import systemd-252-13.el9_2

c9 imports/c9/systemd-252-13.el9_2
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
parent 9bb5664db2
commit fd8050e7e5

2
.gitignore vendored

@ -1 +1 @@
SOURCES/systemd-250.tar.gz
SOURCES/systemd-252.tar.gz

@ -1 +1 @@
3b9db821b29a577d004c8823f4ff7a054c81a39c SOURCES/systemd-250.tar.gz
7c961dc6e8bb950825b85129f59dc80f4536cabb SOURCES/systemd-252.tar.gz

@ -0,0 +1,78 @@
From 87bf366c97be1c811c4bfdf80b48d6c3e35da76a Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 25 Oct 2022 19:55:08 +0200
Subject: [PATCH] macro: Simply case macros for IN_SET
The CASE param would normally provide the operation for the compiler to
do in this macro magic. But in this case CASE_F_1 was hardcoding the
operation, making the parameter moot.
This just removes the somewhat pointless parameter instead of fixing
the one case. These macros are used for IN_SET case labels only and
not named generically anyways.
(cherry picked from commit 790f4dda74d7ecdb4e57101a37cc9f2f9236bef6)
Related #2138081
---
src/fundamental/macro-fundamental.h | 43 ++++++++++++++---------------
1 file changed, 21 insertions(+), 22 deletions(-)
diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index 2536c741c6..63f4c49e78 100644
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -251,33 +251,32 @@
(UNIQ_T(X, xq) / UNIQ_T(Y, yq) + !!(UNIQ_T(X, xq) % UNIQ_T(Y, yq))); \
})
-#define CASE_F(X) case X:
-#define CASE_F_1(CASE, X) CASE_F(X)
-#define CASE_F_2(CASE, X, ...) CASE(X) CASE_F_1(CASE, __VA_ARGS__)
-#define CASE_F_3(CASE, X, ...) CASE(X) CASE_F_2(CASE, __VA_ARGS__)
-#define CASE_F_4(CASE, X, ...) CASE(X) CASE_F_3(CASE, __VA_ARGS__)
-#define CASE_F_5(CASE, X, ...) CASE(X) CASE_F_4(CASE, __VA_ARGS__)
-#define CASE_F_6(CASE, X, ...) CASE(X) CASE_F_5(CASE, __VA_ARGS__)
-#define CASE_F_7(CASE, X, ...) CASE(X) CASE_F_6(CASE, __VA_ARGS__)
-#define CASE_F_8(CASE, X, ...) CASE(X) CASE_F_7(CASE, __VA_ARGS__)
-#define CASE_F_9(CASE, X, ...) CASE(X) CASE_F_8(CASE, __VA_ARGS__)
-#define CASE_F_10(CASE, X, ...) CASE(X) CASE_F_9(CASE, __VA_ARGS__)
-#define CASE_F_11(CASE, X, ...) CASE(X) CASE_F_10(CASE, __VA_ARGS__)
-#define CASE_F_12(CASE, X, ...) CASE(X) CASE_F_11(CASE, __VA_ARGS__)
-#define CASE_F_13(CASE, X, ...) CASE(X) CASE_F_12(CASE, __VA_ARGS__)
-#define CASE_F_14(CASE, X, ...) CASE(X) CASE_F_13(CASE, __VA_ARGS__)
-#define CASE_F_15(CASE, X, ...) CASE(X) CASE_F_14(CASE, __VA_ARGS__)
-#define CASE_F_16(CASE, X, ...) CASE(X) CASE_F_15(CASE, __VA_ARGS__)
-#define CASE_F_17(CASE, X, ...) CASE(X) CASE_F_16(CASE, __VA_ARGS__)
-#define CASE_F_18(CASE, X, ...) CASE(X) CASE_F_17(CASE, __VA_ARGS__)
-#define CASE_F_19(CASE, X, ...) CASE(X) CASE_F_18(CASE, __VA_ARGS__)
-#define CASE_F_20(CASE, X, ...) CASE(X) CASE_F_19(CASE, __VA_ARGS__)
+#define CASE_F_1(X) case X:
+#define CASE_F_2(X, ...) case X: CASE_F_1( __VA_ARGS__)
+#define CASE_F_3(X, ...) case X: CASE_F_2( __VA_ARGS__)
+#define CASE_F_4(X, ...) case X: CASE_F_3( __VA_ARGS__)
+#define CASE_F_5(X, ...) case X: CASE_F_4( __VA_ARGS__)
+#define CASE_F_6(X, ...) case X: CASE_F_5( __VA_ARGS__)
+#define CASE_F_7(X, ...) case X: CASE_F_6( __VA_ARGS__)
+#define CASE_F_8(X, ...) case X: CASE_F_7( __VA_ARGS__)
+#define CASE_F_9(X, ...) case X: CASE_F_8( __VA_ARGS__)
+#define CASE_F_10(X, ...) case X: CASE_F_9( __VA_ARGS__)
+#define CASE_F_11(X, ...) case X: CASE_F_10( __VA_ARGS__)
+#define CASE_F_12(X, ...) case X: CASE_F_11( __VA_ARGS__)
+#define CASE_F_13(X, ...) case X: CASE_F_12( __VA_ARGS__)
+#define CASE_F_14(X, ...) case X: CASE_F_13( __VA_ARGS__)
+#define CASE_F_15(X, ...) case X: CASE_F_14( __VA_ARGS__)
+#define CASE_F_16(X, ...) case X: CASE_F_15( __VA_ARGS__)
+#define CASE_F_17(X, ...) case X: CASE_F_16( __VA_ARGS__)
+#define CASE_F_18(X, ...) case X: CASE_F_17( __VA_ARGS__)
+#define CASE_F_19(X, ...) case X: CASE_F_18( __VA_ARGS__)
+#define CASE_F_20(X, ...) case X: CASE_F_19( __VA_ARGS__)
#define GET_CASE_F(_1,_2,_3,_4,_5,_6,_7,_8,_9,_10,_11,_12,_13,_14,_15,_16,_17,_18,_19,_20,NAME,...) NAME
#define FOR_EACH_MAKE_CASE(...) \
GET_CASE_F(__VA_ARGS__,CASE_F_20,CASE_F_19,CASE_F_18,CASE_F_17,CASE_F_16,CASE_F_15,CASE_F_14,CASE_F_13,CASE_F_12,CASE_F_11, \
CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \
- (CASE_F,__VA_ARGS__)
+ (__VA_ARGS__)
#define IN_SET(x, ...) \
({ \

@ -0,0 +1,25 @@
From 0c372e24bb30c25beccd76c071baca22258e71c9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 26 Oct 2022 03:28:08 +0900
Subject: [PATCH] macro: fix indentation
(cherry picked from commit e967926b092d8635b3da28fc4ca492009e32228f)
Related #2138081
---
src/fundamental/macro-fundamental.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h
index 63f4c49e78..faab16ab31 100644
--- a/src/fundamental/macro-fundamental.h
+++ b/src/fundamental/macro-fundamental.h
@@ -290,7 +290,7 @@
switch (x) { \
FOR_EACH_MAKE_CASE(__VA_ARGS__) \
_found = true; \
- break; \
+ break; \
default: \
break; \
} \

@ -0,0 +1,61 @@
From 5ac8c56f111f2875467422c851a05891c0ec7d1b Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 31 Oct 2022 12:11:59 +0100
Subject: [PATCH] test: add a couple of sanity tests for journalctl
(cherry picked from commit ca46781c5ffa3aaa7a8fb6f09976357d003c4aae)
Related #2138081
---
test/units/testsuite-04.sh | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh
index b5468cbea4..fdc3273fea 100755
--- a/test/units/testsuite-04.sh
+++ b/test/units/testsuite-04.sh
@@ -119,6 +119,44 @@ systemctl start silent-success
journalctl --sync
[[ -z "$(journalctl -b -q -u silent-success.service)" ]]
+# Exercise the matching machinery
+SYSTEMD_LOG_LEVEL=debug journalctl -b -n 1 /dev/null /dev/zero /dev/null /dev/null /dev/null
+journalctl -b -n 1 /bin/true /bin/false
+journalctl -b -n 1 /bin/true + /bin/false
+journalctl -b -n 1 -r --unit "systemd*"
+
+systemd-run --user -M "testuser@.host" /bin/echo hello
+journalctl --sync
+journalctl -b -n 1 -r --user-unit "*"
+
+(! journalctl -b /dev/lets-hope-this-doesnt-exist)
+(! journalctl -b /dev/null /dev/zero /dev/this-also-shouldnt-exist)
+(! journalctl -b --unit "this-unit-should-not-exist*")
+
+# Facilities & priorities
+journalctl --facility help
+journalctl --facility kern -n 1
+journalctl --facility syslog --priority 0..3 -n 1
+journalctl --facility syslog --priority 3..0 -n 1
+journalctl --facility user --priority 0..0 -n 1
+journalctl --facility daemon --priority warning -n 1
+journalctl --facility daemon --priority warning..info -n 1
+journalctl --facility daemon --priority notice..crit -n 1
+journalctl --facility daemon --priority 5..crit -n 1
+
+(! journalctl --facility hopefully-an-unknown-facility)
+(! journalctl --priority hello-world)
+(! journalctl --priority 0..128)
+(! journalctl --priority 0..systemd)
+
+# Other options
+journalctl --disk-usage
+journalctl --dmesg -n 1
+journalctl --fields
+journalctl --list-boots
+journalctl --update-catalog
+journalctl --list-catalog
+
# Add new tests before here, the journald restarts below
# may make tests flappy.

