We have various tools that log directly to the console, as well as
pid1 which logs directly to the console when running in a container.
Let's make sure that we don't log debug messages to the console by
default, but keep the behavior when running in CI.
mkosi just learned to do natively what we currently do with environment
variables and a postinst script, so let's update to the latest version
and start using the new settings instead.
test: add instructions on how to run Coverity locally
This requires a Coverity license, so the usefulness of the instructions
is somewhat limited, but at least I won't have to re-discover everything
from scratch when I need to debug something Coverity-related again in the
future.
meson: do not fail build with newer kernel headers
systemd-255 is failing a build with the latest kernel headers… Let's downgrade
this warning, because it's fine if there's a file system we don't know about
and it makes thing less brittle if we don't treat this as a hard error.
(I initially conditionalized this on BUILD_MODE, but I don't think we need a
hard error there either. A warning will be noticed and fixed.)
From RFC 4861 section 6.3.4:
> Note, however, that a Prefix Information option with the on-link flag
> set to zero conveys no information concerning on-link determination and
> MUST NOT be interpreted to mean that addresses covered by the prefix
> are off-link.
So, we should not drop previously configured routes when receieved a RA
with Prefix Information option without on-link flag.
Ludwig Nussel [Mon, 8 Apr 2024 09:07:10 +0000 (11:07 +0200)]
nsresourced: don't redefine of bpf_rdonly_cast
bpf_rdonly_cast() was introduced in libbpf commit 688879f together with
the definition of a bpf_core_cast macro. So use that one to avoid
defining a prototype for bpf_rdonly_cast;
network/ndisc: fix verification of sender of Redirect message
The sender must be the first-hop router of the destination. Previously,
we only accepted Redirect messages whose sender is the current default
router with the highest priority.
network/ndisc: drop ndisc_request_redirect_route()
It is now called by only ndisc_redirect_handler(), and the check in
ndisc_request_redirect_route() is redundant and already done by
ndisc_redirect_verify_sender().
network/ndisc: redirect routes do not have lifetime
Hence, ndisc_router_update_redirect() does nothing. Let's remove it.
Also, ndisc_request_route() does not set lifetime for the route, it is
not necessary to set the third argument.
network/ndisc: do not set per-route MTU and hop limit
Setting MTU announced in RA message to routes is problematic, as the
value may be larger than the device MTU (IFLA_MTU), and in such case the
route cannot be used.
These two properties are now set per-interface, and gracefully handled
such invalid cases. Hence not necessary to set them to each route.
test: make sd-journal-gatewayd tests even more debug-able
Unfortunately bfd30e8af6 is not enough and the test fails, that still
occasionally occur, don't provide enough information to see what's
wrong. Let's rework the test a little to improve this, namely:
- redirect curl's output into a temporary file instead of piping it
directly into the "check" expression; that way we can simply dump
the temporary file when the test fails, providing potentially
crucial information. We don't want to always dump everything to
stdout, as some of the tests request an entire system journal (note
that shell redirection instead of `curl -o file` is used
intentionally, so the output file is always nuked first)
- by dropping the pipes in curl commands we can re-enable pipefail
- also, split some very long commands to multiple lines to (slightly)
improve readability
test: make the output of TEST-69 less painful to read
The logs from TEST-69 still contain a lot of unnecessary shell
metacharacters, so to make the output more readable let's just set
TERM=dumb, instead of having to strip everything semi-manually. Also,
move the related --background= tweak to TEST-69, since it's relevant
only for that particular test.
This also fixes bugs in the previous code where we pass the server
object as userdata to sd_event_add_signal which means that sd-event
tries to use the value of the server pointer as its exit code when
a signal is triggered.
test: PROJECT_FILE macro cannot be used in generated code
If the build directory is outside of the source tree, ASSERT_XYZ()
triggers the following warning:
===
[20/569] Compiling C object test-hashmap.p/meson-generated_.._src_test_test-hashmap-ordered.c.o
In file included from ../../home/watanabe/git/systemd/src/basic/macro.h:399,
from ../../home/watanabe/git/systemd/src/basic/alloc-util.h:10,
from src/test/test-hashmap-ordered.c:5:
src/test/test-hashmap-ordered.c: In function ‘test_ordered_hashmap_get’:
../../home/watanabe/git/systemd/src/basic/log.h:216:27: warning: offset ‘32’ outside bounds of constant string [-Warray-bounds=]
216 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../home/watanabe/git/systemd/src/basic/log.h:238:24: note: in expansion of macro ‘log_full_errno_zerook’
238 | (void) log_full_errno_zerook(level, 0, fmt, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~
../../home/watanabe/git/systemd/src/basic/log.h:248:28: note: in expansion of macro ‘log_full’
248 | #define log_error(...) log_full(LOG_ERR, __VA_ARGS__)
| ^~~~~~~~
../../home/watanabe/git/systemd/src/shared/tests.h:251:25: note: in expansion of macro ‘log_error’
251 | log_error("%s:%i: Assertion failed: expected \"%s\" to be NULL, but \"%p\" != NULL", \
| ^~~~~~~~~
src/test/test-hashmap-ordered.c:614:9: note: in expansion of macro ‘ASSERT_NULL’
614 | ASSERT_NULL(r);
| ^~~~~~~~~~~
===
libsystemd-network: do not trigger assertion by sd_*_is_running() with NULL
If systemd is built with developer mode, previously they trigger
hard assertions. Even built with release mode, we should not log about
that. Let's silently accept NULL and return false.
