Daan De Meyer [Fri, 15 Jan 2021 19:51:42 +0000 (20:51 +0100)]
mkosi: Allow setting version-tag option via VERSION_TAG env variable
With https://github.com/systemd/mkosi/pull/630, we can set environment
variables for the build script in mkosi. Let's modify the build script
so we can set the version-tag option via an environment variable of the
same name. The default is the empty string which causes meson to fall
back to the default behavior (git version).
This variable (a.k.a. rootlibexecdir), was exposed through the .pc file, but
not as rpm macro.
The .pc file must be located in the package that provides libraries, which
pulls in a lot of dependencies. In Fedora, the macros are split out to a
separate package so that other packages which need to refer to some systemd
path but don't otherwise require it, can only pull in the (much smaller and
dependency-less) macros package. zram-generator uses the path to specify the
location of systemd-makefs, so by using the rpm macro we'll be able to use
a much smaller buildroot.
fs-util: make laccess() macro follow our usual error propagation
Functions defined by us are supposed to return negative errno-style
errors on errors. laccess() is for access() what lstat() is for stat(),
but defined by us as a macro. This led to some confusion regarding error
handling.
Let's return a negative errno code just in case. This means callers can
it use either way: like access(), i.e. checking for a negative return
value + looking at errno, or like our own code, i.e. using the negative
errno code it returns.
Getting the numbers right for all architectures has proven to be a
constant chore. Let's autogenerate the header from the tables that
were imported in one of the previous commits.
Fixes #18074. (Hopefully. I cannot verify this on all architectures.)
To update the lists, or to update the header after template changes:
ninja -C build update-syscall-tables update-syscall-header
Note: the generated file is saved in git. Initially I wanted to only
store the tables in git, and generate the header during each build.
Generation is quick enough, but the header is used in many many
places (wherever missing_syscall.h is included, directly or indirectly),
which means that we would need to declare the dependency in meson, so
the header would be generated early enough. This turned out to be very
noisy. Storing the generated header in version control avoids the hassle.
systemctl: avoid warning about signed-unsigned compare on 32 bits
../src/systemctl/systemctl-list-units.c: In function ‘output_units_list’:
../src/systemctl/systemctl-list-units.c:112:75: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
112 | for (const UnitInfo *u = unit_infos; unit_infos && u - unit_infos < c; u++) {
| ^
The pointer difference is signed. I don't know why gcc warns on 32bits, but
not otherwise.
Gaël PORTAY [Thu, 31 Dec 2020 11:25:17 +0000 (06:25 -0500)]
veritysetup: remove unused globals
This removes the three global variables arg_root_hash, arg_data_what and
arg_hash_what which were presents since the beginning but were never
being used.
Gaël PORTAY [Sat, 14 Nov 2020 14:21:39 +0000 (09:21 -0500)]
veritysetup-generator: add support for veritytab
This adds the support for veritytab.
The veritytab file contains at most five fields, the first four are
mandatory, the last one is optional:
- The first field contains the name of the resulting verity volume; its
block device is set up /dev/mapper/</filename>.
- The second field contains a path to the underlying block data device,
or a specification of a block device via UUID= followed by the UUID.
- The third field contains a path to the underlying block hash device,
or a specification of a block device via UUID= followed by the UUID.
- The fourth field is the roothash in hexadecimal.
- The fifth field, if present, is a comma-delimited list of options.
The following options are recognized only: ignore-corruption,
restart-on-corruption, panic-on-corruption, ignore-zero-blocks,
check-at-most-once and root-hash-signature. The others options will
be implemented later.
Also, this adds support for the new kernel verity command line boolean
option "veritytab" which enables the read for veritytab, and the new
environment variable SYSTEMD_VERITYTAB which sets the path to the file
veritytab to read.
This adds the ability to specify truncate:PATH for StandardOutput= and
StandardError=, similar to the existing append:PATH. The code is mostly
copied from the related append: code. Fixes #8983.
Gaël PORTAY [Fri, 13 Nov 2020 11:00:25 +0000 (06:00 -0500)]
veritysetup-generator: add support for verity root options
This adds support for a new kernel root verity command line option
"verity_root_options=" which controls the behaviour of dm-verity by
forwarding options directly to systemd-veritysetup.
