On Fri, 10 Nov 2023 11:47:55 +0000 Luca Boccassi <bluca@debian.org> wrote: > On Sun, 08 Oct 2023 18:08:59 +0100 Luca Boccassi <bluca@debian.org> > wrote: > > Package: release.debian.org > > Severity: normal > > Tags: bookworm > > User: release.debian.org@packages.debian.org > > Usertags: pu > > X-Debbugs-Cc: pkg-systemd-maintainers@lists.alioth.debian.org > > > > Dear Release Team, > > > > We would like to upload the latest stable point release of systemd > 252 > > to bookworm-p-u. Stable release branches are maintained upstream with > > the intention of providing bug fixes only and no compatibility > > breakages, and with automated non-trivial CI jobs that also cover > > Debian and Ubuntu. I have already uploaded to p-u. > > > > Debdiff attached. No packaging changes besides refreshing patches. > > A new stable release is out, so I've uploaded it to p-u, debdiff > attached. Again no packaging changes besides refreshing patches. It was noted that the diffstat is very large - that's because we now update hwdb.d in point releases, so it's 99.9999% new hardware identifiers being added. I've regenerated the debdiff to exclude files in the hwdb.d directory, so that it's easier to read. -- Kind regards, Luca Boccassi
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/debian/changelog systemd-252.19/debian/changelog
--- systemd-252.17/debian/changelog 2023-09-20 13:15:14.000000000 +0100
+++ systemd-252.19/debian/changelog 2023-11-10 00:25:41.000000000 +0000
@@ -1,3 +1,17 @@
+systemd (252.19-1~deb12u1) bookworm; urgency=medium
+
+ * New upstream version 252.19
+ * Refresh patches
+
+ -- Luca Boccassi <bluca@debian.org> Fri, 10 Nov 2023 00:25:41 +0000
+
+systemd (252.18-1~deb12u1) bookworm; urgency=medium
+
+ * New upstream version 252.18
+ * Refresh patches
+
+ -- Luca Boccassi <bluca@debian.org> Sun, 08 Oct 2023 16:14:12 +0100
+
systemd (252.17-1~deb12u1) bookworm; urgency=medium
* New upstream version 252.17. Fixes minor security issue in arm64
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/debian/patches/debian/Don-t-enable-audit-by-default.patch systemd-252.19/debian/patches/debian/Don-t-enable-audit-by-default.patch
--- systemd-252.17/debian/patches/debian/Don-t-enable-audit-by-default.patch 2023-09-20 13:15:08.000000000 +0100
+++ systemd-252.19/debian/patches/debian/Don-t-enable-audit-by-default.patch 2023-11-10 00:25:20.000000000 +0000
@@ -16,7 +16,7 @@
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
-index 185e1dc..d963a1d 100644
+index 6510afe..45eae3a 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -429,7 +429,7 @@
@@ -29,10 +29,10 @@
<varlistentry>
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
-index bced165..6356be2 100644
+index 3e55795..314f684 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
-@@ -2275,7 +2275,7 @@ int server_init(Server *s, const char *namespace) {
+@@ -2273,7 +2273,7 @@ int server_init(Server *s, const char *namespace) {
.compress.threshold_bytes = UINT64_MAX,
.seal = true,
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch systemd-252.19/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
--- systemd-252.17/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch 2023-09-20 13:15:08.000000000 +0100
+++ systemd-252.19/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch 2023-11-10 00:25:20.000000000 +0000
@@ -17,7 +17,7 @@
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
-index 24cee4c..185e1dc 100644
+index 33d8c55..6510afe 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -356,7 +356,7 @@
@@ -30,10 +30,10 @@
<literal>systemd.journald.forward_to_kmsg</literal>,
<literal>systemd.journald.forward_to_console</literal>, and
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
-index 6faf48d..bced165 100644
+index 4c5eadc..3e55795 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
-@@ -2285,6 +2285,7 @@ int server_init(Server *s, const char *namespace) {
+@@ -2283,6 +2283,7 @@ int server_init(Server *s, const char *namespace) {
.ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
.ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch systemd-252.19/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
--- systemd-252.17/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch 2023-09-20 13:15:08.000000000 +0100
+++ systemd-252.19/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch 2023-11-10 00:25:21.000000000 +0000
@@ -19,7 +19,7 @@
2 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
-index a84fafa..5e61df8 100644
+index c3b1a35..59ea0c6 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1650,24 +1650,6 @@ static void cmdline_take_random_seed(void) {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/debian/patches/p11kit-switch-to-dlopen.patch systemd-252.19/debian/patches/p11kit-switch-to-dlopen.patch
--- systemd-252.17/debian/patches/p11kit-switch-to-dlopen.patch 2023-09-20 13:15:08.000000000 +0100
+++ systemd-252.19/debian/patches/p11kit-switch-to-dlopen.patch 2023-11-10 00:25:20.000000000 +0000
@@ -41,7 +41,7 @@
librt,
libseccomp,
diff --git a/src/shared/pkcs11-util.c b/src/shared/pkcs11-util.c
-index 11cdccc..daee267 100644
+index 752a21d..5f5dbae 100644
--- a/src/shared/pkcs11-util.c
+++ b/src/shared/pkcs11-util.c
@@ -3,6 +3,7 @@
@@ -197,7 +197,7 @@
return log_notice_errno(SYNTHETIC_ERRNO(ENOLCK),
"PIN for token '%s' is incorrect, please try again.",
-@@ -238,7 +295,7 @@ int pkcs11_token_login(
+@@ -239,7 +296,7 @@ int pkcs11_token_login(
char **ret_used_pin) {
_cleanup_free_ char *token_uri_string = NULL, *token_uri_escaped = NULL, *id = NULL, *token_label = NULL;
@@ -206,7 +206,7 @@
CK_TOKEN_INFO updated_token_info;
int uri_result, r;
CK_RV rv;
-@@ -246,6 +303,10 @@ int pkcs11_token_login(
+@@ -247,6 +304,10 @@ int pkcs11_token_login(
assert(m);
assert(token_info);
@@ -217,7 +217,7 @@
token_label = pkcs11_token_label(token_info);
if (!token_label)
return log_oom();
-@@ -254,9 +315,9 @@ int pkcs11_token_login(
+@@ -255,9 +316,9 @@ int pkcs11_token_login(
if (!token_uri)
return log_oom();
@@ -229,7 +229,7 @@
r = pkcs11_token_login_by_pin(m, session, token_info, token_label, /* pin= */ NULL, 0);
if (r == 0 && ret_used_pin)
-@@ -335,7 +396,7 @@ int pkcs11_token_login(
+@@ -336,7 +397,7 @@ int pkcs11_token_login(
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to acquire updated security token information for slot %lu: %s",
@@ -238,7 +238,7 @@
token_info = &updated_token_info;
}
-@@ -356,12 +417,17 @@ int pkcs11_token_find_x509_certificate(
+@@ -357,12 +418,17 @@ int pkcs11_token_find_x509_certificate(
CK_ATTRIBUTE *attributes = NULL;
CK_OBJECT_HANDLE objects[2];
CK_RV rv, rv2;
@@ -257,7 +257,7 @@
for (a = 0; a < n_attributes; a++) {
/* We use the URI's included match attributes, but make them more strict. This allows users
-@@ -434,16 +500,16 @@ int pkcs11_token_find_x509_certificate(
+@@ -435,16 +501,16 @@ int pkcs11_token_find_x509_certificate(
rv = m->C_FindObjectsInit(session, attributes, n_attributes);
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
@@ -277,7 +277,7 @@
if (n_objects == 0)
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Failed to find selected X509 certificate on token.");
-@@ -471,11 +537,16 @@ int pkcs11_token_read_x509_certificate(
+@@ -472,11 +538,16 @@ int pkcs11_token_read_x509_certificate(
_cleanup_(X509_freep) X509 *x509 = NULL;
X509_NAME *name = NULL;
const unsigned char *p;
@@ -295,7 +295,7 @@
buffer = malloc(attribute.ulValueLen);
if (!buffer)
-@@ -486,7 +557,7 @@ int pkcs11_token_read_x509_certificate(
+@@ -487,7 +558,7 @@ int pkcs11_token_read_x509_certificate(
rv = m->C_GetAttributeValue(session, object, &attribute, 1);
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
@@ -304,7 +304,7 @@
p = attribute.pValue;
x509 = d2i_X509(NULL, &p, attribute.ulValueLen);
-@@ -520,12 +591,17 @@ int pkcs11_token_find_private_key(
+@@ -521,12 +592,17 @@ int pkcs11_token_find_private_key(
CK_ATTRIBUTE *attributes = NULL;
CK_OBJECT_HANDLE objects[2];
CK_RV rv, rv2;
@@ -323,7 +323,7 @@
for (a = 0; a < n_attributes; a++) {
/* We use the URI's included match attributes, but make them more strict. This allows users
-@@ -624,16 +700,16 @@ int pkcs11_token_find_private_key(
+@@ -625,16 +701,16 @@ int pkcs11_token_find_private_key(
rv = m->C_FindObjectsInit(session, attributes, n_attributes);
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
@@ -343,7 +343,7 @@
if (n_objects == 0)
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Failed to find selected private key suitable for decryption on token.");
-@@ -660,6 +736,7 @@ int pkcs11_token_decrypt_data(
+@@ -661,6 +737,7 @@ int pkcs11_token_decrypt_data(
_cleanup_(erase_and_freep) CK_BYTE *dbuffer = NULL;
CK_ULONG dbuffer_size = 0;
CK_RV rv;
@@ -351,7 +351,7 @@
assert(m);
assert(encrypted_data);
-@@ -667,10 +744,14 @@ int pkcs11_token_decrypt_data(
+@@ -668,10 +745,14 @@ int pkcs11_token_decrypt_data(
assert(ret_decrypted_data);
assert(ret_decrypted_data_size);
@@ -367,7 +367,7 @@
dbuffer_size = encrypted_data_size; /* Start with something reasonable */
dbuffer = malloc(dbuffer_size);
-@@ -689,7 +770,7 @@ int pkcs11_token_decrypt_data(
+@@ -690,7 +771,7 @@ int pkcs11_token_decrypt_data(
}
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
@@ -376,7 +376,7 @@
log_info("Successfully decrypted key with security token.");
-@@ -709,6 +790,10 @@ int pkcs11_token_acquire_rng(
+@@ -710,6 +791,10 @@ int pkcs11_token_acquire_rng(
assert(m);
@@ -387,7 +387,7 @@
/* While we are at it, let's read some RNG data from the PKCS#11 token and pass it to the kernel
* random pool. This should be cheap if we are talking to the device already. Note that we don't
* credit any entropy, since we don't know about the quality of the pkcs#11 token's RNG. Why bother
-@@ -725,7 +810,7 @@ int pkcs11_token_acquire_rng(
+@@ -726,7 +811,7 @@ int pkcs11_token_acquire_rng(
rv = m->C_GenerateRandom(session, buffer, rps);
if (rv != CKR_OK)
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
@@ -396,7 +396,7 @@
r = random_write_entropy(-1, buffer, rps, false);
if (r < 0)
-@@ -761,7 +846,7 @@ static int token_process(
+@@ -762,7 +847,7 @@ static int token_process(
rv = m->C_OpenSession(slotid, CKF_SERIAL_SESSION, NULL, NULL, &session);
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
@@ -405,7 +405,7 @@
if (callback)
r = callback(m, session, slotid, slot_info, token_info, search_uri, userdata);
-@@ -770,7 +855,7 @@ static int token_process(
+@@ -771,7 +856,7 @@ static int token_process(
rv = m->C_CloseSession(session);
if (rv != CKR_OK)
@@ -414,7 +414,7 @@
return r;
}
-@@ -782,21 +867,25 @@ static int slot_process(
+@@ -783,21 +868,25 @@ static int slot_process(
pkcs11_find_token_callback_t callback,
void *userdata) {
@@ -443,7 +443,7 @@
return -EAGAIN;
}
-@@ -807,9 +896,9 @@ static int slot_process(
+@@ -808,9 +897,9 @@ static int slot_process(
if (DEBUG_LOGGING) {
_cleanup_free_ char *slot_uri_string = NULL;
@@ -455,7 +455,7 @@
return -EAGAIN;
}
-@@ -821,7 +910,7 @@ static int slot_process(
+@@ -822,7 +911,7 @@ static int slot_process(
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"Token not present in slot, ignoring.");
} else if (rv != CKR_OK) {
@@ -464,7 +464,7 @@
return -EAGAIN;
}
-@@ -829,13 +918,13 @@ static int slot_process(
+@@ -830,13 +919,13 @@ static int slot_process(
if (!token_uri)
return log_oom();
@@ -481,7 +481,7 @@
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"Found non-matching token with URI %s.",
token_uri_string);
-@@ -858,8 +947,8 @@ static int module_process(
+@@ -859,8 +948,8 @@ static int module_process(
pkcs11_find_token_callback_t callback,
void *userdata) {
@@ -491,7 +491,7 @@
_cleanup_free_ CK_SLOT_ID *slotids = NULL;
CK_ULONG n_slotids = 0;
int uri_result;
-@@ -870,11 +959,15 @@ static int module_process(
+@@ -871,11 +960,15 @@ static int module_process(
assert(m);
@@ -508,7 +508,7 @@
if (!name)
return log_oom();
-@@ -882,7 +975,7 @@ static int module_process(
+@@ -883,7 +976,7 @@ static int module_process(
rv = m->C_GetInfo(&info);
if (rv != CKR_OK) {
@@ -517,7 +517,7 @@
return -EAGAIN;
}
-@@ -890,9 +983,9 @@ static int module_process(
+@@ -891,9 +984,9 @@ static int module_process(
if (!module_uri)
return log_oom();
@@ -529,7 +529,7 @@
return -EAGAIN;
}
-@@ -900,7 +993,7 @@ static int module_process(
+@@ -901,7 +994,7 @@ static int module_process(
rv = pkcs11_get_slot_list_malloc(m, &slotids, &n_slotids);
if (rv != CKR_OK) {
@@ -538,7 +538,7 @@
return -EAGAIN;
}
if (n_slotids == 0)
-@@ -926,10 +1019,14 @@ int pkcs11_find_token(
+@@ -927,10 +1020,14 @@ int pkcs11_find_token(
pkcs11_find_token_callback_t callback,
void *userdata) {
@@ -555,7 +555,7 @@
/* Execute the specified callback for each matching token found. If nothing is found returns
* -EAGAIN. Logs about all errors, except for EAGAIN, which the caller has to log about. */
-@@ -939,7 +1036,7 @@ int pkcs11_find_token(
+@@ -940,7 +1037,7 @@ int pkcs11_find_token(
return log_error_errno(r, "Failed to parse PKCS#11 URI '%s': %m", pkcs11_uri);
}
@@ -564,7 +564,7 @@
if (!modules)
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize pkcs11 modules");
-@@ -1053,13 +1150,17 @@ static int list_callback(
+@@ -1068,13 +1165,17 @@ static int list_callback(
void *userdata) {
_cleanup_free_ char *token_uri_string = NULL, *token_label = NULL, *token_manufacturer_id = NULL, *token_model = NULL;
@@ -583,7 +583,7 @@
/* We only care about hardware devices here with a token inserted. Let's filter everything else
* out. (Note that the user can explicitly specify non-hardware tokens if they like, but during
* enumeration we'll filter those, since software tokens are typically the system certificate store
-@@ -1083,9 +1184,9 @@ static int list_callback(
+@@ -1098,9 +1199,9 @@ static int list_callback(
if (!token_uri)
return log_oom();
@@ -595,7 +595,7 @@
r = table_add_many(
t,
-@@ -1139,13 +1240,17 @@ static int auto_callback(
+@@ -1154,13 +1255,17 @@ static int auto_callback(
P11KitUri *uri,
void *userdata) {
@@ -615,7 +615,7 @@
if (!FLAGS_SET(token_info->flags, CKF_HW_SLOT|CKF_TOKEN_PRESENT))
return -EAGAIN;
-@@ -1157,9 +1262,9 @@ static int auto_callback(
+@@ -1172,9 +1277,9 @@ static int auto_callback(
if (!token_uri)
return log_oom();
@@ -628,10 +628,10 @@
return 0;
}
diff --git a/src/shared/pkcs11-util.h b/src/shared/pkcs11-util.h
-index f8195d7..ac2ee08 100644
+index 7c88848..5bc23c1 100644
--- a/src/shared/pkcs11-util.h
+++ b/src/shared/pkcs11-util.h
-@@ -15,14 +15,30 @@
+@@ -16,14 +16,30 @@
bool pkcs11_uri_valid(const char *uri);
#if HAVE_P11KIT
@@ -664,7 +664,7 @@
CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);
-@@ -72,6 +88,14 @@ int pkcs11_crypt_device_callback(
+@@ -74,6 +90,14 @@ int pkcs11_crypt_device_callback(
P11KitUri *uri,
void *userdata);
@@ -718,10 +718,10 @@
}
diff --git a/test/test-functions b/test/test-functions
-index 4bdd2a9..f0423dd 100644
+index 345dc66..5d0a421 100644
--- a/test/test-functions
+++ b/test/test-functions
-@@ -1356,7 +1356,7 @@ install_missing_libraries() {
+@@ -1361,7 +1361,7 @@ install_missing_libraries() {
local lib path
# A number of dependencies is now optional via dlopen, so the install
# script will not pick them up, since it looks at linkage.
@@ -730,7 +730,7 @@
ddebug "Searching for $lib via pkg-config"
if pkg-config --exists "$lib"; then
path="$(pkg-config --variable=libdir "$lib")"
-@@ -1368,6 +1368,10 @@ install_missing_libraries() {
+@@ -1373,6 +1373,10 @@ install_missing_libraries() {
if ! [[ ${lib} =~ ^lib ]]; then
lib="lib${lib}"
fi
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/docs/CREDENTIALS.md systemd-252.19/docs/CREDENTIALS.md
--- systemd-252.17/docs/CREDENTIALS.md 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/docs/CREDENTIALS.md 2023-11-10 00:22:41.000000000 +0000
@@ -401,7 +401,12 @@
## Relevant Paths
From *service* perspective the runtime path to find loaded credentials in is
-provided in the `$CREDENTIALS_DIRECTORY` environment variable.
+provided in the `$CREDENTIALS_DIRECTORY` environment variable. For *system
+services* the credential directory will be `/run/credentials/<unit name>`, but
+hardcoding this path is discouraged, because it does not work for *user
+services*. Packagers and system administrators may hardcode the credential path
+as a last resort for software that does not yet search for credentials relative
+to `$CREDENTIALS_DIRECTORY`.
At runtime, credentials passed to the *system* are placed in
`/run/credentials/@system/` (for regular credentials, such as those passed from
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/docs/MOUNT_REQUIREMENTS.md systemd-252.19/docs/MOUNT_REQUIREMENTS.md
--- systemd-252.17/docs/MOUNT_REQUIREMENTS.md 1970-01-01 01:00:00.000000000 +0100
+++ systemd-252.19/docs/MOUNT_REQUIREMENTS.md 2023-11-10 00:22:41.000000000 +0000
@@ -0,0 +1,72 @@
+---
+title: Mount Requirements
+category: Booting
+layout: default
+SPDX-License-Identifier: LGPL-2.1-or-later
+---
+
+# Mount Point Availability Requirements
+
+systemd makes various requirements on the time during boot where various parts
+of the Linux file system hierarchy must be available and must be mounted. If
+the file systems backing these mounts are located on external or remote media,
+that require special drivers, infrastructure or networking to be set up, then
+this implies that this functionality must be started and running at that point
+already.
+
+Generally, there are three categories of requirements:
+
+1. 🌥️ *initrd*: File system mounts that must be established before the OS
+ transitions into the root file system. (i.e. that must be stablished from
+ the initrd before the initrd→host transition takes place.)
+
+2. 🌤️ *early*: File system mounts that must be established during early boot,
+ after the initrd→host transition took place, but before regular services are
+ started. (i.e. before `local-fs.target` is reached.)
+
+3. ☀️ *regular*: File system mounts that can be mounted at any time during the
+ boot process – but which specific, individual services might require to be
+ established at the point they are started. (i.e. these mounts are typically
+ ordered before `remote-fs.target`.)
+
+Of course, mounts that fall into category 3 can also be mounted during the
+initrd or in early boot. And those from category 2 can also be mounted already
+from the initrd.
+
+Here's a table with relevant mounts and to which category they belong:
+
+| *Mount* | *Category* |
+|---------------|------------|
+| `/` (root fs) | 1 |
+| `/usr/` | 1 |
+| `/etc/` | 1 |
+| `/var/` | 2 |
+| `/var/tmp/` | 2 |
+| `/tmp/` | 2 |
+| `/home/` | 3 |
+| `/srv/` | 3 |
+| XBOOTLDR | 3 |
+| ESP | 3 |
+
+Or in other words: the root file system (obviously…), `/usr/` and `/etc/` (if
+these are split off) must be mounted at the moment the initrd transitions into
+the host. Then, `/var/` (with `/var/tmp/`) and `/tmp/` (if split off) must be
+mounted, before the host reaches `local-fs.target` (and then `basic.target`),
+after which any remaining mounts may be established.
+
+If mounts such as `/var/` are not mounted during early boot (or from the
+initrd), and require some late boot service (for example a network manager
+implementation) to operate this will likely result in cyclic ordering
+dependencies, and will result in various forms of boot failures.
+
+If you intend to use network-backed mounts (NFS, SMB, iSCSI, NVME-TCP and
+similar, including anything you add the `_netdev` pseudo mount option to) for
+any of the mounts from category 1 or 2, make sure to use a network managing
+implementation that is capable of running from the initrd/during early
+boot. [`systemd-networkd(8)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-networkd.html)
+for example works well in such scenarios.
