veritysetup: remove double escaping of data device + hash device spec
generator_write_veritysetup_service_section() already escapes the
parameters internally, doing so in the caller means double escaping,
which is a bug. Fix it.
create_device() and create_disk() so far did very similar things, but
the name didn't give a hint what the difference was.
Hence let's rename them to create_special_device() and
create_veritytab_device() to make this more understandabe, as one
creates /proc/cmdline specified roothash=/usrhash= devices, and the
other one devices for items listed in /etc/veritytab.
{crypt|verity}setup: replace dep on systemd-tmpfiles-setup-dev.service by modprobe@loop.service
Both should have the same effect: the /dev/loop-control devices should
become available. systemd-tmpfiles-setup-dev.service creates the device
node "dry" based on modalias data, while modprobe@loop.service creates
it fully, because the module backing it is loaded properly. This should
shorten the deps chain a bit, simplify things and allows us to focus on
the stuff we actually need (i.e. the loopback infra) instead of all
entrypoints anyone might possibly need (i.e. the device nodes)
veritysetup-generator: only generate one set of deps on systemd-tmpfiles-setup-dev.service
If both the data and the hash device are a regular file we might create
two sets of deps on s-t-s-d.s, which is of course redundant. Shorten the
code to only generate this once.
Hence it appears reasonably safe to special case these volume names.
Note that a similar logic is implemented in fstab-generator and in fact
PID 1 to treat the root mount and /usr/ mount specially too, to avoid
trying to umount it at shutdown. (This is what fstab_is_extrinsic()
checks).
This should ensure that if /usr/ or / is for some reason a LUKS medium
we won't try to detach it during runtime, which likely fails, since we
run off it.
Note this also moves an ordering dep towards umount.target under the
x-initrd.attach check, becasue that's where the crucial conflicts dep is
placed too.
units: don't stop blockdev@.target unit at shutdown
We want that cryptsetup/veritysetup devices can stick around until the
very end, as well as the users of them which might depend on
blockdev@.target for the devices. Hence leave the targets around till
the very end.
Note that their runtime is managed via StopWhenUnneeded= anyway, hence
unless their are volumes that actually survive still the very end they
target units will still be stopped.
units: set DefaultDependencies=no for veritysetup slice
This mimics what we already have for cryptsetup services: the slice they
are placed in (they have their own slice since that's what we do by
default for instantiated services) shouldn't conflict with
shutdown.target, so that veritysetup services can stay around until the
very end (which is what we want for the root and usr verity volumes).
It's literally just a copy of the same unit we already have for
cryptsetup, just with an updated description string.
veritysetup-generator: use generic veritysetup writers at one more place
Let's use the common generator_write_veritysetup_unit_section(),
ggenerator_write_veritysetup_service_section(), generator_add_symlink()
implementation we already have at one more place.
This mostly generates the same unit, but for the first time hooks up
blockdev@dev-mapper-*.device for the device, which means things like
growfs on usr+root volumes will actually work now. (I mean, growfs
won#t, because verity devices are immutable after all, but things *like*
it that want to run between the device popping up and being mounted.)
Rene Hollander [Sat, 27 May 2023 11:33:37 +0000 (13:33 +0200)]
networkd/dhcpserver: Save and expose the client hostname sent when requesting a DHCP lease.
DHCP clients often send their own hostname in option 12. It can be useful
to store it with the lease so it can be shown to a human to easily identify
which lease belongs to which device.
Frantisek Sumsal [Wed, 31 May 2023 13:40:33 +0000 (15:40 +0200)]
test: skip the test early if we're built without systemd-homed
We check for homed stuff in the test itself, but this is way too late,
since we already started a unit that Requires=systemd-homed.service
(testsuite-46.service). For now this doesn't matter, but with #27852
the offending transaction is dropped from the job queue, making the test
fail.
I thought the commit does not cause any severe regression. However,
drivers for network interfaces may be loaded later. So, we should wait
if no network interface is found.
units: pull in local-fs-pre.target from systemd-tmpfiles-setup-dev.service
local-fs-pre.target is a passive unit, which means that it is supposed to be
pulled in by everything that is ordered before it. We had
Before=local-fs-pre.target, so add Wants= too.
I don't expect this to change anything. Instead, just make things follow the
docs so it's easier to reason about the dependency set.
Daan De Meyer [Tue, 30 May 2023 12:48:43 +0000 (14:48 +0200)]
mkosi: Blacklist vmw_vmci to avoid issues with vsock in Github Actions
If this module is loaded, sending readiness notifications from the
VM will fail with "no route to host" so let's blacklist the module
to prevent that from happening.
