networkd-tests.py: remove some java-style boilerplate
A class was used to put some utility functions under a namespace. But then this
namespace was inherited into classes, so the namespace split was undone. Let's
just define those functions in the module namespace.
(The Utilities class with a few functions still remain, because of the
unittest-style self.assert* craziness.)
networkd-tests.py: add helpers to common subprocess call patterns
For normal shell calls, python syntax is quite verbose. We don't need to punish
ourselves like that. In some places we would fork a shell to do argument splitting
for us. We know that our arguments can be safely split on whitespace, so let's do
that ourselves in all cases, without forking a shell.
We also expect command output to be valid text, so let's always set
universal_newlines=True.
This makes things shorter and easier to read. Development is also easier because
it's possible to paste many of the commands directly to/from a shell.
udevadm trigger: log errors and return first failure
When udevadm trigger is called, the list of devices to trigger is always
generated through enumeration, and devices can come and go, so we should not
treat -ENOENT as a failure. But other types of failure should be logged.
It seems they were logged until baa30fbc2c04b23209d0b8fb3c86cd15ef9ea81a.
Also, return the first error. (I'm not sure if there are other failure modes
which we want to ignore. If they are, they'll need to be whitelisted like
-ENOENT.).
We'd get a warning on every nspawn invocation:
dev-hugepages.mount: unit configures an IP firewall, but the local system does not support BPF/cgroup firewalling.
(This warning is only shown for the first unit using IP firewalling.)
Before the previous commit, I'd generally get a warning about systemd-udev.service, even though that service is
not started in containers. But are still many other units which that declare a
firewall, which is currently unsupported in containers. Let's stop warning
about this.
The warning is still emitted e.g. if legacy cgroups are used. This is something
that can be configured, so it makes more sense to emit the warning.
Move warning about unsupported BPF firewall right before the firewall would be created
There's no need to warn about the firewall when parsing, because the unit might
not be started at all. Let's warn only when we're actually preparing to start
the firewall.
This changes behaviour:
- the warning is printed just once for all unit types, and not once
for normal units and once for transient units.
- on repeat warnings, the message is not printed at all. There's already
detailed debug info from bpf_firewall_compile(), so we don't need to repeat
ourselves.
- when we are not root, let's say precisely that, not "lack of necessary privileges"
and "the local system does not support BPF/cgroup firewalling".
It was impossible to view systemd.nspawn(5), because systemd-nspawn(1) was matched
also, and happened to be earlier in the list. The solution in this patch is pretty
crude, but is should be enough for our purposes, since we don't have any regexp
special characters in man page names except for the dot.
busctl: always prefix bus error message with local string
The message we get from the bus can be pretty bare-bones, and the user might be
confused which operation failed. Since we don't control the other side, let's
prefix the remote message with an informative prefix.
sd-bus: improve bus error message for uknown properties
"Unknown interface or property." →
"Unknown interface org.freedesktop.network1.Link or property BitRates."
(I don't think the quotes are necessary. Dbus names have pretty strict rules.)
networkctl: log quietly if we fail to get bit rates
If we query older networked, they will be missing. This is not an error.
Also, make the error more informative, because the bus error itself might
be just "Unknown interface or property" which is not enough to understand
what is going on.
The reasoning for the change that added this is wrong, explained below:
> According to TCG EFI Protocol Specification for TPM 2.0 family,
> all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
> shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
> EFI TCG 2.0 final events table.
This is correct and a valid reading of the TCG spec.
> Hence, it is necessary to trigger the internal switch through calling
> get_event_log() in order to allow to retrieve the logs from OS runtime.
However, this reasoning is incorrect. The "EFI TCG 2.0 final events
table" exists to allow the OS Runtime to get TCG events created during
or after the call to ExitBootServices. If systemd-boot didn't call
trigger_tcg2_final_events_table(), the call to HashLogExtendEvent will
write the event to the normal events table (i.e. the same place the
PCR 0 - 7 related events are written). Then the OS can obtain these
systemd-boot events in the same way it obtains normal events, via a
call to GetEventLog().
Tested on amd64 w/ TPM2 using the newest Linux kernel patches that
get the TPM2 formatted log:
https://www.lkml.org/lkml/2019/5/20/1590
I confirmed that this change still lets the OS runtime obtain the log
entries created by systemd-boot.
This does the following:
- rename enum udev_builtin_cmd -> UdevBuiltinCmd
- rename struct udev_builtin -> UdevBuiltin
- move type definitions to udev-rules.h
- move prototypes of functions defined in udev-rules.c to udev-rules.h
- drop to use strbuf
- propagate critical errors in applying rules,
- drop limitation for number of tokens per line.
This makes the output slightly "lighter" visually. min/max are well-established
forms, so there's no risk of misunderstanding. Also, not using title-case looks
a bit better.
coredump: fixed bug - some coredump temp files could be lost
If the machine was suddenly shutted down (hard reboot for example) while
processing core dump, temp files created manually (not with a O_TEMPFILE flag)
stay in the system. After reboot systemd-coredump treat them as usual files, so
they wouldn't be rotated and shall pollute the filesystem.
Solution is to simply add those temp files to systemd-tmpfiles configs.
This reverts commit 8688c29b5aece49805a244676cba5bba0196f509, but leaves the
reproducer. Structured assignment should be enough to fully initialize the
variable and new0 is not necessary.
The buffer retrieved from memstream has the size that the same as the written
data. When we write do write(f, s, strlen(s)), then no terminating NUL is written,
and the buffer is not (necessarilly) a proper C string.
projects / thirdparty / systemd.git / log
