Franck Bui [Wed, 1 Dec 2021 07:51:48 +0000 (08:51 +0100)]
journal: don't remove the flushed flag when journald is stopped
Due to the fact that systemd-journal-flush.service has
"Requires=systemd-journald.service", this service is stopped too when journald
is requested to do so.
However stopping systemd-journal-flush.service implies that journald
relinquishes /var hence implicitly switching back to the volatile storage
mode and removing /run/systemd/journal/flushed.
If journald is started afterwards, it will run in volatile storage mode
regardless of the value of 'Storage=' as it believes now that /var is not yet
ready (because the flushed flag is missing).
Because this flag is mainly an indication for journald that the initialization
of /var/log/journal (during the boot process) has been done,
systemd-journal-flush.service shouldn't be tied to the state of journald itself
but to the state of /var/log/journal, hence to the state of the system.
Joris Hartog [Wed, 1 Dec 2021 14:06:29 +0000 (15:06 +0100)]
systemctl: support JSON output for "show-environment"
This commit adds a function which converts a bus message containing the
environment variables to a JSON object and uses this function to support
JSON formatted output for the "systemctl show-environment" command.
Bastien Nocera [Thu, 2 Dec 2021 12:15:44 +0000 (13:15 +0100)]
hwdb: Allow console users access to rfkill
This rule has been shipped in Fedora's gnome-bluetooth package for 10
years and is used by the gnome-settings-daemon rfkill plugin (used by
gnome-bluetooth, gnome-shell, and gnome-control-center) to monitor
and change software rfkill switch settings.
Urs Ritzmann [Fri, 3 Dec 2021 14:47:18 +0000 (15:47 +0100)]
sd_bus_get_timeout: fix timeout value doc
The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.
1) don't ignore stack-allocated variables, since they may hide
heap-allocated stuff (compound types)
2) check if there's a return between the variable declaration and its
initialization; if so, treat the variable as uninitialized
3) introduction of 2) increased the query runtime exponentially, so
introduce some optimizations to bring it back to some reasonable
values
Apparently the previous limit set on the max number of inodes for /dev was too
small as a system with 4096 LUNs attached can consume up to 95k inodes for
symlinks:
Hence this patch bumps the limit from 64k to 128k although the new limit is
still pretty arbitrary (that said, not sure if it really makes sense to put
such absolute limit number).
In 9cf75222f20 the conf.get() statements for `bpf-framework` and
`valgrind` were dropped, which causes the respective features to always
show as disabled (since they don't follow the "standard" naming scheme
with HAVE_/ENABLE_ prefixes).
lgtm: detect uninitialized variables using the __cleanup__ attribute
This is a slightly modified version of the original
`cpp/uninitialized-local` CodeQL query which focuses only on variables
using the cleanup macros. Since this has proven to cause issues in the
past, let's panic on every uninitialized variable using any of the
cleanup macros (as long as they're written using the __cleanup__
attribute).
Some test results from a test I used when writing the query:
int main(void) {
__attribute__((__cleanup__(foo))) char *a;
char *b;
_cleanup_foo_ char *c;
char **d;
_cleanup_free_ char *e;
int r;
r = fun(&e);
if (r < 0)
return 1;
puts(a);
puts(b);
puts(c);
puts(*d);
puts(e);
return 0;
}
```
```
+| test.c:23:14:23:14 | e | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:20:26:20:26 | e | e |
+| test.c:27:10:27:10 | a | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:16:45:16:45 | a | a |
+| test.c:29:10:29:10 | c | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:18:25:18:25 | c | c |
```
meson: disallow the combination of cryptolib=openssl and dns-over-tls=gnutls
It could work, but it doesn't make much sense. If we already have openssl as
the cryptolib that provides the necessary support, let's not bring in another
library. Disallowing this simplifies things and reduces our support matrix.
Yu Watanabe [Mon, 29 Nov 2021 12:21:21 +0000 (21:21 +0900)]
network/wireguard: cleanups for resolving endpoints
This makes
- drop peers_with_unresolved_endpoint and peers_with_failed_endpoint,
- drop destroy handler for sd_resolve_query, and manage each query by peer,
- add random fluctuation to the timeout for retry handler,
- retry timer event source is now managed by peer,
- use sd_event_source_disable_unref().
Luca Boccassi [Tue, 30 Nov 2021 23:49:33 +0000 (23:49 +0000)]
cgroup: don't emit BPF firewall warning when manager is in test mode
Support for BPF might not have been checked, since it's not necessary
in test mode (eg: running offline analysis of units). This causes an
assert:
Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting.
Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger
this assert while doing an offline analysis of a unit that has some
firewall/network restrictions set.
ci: temporarily set -Wno-deprecated-declarations in Packit
to suppress OpenSSL 3.0 deprecation warnings (until a proper solution is
deployed): RSA_free, EC_KEY_free, RSA_set0_key, RSA_size, EVP_PKEY_assign,
EC_KEY_set_group, and others are deprecated.
Yu Watanabe [Wed, 1 Dec 2021 10:43:40 +0000 (19:43 +0900)]
network: dhcp6-pd: exclude all explicitly specified subnet IDs when searching free IDs
When the upstream link gained a lease, then several downstream links may
not appear yet. Previously, the explicitly specified subnet ID for a
downstream link which appears later may be already assigned to an
interface which does not request specific subnet ID.
To avoid such situation, this makes all specified IDs are excluded when
searching free IDs.
As a side effect, we can avoid the second call of
dhcp6_pd_distribute_prefix().
Luca Boccassi [Wed, 17 Nov 2021 10:00:12 +0000 (10:00 +0000)]
core: add Condition[Memory/CPU/IO]Pressure
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.
Luca Boccassi [Thu, 18 Nov 2021 00:03:48 +0000 (00:03 +0000)]
elf-util: add function to parse metadata out of ELF objects
Parse the packaging metadata from an ELF object, if any, and
print a pretty table following the spec defined at:
https://systemd.io/COREDUMP_PACKAGE_METADATA/
import: port importd from libgcrypt to openssl^gcrypt
This is heavily based on Kevin Kuehler's work, but the logic is also
significantly changed: instead of a straighforward port to openssl, both
versions of the code are kept, and at compile time we pick one or the other.
The code is purposefully kept "dumb" — the idea is that the libgcrypt codepaths
are only temporary and will be removed after everybody upgrades to openssl 3.
Thus, a separate abstraction layer is not introduced. Instead, very simple
ifdefs are used to select one or the other. If we added an abstraction layer,
we'd have to remove it again afterwards, and it don't think it makes sense to
do that for a temporary solution.
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
# Conflicts:
# meson.build