From 8b8ffaf1052ea2088cf04a043f0f2113e4d9a6ac Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 27 Jun 2024 17:59:01 +0100 Subject: [PATCH 01/41] docs: fix dead link to GNOME documentation (cherry picked from commit b22ee1010d4ba2e0049b162483c0f185c367d0bb) (cherry picked from commit 715d146a3acf6e0abf2f568bdc6313546783ee79) --- docs/MEMORY_PRESSURE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/MEMORY_PRESSURE.md b/docs/MEMORY_PRESSURE.md index 69c23eccb2b..38f1c645c9f 100644 --- a/docs/MEMORY_PRESSURE.md +++ b/docs/MEMORY_PRESSURE.md @@ -227,7 +227,7 @@ handling, it's typically sufficient to add a line such as: Other programming environments might have native APIs to watch memory pressure/low memory events. Most notable is probably GLib's -[GMemoryMonitor](https://developer-old.gnome.org/gio/stable/GMemoryMonitor.html). It +[GMemoryMonitor](https://docs.gtk.org/gio/iface.MemoryMonitor.html). It currently uses the per-system Linux PSI interface as the backend, but operates differently than the above: memory pressure events are picked up by a system service, which then propagates this through D-Bus to the applications. This is From ca3fb48069dada8d48ed17e205aeba86cdcbc17e Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 27 Jun 2024 12:49:59 +0200 Subject: [PATCH 02/41] mkosi: Enable hyperscale-packages-experimental for CentOS This gets us a kernel with btrfs support. (cherry picked from commit 6f1f13ca9f8db424c613332ec4739e53b2db6fdf) (cherry picked from commit 1566c15fe42d6d80c80ffc152a7cb87fa5246ea9) --- mkosi.conf.d/10-centos.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/mkosi.conf.d/10-centos.conf b/mkosi.conf.d/10-centos.conf index ae2706c7917..ee8d0e5581e 100644 --- a/mkosi.conf.d/10-centos.conf +++ b/mkosi.conf.d/10-centos.conf @@ -8,3 +8,4 @@ Distribution=centos Repositories=epel epel-next hyperscale-packages-main + hyperscale-packages-experimental From c779261d1d84a4f5c2f649632e8a802ca2e37a7c Mon Sep 17 00:00:00 2001 From: pyfisch Date: Tue, 18 Jun 2024 22:22:15 +0200 Subject: [PATCH 03/41] Use consistent spelling of systemd.condition_first_boot argument (cherry picked from commit 051d462b42fe6c27824046c15cd3c84fa5afe05b) (cherry picked from commit 90b5cb35e9901947fca63d82e69b74b2df959258) --- man/machine-id.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/machine-id.xml b/man/machine-id.xml index e57a7c13b8c..aea3ad150be 100644 --- a/man/machine-id.xml +++ b/man/machine-id.xml @@ -124,7 +124,7 @@ are as follows: - The kernel command argument systemd.condition-first-boot= may be + The kernel command argument systemd.condition_first_boot= may be used to override the autodetection logic, see kernel-command-line7. From 0dd3463d92083a071c189e96d43017eeb9a7dcf0 Mon Sep 17 00:00:00 2001 From: Maximilian Wilhelm Date: Wed, 19 Jun 2024 13:41:39 +0200 Subject: [PATCH 04/41] man/systemd.exec: list inaccessible files for ProtectKernelTunables (cherry picked from commit 163bb43ceaa1e5bdcda27c4417339b3af9cf28af) (cherry picked from commit 3e435e970d157271b2378400cbc9c84610d38f06) --- man/systemd.exec.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 1e95a9491b9..ab046a2478b 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -2006,8 +2006,9 @@ BindReadOnlyPaths=/var/lib/systemd /proc/sys/, /sys/, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will - be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at - boot-time, for example with the + be made read-only and /proc/kallsyms as well as /proc/kcore will be + inaccessible to all processes of the unit. + Usually, tunable kernel variables should be initialized only at boot-time, for example with the sysctl.d5 mechanism. Few services need to write to these at runtime; it is hence recommended to turn this on for most services. For this setting the same restrictions regarding mount propagation and privileges apply as for From b15dda503e1cbf3d4a319cd2fc1c1de639c93dfc Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Wed, 19 Jun 2024 14:41:55 +0200 Subject: [PATCH 05/41] kernel-install: correct the place where it works in man and help text (cherry picked from commit 111f9889927d75b82264fcaf59b99b879a4a8a26) (cherry picked from commit a6906475be1357782bf60c4e5d2beff61f4e0c2a) --- man/kernel-install.xml | 8 ++++---- src/kernel-install/kernel-install.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/man/kernel-install.xml b/man/kernel-install.xml index c05176a5dc4..c7b220f6a81 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -18,7 +18,7 @@ kernel-install - Add and remove kernel and initrd images to and from /boot + Add and remove kernel and initrd images to and from the boot partition @@ -59,9 +59,9 @@ bootup7 for an explanation. - to and from the boot loader partition, referred to as $BOOT here. It will usually be - one of /boot/, /efi/, or /boot/efi/, see - below. + to and from the boot partition, referred to as $BOOT here. It will usually be one of + /boot/, /efi/, or /boot/efi/, see below. + kernel-install will run the executable files ("plugins") located in the directory /usr/lib/kernel/install.d/ and the local administration directory diff --git a/src/kernel-install/kernel-install.c b/src/kernel-install/kernel-install.c index 14ae1a84c5d..07e5c31116c 100644 --- a/src/kernel-install/kernel-install.c +++ b/src/kernel-install/kernel-install.c @@ -1519,7 +1519,7 @@ static int help(void) { return log_oom(); printf("%1$s [OPTIONS...] COMMAND ...\n\n" - "%5$sAdd and remove kernel and initrd images to and from /boot/%6$s\n" + "%5$sAdd and remove kernel and initrd images to and from the boot partition.%6$s\n" "\n%3$sUsage:%4$s\n" " kernel-install [OPTIONS...] add [[[KERNEL-VERSION] KERNEL-IMAGE] [INITRD ...]]\n" " kernel-install [OPTIONS...] add-all\n" From 4a44fb23230fa3dcdd26a30e89f254cdb1a41ab2 Mon Sep 17 00:00:00 2001 From: Johannes Schneider Date: Thu, 20 Jun 2024 12:32:18 +0200 Subject: [PATCH 06/41] meson: bpf: propagate 'sysroot' for cross compilation During cross-compilation of systemd, the compiler used to build the bpf's needs to be pointed at the correct include searchpath. Which can be done by passing the corresponding directory in through the cflags; for example in yocto/bitbake this would work: CFLAGS += "--sysroot=${STAGING_DIR_TARGET}" Signed-off-by: Johannes Schneider (cherry picked from commit b608bf5620765de20851eca55cbd6c42ce1af450) (cherry picked from commit 3174fae67beeae49f71eda09c9fa844316440522) --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index 15ad855a7f6..3d7b0d5fe69 100644 --- a/meson.build +++ b/meson.build @@ -1691,6 +1691,7 @@ if conf.get('BPF_FRAMEWORK') == 1 '-ffile-prefix-map=', '-fdebug-prefix-map=', '-fmacro-prefix-map=', + '--sysroot=', ] foreach opt : c_args From 9ae93452ac17bece8a2caa844feda8ff5b3b76ea Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Mon, 24 Jun 2024 18:26:15 +0200 Subject: [PATCH 07/41] core/exec-invoke: reopen OpenFile= fds with O_NOCTTY (cherry picked from commit b9c5d812d5132ea1d6a7146be80d41ae2ccb288e) (cherry picked from commit 0b909bf685c661027d1fdc59abcab77c06d62406) --- src/core/exec-invoke.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 24524fa0f1c..7c825e8b946 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -3721,7 +3721,7 @@ static int get_open_file_fd(const ExecContext *c, const ExecParameters *p, const else if (FLAGS_SET(of->flags, OPENFILE_TRUNCATE)) flags |= O_TRUNC; - fd = fd_reopen(ofd, flags | O_CLOEXEC); + fd = fd_reopen(ofd, flags|O_NOCTTY|O_CLOEXEC); if (fd < 0) return log_exec_error_errno(c, p, fd, "Failed to open file %s: %m", of->path); From 5dc2cf620ca6c77cab36047cafb744cba1399ee3 Mon Sep 17 00:00:00 2001 From: Eugeny Shcheglov Date: Mon, 24 Jun 2024 21:23:50 +0300 Subject: [PATCH 08/41] Fix typo in CAP_BPF description (#33464) description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around. (cherry picked from commit 1750e30d237e6d9cdebc6b546d0a26342828dbd1) (cherry picked from commit 8e775590f1b25d399fdffa0279a2e244d7afff23) --- src/analyze/analyze-security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 5f1b5e69705..e78356d240e 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -1252,8 +1252,8 @@ static const struct security_assessor security_assessor_table[] = { { .id = "CapabilityBoundingSet=~CAP_BPF", .json_field = "CapabilityBoundingSet_CAP_BPF", - .description_good = "Service may load BPF programs", - .description_bad = "Service may not load BPF programs", + .description_good = "Service may not load BPF programs", + .description_bad = "Service may load BPF programs", .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=", .weight = 25, .range = 1, From 99c707176c297d60a945a82f318c5daff0c53531 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 26 Jun 2024 15:43:28 +0200 Subject: [PATCH 09/41] util: make file_read() 64bit offset safe File offsets in UEFI are 64bit on all archs, hence let's use that typo too, and not create artificial confusion around types. (cherry picked from commit 9573ab8f5a1e2dfdb3542aa647868ff73ced7dd2) (cherry picked from commit 57661f4ea9b3f13b7395ad594f20c0bae14b6e27) --- src/boot/efi/util.c | 12 +++++++++++- src/boot/efi/util.h | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index e56ccfd8ae5..450b67ccfc4 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -330,7 +330,14 @@ EFI_STATUS chunked_read(EFI_FILE *file, size_t *size, void *buf) { return EFI_SUCCESS; } -EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, size_t off, size_t size, char **ret, size_t *ret_size) { +EFI_STATUS file_read( + EFI_FILE *dir, + const char16_t *name, + uint64_t off, + size_t size, + char **ret, + size_t *ret_size) { + _cleanup_(file_closep) EFI_FILE *handle = NULL; _cleanup_free_ char *buf = NULL; EFI_STATUS err; @@ -350,6 +357,9 @@ EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, size_t off, size_t siz if (err != EFI_SUCCESS) return err; + if (info->FileSize > SIZE_MAX) + return EFI_BAD_BUFFER_SIZE; + size = info->FileSize; } diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h index 0306e328103..9073097bf31 100644 --- a/src/boot/efi/util.h +++ b/src/boot/efi/util.h @@ -102,7 +102,7 @@ char16_t *xstr8_to_path(const char *stra); char16_t *mangle_stub_cmdline(char16_t *cmdline); EFI_STATUS chunked_read(EFI_FILE *file, size_t *size, void *buf); -EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, size_t off, size_t size, char **content, size_t *content_size); +EFI_STATUS file_read(EFI_FILE *dir, const char16_t *name, uint64_t off, size_t size, char **content, size_t *content_size); static inline void file_closep(EFI_FILE **handle) { if (!*handle) From 04c40acd51614f9e5996003be200e2c9043ed690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kamil=20Szcz=C4=99k?