summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.github/workflows/mkosi.yml4
-rw-r--r--NEWS7
-rw-r--r--catalog/systemd.catalog.in13
-rw-r--r--docs/CNAME1
-rw-r--r--docs/CODING_STYLE.md62
-rw-r--r--man/systemd-tmpfiles.xml30
-rw-r--r--man/systemd.xml49
-rw-r--r--meson.build1
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf3
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf16
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf3
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf10
-rw-r--r--mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources6
-rw-r--r--mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf4
-rw-r--r--rules.d/99-systemd.rules.in2
-rw-r--r--shell-completion/bash/udevadm5
-rw-r--r--src/analyze/analyze-pcrs.c2
-rw-r--r--src/basic/strbuf.c5
-rw-r--r--src/core/service.c8
-rw-r--r--src/fundamental/macro-fundamental.h5
-rw-r--r--src/hostname/hostnamed.c11
-rw-r--r--src/libsystemd-network/sd-dhcp-server.c2
-rw-r--r--src/partition/repart.c9
-rw-r--r--src/resolve/resolved-dns-server.c3
-rw-r--r--src/shared/cryptsetup-util.c19
-rw-r--r--src/shared/cryptsetup-util.h6
-rw-r--r--src/shared/install.c14
-rw-r--r--src/shared/logs-show.c6
-rw-r--r--src/shared/tpm2-util.c2
-rw-r--r--src/systemd/sd-messages.h3
-rw-r--r--src/tmpfiles/tmpfiles.c23
-rw-r--r--src/tpm2-setup/tpm2-setup.c13
-rwxr-xr-xtest/TEST-02-UNITTESTS/test.sh8
-rw-r--r--test/TEST-06-SELINUX/meson.build3
-rw-r--r--test/TEST-09-REBOOT/meson.build2
-rw-r--r--test/TEST-18-FAILUREACTION/meson.build2
-rwxr-xr-xtest/integration-test-wrapper.py9
-rw-r--r--test/test-functions68
-rwxr-xr-xtest/test-network/systemd-networkd-tests.py2
-rwxr-xr-xtest/units/TEST-02-UNITTESTS.sh14
-rwxr-xr-xtest/units/TEST-26-SYSTEMCTL.sh6
-rwxr-xr-xtest/units/TEST-43-PRIVATEUSER-UNPRIV.sh4
-rw-r--r--units/systemd-tmpfiles-setup.service2
-rw-r--r--units/systemd-tpm2-setup-early.service.in3
-rw-r--r--units/systemd-tpm2-setup.service.in3
-rw-r--r--units/user/systemd-tmpfiles-setup.service2
47 files changed, 298 insertions, 187 deletions
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 425d737..3a8dabd 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -92,7 +92,7 @@ jobs:
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
- - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf
+ - uses: systemd/mkosi@6972f9efba5c8472d990be3783b7e7dbf76e109e
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location
@@ -117,6 +117,8 @@ jobs:
- name: Configure
run: |
+ # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved
+ sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build
tee mkosi.local.conf <<EOF
[Distribution]
Distribution=${{ matrix.distro }}
diff --git a/NEWS b/NEWS
index 02ad8b2..da81fe3 100644
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,11 @@ CHANGES WITH 256:
* systemd.crash_reboot and related settings are deprecated in favor of
systemd.crash_action=.
+ * Stable releases for version v256 and newer will now be pushed in the
+ main repository. The systemd-stable repository will be used for existing
+ stable branches (v255-stable and lower), and when they reach EOL it will
+ be archived.
+
General Changes and New Features:
* Various programs will now attempt to load the main configuration file
@@ -190,7 +195,7 @@ CHANGES WITH 256:
additional per-user service managers, whose users are transient and
are only defined as long as the service manager is running. (This is
implemented via DynamicUser=1), allowing a user manager to be used to
- manager a group of processes without needing to create an actual user
+ manage a group of processes without needing to create an actual user
account. These service managers run with home directories of
/var/lib/capsules/<capsule-name> and can contain regular services and
other units. A capsule is started via a simple "systemctl start
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
index 3c9a686..2831152 100644
--- a/catalog/systemd.catalog.in
+++ b/catalog/systemd.catalog.in
@@ -780,3 +780,16 @@ Documentation: https://systemd.io/PORTABLE_SERVICES/
A Portable Service @PORTABLE_ROOT@ (with extensions: @PORTABLE_EXTENSION@) has been
detached from the system and is no longer available for use. The list of attached
Portable Services can be queried with 'portablectl list'.
+
+-- ad7089f928ac4f7ea00c07457d47ba8a
+Subject: Authorization failure while attempting to enroll SRK into TPM
+Defined-By: systemd
+Support: %SUPPORT_URL%
+Documentation: man:systemd-tpm2-setup.service(8)
+
+An authorization failure occured while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
+Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of
+the TPM.
+
+Automatic SRK enrollment on TPMs in such scenarios is not supported. In order to unset the PIN/password
+protection on the owner hierarchy issue a command like the following: 'tpm2_changeauth -c o -p <OLDPW> ""'.
diff --git a/docs/CNAME b/docs/CNAME
new file mode 100644
index 0000000..cdcf4d9
--- /dev/null
+++ b/docs/CNAME
@@ -0,0 +1 @@
+systemd.io \ No newline at end of file
diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
index 8f687e6..309436a 100644
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -164,30 +164,64 @@ SPDX-License-Identifier: LGPL-2.1-or-later
thread. Use `is_main_thread()` to detect whether the calling thread is the
main thread.
