analyze: use '' instead of the empty string when showing versions
It looks like garbled output… I didn't use shell-escape, because the other
characters that are special for the shell that are used in versions should
not be escaped.
kernel-install: ignore extra args passed when invoked as installkernel
kernel's 'make install' invokes install.sh which calls /sbin/install-kernel.
Thus we are invoked as e.g.
/sbin/installkernel 5.18.0 arch/x86/boot/bzImage System.map /boot
The last two arguments would be passed as "initrds".
Before , we would just quitely ignore
/boot, because it doesn't pass the 'test -f' test, and possibly try to do
something with System.map. 742561efbe938c45936f2e4f5d81b3ff6b352882 tightened
the check, so we now throw an error.
It seems that the correct thing is to ignore those two arguments, because
our plugin syntax has no notion of System.map. And the installation directory
we can figure out ourselves better. Effectively, this makes things behave
like before, but less by accident.
Daan De Meyer [Wed, 18 May 2022 11:35:21 +0000 (13:35 +0200)]
dissect-image: Explicitly remove partitions when done with image
When closing a loop device, the kernel will asynchronously remove
the probed partitions. This can lead to race conditions where we
try to reuse a partition device that still needs to be removed by
the kernel. To avoid such issues, let's explicitly try to remove
any partitions using BLKPG_DEL_PARTITION when we're done with an
image.
To make sure we don't try to remove partitions when we want them
to remain (e.g. systemd-dissect --mount), we add
dissected_image_relinquish() in a similar vein to loop_device_relinquish()
and decrypted_image_relinquish().
Benjamin Franzke [Sat, 21 May 2022 14:28:32 +0000 (16:28 +0200)]
docs: improve table readability
Let the table span more than the default content width,
if the table contains alot of data (controlled by width: auto)
(720px is very good for continuous text, but too narrow for tables).
The container class is therefore adapted to put the
width restriction on the elements itself, allowing for
exceptions for individual elements like <table> and
<h1> (which used an offset margin before and is now
streamlined to use a max-width as well).
Also add a striped background to ease reading rows
and allow for horizontal mobile scrolling without
overflowing the entire document, only the table itself.
Frantisek Sumsal [Sat, 21 May 2022 15:34:34 +0000 (17:34 +0200)]
ci: temporarily disable validation of GH Action files
since the current version of super-linter doesn't recognize
ubuntu-22.04 as a valid runner specification. This should
be fixed once https://github.com/github/super-linter/pull/2897
is merged, which includes
https://github.com/rhysd/actionlint/commit/09a60b0f5761c2d066def294e541c25a89756eea
Frantisek Sumsal [Sat, 21 May 2022 15:30:51 +0000 (17:30 +0200)]
cryptsetup: fix build with -Db_ndebug=true
```
...
../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-fido2.c:33:13: error: variable 'r' set but not used [-Werror,-Wunused-but-set-variable]
int r;
^
1 error generated.
...
../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-pkcs11.c:34:13: error: variable 'r' set but not used [-Werror,-Wunused-but-set-variable]
int r;
^
1 error generated.
ninja: build stopped: subcommand failed.
+ fatal ''\''meson compile'\'' failed with -Db_ndebug=true'
```
Luca Boccassi [Tue, 17 May 2022 19:09:49 +0000 (20:09 +0100)]
resolved: default to OpenSSL
If both gnutls and openssl are available, prefer openssl.
We are gradually moving toward supporting openssl only as the
crypto library, and the resolved gnutls backend will be dropped
at some point, so start nudging users toward the openssl one.
The format described by this document is used not only for coredumps,
but also for other purposes, so we've outgrown the old title.
A redirect was added based on https://codepo8.github.io/github-redirection-demo/.
I tried to use a relative link, but it's hard to test if it works
before merging.
Co-authored-by: Benjamin Franzke <benjaminfranzke@googlemail.com>
Jan Janssen [Mon, 7 Feb 2022 11:33:45 +0000 (12:33 +0100)]
boot: Support booting in EFI mixed mode
The kernel provides a ".compat" PE section that contains a list of
compat entry points with their respective arches. This entry point
does all the heavy lifting to support running 64bit kernels when
the UEFI firmware is 32bit.
Note that the EFI handover protocol code in linux_x86.c does not
need any adjustments as it already correctly calls the 32bit handover
code.
Jan Janssen [Tue, 8 Feb 2022 10:03:20 +0000 (11:03 +0100)]
boot: Keep initrds separate from cmdline options
This is in preparation for LINUX_INITRD_MEDIA support in boot.c. One
downside is that adding or changing the used initrds by command line
editing is not possible anymore.
