From 164fc388883669be83f5bee49edd0866d80ae1d4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 1 Nov 2025 22:13:27 +0100 Subject: [PATCH 1/5] shared: Forward declare InstallChange in shared-forward.h --- src/shared/shared-forward.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shared/shared-forward.h b/src/shared/shared-forward.h index 9fa7a7ce73..3695d4e671 100644 --- a/src/shared/shared-forward.h +++ b/src/shared/shared-forward.h @@ -64,6 +64,7 @@ typedef struct Fido2HmacSalt Fido2HmacSalt; typedef struct GroupRecord GroupRecord; typedef struct Image Image; typedef struct ImagePolicy ImagePolicy; +typedef struct InstallChange InstallChange; typedef struct InstallInfo InstallInfo; typedef struct LookupPaths LookupPaths; typedef struct LoopDevice LoopDevice; From 0d91a204cb78d692f23e80d3a08f9b81ecad753a Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sat, 1 Nov 2025 22:15:36 +0100 Subject: [PATCH 2/5] bus-wait-for-jobs: Make sure we always debug log If we're not logging at a higher priority level, let's still log at debug log level to help with debugging. --- src/shared/bus-wait-for-jobs.c | 103 ++++++++++++++++++--------------- 1 file changed, 55 insertions(+), 48 deletions(-) diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c index e8a5b4cee1..fac7fe112e 100644 --- a/src/shared/bus-wait-for-jobs.c +++ b/src/shared/bus-wait-for-jobs.c @@ -161,7 +161,11 @@ static int bus_job_get_service_result(BusWaitForJobs *d, char **ret) { ret); } -static void log_job_error_with_service_result(const char* service, const char *result, const char* const* extra_args) { +static void log_job_error_with_service_result( + const char* service, + const char *result, + bool quiet, + const char* const* extra_args) { static const struct { const char *result, *explanation; @@ -195,24 +199,27 @@ static void log_job_error_with_service_result(const char* service, const char *r if (!isempty(result)) FOREACH_ELEMENT(i, explanations) if (streq(result, i->result)) { - log_error("Job for %s failed because %s.\n" - "See \"%s status %s\" and \"%s -xeu %s\" for details.\n", - service, i->explanation, - systemctl, service_shell_quoted ?: "", - journalctl, service_shell_quoted ?: ""); + log_full(quiet ? LOG_DEBUG : LOG_ERR, + "Job for %s failed because %s.\n" + "See \"%s status %s\" and \"%s -xeu %s\" for details.\n", + service, i->explanation, + systemctl, service_shell_quoted ?: "", + journalctl, service_shell_quoted ?: ""); goto extra; } - log_error("Job for %s failed.\n" - "See \"%s status %s\" and \"%s -xeu %s\" for details.\n", - service, - systemctl, service_shell_quoted ?: "", - journalctl, service_shell_quoted ?: ""); + log_full(quiet ? LOG_DEBUG : LOG_ERR, + "Job for %s failed.\n" + "See \"%s status %s\" and \"%s -xeu %s\" for details.\n", + service, + systemctl, service_shell_quoted ?: "", + journalctl, service_shell_quoted ?: ""); extra: /* For some results maybe additional explanation is required */ if (streq_ptr(result, "start-limit-hit")) - log_info("To force a start use \"%1$s reset-failed %2$s\"\n" + log_full(quiet ? LOG_DEBUG : LOG_INFO, + "To force a start use \"%1$s reset-failed %2$s\"\n" "followed by \"%1$s start %2$s\" again.", systemctl, service_shell_quoted ?: ""); @@ -226,51 +233,51 @@ static int check_wait_response(BusWaitForJobs *d, WaitJobsFlags flags, const cha assert(d->result); if (streq(d->result, "done")) { - if (FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_SUCCESS)) - log_info("Job for %s finished.", d->name); + log_full(FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_SUCCESS) ? LOG_INFO : LOG_DEBUG, + "Job for %s finished.", d->name); return 0; } else if (streq(d->result, "skipped")) { - if (FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_SUCCESS)) - log_info("Job for %s was skipped.", d->name); + log_full(FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_SUCCESS) ? LOG_INFO : LOG_DEBUG, + "Job for %s was skipped.", d->name); return 