pretty-print: enable stdio buffering while outputting progress bar
Writing the progress bar so far was irritatingly slow, which was caused
by the fact that the various things we output so far resulted in one
write() syscall each because STDERR is unbuffered by default.
Let's fix that, and temporarily turn on full buffering for stderr,
restoring the normal unbuffered output right after.
This makes progress bar print visibly more efficient (and flicker free
too, since terminals no longer will move the cursor around during
output).
../src/shared/loop-util.c: In function ‘loop_configure_fallback’:
../src/shared/loop-util.c:237:31: error: ‘LOOP_SET_BLOCK_SIZE’ undeclared (first use in this function); did you mean ‘LOOP_SET_DIRECT_IO’?
if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) c->block_size) < 0)
^~~~~~~~~~~~~~~~~~~
LOOP_SET_DIRECT_IO
Nick Rosbrook [Fri, 14 Jun 2024 21:31:22 +0000 (17:31 -0400)]
man: add a bit of a warning to systemd-tmpfiles --purge
Mention that by default, /home is managed by tmpfiles.d/home.conf, and
recommend that users run systemd-tmpfiles --dry-run --purge first to
see exactly what will be removed.
pcrlock: move event_log_reduce_to_safe_pcrs() down a bit
Let's keep the verb_lock_xyz() and verb_unlock_xyz() calls together, and
move event_log_reduce_to_safe_pcrs() which so far was in betwee them all
further down closer to where the function is actually used.
pcrlock: don't override conf_root parameter for boot_entry_token_ensure()
if we pass NULL boot_entry_token_ensure() will use its own default,
which is the same as what we passed so far explicitly, hence let's make
use of that.
vmspawn: report "systemd-vmspawn" as "service" to machined
The "service" field that one is supposed to pass to machine is supposed
to indicate the implementation of the client, not the service unit the
client runs in (which is typically even a scope unit, not a system
unit). Hence fix that, and make it closely match what systemd-nspawn
does.
copy: rework how we determine the number of bytes to copy in copy_bytes_full()
Let's freshly calculate "m" on each iteration and always start with the maximum
size we can. If sendfile() is used we must adhere to its limit of
SSIZE_MAX minus the current offset. Otherwise we can copy more, i.e.
SSIZE_MAX without any restrictions.
Also, if we get too close to having copied SSIZE_MAX, let's turn off
sendfile() for the rest.
iovec-util: add exported constant empty but valid (i.e. non-NULL) iovec
Also, make sure the NUL byte iovec becomes an exported constant too.
This is better than the previous situation where this was a macro
resolving to a compount expression, since the lifetime of the expression
is limited to its invoking scope. By turning this into a proper variable
the lifetime becomes unbounded, which makes it easier to use in various
scenarios, such as "if" blocks.
Kamil Szczęk [Fri, 7 Jun 2024 14:48:41 +0000 (16:48 +0200)]
cryptsetup: manual FIDO2 PIN, UP and UV configuration
When in FIDO2 mode with manual parameters, i.e. when not reading the
parameters off the LUKS2 header, the current behavior in regards to PIN,
UP and UV features is to default to v248 logic, where we use PIN + UP
when needed, and do not configure UV at all. Let's allow users to
configure those features in manual mode too.
varlinkctl: tell user we are expecting method call parameters on STDIN
When calling a method and the user hasn't provided any method call
parameters on the command line we expect them on stdin instead. This
might be confusing for people using varlinkctl for the first time, since
omitting the parameters will just throw you at a blinking cursor.
Let's be a bit more helpful, and show a friendly message when we are
connected to a TTY (i.e. run interactively).
In some recent PRs (e.g. #32628) I started to systematically name return
parameters that shall only be initialized on failure (because they carry
additional error meta information, such as the line/column number of
parse failures or so). Let's make this official in the coding style.
For putting together "varlinkctl call" command lines it's useful to
quickly enumerate all methods implemented by a service. Hence, let's add
a new "list-methods" which uses the introspection data of a service to
quickly list methods.
This is implemented as a special flavour of the "introspect" logic,
and just suppresses all output except for the method names.
varlinkctl: make interface argument to "introspect" optional, and allow more than one
let's make it easier to use the introspection functionality of
"varlinkctl": if no interface name is shown, display the introspection
data of all available interfaces. Moreover, allow that multiple
interfaces can be listed, in which case we enumerate them all.
This relieves the user from having to list interfaces first in order to
find the ones which to introspect.
The flag is fairly generic these days and just selects a slightly
stricter validation, with details depending on the selected dispatch
function. Hence, let's give it more precise name, in particular one that
mirrors the SD_JSON_RELAXED flag nicely (which does the opposite:
relaxes parsing)
This is preparation for making our Varlink API a public API. Since our
Varlink API is built on top of our JSON API we need to make that public
first (it's a nice API, but JSON APIs there are already enough, this is
purely about the Varlink angle).
I made most of the json.h APIs public, and just placed them in
sd-json.h. Sometimes I wasn't so sure however, since the underlying data
structures would have to be made public too. If in doubt I didn#t risk
it, and moved the relevant API to src/libsystemd/sd-json/json-util.h
instead (without any sd_* symbol prefixes).
The kernel patch
https://lore.kernel.org/linux-usb/20240605153340.25694-1-gmazyland@gmail.com/
is now in net-next branch, and will be hopefully merged soon.
