man/sd-bus: Add at least one reference per sd-bus function man page
Some sd-bus man pages did not have any references on the main
sd-bus man page. Unless you accidentally stumbled on them from
other pages it was difficult to discover them.
man/sd_bus_emit_signal: Fix extra const for strv functions
The functions `sd_bus_emit_interfaces_added_strv`, `sd_bus_emit_interfaces_removed_strv`
and `sd_bus_emit_properties_changed_strv` take an `char **` not
`const char **` as last argument.
See `src/systemd/sd-bus.h` for the function definition.
Since OpenSSH 10.0p1, specifically
https://anongit.mindrot.org/openssh.git/commit/?id=487cf4c18c123b66c1f3f733398cd37e6b2ab6ab
ssh refuses comma in hostname by default.
Mike Yuan [Wed, 8 Jan 2025 12:50:35 +0000 (13:50 +0100)]
logind: drop session fifo logic, rely solely on pidfd for exit notification
Traditionally, logind installed a fifo in the PAM session and
used EOF on the fd as signal for session close. With the addition of
pidfd (76f2191d8eb54d7b9e39ab230c9c62b8a8c42265) however,
logind tracks the leader process and the session is terminated
as soon as that exits. I think the new behavior generally makes
more sense, and the behavior got changed *in the mentioned commit
already* without anyone ever showing up to complain. It hence
feels safe to kill the concept now (also before the varlink interface
gets rolled out).
Note that the 'PID' field in CreateSession() Varlink method
is now marked as strict, i.e. failure to acquire pidfd
is immediately treated as fatal.
Various changes made as part of trying to run include-what-you-use on the systemd repository (#37112)
I have been trying to run
https://github.com/include-what-you-use/include-what-you-use on the
systemd repository to hopefully get a handle on the rampant numbers of
includes we have in every file with no idea if any of the symbols coming
from that file are used or not.
While I haven't got it fully working yet, these changes still make sense
IMO and can be merged already.
Except the last commit, all other changes are about removing circular
dependencies between headers which trips up include-what-you-use.
Regardless of the tool, circular dependencies between headers are a code
smell and I think we should get rid of them regardless of whether we end
up using the tool or not.
tree-wide: Mark linux and sys includes as system includes
Even though these are in our tree, we should still treat them as
system includes which helps various tools (clangd, iwyu, ...) understand
that these are system includes and <> should be used instead of "".
Now that the necessary functions from log.h have been moved to macro.h,
we can stop including log.h in macro.h. This requires modifying source
files all over the tree to include log.h instead.
basic: Move assertion specific functions to assert-util.h
Various functions in log.h are only used by asserts, and there's
enough assertion related stuff in macro.h to justify a separate header
which also makes it easier to avoid circular dependencies.
Let's introduce assert-util.h and an accompanying fundamental header
and move all the assertion related stuff over there. PROJECT_FILE is
moved over to macro.h.
fundamental: Move alignment logic to memory-util-fundamental.h
Aligning is closely related to memory management, so let's move these
macros and functions to memory-util-fundamental.h. This will allow us
to move assertion related logic out of macro-fundamental.h as well in
a later commit.
basic: Move trivial cleanup/ref/unref macros from macro.h to memory-util.h
Let's keep macro.h for the extremely generic macros that don't fit anywhere
else. Since CLEANUP_ARRAY() is already in memory-util-fundamental.h, we can
make a good case for moving the other cleanup macros in there as well.
ssh-generator and ssh-proxy are great features, it is very handy to be
able to do:
ssh vsock/1
But, because of the '/' used as a separator, scp and rsync don't
interpret 'vsock/<CID>' as a hostname, e.g.
$ scp /etc/machine-id vsock/2222:.
cp: cannot create regular file 'vsock/2222:.': No such file or directory
$ rsync /etc/machine-id vsock/2222:.
rsync: [Receiver] change_dir#3 "(...)/vsock" failed: No such file or directory (2)
rsync error: errors selecting input/output files, dirs (code 3) at main.c(829) [Receiver=3.4.1]
An alternative is to use ',' as separator, e.g.
$ scp /etc/machine-id vsock,2222:.
This is what is being suggested here. The names with '/' are kept not to
break anything here.
