It was impossible to view systemd.nspawn(5), because systemd-nspawn(1) was matched
also, and happened to be earlier in the list. The solution in this patch is pretty
crude, but is should be enough for our purposes, since we don't have any regexp
special characters in man page names except for the dot.
busctl: always prefix bus error message with local string
The message we get from the bus can be pretty bare-bones, and the user might be
confused which operation failed. Since we don't control the other side, let's
prefix the remote message with an informative prefix.
sd-bus: improve bus error message for uknown properties
"Unknown interface or property." →
"Unknown interface org.freedesktop.network1.Link or property BitRates."
(I don't think the quotes are necessary. Dbus names have pretty strict rules.)
networkctl: log quietly if we fail to get bit rates
If we query older networked, they will be missing. This is not an error.
Also, make the error more informative, because the bus error itself might
be just "Unknown interface or property" which is not enough to understand
what is going on.
The reasoning for the change that added this is wrong, explained below:
> According to TCG EFI Protocol Specification for TPM 2.0 family,
> all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
> shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
> EFI TCG 2.0 final events table.
This is correct and a valid reading of the TCG spec.
> Hence, it is necessary to trigger the internal switch through calling
> get_event_log() in order to allow to retrieve the logs from OS runtime.
However, this reasoning is incorrect. The "EFI TCG 2.0 final events
table" exists to allow the OS Runtime to get TCG events created during
or after the call to ExitBootServices. If systemd-boot didn't call
trigger_tcg2_final_events_table(), the call to HashLogExtendEvent will
write the event to the normal events table (i.e. the same place the
PCR 0 - 7 related events are written). Then the OS can obtain these
systemd-boot events in the same way it obtains normal events, via a
call to GetEventLog().
Tested on amd64 w/ TPM2 using the newest Linux kernel patches that
get the TPM2 formatted log:
https://www.lkml.org/lkml/2019/5/20/1590
I confirmed that this change still lets the OS runtime obtain the log
entries created by systemd-boot.
This does the following:
- rename enum udev_builtin_cmd -> UdevBuiltinCmd
- rename struct udev_builtin -> UdevBuiltin
- move type definitions to udev-rules.h
- move prototypes of functions defined in udev-rules.c to udev-rules.h
- drop to use strbuf
- propagate critical errors in applying rules,
- drop limitation for number of tokens per line.
This makes the output slightly "lighter" visually. min/max are well-established
forms, so there's no risk of misunderstanding. Also, not using title-case looks
a bit better.
coredump: fixed bug - some coredump temp files could be lost
If the machine was suddenly shutted down (hard reboot for example) while
processing core dump, temp files created manually (not with a O_TEMPFILE flag)
stay in the system. After reboot systemd-coredump treat them as usual files, so
they wouldn't be rotated and shall pollute the filesystem.
Solution is to simply add those temp files to systemd-tmpfiles configs.
This reverts commit 8688c29b5aece49805a244676cba5bba0196f509, but leaves the
reproducer. Structured assignment should be enough to fully initialize the
variable and new0 is not necessary.
The buffer retrieved from memstream has the size that the same as the written
data. When we write do write(f, s, strlen(s)), then no terminating NUL is written,
and the buffer is not (necessarilly) a proper C string.
Felix Riemann [Wed, 29 May 2019 19:17:42 +0000 (21:17 +0200)]
pager: Fix deadlock when using built-in pager
The parent is waiting for an EOF on the pipe transmitting the pager name
before starting to send data. With external pagers this happens due to
execlp() CLOEXEC'ing the pipe, so the internal pager needs to close it
manually.
Roberto Santalla [Sun, 26 May 2019 11:55:30 +0000 (13:55 +0200)]
cryptsetup: Add dependency for detached header
Fixes #12650
cryptsetup: Extract dependency check to a separate function
cryptsetup: style improvements, error checking
Return early on failure/nothing to do
Removed braces from single-line ifs
Check return value of fstab_filter_options
shared/cpu-set-util: only force range printing one time
The idea is to have at least one range to make the new format clearly
distinguishable from the old. But it is enough to just do it once.
In particular, in case the affinity would be specified like 0, 2, 4, 6…,
this gives much shorter output.
cpu_set_malloc() was the last user. It doesn't seem useful to keep
it just to save the allocation of a few hundred bytes in a test, so
it is dropped and a fixed maximum is allocated (1024 bytes).
pid1: when reloading configuration, forget old settings
If we had a configuration setting from a configuration file, and it was
removed, we'd still remember the old value, because there's was no mechanism to
"reset" everything, just to assign new values.
Note that the effect of this is limited. For settings that have an "ongoing" effect,
like systemd.confirm_spawn, the new value is simply used. But some settings can only
be set at start.
In particular, CPUAffinity= will be updated if set to a new value, but if
CPUAffinity= is fully removed, it will not be reset, simply because we don't
know what to reset it to. We might have inherited a setting, or we might have
set it ourselves. In principle we could remember the "original" value that was
set when we were executed, but propagate this over reloads and reexecs, but
that would be a lot of work for little gain. So this corner case of removal of
CPUAffinity= is not handled fully, and a reboot is needed to execute the
change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
pid1: don't reset setting from /proc/cmdline upon restart
We have settings which may be set on the kernel command line, and also
in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority
of course. When a reload was done, we'd reload just the configuration file,
losing the overrides.
So read /proc/cmdline again during reload.
Also, when initially reading the configuration file when program starts,
don't treat any errors as fatal. The configuration done in there doesn't
seem important enough to refuse boot.
This makes the handling of this option match what we do in unit files. I think
consistency is important here. (As it happens, it is the only option in
system.conf that is "non-atomic", i.e. where there's a list of things which can
be split over multiple assignments. All other options are single-valued, so
there's no issue of how to handle multiple assignments.)
The CPU_SET_S api is pretty bad. In particular, it has a parameter for the size
of the array, but operations which take two (CPU_EQUAL_S) or even three arrays
(CPU_{AND,OR,XOR}_S) still take just one size. This means that all arrays must
be of the same size, or buffer overruns will occur. This is exactly what our
code would do, if it received an array of unexpected size over the network.
("Unexpected" here means anything different from what cpu_set_malloc() detects
as the "right" size.)
Let's rework this, and store the size in bytes of the allocated storage area.
The code will now parse any number up to 8191, independently of what the current
kernel supports. This matches the kernel maximum setting for any architecture,
to make things more portable.