Luca Boccassi [Tue, 23 Jun 2020 10:45:50 +0000 (11:45 +0100)]
make-autosuspend-rules: restore compatibility with Python3 < 3.6
The f'...' format was introduced in Python 3.6 ( https://www.python.org/dev/peps/pep-0498/ )
and returns an error when systemd is built on a system with an older Python3 version:
<...>
File /home/bluca/git/systemd/tools/make-autosuspend-rules.py, line 15
print(f'pci:v{vendor:08X}d{device:08X}*')
^
SyntaxError: invalid syntax
[2/388] Generating version.h with a custom command.
ninja: build stopped: subcommand failed.
$ python3 --version
Python 3.5.6
Use an older format to keep backward compatibility.
Previously we'd used the existance of a specific AF_UNIX socket in the
abstract namespace as lock for disabling lookup recursions. (for
breaking out of the loop: userdb synthesized from nss → nss synthesized
from userdb → userdb synthesized from nss → …)
I did it like that because it promised to work the same both in static
and in dynmically linked environments and is accessible easily from any
programming language.
However, it has a weakness regarding reuse attacks: the socket is
securely hashed (siphash) from the thread ID in combination with the
AT_RANDOM secret. Thus it should not be guessable from an attacker in
advance. That's only true if a thread takes the lock only once and
keeps it forever. However, if a thread takes and releases it multiple
times an attacker might monitor that and quickly take the lock
after the first iteration for follow-up iterations.
It's not a big issue given that userdb (as the primary user for this)
never released the lock and we never made the concept a public
interface, and it was only included in one release so far, but it's
something that deserves fixing. (moreover it's a local DoS only, only
permitting to disable native userdb lookups)
With this rework the libnss_systemd.so.2 module will now export two
additional symbols. These symbols are not used by glibc, but can be used
by arbitrary programs: one can be used to disable nss-systemd, the other
to check if it is currently disabled.
The lock is per-thread. It's slightly less pretty, since it requires
people to manually link against C code via dlopen()/dlsym(), but it
should work safely without the aforementioned weakness.
This just adds a _cleanup_ helper call encapsulating dlclose().
This also means libsystemd-shared is linked against libdl now. I don't
think this is much of an issue, since libdl is part of glibc anyway, and
anything from exotic. It's not an optional part of the OS (think: NSS
requires dynamic linking), hence this pulls in no deps and is almost
certainly loaded into all process' memory anyway.
Revert "cgroup: Allow empty assignments of Memory{Low,Min}="
This reverts commit 53aa85af24cda4470b6750f88e181b775385e228.
The reason is that that patch changes the dbus api to be different than
the types declared by introspection api.
At least Fedora and Debian have already reverted this at the distro
level because it causes more problems than it solves. Arch is debating
reverting it as well [0] but would strongly prefer that this happens
upstream first. Fixes #15188.
Benjamin Berg [Tue, 23 Jun 2020 08:44:50 +0000 (10:44 +0200)]
xdg-autostart: Ignore all files with GNOME autostart phase
If an autostart file for GNOME has a phase specified, then this implies
it is a session service that needs to be started at a specific time.
We have no way of handling the ordering, and while it does make sense
to explicitly hide these services with X-systemd-skip, there is no point
in even trying to handle them.
nspawn: mkdir selinux mount point once, but not twice
Since #15533 we didn't create the mount point for selinuxfs anymore.
Before it we created it twice because we mount selinuxfs twice: once the
superblock, and once we remount its bind mound read-only. The second
mkdir would mean we'd chown() the host version of selinuxfs (since
there's only one selinuxfs superblock kernel-wide).
The right time to create mount point point is once: before we mount the
selinuxfs. But not a second time for the remount.
наб [Thu, 18 Jun 2020 23:55:09 +0000 (01:55 +0200)]
man/sd-makefs: link to btrfs.wiki.kernel.org for btrfs-man5, since the man-pages link is dead
This also adds a <citerefentry project="url"> type,
since the other btrfs manpages use man-pages/die-net and are alive,
and btrfs.w.k.o won't be used anywhere else
tools: rewrite make-autosuspend-rules.py and add udev rules
Concatenating strings is not a very efficient approach. And in this case fully
unnecessary. We also need some rules to make use of those hwdb entries.
PCI needs to be 8 characters, not 4. And we need to use uppercase hexadecimal
for both. With udev rules this made no difference, but hwdb match is case
sensitive.
ignapk [Fri, 19 Jun 2020 06:29:59 +0000 (08:29 +0200)]
man: add note regarding editing user groups
Currently the manual doesn't clearly say whether `homectl update username -G group` will append the group to the user, or overwrite the list and remove user from the groups that aren't specified.
Fix this by updating the manual, basing the change on the usermod manual.
resolved: drop bit-field annotations for fields in Manager
Access to bit fields is less efficient, and since the Manager is a singleton,
a byte or two of space in the structure doesn't matter at all. (And in this
particular case, because of alignment issues, we wouldn't save anything
anyway.)
