diff options
226 files changed, 1923 insertions, 1128 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 164b3a0..284a284 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -33,6 +33,6 @@ jobs: env: ${{ matrix.env }} steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Build check run: .github/workflows/build_test.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d284f7..4065cae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index ad7a5d2..06f4f5f 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -22,7 +22,7 @@ jobs: COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}" steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # Reuse the setup phase of the unit test script to avoid code duplication - name: Install build dependencies run: sudo -E .github/workflows/unit_tests.sh SETUP diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml index c2360a3..becbbdc 100644 --- a/.github/workflows/development_freeze.yml +++ b/.github/workflows/development_freeze.yml @@ -30,7 +30,7 @@ jobs: name: Pull Request Metadata - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index 244f5d5..68c2c72 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index e4a0caf..633cca1 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - id: metadata name: Gather Pull Request Metadata diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml index 4bedf0d..fb26d4f 100644 --- a/.github/workflows/issue_labeler.yml +++ b/.github/workflows/issue_labeler.yml @@ -20,7 +20,7 @@ jobs: template: [ bug_report.yml, feature_request.yml ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Parse issue form uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 57e8c89..2058d22 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 if: github.event_name == 'pull_request' - name: Label PR based on policy in labeler.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cf0bc09..b66720a 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repo checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: # We need a full repo clone fetch-depth: 0 diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 1b2f77c..7070e9c 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -59,40 +59,53 @@ jobs: sanitizers: "" llvm: 0 cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no - distro: debian release: testing sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: ubuntu release: noble sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: fedora release: "40" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes - distro: fedora release: rawhide sanitizers: address,undefined llvm: 1 cflags: "-Og" + relabel: yes - distro: opensuse release: tumbleweed sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: centos release: "9" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes + - distro: centos + release: "10" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - - uses: systemd/mkosi@70aa901697f12182ccaa24e2325867d275479b55 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: systemd/mkosi@7e975957a6af65c2e70428b6cda0c163ca7e1adc # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space # immediately, we remove the files in the background. However, we first move them to a different location @@ -140,6 +153,9 @@ jobs: SANITIZERS=${{ matrix.sanitizers }} MESON_OPTIONS=--werror LLVM=${{ matrix.llvm }} + SYSEXT=1 + + SELinuxRelabel=${{ matrix.relabel }} [Host] QemuMem=4G @@ -187,7 +203,7 @@ jobs: -Dvmspawn=enabled - name: Build image - run: meson compile -C build mkosi + run: sudo meson compile -C build mkosi - name: Run integration tests run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 44ee6f1..c7bd6c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 895068c..a83b485 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -30,7 +30,7 @@ jobs: cryptolib: gcrypt steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install build dependencies run: | # Drop XDG_* stuff from /etc/environment, so we don't get the user diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index b661f18..c8b75ac 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -634,6 +634,10 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \ * `$SYSTEMD_REPART_OVERRIDE_FSTYPE` – if set the value will override the file system type specified in Format= lines in partition definition files. + Additionally, the filesystem for all partitions with a specific designator can + be overridden via a correspondingly named environment variable. For example, + to override the filesystem type for all partitions with `Type=root`, you can + set `SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4`. `systemd-nspawn`, `systemd-networkd`: diff --git a/docs/HACKING.md b/docs/HACKING.md index 5b1e355..a905fc7 100644 --- a/docs/HACKING.md +++ b/docs/HACKING.md @@ -29,8 +29,7 @@ For some components (most importantly, systemd/PID 1 itself) this is not possibl In order to simplify testing for cases like this we provide a set of `mkosi` config files directly in the source tree. [mkosi](https://mkosi.systemd.io/) is a tool for building clean OS images from an upstream distribution in combination with a fresh build of the project in the local working directory. -To make use of this, please install `mkosi` v19 or newer using your distribution's package manager or from the -[GitHub repository](https://github.com/systemd/mkosi). +To make use of this, please install `mkosi` from the [GitHub repository](https://github.com/systemd/mkosi#running-mkosi-from-the-repository). `mkosi` will build an image for the host distro by default. First, run `mkosi genkey` to generate a key and certificate to be used for secure boot and verity signing. After that is done, it is sufficient to type `mkosi` in the systemd project directory to generate a disk image you can boot either in `systemd-nspawn` or in a UEFI-capable VM: @@ -45,6 +44,24 @@ or: $ mkosi qemu ``` +By default, the tools from your host system are used to build the image. To have +`mkosi` use the systemd tools from the `build/` directory, add the following to +`mkosi.local.conf`: + +```conf +[Host] +ExtraSearchPaths=build/ +``` + +And if you want `mkosi` to build a tools image and use the tools from there +instead of looking for tools on the host, add the following to +`mkosi.local.conf`: + +```conf +[Host] +ToolsTree=default +``` + Every time you rerun the `mkosi` command a fresh image is built, incorporating all current changes you made to the project tree. To avoid having to build a new image all the time when iterating on a patch, add the following to @@ -52,21 +69,21 @@ image all the time when iterating on a patch, add the following to ```conf [Host] -RuntimeBuildSources=yes +@RuntimeBuildSources=yes ``` After enabling this setting, the source and build directories will be mounted to `/work/src` and `/work/build` respectively when booting the image as a container or virtual machine. To build the latest changes and re-install after booting the -image, run `mkosi -t none` in another terminal on the host and run one of the -following commands in the container or virtual machine depending on the -distribution: +image, run one of the following commands in another terminal on your host ( +choose the right one depending on the distribution of the container or virtual +machine): ```sh -dnf upgrade --disablerepo="*" /work/build/*.rpm # CentOS/Fedora -apt install --reinstall /work/build/*.deb # Debian/Ubuntu -pacman -U /work/build/*.pkg.tar # Arch Linux -zypper install --allow-unsigned-rpm /work/build/*.rpm # OpenSUSE +mkosi -t none && mkosi ssh dnf upgrade --disablerepo="*" "/work/build/*.rpm" # CentOS/Fedora +mkosi -t none && mkosi ssh apt install --reinstall "/work/build/*.deb" # Debian/Ubuntu +mkosi -t none && mkosi ssh pacman -U "/work/build/*.pkg.tar" # Arch Linux +mkosi -t none && mkosi ssh zypper install --allow-unsigned-rpm "/work/build/*.rpm" # OpenSUSE ``` and optionally restart the daemon(s) you're working on using @@ -76,8 +93,8 @@ pid1 or `systemctl soft-reboot` to restart everything. Putting this all together, here's a series of commands for preparing a patch for systemd: ```sh -$ git clone https://github.com/systemd/mkosi.git # If mkosi v19 or newer is not packaged by your distribution -$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi # If mkosi v19 or newer is not packaged by your distribution +$ git clone https://github.com/systemd/mkosi.git +$ ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi $ git clone https://github.com/systemd/systemd.git $ cd systemd $ git checkout -b <BRANCH> # where BRANCH is the name of the branch diff --git a/docs/RELEASE.md b/docs/RELEASE.md index 0d8c0b9..cbd43dc 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -27,3 +27,9 @@ SPDX-License-Identifier: LGPL-2.1-or-later 18. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync` 20. [FINAL] Change the Github Pages branch to the newly created branch (https://github.com/systemd/systemd/settings/pages) and set the 'Custom domain' to 'systemd.io' 21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `v256` to `v257~devel`) + +# Steps to a Successful Stable Release + +1. Backport at least the commits from all PRs tagged with `needs-stable-backport` on Github with `git cherry-pick -x`. Any other commits that fix bugs, change documentation, tests, CI or mkosi can generally be backported as well. Since 256 the stable branches live [here](https://github.com/systemd/systemd/). Stable branches for older releases are available [here](https://github.com/systemd/systemd-stable/). Check each commit to see if it makes sense to backport and check the comments on the PR to see if the author indicated that only specific commits should be backported. +2. Update the version number in `meson.version` (e.g. from `256.2` to `256.3`) (only for 256-stable or newer) +3. Tag the release: `version="v$(cat meson.version)" && git tag -s "${version}" -m "systemd-stable ${version}"` (Fill in the version manually on releases older than 256) diff --git a/hwdb.d/60-evdev.hwdb b/hwdb.d/60-evdev.hwdb index a4431e2..0b70a82 100644 --- a/hwdb.d/60-evdev.hwdb +++ b/hwdb.d/60-evdev.hwdb @@ -76,6 +76,11 @@ evdev:input:b0003v08CAp0020* EVDEV_ABS_00=::20 EVDEV_ABS_01=::20 +# AIPTEK Media Tablet Ultimate (detected as Waltop International Corp. Batteryless Tablet) +evdev:input:b0003v172Fp0503* + EVDEV_ABS_00=::160 + EVDEV_ABS_01=::160 + ######################################### # Apple ######################################### @@ -373,6 +378,8 @@ evdev:input:b0003v0430p0530* evdev:input:b0003v256Cp006F* EVDEV_ABS_00=::210 EVDEV_ABS_01=::323 + EVDEV_ABS_35=::210 + EVDEV_ABS_36=::323 ######################################### # Google @@ -616,6 +623,13 @@ evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO:*pvrThinkPadL14Gen1** EVDEV_ABS_35=::44 EVDEV_ABS_36=::50 +# Lenovo Thinkpad E16 Gen1 (Intel) +evdev:name:SYNA801A:00 06CB:CEC6 Touchpad:dmi:*svnLENOVO:*pvrThinkPadE16Gen1** + EVDEV_ABS_00=::11 + EVDEV_ABS_01=::11 + EVDEV_ABS_35=::11 + EVDEV_ABS_36=::11 + # Lenovo T460 evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pn*ThinkPad*T460:* EVDEV_ABS_00=1266:5677:44 diff --git a/hwdb.d/60-input-id.hwdb b/hwdb.d/60-input-id.hwdb index b9d1ce0..dfb035d 100644 --- a/hwdb.d/60-input-id.hwdb +++ b/hwdb.d/60-input-id.hwdb @@ -59,6 +59,10 @@ id-input:modalias:input:b0003v28bdp0078* id-input:modalias:input:b0003v04B3p301Ee0100-e0,1,2,4* ID_INPUT_POINTINGSTICK=1 +# Logitech G915 TKL Keyboard (Bluetooth) +id-input:modalias:input:b0005v046DpB35Fe0022* + ID_INPUT_MOUSE=0 + # Logitech Ultrathin Touch Mouse id-input:modalias:input:b0005v046DpB00De0700* ID_INPUT_MOUSE=1 diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb index f1ea0f5..15c0d4c 100644 --- a/hwdb.d/60-keyboard.hwdb +++ b/hwdb.d/60-keyboard.hwdb @@ -253,6 +253,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAlienware*:pnM17xR3:* KEYBOARD_KEY_89=ejectcd ########################################################### +# Aquarius +########################################################### + +# Aquarius Cmp NS483 +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAquarius*:pnCmp*NS483*:* + KEYBOARD_KEY_56=backslash + KEYBOARD_KEY_76=f21 # Touchpad Toggle + +########################################################### # Asus ########################################################### @@ -290,10 +299,22 @@ evdev:name:gpio-keys:phys:gpio-keys/input0:ev:100003:dmi:*:svnASUSTeKCOMPUTERINC # All four of these buttons generate a multi-scancode sequence # consisting of Left_Meta, Right_Ctrl and another scancode. evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAYANEO:pnKUN:pvr* - KEYBOARD_KEY_18=f13 # LC (next to the left shoulder button) - KEYBOARD_KEY_20=f14 # RC (next to the right shoulder button) - KEYBOARD_KEY_30=f15 # Start (upper-right corner of screen) - KEYBOARD_KEY_28=f16 # Ayaneo (lower-right corner of screen) + KEYBOARD_KEY_18=f15 # LC (next to the left shoulder button) + KEYBOARD_KEY_20=f16 # RC (next to the right shoulder button) + KEYBOARD_KEY_28=f17 # Ayaneo (lower-right corner of screen) + KEYBOARD_KEY_30=f18 # Touchpad Mode (top-right corner of screen) + +# Most AYANEO devices expose an AT Translated Set 2 Keyboard +# for either three or four additional buttons not available +# on the Xbox360 controller. These buttons all generate a +# multi-scancode sequence. The specific preceding codes +# depend on the model, but the final scancode is always the +# same. +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnAYANEO:* + KEYBOARD_KEY_66=f15 # LC (All models) + KEYBOARD_KEY_67=f16 # RC (All models) + KEYBOARD_KEY_68=f17 # Ayaneo (All models) + KEYBOARD_KEY_69=f18 # Touchpad Mode (Kun only) ########################################################### # BenQ @@ -453,6 +474,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnXPS12-9Q33*:* KEYBOARD_KEY_88=wlan KEYBOARD_KEY_65=direction # Screen Rotate +# Dell Pro Rugged microphone mute +evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnDellProRugged*:* # Dell G16 microphone mute evdev:name:Dell WMI hotkeys:dmi:bvn*:bvr*:bd*:svnDell*:pnDellG16*:* # Dell Latitude microphone mute @@ -1525,6 +1548,11 @@ evdev:name:MSI Laptop hotkeys:dmi:bvn*:bvr*:bd*:svn*:pnM[iI][cC][rR][oO]-S[tT][a KEYBOARD_KEY_0213=f22 KEYBOARD_KEY_0214=f23 +# MSI Claw +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnMicro-StarInternationalCo.,Ltd.:pnClawA1M:* + KEYBOARD_KEY_b9=f15 # Right Face Button + KEYBOARD_KEY_ba=f16 # Left Face Button + ########################################## # NEC ########################################## @@ -1646,6 +1674,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnOQO*Inc.*:pnOQO*Model*2*:* KEYBOARD_KEY_f3=volumeup ########################################################### +# OrangePi +########################################################### + +# NEO +evdev:name:AT Translated Set 2 keyboard:dmi:*:svnOrangePi:pnNEO-01:* + KEYBOARD_KEY_66=f15 # Gamepad (front, bottom right) + KEYBOARD_KEY_67=f16 # Home (front, bottom left) + +########################################################### # Ortek ########################################################### @@ -1733,6 +1770,15 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svn*:pn*:pvr*:rvnQuanta:rn30B7:rvr65.2B:* KEYBOARD_KEY_88=media # "quick play ########################################################### +# Redmi +########################################################### + +# RedmiBook Pro 15 2022 +evdev:atkbd:dmi:bvn*:bvr*:bd*:svnTIMI:pnRedmiBookPro152022:pvr* + KEYBOARD_KEY_9c=enter # KP_enter in the main area is wrong + KEYBOARD_KEY_dd=rightctrl # Right Ctrl is preferrable over Menu + +########################################################### # Samsung ########################################################### @@ -2185,6 +2231,13 @@ evdev:name:SIPODEV USB Composite Device:dmi:bvn*:bvr*:svnPositivoTecnologiaSA:pn KEYBOARD_KEY_7006e=prog4 # Programmable button ########################################################### +# Multilaser +########################################################### +# Multilaser Ultra (UL154) +evdev:name:AT Translated Set 2 keyboard:dmi:bvn*bvr*:svnMultilaserIndustrial:pn*:pvr*:rvn*:rnUL154* + KEYBOARD_KEY_76=f21 # Fn+f2 toggle touchpad + +########################################################### # Other ########################################################### diff --git a/hwdb.d/60-sensor.hwdb b/hwdb.d/60-sensor.hwdb index b45db62..21f4380 100644 --- a/hwdb.d/60-sensor.hwdb +++ b/hwdb.d/60-sensor.hwdb @@ -116,6 +116,11 @@ sensor:modalias:acpi:BOSC0200*:dmi:*svnAcer*:*pnSpinSP111-34:* # Aquarius ######################################### +# Aquarius Cmp NS483 +sensor:modalias:acpi:MXC6655*:dmi:*:svnAquarius*:pnCmp*NS483:* + ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1 + +sensor:modalias:acpi:MXC4005*:dmi:*:svnAquarius*:pnCmp*NS483:* # Aquarius NS483 sensor:modalias:acpi:MXC6655*:dmi:*:svnAquarius*:pnNS483:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 @@ -195,13 +200,33 @@ sensor:modalias:acpi:SMO8500*:dmi:*:svnStandard:pnWCBT1011::* # AYANEO ######################################### -# AYANEO AIR +# AYANEO 2021, 2021 Pro, 2021 Pro Retro Power +sensor:modalias:acpi:10EC5280*:dmi:*:svnAYANEO:pn*2021*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO 2, 2S +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAYANEO 2*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO AIR, AIR Pro, and 1S sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAIR*:* - ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO AIR Plus AMD, Plus Mendocino, and Plus Intel +sensor:modalias:acpi:BOSC0200*:dmi:*:svnAYANEO:pnAIR Plus*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, 1; -1, 0, 0 + +# AYANEO FLIP DS, FLIP KB +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnFLIP**:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 + +# AYANEO GEEK, GEEK 1S +sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pnAYANEO GEEK*:* + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 -# AYANEO NEXT +# AYANEO NEXT, NEXT Lite, NEXT Advance, and NEXT Pro sensor:modalias:acpi:BMI0160*:dmi:*:svnAYANEO:pn*NEXT*:* - ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 + ACCEL_MOUNT_MATRIX=-0, -1, 0; 0, 0, -1; 1, 0, 0 ######################################### # BMAX @@ -316,6 +341,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnHampoo*:pnC3W6_AP108_4GB:* sensor:modalias:acpi:MXC6655*:dmi:*:svnCHUWIInnovationAndTechnology*:pnUBookX:* ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, -1 +# Chuwi Freebook N100 +sensor:modalias:acpi:MDA6655*:dmi:*:svnCHUWI*:pnFreeBook:* + ACCEL_MOUNT_MATRIX=0, -1, 0;1, 0, 0;0, 0, 1 + ######################################### # Connect ######################################### @@ -534,6 +563,10 @@ sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:bvr5.11:bd05/25/201 sensor:modalias:acpi:MXC6655*:dmi:*:svnGPD:pnG1621-02:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 +# GPD WinMax2 +sensor:modalias:acpi:BMI0160*:dmi:*:svnGPD:pnG1619*:* + ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 + ######################################### # Hometech ######################################## @@ -882,6 +915,14 @@ sensor:modalias:acpi:BMI0160*:dmi:*:rnONEXPLAYER:rvrV01:* ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, -1 ######################################### +# OrangePi +######################################### + +# OrangePi NEO +sensor:modalias:acpi:BMI0260*:dmi:*:svnOrangePi:pnNEO-01:* + ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 0, -1; 0, -1, 0 + +######################################### # Passion ######################################### diff --git a/hwdb.d/70-av-production.hwdb b/hwdb.d/70-av-production.hwdb index a701d1c..91c757b 100644 --- a/hwdb.d/70-av-production.hwdb +++ b/hwdb.d/70-av-production.hwdb @@ -19,6 +19,21 @@ usb:v2982p1967* ID_AV_PRODUCTION_CONTROLLER=1 ################ +# Contour +################ +# Shuttle Pro +usb:v0B33p0011* + ID_AV_PRODUCTION_CONTROLLER=1 + +# Shuttle Pro V2 +usb:v0B33p0030* + ID_AV_PRODUCTION_CONTROLLER=1 + +# ShuttleXpress +usb:v0B33p0020* + ID_AV_PRODUCTION_CONTROLLER=1 + +################ # Eks ################ # Otus @@ -83,6 +98,13 @@ usb:v06F8pB100* usb:v06F8pB107* ID_AV_PRODUCTION_CONTROLLER=1 +#################### +# ICOM +#################### +# RC-28 Remote Encoder +usb:v0C26p001E* + ID_AV_PRODUCTION_CONTROLLER=1 + ##################### # Native Instruments ##################### @@ -161,3 +183,17 @@ usb:v17CCp1130* # CDJ 2000 NXS 2 usb:v2B73p0005* ID_AV_PRODUCTION_CONTROLLER=1 + +#################### +# SunSDR +#################### +# E-Coder 2 Controller +usb:v1FC9p0003* + ID_AV_PRODUCTION_CONTROLLER=1 + +#################### +# Xencelabs +#################### +# Quick Keys +usb:v28BDp5202* + ID_AV_PRODUCTION_CONTROLLER=1 diff --git a/hwdb.d/70-cameras.hwdb b/hwdb.d/70-cameras.hwdb index 3a84792..0fd0baf 100644 --- a/hwdb.d/70-cameras.hwdb +++ b/hwdb.d/70-cameras.hwdb @@ -13,6 +13,16 @@ camera:usb:v*p*:name:*IR Camera*: ID_INFRARED_CAMERA=1 ########################################################### +# Hewlett-Packard +########################################################### + +# Chicony Electronics Co., Ltd HP Wide Vision FHD Camera (IR function) +camera:usb:v04f2pb634:name:*I: +# Realtek Semiconductor Corp. HP Wide Vision FHD Camera (IR function) +camera:usb:v0bdap58e6:name:*I: + ID_INFRARED_CAMERA=1 + +########################################################### # Philips ########################################################### diff --git a/hwdb.d/70-hardware-wallets.hwdb b/hwdb.d/70-hardware-wallets.hwdb new file mode 100644 index 0000000..77d8bfa --- /dev/null +++ b/hwdb.d/70-hardware-wallets.hwdb @@ -0,0 +1,24 @@ +# This file is part of systemd. +# +# Database for Hardware Wallets that should be accessible to the seat owner. +## +# To add local entries, copy this file to +# /etc/udev/hwdb.d/ +# and add your rules there. To load the new rules execute (as root): +# systemd-hwdb update +# udevadm trigger + +################ +# Trezor Hardware Wallets +################ + +# Trezor v1 +usb:v534Cp0001* + ID_HARDWARE_WALLET=1 + +# Trezor v2 +usb:v1209p53C0* + ID_HARDWARE_WALLET=1 + +usb:v1209p53C1* + ID_HARDWARE_WALLET=1 diff --git a/hwdb.d/70-mouse.hwdb b/hwdb.d/70-mouse.hwdb index 0379eec..20079d6 100644 --- a/hwdb.d/70-mouse.hwdb +++ b/hwdb.d/70-mouse.hwdb @@ -249,6 +249,14 @@ mouse:usb:v04d9p0499:name:*:* MOUSE_DPI=800@125 ########################################## +# Glorious +########################################## + +# Glorious Model O Minus +mouse:usb:v258ap0036:name:Glorious Model O:* + MOUSE_DPI=400@1000 800@1000 *1600@1000 3200@1000 + +########################################## # HandShoe Mouse ########################################## diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build index 32e6505..b69b6d8 100644 --- a/hwdb.d/meson.build +++ b/hwdb.d/meson.build @@ -29,6 +29,7 @@ hwdb_files_test = files( '70-analyzers.hwdb', '70-av-production.hwdb', '70-cameras.hwdb', + '70-hardware-wallets.hwdb', '70-joystick.hwdb', '70-mouse.hwdb', '70-pda.hwdb', diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py index 64382db..b2580c8 100755 --- a/hwdb.d/parse_hwdb.py +++ b/hwdb.d/parse_hwdb.py @@ -174,6 +174,7 @@ def property_grammar(): ('ID_INPUT_TOUCHSCREEN', id_input_setting), ('ID_INPUT_TRACKBALL', id_input_setting), ('ID_SIGNAL_ANALYZER', Or((Literal('0'), Literal('1')))), + ('ID_HARDWARE_WALLET', Or((Literal('0'), Literal('1')))), ('POINTINGSTICK_SENSITIVITY', INTEGER), ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))), ('ID_INPUT_TOUCHPAD_INTEGRATION', Or(('internal', 'external'))), diff --git a/man/systemctl.xml b/man/systemctl.xml index 70fd91f..25b8930 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -2440,9 +2440,9 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err <term><option>--no-reload</option></term> <listitem> - <para>When used with <command>enable</command> and - <command>disable</command>, do not implicitly reload daemon - configuration after executing the changes.