0; } - if (FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_ERROR)) { - if (streq(d->result, "canceled")) - log_error("Job for %s canceled.", d->name); - else if (streq(d->result, "timeout")) - log_error("Job for %s timed out.", d->name); - else if (streq(d->result, "dependency")) - log_error("A dependency job for %s failed. See 'journalctl -xe' for details.", d->name); - else if (streq(d->result, "invalid")) - log_error("%s is not active, cannot reload.", d->name); - else if (streq(d->result, "assert")) - log_error("Assertion failed on job for %s.", d->name); - else if (streq(d->result, "unsupported")) - log_error("Operation on or unit type of %s not supported on this system.", d->name); - else if (streq(d->result, "collected")) - log_error("Queued job for %s was garbage collected.", d->name); - else if (streq(d->result, "once")) - log_error("Unit %s was started already once and can't be started again.", d->name); - else if (streq(d->result, "frozen")) - log_error("Cannot perform operation on frozen unit %s.", d->name); - else if (streq(d->result, "concurrency")) - log_error("Concurrency limit of a slice unit %s is contained in has been reached.", d->name); - else if (endswith(d->name, ".service")) { - /* Job result is unknown. For services, let's also try Result property. */ - _cleanup_free_ char *result = NULL; + int priority = FLAGS_SET(flags, BUS_WAIT_JOBS_LOG_ERROR) ? LOG_ERR : LOG_DEBUG; - r = bus_job_get_service_result(d, &result); - if (r < 0) - log_debug_errno(r, "Failed to get Result property of unit %s, ignoring: %m", - d->name); + if (streq(d->result, "canceled")) + log_full(priority, "Job for %s canceled.", d->name); + else if (streq(d->result, "timeout")) + log_full(priority, "Job for %s timed out.", d->name); + else if (streq(d->result, "dependency")) + log_full(priority, "A dependency job for %s failed. See 'journalctl -xe' for details.", d->name); + else if (streq(d->result, "invalid")) + log_full(priority, "%s is not active, cannot reload.", d->name); + else if (streq(d->result, "assert")) + log_full(priority, "Assertion failed on job for %s.", d->name); + else if (streq(d->result, "unsupported")) + log_full(priority, "Operation on or unit type of %s not supported on this system.", d->name); + else if (streq(d->result, "collected")) + log_full(priority, "Queued job for %s was garbage collected.", d->name); + else if (streq(d->result, "once")) + log_full(priority, "Unit %s was started already once and can't be started again.", d->name); + else if (streq(d->result, "frozen")) + log_full(priority, "Cannot perform operation on frozen unit %s.", d->name); + else if (streq(d->result, "concurrency")) + log_full(priority, "Concurrency limit of a slice unit %s is contained in has been reached.", d->name); + else if (endswith(d->name, ".service")) { + /* Job result is unknown. For services, let's also try Result property. */ + _cleanup_free_ char *result = NULL; - log_job_error_with_service_result(d->name, result, extra_args); - } else /* Otherwise we just show a generic message. */ - log_error("Job failed. See \"journalctl -xe\" for details."); - } + r = bus_job_get_service_result(d, &result); + if (r < 0) + log_debug_errno(r, "Failed to get Result property of unit %s, ignoring: %m", + d->name); + + log_job_error_with_service_result(d->name, result, priority, extra_args); + } else /* Otherwise we just show a generic message. */ + log_full(priority, "Job failed. See \"journalctl -xe\" for details."); if (STR_IN_SET(d->result, "canceled", "collected")) return -ECANCELED; From 8bb6f4f164d72f4d801484aba93e952348754cf8 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 2 Nov 2025 13:52:15 +0100 Subject: [PATCH 3/5] stdio-bridge: Add --quiet option When we use stdio-bridge via sd-bus to connect to a bus of a different user, container or host, stdio-bridge should not log at error level but at debug level as it's invoked by the sd-bus library and