picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #16684 from keszybz/assorted-cleanups 

Assorted cleanups
This commit is contained in:
Lennart Poettering 2020-08-10 19:28:05 +02:00 committed by GitHub
parent a2af7e5c7e d08a529518
commit 721bb6ed08
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 63 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/AUTOMATIC_BOOT_ASSESSMENT.md
View File

@ -10,12 +10,11 @@ systemd provides support for automatically reverting back to the previous
version of the OS or kernel in case the system consistently fails to boot. This
support is built into various of its components. When used together these
components provide a complete solution on UEFI systems, built as add-on to the
[Boot Loader
Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). However, the
different components may also be used independently, and in combination with
other software, to implement similar schemes, for example with other boot
loaders or for non-UEFI systems. Here's a brief overview of the complete set of
components:
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION).
However, the different components may also be used independently, and in
combination with other software, to implement similar schemes, for example with
other boot loaders or for non-UEFI systems. Here's a brief overview of the
complete set of components:
* The
[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
@ -45,11 +44,10 @@ components:
* The `boot-complete.target` target unit (see
[`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
serves as a generic extension point both for units that shall be considered
necessary to consider a boot successful on one side (example:
`systemd-boot-check-no-failures.service` as described above), and units that
want to act only if the boot is successful on the other (example:
`systemd-bless-boot.service` as described above).
serves as a generic extension point both for units that are necessary to
consider a boot successful (example: `systemd-boot-check-no-failures.service`
as described above), and units that want to act only if the boot is
successful (example: `systemd-bless-boot.service` as described above).
* The
[`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)

2
man/org.freedesktop.systemd1.xml
View File

@ -8778,7 +8778,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<refsect1>
<title>Scope Unit Objects</title>
<para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
<para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>

1
src/boot/bless-boot.c
View File

@ -34,6 +34,7 @@ static int help(int argc, char *argv[], void *userdata) {
printf("%s [OPTIONS...] COMMAND\n"
"\n%sMark the boot process as good or bad.%s\n"
"\nCommands:\n"
" status Show status of current boot loader entry\n"
" good Mark this boot as good\n"
" bad Mark this boot as bad\n"
" indeterminate Undo any marking as good or bad\n"

4
src/journal/journal-qrcode.c
View File

@ -46,7 +46,7 @@ int print_qr_code(
_cleanup_(dlclosep) void *dl = NULL;
_cleanup_free_ char *url = NULL;
_cleanup_fclose_ FILE *f = NULL;
size_t url_size = 0, i;
size_t url_size = 0;
unsigned x, y;
QRcode* qr;
int r;
@ -79,7 +79,7 @@ int print_qr_code(
fputs("fss://", f);
for (i = 0; i < seed_size; i++) {
for (size_t i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0)
fputc('-', f);
fprintf(f, "%02x", ((uint8_t*) seed)[i]);

45
src/journal/journalctl.c
View File

@ -1790,7 +1790,7 @@ static int add_syslog_identifier(sd_journal *j) {
static int setup_keys(void) {
#if HAVE_GCRYPT
size_t mpk_size, seed_size, state_size, i;
size_t mpk_size, seed_size, state_size;
_cleanup_(unlink_and_freep) char *k = NULL;
_cleanup_free_ char *p = NULL;
uint8_t *mpk, *seed, *state;
@ -1902,52 +1902,49 @@ static int setup_keys(void) {
k = mfree(k);
_cleanup_free_ char *hn = NULL;
if (on_tty()) {
hn = gethostname_malloc();
if (hn)
hostname_cleanup(hn);
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr,
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
"\n"
"The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
"the following local file. This key file is automatically updated when the\n"
"sealing key is advanced. It should not be used on multiple hosts.\n"
"The %ssecret sealing key%s has been written to the following local file.\n"
"This key file is automatically updated when the sealing key is advanced.\n"
"It should not be used on multiple hosts.\n"
"\n"
"\t%s\n"
"\n"
"The sealing key is automatically changed every %s.\n"
"\n"
"Please write down the following %ssecret verification key%s. It should be stored\n"
"at a safe location and should not be saved locally on disk.\n"
"in a safe location and should not be saved locally on disk.\n"
"\n\t%s",
hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
ansi_highlight(), ansi_normal(),
p,
format_timespan(tsb, sizeof(tsb), arg_interval, 0),
ansi_highlight(), ansi_normal(),
ansi_highlight_red());
fflush(stderr);
}
for (i = 0; i < seed_size; i++) {
for (size_t i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0)
putchar('-');
printf("%02x", ((uint8_t*) seed)[i]);
}
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
if (on_tty()) {
_cleanup_free_ char *hn = NULL;
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr,
"%s\n"
"The sealing key is automatically changed every %s.\n",
ansi_normal(),
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
hn = gethostname_malloc();
if (hn) {
hostname_cleanup(hn);
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
} else
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
fprintf(stderr, "%s", ansi_normal());
#if HAVE_QRENCODE
(void) print_qr_code(stderr,
"\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
"\nTo transfer the verification key to your phone scan the QR code below:\n",
seed, seed_size,
n, arg_interval,
hn, machine);