Others are possible: '%', '=', '#', '@', ':', etc. As mentioned in
commit 0abd510f7f ("ssh-proxy: add ssh ProxyCommand tool that can
connect to AF_UNIX + AF_VSOCK sockets"), it is better to avoid ':' as it
is already taken by SSH itself when doing sftp, and "@" is already taken
for separating the user name. '#' will cause some issues with some
shells like ZSH when quotes are not used.
daemon-util: remove existing fds with the same name from fdstore
Currently, all use cases of notify_push_fd()/notify_push_fdf()
assume that the name of each fd in the fdstore is unique.
For safety, let's remove the existing fds before pushing a new one
to avoid multiple fds with the same name stored in the fdstore.
shutdown: handle gracefully if a device disappears while we detach it
Let's gracefully handle cases where a device disappears in the time we
between our discovery and when we want to detach it, due to "auto-clear"
or a similar logic.
The loopback case already handled this quite OK, do the same for MD and
swap too.
Switch to ERRNO_IS_DEVICE_ABSENT() for all checks, just in case.
Also improve debug logging for all these cases, so we know exactly what
is going on.
This is inspired by #37160, but shouldn't really fix anything there, I
am pretty sure the ENODEV seen in that output stems from the STOP_ARRAY
call, not from the open().
Note that this does not change anything for the device mapper case,
because the DM subsystem does not return useful error codes to
userspace, hence everything is a complete mess there.
Stefan Hansson [Sun, 13 Apr 2025 18:35:49 +0000 (20:35 +0200)]
missing_fcntl: Introduce O_ACCMODE_STRICT
On musl, O_ACCMODE is defined as (03|O_SEARCH), unlike glibc which
defines it as (O_RDONLY|O_WRONLY|O_RDWR). Additionally, O_SEARCH is
simply defined as O_PATH.
This causes problems for systemd on musl, as it changes the
behaviour of open_mkdir_at_full() to return -EINVAL if O_PATH is
included in flags due to the fact that O_ACCMODE includes O_SEARCH
(i.e. O_PATH). Consequently, this makes the test-fs-util test fail.
Upstream musl seems content with this behaviour and doesn't seem
interested in matching glibc's behaviour due to that defining it this
way allows for O_SEARCH to match POSIX better by allowing it to open
directories where read permission is missing. Apparently musl does some
emulation in other places to make this work more consistently as well.
Initially I took the approach of working around this by redefining
O_SEARCH as O_RDONLY if O_SEARCH == O_PATH. This fixes the test and is
the approach taken by both XZ[1] and Gzip[2][3], but was not taken as
redefining system headers potentially could be problematic.
Instead, introduce O_ACCMODE_STRICT which just is a copy of glibc's
O_ACCMODE and use it everywhere. This way we don't have to deal with
unusual definitions of O_ACCMODE from C standard libraries other than
glibc.
test: Use meson add_test_setup() instead of environment variables
We add a default test setup that excludes the integration-tests suite
so that the integration tests don't run by default. This allows us to
get rid of $SYSTEMD_INTEGRATION_TESTS. Then, we add two extra setups:
'integration' and 'shell'. The 'integration' setup does not exclude the
integration-tests suite, and so can be used to run the integration tests.
The 'shell' setup does the same, but additionally sets $TEST_SHELL=1,
allowing to get rid of $TEST_SHELL in the docs.
