thirdparty/systemd.git
61 min agoMerge pull request #17219 from poettering/exec-root-dir master
Zbigniew Jędrzejewski-Szmek [Thu, 1 Oct 2020 18:01:46 +0000 (20:01 +0200)] 
Merge pull request #17219 from poettering/exec-root-dir

minor tweaks to execute.[ch]

10 hours agoexecute: use empty_to_root() a bit more 17219/head
Lennart Poettering [Thu, 1 Oct 2020 08:53:56 +0000 (10:53 +0200)] 
execute: use empty_to_root() a bit more

10 hours agoexecute: add helper for checking if root_directory/root_image are set in ExecContext
Lennart Poettering [Thu, 1 Oct 2020 08:42:10 +0000 (10:42 +0200)] 
execute: add helper for checking if root_directory/root_image are set in ExecContext

10 hours agoMerge pull request #17152 from keszybz/make-mountapivfs-default
Lennart Poettering [Thu, 1 Oct 2020 09:00:02 +0000 (11:00 +0200)] 
Merge pull request #17152 from keszybz/make-mountapivfs-default

Make MountAPIVFS=yes default

10 hours agoMerge pull request #17214 from poettering/log-generator-fix
Franck Bui [Thu, 1 Oct 2020 08:51:19 +0000 (10:51 +0200)] 
Merge pull request #17214 from poettering/log-generator-fix

fix logging in generators

10 hours agoMerge pull request #17154 from keszybz/crypttab-commas
Lennart Poettering [Thu, 1 Oct 2020 08:26:24 +0000 (10:26 +0200)] 
Merge pull request #17154 from keszybz/crypttab-commas

Allow escaping commas in crypttab

10 hours agoMerge pull request #17213 from keszybz/man-cleanups
Lennart Poettering [Thu, 1 Oct 2020 08:24:44 +0000 (10:24 +0200)] 
Merge pull request #17213 from keszybz/man-cleanups

Fix links in man pages

10 hours agobootspec: don't fail with EIO if searching for ESP and finding one without an envelop...
Lennart Poettering [Wed, 30 Sep 2020 09:04:08 +0000 (11:04 +0200)] 
bootspec: don't fail with EIO if searching for ESP and finding one without an enveloping partition table

If this happens this should just mean: we couldn't find the ESP.

Fixes: #17122

28 hours agogenerator: use kmsg in system-level generators, journal otherwise 17214/head
Lennart Poettering [Wed, 30 Sep 2020 14:19:12 +0000 (16:19 +0200)] 
generator: use kmsg in system-level generators, journal otherwise

Fixes: #17129.

28 hours agolog: normalize log target condition check
Lennart Poettering [Wed, 30 Sep 2020 14:17:12 +0000 (16:17 +0200)] 
log: normalize log target condition check

THis doesn't change the condition's logic at all, but is an attempt to
make things a bit more readable: instead of checking log_target !=
LOG_TARGET_AUTO let's actually list the targets where we want to
consider journal/syslog/kmsg, to make things a bit less confusing. After
all the message here is not to avoid them if LOG_TARGET_AUTO is set, but
to definitely do them in the other cases.

28 hours agolog: update comment
Lennart Poettering [Wed, 30 Sep 2020 14:06:53 +0000 (16:06 +0200)] 
log: update comment

The logic was changed in bc694c06e60505efeb09e5278a7b22cdfa23975e, let's
update the comment accordingly.

30 hours agoAdd Aiptek Hyperpen 6000U to hwdb
Jan Schlüter [Wed, 30 Sep 2020 08:34:35 +0000 (10:34 +0200)] 
Add Aiptek Hyperpen 6000U to hwdb

30 hours agoman: mention that sd_bus_send() buffers locally, and sd_bus_process() is needed to...
Lennart Poettering [Wed, 23 Sep 2020 08:09:53 +0000 (10:09 +0200)] 
man: mention that sd_bus_send() buffers locally, and sd_bus_process() is needed to flush it out

Prompted-by: #17128
30 hours agoman: correct various links 17213/head
Zbigniew Jędrzejewski-Szmek [Wed, 30 Sep 2020 12:57:21 +0000 (14:57 +0200)] 
man: correct various links

As usual, linkchecker ftw!

30 hours agoman: update rules
Zbigniew Jędrzejewski-Szmek [Wed, 30 Sep 2020 12:52:48 +0000 (14:52 +0200)] 
man: update rules

Fixup for 278fdd064df071cca2cd3bcae882a9a5a965c8b5.