</para> + <para>When used with <command>enable</command>, <command>disable</command>, <command>preset</command>, + <command>mask</command>, or <command>unmask</command>, do not implicitly reload daemon configuration + after executing the changes.</para> </listitem> </varlistentry> diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml index 8f48081..471eddd 100644 --- a/man/systemd-repart.xml +++ b/man/systemd-repart.xml @@ -35,31 +35,34 @@ <refsect1> <title>Description</title> - <para><command>systemd-repart</command> grows and adds partitions to a partition table, based on the - configuration files described in + <para><command>systemd-repart</command> creates partition tables, and adds or grows partitions, + based on the configuration files described in <citerefentry><refentrytitle>repart.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. </para> - <para>If invoked with no arguments, it operates on the block device backing the root file system - partition of the running OS, thus growing and adding partitions of the booted OS image itself. If - <varname>--image=</varname> is used it will operate on the specified image file. When called in the - initrd it operates on the block device backing <filename>/sysroot/</filename> instead, i.e. on the block - device the system will soon transition into. The <filename>systemd-repart.service</filename> service is - generally run at boot in the initrd, in order to augment the partition table of the OS before its - partitions are mounted. <command>systemd-repart</command> (mostly) operates in a purely incremental mode: - it only grows existing and adds new partitions; it does not shrink, delete or move existing partitions. - The service is intended to be run on every boot, but when it detects that the partition table already - matches the installed <filename>repart.d/*.conf</filename> configuration files, it executes no - operation.</para> - - <para><command>systemd-repart</command> is intended to be used when deploying OS images, to automatically - adjust them to the system they are running on, during first boot. This way the deployed image can be - minimal in size and may be augmented automatically at boot when needed, taking possession of disk space - available but not yet used. Specifically the following use cases are among those covered:</para> + <para><command>systemd-repart</command> is used when <emphasis>building</emphasis> OS images, and also + when <emphasis>deploying</emphasis> images to automatically adjust them, during boot, to the system they + are running on. This way the image can be minimal in size and may be augmented automatically at boot, + taking possession of the disk space available.</para> + + <para>If invoked with no arguments, <command>systemd-repart</command> operates on the block device + backing the root file system partition of the running OS, thus adding and growing partitions of the + booted OS itself. When called in the initrd, it operates on the block device backing + <filename>/sysroot/</filename> instead, i.e. on the block device the system will soon transition into. If + <varname>--image=</varname> is used, it will operate on the specified device or image file. The + <filename>systemd-repart.service</filename> service is generally run at boot in the initrd, in order to + augment the partition table of the OS before its partitions are mounted.</para> + + <para><command>systemd-repart</command> operations are mostly incremental: it grows existing partitions + or adds new ones, but does not shrink, delete, or move existing partitions. The service is intended to be + run on every boot, but when it detects that the partition table already matches the installed + <filename>repart.d/*.conf</filename> configuration files, it executes no operation.</para> + + <para>The following use cases are among those covered:</para> <itemizedlist> <listitem><para>The root partition may be grown to cover the whole available disk space.</para></listitem> - <listitem><para>A <filename>/home/</filename>, swap or <filename>/srv/</filename> partition can be + <listitem><para>A <filename>/home/</filename>, swap, or <filename>/srv/</filename> partition can be added.</para></listitem> <listitem><para>A second (or third, …) root partition may be added, to cover A/B style setups where a second version of the root file system is alternatingly used for implementing update @@ -70,23 +73,22 @@ <para>The algorithm executed by <command>systemd-repart</command> is roughly as follows:</para> <orderedlist> - <listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed, - and ordered by filename (without the directory prefix). For each configuration file, - drop-in files are looked for in directories with same name as the configuration file - with a suffix ".d" added.</para></listitem> - - <listitem><para>The partition table already existing on the block device is loaded and - parsed.</para></listitem> - - <listitem><para>The existing partitions in the partition table are matched up with the - <filename>repart.d/*.conf</filename> files by GPT partition type UUID. The first existing partition - of a specific type is assigned the first configuration file declaring the same type. The second - existing partition of a specific type is then assigned the second configuration file declaring the same - type, and so on. After this iterative assigning is complete any left-over existing partitions that have - no matching configuration file are considered "foreign" and left as they are. And any configuration - files for which no partition currently exists are understood as a request to create such a partition. + <listitem><para>The <filename>repart.d/*.conf</filename> configuration files are loaded and parsed, and + ordered by filename (without the directory prefix). For each configuration file, drop-in files are + loaded from directories with same name as the configuration file with the suffix ".d" added. + </para></listitem> + + <listitem><para>The partition table on the block device is loaded and parsed, if present. </para></listitem> + <listitem><para>The existing partitions in the partition table are matched with the + <filename>repart.d/*.conf</filename> files by GPT partition type UUID. The first existing partition of + a specific type is assigned the first configuration file declaring the same type. The second existing + partition of a specific type is then assigned the second configuration file declaring the same type, + and so on. After this iterative assigning is complete, any existing partitions that have no matching + configuration file are considered "foreign" and left as they are. And any configuration files for which + no partition was matched are treated as requests to create a partition.</para></listitem> + <listitem><para>Partitions that shall be created are now allocated on the disk, taking the size constraints and weights declared in the configuration files into account. Free space is used within the limits set by size and padding requests. In addition, existing partitions that should be grown are @@ -124,12 +126,11 @@ partition table.</para></listitem> </orderedlist> - <para>As exception to the normally strictly incremental operation, when called in a special "factory - reset" mode, <command>systemd-repart</command> may also be used to erase existing partitions to - reset an installation back to vendor defaults. This mode of operation is used when either the - <option>--factory-reset=yes</option> switch is passed on the tool's command line, or the - <option>systemd.factory_reset=yes</option> option specified on the kernel command line, or the - <varname>FactoryReset</varname> EFI variable (vendor UUID + <para>As an exception to the normal incremental operation, when called in a special "factory reset" mode, + <command>systemd-repart</command> may be used to erase existing partitions to reset an installation back + to vendor defaults. This mode of operation is used when either the <option>--factory-reset=yes</option> + switch is passed on the tool's command line, or the <option>systemd.factory_reset=yes</option> option is + specified on the kernel command line, or the <varname>FactoryReset</varname> EFI variable (vendor UUID <constant>8cf2644b-4b0b-428f-9387-6d876050dc67</constant>) is set to "yes". It alters the algorithm above slightly: between the 3rd and the 4th step above any partition marked explicitly via the <varname>FactoryReset=</varname> boolean is deleted, and the algorithm restarted, thus immediately @@ -153,11 +154,9 @@ from a common seed images prepared with this tool become reproducible and the result of the algorithm above deterministic.</para> - <para>The positional argument should specify the block device to operate on. Instead of a block device - node path a regular file may be specified too, in which case the command operates on it like it would if - a loopback block device node was specified with the file attached. If <option>--empty=create</option> is - specified the specified path is created as regular file, which is useful for generating disk images from - scratch.</para> + <para>The positional argument should specify the block device or a regular file to operate on. If + <option>--empty=create</option> is specified, the specified path is created as regular file, which is + useful for generating disk images from scratch.</para> </refsect1> <refsect1> @@ -168,6 +167,7 @@ <variablelist> <varlistentry> <term><option>--dry-run=</option></term> + <listitem><para>Takes a boolean. If this switch is not specified <option>--dry-run=yes</option> is the implied default. Controls whether <filename>systemd-repart</filename> executes the requested re-partition operations or whether it should only show what it would do. Unless @@ -179,6 +179,7 @@ <varlistentry> <term><option>--empty=</option></term> + <listitem><para>Takes one of <literal>refuse</literal>, <literal>allow</literal>, <literal>require</literal>, <literal>force</literal> or <literal>create</literal>. Controls how to operate on block devices that are entirely empty, i.e. carry no partition table/disk label yet. If @@ -623,7 +624,7 @@ <refsect1> <title>Exit status</title> - <para>On success, 0 is returned, a non-zero failure code otherwise.</para> + <para>On success, 0 is returned, and a non-zero failure code otherwise.</para> </refsect1> <refsect1> @@ -635,15 +636,19 @@ <para>The following creates a configuration extension DDI (confext) for an <filename>/etc/motd</filename> update:</para> - <programlisting>mkdir tree tree/etc tree/etc/extension-release.d -echo "Hello World" > tree/etc/motd -cat > tree/etc/extension-release.d/extension-release.my-motd <<EOF + <programlisting>mkdir -p tree/etc/extension-release.d +echo "Hello World" >tree/etc/motd +cat >tree/etc/extension-release.d/extension-release.my-motd <<EOF ID=fedora VERSION_ID=38 IMAGE_ID=my-motd IMAGE_VERSION=7 EOF -systemd-repart -C --private-key=privkey.pem --certificate=cert.crt -s tree/ /var/lib/confexts/my-motd.confext.raw +systemd-repart -C \ + --private-key=privkey.pem \ + --certificate=cert.crt \ + -s tree/ \ + /var/lib/confexts/my-motd.confext.raw systemd-confext refresh</programlisting> <para>The DDI generated that way may be applied to the system with @@ -656,15 +661,20 @@ systemd-confext refresh</programlisting> <para>The following creates a system extension DDI (sysext) for an <filename>/usr/foo</filename> update and signs it with a hardware token via PKCS11.</para> - <programlisting>mkdir tree tree/usr tree/usr/lib/extension-release.d -echo "Hello World" > tree/usr/foo -cat > tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF + <programlisting>mkdir -p tree/usr/lib/extension-release.d +echo "Hello World" >tree/usr/foo +cat >tree/usr/lib/extension-release.d/extension-release.my-foo <<EOF ID=fedora VERSION_ID=38 IMAGE_ID=my-foo IMAGE_VERSION=7 EOF -systemd-repart --make-ddi=sysext --private-key-source=engine:pkcs11 --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" --certificate=cert.crt -s tree/ /var/lib/extensions/my-foo.sysext.raw +systemd-repart --make-ddi=sysext \ + --private-key-source=engine:pkcs11 \ + --private-key="pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=0123456789abcdef;token=Some%20Cert" \ + --certificate=cert.crt \ + -s tree/ \ + /var/lib/extensions/my-foo.sysext.raw systemd-sysext refresh</programlisting> <para>The DDI generated that way may be applied to the system with diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml index 3773a38..2ffc279 100644 --- a/man/systemd.resource-control.xml +++ b/man/systemd.resource-control.xml @@ -462,7 +462,8 @@ CPUWeight=20 DisableControllers=cpu / \ <para>Specify the absolute limit on swap usage of the executed processes in this unit.</para> <para>Takes a swap size in bytes. If the value is suffixed with K, M, G or T, the specified swap size is - parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. If assigned the + parsed as Kilobytes, Megabytes, Gigabytes, or Terabytes (with the base 1024), respectively. Alternatively, a + percentage value may be specified, which is taken relative to the specified swap size on the system. If assigned the special value <literal>infinity</literal>, no swap limit is applied. These settings control the <literal>memory.swap.max</literal> control group attribute. For details about this control group attribute, see <ulink url="https://docs.kernel.org/admin-guide/cgroup-v2.html#memory-interface-files">Memory Interface Files</ulink>.</para> diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 58439df..6667ac5 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -727,8 +727,8 @@ <listitem><para>Configures a maximum time for the service to run. If this is used and the service has been active for longer than the specified time it is terminated and put into a failure state. Note that this setting does not have any effect on <varname>Type=oneshot</varname> services, as they terminate immediately after - activation completed. Pass <literal>infinity</literal> (the default) to configure no runtime - limit.</para> + activation completed (use <varname>TimeoutStartSec=</varname> to limit their activation). + Pass <literal>infinity</literal> (the default) to configure no runtime limit.</para> <para>If a service of <varname>Type=notify</varname>/<varname>Type=notify-reload</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause the runtime to be extended beyond diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 919e641..dfc9f6f 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -173,13 +173,13 @@ section. When the unit is enabled, symlinks will be created for those names, and removed when the unit is disabled. For example, <filename>reboot.target</filename> specifies <varname>Alias=ctrl-alt-del.target</varname>, so when enabled, the symlink - <filename>/etc/systemd/system/ctrl-alt-del.service</filename> pointing to the + <filename>/etc/systemd/system/ctrl-alt-del.target</filename> pointing to the <filename>reboot.target</filename> file will be created, and when <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Del</keycap></keycombo> is invoked, - <command>systemd</command> will look for the <filename>ctrl-alt-del.service</filename> and execute - <filename>reboot.service</filename>. <command>systemd</command> does not look at the [Install] section at - all during normal operation, so any directives in that section only have an effect through the symlinks - created during enablement.</para> + <command>systemd</command> will look for <filename>ctrl-alt-del.target</filename>, follow the symlink to + <filename>reboot.target</filename>, and execute <filename>reboot.service</filename> as part of that target. + <command>systemd</command> does not look at the [Install] section at all during normal operation, so any + directives in that section only have an effect through the symlinks created during enablement.</para> <para>Along with a unit file <filename>foo.service</filename>, the directory <filename>foo.service.wants/</filename> may exist. All unit files symlinked from such a directory are @@ -832,7 +832,7 @@ type when precisely a unit has finished starting up. Most importantly, for service units start-up is considered completed for the purpose of <varname>Before=</varname>/<varname>After=</varname> when all its configured start-up commands have been invoked and they either failed or reported start-up - success. Note that this does includes <varname>ExecStartPost=</varname> (or + success. Note that this includes <varname>ExecStartPost=</varname> (or <varname>ExecStopPost=</varname> for the shutdown case).</para> <para>Note that those settings are independent of and orthogonal to the requirement dependencies as diff --git a/man/ukify.xml b/man/ukify.xml index bf6f328..216b368 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -648,7 +648,7 @@ $ ukify -c ukify.conf build \ </example> <example> - <title>Kernel command line auxiliary PE</title> + <title>Kernel command line PE addon</title> <programlisting>ukify build \ --secureboot-private-key=sb.key \ @@ -656,7 +656,7 @@ $ ukify -c ukify.conf build \ --cmdline='debug' \ --sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md uki-addon.author,1,UKI Addon for System,uki-addon.author,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html' - --output=debug.cmdline + --output=debug.addon.efi </programlisting> <para>This creates a signed PE binary that contains the additional kernel command line parameter @@ -664,9 +664,9 @@ $ ukify -c ukify.conf build \ </example> <example> - <title>Decide signing policy and create certificate and keys</title> + <title>Decide signing policy, and create certificate and keys</title> - <para>First, let's create an config file that specifies what signatures shall be made:</para> + <para>First, let's create a configuration file that specifies what signatures shall be made:</para> <programlisting># cat >/etc/kernel/uki.conf <<EOF <xi:include href="uki.conf.example" parse="text" />EOF</programlisting> diff --git a/meson.build b/meson.build index b1a110c..0548e2e 100644 --- a/meson.build +++ b/meson.build @@ -1102,6 +1102,9 @@ else # Check if 'clang -target bpf' is supported. clang_supports_bpf = run_command(clang, '-target', 'bpf', '--print-supported-cpus', check : false).returncode() == 0 endif + if bpf_framework.enabled() and not clang_supports_bpf + error('bpf-framework was enabled but clang does not support bpf') + endif elif bpf_compiler == 'gcc' bpf_gcc = find_program('bpf-gcc', 'bpf-none-gcc', @@ -1992,14 +1995,11 @@ endif conf.set_quoted('VERSION_TAG', version_tag) vcs_tag = get_option('vcs-tag') -command = ['sh', '-c', - vcs_tag and fs.exists(project_source_root / '.git') ? - 'echo "-g$(git -C . describe --abbrev=7 --match="" --always --dirty=^)"' : ':'] version_h = vcs_tag( input : 'src/version/version.h.in', output : 'version.h', fallback : '', - command : command, + command : [vcs_tag ? 'tools/vcs-tag.sh' : 'true', get_option('mode')], ) shared_lib_tag = get_option('shared-lib-tag') @@ -2089,7 +2089,7 @@ libsystemd = shared_library( # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. '-z', 'nodelete', '-Wl,--version-script=' + libsystemd_sym_path], - link_with : [libbasic], + link_with : [libbasic_static], link_whole : [libsystemd_static], dependencies : [librt, threads, @@ -2254,7 +2254,7 @@ nss_template = { 'link_with' : [ libsystemd_static, libshared_static, - libbasic, + libbasic_static, ], 'dependencies' : [ librt, @@ -2660,12 +2660,6 @@ foreach executable : ['systemd-journal-remote', 'systemd-measure'] endforeach if mkosi.found() - genkey = custom_target('genkey', - output : ['mkosi.key', 'mkosi.crt'], - command : [mkosi, '--force', 'genkey'], - depends : mkosi_depends, - ) - custom_target('mkosi', build_always_stale : true, build_by_default: false, @@ -2677,14 +2671,11 @@ if mkosi.found() '--output-dir', meson.current_build_dir() / 'mkosi.output', '--cache-dir', meson.current_build_dir() / 'mkosi.cache', '--build-dir', meson.current_build_dir() / 'mkosi.builddir', - '--secure-boot-key', meson.current_build_dir() / 'mkosi.key', - '--secure-boot-certificate', meson.current_build_dir() / 'mkosi.crt', - '--verity-key', meson.current_build_dir() / 'mkosi.key', - '--verity-certificate', meson.current_build_dir() / 'mkosi.crt', + '--extra-search-path', meson.current_build_dir(), '--force', 'build', ], - depends : mkosi_depends + [genkey], + depends : mkosi_depends, ) endif diff --git a/meson.version b/meson.version index 47da505..86facc5 100644 --- a/meson.version +++ b/meson.version @@ -1 +1 @@ -256.2 +256.4 diff --git a/meson_options.txt b/meson_options.txt index 667340c..909e2d5 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, description : 'This option is deprecated and will be removed in a future release') option('link-udev-shared', type : 'boolean', description : 'link systemd-udevd and its helpers to libsystemd-shared.so') +option('link-executor-shared', type : 'boolean', + description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') option('link-systemctl-shared', type: 'boolean', description : 'link systemctl against libsystemd-shared.so') option('link-networkd-shared', type: 'boolean', diff --git a/mkosi.clean b/mkosi.clean new file mode 100755 index 0000000..bcd1ae4 --- /dev/null +++ b/mkosi.clean @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +set -o nounset + +rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} "$OUTPUTDIR"/systemd.raw @@ -1,55 +1,145 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Config] -@Images=system MinimumVersion=23~devel +Dependencies= + exitrd + initrd + minimal-base + minimal-0 + minimal-1 + +PassEnvironment= + NO_BUILD + NO_SYNC + WIPE + SANITIZERS + CFLAGS + LDFLAGS + LLVM + MESON_VERBOSE + MESON_OPTIONS + SYSEXT + WITH_DEBUG [Output] -@OutputDirectory=build/mkosi.output -@BuildDirectory=build/mkosi.builddir -@CacheDirectory=build/mkosi.cache +RepartDirectories=mkosi.repart +OutputDirectory=build/mkosi.output +BuildDirectory=build/mkosi.builddir +CacheDirectory=build/mkosi.cache [Content] -@SELinuxRelabel=no BuildSourcesEphemeral=yes +Autologin=yes + +ExtraTrees= + mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key + mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw + %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity + %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig + %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw + %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity + %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig + %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template + %O/exitrd:/exitrd + +Initrds=%O/initrd + +Environment= + SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F + +# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time +# and results in lots of errors when building images as a regular user. +SELinuxRelabel=no # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in # various scenarios. Consider adding support for a credential instead if possible and using that. -KernelCommandLine=systemd.crash_shell - systemd.log_level=debug,console:info - systemd.log_ratelimit_kmsg=0 - # Disable the kernel's ratelimiting on userspace logging to kmsg. - printk.devkmsg=on - # Make sure /sysroot is mounted rw in the initrd. - rw - # Lower the default device timeout so we get a shell earlier if the root device does - # not appear for some reason. - systemd.default_device_timeout_sec=30 - # Make sure no LSMs are enabled by default. - apparmor=0 - selinux=0 - enforcing=0 - systemd.early_core_pattern=/core - systemd.firstboot=no - raid=noautodetect - oops=panic - panic=-1 - softlockup_panic=1 - panic_on_warn=1 - # These don't ship proper units with [Install] directives so we have to mask them instead. - systemd.mask=isc-dhcp-server.service - systemd.mask=mdmonitor.service +KernelCommandLine= + systemd.crash_shell + systemd.log_level=debug,console:info + systemd.log_ratelimit_kmsg=0 + # Disable the kernel's ratelimiting on userspace logging to kmsg. + printk.devkmsg=on + # Make sure /sysroot is mounted rw in the initrd. + rw + # Lower the default device timeout so we get a shell earlier if the root device does + # not appear for some reason. + systemd.default_device_timeout_sec=90 + # Make sure no LSMs are enabled by default. + selinux=0 + systemd.early_core_pattern=/core + systemd.firstboot=no + raid=noautodetect + oops=panic + panic=-1 + softlockup_panic=1 + panic_on_warn=1 + # These don't ship proper units with [Install] directives so we have to mask them instead. + systemd.mask=isc-dhcp-server.service + systemd.mask=mdmonitor.service + psi=1 KernelModulesInitrdExclude=.