Yu Watanabe [Mon, 8 Aug 2022 13:03:35 +0000 (22:03 +0900)]
sd-device-enumerator,monitor: fix sysattr match
Previously, if sd_device_enumerator_add_match_sysattr() is called for
the same sysattr with different values, then no device passed the filter.
Now, the accepted values (or patterns) are stored in strv, and if the
sysattr value of a device matches with the strv, then the device passes
the filter.
undef [Sat, 6 Aug 2022 05:47:03 +0000 (05:47 +0000)]
shared/generator: Ensure growfs unit runs after repart
When deploying an image using systemd-repart and systemd-growfs one
should have the image expanded entirely and ready to use after the first
boot. This ensures that growfs does not occur before repart, thus
requiring a second boot.
In sd-netlink, we use 'type' for naming many variables with different type,
and worst of all, function like `type_get_type()` exists. That makes the
code hard to understood.
Let's rename
- NLType -> NLAPolicy
- NLTypeSystem -> NLAPolicySet
- NLTypeSystemUnion -> NLAPolicySetUnion
- type_get_type() -> policy_get_type()
- type_get_type_system() -> policy_get_policy_set(), and so on.
This also changes the type of attribute taken by e.g.
`sd_netlink_message_append_string()` from `unsigned short` -> `uint16_t`
to make the variable size clearer.
David Rheinsberg [Wed, 29 Jun 2022 11:37:40 +0000 (13:37 +0200)]
bus: use inline trace argument for ANONYMOUS auth
Rather than using a separate DATA round to transmit the trace-string of
the ANONYMOUS authentication scheme, transmit it inline as argument.
This requires a refactor of the client-side SASL parser, as we now have
a different set of replies depending on the mode used.
This fixes an issue where libdbus-1 does not query for trace-strings if
not transmit inline as AUTH-ANONYMOUS argument. It is unclear from the
wording of the spec whether this is a violation by libdbus-1. However,
we can work around it by simply changing our mode of transmittal.
So far the --help text and the man page of journactl were mostly a large
pile of options shown next to each other. Let's add some basic
structure, and group switches by sections such as "Filtering Options",
"Output Options" and so on.
Do this the same way in the --help text and in the man page.
Since this moves everything around anyway, I also opted to rebreak all
paragraphs in the man page. This makes the patch larger than necessary,
but given that this whole patch doesn't really change contents besides
section titles I figured this would be OK.
When multiple devices have the same devlink, then
adding/updating/removing one of the device may cause syspath change.
Fixes the following issue in
https://github.com/systemd/systemd/issues/23208#issue-1217909746
> the above shows an inconsistency between udev's and systemd's handling
> of the two different devices having the same alias. While udev replaces
> the by-uuid symlink which now points to sdh1 rather than sdd1, systemd
> keeps the previous mapping to sdd1 and emits a warning. This is not the
> problem cause but worth mentioning.
network: also check SR-IOV PF port and other VF ports before configuring
When a PF port becomes down (this can happens e.g. the PF port is joining
a bond interface), some drivers make its VF ports also become down, and
may cause failures in configuring VF ports.
Similary, when a VF port become down, some drivers make its PF port and
other VF ports down.
Let's configure SR-IOV ports (both PF and VFs) after all link-layer
settings of all ports being applied.
Jonas Witschel [Wed, 25 May 2022 12:06:44 +0000 (14:06 +0200)]
cryptsetup: test unlocking using a TPM2 LUKS2 token plugin with a PIN
Test the functionality implemented in the previous commit ("cryptsetup: ask for
PIN when trying to activate using a LUKS2 token plugin"): when "tpm2-device" is
not specified, systemd-cryptsetup calls crypt_activate_by_token_pin() to try to
unlock using a LUKS2 token plugin, test whether this is able to obtain the
provided PIN.
Jonas Witschel [Wed, 25 May 2022 12:06:12 +0000 (14:06 +0200)]
cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().
This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
Jonas Witschel [Fri, 5 Aug 2022 09:11:54 +0000 (11:11 +0200)]
cryptsetup-token-systemd-fido2: use crypt_normalize_pin
Use the helper function introduced in the previous commit ("cryptsetup:
implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 token") for
cryptsetup-token-systemd-tpm2.
