Daan De Meyer [Mon, 9 Oct 2023 14:06:50 +0000 (16:06 +0200)]
sd-device: Support matching all properties
Let's support enumerating over devices that match all of the given
properties instead of any of the given properties by adding a new
function sd_device_enumerator_add_match_property_required() which
specifies properties that should all be matched instead of just one.
varlink: didn't generate a varlink error reply if a failed method call handler already did
It might happen that a method call handler already generated an error
reply and then still propagated the error back to the varlink logic.
Let's not try to generate a 2nd reply from that error code then, but
simply proceed without. This simplifies handling of errors in method
call handlers, because they can uniformly return errno-style error
codes, and only if they want return a full Varlink errror.
varlink: automatically send ExpectedMore error message back when we were called without more=true set, but need it
Various Varlink calls only make sense if they are called with more=true
(i.e. in a mode where multiple replies are expected to be sent). If a
method call assumes it is called with more (manifested in the fact it
calls varlink_notify(), the call to reply to such messages) let's return
a recognizable error code for the violated expectation.
This adds a new error for this, org.varlink.service.ExpectedMore. Note
we are squatting the official org.varlink.service namespace, but for
such a basic thing it makes sense to add it there.
kernel-install/60-ukify: also support the convention with 'devicetree' file
Requested in https://github.com/systemd/systemd/pull/28582#issuecomment-1673300596.
The is the last requested changed, so fixes #28771.
90-loaderentry.install is modified to also check $KERNEL_INSTALL_CONF_ROOT
when looking for the devicetree file. For normal use this is probably not
needed, but it's nice to be consistent and it also makes it much easier to
write the tests.
In tests, also do 'ukify inspect' now that we have it.
man/kernel-install: fix formatting and document /etc/kernel/devicetree
Each filename should be a separate <term>, so that they separated in the
formatted text. Also, we list files in documentation in priority order, but
here they were in reverse order. Also, rework the description of
$KERNEL_INSTALL_CONF_ROOT to say that it makes kernel-install not look at the
other files. This requires some more words, so make this a separate paragraph
and refer from individual items to it. Also, drop some sentences with "Read by
...", they were already outdated.
Partial fix for #28771.
Co-authored-by: Emil Renner Berthing <systemd@esmil.dk>
kernel-install/90-loaderentry: do not read dtbs from /boot
/boot is not trusted, so we shouldn't use load files from there. Also, space in
/boot is limited, so it doesn't make sense to install the files under one
location there and then copy them to a different location. We should only copy
the files from /usr somewhere and then install it in the appropriate place under
/boot.
Also use "/usr/lib" instead of the "/lib" prefix. We don't support unmerged-user
anymore.
Addresses some of the feedback in
https://github.com/systemd/systemd/pull/28582#discussion_r1285820556.
PhylLu [Wed, 11 Oct 2023 01:41:29 +0000 (09:41 +0800)]
timedate: Extend timeout for setting NTP
One of the steps in setting up NTP is to enable/disable the
'systemd-timesyncd.service' and then perform a daemon reload.
we use an extra-long timeout for reload in timedated as same as used in
systemd daemon reload to avoiding certain situation have longer reload
times (which exceed the 25 second default timeout used for
dbus-communication), potentially leading to setting NTP failure.
limits-util: suppress noisy debug message when reading tasks in top-level cgroup
We have the "tasks.max" cgroup attribute only if we run in a cgroup
namespace, but not on the host. Hence let's handle ENODATA silently
simply to reduce the debug noise generated.
Before this commit, we hardcode "prefix" to the widest field
possible in the table. However, there's no guarantee that the
field would actually be used/added, so it could potentially
result in misalignment. Therefore, let's set the minimum width
of the cell to the hardcoded width too.
Dan Streetman [Tue, 10 Oct 2023 20:55:39 +0000 (16:55 -0400)]
tpm2: don't use GetCapability() to check transient handles
The kernel tpm "resource manager" interface doesn't report that any transient
handles exist, even if they do, so don't bother asking if the handle is
transient.
Dan Streetman [Mon, 9 Oct 2023 16:27:10 +0000 (12:27 -0400)]
tpm2: do not call Esys_TR_Close()
Unfortunately, the tpm2-tss library doesn't reference count handles, and a call
to Esys_TR_Close() will remove the handle that could be in use by other
code. So stop calling Esys_TR_Close(), and leave the handle around until we
cleanup the entire ESYS_CONTEXT.
