From d1b0d8415cc02d4ef94dfaefd4040b749944726a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 30 May 2022 05:11:31 +0900 Subject: [PATCH 01/11] meson: drop redundant spaces --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 4d8dfcadbd..76f57c0fb2 100644 --- a/meson.build +++ b/meson.build @@ -18,7 +18,7 @@ libudev_version = '1.7.6' conf = configuration_data() conf.set_quoted('PROJECT_URL', 'https://systemd.io/') -conf.set('PROJECT_VERSION', meson.project_version(), +conf.set('PROJECT_VERSION', meson.project_version(), description : 'Numerical project version (used where a simple number is expected)') # This is to be used instead of meson.source_root(), as the latter will return From 0b01cac59a33c182dd9e4e6095bd914208a7ee19 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 15 Jun 2023 14:36:42 +0900 Subject: [PATCH 02/11] meson: drop non-existent test directories --- test/meson.build | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/meson.build b/test/meson.build index a049750116..b48434a356 100644 --- a/test/meson.build +++ b/test/meson.build @@ -16,11 +16,8 @@ if install_tests 'testsuite-04.units', 'testsuite-06.units', 'testsuite-07.units', - 'testsuite-10.units', - 'testsuite-11.units', 'testsuite-16.units', 'testsuite-23.units', - 'testsuite-28.units', 'testsuite-30.units', 'testsuite-52.units', 'testsuite-63.units', From f06390d50453f941ab03fa695788b13bc70f4fbd Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 15 Jun 2023 22:03:52 +0900 Subject: [PATCH 03/11] mkosi: install HyperScale repository for CentOS 8 Preparation for bumping meson requirement higher than 0.56.2. --- .../mkosi.reposdir/CentOS-Stream-Hyperscale.repo | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 mkosi.conf.d/11-centos-8/mkosi.reposdir/CentOS-Stream-Hyperscale.repo diff --git a/mkosi.conf.d/11-centos-8/mkosi.reposdir/CentOS-Stream-Hyperscale.repo b/mkosi.conf.d/11-centos-8/mkosi.reposdir/CentOS-Stream-Hyperscale.repo new file mode 100644 index 0000000000..c520c6f1e8 --- /dev/null +++ b/mkosi.conf.d/11-centos-8/mkosi.reposdir/CentOS-Stream-Hyperscale.repo @@ -0,0 +1,7 @@ +[centos-hyperscale] +name=CentOS Stream $releasever - Hyperscale +mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=hyperscale-packages-main +#baseurl=http://mirror.centos.org/$contentdir/$stream/hyperscale/$basearch/packages-main/ +gpgcheck=1 +enabled=1 +gpgkey=https://git.centos.org/rpms/centos-release-hyperscale/raw/c8s-sig-hyperscale/f/SOURCES/RPM-GPG-KEY-CentOS-SIG-HyperScale From 2bd6f87e9576417af0fdb1f18dfd17224b9195bf Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 15 Jun 2023 21:34:17 +0900 Subject: [PATCH 04/11] ci: bump debian release bullseye -> bookworm Preparation for bumping meson requirement higher than 0.56.2. --- .semaphore/semaphore-runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index 1ceaee1f8d..bacb3dd76c 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -6,7 +6,7 @@ set -o pipefail # default to Debian testing DISTRO="${DISTRO:-debian}" -RELEASE="${RELEASE:-bullseye}" +RELEASE="${RELEASE:-bookworm}" BRANCH="${BRANCH:-upstream-ci}" ARCH="${ARCH:-amd64}" CONTAINER="${RELEASE}-${ARCH}" From ff5becf585eeab3f47fe532180c682363fe4c3b3 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 May 2022 03:53:01 +0900 Subject: [PATCH 05/11] meson: bump required version to 0.59.0 fs.stemp() and fs.name() can take File object since 0.59.0. --- meson.build | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/meson.build b/meson.build index 76f57c0fb2..b275718ee6 100644 --- a/meson.build +++ b/meson.build @@ -10,7 +10,7 @@ project('systemd', 'c', 'localstatedir=/var', 'warning_level=2', ], - meson_version : '>= 0.56.0', + meson_version : '>= 0.59.0', ) libsystemd_version = '0.36.0' @@ -4454,16 +4454,13 @@ foreach test : tests versiondep, ] - # FIXME: Drop .format with meson >= 0.59.0 - name = fs.stem('@0@'.format(sources[0])) + name = fs.stem(sources[0]) if not name.endswith('.cc') deps += [userspace] endif name = name.split('.')