Luca Boccassi [Sat, 4 Jan 2025 12:04:02 +0000 (12:04 +0000)]
mkosi: update debian commit reference
* 5d185f7901 Install new files for upstream CI
* c6484e14fc Update changelog for 257.1-7 release
* 543c1e6a42 d/t/tests-in-lxd: more fixes for debci compatibility
* a7d4a7ffa3 Add missing d/copyright file to signed template packages
* ab48efa495 Install new files for upstream CI
* d0cae6d06c Update changelog for 257.1-6 release
* 2fd23ffaaa Drop build dependency on libxen-dev on armhf, no longer available
* 35fbac92a5 d/t/upstream: update mkosi setting name
* 4d9862709e d/t/tests-in-lxd: drop auto-apt-proxy.conf from container
* cf133a8d32 Update changelog for 257.1-5 release
* 77ec315ec5 d/t/upstream: switch from btrfs to ext4 and use nspawn again
* 9c57f51fb8 d/t/upstream: do not mask machined and instead use mkosi workaround
* eb8b91d98b d/t/upstream: do not use --verbose with 'meson test'
* 21c65b7e22 d/t/tests-in-lxd: auto-apt-proxy is in universe in Ubuntu
* 081a78884b d/t/tests-in-lxd: install auto-apt-proxy in the nested container
* faa014a64e Update changelog for 257.1-4 release
* 4a48235928 Backport patch to workaround issue in new mdadm
* 005390f039 d/t/upstream: mask systemd-machined
* f7c86d8ec3 d/t/upstream: disable homed/userdbd in the test runner
* a1c30e55e0 d/t/upstream: do not use nspawn for tests
* 9bad1d3021 d/t/upstream: decrease parallelism to nproc - 1
* 7d1d583d7b Update changelog for 257.1-3 release
* dfe5996032 autopkgtest: mark tests-in-lxd as flaky
* 331567b13d d/t/upstream: disable ToolsTree= in mkosi config
* 04af5d8604 Update changelog for 257.1-2 release
* 2e58f0092c d/t/tests-in-lxd: use a single autopkgtest invocation
* 4b608de1d2 d/t/tests-in-lxd: prefer $AUTOPKGTEST_TMP to manual discovery
* fb4f3e4272 d/t/tests-in-lxd: do not fail if /etc/apt/sources.list.d/autopkgtest.list does not exist
* 385bbd0147 d/t/tests-in-lxd: set -x to get more logs
* ab678ff879 d/t/tests-in-lxd: quote variables to fix shellcheck warning
* 0d0eb96f16 d/t/tests-in-lxd: workaround broken os-release in sid
* 916a518d8e d/t/tests-in-lxd: use correct lxc image for debian
* 97deb28f99 Update changelog for 257.1-1 release
* 6276567a1d Install systemd-creds bash completion
* 084248775c Drop patches, merged upstream
* c4aa4ac6bd Update upstream source from tag 'upstream/257.1'
* dffde7eae8 d/watch: restrict to v257.x series
* 3c5143991c d/t/tests-in-lxd: fix autopkgtest source dir
* 5626a78ad1 systemd-ukify: recommend python3-cryptography
* ca5fdf7bc5 d/t/control: move tests-in-lxd above upstream suite
* 71c3f1014c d/systemd-resolved.postinst: copy existing /etc/resolv.conf on new installs
* 6ca4f4c1e5 d/control: make systemd-sysv Depends: on matching version of systemd
* eae57033c2 debian/control: add Breaks: systemd (<< ${binary:Version}) for udev
* 408cc1872c debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
* 6b3a01118b debian/tests/boot-and-services: drop test_no_failed
* 5a333eef8c d/t/tests-in-lxd: run some tests under LXD
* 882d221400 d/t/upstream: fix mkosi syntax warnings
Daan De Meyer [Fri, 3 Jan 2025 19:27:05 +0000 (20:27 +0100)]
mkosi: Handle directories in debian/not-installed correctly (#35832)
If a directory is specified without a glob pattern, we have to exclude
all files in that directory, so add a recursive glob to every directory
and enable the bash globstar feature when globbing to '**/*' matches all
files and directories beneath the given directory.
Daan De Meyer [Fri, 3 Jan 2025 15:45:50 +0000 (16:45 +0100)]
core: do not disconnect from bus when failed to install signal match (#35779)
If bus_add_match_full() is called without install callback and we failed
to install the signal match e.g. by timeout, then add_match_callback()
will disconnect from the bus. Let's use a custom install handler and
handle failures gracefully.
This does not *solve* the root cause of issue
https://github.com/systemd/systemd/issues/30573, but should improve the
situation when the issue is triggered.
The new json_dispatch_const_path() is to json_dispatch_path() what
sd_json_dispatch_const_string() is to sd_json_dispatch_ string(), i.e.
doesn't implicitly strdup() the string, but gives you the pointer into
the JSON structure, and thus requires you to keep it pinned.
