thirdparty/systemd.git
3 months agofirstboot: Check if the given shell exists
Daan De Meyer [Sun, 26 Jul 2020 13:38:27 +0000 (14:38 +0100)] 
firstboot: Check if the given shell exists

3 months agonetwork: radv: Send RA on newly-added dynamic prefix
Michael Marley [Sun, 26 Jul 2020 03:23:48 +0000 (23:23 -0400)] 
network: radv: Send RA on newly-added dynamic prefix

When a prefix is delegated to an interface that is already sending
RAs, send an RA immediately to inform clients of the new prefix.
This allows them to start using it immediately instead of waiting
up to nearly 10 minutes (depending on when the last timed RA was
sent).  This type of situation might occur if, for example, an
outage of the WAN connection caused the addresses and prefixes to
be lost and later regained after service was restored.  The
condition for the number of RAs sent being above 0 simultaneously
ensures that RADV is already running and that this code doesn't
send any RAs before the timed RAs have started when the interface
first comes up.

3 months agoFix clang-11 issues
Christian Göttsche [Sat, 25 Jul 2020 16:23:11 +0000 (18:23 +0200)] 
Fix clang-11 issues

Tested with clang 11.0.0-++20200715043845+0e377e253c1-1~exp1 on Debian sid

../src/network/test-networkd-conf.c:104:56: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int]
        test_config_parse_duid_rawdata_one(BYTES_0_128 + 2, 0, &(DUID){0, 128, BYTES_1_128});
                                           ~~~~~~~~~~~~^~~
../src/network/test-networkd-conf.c:104:56: note: use array indexing to silence this warning
        test_config_parse_duid_rawdata_one(BYTES_0_128 + 2, 0, &(DUID){0, 128, BYTES_1_128});
                                                       ^
                                           &           [  ]
1 warning generated.

../src/test/test-clock.c:52:17: warning: ignoring return value of function declared with 'warn_unused_result' attribute [-Wunused-result]
                ftruncate(fileno(f), 0);
                ^~~~~~~~~ ~~~~~~~~~~~~
1 warning generated.

(gdb) run
Starting program: systemd/build/test-alloc-util
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
x1: 0x7fffffffd2d0
x2: 0x7fffffffdac0
y: 0x7fffffffd2cc
z: 0x7fffffffd2c0
cleanup2(0x7fffffffd2cc)
cleanup3(0x7fffffffd2c0)
cleanup1(0x7fffffffdac0)
cleanup1(0x7fffffffd2d0)
*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt full
        set = {__val = {0, 18446744073709551615, 0, 0, 0, 0, 140737348658240140737348659520, 0, 0, 0, 0, 0, 0, 0, 0}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x22ff0, sa_sigaction = 0x22ff0}, sa_mask = {__val = {14073734988860342171274217127421712742171274217383, 0, 0, 0, 0, 143329, 143344, 140737351162752, 8959, 184467440737095513284289072}},
          sa_flags = -138460788, sa_restorer = 0xffffffffffffffff}
        sigs = {__val = {32, 0 <repeats 15 times>}}
        ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7fffffffd280, reg_save_area = 0x7fffffffd210}}
        fd = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
No locals.
No locals.
No locals.
No locals.
No locals.
        l = 0
No locals.
        p1 = 0x405500 "\223Nd\n\351\301mA\214\262A\247\306b\276\317\327\353\346k\035\024\273{\276&!kλ\233\217\t\207\276\327\347\351\355\307R\276\063{\235w=\237E\357\277KL\245\374\245\066M\201+\333\064\272\332g>1<@"
        p2 = <optimized out>
        i = <optimized out>
No locals.

3 months agocatalog: update Polish translation
Piotr Drąg [Fri, 24 Jul 2020 14:06:48 +0000 (16:06 +0200)] 
catalog: update Polish translation

3 months agoresolvectl: fix older resolved or networkd support to set DNS servers
Yu Watanabe [Fri, 24 Jul 2020 12:03:25 +0000 (21:03 +0900)] 
resolvectl: fix older resolved or networkd support to set DNS servers

Fixes #16573.

