Daan De Meyer [Wed, 16 Aug 2023 19:22:57 +0000 (21:22 +0200)]
meson: Use rsync to copy test data directories
install_subdir() does not copy symlinks but copies the file they
point to. We also get a very ugly warning in the meson install
output:
"""
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
"""
Let's fix both problems at once by using rsync which does the right
thing. Verified by running systemd-dissect --mtree on both the install
output before and after and all the symlinks are now correctly preserved.
David Tardon [Thu, 17 Aug 2023 05:49:35 +0000 (07:49 +0200)]
bus-polkit: don't propagate error from polkit
An error reply from polkit is a valid case and should not be propagated
as failure of async_polkit_callback(). It should only be saved here.
It'll be returned by bus_verify_polkit_async() later, when it's called
for the same method again.
Luca Boccassi [Sun, 13 Aug 2023 21:29:25 +0000 (22:29 +0100)]
core: stage /run/host/os-release with a symlink to avoid possible race condition
If someone reads /run/host/os-release at the exact same time it is being updated, and it
is large enough, they might read a half-written file. This is very unlikely as
os-release is typically small and very rarely changes, but it is not
impossible.
Bind mount a staging directory instead of the file, and symlink the file
into into, so that we can do atomic file updates and close this gap.
Atomic replacement creates a new inode, so existing bind mounts would
continue to see the old file, and only new services would see the new file.
The indirection via the directory allows to work around this, as the
directory is fixed and never changes so the bind mount is always valid,
and its content is shared with all existing services.
Mike Yuan [Thu, 10 Aug 2023 17:41:03 +0000 (01:41 +0800)]
journalctl: support --lines=+N for showing the oldest N entries
After f58269510727964cb5c10e7d2f9849c442ea1f80, the wrong behavior
occurred when --since= and --lines= are both specified is fixed.
However, it seems that the old behavior is already being somewhat
widely used, and the function itself makes sense, i.e. to allow --lines=
to output the first N journal entries.
Therefore, let's support prefixing the number for --lines= with '+',
and provide such functionality.
manager: fix error handling after failure to set up child
exec_child() is supposed to set *exit_status when returning failure.
Unfortunately, we didn't do that in two cases. The result would be:
- a bogus error message "Failed at step SUCCESS spawning foo: …",
- a bogus success exit status.
errno-util: allow ERRNO_IS_* to accept types wider than int
This is useful if the variable is ssize_t and we don't want to trigger a
warning or truncation.
With gcc (gcc-13.2.1-1.fc38.x86_64), the resulting systemd binary is identical,
so I assume that the compiler is able to completely optimize away the type.
basic/errno-util: add wrappers which only accept negative errno
We do 'IN_SET(r, -CONST1, -CONST2)', instead of 'IN_SET(-r, CONST1, CONST2)'
because -r is undefined if r is the minimum value (i.e. INT_MIN). But we know
that the constants are small, so their negative values are fine.
This merges the counts for a few people who existed with and without accents,
or with different capitalizations, and suffixes. Also, stop overriding
NeilBrown's spelling of the name.
Note: IIUC, we have two Luca Bruno's: lucab@debian.net is not the same as the
other Luca BRUNO who works on coreos.
@@ -386 +385,0 @@
- 2 Damjan Georgievski
@@ -401 +399,0 @@
- 1 Daniel Berrange
@@ -425 +423 @@
- 11 Daniel P. Berrangé
+ 12 Daniel P. Berrangé
@@ -888 +885,0 @@
- 1 Jiri Pirko
@@ -891 +888 @@
- 1 Jiří Pírko
+ 2 Jiří Pírko
@@ -1105 +1102 @@
- 12 Luca BRUNO
+ 18 Luca BRUNO
@@ -1107 +1104 @@
- 8 Luca Bruno
+ 2 Luca Bruno
@@ -1160,2 +1157 @@
- 1 Marc-Andre Lureau
- 17 Marc-André Lureau
+ 18 Marc-André Lureau
@@ -1313,2 +1309 @@
- 31 Michal Sekletar
- 168 Michal Sekletár
+ 199 Michal Sekletár
@@ -1383,3 +1378 @@
- 2 Neal Gompa
- 1 Neal Gompa (ニール・ゴンパ)
- 12 Neil Brown
+ 3 Neal Gompa (ニール・ゴンパ)
@@ -1387,0 +1381 @@
+ 12 NeilBrown
@@ -1494,2 +1488 @@
- 1 Perry Yuan
- 1 Perry.Yuan
+ 3 Perry Yuan
@@ -1941,2 +1934 @@
- 2 Viktar Vauchkevich
- 2 Viktar Vaŭčkievič
+ 4 Viktar Vaŭčkievič
@@ -2016,2 +2008 @@
- 1 Yao Wei
- 1 Yao Wei (魏銘廷)
+ 2 Yao Wei (魏銘廷)
@@ -2145 +2135,0 @@
- 1 gdamjan
@@ -2256 +2245,0 @@
- 1 perry_yuan
@@ -2331 +2320 @@
- 18 Дамјан Георгиевски
+ 21 Дамјан Георгиевски
Brian Norris [Wed, 16 Aug 2023 00:19:49 +0000 (17:19 -0700)]
tools: update-hwdb-autosuspend.sh: Point at HEAD, not master branch
Many Chromium projects have moved from 'master' to 'main', where
'master' is no longer updated. Point at HEAD instead, which should
always represent the default branch.
