1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

5213 Commits

Author SHA1 Message Date
Luca Boccassi
bdf75118ba
Merge pull request #34049 from yuwata/network-routing-policy-rule
network: further rework for routing policy rule
2024-08-21 12:46:37 +02:00
Yu Watanabe
2656f44c3c
Merge pull request #34018 from yuwata/network-address-label
network: allow to configure IPv6 address label in networkd.conf
2024-08-21 02:05:22 +09:00
Daan De Meyer
c8e7cfeddc tests: Don't override QemuKvm= value if TEST_NO_KVM=0
Let's disable KVM if TEST_NO_KVM=1 is set but let's not specify anything
if it's not set so the QemuKvm= setting from mkosi.conf is used.
2024-08-21 01:52:09 +09:00
Yu Watanabe
085818569b test-network: add test for ManageForeignRoutingPolicyRules= 2024-08-20 21:02:31 +09:00
Yu Watanabe
49454d9ced test-network: add tests for Type=table, goto, and nop 2024-08-20 21:02:31 +09:00
Yu Watanabe
936dec4337 test-network: do not pass '[detached]' to 'ip rule del'
That indicates the interface name in 'iif' or 'oif' cannot be resolved
when 'ip rule' command is invoked. That's natural when networkd fail to
remove rule but the corresponding interface is already removed.
To make not the residual rules interfere subsequent test cases, let's
ignore the flag and actually remove unwanted rules.
2024-08-20 21:02:31 +09:00
Yu Watanabe
489671d225 network/address-label: allow to configure IPv6 address label in networkd.conf
Closes #23159.
2024-08-20 20:50:56 +09:00
Luca Boccassi
a16079fccc
Merge pull request #34014 from yuwata/network-ip-masquerade
network: make IPMasquerade= imply global IP forwarding settings again
2024-08-20 11:59:30 +02:00
Yu Watanabe
0197fb599a test-network: make kernel send NA with router flag
If the router interface send NA without router flag, client interface will drop
SLAAC addresses. To make the router interface send NA with router flag,
IPv6 forwarding needs to be enabled.
===
client: NDISC: Received Neighbor Advertisement from fe80::1034:56ff:fe78:9a99: Router=no, Solicited=yes, Override=no
client: NDISC: Invoking callback for 'neighbor' event.
client: Removing NDisc route (configured): dst: 2002:da8:1:99::/64, src: n/a, gw: n/a, prefsrc: n/a, table: main(254), priority: 1024, proto: ra, scope: global, type: unicast, flags: n/a
client: Removing NDisc route (configured): dst: n/a, src: n/a, gw: fe80::1034:56ff:fe78:9a99, prefsrc: n/a, table: main(254), priority: 1024, proto: ra, scope: global, type: unicast, flags: n/a
client: Removing NDisc address (configured): 2002:da8:1:99:1034:56ff:fe78:9a00/64 (valid for 23h 59min 58s, preferred for 3h 59min 58s), flags: manage-temporary-address,no-prefixroute, scope: global
===
2024-08-20 09:01:08 +02:00
Yu Watanabe
6e4918a944 analyze: introduce --instance= option to control instance name for template units
Note, `systemd-analyze foo@.service --instance=hoge` is equivalent to
`systemd-analyze foo@hoge.service`. But, the option may be useful when
e.g. passing multiple template units that have restriction on their
instance name:
```
$ ls
template_aaa@.service   template_bbb@.service   template_ccc@.service
$ systemd-analyze ./template_* --instance=hoge
```
Without the option, we need to embed an instance name into each unit
name, so cannot use globs.

Prompted by #33681.
2024-08-19 04:29:23 +09:00
Yu Watanabe
08779d7c55 test: add test case that 'nspawn --network-veth' enables IP forwarding 2024-08-17 02:11:15 +09:00
Yu Watanabe
4bf1a2c383 network/wireguard: introduce [WireGuardPeer] PublicKeyFile=
Similar to PresharedKeyFile=, but for public key.

Closes #34012.
2024-08-17 01:58:02 +09:00
Yu Watanabe
7908e1d459 test: allow to skip matrix_run_one() if $TEST_MATCH_TESTCASE is set 2024-08-17 01:47:33 +09:00
Daan De Meyer
2701c2f67d Add $SYSTEMD_IN_CHROOT to override chroot detection
When running unprivileged, checking /proc/1/root doesn't work because
it requires privileges. Instead, let's add an environment variable so
the process that chroot's can tell (systemd) subprocesses whether
they're running in a chroot or not.
2024-08-16 10:11:29 +02:00
Yu Watanabe
22862288c8 test: sync journal after all invocations finished
Otherwise, several messages for the last invocation have not been
stored to journal yet.