+
+Note that
+[`systemd-homed.service(8)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-homed.html)
+(which is a regular service, i.e. runs after `basic.target`) requires `/home/`
+to be mounted.
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/docs/USER_RECORD.md systemd-252.19/docs/USER_RECORD.md
--- systemd-252.17/docs/USER_RECORD.md 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/docs/USER_RECORD.md 2023-11-10 00:22:41.000000000 +0000
@@ -701,28 +701,40 @@
The `perMachine` field in the top-level object is an array of objects. When
processing the user record first the various fields on the top-level object
-should be used. Then this array should be iterated in order, and the various
-settings be applied that match either the indicated machine ID or host
-name. There may be multiple array entries that match a specific system, in
-which case all the object's setting should be applied. If the same option is
-set in the top-level object as in a per-machine object the latter wins and
-entirely undoes the setting in the top-level object (i.e. no merging of
-properties that are arrays themselves is done). If the same option is set in
-multiple per-machine objects the one specified later in the array wins (and
-here too no merging of individual fields is done, the later field always wins
-in full).
+should be parsed. Then, the `perMachine` array should be iterated in order, and
+the various settings within each contained object should be applied that match
+either the indicated machine ID or host name, overriding any corresponding
+settings previously parsed from the top-level object. There may be multiple
+array entries that match a specific system, in which case all settings should
+be applied. If the same option is set in the top-level object as in a
+per-machine object then the per-machine setting wins and entirely undoes the
+setting in the top-level object (i.e. no merging of properties that are arrays
+is done). If the same option is set in multiple per-machine objects the one
+specified later in the array wins (and here too no merging of individual fields
+is done, the later field always wins in full). To summarize, the order of
+application is (last one wins):
+
+1. Settings in the top-level object
+2. Settings in the first matching `perMachine` array entry
+3. Settings in the second matching `perMachine` array entry
+4. …
+5. Settings in the last matching `perMachine` array entry
The following fields are defined in this section:
`matchMachineId` → An array of strings that are formatted 128bit IDs in
hex. If any of the specified IDs match the system's local machine ID
-(i.e. matches `/etc/machine-id`) the fields in this object are honored.
+(i.e. matches `/etc/machine-id`) the fields in this object are honored. (As a
+special case, if only a single machine ID is listed this field may be a single
+string rather than an array of strings.)
-`matchHostname` → An array of strings that are valid hostnames. If any of
-the specified hostnames match the system's local hostname, the fields in this
+`matchHostname` → An array of strings that are valid hostnames. If any of the
+specified hostnames match the system's local hostname, the fields in this
object are honored. If both `matchHostname` and `matchMachineId` are used
within the same array entry, the object is honored when either match succeeds,
-i.e. the two match types are combined in OR, not in AND.
+i.e. the two match types are combined in OR, not in AND. (As a special case, if
+only a single machine ID is listed this field may be a single string rather
+than an array of strings.)
These two are the only two fields specific to this section. All other fields
that may be used in this section are identical to the equally named ones in the
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/.github/workflows/mkosi.yml systemd-252.19/.github/workflows/mkosi.yml
--- systemd-252.17/.github/workflows/mkosi.yml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/.github/workflows/mkosi.yml 2023-11-10 00:22:41.000000000 +0000
@@ -70,6 +70,10 @@
[Output]
KernelCommandLine=${{ env.KERNEL_CMDLINE }}
+
+ [Host]
+ # Sometimes we run on a host with /dev/kvm, but it is broken, so explicitly disable it
+ QemuKvm=no
EOF
- name: Build ${{ matrix.distro }}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/crypttab.xml systemd-252.19/man/crypttab.xml
--- systemd-252.17/man/crypttab.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/crypttab.xml 2023-11-10 00:22:41.000000000 +0000
@@ -815,7 +815,7 @@
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to add it in the LUKS2 volume:</para>
-<programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
+ <programlisting><xi:include href="yubikey-crypttab.sh" parse="text" /></programlisting>
<para>A few notes on the above:</para>
@@ -835,7 +835,7 @@
set up a FIDO2 security token for this purpose for a LUKS2 volume, using
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
-<programlisting><xi:include href="fido2-crypttab.sh" parse="text" /></programlisting>
+ <programlisting><xi:include href="fido2-crypttab.sh" parse="text" /></programlisting>
</example>
<example>
@@ -846,7 +846,7 @@
using
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
-<programlisting><xi:include href="tpm2-crypttab.sh" parse="text" /></programlisting>
+ <programlisting><xi:include href="tpm2-crypttab.sh" parse="text" /></programlisting>
</example>
</refsect1>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/environment.d.xml systemd-252.19/man/environment.d.xml
--- systemd-252.17/man/environment.d.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/environment.d.xml 2023-11-10 00:22:41.000000000 +0000
@@ -37,7 +37,7 @@
<title>Description</title>
<para>Configuration files in the <filename>environment.d/</filename> directories contain lists of
- environment variable assignments for services started by the systemd user instance.
+ environment variable assignments passed to services started by the systemd user instance.
<citerefentry><refentrytitle>systemd-environment-d-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
parses them and updates the environment exported by the systemd user instance. See below for an
discussion of which processes inherit those variables.</para>
@@ -91,18 +91,24 @@
<refsect1>
<title>Applicability</title>
- <para>Environment variables exported by the user manager (<command>systemd --user</command> instance
- started in the <filename>user@<replaceable>uid</replaceable>.service</filename> system service) apply to
- any services started by that manager. In particular, this may include services which run user shells. For
- example in the GNOME environment, the graphical terminal emulator runs as the
+ <para>Environment variables exported by the user service manager (<command>systemd --user</command>
+ instance started in the <filename>user@<replaceable>uid</replaceable>.service</filename> system service)
+ are passed to any services started by that service manager. In particular, this may include services
+ which run user shells. For example in the GNOME environment, the graphical terminal emulator runs as the
<filename>gnome-terminal-server.service</filename> user unit, which in turn runs the user shell, so that
shell will inherit environment variables exported by the user manager. For other instances of the shell,
- not launched by the user manager, the environment they inherit is defined by the program that starts
- them. Hint: in general,
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- units contain programs launched by systemd, and
- <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- units contain programs launched by something else.</para>
+ not launched by the user service manager, the environment they inherit is defined by the program that
+ starts them. Hint: in general,
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> units
+ contain programs launched by systemd, and
+ <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry> units
+ contain programs launched by something else.</para>
+
+ <para>Note that these files do not affect the environment block of the service manager itself, but
+ exclusively the environment blocks passed to the services it manages. Environment variables set that way
+ thus cannot be used to influence behaviour of the service manager. In order to make changes to the
+ service manager's environment block the environment must be modified before the user's service manager is
+ invoked, for example from the system service manager or via a PAM module.</para>
<para>Specifically, for ssh logins, the
<citerefentry project='die-net'><refentrytitle>sshd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/homectl.xml systemd-252.19/man/homectl.xml
--- systemd-252.17/man/homectl.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/homectl.xml 2023-11-10 00:22:41.000000000 +0000
@@ -251,6 +251,11 @@
owned by a different UID when logging in, the home directory and everything underneath it will have
its ownership changed automatically before login completes.</para>
+ <para>Note that changing this option for existing home directories generally has no effect on home
+ directories that already have been registered locally (have a local <emphasis>binding</emphasis>), as
+ the UID used for an account on the local system is determined when the home directory is first
+ activated on it, and then remains in effect until the home directory is removed.</para>
+
<para>Note that users managed by <command>systemd-homed</command> always have a matching group
associated with the same name as well as a GID matching the UID of the user. Thus, configuring the
GID separately is not permitted.</para></listitem>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/journald.conf.xml systemd-252.19/man/journald.conf.xml
--- systemd-252.17/man/journald.conf.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/journald.conf.xml 2023-11-10 00:22:41.000000000 +0000
@@ -276,9 +276,9 @@
<para><varname>SystemMaxFileSize=</varname> and <varname>RuntimeMaxFileSize=</varname> control how
large individual journal files may grow at most. This influences the granularity in which disk space
is made available through rotation, i.e. deletion of historic data. Defaults to one eighth of the
- values configured with <varname>SystemMaxUse=</varname> and <varname>RuntimeMaxUse=</varname>, so
- that usually seven rotated journal files are kept as history. If the journal compact mode is enabled
- (enabled by default), the maximum file size is capped to 4G.</para>
+ values configured with <varname>SystemMaxUse=</varname> and <varname>RuntimeMaxUse=</varname> capped
+ to 128M, so that usually seven rotated journal files are kept as history. If the journal compact
+ mode is enabled (enabled by default), the maximum file size is capped to 4G.</para>
<para>Specify values in bytes or use K, M, G, T, P, E as units for the specified sizes (equal to
1024, 1024², … bytes). Note that size limits are enforced synchronously when journal files are
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/kernel-command-line.xml systemd-252.19/man/kernel-command-line.xml
--- systemd-252.17/man/kernel-command-line.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/kernel-command-line.xml 2023-11-10 00:22:41.000000000 +0000
@@ -54,7 +54,6 @@
<term><varname>systemd.unit=</varname></term>
<term><varname>rd.systemd.unit=</varname></term>
<term><varname>systemd.dump_core</varname></term>
- <term><varname>systemd.early_core_pattern=</varname></term>
<term><varname>systemd.crash_chvt</varname></term>
<term><varname>systemd.crash_shell</varname></term>
<term><varname>systemd.crash_reboot</varname></term>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/org.freedesktop.home1.xml systemd-252.19/man/org.freedesktop.home1.xml
--- systemd-252.17/man/org.freedesktop.home1.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/org.freedesktop.home1.xml 2023-11-10 00:22:41.000000000 +0000
@@ -305,9 +305,14 @@
user record with the new passwords/authentication token data is specified as empty the existing user
record's settings are propagated down to the home directory storage. This is typically used after a
user record is updated using <function>UpdateHome()</function> in order to propagate the
- secrets/authentication tokens down to the storage. This method is equivalent to
- <function>ChangePassword()</function> on the <classname>org.freedesktop.home1.Home</classname>
- interface.</para>
+ secrets/authentication tokens down to the storage. Background: depending on the backend the user's
+ authentication credentials are stored at multiple places: the user record kept on the host, the user
+ record kept in the home directory and the encrypted LUKS volume slot. If the home directory is used on
+ a different machined temporarily, and the password is changed there, and then is moved back to the
+ original host, the passwords of the three might get out of sync. By issuing
+ <function>ChangePasswordHome()</function> the three locations are updated to match the newest
+ information. This method is equivalent to <function>ChangePassword()</function> on the
+ <classname>org.freedesktop.home1.Home</classname> interface.</para>
<para><function>LockHome()</function> temporarily suspends access to a home directory, flushing out any
cryptographic keys from memory. This is only supported on some back-ends, and usually done during system
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/sd_bus_error_add_map.xml systemd-252.19/man/sd_bus_error_add_map.xml
--- systemd-252.17/man/sd_bus_error_add_map.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/sd_bus_error_add_map.xml 2023-11-10 00:22:41.000000000 +0000
@@ -35,20 +35,15 @@
…
} sd_bus_error_map;</funcsynopsisinfo>
- </funcsynopsis>
+ <funcsynopsisinfo><constant>SD_BUS_ERROR_MAP(<replaceable>name</replaceable>, <replaceable>code</replaceable>)</constant></funcsynopsisinfo>
- <para>
- <constant>SD_BUS_ERROR_MAP(<replaceable>name</replaceable>, <replaceable>code</replaceable>)</constant>
- </para>
- <para>
- <constant>SD_BUS_ERROR_MAP_END</constant>
- </para>
+ <funcsynopsisinfo><constant>SD_BUS_ERROR_MAP_END</constant></funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>sd_bus_error_add_map</function></funcdef>
<paramdef>const sd_bus_error_map *<parameter>map</parameter></paramdef>
</funcprototype>
-
+ </funcsynopsis>
</refsynopsisdiv>
<refsect1>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/sd_listen_fds.xml systemd-252.19/man/sd_listen_fds.xml
--- systemd-252.17/man/sd_listen_fds.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/sd_listen_fds.xml 2023-11-10 00:22:41.000000000 +0000
@@ -194,6 +194,9 @@
number. <function>sd_listen_fds_with_names()</function> does the
same but also parses <varname>$LISTEN_FDNAMES</varname> if
set.</para>
+
+ <para>These functions are not designed for services that specify <varname>StandardInput=socket</varname>
+ as the <varname>$LISTEN_FDS</varname> variable is not set in their environment.</para>
</refsect1>
<refsect1>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-analyze.xml systemd-252.19/man/systemd-analyze.xml
--- systemd-252.17/man/systemd-analyze.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-analyze.xml 2023-11-10 00:22:41.000000000 +0000
@@ -1088,6 +1088,9 @@
<entry>CapabilityBoundingSet_CAP_SYS_TTY_CONFIG</entry>
</row>
<row>
+ <entry>CapabilityBoundingSet_CAP_BPF</entry>
+ </row>
+ <row>
<entry>UMask</entry>
</row>
<row>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-cgtop.xml systemd-252.19/man/systemd-cgtop.xml
--- systemd-252.17/man/systemd-cgtop.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-cgtop.xml 2023-11-10 00:22:41.000000000 +0000
@@ -144,8 +144,8 @@
<listitem><para>Count only userspace processes instead of all
tasks. By default, all tasks are counted: each kernel thread
and each userspace thread individually. With this setting,
- kernel threads are excluded from the counting and each
- userspace process only counts as one, regardless how many
+ kernel threads are excluded from the count and each userspace
+ process only counts as one task, regardless of how many
threads it consists of. This setting may also be toggled at
runtime by pressing the <keycap>P</keycap> key. This option
may not be combined with
@@ -159,8 +159,8 @@
threads instead of all tasks. By default, all tasks are
counted: each kernel thread and each userspace thread
individually. With this setting, kernel threads are included in
- the counting and each userspace process only counts as on one,
- regardless how many threads it consists of. This setting may
+ the count and each userspace process only counts as one task,
+ regardless of how many threads it consists of. This setting may
also be toggled at runtime by pressing the <keycap>k</keycap>
key. This option may not be combined with
<option>-P</option>.</para></listitem>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-coredump.xml systemd-252.19/man/systemd-coredump.xml
--- systemd-252.17/man/systemd-coredump.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-coredump.xml 2023-11-10 00:22:41.000000000 +0000
@@ -214,6 +214,16 @@
<varlistentry>
<term><varname>COREDUMP_CGROUP=</varname></term>
+
+ <listitem><para>The primary cgroup of the unit of the crashed process.</para>
+
+ <para>When the crashed process was in a container, this is the full path, as seen outside of the
+ container.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>COREDUMP_PROC_CGROUP=</varname></term>
<listitem><para>Control group information in the format used in
<filename>/proc/self/cgroup</filename>. On systems with the unified cgroup hierarchy, this is a
single path prefixed with <literal>0::</literal>, and multiple paths prefixed with controller numbers
@@ -227,9 +237,10 @@
<varlistentry>
<term><varname>COREDUMP_OWNER_UID=</varname></term>
<term><varname>COREDUMP_USER_UNIT=</varname></term>
+ <term><varname>COREDUMP_SESSION=</varname></term>
<listitem><para>The numerical UID of the user owning the login session or systemd user unit of the
- crashed process, and the user manager unit. Both fields are only present for user processes.
- </para>
+ crashed process, the user manager unit, and the sesion identifier. All three fields are only present
+ for user processes.</para>
<para>When the crashed process was in container, those are the values <emphasis>outside</emphasis>,
in the main system.</para>
@@ -294,23 +305,29 @@
</varlistentry>
<varlistentry>
+ <term><varname>COREDUMP_CMDLINE=</varname></term>
<term><varname>COREDUMP_COMM=</varname></term>
- <term><varname>COREDUMP_PROC_STATUS=</varname></term>
- <term><varname>COREDUMP_PROC_MAPS=</varname></term>
+ <term><varname>COREDUMP_ENVIRON=</varname></term>
+ <term><varname>COREDUMP_PROC_AUXV=</varname></term>
<term><varname>COREDUMP_PROC_LIMITS=</varname></term>
+ <term><varname>COREDUMP_PROC_MAPS=</varname></term>
<term><varname>COREDUMP_PROC_MOUNTINFO=</varname></term>
- <term><varname>COREDUMP_ENVIRON=</varname></term>
+ <term><varname>COREDUMP_PROC_STATUS=</varname></term>
<listitem><para>Fields that map the per-process entries in the <filename>/proc/</filename>
- filesystem: <filename>/proc/<replaceable>pid</replaceable>/comm</filename> (the command name
- associated with the process), <filename>/proc/<replaceable>pid</replaceable>/exe</filename> (the
- filename of the executed command), <filename>/proc/<replaceable>pid</replaceable>/status</filename>
- (various metadata about the process), <filename>/proc/<replaceable>pid</replaceable>/maps</filename>
- (memory regions visible to the process and their access permissions),
+ filesystem: <filename>/proc/<replaceable>pid</replaceable>/cmdline</filename> (the command line of
+ the crashed process), <filename>/proc/<replaceable>pid</replaceable>/comm</filename> (the command
+ name associated with the process), <filename>/proc/<replaceable>pid</replaceable>/environ</filename>
+ (the environment block of the crashed process),
+ <filename>/proc/<replaceable>pid</replaceable>/auxv</filename> (the auxiliary vector of the crashed
+ process, see <citerefentry
+ project='man-pages'><refentrytitle>getauxval</refentrytitle><manvolnum>3</manvolnum></citerefentry>),
<filename>/proc/<replaceable>pid</replaceable>/limits</filename> (the soft and hard resource limits),
- <filename>/proc/<replaceable>pid</replaceable>/mountinfo</filename> (mount points in the process's
- mount namespace), <filename>/proc/<replaceable>pid</replaceable>/environ</filename>
- (the environment block of the crashed process).</para>
+ <filename>/proc/<replaceable>pid</replaceable>/maps</filename> (memory regions visible to the process
+ and their access permissions), <filename>/proc/<replaceable>pid</replaceable>/mountinfo</filename>
+ (mount points in the process's mount namespace),
+ <filename>/proc/<replaceable>pid</replaceable>/status</filename> (various metadata about the
+ process).</para>
<para>See
<citerefentry project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-creds.xml systemd-252.19/man/systemd-creds.xml
--- systemd-252.17/man/systemd-creds.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-creds.xml 2023-11-10 00:22:41.000000000 +0000
@@ -436,7 +436,7 @@
<filename>xyz.service</filename>:</para>
<programlisting># mkdir -p /etc/systemd/system/xyz.service.d
-# systemd-ask-password -n | systemd-creds encrypt --name=mysql-password -p - - > /etc/systemd/system/xyz.service.d/50-password.conf
+# systemd-ask-password -n | ( echo "[Service]" && systemd-creds encrypt --name=mysql-password -p - - ) > /etc/systemd/system/xyz.service.d/50-password.conf
# systemctl daemon-reload
# systemctl restart xyz.service</programlisting>
</example>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-cryptenroll.xml systemd-252.19/man/systemd-cryptenroll.xml
--- systemd-252.17/man/systemd-cryptenroll.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-cryptenroll.xml 2023-11-10 00:22:41.000000000 +0000
@@ -22,7 +22,9 @@
<refsynopsisdiv>
<cmdsynopsis>
- <command>systemd-cryptenroll <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt">DEVICE</arg></command>
+ <command>systemd-cryptenroll</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <arg choice="opt">DEVICE</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -78,6 +80,30 @@
</refsect1>
<refsect1>
+ <title>Compatibility</title>
+
+ <para>Security technology both in systemd and in the general industry constantly evolves. In order to
+ provide best security guarantees, the way TPM2, FIDO2, PKCS#11 devices are enrolled is regularly updated
+ in newer versions of systemd. Whenever this happens the following compatibility guarantees are given:</para>
+
+ <itemizedlist>
+ <listitem><para>Old enrollments continue to be supported and may be unlocked with newer versions of
+ <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para></listitem>
+
+ <listitem><para>The opposite is not guaranteed however: it might not be possible to unlock volumes with
+ enrollments done with a newer version of <command>systemd-cryptenroll</command> with an older version
+ of <command>systemd-cryptsetup</command>.</para></listitem>
+ </itemizedlist>
+
+ <para>That said, it is generally recommended to use matching versions of
+ <command>systemd-cryptenroll</command> and <command>systemd-cryptsetup</command>, since this is best
+ tested and supported.</para>
+
+ <para>It might be advisable to re-enroll existing enrollments to take benefit of newer security features,
+ as they are added to systemd.</para>
+ </refsect1>
+
+ <refsect1>
<title>Options</title>
<para>The following options are understood:</para>
@@ -442,6 +468,14 @@
</refsect1>
<refsect1>
+ <title>Examples</title>
+
+ <para><citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
+ <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ contain various examples employing <command>systemd-cryptenroll</command>.</para>
+ </refsect1>
+
+ <refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd.exec.xml systemd-252.19/man/systemd.exec.xml
--- systemd-252.17/man/systemd.exec.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd.exec.xml 2023-11-10 00:22:41.000000000 +0000
@@ -274,7 +274,7 @@
the service with a private, minimal version of <filename>/dev/</filename>, combine this option with
<varname>PrivateDevices=</varname>.</para>
- <para>In order to allow propagating mounts at runtime in a safe manner, <filename>/run/systemd/propagate</filename>
+ <para>In order to allow propagating mounts at runtime in a safe manner, <filename>/run/systemd/propagate/</filename>
on the host will be used to set up new mounts, and <filename>/run/host/incoming/</filename> in the private namespace
will be used as an intermediate step to store them before being moved to the final mount point.</para></listitem>
</varlistentry>
@@ -1490,7 +1490,12 @@
permit this. Nest <varname>ReadWritePaths=</varname> inside of <varname>ReadOnlyPaths=</varname> in
order to provide writable subdirectories within read-only directories. Use
<varname>ReadWritePaths=</varname> in order to allow-list specific paths for write access if
- <varname>ProtectSystem=strict</varname> is used.</para>
+ <varname>ProtectSystem=strict</varname> is used. Note that <varname>ReadWritePaths=</varname> cannot
+ be used to gain write access to a file system whose superblock is mounted read-only. On Linux, for
+ each mount point write access is granted only if the mount point itself <emphasis>and</emphasis> the
+ file system superblock backing it are not marked read-only. <varname>ReadWritePaths=</varname> only
+ controls the former, not the latter, hence a read-only file system superblock remains
+ protected.</para>
<para>Paths listed in <varname>InaccessiblePaths=</varname> will be made inaccessible for processes inside
the namespace along with everything below them in the file system hierarchy. This may be more restrictive than
@@ -1525,12 +1530,15 @@
i.e. writable mounts appearing on the host will be writable in the unit's namespace too, even when propagated
below a path marked with <varname>ReadOnlyPaths=</varname>! Restricting access with these options hence does
not extend to submounts of a directory that are created later on. This means the lock-down offered by that
- setting is not complete, and does not offer full protection. </para>
+ setting is not complete, and does not offer full protection.</para>
<para>Note that the effect of these settings may be undone by privileged processes. In order to set up an
effective sandboxed environment for a unit it is thus recommended to combine these settings with either
- <varname>CapabilityBoundingSet=~CAP_SYS_ADMIN</varname> or
- <varname>SystemCallFilter=~@mount</varname>.</para>
+ <varname>CapabilityBoundingSet=~CAP_SYS_ADMIN</varname> or <varname>SystemCallFilter=~@mount</varname>.</para>
+
+ <para>Please be extra careful when applying these options to API file systems (a list of them could be
+ found in <varname>MountAPIVPS=</varname>), since they may be required for basic system functionalities.
