1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

73258 Commits

Author SHA1 Message Date
Daan De Meyer
2541f28e4b
Merge pull request #32477 from DaanDeMeyer/fixes
Various fixes
2024-04-25 18:24:09 +02:00
Luca Boccassi
8e0bd955fe
Merge pull request #32474 from poettering/varlink-no-pidfd
varlink: tweak fallback for SO_PEERPIDFD on old kernels
2024-04-25 17:27:18 +02:00
Luca Boccassi
c929c6a987
Merge pull request #32467 from yuwata/network-radv-cleanup
undefined
2024-04-25 17:10:27 +02:00
dependabot[bot]
34b795d4e9 build(deps): bump pkg/debian from 733ac7c to 4b1f868
Bumps pkg/debian from `733ac7c` to `4b1f868`.

---
updated-dependencies:
- dependency-name: pkg/debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-25 17:07:26 +02:00
Antonio Alvarez Feijoo
5cef6b5393 cryptsetup-tokens: fix pin asserts
If a user only presses ENTER when the PIN is requested (without actually typing
the PIN), an assertion is reached and no other unlock method is requested.

```
sh-5.2# systemctl status systemd-cryptsetup@cr_root
× systemd-cryptsetup@cr_root.service - Cryptography Setup for cr_root
     Loaded: loaded (/etc/crypttab; generated)
    Drop-In: /etc/systemd/system/systemd-cryptsetup@.service.d
             └─pcr-signature.conf
     Active: failed (Result: core-dump) since Thu 2024-04-25 08:44:30 UTC; 10min ago
       Docs: man:crypttab(5)
             man:systemd-cryptsetup-generator(8)
             man:systemd-cryptsetup@.service(8)
    Process: 559 ExecStartPre=/usr/bin/pcr-signature.sh (code=exited, status=0/SUCCESS)
    Process: 604 ExecStart=/usr/bin/systemd-cryptsetup attach cr_root /dev/disk/by-uuid/a8cbd937-6975-4e61-9120-ce5c03138700 none x-initrd.attach,tpm2-device=auto (code=dumped, signal=ABRT)
   Main PID: 604 (code=dumped, signal=ABRT)
        CPU: 19ms

Apr 25 08:44:29 localhost systemd[1]: Starting Cryptography Setup for cr_root...
Apr 25 08:44:30 localhost systemd-cryptsetup[604]: Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Main process exited, code=dumped, status=6/ABRT
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Failed with result 'core-dump'.
Apr 25 08:44:30 localhost systemd[1]: Failed to start Cryptography Setup for cr_root.
```

