Yu Watanabe [Mon, 29 May 2023 03:56:30 +0000 (12:56 +0900)]
network: do not request dynamic addressing protocols finished when at least one static address is configured
The setting IPv6AcceptRA= is defaults to yes, hence, even if a .network
file for an interface has static IP address configuration, it may takes
few seconds for the interface being configured state, as NDisc for the
interface needs to be finished. That makes wait-online.service
needlessly slow. Typically, such delay is not necessary for statically
configured networks.
Let's make the required condition slightly relaxed; if a .network file
has static IP address configurations, then let's make the matching
interface enter the 'configured' state soon after the static addresses
configured on the interface.
Note, this does not change the default for IPv6AcceptRA=, hence, NDisc
still runs on interfaces by default. So, addresses, routes, DNS servers,
and so on based on RA will be assigned on interfaces later.
Strictly speaking, this breaks backward compatibility, but the previous
behavior is not clearly documented. If a user requested both static
IPv4 address and IPv6 SLAAC address configured before an interface being
entered to the 'configured' state, then '--ipv6' for wait-online can be
used. So, the behavior change should not cause severe regression.
Yu Watanabe [Tue, 30 May 2023 05:50:17 +0000 (14:50 +0900)]
network: rewrite dynamic addressing protocol checkers in link_check_ready()
Notable change is,
- UseAddress=no in [DHCPv6],
- Assign=no in [DHCPPrefixDelegation], and
- UseAutonomousPrefix=no in [IPv6AcceptRA]
are gracefully handled now.
Frantisek Sumsal [Mon, 29 May 2023 18:28:34 +0000 (20:28 +0200)]
home: move the assert back to the intended place
98d81cf974 moved the assertion at the beginning of home_dispatch_acquire(),
which is however before we even check for any ongoing operation, hence we
might hit it even in legitimate cases.
Let's move it back to after we check for any possibly ongoing operation, to
make it once again a safety check.
Follow-up to 98d81cf974.
Resolves: #22443 and #24036
Luca Boccassi [Fri, 26 May 2023 19:45:29 +0000 (20:45 +0100)]
gpt/DPS: add more aliases for python's machine
In mkosi we set the default architecture to platform.machine() which
is again slightly incompatible for a few architectures, so add more
aliases, so that repart works by default with these names.
Piotr Drąg [Sat, 27 May 2023 16:11:35 +0000 (18:11 +0200)]
po: add a false positive to POTFILES.skip
Scripts used to detect files that should be in POTFILES.in, like
intltool-update -m used on https://l10n.gnome.org/module/systemd/,
falsely detect this file as containing translations. Avoid this
behavior by putting the file in POTFILES.skip.
Adds a new JSON object called DHCPServer for each interface that has a
DHCPServer configured. It has the following attributes:
- PoolSize and PoolOffset from the configuration
- List of offered leases
- List of static leases from the configuration
Frantisek Sumsal [Fri, 26 May 2023 19:41:43 +0000 (21:41 +0200)]
Revert "test: add test case for systemd-update-utmp vs daemon-reexec"
Temporarily revert the test case for #27167, as the additional
daemon-reexecs exacerbate #27287, making CIs fail quite often.
As the #27167 is also covered by TEST-01-BASIC itself, since we do
daemon-reexec there anyway, we shouldn't lose any coverage, but it
should make CIs more stable until #27287 is figured out.
Luca Boccassi [Fri, 26 May 2023 14:44:42 +0000 (15:44 +0100)]
gpt/DPS: alias amd64 to x86-64 and aarch64 to arm64
The DSP and our implementation mixes Debian terminology with CPU
terminology. It uses arm64 which is a Debian thing instead of
aarch64, but x86-64 which is a CPU thing instead of amd64.
Add some convenience and transparent aliasing, so that we don't
need to maintain architecture-specific and tool-specific translation
layers in mkosi among other places, while at the same time the DDIs
still look the same (ie: the partlabel does not change depending on
which alias is used, the canonical label is used on disk).
Dan Streetman [Thu, 15 Dec 2022 17:56:35 +0000 (12:56 -0500)]
tpm2: add tpm2_calculate_sealing_policy()
This adds a function to fully calculate the authPolicy needed to seal a secret,
and updates tpm2_seal() to use the new function instead of a trial policy.
Dan Streetman [Fri, 9 Dec 2022 19:49:52 +0000 (14:49 -0500)]
tpm2: add tpm2_policy_authorize()
This adds functions to get the digest for a PolicyAuthorize operation. For
building a policy hash, this provides a function to calculate the hash; and for
building a policy hash to satisfy the authPolicy for an existing object, this
provides a function to perform PolicyAuthorize with an existing session.
