1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

74922 Commits

Author SHA1 Message Date
Luca Boccassi
dadb179bec test: delete /swapfile after swapoff
[   23.608342] TEST-55-OOMD.sh[689]: + btrfs filesystem mkswapfile -s 64M /swapfile
[   23.651930] TEST-55-OOMD.sh[704]: ERROR: cannot create new swapfile: File exists

(cherry picked from commit 78b032d727)
2024-11-13 19:48:10 +00:00
Lennart Poettering
070dbe1e77 run: handle gracefully if we can't find binary client-side due to perms
Fixes: #35022
(cherry picked from commit 9810899ef2)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
abd1e40820 resolved: log error messages for openssl/gnutls context creation
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.

Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.

(cherry picked from commit ee95e86ae1)
2024-11-13 19:48:10 +00:00
Luca Boccassi
5a13150485 ci: add coverage for builds without sd-boot
This should catch compilation issues such as:
https://github.com/systemd/systemd/pull/35014

(cherry picked from commit 8a3ac7afa6)
2024-11-13 19:48:10 +00:00
Luca Boccassi
a105a9bda6 test: set nullglob to avoid failure when building without sd-boot
2024-11-04T20:13:17.3258095Z + for loader in build/src/boot/efi/*{.efi,.efi.stub}
2024-11-04T20:13:17.3258275Z ++ sbverify --list 'build/src/boot/efi/*.efi'
2024-11-04T20:13:17.3258525Z + [[ Error reading file build/src/boot/efi/*.efi: No such file or directory
2024-11-04T20:13:17.3258952Z Can't open image build/src/boot/efi/*.efi != \N\o\ \s\i\g\n\a\t\u\r\e\ \t\a\b\l\e\ \p\r\e\s\e\n\t ]]
(cherry picked from commit 441922336b)
2024-11-13 19:48:10 +00:00
Luca Boccassi
59f5de450a test: fix tool name in comment
(cherry picked from commit c53df275d5)
2024-11-13 19:48:10 +00:00
Daan De Meyer
9d22224e00 pcrlock: Pad pe hash to a multiple of 8 bytes
All other tools (sbsigntools, osslsigncode, sbctl, goblin) do this
as well so let's follow suite.

(cherry picked from commit e37701a8cd)
2024-11-13 19:48:10 +00:00
Colin Foster
4ea8428848 test-dhcp-client: utilize log_info instead of printf
log_info appears to be the preferred method to convey information from
tests. Convert all the printfs to log_info to follow this standard.

(cherry picked from commit 38557d9ffb)
2024-11-13 19:48:10 +00:00
Martin Wilck
852e38edd0 udev-builtin-path_id: SAS wide ports must have num_phys > 1
Some kernel SAS drivers (e.g. smartpqi) expose ports with num_phys = 0. udev
shouldn't treat these ports as wide ports.  SAS wide ports always have
num_phys > 1. See comments for sas_port_add_phy() in the kernel sources.

Sample data from a smartpqi system to illustrate the issue below.
Here the phy device is attached to port 0:0, which has no end devices attached
and the SAS end device (where sda is attached) is associated with SAS
port 0:1, which has no associated phy device. Thus num_phys for port-0:1 is 0.
This is arguably wrong, but it's how smartpqi has always set up its devices in
sysfs.

/sys/class/sas_phy/phy-0:0 -> ../../devices/pci0000:46/0000:46:02.0/0000:47:00.0/host0/scsi_host/host0/phy-0:0/sas_phy/phy-0:0
/sys/devices/pci0000:46/0000:46:02.0/0000:47:00.0/host0/scsi_host/host0/port-0:0/phy-0:0 -> ../phy-0:0
/sys/devices/pci0000:46/0000:46:02.0/0000:47:00.0/host0/scsi_host/host0/phy-0:0/port -> ../port-0:0

/sys/class/sas_device/end_device-0:1 -> ../../devices/pci0000:46/0000:46:02.0/0000:47:00.0/host0/scsi_host/host0/port-0:1/end_device-0:1/sas_device/end_device-0:1
/sys/class/block/sda -> ../../devices/pci0000:46/0000:46:02.0/0000:47:00.0/host0/scsi_host/host0/port-0:1/end_device-0:1/target0:0:0/0:0:0:0/block/sda

Signed-off-by: Martin Wilck <mwilck@suse.com>
(cherry picked from commit 7f6674624e)
2024-11-13 19:48:10 +00:00
Daan De Meyer
f7d52524a7 TEST-64-UDEV-STORAGE: Don't hardcode device name in long-sysfs-path test
There's no guarantee our device will be named /dev/vda, so give it
a serial so we can query for its devname inside the test.

