units: let's establish the coredump socket before writting core_pattern sysctl
It's a bit nicer if we only write the sysctl core_pattern once the
coredump socket is established, since it's the backend for the handler.
Given the systemd-coredump.socket basically has no dependencies that run
before it this should not really make things slower or so, it just
removes the tiny window where core pattern is in effect that wants to
connect to the backend socket but cannot.
The status quo isn't terrible, and not too different in effect: either
way, until the socket unit is up we won't process coredumps. It's mostly
what kind of behaviour you get then: an error due to /bin/false being
invoked, or an error because systemd-coredump can't connect to its
socket. After this patch we'll exclusively see the former.
pid1: introduce new SERVICE_{DEAD|FAILED}_BEFORE_AUTO_RESTART service substates
When a service deactivates and is then automatically restarted via
Restart= we currently quickly transition through
SERVICE_DEAD/SERVICE_FAILED. Which is weird given it's not the
normal ("permanent") dead/failed state, but a transitory one we
immediately leave from again. We do this so that software that looks for
failures/successes can take notice, even if we restart as a consequence
of the deactivation.
Let's clean this up a bit: let's introduce two new states:
SERVICE_DEAD_BEFORE_AUTO_RESTART and SERVICE_FAILED_BEFORE_AUTO_RESTART
that are used for the transitory states. Both the SERVICE_DEAD and
SERVICE_DEAD_BEFORE_AUTO_RESTART will map to the high-level
UNIT_INACTIVE state though. (and similar for the respective failed
states). This means the high-level state machine won't change by this,
only the low-level one.
This clearly seperates the substates, which makes the state engine
cleaner, and allows clients to follow precisely whether we are in a
transitory dead/failed state, or a permanent one, by looking at the
service substate. Moreover it allows us to remove the 'n_keep_fd_store'
which so far we used to ensure the fdstore was not released during this
transitory dead/failed state but only during the permanent one. Since we
can now distinguish these states properly we can just use that.
This has been bugging me for a while. Let's clean this up.
Note that the unit restart logic is already nicely covered in the
testsiute, hence this adds no new tests for that.
And yes, this could be considered a compat break, but sofar we took the
liberty to make changes to the low-level state machine (i.e. SERVICE_xyz
states, sometimes called "substates") without considering this a bad
breakage – the high-level state machine (i.e. UNIT_xyz states) should
be considered API that cannot be changed.
Daan De Meyer [Wed, 29 Mar 2023 08:42:23 +0000 (10:42 +0200)]
mkosi: Update to latest
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
.gdbinit to make gdb work properly
Daan De Meyer [Wed, 29 Mar 2023 08:42:23 +0000 (10:42 +0200)]
mkosi: Update to latest
- ACLs are not set on generated directories anymore by default, so
we enable them explictly now so that when running unprivileged mkosi,
the user running mkosi can remove all generated files and directories.
- We don't explicitly set QemuHeadless= anymore as the option was removed
and made the default.
- We set the loglevel= kernel cmdline argument explicitly now as mkosi
doesn't set it by default anymore.
Daan De Meyer [Thu, 22 Dec 2022 13:29:13 +0000 (14:29 +0100)]
firstboot: Modernize path handling
Let's open a file descriptor to the root directory and perform all
path operations using that file descriptor. On top of that, let's
make sure we pin the directory containing the file we want to work
on and use atomic copies and writes everywhere we can..
Daan De Meyer [Mon, 27 Mar 2023 14:55:17 +0000 (16:55 +0200)]
log: Add LOG_SET_PREFIX() macro
LOG_SET_PREFIX() sets a logging prefix for the current block. The
prefix is prepended to every logging message in the block, followed
by ": ". If a logging prefix is already configured, it is overridden
for the duration of the block, after which it is restored.
A use case for this macro is when we're operating on an image or
directory (using --root or --image). We can use LOG_SET_PREFIX() to
prefix all logging messages with the directory or image that we're
operating on.
TEST-80: synchronize explicitly instead of by time
This removes "sleep" invocations, and makes the notify access testcase a
lot more robust to runtime jitter. We use a pair of fifos in the fs to
sync instead.
Also various other improvoements, including comments.
(Also removes the unnecessary "no-qemu" restriction)
We first say "name prefix" and then continue with "unit prefix".
Confusing. Couldn't figure out which term is better hence settled on
"unit name prefix".
Frantisek Sumsal [Tue, 28 Mar 2023 10:36:23 +0000 (12:36 +0200)]
test: don't go through all time zones if slow tests are disabled
Let's skip going through all locally available time zones if we're built
with slow tests disabled, as that's quite slow, but do at least one test
with the UTC zone.
shared/exec-util: null_or_empty_path() does not return boolean
We shouldn't report that the file is empty if the stating fails. Let's do the
same as in other places, and just ignore the error and let the subsequent
operation fail.
