Yu Watanabe [Wed, 5 Mar 2025 22:25:28 +0000 (07:25 +0900)]
udev/net: fix assignment of ID_NET_NAME=
E.g. sd_device object of network interface 'hoge!foo' has sysname 'hoge/foo'.
So, previously udevd assigned 'hoge/foo' rather than 'hoge!foo' to ID_NET_NAME,
hence even when renaming is not requested, such interface was renamed to 'hoge_foo'
(note '/' cannot be used in network interface name, hence escaped to underbar).
- Fixes a race in systemd-run caused by b7ba8d55b8e413ff326abc4814b92d42b8d3c3c3, which causes issue #36679.
- Skip verifying masked units in TEST-23.
- Avoid false-positive ASan warning by switching sanitizer run from
Fedora rawhide to Fedora 41, caused by recent update from
llvm-19.1.7-11.fc43 to llvm-20.1.0-1.fc43. Hopefully issue #36678 should
be fixed.
Michal Koutný [Mon, 3 Feb 2025 16:02:09 +0000 (17:02 +0100)]
test-cgroup-util: Ignore LXC group
LXC helper processes hide themselve in .lxc cgroup, we don't have to
deal with the inside tests (and the error in conversion to unit is handled).
Skip those but keep iterating over remaining processes to detect what
can be created around us.
Michal Koutný [Fri, 17 Jan 2025 17:00:25 +0000 (18:00 +0100)]
test-cgroup-util: Skip procs analysis without cgroupfs
cg_pidref_get_path() cannot work (current implementaion) without
cgroupfs (when it checks unified or not setup). Similarly,
cg_pidref_get_unit() assumes all processes are part of a unit. So carry
out the test only when running on a systemd setup.
Michal Koutný [Wed, 15 Jan 2025 15:36:28 +0000 (16:36 +0100)]
test-cgroup-util: Check return values
The test is supposed to check a battery of cgroup helpers on each
process found but it doesn't literally check anything besides presence
of procfs. (One can visually check printed output only. Introduction in aff38e74bd ("nspawn: suffix the nspawn cgroups with ".nspawn"").)
Make some assumptions about visible processes and turn the test into
testing that systemd helpers can deal with whatever process they find on
the SUT.
Yu Watanabe [Tue, 11 Mar 2025 19:50:33 +0000 (04:50 +0900)]
resolve question marks in /etc/hostname to characters hashed from machine ID (#36647)
So I have a bunch of particle os instances around, that I frequently
factory reset. and it's confusing, since they all have the same name.
Let's do something about this, and extend the hostname setup logic a bit
to deal better with "cattle" rather than "pet" deployments.
Specifically: if a hostname in /etc/hostname contains a bunch of
question marks we'll replace it with hex chars hashed from the machine
id.
Yu Watanabe [Mon, 10 Mar 2025 20:15:11 +0000 (05:15 +0900)]
run: check if the start job is finished on PropertiesChanged signal and so on
Otherwise, if systemd-run is disconnected from bus before JobRemoved
signal, then c->start_job will never freed, thus run_context_check_done()
will never call sd_event_exit() even after the service is finished.
This drops monitoring JobRemoved signal, and make systemd-run check if
the start job is started when PropertiesChanged signal is received.
Yu Watanabe [Mon, 10 Mar 2025 16:54:28 +0000 (01:54 +0900)]
ci/mkosi: enable sanitizers on Fedora 41
It seems the recent update of LLVM package in Fedora rawhide breaks
sanitizers, and udevd freezes after false-positive (I guess) issue is
detected:
systemd-udevd[2646]: =================================================================
systemd-udevd[2646]: ==2646==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffc3a642660 at pc 0x555627ac022b bp 0x7ffc3a6422b0 sp 0x7ffc3a6422a8
systemd-udevd[2646]: READ of size 8 at 0x7ffc3a642660 thread T0 ((udev-worker))
llvm-19.1.7-11.fc43 worked fine, but llvm-20.1.0-1.fc43 does not.
To avoid the issue, let's enable sanitizer on Fedora 41, and disable it
on Fedora rawhide.
Yu Watanabe [Mon, 10 Mar 2025 19:21:11 +0000 (04:21 +0900)]
TEST-23-UNIT-FILE: skip verifying masked unit
This fixes the following failure:
TEST-23-UNIT-FILE.sh[2408]: + systemd-analyze --recursive-errors=no --man=no verify /usr/lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service
systemd-analyze[2737]: sys-kernel-config.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: proc-sys-fs-binfmt_misc.automount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: dev-hugepages.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: sys-kernel-tracing.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: sys-kernel-debug.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: sys-fs-fuse-connections.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: dev-mqueue.mount: symlinks are not allowed for units of this type, rejecting.
systemd-analyze[2737]: Unit systemd-hwdb-update.service is masked.
