1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-07 21:18:41 +03:00
Commit Graph

77964 Commits

Author SHA1 Message Date
Lennart Poettering
62f3e2f84a nspawn: make sure --private-users-ownership=no and =off work the same way
We usually want to use "extended booleans" for cases like this, i.e.
that "off", "no" and "0" can be used interchangably for turning
something off.
2024-11-28 00:47:14 +09:00
Lennart Poettering
92338a63ff sysext: coding style fixes & fix a memory leak
Follow-up for: bbec1c87d3
2024-11-28 00:46:33 +09:00
Luca Boccassi
2eab62a4db po: update translations
ninja -C build systemd-update-po
2024-11-27 15:17:23 +00:00
Luca Boccassi
77e0953971 hwdb: update
ninja -C build update-hwdb
2024-11-27 15:17:23 +00:00
Luca Boccassi
a881ca663f NEWS: update contributors list 2024-11-27 15:17:23 +00:00
Yu Watanabe
288b9acf1c
Minor follow-ups for recent PRs (#35381) 2024-11-28 00:16:29 +09:00
Lennart Poettering
fbb159b789 service: don't second guess invocation mode again
let's just check the debug invocation boolean, and not recheck the
restart mode again. It's mostly redundant (because the boolean should
not have been become true if the restart mode was not set accordingly).

Moreover, i think we might want to eventually allow a manual way to
enable debug invocation mode, and hence this pointless checking would
become a problem.

Also, we never check the restart mode again in other cases, hence we
shouldn't here either.
2024-11-28 00:14:55 +09:00
Lennart Poettering
d79ba8574b nspawn: improve error message when we cannot look into a container tree due to perms 2024-11-28 00:14:04 +09:00
Lennart Poettering
c18a102464 tests: fix access mode of root inode of throw-away container images
Otherwise the root inode will typically have what mkdtemp sets up, which
is something like 0700, which is weird and somewhat broken when trying
to look into containers from unpriv users.
2024-11-28 00:13:27 +09:00
Lennart Poettering
0790f4e45f nspawn: don't try to unregister a machine we never registered
When registering we condition this on "arg_register". Let's do the same
when unregistering, otherwise we might end up trying to unregister a
machine we never registered.
2024-11-28 00:12:57 +09:00
Mike Yuan
9a1276e0a2
shared/bootspec: mark _to_string funcs as _const_
Addresses https://github.com/systemd/systemd/pull/34959#discussion_r1860451777
2024-11-27 14:49:09 +01:00
Mike Yuan
992852e24c
shared/bootspec: use FOREACH_ELEMENT where appropriate, avoid unneeded memzero() 2024-11-27 14:49:08 +01:00
Mike Yuan
7d93fa7099
shared/bootspec: move boot_entry_addons_done() up, drop separate prototype
Follow-up for e2501a851e
2024-11-27 14:49:04 +01:00
Mike Yuan
7a719510c8
basic/fileio: minor coding style cleanup
Follow-up for bbec1c87d3
2024-11-27 14:33:23 +01:00
Lennart Poettering
92033d8fba man: split systemd.conf(5) into multiple sections
No changes in wording, let's just make a very long man page a bit more
digestable by adding sections, and then reordering settings to fit into
them.
2024-11-27 21:51:32 +09:00
Lennart Poettering
209a9e7bf3 Update TODO 2024-11-27 13:06:18 +01:00
Luca Boccassi
0abaa5be10
bootspec fixups (#34959) 2024-11-27 10:55:32 +00:00
Zbigniew Jędrzejewski-Szmek
ef20d06da6
ukify: Switch to JSON HWID description format (#35208)
Fixes #35176
2024-11-27 09:50:41 +01:00
Adrian Vovk
f2751d757f
bootspec: Look at /loader/addons in XBOOTLDR
The bootspec util-lib's handling of global addons didn't previously
match the behavior of sd-stub, and this commit corrects that.

