1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

77022 Commits

Author SHA1 Message Date
Lennart Poettering
9c1fa3c235 ask-password-tool: add --user/--system flag to systemd-ask-password tool
This allows selecting which agents to ask about this: system-level
agents, or per-user agents.

Fixes: #1232 #2217
2024-10-21 14:14:10 +02:00
Lennart Poettering
4dd2748b65 ask-password-api: add support for querying pws from unpriv agents 2024-10-21 14:14:05 +02:00
Lennart Poettering
dbdec4b195 ask-password-api: minor modernizations 2024-10-21 14:14:02 +02:00
Lennart Poettering
ec572753c3 tty-ask-password-agent: support for watching both system-wide and per-user askpw dir
Fixes: #1232 #2217
2024-10-21 14:13:45 +02:00
Lennart Poettering
5475c3dbe4 tty-ask-password-agent: minor modernizations 2024-10-21 14:13:41 +02:00
Lennart Poettering
298507b24d core: modernize askpw handling a bit 2024-10-21 14:12:24 +02:00
Lennart Poettering
6eabea49da
Merge pull request #33398 from AdrianVovk/sysupdate-optional
sysupdate: Add support for optional features
2024-10-21 12:36:43 +02:00
Lennart Poettering
069da86dbc
Merge pull request #34667 from rpigott/resolved-bypass
resolve: fixes for sd-resolved bypass
2024-10-21 12:34:24 +02:00
Adrian Vovk
f82a7c87d2 sysupdate: Use camelCase for JSON field names
Seems like we missed some snake_case field names in previous reviews of
systemd-sysupdate
2024-10-21 12:31:54 +02:00
Daan De Meyer
0005411352 measure: Take SizeOfImage into account as well for .linux section
Same change as https://github.com/systemd/systemd/pull/34583 but for
systemd-measure. Otherwise we end up with PCR policy digest mismatches
as systemd-stub will measure the full virtual size of the kernel image
after it has been loaded while systemd-measure will disregard the extra
size introduced by SizeOfImage.

While ideally the stub would only measure the data that's actually on
disk and not the uninitialized data introduced by VirtualSize > SizeOfRawData,
we want newer systemd-measure to work with older stubs so we have to fix
systemd-measure and can't fix this in the stub.
2024-10-20 13:22:54 +02:00
Ronan Pigott
b7b1c50c6a test: exercise bypass mode on the sd-resolved stub
A basic test will verify that we provide the right flags.
2024-10-18 21:21:35 -07:00
Ronan Pigott
fa02d04ee9 resolved: update condition for caching full packets
Previously a full packet was cached only if the CD bit was set, but this
no longer corresponds to the cases where bypass is enabled.

Update the cache to retain a full packet in the cases where it might
actually be useful.
2024-10-18 21:21:35 -07:00
Ronan Pigott
36074e0149 resolved: enable CD bit without DO set
This is useful for a validating resolver to indicate to a non-validating
resolver when checking was disabled for the query. This matches the
behavior of the major public resovlers in response to queries with CD bu
tnot DO set.
2024-10-18 21:21:35 -07:00
Ronan Pigott
008f23b7c5 resolved: authenticate bypass queries
Following 13e15dae9f, resolved does not forward the AD bit for bypass
queries, but resolved also didn't do it's own validation, making these
replies appear to never be authentic. We should enable validation for
bypass queries.

Let's disable our own validation when processing a +cd query, and also
ensure that it skips the cache so that we don't accidentally fail to
return inauthentic replies from upstream.

Previously, when we had a bypass transaction without cd, a cached,
authenticated, reply with cd could be served, leaving the cd bit
erroneously set in the reply. Only reply with a CD bit if the client
requested it.

Fixes: 13e15dae9f (resolved: clear the AD bit for bypass packets)
2024-10-18 21:20:46 -07:00
Yu Watanabe
88bbf187a9 TEST-55-OOMD: workaround for kernel regression in 6.12-rcX
This ignore failures when running on kernel-6.12-rcX, which has a
regression in the kernel scheduler that breaks PSI.

