varlink: add generic GetEnvironment() call to the Varlink "service" interface
It's just so useful being able to retrieve the current env block from
our services. Add a concept for that. It's really simple, and dumb.
In many ways it's like /proc/$PID/environ, but shows the actual
environ[] array visible to the app, not just some memory that was
originally used for the env block passed in, but might have been rearranged.
Let's give the user control on how to handle JSON "null" assignments of
the log level. As one of three cases: as failure, as LOG_NULL (i.e. to
turn off logging) or as LOG_INFO (as our usual default log level).
Let's then use that in the generic SetLogLevel() call, so that callers
can use it to explicitly turn off logging in a service.
Note that this was (probably accidentally) already implemented, except
that the introspection enforcement blocked it. Let's clean this up and
make this officially a thing, since it's generally useful to turn off
logging I think.
* c7fecc18eb Skip test_sysusers_defined on upstream builds
* f257050ddd Add a .editorconfig file
* aa5546e9ed Add a few mkosi artifact directories to .gitignore
* 01e5bc1c93 Set SBAT in sd-boot when building on OBS
* a7eec4d33d Run upstream integration test suite with Fedora CI
Yu Watanabe [Thu, 16 Jan 2025 19:27:36 +0000 (04:27 +0900)]
fundamental-macro: conditionalize several gcc warning pragmas
This fixes the following error:
In file included from ../src/basic/macro.h:13,
from ../src/basic/env-util.h:9,
from ../src/nss-systemd/nss-systemd.c:7:
../src/fundamental/macro-fundamental.h:61:9: error: option ‘-Wzero-as-null-pointer-constant’ is valid for C++/ObjC++ but not for C [-Werror=pragmas]
61 | _Pragma("GCC diagnostic ignored \"-Wzero-as-null-pointer-constant\"")
| ^~~~~~~
../src/nss-systemd/nss-systemd.c:106:1: note: in expansion of macro ‘DISABLE_WARNING_ZERO_AS_NULL_POINTER_CONSTANT’
106 | DISABLE_WARNING_ZERO_AS_NULL_POINTER_CONSTANT;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
process-util: introduce new FORK_FREEZE flag for safe_fork()
Often we want to fork off a process that just hangs until we kill it,
let's add a simple flag to create one of this type, and use it at
various places.
Jan Macku [Wed, 15 Jan 2025 14:06:46 +0000 (15:06 +0100)]
shared/bus-util: add missing `set.h` include
```
In file included from ../src/shared/bus-get-properties.c:4:
../src/shared/bus-message-util.h:22:60: error: unknown type name ‘Set’
22 | int bus_message_append_string_set(sd_bus_message *m, const Set *s);
| ^~~
../src/shared/bus-get-properties.c: In function ‘bus_property_get_string_set’:
../src/shared/bus-get-properties.c:178:9: error: unknown type name ‘Set’
178 | Set **s = ASSERT_PTR(userdata);
| ^~~
```
Luca Boccassi [Thu, 16 Jan 2025 00:42:23 +0000 (00:42 +0000)]
Revert "OBS: build Fedora/Debian/Ubuntu x86_64 packages on PRs"
This does not work yet, as we configure multiple git sources,
and the workflow service gets confused. We need to update one
(the actual code repo) and leave the recipe repos intact, but
this is not supported right now.
pam-systemd: introduce "user-light" session type, and make "background-light" the default for system users (#35987)
This implements one idea from #34988: default to "user-light" and
"background-light" for system users, so that the service manager is only
pulled in for sessions that likely need them, i.e. not cron jobs or ftp
logins.
This is a compat break to some degree, but I think a worthy one. I
updated the NEWS file to explain this.