Note that the previous implementation took a shortcut by returning EOPNOTSUPP
instead of the correct ENOANO as per the cryptsetup documentation. This meant
that systemd-cryptsetup fell back to the non-plugin implementation in order to
ask for the PIN. Since this does not happen any more when returning ENOANO, we
need to ask for the PIN in attach_luks2_by_tpm2_via_plugin() instead like
attach_luks2_by_fido2_via_plugin() does.
Yu Watanabe [Sat, 14 May 2022 21:31:17 +0000 (06:31 +0900)]
core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
Before this commit, when a .mount unit file is loaded, the device
dependencies from the unit file are automatically added. If a device
that is different from which specified in .mount unit file is mounted
on the path, then the device dependencies about the device are also added.
Hence, the unit has device dependencies about two (or more) different
devices. Hence, if one of the devices are unplugged, even if another one
is mounted on the path, then the path is unmounted.
This commit makes device dependencies from two different sources
exclusive, and always regenerate the dependencies when one of the
information is updated.
Yu Watanabe [Sat, 14 May 2022 20:49:01 +0000 (05:49 +0900)]
core/mount: also remove default deps from /proc/self/mountinfo when it is updated
The dependencies tagged with UNIT_DEPENDENCY_MOUNTINFO_DEFAULT depend
on both /proc/self/mountinfo and corresponding .mount unit file.
Hence, if some information from mountinfo is updated, e.g. device mounted
on the path, we need to update the dependencies.
Yu Watanabe [Fri, 13 May 2022 03:30:04 +0000 (12:30 +0900)]
core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
When the function mount_setup_new_unit() is called, the corresponding
.mount unit file is not loaded. Hence, Mount.from_fragment is false.
To add default dependencies to e.g. .device units, it is necessary that
the Mount.from_proc_self_mountinfo flag is set. However, the flag was
not set even the unit has information from /proc/self/mountinfo.
Michal Sekletar [Wed, 1 Jun 2022 08:15:06 +0000 (10:15 +0200)]
scope: allow unprivileged delegation on scopes
Previously it was possible to set delegate property for scope, but you
were not able to allow unprivileged process to manage the scope's cgroup
hierarchy. This is useful when launching manager process that will run
unprivileged but is supposed to manage its own (scope) sub-hierarchy.
test: skip the relevant test case if systemd-measure is not present
systemd-measure is not built without gnu-efi, which is the case, for
example, on ppc64le. Let's skip the relevant test case in this case
instead of failing.
```
The Meson build system
Version: 0.58.2
...
Host machine cpu family: ppc64
Host machine cpu: ppc64le
...
Message: Skipping systemd-measure.1 because HAVE_GNU_EFI is false
...
[ 115.711775] testsuite-70.sh[745]: + cat
[ 115.741996] testsuite-70.sh[832]: + /usr/lib/systemd/systemd-measure calculate --linux=/tmp/tpmdata1 --initrd=/tmp/tpmdata2
[ 115.754015] testsuite-70.sh[833]: + cmp - /tmp/result
[ 115.758004] testsuite-70.sh[832]: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh: line 56: /usr/lib/systemd/systemd-measure: No such file or directory
[ 115.773851] testsuite-70.sh[833]: cmp: EOF on - which is empty
[ 115.983681] sh[835]: + systemctl poweroff --no-block
```
Daan De Meyer [Wed, 3 Aug 2022 09:37:17 +0000 (11:37 +0200)]
repart: Only lock block device once
Let's lock the backing fd instead of locking/unlocking multiple
times when doing multiple operations with repart. It doesn't make
much sense for anything else to touch the block device while there
are still repart operations pending on it. By keeping the lock over
the full duration of repart, we avoid anything else from interfering
with the block device inbetween operations.
Luca Boccassi [Wed, 3 Aug 2022 17:41:13 +0000 (18:41 +0100)]
integritysetup: do not use crypt_init_data_device after crypt_init
crypt_init_data_device() replaces the crypt_device struct with a
new allocation, losing the old one, which we get from crypt_init().
Use crypt_set_data_device() instead.
This command takes a mountpoint, unmounts it and makes sure the
underlying partition devices and block device are removed before
exiting.