-- Do not write functions that clobber call-by-reference variables on
- failure. Use temporary variables for these cases and change the passed in
- variables only on success. The rule is: never clobber return parameters on
- failure, always initialize return parameters on success.
-
-- Typically, function parameters fit into three categories: input parameters,
- mutable objects, and call-by-reference return parameters. Input parameters
- should always carry suitable "const" declarators if they are pointers, to
- indicate they are input-only and not changed by the function. Return
- parameters are best prefixed with "ret_", to clarify they are return
- parameters. (Conversely, please do not prefix parameters that aren't
- output-only with "ret_", in particular not mutable parameters that are both
- input as well as output). Example:
+- Typically, function parameters fit into four categories: input parameters,
+ mutable objects, call-by-reference return parameters that are initialized on
+ success, and call-by-reference return parameters that are initialized on
+ failure. Input parameters should always carry suitable `const` declarators if
+ they are pointers, to indicate they are input-only and not changed by the
+ function. The name of return parameters that are initialized on success
+ should be prefixed with `ret_`, to clarify they are return parameters. The
+ name of return parameters that are initialized on failure should be prefixed
+ with `reterr_`. (Examples of such parameters: those which carry additional
+ error information, such as the row/column of parse errors or so). –
+ Conversely, please do not prefix parameters that aren't output-only with
+ `ret_` or `reterr_`, in particular not mutable parameters that are both input
+ as well as output.
+
+ Example:
```c
static int foobar_frobnicate(
Foobar* object, /* the associated mutable object */
const char *input, /* immutable input parameter */
- char **ret_frobnicated) { /* return parameter */
+ char **ret_frobnicated, /* return parameter on success */
+ unsigned *reterr_line, /* return parameter on failure */
+ unsigned *reterr_column) { /* ditto */
return 0;
}
```
+- Do not write functions that clobber call-by-reference success return
+ parameters on failure (i.e. `ret_xyz`, see above), or that clobber
+ call-by-reference failure return parameters on success
+ (i.e. `reterr_xyz`). Use temporary variables for these cases and change the
+ passed in variables only in the right condition. The rule is: never clobber
+ success return parameters on failure, always initialize success return
+ parameters on success (and the reverse for failure return parameters, of
+ course).
+
+- Please put `reterr_` return parameters in the function parameter list last,
+ and `ret_` return parameters immediately before that.
+
+ Good:
+
+ ```c
+ static int do_something(
+ const char *input,
+ const char *ret_on_success,
+ const char *reterr_on_failure);
+ ```
+
+ Not good:
+
+ ```c
+ static int do_something(
+ const char *reterr_on_failure,
+ const char *ret_on_success,
+ const char *input);
+ ```
+
- The order in which header files are included doesn't matter too
much. systemd-internal headers must not rely on an include order, so it is
safe to include them in any order possible. However, to not clutter global
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index 008bff6..2a494b9 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -55,9 +55,11 @@
<refsect1>
<title>Description</title>
- <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up volatile and temporary files
- and directories, using the configuration file format and location specified in
- <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>. It must
+ <para><command>systemd-tmpfiles</command> creates, deletes, and cleans up files and directories, using
+ the configuration file format and location specified in
+ <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ Historically, it was designed to manage volatile and temporary files, as the name suggests, but it provides
+ generic file management functionality and can be used to manage any kind of files. It must
be invoked with one or more commands <option>--create</option>, <option>--remove</option>, and
<option>--clean</option>, to select the respective subset of operations.</para>
@@ -149,8 +151,26 @@
<varlistentry>
<term><option>--purge</option></term>
- <listitem><para>If this option is passed, all files and directories created by a
- <filename>tmpfiles.d/</filename> entry will be deleted.</para>
+
+ <listitem><para>If this option is passed, all files and directories marked for
+ <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
+ line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
+ marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
+ <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
+ <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
+ <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
+ <filename>tmpfiles.d/</filename> file (or <filename>-</filename> for standard input) must be
+ specified on the command line or the invocation will be refused, for safety reasons (as otherwise
+ much of the installed system files might be removed).</para>
+
+ <para>The primary usecase for this option is to automatically remove files and directories that
+ originally have been created on behalf of an installed packaged at package removal time.</para>
+
+ <para>It is recommended to first run this command in combination with <option>--dry-run</option>
+ (see below) to verify which files and directories will be deleted.</para>
+
+ <para><emphasis>Warning!</emphasis> This is is usually not the command you want! In most cases
+ <option>--remove</option> is what you are looking for.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
diff --git a/man/systemd.xml b/man/systemd.xml
index 66db5bb..f4aa7e0 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -62,10 +62,29 @@
<filename>user.conf.d</filename> directories. See
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information.</para>
+
+ <para><command>systemd</command> contains native implementations of various tasks that need to be
+ executed as part of the boot process. For example, it sets the hostname or configures the loopback
+ network device. It also sets up and mounts various API file systems, such as <filename>/sys/</filename>,