30 hours agoman/html: fix invocation for pages which are *not* symlinks
Zbigniew Jędrzejewski-Szmek [Wed, 30 Sep 2020 12:24:01 +0000 (14:24 +0200)] 
man/html: fix invocation for pages which are *not* symlinks

It seems I tested that redirects work, but I forgot to check that non-redirects
are still fine too ;(

30 hours agohomed: explicitly deactivate all home directories on shutdown
Lennart Poettering [Mon, 21 Sep 2020 16:25:46 +0000 (18:25 +0200)] 
homed: explicitly deactivate all home directories on shutdown

Let's explicitly deactivate all home dirs on shutdown, in order to
properly synchronizing unmounting and avoiding blocking devices.

Previously, we'd rely on automatic deactivation when home directories
become unused. However, that scheme is asynchronous, and ongoing
deactviations might conflicts with attempts to unmount /home. Let's fix
that by providing an explicit service systemd-homed-activate.service
whose only job is to have a ExecStop= line that explicitly deactivates
all home directories on shutdown. This service can the be ordered after
home.mount and similar, ensuring that we'll first deactivate all homes
before deactivating /home itself during shutdown.

This is kept separate from systemd-homed.service so that it is possible
to restart systemd-homed.service without deactivating all home
directories.

Fixes: #16842

30 hours agoMerge pull request #17203 from poettering/resolv-conf-mode
Lennart Poettering [Wed, 30 Sep 2020 12:37:24 +0000 (14:37 +0200)] 
Merge pull request #17203 from poettering/resolv-conf-mode

expose resolv.conf mode bus property

30 hours agoMerge pull request #17195 from keszybz/man-cleanups
Lennart Poettering [Wed, 30 Sep 2020 12:16:05 +0000 (14:16 +0200)] 
Merge pull request #17195 from keszybz/man-cleanups

Man page cleanups

34 hours agoMerge pull request #17087 from yuwata/man-initial-congestion-window
Lennart Poettering [Wed, 30 Sep 2020 08:55:18 +0000 (10:55 +0200)] 
Merge pull request #17087 from yuwata/man-initial-congestion-window

man: update InitialCongestionWindow= and InitialAdvertisedReceiveWindow=

34 hours agoresolved: turn off that a search domain is derived from the host's fqdn
Lennart Poettering [Tue, 29 Sep 2020 14:10:40 +0000 (16:10 +0200)] 
resolved: turn off that a search domain is derived from the host's fqdn

If the hostname of a system is set to an fqdn, glibc traditionally
derives a search domain from it if none is explicitly configured.

This is a bit weird, and we currently don't do that in our own search
path logic.

Following #17193 let's turn this behaviour off for now.

Yes, this has a slight chance of pissing people off who think this
behaviour is good. If this is indeed an issue, we can revisit the issue
but in that case if we readd the concept we should do it properly:
derive the search domain from the fqdn in our codebase too and report it
in resolvectl, and in our generated stub files. But I have the suspicion
most people who set the hostname to an fqdn aren#t even aware of this
behaviour nor want it, so let's wait until people complain.

Fixes: #17193

34 hours agoman: assorted small fixes 17195/head
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 10:31:27 +0000 (12:31 +0200)] 
man: assorted small fixes

This is almost all of #17177.

34 hours agoman/systemd.network(5): unify descriptions of MUDURL=
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 10:27:19 +0000 (12:27 +0200)] 
man/systemd.network(5): unify descriptions of MUDURL=

Let's write one good description and refer to it from the other two
spots.

34 hours agoman: in systemd-nspawn(1), refer to systemd.exec(5) for the shared stuff
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 10:16:12 +0000 (12:16 +0200)] 
man: in systemd-nspawn(1), refer to systemd.exec(5) for the shared stuff

We should avoid duplicating lengthy description of very similar concepts.
--root-hash-sig follows the same semantics as RootHashSig=, so just refer
the reader to the other man page. --root-hash doesn't implement the same
features as RootHash=, so we can't fully replace the description, but let's
give the user a hint to look at the other man page too.

For #17177.

34 hours agoman: link to fork(2) more prominently
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 08:10:35 +0000 (10:10 +0200)] 
man: link to fork(2) more prominently

For #17177.

