1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00
Commit Graph

53242 Commits

Author SHA1 Message Date
Yu Watanabe
ecedc48b19 network: do not drop IPv6LL address in link_drop_addresses() 2021-09-11 10:49:11 +09:00
Yu Watanabe
981fab5d0a network: always call address ready callback if address is ready
The address ready callback is used for cleaning up old addresses or
routes acquired by e.g. DHCP. However, the callback was called only
when the address was previously not ready. So, maybe, unnecessary
addresses or routes may not be cleared.

Also, this makes the callback is called slightly earlier. As it may
remove several addresses or routes, and possibly changes the link state.
2021-09-11 10:49:11 +09:00
Yu Watanabe
18d8a33a37 network: define Address earlier
As the type is used in defining address_ready_callback_t.
2021-09-11 10:49:11 +09:00
Yu Watanabe
7657ec3eb8 network: store IPv6LL address even if link is in failed state
Otherwise, if IPv6LL is received when the link is in failed state,
we may fail to reconfigure the link.
2021-09-11 10:49:11 +09:00
Yu Watanabe
7a8685ffef network: enable IP masquerade when address is assigned
Previously, IP masquerade is enabled when configuring the address. But,
the request of assigning the address may be refused by kernel.
2021-09-11 10:49:11 +09:00
Yu Watanabe
2c40a8895e network: simplify code a bit 2021-09-11 10:49:11 +09:00
Luca Boccassi
c54e851acb
Merge pull request #20699 from yuwata/network-drop-foreign
network: do not drop foreign configs when carrier of unmanaged interface is lost
2021-09-10 21:10:58 +01:00
Luca Boccassi
992fccd411
Merge pull request #20702 from yuwata/network-trivial-cleanups
network: several trivial cleanups
2021-09-10 21:10:40 +01:00
Yu Watanabe
160203e974 network: fix handling of network interface renaming
Fixes #20657.
2021-09-10 20:49:05 +02:00
Lennart Poettering
034d45d021
Merge pull request #20703 from poettering/gpt-dissect-tweaks
dissect: various small tweaks/tougher checks/refactoring of GPT dissection code
2021-09-10 20:48:31 +02:00
Daan De Meyer
a4303b4096 core: Parse log environment settings again after applying manager environment
Currently, SYSTEMD_LOG_LEVEL set in the ManagerEnvironment property in system.conf
or user.conf doesn't affect the manager's logging level. Parsing the logging environment
variables again after pushing the manager environment into the process environment
block makes sure any new environment changes also get taken into account for logging.
2021-09-10 14:03:55 +01:00
Lennart Poettering
f9e0bb6167 dissect-image: replace redundant if check by assert()
We know that the designator can only be USR or ROOT (or negative), hence
let's test that with an assert here, instead of doing an if check.
2021-09-10 14:16:00 +02:00
Lennart Poettering
1903defc2d dissect-image: insist that if a verity partition designator is specified the partition exists
Let's tighten our checks further.
2021-09-10 14:15:55 +02:00
Lennart Poettering
7b32164f3c dissect-image: tighten checks on root + /usr/ combinations
Our code logic doesn't support images with two verity partitions at the
moment, hence refuse this early (with ENOTUNIQ)

Also, go even further and refuse any combinations of verity enabled root
with verity-less /usr, simplify because that is unsafe and defeats the
point of verity. (i.e. we want to give the guarantee that for
auto-discovered verity magic we guarantee that the data afterwards
available in /usr is safe).
2021-09-10 14:15:50 +02:00
Lennart Poettering
ab5b2787fb dissect-image: drop redundant check
We already check whether we discovered a /usr verity partition without a
/usr partition when initially mangling the partitions, a bunch of lines
further up, no need to repeat this here.
2021-09-10 14:15:46 +02:00
Lennart Poettering
00a8b34fa7 dissect-image: don't do generic root partition fallback if verity is requested for /usr 2021-09-10 14:15:41 +02:00
Lennart Poettering
cb241a69e3 dissect-image: insist that the architecture matches if both root and /usr partitions are found 2021-09-10 14:15:36 +02:00
Lennart Poettering
4ab51780c3 dissect-image: mangle discovered /usr/ partition data, even if we found a root partition
Previously, we'd clean up discovered /usr/ partition data only if we did
not find a root partition. Given that we allow combinations of root and
/usr partitions clean things up in both cases however.
2021-09-10 14:15:32 +02:00
Lennart Poettering
0903fd2683 dissect-image: refuse external verity data in partitioned mode
Our code doesn't support setting up verity with an external verity data
file unless we operate in non-partitioned mode. Let's refuse this
clearly and early if attempted anyway.
2021-09-10 14:15:27 +02:00
Lennart Poettering
e0d53d5291 dissect-image: also derive read-only mode from fstype in non-partitioned mode
For the GPT partitioned logic we also consult the fstype to determine whether
a partition is read-only (i.e. squashfs is already read-only). For the
non-partitioned mode we didn't do that so far. Fix that.
2021-09-10 14:15:22 +02:00
Lennart Poettering
a0bff7ea4c dissect-image: tighten assertion checks on verity data 2021-09-10 14:15:18 +02:00
Lennart Poettering
495367666b dissect-image: rename dissected_image_has_verity()/_can_do_verity()
Let's also pick more precise names for these helpers that are used for
the tabular output: one checks whether a partition is candidate for
verity at all, and the other checks if it is ready to be used for it.
Let's make this clearer in the name.
2021-09-10 14:15:00 +02:00
Lennart Poettering
c3c88d67c0 dissect-image: rename verity flag booleans
Let's make the booleans indicating verity state a bit more descriptive.

