1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 17:51:22 +03:00
Commit Graph

717 Commits

Author SHA1 Message Date
Dan Streetman
c29537f39e meson.build: change operator combining bools from + to and
upstream meson stopped allowing combining boolean with the plus
operator, and now requires using the logical and operator

reference:
43302d3296

Fixes: #20632
2021-09-04 09:09:32 +09:00
Zbigniew Jędrzejewski-Szmek
f064b40ec9 meson: capitalize the last instance of "efi"
All the others in this section use "EFI"…
2021-08-24 15:39:17 +02:00
Ondrej Kozina
8186022c9d Add support for systemd-pkcs11 libcryptsetup plugin.
Add support for systemd-pkcs11 based LUKS2 device activation
via libcryptsetup plugin. This make the feature (pkcs11 sealed
LUKS2 keyslot passphrase) usable from both systemd utilities
and cryptsetup cli.

The feature is configured via -Dlibcryptsetup-plugins combo
with default value set to 'auto'. It get's enabled automatically
when cryptsetup 2.4.0 or later is installed in build system.
2021-08-19 13:58:10 +02:00
Ondrej Kozina
351716e111 Add support for systemd-fido2 libcryptsetup plugin.
Add support for systemd-fido2 based LUKS2 device activation
via libcryptsetup plugin. This make the feature (fido2 sealed
LUKS2 keyslot passphrase) usable from both systemd utilities
and cryptsetup cli.

The feature is configured via -Dlibcryptsetup-plugins combo
with default value set to 'auto'. It get's enabled automatically
when cryptsetup 2.4.0 or later is installed in build system.
2021-08-19 13:58:10 +02:00
Jan Janssen
702d40270a meson: Make unused-function an error 2021-08-13 09:23:45 +02:00
Egor Ignatov
b10abe4bba time-set: adjust system clock if rtc is far in future 2021-08-02 20:33:01 +01:00
Luca Boccassi
a8d1a8e96d
Merge pull request #20326 from keszybz/meson-0.53.2
Use some more new meson features
2021-07-28 13:30:37 +01:00
Zbigniew Jędrzejewski-Szmek
12085ebb40 meson: use meson's summary()
The output is similar to our hand-crafted status message, but it's nice to use
the built-in functionality. After all, it was amended during development to
support our use case.
2021-07-28 10:04:06 +02:00
Luca Boccassi
c1597f07bf
Merge pull request #20319 from keszybz/meson-0.53.2
Bump required meson version to 0.53.2
2021-07-27 23:15:18 +01:00
Zbigniew Jędrzejewski-Szmek
f12c5d36a9 meson: use alias_target for doc update commands
This undoes part of 4c890ad3cc: the
implementations of update-dbus-docs and update-man-rules are moved back to
man/meson.build, and alias_target() is used to keep the visible target names
unchanged.

The rules for man pages are reworked so that it's possible to invoke the
targets even if xstlproc is not available. After all, xsltproc is only needed
for the final formatted output, and not other processing.
2021-07-27 20:34:40 +02:00
Zbigniew Jędrzejewski-Szmek
6839ce3318 meson: use alias_target in one place
It was added in meson 0.52.0, and fits very nicely here.
See https://mesonbuild.com/Release-notes-for-0-52-0.html#alias_target.
2021-07-27 19:58:55 +02:00
Zbigniew Jędrzejewski-Szmek
fce9abb227 meson: use a/b instead of join_paths(a,b)
It is nicer and shorter.
2021-07-27 19:32:35 +02:00
Zbigniew Jędrzejewski-Szmek
68e101da7a meson: adjust comment about find_program() usage
The FIXME was not correct: with 'dirs' we'd put the fixed path first
(see the docs for find_program()).
2021-07-27 18:53:31 +02:00
Zbigniew Jędrzejewski-Szmek
9247df5a88 meson: require 0.53.2 and drop some workarounds for old meson
Ubuntu Bionic 18.04 has 0.45, so it was below the previously required
minimum version already. Focal 20.04 has 0.53.2. Let's require that
and use various features that are available.
2021-07-27 16:46:46 +02:00
Frantisek Sumsal
99c645b81a meson: add a missing versiondep to libcryptsetup-plugins target
Otherwise the build sometimes fails in a racy way:

```
[274/1850] Compiling C object src/cryptsetup/cryptsetup-tokens/libcryptsetup-token-systemd-tpm2_static.a.p/cryptsetup-token-systemd-tpm2.c.o
FAILED: src/cryptsetup/cryptsetup-tokens/libcryptsetup-token-systemd-tpm2_static.a.p/cryptsetup-token-systemd-tpm2.c.o
cc -Isrc/cryptsetup/cryptsetup-tokens/libcryptsetup-token-systemd-tpm2_static.a.p (...) -c ../build/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
../build/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:12:10: fatal error: version.h: No such file or directory
   12 | #include "version.h"
         |          ^~~~~~~~~~~
         compilation terminated.
```