34 hours agoman: do not index various /foobar/ paths
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 08:04:12 +0000 (10:04 +0200)] 
man: do not index various /foobar/ paths

For #17177.

34 hours agoman: refer to the right man page for Environment=
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 07:55:00 +0000 (09:55 +0200)] 
man: refer to the right man page for Environment=

For #17177.

34 hours agoman: reword description of "-" in sysctl.d(5)
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 07:43:18 +0000 (09:43 +0200)] 
man: reword description of "-" in sysctl.d(5)

For #17177.

34 hours agoman: explain why TZ=: is used
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 07:30:42 +0000 (09:30 +0200)] 
man: explain why TZ=: is used

Also, reword the description a bit. "As a string" is meaningless in the context
of commandline arguments, where evyrything is a string. This is not a
strongly-typed programming language where 5 is a number but "5" is something
completely different. Here both 5 and "5" are indistinguishable. The original
text was trying to say that a location name should be given and not a number,
so say "time zone location name".

For #17177.

34 hours agoman: adjustments in file-hierarchy(7)
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 07:21:15 +0000 (09:21 +0200)] 
man: adjustments in file-hierarchy(7)

In table titles, capitalize only the first word (they are rather long and
it is easier to read when it looks like a normal sentence).

Adjust some phrases to make them clearer when reported as unclear in #17177.

34 hours agoman,units: link to the new dbus-api man pages
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 06:03:10 +0000 (08:03 +0200)] 
man,units: link to the new dbus-api man pages

34 hours agoMerge pull request #17199 from poettering/log-tid
Zbigniew Jędrzejewski-Szmek [Wed, 30 Sep 2020 08:28:51 +0000 (10:28 +0200)] 
Merge pull request #17199 from poettering/log-tid

include thread ID in log output

34 hours agoresolvectl: show resolv.conf mode in resolvectl output 17203/head
Lennart Poettering [Tue, 29 Sep 2020 15:28:31 +0000 (17:28 +0200)] 
resolvectl: show resolv.conf mode in resolvectl output

34 hours agoresolved: expose a new bus property that informs about the /etc/resolv.conf mode
Lennart Poettering [Tue, 29 Sep 2020 15:25:15 +0000 (17:25 +0200)] 
resolved: expose a new bus property that informs about the /etc/resolv.conf mode

It can be one of "foreign", "missing", "stub", "static", "uplink",
depending on how /etc/resolv.conf is set up:

foreign → someone/something else manages /etc/resolv.conf,
    systemd-resolved is just the consumer

missing → /etc/resolv.conf is missing altogether

stub/static/uplink → the file is managed by resolved, with the
    well-known modes

Fixes: #17159

34 hours agologinctl: add -P as short for --value --property=
Ronan Pigott [Wed, 30 Sep 2020 06:51:08 +0000 (23:51 -0700)] 
loginctl: add -P as short for --value --property=

34 hours agosysusers: use "!*" instead of "!!" as an invalid group password
nl6720 [Wed, 30 Sep 2020 05:09:25 +0000 (08:09 +0300)] 
sysusers: use "!*" instead of "!!" as an invalid group password

This basically implements fc58c0c7bf7e4f525b916e3e5be0de2307fef04e for gshadow.
gpasswd may not have a lock/unlock that behaves the same as passwd, but
according to gshadow(5) the logic of the password field is the same.

34 hours agoseccomp-util: add cacheflush() syscall to @default syscall set
Lennart Poettering [Tue, 29 Sep 2020 13:59:28 +0000 (15:59 +0200)] 
seccomp-util: add cacheflush() syscall to @default syscall set

This is like membarrier() I guess and basically just exposes CPU
functionality via kernel syscall on some archs. Let's whitelist it for
everyone.

Fixes: #17197

35 hours agoCalendar and micmute hotkeys on HP EliteBook Folio G1
RussianNeuroMancer [Wed, 30 Sep 2020 02:07:53 +0000 (10:07 +0800)] 
Calendar and micmute hotkeys on HP EliteBook Folio G1

This commit add calendar and micmute hotkeys for HP EliteBook Folio G1, and also correct name of other laptop from HP EliteBook Folio series - HP EliteBook Folio 1040 G2

35 hours agozsh: loginctl: complete alias 'self'
Ronan Pigott [Wed, 30 Sep 2020 07:11:48 +0000 (00:11 -0700)] 
zsh: loginctl: complete alias 'self'

47 hours agopath-lookup: Correct order of XDG_CONFIG_HOME and XDG_CONFIG_DIRS
Pass Automated Testing Suite [Mon, 28 Sep 2020 15:49:55 +0000 (17:49 +0200)] 
path-lookup: Correct order of XDG_CONFIG_HOME and XDG_CONFIG_DIRS

According to the XDG Base Directory Specification [1] XDG_CONFIG_HOME
should take precedence over XDG_CONFIG_DIRS.

