1. Use Type=notify to wait until "resolvectl monitor" successfully
installed its monitor, so that we know that queries enqueued later
will definitely be seen.
2. Use "grep -m1" to watch "journalctl -f" output to wait precisely for
the RR data we want to see, and immediately exit.
This shortens code quite a bit, and should make it more robust.
resolved: add generic formatters for RRs into JSON
For now we can use it to send broken-down records of JSON via the
monitor logic, but one day we can certainly reuse for dumping the
caches, or to implement a ResolveRecord() varlink call one day.
The socket is only accessible to privileged clients anyway, no need to
add another (user unfriendly) restriction via opt-in setting. let's just
allow this for privileged clients, mirroring "busctl monitor", or
"tcpdump" and similar, which all just work if you have privs.
(This does not break API, since we never did a release witht the
"Monitor" dbus property or config setting in place, i.e. with cb456374e096f0ebe9b70d7ddd98e16a4be24ee6)
sd-event: add helper for exiting event loop on SIGTERM/SIGINT
In many (most?) of our event loops we want to exit once SIGTERM/SIGINT
is seen. Add a common helper for that, that does the right things in a
single call.
sd-event: if signal nr has high bit set sd_event_add_signal() auto-block it via sigprocmask()
So far we expected callers to block the signals manually. Which is
usually a good idea, since they should do that before forking off
threads and similar. But let's add a mode where we automatically block
it for the caller, to simplify things.
test: wait until the unit finishes before checking the log
Otherwise we might read an incomplete log and fail:
```
test_added_after (__main__.ExecutionResumeTest) ... FAIL
test_added_before (__main__.ExecutionResumeTest) ... ok
test_interleaved (__main__.ExecutionResumeTest) ... ok
test_issue_6533 (__main__.ExecutionResumeTest) ... ok
test_no_change (__main__.ExecutionResumeTest) ... ok
test_removal (__main__.ExecutionResumeTest) ... ok
test_swapped (__main__.ExecutionResumeTest) ... ok
======================================================================
FAIL: test_added_after (__main__.ExecutionResumeTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/build/./test/test-exec-deserialization.py", line 152, in test_added_after
self.check_output(expected_output)
File "/build/./test/test-exec-deserialization.py", line 107, in check_output
self.assertEqual(output, expected_output)
AssertionError: 'foo\n' != 'foo\nbar\n'
foo
+ bar
----------------------------------------------------------------------
Ran 7 tests in 27.470s
```
Adam Williamson [Thu, 29 Sep 2022 19:58:03 +0000 (12:58 -0700)]
kbd-model-map: correct variants for cz-qwerty to include comma
As explained by @poncovka , the 'xvariant' string should contain
the same number of comma-separated elements as 'xlayout'. When
we have two layouts we need two items in xvariant, in this case
one of them is empty.
See https://github.com/rhinstaller/anaconda/pull/4355#pullrequestreview-1119913870
for @poncovka's full explanation.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Add special keyboard combos for Thinkpad P1 Gen 3 (#24862)
* Add special keyboard combos for Thinkpad P1 Gen 3
These are based on the key codes I've found with evtest. See issue
https://github.com/systemd/systemd/issues/24814 for more details.
I'm not entirely sure what some of these keys are supposed to do,
notably Fn+RShift; this doesn't seem to do anything in Windows on
my machine. Binding them to prog# makes them available to desktop
managers' key bindings at least, in case someone wishes to make
use of this extra keybind possibility.
udevadm: do not try to find device unit when a path like string is provided
Otherwise, we provide misleading error message.
Before:
---
$ udevadm info /sys/class/foo
Bad argument "/sys/class/foo", expected an absolute path in /dev/ or /sys/ or a unit name: Invalid argument
---
After:
---
$ udevadm info /sys/class/foo
Unknown device "/sys/class/foo": No such device
---
docs/CONTRIBUTING: explain various labels and add link to "reviewable" PRs
The linked filter gives an up-to-date list of pull requests that need review.
(Yes, there's too many.) We used to set 'needs-review' label, but that is
not available to non-members, and also every pull requests which is not labeled
'reviewed/needs-rework'/'ci-fails/needs-rework'/'needs-rebase' can and should
be reviewed.
If this is merged, I'll drop the 'needs-review' label.
test: wrap `ls` and `stat` to make it work w/ sanitizers in specific cases
When `/etc/nsswitch.conf` uses `systemd` together with `[SUCCESS=merge]`,
`ls -l` will pull in `libnss_systemd` causing `SIGABRT`, as `ls` is not
instrumented (by default):
```
-bash-5.1# strace -f -e %file ls -l /dev
execve("/usr/bin/ls", ["ls", "-l", "/dev"], 0x7ffc3bb211c8 /* 24 vars*/) = 0
...
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=1896, ...}, AT_EMPTY_PATH) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=359, ...}, 0) = 0
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=965, ...}, AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=10779, ...}, AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/usr/lib/libnss_systemd.so.2", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=16195176, ...}, AT_EMPTY_PATH) = 0
openat(AT_FDCWD, "/usr/lib/libasan.so.8", O_RDONLY|O_CLOEXEC) = 3
...
readlink("/proc/self/exe", "/usr/bin/ls", 4096) = 11
open("/proc/self/cmdline", O_RDONLY) = 3
open("/proc/self/environ", O_RDONLY) = 3
==620==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=620, si_uid=0} ---
+++ killed by SIGABRT (core dumped) +++
Aborted (core dumped)
```
This also happens with `stat`. Let's add both `ls` and `stat` to the "wrap list"
to work around this.
resolve: persist DNSOverTLS configuration in state file
Currently, NetworkManager will set DNSOverTLS according to its
`connection.dnsovertls` configuration only once during connection,
instead of every single restart of systemd-resolved, causing resolved to
lose the configuration on restart.
