NeilBrown [Thu, 6 Jul 2017 02:53:41 +0000 (12:53 +1000)]
fstab-generator: fix new NULL dereference. (#6296)
fstype can be NULL, particularly when called from add_sysroot_mount(),
so we need to use STRPTR_IN_SET().
Zbigniew Jędrzejewski-Szmek [Wed, 5 Jul 2017 14:27:58 +0000 (10:27 -0400)]
Merge pull request #6236 from yuwata/mount-loop
systemd-mount: support discovery of loop backing file
Yu Watanabe [Thu, 29 Jun 2017 05:53:49 +0000 (14:53 +0900)]
systemd-mount: support relative paths
Yu Watanabe [Wed, 5 Jul 2017 12:55:39 +0000 (21:55 +0900)]
systemd-mount: support unmounting devices on remote host
The commit
9017f5d88d5061487de53f00a1a8c0a83e41e760 prohibits
to unmount devices on remote host. This makes reenable such feature.
Yu Watanabe [Wed, 5 Jul 2017 12:54:40 +0000 (21:54 +0900)]
systemd-mount: support discovery of loop backing file
```
$ suro systemd-mount /path/to/disk.img
Started unit run-media-system-disk.img.mount for mount point: /run/media/system/disk.img
```
Closes #6226.
Mike Gilbert [Wed, 5 Jul 2017 03:22:47 +0000 (23:22 -0400)]
test-fs-util: re-order test_readlink_and_make_absolute and test_get_files_in_directory (#6288)
test_readlink_and_make_absolute switches to a temp directory, and then
removes it.
test_get_files_in_directory calls opendir(".") from a directory that has
been removed from the filesystem.
This call sequence triggers a bug in Gentoo's sandbox library. This
library attempts to resolve the "." to an absolute path, and aborts when
it ultimately fails to do so.
Re-ordering the calls works around the issue until the sandbox library
can be fixed to more gracefully deal with this.
Bug: https://bugs.gentoo.org/590084
Giedrius Statkevičius [Tue, 4 Jul 2017 21:51:02 +0000 (00:51 +0300)]
systemctl: print next timer trigger time with the status verb (#6242)
It is useful to know when a timer will trigger next when looking at a
timer status message so calculate and print that information.
Closes #5738.
Example output:
$ systemctl status dnf-makecache.timer
● dnf-makecache.timer - dnf makecache timer
Loaded: loaded (/usr/lib/systemd/system/dnf-makecache.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2017-07-04 17:24:02 EDT; 24min ago
Trigger: Tue 2017-07-04 18:15:56 EDT; 27min left
Benjamin Robin [Tue, 4 Jul 2017 21:42:20 +0000 (23:42 +0200)]
basic: Fix build warning in random-util (#6284)
Franck Bui [Tue, 4 Jul 2017 15:41:09 +0000 (17:41 +0200)]
gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280)
fstab_has_fstype() returns '1' if fstab contains the passed fstype, not '0'.
NeilBrown [Tue, 4 Jul 2017 07:47:40 +0000 (17:47 +1000)]
fstab-generator: handle NFS "bg" mounts correctly. (#6103)
When "bg" is specified for NFS mounts, and if the server is
not accessible, two behaviors are possible depending on networking
details.
If a definitive error is received, such a EHOSTUNREACH or ECONNREFUSED,
mount.nfs will fork and continue in the background, while /bin/mount
will report success.
If no definitive error is reported but the connection times out
instead, then the mount.nfs timeout will normally be longer than the
systemd.mount timeout, so mount.nfs will be killed by systemd.
In the first case the mount has appeared to succeed even though
it hasn't. This can be confusing. Also the background mount.nfs
will never get cleaned up, even if the mount unit is stopped.
In the second case, mount.nfs is killed early and so the mount will
not complete when the server comes back.
Neither of these are ideal.
This patch modifies the options when an NFS bg mount is detected to
force an "fg" mount, but retain the default "retry" time of 10000
minutes that applies to "bg" mounts.
It also imposes "nofail" behaviour and sets the TimeoutSec for the
mount to "infinity" so the retry= time is allowed to complete.
This provides near-identical behaviour to an NFS bg mount started directly
by "mount -a". The only difference is that systemd will not wait for
the first mount attempt, while "mount -a" will.
