1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

4969 Commits

Author SHA1 Message Date
Luca Boccassi
3abc3671f5
Merge pull request #31131 from poettering/dlopen-kmod
turn libkmod into a dlopen() dependency, too
2024-04-06 13:19:27 +01:00
Zbigniew Jędrzejewski-Szmek
c1e7f938ca
Merge pull request #31435 from bluca/portable_fix_versioned
portable: assorted bug fixes
2024-04-05 17:04:17 +02:00
Yu Watanabe
9dcdf16b25 test-network: add test cases for Redirect and Neighbor Advertisement message handling 2024-04-05 06:22:42 +09:00
Yu Watanabe
36ca167220
Merge pull request #31373 from yuwata/network-neighbor-advertisement
network: add basic support of neighbor advertisement
2024-04-05 05:54:12 +09:00
Zbigniew Jędrzejewski-Szmek
cdba129b71 TEST-50: add tests for riscv{32,64}
Requested for the testing of F40 riscv bringup. Numbers copied from
https://uapi-group.org/specifications/specs/discoverable_partitions_specification/.

It'd be nice to do the same in TEST-58, but the code there is rather involved
and I don't have a system to test on. We can probably try that later on when F40
is available.
2024-04-04 20:07:57 +02:00
Yu Watanabe
87a33c0740 netowrk/ndisc: drop NDisc configurations when received NA without Router flag
Closes #28421.
2024-04-05 02:16:03 +09:00
Daan De Meyer
7b62a246a6
Merge pull request #32033 from DaanDeMeyer/unit-creds
debug-generator: Add unit and drop-in credentials
2024-04-04 18:27:20 +02:00
Lennart Poettering
1d98716ef7 libkmod: turn into dlopen() dependency
As it turns out libkmod has quite a bunch of deps, including various
compressing libs and similar. By turning this into a dlopen()
dependency, we can make our depchain during install time quite a bit
smaller. In particular as inside of containers kmod doesn't help anyway
as CAP_SYS_MODULE is not available anyway.

While we are at it, also share the code that sets up logging/kmod
context.

After:

$ lddtree ./build/systemd
systemd => ./build/systemd (interpreter => /lib64/ld-linux-x86-64.so.2)
    libsystemd-core-255.so => ./build/src/core/libsystemd-core-255.so
        libaudit.so.1 => /lib64/libaudit.so.1
            libcap-ng.so.0 => /lib64/libcap-ng.so.0
                ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
        libm.so.6 => /lib64/libm.so.6
        libmount.so.1 => /lib64/libmount.so.1
            libblkid.so.1 => /lib64/libblkid.so.1
        libseccomp.so.2 => /lib64/libseccomp.so.2
        libselinux.so.1 => /lib64/libselinux.so.1
            libpcre2-8.so.0 => /lib64/libpcre2-8.so.0
    libsystemd-shared-255.so => /home/lennart/projects/systemd/build/src/shared/libsystemd-shared-255.so
        libacl.so.1 => /lib64/libacl.so.1
            libattr.so.1 => /lib64/libattr.so.1
        libcap.so.2 => /lib64/libcap.so.2
        libcrypt.so.2 => /lib64/libcrypt.so.2
        libgcrypt.so.20 => /lib64/libgcrypt.so.20
            libgpg-error.so.0 => /lib64/libgpg-error.so.0
        liblz4.so.1 => /lib64/liblz4.so.1
        libcrypto.so.3 => /lib64/libcrypto.so.3
            libz.so.1 => /lib64/libz.so.1
        libpam.so.0 => /lib64/libpam.so.0
            libeconf.so.0 => /lib64/libeconf.so.0
        liblzma.so.5 => /lib64/liblzma.so.5
        libzstd.so.1 => /lib64/libzstd.so.1
    libc.so.6 => /lib64/libc.so.6

Before:

$ lddtree ./build/systemd
systemd => ./build/systemd (interpreter => /lib64/ld-linux-x86-64.so.2)
    libsystemd-core-255.so => ./build/src/core/libsystemd-core-255.so
        libaudit.so.1 => /lib64/libaudit.so.1
            libcap-ng.so.0 => /lib64/libcap-ng.so.0
                ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
        libkmod.so.2 => /lib64/libkmod.so.2
            libzstd.so.1 => /lib64/libzstd.so.1
            liblzma.so.5 => /lib64/liblzma.so.5
            libz.so.1 => /lib64/libz.so.1
            libcrypto.so.3 => /lib64/libcrypto.so.3
            libgcc_s.so.1 => /lib64/libgcc_s.so.1
        libm.so.6 => /lib64/libm.so.6
        libmount.so.1 => /lib64/libmount.so.1
            libblkid.so.1 => /lib64/libblkid.so.1
        libseccomp.so.2 => /lib64/libseccomp.so.2
        libselinux.so.1 => /lib64/libselinux.so.1
            libpcre2-8.so.0 => /lib64/libpcre2-8.so.0
    libsystemd-shared-255.so => /home/lennart/projects/systemd/build/src/shared/libsystemd-shared-255.so
        libacl.so.1 => /lib64/libacl.so.1
            libattr.so.1 => /lib64/libattr.so.1
        libcap.so.2 => /lib64/libcap.so.2
        libcrypt.so.2 => /lib64/libcrypt.so.2
        libgcrypt.so.20 => /lib64/libgcrypt.so.20
            libgpg-error.so.0 => /lib64/libgpg-error.so.0
        liblz4.so.1 => /lib64/liblz4.so.1
        libpam.so.0 => /lib64/libpam.so.0
            libeconf.so.0 => /lib64/libeconf.so.0
    libc.so.6 => /lib64/libc.so.6
2024-04-04 18:16:45 +02:00
Daan De Meyer
8595f578fe debug-generator: Add unit and drop-in credentials
These allow adding extra units and drop-ins via credentials.
2024-04-04 16:17:38 +02:00
Daan De Meyer
3cb618084a network-generator: Add logging
We stick to debug logging because in some cases network-generator
will fall back to trying another parsing function if one fails, so
if we return an error it's not necessarily a failure.
2024-04-04 14:46:40 +02:00
Luca Boccassi
26cbb21449
Merge pull request #32019 from bluca/gcrypt_dlopen
gcrypt: dlopenify for libsystemd
2024-04-03 16:10:00 +01:00
Luca Boccassi
8707c9b244 gcrypt: dlopenify for libsystemd
gcrypt is used only for journal sealing operations in libsystemd, so it
can be made into a dlopen dependency that is used only on demand. This
allows to reduce the footprint of libsystemd in the most common cases.

Keep systemd-pull and systemd-resolved with normal linking, as they are
executables, and usually built with OpenSSL support anyway.
2024-04-03 11:50:25 +01:00
Daan De Meyer
c89b3e1dfd test: Always exit with 77 if we skip a test
Prep work for running the integration tests with meson, which requires
tests to exit with 77 to indicate they are skipped.

Note this only deals with the easy cases where there's only tests. The
hard ones where there's subtests of which only some are skipped are left
for another PR.
2024-04-03 09:14:15 +09:00
Frantisek Sumsal
5d7b7bf1d4 test: don't hide exit code of the systemd-run process 2024-04-02 19:00:42 +02:00
Frantisek Sumsal
c956bf31f8 test: check if sd-executor doesn't complain during (de)serializing
This was usually caught by "accident" by other tests that parse output
of commands executed by sd-executor, so let's have an explicit check for
this.
2024-04-02 19:00:42 +02:00
Frantisek Sumsal
38d072a175 test: bump the container boot timeout when running w/o acceleration
With plain QEMU on a saturated AWS region we might just barely miss the
timeout window, causing unexpected test fails:

[  688.681324] systemd-nspawn[1332]: [  OK  ] Finished systemd-user-sessions.service.
[  689.451267] systemd-nspawn[1332]: [  OK  ] Started console-getty.service.
[  689.572874] systemd-nspawn[1332]: [  OK  ] Reached target getty.target.
[  693.634609] testsuite-74.sh[1223]: + at_exit
[  693.634609] testsuite-74.sh[1223]: + rm -fv -- /tmp/test-dump /tmp/test-usr-dump /tmp/make-dump
[  693.838395] testsuite-74.sh[1502]: removed '/tmp/test-dump'
[  693.838395] testsuite-74.sh[1502]: removed '/tmp/test-usr-dump'
[  693.838395] testsuite-74.sh[1502]: removed '/tmp/make-dump'
[  693.951114] testsuite-74.sh[670]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-74.coredump.sh failed'
[  693.951114] testsuite-74.sh[670]: Subtest /usr/lib/systemd/tests/testdata/units/testsuite-74.coredump.sh failed
[  693.951114] testsuite-74.sh[670]: + return 1
[  694.659094] systemd[1]: testsuite-74.service: Main process exited, code=exited, status=1/FAILURE
[  694.719563] systemd[1]: testsuite-74.service: Failed with result 'exit-code'.
[  694.882069] systemd[1]: Failed to start testsuite-74.service.
[  695.574445] systemd[1]: Reached target testsuite.target.
[  696.174844] systemd[1]: Starting end.service...
[  699.509408] systemd-nspawn[1332]:
[  699.509408] systemd-nspawn[1332]: CentOS Stream 9
[  699.509408] systemd-nspawn[1332]: Kernel 5.14.0-432.el9.x86_64 on an x86_64 (pts/0)
[  699.509408] systemd-nspawn[1332]:

Also, move the rest of container the setup for the user xattrs test into
the condition, since doing it without the actual test is pretty
pointless.
2024-04-02 19:00:24 +02:00
Luca Boccassi
a7f2019055
Merge pull request #32010 from bluca/reexec_rate_limit
core: serialize reload rate limit and apply ReloadLimit to reexec too
2024-03-29 17:16:36 +00:00
Luca Boccassi
8312b17a29 core: apply ReloadLimit to reexec too
Same reason as the reload, reexec is disruptive and it requires the
same privileges, so if somebody wants to limit reloads, they'll also
want to limit reexecs, so use the same setting.
2024-03-29 12:03:32 +00:00
Yu Watanabe
fee6510667
Merge pull request #31998 from yuwata/udev-event-mode
udev: make udevadm test and test-builtin not destructive
2024-03-29 11:31:58 +09:00
Yu Watanabe
089bef6631 udev: make udevadm test and test-builtin not destructive
Previously, 'udevadm test' performs not only processing udev rules,
but made several destructive change on the system; updating udev
database, device node permission, devlinks, network interface
properties, and so on.

Similary, 'udevadm test-builtin' may perform something destructive,
especially by 'keyboard', 'kmod', and 'net_setup_link' builtins.

Let's make these commands and test executables not change device
configurations.
2024-03-29 09:33:07 +09:00
Frantisek Sumsal
607be850b9 test: make coverage runs happy with capsule@.service
capsule@.service uses DynamicUser=yes, so let's use the same tweak we
use for other such units.
2024-03-28 23:29:46 +00:00
Luca Boccassi
373a1e47b2 portable: fix 'portablectl list' to show the actual state for extensions
When listing images they are inspected one by one, so in case of a
portable with extensions they always resulted as not found.
Allow a partial match when listing, so that we can find the appropriate
unit that an image belongs to, and list the correct state as attached.
2024-03-28 14:20:20 +00:00
Luca Boccassi
1cbb792763 Ensure that a portable is not detached when another portable that shares the same base is detached
The matches line includes all images, but the logic returned
immediately with a successful match if the first element matches.
2024-03-28 14:20:20 +00:00
Luca Boccassi
37543971af os-util: allow matching versioned image with extension-release file
Currently app_1.0.raw is refused if it contains extension-release.d/extension-release.app,
which stops one from using versioned images without using the force flag to disable
the check. Relax it so that only the actual name, and not the version, is compared, like
it already happens in other places.
2024-03-28 14:20:20 +00:00
Yu Watanabe
e4c7dc9418 test: disable IPv6AcceptRA= for test network interfaces with static address
This hopefully improves test performance.
2024-03-28 12:37:45 +00:00
Luca Boccassi
166cb4c3ee
Merge pull request #31994 from yuwata/network-dhcp-server-follow-ups
network: several fixlets for PersistLeases=
2024-03-28 12:35:13 +00:00
Adrian Vovk
1eba24dac4 homed: Release(): fix assertion failure
This fixes a race condition crash in homed that would happen in the
following sequence of events:

1. Client 1 takes a ref on the home area
2. Client 1 calls some method via dbus
3. Client 2 calls Release()

In homed, the Release() would check if a ref is still held (in this
case: yes it is) and returns an error. Except that is done through a
code-path that asserts that no operations are ongoing. In this case,
it's valid to have an ongoing operation, and so the assertion fails
causing homed to crash.
2024-03-28 13:35:37 +09:00
Luca Boccassi
ed35851693 run: fix generated unit name clash after soft-reboot
When sd-run connects to D-Bus rather than the private socket, it will
generate the transient unit name using the bus ID assigned by the D-Bus
broker/daemon. The issue is that this ID is only unique per D-Bus run,
if the broker/daemon restarts it starts again from 1, and it's a simple
incremental counter for each client.
So if a transient unit run-u6.service starts and fails, and it is not
collected (default on failure), and the system soft-reboots, any new
transient unit might conflict as the counter will restart:

Failed to start transient service unit: Unit run-u6.service was already loaded or has a fragment file.

