sysusers: make sysusers work with dnf --installroot
This is not very pretty, but the code in fs-util.c already provisions for
missing /proc. We ourselves are careful to set up /proc, but not everybody
is and it is important for sysusers to also work where shadow-utils would:
I would like to replace calls to useradd and groupadd in Fedora systemd rpm
scriptlets with a call to sysusers. It has a number of advantages:
- dogfooding
- we don't need to manually duplicate the information from our sysusers
files to scriptlets
- a dependency on shadow-utils is dropped, which transitively drops dependencies
on setup and fedora-repos and bunch of other stuff.
We could try to get 'dnf' and 'rpm --root' and such to be reworked,
but not in any reasonable timeframe. And even if this was done, we'd still
want to support older rpm/dnf versions.
sysusers: add debug lines to failing getent/putent operations
I'm trying to use systemd-sysusers for systemd.rpm itself, and the invocation
in dnf chroot is failing like this:
...
Creating group input with gid 999.
Creating group kvm with gid 36.
Creating group render with gid 998.
Creating group sgx with gid 997.
Creating group systemd-journal with gid 190.
Creating group systemd-network with gid 192.
Creating user systemd-network (systemd Network Management) with uid 192 and gid 192.
Creating group systemd-oom with gid 996.
Creating user systemd-oom (systemd Userspace OOM Killer) with uid 996 and gid 996.
Creating group systemd-resolve with gid 193.
Creating user systemd-resolve (systemd Resolver) with uid 193 and gid 193.
Creating group systemd-timesync with gid 995.
Creating user systemd-timesync (systemd Time Synchronization) with uid 995 and gid 995.
Creating group systemd-coredump with gid 994.
Creating user systemd-coredump (systemd Core Dumper) with uid 994 and gid 994.
Failed to write files: Function not implemented
Let's add more info to make such failures easier to debug.
Yu Watanabe [Sun, 23 May 2021 07:59:40 +0000 (16:59 +0900)]
udev/net: do not manage loopback interfaces
There are nothing we can configure in udevd for loopback interfaces;
no ethertool configs can be applied, MAC address, interface name should
not be touched.
Yu Watanabe [Thu, 20 May 2021 21:22:37 +0000 (06:22 +0900)]
udev/net: drop fallback logic to set speed
ethtool_set_glinksettings() already fallback to use ETHTOOL_GSET/ETHTOOL_SSET
commands when ETHTOOL_GLINKSETTINGS/ETHTOOL_SLINKSETTINGS are not
supported.
Hans de Goede [Sat, 22 May 2021 17:42:21 +0000 (19:42 +0200)]
hwdb: keyboard: Ignore duplicate atkbd keypresses on touchpad on/off toggle
The atkbd device on the Lenovo Yoga 300-11IBR 2-in-1 sends unknown
keycodes when the touchpad is toggled on/off:
[ 1918.995562] atkbd serio0: Unknown key pressed (translated set 2, code 0x63 on isa0060/serio0).
[ 1918.995610] atkbd serio0: Use 'setkeycodes 63 <keycode>' to make it known.
[ 1919.032121] atkbd serio0: Unknown key released (translated set 2, code 0x63 on isa0060/serio0).
[ 1919.032135] atkbd serio0: Use 'setkeycodes 63 <keycode>' to make it known.
[ 1926.098414] atkbd serio0: Unknown key pressed (translated set 2, code 0x62 on isa0060/serio0).
[ 1926.098461] atkbd serio0: Use 'setkeycodes 62 <keycode>' to make it known.
[ 1926.146537] atkbd serio0: Unknown key released (translated set 2, code 0x62 on isa0060/serio0).
[ 1926.146583] atkbd serio0: Use 'setkeycodes 62 <keycode>' to make it known.
The "Ideapad extra buttons" driver alreadys sends f22 / f23 key-events
when the touchpad is toggles off, so map the keycodes for the duplicate
atkbd events to unknown to silence these kernel warnings.
sleep: use SleepOperation enum everywhere and drop sleep_settings()
Instead of comparing strings everywhere, let's use the new enum. This
allows us to drop sleep_settings(), since the operation enum can be
directly used as index into the config settings.
Some minor other refactoring is done, but mostly just shifting thing
around a bit, no actual change in behaviour.
units: make sure importd has CAP_LINUX_IMMUTABLE flag
Since d8f9686c0f1f276c0a687d9bd69f3adf33f15a95 we use the chattr +i flag
for marking containers in directories as reead-only. But to do so we
need the cap for it, hence grant it.