From https://github.com/systemd/systemd/issues/32730#issuecomment-2415312260
> There is a known scheduler bug in 6.12 that breaks psi. It leaks
> "running tasks" counts, which matches your symptoms of seeing partial
> pressure only.
>
> Do you see "inconsistent task state" warnings in dmesg | grep psi?
>
> A fix is queued in the scheduler tree, should be sent to Linus shortly:
> https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=c6508124193d42bbc3224571eb75bfa4c1821fbb

Workaround for #32730.
2024-10-19 12:34:48 +09:00
Adrian Vovk
5803efff44
updatectl: Introduce optional feature verbs
This introduces a nice UX for listing, inspecting, enabling, and
disabling optional features from the command line.
2024-10-18 18:08:39 -04:00
Adrian Vovk
e55e7a5a61
sysupdated: Plumb through optional features
This adds APIs to enumerate/inspect/enable/disable optional features.
2024-10-18 18:08:38 -04:00
Adrian Vovk
0cd1a58921
sysupdate: Add verb to inspect features 2024-10-18 17:58:47 -04:00
Adrian Vovk
2ffc8b23f0
sysupdate: Add tests for optional features
Makes sure we don't regress on #33343 and #33344
2024-10-18 17:58:46 -04:00
Adrian Vovk
e1384cfb09
sysupdate: Introduce optional features
Optional features allow distros to define sets of transfers that can
be enabled or disabled by the system administrator. This is useful for
situations where a distro may want to ship some resources version-locked
to the core OS, but many people have no need for the resource, such as:
development tools/compilers, drivers for specialized hardware, language
packs, etc

We also rename sysupdate.d/*.conf -> sysupdate.d/*.transfer, because
now there are more than one type of definition in sysupdate.d/. For
backwards compat, we still load *.conf files as long as no *.transfer
files are found and the *.conf files don't try to declare themselves
as part of any features

Fixes https://github.com/systemd/systemd/issues/33343
Fixes https://github.com/systemd/systemd/issues/33344
2024-10-18 17:58:45 -04:00
Adrian Vovk
3e18762123
fs-util: Introduce symlinkat_idempotent 2024-10-18 17:58:45 -04:00
Yu Watanabe
12e58ab18d
Merge pull request #34820 from poettering/dissect-image-uclean
dissect-image: generate better log message for EUCLEAN dissect error
2024-10-19 02:15:01 +09:00
Zbigniew Jędrzejewski-Szmek
2c23b7054f
Merge pull request #34783 from keszybz/man-nspawn-private-users
Change systemd-nspawn man page to strongly recommend private users
2024-10-18 18:44:05 +02:00
Zbigniew Jędrzejewski-Szmek
487d412327 tree-wise: use "lightweight" spelling
Both spellings were used, but the dictionary says that "lightweight"
is the standard spelling.
2024-10-18 18:43:40 +02:00
Zbigniew Jędrzejewski-Szmek
9b1a5bc365 man/systemd-nspawn: emphasise that user namespaces are strongly recommended 2024-10-18 18:43:40 +02:00
Luca Boccassi
2f6fe4e113 test: customize /etc/os-release instead of /usr/lib/os-release
As per spec image builders can create a local /etc/os-release
with per-image IDs, so modify that one instead of the original
one in /usr/lib. For example we do this when we build debian
unstable images in mkosi.
2024-10-18 17:03:16 +01:00
Lennart Poettering
2186334e00 dissect-image: generate better log message for EUCLEAN dissect error
Fixes: #31799
2024-10-18 14:16:53 +02:00
Lennart Poettering
620a03f669 dissect-image: uppercase first char of dissect error message systematically
Some of the log message stricts used proper uppercasing, others didn't.
Fix that to make it uniform.
2024-10-18 14:16:15 +02:00
Lennart Poettering
562f7bde88 resolved: refresh resolv.conf files when link goes away
This might have the effect that some DNS server or search domain
disappears, hence rewrite the relevant files.

See: #27543
2024-10-18 20:58:50 +09:00
Luca Boccassi
77579c66ef mkosi: update opensuse commit reference and switch branch
'factory' was reset to 8 years ago
2024-10-18 12:32:08 +01:00
Lennart Poettering
2e2826d7d9 resolved: add some more comments to varlink interface
This is by no means complete, but gets us a bit closer.
2024-10-18 19:17:36 +09:00
Lennart Poettering
af7674f4ad networkd: raise limits on number of address 8x
Limits should be enforced, but not in a way real setups collide with
them.

There have been multiple reports that current limits are too low, hence
raise them 8x.

