When looking at how dlopen for various libs is implemented, I found that the
macros hide too much. I find it much easier to see what is going on if 'extern'
and '= NULL' are written explicitly. After all, we don't hide those for other
definitions, e.g. our style guide says that static variables should be
initialized with '= NULL'. With that change, it's much more obvious what is
a variable declaration and what is a variable initialization.
Use 'recommended' priority for the default compression library, to
indicate that it should be prioritized over the other ones, as it
will be used to compress journals/core files.
Also use 'recommended' for kmod, as systems will likely fail to boot
if it's missing from the initrd.
Use 'suggested' for everything else.
There is one dlopen'ed TPM library that has the name generated
at runtime (depending on the driver), so that cannot be added, as it
needs to be known at build time.
Also when we support multiple ABI versions list them all, as for the
same reason we cannot know which one will be used at build time.
$ dlopen-notes.py build/libsystemd.so.0.39.0 build/src/shared/libsystemd-shared-256.so
libarchive.so.13 suggested
libbpf.so.0 suggested
libbpf.so.1 suggested
libcryptsetup.so.12 suggested
libdw.so.1 suggested
libelf.so.1 suggested
libfido2.so.1 suggested
libgcrypt.so.20 suggested
libidn2.so.0 suggested
libip4tc.so.2 suggested
libkmod.so.2 recommended
liblz4.so.1 suggested
liblzma.so.5 suggested
libp11-kit.so.0 suggested
libpcre2-8.so.0 suggested
libpwquality.so.1 suggested
libqrencode.so.3 suggested
libqrencode.so.4 suggested
libtss2-esys.so.0 suggested
libtss2-mu.so.0 suggested
libtss2-rc.so.0 suggested
libzstd.so.1 recommended
Co-authored-by: Luca Boccassi <bluca@debian.org>
This introduces $SYSTEMD_KEYMAP_DIRECTORIES environment variable to
override the hardcoded keymap directories.
I think it is not necessary to provide the first class configuration
option for controlling the keymap directories, but it is not good to
hardcode the paths. So, let's introduce an environment variable to
override that.
Prompted by #31759.
Closes#31759.
Previously, it is assumed that the paths in KBD_KEYMAP_DIRS are ended
with a slash. But, in the next commit, paths will become controllable by
users, and each path may not be ended with a slash.
This should not change any effective behaviors.
Just refactoring and preparation.
This adds for both the D-Bus and the Varlink flavours of our polkit
client api a flags parameter. And then folds the "bool interactive" flag
that the D-Bus version so far had, into a flag, and also adds support
for it in the Varlink API.
Since this means the Varlink API gained another parameter, let's do what
we already did for the D-Bus API and add a _full() version of the API
that has the flags and the good_uid parameter, and one without both.
We have these pretty macros, let's use them everywhere (so far we mostly
used them for newer additions only).
This PR is mostly an excercise in "perl -p -i -e", but there are some
special cases:
* idn-util.c exposes a function whose prototype in the official library
headers is marked with the "const" attribute, and this apparently does
not propagate along typeof() correctly and then
__builtin_types_compatible_p() fails later because it detects that
prototype and original function don't match in prototype.
* libbpf removed some symbols in newer versions, hence we need to define
some prototypes manually to still be able to build.
* libcryptsetup marked a symbol as deprecated we want to use (knowing it
is deprecated). By using the macros this is detected by the compiler.
We work around it via the usual warning off macros.
Note by using these macros we assume that all symbols are known during
build time. Which might not be the case. We might need to revert this
commit for some symbols if this trips up builds on older distros.
This simplifies bus_verify_polkit_async() and related calls quite a bit:
1. This removes any support for authentication-by-Linux-capability. This
is ultimately a kdbus leftover: with classic AF_UNIX transports we
cannot authenticate by capabilities securely (because we cannot
acquire it from the peer without races), hence we never actually did.
Since the necessary kernel work didn't materialize in the last 10y,
and is unlikely to be added, let's just kill this context. We cannot
quite remove the caps stuff from sd-bus for API compat, but for our
polkit logic let's kill it.
2. The "good_uid" and "interactive" params are only necessary in very
few cases, hence let's move them to a new call
bus_verify_polkit_async_full() and make bus_verify_polkit_async() a
wrapper around it without those two parameters.
This also fixes a bunch of wrong uses of the "interactive" bool. The
bool makes no sense today as the ALLOW_INTERACTIVE_AUTHORIZATION field
in the D-Bus message header replaces it fully. We only need it to
implement method calls we introduced prior to that header field becoming
available in D-Bus. And it should only be used on such old method calls,
and otherwise always be set to false.
This does not change behaviour in any way. Just simplifies stuff.
Fixes: #21586
If the column is "-" and the X context variant specifer only
contains commas, we should also give the match bonus. The variant
string is supposed to be a comma-separated list as long as the
list of layouts, so it's quite natural for consumers to be written
in such a way that they pass a string only containing commas if
there are multiple layouts and no variants. anaconda is a real
world case that does this.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The lines in kbd-model-map date back to ye olde times (RH's old
system-config-keyboard), and I think predate this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1039185
where we got strong feedback that, for 'switched' layout setups
like Russian, US English should be the *first* layout and the
native layout the *second* one. This is how anaconda and, as of
recently, gnome-initial-setup configure such cases - but that
means, if we try to use localed to convert these configurations
using kbd-model-map, we get the wrong result (we get "us" as the
console layout). See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1912609
where we first noticed this wasn't working right, but sadly, we
'fixed' it with a not-really-correct bodge in anaconda instead
of doing it properly.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We should give a match bonus if the X context variant is empty
and the xvariant column in kbd-model-map is "-" (which means
none). Currently, we don't, which means that if you call this
on a context with layouts bg,us and no variant, you get the
console layout bg_pho-utf8 instead of bg_bds-utf8 (because both
score the same, and the bg_pho-utf8 row comes first). You should
get bg_bds-utf8 in this case.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We have this very similar code in various places, and it#s not entirely
obvious (since we want a prolonged timeout for the reload), hence unify
this at one place.
