1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

49082 Commits

Author SHA1 Message Date
Lennart Poettering
ff2f779758 import: properly verify roothash_signature + verity download, too
Follow-up for 133b34f69a where this was
forgotten.

While we are at it, bring the parameters into the same order as we
declare them in the PullRaw/PullTar objects, i.e. match them to the
canonical order.
2021-01-29 16:40:20 +01:00
Lennart Poettering
c9b6ebef8c import: make sure we can import empty files 2021-01-29 16:40:20 +01:00
Lennart Poettering
9f0b5640bd import: don't invoke compress callbacks with empty data
It's pointless if no data was generated. (This happens if an empty file
is compressed)
2021-01-29 16:40:20 +01:00
Lennart Poettering
0dfb650387 import: use unlink_and_free() + rm_rf_subvolume_and_free() more 2021-01-29 16:40:20 +01:00
Lennart Poettering
be7c98c240 import: fix typo in help text 2021-01-29 16:40:20 +01:00
Zbigniew Jędrzejewski-Szmek
0c3c9a4096
Merge pull request #18395 from bluca/make_docs_img_clean
Add Python 3.7 compat in update-dbus-docs and fix regression in integration tests 'make clean'
2021-01-29 14:07:54 +01:00
Topi Miettinen
ddc155b2fd New directives NoExecPaths= ExecPaths=
Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.

Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib

Closes: #17942.
2021-01-29 12:40:52 +00:00
Luca Boccassi
21be71eefb test: fix 'make clean' not removing shared image 2021-01-29 09:56:45 +00:00
Luca Boccassi
668b3a42fe tools: make update-dbus-docs compatible with Python 3.7
Debian Stable uses Python 3.7, but there are a couple of 3.8 features used
in the script. Add fallbacks.
2021-01-29 09:53:34 +00:00
Frantisek Sumsal
78dff3f3d7 ci: build the Fedora RPMs with -Werror 2021-01-29 11:02:54 +09:00
Zbigniew Jędrzejewski-Szmek
183d5168cf
Merge pull request #18392 from keszybz/update-target-rename
Add various missing license headers and rename meson targets for consistency
2021-01-28 19:06:14 +01:00
Frantisek Sumsal
64f2c3b22d ci: enable Packit integration
Let's enable the Packit integration and see if it's a viable option for
us. This configuration builds systemd on Fedora (on x86_64, i386, and
aarch64) and runs the unit test suite. To do that, it uses the specfile
from Fedora Rawhide[0] with some minor modifications, thus dropping the
need to have a specfile in the upstream repository.

So far the builds took around 25 minutes each, so speed-wise it's pretty
good. The two remaining supported architectures (s390x and armhfp) are
excluded, for now, since they're emulated and build there takes a really
long time (~4 hours).