* KernelModulesInitrdInclude=default +Packages= + acl + attr + bash-completion + binutils + bpftrace + coreutils + curl + diffutils + dnsmasq + dosfstools + e2fsprogs + findutils + gdb + grep + gzip + jq + kbd + kexec-tools + kmod + less + lvm2 + man + mdadm + mtools + nano + nftables + nvme-cli + opensc + openssl + p11-kit + pciutils + python3 + radvd + rsync + sed + socat + strace + tar + tmux + tree + util-linux + valgrind + which + wireguard-tools + xfsprogs + zsh + zstd + [Host] Credentials=journal.storage=persistent -@Incremental=yes -@RuntimeBuildSources=yes -@RuntimeScratch=no -@QemuSmp=2 -@QemuSwtpm=yes -@QemuVsock=yes -@QemuKvm=yes +Incremental=yes +RuntimeBuildSources=yes +RuntimeScratch=no +QemuSmp=2 +QemuSwtpm=yes +QemuVsock=yes +QemuKvm=yes ToolsTreePackages=virtiofsd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf b/mkosi.conf.d/10-arch/mkosi.conf index 96ae8c8..5a4015e 100644 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf +++ b/mkosi.conf.d/10-arch/mkosi.conf @@ -4,11 +4,6 @@ Distribution=arch [Content] -Environment= - GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git - GIT_BRANCH=main - GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c - VolatilePackages= systemd systemd-libs @@ -20,51 +15,40 @@ VolatilePackages= Packages= bind bpf - compiler-rt + btrfs-progs compsize cryptsetup dbus-broker dbus-broker-units - debugedit dhcp + erofs-utils f2fs-tools - fakeroot git gnutls - gnutls iproute iputils + knot linux man-db multipath-tools + nmap open-iscsi - openbsd-netcat openssh openssl pacman perf - pkgconf polkit procps-ng psmisc python-pexpect python-psutil + qrencode quota-tools sbsigntools shadow softhsm squashfs-tools - stress + stress-ng tgt tpm2-tools - tpm2-tss vim - -InitrdPackages= - compiler-rt - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-libs - systemd-sysvcompat diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf index 4a6d2e9..4a6d2e9 100644 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf +++ b/mkosi.conf.d/10-arch/mkosi.conf.d/10-debug.conf diff --git a/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.conf.d/10-arch/mkosi.prepare new file mode 100755 index 0000000..aac7b3d --- /dev/null +++ b/mkosi.conf.d/10-arch/mkosi.prepare @@ -0,0 +1,33 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +DEPS="" + +while read -r PACKAGE; do + DEPS="$DEPS $( + pacman --sync --info "$PACKAGE" | + sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line). + sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it. + )" + + DEPS="$DEPS $( + pacman --sync --info "$PACKAGE" | + sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line). + sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive). + sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line. + sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines). + tr '\n' ' ' # Transform newlines to whitespace. + )" +done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +echo "$DEPS" | + xargs | # Remove extra whitespace. + tr ' ' '\n' | + grep --invert-match --regexp systemd --regexp None | # systemd packages will be installed later on. + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf index f200409..5b1865a 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf @@ -11,6 +11,7 @@ VolatilePackages= systemd-container systemd-devel systemd-journal-remote + systemd-libs systemd-networkd systemd-networkd-defaults systemd-oomd-defaults @@ -23,17 +24,13 @@ VolatilePackages= Packages= bind-utils bpftool - compiler-rt cryptsetup device-mapper-event device-mapper-multipath - dfuzzer - dhcp-server dnf git-core glibc-langpack-de glibc-langpack-en - gnutls gnutls-utils integritysetup iproute @@ -41,11 +38,9 @@ Packages= iputils iscsi-initiator-utils kernel-core - libasan libcap-ng-utils - libubsan man-db - netcat + nmap-ncat openssh-clients openssh-server pam @@ -57,20 +52,9 @@ Packages= python3-pexpect quota rpm - rpm-build - rpmautospec - sbsigntools softhsm squashfs-tools - stress + stress-ng tpm2-tools - util-linux veritysetup vim-common - -InitrdPackages= - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-udev diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf index 0c3707b..0c3707b 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-debug.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf index 9fe5509..0a388f3 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf +++ b/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf @@ -1,20 +1,13 @@ # SPDX-License-Identifier: LGPL-2.1-or-later +# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're +# building a /usr-only image. + [Match] Profile=!particle [Content] -# libselinux does not work in the slightest with /usr-only images so don't install the packages if we're -# building a /usr-only image. Packages= selinux-policy selinux-policy-targeted setools-console - -# We relabel on first boot instead of at build time because it is only possible to label without root -# if the labels exist in the host system, and we want to be able to cross-build to other distributions. -SELinuxRelabel=no - -InitrdPackages= - selinux-policy - selinux-policy-targeted diff --git a/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.conf.d/10-centos-fedora/mkosi.prepare new file mode 100755 index 0000000..2a890bc --- /dev/null +++ b/mkosi.conf.d/10-centos-fedora/mkosi.prepare @@ -0,0 +1,19 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +for DEPS in --requires --recommends --suggests; do + # We need --latest-limit=1 to only consider the newest version of the packages. + # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages + # are not considerd on x86-64. + dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" | + grep --invert-match --regexp systemd --regexp udev --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal | + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install +done diff --git a/mkosi.conf.d/10-centos.conf b/mkosi.conf.d/10-centos.conf deleted file mode 100644 index ee8d0e5..0000000 --- a/mkosi.conf.d/10-centos.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=centos - -[Distribution] -@Release=9 -Repositories=epel - epel-next - hyperscale-packages-main - hyperscale-packages-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.conf.d/10-centos/mkosi.conf index 25059c2..d97b081 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ b/mkosi.conf.d/10-centos/mkosi.conf @@ -3,15 +3,17 @@ [Match] Distribution=centos +[Distribution] +Release=10 + [Content] Environment= + # We'd prefer to use XFS here but it fails to mount on duplicate filesystem UUIDs which + # happens when running tests in parallel so we use ext4 instead. + SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=ext4 # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of # mkfs.ext4 enabled it by default, so we disable it explicitly. - Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" - GIT_URL=https://git.centos.org/rpms/systemd.git - GIT_BRANCH=c9s-sig-hyperscale - GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 + SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" Packages= kernel-modules # For squashfs - rpmautospec-rpm-macros diff --git a/mkosi.conf.d/10-debian.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf index 8674e88..9e92a4f 100644 --- a/mkosi.conf.d/10-debian.conf +++ b/mkosi.conf.d/10-centos/mkosi.conf.d/10-epel.conf @@ -1,7 +1,9 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -Distribution=debian +Release=9 [Distribution] -@Release=testing +Repositories= + epel + epel-next diff --git a/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf new file mode 100644 index 0000000..11dc969 --- /dev/null +++ b/mkosi.conf.d/10-centos/mkosi.conf.d/20-epel-packages.conf @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + dfuzzer + dhcp-server + erofs-utils + knot + qrencode + sbsigntools diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref new file mode 100644 index 0000000..5649b70 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi-pinning.pref @@ -0,0 +1,3 @@ +Package: * +Pin: release l=mkosi +Pin-Priority: 1100 diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf index c6b8154..43e0781 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf @@ -4,13 +4,10 @@ Distribution=|debian Distribution=|ubuntu -[Content] -Environment= - GIT_URL=https://salsa.debian.org/systemd-team/systemd.git - GIT_SUBDIR=debian - GIT_BRANCH=ci/v256-stable - GIT_COMMIT=5f07b24c429e854db1afad5f14729804a46a59af +[Distribution] +PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref +[Content] VolatilePackages= libnss-myhostname libnss-mymachines @@ -18,6 +15,8 @@ VolatilePackages= libnss-systemd libpam-systemd libsystemd-dev + libsystemd-shared + libsystemd0 libudev-dev systemd systemd-container @@ -37,17 +36,14 @@ VolatilePackages= udev Packages= - ^libasan[0-9]+$ - ^libtss2-esys-[0-9.]+-0$ - ^libtss2-mu-[0-9.]+-0$ - ^libubsan[0-9]+$ + btrfs-progs apt bind9-dnsutils cryptsetup-bin dbus-broker dbus-user-session dmsetup - dpkg-dev + erofs-utils f2fs-tools fdisk git-core @@ -55,38 +51,27 @@ Packages= iproute2 iputils-ping isc-dhcp-server + knot libcap-ng-utils - libclang-rt-dev - libtss2-rc0 - libtss2-tcti-device0 locales man-db multipath-tools - netcat-openbsd + ncat open-iscsi openssh-client openssh-server passwd - policykit-1 + polkitd procps psmisc python3-pexpect python3-psutil + qrencode quota softhsm2 squashfs-tools - stress + stress-ng tgt tpm2-tools tzdata xxd - -InitrdPackages= - libclang-rt-dev - tpm2-tools - -InitrdVolatilePackages= - systemd - systemd-cryptsetup - systemd-repart - udev diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf index 2bb6164..2bb6164 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/10-debug.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf index 781670a..781670a 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf index 4fb4f46..4fb4f46 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/network.conf diff --git a/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..acab113 --- /dev/null +++ b/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare @@ -0,0 +1,16 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +apt-cache depends "${PACKAGES[@]}" | + grep --invert-match --regexp "<" --regexp "|" --regexp systemd | # Remove e.g. <python3:any> and |dbus-broker like results + grep --extended-regexp "Depends|Suggests|Recommends" | + sed --quiet 's/.*: //p' | # Get every line with ": " in it and strip it at the same time. + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf b/mkosi.conf.d/10-debian/mkosi.conf index 50dfa11..c960a1b 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf +++ b/mkosi.conf.d/10-debian/mkosi.conf @@ -3,6 +3,9 @@ [Match] Distribution=debian +[Distribution] +Release=testing + [Content] Packages= linux-perf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf index af923fa..af923fa 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/arm64.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf index 615de52..615de52 100644 --- a/mkosi.images/system/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf +++ b/mkosi.conf.d/10-debian/mkosi.conf.d/x86-64.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf b/mkosi.conf.d/10-fedora/mkosi.conf index c4617d2..adb7779 100644 --- a/mkosi.images/system/mkosi.conf.d/10-fedora/mkosi.conf +++ b/mkosi.conf.d/10-fedora/mkosi.conf @@ -3,17 +3,23 @@ [Match] Distribution=fedora -[Content] -Environment= - GIT_URL=https://src.fedoraproject.org/rpms/systemd.git - GIT_BRANCH=rawhide - GIT_COMMIT=f9fe17dbdee7242ccd4fd2858128c8952890bdb8 +[Distribution] +Release=rawhide +[Content] Packages= + btrfs-progs compsize + dfuzzer + dhcp-server dnf5 + erofs-utils f2fs-tools - scsi-target-utils # Required for systemd-networkd-tests.py (netdevsim and sch_xxx modules) kernel-modules-extra kernel-modules-internal + knot + qrencode + rpmautospec + sbsigntools + scsi-target-utils diff --git a/mkosi.conf.d/10-opensuse.conf b/mkosi.conf.d/10-opensuse.conf deleted file mode 100644 index f976fc8..0000000 --- a/mkosi.conf.d/10-opensuse.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=opensuse - -[Distribution] -@Release=tumbleweed -PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend diff --git a/mkosi.conf.d/macros.db_backend b/mkosi.conf.d/10-opensuse/macros.db_backend index 4a58f06..4a58f06 100644 --- a/mkosi.conf.d/macros.db_backend +++ b/mkosi.conf.d/10-opensuse/macros.db_backend diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf b/mkosi.conf.d/10-opensuse/mkosi.conf index e488b2d..e741aa4 100644 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf +++ b/mkosi.conf.d/10-opensuse/mkosi.conf @@ -3,16 +3,15 @@ [Match] Distribution=opensuse -[Config] -InitrdInclude=initrd/ +[Distribution] +Release=tumbleweed +Repositories=non-oss +PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend [Content] -Environment= - GIT_URL=https://src.opensuse.org/rpm/systemd - GIT_BRANCH=devel - GIT_COMMIT=23bfa9d83b6e24a5395a704b816a351f3dc5b5316e580cacedd1b5d9e068c117 - VolatilePackages= + libsystemd0 + libudev1 systemd systemd-boot systemd-container @@ -32,30 +31,25 @@ VolatilePackages= Packages= bind-utils bpftool + btrfs-progs cryptsetup device-mapper dhcp-server docbook-xsl-stylesheets + erofs-utils f2fs-tools gawk - gcc-c++ git-core glibc-locale-base gnutls grep - group(bin) - group(daemon) - group(games) - group(nobody) - group(root) gzip iputils kernel-default kmod - libasan8 - libkmod2 - libubsan1 + knot multipath-tools + ncat open-iscsi openssh-clients openssh-server @@ -67,34 +61,19 @@ Packages= python3-pefile python3-pexpect python3-psutil + qrencode quota - rpm-build rsync sbsigntools sed shadow softhsm squashfs + stress-ng tgt timezone tpm2.0-tools - user(bin) - user(daemon) - user(games) - user(nobody) - user(root) veritysetup vim xz zypper - -InitrdPackages= - clang - kmod - libkmod2 - tpm2.0-tools - -InitrdVolatilePackages= - systemd - udev - systemd-experimental diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf index 6c57d04..6c57d04 100644 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf +++ b/mkosi.conf.d/10-opensuse/mkosi.conf.d/10-debug.conf diff --git a/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.conf.d/10-opensuse/mkosi.prepare new file mode 100755 index 0000000..6ee0af2 --- /dev/null +++ b/mkosi.conf.d/10-opensuse/mkosi.prepare @@ -0,0 +1,23 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +DEPS="" + +while read -r PACKAGE; do + # zypper's output is not machine readable so we make do with sed instead. + DEPS="$DEPS\n$( + zypper info --requires --recommends --suggests "$PACKAGE" | + sed '/Requires/,$!d' | # Remove everything before Requires line + sed --quiet 's/^ //p' # All indented lines have dependencies + )" +done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG") + +echo -e "$DEPS" | + grep --invert-match --regexp systemd --regexp udev --regexp qemu | + sort --unique | + xargs --delimiter '\n' --no-run-if-empty mkosi-install diff --git a/mkosi.conf.d/10-tools.conf b/mkosi.conf.d/10-tools.conf deleted file mode 100644 index 9d276d4..0000000 --- a/mkosi.conf.d/10-tools.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -PathExists=!build/ -SystemdVersion=<254 - -[Host] -@ToolsTree=default diff --git a/mkosi.conf.d/10-ubuntu.conf b/mkosi.conf.d/10-ubuntu.conf deleted file mode 100644 index da2d318..0000000 --- a/mkosi.conf.d/10-ubuntu.conf +++ /dev/null @@ -1,8 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Distribution=ubuntu - -[Distribution] -@Release=noble -Repositories=universe diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf index 86f9736..1ffa3ab 100644 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf @@ -3,6 +3,10 @@ [Match] Distribution=ubuntu +[Distribution] +Release=noble +Repositories=universe + [Content] Packages= linux-image-generic diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf index 582f038..582f038 100644 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf index 7347be9..7347be9 100644 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf +++ b/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources index 5b96dc5..5b96dc5 100644 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources +++ b/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources b/mkosi.conf.d/10-ubuntu/noble-backports.sources index d10c1e8..d10c1e8 100644 --- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports.sources +++ b/mkosi.conf.d/10-ubuntu/noble-backports.sources diff --git a/mkosi.conf.d/20-build.conf b/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.conf.d/20-none.conf b/mkosi.conf.d/20-none.conf new file mode 100644 index 0000000..0e4d919 --- /dev/null +++ b/mkosi.conf.d/20-none.conf @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# If we're only rerunning the build script, remove all subimage dependencies except the build image to speed +# up builds. + +[Match] +Format=none + +[Config] +Dependencies= +Dependencies=build diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.conf.d/20-particle/mkosi.conf index 8c1920b..99dad00 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf +++ b/mkosi.conf.d/20-particle/mkosi.conf @@ -8,8 +8,8 @@ RepartDirectories= RepartDirectories=mkosi.repart [Validation] -@SecureBoot=yes -@SignExpectedPcr=yes +SecureBoot=yes +SignExpectedPcr=yes [Host] -@RuntimeSize=8G +RuntimeSize=8G diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf index 3755278..3755278 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf index 2f92af2..2f92af2 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf index dac79ba..dac79ba 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf +++ b/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.conf.d/20-particle/mkosi.finalize index 69f9554..69f9554 100755 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize +++ b/mkosi.conf.d/20-particle/mkosi.finalize diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.conf.d/20-particle/mkosi.postinst.chroot index 95e0552..95e0552 100755 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot +++ b/mkosi.conf.d/20-particle/mkosi.postinst.chroot diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf index 391543d..391543d 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf +++ b/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf index 343761d..343761d 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf +++ b/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf index b4d45dd..b4d45dd 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf +++ b/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf index 1841d0a..1841d0a 100644 --- a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf +++ b/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf diff --git a/mkosi.conf.d/20-sanitizers.conf b/mkosi.conf.d/20-sanitizers.conf index 235b233..62d0523 100644 --- a/mkosi.conf.d/20-sanitizers.conf +++ b/mkosi.conf.d/20-sanitizers.conf @@ -2,6 +2,7 @@ [Match] Environment=SANITIZERS +Environment=!SANITIZERS= [Content] # Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN @@ -17,3 +18,6 @@ KernelCommandLine= systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/system/coredump-journal-storage.conf b/mkosi.coredump-journal-storage.conf index cde9785..cde9785 100644 --- a/mkosi.images/system/coredump-journal-storage.conf +++ b/mkosi.coredump-journal-storage.conf diff --git a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf b/mkosi.extra/etc/iscsi/iscsid.conf index fcf4cd9..fcf4cd9 100644 --- a/mkosi.images/system/mkosi.extra/etc/iscsi/iscsid.conf +++ b/mkosi.extra/etc/iscsi/iscsid.conf diff --git a/mkosi.images/system/mkosi.extra/etc/issue b/mkosi.extra/etc/issue index 6aa6fc0..6aa6fc0 100644 --- a/mkosi.images/system/mkosi.extra/etc/issue +++ b/mkosi.extra/etc/issue diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf index 657ac72..657ac72 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf +++ b/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf index 3baede4..3baede4 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset index c364058..5a15e6b 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset @@ -32,10 +32,10 @@ disable auditd.service # systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. enable systemd-timesyncd.service -# Skipped if selinux is not enabled, required for TEST-06-SELINUX. -enable autorelabel.service - # Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. disable iscsi.service disable iscsid.socket disable iscsiuio.socket + +# mkosi relabels the image itself so no need to do it on boot. +disable selinux-autorelabel-mark.service diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset index 710ee7c..710ee7c 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf index ebf7899..ebf7899 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf +++ b/mkosi.extra/usr/lib/systemd/system/iscsi-init.service.d/asan.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf index d0093b7..d0093b7 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf +++ b/mkosi.extra/usr/lib/systemd/system/user@.service.d/99-SYSTEMD_UNIT_PATH.conf diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf index e1a8e81..e1a8e81 100644 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/locale.conf +++ b/mkosi.extra/usr/lib/tmpfiles.d/locale.conf diff --git a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf index ddd36ed..ddd36ed 100644 --- a/mkosi.images/system/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf +++ b/mkosi.extra/usr/share/dbus-1/system.d/systemd.test.ExecStopPost.conf diff --git a/mkosi.functions b/mkosi.functions new file mode 100644 index 0000000..993f2e8 --- /dev/null +++ b/mkosi.functions @@ -0,0 +1,57 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +make_sysext_unsigned() { + if ! ((SYSEXT)); then + return + fi + + mkdir -p /usr/lib/systemd/repart/definitions/sysext-unsigned.repart.d + cat >/usr/lib/systemd/repart/definitions/sysext-unsigned.repart.d/10-root.conf <<EOF +[Partition] +Type=root +Format=erofs +CopyFiles=/usr/ +Minimize=best +EOF + + . /usr/lib/os-release + + mkdir -p "$1"/usr/lib/extension-release.d + cat >"$1"/usr/lib/extension-release.d/extension-release.systemd <<EOF +ID=$ID +SYSEXT_ID=systemd +SYSEXT_SCOPE=system +ARCHITECTURE=$ARCHITECTURE +EOF + + if [[ -n "$VERSION_ID" ]]; then + cat >>"$1"/usr/lib/extension-release.d/extension-release.systemd <<EOF +VERSION_ID=$VERSION_ID +EOF + fi + + if [[ -n "$SYSEXT_LEVEL" ]]; then + cat >>"$1"/usr/lib/extension-release.d/extension-release.systemd <<EOF +SYSEXT_LEVEL=$SYSEXT_LEVEL +EOF + fi + + rm -f "$BUILDDIR"/systemd.raw + + local fstype + + if command -v mkfs.erofs; then + fstype=erofs + else + fstype=squashfs + fi + + env SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT="$fstype" \ + "$BUILDDIR"/systemd-repart \ + --make-ddi=sysext-unsigned \ + --copy-source="$1" \ + --pretty=no \ + "$BUILDDIR"/systemd.raw + + cp "$BUILDDIR"/systemd.raw "$OUTPUTDIR" +} diff --git a/mkosi.images/build/mkosi.conf b/mkosi.images/build/mkosi.conf new file mode 100644 index 0000000..8a67c76 --- /dev/null +++ b/mkosi.images/build/mkosi.