(cherry picked from commit 2ec809dd3b)
2024-11-13 19:48:10 +00:00
Daan De Meyer
beca1de2ef TEST-17-UDEV: Don't hardcode root device name
There's no guarantee the root device will be /dev/sda, so let's use
bootctl to get the actual path instead of harcoding it.

(cherry picked from commit 29a8e71d9c)
2024-11-13 19:48:10 +00:00
Ronan Pigott
c413c43c12 pam: quiet a spurious debug message
This singular debug message gets printed even if debug is not enabled.
Quiet this message when debug is not enabled for consistency.

(cherry picked from commit f4092cb974)
2024-11-13 19:48:10 +00:00
Mike Gilbert
aa0aa1093d posix_spawn_wrapper: do not set POSIX_SPAWN_SETSIGDEF flag
Setting this flag is a noop without a corresponding call to
posix_spawnattr_setsigdefault.

If we call posix_spawnattr_setsigdefault with a full signal set,
it causes glibc's posix_spawn implementation to call sigaction 63 times,
once for each signal. That seems wasteful.

This feature is really only useful for signals which have their
disposition set to SIG_IGN. Otherwise the dispostion gets set to
SIG_DFL automatically, either by clone(CLONE_CLEAR_SIGHAND) or the
subsequent execve.

As far as I can tell, systemd does not have any signals set to SIG_IGN
under normal operating conditions.

(cherry picked from commit ff94426f8a)
2024-11-13 19:48:10 +00:00
Łukasz Stelmach
9d060fb7eb core: make mount(8) and swapon(8) inherit SMACK label from systemd
By default mount(8), umount(8), swapon(8) and swapoff(8) should run with
with the SMACK label inherited from systemd rather than the default one
meant for services.

Fixes: aa5ae9711e
Follow-up-for: 20bbf5ee4c
(cherry picked from commit 8144537a81)
2024-11-13 19:48:10 +00:00
Yu Watanabe
c54a5fa6a8 test-network: add test for DHCPv4 address removal on stop
For issue #34837.

(cherry picked from commit 58a011ba48)
2024-11-13 19:48:10 +00:00
Yu Watanabe
96147d0104 network: process queued remove requests before networkd is stopped
This makes networkd process all queued remove requests when a
terminating or restarting signal is received. Otherwise, e.g. DHCPv4
address will not be removed on stop, especially when
KeepConfiguration=no.

Fixes a bug introduced by 85a6f300c1 and
its subsequent commits.

Fixes #34837.

Co-authored-by: Will Fancher <elvishjerricco@gmail.com>
(cherry picked from commit db68e99046)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
bf681fcdf4 test-sbat: separate the two sbat sections
(cherry picked from commit 07000101eb)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
fefd60bf7a cryptenroll,homectl,journalctl: adjust messages before qrcodes
Users will generally know what a qrcode is, so let's not treat them as dumb and
explain that it can be scanned. OTOH, we should say what the qrcode contains
and it is useful to give a hint why the users would want to scan it. Reword
messages accordingly.

(Also, don't say "to your phone", when somebody might be using a stolen phone,
or something else then a phone.)

(cherry picked from commit 10faa40ba7)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
0ec7854d44 bsod: make message for qrcode more useful
People know what a qrcode is. We don't need to tell them to scan it.
Instead, we should say what the code contains.

While at it, rename "stream" to "f" in line with the usual style.

(cherry picked from commit abf1cae0a7)
2024-11-13 19:48:10 +00:00
Daan De Meyer
e22d571f6b docs: Align some comments in HACKING.md
(cherry picked from commit a33f453702)
2024-11-13 19:48:10 +00:00
hugo303
40cab4a387 analyze: Add times in seconds for Activating and Activated in tooltip
Print the times in seconds in the tooltip to remove the need to count
and trying to follow the lines in the svg diagram in order to see at
what times these events happen.

