Daan De Meyer [Sun, 17 Dec 2023 18:41:56 +0000 (19:41 +0100)]
shutdown: Send EXIT_STATUS before final sync
There's a race condition where the EXIT_STATUS= message we send
just before shutting down the VM doesn't arrive on the host,
presumably because the VM is shut down before the kernel has had a
chance to forward the message to the host.
Since there's no obvious way to wait until the message has been
flushed to the host, let's send the message before we execute the
final sync() instead of after executing the final sync(). In my
testing, this seems to either guarantee the message is sent or
introduces sufficient delay that the kernel always has time to flush
its socket buffers to the host.
mkosi: use systemd.firstboot=no to turn of interactivity at boot
Now that creds are processed even if systemd.firstboot=no is set, we can
use it to disable the root pw prompt *and* the new homectl prompt at the
same time, without breaking the creds stuff.
This extends what systemd-firstboot does and runs on first boots only
and either processes user records passed in via credentials to create,
or asks the user interactively to create one (only if no regular user
exists yet).
firstboot: adjust what systemd.firstboot=no on the kernel cmdline does
So far by setting systemd.firstboot=no simply short-cut the whole tool
and made it exit early. This is against what the docs say though: they
just claim the user isn't asked for questions anymore. Let's change
behaviour so that the code actually matches the docs, or more
specifically: if credentials are passed into firstboot, then honour
them, regardless of the kernel cmdline option.
After all, if we get explicit data passed in we should operate on it,
and then leave systemd.firstboot=no just affect the interactivity.
I think this was actually mostly a bug introduced because the credential
stuff was added after the kernel cmdline option, hence this just catches
up with the new addition.
resolved: increase most label buffers to fit a trailing NUL byte
This is just paranoia. In all these cases we don't really care about the
trailing NUL byte. But if there's space for it dns_label_unescape() is
going to insert it, and that's a good safety strategy.
With <para><filename>…</filename></para>, we get a separate "paragraph" for
each line, i.e. entries separated by empty lines. This uses up a lot of space
and was only done because docbook makes it hard to insert a newline. In some
other places, <literallayout> was used, but then we cannot indent the source
text (because the whitespace would end up in the final page). We can get the
desired result with <simplelist>.
With <simplelist> the items are indented in roff output, but not in html
output. In some places this looks better then no indentation, and in others it
would probably be better to have no indent. But this is a minor issue and we
cannot control that.
(I didn't convert all spots. There's a bunch of other man pages which have two
lines, e.g. an executable and service file, and it doesn't matter there so
much.)
Yu Watanabe [Tue, 12 Dec 2023 18:43:27 +0000 (03:43 +0900)]
network/nexthop: manage all nexthops by manager
The kernel manages nexthops by their IDs. Previously networkd manages
nexthops in three ways:
- by the corresponding link, if a nexthop has ifindex,
- by the manager, if a nexthop does not have ifindex,
- by the manager with their IDs.
This unifies the three managements of nexthops into one, and use the
same way as the kernel uses.
Yu Watanabe [Tue, 12 Dec 2023 09:40:43 +0000 (18:40 +0900)]
network/nexthop: NextHop.id is always positive when nexthop_configure() is called
If a nexthop is requested without a valid ID, then nexthop_acquire_id()
assigns an unused ID. So, at the time nexthop_configure() is called, the
ID is always valid.
Daan De Meyer [Thu, 14 Dec 2023 09:57:05 +0000 (10:57 +0100)]
Add $SYSTEMD_HWDB_UPDATE_BYPASS (#30463)
Same as $KERNEL_INSTALL_BYPASS, but for hwdb. This will speed up
cross architecture image builds in mkosi as I can disable package
managers from running the costly hwdb update stuff in qemu user
mode and run it myself with a native systemd-hwdb with --root=.
This is gets the resource limits off a specified process, and is very
similar to prlimit() with a NULL new_rlimit argument. In fact, it tries
that first. However, it then falls back to use /proc/$PID/limits. Why?
Simply because Linux prohibits access to prlimit() for processes with a
different UID, but /proc/$PID/limits still works.
This is preparation to allow nspawn to run unprivileged.
Richard Maw [Mon, 27 Nov 2023 17:50:49 +0000 (17:50 +0000)]
mkosi: Add testuser and tar to system image
The integration tests are installed into the image
with the intention that it should be possible to run those tests,
but those tests require the named user testuser
and tar is needed for machined-import
dissect-tool: hide device column if it's a short-lived loopback device
It's pointless showing info that isn#t going to survive the current
invocation, hence hide it.
The "partition number" column is more useful since it kinda shows the
same information, but without the device node name prefixed that is
local to the currentl invocation.
blockdev-util: add new helper blockdev_get_device_size()
This function is just a wrapper around the BLKGETSIZE64. Which is a
pretty simple ioctl. The only reason to wrap it, is that the headers we
need to call it are a bit messy (as "linux/fs.h" is incompatible with
certain glibc headers). Hence add the simple helper that wraps it and
allows us to do the header mess needed in one file only.
It's also nicely symmetric to blockdev_get_sector_size().
Richard Maw [Tue, 5 Dec 2023 18:09:18 +0000 (18:09 +0000)]
test: slacken plugged -> dead test
This test is for if devices transition from plugged -> dead -> plugged
on boot, but it is normal to see loop devices transition plugged -> dead
on first boot when systemd-repart adds the root partition.
Richard Maw [Mon, 27 Nov 2023 17:48:24 +0000 (17:48 +0000)]
test: Create analyze chroot with --rbind
The systemd-analyze integration test also tests chroots.
It builds its chroot by bind-mounting /,
but since /usr might be a separate mountpoint
it should create the chroot with --rbind.
Mike Yuan [Sun, 10 Dec 2023 17:36:22 +0000 (01:36 +0800)]
core/unit: clean up unit_log_resources
* Use a unified struct to store accounting fields/suffixes
* Use strextendf_with_separator where appropriate
* Don't mix stack and heap allocation for one iovec array
varlink: improve compat with varlink C reference implementation
The reference implementation seems to set the 'parameters' field for
method calls to 'null' if nothing is specified on its command line. We
so far only could deal if the parameters field was unset or set to the
empty object. Let's also accept the 'null' type.