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Content] +Packages= + clang + lld + llvm + +[Output] +Format=none diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot index 2c99a67..3ffde85 100755 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.build.chroot @@ -2,24 +2,20 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then + echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 exit 1 fi # We can't configure the source or build directory so we use symlinks instead to make sure they are in the -# expected locations. -ln --symbolic "$SRCDIR" "pkg/$ID/systemd" -ln --symbolic "$BUILDDIR" "pkg/$ID/build" -# Because we run with --noextract we are responsible for making sure the source files appear in src/. -ln --symbolic . "pkg/$ID/src" +# expected locations. Because we run with --noextract we are responsible for making sure the source files +# appear in src/. This means not only the systemd source directory, but also the patches and configuration +# files that are shipped in the packaging repository. To achieve this, instead of symlinking the systemd +# sources and build directory directly into "pkg/$PKG_SUBDIR/src", we symlink them into "pkg/$PKG_SUBDIR" and +# then symlink "pkg/$PKG_SUBDIR" to "pkg/$PKG_SUBDIR/src". +ln --symbolic "$SRCDIR" "pkg/$PKG_SUBDIR/systemd" +ln --symbolic "$BUILDDIR" "pkg/$PKG_SUBDIR/build" +ln --symbolic . "pkg/$PKG_SUBDIR/src" MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((LLVM)); then @@ -29,11 +25,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -65,19 +61,19 @@ EOF # Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions. rm /usr/share/makepkg/lint_pkgbuild/* -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" fi -sed --in-place "pkg/$ID/PKGBUILD" \ +sed --in-place "pkg/$PKG_SUBDIR/PKGBUILD" \ --expression "s/^_tag=.*/_tag=$(cat meson.version)/" \ --expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/" # We get around makepkg's root check by setting EUID to something else. # shellcheck disable=SC2046 -env --chdir="pkg/$ID" \ +env --chdir="pkg/$PKG_SUBDIR" \ EUID=123 \ makepkg \ --noextract \ @@ -85,7 +81,7 @@ env --chdir="pkg/$ID" \ --force \ _systemd_UPSTREAM=1 \ _systemd_QUIET=$( ((MESON_VERBOSE)); echo $? ) \ - BUILDDIR="$PWD/pkg/$ID" \ + BUILDDIR="$PWD/pkg/$PKG_SUBDIR" \ PKGDEST="$OUTPUTDIR" \ PKGEXT=".pkg.tar" \ MESON_EXTRA_CONFIGURE_OPTIONS="$MKOSI_MESON_OPTIONS $MESON_OPTIONS" diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf new file mode 100644 index 0000000..c071468 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Environment= + GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git + GIT_BRANCH=main + GIT_COMMIT=1d577a62688419ee4af01b847e55845cd9780301 + PKG_SUBDIR=arch + +Packages= + base + base-devel + diffutils + erofs-utils + git diff --git a/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare new file mode 100755 index 0000000..d9e3221 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare @@ -0,0 +1,18 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then + echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 + exit 1 +fi + +# shellcheck source=/dev/null +_systemd_UPSTREAM=1 . "pkg/$PKG_SUBDIR/PKGBUILD" + +# shellcheck disable=SC2154 +mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot index 21f1062..466699c 100755 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.build.chroot @@ -2,25 +2,20 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release +. mkosi.functions -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" fi -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then # Fix the %install override so debuginfo packages are generated even when --build-in-place is used. # See https://github.com/rpm-software-management/rpm/issues/3042. tee --append /usr/lib/rpm/redhat/macros <<'EOF' @@ -33,10 +28,6 @@ fi VERSION="$(cat meson.version)" RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - COMMON_MACRO_OVERRIDES=( --define "toolchain $( ((LLVM)) && echo clang || echo gcc)" --define "_fortify_level 0" @@ -49,7 +40,7 @@ COMMON_MACRO_OVERRIDES=( # TODO: Drop -U_FORTIFY_SOURCE when we switch to CentOS Stream 10. MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" fi if ((LLVM)); then # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. @@ -58,11 +49,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(dirname "$(clang --print-file-name=libclang_rt.asan.so)")" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -84,7 +75,7 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ $( ((WITH_TESTS)) || echo "--nocheck") \ $( ((WITH_DOCS)) || echo "--without=docs") \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_rpmdir $OUTPUTDIR" \ ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ @@ -107,11 +98,12 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ --define "__brp_check_rpaths %{nil}" \ --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ --define "__script_requires %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ --define "_find_debuginfo_dwz_opts %{nil}" \ --define "_fixperms true" \ --undefine _package_note_flags \ --noclean \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" ( shopt -s nullglob @@ -120,3 +112,5 @@ CXX_LD="$( ((LLVM)) && echo lld)" \ cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf new file mode 100644 index 0000000..f3afd55 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Environment= + GIT_URL=https://src.fedoraproject.org/rpms/systemd.git + GIT_BRANCH=rawhide + GIT_COMMIT=00babccdea1576d96edfdb7ab12958564cc4f1b6 + PKG_SUBDIR=fedora + +Packages= + compiler-rt + git-core + libasan + libubsan + rpm-build diff --git a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare index 1b86073..6028dc3 100755 --- a/mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.prepare +++ b/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare @@ -2,37 +2,32 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ] || ((NO_BUILD)); then +if [[ "$1" == "build" ]]; then exit 0 fi -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2 exit 1 fi -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install # rpmbuild -br tries to build a source package which means all source files have to exist which isn't the # case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy. # TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore. -sed '/Source0/d' --in-place "pkg/$ID/systemd.spec" +sed '/Source0/d' --in-place "pkg/$PKG_SUBDIR/systemd.spec" until mkosi-chroot \ rpmbuild \ @@ -40,12 +35,12 @@ until mkosi-chroot \ --build-in-place \ --with upstream \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" do EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then + if [[ $EXIT_STATUS -ne 11 ]]; then exit $EXIT_STATUS fi diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf new file mode 100644 index 0000000..f3d19e3 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=centos + +[Content] +Packages= + rsync # TODO: Drop when CentOS Stream 9 CI is removed. + squashfs-tools diff --git a/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf new file mode 100644 index 0000000..15849c5 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/centos/mkosi.conf.d/epel-packages.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Repositories=epel + +[Content] +Packages= + erofs-utils + rpmautospec-rpm-macros diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot index f1eed03..2d50afb 100755 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot @@ -2,20 +2,13 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 exit 1 fi # We transplant the debian/ folder from the deb package sources into the upstream sources. -mount --mkdir --bind "$SRCDIR/pkg/$ID/debian" "$SRCDIR"/debian +mount --mkdir --bind "$SRCDIR/pkg/$PKG_SUBDIR/debian" "$SRCDIR"/debian # We remove the patches so they don't get applied. rm -rf "$SRCDIR"/debian/patches/* @@ -25,7 +18,7 @@ rm -rf "$SRCDIR"/debian/patches/* DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE" -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" @@ -52,11 +45,11 @@ fi MKOSI_LDFLAGS="" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi @@ -116,7 +109,7 @@ if ! build; then # by meson install. (cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files - if [ -f debian/not-installed ]; then + if [[ -f debian/not-installed ]]; then grep --invert-match "^#" debian/not-installed >>/tmp/installed-files fi @@ -126,7 +119,7 @@ if ! build; then # not in the packaged file. comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files # If there are no unpackaged files something else went wrong. - if [ ! -s /tmp/unpackaged-files ]; then + if [[ ! -s /tmp/unpackaged-files ]]; then exit 1 fi diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf new file mode 100644 index 0000000..132ee1b --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Environment= + GIT_URL=https://salsa.debian.org/systemd-team/systemd.git + GIT_SUBDIR=debian + GIT_BRANCH=ci/v256-stable + GIT_COMMIT=c004a150e78c0453848480485b2e3eb0ac7dff8b + PKG_SUBDIR=debian + +Packages= + apt + erofs-utils + git-core + libclang-rt-dev + dpkg-dev diff --git a/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare new file mode 100755 index 0000000..cec81ec --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +if [[ "$1" == "build" ]]; then + exit 0 +fi + +if [[ ! -d "pkg/$PKG_SUBDIR/debian" ]]; then + echo "deb rules not found at pkg/$PKG_SUBDIR/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 + exit 1 +fi + +cd "pkg/$PKG_SUBDIR" +DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf new file mode 100644 index 0000000..0e02dcb --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/fedora/mkosi.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=fedora + +[Content] +Packages= + erofs-utils + rpmautospec diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot index 67481d0..a1fb83c 100755 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.build.chroot +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.build.chroot @@ -2,20 +2,14 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. /usr/lib/os-release -ID="${ID%-*}" +. mkosi.functions -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi -if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then +if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then TS="$(git show --no-patch --format=%ct HEAD)" else TS="${SOURCE_DATE_EPOCH:-$(date +%s)}" @@ -24,9 +18,9 @@ fi # The openSUSE filelists hardcode the manpage compression extension. This causes rpmbuild errors since we # disable manpage compression as the files cannot be found. Fix the issue by removing the compression # extension. -find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; +find "pkg/$PKG_SUBDIR" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \; -if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then +if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then # Fix the %install override so debuginfo packages are generated. tee --append /usr/lib/rpm/suse/macros <<'EOF' %install %{debug_package}\ @@ -38,13 +32,9 @@ fi VERSION="$(cat meson.version)" RELEASE="$(date "+%Y%m%d%H%M%S" --date "@$TS")" -DIST="$(rpm --eval %dist)" -ARCH="$(rpm --eval %_arch)" -SRCDEST="/usr/src/debug/systemd-$VERSION-${RELEASE}${DIST}.$ARCH" - MKOSI_CFLAGS="-O0 -Wp,-U_FORTIFY_SOURCE" if ((WITH_DEBUG)); then - MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=$SRCDEST" + MKOSI_CFLAGS="$MKOSI_CFLAGS -fdebug-prefix-map=../src=/usr/src/debug/systemd" fi if ((LLVM)); then # TODO: Remove -fno-sanitize-function when https://github.com/systemd/systemd/issues/29972 is fixed. @@ -53,7 +43,7 @@ fi MKOSI_LDFLAGS="$(rpm --eval "%{?build_ldflags}")" if ((LLVM)) && [[ -n "$SANITIZERS" ]]; then - MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(clang --print-file-name="")lib/linux" + MKOSI_LDFLAGS="$MKOSI_LDFLAGS -Wl,-rpath=$(realpath "$(clang --print-runtime-dir)")" fi # A macro can't have an empty body and currently opensuse does not specify any of its own linker flags so @@ -63,12 +53,12 @@ if [[ -z "${MKOSI_LDFLAGS// }" ]]; then fi MKOSI_MESON_OPTIONS="-D mode=developer -D b_sanitize=${SANITIZERS:-none}" -if ((WIPE)); then +if ((WIPE)) && [[ -d "$BUILDDIR/meson-private" ]]; then MKOSI_MESON_OPTIONS="$MKOSI_MESON_OPTIONS --wipe" fi # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" build() { IFS= @@ -87,7 +77,7 @@ build() { --with upstream \ $( ((WITH_TESTS)) || echo "--nocheck") \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_rpmdir $OUTPUTDIR" \ ${BUILDDIR:+"--define=_vpath_builddir $BUILDDIR"} \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ @@ -106,10 +96,11 @@ build() { --define "__elf_exclude_path ^/usr/lib/systemd/tests/unit-tests/.*$" \ --define "__script_requires %{nil}" \ --define "_find_debuginfo_dwz_opts %{nil}" \ + --define "_find_debuginfo_opts --unique-debug-src-base \"%{name}\"" \ --define "_fixperms true" \ --noclean \ "$@" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" EXIT_STATUS=$? @@ -120,7 +111,7 @@ build() { } if ! build; then - if [ ! -s /tmp/unpackaged-files ]; then + if [[ ! -s /tmp/unpackaged-files ]]; then exit 1 fi @@ -128,7 +119,7 @@ if ! build; then # warnings. rm systemd.lang - grep -v ".debug" /tmp/unpackaged-files >>"pkg/$ID/files.systemd" + grep -v ".debug" /tmp/unpackaged-files >>"pkg/$PKG_SUBDIR/files.systemd" build --noprep --nocheck fi @@ -139,3 +130,5 @@ fi cp "$OUTPUTDIR"/*.rpm "$PACKAGEDIR" cp "$OUTPUTDIR"/*.rpm "$BUILDDIR" + +make_sysext_unsigned /var/tmp/BUILD/*/BUILDROOT diff --git a/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf new file mode 100644 index 0000000..1d55a91 --- /dev/null +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Environment= + GIT_URL=https://code.opensuse.org/package/systemd + GIT_BRANCH=master + GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5 + PKG_SUBDIR=opensuse + +Packages= + gcc-c++ + erofs-utils + git-core + patterns-base-minimal_base + rpm-build diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare index c57aa87..24f07fd 100755 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/mkosi.prepare +++ b/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare @@ -2,36 +2,30 @@ # SPDX-License-Identifier: LGPL-2.1-or-later set -e -if [ "$1" = "build" ] || ((NO_BUILD)); then +if [[ "$1" == "build" ]]; then exit 0 fi -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" -ID="${ID%-*}" - -if [ ! -f "pkg/$ID/systemd.spec" ]; then - echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 +if [[ ! -f "pkg/$PKG_SUBDIR/systemd.spec" ]]; then + echo "spec not found at pkg/$PKG_SUBDIR/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2 exit 1 fi # TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream). -sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec" +sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$PKG_SUBDIR/systemd.spec" -for DEPS in --requires --buildrequires; do - mkosi-chroot \ - rpmspec \ - --with upstream \ - --query \ - "$DEPS" \ - --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ - "pkg/$ID/systemd.spec" | - grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | - sort --unique | - tee /tmp/buildrequires | - xargs --delimiter '\n' mkosi-install -done +mkosi-chroot \ + rpmspec \ + --with upstream \ + --query \ + --buildrequires \ + --define "_topdir /var/tmp" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ + "pkg/$PKG_SUBDIR/systemd.spec" | + grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev | + sort --unique | + tee /tmp/buildrequires | + xargs --delimiter '\n' mkosi-install until mkosi-chroot \ rpmbuild \ @@ -39,12 +33,12 @@ until mkosi-chroot \ --build-in-place \ --with upstream \ --define "_topdir /var/tmp" \ - --define "_sourcedir pkg/$ID" \ + --define "_sourcedir pkg/$PKG_SUBDIR" \ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \ - "pkg/$ID/systemd.spec" + "pkg/$PKG_SUBDIR/systemd.spec" do EXIT_STATUS=$? - if [ $EXIT_STATUS -ne 11 ]; then + if [[ $EXIT_STATUS -ne 11 ]]; then exit $EXIT_STATUS fi diff --git a/mkosi.images/system/mkosi.sync b/mkosi.images/build/mkosi.sync index d56ddf5..febe893 100755 --- a/mkosi.images/system/mkosi.sync +++ b/mkosi.images/build/mkosi.sync @@ -3,19 +3,22 @@ set -e set -o nounset -if ((${NO_SYNC:-0})); then +if ((${NO_SYNC:-0})) || ((${NO_BUILD:-0})); then exit 0 fi -PKG_SUBDIR="$(realpath --canonicalize-missing "pkg/$DISTRIBUTION" --relative-to "$PWD")" - -if [[ -d "$PKG_SUBDIR/.git" ]]; then - if [[ "$(git -C "$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then +if [[ -d "pkg/$PKG_SUBDIR/.git" ]]; then + if [[ "$(git -C "pkg/$PKG_SUBDIR" rev-parse HEAD)" == "$GIT_COMMIT" ]]; then exit 0 fi + if ! git -C "pkg/$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + fi + # If work is being done on the packaging rules in a separate branch, don't touch the checkout. - if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then + if ! git -C "pkg/$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then EXIT_STATUS=$? if [[ $EXIT_STATUS -eq 1 ]]; then exit 0 @@ -25,7 +28,7 @@ if [[ -d "$PKG_SUBDIR/.git" ]]; then fi fi -if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then +if [[ ! -e "pkg/$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "pkg/$PKG_SUBDIR")" ]]; then # The repository on Salsa has the full upstream sources, so it's a waste of # space to redownload and duplicate everything, so do a sparse checkout as # we only need the packaging directory anyway. @@ -35,14 +38,14 @@ if [[ ! -e "$PKG_SUBDIR" ]] || [[ -z "$(ls --almost-all "$PKG_SUBDIR")" ]]; then sparse=() fi - git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "$PKG_SUBDIR" + git clone "$GIT_URL" --branch "$GIT_BRANCH" "${sparse[@]}" "pkg/$PKG_SUBDIR" if [[ -n "${GIT_SUBDIR:-}" ]]; then # --no-cone is needed to check out only one top-level directory - git -C "$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" + git -C "pkg/$PKG_SUBDIR" sparse-checkout set --no-cone "${GIT_SUBDIR:-}" fi else - git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL" - git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH" + git -C "pkg/$PKG_SUBDIR" remote set-url origin "$GIT_URL" + git -C "pkg/$PKG_SUBDIR" fetch origin "$GIT_BRANCH" fi -git -C "$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" +git -C "pkg/$PKG_SUBDIR" -c advice.detachedHead=false checkout "$GIT_COMMIT" diff --git a/mkosi.images/exitrd/mkosi.conf b/mkosi.images/exitrd/mkosi.conf index 2e867cb..28da8a5 100644 --- a/mkosi.images/exitrd/mkosi.conf +++ b/mkosi.images/exitrd/mkosi.conf @@ -1,22 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes MakeInitrd=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf index c8b1904..b5f3194 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-arch.conf @@ -4,8 +4,9 @@ Distribution=arch [Content] -Packages= +VolatilePackages= systemd + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf index 8458dee..a1fa32b 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-centos-fedora.conf @@ -5,5 +5,5 @@ Distribution=|centos Distribution=|fedora [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf index 68b0aa5..6ca310c 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-debian.conf @@ -4,5 +4,5 @@ Distribution=debian [Content] -Packages= +VolatilePackages= systemd-standalone-shutdown diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf index 3f6df21..5fd6466 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-opensuse.conf @@ -5,4 +5,9 @@ Distribution=opensuse [Content] Packages= + patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf index ddd68dc..9a7e1d8 100644 --- a/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf +++ b/mkosi.images/exitrd/mkosi.conf.d/10-ubuntu.conf @@ -4,5 +4,8 @@ Distribution=ubuntu [Content] -Packages= +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 systemd diff --git a/mkosi.images/exitrd/mkosi.conf.d/20-build.conf b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/exitrd/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf new file mode 100644 index 0000000..3f2c5c7 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Config] +Include= + mkosi-initrd + %D/mkosi.sanitizers + +[Content] +ExtraTrees= + %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf + +Packages= + findutils + grep + sed diff --git a/mkosi.images/initrd/mkosi.conf.d/arch.conf b/mkosi.images/initrd/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..99e039d --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/arch.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-sysvcompat diff --git a/mkosi.images/initrd/mkosi.conf.d/build.conf b/mkosi.images/initrd/mkosi.conf.d/build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf new file mode 100644 index 0000000..6607dab --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/centos-fedora.conf @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|centos +Distribution=|fedora + +[Content] +Packages= + tpm2-tools + +VolatilePackages= + systemd + systemd-libs + systemd-udev diff --git a/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..093c1bd --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=|debian +Distribution=|ubuntu + +[Content] +Packages= + btrfs-progs + tpm2-tools + +VolatilePackages= + libsystemd-shared + libsystemd0 + libudev1 + systemd + systemd-cryptsetup + systemd-repart + udev diff --git a/mkosi.conf.d/10-fedora.conf b/mkosi.images/initrd/mkosi.conf.d/fedora.conf index 71948d8..634b5a0 100644 --- a/mkosi.conf.d/10-fedora.conf +++ b/mkosi.images/initrd/mkosi.conf.d/fedora.conf @@ -3,5 +3,6 @@ [Match] Distribution=fedora -[Distribution] -@Release=rawhide +[Content] +Packages= + btrfs-progs diff --git a/mkosi.images/initrd/mkosi.conf.d/opensuse.conf b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..9f685e6 --- /dev/null +++ b/mkosi.images/initrd/mkosi.conf.d/opensuse.conf @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=opensuse + +[Content] +Packages= + btrfs-progs + kmod + tpm2.0-tools + +VolatilePackages= + libsystemd0 + libudev1 + systemd + udev + systemd-experimental diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf index b252491..b252491 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service index 54a9b8a..54a9b8a 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service index 845ac57..845ac57 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service index 2c709bc..2c709bc 100644 --- a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service +++ b/mkosi.images/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service diff --git a/mkosi.images/minimal-0/mkosi.conf b/mkosi.images/minimal-0/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-0/mkosi.conf +++ b/mkosi.images/minimal-0/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-1/mkosi.conf b/mkosi.images/minimal-1/mkosi.conf index a929fb6..5ef80b8 100644 --- a/mkosi.images/minimal-1/mkosi.conf +++ b/mkosi.images/minimal-1/mkosi.conf @@ -2,10 +2,6 @@ [Config] Dependencies=minimal-base -ConfigureScripts= - -[Distribution] -CacheOnly=always [Output] Format=portable @@ -15,11 +11,3 @@ SplitArtifacts=yes BaseTrees=%O/minimal-base Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs Bootable=no - -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - -[Host] -Incremental=no diff --git a/mkosi.images/minimal-base/mkosi.conf b/mkosi.images/minimal-base/mkosi.conf index 7eb1473..d841f9b 100644 --- a/mkosi.images/minimal-base/mkosi.conf +++ b/mkosi.images/minimal-base/mkosi.conf @@ -1,24 +1,19 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -[Config] -ConfigureScripts= - [Output] Format=directory [Content] Bootable=no -@Locale=C.UTF-8 +Locale=C.UTF-8 WithDocs=no CleanPackageMetadata=yes -BuildSources= -Packages= -BuildPackages= -VolatilePackages= - Packages= bash coreutils grep util-linux + +[Config] +Include=%D/mkosi.sanitizers diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf index 9b03397..044199a 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-arch.conf @@ -7,7 +7,10 @@ Distribution=arch Packages= inetutils iproute - openbsd-netcat + nmap + +VolatilePackages= + systemd-libs RemoveFiles= # Arch Linux doesn't split their gcc-libs package so we manually remove diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf index 3a3e528..e9893ad 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-centos-fedora.conf @@ -9,4 +9,7 @@ Packages= hostname iproute iproute-tc - netcat + nmap-ncat + +VolatilePackages= + systemd-libs diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf index a715ec1..d524ec1 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-debian-ubuntu.conf @@ -9,4 +9,8 @@ Packages= hostname iproute2 mount - netcat-openbsd + ncat + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf index 2e370ec..9bd40cf 100644 --- a/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf +++ b/mkosi.images/minimal-base/mkosi.conf.d/10-opensuse.conf @@ -7,5 +7,9 @@ Distribution=opensuse Packages= hostname iproute2 - netcat-openbsd + ncat patterns-base-minimal_base + +VolatilePackages= + libsystemd0 + libudev1 diff --git a/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf new file mode 100644 index 0000000..8c16d9b --- /dev/null +++ b/mkosi.images/minimal-base/mkosi.conf.d/20-build.