IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Commit 74dd6b515f (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
This is a squash of casync commits
02fbbdb2b9
(by Silvio Fricke)
and b687a94b1e.
Instead of checking during every meson config whether etags are
available, just try to call them and error out if not. This has
the advantage that the target is always available (if git is installed),
and the error message gives a hint what needs to be installed.
The naming is confusing, but etags(1) is pretty clear:
- emacs expects TAGS file in etags format
- vi expects tags file in ctags format
and automake docs are pretty clear too:
- tags target generates TAGS file
- ctags target generates tags file
When vconsole-setup is called without arguments, search for a usable
console instead of using /dev/tty0.
/dev/tty0 — pointing to the current active console — it not necessarily
usable and in such case vconsole-setup would exit with failure. In particular
when systemd-vconsole-setup.service was restarted from within an X
session, it always failed.
If the function searching for a usable source terminal fails, the first
encountered error is returned to the caller.
Closes#5367.
Additional changes:
- true/false functions with 'is_ prefix are renamed to functions with
'verify_vc_' prefix and return 0 on success and negative error on
failure
- O_NOCTTY flag is used when opening terminals
In a Secure Boot scenario the stub loader will have been validated
before execution. A malicious drive could then change the data returned
in future reads, resulting in the loader obtaining incorrect section
offsets and (for instance) allowing the command line to be modified.
Pull that information out of the in-RAM representation of the loader
instead in order to avoid this.
Fixes: #6230
(Lennart did some minor coding style fixes, and renamed pefile.c → pe.c,
as suggested by Kay, given that the file now contains a function whose
name doesn't match the filename as prefix anymore.)
In the initial design, foobar-wait-online.service would have
Requisite=foobar.service, so that foobar-wait-online.service could be enabled
unconditionally, irrespective of whether foobar.service itself is enabled.
Unfortunately this doesn't work too well:
1. the message about foobar-wait-online.service being skipped because of a
"missing dependency" *looks* like an is problem. This is mostly cosmetic,
but it also quite confusing. We generally don't want any messages of this
type during default boot.
2. it is impossible to start and wait for the network in an
implementation-agnostic way: systemctl start network-online.target, or
Wants/After=network-online.target in a unit don't work because pulling in
network-online.target pulls in foobar-wait-online.service, but it in turn
does not pull in foobar.service. During startup, foobar.service is pulled in
by multi-user.target, but not in a smaller transaction which does not
include multi-user.target.
This change means that *-wait-online.service should be installed through
presets, so that it can be enabled/disabled at will by the administrator.
Our own systemd-networkd-wait-online.service does this already, and
similar change has been requested for NetworkManager-wait-online.service
(https://bugzilla.redhat.com/show_bug.cgi?id=1455704).
This change should by mostly backwards-compatible, unless somebody has some
wait-online.service enabled, without having the corresponding network
implementation enabled, and they are relying on it not being started. I think
that's relatively unlikely because of issue 1. above, and I'm not aware of this
being the default in any distro. And being able to start the network in an
implementation-agnostic way is pretty important, see
https://bugzilla.redhat.com/show_bug.cgi?id=1452866.
When vsnprintf() truncated output, dest was advanced by the entire
size of dest leaving it just past the end. Then the fall-through \0
termination scribbled one past the end. The explicit null termination
is not necessary since vsnprintf() always includes the terminator even
when truncated.
Additionally these functions encourage calling with zero-length sizes,
while assuming non-zero sizes with potential buffer overflows.
Simply short-circuit the relevant functions when size == 0.
Fixes https://github.com/systemd/systemd/issues/6252
Like I said in the previous commit, such values do not seem to appear in normal
use, but it's pretty hard to prove that all paths to assign values properly
check that they contain no spaces. So just in case some slip through, replace
values with spaces (in case of single-valued properties) or spaces and newlines
(in case of array proprties) with "[unprintable]". We were already doing it
in case of properties which we didn't know how to print, so this fits in well.
The advantage is the previous code which used escaping that a) this is easier
to spot, b) does not mess up printing of properties which were properly escaped
already.
v2:
- add comments
When umounting an NFS filesystem, it is not safe to lstat(2) the mountpoint at
all as that can block indefinitely if the NFS server is down.
umount() will not block, but lstat() will.
This patch therefore removes the call to lstat(2) and defers the handling of
any error to the child process which will issue the umount call.
This extends 2d79a0bbb9 to the kernel
command line parsing.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
Simple test is added.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
For some reason git shortlog spits out non-breaking spaces, let's remove
that, as for our purposes (inclusion in NEWS) we really want breaking
(i.e. normal) spaces.
As suggested in:
496ae8c84b (commitcomment-22819483)
Let's drop some noise from the logs, as switching between DNS servers is
definitely useful for debugging, but shouldn't get more attention that
that.