Fixes: https://github.com/systemd/systemd/issues/16095

[1]: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

47 hours agodocs: update old documentation links
nl6720 [Tue, 29 Sep 2020 13:10:08 +0000 (16:10 +0300)] 
docs: update old documentation links

47 hours agoudevadm: do not ignroe error caused by unpriviledged user invoking the command
Yu Watanabe [Tue, 29 Sep 2020 04:44:28 +0000 (13:44 +0900)] 
udevadm: do not ignroe error caused by unpriviledged user invoking the command

This effectively reverts commit 67acde4869a9505f9721e31fa5167c82445e0e12.

After commits 569ad251adde02dc0915758fe027e0346e50738a and
67acde4869a9505f9721e31fa5167c82445e0e12, -EACCES errors are ignored,
and thus 'udevadm trigger' succeeds even when it is invoked by non-root
users. Moreover, on -EACCES error, log messages are shown in debug
level, so usually we see no message, and users are easily confused
why uevents for devices are not triggered.

2 days agolog: include TID= field in structred log output 17199/head
Lennart Poettering [Tue, 29 Sep 2020 11:07:07 +0000 (13:07 +0200)] 
log: include TID= field in structred log output

It always was the intention to expose this as trusted field _TID=, i.e.
automatically determine it from journald via some SCM_xyz field or so,
but this is never happened, and it's unlikely this will be added anytime
soon to the kernel either, hence let's just generate this sender side,
even if it means it's untrusted.

2 days agolog: optionally display thread ID in log output to tty
Lennart Poettering [Tue, 29 Sep 2020 11:06:12 +0000 (13:06 +0200)] 
log: optionally display thread ID in log output to tty

This is very useful when playing around with threaded tests, but should
be useful in other cases too.

2 days agoMerge pull request #17194 from poettering/dot-suffix
Lennart Poettering [Tue, 29 Sep 2020 13:50:06 +0000 (15:50 +0200)] 
Merge pull request #17194 from poettering/dot-suffix

resolved: turn off search domain logic for queries for dot-suffixed domains

2 days agoMerge pull request #17190 from poettering/udev-opath
Zbigniew Jędrzejewski-Szmek [Tue, 29 Sep 2020 11:53:41 +0000 (13:53 +0200)] 
Merge pull request #17190 from poettering/udev-opath

udev: manipulate device nodes with O_PATH

2 days agoresolved: imply SD_RESOLVED_NO_SEARCH when looking up trailing dot domains 17194/head
Lennart Poettering [Tue, 29 Sep 2020 09:53:31 +0000 (11:53 +0200)] 
resolved: imply SD_RESOLVED_NO_SEARCH when looking up trailing dot domains

Let's turn off the search domain logic if a trailing dot is specified
when looking up hostnames and RRs via the Varlink + D-Bus APIs (and thus
also when doing so via nss-resolve). (This doesn't affect lookups via
the stub, since for the any search path logic is done client side
anyway)

It might make sense to force the DNS protocol in this case too (and
disable LLMR + mDNS), but we'll leave that for a different PR — if it
even makes sense. It might also make sense to disable the logic of never
routing single-label lookups to the Internet if a trailing to is
specified, but this needs more discussion too.

2 days agodns-domain: add helper that checks whether domain is dot suffixed
Lennart Poettering [Tue, 29 Sep 2020 09:52:15 +0000 (11:52 +0200)] 
dns-domain: add helper that checks whether domain is dot suffixed

2 days agoman: update InitialCongestionWindow= and InitialAdvertisedReceiveWindow= 17087/head
Yu Watanabe [Thu, 17 Sep 2020 08:01:36 +0000 (17:01 +0900)] 
man: update InitialCongestionWindow= and InitialAdvertisedReceiveWindow=

Fixes #16643.