I'm working on building initramfs images directly from normal packages, and it
doesn't make sense for those units to be started. Pristine system rpms need to
behave correctly as much as possible also in the initrd, and those units are
enabled by the rpms. There usually isn't enough time for the timer to actually
fire, but starting it gives a line on the console and generally looks confusing
and sloppy. Flushing the journal means that its actually lost, since the real
/var is not available yet.
Another approach would be not enable those units, but right now they are
statically enabled, and changing that would be more work, and doesn't really
seem necessary, since the condition checks are very quick.
Checking for /etc/initrd-release is the standard condition that the initrd
units use, so let's do the same here.
Previously we'd pass all return values of read_virtual_file() to
log_info_errno() as error, but that makes no sense, given that we
sometimes return positive one with means "not truncated" but we'd show
as "Permission denied. Let's fix this, and log differently for sucess
and error.
Using format strings for concatenating strings is pretty unefficient,
and using PATH_MAX buffers unpretty as well. Let's revert to using
strjoina() as before.
However, to fix the fuzz issue at hand, let's explicitly verify the two
input strings ensuring they are valid path names. This includes a length
check (to 2K each), thus making things prettier, faster and using less
memory again.
Our description was pretty hard to parse. Let's replace it with a description
loosely based on a fairly clear description written by a distro that actually
uses BUILD_ID:
https://developer.rigado.com/docsets/Working-with-the-Rigado-Vesta-Gateway/latest/production/versioning-images.html#the-rigos-scheme.
This is also not entirely obvious. I think the code I came
up with is pretty elegant ;] The final part of of the code that makes
use of the parsed data is kept very similar to the shell code on purpose,
even though it could be written a bit more idiomatically.
Let's order the fields from the most general to least: os name, os variant, os
version, machine-parseable version details, metadata, special settings. I added
section headers to roughly group the settings. The division is not strict,
because for example CPE_NAME also includes the version, and PRETTY_NAME may
too, but it still makes it easier to find the right name.
Also split out Examples to separate paragraphs:
almost all descriptions had "Example:" at the end, where multiple
examples were listed. Splitting this out to separate paragraphs
makes the whole thing much easier to read.
Add missing markup and punctuation while at it.
About
- If not set, defaults to <literal>NAME=Linux</literal>.
+ If not set, a default of <literal>NAME=Linux</literal> may be used.
and similar changes: in many circumstances, if this is not set, no value should
be used. The fallback mostly make sense when we need to present something to the
user. So let's reword this to not imply that the default is necessary.
Dan Streetman [Fri, 14 May 2021 12:08:33 +0000 (08:08 -0400)]
oom: log one-time warning if kernel doesn't provide memory.swap.current
The kernel can be compiled without support for any memory.swap.* files, or
it can be disabled at boot time with the 'swapaccount=0' boot parameter,
so if the file doesn't exist log warning indicating the kernel doesn't
support the file and the user may need to try using the 'swapaccount=1'
boot param.
Note that the actual error from the call to fopen() is ENOENT, but
that is translated into ENODATA in cg_get_attribute_as_uint64()
Dan Streetman [Wed, 19 May 2021 18:22:28 +0000 (14:22 -0400)]
psi: update is_pressure_supported to read file
The kernel still provides the /proc and cgroup pressure files even
if its psi support is disabled, so we need to actually read the files
to verify they don't return -EOPNOTSUPP
Dan Streetman [Wed, 19 May 2021 14:22:21 +0000 (10:22 -0400)]
log: add log_once() and log_once_errno() macros
These macros will log a message at the specified level only the first time
they are called. On all later calls, if the specified level is debug, the
logs will be suppressed; otherwise the message will be logged at debug.
Luca Boccassi [Thu, 20 May 2021 09:35:36 +0000 (10:35 +0100)]
journal: fix uninitialized variable use
If the journal file being processed is archivied, seqnum_id will not be
initialized before being passed on, and coverity complains.
Initialize it to zero.
This ensures that the fuzz test code is also built by default.
It also increases the test coverage a bit. Compiling the tests
*with* sanitizers is painfully slow, so this is not enabled. But
just compiling them sauté is hardly noticable. Running the tests
increases the test count and runtime:
622 tests, 26 s
to
922 tests, 35 s
I think this is acceptable.
projects / thirdparty / systemd.git / log
