Tomáš Pecka [Thu, 7 Oct 2021 09:16:57 +0000 (11:16 +0200)]
sd-lldp-rx: serialize LLDP neighbors to JSON format
Add functions serializing LLDP neighbors to JSON (JsonVariant).
The entry contains a chassis id, system name and port id of the remote
neighbor. Also it possibly contains an integer coding the enabled system
capabilities and port description.
While it is generally worthwhile for systemd to drop split-usr support,
these options are NOT about split-usr support. The universal location of
POSIX sh is always /bin/sh. Bash is pretty reasonably standardized there
too.
This happens irrespective of /bin being a symlink to /usr/bin.
Ramifications of this change include things like:
- portably running shell scripts that might run very nearly anywhere
- /etc/shells support
For standardization and compatibility reasons, these commands with these
paths need to be consistently found on any system, and thus distros make
sure this works, although even on split-usr systems /usr/bin/bash may be
a symlink to /bin/bash.
Embedding the *access path* of bash as /usr/bin/bash in systemd, for
example in libnss_systemd.so, means that login shells must agree with
systemd on how they invoke the shell. End result: users fail to login
because of access violations.
This cannot be fixed by "fixing PAM" because PAM does not follow
symlinks by design: one example is that it needs to treat rbash as
different from bash.
Fixes: https://bugs.gentoo.org/919749 Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
ssh-generator: don't do AF_VSOCK stuff if we run in a container
Tighten our VM check: whether we run in a VM is not enough to do
AF_VSOCK. We also need to check if we are run in a container, because if
we run in a container inside a VM then we should *not* do the AF_VSOCK
stuff, but leave the port free for the VM itself.
This makes it easier for people packaging kernel-install plugins
to get the path right.
E.g. https://src.fedoraproject.org/rpms/python-virt-firmware/pull-request/3
fixes an issue where %{_libdir}/kernel/install.d was used,
which gives incorrect results on 64-bit architectures.
%_kernel_install_dir will make this even easier.
Michael Biebl [Wed, 28 Feb 2024 15:11:14 +0000 (16:11 +0100)]
Drop build-api support
It appears the build-api effort at
https://github.com/cgwalters/build-api hasn't really caught on.
systemd appears one of the very few projects actually supporting it.
It does confuse certain tools though. E.g. debhelper by finding a
configure script wrongly assumes this is an autoconf project and thus
needs to be told explicitly that this is in fact a Meson project [1].
Given that Meson is an established build system by now, it appears ok to
drop this compat layer, which will never be fully complete anyway.
Luca Boccassi [Wed, 28 Feb 2024 23:46:15 +0000 (23:46 +0000)]
semaphore: speed up build
- avoid stripping debug symbols and creating dbgsym packages
- avoid LTO, slows down build a lot
- avoid compressing packages, they are thrown out immediately after use
- avoid building udeb packages, not needed
dissect-image: add flag for explicitly enabling userspace verity signature checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
The glibc API is behind the wrapper is called "secure_getenv()", hence
our wrapper really should keep the order too, otherwise things are just
too confusing.
tree-wide: use "_" rather than "-" as separator in kernel cmdline options
Most of our kernel cmdline options use underscores as word separators in
kernel cmdline options, but there were some exceptions. Let's fix those,
and also use underscores.
Since our /proc/cmdline parsers don't distinguish between the two
characters anyway this should not break anything, but makes sure our own
codebase (and in particular docs and log messages) are internally
consistent.
Susant Sahani [Mon, 26 Feb 2024 13:26:57 +0000 (18:56 +0530)]
netdev: bond - add support for peer_notif_delay
Specify the delay, in milliseconds, between each peer
notification (gratuitous ARP and unsolicited IPv6
Neighbor Advertisement) when they are issued after
a failover event. This delay should be a multiple of
the MII link monitor interval (miimon).
The valid range is 0 - 300s. The default value is 0,
which means to match the value of the MII link monitor interval.