2 days agoMerge pull request #17186 from poettering/tmpfiles-cleanup-man-fix
Anita Zhang [Tue, 29 Sep 2020 06:48:28 +0000 (23:48 -0700)] 
Merge pull request #17186 from poettering/tmpfiles-cleanup-man-fix

man: fix reference to unit file

2 days agonetwork: limit InitialCongestionWindow= and InitialAdvertisedReceiveWindow= value
Yu Watanabe [Tue, 29 Sep 2020 04:55:14 +0000 (13:55 +0900)] 
network: limit InitialCongestionWindow= and InitialAdvertisedReceiveWindow= value

Strivtly speaking, this breaks backward compatibility. But setting
too large value into them, then their networking easily breaks.
Note that typically 100 for them is event too large. So, ommiting the
values equal or higher than 1024, and dropping support of k, M, and G
suffixes is OK for normal appropriate use cases.

See discussion in #16643.

3 days agoudev: apply access mode/ownership to device nodes with O_PATH 17190/head
Lennart Poettering [Mon, 14 Sep 2020 19:58:40 +0000 (21:58 +0200)] 
udev: apply access mode/ownership to device nodes with O_PATH

Let's open the device node to modify with O_PATH, and then adjust it
only after verifying everything is in order. This fixes a race where the
a device appears, disappears and quickly reappers, while we are still
running the rules for the first appearance: when going by path we'd
possibly adjust half of the old and half of the new node. By O_PATH we
can pin the node while we operate on it, thus removing the race.

Previously, we'd do a superficial racey check if the device node changed
undearneath us, and would propagate EEXIST in that case, failing the
rule set. With this change we'll instead gracefully handle this, exactly
like in the pre-existing case when the device node disappeared in the
meantime.

3 days agofs-util: add new futimens_opath() helper
Lennart Poettering [Fri, 25 Sep 2020 14:40:02 +0000 (16:40 +0200)] 
fs-util: add new futimens_opath() helper

futimens() that works for O_PATH fds.

3 days agoselinux: add apis to set labels/fix labels per fd instead of path
Lennart Poettering [Mon, 14 Sep 2020 19:54:20 +0000 (21:54 +0200)] 
selinux: add apis to set labels/fix labels per fd instead of path

3 days agoudev-util: simplify device_is_renaming() error handling
Lennart Poettering [Fri, 25 Sep 2020 14:48:07 +0000 (16:48 +0200)] 
udev-util: simplify device_is_renaming() error handling

3 days agoupdate TODO
Lennart Poettering [Mon, 28 Sep 2020 14:29:20 +0000 (16:29 +0200)] 
update TODO

3 days agoman: fix reference to unit file 17186/head
Lennart Poettering [Mon, 28 Sep 2020 14:29:36 +0000 (16:29 +0200)] 
man: fix reference to unit file

It' "systemd-tmpfiles-clean" not "systemd-tmpfiles-cleanup"

Fixes: #17171

3 days agoPrevent triple reporting of rfkill button on HP Elite x2 1013 G3, plus five other...
RussianNeuroMancer [Sun, 27 Sep 2020 01:25:27 +0000 (09:25 +0800)] 
Prevent triple reporting of rfkill button on HP Elite x2 1013 G3, plus five other hotkeys

1. rfkill hotkey is reported from three source: keyboard, Intel HID and HP Wireless hotkeys. Let's block first two.
2. Correct mapping for calendar, micmute, display and brightness hotkeys.

3 days agocore: move reset_arguments() to the end of main's finish
Anita Zhang [Thu, 17 Sep 2020 08:49:17 +0000 (01:49 -0700)] 
core: move reset_arguments() to the end of main's finish

Fixes #16991

fb39af4ce42d7ef9af63009f271f404038703704 replaced `free_arguments()` with
`reset_arguments()`, which frees arg_* variables as before, but also resets all
of them to the default values. `reset_arguments()` was positioned
in such a way that it overrode some arg_* values still in use at shutdown.

To avoid further unintentional resets, I moved `reset_arguments()`
right before the return, when nothing else will be using the arg_* variables.

3 days agoAdd accel mount matrix for Irbis NB111 transformer
RussianNeuroMancer [Fri, 25 Sep 2020 18:03:50 +0000 (02:03 +0800)] 
Add accel mount matrix for Irbis NB111 transformer

3 days agocore: ensure that namespace tmp directories always get the correct label
bauen1 [Fri, 25 Sep 2020 16:45:29 +0000 (18:45 +0200)] 
core: ensure that namespace tmp directories always get the correct label

If a namespace with PrivateTmp=true is constructed we need to restore
the context of the namespaces /tmp directory (i.e.
/tmp/systemd-private-XXXXX/tmp) to the (default) context of /tmp .
Otherwise filetransitions might result in the namespaces tmp directory
having the wrong context.