TEST-23-UNIT-FILE.sh[166]: + :
TEST-23-UNIT-FILE.sh[166]: + kill -0 2408
TEST-23-UNIT-FILE.sh[166]: + wait 2408
TEST-23-UNIT-FILE.sh[166]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/TEST-23-UNIT-FILE.verify-unit-files.sh failed'
TEST-23-UNIT-FILE.sh[166]: Subtest /usr/lib/systemd/tests/testdata/units/TEST-23-UNIT-FILE.verify-unit-files.sh failed
mountfsd: also return suggested mount point paths for the returned partitions
When mounting a disk image we return a bunch of mount fds referencing
the various partitions in the disk, along with some metadata about them.
One key metadata field is the "designator" which is supposed to tell
clients what is what, and where to mount it.
Let's make this more explicit: let's also include the literal relative
path where each mount shall be placed, to simplify implementations of
clients that do not care about the concept of designators.
basic: move gethostname_full() from basic/hostname-util.c → shared/hostname-setup.c
In one of the next commits we'd like to introduce a concept of
optionally hashing the hostname from the machine ID. For that we we need
to optionally back gethostname_full() by code involving sd-id128, hence
let's move it from src/basic/ to src/shared/, since only there we are
allowed to use our public APIs.
David Tardon [Fri, 7 Mar 2025 15:22:00 +0000 (16:22 +0100)]
bus-polkit: shortcut auth. after first denial
A D-Bus/Varlink method can issue PolicyKit auth. requests for multiple
actions; in this case the method is expected to fail on the first one
that is not allowed. This is enforced by asserts in
async_polkit_read_reply(), but that's a wrong place for the check for
two reasons:
1. it doesn't allow to get a meaningful stack trace;
2. sending the query to polkit is already a pointless exercise.
Let's do the check in *_verify_polkit_async_full() and don't send
anything to PolicyKit in that case.
Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=2349594 .
cgroup-util: Handle capsule@ paths like user@ paths (#36664)
The capsule instances are related to user instances, so treat them
equally to user@.service when handling cgroup paths. This also saves us
from polluting public libsystemd API with variant for capsules too.
Michal Koutný [Mon, 3 Feb 2025 13:44:20 +0000 (14:44 +0100)]
cgroup-util: Handle capsule@ paths like user@ paths
The capsule instances are related to user instances, so treat them
equally to user@.service when handling cgroup paths. This also saves us
from polluting public libsystemd API with variant for capsules too.
Mike Yuan [Fri, 25 Oct 2024 23:51:04 +0000 (01:51 +0200)]
core/service: introduce sd_notify() RESTART_RESET=1 for resetting restart counter
We have RestartMaxDelaySec= + RestartSteps= to exponentially increase
auto restart durations, but it currently cannot be reset by the service
itself, which makes it sometimes awkward to use. A typical pattern
in real life is that a service was once down (e.g. due to temporary
network interruption) and multiple restarts were attempted. Then,
future restarts would always wait for increated amount of time based on
RestartMaxDelaySec=, even after the original problem got resolved.
Such "persistence" could result in longer unavailablity than there
should be for failures that come later.
(C.f. https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdResettingUnitBackoff)
Let's introduce a new sd_notify() notification for resetting the restart
counter. There were discussions about making this timer-based, but I think
it's more flexible to leave the decision-making to the service. This enables
them to do a combination of N successful requests + uptime check for instance.
Yu Watanabe [Mon, 10 Mar 2025 13:44:02 +0000 (22:44 +0900)]
udev: scan partitions and trigger synthetic change events in child process
Rereading partition table may take longer on slow disk. The main process
should not be blocked by the operation. Let's fork a child process and
do that on the child.
If a network mount returns EBUSY on umount, the logic introduced in 6dc68a00cfc816678fd713b12ae2a4cf2ae6da85 causes shutdown to hang indefinitely on
`fstatat()` (i.e., within `is_dir(m->path, true)`). Hence, skip this logic for
network mounts (following the same motivation we use to skip read-only mounts in
this kind of file systems).
We settle on the types the backend implementation in
userns-registry.[ch] uses too. i.e. uid_t/gid_t for the bases, and
uint32_t for the uid range sizes.