@ -0,0 +1,25 @@
From b1a2687cf5b419d6928d024f26aabe1de8ff7727 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Mon, 31 Oct 2022 21:17:47 +0000
Subject: [PATCH] man: fix typo found by Lintian
(cherry picked from commit 84033dd40588dbf4f57a746c141fe7d111247a93)
Related #2138081
---
man/loader.conf.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/loader.conf.xml b/man/loader.conf.xml
index 3ee42cdb73..7f173aec61 100644
--- a/man/loader.conf.xml
+++ b/man/loader.conf.xml
@@ -236,7 +236,7 @@
<para>The different sets of variables can be set up under <filename>/loader/keys/<replaceable>NAME</replaceable></filename>
where <replaceable>NAME</replaceable> is the name that is going to be used as the name of the entry.
- This allows to ship multiple sets of Secure Boot variables and choose which one to enroll at runtime.</para>
+ This allows one to ship multiple sets of Secure Boot variables and choose which one to enroll at runtime.</para>
<para>Supported secure boot variables are one database for authorized images, one key exchange key (KEK)
and one platform key (PK). For more information, refer to the <ulink url="https://uefi.org/specifications">UEFI specification</ulink>,

@ -0,0 +1,19 @@
From 3d2fc0517d43ff2c5c6fc03ebb68ef9429be5fd4 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Mon, 31 Oct 2022 21:18:53 +0000
Subject: [PATCH] test: add +x to assert.sh
The script has a shebang and .sh extension, so make it executable
W: systemd-tests: script-not-executable [usr/lib/systemd/tests/testdata/units/assert.sh]
(cherry picked from commit fb4f7271d9f75a44756b110706cdb53b82f407ce)
Related #2138081
---
test/units/assert.sh | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 test/units/assert.sh
diff --git a/test/units/assert.sh b/test/units/assert.sh
old mode 100644
new mode 100755

@ -0,0 +1,25 @@
From a2cb8467652ca36bd5420dc685d5e6b76014c3e1 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 1 Nov 2022 13:10:20 +0900
Subject: [PATCH] parse_hwdb: allow negative value for EVDEV_ABS_ properties
(cherry picked from commit f0b75cda5a3eac3fe953fd1a429a39e077387997)
Related #2138081
---
hwdb.d/parse_hwdb.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py
index c0dde75650..5a1ae5a6a0 100755
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@@ -202,7 +202,7 @@ def property_grammar():
]
abs_props = [Regex(r'EVDEV_ABS_[0-9a-f]{2}')('NAME')
- Suppress('=') -
- Word(nums + ':')('VALUE')
+ Word('-' + nums + ':')('VALUE')
]
grammar = Or(fixed_props + kbd_props + abs_props) + EOL

@ -0,0 +1,24 @@
From 07aa3fcbb7b4e4cca7b2e9be6e038ab92bfc5fdc Mon Sep 17 00:00:00 2001
From: Youfu Zhang <1315097+zhangyoufu@users.noreply.github.com>
Date: Tue, 1 Nov 2022 13:18:25 +0800
Subject: [PATCH] resolved: fix typo in feature level table
(cherry picked from commit 2ab0042854934827e61076c6e42c7381fdf78fdf)
Related #2138081
---
src/resolve/resolved-dns-server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index 9b74a8d6d8..04a4f53ed0 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -1087,6 +1087,6 @@ static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVE
[DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
[DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0",
[DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
- [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+D0",
+ [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+DO",
};
DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel);

@ -0,0 +1,28 @@
From a1f18876d5f7122c9f94af9a84f1324f50dba0ed Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 1 Nov 2022 09:43:32 +0100
Subject: [PATCH] coverage: Mark _coverage__exit as noreturn
../src/basic/coverage.h:15:48: warning: function '_coverage__exit' could
be declared with attribute 'noreturn' [-Wmissing-noreturn]
(cherry picked from commit 0bab5534b334677652bb69fe15eaa54ce84cbe7d)
Related #2138081
---
src/basic/coverage.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/coverage.h b/src/basic/coverage.h
index 3ef02cf70e..640bddc485 100644
--- a/src/basic/coverage.h
+++ b/src/basic/coverage.h
@@ -12,7 +12,7 @@
extern void _exit(int);
extern void __gcov_dump(void);
-static inline void _coverage__exit(int status) {
+static inline _Noreturn void _coverage__exit(int status) {
__gcov_dump();
_exit(status);
}

@ -0,0 +1,154 @@
From 6ab61ac93e534aec1ea4d16e77c1c355c8286e64 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 27 Oct 2022 13:14:12 +0200
Subject: [PATCH] namespace: Add hidepid/subset support check
Using fsopen()/fsconfig(), we can check if hidepid/subset are supported to
avoid the noisy logs from the kernel if they aren't supported. This works
on centos/redhat 8 as well since they've backported fsopen()/fsconfig().
(cherry picked from commit 1c265fcd5963603d338233840129ecad8d9c1420)
Related #2138081
---
meson.build | 2 ++
src/basic/missing_syscall.h | 40 +++++++++++++++++++++++++++++++
src/core/namespace.c | 47 ++++++++++++++++++++++++++++++++-----
3 files changed, 83 insertions(+), 6 deletions(-)
diff --git a/meson.build b/meson.build
index 76ad51d3fb..7750534466 100644
--- a/meson.build
+++ b/meson.build
@@ -606,6 +606,8 @@ foreach ident : [
['mount_setattr', '''#include <sys/mount.h>'''],
['move_mount', '''#include <sys/mount.h>'''],
['open_tree', '''#include <sys/mount.h>'''],
+ ['fsopen', '''#include <sys/mount.h>'''],
+ ['fsconfig', '''#include <sys/mount.h>'''],
['getdents64', '''#include <dirent.h>'''],
]
diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
index 793d111c55..d54e59fdf9 100644
--- a/src/basic/missing_syscall.h
+++ b/src/basic/missing_syscall.h
@@ -593,6 +593,46 @@ static inline int missing_move_mount(
/* ======================================================================= */
+#if !HAVE_FSOPEN
+
+#ifndef FSOPEN_CLOEXEC
+#define FSOPEN_CLOEXEC 0x00000001
+#endif
+
+static inline int missing_fsopen(const char *fsname, unsigned flags) {
+# if defined __NR_fsopen && __NR_fsopen >= 0
+ return syscall(__NR_fsopen, fsname, flags);
+# else
+ errno = ENOSYS;
+ return -1;
+# endif
+}
+
+# define fsopen missing_fsopen
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_FSCONFIG
+
+#ifndef FSCONFIG_SET_STRING
+#define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */
+#endif
+
+static inline int missing_fsconfig(int fd, unsigned cmd, const char *key, const void *value, int aux) {
+# if defined __NR_fsconfig && __NR_fsconfig >= 0
+ return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+# else
+ errno = ENOSYS;
+ return -1;
+# endif
+}
+
+# define fsconfig missing_fsconfig
+#endif
+
+/* ======================================================================= */
+
#if !HAVE_GETDENTS64
static inline ssize_t missing_getdents64(int fd, void *buffer, size_t length) {
diff --git a/src/core/namespace.c b/src/core/namespace.c
index c3cced7410..852be3bdde 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -26,6 +26,7 @@
#include "list.h"
#include "loop-util.h"
#include "loopback-setup.h"
+#include "missing_syscall.h"
#include "mkdir-label.h"
#include "mount-util.h"
#include "mountpoint-util.h"
@@ -1073,6 +1074,27 @@ static int mount_sysfs(const MountEntry *m) {
return 1;
}
+static bool mount_option_supported(const char *fstype, const char *key, const char *value) {
+ _cleanup_close_ int fd = -1;
+ int r;
+
+ /* This function assumes support by default. Only if the fsconfig() call fails with -EINVAL/-EOPNOTSUPP
+ * will it report that the option/value is not supported. */
+
+ fd = fsopen(fstype, FSOPEN_CLOEXEC);
+ if (fd < 0) {
+ if (errno != ENOSYS)
+ log_debug_errno(errno, "Failed to open superblock context for '%s': %m", fstype);
+ return true; /* If fsopen() fails for whatever reason, assume the value is supported. */
+ }
+
+ r = fsconfig(fd, FSCONFIG_SET_STRING, key, value, 0);
+ if (r < 0 && !IN_SET(errno, EINVAL, EOPNOTSUPP, ENOSYS))
+ log_debug_errno(errno, "Failed to set '%s=%s' on '%s' superblock context: %m", key, value, fstype);
+
+ return r >= 0 || !IN_SET(errno, EINVAL, EOPNOTSUPP);
+}
+
static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) {
_cleanup_free_ char *opts = NULL;
const char *entry_path;
@@ -1090,12 +1112,25 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) {
* per-instance, we'll exclusively use the textual value for hidepid=, since support was
* added in the same commit: if it's supported it is thus also per-instance. */
- opts = strjoin("hidepid=",
- ns_info->protect_proc == PROTECT_PROC_DEFAULT ? "off" :
- protect_proc_to_string(ns_info->protect_proc),
- ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : "");
- if (!opts)
- return -ENOMEM;
+ const char *hpv = ns_info->protect_proc == PROTECT_PROC_DEFAULT ?
+ "off" :
+ protect_proc_to_string(ns_info->protect_proc);
+
+ /* hidepid= support was added in 5.8, so we can use fsconfig()/fsopen() (which were added in
+ * 5.2) to check if hidepid= is supported. This avoids a noisy dmesg log by the kernel when
+ * trying to use hidepid= on systems where it isn't supported. The same applies for subset=.
+ * fsopen()/fsconfig() was also backported on some distros which allows us to detect
+ * hidepid=/subset= support in even more scenarios. */
+
+ if (mount_option_supported("proc", "hidepid", hpv)) {
+ opts = strjoin("hidepid=", hpv);
+ if (!opts)
+ return -ENOMEM;
+ }
+
+ if (ns_info->proc_subset == PROC_SUBSET_PID && mount_option_supported("proc", "subset", "pid"))
+ if (!strextend_with_separator(&opts, ",", "subset=pid"))
+ return -ENOMEM;
}
entry_path = mount_entry_path(m);

@ -0,0 +1,75 @@
From 07f188e9ca17345af904e6549c03b1c57d34405a Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 1 Nov 2022 09:17:58 +0100
Subject: [PATCH] test: add a couple of sanity tests for loginctl
(cherry picked from commit 70e9066bc2eaf159e9cde7d95bbee99e44f3045a)
Related #2138081
---
test/units/testsuite-35.sh | 45 ++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/test/units/testsuite-35.sh b/test/units/testsuite-35.sh
index 4ef0f0c11c..85925f2471 100755
--- a/test/units/testsuite-35.sh
+++ b/test/units/testsuite-35.sh
@@ -338,6 +338,50 @@ EOF
assert_eq "$(loginctl --no-legend | awk '$3=="logind-test-user" { print $5 }')" "tty2"
}
+test_sanity_check() {
+ # Exercise basic loginctl options
+
+ if [[ ! -c /dev/tty2 ]]; then
+ echo "/dev/tty2 does not exist, skipping test ${FUNCNAME[0]}."
+ return
+ fi
+
+ trap cleanup_session RETURN
+ create_session
+
+ # Run most of the loginctl commands from a user session to make
+ # the seat/session autodetection work-ish
+ systemd-run --user --pipe --wait -M "logind-test-user@.host" bash -eux <<\EOF
+ loginctl list-sessions
+ loginctl session-status
+ loginctl show-session
+ loginctl show-session -P DelayInhibited
+
+ # We're not in the same session scope, so in this case we need to specify
+ # the session ID explicitly
+ session=$(loginctl --no-legend | awk '$3 == "logind-test-user" { print $1; exit; }')
+ loginctl kill-session --signal=SIGCONT "$session"
+ # FIXME(?)
+ #loginctl kill-session --signal=SIGCONT --kill-who=leader "$session"
+
+ loginctl list-users
+ loginctl user-status
+ loginctl show-user -a
+ loginctl show-user -P IdleAction
+ loginctl kill-user --signal=SIGCONT ""
+
+ loginctl list-seats
+ loginctl seat-status
+ loginctl show-seat
+ loginctl show-seat -P IdleActionUSec
+EOF
+
+ # Requires root privileges
+ loginctl lock-sessions
+ loginctl unlock-sessions
+ loginctl flush-devices
+}
+
test_session() {
local dev
@@ -537,6 +581,7 @@ test_properties
test_started
test_suspend_on_lid
test_shutdown
+test_sanity_check
test_session
test_lock_idle_action
test_session_properties

