Looking at aecb6eaed7, it seems that we
want build paths with spaces to be supported. Let's use 'printf %q' here
to make that work. Also, use capture:true to make the command less complicated.
Otherwise, the result may point to outside of the root directory.
This also sets CONF_FILES_REGULAR and CONF_FILES_FILTER_MASKED, as the
callers will call fopen() or friends for the result, thus the enumerated
results must be non-empty regular files.
Previously, symlinks in the replacement was not chased, hence we may
inserted a path to outside of the root directory, or we may have wrong
judgement whether we should insert the replacement or not.
This makes the symlinks in the replacement also resolved.
Also, as the function is only used by tmpfiles and sysusers, this
enables CONF_FILES_REGULAR, CONF_FILES_CHASE_BASENAME, and
CONF_FILES_FILTER_MASKED_BY_SYMLINK flags.
Previously, when a root directory is specified to conf_files_list() and
friends, the last component of each result was not resolved, even though
they internally chases the last component. So the caller needs to chase
the path again when the file is used.
This introduce a new flag that makes the whole path of each result is
resolved, hence caller can use it as is.
Previously, symlinks in paths to conf directories are chased, but
symlink files in conf directories were not.
This also makes symlink files in conf directories chased. And, any
unresolvable symlinks are dropped, even if no verification is requested.
The man page nss-systemd(8) says
> The contents of these files are currently not read, and the files
> should be created empty.
But previously we filtered out such files, as the CONF_FILES_FILTER_MASKED
flag checks if a file is empty (or symlink to null), thus any empty files
were ignored.
To accept empty .membership files, let's use CONF_FILES_FILTER_MASKED_BY_SYMLINK.
Fixes#37945.
We recently added a new set of assertion macros such as ASSERT_GE,
ASSERT_OK, ASSERT_EQ, ... which show not only the expression that failed
but also the values of the arguments of the expression. Let's use them.
This is based on #35764 by Guruswamy Basavaiah, but covers further code
paths.
This ensures that when we initiate a TLS shutdown we'll write out our
own close_notify message, but not wait for the close_notify reply from
the server side anymore.
Replaces: #35764
When asked to look something up, and all scopes we contact fail we need
to pick a suitable error code for the failure, and given that we look up
things on multiple scopes we might have multiple errors to choose from.
So far we simply picked the error from the last scope in the list, which
hence would be pretty arbitrary.
Let's tweak this a bit, and if we have multiple errors to choose from,
let's prefer "conclusive" failures over "inconclusive" ones. The
"inconclusive" ones in this sense are the ones where we didn't even issue
a request, but couldn't even do that because we had no server, no
network or things like that. The "conclusive" ones are the errors we got
from a server, that hence a "real" in a way.
This addresses the confusion described in #37969. For LLMNR lookups we
generally refuse looking up A addresses via IPv6 and AAAA via IPv4. This
generates a DNS_TRANSACTION_NO_SERVERS error, which we would then return
for one type of lookup but not for the other, because the IPv6 scope is
generally created after the IPv4 one, and hence so far won.
Fixes: #37969
The only clock change that affects monotonic timers is suspend causing
CLOCK_MONOTONIC to fall behind CLOCK_BOOTTIME. However, monotonic timers
that use CLOCK_BOOTTIME are not intended to have their elapse time
changed after a suspend. Hence condition the calculation of monotonic
timers’ elapse times on the cause not being a clock change.
Fixes#29245
Otherwise, kernel may announce configuration of an address or route
after 'ip monitor' is started.
This also makes the test check if the whole output of 'ip monitor' is
empty. Otherwise, if the test fails, it is hard to find what is wrong.
Follow-ups for 912a48572d and
bcb9e72b6b.
Fixes#37982.
* b2fe7ba6b1 Do not use return in finally
* b4f3088535 Ensure directories exist before running sync scripts
* e83e7036b0 mkosi-obs: also allow enrolling additional certs in KEK
* b6432fbc29 initrd: Copy /etc/pki/rpm-gpg into sandbox tree
* 44b96b93c8 Partially revert "resources: add systemd-boot-efi"
* 7a22260179 Check that keys are both in context.cli and history
* 6570b21a4b fix: Remove `erofs-utils` from initrd
* ff61c5022a mkosi-initrd: Add atkbd and i8042 modules to the default
initrd modules
* eaa37f7c6c Generate initrds outside of umask context manager
* de09209520 ci: Drop differential shellcheck
* d07c6b93c9 build(deps): bump github/codeql-action from 3.28.16 to
3.28.18
* 9a12fb1bef Check that commit exists in config_parse_minimum_version()
* 9e5b4f8932 kmod: factor out comparison and also count empty
directories as invalid
* 39ed5ef6c2 apt: support including additional configuration for
reprepro
I still am annoyed that this wasn't documented properly when the
inhibitor locks where modified, even though raised multiple times in PR
reviews.