Hopefully fixes the following race:
===
[  603.037765] H systemd-run[10503]: Running as unit: invocation-id-test-26448.service; invocation ID: 1a49edeb05a641aaa2def72411134822
[  603.099587] H bash[10504]: invocation 10 1a49edeb05a641aaa2def72411134822
[  603.212069] H systemd[1]: invocation-id-test-26448.service: Deactivated successfully.
[  603.225092] H systemd-run[10503]: Finished with result: success
[  603.225163] H TEST-04-JOURNAL.sh[10506]: + journalctl --list-invocation -u invocation-id-test-26448.service
[  603.225318] H systemd-run[10503]: Main processes terminated with: code=exited, status=0/SUCCESS
[  603.225357] H TEST-04-JOURNAL.sh[10507]: + tee /tmp/tmp.UzSmYamXyg/10
[  603.225357] H TEST-04-JOURNAL.sh[10507]: IDX INVOCATION ID                    FIRST ENTRY                 LAST ENTRY
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -9 d6efabb546014027b6bd7ee3a78386d6 Wed 2024-08-14 22:12:16 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -8 3e402b81c28d4a8fa2c5e8e31dffd9ee Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -7 5ebd0ba07d4f4f52bc84275f55a3ee2e Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -6 bc53c49d6ce24bb7acd438c3e61cfb23 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -5 24680907919e4839a75378117bb5a816 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -4 ec364ed7673c4a1fa22929f95ce7047b Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -3 2e8a4dea43044d1a9faf922f7a2f3d42 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -2 ac610b6e6c9c4a29bf8947890685478b Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:  -1 9b7d52c3620948f9831e323910f605f5 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225357] H TEST-04-JOURNAL.sh[10507]:   0 1a49edeb05a641aaa2def72411134822 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.225823] H systemd-run[10503]: Service runtime: 174ms
[  603.225866] H TEST-04-JOURNAL.sh[10508]: + journalctl --list-invocation -u invocation-id-test-26448.service --reverse
[  603.226110] H systemd-run[10503]: CPU time consumed: 12ms
[  603.226142] H TEST-04-JOURNAL.sh[10509]: + tee /tmp/tmp.UzSmYamXyg/10-r
[  603.226378] H systemd-run[10503]: Memory peak: 1.4M (swap: 0B)
[  603.230161] H TEST-04-JOURNAL.sh[10509]: IDX INVOCATION ID                    FIRST ENTRY                 LAST ENTRY
[  603.230161] H TEST-04-JOURNAL.sh[10509]:   0 1a49edeb05a641aaa2def72411134822 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:18 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -1 9b7d52c3620948f9831e323910f605f5 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -2 ac610b6e6c9c4a29bf8947890685478b Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -3 2e8a4dea43044d1a9faf922f7a2f3d42 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -4 ec364ed7673c4a1fa22929f95ce7047b Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -5 24680907919e4839a75378117bb5a816 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -6 bc53c49d6ce24bb7acd438c3e61cfb23 Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -7 5ebd0ba07d4f4f52bc84275f55a3ee2e Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -8 3e402b81c28d4a8fa2c5e8e31dffd9ee Wed 2024-08-14 22:12:17 UTC Wed 2024-08-14 22:12:17 UTC
[  603.230161] H TEST-04-JOURNAL.sh[10509]:  -9 d6efabb546014027b6bd7ee3a78386d6 Wed 2024-08-14 22:12:16 UTC Wed 2024-08-14 22:12:17 UTC
===
2024-08-15 18:52:38 +09:00
Luca Boccassi
ddc91af4ea test: add TEST_SKIP to mkosi integration test wrapper
Takes a space-separate list of test names, allows to skip one or more tests
2024-08-15 10:39:51 +02:00
Yu Watanabe
6dd1465b2a
Merge pull request #32067 from ssahani/bareudp1
network: netdev - BareUDP Add support for srcportmin
2024-08-15 05:35:32 +09:00
Susant Sahani
3859ef162b test-network: Add test for BareUDP srcportmin 2024-08-14 23:18:26 +05:30
Daan De Meyer
db043a9b1a test: Use usual setup in integration-test-setup script 2024-08-14 14:18:40 +02:00
Daan De Meyer
dba138b863 test: Fix section of StateDirectory= 2024-08-14 14:18:40 +02:00
Luca Boccassi
33a2307ac7
Merge pull request #33957 from yuwata/network-generator-vlan
network-generator: fixlets for vlan interfaces
2024-08-14 12:45:25 +02:00
Yu Watanabe
b3b4d626ce network-generator: use extract_first_word()
Now, ip= with trailing colon is refused.
2024-08-14 15:29:45 +09:00
Luca Boccassi
5936b4054a
Merge pull request #33979 from YHNdnzj/edit-util-no-duplicate-strip
edit-util: a few cleanups; support networkctl edit --stdin
2024-08-13 01:48:06 +02:00
Lukas Nykryn
fe5a6c47af systemd-run: add unit and invocation_id JSON output 2024-08-12 20:19:01 +02:00
Mike Yuan
119cba7835
networkctl: support edit --stdin 2024-08-12 16:23:23 +02:00
Luca Boccassi
0dd6fe931d
Merge pull request #33961 from bluca/busctl_exit
busctl: add support for --timeout and --num-matches for monitor verb
2024-08-09 14:48:40 +02:00
Luca Boccassi
702d74b62a busctl: add --num-matches= for monitor verb
Useful in scripts when one wants to wait for a specific
signal before continuing
2024-08-09 12:12:28 +01:00
Nick Rosbrook
82c482d573 core/unit: do not use unit path cache in unit_need_daemon_reload()
When unit_need_daemon_reload() calls unit_find_dropin_paths() to check
for new drop-in configs, the manager's unit path cache is used to limit
which directories are considered. If a new drop-in directory is created,
it may not be in the unit path cache, and hence unit_need_daemon_reload()
may return false, despite a new drop-in being present. However, if a
unit path cache is not given to unit_file_find_dropin_paths() at all,
then it behaves as if the target path was found in the unit path cache.