+ Moreover, <filename>/run/</filename> needs to be writable for setting up mount namespace and propagation.</para>
<para>Simple allow-list example using these directives:
<programlisting>[Service]
@@ -2697,7 +2705,8 @@
input will be connected to the socket the service was activated from, which is primarily useful for
compatibility with daemons designed for use with the traditional <citerefentry
project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry> socket activation
- daemon.</para>
+ daemon (<varname>$LISTEN_FDS</varname> (and related) environment variables are not passed when
+ <option>socket</option> value is configured).</para>
<para>The <option>fd:<replaceable>name</replaceable></option> option connects standard input to a specific,
named file descriptor provided by a socket unit. The name may be specified as part of this option, following a
@@ -3137,7 +3146,12 @@
<varname>ExecStart=</varname> command line use <literal>${CREDENTIALS_DIRECTORY}/mycred</literal>,
e.g. <literal>ExecStart=cat ${CREDENTIALS_DIRECTORY}/mycred</literal>. In order to reference the path
a credential may be read from within a <varname>Environment=</varname> line use
- <literal>%d/mycred</literal>, e.g. <literal>Environment=MYCREDPATH=%d/mycred</literal>.</para>
+ <literal>%d/mycred</literal>, e.g. <literal>Environment=MYCREDPATH=%d/mycred</literal>. For system
+ services the path may also be referenced as
+ <literal>/run/credentials/<replaceable>UNITNAME</replaceable></literal> in cases where no
+ interpolation is possible, e.g. configuration files of software that does not yet support credentials
+ natively. <varname>$CREDENTIALS_DIRECTORY</varname> is considered the primary interface to look for
+ credentials, though, since it also works for user services.</para>
<para>Currently, an accumulated credential size limit of 1 MB per unit is enforced.</para>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-gpt-auto-generator.xml systemd-252.19/man/systemd-gpt-auto-generator.xml
--- systemd-252.17/man/systemd-gpt-auto-generator.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-gpt-auto-generator.xml 2023-11-10 00:22:41.000000000 +0000
@@ -93,7 +93,7 @@
</row>
<row>
<entry>
- <constant>SD_GPT_ROOT_ALPHA</constant> <constant>SD_GPT_ROOT_ARC</constant> <constant>SD_GPT_ROOT_ARM</constant> <constant>SD_GPT_ROOT_ARM64</constant> <constant>SD_GPT_ROOT_IA64</constant> <constant>SD_GPT_ROOT_LOONGARCH64</constant> <constant>SD_GPT_ROOT_MIPS_LE</constant> <constant>SD_GPT_ROOT_MIPS64_LE</constant> <constant>SD_GPT_ROOT_PARISC</constant> <constant>SD_GPT_ROOT_PPC</constant> <constant>SD_GPT_ROOT_PPC64</constant> <constant>SD_GPT_ROOT_PPC64_LE</constant> <constant>SD_GPT_ROOT_RISCV32</constant> <constant>SD_GPT_ROOT_RISCV64</constant> <constant>SD_GPT_ROOT_S390</constant> <constant>SD_GPT_ROOT_S390X</constant> <constant>SD_GPT_ROOT_TILEGX</constant> <constant>SD_GPT_ROOT_X86</constant> <constant>SD_GPT_ROOT_X86_64</constant> <constant>SD_GPT_USR_ALPHA</constant> <constant>SD_GPT_USR_ARC</constant> <constant>SD_GPT_USR_ARM</constant> <constant>SD_GPT_USR_IA64</constant> <constant>SD_GPT_USR_LOONGARCH64</constant> <constant>SD_GPT_USR_MIPS_LE</constant> <constant>SD_GPT_USR_MIPS64_LE</constant> <constant>SD_GPT_USR_PARISC</constant> <constant>SD_GPT_USR_PPC</constant> <constant>SD_GPT_USR_PPC64</constant> <constant>SD_GPT_USR_PPC64_LE</constant> <constant>SD_GPT_USR_RISCV32</constant> <constant>SD_GPT_USR_RISCV64</constant> <constant>SD_GPT_USR_S390</constant> <constant>SD_GPT_USR_S390X</constant> <constant>SD_GPT_USR_TILEGX</constant> <constant>SD_GPT_USR_X86</constant>
+ <constant>SD_GPT_ROOT_ALPHA</constant> <constant>SD_GPT_ROOT_ARC</constant> <constant>SD_GPT_ROOT_ARM</constant> <constant>SD_GPT_ROOT_ARM64</constant> <constant>SD_GPT_ROOT_IA64</constant> <constant>SD_GPT_ROOT_LOONGARCH64</constant> <constant>SD_GPT_ROOT_MIPS</constant> <constant>SD_GPT_ROOT_MIPS64</constant> <constant>SD_GPT_ROOT_MIPS_LE</constant> <constant>SD_GPT_ROOT_MIPS64_LE</constant> <constant>SD_GPT_ROOT_PARISC</constant> <constant>SD_GPT_ROOT_PPC</constant> <constant>SD_GPT_ROOT_PPC64</constant> <constant>SD_GPT_ROOT_PPC64_LE</constant> <constant>SD_GPT_ROOT_RISCV32</constant> <constant>SD_GPT_ROOT_RISCV64</constant> <constant>SD_GPT_ROOT_S390</constant> <constant>SD_GPT_ROOT_S390X</constant> <constant>SD_GPT_ROOT_TILEGX</constant> <constant>SD_GPT_ROOT_X86</constant> <constant>SD_GPT_ROOT_X86_64</constant> <constant>SD_GPT_USR_ALPHA</constant> <constant>SD_GPT_USR_ARC</constant> <constant>SD_GPT_USR_ARM</constant> <constant>SD_GPT_USR_IA64</constant> <constant>SD_GPT_USR_LOONGARCH64</constant> <constant>SD_GPT_USR_MIPS_LE</constant> <constant>SD_GPT_USR_MIPS64_LE</constant> <constant>SD_GPT_USR_PARISC</constant> <constant>SD_GPT_USR_PPC</constant> <constant>SD_GPT_USR_PPC64</constant> <constant>SD_GPT_USR_PPC64_LE</constant> <constant>SD_GPT_USR_RISCV32</constant> <constant>SD_GPT_USR_RISCV64</constant> <constant>SD_GPT_USR_S390</constant> <constant>SD_GPT_USR_S390X</constant> <constant>SD_GPT_USR_TILEGX</constant> <constant>SD_GPT_USR_X86</constant>
</entry>
<entry>root partitions for other architectures</entry>
<entry><filename>/</filename></entry>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd.net-naming-scheme.xml systemd-252.19/man/systemd.net-naming-scheme.xml
--- systemd-252.17/man/systemd.net-naming-scheme.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd.net-naming-scheme.xml 2023-11-10 00:22:41.000000000 +0000
@@ -54,7 +54,7 @@
</refsect1>
<refsect1>
- <title>Naming</title>
+ <title>Policies</title>
<para>All names start with a two-character prefix that signifies the interface type.</para>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd.network.xml systemd-252.19/man/systemd.network.xml
--- systemd-252.17/man/systemd.network.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd.network.xml 2023-11-10 00:22:41.000000000 +0000
@@ -1827,10 +1827,24 @@
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>).
</para>
- <para>When true, <varname>SendHostname=</varname>, <varname>ClientIdentifier=</varname>,
- <varname>VendorClassIdentifier=</varname>, <varname>UserClass=</varname>,
- <varname>RequestOptions=</varname>, <varname>SendOption=</varname>,
- <varname>SendVendorOption=</varname>, and <varname>MUDURL=</varname> are ignored.</para>
+ <para>When true,
+ <varname>ClientIdentifier=mac</varname>,
+ <varname>SendHostname=no</varname>,
+ <varname>Use6RD=no</varname>,
+ <varname>UseCaptivePortal=no</varname>,
+ <varname>UseMTU=no</varname>,
+ <varname>UseNTP=no</varname>,
+ <varname>UseSIP=no</varname>, and
+ <varname>UseTimezone=no</varname>
+ are implied and these settings in the .network file are silently ignored. Also,
+ <varname>Hostname=</varname>,
+ <varname>MUDURL=</varname>,
+ <varname>RequestOptions=</varname>,
+ <varname>SendOption=</varname>,
+ <varname>SendVendorOption=</varname>,
+ <varname>UserClass=</varname>, and
+ <varname>VendorClassIdentifier=</varname>
+ are silently ignored.</para>
<para>With this option enabled DHCP requests will mimic those generated by Microsoft
Windows, in order to reduce the ability to fingerprint and recognize installations. This
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd-resolved.service.xml systemd-252.19/man/systemd-resolved.service.xml
--- systemd-252.17/man/systemd-resolved.service.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd-resolved.service.xml 2023-11-10 00:22:41.000000000 +0000
@@ -237,7 +237,7 @@
<refsect1>
<title>Compatibility with the traditional glibc stub resolver</title>
- <para>This section provides a short summary of differences in the stub resolver implemented by
+ <para>This section provides a short summary of differences in the resolver implemented by
<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry> together
with <command>systemd-resolved</command> and the traditional stub resolver implemented in
<filename>nss-dns</filename>.</para>
@@ -302,6 +302,19 @@
<varname>$RES_OPTIONS</varname> described in
<citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
are not supported currently.</para></listitem>
+
+ <listitem><para>The <filename>nss-dns</filename> resolver maintains little state between subsequent DNS
+ queries, and for each query always talks to the first listed DNS server from
+ <filename>/etc/resolv.conf</filename> first, and on failure continues with the next until reaching the
+ end of the list which is when the query fails. The resolver in
+ <filename>systemd-resolved.service</filename> however maintains state, and will continuously talk to
+ the same server for all queries on a particular lookup scope until some form of error is seen at which
+ point it switches to the next, and then continuously stays with it for all queries on the scope until
+ the next failure, and so on, eventually returning to the first configured server. This is done to
+ optimize lookup times, in particular given that the resolver typically must first probe server feature
+ sets when talking to a server, which is time consuming. This different behaviour implies that listed
+ DNS servers per lookup scope must be equivalent in the zones they serve, so that sending a query to one
+ of them will yield the same results as sending it to another configured DNS server.</para></listitem>
</itemizedlist>
</refsect1>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd.service.xml systemd-252.19/man/systemd.service.xml
--- systemd-252.17/man/systemd.service.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd.service.xml 2023-11-10 00:22:41.000000000 +0000
@@ -1009,14 +1009,25 @@
<varlistentry>
<term><varname>NonBlocking=</varname></term>
- <listitem><para>Set the <constant>O_NONBLOCK</constant> flag for all file descriptors passed via socket-based
- activation. If true, all file descriptors >= 3 (i.e. all except stdin, stdout, stderr), excluding those passed
- in via the file descriptor storage logic (see <varname>FileDescriptorStoreMax=</varname> for details), will
- have the <constant>O_NONBLOCK</constant> flag set and hence are in non-blocking mode. This option is only
+ <listitem><para>Set the <constant>O_NONBLOCK</constant> flag for all file descriptors passed via
+ socket-based activation. If true, all file descriptors >= 3 (i.e. all except stdin, stdout, stderr),
+ excluding those passed in via the file descriptor storage logic (see
+ <varname>FileDescriptorStoreMax=</varname> for details), will have the
+ <constant>O_NONBLOCK</constant> flag set and hence are in non-blocking mode. This option is only
useful in conjunction with a socket unit, as described in
- <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry> and has no
- effect on file descriptors which were previously saved in the file-descriptor store for example. Defaults to
- false.</para></listitem>
+ <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and has no effect on file descriptors which were previously saved in the file-descriptor store for
+ example. Defaults to false.</para>
+
+ <para>Note that if the same socket unit is configured to be passed to multiple service units (via the
+ <varname>Sockets=</varname> setting, see below), and these services have different
+ <varname>NonBlocking=</varname> configurations, the precise state of <constant>O_NONBLOCK</constant>
+ depends on the order in which these services are invoked, and will possibly change after service code
+ already took possession of the socket file descriptor, simply because the
+ <constant>O_NONBLOCK</constant> state of a socket is shared by all file descriptors referencing
+ it. Hence it is essential that all services sharing the same socket use the same
+ <varname>NonBlocking=</varname> configuration, and do not change the flag in service code
+ either.</para></listitem>
</varlistentry>
<varlistentry>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/systemd.unit.xml systemd-252.19/man/systemd.unit.xml
--- systemd-252.17/man/systemd.unit.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/systemd.unit.xml 2023-11-10 00:22:41.000000000 +0000
@@ -1867,17 +1867,17 @@
<entry>an automatic property</entry>
</row>
<row>
- <entry><varname>Triggers=</varname></entry>
- <entry><varname>TriggeredBy=</varname></entry>
- <entry namest='fuse' nameend='ruse' valign='middle'>Automatic properties, see notes below</entry>
- </row>
- <row>
<entry><varname>Conflicts=</varname></entry>
<entry><varname>ConflictedBy=</varname></entry>
<entry>[Unit] section</entry>
<entry>an automatic property</entry>
</row>
<row>
+ <entry><varname>Triggers=</varname></entry>
+ <entry><varname>TriggeredBy=</varname></entry>
+ <entry namest='fuse' nameend='ruse' valign='middle'>Automatic properties, see notes below</entry>
+ </row>
+ <row>
<entry><varname>PropagatesReloadTo=</varname></entry>
<entry><varname>ReloadPropagatedFrom=</varname></entry>
<entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry>
@@ -1887,6 +1887,15 @@
<entry><varname>PropagatesReloadTo=</varname></entry>
</row>
<row>
+ <entry><varname>PropagatesStopTo=</varname></entry>
+ <entry><varname>StopPropagatedFrom=</varname></entry>
+ <entry morerows='1' namest='fuse' nameend='ruse' valign='middle'>[Unit] section</entry>
+ </row>
+ <row>
+ <entry><varname>StopPropagatedFrom=</varname></entry>
+ <entry><varname>PropagatesStopTo=</varname></entry>
+ </row>
+ <row>
<entry><varname>Following=</varname></entry>
<entry>n/a</entry>
<entry>An automatic property</entry>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/man/tmpfiles.d.xml systemd-252.19/man/tmpfiles.d.xml
--- systemd-252.17/man/tmpfiles.d.xml 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/man/tmpfiles.d.xml 2023-11-10 00:22:41.000000000 +0000
@@ -546,9 +546,10 @@
removed unless applied to a directory. This functionality is particularly useful in conjunction with
<varname>Z</varname>.</para>
- <para>Optionally, if prefixed with <literal>:</literal>, the configured access mode is only used when
- creating new inodes. If the inode the line refers to already exists, its access mode is left in place
- unmodified.</para>
+ <para>By default the access mode of listed inodes is set to the specified mode regardless if it is
+ created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured
+ access mode is only applied when creating new inodes, and if the inode the line refers to
+ already exists, its access mode is left in place unmodified.</para>
</refsect2>
<refsect2>
@@ -569,9 +570,10 @@
Resolvability of User and Group Names</ulink> for more information on requirements on system user/group
definitions.</para>
- <para>Optionally, if prefixed with <literal>:</literal>, the configured user/group information is only
- used when creating new inodes. If the inode the line refers to already exists, its user/group is left
- in place unmodified.</para>
+ <para>By default the ownership of listed inodes is set to the specified user/group regardless if it is
+ created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured
+ user/group information is only applied when creating new inodes, and if the inode the line refers to
+ already exists, its user/group is left in place unmodified.</para>
</refsect2>
<refsect2>
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/mkosi.postinst systemd-252.19/mkosi.postinst
--- systemd-252.17/mkosi.postinst 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/mkosi.postinst 2023-11-10 00:22:41.000000000 +0000
@@ -21,6 +21,10 @@
# Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu.
rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service
+
+ # This unit comes from packages newer than this repository, and is left around as wejust rely on
+ # overwriting from the local build, so disable it manually, as it will fail the CI run
+ systemctl mask systemd-tmpfiles-setup-dev-early.service
fi
# Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/analyze/analyze-security.c systemd-252.19/src/analyze/analyze-security.c
--- systemd-252.17/src/analyze/analyze-security.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/analyze/analyze-security.c 2023-11-10 00:22:41.000000000 +0000
@@ -1254,6 +1254,17 @@
.parameter = (UINT64_C(1) << CAP_SYS_PACCT),
},
{
+ .id = "CapabilityBoundingSet=~CAP_BPF",
+ .json_field = "CapabilityBoundingSet_CAP_BPF",
+ .description_good = "Service may load BPF programs",
+ .description_bad = "Service may not load BPF programs",
+ .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=";,
+ .weight = 25,
+ .range = 1,
+ .assess = assess_capability_bounding_set,
+ .parameter = (UINT64_C(1) << CAP_BPF),
+ },
+ {
.id = "UMask=",
.json_field = "UMask",
.url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#UMask=";,
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/limits-util.c systemd-252.19/src/basic/limits-util.c
--- systemd-252.17/src/basic/limits-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/limits-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -156,8 +156,11 @@
if (r < 0)
log_debug_errno(r, "Failed to determine cgroup root path, ignoring: %m");
else {
+ /* We'll have the "pids.max" attribute on the our root cgroup only if we are in a
+ * CLONE_NEWCGROUP namespace. On the top-level namespace this attribute is missing, hence
+ * suppress any message about that */
r = cg_get_attribute_as_uint64("pids", root, "pids.max", &c);
- if (r < 0)
+ if (r < 0 && r != -ENODATA)
log_debug_errno(r, "Failed to read pids.max attribute of root cgroup, ignoring: %m");
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/macro.h systemd-252.19/src/basic/macro.h
--- systemd-252.17/src/basic/macro.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/macro.h 2023-11-10 00:22:41.000000000 +0000
@@ -208,7 +208,7 @@
/* We override the glibc assert() here. */
#undef assert
#ifdef NDEBUG
-#define assert(expr) do {} while (false)
+#define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
#else
#define assert(expr) assert_message_se(expr, #expr)
#endif
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/path-util.c systemd-252.19/src/basic/path-util.c
--- systemd-252.17/src/basic/path-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/path-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -42,7 +42,7 @@
return r;
}
-char *path_make_absolute(const char *p, const char *prefix) {
+char* path_make_absolute(const char *p, const char *prefix) {
assert(p);
/* Makes every item in the list an absolute path by prepending
@@ -254,7 +254,7 @@
return 0;
}
-char **path_strv_resolve(char **l, const char *root) {
+char** path_strv_resolve(char **l, const char *root) {
unsigned k = 0;
bool enomem = false;
int r;
@@ -335,7 +335,7 @@
return l;
}
-char **path_strv_resolve_uniq(char **l, const char *root) {
+char** path_strv_resolve_uniq(char **l, const char *root) {
if (strv_isempty(l))
return l;
@@ -346,7 +346,7 @@
return strv_uniq(l);
}
-char *path_simplify_full(char *path, PathSimplifyFlags flags) {
+char* path_simplify_full(char *path, PathSimplifyFlags flags) {
bool add_slash = false, keep_trailing_slash;
char *f = ASSERT_PTR(path);
int r;
@@ -399,7 +399,7 @@
return path;
}
-char *path_startswith_full(const char *path, const char *prefix, bool accept_dot_dot) {
+char* path_startswith_full(const char *path, const char *prefix, bool accept_dot_dot) {
assert(path);
assert(prefix);
@@ -808,7 +808,7 @@
return executable_is_good(checker);
}
-static const char *skip_slash_or_dot(const char *p) {
+static const char* skip_slash_or_dot(const char *p) {
for (; !isempty(p); p++) {
if (*p == '/')
continue;
@@ -892,7 +892,7 @@
return len;
}
-static const char *skip_slash_or_dot_backward(const char *path, const char *q) {
+static const char* skip_slash_or_dot_backward(const char *path, const char *q) {
assert(path);
assert(!q || q >= path);
@@ -993,7 +993,7 @@
return len;
}
-const char *last_path_component(const char *path) {
+const char* last_path_component(const char *path) {
/* Finds the last component of the path, preserving the optional trailing slash that signifies a directory.