@ -0,0 +1,48 @@
From 66a9a36c3bcd5709c30ac1f2be998eea034a9f6d Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 1 Nov 2022 17:53:42 +0100
Subject: [PATCH] test: rename TEST-26-SETENV to TEST-26-SYSTEMCTL
(cherry picked from commit c5c258ae0a4a0cfc829ed07ff96c7fab79b6ca71)
Related #2138081
---
test/{TEST-26-SETENV => TEST-26-SYSTEMCTL}/Makefile | 0
test/{TEST-26-SETENV => TEST-26-SYSTEMCTL}/test.sh | 2 +-
test/units/testsuite-26.service | 2 +-
3 files changed, 2 insertions(+), 2 deletions(-)
rename test/{TEST-26-SETENV => TEST-26-SYSTEMCTL}/Makefile (100%)
rename test/{TEST-26-SETENV => TEST-26-SYSTEMCTL}/test.sh (79%)
diff --git a/test/TEST-26-SETENV/Makefile b/test/TEST-26-SYSTEMCTL/Makefile
similarity index 100%
rename from test/TEST-26-SETENV/Makefile
rename to test/TEST-26-SYSTEMCTL/Makefile
diff --git a/test/TEST-26-SETENV/test.sh b/test/TEST-26-SYSTEMCTL/test.sh
similarity index 79%
rename from test/TEST-26-SETENV/test.sh
rename to test/TEST-26-SYSTEMCTL/test.sh
index b38e37bfce..64accf850f 100755
--- a/test/TEST-26-SETENV/test.sh
+++ b/test/TEST-26-SYSTEMCTL/test.sh
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-TEST_DESCRIPTION="test setenv"
+TEST_DESCRIPTION="systemctl-related tests"
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
diff --git a/test/units/testsuite-26.service b/test/units/testsuite-26.service
index aa553b61a6..d8fdaffb06 100644
--- a/test/units/testsuite-26.service
+++ b/test/units/testsuite-26.service
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Unit]
-Description=TEST-26-SETENV
+Description=TEST-26-SYSTEMCTL
[Service]
ExecStartPre=rm -f /failed /testok

@ -0,0 +1,251 @@
From 680d2b33d3b2a0bed17c2c1594690155bdb910bb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 1 Nov 2022 20:47:37 +0100
Subject: [PATCH] test: add a couple of sanity tests for systemctl
(cherry picked from commit d16684fe13e1d56e55df19b57b6c01b9a9303086)
Related #2138081
---
test/units/testsuite-26.sh | 209 +++++++++++++++++++++++++++++++++++--
1 file changed, 202 insertions(+), 7 deletions(-)
diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh
index ad08415317..b83f85917b 100755
--- a/test/units/testsuite-26.sh
+++ b/test/units/testsuite-26.sh
@@ -3,32 +3,227 @@
set -eux
set -o pipefail
+at_exit() {
+ if [[ -v UNIT_NAME && -e "/usr/lib/systemd/system/$UNIT_NAME" ]]; then
+ rm -fv "/usr/lib/systemd/system/$UNIT_NAME"
+ fi
+}
+
+trap at_exit EXIT
+
+# Create a simple unit file for testing
+# Note: the service file is created under /usr on purpose to test
+# the 'revert' verb as well
+UNIT_NAME="systemctl-test-$RANDOM.service"
+cat >"/usr/lib/systemd/system/$UNIT_NAME" <<\EOF
+[Unit]
+Description=systemctl test
+
+[Service]
+ExecStart=sleep infinity
+ExecReload=true
+
+# For systemctl clean
+CacheDirectory=%n
+ConfigurationDirectory=%n
+LogsDirectory=%n
+RuntimeDirectory=%n
+StateDirectory=%n
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Configure the preset setting for the unit file
+mkdir /run/systemd/system-preset/
+echo "disable $UNIT_NAME" >/run/systemd/system-preset/99-systemd-test.preset
+
+systemctl daemon-reload
+
+# Argument help
+systemctl --state help
+systemctl --signal help
+systemctl --type help
+
+# list-dependencies
+systemctl list-dependencies systemd-journald
+systemctl list-dependencies --after systemd-journald
+systemctl list-dependencies --before systemd-journald
+systemctl list-dependencies --after --reverse systemd-journald
+systemctl list-dependencies --before --reverse systemd-journald
+systemctl list-dependencies --plain systemd-journald
+
+# list-* verbs
+systemctl list-units
+systemctl list-units --recursive
+systemctl list-units --type=socket
+systemctl list-units --type=service,timer
+systemctl list-units --legend=yes -a "systemd-*"
+systemctl list-units --state=active
+systemctl list-units --with-dependencies systemd-journald.service
+systemctl list-units --with-dependencies --after systemd-journald.service
+systemctl list-units --with-dependencies --before --reverse systemd-journald.service
+systemctl list-sockets
+systemctl list-sockets --legend=no -a "*journal*"
+systemctl list-sockets --show-types
+systemctl list-sockets --state=listening
+systemctl list-timers -a -l
+systemctl list-unit-files
+systemctl list-unit-files "*journal*"
+systemctl list-jobs
+systemctl list-jobs --after
+systemctl list-jobs --before
+systemctl list-jobs --after --before
+systemctl list-jobs "*"
+
+# Basic service management
+systemctl start --show-transaction "$UNIT_NAME"
+systemctl status -n 5 "$UNIT_NAME"
+systemctl is-active "$UNIT_NAME"
+systemctl reload -T "$UNIT_NAME"
+systemctl restart -T "$UNIT_NAME"
+systemctl try-restart --show-transaction "$UNIT_NAME"
+systemctl try-reload-or-restart --show-transaction "$UNIT_NAME"
+systemctl kill "$UNIT_NAME"
+(! systemctl is-active "$UNIT_NAME")
+systemctl restart "$UNIT_NAME"
+systemctl is-active "$UNIT_NAME"
+systemctl restart "$UNIT_NAME"
+systemctl stop "$UNIT_NAME"
+(! systemctl is-active "$UNIT_NAME")
+
+# enable/disable/preset
+(! systemctl is-enabled "$UNIT_NAME")
+systemctl enable "$UNIT_NAME"
+systemctl is-enabled -l "$UNIT_NAME"
+# We created a preset file for this unit above with a "disable" policy
+systemctl preset "$UNIT_NAME"
+(! systemctl is-enabled "$UNIT_NAME")
+systemctl reenable "$UNIT_NAME"
+systemctl is-enabled "$UNIT_NAME"
+systemctl preset --preset-mode=enable-only "$UNIT_NAME"
+systemctl is-enabled "$UNIT_NAME"
+systemctl preset --preset-mode=disable-only "$UNIT_NAME"
+(! systemctl is-enabled "$UNIT_NAME")
+systemctl enable --runtime "$UNIT_NAME"
+[[ -e "/run/systemd/system/multi-user.target.wants/$UNIT_NAME" ]]
+systemctl is-enabled "$UNIT_NAME"
+systemctl disable "$UNIT_NAME"
+# The unit should be still enabled, as we didn't use the --runtime switch
+systemctl is-enabled "$UNIT_NAME"
+systemctl disable --runtime "$UNIT_NAME"
+(! systemctl is-enabled "$UNIT_NAME")
+
+# mask/unmask/revert
+systemctl disable "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == disabled ]]
+systemctl mask "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == masked ]]
+systemctl unmask "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == disabled ]]
+systemctl mask "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == masked ]]
+systemctl revert "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == disabled ]]
+systemctl mask --runtime "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == masked-runtime ]]
+# This should be a no-op without the --runtime switch
+systemctl unmask "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == masked-runtime ]]
+systemctl unmask --runtime "$UNIT_NAME"
+[[ "$(systemctl is-enabled "$UNIT_NAME")" == disabled ]]
+
+# add-wants/add-requires
+(! systemctl show -P Wants "$UNIT_NAME" | grep "systemd-journald.service")
+systemctl add-wants "$UNIT_NAME" "systemd-journald.service"
+systemctl show -P Wants "$UNIT_NAME" | grep "systemd-journald.service"
+(! systemctl show -P Requires "$UNIT_NAME" | grep "systemd-journald.service")
+systemctl add-requires "$UNIT_NAME" "systemd-journald.service"
+systemctl show -P Requires "$UNIT_NAME" | grep "systemd-journald.service"
+
+# set-property
+systemctl set-property "$UNIT_NAME" IPAccounting=yes MemoryMax=1234567
+systemctl cat "$UNIT_NAME"
+# These properties should be saved to a persistent storage
+grep -r "IPAccounting=yes" "/etc/systemd/system.control/${UNIT_NAME}.d/"
+grep -r "MemoryMax=1234567" "/etc/systemd/system.control/${UNIT_NAME}.d"
+systemctl revert "$UNIT_NAME"
+(! grep -r "IPAccounting=" "/etc/systemd/system.control/${UNIT_NAME}.d/")
+(! grep -r "MemoryMax=" "/etc/systemd/system.control/${UNIT_NAME}.d/")
+# Same stuff, but with --runtime, which should use /run
+systemctl set-property --runtime "$UNIT_NAME" CPUAccounting=no CPUQuota=10%
+systemctl cat "$UNIT_NAME"
+grep -r "CPUAccounting=no" "/run/systemd/system.control/${UNIT_NAME}.d/"
+grep -r "CPUQuota=10%" "/run/systemd/system.control/${UNIT_NAME}.d/"
+systemctl revert "$UNIT_NAME"
+(! grep -r "CPUAccounting=" "/run/systemd/system.control/${UNIT_NAME}.d/")
+(! grep -r "CPUQuota=" "/run/systemd/system.control/${UNIT_NAME}.d/")
+
+# Failed-unit related tests
+systemd-run --unit "failed.service" /bin/false
+systemctl is-failed failed.service
+systemctl --state=failed | grep failed.service
+systemctl --failed | grep failed.service
+systemctl reset-failed "fail*.service"
+(! systemctl is-failed failed.service)
+
+# clean
+systemctl restart "$UNIT_NAME"
+systemctl stop "$UNIT_NAME"
+# Check if the directories from *Directory= directives exist
+# (except RuntimeDirectory= in /run, which is removed when the unit is stopped)
+for path in /var/lib /var/cache /var/log /etc; do
+ [[ -e "$path/$UNIT_NAME" ]]
+done
+# Run the cleanup
+for what in "" configuration state cache logs runtime all; do
+ systemctl clean ${what:+--what="$what"} "$UNIT_NAME"
+done
+# All respective directories should be removed
+for path in /run /var/lib /var/cache /var/log /etc; do
+ [[ ! -e "$path/$UNIT_NAME" ]]
+done
+
+# --timestamp
+for value in pretty us µs utc us+utc µs+utc; do
+ systemctl show -P KernelTimestamp --timestamp="$value"
+done
+
+# Aux verbs & assorted checks
+systemctl is-active "*-journald.service"
+systemctl cat "*journal*"
+systemctl cat "$UNIT_NAME"
+systemctl help "$UNIT_NAME"
+
+# show/set-environment
# Make sure PATH is set
systemctl show-environment | grep -q '^PATH='
-
# Let's add an entry and override a built-in one
systemctl set-environment PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/testaddition FOO=BAR
-
# Check that both are set
systemctl show-environment | grep -q '^PATH=.*testaddition$'
systemctl show-environment | grep -q '^FOO=BAR$'
-
systemctl daemon-reload
-
# Check again after the reload
systemctl show-environment | grep -q '^PATH=.*testaddition$'
systemctl show-environment | grep -q '^FOO=BAR$'
-
# Check that JSON output is supported
systemctl show-environment --output=json | grep -q '^{.*"FOO":"BAR".*}$'
-
# Drop both
systemctl unset-environment FOO PATH
-
# Check that one is gone and the other reverted to the built-in
systemctl show-environment | grep '^FOO=$' && exit 1
systemctl show-environment | grep '^PATH=.*testaddition$' && exit 1
systemctl show-environment | grep -q '^PATH='
+# Check import-environment
+export IMPORT_THIS=hello
+export IMPORT_THIS_TOO=world
+systemctl import-environment IMPORT_THIS IMPORT_THIS_TOO
+systemctl show-environment | grep "^IMPORT_THIS=$IMPORT_THIS"
+systemctl show-environment | grep "^IMPORT_THIS_TOO=$IMPORT_THIS_TOO"
+systemctl unset-environment IMPORT_THIS IMPORT_THIS_TOO
+(! systemctl show-environment | grep "^IMPORT_THIS=")
+(! systemctl show-environment | grep "^IMPORT_THIS_TOO=")
echo OK >/testok