We need to skip -ENOENT when loading udev rules because new files with rules
may be added or removed at any time, and the loading of rules is triggered
asynchronously. Even though the window is fairly narrow, udev shouldn't throw
an error if a rules file is removed.
Daan De Meyer [Tue, 28 Mar 2023 11:32:03 +0000 (13:32 +0200)]
ukify: Add workarounds for older stubs
Older stubs are either not stripped, causing their total size to be
unaligned because of an unaligned symbol table at the end, or stripped,
causing the raw data pointers and sizes to be unaligned because strip
does not follow the PE spec correctly when stripping. Let's add
workarounds for both issues, so that we can use ukify with older stubs
as well.
The reason why get_process_cmdline() is so complicated is that we
need to escape and quote arguments for building a single result
string.
That's necessary when we want to log or print the command line.
However, when we want to parse the command line, it is not necessary
that the result is a single string, but can be strv.
Luca Boccassi [Fri, 24 Mar 2023 15:10:11 +0000 (15:10 +0000)]
os-release: add 'SYSEXT_' fields for version/id
sysext DDI cannot carry an os-release file, but have to carry
an extension-release file. But so far, this was only used to
match the sysext DDI with the base DDI/rootdir. It is also
useful to describe the sysext DDI itself, just like we do in
os-release.
So document that the same fields used in os-release can also
be added to an extension-release, with the 'SYSEXT_' prefix,
and in that case they are understood to define the sysext DDI
itself, rather than for matching purposes.
Luca Boccassi [Tue, 28 Mar 2023 09:36:49 +0000 (10:36 +0100)]
portablectl: display sysext-specific fields
The wrong fields were being displayed, if at all.
ID and VERSION_ID in sysexts are used for matching, they
don't identify the sysext itself. Parse the newly defined
fields and display them separately from the compatibility
fields.
Luca Boccassi [Thu, 23 Mar 2023 01:23:04 +0000 (01:23 +0000)]
portable: add PORTABLE_NAME_AND_VERSION= and other metadata to LogsExtraFields=
This is useful to identify log messages with metadata from the images
they run on. Look for ID/VERSION_ID/IMAGE_ID/IMAGE_VERSION/BUILD_ID,
with a SYSEXT_ prefix if we are looking at an extension, and append via
LogExtraFields= as respectively PORTABLE_NAME_AND_VERSION= in case of a
single image. In case of extensions, append as PORTABLE_ROOT_NAME_AND_VERSION=
for the base and one PORTABLE_EXTENSION_AND_VERSION= for each extension.
Example with a base and two extensions, with the unit coming from the
first extension:
Luca Boccassi [Wed, 22 Mar 2023 22:44:31 +0000 (22:44 +0000)]
portable: include base and extension images in log fields
When a portable service uses extensions, we use the 'main' image name
(the one where the unit was found in) as PORTABLE=. It is useful to
also list all the images actually used at runtime, as they might
contain libraries and so on.
Use PORTABLE_ROOT= for the image/directory that is used as RootImage=
or RootDirectory=, and PORTABLE_EXTENSION= for the image/directory that
is used as ExtensionImages= or ExtensionDirectories=.
Note that these new fields are only added if extensions are used,
there's no change for single-DDI portables.
Example with a base and two extensions, with the unit coming from the
first extension:
Luca Boccassi [Thu, 23 Mar 2023 01:02:47 +0000 (01:02 +0000)]
portable: use parse_env_file_fd to keep FD valid
take_fdopen_unlocked invalidates the FD in the PortableMetadata object,
so it cannot be used later. Use parse_env_file_fd instead which is non
destructive.
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f43ffeb95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5)
#1 0x7f43ff0a4f2f in greedy_realloc ../src/basic/alloc-util.c:70
#2 0x404d9f in list_enrolled ../src/cryptenroll/cryptenroll-list.c:30
#3 0x40f149 in run ../src/cryptenroll/cryptenroll.c:673
#4 0x40f149 in main ../src/cryptenroll/cryptenroll.c:692
#5 0x7f43fd64a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
The fdstore might pin a non-trivial amount of resources. Let's hence
display for services that enable it how many entries there are and what
the size limit is.
systemctl: dont's how memory limits that aren't available via D-Bus props
When using an old systemctl on a new PID 1 the "startup" memory limit
props are not initialized and currently be shown in status output as
zero, even though there's code to suppress the output in that case. Alas
it doesn't work, because the relevant fields are not marked as
"unset"... Fix that.
Hans de Goede [Mon, 27 Mar 2023 14:34:22 +0000 (16:34 +0200)]
hwdb: Move MSI touchpad-toggle mapping to generic MSI section
Like other MSI laptops the MSI Summit E16 Flip A12UCT laptop also send
atkbd scancode 0x76 for the Fn + F4 touchpad-toggle hotkey combo.
