1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

1142 Commits

Author SHA1 Message Date
Lennart Poettering
a4e941ee1f test: add test for new measurement log 2023-08-30 13:08:17 +02:00
Mike Yuan
08a5bc4f48 Revert "Revert "test: add test case for systemd-update-utmp vs daemon-reexec""
This reverts commit 837773add4.

The original issue #27287 is fixed by #28123. Let's
reintroduce the test for systemd-update-utmp.
2023-08-28 17:43:57 +01:00
Yu Watanabe
927e20fa49 nspawn: check validity of the internal interface name only explicitly specified
Follow-up for 2f091b1b49.

Fixes #28844.
2023-08-24 15:55:32 +02:00
Frantisek Sumsal
9541addff0 test: use the correct file name when restoring the original fstab 2023-08-24 07:54:13 +00:00
Daan De Meyer
1ffa5cfb38 repart: Add partno to output 2023-08-23 15:12:23 +02:00
Luca Boccassi
2322c6c735 sd-mount: allow creating tmpfs
Mount units can do it, but the command line tool cannot, as it needs a
valid 'what'. If --tmpfs/-T if passed, parse the argument as 'where'
and send a literal 'tmpfs' as the 'what' if not specified.
2023-08-21 11:45:15 +02:00
Mathieu Tortuyaux
41712cd1c0 sysext: support EXTENSION_RELOAD_MANAGER metadata
This metadata (EXTENSION_RELOAD_MANAGER) can be set to "1" to reload the manager
when merging/refreshing/unmerging a system extension image. This can be useful in case the sysext
image provides systemd units that need to be loaded.

With `--no-reload`, one can deactivate the EXTENSION_RELOAD_MANAGER metadata interpretation.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2023-08-21 11:13:54 +02:00
Luca Boccassi
663e27564f core: stage /run/host/os-release with a symlink to avoid possible race condition
If someone reads /run/host/os-release at the exact same time it is being updated, and it
is large enough, they might read a half-written file. This is very unlikely as
os-release is typically small and very rarely changes, but it is not
impossible.

Bind mount a staging directory instead of the file, and symlink the file
into into, so that we can do atomic file updates and close this gap.
Atomic replacement creates a new inode, so existing bind mounts would
continue to see the old file, and only new services would see the new file.
The indirection via the directory allows to work around this, as the
directory is fixed and never changes so the bind mount is always valid,
and its content is shared with all existing services.

Fixes https://github.com/systemd/systemd/issues/28794

Follow-up for 3f37a82545
2023-08-16 16:17:41 +01:00
Maanya Goenka
b856f1dfc5 test: add test for confext service-scoped support 2023-08-15 18:34:57 +00:00
Michael A Cassaniti
c380047bf4 repart: Add verity configuration section and options 2023-08-15 15:32:09 +01:00
Kiran Vemula
a67e5c6e37
resolved: fixed bugs reported in varlink statistics (#28796)
Fixes https://github.com/systemd/systemd/issues/28791

Follow-up for bc837621a3
2023-08-15 11:45:58 +01:00
Michael A Cassaniti
eeee486159 sysupdate: Use sector size for partition size calculations 2023-08-15 09:17:12 +02:00
Frantisek Sumsal
01febfcdce test: explicitly specify a UTF-8 locale for UTF-8 shenanigans
As things don't work well without it:

$ LANG=C printf "\ufffe\n"
\uFFFE
2023-08-14 20:09:31 +02:00
Frantisek Sumsal
3ba954dd57 test: add coverage for #27953 2023-08-14 19:35:37 +02:00
Frantisek Sumsal
39f17be437 test: drop unnecessary log level setup
As we do that globally via a dropin.
2023-08-14 19:31:20 +02:00
Yu Watanabe
c208bf3324 test: fix expected result of systemd-repart
Follow-up for e1536d1fb0.

Fixes #28807.
Replaces #28802.
2023-08-12 18:11:46 +01:00
Yu Watanabe
ba77e00659
Merge pull request #28801 from mrc0mmand/initrd-shutdown-test
test: introduce TEST-08-INITRD
2023-08-12 20:04:06 +09:00
Frantisek Sumsal
7294632c2c test: introduce TEST-08-INITRD
And move the initrd related tests from TEST-01-BASIC there.