@ -0,0 +1,49 @@
From a9424191821c8c967edd7dd92a19d02ff5bbca87 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 2 Nov 2022 07:06:46 +0900
Subject: [PATCH] core: fix memleak in GetUnitFileLinks method
(cherry picked from commit a12ba535fa677e642c7ba19e81062ed6e9365ceb)
Related #2138081
---
src/core/dbus-manager.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 919aa58cde..88f098ec86 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2647,21 +2647,27 @@ static int method_get_unit_file_links(sd_bus_message *message, void *userdata, s
(runtime ? UNIT_FILE_RUNTIME : 0);
r = unit_file_disable(LOOKUP_SCOPE_SYSTEM, flags, NULL, p, &changes, &n_changes);
- if (r < 0)
- return log_error_errno(r, "Failed to get file links for %s: %m", name);
+ if (r < 0) {
+ log_error_errno(r, "Failed to get file links for %s: %m", name);
+ goto finish;
+ }
for (i = 0; i < n_changes; i++)
if (changes[i].type == INSTALL_CHANGE_UNLINK) {
r = sd_bus_message_append(reply, "s", changes[i].path);
if (r < 0)
- return r;
+ goto finish;
}
r = sd_bus_message_close_container(reply);
if (r < 0)
- return r;
+ goto finish;
- return sd_bus_send(NULL, reply, NULL);
+ r = sd_bus_send(NULL, reply, NULL);
+
+finish:
+ install_changes_free(changes, n_changes);
+ return r;
}
static int method_get_job_waiting(sd_bus_message *message, void *userdata, sd_bus_error *error) {

@ -0,0 +1,42 @@
From ada95dd4f4c0014815a2c3162de6297107569b05 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 2 Nov 2022 11:48:23 +0100
Subject: [PATCH] man: use the correct 'Markers' property name for marking
units
Follow-up to c9615f7352 and 70666e28a1.
(cherry picked from commit 1ca1bb03dec9ae3e8d734bd40eeb60210ffd7a0a)
Related #2138081
---
man/org.freedesktop.systemd1.xml | 2 +-
man/systemctl.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index cbd552bd99..5e08b35234 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -1250,7 +1250,7 @@ node /org/freedesktop/systemd1 {
"ReloadOrRestart" flavors attempt a reload if the unit supports it and use a restart otherwise.</para>
<para><function>EnqueueMarkedJobs()</function> creates reload/restart jobs for units which have been
- appropriately marked, see <varname>Marks</varname> property above. This is equivalent to calling
+ appropriately marked, see <varname>Markers</varname> property above. This is equivalent to calling
<function>TryRestartUnit()</function> or <function>ReloadOrTryRestartUnit()</function> for the marked
units.</para>
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 4d4f6c3992..997925892d 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -2386,7 +2386,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
<listitem><para>Only allowed with <command>reload-or-restart</command>. Enqueues restart jobs for all
units that have the <literal>needs-restart</literal> mark, and reload jobs for units that have the
<literal>needs-reload</literal> mark. When a unit marked for reload does not support reload, restart
- will be queued. Those properties can be set using <command>set-property Marks</command>.</para>
+ will be queued. Those properties can be set using <command>set-property Markers=…</command>.</para>
<para>Unless <option>--no-block</option> is used, <command>systemctl</command> will wait for the
queued jobs to finish.</para></listitem>

@ -0,0 +1,115 @@
From cce2e337e37524df5ff81e758dbcfa91bf8b696a Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 2 Nov 2022 11:44:00 +0100
Subject: [PATCH] test: further extend systemctl's sanity coverage
Also, fix a race condition introduced by d16684fe13:
```
[ 16.904218] H testsuite-26.sh[394]: + systemd-run --unit failed.service /bin/false
[ 16.964783] H systemd[845]: failed.service: Executing: /bin/false
[ 16.965062] H systemd[1]: Started failed.service.
[ 16.965462] H testsuite-26.sh[844]: Running as unit: failed.service
[ 16.966390] H testsuite-26.sh[394]: + systemctl is-failed failed.service
[ 16.977970] H testsuite-26.sh[846]: active
[ 16.978403] H systemd[1]: failed.service: Main process exited, code=exited, status=1/FAILURE
[ 16.978478] H systemd[1]: failed.service: Failed with result 'exit-code'.
```
(cherry picked from commit 23f3a6f5ff864fd26063c6c35fdaa6d85de566c7)
Related #2138081
---
test/units/testsuite-26.sh | 61 +++++++++++++++++++++++++++++++++++++-
1 file changed, 60 insertions(+), 1 deletion(-)
diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh
index b83f85917b..7c7a12b1ae 100755
--- a/test/units/testsuite-26.sh
+++ b/test/units/testsuite-26.sh
@@ -58,6 +58,9 @@ systemctl list-units
systemctl list-units --recursive
systemctl list-units --type=socket
systemctl list-units --type=service,timer
+# Compat: --type= allows load states for compatibility reasons
+systemctl list-units --type=loaded
+systemctl list-units --type=loaded,socket
systemctl list-units --legend=yes -a "systemd-*"
systemctl list-units --state=active
systemctl list-units --with-dependencies systemd-journald.service
@@ -160,7 +163,7 @@ systemctl revert "$UNIT_NAME"
(! grep -r "CPUQuota=" "/run/systemd/system.control/${UNIT_NAME}.d/")
# Failed-unit related tests
-systemd-run --unit "failed.service" /bin/false
+(! systemd-run --wait --unit "failed.service" /bin/false)
systemctl is-failed failed.service
systemctl --state=failed | grep failed.service
systemctl --failed | grep failed.service
@@ -189,11 +192,67 @@ for value in pretty us µs utc us+utc µs+utc; do
systemctl show -P KernelTimestamp --timestamp="$value"
done
+# set-default/get-default
+target="$(systemctl get-default)"
+systemctl set-default emergency.target
+[[ "$(systemctl get-default)" == emergency.target ]]
+systemctl set-default "$target"
+[[ "$(systemctl get-default)" == "$target" ]]
+
+# show/status
+systemctl show --property ""
+# Pick a heavily sandboxed unit for the best effect on coverage
+systemctl show systemd-logind.service
+systemctl status
+# Ignore the exit code in this case, as it might try to load non-existing units
+systemctl status -a >/dev/null || :
+systemctl status -a --state active,running,plugged >/dev/null
+systemctl status "systemd-*.timer"
+systemctl status "systemd-journald*.socket"
+systemctl status "sys-devices-*-ttyS0.device"
+systemctl status -- -.mount
+
+# --marked
+systemctl restart "$UNIT_NAME"
+systemctl set-property "$UNIT_NAME" Markers=needs-restart
+systemctl show -P Markers "$UNIT_NAME" | grep needs-restart
+systemctl reload-or-restart --marked
+(! systemctl show -P Markers "$UNIT_NAME" | grep needs-restart)
+
+# --dry-run with destructive verbs
+# kexec is skipped intentionally, as it requires a bit more involved setup
+VERBS=(
+ default
+ emergency
+ exit
+ halt
+ hibernate
+ hybrid-sleep
+ poweroff
+ reboot
+ rescue
+ suspend
+ suspend-then-hibernate
+)
+
+for verb in "${VERBS[@]}"; do
+ systemctl --dry-run "$verb"
+
+ if [[ "$verb" =~ (halt|poweroff|reboot) ]]; then
+ systemctl --dry-run --message "Hello world" "$verb"
+ systemctl --dry-run --no-wall "$verb"
+ systemctl --dry-run -f "$verb"
+ systemctl --dry-run -ff "$verb"
+ fi
+done
+
# Aux verbs & assorted checks
systemctl is-active "*-journald.service"
systemctl cat "*journal*"
systemctl cat "$UNIT_NAME"
systemctl help "$UNIT_NAME"
+systemctl service-watchdogs
+systemctl service-watchdogs "$(systemctl service-watchdogs)"
# show/set-environment
# Make sure PATH is set