Move the existing mapping for this from the MSI Prestige And MSI Modern
section to the generic MSI laptop section.
While at it also drop the KEYBOARD_KEY_f1=f20 mapping from
the MSI Prestige And MSI Modern section, as that is already listed
in the generic MSI laptop section.
Daan De Meyer [Mon, 27 Mar 2023 11:41:59 +0000 (13:41 +0200)]
ukify: Weaken file alignment assertions
Older versions of the stub are not aligned to the PE file alignment
size. If we remove the assertions, the UKI still boots without issues,
so let's drop the assertions and print a message about it instead.
Yu Watanabe [Mon, 27 Mar 2023 17:07:31 +0000 (02:07 +0900)]
journal-remote: make specified output file absolute
After f12b399dd6362a03379cb769954ebfb9972236ed, the output path is
also used to determine the directory to be vacuumed. And if a filename
only path is specified, `writer_new()` fails since the commit.
This makes the specified path is always made absolute. This should not
change any behavior before the offending commit, as `journal_open()` opens
the specified journal file with `AT_FDCWD`.
Yu Watanabe [Mon, 27 Mar 2023 17:26:33 +0000 (02:26 +0900)]
journal-remote: make writer_new() return negative errno on failure
After f12b399dd6362a03379cb769954ebfb9972236ed, writer_new() may fail
with non-OOM error. Let's return the error cause, and logs the failure
in the caller side.
This also drops logs in journal_remote_get_writer(), adds its caller
typically logs the failure.
Daan De Meyer [Thu, 9 Mar 2023 14:10:23 +0000 (15:10 +0100)]
core: Introduce unit private exec runtime
Currently, exec runtimes can be shared between units (using
JoinsNamespaceOf=). Let's introduce a concept of a private exec
runtime that isn't shared with JoinsNamespaceOf=. The existing
ExecRuntime struct is renamed to ExecRuntimeShared and becomes a
private member of the new private ExecRuntime.
Daan De Meyer [Mon, 27 Mar 2023 11:23:40 +0000 (13:23 +0200)]
mkosi: Narrow glob used to install python packages
Let's make sure we only install the python3 and python39 python
packages, instead of all the packages of all versions that are
packaged.
This also fixes the CentOS 8 CI because python3.11-pytest was failing
to install.
We have to ship our own powertools repo definition because we need to
enable module_hotfixes for powertools to coerce dnf into installing
some of the python packages.
Mike Yuan [Mon, 20 Mar 2023 10:49:39 +0000 (18:49 +0800)]
core: add RestartSteps= and RestartSecMax= for exponentially increasing
interval between restarts
RestartSteps= accepts a positive integer as the number of steps
to take to increase the interval between auto-restarts from
RestartSec= to RestartSecMax=, or 0 to disable it.
Frantisek Sumsal [Sun, 26 Mar 2023 09:53:04 +0000 (11:53 +0200)]
test: explicitly pull in systemd-userdbd.socket
Since we don't run preset-all on the test image, the
systemd-userdbd.socket remains disabled. Let's pull it in explicitly
to give systemd-userdbd some coverage as well.
fd-util: cover some corner cases with fd_reopen() on symlinks
The /proc/self/fd/ interface cannot be used to follow symlinks pinned
via O_PATH. Add a comment + test for that. Moreover, using fd_reopen()
with O_NOFOLLOW cannot work. Add an explicit check and test for that, to
make behaviour uniform.
Frantisek Sumsal [Sun, 26 Mar 2023 15:04:57 +0000 (17:04 +0200)]
test: verify the journal with and without a sealing key
The bit flips during journal verification cause various types of journal
corruptions, so it's useful to go through it even without a sealing key
to see how we handle corrupted stuff.
Also, provide a sealing key if running in "CI mode" (i.e. arguments),
to check the FSS-related codepaths in CIs as well.
Dmitry V. Levin [Thu, 23 Mar 2023 08:00:00 +0000 (08:00 +0000)]
udev-rules: check token delimiters
When udev_rules_parse_file() is called by udevadm verify, issue warnings
about the following conditions in udev rules:
* the first token in the rule is preceded with a comma
* the last token in the rule is followed by a comma
* there is no comma between tokens
* there is no whitespace between tokens
* there is more than a single comma between tokens
* there is whitespace between a token and a comma
* there is no whitespace after comma
Move udev_check_rule_line() invocation from udev_rule_file_get_issues()
to udev_rules_parse_file(), invoke udev_check_rule_line() only when
udev_rules_parse_file() is called by udevadm verify.
Subsequent commits are going to perform more checks invoked from
udev_rules_parse_file().