Yu Watanabe [Sun, 17 Jan 2021 04:32:29 +0000 (13:32 +0900)]
udev: stop to use LOG_REALM_UDEV
Before this commit, udevd is built with LOG_REALM=LOG_REALM_UDEV.
However, log level specified by e.g. environment variable or kernel
command line option are also passed to LOG_REALM_SYSTEMD. So, the
maximum log level for the two realms are always equivalent, and it is
not necessary to specify the build option. Hence drop it.
A S Alam [Sun, 24 Jan 2021 16:38:24 +0000 (17:38 +0100)]
Translated using Weblate (Punjabi)
Currently translated at 3.7% (7 of 189 strings)
Co-authored-by: A S Alam <amanpreet.alam@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pa/
Translation: systemd/main
Daan De Meyer [Sat, 23 Jan 2021 15:16:57 +0000 (15:16 +0000)]
sd-bus: Add sd_bus_reply()
While sd-bus already provides sd_bus_call() for calling a method
from a complete bus message object, We don't have an equivalent
function for replying from a method with a complete bus message
object.
Currently, we use sd_bus_send(call->bus, m, NULL) instead. Let's
add a shorthand for this pattern and name it sd_bus_reply().
Luca Boccassi [Wed, 6 Jan 2021 21:42:28 +0000 (21:42 +0000)]
tests: build the image once and then copy/extend it
Building custom images for each test takes a lot of time.
Build the default one, and if the test needs incompatible changes
just copy it and extend it instead.
Daan De Meyer [Sat, 23 Jan 2021 12:17:36 +0000 (12:17 +0000)]
docs: Add a section to HACKING.md on using mkosi and clangd together
While it's perfectly possible today to completely rely on mkosi for
building and testing systemd, to get code completion and other IDE
niceties to work properly, it's still necessary to build systemd
locally.
Recently, mkosi gained the ability to allow external programs to
communicate with the build script. We can use this feature to run
the clangd language server in the mkosi build image via a custom
build script to provide IDE features in editors without requiring
developers to build systemd on the host or install any of systemd's
build dependencies locally.
This commit adds the necessary information on how to set this up
to HACKING.md.
Anita Zhang [Sun, 24 Jan 2021 09:22:51 +0000 (01:22 -0800)]
oom: fix reclaim activity detection
This should have been checking for any reclaim activity within a larger interval
of time rather than within the past second. On systems with swap this
doesn't seem to have mattered too much as reclaim would always increase when
memory pressure was elevated. But testing in the no swap case having
this larger interval made a difference between oomd killing or not.
This merges the two flags that are passed to the ImportTar/ImportRaw
objects into a single flags parameter, which we then can extend more
easily later on.
Anita Zhang [Tue, 12 Jan 2021 04:04:20 +0000 (20:04 -0800)]
core: update setings on the unit and job as the result of ExecCondition=
Update ExecCondition= to set Unit->condition_result and return JOB_DONE
in the Job results if the check fails so as to match the current behavior
of ConditionXYZ= w.r.t units/jobs dependency checks.
Before 60e4fb4240b24bdd2d4299d8d844f48093df8807,
`hostnamectl --transient set-hostname ""` unsets the transient hostname.
But after the commit, it is refused. This fixes the issue.
dissect: almost port systemd-dissect to table_print_with_pager()
This doesn't actually port systemd-dissect to table_print_with_pager()
but at least rearranges things so that similar behaviour is exposed. The
reason it's not ported over 1:1 is that systemd-dissect actually adjusts
the JSON output of the table with additional info, and doesn't print the
table 1:1 as JSON.
format-table: add new helper table_print_with_pager()
This adds a new function table_print_with_pager() which is a wrapper
around table_print_json()/table_print() but spawns a pager first, if
that's enabled, and optionally turns off the header line of the table.
This addresses the fact that many of our tools actually keep doing very
this very similar stuff, over and over again. Let's unify this in one
place.
This parameter allows configuring the activation policy for an interface,
meaning how it manages the interface's administrative state (IFF_UP flag).
The policy can be configured to bring the interface either up or down when
the interface is (re)configured, to always force the interface either up or
down, or to never change the interface administrative state.
If the interface is bound with BindCarrier=, its administrative state is
controlled by the interface(s) it's bound to, and this parameter is forced
to 'bound'.
This changes the default behavior of how systemd-networkd sets the IFF_UP
flag; previously, it was set up (if not already up) every time the
link_joined() function was called. Now, with the default ActivationPolicy=
setting of 'up', it will only set the IFF_UP flag once, the first time
link_joined() is called, during an interface's configuration; and on
the first link_joined() call each time the interface is reconfigured.
varlink: make 'userdata' pointer inheritance from varlink server to connection optional
@keszybz's right on
https://github.com/systemd/systemd/pull/18248#issuecomment-760798473:
swapping out the userdata pointer of a live varlink connection is iffy.
