Frantisek Sumsal [Fri, 16 Jun 2023 17:05:57 +0000 (19:05 +0200)]
socket-activate: make a copy of the command name and arguments
When we call safe_fork() with the first argument set (process name), we
call rename_process() that zeroes out saved argv (that was saved by
save_argc_argv() in the main func defined by DEFINE_MAIN_FUNC()). In this
case this means that with --accept both the target executable name and
its arguments will be empty strings:
```
$ systemd-socket-activate --accept --listen 1111 cat &
Listening on [::]:1111 as 3.
$ curl localhost:1111
Communication attempt on fd 3.
Connection from 127.0.0.1:52948 to [::ffff:127.0.0.1]:1111
Spawned cat (cat) as PID 10576.
Execing ()
Failed to execp (): No such file or directory
Child 10576 died with code 1
curl: (56) Recv failure: Connection reset by peer
```
Let's make a copy of the necessary arguments beforehand and use it
instead to fix this.
Kiran Vemula [Fri, 16 Jun 2023 12:04:37 +0000 (17:34 +0530)]
resolved: Initialize until_valid while storing negative/NXDOMAIN response in the cache
Initialize until_valid is properly for negative response, the cached negative responses can be used to answer the queries before contacting upstream server.
Frantisek Sumsal [Fri, 16 Jun 2023 15:03:27 +0000 (17:03 +0200)]
journal-gatewayd: make MHD_OPTION_EXTERNAL_LOGGER the first option
To get rid of the warning on gatewayd startup:
microhttpd: MHD_OPTION_EXTERNAL_LOGGER is not the first option
specified for the daemon. Some messages may be printed by the
standard MHD logger.
Luca Boccassi [Thu, 15 Jun 2023 17:54:56 +0000 (18:54 +0100)]
portable: fix silly typo in D-Bus interface name
D'oh. Nobody noticed in 3 years, I guess nobody calls these directly
and instead the manager's methods are used. Still we'll have to keep
this around, so just hide it.
Kiran Vemula [Thu, 8 Jun 2023 13:12:11 +0000 (18:42 +0530)]
resolved: added serve stale feature implementation of RFC 8767
serve stale feature to keep the DNS resource records beyond TTL to return them as stale records in case of upstream server is not reachable or returns negative response.
SD_RESOLVED_NO_STALE flag has been added to disable serving stale records via dbus.
added serve stale test cases to TEST-75-RESOLVED Fixes: #21815
Yu Watanabe [Thu, 15 Jun 2023 20:55:58 +0000 (05:55 +0900)]
networkd-test.py: do not query IPv6 address
From changelog of dnsmasq v2.87:
====
Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
====
licunlong [Wed, 24 May 2023 03:45:31 +0000 (11:45 +0800)]
core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout
When dbus is overloaded, these messages are easily timedout,
systemd may kill dbus-type service by mistake. This PR
mitigates this problem by increasing the timeout to the
unit's start timeout.
наб [Thu, 15 Jun 2023 13:04:32 +0000 (15:04 +0200)]
find-esp: fix XBOOTLDR stx_dev_major=0 and not btrfs fix
The original commit is fully correct in its analysis, description, and
mechanics, but the patch changes an identical condition around line 500
(find_esp_and_warn()), instead of line 800 (find_xbootldr_and_warn()).
The internal patch I distributed to testers was correct (L800), and
neither the reviewers, nor me, caught that I wrote the wrong line for
upstream submission. I've re-checked that this patch applied to
systemd 252.11-1 fixes the issue.
Keep the -ENOTTY condition for find_esp_and_warn(), since the conditions
are clearly supposed to be the same and similar semantics apply.
Fixes: commit ed89819f8fd7bfe99cd652082076e85e1417e4e9 ("find-esp: don't
silently error bootctl install if presumed XBOOTLDR part is
stx_dev_major=0 but not btrfs")
This adds two things: a note to the --help text that people use the
relevant systemctl commands instead (as they are a lot more powerful,
for example give you inhibitor and boot loader control, kexec, and so
on). And a note to developers that they stop adding new stuff to the
compat interfaces.
Yu Watanabe [Thu, 15 Jun 2023 05:00:09 +0000 (14:00 +0900)]
kernel-install: skip to read /etc/machine-info in test
We do not provide any way to override /etc/machine-info.
As the file is deprecated in kernel-install, let's skip to read it when
we test kernel-install.
Henrik Holst [Thu, 15 Jun 2023 04:32:10 +0000 (06:32 +0200)]
network: make degraded-carrier bond/bridge as routable (#27776)
This makes a bond or bridge interface in the degraded-carrier state but has a routable address
handled as routable operational state.