sd-bus should generally not log above debug level. We can't actually use the --quiet option yet as that would break connecting to hosts running older versions of systemd but let's already add the option now in preparation for a brighter future. --- man/systemd-stdio-bridge.xml | 9 +++++ src/stdio-bridge/stdio-bridge.c | 66 +++++++++++++++++++-------------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/man/systemd-stdio-bridge.xml b/man/systemd-stdio-bridge.xml index ae760cc039..1b73928725 100644 --- a/man/systemd-stdio-bridge.xml +++ b/man/systemd-stdio-bridge.xml @@ -69,6 +69,15 @@ + + + + + Suppresses error logging on failure. + + + + diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c index 804762ab2e..a131e2afe9 100644 --- a/src/stdio-bridge/stdio-bridge.c +++ b/src/stdio-bridge/stdio-bridge.c @@ -20,6 +20,7 @@ static const char *arg_bus_path = DEFAULT_SYSTEM_BUS_ADDRESS; static BusTransport arg_transport = BUS_TRANSPORT_LOCAL; static RuntimeScope arg_runtime_scope = RUNTIME_SCOPE_SYSTEM; +static bool arg_quiet = false; static int help(void) { printf("%s [OPTIONS...]\n\n" @@ -29,7 +30,8 @@ static int help(void) { " -p --bus-path=PATH Path to the bus address (default: %s)\n" " --system Connect to system bus\n" " --user Connect to user bus\n" - " -M --machine=CONTAINER Name of local container to connect to\n", + " -M --machine=CONTAINER Name of local container to connect to\n" + " -q --quiet Fail silently instead of logging errors\n", program_invocation_short_name, DEFAULT_SYSTEM_BUS_ADDRESS); return 0; @@ -50,10 +52,11 @@ static int parse_argv(int argc, char *argv[]) { { "user", no_argument, NULL, ARG_USER }, { "system", no_argument, NULL, ARG_SYSTEM }, { "machine", required_argument, NULL, 'M' }, + { "quiet", no_argument, NULL, 'q' }, {}, }; - int r, c; + int c, r; assert(argc >= 0); assert(argv); @@ -86,6 +89,10 @@ static int parse_argv(int argc, char *argv[]) { return r; break; + case 'q': + arg_quiet = true; + break; + case '?': return -EINVAL; @@ -94,9 +101,9 @@ static int parse_argv(int argc, char *argv[]) { } if (argc > optind) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "%s takes no arguments.", - program_invocation_short_name); + return log_full_errno(arg_quiet ? LOG_DEBUG : LOG_ERR, SYNTHETIC_ERRNO(EINVAL), + "%s takes no arguments.", + program_invocation_short_name); return 1; } @@ -105,7 +112,7 @@ static int run(int argc, char *argv[]) { _cleanup_(sd_bus_flush_close_unrefp) sd_bus *a = NULL, *b = NULL; sd_id128_t server_id; bool is_unix; - int r, in_fd, out_fd; + int in_fd, out_fd, r; log_setup(); @@ -113,6 +120,8 @@ static int run(int argc, char *argv[]) { if (r <= 0) return r; + int priority = arg_quiet ? LOG_DEBUG : LOG_ERR; + r = sd_listen_fds(0); if (r == 0) { in_fd = STDIN_FILENO; @@ -121,7 +130,8 @@ static int run(int argc, char *argv[]) { in_fd = SD_LISTEN_FDS_START; out_fd = SD_LISTEN_FDS_START; } else - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "More than one file descriptor was passed."); + return log_full_errno(priority, SYNTHETIC_ERRNO(EINVAL), + "More than one file descriptor was passed."); is_unix = sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 && @@ -129,50 +139,50 @@ static int run(int argc, char *argv[]) { r = sd_bus_new(&a); if (r < 0) - return log_error_errno(r, "Failed to allocate bus: %m"); + return log_full_errno(priority, r, "Failed to allocate bus: %m"); if (arg_transport == BUS_TRANSPORT_MACHINE) r = bus_set_address_machine(a, arg_runtime_scope, arg_bus_path); else r = sd_bus_set_address(a, arg_bus_path); if (r < 0) - return log_error_errno(r, "Failed to set address to connect to: %m"); + return log_full_errno(priority, r, "Failed to set address to connect to: %m"); r = sd_bus_negotiate_fds(a, is_unix); if (r < 0) - return log_error_errno(r, "Failed to set FD negotiation: %m"); + return log_full_errno(priority, r, "Failed to set FD negotiation: %m"); r = sd_bus_start(a); if (r < 0) - return