Get the soft-reboot counter, and if it's greater than zero, append it
to the autogenerated unit name to avoid clashes.
2024-03-28 11:19:46 +09:00
Yu Watanabe
bc91875ae5 test-network: add test cases for PersistLeases=no 2024-03-28 11:16:17 +09:00
Frantisek Sumsal
c75ee69e59 test: cleanup the test script a bit 2024-03-27 20:15:02 +01:00
Frantisek Sumsal
0348b500ef test: check for /dev/loop-control when checking lodev availability
losetup in util-linux 2.40 started reporting lost loop devices [0] and
it has an unfortunate side-effect where it reports lost devices even in
containers, which then makes the loop device check "falsely" pass [1].

Let's just check for /dev/loop-control explicitly to "work around" this.

[0] a6ca0456cc
[1] https://github.com/util-linux/util-linux/issues/2824
2024-03-27 19:35:30 +01:00
Luca Boccassi
66f35161f6 core: add counter for soft-reboot iterations
Allow to query via D-Bus how many times the current booted system has
been soft rebooted
2024-03-27 01:27:35 +00:00
Jakub Sitnicki
d1813ba436 test: integration test for PassFileDescriptorsToExec= option
Check if socket file descriptors are passed to ExecXYZ= commands from the
socket unit depending on whether PassFileDescriptorsToExec= option is set.
2024-03-27 01:41:26 +08:00
Jakub Sitnicki
97df75d7bd socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
Today listen file descriptors created by socket unit don't get passed to
commands in Exec{Start,Stop}{Pre,Post}= socket options.

This prevents ExecXYZ= commands from accessing the created socket FDs to do
any kind of system setup which involves the socket but is not covered by
existing socket unit options.

One concrete example is to insert a socket FD into a BPF map capable of
holding socket references, such as BPF sockmap/sockhash [1] or
reuseport_sockarray [2]. Or, similarly, send the file descriptor with
SCM_RIGHTS to another process, which has access to a BPF map for storing
sockets.

To unblock this use case, pass ListenXYZ= file descriptors to ExecXYZ=
commands as listen FDs [4]. As an exception, ExecStartPre= command does not
inherit any file descriptors because it gets invoked before the listen FDs
are created.

This new behavior can potentially break existing configurations. Commands
invoked from ExecXYZ= might not expect to inherit file descriptors through
sd_listen_fds protocol.

To prevent breakage, add a new socket unit parameter,
PassFileDescriptorsToExec=, to control whether ExecXYZ= programs inherit
listen FDs.

[1] https://docs.kernel.org/bpf/map_sockmap.html
[2] https://lore.kernel.org/r/20180808075917.3009181-1-kafai@fb.com
[3] https://man.archlinux.org/man/socket.7#SO_INCOMING_CPU
[4] https://www.freedesktop.org/software/systemd/man/latest/sd_listen_fds.html
2024-03-27 01:41:26 +08:00
Luca Boccassi
14a5217679 resolved: support reloading configuration at runtime
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.

Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
2024-03-26 13:36:42 +00:00
Luca Boccassi
9065908483 test: use /run/ instead of /etc/ in TEST-75-RESOLVE 2024-03-26 12:52:42 +00:00
Zbigniew Jędrzejewski-Szmek
c38e4e2fda
Merge pull request #29721 from poettering/systemd-project
New capsule@.service feature
2024-03-26 13:19:33 +01:00
Luca Boccassi
b1d18b96c4
Merge pull request #31801 from flatcar-hub/krnowak/sysext-config
systemd-sysext: Add support for env vars, ephemeral layers and some fixes
2024-03-26 09:23:19 +00:00
Yu Watanabe
857f29a772 test: add test cases for journalctl --facility=/--output=help
Follow-up for d44233503f.
2024-03-26 04:18:23 +09:00
Yu Watanabe
cbe884f13a test: add test cases for systemd-analyze --global
Follow-up for ac97053618.
2024-03-26 04:10:04 +09:00
Luca Boccassi
650421fb8e
Merge pull request #31730 from yuwata/network-dhcp-server-lease-file-follow-ups
network: several follow-ups for DHCP server lease file
2024-03-25 14:32:05 +00:00
Krzesimir Nowak
18c1ea41c1 test: Add cases for failures to import the hierarchy 2024-03-25 08:33:31 +01:00
Krzesimir Nowak
baaa167926 test, sysext: Actually fail the whole operation if sd-merge worker failed
This also fixes a wrong merge failure check.
2024-03-25 08:33:22 +01:00
Krzesimir Nowak
e2bdece284 test: Add test cases for sysext ephemeral-import mode 2024-03-25 08:30:09 +01:00
Krzesimir Nowak
153e7f7b24 test: Extend sysext tests with cases using ephemeral mode 2024-03-25 08:19:48 +01:00
Krzesimir Nowak
9245b547cc test: Extend sysext tests with cases using env var for mutable mode 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
73cfa16d16 test: Fail sysext test if reusing a root directory 2024-03-25 08:14:36 +01:00
Luca Boccassi
22a36720bf test: explain how Ubuntu CI log URLs are created
Not trivially obvious, so add a couple of paragraph to explain it
2024-03-24 16:53:01 +01:00
networkException
f2cb9d17da bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules
This patch fixes an issue where, when not specifiying either at least one
`SocketBindAllow` or `SocketBindDeny` rule, behavior for the bind syscall
filtering would be unexpected.

For example, when trying to bind to a port with only "SocketBindDeny=any"
given, the syscall would succeed:

> systemd-run -t -p "SocketBindDeny=any" nc -l 8080

Expected with this set of rules (also in accordance with the documentation)
would be an Operation not permitted error.

This behavior occurs because a default initialized socket_bind_rule struct
matches what "any" represents. When creating the bpf list all elements get
default initialized, as such represeting "any". Seemingly it is necressarry
to set the size of the map to at least one, as such if no allow rule is
given default initialization and minimal map size cause one any allow rule
to be in the map, causing the behavior observed above.

This patch solves this by introducing a new "match nothing" magic stored in
the rule's address family and setting such a rule as the first one if no
rule is given, making sure that default initialized rule structs are never
used.

Resolves #30556
2024-03-24 11:08:58 +00:00
Adrian Vovk
269a3fe245 TEST-46-HOMED: Disable auth rate-limiting
Rate limiting authentication attempts in the test can cause somewhat
sporadic test failures: adding a test case might suddenly cause future
test cases to fail because of too many authentication attempts too
quickly

We're not trying to test the rate-limiting, we're trying to test the
functionality of homed. So we effectively disable rate-limiting on all
the home areas we create
2024-03-23 01:05:13 +00:00
Adrian Vovk
d94c7eef12 homework: Implement offline updates
This makes it possible to update a home record (and blob directory) of a
home area that's either completely absent (i.e. on a USB stick that's
unplugged) or just inaccessible due to lack of authentication
2024-03-23 01:05:13 +00:00
Adrian Vovk
5ec87d577f homework: Accept volume key from keyring
This bypasses authentication (i.e. user_record_authenticate) if the
volume key was loaded from the keyring and no secret section is
provided.

This also changes Update() and Resize() to always try and load the
volume key from the keyring. This makes the secret section optional for
these methods while still letting them function (as long as the home
area is active)
2024-03-23 01:05:13 +00:00
Daan De Meyer
27add528d7 test: Install test journals
Let's package these just like we package other test data.
2024-03-22 15:11:39 +01:00
Luca Boccassi
437eddcb41 test: run clean-again between tests, not at the end
So that we free up space for the next run, as we are seeing disk space
issues on Ubuntu CI due to the many images built and left around
2024-03-21 11:11:01 +00:00
Luca Boccassi
a82cf4902d test: delete private images on clean-again
Private images are not reused, they are unique to tests, so delete them
as they take a lot of disk space, and we are starting to run in /var/tmp
space issues on the Ubuntu CI
2024-03-21 11:08:18 +00:00
Yu Watanabe
bf995423fd test: add test case for issue #31776 2024-03-21 04:44:39 +09:00
Yu Watanabe
1c8e8ec0ff Revert "test: temporarily adjust the default mount rate limit"
This reverts commit 3f4b00a34a.

The issue #30573 seems to be fixed somehow. Let's revert the workaround.
2024-03-20 15:36:05 +01:00
Zbigniew Jędrzejewski-Szmek
7aed434371 Rename uid0 to run0
Naming is always a matter of preference, and the old name would certainly work,
but I think the new one has the following advantages:
- A verb is better than a noun.
- The name more similar to "the competition", i.e. 'sudo', 'pkexec', 'runas',
  'doas', which generally include an action verb.
- The connection between 'systemd-run' and 'run0' is more obvious.

There has been no release yet with the old name, so we can rename without
caring for backwards compatibility.
2024-03-19 16:37:22 +01:00
Yu Watanabe
93126bb0fa test-network: extend test case for DHCP server with null server address 2024-03-18 22:33:14 +09:00
Nick Rosbrook
6fec0fed10 shared/install: correctly install alias for units outside search path
Currently, if a unit file is enabled from outside of the search path,
and that unit has an alias, then the symlink ends up pointing outside of
the search path too. For example:

 $ cat /tmp/a.service
 [Service]
 ExecStart=sleep infinity

 [Install]
 Alias=b.service
 WantedBy=multi-user.target

 $ systemctl enable /tmp/a.service
 Created symlink /etc/systemd/system/a.service → /tmp/a.service.
 Created symlink /etc/systemd/system/b.service → /tmp/a.service.
 Created symlink /etc/systemd/system/multi-user.target.wants/a.service → /tmp/a.service.

