summaryrefslogtreecommitdiffstats
path: root/meson.build (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make vcs-tag do something useful for non-developer mode as wellDaan De Meyer2024-07-221-4/+1
| | | | | | | | | | | | When building packages of arbitrary commits of systemd-stable, distributors might want to include a git sha of the exact commit they're on. Let's extend vcs-tag a little to make this possible. If we're on a commit matching a tag, don't generate a git sha at all. If we're not on a commit matching a tag, generate a vcs tag as usually. However, if we're not in developer mode, don't append a '^' if the tree is dirty to accomodate package builds applying various patches to the tree which shouldn't be considered as "dirty" edits.
* meson: fix missing failure if bpf-framework was enabledDominique Martinet2024-07-201-0/+3
| | | | | | | | | | | | If building with clang and clang does not support bpf, then enabling -Dbpf-framework=enabled would silently drop the feature (even printing bpf-framework: enabled in the meson build recap, and no message anywhere that'd hint at the failure!) This is unexpected, so add check to fail hard in this case. All other code paths (gcc, missing bpftool) properly check for the option, but it is not as easy for a custom command so check explicitly
* mkosi: Streamline running the integration tests without building systemdDaan De Meyer2024-07-181-0/+1
| | | | | | | | | | Let's document in detail how to build the integration test image and run the integration tests without building systemd. To streamline the process, we stop automatically using binaries from build/ when invoking mkosi directly and don't automatically use a tools tree anymore if systemd on the host is too old. Instead, we document these options in HACKING.md and change the mkosi meson target to automatically use the current build directory as an extra binary search path for mkosi.
* sd-varlink: make our internal Varlink API public as sd-varlink.[ch]Lennart Poettering2024-07-161-1/+2
| | | | | | | | | | It's time. sd-json was already done earlier in this cycle, let's now make sd-varlink public too. This is mostly just a search/replace job of epical proportions. I left some functions internal (mostly IDL handling), and I turned some static inline calls into regular calls.
* Merge pull request #33599 from keszybz/link-executor-staticallyZbigniew Jędrzejewski-Szmek2024-07-081-2/+2
|\ | | | | Link executor statically
| * meson: rename libbasic to libbasic_staticZbigniew Jędrzejewski-Szmek2024-07-031-2/+2
| | | | | | | | | | | | | | Our variables for internal libraries are named 'libfoo' for the shared lib variant, and 'libfoo_static' for the static lib variant. The only exception was libbasic, because we didn't have a shared variant for it. But let's rename it for consitency. This makes the build config easier to understand.
* | meson: Fix various versionsDaan De Meyer2024-07-041-9/+10
|/ | | | | | | | | Follow up for 8b3b01c4b7e0fde39b4be354990ee68f5e612c52 We switch to PROJECT_VERSION instead of PROJECT_VERSION_FULL where we report our version and which is likely being parsed to avoid breaking compat. If we didn't, the output would change from systemd 255 to systemd 255.1 which could break various tools.
* meson: Define __TARGET_ARCH macros required by bpfDaan De Meyer2024-07-031-7/+7
| | | | | | | | | These are required by the bpf_tracing.h header in libbpf, see https://github.com/libbpf/libbpf/blob/master/src/bpf_tracing.h. bpf_tracing.h does have a few fallbacks in case __TARGET_ARCH_XXX is not defined but recommends using the __TARGET_ARCH macros instead so let's do that.
* Drop support for nscdZbigniew Jędrzejewski-Szmek2024-06-281-2/+0
| | | | | | | | | | | | | nscd is known to be racy [1] and it was already deprecated and later dropped in Fedora a while back [1,2]. We don't need to support obsolete stuff in systemd, and the cache in systemd-resolved provides a better solution anyway. We announced the plan to drop nscd in d44934f3785ad9ca4aab757beb80a9b11ba4bc04. [1] https://fedoraproject.org/wiki/Changes/DeprecateNSCD [2] https://fedoraproject.org/wiki/Changes/RemoveNSCD The option is kept as a stub without any effect to make the transition easier.