To mirror the --mount operation, we also add a --rmdir option which
does the opposite of --mkdir, and a -U option which is a shortcut
for --umount --rmdir.
test: optionally wait a bit when checking the mount unit
On fast systems we might race against systemd and check the mount unit
after mounting it way too early before systemd had a chance to react to
the change.
```
[ 4.677701] H systemd[1]: Event source 0x210b3b0 (mount-monitor-dispatch) entered rate limit state.
...
[ 4.863731] H testsuite-64.sh[812]: + mount /logsysfsRxx
[ 4.865918] H kernel: EXT4-fs (vda2): mounted filesystem with ordered data mode. Opts: (null)
[ 4.866213] H testsuite-64.sh[812]: + systemctl status /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: ○ logsysfsRxx.mount - /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: Loaded: loaded (/etc/fstab; generated)
[ 4.877502] H testsuite-64.sh[919]: Active: inactive (dead)
[ 4.877502] H testsuite-64.sh[919]: Where: /logsysfsRxx
[ 4.877502] H testsuite-64.sh[919]: What: /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.877502] H testsuite-64.sh[919]: Docs: man:fstab(5)
[ 4.877502] H testsuite-64.sh[919]: man:systemd-fstab-generator(8)
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Processing implicit device dependencies
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Added Requires dependency on /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.877502] H testsuite-64.sh[919]: Aug 03 10:10:10 H systemd[1]: logsysfsRxx.mount: Added StopPropagatedFrom dependency on /dev/disk/by-uuid/deadbeef-dead-dead-beef-222222222222
[ 4.895683] H sh[920]: + systemctl poweroff --no-block
[ 4.906533] H systemd[1]: Found unit logsysfsRxx.mount at /run/systemd/generator/logsysfsRxx.mount (regular file)
[ 4.906594] H systemd[1]: Preset files don't specify rule for logsysfsRxx.mount. Enabling.
[ 4.906990] H systemd[1]: testsuite-64.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED
[ 4.907057] H systemd[1]: testsuite-64.service: Failed with result 'exit-code'.
[ 4.907287] H systemd[1]: Failed to start testsuite-64.service.
[ 4.955293] H systemd[1]: Starting end.service...
[ 4.955736] H systemd-logind[809]: The system will power off now!
[ 4.955868] H systemd-logind[809]: System is powering down.
[ 4.975781] H systemd[1]: Event source 0x210b3b0 (mount-monitor-dispatch) left rate limit state.
[ 4.975821] H systemd[1]: logsysfsRxx.mount: Processing implicit device dependencies
[ 4.975857] H systemd[1]: logsysfsRxx.mount: Added Requires dependency on /dev/vda2
[ 4.975893] H systemd[1]: logsysfsRxx.mount: Added StopPropagatedFrom dependency on /dev/vda2
[ 4.975928] H systemd[1]: Unit blockdev@dev-vda2.target has alias blockdev@.target.
[ 4.975967] H systemd[1]: logsysfsRxx.mount: Added After dependency on /dev/vda2
[ 4.976081] H systemd[1]: logsysfsRxx.mount: Changed dead -> mounted
```
James Hilliard [Mon, 1 Aug 2022 01:11:47 +0000 (01:11 +0000)]
bpf: fix is_allow_list section
The llvm bpf compiler appears to place const volatile variables in
a non-standard section which creates an incompatibility with the gcc
bpf compiler.
To fix this force GCC to also use the rodata section.
Note this does emit an assembler warning:
Generating src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o with a custom command
/tmp/ccM2b7jP.s: Assembler messages:
/tmp/ccM2b7jP.s:87: Warning: setting incorrect section attributes for .rodata
Fixes:
../src/core/restrict-ifaces.c:45:14: error: ‘struct
restrict_ifaces_bpf’ has no member named ‘rodata’; did you mean
‘data’?
45 | obj->rodata->is_allow_list = is_allow_list;
| ^~~~~~
| data
Loïc Collignon [Wed, 3 Aug 2022 09:42:28 +0000 (11:42 +0200)]
Fix 24172: __STDC_VERSION__ may be defined in C++
According to the C++ ISO standard, a conformant compiler is allowed to
define this macro to any value for any reason as it is implementation
defined: https://timsong-cpp.github.io/cppwp/cpp.predefined#2.3
This mean that it cannot be assumed that it is not defined in a C++.