Daan De Meyer [Tue, 30 May 2023 08:11:23 +0000 (10:11 +0200)]
repart: Add --architecture option
This option allows overriding the architecture that's used for the
architecture specific partition types. This is useful to allow
reusing the same repart configuration to produce the same image for
different architectures.
Daan De Meyer [Sun, 26 Mar 2023 16:20:41 +0000 (18:20 +0200)]
label: Introduce LabelOps to do pre/post labelling operations
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
All users of loopback_setup() ignore the return values (with the notable
exception of the test cases). Hence let's adjust the log messaging to
always log at LOG_WARNING level at most, and suffix messages with ",
ignoring", to make clear these failures are ignored.
find-esp: change "unprivileged_mode" parameter to be tristate
Previously, unprivileged mode for find_esp_and_warn() and
find_xbootldr_and_warn() could be enabled or disabled. With this change
it can also be set to negative in which case the functions will enable
it automatically if found to be executing without privileges.
This just moves te geteuid() check we often do for the param inside of
the functions.
At the same time internally in the functions we also pass around the
VerifyESPFlags field across the various functions instead of booleans.
Both changes are just refactoring. No changes in behaviour.
In b6033b706028a64e9affb79050ced1ad9a4f5b43 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time
1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
places (the build system still won't create them in /run/, since
that's pointless since not shipped, and the runtime won't create the
dirs below /usr/lib/, since that's not generically writable anyway).
2. Both at runtime and at build time we'll create the dirs with mode
0700. This is easier for packaging tools to handle since they
generally react pretty negatively on dirs they can't enumerate.
Arian van Putten [Tue, 30 May 2023 17:12:36 +0000 (19:12 +0200)]
bootctl: Print version number of detected binaries
In 9b9f6aa41204c995b7a3b3e99c50e92b0a8b3dde (#27069)
we changed get_file_version to return 0 instead of 1 on success.
However we did not update the printing of the version number to
handle this change so we would never print the version number.
Frantisek Sumsal [Tue, 30 May 2023 10:40:19 +0000 (12:40 +0200)]
core,shared: add a couple of asserts
To appease the LTO overlords:
In file included from ../../../../src/basic/macro.h:446,
from ../../../../src/shared/blockdev-util.h:8,
from ../../../../src/shared/creds-util.c:11:
../../../../src/shared/creds-util.c: In function 'get_credential_host_secret':
../../../../src/shared/creds-util.c:379:52: error: '%s' directive argument is null [-Werror=format-overflow=]
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../src/basic/log.h:214:86: note: in definition of macro 'log_full_errno_zerook'
214 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~
../../../../src/basic/log.h:250:41: note: in expansion of macro 'log_full_errno'
250 | #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__)
| ^~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:33: note: in expansion of macro 'log_debug_errno'
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:74: note: format string is defined here
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~
cc1: some warnings being treated as errors
../../../../src/core/transaction.c: In function 'transaction_verify_order_one':
../../../../src/core/transaction.c:338:38: error: '%s' directive argument is null [-Werror=format-overflow=]
338 | sprintf(ans + size, "%s%s", unit_log_field, *unit_id);
| ^~
cc1: some warnings being treated as errors
Daan De Meyer [Sat, 27 May 2023 10:21:19 +0000 (12:21 +0200)]
test-udev: Skip running in container
Containers generally don't have permission to mknod() which is
required by test-udev so let's skip the test as well if we detect
we're running in a container.
Daan De Meyer [Mon, 22 May 2023 21:17:49 +0000 (23:17 +0200)]
repart: Allow target directory excludes
Currently, ExcludeFiles= supports excluding directories on the host
from being copied. Let's extend this to also support preventing files
from being copied into specific directories in the partition by adding
a new option ExcludeFilesTarget=. An example where this is useful is
when setting up btrfs subvolumes in the top level that are intended to
be mounted into specific locations, so /usr would be stored in @usr,
/home in @home, .... To accomplish this, we need to copy /usr to @usr
and prevent any files from being copied into /usr in the partition,
which with this commit, we'd be able to do as follows:
shared/loop-util: use longer delay when waiting for loop device
The kernel may be syncing a file system or doing something else that requires
more time. So make the delay a bit longer, but provide some feedback and also
grow the delay exponentially (though with a long exponent). If the kernel is
doing something else, no need to repeat so often. With 38 attempts, we get a
total of slightly above 5000 ms.
I wrote this when I thought that the the delay is not long enough. It turned
out that we were blocking the file system on the loop device, so waiting longer
wasn't helpful. But I think it's nicer to do it this way anyway.
The man page is reference documentation, so we shouldn't write too much
duplicate things here, but we can make the text a bit more approachable. This
rewords and extends the documentation as requested and suggested in #24231 and
adds some hints for the user.
projects / thirdparty / systemd.git / log
