1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49415 Commits

Author SHA1 Message Date
Lennart Poettering
71311efe23 journalctl: rotation is not a reason to warn, but certainly noteworthy
Downgrade the phrasing, since it is a bit misleading.

Fixes: #18465
2021-02-15 14:41:57 -08:00
Lennart Poettering
83ce3b1944
Merge pull request #18579 from keszybz/fix-fragment-id-crash
Fix fragment id crash
2021-02-15 23:35:25 +01:00
Lennart Poettering
0886999416
Merge pull request #18605 from poettering/suppress-repeated-stub
resolved: filter repeated stub queries
2021-02-15 23:06:37 +01:00
Lennart Poettering
5e8bc852d5 resolved: don't redundantly switch DNS servers because of transaction failures
When a transaction fails and we decide to switch DNS servers, don#t do
so unconditionally. Check if the current DNS server is still the same as
when the transaction was initiated. And if not, do not do anything.

That should reduce the number of redundant DNS server switches if many
parallel transactions fail simultaneously (which is pretty likely if
DNSSEC is on).

Fixes: #17040
2021-02-15 21:59:05 +01:00
Lennart Poettering
c78735eb79 resolved: reuse check for link-local IP address lookups
Let's reuse accept_link_local_reverse_lookups() at one more place, where
we check for the list of link local reverase address domains. Since we
don't actually accept the domains here (but rather the opposite, not
accept), let's rename the function a bit more generically with accept_ →
match_.

While we are at it invert the if branches, to make things more easily
understandable: filter out the unwatnted stuff and have the "all good"
state as main codepath.
2021-02-15 21:54:53 +01:00
Zbigniew Jędrzejewski-Szmek
bb3443d4f6
Merge pull request #18604 from poettering/resolved-minor-tweaks
two minor resolved tweaks
2021-02-15 21:18:34 +01:00
Luca Boccassi
79dbbb261d
Merge pull request #18593 from keszybz/fuzz-more-systemctl-paths
Fuzz more systemctl paths
2021-02-15 19:13:58 +00:00
Frantisek Sumsal
986eeaeb55 Revert "ci: build on Fedora ELN as well"
This reverts commit 58bc1735fe.

The ELN composes are quite unstable and take a while to refresh. Let's
drop them again and revisit this once they get more mature to reduce
the CI noise.
2021-02-15 19:02:59 +00:00
RussianNeuroMancer
5185d4ddff Fix micmute hotkey on HP EliteBook Folio G1
Desktop environments expect f20 hotkey instead of micmute
2021-02-15 18:32:04 +00:00
Lennart Poettering
bf843b0bd4 update TODO 2021-02-15 19:23:05 +01:00
Lennart Poettering
bde69bbd89 resolved: filter repeated stub queries
Let's suppress repeated stub queries coming in, to minimize resource
usage. Many DNS clients are pretty aggressive regarding repeating DNS
requests, hence let's find them and suppress the follow-ups should we
need more time to fulfill the queries.
2021-02-15 16:27:40 +01:00
Lennart Poettering
ed8a48c9b6 resolved: allow DNS_PACKET_DATA() argument to be const 2021-02-15 16:27:40 +01:00
Lennart Poettering
7130db9155 resolved: allow DNS_PACKET_DATA() argument to be const 2021-02-15 16:23:30 +01:00
Lennart Poettering
6d76b5d7f0 resolved: move mdns event sources close to the fds 2021-02-15 16:22:14 +01:00
Pierre Dubouilh
1edebb0b89 rlimit-util: log when falling back setting limit 2021-02-15 15:30:35 +01:00
Lennart Poettering
458ab40f35
Merge pull request #18580 from keszybz/signal-list
Add systemctl --signal=list
2021-02-15 14:37:03 +01:00
Luca Boccassi
7eba0c50f5 test: install binaries from local d/control file
The source package in the apt cache might be older than the
packaging from salsa.debian.org/systemd-team/systemd so it might not
list all the current binary packages.
This is currently the case for systemd-timesyncd, so TEST-30 fails.

