Michael Biebl [Thu, 16 Dec 2021 18:18:28 +0000 (19:18 +0100)]
test: record missing openssl as a failure
The openssl binary is an optional dependency.
If systemd has been built with OpenSSL support, we want to test its
OpenSSL functionality.
So record a failure message in /failed if the binary is missing.
See https://github.com/systemd/systemd/pull/21724#issuecomment-992707614
Daan De Meyer [Tue, 14 Dec 2021 16:09:08 +0000 (17:09 +0100)]
kernel-install: Introduce KERNEL_INSTALL_MACHINE_ID in /etc/machine-info
If KERNEL_INSTALL_MACHINE_ID is defined in /etc/machine-info, prefer it
over the machine ID from /etc/machine-id. If a machine ID is defined in
neither /etc/machine-info nor in /etc/machine-id, generate a new UUID
and try to write it to /etc/machine-info as KERNEL_INSTALL_MACHINE_ID
and use it as the machine ID if writing it to /etc/machine-info succeeds.
In practice, this means we have a more robust fallback if there's no
machine ID in /etc/machine-id than just using "Default" and allows
image builders to force kernel-install to use KERNEL_INSTALL_MACHINE_ID
by simply writing it to /etc/machine-info themselves.
Frantisek Sumsal [Thu, 16 Dec 2021 10:59:09 +0000 (11:59 +0100)]
test: settle before checking logs
Otherwise we might miss the "Device path too long" message:
```
[ 21.083274] testsuite-64.sh[374]: swapoff /dev/vda1
[ 21.089841] testsuite-64.sh[376]: ++ mktemp
[ 21.095115] testsuite-64.sh[271]: + logfile=/tmp/tmp.a1MULA35wL
[ 21.095115] testsuite-64.sh[271]: + journalctl -b -q --no-pager -o short-monotonic -p info --grep 'Device path.*vda.?'\'' too long to fit into unit name'
...
[ 21.277360] systemd[1]: testsuite-64.service: Main process exited, code=exited, status=1/FAILURE
[ 21.277508] systemd[1]: testsuite-64.service: Failed with result 'exit-code'.
...
[ 21.323500] systemd[1]: Device path '/sys/devices/pci0000:00/0000:00:03.0/0000:01:00.0/0000:02:00.0/0000:03:00.0/0000:04:00.0/0000:05:00.0/0000:06:00.0/0000:07:00.0/0000:08:00.0/0000:09:00.0/0000:0a:00.0/0000:0b:00.0/0000:0c:00.0/0000:0d:00.0/0000:0e:00.0/0000:0f:00.0/0000:10:00.0/0000:11:00.0/0000:12:00.0/0000:13:00.0/0000:14:00.0/0000:15:00.0/0000:16:00.0/0000:17:00.0/0000:18:00.0/0000:19:00.0/0000:1a:00.0/virtio0/block/vda/vda1' too long to fit into unit name, ignoring device.
meson: drop three more single-use convenience libraries
The way that the cryptsetup plugins were built was unnecessarilly complicated.
We would build three static libraries that would then be linked into dynamic
libraries. No need to do this.
While at it, let's use a convenience library to avoid compiling the shared code
more than once.
We want the output .so files to be located in the main build directory,
like with all consumable build artifacts, so we need to maintain the split
between src/cryptsetup/cryptsetup-token/meson.build and the main meson.build
file.
AFAICT, the build artifacts are the same: exported and undefined symbols are
identical. There is a tiny difference in size, but I think it might be caused
by a different build directory name.
meson: drop convenience library that was only used in one place
It doesn't make much sense to do this, the result is very similar to including
to objects directly in the output binary without going through an intermediate
target.
The linkage of test-libudev was rather strange too: udev_link_with is used to
allow udev to be linked to a static version of libshared, so that udev is not
linked to libshared.so. But here we were using both, defeating the purpose of
udev_link_with. I don't think it matters what the test is linked to, so let's
use the non-static linkage to save space.
meson: stop building out convenience libraries by default
The meson default for static_library() are:
build_by_default=true, install=false. We never interact with the
static libraries, and we only care about them as a stepping-stone towards
the installable executables or libraries. Thus let's only build them if
they are a dependency of something else we are building.
While at it, let's drop install:false, since this appears to be the default.
This change would have fixed the issue with lib_import_common failing
to build too: we wouldn't attempt to build it.
In practice this changes very little, because we generally only declare static
libraries where there's something in the default target that will make use of
them. But it seems to be a better pattern to set build_by_default to false.