* meson: Drop genkey targetDaan De Meyer2024-06-281-11/+1
| | | | | | | | | | | | | | | | | | | In mkosi.images/system/mkosi.conf, we configure the certificate as an extra tree so it's available inside the image. However, we pick up the certificate from the top level repository directory and not from the build directory where it is generated by the genkey meson target. We currently have no way to access the build directory that mkosi was invoked from when parsing the configuration file. Thus we have no way to specify the correct location to the certificate when it's located in the build directory. For now, let's look for the key and certificate in the top level repository root directory and drop the genkey target. We don't have to change the Github Actions CI because it already runs genkey manually before the image build (which is something we forgot to remove when introducing the genkey target and is the reason this didn't cause issues before).
* core/exec-invoke: use sched_setattr instead of sched_setschedulerFlorian Schmaus2024-06-261-0/+3
| | | | | | | | | | | | | | | | The kernel's sched_setattr interface allows for more control over a processes scheduling attributes as the previously used sched_setscheduler interface. Using sched_setattr is also the prerequisite for support of utilization clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter, sched_runtime, will probably become a relevant scheduling parameter of the EEVDF scheduler [2, 3], and therefore will not only apply to processes scheduled via SCHED_DEADLINE, but also for processes scheduled via SCHED_OTHER/SCHED_BATCH (i.e., most processes). 1: https://docs.kernel.org/next/scheduler/sched-util-clamp.html 2: https://lwn.net/Articles/969062/ 3: https://lwn.net/ml/linux-kernel/20240405110010.934104715@infradead.org/
* meson: bpf: propagate 'sysroot' for cross compilationJohannes Schneider2024-06-211-0/+1
| | | | | | | | | During cross-compilation of systemd, the compiler used to build the bpf's needs to be pointed at the correct include searchpath. Which can be done by passing the corresponding directory in through the cflags; for example in yocto/bitbake this would work: CFLAGS += "--sysroot=${STAGING_DIR_TARGET}" Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
* various: move const ptr indicator to return valueZbigniew Jędrzejewski-Szmek2024-06-191-1/+1
|
* libsystemd: turn json.[ch] into a public APILennart Poettering2024-06-121-0/+2
| | | | | | | | | | | | | | | This is preparation for making our Varlink API a public API. Since our Varlink API is built on top of our JSON API we need to make that public first (it's a nice API, but JSON APIs there are already enough, this is purely about the Varlink angle). I made most of the json.h APIs public, and just placed them in sd-json.h. Sometimes I wasn't so sure however, since the underlying data structures would have to be made public too. If in doubt I didn#t risk it, and moved the relevant API to src/libsystemd/sd-json/json-util.h instead (without any sd_* symbol prefixes). This is mostly a giant search/replace patch.
* repart: Use crypt_reencrypt_run() if availableDaan De Meyer2024-06-121-0/+1
| | | | | crypt_reencrypt() is deprecated, so let's look for and prefer crypt_reencrypt_run() if it is available.
* meson: Pass -Wno-deprecated-declarations when detecting libcryptsetup functionsDaan De Meyer2024-06-031-0/+3
| | | | Otherwise we fail to detect crypt_reencrypt() if -Werror is used.
* meson: add static libs to libudev/libsystemd target aliasesLuca Boccassi2024-06-011-4/+12
| | | | | If static libraries are enabled, then group them in the build target together with the shared libraries, to match the install tags.
* meson: add alias targets to group nss and pam modulesLuca Boccassi2024-05-311-0/+15
| | | | | | Add aliases grouping these modules, so that they can be built without knowing the SONAME version in advance. Match the install tag names.
