Tad Fisher [Fri, 6 Oct 2023 20:52:07 +0000 (13:52 -0700)]
resolve: use exact-match domain as routing domain for single-labels
With ResolveUnicastSingleLabel=yes, a scope's search domains are affixed to the
query even when a routing domain matches the single-label query name,
preventing the use of dotless single-label domains entirely.
This changes dns_scope_name_wants_search_domain() to return false when the
scope contains an exact match of the single-label name in the query, allowing
lookups for dotless domains with ResolveUnicastSingleLabel enabled.
Let's wait for the "latest" message systemd-bsod prints to the console
to appear, otherwise we might be too fast and take a console snapshot
before it contains all the information:
[ 44.237788] testsuite-04.sh[1744]: + setterm --term linux --dump --file /tmp/console.dump
[ 44.246089] systemd-bsod[1858]: QR code could not be printed, ignoring: Operation not supported
[ 44.305692] testsuite-04.sh[1744]: + grep -aq 'The current boot has failed' /tmp/console.dump
[ 44.308047] testsuite-04.sh[1744]: + grep -aq 'Service emergency message' /tmp/console.dump
[ 44.311200] testsuite-04.sh[1744]: + grep -aq 'Press any key to exit' /tmp/console.dump
[ 44.314359] testsuite-04.sh[1744]: + at_exit
[ 44.315087] testsuite-04.sh[1744]: + local EC=1
[ 44.315945] testsuite-04.sh[1744]: + [[ 1 -ne 0 ]]
[ 44.316647] testsuite-04.sh[1744]: + [[ -e /tmp/console.dump ]]
[ 44.318305] testsuite-04.sh[1744]: + cat /tmp/console.dump
[ 44.319320] testsuite-04.sh[1871]: The current boot has failed!
[ 44.319970] testsuite-04.sh[1871]: Service emergency message
<ulinks> contents are used to generate a SEE ALSO section at the
bottom of a man page, so we need to include the title, without additional
words, in the content.
As pointed out in https://github.com/systemd/systemd/issues/29814, we need to
use phrases are are meaningful on their own, because the man page formatter
creates a list at the bottom. With <ulink>see docs</ulink>, we end up with:
NOTES:
1. see docs
https://some.url/page
2. see docs
https://some.url/page2
which is not very useful :(
Also, the text inside the tag should not include punctuation.
Python helper:
from xml_helper import xml_parse
for p in glob.glob('../man/*.xml'):
t = xml_parse(p)
ulinks = t.iterfind('.//ulink')
for ulink in ulinks:
if ulink.text is None: continue
text = ' '.join(ulink.text.split())
print(f'{p}: {text}')
jjimbo137 [Mon, 6 Nov 2023 16:39:01 +0000 (11:39 -0500)]
tcrypt: try all entered passphrases instead of just the first one (#29837)
Previously only the first entered passphrase would be used. Add the ability to check all the passwords entered by the user. The total number of passwords entered is still limited by passphrase entry limit.
I am sorry, I totally forgot adding emojis reflecting the state of each
PCR. I hope I can do better in future, and hereby I'd like to rectify
the situation a bit.
Daan De Meyer [Mon, 23 Oct 2023 09:18:35 +0000 (11:18 +0200)]
kernel-install: Add --json option for inspect verb
In mkosi, we can't use kernel-install directly but we do want to
mimick its behavior as much as possible. Let's make that easier by
making it easy to fetch data from kernel-install as JSON.
To get all the necessary data, we extend the inspect verb to also
allow passing in a kernel version and initrds, to mimick the "add"
verb. The kernel version is used to determine the "Entry Directory",
and in absence of auto-detection of kernel version in kernel-install
we have to allow users to pass it.
Yu Watanabe [Mon, 6 Nov 2023 11:39:46 +0000 (20:39 +0900)]
sd-device-monitor: unconditionally increase buffer size by sd_device_monitor_new()
As suggested at https://github.com/systemd/systemd/pull/29872#discussion_r1382932633:
> socket memory is these days accounted to the process that owns a socket,
> hence we shouldn't be too concerned that this might waste memory.
