We went back-and-forth a bit on this. Very old meson would print a message
about detecting the program if a quoted argument was used, leading to a lot of
noise. So we started to convert various places to use the variable, but then it
turned out that meson < 0.56.2 doesn't handle this correctly and we reverted to
using strings everywhere in 7c22f07cbd86b39e78990057687e5509fa299672. Then at
some point we stopped supporting old meson and over time we started using the
variable in various places again, somewhat inconsistently. Then most calls to
'sh' were removed in 9289e093ae6fd5484f9119e1ee07d1dffe37cd10 when
install_emptydir() builtin started being used.
Now meson allows either the string or variable to be used, and doesn't print a
message if the string is used. Let's use the variable everywhere. For 'sh', we
could do either, but for other variables, we _do_ want the detection to happen,
for example for git, find, awk, which might not be installed and we want to
detect that early, before we start the build. It would be ugly to use quotes
for some programs, but not for others. Also, a string is still refused for
test(), so we couldn't use the string version even if we didn't care about
detection.
Jan Janssen [Thu, 10 Aug 2023 16:11:25 +0000 (18:11 +0200)]
meson: Drop skip-deps option
Now that we use meson feature options for our dependencies, we can just
rely on '--auto-features=disabled' to do the same. One benefit of this
is that specific features can still be force-enabled by overriding it
with the appropriate '-Dfeature=enabled' flag.
The two remaining uses for skip-deps can simply rely on their default
logic that sets the value to 'no' when the dependency is disabled.
Jan Janssen [Thu, 10 Aug 2023 13:16:56 +0000 (15:16 +0200)]
meson: Convert dbus to meson feature
Also, there is no need to conditionalize the get_variable() calls
because not-found dependencies will just return the passed default value
if provided.
Jan Janssen [Wed, 9 Aug 2023 17:52:57 +0000 (19:52 +0200)]
meson: Convert options to meson features (find_library fallback)
This uses a two-step approach to make sure we can fall back to
find_library(), while also skipping the detection if the features are
explicitly disabled.
Jan Janssen [Wed, 9 Aug 2023 16:07:19 +0000 (18:07 +0200)]
meson: Convert fidsk to meson feature
By making this a disabler dependency, we can slightly simplify the code
and it als fixes the build for -Dfdisk=disabled as we failed to create a
fallback empty libshared_fdisk variable.
Jan Janssen [Wed, 9 Aug 2023 16:15:29 +0000 (18:15 +0200)]
meson: Use feature options
By using meson features we can replace the handcrafted dependency
auto-detection by just passing the value from get_option directly to the
required arg for dependency, find_library etc.
'auto' features make the dependency optional, 'enabled' requires it
while 'disabled' features will skip detection entirely.
Any skipped or not found dependency will just be a no-op when passed to
build steps and therefore we can also skip the creation of empty vars.
The use of skip_deps for these is dropped here as meson provides a way
to disable all optional features in one go by passing
'-Dauto_features=disabled'.
networkd: Add T1 and T2 DHCPv6 options to expose in dbus API
Include T1 and T2 DHCPv6 options to expose in dbus API.
Introduced new field DHCPv6lease where these options are
added. This will be added to the JSON output when we query
org.freedesktop.network1.Manager object.
A Lifetime of 0 indicates that the router is not a default router anymore
and associated default route should be discarded from host's routing table.
https://datatracker.ietf.org/doc/html/rfc4861
```
Router Lifetime
16-bit unsigned integer. The lifetime associated
with the default router in units of seconds. The
field can contain values up to 65535 and receivers
should handle any value, while the sending rules in
Section 6 limit the lifetime to 9000 seconds. A
Lifetime of 0 indicates that the router is not a
default router and SHOULD NOT appear on the default
router list. The Router Lifetime applies only to
the router's usefulness as a default router; it
does not apply to information contained in other
message fields or options. Options that need time
limits for their information include their own
lifetime fields.
Yu Watanabe [Thu, 10 Aug 2023 04:58:54 +0000 (13:58 +0900)]
core/namespace: reimplement mount_private_sysfs() in the same logic to mount private procfs
Previously, mount_private_sysfs() was implemented by using open_tree()
and move_mount() to keep submounts. But these syscalls are slightly new
and supported since kernel version 5.2.
We already do the same thing for /proc/, but without the new syscalls.
Let's use the same logic to mount private procfs. Then, we can mount
new instance of sysfs with older kernels.