3 months agoMerge pull request #16566 from poettering/nspawn-osrelease-fixes v246-rc2
Yu Watanabe [Fri, 24 Jul 2020 04:37:31 +0000 (13:37 +0900)] 
Merge pull request #16566 from poettering/nspawn-osrelease-fixes

nspawn: os-release reorganization, second try

3 months agoMerge pull request #16567 from keszybz/more-news
Yu Watanabe [Fri, 24 Jul 2020 04:35:09 +0000 (13:35 +0900)] 
Merge pull request #16567 from keszybz/more-news

NEWS and hwdb update for v246-rc2

3 months agoselinux: handle getcon_raw producing a NULL pointer, despite returning 0
Axel Rasmussen [Thu, 23 Jul 2020 17:54:23 +0000 (10:54 -0700)] 
selinux: handle getcon_raw producing a NULL pointer, despite returning 0

Previously, we assumed that success meant we definitely got a valid
pointer. There is at least one edge case where this is not true (i.e.,
we can get both a 0 return value, and *also* a NULL pointer):
https://github.com/SELinuxProject/selinux/blob/4246bb550dee5246c8567804325b7da206cd76cf/libselinux/src/procattr.c#L175

When this case occurrs, if we don't check the pointer we SIGSEGV in
early initialization.

3 months agosemaphoreci: update Debian release to bullseye
Dan Streetman [Wed, 22 Jul 2020 22:51:41 +0000 (18:51 -0400)] 
semaphoreci: update Debian release to bullseye

The Debian upstream-ci branch is updating to require debhelper 13,
which is only currently available from bullseye, or buster-backports.

3 months agoupdate TODO 16566/head
Lennart Poettering [Thu, 23 Jul 2020 14:58:56 +0000 (16:58 +0200)] 
update TODO

3 months agonspawn: rework how /run/host/ is set up
Lennart Poettering [Thu, 23 Jul 2020 14:49:13 +0000 (16:49 +0200)] 
nspawn: rework how /run/host/ is set up

Let's find the right os-release file on the host side, and only mount
the one that matters, i.e. /etc/os-release if it exists and
/usr/lib/os-release otherwise. Use the fixed path /run/host/os-release
for that.

Let's also mount /run/host as a bind mount on itself before we set up
/run/host, and let's mount it MS_RDONLY after we are done, so that it
remains immutable as a whole.

3 months agoportabled: update host's os-release path
Luca Boccassi [Thu, 23 Jul 2020 13:44:10 +0000 (14:44 +0100)] 
portabled: update host's os-release path

3 months agodoc: update os-release spec with new path for container host's file
Luca Boccassi [Thu, 23 Jul 2020 12:46:13 +0000 (13:46 +0100)] 
doc: update os-release spec with new path for container host's file

3 months agoNEWS: fix typo in path
Luca Boccassi [Thu, 23 Jul 2020 12:45:45 +0000 (13:45 +0100)] 
NEWS: fix typo in path

3 months agonspawn: add missing spdx header
Lennart Poettering [Wed, 22 Jul 2020 15:50:45 +0000 (17:50 +0200)] 
nspawn: add missing spdx header

3 months agoMerge pull request #16561 from yuwata/test-ordered-set
Lennart Poettering [Thu, 23 Jul 2020 16:31:03 +0000 (18:31 +0200)] 
Merge pull request #16561 from yuwata/test-ordered-set

test: clarify that ordered_set_put() returns -EEXIST if entry is duplicated

3 months agocore: clean more env vars from env block pid1 receives
Lennart Poettering [Thu, 23 Jul 2020 06:48:56 +0000 (08:48 +0200)] 
core: clean more env vars from env block pid1 receives

We generally clean all env vars we use ourselves to communicate with out
childrens. We forgot some more recent additions however. Let's correct
that.

3 months agoNEWS: reorder entries a bit and add a few items 16567/head
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 15:53:39 +0000 (17:53 +0200)] 
NEWS: reorder entries a bit and add a few items

3 months agoNEWS: update contributors list for v246-pre
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 15:30:54 +0000 (17:30 +0200)] 
NEWS: update contributors list for v246-pre

3 months agohwdb: update again for v246
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 15:25:40 +0000 (17:25 +0200)] 
hwdb: update again for v246

Just a few minor changes.

3 months agofirstboot: don't create /etc/passwd with mode 000
Lennart Poettering [Thu, 23 Jul 2020 12:24:38 +0000 (14:24 +0200)] 
firstboot: don't create /etc/passwd with mode 000

It needs to be world readable (unlike /etc/shadow) when created anew.

This fixes systems that boot with "systemd-nspawn --volatile=yes", i.e.
come up with an entirely empty /etc/ and thus no existing /etc/passwd
file when firstboot runs.

3 months agonspawn: fix MS_SHARED mount propagation for userns containers
Lennart Poettering [Thu, 23 Jul 2020 09:13:44 +0000 (11:13 +0200)] 
nspawn: fix MS_SHARED mount propagation for userns containers

We want our OS trees to be MS_SHARED by default, so that our service
namespacing logic can work correctly. Thus in nspawn we mount everything
MS_SHARED when organizing our tree. We do this early on, before changing
the user namespace (if that's requested). However CLONE_NEWUSER actually
resets MS_SHARED to MS_SLAVE for all mounts (so that less privileged
environments can't affect the more privileged ones). Hence, when
invoking it we have to reset things to MS_SHARED afterwards again. This
won't reestablish propagation, but it will make sure we get a new set of
mount peer groups everywhere that then are honoured for the mount
namespaces/propagated mounts set up inside the container further down.

