In 5118e8e71dda211d20e34ec8d3012186ba27d3d3, the rules were changed to add
OPTIONS="string_escape=replace" to creation of
ENV{ID_SERIAL}="$env{ID_MODEL}_$env{ID_SERIAL_SHORT}", so that "/" would be
escaped. But this also changes how the symlink looks for devices that do not
have "/". This adds back the old symlink for compat, except when a slash
is present.
In the meantime, we changed the symlink format to include ${ND_NSID}. Since
the symlink with unescaped characters are older than that, for compat we
only need to cover the older type. (Symlinks without escaping and with ${ND_NSID}
were never created.) This makes it slightly easier on users: the non-deprecated
symlinks are with "_${ND_NSID}", so they are easier to distinguish.
Fixes #27155.
Mostly untested :( I only have a boring nvme device with no special characters
in the id, and the symlinks are unchanged for it by this patch.
localed: fix invalid free after shifting pointers using strstrip
After manually editing /etc/locale.gen, calling localectl set-locale
sometimes fails. When it fails, the systemd journal shows:
systemd-localed: free() / invalid pointer.
It turned out that it only fails if some of the uncommented lines in
/etc/locale.gen have leading spaces, as in:
* C.UTF-8 <= OK
* en_US.UTF-8 <= OK
* fr_FR.UTF-8 <= NOK
After parsing a line from /etc/locale.gen, we use strstrip() to obtain
the "trimmed" line (without leading or trailing spaces).
However, we store the result of strstrip() in the original pointer
containing the untrimmed line. This pointer is later passed to free
(this is done automatically using _cleanup_free_).
This is a problem because if any leading space is present, the pointer
will essentially be shifted from its original value. This will result in
an invalid free upon cleanup.
The same issue is present in the locale_gen_locale_supported function.
Fixed by storing the result of strstrip() in a different pointer.
man/systemd-mount: Clearify documentation about --bind-device
The documentation suggests that the mount point (i.e. the directory
where the device is mounted) is removed when the device vanishes.
However only stopping of the automount unit is implemented.
resolve: change DNS_PACKET_UNICAST_SIZE_LARGE_MAX to 1232 (#27171)
The old common default was 4096, until 2020 on which all DNS servers (verified
on BIND9, NSD, Unbound, dnsmasq) switched to 1232 as an agreed max size [1].
This also migrates the configuration to the new format that was
just merged in mkosi. Specifically, we make use of the new [Match]
sections to only include specific config snippets per distro.
Kai Lueke [Thu, 6 Apr 2023 08:32:33 +0000 (17:32 +0900)]
systemd-sysext/confext.service: Refresh on start/reload
When adding a sysext image to the system and manuall merging it, a
later "systemctl (re)start systemd-sysext" won't work because "merge"
refuses to work when something is merged already. Another problem with
"merge" at start plus "unmerge" at stop is that a service restart can't
make use of the new MOVE_MOUNT_BENEATH in the future even which would
only be available in "refresh". It also prepares us for setting up the
merged overlay for the sysroot from the initrd already, which also
would lead to the mentioned start problem of the service (One
optimization could be to skip the loading but only if we are sure that
all images were loaded and weren't modified since - this assumption is
hard because early services could want to inject a sysext, too).
Use "refresh" on service start to fix the problem that the service
can't start as soon as a manual merge was done. Also add a reload
action that allows to issue "systemctl reload systemd-sysext" and it
will make use of MOVE_MOUNT_BENEATH once we implement this in
systemd-sysext refresh (and it's available from the kernel).
Kai Lueke [Thu, 6 Apr 2023 08:30:34 +0000 (17:30 +0900)]
man/systemd-dissect.xml: Remove old sysext path, add confext path
The /usr/lib/extensions/ location for systemd-sysext images is not
supported anymore. In https://github.com/systemd/systemd/pull/26013
systemd-confext images got introduced and we can list its path under
/usr instead.