@ -0,0 +1,131 @@
From d68d785ba0e3ecd59a2678fe00fbd7b1bde90622 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 2 Nov 2022 17:51:51 +0100
Subject: [PATCH] test: add a sanity coverage for systemd-analyze verbs
(cherry picked from commit 6c83054c0133eb53245e479d71589dceff76cf74)
Related #2138081
---
test/units/testsuite-65.sh | 108 +++++++++++++++++++++++++++++++++++++
1 file changed, 108 insertions(+)
diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh
index 64ce629f3b..ece6b8734e 100755
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@@ -9,6 +9,114 @@ set -eux
systemd-analyze log-level debug
export SYSTEMD_LOG_LEVEL=debug
+# Sanity checks
+#
+# We can't really test time, blame, critical-chain and plot verbs here, as
+# the testsuite service is a part of the boot transaction, so let's assume
+# they fail
+systemd-analyze || :
+systemd-analyze time || :
+systemd-analyze blame || :
+systemd-analyze critical-chain || :
+systemd-analyze plot >/dev/null || :
+# dot
+systemd-analyze dot >/dev/null
+systemd-analyze dot systemd-journald.service >/dev/null
+systemd-analyze dot systemd-journald.service systemd-logind.service >/dev/null
+systemd-analyze dot --from-pattern="*" --from-pattern="*.service" systemd-journald.service >/dev/null
+systemd-analyze dot --to-pattern="*" --to-pattern="*.service" systemd-journald.service >/dev/null
+systemd-analyze dot --from-pattern="*.service" --to-pattern="*.service" systemd-journald.service >/dev/null
+systemd-analyze dot --order systemd-journald.service systemd-logind.service >/dev/null
+systemd-analyze dot --require systemd-journald.service systemd-logind.service >/dev/null
+systemd-analyze dot "systemd-*.service" >/dev/null
+(! systemd-analyze dot systemd-journald.service systemd-logind.service "*" bbb ccc)
+# dump
+systemd-analyze dump >/dev/null
+systemd-analyze dump "*" >/dev/null
+systemd-analyze dump "*.socket" >/dev/null
+systemd-analyze dump systemd-journald.service >/dev/null
+(! systemd-analyze dump "")
+# unit-paths
+systemd-analyze unit-paths
+systemd-analyze unit-paths --user
+systemd-analyze unit-paths --global
+# exist-status
+systemd-analyze exit-status
+systemd-analyze exit-status STDOUT BPF
+systemd-analyze exit-status 0 1 {63..65}
+(! systemd-analyze exit-status STDOUT BPF "hello*")
+# capability
+systemd-analyze capability
+systemd-analyze capability cap_chown CAP_KILL
+systemd-analyze capability 0 1 {30..32}
+(! systemd-analyze capability cap_chown CAP_KILL "hello*")
+# condition
+mkdir -p /run/systemd/system
+UNIT_NAME="analyze-condition-$RANDOM.service"
+cat >"/run/systemd/system/$UNIT_NAME" <<EOF
+[Unit]
+AssertPathExists=/etc/os-release
+AssertEnvironment=!FOOBAR
+ConditionKernelVersion=>1.0
+ConditionPathExists=/etc/os-release
+
+[Service]
+ExecStart=/bin/true
+EOF
+systemctl daemon-reload
+systemd-analyze condition --unit="$UNIT_NAME"
+systemd-analyze condition 'ConditionKernelVersion = ! <4.0' \
+ 'ConditionKernelVersion = >=3.1' \
+ 'ConditionACPower=|false' \
+ 'ConditionArchitecture=|!arm' \
+ 'AssertPathExists=/etc/os-release'
+(! systemd-analyze condition 'ConditionArchitecture=|!arm' 'AssertXYZ=foo')
+(! systemd-analyze condition 'ConditionKernelVersion=<1.0')
+(! systemd-analyze condition 'AssertKernelVersion=<1.0')
+# syscall-filter
+systemd-analyze syscall-filter >/dev/null
+systemd-analyze syscall-filter @chown @sync
+systemd-analyze syscall-filter @sync @sync @sync
+(! systemd-analyze syscall-filter @chown @sync @foobar)
+# filesystems (requires libbpf support)
+if systemctl --version | grep "+BPF_FRAMEWORK"; then
+ systemd-analyze filesystems >/dev/null
+ systemd-analyze filesystems @basic-api
+ systemd-analyze filesystems @basic-api @basic-api @basic-api
+ (! systemd-analyze filesystems @basic-api @basic-api @foobar @basic-api)
+fi
+# calendar
+systemd-analyze calendar '*-2-29 0:0:0'
+systemd-analyze calendar --iterations=5 '*-2-29 0:0:0'
+systemd-analyze calendar '*-* *:*:*'
+systemd-analyze calendar --iterations=5 '*-* *:*:*'
+systemd-analyze calendar --iterations=50 '*-* *:*:*'
+systemd-analyze calendar --iterations=0 '*-* *:*:*'
+systemd-analyze calendar --base-time=yesterday --iterations=5 '*-* *:*:*'
+(! systemd-analyze calendar --iterations=0 '*-* 99:*:*')
+(! systemd-analyze calendar --base-time=never '*-* *:*:*')
+(! systemd-analyze calendar 1)
+(! systemd-analyze calendar "")
+# timestamp
+systemd-analyze timestamp now
+systemd-analyze timestamp -- -1
+systemd-analyze timestamp yesterday now tomorrow
+(! systemd-analyze timestamp yesterday never tomorrow)
+(! systemd-analyze timestamp 1)
+(! systemd-analyze timestamp "")
+# timespan
+systemd-analyze timespan 1
+systemd-analyze timespan 1s 300s '1year 0.000001s'
+(! systemd-analyze timespan 1s 300s aaaaaa '1year 0.000001s')
+(! systemd-analyze timespan -- -1)
+(! systemd-analyze timespan "")
+# cat-config
+systemd-analyze cat-config systemd/system.conf >/dev/null
+systemd-analyze cat-config /etc/systemd/system.conf >/dev/null
+systemd-analyze cat-config systemd/system.conf systemd/journald.conf >/dev/null
+systemd-analyze cat-config systemd/system.conf foo/bar systemd/journald.conf >/dev/null
+systemd-analyze cat-config foo/bar
+
mkdir -p /tmp/img/usr/lib/systemd/system/
mkdir -p /tmp/img/opt/

@ -0,0 +1,37 @@
From 080747ee6685b9c5877073c5120375e7a04d8216 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 3 Nov 2022 09:39:36 +0900
Subject: [PATCH] udev: first set properties based on usb subsystem
After 479da1107a0d4e2f7ef5cd938512b87a0e45f180, the usb_id builtin
command does not set ID_SERIAL if ID_BUS is already set.
Before the commit, all properties set based on pci bus were overwritten
by the usb_id, hence now it is sufficient setting them only when ID_BUS is
not set yet.
Fixes #25238.
(cherry picked from commit 01e704eba982fbc1517287cd261d229ff8e0a779)
Related #2138081
---
rules.d/60-serial.rules | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules
index f303e27fd5..c133f26109 100644
--- a/rules.d/60-serial.rules
+++ b/rules.d/60-serial.rules
@@ -3,9 +3,10 @@
ACTION=="remove", GOTO="serial_end"
SUBSYSTEM!="tty", GOTO="serial_end"
-SUBSYSTEMS=="pci", ENV{ID_BUS}="pci", ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}"
-SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci"
SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
+SUBSYSTEMS=="pci", ENV{ID_BUS}=="", ENV{ID_BUS}="pci", \
+ ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}", \
+ IMPORT{builtin}="hwdb --subsystem=pci"
# /dev/serial/by-path/, /dev/serial/by-id/ for USB devices
KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end"

@ -0,0 +1,30 @@
From 35ec16bfef92d072edacad892fc138b3595ee69b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 3 Nov 2022 09:43:14 +0900
Subject: [PATCH] udev: drop redundant call of usb_id and assignment of
ID_USB_INTERFACE_NUM
The usb_id builtin command is already called in the above, and the
command sets the ID_USB_INTERFACE_NUM property.
(cherry picked from commit b2e53f5a0f12db65c88404477fedee5c57d201ba)
Related #2138081
---
rules.d/60-serial.rules | 2 --
1 file changed, 2 deletions(-)
diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules
index c133f26109..2c1488e930 100644
--- a/rules.d/60-serial.rules
+++ b/rules.d/60-serial.rules
@@ -17,9 +17,7 @@ IMPORT{builtin}="path_id"
ENV{ID_PATH}=="?*", ENV{.ID_PORT}=="", SYMLINK+="serial/by-path/$env{ID_PATH}"
ENV{ID_PATH}=="?*", ENV{.ID_PORT}=="?*", SYMLINK+="serial/by-path/$env{ID_PATH}-port$env{.ID_PORT}"
-IMPORT{builtin}="usb_id"
ENV{ID_SERIAL}=="", GOTO="serial_end"
-SUBSYSTEMS=="usb", ENV{ID_USB_INTERFACE_NUM}="$attr{bInterfaceNumber}"
ENV{ID_USB_INTERFACE_NUM}=="", GOTO="serial_end"
ENV{.ID_PORT}=="", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}"
ENV{.ID_PORT}=="?*", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}-port$env{.ID_PORT}"

@ -1,27 +0,0 @@
From 402595e7b0668b8fe44b5b00b1dd45ba9cc42b82 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 4 Nov 2021 12:31:32 +0100
Subject: [PATCH] ci: use C9S chroots in Packit
rhel-only
Related: #2017035
---
.packit.yml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.packit.yml b/.packit.yml
index 3461bccbc5..ce8782aae2 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -37,9 +37,8 @@ jobs:
trigger: pull_request
metadata:
targets:
- # FIXME: change to CentOS 9 once it's available
- - fedora-34-x86_64
- - fedora-34-aarch64
+ - centos-stream-9-x86_64
+ - centos-stream-9-aarch64
# TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
# Run tests (via testing farm)

