Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 10:51:26 +0000 (05:51 -0500)]
Add sd_is_socket_sockaddr (#4885)
Fixes #1188.
Ronny Chevalier [Wed, 14 Dec 2016 10:34:48 +0000 (11:34 +0100)]
Merge pull request #4889 from evverx/fix-test-fs-util-memleak
test-fs-util: fix memleak
Lennart Poettering [Wed, 7 Dec 2016 19:00:31 +0000 (20:00 +0100)]
generator: order fsck service After= the device
Otherwise we might get started too early.
Lennart Poettering [Tue, 29 Nov 2016 21:50:21 +0000 (22:50 +0100)]
core: rework logic to determine when we decide to add automatic deps for mounts
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider
them managed by something else and do not add automatic ordering against
umount.target, local-fs.target, remote-fs.target.
Extrinsic mounts are considered:
- All mounts if we are running in --user mode
- API mounts such as everything below /proc, /sys, /dev, which exist from
earliest boot to latest shutdown.
- All mounts marked as initrd mounts, if we run on the host
- The initrd's private directory /run/initrams that should survive until last
reboot.
This primarily merges a couple of different exclusion lists into a single
concept.
Lennart Poettering [Tue, 29 Nov 2016 20:07:05 +0000 (21:07 +0100)]
core: make sure targets that get a default Conflicts=shutdown.target are also ordered against it
Let's tweak the automatic dependency generation of target units: not only add a
Conflicts= towards shutdown.target but also an After= line for it, so that we
can be sure the new target is not started when the old target is still up.
Discovered in the context of #4733
(Also, exclude dependency generation if for shutdown.target itself. — This is
strictly speaking redundant, as unit_add_two_dependencies_by_name() detects
that and becomes a NOP, but let's make this explicit for readability.)
Lennart Poettering [Thu, 24 Nov 2016 16:47:39 +0000 (17:47 +0100)]
Add a bit of documentation for the various undocumented environment variables we honour
Lennart Poettering [Thu, 24 Nov 2016 16:42:19 +0000 (17:42 +0100)]
util: Fine tune running_in_chroot() a bit
Let's be a bit more careful when detecting chroot() environments, so that we
can discern them from namespaced environments.
Previously this would simply check if the root directory of PID 1 matches our
own root directory. With this commit, we also check whether the namespaces of
PID 1 and ourselves are the same. If not we assume we are running inside of a
namespaced environment instead of a chroot() environment.
This has the benefit that systemctl (which uses running_in_chroot()) will work
as usual when invoked in a namespaced service.
Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 04:24:42 +0000 (23:24 -0500)]
Merge pull request #4806 from poettering/keyring-init
set up a per-service session kernel keyring, and store the invocation ID in it
Zbigniew Jędrzejewski-Szmek [Wed, 14 Dec 2016 03:30:07 +0000 (22:30 -0500)]
Merge pull request #4727 from poettering/exec-bind
More namespace improvements
Evgeny Vereshchagin [Wed, 14 Dec 2016 00:31:53 +0000 (00:31 +0000)]
test-fs-util: fix memleak
Fixes:
```
$ ./libtool --mode=execute valgrind --leak-check=full ./test-fs-util
...
==22871==
==22871== 27 bytes in 1 blocks are definitely lost in loss record 1 of 1
==22871== at 0x4C2FC47: realloc (vg_replace_malloc.c:785)
==22871== by 0x4E86D05: strextend (string-util.c:726)
==22871== by 0x4E8F347: chase_symlinks (fs-util.c:712)
==22871== by 0x109EBF: test_chase_symlinks (test-fs-util.c:75)
==22871== by 0x10C381: main (test-fs-util.c:305)
==22871==
```
Closes #4888
Lennart Poettering [Thu, 24 Nov 2016 00:51:36 +0000 (01:51 +0100)]
update TODO
Lennart Poettering [Wed, 23 Nov 2016 23:44:57 +0000 (00:44 +0100)]
core: make "Restart" service property accessible via the transient API
Fixes: #4402
Lennart Poettering [Wed, 23 Nov 2016 21:21:40 +0000 (22:21 +0100)]
core: add ability to define arbitrary bind mounts for services
This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow
defining arbitrary bind mounts specific to particular services. This is
particularly useful for services with RootDirectory= set as this permits making
specific bits of the host directory available to chrooted services.
The two new settings follow the concepts nspawn already possess in --bind= and
--bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these
latter options should probably be renamed to BindPaths= and BindReadOnlyPaths=
too).
Fixes: #3439
Lennart Poettering [Tue, 13 Dec 2016 23:51:37 +0000 (00:51 +0100)]
namespace: instead of chasing mount symlinks a priori, do so as-we-go
This is relevant as many of the mounts we try to establish only can be followed
when some other prior mount that is a prefix of it is established. Hence: move
the symlink chasing into the actual mount functions, so that we do it as late
as possibly but as early as necessary.