This changes the console layout from 'hu101' to 'hu' when the user calls 'localectl set-x11-keymap hu', because 'hu' is the expected layout instead of 'hu101' for most users.
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
When doing a conversion and the specified 'xc->xvariant' has no match, select
the x11 layout entry with a matching layout and an empty xvariant if such entry
exists. It's still better than no conversion at all.
When doing x11->console conversions, find_converted_keymap() searches
automatically for a candidate in the converted keymap directory for a given x11
layout.
However doing console->x11 conversions, this automatic search is not done hence
simple conversion in this direction can't be achieved without populating
kbd-model-map with entries for converted keymaps.
For example, let's consider "at" layout which is not part of kbd-model-map. The
"at" x11 layout has a generated keymap
"/usr/share/kbd/keymaps/xkb/at.map.gz". If we configure "at" for the x11
layout, localed is able to automatically find the "at" converted vc layout and
the conversion just works :
$ localectl set-x11-keymap at
$ localectl
System Locale: LANG=en_US.UTF-8
VC Keymap: at
X11 Layout: at
However in the opposite direction, ie when setting the vc keymap to "at", no
conversion is done and the x11 layout is not defined:
$ localectl set-keymap at
$ localectl
System Locale: LANG=en_US.UTF-8
VC Keymap: at
X11 Layout: (unset)
This patch fixes this limitation as the implemenation is relatively simple and
it removes the need to populate kbd-model-map with (many) entries for converted
keymaps. However the patch doesn't remove the existing entries in kbd-model-map
which became unneeded after this change to be on the safe side.
Note: by default the automatically generated x11 keyboard configs use keyboard
model "microsoftpro" which should be equivalent to "pc105" model but with the
internet/media key mapping added.
After manually editing /etc/locale.gen, calling localectl set-locale
sometimes fails. When it fails, the systemd journal shows:
systemd-localed: free() / invalid pointer.
It turned out that it only fails if some of the uncommented lines in
/etc/locale.gen have leading spaces, as in:
* C.UTF-8 <= OK
* en_US.UTF-8 <= OK
* fr_FR.UTF-8 <= NOK
After parsing a line from /etc/locale.gen, we use strstrip() to obtain
the "trimmed" line (without leading or trailing spaces).
However, we store the result of strstrip() in the original pointer
containing the untrimmed line. This pointer is later passed to free
(this is done automatically using _cleanup_free_).
This is a problem because if any leading space is present, the pointer
will essentially be shifted from its original value. This will result in
an invalid free upon cleanup.
The same issue is present in the locale_gen_locale_supported function.
Fixed by storing the result of strstrip() in a different pointer.
This is a combination of fdopen() and fd_reopen(). i.e. it first reopens
the fd, and then converts that into a FILE*.
We do this at various places already manually. let's move this into a
helper call of its own.
In various tools and services we have a per-system and per-user concept.
So far we sometimes used a boolean indicating whether we are in system
mode, or a reversed boolean indicating whether we are in user mode, or
the LookupScope enum used by the lookup path logic.
Let's address that, in introduce a common enum for this, we can use all
across the board.
This is mostly just search/replace, no actual code changes.
Follow-up for 82c2095a5e.
> I feel like the logging here may be a bit confusing on the new path.
> Previously you did get a message that explained what was going on. Now you get
> an info message that the layout could not be compiled, and … that's all. I can
> imagine this being a confusing red herring if someone was trying to debug a
> problem and saw this message. Perhaps we should log something else instead/as
> well, on the case where libxkbcommon isn't present, to say that's what we're
> logging about and it just means we can't validate the configuration, not that
> it's definitely invalid?
When compliled without libxkbcommon, we do no verification and accept the
arguments as given. When compliled against with, if dlopen() works, we do the
verification. But if dlopen() fails, we would refuse the call and return
SD_BUS_ERROR_INVALID_ARGS. 5de344704d added things
this way when converting to dlopen(), but it seems not very useful: it can be
expected that when the library is supported but missing at runtime, we degrade
softly, and that the behaviour is something inbetween the cases of hard disable
at compilation time and full support. But right now we behave more strictly then
if disabled at compilation. Change the code to just warn if dlopen fails, but
accept the arguments.
(There are various minimization scenarios where forcing the installation of
libxkbcommon is not useful. E.g. a small installation where we want to set the
keymap via logind, but the configuration is managed by a configuration
management system and is known to be valid. Verification via libxkbcommon is
just overhead in this case.)
800f65f827 moved the check earlier, so now even
a noop case of setting the values that were already in place can fail.
C.f. https://bugzilla.redhat.com/show_bug.cgi?id=2175244.
Although this slightly more verbose it makes it much easier to reason
about. The code that produces the tests heavily benefits from this.
Test lists are also now sorted by test name.