* dbb4020bee mkosi: Use tools tree by default in repository config
* a2407a305c dnf: Stop messing around with plugins
* eee382ebc6 Fix mkosi help
* 8d4f9969bb mkosi-obs: simplify generation of signed UEFI auth files
* 364dfc65eb Merge pull request #3661 from septatrix/ssh-runtime
|\
| * ab3b52841c Improve Ssh= documentation
| * 79878d7e6c Add new Ssh=auto and Ssh=runtime options
* 49036322c2 Merge pull request #3682 from DaanDeMeyer/history
|\
| * 96e512fe6e installer: Make sure package manager state is preserved in the image
| * b859a7cf0a Only copy repository metadata from specific subdirs from /var
| * c8bf8e4278 Rename cache_subdirs() to package_subdirs()
* | 54b59c4a2e Merge pull request #3696 from DaanDeMeyer/history-cli
|\ \
| * | 898d89e887 Rework version bumping
| * | cc45fe3bad Only write CLI arguments to history instead of full config
| * | 1def443097 Disallow using --rerun-build-scripts with --force again
| * | 87b03ee264 Rename get_configdir() to finalize_configdir()
| * | 9c1217a217 Get rid of to_json() methods on Args and Config
| |/
* | 124f551e77 mkosi-obs: do not publish roothash
* | fc86100e51 mkosi-obs: append certs from mkosi.uefi.db/ to 'db'
* | 8bee4cb8e2 Make sure sync scripts are executable
|/
* a7e90514fa Simplify tools tree out of date error
* f9956daba7 Fail if --rerun-build-scripts is used and tools is out of date
* d94bf56ae8 mkosi-initrd: add specific configuration for plymouth in Debian
* 8235ddbc5b Take shared lock in copy_ephemeral()
* 19c74d5ba5 Two follow ups for #3678
* 0d6f15e8c3 Merge pull request #3678 from DaanDeMeyer/history
|\
| * 5410c4c7af tests: Require genkey to be run once upfront
| * 86b8c611a1 tests: Drop unused tools field
| * c3d1bd0dde Rework history <=> sandbox integration
* fce4db970f zypper: display debugging output if ARG_DEBUG is set
* 2c052b9d45 Allow PCR signing settings to be overridden in sub-images
* 00c220225b zypper: do not fail if a package configured to be removed is not found
mkosi: Rename mkosi.prepare scripts for systemd deps to systemd.prepare
These scripts are reused by multiple images, so let's give them a
non-standard name to indicate that. Otherwise it's all too easy to add
something to mkosi.prepare for the main image and accidentally have it
included in all the subimages as well even though that's not desired.
netlink-socket: ignore ECHRNG/EXFULL errors from recvmsg_safe() if we expect truncation
When we receive a netlink messages from userspace we need to drop it
from the queue. Hence we need call recvmsg() on the socket for it. We do
this with a zero-size socket read() buffer, so that the message would be
truncated when copied to userspace, and we do not have to allocate any
memory for it, but it's still dropped.
This was broken in ad501930d749e00f9686d29692b3142c36914f31, which
turned datagram truncation into an error (rightfully so I think – for
the common case). That broke this code here, because here we *expect*
truncation, and need to handle it gracefully.
Hence simply check for the two error codes for truncated payload or
cdata, and eat it up.
RFC 4035 Section 4.2 requires that missing DS records are queried for in
the parent zone rather than the child zone, the old behaviour could
cause subdomains under home.arpa (RFC 8375) to fail validation.
This commit assumes that QDCOUNT = 1 as per RFC 9619
mkosi: Reuse main image prepare scripts in subimages
In the subimages we also want to make sure all dependencies of the
systemd packages are cached so reuse the same prepare scripts from
the main image to do that.
We only want required dependencies in the subimages, not recommended
or suggested dependendencies, so add an environment variable
$SYSTEMD_REQUIRED_DEPS_ONLY which the prepare scripts can check for
and enable it for the subimages.
mkosi: Make sure coreutils is installed in initrd/exitrd
This is already installed but Fedora/CentOS systems are nudged towards
installing coreutils-single which then later causes issues when we try
to install coreutils as a dependency of systemd so let's make sure we
pick coreutils from the beginning.
bootctl: replace --no-variables by --variables=BOOL
I think the current behaviour of not doing EFI variables when we are run
in a container makes a ton of sense, but in some cases it's useful to
do EFI var setup even when a set of namespaces is set up for us, for
example to recover a hosed installation from a rescue disk.
While we are at it, let's remove some duplicate checks, and
systematically output information why we skip various operations.
The walrus operator was introduced in python 3.9 so using it
accidentally bumped the minimum python version to 3.9 from 3.7 and
bluca still cares about keeping this working on 3.8 so let's remove
the usage of the walrus operator.
getxattr_at_malloc() calls getxattr_pinned_internal() with size 0 to get
the size of the xattr, and then asserts because n > 0
```
Assertion '(size_t) n <= size' failed at src/basic/xattr-util.c:107, function getxattr_pinned_internal().
```
projects / thirdparty / systemd.git / log