Fixes: #4588
Lennart Poettering [Tue, 13 Dec 2016 23:48:52 +0000 (00:48 +0100)]
core: rename BindMount structure → MountEntry
After all, these don#t strictly encapsulate bind mounts anymore, and we are
preparing this for adding arbitrary user-defined bind mounts in a later commit,
at which point this would become really confusing. Let's clean this up, rename
the BindMount structure to MountEntry, so that it is clear that it can contain
information about any kind of mount.
Lennart Poettering [Wed, 23 Nov 2016 00:09:14 +0000 (01:09 +0100)]
namespace: add explicit read-only flag
This reworks handling of the read-only management for mount points. This will
become handy as soon as we add arbitrary bind mount support (which comes in a
later commit).
Lennart Poettering [Tue, 22 Nov 2016 19:21:23 +0000 (20:21 +0100)]
namespace: reindent protect_system_strict_table[] as well
All other tables got reindented, but one was forgotten. Fix that.
Lennart Poettering [Tue, 22 Nov 2016 19:19:08 +0000 (20:19 +0100)]
core: hook up MountFlags= to the transient unit logic
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making
MountFlags= to the list of properties that may be accessed transiently.
Lennart Poettering [Wed, 7 Dec 2016 19:14:43 +0000 (20:14 +0100)]
pam: include pam_keyinit.so in our PAM fragments
We want that systemd --user gets its own keyring as usual, even if the
barebones PAM snippet we ship upstream is used. If we don't do this we get the
basic keyring systemd --system sets up for us.
Lennart Poettering [Fri, 2 Dec 2016 14:05:55 +0000 (15:05 +0100)]
core: store the invocation ID in the per-service keyring
Let's store the invocation ID in the per-service keyring as a root-owned key,
with strict access rights. This has the advantage over the environment-based ID
passing that it also works from SUID binaries (as they key cannot be overidden
by unprivileged code starting them), in contrast to the secure_getenv() based
mode.
The invocation ID is now passed in three different ways to a service:
- As environment variable $INVOCATION_ID. This is easy to use, but may be
overriden by unprivileged code (which might be a bad or a good thing), which
means it's incompatible with SUID code (see above).
- As extended attribute on the service cgroup. This cannot be overriden by
unprivileged code, and may be queried safely from "outside" of a service.
However, it is incompatible with containers right now, as unprivileged
containers generally cannot set xattrs on cgroupfs.
- As "invocation_id" key in the kernel keyring. This has the benefit that the
key cannot be changed by unprivileged service code, and thus is safe to
access from SUID code (see above). But do note that service code can replace
the session keyring with a fresh one that lacks the key. However in that case
the key will not be owned by root, which is easily detectable. The keyring is
also incompatible with containers right now, as it is not properly namespace
aware (but this is being worked on), and thus most container managers mask
the keyring-related system calls.
Ideally we'd only have one way to pass the invocation ID, but the different
ways all have limitations. The invocation ID hookup in journald is currently
only available on the host but not in containers, due to the mentioned
limitations.
How to verify the new invocation ID in the keyring:
# systemd-run -t /bin/sh
Running as unit: run-rd917366c04f847b480d486017f7239d6.service
Press ^] three times within 1s to disconnect TTY.
# keyctl show
Session Keyring
680208392 --alswrv 0 0 keyring: _ses
250926536 ----s-rv 0 0 \_ user: invocation_id
# keyctl request user invocation_id
250926536
# keyctl read
250926536
16 bytes of data in key:
9c96317c ac64495a a42b9cd7 4f3ff96b
# echo $INVOCATION_ID
9c96317cac64495aa42b9cd74f3ff96b
# ^D
This creates a new transient service runnint a shell. Then verifies the
contents of the keyring, requests the invocation ID key, and reads its payload.
For comparison the invocation ID as passed via the environment variable is also
displayed.
Lennart Poettering [Fri, 2 Dec 2016 00:54:41 +0000 (01:54 +0100)]
core: run each system service with a fresh session keyring
This patch ensures that each system service gets its own session kernel keyring
automatically, and implicitly. Without this a keyring is allocated for it
on-demand, but is then linked with the user's kernel keyring, which is OK
behaviour for logged in users, but not so much for system services.
With this change each service gets a session keyring that is specific to the
service and ceases to exist when the service is shut down. The session keyring
is not linked up with the user keyring and keys hence only search within the
session boundaries by default.