Sam Leonard [Tue, 27 Feb 2024 15:08:37 +0000 (15:08 +0000)]
shared/ptyfwd: allow window title but not background color as a valid state
Previously if a PTYForward instance had the window title set but no
background color set then it would crash in an assertion as
pty_forward_ansi_process didn't require both to be present.
systemd-vmspawn could get into this state if it failed to get the
terminal tint color.
Now any method that would have called background_color_sequence now
becomes just a NOP if the background color is not set.
This allows keeping the functionality to set window titles even if the
terminal doesn't support the background coloring.
Sam Leonard [Tue, 27 Feb 2024 14:35:14 +0000 (14:35 +0000)]
basic/terminal-util: accept ST or BEL to end escape sequence queries
Currently scan_background_color_response only accepts BEL (\x07) to end
a response, however some terminals (namely kitty in my case) will reply
with the string terminator (ST - https://en.wikipedia.org/wiki/ANSI_escape_code).
This commit changes the behaviour to now accept either ending.
Sam Leonard [Tue, 27 Feb 2024 11:12:39 +0000 (11:12 +0000)]
basic/terminal-util: add check for poll timeout in get_default_background_color
Currently the return value 0 is not checked for, this indicates a
timeout and should be handled to prevent doing a blocking read on a file
descriptor with no data ready.
The retrans time field in RA message is for neighbor solicitation,
and the commit d4c8de21a07d015f2f2c787e0735be5e4d02fb3c makes the value
assigned to the correct sysctl property.
Let's deprecate the option, and drop the redundant functions.
udevd: Add ReceivePacketSteeringCPUMask for systemd.link
Takes a list of CPU indices or ranges separated by either whitespace or commas. Alternatively,
takes the special value "all" in which will include all available CPUs in the mask.
CPU ranges are specified by the lower and upper CPU indices separated by a dash (e.g. "2-6").
This option may be specified more than once, in which case the specified CPU affinity masks are merged.
If an empty string is assigned, the mask is reset, all assignments prior to this will have no effect.
Defaults to unset and RPS CPU list is unchanged. To disable RPS when it was previously enabled, use the
special value "disable".
Currently, this will set CPU mask to all `rx` queue of matched device (if it has multiple queues).
The `/sys/class/net/<dev>/queues/rx-<n>/rps_cpus` only accept cpu bitmap mask in hexadecimal.
Luca Boccassi [Sat, 24 Feb 2024 12:05:44 +0000 (12:05 +0000)]
install: fix compiler warning about empty directive argument
On ppc64el with gcc 13.2 on Ubuntu 24.04:
3s In file included from ../src/basic/macro.h:386,
483s from ../src/basic/alloc-util.h:10,
483s from ../src/shared/install.c:12:
483s ../src/shared/install.c: In function ‘install_changes_dump’:
483s ../src/shared/install.c:432:64: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
483s | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
483s ../src/shared/install.c:432:75: note: format string is defined here
483s 432 | err = log_error_errno(changes[i].type, "Failed to %s unit, unit %s does not exist.",
core: remove duplicate serialization of `cpu_sched_reset_on_fork`
`c->cpu_sched_reset_on_fork` is serialized using
`exec-context-cpu-sched-reset-on-fork` and
`exec-context-cpu-scheduling-reset-on-fork`. Let's keep only the second one, to
serialize the value only if `cpu_sched_set` is true.
bootspec: don't complain about valid loader.conf settings
Let's not complain about various valid loader.conf settings we more
recently added. At the same time let's remove the half-assed userspace
parsers for the fields we actually do support but don't actually really
care about in userspace. There's really no point in storing strings away
that we are not using at all, hence just don#t.
Frantisek Sumsal [Tue, 27 Feb 2024 10:10:53 +0000 (11:10 +0100)]
test: use socat in unidirectional mode
By default socat open a separate r/w channel for each specified address,
and terminates the connection after .5s from receiving EOF on _either_
side. And since one side of that connection is an empty stdin, we reach
that EOF pretty quickly. Let's avoid this by using socat in
"reversed unidirectional" mode, where the first address is used only for
writing, and the second one is used only for reading.