Follow-up to d1ae38d85a.
2021-07-27 14:44:30 +01:00
Ondrej Kozina
d1ae38d85a Add support for systemd-tpm2 libcryptsetup plugin.
Add support for systemd-tpm2 based LUKS2 device activation
via libcryptsetup plugin. This make the feature (tpm2 sealed
LUKS2 keyslot passphrase) usable from both systemd utilities
and cryptsetup cli.

The feature is configured via -Dlibcryptsetup-plugins combo
with default value set to 'auto'. It get's enabled automatically
when cryptsetup 2.4.0 or later is installed in build system.
2021-07-26 15:15:16 +02:00
Luca Boccassi
c5a421b3b9
Merge pull request #20276 from keszybz/rpm-restart-wip
Reload user daemons and restart user services at the end of the rpm transaction
2021-07-26 11:02:37 +01:00
Zbigniew Jędrzejewski-Szmek
36d55958cc rpm: restart user services at the end of the transaction
This closes an important gap: so far we would reexecute the system manager and
restart system services that were configured to do so, but we wouldn't do the
same for user managers or user services.

The scheme used for user managers is very similar to the system one, except
that there can be multiple user managers running, so we query the system
manager to get a list of them, and then tell each one to do the equivalent
operations: daemon-reload, disable --now, set-property Markers=+needs-restart,
reload-or-restart --marked.

The total time that can be spend on this is bounded: we execute the commands in
parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT
to a lower value (15 s by default). User managers should not have too many
units running, and they should be able to do all those operations very
quickly (<< 1s). The final restart operation may take longer, but it's done
asynchronously, so we only wait for the queuing to happen.

The advantage of doing this synchronously is that we can wait for each step to
happen, and for example daemon-reloads can finish before we execute the service
restarts, etc. We can also order various steps wrt. to the phases in the rpm
transaction.

When this was initially proposed, we discussed a more relaxed scheme with bus
property notifications. Such an approach would be more complex because a bunch
of infrastructure would have to be added to system manager to propagate
appropriate notifications to the user managers, and then the user managers
would have to wait for them. Instead, now there is no new code in the managers,
all new functionality is contained in src/rpm/. The ability to call 'systemctl
--user user@' makes this approach very easy. Also, it would be very hard to
order the user manager steps and the rpm transaction steps.

Note: 'systemctl --user disable' is only called for a user managers that are
running. I don't see a nice way around this, and it shouldn't matter too much:
we'll just leave a dangling symlink in the case where the user enabled the
service manually.

A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and
fa97d2fcf6.
2021-07-24 11:53:31 +02:00
Zbigniew Jędrzejewski-Szmek
6d825ab2d4 rpm: use a helper script to actually invoke systemctl commands
Instead of embedding the commands to invoke directly in the macros,
let's use a helper script as indirection. This has a couple of advantages:

- the macro language is awkward, we need to suffix most commands by "|| :"
  and "\", which is easy to get wrong. In the new scheme, the macro becomes
  a single simple command.
- in the script we can use normal syntax highlighting, shellcheck, etc.
- it's also easier to test the invoked commands by invoking the helper
  manually.
- most importantly, the logic is contained in the helper, i.e. we can
  update systemd rpm and everything uses the new helper. Before, we would
  have to rebuild all packages to update the macro definition.

This raises the question whether it makes sense to use the lua scriptlets when
the real work is done in a bash script. I think it's OK: we still have the
efficient lua scripts that do the short scripts, and we use a single shared
implementation in bash to do the more complex stuff.