3 months agoUpdate mkosi.ubuntu to 'focal'
szb512 [Tue, 14 Jul 2020 13:33:29 +0000 (09:33 -0400)] 
Update mkosi.ubuntu to 'focal'

[zjs: Looking at https://packages.ubuntu.com/bionic/iptables-dev, iptables-dev
was a transitional package that was pulling in libxtables-dev, libip4tc-dev,
and libip6tc-dev (as listed by @GiedriusS). iptables-dev is gone in focal, so
replace it by the expanded list.]

3 months agonetwork: compare with peer address if it is specified
Yu Watanabe [Tue, 21 Jul 2020 16:03:16 +0000 (01:03 +0900)] 
network: compare with peer address if it is specified

Follow-ups for dfef713f3e390ced671ce0ee87782cc373c937d0.

3 months agoMerge pull request #16532 from yuwata/network-sync-state-file
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 14:34:38 +0000 (16:34 +0200)] 
Merge pull request #16532 from yuwata/network-sync-state-file

network: sync link state file on dbus call, and ndisc cleanups

3 months agotest-ordered-set: add a case where we get 0 for duplicate entries 16561/head
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 13:47:21 +0000 (15:47 +0200)] 
test-ordered-set: add a case where we get 0 for duplicate entries

This API is a complete mess. We forgot to do a hashed comparison for duplicate
entries and we use a direct pointer comparison. For trivial_hash_ops the result
is the same. For all other case, it's not. Fixing this properly will require
auditing all the uses of set_put() and ordered_set_put(). For now, let's just
acknowledge the breakage.

3 months agoman: do not say that isolate is like switching runlevels
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 07:03:58 +0000 (09:03 +0200)] 
man: do not say that isolate is like switching runlevels

We need to do better here, but for now let's at least not trick
users into nuking their graphical environment. Inspired by #16548.

3 months agoMerge pull request #16557 from keszybz/two-ci-fixes
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 13:24:46 +0000 (15:24 +0200)] 
Merge pull request #16557 from keszybz/two-ci-fixes

Two ci fixes

3 months agotest: clarify that ordered_set_put() returns -EEXIST if entry is duplicated
Yu Watanabe [Thu, 23 Jul 2020 12:28:53 +0000 (21:28 +0900)] 
test: clarify that ordered_set_put() returns -EEXIST if entry is duplicated

3 months agomeson: do not choke on time epoch when there are no git tags 16557/head
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 10:23:58 +0000 (12:23 +0200)] 
meson: do not choke on time epoch when there are no git tags

github ci was failing with:

meson.build:685:16: ERROR: String '' cannot be converted to int

3 months agosemaphore: pull in tree explicitly
Zbigniew Jędrzejewski-Szmek [Thu, 23 Jul 2020 10:17:15 +0000 (12:17 +0200)] 
semaphore: pull in tree explicitly

semaphoreci was failing with:
Can't exec "tree": No such file or directory at /tmp/autopkgtest-lxc.v9oand4g/downtmp/build.TIm/src/test/udev-test.pl line 1752.

https://semaphoreci.com/systemd/systemd/branches/pull-request-16551/builds/1

3 months agoupdate NEWS
Lennart Poettering [Thu, 23 Jul 2020 08:01:40 +0000 (10:01 +0200)] 
update NEWS

3 months agoMerge pull request #16496 from DaanDeMeyer/firstboot-shell
Lennart Poettering [Thu, 23 Jul 2020 06:39:45 +0000 (08:39 +0200)] 
Merge pull request #16496 from DaanDeMeyer/firstboot-shell

firstboot: Add --root-shell option and tighten up passwd/shadow handling

3 months agoGet SOURCE_EPOCH from the latest git tag instead of NEWS
Daan De Meyer [Mon, 20 Jul 2020 19:41:48 +0000 (20:41 +0100)] 
Get SOURCE_EPOCH from the latest git tag instead of NEWS

Currently, each change to NEWS triggers a meson reconfigure that
changes SOURCE_EPOCH which causes a full rebuild. Since NEWS changes
relatively often, we have a full rebuild each time we pull from
master even if we pull semi-regularly. This is further compounded
when using branches since NEWS has a relatively high chance to
differ between branches which causes git to update the modification
time, leading to a full rebuild when switching between branches.

