tree-wide: Mark linux and sys includes as system includes
Even though these are in our tree, we should still treat them as
system includes which helps various tools (clangd, iwyu, ...) understand
that these are system includes and <> should be used instead of "".
Now that the necessary functions from log.h have been moved to macro.h,
we can stop including log.h in macro.h. This requires modifying source
files all over the tree to include log.h instead.
basic: Move assertion specific functions to assert-util.h
Various functions in log.h are only used by asserts, and there's
enough assertion related stuff in macro.h to justify a separate header
which also makes it easier to avoid circular dependencies.
Let's introduce assert-util.h and an accompanying fundamental header
and move all the assertion related stuff over there. PROJECT_FILE is
moved over to macro.h.
fundamental: Move alignment logic to memory-util-fundamental.h
Aligning is closely related to memory management, so let's move these
macros and functions to memory-util-fundamental.h. This will allow us
to move assertion related logic out of macro-fundamental.h as well in
a later commit.
basic: Move trivial cleanup/ref/unref macros from macro.h to memory-util.h
Let's keep macro.h for the extremely generic macros that don't fit anywhere
else. Since CLEANUP_ARRAY() is already in memory-util-fundamental.h, we can
make a good case for moving the other cleanup macros in there as well.
daemon-util: remove existing fds with the same name from fdstore
Currently, all use cases of notify_push_fd()/notify_push_fdf()
assume that the name of each fd in the fdstore is unique.
For safety, let's remove the existing fds before pushing a new one
to avoid multiple fds with the same name stored in the fdstore.
shutdown: handle gracefully if a device disappears while we detach it
Let's gracefully handle cases where a device disappears in the time we
between our discovery and when we want to detach it, due to "auto-clear"
or a similar logic.
The loopback case already handled this quite OK, do the same for MD and
swap too.
Switch to ERRNO_IS_DEVICE_ABSENT() for all checks, just in case.
Also improve debug logging for all these cases, so we know exactly what
is going on.
This is inspired by #37160, but shouldn't really fix anything there, I
am pretty sure the ENODEV seen in that output stems from the STOP_ARRAY
call, not from the open().
Note that this does not change anything for the device mapper case,
because the DM subsystem does not return useful error codes to
userspace, hence everything is a complete mess there.
Stefan Hansson [Sun, 13 Apr 2025 18:35:49 +0000 (20:35 +0200)]
missing_fcntl: Introduce O_ACCMODE_STRICT
On musl, O_ACCMODE is defined as (03|O_SEARCH), unlike glibc which
defines it as (O_RDONLY|O_WRONLY|O_RDWR). Additionally, O_SEARCH is
simply defined as O_PATH.
This causes problems for systemd on musl, as it changes the
behaviour of open_mkdir_at_full() to return -EINVAL if O_PATH is
included in flags due to the fact that O_ACCMODE includes O_SEARCH
(i.e. O_PATH). Consequently, this makes the test-fs-util test fail.
Upstream musl seems content with this behaviour and doesn't seem
interested in matching glibc's behaviour due to that defining it this
way allows for O_SEARCH to match POSIX better by allowing it to open
directories where read permission is missing. Apparently musl does some
emulation in other places to make this work more consistently as well.
Initially I took the approach of working around this by redefining
O_SEARCH as O_RDONLY if O_SEARCH == O_PATH. This fixes the test and is
the approach taken by both XZ[1] and Gzip[2][3], but was not taken as
redefining system headers potentially could be problematic.
Instead, introduce O_ACCMODE_STRICT which just is a copy of glibc's
O_ACCMODE and use it everywhere. This way we don't have to deal with
unusual definitions of O_ACCMODE from C standard libraries other than
glibc.
test: Use meson add_test_setup() instead of environment variables
We add a default test setup that excludes the integration-tests suite
so that the integration tests don't run by default. This allows us to
get rid of $SYSTEMD_INTEGRATION_TESTS. Then, we add two extra setups:
'integration' and 'shell'. The 'integration' setup does not exclude the
integration-tests suite, and so can be used to run the integration tests.
The 'shell' setup does the same, but additionally sets $TEST_SHELL=1,
allowing to get rid of $TEST_SHELL in the docs.