[0] - suite = fs.name(fs.parent('@0@'.format(sources[0]))) - # FIXME: Use str.replace() with meson >= 0.58.0 - suite = suite.split('sd-')[-1] + suite = fs.name(fs.parent(sources[0])).replace('sd-', '') if condition != '' and conf.get(condition) == 0 message('Not compiling @0@ because @1@ is not true'.format(name, condition)) @@ -4594,8 +4591,7 @@ foreach fuzzer : fuzzers endif sources += fuzz_generated_directives - # FIXME: Drop .format with meson >= 0.59.0 - name = fs.stem('@0@'.format(sources[0])) + name = fs.stem(sources[0]) exe = executable( name, From 35c035a1a76cd7aa633c483f0094f03395a9c28f Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 16 May 2022 04:08:21 +0900 Subject: [PATCH 06/11] meson: bump required version to 0.60.0 To suppress warning about install_tag argument. --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index b275718ee6..5d98f742e6 100644 --- a/meson.build +++ b/meson.build @@ -10,7 +10,7 @@ project('systemd', 'c', 'localstatedir=/var', 'warning_level=2', ], - meson_version : '>= 0.59.0', + meson_version : '>= 0.60.0', ) libsystemd_version = '0.36.0' From 83dda3d28b5974c363fb9e9c7f244693a29cb415 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 30 Apr 2022 03:43:29 +0000 Subject: [PATCH 07/11] ci: drop the "find" kludge meson no longer complains about install_tag --- .github/workflows/build_test.sh | 5 ----- .github/workflows/unit_tests.sh | 8 -------- 2 files changed, 13 deletions(-) diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index 35a0586b44..438bc0988d 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -123,11 +123,6 @@ ninja --version for args in "${ARGS[@]}"; do SECONDS=0 - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' - # mold < 1.1 does not support LTO. if dpkg --compare-versions "$(dpkg-query --showformat='${Version}' --show mold)" ge 1.1; then fatal "Newer mold version detected, please remove this workaround." diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh index 562bafb614..e9a398c701 100755 --- a/.github/workflows/unit_tests.sh +++ b/.github/workflows/unit_tests.sh @@ -70,10 +70,6 @@ for phase in "${PHASES[@]}"; do mv /etc/machine-id /etc/machine-id.bak fi fi - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' MESON_ARGS+=(--fatal-meson-warnings) run_meson -Dnobody-group=nogroup --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true "${MESON_ARGS[@]}" build ninja -C build -v @@ -94,10 +90,6 @@ for phase in "${PHASES[@]}"; do MESON_ARGS+=(-Dskip-deps=true) fi fi - # The install_tag feature introduced in 0.60 causes meson to fail with fatal-meson-warnings - # "Project targeting '>= 0.53.2' but tried to use feature introduced in '0.60.0': install_tag arg in custom_target" - # It can be safely removed from the CI since it isn't actually used anywhere to test anything. - find . -type f -name meson.build -exec sed -i '/install_tag/d' '{}' '+' MESON_ARGS+=(--fatal-meson-warnings) run_meson -Dnobody-group=nogroup --werror -Dtests=unsafe -Db_sanitize=address,undefined "${MESON_ARGS[@]}" build ninja -C build -v From eeb88ea41d7f3c62a7cc72224a3aebb9e03565ad Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 16 Jun 2023 04:56:18 +0900 Subject: [PATCH 08/11] networkd-test.py: show more debugging logs on failure --- test/networkd-test.py | 80 +++++++++++++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 26 deletions(-) diff --git a/test/networkd-test.py b/test/networkd-test.py index 9e7233d39b..7f05dc2573 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -341,6 +341,20 @@ class ClientTestBase(NetworkdTestingUtilities): subprocess.call(['journalctl', '-b', '--no-pager', '--quiet', '--cursor', self.journal_cursor, '-u', unit]) + def