+ <filename>/proc/</filename>, and <filename>/dev/</filename>.</para>
+
+ <para>Note that some but not all interfaces provided by systemd are covered by the
+ <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
+
+ <para>The D-Bus API of <command>systemd</command> is described in
+ <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ and
+ <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+
+ <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
+ url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
+ <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
+ specifications, respectively.</para>
</refsect1>
<refsect1>
- <title>Concepts</title>
+ <title>Units</title>
<para>systemd provides a dependency system between various
entities called "units" of 11 different types. Units encapsulate
@@ -261,34 +280,10 @@
example, start jobs for any of those inactive units getting queued as
well.</para>
- <para>systemd contains native implementations of various tasks
- that need to be executed as part of the boot process. For example,
- it sets the hostname or configures the loopback network device. It
- also sets up and mounts various API file systems, such as
- <filename>/sys/</filename> or <filename>/proc/</filename>.</para>
-
- <para>For more information about the concepts and
- ideas behind systemd, please refer to the
- <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
-
- <para>Note that some but not all interfaces provided by systemd are covered by the
- <ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink>.</para>
-
<para>Units may be generated dynamically at boot and system
manager reload time, for example based on other configuration
files or parameters passed on the kernel command line. For details, see
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
-
- <para>The D-Bus API of <command>systemd</command> is described in
- <citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- and
- <citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- </para>
-
- <para>Systems which invoke systemd in a container or initrd environment should implement the <ulink
- url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> or
- <ulink url="https://systemd.io/INITRD_INTERFACE/">initrd Interface</ulink>
- specifications, respectively.</para>
</refsect1>
<refsect1>
@@ -1558,6 +1553,10 @@
<member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
</simplelist></para>
+
+ <para>For more information about the concepts and
+ ideas behind systemd, please refer to the
+ <ulink url="https://0pointer.de/blog/projects/systemd.html">Original Design Document</ulink>.</para>
</refsect1>
</refentry>
diff --git a/meson.build b/meson.build
index ea4e12a..e421519 100644
--- a/meson.build
+++ b/meson.build
@@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
'crypt_token_max',
'crypt_reencrypt_init_by_passphrase',
'crypt_reencrypt',
+ 'crypt_reencrypt_run',
'crypt_set_data_offset',
'crypt_set_keyring_to_link',
'crypt_resume_by_volume_key']
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
index ae014fa..ecac780 100644
--- a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf
@@ -20,8 +20,6 @@ VolatilePackages=
libsystemd-dev
libudev-dev
systemd
- systemd-boot
- systemd-boot-efi
systemd-container
systemd-coredump
systemd-dev
@@ -74,7 +72,6 @@ Packages=
python3-pexpect
python3-psutil
quota
- sbsigntool
softhsm2
squashfs-tools
stress
diff --git a/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
new file mode 100644
index 0000000..781670a
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-debian-ubuntu/mkosi.conf.d/efi.conf
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# sbsigntool exists only on UEFI architectures
+
+[Match]
+Architecture=|x86
+Architecture=|x86-64
+Architecture=|arm
+Architecture=|arm64
+Architecture=|riscv32
+Architecture=|riscv64
+
+[Content]
+Packages=
+ sbsigntool
+ systemd-boot
+ systemd-boot-efi
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
index 25957b1..86f9736 100644
--- a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf
@@ -3,9 +3,6 @@
[Match]
Distribution=ubuntu
-[Distribution]
-PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
-
[Content]
Packages=
linux-image-generic
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
new file mode 100644
index 0000000..582f038
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/non-x86.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The ports Ubuntu archive is for non i386/amd64 repositories
+
+[Match]
+Architecture=!x86-64
+Architecture=!x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports-ports.sources:/etc/apt/sources.list.d/noble-backports-ports.sources
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
new file mode 100644
index 0000000..7347be9
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/mkosi.conf.d/x86.conf
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# The main Ubuntu archive is only for i386/amd64 repositories
+
+[Match]
+Architecture=|x86-64
+Architecture=|x86
+Release=noble
+
+[Distribution]
+PackageManagerTrees=noble-backports.sources:/etc/apt/sources.list.d/noble-backports.sources
diff --git a/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
new file mode 100644
index 0000000..5b96dc5
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/10-ubuntu/noble-backports-ports.sources
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+Types: deb
+URIs: http://ports.ubuntu.com
+Suites: noble-backports
+Components: main universe
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
new file mode 100644
index 0000000..657ac72
--- /dev/null
+++ b/mkosi.images/system/mkosi.extra/usr/lib/sysctl.d/99-apparmor-unpriv-userns.conf
@@ -0,0 +1,4 @@
+# Ubuntu since Noble disables unprivileged user namespaces by default, re-enable them as they are needed
+# for integration tests
+kernel.apparmor_restrict_unprivileged_unconfined = 0
+kernel.apparmor_restrict_unprivileged_userns = 0
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index ad0c7e2..8ba6f17 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -10,6 +10,8 @@
ACTION=="remove", GOTO="systemd_end"
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd"
+# Exclude 8250 serial ports with a zero IO port, as they are not usable until "setserial /dev/ttySxxx port …" is invoked.
+SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ENV{SYSTEMD_READY}="0"
KERNEL=="vport*", TAG+="systemd"
SUBSYSTEM=="ptp", TAG+="systemd"
diff --git a/shell-completion/bash/udevadm b/shell-completion/bash/udevadm
index 05f921c..3842d72 100644
--- a/shell-completion/bash/udevadm
+++ b/shell-completion/bash/udevadm
@@ -32,10 +32,7 @@ __get_all_sysdevs() {
}
__get_all_device_nodes() {
- local i
- for i in /dev/* /dev/*/* /dev/*/*/*; do
- echo $i
- done
+ find /dev -xtype b -o -xtype c
}
__get_all_device_units() {
diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
index 43e415f..1c3da3f 100644
--- a/src/analyze/analyze-pcrs.c
+++ b/src/analyze/analyze-pcrs.c
@@ -11,7 +11,7 @@
static int get_pcr_alg(const char **ret) {
assert(ret);
- FOREACH_STRING(alg, "sha256", "sha1") {
+ FOREACH_STRING(alg, "sha256", "sha384", "sha1") {
_cleanup_free_ char *p = NULL;
if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/0", alg) < 0)
diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
index 0617acc..6d43955 100644
--- a/src/basic/strbuf.c
+++ b/src/basic/strbuf.c
@@ -107,7 +107,6 @@ static void bubbleinsert(struct strbuf_node *node,
/* add string, return the index/offset into the buffer */
ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
uint8_t c;
- char *buf_new;
struct strbuf_child_entry *child;
struct strbuf_node *node;
ssize_t off;
@@ -147,10 +146,8 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
}
/* add new string */
- buf_new = realloc(str->buf, str->len + len+1);
- if (!buf_new)
+ if (!GREEDY_REALLOC(str->buf, str->len + len + 1))
return -ENOMEM;
- str->buf = buf_new;
off = str->len;
memcpy(str->buf + off, s, len);
str->len += len;
diff --git a/src/core/service.c b/src/core/service.c
index 8ec27c4..6e81460 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1351,7 +1351,7 @@ static int service_coldplug(Unit *u) {
service_start_watchdog(s);
if (UNIT_ISSET(s->accept_socket)) {
- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket));
+ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
if (socket->max_connections_per_source > 0) {
SocketPeer *peer;
@@ -3220,8 +3220,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
} else if (streq(key, "accept-socket")) {
Unit *socket;
- if (u->type != UNIT_SOCKET) {
- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket");
+ if (unit_name_to_type(value) != UNIT_SOCKET) {
+ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
return 0;
}
@@ -3230,7 +3230,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
else {
unit_ref_set(&s->accept_socket, u, socket);
- SOCKET(socket)->n_connections++;
+ ASSERT_PTR(SOCKET(socket))->n_connections++;
}
} else if (streq(key, "socket-fd")) {
diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index 5ccbda5..8aca5f7 100644
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -517,6 +517,10 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
} \
}
+/* Restriction/bug (see above) was fixed in GCC 15 and clang 19.*/
+#if __GNUC__ >= 15 || (defined(__clang__) && __clang_major__ >= 19)
+#define DECLARE_FLEX_ARRAY(type, name) type name[];
+#else
/* Declare a flexible array usable in a union.
* This is essentially a work-around for a pointless constraint in C99
* and might go away in some future version of the standard.
@@ -528,6 +532,7 @@ static inline uint64_t ALIGN_OFFSET_U64(uint64_t l, uint64_t ali) {
dummy_t __empty__ ## name; \
type name[]; \
}
+#endif
/* Declares an ELF read-only string section that does not occupy memory at runtime. */
#define DECLARE_NOALLOC_SECTION(name, text) \
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 82d0880..fe1216f 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1682,6 +1682,13 @@ static int connect_varlink(Context *c) {
return 0;
}
+static bool context_check_idle(void *userdata) {
+ Context *c = ASSERT_PTR(userdata);
+
+ return varlink_server_current_connections(c->varlink_server) == 0 &&
+ hashmap_isempty(c->polkit_registry);
+}
+
static int run(int argc, char *argv[]) {
_cleanup_(context_destroy) Context context = {
.hostname_source = _HOSTNAME_INVALID, /* appropriate value will be set later */
@@ -1731,8 +1738,8 @@ static int run(int argc, char *argv[]) {
context.bus,
"org.freedesktop.hostname1",
DEFAULT_EXIT_USEC,
- /* check_idle= */ NULL,
- /* userdata= */ NULL);
+ context_check_idle,
+ &context);
if (r < 0)
return log_error_errno(r, "Failed to run event loop: %m");
diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
index c3b0f82..4967f06 100644
--- a/src/libsystemd-network/sd-dhcp-server.c
+++ b/src/libsystemd-network/sd-dhcp-server.c
@@ -1252,7 +1252,7 @@ static int server_receive_message(sd_event_source *s, int fd,
/* Preallocate the additional size for DHCP Relay Agent Information Option if needed */
buflen += relay_agent_information_length(server->agent_circuit_id, server->agent_remote_id) + 2;
- message = malloc(buflen);
+ message = malloc0(buflen);
if (!message)
return -ENOMEM;
diff --git a/src/partition/repart.c b/src/partition/repart.c
index 6f67d46..8f64520 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -187,6 +187,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep);
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep);
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep);
STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep);
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep);
@@ -3913,7 +3914,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
}
static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
