| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prompted by #29972, because right now it's practically impossible to pass
-fno-sanitize=function to the fuzzer targets without some extensive
sed'ing.
This splits both c_args and cpp_args to separate arguments for
tools/meson-build.sh, because the other way would be to use `eval`, so
the space-separated but quoted strings passed to these options are not
split where they shouldn't, and I'd rather avoid using `eval` if
possible.
Also, this switches the positional arguments we pass to `meson setup`,
as they were in incorrect order (docs say it should be buildir followed
by sourcedir); meson is apparently clever enough to figure this out and
switch the arguments around if necessary, so it didn't complain.
|
| |\ \ \
| | | |
| | | | |
repart: add --tpm2-seal-key= support, matching the recently added support cryptenroll has
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
tpm2: make SRK easily accessible for use with systemd-cryptenroll --tpm2-device-key=
|
| | |/ / / |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let's just rely on the word splitting done by bash instead of messing
with that ourselves, as it's just adding extra complexity to appease one
ShellCheck check. Also, this apparently never worked for the nspawn
stuff anyway, since I forgot to set $IFS to an appropriate value, so it
always put all arguments from $KERNEL_APPEND into a single array item
with an extra newline, which then made systemd sad:
~# readarray arr <<< "foo bar baz"; for i in "${arr[@]}"; do echo "'$i'"; done
'foo bar baz
'
~# make -C test/TEST-45-TIMEDATE/ clean setup run BUILD_DIR=$PWD/build TEST_NO_QEMU=1 KERNEL_APPEND="systemd.log_level=console"
...
~# journalctl -o short-monotonic --no-hostname --file /var/tmp/systemd-tests/systemd-test.XaDX67/system.journal --grep "Failed to parse" -p info --no-pager
[551138.986882] systemd-tmpfiles[21]: Failed to parse log level 'console
[551138.987179] systemd-remount-fs[20]: Failed to parse log level 'console
[551138.993125] systemd-sysusers[23]: Failed to parse log level 'console
[551138.998685] journalctl[29]: Failed to parse log level 'console
Resolves: #29945
|
| |\ \ \ \
| |_|/ /
|/| | | |
network: fix json output
|
| | | |/
| |/| |
|
| | |/
|/|
| |
| |
| | |
This also makes sure the first signal doesn't "spill" over into the
second check.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's use the newly gained feature of `busctl` and start is as a
Type=notify unit, which should make sure the unit is started only after
`busctl` is on the bus listening for messages.
This should help with a race spotted in CIs, where we continued too
early after starting `busctl monitor` and miss the emitted signals:
[ 10.914831] testsuite-45.sh[694]: + systemd-run --unit busctl-monitor.service --service-type=exec busctl monitor --json=short '--match=type='\''signal'\'',sender=org.freedesktop.timesync1,member='\''PropertiesChanged'\'',path=/org/free>
[ 11.064365] systemd[1]: Starting busctl-monitor.service...
[ 11.064903] systemd[1]: Started busctl-monitor.service.
[ 11.065192] testsuite-45.sh[740]: Running as unit: busctl-monitor.service; invocation ID: ee44a9d713c34b9a97e3e7f6f4fffe77
...
[ 11.069255] testsuite-45.sh[694]: + timedatectl ntp-servers ntp99 10.0.0.1
[ 11.077140] systemd-timesyncd[728]: Network configuration changed, trying to establish connection.
[ 11.077461] testsuite-45.sh[694]: + assert_networkd_ntp ntp99 10.0.0.1
...
[ 11.087418] testsuite-45.sh[694]: + assert_timesyncd_signal '2023-11-08 16:28:48.861455' LinkNTPServers 10.0.0.1
...
[ 11.095543] testsuite-45.sh[694]: + for _ in {0..9}
[ 11.095543] testsuite-45.sh[694]: + journalctl -q '--since=2023-11-08 16:28:48.861455' -p info _SYSTEMD_UNIT=busctl-monitor.service --grep .
[ 11.193258] systemd-journald[375]: Received client request to sync journal.
[ 11.112424] testsuite-45.sh[694]: + sleep .5
[ 11.160318] dbus-daemon[465]: [system] Connection :1.56 (uid=0 pid=741 comm="/usr/bin/busctl monitor --json=short --match=type=") became a monitor.
Resolves: #29923
|
| |/ |
|
| |
|
|
|
|
|
|
| |
41e4ce06fe shortened existing sleeps, which resulted in the check being
sometimes done before the property had a chance to update. Let's do what
what we do with the rest of the checks and retry it a couple of times.
Resolves: #29923
|
| |\
| |
| | |
Update systemd-cryptenroll to enroll TPM using only public key
|
| | |
| |
| |
| | |
Update test to check systemd-cryptenroll --tpm2-device-key= enrollment.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
removed after test
The cleanup uses PERSISTENT_HANDLE while the test uses PERSISTENT, so change
the test to use PERSISTENT_HANDLE so it's cleaned up (i.e. removed from the
tpm) after the test.
|
| | |
| |
| |
| |
| |
| |
| | |
Otherwise, parsing may unexpectedly succeeds but fail to run writing
.network files with permission error.
Follow-up for 6bc5de53e8410fdec817300185b7ad72cd7775dd.
|
| | | |
|
| |\ \
| | |
| | | |
timesync: fix PropertiesChanges signals for NTP properties
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As in their current form they didn't work at all:
systemd-timesyncd[190115]: Assertion 's' failed at src/libsystemd/sd-event/sd-event.c:3058, function sd_event_source_set_enabled(). Ignoring.
systemd-timesyncd[190115]: Failed to reenable system ntp server change event source!
systemd-timesyncd[190115]: Failed to enable ntp server defer event, ignoring: Invalid argument
This was also pointed out in the post-merge review [0].