@ -0,0 +1,26 @@
From 03bb31bbb875e20da7ae37eb44e98d244823e0e7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 3 Nov 2022 09:52:23 +0900
Subject: [PATCH] udev: add safe guard for setting by-id symlink
The ID_BUS property is necessary for creating by-id symlinks.
(cherry picked from commit 5286da064c97d2ac934cb301066aaa8605a3c8f9)
Related #2138081
---
rules.d/60-serial.rules | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules
index 2c1488e930..a0e66323a9 100644
--- a/rules.d/60-serial.rules
+++ b/rules.d/60-serial.rules
@@ -17,6 +17,7 @@ IMPORT{builtin}="path_id"
ENV{ID_PATH}=="?*", ENV{.ID_PORT}=="", SYMLINK+="serial/by-path/$env{ID_PATH}"
ENV{ID_PATH}=="?*", ENV{.ID_PORT}=="?*", SYMLINK+="serial/by-path/$env{ID_PATH}-port$env{.ID_PORT}"
+ENV{ID_BUS}=="", GOTO="serial_end"
ENV{ID_SERIAL}=="", GOTO="serial_end"
ENV{ID_USB_INTERFACE_NUM}=="", GOTO="serial_end"
ENV{.ID_PORT}=="", SYMLINK+="serial/by-id/$env{ID_BUS}-$env{ID_SERIAL}-if$env{ID_USB_INTERFACE_NUM}"

@ -0,0 +1,45 @@
From 266baa71dbb336d9c2eb1e4e7db3983477cc6ce0 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 3 Nov 2022 10:59:38 +0100
Subject: [PATCH] test: cover legacy/deprecated systemd-analyze verbs
They're no longer documented since 26e1e97345 but still work.
(cherry picked from commit 926d95cd4c209b8c292829511542b11d7c43e662)
Related #2138081
---
test/units/testsuite-65.sh | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh
index ece6b8734e..89406a108e 100755
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@@ -6,7 +6,7 @@ set -eux
# shellcheck source=test/units/assert.sh
. "$(dirname "$0")"/assert.sh
-systemd-analyze log-level debug
+systemctl log-level debug
export SYSTEMD_LOG_LEVEL=debug
# Sanity checks
@@ -19,6 +19,17 @@ systemd-analyze time || :
systemd-analyze blame || :
systemd-analyze critical-chain || :
systemd-analyze plot >/dev/null || :
+# legacy/deprecated options (moved to systemctl, but still usable from analyze)
+systemd-analyze log-level
+systemd-analyze log-level "$(systemctl log-level)"
+systemd-analyze get-log-level
+systemd-analyze set-log-level "$(systemctl log-level)"
+systemd-analyze log-target
+systemd-analyze log-target "$(systemctl log-target)"
+systemd-analyze get-log-target
+systemd-analyze set-log-target "$(systemctl log-target)"
+systemd-analyze service-watchdogs
+systemd-analyze service-watchdogs "$(systemctl service-watchdogs)"
# dot
systemd-analyze dot >/dev/null
systemd-analyze dot systemd-journald.service >/dev/null

@ -1,136 +0,0 @@
From 68199fe69a2c46e498bc7e9528d54922deecc553 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Sep 2020 17:58:03 +0200
Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
https://bugzilla.redhat.com/show_bug.cgi?id=1803070
I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
than the one we get from /proc/self/fdinfo/. This only matters when both statx and
name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
(gdb) !uname -r
5.6.19-200.fc31.ppc64le
(gdb) !cat /proc/self/mountinfo
697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
The test process does
name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
read(open("/proc/self/fdinfo/4", ...)) which gives
"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
We could either drop the fallback path (and fail name_to_handle_at() is not
avaliable) or ignore the error in the test. Not sure what is better. I think
this issue only occurs sometimes and with older kernels, so probably continuing
with the current flaky implementation is better than ripping out the fallback.
Another strace:
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
) = 28
name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
) = 20
name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
) = 30
name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
) = 23
name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
read(5</proc/20/fdinfo/4>, "", 1024) = 0
close(5</proc/20/fdinfo/4>) = 0
close(4</proc/filesystems>) = 0
writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
) = 42
writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
) = 39
writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
) = 109
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid() = 20
gettid() = 20
tgkill(20, 20, SIGABRT) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
RHEL notes: af918c4 should mitigate this issue, but in some build
systems (Copr, brew, etc.) we don't have enough privileges to create a
new mount namespace
Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
rhel-only
Related: #2017035
---
src/test/test-mountpoint-util.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index d11edf502a..9515d8cf7b 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -101,8 +101,12 @@ TEST(mnt_id) {
/* The ids don't match? If so, then there are two mounts on the same path, let's check if
* that's really the case */
char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
- log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
- assert_se(path_equal(p, t));
+ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
+
+ if (!path_equal(p, t))
+ /* Apparent kernel bug in /proc/self/fdinfo */
+ log_warning("Bad mount id given for %s: %d, should be %d",
+ p, mnt_id2, mnt_id);
}
}

@ -0,0 +1,56 @@
From 37614533602981aa3757cd3e847f184fdae1432e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 3 Nov 2022 11:33:13 +0100
Subject: [PATCH] test: cover a couple of previously missed analyze code paths
(cherry picked from commit 8b1879bcd0ed1168f5ad35a3dd0e213a31a2ee42)
Related #2138081
---
test/units/testsuite-65.sh | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh
index 89406a108e..1f34308b44 100755
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@@ -45,8 +45,16 @@ systemd-analyze dot "systemd-*.service" >/dev/null
systemd-analyze dump >/dev/null
systemd-analyze dump "*" >/dev/null
systemd-analyze dump "*.socket" >/dev/null
+systemd-analyze dump "*.socket" "*.service" aaaaaaa ... >/dev/null
systemd-analyze dump systemd-journald.service >/dev/null
(! systemd-analyze dump "")
+# unit-files
+systemd-analyze unit-files >/dev/null
+systemd-analyze unit-files systemd-journald.service >/dev/null
+systemd-analyze unit-files "*" >/dev/null
+systemd-analyze unit-files "*" aaaaaa "*.service" "*.target" >/dev/null
+systemd-analyze unit-files --user >/dev/null
+systemd-analyze unit-files --user "*" aaaaaa "*.service" "*.target" >/dev/null
# unit-paths
systemd-analyze unit-paths
systemd-analyze unit-paths --user
@@ -103,6 +111,7 @@ systemd-analyze calendar '*-* *:*:*'
systemd-analyze calendar --iterations=5 '*-* *:*:*'
systemd-analyze calendar --iterations=50 '*-* *:*:*'
systemd-analyze calendar --iterations=0 '*-* *:*:*'
+systemd-analyze calendar --iterations=5 '01-01-22 01:00:00'
systemd-analyze calendar --base-time=yesterday --iterations=5 '*-* *:*:*'
(! systemd-analyze calendar --iterations=0 '*-* 99:*:*')
(! systemd-analyze calendar --base-time=never '*-* *:*:*')
@@ -114,12 +123,14 @@ systemd-analyze timestamp -- -1
systemd-analyze timestamp yesterday now tomorrow
(! systemd-analyze timestamp yesterday never tomorrow)
(! systemd-analyze timestamp 1)
+(! systemd-analyze timestamp '*-2-29 0:0:0')
(! systemd-analyze timestamp "")
# timespan
systemd-analyze timespan 1
systemd-analyze timespan 1s 300s '1year 0.000001s'
(! systemd-analyze timespan 1s 300s aaaaaa '1year 0.000001s')
(! systemd-analyze timespan -- -1)
+(! systemd-analyze timespan '*-2-29 0:0:0')
(! systemd-analyze timespan "")
# cat-config
systemd-analyze cat-config systemd/system.conf >/dev/null

@ -1,39 +0,0 @@
From 324d99159e1e64d78a580073626f5b645f1c3639 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 31 Jan 2022 14:19:09 +0100
Subject: [PATCH] test: copy portable profiles into the image if they don't
exist there
If we're built with `-Dportable=false`, the portable profiles won't get
installed into the image. Since we need only the profile files and
nothing else, let's copy them into the image explicitly in such case.
(cherry picked from commit 6f73ef8b30803ac1be1b2607aec1a89d778caa9a)
Related: #2017035
---
test/test-functions | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 218d0e6888..35d8f074a9 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1151,6 +1151,17 @@ install_systemd() {
mkdir -p "$initdir/etc/systemd/system/service.d/"
echo -e "[Service]\nProtectSystem=no\nProtectHome=no\n" >"$initdir/etc/systemd/system/service.d/gcov-override.conf"
fi
+
+ # If we're built with -Dportabled=false, tests with systemd-analyze
+ # --profile will fail. Since we need just the profile (text) files, let's
+ # copy them into the image if they don't exist there.
+ local portable_dir="${initdir:?}${ROOTLIBDIR:?}/portable"
+ if [[ ! -d "$portable_dir/profile/strict" ]]; then
+ dinfo "Couldn't find portable profiles in the test image"
+ dinfo "Copying them directly from the source tree"
+ mkdir -p "$portable_dir"
+ cp -frv "${SOURCE_DIR:?}/src/portable/profile" "$portable_dir"
+ fi
}
get_ldpath() {