Jan Janssen [Mon, 7 Feb 2022 12:05:56 +0000 (13:05 +0100)]
boot: Use cleanup handler to unload image
This also moves the message about failed image execution into
image_start() as we would otherwise show two error messages if
any of the preparatory steps failed.
network: drop support for old kernels which cannot set prefix route with non-main route table
Not sure when the issue was fixed.
- kernel-3.10 on CentOS 7 has the issue,
- kernel-4.18 on CentOS 8 works fine.
Note, the workaround dropped by the commit is not incomplete:
with an old kernel which has the issue, all non-prefix routes are
configured on the specified route table, but the prefix route is
configured on the main table. That should not work for most cases,
hence, the workaround is mostly meaningless.
Benjamin Franzke [Thu, 19 May 2022 11:54:24 +0000 (13:54 +0200)]
tree-wide: replace obsolete wiki links with systemd.io/manpages
All wiki pages that contain a deprecation banner
pointing to systemd.io or manpages are updated to
point to their replacements directly.
Helpful command for identification of available links:
git grep freedesktop.org/wiki | \
sed "s#.*\(https://www.freedesktop.org/wiki[^ $<'\\\")]*\)\(.*\)#\\1#" | \
sort | uniq
if [[ -d /efi/loader/entries ]] || [[ -d /efi/$MACHINE_ID ]]; then
ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
elif [[ -d /boot/loader/entries ]] || [[ -d /boot/$MACHINE_ID ]]; then
ENTRY_DIR_ABS="/boot/$MACHINE_ID/$KERNEL_VERSION"
elif [[ -d /boot/efi/loader/entries ]] || [[ -d /boot/efi/$MACHINE_ID ]]; then
ENTRY_DIR_ABS="/boot/efi/$MACHINE_ID/$KERNEL_VERSION"
…
In stock Fedora 34-, /efi isn't used, but grub creates /boot/loader/entries and
installs kernels and initrds directly in /boot. Thus the second arm of the
check wins, and we end up with BOOT_ROOT=/boot.
But the important unchanged characteristic is that we iterate over the suffix
first. Sadly this breaks Fedora, because we find /boot/efi/<machine-id> before
we could find /boot/loader/entries. It seems that every possible aspect of
behaviour matters for somebody, so we need to keep the original order of
detection.
Note that we need to check for "loader/entries" too, even though it is not
an entry-token candidate, so that we get the same detection priority as
before.
resolved: use strv_extend_with_size() to avoid slow parsing of /etc/hosts
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43942 is a simple case
where a repeated entry generates a timeout. I didn't import that case, but
generated a simpler one by hand.
$ time build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries
test/fuzz/fuzz-etc-hosts/timeout-many-entries... ok
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries 3.17s (old)
↓
build/fuzz-etc-hosts test/fuzz/fuzz-etc-hosts/timeout-many-entries 0.11s (new)
I considered simply disallowing too many aliases. E.g. microsoft appearently
sometimes ignores entries after the ninth [1], and other systems set stringent
limits [2,3], but the recommended way to get around that is to simply use more
lines (as is done in the sample), so this wouldn't change anything.
Even if we cannot put all those names in a reply packet, the resolution from
the alias to the address should work. I think cases where people define lots
and lots of aliases through some programmatic interface is realistic, for
example for a blocklist, and such a file shouldn't bring resolved down to its
knees.
basic/strv: add optimizable version of strv_push/consume/extend
This will be helpful in cases where we are repeatedly adding entries
to a long strv and want to skip the iteration over old entries leading
to quadratic behaviour.
Note that we don't want to calculate the length if not necessary, so
the calculation is delayed until after we've checked that value is not
NULL.
kernel-install: fix detection of entry-token if $BOOT_ROOT is configured
If $BOOT_ROOT is specified, but entry-token not, we'd skip the detection
altogether, effectively defaulting to entry-token=machine-id.
The case where $BOOT_ROOT was not specied, but entry-token was configured
was handled correctly.
This patch makes the handling of both symmetrical, i.e. will only set what
wasn't configured.
kernel-install: debug the configuration detection if --verbose
No changes to behaviour, but let's print everything out as we discover it.
The docs say that BOOT_ROOT can be specified by the environment. I have
it locally in /etc/kernel/install.conf, and then the override doesn't work.
It'd be nice to handle such cases more reliably.