We said that ~domains "do not define a search path", which is mighty confusing,
because this is exactly what they do. So let's try to make this a bit easier
for the reader: start by saying that there are two things going on here, and
describe each one from user's POV.
udev: do not execute hwdb builtin import twice or thrice
Running the import more than once shouldn't matter, but it's a bit confusing
and causes a slowdown too. This patch reworks the rules to avoid duplicted runs,
but tries to keep the same imports. (E.g. import for pci devices without MODALIAS
is only done for tty devices.)
Note that this is only about hwdb import with argument, which uses MODALIAS as
the lookup key. There are other imports done with different lookup keys.
Paul Cercueil [Mon, 15 Jun 2020 10:54:28 +0000 (12:54 +0200)]
sd-boot: Add small comments after device-specific key macros
The key macros added in commit 6fe95d3020 look strange at first sight.
Add a comment with just the tablet name after each line, so that it's
obvious that these lines address device-specific issues of the EFI
firmware, and not broken/old code.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
network: clean-up DHCP lease server data configuration
This is an attempt to clean up the POP3/SMTP/LPR/… DHCP lease server
data logic in networkd. This reduces code duplication and fixes a number
of bugs.
This removes any support for collecting POP3/SMPT/LPR servers acquired
via local DHCP client releases since noone uses that, and given how old
these protocols are I doubt this will change. It keeps support for
configuring them for the dhcp server however.
The differences between the DNS/NTP/SIP/POP3/SMTP/LPR configuration
logics are minimized.
This removes the relevant symbols from sd-network.h (which is an
internal API only at this point after all).
This is unfortunately not well test, given the old code for this had
barely any tests. But the new code should not perform worse at least,
and allow us to release, since it corrects some interfaces visible in
the .network configuration format.
Luca Boccassi [Mon, 15 Jun 2020 18:50:56 +0000 (19:50 +0100)]
efi: use stub for cache_efi_options_variable if !ENABLE_EFI
../src/core/main.c: In function 'main':
../src/core/main.c:2637:32: error: implicit declaration of function 'cache_efi_options_variable'; did you mean 'systemd_efi_options_variable'? [-Werror=implicit-function-declaration]
(void) cache_efi_options_variable();
^~~~~~~~~~~~~~~~~~~~~~~~~~
systemd_efi_options_variable
Strictly speaking this is a compat breakage, but given the tool was
added only in the last release, let's try to sail under the radar, and
fix this early before anyone notices it wasn't supported always.
Kai-Heng Feng [Thu, 11 Jun 2020 13:32:12 +0000 (21:32 +0800)]
hwdb: Mask rfkill event from intel-hid on HP platforms
HP spec mandates the hp-wireless driver as canonical source of rfkill
event, so mask the rfkill event from intel-hid to avoid double rfkill
events fired from a single hotkey press.
Paul Cercueil [Sun, 14 Jun 2020 10:51:36 +0000 (12:51 +0200)]
sd-boot: Work around malformed CR key code
When a key is pressed, the EFI firmware gives us a 64-bit word that
contains the modifier key code in the upper 32 bits, the scan code in
the middle 16 bits, and a unicode character in the low 16 bits.
Some bogus EFI firmwares will put the unicode character in the scan code
area, for instance on the EZpad mini 4s tablet.
Others will even put the unicode character in both the scan code and
unicode areas. This is the case for instance on the Teclast X98+ II
tablet.
Add workarounds for these corner cases, only for the carriage return key
right now. Some more workarounds may be needed, e.g. for volume keys,
but I cannot test it.
Partially fixes #8466.
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
This page should be in section 8, like all .service descriptions.
Also extend the text a bit to make it clearer that systemd --user is the same
executable but running in a different mode (which might be certainly a bit
confusing to users.)
efi: Skip parsing SystemdOptions if there's an error getting it.
The original logic was logging an "ignored" debug message, but it was still
going ahead and calling proc_cmdline_parse_given() on the NULL line. Fix that
to skip that explicitly when the EFI variable wasn't really read.
man: Document the crypttab keyfile syntax specifying a device
Feature introduced in 50d2eba27b9bfc77ef6b40e5721713846815418b. Also documented
as part of the kernel parameter syntax in systemd-cryptsetup-generator(8), but
should also be documented here as part of the overall file syntax.
Tomáš Pospíšek [Sun, 14 Jun 2020 08:43:06 +0000 (10:43 +0200)]
Improve message for scheduled shutdown or reboot
Depending on if the system has been scheduled for shutdown or for reboot pring the corresponding message (and not only "Shutdown"). Prtinting the "wrong" message when rebooting will mislead and panic people. I get these messages via cron from remote servers and it would be bad if those systems actually *did* shut down, as the email from cron is telling me. Those messages cause an adrenalin spike in our team, which wouldn't happen, if the message was "correct"