Commit Graph

54455 Commits

Author SHA1 Message Date
Lennart Poettering
f22abf384d types-fundamental: introduce sd_true + sd_false
I think we should stick to the rule that stuff defined in
types-fundamental.h either:

1. adds a prefixed concept "sd_xyz" that maps differently in the two
   environments

2. adds a non-prefixed concept "xyz" that adds a type otherwise missing
   in one of the two environments but with the same definition as in the
   other.

i.e. if have have some concept that might differ the way its set up in
the two environments it really should be prefixed by "sd_" to make clear
it has semantics we defined. Only drop the prefix if it really means the
exact same thin in all environments.

Now, sd_bool is defined prefixed, because its either mapped to "BOOLEAN"
(which is an integer) in UEFI or "bool" (which is C99 _Bool) in
userspace. size_t is not defined prefixed, because it's mapped to the
same thing ultimately (on the UEFI its mapped to UINTN, but that in turn
is defined as being the type for the size of memory objects, thus it's
really the same as userspace size_t).

So far "true" and "false" where defined unprefixed even though they map
to values of different types. typeof(true) in userspace would reveal
_Bool, but typeof(false) in UEFI would reveal BOOLEAN. The distinction
actually does matter in comparisons (i.e. (_Bool) 1 == (_Bool) 2 holds
while (BOOLEAN) 1 == (BOOLEAN) 2 does not hold).

Hence, let's add sd_true and sd_false, thus indicating we defined our
own concept here, and it has similar but different semantics in UEFI and
in userspace.
2021-11-11 17:23:34 +01:00
Lennart Poettering
e514b5071c fundamental: rename type.h → types-fundamental.h
"type.h" is a very generic name, but this header is very specific to
making the "fundaemtnal" stuff work, it maps genric types in two
distinct ways. Hence let's make clear in the header name already what
this is about.
2021-11-11 17:23:09 +01:00
Lennart Poettering
81d9db6805 boot: line-break magic[] array to match osrel[] line breaks 2021-11-11 17:23:04 +01:00
Lennart Poettering
c2caeb5d54 bootspec: catch up with sd-boot's bootspec implementation
Let's parse the same fields and use them the same way as in sd-boot.

Fixes: #20093
2021-11-11 17:22:59 +01:00
Lennart Poettering
df33178416 boot: when we can't boot use the right boot loader entry display title in log message 2021-11-11 17:22:55 +01:00
Lennart Poettering
18fde343a8 boot: clean up unified boot loader entry name/version extraction
Let's make sure IMAGE_ID/IMAGE_VERSION are properly honoured, and
explain in a long comment why.

Let's also use ID= field again, which was lost by accident.

(While we are at it do some minimal OOM checks wherever we touch
something)
2021-11-11 17:22:31 +01:00
Lennart Poettering
31f7765762 bootspec: fix comment that says exactly the opposite of what is true 2021-11-11 17:22:27 +01:00
Lennart Poettering
1ce915a91c boot: const arguments should be const
Unfortunately they forgot the "const" decoration on the MetaiMatch()
prototype, but let that omission not leak into our code, let's hide it
away in the innermost use.
2021-11-11 17:22:23 +01:00
Lennart Poettering
b78a282181 boot: ternary op is your friend 2021-11-11 17:22:18 +01:00
Lennart Poettering
08cd8c4307 boot: add comments what closely related ConfigEntry fields are about 2021-11-11 17:21:37 +01:00
Evgeny Vereshchagin
4e296232e4 try to fix a Dependabot error
```
updater | ERROR <job_232492775> Error processing actions/checkout (RuntimeError)
updater | ERROR <job_232492775> No files changed!
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-github_actions-0.166.0/lib/dependabot/github_actions/file_updater.rb:28:in `updated_dependency_files'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:676:in `generate_dependency_files_for'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:274:in `check_and_create_pull_request'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:28:in `run'
updater | ERROR <job_232492775> bin/update_files.rb:21:in `<main>`
```
2021-11-11 16:08:17 +00:00
Michal Sekletar
edc027b4f1 mount: retrigger run queue after ratelimit expired to run delayed mount start jobs
Fixes #20329
2021-11-11 17:04:39 +01:00
Michal Sekletar
a7c93dfe91 mount: make mount units start jobs not runnable if /p/s/mountinfo ratelimit is in effect 2021-11-11 17:04:39 +01:00
Michal Sekletar
705578c3b9 core: rename/generalize UNIT(u)->test_start_limit() hook
Up until now the main reason why we didn't proceed with starting the
unit was exceed start limit burst. However, for unit types like mounts
the other reason could be effective ratelimit on /proc/self/mountinfo
event source. That means our mount unit state may not reflect current
kernel state. Hence, we need to attempt to re-run the start job again
after ratelimit on event source expires.