This then means the alias is treated as a separate unit:

 $ systemctl start a.service
 $ sudo systemctl status a
 ● a.service
  Loaded: loaded (/etc/systemd/system/a.service; enabled; preset: enabled)
  Active: active (running) since Fri 2024-03-15 15:17:49 EDT; 9s ago
 Main PID: 769593 (sleep)
   Tasks: 1 (limit: 18898)
  Memory: 220.0K
     CPU: 5ms
  CGroup: /system.slice/a.service
          └─769593 sleep infinity

 Mar 15 15:17:49 six systemd[1]: Started a.service.
 $ sudo systemctl status b
 ○ b.service
  Loaded: loaded (/etc/systemd/system/b.service; alias)
  Active: inactive (dead)

To fix this, make sure the alias uses a target that is inside the search
path. Since the unit file itself is outside of the search path, a
symlink inside the search path will have been created already. Hence,
just point the alias symlink to that recently created symlink.
2024-03-18 11:58:07 +00:00
Luca Boccassi
48570c9273
Merge pull request #31811 from yuwata/network-pin-persistent-storage
network: pin file descriptor of persistent storage
2024-03-18 11:08:21 +00:00
Yu Watanabe
013359ac65 network: pin file descriptor of persistent storage
This also drop the support of /run/systemd/netif/persistent-storage-ready,
as the file is anyway removed when networkd is stopped.
Let's use $SYSTEMD_NETWORK_PERSISTENT_STORAGE_READY=1 instead on testing.
2024-03-16 01:12:05 +09:00
Zbigniew Jędrzejewski-Szmek
3df28dd9b6 test/TEST-46: drop whitespace after redirection operators 2024-03-15 16:07:58 +01:00
Lennart Poettering
a037f2eb9b test: add integration test for capsules 2024-03-14 11:34:04 +01:00
Mike Yuan
45bcab66a9
journal/cat: allow connecting output to specific journal namespace 2024-03-14 14:25:53 +08:00
Frantisek Sumsal
beffcd62f8 test: split logs from each test into separate files if requested
If both $ARTIFACT_DIRECTORY and $SPLIT_TEST_LOGS are set, split the
output from each test into a separate log file, so we don't have to load
one ginormous log file when checking the results.
2024-03-12 17:34:55 +01:00
Frantisek Sumsal
aec72d7901 test: clean up the integration test runner a bit 2024-03-12 17:34:55 +01:00
Yu Watanabe
06baee4ea3
Merge pull request #30021 from yuwata/dhcp-client-id-cleanups
dhcp-server: save bound leases to persistent storage, and load it on start
2024-03-12 13:40:09 +09:00
Ross Burton
59e33acc8e tests/run-unit-tests: add option to skip tests
In automated QA environments there may be tests that are known to fail,
and being able to skip them is useful to remove known failures from the
test log.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2024-03-11 23:27:01 +00:00
Ross Burton
4a052a718a test/run-unit-tests: sort the test cases we're executing
When reading test logs manually it is a lot easier when the tests are
sorted by name rather than by disk order.

Signed-off-by: Ross Burton <ross.burton@arm.com>
2024-03-11 18:11:30 +00:00
Yu Watanabe
1c4411b7ff test-network: add test case for DHCP server lease file 2024-03-12 01:57:17 +09:00
Yu Watanabe
c84a5f5eaf test-network: add support for systemd-networkd-persistent-storage.service 2024-03-12 01:57:16 +09:00
Yu Watanabe
83cc18257e test-network: copy system unit files from build or source directory
Addresses https://github.com/systemd/systemd/pull/30021#issuecomment-1971090682.
2024-03-12 01:17:40 +09:00
Yu Watanabe
f66045c7d4 test-network: drop unused options and variables
This also renames several variables, and replace RuntimeError with
assert.
2024-03-12 01:14:40 +09:00
Lennart Poettering
cf1c8cdb87 resolved: expose raw RR resolver via Varlink too
Now that we have an address, hostname, and service resolve, at the last
kind of resovler we expose over D-Bus also to Varlink.
2024-03-06 19:00:53 +01:00
Luca Boccassi
ba6ec879bb
Merge pull request #31621 from poettering/resolved-proxy-do
resolved: proxy upstream local requests to our stub with DO bit set
2024-03-06 13:55:14 +00:00
Frantisek Sumsal
4e5a7e1923 test: use 'ahost' instead of 'hosts' where applicable
As explained in [0] the 'hosts' database uses deprecated
gethostbyname2() which uses AF_INET6 instead of AF_UNSPEC for IPv6
lookups which is broken and makes the test fail with disabled IPv6.

[0] https://github.com/systemd/systemd/pull/28136#issuecomment-1974901039
2024-03-06 01:15:30 +00:00
Lennart Poettering
df81adba88 ci: disable test that is now answered by knot
dig question with DNSSEC on will now be proxied upstream, i.e. to the
test knot server. This leads to different results, but the result isn't
tha tinteresting since we don't want to test knot, but resolved. Hence
comment this test.

There seems to be something wrong with the test though, as the upstream
server refused recursion, but if so it is not suitable as an upstream
server really, as resolved can only be client to a recursive resolver.
2024-03-05 15:29:19 +01:00
Frantisek Sumsal
7a63c5e550 test: explicitly set TERM=linux for TEST-69-SHUTDOWN
sulogin from the latest util-linux started falling back to vt102 instead
of linux, which makes screen sad (because we install only the linux
terminfo into the test image) and expect trips over the unexpected
warning. Let's just explicitly set TERM=linux before invoking screen to
avoid this.

+ make -C TEST-69-SHUTDOWN setup run
...
INFO:test-shutdown:log in and start screen
root
root
Last login: Sun Mar  3 13:19:31 from 18.191.105.60
-bash-5.2# screen
screen
Cannot find terminfo entry for 'vt102'.
-bash-5.2# ERROR:test-shutdown:Timeout exceeded.
2024-03-03 21:12:43 +01:00
Luca Boccassi
e440426221
Merge pull request #31587 from yuwata/udev-rps-follow-ups
udev: follow-ups for RPS setting
2024-03-02 11:47:44 +00:00
Yu Watanabe
4b35dab86a test-network: wait for the interface being processed by udevd
Otherwise, even if the interface is available, the requested config may
not be applied to the interface yet.

This also merges multiple tests for RPS setting. Hopefully the
performance of the test is improved.
2024-03-02 14:50:40 +09:00
Yu Watanabe
a39a2a8121 test-network: introduce udevadm() and friends 2024-03-02 14:50:40 +09:00
Yu Watanabe
0f805b4661 test-network: check enabled capabilities in LLDP neighbors
Addresses https://github.com/systemd/systemd/pull/31583#discussion_r1509880349.
2024-03-02 13:52:28 +09:00
Lennart Poettering
befbfca70f test: add integration test for importctl
(these are explicit tests, on top of the existing machinectl tests that
are now chainload importctl)
2024-03-01 22:29:08 +01:00
Lennart Poettering
120f4a4451 test74: create ssh empty dir all at the same place
A follow up for 8fddb50fd4, which mirrors
the change also in test 74.
2024-03-01 22:24:32 +01:00
Luca Boccassi
0abe0cd402 test: enable PAM debug logs in TEST-46-HOMED 2024-03-01 10:07:27 +00:00
Yu Watanabe
d5e6df24bd
Merge pull request #31498 from ssahani/bond
netdev: bond - add support for peer_notif_delay
2024-03-01 12:45:52 +09:00
Yu Watanabe
d6360819a7 test-network: add more test cases for LLDP 2024-03-01 09:40:26 +09:00
Frantisek Sumsal
8fddb50fd4 test: create sshd's runtime directory (Debian variant)
sshd.service on Debian uses RuntimeDirectory=sshd, without which sshd
complains:

[ 4065.834904] sshd[711]: Missing privilege separation directory: /run/sshd
[ 4065.835785] systemd[1]: mysshserver@0-127.0.0.1:4711-127.0.0.1:58232.service: Deactivated successfully.
[ 4065.836433] testsuite-46.sh[708]: kex_exchange_identification: read: Connection reset by peer
[ 4065.836433] testsuite-46.sh[708]: Connection reset by 127.0.0.1 port 4711

Resolves: #31518
2024-02-29 13:44:29 +01:00
Frantisek Sumsal
38cbb9ab8a test: avoid SIGPIPE from ssh | tail -n 1
Addresses: https://github.com/systemd/systemd/issues/31518#issuecomment-1968295678
2024-02-29 13:43:40 +01:00
Frantisek Sumsal
905c9d2c92 test: use ECDSA keys for ssh-related tests
This should make the test faster, especially on machines without
acceleration.
2024-02-29 13:43:25 +01:00
Frantisek Sumsal
6e97142b84 test: shell & cleanup cleanup 2024-02-29 13:18:07 +01:00
Frantisek Sumsal
78816ce72e
Merge pull request #31444 from bluca/semaphore
semaphore: set upstream build profile and set default branch to debian/master
2024-02-28 15:03:11 +01:00
Luca Boccassi
0cad991c4c
Merge pull request #31293 from ragazenta/netdev_rps
udevd: Add ReceivePacketSteeringCPUMask for systemd.link
2024-02-28 13:37:28 +00:00
Susant Sahani
de736b9658 test-network: Add test for bond peer_notif_delay 2024-02-28 17:34:54 +05:30
Renjaya Raga Zenta
a6f5673c99 test-network: Add test for rps_cpu_mask option 2024-02-28 11:37:18 +07:00
Yu Watanabe
c4047829bb test-network: fix typo
Follow-up for a663ddc04e.
2024-02-28 11:44:20 +09:00
Luca Boccassi
132f785429 test/README: document how to add a new empty release to the PPA to migrate the CI to a new version 2024-02-28 01:08:57 +00:00
Luca Boccassi
f6387e7e3f test/README: update ubuntu IRC channel for CI help 2024-02-28 01:08:57 +00:00
Luca Boccassi
47c2a6e958
Merge pull request #31515 from keszybz/small-cleanups-after-review-of-stable-batch
Small cleanups after review of stable batch
2024-02-27 20:07:18 +00:00
Antonio Alvarez Feijoo
532de87f74 core: remove duplicate serialization of cpu_sched_reset_on_fork
`c->cpu_sched_reset_on_fork` is serialized using
`exec-context-cpu-sched-reset-on-fork` and
`exec-context-cpu-scheduling-reset-on-fork`. Let's keep only the second one, to
serialize the value only if `cpu_sched_set` is true.
2024-02-27 19:20:44 +00:00
Jan Engelhardt
4094130b6f test: drop route from test-functions
I do not see `route` being exercised anywhere else, everything seems
to be on `ip route` already.
2024-02-27 17:51:56 +00:00
Zbigniew Jędrzejewski-Szmek
f7364e1a51 shared/pam-util: fix awkward tense in log message 2024-02-27 18:32:51 +01:00
Frantisek Sumsal
cc48d93870 test: use socat in unidirectional mode
By default socat open a separate r/w channel for each specified address,
and terminates the connection after .5s from receiving EOF on _either_
side. And since one side of that connection is an empty stdin, we reach
that EOF pretty quickly. Let's avoid this by using socat in
"reversed unidirectional" mode, where the first address is used only for
writing, and the second one is used only for reading.

Addresses:
  - https://github.com/systemd/systemd/issues/31500
  - https://github.com/systemd/systemd/issues/31493

Follow-up for 3456c89ac2.
2024-02-27 15:24:23 +00:00
Luca Boccassi
e5191faf44
Merge pull request #31000 from flatcar-hub/krnowak/mutable-overlays
systemd-sysext: Implement optional mutability for extensions
2024-02-26 16:17:11 +00:00
Lennart Poettering
72bdf0ac67
Merge pull request #31455 from keszybz/restore-docs-urls
Restore docs urls
2024-02-23 15:59:44 +01:00
Zbigniew Jędrzejewski-Szmek
8e3fee33af Revert "docs: use collections to structure the data"
This reverts commit 5e8ff010a1.

This broke all the URLs, we can't have that. (And actually, we probably don't
_want_ to make the change either. It's nicer to have all the pages in one
directory, so one doesn't have to figure out to which collection the page
belongs.)
2024-02-23 09:48:47 +01:00
Yu Watanabe
3976c43092 network: introduce per-interface IP forwarding settings
This deprecates IPForward= setting, which unconditionally controled
the global setting, even though it is a setting in .network file.

Instead, this introduces new IPv4Forwarding= and IPv6Forwarding=
settings both in .network and networkd.conf.
If these settings are specified in a .network file, then the
per-interface forwarding setting will be configured.
If specified in networkd.conf, then the global IP forwarding setting will
be configured.