In this case, `cryptsetup_token_open_pin()` receives an empty (non-NULL) `pin`
with `pin_size` equals to 0.

```
🔐 Please enter LUKS2 token PIN:

Breakpoint 3, cryptsetup_token_open_pin (cd=0x5555555744c0, token=0, pin=0x5555555b3cc0 "", pin_size=0, ret_password=0x7fffffffd380,
    ret_password_len=0x7fffffffd378, usrptr=0x0) at ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:42
42	                void *usrptr /* plugin defined parameter passed to crypt_activate_by_token*() API */) {
(gdb) continue
Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
```
2024-04-25 17:07:11 +02:00
Daan De Meyer
aa976d8788 tree-wide: Use log_setup() everywhere
Otherwise the default log target is the console and we won't use
the journal socket even if it is available.
2024-04-25 17:06:43 +02:00
Daan De Meyer
d74ebb175a mkosi: Make sure systemd-resolved is started on boot 2024-04-25 17:06:42 +02:00
Daan De Meyer
f449a29bb9 portable: Don't fail if /etc/resolv.conf doesn't exist
The portable profiles assume /etc/resolv.conf exists, which isn't
always the case. Let's mark the mounts as optional so we don't fail
to start the unit if /etc/resolv.conf doesn't exist.
2024-04-25 17:06:42 +02:00
Daan De Meyer
cf5e1b5d39 test: Skip meson integration tests if SYSTEMD_INTEGRATION_TESTS != 1
We cannot mark a test suite as excluded by default in meson. Instead,
let's require that SYSTEMD_INTEGRATION_TESTS=1 and skip any integration
test if it's not set. This is effectively the same as excluding it by
default. If the integration-test option is enabled, we'll set the
environment variable by default, just like we do with SYSTEMD_SLOW_TESTS
and the slow-tests meson option.
2024-04-25 17:06:40 +02:00
Daan De Meyer
ff4fe9dee2 meson: Properly check dependencies of mkosi target
Let's insist on mkosi being found if the integration-tests option
is enabled and let's only add dependencies on systemd-journal-remote
and systemd-measure if they're being built. Drop ukify from the list
as its part of public_programs.
2024-04-25 17:06:00 +02:00
Daan De Meyer
a721b93aaa mkosi: Add squashfs-tools
Required for various integration tests.
2024-04-25 17:06:00 +02:00
Lennart Poettering
5693208019
Merge pull request #32441 from poettering/rework-handoff-timestamp
pid1: rework handoff timestamp
2024-04-25 15:19:17 +02:00
Lennart Poettering
a3d04419fd update NEWS 2024-04-25 15:18:07 +02:00
Daan De Meyer
a003244057
Merge pull request #32476 from CodethinkLabs/meson-logs-ci
ci: Add the meson logs to failure log artifacts
2024-04-25 15:09:34 +02:00
Luca Boccassi
f9419fe610 test: skip testsuite-50.mountnfsd if kernel/polkit are too old
Need full support of pidfd to work, so skip the test if it's not
available
2024-04-25 13:32:35 +01:00
Luca Boccassi
c790537b89 test: use sd-analyze for kernel version check in TEST-62 2024-04-25 13:32:10 +01:00
Richard Maw
292110aa1c ci: Add the meson logs to failure log artifacts
It is not a lot of use to add --debug to tests without it
since only the last 100 lines are printed to console.
2024-04-25 13:05:37 +01:00
Richard Maw
aca6533951 ci: Update mkosi version
The change to add microcode support had a bug in ukify handling
that broke when it should have been picked up from ExtraSearchPaths.
2024-04-25 13:05:37 +01:00
Lennart Poettering
3c64aca544 update TODO 2024-04-25 13:40:41 +02:00
Lennart Poettering
be3444f119 execute: make ExecStatus dump more useful by showing passed time
Let's show the runtimes of our commands and preparations for them. It's
actually quite interesting, we sometimes are irritatingly slow with our
handoffs.
2024-04-25 13:40:41 +02:00
Lennart Poettering
2b5321817f swap: hook up with handoff timestamps 2024-04-25 13:40:41 +02:00
Lennart Poettering
19ae89869e mount: hook up with handoff timestamps 2024-04-25 13:40:41 +02:00
Lennart Poettering
1f41b10ee0 socket: hookup handoff timestamps with processes forked off by socket units 2024-04-25 13:40:41 +02:00
Lennart Poettering
3c1d1ca146 manager: switch service unit type over to using new handoff timestamping logic
Also: rename Handover → Handoff. I think it makes it clearer that this
is not really about handing over any resources, but that the executor is
out off the game from that point on.
2024-04-25 13:40:41 +02:00
Lennart Poettering
12001b1bf0 execute: send handoff timestamps from executor to service manager
This changes the executor to systematically send handoff timestamps to
the service manager if a socket for that is supplied. This drops the
code that did this via Type=exec messages, and reverts that part to the
old behaviour before 93cb78aee2.

Benefits of this approach:

1. We can collect the handoff for any command we fork off, regardless
   if it's ExecStart= something else, regardless whether it's Type=exec,
   Type=simple or some any other service type, regardless of the unit
   type.

2. We collect both CLOCK_REALTIME and CLOCK_MONOTONIC, as we do for the
   other process timestamps.

3. It's entirely backwards compatible, as this doesn't change the
   protocol between service manager and executor, but just extends it.
2024-04-25 13:33:03 +02:00
Lennart Poettering
817062e621 manager: add socket for receiving handoff timestamps from forked children
This adds an AF_UNIX socket pair to the manager that we can collect
handoff timestamp messages on.

The idea is that forked off children send a datagram with a timestamp
and we use its sender PID to match it against the right forked off
process.

This part only implements the receiving side: a socket is created, and
listened on. Received datagrams are parsed, verified and then dispatched
to the interested units.
2024-04-25 13:33:03 +02:00
Lennart Poettering
33fc8b0d95 core: fix assertions in manager_dispatch_user_lookup_fd()
assert_se() should not be used here, these checks are paranoia only and
have no side-effect after all.

hence fix this to use assert(), or in fact ASSERT_PTR()
2024-04-25 13:32:25 +02:00
Lennart Poettering
78ef66354c varlink: fix varlink_get_peer_pidref() fallback
let's properly handle old kernels that have no pidfd, and use regular
pids in that case, as intended originally.
2024-04-25 12:44:00 +02:00
Lennart Poettering
47bb0b8c29 errno-util: consider ENOPROTOOPT another "not supported"
It's generated by not supported getsocktopt()/setsockopt() options, and
it's just another way for saying "not supported", hence treat it as
such.
2024-04-25 12:43:21 +02:00
Yu Watanabe
90db1582a9 run/run: fix invocation ID handling
Fixes a regression introduced by 8157cc0e3e.
2024-04-25 10:58:56 +02:00
Yu Watanabe
d11ba681ab network/radv: use sd_ndisc_prefix and friends to manage prefixes and so on
No functional change, just refactoring.
2024-04-25 09:45:02 +09:00
Yu Watanabe
29d9672eb2 network/radv: rename pref64Prefix -> Prefix64
Also this made several coding style cleanups.
2024-04-25 09:44:57 +09:00
Yu Watanabe
30eab38020 network/route: use our definitions of route preference
Including linux/icmpv6.h easily trigger conflicts when another header
includes netinet/icmp6.h. Let's drop the dependency and use our
definition of the same values.
2024-04-25 09:23:31 +09:00
Yu Watanabe
68ee2ba1ee
Merge pull request #32464 from YHNdnzj/journal-object-invocation-id
journal: small fixes for OBJECT_SYSTEMD_INVOCATION_ID
2024-04-25 06:40:45 +09:00
Rasmus Villemoes
dc3058e490 systemctl: list-jobs: interchange 'waiting for' and 'blocking' in output
The current output of 'systemctl list-jobs' with the --after and/or --before
switches seems backwards. With artificial units