show_ifaces(self): + '''Show network interfaces''' + + print('--- networkctl ---') + sys.stdout.flush() + subprocess.call(['networkctl', 'status', '-n', '0', '-a']) + + def show_resolvectl(self): + '''Show resolved settings''' + + print('--- resolvectl ---') + sys.stdout.flush() + subprocess.call(['resolvectl']) + def create_iface(self, ipv6=False): '''Create test interface with DHCP server behind it''' @@ -595,7 +609,7 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): if dnsmasq_opts: extra_opts += dnsmasq_opts self.dnsmasq = subprocess.Popen( - ['dnsmasq', '--keep-in-foreground', '--log-queries', + ['dnsmasq', '--keep-in-foreground', '--log-queries=extra', '--log-dhcp', '--log-facility=' + self.dnsmasq_log, '--conf-file=/dev/null', '--dhcp-leasefile=' + lease_file, '--bind-interfaces', '--interface=' + self.if_router, '--except-interface=lo', @@ -612,11 +626,12 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): self.dnsmasq.wait() self.dnsmasq = None - def print_server_log(self): + def print_server_log(self, log_file=None): '''Print DHCP server log for debugging failures''' - with open(self.dnsmasq_log) as f: - sys.stdout.write('\n\n---- dnsmasq log ----\n{}\n------\n\n'.format(f.read())) + path = log_file if log_file else self.dnsmasq_log + with open(path) as f: + sys.stdout.write('\n\n---- {} ----\n{}\n------\n\n'.format(os.path.basename(path), f.read())) def test_resolved_domain_restricted_dns(self): '''resolved: domain-restricted DNS servers''' @@ -649,7 +664,7 @@ DNSSECNegativeTrustAnchors=search.example.com vpn_dnsmasq_log = os.path.join(self.workdir, 'dnsmasq-vpn.log') vpn_dnsmasq = subprocess.Popen( - ['dnsmasq', '--keep-in-foreground', '--log-queries', + ['dnsmasq', '--keep-in-foreground', '--log-queries=extra', '--log-facility=' + vpn_dnsmasq_log, '--conf-file=/dev/null', '--dhcp-leasefile=/dev/null', '--bind-interfaces', '--interface=testvpnrouter', '--except-interface=lo', @@ -674,32 +689,42 @@ DNSSECNegativeTrustAnchors=company lab # ensure we start fresh with every test subprocess.check_call(['systemctl', 'restart', 'systemd-resolved']) + subprocess.check_call(['systemctl', 'service-log-level', 'systemd-resolved', 'debug']) - # test vpnclient specific domains; these should *not* be answered by - # the general DNS - out = subprocess.check_output(['resolvectl', 'query', 'math.lab']) - self.assertIn(b'math.lab: 10.241.3.3', out) - out = subprocess.check_output(['resolvectl', 'query', 'kettle.cantina.company']) - self.assertIn(b'kettle.cantina.company: 10.241.4.4', out) + try: + # test vpnclient specific domains; these should *not* be answered by + # the general DNS + out = subprocess.check_output(['resolvectl', 'query', 'math.lab']) + self.assertIn(b'math.lab: 10.241.3.3', out) + out = subprocess.check_output(['resolvectl', 'query', 'kettle.cantina.company']) + self.assertIn(b'kettle.cantina.company: 10.241.4.4', out) - # test general domains - out = subprocess.check_output(['resolvectl', 'query', 'search.example.com']) - self.assertIn(b'search.example.com: 192.168.42.1', out) + # test general domains + out = subprocess.check_output(['resolvectl', 'query', 'search.example.com']) + self.assertIn(b'search.example.com: 192.168.42.1', out) - with open(self.dnsmasq_log) as f: - general_log = f.read() - with open(vpn_dnsmasq_log) as f: - vpn_log = f.read() + with open(self.dnsmasq_log) as f: + general_log = f.read() + with open(vpn_dnsmasq_log) as f: + vpn_log = f.read() - # VPN domains should only be sent to VPN DNS - self.assertRegex(vpn_log, 'query.*math.lab') - self.assertRegex(vpn_log, 'query.*cantina.company') - self.assertNotIn('.lab', general_log) - self.assertNotIn('.company', general_log) + # VPN domains should only be sent to VPN DNS + self.assertRegex(vpn_log, 'query.*math.lab') + self.assertRegex(vpn_log, 'query.