Closes #30648.
2024-02-22 19:24:12 +00:00
Krzesimir Nowak
bfa2dd7558 test: Extend systemd-sysext tests to cover the mutability feature 2024-02-22 19:06:22 +01:00
Krzesimir Nowak
1212c80c71 test: Initial systemd-sysext tests
The follow-up commit will refactor some code in systemd-sysext, so add some
tests to make sure that things didn't break. The tests will be later extended
with cases for new features added.
2024-02-22 19:06:22 +01:00
hulkoba
5e8ff010a1
docs: use collections to structure the data 2024-02-22 10:11:54 +01:00
Susant Sahani
2b98febe9d test-network: add test for macvlan BroadcastQueueMulticastLength= and BroadcastQueueThreashold= 2024-02-22 09:46:55 +09:00
Yu Watanabe
0183d48ddb test-network: use assertIn() 2024-02-22 09:46:45 +09:00
Frantisek Sumsal
ff80bd2d6d test: temporarily enable session lingering for the test user #2
Similarly to bbac11c993 we need to enable session lingering for the test
user, so the long-running test units are not killed prematurely:

[   18.822261] testsuite-55.sh[403]: + systemctl start --machine testuser@.host --user testsuite-55-testchill.service
[   18.852775] systemd[1]: Started run-u17.service.
[   19.256431] (o-bridge)[526]: pam_unix(login:session): session opened for user testuser(uid=4711) by testuser(uid=0)
[   19.288346] systemd[1]: Started session-2.scope.
[   20.165874] systemd[392]: Created slice session.slice.
[   20.166459] systemd[392]: Starting dbus-broker.service...
[   20.220189] dbus-broker-launch[529]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +31: Eavesdropping is deprecated and ignored
[   20.220189] dbus-broker-launch[529]: Policy to allow eavesdropping in /usr/share/dbus-1/session.conf +33: Eavesdropping is deprecated and ignored
[   20.220494] systemd[392]: Started dbus-broker.service.
[   20.224276] dbus-broker-launch[529]: Ready
[   20.231702] systemd[392]: Created slice testsuite.slice.
[   20.231976] systemd[392]: Created slice testsuite-55.slice.
[   20.232259] systemd[392]: Created slice testsuite-55-workload.slice.
[   31.065294] testsuite-55.sh[403]: + systemctl start --machine testuser@.host --user testsuite-55-testbloat.service
[   31.065641] (sd-pam)[528]: pam_unix(login:session): session closed for user testuser
[   31.066103] (sd-pam)[528]: pam_systemd(login:session): Failed to release session: Access denied
[   31.066152] systemd[392]: Started testsuite-55-testchill.service.
[   31.068062] systemd[1]: run-u17.service: Deactivated successfully.
[   31.068217] dbus-broker[389]: A security policy denied :1.20 to send method call /org/freedesktop/login1:org.freedesktop.login1.Manager.ReleaseSession to org.freedesktop.login1.
[   31.075901] (o-bridge)[537]: pam_unix(login:session): session opened for user testuser(uid=4711) by testuser(uid=0)
[   31.091098] systemd[1]: Stopping session-2.scope...
[   31.092158] systemd[1]: Started run-u21.service.
[   31.092993] systemd[1]: session-2.scope: Deactivated successfully.
[   31.093287] systemd[1]: Stopped session-2.scope.
[   31.095798] systemd[1]: Stopping user@4711.service...
[   31.103541] systemd[392]: Activating special unit exit.target...
[   31.108359] systemd[392]: Stopped target default.target.
[   31.109798] systemd[392]: Stopped target timers.target.
[   31.110790] systemd[392]: Stopping testsuite-55-testchill.service...
[   31.112154] systemd[392]: Stopped testsuite-55-testchill.service.
[   31.114033] systemd[392]: Removed slice testsuite-55-workload.slice.
[   31.114971] systemd[392]: Removed slice testsuite-55.slice.
[   31.115858] systemd[392]: Removed slice testsuite.slice.
...
[   31.475949] testsuite-55.sh[403]: + systemctl --machine testuser@.host --user status testsuite-55-testchill.service
[   31.490464] systemd[1]: session-3.scope: Deactivated successfully.
[   31.565929] systemd[1]: Started run-u33.service.
[   31.592437] (o-bridge)[583]: pam_unix(login:session): session opened for user testuser(uid=4711) by testuser(uid=0)
[   31.610210] systemd[1]: Started session-5.scope.
[   31.616960] testsuite-55.sh[578]: ○ testsuite-55-testchill.service - No memory pressure
[   31.616960] testsuite-55.sh[578]:      Loaded: loaded (/usr/lib/systemd/tests/testdata/units/testsuite-55-testchill.service; static)
[   31.616960] testsuite-55.sh[578]:      Active: inactive (dead)
[   31.617438] (sd-pam)[586]: pam_unix(login:session): session closed for user testuser

Addresses https://github.com/systemd/systemd/pull/31426#issuecomment-1956436844.
2024-02-21 18:24:25 +00:00
Frantisek Sumsal
5083e42765 test: verify our own units (where applicable)
This is inspired by one of our internal tests that does pretty much the
same thing. However, it is slightly more convoluted than I'd like it to
be, since I really don't want to duplicate the list of our units in
another place, so we need to, somehow, pass the list from the meson file
to the test script. I originally envisioned this to be a part of the
unit test suite, but this doesn't work for unit files with absolute
paths to binaries, as we'd have to install the build first (maybe using
a chroot would work?).

It doesn't check man pages (since they might not be installed on the
test machine) and also skip recursive dependencies (as that would trip
over issues in files that are not under our direct control), but it
should still cover typos and such.

There are currently two units for which the check had to be disabled -
syslog.socket, as the corresponding syslog.service might not be
installed, and rc-local.service as that's a compat API and the necessary
/etc/rc.d/rc.local file may not (and most likely won't be) present.
2024-02-20 15:45:50 +01:00
Frantisek Sumsal
3e7b1b5cb9 test: fix mixed indent 2024-02-20 13:31:00 +01:00
Frantisek Sumsal
a69ec6fb02 test: support TEST_MATCH_* stuff in TEST-23-UNIT-FILE as well
TEST-23 uses run_subtests_with_signals() which I forgot about when
introducing the change.

Follow-up for 0efa27bd4b.
2024-02-20 13:31:00 +01:00
Yu Watanabe
c6c7c461a3 resolve: several follow-ups for resolving service via varlink
Follow-ups for e1634bb832.

- Allow to call the method without "name" and "type".
- Allow to specify SD_RESOLVE_NO_TXT and SD_RESOLVE_NO_ADDRESS.
- Allow to provide multiple services, and fix memory leak.
- Rearrange the return value format.
- Encode TXT field with octescape() to make the field matches with the
  io.systemd.Resolve.Monitor interface.

Fixes #31371.
2024-02-19 22:13:07 +01:00
Luca Boccassi
f927b872d6
Merge pull request #31351 from YHNdnzj/exit-status-no-executable
core/exec-invoke: record correct exit status when failed to locate executable
2024-02-19 19:17:31 +00:00
David Tardon
dfdcc7c987 test: add a test for #31384 2024-02-19 16:45:19 +00:00
Mike Yuan
80b18d217a
core/exec-invoke: record correct exit status when failed to locate executable
Follow-up for 4d8b0f0f7a

After the mentioned commit, when the ExecCommand executable is missing,
and failure will be ignored by manager, we exit with EXIT_SUCCESS at executor
side too. The behavior however contradicts systemd.service(5), which states:

> If the executable path is prefixed with "-", an exit code of the command
> normally considered a failure (i.e. non-zero exit status or abnormal exit
> due to signal is _recorded_, but has no further effect and is considered
> equivalent to success.

and thus makes debugging unexpected failures harder. Therefore, let's still
exit with EXIT_EXEC, but just skip LOG_ERR level log.
2024-02-19 23:12:59 +08:00
Daan De Meyer
88d4b97a24 Set SYSTEMD_LOG_LEVEL=info explicitly in test-sysusers
If we're looking for output on stderr, let's make sure it's not
littered with debug logs if SYSTEMD_LOG_LEVEL=debug.
2024-02-19 15:19:37 +01:00
Frantisek Sumsal
ef22a3233f
Merge pull request #31386 from mrc0mmand/test-tweaks
Revert "test: use btrfs by default on Arch as well"
2024-02-19 14:53:31 +01:00
Adrian Vovk
bbdd9c8d97 TEST-46-HOMED: Add tests for blob directories 2024-02-19 11:18:11 +00:00
Luca Boccassi
034569150f
Merge pull request #31364 from bluca/vpick_ext
core: add support for vpick for ExtensionImages=/ExtensionDirectories=
2024-02-19 11:15:54 +00:00
Frantisek Sumsal
bbac11c993 test: temporarily enable session lingering for the test user
So the user daemon with the long-running service is not killed while we
test the journal:

[  834.077080] testsuite-04.sh[10937]: Running as unit: user-sleep.service; invocation ID: b1f2c9c9a14a40ce836c867139d14dc8
[  834.077687] systemd[10943]: Started user-sleep.service.
[  834.078437] (sd-pam)[10952]: pam_unix(login:session): session closed for user testuser
[  834.078643] systemd[1]: run-u3.service: Deactivated successfully.
[  834.078710] testsuite-04.sh[10930]: + for _ in {0..9}
[  834.078710] testsuite-04.sh[10930]: + journalctl --rotate
...
[  834.081253] systemd[1]: session-7.scope: Deactivated successfully.
...
[  844.602065] testsuite-04.sh[10930]: + journalctl --rotate
[  844.630414] testsuite-04.sh[10930]: + journalctl --sync
[  844.632005] systemd[1]: Stopping user@4711.service...
[  844.634179] systemd[10943]: Activating special unit exit.target...
[  844.635769] systemd[10943]: Stopped target default.target.
[  844.636136] systemd[10943]: Stopped target timers.target.
[  844.636479] systemd[10943]: Stopping user-sleep.service...
[  844.636998] systemd[10943]: Stopped user-sleep.service.
...
[  844.758893] testsuite-04.sh[10930]: + systemctl stop --user -M testuser@ user-sleep.service
[  845.213399] systemctl[11066]: Failed to stop user-sleep.service: Unit user-sleep.service not loaded.
2024-02-19 11:43:54 +01:00
Frantisek Sumsal
18c769b0ff Revert "test: use btrfs by default on Arch as well"
There's something very wrong going on when using btrfs for the test
images, namely:
  - there's a significant performance hit, i.e. the Arch Linux run is
    ~20% slower, in the coverage run the situation is even worse
  - intermittent boot failures
  - intermittent "No space left on device" errors (even though there's
    enough free space)

Since debugging this might take a while, let's temporarily revert back
to ext4 to make the CI stable again.

