Ideally, we'd read back what we wrote, but that would have been
much more complicated. But just writing stuff is useful to test under
valgrind or manually.
journal,homectl: unify implementations of libqrencode loading and fss key printing
We had two of each: both homectl and journalctl had the whole dlopen()
wrapper, and journalctl had two implementations (slightly different) of the
code to print the fss:// pattern.
print_qrcode() now returns -EOPNOTSUPP when compiled with qrcode support. Both
callers ignore the return value, so this changes nothing.
Jonathan Lebon [Tue, 20 Oct 2020 20:30:20 +0000 (16:30 -0400)]
units: add initrd-cryptsetup.target
For encrypted block devices that we need to unlock from the initramfs,
we currently rely on dracut shipping `cryptsetup.target`. This works,
but doesn't cover the case where the encrypted block device requires
networking (i.e. the `remote-cryptsetup.target` version). That target
however is traditionally dynamically enabled.
Instead, let's rework things here by adding a `initrd-cryptsetup.target`
specifically for initramfs encrypted block device setup. This plays the
role of both `cryptsetup.target` and `remote-cryptsetup.target` in the
initramfs.
Then, adapt `systemd-cryptsetup-generator` to hook all generated
services to this new unit when running from the initrd. This is
analogous to `systemd-fstab-generator` hooking all mounts to
`initrd-fs.target`, regardless of whether they're network-backed or not.
Chandradeep Dey [Sun, 18 Oct 2020 09:59:40 +0000 (15:29 +0530)]
homed: remove PAM_USER_UNKNOWN test in pam_sm_acct_mgmt
Why this change
---------------
Assumption - PAM's auth stack is properly configured.
Currently account pam_systemd_home.so returns PAM_SUCCESS for non
systemd-homed users, and a variety of return values (including
PAM_SUCCESS) for homed users.
account pam_unix returns PAM_AUTHINFO_UNAVAIL for systemd-homed
users, and a variety of return values (including PAM_AUTHINFO_UNAVAIL)
for normal users.
No possible combination in the pam stack can let us preserve the
various return values of the modules. For example, the configuration
mentioned in the manpage causes account pam_unix to never be reached
since pam_systemd_home just returns a success for ordinary users. Users
with expired passwords are allowed to log in because a check cannot be
made.
More configuration examples and why they don't work are mentioned
in #16906 and the downstream discussion linked there.
After this change
-----------------
account pam_unix will continue to return wrong value for homed users.
But we can skip the module conditionally using the return value from
account pam_systemd_home. We can already do this with the auth and
password modules.
test-mountpoint-util: run test in private mount namespace
This creates a private mount namespace for test-mountpint-util, with all
propagation from the host turned off. This gives us the guarantee that
/proc/self/mountinfo remains fixed and constant while we operate,
removing potential races against other unrelated stuff running on the
system that changes the mount table.
Prompted-by: #17050
(I doubt this actually fixes 17050, this is mostly to make sure that we
aren't possibly affected by such races in our test)
Failed to enter shared memory directory multipath: Permission denied
→
Failed to enter shared memory directory /dev/shm/multipath: Permission denied
When looking at nested directories, we will print only the final two elements
of the path. That is still more useful than just the last component of the
path. To print the full path, we'd have to allocate the string, and since the
error occurs so very rarely, I think the current best-effort approach is
enough.
So far we didn't allow empty properties, but it makes sense to do so, for
example to distinguish empty data from lack of data. It also makes it easy to
override properties (back to the empty) value for specific cases.
bootctl: add @current/@oneshot/@default targets to set-default/set-oneshot
Using `bootctl set-default @current` will set the default loader entry
to the currently booted entry as read from the `LoaderEntrySelected` EFI
variable.
Also `bootctl set-oneshot @current` will set the oneshot loader entry to
the current booted entry.
Correspondingly `@default` and `@oneshot` can be used to read from the
LoaderEntryDefault and LoaderEntryOneshot EFI variables.
Frantisek Sumsal [Tue, 20 Oct 2020 09:22:50 +0000 (11:22 +0200)]
semaphore: try to use different keyservers
Recently the Semaphore CI started to fail pretty much constantly due to
GPG key verification fails. After a quick search this is a pretty common
issue with the Ubuntu keyserver in the last month. To make this,
hopefully, a bit more stable, let's use a few different keyservers in
case some of them fail.
By making them unsigned comparing them with other sizes is less likely
to trigger compiler warnings regarding signed/unsigned comparisons.
After all sizes (i.e. size_t) are generally assumed to be unsigned, so
these should be too.
The properties are not unquoted by udev, so the quotes effectively became part
of the value.
Even though those properties were added quite a while ago
(086c001e29a86287d7b639cb71d1fc6408920c53, d7d31692bf7cde5dce7f4ed3cae429a5b302a9f0), they never started being used
(because of issues with having multiple layouts), see
https://gitlab.gnome.org/GNOME/mutter/-/issues/906,
https://bugzilla.gnome.org/show_bug.cgi?id=775681.
