oss-fuzz: move apt-gets and pips to the systemd repository
to be able to control our dependencies right here without
sending PRs like https://github.com/google/oss-fuzz/pull/5199 and
https://github.com/google/oss-fuzz/pull/5601.
It should also allow us to pin meson to let Dependabot keep track of
it and jump from one version to another without breaking anything
Yu Watanabe [Thu, 18 Nov 2021 20:12:35 +0000 (05:12 +0900)]
network: always try to reconfigure when carrier gained
When networkd detects a wlan interface, the interface may not be
connected to any access point, and may enter the unmanaged state.
After the interface connected to an access point, previously networkd
did not reconfigure the interface. This fixes the issue.
test: extend homed test to test home dir "maximization"
This moves the backing store to a separate tmpfs which we can nicely put
a size limit on to make sure we can test maximization sanely: if we ask
for the home dir to be grown really large it should effectively only be
grown until the size of the backing tmpfs.
(While we are at it, also set a cheaper KDF so that we don't waste CI
cycles for password hashing that aren#t secure anyway.)
homework: make it safe to invoke home_setup_luks() twice in a row
Being able to invoke the call twice on the same HomeSetup object will
simplify auto-growing/auto-shrinking since we can issue a resize
operatio directly from activate/deactivate
homework: make destroying of HomeSetup optional when resizing
This will be useful when we want to issue a resize operation right when
activating, where the HomeSetup object should be destroyed only after
both activation is done.
Daan De Meyer [Wed, 17 Nov 2021 16:44:21 +0000 (16:44 +0000)]
journal: Use separate variable for Data object in sd_journal_get_data()
A little cleanup to make the next change easier. We're not moving to a
new Entry object in the for loop so there's no danger of changing the
Entry object window.
Daan De Meyer [Wed, 17 Nov 2021 15:54:35 +0000 (15:54 +0000)]
journal: Skip over corrupt entry items in enumerate_data()
Similar to sd_journal_next(), if trying to access an entry item
offset's data results in EBADMSG, skip to the next entry item so
we handle corruption better.
Yu Watanabe [Thu, 18 Nov 2021 20:36:44 +0000 (05:36 +0900)]
network: do not clear map from alternative names to link when IFLA_PROP_LIST attribute is not contained
No IFLA_PROP_LIST attribute contained does not means the interface
has no alternative name.
E.g. the message created by inet6_fill_ifinfo() in net/ipv6/addrconf.c
does not contain IFLA_PROP_LIST.
Frantisek Sumsal [Thu, 18 Nov 2021 16:19:03 +0000 (17:19 +0100)]
test: make the diff regex BRE-compatible
Since the GNU `diff` utility uses grep-style regular expressions[0], which
use the BRE style, we need to tweak the regex to make it work properly
(most notably - in BRE the meta characters need to be escaped).
```
$ diff a b
21c21
< Volume Key: 256bit
---
> Volume Key: 257bit
25c25
< Disk Ceiling: 323.2M
---
> Disk Ceiling: 323.1M
$ diff -I '^\s*Disk (Size|Free|Floor|Ceiling):' a b
21c21
< Volume Key: 256bit
---
> Volume Key: 257bit
25c25
< Disk Ceiling: 323.2M
---
> Disk Ceiling: 323.1M
$ diff -I '^\s*Disk \(Size\|Free\|Floor\|Ceiling\):' a b && echo OK
21c21
< Volume Key: 256bit
---
> Volume Key: 257bit
```
Daan De Meyer [Mon, 11 Oct 2021 13:05:08 +0000 (14:05 +0100)]
journal: Don't discard kmsg messages coming from journald itself
Previously, we discarded any kmsg messages coming from journald
itself to avoid infinite loops where potentially the processing
of a kmsg message causes journald to log one or more messages to
kmsg which then get read again by the kmsg handler, ...
However, if we completely disable logging whenever we're processing
a kmsg message coming from journald itself, we also prevent any
infinite loops as we can be sure that journald won't accidentally
generate logging messages while processing a kmsg log message.
This change allows us to store all journald logs generated during
the processing of log messages from other services in the system
journal. Previously these could only be found in kmsg which has
low retention, can't be queried using journalctl and whose logs
don't survive reboots.
meson: add check:true/false to all run_command() invocations
meson-0.59.4-1.fc35.noarch says:
WARNING: You should add the boolean check kwarg to the run_command call.
It currently defaults to false,
but it will default to true in future releases of meson.