This reverts commit 7eb7e3ec4f.
2024-02-19 11:43:54 +01:00
Yu Watanabe
b5b2510800 pam-util: include cache ID of bus connection in the log message
To make it easier to debug issues like #31375.
2024-02-19 10:15:33 +00:00
Frantisek Sumsal
78bbc7d5d4 test: make testcase_owneridmap() compatible with coverage runs
Follow-up for 614d09a.
2024-02-18 13:44:24 +00:00
Yu Watanabe
20fedbe32b
Merge pull request #31318 from mrc0mmand/test-switch-to-btrfs
test: use btrfs by default on Arch as well
2024-02-18 04:55:56 +09:00
Frantisek Sumsal
7e2bf4c5ee test: "modernize" TEST-55-OOMD's init 2024-02-17 12:49:44 +01:00
Frantisek Sumsal
bce0fa7da1 test: don't abbreviate log messages when dumping the test journal
To make debugging test fails easier.
2024-02-17 12:49:44 +01:00
Frantisek Sumsal
1b0cf03668 test: use btrfs' mkswapfile on btrfs
So it's created automagically with proper attributes.
2024-02-17 12:49:44 +01:00
Frantisek Sumsal
e073c1d8ed test: make TEST-08-INITRD slightly less annoying to debug
Forward journal to console, since we won't have any journal from initrd
and shutdown/exit initrd phases. Also, mention
systemd.journald.max_level_console=debug that is very handy for
debugging initrd shenanigans, but don't use it by default since it
sends a _lot_ of stuff to the serial console, which slows down the test
a lot.
2024-02-17 12:49:44 +01:00
Frantisek Sumsal
adafa3b2f8 test: always try to install the ext4 module
So the tests work even if the base image filesystem is not ext4.
2024-02-17 12:49:44 +01:00
Frantisek Sumsal
7eb7e3ec4f test: use btrfs by default on Arch as well 2024-02-17 12:49:44 +01:00
Yu Watanabe
3b677c6f94 test-network: add one more test case for DHCP prefix delegation
For issue #31349.
2024-02-17 11:48:25 +00:00
Yu Watanabe
ab06b74fd3 test-network: split test_dhcp6pd() into small pieces 2024-02-17 11:48:25 +00:00
Luca Boccassi
622efc544d core: add support for vpick for ExtensionDirectories= 2024-02-17 11:20:00 +00:00
Luca Boccassi
5e79dd96a8 core: add support for vpick for ExtensionImages= 2024-02-17 11:20:00 +00:00
Yu Watanabe
e21dd22040
Merge pull request #31338 from ssahani/network-bond-missed
network: netdev - bond add support for ARP missed max
2024-02-17 06:16:42 +09:00
Vishal Chillara Srinivas
e1634bb832 resolve: provide service resolve over varlink
ported the d-bus implementation of service resolve to varlink
extended TEST-75-RESOLVED to cover this use-case
2024-02-16 16:24:08 +01:00
Luca Boccassi
92d1419eb8
Merge pull request #31218 from CodethinkLabs/vmspawn/journal_forwarding
vmspawn: support journal forwarding
2024-02-16 12:09:52 +00:00
Luca Boccassi
5ea0da03d4
Merge pull request #31311 from yuwata/journal-user-corruption
journal: fix user journal corruption on rotation
2024-02-16 12:07:50 +00:00
Lennart Poettering
f03e8f19b7
Merge pull request #30263 from msizanoen1/fix-onboot-rotate-2
journal: Reset runtime seqnum data when flushing to system journal
2024-02-16 12:02:09 +01:00
Frantisek Sumsal
7bd41e63f7 test: properly preserve journal from sd-bsod tests
I (incorrectly) assumed that --relinquish-var does everything --flush
does, including moving already existing stuff from /var/log/journal/ to
/run/log/journal/, but that's not the case. To actually do that we need
to shuffle things manually, so let's do just that.

This should make issues like #31334 easier to debug, since with this
patch we now have a coredump in the test journal as well:

~# make -C test/TEST-04-JOURNAL/ clean setup run TEST_MATCH_SUBTEST=bsod BUILD_DIR=$PWD/build TEST_NO_NSPAWN=1
...
[   12.176089] testsuite-04.sh[712]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed'
[   12.176089] testsuite-04.sh[712]: Subtest /usr/lib/systemd/tests/testdata/units/testsuite-04.bsod.sh failed
[   12.176089] testsuite-04.sh[712]: + return 1
[   12.177347] systemd[1]: testsuite-04.service: Failed with result 'exit-code'.
[   12.220580] systemd[1]: Failed to start testsuite-04.service.
Spawning getter /home/mrc0mmand/repos/@systemd/systemd/build/journalctl -o export -D /var/tmp/systemd-tests/systemd-test.Qtqmmr/root/var/log/journal...
Finishing after writing 7649 entries
TEST-04-JOURNAL: (failed; see logs)
-rw-r----- 1 root root 16777216 Feb 15 21:13 /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
...

~# coredumpctl --file /var/tmp/systemd-tests/systemd-test.Qtqmmr/system.journal
TIME                        PID UID GID SIG     COREFILE EXE                           SIZE
Thu 2024-02-15 21:13:38 CET 812   0   0 SIGABRT journal  /usr/lib/systemd/systemd-bsod    -
2024-02-16 10:37:37 +01:00
Susant Sahani
d2d0a8d45d test-network: Add test for bond arp_missed_max option 2024-02-16 15:03:58 +05:30
Susant Sahani
b33bba0434 network: netdev - bond add support for ARP missed max
Allows to configure bond arp_missed_max is the maximum number of arp_interval monitor cycle
for missed ARP replies. If this number is exceeded, link is reported as
down.
2024-02-16 14:44:51 +05:30
Frantisek Sumsal
8cc42169f1 test: add test cases for journal corruption on btrfs
For issue #24150 and #31222.
2024-02-16 03:48:18 +09:00
Sam Leonard
f31cff849d
journald: implement socket forwarding
This commit adds a new way of forwarding journal messages - forwarding
over a socket.

The socket can be any of AF_INET, AF_INET6, AF_UNIUX or AF_VSOCK.

The address to connect to is retrieved from the "journald.forward_address" credential.

It can also be specified in systemd-journald's unit file with ForwardAddress=
2024-02-15 14:08:20 +00:00
Benjamin Franzke
614d09a37d nspawn: add support for owneridmap bind option
owneridmap bind option will map the target directory owner from inside the
container to the owner of the directory bound from the host filesystem.
This will ensure files and directories created in the container will be owned
by the directory owner of the host filesystem. All other users will remain
unmapped. Files to be written as other users in the container will not be
allowed.

Resolves: #27037
2024-02-15 11:49:54 +01:00
Yu Watanabe
7774a7ca79 test: fix cleanup function
Follow-up for 8349bbdfd8.
2024-02-15 09:37:10 +01:00
Yu Watanabe
6854322483 test-network: show interface status again when wait-online failed
Fixes a bug in 10d670a3c1.

This also makes wait_online() show a short message when a requested
interface not found.
2024-02-15 00:37:03 +00:00
Yu Watanabe
d5ff4b6d4c
Merge pull request #31173 from yuwata/network-route-check-conflict
network/route: check if existing route can be updated
2024-02-15 08:12:42 +09:00
Luca Boccassi
76995e7dc4
Merge pull request #31286 from poettering/bootctl-varlink
bootctl: add simple varlink IPC interface
2024-02-14 18:59:33 +00:00
Luca Boccassi
32243272ff
Merge pull request #31317 from fbuihuu/update-tests-for-suse
Update tests for SUSE
2024-02-14 17:31:40 +00:00
Lennart Poettering
a0437868d8
Merge pull request #30226 from poettering/homed-fallback-shell
homed: allow logging into home areas via ssh without unlocking them locally first
2024-02-14 17:08:04 +01:00
Yu Watanabe
29fbbb1389 test-network: add test for advertised hop limit
For issue #28437.
2024-02-15 00:43:12 +09:00
Yu Watanabe
9fbab82bef test-network: add test case for removing conflicting routes
For issue #28439.
2024-02-15 00:43:12 +09:00
Yu Watanabe
e3cc2bd9c6 test-network: drop unnecessary IPv6SendRA=yes setting 2024-02-15 00:43:12 +09:00
Yu Watanabe
95e1fbbac4 test-network: allow to specify multiple interfaces to wait_online() without square bracket 2024-02-15 00:42:43 +09:00
Lennart Poettering
79ec39958d bootctl: add a Varlink interface
For now, just super basic functionality: return the list of boot menu
entries, and read/write the reboot to firmware flag
2024-02-14 16:15:19 +01:00
Lennart Poettering
8349bbdfd8 test: add test that ensures homed logins via SSH work 2024-02-14 15:09:47 +01:00
Franck Bui
08abfd0b8c test: make sure to install the filesystem package in the test image on SUSE
Othewise test images are missing the tmpfiles snippets used to create the very
basic files at boot, which can be useful when a test wants to reuse the OS tree
(is already running in) for spawning a new container in pristine state.
2024-02-14 10:21:33 +01:00
Yu Watanabe
604b200108 test: fix typo
Follow-up for d02018afdb.
2024-02-14 04:04:12 +09:00
Yu Watanabe
964756923b test: fix typo
Follow-up for 3456c89ac2.
2024-02-14 04:03:09 +09:00
Frantisek Sumsal
5b1aa0e19a core: escape spaces when serializing as well
Otherwise they might get stripped when reading the serialized data back.

Resolves: #31214
2024-02-14 02:22:58 +08:00
Franck Bui
26fff16b90 test: make sure that sd-boot is installed before testing bootctl
bootctl can be installed also non uefi systems so its sole presence doesn't
mean that we can test installation of sd-boot.
2024-02-13 18:16:23 +01:00
Franck Bui
03b1e10fc8 test: install systemd-boot in openSUSE test images
Needed since 87282a337d1ba7dc7d755f53b46c64b43718dcf7.
2024-02-13 18:13:21 +01:00
Lennart Poettering
c9cdbaed17
Merge pull request #30380 from keszybz/tmpfiles-dry-run
Make tmpfiles/sysusers nicer with local files and implement tmpfiles --dry-run
2024-02-13 09:45:50 +01:00
Frantisek Sumsal
16343f52ba
Merge pull request #31271 from fbuihuu/test-69-debugging-improvements
Test 69 debugging improvements
2024-02-12 21:14:43 +01:00
Franck Bui
cf14d11447 test/test-shutdown.py: optionally display the test I/Os in a dedicated log file
Given that the test involves screen(1), sending various control sequences to
resize/clear the screen, most of the logs sent from the python script were
nearly impossible to read or mixed with other messages sent to the console
hence making the debug harder when the test is run manually.

This patch introduces an option to redirect the pexpect IOs into a file (to be
used in $STATEDIR/TEST-69-SHUTDOWN/run-nspawn).

The pexpect logs are also enabled later so the boot logs are skipped since
those are already included in the journal.
2024-02-12 16:57:51 +01:00
Lennart Poettering
a85daa97d9
Merge pull request #31233 from poettering/pcrlock-varlink
pcrlock: add simple Varlink API + some varlinkctl tweaks
2024-02-12 15:48:03 +01:00
Zbigniew Jędrzejewski-Szmek
b214427752 TEST-22: add --dry-run calls
aCdDefLprRwxXz are tested with --dry-run.
I added a primitive test of bc.
There were no tests for AhHt, and I didn't add those either.
2024-02-12 13:34:32 +01:00
Lennart Poettering
d02018afdb test: add brief test for prclock varlink interfaces and varlinkctl --collect 2024-02-12 12:04:18 +01:00
Lennart Poettering
24835e9933 varlinkctl: if "call" verb is used, imply "-j"
For the other verbs turning off JSON mode makes sense, but for "call"
not so much, after all the contents of a method call reply is JSON we
couldn't really show any other way.

Hence, when JSON output was not configured otherwise in "call", default
to the same as -j.
2024-02-12 12:04:18 +01:00
Lennart Poettering
3456c89ac2 test: add a simple test for MaxConnectionsPerSocket= 2024-02-12 11:57:31 +01:00
Frantisek Sumsal
3588c510d3
Merge pull request #31149 from YHNdnzj/restart-force-oneshot
core/service: allow RestartForceExitStatus= for oneshot service
2024-02-12 10:20:09 +01:00
Yu Watanabe
ac5c938006
Merge pull request #30138 from yuwata/udev-processing-flag
udev: introduce ID_PROCESSING flag
2024-02-12 11:38:57 +09:00
Yu Watanabe
78643f26a2 test: show error messages to stderr
Otherwise, 'meson test' hides the messages on failure.
2024-02-11 20:55:47 +01:00
Yu Watanabe
a89fd4a046 Revert "test: temporarily disable test_sysctl"
This reverts commit 8ed7800d7b.
2024-02-12 01:14:55 +09:00
Mike Yuan
189a08e83d
core/service: allow RestartForceExitStatus= for oneshot services
I think this was just overlooked in #13754, which removed
the restriction of Restart= on Type=oneshot services.
There's no reason to prevent RestartForceExitStatus=
now that Restart= has been allowed.