39
src/test/test-nss.c
View File

@ -54,7 +54,7 @@ static const char* af_to_string(int family, char *buf, size_t buf_len) {
return buf;
}
static void* open_handle(const char* dir, const char* module, int flags) {
static void* open_handle(const char *dir, const char *module, int flags) {
const char *path = NULL;
void *handle;
@ -63,6 +63,7 @@ static void* open_handle(const char* dir, const char* module, int flags) {
if (!path || access(path, F_OK) < 0)
path = strjoina("libnss_", module, ".so.2");
log_debug("Using %s", path);
handle = dlopen(path, flags);
if (!handle)
log_error("Failed to load module %s: %s", module, dlerror());
@ -70,10 +71,9 @@ static void* open_handle(const char* dir, const char* module, int flags) {
}
static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
const struct gaih_addrtuple *it;
int n = 0;
for (it = tuples; it; it = it->next) {
for (const struct gaih_addrtuple *it = tuples; it; it = it->next) {
_cleanup_free_ char *a = NULL;
union in_addr_union u;
int r;
@ -147,7 +147,10 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname4_r");
f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
assert_se(f);
if (!f) {
log_info("%s not defined", fname);
return;
}
status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
if (status == NSS_STATUS_SUCCESS) {
@ -197,7 +200,10 @@ static void test_gethostbyname3_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname3_r");
f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
assert_se(f);
if (!f) {
log_info("%s not defined", fname);
return;
}
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
@ -223,7 +229,10 @@ static void test_gethostbyname2_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname2_r");
f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
assert_se(f);
if (!f) {
log_info("%s not defined", fname);
return;
}
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -247,7 +256,10 @@ static void test_gethostbyname_r(void *handle, const char *module, const char *n
fname = strjoina("_nss_", module, "_gethostbyname_r");
f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
assert_se(f);
if (!f) {
log_info("%s not defined", fname);
return;
}
status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -279,8 +291,10 @@ static void test_gethostbyaddr2_r(void *handle,
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
if (!f)
if (!f) {
log_info("%s not defined", fname);
return;
}
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
@ -314,8 +328,10 @@ static void test_gethostbyaddr_r(void *handle,
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
if (!f)
if (!f) {
log_info("%s not defined", fname);
return;
}
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
@ -388,14 +404,13 @@ static int make_addresses(struct local_address **addresses) {
return 0;
}
static int test_one_module(const char* dir,
static int test_one_module(const char *dir,
const char *module,
char **names,
struct local_address *addresses,
int n_addresses) {
void *handle;
char **name;
int i;
log_info("======== %s ========", module);
@ -406,7 +421,7 @@ static int test_one_module(const char* dir,
STRV_FOREACH(name, names)
test_byname(handle, module, *name);
for (i = 0; i < n_addresses; i++)
for (int i = 0; i < n_addresses; i++)
test_byaddr(handle, module,
&addresses[i].address,
FAMILY_ADDRESS_SIZE(addresses[i].family),

7
src/test/test-seccomp.c
View File

@ -98,9 +98,6 @@ static void test_syscall_filter_set_find(void) {
}
static void test_filter_sets(void) {
unsigned i;
int r;
log_info("/* %s */", __func__);
if (!is_seccomp_available()) {
@ -112,7 +109,7 @@ static void test_filter_sets(void) {
return;
}
for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
pid_t pid;
log_info("Testing %s", syscall_filter_sets[i].name);
@ -121,7 +118,7 @@ static void test_filter_sets(void) {
assert_se(pid >= 0);
if (pid == 0) { /* Child? */
int fd;
int fd, r;
/* If we look at the default set (or one that includes it), allow-list instead of deny-list */
if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))