-#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT
+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
const char *node = partition_target_path(target);
struct crypt_params_luks2 luks_params = {
.label = strempty(ASSERT_PTR(p)->new_label),
@@ -4220,7 +4221,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
if (r < 0)
return log_error_errno(r, "Failed to load reencryption context: %m");
+#if HAVE_CRYPT_REENCRYPT_RUN
+ r = sym_crypt_reencrypt_run(cd, NULL, NULL);
+#else
r = sym_crypt_reencrypt(cd, NULL);
+#endif
if (r < 0)
return log_error_errno(r, "Failed to encrypt %s: %m", node);
} else {
@@ -4232,7 +4237,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
dm_name,
NULL,
VOLUME_KEY_SIZE,
- arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
+ (arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0) | CRYPT_ACTIVATE_PRIVATE);
if (r < 0)
return log_error_errno(r, "Failed to activate LUKS superblock: %m");
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index 340f11f..b37f541 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -706,9 +706,6 @@ bool dns_server_dnssec_supported(DnsServer *server) {
if (dns_server_get_dnssec_mode(server) == DNSSEC_YES) /* If strict DNSSEC mode is enabled, always assume DNSSEC mode is supported. */
return true;
- if (!DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(server->possible_feature_level))
- return false;
-
if (server->packet_bad_opt)
return false;
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
index 288e6e8..d0dd434 100644
--- a/src/shared/cryptsetup-util.c
+++ b/src/shared/cryptsetup-util.c
@@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
#endif
-#if HAVE_CRYPT_REENCRYPT
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+#if HAVE_CRYPT_REENCRYPT_RUN
+DLSYM_FUNCTION(crypt_reencrypt_run);
+#elif HAVE_CRYPT_REENCRYPT
DLSYM_FUNCTION(crypt_reencrypt);
-REENABLE_WARNING;
#endif
DLSYM_FUNCTION(crypt_metadata_locking);
#if HAVE_CRYPT_SET_DATA_OFFSET
@@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {
/* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
* crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
- * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the
- * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off
- * warnings about this for now. */
-
- DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+ * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
+ * symbol if the new one is not available. */
ELF_NOTE_DLOPEN("cryptsetup",
"Support for disk encryption, integrity, and authentication",
@@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
#endif
-#if HAVE_CRYPT_REENCRYPT
+#if HAVE_CRYPT_REENCRYPT_RUN
+ DLSYM_ARG(crypt_reencrypt_run),
+#elif HAVE_CRYPT_REENCRYPT
DLSYM_ARG(crypt_reencrypt),
#endif
DLSYM_ARG(crypt_metadata_locking),
@@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
if (r <= 0)
return r;
- REENABLE_WARNING;
-
/* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
* libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
* whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
index f00ac36..d255e59 100644
--- a/src/shared/cryptsetup-util.h
+++ b/src/shared/cryptsetup-util.h
@@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
#endif
-#if HAVE_CRYPT_REENCRYPT
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+#if HAVE_CRYPT_REENCRYPT_RUN
+DLSYM_PROTOTYPE(crypt_reencrypt_run);
+#elif HAVE_CRYPT_REENCRYPT
DLSYM_PROTOTYPE(crypt_reencrypt);
-REENABLE_WARNING;
#endif
DLSYM_PROTOTYPE(crypt_metadata_locking);
#if HAVE_CRYPT_SET_DATA_OFFSET
diff --git a/src/shared/install.c b/src/shared/install.c
index dd2bd5c..c94b456 100644
--- a/src/shared/install.c
+++ b/src/shared/install.c
@@ -2282,7 +2282,9 @@ static int install_context_mark_for_removal(
else {
log_debug_errno(r, "Unit %s not found, removing name.", i->name);
r = install_changes_add(changes, n_changes, r, i->path ?: i->name, NULL);
- if (r < 0)
+ /* In case there's no unit, we still want to remove any leftover symlink, even if
+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
+ if (r != -ENOENT)
return r;
}
} else if (r < 0) {
@@ -2874,9 +2876,13 @@ static int do_unit_file_disable(
r = install_info_add(&ctx, *name, NULL, lp->root_dir, /* auxiliary= */ false, &info);
if (r >= 0)
r = install_info_traverse(&ctx, lp, info, SEARCH_LOAD|SEARCH_FOLLOW_CONFIG_SYMLINKS, NULL);
-
- if (r < 0)
- return install_changes_add(changes, n_changes, r, *name, NULL);
+ if (r < 0) {
+ r = install_changes_add(changes, n_changes, r, *name, NULL);
+ /* In case there's no unit, we still want to remove any leftover symlink, even if
+ * the unit might have been removed already, hence treating ENOENT as non-fatal. */
+ if (r != -ENOENT)
+ return r;
+ }
/* If we enable multiple units, some with install info and others without,
* the "empty [Install] section" warning is not shown. Let's make the behavior
diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
index c71c868..153a411 100644
--- a/src/shared/logs-show.c
+++ b/src/shared/logs-show.c
@@ -450,6 +450,9 @@ static void parse_display_realtime(
assert(j);
assert(ret);
+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
+ source_monotonic = NULL;
+
/* First, try _SOURCE_REALTIME_TIMESTAMP. */
if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t)) {
*ret = t;
@@ -488,6 +491,9 @@ static void parse_display_timestamp(
assert(ret_display_ts);
assert(ret_boot_id);
+ // FIXME: _SOURCE_MONOTONIC_TIMESTAMP is in CLOCK_BOOTTIME, hence we cannot use it for adjusting realtime.