Closes #31148
2024-02-10 21:19:36 +08:00
Frantisek Sumsal
76aa0d5db1 test: clean up the code a bit 2024-02-09 20:45:47 +01:00
Frantisek Sumsal
974fe6131f test: make the MemoryHigh= limit a bit more generous with sanitizers
When we're running with sanitizers, sd-executor might pull in a
significant chunk of shared libraries on startup, that can cause a lot
of memory pressure and put us in the front when sd-oomd decides to go on
a killing spree. This is exacerbated further on Arch Linux when built
with gcc, as Arch ships unstripped gcc-libs so sd-executor pulls in over
30M of additional shared libs on startup:

~# lddtree build-san/systemd-executor
build-san/systemd-executor (interpreter => /lib64/ld-linux-x86-64.so.2)
    libasan.so.8 => /usr/lib/libasan.so.8
        libstdc++.so.6 => /usr/lib/libstdc++.so.6
        libm.so.6 => /usr/lib/libm.so.6
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
    libsystemd-core-255.so => /root/systemd/build-san/src/core/libsystemd-core-255.so
        libaudit.so.1 => /usr/lib/libaudit.so.1
            libcap-ng.so.0 => /usr/lib/libcap-ng.so.0
...
    libseccomp.so.2 => /usr/lib/libseccomp.so.2
    libubsan.so.1 => /usr/lib/libubsan.so.1
    libc.so.6 => /usr/lib/libc.so.6

~# ls -Llh /usr/lib/libasan.so.8 /usr/lib/libstdc++.so.6 /usr/lib/libubsan.so.1
-rwxr-xr-x 1 root root 9.7M Feb  2 10:36 /usr/lib/libasan.so.8
-rwxr-xr-x 1 root root  21M Feb  2 10:36 /usr/lib/libstdc++.so.6
-rwxr-xr-x 1 root root 3.2M Feb  2 10:36 /usr/lib/libubsan.so.1

Sanitized libsystemd-core.so is also quite big:

~# ls -Llh /root/systemd/build-san/src/core/libsystemd-core-255.so /usr/lib/systemd/libsystemd-core-255.so
-rwxr-xr-x 1 root root  26M Feb  8 19:04 /root/systemd/build-san/src/core/libsystemd-core-255.so
-rwxr-xr-x 1 root root 5.9M Feb  7 12:03 /usr/lib/systemd/libsystemd-core-255.so
2024-02-09 20:45:39 +01:00
Franck Bui
14265c3360 test-69: send SIGTERM to ask systemd-nspawn to properly stop the container
The terminate() method sends SIGHUP but this signal is not handled by
systemd-nspawn hence the process just exits leaving the container scope around
breaking futher test executions.

This patch sends SIGTERM instead which is a defined API to request
sytemd-nspawn to stop and release the container's resources properly.

Follow-up for 8a7032cfb1.
2024-02-09 18:07:08 +01:00
Zbigniew Jędrzejewski-Szmek
b1935cc943 tmpfiles: use dir_cleanup() for R and D
... i.e. apply nested config (exclusions and such) when executing R and D.

This fixes a long-standing RFE. The existing logic seems to have been an
accident of implementation. After all, if somebody specifies a config with
'R /foo; x /tmp/bar', then probably the goal is to remove stuff from under /foo,
but keep /tmp/bar. If they just wanted to nuke everything, then would not specify
the second item.

This also makes R and D use O_NOATIME, i.e. the access times of the directories
that are accessed will not be changed by the cleanup.

Obviously, we'll have to add this to NEWS and such.
Looking at the whole tmpfiles.d config in Fedora, this change has no effect.

The test cases are adjusted as appropriate. I also added another test case for
'R'/'D' with a file, just to test this code path more.

Replaces #20641.
Fixes #1633.
2024-02-09 17:57:42 +01:00
Luca Boccassi
c505275476
Merge pull request #31243 from YHNdnzj/systemctl-disable-now-template
systemctl: support disable/mask --now with unit template
2024-02-09 14:29:50 +00:00
Daan De Meyer
7bf52f5d1c Add systemd.default_debug_tty=
Let's allow configuring the debug tty independently of enabling/disabling
the debug shell. This allows mkosi to configure the correct tty while
leaving enabling/disabling the debug tty to the user.
2024-02-09 11:47:53 +01:00
Yu Watanabe
9e95c0e495
Merge pull request #31172 from yuwata/network-bond-port
network: do not bring down bonding port on reconfigure
2024-02-09 17:32:29 +09:00
Mike Yuan
1baa0415ae
systemctl: support disable/mask --now with unit template
Closes #15620
Replaces #28240
2024-02-09 16:18:44 +08:00
Yu Watanabe
4bc771d061 test: drop unnecessary sleep
Now, 'Reload' dbus method is synchronous. It is not necessary to wait
for link enter configuring state.
2024-02-09 14:25:54 +09:00
Yu Watanabe
2bb1d3c108 test-network: add test case for issue #31165 2024-02-09 14:15:17 +09:00
Luca Boccassi
82047a6aa7 portable: add --copy=mixed to copy images and link profiles
This new mode copies resources provided by the client, so that they
remain available for inspect/detach even if the original images are
deleted, but symlinks the profile as that is owned by the OS, so that
updates are automatically applied.
2024-02-08 21:11:26 +00:00
Lennart Poettering
9d99f1686a
Merge pull request #30766 from polarina/cryptenroll-tpm2-unlock
cryptenroll: Add support for unlocking through TPM2 enrollments
2024-02-08 17:41:03 +01:00
Yu Watanabe
7dc431839e network/dhcp4: disable IPv6OnlyMode= by default
As explained in #30891, IPv6OnlyMode= should be enabled with 464XLAT
support, but we do not support it yet. Let's disable by default.

Fixes #30891.
2024-02-07 23:30:17 +00:00
Luca Boccassi
9182658d3b
Merge pull request #31202 from YHNdnzj/creds-reuse
core: reuse credential dir across start and start-post if populated
2024-02-07 10:17:07 +00:00
Franck Bui
e374109efb test: systemd-update-utmp is optional
It can be disabled with '-Dutmp=false'
2024-02-07 11:00:20 +01:00
Mike Yuan
cfbf7538d8
core: reuse credential dir across start and start-post if populated,
fresh otherwise

Currently, exec_setup_credential() always rewrite all credentials
upon exec_invoke(), i.e. invocation of each ExecCommand, and within
a single tmpfs instance. This is problematic though:

* When writing each tmp cred file, we essentially double the size
  of the credential. Therefore, if one cred is bigger than half
  of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also
  https://github.com/systemd/systemd/pull/24734#issuecomment-1925440546)

* Credential is a unit-wide thing and thus should not change
  during the whole lifetime of main process. However, if e.g.
  a on-disk credential or SetCredential= in unit file
  changes between ExecStart= and ExecStartPost=,
  the credentials are overwritten when the latter gets to run,
  and the already-running main process is suddenly seeing
  completely different creds.

So, let's try to reuse final cred dir if the main process has started
and the tmpfs has been populated, so that the creds used is stable
across all ExecStart= and ExecStartPost=-s. We still want to retain
the ability of updating creds through ExecStartPre= though, therefore
we forcibly use a fresh cred dir for those. 'Fresh' means to actually
unmount the old tmpfs first, so the first problem goes away, too.
2024-02-07 00:43:33 +08:00
Mike Yuan
54c3546188
TEST-54-CREDS: add test for ExecStartPost= (#31194) 2024-02-07 00:43:32 +08:00
Vladimir Stoiakin
85686b37b0 cryptenroll: allow to use a public key on a token
This patch allows systemd-cryptenroll to enroll directly with a public key if a certificate is missing on a token.

Fixes: #30675
2024-02-03 03:00:51 +09:00
Frantisek Sumsal
ce45fe2a32 test: wait until the test binary starts the test aux scope
Otherwise we might continue too early on slower machines:

[   53.777485] testsuite-07.sh[675]: + systemd-run --unit test-aux-scope.service -p Slice=aux.slice -p Type=exec -p TasksMax=99 -p CPUWeight=199 -p IPAccounting=yes /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   55.399526] testsuite-07.sh[679]: Running as unit: test-aux-scope.service; invocation ID: 375dc3e2d12f4af1bedfe80a23709e37
[   55.512917] testsuite-07.sh[691]: ++ systemctl show --value --property MainPID test-aux-scope.service
[   56.947713] testsuite-07.sh[675]: + kill -s USR1 680
[   56.947713] testsuite-07.sh[675]: + sleep 1
[   58.058809] testsuite-07.sh[675]: + systemctl status test-aux-scope.service
[   58.902808] testsuite-07.sh[695]: ● test-aux-scope.service - /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:      Loaded: loaded (/run/systemd/transient/test-aux-scope.service; transient)
[   58.902808] testsuite-07.sh[695]:   Transient: yes
[   58.902808] testsuite-07.sh[695]:      Active: active (running) since Thu 2024-02-01 04:53:57 UTC; 3s ago
[   58.902808] testsuite-07.sh[695]:    Main PID: 680 (test-aux-scope)
[   58.902808] testsuite-07.sh[695]:          IP: 0B in, 0B out
[   58.902808] testsuite-07.sh[695]:       Tasks: 11 (limit: 99)
[   58.902808] testsuite-07.sh[695]:      Memory: 3.2M (peak: 3.5M)
[   58.902808] testsuite-07.sh[695]:         CPU: 235ms
[   58.902808] testsuite-07.sh[695]:      CGroup: /aux.slice/test-aux-scope.service
[   58.902808] testsuite-07.sh[695]:              ├─680 /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]:              ├─681 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─682 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─683 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─684 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─685 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─686 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─687 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─688 "(worker)"
[   58.902808] testsuite-07.sh[695]:              ├─689 "(worker)"
[   58.902808] testsuite-07.sh[695]:              └─690 "(worker)"
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Enqueued job test-aux-scope.service/start as 277
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Will spawn child (service_enter_start): /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Passing 0 fds to service
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: About to execute: /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Forked /usr/lib/systemd/tests/unit-tests/manual/test-aux-scope as 680
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: test-aux-scope.service: Changed dead -> start
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd[1]: Starting test-aux-scope.service...
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H systemd-executor[680]: SELinux enabled state cached to: disabled
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.902808] testsuite-07.sh[695]: Feb 01 04:53:57 H (ux-scope)[680]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
[   58.979659] testsuite-07.sh[701]: ++ ps -eo pid,unit
[   59.014968] testsuite-07.sh[702]: ++ grep -c test-aux-scope.service
[   59.729453] systemd[1]: Cannot find unit for notify message of PID 691, ignoring.
[   60.321547] testsuite-07.sh[675]: + test 11 = 1
[   60.332496] testsuite-07.sh[669]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/testsuite-07.aux-scope.sh failed'
2024-02-03 02:57:52 +09:00
Yu Watanabe
2933881ea5
Merge pull request #31032 from yuwata/pam-session-close
pam: fix warning "Attempted to close sd-bus after fork, this should not happen." on session close
2024-02-02 09:51:08 +09:00
Yu Watanabe
68676af60d test-network: fix typo
Follow-up for d4c8de21a0.
2024-02-02 09:29:14 +09:00
Yu Watanabe
58125c1920 test: fix typo
Follow-up for fa8ff98ea4.
2024-02-02 09:27:52 +09:00
Gabríel Arthúr Pétursson
47ec2c8a8e cryptenroll: Support rotating PIN on an existing TPM2 enrollment 2024-02-01 13:55:17 +00:00
Gabríel Arthúr Pétursson
631cf7f004 cryptenroll: Add support for unlocking through TPM2 enrollments 2024-02-01 12:37:12 +00:00
Yu Watanabe
88b8d08276 test: check pam warning message 2024-02-01 18:00:54 +09:00
Lennart Poettering
3557f1a62a resolvectl: add JSON output support for "resolvectl query"
It's easy to add. Let's do so.

This only covers record lookups, i.e. with the --type= switch.

The higher level lookups are not covered, I opted instead to print a
message there to use --type= instead.

I am a bit reluctant to defining a new JSON format for the high-level
lookups, hence I figured for now a helpful error is good enough, that
points people to the right use.

