[ 40.039232] testsuite-50.sh[624]: ++ systemd-dissect --make-archive /tmp/tmp.RZEq3t/minimal_0.raw
[ 40.044745] testsuite-50.sh[625]: ++ sha256sum
[ 40.066693] systemd-dissect[621]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.068577] systemd-dissect[621]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.092242] systemd-dissect[624]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.095716] systemd-dissect[624]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.100510] testsuite-50.sh[538]: + test e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 '!=' ''
[ 40.100510] testsuite-50.sh[538]: + test e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
[ 40.108249] testsuite-50.sh[627]: + tar t
[ 40.113791] testsuite-50.sh[626]: + systemd-dissect --make-archive /tmp/tmp.RZEq3t/minimal_0.raw
[ 40.120300] testsuite-50.sh[628]: + grep etc/os-release
[ 40.176288] systemd-dissect[626]: libarchive.so.13 is not installed: libarchive.so.13: cannot open shared object file: No such file or directory
[ 40.180273] systemd-dissect[626]: Archive support not available (compiled without libarchive, or libarchive not installed?).
[ 40.184017] testsuite-50.sh[627]: tar: This does not look like a tar archive
[ 40.185430] testsuite-50.sh[627]: tar: Exiting with failure status due to previous errors
Luca Boccassi [Tue, 23 Jan 2024 16:01:31 +0000 (16:01 +0000)]
core: add SYSTEMD_VERITY_SHARING env var for local development
When running an image that cannot be mounted (e.g.: key missing intentionally
for development purposes), there's a retry loop that takes some time
and slows development down. Add an env var to disable it.
Luca Boccassi [Thu, 25 Jan 2024 20:31:39 +0000 (20:31 +0000)]
sd-bus: fix exiting event loop when sd_bus_set_exit_on_disconnect is used
If sd_bus_set_exit_on_disconnect is used and the bus is part of an event
loop, and the D-Bus connection goes away (e.g.: soft-reboot), sd-bus
will always exit() the program instead of returning from the loop, as
the reference to the event is removed before it is checked.
Luca Boccassi [Fri, 26 Jan 2024 00:22:38 +0000 (00:22 +0000)]
test: unset TZ before timezone-sensitive unit tests are run
Some tests have hard-coded results that need to match, and change if
the caller has a timezone set via the TZ= environment variable, as it
is the case during reproducible build tests. Unset it.
Daan De Meyer [Wed, 24 Jan 2024 11:24:11 +0000 (12:24 +0100)]
man: Document ranges for distributions config files and local config files
Let's recommend that config files and drop-ins in /usr use the range
0-49 and config files in /etc and /run use the range 50-99 so that
files in /run and /etc will generally always override files from
/usr.
Mike Yuan [Mon, 22 Jan 2024 16:00:46 +0000 (00:00 +0800)]
fstab-generator: drop unapplicable options for /usr/ too
We already drop these for /sysroot/usr/ in parse_fstab
(1e9b2e4fdd8d04e3fbfadbc0b92dc138c819c221). Let's make
things consistent, and do the same for /usr/ too (after
switch-root).
Mike Yuan [Sat, 20 Jan 2024 14:16:52 +0000 (22:16 +0800)]
fstab-util: clean up fstab_filter_options
Let's get rid of the confusing goto so that the flow is more
straightforward. Note that the behavior is slightly changed:
previously, ret_filtered would be an empty string even if
the original opts passed in is NULL, but after this commit
it returns NULL too. But this shouldn't matter, as all our
code handles NULL opts gracefully.
This file is a bit misnamed. What it actually implements is one specific
BPF LSM module, that restricts file systems. As such it really should be
named after that, and not primarily by the mechanism it uses for that.
With this our glue code is now named the same way as the actual bpf code
files in src/core/bpf/, thus things become a bit more symmetric.
This is particular relevant as we'll soon have another BPF LSM in our
tree, see #26826, and we should be able to distinguish them by name.
This commit just renames the files and does some dumb search/replace of
the string. A follow-up commit will name some functions more expressively
inside the files.
I added the filtering in 752fedbea7c02c82287c7ff2a4139f528b3f7ba8 as a way
to reduce the number of items in the tables. I thought it's "obvious", but
it might not be so.
