morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
83,331 Commits 1 Branch 0 Tags
ec9b149bb2ee38ea530094922975e40512294b81
Commit Graph

83331 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Boccassi
ec9b149bb2 mkosi: update debian commit reference to 8ba719208ff28f36bc240328725eb10008838c39 
* 8ba719208f systemd-boot: install kernel hooks to /usr/share/
* c4d6093398 Update changelog for 258~rc2-2 release
* b21987b0f9 More NEWS updates about sysv support
* cd7d07f66b NEWS: fixlets and adjustments
* 34ef04cb45 Stop installing /var/lib/systemd in the package
* 08b77c5b7c Update changelog for 258~rc2-1 release
* 48b3ec2b9a systemd-container: update lintian overrides for more false positives
* 31547d827b systemd-boot: make efibootmgr a dependency
* 88a7261c00 d/t/control: prefer systemd-boot-tools if available
* 478ea8945f systemd-boot: fix registering/removing uncompressed kernels
* b072f60375 NEWS: fix typo
* 985a3c8d56 systemd-boot: register interest in systemd-boot-signed trigger
* f13b262bf6 d/rules: set debugoptimized for upstream builds
* 615f8851e8 Install usr/share/factory files and restore nsswitch.conf/pam.d/issue on factory reset
* 61792528f2 Update changelog for 258~rc1-1 release
* 116371a1df d/copyright: update paths
* 41437c9c54 Add a few more conflicts to packages providing the same files
* 0e5eea70fd Fix Lintian warning debian-news-entry-uses-asterisk
* 60595acb01 Update Lintian overrides
* b8662ba796 Update symbols file for 258~rc1
* 58553602ca NEWS: note removal of telinit/runlevel
* d78ade0842 Drop all workarounds that are obsolete after trixie
* 7ef47f9f6b Drop world-writable /run/lock debianism
* 9d6d3a4154 NEWS: note cgroupv1 removal
* ef2ef6f35d Enable sd-vmspawn
* ac2aec3b68 Add and remove files for 258~rc1
* 06582be4e6 d/watch: remove restriction to v257.x series
* 88ccb1552a salsa-ci: enable arm64 build
 2025-08-16 12:11:46 +01:00
Luca Boccassi
855b6b77e0 test: fix typo in comment 2025-08-16 10:53:07 +01:00
Luca Boccassi
fd51a7d8b5 pidfd-util: force alignment of file_handle union to avoid assert on 32bit 
On 32bit the union won't be aligned automatically, needs to be enforced:

Assertion '((uintptr_t) _p) % alignof(uint64_t) == 0' failed at src/basic/pidfd-util.c:251, function pidfd_get_inode_id_impl(). Aborting.

Follow-up for 9c039ef5ff
 2025-08-15 12:36:20 +01:00
Luca Boccassi
57aeb4a403 mkosi: install util-linux-script on F44 
Once F41 is EOL we can just move this to the main list and
stop doing this dance every 6 months
 2025-08-14 18:18:27 +01:00
Yu Watanabe
4fd9b83c20 man: add missing comma 2025-08-14 23:33:39 +09:00
Mate Kukri
428cd7bfba Reuse the parent_image handle and parent_loaded_image 
- Reuse parent_image instead of allocating new ones. Firmware might cast
  EFI_LOADED_IMAGE_PROTOCOL * to a larger struct causing issues
- Remove loaded image protocol installation and uninstallation which are no
  longer required

Fixes a bug introduced by cab9c7b5a4.
Fixes #38567.

Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
 2025-08-14 19:59:37 +09:00
Yu Watanabe
1a360ed196 condition: fix unexpected assertion triggered 
Follow-up for c154bb65ad.
Fixes oss-fuzz#438513119.
Fixes #38570.
 2025-08-14 10:31:03 +01:00
Lennart Poettering
b4beaafb24 update TODO 2025-08-14 08:35:15 +02:00
Luca Boccassi
4f9f0e5041 ukify: drop NX bit from UKI if kernel doesn't have it 
If the kernel is not NX_COMPAT ready (W^X memory compatible) then the
UKI should not be marked as NX_COMPAT ready either, as the kernel
section is the loadable code in the image.

https://microsoft.github.io/mu/WhatAndWhy/enhancedmemoryprotection/
https://www.kraxel.org/blog/2023/12/uefi-nx-linux-boot/

While the sd-stub EFI code itself is NX ready, it is more useful
to think of it as one unit of execution together with the kernel
it embeds, as that's what it is used for.

Fixes https://github.com/systemd/systemd/issues/38545
 2025-08-14 03:49:20 +09:00
Yu Watanabe
30f1d29f39 tree-wide: various terminal related fixlets (#38544) 
Fixes #38524.
Fixes #38527.
Fixes #38552.
 2025-08-14 03:40:44 +09:00
Yu Watanabe
660244a7fc core: do not start watchdog for frozen service on daemon-reload/-reexec (#38553) 
Fixes #38551.
 2025-08-14 01:18:50 +09:00
Yu Watanabe
53878b5b3e TEST-72-SYSUPDATE: fix indentation and drop space in blank line 2025-08-13 23:54:26 +09:00
Yu Watanabe
535539222d TEST-72-SYSUPDATE: make randomly generated image file not have compression header 
Otherwise, the generated image may be wrongly detected as compressed,
and importing the image may fail:
```
[   35.194578] TEST-72-SYSUPDATE.sh[411]: + dd if=/dev/urandom of=/var/tmp/test-72-N7uTeO/source/part1-v5.raw bs=4096 count=2048
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 2048+0 records in
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 2048+0 records out
[   35.236342] TEST-72-SYSUPDATE.sh[1075]: 8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.0408601 s, 205 MB/s
(snip)
[   35.948634] TEST-72-SYSUPDATE.sh[1085]: \ Acquiring /var/tmp/test-72-N7uTeO/source/part1-v5.raw → /proc/self/fd/3p2...
[   35.952878] TEST-72-SYSUPDATE.sh[1085]: Successfully forked off '(sd-import-raw)' as PID 1089.
[   35.958952] TEST-72-SYSUPDATE.sh[1089]: Importing '/var/tmp/test-72-N7uTeO/source/part1-v5.raw', saving at offset 9437184 in '/dev/loop0'.
[   35.959575] TEST-72-SYSUPDATE.sh[1089]: Failed to decode and write: Input/output error
[   35.959575] TEST-72-SYSUPDATE.sh[1089]: Exiting.
```