= Date: Tue, 25 Jun 2024 17:44:53 +0200 Subject: [PATCH 10/41] cryptsetup: improve TPM2 blob display Just a tiny change to fix an eyesore in cryptsetup luksDump display :) (cherry picked from commit 0828c6a2bf9aa40a6cf5fcb3d5650130c483ac8a) (cherry picked from commit 5911f1ec2568805fc820aa96560988f13a11e45e) --- .../cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index a76fd1c9b60..c11f37cf00e 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -237,7 +237,7 @@ _public_ void cryptsetup_token_dump( crypt_log(cd, "\ttpm2-pubkey:" CRYPT_DUMP_LINE_SEP "%s\n", pubkey_str); crypt_log(cd, "\ttpm2-pubkey-pcrs: %s\n", strna(pubkey_pcrs_str)); crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_asym_alg_to_string(primary_alg))); - crypt_log(cd, "\ttpm2-blob: %s\n", blob_str); + crypt_log(cd, "\ttpm2-blob: %s\n", blob_str); crypt_log(cd, "\ttpm2-policy-hash:" CRYPT_DUMP_LINE_SEP "%s\n", policy_hash_str); crypt_log(cd, "\ttpm2-pin: %s\n", true_false(flags & TPM2_FLAGS_USE_PIN)); crypt_log(cd, "\ttpm2-pcrlock: %s\n", true_false(flags & TPM2_FLAGS_USE_PCRLOCK)); From f0fb435df8c324f945d1da9874a1b429ef9fb639 Mon Sep 17 00:00:00 2001 From: Florian Schmaus Date: Wed, 26 Jun 2024 14:37:52 +0200 Subject: [PATCH 11/41] core/exec-invoke: use sched_setattr instead of sched_setscheduler The kernel's sched_setattr interface allows for more control over a processes scheduling attributes as the previously used sched_setscheduler interface. Using sched_setattr is also the prerequisite for support of utilization clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter, sched_runtime, will probably become a relevant scheduling parameter of the EEVDF scheduler [2, 3], and therefore will not only apply to processes scheduled via SCHED_DEADLINE, but also for processes scheduled via SCHED_OTHER/SCHED_BATCH (i.e., most processes). 1: https://docs.kernel.org/next/scheduler/sched-util-clamp.html 2: https://lwn.net/Articles/969062/ 3: https://lwn.net/ml/linux-kernel/20240405110010.934104715@infradead.org/ (cherry picked from commit 016e9d8d08ce66f5e81b42e0a0db398afc17336a) (cherry picked from commit fb7ec285c98d9eeaa69d1efda3e450e6f7207e57) --- meson.build | 3 +++ src/basic/missing_sched.h | 18 ++++++++++++++++++ src/basic/missing_syscall.h | 17 +++++++++++++++++ src/core/exec-invoke.c | 13 +++++++------ 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/meson.build b/meson.build index 3d7b0d5fe69..aa21b3c549e 100644 --- a/meson.build +++ b/meson.build @@ -524,6 +524,7 @@ decl_headers = ''' #include #include #include +#include ''' foreach decl : ['char16_t', @@ -531,6 +532,7 @@ foreach decl : ['char16_t', 'struct mount_attr', 'struct statx', 'struct dirent64', + 'struct sched_attr', ] # We get -1 if the size cannot be determined @@ -578,6 +580,7 @@ foreach ident : [ #include '''], # no known header declares pivot_root ['ioprio_get', '''#include '''], # no known header declares ioprio_get ['ioprio_set', '''#include '''], # no known header declares ioprio_set + ['sched_setattr', '''#include '''], # no known header declares sched_setattr ['name_to_handle_at', '''#include #include #include '''], diff --git a/src/basic/missing_sched.h b/src/basic/missing_sched.h index bcd5b771206..fbf18c315fc 100644 --- a/src/basic/missing_sched.h +++ b/src/basic/missing_sched.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once +#include #include #ifndef CLONE_NEWCGROUP @@ -24,3 +25,20 @@ #ifndef TASK_COMM_LEN #define TASK_COMM_LEN 16 #endif + +#if !HAVE_STRUCT_SCHED_ATTR +struct sched_attr { + __u32 size; /* Size of this structure */ + __u32 sched_policy; /* Policy (SCHED_*) */ + __u64 sched_flags; /* Flags */ + __s32 sched_nice; /* Nice value (SCHED_OTHER, + SCHED_BATCH) */ + __u32 sched_priority; /* Static priority (SCHED_FIFO, + SCHED_RR) */ + /* Remaining fields are for SCHED_DEADLINE + and potentially soon for SCHED_OTHER/SCHED_BATCH */ + __u64 sched_runtime; + __u64 sched_deadline; + __u64 sched_period; +}; +#endif diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h index 86280771c49..e2cd8b4e356 100644 --- a/src/basic/missing_syscall.h +++ b/src/basic/missing_syscall.h @@ -22,6 +22,7 @@ #include "macro.h" #include "missing_keyctl.h" +#include "missing_sched.h" #include "missing_stat.h" #include "missing_syscall_def.h" @@ -667,6 +668,22 @@ static inline ssize_t missing_getdents64(int fd, void *buffer, size_t length) { /* ======================================================================= */ +#if !HAVE_SCHED_SETATTR + +static inline ssize_t missing_sched_setattr(pid_t pid, struct sched_attr *attr, unsigned int flags) { +# if defined __NR_sched_setattr + return syscall(__NR_sched_setattr, pid, attr, flags); +# else + errno = ENOSYS; + return -1; +# endif +} + +# define sched_setattr missing_sched_setattr +#endif + +/* ======================================================================= */ + /* glibc does not provide clone() on ia64, only clone2(). Not only that, but it also doesn't provide a * prototype, only the symbol in the shared library (it provides a prototype for clone(), but not the * symbol in the shared library). */ diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 7c825e8b946..32373ed0c2d 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include #include #include #include @@ -43,6 +44,7 @@ #include "iovec-util.h" #include "missing_ioprio.h" #include "missing_prctl.h" +#include "missing_sched.h" #include "missing_securebits.h" #include "missing_syscall.h" #include "mkdir-label.h" @@ -4286,15 +4288,14 @@ int exec_invoke( } if (context->cpu_sched_set) { - struct sched_param param = { + struct sched_attr attr = { + .size = sizeof(attr), + .sched_policy = context->cpu_sched_policy, .sched_priority = context->cpu_sched_priority, + .sched_flags = context->cpu_sched_reset_on_fork ? SCHED_FLAG_RESET_ON_FORK : 0, }; - r = sched_setscheduler(0, - context->cpu_sched_policy | - (context->cpu_sched_reset_on_fork ? - SCHED_RESET_ON_FORK : 0), - ¶m); + r = sched_setattr(/* pid= */ 0, &attr, /* flags= */ 0); if (r < 0) { *exit_status = EXIT_SETSCHEDULER; return log_exec_error_errno(context, params, errno, "Failed to set up CPU scheduling: %m"); From 1f21f1c1a61a91e253bedfacac05a89ec84fcdc0 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 26 Jun 2024 18:11:30 +0200 Subject: [PATCH 12/41] mountpoint-util: do not assume symlinks are not mountpoints They very much can be with the new mount API. (cherry picked from commit 36e48f22af102843b6cceeda5a2292e57434d2ee) (cherry picked from commit 99cb4bdbbb15f3812de7f0fd161f91335000790d) --- src/basic/mountpoint-util.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c index 9897ca0aa67..51fbe4ed843 100644 --- a/src/basic/mountpoint-util.c +++ b/src/basic/mountpoint-util.c @@ -231,8 +231,6 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { /* If statx() is not available or forbidden, fall back to name_to_handle_at() below */ } else if (FLAGS_SET(sx.stx_attributes_mask, STATX_ATTR_MOUNT_ROOT)) /* yay! */ return FLAGS_SET(sx.stx_attributes, STATX_ATTR_MOUNT_ROOT); - else if (FLAGS_SET(sx.stx_mask, STATX_TYPE) && S_ISLNK(sx.stx_mode)) - return false; /* symlinks are never mount points */ r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags); if (r < 0) { @@ -311,8 +309,6 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { flags |= AT_SYMLINK_NOFOLLOW; if (fstatat(fd, filename, &a, flags) < 0) return -errno; - if (S_ISLNK(a.st_mode)) /* Symlinks are never mount points */ - return false; if (isempty(filename)) r = fstatat(fd, "..", &b, 0); From b9c4100d84f66cefc8b3de76eada6e9ea6bb317b Mon Sep 17 00:00:00 2001 From: Giovanni Baratta Date: Thu, 27 Jun 2024 13:35:12 +0200 Subject: [PATCH 13/41] man/tmpfiles: remove outdated behavior regarding symlink ownership Update the man page of tmpfiles.d to remove outdated comments regarding the behavior of ownership with symlinks. The behavior has been changed in this commit 51207ca134716a0dee5fd763a6c39204be849eb1 (cherry picked from commit d108198f395fde05d94fc75d8581af4aa0de7e4a) (cherry picked from commit 2f455914f7bfe06fd6423ea054458db61d2cc2e1) --- man/tmpfiles.d.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 971b7e6a9e9..2f5af8aa614 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -303,7 +303,7 @@ L /tmp/foobar - - - - /dev/null argument is omitted, symlinks to files with the same name residing in the directory /usr/share/factory/ are created. Note - that permissions and ownership on symlinks are ignored. + that permissions on symlinks are ignored. @@ -589,8 +589,8 @@ w- /proc/sys/vm/swappiness - - - - 10 systemd-tmpfiles8 is used. For z and Z lines, when omitted or when set to -, the file ownership will not be modified. These parameters are ignored for - x, r, R, L, - t, and a lines. + x, r, R, t, + and a lines. This field should generally only reference system users/groups, i.e. users/groups that are guaranteed to be resolvable during early boot. If this field references users/groups that only become From 0f8c2fc5be61ba9432f7f6e8da29eb3f4b2284e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 30 May 2024 11:33:20 +0200 Subject: [PATCH 14/41] TEST-58-REPART: reverse order of diff args I expect the test output to be the second argument, so we're diffing "expected" and "output", not the other way around. I noticed this when working on https://github.com/systemd/systemd/pull/33081. (cherry picked from commit 6bb3ea655d08c0602c99ccd2a580ba102fd19114) (cherry picked from commit 9663bb74100dd79c1e4e9c6b2377ea1b817ddee5) --- test/units/testsuite-58.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh index 20d4bda84ee..d875461721d 100755 --- a/test/units/testsuite-58.sh +++ b/test/units/testsuite-58.sh @@ -423,7 +423,7 @@ EOF --json=pretty \ "$imgs/zzz") - diff -u <(echo "$output") - < Date: Fri, 28 Jun 2024 13:22:40 +0200 Subject: [PATCH 15/41] LICENSES/README: expand text to summarize state for binaries and libs We would say how *sources* are licensed, but actually most user care about the resulting binaries. So say how the *binaries* are licensed. I used the word "effectively" because the permissive licenses don't set any requirements on the binaries, so the license of sources is a complex mix, but the resulting binaries have a simple effective license. Also, make it clear that the GPLv2 license applies to udev programs, but not the shared library. Based on private correspondence, there's some confusion about this. (cherry picked from commit bd7236912f373e0a06a1b0395000ec67d96767af) (cherry picked from commit fb747bd8cdcbeb55f9ef3c62289fff8ff5a25b68) --- LICENSES/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/LICENSES/README.md b/LICENSES/README.md index e4c9fd6c34a..16a53386e55 100644 --- a/LICENSES/README.md +++ b/LICENSES/README.md @@ -13,7 +13,14 @@ The 'LICENSES/' directory contains all the licenses used by the sources included the systemd project source tree. Unless otherwise noted, the systemd project sources are licensed under the terms -and conditions of the **GNU Lesser General Public License v2.1 or later**. +and conditions of +**LGPL-2.1-or-later** (**GNU Lesser General Public License v2.1 or later**). + +Unless otherwise noted, compiled programs and all shared or static libraries +include sources under **LGPL-2.1-or-later** along with more permissive +licenses, and are effectively licensed **LGPL-2.1-or-later**. +systemd-udevd and other udev helper programs also include sources under +**GPL-2.0-or-later**, and are effectively licensed **GPL-2.0-or-later**. New sources that cannot be distributed under LGPL-2.1-or-later will no longer be accepted for inclusion in the systemd project to maintain license uniformity. @@ -22,8 +29,9 @@ be accepted for inclusion in the systemd project to maintain license uniformity. The following exceptions apply: - * some udev sources under src/udev/ are licensed under **GPL-2.0-or-later**, so the - udev binaries as a whole are also distributed under **GPL-2.0-or-later**. + * some sources