Fix this by persisting DNSOverTLS in the runtime state file, which will
also make it more consistent with other interface-specific settings.
tmpfiles: downgrade message about unitialized-/etc
If we're running with --root, or in a chroot (*), it's expected that machine-id
and other specifiers will be unresolvable, so downgrade the warning to debug.
Fixes #24655.
(*) sd_booted() in principle means more than that, but nowadays systemd
dominates and those others things are infrequently seen.
Instead of translating errors at various levels, let the "original" errno value
(whatever was returned by the low-level reading function) propagate all the way
to the logging function, and only check which errnos to suppress there. This
makes it easier to follow the flow of data through all the layers. Also, we
don't need to provide wrapper functions for each place where we want to do the
supression.
The common set of errnos that have similar meaning are are caught using
ERRNO_IS_NOINFO(). It is more managable to use a wider net than to figure out
which errors could be returned in specific cases.
Since open-iscsi 2.1.2 [0] the initiator name should be generated via
a one-time service instead of distro package's post-install scripts.
However, some distros still use this approach even after this patch,
so prefer the already existing initiatorname.iscsi file if it exists.
The original issue that the above commits tried to 'fix' is that reading
phys_port_name triggers a lock in the kernel, hence processing multiple
interfaces at the same time causes extreme slow down.
To workaround the issue, the above commits made several necessary
information retrieved through netlink instead of sysfs attributes.
A patch set for the kernel was proposed as a fix for the issue:
https://lore.kernel.org/all/20210928125500.167943-1-atenart@kernel.org/
and some of them were merged to v5.16:
https://github.com/torvalds/linux/commit/146e5e733310379f51924111068f08a3af0db830,
It has been already backported to 5.4.160, 5.10.80, 5.14.19, and 5.15.3.
When these commits were proposed, it is already claimed that such issue
should be fixed by the kernel side, and udevd should not workaround it.
Neverthless the feature was introduced, as these have theoretical
performance improvement, even if phys_port_name sysattr does not have the
above issue, as in that way udevd can obtain multiple information about
the interface with a single netlink socket operation. See the discussion
in #20744.
However, in reality, only `iflink`, `type`, `address`, and `phys_port_name`
attributes from netlink are used in the udev net_id builtin command. Hence,
after the original issue being fixed in the kernel side, there should be
almost no performance improvement for udevd.
Furthermore, combining attributes from netlink and sysfs makes hard to
test net_id builtin. See #21725.
Let's drop mostly meaningless code, and make net_id builtin easily testable.
Jan Janssen [Fri, 23 Sep 2022 07:54:03 +0000 (09:54 +0200)]
fuzz: Introduce DO_NOT_OPTIMIZE
The compiler may decide computations like these are not doing anything
and decide to optimize them away. This would defeat the whole fuzzing
exercise. This macro will force the compiler to materialize the value
no matter what. It should be less prone to accidents compared to using
log functions, which would either slow things down or still optimize the
value away (or simply move it into the if branch the log macros create).
The benefit over assert_se would be that no requirement is made on the
value itself. If we are fine getting a string of any size (including
zero), an assert_se would either create a noisy compiler warning about
conditions that would alawys be met or yet again optimize the whole
thing away.
Fixes compile error with -Dopenssl=false.
```
In file included from ../../home/watanabe/git/systemd/src/shared/pkcs11-util.h:12,
from ../../home/watanabe/git/systemd/src/cryptenroll/cryptenroll.c:24:
../../home/watanabe/git/systemd/src/shared/openssl-util.h:56:21: error: conflicting types for ‘X509’; have ‘struct X509’
56 | typedef struct X509 X509;
| ^~~~
In file included from /usr/include/openssl/crypto.h:25,
from /usr/include/openssl/bio.h:20,
from /usr/include/openssl/asn1.h:16,
from /usr/include/openssl/ec.h:17,
from /usr/include/fido.h:10,
from ../../home/watanabe/git/systemd/src/shared/libfido2-util.h:18,
from ../../home/watanabe/git/systemd/src/cryptenroll/cryptenroll-fido2.h:7,
from ../../home/watanabe/git/systemd/src/cryptenroll/cryptenroll.c:6:
/usr/include/openssl/ossl_typ.h:123:24: note: previous declaration of ‘X509’ with type ‘X509’ {aka ‘struct x509_st’}
123 | typedef struct x509_st X509;
| ^~~~
```
On socket creation respect the SELinuxContext= setting of the associated
service, such that the initial created socket has the same label as the
future process accepting the connection (since w.r.t SELinux sockets
normally have the same label as the owning process).
dissect: Process verity sig partitions if a root hash is specified
If a root hash is specified, we should be checking that it matches
the root hash in the verity signature partition, so let's not skip
processing of the verity signature partitions if a root hash is
specified.
projects / thirdparty / systemd.git / log
