let's use sd_notifyf(). Let's also stop validating the session ID here.
This is the destructor. if it contains a dash, we are already too late
here anyway.
Chris Morin [Thu, 14 Mar 2019 18:24:52 +0000 (11:24 -0700)]
journal-remote: use source's boot-id
systemd-journal-remote always wrote the boot-id of the device it was running on
to the header of its journal files. When the source had a different boot-id
(because it was generated on a different boot, or a different device), the
boot-ids in the file were inconsistent. The _BOOT_ID field was that of the
source, but the journal file header and each entry object header were that of
the device systemd-journal-remote ran on. This breaks journalctl --list-boots
on any of these files.
Set the boot-id in the header to be that of the source. This also fixes the
entry object headers.
In particular, let's not use gotos that jump up, i.e. are loops. gotos
that jump down for the purpose of clean-up are cool, but using them for
loops is evil.
man: refer to innermost directory as innermost, not as "lowest"
Let's avoid confusion whether the root is at the top or of the bottom of
the directory tree. Moreover we use "innermost" further down for the
same concept, so let's stick to the same terminology here.
meson: stop creating enablement symlinks in /etc during installation
This patch was initially prompted by a report on a Fedora update [1], that the
upgrade causes systemd-resolved.service and systemd-networkd.service to be
re-enabled. We generally want to preserve the enablement of all services during
upgrades, so a reset like this is not expected.
Both services declare two symlinks in their [Install] sections, for their dbus
names and for multi-user.target.wants/. It turns out that both services were
only partially enabled, because their dbus unit symlinks
/etc/systemd/system/dbus-org.freedesktop.{resolve1,network1}.service were
created, by the symlinks in /etc/systemd/system/multi-user.target.wants/ were
not. This means that the units could be activated by dbus, but not in usual
fashion using systemctl start. Our tools make it rather hard to figure out when
something like this happens, and it is definitely an area for improvement on its
own. The symlink in .wants/ was filtered out by during packaging, but the dbus
symlink was left in (I assume by mistake).
Let's simplify things by not creating the symlinks statically during 'ninja
install'. This means that the units shipped by systemd have to be enabled in
the usual fashion, which in turns means that [Install] section and presets
become the "single source of truth" and we don't have two sets of conflicting
configuration.
Let's consider a few cases:
- developer: a developer installs systemd from git on a running system, and they
don't want the installation to reset enablement of anything. So this change is
either positive for them, or has no effect (if they have everything at
defaults).
- package creation: we want to create symlinks using 'preset-all' and 'preset'
on upgraded packages, we don't want to have any static symlinks. This change
will remove the need to filter out symlinks in packaging and of course fix
the original report.
- installation of systemd from scratch: this change means that without
'preset-all' the system will not be functional. This case could be affected
negatively by this change, but I think it's enough of a corner case to accept
this. In practice I expect people to build a package, not installl directly
into the file system, so this might not even matter in practice.
Creating those symlinks was probably the right thing in the beginning, but
nowadays the preset system is very well established and people expect it to
be honoured. Ignoring the presets and doing static configuration is not welcome
anymore.
Note: during package installation, either 'preset-all' or 'preset getty@.service
machines.target remote-cryptsetup.target remote-fs.target
systemd-networkd.service systemd-resolved.service
systemd-networkd-wait-online.service systemd-timesyncd.service' should be called.
Yu Watanabe [Sun, 31 Mar 2019 15:24:25 +0000 (00:24 +0900)]
network: do not abort execution when NetDev.Name= conflicts
This also changes that .netdev files are loaded in ascending order.
Otherwise, when NetDev.ifname= setting conflicts with other .netdev file,
then .netdev file with large prefix number wins.
fsck: copy out device argument from argv[] before forking
We nowadays rename our child processes, hence argv[] will be clobbered,
let's hence copy the device path to dynamic memory before forking.
This is fall-out from 60ffa37a65a96c3af857a3dfc4a6fd47b20cc90e since we
now a lot more often end up overriding the argv[] buffer than before,
simple because we know what to override.
These kind of bugs kinda suck. THere are only two options here: stop
overriding argv[] for all cases (or just these cases) or explicitly
copying out everything we need in child processes before forking. With
this patch I opt for the latter, though I am not 100% convinced this is
a great solution. Just a better solution than everything else, i.e.
allowing argv[] to remain out of sync with what others see.
Apparently by the C standard "int" bitfields can have any signedness
(unlike non-bitfield declarations which are "signed" if the signedness
is not specified).
Let's fix the LGTM warning about this hence and be explicit that we mean
"signed" here.
util-lib: when copying files make sure to apply some chattrs early, some late
Some chattrs only work sensible if you set them right after opening a
file for create (think: FS_NOCOW_FL). Others only work when they are
applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's
take that into account when copying files and applying a chattr to them.
Michal Sekletar [Wed, 27 Mar 2019 08:27:21 +0000 (09:27 +0100)]
cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
With new LUKS2 header format it is possible to use Argon2 key derivation
function. This function is "memory-hard" hence keyslot unlocking can
potentially use a lot of RAM as this increases resistance to massively
parallel GPU based password cracking.
However, when multiple systemd-cryptsetup binaries run at the same
time it is very likely that system using Argon2 (e.g. Fedora 30)
will encounter memory-pressure during early boot, following OOM killing
spree.
This patch aims to lower the damage done by OOM killer and sets OOMScore
for systemd-cryptsetup units to 500. Hopefully OOM killer will then
shoot us down and leave rest of the system services alone.