under src/udev/ are licensed under **GPL-2.0-or-later**, + so all udev programs (`systemd-udevd`, `udevadm`, and the udev builtins + and test programs) are also distributed under **GPL-2.0-or-later**. * the header files contained in src/basic/linux/ and src/shared/linux/ are copied verbatim from the Linux kernel source tree and are licensed under **GPL-2.0 WITH Linux-syscall-note** and are used within the scope of the Linux-syscall-note From a5510f73a3637f81353fa5c742a6eaac8c945fc8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Jun 2024 14:20:34 +0200 Subject: [PATCH 16/41] TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic When running the test on aarch64 the symlinks look as follows: """ [root@H ~]# ls /dev/disk/by-path platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0 platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part1 platform-4010000000.pcie-pci-0000:00:05.0-nvme-16 platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part2 platform-4010000000.pcie-pci-0000:00:05.0-nvme-17 """ So let's make the PCI patterns a little more generic so they match both the x86 and the aarch64 paths. (cherry picked from commit 72d121b60174b825bf1390958eb1b55f34c5ff5b) (cherry picked from commit dc0167b674bc6b555c25f374719c818bc6ad1416) --- test/units/testsuite-64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh index f41cc7fdc2b..dc3a87b7324 100755 --- a/test/units/testsuite-64.sh +++ b/test/units/testsuite-64.sh @@ -231,8 +231,8 @@ testcase_nvme_subsystem() { /dev/disk/by-id/nvme-QEMU_NVMe_Ctrl_deadbeef_16 /dev/disk/by-id/nvme-QEMU_NVMe_Ctrl_deadbeef_17 # Shared namespaces - /dev/disk/by-path/pci-*-nvme-16 - /dev/disk/by-path/pci-*-nvme-17 + /dev/disk/by-path/*pci*-nvme-16 + /dev/disk/by-path/*pci*-nvme-17 ) udevadm wait --settle --timeout=30 "${expected_symlinks[@]}" From b2a6b2419ed373d5900cb7a5488bedf19908c6fb Mon Sep 17 00:00:00 2001 From: James Coglan Date: Fri, 28 Jun 2024 13:41:31 +0100 Subject: [PATCH 17/41] resolved: allow the full TTL to be used by OPT records Whereas RFC 1035 says the TTL field takes the "positive values of a signed 32 bit number", and RFC 2181 says "Implementations should treat TTL values received with the most significant bit set as if the entire value received was zero,", the dns_packet_read_rr() function sets rr->ttl to zero if the MSB is set. However, EDNS(0) as specified in RFC 6891 repurposes the TTL field's 4 octets to store other information, c.f.: +0 (MSB) +1 (LSB) +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 0: | EXTENDED-RCODE | VERSION | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 2: | DO| Z | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ The first octet extends the usual 4-bit RCODE from the packet header by providing an additional 8 bits of space, extending the RCODE to 12 bits. But, our handling of the TTL field means that the high bit in the first octet is not actually usable, since setting it will mean these 4 octets are replaced with 0. This may have the effect of making us believe a server does not support DNSSEC when it actually set the DO bit in its OPT record. Here we change things so that the TTL is only set to zero for record types other than OPT. (cherry picked from commit 131787979c700becaf6ec24a810658d1313587cc) (cherry picked from commit 6ead24fcac878b3623408ecb1a05d07f29c4c04c) --- src/resolve/resolved-dns-packet.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 426711b0616..a4401d860a7 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -1719,9 +1719,9 @@ int dns_packet_read_rr( if (r < 0) return r; - /* RFC 2181, Section 8, suggests to - * treat a TTL with the MSB set as a zero TTL. */ - if (rr->ttl & UINT32_C(0x80000000)) + /* RFC 2181, Section 8, suggests to treat a TTL with the MSB set as a zero TTL. We avoid doing this + * for OPT records so that all 8 bits of the extended RCODE may be used .*/ + if (key->type != DNS_TYPE_OPT && rr->ttl & UINT32_C(0x80000000)) rr->ttl = 0; r = dns_packet_read_uint16(p, &rdlength, NULL); From 9edd47a371cf23df4362cb37f9a8fe1bb2917c8f Mon Sep 17 00:00:00 2001 From: James Coglan Date: Fri, 28 Jun 2024 13:58:22 +0100 Subject: [PATCH 18/41] resolved: correct parsing of OPT extended RCODEs The DNS_PACKET_RCODE() function works out the full RCODE by taking the first octet from the OPT record TTL field and bitwise-OR-ing this with the basic RCODE from the packet header. This results in RCODE values being lower than they should be. For example, if the first TTL octet is 0x7a and the basic RCODE is 3, this function currently returns `0x7a | 3` = 123, rather than 0x7a3 = 1955. The first TTL octet is supposed to form the upper 8 bits of a 12-bit value, whereas the current implementation constraints the value to 8 bits and results in mis-interpreted RCODEs. This fixes things by shifting the TTL 20 places instead of 24 and masking off the low nibble that comes from the upper bits of the version octet. Note that dns_packet_append_opt() correctly converts the input RCODE into the high octet of the OPT TTL field; this problem only affects parsing of incoming packets. (cherry picked from commit c40f3714c9a4d1f2bcd308625c9c835892e3d41c) (cherry picked from commit 7ee60a86140ebe3e60858ef3c4e749dcd2e7fd21) --- src/resolve/resolved-dns-packet.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index a6af44c6ec0..5a5ef13c8d5 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -117,7 +117,7 @@ static inline uint16_t DNS_PACKET_RCODE(DnsPacket *p) { uint16_t rcode; if (p->opt) - rcode = (uint16_t) (p->opt->ttl >> 24); + rcode = (uint16_t) ((p->opt->ttl >> 20) & 0xFF0); else rcode = 0; From 08249adaba3fccd636c2bc3d4c9dca71b36b193c Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Fri, 28 Jun 2024 15:32:33 +0200 Subject: [PATCH 19/41] core/unit: follow merged units before updating SourcePath= timestamp too Currently, we only follow merged units for unit_load_dropin() call. But if the unit is an alias, we should always perform operations on the "canonical" unit. (cherry picked from commit 740cd1e0f2ae5cc1a10d2111d63cc4e975761091) (cherry picked from commit 86d47d63b01c1910f8f186668948f0dc7b80db37) --- src/core/unit.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/unit.c b/src/core/unit.c index 2fc9f5ad2d3..753fbe3b7f5 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1457,11 +1457,13 @@ int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) { u->load_state = UNIT_LOADED; } + u = unit_follow_merge(u); + /* Load drop-in directory data. If u is an alias, we might be reloading the * target unit needlessly. But we cannot be sure which drops-ins have already * been loaded and which not, at least without doing complicated book-keeping, * so let's always reread all drop-ins. */ - r = unit_load_dropin(unit_follow_merge(u)); + r = unit_load_dropin(u); if (r < 0) return r; From ad0c6e88f679ed2a863798548f9b914a8846c6ce Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Fri, 28 Jun 2024 19:36:50 +0200 Subject: [PATCH 20/41] repart: Log more about filesystem sector size (cherry picked from commit 0e445aaa8553ff4ddf8330913260e5f167b1690d) (cherry picked from commit 3c88c94432128a167f61323f821dee277aba6171) --- src/partition/repart.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/partition/repart.c b/src/partition/repart.c index 6a71e9786ff..0f97f823a54 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -2348,8 +2348,10 @@ static int context_load_partition_table(Context *context) { /* If we found the sector size and we're operating on a block device, use it as the file * system sector size as well, as we know its the sector size of the actual block device and * not just the offset at which we found the GPT header. */ - if (r > 0 && S_ISBLK(st.st_mode)) + if (r > 0 && S_ISBLK(st.st_mode)) { + log_debug("Probed sector size of %s is %" PRIu32 " bytes.", context->node, ssz); fs_secsz = ssz; + } } r = fdisk_save_user_sector_size(c, /* phy= */ 0, ssz); @@ -2413,7 +2415,7 @@ static int context_load_partition_table(Context *context) { * larger */ grainsz = secsz < 4096 ? 4096 : secsz; - log_debug("Sector size of device is %lu bytes. Using grain size of %" PRIu64 ".", secsz, grainsz); + log_debug("Sector size of device is %lu bytes. Using filesystem sector size of %" PRIu64 " and grain size of %" PRIu64 ".", secsz, fs_secsz, grainsz); switch (arg_empty) { From d520833fd84a9ddab25ef26c22bb9b74ad67e052 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 29 Jun 2024 15:36:28 +0200 Subject: [PATCH 21/41] repart: Don't set filesystem sector size to 512 We want to use 4K as the default sector size for filesystems so they don't have to be regenerated to work on 512, 2048 or 4096 sector sizes. (cherry picked from commit d34361149f897eac5c6a41854fa4edca4804b49b) (cherry picked from commit e34f436433cfce10d01d31569f74f0ad96d5a938) --- src/partition/repart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/partition/repart.c b/src/partition/repart.c index 0f97f823a54..cff44f74171 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -2338,7 +2338,7 @@ static int context_load_partition_table(Context *context) { if (IN_SET(arg_empty, EMPTY_REQUIRE, EMPTY_FORCE, EMPTY_CREATE) && S_ISREG(st.st_mode)) /* Don't probe sector size from partition table if we are supposed to strat from an empty disk */ - fs_secsz = ssz = 512; + ssz = 512; else { /* Auto-detect sector size if not specified. */ r = probe_sector_size_prefer_ioctl(context->backing_fd, &ssz); From ad88bc851ec198768cb9c3265a508188d5be9bf7 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 29 Jun 2024 15:27:02 +0200 Subject: [PATCH 22/41] mkfs-util: Set sector size for btrfs as well btrfs used to default the sector size to the page size and didn't support anything else. Since 6.7, it defaults to 4K and using 4K makes the filesystem compatible with all page sizes. So let's make sure we use minimum 4K as well (lower causes failures on systems with a 4K page size) but still allow larger sector sizes if specified by the user. (cherry picked from commit 03c9e88fb7eb8973477c33aa63dc6bcf0cab52c9) (cherry picked from commit 24987eb3cc175dd4e5cfaab5abe6da02b64104bc) --- src/shared/mkfs-util.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/shared/mkfs-util.c b/src/shared/mkfs-util.c index 4e58b6e871e..74c68370fb9 100644 --- a/src/shared/mkfs-util.c +++ b/src/shared/mkfs-util.c @@ -466,6 +466,15 @@ int make_filesystem( if (quiet) stdio_fds[1] = -EBADF; + if (sector_size > 0) { + if (strv_extend(&argv, "--sectorsize") < 0) + return log_oom(); + + /* mkfs.btrfs expects a sector size of at least 4k bytes. */ + if (strv_extendf(&argv, "%"PRIu64, MAX(sector_size, UINT64_C(4) * UINT64_C(1024))) < 0) + return log_oom(); + } + } else if (streq(fstype, "f2fs")) { argv = strv_new(mkfs, "-g", /* "default options" */ From adc005d7502dac1057a7a04ca9097e86874068b5 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sat, 29 Jun 2024 18:31:23 +0100 Subject: [PATCH 23/41] core: try again bind mounting if the destination was already created If the destination mount point is on a shared filesystem and is missing on the first attempt, we try to create it, but then fail with -EEXIST if something else created it in the meanwhile. Enter the retry logic on EEXIST, as we can just use the mount point if it was already created. Fixes https://github.com/systemd/systemd/issues/29690 (cherry picked from commit c3f0f6f8bd812fee4b2ab658a5cc9ac9167d387d) (cherry picked from commit df990be91348f847f31da8d02d3ee2fbcb946c30) --- src/core/namespace.