IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Although being far from ideal and the first two test cases have to be run
before the setup phase otherwise they will fail, it still makes the test
suite look much better and easier to read
(cherry picked from commit a9d472d6e4ae6c548dd24097b20563dc9c06b329)
Let's make sure logind is accessible by the time user@.service runs, and
that logind stays around as long as it does so.
Addresses an issue reported here:
https://lists.freedesktop.org/archives/systemd-devel/2024-June/050468.html
This addresses an issued introduced by
278e815bfa3e4c2e3914e00121c37fc844cb2025, which dropped the a dependency
from user@.service systemd-user-sessions.service without replacement.
While dropping that dependency does make sense, it should have been
replaced with the weaker dependency on systemd-logind.service, hence fix
that now.
user@.service is after all a logind concept, hence logind really should
be around for its lifetime.
systemd-user-sessions.service is a later milestone that only really
should apply to regular users (not root), hence it's too strong a
requirement.
(cherry picked from commit 29294d21cf82323bf04a9dbb5a03d48d6f758822)
cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'.
https://www.kernel.org/doc/html/latest/accounting/psi.html
(cherry picked from commit 98b1ecc9175a8bb241292f6f441a754b6759dd97)
If the destination mount point is on a shared filesystem and is
missing on the first attempt, we try to create it, but then
fail with -EEXIST if something else created it in the meanwhile.
Enter the retry logic on EEXIST, as we can just use the mount
point if it was already created.
Fixes https://github.com/systemd/systemd/issues/29690
(cherry picked from commit c3f0f6f8bd812fee4b2ab658a5cc9ac9167d387d)
btrfs used to default the sector size to the page size and didn't
support anything else. Since 6.7, it defaults to 4K and using 4K
makes the filesystem compatible with all page sizes. So let's make
sure we use minimum 4K as well (lower causes failures on systems with
a 4K page size) but still allow larger sector sizes if specified by
the user.
(cherry picked from commit 03c9e88fb7eb8973477c33aa63dc6bcf0cab52c9)
We want to use 4K as the default sector size for filesystems so they
don't have to be regenerated to work on 512, 2048 or 4096 sector sizes.
(cherry picked from commit d34361149f897eac5c6a41854fa4edca4804b49b)
Currently, we only follow merged units for unit_load_dropin() call.
But if the unit is an alias, we should always perform operations
on the "canonical" unit.
(cherry picked from commit 740cd1e0f2ae5cc1a10d2111d63cc4e975761091)
On aarch64, SMBIOS is only available when using UEFI, so let's make
sure that the creds test uses UEFI when available so that it can
read creds from SMBIOS when running in a virtual machine.
(cherry picked from commit 436474dd4348d5f12f70d9032d1cc45171b335e7)
This test runs in nspawn by default but will still run in qemu when
tests are run unprivileged so make sure we use UEFI if available to
avoid hangs when using the linux firmware.
(cherry picked from commit f392be9e7756268fc1b9d5204adc642bee10c8fa)
This test runs in nspawn by default but will still run in qemu when
tests are run unprivileged so make sure we use UEFI if available to
avoid hangs when using the linux firmware.
(cherry picked from commit 3cf38516bb765126fee80fed6d984ae963d075de)
On x86 this doesn't matter but on aarch64 we need to make sure UEFI
is used so that /sys/kernel/security/tpm0/binary_bios_measurements
is there which is required for TEST-70-TPM2.
(cherry picked from commit 98f2a332cb1a3efc3b2e8a5914a895a0a051bda4)
The DNS_PACKET_RCODE() function works out the full RCODE by taking the
first octet from the OPT record TTL field and bitwise-OR-ing this with
the basic RCODE from the packet header. This results in RCODE values
being lower than they should be.
For example, if the first TTL octet is 0x7a and the basic RCODE is 3,
this function currently returns `0x7a | 3` = 123, rather than 0x7a3 =
1955.
The first TTL octet is supposed to form the upper 8 bits of a 12-bit
value, whereas the current implementation constraints the value to 8
bits and results in mis-interpreted RCODEs.
