ASSERT_PTR() and friends in assert-fundamental.h make use of assert()
and assert_se() which when not building for sd-boot are defined in
assert-util.h. Because assert() from glibc is only overridden in
assert-util.h, the macros in assert-fundamental.h still end up using
the glibc assert.
Let's fix this by moving the required macros and related logic to
assert-fundamental.h.
Tooling such as clang-tidy is bad at dealing with condition
compilation on the build system level instead of at the source file
level. What happens? It still tries to analyze the file and fails
horribly if the required headers aren't available. Let's work around
the issue and make things more consistent at the same time by doing
the necessary HAVE_GCRYPT checks inside of the source files instead
of doing them at the build system level.
We also add some typedefs to allow getting rid of various HAVE_GCRYPT
checks.
We want to make the header standalone so it includes all the stuff it
needs. However, including macro.h for assert_cc() doesn't work because
of generate-audit_type-list.sh which would have to become more complex
to handle the extra include directories.
Instead, let's just use _Static_assert() directly which is a builtin and
doesn't need any extra includes.
I have been trying to run
https://github.com/include-what-you-use/include-what-you-use on the
systemd repository to hopefully get a handle on the rampant numbers of
includes we have in every file with no idea if any of the symbols coming
from that file are used or not.
While I haven't got it fully working yet, these changes still make sense
IMO and can be merged already.
Except the last commit, all other changes are about removing circular
dependencies between headers which trips up include-what-you-use.
Regardless of the tool, circular dependencies between headers are a code
smell and I think we should get rid of them regardless of whether we end
up using the tool or not.
Even though these are in our tree, we should still treat them as
system includes which helps various tools (clangd, iwyu, ...) understand
that these are system includes and <> should be used instead of "".
Now that the necessary functions from log.h have been moved to macro.h,
we can stop including log.h in macro.h. This requires modifying source
files all over the tree to include log.h instead.
Various functions in log.h are only used by asserts, and there's
enough assertion related stuff in macro.h to justify a separate header
which also makes it easier to avoid circular dependencies.
Let's introduce assert-util.h and an accompanying fundamental header
and move all the assertion related stuff over there. PROJECT_FILE is
moved over to macro.h.
Let's keep macro.h for the extremely generic macros that don't fit anywhere
else. Since CLEANUP_ARRAY() is already in memory-util-fundamental.h, we can
make a good case for moving the other cleanup macros in there as well.
On musl, O_ACCMODE is defined as (03|O_SEARCH), unlike glibc which
defines it as (O_RDONLY|O_WRONLY|O_RDWR). Additionally, O_SEARCH is
simply defined as O_PATH.
This causes problems for systemd on musl, as it changes the
behaviour of open_mkdir_at_full() to return -EINVAL if O_PATH is
included in flags due to the fact that O_ACCMODE includes O_SEARCH
(i.e. O_PATH). Consequently, this makes the test-fs-util test fail.
Upstream musl seems content with this behaviour and doesn't seem
interested in matching glibc's behaviour due to that defining it this
way allows for O_SEARCH to match POSIX better by allowing it to open
directories where read permission is missing. Apparently musl does some
emulation in other places to make this work more consistently as well.
Initially I took the approach of working around this by redefining
O_SEARCH as O_RDONLY if O_SEARCH == O_PATH. This fixes the test and is
the approach taken by both XZ[1] and Gzip[2][3], but was not taken as
redefining system headers potentially could be problematic.
Instead, introduce O_ACCMODE_STRICT which just is a copy of glibc's
O_ACCMODE and use it everywhere. This way we don't have to deal with
unusual definitions of O_ACCMODE from C standard libraries other than
glibc.
[1]: https://git.tukaani.org/?p=xz.git;a=blob;f=src/xz/file_io.c;h=8c83269b13fa31284f7ea5f3627a1dfbce7d6e14;hb=HEAD#l72
[2]: https://git.savannah.gnu.org/cgit/gnulib.git/tree/lib/fcntl.in.h
(lines 380 and 396, commit d7f551b30f3f2a0fa57c1b10c12f4eea41a9b89e)
[3]: https://lists.gnu.org/archive/html/bug-gzip/2025-01/msg00000.html
getxattr_at_malloc() calls getxattr_pinned_internal() with size 0 to get
the size of the xattr, and then asserts because n > 0
```
Assertion '(size_t) n <= size' failed at src/basic/xattr-util.c:107, function getxattr_pinned_internal().
```
Follow-up for b8df25dcfe
NETLINK_LIST_MEMBERSHIPS is supported since kernel v4.2, specifically
b42be38b27
Our baseline on the kernel is v5.4. Let's drop unnecessary conditions.
Follow-up for b58c240312
We need to be extremely careful with using the path associated with fd,
since it contains the resolved path if a symlink was opened. In particular,
it's really not desirable to return the resolved executable path in
pin_callout_binary(), which would end up as argv[0] in udev_event_spawn(),
potentially changing the behavior of spawned process.
