Zbigniew Jędrzejewski-Szmek [Fri, 1 Mar 2019 15:08:55 +0000 (16:08 +0100)]
Merge pull request #11243 from poettering/nspawn-root-overlay
add systemd-nspawn --volatile=overlay support, as well as the same for host systems
Lennart Poettering [Fri, 1 Mar 2019 14:02:09 +0000 (15:02 +0100)]
Merge pull request #11701 from poettering/discover-bls
sd-boot,bootctl,gpt-auto: support Extended Boot Loader Partition
Lennart Poettering [Fri, 21 Dec 2018 23:51:13 +0000 (00:51 +0100)]
man: document new systemd.volatile=overlay kernel command line option
Lennart Poettering [Fri, 21 Dec 2018 20:45:46 +0000 (21:45 +0100)]
man: document nspawn's new --volatile=overlay switch
Lennart Poettering [Thu, 20 Dec 2018 15:01:57 +0000 (16:01 +0100)]
copy: don't synthesize a 'user.crtime_usec' xattr on copy unless explicitly requested
Previously, when we'd copy an individual file we'd synthesize a
user.crtime_usec xattr with the source's creation time if we can
determine it. As the creation/birth time was until recently not
queriable form userspace this effectively just propagated the same xattr
on the source to the same xattr on the destination. However, current
kernels now allow to query the birthtime using statx() and we do make
use of that now. Which means that suddenly we started synthesizing these
xattrs much more regularly.
Doing this actually does make sense, but only in very few cases:
not for the typical regular files we copy, but certainly when dealing
with disk images. Hence, let's keep this kind of propagation, but let's
make it a flag and default to off. Then turn it on whenever we deal with
disk images, and leave it off otherwise.
This is particularly relevant as overlayfs combining a real fs, and a
tmpfs on top will result in EOPNOTSUPP when it is attempted to open a
file with xattrs for writing, as tmpfs does not support xattrs, and
hence the copy-up cannot work. Hence, let's avoid synthesizing this
needlessly, to increase compat with overlayfs.
Lennart Poettering [Thu, 20 Dec 2018 14:18:38 +0000 (15:18 +0100)]
gpt-auto-generator: use new /run/systemd/volatile-root symlink as fallback when we otherwise cannot determine root device node
Lennart Poettering [Thu, 20 Dec 2018 14:15:43 +0000 (15:15 +0100)]
gpt-auto-generator: rename open_parent() → open_parent_devno() so that we can include fs-util.h later
As that header also defines a function open_parent() which does
something different.
Lennart Poettering [Thu, 20 Dec 2018 09:13:35 +0000 (10:13 +0100)]
volatile-root: export original root
Lennart Poettering [Wed, 19 Dec 2018 16:30:13 +0000 (17:30 +0100)]
volatile-root: add overlay mode for host boots, too
Lennart Poettering [Wed, 19 Dec 2018 14:04:08 +0000 (15:04 +0100)]
volatile-root: fail if we can't parse specified parameter
Lennart Poettering [Wed, 19 Dec 2018 14:03:47 +0000 (15:03 +0100)]
volatile-root: add missing logging to volatile-root
Lennart Poettering [Wed, 19 Dec 2018 13:52:26 +0000 (14:52 +0100)]
volatile-util: tweak query_volatile_mode() a bit
Lennart Poettering [Fri, 21 Dec 2018 22:37:00 +0000 (23:37 +0100)]
nspawn: rework how arg_read_only is initialized in --volatile= mode
Previously, we'd refuse the combination, and claimed we'd imply it, but
actually didn't. Let's allow the combination and imply read-only from
--volatile=, because that's what's documented, what we claim we do, and
what makes sense.
Lennart Poettering [Fri, 21 Dec 2018 22:33:44 +0000 (23:33 +0100)]
nspawn: refactor how we determine whether it's OK to write to /etc
Lennart Poettering [Wed, 19 Dec 2018 00:03:52 +0000 (01:03 +0100)]
nspawn: no need to make top-level directory a bind mount if we just dissected an image
Lennart Poettering [Wed, 19 Dec 2018 00:02:47 +0000 (01:02 +0100)]
nspawn: slightly reorder mount logic
Let's first setup the volatile logic, and only then mount secondary
partitions of the image in.