Fixes #6046
Lennart Poettering [Tue, 4 Jul 2017 07:43:07 +0000 (09:43 +0200)]
Merge pull request #6274 from keszybz/etags-ctags
meson: ctags support
Peter Hutterer [Tue, 4 Jul 2017 07:41:46 +0000 (17:41 +1000)]
udev: move the KEY_* defines to missing.h (#6278)
Дамјан Георгиевски [Tue, 4 Jul 2017 07:40:59 +0000 (09:40 +0200)]
fix add_esp() in the gpt-auto-generator.c (#6251)
b9088048b15cd21242b2308498fa865f864bfe45 seems to have broke it
fstab_is_mount_point() returns `true` (1) if the mount point exists and `false` (0) if it doesn't exist.
the change in
b9088048 considered that if fstab_is_mount_point() returns 0
the mount point exists.
Lennart Poettering [Tue, 4 Jul 2017 07:39:56 +0000 (09:39 +0200)]
Merge pull request #6255 from keszybz/property-escaping
Proper property escaping
Christian Hesse [Tue, 4 Jul 2017 07:38:31 +0000 (09:38 +0200)]
core: link user keyring to session keyring (#6275)
Commit
74dd6b515fa968c5710b396a7664cac335e25ca8 (core: run each system
service with a fresh session keyring) broke adding keys to user keyring.
Added keys could not be accessed with error message:
keyctl_read_alloc: Permission denied
So link the user keyring to our session keyring.
Zbigniew Jędrzejewski-Szmek [Tue, 4 Jul 2017 01:29:14 +0000 (21:29 -0400)]
Merge pull request #6258 from vcaputo/overflow
fix strxcpyx null termination overflows
Zbigniew Jędrzejewski-Szmek [Sun, 2 Jul 2017 16:37:42 +0000 (12:37 -0400)]
test-strxcpyx: add test for strpcpyf overflow
This fails before 'strxcpyx: don't overflow dest on strpcpyf truncate'.
Thomas H. P. Andersen [Mon, 3 Jul 2017 21:35:05 +0000 (23:35 +0200)]
NEWS: typo fixes (#6276)
Lennart Poettering [Mon, 3 Jul 2017 18:13:18 +0000 (20:13 +0200)]
build-sys: fix automake build
Lennart broke the automake build in
d4cbada2a95667c4d5d4310298bfcb446b1357b5. Let's fix that again, to
unfuck the CIs.
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 16:52:25 +0000 (12:52 -0400)]
Merge pull request #6271 from poettering/resolved-switching
downgrade DNS server switching log messages + NEWS fixes
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 16:42:29 +0000 (12:42 -0400)]
meson: add support for ctags
This is a squash of casync commits
https://github.com/systemd/casync/commit/
02fbbdb2b9a926a695a3ede7f3e3c17b9779db1a
(by Silvio Fricke)
and https://github.com/systemd/casync/commit/
b687a94b1e24df73d32f8cdcee29f3c00eae69c9.
Instead of checking during every meson config whether etags are
available, just try to call them and error out if not. This has
the advantage that the target is always available (if git is installed),
and the error message gives a hint what needs to be installed.
The naming is confusing, but etags(1) is pretty clear:
- emacs expects TAGS file in etags format
- vi expects tags file in ctags format
and automake docs are pretty clear too:
- tags target generates TAGS file
- ctags target generates tags file
Michal Soltys [Mon, 3 Jul 2017 16:38:13 +0000 (18:38 +0200)]
vconsole: search for usable source console (#6180)
When vconsole-setup is called without arguments, search for a usable
console instead of using /dev/tty0.
/dev/tty0 — pointing to the current active console — it not necessarily
usable and in such case vconsole-setup would exit with failure. In particular
when systemd-vconsole-setup.service was restarted from within an X
session, it always failed.
If the function searching for a usable source terminal fails, the first
encountered error is returned to the caller.
Closes #5367.
Additional changes:
- true/false functions with 'is_ prefix are renamed to functions with
'verify_vc_' prefix and return 0 on success and negative error on
failure
- O_NOCTTY flag is used when opening terminals
Matthew Garrett [Fri, 30 Jun 2017 18:27:47 +0000 (11:27 -0700)]
sd-boot: stub: Obtain PE section offsets from RAM, not disk (#6250)
In a Secure Boot scenario the stub loader will have been validated
before execution. A malicious drive could then change the data returned
in future reads, resulting in the loader obtaining incorrect section
offsets and (for instance) allowing the command line to be modified.
Pull that information out of the in-RAM representation of the loader
instead in order to avoid this.
Fixes: #6230
(Lennart did some minor coding style fixes, and renamed pefile.c → pe.c,
as suggested by Kay, given that the file now contains a function whose
name doesn't match the filename as prefix anymore.)