(This is useful in a later commit to store per-service material in the keyring,
for example the invocation ID)
(With input from David Howells)
Lennart Poettering [Tue, 13 Dec 2016 19:31:09 +0000 (20:31 +0100)]
Merge pull request #4877 from evverx/fix-machine-id
handle corrupted /etc/machine-id nicer
Evgeny Vereshchagin [Tue, 13 Dec 2016 12:46:11 +0000 (12:46 +0000)]
test: check that we can boot with broken machine-id
Evgeny Vereshchagin [Tue, 13 Dec 2016 11:45:01 +0000 (11:45 +0000)]
sd-id128: id128_write overwrites target file
Evgeny Vereshchagin [Tue, 13 Dec 2016 11:34:09 +0000 (11:34 +0000)]
machine-id-setup: `--print --commit` respects the --root option
Evgeny Vereshchagin [Tue, 13 Dec 2016 10:36:03 +0000 (10:36 +0000)]
core: machine_id_setup overwrites broken machine-id
Andrey Ulanov [Tue, 13 Dec 2016 01:38:18 +0000 (17:38 -0800)]
nspawn: when getting SIGCHLD make sure it's from the first child (#4855)
When getting SIGCHLD we should not assume that it was the first
child forked from system-nspawn that has died as it may also be coming
from an orphan process. This change adds a signal handler that ignores
SIGCHLD unless it came from the first containerized child - the real
child.
Before this change the problem can be reproduced as follows:
$ sudo systemd-nspawn --directory=/container-root --share-system
Press ^] three times within 1s to kill container.
[root@andreyu-coreos ~]# { true & } &
[1] 22201
[root@andreyu-coreos ~]#
Container root-fedora-latest terminated by signal KILL
Sylvain Plantefève [Mon, 12 Dec 2016 21:17:51 +0000 (22:17 +0100)]
catalog: update french translation following 5a1d6cb (#4872)
Piotr Drąg [Mon, 12 Dec 2016 21:04:50 +0000 (22:04 +0100)]
catalog: update Polish translation (#4874)
Martin Pitt [Mon, 12 Dec 2016 15:03:52 +0000 (16:03 +0100)]
Merge pull request #4771 from keszybz/udev-property-ordering
Udev property ordering
Martin Pitt [Mon, 12 Dec 2016 07:12:10 +0000 (08:12 +0100)]
Merge pull request #4868 from keszybz/man
Ellipsization
Lennart Poettering [Sun, 11 Dec 2016 23:02:01 +0000 (00:02 +0100)]
Merge pull request #4867 from keszybz/catalog-messages
Catalog message improvements
Zbigniew Jędrzejewski-Szmek [Thu, 1 Dec 2016 16:46:40 +0000 (11:46 -0500)]
hwdb: emit warning when matches are specified at the very end of file
This is also an error, but it wasn't caught.
[/tmp/tmp.YWeKax4fMI/etc/udev/hwdb.d/10-bad.hwdb:26] Property expected, ignoring record with no properties
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 22:17:17 +0000 (17:17 -0500)]
man: two trivial formatting fixes
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 22:01:07 +0000 (17:01 -0500)]
man: use unicode ellipsis in more places
As requested in
https://github.com/systemd/systemd/pull/4864#pullrequestreview-
12372557.
docbook will substitute triple dots for the ellipsis in man output, so this has
no effect on the troff output, only on HTML, making it infinitesimally nicer.
In some places we show output from programs, which use dots, and those places
should not be changed. In some tables, the alignment would change if dots were
changed to the ellipsis which is only one character. Since docbook replaces the
ellipsis automatically, we should leave those be. This patch changes all other
places.
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 20:40:55 +0000 (15:40 -0500)]
basic/log: CODE_FUNCTION → CODE_FUNC
systemd.journal-fields(7) documents CODE_FUNC=. Internally, we were
inconsistent: sd_journal_print uses CODE_FUNC=, log.h has CODE_FUNCTION=,
python-systemd and bootchart also used CODE_FUNC=, when they were internal.
Most external projects use sd_journal_* functions, so CODE_FUNC=,
python-systemd still uses CODE_FUNC=, as does systemd-bootchart, and
independent reimplementations in golang-github-coreos-go-systemd, qtbase,
network manager, glib, pulseaudio. Hence, I don't think there's much
choice.
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 19:37:12 +0000 (14:37 -0500)]
share/log: change log_syntax from "[a:b] " to "a:b: "
Those square brackets don't fit how our other messages look like; we use colons
everywhere else. The "[a:b]" format was originally added in
ed5bcfbe3c3b68e59242c03649eea03a9707d318, and remained unchanged for 7 years,
but in the meantime other conventions evolved.
The new version is also one character shorter.
[/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring: ...
↓
/etc/systemd/system/systemd-networkd.service.d/override.conf:2: Failed to parse sec value, ignoring: ...
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 19:34:45 +0000 (14:34 -0500)]
basic/log: merge two big log_struct_internal invocations into one
We can take advantage of the fact a NULL argument terminates the list.
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 19:25:45 +0000 (14:25 -0500)]
tools/catalog-report.py: a script to scour the journal for bad catalog entries
I think it can be a useful tool to find such issues.