Additionally, this should provide coverage for recemt shutdown initrd
related issues, see:
  - https://github.com/systemd/systemd/issues/28645
  - https://github.com/systemd/systemd/pull/28648
  - https://github.com/systemd/systemd/pull/28793
2023-08-12 10:13:56 +02:00
Yu Watanabe
353c8497b1
Merge pull request #28784 from yuwata/udev-vs-tmpfiles-take-3
Udev vs tmpfiles take 3
2023-08-12 13:12:10 +09:00
Yu Watanabe
bb7f485f4b units: introduce systemd-tmpfiles-setup-dev-early.service
This makes tmpfiles, sysusers, and udevd invoked in the following order:
1. systemd-tmpfiles-setup-dev-early.service
   Create device nodes gracefully, that is, create device nodes anyway
   by ignoring unknown users and groups.
2. systemd-sysusers.service
   Create users and groups, to make later invocations of tmpfiles and
   udevd can resolve necessary users and groups.
3. systemd-tmpfiles-setup-dev.service
   Adjust owners of previously created device nodes.
4. systemd-udevd.service
   Process all devices. Especially to make block devices active and can
   be mountable.
5. systemd-tmpfiles-setup.service
   Setup basic filesystem.

Follow-up for b42482af90.

Fixes #28653.
Replaces #28681 and #28732.
2023-08-12 07:55:20 +09:00
Yu Watanabe
12aac8ea45 Revert "unit: make udev rules really take precedence over tmpfiles"
This reverts commits 112a41b6ec,
3178698bb5, and
b768379e8b.

The commit 112a41b6ec introduces #28765,
as systemd-tmpfiles-setup.service has ordering after local-fs.target,
but usually the target requires block devices processed by udevd.
Hence, the service can only start after the block devices timed out.

Fixes #28765.
2023-08-12 07:55:20 +09:00
Luca Boccassi
bf85c2395e core: copy os-release with COPY_TRUNCATE
Otherwise if the os-release file shrinks between updates, there
will be a merge of the two.
Also remove redundant ENOENT check.

Follow-up for 3f37a82545
2023-08-11 17:14:09 +01:00
Daan De Meyer
e1536d1fb0 repart: Allow specifying --copy-from more than once
Definitions will be synthesized from each of the given images.
2023-08-11 11:05:31 +02:00
Yu Watanabe
7e1850e54b
Merge pull request #28732 from yuwata/udev-vs-tmpfiles-take-2
Udev vs tmpfiles take 2
2023-08-10 08:48:51 +09:00
Yu Watanabe
7a05926fbe udev: re-introduce symlinks for loopback block device
But the directories are changed from /dev/loop/by-ref/ -> /dev/disk/by-loop-ref/
and /dev/loop/by-inode/ -> /dev/disk/by-loop-inode/.
As /dev/loop/ is used by losetup command for other purpose.
See issue #28475.

This effectively reverts commits 9915cc6086,
5022fab15f, and
c0d998248e.
2023-08-10 07:05:47 +09:00
Yu Watanabe
3178698bb5 test: also check the ordering between udevd and tmpfiles-setup 2023-08-09 15:52:42 +09:00
Yu Watanabe
42f13f10d5
Merge pull request #28681 from yuwata/udev-vs-tmpfiles
Udev vs tmpfiles
2023-08-05 13:30:49 +09:00
Luca Boccassi
06e8f7af7b
Merge pull request #28398 from ddstreet/tpm2_specify_pcr_value
Tpm2 specify pcr value
2023-08-04 21:04:03 +01:00
Yu Watanabe
23acdb8d0b test: shorten timeout for 'udevadm monitor'
The command should never finish, it is not necessary to wait so long.
2023-08-05 05:03:20 +09:00
Yu Watanabe
b768379e8b test: add short test for device node permission 2023-08-05 04:52:16 +09:00
Luca Boccassi
bdfa3f3a5c portablectl: fix regression when using --force without extension parameters
c18f4eb9e9 made it possible to use --force with various verbs, by
going through the newer D-Bus methods. Except it didn't, as it regressed
during PR review refactorings, and nobody noticed because there were no
tests for it. Fix it, and add tests.

Follow-up for c18f4eb9e9
2023-08-04 18:29:57 +01:00
Dan Streetman
e85ddd9644 tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll
Add tests to use expected, not current, PCR values during sealing.
2023-08-04 11:20:33 -04:00
Daan De Meyer
1e46985a60 repart: Add --copy-from option
--copy-from synthesizes partition definitions from the given image
which are then applied to the repart algorithm. In its most basic
form, this allows copying an image to another device but it can
also be combined with --definitions to copy + add partitions in the
same call to repart.
2023-08-03 11:12:25 +02:00
Daan De Meyer
86320e626c Revert "repart: Allow combining CopyBlocks= and CopyFiles="
This reverts commit dea0dc7ba2.
2023-08-01 15:12:24 +02:00
Daan De Meyer
7e81a84448 Revert "repart: Add --oem and OEM="
This reverts commit 47c7805579.
2023-08-01 15:10:24 +02:00
Daan De Meyer
47c7805579 repart: Add --oem and OEM=
--oem can be used to only install OEM partitions (usr, verity,
verity-sig, ...). OEM= is used to indicate OEM partitions. If unset,
defaults to !FactoryReset. We also add a credential repart.oem to
allow configuring --oem via a credential.
2023-08-01 07:53:50 +02:00
Daan De Meyer
dea0dc7ba2 repart: Allow combining CopyBlocks= and CopyFiles=
Let's allow the combination of these two options. When used, repart
will first try to apply the CopyBlocks= behavior. If that's not possible,
it falls back to the CopyFiles= behavior.