Dan Streetman [Fri, 6 Oct 2023 15:14:25 +0000 (11:14 -0400)]
test: add tests for systemd-cryptenroll --tpm2-seal-key-handle
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.
In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
Luca Boccassi [Mon, 9 Oct 2023 14:56:37 +0000 (15:56 +0100)]
dissect: avoid clobbering device-mapper error when activating verity
The device-mapper driver can return a wild variety of errors when trying
to activate the same dm-verity volume concurrently, as it might happen
with an image. There is a fallback logic in place, but the original
return code was clobbered when userspace signature check was added.
Add it back.
Mike Yuan [Sat, 7 Oct 2023 12:08:21 +0000 (20:08 +0800)]
core/execute: always set $USER and introduce SetLoginEnvironment=
Before this commit, $USER, $HOME, $LOGNAME and $SHELL are only
set when User= is set for the unit. For system service, this
results in different behaviors depending on whether User=root is set.
$USER always makes sense on its own, so let's set it unconditionally.
Ideally $HOME should be set too, but it causes trouble when e.g. getty
passes '-p' to login(1), which then doesn't override $HOME. $LOGNAME and
$SHELL are more like "login environments", and are generally not
suitable for system services. Therefore, a new option SetLoginEnvironment=
is also added to control the latter three variables.
man: support multiple versions of the documentation on the website
This changes the doc-sync meson target from a simple rsync command to a
script that:
* puts the documentation in a subdirectory according to the version
* injects a bit of javascript to add a drop-down to switch between versions
* updates an index.json file with the newly uploaded version
* keeps the latest/ directory up to date with the latest version
* supports a --no-latest switch to be used when uploading older versions
Piotr Drąg [Sat, 7 Oct 2023 14:54:04 +0000 (16:54 +0200)]
po: add a false positive to POTFILES.skip
Scripts used to detect files that should be in POTFILES.in, like
intltool-update -m used on https://l10n.gnome.org/module/systemd/,
falsely detect this file as containing translations. Avoid this
behavior by putting the file in POTFILES.skip.
Let's move it out of cgroup.[ch]. The function primarily compares the
priority values for units, hence let's move the core of it into a new
function unit_compare_priority() in unit.[ch], and then make
compare_job_priority() a local wrapper for it in manager.[ch]
Yu Watanabe [Sat, 7 Oct 2023 05:37:31 +0000 (14:37 +0900)]
network/tc: allow to configure class or qdisc under foreign one
Some qdiscs (e.g. tbf) implicitly create class(es) on create.
Previously, we could not create any child qdisc under the class, as the
implicit class is tagged as foreign.
Yu Watanabe [Sat, 7 Oct 2023 05:25:50 +0000 (14:25 +0900)]
network/tc: re-enumerate traffic control classes when a qdisc created
Some kind of qdisc implicitly creates a class for the qdisc, but the
created class is not notified by the kernel. So, we need to explicitly
enumerate classes after a qdisc is created.
Yu Watanabe [Sat, 7 Oct 2023 05:20:38 +0000 (14:20 +0900)]
network/tc: drop child tree of traffic control nodes on remove
When a node of traffic control tree is removed, all child nodes are also
removed but their removal are not notified by the kernel.
So, previously, removed TC classes or qdiscs under the removed node were
kept in the memory of networkd, and may cause failure on reconfigure.
This is the only function that cgroup.h exports that is prefixed with
cgroup_ where this does not refer to some type such as CGroupContext or
CGroupTasksMax or so. It simply operates on a unit. And it doesn't even
modify a cgroup, but just modifies an nft set.
Hence, to make the naming scheme systematic, change prefix from cgroup_
to unit_, matching the majority of the functions that operate on Unit*
in the file.
cgroup: drop cgroup path parameter from xattr calls
We only pass the same thing there: u->cgroup_path or NULL (which is
ultimately the same as u->cgroup_path). Hence let's simplify things, and
simply drop the whole parameter, and imply u->cgroup_pat.
They add settings to a CGroupContext, hence give them the expected
context, to make clear they do not operate on anything else than the
structure (i.e. not on a kernel cgroup or so).
cgroup: rename TasksMax structure to CGroupTasksMax
Almost all our enums/structs/funcs carry the CGroup prefix if they are
defined in cgroup.h, TasksMax so far does not, even though it is
exclusively used in cgroup context.
projects / thirdparty / systemd.git / log