* meson: fix commentZbigniew Jędrzejewski-Szmek2024-05-311-1/+1
|
* Merge pull request #33008 from fbuihuu/optionally-link-ssh-dropinsZbigniew Jędrzejewski-Szmek2024-05-281-0/+2
|\ | | | | Optionally link ssh dropins
| * meson: don't put a symlink pointing to '20-systemd-userdb.conf' in /etc in ↵Franck Bui2024-05-271-0/+1
| | | | | | | | | | | | | | all cases It's only needed on distros where sshd doesn't support drop-ins in /usr, which is not the case on SUSE.
| * meson: don't put a symlink pointing to '20-systemd-ssh-proxy.conf' in /etc ↵Franck Bui2024-05-271-0/+1
| | | | | | | | | | | | | | | | in all cases On distros like SUSE where ssh config dropins in /usr are supported, there's no need for a symlink in /etc/ssh/ssh_config.d/ that points to the dropin installed somewhere in /usr (that is not reachable by ssh).
* | meson: Run genkey command with --forceDaan De Meyer2024-05-271-1/+1
| | | | | | | | | | Sometimes meson decides to rerun the command even if the files already exist. Let's run with --force so we don't fail if that's the case.
* | meson: Add genkey targetDaan De Meyer2024-05-271-1/+11
| | | | | | | | | | Let's automatically generate keys instead of requiring developers to do it manually.
* | meson: Look up mkosi onceDaan De Meyer2024-05-271-1/+1
|/
* libsystemd: link with '-z nodelete'Michal Sekletar2024-05-221-0/+2
| | | | | | | We want to avoid reinitialization of our global variables with static storage duration in case we get dlopened multiple times by the same application. This will avoid potential resource leaks that could have happened otherwise (e.g. leaking journal socket fd).
* pidfd: properly detect if libc offers pidfd syscalls and make use of them thenLennart Poettering2024-05-081-2/+4
| | | | | We never updated the meson checks when glibc finally learned about these syscalls, address that.
* tree-wide: add dlopen ELF notes to all dlopen() deps of oursLennart Poettering2024-05-081-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use 'recommended' priority for the default compression library, to indicate that it should be prioritized over the other ones, as it will be used to compress journals/core files. Also use 'recommended' for kmod, as systems will likely fail to boot if it's missing from the initrd. Use 'suggested' for everything else. There is one dlopen'ed TPM library that has the name generated at runtime (depending on the driver), so that cannot be added, as it needs to be known at build time. Also when we support multiple ABI versions list them all, as for the same reason we cannot know which one will be used at build time. $ dlopen-notes.py build/libsystemd.so.0.39.0 build/src/shared/libsystemd-shared-256.so libarchive.so.13 suggested libbpf.so.0 suggested libbpf.so.1 suggested libcryptsetup.so.12 suggested libdw.so.1 suggested libelf.so.1 suggested libfido2.so.1 suggested libgcrypt.so.20 suggested libidn2.so.0 suggested libip4tc.so.2 suggested libkmod.so.2 recommended liblz4.so.1 suggested liblzma.so.5 suggested libp11-kit.so.0 suggested libpcre2-8.so.0 suggested libpwquality.so.1 suggested libqrencode.so.3 suggested libqrencode.so.4 suggested libtss2-esys.so.0 suggested libtss2-mu.so.0 suggested libtss2-rc.so.0 suggested libzstd.so.1 recommended Co-authored-by: Luca Boccassi <bluca@debian.org>
* test: Only set environment variable if integration tests are enabled.Daan De Meyer2024-05-061-8/+8
| | | | | | | | | If we set it to '0' if integration tests are not enabled then we can't enable them from the command line since environment from meson takes priority over environment variables from the command line. We also rename the related variables to avoid conflicts with the existing integration_tests variable.
* meson: Remove --debug from mkosi argumentsDaan De Meyer2024-05-051-1/+0
| | | | | The exit status issue for which we introduced this was fixed so let's remove --debug again to make the meson output less verbose.