We fix this by using the creation time of the latest git tag instead.

3 months agoMerge pull request #16542 from keszybz/make-targets-fail-again
Lennart Poettering [Thu, 23 Jul 2020 06:37:47 +0000 (08:37 +0200)] 
Merge pull request #16542 from keszybz/make-targets-fail-again

Make targets fail again

3 months agoexecute: take ownership of more fields in ExecParameters
Lennart Poettering [Wed, 22 Jul 2020 13:18:43 +0000 (15:18 +0200)] 
execute: take ownership of more fields in ExecParameters

Let's simplify things a bit, and take ownership of more fields in
ExecParameters, so that they are automatically freed when the structure
is released.

3 months agofirstboot: Add --root-shell option 16496/head
Daan De Meyer [Tue, 21 Jul 2020 21:35:21 +0000 (22:35 +0100)] 
firstboot: Add --root-shell option

3 months agofirstboot: Tighten up passwd/shadow handling
Daan De Meyer [Tue, 21 Jul 2020 21:30:16 +0000 (22:30 +0100)] 
firstboot: Tighten up passwd/shadow handling

There are a lot of edge cases that the current implementation
doesn't handle, especially in cases where one of passwd/shadow
exists and the other doesn't exist. For example, if
--root-password is specified, we will write /etc/shadow but
won't add a root entry to /etc/passwd if there is none.

To fix some of these issues, we constrain systemd-firstboot to
only modify /etc/passwd and /etc/shadow if both do not exist
already (or --force) is specified. On top of that, we calculate
all necessary information for both passwd and shadow upfront so
we can take it all into account when writing the actual files.

If no root password options are given --force is specified or both
files do not exist, we lock the root account for security purposes.

3 months agopid1: target units can fail through dependencies 16542/head
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 13:49:29 +0000 (15:49 +0200)] 
pid1: target units can fail through dependencies

Fixes #16401.

c80a9a33d04fb4381327a69ce929c94a9f1d0e6c introduced the .can_fail field,
but didn't set it on .targets. Targets can fail through dependencies.
This leaves .slice and .device units as the types that cannot fail.

$ systemctl cat bad.service bad.target bad-fallback.service
[Service]
Type=oneshot
ExecStart=false

[Unit]
OnFailure=bad-fallback.service

[Service]
Type=oneshot
ExecStart=echo Fixing everythign!

$ sudo systemctl start bad.target
systemd[1]: Starting bad.service...
systemd[1]: bad.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: bad.service: Failed with result 'exit-code'.
systemd[1]: Failed to start bad.service.
systemd[1]: Dependency failed for bad.target.
systemd[1]: bad.target: Job bad.target/start failed with result 'dependency'.
systemd[1]: bad.target: Triggering OnFailure= dependencies.
systemd[1]: Starting bad-fallback.service...
echo[46901]: Fixing everythign!
systemd[1]: bad-fallback.service: Succeeded.
systemd[1]: Finished bad-fallback.service.

3 months agoRevert "units: drop OnFailure= from .target units"
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 10:51:15 +0000 (12:51 +0200)] 
Revert "units: drop OnFailure= from .target units"

This reverts commit c7220ca8025e8dbded36131b23a502d975c45754.

The removal was done as a reaction to the messages from systemd:
initrd-root-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd-root-device.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
initrd-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
local-fs.target: Requested dependency OnFailure=emergency.target ignored (target units cannot fail).
...
But it seems that the messages themselves are wrong, and the units were OK.

3 months agocore/job: adjust whitespace and comment
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 15:57:23 +0000 (17:57 +0200)] 
core/job: adjust whitespace and comment

3 months agotest-network: add test for duplicated IPv6Token= 16532/head
Yu Watanabe [Tue, 21 Jul 2020 00:45:11 +0000 (09:45 +0900)] 
test-network: add test for duplicated IPv6Token=

3 months agonetwork: ndisc: ignore duplicated IPv6Token=
Yu Watanabe [Tue, 21 Jul 2020 00:42:30 +0000 (09:42 +0900)] 
network: ndisc: ignore duplicated IPv6Token=

3 months agonetwork: ndisc: do not store duplicated data in Set
Yu Watanabe [Tue, 21 Jul 2020 00:09:08 +0000 (09:09 +0900)] 
network: ndisc: do not store duplicated data in Set

The Address objects in the set generated by ndisc_router_generate_addresses()
have the equivalent prefixlen, flags, prefered lifetime.
This commit makes ndisc_router_generate_addresses() return Set of
in6_addr.

