picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
46,157 Commits 2 Branches 0 Tags 166 MiB
Commit Graph

46157 Commits

Author SHA1 Message Date
Lennart Poettering bb970e5774 update TODO 2020-08-17 09:12:02 +02:00
Michael Scherer bcf08acbff Newer Glibc use faccessat2 to implement faccessat 
cf https://repo.or.cz/glibc.git/commit/3d3ab573a5f3071992cbc4f57d50d1d29d55bde2

This cause breakage on Fedora Rawhide: https://bugzilla.redhat.com/show_bug.cgi?id=1869030
 2020-08-16 15:10:13 +02:00
Lennart Poettering 61c8b73a35
Merge pull request #16705 from bluca/verity_udev_wait 
Verity: use udev to wait for symlink creation on concurrent activations
 2020-08-14 20:14:57 +02:00
Luca Boccassi ce5eef6530 shared/udev-util: fix sd_device leak in device_wait_for_initialization 
If the caller doesn't pass a return pointer, or if sd_event_loop fails
after the device was found and referenced, it never gets dereferenced.
 2020-08-14 15:26:04 +01:00
Luca Boccassi efc3b12fdb tree-wide: enable/disable libcrypsetup debug output depending on our level 
Avoid always setting to debug, as it will incur in many more callbacks from
libcrypsetup that then get discarded, wasting resources.
 2020-08-14 15:26:04 +01:00
Luca Boccassi ecab4c470c dissect: yield for 2ms when a verity device cannot be opened before retrying 
If we don't succeed on the first try it's because another process is
opening the same device. Do a microsleep for 2ms to increase the
chances it has completed the next time around the loop.
 2020-08-14 15:26:04 +01:00
Luca Boccassi 9ecb5c10fd dissect: account for EBUSY when verity device already exists 
In some cases, libdevmapper/libcrypsetup might return EBUSY instead of
EEXIST when opening a shared device. Treat it in the same way.
 2020-08-14 15:26:04 +01:00
Luca Boccassi c419b6f0cf dissect: wait for udev event if verity device not yet available 
The symlink /dev/mapper/dm_name is created by udev after a mapper
device is set up. So libdevmapper/libcrypsetup might tell us that
a verity device exists, but the symlink we use as the source for
the mount operation might not be there yet.
Instead of falling back to a new unique device set up, wait for
the udev event matching on the expected devlink for at least 100ms
(after which the benefits of sharing a device in terms of setup
time start to disappear - on my production machines, opening a new
verity device seems to take between 150ms and 300ms)
 2020-08-14 15:26:04 +01:00
Luca Boccassi 030a0d79ff udev-util: add device_wait_for_devlink 
Allows to wait for an event by matching on the devlink that gets
created.
 2020-08-14 15:26:04 +01:00
Lennart Poettering 3f181262f4 namespace: fix minor memory leak 2020-08-14 15:33:04 +02:00
Lennart Poettering 830171936c
Merge pull request #16612 from poettering/dissect-copy 
teach systemd-dissect file copying, and make it officially supported, move to /usr/bin + man page
 2020-08-13 11:26:49 +02:00
Lennart Poettering 1af83e7c37 update TODO 2020-08-12 22:39:43 +02:00
Lennart Poettering 35afe47abe test: update tests to use new JSON output instead of human readable output 2020-08-12 22:39:43 +02:00
Lennart Poettering de8231b007 dissect: add support for outputting JSON 2020-08-12 22:39:43 +02:00
Lennart Poettering 0b9481cf2e json: add helpers for dealing with id128 + strv 2020-08-12 22:39:43 +02:00
Lennart Poettering 61f403a14f man: document systemd-dissect 2020-08-11 22:29:50 +02:00
Lennart Poettering 5a151082d7 meson: move systemd-dissect to /usr/bin 2020-08-11 22:29:50 +02:00
Lennart Poettering af8219d562 dissect: show proper error strings for more errors 
Also, make inability to decrypt and EBUSY a non-fatal issue, since we
still are able to display the mount table then.
 2020-08-11 22:29:50 +02:00
Lennart Poettering af187ab237 dissect: introduce new helper dissected_image_mount_and_warn() and use it everywhere 2020-08-11 22:26:48 +02:00
Lennart Poettering fa45d12c1c dissect: use recognizable error if we are supposed to mount an encrypted fs 
Also, document EBUSY
 2020-08-11 22:26:48 +02:00
Lennart Poettering 37e44c3f95 dissect: immediately close pipes when we determined we have no data for them 
This effectively makes little difference because we exit soon later
anyway, which will close the fds, too. However, it's still useful since
it means the parent will get EOF events on them in the order we process
things and isn't delayed to process the data from the pipes until the
child dies.
 2020-08-11 22:26:48 +02:00
Lennart Poettering f5ea63a5e1 dissect: properly propagate some relevant dissection errors 
Let's send some specific error codes from helper process to parent via
the return value, and convert them back there.
 2020-08-11 22:26:48 +02:00
Lennart Poettering 89d00f2e3f dissect: beef up dissection output 
Let's use a proper table for outputting partition information. Let's
also put the general information about the image first, and the table
after that.

