IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When udevadm verify is invoked by an analyzer tool like rpminspect
to verify individual udev rules files, the summary just clutters the
output, so provide an option to turn the summary off.
Dump*() methods can take quite some time due to the amount of data to
serialize, so they can potentially stall the manager. Make them
privileged, as they are debugging tools anyway. Use a new 'dump'
capability for polkit, and the 'reload' capability for SELinux, as
that's also non-destructive but slow.
If the caller is not privileged, allow it but rate limited to 10 calls
every 10 minutes.
Let's save some time and build the SELinux test module on the host
instead of a possibly unaccelerated VM. This brings the runtime of
TEST-06-SELINUX from ~12 minutes down to a ~1 minute.
Let's drop stuff from the current $BUILD_DIR from the final coverage
report, as it's all generated files (mostly gperf) which we don't
really care about and it makes the Coveralls report confusing, since it
reports "source not available" for all such files.
Without acceleration this part of the test takes over 10 minutes (!),
which feels quite unnecessary. Let's cut down the number of stuff we
dump to the journal in such case, but keep the original value if we run
with acceleration (since in that case it takes less than 10 seconds).
When an argument specified to udevadm verify is a directory,
verify all *.rules files in that directory.
Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
When running on Debian/Ubuntu, I get a minute delay or so on every boot
because the local initramfs tries to resume from hibernation. This is
not really useful here, so always skip it
Which bind-mounts the $BUILD_DIR into the container. This whole coverage
thing is getting slightly ridiculous.
Follow-up to 3b2823a749, but for non-machinectl containers.
It already required a lot of workarounds, since the busybox utilities
often work differently than their "full" counterparts, and putting
the container together using our "tools" is quite simple anyway.
systemd-nspawn doesn't like invalid machine IDs and refuses to boot with one:
TEST-74-AUX-UTILS RUN: Tests for auxiliary utilities
...
Spawning container TEST-74-AUX-UTILS--3 on /var/tmp/systemd-test-TEST-74-AUX-UTILS_3/root.
Press Ctrl-] three times within 1s to kill container.
Failed to read machine ID from container image: Structure needs cleaning
E: nspawn failed with exit code 1
Follow-up to b4d42a82eb.
The systemd-cryptenroll man page states:
Takes a comma separated list of numeric slot indexes, or the special
strings ..., or any combination of these strings or numeric
indexes, in which case all slots matching either are wiped.
but we'd allow only one special string at any given time as the value
was not ORed when assigning. So, for example, --wipe=recovery,password
would actually become --wipe=password, etc.
Until now, we always excluded the top level directories that were
covered by child partition mount points, regardless of the source
directory and the target directory of the copy files operation.
This means that even if we were populating a XBOOTLDR partition, if
there was an EFI partition in the image, we'd exclude /boot
unconditionally, leading to the XBOOTLDR partition to be empty.
Also, because of the same cause, if we were copying a nested source
directory (e.g. /abc/def) to the root directory in the root
partition, if /abc/def/usr existed and was populated with files and
directories, the root partition would have those files under /usr,
even if a /usr partition was defined.
To fix these issues, instead of unconditionally excluding the top
level partition mount points under <source>, let's make sure that
when we're copying files from any source directory to the root
directory of a root partition, that we exclude the partition mount
point directories under the source directory instead of the top
level ones.
Rename TEST-23-TYPE-EXEC to TEST-23-UNIT-FILE and merge it with
following tests:
- TEST-37-RUNTIMEDIRECTORYPRESERV
- TEST-40-EXEC-COMMAND-EX
- TEST-41-ONESHOT-RESTART
- TEST-42-EXECSTOPPOST
- TEST-57-ONSUCCESS-UPHOLD
This gets rid of the all-but-one remaining uses of perl. I tested the new code
on my machine, so I'm fairly confident that it works as expected.
install_iscsi() has one majestic perl invocation, but we can't get rid of it
easily: it extends the code of tgt-admin to print some list of files. Obviously
this only works because tgt-admin is written in perl, and perl will be installed
if tgt-admin is installed. install_iscsi() is used in TEST-64-UDEV-STORAGE
conditionally if tgtadm is installed, so this can stay as is.
When the interpeter is missing, we get an exit code of 127. Let's treat those
tests as skipped too. If we could run the test far enough so that it could do
the check itself, it would return 77 anyway.