3 days agoRemoving unused n_fields in journal-gatewayd
Samuel BF [Sun, 27 Sep 2020 20:01:44 +0000 (22:01 +0200)] 
Removing unused n_fields in journal-gatewayd

3 days agolibcrypt-util: use build-time check for crypt_preferred_method
Luca Boccassi [Fri, 25 Sep 2020 10:19:56 +0000 (11:19 +0100)] 
libcrypt-util: use build-time check for crypt_preferred_method

After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra
is checked, but there are cases where that function is available but crypt_preferred_method
is not, and they are used in the same ifdef.
Add a check for the latter as well.

5 days agoTranslated using Weblate (Turkish)
Oğuz Ersen [Sat, 26 Sep 2020 06:29:30 +0000 (08:29 +0200)] 
Translated using Weblate (Turkish)

Currently translated at 100.0% (133 of 133 strings)

Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/tr/
Translation: systemd/master

5 days agorepart: use proper API to check if block device can do partition scanning
Lennart Poettering [Fri, 25 Sep 2020 15:23:34 +0000 (17:23 +0200)] 
repart: use proper API to check if block device can do partition scanning

We have the API wrapper already, hence use it, instead of using a
limited version of it that only works for loopback devices.

5 days agoAdd Chinese translation
huangyong [Fri, 25 Sep 2020 09:49:36 +0000 (17:49 +0800)] 
Add Chinese translation

6 days agomount-util: show mount source in mount_verbose_full() debug output
Lennart Poettering [Thu, 24 Sep 2020 13:07:52 +0000 (15:07 +0200)] 
mount-util: show mount source in mount_verbose_full() debug output

6 days agoMerge pull request #17166 from poettering/loop-mini-fixes
Lennart Poettering [Fri, 25 Sep 2020 15:55:18 +0000 (17:55 +0200)] 
Merge pull request #17166 from poettering/loop-mini-fixes

two minor fixes to the loop block device handling

6 days agoloop-util: apparently opening a loop device sometimes results in ENXIO, handle this 17166/head
Lennart Poettering [Thu, 24 Sep 2020 13:08:22 +0000 (15:08 +0200)] 
loop-util: apparently opening a loop device sometimes results in ENXIO, handle this

6 days agoloop-util: use right flags field
Lennart Poettering [Thu, 24 Sep 2020 13:09:14 +0000 (15:09 +0200)] 
loop-util: use right flags field

6 days agoMerge pull request #17148 from jlebon/pr/crypt-source
Lennart Poettering [Fri, 25 Sep 2020 13:50:15 +0000 (15:50 +0200)] 
Merge pull request #17148 from jlebon/pr/crypt-source

cryptsetup-generator: use "/proc/cmdline" as source when appropriate

6 days agoMerge pull request #17132 from keszybz/test-suite-update
Zbigniew Jędrzejewski-Szmek [Fri, 25 Sep 2020 11:39:24 +0000 (13:39 +0200)] 
Merge pull request #17132 from keszybz/test-suite-update

Test suite updates

6 days agoman: describe comma escaping in crypttab(5) 17154/head
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 13:08:44 +0000 (15:08 +0200)] 
man: describe comma escaping in crypttab(5)

6 days agofstab,crypttab: allow escaping of commas
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 12:55:57 +0000 (14:55 +0200)] 
fstab,crypttab: allow escaping of commas

Fixes #17035. We use "," as the separator between arguments in fstab and crypttab
options field, but the kernel started using "," within arguments. Users will need
to escape those nested commas.

6 days agocore/execute: escape the separator in exported paths
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 11:07:51 +0000 (13:07 +0200)] 
core/execute: escape the separator in exported paths

Our paths shouldn't even contain ":", but let's escape it if one somehow sneaks
in.

6 days agobasic/strv: allow escaping the separator in strv_join()
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 11:06:52 +0000 (13:06 +0200)] 
basic/strv: allow escaping the separator in strv_join()

The new parameter is false everywhere except for tests, so no functional change
is expected.

