git-history.diyao.me Git - systemd/.git/log

hwdb: run "update-hwdb"

hwdb: make sure "ninja update-hwdb" works on f35

let's restore compatibility with pyparsing from fedora 35, i.e.:

python3-pyparsing-2.4.7-9.fc35.noarch

(cherry picked from commit 133a0003691daafaefa378f770ae01d01931787d)

hwdb: fix parser to work with newer pyparsing

The handling of whitespace in pyparsing is a bother. There's some
global state, and per-element state, and it's hard to get a handle on
things. With python3-pyparsing-2.4.7-10.fc36.noarch the grammar would
not match. After handling of tabs was fixed to not accept duplicate tabs,
the grammar passes.

It seems that the entry for usb:v8087p8087*
was generated incorrectly because we treated the interface line
(with two TABs) as a device line (with one TAB).

(cherry picked from commit f73d6895872cb9caffc523e1eddc53c9b98cfdec)

manager: prohibit clone3() in seccomp filters

RestrictNamespaces should block clone3() like flatpak:
https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330

clone3() passes arguments in a structure referenced by a pointer, so we can't
filter on the flags as with clone(). Let's disallow the whole function call.

(cherry picked from commit 30193fe817d262bd64b9a271534792046f19d7f5)

nspawn: fix --ephemeral with --machine

Follow-up for https://github.com/systemd/systemd/commit/2362fdde1bd4bf54772383ef29431f683729ba76

When --machine is specified with --ephemeral, no random suffix is added, so
the recently added assert would fail.

Add a top-level variable with the expected file name for nspawn files, and
compute it when the rest of the names are computed.

(cherry picked from commit 3603f15171bbc2d650a8942714f6a6a900fb7c60)

nspawn: fix locating config files with --ephemeral

When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.

Fixes https://github.com/systemd/systemd/issues/13297

(cherry picked from commit 2362fdde1bd4bf54772383ef29431f683729ba76)

resolve: fix typo in dns_class_is_pseudo()

(cherry picked from commit 98e5a6c93c6fcf94ba24dfb666c743ea35124290)

sd-ipv4acd: actually drop the arp packet from one of the host interface

Fixes a bug in 7f77917c0effe92d5fed52503bceddabcb4667ba.

Fixes #23001.

(cherry picked from commit 239adf03846ae2174d7db9a243a6eda4c2e2f165)

sd-event: make inotify event work after the process is forked

(cherry picked from commit fbae50904fdd906137c3d1a50b340ce011a3969f)

sd-event: do not kill a child process from another child

(cherry picked from commit 86587c93b01ffa14ffdfff3cdf5ba0bfb555d839)

sd-event: do not update signal fd after PID is changed

Otherwise, child event source will not work after the process is forked
and the event source is unref()ed on the child process.

(cherry picked from commit 01e6af737494c9790edcc5521ea8c668565b797f)

sd-event: set pid to event source after all setup processes finished

Otherwise, the assertion in source_disconnect() may be triggered,

(cherry picked from commit 54988a27b9d1487e1690f94b79031ef61edd6651)

sd-event: rebreak comments

(cherry picked from commit 91c700713fef9af5b9f719e7968d7ce35c3e8f37)

core: fix dm-verity auto-discovery in MountImageUnit()

The implementation of MountImageUnit()/systemctl mount-image was
changed to use a /proc/self/fd path as the source, but that causes
the dm-verity files autodiscovery to fail, as it looks for files
in the same directory as the image.

Use the original file path when setting up dm-verity.

(cherry picked from commit cedf5b1aef4da2443f00eef2c242c8b005071aca)

analyze: Fix verify exit status regression

Previously, systemd-analyze verify would return 0 even if warnings
were raised during analysis of the specified units or their
dependencies. With 3cc3dc7, verify was changed to return 1 when
warnings were raised.

This commit changes the default mode to _RECURSIVE_ERRORS_INVALID
so that verify returns zero again by default when warnings are
raised.

(cherry picked from commit cae7c282721ce13fc1405fc834382d3177a9b83d)

hwdb: fix parsing options

Fixes #22976.

(cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c)

core: command argument can be longer than PATH_MAX

Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4.

Fixes #22957.