SD_MESSAGE_UNIT_STARTING
7d4958e842da4a758f6c1cdc7b36dcc5: no field UNIT
../src/core/unit.c:1239 unit_status_log_starting_stopping_reloading
Starting Paths.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USER_UNIT=paths.target
SD_MESSAGE_UNIT_STARTED
39f53479d3a045ac8e11786248231fbf: no field UNIT
../src/core/job.c:721 job_log_status_message
Reached target Paths.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
RESULT=done
USER_UNIT=paths.target
SD_MESSAGE_STARTUP_FINISHED
b07a249cd024414a82dd00cd181378ff: no field KERNEL_USEC
../src/core/manager.c:2532 manager_check_finished
Startup finished in 19ms.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USERSPACE_USEC=19670
SD_MESSAGE_STARTUP_FINISHED
b07a249cd024414a82dd00cd181378ff: no field INITRD_USEC
../src/core/manager.c:2532 manager_check_finished
Startup finished in 19ms.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USERSPACE_USEC=19670
unknown
0ce153587afa4095832d233c17a88001: no catalog entry
gsm-manager.c:1366 start_phase
Entering running state
SYSLOG_IDENTIFIER=gnome-session
PRIORITY=5
SD_MESSAGE_UNIT_STOPPING
de5b426a63be47a7b6ac3eaac82e2f6f: no field UNIT
../src/core/unit.c:1239 unit_status_log_starting_stopping_reloading
Stopping Default.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
USER_UNIT=default.target
SD_MESSAGE_UNIT_STOPPED
9d1aaa27d60140bd96365438aad20286: no field UNIT
../src/core/job.c:729 job_log_status_message
Stopped target Default.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
RESULT=done
USER_UNIT=default.target
SD_MESSAGE_TIME_CHANGE
c7a787079b354eaaa9e77b371893cd27: no field REALTIME
src/core/manager.c:2049 manager_dispatch_time_change_fd
Time has been changed
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
PRIORITY=6
unknown
f3ea493c22934e26811cd62abe8e203a: no catalog entry
shell-global.c:1375 shell_global_log_structured
GNOME Shell started at Sat Jun 11 2016 12:37:46 GMT-0400 (EDT)
SYSLOG_IDENTIFIER=gnome-shell
SD_MESSAGE_UNIT_FAILED
be02cf6855d2428ba40df7e9d022f03d: no field UNIT
src/core/job.c:803 job_log_status_message
Failed to start GNOME Terminal Server.
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
RESULT=failed
PRIORITY=3
USER_UNIT=gnome-terminal-server.service
SD_MESSAGE_LID_CLOSED
b72ea4a2881545a0b50e200e55b9b070: no catalog entry
src/login/logind-button.c:198 button_dispatch
Lid closed.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_LID_OPENED
b72ea4a2881545a0b50e200e55b9b06f: no catalog entry
src/login/logind-button.c:219 button_dispatch
Lid opened.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_SUSPEND_KEY
b72ea4a2881545a0b50e200e55b9b072: no catalog entry
src/login/logind-button.c:177 button_dispatch
Suspend key pressed.
SYSLOG_FACILITY=4
SYSLOG_IDENTIFIER=systemd-logind
PRIORITY=6
SD_MESSAGE_CONFIG_ERROR
c772d24e9a884cbeb9ea12625c306c01: no catalog entry
src/shared/conf-parser.c:469 config_parse_sec
[/etc/systemd/system/systemd-networkd.service.d/override.conf:2] Failed to parse sec value, ignoring:
UNIT=systemd-networkd.service
SYSLOG_FACILITY=3
ERRNO=22
SYSLOG_IDENTIFIER=systemd
PRIORITY=3
CONFIG_LINE=2
CONFIG_FILE=/etc/systemd/system/systemd-networkd.service.d/override.conf
unknown
10dd2dc188b54a5e98970f56499d1f73: no catalog entry
gsm-manager.c:308 on_display_server_failure
Unrecoverable failure in required component org.gnome.Shell.desktop
PRIORITY=3
SYSLOG_IDENTIFIER=gnome-session-binary
unknown
52fb62f99e2c49d89cfbf9d6de5e3555: no catalog entry
src/journal/test-journal-send.c:85 main
Hello World!
PAGE_SIZE=4096
TERM=xterm-256color
SYSLOG_IDENTIFIER=lt-test-journal-send
PRIORITY=5
N_CPUS=2
HOME=/home/zbyszek
unknown
9348174c5cc74001a71ef26bd79d302e: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Download finished.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
TARGET_RELEASEVER=25
SYSTEM_RELEASEVER=24
PRIORITY=5
unknown
fef1cc509d5047268b83a3a553f54b43: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Rebooting to perform upgrade.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
TARGET_RELEASEVER=25
SYSTEM_RELEASEVER=24
PRIORITY=5
unknown
3e0a5636d16b4ca4bbe5321d06c6aa62: no catalog entry
/usr/lib/python3.5/site-packages/dnf-plugins/system_upgrade.py:422 log_status
Starting system upgrade. This will take a while.