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Add a dependency on the build image unless NO_BUILD=1. + +[Match] +Environment=!NO_BUILD=1 + +[Config] +Dependencies=build diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf deleted file mode 100644 index ed9bfdc..0000000 --- a/mkosi.images/system/initrd/mkosi.conf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Content] -PostInstallationScripts=../mkosi.sanitizers.chroot -ExtraTrees= - ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/mkosi.clean b/mkosi.images/system/mkosi.clean deleted file mode 100755 index 64810b7..0000000 --- a/mkosi.images/system/mkosi.clean +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -set -o nounset - -rm -f "$OUTPUTDIR"/*.{rpm,deb,pkg.tar} diff --git a/mkosi.images/system/mkosi.conf b/mkosi.images/system/mkosi.conf deleted file mode 100644 index f8a91df..0000000 --- a/mkosi.images/system/mkosi.conf +++ /dev/null @@ -1,78 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Config] -InitrdInclude=initrd/ - -[Output] -RepartDirectories=mkosi.repart - -[Content] -Autologin=yes -ExtraTrees= - %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf - -PostInstallationScripts=mkosi.sanitizers.chroot - -InitrdPackages= - btrfs-progs - findutils - grep - sed - -Packages= - acl - attr - bash-completion - bpftrace - btrfs-progs - clang - coreutils - curl - diffutils - dnsmasq - dosfstools - e2fsprogs - findutils - gdb - grep - gzip - jq - kbd - kexec-tools - kmod - knot - less - lld - llvm - lvm2 - man - mdadm - mtools - nano - nftables - nvme-cli - opensc - openssl - p11-kit - pciutils - python3 - qrencode - radvd - rsync - sed - socat - strace - systemd - tar - tmux - tree - udev - util-linux - valgrind - which - wireguard-tools - xfsprogs - zsh - zstd diff --git a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare deleted file mode 100755 index fd78e81..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-arch/mkosi.prepare +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -f "pkg/$ID/PKGBUILD" ]; then - echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 - exit 1 -fi - -# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex. -sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" | - grep --regexp '^depends =' --regexp '^optdepends =' | - sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' | - xargs --delimiter '\n' mkosi-install - -# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on -# whether some environment variable is set or not. -# shellcheck source=/dev/null -_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD" - -# shellcheck disable=SC2154 -mkosi-install "${makedepends[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst deleted file mode 100755 index 314f235..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss -# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and -# install them. This is not an issue when building locally, as the build and runtime images are the same, -# so they would get installed as build dependencies anyway. - -if [ "$1" = "build" ] || ! ((NO_BUILD)); then - exit 0 -fi - -# Query the Recommends and Suggests of all systemd packages, by matching on the version -systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)" -mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' ) -extra_packages=() -# shellcheck disable=SC2068 -for package in ${systemd_packages[@]}; do - # We are looking for dlopens, so filter for libraries - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") - mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib") -done - -if [ "${#extra_packages[@]}" -eq 0 ]; then - exit 0 -fi - -apt install "${extra_packages[@]}" diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare deleted file mode 100755 index 645671a..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.prepare +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -if [ "$1" = "build" ] || ((NO_BUILD)); then - exit 0 -fi - -# shellcheck source=/dev/null -. "$BUILDROOT/usr/lib/os-release" - -if [ ! -d "pkg/$ID/debian" ]; then - echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2 - exit 1 -fi - -cd "pkg/$ID" -DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep . diff --git a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst b/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst deleted file mode 100755 index 417132f..0000000 --- a/mkosi.images/system/mkosi.conf.d/10-opensuse/initrd/mkosi.postinst +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: LGPL-2.1-or-later -set -e - -# OpenSUSE insists on blacklisting erofs by default because its supposedly a legacy filesystem. -# See https://github.com/openSUSE/suse-module-tools/pull/71 -rm -f "$BUILDROOT/usr/lib/modprobe.d/60-blacklist_fs-erofs.conf" diff --git a/mkosi.images/system/mkosi.conf.d/20-images.conf b/mkosi.images/system/mkosi.conf.d/20-images.conf deleted file mode 100644 index 8641984..0000000 --- a/mkosi.images/system/mkosi.conf.d/20-images.conf +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Match] -Format=!none - -[Config] -Dependencies= - exitrd - minimal-base - minimal-0 - minimal-1 - -[Content] -ExtraTrees= - %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw - %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity - %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig - %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw - %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity - %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig - %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template - %O/exitrd:/exitrd diff --git a/mkosi.images/system/mkosi.extra/.autorelabel b/mkosi.images/system/mkosi.extra/.autorelabel deleted file mode 100644 index bd4fba4..0000000 --- a/mkosi.images/system/mkosi.extra/.autorelabel +++ /dev/null @@ -1 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later diff --git a/mkosi.images/system/leak-sanitizer-suppressions b/mkosi.leak-sanitizer-suppressions index 639abb8..639abb8 100644 --- a/mkosi.images/system/leak-sanitizer-suppressions +++ b/mkosi.leak-sanitizer-suppressions diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.postinst.chroot index 4686802..7f2666e 100755 --- a/mkosi.images/system/mkosi.postinst.chroot +++ b/mkosi.postinst.chroot @@ -32,7 +32,7 @@ done # We want /var/log/journal to be created on first boot so it can be created with the right chattr settings by # systemd-journald. -rm -r "$BUILDROOT/var/log/journal" +rm -rf "$BUILDROOT/var/log/journal" rm -f /etc/nsswitch.conf cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf diff --git a/mkosi.images/system/mkosi.repart/00-esp.conf b/mkosi.repart/00-esp.conf index 391543d..391543d 100644 --- a/mkosi.images/system/mkosi.repart/00-esp.conf +++ b/mkosi.repart/00-esp.conf diff --git a/mkosi.images/system/mkosi.repart/10-root.conf b/mkosi.repart/10-root.conf index 3c25dbf..c774086 100644 --- a/mkosi.images/system/mkosi.repart/10-root.conf +++ b/mkosi.repart/10-root.conf @@ -2,7 +2,6 @@ [Partition] Type=root -Format=btrfs CopyFiles=/ SizeMinBytes=8G SizeMaxBytes=8G diff --git a/mkosi.conf.d/10-extra-search-paths.conf b/mkosi.sanitizers/mkosi.conf index bd3cdb1..844541c 100644 --- a/mkosi.conf.d/10-extra-search-paths.conf +++ b/mkosi.sanitizers/mkosi.conf @@ -1,7 +1,5 @@ # SPDX-License-Identifier: LGPL-2.1-or-later [Match] -PathExists=build/ - -[Host] -ExtraSearchPaths=build/ +Environment=SANITIZERS +Environment=!SANITIZERS= diff --git a/mkosi.sanitizers/mkosi.conf.d/arch.conf b/mkosi.sanitizers/mkosi.conf.d/arch.conf new file mode 100644 index 0000000..195556a --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/arch.conf @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Distribution=arch +Environment=LLVM=1 + +[Content] +Packages= + compiler-rt diff --git a/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf b/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf new file mode 100644 index 0000000..cfeef85 --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/debian-ubuntu.conf @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed. + +[Match] +Distribution=|debian +Distribution=|ubuntu +Environment=LLVM=1 + +[Content] +Packages= + libclang-rt-dev diff --git a/mkosi.sanitizers/mkosi.conf.d/opensuse.conf b/mkosi.sanitizers/mkosi.conf.d/opensuse.conf new file mode 100644 index 0000000..28357df --- /dev/null +++ b/mkosi.sanitizers/mkosi.conf.d/opensuse.conf @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed. + +[Match] +Distribution=opensuse +Environment=LLVM=1 + +[Content] +Packages= + clang diff --git a/mkosi.images/system/mkosi.sanitizers.chroot b/mkosi.sanitizers/mkosi.postinst index 524e3da..e0ad422 100755 --- a/mkosi.images/system/mkosi.sanitizers.chroot +++ b/mkosi.sanitizers/mkosi.postinst @@ -3,31 +3,35 @@ set -e set -o nounset -if [[ -z "${SANITIZERS:-}" ]]; then +LIBSYSTEMD="$(mkosi-chroot ldconfig -p | grep libsystemd.so.0 | sed 's/[^/]*\//\//')" + +if [[ ! -f "$BUILDROOT/$LIBSYSTEMD" ]]; then exit 0 fi # Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose # all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer # failures end up in the journal. -mkdir -p /etc/systemd/system/systemd-journald.service.d -cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF +if [[ -f "$BUILDROOT"/usr/lib/systemd/system/systemd-journald.service ]]; then + mkdir -p "$BUILDROOT"/etc/systemd/system/systemd-journald.service.d + cat >"$BUILDROOT"/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF [Service] StandardOutput=kmsg EOF +fi # ASAN and syscall filters aren't compatible with each other. -find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + +find "$BUILDROOT"/usr "$BUILDROOT"/etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} + # 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default. -systemctl mask systemd-hwdb-update.service +systemctl --root="$BUILDROOT" mask systemd-hwdb-update.service -ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" +ASAN_RT_PATH="$(grep libasan.so < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" if [[ -z "$ASAN_RT_PATH" ]]; then - ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)" + ASAN_RT_PATH="$(grep libclang_rt.asan < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)" # As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly. - if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then + if mkosi-chroot ldd "$LIBSYSTEMD" | grep -q "libclang_rt.asan.*not found"; then echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path" exit 1 fi @@ -94,7 +98,7 @@ wrap=( ) for bin in "${wrap[@]}"; do - if ! command -v "$bin" >/dev/null; then + if ! mkosi-chroot command -v "$bin" >/dev/null; then continue fi @@ -104,11 +108,11 @@ for bin in "${wrap[@]}"; do enable_lsan=0 fi - target="$(command -v "$bin")" + target="$(mkosi-chroot command -v "$bin")" - mv "$target" "$target.orig" + mv "$BUILDROOT/$target" "$BUILDROOT/$target.orig" - cat >"$target" <<EOF + cat >"$BUILDROOT/$target" <<EOF #!/bin/bash # Preload the ASan runtime DSO, otherwise ASAn will complain export LD_PRELOAD="$ASAN_RT_PATH" @@ -118,10 +122,10 @@ export ASAN_OPTIONS=detect_leaks=$enable_lsan # Set argv[0] to the original binary name without the ".orig" suffix exec -a "\$0" -- "${target}.orig" "\$@" EOF - chmod +x "$target" + chmod +x "$BUILDROOT/$target" done -cat >/usr/lib/systemd/systemd-asan-env <<EOF +cat >"$BUILDROOT"/usr/lib/systemd/systemd-asan-env <<EOF LD_PRELOAD=$ASAN_RT_PATH LSAN_OPTIONS=detect_leaks=0 EOF diff --git a/pkg/ubuntu b/pkg/ubuntu deleted file mode 120000 index b2f7fd3..0000000 --- a/pkg/ubuntu +++ /dev/null @@ -1 +0,0 @@ -debian
\ No newline at end of file @@ -6,7 +6,7 @@ # Julien Humbert <julroy67@gmail.com>, 2020, 2021. # Arnaud T. <listes.00@gmail.com>, 2021. # blutch112 <vincent.lefebvre59@gmail.com>, 2022. -# Pierre GRASSER <pierre.grasser@proton.me>, 2023, 2024. +# Léane GRASSER <leane.grasser@proton.me>, 2023, 2024. msgid "" msgstr "" "Report-Msgid-Bugs-To: \n" diff --git a/rules.d/70-uaccess.rules.in b/rules.d/70-uaccess.rules.in index b82ce04..796e384 100644 --- a/rules.d/70-uaccess.rules.in +++ b/rules.d/70-uaccess.rules.in @@ -97,4 +97,8 @@ SUBSYSTEM=="hidraw", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" # This also allows accessing HID devices with the libusb backend of hidapi. SUBSYSTEM=="usb", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess" +# Hardware wallets +SUBSYSTEM=="usb", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" +SUBSYSTEM=="hidraw", ENV{ID_HARDWARE_WALLET}=="1", TAG+="uaccess" + LABEL="uaccess_end" diff --git a/shell-completion/zsh/_networkctl b/shell-completion/zsh/_networkctl index 6969797..ad5b91f 100644 --- a/shell-completion/zsh/_networkctl +++ b/shell-completion/zsh/_networkctl @@ -29,7 +29,7 @@ (list|status|up|down|cat|edit|lldp|delete|renew|forcerenew|reconfigure) for link in ${(f)"$(_call_program links networkctl list --no-legend)"}; do _links+=($link[(w)2]:$link); done if [[ -n "$_links" ]]; then - _describe -t links 'links' _links _links $( [[ $cmd == (edit|cat) ]] && print -- -P@ ) + _describe -t links 'links' _links $( [[ $cmd == (edit|cat) ]] && print -- -P@ ) else _message "no links" fi diff --git a/shell-completion/zsh/_varlinkctl b/shell-completion/zsh/_varlinkctl new file mode 100644 index 0000000..720700d --- /dev/null +++ b/shell-completion/zsh/_varlinkctl @@ -0,0 +1,52 @@ +#compdef varlinkctl +# SPDX-License-Identifier: LGPL-2.1-or-later + +local -a reply line + +_varlinkctl_interfaces() { + local expl + _wanted varlink-interfaces expl interface compadd "$@" -- \ + "${(@f)$(_call_program varlink-interfaces varlinkctl list-interfaces $line[2])}" +} + +_varlinkctl_methods() { + local expl + _wanted varlink-interfaces expl method compadd "$@" -- \ + "${(@f)$(_call_program varlink-methods varlinkctl list-methods $line[2])}" +} + +local -a varlink_addr=( + /$'[^\0]#\0'/ ':varlink-address:varlink address:_files -g "*(=)"' +) +local -a varlink_interface=( + $varlink_addr + /$'[^\0]#\0'/ ':varlink-interface:varlink interface:_varlinkctl_interfaces' +) +local -a varlink_method=( + $varlink_addr + /$'[^\0]#\0'/ ':varlink-method:varlink method:_varlinkctl_methods' +) +local -a varlink_call=($varlink_method /$'[^\0]#\0'/ ':argument:argument:()') +local -a varlink_idl=(/$'[^\0]#\0'/ ':varlink-idl-file:idl file:_files') + +_regex_words varlink-commands 'varlink command' \ + 'info:show service information:$varlink_addr' \ + 'list-interfaces:List interfaces implemented by a service:$varlink_addr' \ + 'list-methods:List methods implemented by an interface:$varlink_interface' \ + 'introspect:show an interface definition:$varlink_interface' \ + 'call:invoke a method:$varlink_call' \ + 'validate-idl:validate an interface description:$varlink_idl' \ + 'help:show a help message' + +local -a varlinkcmd=( /$'[^\0]#\0'/ "$reply[@]" ) +_regex_arguments _varlinkctl_command "$varlinkcmd[@]" + +local -a opts=( + {-h,--help}'[Show a help message and exit]' + '--version[Show package version and exit]' + '--no-pager[Do not pipe output to a pager]' + '--more[Request multiple responses]' + '--collect[Collect multiple responses in a JSON array]' + {-j+,--json=}'[Output as json]:json-mode:(pretty short)' +) +_arguments -S $opts '*:: := _varlinkctl_command' diff --git a/shell-completion/zsh/meson.build b/shell-completion/zsh/meson.build index acbf34e..ea540c7 100644 --- a/shell-completion/zsh/meson.build +++ b/shell-completion/zsh/meson.build @@ -23,6 +23,7 @@ items = [['_busctl', ''], ['_systemd-run', ''], ['_run0', ''], ['_udevadm', ''], + ['_varlinkctl', ''], ['_kernel-install', 'ENABLE_KERNEL_INSTALL'], ['_sd_hosts_or_user_at_host', ''], ['_sd_outputmodes', ''], diff --git a/src/basic/meson.build b/src/basic/meson.build index 9a21457..b538775 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build @@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] -libbasic = static_library( +libbasic_static = static_library( 'basic', basic_sources, fundamental_sources, diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c index dda5920..3a1b7b2 100644 --- a/src/basic/terminal-util.c +++ b/src/basic/terminal-util.c @@ -584,8 +584,9 @@ int vt_disallocate(const char *name) { (void) loop_write(fd2, "\033[r" /* clear scrolling region */ "\033[H" /* move home */ - "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */ - 10); + "\033[3J" /* clear screen including scrollback, requires Linux 2.6.40 */ + "\033c", /* reset to initial state */ + SIZE_MAX); return 0; } @@ -1558,7 +1559,6 @@ int terminal_reset_ansi_seq(int fd) { return log_debug_errno(r, "Failed to set terminal to non-blocking mode: %m"); k = loop_write_full(fd, - "\033c" /* reset to initial state */ "\033[!p" /* soft terminal reset */ "\033]104\007" /* reset colors */ "\033[?7h", /* enable line-wrapping */ diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index 8287c21..e1f0817 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -1337,7 +1337,7 @@ static void boot_entry_parse_tries( return; /* Boot counter in the middle of the name? */ - if (!streq16(counter, suffix)) + if (!strcaseeq16(counter, suffix)) return; entry->tries_left = tries_left; diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 34fd2a2..76d7629 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -102,8 +102,9 @@ bool unit_has_startup_cgroup_constraints(Unit *u) { c->startup_memory_low_set; } -bool unit_has_host_root_cgroup(Unit *u) { +bool unit_has_host_root_cgroup(const Unit *u) { assert(u); + assert(u->manager); /* Returns whether this unit manages the root cgroup. This will return true if this unit is the root slice and * the manager manages the root cgroup. */ @@ -2685,7 +2686,7 @@ int unit_set_cgroup_path(Unit *u, const char *path) { if (crt && streq_ptr(crt->cgroup_path, path)) return 0; - unit_release_cgroup(u); + unit_release_cgroup(u, /* drop_cgroup_runtime = */ true); crt = unit_setup_cgroup_runtime(u); if (!crt) @@ -3483,7 +3484,7 @@ int unit_realize_cgroup(Unit *u) { return unit_realize_cgroup_now(u, manager_state(u->manager)); } -void unit_release_cgroup(Unit *u) { +void unit_release_cgroup(Unit *u, bool drop_cgroup_runtime) { assert(u); /* Forgets all cgroup details for this cgroup — but does *not* destroy the cgroup. This is hence OK to call @@ -3514,7 +3515,8 @@ void unit_release_cgroup(Unit *u) { crt->cgroup_memory_inotify_wd = -1; } - *(CGroupRuntime**) ((uint8_t*) u + UNIT_VTABLE(u)->cgroup_runtime_offset) = cgroup_runtime_free(crt); + if (drop_cgroup_runtime) + *(CGroupRuntime**) ((uint8_t*) u + UNIT_VTABLE(u)->cgroup_runtime_offset) = cgroup_runtime_free(crt); } int unit_cgroup_is_empty(Unit *u) { @@ -3535,22 +3537,24 @@ int unit_cgroup_is_empty(Unit *u) { return r; } -bool unit_maybe_release_cgroup(Unit *u) { +static bool unit_maybe_release_cgroup(Unit *u) { int r; - assert(u); + /* Releases the cgroup only if it is recursively empty. + * Returns true if the cgroup was released, false otherwise. */ - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return true; + assert(u); /* Don't release the cgroup if there are still processes under it. If we get notified later when all * the processes exit (e.g. the processes were in D-state and exited after the unit was marked as * failed) we need the cgroup paths to continue to be tracked by the manager so they can be looked up * and cleaned up later. */ r = unit_cgroup_is_empty(u); - if (r == 1) { - unit_release_cgroup(u); + if (r > 0) { + /* Do not free CGroupRuntime when called from unit_prune_cgroup. Various accounting data + * we should keep, especially CPU usage and *_peak ones which would be shown even after + * the unit stops. */ + unit_release_cgroup(u, /* drop_cgroup_runtime = */ false); return true; } @@ -3558,8 +3562,8 @@ bool unit_maybe_release_cgroup(Unit *u) { } void unit_prune_cgroup(Unit *u) { - int r; bool is_root_slice; + int r; assert(u); @@ -3597,9 +3601,8 @@ void unit_prune_cgroup(Unit *u) { if (!unit_maybe_release_cgroup(u)) /* Returns true if the cgroup was released */ return; - crt = unit_get_cgroup_runtime(u); /* The above might have destroyed the runtime object, let's see if it's still there */ - if (!crt) - return; + assert(crt == unit_get_cgroup_runtime(u)); + assert(!crt->cgroup_path); crt->cgroup_realized = false; crt->cgroup_realized_mask = 0; @@ -4526,6 +4529,10 @@ int unit_get_memory_accounting(Unit *u, CGroupMemoryAccountingMetric metric, uin if (!UNIT_CGROUP_BOOL(u, memory_accounting)) return -ENODATA; + /* The root cgroup doesn't expose this information. */ + if (unit_has_host_root_cgroup(u)) + return -ENODATA; + CGroupRuntime *crt = unit_get_cgroup_runtime(u); if (!crt) return -ENODATA; @@ -4533,10 +4540,6 @@ int unit_get_memory_accounting(Unit *u, CGroupMemoryAccountingMetric metric, uin /* If the cgroup is already gone, we try to find the last cached value. */ goto finish; - /* The root cgroup doesn't expose this information. */ - if (unit_has_host_root_cgroup(u)) - return -ENODATA; - if (!FLAGS_SET(crt->cgroup_realized_mask, CGROUP_MASK_MEMORY)) return -ENODATA; @@ -4592,15 +4595,14 @@ int unit_get_tasks_current(Unit *u, uint64_t *ret) { return cg_get_attribute_as_uint64("pids", crt->cgroup_path, "pids.current", ret); } -static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) { - uint64_t ns; +static int unit_get_cpu_usage_raw(const Unit *u, const CGroupRuntime *crt, nsec_t *ret) { int r; assert(u); + assert(crt); assert(ret); - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt->cgroup_path) return -ENODATA; /* The root cgroup doesn't expose this information, let's get it from /proc instead */ @@ -4614,25 +4616,24 @@ static int unit_get_cpu_usage_raw(Unit *u, nsec_t *ret) { r = cg_all_unified(); if (r < 0) return r; - if (r > 0) { - _cleanup_free_ char *val = NULL; - uint64_t us; + if (r == 0) + return cg_get_attribute_as_uint64("cpuacct", crt->cgroup_path, "cpuacct.usage", ret); - r = cg_get_keyed_attribute("cpu", crt->cgroup_path, "cpu.stat", STRV_MAKE("usage_usec"), &val); - if (IN_SET(r, -ENOENT, -ENXIO)) - return -ENODATA; - if (r < 0) - return r; + _cleanup_free_ char *val = NULL; + uint64_t us; - r = safe_atou64(val, &us); - if (r < 0) - return r; + r = cg_get_keyed_attribute("cpu", crt->cgroup_path, "cpu.stat", STRV_MAKE("usage_usec"), &val); + if (IN_SET(r, -ENOENT, -ENXIO)) + return -ENODATA; + if (r < 0) + return r; - ns = us * NSEC_PER_USEC; - } else - return cg_get_attribute_as_uint64("cpuacct", crt->cgroup_path, "cpuacct.usage", ret); + r = safe_atou64(val, &us); + if (r < 