Khem Raj [Thu, 19 May 2022 18:01:04 +0000 (11:01 -0700)]
Add sys/stat.h for S_IFDIR
Fixes
../git/src/shared/mkdir-label.c:13:61: error: use of undeclared identifier 'S_IFDIR'
r = mac_selinux_create_file_prepare_at(dirfd, path, S_IFDIR);
version comparisons: stop using locale-dependent isdigit()
The docs are not entirely clear what glyphs qualify as digits.
The function is supposed to be locale-dependent, but I couldn't
get it to return true on any non-ascii digits I tried.
But it's better to be safe than sorry, let's use our trivial
replacement instead.
The interface, output, and exit status convention are all taken directly from
rpmdev-vercmp and dpkg --compare-versions. The implementation is different
though. See test-string-util for a list of known cases where we compare
strings incompatibly.
The idea is that this string comparison function will be declared as "the"
method to use for boot entry ordering in the specification and similar
uses. Thus it's nice to allow users to compare strings.
Daan De Meyer [Wed, 18 May 2022 22:44:31 +0000 (00:44 +0200)]
portable: Remove unnecessary assert()
Fixes #23433
matches is plumbed through until it finally gets used in unit_match()
which can deal with NULL matches so the assert() is unnecessary and
can be removed.
The two call sites of extract_image_and_extensions() also don't
assert() on matches either.
No functional change is intended. The verbs where it wasn't immediately
clear if the success exit status is 0 or >= 0 are changed to explicitly
return 0. (I think it's better to be explicit than to rely on some call
stack always returning 0 on success.)
Some other functions are cleaned up to be more idiomatic.
Benjamin Franzke [Tue, 17 May 2022 22:05:38 +0000 (00:05 +0200)]
docs: use relative links
Allows for links to work both on systemd.io (or forks) and
when viewed on https://github.com/systemd/systemd/tree/main/docs
Note that the markdown links are converted by jekyll-relative-links[1]
to html. This plugin is enabled by default on github pages[2][3].
Due to a bug in jekyll-relative-links – see
https://github.com/benbalter/jekyll-relative-links/issues/61 –
we need to avoid line-wrapped links when using relative markdown links.
Benjamin Franzke [Tue, 17 May 2022 11:48:27 +0000 (13:48 +0200)]
docs: overhaul styling for example log messages on startpage
* Use brand-green for demo log messages on the startpage
instead of the default `green` color defined by the browser vendor
(after all, the brand green color is intended to reflect the
boot status output)
* Add a matching blue intro color (mixed using HSL from brand-green
by 55deg hue rotation and 4% lightness)
* Use a defined font-size
(to avoid blurry rendering at 13.33333px, due to font-size: smaller)
* Add possibility for the browser to show horizontal scrollbar
(avoid overflow in mobile view)
Benjamin Franzke [Tue, 17 May 2022 08:38:07 +0000 (10:38 +0200)]
docs: add dark mode
Respect the user agent property `prefers-color-scheme` by
rendering the documentation in dark mode, if requested.
Reorganise CSS to store the color palette into CSS variables
and reference these from another set of CSS variables that
are dynamically switched based on the prefers-color-scheme
media query.
Light mode variables stay they same as before,
but to ease color mixing, the current RGB values
have been transformed to HSL (using chrome devtools).
The current body background is now --sd-gray-extralight,
the current body color is now --sd-gray-extradark.
Other gray-variations, needed for dark-mode constrasts
are derived from these colors using HSL lightness shifting.
The systemd brand black color is used as dark mode background
and a matching extralight gray font color has been selected.
The link font-weight is reduced to 400 in dark mode,
as the green color on dark ground becomes to overwhelming
with a bold font.
The systemd logo color is dynamically swapped by using
the special fill value `currentColor` for dark/light-mode
depending parts – as per specification on brand.systemd.io
Benjamin Franzke [Tue, 17 May 2022 17:05:29 +0000 (19:05 +0200)]
docs: regenerate highlight style and streamline background overwrite
* Update to rougify 3.26.1 styling
* Adapt background overwrite by removing default background color
and only adding explicit overwrites for syntax error
(error stylings appear for example in json-excerpts –
see HACKING.md – and are therefore hidden by our css)
Benjamin Franzke [Tue, 17 May 2022 15:05:22 +0000 (17:05 +0200)]
docs: provide a first level headline for the frontpage
* Provides a nice introduction to the intro paragraph
* Ensures text of subpages start at the same position as the intro text
on the homepage
=> less visual "jumps" while navigating
projects / thirdparty / systemd.git / log