Dan Streetman [Fri, 9 Dec 2022 19:59:05 +0000 (14:59 -0500)]
tpm2: add tpm2_policy_auth_value()
This adds functions to get the digest for a PolicyAuthValue operation. For
building a policy hash, this provides a function to calculate the hash; and for
building a policy hash to satisfy the authPolicy for an existing object, this
provides a function to perform PolicyAuthValue with an existing session.
Dan Streetman [Thu, 8 Dec 2022 22:56:11 +0000 (17:56 -0500)]
tpm2: add tpm2_policy_pcr()
This adds functions to get the digest for a PolicyPCR operation. For building
a policy hash, this provides a function to calculate the hash; and for building
a policy hash to satisfy the authPolicy for an existing object, this provides a
function to perform PolicyPCR with an existing session.
Dan Streetman [Wed, 14 Dec 2022 15:46:13 +0000 (10:46 -0500)]
tpm2: add tpm2_get_name()
This adds functions to get the "name" of a key. The key "name", as defined
by the TPM2 spec, includes its entire public area (with attribute fields),
not only its key fingerprint.
A function is added to calculate the name of a provided key public area,
as well as a function to get the name of a key which is present in the TPM.
Dan Streetman [Wed, 14 Dec 2022 15:46:13 +0000 (10:46 -0500)]
tpm2: add tpm2_digest_*() functions
These functions allow extending (or initializing) a TPM2B_DIGEST with additional
data, using a specified hash operation. This is needed to perform hash
calculations instead of relying on the TPM to perform the calculations in
trial sessions.
Luca Boccassi [Fri, 26 May 2023 11:42:42 +0000 (12:42 +0100)]
nspawn: restore cross-architecture booting
The check added by 4c27749b8c6b24ef7481ba183ae1fca3749afbf7 breaks
booting an arm64 image on x86 using qemu-bin-fmt, so remove it.
Without it, the image built with mkosi --architecture=aarch64
boots fine in nspawn.
Frantisek Sumsal [Thu, 25 May 2023 20:47:13 +0000 (22:47 +0200)]
journal-remote: bump the refcount right after creating the writer object
Otherwise we might hit an assertion during cleanup if the
following mmap_cache_new() call fails:
Assertion 'p->n_ref > 0' failed at src/journal-remote/journal-remote-write.c:80, function writer_unref(). Aborting.
==2069==ERROR: AddressSanitizer: ABRT on unknown address 0x000000000815 (pc 0x7f39dcd0200b bp 0x7ffe2fe24db0 sp 0x7ffe2fe24b60 T0)
SCARINESS: 10 (signal)
#0 0x7f39dcd0200b in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#1 0x7f39dcce1858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x22858) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#2 0x7f39dd747e49 in log_assert_failed /work/build/../../src/systemd/src/basic/log.c:940:9
#3 0x4e4431 in writer_unref /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:80:1
#4 0x4e3fd5 in writer_unrefp /work/build/../../src/systemd/src/journal-remote/journal-remote-write.h:27:1
#5 0x4e3fd5 in writer_new /work/build/../../src/systemd/src/journal-remote/journal-remote-write.c:56:1
#6 0x4e04bc in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:125:21
#7 0x4e0e0b in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:181:13
#8 0x4e0e0b in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:233:13
#9 0x4df99f in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/journal-remote/fuzz-journal-remote.c:54:9
#10 0x4e8f48 in NaloFuzzerTestOneInput (/build/fuzz-journal-remote+0x4e8f48)
#11 0x507f53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#12 0x50773a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
#13 0x508e09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
#14 0x509ad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
#15 0x4f8e3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
#16 0x4f9708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
#17 0x4e91c5 in main (/build/fuzz-journal-remote+0x4e91c5)
#18 0x7f39dcce3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#19 0x420bcd in _start (/build/fuzz-journal-remote+0x420bcd)
DEDUP_TOKEN: raise--abort--log_assert_failed
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x4300b) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) in raise
units: order systemd-firstboot after systemd-tmpfiles-setup
We may copy files from factory to /etc. The default mkosi config has
factory/etc/vconsole.conf. systemd-firstboot would race with tmpfiles-setup,
and sometimes ask for the keymap, and sometimes not.
I guess that if there are files in factory, we shouldn't ask the user for
the same configuration.
firstboot: synchronously wait for systemd-vconsole-setup.service/restart job
Requested in https://github.com/systemd/systemd/pull/27755#pullrequestreview-1443489520.
I dropped the info message about the job being requested, because we get
fairly verbose logs from starting the unit, and the additional message isn't
useful.
In the unit, the ordering before systemd-vconsole-setup.service is dropped,
because now it needs to happen in parallel, while systemd-firstboot.service
is running. This means that we may potentially execute vconsole-setup twice,
but it's fairly quick, so this doesn't matter much.