@ -0,0 +1,371 @@
From e0d51a65a8bbe8c86af4bb843a5f9ac7d590fa01 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 3 Nov 2022 13:13:03 +0100
Subject: [PATCH] test: introduce sanity coverage for auxiliary utils
(cherry picked from commit d1020334fd15e0cffe68cb4d7e862a36253cc481)
Related #2138081
---
test/TEST-74-AUX-UTILS/Makefile | 1 +
test/TEST-74-AUX-UTILS/test.sh | 10 ++
test/units/testsuite-74.cgls.sh | 26 +++++
test/units/testsuite-74.cgtop.sh | 32 ++++++
test/units/testsuite-74.delta.sh | 59 +++++++++++
test/units/testsuite-74.firstboot.sh | 145 +++++++++++++++++++++++++++
test/units/testsuite-74.service | 8 ++
test/units/testsuite-74.sh | 14 +++
8 files changed, 295 insertions(+)
create mode 120000 test/TEST-74-AUX-UTILS/Makefile
create mode 100755 test/TEST-74-AUX-UTILS/test.sh
create mode 100755 test/units/testsuite-74.cgls.sh
create mode 100755 test/units/testsuite-74.cgtop.sh
create mode 100755 test/units/testsuite-74.delta.sh
create mode 100755 test/units/testsuite-74.firstboot.sh
create mode 100644 test/units/testsuite-74.service
create mode 100755 test/units/testsuite-74.sh
diff --git a/test/TEST-74-AUX-UTILS/Makefile b/test/TEST-74-AUX-UTILS/Makefile
new file mode 120000
index 0000000000..e9f93b1104
--- /dev/null
+++ b/test/TEST-74-AUX-UTILS/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-74-AUX-UTILS/test.sh b/test/TEST-74-AUX-UTILS/test.sh
new file mode 100755
index 0000000000..f422c89141
--- /dev/null
+++ b/test/TEST-74-AUX-UTILS/test.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+TEST_DESCRIPTION="Tests for auxiliary utilities"
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+do_test "$@"
diff --git a/test/units/testsuite-74.cgls.sh b/test/units/testsuite-74.cgls.sh
new file mode 100755
index 0000000000..120570c9cc
--- /dev/null
+++ b/test/units/testsuite-74.cgls.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+systemd-cgls
+systemd-cgls --all --full
+systemd-cgls -k
+systemd-cgls --xattr=yes
+systemd-cgls --xattr=no
+systemd-cgls --cgroup-id=yes
+systemd-cgls --cgroup-id=no
+
+systemd-cgls /system.slice/systemd-journald.service
+systemd-cgls /system.slice/systemd-journald.service /init.scope
+systemd-cgls /sys/fs/cgroup/system.slice/systemd-journald.service /init.scope
+(cd /sys/fs/cgroup/init.scope && systemd-cgls)
+systemd-cgls --unit=systemd-journald.service
+# There's most likely no user session running, so we need to create one
+systemd-run --user --wait --pipe -M testuser@.host systemd-cgls --user-unit=app.slice
+
+(! systemd-cgls /foo/bar)
+(! systemd-cgls --unit=hello.world)
+(! systemd-cgls --user-unit=hello.world)
+(! systemd-cgls --xattr=foo)
+(! systemd-cgls --cgroup-id=foo)
diff --git a/test/units/testsuite-74.cgtop.sh b/test/units/testsuite-74.cgtop.sh
new file mode 100755
index 0000000000..8141ec1b1f
--- /dev/null
+++ b/test/units/testsuite-74.cgtop.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# Without tty attached cgtop should default to --iterations=1
+systemd-cgtop
+systemd-cgtop --iterations=1
+# Same as --iterations=1
+systemd-cgtop -1
+systemd-cgtop --delay=1ms
+systemd-cgtop --raw
+systemd-cgtop --batch
+systemd-cgtop --cpu=percentage
+systemd-cgtop --cpu=time
+systemd-cgtop -P
+systemd-cgtop -k
+# FIXME: https://github.com/systemd/systemd/issues/25248
+#systemd-cgtop --recursive=no
+systemd-cgtop --depth=0
+systemd-cgtop --depth=100
+
+for order in path tasks cpu memory io; do
+ systemd-cgtop --order="$order"
+done
+systemd-cgtop -p -t -c -m -i
+
+(! systemd-cgtop --cpu=foo)
+(! systemd-cgtop --order=foo)
+(! systemd-cgtop --depth=-1)
+(! systemd-cgtop --recursive=foo)
+(! systemd-cgtop --delay=1foo)
diff --git a/test/units/testsuite-74.delta.sh b/test/units/testsuite-74.delta.sh
new file mode 100755
index 0000000000..a0e1cb52dd
--- /dev/null
+++ b/test/units/testsuite-74.delta.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+at_exit() {
+ rm -rfv /{run,etc}/systemd/system/delta-test*
+}
+
+trap at_exit EXIT
+
+# Create a couple of supporting units with overrides
+#
+# Extended unit
+cat >"/run/systemd/system/delta-test-unit-extended.service" <<EOF
+[Service]
+ExecStart=/bin/true
+EOF
+mkdir -p "/run/systemd/system/delta-test-unit-extended.service.d"
+cat >"/run/systemd/system/delta-test-unit-extended.service.d/override.conf" <<EOF
+[Unit]
+Description=Foo Bar
+[Service]
+ExecStartPre=/bin/true
+EOF
+# Masked unit
+cp -fv /run/systemd/system/delta-test-unit-extended.service /run/systemd/system/delta-test-unit-masked.service
+systemctl mask delta-test-unit-masked.service
+# Overridden unit
+cp -fv /run/systemd/system/delta-test-unit-extended.service /run/systemd/system/delta-test-unit-overridden.service
+cp -fv /run/systemd/system/delta-test-unit-overridden.service /etc/systemd/system/delta-test-unit-overridden.service
+echo "ExecStartPost=/bin/true" >>/etc/systemd/system/delta-test-unit-overridden.service
+# Overridden but equivalent unit
+ln -srfv /run/systemd/system/delta-test-unit-extended.service /run/systemd/system/delta-test-unit-equivalent.service
+ln -sfv /run/systemd/system/delta-test-unit-extended.service /etc/systemd/system/delta-test-unit-equivalent.service
+# Redirected unit
+ln -srfv /run/systemd/system/delta-test-unit-extended.service /run/systemd/system/delta-test-unit-redirected.service
+ln -sfv /run/systemd/system/delta-test-unit-overidden.service /etc/systemd/system/delta-test-unit-extended.service
+
+systemctl daemon-reload
+
+systemd-delta
+systemd-delta /run
+systemd-delta systemd/system
+systemd-delta /run systemd/system /run
+systemd-delta /run foo/bar hello/world systemd/system /run
+systemd-delta foo/bar
+systemd-delta --diff=true
+systemd-delta --diff=false
+
+for type in masked equivalent redirected overridden extended unchanged; do
+ systemd-delta --type="$type"
+ systemd-delta --type="$type" /run
+done
+systemd-delta --type=equivalent,redirected
+
+(! systemd-delta --diff=foo)
+(! systemd-delta --type=foo)
+(! systemd-delta --type=equivalent,redirected,foo)
diff --git a/test/units/testsuite-74.firstboot.sh b/test/units/testsuite-74.firstboot.sh
new file mode 100755
index 0000000000..02f9f5cd7a
--- /dev/null
+++ b/test/units/testsuite-74.firstboot.sh
@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+if ! command -v systemd-firstboot >/dev/null; then
+ echo "systemd-firstboot not found, skipping the test"
+ exit 0
+fi
+
+at_exit() {
+ if [[ -v ROOT && -n "$ROOT" ]]; then
+ ls -lR "$ROOT"
+ rm -fr "$ROOT"
+ fi
+}
+
+trap at_exit EXIT
+
+# Generated via `mkpasswd -m sha-512 -S foobarsalt password1`
+# shellcheck disable=SC2016
+ROOT_HASHED_PASSWORD1='$6$foobarsalt$YbwdaATX6IsFxvWbY3QcZj2gB31R/LFRFrjlFrJtTTqFtSfn4dfOAg/km2k4Sl.a2g7LOYDo31wMTaEsCo9j41'
+# Generated via `mkpasswd -m sha-512 -S foobarsalt password2`
+# shellcheck disable=SC2016
+ROOT_HASHED_PASSWORD2='$6$foobarsalt$q.P2932zYMLbKnjFwIxPI8y3iuxeuJ2BgE372LcZMMnj3Gcg/9mJg2LPKUl.ha0TG/.fRNNnRQcLfzM0SNot3.'
+
+# Create a minimal root so we don't modify the testbed
+ROOT=test-root
+mkdir -p "$ROOT/bin"
+# Dummy shell for --root-shell=
+touch "$ROOT/bin/fooshell" "$ROOT/bin/barshell"
+
+systemd-firstboot --root="$ROOT" --locale=foo
+grep -q "LANG=foo" "$ROOT/etc/locale.conf"
+rm -fv "$ROOT/etc/locale.conf"
+# FIXME: https://github.com/systemd/systemd/issues/25249
+#systemd-firstboot --root="$ROOT" --locale-messages=foo
+#grep -q "LC_MESSAGES=foo" "$ROOT/etc/locale.conf"
+#rm -fv "$ROOT/etc/locale.conf"
+systemd-firstboot --root="$ROOT" --locale=foo --locale-messages=bar
+grep -q "LANG=foo" "$ROOT/etc/locale.conf"
+grep -q "LC_MESSAGES=bar" "$ROOT/etc/locale.conf"
+
+systemd-firstboot --root="$ROOT" --keymap=foo
+grep -q "KEYMAP=foo" "$ROOT/etc/vconsole.conf"
+
+systemd-firstboot --root="$ROOT" --timezone=Europe/Berlin
+readlink "$ROOT/etc/localtime" | grep -q "Europe/Berlin"
+
+systemd-firstboot --root="$ROOT" --hostname "foobar"
+grep -q "foobar" "$ROOT/etc/hostname"
+
+systemd-firstboot --root="$ROOT" --machine-id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+grep -q "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "$ROOT/etc/machine-id"
+
+rm -fv "$ROOT/etc/passwd" "$ROOT/etc/shadow"
+systemd-firstboot --root="$ROOT" --root-password=foo
+grep -q "^root:x:0:0:" "$ROOT/etc/passwd"
+grep -q "^root:" "$ROOT/etc/shadow"
+rm -fv "$ROOT/etc/passwd" "$ROOT/etc/shadow"
+echo "foo" >root.passwd
+systemd-firstboot --root="$ROOT" --root-password-file=root.passwd
+grep -q "^root:x:0:0:" "$ROOT/etc/passwd"
+grep -q "^root:" "$ROOT/etc/shadow"
+rm -fv "$ROOT/etc/passwd" "$ROOT/etc/shadow" root.passwd
+# Set the shell together with the password, as firstboot won't touch
+# /etc/passwd if it already exists
+systemd-firstboot --root="$ROOT" --root-password-hashed="$ROOT_HASHED_PASSWORD1" --root-shell=/bin/fooshell
+grep -q "^root:x:0:0:.*:/bin/fooshell$" "$ROOT/etc/passwd"
+grep -q "^root:$ROOT_HASHED_PASSWORD1:" "$ROOT/etc/shadow"
+
+systemd-firstboot --root="$ROOT" --kernel-command-line="foo.bar=42"
+grep -q "foo.bar=42" "$ROOT/etc/kernel/cmdline"
+
+# Configs should not get overwritten if they exist unless --force is used
+systemd-firstboot --root="$ROOT" \
+ --locale=locale-overwrite \
+ --locale-messages=messages-overwrite \
+ --keymap=keymap-overwrite \
+ --timezone=CET \
+ --hostname=hostname-overwrite \
+ --machine-id=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb \
+ --root-password-hashed="$ROOT_HASHED_PASSWORD2" \
+ --root-shell=/bin/barshell \
+ --kernel-command-line="hello.world=0"
+grep -q "LANG=foo" "$ROOT/etc/locale.conf"
+grep -q "LC_MESSAGES=bar" "$ROOT/etc/locale.conf"
+grep -q "KEYMAP=foo" "$ROOT/etc/vconsole.conf"
+readlink "$ROOT/etc/localtime" | grep -q "Europe/Berlin$"
+grep -q "foobar" "$ROOT/etc/hostname"
+grep -q "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "$ROOT/etc/machine-id"
+grep -q "^root:x:0:0:.*:/bin/fooshell$" "$ROOT/etc/passwd"
+grep -q "^root:$ROOT_HASHED_PASSWORD1:" "$ROOT/etc/shadow"
+grep -q "foo.bar=42" "$ROOT/etc/kernel/cmdline"
+
+# The same thing, but now with --force
+systemd-firstboot --root="$ROOT" --force \
+ --locale=locale-overwrite \
+ --locale-messages=messages-overwrite \
+ --keymap=keymap-overwrite \
+ --timezone=CET \
+ --hostname=hostname-overwrite \
+ --machine-id=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb \
+ --root-password-hashed="$ROOT_HASHED_PASSWORD2" \
+ --root-shell=/bin/barshell \
+ --kernel-command-line="hello.world=0"
+grep -q "LANG=locale-overwrite" "$ROOT/etc/locale.conf"
+grep -q "LC_MESSAGES=messages-overwrite" "$ROOT/etc/locale.conf"
+grep -q "KEYMAP=keymap-overwrite" "$ROOT/etc/vconsole.conf"
+readlink "$ROOT/etc/localtime" | grep -q "/CET$"
+grep -q "hostname-overwrite" "$ROOT/etc/hostname"
+grep -q "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" "$ROOT/etc/machine-id"
+grep -q "^root:x:0:0:.*:/bin/barshell$" "$ROOT/etc/passwd"
+grep -q "^root:$ROOT_HASHED_PASSWORD2:" "$ROOT/etc/shadow"
+grep -q "hello.world=0" "$ROOT/etc/kernel/cmdline"
+
+# --copy-* options
+rm -fr "$ROOT"
+mkdir "$ROOT"
+# Copy everything at once (--copy)
+systemd-firstboot --root="$ROOT" --copy
+diff /etc/locale.conf "$ROOT/etc/locale.conf"
+diff <(awk -F: '/^root/ { print $7; }' /etc/passwd) <(awk -F: '/^root/ { print $7; }' "$ROOT/etc/passwd")
+diff <(awk -F: '/^root/ { print $2; }' /etc/shadow) <(awk -F: '/^root/ { print $2; }' "$ROOT/etc/shadow")
+[[ -e /etc/vconsole.conf ]] && diff /etc/vconsole.conf "$ROOT/etc/vconsole.conf"
+[[ -e /etc/localtime ]] && diff <(readlink /etc/localtime) <(readlink "$ROOT/etc/localtime")
+rm -fr "$ROOT"
+mkdir "$ROOT"
+# Copy everything at once, but now by using separate switches
+systemd-firstboot --root="$ROOT" --copy-locale --copy-keymap --copy-timezone --copy-root-password --copy-root-shell
+diff /etc/locale.conf "$ROOT/etc/locale.conf"
+diff <(awk -F: '/^root/ { print $7; }' /etc/passwd) <(awk -F: '/^root/ { print $7; }' "$ROOT/etc/passwd")
+diff <(awk -F: '/^root/ { print $2; }' /etc/shadow) <(awk -F: '/^root/ { print $2; }' "$ROOT/etc/shadow")
+[[ -e /etc/vconsole.conf ]] && diff /etc/vconsole.conf "$ROOT/etc/vconsole.conf"
+[[ -e /etc/localtime ]] && diff <(readlink /etc/localtime) <(readlink "$ROOT/etc/localtime")
+
+# Assorted tests
+rm -fr "$ROOT"
+mkdir "$ROOT"
+
+systemd-firstboot --root="$ROOT" --setup-machine-id
+grep -E "[a-z0-9]{32}" "$ROOT/etc/machine-id"
+
+systemd-firstboot --root="$ROOT" --delete-root-password
+diff <(echo) <(awk -F: '/^root/ { print $2; }' "$ROOT/etc/shadow")
diff --git a/test/units/testsuite-74.service b/test/units/testsuite-74.service
new file mode 100644
index 0000000000..f782132a92
--- /dev/null
+++ b/test/units/testsuite-74.service
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-74-AUX-UTILS
+
+[Service]
+ExecStartPre=rm -f /failed /testok
+ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
+Type=oneshot
diff --git a/test/units/testsuite-74.sh b/test/units/testsuite-74.sh
new file mode 100755
index 0000000000..13c767e490
--- /dev/null
+++ b/test/units/testsuite-74.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+: >/failed
+
+for script in "${0%.sh}".*.sh; do
+ echo "Running $script"
+ "./$script"
+done
+
+touch /testok
+rm /failed