3 months agoMerge pull request #16536 from poettering/time-clock-map-fixes
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 11:05:13 +0000 (13:05 +0200)] 
Merge pull request #16536 from poettering/time-clock-map-fixes

time-util: clock mapping improvements

3 months agoutil: use IN6_ARE_ADDR_EQUAL() macro
Yu Watanabe [Tue, 21 Jul 2020 00:08:48 +0000 (09:08 +0900)] 
util: use IN6_ARE_ADDR_EQUAL() macro

3 months agotest-network: drop unnecessary sleep() in NetworkdStateFileTests.test_state_file
Yu Watanabe [Mon, 20 Jul 2020 20:50:15 +0000 (05:50 +0900)] 
test-network: drop unnecessary sleep() in NetworkdStateFileTests.test_state_file

3 months agonetwork: make bus methods sync link state file
Yu Watanabe [Mon, 20 Jul 2020 20:26:06 +0000 (05:26 +0900)] 
network: make bus methods sync link state file

3 months agonetwork: introduce link_save_and_clean()
Yu Watanabe [Mon, 20 Jul 2020 20:21:28 +0000 (05:21 +0900)] 
network: introduce link_save_and_clean()

3 months agotree-wide: use siphash24_compress_string() where it is applicable
Yu Watanabe [Mon, 20 Jul 2020 19:54:37 +0000 (04:54 +0900)] 
tree-wide: use siphash24_compress_string() where it is applicable

3 months agoutil: introduce siphash24_compress_string()
Yu Watanabe [Mon, 20 Jul 2020 19:42:11 +0000 (04:42 +0900)] 
util: introduce siphash24_compress_string()

3 months agoutil: make siphash24_compress_boolean() inline
Yu Watanabe [Mon, 20 Jul 2020 19:35:56 +0000 (04:35 +0900)] 
util: make siphash24_compress_boolean() inline

This also changes the stored type from int to uint8_t in order to make
hash value endianness independent.

3 months agotest-path: decrease variable scope
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 10:12:54 +0000 (12:12 +0200)] 
test-path: decrease variable scope

3 months agotest: increase timeout for test-path
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 10:12:36 +0000 (12:12 +0200)] 
test: increase timeout for test-path

The CI occasionally fail in test-path with a timeout. test-path loads
units from the filesystem, and this conceivably might take more than
the default limit of 3 s. Increase the timeout substantially to see if
this helps.

3 months agoMerge pull request #16530 from yuwata/udev-fix-race-in-renaming-network-interface
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 09:50:09 +0000 (11:50 +0200)] 
Merge pull request #16530 from yuwata/udev-fix-race-in-renaming-network-interface

udev: fix race in renaming network interface

3 months agoMerge pull request #16407 from bluca/verity_reuse
Lennart Poettering [Wed, 22 Jul 2020 09:36:49 +0000 (11:36 +0200)] 
Merge pull request #16407 from bluca/verity_reuse

verity: re-use already open devices if the hashes match

3 months agoRevert "man: add note about systemd-vconsole-setup.service and tty as input/output"
Zbigniew Jędrzejewski-Szmek [Mon, 20 Jul 2020 06:22:45 +0000 (08:22 +0200)] 
Revert "man: add note about systemd-vconsole-setup.service and tty as input/output"

This reverts commit 0b578036301d7c3f2dab8df1f31f0121552a4e10.

From https://github.com/systemd/systemd/pull/16503#issuecomment-660212813:
systemd-vconsole-setup (the binary) is supposed to run asynchronously by udev
therefore ordering early interactive services after systemd-vconsole-setup.service
has basically no effect.

Let's remove this paragraph. It's better to say nothing than to give pointless
advice.

3 months agotest: adapt test-functions for SUSE
Elisei Roca [Tue, 21 Jul 2020 20:14:53 +0000 (22:14 +0200)] 
test: adapt test-functions for SUSE

3 months agoMerge pull request #16514 from keszybz/zstd-decompress-fix
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 08:40:19 +0000 (10:40 +0200)] 
Merge pull request #16514 from keszybz/zstd-decompress-fix

Fix coredumpctl operation with zstd-compressed journals

3 months agoMerge pull request #16540 from poettering/acl-fix
Zbigniew Jędrzejewski-Szmek [Wed, 22 Jul 2020 08:34:12 +0000 (10:34 +0200)] 
Merge pull request #16540 from poettering/acl-fix

two ACL handling fixes

3 months agoverity: re-use already open devices if the hashes match 16407/head
Luca Boccassi [Wed, 8 Jul 2020 18:57:31 +0000 (19:57 +0100)] 
verity: re-use already open devices if the hashes match

Opening a verity device is an expensive operation. The kernelspace operations
are mostly sequential with a global lock held regardless of which device
is being opened. In userspace jumps in and out of multiple libraries are
required. When signatures are used, there's the additional cryptographic
checks.