This fixes things by shifting the TTL 20 places instead of 24 and
masking off the low nibble that comes from the upper bits of the version
octet.
Note that dns_packet_append_opt() correctly converts the input RCODE
into the high octet of the OPT TTL field; this problem only affects
parsing of incoming packets.
(cherry picked from commit c40f3714c9a4d1f2bcd308625c9c835892e3d41c)
Whereas RFC 1035 says the TTL field takes the "positive values of a
signed 32 bit number", and RFC 2181 says "Implementations should treat
TTL values received with the most significant bit set as if the entire
value received was zero,", the dns_packet_read_rr() function sets
rr->ttl to zero if the MSB is set.
However, EDNS(0) as specified in RFC 6891 repurposes the TTL field's 4
octets to store other information, c.f.:
+0 (MSB) +1 (LSB)
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
0: | EXTENDED-RCODE | VERSION |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
2: | DO| Z |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The first octet extends the usual 4-bit RCODE from the packet header by
providing an additional 8 bits of space, extending the RCODE to 12 bits.
But, our handling of the TTL field means that the high bit in the first
octet is not actually usable, since setting it will mean these 4 octets
are replaced with 0. This may have the effect of making us believe a
server does not support DNSSEC when it actually set the DO bit in its
OPT record.
Here we change things so that the TTL is only set to zero for record
types other than OPT.
(cherry picked from commit 131787979c700becaf6ec24a810658d1313587cc)
When running the test on aarch64 the symlinks look as follows:
"""
[root@H ~]# ls /dev/disk/by-path
platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0 platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part1 platform-4010000000.pcie-pci-0000:00:05.0-nvme-16
platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part2 platform-4010000000.pcie-pci-0000:00:05.0-nvme-17
"""
So let's make the PCI patterns a little more generic so they match
both the x86 and the aarch64 paths.
(cherry picked from commit 72d121b60174b825bf1390958eb1b55f34c5ff5b)
We would say how *sources* are licensed, but actually most user care about the
resulting binaries. So say how the *binaries* are licensed. I used the word
"effectively" because the permissive licenses don't set any requirements on the
binaries, so the license of sources is a complex mix, but the resulting
binaries have a simple effective license.
Also, make it clear that the GPLv2 license applies to udev programs, but not
the shared library. Based on private correspondence, there's some confusion
about this.
(cherry picked from commit bd7236912f373e0a06a1b0395000ec67d96767af)
Let's make sure we pull in multi-user.target so that we get a console
when a test fails and we're running meson test with --interactive.
(cherry picked from commit 32f3617fd700e4a98b35f8c28a2807c2e51a2d9f)
Using double quotes in f-strings only works from python 3.12 onwards.
Use single quotes to make sure python 3.9 works as well.
Also clean up quotes a little in general.
(cherry picked from commit 4e469c0af2e92914b324f0fb48cf4462caff5c86)
Trying to use bus pci slot 0 fails on aarch64 so let's use 1 instead.
The error:
"""
qemu-system-aarch64: -device virtio-blk-pci,drive=drive0,scsi=off,bus=pci_bridge25: Unsupported PCI slot 0 for standard hotplug controller. Valid slots are between 1 and 31.
"""
(cherry picked from commit 7f07f9c8cdbcca3b57e40143e86e7179420d39db)
I expect the test output to be the second argument, so we're diffing "expected"
and "output", not the other way around.
I noticed this when working on https://github.com/systemd/systemd/pull/33081.
(cherry picked from commit 6bb3ea655d08c0602c99ccd2a580ba102fd19114)
Update the man page of tmpfiles.d to remove outdated comments regarding the behavior of ownership with symlinks.
The behavior has been changed in this commit 51207ca134716a0dee5fd763a6c39204be849eb1
(cherry picked from commit d108198f395fde05d94fc75d8581af4aa0de7e4a)
The logic of the Describe() call was supposed to be: if we can acquire
the PK priv to get the product UUID then let's return the product UUID,
and if we cannot then return the data without it.