I don't actually rerun/regenerate the database, since I don't really run
systemd environments to test that update on.
Daan De Meyer [Tue, 15 Aug 2023 08:32:45 +0000 (10:32 +0200)]
repart: Rework read-only logic
verity sig partitions can't actually be marked read-only, so let's
not do that to avoid an ugly warning about that. Instead, let's just
make sure that we mark verity hash and verity data partitions as
read-only.
Warren [Tue, 15 Aug 2023 10:28:14 +0000 (20:28 +1000)]
p11kit: check the flags associated with the slot instead of flags associated with the token
The logic around checking PKCS11 tokens (used by systemd-cryptenroll) contains a bug.
The code is checking the flags field of a pkcs11 token_info structure against a set of flags defined for the pkcs11 slot_info structure. This PR changes the check so that the correct structure's flag field is being checked.
(Reference to the PKCS#11 spec:http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html, section CK_SLOT_INFO).
Daan De Meyer [Tue, 15 Aug 2023 10:10:14 +0000 (12:10 +0200)]
mkfs-util: Don't set MKE2FS_DEVICE_PHYS_SECTSIZE
We only care about the logical sector size and if the physical sector
size isn't set and we're operating on a file, mke2fs will default the
physical sector size to the logical block size anyway.
This change makes sure that if we're operating on a block device and
set an explicit logical sector size, that doesn't affect the physical
sector size.
Daan De Meyer [Mon, 14 Aug 2023 19:57:59 +0000 (21:57 +0200)]
fd-util: Use /proc/pid/fd instead of /proc/self/fd
Currently, we mount via file descriptors using /proc/self/fd. This
works, but it means that in /proc/mounts and various other files,
the source of the mount will be listed as /proc/self/fd/xxx. For other
software that parses these files, /proc/self/fd/xxx doesn't mean anything,
or worse, it means the completely wrong thing, as it will refer to one of
their own file descriptors instead.
Let's improve the situation by using /proc/pid/fd instead. This allows
processes parsing /proc/mounts to do the right thing more often than not.
One scenario where even this doesn't work if when containers are involved,
as with the pid namespace unshared, even /proc/pid/fd will mean the wrong
thing, but it's no worse than /proc/self/fd which will always means the wrong
thing.
This also doesn't work if we mount via file descriptor and then exit, as the pid will
be gone, but it does work as long as the process that did the mount is alive, which
makes it useful for systemd-dissect --with for example if the program we run in the
image wants to parse /proc/mounts.
Daan De Meyer [Mon, 14 Aug 2023 14:44:30 +0000 (16:44 +0200)]
repart: Add Subvolumes= setting
This setting indicates which directories in the target partition
should be btrfs subvolumes. If set, we'll try to create these
directories as subvolumes.
Note that this only works when running as root without --offline,
as mkfs.btrfs does not support creating subvolumes.
Daan De Meyer [Mon, 14 Aug 2023 13:33:15 +0000 (15:33 +0200)]
copy: Add support for creating subvolumes to copy_tree_at()
The subvolumes set is a set of source inodes similar to how the
denylist hashmap contains source inodes as keys. It indicates
directories in the source tree that should become subvolumes in
the target tree.
Daan De Meyer [Sat, 12 Aug 2023 11:30:46 +0000 (13:30 +0200)]
repart: Use 4096 as the fallback sector size for verity/luks/filesystems
When we don't know the sector size of the actual block device, because
we're building an image in a loopback file and no sector size was specified
explicitly, let's use 4096 as the sector size for filesystems, verity and
LUKS. This should be the most compatible option, since 4096 will also work
on devices with sector size 512 or 2048.
For the actual GPT partition table size, we stick with 512 as the default
value since UEFI firmware and the kernel will only try to read the GPT
partition table from the first LBA on the device and the sector size for
most devices is still 512. It can also be trivially modified when copying
the image to another device using --copy-from + --sector-size.
As the commit says, it does not solve the race. Moreover, it introduces
an regression #28410.
Also, checking by `path_is_mount_point()` may trigger automount. From
statx(2),
> AT_NO_AUTOMOUNT
> Don't automount the terminal ("basename") component of pathname
> if it is a directory that is an automount point.
Similar statements can be found in fstatat(2), which is used in the
fallback call for statx() in glibc, and name_to_handle_at(2), which is
used as the fallback when statx() failed.
So, `path_is_mount_point()` may _do_ trigger automount for parent paths.
That should be avoided especially on shutdown.
The original issue #25527 that is 'fixed' by the commit is not serious,
and should be fixed by making umount command handle path gracefully:
https://github.com/util-linux/util-linux/issues/2132