(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e)

network: ignore all errors in loading .network files

This partially reverts 9202b567bcdd0c1f6a1fc2a5f36602e619960813.

Fixes #22954.

(cherry picked from commit 036a8d503f101e4d6c5da556c36f9033e3b2f167)

analyze: fix offline check for syscal filter

The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good

Fixes https://github.com/systemd/systemd/issues/22914

(cherry picked from commit dd51e725df9aec2847482131ef601e0215b371a0)

analyze: fix offline check for 'native' syscall architecture

Enum values are stored in the set, not strings

(cherry picked from commit 1449b0f8a96b272547e405913b37715cbbe4768a)

missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing

MOVE_MOUNT_T_EMPTY_PATH has been added to systemd 250 by [1]
but it's defined in kernel headers since version 5.2.

[1] c7bf079bbc19e3b409acc0c7acc3e14749211fe2

(cherry picked from commit 608c3b0293cac3cbb037b2d15c0a0f1e247eb71e)

journal-remote: refuse to specify --trust option when gnutls is disabled

and check_permission() should not be called in that case.

Replaces #22847.

(cherry picked from commit f7adeaeb897f6d24c50250e2d5fdc9797964b81e)

calendarspec: fix possibly skips next elapse

If the time unit changes after adding the repetition value, the
timer may skip the next elapse. This patch reset sub time units
to minimum value when upper unit is changed.

Fixes #22665.

(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c)

copy: use FLAGS_SET() in copy_xattr()

(cherry picked from commit e394a6fc096dbacdfdd8ecada01642a3a4e402c6)

journal: preserve acls when rotating user journals with NOCOW attribute set

When restoring the COW flag for journals on BTRFS, the full journal contents
are copied into new files. But during these operations, the acls of the
previous files were lost and users were not able to access to their old
journal contents anymore.

(cherry picked from commit 11ee11dbb34587edcde5020c5baf1402dcc4ffdf)

macro: account for negative values in DECIMAL_STR_WIDTH()

With negative numbers we wouldn't account for the minus sign, thus
returning a string with one character too short, triggering buffer
overflows in certain situations.

(cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d)

network: enable KeepConfiguration= when running on network filesystem

Also, set KeepConfiguration=dhcp-on-stop by default when running in
initrd.

Fixes #21967.

(cherry picked from commit ea853de57dd84a2173cd60e2ecec1b8c978e04f3)

stat-util: introduce path_is_network_fs()

(cherry picked from commit 4e247216e58ff26f10a2af13d290465f0a65a501)

network-generator: rename DHCP_TYPE_DHCP -> DHCP_TYPE_DHCP4

To emphasize this is DHCPv4. No behavior is changed.

(cherry picked from commit 318a53d10a65708df9ee48016e41be91a708c4fe)

hwdb: Add AV production access to Elgado Stream Deck devices

The Stream Deck products from Elgato are simple key pads
intended to be used as macro pads. They're popular within
the streaming community.

This commit adds all 5 Stream Deck variants available to
the AV production file.

See https://www.elgato.com/en/stream-deck

(cherry picked from commit e982320b44486b26c4d39f7c81012f6a0e2aaf77)

Add AV production controllers to hwdb and add uaccess

This adds support for AV production controller devices, such
as DJ tables, music-oriented key pads, and others.

The USB vendor and product IDs come from Mixxx, Ctlra, and
Ardour.

Fixes #20533

Co-developed-by: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
(cherry picked from commit f2c36c0e2445fa95ba109017d4b768b2fd825c43)

packit: drop bfq patch

Does not apply on v250-stable

packit: build on and use Fedora 36 spec file

It's targeted to the v250 branch, while the rawhide one follows
the newest upstream release, and the command line options are not
compatible

Packit: build SRPMs in Copr

Add srpm_build_deps key to the Packit config to specify needed dependencies for SRPM build
and indicate to build SRPM in Copr.

(cherry picked from commit d15e1a29e3aab04ee79d5e3ec8e1e65fca78e165)

journal-file: if we are going down, don't use event loop to schedule post

The event loop is already shutting down, hence no point in using it
anymore, it's not going to run any further iteration.

(cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89)

journald: make sure SIGTERM handling doesn't get starved out

Fixes: #22642
(cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52)

random-seed: hash together old seed and new seed before writing out file

If we're consuming an on-disk seed, we usually write out a new one after
consuming it. In that case, we might be at early boot and the randomness
could be rather poor, and the kernel doesn't guarantee that it'll use
the new randomness right away for us. In order to prevent the new
entropy from getting any worse, hash together the old seed and the new
seed, and replace the final bytes of the new seed with the hash output.
This way, entropy strictly increases and never regresses.

(cherry picked from commit da2862ef06f22fc8d31dafced6d2d6dc14f2ee0b)

resolved: Allow test-resolved-stream to run concurrently

Since test-resolved-stream brings up a simple DNS server on 127.0.0.1:12345,
only one instance could run at a time, so it would fail when run like
`meson test -C build test-resolved-stream --repeat=1000`.
Similarly, if by chance something is up on port 12345, the test would fail.

To make the test more reliable, run it in an isolated user + network namespace.
If this fails (some distributions disable user namespaces), just run as before.

(cherry picked from commit c76120f1b82f7e1c6a53b1569087db462c21b7d1)

resolved: Read as much as possible per stream EPOLLIN event

In commit 2aaf6bb6e99b0f2bd73e0c49bef9e11a2844bf1a, an issue was fixed where
systemd-resolved could get stuck for multiple seconds waiting for incoming data,
since GnuTLS/OpenSSL can buffer a TLS record, so data could be available, but
no EPOLLIN event would be generated.

To fix this, a somewhat elaborate logic consisting on asking the TLS library
whether it had buffered data, then "faking" an EPOLLIN event was implemented.

However, there is a much simpler solution: Always read as much data as available
(i.e. until we get an event like EAGAIN when trying to read) from the stream
when we get an EPOLLIN event, instead of at most a single packet per event.
This approach does not require asking the TLS library whether it has buffered
data, and the logic is exactly the same for both the TCP and TLS case.

test-resolved-stream is fixed to avoid a latent double free bug.

(cherry picked from commit 839a70c3534ce10ed7a66b5925f4570d88b2b64a)

resolved: Avoid multiple SSL writes per DoT packet

In the DoT case, dns_stream_writev decomposed an iovec into multiple
dnstls_stream_write calls, which resulted in multiple SSL writes and multiple
TLS records. This can be checked from a network capture, e.g. using socat:
socat -v -x openssl-listen:853,reuseaddr,fork,cert=my.cert,key=my.key,verify=0 openssl:8.8.8.8:853

Instead, propagate the iovec as-is into the DoT handling code. For GnuTLS, the
library provides support for buffering ('corking') a record. OpenSSL has no
such facility, so we join the iovec into a single buffer then call SSL_write.

socat capture of `resolvectl -4 query --cache=no example.com` before the commit:

> 2022/01/30 13:35:52.194200  length=2 from=0 to=1
00 28                                            .(
--
> 2022/01/30 13:35:52.194253  length=40 from=2 to=41
1e b2 01 00 00 01 00 00 00 00 00 01 07 65 78 61  .............exa
6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00 00 29  mple.com.......)
ff e4 00 00 00 00 00 00                          ........
--
< 2022/01/30 13:35:52.232798  length=58 from=0 to=57
00 38 1e b2 81 80 00 01 00 01 00 00 00 01 07 65  .8.............e
78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0  xample.com......
0c 00 01 00 01 00 00 53 6f 00 04 5d b8 d8 22 00  .......So..]..".
00 29 02 00 00 00 00 00 00 00                    .)........

socat capture of `resolvectl -4 query --cache=no example.com` after the commit:

> 2022/01/30 13:34:47.598099  length=42 from=504 to=545
00 28 37 86 01 00 00 01 00 00 00 00 00 01 07 65  .(7............e
78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00  xample.com......
00 29 ff e4 00 00 00 00 00 00                    .)........
--
< 2022/01/30 13:34:47.613203  length=58 from=756 to=813
00 38 37 86 81 80 00 01 00 01 00 00 00 01 07 65  .87............e
78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0  xample.com......
0c 00 01 00 01 00 00 52 5e 00 04 5d b8 d8 22 00  .......R^..]..".
00 29 02 00 00 00 00 00 00 00                    .)........