Let's rename:

    can_verity → has_verity: because that's really what this about
    whether verity data is included in the image. Whether we actually
    can use it is a different story.

    verity → verity_ready: this one should tell us if we have everything
    need to actually set it up, hence explicitly say "ready to use" in
    the name.

No change in behaviour. Just a bit of renaming.
2021-09-10 14:14:53 +02:00
Lennart Poettering
215e19eb27 id128: clarify that the "well-known" IDs are about GPT partition types
At least for now they are all GPT partition types, and we should mention
that.
2021-09-10 13:39:16 +02:00
Yu Watanabe
995cc7a72c network: drop unused "after_configure" feature for nexthops, neighbors, and routing policy rules 2021-09-10 19:40:27 +09:00
Yu Watanabe
f1c22cf4da network: do not try to drop addresses or routes of unmanaged interfaces on carrier lost
Currently, link_stop_engines(), link_drop_config(), and link_drop_foreign_config()
do nothing when the interface is unmanaged. So this does not change anything.
But returning earlier should be clear and safer for protecting configs
on unmanaged interfaces.
2021-09-10 19:40:27 +09:00
Yu Watanabe
dbf8942ab9 network: introduce route_by_kernel() helper function
And drop "FIXME" from comment, as there is nothing we need to fix.
2021-09-10 17:06:24 +09:00
Yu Watanabe
86173383a3 network: introduce ipv4acd_set_ifname() 2021-09-10 17:06:24 +09:00
Yu Watanabe
fccf662c3f network: use sd_netlink_message_read_string_strdup() 2021-09-10 17:06:24 +09:00
Emil Renner Berthing
6e86342bb8 sd-boot: Support installing new devicetree
The Bootloader Specification says "devicetree refers to the binary
device tree to use when executing the kernel..", but systemd-boot
didn't actually do anything when encountering this stanza until now.

Add support for loading, applying fixups if relevant, and installing the
new device tree before executing the kernel.
2021-09-10 16:48:47 +09:00
Chris Packham
7c5b9952c4 basic/linux: Sync if_arp.h with Linux 5.14
ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition

Fixes #20694
2021-09-10 15:22:18 +09:00
Daan De Meyer
a87b151ac0 shared: Extract common LogControl CLI code to verb-log-control.h
Let's reduce duplication by sharing common logic between all
log-target/log-level verbs.
2021-09-10 08:48:57 +09:00
Yu Watanabe
627191c285
Merge pull request #20693 from mcatanzaro/mcatanzaro/nss-buffers
nss-systemd: ensure returned strings point into provided buffer
2021-09-10 08:43:32 +09:00
Michael Catanzaro
47fd7fa6c6 nss-systemd: ensure returned strings point into provided buffer
Jamie Bainbridge found an issue where glib's g_get_user_database_entry()
may crash after doing:

```
error = getpwnam_r (logname, &pwd, buffer, bufsize, &pw);
// ...
pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]);
```

in order to uppercase the first letter of the user's real name. This is
a glib bug, because there is a different codepath that gets the pwd from
vanilla getpwnam instead of getpwnam_r as shown here. When the pwd
struct is returned by getpwnam, its fields point to static data owned by
glibc/NSS, and so it must not be modified by the caller. After much
debugging, Jamie Bainbridge has fixed this in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244
by making a copy of the data before modifying it, and that resolves all
problems for glib. Yay!

However, glib is crashing even when getpwnam_r is used instead of
getpwnam! According to getpwnam_r(3), the strings in the pwd struct are
supposed to be pointers into the buffer passed by the caller, so glib
should be able to safely edit it directly in this case, so long as it
doesn't try to increase the size of any of the strings.

Problem is various functions throughout nss-systemd.c return synthesized
records declared at the top of the file. These records are returned
directly and so contain pointers to static strings owned by
libsystemd-nss. systemd must instead copy all the strings into the
provided buffer.