See also: https://github.com/mesonbuild/meson/issues/9300
We were already asserting that the intmax_t and uintmax_t types
are the same as int64_t and uint64_t. Pretty much everywhere in
the code base we use the latter types. In principle intmax_t could
be something different on some new architecture, and then the code would
fail to compile or behave differently. We actually do not want the code
to behave differently on those architectures, because that'd break
interoperability. So let's just use int64_t/uint64_t since that's what
we indend to use.
It seems that the implementation of long double on ppc64el doesn't really work:
long double cast to integer and back compares as unequal to itself. Strangely,
this effect happens without optimization and both with gcc and clang, so it
seems to be an effect of how long double is implemented by the architecture.
Dumping the values shows the following pattern:
00 00 00 00 00 00 24 40 00 00 00 00 00 00 00 00 # long double v = 10;
00 00 00 00 00 00 24 40 00 00 00 00 00 00 80 39 # (long double)(intmax_t) v
Instead of trying to make this work, I think it's most reasonable to switch to
normal doubles. Notably, we had no tests for floating point behaviour. The
first test we added (for values even not in the range outside of double),
showed failures.
Common implementations of JSON (in particular JavaScript) use 64 bit double.
If we stick to this, users are likely to be happy when they exchange data with
those tools. Exporting values that cannot be represented in other tools would
just cause interop problems.
I don't think the extra precision would be much used. Long double seems to make
most sense as a transient format used in calculations to get extra precision in
operations, and not a storage or exchange format. So I expect low-level
numerical routines that have to know about hardware to make use of it, but it
shouldn't be used by our (higher-level) system library. In particular, we would
have to add tests for implementations conforming to IEEE 754, and those that
don't conform, and account for various implementation differences. It just
doesn't seem worth the effort.
https://en.wikipedia.org/wiki/Long_double#Implementations shows that the
situation is "complicated":
> On the x86 architecture, most C compilers implement long double as the 80-bit
> extended precision type supported by x86 hardware. An exception is Microsoft
> Visual C++ for x86, which makes long double a synonym for double. The Intel
> C++ compiler on Microsoft Windows supports extended precision, but requires
> the /Qlong‑double switch for long double to correspond to the hardware's
> extended precision format.
> Compilers may also use long double for the IEEE 754 quadruple-precision
> binary floating-point format (binary128). This is the case on HP-UX,
> Solaris/SPARC, MIPS with the 64-bit or n32 ABI, 64-bit ARM (AArch64) (on
> operating systems using the standard AAPCS calling conventions, such as
> Linux), and z/OS with FLOAT(IEEE). Most implementations are in software, but
> some processors have hardware support.
> On some PowerPC and SPARCv9 machines, long double is implemented as a
> double-double arithmetic, where a long double value is regarded as the exact
> sum of two double-precision values, giving at least a 106-bit precision; with
> such a format, the long double type does not conform to the IEEE
> floating-point standard. Otherwise, long double is simply a synonym for
> double (double precision), e.g. on 32-bit ARM, 64-bit ARM (AArch64) (on
> Windows and macOS) and on 32-bit MIPS (old ABI, a.k.a. o32).
> With the GNU C Compiler, long double is 80-bit extended precision on x86
> processors regardless of the physical storage used for the type (which can be
> either 96 or 128 bits). On some other architectures, long double can be
> double-double (e.g. on PowerPC) or 128-bit quadruple precision (e.g. on
> SPARC). As of gcc 4.3, a quadruple precision is also supported on x86, but as
> the nonstandard type __float128 rather than long double.
> Although the x86 architecture, and specifically the x87 floating-point
> instructions on x86, supports 80-bit extended-precision operations, it is
> possible to configure the processor to automatically round operations to
> double (or even single) precision. Conversely, in extended-precision mode,
> extended precision may be used for intermediate compiler-generated
> calculations even when the final results are stored at a lower precision
> (i.e. FLT_EVAL_METHOD == 2). With gcc on Linux, 80-bit extended precision is
> the default; on several BSD operating systems (FreeBSD and OpenBSD),
> double-precision mode is the default, and long double operations are
> effectively reduced to double precision. (NetBSD 7.0 and later, however,
> defaults to 80-bit extended precision). However, it is possible to override
> this within an individual program via the FLDCW "floating-point load
> control-word" instruction. On x86_64, the BSDs default to 80-bit extended
> precision. Microsoft Windows with Visual C++ also sets the processor in
> double-precision mode by default, but this can again be overridden within an
> individual program (e.g. by the _controlfp_s function in Visual C++). The
> Intel C++ Compiler for x86, on the other hand, enables extended-precision
> mode by default. On IA-32 OS X, long double is 80-bit extended precision.
