Mike Yuan [Sun, 31 Mar 2024 12:52:39 +0000 (20:52 +0800)]
units: introduce systemd-hibernate-clear.service that clears
stale HibernateLocation EFI variable
Currently, if the HibernateLocation EFI variable exists,
but we failed to resume from it, the boot carries on
without clearing the stale variable. Therefore, the subsequent
boots would still be waiting for the device timeout,
unless the variable is purged manually.
There's no point to keep trying to resume after a successful
switch-root, because the hibernation image state
would have been invalidated by then. OTOH, we don't
want to clear the variable prematurely either,
i.e. in initrd, since if the resume device is the same
as root one, the boot won't succeed and the user might
be able to try resuming again. So, let's introduce a
unit that only runs after switch-root and clears the var.
Martin Wilck [Wed, 6 Mar 2024 10:39:00 +0000 (11:39 +0100)]
99-systemd.rules: rework SYSTEMD_READY logic for device mapper
Device mapper devices are set up in multiple steps. The first step, which
generates the initial "add" event, only creates an empty container, which is
useless for higher layers. SYSTEMD_READY should be set to 0 on this event to
avoid premature device activation.
The event that matters is the "activation" event: the first "change" event on
which DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 is not set. When this event arrives,
the device is ready for being scanned by blkid and similar tools, and for being
activated by systemd.
Intermittent events with DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 should be ignored
as far as systemd or higher-level block layers are concerned. Previous device
properties and symlinks should be preserved: the device shouldn't be scanned or
activated, but shouldn't be deactivated, either. In particular, SYSTEM_READY
shouldn't be set to 0 if it wasn't set before, because that might cause mounted
file systems to be unmounted. Such intermittent events may occur any time,
before or after the "activation" event.
DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 can have multiple reasons. One possible reason
is that the device is suspended. There are other reasons that depend on the
device-mapper subsystem (LVM, multipath, dm-crypt, etc.).
The current systemd rule set
1) sets SYSTEMD_READY=0 if DM_UDEV_DISABLE_OTHER_RULES_FLAG is set in "add"
events;
2) imports SYSTEMD_READY from the udev db if DM_SUSPENDED is set, and jumps to systemd_end;
3) sets SYSTEMD_READY=1, otherwise.
This logic has several flaws:
* 1) can cause file systems to be unmounted if an coldplug event arrives while
a file system is suspended. This rule shouldn't be applied for coldplug events
or in general, "synthetic" add events;
* 2) evaluates DM_SUSPENDED=1, which is a device-mapper internal property.
It's wrong to infer that a device is accessible if DM_SUSPENDED=0.
The jump to systemd_end may cause properties and/or symlinks to be lost;
* 3) is superfluous, because SYSTEMD_READY=1 is equivalent with SYSTEMD_READY
being unset, and can create the wrong impression that the device was explicitly
activated.
This patch fixes the logic as follows:
- apply 1) only if DM_NAME is empty, which is only the case for the first
"genuine add" event;
- change 2) to use DM_UDEV_DISABLE_OTHER_RULES_FLAG instead of DM_SUSPENDED,
and remove the GOTO directive;
- remove 3).
Fixes: b7cf1b6 ("udev: use SYSTEMD_READY to mask uninitialized DM devices") Fixes: 35a6750 ("rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#2747)") Signed-off-by: Martin Wilck <mwilck@suse.com>
sd-bus-vtable: add dummy macro to support compile without GNU extension
If SD_BUS_METHOD_WITH_ARGS() is set with SD_BUS_NO_ARGS and/or SD_BUS_NO_RESULT,
then it introduces
_SD_VARARGS_FOREACH_EVEN(_SD_ECHO, NULL)
-> _SD_VARARGS_FOREACH_SEQ(_01, …, _50, NULL)
Hence, the variadic argument `...` in _SD_VARARGS_FOREACH_SEQ() has no
argument, but it is not allowed if built without GNU extension, e.g. -std=c11.
Let's introduce one more unused dummy argument to support such situation.
Also, this drops Weblate (again) and dependabot from the contributers list.