* dbb4020bee mkosi: Use tools tree by default in repository config
* a2407a305c dnf: Stop messing around with plugins
* eee382ebc6 Fix mkosi help
* 8d4f9969bb mkosi-obs: simplify generation of signed UEFI auth files
* 364dfc65eb Merge pull request #3661 from septatrix/ssh-runtime
|\
| * ab3b52841c Improve Ssh= documentation
| * 79878d7e6c Add new Ssh=auto and Ssh=runtime options
* 49036322c2 Merge pull request #3682 from DaanDeMeyer/history
|\
| * 96e512fe6e installer: Make sure package manager state is preserved in the image
| * b859a7cf0a Only copy repository metadata from specific subdirs from /var
| * c8bf8e4278 Rename cache_subdirs() to package_subdirs()
* | 54b59c4a2e Merge pull request #3696 from DaanDeMeyer/history-cli
|\ \
| * | 898d89e887 Rework version bumping
| * | cc45fe3bad Only write CLI arguments to history instead of full config
| * | 1def443097 Disallow using --rerun-build-scripts with --force again
| * | 87b03ee264 Rename get_configdir() to finalize_configdir()
| * | 9c1217a217 Get rid of to_json() methods on Args and Config
| |/
* | 124f551e77 mkosi-obs: do not publish roothash
* | fc86100e51 mkosi-obs: append certs from mkosi.uefi.db/ to 'db'
* | 8bee4cb8e2 Make sure sync scripts are executable
|/
* a7e90514fa Simplify tools tree out of date error
* f9956daba7 Fail if --rerun-build-scripts is used and tools is out of date
* d94bf56ae8 mkosi-initrd: add specific configuration for plymouth in Debian
* 8235ddbc5b Take shared lock in copy_ephemeral()
* 19c74d5ba5 Two follow ups for #3678
* 0d6f15e8c3 Merge pull request #3678 from DaanDeMeyer/history
|\
| * 5410c4c7af tests: Require genkey to be run once upfront
| * 86b8c611a1 tests: Drop unused tools field
| * c3d1bd0dde Rework history <=> sandbox integration
* fce4db970f zypper: display debugging output if ARG_DEBUG is set
* 2c052b9d45 Allow PCR signing settings to be overridden in sub-images
* 00c220225b zypper: do not fail if a package configured to be removed is not found
mkosi: Rename mkosi.prepare scripts for systemd deps to systemd.prepare
These scripts are reused by multiple images, so let's give them a
non-standard name to indicate that. Otherwise it's all too easy to add
something to mkosi.prepare for the main image and accidentally have it
included in all the subimages as well even though that's not desired.
netlink-socket: ignore ECHRNG/EXFULL errors from recvmsg_safe() if we expect truncation
When we receive a netlink messages from userspace we need to drop it
from the queue. Hence we need call recvmsg() on the socket for it. We do
this with a zero-size socket read() buffer, so that the message would be
truncated when copied to userspace, and we do not have to allocate any
memory for it, but it's still dropped.
This was broken in ad501930d749e00f9686d29692b3142c36914f31, which
turned datagram truncation into an error (rightfully so I think – for
the common case). That broke this code here, because here we *expect*
truncation, and need to handle it gracefully.
Hence simply check for the two error codes for truncated payload or
cdata, and eat it up.
RFC 4035 Section 4.2 requires that missing DS records are queried for in
the parent zone rather than the child zone, the old behaviour could
cause subdomains under home.arpa (RFC 8375) to fail validation.
This commit assumes that QDCOUNT = 1 as per RFC 9619
mkosi: Reuse main image prepare scripts in subimages
In the subimages we also want to make sure all dependencies of the
systemd packages are cached so reuse the same prepare scripts from
the main image to do that.
We only want required dependencies in the subimages, not recommended
or suggested dependendencies, so add an environment variable
$SYSTEMD_REQUIRED_DEPS_ONLY which the prepare scripts can check for
and enable it for the subimages.
mkosi: Make sure coreutils is installed in initrd/exitrd
This is already installed but Fedora/CentOS systems are nudged towards
installing coreutils-single which then later causes issues when we try
to install coreutils as a dependency of systemd so let's make sure we
pick coreutils from the beginning.
bootctl: replace --no-variables by --variables=BOOL
I think the current behaviour of not doing EFI variables when we are run
in a container makes a ton of sense, but in some cases it's useful to
do EFI var setup even when a set of namespaces is set up for us, for
example to recover a hosed installation from a rescue disk.
While we are at it, let's remove some duplicate checks, and
systematically output information why we skip various operations.
The walrus operator was introduced in python 3.9 so using it
accidentally bumped the minimum python version to 3.9 from 3.7 and
bluca still cares about keeping this working on 3.8 so let's remove
the usage of the walrus operator.
getxattr_at_malloc() calls getxattr_pinned_internal() with size 0 to get
the size of the xattr, and then asserts because n > 0
```
Assertion '(size_t) n <= size' failed at src/basic/xattr-util.c:107, function getxattr_pinned_internal().
```
tree-wide: IFA_FLAGS is supported since kernel v3.14
Now our baseline on the kernel is v5.4.
Let's unconditionally use the IFA_FLAGS attribute, and drop the getter
and setter for the deprecated header element.
udev-builtin-net_id: drop old kernels (<4.20) support
Since kernel v4.20, specifically since
https://github.com/torvalds/linux/commit/9b8b2a323008aedd39a8debb861b825707f01420
IP-over-Infiniband driver also uses dev_port.
As our baseline on the kernel is v5.4. Let's remove the fallback code.
For more details about the fallback, see
https://github.com/systemd/systemd/pull/10082#issuecomment-421416461
After f74ca66e6833c340a1532578176e55cb494590d0, we do not check the
cgroup version of the runtime environment, and unconditionally returns 0
for "v1", and 1 for "v2".
projects / thirdparty / systemd.git / log