*
@@ -1248,9 +1248,16 @@
bool is_device_path(const char *path) {
/* Returns true for paths that likely refer to a device, either by path in sysfs or to something in
- * /dev. */
+ * /dev. This accepts any path that starts with /dev/ or /sys/ and has something after that prefix.
+ * It does not actually resolve the path.
+ *
+ * Examples:
+ * /dev/sda, /dev/sda/foo, /sys/class, /dev/.., /sys/.., /./dev/foo → yes.
+ * /../dev/sda, /dev, /sys, /usr/path, /usr/../dev/sda → no.
+ */
- return PATH_STARTSWITH_SET(path, "/dev/", "/sys/");
+ const char *p = PATH_STARTSWITH_SET(ASSERT_PTR(path), "/dev/", "/sys/");
+ return !isempty(p);
}
bool valid_device_node_path(const char *path) {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/path-util.h systemd-252.19/src/basic/path-util.h
--- systemd-252.17/src/basic/path-util.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/path-util.h 2023-11-10 00:22:41.000000000 +0000
@@ -62,7 +62,7 @@
int path_make_absolute_cwd(const char *p, char **ret);
int path_make_relative(const char *from, const char *to, char **ret);
int path_make_relative_parent(const char *from_child, const char *to, char **ret);
-char *path_startswith_full(const char *path, const char *prefix, bool accept_dot_dot) _pure_;
+char* path_startswith_full(const char *path, const char *prefix, bool accept_dot_dot) _pure_;
static inline char* path_startswith(const char *path, const char *prefix) {
return path_startswith_full(path, prefix, true);
}
@@ -84,7 +84,7 @@
PATH_SIMPLIFY_KEEP_TRAILING_SLASH = 1 << 0,
} PathSimplifyFlags;
-char *path_simplify_full(char *path, PathSimplifyFlags flags);
+char* path_simplify_full(char *path, PathSimplifyFlags flags);
static inline char* path_simplify(char *path) {
return path_simplify_full(path, 0);
}
@@ -162,7 +162,7 @@
int path_find_first_component(const char **p, bool accept_dot_dot, const char **ret);
int path_find_last_component(const char *path, bool accept_dot_dot, const char **next, const char **ret);
-const char *last_path_component(const char *path);
+const char* last_path_component(const char *path);
int path_extract_filename(const char *path, char **ret);
int path_extract_directory(const char *path, char **ret);
@@ -198,7 +198,7 @@
}
bool empty_or_root(const char *path);
-static inline const char *empty_to_root(const char *path) {
+static inline const char* empty_to_root(const char *path) {
return isempty(path) ? "/" : path;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/proc-cmdline.c systemd-252.19/src/basic/proc-cmdline.c
--- systemd-252.17/src/basic/proc-cmdline.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/proc-cmdline.c 2023-11-10 00:22:41.000000000 +0000
@@ -35,8 +35,8 @@
if (detect_container() > 0)
return get_process_cmdline(1, SIZE_MAX, 0, ret);
- else
- return read_one_line_file("/proc/cmdline", ret);
+
+ return read_virtual_file("/proc/cmdline", SIZE_MAX, ret, NULL);
}
static int proc_cmdline_extract_first(const char **p, char **ret_word, ProcCmdlineFlags flags) {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/basic/sort-util.h systemd-252.19/src/basic/sort-util.h
--- systemd-252.17/src/basic/sort-util.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/basic/sort-util.h 2023-11-10 00:22:41.000000000 +0000
@@ -18,7 +18,7 @@
({ \
const typeof((b)[0]) *_k = k; \
int (*_func_)(const typeof((b)[0])*, const typeof((b)[0])*, typeof(userdata)) = func; \
- xbsearch_r((const void*) _k, (b), (n), sizeof((b)[0]), (comparison_userdata_fn_t) _func_, userdata); \
+ (typeof((b)[0])*) xbsearch_r((const void*) _k, (b), (n), sizeof((b)[0]), (comparison_userdata_fn_t) _func_, userdata); \
})
/**
@@ -38,7 +38,7 @@
({ \
const typeof((b)[0]) *_k = k; \
int (*_func_)(const typeof((b)[0])*, const typeof((b)[0])*) = func; \
- bsearch_safe((const void*) _k, (b), (n), sizeof((b)[0]), (comparison_fn_t) _func_); \
+ (typeof((b)[0])*) bsearch_safe((const void*) _k, (b), (n), sizeof((b)[0]), (comparison_fn_t) _func_); \
})
/**
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/boot/efi/boot.c systemd-252.19/src/boot/efi/boot.c
--- systemd-252.17/src/boot/efi/boot.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/boot/efi/boot.c 2023-11-10 00:22:41.000000000 +0000
@@ -1141,7 +1141,7 @@
line[linelen] = '\0';
/* remove leading whitespace */
- while (strchr8(" \t", *line)) {
+ while (linelen > 0 && strchr8(" \t", *line)) {
line++;
linelen--;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/bpf-lsm.c systemd-252.19/src/core/bpf-lsm.c
--- systemd-252.17/src/core/bpf-lsm.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/bpf-lsm.c 2023-11-10 00:22:41.000000000 +0000
@@ -263,11 +263,14 @@
if (!u->manager->restrict_fs)
return 0;
+ if (u->cgroup_id == 0)
+ return 0;
+
int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
if (fd < 0)
return log_unit_error_errno(u, errno, "bpf-lsm: Failed to get BPF map fd: %m");
- if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0)
+ if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0 && errno != ENOENT)
return log_unit_debug_errno(u, errno, "bpf-lsm: Failed to delete cgroup entry from LSM BPF map: %m");
return 0;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/cgroup.c systemd-252.19/src/core/cgroup.c
--- systemd-252.17/src/core/cgroup.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/cgroup.c 2023-11-10 00:22:41.000000000 +0000
@@ -588,16 +588,14 @@
prefix, bpf_cgroup_attach_type_to_string(p->attach_type), p->bpffs_path);
if (c->socket_bind_allow) {
- fprintf(f, "%sSocketBindAllow:", prefix);
- LIST_FOREACH(socket_bind_items, bi, c->socket_bind_allow)
- cgroup_context_dump_socket_bind_item(bi, f);
+ fprintf(f, "%sSocketBindAllow: ", prefix);
+ cgroup_context_dump_socket_bind_items(c->socket_bind_allow, f);
fputc('\n', f);
}
if (c->socket_bind_deny) {
- fprintf(f, "%sSocketBindDeny:", prefix);
- LIST_FOREACH(socket_bind_items, bi, c->socket_bind_deny)
- cgroup_context_dump_socket_bind_item(bi, f);
+ fprintf(f, "%sSocketBindDeny: ", prefix);
+ cgroup_context_dump_socket_bind_items(c->socket_bind_deny, f);
fputc('\n', f);
}
@@ -620,16 +618,29 @@
}
if (item->nr_ports == 0)
- fprintf(f, " %s%s%s%sany", family, colon1, protocol, colon2);
+ fprintf(f, "%s%s%s%sany", family, colon1, protocol, colon2);
else if (item->nr_ports == 1)
- fprintf(f, " %s%s%s%s%" PRIu16, family, colon1, protocol, colon2, item->port_min);
+ fprintf(f, "%s%s%s%s%" PRIu16, family, colon1, protocol, colon2, item->port_min);
else {
uint16_t port_max = item->port_min + item->nr_ports - 1;
- fprintf(f, " %s%s%s%s%" PRIu16 "-%" PRIu16, family, colon1, protocol, colon2,
+ fprintf(f, "%s%s%s%s%" PRIu16 "-%" PRIu16, family, colon1, protocol, colon2,
item->port_min, port_max);
}
}
+void cgroup_context_dump_socket_bind_items(const CGroupSocketBindItem *items, FILE *f) {
+ bool first = true;
+
+ LIST_FOREACH(socket_bind_items, bi, items) {
+ if (first)
+ first = false;
+ else
+ fputc(' ', f);
+
+ cgroup_context_dump_socket_bind_item(bi, f);
+ }
+}
+
int cgroup_add_device_allow(CGroupContext *c, const char *dev, const char *mode) {
_cleanup_free_ CGroupDeviceAllow *a = NULL;
_cleanup_free_ char *d = NULL;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/cgroup.h systemd-252.19/src/core/cgroup.h
--- systemd-252.17/src/core/cgroup.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/cgroup.h 2023-11-10 00:22:41.000000000 +0000
@@ -225,6 +225,7 @@
void cgroup_context_done(CGroupContext *c);
void cgroup_context_dump(Unit *u, FILE* f, const char *prefix);
void cgroup_context_dump_socket_bind_item(const CGroupSocketBindItem *item, FILE *f);
+void cgroup_context_dump_socket_bind_items(const CGroupSocketBindItem *items, FILE *f);
void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/device.c systemd-252.19/src/core/device.c
--- systemd-252.17/src/core/device.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/device.c 2023-11-10 00:22:41.000000000 +0000
@@ -1022,11 +1022,6 @@
goto fail;
}
- /* This will fail if we are unprivileged, but that
- * should not matter much, as user instances won't run
- * during boot. */
- (void) sd_device_monitor_set_receive_buffer_size(m->device_monitor, 128*1024*1024);
-
r = sd_device_monitor_filter_add_match_tag(m->device_monitor, "systemd");
if (r < 0) {
log_error_errno(r, "Failed to add udev tag match: %m");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/execute.c systemd-252.19/src/core/execute.c
--- systemd-252.17/src/core/execute.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/execute.c 2023-11-10 00:22:41.000000000 +0000
@@ -4197,6 +4197,8 @@
log_forget_fds();
log_set_open_when_needed(true);
log_settle_target();
+ if (context->log_level_max >= 0)
+ log_set_max_level(context->log_level_max);
/* In case anything used libc syslog(), close this here, too */
closelog();
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/main.c systemd-252.19/src/core/main.c
--- systemd-252.17/src/core/main.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/main.c 2023-11-10 00:22:41.000000000 +0000
@@ -2086,7 +2086,7 @@
r = read_one_line_file("/etc/machine-id", &id_text);
if (r < 0 || streq(id_text, "uninitialized")) {
if (r < 0 && r != -ENOENT)
- log_warning_errno(r, "Unexpected error while reading /etc/machine-id, ignoring: %m");
+ log_warning_errno(r, "Unexpected error while reading /etc/machine-id, assuming first boot: %m");
first_boot = true;
log_info("Detected first boot.");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/mount.c systemd-252.19/src/core/mount.c
--- systemd-252.17/src/core/mount.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/mount.c 2023-11-10 00:22:41.000000000 +0000
@@ -1098,9 +1098,11 @@
}
if (source_is_dir)
- (void) mkdir_p_label(m->where, m->directory_mode);
+ r = mkdir_p_label(m->where, m->directory_mode);
else
- (void) touch_file(m->where, /* parents = */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, MODE_INVALID);
+ r = touch_file(m->where, /* parents = */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, MODE_INVALID);
+ if (r < 0 && r != -EEXIST)
+ log_unit_warning_errno(UNIT(m), r, "Failed to create mount point '%s', ignoring: %m", m->where);
if (source_is_dir)
unit_warn_if_dir_nonempty(UNIT(m), m->where);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/namespace.c systemd-252.19/src/core/namespace.c
--- systemd-252.17/src/core/namespace.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/namespace.c 2023-11-10 00:22:41.000000000 +0000
@@ -1756,11 +1756,18 @@
r = mkdir_parents_label(dst_abs, 0755);
if (r < 0)
- return r;
+ return log_debug_errno(
+ r,
+ "Failed to create parent directory for symlink '%s': %m",
+ dst_abs);
r = symlink_idempotent(src_abs, dst_abs, true);
if (r < 0)
- return r;
+ return log_debug_errno(
+ r,
+ "Failed to create symlink from '%s' to '%s': %m",
+ src_abs,
+ dst_abs);
}
return 0;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/core/slice.c systemd-252.19/src/core/slice.c
--- systemd-252.17/src/core/slice.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/core/slice.c 2023-11-10 00:22:41.000000000 +0000
@@ -96,6 +96,10 @@
if (r < 0)
return log_unit_error_errno(UNIT(s), r, "Failed to determine parent slice: %m");
+ /* If recursive errors are to be ignored, the parent slice should not be verified */
+ if (UNIT(s)->manager && FLAGS_SET(UNIT(s)->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
+ return 0;
+
if (parent ? !unit_has_name(UNIT_GET_SLICE(UNIT(s)), parent) : !!UNIT_GET_SLICE(UNIT(s)))
return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Located outside of parent slice. Refusing.");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/coredump/coredump.c systemd-252.19/src/coredump/coredump.c
--- systemd-252.17/src/coredump/coredump.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/coredump/coredump.c 2023-11-10 00:22:41.000000000 +0000
@@ -902,10 +902,9 @@
_cleanup_close_ int coredump_fd = -1, coredump_node_fd = -1;
_cleanup_free_ char *filename = NULL, *coredump_data = NULL;
_cleanup_free_ char *stacktrace = NULL;
- char *core_message;
const char *module_name;
uint64_t coredump_size = UINT64_MAX, coredump_compressed_size = UINT64_MAX;
- bool truncated = false;
+ bool truncated = false, written = false;
JsonVariant *module_json;
int r;
@@ -917,60 +916,69 @@
(void) coredump_vacuum(-1, arg_keep_free, arg_max_use);
/* Always stream the coredump to disk, if that's possible */
- r = save_external_coredump(context, input_fd,
- &filename, &coredump_node_fd, &coredump_fd,
- &coredump_size, &coredump_compressed_size, &truncated);
- if (r < 0)
- /* Skip whole core dumping part */
- goto log;
+ written = save_external_coredump(
+ context, input_fd,
+ &filename, &coredump_node_fd, &coredump_fd,
+ &coredump_size, &coredump_compressed_size, &truncated) >= 0;
+ if (written) {
+ /* If we could write it to disk we can now process it. */
+ /* If we don't want to keep the coredump on disk, remove it now, as later on we
+ * will lack the privileges for it. However, we keep the fd to it, so that we can
+ * still process it and log it. */
+ r = maybe_remove_external_coredump(filename, coredump_node_fd >= 0 ? coredump_compressed_size : coredump_size);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ (void) iovw_put_string_field(iovw, "COREDUMP_FILENAME=", filename);
+ else if (arg_storage == COREDUMP_STORAGE_EXTERNAL)
+ log_info("The core will not be stored: size %"PRIu64" is greater than %"PRIu64" (the configured maximum)",
+ coredump_node_fd >= 0 ? coredump_compressed_size : coredump_size, arg_external_size_max);
- /* If we don't want to keep the coredump on disk, remove it now, as later on we
- * will lack the privileges for it. However, we keep the fd to it, so that we can
- * still process it and log it. */
- r = maybe_remove_external_coredump(filename, coredump_node_fd >= 0 ? coredump_compressed_size : coredump_size);
- if (r < 0)
- return r;
- if (r == 0)
- (void) iovw_put_string_field(iovw, "COREDUMP_FILENAME=", filename);
- else if (arg_storage == COREDUMP_STORAGE_EXTERNAL)
- log_info("The core will not be stored: size %"PRIu64" is greater than %"PRIu64" (the configured maximum)",
- coredump_node_fd >= 0 ? coredump_compressed_size : coredump_size, arg_external_size_max);
-
- /* Vacuum again, but exclude the coredump we just created */
- (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, arg_keep_free, arg_max_use);
-
- /* Now, let's drop privileges to become the user who owns the segfaulted process
- * and allocate the coredump memory under the user's uid. This also ensures that
- * the credentials journald will see are the ones of the coredumping user, thus
- * making sure the user gets access to the core dump. Let's also get rid of all
- * capabilities, if we run as root, we won't need them anymore. */
+ /* Vacuum again, but exclude the coredump we just created */
+ (void) coredump_vacuum(coredump_node_fd >= 0 ? coredump_node_fd : coredump_fd, arg_keep_free, arg_max_use);
+ }
+
+ /* Now, let's drop privileges to become the user who owns the segfaulted process and allocate the
+ * coredump memory under the user's uid. This also ensures that the credentials journald will see are
+ * the ones of the coredumping user, thus making sure the user gets access to the core dump. Let's
+ * also get rid of all capabilities, if we run as root, we won't need them anymore. */
r = change_uid_gid(context);
if (r < 0)
return log_error_errno(r, "Failed to drop privileges: %m");
- /* Try to get a stack trace if we can */
- if (coredump_size > arg_process_size_max)
- log_debug("Not generating stack trace: core size %"PRIu64" is greater "
- "than %"PRIu64" (the configured maximum)",
- coredump_size, arg_process_size_max);
- else if (coredump_fd >= 0) {
- bool skip = startswith(context->meta[META_COMM], "systemd-coredum"); /* COMM is 16 bytes usually */
-
- (void) parse_elf_object(coredump_fd,
- context->meta[META_EXE],
- /* fork_disable_dump= */ skip, /* avoid loops */
- &stacktrace,
- &json_metadata);
+ if (written) {
+ /* Try to get a stack trace if we can */
+ if (coredump_size > arg_process_size_max)
+ log_debug("Not generating stack trace: core size %"PRIu64" is greater "
+ "than %"PRIu64" (the configured maximum)",
+ coredump_size, arg_process_size_max);
+ else if (coredump_fd >= 0) {
+ bool skip = startswith(context->meta[META_COMM], "systemd-coredum"); /* COMM is 16 bytes usually */
+
+ (void) parse_elf_object(coredump_fd,
+ context->meta[META_EXE],
+ /* fork_disable_dump= */ skip, /* avoid loops */
+ &stacktrace,
+ &json_metadata);
+ }
}
-log:
- core_message = strjoina("Process ", context->meta[META_ARGV_PID],
- " (", context->meta[META_COMM], ") of user ",
- context->meta[META_ARGV_UID], " dumped core.",
- context->is_journald && filename ? "\nCoredump diverted to " : NULL,
- context->is_journald && filename ? filename : NULL);
-
- core_message = strjoina(core_message, stacktrace ? "\n\n" : NULL, stacktrace);
+ _cleanup_free_ char *core_message = NULL;
+ core_message = strjoin(
+ "Process ", context->meta[META_ARGV_PID],
+ " (", context->meta[META_COMM],
+ ") of user ", context->meta[META_ARGV_UID],
+ written ? " dumped core." : " terminated abnormally without generating a coredump.");
+ if (!core_message)
+ return log_oom();
+
+ if (context->is_journald && filename)
+ if (!strextend(&core_message, "\nCoredump diverted to ", filename))
+ return log_oom();
+
+ if (stacktrace)
+ if (!strextend(&core_message, "\n\n", stacktrace))
+ return log_oom();
if (context->is_journald)
/* We might not be able to log to the journal, so let's always print the message to another
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/coredump/coredumpctl.c systemd-252.19/src/coredump/coredumpctl.c
--- systemd-252.17/src/coredump/coredumpctl.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/coredump/coredumpctl.c 2023-11-10 00:22:41.000000000 +0000
@@ -1141,10 +1141,24 @@
return 0;
}
+static void sigterm_handler(int signal, siginfo_t *info, void *ucontext) {
+ assert(signal == SIGTERM);
+ assert(info);
+
+ /* If the sender is not us, propagate the signal to all processes in
+ * the same process group */
+ if (pid_is_valid(info->si_pid) && info->si_pid != getpid_cached())
+ (void) kill(0, signal);
+}
+
static int run_debug(int argc, char **argv, void *userdata) {
_cleanup_(sd_journal_closep) sd_journal *j = NULL;
_cleanup_free_ char *exe = NULL, *path = NULL;
_cleanup_strv_free_ char **debugger_call = NULL;
+ struct sigaction sa = {
+ .sa_sigaction = sigterm_handler,
+ .sa_flags = SA_SIGINFO,
+ };
bool unlink_path = false;
const char *data, *fork_name;
size_t len;
@@ -1238,6 +1252,7 @@
/* Don't interfere with gdb and its handling of SIGINT. */
(void) ignore_signals(SIGINT);
+ (void) sigaction(SIGTERM, &sa, NULL);
fork_name = strjoina("(", debugger_call[0], ")");
@@ -1254,7 +1269,7 @@
r = wait_for_terminate_and_check(debugger_call[0], pid, WAIT_LOG_ABNORMAL);
finish:
- (void) default_signals(SIGINT);
+ (void) default_signals(SIGINT, SIGTERM);
if (unlink_path) {
log_debug("Removed temporary file %s", path);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/cryptenroll/cryptenroll-tpm2.c systemd-252.19/src/cryptenroll/cryptenroll-tpm2.c
--- systemd-252.17/src/cryptenroll/cryptenroll-tpm2.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/cryptenroll/cryptenroll-tpm2.c 2023-11-10 00:22:41.000000000 +0000
@@ -62,9 +62,9 @@
}
static int get_pin(char **ret_pin_str, TPM2Flags *ret_flags) {
- _cleanup_free_ char *pin_str = NULL;
- int r;
+ _cleanup_(erase_and_freep) char *pin_str = NULL;
TPM2Flags flags = 0;