The meson version is raised to 0.47 because that's needed for install_mode.
We were planning to raise the required version anyway…
2021-07-24 11:46:23 +02:00
Luca BRUNO
6fe23ff31c docs: move /var/log/README to a tmpfiles.d symlink
This moves the /var/log/README content out of /var and into the
docs location, replacing the previous file with a symlink
created through a tmpfiles.d entry.
2021-07-21 17:29:06 +02:00
James Hilliard
e5d86ebed5 Add meson option to disable urlify.
Useful for systems that don't use a version of less with hyperlink
support.
2021-07-19 11:57:51 +02:00
Zbigniew Jędrzejewski-Szmek
bc2a4af25f meson: re-enable -Wunused-result with clang
We disabled it in f73fb7b742 in response to an
apparent gcc bug. It seems that depending on the combination of optimization
options, gcc still ignores (void). But this seems to work fine with clang, so
let's re-enable the warning conditionally.
2021-07-09 11:11:25 +02:00
Lennart Poettering
5945640e2a creds: add a new tool for listing/showing/encrypting/decrypting credentials 2021-07-08 09:30:45 +02:00
Lennart Poettering
011d129cf4 sd-id128: make sure sd_id128_get_machine_app_specific() logic also works without "khash"
So, as it turns out AF_ALG is turned off in a lot of kernels/container
environments, including our CI. Hence, if we link against OpenSSL
anyway, let's just use that client side. It's also faster.

One of those days we should drop the khash code, and ust use OpenSSL,
once the licensing issues are resolved.
2021-07-08 09:28:28 +02:00
Zbigniew Jędrzejewski-Szmek
378e9d2b6d meson: install the right README file in modprobe.d
We put the "global" README file there. Introduced
in d83e90c73c.
2021-07-07 14:52:05 +02:00
Zbigniew Jędrzejewski-Szmek
87501ac0eb meson: drop libseccomp and libselinux from libbasic linkage
This means libsystemd.so is without them now. This is important
because countless programs link to libsystemd.so, and do not need
to pull in selinux now. And libselinux.so pulls in libpcre2, so
we trim a nice dependency tree.

I'm not sure why libseccomp was listed there. No code seems to
refer to it.

$ diff -u <(ldd ../systemd/build/libsystemd.so|sed 's/0x.*/0x…/') <(ldd build/libsystemd.so|sed 's/0x.*/0x…/')
@@ -4,11 +4,9 @@
 	libzstd.so.1 => /lib64/libzstd.so.1 (0x…
 	liblz4.so.1 => /lib64/liblz4.so.1 (0x…
 	libcap.so.2 => /lib64/libcap.so.2 (0x…
-	libselinux.so.1 => /lib64/libselinux.so.1 (0x…
 	libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x…
 	libpthread.so.0 => /lib64/libpthread.so.0 (0x…
 	libc.so.6 => /lib64/libc.so.6 (0x…
 	/lib64/ld-linux-x86-64.so.2 (0x…
-	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x…
 	libdl.so.2 => /lib64/libdl.so.2 (0x…
 	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x…

$ diff -u <(ldd ../systemd/build/libudev.so|sed 's/0x.*/0x…/') <(ldd build/libudev.so|sed 's/0x.*/0x…/')
@@ -1,8 +1,5 @@
 	linux-vdso.so.1 (0x…
 	librt.so.1 => /lib64/librt.so.1 (0x…
-	libselinux.so.1 => /lib64/libselinux.so.1 (0x…
 	libpthread.so.0 => /lib64/libpthread.so.0 (0x…
 	libc.so.6 => /lib64/libc.so.6 (0x…
 	/lib64/ld-linux-x86-64.so.2 (0x…
-	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x…
-	libdl.so.2 => /lib64/libdl.so.2 (0x…
2021-06-24 10:11:16 +02:00
Zbigniew Jędrzejewski-Szmek
9a797ddc41 meson: allow "soft-static" allocations for uids and gids in the initrd
The general idea with users and groups created through sysusers is that an
appropriate number is picked when the allocation is made. The number that is
selected will be different on each system based on the order of creation of
users, installed packages, etc. Since system users and groups are not shared
between installations, this generally is not an issue. But it becomes a problem
for initrd: some file systems are shared between the initrd and the host (/run
and /dev are probably the only ones that matter). If the allocations are
different in the host and the initrd, and files survive switch-root, they will
have wrong ownership.

This makes the gids build-time-configurable for all groups and users where
state may survive the switch from initrd to the host.

In particular, all "hardware access" groups are like this: files in /dev will
be owned by them.  Eventually the new udev would change ownership, but there
would be a momemnt where the files were owned by the wrong group. The
allocations are "soft-static" in the language of Fedora packaging guidelines:
the uid/gid will be used if possible, but we'll fall back to a different
one. TTY_GID is the exception, because the number is used directly.

Similarly, the possibility to configure "soft-static" uids is added for daemons
which may usefully run in the initramfs: systemd-network (lease information and
interface state is serialized to /run), systemd-resolve (stub files and
interface state), systemd-timesync (/run/systemd/timesync).