Moreover, dissect the image before showing any output, so that we can
early on return an error if the image is not valid.
 2020-08-11 22:26:48 +02:00
Lennart Poettering e3659eb236 dissect: load verity metadata earlier 
That way we can turn off kernel partition scanning if verity data is
available (as we don't support verity for full GPT images, only for
simple file system images).
 2020-08-11 22:26:48 +02:00
Lennart Poettering 16b7459280 dissect: show more information in output 
Let's show size and image filename.
 2020-08-11 22:26:48 +02:00
Lennart Poettering 33973b841d dissect: add support for copying files in/out of image 2020-08-11 22:26:48 +02:00
Lennart Poettering bacf21e9e9 copy: add copy_access() helper for copying access mode 2020-08-11 22:26:48 +02:00
Lennart Poettering 5c05f06264 dissect: optionally mkdir directory to overmount 2020-08-11 22:26:48 +02:00
Lennart Poettering 1ffd93683b mkdir: handle mkdir_p() of simple filename gracefully 2020-08-11 22:26:48 +02:00
Lennart Poettering 140788f75f dissect: support --discard=list 2020-08-11 22:26:48 +02:00
Lennart Poettering ee72df1c7b firstboot: move --image= logic into common code 
That way we can reuse it in tmpfiles/sysusers/journalctl and so on.
 2020-08-11 22:26:48 +02:00
Lennart Poettering c53da7ed02
Merge pull request #16678 from poettering/loop-configure 
loop-util: use new LOOP_CONFIGURE ioctl added in kernel 5.8
 2020-08-11 22:22:27 +02:00
Lennart Poettering 6b49257f6b man: fix incorrectly placed full stop 2020-08-11 19:36:04 +01:00
Lennart Poettering d8857af4d0 update TODO 2020-08-11 15:24:18 +02:00
Lennart Poettering 86c1c1f345 loop-util: use new LOOP_CONFIGURE ioctl 
LOOP_CONFIGURE allows us to configure a loopback device in one ioctl
instead of two, which is not just faster but also removes the race that
udev might start probing the device before we adjusted things properly.

Unfortunately LOOP_CONFIGURE is broken in regards to LO_FLAGS_PARTSCAN
as of kernel 5.8.0. This patch contains a work-around for that, to
fallback to old behaviour if partition scanning is requested but does
not work. Sucks a bit.

Proposed upstream fix for that issue:

https://lkml.org/lkml/2020/8/6/97
 2020-08-11 15:24:18 +02:00
Lennart Poettering 834c15ec38 dissect: use new blockdev_partscan_enabled() API where appropriate 2020-08-11 10:30:19 +02:00
Lennart Poettering e8467cd31c blockdev-util: add correct API for detecting if block device has partition scanning enabled 
Instead of checking the loopback ioctls, let's check sysfs, so that we
catch all kinds of block devices, not just loopback block devices.
 2020-08-11 10:29:43 +02:00
Anita Zhang 96a4ce9f1d
Merge pull request #16690 from poettering/userdb-group-desc 
description field for group records
 2020-08-11 00:27:54 -07:00
Lennart Poettering 7e31e90e58 units: order volatile-root after repart 
Let's make sure systemd-repart can still see the real device before we
replace its mount with an overlay mount, and thus order repart before
volatile-root.

See: https://lists.freedesktop.org/archives/systemd-devel/2020-July/044896.html
 2020-08-11 09:12:56 +02:00
Lennart Poettering 3f64046cda
Merge pull request #16697 from yuwata/network-fix-suspend-issue 
network: fix suspend issue
 2020-08-10 20:09:36 +02:00
Lennart Poettering 721bb6ed08
Merge pull request #16684 from keszybz/assorted-cleanups 
Assorted cleanups
 2020-08-10 19:28:05 +02:00
Nicholas Narsing a2af7e5c7e hwdb: Add ACCEL_MOUNT_MATRIX quirk for Asus M80TA 2020-08-10 17:31:58 +02:00
Yu Watanabe 9b966cee43 network: wait for previous address removal before configuring static addresses 
Fixes #16696.
 2020-08-08 12:41:03 +09:00
Yu Watanabe b6766fb114 network: drop unnecessary bracket 2020-08-08 12:31:59 +09:00
Yu Watanabe fb282d4e25 network: only process non-error message 2020-08-08 12:31:12 +09:00
Lennart Poettering a8c9824d2a
Merge pull request #16682 from poettering/userdb-gecos-fix 
userdb: mangle GECOS field if necessary
 2020-08-07 22:57:41 +02:00
Lennart Poettering 5cd12abaa0 user-record: deal with invalid GECOS fields gracefully 
Let's fix up invalid GECOS fields both when we convert from NSS to JSON
and the other way round.

Kinda sucks we have to do that, but NSS does it when writing data to
/etc/passwd, so let's do the same.

Fixes: #16668
 2020-08-07 17:36:27 +02:00
Lennart Poettering b10fd796f5 user-util: add mangle_gecos() call for turning strings into fields suitable as GECOS fields 2020-08-07 17:36:11 +02:00
Matt Fenwick c1c28fe2f7 fix typo in systemctl help 2020-08-07 16:57:28 +02:00
Zbigniew Jędrzejewski-Szmek 992aa67231
Merge pull request #16604 from poettering/tmpfiles-image 
add --image= switch to tmpfiles, sysusers, journalctl
 2020-08-07 10:08:42 +02:00