Lennart Poettering [Wed, 19 Dec 2018 00:02:06 +0000 (01:02 +0100)]
nspawn: add --volatile=overlay support
Fixes: #11054 #3847
Lennart Poettering [Wed, 19 Dec 2018 00:01:46 +0000 (01:01 +0100)]
nspawn: fix an error path
Lennart Poettering [Tue, 18 Dec 2018 23:09:57 +0000 (00:09 +0100)]
nspawn: add volatile mode multiplexer call setup_volatile_mode()
Just some refactoring, no change in behaviour.
Lennart Poettering [Tue, 18 Dec 2018 23:01:22 +0000 (00:01 +0100)]
nspawn: explicitly refuse mounts over /
Previously this would fail later on, but let's filter this out at the
time of parsing.
Lennart Poettering [Mon, 28 Jan 2019 18:54:09 +0000 (19:54 +0100)]
update TODO
Lennart Poettering [Tue, 12 Feb 2019 15:22:31 +0000 (16:22 +0100)]
man: document XBOOTLDR partition logic in bootctl's man page
Lennart Poettering [Tue, 12 Feb 2019 15:13:57 +0000 (16:13 +0100)]
man: document XBOOTLDR search logic for sd-boot
Lennart Poettering [Tue, 12 Feb 2019 15:06:21 +0000 (16:06 +0100)]
man: extend systemd-gpt-auto-generator with XBOOTLDR info
Lennart Poettering [Tue, 12 Feb 2019 15:05:55 +0000 (16:05 +0100)]
docs: enclose all uuids in ``
Lennart Poettering [Tue, 12 Feb 2019 13:39:34 +0000 (14:39 +0100)]
meson: sort header list again
Lennart Poettering [Fri, 8 Feb 2019 16:19:15 +0000 (17:19 +0100)]
mkosi: let's update the boot loader also in /efi
This is after all where we preferable mount the ESP today.
Lennart Poettering [Fri, 8 Feb 2019 16:18:48 +0000 (17:18 +0100)]
bootspec: stat() on an autofs mount point doesn't trigger it, let's hence do it explicitly
Lennart Poettering [Fri, 8 Feb 2019 15:51:58 +0000 (16:51 +0100)]
stub: don't override LoaderDevicePartUUID EFI var
We document and all our code assumes that LoaderDevicePartUUID is
initialized to the ESP's UUID. Let's hence not override the variable if
it is already set, in order to not confuse userspace if the kernel's EFI
image is run from a different partition than the ESP.
This matches behaviour for all other variables set by the EFI stub, in
particular the closely related LoaderImageIdentifier variable.
Lennart Poettering [Fri, 8 Feb 2019 15:49:09 +0000 (16:49 +0100)]
stub: don't ask for variable data we actually don't care about
Let's take benefit of the fact that efivar_get_xyz() take NULL pointers
for the return data: let's shorten the code a bit.
Lennart Poettering [Fri, 8 Feb 2019 15:46:51 +0000 (16:46 +0100)]
stub: fix GUID to check EFI vars in
Our own variables are in the the "loader" GUID namespace, but our code
so far checked the "global" GUID namespace (i.e. EFI's own), before
setting the variables. Correct that, so that we always check the right
namespace for existing variables before we write them.
Lennart Poettering [Fri, 8 Feb 2019 15:23:40 +0000 (16:23 +0100)]
efi: beef up efivar_get_xyz() to accept NULL return values
Lennart Poettering [Fri, 8 Feb 2019 12:05:55 +0000 (13:05 +0100)]
sd-boot: don't print error string where there's no error code known
Lennart Poettering [Fri, 8 Feb 2019 12:04:41 +0000 (13:04 +0100)]
sd-boot: also look for boot loader entries in the XBOOTLDR partition
The specification always said so, let's actually implement this.
Unfortunately UEFI's own APIs don't allow us to search for partition
type GUID, hence we have to implement a minimal GPT parser ourselves.