+ int r;
assert(ret_pin_str);
assert(ret_flags);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/cryptsetup/cryptsetup.c systemd-252.19/src/cryptsetup/cryptsetup.c
--- systemd-252.17/src/cryptsetup/cryptsetup.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/cryptsetup/cryptsetup.c 2023-11-10 00:22:41.000000000 +0000
@@ -800,31 +800,37 @@
if (key_data) {
params.passphrase = key_data;
params.passphrase_size = key_data_size;
+ r = crypt_load(cd, CRYPT_TCRYPT, ¶ms);
+ } else if (key_file) {
+ r = read_one_line_file(key_file, &passphrase);
+ if (r < 0) {
+ log_error_errno(r, "Failed to read password file '%s': %m", key_file);
+ return -EAGAIN; /* log with the actual error, but return EAGAIN */
+ }
+ params.passphrase = passphrase;
+ params.passphrase_size = strlen(passphrase);
+ r = crypt_load(cd, CRYPT_TCRYPT, ¶ms);
} else {
- if (key_file) {
- r = read_one_line_file(key_file, &passphrase);
- if (r < 0) {
- log_error_errno(r, "Failed to read password file '%s': %m", key_file);
- return -EAGAIN; /* log with the actual error, but return EAGAIN */
- }
-
- params.passphrase = passphrase;
- } else
- params.passphrase = passwords[0];
-
- params.passphrase_size = strlen(params.passphrase);
+ r = -EINVAL;
+ STRV_FOREACH(p, passwords){
+ params.passphrase = *p;
+ params.passphrase_size = strlen(*p);
+ r = crypt_load(cd, CRYPT_TCRYPT, ¶ms);
+ if (r >= 0)
+ break;
+ }
}
- r = crypt_load(cd, CRYPT_TCRYPT, ¶ms);
if (r < 0) {
if (r == -EPERM) {
if (key_data)
log_error_errno(r, "Failed to activate using discovered key. (Key not correct?)");
-
- if (key_file)
+ else if (key_file)
log_error_errno(r, "Failed to activate using password file '%s'. (Key data not correct?)", key_file);
+ else
+ log_error_errno(r, "Failed to activate using supplied passwords.");
- return -EAGAIN; /* log the actual error, but return EAGAIN */
+ return r;
}
return log_error_errno(r, "Failed to load tcrypt superblock on device %s: %m", crypt_get_device_name(cd));
@@ -1197,7 +1203,8 @@
systemd_pkcs11_plugin_params params = {
.friendly_name = friendly_name,
.until = until,
- .headless = headless
+ .headless = headless,
+ .askpw_flags = arg_ask_password_flags,
};
r = crypt_activate_by_token_pin(cd, name, "systemd-pkcs11", CRYPT_ANY_TOKEN, NULL, 0, ¶ms, flags);
@@ -1288,8 +1295,8 @@
if (r < 0)
return r;
- log_notice("Security token %s not present for unlocking volume %s, please plug it in.",
- uri, friendly);
+ log_notice("Security token%s%s not present for unlocking volume %s, please plug it in.",
+ uri ? " " : "", strempty(uri), friendly);
/* Let's immediately rescan in case the token appeared in the time we needed
* to create and configure the monitor */
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c systemd-252.19/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c
--- systemd-252.17/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/cryptsetup/cryptsetup-tokens/luks2-pkcs11.c 2023-11-10 00:22:41.000000000 +0000
@@ -158,6 +158,7 @@
data.friendly_name = params->friendly_name;
data.headless = params->headless;
+ data.askpw_flags = params->askpw_flags;
data.until = params->until;
/* The functions called here log about all errors, except for EAGAIN which means "token not found right now" */
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/cryptsetup/cryptsetup-tpm2.c systemd-252.19/src/cryptsetup/cryptsetup-tpm2.c
--- systemd-252.17/src/cryptsetup/cryptsetup-tpm2.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/cryptsetup/cryptsetup-tpm2.c 2023-11-10 00:22:41.000000000 +0000
@@ -12,7 +12,7 @@
#include "tpm2-util.h"
static int get_pin(usec_t until, AskPasswordFlags ask_password_flags, bool headless, char **ret_pin_str) {
- _cleanup_free_ char *pin_str = NULL;
+ _cleanup_(erase_and_freep) char *pin_str = NULL;
_cleanup_strv_free_erase_ char **pin = NULL;
int r;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/fundamental/macro-fundamental.h systemd-252.19/src/fundamental/macro-fundamental.h
--- systemd-252.17/src/fundamental/macro-fundamental.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/fundamental/macro-fundamental.h 2023-11-10 00:22:41.000000000 +0000
@@ -71,7 +71,7 @@
_noreturn_ void efi_assert(const char *expr, const char *file, unsigned line, const char *function);
#ifdef NDEBUG
- #define assert(expr)
+ #define assert(expr) ({ if (!(expr)) __builtin_unreachable(); })
#define assert_not_reached() __builtin_unreachable()
#else
#define assert(expr) ({ _likely_(expr) ? VOID_0 : efi_assert(#expr, __FILE__, __LINE__, __PRETTY_FUNCTION__); })
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/journal/journald-server.c systemd-252.19/src/journal/journald-server.c
--- systemd-252.17/src/journal/journald-server.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/journal/journald-server.c 2023-11-10 00:22:41.000000000 +0000
@@ -372,8 +372,17 @@
fn = strjoina(s->runtime_storage.path, "/system.journal");
- if (s->system_journal && !relinquish_requested) {
+ if (!s->system_journal || relinquish_requested) {
+ /* OK, we really need the runtime journal, so create it if necessary. */
+ (void) mkdir_parents(s->runtime_storage.path, 0755);
+ (void) mkdir(s->runtime_storage.path, 0750);
+
+ r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_storage.metrics, &s->runtime_journal);
+ if (r < 0)
+ return log_error_errno(r, "Failed to open runtime journal: %m");
+
+ } else if (!flushed_flag_is_set(s)) {
/* Try to open the runtime journal, but only
* if it already exists, so that we can flush
* it into the system journal */
@@ -385,17 +394,6 @@
r = 0;
}
-
- } else {
-
- /* OK, we really need the runtime journal, so create it if necessary. */
-
- (void) mkdir_parents(s->runtime_storage.path, 0755);
- (void) mkdir(s->runtime_storage.path, 0750);
-
- r = open_journal(s, true, fn, O_RDWR|O_CREAT, false, &s->runtime_storage.metrics, &s->runtime_journal);
- if (r < 0)
- return log_error_errno(r, "Failed to open runtime journal: %m");
}
if (s->runtime_journal) {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/journal-remote/journal-remote-main.c systemd-252.19/src/journal-remote/journal-remote-main.c
--- systemd-252.17/src/journal-remote/journal-remote-main.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/journal-remote/journal-remote-main.c 2023-11-10 00:22:41.000000000 +0000
@@ -18,6 +18,7 @@
#include "pretty-print.h"
#include "process-util.h"
#include "rlimit-util.h"
+#include "sigbus.h"
#include "signal-util.h"
#include "socket-netlink.h"
#include "socket-util.h"
@@ -1113,6 +1114,8 @@
/* The journal merging logic potentially needs a lot of fds. */
(void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE);
+ sigbus_install();
+
r = parse_config();
if (r < 0)
return r;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd/sd-device/device-monitor.c systemd-252.19/src/libsystemd/sd-device/device-monitor.c
--- systemd-252.17/src/libsystemd/sd-device/device-monitor.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd/sd-device/device-monitor.c 2023-11-10 00:22:41.000000000 +0000
@@ -215,6 +215,15 @@
}
}
+ /* Let's bump the receive buffer size, but only if we are not called via socket activation, as in
+ * that case the service manager sets the receive buffer size for us, and the value in the .socket
+ * unit should take full effect. */
+ if (fd < 0) {
+ r = sd_device_monitor_set_receive_buffer_size(m, 128*1024*1024);
+ if (r < 0)
+ log_monitor_errno(m, r, "Failed to increase receive buffer size, ignoring: %m");
+ }
+
*ret = TAKE_PTR(m);
return 0;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd/sd-journal/journal-verify.c systemd-252.19/src/libsystemd/sd-journal/journal-verify.c
--- systemd-252.17/src/libsystemd/sd-journal/journal-verify.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd/sd-journal/journal-verify.c 2023-11-10 00:22:41.000000000 +0000
@@ -820,6 +820,7 @@
uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0;
uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0;
+ usec_t min_entry_realtime = USEC_INFINITY, max_entry_realtime = 0;
sd_id128_t entry_boot_id = {}; /* Unnecessary initialization to appease gcc */
bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false;
uint64_t n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0;
@@ -1071,6 +1072,9 @@
entry_realtime = le64toh(o->entry.realtime);
entry_realtime_set = true;
+ max_entry_realtime = MAX(max_entry_realtime, le64toh(o->entry.realtime));
+ min_entry_realtime = MIN(min_entry_realtime, le64toh(o->entry.realtime));
+
n_entries++;
break;
@@ -1136,12 +1140,13 @@
#if HAVE_GCRYPT
if (JOURNAL_HEADER_SEALED(f->header)) {
- uint64_t q, rt;
+ uint64_t q, rt, rt_end;
debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum));
rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec;
- if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) {
+ rt_end = usec_add(rt, f->fss_interval_usec);
+ if (entry_realtime_set && entry_realtime >= rt_end) {
error(p,
"tag/entry realtime timestamp out of synchronization (%"PRIu64" >= %"PRIu64")",
entry_realtime,
@@ -1149,6 +1154,23 @@
r = -EBADMSG;
goto fail;
}
+ if (max_entry_realtime >= rt_end) {
+ error(p,
+ "Entry realtime (%"PRIu64", %s) is too late with respect to tag (%"PRIu64", %s)",
+ max_entry_realtime, FORMAT_TIMESTAMP(max_entry_realtime),
+ rt_end, FORMAT_TIMESTAMP(rt_end));
+ r = -EBADMSG;
+ goto fail;
+ }
+ if (min_entry_realtime < rt) {
+ error(p,
+ "Entry realtime (%"PRIu64", %s) is too early with respect to tag (%"PRIu64", %s)",
+ min_entry_realtime, FORMAT_TIMESTAMP(min_entry_realtime),
+ rt, FORMAT_TIMESTAMP(rt));
+ r = -EBADMSG;
+ goto fail;
+ }
+ min_entry_realtime = USEC_INFINITY;
/* OK, now we know the epoch. So let's now set
* it, and calculate the HMAC for everything
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd/sd-netlink/netlink-message-nfnl.c systemd-252.19/src/libsystemd/sd-netlink/netlink-message-nfnl.c
--- systemd-252.17/src/libsystemd/sd-netlink/netlink-message-nfnl.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd/sd-netlink/netlink-message-nfnl.c 2023-11-10 00:22:41.000000000 +0000
@@ -150,9 +150,9 @@
if (serials)
serials[i] = message_get_serial(messages[i]);
- /* It seems that the kernel accepts an arbitrary number. Let's set the serial of the
- * first message. */
- nfnl_message_set_res_id(messages[i], message_get_serial(batch_begin));
+ /* It seems that the kernel accepts an arbitrary number. Let's set the lower 16 bits of the
+ * serial of the first message. */
+ nfnl_message_set_res_id(messages[i], (uint16_t) (message_get_serial(batch_begin) & UINT16_MAX));
iovs[c++] = IOVEC_MAKE(messages[i]->hdr, messages[i]->hdr->nlmsg_len);
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd-network/fuzz-dhcp6-client.c systemd-252.19/src/libsystemd-network/fuzz-dhcp6-client.c
--- systemd-252.17/src/libsystemd-network/fuzz-dhcp6-client.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd-network/fuzz-dhcp6-client.c 2023-11-10 00:22:41.000000000 +0000
@@ -73,6 +73,9 @@
struct in6_addr hint = { { { 0x3f, 0xfe, 0x05, 0x01, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } } };
static const char *v1_data = "hogehoge", *v2_data = "foobar";
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
+ log_set_max_level(LOG_CRIT);
+
if (outside_size_range(size, 0, 65536))
return 0;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd-network/fuzz-dhcp-client.c systemd-252.19/src/libsystemd-network/fuzz-dhcp-client.c
--- systemd-252.17/src/libsystemd-network/fuzz-dhcp-client.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd-network/fuzz-dhcp-client.c 2023-11-10 00:22:41.000000000 +0000
@@ -4,11 +4,10 @@
#include <sys/socket.h>
#include <unistd.h>
+#include "sd-dhcp-client.c"
+
#include "alloc-util.h"
#include "fuzz.h"
-#include "sd-event.h"
-
-#include "sd-dhcp-client.c"
int dhcp_network_bind_raw_socket(
int ifindex,
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd-network/fuzz-dhcp-server.c systemd-252.19/src/libsystemd-network/fuzz-dhcp-server.c
--- systemd-252.17/src/libsystemd-network/fuzz-dhcp-server.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd-network/fuzz-dhcp-server.c 2023-11-10 00:22:41.000000000 +0000
@@ -4,10 +4,10 @@
#include <sys/stat.h>
#include <sys/types.h>
-#include "fuzz.h"
-
#include "sd-dhcp-server.c"
+#include "fuzz.h"
+
/* stub out network so that the server doesn't send */
ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) {
return len;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd-network/fuzz-dhcp-server-relay.c systemd-252.19/src/libsystemd-network/fuzz-dhcp-server-relay.c
--- systemd-252.17/src/libsystemd-network/fuzz-dhcp-server-relay.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd-network/fuzz-dhcp-server-relay.c 2023-11-10 00:22:41.000000000 +0000
@@ -4,10 +4,10 @@
#include <sys/stat.h>
#include <sys/types.h>
-#include "fuzz.h"
-
#include "sd-dhcp-server.c"
+#include "fuzz.h"
+
ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) {
return len;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/libsystemd-network/sd-dhcp-server.c systemd-252.19/src/libsystemd-network/sd-dhcp-server.c
--- systemd-252.17/src/libsystemd-network/sd-dhcp-server.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/libsystemd-network/sd-dhcp-server.c 2023-11-10 00:22:41.000000000 +0000
@@ -112,7 +112,8 @@
}
int sd_dhcp_server_is_running(sd_dhcp_server *server) {
- assert_return(server, false);
+ if (!server)
+ return false;
return !!server->receive_message;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/login/logind-seat.c systemd-252.19/src/login/logind-seat.c
--- systemd-252.17/src/login/logind-seat.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/login/logind-seat.c 2023-11-10 00:22:41.000000000 +0000
@@ -228,8 +228,20 @@
assert(s);
assert(!session || session->seat == s);
- if (session == s->active)
+ /* When logind receives the SIGRTMIN signal from the kernel, it will
+ * execute session_leave_vt and stop all devices of the session; at
+ * this time, if the session is active and there is no change in the
+ * session, then the session does not have the permissions of the device,
+ * and the machine will have a black screen and suspended animation.
+ * Therefore, if the active session has executed session_leave_vt ,
+ * A resume is required here. */
+ if (session == s->active) {
+ if (session) {
+ log_debug("Active session remains unchanged, resuming session devices.");
+ session_device_resume_all(session);
+ }
return 0;
+ }
old_active = s->active;
s->active = session;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/machine/machinectl.c systemd-252.19/src/machine/machinectl.c
--- systemd-252.17/src/machine/machinectl.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/machine/machinectl.c 2023-11-10 00:22:41.000000000 +0000
@@ -472,7 +472,7 @@
if (shift == 0) /* Don't show trivial mappings */
return 0;
- printf(" UID Shift: %" PRIu32 "\n", shift);
+ printf(" UID Shift: %" PRIu32 "\n", shift);
return 0;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/network/networkctl.c systemd-252.19/src/network/networkctl.c
--- systemd-252.17/src/network/networkctl.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/network/networkctl.c 2023-11-10 00:22:41.000000000 +0000
@@ -51,6 +51,7 @@
#include "parse-util.h"
#include "pretty-print.h"
#include "set.h"
+#include "sigbus.h"
#include "socket-netlink.h"
#include "socket-util.h"
#include "sort-util.h"
@@ -2942,6 +2943,8 @@
log_setup();
+ sigbus_install();
+
r = parse_argv(argc, argv);
if (r <= 0)
return r;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/network/networkd-json.c systemd-252.19/src/network/networkd-json.c
--- systemd-252.17/src/network/networkd-json.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/network/networkd-json.c 2023-11-10 00:22:41.000000000 +0000
@@ -849,8 +849,7 @@
elements + n);
if (r < 0)
goto finalize;
- if (r > 0)
- n++;
+ n++;
}
r = json_build(ret, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("SIP", JSON_BUILD_VARIANT_ARRAY(elements, n))));
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/network/networkd-link-bus.c systemd-252.19/src/network/networkd-link-bus.c
--- systemd-252.17/src/network/networkd-link-bus.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/network/networkd-link-bus.c 2023-11-10 00:22:41.000000000 +0000
@@ -599,7 +599,7 @@
if (r == 0)
return 1; /* Polkit will call us back */
- if (l->dhcp_server) {
+ if (sd_dhcp_server_is_running(l->dhcp_server)) {
r = sd_dhcp_server_forcerenew(l->dhcp_server);
if (r < 0)
return r;
@@ -626,11 +626,15 @@
if (r == 0)
return 1; /* Polkit will call us back */
- if (l->dhcp_client) {
+ if (sd_dhcp_client_is_running(l->dhcp_client))
r = sd_dhcp_client_send_renew(l->dhcp_client);
- if (r < 0)
- return r;
- }
+ else
+ /* The DHCPv4 client may have been stopped by the IPv6 only mode. Let's unconditionally
+ * restart the client here. Note, if the DHCPv4 client is disabled, then dhcp4_start() does
+ * nothing and returns 0. */
+ r = dhcp4_start(l);
+ if (r < 0)
+ return r;
return sd_bus_reply_method_return(message, NULL);
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/network/networkd-manager.c systemd-252.19/src/network/networkd-manager.c
--- systemd-252.17/src/network/networkd-manager.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/network/networkd-manager.c 2023-11-10 00:22:41.000000000 +0000
@@ -215,10 +215,6 @@
if (r < 0)
return log_error_errno(r, "Failed to initialize device monitor: %m");
- r = sd_device_monitor_set_receive_buffer_size(m->device_monitor, RCVBUF_SIZE);
- if (r < 0)
- log_warning_errno(r, "Failed to increase buffer size for device monitor, ignoring: %m");
-
r = sd_device_monitor_filter_add_match_subsystem_devtype(m->device_monitor, "net", NULL);
if (r < 0)
return log_error_errno(r, "Could not add device monitor filter for net subsystem: %m");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/network/networkd-sriov.c systemd-252.19/src/network/networkd-sriov.c
--- systemd-252.17/src/network/networkd-sriov.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/network/networkd-sriov.c 2023-11-10 00:22:41.000000000 +0000
@@ -209,7 +209,11 @@
if (!link->dev)
return -ENODEV;
+ /* This may return -EINVAL or -ENODEV, instead of -ENOENT, if the device has been removed or is being
+ * removed. Let's map -EINVAL to -ENODEV, as the caller will ignore -ENODEV. */
r = sd_device_get_sysattr_value(link->dev, "dev_port", &dev_port);
+ if (r == -EINVAL)
+ return -ENODEV;
if (r < 0)
return r;
@@ -242,6 +246,8 @@
return -ENODEV;
r = sd_device_get_sysattr_value(link->dev, "dev_port", &dev_port);
+ if (r == -EINVAL)
+ return -ENODEV;
if (r < 0)
return r;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/nspawn/nspawn.c systemd-252.19/src/nspawn/nspawn.c
--- systemd-252.17/src/nspawn/nspawn.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/nspawn/nspawn.c 2023-11-10 00:22:41.000000000 +0000
@@ -5637,8 +5637,10 @@
if (arg_pivot_root_new) {
b = path_join(arg_directory, arg_pivot_root_new);
- if (!b)
- return log_oom();
+ if (!b) {
+ r = log_oom();
+ goto finish;
+ }
p = b;
} else
@@ -5656,8 +5658,10 @@
p = path_join(arg_directory, arg_pivot_root_new, "/usr/");
else
p = path_join(arg_directory, "/usr/");
- if (!p)
- return log_oom();
+ if (!p) {
+ r = log_oom();
+ goto finish;
+ }
if (laccess(p, F_OK) < 0) {
r = log_error_errno(SYNTHETIC_ERRNO(EINVAL),
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/partition/repart.c systemd-252.19/src/partition/repart.c