We know when two devices are identical: they have the same root hash.
If libcrypsetup returns EEXIST, double check that the hashes are really
the same, and that either both or none have a signature, and if everything
matches simply remount the already open device. The kernel will do
reference counting for us.

In order to quickly and reliably discover if a device is already open,
change the node naming scheme from '/dev/mapper/major:minor-verity' to
'/dev/mapper/$roothash-verity'.

Unfortunately libdevmapper is not 100% reliable, so in some case it
will say that the device already exists and it is active, but in
reality it is not usable. Fallback to an individually-activated
unique device name in those cases for robustness.

3 months agodm-util: use CRYPT_DEACTIVATE_DEFERRED instead of ioctl
Luca Boccassi [Tue, 14 Jul 2020 14:07:21 +0000 (15:07 +0100)] 
dm-util: use CRYPT_DEACTIVATE_DEFERRED instead of ioctl

3 months agocoredump: port to use common add_acls_for_user() 16540/head
Lennart Poettering [Tue, 21 Jul 2020 20:21:28 +0000 (22:21 +0200)] 
coredump: port to use common add_acls_for_user()

It's line-by-line the same logic, hence use the common implementation.

3 months agoacl-util: fix error handling in add_acls_for_user()
Lennart Poettering [Tue, 21 Jul 2020 20:19:17 +0000 (22:19 +0200)] 
acl-util: fix error handling in add_acls_for_user()

3 months agooffline-passwd: use chase_symlinks()
Lennart Poettering [Tue, 21 Jul 2020 14:25:45 +0000 (16:25 +0200)] 
offline-passwd: use chase_symlinks()

In case the passwd/group file is symlinked, follow things correctly.

Follow-up for: #16512
Addresses: https://github.com/systemd/systemd/pull/16512#discussion_r458073677

3 months agoupdate TODO
Lennart Poettering [Tue, 21 Jul 2020 15:46:14 +0000 (17:46 +0200)] 
update TODO

3 months agoman: update docs with the new functions and other enhancements 16514/head
Zbigniew Jędrzejewski-Szmek [Tue, 21 Jul 2020 15:16:52 +0000 (17:16 +0200)] 
man: update docs with the new functions and other enhancements

3 months agohomectl: fix warning about unused function
Zbigniew Jędrzejewski-Szmek [Sun, 19 Jul 2020 09:05:44 +0000 (11:05 +0200)] 
homectl: fix warning about unused function

../src/home/homectl-pkcs11.c:19:13: warning: ‘pkcs11_callback_data_release’ defined but not used [-Wunused-function]
   19 | static void pkcs11_callback_data_release(struct pkcs11_callback_data *data) {
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

3 months agoTODO: add entry for XZ
Zbigniew Jędrzejewski-Szmek [Sun, 19 Jul 2020 08:22:21 +0000 (10:22 +0200)] 
TODO: add entry for XZ

The docs for XZ don't seem to answer this at first blush, or maybe
I'm looking in the wrong place... This might make XZ less terribly slow,
but on the other hand, almost nobody uses it, so it doesn't matter that
much.

3 months agojournal/compress: remove loop in decompress_startswith_zstd()
Zbigniew Jędrzejewski-Szmek [Sun, 19 Jul 2020 08:18:46 +0000 (10:18 +0200)] 
journal/compress: remove loop in decompress_startswith_zstd()

This should be more efficient with no downsides. Same considerations as in the
previous commit hold.

3 months agojournal/compress: fix zstd decompression with capped output size
Zbigniew Jędrzejewski-Szmek [Sat, 18 Jul 2020 19:39:03 +0000 (21:39 +0200)] 
journal/compress: fix zstd decompression with capped output size

decompress_blob_zstd() would allocate ever bigger buffers in a loop trying to
get a buffer big enough to decompress the input data. This is wasteful, since
we can just query the size of the decompressed data from the compressed header.
Worse, it doesn't work when the output size is capped, i.e. when dst_max != 0.
If the decompressed blob happened to be bigger than dst_max, decompression
would fail with -ENOBUFS. We need to use "stream decompression" instead, and
only get min(uncompressed size, dst_max) bytes of output.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1856037 in a second way.

3 months agojournal: use -EPROTONOSUPPORT for unknown compression
Zbigniew Jędrzejewski-Szmek [Fri, 17 Jul 2020 19:51:40 +0000 (21:51 +0200)] 
journal: use -EPROTONOSUPPORT for unknown compression

We might add more compression types in the future, and we should treat that
as unsupported, and not a format error.

