udevadm-control: check if control command really specified
Previously, 'udevadm control' only checked the number of the arguments.
So, if only `--timeout` is specified, it spuriously did nothing and succeeded.
This makes the command request at least one control command.
units: order repart after systemd-tpm2-setup-early.service
This mimics what we do for systemd-cryptsetup@.service (see
src/shared/generator.c), and makes sense since repart might lock up the
root volume against a TPM, which ideally has its SRK already set up by
then.
More importantly though, this ensures that we ordered correctly after
tpm2.target (which systemd-tpm2-setup-early.service has a dependency
on), for systems where the TPM drivers are not compiled into the kernel.
* fix error
* remove options that are no longer supported
* add missing options
* stop completion if an option `--help` or `--version` is supplied
[[[
zjs: a note for the reader:
zshcompsys(1) in the section about optspecs in _arguments says:
> Each of the forms above may be preceded by a list in parentheses of option names and argument num‐
> bers. If the given option is on the command line, the options and arguments indicated in parentheses
> will not be offered. For example, ‘(-two -three 1)-one:...' completes the option ‘-one'; if this ap‐
> pears on the command line, the options -two and -three and the first ordinary argument will not be
> completed after it. ‘(-foo):...' specifies an ordinary argument completion; -foo will not be com‐
> pleted if that argument is already present.
>
> Other items may appear in the list of excluded options to indicate various other items that should
> not be applied when the current specification is matched: a single star (\*) for the rest arguments
> (i.e. a specification of the form ‘\*:...'); a colon (:) for all normal (non-option-) arguments; and a
> hyphen (-) for all options. For example, if ‘(\*)' appears before an option and the option appears on
> the command line, the list of remaining arguments (those shown in the above table beginning with
> ‘\*:') will not be completed.
The intended effect of the change is to remove irrelevant completion matches from the completion.
As it breaks relative links to other pages. For example, the
BOOT_LOADER_INTERFACE page has a relative link to
AUTOMATIC_BOOT_ASSESSMENT. With a slash in the page's permalink, that
link leads to:
We have various tools that log directly to the console, as well as
pid1 which logs directly to the console when running in a container.
Let's make sure that we don't log debug messages to the console by
default, but keep the behavior when running in CI.
mkosi just learned to do natively what we currently do with environment
variables and a postinst script, so let's update to the latest version
and start using the new settings instead.
Mike Yuan [Sat, 13 Apr 2024 14:42:22 +0000 (22:42 +0800)]
core/execute: also check cg_is_threaded for clone3()
Prompted by #32259
We already have this check in exec_invoke(), i.e. child.
But if CLONE_INTO_CGROUP is used, the failure would
occur on parent's side, so do the check there too.
fuzz: check that resource records are serialized successfully
It shouldn't fail at that point.
It's prompted by the "Structure needs cleaning" thing that keeps popping
up in various places like
https://github.com/systemd/systemd/pull/30952#discussion_r1553181309 and
https://github.com/systemd/systemd/issues/31708.
test: add instructions on how to run Coverity locally
This requires a Coverity license, so the usefulness of the instructions
is somewhat limited, but at least I won't have to re-discover everything
from scratch when I need to debug something Coverity-related again in the
future.
meson: do not fail build with newer kernel headers
systemd-255 is failing a build with the latest kernel headers… Let's downgrade
this warning, because it's fine if there's a file system we don't know about
and it makes thing less brittle if we don't treat this as a hard error.
(I initially conditionalized this on BUILD_MODE, but I don't think we need a
hard error there either. A warning will be noticed and fixed.)
From RFC 4861 section 6.3.4:
> Note, however, that a Prefix Information option with the on-link flag
> set to zero conveys no information concerning on-link determination and
> MUST NOT be interpreted to mean that addresses covered by the prefix
> are off-link.
So, we should not drop previously configured routes when receieved a RA
with Prefix Information option without on-link flag.