- link->network->ipv6_hop_limit must not be updated, as it may be used
by multiple interfaces,
- We may receive multiple RA from multiple routers with different hop
limit, and we should not make the default hop limit flicking,
- First of all, there is no reason that we need to update the default hop
limit,
- The original issue should be caused by the hash and compare functions
for Route object.
Previously, OBJECT_UNUSED was used for 'pinning' the mmap cache for an
object. But, OBJECT_UNUSED is also used for reading object when type
cannot be determined before read, e.g. when reading the tail object.
Let's introduce another category for pinning mmap cache, and use it when
we want to temporary pin an object.
- Rename generic_array_bisect_one() -> generic_array_bisect_step(), as there
is also generic_array_bisect_plus_one(), so the original name is confusing.
- Make generic_array_bisect_step() return TEST_GOTO_NEXT or TEST_GOTO_PREVIOUS
when the current array does not contain any matching entries.
- Make generic_array_bisect_step() symmetric with respect to the direction
we are going to, except for the journal corruption handling.
- Make generic_array_bisect_step() gracefully handle journal corruptions,
so the corruption handling in the caller side can be mostly dropped.
- Especially, when the last entry in an array is corrupted, previously
we tried to find a valid entry sequentially from the end of the array,
but now we anyway bisect the array. That should improve performance of
reading corrupted journal files.
- Return earlier when no entry linked to the chained array (n == 0).
- Add many comments.
In the loop of the generic_array_bisect(), the offset of the entry array
object is unchanged, the object is read at the beginning of the loop, and
we do not read any other entry array object. Hence, it is not necessary to
re-read the object every time we use the object.
hexdecoct: implicitly parse URL-safe base64 format, too
JSON-I (RFC 7493) suggests to use the URL safe base64 alphabet, rather
than the regular one when encoding binary data in JSON strings. We
generally uses the regular alphabet though.
Let's be tolerant in what we parse however: simply accept both formats
when we parse base64.
This does nothing about base64 generation though, only about parsing.
David Tardon [Fri, 3 Nov 2023 13:01:54 +0000 (14:01 +0100)]
udevadm-control: return early if --exit is used
All the following commands would just fail with -ENOANO anyway, hence
there's no point in sending them. And it allows us to shave off some
error handling code.
David Tardon [Fri, 3 Nov 2023 12:12:42 +0000 (13:12 +0100)]
udevadm-control: parse all args in advance
This is mostly just refactoring to make the code more manageable and
extendable. It doesn't introduce any semantic changes, but it
"optimizes" the communication with udevd a bit:
* If an option is used multiple times, only one command will be sent. If
the option takes a value, the value of the final appearance of the
option is used. The only exception is --property, which is additive by
nature.
* Options --start-exec-queue and --stop-exec-queue are handled together.
Only one of START_QUEUE/STOP_QUEUE commands will be sent to udevd even
if both options appear on the command line.
Luca Boccassi [Wed, 1 Nov 2023 19:39:37 +0000 (19:39 +0000)]
core: check that extensions have the hierarchies before overlaying
Before confext was added, hierarchies always existed in extensions. Now
they are optional - i.e., a sysext will not contain /etc/. So mixing a
confext and a sysext fails, as we'll try to create an overlay with /etc/
from the base, the confext and the sysext, but the latter doesn't have
the directory.
After the source images are mounted, check that each hierarchy exists in
each source image before creating the overlay, and drop them if they
don't.
Let's install a simple no-op signal handler without SA_RESTART for
SIGINT/SIGTERM, which allows us to interrupt read_one_char() and follow
it up with a proper cleanup, including restoring the vt to the original
state.
Introduce a new env variable $SYSTEMD_NSPAWN_CHECK_OS_RELEASE, that can
be used to disable the os-release check for bootable OS trees. Useful
when trying to boot a container with empty /etc/ and bind-mounted /usr/.