Daan De Meyer [Tue, 13 Dec 2022 18:52:18 +0000 (18:52 +0000)]
repart: Rework Minimize= option settings
Instead of having Minimize= take a boolean let's allow for two
different ways to enable it. "best" means we want the most minimal
image possible, which currently is only possible for read-only
filesystems but can be extended in the future with bisection
to find the most minimal possible size.
We also add "guess", which is the current behavior, where we
populate once and use the sparse size to make a reasonable guess
on a size that fits all the sources without needing to O(log(n))
tries to find the most minimal size.
basic: do not output emojis if not on a proper terminal
$TERM would generally be set if we're connected to a proper graphical terminal
emulator. In all other cases, in particular if $TERM is not set, we almost
certainly are not connected to something that can output emojis. In particular
the text console is unlikely to ever do it correctly.
So let's invert the check, and only write emojis if $TERM is set.
fstab-generator: use log message that matches reality
We *assume* that when /sys is read-only, we're running in a container. But
there can other reasons, for example root is mount ro and nobody has mounted
/sys yet, or somebody forgot to add /sys to the list of filesystem not to
remount ro in a sandbox. So let's actually say what we know instead of assuming.
systemd-fstab-generator was reporting that it's running in a container and I
spent a good few minutes trying to figure out why 'systemd-detect-virt -c'
disagrees, before noticing that it's just checking a different condition.
This is an octal number. We used the 0 prefix in some places inconsistently.
The kernel always interprets in base-8, so this has no effect, but I think
it's nicer to use the 0 to remind the reader that this is not a decimal number.
manager: execute generators in a mount namespace "sandbox"
When generators are executed during early boot, /tmp might not be available
yet. This causes problems with bash, because here-docs don't work. Even
non-shell code can often assume that /tmp is available. This limitation is
known to trip up people, and when the code is tested on a "normal" system,
everything works.
We can solve this nicely, and get another small benefit, by making most of the
file system read-only and "punching holes" for some dirs that should be
writable. The generator code runs with full privileges and can do anything it
wants by writing appropriate systemd units, so it doesn't make much sense to do
any significant sandboxing around generators. But making root read-only is nice
because it can catch stupid mistakes where the generator tries to write to a
wrong path or something like that. We effectively also get a "private /tmp" for
the generators, which protects them against existing files in /tmp.
The path does the following:
when executing generators, we fork, and the child unshares root and makes
it recursively read-only, with the exception of /sys and /run. Error handling
is permissive — if some of this setup fails, we're in the same state as
before the patch.
If the flag is set, we mount /tmp/ in a way that is suitable for generators and
other quick jobs.
Unfortunately I had to move some code from shared/mount-util.c to
basic/mountpoint-util.c. The functions that are moved are very thin wrappers
around mount(2), so this doesn't actually change much in the code split between
libbasic and libshared.
Implications for the host would be weird if a private mount namespace is not
used, so assert on FORK_NEW_MOUNTNS when the flag is used.
Nick Rosbrook [Wed, 14 Dec 2022 15:07:40 +0000 (10:07 -0500)]
journal: skip part of test-journal-interleaving if no machine-id exists
When executed on a systemd with an empty /etc/machine-id,
test-journal-interleaving fails in test_sequence_numbers_one() when
re-opening the existing "two.journal". This is because opening the
existing journal file with managed_journal_file_open() causes
journal_file_verify_header() to be called. This function tries to
compare the current machine-id to the machine-id in the journal file
header, but does not handle the case where the machine-id is empty or
non-existent.
Check if we have an initialized machine-id before executing this portion
of the test.
Nick Rosbrook [Mon, 12 Dec 2022 19:37:52 +0000 (14:37 -0500)]
test-fs-util: skip part of test_chase_symlinks if machine-id is not initialized
The part of test_chase_symlink in test-fs-util that calls
sd_id128_get_machine will fail if /etc/machine-id is empty, so skip this
block if the machine-id is not initialized.
Felix Riemann [Wed, 14 Dec 2022 14:02:39 +0000 (15:02 +0100)]
timesync: Keep trying to connect even if the socket cannot be opened
This makes sure that after a server could not be contacted due to a
socket error, other (possibly working) NTP servers in the list of
configured NTP servers are (re-)tried.
Use dummy allocator to make accesses defined as per standard
systemd uses malloc_usable_size() everywhere to use memory blocks
obtained through malloc, but that is abuse since the
malloc_usable_size() interface isn't meant for this kind of use, it is
for diagnostics only. This is also why systemd behaviour is flaky when
built with _FORTIFY_SOURCE.