Simply grep the control file rather than using apt-cache when iterating
over the packages contents.
2021-02-15 10:17:39 +01:00
Florian Hülsmann
92ef9e568b hwdb: add resolution for Waltop/MEDION batteryless graphics tablet (v:172f p:0505) 2021-02-15 10:16:57 +01:00
Yu Watanabe
0f1f933b6e tree-wide: fix typo 2021-02-15 10:15:04 +01:00
Zbigniew Jędrzejewski-Szmek
860f154fa3 fuzz-systemctl-parse-argv: add argv[0] values to corpus 2021-02-15 10:01:38 +01:00
Zbigniew Jędrzejewski-Szmek
d41a9e4fc1 systemctl: use argv[0] not program_invocation_short_name for arg dispatch
The immediate motivation is to allow fuzz-systemctl-parse-argv to cover also
the other code paths. p_i_s_n is not getting set (and it probably shouldn't),
so the fuzzer would only cover the paths for ./systemctl, and not ./reboot,
etc. Looking at argv[0] instead, which is passed as part of the fuzzer data,
fixes that.

But I think in general it's more correct to look at argv[0] here: after all we
have all the information available through local variables and shouldn't go out
of our way to look at a global.
2021-02-15 10:00:08 +01:00
Zbigniew Jędrzejewski-Szmek
1751efdf6f test-parse-argument: add a test for the three parse_*_argument() functions
This mostly tests the return values and that the xsprintf
buffers are big enough.
2021-02-15 08:50:45 +01:00
Zbigniew Jędrzejewski-Szmek
b1e8f46c31 Move and rename parse_json_argument() function
json.[ch] is a very generic implementation, and cmdline argument parsing
doesn't fit there.
2021-02-15 08:50:45 +01:00
Zbigniew Jędrzejewski-Szmek
614b022c76 Move and rename parse_path_argument() function
This fits better in shared/, and the new parse-argument.c file is a good home
for it.
2021-02-15 08:50:45 +01:00
Zbigniew Jędrzejewski-Szmek
923e2122d0 basic/signal-util: drop unneeded extra byte from buffer
DECIMAL_STR_MAX() already returns +1 for NULL, so no need to do it
a second time.
2021-02-15 08:50:45 +01:00
Zbigniew Jędrzejewski-Szmek
97ab9dfc0d systemctl,loginctl,machinectl: add --signal=list
This lists numerical signal values:
$ systemctl --signal list
SIGNAL NAME
1      SIGHUP
2      SIGINT
3      SIGQUIT
...
62     SIGRTMIN+28
63     SIGRTMIN+29
64     SIGRTMIN+30

This is useful when trying to kill e.g. systemd with a specific signal number
using kill. kill doesn't accept our fancy signal names like RTMIN+4, so one
would have to calculate that value somehow. Doing
  systemctl --signal list | grep -F RTMIN+4
is a nice way of doing that.
2021-02-15 08:50:40 +01:00
Evgeny Vereshchagin
c39e36203f ci: switch back to meson-0.56.2
It seems there is another meson (0.57.0) regression preventing clang from
building systemd with --optimization=3 -Db_lto=true

By analogy with https://github.com/google/oss-fuzz/pull/5199 let's just switch
to 0.56.2 for the time being
2021-02-15 15:38:27 +09:00
Yu Watanabe
f24cbe56d7
Merge pull request #18588 from poettering/refuse-loops
resolved: try hard to never enter packet loops between resolved's stub and resolved's client
2021-02-15 11:10:32 +09:00
Yu Watanabe
fcf99d0ec7
Merge pull request #18587 from poettering/rr-count-workaround
two fixes for handling misformed packets more gracefully.
2021-02-15 10:55:10 +09:00
Lennart Poettering
d711322c13 resolvectl: add support for various new flags 2021-02-15 10:47:41 +09:00
Yu Watanabe
547f9b0dc5
Merge pull request #18563 from poettering/nss-resolve-no-valid
timesyncd: for off dnssec in resolved
2021-02-15 10:43:49 +09:00
Lennart Poettering
49ef064c8d resolved: refuse sending packets to our own stub listeners
A previous commit made sure that when one of our own packets is looped
back to us, we ignore it. But let's go one step further, and refuse
operation if we notice the server we talk to is our own. This way we
won't generate unnecessary traffic and can return a cleaner error.

Fixes: #17413
2021-02-14 23:12:22 +01:00
Lennart Poettering
a9fd8837d4 resolved: refuse packets looped back to us
Fixes: #17413
2021-02-14 23:12:22 +01:00
Lennart Poettering
94378145e6 resolved: rename manager_our_packet() → manager_packet_from_local_address()
Let's be more precise in naming this function, after all this doesn#t
actually check if the packet is really ours, but just that the source IP
address is a local one. Hence name it that way.