Lennart Poettering [Fri, 8 Feb 2019 12:03:26 +0000 (13:03 +0100)]
sd-boot: don't dereference NULL ptr if loaded_image_path is NULL
In a follow-up commit we'd like to invoke config_entry_add_from_file()
on partitions that are not the ESP, let's prepare fpr that and allow
loaded_image_path to be passed as NULL.
Lennart Poettering [Wed, 6 Feb 2019 17:07:50 +0000 (18:07 +0100)]
sd-boot: pass device handle to config_entry_add_linux()
This makes the code a bit simpler (after all the call is not interested
in the loaded image, just where it is found), and more like
config_load_entries() which takes the same arguments.
This also makes things easier for us later on, when we add support for
discovering images in $XBOOTLDR partitions.
Lennart Poettering [Wed, 6 Feb 2019 16:53:43 +0000 (17:53 +0100)]
bootspec: only sort entries list once
Instead of re-sorting entries list each time we loaded enrties from a
specific source, let's just sort them once at the end.
Lennart Poettering [Wed, 6 Feb 2019 16:49:37 +0000 (17:49 +0100)]
bootspec: also look for boot loader spec type 2 entries (i.e. unified kernel images)
sd-boot reads them, and hence we should from our userspace side too
Lennart Poettering [Wed, 6 Feb 2019 16:48:40 +0000 (17:48 +0100)]
bootctl: properly handle readdir() errors
Lennart Poettering [Tue, 5 Feb 2019 18:15:21 +0000 (19:15 +0100)]
bootctl: let's make sure we always add empty line after EFI binary output
Let's make sure we output another "\n", even if we fail this function,
so that the output we started is separated properly from what is
following.
Lennart Poettering [Tue, 5 Feb 2019 18:11:31 +0000 (19:11 +0100)]
bootspec: use verify_fsroot_dir() in verify_xbootldr() too
Let's share some code between verify_xbootldr() and verify_esp().
Lennart Poettering [Tue, 5 Feb 2019 18:02:03 +0000 (19:02 +0100)]
bootspec: also optoinally validate XBOOTLDR partition with udev insteado of blkid
Lennart Poettering [Tue, 5 Feb 2019 17:52:24 +0000 (18:52 +0100)]
bootspec: split out code that validates whether directory is top-level dir of fs
Let's add a new function that checks whether some directory is the
top-level directory inside an fs, splitting out the code for this from
verify_esp().
While we are at it, let's slightly improve the code, so that we can
correctly work if we have no priviliges but the ESP is mounted
unaccessible: if we can't stat() the path "$ESP/.." then manually remove
the last component of $ESP and check that instead. Which is very similar
in behaviour, and hopefully good enough in the unprivileged case.
Lennart Poettering [Tue, 5 Feb 2019 17:45:41 +0000 (18:45 +0100)]
bootspec: if unprivileged validate partition data with udev rather than blkid directly
udev metadata access works unprivileged, which the blkid stuff doesn't
(as that needs raw device node access). Hence let's use udev if we lack
privs, and raw device access only if root.
Lennart Poettering [Tue, 5 Feb 2019 17:17:01 +0000 (18:17 +0100)]
bootspec: also split out XBOOTLDR partition blkid code into its own function
Lennart Poettering [Wed, 30 Jan 2019 17:24:59 +0000 (18:24 +0100)]
bootspec: split out ESP blkid validation into function of its own
This makes it easier to add an alternative implementation for this that
uses sd-device instead of blkid directly.
Lennart Poettering [Tue, 29 Jan 2019 11:01:36 +0000 (12:01 +0100)]
bootspec: add comment explaining verify_esp() return codes
Lennart Poettering [Mon, 28 Jan 2019 19:08:34 +0000 (20:08 +0100)]
bootspec: use SYNTHETIC_ERRNO() where appropriate
Lennart Poettering [Wed, 23 Jan 2019 16:05:15 +0000 (17:05 +0100)]
boot-bless: port over to new $BOOT discovery calls
Lennart Poettering [Wed, 23 Jan 2019 15:59:28 +0000 (16:59 +0100)]
bootctl: output where we found $BOOT
Lennart Poettering [Wed, 23 Jan 2019 15:18:29 +0000 (16:18 +0100)]
bootctl: teach bootctl the new partition type
Lennart Poettering [Mon, 28 Jan 2019 17:56:53 +0000 (18:56 +0100)]
bootspec: load entries from both the ESP and XBOOTLDR partitions
Let's simply search in both.