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 15:05:20 +0000 (11:05 -0400)]
units: use Requires in systemd-networkd-wait-online.service (#6065)
In the initial design, foobar-wait-online.service would have
Requisite=foobar.service, so that foobar-wait-online.service could be enabled
unconditionally, irrespective of whether foobar.service itself is enabled.
Unfortunately this doesn't work too well:
1. the message about foobar-wait-online.service being skipped because of a
"missing dependency" *looks* like an is problem. This is mostly cosmetic,
but it also quite confusing. We generally don't want any messages of this
type during default boot.
2. it is impossible to start and wait for the network in an
implementation-agnostic way: systemctl start network-online.target, or
Wants/After=network-online.target in a unit don't work because pulling in
network-online.target pulls in foobar-wait-online.service, but it in turn
does not pull in foobar.service. During startup, foobar.service is pulled in
by multi-user.target, but not in a smaller transaction which does not
include multi-user.target.
This change means that *-wait-online.service should be installed through
presets, so that it can be enabled/disabled at will by the administrator.
Our own systemd-networkd-wait-online.service does this already, and
similar change has been requested for NetworkManager-wait-online.service
(https://bugzilla.redhat.com/show_bug.cgi?id=1455704).
This change should by mostly backwards-compatible, unless somebody has some
wait-online.service enabled, without having the corresponding network
implementation enabled, and they are relying on it not being started. I think
that's relatively unlikely because of issue 1. above, and I'm not aware of this
being the default in any distro. And being able to start the network in an
implementation-agnostic way is pretty important, see
https://bugzilla.redhat.com/show_bug.cgi?id=1452866.
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 14:33:42 +0000 (10:33 -0400)]
man: remove unnecessary "the"
Lennart Poettering [Mon, 3 Jul 2017 14:11:16 +0000 (16:11 +0200)]
Merge pull request #6231 from keszybz/man-nss-resolved
man: describe the relationship between nss-myhostname and nss-resolved
Vito Caputo [Sun, 2 Jul 2017 09:09:06 +0000 (02:09 -0700)]
strxcpyx: assert throughout on non-NULL src/dest
Vito Caputo [Sun, 2 Jul 2017 09:01:59 +0000 (02:01 -0700)]
strxcpyx: don't overflow dest on strpcpyf truncate
When vsnprintf() truncated output, dest was advanced by the entire
size of dest leaving it just past the end. Then the fall-through \0
termination scribbled one past the end. The explicit null termination
is not necessary since vsnprintf() always includes the terminator even
when truncated.
Additionally these functions encourage calling with zero-length sizes,
while assuming non-zero sizes with potential buffer overflows.
Simply short-circuit the relevant functions when size == 0.
Fixes https://github.com/systemd/systemd/issues/6252
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2017 20:49:15 +0000 (16:49 -0400)]
bus-util: replace non-printable values with [unprintable]
Like I said in the previous commit, such values do not seem to appear in normal
use, but it's pretty hard to prove that all paths to assign values properly
check that they contain no spaces. So just in case some slip through, replace
values with spaces (in case of single-valued properties) or spaces and newlines
(in case of array proprties) with "[unprintable]". We were already doing it
in case of properties which we didn't know how to print, so this fits in well.
The advantage is the previous code which used escaping that a) this is easier
to spot, b) does not mess up printing of properties which were properly escaped
already.
v2:
- add comments
Franck Bui [Mon, 3 Jul 2017 12:48:21 +0000 (14:48 +0200)]
automount: don't lstat(2) upon umount request (#6086)
When umounting an NFS filesystem, it is not safe to lstat(2) the mountpoint at
all as that can block indefinitely if the NFS server is down.
umount() will not block, but lstat() will.
This patch therefore removes the call to lstat(2) and defers the handling of
any error to the child process which will issue the umount call.
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 12:29:32 +0000 (08:29 -0400)]
Parse "timeout=0" as infinity in various generators (#6264)
This extends
2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel
command line parsing.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
Simple test is added.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
Lennart Poettering [Mon, 3 Jul 2017 09:47:30 +0000 (11:47 +0200)]
Merge pull request #6235 from mbiebl/var-log-lastlog
tmpfiles: create /var/log/lastlog if it does not exist
Lennart Poettering [Mon, 3 Jul 2017 09:40:42 +0000 (11:40 +0200)]
Merge pull request #6233 from keszybz/man-locale-vconsole
Small doc updates for 00-keyboard.conf, vconsole.conf, locale.conf
Lennart Poettering [Mon, 3 Jul 2017 09:22:38 +0000 (11:22 +0200)]
git-contrib: drop weird non-breaking spaces
For some reason git shortlog spits out non-breaking spaces, let's remove
that, as for our purposes (inclusion in NEWS) we really want breaking
(i.e. normal) spaces.
