| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* `<sys/poll.h>` is not specified in POSIX
|
|
|
|
|
|
When copying large directory trees it should be a better idea to sync
the whole fs once when we are done instead of individually for each
file, hence add COPY_SYNCFS.
As opposed to COPY_FSYNC/COPY_FSYNC_FULL this only really applies to the
top-level directory, after completion of the whole copy.
|
|
As a safety precaution it makes sense to fsync() files after copying
them, and maybe even the directories they are contained in. Let's add a
flag for these two cases.
|
|
let's make sure we only operate on regular files when copying files.
Also, make sure to copy file attributes only over if target is a regular
file (so that copying a file to /dev/null won't alter the access
mode/ownership of that device node...)
|
|
(This might not look like a big improvement, but will shortly, when we
add fsync() support to the copy logic, at which point there are more
error paths we can unify that way.)
While we are at it, tweak a clean-up path: only unlink a copied file if
we are definitely the ones who created them, i.e. if O_EXCL is set.
|
|
Fixes: #18599
|
|
* `<sys/fcntl.h>` is not specified in POSIX
|
|
PR #20176 broke building of the cryptsetup token logic. This wasn't
noticed before the PR was merged, because the only CIs new enough to be
able to build the token logic (the Fedora Rawhide ones) didn't actually
run at all on the PR.
Let's add the missing hookup for the TPM2 PCR bank logic also to the
token module, to make the CI pass again.
|
|
Observed as a crash on binaries built with gcc-master:
```
3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0,
elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157
4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=<optimized out>,
name=0x5573b901a620 "/a", start=<optimized out>, arg=0x7fffc688f790)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:306
5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0,
callback=callback@entry=0x5573b8841eb0 <module_callback>, arg=arg@entry=0x7fffc688f790, offset=offset@entry=0)
at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86
6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850,
executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366
7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850,
ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848)
at ../systemd-stable-249.2/src/coredump/stacktrace.c:406
8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990,
input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827
9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041
10 run (argv=<optimized out>, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416
11 main (argc=-964101648, argv=<optimized out>) at ../systemd-stable-249.2/src/coredump/coredump.c:1422
```
Happens only on enabled elfutils symbolizer.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
|
Noticed by @behrmann: https://github.com/systemd/systemd/pull/20156#discussion_r667451006
|
|
Previously, we'd encode PCR policies strictly with the SHA256 PCR bank
set. However, as it appears not all hw implement those. Sad.
Let's add some minimal logic to auto-detect supported PCR banks: if
SHA256 is supported, use that. But if not, automatically fall back to
SHA1.
This then changes both the LUKS code, and the credentials code to
serialize the selected bank, along with the rest of the data in order to
make this robust.
This extends the LUK2 JSON metadata in a compatible way. The credentials
encryption format is modified in an incompatible way however, but given
that this is not part of any official release should be OK.
Fixes: #20134
|
|
|
|
Boot loaders are software like any other, and hence muse be updated in
regular intervals. Let's add a simple (optional) service that updates
sd-boot automatically from the host if it is found installed but
out-of-date in the ESP.
Note that traditional distros probably should invoke "bootctl update"
directly from the package scripts whenver they update the sd-boot
package. This new service is primarily intended for image-based update
systems, i.e. where the rootfs or /usr are atomically updated in A/B
style and where the current boot loader should be synced into the ESP
from the currently booted image every now and then. It can also act as
safety net if the packaging scripts in classic systems are't doing the
bootctl update stuff themselves.
Since updating boot loaders mit be a tiny bit risky (even though we try
really hard to make them robust, by fsck'ing the ESP and mounting it only on
demand, by doing updates mostly as single file updates and by fsync()ing
heavily) this is an optional feature, i.e. subject to "systemctl
enable". However, since it's the right thing to do I think, it's enabled
by default via the preset logic.
Note that the updating logic is implemented gracefully: i.e. it's a NOP
if the boot loader is already new enough, or was never installed.
|
|
current and --graceful is given
Previously, the "bootctl update" logic would refrain from downrgading a
boot loader, but if the boot loader that is installed already matched
the version we could install we'd install it anyway, under the
assumption this was effectively without effect. This behaviour was handy
while developing boot loaders, since installing a modified boot loader
didn't require a version bump.
However, outside of the systems of boot loader developers I don't think
this behaviour makes much sense: we should always emphasize doing
minimal changes to the ESP, hence when an update is supposedly not
necessary, then don't do it. Only update if it really makes sense, to
minimize writes to the ESP. Updating the boot loader is a good thing
after all, but doing so redundantly is not.
Also, downgrade the message about this to LOG_NOTICE, given this
shouldn't be a reason to log.
Finally, exit cleanly in this cases (or if another boot loader is
detected)
|
|
|
|
let's share some code between import_url_last_component() and
import_url_change_last_component(), and make sure we never eat up the
hostname component of the URL when parsing out the last component.
Let's also make import_url_change_last_component() more generic so that
we can also use it for append components to paths, instead of replacing
suffixes.
|
|
This one is useful for a outputs with a slightly more "positive"
outlook, i.e. where only the checkmarks are shown but the crossmarks are
replaced by spaces.
(Usecase: a larger table with many checkmarks, where the red crossmarks
might just be too much negative noise)
|
|
|
|
This splits out rm_rf_children_inner() as body of the loop. We can use
that to implement rm_rf_child() for deleting one specific entry in a
directory.
|
|
|
|
Now that CONST_MAX() is a bit more foregiving, let's stick to the native
return type of sizeof() everywhere, which is size_t, instead of casting
to "unsigned", so that on the common archs we don't unnecessarily lose
the upper 32bits.
