Fixup for e87dec82bec6eff015b368b3c746810d684fc6af:
I misunderstood the format. It's actually CBOR, i.e. some binary format.
When trying to show show text we would first check if it's valid UTF-8,
so we would handle this gracefully, i.e. emit a warning and not print
the contents.
Let's add a new "plymouth-util.c" module with helpers for talking to
plymouth. We so far had three places for this, let's unify the code
doing this a bit.
The meson summary logic checks for ENABLE_* and HAVE_*, but we used a define
with no prefix. Let's make it ENABLE_… for consistency with other config
options. Obviously this also fixes the summary output.
core/unit: use assert for checking internal call sanity
The only way this could be called with an invalid value would be if
somebody forgot to initialize unit type. In such cases, it's better to
fail hard immediately.
Rename {dual,triple}_timestamp_get to {dual,triple}_timestamp_now
Those functions take a pointer to a timestamp and return a timestamp pointer,
so the reader would be justified to think that those are just getters. Rename
them to avoid confusion.
There are draft proposals to embed SBOM metadata in the .sbom section of PE
binaries [1], in the coSWID XML format. Some details of how this is actually
implemented might change, but it seems very likely that both section name and
it being text will stay. Let's show the section as text to make such binaries
easier to inspect. ([1] recommends using 'objcopy -j .sbom' which isn't
particularly readable.) Once there's more standarization of the actual
format, we can add pretty-printing and/or syntax highlighting.
Luca Boccassi [Fri, 10 Nov 2023 00:22:21 +0000 (00:22 +0000)]
executor: lazily load SELinux
Loading the SELinux DB on every invocation can be slow and
takes 2ms-10ms, so do not initialize it unconditionally, but
wait for the first use. On a mkosi Fedora rawhide image, this
cuts the number of loads in half.
Florian Schmaus [Fri, 10 Nov 2023 10:44:09 +0000 (11:44 +0100)]
cgroup: add support for memory.swap.current
In systemctl-show we only show current swap if ever swapped or non-zero. This
reduces the noise on swapless systems, that would otherwise always show a swap
value that never has the chance to become non-zero. It further reduces the
noise for services that never swapped.
Clayton Craft [Fri, 27 Oct 2023 19:50:50 +0000 (12:50 -0700)]
boot: load device tree even if no original config exists
Firmware may not have loaded a devicetree, for example if the device
shipped with windows and exclusively supports ACPI.
We should always load the specified devicetree regardless of firmware
state to enable booting on platforms where Linux only supports DT.
Note: in _cleanup, the orig. config is NULL in this case, and passing
NULL to InstallConfigurationTable is permitted by the EFI spec.
See: https://uefi.org/specs/UEFI/2.10/07_Services_Boot_Services.html
Fixes #24059
Co-authored-by: Daniel Thompson <daniel.thompson@linaro.org>
Frantisek Sumsal [Fri, 10 Nov 2023 15:38:01 +0000 (16:38 +0100)]
fuzz: pass -Dc_args=/-Dcpp_args= to fuzzer targets
Prompted by #29972, because right now it's practically impossible to pass
-fno-sanitize=function to the fuzzer targets without some extensive
sed'ing.
This splits both c_args and cpp_args to separate arguments for
tools/meson-build.sh, because the other way would be to use `eval`, so
the space-separated but quoted strings passed to these options are not
split where they shouldn't, and I'd rather avoid using `eval` if
possible.
Also, this switches the positional arguments we pass to `meson setup`,
as they were in incorrect order (docs say it should be buildir followed
by sourcedir); meson is apparently clever enough to figure this out and
switch the arguments around if necessary, so it didn't complain.
Let's just rely on the word splitting done by bash instead of messing
with that ourselves, as it's just adding extra complexity to appease one
ShellCheck check. Also, this apparently never worked for the nspawn
stuff anyway, since I forgot to set $IFS to an appropriate value, so it
always put all arguments from $KERNEL_APPEND into a single array item
with an extra newline, which then made systemd sad:
~# readarray arr <<< "foo bar baz"; for i in "${arr[@]}"; do echo "'$i'"; done
'foo bar baz
'
~# make -C test/TEST-45-TIMEDATE/ clean setup run BUILD_DIR=$PWD/build TEST_NO_QEMU=1 KERNEL_APPEND="systemd.log_level=console"
...
