The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
journal-gatewayd: check if certificate is signed by CA
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.
Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
journal-gatewayd: ask clients to provide certificates
A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.
Josh Triplett [Sat, 15 Mar 2014 18:40:07 +0000 (11:40 -0700)]
Use strlen even for constant strings
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
utmp_wall() now takes an optional argument 'username_override' which
allows the caller to override the username shown on wall messages.
journald will use this to inform users that its wall messages comes from
'systemd-journald'.
Michael Marineau [Fri, 14 Mar 2014 04:32:12 +0000 (21:32 -0700)]
shared: add root argument to search_and_fopen
This adds the same root argument to search_and_fopen that
conf_files_list already has. Tools that use those two functions as a
pair can now be easily modified to load configuration files from an
alternate root filesystem tree.
Greg KH [Fri, 14 Mar 2014 04:43:04 +0000 (04:43 +0000)]
machine-id: add --root option to operate on an alternate fs tree
This makes it possible to initialize the /etc/machine-id file on an
arbitrary filesystem hierarchy. This helps systems that wish to run
this at image creation time in a subdirectory, or from initramfs before
pivot-root is called.
[tomegun: converted to using _cleanup_free_ macros]
Brandon Philips [Thu, 13 Mar 2014 22:19:40 +0000 (15:19 -0700)]
nspawn: allow -EEXIST on mkdir_safe /home/${uid}
With systemd 211 nspawn attempts to create the home directory for the
given uid. However, if the home directory already exists then it will
fail. Don't error out on -EEXIST.
sd-bus: don't look for a 64bit value when we only have 32bit value on reply cookie hash table access
This broke hashtable lookups for the message cookies on s390x, which is
a 64bit BE machine where accessing 32bit values as 64bit and vice versa
will explode.
Also, while we are at it, be a bit more careful when dealing with the
64bit cookies we expose and the 32bit serial numbers dbus uses in its
payload.
Tom Gundersen [Thu, 13 Mar 2014 16:47:30 +0000 (17:47 +0100)]
nspawn: make host0's MAC address persistent
We still need to make sure that no two MAC addresses are the same, so we use
a logic similar to what is used in udev to generate MAC addresses, and base
it on a hash of the host's machine ID and thecontainer's name.
getty: Start getty on 3270 terminals available on Linux on System z
Add the first 3270 terminal device that is associated with the Linux preferred
console to the list of virtualization consoles. This is required to
automatically start a getty if the conmode=3270 kernel parameter is specified
for Linux on z/VM instances. Note that a queued upstream patch also enable
the 3270 terminal device if it is associated with the Linux preferred console.
How
To successfully start agetty on a 3270 terminal, a change in the agetty
parameter order is required. Previously, agetty would started like this:
/sbin/agetty --keep-baud 3270/tty1 115200,38400,9600 TERM
The agetty program interprets the "3270/tty1" as baud rate and fails to start
with the "bad speed: 3270/tty1" error message. Fixing this in agetty is more
complex rather than reordering the command line parameters like this:
/sbin/agetty --keep-baud 115200,38400,9600 3270/tty1 TERM
According to agetty sources and "agetty --help", agetty accepts the "tty",
"baudrate tty", and "tty baudrate" specifications.
P.S. The "tty: Set correct tty name in 'active' sysfs attribute" introduces
a change to display the terminal device which is associated with the
Linux preferred console. This change helps to let systemd handle this
particular case only. Without the changes of this commit, no additional
3270 terminal device can be managed by systemd.
gpt-auto-generator: honour read-only and no-auto flag from GPT data
Similar to the read-only and no-automount flags of Microsoft Basic Data
Partitions, introduce our own flags. We map them to the same flag bits
as Microsoft's, to keep things simple.
"systemctl list-machines" shows one line per local container which
includes the current system state of the container, the number of failed
units as well as the number of currently queued jobs.
The system state knows the states starting →
running/degraded/maintenance → stopping, where:
starting = system startup
running = normal operation
degraded = at least one unit is currently in failed state
maintenance = rescue/emergency mode is active or queued
stopping = system shutdown
Josh Triplett [Wed, 12 Mar 2014 04:16:33 +0000 (21:16 -0700)]
backlight: Avoid restoring brightness to an unreadably dim level
Some systems turn the backlight all the way off at the lowest levels.
Clamp saved brightness to at least 1 or 5% of max_brightness. This
avoids preserving an unreadably dim screen, which would otherwise force
the user to disable state restoration.
Josh Triplett [Wed, 12 Mar 2014 04:09:04 +0000 (21:09 -0700)]
backlight: Fix copy/paste error printing an unrelated error code
udev_device_get_sysattr_value returns NULL on failure, but doesn't
provide an error code; thus, when printing an error from it, don't print
an unrelated error code from a previous call.
bus: replace sd_bus_label_{escape,unescape}() by new sd_bus_path_{encode,decode}()
The new calls work similarly, but enforce a that a common, fixed bus
path prefix is used.
This follows discussions with Simon McVittie on IRC that it should be a
good idea to make sure that people don't use the escaping applied here
too wildly as anything other than the last label of a bus path.
fstab-generator: when running in a container, ignore fstab entries referring to device nodes
Since these device nodes will never appear in the container anyway
there's no point in waiting for them.
This makes it easier to boot images generated with general purpose
installers like Anaconda which unconditionally populate /etc/fstab to
boot in containers.