systemd-255 is failing a build with the latest kernel headers… Let's downgrade
this warning, because it's fine if there's a file system we don't know about
and it makes thing less brittle if we don't treat this as a hard error.
(I initially conditionalized this on BUILD_MODE, but I don't think we need a
hard error there either. A warning will be noticed and fixed.)
gcrypt is used only for journal sealing operations in libsystemd, so it
can be made into a dlopen dependency that is used only on demand. This
allows to reduce the footprint of libsystemd in the most common cases.
Keep systemd-pull and systemd-resolved with normal linking, as they are
executables, and usually built with OpenSSL support anyway.
Dynamically load liblz4, libzstd and liblzma with dlopen().
This helps to reduce the size of the initrd image when these libraries
are not really needed.
I'm going to dlopen_many_sym_or_warn() in src/basic/compress.c, this
will introduce a circular dependency because libshared already depends
from libbasic.
To avoid this, move dlfcn-util.c from libshared to libbasic.
We have a number of components these days that are split into multiple
binaries, i.e. a primary one, and a worker callout usually. These
binaries are closely related, they typically speak a protocol that is
internal, and not safe to mix and match. Examples for this:
- homed and its worker binary homework
- userdbd and its worker binary userwork
- import and the various pull/import/export handlers
- sysupdate the same
- the service manager and the executor binary
Running any of these daemons directly from the meson build tree is
messy, since the implementations will typically invoke the installed
callout binaries, not the ones from the build tree. This is very
annoying, and not obvious at first.
Now, we could always invoke relevant binaries from $(dirname
/proc/self/exe) first, before using the OS installed ones. But that's
typically not what is desired, because this means in the installed case
(i.e. the usual one) we'll look for these callout binaries at a place
they typically will not be found (because these callouts generally are
located in libexecdir, not bindir when installed).
Hence, let's try to do things a bit smarter, and follow what build
systems such as meson have already been doing to make sure dynamic
library discovery works correctly when binaries are run from a build
directory: let's start looking at rpath/runpath in the main binary that
is executed: if there's an rpath/runpath set, then we'll look for the
callout binaries next to the main binary, otherwise we won't. This
should generally be the right thing to do as meson strips the rpath
during installation, and thus we'll look for the callouts in the build
dir if in build dir mode, and in the OS otherwise.
Adds a util function to sha256 an open fd (moved from dissect). Also
adds functions to check if a string contains a valid sha256 hash, and
parse it into a sha256 array.
We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers
like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so
the existing name is outdated. I think the uid-range.[ch] should stay separate
because it has a bunch of helpers for parsing and printing of uid ranges. So
let's rename as in $subject to better reflect the contents of the file and make
the two sets of files harder to confuse.
This is just like lock_generic(), but applies the lock with a timeout.
This requires jumping through some hoops by executing things in a child
process, so that we can abort if necessary via a timer. Linux after all
has no native way to take file locks with a timeout.
This is preparation for #28891, which adds a bunch more helpers around
"struct iovec", at which point this really deserves its own .c/.h file.
The idea is that we sooner or later can consider "struct iovec" as an
entirely generic mechanism to reference some binary blob, and is the
go-to type for this purpose whenever we need one.
Let's start with the conversion of PID 1 to pidfds. Let's add a simple
structure with just two fields that can be used to maintain a reference
to arbitrary processes via both pid_t and pidfd.
This is an embeddable struct, to keep it in line with where we
previously used a pid_t directly to track a process.
Of course, since this might contain an fd on systems where we have pidfd
this structure has a proper lifecycle.
(Note that this is quite different from sd_event_add_child() event
source objects as that one is only for child processes and collects
process results, while this infra is much simpler and more generic and
can be used to reference any process, anywhere in the tree.)
This code uses various CPUID checks to be able to identify
* AMD SEV
* AMD SEV-ES
* AMD SEV-SNP
* Intel TDX
On HyperV/Azure, it has special checks for detecting SEV-SNP
since the normal CPUID is blocked.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
In various tools and services we have a per-system and per-user concept.
So far we sometimes used a boolean indicating whether we are in system
mode, or a reversed boolean indicating whether we are in user mode, or
the LookupScope enum used by the lookup path logic.
Let's address that, in introduce a common enum for this, we can use all
across the board.
This is mostly just search/replace, no actual code changes.
The name "def.h" originates from before the rule of "no needless abbreviations"
was established. Let's rename the file to clarify that it contains a collection
of various semi-related constants.
I wanted to move saved_arg[cv] to process-util.c+h, but this causes problems:
process-util.h includes format-util.h which includes net/if.h, which conflicts
with linux/if.h. So we can't include process-util.h in some files.
But process-util.c is very long anyway, so it seems nice to create a new file.
rename_process(), invoked_as(), invoked_by_systemd(), and argv_looks_like_help()
which lived in process-util.c refer to saved_argc and saved_argv, so it seems
reasonable to move them to the new file too.
util.c is now empty, so it is removed. util.h remains.
I changed imports of util.h to initrd-util.h, or added an import of
initrd-util.h, to keep compilation working. It turns out that many files didn't
import util.h directly.
When viewing the patch, don't be confused by git rename detection logic:
a new .c file is added and two functions moved into it.
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.
There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
Passing a file as a command argument in string form assumes that
run_command has the current subdir as its cwd, but Meson's documentation
*explicitly* calls this out as undefined and wrong to use.
Indeed, muon has a different implementation that uses a different cwd,
and this argument cannot be found. Instead, passing a files() object
means that it's the job of meson itself to verify the file exists, then
pass it to the run_command in some format that guarantees it is a valid
path reference.
The compression helpers are used both in journal code and in coredump
code, and there's a good chance we'll use them later for other stuff.
Let's hence move them into src/basic/, to make them a proper internal
API we can use from everywhere where that's desirable. (pstore might be
a candidate, for example)
No real code changes, just some moving around, build system
rearrangements, and stripping of journal-def.h inclusion.
No actual code changes, just splitting out of some dev_t handling
related calls from stat-util.[ch], they are quite a number already, and
deserve their own module now I think.
Also, try to settle on the name "devnum" as the name for the concept,
instead of "devno" or "dev" or "devid". "devnum" is the name exported in
udev APIs, hence probably best to stick to that. (this just renames a
few symbols to "devum", local variables are left untouched, to make the
patch not too invasive)
No actual code changes.
The approach to use '''…'''.split() instead of a list of strings was initially
used when converting from automake because it allowed identical blocks of lines
to be used for both, making the conversion easier.
But over the years we have been using normal lists more and more, especially
when there were just a few filenames listed. This converts the rest.
No functional change.
The meson default for static_library() are:
build_by_default=true, install=false. We never interact with the
static libraries, and we only care about them as a stepping-stone towards
the installable executables or libraries. Thus let's only build them if
they are a dependency of something else we are building.
While at it, let's drop install:false, since this appears to be the default.
This change would have fixed the issue with lib_import_common failing
to build too: we wouldn't attempt to build it.
In practice this changes very little, because we generally only declare static
libraries where there's something in the default target that will make use of
them. But it seems to be a better pattern to set build_by_default to false.