Ludwig Nussel [Mon, 8 Apr 2024 09:07:10 +0000 (11:07 +0200)]
nsresourced: don't redefine of bpf_rdonly_cast
bpf_rdonly_cast() was introduced in libbpf commit 688879f together with
the definition of a bpf_core_cast macro. So use that one to avoid
defining a prototype for bpf_rdonly_cast;
network/ndisc: fix verification of sender of Redirect message
The sender must be the first-hop router of the destination. Previously,
we only accepted Redirect messages whose sender is the current default
router with the highest priority.
network/ndisc: drop ndisc_request_redirect_route()
It is now called by only ndisc_redirect_handler(), and the check in
ndisc_request_redirect_route() is redundant and already done by
ndisc_redirect_verify_sender().
network/ndisc: redirect routes do not have lifetime
Hence, ndisc_router_update_redirect() does nothing. Let's remove it.
Also, ndisc_request_route() does not set lifetime for the route, it is
not necessary to set the third argument.
network/ndisc: do not set per-route MTU and hop limit
Setting MTU announced in RA message to routes is problematic, as the
value may be larger than the device MTU (IFLA_MTU), and in such case the
route cannot be used.
These two properties are now set per-interface, and gracefully handled
such invalid cases. Hence not necessary to set them to each route.
test: make sd-journal-gatewayd tests even more debug-able
Unfortunately bfd30e8af6 is not enough and the test fails, that still
occasionally occur, don't provide enough information to see what's
wrong. Let's rework the test a little to improve this, namely:
- redirect curl's output into a temporary file instead of piping it
directly into the "check" expression; that way we can simply dump
the temporary file when the test fails, providing potentially
crucial information. We don't want to always dump everything to
stdout, as some of the tests request an entire system journal (note
that shell redirection instead of `curl -o file` is used
intentionally, so the output file is always nuked first)
- by dropping the pipes in curl commands we can re-enable pipefail
- also, split some very long commands to multiple lines to (slightly)
improve readability
test: make the output of TEST-69 less painful to read
The logs from TEST-69 still contain a lot of unnecessary shell
metacharacters, so to make the output more readable let's just set
TERM=dumb, instead of having to strip everything semi-manually. Also,
move the related --background= tweak to TEST-69, since it's relevant
only for that particular test.
This also fixes bugs in the previous code where we pass the server
object as userdata to sd_event_add_signal which means that sd-event
tries to use the value of the server pointer as its exit code when
a signal is triggered.
test: PROJECT_FILE macro cannot be used in generated code
If the build directory is outside of the source tree, ASSERT_XYZ()
triggers the following warning:
===
[20/569] Compiling C object test-hashmap.p/meson-generated_.._src_test_test-hashmap-ordered.c.o
In file included from ../../home/watanabe/git/systemd/src/basic/macro.h:399,
from ../../home/watanabe/git/systemd/src/basic/alloc-util.h:10,
from src/test/test-hashmap-ordered.c:5:
src/test/test-hashmap-ordered.c: In function ‘test_ordered_hashmap_get’:
../../home/watanabe/git/systemd/src/basic/log.h:216:27: warning: offset ‘32’ outside bounds of constant string [-Warray-bounds=]
216 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../home/watanabe/git/systemd/src/basic/log.h:238:24: note: in expansion of macro ‘log_full_errno_zerook’
238 | (void) log_full_errno_zerook(level, 0, fmt, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~
../../home/watanabe/git/systemd/src/basic/log.h:248:28: note: in expansion of macro ‘log_full’
248 | #define log_error(...) log_full(LOG_ERR, __VA_ARGS__)
| ^~~~~~~~
../../home/watanabe/git/systemd/src/shared/tests.h:251:25: note: in expansion of macro ‘log_error’
251 | log_error("%s:%i: Assertion failed: expected \"%s\" to be NULL, but \"%p\" != NULL", \
| ^~~~~~~~~
src/test/test-hashmap-ordered.c:614:9: note: in expansion of macro ‘ASSERT_NULL’
614 | ASSERT_NULL(r);
| ^~~~~~~~~~~
===