0) + return r; + + *ret = us * NSEC_PER_USEC; - *ret = ns; return 0; } @@ -4646,14 +4647,14 @@ int unit_get_cpu_usage(Unit *u, nsec_t *ret) { * started. If the cgroup has been removed already, returns the last cached value. To cache the value, simply * call this function with a NULL return value. */ - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!UNIT_CGROUP_BOOL(u, cpu_accounting)) return -ENODATA; - if (!UNIT_CGROUP_BOOL(u, cpu_accounting)) + CGroupRuntime *crt = unit_get_cgroup_runtime(u); + if (!crt) return -ENODATA; - r = unit_get_cpu_usage_raw(u, &ns); + r = unit_get_cpu_usage_raw(u, crt, &ns); if (r == -ENODATA && crt->cpu_usage_last != NSEC_INFINITY) { /* If we can't get the CPU usage anymore (because the cgroup was already removed, for example), use our * cached value. */ @@ -4694,7 +4695,7 @@ int unit_get_ip_accounting( return -ENODATA; CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return -ENODATA; fd = IN_SET(metric, CGROUP_IP_INGRESS_BYTES, CGROUP_IP_INGRESS_PACKETS) ? @@ -4770,22 +4771,27 @@ int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret) { return 0; } -static int unit_get_io_accounting_raw(Unit *u, uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) { - static const char *const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = { +static int unit_get_io_accounting_raw( + const Unit *u, + const CGroupRuntime *crt, + uint64_t ret[static _CGROUP_IO_ACCOUNTING_METRIC_MAX]) { + + static const char* const field_names[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = { [CGROUP_IO_READ_BYTES] = "rbytes=", [CGROUP_IO_WRITE_BYTES] = "wbytes=", [CGROUP_IO_READ_OPERATIONS] = "rios=", [CGROUP_IO_WRITE_OPERATIONS] = "wios=", }; + uint64_t acc[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {}; _cleanup_free_ char *path = NULL; _cleanup_fclose_ FILE *f = NULL; int r; assert(u); + assert(crt); - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt->cgroup_path) return -ENODATA; if (unit_has_host_root_cgroup(u)) @@ -4869,13 +4875,13 @@ int unit_get_io_accounting( return -ENODATA; CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return -ENODATA; if (allow_cache && crt->io_accounting_last[metric] != UINT64_MAX) goto done; - r = unit_get_io_accounting_raw(u, raw); + r = unit_get_io_accounting_raw(u, crt, raw); if (r == -ENODATA && crt->io_accounting_last[metric] != UINT64_MAX) goto done; if (r < 0) @@ -4896,45 +4902,52 @@ done: return 0; } -int unit_reset_cpu_accounting(Unit *u) { +static int unit_reset_cpu_accounting(Unit *unit, CGroupRuntime *crt) { int r; - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return 0; + assert(crt); + crt->cpu_usage_base = 0; crt->cpu_usage_last = NSEC_INFINITY; - r = unit_get_cpu_usage_raw(u, &crt->cpu_usage_base); - if (r < 0) { - crt->cpu_usage_base = 0; - return r; + if (unit) { + r = unit_get_cpu_usage_raw(unit, crt, &crt->cpu_usage_base); + if (r < 0 && r != -ENODATA) + return r; } return 0; } -void unit_reset_memory_accounting_last(Unit *u) { - assert(u); +static int unit_reset_io_accounting(Unit *unit, CGroupRuntime *crt) { + int r; - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return; + assert(crt); + + zero(crt->io_accounting_base); + FOREACH_ELEMENT(i, crt->io_accounting_last) + *i = UINT64_MAX; + + if (unit) { + r = unit_get_io_accounting_raw(unit, crt, crt->io_accounting_base); + if (r < 0 && r != -ENODATA) + return r; + } + + return 0; +} + +static void cgroup_runtime_reset_memory_accounting_last(CGroupRuntime *crt) { + assert(crt); FOREACH_ELEMENT(i, crt->memory_accounting_last) *i = UINT64_MAX; } -int unit_reset_ip_accounting(Unit *u) { +static int cgroup_runtime_reset_ip_accounting(CGroupRuntime *crt) { int r = 0; - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return 0; + assert(crt); if (crt->ip_accounting_ingress_map_fd >= 0) RET_GATHER(r, bpf_firewall_reset_accounting(crt->ip_accounting_ingress_map_fd)); @@ -4947,46 +4960,19 @@ int unit_reset_ip_accounting(Unit *u) { return r; } -void unit_reset_io_accounting_last(Unit *u) { - assert(u); - - CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) - return; - - FOREACH_ARRAY(i, crt->io_accounting_last, _CGROUP_IO_ACCOUNTING_METRIC_MAX) - *i = UINT64_MAX; -} - -int unit_reset_io_accounting(Unit *u) { - int r; +int unit_reset_accounting(Unit *u) { + int r = 0; assert(u); CGroupRuntime *crt = unit_get_cgroup_runtime(u); - if (!crt || !crt->cgroup_path) + if (!crt) return 0; - unit_reset_io_accounting_last(u); - - r = unit_get_io_accounting_raw(u, crt->io_accounting_base); - if (r < 0) { - zero(crt->io_accounting_base); - return r; - } - - return 0; -} - -int unit_reset_accounting(Unit *u) { - int r = 0; - - assert(u); - - RET_GATHER(r, unit_reset_cpu_accounting(u)); - RET_GATHER(r, unit_reset_io_accounting(u)); - RET_GATHER(r, unit_reset_ip_accounting(u)); - unit_reset_memory_accounting_last(u); + cgroup_runtime_reset_memory_accounting_last(crt); + RET_GATHER(r, unit_reset_cpu_accounting(u, crt)); + RET_GATHER(r, unit_reset_io_accounting(u, crt)); + RET_GATHER(r, cgroup_runtime_reset_ip_accounting(crt)); return r; } @@ -5210,7 +5196,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { return parse_cpu_set_full(v, cpus, false, NULL, NULL, 0, NULL); } -CGroupRuntime *cgroup_runtime_new(void) { +CGroupRuntime* cgroup_runtime_new(void) { _cleanup_(cgroup_runtime_freep) CGroupRuntime *crt = NULL; crt = new(CGroupRuntime, 1); @@ -5218,8 +5204,6 @@ CGroupRuntime *cgroup_runtime_new(void) { return NULL; *crt = (CGroupRuntime) { - .cpu_usage_last = NSEC_INFINITY, - .cgroup_control_inotify_wd = -1, .cgroup_memory_inotify_wd = -1, @@ -5234,19 +5218,15 @@ CGroupRuntime *cgroup_runtime_new(void) { .cgroup_invalidated_mask = _CGROUP_MASK_ALL, }; - FOREACH_ELEMENT(i, crt->memory_accounting_last) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->io_accounting_base) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->io_accounting_last) - *i = UINT64_MAX; - FOREACH_ELEMENT(i, crt->ip_accounting_extra) - *i = UINT64_MAX; + unit_reset_cpu_accounting(/* unit = */ NULL, crt); + unit_reset_io_accounting(/* unit = */ NULL, crt); + cgroup_runtime_reset_memory_accounting_last(crt); + assert_se(cgroup_runtime_reset_ip_accounting(crt) >= 0); return TAKE_PTR(crt); } -CGroupRuntime *cgroup_runtime_free(CGroupRuntime *crt) { +CGroupRuntime* cgroup_runtime_free(CGroupRuntime *crt) { if (!crt) return NULL; diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 72fe275..5170c7b 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -449,10 +449,7 @@ int unit_watch_cgroup_memory(Unit *u); void unit_add_to_cgroup_realize_queue(Unit *u); int unit_cgroup_is_empty(Unit *u); -void unit_release_cgroup(Unit *u); -/* Releases the cgroup only if it is recursively empty. - * Returns true if the cgroup was released, false otherwise. */ -bool unit_maybe_release_cgroup(Unit *u); +void unit_release_cgroup(Unit *u, bool drop_cgroup_runtime); void unit_add_to_cgroup_empty_queue(Unit *u); int unit_check_oomd_kill(Unit *u); @@ -489,11 +486,6 @@ int unit_get_io_accounting(Unit *u, CGroupIOAccountingMetric metric, bool allow_ int unit_get_ip_accounting(Unit *u, CGroupIPAccountingMetric metric, uint64_t *ret); int unit_get_effective_limit(Unit *u, CGroupLimitType type, uint64_t *ret); -int unit_reset_cpu_accounting(Unit *u); -void unit_reset_memory_accounting_last(Unit *u); -int unit_reset_ip_accounting(Unit *u); -void unit_reset_io_accounting_last(Unit *u); -int unit_reset_io_accounting(Unit *u); int unit_reset_accounting(Unit *u); #define UNIT_CGROUP_BOOL(u, name) \ @@ -503,7 +495,7 @@ int unit_reset_accounting(Unit *u); }) bool manager_owns_host_root_cgroup(Manager *m); -bool unit_has_host_root_cgroup(Unit *u); +bool unit_has_host_root_cgroup(const Unit *u); bool unit_has_startup_cgroup_constraints(Unit *u); @@ -527,8 +519,8 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action); const char* freezer_action_to_string(FreezerAction a) _const_; FreezerAction freezer_action_from_string(const char *s) _pure_; -CGroupRuntime *cgroup_runtime_new(void); -CGroupRuntime *cgroup_runtime_free(CGroupRuntime *crt); +CGroupRuntime* cgroup_runtime_new(void); +CGroupRuntime* cgroup_runtime_free(CGroupRuntime *crt); DEFINE_TRIVIAL_CLEANUP_FUNC(CGroupRuntime*, cgroup_runtime_free); int cgroup_runtime_serialize(Unit *u, FILE *f, FDSet *fds); diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c index 3e6168d..8005f6d 100644 --- a/src/core/core-varlink.c +++ b/src/core/core-varlink.c @@ -5,6 +5,7 @@ #include "strv.h" #include "user-util.h" #include "varlink.h" +#include "varlink-internal.h" #include "varlink-io.systemd.UserDatabase.h" #include "varlink-io.systemd.ManagedOOM.h" @@ -500,12 +501,17 @@ static void vl_disconnect(VarlinkServer *s, Varlink *link, void *userdata) { m->managed_oom_varlink = varlink_unref(link); } -static int manager_setup_varlink_server(Manager *m, VarlinkServer **ret) { +int manager_setup_varlink_server(Manager *m) { _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; int r; assert(m); - assert(ret); + + if (m->varlink_server) + return 0; + + if (!MANAGER_IS_SYSTEM(m)) + return -EINVAL; r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); if (r < 0) @@ -533,51 +539,51 @@ static int manager_setup_varlink_server(Manager *m, VarlinkServer **ret) { if (r < 0) return log_debug_errno(r, "Failed to register varlink disconnect handler: %m"); - *ret = TAKE_PTR(s); - return 0; + r = varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC); + if (r < 0) + return log_debug_errno(r, "Failed to attach varlink connection to event loop: %m"); + + m->varlink_server = TAKE_PTR(s); + return 1; } static int manager_varlink_init_system(Manager *m) { - _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; int r; assert(m); - if (m->varlink_server) - return 1; - if (!MANAGER_IS_SYSTEM(m)) return 0; - r = manager_setup_varlink_server(m, &s); + r = manager_setup_varlink_server(m); if (r < 0) return log_error_errno(r, "Failed to set up varlink server: %m"); + bool fresh = r > 0; if (!MANAGER_IS_TEST_RUN(m)) { (void) mkdir_p_label("/run/systemd/userdb", 0755); FOREACH_STRING(address, "/run/systemd/userdb/io.systemd.DynamicUser", VARLINK_ADDR_PATH_MANAGED_OOM_SYSTEM) { - if (MANAGER_IS_RELOADING(m)) { - /* If manager is reloading, we skip listening on existing addresses, since - * the fd should be acquired later through deserialization. */ - if (access(address, F_OK) >= 0) + if (!fresh) { + /* We might have got sockets through deserialization. Do not bind to them twice. */ + + bool found = false; + LIST_FOREACH(sockets, ss, m->varlink_server->sockets) + if (path_equal(ss->address, address)) { + found = true; + break; + } + + if (found) continue; - if (errno != ENOENT) - return log_error_errno(errno, - "Failed to check if varlink socket '%s' exists: %m", address); } - r = varlink_server_listen_address(s, address, 0666); + r = varlink_server_listen_address(m->varlink_server, address, 0666); if (r < 0) return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address); } } - r = varlink_server_attach_event(s, m->event, EVENT_PRIORITY_IPC); - if (r < 0) - return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); - - m->varlink_server = TAKE_PTR(s); return 1; } diff --git a/src/core/core-varlink.h b/src/core/core-varlink.h index 20507a4..4b77620 100644 --- a/src/core/core-varlink.h +++ b/src/core/core-varlink.h @@ -3,6 +3,8 @@ #include "manager.h" +int manager_setup_varlink_server(Manager *m); + int manager_varlink_init(Manager *m); void manager_varlink_done(Manager *m); diff --git a/src/core/import-creds.c b/src/core/import-creds.c index f27ffed..e6cf40d 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -595,9 +595,11 @@ static int import_credentials_smbios(ImportCredentialContext *c) { return log_oom(); r = read_virtual_file(p, sizeof(dmi_field_header) + CREDENTIALS_TOTAL_SIZE_MAX, (char**) &data, &size); + if (r == -ENOENT) /* Once we reach ENOENT there are no more DMI Type 11 fields around. */ + break; if (r < 0) { /* Once we reach ENOENT there are no more DMI Type 11 fields around. */ - log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "Failed to open '%s', ignoring: %m", p); + log_warning_errno(r, "Failed to open '%s', ignoring: %m", p); break; } diff --git a/src/core/manager-serialize.c b/src/core/manager-serialize.c index b4af82b..1d2959a 100644 --- a/src/core/manager-serialize.c +++ b/src/core/manager-serialize.c @@ -506,7 +506,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { return r; } else if ((val = startswith(l, "varlink-server-socket-address="))) { if (!m->varlink_server && MANAGER_IS_SYSTEM(m)) { - r = manager_varlink_init(m); + r = manager_setup_varlink_server(m); if (r < 0) { log_warning_errno(r, "Failed to setup varlink server, ignoring: %m"); continue; diff --git a/src/core/meson.build b/src/core/meson.build index 7a2012a..dbeb752 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) -libcore = shared_library( +libcore_static = static_library( libcore_name, libcore_sources, load_fragment_gperf_c, load_fragment_gperf_nulstr_c, include_directories : includes, c_args : ['-fvisibility=default'], - link_args : ['-shared', - '-Wl,--version-script=' + libshared_sym_path], - link_depends : libshared_sym_path, - link_with : libshared, dependencies : [libacl, libapparmor, libaudit, @@ -135,6 +131,16 @@ libcore = shared_library( libselinux, threads, userspace], + build_by_default : false) + +libcore = shared_library( + libcore_name, + c_args : ['-fvisibility=default'], + link_args : ['-shared', + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole: libcore_static, + link_with : libshared, install : true, install_dir : pkglibdir) @@ -150,6 +156,17 @@ systemd_executor_sources = files( 'exec-invoke.c', ) +executor_libs = get_option('link-executor-shared') ? \ + [ + libcore, + libshared, + ] : [ + libcore_static, + libshared_static, + libbasic_static, + libsystemd_static, + ] + executables += [ libexec_template + { 'name' : 'systemd', @@ -167,10 +184,7 @@ executables += [ 'public' : true, 'sources' : systemd_executor_sources, 'include_directories' : core_includes, - 'link_with' : [ - libcore, - libshared, - ], + 'link_with' : executor_libs, 'dependencies' : [ libapparmor, libpam, diff --git a/src/core/path.c b/src/core/path.c index fdb6ca4..50f6db1 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -81,7 +81,7 @@ int path_spec_watch(PathSpec *s, sd_event_io_handler_t handler) { tmp = *cut; *cut = '\0'; - flags = IN_MOVE_SELF | IN_DELETE_SELF | IN_ATTRIB | IN_CREATE | IN_MOVED_TO; + flags = IN_MOVE_SELF | IN_DELETE_SELF | IN_CREATE | IN_MOVED_TO; } else { cut = NULL; flags = flags_table[s->type]; diff --git a/src/core/unit.c b/src/core/unit.c index 852926b..01c9983 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -129,9 +129,6 @@ Unit* unit_new(Manager *m, size_t size) { .burst = 16 }; - unit_reset_memory_accounting_last(u); - unit_reset_io_accounting_last(u); - return u; } @@ -484,8 +481,8 @@ bool unit_may_gc(Unit *u) { /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay * around. Units with active processes should never be collected. */ r = unit_cgroup_is_empty(u); - if (r <= 0 && r != -ENXIO) - return false; /* ENXIO means: currently not realized */ + if (r <= 0 && !IN_SET(r, -ENXIO, -EOWNERDEAD)) + return false; /* ENXIO/EOWNERDEAD means: currently not realized */ if (!UNIT_VTABLE(u)->may_gc) return true; @@ -790,7 +787,7 @@ Unit* unit_free(Unit *u) { if (u->on_console) manager_unref_console(u->manager); - unit_release_cgroup(u); + unit_release_cgroup(u, /* drop_cgroup_runtime = */ true); if (!MANAGER_IS_RELOADING(u->manager)) unit_unlink_state_files(u); @@ -3816,8 +3813,6 @@ static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_maske } bool unit_need_daemon_reload(Unit *u) { - _cleanup_strv_free_ char **dropins = NULL; - assert(u); assert(u->manager); @@ -3833,16 +3828,20 @@ bool unit_need_daemon_reload(Unit *u) { if (fragment_mtime_newer(u->source_path, u->source_mtime, false)) return true; - if (u->load_state == UNIT_LOADED) + if (u->load_state == UNIT_LOADED) { + _cleanup_strv_free_ char **dropins = NULL; + (void) unit_find_dropin_paths(u, &dropins); - if (!strv_equal(u->dropin_paths, dropins)) - return true; - /* … any drop-ins that are masked are simply omitted from the list. */ - STRV_FOREACH(path, u->dropin_paths) - if (fragment_mtime_newer(*path, u->dropin_mtime, false)) + if (!strv_equal(u->dropin_paths, dropins)) return true; + /* … any drop-ins that are masked are simply omitted from the list. */ + STRV_FOREACH(path, u->dropin_paths) + if (fragment_mtime_newer(*path, u->dropin_mtime, false)) + return true; + } + return false; } diff --git a/src/id128/id128.c b/src/id128/id128.c index fa86cf6..875d22d 100644 --- a/src/id128/id128.c +++ b/src/id128/id128.c @@ -16,7 +16,7 @@ #include "verbs.h" static Id128PrettyPrintMode arg_mode = ID128_PRINT_ID128; -static sd_id128_t arg_app = {}; +static sd_id128_t arg_app = SD_ID128_NULL; static bool arg_value = false; static PagerFlags arg_pager_flags = 0; static bool arg_legend = true; @@ -72,15 +72,12 @@ static int verb_invocation_id(int argc, char **argv, void *userdata) { } static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first) { - sd_id128_t u; int r; assert(table); - if (sd_id128_is_null(arg_app)) - u = uuid; - else - assert_se(sd_id128_get_app_specific(uuid, arg_app, &u) == 0); + if (!name) + name = "XYZ"; if (arg_mode == ID128_PRINT_PRETTY) { _cleanup_free_ char *id = NULL; @@ -91,7 +88,7 @@ static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first ascii_strupper(id); - r = id128_pretty_print_sample(id, u); + r = id128_pretty_print_sample(id, uuid); if (r < 0) return r; if (!first) @@ -100,19 +97,19 @@ static int show_one(Table **table, const char *name, sd_id128_t uuid, bool first } if (arg_value) - return id128_pretty_print(u, arg_mode); + return id128_pretty_print(uuid, arg_mode); if (!*table) { *table = table_new("name", "id"); if (!*table) return log_oom(); + table_set_width(*table, 0); } return table_add_many(*table, TABLE_STRING, name, - arg_mode == ID128_PRINT_ID128 ? TABLE_ID128 : TABLE_UUID, - u); + arg_mode == ID128_PRINT_ID128 ? TABLE_ID128 : TABLE_UUID, uuid); } static int verb_show(int argc, char **argv, void *userdata) { @@ -120,23 +117,26 @@ static int verb_show(int argc, char **argv, void *userdata) { int r; argv = strv_skip(argv, 1); - if (strv_isempty(argv)) + if (strv_isempty(argv)) { + if (!sd_id128_is_null(arg_app)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "'show --app-specific=' can only be used with explicit UUID input."); + for (const GptPartitionType *e = gpt_partition_type_table; e->name; e++) { r = show_one(&table, e->name, e->uuid, e == gpt_partition_type_table); if (r < 0) return r; } - else + } else STRV_FOREACH(p, argv) { sd_id128_t uuid; - bool have_uuid; - const char *id; + const char *id = NULL; /* Check if the argument is an actual UUID first */ - have_uuid = sd_id128_from_string(*p, &uuid) >= 0; + bool is_uuid = sd_id128_from_string(*p, &uuid) >= 0; - if (have_uuid) - id = gpt_partition_type_uuid_to_string(uuid) ?: "XYZ"; + if (is_uuid) + id = gpt_partition_type_uuid_to_string(uuid); else { GptPartitionType type; @@ -148,6 +148,9 @@ static int verb_show(int argc, char **argv, void *userdata) { id = *p; } + if (!sd_id128_is_null(arg_app)) + assert_se(sd_id128_get_app_specific(uuid, arg_app, &uuid) >= 0); + r = show_one(&table, id, uuid, p == argv); if (r < 0) return r; diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in index 766d321..4ef6aca 100755 --- a/src/kernel-install/90-loaderentry.install.in +++ b/src/kernel-install/90-loaderentry.install.in @@ -101,6 +101,11 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$LOADER_ENTRY" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous loader entry '$LOADER_ENTRY' without boot counting." >&2 + rm -f "$LOADER_ENTRY" "${LOADER_ENTRY%.conf}+"*.conf + fi LOADER_ENTRY="${LOADER_ENTRY%.conf}+$TRIES.conf" fi diff --git a/src/kernel-install/90-uki-copy.install b/src/kernel-install/90-uki-copy.install index d443c4b..d6f7134 100755 --- a/src/kernel-install/90-uki-copy.install +++ b/src/kernel-install/90-uki-copy.install @@ -61,6 +61,12 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous UKI '$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi' without boot counting." >&2 + rm -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+"*.efi + fi + UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.efi" else UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build index 6d4337d..2435492 100644 --- a/src/libsystemd/meson.build +++ b/src/libsystemd/meson.build @@ -118,7 +118,7 @@ libsystemd_static = static_library( libsystemd_sources, include_directories : libsystemd_includes, c_args : libsystemd_c_args, - link_with : [libbasic], + link_with : [libbasic_static], dependencies : [threads, librt, userspace], diff --git a/src/libsystemd/sd-device/device-enumerator.c b/src/libsystemd/sd-device/device-enumerator.c index 71ab3d8..00d3328 100644 --- a/src/libsystemd/sd-device/device-enumerator.c +++ b/src/libsystemd/sd-device/device-enumerator.c @@ -701,13 +701,11 @@ static int enumerator_scan_dir_and_add_devices( dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + /* This is necessarily racey, so ignore missing directories */ + if (errno == ENOENT) + return 0; - /* this is necessarily racey, so ignore missing directories */ - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { @@ -767,12 +765,10 @@ static int enumerator_scan_dir( dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { @@ -804,12 +800,10 @@ static int enumerator_scan_devices_tag(sd_device_enumerator *enumerator, const c dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } /* TODO: filter away subsystems? */ @@ -892,12 +886,10 @@ static int parent_crawl_children(sd_device_enumerator *enumerator, const char *p dir = opendir(path); if (!dir) { - bool ignore = errno == ENOENT; + if (errno == ENOENT) + return 0; - log_debug_errno(errno, - "sd-device-enumerator: Failed to open directory %s%s: %m", - path, ignore ? ", ignoring" : ""); - return ignore ? 0 : -errno; + return log_debug_errno(errno, "sd-device-enumerator: Failed to open directory '%s': %m", path); } FOREACH_DIRENT_ALL(de, dir, return -errno) { diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index a657b6e..0521863 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1484,8 +1484,11 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu return -errno; u = hashmap_get(m->users, UID_TO_PTR(uid)); - if (u) + if (u) { + /* Make sure that disabling lingering will terminate the user tracking if no sessions pin it. */ + u->gc_mode = USER_GC_BY_PIN; user_add_to_gc_queue(u); + } } return sd_bus_reply_method_return(message, NULL); diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 8066b3e..276d5b8 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -821,30 +821,30 @@ UserState user_get_state(User *u) { if (!u->started || u->runtime_dir_job) return USER_OPENING; - bool any = false, all_closing = true; + /* USER_GC_BY_PIN: Only pinning sessions count. None -> closing + * USER_GC_BY_ANY: 'manager' sessions also count. However, if lingering is enabled, 'lingering' state + * shall be preferred. 