meson: restore specifications of dependency on version_h
This partially reverts 3c1eee5beda642707037b189481c3c30d1668da7.
I thought that it is not necessary, but
https://mesonbuild.com/Reference-manual_functions.html#vcs_tag says:
> This method returns a custom_tgt should be used to signal dependencies if
> other targets use the file outputted by this.
>
> For example, if you generate a header with this and want to use that in a
> build target, you must add the return value to the sources of that build
> target. Without that, Meson will not know the order in which to build the
> targets.
We can use version_h directly, since we already have it.
Luca Boccassi [Mon, 28 Aug 2023 10:03:45 +0000 (11:03 +0100)]
test-dhcp-client: add temporary workaround for assertion failure
Workaround for https://github.com/systemd/systemd/issues/28990
Introduced by https://github.com/systemd/systemd/pull/28932 but CI was
green there. Add a workaround to get the CI back in shape while it is
being investigated.
boot: don't pass kernel cmdline option to UKIs which have the very same line built-in
There's really no point in first extracting a command line from an UKI
to just pass it unmodified to the UKI. In particular as this is
systematically ignored in SecureBoot is enabled.
Let's drop this, so that unless the user actually edits the cmdline we
pass nothing to the invoked kernel.
Note that this low-key is a compat break, since the passed cmdline gets
measured. However, in the interest of minimized the difference between
systems with and without sd-boot to behave the same i think we should
suppress the command line anyway.
Chris Patterson [Fri, 25 Aug 2023 21:23:40 +0000 (17:23 -0400)]
99-systemd.rules.in: tag PTP devices with systemd
Chronyd and similar time services, when using PTP devices, may need
the BindsTo/After directives to ensure the devices are available
before starting. Tag PTP devices with systemd to allow for wider
adoption.
Signed-off-by: Chris Patterson <cpatterson@microsoft.com>
Yu Watanabe [Wed, 23 Aug 2023 04:25:35 +0000 (13:25 +0900)]
sd-dhcp-client: make client initially in stopped state
Previously, DHCP_STATE_STOPPED and DHCP_STATE_INIT are both handled as
not-running. Moreover, previously after sd_dhcp_client_start() is
called, the client still in INIT state (and thus handled as not-running)
even if its internal timer event sources are initialized.
Let's make only STOPPED state handled as not-running, and make the
client initially in STOPPED state.
Let's also use vcs_tag() when we're doing a non-git build. In those scenarios,
the build would normally be done just once in a given copy, so doing an extra
call does not matter. We can save a few lines of meson config.
The special path was added in 064b8e2c99ceb348c515353cc5c7d7bd05c49fcb, with
the justifaction that vcs_tag() is slow and -Dversion-tag=foo can be used to
fix the version tag and speed up partial rebuilds. I think the justification
for this is weak: having an accurate version tag is particularly useful when
developing the code. Shaving of a fraction of a second at the cost of having to
manually update the version seems iffy.
Secondly, with vcs_tag() we can be pretty sure that meson will build the
version file first and that it'll be available to all build steps. Because we
didn't use version tag, we had to manually specify the dependency on version.h
in various places. It seems nicer to use vcs_tag() and not have to deal with
this problem at all.
Finally, the savings in time seem much smaller than back when 064b8e2c99ceb348c515353cc5c7d7bd05c49fcb was made. It reported a change
from 94 ms to 521 ms. But now the difference seems to be about 50 ms:
Before this patch:
$ time ninja -C build
ninja: Entering directory `build'
ninja: no work to do.
ninja -C build 0.04s user 0.02s system 97% cpu 0.057 total
ninja -C build 0.03s user 0.01s system 97% cpu 0.049 total
ninja -C build 0.03s user 0.02s system 96% cpu 0.051 total
ninja -C build 0.03s user 0.01s system 96% cpu 0.049 total
ninja -C build 0.03s user 0.01s system 97% cpu 0.046 total
With the two patches in this PR:
systemd-stable [drop-versiondep] time ninja -C build
ninja: Entering directory `build'
[1/669] Generating version.h with a custom command
ninja -C build 0.08s user 0.03s system 98% cpu 0.106 total
ninja -C build 0.08s user 0.03s system 98% cpu 0.104 total
ninja -C build 0.09s user 0.02s system 98% cpu 0.116 total
ninja -C build 0.08s user 0.02s system 97% cpu 0.108 total
Overall, I think the tiny time savings are not worth the complexity.