bus_log_connect_error(r, arg_transport, arg_runtime_scope); + return bus_log_connect_full(priority, r, arg_transport, arg_runtime_scope); r = sd_bus_get_bus_id(a, &server_id); if (r < 0) - return log_error_errno(r, "Failed to get server ID: %m"); + return log_full_errno(priority, r, "Failed to get server ID: %m"); r = sd_bus_new(&b); if (r < 0) - return log_error_errno(r, "Failed to allocate bus: %m"); + return log_full_errno(priority, r, "Failed to allocate bus: %m"); r = sd_bus_set_fd(b, in_fd, out_fd); if (r < 0) - return log_error_errno(r, "Failed to set fds: %m"); + return log_full_errno(priority, r, "Failed to set fds: %m"); r = sd_bus_set_server(b, 1, server_id); if (r < 0) - return log_error_errno(r, "Failed to set server mode: %m"); + return log_full_errno(priority, r, "Failed to set server mode: %m"); r = sd_bus_negotiate_fds(b, is_unix); if (r < 0) - return log_error_errno(r, "Failed to set FD negotiation: %m"); + return log_full_errno(priority, r, "Failed to set FD negotiation: %m"); r = sd_bus_set_anonymous(b, true); if (r < 0) - return log_error_errno(r, "Failed to set anonymous authentication: %m"); + return log_full_errno(priority, r, "Failed to set anonymous authentication: %m"); r = sd_bus_start(b); if (r < 0) - return log_error_errno(r, "Failed to start bus forwarding server: %m"); + return log_full_errno(priority, r, "Failed to start bus forwarding server: %m"); for (;;) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; @@ -185,14 +195,14 @@ static int run(int argc, char *argv[]) { if (ERRNO_IS_NEG_DISCONNECT(r)) /* Treat 'connection reset by peer' as clean exit condition */ return 0; if (r < 0) - return log_error_errno(r, "Failed to process bus a: %m"); + return log_full_errno(priority, r, "Failed to process bus a: %m"); if (m) { if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected")) return 0; r = sd_bus_send(b, m, NULL); if (r < 0) - return log_error_errno(r, "Failed to send message: %m"); + return log_full_errno(priority, r, "Failed to send message: %m"); } if (r > 0) @@ -202,14 +212,14 @@ static int run(int argc, char *argv[]) { if (ERRNO_IS_NEG_DISCONNECT(r)) /* Treat 'connection reset by peer' as clean exit condition */ return 0; if (r < 0) - return log_error_errno(r, "Failed to process bus: %m"); + return log_full_errno(priority, r, "Failed to process bus: %m"); if (m) { if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected")) return 0; r = sd_bus_send(a, m, NULL); if (r < 0) - return log_error_errno(r, "Failed to send message: %m"); + return log_full_errno(priority, r, "Failed to send message: %m"); } if (r > 0) @@ -217,23 +227,23 @@ static int run(int argc, char *argv[]) { fd = sd_bus_get_fd(a); if (fd < 0) - return log_error_errno(fd, "Failed to get fd: %m"); + return log_full_errno(priority, fd, "Failed to get fd: %m"); events_a = sd_bus_get_events(a); if (events_a < 0) - return log_error_errno(events_a, "Failed to get events mask: %m"); + return log_full_errno(priority, events_a, "Failed to get events mask: %m"); r = sd_bus_get_timeout(a, &timeout_a); if (r < 0) - return log_error_errno(r, "Failed to get timeout: %m"); + return log_full_errno(priority, r, "Failed to get timeout: %m"); events_b = sd_bus_get_events(b); if (events_b < 0) - return log_error_errno(events_b, "Failed to get events mask: %m"); + return log_full_errno(priority, events_b, "Failed to get events mask: %m"); r = sd_bus_get_timeout(b, &timeout_b); if (r < 0) - return log_error_errno(r, "Failed to get timeout: %m"); + return log_full_errno(priority, r, "Failed to get timeout: %m"); t = usec_sub_unsigned(MIN(timeout_a, timeout_b), now(CLOCK_MONOTONIC)); @@ -245,7 +255,7 @@ static int run(int argc, char *argv[]) { r = ppoll_usec(p, ELEMENTSOF(p), t); if (r < 0 && !ERRNO_IS_TRANSIENT(r)) /* don't be bothered by signals, i.e. EINTR */ - return log_error_errno(r, "ppoll() failed: %m"); + return log_full_errno(priority, r, "ppoll() failed: %m"); } } From