Daan De Meyer
2541f28e4b
Merge pull request #32477 from DaanDeMeyer/fixes
...
Various fixes
2024-04-25 18:24:09 +02:00
Luca Boccassi
8e0bd955fe
Merge pull request #32474 from poettering/varlink-no-pidfd
...
varlink: tweak fallback for SO_PEERPIDFD on old kernels
2024-04-25 17:27:18 +02:00
Luca Boccassi
c929c6a987
Merge pull request #32467 from yuwata/network-radv-cleanup
...
undefined
2024-04-25 17:10:27 +02:00
dependabot[bot]
34b795d4e9
build(deps): bump pkg/debian from 733ac7c
to 4b1f868
...
Bumps pkg/debian from `733ac7c` to `4b1f868`.
---
updated-dependencies:
- dependency-name: pkg/debian
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-25 17:07:26 +02:00
Antonio Alvarez Feijoo
5cef6b5393
cryptsetup-tokens: fix pin asserts
...
If a user only presses ENTER when the PIN is requested (without actually typing
the PIN), an assertion is reached and no other unlock method is requested.
```
sh-5.2# systemctl status systemd-cryptsetup@cr_root
× systemd-cryptsetup@cr_root.service - Cryptography Setup for cr_root
Loaded: loaded (/etc/crypttab; generated)
Drop-In: /etc/systemd/system/systemd-cryptsetup@.service.d
└─pcr-signature.conf
Active: failed (Result: core-dump) since Thu 2024-04-25 08:44:30 UTC; 10min ago
Docs: man:crypttab(5)
man:systemd-cryptsetup-generator(8)
man:systemd-cryptsetup@.service(8)
Process: 559 ExecStartPre=/usr/bin/pcr-signature.sh (code=exited, status=0/SUCCESS)
Process: 604 ExecStart=/usr/bin/systemd-cryptsetup attach cr_root /dev/disk/by-uuid/a8cbd937-6975-4e61-9120-ce5c03138700 none x-initrd.attach,tpm2-device=auto (code=dumped, signal=ABRT)
Main PID: 604 (code=dumped, signal=ABRT)
CPU: 19ms
Apr 25 08:44:29 localhost systemd[1]: Starting Cryptography Setup for cr_root...
Apr 25 08:44:30 localhost systemd-cryptsetup[604]: Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Main process exited, code=dumped, status=6/ABRT
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Failed with result 'core-dump'.
Apr 25 08:44:30 localhost systemd[1]: Failed to start Cryptography Setup for cr_root.
```
In this case, `cryptsetup_token_open_pin()` receives an empty (non-NULL) `pin`
with `pin_size` equals to 0.
```
🔐 Please enter LUKS2 token PIN:
Breakpoint 3, cryptsetup_token_open_pin (cd=0x5555555744c0, token=0, pin=0x5555555b3cc0 "", pin_size=0, ret_password=0x7fffffffd380,
ret_password_len=0x7fffffffd378, usrptr=0x0) at ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:42
42 void *usrptr /* plugin defined parameter passed to crypt_activate_by_token*() API */) {
(gdb) continue
Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
```
2024-04-25 17:07:11 +02:00
Daan De Meyer
aa976d8788
tree-wide: Use log_setup() everywhere
...
Otherwise the default log target is the console and we won't use
the journal socket even if it is available.
2024-04-25 17:06:43 +02:00
Daan De Meyer
d74ebb175a
mkosi: Make sure systemd-resolved is started on boot
2024-04-25 17:06:42 +02:00
Daan De Meyer
f449a29bb9
portable: Don't fail if /etc/resolv.conf doesn't exist
...
The portable profiles assume /etc/resolv.conf exists, which isn't
always the case. Let's mark the mounts as optional so we don't fail
to start the unit if /etc/resolv.conf doesn't exist.
2024-04-25 17:06:42 +02:00
Daan De Meyer
cf5e1b5d39
test: Skip meson integration tests if SYSTEMD_INTEGRATION_TESTS != 1
...
We cannot mark a test suite as excluded by default in meson. Instead,
let's require that SYSTEMD_INTEGRATION_TESTS=1 and skip any integration
test if it's not set. This is effectively the same as excluding it by
default. If the integration-test option is enabled, we'll set the
environment variable by default, just like we do with SYSTEMD_SLOW_TESTS
and the slow-tests meson option.
2024-04-25 17:06:40 +02:00
Daan De Meyer
ff4fe9dee2
meson: Properly check dependencies of mkosi target
...
Let's insist on mkosi being found if the integration-tests option
is enabled and let's only add dependencies on systemd-journal-remote
and systemd-measure if they're being built. Drop ukify from the list
as its part of public_programs.
2024-04-25 17:06:00 +02:00
Daan De Meyer
a721b93aaa
mkosi: Add squashfs-tools
...
Required for various integration tests.