--- systemd-252.17/src/partition/repart.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/partition/repart.c 2023-11-10 00:22:41.000000000 +0000
@@ -1478,10 +1478,10 @@
{ "Partition", "Priority", config_parse_int32, 0, &p->priority },
{ "Partition", "Weight", config_parse_weight, 0, &p->weight },
{ "Partition", "PaddingWeight", config_parse_weight, 0, &p->padding_weight },
- { "Partition", "SizeMinBytes", config_parse_size4096, 1, &p->size_min },
- { "Partition", "SizeMaxBytes", config_parse_size4096, -1, &p->size_max },
- { "Partition", "PaddingMinBytes", config_parse_size4096, 1, &p->padding_min },
- { "Partition", "PaddingMaxBytes", config_parse_size4096, -1, &p->padding_max },
+ { "Partition", "SizeMinBytes", config_parse_size4096, -1, &p->size_min },
+ { "Partition", "SizeMaxBytes", config_parse_size4096, 1, &p->size_max },
+ { "Partition", "PaddingMinBytes", config_parse_size4096, -1, &p->padding_min },
+ { "Partition", "PaddingMaxBytes", config_parse_size4096, 1, &p->padding_max },
{ "Partition", "FactoryReset", config_parse_bool, 0, &p->factory_reset },
{ "Partition", "CopyBlocks", config_parse_copy_blocks, 0, p },
{ "Partition", "Format", config_parse_fstype, 0, &p->format },
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/resolve/resolvectl.c systemd-252.19/src/resolve/resolvectl.c
--- systemd-252.17/src/resolve/resolvectl.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/resolve/resolvectl.c 2023-11-10 00:22:41.000000000 +0000
@@ -1398,8 +1398,6 @@
if (r < 0)
return r;
- strv_sort(*l);
-
return 0;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/resolve/resolved-dns-query.c systemd-252.19/src/resolve/resolved-dns-query.c
--- systemd-252.17/src/resolve/resolved-dns-query.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/resolve/resolved-dns-query.c 2023-11-10 00:22:41.000000000 +0000
@@ -586,7 +586,7 @@
q->state = state;
- (void) manager_monitor_send(q->manager, q->state, q->answer_rcode, q->answer_errno, q->question_idna, q->question_utf8, q->collected_questions, q->answer);
+ (void) manager_monitor_send(q->manager, q->state, q->answer_rcode, q->answer_errno, q->question_idna, q->question_utf8, q->question_bypass, q->collected_questions, q->answer);
dns_query_stop(q);
if (q->complete)
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/resolve/resolved-manager.c systemd-252.19/src/resolve/resolved-manager.c
--- systemd-252.17/src/resolve/resolved-manager.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/resolve/resolved-manager.c 2023-11-10 00:22:41.000000000 +0000
@@ -1068,6 +1068,7 @@
int error,
DnsQuestion *question_idna,
DnsQuestion *question_utf8,
+ DnsPacket *question_bypass,
DnsQuestion *collected_questions,
DnsAnswer *answer) {
@@ -1082,11 +1083,22 @@
if (set_isempty(m->varlink_subscription))
return 0;
- /* Merge both questions format into one */
+ /* Merge all questions into one */
r = dns_question_merge(question_idna, question_utf8, &merged);
if (r < 0)
return log_error_errno(r, "Failed to merge UTF8/IDNA questions: %m");
+ if (question_bypass) {
+ _cleanup_(dns_question_unrefp) DnsQuestion *merged2 = NULL;
+
+ r = dns_question_merge(merged, question_bypass->question, &merged2);
+ if (r < 0)
+ return log_error_errno(r, "Failed to merge UTF8/IDNA questions and DNS packet question: %m");
+
+ dns_question_unref(merged);
+ merged = TAKE_PTR(merged2);
+ }
+
/* Convert the current primary question to JSON */
r = dns_question_to_json(merged, &jquestion);
if (r < 0)
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/resolve/resolved-manager.h systemd-252.19/src/resolve/resolved-manager.h
--- systemd-252.17/src/resolve/resolved-manager.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/resolve/resolved-manager.h 2023-11-10 00:22:41.000000000 +0000
@@ -167,7 +167,7 @@
uint32_t manager_find_mtu(Manager *m);
-int manager_monitor_send(Manager *m, int state, int rcode, int error, DnsQuestion *question_idna, DnsQuestion *question_utf8, DnsQuestion *collected_questions, DnsAnswer *answer);
+int manager_monitor_send(Manager *m, int state, int rcode, int error, DnsQuestion *question_idna, DnsQuestion *question_utf8, DnsPacket *question_bypass, DnsQuestion *collected_questions, DnsAnswer *answer);
int manager_write(Manager *m, int fd, DnsPacket *p);
int manager_send(Manager *m, int fd, int ifindex, int family, const union in_addr_union *destination, uint16_t port, const union in_addr_union *source, DnsPacket *p);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/run/run.c systemd-252.19/src/run/run.c
--- systemd-252.17/src/run/run.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/run/run.c 2023-11-10 00:22:41.000000000 +0000
@@ -636,6 +636,8 @@
static int transient_unit_set_properties(sd_bus_message *m, UnitType t, char **properties) {
int r;
+ assert(m);
+
r = sd_bus_message_append(m, "(sv)", "Description", "s", arg_description);
if (r < 0)
return bus_log_create_error(r);
@@ -646,6 +648,17 @@
return bus_log_create_error(r);
}
+ r = sd_bus_is_bus_client(sd_bus_message_get_bus(m));
+ if (r < 0)
+ return log_error_errno(r, "Can't determine if bus connection is direct or to broker: %m");
+ if (r > 0) {
+ /* Pin the object as least as long as we are around. Note that AddRef (currently) only works
+ * if we talk via the bus though. */
+ r = sd_bus_message_append(m, "(sv)", "AddRef", "b", 1);
+ if (r < 0)
+ return bus_log_create_error(r);
+ }
+
return bus_append_unit_property_assignment_many(m, t, properties);
}
@@ -722,12 +735,6 @@
if (r < 0)
return r;
- if (arg_wait || arg_stdio != ARG_STDIO_NONE) {
- r = sd_bus_message_append(m, "(sv)", "AddRef", "b", 1);
- if (r < 0)
- return bus_log_create_error(r);
- }
-
if (arg_remain_after_exit) {
r = sd_bus_message_append(m, "(sv)", "RemainAfterExit", "b", arg_remain_after_exit);
if (r < 0)
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/copy.c systemd-252.19/src/shared/copy.c
--- systemd-252.17/src/shared/copy.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/copy.c 2023-11-10 00:22:41.000000000 +0000
@@ -610,6 +610,10 @@
* _cleanup_() so that we really delete this, even on failure. */
if (c->dir_fd >= 0) {
+ /* <dir_fd> might be have already been used for reading, so we need to rewind it. */
+ if (lseek(c->dir_fd, 0, SEEK_SET) < 0)
+ log_debug_errno(errno, "Failed to lseek on file descriptor, ignoring: %m");
+
r = rm_rf_children(TAKE_FD(c->dir_fd), REMOVE_PHYSICAL, NULL); /* consumes dir_fd in all cases, even on failure */
if (r < 0)
log_debug_errno(r, "Failed to remove hardlink store (%s) contents, ignoring: %m", c->subdir);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/dissect-image.c systemd-252.19/src/shared/dissect-image.c
--- systemd-252.17/src/shared/dissect-image.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/dissect-image.c 2023-11-10 00:22:41.000000000 +0000
@@ -2061,7 +2061,7 @@
const VeritySettings *verity) {
bool check_signature;
- int r;
+ int r, k;
assert(cd);
assert(name);
@@ -2091,20 +2091,23 @@
if (r >= 0)
return r;
- log_debug("Validation of dm-verity signature failed via the kernel, trying userspace validation instead.");
+ log_debug_errno(r, "Validation of dm-verity signature failed via the kernel, trying userspace validation instead: %m");
#else
log_debug("Activation of verity device with signature requested, but not supported via the kernel by %s due to missing crypt_activate_by_signed_key(), trying userspace validation instead.",
program_invocation_short_name);
+ r = 0; /* Set for the propagation below */
#endif
/* So this didn't work via the kernel, then let's try userspace validation instead. If that
* works we'll try to activate without telling the kernel the signature. */
- r = validate_signature_userspace(verity);
- if (r < 0)
- return r;
- if (r == 0)
- return log_debug_errno(SYNTHETIC_ERRNO(ENOKEY),
+ /* Preferably propagate the original kernel error, so that the fallback logic can work,
+ * as the device-mapper is finicky around concurrent activations of the same volume */
+ k = validate_signature_userspace(verity);
+ if (k < 0)
+ return r < 0 ? r : k;
+ if (k == 0)
+ return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(ENOKEY),
"Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.");
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/exec-util.c systemd-252.19/src/shared/exec-util.c
--- systemd-252.17/src/shared/exec-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/exec-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -12,6 +12,7 @@
#include "env-file.h"
#include "env-util.h"
#include "errno-util.h"
+#include "escape.h"
#include "exec-util.h"
#include "fd-util.h"
#include "fileio.h"
@@ -137,6 +138,14 @@
return log_error_errno(fd, "Failed to open serialization file: %m");
}
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *args = NULL;
+ if (argv)
+ args = quote_command_line(strv_skip(argv, 1), SHELL_ESCAPE_EMPTY);
+
+ log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : "");
+ }
+
r = do_spawn(t, argv, fd, &pid, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID));
if (r <= 0)
continue;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/fdset.c systemd-252.19/src/shared/fdset.c
--- systemd-252.17/src/shared/fdset.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/fdset.c 2023-11-10 00:22:41.000000000 +0000
@@ -51,6 +51,8 @@
void *p;
while ((p = set_steal_first(MAKE_SET(s)))) {
+ int fd = PTR_TO_FD(p);
+
/* Valgrind's fd might have ended up in this set here, due to fdset_new_fill(). We'll ignore
* all failures here, so that the EBADFD that valgrind will return us on close() doesn't
* influence us */
@@ -59,8 +61,14 @@
* which has no effect at all, since they are only duplicates. So don't be surprised about
* these log messages. */
- log_debug("Closing set fd %i", PTR_TO_FD(p));
- (void) close_nointr(PTR_TO_FD(p));
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *path = NULL;
+
+ (void) fd_get_path(fd, &path);
+ log_debug("Closing set fd %i (%s)", fd, strna(path));
+ }
+
+ (void) close_nointr(fd);
}
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/gpt.c systemd-252.19/src/shared/gpt.c
--- systemd-252.17/src/shared/gpt.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/gpt.c 2023-11-10 00:22:41.000000000 +0000
@@ -29,6 +29,8 @@
_GPT_ARCH_SEXTET(ARM64, "arm64"),
_GPT_ARCH_SEXTET(IA64, "ia64"),
_GPT_ARCH_SEXTET(LOONGARCH64, "loongarch64"),
+ _GPT_ARCH_SEXTET(MIPS, "mips"),
+ _GPT_ARCH_SEXTET(MIPS64, "mips64"),
_GPT_ARCH_SEXTET(MIPS_LE, "mips-le"),
_GPT_ARCH_SEXTET(MIPS64_LE, "mips64-le"),
_GPT_ARCH_SEXTET(PARISC, "parisc"),
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/hwdb-util.c systemd-252.19/src/shared/hwdb-util.c
--- systemd-252.17/src/shared/hwdb-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/hwdb-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -193,7 +193,7 @@
for (size_t i = 0;; i++) {
size_t p;
- uint8_t c;
+ char c;
struct trie_node *child;
for (p = 0; (c = trie->strings->buf[node->prefix_off + p]); p++) {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/pkcs11-util.c systemd-252.19/src/shared/pkcs11-util.c
--- systemd-252.17/src/shared/pkcs11-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/pkcs11-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -234,6 +234,7 @@
const char *key_name,
const char *credential_name,
usec_t until,
+ AskPasswordFlags ask_password_flags,
bool headless,
char **ret_used_pin) {
@@ -310,7 +311,7 @@
return log_oom();
/* We never cache PINs, simply because it's fatal if we use wrong PINs, since usually there are only 3 tries */
- r = ask_password_auto(text, icon_name, id, key_name, credential_name, until, 0, &passwords);
+ r = ask_password_auto(text, icon_name, id, key_name, credential_name, until, ask_password_flags, &passwords);
if (r < 0)
return log_error_errno(r, "Failed to query PIN for security token '%s': %m", token_label);
}
@@ -961,6 +962,8 @@
char *pin_used;
X509 *cert;
const char *askpw_friendly_name, *askpw_icon_name;
+ AskPasswordFlags askpw_flags;
+ bool headless;
};
static void pkcs11_acquire_certificate_callback_data_release(struct pkcs11_acquire_certificate_callback_data *data) {
@@ -989,7 +992,19 @@
/* Called for every token matching our URI */
- r = pkcs11_token_login(m, session, slot_id, token_info, data->askpw_friendly_name, data->askpw_icon_name, "pkcs11-pin", "pkcs11-pin", UINT64_MAX, false, &pin_used);
+ r = pkcs11_token_login(
+ m,
+ session,
+ slot_id,
+ token_info,
+ data->askpw_friendly_name,
+ data->askpw_icon_name,
+ "pkcs11-pin",
+ "pkcs11-pin",
+ UINT64_MAX,
+ data->askpw_flags,
+ data->headless,
+ &pin_used);
if (r < 0)
return r;
@@ -1220,6 +1235,7 @@
"pkcs11-pin",
"cryptsetup.pkcs11-pin",
data->until,
+ data->askpw_flags,
data->headless,
NULL);
if (r < 0)
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/pkcs11-util.h systemd-252.19/src/shared/pkcs11-util.h
--- systemd-252.17/src/shared/pkcs11-util.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/pkcs11-util.h 2023-11-10 00:22:41.000000000 +0000
@@ -8,6 +8,7 @@
# include <p11-kit/uri.h>
#endif
+#include "ask-password-api.h"
#include "macro.h"
#include "openssl-util.h"
#include "time-util.h"
@@ -31,7 +32,7 @@
char *pkcs11_token_model(const CK_TOKEN_INFO *token_info);
int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
-int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, bool headless, char **ret_used_pin);
+int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, bool headless, char **ret_used_pin);
int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
#if HAVE_OPENSSL
@@ -59,6 +60,7 @@
size_t decrypted_key_size;
bool free_encrypted_key;
bool headless;
+ AskPasswordFlags askpw_flags;
} pkcs11_crypt_device_callback_data;
void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
@@ -78,6 +80,7 @@
const char *friendly_name;
usec_t until;
bool headless;
+ AskPasswordFlags askpw_flags;
} systemd_pkcs11_plugin_params;
int pkcs11_list_tokens(void);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/rm-rf.h systemd-252.19/src/shared/rm-rf.h
--- systemd-252.17/src/shared/rm-rf.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/rm-rf.h 2023-11-10 00:22:41.000000000 +0000
@@ -24,6 +24,8 @@
int fstatat_flags,
RemoveFlags remove_flags);
+/* Note: directory file descriptors passed to the functions below must be
+ * positioned at the beginning. If the fd was already used for reading, rewind it. */
int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev);
int rm_rf_child(int fd, const char *name, RemoveFlags flags);
int rm_rf(const char *path, RemoveFlags flags);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/tests.c systemd-252.19/src/shared/tests.c
--- systemd-252.17/src/shared/tests.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/tests.c 2023-11-10 00:22:41.000000000 +0000
@@ -125,18 +125,6 @@
log_open();
}
-int log_tests_skipped(const char *message) {
- log_notice("%s: %s, skipping tests.",
- program_invocation_short_name, message);
- return EXIT_TEST_SKIP;
-}
-
-int log_tests_skipped_errno(int r, const char *message) {
- log_notice_errno(r, "%s: %s, skipping tests: %m",
- program_invocation_short_name, message);
- return EXIT_TEST_SKIP;
-}
-
int write_tmpfile(char *pattern, const char *contents) {
_cleanup_close_ int fd = -1;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/shared/tests.h systemd-252.19/src/shared/tests.h
--- systemd-252.17/src/shared/tests.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/shared/tests.h 2023-11-10 00:22:41.000000000 +0000
@@ -27,8 +27,23 @@
const char* get_catalog_dir(void);
bool slow_tests_enabled(void);
void test_setup_logging(int level);
-int log_tests_skipped(const char *message);
-int log_tests_skipped_errno(int r, const char *message);
+
+#define log_tests_skipped(fmt, ...) \
+ ({ \
+ log_notice("%s: " fmt ", skipping tests.", \
+ program_invocation_short_name, \
+ ##__VA_ARGS__); \
+ EXIT_TEST_SKIP; \
+ })
+
+#define log_tests_skipped_errno(error, fmt, ...) \
+ ({ \
+ log_notice_errno(error, \
+ "%s: " fmt ", skipping tests: %m", \
+ program_invocation_short_name, \
+ ##__VA_ARGS__); \
+ EXIT_TEST_SKIP; \
+ })
int write_tmpfile(char *pattern, const char *contents);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/systemctl/systemctl-enable.c systemd-252.19/src/systemctl/systemctl-enable.c
--- systemd-252.17/src/systemctl/systemctl-enable.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/systemctl/systemctl-enable.c 2023-11-10 00:22:41.000000000 +0000
@@ -249,7 +249,7 @@
" \n" /* trick: the space is needed so that the line does not get stripped from output */
"Possible reasons for having this kind of units are:\n"
"%1$s A unit may be statically enabled by being symlinked from another unit's\n"
- " .wants/ or .requires/ directory.\n"
+ " .wants/, .requires/, or .upholds/ directory.\n"
"%1$s A unit's purpose may be to act as a helper for some other unit which has\n"
" a requirement dependency on it.\n"
"%1$s A unit may be started when needed via activation (socket, path, timer,\n"
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/systemctl/systemctl-show.c systemd-252.19/src/systemctl/systemctl-show.c
--- systemd-252.17/src/systemctl/systemctl-show.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/systemctl/systemctl-show.c 2023-11-10 00:22:41.000000000 +0000
@@ -654,7 +654,7 @@
if (i->main_pid > 0)
fputs("; Control PID: ", stdout);
else
- fputs("Cntrl PID: ", stdout); /* if first in column, abbreviated so it fits alignment */
+ fputs(" Cntrl PID: ", stdout); /* if first in column, abbreviated so it fits alignment */
printf(PID_FMT, i->control_pid);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/systemd/sd-gpt.h systemd-252.19/src/systemd/sd-gpt.h
--- systemd-252.17/src/systemd/sd-gpt.h 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/systemd/sd-gpt.h 2023-11-10 00:22:41.000000000 +0000
@@ -29,6 +29,8 @@
#define SD_GPT_ROOT_ARM64 SD_ID128_MAKE(b9,21,b0,45,1d,f0,41,c3,af,44,4c,6f,28,0d,3f,ae)
#define SD_GPT_ROOT_IA64 SD_ID128_MAKE(99,3d,8d,3d,f8,0e,42,25,85,5a,9d,af,8e,d7,ea,97)
#define SD_GPT_ROOT_LOONGARCH64 SD_ID128_MAKE(77,05,58,00,79,2c,4f,94,b3,9a,98,c9,1b,76,2b,b6)
+#define SD_GPT_ROOT_MIPS SD_ID128_MAKE(e9,43,45,44,6e,2c,47,cc,ba,e2,12,d6,de,af,b4,4c)
+#define SD_GPT_ROOT_MIPS64 SD_ID128_MAKE(d1,13,af,76,80,ef,41,b4,bd,b6,0c,ff,4d,3d,4a,25)
#define SD_GPT_ROOT_MIPS_LE SD_ID128_MAKE(37,c5,8c,8a,d9,13,41,56,a2,5f,48,b1,b6,4e,07,f0)
#define SD_GPT_ROOT_MIPS64_LE SD_ID128_MAKE(70,0b,da,43,7a,34,45,07,b1,79,ee,b9,3d,7a,7c,a3)
#define SD_GPT_ROOT_PARISC SD_ID128_MAKE(1a,ac,db,3b,54,44,41,38,bd,9e,e5,c2,23,9b,23,46)
@@ -48,6 +50,8 @@
#define SD_GPT_USR_ARM64 SD_ID128_MAKE(b0,e0,10,50,ee,5f,43,90,94,9a,91,01,b1,71,04,e9)
#define SD_GPT_USR_IA64 SD_ID128_MAKE(43,01,d2,a6,4e,3b,4b,2a,bb,94,9e,0b,2c,42,25,ea)
#define SD_GPT_USR_LOONGARCH64 SD_ID128_MAKE(e6,11,c7,02,57,5c,4c,be,9a,46,43,4f,a0,bf,7e,3f)
+#define SD_GPT_USR_MIPS SD_ID128_MAKE(77,3b,2a,bc,2a,99,43,98,8b,f5,03,ba,ac,40,d0,2b)
+#define SD_GPT_USR_MIPS64 SD_ID128_MAKE(57,e1,39,58,73,31,43,65,8e,6e,35,ee,ee,17,c6,1b)
#define SD_GPT_USR_MIPS_LE SD_ID128_MAKE(0f,48,68,e9,99,52,47,06,97,9f,3e,d3,a4,73,e9,47)
#define SD_GPT_USR_MIPS64_LE SD_ID128_MAKE(c9,7c,1f,32,ba,06,40,b4,9f,22,23,60,61,b0,8a,a8)
#define SD_GPT_USR_PARISC SD_ID128_MAKE(dc,4a,44,80,69,17,42,62,a4,ec,db,93,84,94,9f,25)
@@ -70,6 +74,8 @@
#define SD_GPT_ROOT_ARM64_VERITY SD_ID128_MAKE(df,33,00,ce,d6,9f,4c,92,97,8c,9b,fb,0f,38,d8,20)
#define SD_GPT_ROOT_IA64_VERITY SD_ID128_MAKE(86,ed,10,d5,b6,07,45,bb,89,57,d3,50,f2,3d,05,71)
#define SD_GPT_ROOT_LOONGARCH64_VERITY SD_ID128_MAKE(f3,39,3b,22,e9,af,46,13,a9,48,9d,3b,fb,d0,c5,35)