Yu Watanabe [Tue, 22 Aug 2023 13:54:43 +0000 (22:54 +0900)]
bsod: several cleanups
- add reference to the service unit in the man page,
- fix several indentation and typos,
- replace '(uint64_t) -1' with 'UINT64_MAX',
- drop unnecessary 'continue'.
Yu Watanabe [Tue, 22 Aug 2023 07:06:01 +0000 (16:06 +0900)]
network: several follow-ups for TCP-RTO setting
- rename TCPRetransmissionTimeOutSec= -> TCPRetransmissionTimeoutSec,
- refuse infinity,
- fix the input value verifier (USEC_PER_SEC -> USEC_PER_MSEC),
- use DIV_ROUND_UP() when assigning the value.
Yu Watanabe [Sat, 12 Aug 2023 06:18:41 +0000 (15:18 +0900)]
core: do not leak mount for credentials directory if mount namespace is enabled
Since kernel v5.2, open_tree() and move_mount() are added. If a service
loads or sets credentials, then let's try to clone the mount that contains
credentials with open_tree(), then mount it after a (private) mount
namespace is initialized for the service. Then, we can setup a mount for
credentials directory without leaking it to the main shared mount
namespace.
With this change, the credentials for services that request their own
private mount namespace become much much safer. And, the number of mount
events triggered by setting up credential directories can be decreased.
Unfortunately, this does not 'fix' the original issue #25527, as the
reported service does not requests private mount namespace, but the
situation should be better now.
verbs: make a helpful suggestion when user types unrecognized verb
I have been mistyping commands too often myself, and I think the tools
could simply be more helpful, by suggesting to me what I probably wanted
to write. Copy/Paste FTW, after all!
"static inline" makes sense in .h files. But in .c files it's useless
decoration, the compiler should just make its own decisions there, and
it can do that.
hence, replace all remaining uses of "static line" by a simple" static"
in all .c files (but keep them in .h files, where they make sense)
tree-wide: don't ifdef seccomp-util.h, drop seccomp.h inclusion everywhere
seccomp-util.h doesn't need ifdeffing, hence don't. It has worked since
quite a while with HAVE_SECCOMP is off, hence use it everywhere.
Also drop explicit seccomp.h inclusion everywhere (which needs
HAVE_SECCOMP ifdeffery everywhere). seccomp-util.h includes it anyway,
automatically, which we can just rely on, and it deals with HAVE_SECCOMP
at one central place.
seccomp: move seccomp_parse_errno_or_action() into common definitions
Let's remove some HAVE_SECCOMP ifdeffery by simply defining the funcion
in question (seccomp_parse_errno_or_action() + related calls) into
common code that is also compiled if HAVE_SECCOMP is off.
This is generally the better approach anyway, since we want as much as
possible and easily feasible parsers work even if the code implementing
them is disabled. THis is easy to achieve here, hence do.
Luca Boccassi [Wed, 16 Aug 2023 01:00:47 +0000 (02:00 +0100)]
sd-mount: allow creating tmpfs
Mount units can do it, but the command line tool cannot, as it needs a
valid 'what'. If --tmpfs/-T if passed, parse the argument as 'where'
and send a literal 'tmpfs' as the 'what' if not specified.
This metadata (EXTENSION_RELOAD_MANAGER) can be set to "1" to reload the manager
when merging/refreshing/unmerging a system extension image. This can be useful in case the sysext
image provides systemd units that need to be loaded.
With `--no-reload`, one can deactivate the EXTENSION_RELOAD_MANAGER metadata interpretation.
The specs call this TCG PC Client Platform Firmware Profile
Specification says this PCR is owned by the Host Platform Manufacturer,
at various places. Hence let's give it that name.
Daan De Meyer [Wed, 16 Aug 2023 19:22:57 +0000 (21:22 +0200)]
meson: Use rsync to copy test data directories
install_subdir() does not copy symlinks but copies the file they
point to. We also get a very ugly warning in the meson install
output:
"""
Warning: trying to copy a symlink that points to a file. This will copy the file,
but this will be changed in a future version of Meson to copy the symlink as is. Please update your
build definitions so that it will not break when the change happens.
"""
Let's fix both problems at once by using rsync which does the right
thing. Verified by running systemd-dissect --mtree on both the install
output before and after and all the symlinks are now correctly preserved.
David Tardon [Thu, 17 Aug 2023 05:49:35 +0000 (07:49 +0200)]
bus-polkit: don't propagate error from polkit
An error reply from polkit is a valid case and should not be propagated
as failure of async_polkit_callback(). It should only be saved here.
It'll be returned by bus_verify_polkit_async() later, when it's called
for the same method again.