(cherry picked from commit aa892849d50e9dd5da03a628463ccf6c55ff1b44)

resolved: Make event flags logic robust for DoT

Since when handling a DNS over TLS stream, the TLS library can override the
requested events through dnstls_events for handshake/shutdown purposes,
obtaining the event flags through sd_event_source_get_io_events and checking
for EPOLLIN or EPOLLOUT does not really tell us whether we want to read/write
a packet. Instead, it could just be OpenSSL/GnuTLS doing something else.

To make the logic more robust (and simpler), save the flags that tell us
whether we want to read/write a packet, and check them instead of the IO flags.

(& use uint32_t for the flags like in sd_event_source_set_io_events prototype)

(cherry picked from commit eff107736e17bfe43680c42ae39baa3d41fb4715)

resolve: llmnr: fix never hit condition

Previously, the condition in on_stream_io_impl() never hit, as the
read packet is always taken from the stream in the few lines above.

Instead of the dns_stream_complete() under the condition, the stream
is unref()ed in the on_packet callback for LLMNR stream, unlike the
other on_packet callbacks.

That's quite tricky. Also, potentially, the stream may still have
queued packets to write.

This fix the condition, and drops the unref() in the on_packet callback.

C.f. https://github.com/systemd/systemd/pull/22274#issuecomment-1023708449.

Closes #22266.

(cherry picked from commit a5e2a488e83fabf6d8ade7621c2fc3574a8faaa7)

resolve: mention that dns_stream_update() needs to be called after dns_stream_take_read_packet()

Based on the analysis by Joan Bruguera <joanbrugueram@gmail.com>.
See https://github.com/systemd/systemd/pull/22132#discussion_r793951650.

(cherry picked from commit 4aa6129897d2e8de9b275b44270c1c9da745de0e)

resolve: call dns_stream_take_read_packet() in on_stream_io()

As dns_stream_take_read_packet() is called only in on_packet callbacks,
and all on_packet callbacks call it.

(cherry picked from commit 624f907ea9a42930bffb343dd44fbb0e34746cb0)

resolve: make dns_stream_new() take on_packet and complete callbacks

And make on_packet callback mandatory.

(cherry picked from commit 18230451c03a6d20141efbc85341b6a5c6809077)

resolved: Test for DnsStream (plain TCP DNS and DoT)

Tests DnsStream event handling, both for plain TCP DNS and DNS over TLS.

The DoT test requires the "openssl s_server" command line tool to mock a simple
TLS server. Thus the test's TLS part is skipped if openssl it not available.
The test works for both DNS_OVER_TLS_USE_GNUTLS and DNS_OVER_TLS_USE_OPENSSL.

The DoT case fails due to a bug, which is fixed on the next commit.

(cherry picked from commit 726bcd81b965afa3c9cc71f6c7a81b1eefb4bcf5)

resolved: Fix DoT timeout on multiple answer records

When sending multiple DNS questions to a DNS-over-TLS server (e.g. a question
for A and AAAA records, as is typical) on the same session, the server may
answer to each question in a separate TLS record, but it may also aggregate
multiple answers in a single TLS record.
(Some servers do this very often (e.g. Cloudflare 1.0.0.1), some do it sometimes
(e.g. Google 8.8.8.8) and some seem to never do it (e.g. Quad9 9.9.9.10)).

Both cases should be handled equivalently, as the byte stream is the same, but
when multiple answers came in a single TLS record, usually the first answer was
processed, but the second answer was entirely ignored, which caused a 10s delay
until the resolution timed out and the missing question was retried.
This can be reproduced by configuring one of the offending server and running
`resolvectl query google.com --cache=no` a few times.

To be notified of incoming data, systemd-resolved listens to `EPOLLIN` events
on the underlying socket. However, when DNS-over-TLS is used, the TLS library
(OpenSSL or GnuTLS) may read and buffer the entire TLS record when reading the
first answer, so usually no further `EPOLLIN` events will be generated, and the
second answer will never be processed.

To avoid this, if there's buffered TLS data, generate a "fake" EPOLLIN event.
This is hacky, but it makes this case transparent to the rest of the IO code.