*cantina.company') + self.assertNotIn('.lab', general_log) + self.assertNotIn('.company', general_log) - # general domains should not be sent to the VPN DNS - self.assertRegex(general_log, 'query.*search.example.com') - self.assertNotIn('search.example.com', vpn_log) + # general domains should not be sent to the VPN DNS + self.assertRegex(general_log, 'query.*search.example.com') + self.assertNotIn('search.example.com', vpn_log) + + except (AssertionError, subprocess.CalledProcessError): + self.show_journal('systemd-resolved.service') + self.print_server_log() + self.print_server_log(vpn_dnsmasq_log) + self.show_ifaces() + self.show_resolvectl() + raise def test_resolved_etc_hosts(self): '''resolved queries to /etc/hosts''' @@ -725,6 +750,7 @@ DNSSECNegativeTrustAnchors=company lab subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts']) self.addCleanup(subprocess.call, ['umount', '/etc/hosts']) subprocess.check_call(['systemctl', 'restart', 'systemd-resolved.service']) + subprocess.check_call(['systemctl', 'service-log-level', 'systemd-resolved.service', 'debug']) # note: different IPv4 address here, so that it's easy to tell apart # what resolved the query @@ -760,6 +786,8 @@ DNSSECNegativeTrustAnchors=company lab except (AssertionError, subprocess.CalledProcessError): self.show_journal('systemd-resolved.service') self.print_server_log() + self.show_ifaces() + self.show_resolvectl() raise def test_transient_hostname(self): From 77725adedddf079bd5b9b68d7597a3644e0b8ebe Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 16 Jun 2023 06:54:04 +0900 Subject: [PATCH 09/11] networkd-test.py: replace deprecated option IPv6AcceptRouterAdvertisements= Also, use 'yes' or 'no' for boolean options. --- test/networkd-test.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/networkd-test.py b/test/networkd-test.py index 7f05dc2573..0e2073ead4 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -482,7 +482,7 @@ DHCP={dhcp_mode} def test_coldplug_dhcp_yes_ip4_no_ra(self): # with disabling RA explicitly things should be fast self.do_test(coldplug=True, ipv6=False, - extra_opts='IPv6AcceptRA=False') + extra_opts='IPv6AcceptRA=no') def test_coldplug_dhcp_ip4_only(self): # we have a 12s timeout on RA, so we need to wait longer @@ -492,7 +492,7 @@ DHCP={dhcp_mode} def test_coldplug_dhcp_ip4_only_no_ra(self): # with disabling RA explicitly things should be fast self.do_test(coldplug=True, ipv6=False, dhcp_mode='ipv4', - extra_opts='IPv6AcceptRA=False') + extra_opts='IPv6AcceptRA=no') def test_coldplug_dhcp_ip6(self): self.do_test(coldplug=True, ipv6=True) @@ -522,7 +522,7 @@ Domains= ~company try: self.do_test(coldplug=True, ipv6=False, - extra_opts='IPv6AcceptRouterAdvertisements=False') + extra_opts='IPv6AcceptRA=no') except subprocess.CalledProcessError as e: # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848 if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']: @@ -555,7 +555,7 @@ Domains= ~company ~. try: self.do_test(coldplug=True, ipv6=False, - extra_opts='IPv6AcceptRouterAdvertisements=False') + extra_opts='IPv6AcceptRA=no') except subprocess.CalledProcessError as e: # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848 if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']: @@ -651,7 +651,7 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): Name={} [Network] DHCP=ipv4 -IPv6AcceptRA=False +IPv6AcceptRA=no DNSSECNegativeTrustAnchors=search.example.com '''.format(self.iface)) @@ -676,7 +676,7 @@ DNSSECNegativeTrustAnchors=search.example.com [Match] Name=testvpnclient [Network] -IPv6AcceptRA=False +IPv6AcceptRA=no Address=10.241.3.2/24 DNS=10.241.3.1 Domains=~company ~lab @@ -803,7 +803,7 @@ DNSSECNegativeTrustAnchors=company lab self.addCleanup(subprocess.call, ['systemctl', 'stop', 