Let's remove the quotes while we still can.
From https://bugzilla.gnome.org/show_bug.cgi?id=775681#c7:
> Note to self: the values for XKB_FIXED_LAYOUT and XKB_FIXED_VARIANT are
> quoted, meaning that we need to remove the quotes before passing the values
> from udev_device_get_property_value() to xkb_keymap_new_from_names()
> otherwise the compilation of the keymap fails (please don't ask how I found
> out...)
Yu Watanabe [Tue, 20 Oct 2020 06:26:51 +0000 (15:26 +0900)]
network: copy multipath route element earlier
`route_get()` compares input with existing routes, however previously,
the input may did not have information about gateway. So, the
comparison result might be incorrect, and the foregoing set_put() might
return -EEXIST.
Felix Riemann [Mon, 19 Oct 2020 16:54:53 +0000 (18:54 +0200)]
update-done: Do not fail with read-only /etc or /var
With the switch from log_debug() to log_debug_errno() in commit c413bb28df
systemd-update-done would fail without any error message if /etc
or /var were read-only. This restores the previous behaviour to
silently ignore these directories again.
Harald Seiler [Sun, 6 Sep 2020 19:43:57 +0000 (21:43 +0200)]
units: order systemd-random-seed.service before first-boot-complete.target
Ensure that systemd-random-seed.service has completed before marking
a first boot as completed to guarantee that a saved seed will only be
used after it has been initialized at least once.
Harald Seiler [Sun, 6 Sep 2020 19:23:36 +0000 (21:23 +0200)]
units: order systemd-firstboot.service before first-boot-complete.target
Make sure systemd-firstboot completes before reaching first-boot-complete.target
and thus marking the first boot as completed. This way, it is
guaranteed that systemd-firstboot has a chance to complete provisioning
at least once, even in cases of the first boot getting aborted early.
Harald Seiler [Sun, 6 Sep 2020 19:23:36 +0000 (21:23 +0200)]
units: add first-boot-complete.target for first boot ordering
Add a new target for synchronizing units that wish to run once during
the first boot of the system. The machine-id will be committed to disk
only after the target has been reached, thus ensuring that all units
ordered before it had a chance to complete.
Harald Seiler [Sun, 6 Sep 2020 19:35:33 +0000 (21:35 +0200)]
machine-id-setup: sync before committing machine-id
sync() before committing a transient machine-id to disk. This will
ensure that any filesystem changes made by first-boot units will have
been persisted before the first boot is marked as completed.
Harald Seiler [Sun, 6 Sep 2020 19:23:36 +0000 (21:23 +0200)]
core: keep machine-id transient until first boot completes
Currently, a loss of power after the machine-id was written but before
all units with ConditionFirstBoot=yes ran would lead to the next boot
finding a valid machine-id, thus not being marked first boot and not
re-running these units.
To make the first boot mechanism more robust, instead of writing
/etc/machine-id very early, fill it with a marker value "uninitialized"
and overmount it with a transiently provisioned machine-id. Then, after
the first boots completes (when systemd-machine-id-commit.service runs),
write the real machine-id to disk.
This mechanism is of course only invoked on first boot. If a first boot
is not detected, the machine-id is handled as previously.
Harald Seiler [Sun, 6 Sep 2020 19:23:36 +0000 (21:23 +0200)]
dissect-image: support "uninitialized" machine-id
If the first boot was aborted, /etc/machine-id might read as
"uninitialized" in some cases. Add a separate case for this
instead of printing a confusing error message.
When systemd-repart runs from initramfs, it reads out /etc/machine-id
from the rootfs as a seed for partition UUIDs. However, the machine-id
could be in an "uninitialized" state from a previous failed first boot.
In this situation the -ENOMEDIUM code-path (no machine-id set) should be
taken.
Harald Seiler [Thu, 15 Oct 2020 19:22:15 +0000 (21:22 +0200)]
nspawn: robustly deal with "uninitialized" machine-id
When nspawn starts an image, this image could be in any state, including
an aborted first boot. For this case, it needs to correctly handle the
situation like there was no machine-id at all.
Harald Seiler [Sun, 6 Sep 2020 19:23:36 +0000 (21:23 +0200)]
id128: add format which treats "uninitialized" like an empty id
Add a new ID128_PLAIN_OR_UNINIT format which treats the string
"uninitialized" like the file was empty and return -ENOMEDIUM. This
format should be used when reading an /etc/machine-id file from an image
that is not currently running.
https://www.freedesktop.org/wiki/Software/systemd/multiseat/ says that it
is obsoleted by sd-login(3), so it doesn't make much sense to link to the former.
p itself is never null. Because of this, we would always
call sd_notify() in cleanup, even though the intention was to only
call it if notify_start() was executed.