(cherry picked from commit 2aaf6bb6e99b0f2bd73e0c49bef9e11a2844bf1a)

test: increase image size

From v251 we split libsystemd-core to save disk space, but
until then we need larger images for the integration tests.

random-util: unify RANDOM_ALLOW_INSECURE and !RANDOM_BLOCK and simplify

RANDOM_BLOCK has existed for a long time, but RANDOM_ALLOW_INSECURE was
added more recently, leading to an awkward relationship between the two.
It turns out that only one, RANDOM_BLOCK, is needed.

RANDOM_BLOCK means return cryptographically secure numbers no matter
what. If it's not set, it means try to do that, but if it fails, fall
back to using unseeded randomness.

This part of falling back to unseeded randomness is the intent of
GRND_INSECURE, which is what RANDOM_ALLOW_INSECURE previously aliased.
Rather than having an additional flag for that, it makes more sense to
just use it whenever RANDOM_BLOCK is not set. This saves us the overhead
of having to open up /dev/urandom.

Additionally, when getrandom returns too little data, but not zero data,
we currently fall back to using /dev/urandom if RANDOM_BLOCK is not set.
This doesn't quite make sense, because if getrandom returned seeded data
once, then it will forever after return the same thing as whatever
/dev/urandom does. So in that case, we should just loop again.

Since there's never really a time where /dev/urandom is able to return
some easily but more with difficulty, we can also get rid of
RANDOM_EXTEND_WITH_PSEUDO. Once the RNG is initialized, bytes
should just flow normally.

This also makes RANDOM_MAY_FAIL obsolete, because the only case this ran
was where we'd fall back to /dev/urandom on old kernels and return
GRND_INSECURE bytes on new kernels. So also get rid of that flag.

Finally, since we're always able to use GRND_INSECURE on newer kernels,
and we only fall back to /dev/urandom on older kernels, also only fall
back to using RDRAND on those older kernels. There, the only reason to
have RDRAND is to avoid a kmsg entry about unseeded randomness.

The result of this commit is that we now cascade like this:

  - Use getrandom(0) if RANDOM_BLOCK.
  - Use getrandom(GRND_INSECURE) if !RANDOM_BLOCK.
  - Use /dev/urandom if !RANDOM_BLOCK and no GRND_INSECURE support.
  - Use /dev/urandom if no getrandom() support.
  - Use RDRAND if we would use /dev/urandom for any of the above reasons
    and RANDOM_ALLOW_RDRAND is set.

(cherry picked from commit 31234fbeec1c4a8e500106dff4779ccaa5baef83)

network: s/confiured/configured/

A quick typo fix I noticed whilst debugging.

(cherry picked from commit e3d1ffcc48dfc72b44f4b63ebe25256698b23958)

wait-online: make manager_link_is_online() return 0 when in unmanaged state

Previously, even if a link is in unmanaged state, the function may
returns positive value. So, even if all managed links are in the configured
sate but do not satisfy the online criteria, e.g., IPv4 address state,
then wait-online finishes with positive value.

This makes the function always return 0 for unmanaged state. So, at
least one managed link must satisfies the online criteria.

This also adds more comments and debugging logs.

Fixes #22246.

(cherry picked from commit cd7fcda54333dc95116a434cffc591f21edddbb2)

wait-online: rename Manager elements

(cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd)

core: do not return 'skipped' when Condition*= fail with StartUnitWithFlags()

Backward incompatible change to avoid returning 'skipped' if a condition causes
a job activation to be skipped when using StartUnitWithFlags().
Job results are broadcasted, so it is theoretically possible that existing
software could get confused if they see this result.

Replaces https://github.com/systemd/systemd/pull/22369

(cherry picked from commit ee3ae55e7537c716530b293c91f3fb9ae22a8049)

memory-id: Work-around incorrect "Number of slots"

In some BIOSes, the "Number of slots or sockets available for Memory
Devices in this array" is incorrectly set to the number of memory array
that's populated.

Work-around this problem by outputting the number of sockets after
having parsed them so that consumers of this data can carry on expecting
an accurate number in this property.

This fixes the number of memory slots advertised for the HP Z600.

See https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1686

(cherry picked from commit d48bf01636d322443f69845da2f40bea70317c92)

TEST-29: do not pass -q to mk/unsquashfs, not supported on CentOS 8

(cherry picked from commit 963c560a2939c79ba9896280cb5660fea64c94cf)

portable: add return parameter to GetImageMetadataWithExtensions

The complaint was that the output array was used for two kinds of data, and the
input flag decided whether this extra data should be included. The flag is
removed, and instead the old method is changed to include the data always as
a separate parameter.

