In particular, 'system/service credentials' are now described as simply
'credentials'. The selling point of credentials is that they are transparently
propagated from the system to services, so distinguishing between system and
service credentials is not important.
The description of ordering against initrd-switch-root.target is completely
rewritten. The old description was confused.
I think the description of systemd-measure should be reworked to clearly
describe what new functionality is provided and what policy changes are
built on top. But I don't qrok the details, so I left this part unchanged.
anarcat [Thu, 6 Oct 2022 14:20:39 +0000 (10:20 -0400)]
man/shutdown: document how to switch to single-user mode
Before Debian switched to systemd, `shutdown now` would reset the system into
single user mode, doing roughly the equivalent of `telinit 1`.
Now, systemd's `shutdown` command does not behave that way; it defaults to
`poweroff` which might be confusing for users (like me) used to the previous
method.
Because I don't use the command often, I keep being stumped by this behavior,
and every time I look at the `shutdown(1)` manpage, I don't understand why I
can't find what I am looking for. This patch should make sure that people like
me find their way back to some sort of reason.
Maybe the *proper* way to fix this would be to restore the more classic
behavior, but I'm definitely not going to climb that hill. Besides, I clearly
remember the time I found out about the `shutdown` command and was *really*
confused when it brought me back to a command-line prompt. That was really
counter-intuitive and I find that change to actually be a good thing. So I'm
not proposing to change this behavior, merely document it better.
I originally added this to the `-P` option but it was suggested adding a new
`COMPATIBILITY` section instead, where other such issues could be added.
The `COMPATIBILITY` section is not actually officially documented. `man(1)`
talks about a `CONFORMING TO` section, but `shutdown(1)` is not
POSIX (`shutdown(2)` is, of course), so there's no actual standard on how this
should work.
The other option I considered was to add a `BUGS` section, but that seemed to
inflammatory, and definitely counter-productive.
--convert writes the journal files read by journalctl to the given
location. The location should be specified as a full journal file
path (e.g. /a/b/c/converted.journal). The directory specifies where
the converted journal files will be stored. The filename specifies
the naming convention the converted journal files will follow.
Daan De Meyer [Fri, 21 Jan 2022 18:29:41 +0000 (18:29 +0000)]
journal: Store offsets to tail entry array objects in chain
Previously, we'd iterate an entry array from start to end every time
we added an entry offset to it. To speed up this operation, we cache
the last entry array in the chain and how many items it contains.
This allows the addition of an entry to the chain to be done in
constant time instead of linear time as we don't have to iterate
the entire chain anymore every time we add an entry.
journal_file_data_payload() retrieves the payload of a Data object,
optionally decompressing it and checking to see if matches a given
field. This function replaces all the decompression code in the sd-journal
codebase with a single function.
This commit should not introduce any changes in sd-journal behavior.
Daan De Meyer [Tue, 2 Nov 2021 20:50:39 +0000 (20:50 +0000)]
journal: Use 32-bit entry item object offsets in compact mode
To do this, we move EntryItem out of journal-def.h and turn it into
a host only struct in native endian mode so we can still use it to
ship the necessary info around.
Aside from that, the changes are pretty simple, we introduce some
extra functions to access the right field depending on the mode and
convert all the other code to use those functions instead of
accessing the raw fields.
We also drop the unused entry item hash field in compact mode. We
already stopped doing anything with this field a while ago, now we
actually drop it from the format in compact mode.
Daan De Meyer [Sat, 23 Oct 2021 21:43:00 +0000 (22:43 +0100)]
journal: Enable compact mode
We also add an environment variable $SYSTEMD_JOURNAL_COMPACT that
can be used to disable compact mode if needed (similar to
$SYSTEMD_JOURNAL_KEYED_HASH).
Daan De Meyer [Sat, 23 Oct 2021 21:24:56 +0000 (22:24 +0100)]
journal: Add compact mode
This adds a new flag in preparation for incompatible journal changes
which will be gated behind this flag. The max file size of journal
files in compact mode is limited to 4 GiB.