$ test/asdf; echo $?
exec: Failed to execute process 'test/asdf': The file specified the interpreter '/bin/asdf', which is not an executable command.
127
$ test/asdf; echo $?
/usr/bin/env: ‘/bin/asdf’: No such file or directory
127
This should resolve the problem that TEST-02 fails or Debian's 'unit-tests' fail
when python3 is not installed. Installing python3 via the mechanism that is
used to construct TEST images, i.e. the dracut dependency chasing scheme, would
be a lot of work for python with its modules in multiple locations and hundreds
of little files. So I think it OK to just skip the test there, and also in
other cases where python is not available.
As part of the build, we would populate build/test/sys/ using
sys-script.py, and then udev-test.p[ly] would create a tmpfs instance
on build/test/tmpfs and copy the sys tree to build/test/tmpfs/sys.
Also, we had udev-test.p[ly] which called test-udev. test-udev was
marked as a manual test and installed, but neither udev-test.p[ly] or
sys-script.py were.
test-udev is renamed to udev-rule-runner, which reduces confusion and
frees up the test-udev name. udev-test.py is renamed to test-udev.py.
All three files are now installed.
test-udev.py is modified to internally call sys-script.py to set up the
sys tree. Copying and creating it from scratch should take the same
amount of time. We avoid having a magic directory, everything is now
done underneath a temporary directory.
test-udev.py is now a normal installed test, and run-unit-tests.py will
pick it up. When test-udev.py is invoked from meson, the path to
udev-rule-runner is passed via envvar; when it is invoked via
run-unit-tests.py or directly, it looks for udev-rule-runner in a relative
path.
The goal of this whole change is to let Debian drop the 'udev' test.
It called sys-script.py and udev-test.pl from the source directory and
had to recreate a bunch of the logic. Now test-udev.py will now be called
via 'upstream'.
I tried to keep this a 1:1 rewrite with the same field names.
Nevertheless, some changes were made:
- exp_add_error and exp_rem_error are dropped. Those fields meant that
"./test-udev add <devpath>" actually succeeded, but symlinks were not
created, and exp_links was ignored and could contain bogus content.
Instead, exp_links and not_exp_links are adjusted to not contain
garbage and the tests check that "./test-udev add" succeeds and that
the links are as expected from exp_links and not_exp_links.
- cleanup was only used in one rule, and that rule was expected to fail,
so cleanup wasn't actually necessary. So the cleanup field and the
logic to call cleanup from individual tests is removed.
- a bunch of fields were set, but didn't seem to be connected to any
implementation: not_exp_name, not_exp_test.
e62acc3159 did a rewrite of some of the
tests and it seems that not_exp_test was added by mistake and
not_exp_name was left behind by mistake.
In Python, the field list is declared in the class, so it's harder to
assign an unused attribute. Those uses were converted to not_exp_links.
- in most rules, r"""…""" is used, so that escaping is not necessary.
- the logic to generate devices was only used in one place, and the
generator function also had provisions to handle arguments that were
never given. all_block_devs() is made much simpler.
- Descriptions that started with a capital letter were shortened
and lowercased.
- no special test case counting is done. pytest just counts the cases
(Rules objects).
- the output for failures is also removed. If something goes wrong, the
user can use pytest --pdb or such to debug the issue.
- perl version used a semaphore to manage udev runners, and would fork,
optionally wait a bit, and then start the runner. In the python
version, we just spawn them all and wait for them to exit. It's not
very convenient to call fork() from python, so instead the runner
was modified (in previous commit) to wait.
The test can be called as:
(cd build && sudo pytest -v ../test/udev-test.py)
sudo meson test -C build udev-test.py -v
I think this generally provides functionality that is close to the perl
version. It seems some of the checks are now more fully implemented.
Support for strace/gdb/valgrind is missing.
Runtime goes down: 8.36 s → 5.78 s.
Last month I monkey-patched journald to produce a small (64K) but valid
journal and used that as an input to four AFL fuzzers. After a month it
generated quite a nice corpora (4738 test cases) and after filtering
and minimizing it I was left with 619 unique journals with various
levels of corruption that probe the journal code.
It seems to detect past issues like systemd#26567, etc.