* meson: bump libbpf dependency to 1.4.0 when using gccLuca Boccassi2024-04-301-1/+1
| | | | | | | | | | | | | bpf_core_type_id_kernel() needs libbpf 1.4.0 when building with gcc rather than clang, so bump the dependency accordingly. More precisely, the following change is needed: https://github.com/libbpf/libbpf/commit/b19fdbf1be21a28f88740375a575ebd9dfbea68f Related to: https://github.com/systemd/systemd/issues/31869 Follow-up for 8aee931e7ae1adb01eeac0e1e4c0aef6ed3969ec
* meson: copy prefix mapping CFLAGS when building BPF objectsLuca Boccassi2024-04-291-0/+18
| | | | Otherwise the filenames will contain variable paths and break reproducibility
* meson: define 's390' for 's390x' when building BPF objectsLuca Boccassi2024-04-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | The kernel headers match on __s390__ so the build fails ../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:159:6: error: Must specify a BPF target arch via __TARGET_ARCH_xxx void BPF_KPROBE(userns_restrict_free_user_ns, struct work_struct *work) { ^ /usr/include/bpf/bpf_tracing.h:817:20: note: expanded from macro 'BPF_KPROBE' return ____##name(___bpf_kprobe_args(args)); \ ^ /usr/include/bpf/bpf_tracing.h:797:41: note: expanded from macro '___bpf_kprobe_args' ^ /usr/include/bpf/bpf_helpers.h:195:29: note: expanded from macro '___bpf_apply' ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) /usr/include/bpf/bpf_tracing.h:789:72: note: expanded from macro '___bpf_kprobe_args1' ^ /usr/include/bpf/bpf_tracing.h:563:29: note: expanded from macro 'PT_REGS_PARM1' ^ <scratch space>:125:6: note: expanded from here GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx"
* meson: update version numbers for 256~rc1Luca Boccassi2024-04-251-2/+2
|
* meson: Properly check dependencies of mkosi targetDaan De Meyer2024-04-251-6/+15
| | | | | | | Let's insist on mkosi being found if the integration-tests option is enabled and let's only add dependencies on systemd-journal-remote and systemd-measure if they're being built. Drop ukify from the list as its part of public_programs.
* mkosi: Build images with --debug to aid debugging in CIRichard Maw2024-04-241-0/+1
|
* test: Various mkosi integration test improvementsDaan De Meyer2024-04-231-5/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Stop using logging module since the default output formatting is pretty bad. Prefer print() for now. - Log less, logging the full mkosi command line is rather verbose, especially when it contains multi-line dropins. - Streamline the journalctl command we output for debugging failed tests. - Don't force usage of the disk image format. - Don't force running without unit tests. - Don't force disabling RuntimeBuildSources. - Update documentation to streamline the command for running a single test and remove sudo as it's not required anymore. - Improve the console output by having the test unit's output logged to both the journal and the console. - Disable journal console log forwarding as we have journal forwarding as a better alternative. - Delete existing journal file before running test. - Delete journal files of succeeded tests to reduce disk usage. - Rename system_mkosi target to just mkosi - Pass in mkosi source directory explicitly to accomodate arbitrary build directory locations. - Add test interactive debugging if stdout is connected to a tty - Stop explicitly using the 'system' image since it'll likely be dropped soon. - Only forward journal if we're not running in debugging mode. - Stop using testsuite.target and instead just add the necessary extras to the main testsuite unit via the credential dropin. - Override type to idle so test output is not interleaved with status output. - Don't build mkosi target by default - Always add the mkosi target if mkosi is found - Remove dependency of the integration tests on the mkosi target as otherwise the image is always built, even though we configure it to not be built by default. - Move mkosi output, cache and build directory into build/ so that invocations from meson and regular invocations share the same directories. - Various aesthetic cleanups.
* test: Add mkosi-based integration test runnerRichard Maw2024-04-181-0/+12
| | | | | The first two tests are included to ensure parallel test execution is demonstrable.