Use a 'convenience library' to do the compilation once and then link the
objects into all the files that need it. Those files are small, so this probably
doesn't matter too much for speed, but has the advantage that we don't get the
same error four times if something goes wrong.
The library is conditionalized in the same way importd itself, because we
cannot build it without the deps.
man: split out a paragraph and shorten the text about sd-network-generator
The ordering of the service wrt. to udevd is enforced by unit configuration,
so no need to tell the user about this. From users' POV, the only thing that
counts is that the unit is enabled and then the right thing happens.
units: enable systemd-network-generator by default
It is used by udevd and networkd. Since udevd is enabled statically, let's also
change the preset to "on". networkd is opt-in, so let's pull in the generator
when enabling networkd too.
Daan De Meyer [Wed, 15 Dec 2021 17:23:15 +0000 (18:23 +0100)]
journal: Stop reading in increments of block size during hole punching
Let's not try to be overly clever here. This code path is not overly
performance sensitive and we should avoid trying to outsmart the kernel
without proper benchmarking.
Daan De Meyer [Wed, 15 Dec 2021 17:18:25 +0000 (18:18 +0100)]
journal: Correctly advance offset when iterating hash table entries
pread() is not guaranteed to completely fill up the given buffer with
data which we assumed until now. Instead, only increment the offset by
the number of bytes that were actually read.
tree-wide: make FOREACH_DIRENT_ALL define the iterator variable
The variable is not useful outside of the loop (it'll always be null
after the loop is finished), so we can declare it inline in the loop.
This saves one variable declaration and reduces the chances that somebody
tries to use the variable outside of the loop.
For consistency, 'de' is used everywhere for the var name.
Daan De Meyer [Wed, 15 Dec 2021 12:58:24 +0000 (13:58 +0100)]
kernel-install: Remove "Default" from list of suffixes checked
This was an undocumented change in behavior introduced by 9e82a74cb0f08a288f9db228a0b5bec8a7188cdb. Previously, we only
checked for "Default" if we didn't find a machine ID. Let's make
sure we keep the previous behavior intact.
resolved: filter out our own stub resolvers when parsing servers
We get "upstream" dns server config from ~three places: /etc/resolv.conf,
config files, and runtime config via dbus. With this commit, we'll filter out
our own stub listeners if they are configured in either of the first two
sources. For /etc/resolv.conf this is done quitely, and for our own config
files, a LOG_INFO message is emitted, since this is a small inconsistency in
the config.
Setting loops like this over dbus is still allowed. The reason is that in the
past we didn't treat this as an error, and if we were to start responding with
an error, we could break a scenario that worked previously. E.g. NM sends us a
list of servers, and one happens to be the our own. We would just not use that
stub server before, but it'd still be shown in the dbus properties and such.
We would have to return error for the whole message, also rejecting the other
valid servers. I think it's easier to just keep that part unchanged.
Test case:
$ ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 57 Dec 15 10:26 /etc/resolv.conf
$ cat /etc/resolv.conf
nameserver 192.168.150.1
options edns0 trust-ad
search .
$ cat /etc/systemd/resolved.conf.d/stub.conf
[Resolve]
DNSStubListenerExtra=192.168.150.1
$ resolvectl
...
Global
resolv.conf mode: foreign
DNS Servers: 192.168.150.1
Fallback DNS Servers: ...
(with the patch):
Global
resolv.conf mode: foreign
Fallback DNS Servers: ...
journactl: show info about journal range only at debug level (#21775)
The message that the "journal begins … ends …" has been always confusing to
users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even
more confusing, but really the change in b91ae210e62 didn't substantially change
this.)
When the range shown is limited (by -e, -f, --since, or other options), it
doesn't really matter to the user what the oldest entries are, since they are
purposefully limiting the range. In fact, if we are showing the last few
entries with -e or -f, knowing that many months the oldest entries have is
completely useless.
And when such options are *not* used, the first entry generally corresponds to
the beginning of the range shown, and the last entry corresponds to the end of
that range. So again, it's not particularly useful, except when debugging
journalctl or such. Let's just treat it as a debug message.
hostnamectl: add a chassis symbol in status output
The idea is to be able to distinguish whether we're in a VM/container or something
more substantial at a glance.