This didn't work however, since the polkit varlink glue would
immediately propagate the error it acquired from polkit its own client.
Let's turn this off, optionally, so that hostnamed can handle this
nicely.
(cherry picked from commit b6464e80d65fd5bfd9e6206ee305f0da9c88c096)
The kernel's sched_setattr interface allows for more control over a processes
scheduling attributes as the previously used sched_setscheduler interface.
Using sched_setattr is also the prerequisite for support of utilization
clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter,
sched_runtime, will probably become a relevant scheduling parameter of the
EEVDF scheduler [2, 3], and therefore will not only apply to processes
scheduled via SCHED_DEADLINE, but also for processes scheduled via
SCHED_OTHER/SCHED_BATCH (i.e., most processes).
1: https://docs.kernel.org/next/scheduler/sched-util-clamp.html
2: https://lwn.net/Articles/969062/
3: https://lwn.net/ml/linux-kernel/20240405110010.934104715@infradead.org/
(cherry picked from commit 016e9d8d08ce66f5e81b42e0a0db398afc17336a)
File offsets in UEFI are 64bit on all archs, hence let's use that typo
too, and not create artificial confusion around types.
(cherry picked from commit 9573ab8f5a1e2dfdb3542aa647868ff73ced7dd2)
Before 12001b1bf067339db089d52e08fd0b4c6a9945df, write() is required for
if Type=exec. However, with the previous commit, now write() is also used
for sending handoff timestamp. Let's allow write() if necessary.
Fixes a regression caused by 12001b1bf067339db089d52e08fd0b4c6a9945df.
Fixes#33299.
(cherry picked from commit 84b79215ccc5abd6ee50ffd9df34dbbe2d29d625)
Before 12001b1bf067339db089d52e08fd0b4c6a9945df, the timestamp is sent
with write(), but the commit made the timestamp sent by send(), and
causes regressin #33299.
Note the invocation will still fail if write() is filtered by seccomp.
But, that is an old issue since Type=exec is introduced
(5686391b006ee82d8a4559067ad9818e3e631247).
Partially fixes a regression caused by 12001b1bf067339db089d52e08fd0b4c6a9945df.
Partially fixes#33299.
(cherry picked from commit 5161422bb5b0cc47100163ea690252c90159b354)
description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around.
(cherry picked from commit 1750e30d237e6d9cdebc6b546d0a26342828dbd1)
Similar to the previous commit, but for preventing from removing static
routes on receiving RA with zero lifetime.
Fixes a regresson caused by 479d3e1994a2e4ff7070dc2a0cb1615af7120b0c.
Fixes#33346.
(cherry picked from commit fd436c8d67e75eebd0ef9499f699524e4cbe2a92)
We have already ignored conflicting address configurations requested by
NDisc protocol. See ndisc_request_address().
Let's follow the same rule for routes. That is, if there are conflicting
static routes configured or requested, do not override them by NDisc.
Also, swap the order of checking existing route and existing request.
Fixes a regression caused by 972f1d17ab461a51142a142609dd3ec50bae8440.
Prompted by #33346.
(cherry picked from commit 7af3e8cd0034a6eb2e614b052c94c6d0b4556e98)
The purpose of the check is to prevent leaking API VFS fds
from host into a mount namespace/container. When mountns
is not used at all, the check is pointless and causes
inconvenience. E.g. file managers might need to be spawned
under those directories, and they surely won't run in mountns.
Suggested in https://github.com/systemd/systemd/pull/33454#issuecomment-2186351467Fixes#33361
(cherry picked from commit 276bd392ecdd6febaeac82e7d6f46a035826f98d)
Then, terminal will safely ignore unsupported features, like colored
underline.
Fixes a regression caused by 891abc9cf1d3d7afd7b740b4077551dcfb5f8e16.
Fixes https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074073.
Fixes#33449.
(cherry picked from commit 6eabe9f2ff48c1b6924724d5afe64e7b661ccdbf)
