core: escape ExecStart command-line received over d-bus
When some transient unit setting is received over D-Bus, we write it it to a
transient unit file. We escape backslashes and specifiers. For most settings
this is enough, because most settings only do parsing and interpolation of
specifiers. When systemd-run is called (or something equivalent that gives us a
command strv), we write ExecStart=, but when reading it, we not only do parsing
and interpolation of specifiers, but also split on semicolons and do variable
substitution. This results in an ugly situation where the commandline is
interpolated twice, once on the caller side, and once in the manager.
I think we need to treat this as a bug: current behaviour seems to be an
accident of implementation and hard to explain in a reasonable way. If we
*were* doing specifier expansion, then it'd be somewhat reasonable so say that
"the commandline is handled the same as ExecStart=". But since we explicitly
prevent specifier expansion, we best we could say is "the commandline has some
subset of features of ExecStart=". I think this is not useful, and unexpected
by users. Since most people use use a shell to call systemd-run, one level of
variable expansion is already done on the caller side, and having to take into
account another level of expansion (with slightly different rules), creates a
big mental overhead when the commandline needs to include a dollar character or
such. Not doing any expansion is much cleaner and easier to explain or use.
Thus I think it's better to change behaviour here, even though in principle
some people could be relying on current behaviour. I think it's more likely
that nobody noticed, because people generally don't use systemd-run for
complicated commandlines.
Thus this commit adds an additional mode of escaping that prevents variable
explansion and other elements of ExecStart= syntax. I looked over all the
places where unit_escape_setting() is called, and I think that only two need to
be changed to use the new flag.
David Jaša [Tue, 23 Aug 2022 21:58:09 +0000 (23:58 +0200)]
check-os-release.py compatible with Python < 3.8
The ":=" operator was only added in Python 3.8 so splitting the line with it into two makes check-os-release.py actually fulfill its claim of working with any python version.
Luca Boccassi [Tue, 2 Aug 2022 19:07:35 +0000 (20:07 +0100)]
service: set TRIGGER_UNIT= and TRIGGER_PATH= on activation by path unit
When a service is triggered by a path unit, pass the
path unit name and the path that triggered it via env vars
to the spawned processes.
Note that this is best-effort, as there might be many triggers
at the same time, but we only get woken up by one.
Luca Boccassi [Tue, 2 Aug 2022 18:49:20 +0000 (19:49 +0100)]
core: add basic infrastructure to record unit activation information
Not wired in by any unit type yet, just the basic to allocate,
ref, deref and plug in to other unit types.
Includes recording the trigger unit name and passing it to the
triggered unit as TRIGGER_UNIT= env var.
Daan De Meyer [Mon, 22 Aug 2022 11:21:07 +0000 (13:21 +0200)]
mkosi: Ensure we build all features/components in mkosi
Explicitly enable all features/components in the mkosi build to
ensure they all get built and we get an error if they can't be built.
We also rework the packages sections of all mkosi configs to reduce
duplication and cover all the dependencies necessary to build/use all
systemd features.
Note that for the final image, since systemd is installed by default
in base images, we rely on that to install the base library dependencies
and we only list extra optional dependencies and tools that aren't already
installed by default into the base image.
We also drop the centos stream 8 mkosi build as dependencies on that
distro are too out-of-date to be able to build all systemd features.
Since centos stream 9 has been out for a while, let's focus on that
and leave it to downstream to keep systemd building on centos stream 8.
Finally, there's a few additions to the mkosi scripts to make sure
services don't start by default on boot.
Frantisek Sumsal [Mon, 22 Aug 2022 20:04:51 +0000 (22:04 +0200)]
test: install /etc/default/knot if available as well
The knot.service on Ubuntu Jammy loads an env file which we didn't
install, causing the service to fail:
```
knot.service: Will spawn child (service_enter_start_pre): /usr/sbin/knotc
knot.service: Failed to load environment files: No such file or directory
knot.service: Failed to run 'start-pre' task: No such file or directory
knot.service: Failed with result 'resources'.
knot.service: Service will not restart (restart setting)
```
Jan Janssen [Wed, 10 Aug 2022 07:47:42 +0000 (09:47 +0200)]
meson: Downgrade efi-ld warning
The warning isn't that serious and mostly there to inform the user that
lld/mold cannot build efi binaries. It is also better to build test with
fatal meson warnings.
measure: add --current switch for "systemd-measure calculate"
This allows allows shortcutting measurements of the specified files and
use the information from /sys/ instead.
This is not too useful on its own given that "systemd-measure status"
already exists which displays the current, relevant PCR values. The main
difference is how "complete" the information is. "status" will detect if
the measurements make any sense, and show more than PCR 11. "calculate
--current" otoh only reads PCR 11 and uses that, and that's really it.