So, in short, the only thing that can be said is that nothing can be said. In
common scenarios, we are getting only a bit of extra precision (80 bits instead
of 64), but use space for padding. In other scenarios we are getting no extra
precision. And the variance in implementations is a big issue: we can expect
strange differences in behaviour between architectures, systems, compiler
versions, compilation options, and even the other things that the program is
doing.
Luca Boccassi [Tue, 16 Nov 2021 22:44:06 +0000 (22:44 +0000)]
CONTAINER_INTERFACE: clarify that /proc/sys can be writable with namespacing
When user and network namespaces are enabled, the kernel
makes the global keys read-only, and makes the namespaced
ones available for the guest already.
The kernel sends FRA_SUPPRESS_IFGROUP attribute with -1, that must be
handled by networkd.
For FRA_SUPPRESS_PREFIXLEN, we already handled -1, but ignored values
larger than 128. We should not configure rules with such a meaningless
value, but should manage such rules when received from kernel. It can
occur when created by other tools mistakenly. If networkd ignores them,
then networkd cannot remove them.
user-record: relax rules on diskSize user record field
Let's not refuse low or high disk sizes unnecessarily early. They disk
sizes are subject fs limits anyway, hence there's no point in adding
another limit.
Relaxing thhe rules here as the advantage that we can later allow
"homectl resize lennart 0" as a generic way to minimize disk space.
Previously the mkdir_label() family of calls was implemented in
src/shared/mkdir-label.c but its functions partly declared ins
src/shared/label.h and partly in src/basic/mkdir.h (!!). That's weird
(and wrong).
Let's clean this up, and add a proper mkdir-label.h matching the .c
file.
mkdir: drop mkdir_errno_wrapper(), use mkdirat_errno_wrapper() instead
Let's reduce our code duplication, and let's focus on using xyzat()
style APIs more, hence drop mkdir_errno_wrapper() and stick to
mkdirar_errno_wrapper() wherever we can, it's a true superset of
functionality after all.
selinux: make mac_selinux_create_file_prepare() at wrapper around _at()
Let's make sure mac_selinux_create_file_prepare_at() works fine with
AT_FDCWD, and then make mac_selinux_create_file_prepare() just a inline
wrapper around it.
Franck Bui [Tue, 16 Nov 2021 08:28:41 +0000 (09:28 +0100)]
TEST-08: don't force ext4 for /
Forcing a specific fs for the image is usually a bad idea because the initrd
(borrowed from the host) is likely to include only support for the filesystem
used by the host's rootfs.
Since the point of this test is to check aliases on mount units, there's no
specific need for ext4, hence drop any parts that request or rely on ext4.
Daan De Meyer [Tue, 16 Nov 2021 09:52:39 +0000 (09:52 +0000)]
meson: Downgrade unused function from error to warning in local builds
When working on systemd, it's often useful to be able to comment out
a function to see how a build behaves without it. Currently, when doing
this with a static function that's only used once, the build fails because
the function then becomes unused. As such, Let's downgrade the unused
function error to a warning in local builds.
This mirrors what was done in 564761fcaeda8c013210f7c6934847a6d0228ec9
for sysusers.d. If we allow separating resolved sysusers config
in a subpackage, we should do the same for the symlink that is
only useful when resolved is installed.
The sentence wasn't correct English language, let's fix that. More
importantly: if the mount options are empty we'd display "(null)" here.
Fix that. (And they can be empty IRL, see CI results)
The man page doesn't quite match what --help says, and I needed to use "-f" to
write a wiped partition. This all feels a bit experimental, but the fs has some
adherents, and we should make it easy to use.
(Also, an empty 256MB device formatted and mounted shows up as
Filesystem Size Used Avail Use% Mounted on
/dev/loop0 254M 85M 170M 34% /var/tmp/mount
which also seems a bit over the top…)
Requested in https://github.com/systemd/systemd/pull/21275#issuecomment-967928690.
Apparently mkswap has it's own limit, and it seems to be one lower than the one
for ext2/3/4.
$ for i in ext2 ext3 ext4 btrfs xfs vfat swap minix; do
echo $i && wipefs -q -a '/var/tmp/głąbźśńćąśððð.img'
build/systemd-makefs $i '/var/tmp/głąbźśńćąśððð.img'
done
I was testing with a "test1.img" and mkfs.vfat rejects "TEST1.IMG" with the
error "Labels with characters *?.,;:/\|+=<>[]" are not allowed". So let's
replace those characters with "_".
units: delay binfmt processing until after local-fs.target
Users may use rules that refer to binaries e.g. in /opt or /usr/local,
and those directories may be separate mount points. We don't need the
binfmt rules in early boot, so let's delay the service so that we can
rely on the full local filesystem being visible.