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index 88681aa31ff..4ec38a3ea93 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1687,11 +1687,11 @@ static int apply_one_mount( (void) mkdir_parents(mount_entry_path(m), 0755); q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); - if (q < 0) { - if (q != -EEXIST) // FIXME: this shouldn't be logged at LOG_WARNING, but be bubbled up, and logged there to avoid duplicate logging - log_warning_errno(q, "Failed to create destination mount point node '%s', ignoring: %m", - mount_entry_path(m)); - } else + if (q < 0 && q != -EEXIST) + // FIXME: this shouldn't be logged at LOG_WARNING, but be bubbled up, and logged there to avoid duplicate logging + log_warning_errno(q, "Failed to create destination mount point node '%s', ignoring: %m", + mount_entry_path(m)); + else try_again = true; } From 7ae42f5cd35233931c5827ac8812eeb5fb694cc3 Mon Sep 17 00:00:00 2001 From: rhellstrom <97554405+rhellstrom@users.noreply.github.com> Date: Thu, 27 Jun 2024 11:00:00 +0300 Subject: [PATCH 24/41] Conditional PSI check to reflect changes done in 5.13 cpu.pressure 'full' is undefined for system-wide checks since 5.13 but still reported with values set to 0 for backwards compatibility. Made changes to reflect this for system-wide checks so that the conditional comparison is not made against the 0 value and instead fall back to 'some'. https://www.kernel.org/doc/html/latest/accounting/psi.html (cherry picked from commit 98b1ecc9175a8bb241292f6f441a754b6759dd97) (cherry picked from commit c2f74defaad3c2d0eb114d3f5aeded07890d9989) --- src/shared/condition.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/shared/condition.c b/src/shared/condition.c index d3446e8a9da..3b7436c1d79 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -1009,6 +1009,7 @@ static int condition_test_psi(Condition *c, char **env) { loadavg_t *current, limit; ResourcePressure pressure; int r; + PressureType preferred_pressure_type = PRESSURE_TYPE_FULL; assert(c); assert(c->parameter); @@ -1029,6 +1030,10 @@ static int condition_test_psi(Condition *c, char **env) { return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter); /* If only one parameter is passed, then we look at the global system pressure rather than a specific cgroup. */ if (r == 1) { + /* cpu.pressure 'full' is reported but undefined at system level */ + if(c->type == CONDITION_CPU_PRESSURE) + preferred_pressure_type = PRESSURE_TYPE_SOME; + pressure_path = path_join("/proc/pressure", pressure_type); if (!pressure_path) return log_oom_debug(); @@ -1133,8 +1138,9 @@ static int condition_test_psi(Condition *c, char **env) { if (r < 0) return log_debug_errno(r, "Failed to parse loadavg: %s", c->parameter); - r = read_resource_pressure(pressure_path, PRESSURE_TYPE_FULL, &pressure); - if (r == -ENODATA) /* cpu.pressure 'full' was added recently, fall back to 'some'. */ + r = read_resource_pressure(pressure_path, preferred_pressure_type, &pressure); + /* cpu.pressure 'full' was recently added at cgroup level, fall back to 'some' */ + if (r == -ENODATA && preferred_pressure_type == PRESSURE_TYPE_FULL) r = read_resource_pressure(pressure_path, PRESSURE_TYPE_SOME, &pressure); if (r == -ENOENT) { /* We already checked that /proc/pressure exists, so this means we were given a cgroup From 44bdbe2675dc8abdc7d9a716829be77ca0f34818 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 1 Jul 2024 18:06:45 +0200 Subject: [PATCH 25/41] test: install /etc/hosts Needed for resolving the "localhost" hostname. (cherry picked from commit a09825ce9fb3bd315f35654b6e6ee4f92c675cde) (cherry picked from commit 4f7d6885a12c0e5e27a9d29f9ef09fb2fa53d6ef) --- test/test-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test-functions b/test/test-functions index 98d0b116498..91d87f8b733 100644 --- a/test/test-functions +++ b/test/test-functions @@ -2047,6 +2047,7 @@ EOF install_config_files() { dinfo "Install config files" inst /etc/sysconfig/init || : + inst /etc/hosts || : inst /etc/passwd inst /etc/shadow inst_any /etc/login.defs /usr/etc/login.defs From e84e75233f73a1e75a1ed59dae0d2e584945076b Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 2 Jul 2024 10:33:29 +0200 Subject: [PATCH 26/41] test: fix TEST-24-CRYPTSETUP on SUSE /etc/systemd/journald.conf.d drop-in dir already exists on SUSE. (cherry picked from commit 56a894e888002f44f3463b3188f9d5abdcca4bb0) (cherry picked from commit 10b7e0a0afc31dc6a3cc30fca3a276449a60ec7d) --- test/TEST-24-CRYPTSETUP/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh index 4ace177f1fd..ebfb13d1998 100755 --- a/test/TEST-24-CRYPTSETUP/test.sh +++ b/test/TEST-24-CRYPTSETUP/test.sh @@ -72,7 +72,7 @@ EOF # Forward journal messages to the console, so we have something to investigate even if we fail to mount # the encrypted /var - mkdir "$initdir/etc/systemd/journald.conf.d/" + mkdir -p "$initdir/etc/systemd/journald.conf.d/" echo -ne "[Journal]\nForwardToConsole=yes\n" >"$initdir/etc/systemd/journald.conf.d/99-forward.conf" # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt From 4eefd0b80d40fcd5b88ab8534ff07d05740d9755 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 2 Jul 2024 19:20:01 +0200 Subject: [PATCH 27/41] docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type Addresses https://github.com/systemd/systemd/pull/33567#discussion_r1662818225 (cherry picked from commit 4b7249111a4c1d366f476bdbd6e03f7893eb9d42) (cherry picked from commit 3c91ea49d249cda6e1fa84b53a42dee6d83339da) --- docs/CODING_STYLE.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md index b4e88c99df2..164ab10d271 100644 --- a/docs/CODING_STYLE.md +++ b/docs/CODING_STYLE.md @@ -54,6 +54,18 @@ SPDX-License-Identifier: LGPL-2.1-or-later } ``` +- Function return types should be seen/written as whole, i.e. write this: + + ```c + const char* foo(const char *input); + ``` + + instead of this: + + ```c + const char *foo(const char *input); + ``` + - Single-line `if` blocks should not be enclosed in `{}`. Write this: ```c @@ -180,7 +192,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later ```c static int foobar_frobnicate( - Foobar* object, /* the associated mutable object */ + Foobar *object, /* the associated mutable object */ const char *input, /* immutable input parameter */ char **ret_frobnicated) { /* return parameter */ … From 4b78d4bfa24204c6b3eab79ed61bff8d3f67458b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 26 Jun 2024 15:35:30 +0200 Subject: [PATCH 28/41] docs: Add section to HACKING.md on distribution packages (cherry picked from commit 17ef81a764995dfd0f43daf34dcf2ab04806e760) (cherry picked from commit 0a97db87893e706011f0ed7e522a42fcd3767ac4) --- docs/HACKING.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/docs/HACKING.md b/docs/HACKING.md index 45334d8c811..b072b5c65fd 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -100,6 +100,50 @@ $ meson test -C build Happy hacking! +## Building distribution packages with mkosi + +To build distribution packages for a specific distribution and release without +building an actual image, the following command can be used: + +```sh +mkosi -d -r -t none -f +``` + +Afterwards the distribution packages will be located in `build/mkosi.output`. To +also build debuginfo packages, the following command can be used: + +```sh +mkosi -d -r -E WITH_DEBUG=1 -t none -f +``` + +To upgrade the systemd packages on the host system to the newer versions built +by mkosi, run the following: + +```sh +dnf upgrade build/mkosi.output/*.rpm # Fedora/CentOS +# TODO: Other distributions +``` + +To downgrade back to the old version shipped by the distribution, run the +following: + +```sh +dnf downgrade "systemd*" # Fedora/CentOS +# TODO: Other distributions +``` + +Additionally, for each pull request, the built distribution packages are +attached as CI artifacts to the pull request CI jobs, which means that users can +download and install them to test out if a pull request fixes the issue that +they reported. To download the packages from a pull request, click on the +`Checks` tab. Then click on the `mkosi` workflow in the list of workflows on the +left of the `Checks` page. Finally, scroll down to find the list of CI +artifacts. In this list of artifacts you can find artifacts containing +distribution packages. To install these, download the artifact which is a zip +archive, extract the zip archive to access the individual packages, and install +them with your package manager in the same way as described above for packages +that were built locally. + ## Templating engines in .in files Some source files are generated during build. We use two templating engines: From 3fc564f7a543779b13d818713dec7cac71f32b1c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 2 Jul 2024 15:28:47 +0100 Subject: [PATCH 29/41] coredump: correctly take tmpfs size into account for compression We calculate the amount of uncompressed data we can write by taking the limits into account and halving it to ensure there's room for switching to compression on the fly when storing cores on a tmpfs (eg: due read-only rootfs). But the logic is flawed, as taking into account the size of the tmpfs storage was applied after the halving, so in practice when an uncompressed core file was larger than the tmpfs, we fill it and then fail. Rearrange the logic so that the halving is done after taking into account the tmpfs size. (cherry picked from commit e6b2508275aac2951aedfc842735d8ebc29850bb) (cherry picked from commit a946258e9df627c675d13b2041ae186babf269dc) --- src/coredump/coredump.