3 months agosd-journal: when enumerating, continue even after an inaccessible field
Zbigniew Jędrzejewski-Szmek [Fri, 17 Jul 2020 19:00:12 +0000 (21:00 +0200)] 
sd-journal: when enumerating, continue even after an inaccessible field

SD_JOURNAL_FOREACH_DATA() and SD_JOURNAL_FOREACH_UNIQUE() would immediately
terminate when a field couldn't be accessed. This can happen for example when a
field is compressed with an unavailable compression format. But it's likely
that this is the wrong thing to do: the caller for example might want to
iterate over the fields but isn't interested in all of them. coredumpctl is
like this: it uses SD_JOURNAL_FOREACH_DATA() but only uses a subset of the
fields.

Add two new functions sd_journal_enumerate_good_data() and
sd_journal_enumerate_good_unique() that retry sd_journal_enumerate_data() and
sd_journal_enumerate_unique() if the return value is something that applies to
a single field: ENOBUS, E2BIG, EOPNOTSUPP.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1856037.

An alternative would be to make the macros themselves smarter instead of adding
new symbols, and do the looping internally in the macro. I don't like that
approach for two reasons. First, it would embed the logic in the macro, so
recompilation would be required if we decide to update the logic. With the
current version of the patch, recompilation is required to use the new symbols,
but after that, library upgrades are enough. So the current approach is safer
in case further updates are needed. Second, our headers use primitive C, and it
is hard to do the macros without using newer features.

3 months agouser-util: indentation fix
Lennart Poettering [Tue, 21 Jul 2020 07:56:21 +0000 (09:56 +0200)] 
user-util: indentation fix

3 months agocore: don't acquire dual timestamp needlessly if we don't need it in .timer handling 16536/head
Lennart Poettering [Tue, 21 Jul 2020 15:33:19 +0000 (17:33 +0200)] 
core: don't acquire dual timestamp needlessly if we don't need it in .timer handling

Follow-up for: 26698337f3842842af51cd007485f1dcd7c43cf2

3 months agotest: add basic test for clock mapping
Lennart Poettering [Tue, 21 Jul 2020 15:33:36 +0000 (17:33 +0200)] 
test: add basic test for clock mapping

3 months agotime-util: rework clock conversion logic
Lennart Poettering [Tue, 21 Jul 2020 15:30:49 +0000 (17:30 +0200)] 
time-util: rework clock conversion logic

Let's split this out into its own helper function we can reuse at
various places.

Also, let's avoid signed values where we can so that we can cover more
of the available time range.

3 months agoupdate NEWS
Lennart Poettering [Tue, 21 Jul 2020 14:24:41 +0000 (16:24 +0200)] 
update NEWS

3 months agoMerge pull request #16504 from poettering/read-file-ipc
Lennart Poettering [Tue, 21 Jul 2020 12:16:32 +0000 (14:16 +0200)] 
Merge pull request #16504 from poettering/read-file-ipc

fileio: teach read_full_file() the ability to read data from AF_UNIX stream socket

3 months agoimport: always prefer GNU tar, to avoid cmdline incompatibilities
Lennart Poettering [Tue, 21 Jul 2020 09:13:54 +0000 (11:13 +0200)] 
import: always prefer GNU tar, to avoid cmdline incompatibilities

Fixes: #16506

3 months agofileio: add brief explanations for flags 16504/head
Lennart Poettering [Tue, 21 Jul 2020 08:19:34 +0000 (10:19 +0200)] 
fileio: add brief explanations for flags

3 months agotree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various places
Lennart Poettering [Fri, 17 Jul 2020 10:58:19 +0000 (12:58 +0200)] 
tree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various places

Let's use the new flag wherever we read key material/passphrases/hashes
off disk, so that people can plug in their own IPC service as backend if
they like, easily.

(My main goal was actually to support this for crypttab key files — i.e.
that you can specify AF_UNIX sockets as third column in crypttab — but
that's harder to implement, since the keys are read via libcryptsetup's
API, not ours.)

3 months agofileio: allow to read base64/hex data as strings
Lennart Poettering [Fri, 17 Jul 2020 10:57:00 +0000 (12:57 +0200)] 
fileio: allow to read base64/hex data as strings

There's really no reason to prohibit this, hence don't.

3 months agofileio: add support for read_full_file() on AF_UNIX stream sockets
Lennart Poettering [Fri, 17 Jul 2020 10:26:01 +0000 (12:26 +0200)] 
fileio: add support for read_full_file() on AF_UNIX stream sockets

Optionally, teach read_full_file() the ability to connect to an AF_UNIX
socket if the specified path points to one.