(cherry picked from commit f172dfddde)
2024-11-13 19:48:10 +00:00
Mike Yuan
b2496d151a TEST-80-NOTIFYACCESS: don't specify --pid= if MAINPID= is provided explicitly
Otherwise, with recent additions, the MAINPIDFDID= generated by
systemd-notify would mismatch with overridden MAINPID=.

(cherry picked from commit c3ecb747f1)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
bbda54c671 qrcode-util: avoid memleak in error path
(cherry picked from commit 439306da8b)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
bbdb5f97a9 test-terminal-util: print value of colors_enabled()
This makes it easier to diagnose why colors are disabled.

(cherry picked from commit b137b29798)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
f23efaf96d bsod: do not check for color support
When invoked on a running system, bsod would not print the qrcode.
The check for "color support" on stdout is pointless, since we're not
printing to stdout but to a terminal fd that is opened separately.

(cherry picked from commit 5a64c86936)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
b3fd2104bc qrcode-util: add debug message to show why a qrcode wasn't printed
(cherry picked from commit f0764b98e5)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
6a4ff7a5c1 sysv-generator: break long message into lines
The journal handles multi-line messages nicely, and they are easier
to read. Drop the recycling symbol, there is no circular process here,
we go from a to b and never back to a again.

(cherry picked from commit bb56c27fc8)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
3190a427b9 sd-id128: mark functions as const, not pure
We would need to use pure if the funtion was getting pointers and
dereferencing them. But sd128_t is a structure and those functions
only access the parameters of the call.

(cherry picked from commit dc32b09b70)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
a5e128ca26 sd-common: add __const__
const is stronger than pure, see
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-pure-function-attribute
and
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-const-function-attribute.

(cherry picked from commit 955c51c087)
2024-11-13 19:48:10 +00:00
Zhou Qiankang
963171cf41 meson: add loongarch64's definition to cpu_arch_defines
The default definition to add is `-D__loongarch64__`, which is not searched in [bpf_tracing.h](09b9e83102/src/bpf_tracing.h (L68))

This may avoid `error: Must specify a BPF target arch via __TARGET_ARCH_xxx` in loongarch64

Signed-off-by: Zhou Qiankang <wszqkzqk@qq.com>
(cherry picked from commit 85d0aff84c)
2024-11-13 19:48:10 +00:00
Mike Yuan
b9ff85ece7 core/service: use log_unit_* where appropriate
(cherry picked from commit 1e8f0beee4)
2024-11-13 19:48:10 +00:00
Yu Watanabe
7455e76221 sd-event: fix memleak when built without assertion
Fixes a bug introduced by baf3fdec27.

This also adds several assertions at the beginning of the function.

Fixes #34899.

(cherry picked from commit 5dc0668802)
2024-11-13 19:48:10 +00:00
Lennart Poettering
3f40451c0b test: add quick test to verify the PAM stack really ran in all run0 modes of operation
(cherry picked from commit f515ea1cd4)
2024-11-13 19:48:10 +00:00
Lennart Poettering
0f7efb0cfc core: make sure that if PAMName= is set we always do the full user changing even if no user is specified explicitly
When PAMName= is set this should be enough to go through our entire user
changing story, so that PAM is definitely run, and environment variables
definitely pulled in and so on.

Previously, it would happen that under some circumstances we might no do
this when transitioning from root to root itself even though PAM was
enabled.

Fixes: #34682
(cherry picked from commit e4b4d9cc7a)
2024-11-13 19:48:10 +00:00
Antonio Alvarez Feijoo
7a369c3971 man/veritysetup-generator: document veritytab kernel command line option
(cherry picked from commit e98e3f856d)
2024-11-13 19:48:10 +00:00
Antonio Alvarez Feijoo
139106140e man: fix links to veritysetup(8)
(cherry picked from commit dcbfc7872e)
2024-11-13 19:48:10 +00:00
Łukasz Stelmach
7408f26538 core: don't forget about fallback_smack_process_label
Call setup_smack() also when only fallback_smack_process_label is set.

Fixes: 75689fb2d4
(cherry picked from commit 20bbf5ee4c)
2024-11-13 19:48:10 +00:00
Luca Boccassi
0852240f92 logind: allow read/write to char-hvc devices
virtio console uses /dev/hvc* so we need access to write wall
messages

(cherry picked from commit 5ff6841c23)
2024-11-13 19:48:10 +00:00
Yu Watanabe
5cd2f61a05 TEST-02-UNITTESTS: reuse $TEST_MATCH_SUBTEST to specify unit tests to be run
Then, we can easily test specific unit tests in qemu or container.