This crash is reproducible if nss-systemd is listed first on the passwd
line in /etc/nsswitch.conf, and the application looks up one of the
synthesized user accounts "root" or "nobody", and finally the
application attempts to edit one of the strings in the returned struct.
All our synthesized records for the other struct types have the same
problem, so this commit fixes them all at once.

Fixes #20679
2021-09-09 15:07:57 -05:00
Anssi Hannula
dfba45185c cryptsetup-tokens: fix typo in tpm2 token dump output
cryptsetup_token_dump() gets called when the user calls
"cryptsetup luksDump"  for a volume and it prints the token-specific
data.

The tpm2 cryptsetup_token_dump() function misspells tpm2 as tmp2 on two
lines of its output.

Fix that.
2021-09-09 17:54:41 +01:00
Zbigniew Jędrzejewski-Szmek
8fd4d27f3c
Merge pull request #20681 from weblate/weblate-systemd-master
Translations update from Weblate
2021-09-09 09:20:00 +02:00
Jan Kuparinen
d8883cc8ff po: Translated using Weblate (Finnish)
Currently translated at 64.5% (122 of 189 strings)

Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/fi/
Translation: systemd/main
2021-09-09 05:04:59 +02:00
Takuro Onoue
701bd80ed3 po: Translated using Weblate (Japanese)
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: Takuro Onoue <kusanaginoturugi@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ja/
Translation: systemd/main
2021-09-09 05:04:59 +02:00
Andika Triwidada
0b30aabd87 po: Translated using Weblate (Indonesian)
Currently translated at 90.4% (171 of 189 strings)

Co-authored-by: Andika Triwidada <andika@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/id/
Translation: systemd/main
2021-09-09 05:04:58 +02:00
Michael Catanzaro
92b264676c nss-systemd: pack pw_passwd result into supplied buffer
getpwnam_r() guarantees that the strings in the struct passwd that it
returns are pointers into the buffer allocated by the application and
passed to getpwnam_r(). This means applications may choose to modify the
strings in place, as long as the length of the strings is not increased.
So it's wrong for us to return a static string here, we really do have
to copy it into the application-provided buffer like we do for all the
other strings.

This is only a theoretical problem since it would be very weird for an
application to modify the pw_passwd field, but I spotted this when
investigating a similar crash caused by glib editing a different field.
See also:

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244
2021-09-08 16:19:28 -05:00
Luca Boccassi
3f1487f5a0 analyze: ignore dependencies with security --offline
We don't care about validating dependencies here, the security verb is
only checking the unit(s) under test.
2021-09-08 19:46:57 +01:00
Michal Sekletar
9f6ef46781 sd-event: take ref on event loop object before dispatching event sources
Idea is that all public APIs should take reference on objects that get
exposed to user-provided callbacks. We take the reference as a
protection from callbacks dropping it. We used to do this also here in
sd_event_loop(). However, in cleanup portion of f814c871e6 this was
accidentally dropped.
2021-09-09 01:15:57 +09:00
xujing
1509274359 core: fix free undefined pointer when strdup failed in the first loop 2021-09-08 22:42:22 +09:00
Frantisek Sumsal
39e1753673 test: rename dracut_install to image_install
The `dracut_install` is a misnomer, since the systemd integration test
suite is based on the original dracut's test suite, and not all the
references to dracut has been edited out. Let's fix that.
2021-09-08 22:41:20 +09:00
pedro martelletto
b6aa89b0a3 explicitly close FIDO2 devices
FIDO2 device access is serialised by libfido2 using flock().
Therefore, make sure to close a FIDO2 device once we are done
with it, or we risk opening it again at a later point and
deadlocking. Fixes #20664.
2021-09-08 13:42:07 +01:00
Luca Boccassi
afd4814651
Merge pull request #20667 from keszybz/portable-docs
Tweaks to documentation about portable services
2021-09-08 13:41:44 +01:00
Zbigniew Jędrzejewski-Szmek
8c7e2b48c5 docs: polish the text about Portable Services a bit
No semantic changes, just removal of repetitions and unnecessary words, and
some more formatting.
2021-09-08 12:59:08 +02:00
Zbigniew Jędrzejewski-Szmek
a00ff6717b docs: portablectl is in bin/
Follow-up for 80f39b81f3.
2021-09-08 11:37:56 +02:00
Luca Boccassi
7728f6aa81 test: rename TEST-63-ANALYZE to solve conflict
Two PRs adding TEST-63-* were merged more or less at the
same time, and we missed the conflict.
2021-09-08 10:12:03 +09:00
Frantisek Sumsal
f2204ac27d test: udev storage tests 2021-09-08 04:31:24 +09:00