+ source_monotonic = NULL;
+
if (source_realtime && safe_atou64(source_realtime, &t) >= 0 && VALID_REALTIME(t))
source_ts.realtime = t;
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 87ce53c..9603f18 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -2119,6 +2119,8 @@ int tpm2_create_primary(
/* creationData= */ NULL,
/* creationHash= */ NULL,
/* creationTicket= */ NULL);
+ if (rc == TPM2_RC_BAD_AUTH)
+ return log_debug_errno(SYNTHETIC_ERRNO(EDEADLK), "Authorization failure while attempting to enroll SRK into TPM.");
if (rc != TSS2_RC_SUCCESS)
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
"Failed to generate primary key in TPM: %s",
diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h
index e3f6806..16e9986 100644
--- a/src/systemd/sd-messages.h
+++ b/src/systemd/sd-messages.h
@@ -272,6 +272,9 @@ _SD_BEGIN_DECLARATIONS;
#define SD_MESSAGE_PORTABLE_DETACHED SD_ID128_MAKE(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
#define SD_MESSAGE_PORTABLE_DETACHED_STR SD_ID128_MAKE_STR(76,c5,c7,54,d6,28,49,0d,8e,cb,a4,c9,d0,42,11,2b)
+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION SD_ID128_MAKE(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
+#define SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR SD_ID128_MAKE_STR(ad,70,89,f9,28,ac,4f,7e,a0,0c,07,45,7d,47,ba,8a)
+
_SD_END_DECLARATIONS;
#endif
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 807925f..8cc8c1c 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -3024,10 +3024,16 @@ static int remove_recursive(
return r;
if (remove_instance) {
- log_debug("Removing directory \"%s\".", instance);
- r = RET_NERRNO(rmdir(instance));
- if (r < 0 && !IN_SET(r, -ENOENT, -ENOTEMPTY))
- return log_error_errno(r, "Failed to remove %s: %m", instance);
+ log_action("Would remove", "Removing", "%s directory \"%s\".", instance);
+ if (!arg_dry_run) {
+ r = RET_NERRNO(rmdir(instance));
+ if (r < 0) {
+ bool fatal = !IN_SET(r, -ENOENT, -ENOTEMPTY);
+ log_full_errno(fatal ? LOG_ERR : LOG_DEBUG, r, "Failed to remove %s: %m", instance);
+ if (fatal)
+ return r;
+ }
+ }
}
return 0;
}
@@ -4142,7 +4148,9 @@ static int help(void) {
"\n%3$sCommands:%4$s\n"
" --create Create files and directories\n"
" --clean Clean up files and directories\n"
- " --remove Remove files and directories\n"
+ " --remove Remove files and directories marked for removal\n"
+ " --purge Delete files and directories marked for creation in\n"
+ " specified configuration files (careful!)\n"
" -h --help Show this help\n"
" --version Show package version\n"
"\n%3$sOptions:%4$s\n"
@@ -4151,7 +4159,6 @@ static int help(void) {
" --tldr Show non-comment parts of configuration\n"
" --boot Execute actions only safe at boot\n"
" --graceful Quietly ignore unknown users or groups\n"
- " --purge Delete all files owned by the configuration files\n"
" --prefix=PATH Only apply rules with the specified prefix\n"
" --exclude-prefix=PATH Ignore rules with the specified prefix\n"
" -E Ignore rules prefixed with /dev, /proc, /run, /sys\n"
@@ -4338,6 +4345,10 @@ static int parse_argv(int argc, char *argv[]) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"You need to specify at least one of --clean, --create, --remove, or --purge.");
+ if (FLAGS_SET(arg_operation, OPERATION_PURGE) && optind >= argc)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Refusing --purge without specification of a configuration file.");
+
if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Option --replace= is not supported with --cat-config/--tldr.");
diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
index 35628fc..b95c5e7 100644
--- a/src/tpm2-setup/tpm2-setup.c
+++ b/src/tpm2-setup/tpm2-setup.c
@@ -3,6 +3,8 @@
#include <getopt.h>
#include <unistd.h>
+#include "sd-messages.h"
+
#include "build.h"
#include "fd-util.h"
#include "fileio.h"
@@ -223,6 +225,8 @@ static int load_public_key_tpm2(struct public_key_data *ret) {
/* ret_name= */ NULL,
/* ret_qname= */ NULL,
NULL);
+ if (r == -EDEADLK)
+ return r;
if (r < 0)
return log_error_errno(r, "Failed to get or create SRK: %m");
if (r > 0)
@@ -289,6 +293,13 @@ static int run(int argc, char *argv[]) {
}
r = load_public_key_tpm2(&tpm2_key);
+ if (r == -EDEADLK) {
+ log_struct_errno(LOG_INFO, r,
+ LOG_MESSAGE("Insufficient permissions to access TPM, not generating SRK."),
+ "MESSAGE_ID=" SD_MESSAGE_SRK_ENROLLMENT_NEEDS_AUTHORIZATION_STR);
+ return 76; /* Special return value which means "Insufficient permissions to access TPM,
+ * cannot generate SRK". This isn't really an error when called at boot. */;
+ }
if (r < 0)
return r;
@@ -383,4 +394,4 @@ static int run(int argc, char *argv[]) {
return 0;
}
-DEFINE_MAIN_FUNCTION(run);
+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);
diff --git a/test/TEST-02-UNITTESTS/test.sh b/test/TEST-02-UNITTESTS/test.sh
index f165c99..2cf9c31 100755
--- a/test/TEST-02-UNITTESTS/test.sh
+++ b/test/TEST-02-UNITTESTS/test.sh
@@ -37,12 +37,4 @@ test_append_files() {
fi
}
-check_result_nspawn() {
- check_result_nspawn_unittests "${1}"
-}
-
-check_result_qemu() {
- check_result_qemu_unittests
-}
-
do_test "$@"
diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build
index 7a850be..9261a49 100644
--- a/test/TEST-06-SELINUX/meson.build
+++ b/test/TEST-06-SELINUX/meson.build
@@ -5,7 +5,8 @@ integration_tests += [
'name' : fs.name(meson.current_source_dir()),
'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
# FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
- 'firmware' : 'uefi',
+ # Use 'auto' to automatically fallback on non-uefi architectures.