+#define SD_GPT_ROOT_MIPS_VERITY SD_ID128_MAKE(7a,43,07,99,f7,11,4c,7e,8e,5b,1d,68,5b,d4,86,07)
+#define SD_GPT_ROOT_MIPS64_VERITY SD_ID128_MAKE(57,95,36,f8,6a,33,40,55,a9,5a,df,2d,5e,2c,42,a8)
#define SD_GPT_ROOT_MIPS_LE_VERITY SD_ID128_MAKE(d7,d1,50,d2,2a,04,4a,33,8f,12,16,65,12,05,ff,7b)
#define SD_GPT_ROOT_MIPS64_LE_VERITY SD_ID128_MAKE(16,b4,17,f8,3e,06,4f,57,8d,d2,9b,52,32,f4,1a,a6)
#define SD_GPT_ROOT_PARISC_VERITY SD_ID128_MAKE(d2,12,a4,30,fb,c5,49,f9,a9,83,a7,fe,ef,2b,8d,0e)
@@ -89,6 +95,8 @@
#define SD_GPT_USR_ARM64_VERITY SD_ID128_MAKE(6e,11,a4,e7,fb,ca,4d,ed,b9,e9,e1,a5,12,bb,66,4e)
#define SD_GPT_USR_IA64_VERITY SD_ID128_MAKE(6a,49,1e,03,3b,e7,45,45,8e,38,83,32,0e,0e,a8,80)
#define SD_GPT_USR_LOONGARCH64_VERITY SD_ID128_MAKE(f4,6b,2c,26,59,ae,48,f0,91,06,c5,0e,d4,7f,67,3d)
+#define SD_GPT_USR_MIPS_VERITY SD_ID128_MAKE(6e,5a,1b,c8,d2,23,49,b7,bc,a8,37,a5,fc,ce,b9,96)
+#define SD_GPT_USR_MIPS64_VERITY SD_ID128_MAKE(81,cf,9d,90,74,58,4d,f4,8d,cf,c8,a3,a4,04,f0,9b)
#define SD_GPT_USR_MIPS_LE_VERITY SD_ID128_MAKE(46,b9,8d,8d,b5,5c,4e,8f,aa,b3,37,fc,a7,f8,07,52)
#define SD_GPT_USR_MIPS64_LE_VERITY SD_ID128_MAKE(3c,3d,61,fe,b5,f3,41,4d,bb,71,87,39,a6,94,a4,ef)
#define SD_GPT_USR_PARISC_VERITY SD_ID128_MAKE(58,43,d6,18,ec,37,48,d7,9f,12,ce,a8,e0,87,68,b2)
@@ -110,6 +118,8 @@
#define SD_GPT_ROOT_ARM64_VERITY_SIG SD_ID128_MAKE(6d,b6,9d,e6,29,f4,47,58,a7,a5,96,21,90,f0,0c,e3)
#define SD_GPT_ROOT_IA64_VERITY_SIG SD_ID128_MAKE(e9,8b,36,ee,32,ba,48,82,9b,12,0c,e1,46,55,f4,6a)
#define SD_GPT_ROOT_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(5a,fb,67,eb,ec,c8,4f,85,ae,8e,ac,1e,7c,50,e7,d0)
+#define SD_GPT_ROOT_MIPS_VERITY_SIG SD_ID128_MAKE(bb,a2,10,a2,9c,5d,45,ee,9e,87,ff,2c,cb,d0,02,d0)
+#define SD_GPT_ROOT_MIPS64_VERITY_SIG SD_ID128_MAKE(43,ce,94,d4,0f,3d,49,99,82,50,b9,de,af,d9,8e,6e)
#define SD_GPT_ROOT_MIPS_LE_VERITY_SIG SD_ID128_MAKE(c9,19,cc,1f,44,56,4e,ff,91,8c,f7,5e,94,52,5c,a5)
#define SD_GPT_ROOT_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(90,4e,58,ef,5c,65,4a,31,9c,57,6a,f5,fc,7c,5d,e7)
#define SD_GPT_ROOT_PARISC_VERITY_SIG SD_ID128_MAKE(15,de,61,70,65,d3,43,1c,91,6e,b0,dc,d8,39,3f,25)
@@ -129,6 +139,8 @@
#define SD_GPT_USR_ARM64_VERITY_SIG SD_ID128_MAKE(c2,3c,e4,ff,44,bd,4b,00,b2,d4,b4,1b,34,19,e0,2a)
#define SD_GPT_USR_IA64_VERITY_SIG SD_ID128_MAKE(8d,e5,8b,c2,2a,43,46,0d,b1,4e,a7,6e,4a,17,b4,7f)
#define SD_GPT_USR_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(b0,24,f3,15,d3,30,44,4c,84,61,44,bb,de,52,4e,99)
+#define SD_GPT_USR_MIPS_VERITY_SIG SD_ID128_MAKE(97,ae,15,8d,f2,16,49,7b,80,57,f7,f9,05,77,0f,54)
+#define SD_GPT_USR_MIPS64_VERITY_SIG SD_ID128_MAKE(05,81,6c,e2,dd,40,4a,c6,a6,1d,37,d3,2d,c1,ba,7d)
#define SD_GPT_USR_MIPS_LE_VERITY_SIG SD_ID128_MAKE(3e,23,ca,0b,a4,bc,4b,4e,80,87,5a,b6,a2,6a,a8,a9)
#define SD_GPT_USR_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(f2,c2,c7,ee,ad,cc,43,51,b5,c6,ee,98,16,b6,6e,16)
#define SD_GPT_USR_PARISC_VERITY_SIG SD_ID128_MAKE(45,0d,d7,d1,32,24,45,ec,9c,f2,a4,3a,34,6d,71,ee)
@@ -216,6 +228,21 @@
# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_LOONGARCH64_VERITY
# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_LOONGARCH64_VERITY_SIG
+#elif defined(__mips__) && !defined(__mips64) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_MIPS
+# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_MIPS_VERITY
+# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_MIPS_VERITY_SIG
+# define SD_GPT_USR_NATIVE SD_GPT_USR_MIPS
+# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_MIPS_VERITY
+# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_MIPS_VERITY_SIG
+#elif defined(__mips64) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_MIPS64
+# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_MIPS64_VERITY
+# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_MIPS64_VERITY_SIG
+# define SD_GPT_USR_NATIVE SD_GPT_USR_MIPS64
+# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_MIPS64_VERITY
+# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_MIPS64_VERITY_SIG
+
#elif defined(__mips__) && !defined(__mips64) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_MIPS_LE
# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_MIPS_LE_VERITY
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/sysupdate/sysupdate-resource.c systemd-252.19/src/sysupdate/sysupdate-resource.c
--- systemd-252.17/src/sysupdate/sysupdate-resource.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/sysupdate/sysupdate-resource.c 2023-11-10 00:22:41.000000000 +0000
@@ -510,7 +510,12 @@
.metadata.version = (char*) version,
}, *k = &key;
- return typesafe_bsearch(&k, rr->instances, rr->n_instances, instance_cmp);
+ Instance **found;
+ found = typesafe_bsearch(&k, rr->instances, rr->n_instances, instance_cmp);
+ if (!found)
+ return NULL;
+
+ return *found;
}
int resource_resolve_path(
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-blockdev-util.c systemd-252.19/src/test/test-blockdev-util.c
--- systemd-252.17/src/test/test-blockdev-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-blockdev-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -8,12 +8,14 @@
int r;
r = path_is_encrypted(p);
- if (r == -ENOENT || (r < 0 && ERRNO_IS_PRIVILEGE(r)))
+ if (IN_SET(r, -ENOENT, -ELOOP) || (r < 0 && ERRNO_IS_PRIVILEGE(r)))
/* This might fail, if btrfs is used and we run in a container. In that case we cannot
* resolve the device node paths that BTRFS_IOC_DEV_INFO returns, because the device nodes
* are unlikely to exist in the container. But if we can't stat() them we cannot determine
- * the dev_t of them, and thus cannot figure out if they are enrypted. Hence let's just
- * ignore ENOENT here. Also skip the test if we lack privileges. */
+ * the dev_t of them, and thus cannot figure out if they are encrypted. Hence let's just
+ * ignore ENOENT here. Also skip the test if we lack privileges.
+ * ELOOP might happen if the mount point is a symlink, as seen with under
+ * some rpm-ostree distros */
return;
assert_se(r >= 0);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-cgroup.c systemd-252.19/src/test/test-cgroup.c
--- systemd-252.17/src/test/test-cgroup.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-cgroup.c 2023-11-10 00:22:41.000000000 +0000
@@ -61,6 +61,10 @@
log_info("Paths for test:\n%s\n%s", test_a, test_b);
+ /* Possibly clean up left-overs from aboted previous runs */
+ (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_a, /* delete_root= */ true);
+ (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, test_b, /* delete_root= */ true);
+
r = cg_create(SYSTEMD_CGROUP_CONTROLLER, test_a);
if (IN_SET(r, -EPERM, -EACCES, -EROFS)) {
log_info_errno(r, "Skipping %s: %m", __func__);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-chown-rec.c systemd-252.19/src/test/test-chown-rec.c
--- systemd-252.17/src/test/test-chown-rec.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-chown-rec.c 2023-11-10 00:22:41.000000000 +0000
@@ -44,6 +44,7 @@
const char *p;
const uid_t uid = getuid();
const gid_t gid = getgid();
+ int r;
umask(022);
assert_se(mkdtemp_malloc(NULL, &t) >= 0);
@@ -95,7 +96,11 @@
/* We now apply an xattr to the dir, and check it again */
p = strjoina(t, "/dir");
- assert_se(setxattr(p, "system.posix_acl_access", acl, sizeof(acl), 0) >= 0);
+ r = RET_NERRNO(setxattr(p, "system.posix_acl_access", acl, sizeof(acl), 0));
+ if (r < 0 && ERRNO_IS_NOT_SUPPORTED(r))
+ return (void) log_tests_skipped_errno(r, "no acl supported on /tmp");
+
+ assert_se(r >= 0);
assert_se(setxattr(p, "system.posix_acl_default", default_acl, sizeof(default_acl), 0) >= 0);
assert_se(lstat(p, &st) >= 0);
assert_se(S_ISDIR(st.st_mode));
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-compress.c systemd-252.19/src/test/test-compress.c
--- systemd-252.17/src/test/test-compress.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-compress.c 2023-11-10 00:22:41.000000000 +0000
@@ -376,7 +376,6 @@
return 0;
#else
- log_info("/* XZ, LZ4 and ZSTD tests skipped */");
- return EXIT_TEST_SKIP;
+ return log_tests_skipped("no compression algorithm supported");
#endif
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-dev-setup.c systemd-252.19/src/test/test-dev-setup.c
--- systemd-252.17/src/test/test-dev-setup.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-dev-setup.c 2023-11-10 00:22:41.000000000 +0000
@@ -6,6 +6,7 @@
#include "mkdir.h"
#include "path-util.h"
#include "rm-rf.h"
+#include "tests.h"
#include "tmpfile-util.h"
int main(int argc, char *argv[]) {
@@ -14,7 +15,7 @@
struct stat st;
if (have_effective_cap(CAP_DAC_OVERRIDE) <= 0)
- return EXIT_TEST_SKIP;
+ return log_tests_skipped("missing capability (CAP_DAC_OVERRIDE)");
assert_se(mkdtemp_malloc("/tmp/test-dev-setupXXXXXX", &p) >= 0);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-firewall-util.c systemd-252.19/src/test/test-firewall-util.c
--- systemd-252.17/src/test/test-firewall-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-firewall-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -107,7 +107,7 @@
assert_se(ctx);
if (ctx->backend == FW_BACKEND_NONE)
- return EXIT_TEST_SKIP;
+ return log_tests_skipped("no firewall backend supported");
if (test_v4(ctx) && ctx->backend == FW_BACKEND_NFTABLES)
test_v6(ctx);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-loopback.c systemd-252.19/src/test/test-loopback.c
--- systemd-252.17/src/test/test-loopback.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-loopback.c 2023-11-10 00:22:41.000000000 +0000
@@ -13,10 +13,8 @@
int r;
if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) {
- if (ERRNO_IS_PRIVILEGE(errno) || ERRNO_IS_NOT_SUPPORTED(errno)) {
- log_notice("Skipping test, lacking privileges or namespaces not supported");
- return EXIT_TEST_SKIP;
- }
+ if (ERRNO_IS_PRIVILEGE(errno) || ERRNO_IS_NOT_SUPPORTED(errno))
+ return log_tests_skipped("lacking privileges or namespaces not supported");
return log_error_errno(errno, "Failed to create user+network namespace: %m");
}
@@ -25,13 +23,17 @@
return log_error_errno(r, "loopback: %m");
log_info("> ipv6 main");
- system("ip -6 route show table main");
+ /* <0 → fork error, ==0 → success, >0 → error in child */
+ assert_se(system("ip -6 route show table main") >= 0);
+
log_info("> ipv6 local");
- system("ip -6 route show table local");
+ assert_se(system("ip -6 route show table local") >=0);
+
log_info("> ipv4 main");
- system("ip -4 route show table main");
+ assert_se(system("ip -4 route show table main") >= 0);
+
log_info("> ipv4 local");
- system("ip -4 route show table local");
+ assert_se(system("ip -4 route show table local") >= 0);
return EXIT_SUCCESS;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-path-util.c systemd-252.19/src/test/test-path-util.c
--- systemd-252.17/src/test/test-path-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-path-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -27,10 +27,6 @@
assert_se(path_is_absolute("/"));
assert_se(!path_is_absolute("./"));
- assert_se(is_path("/dir"));
- assert_se(is_path("a/b"));
- assert_se(!is_path("."));
-
assert_se(streq(basename("./aa/bb/../file.da."), "file.da."));
assert_se(streq(basename("/aa///.file"), ".file"));
assert_se(streq(basename("/aa///file..."), "file..."));
@@ -54,6 +50,100 @@
assert_se(!path_equal_filename("/b", "/c"));
}
+TEST(is_path) {
+ assert_se(!is_path("foo"));
+ assert_se(!is_path("dos.ext"));
+ assert_se( is_path("/dir"));
+ assert_se( is_path("a/b"));
+ assert_se( is_path("a/b.ext"));
+
+ assert_se(!is_path("."));
+ assert_se(!is_path(""));
+ assert_se(!is_path(".."));
+
+ assert_se( is_path("/dev"));
+ assert_se( is_path("/./dev"));
+ assert_se( is_path("/./dev/."));
+ assert_se( is_path("/./dev."));
+ assert_se( is_path("//dev"));
+ assert_se( is_path("///dev"));
+ assert_se( is_path("/dev/"));
+ assert_se( is_path("///dev/"));
+ assert_se( is_path("/./dev/"));
+ assert_se( is_path("/../dev/"));
+ assert_se( is_path("/dev/sda"));
+ assert_se( is_path("/dev/sda5"));
+ assert_se( is_path("/dev/sda5b3"));
+ assert_se( is_path("/dev/sda5b3/idontexit"));
+ assert_se( is_path("/../dev/sda"));
+ assert_se( is_path("/../../dev/sda5"));
+ assert_se( is_path("/../../../dev/sda5b3"));
+ assert_se( is_path("/.././.././dev/sda5b3/idontexit"));
+ assert_se( is_path("/sys"));
+ assert_se( is_path("/sys/"));
+ assert_se( is_path("/./sys"));
+ assert_se( is_path("/./sys/."));
+ assert_se( is_path("/./sys."));
+ assert_se( is_path("/sys/what"));
+ assert_se( is_path("/sys/something/.."));
+ assert_se( is_path("/sys/something/../"));
+ assert_se( is_path("/sys////"));
+ assert_se( is_path("/sys////."));
+ assert_se( is_path("/sys/.."));
+ assert_se( is_path("/sys/../"));
+ assert_se( is_path("/usr/../dev/sda"));
+}
+
+TEST(is_device_path) {
+ assert_se(!is_device_path("foo"));
+ assert_se(!is_device_path("dos.ext"));
+ assert_se(!is_device_path("/dir"));
+ assert_se(!is_device_path("a/b"));
+ assert_se(!is_device_path("a/b.ext"));
+
+ assert_se(!is_device_path("."));
+ assert_se(!is_device_path(""));
+ assert_se(!is_device_path(".."));
+
+ assert_se(!is_device_path("/dev"));
+ assert_se(!is_device_path("/./dev"));
+ assert_se(!is_device_path("/./dev/."));
+ assert_se(!is_device_path("/./dev."));
+ assert_se( is_device_path("/./dev/foo"));
+ assert_se( is_device_path("/./dev/./foo"));
+ assert_se(!is_device_path("/./dev./foo"));
+ assert_se(!is_device_path("//dev"));
+ assert_se(!is_device_path("///dev"));
+ assert_se(!is_device_path("/dev/"));
+ assert_se(!is_device_path("///dev/"));
+ assert_se(!is_device_path("/./dev/"));
+ assert_se(!is_device_path("/../dev/"));
+ assert_se( is_device_path("/dev/sda"));
+ assert_se( is_device_path("/dev/sda5"));
+ assert_se( is_device_path("/dev/sda5b3"));
+ assert_se( is_device_path("/dev/sda5b3/idontexit"));
+ assert_se(!is_device_path("/../dev/sda"));
+ assert_se(!is_device_path("/../../dev/sda5"));
+ assert_se(!is_device_path("/../../../dev/sda5b3"));
+ assert_se(!is_device_path("/.././.././dev/sda5b3/idontexit"));
+ assert_se(!is_device_path("/sys"));
+ assert_se(!is_device_path("/sys/"));
+ assert_se(!is_device_path("/./sys"));
+ assert_se(!is_device_path("/./sys/."));
+ assert_se(!is_device_path("/./sys."));
+ assert_se( is_device_path("/./sys/foo"));
+ assert_se( is_device_path("/./sys/./foo"));
+ assert_se(!is_device_path("/./sys./foo"));
+ assert_se( is_device_path("/sys/what"));
+ assert_se( is_device_path("/sys/something/.."));
+ assert_se( is_device_path("/sys/something/../"));
+ assert_se(!is_device_path("/sys////"));
+ assert_se(!is_device_path("/sys////."));
+ assert_se( is_device_path("/sys/.."));
+ assert_se( is_device_path("/sys/../"));
+ assert_se(!is_device_path("/usr/../dev/sda"));
+}
+
static void test_path_simplify_one(const char *in, const char *out, PathSimplifyFlags flags) {
char *p;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-process-util.c systemd-252.19/src/test/test-process-util.c
--- systemd-252.17/src/test/test-process-util.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-process-util.c 2023-11-10 00:22:41.000000000 +0000
@@ -773,9 +773,16 @@
assert_se(ERRNO_IS_PRIVILEGE(errno));
full_test = false;
} else {
- assert_se(setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) >= 0);
- assert_se(setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) >= 0);
- full_test = true;
+ /* However, if the hard limit was above 30, setrlimit would succeed unprivileged, so
+ * check if the UID/GID can be changed before enabling the full test. */
+ if (setresgid(GID_NOBODY, GID_NOBODY, GID_NOBODY) < 0) {
+ assert_se(ERRNO_IS_PRIVILEGE(errno));
+ full_test = false;
+ } else if (setresuid(UID_NOBODY, UID_NOBODY, UID_NOBODY) < 0) {
+ assert_se(ERRNO_IS_PRIVILEGE(errno));
+ full_test = false;
+ } else
+ full_test = true;
}
errno = 0;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-recurse-dir.c systemd-252.19/src/test/test-recurse-dir.c
--- systemd-252.17/src/test/test-recurse-dir.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-recurse-dir.c 2023-11-10 00:22:41.000000000 +0000
@@ -2,7 +2,9 @@
#include <ftw.h>
+#include "fd-util.h"
#include "log.h"
+#include "missing_magic.h"
#include "recurse-dir.h"
#include "strv.h"
#include "tests.h"
@@ -26,8 +28,7 @@
break;
case FTW_SL:
- log_debug("ftw found symlink %s", fpath);
- assert_se(strv_extendf(&list_nftw, "%s→", fpath) >= 0);
+ log_debug("ftw found symlink %s, ignoring.", fpath);
break;
case FTW_D:
@@ -71,11 +72,10 @@
case RECURSE_DIR_ENTRY:
assert_se(!IN_SET(de->d_type, DT_UNKNOWN, DT_DIR));
- log_debug("found %s", path);
+ log_debug("found %s%s", path,
+ de->d_type == DT_LNK ? ", ignoring." : "");
- if (de->d_type == DT_LNK)
- assert_se(strv_extendf(l, "%s→", path) >= 0);
- else
+ if (de->d_type != DT_LNK)
assert_se(strv_extend(l, path) >= 0);
break;
@@ -121,7 +121,7 @@
_cleanup_strv_free_ char **list_recurse_dir = NULL;
const char *p;
usec_t t1, t2, t3, t4;
- int r;
+ _cleanup_close_ int fd = -EBADF;
log_show_color(true);
test_setup_logging(LOG_INFO);
@@ -131,15 +131,24 @@
else
p = "/usr/share/man"; /* something hopefully reasonably stable while we run (and limited in size) */
- /* Enumerate the specified dirs in full, once via nftw(), and once via recurse_dir(), and ensure the results are identical */
+ fd = open(p, O_DIRECTORY|O_CLOEXEC);
+ if (fd < 0 && errno == ENOENT)
+ return log_tests_skipped_errno(errno, "Couldn't open directory %s", p);
+ assert_se(fd >= 0);
+
+ /* If the test directory is on an overlayfs then files and their direcory may return different st_dev
+ * in stat results, which confuses nftw into thinking they're on different filesystems
+ * and won't return the result when the FTW_MOUNT flag is set. */
+ if (fd_is_fs_type(fd, OVERLAYFS_SUPER_MAGIC))
+ return log_tests_skipped("nftw mountpoint detection produces false-positives on overlayfs");
+
+ /* Enumerate the specified dirs in full, once via nftw(), and once via recurse_dir(), and ensure the
+ * results are identical. nftw() sometimes skips symlinks (see
+ * https://github.com/systemd/systemd/issues/29603), so ignore them to avoid bogus errors. */
+
t1 = now(CLOCK_MONOTONIC);
- r = recurse_dir_at(AT_FDCWD, p, 0, UINT_MAX, RECURSE_DIR_SORT|RECURSE_DIR_ENSURE_TYPE|RECURSE_DIR_SAME_MOUNT, recurse_dir_callback, &list_recurse_dir);
+ assert_se(recurse_dir(fd, p, 0, UINT_MAX, RECURSE_DIR_SORT|RECURSE_DIR_ENSURE_TYPE|RECURSE_DIR_SAME_MOUNT, recurse_dir_callback, &list_recurse_dir) >= 0);
t2 = now(CLOCK_MONOTONIC);
- if (r == -ENOENT) {
- log_warning_errno(r, "Couldn't open directory %s, ignoring: %m", p);
- return EXIT_TEST_SKIP;
- }
- assert_se(r >= 0);
t3 = now(CLOCK_MONOTONIC);
assert_se(nftw(p, nftw_cb, 64, FTW_PHYS|FTW_MOUNT) >= 0);
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/test/test-socket-bind.c systemd-252.19/src/test/test-socket-bind.c
--- systemd-252.17/src/test/test-socket-bind.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/test/test-socket-bind.c 2023-11-10 00:22:41.000000000 +0000
@@ -49,9 +49,8 @@
return log_unit_error_errno(u, r, "Failed to parse SocketBindAllow: %m");
}
- fprintf(stderr, "SocketBindAllow:");
- LIST_FOREACH(socket_bind_items, bi, cc->socket_bind_allow)
- cgroup_context_dump_socket_bind_item(bi, stderr);
+ fprintf(stderr, "SocketBindAllow: ");
+ cgroup_context_dump_socket_bind_items(cc->socket_bind_allow, stderr);
fputc('\n', stderr);
STRV_FOREACH(rule, deny_rules) {
@@ -62,9 +61,8 @@
return log_unit_error_errno(u, r, "Failed to parse SocketBindDeny: %m");