Journal files are owned by the group systemd-journal, and acls are granted
for wheel and adm.

systemd-oom and systemd-coredump are excluded from this patch: I assume that
oomd is not useful in the initrd, and coredump leaves no state (it only creates
a pipe in /run?).

The defaults are not changed: if nothing is configured, dynamic allocation will
be used. I looked at a Debian system, and the numbers are all different than
on Fedora.

For Fedora, see the list of uids and gids at https://pagure.io/setup/blob/master/f/uidgid.
In particular, systemd-network and systemd-resolve got soft-static numbers to
make it easy to transition from a non-host-specific initrd to a host system
already a few years back (https://bugzilla.redhat.com/show_bug.cgi?id=1102002).

I also requested static allocations for sgx, input, render in
https://pagure.io/packaging-committee/issue/1078,
https://pagure.io/setup/pull-request/27.
2021-06-17 09:48:28 +02:00
Lennart Poettering
ca1e8584c6 meson: bump version for 249-rc1 release 2021-06-15 21:59:44 +02:00
Michal Sekletár
b428efa54b udev: add basic set of user-space defined tracepoints (USDT)
Debugging udev issues especially during the early boot is fairly
difficult. Currently, you need to enable (at least) debug logging and
start monitoring uevents, try to reproduce the issue and then analyze
and correlate two (usually) huge log files. This is not ideal.

This patch aims to provide much more focused debugging tool,
tracepoints. More often then not we tend to have at least the basic idea
about the issue we are trying to debug further, e.g. we know it is
storage related. Hence all of the debug data generated for network
devices is useless, adds clutter to the log files and generally
slows things down.

Using this set of tracepoints you can start asking very specific
questions related to event processing for given device or subsystem.
Tracepoints can be used with various tracing tools but I will provide
examples using bpftrace.

Another important aspect to consider is that using tracepoints you can
debug production systems. There is no need to install test packages with
added logging, no debuginfo packages, etc...

Example usage (you might be asking such questions during the debug session),

Q: How can I list all tracepoints?
A: bpftrace -l 'usdt:/usr/lib/systemd/systemd-udevd:udev:*'

Q: What are the arguments for each tracepoint?
A: Look at the code and search for use of DEVICE_TRACE_POINT macro.

Q: How many times we have executed external binary?
A: bpftrace -e 'usdt:/usr/lib/systemd/systemd-udevd:udev:spawn_exec { @cnt = count(); }'

Q: What binaries where executed while handling events for "dm-0" device?
A  bpftrace -e 'usdt:/usr/lib/systemd/systemd-udevd:udev:spawn_exec / str(arg1) == "dm-0"/ { @cmds[str(arg4)] = count(); }'

Thanks to Thomas Weißschuh <thomas@t-8ch.de> for reviewing this patch
and contributions that allowed us to drop the dependency on dtrace tool
and made the resulting code much more concise.
2021-06-15 18:28:28 +02:00
Yu Watanabe
16e09d51a7 meson: do not share compiler flags except for emitting warnings
Follow-up for 6526736397.

Prompted by https://github.com/systemd/systemd/issues/19191#issuecomment-856312107.
2021-06-08 10:44:34 +02:00
Yu Watanabe
505ab9dda2 meson: sort compiler flags 2021-06-02 15:53:29 +09:00
Yu Watanabe
6526736397 meson: enable more warnings when building efi binary 2021-06-02 15:49:44 +09:00
Lennart Poettering
71eceff645 homework: make libcryptsetup dep runtime optional 2021-06-01 13:32:40 +02:00
Peter Kjellerstedt
b2d7487071 meson: Correctly validate that prefix is a child of rootprefix
In commit d895e10a a test was introduced to validate that prefix is a
child of rootprefix. However, it only works when rootprefix is "/".
Since the test is ignored when rootprefix is equal to prefix, this is
only noticed if specifying both -Drootprefix= and -Dprefix=, e.g.:

  $ meson foo -Drootprefix=/foo -Dprefix=/foo/bar
  meson.build:111:8: ERROR: Problem encountered: Prefix is not below
  root prefix (now rootprefix=/foo prefix=/foo/bar)
2021-05-28 06:29:45 +09:00
Luca Boccassi
c5fd89adcd core: make libbpf a dlopen() dependency 2021-05-25 12:59:26 +01:00
Luca Boccassi
936cfad7e5 meson: look for bpftool in /usr/sbin too
On Debian, bpftool is installed in /usr/sbin, which is not in $PATH for
non-root users by default, so finding it fails.
Add a secondary, hard-coded '/usr/sbin/bpftool' after 'bpftool' so that
meson can find it.

