shared/build: make the version string definition less terrible
The BLKID and ELFUTILS strings were present twice. Let's reaarange things so that
each times requires definition in exactly one place.
Also let's sort things a bit:
the "heavy hitters" like PAM/MAC first,
then crypto libs,
then other libs, alphabetically,
compressors,
and external compat integrations.
I think it's useful for users to group similar concepts together to some extent.
For example, when checking what compression is available, it helps a lot to have
them listed together.
FDISK is renamed to LIBFDISK to make it clear that this is about he library and
the executable.
Florian Westphal [Fri, 19 Jun 2020 11:33:19 +0000 (13:33 +0200)]
fw_add_local_dnat: remove unused function arguments
All users pass a NULL/0 for those, things haven't changed since 2015
when this was added originally, so remove the arguments.
THe paramters are re-added as local function variables, initalised
to NULL or 0. A followup patch can then manually remove all
if (NULL) rather than leaving dead-branch optimization to compiler.
Reason for not doing it here is to ease patch review.
Not requiring support for this will ease initial nftables backend
implementation.
In case a use-case comues up later this feature can be re-added.
Yu Watanabe [Wed, 2 Dec 2020 10:19:06 +0000 (19:19 +0900)]
network: do not set broadcast if prefixlen is 31 or 32
After fe841414ef157f7f01d339c5d5730126e7b5fe0a, broadcast address is
also compared with existing one to determine whether the address is
foregin or not. So, the address object should not contain unnecessary
information.
resolved: beef up logic for suppressing "localhost" entry in /etc/hosts
Either suppress the entry entirely, or not at all. But do not suppress
the "localhost" names we recognize, leaving the ones we do not in place.
On Fedora, where "localhost4.localdomain4" is among those listed in
/etc/hosts for 127.0.0.1 we'd thus otherwise drop the "localhost" but
keep the "localhost4.localdomain4" and then on reverse lookups only
return that, which is highly confusing.
resolved: never allow _gateway lookups to go to the network
Make them rather fail than go to the network.
Previously we'd filter them on LLMNR (explicitly) and MDNS (implicitly,
because it doesn't have .local suffix), but not on DNS.
In order to make _gateway truly reliable, let's not allow it to go to
DNS either, and keep it local.
This is particular relevant, as clients can now request lookups without
local RR synthesis, where we'd rather have NXDOMAIN returned for
_gateway than have it hit the network.
resolved: lower SERVFAIL cache timeout from 30s to 10s
Apparently 30s is a bit too long for some cases, see #5552. But not
caching SERVFAIL at all also breaks stuff, see explanation in 201d99584ed7af8078bb243ce2587e5455074713.
Let's try to find some middle ground, by lowering the cache timeout to
10s. This should be ample for the problem 201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as
half a miute, as #5552 complains.
resolved: automatically flush caches on clock change
DNSSEC validation takes the system clock into account to validate
signatures. This means if we had incorrect time and the time is then
changed to the correct one we should flush out everything and
re-validate taking the new time into account.
(This logic will also trigger after system suspend, which is not bad
either, given that quite possibly we are connected to a different
network, and thus would get different DNS data, without us noticing
otherwise via link beat).
virt: Properly detect nested UML inside another hypervisor
UML runs as a user-process so it can quite easily be ran inside of
another hypervisor, for instance inside a KVM instance. UML passes
through the CPUID from the host machine so in this case detect_vm
incorrectly identifies as running under KVM. So check we are running
a UML kernel first, before we check any other hypervisors.
Resolves: #17754
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
resolved: bind socket to interface during connect()
Apparently, IF_UNICAST_IF does not influence the routing decisions done
during connect(). But SO_BINDTODEVICE/SO_BINDTOINDEX does, which however
brings a lot of other semantics with it, we are not so interested in
(i.e. it doesn't not allow packets from any other iface to us, even if
routing otherwise allows it).
Hence, let's bind to the ifindex immediately before the connect() and
unbind right after again, so that we get the semantics we want, but not
the ones we don't.
meson: allow fuzzers to be built even if fuzz testing is disabled
This makes commands like 'ninja -C build fuzz-journal-remote' or
'ninja -C build fuzzers' work, even if we have -Dfuzz-tests=false.
Two advantages: correctness of the meson declarations is verified even
if fuzzers are not built, and it easier to do a one-off build to check for
regressions or such.
Yu Watanabe [Tue, 24 Nov 2020 06:47:13 +0000 (15:47 +0900)]
network: stop to assign UUID when reconfiguring link
This fixes the following race in reconfiguring link:
1. an interface requests UUID.
2. the interface is reconfigured and link_configure() is called.
3. sd-lldp client is started on the interface (it is enabled by default).
4. networkd acquires UUID, and get_product_uuid_handler() calls
link_configure() for the link again.
5. link_lldp_rx_configure() fails to set ifindex for already running
sd-lldp client.
6. the link enters failed state.
Putative NEWS entry:
* Urlification is now enabled by default even when a pager is used.