[0] https://src.fedoraproject.org/rpms/systemd/
2021-01-28 18:57:24 +01:00
Zbigniew Jędrzejewski-Szmek
c69479d34f po: specify LGPL-2.1+ for all translation files 2021-01-28 09:55:36 +01:00
Zbigniew Jędrzejewski-Szmek
4c30eb573c networkd: add header to distributed "config" files 2021-01-28 09:55:36 +01:00
Zbigniew Jędrzejewski-Szmek
7a6eb60bd5 license: LGPL-2.1+ -> LGPL-2.1-or-later
Follow-up for db9ecf0501 and
faa73d4e0c.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
9c08f7d516 kernel-install: add boilerplate on installed .install files
Those files distribured, so they should have the same header as
kernel-install itself. Let's fix indentation while at it.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
d3821a339e tools: rename helper to match target name
The target is update-syscall-tables, so let's call the script
update-syscall-tables.sh to reduce the cognitive overhead when
trying to find the right file.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
1f6f8cc803 Use .txt as the extension of arch syscall lists
This makes it easier to filter those files and tells editors that they should
be treated as plain text.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
984b529684 Use .txt as the extension for syscall list file
Upstream uses .text, but this is rather unusual. Let's use .txt as the usual
suffix for text files. This tells various editors and such that the file should
be treated as plain text. I also want to a script to summarize license status,
and having an easy-to-recognize suffix makes this easier.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
2bc48bbdd7 docs: expose GVARIANT-SERIALIZATION as markdown 2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
8a7c7868a7 timesync: add header to distributed file
We don't include a license header in .conf and similar files,
but we should include a header that tells the user that this is
our file and points to some docs.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
30e31503bd tree-wide: add spdx header on source files
version.h is tiny, but the other two certainly deserve a license header.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
9ee03516df tree-wide: add spdx header on all scripts and helpers
Even though many of those scripts are very simple, it is easier to include
the header than to try to say whether each of those files is trivial enough
not to require one.
2021-01-28 09:55:35 +01:00
Zbigniew Jędrzejewski-Szmek
cb1f01a5f8 missing-syscalls: add license header in the version-controlled generated file
If the file was always generated on the fly, the header would be pointless.
But since we distribute it, it should be there. C.f.
a0e150b2f4.
This was forgotten in 35b42e5600.
2021-01-27 21:57:35 +01:00
Zbigniew Jędrzejewski-Szmek
7058df3593 udev.pc: add license header
All other .pc files have the same header. Not sure why this one
was forgotten.
2021-01-27 21:57:35 +01:00
Zbigniew Jędrzejewski-Szmek
2df21b7ab0 sysv-install.skeleton: use CC0 as the license
We didn't specify any license, which made the script awkward to use. Let's be
maximally permissive. CC0 is used for other documentation-code already.
2021-01-27 21:57:35 +01:00
Zbigniew Jędrzejewski-Szmek
b0a336a669 generate-dns_type-gperf: modernize python syntax 2021-01-27 21:57:35 +01:00
Zbigniew Jędrzejewski-Szmek
7857b6e838 generate-sys-test: modernize Python and C code
Meson itself requires Python 3.6, which has f-strings. So I think it's fine to
use them here too. I wanted to use walrus for 'if m:= re.search(...)', but that'd
require 3.8.
2021-01-27 21:57:35 +01:00
Mike Gilbert
57353d2909 seccomp_restrict_sxid: return ENOSYS for openat2()
We reject all openat2() calls because it is currently not possible to
inspect its flags parameter via seccomp.

Fallback code is more likely to look for ENOSYS than EPERM.
2021-01-27 18:45:11 +01:00
Zbigniew Jędrzejewski-Szmek
0fcd9f213e Drop obsolete vimrc file
We have another .vimrc in the root of the repo that has a superset of the
content of this file.
2021-01-27 17:35:58 +01:00
Lennart Poettering
9a4fce2efc
Merge pull request #18388 from keszybz/update-target-rename
meson: rename update targets for consistency
2021-01-27 14:28:24 +01:00
Zbigniew Jędrzejewski-Szmek
816f31d018 meson: rename target to update-hwdb-autosuspend
The script is renamed to match.

Now all targets are named uniformly in a tab-completion-friendly fashion, with
the exception of systemd-update-po which is generated by the i18n module
automatically:

$ ninja -C build -t targets | grep update
systemd-update-po: phony
update-syscall-tables: phony
update-syscall-header: phony
update-hwdb: phony
update-hwdb-autosuspend: phony
update-dbus-docs: CUSTOM_COMMAND
update-man-rules: CUSTOM_COMMAND
2021-01-27 09:24:30 +01:00
Zbigniew Jędrzejewski-Szmek
4095cff07e meson: rename target to update-hwdb
The goal is to have all "update-*" targets named uniformly so that
tab-completion works. The script is renamed to match.
2021-01-27 09:22:15 +01:00
Zbigniew Jędrzejewski-Szmek
e3c368f63c meson: rename target to update-man-rules
Same justification as for update-dbus-docs.
2021-01-27 09:10:25 +01:00
Zbigniew Jędrzejewski-Szmek
4c890ad3cc meson: rename target to update-dbus-docs
Very old versions of meson did not include the subdirectory name in the
target name, so we started adding various "top-level" custom targets in
subdirectories. This was nice because the main meson.build file wasn't
as cluttered. But then meson started including the subdir name in the
target name. So let's move the definition to the root so we can have all
targets named uniformly.
2021-01-27 08:46:42 +01:00
Zbigniew Jędrzejewski-Szmek
e798ffef82
Merge pull request #18340 from ddstreet/integration-tests-no-build
allow test/run-integration-tests.sh to work without a local build
2021-01-27 08:23:38 +01:00
Susant Sahani
fe96c0f86d
treewide: tighten variable scope in loops (#18372)
Also use _cleanup_free_ in one more place.
2021-01-27 08:19:39 +01:00
Yu Watanabe
37baf8db56
Merge pull request #18380 from yuwata/test-network-ipv6-proxy-ndp
test-network: add tests for IPv6ProxyNDPAddress=
2021-01-27 10:47:36 +09:00
Dan Streetman
59b8cb3c45 test/TEST-01-BASIC: also install testsuite.target
This test doesn't require the tests to be installed, so it must manually
install required test services and targets itself, including the default
target of testsuite.target

Also use $TEST_UNITS_DIR which is set by test-functions instead of
calculating the path
2021-01-26 17:38:23 -05:00
Dan Streetman
b3e4340664 test/run-integration-tests.sh: adjust arg processing
The script currently parses either 'clean' or 'clean-again' as wanting
to clean both before and after running tests. This fixes that to split
the action up; clean runs before tests, clean-again after; and also
verifies the parameter(s) before passing them to make.
2021-01-26 17:36:53 -05:00
Dan Streetman
232add5c47 test: allow run-integration-tests.sh to run without build 2021-01-26 17:09:48 -05:00
Dan Streetman
8fa038085e test/test-functions: allow installing systemd files from local system
Add NO_BUILD var to allow testing with no local build, by installing
local systemd files into the image.

This only works for debian-like distros currently, that use the
tools 'apt' and 'dpkg' for package management.
2021-01-26 17:09:48 -05:00
Dan Streetman
12d31e4ea5 test: find $BUILD_DIR in test-functions, remove from other scripts
The $BUILD_DIR is only used in test-functions, and doesn't need to
be specified in any other scripts. Additionally, to be able to allow
the integration test suite to be run against locally installed binaries,
instead of built binaries, moving BUILD_DIR logic completely into
test-functions allows later patches to be simpler.
2021-01-26 17:09:48 -05:00
Dan Streetman
42f3b48c97 test/test-functions: add variables for several dir locations 2021-01-26 17:09:39 -05:00
Dan Streetman
1918406900 test/test-functions: move var assignment
This makes no code change, only moves a small block of vars higher in the
file. This makes the next commit a bit easier to read.
2021-01-26 16:05:49 -05:00
Dan Streetman
4326586be2 test: remove unused 'basedir' var from integration test makefiles 2021-01-26 16:05:49 -05:00
Luca Boccassi
e953dcab39
Merge pull request #18384 from poettering/mangle-os-fix
import: two fixes to OS mangling logic
2021-01-26 20:23:52 +00:00
Yu Watanabe
f0d87798ea test-network: retry several times if expected LLDP info is not obtained
As LLDP thing does not get involved in the link status, `networkctl lldp`
may not provide an expected information even if the link is in
'configured' state.

Fixes #17360.
2021-01-26 18:48:44 +01:00
Lennart Poettering
0de405873c
Merge pull request #18377 from yuwata/sd-device-cleanups
sd-device: several tiny cleanups
2021-01-26 17:39:54 +01:00
Lennart Poettering
04a853848e
Merge pull request #18382 from yuwata/fix-downgrade-to-bool
sd-device,sd-netlink: trivial cleanups
2021-01-26 17:38:19 +01:00