2024-04-25 17:06:00 +02:00
Lennart Poettering
5693208019
Merge pull request #32441 from poettering/rework-handoff-timestamp
...
pid1: rework handoff timestamp
2024-04-25 15:19:17 +02:00
Lennart Poettering
a3d04419fd
update NEWS
2024-04-25 15:18:07 +02:00
Daan De Meyer
a003244057
Merge pull request #32476 from CodethinkLabs/meson-logs-ci
...
ci: Add the meson logs to failure log artifacts
2024-04-25 15:09:34 +02:00
Luca Boccassi
f9419fe610
test: skip testsuite-50.mountnfsd if kernel/polkit are too old
...
Need full support of pidfd to work, so skip the test if it's not
available
2024-04-25 13:32:35 +01:00
Luca Boccassi
c790537b89
test: use sd-analyze for kernel version check in TEST-62
2024-04-25 13:32:10 +01:00
Richard Maw
292110aa1c
ci: Add the meson logs to failure log artifacts
...
It is not a lot of use to add --debug to tests without it
since only the last 100 lines are printed to console.
2024-04-25 13:05:37 +01:00
Richard Maw
aca6533951
ci: Update mkosi version
...
The change to add microcode support had a bug in ukify handling
that broke when it should have been picked up from ExtraSearchPaths.
2024-04-25 13:05:37 +01:00
Lennart Poettering
3c64aca544
update TODO
2024-04-25 13:40:41 +02:00
Lennart Poettering
be3444f119
execute: make ExecStatus dump more useful by showing passed time
...
Let's show the runtimes of our commands and preparations for them. It's
actually quite interesting, we sometimes are irritatingly slow with our
handoffs.
2024-04-25 13:40:41 +02:00
Lennart Poettering
2b5321817f
swap: hook up with handoff timestamps
2024-04-25 13:40:41 +02:00
Lennart Poettering
19ae89869e
mount: hook up with handoff timestamps
2024-04-25 13:40:41 +02:00
Lennart Poettering
1f41b10ee0
socket: hookup handoff timestamps with processes forked off by socket units
2024-04-25 13:40:41 +02:00
Lennart Poettering
3c1d1ca146
manager: switch service unit type over to using new handoff timestamping logic
...
Also: rename Handover → Handoff. I think it makes it clearer that this
is not really about handing over any resources, but that the executor is
out off the game from that point on.
2024-04-25 13:40:41 +02:00
Lennart Poettering
12001b1bf0
execute: send handoff timestamps from executor to service manager
...
This changes the executor to systematically send handoff timestamps to
the service manager if a socket for that is supplied. This drops the
code that did this via Type=exec messages, and reverts that part to the
old behaviour before 93cb78aee2
.
Benefits of this approach:
1. We can collect the handoff for any command we fork off, regardless
if it's ExecStart= something else, regardless whether it's Type=exec,
Type=simple or some any other service type, regardless of the unit
type.
2. We collect both CLOCK_REALTIME and CLOCK_MONOTONIC, as we do for the
other process timestamps.
3. It's entirely backwards compatible, as this doesn't change the
protocol between service manager and executor, but just extends it.
2024-04-25 13:33:03 +02:00
Lennart Poettering
817062e621
manager: add socket for receiving handoff timestamps from forked children
...
This adds an AF_UNIX socket pair to the manager that we can collect
handoff timestamp messages on.
The idea is that forked off children send a datagram with a timestamp
and we use its sender PID to match it against the right forked off
process.
This part only implements the receiving side: a socket is created, and
listened on. Received datagrams are parsed, verified and then dispatched
to the interested units.
2024-04-25 13:33:03 +02:00
Lennart Poettering
33fc8b0d95
core: fix assertions in manager_dispatch_user_lookup_fd()
...
assert_se() should not be used here, these checks are paranoia only and
have no side-effect after all.
hence fix this to use assert(), or in fact ASSERT_PTR()
2024-04-25 13:32:25 +02:00
Lennart Poettering
78ef66354c
varlink: fix varlink_get_peer_pidref() fallback
...
let's properly handle old kernels that have no pidfd, and use regular
pids in that case, as intended originally.
2024-04-25 12:44:00 +02:00
Lennart Poettering
47bb0b8c29
errno-util: consider ENOPROTOOPT another "not supported"
...
It's generated by not supported getsocktopt()/setsockopt() options, and
it's just another way for saying "not supported", hence treat it as
such.
2024-04-25 12:43:21 +02:00
Yu Watanabe
90db1582a9
run/run: fix invocation ID handling
...
Fixes a regression introduced by 8157cc0e3e
.
2024-04-25 10:58:56 +02:00
Yu Watanabe
d11ba681ab
network/radv: use sd_ndisc_prefix and friends to manage prefixes and so on
...
No functional change, just refactoring.
2024-04-25 09:45:02 +09:00
Yu Watanabe
29d9672eb2
network/radv: rename pref64Prefix -> Prefix64
...
Also this made several coding style cleanups.
2024-04-25 09:44:57 +09:00
Yu Watanabe
30eab38020
network/route: use our definitions of route preference
...