# check-oil.service
[Unit]
Description=Check the oil level
Before=engine-ready.target

# fill-gas.service
[Unit]
Description=Fill the tank with gasoline
Before=engine-ready.target

# engine-ready.target
[Unit]
Description=The engine is ready

[Unit]
Description=Start the engine!
After=engine-ready.target
Wants=engine-ready.target

running 'systemctl list-jobs --before --after' produces

JOB UNIT                                              TYPE  STATE
93  check-oil.service                                 start running
└─      waiting for job 94 (engine-ready.target/start)   -     -
102 fill-gas.service                                  start running
└─      waiting for job 94 (engine-ready.target/start)   -     -
94  engine-ready.target                               start waiting
└─      waiting for job 111 (start-engine.service/start) -     -
└─      blocking job 93 (check-oil.service/start)        -     -
└─      blocking job 102 (fill-gas.service/start)        -     -
111 start-engine.service                              start waiting
└─      waiting for job 1 (multi-user.target/start)      -     -
└─      blocking job 94 (engine-ready.target/start)      -     -

Obviously, job 93 is not waiting for job 94, but rather blocking it.
2024-04-24 21:31:28 +02:00
Luca Boccassi
cea14db914
Merge pull request #32458 from poettering/manager_get_units_for_pidref
core: split out manager_get_units_for_pidref() and use it at multiple places
2024-04-24 21:28:52 +02:00
Lennart Poettering
b9e4d9ba95 mount,swap: include ExecStatus output in dump
socket and service units output there ExecCommand/ExecStatus definitions
already, but this was missing in mount/swap. Fix that.
2024-04-24 21:23:42 +02:00
Daan De Meyer
2fcf8bf3b1
Merge pull request #32465 from CodethinkLabs/mkosi-debug
mkosi: Build images and run mkosi tests with --debug to aid debugging in CI
2024-04-24 21:02:41 +02:00
Daan De Meyer
1c3f34fc6d
Merge pull request #32461 from DaanDeMeyer/test-fixes
Various integration test fixes
2024-04-24 19:30:53 +02:00
Daan De Meyer
5ae6ff1258 TEST-50-DISSECT: Skip mutable sysext tests on virtiofs
virtiofs cannot be used as the upper fs for overlayfs, so skip all
the sysext mutable tests that would try to use virtiofs as the
upper fs.
2024-04-24 19:30:00 +02:00
Richard Maw
125b2fee18 test: Add --debug when running mkosi through integration-test-wrapper 2024-04-24 18:27:07 +01:00
Mike Yuan
3cb7fc5fcb
man/systemd.journal-fields: add missing OBJECT_SYSTEMD_INVOCATION_ID 2024-04-25 01:12:27 +08:00
Mike Yuan
6cb8286aa3
journald-server: drop spuriously doubled '=' for OBJECT_SYSTEMD_INVOCATION_ID 2024-04-25 00:56:04 +08:00
Richard Maw
4933a51dc8 mkosi: Build images with --debug to aid debugging in CI 2024-04-24 17:33:22 +01:00
Lennart Poettering
58290af48a manager: also port manager_dispatch_sigchld() to manager_get_units_for_pidref()
We have pretty much the same code here, let's reuse the common
implementation.
2024-04-24 18:24:22 +02:00
Lennart Poettering
4414bd5932 manager: split out helper that gets Unit objects with interest in given PidRef
This is both easier to read and allows us to reuse the helper later.
2024-04-24 18:10:35 +02:00
Zbigniew Jędrzejewski-Szmek
c2e6ed612a
Merge pull request #32447 from keszybz/test-taint
core: drop unused param, move taint calculation to separate file
2024-04-24 18:09:57 +02:00
Luca Boccassi
2d0c95f2b2 ci: remove packages.microsoft.com
It is not needed, it publishes things like dotnet, and it is often
broken, so just remove the sources
2024-04-24 18:07:52 +02:00
Lennart Poettering
f6519d47a7 manager: port user lookup fd serialization to serialize_fd_many() 2024-04-24 17:34:42 +02:00
Lennart Poettering
c3ab362dad manager: comprehensively mark manager_dispatch_user_lookup_fd() as static
The prototype was static, but the implementation was not. Make both
static, this is otherwise too confusing. (This doesn't actually change
anything, since the prototype decides about this anyway, but it makes
things easier to read.)
2024-04-24 17:33:51 +02:00