Fixes #38524.
 2025-08-13 23:54:18 +09:00
Yu Watanabe
2633ed01ca import: add a debugging log of importing blob 
This should be helpful for debugging issue #38524.
 2025-08-13 23:44:58 +09:00
Yu Watanabe
defac931c0 import: align table 2025-08-13 23:44:58 +09:00
Yu Watanabe
00085ba6c2 import,sysupdate: make notify event processed before SIGCHLD of worker processes 
This fixes the following warning:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
(snip)
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^MTotal:  40%
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
[    5.638931] systemd-importd[302]: Got percentage from client: 40%
[    5.638956] systemd-importd[302]: Transfer process succeeded.
[    5.638988] systemd-importd[302]: Got notification datagram from unexpected peer, ignoring.
```
 2025-08-13 23:44:58 +09:00
Yu Watanabe
3796391497 pretty-print: show progress bar only when we are running on a TTY 
Otherwise, when a command is running with e.g. StandardError=journal+console,
journal contains [xxxB blob data]:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
[    5.632350] systemd-importd[302]: Successfully forked off '(sd-transfer)' as PID 319.
[    5.633671] TEST-13-NSPAWN.sh[318]: [83B blob data]
[    5.632598] (sd-transfer)[319]: Calling: /usr/lib/systemd/systemd-import raw --class confext - importtest
[    5.637769] systemd-importd[302]: (transfer1) Importing '/var/tmp/importtest', saving as 'importtest'.
[    5.637947] TEST-13-NSPAWN.sh[318]: [82B blob data]
[    5.638313] TEST-13-NSPAWN.sh[318]: [75B blob data]
[    5.638151] systemd-importd[302]: (transfer1) Operating on image directory '/var/lib/confexts'.
[    5.638863] systemd-importd[302]: (transfer1) Imported 40%.
[    5.638882] systemd-importd[302]: (transfer1) Wrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: [39B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [36B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [59B blob data]
[    5.639653] TEST-13-NSPAWN.sh[318]: [34B blob data]
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: [25B blob data]
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
```
The blob data entries are something like the following:
```
[    5.628796] TEST-13-NSPAWN.sh[299]: + importctl import-raw --class=confext /var/tmp/importtest
[    5.632350] systemd-importd[302]: Successfully forked off '(sd-transfer)' as PID 319.
[    5.633671] TEST-13-NSPAWN.sh[318]: ^M           ^MEnqueued transfer job 1. Press C-c to continue download in background.
[    5.632598] (sd-transfer)[319]: Calling: /usr/lib/systemd/systemd-import raw --class confext - importtest
[    5.637769] systemd-importd[302]: (transfer1) Importing '/var/tmp/importtest', saving as 'importtest'.
[    5.637947] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MImporting '/var/tmp/importtest', saving as 'importtest'.
[    5.638313] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MOperating on image directory '/var/lib/confexts'.
[    5.638151] systemd-importd[302]: (transfer1) Operating on image directory '/var/lib/confexts'.
[    5.638863] systemd-importd[302]: (transfer1) Imported 40%.
[    5.638882] systemd-importd[302]: (transfer1) Wrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MImported 40%.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MWrote 40K.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MOperation completed successfully.
[    5.639653] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^M           ^MExiting.
[    5.638894] systemd-importd[302]: (transfer1) Operation completed successfully.
[    5.640760] TEST-13-NSPAWN.sh[318]: ^MTotal:   0%^MTotal:  40%
[    5.638902] systemd-importd[302]: (transfer1) Exiting.
```

Fixes #38552.
 2025-08-13 23:44:58 +09:00
Yu Watanabe
d62adb5554 core/execute: add one more FIXME comment 2025-08-13 23:44:58 +09:00
Yu Watanabe
379d9ae222 core: do not touch tty when StandardOutput=/StandardError=journal+console/kmsg+console 2025-08-13 23:44:42 +09:00
Yu Watanabe
da34c27bb1 core: make is_terminal_input() and friends inline 
Then, rename them to exec_input_is_terminal() and so on.
 2025-08-13 23:43:52 +09:00
Yu Watanabe
18924bc784 core: do not print OSC sequence on reverting TTY settings when running on a dumb terminal 
Like we do in prepare_terminal() in exec-invoke.c.
 2025-08-13 23:43:52 +09:00
Yu Watanabe
92366b8fbc nspawn: always set TERM=dumb when running with a pipe 
Otherwise, we will get unexpected OSC sequences.
 2025-08-13 23:43:52 +09:00
Yu Watanabe
f79f89c202 profile: do not prompt OSC sequences when running on a dumb terminal 2025-08-13 23:43:51 +09:00
Yu Watanabe
cace9cf6f6 machinectl: set TERM=dumb when running on a dumb terminal or with a pipe 
Fixes #38527.
 2025-08-13 23:43:51 +09:00
keentux
3e14d02500 detect-virt: bare-metal GCE only for x86 and i386 
From the previous changes, bare-metal support has been added by using
the `detect_vm_cpuid()` which works only for x86_64 and i386 architecture.
Do not use this change for other architectures to avoid wrong result of
the detect-virt tool.