Lennart Poettering [Mon, 28 Jan 2019 18:30:42 +0000 (19:30 +0100)]
systemctl: add missing OOM checks
Lennart Poettering [Mon, 28 Jan 2019 18:30:30 +0000 (19:30 +0100)]
systemctl: use SYNTHETIC_ERRNO() where appropriate
Lennart Poettering [Mon, 28 Jan 2019 17:47:01 +0000 (18:47 +0100)]
systemctl: drop arg_esp_path variable from systemctl
It's not set ever (and there's no real need to make it settable, since
users can as well set $SYSTEMD_ESP_PATH to configure this.
Lennart Poettering [Mon, 28 Jan 2019 16:57:41 +0000 (17:57 +0100)]
bootspec: store 'root' field in each bootspec entry we load
This 'root' field contains the root path of the partition we found the
snippet in. The 'kernel', 'initrd', 'efi', … fields are relative to this
path.
This becomes particularly useful later when we add support for loading
snippets from both the ESP and XBOOTLDR, but already simplifies the code
for us a bit in systemctl.
Lennart Poettering [Wed, 23 Jan 2019 13:19:40 +0000 (14:19 +0100)]
bootspec: add internal APIs to discover the XBOOTLDR partition
Lennart Poettering [Wed, 23 Jan 2019 12:19:41 +0000 (13:19 +0100)]
gpt-auto: also load the boot loader partition during regular boots
Lennart Poettering [Wed, 23 Jan 2019 10:53:28 +0000 (11:53 +0100)]
dissect: when mounting an image mount the XBOOTLDR partition to /boot
Previously, we'd mount the ESP to /efi if that existed and was empty,
falling back to /boot if that existed and was empty.
With this change, the XBOOTLDR partition is mounted to /boot
unconditionally. And the EFI is mounted to /efi if that exists (but it
doesn't have to be empty — after all the name is very indicative of what
this is supposed to be), and to /boot as a fallback but only if it
exists and is empty (we insist on emptiness for that, since it might be
used differently than what we assume).
The net effect is that $BOOT should be reliably found under /boot, and
the ESP is either /efi or /boot.
(Note that this commit only is relevant for nspawn and suchlike, i.e.
the codepaths that mount an image without involving udev during boot.)
Lennart Poettering [Wed, 23 Jan 2019 10:34:31 +0000 (11:34 +0100)]
dissect: automatically detect boot loader spec $BOOT partition
The boot loader spec supports two places to store boot loader
configuration: the ESP and a generic replacement for it in case the ESP
is not available or not suitable. Let's look for both.
Lennart Poettering [Tue, 22 Jan 2019 19:57:11 +0000 (20:57 +0100)]
gpt: add definition for boot loader spec partition
As listed in the boot loader spec since a long time:
https://systemd.io/BOOT_LOADER_SPECIFICATION#technical-details
Lennart Poettering [Mon, 28 Jan 2019 16:33:08 +0000 (17:33 +0100)]
bootctl: safety check for regular file when reading EFI images
Lennart Poettering [Mon, 28 Jan 2019 16:32:46 +0000 (17:32 +0100)]
bootctl: use SYNTHETIC_ERRNO() where appropriate
Lennart Poettering [Wed, 23 Jan 2019 15:59:57 +0000 (16:59 +0100)]
dissect: use SYNTHETIC_ERRNO() where appropriate
Lennart Poettering [Mon, 28 Jan 2019 16:32:04 +0000 (17:32 +0100)]
bootspec: use SYNTHETIC_ERRNO() at one more place
Lennart Poettering [Mon, 28 Jan 2019 16:34:17 +0000 (17:34 +0100)]
bootspec: update log message, to indicate the error is ignored
Lennart Poettering [Wed, 23 Jan 2019 15:08:55 +0000 (16:08 +0100)]
fs-util: add new helper syncfs_path()
Lennart Poettering [Wed, 6 Feb 2019 16:48:21 +0000 (17:48 +0100)]
env-file: (void)ify an unlink() call
Lennart Poettering [Fri, 1 Mar 2019 10:00:06 +0000 (11:00 +0100)]
json: don't call va_end() twice in json_build()
This was apparently left-over when json_buildv() was added, and
json_build() just became a wrapper for it.