Change the condition to reflect that.
This patch adds support for enrolling secure boot boot keys from sd-boot.
***DANGER*** NOTE ***DANGER***
This feature might result in your device becoming soft-brick as outlined
below, please use this feature carefully.
***DANGER*** NOTE ***DANGER***
If secure-boot-enrollment is set to no, then no action whatsoever is performed,
no matter the files on the ESP.
If secure boot keys are found under $ESP/loader/keys and secure-boot-enrollment
is set to either manual or force then sd-boot will generate enrollment entries
named after the directories they are in. The entries are shown at the very bottom
of the list and can be selected by the user from the menu. If the user selects it,
the user is shown a screen allowing for cancellation before a timeout. The enrollment
proceeds if the action is not cancelled after the timeout.
Additionally, if the secure-boot-enroll option is set to 'force' then the keys
located in the directory named 'auto' are going to be enrolled automatically. The user
is still going to be shown a screen allowing them to cancel the action if they want to,
however the enrollment will proceed automatically after a timeout without
user cancellation.
After keys are enrolled, the system reboots with secure boot enabled therefore, it is
***critical*** to ensure that everything needed for the system to boot is signed
properly (sd-boot itself, kernel, initramfs, PCI option ROMs).
This feature currently only allows loading the most simple set of variables: PK, KEK
and db.
The files need to be prepared with cert-to-efi-sig-list and then signed with
sign-efi-sig-list.
Here is a short example to generate your own keys and the right files for
auto-enrollement.
`
keys="PK KEK DB"
uuid="{$(systemd-id128 new -u)}"
for key in ${keys}; do
openssl req -new -x509 -subj "/CN=${key}/ -keyout "${key}.key" -out "${key}.crt"
openssl x509 -outform DER -in "${key}.crt" -out "${key}.cer"
cert-to-efi-sig-list -g "${uuid}" "${key}.crt" "${key}.esl.nosign"
done
Once these keys are enrolled, all the files needed for boot ***NEED*** to be signed in
order to run. You can sign the binaries with the sbsign tool, for example:
Einsler Lee [Tue, 2 Mar 2021 12:21:21 +0000 (20:21 +0800)]
main: reopen /dev/console for user service manager
Now the console_fd of user service manager is 2. Even if LogTarget=console is set in /etc/systemd/user.conf,there is no log in the console.
This reopen the /dev/console, so the log of user service can be output in the console.
repart: when keeping ref to backing inode/devnode, use fd_reopen() rathern than F_DUPFD
Via the "backing_fd" variable we intend to pin the backing inode through
our entire code. So far we typically created the fd via F_DUPFD_CLOEXEC,
and thus any BSD lock taken one the original fd is shared with our
backing_fd reference. And if the origina fd is closed but our backing_fd
is not, we'll keep the BSD lock open, even if we then reopen the block
device through the backing_fd. If hit, this results in a deadlock.
Let's fix that by creating the backing_fd via fd_reopen(), so that the
locks are no longer shared, and if the original fd is closed all BSD
locks on it that are in effect are auto-released.
(Note the deadlock is only triggered if multiple operations on the same
backing inode are executed, i.e. factory reset, resize and applying of
partitions.)
Calling fd_is_mountpoint() with AT_EMPTYPATH and an empty filename can
only work if we have new statx() available. If we do not, we can still
make things work for directories, but not for other inodes (since there
we cannot query information about the parent inode to compare things.)
Hence, let's handle and test this explicitly, to support this to the
level this is possible.
test: install libgcc_s.so.1 explicitly if available
Since the library is dlopen()ed by libpthread and required during
pthread_exit()/pthread_cancel(), let's install it explicitly if available to
avoid unexpected fails in tests. This also consolidates all related
workarounds for this library across the test scripts.
Daan De Meyer [Tue, 2 Aug 2022 09:51:40 +0000 (11:51 +0200)]
mkosi: Update to latest commit
With this update, Arch Linux keyring updates will be automatically
pulled in instead of having to update to a new mkosi commit every
time the keyring gets outdated.
projects / thirdparty / systemd.git / log