Let's fix this by making the userdata inheritance from VarlinkServer
object to the Varlink connection object optional: we want it for most
cases, but not all, i.e. all those cases where the calls implemented as
varlink methods are stateless and can be answered synchronously. For the
other cases (i.e. where we want per-connection objects that wrap the
asynchronous operation as it goes on) let's not do such inheritance but
initialize the userdata pointer only once we have it. THis means the
original manager object must be manually retrieved from the
VarlinkServer object, which in turn needs to be requested from the
Varlink connection object.
The userdata inheritance is now controlled by the
VARLINK_INHERIT_USERDATA flag passed at VarlinkServer construction.
core: make NotifyAccess= in combination with RootDirectory=/RootImage= work
Previously if people enabled RootDirectory=/RootImage= and NotifyAccess=
together, things wouldn't work, they'd have to explicitly add
BindReadOnlyPaths=/run/systemd/notify too.
Let's make this implicit. Since both options are opt-in, if people use
them together it would be pointless not also defining the
BindReadOnlyPaths= entry, in which case we can just do it automatically.
Benjamin Berg [Tue, 19 Jan 2021 13:59:42 +0000 (14:59 +0100)]
hwdb: Pull autosuspend rules from upstream libfprint
libfprint includes a list of known fingerprint readers that can be
autosuspended. Upstream libfprint generates this file from the USB IDs
registered to drivers and a list of well-known readers that are
currently unsupported.
This addresses the following comments by the Lennart:
---
hmm, so this now does two access() calls for the case where the fd is
not requested, and opens things up for races (theoretically, …). now,
the access() code path was in place for optimization, but if an optimization
is less sexy than the original (and i think it is less sexy, since more
than one syscall, and non-atomic), i think we shouldn't do the optimization.
maybe we should just always use open(O_PATH) now, and then fstat() it to
check if regular file, and then access_fd() it for checking if its executable.
Dan Streetman [Sun, 17 Jan 2021 22:46:12 +0000 (17:46 -0500)]
udev: use DEFINE_MAIN_FUNCTION in cdrom_id
This was failing s390x ubuntu ci due to an old version of binutils;
the binutils package in use for ubuntu ci tests has been updated and
the build no longer fails, so this can use the macro again.
tree-wide: ignore messages with too long control data
Apparently SELinux inserts control data into AF_UNIX datagrams where we
don't expect it, thus miscalculating the control data. This looks like
something to fix in SELinux, but we still should handle this gracefully
and just drop the offending datagram and continue.
recvmsg_safe() actually already drops the datagram, it's just a matter
of actually ignoring EXFULL (which it generates if control data is too
large) in the right places.
This does this wherever an AF_UNIX/SOCK_DGRAM socket is used with
recvmsg_safe() that is not just internal communication.
EFI stubs don't matter, and libsystemd-shared-nnn.so is loaded through rpath,
and is doesn't need to and shouldn't be in $LD_LIBRARY_PATH. In effect, we only
ever need to add the main build directory to the search path.
import: optionally pull .verity + .roothash.p7s data when downloading
We already had support for downlading a .nspawn and a .roothash file,
let's make the set complete, and also download .verity + roothash.p7s if
it exists, as nspawn consumes that.
Since there are now four kinds of additional resources to acquire, let's
introduce a PullFlags flags value for this instead of separate 'bool'
variables, it's just too many to always pass those around on the
function parameter list.
import: ignore non-successful HTTP codes for collecing image metadata
Previously we'd collect the data from redirects too, which wasn't
particularly terrible, since these typically don't carry the data we
were interested in, but it's still incorrect to do so.
Properly reset all fields that have to do with the current GET job when
we restart things. Previously we freed/reset only some stuff, leaking
some memory even.
Previously the PullJob object took internal care of rerequested the
SHA256SUMS file, if requesting <image>.sha256 didn't work. This was a
weird a non-abstraction only used when actually getting the checksum
files.
Let's move this out of the PullJob, so that it is generic again, and
does roughly the same stuff for all resources it is used for: let's
define a generic .on_not_found() handler that can be set on a PullJob
object, and is called whenever with see HTTP 404, and may be used to
provide a new URL to try if the first didn't work.
This is also preparation for later work to support PKCS#7 signatures
instead of gpg signatures, where a similar logic is needed, and we thus
should have a generic infrastructure place.
This gets rid of the VerificationStyle field in the PullJob object:
instead of storing this non-generic field we just derive the same
information from the URL itself, which is safe, since we generated it
ourselves earlier.
projects / thirdparty / systemd.git / log