First, bootspec didn't load global addons from the XBOOTLDR dir, but the
stub does. So, bootspec now enumerates addons in XBOOTLDR, not just ESP

Second, the stub only loads resources (including addons) from the
partition that it was found on. Thus, we must keep track of which
partition the global addons come from, and which partition each boot
entry comes from. In other words: global addons found on the ESP will
NOT apply to UKIs found in XBOOTLDR, and bootspec now reflects that.
2024-11-26 22:25:29 -05:00
Adrian Vovk
ef370a3c30
bootspec: Fixup loading of local addons for UKIs
Follow-up for 59b3df9
2024-11-26 16:33:11 -05:00
Adrian Vovk
e2501a851e
bootspec: Fixup memory leak
This would previously leak memory: the array was deleted but contents
inside of the array were not
2024-11-26 16:33:10 -05:00
Adrian Vovk
5a10a9a3bb
sd-stub: Fixup typo & measurement order
A previous commit accidentally reversed the measurement order of the
confext initrds and sysext initrds via a minor typo. This commit fixes
the typo and restores the original measurement order

Follow-up: ac32323
2024-11-26 16:33:09 -05:00
gerblesh
bbec1c87d3 sysext: set SELinux context for hierarchies and workdir 2024-11-26 17:47:32 +00:00
Yu Watanabe
f29a07f3fc man: several more assorted fixes
Continuation of 4ebbb5bfe8.
Closes #35307.
2024-11-26 17:28:14 +01:00
Luca Boccassi
0566bd9643
machine: increase timeouts in attempt to fix #35115 (#35117)
An attempt to fix https://github.com/systemd/systemd/issues/35115
2024-11-26 16:12:56 +00:00
Lennart Poettering
7b4b3a8f7b sd-varlink: fix bug when enqueuing messages with fds asynchronously
When determining the poll events to wait for we need to take the queue
of pending messages that carry fds into account. Otherwise we might end
up not waking up if such an fd-carrying message is enqueued
asynchronously (i.e. not from a dispatch callback).
2024-11-26 16:06:53 +00:00
Winterhuman
5bed97dd57
man/systemd-system.conf: Correct "struct" to "strict" (#35364) 2024-11-26 22:41:49 +09:00
Luca Boccassi
c4d7a13c06 cryptsetup: convert pkcs11/fido2 to iovec for key handling
key-data might be NULL. Fixes crash:

0  0x0000559c62120530 in attach_luks_or_plain_or_bitlk (cd=0x559c6b192830, name=0x7ffd57981dc4 "root", token_type=TOKEN_FIDO2, key_file=0x0, key_data=0x0, passwords=0x0, flags=524296, until=0)
    at ../src/cryptsetup/cryptsetup.c:2234
        pass_volume_key = false
        r = 1469577760
        __func__ = '\000' <repeats 29 times>
1  0x0000559c6212279c in run (argc=6, argv=0x7ffd5797fe98) at ../src/cryptsetup/cryptsetup.c:2597
        discovered_key_data = {iov_base = 0x0, iov_len = 0}
        key_data = 0x0
        token_type = TOKEN_FIDO2
        destroy_key_file = 0x0
        flags = 524296
        until = 0
        passphrase_type = PASSPHRASE_NONE
        volume = 0x7ffd57981dc4 "root"
        source = 0x7ffd57981dc9 "/dev/disk/by-uuid/8372fb39-9ba4-461a-a618-07dcaae66280"
        status = CRYPT_INACTIVE
        tries = 0
        key_file = 0x0
        config = 0x7ffd57981e05 "luks,discard,fido2-device=auto,x-initrd.attach"
        use_cached_passphrase = true
        try_discover_key = true
        discovered_key_fn = 0x7ffd5797fa70 "root.key"
        passwords = 0x0
        cd = 0x559c6b192830
        verb = 0x7ffd57981dbd "attach"
        r = 0
        __func__ = "\000\000\000"
2  0x0000559c621231e6 in main (argc=6, argv=0x7ffd5797fe98) at ../src/cryptsetup/cryptsetup.c:2674
        r = 32553
        __func__ = "\000\000\000\000"

Follow-up for 53b6c99018
2024-11-26 22:04:24 +09:00
Abderrahim Kitouni
0ae6f4843e updatectl: fix DBus method signature for SetFeatureEnabled
The signature was changed to 'sit' in sysupdated during review, but updatectl
kept using 'sbt'
2024-11-26 22:03:41 +09:00
Yu Watanabe
1ea1a79aa1 Revert "Revert "man: use MIT-0 license for example codes in daemon(7)""
This reverts commit 7a9d0abe4d.
2024-11-26 12:26:10 +01:00
Luca Boccassi
7a9d0abe4d Revert "man: use MIT-0 license for example codes in daemon(7)"
This reverts commit 6046cc3660.
2024-11-26 19:47:21 +09:00
Yu Watanabe
6046cc3660 man: use MIT-0 license for example codes in daemon(7)
This page contains many short example codes. I do not think we should
add SPDX-License-Identifier for all codes.

