env-file: bring our decoding of double-quoted strings in env files in line with shell
In shell, inside of double quotes only a select few chars should be
escaped. If other chars are escaped this has no effect. Correct the list
of chars that need such escaping.
Also, make sure we can read back the stuff we wrote out without loss.
hashmap: make sure to initialize shared hash key atomically
if we allocate a bunch of hash tables all at the same time, with none
earlier than the other, there's a good chance we'll initialize the
shared hash key multiple times, so that some threads will see a
different shared hash key than others.
Let's fix that, and make sure really everyone sees the same hash key.
socket: downgrade log warnings about inability to set socket buffer sizes
In containers we might lack the privs to up the socket buffers. Let's
not complain so loudly about that. Let's hence downgrade this to debug
logging if it's a permission problem.
cryptsetup: generate the unit to umount keydev filesystem
Previously we would call umount from ExecStartPost= of
systemd-cryptsetup instance in order to get rid of the keydev
mount (i.e. filesystem containing keyfile). Let's generate unit to
handle umount. Making this symmetrical (both mount and umount of keydev
are handled by units) fixes the problem with lingering keydev mounts.
Motivation for the change is the issue where keydev mount would stay
around even if device was successfully unlocked and mount is no longer
needed. That could happen previously because when generator options are
not prefixed with "rd." we run generators twice (e.g. rd.luks.key=...).
In such case disk is unlocked in initramfs phase of boot (assuming the
initrd image contains the generator and is able to handle unlocking of
LUKS devices). After switchroot we however enqueue start job for
systemd-cryptsetup instance (because units are regenerated second time)
and that pulls in its dependencies into transaction. Later the main
systemd-cryptsetup unit not actually started since it is already active
and has RemainaAfterExit=yes. Nevertheless, dependencies get activated
and keydev mount is attached again. Because previously we called umount
from ExecStartPost= of systemd-cryptsetup instance the umount is not
called second time and keydev filesystem stays lingering.
logind: make sure when we are explicitly asked to terminate session/user/seat to use "replace" job mode
Otherwise our request will possibly fail if something else is already
enqeued, but given this is an explicit user request, let's not allow
things to fail.
Nazar Vinnichuk [Fri, 11 Sep 2020 10:38:53 +0000 (13:38 +0300)]
man: document the random delay of persistent timers
The manual states that a persistent timer triggers it's service
immediately on activation to catch up with missed invocations, but since
PR #11608 it is no longer the case if RandomizedDelaySec= is set to a
non-zero value.
pkg-config: prefix is not really configurable, don't pretend it was
We generally don't support prefix being != /usr, and this is hardcoded
all over the place. In the systemd.pc file it wasn't so far. Let's
adjust this to match the rest of the codebase.
A variety of sockopts exist both for IPv4 and IPv6 but require a
different pair of sockopt level/option number. Let's add helpers for
these that internally determine the right sockopt to call.
This should shorten code that generically wants to support both ipv4 +
ipv6 and for the first time adds correct support for some cases where we
only called the ipv4 versions, and not the ipv6 options.
fs-util,tmpfiles: fix error handling of fchmod_opath()
When 4dfaa528d45 was first commited its callers relied on `errno` instead of the
return value for error reporting. Which worked fine, since internally
under all conditions base were set — even if ugly and not inline with
our coding style. Things then got broken in f8606626ed3c2582e06543550d58fe9886cdca5f where suddenly additional
syscalls might end up being done in the function, thus corrupting `errno`.
Use sockaddr_un_set_path() in socket_address_parse()
Two functional changes:
- "/" is now refused. The test is adjusted.
- The trailing NUL is *not* included in the returned size for abstract size. The
comments in sockaddr_un_set_path() indicate that this is the right thing to do,
and the code in socket_address_parse() wasn't doing that.
Allow interface scopes to be specified in ListenStream=
Closes #12624.
The formatting in systemd.socket.xml is updated a bit.
Currently in_addr_port_ifindex_name_to_string() always prints the ifindex
numerically. This is not super useful since the interface numbers are
semi-random. Should we use interface names in preference?
shared: don't unconditionally set SOCK_STREAM as type in socket_address_parse()
We would set .type to a fake value. All real callers (outside of tests)
immediately overwrite .type with a proper value after calling
socket_address_parse(). So let's not set it and adjust the few places
that relied on it being set to the fake value.
socket_address_parse() is modernized to only set the output argument on
success.
shared: make socket_address_parse use the generic parser for IPv[46] addresses
One special syntax is not supported anymore: "iface:port" would be parsed as an
interface name plus numerical port, equivalent to "[::]%iface:port". This was
added in 542563babda, but was undocumented, and we had no tests for it. It seems
that this actually wasn't doing anything useful, because the kernel only uses the
scope identifier for link-local addresses.
shared: check interface name validity in in_addr_port_ifindex_name_from_string_auto()
We don't try to resolve invalid ifnames as all. A different return
code is used. This difference will be verified later in test_socket_address_parse()
when socket_address_parse() is converted to use
in_addr_port_ifindex_name_from_string_auto().
test-socket-netlink: print the proper expected string
We would use the return value from the tested function to decide
what to print as "expected", which is confusing when something is wrong
with the tested function.
resolved: unify the two functions to create extra stubs
There is a minor functional change:
IPV6_FREEBIND is set of IPv6 sockets, not IP_FREEBIND. This was missed in af8b1384, but I noticed only after the merging the two functions.
And a not-so-minor functional chagnge: 7216a3b5dcde36245 changed manager_dns_stub_tcp_fd_extra() to return the fd even
if the source was already initialized, but it didn't do the same change for
manager_dns_stub_udp_fd_extra(), so it would return 0 in that case. But 0354029bf572489b uses manager_dns_stub_udp_fd_extra() when preparing to call
manager_send(), and will pass 0 as the fd in that case. For both socket types
fd is now always returned.
This really doesn't matter given that AF_xyz and PF_xyz are equivalent
in all ways, but we almost always use AF_xyz, hence stick to it
universally and convert the remaining PF_ to AF_
copy: optionally, reproduce hardlinks from source in destination
This is useful for duplicating trees that contain hardlinks: we keep
track of potential hardlinks and try to reproduce them within the
destination tree. (We do not hardlink between source and destination!).
This is useful for trees like ostree images which heavily use hardlinks
and which are otherwise exploded into separate copies of all files when
we duplicate the trees.