+ 'firmware' : 'auto',
'vm' : true,
},
]
diff --git a/test/TEST-09-REBOOT/meson.build b/test/TEST-09-REBOOT/meson.build
index c4b41bc..b755618 100644
--- a/test/TEST-09-REBOOT/meson.build
+++ b/test/TEST-09-REBOOT/meson.build
@@ -4,7 +4,5 @@ integration_tests += [
integration_test_template + {
'name' : fs.name(meson.current_source_dir()),
'storage' : 'persistent',
- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
- 'firmware' : 'uefi',
},
]
diff --git a/test/TEST-18-FAILUREACTION/meson.build b/test/TEST-18-FAILUREACTION/meson.build
index 5edfbca..8dec5f3 100644
--- a/test/TEST-18-FAILUREACTION/meson.build
+++ b/test/TEST-18-FAILUREACTION/meson.build
@@ -3,7 +3,5 @@
integration_tests += [
integration_test_template + {
'name' : fs.name(meson.current_source_dir()),
- # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
- 'firmware' : 'uefi',
},
]
diff --git a/test/integration-test-wrapper.py b/test/integration-test-wrapper.py
index 5b098a3..b6a16aa 100755
--- a/test/integration-test-wrapper.py
+++ b/test/integration-test-wrapper.py
@@ -2,10 +2,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
'''Test wrapper command for driving integration tests.
-
-Note: This is deliberately rough and only intended to drive existing tests
-with the expectation that as part of formally defining the API it will be tidy.
-
'''
import argparse
@@ -61,6 +57,10 @@ def main():
print(f"SYSTEMD_SLOW_TESTS=1 not found in environment, skipping {args.name}", file=sys.stderr)
exit(77)
+ if args.vm and bool(int(os.getenv("TEST_NO_QEMU", "0"))):
+ print(f"TEST_NO_QEMU=1, skipping {args.name}", file=sys.stderr)
+ exit(77)
+
name = args.name + (f"-{i}" if (i := os.getenv("MESON_TEST_ITERATION")) else "")
dropin = textwrap.dedent(
@@ -128,6 +128,7 @@ def main():
*args.mkosi_args,
'--append',
'--qemu-firmware', args.firmware,
+ '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no",
'--kernel-command-line-extra',
' '.join([
'systemd.hostname=H',
diff --git a/test/test-functions b/test/test-functions
index be6eb1d..8b497b2 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1860,74 +1860,6 @@ check_result_qemu() {
return $ret
}
-check_result_nspawn_unittests() {
- local workspace="${1:?}"
- local ret=1
-
- [[ -e "$workspace/testok" ]] && ret=0
-
- if [[ -s "$workspace/failed" ]]; then
- ret=$((ret + 1))
- echo "=== Failed test log ==="
- cat "$workspace/failed"
- else
- if [[ -s "$workspace/skipped" ]]; then
- echo "=== Skipped test log =="
- cat "$workspace/skipped"
- # We might have only skipped tests - that should not fail the job
- ret=0
- fi
- if [[ -s "$workspace/testok" ]]; then
- echo "=== Passed tests ==="
- cat "$workspace/testok"
- fi
- fi
-
- get_bool "${TIMED_OUT:=}" && ret=1
- check_coverage_reports "$workspace" || ret=5
-
- save_journal "$workspace/var/log/journal" $ret
- echo "${JOURNAL_LIST:-"No journals were saved"}"
-
- _umount_dir "${initdir:?}"
-
- return $ret
-}
-
-check_result_qemu_unittests() {
- local ret=1
-
- mount_initdir
- [[ -e "${initdir:?}/testok" ]] && ret=0
-
- if [[ -s "$initdir/failed" ]]; then
- ret=$((ret + 1))
- echo "=== Failed test log ==="
- cat "$initdir/failed"
- else
- if [[ -s "$initdir/skipped" ]]; then
- echo "=== Skipped test log =="
- cat "$initdir/skipped"
- # We might have only skipped tests - that should not fail the job
- ret=0
- fi
- if [[ -s "$initdir/testok" ]]; then
- echo "=== Passed tests ==="
- cat "$initdir/testok"
- fi
- fi
-
- get_bool "${TIMED_OUT:=}" && ret=1
- check_coverage_reports "$initdir" || ret=5
-
- save_journal "$initdir/var/log/journal" $ret
- echo "${JOURNAL_LIST:-"No journals were saved"}"
-
- _umount_dir "$initdir"
-
- return $ret
-}
-
create_rc_local() {
dinfo "Create rc.local"
mkdir -p "${initdir:?}/etc/rc.d"
diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
index 92cb07f..0355c7a 100755
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@@ -5824,6 +5824,8 @@ class NetworkdRATests(unittest.TestCase, Utilities):
self.assertIn('pref high', output)
self.assertNotIn('pref low', output)
+ # radvd supports captive portal since v2.20.
