If we request a DS and the resolver offers an unsigned SOA, a new
auxiliary transaction for the DS will be rejected as a loop, and we
might not make any progress toward finding the DS we need. Let's ensure
that we at least always check the parent in this case.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
core: Add systemd.crash_action= kernel command line argument
Required for integration tests to power off on PID 1 crashes. We
deprecate systemd.crash_reboot and related options by removing them
from the documentation but still parsing them.
If mac_selinux_access_check() or bus_verify_bypass_dump_ratelimit_async()
fail, we goto "ratelimited" where we set a custom D-BUS error. In
"ratelimited", we call sd_bus_error_setf() which eventually hits an
assert_return(!bus_error_is_dirty()). Avoid hitting this assertion by
passing NULL as the error to mac_selinux_access_check() and
bus_verify_bypass_dump_ratelimit_async() since we will override the error
immediately anyway if either fails.
We modify both functions as well to allow passing a NULL error and fix
the argument name as well while we're at it.
We already log to syslog using pam_syslog() for logs generated directly
within our pam plugins. However, any logs generated by our generic logging
macros that are invoked within a pam plugin will log to the console. Let's
make sure our generic logging macros are set up to log to syslog as well.
mkosi: Ignore version from versioned dependencies in .SRCINFO
Dependencies in .SRCINFO can be versioned. Let's make sure we ignore
any specified versions when grepping it for dependencies. Also update
the arch submodule to the latest to make sure the change works.
Mathias Lang [Thu, 25 Apr 2024 10:29:53 +0000 (12:29 +0200)]
networkd: Correct documentation for LinkLocalAddressing
LinkLocalAddressing accepts a boolean. This can be seen by looking at
`link_local_address_family_from_strong(cont char *s)` in
`src/network/netword-util.c#L102-108` which falls back to
`address_family_from_string`, defined two lines above (L100)
using `DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN`.
Richard Maw [Thu, 25 Apr 2024 11:18:57 +0000 (12:18 +0100)]
TEST-19-CGROUP: Skip on opensuse
OpenSUSE images seem to be unhappy with either how they are built
or what they are being asked to do.
The listed device-mapper failure is just one of the strange errors,
I have also seen it fail to propagate cgroup properties into new cgroups
that were previously guaranteed to exist.
Richard Maw [Tue, 23 Apr 2024 15:36:15 +0000 (16:36 +0100)]
mkosi: use generic ubuntu kernel for udev and nvme tests
TEST-17-UDEV expects to find scsi_debug and TEST-84-STORAGETM expects to
find nvmet-tcp.
This isn't ideal as it adds firmware, microcode and other drivers to the
initramfs, but there's no linux-modules-extra virtual package
to just include the extra modules.
sd-daemon: Replace SO_LINGER with shutdown() + recv()
Let's shutdown the write end and wait for EOF from the other side
before continuing to make sure that the receiver has received all
data we sent on the socket.
varlink: make errors returned by verify_unix_socket() systematic
Previously, if we encountered a non-socket fd we'd return ENOTSOCK the
first time, but the subsequent times we'd return ENOMEDIUM, due to
caching. Let's make sure we return the same errors all the the time.
sd-daemon: Set SO_LINGER on AF_VSOCK notify socket fds
We're still seeing problems in mkosi CI where we lose notify messages
sent over vsock from virtual machines because the virtual machine shuts
down before the socket buffers are flushed.
Let's try setting SO_LINGER on vsock sockets so that the kernel waits
until the buffers are flushed when we close the file descriptor.
To make sure it works, let's get rid of our previous workaround that
sends EXIT_STATUS earlier to reduce the chance of it not arriving.
This way, if it doesn't work, we'll notice it immediately due to CI
failures.
mkosi: Build minimal images and enable related integration tests
This commit adds definitions to build the minimal_0 and minimal_1
images with mkosi and includes them into the system image. We also
move the building of the various app-xxx and similar images that are
extremely minimal into the tests itself by moving the related logic
from install_verity_minimal() into a new function
install_extension_images() in util.sh. Because the mkosi /usr is
read-only, we now place the extension images in /tmp instead of
/usr/share.
Co-authored-by: Richard Maw <richard.maw@codethink.co.uk> Co-authored-by: sam-leonard-ct <sam.leonard@codethink.co.uk>
mkosi: Only archive outputs in systemd and systemd-stable repositories
Private forks would very quickly reach their quota or spend lots of
money trying to archive all these artifacts, so let's make sure it
only happens on our own repositories.
TEST-50-DISSECT: Make sure logging sockets are mounted into images
Otherwise we lose valuable logging from systemd-executor when things
go wrong since it can only log to the journal and not to the console
in these cases.
The expression for calculation of the _do_log values in the log_exec_*
macros need to be the same as the unit_log_level_test() function, used
to calculate _do_log in unit.h. The only difference between execute.h
and unit.h is the lack of the Unit structure.
Fixes: b646fc324a ("core: ensure execute/spawn functions can work without Unit object") Fixes: 210ca71cb5 ("core/execute: clean up log_exec_full_errno and friends") Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>