}
- fprintf(stderr, "SocketBindDeny:");
- LIST_FOREACH(socket_bind_items, bi, cc->socket_bind_deny)
- cgroup_context_dump_socket_bind_item(bi, stderr);
+ fprintf(stderr, "SocketBindDeny: ");
+ cgroup_context_dump_socket_bind_items(cc->socket_bind_deny, stderr);
fputc('\n', stderr);
exec_start = strjoin("-timeout --preserve-status -sSIGTERM 1s ", netcat_path, " -l ", port, " -vv");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/udev/cdrom_id/cdrom_id.c systemd-252.19/src/udev/cdrom_id/cdrom_id.c
--- systemd-252.17/src/udev/cdrom_id/cdrom_id.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/udev/cdrom_id/cdrom_id.c 2023-11-10 00:22:41.000000000 +0000
@@ -817,7 +817,7 @@
}
static void print_feature(Feature feature, const char *prefix) {
- FeatureToString *found, in = {
+ const FeatureToString *found, in = {
.feature = feature,
};
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/udev/udevadm-control.c systemd-252.19/src/udev/udevadm-control.c
--- systemd-252.17/src/udev/udevadm-control.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/udev/udevadm-control.c 2023-11-10 00:22:41.000000000 +0000
@@ -21,6 +21,8 @@
#include "parse-util.h"
#include "process-util.h"
+#include "static-destruct.h"
+#include "strv.h"
#include "syslog-util.h"
#include "time-util.h"
#include "udevadm.h"
@@ -28,6 +30,17 @@
#include "util.h"
#include "virt.h"
+static char **arg_env = NULL;
+static usec_t arg_timeout = 60 * USEC_PER_SEC;
+static bool arg_ping = false;
+static bool arg_reload = false;
+static bool arg_exit = false;
+static int arg_max_children = -1;
+static int arg_log_level = -1;
+static int arg_start_exec_queue = -1;
+
+STATIC_DESTRUCTOR_REGISTER(arg_env, strv_freep);
+
static int help(void) {
printf("%s control OPTION\n\n"
"Control the udev daemon.\n\n"
@@ -47,11 +60,7 @@
return 0;
}
-int control_main(int argc, char *argv[], void *userdata) {
- _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL;
- usec_t timeout = 60 * USEC_PER_SEC;
- int c, r;
-
+static int parse_argv(int argc, char *argv[]) {
enum {
ARG_PING = 0x100,
};
@@ -74,102 +83,78 @@
{}
};
- if (running_in_chroot() > 0) {
- log_info("Running in chroot, ignoring request.");
- return 0;
- }
+ int c, r;
+
+ assert(argc >= 0);
+ assert(argv);
if (argc <= 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"This command expects one or more options.");
- r = udev_ctrl_new(&uctrl);
- if (r < 0)
- return log_error_errno(r, "Failed to initialize udev control: %m");
-
while ((c = getopt_long(argc, argv, "el:sSRp:m:t:Vh", options, NULL)) >= 0)
switch (c) {
+
case 'e':
- r = udev_ctrl_send_exit(uctrl);
- if (r == -ENOANO)
- log_warning("Cannot specify --exit after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send exit request: %m");
+ arg_exit = true;
break;
- case 'l':
- r = log_level_from_string(optarg);
- if (r < 0)
- return log_error_errno(r, "Failed to parse log level '%s': %m", optarg);
- r = udev_ctrl_send_set_log_level(uctrl, r);
- if (r == -ENOANO)
- log_warning("Cannot specify --log-level after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send request to set log level: %m");
+ case 'l':
+ arg_log_level = log_level_from_string(optarg);
+ if (arg_log_level < 0)
+ return log_error_errno(arg_log_level, "Failed to parse log level '%s': %m", optarg);
break;
+
case 's':
- r = udev_ctrl_send_stop_exec_queue(uctrl);
- if (r == -ENOANO)
- log_warning("Cannot specify --stop-exec-queue after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send request to stop exec queue: %m");
+ arg_start_exec_queue = false;
break;
+
case 'S':
- r = udev_ctrl_send_start_exec_queue(uctrl);
- if (r == -ENOANO)
- log_warning("Cannot specify --start-exec-queue after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send request to start exec queue: %m");
+ arg_start_exec_queue = true;
break;
+
case 'R':
- r = udev_ctrl_send_reload(uctrl);
- if (r == -ENOANO)
- log_warning("Cannot specify --reload after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send reload request: %m");
+ arg_reload = true;
break;
+
case 'p':
if (!strchr(optarg, '='))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "expect <KEY>=<value> instead of '%s'", optarg);
- r = udev_ctrl_send_set_env(uctrl, optarg);
- if (r == -ENOANO)
- log_warning("Cannot specify --property after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send request to update environment: %m");
+ r = strv_extend(&arg_env, optarg);
+ if (r < 0)
+ return log_error_errno(r, "Failed to extend environment: %m");
+
break;
+
case 'm': {
unsigned i;
-
r = safe_atou(optarg, &i);
if (r < 0)
return log_error_errno(r, "Failed to parse maximum number of children '%s': %m", optarg);
-
- r = udev_ctrl_send_set_children_max(uctrl, i);
- if (r == -ENOANO)
- log_warning("Cannot specify --children-max after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send request to set number of children: %m");
+ arg_max_children = i;
break;
}
+
case ARG_PING:
- r = udev_ctrl_send_ping(uctrl);
- if (r == -ENOANO)
- log_error("Cannot specify --ping after --exit, ignoring.");
- else if (r < 0)
- return log_error_errno(r, "Failed to send a ping message: %m");
+ arg_ping = true;
break;
+
case 't':
- r = parse_sec(optarg, &timeout);
+ r = parse_sec(optarg, &arg_timeout);
if (r < 0)
return log_error_errno(r, "Failed to parse timeout value '%s': %m", optarg);
break;
+
case 'V':
return print_version();
+
case 'h':
return help();
+
case '?':
return -EINVAL;
+
default:
assert_not_reached();
}
@@ -178,7 +163,76 @@
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Extraneous argument: %s", argv[optind]);
- r = udev_ctrl_wait(uctrl, timeout);
+ return 1;
+}
+
+int control_main(int argc, char *argv[], void *userdata) {
+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL;
+ int r;
+
+ if (running_in_chroot() > 0) {
+ log_info("Running in chroot, ignoring request.");
+ return 0;
+ }
+
+ r = parse_argv(argc, argv);
+ if (r <= 0)
+ return r;
+
+ r = udev_ctrl_new(&uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to initialize udev control: %m");
+
+ if (arg_exit) {
+ r = udev_ctrl_send_exit(uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send exit request: %m");
+ return 0;
+ }
+
+ if (arg_log_level >= 0) {
+ r = udev_ctrl_send_set_log_level(uctrl, arg_log_level);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send request to set log level: %m");
+ }
+
+ if (arg_start_exec_queue == false) {
+ r = udev_ctrl_send_stop_exec_queue(uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send request to stop exec queue: %m");
+ }
+
+ if (arg_start_exec_queue == true) {
+ r = udev_ctrl_send_start_exec_queue(uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send request to start exec queue: %m");
+ }
+
+ if (arg_reload) {
+ r = udev_ctrl_send_reload(uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send reload request: %m");
+ }
+
+ STRV_FOREACH(env, arg_env) {
+ r = udev_ctrl_send_set_env(uctrl, *env);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send request to update environment: %m");
+ }
+
+ if (arg_max_children >= 0) {
+ r = udev_ctrl_send_set_children_max(uctrl, arg_max_children);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send request to set number of children: %m");
+ }
+
+ if (arg_ping) {
+ r = udev_ctrl_send_ping(uctrl);
+ if (r < 0)
+ return log_error_errno(r, "Failed to send a ping message: %m");
+ }
+
+ r = udev_ctrl_wait(uctrl, arg_timeout);
if (r < 0)
return log_error_errno(r, "Failed to wait for daemon to reply: %m");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/udev/udevadm-monitor.c systemd-252.19/src/udev/udevadm-monitor.c
--- systemd-252.17/src/udev/udevadm-monitor.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/udev/udevadm-monitor.c 2023-11-10 00:22:41.000000000 +0000
@@ -68,8 +68,6 @@
if (r < 0)
return log_error_errno(r, "Failed to create netlink socket: %m");
- (void) sd_device_monitor_set_receive_buffer_size(monitor, 128*1024*1024);
-
r = sd_device_monitor_attach_event(monitor, event);
if (r < 0)
return log_error_errno(r, "Failed to attach event: %m");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/udev/udevadm-wait.c systemd-252.19/src/udev/udevadm-wait.c
--- systemd-252.17/src/udev/udevadm-wait.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/udev/udevadm-wait.c 2023-11-10 00:22:41.000000000 +0000
@@ -184,8 +184,6 @@
if (r < 0)
return r;
- (void) sd_device_monitor_set_receive_buffer_size(monitor, 128*1024*1024);
-
r = sd_device_monitor_attach_event(monitor, event);
if (r < 0)
return r;
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/udev/udevd.c systemd-252.19/src/udev/udevd.c
--- systemd-252.17/src/udev/udevd.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/udev/udevd.c 2023-11-10 00:22:41.000000000 +0000
@@ -55,6 +55,7 @@
#include "pretty-print.h"
#include "proc-cmdline.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "socket-util.h"
@@ -2040,6 +2041,9 @@
if (r < 0)
return r;
+ /* Make sure we can have plenty fds (for example for pidfds) */
+ (void) rlimit_nofile_bump(-1);
+
r = RET_NERRNO(mkdir("/run/udev", 0755));
if (r < 0 && r != -EEXIST)
return log_error_errno(r, "Failed to create /run/udev: %m");
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/src/xdg-autostart-generator/xdg-autostart-service.c systemd-252.19/src/xdg-autostart-generator/xdg-autostart-service.c
--- systemd-252.17/src/xdg-autostart-generator/xdg-autostart-service.c 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/src/xdg-autostart-generator/xdg-autostart-service.c 2023-11-10 00:22:41.000000000 +0000
@@ -558,7 +558,10 @@
r = xdg_autostart_format_exec_start(service->exec_string, &exec_start);
if (r < 0) {
- log_warning_errno(r, "%s: not generating unit, error parsing Exec= line: %m", service->path);
+ log_full_errno(r == -ENOENT ? LOG_INFO : LOG_WARNING, r,
+ r == -ENOENT ? "%s: not generating unit, executable specified in Exec= does not exist."
+ : "%s: not generating unit, error parsing Exec= line: %m",
+ service->path);
return 0;
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/sysctl.d/50-pid-max.conf systemd-252.19/sysctl.d/50-pid-max.conf
--- systemd-252.17/sysctl.d/50-pid-max.conf 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/sysctl.d/50-pid-max.conf 2023-11-10 00:22:41.000000000 +0000
@@ -11,6 +11,6 @@
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.
-# Bump the numeric PID range to its maximum of 2^22 (from the in-kernel default
-# of 2^16), to make PID collisions less likely.
+# Bump the numeric PID range to make PID collisions less likely.
+# 2^22 and 2^15 is possible maximum of 64bit and 32bit kernels respectively.
kernel.pid_max = 4194304
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/test-functions systemd-252.19/test/test-functions
--- systemd-252.17/test/test-functions 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/test-functions 2023-11-10 00:22:41.000000000 +0000
@@ -369,7 +369,12 @@
swtpm socket --tpm2 --tpmstate dir="$state_dir" --ctrl type=unixio,path="$state_dir/sock" &
pid=$!
if ! kill -0 "$pid"; then
- echo >&2 "Failed to setup swtpm socket"
+ derror "Failed to start swtpm"
+ return 1
+ fi
+
+ if ! timeout 5 bash -c "until [[ -S $state_dir/sock ]]; do sleep .5; done"; then
+ derror "Failed to setup swtpm socket"
return 1
fi
@@ -532,7 +537,6 @@
kernel_params+=(
"oops=panic"
"panic=1"
- "softlockup_panic=1"
"systemd.wants=end.service"
)
fi
@@ -1031,6 +1035,7 @@
if get_bool "$LOOKS_LIKE_SUSE"; then
instmods ext4
+ instmods af_packet
fi
}
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/test-network/systemd-networkd-tests.py systemd-252.19/test/test-network/systemd-networkd-tests.py
--- systemd-252.17/test/test-network/systemd-networkd-tests.py 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/test-network/systemd-networkd-tests.py 2023-11-10 00:22:41.000000000 +0000
@@ -37,6 +37,7 @@
systemd_lib_paths = ['/usr/lib/systemd', '/lib/systemd']
which_paths = ':'.join(systemd_lib_paths + os.getenv('PATH', os.defpath).lstrip(':').split(':'))
+systemd_source_dir = None
networkd_bin = shutil.which('systemd-networkd', path=which_paths)
resolved_bin = shutil.which('systemd-resolved', path=which_paths)
@@ -47,6 +48,7 @@
resolvectl_bin = shutil.which('resolvectl', path=which_paths)
timedatectl_bin = shutil.which('timedatectl', path=which_paths)
udevadm_bin = shutil.which('udevadm', path=which_paths)
+systemd_udev_rules_build_dir = None
use_valgrind = False
valgrind_cmd = ''
@@ -339,6 +341,20 @@
def clear_networkd_conf_dropins():
rm_rf(networkd_conf_dropin_dir)
+def setup_systemd_udev_rules():
+ if not systemd_udev_rules_build_dir:
+ return
+
+ mkdir_p(udev_rules_dir)
+
+ for path in [systemd_udev_rules_build_dir, os.path.join(systemd_source_dir, "rules.d")]:
+ print(f"Copying udev rules from {path} to {udev_rules_dir}")
+
+ for rule in os.listdir(path):
+ if not rule.endswith(".rules"):
+ continue
+ cp(os.path.join(path, rule), udev_rules_dir)
+
def copy_udev_rule(*rules):
"""Copy udev rules"""
mkdir_p(udev_rules_dir)
@@ -690,6 +706,7 @@
clear_networkd_conf_dropins()
clear_udev_rules()
+ setup_systemd_udev_rules()
copy_udev_rule('00-debug-net.rules')
# Save current state
@@ -5613,6 +5630,7 @@
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--build-dir', help='Path to build dir', dest='build_dir')
+ parser.add_argument('--source-dir', help='Path to source dir/git tree', dest='source_dir')
parser.add_argument('--networkd', help='Path to systemd-networkd', dest='networkd_bin')
parser.add_argument('--resolved', help='Path to systemd-resolved', dest='resolved_bin')
parser.add_argument('--timesyncd', help='Path to systemd-timesyncd', dest='timesyncd_bin')
@@ -5643,6 +5661,7 @@
resolvectl_bin = os.path.join(ns.build_dir, 'resolvectl')
timedatectl_bin = os.path.join(ns.build_dir, 'timedatectl')
udevadm_bin = os.path.join(ns.build_dir, 'udevadm')
+ systemd_udev_rules_build_dir = os.path.join(ns.build_dir, 'rules.d')
else:
if ns.networkd_bin:
networkd_bin = ns.networkd_bin
@@ -5663,6 +5682,13 @@
if ns.udevadm_bin:
udevadm_bin = ns.udevadm_bin
+ if ns.source_dir:
+ systemd_source_dir = ns.source_dir
+ else:
+ systemd_source_dir = os.path.normpath(os.path.join(os.path.dirname(os.path.abspath(__file__)), "../../"))
+ if not os.path.exists(os.path.join(systemd_source_dir, "meson_options.txt")):
+ raise RuntimeError(f"{systemd_source_dir} doesn't appear to be a systemd source tree")
+
use_valgrind = ns.use_valgrind
enable_debug = ns.enable_debug
asan_options = ns.asan_options
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/test-systemd-tmpfiles.py systemd-252.19/test/test-systemd-tmpfiles.py
--- systemd-252.17/test/test-systemd-tmpfiles.py 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/test-systemd-tmpfiles.py 2023-11-10 00:22:41.000000000 +0000
@@ -29,6 +29,14 @@
exe_with_args = sys.argv[1:]
+# If /tmp isn't owned by either 'root' or the current user
+# systemd-tmpfiles will exit with "Detected unsafe path transition"
+# breaking this test
+tmpowner = os.stat("/tmp").st_uid
+if tmpowner != 0 and tmpowner != os.getuid():
+ print("Skip: /tmp is not owned by 'root' or current user")
+ sys.exit(EXIT_TEST_SKIP)
+
def test_line(line, *, user, returncode=EX_DATAERR, extra={}):
args = ['--user'] if user else []
print('Running {} on {!r}'.format(' '.join(exe_with_args + args), line))
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/units/testsuite-45.sh systemd-252.19/test/units/testsuite-45.sh
--- systemd-252.17/test/units/testsuite-45.sh 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/units/testsuite-45.sh 2023-11-10 00:22:41.000000000 +0000
@@ -203,7 +203,14 @@
}
assert_ntp() {
- assert_eq "$(busctl get-property org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 NTP)" "b $1"
+ local value="${1:?}"
+
+ for _ in {0..9}; do
+ [[ "$(busctl get-property org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 NTP)" == "b $value" ]] && return 0
+ sleep .5
+ done
+
+ return 1
}
start_mon() {
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/units/testsuite-50.sh systemd-252.19/test/units/testsuite-50.sh
--- systemd-252.17/test/units/testsuite-50.sh 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/units/testsuite-50.sh 2023-11-10 00:22:41.000000000 +0000
@@ -306,7 +306,7 @@
PrivateTmp=yes
ExecStart=/bin/sh -c ' \\
systemd-notify --ready; \\
- while [[ ! -f /tmp/img/usr/lib/os-release ]] || ! grep -q -F MARKER /tmp/img/usr/lib/os-release; do \\
+ while [ ! -f /tmp/img/usr/lib/os-release ] || ! grep -q -F MARKER /tmp/img/usr/lib/os-release; do \\
sleep 0.1; \\
done; \\
mount; \\
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/test/units/testsuite-65.sh systemd-252.19/test/units/testsuite-65.sh
--- systemd-252.17/test/units/testsuite-65.sh 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/test/units/testsuite-65.sh 2023-11-10 00:22:41.000000000 +0000
@@ -230,6 +230,18 @@
rm /tmp/testfile.service
rm /tmp/testfile2.service
+cat <<EOF >/tmp/sample.service
+[Unit]
+Description = A Sample Service
+
+[Service]
+ExecStart = echo hello
+Slice=support.slice
+EOF
+
+# Zero exit status since no additional dependencies are recursively loaded when the unit file is loaded
+systemd-analyze verify --recursive-errors=no /tmp/sample.service
+
cat <<EOF >/tmp/testfile.service
[Service]
ExecStart = echo hello
@@ -540,6 +552,12 @@
"weight": 25,
"range": 1
},
+"CapabilityBoundingSet_CAP_BPF":
+ {"description_good": "Service may load BPF programs",
+ "description_bad": "Service may not load BPF programs",
+ "weight": 25,
+ "range": 1
+ },
"UMask":
{"weight": 100,
"range": 10
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/tools/update-syscall-tables.sh systemd-252.19/tools/update-syscall-tables.sh
--- systemd-252.17/tools/update-syscall-tables.sh 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/tools/update-syscall-tables.sh 2023-11-10 00:22:41.000000000 +0000
@@ -4,8 +4,8 @@
cd "${1:?}" && shift
-curl --fail -L -o syscall-list.txt 'https://raw.githubusercontent.com/hrw/syscalls-table/master/syscall-names.text'
+curl --fail -L -o syscall-list.txt 'https://raw.githubusercontent.com/hrw/syscalls-table/master/data/syscall-names.text'
for arch in "$@"; do
- curl --fail -L -o "syscalls-$arch.txt" "https://raw.githubusercontent.com/hrw/syscalls-table/master/tables/syscalls-$arch";
+ curl --fail -L -o "syscalls-$arch.txt" "https://raw.githubusercontent.com/hrw/syscalls-table/master/data/tables/syscalls-$arch";
done
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/units/modprobe@.service systemd-252.19/units/modprobe@.service
--- systemd-252.17/units/modprobe@.service 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/units/modprobe@.service 2023-11-10 00:22:41.000000000 +0000
@@ -17,4 +17,4 @@
[Service]
Type=oneshot
-ExecStart=-/sbin/modprobe -abq %I
+ExecStart=-/sbin/modprobe -abq %i
diff -Nru --exclude parse_hwdb.py --exclude acpi_id_registry.html --exclude pnp_id_registry.html --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.17/units/systemd-journal-upload.service.in systemd-252.19/units/systemd-journal-upload.service.in
--- systemd-252.17/units/systemd-journal-upload.service.in 2023-09-20 10:14:24.000000000 +0100
+++ systemd-252.19/units/systemd-journal-upload.service.in 2023-11-10 00:22:41.000000000 +0000
@@ -26,6 +26,9 @@
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
+Restart=on-failure
+RestartSteps=10
+RestartMaxDelaySec=60
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
Attachment:
signature.asc
Description: This is a digitally signed message part