Follow-up for: #30307
See: #34091
Let's make the fs sector size configurable. This also adds
infrastructure so that we can pick different sector sizes as defaults
eventually, but doesn't actually do that.
(Background: I think we should probably default to native sector size
for the ESP, but Daan disagrees, so I'll leave this out for now).
We correctly handle invalid timeouts being stored in EFI variables, but
because we deal with this gracefully we should downgrade the log level
to warning, and say "ignoring" in the log message.
Inspired by #34084
* b2fe7ba6b1 Do not use return in finally
* b4f3088535 Ensure directories exist before running sync scripts
* e83e7036b0 mkosi-obs: also allow enrolling additional certs in KEK
* b6432fbc29 initrd: Copy /etc/pki/rpm-gpg into sandbox tree
* 44b96b93c8 Partially revert "resources: add systemd-boot-efi"
* 7a22260179 Check that keys are both in context.cli and history
* 6570b21a4b fix: Remove `erofs-utils` from initrd
* ff61c5022a mkosi-initrd: Add atkbd and i8042 modules to the default initrd modules
* eaa37f7c6c Generate initrds outside of umask context manager
* de09209520 ci: Drop differential shellcheck
* d07c6b93c9 build(deps): bump github/codeql-action from 3.28.16 to 3.28.18
* 9a12fb1bef Check that commit exists in config_parse_minimum_version()
* 9e5b4f8932 kmod: factor out comparison and also count empty directories as invalid
* 39ed5ef6c2 apt: support including additional configuration for reprepro
When `num_skip` is supplied to the `Range` header, journal-gatewayd
always returns the very last record even though it should have been
skipped. This is because the `sd_journal_next_skip` always returns
non-zero value on the first call, leading to one iteration of the
`request_reader_entries` returning the last record.
To avoid this unexpected behavior, check that the number of lines we
have skipped by is not lower than the requested skip value. If it is,
then it means there are lines which should not be returned now -
decrement the n_skip counter then and return from the function, closing
the stream if follow flag is not set.
Fixes#37954
TCSADRAIN means tcsetattr() will become blocking (waiting for ability to
write out queued bytes), which is problematic, if the referenced TTY is
dead for some reason.
Since all these calls just modify *input* parameters anyway (i.e. mostly
local echo, and canonical mode), forcing out queued output is kinda
pointless anyway, hence just don't do it: leave it in the queue and just
change the flags we want to change.
The tcsetattr(3) man page kinda hints that we want to use TCSANOW here,
because it documents for TCSADRAIN:
"This option should be used when changing parameters that affect
output."
Which one can read so that TCSADRAIN should not be used if it doesn't
affect output, which is the case here.
This probably fixes: #37854
This reverts commit 50cda6433b.
Same as the previous revert, sched.h is too generic to
be included in namespace-util.h, plus this defeats
the purpose of forward decl.
This reverts commit 4d0fe93cba.
I'm not convinced by the reasoning here. The practice of
forward declarations should be confined in headers only,
and any actual invocation of functions in source files
needs to include the original header. strv_split_full()
for instance takes ExtractFlags, and callers will need
to include extract-word.h to get the value definitions.
Now, indeed some -util headers export the most relevant
system header too, notably pidfd-util. But fs-util doesn't
seem to be coupled with any specific header, hence I'm
skeptical about such inclusion.
It will otherwise interpret characters such as '+' as if they
were regex, and break matching.
For example TEST-71-HOSTNAME started failing when
uname -r started including a '+':
FAIL: 'Kernel: Linux 6.12.33+deb13-amd64' not found in:
Static hostname: host
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: e6471c1f95ab49098827498ed816cdf7
Boot ID: 231da987f64d4af59f2076fbb638c611
Virtualization: kvm
Operating System: Debian GNU/Linux 13 (trixie)
Kernel: Linux 6.12.33+deb13-amd64
Architecture: x86-64
Also, if a device ACL list is defined, also go via IPC (instead of
trying to patch it, as before).
The outcome is that the tighter rules continue to apply when configured.
Fixes: #35959
@BUILD_ROOT@ is replaced with the _quoted_ build path. Hence, if
@BUILD_ROOT@ is quoted, the result is doubly quoted, and the script does
not work if the path contains spaces.
Fixes#37953.