Lennart Poettering [Mon, 3 Jul 2017 09:20:04 +0000 (11:20 +0200)]
resolved: downgrade log messages about switching DNS servers
As suggested in:
https://github.com/systemd/systemd/commit/
496ae8c84b2d3622bc767a727e3582e2b6bcffcd#commitcomment-
22819483
Let's drop some noise from the logs, as switching between DNS servers is
definitely useful for debugging, but shouldn't get more attention that
that.
Lennart Poettering [Mon, 3 Jul 2017 09:19:20 +0000 (11:19 +0200)]
NEWS: tweak contributors list a bit
Let's add more .mailmap entries to clean up GitHub's mess.
Lennart Poettering [Mon, 3 Jul 2017 08:48:28 +0000 (10:48 +0200)]
Merge pull request #6257 from keszybz/unnecessary-job-log
core: do not print color console message about gc-ed jobs
Lennart Poettering [Mon, 3 Jul 2017 08:43:00 +0000 (10:43 +0200)]
Merge pull request #6218 from poettering/v234-pre
preparation for v234
Peter Hutterer [Mon, 3 Jul 2017 08:03:22 +0000 (18:03 +1000)]
udev: define BTN_DPAD_RIGHT if not present (#6267)
Regression introduced in commit b876bc0 when building on systemds with a pre
3.11 headers (RHEL7 and derivatives).
All the DPAD defines were introduced in the same kernel commit
d09bbfd2a8408a9954, we don't need a separate ifdef check for right.
Fixes #6240
Zbigniew Jędrzejewski-Szmek [Mon, 3 Jul 2017 05:59:49 +0000 (01:59 -0400)]
nspawn: wait for the scope to be created (#6261)
Fixes #6253.
Zbigniew Jędrzejewski-Szmek [Sun, 2 Jul 2017 17:37:27 +0000 (13:37 -0400)]
man: add zypper instructions for systemd-nspawn
v2:
- add -c and update the list of packages
v3:
- link to a man page on mankier.com
hadess [Sun, 2 Jul 2017 20:59:44 +0000 (22:59 +0200)]
hwdb: Add SNES Mouse plugged through Retrode 2 (#6263)
Note that this will only work with the new "hid-retrode" driver in the
upcoming 4.12 kernel as otherwise the mouse events and the 4 joypad
ports are bundled into a single event node.
Zbigniew Jędrzejewski-Szmek [Sun, 2 Jul 2017 16:03:25 +0000 (12:03 -0400)]
Be slightly more verbose in error message
Including the full path is always useful.
Also use PID_FMT in one more place.
Zbigniew Jędrzejewski-Szmek [Sun, 2 Jul 2017 14:23:07 +0000 (10:23 -0400)]
core/loopback-setup: make log messages nicer
Under nspawn, systemd would print:
Got address error code: Operation not permitted
Got address error code: Operation not permitted
Got start error code: Operation not permitted
which is quite unclear out of context. Change that to:
Failed to add address 127.0.0.1 to loopback interface: Operation not permitted
Failed to add address ::1 to loopback interface: Operation not permitted
Failed to bring loopback interface up: Operation not permitted
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2017 23:05:36 +0000 (19:05 -0400)]
core: do not print color console message about gc-ed jobs
This is just a cosmetic issue.
Garbage collection of jobs (especially the ones that we create automatically)
is something of an internal implementation detail and should not be made
visible to the users. But it's probably still useful to log this in the
journal, so the code is rearranged to skip one of the messages if we log to the
console and the journal separately, and to keep the message if we log
everything to the console.
Fixes #6254.
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2017 20:17:12 +0000 (16:17 -0400)]
Revert "bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks"
This reverts commit
27e9c5af817147ea1c678769e45e83f2e4b4ae96.
Property values already use escaping, so escaping them a second time is
confusing. It also should be mostly unnecessary: we take care to make property
values only contains strings which (after the initial escaping) are printable
and parseable without any futher escaping.
