Tomáš Pecka [Thu, 7 Oct 2021 09:16:57 +0000 (11:16 +0200)]
sd-lldp-rx: serialize LLDP neighbors to JSON format
Add functions serializing LLDP neighbors to JSON (JsonVariant).
The entry contains a chassis id, system name and port id of the remote
neighbor. Also it possibly contains an integer coding the enabled system
capabilities and port description.
While it is generally worthwhile for systemd to drop split-usr support,
these options are NOT about split-usr support. The universal location of
POSIX sh is always /bin/sh. Bash is pretty reasonably standardized there
too.
This happens irrespective of /bin being a symlink to /usr/bin.
Ramifications of this change include things like:
- portably running shell scripts that might run very nearly anywhere
- /etc/shells support
For standardization and compatibility reasons, these commands with these
paths need to be consistently found on any system, and thus distros make
sure this works, although even on split-usr systems /usr/bin/bash may be
a symlink to /bin/bash.
Embedding the *access path* of bash as /usr/bin/bash in systemd, for
example in libnss_systemd.so, means that login shells must agree with
systemd on how they invoke the shell. End result: users fail to login
because of access violations.
This cannot be fixed by "fixing PAM" because PAM does not follow
symlinks by design: one example is that it needs to treat rbash as
different from bash.
Fixes: https://bugs.gentoo.org/919749 Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
ssh-generator: don't do AF_VSOCK stuff if we run in a container
Tighten our VM check: whether we run in a VM is not enough to do
AF_VSOCK. We also need to check if we are run in a container, because if
we run in a container inside a VM then we should *not* do the AF_VSOCK
stuff, but leave the port free for the VM itself.
Michael Biebl [Wed, 28 Feb 2024 15:11:14 +0000 (16:11 +0100)]
Drop build-api support
It appears the build-api effort at
https://github.com/cgwalters/build-api hasn't really caught on.
systemd appears one of the very few projects actually supporting it.
It does confuse certain tools though. E.g. debhelper by finding a
configure script wrongly assumes this is an autoconf project and thus
needs to be told explicitly that this is in fact a Meson project [1].
Given that Meson is an established build system by now, it appears ok to
drop this compat layer, which will never be fully complete anyway.
Luca Boccassi [Wed, 28 Feb 2024 23:46:15 +0000 (23:46 +0000)]
semaphore: speed up build
- avoid stripping debug symbols and creating dbgsym packages
- avoid LTO, slows down build a lot
- avoid compressing packages, they are thrown out immediately after use
- avoid building udeb packages, not needed
dissect-image: add flag for explicitly enabling userspace verity signature checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
The glibc API is behind the wrapper is called "secure_getenv()", hence
our wrapper really should keep the order too, otherwise things are just
too confusing.
tree-wide: use "_" rather than "-" as separator in kernel cmdline options
Most of our kernel cmdline options use underscores as word separators in
kernel cmdline options, but there were some exceptions. Let's fix those,
and also use underscores.
Since our /proc/cmdline parsers don't distinguish between the two
characters anyway this should not break anything, but makes sure our own
codebase (and in particular docs and log messages) are internally
consistent.
Sam Leonard [Tue, 27 Feb 2024 15:08:37 +0000 (15:08 +0000)]
shared/ptyfwd: allow window title but not background color as a valid state
Previously if a PTYForward instance had the window title set but no
background color set then it would crash in an assertion as
pty_forward_ansi_process didn't require both to be present.
systemd-vmspawn could get into this state if it failed to get the
terminal tint color.
Now any method that would have called background_color_sequence now
becomes just a NOP if the background color is not set.
This allows keeping the functionality to set window titles even if the
terminal doesn't support the background coloring.
Sam Leonard [Tue, 27 Feb 2024 14:35:14 +0000 (14:35 +0000)]
basic/terminal-util: accept ST or BEL to end escape sequence queries
Currently scan_background_color_response only accepts BEL (\x07) to end
a response, however some terminals (namely kitty in my case) will reply
with the string terminator (ST - https://en.wikipedia.org/wiki/ANSI_escape_code).
This commit changes the behaviour to now accept either ending.