This is a first step in being able to also use the partition definition
files shipped in the image to build the image in mkosi instead of having
a separate set of repart definition files to build the image.
2023-08-01 07:53:34 +02:00
Kiran Vemula
bc837621a3 resolved: added show-server-state verb and DumpStatistics varlink method
Added show-server-state verb to resolvectl
Added DumpStatistics and ResetStatistics  methods to varlink
2023-07-31 02:02:03 +09:00
Luca Boccassi
291c66914f
Merge pull request #28498 from bluca/softreboot
softreboot: ensure all processes are killed
2023-07-24 11:36:16 +01:00
Luca Boccassi
b41ab9b3f4 softreboot: ensure all processes are killed
Having surviving processes is not ready yet as a feature, so ensure
everything is killed on the transition for now
2023-07-24 10:45:28 +01:00
Frantisek Sumsal
8256994c63 test: check if we correctly propagate /run mounts during switch root
Since 7c764d4 we bind mount certain directories during switch root
instead of moving the mount directly, and for /run we do this without
MS_REC. This, unfortunately, leaves all mounts under /run behind
in the old root, which breaks certain use cases.

See: https://github.com/systemd/systemd/issues/28452
2023-07-24 10:39:14 +01:00
Luca Boccassi
3835b9aa4b Revert "core: add IgnoreOnSoftReboot= unit option"
The feature is not ready, postpone it

This reverts commit b80fc61e89.
2023-07-22 23:27:27 +01:00
Luca Boccassi
b80fc61e89 core: add IgnoreOnSoftReboot= unit option
As it says on the tin, configures the unit to survive a soft reboot.
Currently all the following options have to be set by hand:

Conflicts=reboot.target kexec.target poweroff.target halt.target
Before=reboot.target kexec.target poweroff.target halt.target
After=sysinit.target basic.target
DefaultDependencies=no
IgnoreOnIsolate=yes

This is not very user friendly. If new default dependencies are added,
or new shutdown/reboot types, they also have to be added manually.

The new option is much simpler, easy to find, and does the right thing
by default.
2023-07-21 18:05:41 +02:00
Luca Boccassi
5022fab15f Revert "test: test new systemd-dissect --attach/--detach/--loop-ref= and /dev/loop/* symlinks"
This reverts commit f5e46b9e09.
2023-07-20 22:26:40 +01:00
Luca Boccassi
3f37a82545 core: copy the host's os-release for /run/host/os-release
Currently for portable services we automatically add a bind mount
os-release -> /run/host/os-release. This becomes problematic for the
soft-reboot case, as it's likely that portable services will be configured
to survive it, and thus would forever keep a reference to the old host's
os-release, which would be a problem because it becomes outdated, and also
it stops the old rootfs from being garbage collected.

Create a copy when the manager starts under /run/systemd/propagate instead,
and bind mount that for all services using RootDirectory=/RootImage=, so
that on soft-reboot the content gets updated (without creating a new file,
so the existing bind mounts will see the new content too).

This expands the /run/host/os-release protocol to more services, but I
think that's a nice thing to have too.

Closes https://github.com/systemd/systemd/issues/28023
2023-07-18 17:26:02 +01:00
Luca Boccassi
cc037f2b48 test: exit early from TEST-70-TPM2 on ppc64el
There is an underlying issue that appears only on ppc64 and fails 95%
of Ubuntu runs, so exit early until it is solved.

Closes https://github.com/systemd/systemd/issues/27716
2023-07-17 22:47:06 +01:00
Dan Streetman
d980371669 test: avoid TEST-70 passphrase and password file mode complaints
Minor change, to adjust mode of /tmp/passphrase and /tmp/password test files to
avoid repeated warning logs that each file "...has 0644 mode that is too
permissive, please adjust the ownership and access mode."
2023-07-16 11:53:30 +01:00
Luca Boccassi
224029fcaa
Merge pull request #28097 from goenkam/maanya/dissect-tool-support-for-confext
systemd-confext: image-based systemd-wide config update including dm-verity support​
2023-07-14 23:01:26 +01:00
Maanya Goenka
f92256ace5 confext: test image wide systemd support for confext 2023-07-14 16:59:42 +00:00
Maanya Goenka
8a324d1648 sysext: change the table lookup string to be more verbose 2023-07-14 16:50:33 +00:00