3 months agofileio: add explicit flag for generating world executable warning when reading file
Lennart Poettering [Fri, 17 Jul 2020 09:53:22 +0000 (11:53 +0200)] 
fileio: add explicit flag for generating world executable warning when reading file

3 months agoMerge pull request #16519 from yuwata/networkctl-altnames
Zbigniew Jędrzejewski-Szmek [Tue, 21 Jul 2020 07:10:00 +0000 (09:10 +0200)] 
Merge pull request #16519 from yuwata/networkctl-altnames

networkctl: tiny cleanups about alternative names

3 months agoMerge pull request #16353 from yuwata/network-dns-sni
Zbigniew Jędrzejewski-Szmek [Tue, 21 Jul 2020 06:06:17 +0000 (08:06 +0200)] 
Merge pull request #16353 from yuwata/network-dns-sni

resolve, network: more SNI and port number support

3 months agoudev: drop unnecessary checks 16530/head
Yu Watanabe [Tue, 21 Jul 2020 02:39:44 +0000 (11:39 +0900)] 
udev: drop unnecessary checks

Also, drop one unnecessary sd_device_unref(), as dev_db_clone will be
unref()ed in udev_event_free().

3 months agoudev: save ID_RENAMING= property to database before renaming network interface
Yu Watanabe [Tue, 21 Jul 2020 02:29:06 +0000 (11:29 +0900)] 
udev: save ID_RENAMING= property to database before renaming network interface

3 months agonetwork: update one log message
Yu Watanabe [Tue, 21 Jul 2020 01:33:57 +0000 (10:33 +0900)] 
network: update one log message

3 months agotest: run systemd-dissect and systemd-run with log level debug in TEST-50-DISSECT
Luca Boccassi [Mon, 20 Jul 2020 15:43:18 +0000 (16:43 +0100)] 
test: run systemd-dissect and systemd-run with log level debug in TEST-50-DISSECT

3 months agologind: Fix org.freedesktop.login1.set-reboot-to-boot-loader-menu saving to the wrong...
Hans de Goede [Mon, 20 Jul 2020 13:06:43 +0000 (15:06 +0200)] 
logind: Fix org.freedesktop.login1.set-reboot-to-boot-loader-menu saving to the wrong file in the non EFI case

According to the docs, and to the
org.freedesktop.login1.get-reboot-to-boot-loader-menu code, the
(oneshot) boot-loader-menu timeout should be stored in
/run/systemd/reboot-to-boot-loader-menu, but the set method was storing it
in /run/systemd/reboot-to-loader-menu.

This commit fixes this. Note that the fixed name also is a better match
for the dbus call names and matches the related
/run/systemd/reboot-to-boot-loader-entry structure, so fixing the set code,
rather then the get code + docs seems like the right thing to do here.

3 months agobus: use bus_log_connect_error to print error message
fangxiuning [Mon, 20 Jul 2020 11:20:52 +0000 (19:20 +0800)] 
bus: use bus_log_connect_error to print error message

3 months agoman: update explanation about the format to specify DNS servers 16353/head
Yu Watanabe [Sun, 19 Jul 2020 04:57:51 +0000 (13:57 +0900)] 
man: update explanation about the format to specify DNS servers

3 months agoresolvectl: use bus_message_read_in_addr_auto()
Yu Watanabe [Sun, 19 Jul 2020 03:43:39 +0000 (12:43 +0900)] 
resolvectl: use bus_message_read_in_addr_auto()

3 months agonetwork, resolve: use bus_message_read_ifindex() or friends
Yu Watanabe [Sun, 19 Jul 2020 03:32:21 +0000 (12:32 +0900)] 
network, resolve: use bus_message_read_ifindex() or friends

3 months agoutil: introduce bus_message_read_ifindex()
Yu Watanabe [Sun, 19 Jul 2020 03:07:27 +0000 (12:07 +0900)] 
util: introduce bus_message_read_ifindex()

3 months agoutil: introduce bus_mesage_read_dns_servers()
Yu Watanabe [Sun, 19 Jul 2020 02:32:18 +0000 (11:32 +0900)] 
util: introduce bus_mesage_read_dns_servers()

3 months agoutil: introduce helper functions to read in_addr from bus message
Yu Watanabe [Sun, 19 Jul 2020 01:57:04 +0000 (10:57 +0900)] 
util: introduce helper functions to read in_addr from bus message

3 months agoutil: drop duplicated inclusion of sd-bus.h
Yu Watanabe [Sun, 19 Jul 2020 01:43:04 +0000 (10:43 +0900)] 
util: drop duplicated inclusion of sd-bus.h