~# journalctl -o short-monotonic --no-hostname --file /var/tmp/systemd-tests/systemd-test.XaDX67/system.journal --grep "Failed to parse" -p info --no-pager
[551138.986882] systemd-tmpfiles[21]: Failed to parse log level 'console
[551138.987179] systemd-remount-fs[20]: Failed to parse log level 'console
[551138.993125] systemd-sysusers[23]: Failed to parse log level 'console
[551138.998685] journalctl[29]: Failed to parse log level 'console
analyze: add "srk" verb to extract current srk from TPM2 chip
This is pretty low-level functionality, hence placed in systemd-analyze.
This is useful for working with systemd-cryptenroll --tpm2-device-key=,
as it acquires the SRK without requiring the full tpm2-tss tool set.
tpm2-setup: also save the SRK to the file system in TPM2_PUBLIC format
We already save it in PEM format, also store it TPM2_PUBLIC format next
to it. This is useful for usage with systemd-cryptenroll's
--tpm2-device-key= switch.
The tpm2_tpm2b_public_from_pem() invocation only makes sense when we
succeed to load the file from disk, hence we might do this together and
safe a conditionalization.
tpm2-util: move loading of TPM2B_PUBLIC from disk into tpm2-util.c
No change in behaviour, let's just move this over so that we can reuse
this in repart later (and don't have to export the ugly `sym_` function
pointer for it)
Daan De Meyer [Thu, 9 Nov 2023 11:10:53 +0000 (12:10 +0100)]
repart: Fix size round up/round down
Currently, we round minimum sizes up and maximum size down, whereas
it should be the opposite as the current approach means that if the
same size is used for min and max, the min size will end up bigger
than the max size after rounding.
Florian Schmaus [Thu, 9 Nov 2023 07:59:59 +0000 (08:59 +0100)]
core: fix array size in unit_log_resources()
In 0531bded79dc ("core: include peak memory in unit_log_resources()") new log
messages where added, however the size of the according arrays to hold the
messages was not adjusted.
Fixes: 0531bded79dc ("core: include peak memory in unit_log_resources()")
test: use Type=notify together with `busctl monitor`
Let's use the newly gained feature of `busctl` and start is as a
Type=notify unit, which should make sure the unit is started only after
`busctl` is on the bus listening for messages.
This should help with a race spotted in CIs, where we continued too
early after starting `busctl monitor` and miss the emitted signals:
This is pretty much the same stuff as `resolvectl monitor` does, and
allows us to run `busctl monitor` in a Type=notify unit which ensures
that `busctl` is really listening for messages once the unit is marked
as started.
Currently test_setpriority_closest assumes that setting RLIMIT_NICE to 30 will
fail if the process is unprivileged. If it succeeds, it assumes that the
process is privileged and setresuid and setresgid will succeed.
However, if RLIMIT_NICE is already >= 30, then setrlimit will succeed even if
the process is unprivileged. Guard against that by checking for permission
errors in setresuid and setresgid and skipping the full test if so.
Felix Dörre [Fri, 18 Aug 2023 08:00:40 +0000 (10:00 +0200)]
journalctl: verify sealed log epochs are continuous
Currently empty epochs are not sealed. This allows an attacker to truncate
a sealed log and continue it without any problems showing when verifying the
log.
This partially addresses CVE-2023-31438. One way to extend this change to
address CVE-2023-31438 completely, would be to verify that there is exactly
one seal per epoch (and not sealing when the epoch has not ended yet).
the change also adds a journal-file flag: HEADER_COMPATIBLE_SEALED_CONTINUOUS
this flag indicates that a journal file is sealed continuously and decides whether
any missing crypto epochs should trigger a warning or an error.