1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00

71856 Commits

Author SHA1 Message Date
Yu Watanabe
17be4d7b98 mkosi: fix typo
Follow-up for 4d0f1451b58dbd4b94da579b800adef4f4e42c34.
2024-03-08 18:17:37 +01:00
Yu Watanabe
77630ec909 resolve: fix typo
Follow-up for d08566fad7c97df153d38e314670aea3822106e1.
2024-03-09 01:43:48 +09:00
Emanuele Giuseppe Esposito
706ca67d30 bootctl: additional fixes for local/global UKI PE addons
Fix various memory leaks and names used in
https://github.com/systemd/systemd/pull/28761.
2024-03-08 16:38:59 +00:00
Zbigniew Jędrzejewski-Szmek
ec596fe34e
Merge pull request #30480 from keszybz/kernel-install-more-paths
Read kernel-install config from /run/kernel too
2024-03-08 08:25:07 +01:00
Ronan Pigott
abcc94b351 resolved: don't cache NXDOMAIN for SUDN resolver.arpa
The name resolver.arpa is reserved for RFC9462 "Discovery of Designated
Resolvers" (DDR). This relies on regular dns queries for SVCB records at
the special use domain name _dns.resolver.arpa. Unfortunately, older
nameservers (or broken ones) won't know about this SUDN and will likely
return NXDOMAIN. If this is cached, the cache entry will become an
impediment for any clients trying to discover designated resolvers
through the stub-resolver, or potentially even sd-resolved itself, were
it to implement DDR.

The RFC recommendation is that "clients MUST NOT perform A or AAAA
queries for resolver.arpa", and "resolvers SHOULD respond to queries of
any type other than SVCB for _dns.resolver.arpa. with NODATA and queries
of any type for any domain name under resolver.arpa with NODATA." which
should help avoid potential compatibility issues. This enforces that
condition within sd-resolved, and avoids caching any such erroneous
NXDOMAIN.

The RFC also recommends requests for this domain should never be
forwarded, to prevent authentication failures. Since there isn't much
point in establishing secure communication to the local stub, we still
allow SVCB to be forwarded from the stub, in case the client cares to
implement some other authentication method and understands the
consequences of skipping the local stub. Normal clients are not
expected to implement DDR, but this change will protect sd-resolved's
own caches in case they try.

Although A and AAAA are prohibited, I think validating resolvers
might reasonably query for dnssec records, even though the resolver.arpa
zone does not exist (it is declared to be a locally served zone). For
this reason, I have also added resolver.arpa to the builtin dnssec NTA.
2024-03-07 23:01:08 +00:00
Unique-Usman
bda7e4d2e5
Add more unit test to cover the uid_range_covers inside the uid-range.c file (#31666)
* Add more unit test to cover the  uid_range_covers inside the uid-range.c file
2024-03-07 22:59:13 +00:00
Unique-Usman
f621aea33c Added a unit test to cover af_to_name in af-list.c 2024-03-07 22:57:38 +00:00
Mike Yuan
04ed3a1f8e logind-dbus: count user-early sessions in verify_shutdown_creds too
Follow-up for 59afe07c217c73e3c7c19fb06aef2ff7bf609fd2
2024-03-07 22:56:40 +00:00
Luca Boccassi
12adbb6dc7
Merge pull request #31659 from YHNdnzj/freezer-followup
Freezer trivial follow-up
2024-03-07 22:55:56 +00:00
Ronan Pigott
4f2da49fcd resolved: refuse queries with no suitable scope
In some cases there is no configured server to answer a given question,
because all scopes refused the query. In this case we currently return
rcode SERVFAIL.

In dns it is customary for authoritative nameservers to return REFUSED
where the question is outside of their authority. This is better than
SERVFAIL because it informs the client that they aren't likely to get an
answer out of us anytime soon, and either the configuration, or the
query, need to change.

Similar logic invites us to use use the rcode REFUSED on the stub if we
aren't configured with any suitable scope for this question.
2024-03-07 15:29:37 -07:00
Zbigniew Jędrzejewski-Szmek
b7d62bdbd0 shared/conf-parser: add two more annotations 2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
088ab88715 bootctl: use the full parser too 2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
db26d8025e kernel-install: support full set of config files and drop-ins
This brings the handling of config for kernel-install in line with most of
systemd, i.e. we search the set of paths for the main config file, and the full
set of drop-in paths for drop-ins.

This mirrors what 07f5e35fe7967c824a87f18a3a1d3c22e5be70f5 did for udev.conf.
That change worked out fine, so I hope this one will too.

The update in the man page is minimal. I think we should split out a separate
page for the config file later on.

One motivating use case is to allow a drop-in to be created for temporary
config overrides and then removed after the operation is done.
2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
b83a59f8a7 man: document all the new paths 2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
6378f257e7 various: use new config loader instead of config_parse_config_file()
This means the main config file is loaded also from /run and /usr.

We should load the main config file from all the places where we load drop-ins.

