Daan De Meyer [Mon, 18 Mar 2024 15:20:00 +0000 (16:20 +0100)]
mkosi: Install python3-pefile in OpenSUSE image
ukify is part of systemd-experimental on OpenSUSE and not its own
package. Because the OpenSUSE systemd maintainers do not want to
introduce a python dependency for systemd-experimental, we have to
install python3-pefile manually to make sure ukify works properly.
Nick Rosbrook [Fri, 15 Mar 2024 19:14:05 +0000 (15:14 -0400)]
shared/install: correctly install alias for units outside search path
Currently, if a unit file is enabled from outside of the search path,
and that unit has an alias, then the symlink ends up pointing outside of
the search path too. For example:
$ systemctl enable /tmp/a.service
Created symlink /etc/systemd/system/a.service → /tmp/a.service.
Created symlink /etc/systemd/system/b.service → /tmp/a.service.
Created symlink /etc/systemd/system/multi-user.target.wants/a.service → /tmp/a.service.
This then means the alias is treated as a separate unit:
$ systemctl start a.service
$ sudo systemctl status a
● a.service
Loaded: loaded (/etc/systemd/system/a.service; enabled; preset: enabled)
Active: active (running) since Fri 2024-03-15 15:17:49 EDT; 9s ago
Main PID: 769593 (sleep)
Tasks: 1 (limit: 18898)
Memory: 220.0K
CPU: 5ms
CGroup: /system.slice/a.service
└─769593 sleep infinity
Mar 15 15:17:49 six systemd[1]: Started a.service.
$ sudo systemctl status b
○ b.service
Loaded: loaded (/etc/systemd/system/b.service; alias)
Active: inactive (dead)
To fix this, make sure the alias uses a target that is inside the search
path. Since the unit file itself is outside of the search path, a
symlink inside the search path will have been created already. Hence,
just point the alias symlink to that recently created symlink.
Ronan Pigott [Fri, 15 Mar 2024 20:52:30 +0000 (13:52 -0700)]
resolved: wait to gc transactions if they might still give an answer
In some cases when a query completes there are still pending
transactions that are no longer useful to answer the query. But if this
query is repeated in the future and we don't have the answers cached,
we're going to ask and ignore the answer again.
Instead of purging these superfluous transactions, let's wait and see if
they produce an answer, since we already asked the question, and use it
to fill our cache.
Daan De Meyer [Sun, 17 Mar 2024 14:48:25 +0000 (15:48 +0100)]
Switch opensuse packaging specs source url to src.opensuse.org
opensuse's OBS has two git mirrors, code.opensuse.org uses pagure,
src.opensuse.org uses gitea. Let's try src.opensuse.org as pagure
doesn't seem to work properly when more advanced git functionality
is used.
Daan De Meyer [Sun, 17 Mar 2024 11:34:50 +0000 (12:34 +0100)]
tpm2-setup: Add --graceful
Currently the associated units fail if full tpm support is not available
on the system. Similar to systemd-pcrextend, let's add a --graceful option
that exits gracefully if no full TPM support is detected and use it in both
units.
Jörg Behrmann [Sat, 16 Mar 2024 11:53:29 +0000 (12:53 +0100)]
NEWS: style fixes and a few reformulations
- mention the version format spec for sytsemd-vpick
- say what "systemd-creds --user" can be used by unprivileged users as well
- say what importctl does
- use en dash instead of em dash
- add a missing article
Yu Watanabe [Fri, 15 Mar 2024 15:38:06 +0000 (00:38 +0900)]
network: pin file descriptor of persistent storage
This also drop the support of /run/systemd/netif/persistent-storage-ready,
as the file is anyway removed when networkd is stopped.
Let's use $SYSTEMD_NETWORK_PERSISTENT_STORAGE_READY=1 instead on testing.
Luca Boccassi [Thu, 14 Mar 2024 16:52:21 +0000 (16:52 +0000)]
portable: when logging about attaching, include the used profile
Useful information to have in the logs.
Mar 14 16:45:27 H systemd-portabled[510]: Successfully attached ephemeral '/usr/share/minimal_0.raw' and its extension(s) '/usr/share/app0.raw' using profile 'default'
Yu Watanabe [Tue, 12 Mar 2024 08:35:51 +0000 (17:35 +0900)]
network/address: acquire address in address_process_request()
Previously, if an [Address] section is configured with a null address,
e.g. Address=0.0.0.0/24, then we acquired a free address in
link_request_address().
With this commit, we queue a request with the null address as is, and
acquire a free address later in address_process_request(). Similary,
now IPv4ACD daemon is configured in address_process_request().
With this change, we can make the address acquisition depend on other
conditions, e.g. if the persistent storage is ready or not.