SYSLOG_IDENTIFIER=python3
DNF_VERSION=1.1.10
SYSTEM_RELEASEVER=24
PRIORITY=5
TARGET_RELEASEVER=25
unknown
0123456789abcdef0123456789abcdef: no catalog entry
<doctest systemd.journal.JournalHandler[9]>:1 <module>
Message with ID
SYSLOG_IDENTIFIER=/usr/lib/python2.7/site-packages/py/test.py
LOGGER=custom_logger_name
PRIORITY=4
THREAD_NAME=MainThread
Lennart Poettering [Sun, 11 Dec 2016 19:38:15 +0000 (20:38 +0100)]
Merge pull request #4859 from keszybz/networkd
Networkd man page update and fixes for the fallout
Lennart Poettering [Sun, 11 Dec 2016 19:12:32 +0000 (20:12 +0100)]
Merge pull request #4864 from keszybz/build-sys
Fix some build issues and warnings
Lennart Poettering [Sun, 11 Dec 2016 19:09:04 +0000 (20:09 +0100)]
Merge pull request #4861 from keszybz/dissect-tweaks
A prettification of the dissect code, mkosi and TODO updates
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 16:32:28 +0000 (11:32 -0500)]
pid1,catalog: use a different MESSAGE_ID for user manager startup
This add a new message id for the end of user instance startup.
User manager startup is a different beast then the system startup.
Their descriptions are completely different too. Let's just separate
them.
Partially fixes #3351.
Also remove "successful" from the description, since we don't know if
the startup was successful or not.
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 04:20:42 +0000 (23:20 -0500)]
basic/extract-word,man: clarify "correction" of invalid escapes
Our warning message was misleading, because we wouldn't "correct" anything,
we'd just ignore unkown escapes. Update the message.
Also, print just the extracted word (which contains the offending sequences) in
the message, instead of the whole line.
Fixes #4697.
Zbigniew Jędrzejewski-Szmek [Sun, 11 Dec 2016 04:07:46 +0000 (23:07 -0500)]
pid1: remove unnecessary counter
The loop must terminate after at most three iterations anyway.
AsciiWolf [Sun, 11 Dec 2016 05:14:19 +0000 (06:14 +0100)]
Added Debian config for mkosi (#4865)
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 18:55:13 +0000 (13:55 -0500)]
shared/firewall-util: remove warning about net/if.h workaround
This is already fixed upstream, so warning is not useful.
Let's keep the workaround until the fix has percolated downstream.
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 18:52:49 +0000 (13:52 -0500)]
journal: fix warning about LZ4_compress_limitedOutput
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 18:35:47 +0000 (13:35 -0500)]
dissect: assume GPT_ROOT_SECONDARY_VERITY is defined when GPT_ROOT_SECONDARY is
We define those macros, and there's no reason to have one without
the other.
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 18:01:22 +0000 (13:01 -0500)]
build-sys: define arm as secondary architecture for arm64
Completely unstested. Fixes #4862.
Lennart Poettering [Sat, 10 Dec 2016 15:28:50 +0000 (16:28 +0100)]
Merge pull request #4844 from hadess/sensor-quirks
udev: Add rules for accelerometer orientation quirks
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 07:28:24 +0000 (02:28 -0500)]
hwdb_parser: make sure that our patterns match the full property
We would catch stuff like:
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0.0., 0
but not
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 0.0.
because the match would stop at the next-to-last char. Fix that
by requiring a line end.
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 07:26:37 +0000 (02:26 -0500)]
hwdb_parser: add support for ACCEL_MOUNT_MATRIX
We test that we have exactly three rows of three reals separated by two
semicolons.
Bastien Nocera [Tue, 6 Dec 2016 16:16:43 +0000 (17:16 +0100)]
udev: Add rules for accelerometer orientation quirks
This commit adds a rules file to extract the properties from hwdb
to set on i2c IIO devices. This is used to set the ACCEL_MOUNT_MATRIX
property on IIO devices, to be consumed by iio-sensor-proxy or
equivalent daemon.
The hwdb file contains documentation on how to write quirks. Note
however that mount information is usually exported in:
- the device-tree for ARM devices
- the ACPI DSDT for Intel-compatible devices
but currently not extracted by the kernel.
Also note that some devices have the framebuffer rotation that changes
between the bootloader and the main system, which might mean that the
accelerometer is then wrongly oriented. This is a missing feature in the
i915 kernel driver: https://bugs.freedesktop.org/show_bug.cgi?id=94894
which needs to be fixed, and won't require quirks.
Zbigniew Jędrzejewski-Szmek [Wed, 7 Dec 2016 21:08:34 +0000 (16:08 -0500)]
mkosi: we need diff to run ./configure
checking if gcc supports -fno-rtti -fno-exceptions... ./configure: line 10083: diff: command not found
no
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 06:41:36 +0000 (01:41 -0500)]
TODO: add dissect section
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 06:29:52 +0000 (01:29 -0500)]
Merge pull request #4835 from poettering/unit-name-printf
Various specifier resolution fixes.