Follow-up for fb71571d3a.
Fixes #38125.
 2025-08-13 21:16:19 +09:00
Antonio Alvarez Feijoo
13358b7ce2 bootctl: specify that kernel image commands require a kernel image argument 2025-08-13 11:28:22 +01:00
Yu Watanabe
5e4115e59e TEST-17-UDEV: rotate journal before checking 
Otherwise, journal files may be rotated during checking journal entries
and the main system journal file may not be loaded:
```
[  350.372652] TEST-17-UDEV.sh[5841]: + test b253:2 = b253:2
[  350.373288] TEST-17-UDEV.sh[5841]: + [[ 1 == \1 ]]
[  350.373722] TEST-17-UDEV.sh[5841]: + journalctl -n 1 -q -u systemd-udevd.service --invocation=0 --grep 'Found inotify watch .*457'
[  350.374534] TEST-17-UDEV.sh[5970]: Journal file /run/log/journal/edc1fb58daff00ad89d6c8d9689bf172/system.journal is truncated, ignoring file.
[  350.375415] TEST-17-UDEV.sh[415]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/TEST-17-UDEV.watch.sh failed'
```

Fixes #38559.
 2025-08-13 09:36:35 +01:00
Yu Watanabe
ee76ac1411 TEST-38-FREEZER: use 'systemctl show' to get freezer state 
Also, use timeout command for waiting freezer state applied.
 2025-08-13 12:30:31 +09:00
Yu Watanabe
0e25939a9d TEST-38-FREEZER: check if watchdog is not restarted by systemctl daemon-reload or daemon-reexec 2025-08-13 10:45:36 +09:00
Yu Watanabe
b39815ebf7 core/cgroup: allow to set cgroup path for frozen unit 
Otherwise, after 'systemctl daemon-reload' or 'daemon-reexec', frozen
units cannot gain cgroup paths and we cannot operate anything on them,
especially, we cannot thaw or stop them.
```
Aug 12 16:26:09 systemd[1]: wd.service: Job 1278 wd.service/stop finished, result=frozen
Aug 12 16:26:09 systemd[1]: Cannot stop frozen unit wd.service.
Aug 12 16:26:09 systemd[1]: wd.service: Cannot realize cgroup for frozen unit.
Aug 12 16:26:09 systemd[1]: Failed to realize cgroups for queued unit wd.service, ignoring: Device or resource busy
```

Follow-up for 23ac08115a.
 2025-08-13 10:45:25 +09:00
Yu Watanabe
c70816fd09 core/service: do not start watchdog on frozen unit when service manager is reloaded or reexecuted 
Otherwise, when service manager is reloaded or reexecuted, watchdong
will be started for frozen services, and they may be killed after
timeout.

Fixes #38551.
 2025-08-13 10:38:04 +09:00
Luca Boccassi
998bb9600e test-cgroup: cleanup test cgroup 
One test cgroup gets left behind by the test, as it moves itself
into it. Move itself and back to the original cgroup at the end
and clean up.

