man/systemd-repart: extend description and reword some sentences
The page was written when systemd-repart was primarily intended to be used on a
running system. But nowadays it's more often used to create images, so extend
that part of the description.
While at it, fix some whitespace issues and trim some overly complicated sentences.
Steve Traylen [Wed, 3 Jul 2024 12:19:08 +0000 (14:19 +0200)]
Document that MemorySwapMax supports % configuration
Certainly on systemd 252 at least a configuration of
```
MemorySwapMax=40%
```
is supported but this was missing from the man page.
Only MemoryMax was documented as supporting a %.
core: when switching root remove /run/systemd before executing the binary specified by init=
It's important if the binary specified by the init= boot option is not systemd
otherwise it confuses systemctl that incorrectly assumes that systemd is still
the init system due to the presence of /run/systemd/system.
Also some tools might also check the presence of /run/systemd/private to test
if systemd is running as pid1.
Make vcs-tag do something useful for non-developer mode as well
When building packages of arbitrary commits of systemd-stable,
distributors might want to include a git sha of the exact commit
they're on. Let's extend vcs-tag a little to make this possible.
If we're on a commit matching a tag, don't generate a git sha at all.
If we're not on a commit matching a tag, generate a vcs tag as usually.
However, if we're not in developer mode, don't append a '^' if the tree
is dirty to accomodate package builds applying various patches to the
tree which shouldn't be considered as "dirty" edits.
tools/update-distro-hash: rename, fetch the repository if appropriate
Let's rename the tool to tools/fetch-distro. It's useful to be able to fetch
the distro directly. But when that functionality is added, the old name is
confusing.
Now --update/-u must be specified to update the commits.
--reference-if-able is used to speed up the clone of debian.
It saves about 75% of the download.
If there is an error with the execv call in fork_agent the
program exits without any meaningful log message. Log the
command and errno so the user gets more information about
the failure.
Fixes: #33418 Signed-off-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
James Coglan [Tue, 11 Jun 2024 10:57:36 +0000 (11:57 +0100)]
resolved: tests for dns_packet_extract(); parsing OPT records
These tests identify a couple of problems with OPT pseudo-RR parsing.
First, any TTL value with the high bit set is replaced with zero before
checking the record type. For most types this is correct, since TTLs
have the range of signed int32. But for OPT records where the TTL is
repurposed to hold the extended RCODE, EDNS version and flags, it means
that the high bit cannot be used in extended RCODEs. Any RCODE with the
high bit set will be read as zero.
Second, the DNS_PACKET_RCODE() function bit-shifts the extended RCODE by
24 places instead of 20, so that it ends up forming the lower 8 bits of
a 12-bit RCODE, instead of the upper 8 bits as intended.
We intend to fix these issues in other pull requests.
* 00babccdea Simplify BFQ scheduler enablement
* ef8ddb130b Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* 5b4a5461d6 Fix changelog
* a8c5c736f6 Only apply shorter shutdown timer changes on Fedora
* f4e284cd7a Merge #150 `Deal with systemd-timesyncd backport in EPEL`
|\
| * 9378a0733a Deal with systemd-timesyncd backport in EPEL
* | 12d1f05029 Don't claim /sbin/installkernel if building for CentOS Stream 9
|/
* 79828f2753 spec: use "positive" conditions in conditionals
* c5d3af1638 Add build dependency on rsync on CentOS Stream 9
* 8d080fb5cb Backport udma buffer access patch
* 6084453807 Add support for building from a specific branch
* cb9d631ca0 Update PR patch metadata
* 3889da947e In standalone subpackages, suggest coreutils-single
* b7800e3e66 Drop versions from Conflicts for standalone packages
Gregor Herburger [Wed, 12 Jun 2024 12:05:09 +0000 (14:05 +0200)]
networkctl: add support to display learned fdb entries
Since Linux commit ddd1ad68826d ("net: bridge: Add netlink knobs for number
/ max learned FDB entries") [1] it is possible to limit to number of
dynamically learned fdb entries per bridge.
Add support to the systemd networkctl for the netlink bridge attributes
IFLA_BR_FDB_MAX_LEARNED and IFLA_BR_FDB_N_LEARNED.
Gregor Herburger [Thu, 20 Jun 2024 14:10:24 +0000 (16:10 +0200)]
network: bridge: add support for IFLA_BR_FDB_MAX_LEARNED
Since Linux commit ddd1ad68826d ("net: bridge: Add netlink knobs for number
/ max learned FDB entries") [1] it is possible to limit to number of
dynamically learned fdb entries per bridge.