As we will be introducing another reason than start limit let's rename
the virtual function that implements the check.
2021-11-11 17:04:36 +01:00
Michal Sekletar
fd69f22475 sd-event: introduce callback invoked when event source ratelimit expires 2021-11-11 17:02:56 +01:00
Jonas Witschel
c65417a011 scope: count successful cgroup additions when delegating via D-Bus
Since commit 8d3e4ac7cd ("scope: refuse
activation of scopes if no PIDs to add are left") all "systemd-run --scope
--user" calls fail because cgroup attachments delegated to the system instance
are not counted towards successful additions. Fix this by incrementing the
return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to
what happens when cg_attach() succeeds directly.

Note that this can *not* distinguish the case when
unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all
processes to attach are gone in the meantime, unlike the checks that commit
8d3e4ac7cd adds for the system instance. This is
because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal
unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include
the number of successfully attached processes and is always NULL on success.

Fixes: #21297
2021-11-11 15:19:51 +00:00
ml
84b10e536c man: remove unintentionally repetitive words 2021-11-11 14:36:50 +01:00
Lennart Poettering
371264b6c6 Merge pull request #21302 from yuwata/udev-drop-colon-from-ID_NET_NAME_MAC
udev: drop colon from ID_NET_NAME_MAC
2021-11-11 14:36:28 +01:00
Lennart Poettering
126c02a8fd Merge pull request #21304 from poettering/chain-ssh-auth-keys
userdbctl: add support for chaining other ssh-authorized-keys commands from userdbctl
2021-11-11 14:35:48 +01:00
Luca Boccassi
bb23992740 Merge pull request #21301 from yuwata/network-neighbor-use-hw-addr-data
network: neighbor: use "struct hw_addr_data"
2021-11-11 10:32:11 +00:00
Evgeny Vereshchagin
3fec0e6cbf ci: pin some workflows to SHAs
to let Dependabot keep track of them using SHAs

codeql-actions doesn't point to SHAs because it isn't clear
whether Dependabot supports their release cycle mentioned
at https://github.com/github/codeql-action/issues/307
2021-11-11 10:32:02 +00:00
Evgeny Vereshchagin
5570313421 ci: pin labeler
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
2021-11-11 10:19:06 +00:00
Yu Watanabe
a914901d38 test: use kbd-mode-map we ship in one more test case
Follow-up for be0cc2ce6c.

Fixes https://github.com/systemd/systemd/pull/19670#issuecomment-965817823.
2021-11-11 09:54:01 +00:00
Yu Watanabe
dfa4876c41 udev: drop colon from ID_NET_NAME_MAC
Fixes a bug introduced by eaba9bb3e6.
2021-11-11 18:29:55 +09:00
Yu Watanabe
e44cd43788 ether-addr-util: introduce hw_addr_to_string_full() 2021-11-11 18:29:52 +09:00
Lennart Poettering
01f6c450b6 man: document new --chain switch to userdbctl
And while we are at it, make 'ssh-authorized-keys' verb properly
documented. Given that OpenSSH documents the interface in its man page
it's fine to just document our implementation of it too.
2021-11-11 10:06:39 +01:00
Lennart Poettering
8072a7e6a9 userdbctl: add support for chaining command lines in "authorized-keys" verb 2021-11-11 10:06:35 +01:00
Lennart Poettering
7d0cede04f escape: return unused memory in quote_command_line() 2021-11-11 10:06:31 +01:00
Lennart Poettering
5e659ffcb0 process-util: use quote_command_line() at one more place 2021-11-11 10:06:26 +01:00
Lennart Poettering
4ef15008cc escape: add flags argument to quote_command_line()
That way, we can reuse the call at one more place (see later patch).
2021-11-11 10:05:46 +01:00
Julia Kartseva
dedca960af core: check fs type of BPFProgram= property path
Tests:

```
% stat --file-system --format="%T" /root/bpf/trivial/
bpf_fs

% systemd-nspawn -D/ --volatile=yes \
--property=BPFProgram=egress:/root/bpf/trivial/cgroup_skb_egress \
--quiet -- ping -c 5 -W 1 ::1
PING ::1(::1) 56 data bytes

--- ::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4110ms
```

```
% stat --file-system --format='%T' /root/meh
btrfs

% systemd-nspawn -D/ --volatile=yes --property=BPFProgram=egress:/root/meh
--quiet -- ping -c 5 -W 1 ::1
```
sudo ./build/systemd-nspawn \
-D/ --volatile=yes --property=BPFProgram=egress:/home/hex --quiet -- \
ping -c 1 -W 1 ::1
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.017 ms