Before revert:
$ systemctl list-dependencies 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
● ├─dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.swap
● └─systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
$ systemctl show -p Wants,Requires 'dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device'
Requires=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
Wants=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.swap
Difference between systemctl show before revert and now:
-Slice=system-systemd\x5cx2dcryptsetup.slice
+Slice=system-systemd\x2dcryptsetup.slice
-Id=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Id=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Names=systemd-cryptsetup@luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.service
+Names=systemd-cryptsetup@luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.service
-Requires=system-systemd\x5cx2dcryptsetup.slice
+Requires=system-systemd\x2dcryptsetup.slice
-BindsTo=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device dev-disk-by\x5cx2duuid-
8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+BindsTo=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device dev-disk-by\x2duuid-
8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
-RequiredBy=dev-mapper-luks\x5cx2d8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device cryptsetup.target
+RequiredBy=dev-mapper-luks\x2d8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device cryptsetup.target
-WantedBy=dev-disk-by\x5cx2duuid-
8db85dcf\x5cx2d6230\x5cx2d4e88\x5cx2d940d\x5cx2dba176d062b31.device
+WantedBy=dev-disk-by\x2duuid-
8db85dcf\x2d6230\x2d4e88\x2d940d\x2dba176d062b31.device
Zbigniew Jędrzejewski-Szmek [Fri, 30 Jun 2017 17:36:42 +0000 (13:36 -0400)]
NEWS: mention that logind is restartable
Zbigniew Jędrzejewski-Szmek [Fri, 30 Jun 2017 17:20:23 +0000 (13:20 -0400)]
mailmap: some additions for recent commits
Zbigniew Jędrzejewski-Szmek [Fri, 30 Jun 2017 17:05:56 +0000 (13:05 -0400)]
Merge pull request #6194 from keszybz/urandom-magic
Fall back to /dev/urandom less and other random number improvements.
Susant Sahani [Fri, 30 Jun 2017 16:55:21 +0000 (16:55 +0000)]
ethtool: fix half-duplex / full-duplex confusion (#6209)
The values that we used for half-duplex and full-duplex in ethtool_set_glinksettings were
reversed wrt. what the kernel uses.
NeilBrown [Fri, 30 Jun 2017 16:51:33 +0000 (02:51 +1000)]
core/automount: revise the "fun fact" comments. (#6245)
Fun fact 1 suggests that a "close()" is needed, but that close() has long since been
removed. So the comment in now meaningless and possibly confusing.
Fun fact 2 refers to a bug that has been fixed in Linux prior to v4.12
Commit:
9fa4eb8e490a ("autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL")
so revise the comment so that no-one goes pointlessly looking for the bug.
Zbigniew Jędrzejewski-Szmek [Thu, 29 Jun 2017 02:29:41 +0000 (22:29 -0400)]
man: add more detail about quoting in ExecStart lines
Fixes #624.
Lars Karlitski [Fri, 30 Jun 2017 09:57:13 +0000 (11:57 +0200)]
man: fix spelling error of sd_bus_error_set_const (#6246)
hramrach [Fri, 30 Jun 2017 00:23:58 +0000 (02:23 +0200)]
Include dpad buttons in joystick detection (#6240)
Since
f472d466ec26 ("Remove BTN_DPAD_* keys from ID_INPUT_KEY test
(#5701)") dpad buttons are excluded from keyboard keys for keyboard
detection.
Include them in joystick buttons for joystick detection.
Michael Biebl [Thu, 29 Jun 2017 05:57:35 +0000 (07:57 +0200)]
tmpfiles: create /var/log/lastlog if it does not exist
Create /var/log/lastlog the same way we create utmp and wtmp.
This is useful for stateless systems where /var is volatile and a
missing /var/log/lastlog otherwise creates error messages like
Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Fixes #6234
AsciiWolf [Thu, 29 Jun 2017 02:54:12 +0000 (04:54 +0200)]
units: use https for the freedesktop url (#6227)
Zbigniew Jędrzejewski-Szmek [Thu, 29 Jun 2017 02:47:55 +0000 (22:47 -0400)]
man: mention localed and localectl in locale.conf(5) and vconsole.conf(5)
Fixes #295.
(We cannot add a comment to either of those files because they are documented
to "only support variable assignments", so it's better to add an explanation
in the man page instead.)
Zbigniew Jędrzejewski-Szmek [Thu, 29 Jun 2017 02:34:36 +0000 (22:34 -0400)]
localed: improve the comment in 00-keyboard.conf
Zbigniew Jędrzejewski-Szmek [Thu, 29 Jun 2017 00:43:37 +0000 (20:43 -0400)]
man: describe the relationship between nss-myhostname and nss-resolved
Fixes #1605.