Moreover, this makes the contributers sorted by git command, rather
than sort command. Then, the authors are sorted by their first name, e.g.
- before
Xiaotian Wu, Yuri Chornoivan, Yu Watanabe, Zbigniew Jędrzejewski-Szmek,
- after
Xiaotian Wu, Yu Watanabe, Yuri Chornoivan, Zbigniew Jędrzejewski-Szmek,
Prep work for running the integration tests with meson, which requires
tests to exit with 77 to indicate they are skipped.
Note this only deals with the easy cases where there's only tests. The
hard ones where there's subtests of which only some are skipped are left
for another PR.
These are only used in the importd binary, which is a leaf optional
binary that also depends on libcurl, so it's not worth the
additional complications
core: correctly deserialize credentials with empty payload
For example with SetCredential=mycred: the data payload is empty, but it
is still a valid credential.
This reorders the arguments when serializing credentials, so the
possibly empty argument is not at the end of the serialized string. This
way we can still easily use the extract_many_words() machinery, and with
the use of EXTRACT_DONT_COALESCE_SEPARATORS properly deserialize even an
empty credential. This changes LoadCredentials= as well just to keep the
code for (de)serializing both directives in sync.
ci: fix commit SHA for stefanbuck/github-issue-parser
The SHA for this action was updated by Dependabot in #25900 to a commit
which later disappeared from the repo. Since then Dependabot kept
(silently) failing to bump the SHA further:
Luca Boccassi [Sun, 31 Mar 2024 22:18:09 +0000 (23:18 +0100)]
man: add self-contained example of notify protocol
We are saying in public that the protocl is stable and can be easily
reimplemented, so provide an example doing so in the documentation,
license as MIT-0 so that it can be copied and pasted at will.
mkosi: Use '-' instead of '.' to separate upstream version and debian revision
The debian revision starts after the '-' character, so make sure the
timestamp we append is treated as the revision instead of being a part
of the upstream version.
Mike Yuan [Thu, 28 Mar 2024 16:43:25 +0000 (00:43 +0800)]
core/mount: if mount is gone eventually, consider it success
Currently, if unmount initiated by us fails, we record
that in result. Later, if we tried again and succeeded,
or someone else successfully unmounted it, the unit
state is still considered failed. Let's be more tolerant
instead, and forget about previous failure.
Burak Gerz [Fri, 29 Mar 2024 23:41:51 +0000 (00:41 +0100)]
sysupdate: print assumed value
The MatchPattern= in Target specification is documented as mandatory,
but if not defined sysupdate will assume the same value as definied
in Source specification and continue execution. Print this
assumptions to the user
Adrian Vovk [Fri, 29 Mar 2024 00:38:09 +0000 (20:38 -0400)]
manager: Freeze/Thaw: Don't fail units w/o cgroup
Previously, it was impossible to freeze or thaw a slice if it is an
ancestor to a unit that had no running cgroup (i.e. a service with
RemainAfterExit=yes). Instead of failing with EBUSY (which would
confusingly get reported as "Unit has pending job") we just silently
no-op.
I noticed this because we now have user-runtime-dir@.service, which
would make it impossible to freeze/thaw user.slice or user-<UID>.slice
Luca Boccassi [Fri, 29 Mar 2024 01:29:07 +0000 (01:29 +0000)]
core: apply ReloadLimit to reexec too
Same reason as the reload, reexec is disruptive and it requires the
same privileges, so if somebody wants to limit reloads, they'll also
want to limit reexecs, so use the same setting.
Yu Watanabe [Thu, 28 Mar 2024 07:24:59 +0000 (16:24 +0900)]
udev: make udevadm test and test-builtin not destructive
Previously, 'udevadm test' performs not only processing udev rules,
but made several destructive change on the system; updating udev
database, device node permission, devlinks, network interface
properties, and so on.
Similary, 'udevadm test-builtin' may perform something destructive,
especially by 'keyboard', 'kmod', and 'net_setup_link' builtins.
Let's make these commands and test executables not change device
configurations.