This is mainly preparation for later work to add PCR signing to the
tool, where usually it makes most sense to sign prepared kernel images,
but for testing it's really useful to shortcut signing to the current
PCR values instead
tree-wide: use path_join() instead of prefix_roota() in various cases
prefix_roota() is something we should stop using. It is bad for three
reasons:
1. As it names suggests it's supposed to be used when working relative
to some root directory, but given it doesn't follow symlinks (and
instead just stupidly joins paths) it is not a good choice for that.
2. More often than not it is currently used with inputs under control of
the user, and that is icky given it typically allocates memory on the
stack.
3. It's a redundant interface, where chase_symlinks() and path_join()
already exist as better, safer interfaces.
Hence, let's start moving things from prefix_roota() to path_join() for
the cases where that's appropriate.
Previously, the test would rely on the fact that systemd-hwdb would
follow symlinks outside of the --root= hierarchy. That's a bug however,
and systemd-hwdb shouldn't do that. Hence let's remove the fact that the
test relies on it, so that we can then fix systemd-hwdb (specifically:
conf_files_list()) accordingly.
Tomáš Hnyk [Sun, 21 Aug 2022 11:34:20 +0000 (13:34 +0200)]
Add support for Fn+PrtSc on Thinkpads
This adds support for Fn+PrtSc on my Lenovo Thinkpad Extreme gen 2. Judging by the picture on the key, it should probably instead of prog2 be "selective_screenshot" (that is a possible value from judging this list https://gist.githubusercontent.com/samvel1024/02e5675e04f9d84f098e98bcd0e1ea12/raw/e18d950ce571b4ff5c832cc06406e9a6afece132/keynames.txt ) but that does not register with evtest at all. With this change, evtest reports:
```
Event: time 1661081631.027773, type 1 (EV_KEY), code 149 (KEY_PROG2), value 1
Event: time 1661081631.027773, -------------- SYN_REPORT ------------
Event: time 1661081631.027886, type 1 (EV_KEY), code 149 (KEY_PROG2), value 0
Event: time 1661081631.027886, -------------- SYN_REPORT ------------
```
I am not sure if systemd is the right place to add this, if not, please refer me somewhere else.
Frantisek Sumsal [Sat, 20 Aug 2022 19:57:18 +0000 (21:57 +0200)]
hashmap: use assert_se() to make clang happy
Otherwise it complains about a set but unused variable:
```
../src/basic/hashmap.c:1070:48: error: variable 'n_rehashed' set but not used [-Werror,-Wunused-but-set-variable]
unsigned old_n_buckets, new_n_buckets, n_rehashed, new_n_entries;
^
1 error generated.
```
Aryan singh [Sat, 20 Aug 2022 10:02:54 +0000 (15:32 +0530)]
hwdb: Add Avita Liber NS13A2 (#24376)
This fixes the discrepancies in the coordinate ranges for the touchpad, touchpad in this device(NS13A2) is generic and the same one is used in most models.
Frantisek Sumsal [Fri, 19 Aug 2022 14:30:24 +0000 (16:30 +0200)]
test: correctly process multiline strings in $KERNEL_APPEND
Some tests (like TEST-02) set a multiline string to $KERNEL_APPEND
(which is a valid thing to do), unfortunately we'd use only the first
line of it and throw the rest away, e.g:
```
$ printf "%s" "$x"
hello
this is a multiline
kernel command line
$ read -ra out <<< "$x"
$ printf "%s" "${out[@]}"
hello
```
Let's use readarray/mapfile instead to avoid this:
Add a new tpm2_parse_pcr_argument() helper that unifies how we merge PCR
masks in a single function, we can use all over the place. Previously we
had basically the same code for this at 4 places.
Michal Sekletar [Tue, 2 Aug 2022 10:38:30 +0000 (12:38 +0200)]
rules: import previous SYSTEMD_READY state for suspended DM devices and skip other rules
We can't get any FS meta-data from a suspended device. Hence defer
making any plugged/unplugged decisions, i.e. we just import whatever was
previous state and skip processing all other rules.
Thanks Lennart Poettering <lennart@poettering.net> for suggesting this
solution.
Rene Hollander [Sat, 13 Aug 2022 19:38:02 +0000 (21:38 +0200)]
Add --efi-boot-option-description argument to bootctl to control the name of the boot
entry.
By default an entry named "Linux Boot Manager" is created (which is the
previous behavior). With the flag the name of the entry can be
controlled, which is useful when installing systemd-boot to multiple ESP
partitions and having uniquely named entries.
cryptsetup: make sure all token-based codepaths are effected by SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var
Previously the env var was only checked when conditionalizing use of our
own libcryptsetup loadable token modules. But let's also use it for any
other kind of token module, including possible internal ones by
libcryptsetup.
projects / thirdparty / systemd.git / log