Fixes: #29755
2024-01-31 16:13:16 +01:00
Frantisek Sumsal
1d556e9e2a test: use a dropin for the journald snippet
The original way of appending to /etc/systemd/journald.conf doesn't work
anymore, since we no longer ship the default configs in /etc/.
2024-01-31 13:00:01 +00:00
Lennart Poettering
116ce3f391
Merge pull request #31039 from AdrianVovk/slice-freeze-thaw
Rework slice recursive freeze/thaw
2024-01-31 09:48:05 +01:00
Lennart Poettering
b45f47aaad
Merge pull request #30968 from poettering/per-user-creds
per-user encrypted credentials
2024-01-31 09:47:12 +01:00
Frantisek Sumsal
cb3244c0dc test: explicitly set nsec3-iterations to 0
knot v3.2 and later does this by default. knot v3.1 still has the default set to
10, but it also introduced a warning that the default will be changed to 0 in
later versions, so it effectively complains about its own default, which then
fails the config check. Let's just set the value explicitly to zero to avoid
that.

~# knotc --version
knotc (Knot DNS), version 3.1.6
~# grep nsec3-iterations test/knot-data/knot.conf || echo nope
nope
~# knotc -c /build/test/knot-data/knot.conf conf-check
warning: config, policy[auto_rollover_nsec3].nsec3-iterations defaults to 10, since version 3.2 the default becomes 0
Configuration is valid

Follow-up to 0652cf8e7b.
2024-01-30 17:53:10 +00:00
Adrian Vovk
4cb2e6af8d
core: Fail to start/stop/reload unit if frozen
Previously, unit_{start,stop,reload} would call the low-level cgroup
unfreeze function whenever a unit was started, stopped, or reloaded. It
did so with no error checking. This call would ultimately recurse up the
cgroup tree, and unfreeze all the parent cgroups of the unit, unless an
error occurred (in which case I have no idea what would happen...)

After the freeze/thaw rework in a previous commit, this can no longer
work. If we recursively thaw the parent cgroups of the unit, there may
be sibling units marked as PARENT_FROZEN which will no longer actually
have frozen parents. Fixing this is a lot more complicated than simply
disallowing start/stop/reload on a frozen unit

Fixes https://github.com/systemd/systemd/issues/15849
2024-01-30 11:18:16 -05:00
Adrian Vovk
16b6af6ade
core: Rework recursive freeze/thaw
This commit overhauls the way freeze/thaw works recursively:

First, it introduces new FreezerActions that are like the existing
FREEZE and THAW but indicate that the action was initiated by a parent
unit. We also refactored the code to pass these FreezerActions through
the whole call stack so that we can make use of them. FreezerState was
extended similarly, to be able to differentiate between a unit that's
frozen manually and a unit that's frozen because a parent is frozen.

Next, slices were changed to check recursively that all their child
units can be frozen before it attempts to freeze them. This is different
from the previous behavior, that would just check if the unit's type
supported freezing at all. This cleans up the code, and also ensures
that the behavior of slices corresponds to the unit's actual ability
to be frozen

Next, we make it so that if you FREEZE a slice, it'll PARENT_FREEZE
all of its children. Similarly, if you THAW a slice it will PARENT_THAW
its children.

Finally, we use the new states available to us to refactor the code
that actually does the cgroup freezing. The code now looks at the unit's
existing freezer state and the action being requested, and decides what
next state is most appropriate. Then it puts the unit in that state.
For instance, a RUNNING unit with a request to PARENT_FREEZE will
put the unit into the PARENT_FREEZING state. As another example, a
FROZEN unit who's parent is also FROZEN will transition to
PARENT_FROZEN in response to a request to THAW.

Fixes https://github.com/systemd/systemd/issues/30640
Fixes https://github.com/systemd/systemd/issues/15850
2024-01-30 11:18:15 -05:00
Lennart Poettering
6ab41e38e9 test: add integration test for per-user creds 2024-01-30 17:07:47 +01:00
Frantisek Sumsal
56cdf81a72 test: use lstat() instead of stat(follow_symlinks=False)
This makes the test compatible with Python 3.9, as the follow_symlinks
keyword was introduced in Python 3.10.
2024-01-26 21:13:28 +00:00
Frantisek Sumsal
d2e8dc780f test: clean up the code a bit 2024-01-26 18:09:09 +01:00
Frantisek Sumsal
8ee32f688f test: fix the container ID check
It never worked, but the fail was masked by missing set -e, see the
previous commit.

Also, throw env into the test container and dump the environment on
container start, to make potential failures easier to debug.
2024-01-26 15:44:39 +01:00
Frantisek Sumsal
7b1c292953 test: set -ex separately
We call the entrypoint.sh script using `bash entrypoint.sh`, so -ex from
the shebang won't be used in that case. Whoopsie.
2024-01-26 15:29:49 +01:00
Daan De Meyer
329288613c
Merge pull request #31048 from YHNdnzj/fstab-modernization
fstab-util/generator: a few cleanups/improvements
2024-01-26 09:01:19 +01:00
Lennart Poettering
b68f4cade4 dissect: add --make-archive option to convert DDI to tarball 2024-01-25 18:47:39 +01:00
Mike Yuan
9f6c32ac96
fstab-generator: drop unapplicable options for /usr/ too
We already drop these for /sysroot/usr/ in parse_fstab
(1e9b2e4fdd). Let's make
things consistent, and do the same for /usr/ too (after
switch-root).
2024-01-26 01:06:41 +08:00
Yu Watanabe
b5edf3a996 test-network: check if networkd forgets routes silently removed by the kernel 2024-01-25 16:43:44 +09:00
Frantisek Sumsal
0652cf8e7b test: use the default nsec3-iterations value
In Knot 3.2 the nsec3-iterations default was changed to 0 and Knot now
issues a warning if the value is > 0. Let's just use the default value,
since it's not something that's important for our tests.
2024-01-24 21:30:28 +00:00
Lennart Poettering
8a9bf03bd7
Merge pull request #31003 from enr0n/skip-test-when-apparmor-restricts-userns
Skip more tests when apparmor restricts unprivileged user namespaces
2024-01-24 09:58:07 +01:00
Luca Boccassi
f70daee8f2
Merge pull request #30130 from poettering/pcrlock-root
pcrlock: add support for unlocking a root fs with a pcrlock file
2024-01-23 21:41:02 +00:00
Yu Watanabe
fc5edc91cb
Merge pull request #31015 from yuwata/local-addresses
local-addresses: several cleanups and fixes, add test cases
2024-01-23 10:25:35 +09:00
Luca Boccassi
ad12e4be6d
Merge pull request #31044 from keszybz/uhttpd-alloca-print
Use macro wrapper instead of alloca in µhttp-utils
2024-01-22 22:03:08 +00:00
Matt Muggeridge
d4c8de21a0 IPv6 RA: Support the Retrans Timer field (IPv6 Conformance Test: v6LC.2.1.5)
The RA's Retransmission Timer field was being ignored. This resolves the IPv6
Core Conformance test, v6LC.2.1.5 [1].

Retransmission Timer is a 32-bit unsigned integer. The time, in milliseconds,
between retransmitted Neighbor Solicitation messages. Used by the Address
Resolution and Neighbor Unreachability Detection (NUD) algorithm.

Support setting a default value for the neighbour retransmission timer value with:

    [Network]
    IPv6RetransmissionTimeSec=<int>

By default, upon receiving a Router Advertisement with the Retransmission Timer
field set to a non-zero value, it will update the kernel's retransmit timer value.
To disable this behaviour, configure the UseIPv6RetransmissionTime= under the
[IPv6AcceptRA] section.

    [IPv6AcceptRA]
    UseIPv6RetransmissionTime=<bool>

RFC4861: Neighbor Discovery in IPv6
  * Section 4.2 RA Message Format.
  * Section 6.3.4 Processing Received Router Advertisements

A Router Advertisement field (e.g., Cur Hop Limit, Reachable Time,
and Retrans Timer) may contain a value denoting that it is
unspecified. In such cases, the parameter should be ignored and the
host should continue using whatever value it is already using. In
particular, a host MUST NOT interpret the unspecified value as
meaning change back to the default value that was in use before the
first Router Advertisement was received.

The RetransTimer variable SHOULD be copied from the Retrans Timer
field, if the received value is non-zero.

References
[1] IPv6 Core Conformance Spec (PDF)
2024-01-23 03:18:01 +09:00
Lennart Poettering
c048d1d28d test: add new credential-based pcrlock policy unlock 2024-01-22 15:20:22 +01:00
Adrian Vovk
720c618397 core: path: Re-enter waiting if target is deactivating
Previously, path units would remain in the running state while their
target unit is deactivating. This left a window of time where the target
unit is no longer operational (i.e. it is busy deactivating/cleaning
up/etc) but the path unit would continue to ignore inotify events. In
short: any inotify event that occurs while the target unit deactivates
would be completely lost.

With this commit, the path will go back into a waiting state when the
target unit starts deactivating. This means that any inotify event that
occurs while the target unit deactivates will queue a start job.
2024-01-21 10:34:45 +00:00
Yu Watanabe
e90863f231 local-addresses: ignore tentative addresses
As tentative addresses may be dropped soon if DAD failed.
2024-01-20 16:07:19 +09:00
Lennart Poettering
9d2a292246 test: add integration test for Type=exec robustness
This tests for #30799, so that it does not return.
2024-01-19 16:51:55 +01:00
Nick Rosbrook
6327d30224 test: skip a systemd-run test if unprivileged userns is restricted
With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes, which is implied by
PrivateTmp=yes in this systemd-run invocation.
2024-01-19 10:21:57 -05:00
Yu Watanabe
e8736fb6c9 test-13-NSPAWN: add more test case for passing network interfaces
- test interface renaming that conflicts with the current alternative
  network interface name,
- test passing wlan interfaces.
2024-01-19 19:06:19 +09:00
Nick Cao
4be1fc8443 network: Add L3MasterDevice= into routing policy 2024-01-19 00:17:50 +00:00
Luca Boccassi
0a9735eac2
Merge pull request #30661 from rpigott/resolved-https-record
resolved: support RFC 9460 SVCB and HTTPS records
2024-01-17 16:20:35 +00:00
Mike Yuan
a37928d34c
TEST-35-LOGIN: test changes to list-sessions 2024-01-17 11:30:05 +08:00
Yu Watanabe
7155ad9532 test-network: test the default required operational state for CAN devices 2024-01-17 04:05:43 +09:00
Ronan Pigott
a9766d07b8 test-resolve: add basic test for SVCB/HTTPS RRs 2024-01-16 11:26:37 -07:00
Yu Watanabe
f9b5c27645 test-network: add test case for removal of nexthop that is a member of a group nexthop 2024-01-16 12:48:50 +09:00
Frantisek Sumsal
fa8ff98ea4 test: cover a couple of error scenarios
To make sure we behave correctly even in error paths.
2024-01-15 18:04:31 +01:00
Yu Watanabe
a663ddc04e test-network: add simple test case for DHCP relay on bridge interface
For issue #30763.
2024-01-15 10:53:07 +00:00
Yu Watanabe
6d1cea7bc6 test-network: try to flip interface state frequently 2024-01-15 15:46:33 +09:00
Luca Boccassi
0f6a6e2f2b test: create /run/sshd in TEST-74-AUX-UTILS
12264s [ 4819.948632] sshd[1365]: fatal: Missing privilege separation directory: /run/sshd
12264s [ 4819.952120] testsuite-74.sh[1362]: kex_exchange_identification: read: Connection reset by peer
12264s [ 4819.952120] testsuite-74.sh[1362]: Connection reset by /run/ssh-unix-local/socket port 0

https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-upstream-systemd-ci-systemd-ci/jammy/amd64/s/systemd-upstream/20240113_093341_50fc7@/log.gz

We copy binaries manually so some setups are missing, create the directory
as needed
2024-01-15 10:28:05 +09:00
Yu Watanabe
4db8ccbb59 wireguard: verify routes configured in .netdev file
Then, scope and friends are correctly adjusted, and the behavior should
be matched when the same route is configured in .network file.
2024-01-13 10:10:32 +09:00
Nick Rosbrook
fec0d508a2 test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted
With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).