+ # https://github.com/radvd-project/radvd/commit/791179a7f730decbddb2290ef0e34aa85d71b1bc
@unittest.skipUnless(radvd_check_config('captive-portal.conf'), "Installed radvd doesn't support captive portals")
def test_captive_portal(self):
copy_network_unit('25-veth-client.netdev',
diff --git a/test/units/TEST-02-UNITTESTS.sh b/test/units/TEST-02-UNITTESTS.sh
index 6392425..4448643 100755
--- a/test/units/TEST-02-UNITTESTS.sh
+++ b/test/units/TEST-02-UNITTESTS.sh
@@ -95,6 +95,20 @@ export -f run_test
find /usr/lib/systemd/tests/unit-tests/ -maxdepth 1 -type f -name "${TESTS_GLOB}" -print0 |
xargs -0 -I {} --max-procs="$MAX_QUEUE_SIZE" bash -ec "run_test {}"
+# Write all pending messages, so they don't get mixed with the summaries below
+journalctl --sync
+
+# No need for full test logs in this case
+if [[ -s /skipped-tests ]]; then
+ : "=== SKIPPED TESTS ==="
+ cat /skipped-tests
+fi
+
+if [[ -s /failed ]]; then
+ : "=== FAILED TESTS ==="
+ cat /failed
+fi
+
# Test logs are sometimes lost, as the system shuts down immediately after
journalctl --sync
diff --git a/test/units/TEST-26-SYSTEMCTL.sh b/test/units/TEST-26-SYSTEMCTL.sh
index ae7a5d6..1471f3f 100755
--- a/test/units/TEST-26-SYSTEMCTL.sh
+++ b/test/units/TEST-26-SYSTEMCTL.sh
@@ -343,6 +343,12 @@ systemctl cat "$UNIT_NAME"
systemctl help "$UNIT_NAME"
systemctl service-watchdogs
systemctl service-watchdogs "$(systemctl service-watchdogs)"
+# Ensure that the enablement symlinks can still be removed after the user is gone, to avoid having leftovers
+systemctl enable "$UNIT_NAME"
+systemctl stop "$UNIT_NAME"
+rm -f "/usr/lib/systemd/system/$UNIT_NAME"
+systemctl daemon-reload
+systemctl disable "$UNIT_NAME"
# show/set-environment
# Make sure PATH is set
diff --git a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
index 165af47..f8a2a62 100755
--- a/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
+++ b/test/units/TEST-43-PRIVATEUSER-UNPRIV.sh
@@ -6,13 +6,13 @@ set -o pipefail
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
-install_extension_images
-
if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
echo "Cannot create unprivileged user namespaces" >/skipped
exit 77
fi
+install_extension_images
+
systemd-analyze log-level debug
runas testuser systemd-run --wait --user --unit=test-private-users \
diff --git a/units/systemd-tmpfiles-setup.service b/units/systemd-tmpfiles-setup.service
index 6cae328..b92beb7 100644
--- a/units/systemd-tmpfiles-setup.service
+++ b/units/systemd-tmpfiles-setup.service
@@ -8,7 +8,7 @@
# (at your option) any later version.
[Unit]
-Description=Create Volatile Files and Directories
+Description=Create System Files and Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
DefaultDependencies=no
diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in
index 9982c84..7fdb99b 100644
--- a/units/systemd-tpm2-setup-early.service.in
+++ b/units/systemd-tpm2-setup-early.service.in
@@ -21,3 +21,6 @@ ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
Type=oneshot
RemainAfterExit=yes
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
+
+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
+SuccessExitStatus=76
diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in
index 0af7292..ac29a76 100644
--- a/units/systemd-tpm2-setup.service.in
+++ b/units/systemd-tpm2-setup.service.in
@@ -22,3 +22,6 @@ ConditionPathExists=!/etc/initrd-release
Type=oneshot
RemainAfterExit=yes
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful
+
+# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
+SuccessExitStatus=76
diff --git a/units/user/systemd-tmpfiles-setup.service b/units/user/systemd-tmpfiles-setup.service
index 156689e..54e453c 100644
--- a/units/user/systemd-tmpfiles-setup.service
+++ b/units/user/systemd-tmpfiles-setup.service
@@ -8,7 +8,7 @@
# (at your option) any later version.
[Unit]
-Description=Create User's Volatile Files and Directories
+Description=Create User Files and Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
DefaultDependencies=no
Conflicts=shutdown.target