Martin Pitt [Fri, 1 Mar 2019 09:01:09 +0000 (10:01 +0100)]
semaphoreci: Run subset of autopkgtests in LXC (#11814)
Run build/test in LXC for now, as full nested QEMU is too brittle right
now: https://github.com/semaphoreci/semaphore/issues/37
But this at least runs some tests. It ensures that systemd generally
works in containers, as well as provides some backup results if the main
Ubuntu CI is down.
Lennart Poettering [Thu, 28 Feb 2019 18:04:04 +0000 (19:04 +0100)]
Merge pull request #11852 from keszybz/coverity-memory-issues
Two small fixes for memory issues found by coverity
Lennart Poettering [Thu, 28 Feb 2019 17:57:26 +0000 (18:57 +0100)]
Merge pull request #11856 from xtopherwong/new-time-zone-list
Use new time zone list
Lennart Poettering [Thu, 28 Feb 2019 17:56:48 +0000 (18:56 +0100)]
Merge pull request #11857 from rossburton/acrn
virt: detect the ACRN hypervisor
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 16:48:41 +0000 (17:48 +0100)]
Merge pull request #11834 from martinpitt/network-test-fixes
networkd-test fix/improvement
Ross Burton [Thu, 28 Feb 2019 15:36:50 +0000 (15:36 +0000)]
man: add ACRN hypervisor
Jörg Sommer [Thu, 28 Feb 2019 14:53:40 +0000 (15:53 +0100)]
Better C code formatting of arguments in Emacs
In [PR#11696][1] it came up that the formatting of continued arguments should
follow the default Emacs style. To ensure this happens when someone has changed
his setting in her private config, the value should be set by *dir-locals.el*.
[1]: https://github.com/systemd/systemd/pull/11696#pullrequestreview-
205463987
Lennart Poettering [Thu, 28 Feb 2019 15:17:59 +0000 (16:17 +0100)]
Merge pull request #11853 from keszybz/man-rules-update
man/rules update
Ross Burton [Wed, 30 Jan 2019 16:40:41 +0000 (16:40 +0000)]
virt: detect the ACRN hypervisor
Add magic string and enumeration for the ACRN hypervisor
(https://projectacrn.org).
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 14:38:16 +0000 (15:38 +0100)]
test-time-util: use standard intro and print timezones read from file
The asserts are OK, but it's also nice to see the list by eye.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 14:37:06 +0000 (15:37 +0100)]
README: mention that we need tzdata >= 2014f
zone1970.tab was added in that version. Not that it makes sense to use
outdata timezone tables, but people do strange things.
C.f. https://github.com/nodatime/nodatime/issues/319.
Theo Ouzhinski [Thu, 28 Feb 2019 13:42:28 +0000 (08:42 -0500)]
man/shutdown: Fix grammar
Christopher Wong [Thu, 28 Feb 2019 13:22:42 +0000 (14:22 +0100)]
Use new time zone list
When systemd retrieve the time zone it read what is in the file
/usr/share/zoneinfo/zone.tab provided by the Time Zone Database.
According to the comments in zone.tab its content is for backward-
compatibility aid for older programs. New programs should use
zone1970.tab. This patch replaces zone.tab with zone1970.tab.
