varlink: make errors returned by verify_unix_socket() systematic
Previously, if we encountered a non-socket fd we'd return ENOTSOCK the
first time, but the subsequent times we'd return ENOMEDIUM, due to
caching. Let's make sure we return the same errors all the the time.
sd-daemon: Set SO_LINGER on AF_VSOCK notify socket fds
We're still seeing problems in mkosi CI where we lose notify messages
sent over vsock from virtual machines because the virtual machine shuts
down before the socket buffers are flushed.
Let's try setting SO_LINGER on vsock sockets so that the kernel waits
until the buffers are flushed when we close the file descriptor.
To make sure it works, let's get rid of our previous workaround that
sends EXIT_STATUS earlier to reduce the chance of it not arriving.
This way, if it doesn't work, we'll notice it immediately due to CI
failures.
mkosi: Build minimal images and enable related integration tests
This commit adds definitions to build the minimal_0 and minimal_1
images with mkosi and includes them into the system image. We also
move the building of the various app-xxx and similar images that are
extremely minimal into the tests itself by moving the related logic
from install_verity_minimal() into a new function
install_extension_images() in util.sh. Because the mkosi /usr is
read-only, we now place the extension images in /tmp instead of
/usr/share.
Co-authored-by: Richard Maw <richard.maw@codethink.co.uk> Co-authored-by: sam-leonard-ct <sam.leonard@codethink.co.uk>
mkosi: Only archive outputs in systemd and systemd-stable repositories
Private forks would very quickly reach their quota or spend lots of
money trying to archive all these artifacts, so let's make sure it
only happens on our own repositories.
TEST-50-DISSECT: Make sure logging sockets are mounted into images
Otherwise we lose valuable logging from systemd-executor when things
go wrong since it can only log to the journal and not to the console
in these cases.
The expression for calculation of the _do_log values in the log_exec_*
macros need to be the same as the unit_log_level_test() function, used
to calculate _do_log in unit.h. The only difference between execute.h
and unit.h is the lack of the Unit structure.
Fixes: b646fc324a ("core: ensure execute/spawn functions can work without Unit object") Fixes: 210ca71cb5 ("core/execute: clean up log_exec_full_errno and friends") Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
If a user only presses ENTER when the PIN is requested (without actually typing
the PIN), an assertion is reached and no other unlock method is requested.
portable: Don't fail if /etc/resolv.conf doesn't exist
The portable profiles assume /etc/resolv.conf exists, which isn't
always the case. Let's mark the mounts as optional so we don't fail
to start the unit if /etc/resolv.conf doesn't exist.
test: Skip meson integration tests if SYSTEMD_INTEGRATION_TESTS != 1
We cannot mark a test suite as excluded by default in meson. Instead,
let's require that SYSTEMD_INTEGRATION_TESTS=1 and skip any integration
test if it's not set. This is effectively the same as excluding it by
default. If the integration-test option is enabled, we'll set the
environment variable by default, just like we do with SYSTEMD_SLOW_TESTS
and the slow-tests meson option.
meson: Properly check dependencies of mkosi target
Let's insist on mkosi being found if the integration-tests option
is enabled and let's only add dependencies on systemd-journal-remote
and systemd-measure if they're being built. Drop ukify from the list
as its part of public_programs.
execute: make ExecStatus dump more useful by showing passed time
Let's show the runtimes of our commands and preparations for them. It's
actually quite interesting, we sometimes are irritatingly slow with our
handoffs.
manager: switch service unit type over to using new handoff timestamping logic
Also: rename Handover → Handoff. I think it makes it clearer that this
is not really about handing over any resources, but that the executor is
out off the game from that point on.
execute: send handoff timestamps from executor to service manager
This changes the executor to systematically send handoff timestamps to
the service manager if a socket for that is supplied. This drops the
code that did this via Type=exec messages, and reverts that part to the
old behaviour before 93cb78aee2cff8109a5a70128287732f03d7a062.
Benefits of this approach:
1. We can collect the handoff for any command we fork off, regardless
if it's ExecStart= something else, regardless whether it's Type=exec,
Type=simple or some any other service type, regardless of the unit
type.
2. We collect both CLOCK_REALTIME and CLOCK_MONOTONIC, as we do for the
other process timestamps.
3. It's entirely backwards compatible, as this doesn't change the
protocol between service manager and executor, but just extends it.
manager: add socket for receiving handoff timestamps from forked children
This adds an AF_UNIX socket pair to the manager that we can collect
handoff timestamp messages on.
The idea is that forked off children send a datagram with a timestamp
and we use its sender PID to match it against the right forked off
process.
This part only implements the receiving side: a socket is created, and
listened on. Received datagrams are parsed, verified and then dispatched
to the interested units.
network/route: use our definitions of route preference
Including linux/icmpv6.h easily trigger conflicts when another header
includes netinet/icmp6.h. Let's drop the dependency and use our
definition of the same values.
manager: comprehensively mark manager_dispatch_user_lookup_fd() as static
The prototype was static, but the implementation was not. Make both
static, this is otherwise too confusing. (This doesn't actually change
anything, since the prototype decides about this anyway, but it makes
things easier to read.)
While stracing PID1's forking off of children I noticed that every
single forked off child reads cap_last_cap from procfs. That value is a
kernel constant, hence we can save a lot of work if we'd cache it.
Thing is, we actually do cache it, in a thread_local cache field. This
means that the forked off processes (which are considered new threads)
will have to re-query it, even though we already know the result.
Hence, let's get rid of the thread_local stuff (given that the value is
going to be the same for all threads anyway, and we pretty much have a
single thread only anyway). Use an C11 atomic_int instead, which ensures
the value is either initialized or not initialized, but we don't need to
be concerned of partial initialization.
This makes the cap_last_cap reading go away in the children, as strace
shows (since cap_last_cap() is already called by PID 1 before
fork()ing, anyway).
Richard Maw [Tue, 23 Apr 2024 13:13:22 +0000 (14:13 +0100)]
test: Shut down tests on crash
If an assert in systemd fails it can't shut down normally.
By default it freezes. For interactive runs we want the crash shell
to enable further debugging, but during test runs we want it to exit
without having to wait for the test timeout.
By deactivating the crash shell, enabling reboot, and configuring qemu
so that it shuts down instead of rebooting we can shut down instead.
Because by default UEFI will enroll keys and then reboot
we also have to set --qemu-firmware-variables=custom
so it doesn't need to auto-enroll.
Because mkosi has to handle not receiving an EXIT_STATUS notification
it falls back to the exit code of qemu, which in the case of reboot
would be 0, we also override the success exit status to 123
and check that we got that as an exit code from mkosi.
sd-radv: allow to send multiple routes or prefix64 that have intersection with others
I cannot find any RFC that states we should not send multiple route
prefix or pref64 options that have intersection with others.
Moreover, each route prefix option has preference field, thus, user may
want to send e.g. a prefix with the normal preference, and another sub
prefix with the high preference. Previously, such configuration was
prohibited. Let's allow that now.