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index 32c17664fd8..f4adb325881 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -503,17 +503,21 @@ static int save_external_coredump( bus_error_message(&error, r)); } + /* First, ensure we are not going to go over the cgroup limit */ max_size = MIN(cgroup_limit, max_size); - max_size = LESS_BY(max_size, 1024U) / 2; /* Account for 1KB metadata overhead for compressing */ - max_size = MAX(PROCESS_SIZE_MIN, max_size); /* Impose a lower minimum */ - - /* tmpfs might get full quickly, so check the available space too. - * But don't worry about errors here, failing to access the storage - * location will be better logged when writing to it. */ + /* tmpfs might get full quickly, so check the available space too. But don't worry about + * errors here, failing to access the storage location will be better logged when writing to + * it. */ if (fstatvfs(fd, &sv) >= 0) max_size = MIN((uint64_t)sv.f_frsize * (uint64_t)sv.f_bfree, max_size); - - log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup memory limits.", max_size); + /* Impose a lower minimum, otherwise we will miss the basic headers. */ + max_size = MAX(PROCESS_SIZE_MIN, max_size); + /* Ensure we can always switch to compressing on the fly in case we are running out of space + * by keeping half of the space/memory available, plus 1KB metadata overhead from the + * compression algorithm. */ + max_size = LESS_BY(max_size, 1024U) / 2; + + log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup and/or filesystem limits.", max_size); } r = copy_bytes(input_fd, fd, max_size, 0); From 128f05ecda6879e322add3bb2eb2b6ee98338d38 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 2 Jul 2024 17:50:57 +0200 Subject: [PATCH 30/41] meson: Define __TARGET_ARCH macros required by bpf These are required by the bpf_tracing.h header in libbpf, see https://github.com/libbpf/libbpf/blob/master/src/bpf_tracing.h. bpf_tracing.h does have a few fallbacks in case __TARGET_ARCH_XXX is not defined but recommends using the __TARGET_ARCH macros instead so let's do that. (cherry picked from commit 48d6dad100d0b42c02aa21d897e913461f6b3cc3) (cherry picked from commit 399e78855324b3424bbbbbe8e2a3b31e75570ec6) --- meson.build | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/meson.build b/meson.build index aa21b3c549e..60092109238 100644 --- a/meson.build +++ b/meson.build @@ -1714,15 +1714,15 @@ if conf.get('BPF_FRAMEWORK') == 1 # C.f. https://mesonbuild.com/Reference-tables.html#cpu-families # and src/basic/missing_syscall_def.h. cpu_arch_defines = { - 'ppc' : ['-D__powerpc__'], - 'ppc64' : ['-D__powerpc64__', '-D_CALL_ELF=2'], - 'riscv32' : ['-D__riscv', '-D__riscv_xlen=32'], - 'riscv64' : ['-D__riscv', '-D__riscv_xlen=64'], - 'x86' : ['-D__i386__'], - 's390x' : ['-D__s390__', '-D__s390x__'], + 'ppc' : ['-D__powerpc__', '-D__TARGET_ARCH_powerpc'], + 'ppc64' : ['-D__powerpc64__', '-D__TARGET_ARCH_powerpc', '-D_CALL_ELF=2'], + 'riscv32' : ['-D__riscv', '-D__riscv_xlen=32', '-D__TARGET_ARCH_riscv'], + 'riscv64' : ['-D__riscv', '-D__riscv_xlen=64', '-D__TARGET_ARCH_riscv'], + 'x86' : ['-D__i386__', '-D__TARGET_ARCH_x86'], + 's390x' : ['-D__s390__', '-D__s390x__', '-D__TARGET_ARCH_s390'], # For arm, assume hardware fp is available. - 'arm' : ['-D__arm__', '-D__ARM_PCS_VFP'], + 'arm' : ['-D__arm__', '-D__ARM_PCS_VFP', '-D__TARGET_ARCH_arm'], } bpf_arch_flags = cpu_arch_defines.get(host_machine.cpu_family(), From 6716cb982d81766976b2966d57deb3f1005637ae Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 2 Jul 2024 18:08:06 +0200 Subject: [PATCH 31/41] core/dbus-manager: refuse SoftReboot() for user managers Otherwise, busctl --user call ... SoftReboot results in user manager broadcasting signal and initiating soft-reboot... (cherry picked from commit 236cd4854657745e1a59b224a191a232a476527e) (cherry picked from commit efc44e0c3eab9d502e472de484ddb8a29d559fab) --- src/core/dbus-manager.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index b33711e22e7..03ccb6b0f2f 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1723,6 +1723,10 @@ static int method_soft_reboot(sd_bus_message *message, void *userdata, sd_bus_er assert(message); + if (!MANAGER_IS_SYSTEM(m)) + return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Soft reboot is only supported by system manager."); + r = verify_run_space_permissive("soft reboot may fail", error); if (r < 0) return r; From cec945d56adc47b2414fb1431ec012acdbafa188 Mon Sep 17 00:00:00 2001 From: Brenton Simpson Date: Wed, 3 Jul 2024 15:40:26 +0200 Subject: [PATCH 32/41] boot: cover for hardware keys on phones/tablets The patch is originally from Brenton Simpson, I (Lennart) just added some comments and rebased it. I didn't test this, but the patch looks so obviously right to me, that I think we should just merge it, instead of delaying this further. In the worst case noone notices, in the best case this makes sd-boot work reasonably nicely on devices that only have a hadware power key + volume rocker. Fixes: #30598 Replaces: #31135 (cherry picked from commit 2fda6f5fffcc05adaa5a08d976e09ad7cc97c1b3) (cherry picked from commit 71de25f2df501cd0ab8e639100ce23534d23a208) --- src/boot/efi/boot.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index e0ffc3b62df..6a1b3845f38 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -874,6 +874,7 @@ static bool menu_run( switch (key) { case KEYPRESS(0, SCAN_UP, 0): + case KEYPRESS(0, SCAN_VOLUME_UP, 0): /* Handle phones/tablets that only have a volume up/down rocker + power key (and otherwise just touchscreen input) */ case KEYPRESS(0, 0, 'k'): case KEYPRESS(0, 0, 'K'): if (idx_highlight > 0) @@ -881,6 +882,7 @@ static bool menu_run( break; case KEYPRESS(0, SCAN_DOWN, 0): + case KEYPRESS(0, SCAN_VOLUME_DOWN, 0): case KEYPRESS(0, 0, 'j'): case KEYPRESS(0, 0, 'J'): if (idx_highlight < config->n_entries-1) @@ -918,9 +920,10 @@ static bool menu_run( case KEYPRESS(0, 0, '\n'): case KEYPRESS(0, 0, '\r'): - case KEYPRESS(0, SCAN_F3, 0): /* EZpad Mini 4s firmware sends malformed events */ - case KEYPRESS(0, SCAN_F3, '\r'): /* Teclast X98+ II firmware sends malformed events */ + case KEYPRESS(0, SCAN_F3, 0): /* EZpad Mini 4s firmware sends malformed events */ + case KEYPRESS(0, SCAN_F3, '\r'): /* Teclast X98+ II firmware sends malformed events */ case KEYPRESS(0, SCAN_RIGHT, 0): + case KEYPRESS(0, SCAN_SUSPEND, 0): /* Handle phones/tablets with only a power key + volume up/down rocker (and otherwise just touchscreen input) */ action = ACTION_RUN; break; From cc590cc22cf71742ef705e0186f36f20021c664b Mon Sep 17 00:00:00 2001 From: James Hilliard Date: Wed, 3 Jul 2024 13:00:04 -0600 Subject: [PATCH 33/41] README: add missing CONFIG_MEMCG kernel config option for oomd We need to enable this otherwise systemd-oomd.service fails to start. Fixes: ConditionControlGroupController=memory was not met (cherry picked from commit aa329b89223a79793cde8288b1bc6e93db174938) (cherry picked from commit a50e6c5709f5fde269e6522bc6e6992180705fb1) --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index d6ff8fa6be2..930049075df 100644 --- a/README +++ b/README @@ -166,6 +166,7 @@ REQUIREMENTS: Required for systemd-oomd: CONFIG_PSI + CONFIG_MEMCG Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make From 3d3f3de9b51b22b284c85ebc6ec42c103eb25c18 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 3 Jul 2024 21:27:28 +0100 Subject: [PATCH 34/41] os-util: avoid matching on the wrong extension-release file The previous commit tries to extract a substring from the extension-release suffix, but that is not right, it's only the images that need to be versioned and extracted, use the extension-release suffix as-is. Otherwise if it happens to contain a prefix that matches the wrong image, it will be taken into account. Follow-up for 37543971aff79f3a37646ffc2bb5845c9394797b (cherry picked from commit 92d1fe3efac7b3a700317ec71b64cab5ebc17b42) (cherry picked from commit 160b539a9de2c8adc400833d976165d6158fd944) --- src/basic/os-util.c | 10 ++-------- test/units/testsuite-29.sh | 11 +++++++++++ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/basic/os-util.c b/src/basic/os-util.c index 985d89bc7eb..3cd6134f724 100644 --- a/src/basic/os-util.c +++ b/src/basic/os-util.c @@ -264,13 +264,7 @@ int open_extension_release_at( } if (!relax_extension_release_check) { - _cleanup_free_ char *base_image_name = NULL, *base_extension = NULL; - - r = path_extract_image_name(image_name, &base_image_name); - if (r < 0) { - log_debug_errno(r, "Failed to extract image name from %s/%s, ignoring: %m", dir_path, de->d_name); - continue; - } + _cleanup_free_ char *base_extension = NULL; r = path_extract_image_name(extension, &base_extension); if (r < 0) { @@ -278,7 +272,7 @@ int open_extension_release_at( continue; } - if (!streq(base_image_name, base_extension) && + if (!streq(image_name, base_extension) && extension_release_strict_xattr_value(fd, dir_path, image_name) != 0) continue; } diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh index 676330cbf1f..55e162db288 100755 --- a/test/units/testsuite-29.sh +++ b/test/units/testsuite-29.sh @@ -276,6 +276,17 @@ portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0 portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir minimal-app0 portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0 +# The wrong file should be ignored, given the right one has the xattr set +mkdir -p /tmp/wrongext/usr/lib/extension-release.d /tmp/wrongext/usr/lib/systemd/system/ +echo "[Service]" > /tmp/wrongext/usr/lib/systemd/system/app0.service +touch /tmp/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt +cp /tmp/rootdir/usr/lib/os-release /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 +setfattr -n user.extension-release.strict -v "false" /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 +portablectl "${ARGS[@]}" attach --runtime --extension /tmp/wrongext /tmp/rootdir app0 +status="$(portablectl is-attached --extension wrongext rootdir)" +[[ "${status}" == "attached-runtime" ]] +portablectl detach --runtime --extension /tmp/wrongext /tmp/rootdir app0 + umount /tmp/rootdir umount /tmp/app0 umount /tmp/app1 From 1afb793224fe28c32574bce352dceda2f6e1b278 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Jul 2024 09:56:51 +0200 Subject: [PATCH 35/41] man: drop version info from file hiearchy man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This file doesn't document features of systemd, but is more a of a general description that generalizes/modernizes FHS. As such, the items listed in it weren't "added" in systemd versions, they simply reflect general concepts independent of any specific systemd version. hence let's drop this misleading and confusing version info. Or in other words, the man page currently claims under "/usr/": "Added in version 215." – Which of course is rubbish, the directory existed since time began. This also rebreaks all paragaphs this touches. No content changes. (cherry picked from commit 26db8fe2478316825c5596e4b93b08176a8abddb) (cherry picked from commit 8dbb7e2a72a73cd3f92b4891148d00c314cd8b67) --- man/file-hierarchy.xml | 443 +++++++++++++-------------------------- tools/command_ignorelist | 43 ++++ 2 files changed, 185 insertions(+), 301 deletions(-) diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 583b9ab811a..d299d6fc9d5 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -48,93 +48,63 @@ / - The file system root. Usually writable, but - this is not required. Possibly a temporary file system - (tmpfs). Not shared with other hosts - (unless read-only). - - + The file system root. Usually writable, but this is not required. Possibly a + temporary file system (tmpfs). Not shared with other hosts (unless + read-only). /boot/ - The boot partition used for bringing up the - system. On EFI systems, this is possibly the EFI System - Partition (ESP), also see + The boot partition used for bringing up the system. On EFI systems, this is possibly + the EFI System Partition (ESP), also see systemd-gpt-auto-generator8. - This directory is usually strictly local to the host, and - should be considered read-only, except when a new kernel or - boot loader is installed. This directory only exists on - systems that run on physical or emulated hardware that - requires boot loaders. - - + This directory is usually strictly local to the host, and should be considered read-only, except when + a new kernel or boot loader is installed. This directory only exists on systems that run on physical + or emulated hardware that requires boot loaders. /efi/ - If the boot partition /boot/ is maintained separately from the EFI System - Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system partition should look - for it at this mount point first, and fall back to /boot/ — if the former doesn't qualify - (for example if it is not a mount point or does not have the correct file system type - MSDOS_SUPER_MAGIC). - - + If the boot