Yu Watanabe [Wed, 15 Jan 2025 16:29:04 +0000 (01:29 +0900)]
random-util: fix compilation error
Fixes the following error:
```
../src/basic/random-util.c: In function "fallback_random_bytes":
../src/basic/random-util.c:45:26: error: initializer-string for array of "char" is too long [-Werror=unterminated-string-initialization]
45 | .label = "systemd fallback random bytes v1",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```
Mike Yuan [Wed, 15 Jan 2025 16:34:11 +0000 (17:34 +0100)]
terminal-util: drop unused open_terminal_in_namespace()
With our baseline including TIOCGPTPEER we now systematically
open pty peer through ioctl(), i.e. this sits unused
since 1d522f1a866f911980b5eaad87182bf58c58fa32. Kill it!
run0: allow explicit control of service manager activation for run0 sessions
This adds a new --lightweight=yes/no switch which allows controlling
whether the invoked service will have the service manager around or not.
Moreover, this changes that if the target user is root it will now
support to the lightweight mode, i.e. run0 towards root will no longer
pull in the service manager (a real tty login via getty still will
though!).
My thinking here is that quickly raising privileges via run0 probably
shouldn't be considered a proper login but just something short lived,
temporary for a single command or similar.
This new session class is to "user" what "background" is to
"background-light": it doesn't cause the per-user service manager to
start.
This new session class is now the default if no session class was
provided at session registration time and the following conditions hold:
1. The session is not graphical
2. The user is not a regular user (but not root)
Or in other words root and system users won't get a service manager
started automatically if they go through a PAM session as part of things
like cron or ftp. They will however still get one if they log in
graphically.
This changes behaviour a bit, but hopefully in OK was.
This also makes "background-light" for system users incl. root.
This addresses one of the ideas discussed in #34988.
logind: register PAM sessions via Varlink instead of D-Bus (#35264)
This makes things a bit faster (because it cuts down a bit on
roundtrips) and prepares ground so that one day we can let logind run in
earlier boot already, making it a bit less special.
communication between logind and pid1 is still dbus only, hence there's
a lot of room for further improvement I guess.
wrvsrx [Sat, 7 Dec 2024 02:32:15 +0000 (10:32 +0800)]
efivars: deal with uncommitted efi variables
Unfortunately kernel reports EOF if there's an inconsistency between efivarfs var list
and what's actually stored in firmware, c.f. #34304. A zero size env var is not allowed in
efi and hence the variable doesn't really exist in the backing store as long as it is zero
sized, and the kernel calls this "uncommitted". Hence we translate EOF back to ENOENT here,
as with kernel behavior before
https://github.com/torvalds/linux/commit/3fab70c165795431f00ddf9be8b84ddd07bd1f8f
If the kernel changes behaviour (to flush dentries on resume), we can drop
this at some point in the future. But note that the commit is 11
years old at this point so we'll need to deal with the current behaviour for
a long time.
tools/fetch-distro: support the case where the sources are in a subdirectory
If the GIT_SUBDIR environment variable is set, do not checkout the full sources
of the git repository, but perform a sparse checkout of the directory containing
the package. In this case, check only the commit history in this subdirectory.
Daan De Meyer [Wed, 15 Jan 2025 11:58:36 +0000 (12:58 +0100)]
ci: Stop archiving packages
This takes up a lot of storage space and we're almost hitting the
limit so since nobody's actually using these and we just started
doing nightly builds in OBS, let's drop this and point people towards
OBS for nightly packages in the future.
This makes sure we now use Varlink per default as transport for
allocating sessions.
This reduces the time it takes to do one run0 cycle by roughly ~10% on my
completely synthetic test setup (assuming the target user's service
manager is already started)
The D-Bus codepaths are kept in place for two reasons:
* To make upgrades easy
* If the user actually sets resource properties on the PAM session we
fall back to the D-Bus codepaths, as we currently have no way to
encode the scope properties in JSON, this is only supported for D-Bus
serialization.
The latter should be revisited once it is possible to allocate a scope
unit from PID1 via varlink.
projects / thirdparty / systemd.git / log