Yu Watanabe [Thu, 14 Mar 2024 09:40:14 +0000 (18:40 +0900)]
kbd-util: allow to override the default keymap directories
This introduces $SYSTEMD_KEYMAP_DIRECTORIES environment variable to
override the hardcoded keymap directories.
I think it is not necessary to provide the first class configuration
option for controlling the keymap directories, but it is not good to
hardcode the paths. So, let's introduce an environment variable to
override that.
Yu Watanabe [Thu, 14 Mar 2024 18:12:07 +0000 (03:12 +0900)]
locale: use O_PATH directory fd and faccessat() in find_converted_keymap()
Previously, it is assumed that the paths in KBD_KEYMAP_DIRS are ended
with a slash. But, in the next commit, paths will become controllable by
users, and each path may not be ended with a slash.
This should not change any effective behaviors.
Just refactoring and preparation.
docs: add a new document describing the VM interface of systemd
This mirrors the existing CONTAINER_INTERFACE.md document, but describes
extension points of systemd running in a VM with a machine manager
supervising it.
manager: send an sd_notify() message informing the container manager when systemd's special UNIX signals become available
From the outside it's difficult to determine whether (and when) the PID1
inside a container supports systemd's more complete set of UNIX process
signals or not. Let's make this easier, and simply send a notification
message when we are ready.
This new passive target is supposed to be pulled in by SSH
implementations and should be reached when remote SSH access is
possible. The idea is that this target can be used as indicator for
other components to determine if and when SSH access is possible.
One specific usecase for this is the new sd_notify() logic in PID 1 that
sends its own supervisor notifications whenever target units are
reached. This can be used to precisely schedule SSH connections from
host to VM/container, or just to identify systems where SSH is even
available.
core: notify supervisor over targets we reach, as we reach them
Let's inform the the supervisor about various happenings of our service
manager, specifically the boot milestones we reach.
We so far have only a singular READY=1 message, to inform about bootup
completion. But sometimes it is interesting to have something for
finegrained, in particular something that indicates optional components
that have been activated.
Usecase for this: in a later PR I intend to introduce a generic
"ssh.target" that is supposed to be activated when SSH becomes available
on a host. A supervisor (i.e. a VMM/hypervisor/container mgr/…) can
watch for that, and know two things:
1. that SSH is generally available in the system
2. when it is available
In order to not flood the supervisor with events I only send these out
for target units. We could open this up later, in theory, but I think it
makes sense to tell people instead to define clear milestone target
units if they want a supervisor to be able to track system state.
machine-id-setup: inform supervisor about chosen machine ID
Similar as the previous commit, it's useful for a supervisor to know
what machine ID we settlted on, in particular as various other things
are deterministically derived from it, for example MAC addresses and
such.
hostname-setup: send chosen hostname to supervisor via sd_notify()
once we decided on a hostname, let's tell the supervisor about it. This
is useful for example in order to recognize the system via mDNS/LLMNR or
in a DHCP lease.
Piotr Drąg [Thu, 14 Mar 2024 12:50:12 +0000 (13:50 +0100)]
po: add pkg/debian to POTFILES.skip
Debian packaging includes the exploded tarball, so scripts used to
detect files that should be in POTFILES.in, like intltool-update -m
used on https://l10n.gnome.org/module/systemd/, falsely detect its
files as needed to be translated. Avoid this behavior by putting
the whole submodule in POTFILES.skip.
"Starting Boot Control…" would be a fairly confusing message in the boot logs.
Use "… Service" to mirror what we have in other services like
systemd-{hostnamed,timedated,portabled,machined,…}.service.
We generally don't specify the protocol implementation in unit descriptions.
For journald, we have:
$ git grep Description 'units/*journald*'
units/systemd-journald-audit.socket:Description=Journal Audit Socket
units/systemd-journald-dev-log.socket:Description=Journal Socket (/dev/log)
units/systemd-journald-varlink@.socket:Description=Journal Varlink Socket for Namespace %i
units/systemd-journald.service.in:Description=Journal Service
units/systemd-journald.socket:Description=Journal Sockets
units/systemd-journald@.service.in:Description=Journal Service for Namespace %i
units/systemd-journald@.socket:Description=Journal Sockets for Namespace %i
so we need to keep "Varlink" in the name. But also use "Sockets" (plural)
for the "main" socket unit, since it opens multiple sockets.
I was looking at the logs in some bug and saw this:
Mar 13 15:55:12 fedora systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
Mar 13 15:55:12 fedora systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
Mar 13 15:55:12 fedora systemd[1]: systemd-tpm2-setup-early.service - TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
This is overly technical, for most units we don't provide this level of
detail about the implementation. So retitle the units to be more accessible.
Also, the fact that it's a v. 2 of the TPM is not that important. We don't
support TPM 1.2, but computers without TPM v2 are getting rare. For other
units we don't advertise the version of hardware, and let's not do this here,
to reduce some complexity.
projects / thirdparty / systemd.git / log