Yu Watanabe [Sun, 17 Mar 2024 06:23:38 +0000 (15:23 +0900)]
ndisc-option: allow to set valid time of options
When an option is delegated from an upstream server, its lifetime
may be limited by a time. Such functionality will be used later by
sd-radv.
This also remove 'offset' argument from the option setter
ndisc_option_set_xyz(), and make it update existing option.
See comments in ndisc_option_add_link_layer_address() for more details.
Yu Watanabe [Fri, 22 Mar 2024 08:46:00 +0000 (17:46 +0900)]
journalctl-filter: use add_match_boot_id() instead of add_match_this_boot()
The function add_match_this_boot() calls sd_journal_add_conjunction(),
hence, we cannot specify multiple devices in the extra match arguments,
e.g., "journalctl /dev/sda /dev/sdb" shows no entry.
Mike Yuan [Wed, 27 Mar 2024 11:45:34 +0000 (19:45 +0800)]
sleep: add SleepMemMode= setting for configuring /sys/power/mem_sleep
The setting is used when /sys/power/state is set to 'mem'
(common for suspend) or /sys/power/disk is set to 'suspend'
(hybrid-sleep). We default to kernel choice here, i.e.
respect what's set through 'mem_sleep_default=' kernel
cmdline option.
Adrian Vovk [Thu, 21 Mar 2024 23:28:38 +0000 (19:28 -0400)]
homed: Release(): fix assertion failure
This fixes a race condition crash in homed that would happen in the
following sequence of events:
1. Client 1 takes a ref on the home area
2. Client 1 calls some method via dbus
3. Client 2 calls Release()
In homed, the Release() would check if a ref is still held (in this
case: yes it is) and returns an error. Except that is done through a
code-path that asserts that no operations are ongoing. In this case,
it's valid to have an ongoing operation, and so the assertion fails
causing homed to crash.
Luca Boccassi [Wed, 27 Mar 2024 21:14:15 +0000 (21:14 +0000)]
run: fix generated unit name clash after soft-reboot
When sd-run connects to D-Bus rather than the private socket, it will
generate the transient unit name using the bus ID assigned by the D-Bus
broker/daemon. The issue is that this ID is only unique per D-Bus run,
if the broker/daemon restarts it starts again from 1, and it's a simple
incremental counter for each client.
So if a transient unit run-u6.service starts and fails, and it is not
collected (default on failure), and the system soft-reboots, any new
transient unit might conflict as the counter will restart:
Failed to start transient service unit: Unit run-u6.service was already loaded or has a fragment file.
Get the soft-reboot counter, and if it's greater than zero, append it
to the autogenerated unit name to avoid clashes.
Yu Watanabe [Mon, 25 Mar 2024 13:15:51 +0000 (22:15 +0900)]
journalctl-authenticate: use is_dir() and refuse symlink for /var/log/journal
I am not sure it is explicitly documented that /var/log/journal should
be a directory, rather than a symlink to a directory, but the current
code of journald seems not to support symlinked directory well. Let's
refuse that at least here and now.
Frantisek Sumsal [Wed, 27 Mar 2024 18:35:30 +0000 (19:35 +0100)]
test: check for /dev/loop-control when checking lodev availability
losetup in util-linux 2.40 started reporting lost loop devices [0] and
it has an unfortunate side-effect where it reports lost devices even in
containers, which then makes the loop device check "falsely" pass [1].
Let's just check for /dev/loop-control explicitly to "work around" this.
Michal Koutný [Tue, 20 Feb 2024 18:26:16 +0000 (19:26 +0100)]
timedated: Respond on org.freedesktop.timedate1.SetNTP only when really finished
The method returns prematurely (before jobs it triggers terminate). This
is externally visible because other methods may fail if jobs did not
finish.
Postpone the DBus method response until we collect all signals for
finished jobs.
systemd-timedated keeps track of in-flight DBus requests and answers
them all in unspecified order when jobs finish. The capacity of requests
in systemd-timedated is limited.
projects / thirdparty / systemd.git / log