Harald Seiler [Sun, 6 Sep 2020 19:23:35 +0000 (21:23 +0200)]
core: treat "uninitialized" in /etc/machine-id as first boot as well
When /etc/machine-id contains the string "uninitialized" instead of
a valid machine-id, treat this like the file was missing and mark this
boot as the first (-> units with ConditionFirstBoot=yes will run).
The proc-sys-fs-binfmt_misc.mount unit should not be enabled by
preset-all because it should only be used as fallback in case
proc-sys-fs-binfmt_misc.automount cannot be used on a system. In these
cases it should be enabled manually by an administrator.
Michal Sekletár [Mon, 19 Oct 2020 08:56:11 +0000 (10:56 +0200)]
udev/net_id: parse _SUN ACPI index as a signed integer
Negative value means there is no match between a PCI device and any of
the slots. In the following commit we will extend this and value of 0
will indicate that there is a match between some slot and PCI device,
but that device is a PCI bridge.
Luca Boccassi [Fri, 16 Oct 2020 12:20:45 +0000 (13:20 +0100)]
test: fix TEST-50-DISSECT build on Ubuntu CI
Ubuntu CI's just got the dependencies require dto run this test added,
and it seems the build is different enough from other platforms
that it fails to create the required directories:
cp: cannot create regular file '/var/tmp/systemd-test.JJMOBY/minimal/usr/lib/os-release': No such file or directory
Luca Boccassi [Fri, 16 Oct 2020 16:58:52 +0000 (17:58 +0100)]
Block TEST-50-DISSECT on Ubuntu CI temporarily
It looks like we need to do some whack-a-mole before it will fully pass,
so disable for now. It was skipped until today anyway due to missing
dependencies.
let's add informational logging about each client requested signal
sending. While we are at, let's beef up error handling/log messages in
this case quite a bit: let's log errors both to syslog and report errors
back to client.
No functional change is intended.
The general pattern of changes:
-usb:v04F3p2B7C*
+usb:v04F3p2B7C:*
This is mostly a clarification, to make the part that makes the usb vXXXXpYYYY
part visually separated. It would only make a difference if we added further
keys with a different number of digits, which is unlikely.
-usb:v0627p0001:*QEMU USB Keyboard*
-usb:v0627p0001:*QEMU USB Mouse*
-usb:v0627p0001:*QEMU USB Tablet*
+usb:v0627p0001:*QEMU USB Keyboard*:*
+usb:v0627p0001:*QEMU USB Mouse*:*
+usb:v0627p0001:*QEMU USB Tablet*:*
Again, only a clarification. We know that ":" will appear somewhere later in
the match key, so anything that matches "…Keyboard*" will also match "…Keyboard*:*".
-evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnASUSTeKComputerInc.:pnN53SV*
+evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnASUSTeKComputerInc.:pnN53SV:*
This makes the match narrower. Previously we would match product "N53SV"
and "N53SV2", "N53SV3", and others. Here we are saying that the ':pn' part must
match exactly. Most of the changes in this patch match this pattern. I made a few
judgement calls and used "pn…*:*" when I wasn't sure if the full pn is included:
-evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*
+evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*:*
-evdev:name:Cypress APA Trackpad ?cyapa?:dmi:*:svnHewlett-Packard*:pnFalco*:
+evdev:name:Cypress APA Trackpad ?cyapa?:dmi:*:svnHewlett-Packard*:pnFalco*:*
This more like the "QEMU" example above, since all dmi strings end in ":", so
anything which matches the old version will also match the new version.
I replaced trailing ":pvr*" by ":*". This makes no functional difference because
we expect "pvr" to always appear in the dmi string. This makes patterns shorter.
OTOH, ":pn*" is kept. This is because almost patterns include ":pn*", and if we
skip it, we should make it clear that this is on purpose, that we really want to
match any product name.
The python script to generate autosuspend rules is updated to use ":*" too.
Inspired by https://github.com/systemd/systemd/pull/17281#discussion_r501489750.
Let's mark the whole /run/host hierarchy as something to ignore by PID 1
for generation of .mount units, i.e. consider it as "extrinsic".
By unifying container mgr supplied resources in one dir it's also easy
to exclude the whole lot from PID1's management inside the container.
This is the right thing to do, since from the payload's PoV these mounts
are just API and not manipulatable as they are established, managed and
owned by the container manager, not the payload.
(While we are it, also add the boot ID mount to the existing list, as
nspawn and other container managers overmount that too, typically, and
it is thus owned by the container manager and not the payload
typically.)
We want to compile the new code in CI without having to explicitly specify
-Doomd=true everywhere. Let's enable it by default, and rely on distros
setting -Dmode=release to not have it enabled by default.