Yu Watanabe [Fri, 7 Oct 2022 05:17:13 +0000 (14:17 +0900)]
network: drop unnecessary call of ndisc_vacuum()
After the commit 773024685b37170395a11716f8e4ad99d3580455, DNS servers
or domains are dropped when their lifefime become zero. Hence, it is not
necessary to try to them when writing state file.
Of course, because of the accuracy of the timer event source or priority
of event sources, a possibility is introduced that a DNS server or domain
with zero lifetime is stored in the state file. However, such entry will
be dropped soon when the timer event source is triggered. Hence, that
should not cause any real issues.
Arnaud Ferraris [Tue, 4 Oct 2022 16:52:33 +0000 (18:52 +0200)]
repart: always honour `--discard=no`
Currently, even if `--discard=no` is passed to `systemd-repart`, the
`context_discard_gap_after()` function still runs normally, discarding
e.g. all blocks between the GPT and the start of the first partition.
This can lead to issues on some embedded devices, where this space
holds the bootloader and shouldn't be modified (creating a protective
partition there is not always possible due to the specifics of the boot
process of some ARM-based SoC's).
This commit ensures passing `--discard=no` would be enough to ensure
the bootloader isn't wiped in such cases.
libbpf: add compat helpers for libbpf down to 0.1.0
- new symbols are available from libbpf 0.6.0 so could be used with
libbpf.so.0, but we're sure the old symbols will be there and this
simplifies code
- detection at runtime should always work, regardless of whether systemd
has been compiled with older or newer libbpf and runs with older or newer
libbpf
Aleksey Vasenev [Wed, 5 Oct 2022 19:33:53 +0000 (22:33 +0300)]
ata_id: Fixed getting Response Code from SCSI Sense Data (#24921)
The Response Code is contained in the first byte of the SCSI Sense Data.
Bit number 7 is reserved or has a different meaning for some Response Codes
and is set to 1 for some drives.
However, without the cache the binaries will fall back to `/lib64/libc.so.6`
which breaks tests that use the minimal verity images (like TEST-29),
because we install only the first version (that's shown by `ldd` at
the time the images are created):
```
[ 91.595343] testsuite-29.sh[747]: + portablectl --profile=trusted attach --now --runtime /usr/share/minimal_0.raw minimal-app0
Starting systemd-portabled.service...
[ OK ] Started systemd-portabled.service.
Starting minimal-app0-foo.service...
Starting minimal-app0.service...
[ 104.432217] cat[858]: cat: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
[ 104.435080] cat[857]: cat: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
[FAILED] Failed to start minimal-app0.service.
See 'systemctl status minimal-app0.service' for details.
```
```
$ chroot /var/tmp/systemd-test.nMHPfc/minimal/
/bin/bash: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
```
With the ldconfig's cache it seems to work as expected:
```
$ chroot /var/tmp/systemd-test.gVtYLg/minimal
bash-4.4# cat --version
cat (GNU coreutils) 8.30
...
```
mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
UNIT_DEPENDENCY_MOUNTINFO_OR_FILE was a bit strange as unlike the other flags
we don't know where the dependency came from exactly. Indeed its origin could
have been from the mount unit file or from /proc/self/mountinfo.
Instead this patch replaces UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with 2 new
dependency flags: UNIT_DEPENDENCY_MOUNT_FILE and UNIT_DEPENDENCY_MOUNTINFO. The
former indicates that the dep is created from the unit file but unlike
UNIT_DEPENDENCY_FILE, it will be replaced by a dep with the
UNIT_DEPENDENCY_MOUNTINFO flag as soon as the kernel will make the mount
available in /proc/self/mountinfo.
Franck Bui [Wed, 5 Oct 2022 08:26:59 +0000 (10:26 +0200)]
mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
The quota options have always been read from the unit file and ignored if only
present in /proc/self/mountinfo. IOW the quota services are not (automagically)
pulled in for mounts initiated by the user running mount(8).
Topi Miettinen [Mon, 3 Oct 2022 15:13:42 +0000 (18:13 +0300)]
tmpfiles: fix assert
Oct 03 17:33:20 systemd-tmpfiles[872]: Assertion 'IN_SET(i->type, CREATE_BLOCK_DEVICE|CREATE_CHAR_DEVICE)' failed at src/tmpfiles/tmpfiles.c:1837, function create_device(). Aborting.