One immediate problem is that the filter is broken, because on arm64,
os.uname().machine returns "aarch64", so we incorrectly filter out the arm
syscalls (there is just one: arm_fadvise64_64). Of course we could fix the
filter, but I think it's better to nuke it altogether. The filter on applies to
1 arm syscall and 5 s390 syscalls, and we have 500+ other syscalls, so this
"optimization" doesn't really matter. OTOH, if we get the filter wrong,
the result is bad. And also, the existence of the filter at all creates
problems for cross-builds.
I wanted to get rid of 'generate-syscall-list.py', but we need to generate a
backslash in the output. https://github.com/mesonbuild/meson/issues/1564 makes
this very very hard, since any attempt to put a backslash an inline argument
results in the backslash being replaces by a forward slash, which doesn't quite
have the same meaning. So let's use a standalone script until
https://github.com/mesonbuild/meson/issues/1564 is resolved.
cgroup: don't enable bpf pseudo-controllers when doing a wildcard delegation
We can only delegate actual controllers, not the BPF pseudo-controllers
we defined as there's imply no concept for that. Hence, when users set
Delegate=yes to do a wildcard delegation, only delegate the regular
controllers.
This means that we won't bother with BPF stuff for such units where it's
entirelly unnecessary.
Mike Yuan [Thu, 18 Jan 2024 07:28:39 +0000 (15:28 +0800)]
logind-dbus: modernize method_set_user_linger
Currently, user_start() doesn't return any error,
but let's not eat up the return value.
Preparation for #30910, after which user_start()
does return error.
Mike Yuan [Wed, 24 Jan 2024 13:56:56 +0000 (21:56 +0800)]
logind-user: don't say "user X logged out" in user_finalize
"Logging out" is something done by the human user. When we stop
tracking/GC a User object, let's use a more generic phrase in case
the specific User doesn't have human users (i.e. "user" class sessions)
at all. Eventually we want something like #2900, and log this
when all user class sessions log out and we're lingering again I think.
Yu Watanabe [Tue, 16 Jan 2024 03:01:50 +0000 (12:01 +0900)]
network/nexthop: drop dependent routes on removal
If a nexthop is removed, dependent routes are silently removed by the kernel.
Hence, networkd may be confused that routes that depends on the nexthop still
exist, and may fail to configure other routes or so.
Yu Watanabe [Sun, 7 Jan 2024 05:41:56 +0000 (14:41 +0900)]
network/route: drop Route object even if we fail to remove the route
If we could not remove a route, then previously the corresponding
Route object was never removed, as it was freed only when we receive
remove notification from the kernel. So, we might confused that the
route still exists and being removed, and might block reconfiguring
the route.
With this change, even if we fail to remove a route, the corresponding
Route object will be freed.
If a route is requested, and the request is already called,
we may not received its reply and notification from the kernel, and
the corresponding Route object may not be remembered. Even in such
case, we need to remove the route, otherwise the route will come
later after the function called.
Frantisek Sumsal [Wed, 24 Jan 2024 18:19:29 +0000 (19:19 +0100)]
test: use the default nsec3-iterations value
In Knot 3.2 the nsec3-iterations default was changed to 0 and Knot now
issues a warning if the value is > 0. Let's just use the default value,
since it's not something that's important for our tests.
Mikko Ylinen [Thu, 18 Jan 2024 11:34:09 +0000 (13:34 +0200)]
efi: Add EFI CC measurement protocol to stub
In confidential computing, a virtual firmware may support measurement and
event log based upon the hardware Trusted Execution Environment (TEE)
capability.
The UEFI specification defines an interface between the virtual guest OS
and virtual firmware as EFI_CC_MEASUREMENT_PROTOCOL. The (vendor specific)
measurements are captured in the CC eventlog that follows the TCG2 format.
OVMF virtual firmware has the EFI_CC_MEASUREMENT_PROTOCOL support for
Intel Trust Domain Extensions (TDX). Intel TDX has 4 runtime measurement
registers (RTMR) defined as:
RTMR[0] for TDVF configuration
RTMR[1] for the TD OS loader and kernel
RTMR[2] for the OS application
RTMR[3] reserved for special usage only
The RTMR to PCR mappings are defined in the UEFI Spec 2.10 Section 38.4.1
as follows:
The CC measurement eventlog is currently exposed as a raw CCEL ACPI table
by the guest OS and the events can be replayed to check log matches with
the RTMR values.