This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
2024-01-13 06:55:04 +09:00
Frantisek Sumsal
a0b50e4d25 test: use systemd-id128 from the build dir
As distro sd-id128 might not have all the options we need.

Follow-up for: 378712c
Replaces: #30901
2024-01-12 14:34:04 +00:00
Yu Watanabe
967cd1712c
Merge pull request #30867 from dtardon/udev-conf-dropins
Allow dropins for udev.conf
2024-01-12 06:37:23 +09:00
Lennart Poettering
28795e4dca
Merge pull request #30777 from poettering/ssh-generator
ssh-generator which makes VMs and containers accessible to ssh via AF_UNIX and AF_VSOCK
2024-01-11 21:31:28 +01:00
Lennart Poettering
25f8d3856a
Merge pull request #30884 from poettering/logind-background-light
logind: add "background-light" + "manager" session classes
2024-01-11 21:20:01 +01:00
David Tardon
dddf640cab test: use dropin dir 2024-01-12 05:12:44 +09:00
Frantisek Sumsal
378712c830 test: use correct type for the root partition 2024-01-12 03:48:22 +09:00
Lennart Poettering
a50666e376 id128: add --no-pager, --no-legend, --json=/-j switches to systemd-id128 tool 2024-01-11 17:54:19 +01:00
Lennart Poettering
3b52ef6f00 test: add integration test for new 'background-light' session class 2024-01-11 17:47:41 +01:00
Lennart Poettering
4cb4e6cf6d pam_systemd: register systemd user service manager as class='manager'
Now that we have thew new class, start making us of it in pam_systemd.so
when running for user@.service.
2024-01-11 17:23:47 +01:00
Lennart Poettering
52d863defc test: add testcase for ssh generator 2024-01-11 16:18:26 +01:00
Frantisek Sumsal
ec6c7bac5c test: fix dbus installation on Arch
Arch finally made dbus-broker the default dbus daemon [0], but unlike
Fedora they don't use Alias=dbus.service to make the dbus.symlink under
/etc, instead they create the symlink manually under /usr/lib, so let's
account for that.

[0] b24d15795a
2024-01-11 12:01:42 +00:00
Diego Viola
25cbc42d93 test-systemctl-enable: make titles more consistent 2024-01-11 14:13:40 +09:00
Luca Boccassi
3df2b718b2
Merge pull request #30716 from yuwata/network-cancel-request
network: also remove configuration on cancelling request
2024-01-10 19:33:16 +00:00
Luca Boccassi
dadd7d46d9
Merge pull request #30809 from yuwata/resolve-fix-EDE-handling
resolve: fix EDE handling
2024-01-10 19:21:55 +00:00
Frantisek Sumsal
f1caa5d6e7 test: introduce a dummy DNS test server
Introduce a _very_ simple DNS server using our internal DNS-related
code, that responds to queries with specifically crafted packets, to
cover scenarios that are difficult to reproduce with well-behaving DNS
servers.

Also, hide the test DNS server behind Knot using the dnsproxy module, so
we don't have to switch DNS servers during tests.
2024-01-11 02:13:29 +09:00
Lennart Poettering
9a70dc02c6
Merge pull request #30786 from yuwata/udev-net-link-property
udev/net: introduce [Link] Property= setting and friends
2024-01-10 15:56:29 +01:00
Yu Watanabe
9540f8e216 test-network: add test case for MACAddress=none in .netdev and MACAddressPolicy=none in .link
Prompted by #30813.
2024-01-10 12:07:23 +01:00
Yu Watanabe
d26319be92 test: add test for [Link] Property= and friends 2024-01-10 04:33:55 +09:00
Luca Boccassi
b4a85f75b0
Merge pull request #30843 from keszybz/test-relative-paths
Use relative paths in test units
2024-01-09 12:23:35 +00:00
Lennart Poettering
bed41c4084
Merge pull request #30833 from poettering/hostnamed-varlink
hostnamed: add simple varlink interface
2024-01-09 12:38:58 +01:00
Zbigniew Jędrzejewski-Szmek
67953523d1 TEST-07: minor simplification 2024-01-09 11:18:11 +01:00
Zbigniew Jędrzejewski-Szmek
63403f07b0 tests: use relative paths in ExecStart= and friends
We want to retain *some* of the full paths in order to test more code paths.
But the default should be to use the command name only. This makes the tests
less visually cluttered.
2024-01-09 11:14:16 +01:00
Lennart Poettering
0a6598bb38 hostnamed: add simple Varlink API, too 2024-01-09 10:46:25 +01:00
Lennart Poettering
09c7bead29 testsuite-71: reset startlimit counter manually
The test cases will call quite a lot of "systemctl stop
systemd-hostnamed", hence let's make sure we reset the start limit
counter each time, to not make this eventually fail.

(At other places we disabled the start limit counter, but here I opted
for resetting it manually via 'systemctl reset-failed', to test another
facet of the mechanism)
2024-01-09 10:46:01 +01:00
Mike Yuan
fa724cd52c
networkd/wireguard: support network.wireguard.* credentials
Closes #26702
2024-01-09 15:25:30 +08:00
Lennart Poettering
a1bb30de7f varlink: add "ssh:" transport
This uses openssh 9.4's -W support for AF_UNIX. Unfortunately older versions
don't work with this, and I couldn#t figure a way that would work for
older versions too, would not be racy and where we'd still could keep
track of the forked off ssh process.

Unfortunately, on older versions -W will just hang (because it tries to
resolve the AF_UNIX path as regular host name), which sucks, but hopefully this
issue will go away sooner or later on its own, as distributions update.

Fedora is still stuck at 9.3 at the time of posting this (even on
Fedora), even though 9.4, 9.5, 9.6 have all already been released by
now.

Example:
        varlinkctl call -j ssh:root@somehost:/run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt '{"text":"foobar"}'
2024-01-08 23:24:45 +01:00
Lennart Poettering
1a30285590 network-generator: pick up .netdev/.link/.network configuration via credentials
To me this is the last major basic functionality that couldn't be
configured via credentials: the network.

We do not invent any new format for this, but simply copy relevant creds
1:1 into /run/systemd/network/ to open up the full functionality of
networkd to VM hosts.
2024-01-08 12:59:08 +01:00
Frantisek Sumsal
5bd1122843 test: check how systemd-resolved deals with zone transfers
Even though systemd-resolved doesn't support zone transfers (AXFR/IXFR),
it should still just refuse such requests without choking on them.

See: https://github.com/systemd/systemd/pull/30809#issuecomment-1880102804
2024-01-07 22:22:52 +01:00
Frantisek Sumsal
b4f17b07cf test: merge config sections 2024-01-07 22:02:48 +01:00
Frantisek Sumsal
45b2bf0efc test: zone-check with --force to fail on warnings 2024-01-07 22:02:48 +01:00
Frantisek Sumsal
7980c6316a test: sync the "foobaz" namespace as well
Otherwise we might be too fast, resulting in failed namespace check
later:

[    7.351453] testsuite-44.sh[401]: + journalctl --list-namespaces
[    7.351784] testsuite-44.sh[402]: + grep foobar
[    7.358851] testsuite-44.sh[402]: foobar
[    7.359598] testsuite-44.sh[403]: + journalctl --list-namespaces
[    7.359974] testsuite-44.sh[404]: + grep foobaz
[    7.369882] systemd[1]: testsuite-44.service: Failed with result 'exit-code'.

Follow-up for 68f66a1713.
2024-01-07 05:27:14 +09:00
Vladimir Stoiakin
9499741c0e TEST-24-CRYPTSETUP: depend on OpenSSL for testing PKCS#11 tokens 2024-01-07 05:26:54 +09:00
Frantisek Sumsal
f569dc6af2 repart: don't crash when looping over dropped partitions
Properly skip over dropped partitions and make sure they don't affect
the final graphical output (for example by leaving empty "spaces" where
their definition file name would otherwise be).

Resolves: #30742
2024-01-07 05:26:38 +09:00
Yu Watanabe
6b07675d81 test-network: do not call networkctl if networkd is in failed state
Otherwise, networkd may be restarted by DBus and we may get wrong
results.
2024-01-06 14:48:18 +09:00
Yu Watanabe
10d670a3c1 test-network: introduce networkctl() and friends 2024-01-06 14:48:15 +09:00
Yu Watanabe
032fd10de8 test-network: use read_networkd_log() at one more place 2024-01-06 12:46:00 +09:00
Yu Watanabe
bd581438a1 test-network: sync journal before read
Otherwise, test cases that check journal entries, e.g. test_unit_file()
may fail.
2024-01-06 12:45:59 +09:00
Frantisek Sumsal
d7942fe5fc core: escape spaces in paths during serialization
Otherwise we split them incorrectly when deserializing them.

Resolves: #30747
2024-01-06 11:19:59 +09:00
Yu Watanabe
976309db6a
Merge pull request #30796 from mrc0mmand/journalctl-namespaces
journalctl: provide shell completion for --namespace=
2024-01-06 08:30:31 +09:00
Frantisek Sumsal
68f66a1713 journalctl: implement --list-namespaces
Apart from being useful on its own, this will be used in the following
commit for shell completions.
2024-01-05 19:21:51 +01:00
Yu Watanabe
ff4240fc22 test: wait for verbose-success.service finished
Otherwise, the command 'echo' may not be invoked yet.

Follow-up for 25aa35d465.
2024-01-05 13:08:10 +01:00
Lennart Poettering
8ef31e1f13
Merge pull request #29692 from H5117/fix_pkcs11_uri
cryptenroll: change class in provided PKCS#11 URI if necessary
2024-01-05 12:14:26 +01:00
Yu Watanabe
2ec0e95eb7 test-network: add test for removal of nexthops that we do not receive reply from the kernel 2024-01-05 19:18:58 +09:00
Frantisek Sumsal
355222c404
Merge pull request #30772 from yuwata/test-network-improvements
test-network: add more test cases and several cleanups
2024-01-05 11:09:14 +01:00
Yu Watanabe
115a09004e test: fix typo
Follow-up for 995bf013a1.
2024-01-05 19:08:12 +09:00
Vladimir Stoiakin
85828ef920 cryptenroll: change class in provided PKCS#11 URI if necessary
cryptenroll accepts only PKCS#11 URIs that match both a certificate and a private key in a token.
This patch allows users to provide a PKCS#11 URI that points to a certificate only, and makes possible to use output of some PKCS#11 tools directly.
Internally the patch changes 'type=cert' in the provided PKCS#11 URI to 'type=private' before storing in a LUKS2 header.

Fixes: #23479
2024-01-05 12:32:36 +03:00
Luca Boccassi
08b099a005
Merge pull request #30774 from mrc0mmand/test-tweaks
test: install correct kpartx udev rules (again) and dump cores of sanitized binaries
2024-01-05 09:26:42 +01:00
Sergei Zhmylev
25aa35d465 journalctl: add --exclude-identifier option 2024-01-04 23:21:39 +01:00
Frantisek Sumsal
91da9458f8 test: allow sanitized binaries to dump a core
If a binary built with ASan crashes for a reason unrelated to ASan
stuff, we're left with pretty much nothing, as there is neither an ASan
trace nor a coredump. Let's make this slightly more debug-able by
allowing such binaries to dump a core, but without the huge shadow map
(we should be actually fine by just setting disable_coredump=0, since
use_madv_dontdump defaults to true, but let's play it safe and not
potentially dump a 16+ TB core file).
2024-01-04 20:36:25 +01:00
Frantisek Sumsal
7eb234fe2b test: install correct kpartx udev rules on Ubuntu
Follow-up for 519f0074cf.
2024-01-04 20:28:37 +01:00
Yu Watanabe
78265b5b4a test-network: add test case about replacing nexthop 2024-01-05 04:00:16 +09:00
Yu Watanabe
9362f7d5b5 test-network: merge three tests for neighbor
To speed up tests.
2024-01-05 04:00:16 +09:00
Yu Watanabe
dc60ac2960 test-network: show monotonic timestamp and drop hopstname from logs 2024-01-05 04:00:16 +09:00