I realize I had a giant blind spot: I always assumed that we load config files
from /etc, /run, /usr/local/lib, /usr/lib. But it turns out that we only used
those paths for drop-ins. For the main config file, we only looked in /etc. The
docs actually partially described this behaviour, i.e. most SYNOPSIS sections
and some parts of the text, but not others.

This is strange, because 6495361c7d5e8bf640841d1292ef6cfe1ea244cf was completely
bogus with the behaviour before this patch. We had a huge discussion before it
was merged, and clearly nobody noticed this. Similarly, in the previous version
of the current pull request, we had a long discussion about the appropriate
order of directories, and apparently nobody noticed that there was no order,
because only looked in one directory. So the blind spot seems to have been
shared.

Also, systemd-analyze cat-config behaved incorrectly, i.e. its behaviour matches
the new behaviour.

Possibly, in the future it'll make it easier to add support for --root.
2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
e7e52ff9b6 shared/conf-parser: add function which implements the standard config file set
Also allow config_parse_many() to be called for config files without
sections. The test uses such a file.
2024-03-07 19:14:36 +01:00
Zbigniew Jędrzejewski-Szmek
d8a91c6b9f shared/conf-parser: use chase() in config_parse_many_files()
The function was partially implementing chroot lookups. It would be given
file names that were prefixed with the chroot, so it would mostly work.
But if any of those files were symlinks, fopen() would do the wrong thing.

Also we don't need locking.

So give 'root' as the argument and use chase_and_fopen_unlocked() to get
proper chroot-aware lookups.

The only place where config_parse_many() is called with root is is repart.c.
So this is a follow-up for e594a3b154bd06c535a934a1cc7231b1ef76df73 and
34f2fd5096cdb26ef57998740b1b876332d968fc.
2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
9bc7493098 strv: add helper to extend strv from both sides
Also, use the more correct type of 'const char* const*' for the input strv.
This requires adding the cast in a few places, but also allows to remove some
casts in others.
2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
4bf32eac52 udevd: inline iterator variable 2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
5ea4afcf00 udev,backlight,kernel-install: reword sentences starting with "Skipping to"
That's not gramatically correct.

In backlight, change "assocation" to "deduplication". Without the context,
it's probably not clear at all that we "associate" them to ignore them.
2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
6812498cb2 shared/pretty-print: rename output parameters 2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
e5abff372d shared/conf-parser: collapse pkgdir and conf_file args into one
This essentially reverts 5656cdfeeabc16b5489f5ec7a0a36025a2ec1f23. I find it
much easier to understand what is going on when the
path-relative-to-the-search-path is passed in full, instead of being constructed
from two parts, with one of the parts being implicit in some places.

Also, we call 'systemd-analyze cat-config <path>' with <path> with the same
meaning, so this makes the internal and external APIs more consistent.
2024-03-07 18:49:44 +01:00
Zbigniew Jędrzejewski-Szmek
76d75d8b7b constants: drop duplicated CONF_PATHS defines
Follow-up for b0d3095fd6cc1791a38f57a1982116b4475244ba.
2024-03-07 18:47:50 +01:00
Mike Yuan
45df233e5f
sleep: fix typo (sysupend -> suspend) 2024-03-08 01:10:10 +08:00
Mike Yuan
dc35af47df
bus-unit-util: trivial follow-up for UnitFreezer
Follow-up for 7483708131b474d92c9207c8c6340b450b58cb94

Make sure that function param names match between
source and header. Also, place UnitFreezer params
in front.
2024-03-08 01:10:09 +08:00
Mike Yuan
5ba6321d86
bus-unit-util: define FREEZE_BUS_CALL_TIMEOUT locally
Follow-up for f274f8bf256702c5fd0c68d3f7bd6aeba74dfcf0

We define *_SLOW_BUS_CALL_TIMEOUT in each component's
own file too. This one is no different and doesn't need
to be in constants.h IMO.
2024-03-08 01:09:01 +08:00
Ronan Pigott
4e17de7fee man/resolve: update DNSSEC description
This behavior was changed.

Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
2024-03-07 11:29:48 +00:00
Luca Boccassi
5e418fe32a
Merge pull request #31590 from YHNdnzj/install-cleanup
shared/install: several cleanups
2024-03-07 11:28:04 +00:00
Luca Boccassi
f6f5d8ae27
Merge pull request #31628 from YHNdnzj/tmpfiles-acl
tmpfiles: fix for 'X' bit handling and use it where appropriate
2024-03-07 11:27:15 +00:00
Xiaotian Wu
ff37c9fcbe loongarch64: disable simd when build efi
LoongArch does not yet support the `-mgeneral-regs-only` option, so when
compiling for EFI, we need to use the `-mno-lsx` and `-mno-lasx` options
to disable SIMD instructions.
2024-03-07 19:14:30 +09:00
Daan De Meyer
61fbdd441f
Merge pull request #31345 from DaanDeMeyer/mkosi-packages
Build distribution packages in mkosi
2024-03-07 11:12:14 +01:00
Daan De Meyer
4d0f1451b5 Build distribution packages in mkosi
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:

- Vastly simplified mkosi scripts since we don't need a separate initrd
  image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
  anymore for the initrd and as such we don't need to care about the
  size anymore.
- The systemd packages that get pulled in as dependencies of other
  packages get properly uninstalled and replaced with our packages that
  we built instead of just installing on top of an existing systemd
  installation with no guarantee that everything from that previous
  installation was removed.
- Much better testing coverage as what we're testing is much closer
  to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
  use the proper directories and such instead of having to hack this
  into a mkosi build script.
- ...
2024-03-07 10:47:19 +01:00
Daan De Meyer
542bad6552 mkosi: Update to v21 2024-03-07 10:47:01 +01:00
Mike Yuan
661ece467a
Merge pull request #31664 from bluca/coverity
Coverity fixes
2024-03-07 16:02:57 +08:00
SidhuRupinder
6ad20da18a
Update catalog.c - Removing sanity check as there is no need of checking non null pointer (#31653)
There is no need to check the pointer as the pointer will never be NULL.

Co-authored-by: Frantisek Sumsal <frantisek@sumsal.cz>
2024-03-07 10:31:59 +09:00
Luca Boccassi
6d1321c328
Merge pull request #31616 from poettering/resolved-varlink-resolve-record
resolved: add varlink API for resolving raw RRs
2024-03-07 01:00:27 +00:00
Luca Boccassi
4365a481b6 resolve: disambiguate return statement
This works as expected, but coverity warns that it could be ambiguous and context
suggests the other way around. Add brackets to disambiguate.

CID#1535101

Follow-up for 6399be223b73ce520654242ad08de387b08b738a
2024-03-07 00:51:43 +00:00
Luca Boccassi
60cf40599a escape: fix operator precedence in overflow check
CID#1535100

Follow-up for c6342e35b07f750771f0fdb3c80a27d3272e8001
2024-03-07 00:46:21 +00:00
Michael Biebl
73d8990930 man: fix systemd-timedated man page wrt ntp-units.d
The service parsing/using this directory is systemd-timedated, not
systemd-timesyncd.
2024-03-06 21:44:12 +00:00
Mike Yuan
22549ff473
tmpfiles.d/systemd: use ACL 'X' bit where appropriate 2024-03-07 03:19:08 +08:00
Mike Yuan
29a438e764
tmpfiles: do 'X' bit check in an ACL-aware manner
Follow-up for 26d98cdd78cb5283f5771bd5866997acc494b067

I.e. stat() cannot be used here.

Also, before this commit, the 'X' is only applied if
the owner has execute bit set. Now it takes group and
other into consideration too. setfacl(1) also has
the same behavior.
2024-03-07 03:18:46 +08:00
Mike Yuan
83a5db202d
tmpfiles: remove one more use of goto and modernization 2024-03-07 03:18:46 +08:00
Mike Yuan
d41f08bd2a
core,install: generalize install error handling 2024-03-07 02:05:15 +08:00
Mike Yuan
b412274fd0
shared/install: use FOREACH_ARRAY at one more place 2024-03-07 02:02:00 +08:00
Mike Yuan
b2751cf039
shared/install: use RET_GATHER more 2024-03-07 02:02:00 +08:00
Mike Yuan
7dfc71399d
path-lookup: rename lookup_paths_free -> _done
This is stack-allocated, so update to match our usual rules.
2024-03-07 02:01:57 +08:00
Lennart Poettering
cf1c8cdb87 resolved: expose raw RR resolver via Varlink too
Now that we have an address, hostname, and service resolve, at the last
kind of resovler we expose over D-Bus also to Varlink.
2024-03-06 19:00:53 +01:00
Lennart Poettering
0fe9c5da02 resolved: move ResourceKey/ResourceRecord varlink types to generic Resolve interface
Let's define this in the generic interface and then import it into the
Monitor interface too.

This is preparation for adding an interface to resolve arbitrary RRs via
Varlink, which means we want the type in both interfaces.
2024-03-06 19:00:53 +01:00
Ronan Pigott
da920fe176 resolved: decrease mdns/llmnr priority for the reverse mapping domains
Previously all queries to the reverse mapping domains (in-addr.arpa and
ip6.arpa) were considered to be in-scope for mdns and llmnr at the same
priority as DNS. This caused sd-resolved to ignore NXDOMAIN responses
from dns in favor of lengthy timeouts.

This narrows the scope of mdns and llmnr so they are not invariably
considered as fallbacks for these domains. Now, mdns/llmnr on a link
will only be used as a fallback when there is no suitable DNS scope, and
when that link is DefaultRoute.
2024-03-06 18:57:36 +01:00
Lennart Poettering
74d142ff3a
Merge pull request #30612 from AdrianVovk/sleep-freeze-user-seesions
Freeze user sessions for all types of sleep
2024-03-06 18:52:57 +01:00