So, to fix this, adapt unit_find_dropin_paths() to take a boolean
argument indicating whether or not to pass along the unit path cache.
Set this to false in unit_need_daemon_reload().

Fixes #31752
2024-08-09 19:25:42 +09:00
Luca Boccassi
79488ac003 test: note in README how to get full list of Ubuntu CI jobs 2024-08-08 15:13:38 +01:00
Luca Boccassi
989e843e75 busctl: add support for --timeout to monitor verb
Useful in scripts when you want to exit successfully after a certain time
2024-08-08 09:18:41 +01:00
Daan De Meyer
4fde35f27e
Merge pull request #33951 from DaanDeMeyer/nspawn
nspawn: Allow specifying custom init program
2024-08-07 07:32:50 +02:00
Daan De Meyer
ce2291730d nspawn: Allow specifying custom init program
This allows for example forcing to use /sbin/init instead of always
using /usr/lib/systemd/systemd if it exists. Or it allows using a
different path altogether.
2024-08-06 23:00:17 +02:00
Nick Rosbrook
18a8f03e51 sysusers: check if requested group name matches user name in queue
When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:

 u foo -
 u bar -:foo

when both foo and bar are new users.

Fixes #33547
2024-08-06 13:02:58 +02:00
Daan De Meyer
92d885d870
Merge pull request #33942 from yuwata/udevadm-info-attribute-walk-json
udevadm-info: support json output for --attribute-walk
2024-08-06 10:23:45 +02:00
Yu Watanabe
5a5a7093b8
Merge pull request #33933 from yuwata/systemctl-bus-transport-and-runtime-scope
systemctl: fix bus transport and runtime scope handling
2024-08-06 09:12:28 +09:00
Yu Watanabe
c243302ee0
Merge pull request #33941 from yuwata/network-dhcp-pd-route-type
network/dhcp-pd: introduce UnassignedSubnetPolicy= to customize type of 'catch-all' route
2024-08-06 09:11:54 +09:00
Yu Watanabe
1056457d11 systemctl: gracefully adjust bus transport and runtime scope when --boot-loader-entry=help
This fixes the following assertion:
===
SYSTEMD_LOG_LEVEL=debug systemctl --user -H foo --boot-loader-entry=help
Assertion 'transport != BUS_TRANSPORT_REMOTE || runtime_scope == RUNTIME_SCOPE_SYSTEM' failed at src/shared/bus-util.c:284, function bus_connect_transport(). Ignoring.
Failed to connect to bus: Operation not supported
===