With certain fstabs we may propagate ENXIO from the $SYSTEMD_SYSFS_CHECK
check all the way up, making fstab-generator exit with a non-zero EC and
without any helpful message, which is really confusing.
maanyagoenka [Wed, 29 Mar 2023 20:35:18 +0000 (20:35 +0000)]
confext: add multi call functionality to sysext
The confext concept is an extension of the existing sysext concept and
allows to extend the host's filesystem or a unit's filesystem with signed
images that add new files to the /etc/ directory using OverlayFS.
maanyagoenka [Wed, 29 Mar 2023 20:34:21 +0000 (20:34 +0000)]
extension-release: establish compatibility between host file and extension-release file
The release file that accompanies the confext images needs to be
host compatible to be able to be merged into the host /etc/ directory.
This commit checks for version compatibility between the image file and
the host file.
maanyagoenka [Fri, 24 Feb 2023 00:37:52 +0000 (00:37 +0000)]
os-util: add a new confext image type and the ability to parse their release files
Adds a new image type called IMAGE_CONFEXT which is similar to IMAGE_SYSEXT but works
for the /etc/ directory instead of /usr/ and /opt/. This commit also adds the ability to
parse the release file that is present with the confext image in /etc/confext-release.d/
directory.
- Remove useless serial console configs
- Add CONFIG_SERIAL_8250_PCI so that qemu's virtconsole works properly
- Add CONFIG_DMI and CONFIG_DMI_SYSFS so that SMBIOS credentials work
- Add CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC so we can read the
current kernel config from /proc/config.gz
- Add CONFIG_IOSCHED_BFQ to get rid of a udev error on boot on Fedora
- Add CONFIG_HW_RANDOM_VIRTIO to get hw rng in qemu
- Add CONFIG_SECURITY_YAMA to get rid of warning from sysctl on boot
- Add CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS to enable vsock support
We have some missing coverage in the CI, all builds enable these features,
but there are often changes and they cover a lot of code. Do one build
without them to ensure we don't break builds.
Yu Watanabe [Fri, 31 Mar 2023 07:07:23 +0000 (16:07 +0900)]
machine-id-setup: do not read host's machine ID when root directory is specified
If a root directory is specified, and e.g. /var under the root directory
is a symlink to the host's /var, then we wrongly read host's machine ID,
even if O_NOFOLLOW is set.
Let's chase the path with CHASE_NOFOLLOW to refuse such case.
Also, refuse null ID, otherwise we may setup machine ID with NULL.
manager: remove transient unit directory during startup
I was testing transient units and user@.service crashed. I restarted it, and
tried to create a transient unit. It failed because
/run/user/1000/systemd/transient/ remained after the previous aborted run:
Failed to start transient service unit: Unit run-u0.service was already loaded or has a fragment file.
Remove the directory during initial startup so we don't get confused by our own
files.
core: a more informative error when SetProperties/StartTransientUnit fails
I was changing how some properties are appended to the StartTransientUnit call
and messed up the message contents. When something is wrong with how the
message is structed, we would return a very generic
"Failed to start transient service unit: No such device or address".
Mention that it was property setting that failed, and translate ENXIO to a
different message. bus_unit_set_properties() or any of the children it calls
may also return other errors, in particular EBADMSG or ENOMEM, but the error
message that is generated for those is understandable, so we don't need to
"translate" them explicitly.
bus_unit_set_properties() is called from two places, so it seems nicer to
generate the message internally, rather than ask the caller to do that. Also,
now bus_unit_set_properties() always sets <error>, which is nicer for the
callers.
man: move description of command line substitution out of ExecStart=
The description was split — part was under ExecStart= and part in "Command lines".
Now the whole generic part is moved to the separate section, and under ExecStart=
only the stuff that is specific to that option is described.
This just moves the text and removes some repetitions.
The function had a provision for NULL input, and would return NULL, but that
looks like an error and all callers pass in a non-NULL arg and report oom on
NULL. So assert that the input is non-NULL.
All callers specifed the output buffer, so we can simplify the logic to only
make an allocation if appropriate and change the return type to 'const *'.
Previously, journal file is always compressed with the default algorithm
set at compile time. So, if a newer algorithm is used, journal files
cannot be read by older version of journalctl that does not support the
algorithm.
Co-authored-by: Colin Walters <walters@verbum.org>
projects / thirdparty / systemd.git / log