partition /boot/ is maintained separately from the + EFI System Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system + partition should look for it at this mount point first, and fall back to /boot/ + — if the former doesn't qualify (for example if it is not a mount point or does not have the correct + file system type MSDOS_SUPER_MAGIC). /etc/ - System-specific configuration. This directory - may or may not be read-only. Frequently, this directory is - pre-populated with vendor-supplied configuration files, but - applications should not make assumptions about this directory - being fully populated or populated at all, and should fall - back to defaults if configuration is - missing. - - + System-specific configuration. This directory may or may not be + read-only. Frequently, this directory is pre-populated with vendor-supplied configuration files, but + applications should not make assumptions about this directory being fully populated or populated at + all, and should fall back to defaults if configuration is missing. /home/ - The location for normal user's home - directories. Possibly shared with other systems, and never - read-only. This directory should only be used for normal - users, never for system users. This directory and possibly the - directories contained within it might only become available or - writable in late boot or even only after user authentication. - This directory might be placed on limited-functionality - network file systems, hence applications should not assume the - full set of file API is available on this directory. - Applications should generally not reference this directory - directly, but via the per-user $HOME - environment variable, or via the home directory field of the - user database. - - + The location for normal user's home directories. Possibly shared with other systems, + and never read-only. This directory should only be used for normal users, never for system + users. This directory and possibly the directories contained within it might only become available or + writable in late boot or even only after user authentication. This directory might be placed on + limited-functionality network file systems, hence applications should not assume the full set of file + API is available on this directory. Applications should generally not reference this directory + directly, but via the per-user $HOME environment variable, or via the home + directory field of the user database. /root/ - The home directory of the root user. The root - user's home directory is located outside of - /home/ in order to make sure the root user - may log in even without /home/ being - available and mounted. - - + The home directory of the root user. The root user's home directory is located + outside of /home/ in order to make sure the root user may log in even without + /home/ being available and mounted. /srv/ - The place to store general server payload, - managed by the administrator. No restrictions are made how - this directory is organized internally. Generally writable, - and possibly shared among systems. This directory might become - available or writable only very late during - boot. - - + The place to store general server payload, managed by the administrator. No + restrictions are made how this directory is organized internally. Generally writable, and possibly + shared among systems. This directory might become available or writable only very late during + boot. @@ -156,10 +126,7 @@ mkdtemp3, and similar calls. For more details, see Using - /tmp/ and /var/tmp/ Safely. - - - + /tmp/ and /var/tmp/ Safely. @@ -173,34 +140,24 @@ /run/ A tmpfs file system for system packages to place runtime data, socket files, and similar. This directory is flushed on boot, and generally writable for privileged - programs only. Always writable. - - + programs only. Always writable. /run/log/ - Runtime system logs. System components may - place private logs in this directory. Always writable, even - when /var/log/ might not be accessible - yet. - - + Runtime system logs. System components may place private logs in this + directory. Always writable, even when /var/log/ might not be accessible + yet. /run/user/ - Contains per-user runtime directories, each - usually individually mounted tmpfs - instances. Always writable, flushed at each reboot and when - the user logs out. User code should not reference this - directory directly, but via the - $XDG_RUNTIME_DIR environment variable, as - documented in the XDG - Base Directory Specification. - - + Contains per-user runtime directories, each usually individually mounted + tmpfs instances. Always writable, flushed at each reboot and when the user logs + out. User code should not reference this directory directly, but via the + $XDG_RUNTIME_DIR environment variable, as documented in the XDG Base Directory + Specification. @@ -212,99 +169,63 @@ /usr/ - Vendor-supplied operating system resources. - Usually read-only, but this is not required. Possibly shared - between multiple hosts. This directory should not be modified - by the administrator, except when installing or removing - vendor-supplied packages. - - + Vendor-supplied operating system resources. Usually read-only, but this is not + required. Possibly shared between multiple hosts. This directory should not be modified by the + administrator, except when installing or removing vendor-supplied packages. /usr/bin/ - Binaries and executables for user commands - that shall appear in the $PATH search path. - It is recommended not to place binaries in this directory that - are not useful for invocation from a shell (such as daemon - binaries); these should be placed in a subdirectory of - /usr/lib/ instead. - - + Binaries and executables for user commands that shall appear in the + $PATH search path. It is recommended not to place binaries in this directory that + are not useful for invocation from a shell (such as daemon binaries); these should be placed in a + subdirectory of /usr/lib/ instead. /usr/include/ - C and C++ API header files of system - libraries. - - + C and C++ API header files of system libraries. /usr/lib/ - Static, private vendor data that is compatible - with all architectures (though not necessarily - architecture-independent). Note that this includes internal - executables or other binaries that are not regularly invoked - from a shell. Such binaries may be for any architecture - supported by the system. Do not place public libraries in this - directory, use $libdir (see below), - instead. - - + Static, private vendor data that is compatible with all architectures (though not + necessarily architecture-independent). Note that this includes internal executables or other binaries + that are not regularly invoked from a shell. Such binaries may be for any architecture supported by + the system. Do not place public libraries in this directory, use $libdir (see + below), instead. /usr/lib/arch-id/ - Location for placing dynamic libraries into, also - called $libdir. The architecture identifier - to use is defined on Multiarch - Architecture Specifiers (Tuples) list. Legacy - locations of $libdir are - /usr/lib/, - /usr/lib64/. This directory should not be - used for package-specific data, unless this data is - architecture-dependent, too. To query - $libdir for the primary architecture of the - system, invoke: - # systemd-path system-library-arch - - - + Location for placing dynamic libraries into, also called + $libdir. The architecture identifier to use is defined on Multiarch Architecture Specifiers (Tuples) + list. Legacy locations of $libdir are /usr/lib/, + /usr/lib64/. This directory should not be used for package-specific data, unless + this data is architecture-dependent, too. To query $libdir for the primary + architecture of the system, invoke: # systemd-path + system-library-arch /usr/share/ - Resources shared between multiple packages, - such as documentation, man pages, time zone information, fonts - and other resources. Usually, the precise location and format - of files stored below this directory is subject to - specifications that ensure interoperability. - - + Resources shared between multiple packages, such as documentation, man pages, time + zone information, fonts and other resources. Usually, the precise location and format of files stored + below this directory is subject to specifications that ensure interoperability. /usr/share/doc/ - Documentation for the operating system or - system packages. - - + Documentation for the operating system or system packages. /usr/share/factory/etc/ - Repository for vendor-supplied default - configuration files. This directory should be populated with - pristine vendor versions of all configuration files that may - be placed in /etc/. This is useful to - compare the local configuration of a system with vendor - defaults and to populate the local configuration with - defaults. - - + Repository for vendor-supplied default configuration files. This directory should be + populated with pristine vendor versions of all configuration files that may be placed in + /etc/. This is useful to compare the local configuration of a system with vendor + defaults and to populate the local configuration with defaults. @@ -313,10 +234,7 @@ Similar to /usr/share/factory/etc/, but for vendor versions of files in the variable, persistent data directory - /var/. - - - + /var/. @@ -333,49 +251,34 @@ system might start up without this directory being populated. Persistency is recommended, but optional, to support ephemeral systems. This directory might become available or writable only very late during boot. Components that are required to operate during early boot hence shall not - unconditionally rely on this directory. - - + unconditionally rely on this directory. /var/cache/ - Persistent system cache data. System - components may place non-essential data in this directory. - Flushing this directory should have no effect on operation of - programs, except for increased runtimes necessary to rebuild - these caches. - - + Persistent system cache data. System components may place non-essential data in this + directory. Flushing this directory should have no effect on operation of programs, except for + increased runtimes necessary to rebuild these caches. /var/lib/ - Persistent system data. System components may - place private data in this directory. - - + Persistent system data. System components may place private data in this + directory. /var/log/ - Persistent system logs. System components may - place private logs in this directory, though it is recommended - to do most logging via the - syslog3 - and + Persistent system logs. System components may place private logs in this directory, + though it is recommended to do most logging via the syslog3 and sd_journal_print3 - calls. - - + calls. /var/spool/ - Persistent system spool data, such as printer - or mail queues. - - + Persistent system spool data, such as printer or mail queues. @@ -396,10 +299,8 @@ mkdtemp3, and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely. - - - + url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/ + Safely. @@ -411,97 +312,67 @@ /dev/ - The root directory for device nodes. Usually, - this directory is mounted as a devtmpfs - instance, but might be of a different