Daan De Meyer [Fri, 25 Aug 2023 11:55:36 +0000 (13:55 +0200)]
Limit rlim_max in rlimit_nofile_safe() to nr_open
We might inherit a max rlim value that's larger than the kernel's
maximum (nr_open). This will cause setrlimit() to fail as the given
maximum is larger than the kernel's maximum. To get around this,
let's limit the max rlim we pass to rlimit() to the value of nr_open.
Let's a "b" helper for json_variant_set_field() that combines
json_build() with json_variant_set_field(), similar to the
json_variant_merge_objectb(), json_variant_append_arrayb().
json_append() is a useful wrapper around json_variant_merge(). However,
I think the naming sould be cleaned up a bit of both functions.
I thinker "merge" is the better word than "append", since it does
decidedly more than just append: it replaces existing fields of the same
name, hence "merge" sounds more appropriate. This is as opposed to the
similar operations for arrays, where no such override logic is applied
and we really just append, hence those functions are called "append"
already.
To make clearer that "merge" is about objects, and "append" about
arrays, also include "object" in the name.
Also, include "json_variant" in the name, like we do for almost all
other functions in the JSON API that take a JSON object as primary
input, and hence are kinda object methods.
Finally, let's follow the logic that helpers that combine json_build()
with some other operation get suffixed with "b" like we already have in
some cases.
This mirrors nicely the existing:
json_variant_append_array()
json_vairant_append_arrayb()
This also drops the variant of json_append() that takes a va_arg
parameter (i.e. json_appendv()). We have no user of that so far, and
given the nature as a helper function only I don#t see that happening,
and if it happens after all it's trivial to bring back.
The commit assign "custom" to fixed DUID type 5. When making DUID fully
configurable, the type number should be also configurable. Also, the
fully custom DUID should be acceptable for DHCPv4.
We went back-and-forth a bit on this. Very old meson would print a message
about detecting the program if a quoted argument was used, leading to a lot of
noise. So we started to convert various places to use the variable, but then it
turned out that meson < 0.56.2 doesn't handle this correctly and we reverted to
using strings everywhere in 7c22f07cbd86b39e78990057687e5509fa299672. Then at
some point we stopped supporting old meson and over time we started using the
variable in various places again, somewhat inconsistently. Then most calls to
'sh' were removed in 9289e093ae6fd5484f9119e1ee07d1dffe37cd10 when
install_emptydir() builtin started being used.
Now meson allows either the string or variable to be used, and doesn't print a
message if the string is used. Let's use the variable everywhere. For 'sh', we
could do either, but for other variables, we _do_ want the detection to happen,
for example for git, find, awk, which might not be installed and we want to
detect that early, before we start the build. It would be ugly to use quotes
for some programs, but not for others. Also, a string is still refused for
test(), so we couldn't use the string version even if we didn't care about
detection.
Jan Janssen [Thu, 10 Aug 2023 16:11:25 +0000 (18:11 +0200)]
meson: Drop skip-deps option
Now that we use meson feature options for our dependencies, we can just
rely on '--auto-features=disabled' to do the same. One benefit of this
is that specific features can still be force-enabled by overriding it
with the appropriate '-Dfeature=enabled' flag.
The two remaining uses for skip-deps can simply rely on their default
logic that sets the value to 'no' when the dependency is disabled.
Jan Janssen [Thu, 10 Aug 2023 13:16:56 +0000 (15:16 +0200)]
meson: Convert dbus to meson feature
Also, there is no need to conditionalize the get_variable() calls
because not-found dependencies will just return the passed default value
if provided.
Jan Janssen [Wed, 9 Aug 2023 17:52:57 +0000 (19:52 +0200)]
meson: Convert options to meson features (find_library fallback)
This uses a two-step approach to make sure we can fall back to
find_library(), while also skipping the detection if the features are
explicitly disabled.
Jan Janssen [Wed, 9 Aug 2023 16:07:19 +0000 (18:07 +0200)]
meson: Convert fidsk to meson feature
By making this a disabler dependency, we can slightly simplify the code
and it als fixes the build for -Dfdisk=disabled as we failed to create a
fallback empty libshared_fdisk variable.
Jan Janssen [Wed, 9 Aug 2023 16:15:29 +0000 (18:15 +0200)]
meson: Use feature options
By using meson features we can replace the handcrafted dependency
auto-detection by just passing the value from get_option directly to the
required arg for dependency, find_library etc.
'auto' features make the dependency optional, 'enabled' requires it
while 'disabled' features will skip detection entirely.
Any skipped or not found dependency will just be a no-op when passed to
build steps and therefore we can also skip the creation of empty vars.
