Yu Watanabe [Sat, 18 Jan 2025 01:40:32 +0000 (10:40 +0900)]
sd-device: use specific setters for read entries from uevent file
Previously, if e.g. DRIVER=foo is specified in uevent file, the value is
only saved as property, but was not set to sd_device.driver.
That was inconsistent to the case when a device is created through
netlink uevent.
Let's always set when we get e.g. sd_device.driver when DRIVER=foo
from both uevent file and netlink uevent.
Yu Watanabe [Sat, 11 Jan 2025 22:03:49 +0000 (07:03 +0900)]
sd-device: chase sysattr and refuse to read/write files outside of sysfs
This makes sd_device_get_sysattr_value()/sd_device_set_sysattr_value()
refuse to read/write files outside of sysfs for safety.
Also this makes
- use chase() to resolve and open the symlink in path to sysfs attribute,
- use delete_trailing_chars(),
- include error code in cache entry, so we can cache more error cases,
- refuse caching value written to uevent file of any devices, i.e.
sd_device_set_sysattr_value(dev, "../uevent", "add") will also not
cache the value "add".
Yu Watanabe [Tue, 21 Jan 2025 20:24:35 +0000 (05:24 +0900)]
catalog: modernize code
- set destructors to catalog_hash_ops,
- acquire OrderedHashmap when necessary,
- gracefully handle NULL catalog directories and output stream,
- rename function output arguments,
- add many many assertions,
- use RET_GATHER().
Andrew Sayers [Thu, 23 Jan 2025 08:06:57 +0000 (08:06 +0000)]
Clarify that Conflicts= only applies when starting units
The "vice versa" in the old text could be interpreted as either
(wrong) "stopping the former will start the latter", or
(right) "starting the latter will stop the former".
Yu Watanabe [Thu, 23 Jan 2025 09:11:30 +0000 (18:11 +0900)]
run: add --job-mode= argument (#34708)
systemctl has a --job-mode= argument, and adding the same argument to
systemd-run is useful for starting transient scopes with dependencies.
For example, if a transient scope BindsTo a service that is stopping,
specifying --job-mode=replace will wait for the service to stop before
starting it again, while the default job mode of "fail" will cause the
systemd-run invocation to fail.
Gavin Li [Thu, 10 Oct 2024 20:07:16 +0000 (16:07 -0400)]
run: add --job-mode= argument
systemctl has a --job-mode= argument, and adding the same argument to
systemd-run is useful for starting transient scopes with dependencies.
For example, if a transient scope BindsTo a service that is stopping,
specifying --job-mode=replace will wait for the service to stop before
starting it again, while the default job mode of "fail" will cause the
systemd-run invocation to fail.
Yu Watanabe [Thu, 23 Jan 2025 00:04:12 +0000 (09:04 +0900)]
core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS= (#35869)
Let consider the following udev rules:
```
PROGRAM="/usr/bin/systemd-escape foo-bar-baz", ENV{SYSTEMD_WANTS}+="test1@$result.service"
PROGRAM="/usr/bin/systemd-escape aaa-bbb-ccc", ENV{SYSTEMD_WANTS}+="test2@$result.service"
```
Then, a device expectedly gains a property:
```
SYSTEMD_WANTS=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
```
After the event being processed by udevd, PID1 processes the device, the
property previously was parsed with
`extract_first_word(EXTRACT_UNQUOTE)`, then the device unit gained the
following dependencies:
```
Wants=test1@foox2dbarx2dbaz.service test2@aaax2dbbbx2dccc.service
```
So both `%i` and `%I` for the template services did not match with the
original data, and it was hard to use `systemd-escape` in `PROGRAM=`
udev rule token.
This makes the property parsed with
`extract_first_word(EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE)`, hence the
device unit now gains the following dependencies:
```
Wants=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
```
and `%I` for the template services match with the original data.
The commit reworked job merging logic so that reload jobs
won't get merged. However, they might get dropped from
transaction due to being deemed redundant, i.e. way before
it even hits job_install(). Let's make sure reload jobs
are always kept during transaction construction stage, too.
Daan De Meyer [Wed, 22 Jan 2025 14:58:13 +0000 (15:58 +0100)]
mkosi: Update to latest
With the latest mkosi, mkosi takes care of making sure it is
available within mkosi sandbox so we get rid of all the --preserve-env=
options when we invoke mkosi sandbox with sudo as these are not
required anymore. It also doesn't matter anymore if mkosi is installed
in /usr on the host so we get rid of the documentation around that as
well.
Daan De Meyer [Wed, 22 Jan 2025 21:24:36 +0000 (22:24 +0100)]
mkosi: Run two more mkosi commands with sudo
Running some mkosi commands as root and other not can lead to cache
invalidations with the latest version, so make sure we run everything
as root after we've built the tools tree.