Fixes a bug introduced by 97af80c5a7.
Fixes #33661.
Fixes oss-fuzz#70153.
2024-08-06 05:33:25 +09:00
Yu Watanabe
d133508493 test-network: add test case for UnassignedSubnetPolicy= 2024-08-06 05:24:20 +09:00
Yu Watanabe
67ea8a4c0e udevadm-info: support json output for --attribute-walk
Closes #33852.
2024-08-06 05:22:10 +09:00
Arnaud Patard
e7a93e7521 src/pcrlock/pcrlock.c: Handle empty pcrlock.d directories
Running the following commands:

  # mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
  # /usr/lib/systemd/systemd-pcrlock predict --pcr=1+2+3+4+5+16

Will result in:

...
Floating point exception

Running the following commands:
  # mkdir -p /var/lib/pcrlock.d/123-empty.pcrlock.d
  # /usr/lib/systemd/systemd-pcrlock make-policy --pcr=1+2+3+4+5+16

Will result to this (partial) log:
...
Predicted future PCRs in 133us.
[]
...
Written policy digest 0000000000000000000000000000000000000000000000000000000000000000 to NV index 0x1921da6
...

So, add missing checks to handle gracefully cases where there's no variant
inside the component.

Signed-off-by: Arnaud Patard <arnaud.patard@collabora.com>
2024-08-05 18:32:26 +01:00
Luca Boccassi
1e0ef01439 logind: add PreparingForShutdownWithMetadata property
The PrepareForShutdownWithMetadata signal was added via
e4aab5cf1a but a corresponding property
was not. A property has to be a single type, so the bool needs to be
one of the key/value pairs as 'ba{sv}' is not a valid property.
2024-08-05 19:30:15 +02:00
Daan De Meyer
bec6b53f3c
Merge pull request #33912 from DaanDeMeyer/mkosi
test: Add a way to quickly iterate on an integration test
2024-08-05 16:21:48 +02:00
rajmohan r
1592d2f900 systemd-analyze: Add svg scaling options
+ Scale the x-axis of the resulting plot by a factor (default 1.0)
+ Add activation timestamps to each bar

Signed-off-by: rajmohan r <rajmohan.r@kpit.com>
2024-08-05 15:23:44 +02:00
Daan De Meyer
af153e36ae test: Add a way to quickly iterate on an integration test
Rebuilding the integration test every time is very slow. Let's
introduce a way to iterate on an integration test without rebuilding
the image every time. By making a btrfs snapshot before we run the
integration test, we can then systemctl soft-reboot after running
the test to restore the rootfs to a pristine state before running
the test again.

As /run/nextroot will get nuked on reboot or soft-reboot, we introduce
a tmpfiles snippet to make sure it is recreated every (soft-)reboot
and adapt the existing tests to deal with this new symlink.
2024-08-05 15:13:38 +02:00
Daan De Meyer
dd1c01b20f test: Implement TEST_SHELL for mkosi based test runner
TEST_SHELL can be used to get a shell in the integration test
environment without actually immediately starting the test.
2024-08-05 15:00:24 +02:00
Daan De Meyer
33f400a9e0 test: Rename INTERACTIVE_DEBUG to TEST_SHELL 2024-08-05 15:00:24 +02:00
Mike Yuan
1391f149f0 core/service: actually allow to "hurry up" auto restarts
unit_start() advertises that start requests don't get suppressed,
so that it could be used to manually speed up auto restarts.
However, service_start() so far rejected this, stating that
clients should issue restart request in order to trigger
BindsTo=/OnFailure=.

That seems to be a red herring though, because for a long time
the service states between auto-restarts were buggy (#27594).
With the introduction of RestartMode=direct, the behavior
is sane again and customizable, hence I see no reason to refuse
this anymore. Whether those deps are triggered solely depends
on RestartMode= now.

Plus, filter out some intermediate states that should never
be seen in service_start().

Fixes #33890
2024-08-03 13:03:28 +02:00
Yu Watanabe
74d1ee0373 core: refuse credentials with invalid names matching with glob
Even if the glob pattern is valid, the pattern may match credentials
with invalid names. So, we need to check the names of the found
credentials.

Follow-up for 947c4d3952.
2024-08-03 14:25:35 +09:00
Yu Watanabe
b376dbc83d test: a credential can be imported multiple times with different names
This is supported since 831f208783.
Let's explicitly test the functionality.
2024-08-03 14:23:17 +09:00
Yu Watanabe
40dd2a1c24 core: make ImportCredentialEx= DBus property support without renaming
Note that the conf parser for ImportCredential= checks in the same way.

Follow-up for 831f208783.
2024-08-03 14:20:07 +09:00