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jun 2017 20:01:18 +0000 (16:01 -0400)]
Revert "resolved: drop unnecessary comparison (#6220)"
This reverts commit
d718d20225bd631360ca5502b873278416616a03.
Yu Watanabe [Wed, 28 Jun 2017 18:19:38 +0000 (03:19 +0900)]
systemd-mount: support unmounting loop devices by backing files (#6211)
This makes `systemd-umount` or `systemd-mount -u` support unmounting
loop devices by the corresponding backing files, like
`systemd-mount --umount /tmp/foo.img /tmp/bar.img`
Fixes #6206.
Lennart Poettering [Wed, 28 Jun 2017 17:29:45 +0000 (19:29 +0200)]
Only drop the capabilities from the bounding set if we are running as PID1 (#6204)
The CapabilityBoundingSet option only makes sense if we are running as
PID1.
The system.conf.d(5) manpage, already states that the CapabilityBoundingSet
option:
Controls which capabilities to include in the capability bounding set
for PID 1 and its children.
https://github.com/systemd/systemd/issues/6080
Lennart Poettering [Wed, 28 Jun 2017 17:27:40 +0000 (19:27 +0200)]
udev: never ask libblkid for detecting superblocks with bad checksums (#6215)
Previously, we'd ask liblkid to also tell us about recognized
superblocks with bad checksums. We'd then log about them and ignore
them. This however created ambuigity problems, see #6110: the
BLKID_SUBLKS_BADCSUM is not as innocent as it appears.
This patch drops bad checksum handling and we ignore all such superblocks
entirely again, as it was the status quo ante
d47f6ca5f9b7a0b400d8bdb050151a0284fb4bdb (where this was snuck in).
Ideally, libblkid would be changed to avoid this ambiguity problems for
bad checksums, but that's not going to happen any time soon, according
to @karelzak.
Fixes: #6110
Lennart Poettering [Wed, 28 Jun 2017 17:22:46 +0000 (19:22 +0200)]
nspawn: register a scope for the unit if --register=no is specified (#6166)
Previously, only when --register=yes was set (the default) the invoked
container would get its own scope, created by machined on behalf of
nspawn. With this change if --register=no is set nspawn will still get
its own scope (which is a good thing, so that --slice= and --property=
take effect), but this is not done through machined but by registering a
scope unit directly in PID 1.
Summary:
--register=yes → allocate a new scope through machined (the default)
--register=yes --keep-unit → use the unit we are already running in an register with machined
--register=no → allocate a new scope directly, but no machined
--register=no --keep-unit → do not allocate nor register anything
Fixes: #5823
Lennart Poettering [Wed, 28 Jun 2017 17:20:16 +0000 (19:20 +0200)]
sd-bus: never augment creds when we are operating on remote connections (#6217)
It's not always clear when something is a remote connection, hence only
flag the obvious cases as local.
Fixes: #6207
Stefan Schweter [Wed, 28 Jun 2017 17:18:37 +0000 (19:18 +0200)]
man: update reference for binfmt documentation (#6223)
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jun 2017 16:24:37 +0000 (12:24 -0400)]
resolved: drop unnecessary comparison (#6220)
mtu is always greater than UDP_PACKET_HEADER_SIZE at this point.
Pointed out by Benjamin Robin.
Michael Biebl [Wed, 28 Jun 2017 15:40:12 +0000 (17:40 +0200)]
Merge pull request #6222 from keszybz/input-id-rules-installation
build-sys: fix installation of new 60-input-id.rules
Zbigniew Jędrzejewski-Szmek [Wed, 28 Jun 2017 15:19:33 +0000 (11:19 -0400)]
build-sys: fix installation of new 60-input-id.rules
Fixup for
38887d1bd5eb037a532279b2b75d6a87ce381419.
Zbigniew Jędrzejewski-Szmek [Sun, 25 Jun 2017 22:01:02 +0000 (18:01 -0400)]
tests: add test-random-util
In case you're wondering: 16 aligns in a nice pyramid.
Zbigniew Jędrzejewski-Szmek [Sun, 25 Jun 2017 21:09:05 +0000 (17:09 -0400)]
basic/random-util: do not fall back to /dev/urandom if getrandom() returns short
During early boot, we'd call getrandom(), and immediately fall back to
reading from /dev/urandom unless we got the full requested number of bytes.
Those two sources are the same, so the most likely result is /dev/urandom
producing some pseudorandom numbers for us, complaining widely on the way.