Gaël PORTAY [Thu, 5 Nov 2020 18:37:43 +0000 (13:37 -0500)]
veritysetup: add support for dm-verity options
This patch allows controlling the behaviour of dm-verity by reusing the
fifth argument that was used to set the roothash signature.
That argument is now a comma-separated list of dm-verity options in the
given format: option[=value]. The option is the name of the long option
in the world of veritysetup.
See `veritysetup(8)` for more details.
Note: The former ROOTHASHSIG the positional argument is now deprecated
in favour of the option root-hash-signature=(base64:SIG|FILE). However,
the previous format is maintained and a warning is logged.
Anita Zhang [Thu, 14 Jan 2021 08:17:41 +0000 (00:17 -0800)]
systemctl-edit: Add missing ret_dropin_paths argument in retry path
find_paths_to_edit() makes 2 calls to unit_find_paths(), one of which is
a retry client-side. ret_dropin_paths should be passed the same in
both cases.
Anita Zhang [Thu, 14 Jan 2021 08:02:09 +0000 (00:02 -0800)]
systemctl-edit: fix abort in find_paths_to_edit()
After 85c5d313b5c92115f5c77663e736bcf21e99f02f, if you, for example,
create a drop-in for -.slice without a corresponding -.slice file, you will
get the following:
# put some valid stuff in /etc/systemd/system/-.slice.d/override.conf
[root@image ~]# systemctl daemon-reload
[root@image ~]# systemctl edit -- -.slice
Assertion 'path' failed at src/systemctl/systemctl-edit.c:425, function
find_paths_to_edit(). Aborting.
Aborted
The aforementioned commit sets the ret_dropin_paths argument for
unit_find_paths(). Thus, unit_find_paths() returns 1 in the example above
because it finds a relevant drop-in. However find_paths_to_edit() was written
to expect 1 only if the unit file itself exists (it does not in this example).
To make this behave more like the version of `systemctl edit` prior to
this commit, add an additional check so the code enters the
"unit file not found" code branch.
Daan De Meyer [Thu, 14 Jan 2021 18:33:42 +0000 (19:33 +0100)]
mkosi: Only reset file permissions when $SRCDIR is not a mountpoint
If $SRCDIR is mounted into the build image (via mkosi overrides),
let's not reset the permissions fo the source tree so as to not
modify the original files on the host.
In the other error paths unit_file_find_fragment() doesn't log beyond
debug level, i.e. is of the non-logging library-like kind. Make sure
this error path is handled the same, so that the caller can log.
krissgjeng [Wed, 13 Jan 2021 23:08:36 +0000 (00:08 +0100)]
hwdb: add Cube Mix Plus (i18B) rotation info
Added Cube Mix Plus (i18B) Rotation information.
Also Combined the sensor lines with the different Cube i7 stylus models because they use the same ACCEL_MOUNT_MATRIX
Josh Triplett [Wed, 30 Dec 2020 23:11:30 +0000 (15:11 -0800)]
Add install-sysconfdir=no-samples option for (non-)installation of sample configs
By default, systemd installs various sample configuration files
containing commented-out defaults. Systems seeking to minimize the
number of files in /etc may wish to install directories and
configuration files that have semantic effects, but not install not
commented-out sample configuration files.
Turn install-sysconfdir into a multi-valued option, with a "no-samples"
value to skip installing sample-only configuration files.
Kairui Song [Tue, 12 Jan 2021 16:04:53 +0000 (00:04 +0800)]
initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs
Sometimes, non-ramfs initrd root are useful. Eg, for kdump, because
initramfs is memory consuming, so mount a compressed image in earlier
initrd, chroot into it then let systemd do the rest of job is a good
solution.
But systemd doesn't recognize the initrd environment if rootfs is not a
temporary fs. This is a reasonable check, because switch-root in initrd
will wipe the whole rootfs, will be a disaster if there are any
misdetect.
So extend SYSTEMD_IN_INITRD environment variable, now it accepts boolean
value and two extra keyword, "auto" and "lenient". "auto" is same as
before, and it's the default value. "lenient" will let systemd bypass
the rootfs check.