foobar for just one test.
Setting the default is more useful for installed tests.
This is a squash of casync commits
02fbbdb2b9
(by Silvio Fricke)
and b687a94b1e.
Instead of checking during every meson config whether etags are
available, just try to call them and error out if not. This has
the advantage that the target is always available (if git is installed),
and the error message gives a hint what needs to be installed.
The naming is confusing, but etags(1) is pretty clear:
- emacs expects TAGS file in etags format
- vi expects tags file in ctags format
and automake docs are pretty clear too:
- tags target generates TAGS file
- ctags target generates tags file
If wanted, the linker can be set with LDFLAGS (LDFLAGS=-Wl,-fuse-ld=gold meson ...),
and setting it internally was interfering with that. It seems that both gold and
bfd work very well and quick, and the reasons we had to prefer gold are not relevant
anymore.
Fixes#6169.
Always install all tests if install-tests is set to true, as they might
be useful for CI. This includes manual and unsafe tests. Install those
in subdirectories of /usr/lib/systemd/tests.
Fixes#6163.
Three binaries would fail to link when ld.bfd was used and link-udev-shared was
false. Add -pthreads (again) to the failing binaries and synchronize the
dependency list between libsystemd-shared .a and .so versions.
Apart from allowing the build to succeed, this shouldn't have much effect becuase
systemd-networkd was already using pthreads.
Fixes#5828.
The TAGS file was generated in build/ following what autotools did.
Nevertheless, it's more convenient to put in the source dir.
(It doesn't get deleted by mistake, and it's easier to find for the
editor.)
This test is mostly a compilation test that checks that various defines in
sd-bus-vtable.h are valid C++. The code is executed, but the results are not
checked (apart from sd-bus functions not returning an error). test-bus-objects
contains pretty extensive tests for this functionality.
The C++ version is only added to meson, since it's simpler there.
Because of the .cc extension, meson will compile the executable with c++.
This test is necessary to properly check the macros in sd-bus-vtable.h. Just
running the headers through g++ is not enough, because the macros are not
exercised.
Follow-up for #5941.
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:
hosts: resolve [!UNAVAIL=return] dns myhostname
Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.
Tested with
hosts: resolve [!UNAVAIL=return] myhostname
and
hosts: resolve [!UNAVAIL=return] dns myhostname
Fixes#5742.