Let's change our behaviour to be more conservative:
- if the numbers are only used to initialize a hash table, a short read is OK,
we don't really care if we get the first part of the seed truly random and
then some pseudorandom bytes. So just do that and return "success".
- if getrandom() returns -EAGAIN, fall back to rand() instead of querying
/dev/urandom again.
The idea with those two changes is to avoid generating a warning about
reading from an /dev/urandom when the kernel doesn't have enough entropy.
- only in the cases where we really need to make the best effort possible
(sd_id128_randomize and firstboot password hashing), fall back to
/dev/urandom.
When calling getrandom(), drop the checks whether the argument fits in an int —
getrandom() should do that for us already, and we call it with small arguments
only anyway.
Note that this does not really change the (relatively high) number of random
bytes we request from the kernel. On my laptop, during boot, PID 1 and all
other processes using this code through libsystemd request:
74780 bytes with high_quality_required == false
464 bytes with high_quality_required == true
and it does not eliminate reads from /dev/urandom completely. If the kernel was
short on entropy and getrandom() would fail, we would fall back to /dev/urandom
for those 464 bytes.
When falling back to /dev/urandom, don't lose the short read we already got,
and just read the remaining bytes.
If getrandom() syscall is not available, we fall back to /dev/urandom same
as before.
Fixes #4167 (possibly partially, let's see).
Zbigniew Jędrzejewski-Szmek [Sun, 25 Jun 2017 21:32:53 +0000 (17:32 -0400)]
basic/random-util: use most of the pseudorandom bytes from rand()
The only implementation that we care about — glibc — provides us
with 31 bits of entropy. Let's use 24 bits of that, instead of throwing
all but 8 away.
Lennart Poettering [Wed, 28 Jun 2017 07:10:56 +0000 (09:10 +0200)]
Merge pull request #6214 from keszybz/resolved-packet-size
Resolved packet size
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 23:07:23 +0000 (19:07 -0400)]
Merge pull request #6099 from hramrach/master
Enable mapping button events on keyboard.
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 22:34:18 +0000 (18:34 -0400)]
Merge pull request #6202 from poettering/condition-first-boot-doc
some documentation updates
Lennart Poettering [Tue, 27 Jun 2017 21:24:21 +0000 (23:24 +0200)]
Merge pull request #6210 from poettering/input-mask
logind: make use of EVIOCSMASK input ioctl to mask out events we aren…
Lennart Poettering [Tue, 27 Jun 2017 21:14:53 +0000 (23:14 +0200)]
update hwdb in preparation for v234
Lennart Poettering [Tue, 27 Jun 2017 21:11:26 +0000 (23:11 +0200)]
build-sys: bump versions in prepare for v234
Lennart Poettering [Tue, 27 Jun 2017 21:06:55 +0000 (23:06 +0200)]
start preparing NEWS file for 234
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 20:59:06 +0000 (16:59 -0400)]
resolved: define various packet sizes as unsigned
This seems like the right thing to do, and apparently at least some compilers
warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 18:20:00 +0000 (14:20 -0400)]
resolved: do not allocate packets with minimum size
dns_packet_new() is sometimes called with mtu == 0, and in that case we should
allocate more than the absolute minimum (which is the dns packet header size),
otherwise we have to resize immediately again after appending the first data to
the packet.
This partially reverts the previous commit.
Lennart Poettering [Tue, 27 Jun 2017 20:10:38 +0000 (22:10 +0200)]
Merge pull request #5930 from larskarlitski/journal-skip
journal: return 0 from _skip() when skip is 0
Kai Krakow [Sat, 13 May 2017 10:30:56 +0000 (12:30 +0200)]
resolved: Recover from slow DNS responses
When DNS is unreliable temporarily, the current implementation will
never improve resend behavior again and switch DNS servers only late
(current maximum timeout is 5 seconds).
We can improve this by biasing the resend_timeout back to the current
RTT when a successful response was received. Next time, a timeout is hit
on this server, it will switch to the next server faster.
Fixes: #5953
Lennart Poettering [Mon, 26 Jun 2017 17:23:54 +0000 (19:23 +0200)]
man: extend Before=/After= documentation a bit
let's clarify what the order actually means for service units.
Fixes: #6097
Lennart Poettering [Mon, 26 Jun 2017 17:23:21 +0000 (19:23 +0200)]
man: improve documentation of ExecStartPost= a bit
Let's make clear what start-up really means in this case.