* mountfsd: add new systemd-mountfsd componentLennart Poettering2024-04-061-0/+5
|
* nsresourced: add new daemon for granting clients user namespaces and ↵Lennart Poettering2024-04-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | assigning resources to them This adds a small, socket-activated Varlink daemon that can delegate UID ranges for user namespaces to clients asking for it. The primary call is AllocateUserRange() where the user passes in an uninitialized userns fd, which is then set up. There are other calls that allow assigning a mount fd to a userns allocated that way, to set up permissions for a cgroup subtree, and to allocate a veth for such a user namespace. Since the UID assignments are supposed to be transitive, i.e. not permanent, care is taken to ensure that users cannot create inodes owned by these UIDs, so that persistancy cannot be acquired. This is implemented via a BPF-LSM module that ensures that any member of a userns allocated that way cannot create files unless the mount it operates on is owned by the userns itself, or is explicitly allowelisted. BPF LSM program with contributions from Alexei Starovoitov.
* build-sys: pick up vmlinux.h from running kernel BTF or userLennart Poettering2024-04-061-0/+73
|
* Merge pull request #31131 from poettering/dlopen-kmodLuca Boccassi2024-04-061-0/+1
|\ | | | | turn libkmod into a dlopen() dependency, too
| * libkmod: turn into dlopen() dependencyLennart Poettering2024-04-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As it turns out libkmod has quite a bunch of deps, including various compressing libs and similar. By turning this into a dlopen() dependency, we can make our depchain during install time quite a bit smaller. In particular as inside of containers kmod doesn't help anyway as CAP_SYS_MODULE is not available anyway. While we are at it, also share the code that sets up logging/kmod context. After: $ lddtree ./build/systemd systemd => ./build/systemd (interpreter => /lib64/ld-linux-x86-64.so.2) libsystemd-core-255.so => ./build/src/core/libsystemd-core-255.so libaudit.so.1 => /lib64/libaudit.so.1 libcap-ng.so.0 => /lib64/libcap-ng.so.0 ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 libm.so.6 => /lib64/libm.so.6 libmount.so.1 => /lib64/libmount.so.1 libblkid.so.1 => /lib64/libblkid.so.1 libseccomp.so.2 => /lib64/libseccomp.so.2 libselinux.so.1 => /lib64/libselinux.so.1 libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 libsystemd-shared-255.so => /home/lennart/projects/systemd/build/src/shared/libsystemd-shared-255.so libacl.so.1 => /lib64/libacl.so.1 libattr.so.1 => /lib64/libattr.so.1 libcap.so.2 => /lib64/libcap.so.2 libcrypt.so.2 => /lib64/libcrypt.so.2 libgcrypt.so.20 => /lib64/libgcrypt.so.20 libgpg-error.so.0 => /lib64/libgpg-error.so.0 liblz4.so.1 => /lib64/liblz4.so.1 libcrypto.so.3 => /lib64/libcrypto.so.3 libz.so.1 => /lib64/libz.so.1 libpam.so.0 => /lib64/libpam.so.0 libeconf.so.0 => /lib64/libeconf.so.0 liblzma.so.5 => /lib64/liblzma.so.5 libzstd.so.1 => /lib64/libzstd.so.1 libc.so.6 => /lib64/libc.so.6 Before: $ lddtree ./build/systemd systemd => ./build/systemd (interpreter => /lib64/ld-linux-x86-64.so.2) libsystemd-core-255.so => ./build/src/core/libsystemd-core-255.so libaudit.so.1 => /lib64/libaudit.so.1 libcap-ng.so.0 => /lib64/libcap-ng.so.0 ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 libkmod.so.2 => /lib64/libkmod.so.2 libzstd.so.1 => /lib64/libzstd.so.1 liblzma.so.5 => /lib64/liblzma.so.5 libz.so.1 => /lib64/libz.so.1 libcrypto.so.3 => /lib64/libcrypto.so.3 libgcc_s.so.1 => /lib64/libgcc_s.so.1 libm.so.6 => /lib64/libm.so.6 libmount.so.1 => /lib64/libmount.so.1 libblkid.so.1 => /lib64/libblkid.so.1 libseccomp.so.2 => /lib64/libseccomp.so.2 libselinux.so.1 => /lib64/libselinux.so.1 libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 libsystemd-shared-255.so => /home/lennart/projects/systemd/build/src/shared/libsystemd-shared-255.so libacl.so.1 => /lib64/libacl.so.1 libattr.so.1 => /lib64/libattr.so.1 libcap.so.2 => /lib64/libcap.so.2 libcrypt.so.2 => /lib64/libcrypt.so.2 libgcrypt.so.20 => /lib64/libgcrypt.so.20 libgpg-error.so.0 => /lib64/libgpg-error.so.0 liblz4.so.1 => /lib64/liblz4.so.1 libpam.so.0 => /lib64/libpam.so.0 libeconf.so.0 => /lib64/libeconf.so.0 libc.so.6 => /lib64/libc.so.6
* | meson: set -fno-ssa-phiopt when building bpf with gccLuca Boccassi2024-04-051-0/+1
|/ | | | | | | | There are bugs in the kernel verifier that cause legitimate code to be rejected, disabling this optimization makes bpf programs built with a new enough gcc work again. Fixes https://github.com/systemd/systemd/issues/31888
* ssh-generator: create privsep dir via tmpfiles.d/ if we are told toLennart Poettering2024-04-031-0/+5
| | | | | | | | | | | | | | | | | | To make it easy to have a workable ssh-generator on various distros, let's optionally generate the ssh privsep dir via tmpfiles.d/ drop-in. This enables the concept with a path of /run/sshd/ as default. This is the path Debian/Ubuntu uses, and means that we just work on those distros. Debian/Ubuntu is the only distro (apparently?) that puts the privsep dir under /run/, hence always needs the dir to be created manually. Other distros don't need it that much, because they place the dir in /usr/ (fedora, best choice!) or /var/ (others, not ideal, because still mutable). Also adds a longer explanation about this in NEWS, in the hope that distro maintaines read that and maybe start cleaning this up. Alternative to: #31543
* gcrypt: dlopenify for libsystemdLuca Boccassi2024-04-031-4/+5
| | | | | | | | | gcrypt is used only for journal sealing operations in libsystemd, so it can be made into a dlopen dependency that is used only on demand. This allows to reduce the footprint of libsystemd in the most common cases. Keep systemd-pull and systemd-resolved with normal linking, as they are executables, and usually built with OpenSSL support anyway.
* Merge pull request #31552 from AdrianVovk/homed-update-policy-v2-splitLuca Boccassi2024-03-241-2/+4
|\ | | | | Homed update policy: offline updates & use keyring
| * homework: Always upload volume key to keyringAdrian Vovk2024-03-231-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit makes homework always upload the LUKS volume key into the kernel keyring. This is different from previous behavior in three notable ways: - Previously, we'd only upload if auto-resize was on. In preparation for upcoming changes, now we always upload - Previously, we'd upload the user's actual password (or a password obtained from a FIDO key or similar). Now, we upload the LUKS volume key itself, to remove a layer of unnecessary indirection. - Previously, Lock() wouldn't remove the key from the kernel keyring. This, of course, defeats the purpose of Lock(), so now it removes the key This commit also allows the LUKS volume to be unlocked using the volume key we obtained from the keyring.
* | Fix bpf-framework build failure with gcc-bpfMichael Biebl2024-03-231-2/+1
| | | | | | | | | | | | | | | | | | | | The -mkernel option was dropped in https://github.com/gcc-mirror/gcc/commit/da445a5858299ed2a72af1089c225a438ab93ce2 We also need to ensure that the include paths are properly set for the linux kernel headers. Fixes: #31869
* | efi: check if all sections of our EFI binaries are properly alignedFrantisek Sumsal2024-03-221-0/+1
|/