The use of skip_deps for these is dropped here as meson provides a way
to disable all optional features in one go by passing
'-Dauto_features=disabled'.
networkd: Add T1 and T2 DHCPv6 options to expose in dbus API
Include T1 and T2 DHCPv6 options to expose in dbus API.
Introduced new field DHCPv6lease where these options are
added. This will be added to the JSON output when we query
org.freedesktop.network1.Manager object.
A Lifetime of 0 indicates that the router is not a default router anymore
and associated default route should be discarded from host's routing table.
https://datatracker.ietf.org/doc/html/rfc4861
```
Router Lifetime
16-bit unsigned integer. The lifetime associated
with the default router in units of seconds. The
field can contain values up to 65535 and receivers
should handle any value, while the sending rules in
Section 6 limit the lifetime to 9000 seconds. A
Lifetime of 0 indicates that the router is not a
default router and SHOULD NOT appear on the default
router list. The Router Lifetime applies only to
the router's usefulness as a default router; it
does not apply to information contained in other
message fields or options. Options that need time
limits for their information include their own
lifetime fields.
Yu Watanabe [Thu, 10 Aug 2023 04:58:54 +0000 (13:58 +0900)]
core/namespace: reimplement mount_private_sysfs() in the same logic to mount private procfs
Previously, mount_private_sysfs() was implemented by using open_tree()
and move_mount() to keep submounts. But these syscalls are slightly new
and supported since kernel version 5.2.
We already do the same thing for /proc/, but without the new syscalls.
Let's use the same logic to mount private procfs. Then, we can mount
new instance of sysfs with older kernels.
Yu Watanabe [Tue, 22 Aug 2023 13:54:43 +0000 (22:54 +0900)]
bsod: several cleanups
- add reference to the service unit in the man page,
- fix several indentation and typos,
- replace '(uint64_t) -1' with 'UINT64_MAX',
- drop unnecessary 'continue'.
Yu Watanabe [Tue, 22 Aug 2023 07:06:01 +0000 (16:06 +0900)]
network: several follow-ups for TCP-RTO setting
- rename TCPRetransmissionTimeOutSec= -> TCPRetransmissionTimeoutSec,
- refuse infinity,
- fix the input value verifier (USEC_PER_SEC -> USEC_PER_MSEC),
- use DIV_ROUND_UP() when assigning the value.
mount-tool: override mode of --tmpfs mounts to (rwxrwxrwx & ~umask)
The kernel default for tmpfs mounts is rwxrwxrwt, i.e. world-writable with the
sticky bit set. This makes sense for /tmp and /var/tmp, but less so for other
directories. Users will not use systemd-mount to mount /tmp and /var/tmp, so
the existing behaviour is surprising. The defaults are overriden to the
same defaults we use for "internal tmpfs mounts", i.e. no sticky bit, nosuid,
nodev, and limits of size=10%, nr_inodes=400k.
--tmpfs is new, so we can modify the behaviour without breaking compatibility.
Yu Watanabe [Tue, 22 Aug 2023 03:22:13 +0000 (12:22 +0900)]
inetwork/address-pool: also check queued addresses
After 0a0c2672dbd22dc85d660e5baa7e1bef701beb88, acquired and queued
addresses are not directly saved into Link object, but it will be saved
later the addresses are really assigned to the interface. So, when
searching free address space, we also need to check the queued
addresses.
Yu Watanabe [Sat, 12 Aug 2023 06:18:41 +0000 (15:18 +0900)]
core: do not leak mount for credentials directory if mount namespace is enabled
Since kernel v5.2, open_tree() and move_mount() are added. If a service
loads or sets credentials, then let's try to clone the mount that contains
credentials with open_tree(), then mount it after a (private) mount
namespace is initialized for the service. Then, we can setup a mount for
credentials directory without leaking it to the main shared mount
namespace.
With this change, the credentials for services that request their own
private mount namespace become much much safer. And, the number of mount
events triggered by setting up credential directories can be decreased.
Unfortunately, this does not 'fix' the original issue #25527, as the
reported service does not requests private mount namespace, but the
situation should be better now.
verbs: make a helpful suggestion when user types unrecognized verb
I have been mistyping commands too often myself, and I think the tools
could simply be more helpful, by suggesting to me what I probably wanted
to write. Copy/Paste FTW, after all!
"static inline" makes sense in .h files. But in .c files it's useless
decoration, the compiler should just make its own decisions there, and
it can do that.
hence, replace all remaining uses of "static line" by a simple" static"
in all .c files (but keep them in .h files, where they make sense)
projects / thirdparty / systemd.git / log