Lennart Poettering [Mon, 25 Feb 2019 10:02:46 +0000 (11:02 +0100)]
sd-bus: deal with cookie overruns
Apparently this happens IRL. Let's carefully deal with issues like this:
when we overrun, let's not go back to zero but instead leave the highest
cookie bit set. We use that as indication that we are in "overrun
territory", and then are particularly careful with checking cookies,
i.e. that they haven't been used for still outstanding replies yet. This
should retain the quick cookie generation behaviour we used to have, but
permits dealing with overruns.
Replaces: #11804
Fixes: #11809
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 12:09:58 +0000 (13:09 +0100)]
man: create .so links for sd_bus_close_{unref,unrefp}
Follow-up for
bd62b7448623fbe36665e089977731efb55524c0.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 12:06:52 +0000 (13:06 +0100)]
meson: remove workaround for old meson bug with command quoting
Those bugs were fixed a long time ago. Let's take advantage of this and use the
usual $() syntax.
Lennart Poettering [Thu, 28 Feb 2019 11:02:08 +0000 (12:02 +0100)]
Merge pull request #11840 from yuwata/network-route-onlink
network: enable GatewayOnLink= if no static address is configured
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 10:57:51 +0000 (11:57 +0100)]
udev-builtin-usb_id: guard against overflow when reading descriptor data
CID#996458. Coverity warns that we trust desc->bLength as read in
the input data to adjust our position in the buffer. This value could
be anything, leading to overflow. It's unlikely that the kernel feeds
us invalid data, but let's me more careful.
If any error is encountered, more logs are given.
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 10:40:44 +0000 (11:40 +0100)]
udev-builtin-usb_id: use strjoina to simplify code
Zbigniew Jędrzejewski-Szmek [Thu, 28 Feb 2019 10:29:38 +0000 (11:29 +0100)]
shared/install: do not use a temporary variable outside of its scope
Coverity says:
> Pointer to local outside scope (RETURN_LOCAL)9.
> use_invalid: Using dirs, which points to an out-of-scope temporary variable of type char const *[5].
And indeed, the switch statement forms a scope. Let's use an if to
avoid creating a scope.
Yu Watanabe [Thu, 28 Feb 2019 05:02:33 +0000 (14:02 +0900)]
fuzz: do not assume the existence of /sys/class/net/lo
Hopefully fixes oss-fuzz#13440.
Yu Watanabe [Thu, 28 Feb 2019 01:57:20 +0000 (10:57 +0900)]
network: wrap long lines
Yu Watanabe [Thu, 28 Feb 2019 01:56:33 +0000 (10:56 +0900)]
network: simplify config_parse_lifetime()
Yu Watanabe [Thu, 28 Feb 2019 01:54:17 +0000 (10:54 +0900)]
network: avoid address section freed
Otherwise, if HomeAddress= or friends are specified at the first line of
a section, then its assignment will be ignored.
Yu Watanabe [Thu, 28 Feb 2019 01:39:14 +0000 (10:39 +0900)]
network: cleanup logging in route related config parsers
Yu Watanabe [Thu, 28 Feb 2019 01:37:58 +0000 (10:37 +0900)]
network: do not override previously specified family
Yu Watanabe [Wed, 27 Feb 2019 10:10:47 +0000 (19:10 +0900)]
test-network: add testcase for #1850
Yu Watanabe [Wed, 27 Feb 2019 09:41:49 +0000 (18:41 +0900)]
network: enable GatewayOnLink= if Gateway= without static address configured
And warn about that.
But this only done if GatewayOnLink= is not specified. When it is
explicitly disabled, then the flag will not be set.
Yu Watanabe [Thu, 28 Feb 2019 01:10:38 +0000 (10:10 +0900)]
network: save GatewayOnLink= value as tristate in Route
This should not change any behavior. But used in the later commit.
Yu Watanabe [Wed, 27 Feb 2019 09:22:40 +0000 (18:22 +0900)]
network: relax the .network file check
Previously, if a .networ file contains invalid [Address] or [Route]
section, then the file is completely dropped. This makes networkd
just drops invalid sections.
Yu Watanabe [Wed, 27 Feb 2019 08:43:08 +0000 (17:43 +0900)]
network: rename GatewayOnlink= to GatewayOnLink=
But still GatewayOnlink= is supported for backward compatibility.