See: #6097
Lennart Poettering [Mon, 26 Jun 2017 17:11:09 +0000 (19:11 +0200)]
man: be more precise on the ConditionFirstBoot= documentation
Fixes: #5696
Lennart Poettering [Tue, 27 Jun 2017 18:28:56 +0000 (20:28 +0200)]
Merge pull request #5976 from fbuihuu/swap-fix
Swap fix
Lennart Poettering [Tue, 27 Jun 2017 14:14:30 +0000 (16:14 +0200)]
logind: relax udev rules matching devices logind watches for
Now that we have support for key/switch masking in logind, we can relax
the rules by which logind picks the devices to watch a bit, after all we
won't wake up anymore for every single event, but instead only the
events we actually care about.
This should make power/suspend keys on normal usb/atkbd keyboards just
work.
Lennart Poettering [Tue, 27 Jun 2017 15:46:28 +0000 (17:46 +0200)]
logind: filter out input devices that have none of the keys/switche we care about
Let's check what keys are there, before we actually hang on to the
opened devices.
Lennart Poettering [Mon, 26 Jun 2017 19:35:12 +0000 (21:35 +0200)]
logind: make use of EVIOCSMASK input ioctl to mask out events we aren't interested in
This way logind will get woken up only when an actual event took place,
and not for every key press on the system.
The ioctl EVIOCSMASK was added by @dvdhrm already in October 2015, for
the use in logind, among others, hence let's actually make use of it
now.
While we are at it, also fix usage of the EVIOCGSW ioctl, where we
assumed a byte array, even though a unsigned long native endian array is
returned.
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jun 2017 20:07:57 +0000 (16:07 -0400)]
resolved: simplify alloc size calculation
The allocation size was calculated in a complicated way, and for values
close to the page size we would actually allocate less than requested.
Reported by Chris Coulson <chris.coulson@canonical.com>.
CVE-2017-9445
Zbigniew Jędrzejewski-Szmek [Sun, 18 Jun 2017 19:53:15 +0000 (15:53 -0400)]
test-resolved-packet: add a simple test for our allocation functions
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 15:41:09 +0000 (11:41 -0400)]
Merge pull request #6067 from ssahani/networkctl
networkctl: display address labels
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 14:30:41 +0000 (10:30 -0400)]
Add networkctl label to man and shell completion
Susant Sahani [Mon, 26 Jun 2017 17:58:10 +0000 (23:28 +0530)]
networkctl: display address labels
```
./networkctl label
Prefix/Prefixlen Label
::/0 1
fc00::/7 5
fec0::/10 11
2002::/16 2
3ffe::/16 12
2001:10::/28 7
2001::/32 6
::ffff:0.0.0.0/96 4
::/96 3
::1/128 0
```
Zbigniew Jędrzejewski-Szmek [Tue, 27 Jun 2017 14:11:21 +0000 (10:11 -0400)]
Merge pull request #6201 from poettering/bus-driver-creds
shortcut credential querying of the "org.freedesktop.DBus" bus driver pseudo-service
Michal Suchanek [Thu, 15 Jun 2017 10:50:05 +0000 (12:50 +0200)]
hwdb: weed out key defines which do not designate events
The defines
KEY_MAX
KEY_CNT
KEY_MIN_INTERESTING
BTN_MISC
BTN_MOUSE
BTN_JOYSTICK
BTN_GAMEPAD
BTN_DIGI
BTN_WHEEL
BTN_TRIGGER_HAPPY
mark start/end of key blocks and do not designate events.
Exclude them from the list of recognized key events.
Michal Suchanek [Wed, 14 Jun 2017 15:15:36 +0000 (17:15 +0200)]
input_id: fix button detection
Due to remapping some devices might not have the first button.
Check whole button range.
Michal Suchanek [Mon, 12 Jun 2017 12:09:55 +0000 (14:09 +0200)]
input_id: fix detection of devices with mouse buttons
Assign ID_INPUT_MOUSE property to devices with mouse buttons and no axis.
Libinput tries to use libwacom on devices with tablet-pad capability
which are detected by ID_INPUT_TABLET_PAD=1 property so assign pointer
class by setting ID_INPUT_MOUSE=1 to devices with mouse buttons and let
libwacom override the class for Wacom pads.
Michal Suchanek [Mon, 12 Jun 2017 11:43:05 +0000 (13:43 +0200)]
rules: move input_id rule to a separate file
This places the input_id call after the evdev hwdb calls. With this the
hwdb fixups in evdev can affect the device capabilities assigned in
input_id.
Remove the ID_INPUT_KEY dependency in atkbd rule because it is now not
assigned at this point.