This breaks backward compatibility, but the old method is effectively broken
and does not appear to be used yet, at least in open source code, by
searching on codesearch.debian.net and github.com.

Fixes #22404.

Co-authored-by: Luca Boccassi <bluca@debian.org>
(cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3)

portable: inline one variable declaration

(cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0)

portablectl: reorder if branches to match previous conditional in the same function

One is a ternary op, the other an normal conditional, but they should still use
the same order of branches.

(cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf)

TEST-29: trim output a bit

IIUC, pipefail doesn't matter for a sequence of commands joined with &&, and we
don't have any pipes. And such a failing expression also does not trigger an
exit, so the set +e/set -e were noops.

(cherry picked from commit 13391986b50e76cc58744c44ccb8124e48fd3c3d)

portable: add flag to return extension-releases in GetImageMetadataWithExtensions

Return the name of each extension and the associated extension-release
file, and pretty-print them in 'portablectl inspect', if a new flag
is passed.

$ portablectl inspect --extension app2 --extension app0  minimal app0 app1
(Matching unit files with prefixes 'app0', 'app1'.)
Image:
        /run/portables/minimal.raw
Portable Service:
        n/a
Operating System:
        Debian GNU/Linux 10 (buster)
Extension:
        /run/portables/app2.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Extension:
        /run/portables/app0.raw
        Extension Scope:
                n/a
        Extension Compatibility Level:
                n/a
        Portable Service:
                n/a
        Portable Prefixes:
                n/a
        Operating System:
                n/a (debian 10)
Unit files:
        app0.service

(cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e)

test: accept GC'ed units in newer LVM

Since lvm 2.03.15 the transient units are started without `-r`, thus
disappearing once they finish and breaking the test (which expects them
to remain loaded after finishing). Let's accept `LoadState=not-found` as
a valid result as well to fix this.

Follow-up to: d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4
See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=fbd8b0cf43dc67f51f86f060dce748f446985855

(cherry picked from commit b034f02c628057c30a2136289a1b388a6fb9a737)

test: lvm 2.03.15 dropped the static autoactivation

so install the respective generator only if we're running with older
lvm versions.

See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=ee8fb0310c53ed003a43b324c99cdfd891dd1a7c
(cherry picked from commit d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4)

meson: move files' closing brace to separate line

(cherry picked from commit 2f492a739c5edd09f1c16bc7da84c37a8744121a)

meson: use files() for libudevd_core_sources too

I'm not sure why a plain-text list was used in this case.

(cherry picked from commit b9acb5074e115a3010f8507c6f3d2cad4132aa15)

meson: do not use split() in file lists

The approach to use '''…'''.split() instead of a list of strings was initially
used when converting from automake because it allowed identical blocks of lines
to be used for both, making the conversion easier.

But over the years we have been using normal lists more and more, especially
when there were just a few filenames listed. This converts the rest.

No functional change.

(cherry picked from commit f1b98127ff6320648cc3dc876f3b6a5aa3af204b)

journalctl: advertise --header a bit more

Fixes #2738.

(cherry picked from commit 367a5e8a67bbc2b5e03ca1a3e5a601ef49b5bd2a)

man: describe UNIT=/USER_UNIT=

Fixes 17538.

(cherry picked from commit c1d1742a7f6a65f60dce1a4f22a22d443493757c)

man: tweak description of auto/noauto

I think the current behaviour is stupid: 'x-systemd.automount,noauto' should
mean that we create the units, but don't add .mount or .automount to any targets.
Instead, we completely ignore 'noauto'. But let's at least describe the
implementation.

Text suggested by dpartrid in the bug.

Fixes #21040.

(cherry picked from commit 55fabe92e2efb1a907d4c3c93dc63b96ff5b6860)

man: describe capability checks on the bus

A description of SD_BUS_VTABLE_CAPABILITY is added, and the discussion
on SD_BUS_VTABLE_UNPRIVILEGED in expanded. I think it would be nice
to add longer description of how access is checked (maybe in sd-bus(3)),
but I'm leaving that for later. I think the text that was added here
describes everything, even if tersely.

