Ronan Pigott [Mon, 26 Aug 2024 08:39:20 +0000 (01:39 -0700)]
resolved: clear the AD bit for bypass packets
When the bypass logic is invoked, such as for queries to the stub with
the DO bit set, be certain to clear the AD bit in the reply before
forwarding it if the answer is not known to be authentic.
Daan De Meyer [Mon, 26 Aug 2024 11:08:25 +0000 (13:08 +0200)]
mkosi: Stop using git commit timestamps for package releases
This prevents bisecting to figure out which commit broke something
as when going backwards the git commit timestamp will be older meaning
package managers will refuse to upgrade to the "older" version. Let's
make sure the release is always newer by using the current date unless
$SOURCE_DATE_EPOCH is set.
Yu Watanabe [Tue, 20 Aug 2024 18:24:06 +0000 (03:24 +0900)]
man: reword about default route for DNS traffic
DefaultRoute is a D-Bus property, not a valid setting name in .network
files nor resolved.conf.
Whether a link is the default route or not is configured with
DNSDefaultRoute= setting in .network files.
Yu Watanabe [Sat, 24 Aug 2024 20:50:27 +0000 (05:50 +0900)]
network/routing-policy-rule: introduce a generic conf-parser for [RoutingPolicyRule] sectin
This introduce config_parse_routing_policy_rule(), which wraps existing
conf parsers. With this, we can drop many custom conf parsers for
[RoutingPolicyRule], and can reuse generic conf parsers in conf-parser.[ch].
Yu Watanabe [Sat, 24 Aug 2024 19:53:10 +0000 (04:53 +0900)]
conf-parser: return 1 on success
Typically, conf parsers will ignore most errors during parsing strings
and return 0. Let's return 1 on success. Otherwise it is hard to reused
these function in another conf parser.
Sam James [Sat, 24 Aug 2024 12:09:47 +0000 (13:09 +0100)]
meson: search for 'bpf-unknown-none' too
We currently search for 'bpf-gcc' and 'bpf-none-gcc'. Gentoo's
sys-devel/bpf-toolchain package uses 'bpf-unknown-none-gcc', as does Fedora's
cross-binutils. Search for this name too.
varlinkctl: output an expressive error message in case invalid method/interface names are specified
Inspired by #34098 → let's make it easier for users to understand and
correct the mistakes they made: let's early refuse invalid
interface/method names.
Yu Watanabe [Fri, 23 Aug 2024 00:54:00 +0000 (09:54 +0900)]
udev/net_id: move naming scheme check
We usually do not set r = -1 when a functionality is disabled or not
supported. Even though the error code is not used, let's set a negative
errno in such case.
Since ID_NET_NAME_SLOT was introduced we ignore slot == 0
https://github.com/systemd/systemd/blob/0035597a30d120f70df2dd7da3d6128fb8ba6051/src/udev/udev-builtin-net_id.c#L139
Qemu sets _SUN to PCI_SLOT() for all NICs, so _SUN is not unique.
https://gitlab.com/qemu-project/qemu/-/issues/2530
In my tests with libvirt I can only set 'slot="0x00"' in interface definition,
so all NICs end up with _SUN == 0, and this commit is enough to avoid the issue.
man: document .membership files that nss-systemd processes
This has been a glaring omission the docs: when people create
.user/.group/.user-privileged/.group-privileged drop-in files, they
should also create matching .membership files.
Alyssa Ross [Wed, 21 Aug 2024 12:21:47 +0000 (14:21 +0200)]
bootctl: don't load etc/machine-info from cwd
arg_root defaults to null, so if --root isn't given, this would try reading
etc/machine-info from the current working directory, which is likely to fail.
Fixes: 77db9ef2ab ("boot: Make sure we take --root into account everywhere.")
Yu Watanabe [Wed, 21 Aug 2024 19:11:52 +0000 (04:11 +0900)]
network/routing-policy-rule: use address family of existing rule when judging if existing rule can be updated
Otherwise, the other RoutingPolicyRule object may not have a valid
address family yet, and the existing rule may be wrongly handled as
that it is not requested by any interface, and it may be removed.
Ronan Pigott [Wed, 21 Aug 2024 14:49:59 +0000 (07:49 -0700)]
resolved: demote the fallback dns servers
This softens the behavior originally introduced in eded61e410df to apply
only to the fallback dns servers.
The intent is that the global FallbackDNS (instead of DNS) can now be
used in conjunction with the per-link dns, providing a fallback behavior
without introducing a scope overlap.
References: eded61e410df (resolved: demote the global unicast scope, 2024-08-19)
Ronan Pigott [Tue, 20 Aug 2024 17:25:28 +0000 (10:25 -0700)]
resolved: use the fallback servers when no default dns is configured
This expands the role of fallback servers so they are applied not only
when there are no dns servers configured, but when all the configured
dns servers are configured only for non-default-route links.
Ronan Pigott [Wed, 21 Aug 2024 13:59:22 +0000 (06:59 -0700)]
Revert "resolved: demote the global unicast scope"
This commit may have been a breaking change for sd-resolved foreign
resolv.conf mode, where a legacy network management daemon directly
modifies resolv.conf and sd-resolved consumes that.
With the mentioned commit, iff E2BIG we'd retry pidfd_spawn()
with POSIX_SPAWN_SETCGROUP disabled. However, the same strategy
should actually apply to EOPNOTSUPP/ENOSYS/EPERM too -
they can mean two things here: no clone3() or no CLONE_PIDFD.
Therefore, let's first try clone() + CLONE_PIDFD, and fall further back
to plain clone() (posix_spawn()) only as last resort. Plus, record
the fact so that we don't unnecessarily retry every single time
if CLONE_PIDFD is the one that's unavailable.
projects / thirdparty / systemd.git / log