Add EFI CC measurement protocol to stub to get the UKI components measured
and included in the remote attestation reports when vTPMs are not available.
Andrew Sayers [Tue, 9 Jan 2024 12:41:29 +0000 (12:41 +0000)]
Make RestartPreventExitStatus= documentation resemble SuccessExitStatus=
The documentation for `RestartPreventExitStatus=` differs from that for `SuccessExitStatus=` in ways that are sometimes confusing (e.g. using `numeric exit codes` instead of `numeric termination statuses`), and other times plain incorrect (e.g. not mentioning `termination status names`, which I've just confirmed to work in systemd 255).
This patch modifies the documentation to be as similar as possible, so as to reduce the reader's cognitive load.
Yu Watanabe [Sun, 14 Jan 2024 05:20:03 +0000 (14:20 +0900)]
network/route: manage all routes by Manager object
Previously, a Route object is owned by a Link object corresponding to the
outgoing interface of the route, and a Route object that does not have
outgoing interface is owned by the Manager object.
However, there were several issues:
- if a route has a nexthop ID, then the corresponding nexthop may be
changed to use another interface, hence the outgoing interface of the
route may be changed.
- if a route requested with MultiPathRoute=, then the link who requests
the route is different from the outgoing interface of the configured
route. So, we need to find routes on other interfaces on reconfiguring
or so.
By this change, the limit of the number of routes per-interface is
tentatively dropped. Let's re-introduce the limit later in a nicer way.
Takashi Sakamoto [Tue, 23 Jan 2024 06:20:29 +0000 (15:20 +0900)]
hwdb: ieee1394-unit-function: adjustment of entries with device attributes available in Linux v6.8
The series of changes[1] has been merged to Linux v6.8-rc1[2], which
alters the parser of the content of configuration ROM. As a result, some
device attributes for model information in the legacy layout of
configuration ROM are finally available for node and unit devices. The
change enables to distinguish the devices by model information, and what
is required in systemd PR 30205[3]. It can improve the hwdb for IEEE 1394
functions in the point addressed at issue 25029[4].
This commit fulfills some entries for the hwdb, which corresponds to some
devices with the legacy layout of configuration ROM. They provides both
vendor and model names to udev applications.
When I added the --background= switch I placed the empty line that was
supposed to separate the options from the next section before the switch
rather than after. Fix that.
To make issues like this harder to run into next time, let's move the \n
from the end of the preceeding line to the beginning of the section
title, since that's pretty much where they belong to.
Ivan Shapovalov [Sun, 7 Jan 2024 02:01:28 +0000 (03:01 +0100)]
hostname-setup: read hostname from system.hostname credential
`system.hostname` credential is treated similarly to the pre-existing
`system.machine_id` credential. It is considered after /etc/hostname,
but prior to the kernel defaults or os-release defaults.
Fixes #30667.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
repart: don't try to determine sector size from a disk image we should consider empty
If we are told to start from scratch we shouldn't look into the old
image to determine sector size. Looking there is confusing at best, but
plain wrong in many other cases.
Nick Rosbrook [Thu, 18 Jan 2024 20:49:42 +0000 (15:49 -0500)]
test-execute: skip tests that are broken without unprivileged userns
With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).
Additionally, if a kernel has the kernel.unprivileged_userns_clone
sysctl patch, and that sysctl is 0, then unprivileged userns creation
will always fail.
If a test unit is going to be run in a user manager, and that unit
requires PrivateUsers=yes (explicitly or implicitly), then skip it if
we do not have user namespace privileges.
Rafaël Kooi [Mon, 22 Jan 2024 16:04:07 +0000 (17:04 +0100)]
id128-util: Attempt to read UUID from /sys/hypervisor/uuid
When using the Xen hypervisor the virtual machine UUID is exposed here.
This is useful when one needs stable IPv4 address assignment, e.g. for a
set of RAM nodes that are built from a template.
color-util: make return values of rgb_to_hsv() optional
When we want to tint the bg color we don't care about the hue, we want
to set it ourself after all, hence make the arguments optional, so that
we don't even have to ask for it.
Frantisek Sumsal [Tue, 23 Jan 2024 12:06:55 +0000 (13:06 +0100)]
man: suffix signals with ()
Since signals can take arguments, let's suffix them with () as we
already do with functions. To make sure we remain consistent, make the
`update-dbus-docs.py` script check & fix any occurrences where this is
not the case.