Zbigniew Jędrzejewski-Szmek [Sat, 10 Dec 2016 06:08:13 +0000 (01:08 -0500)]
Merge pull request #4795 from poettering/dissect
Generalize image dissection logic of nspawn, and make it useful for other tools.
Wim de With [Sat, 10 Dec 2016 04:33:58 +0000 (05:33 +0100)]
nspawn: add missing -E to getopt_long (#4860)
Zbigniew Jędrzejewski-Szmek [Fri, 2 Dec 2016 19:00:46 +0000 (14:00 -0500)]
man: make the examples in systemd.network(5) more useful
We shouldn't just have snippets of configuration, but instead
examples which show all the parts necessary to build a certain kind
of setup, with short explanations.
Zbigniew Jędrzejewski-Szmek [Fri, 2 Dec 2016 18:34:35 +0000 (13:34 -0500)]
networkd: check that VTI/VTI6 tunnels have a local address
Otherwise we'd fail with an assertion:
Assertion 't->family == AF_INET' failed at ../src/network/netdev/tunnel.c:244, function netdev_vti_fill_message_create(). Aborting.
Zbigniew Jędrzejewski-Szmek [Fri, 2 Dec 2016 18:28:01 +0000 (13:28 -0500)]
networkd: tighten parsing of Tunnel addresses
When assigning addresses, we'd set the family, and later
verify that the address on the other end has the same family.
But when the address was specified as "any", we'd simply unset
the family. Instead, only unset the family if both addresses
are wiped.
Also, don't bother setting family = AF_UNSPEC, since it's the default (0).
Zbigniew Jędrzejewski-Szmek [Fri, 2 Dec 2016 18:24:30 +0000 (13:24 -0500)]
networkd: use log_netdev_error in a two more places
Zbigniew Jędrzejewski-Szmek [Fri, 2 Dec 2016 16:33:31 +0000 (11:33 -0500)]
networkd: do not print ": Success" in debug message
%m isn't useful in success path.
Zbigniew Jędrzejewski-Szmek [Tue, 15 Nov 2016 20:01:40 +0000 (15:01 -0500)]
pid1: simplify the logic in two statements related to killing processes
Generally non-inverted conditions are nicer, and ternary operators
with complex conditions are a bit hard to read.
No functional change.
Reverend Homer [Fri, 9 Dec 2016 09:04:30 +0000 (12:04 +0300)]
tree-wide: replace all readdir cycles with FOREACH_DIRENT{,_ALL} (#4853)
Zbigniew Jędrzejewski-Szmek [Fri, 9 Dec 2016 04:24:28 +0000 (23:24 -0500)]
Merge pull request #4686 from poettering/machine-id-app-specific
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
David Michael [Wed, 7 Dec 2016 21:42:17 +0000 (13:42 -0800)]
network: fix const qualifier (#4849)
Follow up for #4809.
Franck Bui [Wed, 7 Dec 2016 20:36:39 +0000 (21:36 +0100)]
nspawn: resolv.conf might not be created initially (#4799)
This might happen that resolv.conf is missing in a minimal rootfs and in this
case the following warning is emitted:
Failed to mount n/a on /mnt/etc/resolv.conf (MS_BIND ""): No such file or directory
This patch fixes this case.
Lennart Poettering [Wed, 7 Dec 2016 20:35:07 +0000 (21:35 +0100)]
Merge pull request #4843 from joukewitteveen/protocol
Go through stop_post on failure (#4770)
Zbigniew Jędrzejewski-Szmek [Wed, 7 Dec 2016 20:26:11 +0000 (15:26 -0500)]
dissect: add DISSECT_IMAGE_DISCARD_ANY mask
This makes the code to set arg_flags much more readable.
David Michael [Wed, 7 Dec 2016 18:12:10 +0000 (10:12 -0800)]
network: support negation in matching patterns (#4809)
Lennart Poettering [Wed, 7 Dec 2016 18:03:22 +0000 (19:03 +0100)]
core: add a note clarifying that we should be careful when adding new specifiers
Lennart Poettering [Wed, 7 Dec 2016 17:58:09 +0000 (18:58 +0100)]
core: deprecate %c, %r, %R specifiers
%c and %r rely on settings made in the unit files themselves and hence resolve
to different values depending on whether they are used before or after Slice=.
Let's simply deprecate them and drop them from the documentation, as that's not
really possible to fix. Moreover they are actually redundant, as the same
information may always be queried from /proc/self/cgroup and /proc/1/cgroup.
(Accurately speaking, %R is actually not broken like this as it is constant.
However, let's remove all cgroup-related specifiers at once, as it is also
redundant, and doesn't really make much sense alone.)