Note that Debian's 73-usb-net-by-mac.link now also supports the kernel patch:
https://salsa.debian.org/systemd-team/systemd/-/commit/c1afbb2dc295929085be86072c7942c8517ec598
So, hopefully, the change is ready. Let's reapply it.
creds-util: fix "weak" vs. "secure" display for tmpfs/noswap backed credentials
When we display passed credentials we show a brief safety level based on
how the credential is pass in: if it's backed by swappable memory we
give it a "weak" level. This check was so far done by checking if the
file is backed by ramfs. However, since 1155f44f48f8fd59c863d71b3938e34a0b2fec2a we actually prefer tmpfs with
the new "noswap" option for this.
Hence, fix this, and explicitly look for "noswap" among the mount
options in case we detect tmpfs.
Daan De Meyer [Mon, 3 Jun 2024 10:35:29 +0000 (12:35 +0200)]
repart: Use CRYPT_ACTIVATE_PRIVATE
Let's skip udev device scanning when activating a LUKS volume in
systemd-repart as we don't depend on any udev symlinks and don't
expect anything except repart to access the volume.
Suggested by https://github.com/systemd/systemd/issues/33129#issuecomment-2143390941.
analyze: add verb for dumping SMBIOS Type #11 data
I find myself wanting to check this data with a quick command, and
browsing through /sys/ manually getting binary data sucks. Hence let's
do add a nice little analysis tool.
Ronan Pigott [Fri, 8 Mar 2024 20:40:08 +0000 (13:40 -0700)]
resolved: permit dnssec rrtype questions when we aren't validating
This check introduced in 91adc4db33f6 is intended to spare us from
encountering broken resolver behavior we don't want to deal with.
However if we aren't validating we more than likely don't know the state
of the upstream resolver's support for dnssec. Let's let clients try
these queries if they want.
This brings the behavior of sd-resolved in-line with previouly stated
change in the meaning of DNSSEC=no, which now means "don't validate"
rather than "don't validate, because the upstream resolver is declared to
be dnssec-unaware".
Fixes: 9c47b334445a ("resolved: enable DNS proxy mode if client wants DNSSEC")
Daan De Meyer [Fri, 17 May 2024 14:20:11 +0000 (16:20 +0200)]
tpm2-setup: Don't fail if we can't access the TPM due to authorization failure
The TPM might be password/pin protected for various reasons even if
there is no SRK yet. Let's handle those cases gracefully instead of
failing the unit as it is enabled by default.
Yu Watanabe [Tue, 11 Jun 2024 18:24:30 +0000 (03:24 +0900)]
strbuf: several cleanups for strbuf_add_string()
- add missing assertions,
- use GREEDY_REALLOC() at one more place,
- etc.
Before:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
==112572== Memcheck, a memory error detector
==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==112572== Command: ./systemd-hwdb update
==112572==
==112572==
==112572== HEAP SUMMARY:
==112572== in use at exit: 0 bytes in 0 blocks
==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated
==112572==
==112572== All heap blocks were freed -- no leaks are possible
==112572==
==112572== For lists of detected and suppressed errors, rerun with: -s
==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k
0inputs+25264outputs (0major+57275minor)pagefaults 0swaps
```
After:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
[sudo] password for watanabe:
==114732== Memcheck, a memory error detector
==114732== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==114732== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==114732== Command: ./systemd-hwdb update
==114732==
==114732==
==114732== HEAP SUMMARY:
==114732== in use at exit: 0 bytes in 0 blocks
==114732== total heap usage: 1,276,406 allocs, 1,276,406 frees, 68,500,491 bytes allocated
==114732==
==114732== All heap blocks were freed -- no leaks are possible
==114732==
==114732== For lists of detected and suppressed errors, rerun with: -s
==114732== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
21.91user 0.24system 0:22.26elapsed 99%CPU (0avgtext+0avgdata 233584maxresident)k
0inputs+25168outputs (0major+58237minor)pagefaults 0swaps
```
q66 [Thu, 6 Jun 2024 11:45:48 +0000 (13:45 +0200)]
strbuf: use GREEDY_REALLOC to grow the buffer
This allows us to reserve a bunch of capacity ahead of time,
improving the performance of hwdb significantly thanks to not
having to reallocate so many times.
Before:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
==113297== Memcheck, a memory error detector
==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==113297== Command: ./systemd-hwdb update
==113297==
==113297==
==113297== HEAP SUMMARY:
==113297== in use at exit: 0 bytes in 0 blocks
==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated
==113297==
==113297== All heap blocks were freed -- no leaks are possible
==113297==
==113297== For lists of detected and suppressed errors, rerun with: -s
==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k
0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps
```
After:
```
$ sudo time valgrind --leak-check=full ./systemd-hwdb update
==112572== Memcheck, a memory error detector
==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==112572== Command: ./systemd-hwdb update
==112572==
==112572==
==112572== HEAP SUMMARY:
==112572== in use at exit: 0 bytes in 0 blocks
==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated
==112572==
==112572== All heap blocks were freed -- no leaks are possible
==112572==
==112572== For lists of detected and suppressed errors, rerun with: -s
==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k
0inputs+25264outputs (0major+57275minor)pagefaults 0swaps
```
projects / thirdparty / systemd.git / log