Fixes: #24852
2024-10-18 19:13:49 +09:00
Lennart Poettering
5fc46d7b87 update TODO 2024-10-18 09:54:32 +02:00
Lennart Poettering
3cc52015a8 update TODO 2024-10-18 09:23:54 +02:00
Adrian Vovk
fafc3c2d5c GREEDY_REALLOC_APPEND: Make more type safe
Previously, GREEDY_REALLOC_APPEND would compile perfectly fine and cause
subtle memory corruption if the caller messes up the type they're passing
in (i.e. by forgetting to pass-by-reference when appending a Type* to an
array of Type*). Now this will lead to compilation failure
2024-10-18 14:22:58 +09:00
Lennart Poettering
49fd31df58
Merge pull request #34801 from poettering/async-sd-notify-close
pid1: close unexpected fds received via sd_notify() asyncronously
2024-10-17 14:43:19 +02:00
Lennart Poettering
67fd2f0ef3
Merge pull request #34795 from YHNdnzj/bump-kernel-baseline-5.4
Bump kernel baseline to 5.4
2024-10-17 14:42:25 +02:00
Lennart Poettering
9da582984b udev: consider serial ports as unconfigured only if both port and iomem_base sysattr is zero
Various archs do not know the "io port" concept, hence check for the
"iomem" configuration, too.

Fixes: #34800
2024-10-17 18:59:38 +09:00
Lennart Poettering
4b3d7feb19 pid1: close fds we receive via sd_notify() and cannot make use of asynchronously
This addresses #11112 fully. It mostly was addressed by
99620f457e already, but for fds not
even passed to the fdstore, this adds the missing asynchronous close
codepath.

Fixes: #11112
2024-10-17 09:50:57 +02:00
Lennart Poettering
33dd894546 fdset: optionally, close remaining fds asynchronously 2024-10-17 09:48:05 +02:00
Yu Watanabe
5df9ebad70
Merge pull request #34597 from ryantimwilson/oomd-pressure-duration
Add ManagedOOMMemoryPressureDurationSec override setting for units
2024-10-17 14:30:13 +09:00
Ryan Wilson
f436c2195a Reformat load-fragment-gperf.gperf.in
This commit reformats load-fragment-gperf.gperf.in after changes
made for adding the ManagedOOMMemoryPressureDurationSec= property.
2024-10-16 20:12:47 -07:00
Ryan Wilson
63d4c4271c cgroup: Add ManagedOOMMemoryPressureDurationSec= override setting for units
This will allow units (scopes/slices/services) to override the default
systemd-oomd setting DefaultMemoryPressureDurationSec=.

The semantics of ManagedOOMMemoryPressureDurationSec= are:
- If >= 1 second, overrides DefaultMemoryPressureDurationSec= from oomd.conf
- If is empty, uses DefaultMemoryPressureDurationSec= from oomd.conf
- Ignored if ManagedOOMMemoryPressure= is not "kill"
- Disallowed if < 1 second

Note the corresponding dbus property is DefaultMemoryPressureDurationUSec
which is in microseconds. This is consistent with other time-based
dbus properties.
2024-10-16 20:12:38 -07:00
Ryan Wilson
c43ef2e883 oomd: Refactor DefaultMemoryPressureDurationSec= to use conf parser
Parsing DefaultMemoryPressureDurationSec= is currently split between
conf parser, main() and manager_start() methods. This commit centralizes
parsing and bounds checking logic within a single custom conf parser
function.
2024-10-16 20:05:48 -07:00
Yu Watanabe
4ce436fccf
Merge pull request #34797 from yuwata/test-mount
TEST-60: several cleanups and potential performance improvement
2024-10-17 07:23:36 +09:00
Yu Watanabe
73970cdcd1 TEST-60-MOUNT-RATELIMIT: disable journal ratelimiting
Otherwise, journal check in testcase_mount_ratelimit() may fail and we
need to wait 2 minutes.
2024-10-17 01:53:45 +09:00
Yu Watanabe
805d0eed0b TEST-60-MOUNT-RATEMINIT: split into small test cases
Then, use run_testcases().
2024-10-17 01:53:45 +09:00
Yu Watanabe
c5928a7684 TEST-60-MOUNT-RATELIMIT: wait for mount unit being started or stopped 2024-10-17 01:53:45 +09:00
Yu Watanabe
cadb074b9c
Merge pull request #34793 from yuwata/journalctl-copy-arguments
journalctl: copy arguments
2024-10-17 01:52:03 +09:00
Mike Yuan
102efcd312
Bump kernel recommended baseline to v5.4 2024-10-16 18:06:11 +02:00