Jian Zhang [Fri, 2 Dec 2022 12:08:38 +0000 (20:08 +0800)]
network: Fix set bond device MAC address failed
Issue:
When device is in bond mode and booting up, there is a probability of
set bond MAC address failed due to `Device or resource busy` error.
In systemd-networkd, set MAC address steps are:
1. Try to set MAC address to device.
2. If failed with `Device or resource busy`, then `Down` the device.
3. Try to set MAC address to device again.
Currently, Even down the bond device, the bond device is still return
`Device or resource busy` error. So the MAC address set failed.
The root cause is that this not enough to down the bond device. We need
to down all the slaves of the bond device.
About this descprition, we could use those commands to check:
```shell
We have two network devices: eth0, bond1, eth0 is slave of bond1.
They are all up.
1. Down bond1, and set MAC address to bond1.
~# ip link set bond1 down
~# ip link set bond1 address 00:11:22:33:44:55
ip: SIOCSIFHWADDR: Device or resource busy
2. Down eth0, and set MAC address to bond1.
~# ip link set eth0 down
~# ip link set bond1 address 00:11:22:33:44:55
Set okay.
```
Fix:
When setting the mac for the second time, if the device kind is bond,
then we need to down the slave devices of bond device.
Tested: Verified in a long time test( reboot cycles ).
test: check if we can use SHA1 MD for signing before using it
Some distributions have started phasing out SHA1, which breaks
the systemd-measure test case in its current form. Let's make sure we
can use SHA1 for signing beforehand to mitigate this.
Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:
```
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem"
...
openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem"
writing RSA key
/usr/lib/systemd/systemd-measure sign --current --bank=sha1 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem"
Failed to initialize signature context.
```
Daan De Meyer [Fri, 2 Dec 2022 09:44:56 +0000 (10:44 +0100)]
mkosi: Drop explicit Format=
Once mkosi migrates to systemd-repart, only "disk" will be supported
for making disk images with mkosi and the filesystem will have to be
specified in repart partition definition files. To accomodate this
change, let's remove the explicit Format= assignment which means we'll
default to a disk image with ext4 until we add our own mkosi.repart/
directory.
When an outdated address or route is passed to link_request_address()/route(),
then they return 0 and the address or route will not be assigned. Such
situation can happen when we receive RA with zero lifetime. In that
case, we should not unset Link.ndisc_configured flag, otherwise even
no new address nor route will assigned, the interface will enter to the
configuring state, and unnecessary DBus property change is emit and the state
file will be updated. That makes resolved or timesyncd triggered to
reconfigure the interface.
dissect-image: probe file system via main block device fd/image file fd
let's make sure we can probe file systems also when unprivileged:
instead of probing the partition block devices for file system
signatures, let's go via the original "whole" fd.
libblkid makes this easy actually, as it allows us to specify the
offset/size of the area to probe. And we have the partition
offsets/sizes anyway, so it's trivial for us to make use of.
This thus enables fs probing also when lacking privs and operating on
naked regular files without loopback devices or anything like this.
test-loop-block: let's explicitly flush buffer cache on whole block device
Let's explicitly flush the kernel's buffer cache on the whole block
device once we ran "mkfs". This is necessary, because partition and
whole block devices maintain separate buffer caches, and thus writing
to one will not be visible on the other if cached there already, until
the latter's cache is explicitly flushed.
This is preparation for later adding support for probing file sytems
also if we have no open partition block devices, and hence want to use
the whole block device instead.
test-loop-block: also test dissection without ADD/PIN of partition block devices
Let's extend the test further, and try the codepaths where we do not
pin/add the partition block devices (i.e. which is the codepaths we use
when running without privs)
blkid-util: define enum for blkid_do_safeprobe() return values
libblkid really should define an enum for this on its own, but it
currently doesn't and returns literal numeric values. Lets make this
more readable by adding our own symbolic names via an enum.
Daan De Meyer [Wed, 30 Nov 2022 16:04:14 +0000 (17:04 +0100)]
repart: Ignore copy failures for unsupported file types
e.g. vfat doesn't support symlinks, sockets, fifos, etc so let's ignore
any copy failures related to unsupported file types when populating
filesystems.
Curently, these two flags were implied by dissect_loop_device(), but
that's not right, because this means systemd-gpt-auto-generator will
dissect the root block device with these flags set and that's not
desirable: the generator should not cause the partition devices to be
created (we don't intend to use them right-away after all, but expect
udev to find/probe them first, and then mount them though .mount units).
And there's no point in opening the partition devices, since we do not
intend to mount them via fds either.
Hence, rework this: instead of implying the flags, specify them
explicitly.
While we are at it, let's also rename the flags to make them more
descriptive:
DISSECT_IMAGE_MANAGE_PARTITION_DEVICES becomes
DISSECT_IMAGE_ADD_PARTITION_DEVICES, since that's really all this does:
add the partition devices via BLKPG.
