We are not interested in the struct dirent data, hence there's no point
in passing RECURSE_DIR_ENSURE_TYPE. Let's drop it, and thus avoid some
extrac work on file systems where readdir() does not report .d_type.
Also drop RECURSE_DIR_SAME_MOUNT, because DDIs after all may contain
multiple partitions, and we mount them all together. The --list command
really should report the full set of files in an image.
basic/virt: treat missing /proc as sign of being in a chroot
The logic of running_in_chroot() has been the same since the introduction of
this function in b4f10a5e8956d26f0bc6b9aef12846b57caee08b: if /proc is not
mounted, the function returns -ENOENT and all callers treat this as false. But
that might be the most common case of chrooted calls, esp. in all the naïve
chroots that were done with the chroot binary without additional setup.
(In particular rpm executes all scriptlets in a chroot without bothering to set
up /proc or /sys, and we have codepaths in sysusers and tmpfiles to support
running in such an environment.)
This change effectively shortcircuits various calls to udevadm, downgrades
logging in tmpfiles, and disables all verbs marked with VERB_ONLINE_ONLY in
systemctl. detect-virt -r is also affected:
$ sudo chroot /var/lib/machines/rawhide
before> systemd-detect-virt -r && echo OK
Failed to check for chroot() environment: No such file or directory
after> systemd-detect-virt -r && echo OK
OK
Khem Raj [Tue, 8 Nov 2022 20:21:35 +0000 (12:21 -0800)]
networkd-ipv4acd.c: Use net/if.h for getting IFF_LOOPBACK definition
This helps in avoiding compiling errors on musl. Definition of
IFF_LOOPBACK is the reason for including linux/if_arp.h, this however
could be obtained from net/if.h glibc header equally and makes it
portable as well.
The name "def.h" originates from before the rule of "no needless abbreviations"
was established. Let's rename the file to clarify that it contains a collection
of various semi-related constants.
basic: move a bunch of cmdline-related funcs to new argv-util.c+h
I wanted to move saved_arg[cv] to process-util.c+h, but this causes problems:
process-util.h includes format-util.h which includes net/if.h, which conflicts
with linux/if.h. So we can't include process-util.h in some files.
But process-util.c is very long anyway, so it seems nice to create a new file.
rename_process(), invoked_as(), invoked_by_systemd(), and argv_looks_like_help()
which lived in process-util.c refer to saved_argc and saved_argv, so it seems
reasonable to move them to the new file too.
util.c is now empty, so it is removed. util.h remains.
meson: add version.h as dependency to more targets
version.h can be generated after compilation starts, creating a race condition
between compilation of various .c files and creation of version.h. Let's add it
as a dependency to more build targets that require version.h or build.h.
So far we played whack'a'mole by adding versiondep whenever compilation failed.
In principle any target which includes compilation (i.e. any that has .c
sources directly), could require this. I don't understand why we didn't see
more failures… But it seems reasonable to just add the dependency more widely.
basic: create new basic/initrd-util.[ch] for initrd-related functions
I changed imports of util.h to initrd-util.h, or added an import of
initrd-util.h, to keep compilation working. It turns out that many files didn't
import util.h directly.
When viewing the patch, don't be confused by git rename detection logic:
a new .c file is added and two functions moved into it.
It's a bit silly to have a separate file that one short test, but this is the
last part of the test code that is misplaced, and here consistency beats
brevity.
sd-journal: make prot_from_flags() static and rename
The function had just one caller and a name that didn't explain much.
Let's make it static and rename for clarity.
While at it, the only caller was not doing error handling correctly
— the function would potentially return a negative error value which
wasn't handled. In practice this couldn't happen, but let's remove
this ambiguity.
semaphore: remove the Semaphore repositories recursively
The list of disabled repositories was recently converted from a single
file into a directory with separate repository files, so let's adjust
the setup script accordingly.
```
$ ls -lR /etc/apt/sources.list.d/
/etc/apt/sources.list.d/:
total 36
-rw-r--r-- 1 root root 76 Nov 3 10:28 azure-cli.list
-rw-r--r-- 1 root root 72 Nov 3 10:22 bazel.list
drwxr-xr-x 2 root root 4096 Nov 3 10:31 disabled
-rw-r--r-- 1 root root 113 Nov 3 10:13 docker-source.list
-rw-r--r-- 1 root root 367 Nov 3 10:28 github_git-lfs.list
-rw-r--r-- 1 root root 111 Nov 3 10:25 google-chrome-source.list
-rw-r--r-- 1 root root 64 Nov 3 10:14 google-cloud-sdk.list
-rw-r--r-- 1 root root 54 Nov 3 10:23 helm-stable-debian.list
-rw-r--r-- 1 root root 89 Nov 3 10:29 yarn-source.list
/etc/apt/sources.list.d/disabled:
total 20
-rw-r--r-- 1 root root 100 Nov 3 10:23 devel_kubic_libcontainers_stable.list
-rw-r--r-- 1 root root 103 Nov 3 10:27 git.list
-rw-r--r-- 1 root root 105 Nov 3 10:22 gradle.list
-rw-r--r-- 1 root root 118 Nov 3 10:13 pypy.list
-rw-r--r-- 1 root root 104 Nov 3 10:13 python.list
```
fstype_can_uid_gid() is about fixating all files to the specified
uid/gid. tmpfs does not qualify. The uid/gid parameter there is simply
about the default uid/gid for the root inode of the tmpfs, it allows
setting uids/gid arbirarily for all inodes after that.