Regression introduced in commit b876bc0 when building on systemds with a pre
3.11 headers (RHEL7 and derivatives).
All the DPAD defines were introduced in the same kernel commit
d09bbfd2a8408a9954, we don't need a separate ifdef check for right.
Fixes#6240
Note that this will only work with the new "hid-retrode" driver in the
upcoming 4.12 kernel as otherwise the mouse events and the 4 joypad
ports are bundled into a single event node.
Under nspawn, systemd would print:
Got address error code: Operation not permitted
Got address error code: Operation not permitted
Got start error code: Operation not permitted
which is quite unclear out of context. Change that to:
Failed to add address 127.0.0.1 to loopback interface: Operation not permitted
Failed to add address ::1 to loopback interface: Operation not permitted
Failed to bring loopback interface up: Operation not permitted
This is just a cosmetic issue.
Garbage collection of jobs (especially the ones that we create automatically)
is something of an internal implementation detail and should not be made
visible to the users. But it's probably still useful to log this in the
journal, so the code is rearranged to skip one of the messages if we log to the
console and the journal separately, and to keep the message if we log
everything to the console.
Fixes#6254.
This reverts commit 27e9c5af81.
Property values already use escaping, so escaping them a second time is
confusing. It also should be mostly unnecessary: we take care to make property
values only contains strings which (after the initial escaping) are printable
and parseable without any futher escaping.
Before revert:
$ systemctl list-dependencies 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
● ├─dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.swap
● └─systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
$ systemctl show -p Wants,Requires 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
Requires=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
Wants=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.swap
Difference between systemctl show before revert and now:
-Slice=system-systemd\x5cx2dcryptsetup.slice
+Slice=system-systemd\x2dcryptsetup.slice
-Id=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Id=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Names=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Names=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Requires=system-systemd\x5cx2dcryptsetup.slice
+Requires=system-systemd\x2dcryptsetup.slice
-BindsTo=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+BindsTo=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
-RequiredBy=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device cryptsetup.target
+RequiredBy=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device cryptsetup.target
-WantedBy=dev-disk-by\x5cx2duuid-8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+WantedBy=dev-disk-by\x2duuid-8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
Fun fact 1 suggests that a "close()" is needed, but that close() has long since been
removed. So the comment in now meaningless and possibly confusing.
Fun fact 2 refers to a bug that has been fixed in Linux prior to v4.12
Commit: 9fa4eb8e490a ("autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL")
so revise the comment so that no-one goes pointlessly looking for the bug.
Since f472d466ec ("Remove BTN_DPAD_* keys from ID_INPUT_KEY test
(#5701)") dpad buttons are excluded from keyboard keys for keyboard
detection.
Include them in joystick buttons for joystick detection.
Create /var/log/lastlog the same way we create utmp and wtmp.
This is useful for stateless systems where /var is volatile and a
missing /var/log/lastlog otherwise creates error messages like
Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Fixes#6234
Fixes#295.
(We cannot add a comment to either of those files because they are documented
to "only support variable assignments", so it's better to add an explanation
in the man page instead.)
This makes `systemd-umount` or `systemd-mount -u` support unmounting
loop devices by the corresponding backing files, like
`systemd-mount --umount /tmp/foo.img /tmp/bar.img`
Fixes#6206.
The CapabilityBoundingSet option only makes sense if we are running as
PID1.
The system.conf.d(5) manpage, already states that the CapabilityBoundingSet
option:
Controls which capabilities to include in the capability bounding set
for PID 1 and its children.
https://github.com/systemd/systemd/issues/6080
Previously, we'd ask liblkid to also tell us about recognized
superblocks with bad checksums. We'd then log about them and ignore
them. This however created ambuigity problems, see #6110: the
BLKID_SUBLKS_BADCSUM is not as innocent as it appears.
This patch drops bad checksum handling and we ignore all such superblocks
entirely again, as it was the status quo ante
d47f6ca5f9 (where this was snuck in).
Ideally, libblkid would be changed to avoid this ambiguity problems for
bad checksums, but that's not going to happen any time soon, according
to @karelzak.
Fixes: #6110
Previously, only when --register=yes was set (the default) the invoked
container would get its own scope, created by machined on behalf of
nspawn. With this change if --register=no is set nspawn will still get
its own scope (which is a good thing, so that --slice= and --property=
take effect), but this is not done through machined but by registering a
scope unit directly in PID 1.
Summary:
--register=yes → allocate a new scope through machined (the default)
--register=yes --keep-unit → use the unit we are already running in an register with machined
--register=no → allocate a new scope directly, but no machined
--register=no --keep-unit → do not allocate nor register anything
Fixes: #5823