I think this is caused by the line:
b! /dev/private/smartmontools-dev/sda 0660 root disk - 8:0
Yu Watanabe [Mon, 3 Oct 2022 02:54:20 +0000 (11:54 +0900)]
network: ndisc: drop addresses and friends when RA with zero lifetime is received
Routers may send options with zero lifetime if previously announced
information is outdated. Hence, if we receive such messages, then we
need to drop relevant addresses or friends.
See e.g. https://www.rfc-editor.org/rfc/rfc4861#section-12.
Yu Watanabe [Mon, 3 Oct 2022 03:42:40 +0000 (12:42 +0900)]
network: make sec_to_usec() map 0sec -> 0usec
Zero lifetime in RA is special, and we should not assign possibly very
short lifetime addresses or friends.
This should not change anything at least now, preparation for later
commits. Note, DHCPv4 and v6 code also uses it, but sd-dhcp-client and
sd-dhcp6-client already filtered messages with zero lifetime. Hence,
the change should not affect DHCP code.
Thomas Hebb [Thu, 29 Sep 2022 06:40:35 +0000 (23:40 -0700)]
network: don't forget old RAs when a new one arrives
IPv6 Neighbor Discovery lets us autoconfigure a link's IPv6 addresses,
routes, DNS servers, and DNS search domains by listening for Router
Advertisement (RA) packets broadcast by one or more routers on the link.
Each RA can contain zero or more "options," each describing one piece of
configuration (e.g. a single route).
Currently, when we receive an RA from a router, we delete any addresses,
routes, etc. that originated from that router's previous RAs unless
they're also present as options in the new RA.
That behavior is a violation of RFC 4861[1]. In Section 9, the RFC
states that
Senders MAY send a subset of options in different packets. ... Thus,
a receiver MUST NOT associate any action with the absence of an
option in a particular packet. This protocol specifies that
receivers should only act on the expiration of timers and on the
information that is received in the packets.
Several other passages in the RFC reiterate this. Section 6.2.3:
A router MAY choose not to include some or all options when sending
unsolicited Router Advertisements.
Section 6.3.4:
Hosts accept the union of all received information; the receipt of a
Router Advertisement MUST NOT invalidate all information received in
a previous advertisement or from another source.
At least one consumer router in production today, the Google Nest Wifi,
often sends RAs that omit its global IPv6 prefix. When current versions
of systemd-networkd receive those RAs, they immediately delete the
interface's global IPv6 address, which breaks IPv6 connectivity.
Fix the issue by removing the invalidation logic entirely. It's not
needed at all, since we already invalidate addresses, routes, and DNS
configuration when the interface goes down or their lifetimes expire.
This fix does have the side effect of preventing changes to the .network
file (e.g. denylisted prefixes, whether to add routes from RAs) from
taking effect as soon as a new RA arrives. Instead, a full interface
reconfiguration is needed. But triggering those changes on RA receipt
was already rather arbitrary and out of the administrator's control, so
I think this change is fine.
commit 69203fba700e ("network: ndisc: remove old addresses and routes
after at least one SLAAC address becomes ready") introduced this
behavior. commit 50550722e3ba fixed it partially, by preventing one
router's RAs from invalidating another router's configuration.
[1] https://www.rfc-editor.org/rfc/rfc4861
Fixes: 69203fba700e ("network: ndisc: remove old addresses and routes after at least one SLAAC address becomes ready")
The iscsi-init.service calls `sh` which might, in certain circumstances,
pull in instrumented systemd NSS modules causing `sh` to fail. Let's mitigate
this by pulling in an env file crafted by `create_asan_wrapper()` that
(among others) pre-loads ASan's DSO.
test: expand the expression in `cleanup_initdir()`
Otherwise we might unexpectedly return 1 if the `get_bool` call fails.
If the `get_bool` part in `get_bool "$TEST_SETUP_CLEANUP_ROOTDIR" && _umount_dir "${initdir:?}"`
fails, the whole expression will short-circuit evaluate to 1, and since it's
the last expression in the function it's also it's return value, which doesn't
reflect the original intent of the expression:
ci: pin stefanbuck/github-issue-parser to a tagged release
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.