mkosi: Use apt patterns to install dependencies on Debian/Ubuntu
Instead of parsing the human readable output of apt-cache, let's
use apt patterns to figure out the dependencies.
We also filter out virtual packages as apt will fail and say we need
to install an implementation of the virtual package even if a package
that provides the virtual package is already installed.
Daan De Meyer [Fri, 30 Aug 2024 12:09:06 +0000 (14:09 +0200)]
repart: Add compression support
Now that mkfs.btrfs is adding support for compressing the generated
filesystem (https://github.com/kdave/btrfs-progs/pull/882), let's
add general support for specifying the compression algorithm and
compression level to use.
We opt to not parse the specified compression algorithm and instead
pass it on as is to the mkfs tool. This has a few benefits:
- We support every compression algorithm supported by every tool
automatically.
- Users don't need to modify systemd-repart if a mkfs tool learns a
new compression algorithm in the future
- We don't need to maintain a bunch of tables for filesystem to map
from our generic compression algorithm enum to the filesystem specific
names.
We don't add support for btrfs just yet until the corresponding PR
in btrfs-progs is merged.
resolved: include Varlink error on inconsistent DNS-SD services in introspection data
Let's also rename the error slightly, since what happens here is that a
a valid service RR name is CNAME'd onto an invalid one. That's an
inconsistency on the server side, which we really should report as such.
test: don't install Python scripts from systemd-test RPM
The original regex didn't cover the `run-unit-tests.py` script that
made the old framework pull in Python into the test image, which in turn
allowed the new TEST-69-SHUTDOWN Python script to get executed in the
old framework's image, causing unexpected fails with latest Python on
Rawhide.
Adrian Vovk [Sat, 31 Aug 2024 04:42:54 +0000 (00:42 -0400)]
sysupdated: Improve logging about jobs
If someone runs `updatectl update`, sysupdate will be running multiple
update jobs at the same time, which can make reasoning about the output
in the journal quite difficult. Especially if things go wrong: the error
messages didn't mention which job failed. Nor was there any link between
job ID and the PID of the worker process logging to the journal. This
is all fixed here!
Adrian Vovk [Sat, 31 Aug 2024 04:10:23 +0000 (00:10 -0400)]
sysupdated: Cleanup handling of notifications
Cuts out some `strdup`s, and also avoids a rather weird case of donating
memory to a function. Basically just duplicates the solution I just
implemented for sysupdate's callout handler.
Adrian Vovk [Sat, 31 Aug 2024 03:58:19 +0000 (23:58 -0400)]
sysupdate: Don't ignore callout binary failure
Previously, if the callout binary (i.e. sd-pull, sd-import) failed
gracefully, we'd return its exit status from the event loop and thus
from run_callout(). Of course, exit status is a positive number in the
event of failure. Which means that we completely ignore the callout
binary failing, and instead continue using whatever it managed to
download before failing.
This is bad for obvious reasons, not the least of which is installing
a half-downloaded OS. This also means that we would completely ignore
failed signature checks 😬️
Luca Boccassi [Fri, 30 Aug 2024 16:55:18 +0000 (17:55 +0100)]
portable: ensure PORTABLE_FORCE_ATTACH works even when there is a leftover unit
Force means force, we skip checks with PID1 for existing units, but
then bail out with EEXIST if the files are actually there. Overwrite
everything instead.
Yu Watanabe [Tue, 27 Aug 2024 01:59:53 +0000 (10:59 +0900)]
conf-parser: use log_syntax_parse_error() and friends more
This also makes all conf parsers defined in conf-parser.c return 1
on success, 0 on non-critical error.
Also, use free_and_strdup_warn() where applicable.
conf-parser: several cleanups for DEFINE_CONFIG_PARSE_ENUMV() macro
- use GREEDY_REALLOC() and FOREACH_ARRAY(),
- do not set an array with only terminating 'invalid' value.
Note, this macro is only used by parsing NamePolicy= and AlternativeNamesPolicy=
in .link files. and udevd correctly handles both an empty array and an
array with only 'invalid'. Hence, this does not change any behavior.
docs/UIDS-GIDS: drop obsolete comment about Fedora
https://fedoraproject.org/wiki/Changes/RenameNobodyUser, 2018:
> Use "nobody:nobody" as the names for the kernel overflow UID:GID pair, and
> retire the old "nfsnobody" name and the old "nobody:nobody" pair with 99:99
> numbers.
Adrian Vovk [Sat, 31 Aug 2024 02:39:17 +0000 (22:39 -0400)]
progress-bar: Add unbuffered variant
The progress_bar functions do their own buffering: they reconfigure
stderr, then print, then flush and disable buffering on their own. In
situations where multiple progress bars are being drawn at a time (for
example, in updatectl), it's even more efficient to hoist the buffering
and flushing to the call site, and avoid drawing each progress bar
individually.
To that end, new _unbuffered variants of the progress_bar functions. And
we use them in updatectl.
Adrian Vovk [Sat, 31 Aug 2024 01:57:07 +0000 (21:57 -0400)]
updatectl: Improve behavior of progress logging
This applies a couple of aesthetic changes to the way updatectl renders
progress information
1. We invert from "ICON TARGET MESSAGE" to "TARGET: ICON MESSAGE" to
better fit in with the systemd progress bars, which look like
"TARGET [==========---------] XX%". The original version of the
sysupdated PR implemented its own progress bars that were oriented
differently: "[==========---------] TARGET XX%". When we swapped
the progress bar we didn't swap the status messages
2. When a target finishes updating, instead of leaving a 100% progress
bar on screen for potentially extended periods of time (which implies
to the user that the update isn't actually done...), we show a status
message saying the target is done updating.