Let's address this together with the rest of the comments, and add
some tests to make sure everything works as it should.
Resolves: #28770
Follow-up to: 8f1c446
[0] https://github.com/systemd/systemd/commit/8f1c4469793f2f0281fdfbc20ba4085e20cdd16f#r124147466
|
| | |/ |
|
| |\ \
| | |
| | | |
core: allow using seccomp without no_new_privs when unprivileged
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
When starting a service with a non-root user and a SystemCallFilter and
other settings (like ProtectClock), the no_new_privs flag should not be set.
Also, test that CapabilityBoundingSet behaves correctly, since we need
to preserve some capabilities to do the seccomp filter and restore the
ones set by the service before executing.
|
| | | |
|
| |/
|
|
| |
Follow-up for 923599523c10d8897551e081e6b00cd8002309c3.
|
| |\
| |
| | |
test: add a couple of tests for systemd-network-generator
|
| | |
| |
| |
| | |
Only for ip= stuff, for now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's wait for the "latest" message systemd-bsod prints to the console
to appear, otherwise we might be too fast and take a console snapshot
before it contains all the information:
[ 44.237788] testsuite-04.sh[1744]: + setterm --term linux --dump --file /tmp/console.dump
[ 44.246089] systemd-bsod[1858]: QR code could not be printed, ignoring: Operation not supported
[ 44.305692] testsuite-04.sh[1744]: + grep -aq 'The current boot has failed' /tmp/console.dump
[ 44.308047] testsuite-04.sh[1744]: + grep -aq 'Service emergency message' /tmp/console.dump
[ 44.311200] testsuite-04.sh[1744]: + grep -aq 'Press any key to exit' /tmp/console.dump
[ 44.314359] testsuite-04.sh[1744]: + at_exit
[ 44.315087] testsuite-04.sh[1744]: + local EC=1
[ 44.315945] testsuite-04.sh[1744]: + [[ 1 -ne 0 ]]
[ 44.316647] testsuite-04.sh[1744]: + [[ -e /tmp/console.dump ]]
[ 44.318305] testsuite-04.sh[1744]: + cat /tmp/console.dump
[ 44.319320] testsuite-04.sh[1871]: The current boot has failed!
[ 44.319970] testsuite-04.sh[1871]: Service emergency message
|
| | |
| |
| |
| | |
Prompted by https://github.com/systemd/systemd/pull/14194#issuecomment-1795489641.
|
| |/ |
|
| |
|
|
|
| |
Bump the LimitFSIZE=, since the process needs to write quite a lot of
.gcda files, and suppress coverage errors with DynamicUser=true.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Rename generic_array_bisect_one() -> generic_array_bisect_step(), as there
is also generic_array_bisect_plus_one(), so the original name is confusing.
- Make generic_array_bisect_step() return TEST_GOTO_NEXT or TEST_GOTO_PREVIOUS
when the current array does not contain any matching entries.
- Make generic_array_bisect_step() symmetric with respect to the direction
we are going to, except for the journal corruption handling.
- Make generic_array_bisect_step() gracefully handle journal corruptions,
so the corruption handling in the caller side can be mostly dropped.
- Especially, when the last entry in an array is corrupted, previously
we tried to find a valid entry sequentially from the end of the array,
but now we anyway bisect the array. That should improve performance of
reading corrupted journal files.
- Return earlier when no entry linked to the chained array (n == 0).
- Add many comments.
No behavior change unless journal is corrupted.
|
| |
|
|
|
| |
Also, use a /dev/disk/by-id/ symlink to the device, which should be
predictable, unlike the /dev/nvmeX stuff.
|
| |
|
|
|
| |
Add some basic tests for systemd-bsod, mainly to have something to build on
for #29056.
|
| |
|
|
|
|
|
|
| |
Let's put this back in, as it could help with occasional machine lock ups
on overloaded systems (and it didn't help with the original issue
anyway).
This reverts commit 3a89904e45cbbd96fb1c5d0768de5e5fcdaaa508.
|
| |
|
|
| |
Support confexts for portable services
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before confext was added, hierarchies always existed in extensions. Now
they are optional - i.e., a sysext will not contain /etc/. So mixing a
confext and a sysext fails, as we'll try to create an overlay with /etc/
from the base, the confext and the sysext, but the latter doesn't have
the directory.
After the source images are mounted, check that each hierarchy exists in
each source image before creating the overlay, and drop them if they
don't.
Follow-up for 55ea4ef096543
|
| |\
| |
| | |
new pcrlock tool for generating signed PCR policies for PCR 0, 1, 4, …
|
| | |
| |
| |
| | |
(Contains various test additions added by @mrc0mmand)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Introduce a new env variable $SYSTEMD_NSPAWN_CHECK_OS_RELEASE, that can
be used to disable the os-release check for bootable OS trees. Useful
when trying to boot a container with empty /etc/ and bind-mounted /usr/.
Resolves: #29185
|
| |/
|
|
|
| |
We use 80- for default .network files. So, the generated files from the
kernel command line should have smaller prefix.
|
| |\
| |
| | |
resolved: make sure "resolvectl monitor" can properly deal with stub …
|
| | |
| |
| |
| | |
Provides coverage for #29580.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
| |
The test intentionally checks for -BPF_FRAMEWORK so we run the test case
(and fail) even if we rename the feature flag.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
When running with --build-dir= we need to copy over udev rules from
$BUILD_DIR/udev.d/ and $SOURCE_TREE/udev.d/ to make stuff work as
expected.
|