'systemd-hostnamed.service']) self.create_iface(dnsmasq_opts=['--dhcp-host={},192.168.5.210,testgreen'.format(self.iface_mac)]) - self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4') + self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=no', dhcp_mode='ipv4') try: # should have received the fixed IP above @@ -847,7 +847,7 @@ DNSSECNegativeTrustAnchors=company lab self.addCleanup(subprocess.call, ['systemctl', 'stop', 'systemd-hostnamed.service']) self.create_iface(dnsmasq_opts=['--dhcp-host={},192.168.5.210,testgreen'.format(self.iface_mac)]) - self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=False', dhcp_mode='ipv4') + self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=no', dhcp_mode='ipv4') try: # should have received the fixed IP above From 55f9d72a5daa3d6f707878c0a50f856543c7de27 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 16 Jun 2023 05:55:58 +0900 Subject: [PATCH 10/11] networkd-test.py: do not query IPv6 address From changelog of dnsmasq v2.87: ==== Note in manpage the change in behaviour of -address. This behaviour actually changed in v2.86, but was undocumented there. From 2.86 on, (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other types of query will be sent upstream. Pre 2.86, that would catch the whole example.com domain and queries for other types would get a local NODATA answer. The pre-2.86 behaviour is still available, by configuring --address=/example.com/1.2.3.4 --local=/example.com/ ==== --- test/networkd-test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/networkd-test.py b/test/networkd-test.py index 0e2073ead4..af23f75741 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -694,13 +694,13 @@ DNSSECNegativeTrustAnchors=company lab try: # test vpnclient specific domains; these should *not* be answered by # the general DNS - out = subprocess.check_output(['resolvectl', 'query', 'math.lab']) + out = subprocess.check_output(['resolvectl', 'query', '-4', 'math.lab']) self.assertIn(b'math.lab: 10.241.3.3', out) - out = subprocess.check_output(['resolvectl', 'query', 'kettle.cantina.company']) + out = subprocess.check_output(['resolvectl', 'query', '-4', 'kettle.cantina.company']) self.assertIn(b'kettle.cantina.company: 10.241.4.4', out) # test general domains - out = subprocess.check_output(['resolvectl', 'query', 'search.example.com']) + out = subprocess.check_output(['resolvectl', 'query', '-4', 'search.example.com']) self.assertIn(b'search.example.com: 192.168.42.1', out) with open(self.dnsmasq_log) as f: From 5063f027ef669a934133465b875fd68f0b4d6794 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 16 Jun 2023 09:29:46 +0900 Subject: [PATCH 11/11] networkd-test.py: disable global DNS= setting Otherwise, queries may be passed to unexpected DNS servers. --- test/networkd-test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/networkd-test.py b/test/networkd-test.py index af23f75741..bf07bea17c 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -640,7 +640,7 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase): conf = '/run/systemd/resolved.conf.d/test-enable-dnssec.conf' os.makedirs(os.path.dirname(conf), exist_ok=True) with open(conf, 'w') as f: - f.write('[Resolve]\nDNSSEC=allow-downgrade\nLLMNR=no\nMulticastDNS=no\nDNSOverTLS=no\n') + f.write('[Resolve]\nDNSSEC=allow-downgrade\nLLMNR=no\nMulticastDNS=no\nDNSOverTLS=no\nDNS=\n') self.addCleanup(os.remove, conf) # create interface for generic connections; this will map all DNS names @@ -733,7 +733,7 @@ DNSSECNegativeTrustAnchors=company lab conf = '/run/systemd/resolved.conf.d/test-enable-dnssec.conf' os.makedirs(os.path.dirname(conf), exist_ok=True) with open(conf, 'w') as f: - f.write('[Resolve]\nDNSSEC=allow-downgrade\nLLMNR=no\nMulticastDNS=no\nDNSOverTLS=no\n') + f.write('[Resolve]\nDNSSEC=allow-downgrade\nLLMNR=no\nMulticastDNS=no\nDNSOverTLS=no\nDNS=\n') self.addCleanup(os.remove, conf) # Add example.com to NTA list for this test