Prompted by https://github.com/systemd/systemd/pull/32166#issuecomment-2044710151.
git: Add post-rewrite hook that invokes git submodule update
git rebase does not support a --recurse-submodules switch to automatically
check out the submodules at their registered commits during or after a rebase.
Instead, let's use the post-rewrite git hook to do this ourselves.
secure-boot: tighten enrollment logic a bit regarding file sizes
It's OK the dbx file is not loaded, but let's explicitly check for that
(i.e. if the buffer is actually non-NULL), rather than the size of the
bufer, since empty files actually do exist.
Or in other words, let's not magically suppress enrollment of empty
files, but let uefi firmware handle these on their own.
sd-journal: make sure sd_journal_add_match() also accepts SIZE_MAX as size
In many of our internal functions that take a pointer + a size we have
introduced the rule that SIZE_MAX as size means: take strlen().
sd_journal_add_match() has something similar, but the special value is
0, not SIZE_MAX. This is a bit ugly, since a zero size data block is
theoretically fine. The only reason sd_journal_add_match() gets away
with using this special value is because valid matches must consist of
at least 2 chars, hence cannot be zero.
But let's make this more robust and less surprising when compared to the
rest of our code, and *also* accept SIZE_MAX to mean strlen().
If we try to deserialize only a pidfd that points to a process that
has been reaped, creating the pidref object will fail, which means that
we'll try to create a pidref object from the serialized pid that comes
next. If the pid has already been reused, this will succeed and we'll
now have a pidref that points to a different process.
Let's avoid this issue by serializing both the pidfd and the pid and
creating the pidref object directly from both. This means we'll reuse
the deserialized pidfd instead of opening a new one. We'll then immediately
notice the pidfd is dead and do the appropriate follow up depending on
the unit type.
network/sysctl: round IPv6 MTU with the current device MTU rather than the maximum MTU
Otherwise, writing IPv6 MTU may fail.
This also makes link_set_ipv6_mtu() take log level about rounding IPv6 MTU,
and downgrade the log level from LOG_WARNING -> LOG_INFO, as we usually
use LOG_WARNING for per-interface critical failure.
The timeout on sd-resolved's side is 5-10s (UDP or TCP), but dig's
default timeout is 5s. Let's give sd-resolved enough time to timeout
before either giving up or checking if it served stale data on dig's
side.
test: let curl show a potential error in silent mode
I collected a couple of fails in this particular test, but without any
output they're impossible to debug. Let's make this slightly less
annoying and let curl show an error (if any) even in silent mode.
This patch uncovers that curl has been (silently) complaining about not
being able to write to the output destination, because `grep -q`
short-circuits on the first match and doesn't bother reading the rest,
so replace `grep -q` with `grep ... >/dev/null` to force grep to always
read the whole thing from curl.
test: forward journal to console in TEST-24-CRYPTSETUP
If we fail to mount the encrypted /var during boot we're left with
nothing to debug, so let's do the same thing we do for TEST-08-INITRD
and forward journal to the console.
network/address-generation: regenerate IPv6 prefix stable address on conflict
If a generated address with IPv6Token=prefixstable conflicts with the
one on another node or interface, let's generate another address and try
to assign it.
tree-wide: make sure net/if.h is included before any linux/ header
The linux/ headers include linux/libc-compat.h that makes sure the
linux/ headers won't redeclare symbols already declared by net/if.h, but
glibc's net/if.h doesn't do that, so if the include order is reversed
we'll end up with a bunch of errors about redeclared stuff:
This also drops remaining workarounds from the last time this issue was
brought up (6f270e6bd8) since they shouldn't be needed anymore if the
order of the includes is the "correct" one. I also added a comment to
each affected include when this is inevitably encountered again in the
future.