https://packages.debian.org/sid/amd64/bpftool/filelist
2021-05-25 12:59:26 +01:00
Zbigniew Jędrzejewski-Szmek
f78ad5f046 test: enable fuzz regression tests by default
This ensures that the fuzz test code is also built by default.
It also increases the test coverage a bit. Compiling the tests
*with* sanitizers is painfully slow, so this is not enabled. But
just compiling them sauté is hardly noticable. Running the tests
increases the test count and runtime:
  622 tests, 26 s
to
  922 tests, 35 s
I think this is acceptable.
2021-05-20 09:30:43 +02:00
Luca Boccassi
2d4efd1dba build tests: check that Github pages can be built successfully 2021-05-19 23:25:34 +02:00
Zbigniew Jędrzejewski-Szmek
71ae5ce544 units: generate ReadWritePaths= in the template 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
491bf10c80 meson: sort conf paths alphabetically
The order was a complete mess. Let's make it a bit more tidy.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
fd3a3e31b3 meson: drop "_YES_NO" variables
We can generate the right string in the template directly.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
46c4f8dc8a meson: use jinja2 also for custom-entities.ent
This doesn't matter too much, but makes things a bit more consistent.
A minor advantage is that the file is not a configuration file for meson
anymore, so:
 a) It is not built unless pulled in by another target. Since
    we don't usually build man pages by default, this saves a tiny
    amount of work.
 b) When the .in file is updated, meson does not reconfigure everything,
    but just rebuilds the dependent targets.

Now that the conversion is finished, time for benchmarking:
a full build with default settings (and -Dstandalonebinaries=true), yields

before this pull request: 1687 targets, 148.13s user 35.17s system 317% cpu 57.697 total
with the full pull request: 1714 targets, 143.07s user 27.87s system 314% cpu 54.369 total

The difference doesn't seem significant. Partial rebuilds might be faster as
mentioned before.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
b1ac8498ac meson: drop "substs"
We had two big 'configuration_data' objects in meson config. (There are in fact
more. On is added in this series, and there's one for efi… But those others
have a handful variables only for specific purposes and don't matter). The two
sets are 'conf' and 'substs', and were inherited from the original autotools
system. In the past there was even a third set ('m4_defines'), but @yuwata
removed it in 348b44372f. And those two/three
systems had very similar data, but with different variable names, because of
historical reasons. They also used subtly different quoting (.set()
vs. .set10() vs. .set_quoted()), which was required because the templating
engines were not flexible enough. This meants we had more work when changing
things, and we needed to search for different variable names, etc.

With a more flexible templating engine we can do with just one
configuration_data object.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
e11a25cadb meson: use jinja2 for various files in src/core/ 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
ba29ee4cc0 meson: use jinja2 for src/libudev/ 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
411d1f4c3a meson: use jinja2 for src/resolve/ 2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
835cf75aef meson: use jinja2 for rpm templates
The naming of variables is very inconsistent. I tried to use more
modern style naming (UNDERSCORED_TITLE_CASE), but I didn't change existing
names too much. Only SYSTEM_DATA_UNIT_PATH is renamed to SYSTEM_DATA_UNIT_DIR
to match SYSTEM_CONFIG_UNIT_DIR.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
8feaea5e3d meson: use jinja2 for rules.d templates 2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
195a8a9327 meson: use custom configuration_data() object for man/man and man/html helpers
I want to stop using 'substs'. But in this case, configure_file() is nicer
than custom_target(), because it causes meson to immediately generate the
helpers after configuration, so it's possible to do
'meson build && build/man/man ...', without building anything first.

We only substitute one variable here, so let's use a custom configuration_data()
object.
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
44ff8df777 Drop dependency on m4
m4 was hugely popular in the past, because autotools, automake, flex, bison and
many other things used it. But nowadays it much less popular, and might not even
be installed in the buildroot. (m4 is small, so it doesn't make a big difference.)

(FWIW, Fedora dropped make from the buildroot now,
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. I think it's
reasonable to assume that m4 will be dropped at some point too.)

The main reason to drop m4 is that the syntax is not very nice, and we should
minimize the number of different syntaxes that we use. We still have two
(configure_file() with @FOO@ and jinja2 templates with {{foo}} and the
pythonesque conditional expressions), but at least we don't need m4 (with
m4_dnl and `quotes').
2021-05-19 10:24:43 +09:00