Closes #35356.
2024-11-26 11:12:08 +01:00
Luca Boccassi
321c202e7c
man: assorted fixes (#35326)
Closes #35307.
2024-11-25 15:02:08 +00:00
Daan De Meyer
e3b5a0c32d test: Use env in testsuite readme
Let's make sure we use env when we're setting environment variables
to rely less on shell specifics.
2024-11-25 14:54:23 +00:00
Zbigniew Jędrzejewski-Szmek
766d74fd8b
core/device: ignore ID_PROCESSING udev property on enumerate (#35332)
Fixes #35329.
2024-11-25 14:21:36 +01:00
Zbigniew Jędrzejewski-Szmek
d293fade24
Check inode number to see if we are in init namespace (#35306)
This is a more comprehensive fix compared to #35273. Also adds a minimal
test only.

Based on Luca's #35273 but generalizes the code a bit.

In v258 we really should get rid of the old heuristics around userns and
cgroupns detection, but given we are late in the v257 cycle this keeps
them in.
2024-11-25 14:13:36 +01:00
Daan De Meyer
4a346b779a test: Dump coredumps from journal in the integration test wrapper
Fixes #35277
2024-11-25 19:12:11 +09:00
Yu Watanabe
0e42004f3e networkd-test.py: disable IPv6AcceptRA= if not necessary
To speed up the test. Otherwise, it takes about few seconds interfaces
to enter the configured state. And may networkd-wait-online timeouts.
2024-11-25 10:07:26 +00:00
Yu Watanabe
675feaf521 TEST-17: add reproducer for issue #35329
Without the previous commit, the test case will fail.
2024-11-25 15:33:48 +09:00
Yu Watanabe
c4fc22c4de core/device: ignore ID_PROCESSING udev property on enumerate
This partially reverts the commit 405be62f05
"tree-wide: refuse enumerated device with ID_PROCESSING=1".

Otherwise, when systemd-udev-trigger.service is (re)started just before
daemon-reexec, which can be easily happen on systemd package update, then
udev database files for many devices may have ID_PROCESSING=1 property,
thus devices may not be enumerated on daemon-reexec. That causes many
units especially mount units being deactivated after daemon-reexec.

Fixes #35329.
2024-11-25 15:33:48 +09:00
Luca Boccassi
6fd3496cfd test: mask tmpfiles.d file shipped by selinux policy package in containers
This tmpfiles.d wants to write to sysfs, which is read-only in containers,
so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn
if the selinux policy package is instealled. Mask it, as it's not our
config file, we don't need it in the test.
2024-11-25 15:25:55 +09:00
Daan De Meyer
bb486fe9df mkosi: Use shared extra tree between initrd and main image
Let's share more between initrd and main system and use a shared
extra tree to achieve that.
2024-11-25 15:09:58 +09:00
Daan De Meyer
0e44a351ea mkosi: Make sure mkosi.clangd always runs on the host
If the editor that invokes mkosi.clangd is a flatpak, let's make sure
that mkosi is run on the host and not in the flatpak sandbox since it
won't be installed there.
2024-11-25 00:21:10 +01:00
Luca Boccassi
94eacb9329
Various mkosi and integration test fixes (#35336) 2024-11-24 18:10:03 +00:00
Daan De Meyer
f458a60391 test: Lint integration-test-wrapper.py 2024-11-24 16:47:20 +01:00
Daan De Meyer
ceca7c5005 test: Fix typing errors in integration-test-wrapper.py 2024-11-24 16:47:20 +01:00
Daan De Meyer
4f969b20b0 test: Format integration-test-wrapper.py 2024-11-24 16:47:20 +01:00
Daan De Meyer
d6047d9fb5 ukify: Fix typing error 2024-11-24 16:47:20 +01:00
Daan De Meyer
a2aacbfad5 Move mypy.ini and ruff.toml to top level
This allows reusing them for integration-test-wrapper.py as well.
2024-11-24 16:47:20 +01:00
Daan De Meyer
6d2fd490cf integration-test-wrapper: Remove unneeded format strings 2024-11-24 16:47:20 +01:00