As the systemd-pstore process is quite short lived, it might sometimes
lack the necessary metadata to make matching against a unit or a syslog
tag work. Since we already use a cursor file to make the matching window
small as possible, let's just drop the unit match completely and hope
for the best.
Resolves: #27453
As described in systemd/systemd#27204 reexecuting the daemon while
running in a systemd-run "session" causes the session end prematurely.
Let's skip the Reexecute() method in dfuzzer and trigger it manually
until the issue is resolved.
When doing a conversion and the specified 'xc->xvariant' has no match, select
the x11 layout entry with a matching layout and an empty xvariant if such entry
exists. It's still better than no conversion at all.
Enabling these options when not running as root requires a user
namespace, so implicitly enable PrivateUsers=.
This has a side effect as it changes which users are visible to the unit.
However until now these options did not work at all for user units, and
in practice just a handful of user units in Fedora, Debian and Ubuntu
mistakenly used them (and they have been all fixed since).
This fixes the long-standing confusing issue that the user and system
units take the same options but the behaviour is wildly (and sometimes
silently) different depending on which is which, with user units
requiring manually specifiying PrivateUsers= in order for sandboxing
options to actually work and not be silently ignored.
Confexts should not contain code, so mount confexts with noexec.
We cannot mount invidial extensions as noexec, as the overlay ignores
it and bypasses it, we need to use the flag on the whole overlay for
it to be effective.
But given there are legacy scripts still shipped in /etc, allow to
override it with --noexec=false.
When a unit is upheld and fails, and there are no state changes in
the upholder, it will not be retried, which is against what the
documentation suggests.
Requeue when the job finishes. Same for the other two queues.
Stripping the binaries in the test images makes potential stack straces
quite useless, so let's drop the stripping stuff to make test fails a bit
more developer friendly.
Related: https://github.com/systemd/systemd-centos-ci/pull/616
To make it consistent with other env vars, e.g. $SYSTEMD_ESP_PATH or
$SYSTEMD_XBOOTLDR_PATH.
This is useful when the root is specified by a file descriptor, instead
of a path.
My original assumption in 61961e693d was wrong, since we do reset
/dev/console during reexec (see make_console_stdio()), so the test was
quite racy. Let's replace it with something, hopefully, more reliable.
Follow-up to 61961e693d.
All tags are managed under /run/udev/tags, and the directories there are
named with tags. Hence, each tag must be a valid filename.
This also makes all validity check moved to sd-device side, and
makes failure caused by setting invalid tags non-critical.
With this change, an empty string cannot be assigned to TAG=, hence the
test cases are adjusted.
Without enabling itx, there's no symlink to the org.freedesktop.resolve1
dbus service, so there exists a tiny window in which the sequence of
`systemctl start` and `systemctl service-log-level` commands might fail:
[ 1127.615151] H systemd[1]: Started Network Name Resolution.
[ 1127.617768] H testsuite-75.sh[34]: + systemctl service-log-level systemd-resolved.service debug
[ 1127.621251] H dbus-daemon[54]: [system] Activating via systemd: service name='org.freedesktop.resolve1' unit='dbus-org.freedesktop.resolve1.service' requested by ':1.24' (uid=0 pid=119 comm="systemctl service-log-level systemd-resolved>
[ 1127.621336] H systemd[1]: dbus-org.freedesktop.resolve1.service: Failed to load configuration: No such file or directory
[ 1127.621364] H systemd[1]: dbus-org.freedesktop.resolve1.service: Trying to enqueue job dbus-org.freedesktop.resolve1.service/start/replace
[ 1127.621395] H systemd[1]: D-Bus activation failed for dbus-org.freedesktop.resolve1.service: Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.621965] H dbus-daemon[54]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.resolve1.service': Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.622046] H systemd[1]: systemd-resolved.service: D-Bus name org.freedesktop.resolve1 now owned by :1.25
[ 1127.622130] H systemctl[119]: Failed to set log level of org.freedesktop.resolve1 to debug: Unit dbus-org.freedesktop.resolve1.service not found.
Spotted in a couple of recent Ubuntu CI runs.
Let's make the dropin, to make the build dir writable for gcov, a bit
more generic, so it can be used by all units starting with prefix test-.
This should help with a bunch of recent reports about missing coverage I
got, as well as with existing test units using DynamicUser=true.