Add support to the systemd netdev bridge for the new netlink attribute
IFLA_BR_FDB_MAX_LEARNED.
These are now practically identical, with the only differences between
the two having no effect on the rpm builds we do with mkosi, so let's
cut out the middle man and just use the Fedora Rawhide spec for CentOS
as well.
mkosi: Switch back to PKG_SUBDIR instead of symlinks
Previously I thought it would make sense to allow running the build
scripts from within the VM/container to rebuild the packages. Instead
we ended up making it possible to rerun mkosi outside of the container/VM
to rebuild the packages, so let's switch back to $PKG_SUBDIR to tell the
build scripts where to look for the packaging sources.
Mike Yuan [Wed, 1 May 2024 13:26:33 +0000 (21:26 +0800)]
core/service: imply Type=exec if credentials are used
When credentials are used with Type=simple + ExecStartPost=,
i.e. when multiple sd-executor instances are running in parallel
for a single service, the state of final credential dir
might be unexpected wrt path_is_mount_point() and other
steps. So, let's imply Type=exec if not explicitly specified,
and emit a warning otherwise.
Kamil Szczęk [Thu, 27 Jun 2024 17:05:43 +0000 (19:05 +0200)]
cryptsetup: handle parallel activation of volumes with another tool gracefully
This commit makes systemd-cryptsetup exit with a successful status when
the volume gets unlocked outside of the current systemd-cryptsetup
process while it was executing. This can be easily reproduced by calling
systemd-cryptsetup, and while it waits for user to input a password/PIN,
unlock the volume in a second terminal. Then after entering the password
systemd-cryptsetup will exit with a non-zero status code.
udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOT
pci_get_hotplug_slot() has the following limitations:
- if slots are not hotpluggable, they are not in /sys/bus/pci/slots.
- the address at /sys/bus/pci/slots/X/addr doesn't contains the function part,
so on some system, 2 different slots with different _SUN end up with the same
hotplug_slot, leading to naming conflicts.
- it tries all parent devices until it finds a slot number, which is incorrect,
and what led to NAMING_BRIDGE_MULTIFUNCTION_SLOT being disabled.
The use of PCI hotplug to find the slot (ACPI _SUN) was introduced in
https://github.com/systemd/systemd/commit/0035597a30d120f70df2dd7da3d6128fb8ba6051
"udev: net_id - export PCI hotplug slot names" on 2012/11/26.
At the same time on the kernel side we got
https://github.com/torvalds/linux/commit/bb74ac23b10820d8722c3e1f4add9ef59e703f63
"ACPI: create _SUN sysfs file" on 2012/11/16.
Using PCI hotplug was the only way at the time, but now 12 years later we can use
firmware_node/sun sysfs file.
Looking at a small selection of server HW, for HPE (Gen10 DL325), the _SUN is attached
to the NIC device, whereas for Dell (R640/R6515/R6615) and Cisco (UCSC-C220-M5SX),
the _SUN is on the first parent pcieport.
We still fallback to pci_get_hotplug_slot() to handle the s390 case and
maybe some other coner cases (_SUN on grand parent device that is not a
bridge ?).
Mike Yuan [Sat, 22 Jun 2024 10:03:50 +0000 (12:03 +0200)]
core/service: destroy runtime data when Type=oneshot services exit
Currently, we have a bunch of Type=oneshot + RemainAfterExit=yes
services that make use of credentials. When those exits, the cred mounts
remain established, which is pointless and quite annoying. Let's
instead destroy the runtime data on SERVICE_EXITED, if no process
will be spawned for the unit again.
timedatectl: setting set_local_rtc to 1 will throw Warning as well, use log_warning() (#33489)
Previously only running `timedatectl` it was showing warning regarding the dangers of setting RTC to local TZ.\rNow similar warning is also flashed when `set-local-rtc 1`.
meson: fix missing failure if bpf-framework was enabled
If building with clang and clang does not support bpf, then enabling
-Dbpf-framework=enabled would silently drop the feature (even printing
bpf-framework: enabled in the meson build recap, and no message anywhere
that'd hint at the failure!)
This is unexpected, so add check to fail hard in this case.
All other code paths (gcc, missing bpftool) properly check for the
option, but it is not as easy for a custom command so check explicitly
projects / thirdparty / systemd.git / log