7 days agocryptsetup-generator: avoid magic value in ternary 17148/head
Jonathan Lebon [Wed, 23 Sep 2020 19:25:41 +0000 (15:25 -0400)] 
cryptsetup-generator: avoid magic value in ternary

`startswith` already returns the string with the prefix skipped, so we
can simplify this further and avoid using a magic value.

Noticed in passing.

Co-authored-by: Lennart Poettering <lennart@poettering.net>
7 days agosd-dhcp6-client: Fix sending prefix delegation request (#17136)
mog422 [Thu, 24 Sep 2020 15:04:52 +0000 (00:04 +0900)] 
sd-dhcp6-client: Fix sending prefix delegation request (#17136)

SD_DHCP6_OPTION_IA_NA does not exist in DHCP6_ADVERTISE packet if DHCP server only provides prefix delegation. So the attempt to send the DHCP6_REQUEST packet fails on r = dhcp6_option_append_ia(&opt, &optlen, &client->lease->ia); forever.

7 days agotest-seccomp: accept ENOSYS from sysctl(2) too 17132/head
Zbigniew Jędrzejewski-Szmek [Tue, 22 Sep 2020 17:05:17 +0000 (19:05 +0200)] 
test-seccomp: accept ENOSYS from sysctl(2) too

It seems that kernel 5.9 started returning that.

7 days agotest: switch TEST-02-CRYPTSETUP and TEST-24-UNITTESTS
Zbigniew Jędrzejewski-Szmek [Tue, 22 Sep 2020 16:26:28 +0000 (18:26 +0200)] 
test: switch TEST-02-CRYPTSETUP and TEST-24-UNITTESTS

When tests are executed serially (the default), it seems better to launch
the fairly generic test that runs the unittests early in the sequence.
Right now the tests are ordered based on when they were written, but
this doesn't make much sense.

7 days agocryptsetup: upgrade log line for option parsing error
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 08:54:10 +0000 (10:54 +0200)] 
cryptsetup: upgrade log line for option parsing error

If we failed here, we would exit with only a debug message.

7 days agocryptsetup-generator: drop unused fstat()
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 08:45:25 +0000 (10:45 +0200)] 
cryptsetup-generator: drop unused fstat()

The result stopped being used in 71e4e1258436e7e81d772aed52a02bb5d9c87cb8.

7 days agonspawn: give better message when invoked as non-root without arguments
Zbigniew Jędrzejewski-Szmek [Wed, 23 Sep 2020 10:20:14 +0000 (12:20 +0200)] 
nspawn: give better message when invoked as non-root without arguments

When invoked as non-root, we would suggest re-running as root without any
further hint. But this immediately spawns a machine from the local directory,
which can be rather surprising. So let's give a better hint.

(In general, I don't think commandline programs should do "significant" things
when invoked without any arguments. In this regard it would be better if
systemd-nspawn would not spawn a machine from the current directory if called
with no arguments and at least "-D ." would be required.)

7 days agotree-wide: drop assignments to r when we only need errno
Zbigniew Jędrzejewski-Szmek [Wed, 23 Sep 2020 10:02:48 +0000 (12:02 +0200)] 
tree-wide: drop assignments to r when we only need errno

If the whole call is simple and we don't need to look at the return value
apart from the conditional, let's use a form without assignment of the return
value. When the function call is more complicated, it still makes sense to
use a temporary variable.

7 days agoTEST-50-DISSECT: drop now-unneeded MountAPIVFS=yes and full paths to executables 17152/head
Zbigniew Jędrzejewski-Szmek [Tue, 22 Sep 2020 10:36:38 +0000 (12:36 +0200)] 
TEST-50-DISSECT: drop now-unneeded MountAPIVFS=yes and full paths to executables

With the previous changes we can simplify the invocations in the test a bit.

7 days agocore: turn on MountAPIVFS=true when RootImage or RootDirectory are specified
Zbigniew Jędrzejewski-Szmek [Tue, 22 Sep 2020 12:49:49 +0000 (14:49 +0200)] 
core: turn on MountAPIVFS=true when RootImage or RootDirectory are specified

Lennart wanted to do this back in
https://github.com/systemd/systemd/commit/01c33c1effaa2406ff7d2a7de08a3ee87aec9fc8.
For better or worse, this wasn't done because I thought that turning on MountAPIVFS
is a compat break for RootDirectory and people might be negatively surprised by it.
Without this, search for binaries doesn't work (access_fd() requires /proc).
Let's turn it on, but still allow overriding to "no".