Fixes #21882.

(cherry picked from commit b4e7d7555e6266ff566a17eb5f616b365771028f)

man: fix formatting of macros in sd_bus_add_object

docbook would convert the newline to a space before the first argument:
SD_BUS_METHOD_WITH_ARGS( member, args, result, handler)

And we need each item in a separate <para>, otherwise they'll all be in
one line.

(cherry picked from commit 3c080282e928a7edfcdb74feb2139ef1ac6f2ad0)

man: say that we ignore ignored options

Fixes #22057.

(cherry picked from commit 382586894b9c09974aa734a1f77d3f6f69126d76)

man: drop outdated info about polkit in pid1

Fixes #22648.

(cherry picked from commit 46d362f406e1a75fc8f924b9b16d5d352be6d081)

devnode-acl: use _cleanup_ to free acl_t

(cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe)

sd-stub: do not print warning if filesystem is not supported

Do not print a warning in case we try to load the file system protocol for an
unsupported file system, just return EFI_SUCCESS instead.

(cherry picked from commit 178d598b5fae36fa9d54c30668771f9c626724f6)

core: check size before mmap

The data type off_t can be 64 on 32 bit systems if they have large
file support. Since mmap expects a size_t with 32 bits as second
argument truncation could occur. At worst these huge files could
lead to mmaps smaller than the previous check for small files.

This in turn shouldn't have a lot of impact because mmap allocates
at page size boundaries. This also made the PAGE_ALIGN call in
open_mmap unneeded. In fact it was neither in sync with other mmap
calls nor with its own munmap counterpart in error path.

If such large files are encountered, which is very unlikely in these
code paths, treat them with the same error as if they are too small.

(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7)

killall: show PID of processes killed in final killing spree

Let's show the PID of killed processes in all cases, to make debugging
easier.

See: https://lists.freedesktop.org/archives/systemd-devel/2022-March/047504.html
(cherry picked from commit 94ce42bcb6288583bfa8995aa705d99a9221f47e)

shared: Add more dlopen() tests

Add dlopen_dw(), dlopen_elf() and dlopen_pcre2() to the dlopen test.
To enable adding dlopen_pcre2(), we move pcre2-dlopen.h/c from
src/journal to src/shared.

(cherry picked from commit ee48779e05831a0ec5e1ba5e7ed5fe92aaca1d9e)

file-hierarchy: Document /sys/fs/cgroup

file-hierarchy does not mention anything about the expected mountpoint
for cgroups. This may lead some software to believe it will need to
search for it (e.g. by scanning mountinfo) rather than just looking in
the canonical location.

Document the canonical mountpoint as /sys/fs/cgroup. Also provide
information on the non-default configurations, but
make it clear that in such configurations if cgroup2 is mounted (hybrid
mode) it won't have resource controllers attached. This will help
software know if it should fall back to /sys/fs/cgroup/unified or just
ignore that case.

(cherry picked from commit c8aeb9d672fac7ac2d1e350431b7b4e734b90a5d)

man: recommend built-in platform.freedesktop_os_release() in our page

Python gained support for reading os-release, let's advertise it a bit more.
Our open-coded example is still useful, but let's not suggest it as the
default implementation.

I added quotes around the printed string because it looks a bit better
this way.

(cherry picked from commit ee6fd6a50922d2b27c97084e1c3f9872d495c273)

test: accept both unpadded and padded partition sizes

Since util-linux/util-linux@921c7da55ec78350e4067b3fd6b7de6f299106ee
libfdisk aligns the last partition (on GPT) for optimal I/O. Let's
account for that.

Fixes: #22606
(cherry picked from commit d490188b8f6da658d8086dd53b7db95735e5cca1)

mkosi: Remove Arch nspawn workaround

This has been fixed so the workaround can be removed.

(cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d)

meson: Drop required libfdisk version to 2.32

We initially pinned this to 2.33 in
e71f5585b9b0580428f9530d0a485265c9c25165 because libfdisk 2.32 in
CentOS 8 didn't have
https://github.com/karelzak/util-linux/commit/2f35c1ead621f42f32f7777232568cb03185b473
backported.