--- ::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
2021-11-11 00:09:15 -08:00
Julia Kartseva
084d0849fc core: fix bpf-foreign cg controller realization
Requiring /sys/fs/bpf path to be a mount point at the moment of cgroup
controllers realization does more harm than good, because:
* Realization happens early on boot, the mount point may not be ready at
the time. That happens if mounts are made by a .mount unit (the issue we
encountered).
* BPF filesystem may be mounted on another point.

Remove the check. Instead verify that path provided by BPFProgram= is
within BPF fs when unit properties are parsed.

Split in two commits for simple backport.
2021-11-10 21:00:25 -08:00
Yu Watanabe
13b7b8bd73 network: neighbor: accept an empty string assignment 2021-11-11 12:49:42 +09:00
Yu Watanabe
17193d767d network: neighbor: use "struct hw_addr_data" to store link layer address 2021-11-11 12:49:42 +09:00
Yu Watanabe
ca7d208367 ether-addr-util: expose hw_addr_hash_func() 2021-11-11 12:49:42 +09:00
Yu Watanabe
c990101f23 sd-netlink: fix type of NDA_LLADDR attribute 2021-11-11 12:49:42 +09:00
Luca Boccassi
a704137c20 Merge pull request #21273 from yuwata/hostname-device-tree
hostnamed: use /proc/device-tree to get chassis type
2021-11-10 23:15:20 +00:00
Yu Watanabe
9133c1877f netif-util: fix stack-use-after-scope
Fixes a bug introduced by 0295b2fd1d.

Fixes #21292.
2021-11-10 22:11:18 +00:00
Frantisek Sumsal
8b212f3596 ci: take CIFuzz's matrix into consideration
Otherwise the jobs will try to cancel each other out.

Follow-up to 3884837610.
2021-11-10 20:44:24 +00:00
Yu Watanabe
e2b777f821 sd-id128: use /proc/device-tree 2021-11-11 04:42:50 +09:00
Yu Watanabe
c6dce5720c condition: use /proc/device-tree/ 2021-11-11 04:42:50 +09:00
Yu Watanabe
e6cbe6970f hostnamed: use /proc/device-tree to get chassis type
From https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-firmware-ofw
---
Userspace must not use the /sys/firmware/devicetree/base
path directly, but instead should follow /proc/device-tree
symlink. It is possible that the absolute path will change
in the future, but the symlink is the stable ABI.
---

Addresses the comment https://github.com/systemd/systemd/pull/20731#discussion_r744095262.
2021-11-11 04:42:50 +09:00
Luca Boccassi
227e2fc1a7 Merge pull request #21290 from poettering/arch-me-harder
some docs/tweaks regarding porting to new archs
2021-11-10 18:37:01 +00:00
Jan Janssen
9cf75222f2 meson: Rework gnu-efi detection
Moving all of the gnu-efi detection into src/boot/efi/meson.build makes
more sense than having it partially split.

And thanks to subdir_done() we can simplify the code a lot.

Fixes: #21258
2021-11-10 18:25:19 +00:00
Luca Boccassi
fe63d890fd Merge pull request #21293 from mrc0mmand/ci-cancel-old-jobs
ci: cancel previous jobs on ref update
2021-11-10 18:15:21 +00:00
Frantisek Sumsal
3884837610 ci: cancel previous jobs on ref update
Let's save the environment (and reduce the number of jobs in GH Actions
queues) by cancelling old jobs on a ref update (force push).

See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
2021-11-10 17:15:35 +01:00
Frantisek Sumsal
46573ee131 ci: fix indentation 2021-11-10 17:15:35 +01:00
Frantisek Sumsal
b8c94ee372 Revert "CI: run GCC unit test job on push to main"
This reverts commit c1036042f5.

Follow-up to 0ad536c16a.
2021-11-10 17:15:35 +01:00
Zbigniew Jędrzejewski-Szmek
33068a0f5e binfmt: unparenthesize a bit 2021-11-10 15:47:26 +01:00
Zbigniew Jędrzejewski-Szmek
52707598d5 binfmt: fix exit value
Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g.
systemd-binfmt --foobar would "succeed".
2021-11-10 15:47:26 +01:00