dcf8bdf01d4884190f5fef64c4f57776f05523a4 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 2 Nov 2025 17:52:14 +0100 Subject: [PATCH 4/5] stdio-bridge: Fix --user If --user was specified we would still try to use the system bus address. --- src/stdio-bridge/stdio-bridge.c | 46 +++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/src/stdio-bridge/stdio-bridge.c b/src/stdio-bridge/stdio-bridge.c index a131e2afe9..441d8c655a 100644 --- a/src/stdio-bridge/stdio-bridge.c +++ b/src/stdio-bridge/stdio-bridge.c @@ -17,7 +17,7 @@ #include "parse-argument.h" #include "time-util.h" -static const char *arg_bus_path = DEFAULT_SYSTEM_BUS_ADDRESS; +static const char *arg_bus_path = NULL; static BusTransport arg_transport = BUS_TRANSPORT_LOCAL; static RuntimeScope arg_runtime_scope = RUNTIME_SCOPE_SYSTEM; static bool arg_quiet = false; @@ -108,6 +108,45 @@ static int parse_argv(int argc, char *argv[]) { return 1; } +static int bus_set_address( + sd_bus *bus, + BusTransport transport, + const char *bus_path, + RuntimeScope runtime_scope) { + + int r; + + assert(bus); + + switch (transport) { + + case BUS_TRANSPORT_LOCAL: + + if (bus_path) + return sd_bus_set_address(bus, bus_path); + + switch (runtime_scope) { + + case RUNTIME_SCOPE_USER: + return bus_set_address_user(bus); + + case RUNTIME_SCOPE_SYSTEM: + return bus_set_address_system(bus); + + default: + assert_not_reached(); + } + + case BUS_TRANSPORT_MACHINE: + return bus_set_address_machine(bus, runtime_scope, bus_path); + + default: + assert_not_reached(); + } + + return r; +} + static int run(int argc, char *argv[]) { _cleanup_(sd_bus_flush_close_unrefp) sd_bus *a = NULL, *b = NULL; sd_id128_t server_id; @@ -141,10 +180,7 @@ static int run(int argc, char *argv[]) { if (r < 0) return log_full_errno(priority, r, "Failed to allocate bus: %m"); - if (arg_transport == BUS_TRANSPORT_MACHINE) - r = bus_set_address_machine(a, arg_runtime_scope, arg_bus_path); - else - r = sd_bus_set_address(a, arg_bus_path); + r = bus_set_address(a, arg_transport, arg_bus_path, arg_runtime_scope); if (r < 0) return log_full_errno(priority, r, "Failed to set address to connect to: %m"); From 59a81bbb80dbae1f5e80d41f674ae246ad09e218 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 2 Nov 2025 14:17:36 +0100 Subject: [PATCH 5/5] sd-bus: Pass --user and --quiet to systemd-stdio-bridge if local If we're switching users but not entering a container, then we can assume that new switches for systemd-stdio-bridge are available, so make use of them in that case. --- src/libsystemd/sd-bus/sd-bus.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index 6908e529d6..5fab814abc 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -1623,14 +1623,20 @@ int bus_set_address_machine(sd_bus *b, RuntimeScope runtime_scope, const char *m if (!a) return -ENOMEM; + bool local = !eh || streq(eh, ".host"); + + /* Ideally we'd always use the "--user" and "--quiet" switches to systemd-stdio-bridge here, + * but they're only available in recent systemd versions, meaning we can only use them if + * we're not connecting to a container. Using the "-p" switch with an explicit path is a + * working alternative for "--user", and is compatible with older versions, hence that's what + * we use when connecting to a container. */ + if (runtime_scope == RUNTIME_SCOPE_USER) { - /* Ideally we'd use the "--user" switch to systemd-stdio-bridge here, but it's only - * available in recent systemd versions. Using the "-p" switch with the explicit path - * is a working alternative, and is compatible with older versions, hence that's what - * we use here. */ - if (!strextend(&a, ",argv7=-punix:path%3d%24%7bXDG_RUNTIME_DIR%7d/bus")) + if (!strextend(&a, local ? ",argv7=--user,argv8=--quiet" : ",argv7=-punix:path%3d%24%7bXDG_RUNTIME_DIR%7d/bus")) + return -ENOMEM; + } else if (local) + if (!strextend(&a, ",argv7=--quiet")) return -ENOMEM; - } } else { _cleanup_free_ char *e = NULL;