(This is preparation to add a helper that checks if packet belongs to
local transaction later on)
2021-02-14 23:12:22 +01:00
Lennart Poettering
ae49ce8761 resolved: tweak answer reserve/clone logic a bit
Let's add some overflow checks. Also, if 0 records are reserved, use
this as indication that a copy shall be done and do not grow the answer
beyond the current size.
2021-02-14 23:12:22 +01:00
Lennart Poettering
894c7b7708 resolved: gracefully handle trailing packet garbage
Similar to the previous commit: if we see trailing garbage in a DNS
packet, let's assume EDNS is borked too, and suppress it.
2021-02-14 23:05:38 +01:00
Lennart Poettering
18674159eb resolved: gracefully handle with packets with too large RR count
Apparently, there are plenty routers in place that report an incorrect
RR count in the packets: they declare more RRs than are actually
included.

Let's accept these responses, but let's downgrade them to baseline, i.e.
let's suppress OPT in this case: if they don't even get the RR count
right, let's operate on the absolute baseline, and not bother with
anything fancier such as EDNS.

Prompted-by: https://github.com/systemd/systemd/issues/12841#issuecomment-724063973

Fixes: #3980
Most likely fixes: #12841
2021-02-14 23:05:28 +01:00
Lennart Poettering
8c9c68b593 resolved: if request on stub has AD set, respond with valid AD even if DO is not set
Fixes: #6434
2021-02-14 22:59:05 +01:00
Lennart Poettering
abf4e5c1d3 units: turn off DNSSEC validation when timesyncd resolves hostnames
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.

Let's break the cycle by excluding NTP hostname resolution from
validation for now.

Of course, this leaves NTP traffic unprotected. To cover that we need
NTPSEC support, which we can add later.

Fixes: #5873 #15607
2021-02-14 22:05:18 +01:00
Lennart Poettering
aee9d18c8d nss-resolve: allow turning off validation via env var 2021-02-14 22:01:09 +01:00
Luca Boccassi
acc8890a8a
Merge pull request #18565 from poettering/randomize-answers
resolved: randomize order in local query replies
2021-02-14 19:35:54 +00:00
Ardy
4468d44a99 hwdb: Add accel orientation quirk for Reeder A8iW Tablet
Add a quirk to fix the accelerometer orientation on the
Reeder A8iW tablet.
2021-02-14 19:34:17 +00:00
Zbigniew Jędrzejewski-Szmek
86beb21302 systemctl,loginctl,machinectl: use a shared helper for arg_signal
I seems frivolous to yet another two -util.[ch] files, but the helper
should be in shared/ and it doesn't seem to fit anywhere else.
2021-02-14 15:59:09 +01:00
Lennart Poettering
3f0a7b3a32 resolved: randomize RR order in answers each time we get something from the cache
This allows some minimal, crappy load balancing.

Fixes: #16297
2021-02-14 15:43:04 +01:00
Lennart Poettering
48662847ec answer: minor refactor – move link local check into RR code 2021-02-14 15:43:01 +01:00
Lennart Poettering
5b2d8ffb5a answer: add helper for randomizing RR of answers 2021-02-14 15:42:56 +01:00
Lennart Poettering
5464c96186 random-util: add random_u64_range() that acquires a random number from a certain range, unbiased
So far we have been quite sloppy with this and ignored modulus and range
bias. Let's do something about, and add the option to do better.
2021-02-14 15:42:12 +01:00
Zbigniew Jędrzejewski-Szmek
3b5ab02119 TEST-15-DROPINS: add test for linked units 2021-02-14 15:08:49 +01:00
Zbigniew Jędrzejewski-Szmek
3aa5765843 basic/unit-file: when loading linked unit files, use link source as "fragment path"
The general idea is that when a unit file is "linked" (i.e. installed by
symlinking from outside of the search paths), the *destination* name is
irrelevant. It doesn't even have to be a valid unit name, or to match the type
or instance value. The obvious collorary is that we shouldn't look at the
symlink destination name to derive the unit name, instance value, or anything
else at all.

When building the name map, when we find a linked unit (possibly at the end
of a series of alias redirects), store the *source* of the final symlink as the
fragment path. This has two effects:
- we stop looking at the *target* file name to derive unit info, i.e. actually
  implement the stuff described in the first paragraph.
- we load the unit fragment through the symlink. If someone were to remove the
  symlink, we'll not load the unit. This seems like the right thing.

Fixes #18058.
Before this change, we were generally quite confused about unit alises for
linked units. Fortunately most poeple use the same symlink source and target,
so in practice we wouldn't hit this too often.

In unit_load_fragment() a comment is added to explain what we're doing there.
2021-02-14 14:49:00 +01:00
Zbigniew Jędrzejewski-Szmek
76e5e267fc systemctl: inline iterator declarations 2021-02-14 11:55:56 +01:00