This semi-reverts d3e40294572512810c9329933a488619e7ce22fd.
|
|
This checked for strict type compatibility so far, which mean CONST_MAX()
couldn't be used on two differently signed integers, even though
conceptually there's nothing wrong with allowing that here, as C
correctly picks the larger type in the ternary op.
hence, let's explicitly whitelist integer comparisons here, as long as
the signedness matches.
|
|
s390x uses BRAS(L) instead of CALL(Q), e.g.:
```
1009528: c0 e5 ff ff f8 a0 brasl %r14,1008668 <__asan_report_load1@plt>
10095f0: c0 e5 ff ff ea ec brasl %r14,1006bc8 <__asan_stack_malloc_4@plt>
10097f8: c0 e5 ff ff f8 f8 brasl %r14,10089e8 <__asan_report_load8@plt>
```
x86_64 for reference:
```
4011f3: e8 48 fe ff ff callq 401040 <__asan_report_load1@plt>
401227: e8 24 fe ff ff callq 401050 <__asan_report_load8@plt>
401251: e8 da fd ff ff callq 401030 <__asan_init@plt>
```
|
|
Let's use size_t for stuff we count in memory. This doesn't matter much,
but is certainly more correct and less eyebrow-raising.
Follow-up for: 846f1da465beda990c1c01346311393f485df467
See: https://github.com/systemd/systemd/pull/20273#discussion_r679250180
|
|
These semi-reverts 2744c7bb0176dc6b86a69acd4c449ea9e269e097
|
|
Inspired by: 2744c7bb0176dc6b86a69acd4c449ea9e269e097
|
|
Follow-up to 99c645b81aa47899ae3e0f920947a7d86cca5a86.
|
|
We call "systemctl set-property … Markers=+needs-restart" and this should
also work for globs, e.g. "user@*.service" or "syncthing@*.service".
https://bugzilla.redhat.com/show_bug.cgi?id=1986258
|
|
vtable structure
Follow-up for: #20253
|
|
We use multiples of 8 spaces indentation in our C code, do it here too.
|
|
Before this patch, there was no way to request all running user instances for
reexecuting. However this can be useful especially during package updates
otherwise user instances are never updated and keep running a potentially very
old version of the binaries.
Now assuming that we have enough priviledge, it's possible to request
reexecution of all user instances:
systemctl kill --signal=SIGRTMIN+25 "user@*.service"
Note that this request is obviously asynchronous as it relies on a
signal. Keeping "systemctl kill" as the only interface should be good enough to
make this obvious and that's the reason why another interface, such as
"systemctl --global daemon-reexec" has not been considered.
PID1 already uses SIGTERM for reexecuting hence sending it SIGRTMIN+25 is a
nop.
|
|
|
|
This reverts commit 6bf3c6c9007ca87376d5dff1e029186a38736cdc.
|
|
|
|
|
|
As per request from Dell, we need to use sku property of modalias that
is patched into linux 5.13 for model identification:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e26f023e01ef26b4138bc1099af309bdc4523d23
|
|
Otherwise LGTM fails to detect the build system:
```
[2021-07-27 23:18:47] [build-stdout] The Meson build system
[2021-07-27 23:18:47] [build-stdout] Version: 0.51.2
[2021-07-27 23:18:47] [build-stdout] Source dir: /opt/src
[2021-07-27 23:18:47] [build-stdout] Build dir: /opt/src/_lgtm_build_dir
[2021-07-27 23:18:47] [build-stdout] Build type: native build
[2021-07-27 23:18:47] [build-stdout] meson.build:3:0: ERROR: Meson version is 0.51.2 but project requires >= 0.53.2
[2021-07-27 23:18:47] [build-stdout] A full log can be found at /opt/src/_lgtm_build_dir/meson-logs/meson-log.txt
```
|
|
The text used "unit's view" to mean mount namespace. But we talk about
mount namespaces in the later part of the paragraph anyway, so trying to
use an "approachable term" only makes the whole thing harder to understand.
Let's use the precise term.
Some paragraph-breaking and re-indentation is done too.
|
|
The output is similar to our hand-crafted status message, but it's nice to use
the built-in functionality. After all, it was amended during development to
support our use case.
|
|
This undoes part of 4c890ad3cc7b3445683d7b52bc00e4a58bef5e94: the
implementations of update-dbus-docs and update-man-rules are moved back to
man/meson.build, and alias_target() is used to keep the visible target names
unchanged.
The rules for man pages are reworked so that it's possible to invoke the
targets even if xstlproc is not available. After all, xsltproc is only needed
for the final formatted output, and not other processing.
|
|
It was added in meson 0.52.0, and fits very nicely here.
See https://mesonbuild.com/Release-notes-for-0-52-0.html#alias_target.
|
|
It is nicer and shorter.
|
|
|
|
The FIXME was not correct: with 'dirs' we'd put the fixed path first
(see the docs for find_program()).
|
|
As documented in /meson.build where the variable is defined,
meson.build_root() doesn't work as expected with project nesting. I have
no idea why anyone would want to embed systemd in another meson project,
but let's use the variable if we have it.
|
|
See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739
In general, we shouldn't blanket move syscalls like this into @default,
given that glibc actually does have fallbacks, afaics. However, as
long as the syscalls are "read-only" and thus benign, I figure it's a
safe thing to do. But we should probably stick to a "if in doubt, don't"
rule, and put these syscalls in @system-service as default, but not into
@default.
I think in the real world @system-service is the sensible group people
should use, and not @default actually.
|
|
It's included in @default now, since
14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service
pulls that in we can drop it from @system-service.
Follow-up for #20191
|