3. Fixed a minor bug where an extra newline would be printed after the
total progress bar. At the top of the rendering function, we scroll
the terminal's scroll-back just enough to fit a line for each target,
and one for the total. This means that we should not print an
additional line after the total, or else it'll scroll the terminal's
buffer by an additional character. This bug was introduced at some
point during review
4. Clears the Total progress bar before quitting. By the time we're
quitting, that progress bar will be showing no useful status for the
user. Also, the fix in point 3 will cause the shell's prompt to
appear on the same line as the Total progress bar, partially
overwriting it and leaving the shell in a glitchy state.
Adrian Vovk [Sat, 31 Aug 2024 01:43:44 +0000 (21:43 -0400)]
sysupdated: Register known error types
This fixes a bug introduced during review of sysupdated. Originally,
we just returned EALREADY verbatim to signify that the target is
already up-to-date. Then we switched this to a proper error
(org.freedesktop.sysupdate1.NoCandidate) during review. But that now
maps to EIO, not EALREADY. Thus, whenever there's nothing to update,
updatectl would report I/O errors to the user, even though nothing
actually went wrong.
Daan De Meyer [Thu, 29 Aug 2024 20:59:48 +0000 (22:59 +0200)]
repart: Keep existing directory timestamps intact when copying
Otherwise, when merging multiple directory trees, the output becomes
unreproducible as the directory timestamps will be changed to the current
time when copying identical directories from the second tree.
We introduce a new copy flag to achieve this behavior.
cryptenroll: don't return slot 0 when we have no policy to search for
If the policy hash is empty we shouldn't return "0" from
search_policy_hash(), because that is understood as slot index 0, but
that's unlikely to match the policy.
Hence, return -ENOENT instead, indicating that we can't find a matching
slot.
Daan De Meyer [Tue, 27 Aug 2024 13:26:20 +0000 (15:26 +0200)]
image-policy: Fix strv size calculation
We want the logarithm of the next power of two, which is the same
as the mask + 1, so add one to the mask to make sure the size is
sufficient to fit all flags.
Daan De Meyer [Thu, 29 Aug 2024 11:26:28 +0000 (13:26 +0200)]
mkosi: update fedora commit reference
* a67221c3f0 Always build ukify package
* abb115a905 Do not use patch to modify systemd-user pam config file
* 196ec98228 Drop %upstream conditionalization for patches
core: do BindMount/MountImage operations in async control process
These operations might require slow I/O, and thus might block PID1's main
loop for an undeterminated amount of time. Instead of performing them
inline, fork a worker process and stash away the D-Bus message, and reply
once we get a SIGCHILD indicating they have completed. That way we don't
break compatibility and callers can continue to rely on the fact that when
they get the method reply the operation either succeeded or failed.
To keep backward compatibility, unlike reload control processes, these
are ran inside init.scope and not the target cgroup. Unlike ExecReload,
this is under our control and is not defined by the unit. This is necessary
because previously the operation also wasn't ran from the target cgroup,
so suddenly forking a copy-on-write copy of pid1 into the target cgroup
will make memory usage spike, and if there is a MemoryMax= or MemoryHigh=
set and the cgroup is already close to the limit, it will cause an OOM
kill, where previously it would have worked fine.
Daan De Meyer [Wed, 28 Aug 2024 15:52:40 +0000 (17:52 +0200)]
mkosi: Switch back to src.opensuse.org for opensuse spec
Supposedly they're never going to rewrite their git history again
so let's give src.opensuse.org another try given that code.opensuse.org
is down again.
Daan De Meyer [Wed, 28 Aug 2024 07:46:10 +0000 (09:46 +0200)]
mkosi: update debian commit reference
* aa17b7ddf9 Fix stage1 build
* 2c13391e33 Update changelog for 256.5-1 release
* 7d13196926 autopkgtest: skip TEST-64-UDEV-STORAGE due to qemu crash
* 47769e8d7c Drop patch merged upstream
* 4e8e9315b5 Update upstream source from tag 'upstream/256.5'
|\
| * 71b885347d New upstream version 256.5
* 89a33e5408 d/e/checkout-upstream: undo quilt patches before switching debian branch
* 3c942ecb0d d/e/checkout-upstream: do not rebase on main when building stable branches
Daan De Meyer [Wed, 28 Aug 2024 07:46:07 +0000 (09:46 +0200)]
mkosi: update fedora commit reference
* 28076e6232 Only make python3-pillow Recommends on Fedora
* a9807c4486 Do not require grubby on CentOS Stream 9
* d38cacfd3a Version 256.5
* 38291e13c1 Disable integration of userdb in sshd
* 53118d2112 Backport patch to only read /proc/cmdline when not in container
* 903e8e0f88 Backport upstream patch to try more initrd variants in 90-loaderentry.install
* b29a66006c Version 256.4
* 1cdae03391 Update tmpfiles --destroy-data patch
* 4fd4ef72a6 Upload sources
* 3c3772150d Version 256.3
projects / thirdparty / systemd.git / log