type in - sandboxed/containerized setups. This directory is managed - jointly by the kernel and + The root directory for device nodes. Usually, this directory is mounted as a + devtmpfs instance, but might be of a different type in sandboxed/containerized + setups. This directory is managed jointly by the kernel and systemd-udevd8, - and should not be written to by other components. A number of - special purpose virtual file systems might be mounted below - this directory. - - + and should not be written to by other components. A number of special purpose virtual file systems + might be mounted below this directory. /dev/shm/ - Place for POSIX shared memory segments, as - created via - shm_open3. - This directory is flushed on boot, and is a - tmpfs file system. Since all users have - write access to this directory, special care should be taken - to avoid name clashes and vulnerabilities. For normal users, - shared memory segments in this directory are usually deleted - when the user logs out. Usually, it is a better idea to use - memory mapped files in /run/ (for system - programs) or $XDG_RUNTIME_DIR (for user - programs) instead of POSIX shared memory segments, since these - directories are not world-writable and hence not vulnerable to - security-sensitive name clashes. - - + Place for POSIX shared memory segments, as created via shm_open3. + This directory is flushed on boot, and is a tmpfs file system. Since all users + have write access to this directory, special care should be taken to avoid name clashes and + vulnerabilities. For normal users, shared memory segments in this directory are usually deleted when + the user logs out. Usually, it is a better idea to use memory mapped files in + /run/ (for system programs) or $XDG_RUNTIME_DIR (for user + programs) instead of POSIX shared memory segments, since these directories are not world-writable and + hence not vulnerable to security-sensitive name clashes. /proc/ - A virtual kernel file system exposing the - process list and other functionality. This file system is - mostly an API to interface with the kernel and not a place - where normal files may be stored. For details, see - proc5. - A number of special purpose virtual file systems might be - mounted below this directory. - - + A virtual kernel file system exposing the process list and other functionality. This + file system is mostly an API to interface with the kernel and not a place where normal files may be + stored. For details, see proc5. A + number of special purpose virtual file systems might be mounted below this + directory. /proc/sys/ - A hierarchy below /proc/ - that exposes a number of kernel tunables. The primary way to - configure the settings in this API file tree is via + A hierarchy below /proc/ that exposes a number of kernel + tunables. The primary way to configure the settings in this API file tree is via sysctl.d5 - files. In sandboxed/containerized setups, this directory is - generally mounted read-only. - - + files. In sandboxed/containerized setups, this directory is generally mounted + read-only. /sys/ - A virtual kernel file system exposing - discovered devices and other functionality. This file system - is mostly an API to interface with the kernel and not a place - where normal files may be stored. In sandboxed/containerized - setups, this directory is generally mounted read-only. A number - of special purpose virtual file systems might be mounted below - this directory. - - + A virtual kernel file system exposing discovered devices and other + functionality. This file system is mostly an API to interface with the kernel and not a place where + normal files may be stored. In sandboxed/containerized setups, this directory is generally mounted + read-only. A number of special purpose virtual file systems might be mounted below this + directory. /sys/fs/cgroup/ - A virtual kernel file system exposing process - control groups (cgroups). This file system is an API to interface - with the kernel and not a place where normal files may be stored. On - current systems running in the default "unified" mode, - this directory serves as the mount point for the - cgroup2 filesystem, which provides a unified - cgroup hierarchy for all resource controllers. On systems with - non-default configurations, this directory may instead be a tmpfs - filesystem containing mount points for various - cgroup (v1) resource controllers; in such - configurations, if cgroup2 is mounted it will be - mounted on /sys/fs/cgroup/unified/, but - cgroup2 will not have resource controllers attached. In - sandboxed/containerized setups, this directory may either not exist or - may include a subset of functionality. - - - + A virtual kernel file system exposing process control groups (cgroups). This file + system is an API to interface with the kernel and not a place where normal files may be stored. On + current systems running in the default "unified" mode, this directory serves as the mount point for + the cgroup2 filesystem, which provides a unified cgroup hierarchy for all resource + controllers. On systems with non-default configurations, this directory may instead be a tmpfs + filesystem containing mount points for various cgroup (v1) resource controllers; + in such configurations, if cgroup2 is mounted it will be mounted on + /sys/fs/cgroup/unified/, but cgroup2 will not have resource controllers + attached. In sandboxed/containerized setups, this directory may either not exist or may include a + subset of functionality. @@ -515,47 +386,31 @@ /sbin/ /usr/sbin/ - These compatibility symlinks point to - /usr/bin/, ensuring that scripts and - binaries referencing these legacy paths correctly find their - binaries. - - + These compatibility symlinks point to /usr/bin/, ensuring that + scripts and binaries referencing these legacy paths correctly find their binaries. /lib/ - This compatibility symlink points to - /usr/lib/, ensuring that programs - referencing this legacy path correctly find their - resources. - - + This compatibility symlink points to /usr/lib/, ensuring that + programs referencing this legacy path correctly find their resources. /lib64/ - On some architecture ABIs, this compatibility - symlink points to $libdir, ensuring that - binaries referencing this legacy path correctly find their - dynamic loader. This symlink only exists on architectures - whose ABI places the dynamic loader in this - path. - - + On some architecture ABIs, this compatibility symlink points to + $libdir, ensuring that binaries referencing this legacy path correctly find their + dynamic loader. This symlink only exists on architectures whose ABI places the dynamic loader in this + path. /var/run/ - This compatibility symlink points to - /run/, ensuring that programs referencing - this legacy path correctly find their runtime - data. - - + This compatibility symlink points to /run/, ensuring that + programs referencing this legacy path correctly find their runtime data. @@ -581,9 +436,7 @@ directory. Flushing this directory should have no effect on operation of programs, except for increased runtimes necessary to rebuild these caches. If an application finds $XDG_CACHE_HOME set, it should use the directory specified in it instead of this - directory. - - + directory. @@ -592,9 +445,7 @@ Application configuration. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their configuration in this directory be missing. If an application finds $XDG_CONFIG_HOME set, it should use - the directory specified in it instead of this directory. - - + the directory specified in it instead of this directory. @@ -605,18 +456,14 @@ shell; these should be placed in a subdirectory of ~/.local/lib/ instead. Care should be taken when placing architecture-dependent binaries in this place, which might be problematic if the home directory is shared between multiple hosts with different - architectures. - - + architectures. ~/.local/lib/ Static, private vendor data that is compatible with all - architectures. - - + architectures. @@ -624,9 +471,7 @@ Location for placing public dynamic libraries. The architecture identifier to use is defined on Multiarch Architecture Specifiers - (Tuples) list. - - + (Tuples) list. @@ -635,9 +480,7 @@ Resources shared between multiple packages, such as fonts or artwork. Usually, the precise location and format of files stored below this directory is subject to specifications that ensure interoperability. If an application finds $XDG_DATA_HOME set, it should use - the directory specified in it instead of this directory. - - + the directory specified in it instead of this directory. @@ -646,9 +489,7 @@ Application state. When a new user is created, this directory will be empty or not exist at all. Applications should fall back to defaults should their state in this directory be missing. If an application finds $XDG_STATE_HOME set, it should use the directory - specified in it instead of this directory. - - + specified in it instead of this directory. diff --git a/tools/command_ignorelist b/tools/command_ignorelist index 186136dd639..313ba1bc39a 100644 --- a/tools/command_ignorelist +++ b/tools/command_ignorelist @@ -525,3 +525,46 @@ udevadm.xml /refsect1[title="Options"]/refsect2[title="udevadm monitor\n op udevadm.xml /refsect1[title="Options"]/refsect2[title="udevadm test\n options\n devpath|file|unit\n "]/variablelist/varlistentry[term="-a"] vconsole.conf.xml /refsect1[title="Options"]/variablelist/varlistentry[term="KEYMAP="] vconsole.conf.xml /refsect1[title="Options"]/variablelist/varlistentry[term="FONT="] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/boot/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/efi/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/etc/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/home/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/root/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/srv/"] +file-hierarchy.xml /refsect1[title="General Structure"]/variablelist/varlistentry[term="/tmp/"] +file-hierarchy.xml /refsect1[title="Runtime Data"]/variablelist/varlistentry[term="/run/"] +file-hierarchy.xml /refsect1[title="Runtime Data"]/variablelist/varlistentry[term="/run/log/"] +file-hierarchy.xml /refsect1[title="Runtime Data"]/variablelist/varlistentry[term="/run/user/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/bin/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/include/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/lib/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/lib/arch-id/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/share/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/share/doc/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/share/factory/etc/"] +file-hierarchy.xml /refsect1[title="Vendor-supplied Operating System Resources"]/variablelist/varlistentry[term="/usr/share/factory/var/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/cache/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/lib/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/log/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/spool/"] +file-hierarchy.xml /refsect1[title="Persistent Variable System