Sam Leonard [Tue, 27 Feb 2024 11:12:39 +0000 (11:12 +0000)]
basic/terminal-util: add check for poll timeout in get_default_background_color
Currently the return value 0 is not checked for, this indicates a
timeout and should be handled to prevent doing a blocking read on a file
descriptor with no data ready.
The retrans time field in RA message is for neighbor solicitation,
and the commit d4c8de21a07d015f2f2c787e0735be5e4d02fb3c makes the value
assigned to the correct sysctl property.
Let's deprecate the option, and drop the redundant functions.
udevd: Add ReceivePacketSteeringCPUMask for systemd.link
Takes a list of CPU indices or ranges separated by either whitespace or commas. Alternatively,
takes the special value "all" in which will include all available CPUs in the mask.
CPU ranges are specified by the lower and upper CPU indices separated by a dash (e.g. "2-6").
This option may be specified more than once, in which case the specified CPU affinity masks are merged.
If an empty string is assigned, the mask is reset, all assignments prior to this will have no effect.
Defaults to unset and RPS CPU list is unchanged. To disable RPS when it was previously enabled, use the
special value "disable".
Currently, this will set CPU mask to all `rx` queue of matched device (if it has multiple queues).
The `/sys/class/net/<dev>/queues/rx-<n>/rps_cpus` only accept cpu bitmap mask in hexadecimal.
Luca Boccassi [Sat, 24 Feb 2024 12:05:44 +0000 (12:05 +0000)]
install: fix compiler warning about empty directive argument
On ppc64el with gcc 13.2 on Ubuntu 24.04:
3s In file included from ../src/basic/macro.h:386,
483s from ../src/basic/alloc-util.h:10,
483s from ../src/shared/install.c:12:
483s ../src/shared/install.c: In function ‘install_changes_dump’:
483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
483s | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
483s ../src/shared/install.c:432:75: note: format string is defined here
483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
core: remove duplicate serialization of `cpu_sched_reset_on_fork`
`c->cpu_sched_reset_on_fork` is serialized using
`exec-context-cpu-sched-reset-on-fork` and
`exec-context-cpu-scheduling-reset-on-fork`. Let's keep only the second one, to
serialize the value only if `cpu_sched_set` is true.
bootspec: don't complain about valid loader.conf settings
Let's not complain about various valid loader.conf settings we more
recently added. At the same time let's remove the half-assed userspace
parsers for the fields we actually do support but don't actually really
care about in userspace. There's really no point in storing strings away
that we are not using at all, hence just don#t.
Frantisek Sumsal [Tue, 27 Feb 2024 10:10:53 +0000 (11:10 +0100)]
test: use socat in unidirectional mode
By default socat open a separate r/w channel for each specified address,
and terminates the connection after .5s from receiving EOF on _either_
side. And since one side of that connection is an empty stdin, we reach
that EOF pretty quickly. Let's avoid this by using socat in
"reversed unidirectional" mode, where the first address is used only for
writing, and the second one is used only for reading.
vmspawn: use our own ptyfwd code for the console of a VM
Let's make systemd-nspawn use our own ptyfwd logic to handle the TTY by
default.
This adds a new setting --console=, inspired by nspawn's setting of the
same name. If --console=interactive= is used, then we'll do the TTY
dance on our own via ptyfwd, and thus get tinting, our usual hotkey
handling and similar.
Since qemu's own console is useful too, let's keep it around via
--console=native.
FInally, replace the --qemu-gui switch by --console=gui.
Ronan Pigott [Sun, 25 Feb 2024 07:23:32 +0000 (00:23 -0700)]
resolved: reduce the maximum nsec3 iterations to 100
According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.
Ronan Pigott [Sun, 25 Feb 2024 01:21:24 +0000 (18:21 -0700)]
resolved: limit the number of signature validations in a transaction
It has been demonstrated that tolerating an unbounded number of dnssec
signature validations is a bad idea. It is easy for a maliciously
crafted DNS reply to contain as many keytag collisions as desired,
causing us to iterate every dnskey and signature combination in vain.
The solution is to impose a maximum number of validations we will
tolerate. While collisions are not hard to craft, I still expect they
are unlikely in the wild so it should be safe to pick fairly small
values.
Here two limits are imposed: one on the maximum number of invalid
signatures encountered per rrset, and another on the total number of
validations performed per transaction.