Chassis: laptop 💻
Chassis: tablet 具
Chassis: vm 🖴
Chassis: server 🖳
Chassis: handset 🕻
Chassis: watch ⌚
Chassis: desktop 🖥
Chassis: container ☐
Nishal Kulkarni [Tue, 14 Dec 2021 08:43:13 +0000 (14:13 +0530)]
shell-completion: Add completion for systemd-analyze critical-chain
systemd-analyze critical-chain accepts an optional unit argument,
however currently there's no shell-completion for it
This change provides unit name completion for both bash and zsh.
Sho Iizuka [Mon, 13 Dec 2021 13:53:36 +0000 (22:53 +0900)]
man: how to unset CPUQuota=
This description will help users who are trying to reset the already configured
CPUQuota= by trying incorrect ways such as CPUQuota=0 or CPUQUota=infinity.
The approach may be good enough for link scopes. However, for the
manager / global scope, it is not. First of all, there are more than
one types (SYSTEM and FALLBACK) of servers it can use. Also, whether
those of type FALLBACK should be used depends.
Besides, dns_scope_good_domain() determines whether things should
be routed to a scope by checking whether the scope has a server.
The decision made would be incorrect if stubs were not filtered
beforehand.
Therefore, to avoid failing query unnecessarily, and to make sure
that extra stub listeners will not trigger unexpected and/or
inconsistent behavior, make manager_get_dns_server() do what it
should have done.
Luca Boccassi [Sun, 12 Dec 2021 23:42:58 +0000 (23:42 +0000)]
test: bump timeout for TEST-50-DISSECT and TEST-67-INTEGRITY
TEST-67-INTEGRITY times out quite often, and when it passes
it does so a few seconds short of the timeout. It's a slow
qemu test, so bump the timeout.
TEST-50-DISSECT has been reported to fail in the same way
on Debian's infrastructure, again narrowly failing or passing
just short of the timeout.
igo95862 [Sat, 11 Dec 2021 10:59:17 +0000 (13:59 +0300)]
Disable exporting D-Bus Introspection XML if cross-compiling
This is a soft disable. Passing `dbus-interfaces-dir` build option
will with path or 'yes' enable exports again even when cross
compiling. (maybe your environment will allow to execute
cross compiled binaries)
Jarkko Sakkinen [Sat, 11 Dec 2021 04:39:59 +0000 (06:39 +0200)]
Enable /dev/sgx_vepc access for the group 'sgx'
Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs
to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU
6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for
VMs. EPC is the reserved physical memory used for hosting enclaves.
Jan Janssen [Thu, 2 Dec 2021 12:07:23 +0000 (13:07 +0100)]
boot: Add BCD store parser
This replaces the memmem-based approach of finding a suitable title
for the windows boot manager with one that actually parses the BCD
store. It's probably faster but more importantly, it's more correct.
The memmem approach may detect stale title strings that are still
in the file but unused due to the way registry hives are updated.
This approach also allows us to detect if the BCD store is multi-boot
so that we can fall back on the generic one instead.
Jan Janssen [Sat, 11 Dec 2021 12:47:21 +0000 (13:47 +0100)]
meson: Fix gnu-efi detection for clang
The gnu-efi headers emit some warnings in clang when not compiled with
-ffreestanding. This is normally not an issue for has_header_symbol()
unless meson is run with CFLAGS="-Werror". Note that this differs
from the --werror option, which does not get passed to clang.
Work around this by adding some compile args to the has_header_symbol()
invocation.
Topi Miettinen [Tue, 7 Dec 2021 20:34:17 +0000 (22:34 +0200)]
namespace: allow overriding /run with a TemporaryFileSystem=
Lower priority of RUN, so that TMPFS and especially the mount flags given with
`TemporaryFileSystem=` are used.
This allows making `/run` private with drop-ins such as:
```
[Service]
BindReadOnlyPaths=/run/systemd:/run/systemd:norbind
TemporaryFileSystem=/run:nodev,noexec,nosuid,rw,size=32k,nr_inodes=10,mode=0755
```
Adrian Vovk [Wed, 8 Dec 2021 02:21:40 +0000 (21:21 -0500)]
stub: Load credentials from \loader\credentials\*.cred
Some types of credentials that a user would want to pass
into the initrd do not depend on the specific kernel/initrd
version. For instance, this can include SSH keys, rootfs
encryption keys, dm-integrity keys, and so on. This
introduces a directory where such credentials can be placed
so that any kernel image will load them
Yu Watanabe [Fri, 10 Dec 2021 11:07:35 +0000 (20:07 +0900)]
test: addresses shell check warning
This fixes the following warning:
-----
In /github/workspace/test/units/testsuite-62.sh line 39:
KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"