If we check now, we can see it has been backported
(https://git.centos.org/rpms/util-linux/blob/c8s/f/SOURCES/0048-libfdisk-count-gaps-to-possible-size-when-resize.patch)
which means we can drop the required version to 2.32 instead of 2.33.

(cherry picked from commit baec7d782b07414f0c13ba3a0b0b526973e04923)

udev-builtin-input_id: don't label absolute mice as pointing sticks

The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device
with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin
to incorrectly label it as pointing stick (all i2c mice are
tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4).

Fix this by adding a separate variable for absolute pointing
devices like the VMmouse USB mouse or this Getac tablet - this way we
skip the pointing stick check.

See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743
for recordings.

(cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1)

man: various issues reported in #22432

Fixes #22432.

(cherry picked from commit fe003f02dd19b9ae88af0384e5cf4f5934d1e9db)

man/systemd-analyze: split out example to a separate section

It turns out we can't have an Example nested in a list, and every
combination of nesting I tried looked bad either in troff or in html.
The whole example is moved to a separate section.

(cherry picked from commit e6ce19516315138d983ed4b7776d9ebd2fb296d8)

man: adjust command for Fedora installations

glibc now has Suggests:glibc-minimal-langpack, so we don't
need to mention it ourselves.

--repo=… is a nicer alternative to --disablerepo=* --enablerepo=….
It also avoids the issue with quoting.

Let's exclude weak deps, but install systemd-networkd, so the container
can configure networking if necessary.

(cherry picked from commit 8c4db5629c877425b2f46e414a94a8f24280a9d3)

journal-send: close fd on exit when running with valgrind

Fixes an issue reported in #22576.

(cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6)

test-journal-send: close fd opend by syslog()

Fixes an issue reported in #22576.

(cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1)

unit: escape %

Fixes #22601.

(cherry picked from commit 6e4d122ad1db11ca898de183f898f731c4839d4a)

clang-format: we actually typically use 16ch continuation indentation

We use 8 for blocks, and 16 for continuation in most cases afaics, hence
say so in .clang-format too

(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85)

test: fix file descriptor leak in test-psi-util

Fixes an issue reported in #22576.

(cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0)

test: fix file descriptor leak in test-tmpfiles.c

Also fixes a typo in assertion.

Fixes an issure reported in #22576.

(cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff)

test: fix file descriptor leak in test-fs-util

Fixes an issue reported in #22576.

(cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a)

boot: Handle shift and logo keys too

Some firmware supports sending input events for shift and logo keys.
Previously, we would suppress these with EFI_NOT_READY unless
some other key was pressed alongside, but it is really the job of the
caller to decide how to handle these.

Note that for keys that already have a printable shift representation
the reported input event will not have the shift key bits set
(Shift+a is reported as A). Should some firmware turn out to violate the
spec here we can always remove that part.

(cherry picked from commit 3f9973bf368475d1f2f7f587e7af728dd6d84e10)

boot: Properly check status code of console_key_read

In some cases there was a unlikely possibility that we would look
at an uninitialized key value.
Also, returning in case of unexpected input error cases should prevent
infinite looping.

(cherry picked from commit 1cb5d7857b205023a0473ec13df154ae2e254066)

test: fix file descriptor leak in test-oomd-util

Fixes an issue reported in #22576.

(cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba)

test: fix file descriptor leak in test-catalog

Fixes an issue reported in #22576.

(cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b)

test-oomd-util: fix conditional jump on uninitialised value

Fixes #22577.

(cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57)

test-oomd-util: style fixlets

(cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f)

core: really skip automatic restart when a JOB_STOP job is pending

It's not clear why we rescheduled a service auto restart while a stop job for
the unit was pending. The comment claims that the unit shouldn't be restarted
but the code did reschedule an auto restart meanwhile.

In practice that was rarely an issue because the service waited for the next
auto restart to be rescheduled, letting the queued stop job to be proceed and
service_stop() to be called preventing the next restart to complete.

However when RestartSec=0, the timer expired right away making PID1 to
reschedule the unit again, making the timer expired right away... and so
on. This busy loop prevented PID1 to handle any queued jobs (and hence giving
no chance to the start rate limiting to trigger), which made the busy loop last
forever.

This patch breaks this loop by skipping the reschedule of the unit auto restart
and hence not depending on the value of u->restart_usec anymore.

Fixes: #13667
(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332)