This distinction matters: for file systems this function returns true
for we can use this in place of uidmapped mounts. But for tmpfs this is
not going to work, given inodes on that fs can end up having arbitrary
uid/gid.
Jan Macku [Wed, 12 Oct 2022 13:37:00 +0000 (15:37 +0200)]
ci(dev-freeze): Use GitHub Action for PR comments
GitHub Action `devel-freezer` helps with development freeze notifications
during the RC phase. It will create comments using predefined messages on
newly created and updated PRs when the RC tag has been released.
Also, it will update comments once a new major version has been released.
Documentation available at: https://github.com/redhat-plumbers-in-action/devel-freezer
stdout:
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-01-dev-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-02-dhcp.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-03-dhcp6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-04-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-05-nfs4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-06-ipv4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-07-ipv6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-08-implicit-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-09-cifs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-10-iscsi.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-11-live.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
--- /dev/fd/63 2022-11-04 15:39:13.131532174 +0100
+++ /dev/fd/62 2022-11-04 15:39:13.131532174 +0100
@@ -6,3 +6,4 @@
initrd-usr-fs.target.requires
initrd-usr-fs.target.requires/sysroot.mount
sysroot.mount
+systemd-fsck-root.service
**** Unexpected output for /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
stderr:
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on CIFS was requested.
Skipping root directory handling, as root on iSCSI was requested.
Skipping root directory handling, as root on live image was requested.
Found entry what=/dev/sdx1 where=/sysroot type=n/a opts=ro
Checking was requested for /dev/sdx1, but the fsck command does not exist.
Since f7725647bb41c3398a867f139efe526efe8aa1b3 when dissecting a disk
image we operate with fds to the device nodes in question wherever we
can. This includes when we fork off fsck, where we pass a /proc/self/fd/
path as argument. This only works if we keep that fd open however and
disable O_CLOEXEC on the fd. Hence do so, and fix fsck this way.
(Without this, all fsck will fail, since the fd path is invalid)
process-util: add new FORK_CLOEXEC_OFF flag for disabling O_CLOEXEC on remaining fds
Often the fds that shall stay around in the child shall be passed
to a process over execve(), hence add an option to explicitly disable
O_CLOEXEC on them in the child.
Luca Boccassi [Thu, 3 Nov 2022 20:10:57 +0000 (20:10 +0000)]
tmpfiles.d: do not fail if provision.conf fails
On a read-only filesystem creating /root/.ssh might fail, but that's ok.
Do not fail the run, as this is only needed to add the credential, which
is a separate step.
Franck Bui [Fri, 4 Nov 2022 11:24:10 +0000 (12:24 +0100)]
tests: make test-execute pass on openSUSE
In my understanding user group "3" (aka "sys") is kept for historical reasons
but not really useful these days. That's probably explained why this group
isn't defined on openSUSE.
Hence let's drop reference to this user group, this shouldn't lessen the
revelance of the test since SupplementaryGroups= is still tested with 2 other
groups.
Luca BRUNO [Thu, 3 Nov 2022 15:11:00 +0000 (15:11 +0000)]
sysusers: cross-check user and group names too
This adds an additional name check when cross-matching new group
entries against existing users, which allows coalescing entries
matching both ID and name.
It provides a small idempotence enhancement when creating groups
in cases where matching user entries are in place. By fine-tuning
the conflict detection logic, this avoids picking up new random
IDs and correctly prefers configuration values instead.
Yu Watanabe [Thu, 3 Nov 2022 00:39:36 +0000 (09:39 +0900)]
udev: first set properties based on usb subsystem
After 479da1107a0d4e2f7ef5cd938512b87a0e45f180, the usb_id builtin
command does not set ID_SERIAL if ID_BUS is already set.
Before the commit, all properties set based on pci bus were overwritten
by the usb_id, hence now it is sufficient setting them only when ID_BUS is
not set yet.
Samuel Thibault [Tue, 1 Nov 2022 15:53:02 +0000 (16:53 +0100)]
shutdown: Add Xen kexec support
In the Xen case, it's the hypervisor which manages kexec. We thus
have to ask it whether a kernel is loaded, instead of relying on
/sys/kernel/kexec_loaded.
Also, fix a race condition introduced by d16684fe13:
```
[ 16.904218] H testsuite-26.sh[394]: + systemd-run --unit failed.service /bin/false
[ 16.964783] H systemd[845]: failed.service: Executing: /bin/false
[ 16.965062] H systemd[1]: Started failed.service.
[ 16.965462] H testsuite-26.sh[844]: Running as unit: failed.service
[ 16.966390] H testsuite-26.sh[394]: + systemctl is-failed failed.service
[ 16.977970] H testsuite-26.sh[846]: active
[ 16.978403] H systemd[1]: failed.service: Main process exited, code=exited, status=1/FAILURE
[ 16.978478] H systemd[1]: failed.service: Failed with result 'exit-code'.
```
Yu Watanabe [Tue, 1 Nov 2022 21:49:26 +0000 (06:49 +0900)]
test-network: wait for bound interface to be processed by udevd
If another bound interface (dummy98) will be removed before that dummy99
is processed by udevd, then removing dummy98 in the next step makes the
target interface (test1) bring down.
Jörg Thalheim [Thu, 27 Oct 2022 13:59:56 +0000 (15:59 +0200)]
update credentials when reloading a service
Many long-running services will reload configuration and therefore
credentials on reload. Therefore its useful if a service reload will
also update credentials.
Tested in https://github.com/numtide/systemd-vaultd/pull/12
projects / thirdparty / systemd.git / log