This fixes a failure when running the test first as root, and then
as unprivileged (initial cleanup fails as the leftover test cgroup
is owned by root).
 2025-08-13 10:00:33 +09:00
Luca Boccassi
e1311b10f8 CI: run ruff format before ruff check 
Otherwise you get a failure but no hint on how to fix it
 2025-08-13 10:00:21 +09:00
Luca Boccassi
637b3904c1 tpm2-util: fixlets for tpm2_serialize/_deserialize() (#38520) 
Fixes #38507.
 2025-08-12 19:54:44 +01:00
Matteo Croce
814bff5e28 core: suppress warning 
Avoid definition of `exec_context_get_tty_for_pam` if pam support is
disabled, to avoid the following warning:
```
../src/core/exec-invoke.c:1231:12: warning: ‘exec_context_get_tty_for_pam’ defined but not used [-Wunused-function]
 1231 | static int exec_context_get_tty_for_pam(const ExecContext *context, char **ret) {
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
 2025-08-12 19:45:04 +01:00
Yu Watanabe
48d06b99e6 tpm2-util: copy serialized result in tpm2_serialize() 
For safety, though typically Esys_Free() is just a simple wrapper of
free(), but let's do unconditionally. See the comment in the code.

While at it, this makes it store the result into struct iovec.
 2025-08-12 06:11:34 +09:00
Yu Watanabe
8d40f3f42e tpm2-util: gracefully skip deserialization when no input 
While at it, this also makes tpm2_deserialize() take struct iovec.

Fixes #38507.
 2025-08-12 06:11:34 +09:00
Lennart Poettering
5bd2538405 Enable KEY_PERFORMANCE key present on Linux 6.17 (#38533) 
Linux 6.17 defines a key called KEY_PERFORMANCE for machines that have a
perfomance mode, like Alienware and Dell G-series.
 2025-08-11 18:38:58 +02:00
Yu Watanabe
59c26be53c pcrlock: make-policy should use path specified by --policy= rather than --pcrlock 
Follow-up for a434270139.
Fixes #38506.
 2025-08-11 18:34:07 +02:00
Marcos Alano
d5f65056ee Enable KEY_PERFORMANCE key present on Linux 6.17 
Note, this change does not require the kernel running on the host is
equal or newer than 6.17. But systemd-udevd needs to be built with the
kernel headers with KEY_PERFORMANCE, and the relevant kernel header is
already updated by the previous commit.
 2025-08-11 22:22:18 +09:00
Yu Watanabe
4dfadc90fd include: update kernel headers from v6.17-rc1 2025-08-11 22:22:16 +09:00
Luca Boccassi
208ba34a43 test: add coverage for kernel keyring in TEST-50-DISSECT 
Use the kernel keyring to verify images in the dissect test.
The userspace keyring is still covered by the DDI and mountfsd tests.
 2025-08-11 10:59:51 +01:00
Tobias Heider
5a64f158ec chid: don't hardcode magic numbers for non-official CHIDs 
They are constructed from EXTRA_CHID_BASE + offset
 2025-08-11 11:18:53 +02:00
Zbigniew Jędrzejewski-Szmek
491b6d0182 Missing man page and fixes for man page links (#38540) 2025-08-11 10:53:45 +02:00
Zbigniew Jędrzejewski-Szmek
f8976ad3c1 man: fix links 
Found using linkchecker.
For virtiofsd, the man page is maintained upstream, but doesn't seem to be
available in any of the usual places. So let's link to the Debian version.
systemd.filter I have no idea what it is.
 2025-08-11 10:30:26 +02:00
Yu Watanabe
1405d46bf9 core/exec-invoke: fallback to set TTY specified by TTYPath= to PAM 
Follow-up for 2b0087e5b1.
Fixes #38486.
 2025-08-11 10:26:51 +09:00
Luca Boccassi
25178aadb2 service: stop/reset watchdog on freeze/thaw 
Otherwise the unit will be killed by the watchdog given it's frozen
but the clock keeps ticking

Fixes https://github.com/systemd/systemd/issues/38517
 2025-08-11 10:26:32 +09:00
Luca Boccassi
5ecd16be68 ci: add mkosi job for debian stable 
Debian 13 has just been released and can build and run everything,
so add CI coverage for it
 2025-08-11 10:23:38 +09:00
Vasiliy Kovalev
8557ea5daa hwdb: Add launch emoji keyboard mapping for Asus M1607KA 
By default, pressing Fn+F8 maps the scancode to KEY_BLUETOOTH (in evtest,
MSC_SCAN 7e -> KEY_BLUETOOTH). Windows/the manufacturer may intercept the
same scancode to execute "Launch Emoji keyboard."
On Linux, we get the "raw" KEY_BLUETOOTH code, which is unacceptable.

prog1 is already reserved by default for launching MyAsus (a Windows
application) with the Fn+F12 combination, so we will use prog2.

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
 2025-08-11 10:17:29 +09:00
Zbigniew Jędrzejewski-Szmek
ee1ded6cd6 man: add sd-path page 
We have similar pages for other parts of libsystemd too.
 2025-08-10 13:40:32 +02:00