'online' if the manager is manually started by user. */ + + bool has_pinning = false, all_closing = true; LIST_FOREACH(sessions_by_user, i, u->sessions) { - SessionState state; + bool pinned = SESSION_CLASS_PIN_USER(i->class); - /* Ignore sessions that don't pin the user, i.e. are not supposed to have an effect on user state */ - if (!SESSION_CLASS_PIN_USER(i->class)) + if (u->gc_mode == USER_GC_BY_PIN && !pinned) continue; - state = session_get_state(i); - if (state == SESSION_ACTIVE) + has_pinning = has_pinning || pinned; + + SessionState state = session_get_state(i); + if (state == SESSION_ACTIVE && pinned) return USER_ACTIVE; if (state != SESSION_CLOSING) all_closing = false; - - any = true; } - if (any) - return all_closing ? USER_CLOSING : USER_ONLINE; - - if (user_check_linger_file(u) > 0 && user_unit_active(u)) + if (!has_pinning && user_check_linger_file(u) > 0 && user_unit_active(u)) return USER_LINGERING; - return USER_CLOSING; + return all_closing ? USER_CLOSING : USER_ONLINE; } int user_kill(User *u, int signo) { diff --git a/src/partition/meson.build b/src/partition/meson.build index 52e1368..2cfe43e 100644 --- a/src/partition/meson.build +++ b/src/partition/meson.build @@ -32,7 +32,7 @@ executables += [ 'sources' : files('repart.c'), 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_fdisk, libshared_static, libsystemd_static, diff --git a/src/partition/repart.c b/src/partition/repart.c index f87a87e..8a5ce7e 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -1895,6 +1895,34 @@ static int config_parse_encrypted_volume( static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_verity, verity_mode, VerityMode, VERITY_OFF, "Invalid verity mode"); static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_minimize, minimize_mode, MinimizeMode, MINIMIZE_OFF, "Invalid minimize mode"); +static int partition_finalize_fstype(Partition *p, const char *path) { + _cleanup_free_ char *e = NULL, *upper = NULL; + + assert(p); + assert(path); + + if (!gpt_partition_type_has_filesystem(p->type)) + return 0; + + upper = strdup(partition_designator_to_string(p->type.designator)); + if (!upper) + return log_oom(); + + e = strjoin("SYSTEMD_REPART_OVERRIDE_FSTYPE_", string_replace_char(ascii_strupper(upper), '-', '_')); + if (!e) + return log_oom(); + + const char *v = secure_getenv(e); + if (!v || streq(p->format, v)) + return 0; + + log_syntax(NULL, LOG_NOTICE, path, 1, 0, + "Overriding defined file system type '%s' for '%s' partition with '%s'.", + p->format, partition_designator_to_string(p->type.designator), v); + + return free_and_strdup_warn(&p->format, v); +} + static int partition_read_definition(Partition *p, const char *path, const char *const *conf_file_dirs) { ConfigTableItem table[] = { @@ -2084,6 +2112,10 @@ static int partition_read_definition(Partition *p, const char *path, const char } else if (streq(p->split_name_format, "-")) p->split_name_format = mfree(p->split_name_format); + r = partition_finalize_fstype(p, path); + if (r < 0) + return r; + return 1; } diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c index 4bc3ae7..9466866 100644 --- a/src/shared/bootspec.c +++ b/src/shared/bootspec.c @@ -505,6 +505,12 @@ static int boot_entry_compare(const BootEntry *a, const BootEntry *b) { assert(a); assert(b); + /* This mimics a function of the same name in src/boot/efi/sd-boot.c */ + + r = CMP(a->tries_left == 0, b->tries_left == 0); + if (r != 0) + return r; + r = CMP(!a->sort_key, !b->sort_key); if (r != 0) return r; @@ -523,7 +529,18 @@ static int boot_entry_compare(const BootEntry *a, const BootEntry *b) { return r; } - return -strverscmp_improved(a->id, b->id); + r = -strverscmp_improved(a->id, b->id); + if (r != 0) + return r; + + if (a->tries_left != UINT_MAX || b->tries_left != UINT_MAX) + return 0; + + r = -CMP(a->tries_left, b->tries_left); + if (r != 0) + return r; + + return CMP(a->tries_done, b->tries_done); } static int config_check_inode_relevant_and_unseen(BootConfig *config, int fd, const char *fname) { @@ -743,11 +760,11 @@ static int find_sections( r = pe_load_headers(fd, &dos_header, &pe_header); if (r < 0) - return log_warning_errno(r, "Failed to parse PE file '%s': %m", path); + return log_error_errno(r, "Failed to parse PE file '%s': %m", path); r = pe_load_sections(fd, dos_header, pe_header, §ions); if (r < 0) - return log_warning_errno(r, "Failed to parse PE sections of '%s': %m", path); + return log_error_errno(r, "Failed to parse PE sections of '%s': %m", path); if (ret_pe_header) *ret_pe_header = TAKE_PTR(pe_header); @@ -809,7 +826,7 @@ static int find_osrel_section( r = pe_read_section_data(fd, pe_header, sections, ".osrel", PE_SECTION_SIZE_MAX, (void**) ret_osrelease, NULL); if (r < 0) - return log_warning_errno(r, "Failed to read .osrel section of '%s': %m", path); + return log_error_errno(r, "Failed to read .osrel section of '%s': %m", path); return 0; } @@ -829,7 +846,7 @@ static int find_uki_sections( return r; if (!pe_is_uki(pe_header, sections)) - return log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Parsed PE file '%s' is not a UKI.", path); + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Parsed PE file '%s' is not a UKI.", path); r = find_osrel_section(fd, path, sections, pe_header, ret_osrelease); if (r < 0) diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c index 996edbf..6f61eb2 100644 --- a/src/shared/exec-util.c +++ b/src/shared/exec-util.c @@ -609,5 +609,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret va_end(ap); execv(path, l); + log_error_errno(errno, "Failed to execute %s: %m", path); _exit(EXIT_FAILURE); } diff --git a/src/shared/gpt.c b/src/shared/gpt.c index d639463..f3e5247 100644 --- a/src/shared/gpt.c +++ b/src/shared/gpt.c @@ -143,21 +143,30 @@ const GptPartitionType gpt_partition_type_table[] = { _GPT_ARCH_SEXTET(ARM64, "aarch64"), /* Alias: must be listed after arm64 */ _GPT_ARCH_SEXTET(IA64, "ia64"), _GPT_ARCH_SEXTET(LOONGARCH64, "loongarch64"), + _GPT_ARCH_SEXTET(LOONGARCH64, "loong64"), /* Alias: must be listed after loongarch64 */ _GPT_ARCH_SEXTET(MIPS, "mips"), _GPT_ARCH_SEXTET(MIPS64, "mips64"), _GPT_ARCH_SEXTET(MIPS_LE, "mips-le"), + _GPT_ARCH_SEXTET(MIPS_LE, "mipsel"), /* Alias: must be listed after mips-le */ _GPT_ARCH_SEXTET(MIPS64_LE, "mips64-le"), + _GPT_ARCH_SEXTET(MIPS64_LE, "mips64el"), /* Alias: must be listed after mips64-le */ _GPT_ARCH_SEXTET(PARISC, "parisc"), + _GPT_ARCH_SEXTET(PARISC, "hppa"), /* Alias: must be listed after parisc */ _GPT_ARCH_SEXTET(PPC, "ppc"), _GPT_ARCH_SEXTET(PPC64, "ppc64"), _GPT_ARCH_SEXTET(PPC64_LE, "ppc64-le"), _GPT_ARCH_SEXTET(PPC64_LE, "ppc64le"), /* Alias: must be listed after ppc64-le */ + _GPT_ARCH_SEXTET(PPC64_LE, "ppc64el"), /* Alias: must be listed after ppc64-le */ _GPT_ARCH_SEXTET(RISCV32, "riscv32"), _GPT_ARCH_SEXTET(RISCV64, "riscv64"), _GPT_ARCH_SEXTET(S390, "s390"), _GPT_ARCH_SEXTET(S390X, "s390x"), _GPT_ARCH_SEXTET(TILEGX, "tilegx"), _GPT_ARCH_SEXTET(X86, "x86"), + _GPT_ARCH_SEXTET(X86, "i386"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i486"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i586"), /* Alias: must be listed after x86 */ + _GPT_ARCH_SEXTET(X86, "i686"), /* Alias: must be listed after x86 */ _GPT_ARCH_SEXTET(X86_64, "x86-64"), _GPT_ARCH_SEXTET(X86_64, "x86_64"), /* Alias: must be listed after x86-64 */ _GPT_ARCH_SEXTET(X86_64, "amd64"), /* Alias: must be listed after x86-64 */ @@ -339,6 +348,18 @@ bool gpt_partition_type_knows_no_auto(GptPartitionType type) { PARTITION_SWAP); } +bool gpt_partition_type_has_filesystem(GptPartitionType type) { + return IN_SET(type.designator, + PARTITION_ROOT, + PARTITION_USR, + PARTITION_HOME, + PARTITION_SRV, + PARTITION_ESP, + PARTITION_XBOOTLDR, + PARTITION_TMP, + PARTITION_VAR); +} + bool gpt_header_has_signature(const GptHeader *p) { assert(p); diff --git a/src/shared/gpt.h b/src/shared/gpt.h index 21976e5..3d04c19 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -72,6 +72,7 @@ const char *gpt_partition_type_mountpoint_nulstr(GptPartitionType type); bool gpt_partition_type_knows_read_only(GptPartitionType type); bool gpt_partition_type_knows_growfs(GptPartitionType type); bool gpt_partition_type_knows_no_auto(GptPartitionType type); +bool gpt_partition_type_has_filesystem(GptPartitionType type); typedef struct { uint8_t partition_type_guid[16]; diff --git a/src/shared/install.c b/src/shared/install.c index c94b456..53566b7 100644 --- a/src/shared/install.c +++ b/src/shared/install.c @@ -1989,7 +1989,9 @@ static int install_info_symlink_alias( } broken = r == 0; /* symlink target does not exist? */ - RET_GATHER(ret, create_symlink(lp, alias_target ?: info->path, alias_path, force || broken, changes, n_changes)); + r = create_symlink(lp, alias_target ?: info->path, alias_path, force || broken, changes, n_changes); + if (r != 0 && ret >= 0) + ret = r; } return ret; @@ -2012,7 +2014,7 @@ static int install_info_symlink_wants( UnitNameFlags valid_dst_type = UNIT_NAME_ANY; const char *n; - int r = 0, q; + int r, q; assert(info); assert(lp); @@ -2083,7 +2085,7 @@ static int install_info_symlink_wants( return -ENOMEM; q = create_symlink(lp, info->path, path, /* force = */ true, changes, n_changes); - if ((q < 0 && r >= 0) || r == 0) + if (q != 0 && r >= 0) r = q; if (unit_file_exists(scope, lp, dst) == 0) { @@ -2155,15 +2157,15 @@ static int install_info_apply( r = install_info_symlink_alias(scope, info, lp, config_path, force, changes, n_changes); q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->wanted_by, ".wants/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->required_by, ".requires/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; q = install_info_symlink_wants(scope, file_flags, info, lp, config_path, info->upheld_by, ".upholds/", changes, n_changes); - if (r == 0) + if (q != 0 && r >= 0) r = q; return r; diff --git a/src/shared/meson.build b/src/shared/meson.build index c5106d8..e513c0e 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -358,7 +358,7 @@ libshared = shared_library( '-Wl,--version-script=' + libshared_sym_path], link_depends : libshared_sym_path, link_whole : [libshared_static, - libbasic, + libbasic_static, libsystemd_static], dependencies : [libshared_deps, userspace], diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c index ce3c5fb..fd91bd6 100644 --- a/src/shared/spawn-polkit-agent.c +++ b/src/shared/spawn-polkit-agent.c @@ -43,16 +43,21 @@ int polkit_agent_open(void) { xsprintf(notify_fd, "%i", pipe_fd[1]); r = fork_agent("(polkit-agent)", - &pipe_fd[1], 1, + &pipe_fd[1], + 1, &agent_pid, POLKIT_AGENT_BINARY_PATH, - POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, "--fallback", NULL); + POLKIT_AGENT_BINARY_PATH, + "--notify-fd", + notify_fd, + "--fallback", + NULL); /* Close the writing side, because that's the one for the agent */ safe_close(pipe_fd[1]); if (r < 0) - log_error_errno(r, "Failed to fork TTY ask password agent: %m"); + log_error_errno(r, "Failed to fork polkit agent: %m"); else /* Wait until the agent closes the fd */ (void) fd_wait_for_event(pipe_fd[0], POLLHUP, USEC_INFINITY); diff --git a/src/shared/varlink-internal.h b/src/shared/varlink-internal.h index 715202a..bc30108 100644 --- a/src/shared/varlink-internal.h +++ b/src/shared/varlink-internal.h @@ -6,5 +6,45 @@ #include "fdset.h" #include "varlink.h" +typedef struct VarlinkServerSocket VarlinkServerSocket; + +struct VarlinkServerSocket { + VarlinkServer *server; + + int fd; + char *address; + + sd_event_source *event_source; + + LIST_FIELDS(VarlinkServerSocket, sockets); +}; + +struct VarlinkServer { + unsigned n_ref; + VarlinkServerFlags flags; + + LIST_HEAD(VarlinkServerSocket, sockets); + + Hashmap *methods; /* Fully qualified symbol name of a method → VarlinkMethod */ + Hashmap *interfaces; /* Fully qualified interface name → VarlinkInterface* */ + Hashmap *symbols; /* Fully qualified symbol name of method/error → VarlinkSymbol* */ + VarlinkConnect connect_callback; + VarlinkDisconnect disconnect_callback; + + sd_event *event; + int64_t event_priority; + + unsigned n_connections; + Hashmap *by_uid; /* UID_TO_PTR(uid) → UINT_TO_PTR(n_connections) */ + + void *userdata; + char *description; + + unsigned connections_max; + unsigned connections_per_uid_max; + + bool exit_on_idle; +}; + int varlink_server_serialize(VarlinkServer *s, FILE *f, FDSet *fds); int varlink_server_deserialize_one(VarlinkServer *s, const char *value, FDSet *fds); diff --git a/src/shared/varlink.c b/src/shared/varlink.c index 034e72b..0a6d2c8 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -210,46 +210,6 @@ struct Varlink { pid_t exec_pid; }; -typedef struct VarlinkServerSocket VarlinkServerSocket; - -struct VarlinkServerSocket { - VarlinkServer *server; - - int fd; - char *address; - - sd_event_source *event_source; - - LIST_FIELDS(VarlinkServerSocket, sockets); -}; - -struct VarlinkServer { - unsigned n_ref; - VarlinkServerFlags flags; - - LIST_HEAD(VarlinkServerSocket, sockets); - - Hashmap *methods; /* Fully qualified symbol name of a method → VarlinkMethod */ - Hashmap *interfaces; /* Fully qualified interface name → VarlinkInterface* */ - Hashmap *symbols; /* Fully qualified symbol name of method/error → VarlinkSymbol* */ - VarlinkConnect connect_callback; - VarlinkDisconnect disconnect_callback; - - sd_event *event; - int64_t event_priority; - - unsigned n_connections; - Hashmap *by_uid; /* UID_TO_PTR(uid) → UINT_TO_PTR(n_connections) */ - - void *userdata; - char *description; - - unsigned connections_max; - unsigned connections_per_uid_max; - - bool exit_on_idle; -}; - static const char* const varlink_state_table[_VARLINK_STATE_MAX] = { [VARLINK_IDLE_CLIENT] = "idle-client", [VARLINK_AWAITING_REPLY] = "awaiting-reply", diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build index 219f9fd..9bc60f8 100644 --- a/src/shutdown/meson.build +++ b/src/shutdown/meson.build @@ -20,7 +20,7 @@ executables += [ 'sources' : systemd_shutdown_sources, 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/systemctl/systemctl-util.c b/src/systemctl/systemctl-util.c index 2482b7c..38e1f23 100644 --- a/src/systemctl/systemctl-util.c +++ b/src/systemctl/systemctl-util.c @@ -327,14 +327,15 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske if (r < 0) return r; + if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) + goto skip; + if (ignore_masked) { r = unit_is_masked(bus, name); if (r < 0) return r; - if (r > 0) { - *ret = NULL; - return 0; - } + if (r > 0) + goto skip; } dbus_path = unit_dbus_path_from_name(name); @@ -370,6 +371,10 @@ int get_active_triggering_units(sd_bus *bus, const char *unit, bool ignore_maske *ret = TAKE_PTR(active); return 0; + +skip: + *ret = NULL; + return 0; } void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, bool ignore_masked) { @@ -383,8 +388,8 @@ void warn_triggering_units(sd_bus *bus, const char *unit, const char *operation, r = get_active_triggering_units(bus, unit, ignore_masked, &triggered_by); if (r < 0) { - log_warning_errno(r, - "Failed to get triggering units for '%s', ignoring: %m", unit); + if (r != -ENOENT) /* A linked unit might have disappeared after disabling */ + log_warning_errno(r, "Failed to get triggering units for '%s', ignoring: %m", unit); return; } diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build index 0f9c067..403d82a 100644 --- a/src/sysusers/meson.build +++ b/src/sysusers/meson.build @@ -14,7 +14,7 @@ executables += [ 'sources' : files('sysusers.c'), 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/test/meson.build b/src/test/meson.build index 3abbb94..9d3c7d6 100644 --- a/src/test/meson.build +++ b/src/test/meson.build @@ -274,7 +274,7 @@ executables += [ # only static linking apart from libdl, to make sure that the # module is linked to all libraries that it uses. 'sources' : files('test-dlopen.c'), - 'link_with' : libbasic, + 'link_with' : libbasic_static, 'dependencies' : libdl, 'install' : false, 'type' : 'manual', @@ -410,7 +410,7 @@ executables += [ }, test_template + { 'sources' : files('test-sizeof.c'), - 'link_with' : libbasic, + 'link_with' : libbasic_static, }, test_template + { 'sources' : files('test-time-util.c'), @@ -590,7 +590,7 @@ executables += [ test_template + { 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), 'link_with' : [ - libbasic, + libbasic_static, libsystemd, ], 'dependencies' : threads, @@ -598,7 +598,7 @@ executables += [ test_template + { 'sources' : files('../libudev/test-udev-device-thread.c'), 'link_with' : [ - libbasic, + libbasic_static, libudev, ], 'dependencies' : threads, diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c index 1e7ed27..433cf22 100644 --- a/src/test/test-install-root.c +++ b/src/test/test-install-root.c @@ -23,12 +23,14 @@ TEST(basic_mask_and_enable) { InstallChange *changes = NULL; size_t n_changes = 0; - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "a.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "b.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "c.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "d.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "e.service", NULL) == -ENOENT); - assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", NULL) == -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "a.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "b.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "c.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "d.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "e.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "g.service", NULL), -ENOENT); + ASSERT_EQ(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "h.service", NULL), -ENOENT); p = strjoina(root, "/usr/lib/systemd/system/a.service"); assert_se(write_string_file(p, @@ -197,6 +199,24 @@ TEST(basic_mask_and_enable) { changes = NULL; n_changes = 0; assert_se(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_ENABLED); + + /* Test enabling units with only Alias= (unit_file_enable should return > 0 to indicate we did + * something, #33411) */ + + p = strjoina(root, SYSTEM_CONFIG_UNIT_DIR "/g.service"); + ASSERT_OK(write_string_file(p, + "[Install]\n" + "Alias=h.service\n", WRITE_STRING_FILE_CREATE)); + + ASSERT_GT(unit_file_enable(RUNTIME_SCOPE_SYSTEM, 0, root, STRV_MAKE("g.service"), &changes, &n_changes), 0); + install_changes_free(changes, n_changes); + changes = NULL; n_changes = 0; + + ASSERT_OK(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "g.service", &state)); + ASSERT_EQ(state, UNIT_FILE_ENABLED); + + ASSERT_OK(unit_file_get_state(RUNTIME_SCOPE_SYSTEM, root, "h.service", &state)); + ASSERT_EQ(state, UNIT_FILE_ALIAS); } TEST(linked_units) { diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build index 2e91850..09ad839 100644 --- a/src/tmpfiles/meson.build +++ b/src/tmpfiles/meson.build @@ -20,7 +20,7 @@ executables += [ 'sources' : systemd_tmpfiles_sources, 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_static, libsystemd_static, ], diff --git a/src/ukify/test/test_ukify.py b/src/ukify/test/test_ukify.py index 0e3f932..e3d49d4 100755 --- a/src/ukify/test/test_ukify.py +++ b/src/ukify/test/test_ukify.py @@ -1,11 +1,21 @@ #!/usr/bin/env python3 # SPDX-License-Identifier: LGPL-2.1-or-later +# The tests can be called via pytest: +# PATH=build/:$PATH pytest -v src/ukify/test/test_ukify.py +# or directly: +# PATH=build/:$PATH src/ukify/test/test_ukify.py +# or via the meson test machinery output: +# meson test -C build test-ukify -v +# or without verbose output: +# meson test -C build test-ukify + # pylint: disable=unused-import,import-outside-toplevel,useless-else-on-loop # pylint: disable=consider-using-with,wrong-import-position,unspecified-encoding # pylint: disable=protected-access,redefined-outer-name import base64 +import glob import json import os import pathlib @@ -389,28 +399,17 @@ def test_help_error(capsys): @pytest.fixture(scope='session') def kernel_initrd(): - opts = ukify.create_parser().parse_args(arg_tools) - bootctl = ukify.find_tool('bootctl', opts=opts) - if bootctl is None: - return None - - try: - text = subprocess.check_output([bootctl, 'list', '--json=short'], - text=True) - except subprocess.CalledProcessError: + items = sorted(glob.glob('/lib/modules/*/vmlinuz')) + if not items: return None - items = json.loads(text) + # This doesn't necessarilly give us the latest version, since we're just + # using alphanumeric ordering. But this is fine, a predictable result is + # enough. + linux = items[-1] - for item in items: - try: - linux = f"{item['root']}{item['linux']}" - initrd = f"{item['root']}{item['initrd'][0].split(' ')[0]}" - except (KeyError, IndexError): - continue - return ['--linux', linux, '--initrd', initrd] - else: - return None + # We don't look _into_ the initrd. Any file is OK. + return ['--linux', linux, '--initrd', ukify.__file__] def test_check_splash(): try: @@ -699,7 +698,7 @@ def test_pcr_signing(kernel_initrd, tmp_path): '--uname=1.2.3', '--cmdline=ARG1 ARG2 ARG3', '--os-release=ID=foobar\n', - '--pcr-banks=sha1', # use sha1 because it doesn't really matter + '--pcr-banks=sha384', # sha1 might not be allowed, use something else f'--pcr-private-key={priv.name}', ] + arg_tools @@ -742,8 +741,8 @@ def test_pcr_signing(kernel_initrd, tmp_path): assert open(tmp_path / 'out.cmdline').read() == 'ARG1 ARG2 ARG3' sig = open(tmp_path / 'out.pcrsig').read() sig = json.loads(sig) - assert list(sig.keys()) == ['sha1'] - assert len(sig['sha1']) == 4 # four items for four phases + assert list(sig.keys()) == ['sha384'] + assert len(sig['sha384']) == 4 # four items for four phases shutil.rmtree(tmp_path) @@ -775,7 +774,7 @@ def test_pcr_signing2(kernel_initrd, tmp_path): '--uname=1.2.3', '--cmdline=ARG1 ARG2 ARG3', '--os-release=ID=foobar\n', - '--pcr-banks=sha1', + '--pcr-banks=sha384', f'--pcrpkey={pub2.name}', f'--pcr-public-key={pub.name}', f'--pcr-private-key={priv.name}', @@ -815,8 +814,8 @@ def test_pcr_signing2(kernel_initrd, tmp_path): sig = open(tmp_path / 'out.pcrsig').read() sig = json.loads(sig) - assert list(sig.keys()) == ['sha1'] - assert len(sig['sha1']) == 6 # six items for six phases paths + assert list(sig.keys()) == ['sha384'] + assert len(sig['sha384']) == 6 # six items for six phases paths shutil.rmtree(tmp_path) diff --git a/src/vmspawn/vmspawn-util.h b/src/vmspawn/vmspawn-util.h index ee02752..959cb47 100644 --- a/src/vmspawn/vmspawn-util.h +++ b/src/vmspawn/vmspawn-util.h @@ -40,6 +40,8 @@ # define QEMU_MACHINE_TYPE "s390-ccw-virtio" #elif defined(__powerpc__) || defined(__powerpc64__) # define QEMU_MACHINE_TYPE "pseries" +#elif defined(__mips__) +# define QEMU_MACHINE_TYPE "malta" #else # error "No qemu machine defined for this architecture" #endif diff --git a/test/README.testsuite b/test/README.testsuite index 13ba157..22da1cd 100644 --- a/test/README.testsuite +++ b/test/README.testsuite @@ -14,23 +14,52 @@ We also need to make sure the required meson options are enabled: $ meson setup --reconfigure build -Dremote=enabled ``` -Next, we can build the integration test image: +To make sure `mkosi` doesn't try to build systemd from source during the image build +process, you can add the following to `mkosi.local.conf`: + +``` +[Content] +Environment=NO_BUILD=1 +``` + +You might also want to use the `PackageDirectories=` or `Repositories=` option to provide +mkosi with a directory or repository containing the systemd packages that should be installed +instead. If the repository containing the systemd packages is not a builtin repository known +by mkosi, you can use the `PackageManagerTrees=` option to write an extra repository definition +to /etc which is used when building the image instead. + +Next, we can build the integration test image with meson: ```shell $ meson compile -C build mkosi ``` +By default, the `mkosi` meson target which builds the integration test image depends on +other meson targets to build various systemd tools that are used to build the image to make +sure they are up-to-date. If you instead want the already installed systemd tools on the +host to be used, you can run `mkosi` manually to build the image. To build the integration test +image without meson, run the following: + +```shell +$ mkosi -f +``` + +Note that by default we assume that `build/` is used as the meson build directory that will be used to run +the integration tests. If you want to use another directory as the meson build directory, you will have to +configure the mkosi build directory (`BuildDirectory=`), cache directory (`CacheDirectory=`) and output +directory (`OutputDirectory=`) to point to the other directory using `mkosi.local.conf`. + After the image has been built, the integration tests can be run with: ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ --suite integration-tests --num-processes "$(($(nproc) / 4))" +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild --suite integration-tests --num-processes "$(($(nproc) / 4))" ``` As usual, specific tests can be run in meson by appending the name of the test which is usually the name of the directory e.g. ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ -v TEST-01-BASIC +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ``` See `meson introspect build --tests` for a list of tests. @@ -40,7 +69,7 @@ To interactively debug a failing integration test, the `--interactive` option newer: ```shell -$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build/ -i TEST-01-BASIC +$ SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -i TEST-01-BASIC ``` Due to limitations in meson, the integration tests do not yet depend on the @@ -49,7 +78,7 @@ running the integration tests. To rebuild the image and rerun a test, the following command can be used: ```shell -$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build -v TEST-01-BASIC +$ meson compile -C build mkosi && SYSTEMD_INTEGRATION_TESTS=1 meson test -C build --no-rebuild -v TEST-01-BASIC ``` The integration tests use the same mkosi configuration that's used when you run diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build index 5036b64..fd670ae 100644 --- a/test/TEST-06-SELINUX/meson.build +++ b/test/TEST-06-SELINUX/meson.build @@ -3,11 +3,14 @@ integration_tests += [ integration_test_template + { 'name' : fs.name(meson.current_source_dir()), - 'cmdline' : integration_test_template['cmdline'] + ['systemd.wants=autorelabel.service', 'selinux=1', 'lsm=selinux'], + 'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'enforcing=0', 'lsm=selinux'], # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware. # Use 'auto' to automatically fallback on non-uefi architectures. 'firmware' : 'auto', 'vm' : true, + # Make sure we don't mount anything with virtiofs as otherwise fixfiles will try to relabel + # it. + 'mkosi-args' : integration_test_template['mkosi-args'] + ['--runtime-build-sources=no'], }, ] diff --git a/test/TEST-13-NSPAWN/test.sh b/test/TEST-13-NSPAWN/test.sh index 9a0404f..5c85b0c 100755 --- a/test/TEST-13-NSPAWN/test.sh +++ b/test/TEST-13-NSPAWN/test.sh @@ -32,7 +32,7 @@ test_append_files() { ls \ md5sum \ mountpoint \ - nc \ + ncat \ ps \ seq \ sleep \ diff --git a/test/TEST-46-HOMED/test.sh b/test/TEST-46-HOMED/test.sh index 923e002..06034b7 100755 --- a/test/TEST-46-HOMED/test.sh +++ b/test/TEST-46-HOMED/test.sh @@ -24,6 +24,7 @@ test_append_files() { inst_binary ssh inst_binary sshd inst_binary ssh-keygen + image_install -o /usr/lib/ssh/sshd-session } do_test "$@" diff --git a/test/TEST-55-OOMD/meson.build b/test/TEST-55-OOMD/meson.build index adc0509..2566316 100644 --- a/test/TEST-55-OOMD/meson.build +++ b/test/TEST-55-OOMD/meson.build @@ -5,6 +5,9 @@ integration_tests += [ 'name' : fs.name(meson.current_source_dir()), 'credentials' : integration_test_template['credentials'] + [ files('systemd.unit-dropin.init.scope'), + # OpenSUSE disables all controller delegation for the user manager template. Mask the + # dropin to make TEST-55-OOMD pass on OpenSUSE. + 'systemd.unit-dropin.user@.service~20-defaults-SUSE=', ], 'vm' : true, }, diff --git a/test/TEST-55-OOMD/test.sh b/test/TEST-55-OOMD/test.sh index 5e30963..3b2f471 100755 --- a/test/TEST-55-OOMD/test.sh +++ b/test/TEST-55-OOMD/test.sh @@ -14,7 +14,7 @@ TEST_NO_NSPAWN=1 test_append_files() { local workspace="${1:?}" - image_install mkswap swapon swapoff stress + image_install mkswap swapon swapoff stress-ng image_install -o btrfs mkdir -p "${workspace:?}/etc/systemd/system/init.scope.d/" diff --git a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure index 28ddfa4..b740c09 100755 --- a/test/TEST-64-UDEV-STORAGE/nvme_basic.configure +++ b/test/TEST-64-UDEV-STORAGE/nvme_basic.configure @@ -25,7 +25,7 @@ def add_drive(i: int, serial: str) -> None: "Options": "cache=unsafe", } ] - config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},num_queues=8"] + config["QemuArgs"] += ["-device", f"nvme,drive={id},serial={serial},max_ioqpairs=8"] for i in range(5): add_drive(i, serial=f"deadbeef{i}") diff --git a/test/TEST-73-LOCALE/meson.build b/test/TEST-73-LOCALE/meson.build index 8dec5f3..4f50d66 100644 --- a/test/TEST-73-LOCALE/meson.build +++ b/test/TEST-73-LOCALE/meson.build @@ -3,5 +3,6 @@ integration_tests += [ integration_test_template + { 'name' : fs.name(meson.current_source_dir()), + 'priority' : 10, }, ] diff --git a/test/TEST-74-AUX-UTILS/test.sh b/test/TEST-74-AUX-UTILS/test.sh index 2ee4a75..d47a0a2 100755 --- a/test/TEST-74-AUX-UTILS/test.sh +++ b/test/TEST-74-AUX-UTILS/test.sh @@ -31,6 +31,7 @@ test_append_files() { inst_binary ssh inst_binary sshd inst_binary ssh-keygen + image_install -o /usr/lib/ssh/sshd-session inst_binary usermod instmods vmw_vsock_virtio_transport instmods vsock_loopback diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py index 743a14c..d7a622a 100755 --- a/test/integration-test-wrapper.py +++ b/test/integration-test-wrapper.py @@ -134,7 +134,6 @@ def main(): '--runtime-network=none', '--runtime-scratch=no', *args.mkosi_args, - '--append', '--qemu-firmware', args.firmware, '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no", '--kernel-command-line-extra', @@ -184,9 +183,8 @@ def main(): text=True, ).stdout ) - images = {image["Image"]: image for image in j["Images"]} - distribution = images["system"]["Distribution"] - release = images["system"]["Release"] + distribution = j["Images"][-1]["Distribution"] + release = j["Images"][-1]["Release"] artifact = f"ci-mkosi-{id}-{iteration}-{distribution}-{release}-failed-test-journals" ops += [f"gh run download {id} --name {artifact} -D ci/{artifact}"] journal_file = Path(f"ci/{artifact}/test/journal/{name}.journal") diff --git a/test/test-execute/exec-set-credential.service b/test/test-execute/exec-set-credential.service index 2263436..7f2e87f 100644 --- a/test/test-execute/exec-set-credential.service +++ b/test/test-execute/exec-set-credential.service @@ -5,7 +5,7 @@ Description=Test for SetCredential= [Service] ExecStart=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' ExecStartPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStop=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' -ExecStopPost=sh -x -c 'test "$$(cat %d/test-execute.set-credential)" = "hoge"' +ExecStop=bash -x -c '[[ ! -v CREDENTIALS_DIRECTORY ]]' +ExecStopPost=bash -x -c '[[ ! -v CREDENTIALS_DIRECTORY ]]' Type=oneshot SetCredential=test-execute.set-credential:hoge diff --git a/test/test-functions b/test/test-functions index 03f188b..e219812 100644 --- a/test/test-functions +++ b/test/test-functions @@ -208,7 +208,7 @@ BASICTOOLS=( mount mountpoint mv - nc + ncat nproc ping pkill diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index 7c336ba..ba8e65e 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -7120,6 +7120,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.assertGreater(prefixInfo[0]['PreferredLifetimeUSec'], 0) self.assertGreater(prefixInfo[0]['ValidLifetimeUSec'], 0) + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd_no_address(self): # For issue #29979. copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream-no-address.network') @@ -7136,6 +7137,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.check_dhcp6_prefix('veth99') + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd_no_assign(self): # Similar to test_dhcp6pd_no_assign(), but in this case UseAddress=yes (default), # However, the server does not provide IA_NA. For issue #31349. @@ -7153,6 +7155,7 @@ class NetworkdDHCPPDTests(unittest.TestCase, Utilities): self.check_dhcp6_prefix('veth99') + @unittest.skipUnless(shutil.which('dhcpd'), reason="dhcpd is not available on CentOS Stream 10") def test_dhcp6pd(self): copy_network_unit('25-veth.netdev', '25-dhcp6pd-server.network', '25-dhcp6pd-upstream.network', '25-veth-downstream-veth97.netdev', '25-dhcp-pd-downstream-veth97.network', '25-dhcp-pd-downstream-veth97-peer.network', diff --git a/test/units/TEST-07-PID1.exec-context.sh b/test/units/TEST-07-PID1.exec-context.sh index a3379ef..cf39af0 100755 --- a/test/units/TEST-07-PID1.exec-context.sh +++ b/test/units/TEST-07-PID1.exec-context.sh @@ -186,27 +186,27 @@ if ! systemd-detect-virt -cq; then ) # We should fail with EPERM when trying to bind to a socket not on the allow list - # (nc exits with 2 in that case) + # (ncat exits with 2 in that case) systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -l 127.0.0.1 9999; exit 42' + bash -xec 'timeout 1s ncat -l 127.0.0.1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -l ::1 9999; exit 42' + bash -xec 'timeout 1s ncat -l ::1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -u -l ::1 9999; exit 42' + bash -xec 'timeout 1s ncat -6 -u -l ::1 9999; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -l 127.0.0.1 6666; exit 42' + bash -xec 'timeout 1s ncat -4 -l 127.0.0.1 6666; exit 42' systemd-run --wait -p SuccessExitStatus="1 2" --pipe -p SocketBindDeny=any \ - bash -xec 'timeout 1s nc -l 127.0.0.1 9999; exit 42' + bash -xec 'timeout 1s ncat -l 127.0.0.1 9999; exit 42' # Consequently, we should succeed when binding to a socket on the allow list # and keep listening on it until we're killed by `timeout` (EC 124) systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -l 127.0.0.1 1234; exit 1' + bash -xec 'timeout 1s ncat -4 -l 127.0.0.1 1234; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -4 -u -l 127.0.0.1 5678; exit 1' + bash -xec 'timeout 1s ncat -4 -u -l 127.0.0.1 5678; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -l ::1 1234; exit 1' + bash -xec 'timeout 1s ncat -6 -l ::1 1234; exit 1' systemd-run --wait --pipe -p SuccessExitStatus=124 "${ARGUMENTS[@]}" \ - bash -xec 'timeout 1s nc -6 -l ::1 6666; exit 1' + bash -xec 'timeout 1s ncat -6 -l ::1 6666; exit 1' fi losetup -d "$LODEV" diff --git a/test/units/TEST-07-PID1.issue-2467.sh b/test/units/TEST-07-PID1.issue-2467.sh index de0577b..083a1e7 100755 --- a/test/units/TEST-07-PID1.issue-2467.sh +++ b/test/units/TEST-07-PID1.issue-2467.sh @@ -8,7 +8,7 @@ set -o pipefail rm -f /tmp/nonexistent systemctl start issue2467.socket -nc -i20 -w20 -U /run/test.ctl || : +ncat -i20 -w20 -U /run/test.ctl || : # TriggerLimitIntervalSec= by default is set to 2s. A "sleep 10" should give # systemd enough time even on slower machines, to reach the trigger limit. diff --git a/test/units/TEST-07-PID1.issue-3171.sh b/test/units/TEST-07-PID1.issue-3171.sh index 374df54..e1a4b64 100755 --- a/test/units/TEST-07-PID1.issue-3171.sh +++ b/test/units/TEST-07-PID1.issue-3171.sh @@ -30,21 +30,21 @@ EOF systemctl start issue-3171.socket systemctl is-active issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] -echo A | nc -w1 -U /run/issue-3171.socket +echo A | ncat -w1 -U /run/issue-3171.socket mv $U ${U}.disabled systemctl daemon-reload systemctl is-active issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] -echo B | nc -w1 -U /run/issue-3171.socket && exit 1 +echo B | ncat -w1 -U /run/issue-3171.socket && exit 1 mv ${U}.disabled $U systemctl daemon-reload systemctl is-active issue-3171.socket -echo C | nc -w1 -U /run/issue-3171.socket && exit 1 +echo C | ncat -w1 -U /run/issue-3171.socket && exit 1 [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] systemctl restart issue-3171.socket systemctl is-active issue-3171.socket -echo D | nc -w1 -U /run/issue-3171.socket +echo D | ncat -w1 -U /run/issue-3171.socket [[ "$(stat --format='%G' /run/issue-3171.socket)" == adm ]] diff --git a/test/units/TEST-07-PID1.issue-33672.sh b/test/units/TEST-07-PID1.issue-33672.sh new file mode 100755 index 0000000..370497c --- /dev/null +++ b/test/units/TEST-07-PID1.issue-33672.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh + +set -eux +set -o pipefail + +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +# systemctl status always shows daemon-reload warning for a masked service with drop-ins +# Issue: https://github.com/systemd/systemd/issues/33672 + +UNIT=test-23-NeedDaemonReload.service + +cleanup() { + rm -rf /run/systemd/system/"$UNIT" /run/systemd/system/"$UNIT".d + systemctl daemon-reload +} + +trap cleanup EXIT + +cat > /run/systemd/system/"$UNIT" <<EOF +[Service] +ExecStart=/usr/bin/true +EOF + +mkdir /run/systemd/system/"$UNIT".d +cat > /run/systemd/system/"$UNIT".d/desc.conf <<EOF +[Unit] +Description=Test NeedDaemonReload status of a masked unit with drop-ins +EOF + +systemctl daemon-reload +systemctl unmask "$UNIT" +assert_eq "$(systemctl show -P NeedDaemonReload "$UNIT")" no + +systemctl mask "$UNIT" +assert_eq "$(systemctl show -P NeedDaemonReload "$UNIT")" no diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh index 7901e98..ee0fef8 100755 --- a/test/units/TEST-13-NSPAWN.nspawn.sh +++ b/test/units/TEST-13-NSPAWN.nspawn.sh @@ -179,6 +179,10 @@ elif [[ $1 == initgroups ]]; then fi EOF chmod +x "$root/bin/getent" + # The useradd is important here so the user is added to /etc/passwd. If the user is not in /etc/passwd, + # bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers + # as bash isn't invoked with the necessary environment variables for that. + useradd --root="$root" --uid 1000 --user-group --create-home testuser systemd-nspawn --directory="$root" bash -xec '[[ $USER == root ]]' systemd-nspawn --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]' @@ -672,8 +676,10 @@ fi EOF chmod +x "$root/bin/getent" - mkdir -p "$root/home/testuser" - chown 1010:1010 "$root/home/testuser" + # The useradd is important here so the user is added to /etc/passwd. If the user is not in /etc/passwd, + # bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers + # as bash isn't invoked with the necessary environment variables for that. + useradd --root="$root" --uid 1010 --user-group --create-home testuser cmd='PERMISSIONS=$(stat -c "%u:%g" /home/testuser/file); if [[ $PERMISSIONS != "1010:1010" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /home/testuser/other_file' if ! SYSTEMD_LOG_TARGET=console \ @@ -702,7 +708,7 @@ EOF testcase_notification_socket() { # https://github.com/systemd/systemd/issues/4944 local root - local cmd='echo a | nc -U -u -w 1 /run/host/notify' + local cmd='echo a | ncat -U -u -w 1 /run/host/notify' root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.check_notification_socket.XXX)" create_dummy_container "$root" diff --git a/test/units/TEST-29-PORTABLE.sh b/test/units/TEST-29-PORTABLE.sh index b4dcd5a..41dce4d 100755 --- a/test/units/TEST-29-PORTABLE.sh +++ b/test/units/TEST-29-PORTABLE.sh @@ -355,15 +355,16 @@ portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/rootdir mini portablectl detach --now --runtime --enable /tmp/rootdir minimal-app0 # The wrong file should be ignored, given the right one has the xattr set -mkdir -p /tmp/wrongext/usr/lib/extension-release.d /tmp/wrongext/usr/lib/systemd/system/ -echo "[Service]" > /tmp/wrongext/usr/lib/systemd/system/app0.service -touch /tmp/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt -cp /tmp/rootdir/usr/lib/os-release /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 -setfattr -n user.extension-release.strict -v "false" /tmp/wrongext/usr/lib/extension-release.d/extension-release.app0 -portablectl "${ARGS[@]}" attach --runtime --extension /tmp/wrongext /tmp/rootdir app0 +trap 'rm -rf /var/cache/wrongext' EXIT +mkdir -p /var/cache/wrongext/usr/lib/extension-release.d /var/cache/wrongext/usr/lib/systemd/system/ +echo "[Service]" > /var/cache/wrongext/usr/lib/systemd/system/app0.service +touch /var/cache/wrongext/usr/lib/extension-release.d/extension-release.wrongext_somethingwrong.txt +cp /tmp/rootdir/usr/lib/os-release /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 +setfattr -n user.extension-release.strict -v "false" /var/cache/wrongext/usr/lib/extension-release.d/extension-release.app0 +portablectl "${ARGS[@]}" attach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 status="$(portablectl is-attached --extension wrongext rootdir)" [[ "${status}" == "attached-runtime" ]] -portablectl detach --runtime --extension /tmp/wrongext /tmp/rootdir app0 +portablectl detach --runtime --extension /var/cache/wrongext /tmp/rootdir app0 umount /tmp/rootdir umount /tmp/app0 diff --git a/test/units/TEST-55-OOMD-testbloat.service b/test/units/TEST-55-OOMD-testbloat.service index ba4f2bc..70c8772 100644 --- a/test/units/TEST-55-OOMD-testbloat.service +++ b/test/units/TEST-55-OOMD-testbloat.service @@ -3,8 +3,8 @@ Description=Create a lot of memory pressure [Service] -# A VERY small memory.high will cause the 'stress' (trying to use a lot of memory) +# A VERY small memory.high will cause the 'stress-ng' (trying to use a lot of memory) # to throttle and be put under heavy pressure. MemoryHigh=3M Slice=TEST-55-OOMD-workload.slice -ExecStart=stress --timeout 3m --vm 10 --vm-bytes 200M --vm-keep --vm-stride 1 +ExecStart=stress-ng --timeout 3m --vm 10 --vm-bytes 200M --vm-keep diff --git a/test/units/TEST-55-OOMD-testmunch.service b/test/units/TEST-55-OOMD-testmunch.service index 5659906..79bd018 100644 --- a/test/units/TEST-55-OOMD-testmunch.service +++ b/test/units/TEST-55-OOMD-testmunch.service @@ -5,4 +5,4 @@ Description=Create some memory pressure [Service] MemoryHigh=12M Slice=TEST-55-OOMD-workload.slice -ExecStart=stress --timeout 3m --vm 10 --vm-bytes 200M --vm-keep --vm-stride 1 +ExecStart=stress-ng --timeout 3m --vm 10 --vm-bytes 200M --vm-keep diff --git a/test/units/TEST-55-OOMD.sh b/test/units/TEST-55-OOMD.sh index b04ebca..944067c 100755 --- a/test/units/TEST-55-OOMD.sh +++ b/test/units/TEST-55-OOMD.sh @@ -6,14 +6,6 @@ set -o pipefail # shellcheck source=test/units/util.sh . "$(dirname "$0")"/util.sh -. /etc/os-release -# OpenSUSE does not have the stress tool packaged. It does have stress-ng but the stress-ng does not support -# --vm-stride which this test uses. -if [[ "$ID" =~ "opensuse" ]]; then - echo "Skipping due to missing stress package in OpenSUSE" >>/skipped - exit 77 -fi - systemd-analyze log-level debug # Ensure that the init.scope.d drop-in is applied on boot diff --git a/test/units/TEST-73-LOCALE.sh b/test/units/TEST-73-LOCALE.sh index 18539b8..06c8c56 100755 --- a/test/units/TEST-73-LOCALE.sh +++ b/test/units/TEST-73-LOCALE.sh @@ -657,6 +657,29 @@ testcase_locale_gen_leading_space() { # running on. export SYSTEMD_KBD_MODEL_MAP=/usr/lib/systemd/tests/testdata/test-keymap-util/kbd-model-map +# On Debian and derivatives writing calls to localed are blocked as other tools are used to change settings, +# override that policy +mkdir -p /etc/dbus-1/system.d/ +cat >/etc/dbus-1/system.d/systemd-localed-read-only.conf <<EOF +<?xml version="1.0"?> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "https://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="root"> + <allow send_member="SetLocale"/> + <allow send_member="SetVConsoleKeyboard"/> + <allow send_member="SetX11Keyboard"/> + </policy> + <policy context="default"> + <allow send_member="SetLocale"/> + <allow send_member="SetVConsoleKeyboard"/> + <allow send_member="SetX11Keyboard"/> + </policy> +</busconfig> +EOF +trap 'rm -f /etc/dbus-1/system.d/systemd-localed-read-only.conf' EXIT +systemctl reload dbus.service + enable_debug run_testcases diff --git a/tools/update-distro-hash.py b/tools/fetch-distro.py index 16ed2e7..9fc5b1b 100755 --- a/tools/update-distro-hash.py +++ b/tools/fetch-distro.py @@ -2,7 +2,8 @@ # SPDX-License-Identifier: LGPL-2.1-or-later """ -Fetch commits for pkg/{distribution} and, if changed, commit the latest hash. +Check out pkg/{distribution}. +With -u, fetch commits, and if changed, commit the latest hash. """ import argparse @@ -25,6 +26,11 @@ def parse_args(): action='store_false', default=True, ) + p.add_argument( + '--update', '-u', + action='store_true', + default=False, + ) return p.parse_args() def read_config(distro: str): @@ -33,7 +39,8 @@ def read_config(distro: str): text = subprocess.check_output(cmd, text=True) data = json.loads(text) - return data['Images'][-1] + images = {image["Image"]: image for image in data["Images"]} + return images["build"] def commit_file(distro: str, file: Path, commit: str, changes: str): message = '\n'.join(( @@ -45,16 +52,42 @@ def commit_file(distro: str, file: Path, commit: str, changes: str): print(f"+ {shlex.join(cmd)}") subprocess.check_call(cmd) -def update_distro(args, distro: str): - cmd = ['git', '-C', f'pkg/{distro}', 'fetch'] +def checkout_distro(args, distro: str, config: dict): + dest = Path(f'pkg/{distro}') + if dest.exists(): + print(f'{dest} already exists.') + return + + url = config['Environment']['GIT_URL'] + branch = config['Environment']['GIT_BRANCH'] + + # Only debian uses source-git for now… + reference = [f'--reference-if-able=.'] if distro == 'debian' else [] + + cmd = [ + 'git', 'clone', url, + f'--branch={branch}', + dest.as_posix(), + *reference, + ] print(f"+ {shlex.join(cmd)}") subprocess.check_call(cmd) - config = read_config(distro) + args.fetch = False # no need to fetch if we just cloned +def update_distro(args, distro: str, config: dict): branch = config['Environment']['GIT_BRANCH'] old_commit = config['Environment']['GIT_COMMIT'] + cmd = ['git', '-C', f'pkg/{distro}', 'switch', branch] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + + cmd = ['git', '-C', f'pkg/{distro}', 'fetch', 'origin', '-v', + f'{branch}:remotes/origin/{branch}'] + print(f"+ {shlex.join(cmd)}") + subprocess.check_call(cmd) + cmd = ['git', '-C', f'pkg/{distro}', 'rev-parse', f'refs/remotes/origin/{branch}'] print(f"+ {shlex.join(cmd)}") new_commit = subprocess.check_output(cmd, text=True).strip() @@ -69,7 +102,7 @@ def update_distro(args, distro: str): print(f"+ {shlex.join(cmd)}") changes = subprocess.check_output(cmd, text=True).strip() - conf_dir = Path('mkosi.images/system/mkosi.conf.d') + conf_dir = Path('mkosi.images/build/mkosi.conf.d') files = conf_dir.glob('*/*.conf') for file in files: s = file.read_text() @@ -85,5 +118,9 @@ def update_distro(args, distro: str): if __name__ == '__main__': args = parse_args() + for distro in args.distribution: - update_distro(args, distro) + config = read_config(distro) + checkout_distro(args, distro, config) + if args.update: + update_distro(args, distro, config) diff --git a/tools/vcs-tag.sh b/tools/vcs-tag.sh new file mode 100755 index 0000000..5da39cc --- /dev/null +++ b/tools/vcs-tag.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# SPDX-License-Identifier: LGPL-2.1-or-later +set -e + +MODE="$1" + +if ! [[ -d .git ]] || git describe --tags --exact-match &>/dev/null; then + exit 0 +fi + +if [[ "$MODE" == "developer" ]]; then + DIRTY="--dirty=^" +else + DIRTY="" +fi + +echo "-g$(git describe --abbrev=7 --match="" --always $DIRTY)" diff --git a/units/systemd-bsod.service.in b/units/systemd-bsod.service.in index 2d2f988..4c8f837 100644 --- a/units/systemd-bsod.service.in +++ b/units/systemd-bsod.service.in @@ -8,7 +8,7 @@ # (at your option) any later version. [Unit] -Description=Displays emergency message in full screen. +Description=Display Boot-Time Emergency Messages In Full Screen Documentation=man:systemd-bsod.service(8) ConditionVirtualization=no DefaultDependencies=no diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in index 65521b1..8eb4821 100644 --- a/units/systemd-fsck@.service.in +++ b/units/systemd-fsck@.service.in @@ -12,7 +12,8 @@ Description=File System Check on %f Documentation=man:systemd-fsck@.service(8) DefaultDependencies=no BindsTo=%i.device -Conflicts=shutdown.target +IgnoreOnIsolate=yes +Conflicts=reboot.target kexec.target poweroff.target halt.target After=%i.device systemd-fsck-root.service local-fs-pre.target Before=systemd-quotacheck.service shutdown.target |