When RootDirectory=/, MountAPIVFS=1 doesn't work. This might be a buglet on its
own, but this patch doesn't change the situation.

7 days agocore: remember when we set ExecContext.mount_apivfs
Zbigniew Jędrzejewski-Szmek [Tue, 22 Sep 2020 12:08:05 +0000 (14:08 +0200)] 
core: remember when we set ExecContext.mount_apivfs

No functional change intended so far.

7 days agoMerge pull request #17145 from poettering/kill-chmod-and-chown-unsafe
Zbigniew Jędrzejewski-Szmek [Thu, 24 Sep 2020 07:40:56 +0000 (09:40 +0200)] 
Merge pull request #17145 from poettering/kill-chmod-and-chown-unsafe

remove chmod_and_chown_unsafe()

7 days agoMerge pull request #17143 from keszybz/late-exec-resolution-alt
Lennart Poettering [Thu, 24 Sep 2020 07:38:36 +0000 (09:38 +0200)] 
Merge pull request #17143 from keszybz/late-exec-resolution-alt

Late exec resolution (subset)

7 days agohwdb: add Medion Akoya E2221T MD60691 (#17147)
germanztz [Thu, 24 Sep 2020 07:33:43 +0000 (09:33 +0200)] 
hwdb: add Medion Akoya E2221T MD60691 (#17147)

7 days agoTranslated using Weblate (Chinese (Simplified))
Charles Lee [Thu, 24 Sep 2020 04:29:28 +0000 (06:29 +0200)] 
Translated using Weblate (Chinese (Simplified))

Currently translated at 63.1% (118 of 187 strings)

Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/master

7 days agorandom-util: Add an environment variable to disable RDRAND.
Kyle Huey [Wed, 23 Sep 2020 21:19:09 +0000 (14:19 -0700)] 
random-util: Add an environment variable to disable RDRAND.

SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims
to support it. All other values have no effect.

Fixes: #17112

7 days agoMerge pull request #17142 from poettering/catalog-fix-de
Anita Zhang [Thu, 24 Sep 2020 06:41:38 +0000 (23:41 -0700)] 
Merge pull request #17142 from poettering/catalog-fix-de

catalog: add missing @ to German catalog file

7 days agoMerge pull request #17146 from poettering/use-more-proc-mounted
Anita Zhang [Thu, 24 Sep 2020 06:39:20 +0000 (23:39 -0700)] 
Merge pull request #17146 from poettering/use-more-proc-mounted

use proc_mounted() more

7 days agoMerge pull request #17118 from poettering/sync-shutdown-loop
Lennart Poettering [Wed, 23 Sep 2020 19:47:03 +0000 (21:47 +0200)] 
Merge pull request #17118 from poettering/sync-shutdown-loop

fsync() block devices before detaching them during shutdown

7 days agoMerge pull request #17144 from poettering/mount-nofollow
Lennart Poettering [Wed, 23 Sep 2020 19:46:02 +0000 (21:46 +0200)] 
Merge pull request #17144 from poettering/mount-nofollow

tree-wide: mostly avoid following symlinks when mounting

7 days agocryptsetup-generator: use "/proc/cmdline" as source when appropriate
Jonathan Lebon [Wed, 23 Sep 2020 19:23:58 +0000 (15:23 -0400)] 
cryptsetup-generator: use "/proc/cmdline" as source when appropriate

Right now, we always say `/etc/crypttab` even if the source was fully
derived from the kargs.

Let's match what `systemd-fstab-generator` does and use `/proc/cmdline`
when that's the case.

8 days agoupdate TODO 17144/head
Lennart Poettering [Wed, 23 Sep 2020 08:11:49 +0000 (10:11 +0200)] 
update TODO

8 days agotree-wide: port remaining umount() calls to umount_verbose()
Lennart Poettering [Wed, 23 Sep 2020 13:28:59 +0000 (15:28 +0200)] 
tree-wide: port remaining umount() calls to umount_verbose()

8 days agotree-wide: switch remaining mount() invocations over to mount_nofollow_verbose()
Lennart Poettering [Wed, 23 Sep 2020 08:12:56 +0000 (10:12 +0200)] 
tree-wide: switch remaining mount() invocations over to mount_nofollow_verbose()

(Well, at least the ones where that makes sense. Where it does't make
sense are the ones that re invoked on the root path, which cannot
possibly be a symlink.)