Daan De Meyer [Fri, 3 Jan 2025 12:54:09 +0000 (13:54 +0100)]
vmspawn: Switch to virtconsole for headless console (#35836)
virtconsole is the modern way to set up a headless serial connection
to a virtual machine so let's make use of it instead of -serial. This
also allows us to get rid of the per architecture serial console device
names and makes vmspawn more consistent with mkosi qemu which already
uses
virtconsole.
Daan De Meyer [Fri, 3 Jan 2025 09:20:45 +0000 (10:20 +0100)]
mkosi: Handle directories in debian/not-installed correctly
If a directory is specified without a glob pattern, we have to exclude
all files in that directory, so add a recursive glob to every directory
and enable the bash globstar feature when globbing to '**/*' matches all
files and directories beneath the given directory.
Otherwise the code was measuring the content of hwdids into dtbauto
section and vice-versa.
Found this while adding the new `dtbauto` and `.hwdids` fields in the go
implementation of `sd-measure` at
https://github.com/siderolabs/talos/blob/main/internal/pkg/secureboot/measure/measure.go.
Daan De Meyer [Fri, 3 Jan 2025 10:14:44 +0000 (11:14 +0100)]
vmspawn: Switch to virtconsole for headless console
virtconsole is the modern way to set up a headless serial connection
to a virtual machine so let's make use of it instead of -serial. This
also allows us to get rid of the per architecture serial console device
names and makes vmspawn more consistent with mkosi qemu which already uses
virtconsole.
tpm2-util: refuse hash algorithm/value specification when we only parse a mask
tpm2_parse_pcr_argument_to_mask() is supposed to parse a PCR mask
string, and uses the full blown tpm2_parse_pcr_argument() call at its
core, which parses more than just a mask, i.e. values and algorithms
too. Which is very confusing at times, because commands such as
"systemd-cryptenroll --tpm2-device=auto
--tpm2-public-key-pcrs=1:sha1=09dbdbc7f6cdd8029cc90b57a915c19a0ac21bce"
are very confusing, since they suggest enrollment with a specific
algorithm and has value, but this is not in fact what happens: both are
entirely ignored.
That this was accepted this way was more an accident than intended,
which is already visible in the fact that extensive test case entirely
ignores the fact that strings like this are accepted.
tpm2-util: optionally do wildcard hash check in tpm2_pcr_values_to_mask()
If TPM2_ALG_ERROR (aka "0") is specified as algorithm in
tpm2_pcr_values_to_mask() we'll simply match all algorithms. This allows
us to shorten tpm2_parse_pcr_argument_to_mask() a bit. The function
accepts but ignores a hash algorithm specification currently, hence this
should not really much effect.
Daan De Meyer [Fri, 3 Jan 2025 08:19:55 +0000 (09:19 +0100)]
network/dhcp: introduce global setting for DHCPv4 client identifier (#35783)
Typically, the same client identifier setting is used for all
interfaces. Hence, better to provide the system-wide setting to specify
the client identifier.
- Set `RefuseManualStart=yes`.
- Order before shutdown.target and emergency.target.
- Remove wrong `Wants=remote-fs.target` dependency from
breakpoint-pre-switch-root.service.
- Remove unneeded `After=sysroot.mount` from breakpoint-pre-switch-root.service
(implied by initrd.target).
Mike Yuan [Thu, 2 Jan 2025 19:03:33 +0000 (20:03 +0100)]
random-util: our baseline includes getrandom() (v3.17) now
Plus, linux/random.h never defined getrandom(), hence remove
the custom machinery for sys/random.h vs linux/random.h
in favor of single HAVE_GETRANDOM.
Mike Yuan [Thu, 2 Jan 2025 18:59:56 +0000 (19:59 +0100)]
random-util: drop needless conditionalization of sys/auxv.h
We assume its existence in basic/build-path.c, shared/userdb.c,
and coredump/coredump.c already, for which nothing has been reported
so far. So this seems safe to drop.
ask-password: add Varlink API for querying passwords from the user
This turns systemd-ask-password into a small Varlink service, so that
there's an standard IPC way to ask for a password. It mostly directly
exposes the functionality of the Varlink service.
Mike Yuan [Thu, 2 Jan 2025 03:32:00 +0000 (04:32 +0100)]
shared/hibernate-util: drop support for kernels lacking /sys/power/resume_offset
The current fallback path is actually unreliable, given
the kernel *supports* setting the resume offset through
cmdline after all, but just not exposed under /sys/.
For v258 let's drop it hence.
I didn't bump the baseline to 4.17, but merely documented
new requirement in README, because there's certainly more
compat stuff to drop between 4.3 and 4.17, and README is
a useful list for things to kill. We'll get to 5.4 eventually.
Mike Yuan [Thu, 2 Jan 2025 03:17:47 +0000 (04:17 +0100)]
shared/hibernate-util: handle the case where no swap has available backing dev
This also makes find_suitable_hibernation_device() report
more accurate error (ENOSPC -> ESTALE) if there's
no swap space on the system at all but resume= is set.
projects / thirdparty / systemd.git / log