Data"]/variablelist/varlistentry[term="/var/tmp/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/dev/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/dev/shm/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/proc/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/proc/sys/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/sys/"] +file-hierarchy.xml /refsect1[title="Virtual Kernel and API File Systems"]/variablelist/varlistentry[term="/sys/fs/cgroup/"] +file-hierarchy.xml /refsect1[title="Compatibility Symlinks"]/variablelist/varlistentry[term="/bin/"] +file-hierarchy.xml /refsect1[title="Compatibility Symlinks"]/variablelist/varlistentry[term="/lib/"] +file-hierarchy.xml /refsect1[title="Compatibility Symlinks"]/variablelist/varlistentry[term="/lib64/"] +file-hierarchy.xml /refsect1[title="Compatibility Symlinks"]/variablelist/varlistentry[term="/var/run/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.cache/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.config/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/bin/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/lib/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/lib/arch-id/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/share/"] +file-hierarchy.xml /refsect1[title="Home Directory"]/variablelist/varlistentry[term="~/.local/state/"] From 39fb2172e7aead460645ce64adbf63f036dc95f2 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Jul 2024 10:10:07 +0200 Subject: [PATCH 36/41] man: mention that distinction between /usr/lib/ and /usr/share/ is really about shared *ownership* (cherry picked from commit 39aafbd42ac3d9675098c8212261fa56261d9066) (cherry picked from commit 9d40e5c9c61276ca80ccdedacbfc51d8d466ab90) --- man/file-hierarchy.xml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index d299d6fc9d5..4e9ef271335 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -212,7 +212,12 @@ /usr/share/ Resources shared between multiple packages, such as documentation, man pages, time zone information, fonts and other resources. Usually, the precise location and format of files stored - below this directory is subject to specifications that ensure interoperability. + below this directory is subject to specifications that ensure interoperability. + + Note that resources placed in this directory typically are under shared ownership, + i.e. multiple different packages have provide and consume these resources, on equal footing, without + any obvious primary owner. This makes makes things systematically different from + /usr/lib/, where ownership is generally not shared. @@ -618,9 +623,9 @@ - Additional static vendor files may be installed in the - /usr/share/ hierarchy to the locations - defined by the various relevant specifications. + Additional static vendor files with shared ownership may be installed in the + /usr/share/ hierarchy to the locations defined by the various relevant + specifications. The following directories shall be used by the package for local configuration and files created during runtime: @@ -710,9 +715,9 @@ - Additional static vendor files may be installed in the ~/.local/share/ - hierarchy, mirroring the subdirectories specified in the section "Vendor-supplied operating system - resources" above. + Additional static vendor files with shared ownership may be installed in the + ~/.local/share/ hierarchy, mirroring the subdirectories specified in the section + "Vendor-supplied operating system resources" above. The following directories shall be used by the package for per-user local configuration and files created during runtime: From 41e847752df60f035cea400c8f354d0d15a308a8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Jul 2024 10:18:37 +0200 Subject: [PATCH 37/41] man: fully adopt ~/.local/state/ The XDG base dir spec adopted ~/.local/state/ as a thing a while back, and we updated our docs in b4d6bc63e602048188896110a585aa7de1c70c9b, but forgot to to update the table at the bottom to fully reflect the update. Fix that. (cherry picked from commit 72a6296b16a75d4e26eec972f2999e69c9967b9d) (cherry picked from commit df1ed3fbe2d03e9c1d0eed7d836c5aa541f4fb52) --- man/file-hierarchy.xml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man/file-hierarchy.xml b/man/file-hierarchy.xml index 4e9ef271335..1ad2af45492 100644 --- a/man/file-hierarchy.xml +++ b/man/file-hierarchy.xml @@ -736,7 +736,7 @@ ~/.config/package/ - User-specific configuration and state for the package. It is required to default to safe fallbacks if this configuration is missing. + User-specific configuration for the package. It is required to default to safe fallbacks if this configuration is missing. $XDG_RUNTIME_DIR/package/ @@ -746,6 +746,10 @@ ~/.cache/package/ Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary. + + ~/.local/state/package/ + Persistent state data of the package. + From 698016bf495524f5473fdfdcdb4faab1947bae99 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 4 Jul 2024 10:23:04 +0100 Subject: [PATCH 38/41] sysusers: handle NSS errors gracefully If the io.systemd.DynamicUser or io.systemd.Machine files exist, but nothing is listening on them, the nss-systemd module returns ECONNREFUSED and systemd-sysusers fails to creat the user/group. This is problematic when ran by packaging scripts, as the package assumes that after this has run, the user/group exist and can be used. adduser does not fail in the same situation. Change sysusers to print a loud warning but otherwise continue when NSS returns an error. (cherry picked from commit fc9938d6f8e7081df5420bf88bf98f683b1391c0) (cherry picked from commit abba1e6bc29b7e07354ca23906c6f485ba245a1a) --- src/sysusers/sysusers.c | 12 ++++++------ test/units/TEST-74-AUX-UTILS.sysusers.sh | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) create mode 100755 test/units/TEST-74-AUX-UTILS.sysusers.sh diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 514f3c79357..794e09ce53f 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1064,7 +1064,7 @@ static int uid_is_ok( if (p) return 0; if (!IN_SET(errno, 0, ENOENT)) - return -errno; + log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid); if (check_with_gid) { errno = 0; @@ -1073,7 +1073,7 @@ static int uid_is_ok( if (!streq(g->gr_name, name)) return 0; } else if (!IN_SET(errno, 0, ENOENT)) - return -errno; + log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid); } } @@ -1179,7 +1179,7 @@ static int add_user(Context *c, Item *i) { return 0; } if (!errno_is_not_exists(errno)) - return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name); + log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name); } /* Try to use the suggested numeric UID */ @@ -1301,7 +1301,7 @@ static int gid_is_ok( if (g) return 0; if (!IN_SET(errno, 0, ENOENT)) - return -errno; + log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); if (check_with_uid) { errno = 0; @@ -1309,7 +1309,7 @@ static int gid_is_ok( if (p) return 0; if (!IN_SET(errno, 0, ENOENT)) - return -errno; + log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); } } @@ -1344,7 +1344,7 @@ static int get_gid_by_name( return 0; } if (!errno_is_not_exists(errno)) - return log_error_errno(errno, "Failed to check if group %s already exists: %m", name); + log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name); } return -ENOENT; diff --git a/test/units/TEST-74-AUX-UTILS.sysusers.sh b/test/units/TEST-74-AUX-UTILS.sysusers.sh new file mode 100755 index 00000000000..dcd29938b53 --- /dev/null +++ b/test/units/TEST-74-AUX-UTILS.sysusers.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -eux +set -o pipefail + +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +at_exit() { + set +e + userdel -r foobarbaz + umount /run/systemd/userdb/ +} + +# Check that we indeed run under root to make the rest of the test work +[[ "$(id -u)" -eq 0 ]] + +trap at_exit EXIT + +# Ensure that a non-responsive NSS socket doesn't make sysusers fail +mount -t tmpfs tmpfs /run/systemd/userdb/ +touch /run/systemd/userdb/io.systemd.DynamicUser +echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers - +grep -q foobarbaz /etc/passwd From 46a5952626e9c7bd96a76144a8711531229b6ee5 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 4 Jul 2024 16:58:46 +0100 Subject: [PATCH 39/41] README: update requirements for signed dm-verity The newest kconfig enabling DB-verified dm-verity images is queued for 6.11: https://patchwork.kernel.org/project/dm-devel/patch/20240617220037.594792-1-luca.boccassi@gmail.com/ (cherry picked from commit a79b6dc0706dd5fe76ec56b3308b402c133ead23) (cherry picked from commit c32f71aa1420b05711fa0593ddcffbeb76f272ab) --- README | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README b/README index 930049075df..9a46678e70b 100644 --- a/README +++ b/README @@ -128,9 +128,10 @@ REQUIREMENTS: Required for signed Verity images support: CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG - Required to verify signed Verity images using keys enrolled in the MoK - (Machine-Owner Key) keyring: + Required to verify signed Verity images using keys enrolled in the MOK + (Machine-Owner Key) and DB UEFI certificate stores: CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING + CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING CONFIG_IMA_ARCH_POLICY CONFIG_INTEGRITY_MACHINE_KEYRING From a19fded330a07cb740f96e801290e713a9c9a461 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 4 Jul 2024 14:34:35 +0200 Subject: [PATCH 40/41] vmm: make sure we can handle smbios objects without variable part An smbios object with no variable part is a special case, it's just suffixed with two NUL btes. handle that properly. This is inspired by a similar fix from https://github.com/systemd/systemd/pull/29726 (cherry picked from commit 44ec70489f377d1fa9f4e19aed95a7e39da7d93d) (cherry picked from commit 9a2f16e4edc490a289e3b22ab9f30e3e5bc73850) --- src/boot/efi/vmm.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c index 60e216d54c5..bfc7acc0523 100644 --- a/src/boot/efi/vmm.c +++ b/src/boot/efi/vmm.c @@ -241,13 +241,21 @@ static const SmbiosHeader *get_smbios_table(uint8_t type, uint64_t *ret_size_lef size -= header->length; p += header->length; - /* Skip over string table. */ + /* Special case: if there are no strings appended, we'll see two NUL bytes, skip over them */ + if (size >= 2 && p[0] == 0 && p[1] == 0) { + size -= 2; + p += 2; + continue; + } + + /* Skip over a populated string table. */ + bool first = true; for (;;) { const uint8_t *e = memchr(p, 0, size); if (!e) return NULL; - if (e == p) {/* Double NUL byte means we've reached the end of the string table. */ + if (!first && e == p) {/* Double NUL byte means we've reached the end of the string table. */ p++; size--; break; @@ -255,6 +263,7 @@ static const SmbiosHeader *get_smbios_table(uint8_t type, uint64_t *ret_size_lef size -= e + 1 - p; p = e + 1; + first = false; } } From f953cf1f8182133b49e12d8874293317bbdbae8c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sat, 6 Jul 2024 01:06:20 +0100 Subject: [PATCH 41/41] mkosi: drop CentOS 8 from CI It no longer builds due to packaging issues, drop it, CentOS 9 is still covered --- .github/workflows/mkosi.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 8b32ec82e32..5fc51238007 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -68,8 +68,6 @@ jobs: release: tumbleweed - distro: centos release: "9" - - distro: centos - release: "8" env: SYSTEMD_LOG_LEVEL: debug