(cherry picked from commit aa7507ea4a)
2024-11-13 19:48:10 +00:00
Yu Watanabe
eaab857aba test-execute: update permission of credstore
Follow-up for 40fb9eebbc.

(cherry picked from commit c443f6924f)
2024-11-13 19:48:10 +00:00
Luca Boccassi
4a3fc628a2 test: CET/EET are deprecated, use Europe/Berlin and Kyiv
The links moved to the legacy dataset so they won't be available by
default, so stop using them and just use the city ones instead

(cherry picked from commit aa077884c1)
2024-11-13 19:48:10 +00:00
Ronan Pigott
76a73088b0 test-dhcp6: terminate fqdn option
The encoded fqdn in this option must be properly terminated. We will
soon validate that this field is correctly encoded, so correct it in the
test.

(cherry picked from commit 2d9822b634)
2024-11-13 19:48:10 +00:00
Daan De Meyer
206c1a0d5a pcrlock: Take VirtualSize > SizeOfRawData into account
If VirtualSize > SizeOfRawData, measure extra zeros to take into
account the extra zeros also measured by the stub.

(cherry picked from commit b53f2d5ed8)
2024-11-13 19:48:10 +00:00
Ronan Pigott
92eca86c15 test: exercise bypass mode on the sd-resolved stub
A basic test will verify that we provide the right flags.

(cherry picked from commit b7b1c50c6a)
2024-11-13 19:48:10 +00:00
Lennart Poettering
cd4e8dd7d3 resolved: when adding names to packet fails, remove them from label compression hash table again
let's make sure we undo any pollution of the label compression hash
table.

Fixes: #33671
(cherry picked from commit 360105f1e7)
2024-11-13 19:48:10 +00:00
Lennart Poettering
edaab82ccd dns-domain: tweak hash table comparison function for DNS names
Currently, when comparing two DNS names when storing them in a
hashtable, and the DNS names are not actually valid we'll compare the
error codes.

This is not very smart however, since this means two invalid DNS names
that happen to be equally "invalid" will be considered identical, even
if their strings are entirely different.

Let's find a better solution for this niche case: let's simple compare
the domains as strings.

This matters in case of DNS label compression: if we already added added
an invalid DNS name into the label compression hash table, and lookup
any other invalid DNS name, this lookup will likely return what the
earlier one already returned, and that's confusing.

(cherry picked from commit 8ed2c62d46)
2024-11-13 19:48:10 +00:00
Ronan Pigott
2a7dbbbfa2 resolved: update condition for caching full packets
Previously a full packet was cached only if the CD bit was set, but this
no longer corresponds to the cases where bypass is enabled.

Update the cache to retain a full packet in the cases where it might
actually be useful.

(cherry picked from commit fa02d04ee9)
2024-11-13 19:48:10 +00:00
Ronan Pigott
be6c7b7914 resolved: enable CD bit without DO set
This is useful for a validating resolver to indicate to a non-validating
resolver when checking was disabled for the query. This matches the
behavior of the major public resovlers in response to queries with CD bu
tnot DO set.

(cherry picked from commit 36074e0149)
2024-11-13 19:48:10 +00:00
Ronan Pigott
8e78fd0f7d resolved: authenticate bypass queries
Following 13e15dae9f, resolved does not forward the AD bit for bypass
queries, but resolved also didn't do it's own validation, making these
replies appear to never be authentic. We should enable validation for
bypass queries.

Let's disable our own validation when processing a +cd query, and also
ensure that it skips the cache so that we don't accidentally fail to
return inauthentic replies from upstream.

Previously, when we had a bypass transaction without cd, a cached,
authenticated, reply with cd could be served, leaving the cd bit
erroneously set in the reply. Only reply with a CD bit if the client
requested it.

Fixes: 13e15dae9f (resolved: clear the AD bit for bypass packets)
(cherry picked from commit 008f23b7c5)
2024-11-13 19:48:10 +00:00
Zbigniew Jędrzejewski-Szmek
a816075978 man/systemd-nspawn: emphasise that user namespaces are strongly recommended
(cherry picked from commit 9b1a5bc365)
2024-11-13 19:48:10 +00:00