Lennart Poettering [Mon, 5 Dec 2016 19:14:13 +0000 (20:14 +0100)]
update TODO
Lennart Poettering [Mon, 5 Dec 2016 19:12:46 +0000 (20:12 +0100)]
tests: let's make function tables static/const
Lennart Poettering [Mon, 5 Dec 2016 18:42:25 +0000 (19:42 +0100)]
core: add specifier expansion to ReadOnlyPaths= and friends
Expanding specifiers here definitely makes sense.
Also simplifies the loop a bit, as there's no reason to keep "prev" around...
Lennart Poettering [Mon, 5 Dec 2016 18:40:13 +0000 (19:40 +0100)]
core: add specifier expansion to RequiresMountsFor=
This might be useful for some people, for example to pull in mounts for paths
including the machine ID or hostname.
Lennart Poettering [Mon, 5 Dec 2016 18:38:39 +0000 (19:38 +0100)]
core: turn on specifier expansion for more unit file settings
Let's permit specifier expansion at a numbre of additional fields, where
arbitrary strings might be passed where this might be useful one day. (Or at
least where there's no clear reason where it wouldn't make sense to have.)
Lennart Poettering [Mon, 5 Dec 2016 18:25:44 +0000 (19:25 +0100)]
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before
For settings that are not taking unit names there's no reason to use
unit_name_printf(). Use unit_full_printf() instead, as the names are validated
anyway in one form or another after expansion.
Lennart Poettering [Mon, 5 Dec 2016 18:12:54 +0000 (19:12 +0100)]
core: resolve more specifiers in unit_name_printf()
unit_name_printf() is usually what we use when the resulting string shall
qualify as unit name, and it hence avoids resolving specifiers that almost
certainly won't result in valid unit names.
Add a couple of more specifiers that unit_full_printf() resolves also to the
list unit_name_printf() resolves, as they are likely to be useful in valid unit
names too. (Note that there might be cases where this doesn't hold, but we
should still permit this, as more often than not they are safe, and if people
want to use them that way, they should be able to.)
Lennart Poettering [Mon, 5 Dec 2016 18:10:44 +0000 (19:10 +0100)]
man: drop reference to %U being useless
This paragraph was a missed left-over from
79413b673b45adc98dfeaec882bbdda2343cb2f9. Drop it now.
Lennart Poettering [Mon, 5 Dec 2016 17:56:25 +0000 (18:56 +0100)]
core: move specifier expansion out of service.c/socket.c
This monopolizes unit file specifier expansion in load-fragment.c, and removes
it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files.
Previously specifiers were resolved for all settings during loading of unit
files with the exception of ExecStart= and friends which were resolved in
socket.c and service.c. With this change the latter is also moved to the
loading of unit files.
Fixes: #3061
Lennart Poettering [Wed, 7 Dec 2016 17:36:08 +0000 (18:36 +0100)]
man: update the nspawn man page, and document what kind of dissection features we now support
Lennart Poettering [Wed, 7 Dec 2016 17:28:13 +0000 (18:28 +0100)]
nspawn/dissect: automatically discover dm-verity verity partitions
This adds support for discovering and making use of properly tagged dm-verity
data integrity partitions. This extends both systemd-nspawn and systemd-dissect
with a new --root-hash= switch that takes the root hash to use for the root
partition, and is otherwise fully automatic.
Verity partitions are discovered automatically by GPT table type UUIDs, as
listed in
https://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/
(which I updated prior to this change, to include new UUIDs for this purpose.
mkosi with https://github.com/systemd/mkosi/pull/39 applied may generate images
that carry the necessary integrity data. With that PR and this commit, the
following simply lines suffice to boot up an integrity-protected container image:
```
# mkdir test
# cd test
# mkosi --verity
# systemd-nspawn -i ./image.raw -bn
```
Note that mkosi writes the image file to "image.raw" next to a a file
"image.roothash" that contains the root hash. systemd-nspawn will look for that
file and use it if it exists, in case --root-hash= is not specified explicitly.
Lennart Poettering [Wed, 7 Dec 2016 16:42:40 +0000 (17:42 +0100)]
nspawn: when generating a machine name from an image name, truncate .raw suffix
Let's prettify the machine name we generate for image-based containers: let's
chop off the .raw suffix before using it as machine name.
Lennart Poettering [Mon, 5 Dec 2016 15:26:48 +0000 (16:26 +0100)]
dissect: add support for encrypted images
This adds support to the image dissector to deal with encrypted images (only
LUKS). Given that we now have a neatly isolated image dissector codebase, let's
add a new feature to it: support for automatically dealing with encrypted
images. This is then exposed in systemd-dissect and nspawn.
It's pretty basic: only support for passphrase-based encryption.
In order to ensure that "systemd-dissect --mount" results in mount points whose
backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE
ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at
the moment doesn't provide a proper API for this. Thankfully, the ioctl() API
is pretty easy to use.