Yu Watanabe [Sun, 9 Mar 2025 22:51:28 +0000 (07:51 +0900)]
meson: bump required minimum version to 0.62.0 (#36610)
- bump the requred minimum version of meson to 0.62.0,
- use install_symlink(), which is supported since meson-0.61.0,
- use more features provided by newer meson with careful
conditionalization.
Yu Watanabe [Tue, 4 Mar 2025 23:07:07 +0000 (08:07 +0900)]
test-network: replace symlink to 99-default.link with a copy
Then, we can drop ugly workaround in meson.build.
The .link file is not necessarily synced with 99-default.link.
Also, 99-default.link is not updated so frequently.
Let's manually sync it when necessary.
Yu Watanabe [Tue, 4 Mar 2025 18:14:04 +0000 (03:14 +0900)]
meson: bump required minimum version to 0.62.0
The commit 8442ac9c0264ac7beb5afd6c3bf922030a6edaf3 set
install_tag option to install_emptydir() calls, but it requires
meson-0.62.0. Hence, after the commit, we cannot build systemd
with older meson anymore. As using install_tag is quite useful
for building systemd package, let's bump the requirement of
meson version to 0.62.0.
Note, the current meson versions of major distributions are:
CentOS 9: 0.63.3
CentOS 10: 1.4.1
Fedora 40: 1.4.1
Fedora 41: 1.5.1
Ubuntu 20.04 LTS (focal): 0.53.2 -- EOL on 2025-04
Ubuntu 22.04 LTS (jammy): 0.61.2 -- EOL on 2027-04
Ubuntu 24.04 LTS (noble): 1.3.2
Ubuntu 24.10 (oracular): 1.5.2
Debian 11 (bullseye): 0.56.2 (1.0.0 in backports) -- EOL on 2024-08
Debian 12 (bookworm): 1.0.1 (1.5.1 in backports)
openSUSE Leap 15.6: 1.6.1
openSUSE Tumbleweed: 1.6.1
As the next version (v258) is not expected to be released before
the end of 2025-04, it is OK to cut the support of Ubuntu 20.04 LTS and
Debian 11. Also, our policy for support of distributions explicitly says
only latest Ubuntu LTS and non-LTS releases are supported.
Hence, we can also cut Ubuntu 22.04, even if it is not EOL.
Piotr Drąg [Sun, 9 Mar 2025 11:26:21 +0000 (12:26 +0100)]
po: add false positives to POTFILES.skip
Scripts used to detect files that should be in POTFILES.in, like
intltool-update -m used on https://l10n.gnome.org/module/systemd/,
falsely detect these files as containing translations. Avoid this
behavior by putting the files in POTFILES.skip.
Mike Yuan [Wed, 5 Mar 2025 17:35:50 +0000 (18:35 +0100)]
core/main: correct retval for reexec/switch-root/soft-reboot
For these objectives we ought to execve() at the end, i.e. if we
ever hit the return path something went wrong in do_reexecute().
Let's properly report that via retval.
The commit described about system potentially becoming undebuggable
after switching into broken root or whatnot. But notably we can never
activate emergency.target after do_reexecute() failure, since the Manager
has been destructed. Plus, for a normal reexecution the fallback shell logic
triggered on non-existent /sbin/init is kinda useful. Let's hence guard
the extra check behind switch-root.
Also, move the check below /run/nextroot/ detection.
Luca Boccassi [Sat, 8 Mar 2025 01:42:20 +0000 (01:42 +0000)]
keyutil: support adding content into PKCS#7 signature (#36663)
Support including the data that was signed inside the PKCS#7 signature.
This creates a self-contained file where the signature of the data can
be verified without any other information, since the file contains the
data, signature, and certificate (which contains the public key used for
the signing).
One use case of this is IPE which requires a PKCS#7 signature that is
not "detached", i.e. includes the IPE configuration that has been
signed.
This also slightly adjusts the test case to use the x509 certificate
inside the PKCS#7 signature instead of supplying it externally during
verification.
if Lennart shall dogfood ParticleOS he needs acceptable tooling for
making his homed home dir accessible from his legacy fedora install, and
from local and remote particleos. Let's add explicit support for
scenarios like this:
1. add high level support for enrolling the account signing key from the
fedora install
2. add high level support for "adopting" a local but foreign .home file
on a system
3. add high level support for "registering" a remote user account on a
different system
(this lacks test cases and some docs, hence marked as wip)
projects / thirdparty / systemd.git / log