This might feel a bit like a magic trick from behind the curtains, but I
want to touch the actual tests as little as possible, since it makes them
unnecessarily messy (see the various workarounds for sanitizers), and
the coverage reports are generated only in a specific CI job anyway.
systemd-repart needs to find mkfs.ext4 for the test.
This is located in the directory /usr/sbin on openSUSE Tumbleweed.
But since the variable ALWAYS_SET_PATH in /etc/login.defs is set to yes,
su re-initializes the $PATH variable and removes /usr/sbin.
Hence, mkfs.ext4 is not found and the test fails.
Using setpriv instead of su fixes this issue and is more appropriate to
do the switch user task from root.
[zjs: move setpriv to $BASICTOOLS and force-push to retrigger CI]
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
.gdbinit to make gdb work properly
This removes "sleep" invocations, and makes the notify access testcase a
lot more robust to runtime jitter. We use a pair of fifos in the fs to
sync instead.
Also various other improvoements, including comments.
(Also removes the unnecessary "no-qemu" restriction)
This is useful to identify log messages with metadata from the images
they run on. Look for ID/VERSION_ID/IMAGE_ID/IMAGE_VERSION/BUILD_ID,
with a SYSEXT_ prefix if we are looking at an extension, and append via
LogExtraFields= as respectively PORTABLE_NAME_AND_VERSION= in case of a
single image. In case of extensions, append as PORTABLE_ROOT_NAME_AND_VERSION=
for the base and one PORTABLE_EXTENSION_AND_VERSION= for each extension.
Example with a base and two extensions, with the unit coming from the
first extension:
[Service]
RootImage=/home/bluca/git/systemd/base.raw
Environment=PORTABLE=app0.raw
BindReadOnlyPaths=/etc/os-release:/run/host/os-release
LogExtraFields=PORTABLE=app0.raw
Environment=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT_NAME_AND_VERSION=debian_10
ExtensionImages=/home/bluca/git/systemd/app0.raw
LogExtraFields=PORTABLE_EXTENSION=app0.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_0
ExtensionImages=/home/bluca/git/systemd/app1.raw
LogExtraFields=PORTABLE_EXTENSION=app1.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_1
When testing the binaries from the host, make sure to not store the state data
below /usr but use a dedicated directory in /var/tmp/ instead.
The working directories of the tests, initially located in /var/tmp, are also
moved in a dedicated directory /var/tmp/systemd-tests.
Since we don't run preset-all on the test image, the
systemd-userdbd.socket remains disabled. Let's pull it in explicitly
to give systemd-userdbd some coverage as well.
When udev_rules_parse_file() is called by udevadm verify, issue warnings
about the following conditions in udev rules:
* the first token in the rule is preceded with a comma
* the last token in the rule is followed by a comma
* there is no comma between tokens
* there is no whitespace between tokens
* there is more than a single comma between tokens
* there is whitespace between a token and a comma
* there is no whitespace after comma
I noticed that our coverage reports miss some files completely - this
happens when the test doesn't touch the code in them at all, so the
generated coverage data (and resulting reports) have no information
about them. Let's fix this by doing an initial zero coverage capture
that contains a zeroed counter for every instrumented line in every
file, so when we later merge it with a capture from the test, it shows up
with a missing coverage instead of not showing at all.
We need to expand the subshell expression during the `bash -c`
invocation, not before, to take the desired effect, as now it expands to:
timeout 30 bash -c 'while [[ 0 -eq 0 ]]; do sleep 1; done'
instead of the expected:
timeout 30 bash -c 'while [[ $(coredumpctl list -q --no-legend 770 | wc -l) -eq 0 ]]; do sleep 1; done'
Follow-up to aadbd81f7f.
testdata/ is shared by both the unit tests and the integration tests. Hence it
makes sense to place them right under /usr/lib/systemd/tests/ while the tests
themself are located under dedicated sub-directories:
/usr/lib/systemd/tests/
├── integration-tests
├── testdata
└── unit-tests
├── testdata -> ../testdata
However the unit tests implemented as shell scripts (such as
test-fstab-generator.sh) expect to find testdata/ where the scripts are
installed, ie they do something like:
src="$(dirname "$0")/testdata/test-fstab-generator"
This patch installs a symlink in 'unitestsdir' named "testdata" and that points
to whatever value 'testdata_dir' is set.