One way to make this more standard (and hence safer) is to, at every
malloc_usable_size() call, also 'reallocate' the block so that the
compiler can see the larger size. This is done through a dummy
reallocator whose only purpose is to tell the compiler about the larger
usable size, it doesn't do any actual reallocation.
Florian Weimer pointed out that this doesn't solve the problem of an
allocator potentially growing usable size at will, which will break the
implicit assumption in systemd use that the value returned remains
constant as long as the object is valid. The safest way to fix that is
for systemd to step away from using malloc_usable_size() like this.
Yu Watanabe [Wed, 14 Dec 2022 05:31:09 +0000 (14:31 +0900)]
sd-id128: make sd_id128_get_machine() or friends return -EUCLEAN when an ID is in an invalid format
EINVAL suggests that the caller passes an invalid argument. EIO is
for "input/output error", i.e. the error you'd get if the disk or
file system is borked, and this error code could be returned by the
underlying read/write functions.
Let's make the functions return an unambiguous error code.
David Tardon [Mon, 12 Dec 2022 15:21:30 +0000 (16:21 +0100)]
swap: tell swapon to reinitialize swap if needed
If the page size of a swap space doesn't match the page size of the
currently running kernel, swapon will fail. Let's instruct it to
reinitialize the swap space instead.
During the call today we agreed to work towards -rc1 in January. Nevertheless,
I already started writing this up and I'll push it so it doesn't get lost.
I didn't include all the changes to systemd-repart, because those are still in
flux.
Luca Boccassi [Mon, 12 Dec 2022 22:10:18 +0000 (22:10 +0000)]
manager: add option to rate limit daemon-reload
Reloading is a heavy-weight operation, and currently it is not
possible to stop an orchestrator from spamming reload requests.
Add configuration options to allow rate-limiting.
Luca Boccassi [Mon, 12 Dec 2022 15:34:43 +0000 (15:34 +0000)]
manager: log unit/pid of sender when Reload() is called
Reloading is a heavy-weight operation, and currently it is not
possible to figure out who/what requested it, even at debug level
logging.
Check the sender of the D-Bus message and print it out at info level.
Mike Yuan [Sat, 10 Dec 2022 12:55:42 +0000 (20:55 +0800)]
systemctl: is-*: return correct code when no unit is found
According to systemctl(1), we should use LSB return code 4
(EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN) when the state
is "no such unit" for is-{active,failed,enabled} verbs.
coredump: cescape invalid json data before logging
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.
One had to read to the very end of the long description to notice that
the setting is actually primarily intended for oomd. So let's mention oomd
right at the beginning.
RUN_WITH_UMASK was initially conceived for spawning externals progs with the
umask set. But nowadays we use it various syscalls and stuff that doesn't "run"
anything, so the "RUN_" prefix has outlived its usefulness.
Daan De Meyer [Tue, 13 Dec 2022 12:14:49 +0000 (12:14 +0000)]
mkosi: Drop i686 packages
These are only needed for some kernel selftests but they prevent
building the mkosi image on aarch64 systems so let's drop them
until mkosi has support for conditional configuration so we can
only add these packages on the right architecture.
Peter Cai [Sat, 29 Oct 2022 23:00:53 +0000 (19:00 -0400)]
cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volume
After #25268, it is now possible to check whether a credential
is present on a FIDO2 token without actually attempting to retrieve said
credential. However, when cryptsetup plugins are not enabled, the
fallback unlock routines are not able to make multiple attempts with
multiple different FIDO2 key slots.
Instead of looking for one FIDO2 key slot when trying to unlock, we now
attempt to use all key slots applicable.
uerdogan [Mon, 12 Dec 2022 20:46:50 +0000 (21:46 +0100)]
Update 60-evdev.hwdb (#25704)
This solves Debian Bug report 1008760:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008760.
Solution was inspired by this kernel bug report message:
https://bugzilla.kernel.org/show_bug.cgi?id=204967#c15.
My measured pad dimensions with a ruler were 85x44mm.
But I decided to take the 2x size reported by the current kernel
when invoking the touchpad-edge-detector command from the
libdev-tools package. Because this comment claims that the old
vs new kernel reportings differ by factor 2:
https://bugzilla.kernel.org/show_bug.cgi?id=204967#c3 .
Therefore I have used this command to get the new entry to 60-evdev.hwdb:
"root@pb:~# touchpad-edge-detector 80x34 /dev/input/event2
Touchpad ETPS/2 Elantech Touchpad on /dev/input/event2
Move one finger around the touchpad to detect the actual edges
Kernel says: x [0..1254], y [0..528]
Touchpad sends: x [0..2472], y [-524..528] -^C
Touchpad size as listed by the kernel: 40x17mm
User-specified touchpad size: 80x34mm
Calculated ranges: 2472/1052