Including linux/icmpv6.h easily trigger conflicts when another header
includes netinet/icmp6.h. Let's drop the dependency and use our
definition of the same values.
2024-04-25 09:23:31 +09:00
Yu Watanabe
68ee2ba1ee
Merge pull request #32464 from YHNdnzj/journal-object-invocation-id
...
journal: small fixes for OBJECT_SYSTEMD_INVOCATION_ID
2024-04-25 06:40:45 +09:00
Rasmus Villemoes
dc3058e490
systemctl: list-jobs: interchange 'waiting for' and 'blocking' in output
...
The current output of 'systemctl list-jobs' with the --after and/or --before
switches seems backwards. With artificial units
# check-oil.service
[Unit]
Description=Check the oil level
Before=engine-ready.target
# fill-gas.service
[Unit]
Description=Fill the tank with gasoline
Before=engine-ready.target
# engine-ready.target
[Unit]
Description=The engine is ready
[Unit]
Description=Start the engine!
After=engine-ready.target
Wants=engine-ready.target
running 'systemctl list-jobs --before --after' produces
JOB UNIT TYPE STATE
93 check-oil.service start running
└─ waiting for job 94 (engine-ready.target/start) - -
102 fill-gas.service start running
└─ waiting for job 94 (engine-ready.target/start) - -
94 engine-ready.target start waiting
└─ waiting for job 111 (start-engine.service/start) - -
└─ blocking job 93 (check-oil.service/start) - -
└─ blocking job 102 (fill-gas.service/start) - -
111 start-engine.service start waiting
└─ waiting for job 1 (multi-user.target/start) - -
└─ blocking job 94 (engine-ready.target/start) - -
Obviously, job 93 is not waiting for job 94, but rather blocking it.
2024-04-24 21:31:28 +02:00
Luca Boccassi
cea14db914
Merge pull request #32458 from poettering/manager_get_units_for_pidref
...
core: split out manager_get_units_for_pidref() and use it at multiple places
2024-04-24 21:28:52 +02:00
Lennart Poettering
b9e4d9ba95
mount,swap: include ExecStatus output in dump
...
socket and service units output there ExecCommand/ExecStatus definitions
already, but this was missing in mount/swap. Fix that.
2024-04-24 21:23:42 +02:00
Daan De Meyer
2fcf8bf3b1
Merge pull request #32465 from CodethinkLabs/mkosi-debug
...
mkosi: Build images and run mkosi tests with --debug to aid debugging in CI
2024-04-24 21:02:41 +02:00
Daan De Meyer
1c3f34fc6d
Merge pull request #32461 from DaanDeMeyer/test-fixes
...
Various integration test fixes
2024-04-24 19:30:53 +02:00
Daan De Meyer
5ae6ff1258
TEST-50-DISSECT: Skip mutable sysext tests on virtiofs
...
virtiofs cannot be used as the upper fs for overlayfs, so skip all
the sysext mutable tests that would try to use virtiofs as the
upper fs.
2024-04-24 19:30:00 +02:00
Richard Maw
125b2fee18
test: Add --debug when running mkosi through integration-test-wrapper
2024-04-24 18:27:07 +01:00
Mike Yuan
3cb7fc5fcb
man/systemd.journal-fields: add missing OBJECT_SYSTEMD_INVOCATION_ID
2024-04-25 01:12:27 +08:00
Mike Yuan
6cb8286aa3
journald-server: drop spuriously doubled '=' for OBJECT_SYSTEMD_INVOCATION_ID
2024-04-25 00:56:04 +08:00
Richard Maw
4933a51dc8
mkosi: Build images with --debug to aid debugging in CI
2024-04-24 17:33:22 +01:00
Lennart Poettering
58290af48a
manager: also port manager_dispatch_sigchld() to manager_get_units_for_pidref()
...
We have pretty much the same code here, let's reuse the common
implementation.
2024-04-24 18:24:22 +02:00
Lennart Poettering
4414bd5932
manager: split out helper that gets Unit objects with interest in given PidRef
...
This is both easier to read and allows us to reuse the helper later.
2024-04-24 18:10:35 +02:00
Zbigniew Jędrzejewski-Szmek
c2e6ed612a
Merge pull request #32447 from keszybz/test-taint
...
core: drop unused param, move taint calculation to separate file
2024-04-24 18:09:57 +02:00
Luca Boccassi
2d0c95f2b2
ci: remove packages.microsoft.com
...
It is not needed, it publishes things like dotnet, and it is often
broken, so just remove the sources
2024-04-24 18:07:52 +02:00
Lennart Poettering
f6519d47a7
manager: port user lookup fd serialization to serialize_fd_many()
2024-04-24 17:34:42 +02:00
Lennart Poettering
c3ab362dad
manager: comprehensively mark manager_dispatch_user_lookup_fd() as static
...
The prototype was static, but the implementation was not. Make both
static, this is otherwise too confusing. (This doesn't actually change
anything, since the prototype decides about this anyway, but it makes
things easier to read.)
2024-04-24 17:33:51 +02:00