Previously, if unit_add_dependency_hashmap() failed, then a
one-directional unit dependency reference might be created, and
triggeres use-after-free. See issue #27742 for more details.
This makes unit dependency always bidirectional, and cleanly revert
partial update on failure.
Yu Watanabe [Thu, 25 May 2023 09:08:37 +0000 (18:08 +0900)]
core/unit: search shared namespace in transitive relation of JoinsNamespaceOf=
Previously, dependency chain of JoinsNamespaceOf= did not work, e.g.
- a.service has JoinsNamespaceOf=b.service
- b.service has JoinsNamespaceOf=c.service
if, first c.service, next a.service, finally b.service is started,
then a.service is not joined to the namespace of c.service. And, as
mentioned in the document, the namespace used by b.service is not
deterministic.
This makes when searching exsiting namespace to be joined, all units in
the transitive dependency of JoinsNamespaceOf= are checked.
Yu Watanabe [Mon, 22 May 2023 21:36:44 +0000 (06:36 +0900)]
core/unit: make JoinsNamespaceOf= implies the inverse dependency
Previously, even if a.service has JoinsNamespaceOf=b.service, the
inverse direction of reference was not introduced.
Hence, a.service is started earlier than b.service, the namespace will
not shared with b.service.
Also, even if a.service had the reference to b.service, b.service did not.
If b.service is freed earlier, then unit_clear_dependencies() does not clear
the reference from a to b, and will cause use-after-free on unit_free() for
a.service.
Let's make JoinsNamespaceOf=b.service in a.service implies the inverse
dependency, i.e. JoinsNamespaceOf=a.service for b.service. Then, we can safely
free b.service.
Daan De Meyer [Thu, 25 May 2023 16:13:02 +0000 (18:13 +0200)]
units: Shut down networkd and resolved on switch-root
Let's explicitly order these against initrd-switch-root.target, so
that they are properly shut down before we switch root. Otherwise,
there's a race condition where networkd might only shut down after
switching root and after we've already we've loaded the unit graph,
meaning it won't be restarted in the rootfs.
Accel (Compute Acceleration) are new devices for AI/ML computation:
https://docs.kernel.org/accel/introduction.html
They are part of DRM subsystem. Add them to 'render' group since
no other appropriate group in standard linux systems exist. This
can be changed when proper common user-space components will emerge,
and new group for acceleration devices access will be established.
Daan De Meyer [Wed, 24 May 2023 13:32:17 +0000 (15:32 +0200)]
meson: Create credstore directories
Let's make the creds directories a bit more discoverable and make it
easier for users to use them. This also allows us to fix the
mode to 0700 for /etc instead of the usual 0755 which is what probably
would happen if users had to create this directory themselves.
Frantisek Sumsal [Wed, 24 May 2023 11:29:52 +0000 (13:29 +0200)]
tree-wide: check memstream buffer after closing the handle
When closing the FILE handle attached to a memstream, it may attempt to
do a realloc() that may fail during OOM situations, in which case we are
left with the buffer pointer pointing to NULL and buffer size > 0. For
example:
Malte Poll [Wed, 24 May 2023 09:01:25 +0000 (11:01 +0200)]
ukify: fix handling signed kernel as file
The .linux section would contain the path to the signed kernel (instead of the signed kernel itself), since the python type of the variable is used to determine how it is handled when adding the pe sections.
Co-authored-by: Otto Bittner <cobittner@posteo.net>
Luca Boccassi [Thu, 11 May 2023 23:55:58 +0000 (00:55 +0100)]
stub: allow loading and verifying cmdline addons
Files placed in /EFI/Linux/UKI.efi.extra.d/ and /loader/addons/ are
opened and verified using the LoadImage protocol, and will thus get
verified via shim/firmware.
If they are valid signed PE files, the .cmdline section will be
extracted and appended. If there are multiple addons in each directory,
they will be parsed in alphanumerical order.
Optionally the .uname sections are also matched if present, so
that they can be used to filter out addons as well if needed, and only
addons that correspond exactly to the UKI being loaded are used.
It is recommended to also always add a .sbat section to addons, so
that they can be mass-revoked with just a policy update.
The files must have a .addon.efi suffix.
Files in the per-UKI directory are parsed, sorted, measured and
appended first. Then, files in the generic directory are processed.
Mike Yuan [Mon, 22 May 2023 00:30:30 +0000 (08:30 +0800)]
core: get rid of unused Service.will_auto_restart logic
The announced new behavior for OnFailure= never worked properly,
and we've fixed the document instead in #27675.
Therefore, let's get rid of the unused logic completely. More at #27594.
The to-be-added RestartMode= option should cover the use case hopefully.