If the carrier is degraded but the address state is routable then the operational state should be
seen as routable and not degraded because that may be the case for bonds if some of the links are down,
but when that happens the bond as whole is still routable.
This also makes operational state to degraded if address state is degraded even if the link state is
degraded-carrier.
Frantisek Sumsal [Wed, 14 Jun 2023 18:14:25 +0000 (20:14 +0200)]
test: exit on first failing subtest
Let's take a step back and revert back to the original behavior where we
exit on a first failing subtest. The current behavior makes fishing out the
failing test details quite unpleasant, and in certain situations the
journal may even be rotated away so we end up with no actionable logs.
Daan De Meyer [Wed, 14 Jun 2023 08:27:22 +0000 (10:27 +0200)]
mkfs-util: Hide /proc/self/mounts before running mkfs
mkfs.btrfs refuses to operate on a block device with mounted
partitions, even if doing so is perfectly safe. An example when
this happens is when using systemd-repart with it's --image switch
to add a root partition to a /usr only image. As a workaround until
the issue is fixed, let's hide the information on mounted filesystems
from mkfs.btrfs so it doesn't fail and formats the new filesystem as
expected.
bootctl: warn if the ESP random seed is stored on a world-readable dir
This takes heavy inspiration from @zx2c4 (Jason A. Donenfeld)'s
PR #25531 but changes it considerably, but always going by fd instead of
paths, and only warning about the side file itself and the ESP mount
point, nothing else. This shuld be more than enough and should not be
brittle against concurrent path modifications.
The idea is to make it easy to generate all the signing key and certs
that can be used for local signing. The verb is the modeled after
'mkosi genkey', but there are some important differences: we generate
the keys to the paths where they will be read from, both pcr signing
keys and the SecureBoot certificate+key.
If any of the outputs exist, operation is refused. Maybe we could add a
--force option in the future, but this operation should be rare, so I think
it's better to refuse to overwrite anything initially.
I'm only doing a token man page change here.
https://github.com/systemd/systemd/pull/27621 reworks the man page,
and the changes done here would conflict heavily with that work. I'll
submit a follow-up patch later.
tree-wide: when in doubt use greek small letter mu rather than micro symbol
Doesn't really matter since the two unicode symbols are supposedly
equivalent, but let's better follow the unicode recommendations to
prefer greek small letter mu, as per:
time-util,socket: accept both kinds of unicode µ symbols
Apparently there are two µ symbols, accept both when parsing.
One is the greek small letter mu (μ) the other is the micro sign (µ).
Unicode recommendation considers both equivalent, and says use of greek
small letter mu is preferred. See:
Yu Watanabe [Fri, 13 Jan 2023 04:25:43 +0000 (13:25 +0900)]
udev-node: optimize device node symlink creation
If multiple devices requested the same device node symlink with the same
priority, then previously we read O(N^2) of files saved in
/run/udev/links.
This makes if the requested symlink already exists with equal or higher
priority, then the symlink is kept, and skip to read all existing files,
except for one related to the current device node, in /run/udev/links.
Hence, the total amount of file read becomes O(N).
This improves performance of testcase_simultaneous_events_2 added by the
previous commit about 30%.
Before (32.8 sec):
```
## 3 iterations start: 11:13:44.690953163
## 3 iterations end: 11:14:17.493974927
```
After (23.8 sec):
```
## 3 iterations start: 11:17:53.869938387
## 3 iterations end: 11:18:17.624268345
```
This is based on the idea and analysis by Franck Bui.
Daan De Meyer [Tue, 13 Jun 2023 13:52:03 +0000 (15:52 +0200)]
repart: Store dm_name in DecryptedPartitionTarget
This means we don't have to do a fallible allocation in the
DecryptedPartitionTarget destructor. Also use log_warning_error_errno()
for the failure we ignore in the destructor.
Daan De Meyer [Thu, 8 Jun 2023 15:50:05 +0000 (17:50 +0200)]
mkosi: Remove explicit /testok check
vsock should work properly after the latest release of mkosi. But
to make sure it works, let's exit with 123 in case of success and
check for that in Github Actions.
Daan De Meyer [Tue, 13 Jun 2023 08:26:00 +0000 (10:26 +0200)]
sd-daemon: Add vsock fallback to SOCK_STREAM
SOCK_SEQPACKET is only supported on recent kernels. Let's add a
fallback to SOCK_STREAM if it is not supported.
To accomodate SOCK_STREAM, we also modify
pid_notify_with_fds_internal() to do sendmsg() in a loop as with
SOCK_STREAM, sendmsg() is not guaranteed to write all data in a single
syscall or fail otherwise.
projects / thirdparty / systemd.git / log