Previously it was disabled, because less would not show such markup
properly. This has been fixed in less 568.
Please either upgrade less, or use SYSTEMD_URLIFY=0 to disable the
feature.
Let's a concept of "rate limiting" to event sources: if specific event
sources fire too often in some time interval temporarily take them
offline, and take them back online once the interval passed.
This is a simple scheme of avoiding starvation of event sources if some
event source fires too often.
This introduces the new conceptual states of "offline" and "online" for
event sources: an event source is "online" only when enabled *and* not
ratelimited, and offline in all other cases. An event source that is
online hence has its fds registered in the epoll, its signals in the
signalfd and so on.
sd-event: remove earliest_index/latest_index into common part of event source objects
So far we used these fields to organize the earliest/latest timer event
priority queue. In a follow-up commit we want to introduce ratelimiting
to event sources, at which point we want any kind of event source to be
able to trigger time wakeups, and hence they all need to be included in
the earliest/latest prioqs. Thus, in preparation let's make this
generic.
No change in behaviour, just some shifting around of struct members from
the type-specific to the generic part.
sd-event: ref event loop while in sd_event_prepare() ot sd_event_run()
sd_event_prepare() invokes callbacks that might drop the last user ref
on our event loop. Let's make sure we keep an explicit ref around it, so
that we won't end up with an invalid pointer. Similar in sd_event_run().
Basically, any function that is publically callable that might end up
invoking callbacks should ref the relevant objects to be protected
against callbacks destroying these objects while we still want to access
them. We did this correctly in sd_event_dispatch() and sd_event_loop(),
but these are not the only ones which are callable from the outside.
The comment is pointless, ECC systematically doesn't allow
encryption/decryption directly, only RSA does that. If you want to use
ECC for asymmetric encryption/decryption you have to combine it with key
exchange scheme and symmetric scheme. This all is not a limitation of
the Yubikey, hence don't claim so. It's just how ECC is.
cryptsetup: port cryptsetup's main key file logic over to read_full_file_full()
Previously, we'd load the file with libcryptsetup's calls. Let's do that
in our own, so that we can make use of READ_FULL_FILE_CONNECT_SOCKET,
i.e. read in keys via AF_UNIX sockets, so that people can plug key
providers into our logic.
This provides functionality similar to Debian's keyscript= crypttab
option (see → #3007), as it allows key scripts to be run as socket
activated services, that have stdout connected to the activated socket.
In contrast to traditional keyscript= support this logic runs stuff out
of process however, which is beneficial, since it allows sandboxing and
similar.
meson: add missing "S" to SYSTEMD_CGROUPS_AGENT_PATH
Other similar variables use the binary name underscorified and upppercased
(with "_BINARY" appended in some cases to avoid ambiguity). Add "S" to follow
the same pattern for systemd-cgroups-agent.
Franck Bui [Mon, 30 Nov 2020 14:26:15 +0000 (15:26 +0100)]
scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope
Commit 428a9f6f1d0396b9eacde2b38d667cbe3f15eb55 freed u->pids which is
problematic since the references to this unit in m->watch_pids were no more
removed when the unit was freed.
This patch makes sure to clean all this refs up before freeing u->pids by
calling unit_unwatch_all_pids().
sd-dhcp-client: report transient DHCP failure to the caller
So far we only reported major state transitions like failure to acquire
the message. Let's report the initial failure after a few timeouts in
a new event type.
The number of timeouts is hardcoded as 3, since Windows seems to be using
that. I don't think we need to make this configurable out of the box. A
reasonable default may be enough.
networkd: merge ll addressing fallback modes into normal "boolean" values
They are not really boolean, because we have both ipv4 and ipv6, but
for each protocol we have either unset, no, and yes.
From https://github.com/systemd/systemd/issues/13316#issuecomment-582906817:
LinkLocalAddressing must be a boolean option, at least for ipv4:
- LinkLocalAddressing=no => no LL at all.
- LinkLocalAddressing=yes + Static Address => invalid configuration, warn and
interpret as LinkLocalAddressing=no, no LL at all.
(we check that during parsing and reject)
- LinkLocalAddressing=yes + DHCP => LL process should be subordinated to the
DHCP one, an LL address must be acquired at start or after a short N
unsuccessful DHCP attemps, and must not stop DHCP to keeping trying. When a
DHCP address is acquired, drop the LL address. If the DHCP address is lost,
re-adquire a new LL address.
(next patch will move in this direction)
- LinkLocalAddressing=fallback has no reason to exist, because LL address must
always be allocated as a fallback option when using DHCP. Having both DHCP
and LL address at the same time is an RFC violation, so
LinkLocalAdressing=yes correctly implemented is already the "fallback"
behavior. The fallback option must be deprecated and if present in older
configs must be interpreted as LinkLocalAddressing=yes.
(removed)
- And for IPv6, the LinkLocalAddress option has any sense at all? IPv6-LL
address aren't required to be always set for every IPv6 enabled interface (in
this case, coexisting with static or dynamic address if any)? Shouldn't be
always =yes?