DISSECT_IMAGE_OPEN_PARTITION_DEVICES becomes
DISSECT_IMAGE_PIN_PARTITION_DEVICES, since we not only open the devices,
but keep the devices open continously (i.e. we "pin" them).
Also, drop the DISSECT_IMAGE_BLOCK_DEVICE combination flag, since it is
misleading, i.e. it suggests it was appropriate to specify on all
dissected blocking devices, but that's precisely not the case, see the
systemd-gpt-auto-generator case. My guess is that the confusion around
this was actually the cause for this bug we are addressing here.
Ray Strode [Wed, 30 Nov 2022 19:07:29 +0000 (14:07 -0500)]
terminal-util: Set OPOST when setting ONLCR
reset_terminal_fd sets certain minimum required terminal attributes
that systemd relies on.
One of those attributes is `ONLCR` which ensures that when a new line
is sent to the terminal, that the cursor not only moves to the next
line, but also moves to the very beginning of that line.
In order for `ONLCR` to work, the terminal needs to perform output
post-processing. That requires an additional attribute, `OPOST`,
which reset_terminal_fd currently fails to ensure is set.
In most cases `OPOST` (and `ONLCR` actually) are both set anyway, so
it's not an issue, but it could be a problem if, e.g., the terminal was
put in raw mode by a program and the program unexpectedly died before
restoring settings.
This commit ensures when `ONLCR` is set `OPOST` is set too, which is
the only thing that really makes sense to do.
Daan De Meyer [Wed, 30 Nov 2022 16:01:09 +0000 (17:01 +0100)]
copy: Add COPY_GRACEFUL_WARN
When copying between filesystems, sometimes the target filesystem
might not support symlinks/fifos/sockets/... and we want to log and
ignore any failures to copy such files when copying. Let's introduce
a new flag to enable this behavior.
Frantisek Sumsal [Wed, 30 Nov 2022 15:13:19 +0000 (16:13 +0100)]
test: give the container time to properly shut down on exception
Otherwise the `terminate()` method sends SIGKILL rather quickly (~0.3s),
which then leaves a dangling scope on the host system, breaking further
test executions.
Nick Rosbrook [Mon, 28 Nov 2022 16:13:08 +0000 (11:13 -0500)]
oomd: only check prefix_uid when uid != 0
If the cgroup is owned by root there is no need to get prefix_uid. Only
check prefix_uid when uid != 0, and then set MANAGED_OOM_PREFERENCE_NONE
and return early if uid != prefix_uid.
units: change Requires=systemd-networkd.service → BindsTo= one more time
Follow-up for da15f8406e9aeb7908e1d92c02d2ff5147c7788a which did the
change for systemd-networkd-wait-online.service, let's also do this for
systemd-networkd-wait-online@.service
This is a wrapper around fd_reopen() that will reopen an fd if the
F_GETFL flags indicate this is necessary, and otherwise not.
This is useful for various utility calls that shall be able to operate
on O_PATH and without it, and might need to convert between the two
depending on what's passed in.
Jan Janssen [Sun, 27 Nov 2022 12:56:18 +0000 (13:56 +0100)]
boot: Only do full driver initialization in VMs
Doing the reconnect dance on some real firmware creates huge delays on
boot. This should not be needed anymore as we now ask the firmware to
make console devices and xbootldr partitions available explicitly in a
more targeted fashion.
Joerg Behrmann [Wed, 23 Nov 2022 15:43:19 +0000 (16:43 +0100)]
kernel-install: Add uki layout
Currently the kernel-install man page only documents the bls layout for use
with the boot loader spec type #1. 90-loaderentry.install uses this layout to
generate loader entries and copy the kernel image and initrd to $BOOT.
This commit documents a second layout "uki" and adds 90-uki-copy.install,
which copies a UKI "uki.efi" from the staging area or any file with the .efi
extension given on the command line to
$BOOT/EFI/Linux/$ENTRY_TOKEN-$KERNEl_VERSION(+$TRIES).efi
This allows for both locally generated and distro-provided UKIs to be handled
by kernel-install.
Nick Rosbrook [Tue, 22 Nov 2022 17:50:33 +0000 (12:50 -0500)]
test: handle Debian's /etc/default/locale in testsuite-74.firstboot.sh
This handles a Debian-specific quirk where /etc/default/locale is used
instead of /etc/locale.conf. There is currently special handling for
this in testsuite-73.sh, so the quirk should be handled here too for
consistency.
Daan De Meyer [Wed, 23 Nov 2022 11:00:01 +0000 (12:00 +0100)]
repart: Prefer using loop devices to populate filesystems when available
Let's make sure we use loop devices if we have access to them and
only fall back to regular files if we can't use loop devices. We
prefer loop devices because when using mkfs --root options, we have
to populate a temporary staging tree which means we're copying every
file twice instead of once when using loop devices.
projects / thirdparty / systemd.git / log