Lennart Poettering [Mon, 5 Dec 2016 15:09:04 +0000 (16:09 +0100)]
minor code beautifications
Lennart Poettering [Fri, 2 Dec 2016 18:32:09 +0000 (19:32 +0100)]
dissect: add small "systemd-dissect" tool as wrapper around dissect-image.c
This adds a small tool that may be used to look into OS images, and mount them
to any place. This is mostly a friendlier version of test-dissect-image.c. I am
not sure this should really become a proper command of systemd, hence for now
do not install it into bindir, but simply libexecdir.
This tool is already pretty useful since you can mount image files with it,
honouring the various partitions correctly. I figure this is going to become
more interesting if the dissctor learns luks and verity support.
Lennart Poettering [Fri, 2 Dec 2016 16:01:19 +0000 (17:01 +0100)]
util-lib: drop unnecessary NULL check
DEFINE_TRIVIAL_CLEANUP_FUNC() already does that check, no need to duplicate it.
Lennart Poettering [Thu, 1 Dec 2016 22:24:20 +0000 (23:24 +0100)]
machined: add API for querying the OS release of a machine image
This adds a bus call GetImageOSRelease() to the Manager interface that
retrieves the /etc/os-release file of a machine image. It matches the existing
GetMachineOSRelease() call, however operates on a disk image rather than a
running container.
The backend for this call on .raw images is implemented via the generalized
image dissector, which makes this scheme relatively easy to implement.
Lennart Poettering [Thu, 1 Dec 2016 22:19:31 +0000 (23:19 +0100)]
util-lib: add easy helpers for temporary directories that rmdir()ed via _cleanup_
This adds mkdtemp_malloc() that is a combination of mkdtemp() plus strdup(). It
initializes its return paremeter only if the temporary directory could be
created successfully, so that the parameter is exactly non-NULL when the
directory exists.
rmdir_and_free() and rmdir_and_freep() are also added, and the latter may be
used inside of _cleanup_ for such a directory string variable, to automatically
rmdir() the directory if it is non-NULL when the scope exits.
rmdir_and_free() is similar to the existing rm_rf_and_free() however, is only
removes a single directory and does not operate recursively.
Lennart Poettering [Thu, 1 Dec 2016 19:26:09 +0000 (20:26 +0100)]
nspawn: port nspawn to new generalized image dissection code
Let's make use of the new internal API. This mostly doesn't change anything for
the caller, however, "systemd-nspawn --image=/dev/sda7" works now as the new
code can handle disk images with no partition tables, and make any detected
images directly the root.
Lennart Poettering [Thu, 1 Dec 2016 19:25:26 +0000 (20:25 +0100)]
util-lib: split out image dissecting code and loopback code from nspawn
This adds two new APIs to systemd:
- loop-util.h is a simple internal API for allocating, setting up and releasing
loopback block devices.
- dissect-image.h is an internal API for taking apart disk images and figuring
out what the purpose of each partition is.
Both APIs are basically refactored versions of similar code in nspawn. This
rework should permit us to reuse this in other places than just nspawn in the
future. Specifically: to implement RootImage= in the service image, similar to
RootDirectory=, but operating on a disk image; to unify the gpt-auto-discovery
generator code with the discovery logic in nspawn; to add new API to machined
for determining the OS version of a disk image (i.e. not just running
containers). This PR does not make any such changes however, it just provides
the new reworked API.
The reworked code is also slightly more powerful than the nspawn original one.
When pointing it to an image or block device with a naked file system (i.e. no
partition table) it will simply make it the root device.
Lennart Poettering [Thu, 1 Dec 2016 17:15:43 +0000 (18:15 +0100)]
libudev: set errno if udev_new() fails
All other constructors in libudev do that, let's also do this for udev_new().
27o [Wed, 7 Dec 2016 01:00:05 +0000 (02:00 +0100)]
dhcp: bind udp sockets to interfaces (#4822)
Peter Hutterer [Tue, 6 Dec 2016 21:12:13 +0000 (07:12 +1000)]
Merge pull request #4841 from hadess/oke-barcode-reader
hwdb: Add fixed layout for a few devices
Doug Christman [Tue, 6 Dec 2016 19:41:15 +0000 (14:41 -0500)]
calendarspec: always interpret missing seconds as :00 (#4813)
"*:*" should be equivalent to "*-*-* *:*:00" (minutely)
rather than running every microsecond.
Fixes #4804
Jouke Witteveen [Tue, 6 Dec 2016 12:30:28 +0000 (13:30 +0100)]
service: go through stop_post on failure (#4770)
Jouke Witteveen [Tue, 6 Dec 2016 12:01:35 +0000 (13:01 +0100)]
man: fix $SERVICE_RESULT/$EXIT_CODE/$EXIT_STATUS documentation
Note that any exit code is available through $EXIT_STATUS and not through
$EXIT_CODE. This mimics siginfo.