Yu Watanabe [Sat, 11 Jan 2025 08:54:43 +0000 (17:54 +0900)]
udevadm-test: allow to specify extra directories to load udev rules files
This adds -D/--extra-rules-dir=DIR switch for 'udevadm test' command.
When specified, udev rules files in the specified directory will be also
loaded. This may be useful for debugging udev rules by copying some udev
rules files to a temporary directory.
Yu Watanabe [Mon, 6 Jan 2025 08:26:52 +0000 (17:26 +0900)]
core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
Let consider the following udev rules:
===
PROGRAM="/usr/bin/systemd-escape foo-bar-baz", ENV{SYSTEMD_WANTS}+="test1@$result.service"
PROGRAM="/usr/bin/systemd-escape aaa-bbb-ccc", ENV{SYSTEMD_WANTS}+="test2@$result.service"
===
Then, a device expectedly gains a property:
===
SYSTEMD_WANTS=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
After the event being processed by udevd, PID1 processes the device, the
property previously was parsed with extract_first_word(EXTRACT_UNQUOTE),
then the device unit gained the following dependencies:
===
Wants=test1@foox2dbarx2dbaz.service test2@aaax2dbbbx2dccc.service
===
So both '%i' and '%I' for the template services did not match with the original
data, and it was hard to use systemd-escape in PROGRAM= udev rule token.
This makes the property parsed with extract_first_word(EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE),
hence the device unit now gains the following dependencies:
===
Wants=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
and '%I' for the template services match with the original data.
errno handling for NSS is always a bit weird since NSS modules generally
are not particularly careful with it. Hence let's initialize errno
explicitly before we invoke getpwent() so that we know it's in a
reasonable state afterwards on failure, or zero if not.
We do this in most places we use NSS, including in userdb when it comes
to getgrent(), just for getpwent() we don't so far. Address that.
The getopt() parser was completely wrong, it expected an argument where
wasn't expected or processes.
The test cases only passed by accident because they use the "user" verb
which is also the default verb. It would be accidently read as argument
for --fuzzy and ignored.
Daan De Meyer [Wed, 22 Jan 2025 13:55:45 +0000 (14:55 +0100)]
test: Make sure we run lcov from the meson source directory
In ac75c5192797082c1965ab30be4711490f2937bc, we accidentally changed
the working directory that the tools executed in the wrapper script
are invoked in. This broke our invocations of lcov. Let's explicitly
run those in the meson source directory again to fix the coverage
workflow.
Yu Watanabe [Tue, 21 Jan 2025 18:45:11 +0000 (03:45 +0900)]
networkd-test: unconditionally stop previous invocation of networkd before starting new one
When networkd is already running, creating some .network files and
friends and starting networkd does not take any effect. Let's always
restart networkd when we want to start a new invocation.
Mike Yuan [Mon, 20 Jan 2025 20:48:27 +0000 (21:48 +0100)]
mountpoint-util: some tweaks for fd_is_mount_point()
- Drop fstat() fallback path now that we assume fdinfo
is available
- Use at_flags_normalize_nofollow()
- Accept empty path the same way as NULL
- Accept fd being AT_FDCWD and filename being "."
The documentation and code agree on the same name, since always, but
when I put together the IDL I made a mistake and insert a "Not" that
wasn't supposed to be there.
Daan De Meyer [Tue, 21 Jan 2025 12:48:13 +0000 (13:48 +0100)]
TEST-74-AUX-UTILS: Move run0 pcrlock test to TEST-70-TPM
On CentOS Stream 9/10 booting mkosi qemu with --firmware=linux doesn't
add the virtual TPM to the virtual machine which means TEST-74-AUX-UTILS.run.sh
fails because it requires a TPM.
Let's move the systemd-pcrlock logic that requires a TPM to
TEST-70-TPM.pcrlock to avoid the problem.
Daan De Meyer [Mon, 20 Jan 2025 12:57:02 +0000 (13:57 +0100)]
mkosi: Run more commands as root
zypper has some new rather questionable userspace level permission
checking that blows ups completely when operating as root on an
cache directory owned by a non-root user, so let's build the tools
tree and set up meson as root to avoid the issue.
(https://github.com/openSUSE/libzypp/issues/603)
Also drop a leftover debug message from coverage.yml while we're at
it.
pam_systemd_home: support login with alias names + user names with realms
This in particular makes sure that we normalize the user name and update
it in the PAM session, once we acquire it. This means that if you have a
user with name "a" and alias "b", and the user logs in as "b" they end
up properly with "a" as user name set, as intended by the PAM gods.
Moreover, if you have a user "c" in a ralm "d", they may log in by
specifying "c" or "c@d", with equivalent results.
user-record: add helper that checks if a provided user name matches a record
This ensures that user names can be specified either in the regular
short syntax or with a realm appended, and both are accepted. (The
latter of course only if the record actually defines a realm)
projects / thirdparty / systemd.git / log