@ -0,0 +1,56 @@
From 1ef6ffdf0923095752665c7ff6062514dfa6c6bf Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 4 Nov 2022 00:01:16 +0000
Subject: [PATCH] firstboot: fix segfault when --locale-messages= is passed
without --locale=
\#0 __strcmp_evex () at ../sysdeps/x86_64/multiarch/strcmp-evex.S:295
No locals.
\#1 0x0000557444eb172b in process_locale () at ../src/firstboot/firstboot.c:342
etc_localeconf = 0x7ffd40217b80 "/root/root/etc/locale.conf"
locales = {0x0, 0x0, 0x0}
i = 0
r = <optimized out>
__PRETTY_FUNCTION__ = "process_locale"
__func__ = "process_locale"
\#2 0x0000557444eaff93 in run (argv=0x7ffd40217d98, argc=3) at ../src/firstboot/firstboot.c:1401
loop_device = 0x0
unlink_dir = 0x0
r = <optimized out>
loop_device = <optimized out>
unlink_dir = <optimized out>
r = <optimized out>
__func__ = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
enabled = <optimized out>
_error = <optimized out>
_level = <optimized out>
_e = <optimized out>
_level = <optimized out>
_e = <optimized out>
\#3 main (argc=3, argv=0x7ffd40217d98) at ../src/firstboot/firstboot.c:1432
r = <optimized out>
__PRETTY_FUNCTION__ = "main"
Fixes https://github.com/systemd/systemd/issues/25249
(cherry picked from commit 4c4a73ce068ef16cfe7ad07c7c3386ac1dbc58fe)
Related #2138081
---
src/firstboot/firstboot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index 065ee896cd..63db78b52d 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -339,7 +339,7 @@ static int process_locale(void) {
if (!isempty(arg_locale))
locales[i++] = strjoina("LANG=", arg_locale);
- if (!isempty(arg_locale_messages) && !streq(arg_locale_messages, arg_locale))
+ if (!isempty(arg_locale_messages) && !streq_ptr(arg_locale_messages, arg_locale))
locales[i++] = strjoina("LC_MESSAGES=", arg_locale_messages);
if (i == 0)

@ -1,43 +0,0 @@
From 16908e1ec833d857cb418712c382c6f604426b36 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 1 Feb 2022 20:18:29 +0100
Subject: [PATCH] test: introduce `get_cgroup_hierarchy() helper
which returns the host's cgroup hierarchy (unified, hybrid, or legacy).
(cherry picked from commit f723740871bd3eb89d16a526a1ff77c04bb3787a)
Related: #2047768
---
test/test-functions | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 35d8f074a9..4827b6bedf 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1996,6 +1996,24 @@ import_initdir() {
export initdir
}
+get_cgroup_hierarchy() {
+ case "$(stat -c '%T' -f /sys/fs/cgroup)" in
+ cgroup2fs)
+ echo "unified"
+ ;;
+ tmpfs)
+ if [[ -d /sys/fs/cgroup/unified && "$(stat -c '%T' -f /sys/fs/cgroup/unified)" == cgroup2fs ]]; then
+ echo "hybrid"
+ else
+ echo "legacy"
+ fi
+ ;;
+ *)
+ dfatal "Failed to determine host's cgroup hierarchy"
+ exit 1
+ esac
+}
+
## @brief Converts numeric logging level to the first letter of level name.
#
# @param lvl Numeric logging level in range from 1 to 6.

@ -1,30 +0,0 @@
From 523e72e97d7c945114b54b726eaab0d379fb35fb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 1 Feb 2022 20:25:00 +0100
Subject: [PATCH] test: require unified cgroup hierarchy for TEST-56
since cgroup empty notifications are unreliable in legacy cgroups.
See: systemd/systemd#22320
Complements: systemd/systemd#22344
(cherry picked from commit e2620820188428de7086f5e8ac41305177f70954)
Related: #2047768
---
test/TEST-56-EXIT-TYPE/test.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/test/TEST-56-EXIT-TYPE/test.sh b/test/TEST-56-EXIT-TYPE/test.sh
index 0f84dca1ba..37475e817e 100755
--- a/test/TEST-56-EXIT-TYPE/test.sh
+++ b/test/TEST-56-EXIT-TYPE/test.sh
@@ -6,4 +6,9 @@ TEST_DESCRIPTION="test ExitType=cgroup"
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
+if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
+ echo "This test requires unified cgroup hierarchy, skipping..."
+ exit 0
+fi
+
do_test "$@"

@ -0,0 +1,76 @@
From 1d41d2789bb67f5909d6974d2fd916e462a0a5cf Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 4 Nov 2022 12:24:10 +0100
Subject: [PATCH] tests: make test-execute pass on openSUSE
In my understanding user group "3" (aka "sys") is kept for historical reasons
but not really useful these days. That's probably explained why this group
isn't defined on openSUSE.
Hence let's drop reference to this user group, this shouldn't lessen the
revelance of the test since SupplementaryGroups= is still tested with 2 other
groups.
(cherry picked from commit d723b0467d7b8c5c772086d5352442f3fca4368d)
Related #2138081
---
test/test-execute/exec-dynamicuser-supplementarygroups.service | 3 +--
...plementarygroups-multiple-groups-default-group-user.service | 3 +--
.../exec-supplementarygroups-multiple-groups-withgid.service | 3 +--
.../exec-supplementarygroups-multiple-groups-withuid.service | 3 +--
4 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/test/test-execute/exec-dynamicuser-supplementarygroups.service b/test/test-execute/exec-dynamicuser-supplementarygroups.service
index fb0b57bc00..53ba0ec7cb 100644
--- a/test/test-execute/exec-dynamicuser-supplementarygroups.service
+++ b/test/test-execute/exec-dynamicuser-supplementarygroups.service
@@ -5,7 +5,6 @@ Description=Test DynamicUser with SupplementaryGroups=
[Service]
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "3" && HAVE=1; done; test "$$HAVE" -eq 1'
Type=oneshot
DynamicUser=yes
-SupplementaryGroups=1 2 3
+SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
index 362e539287..4cb0326320 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
@@ -6,7 +6,6 @@ Description=Test for Supplementary Group with multiple groups without Group and
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "%G" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "3" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "%G" && test "$$(id -u)" = "%U"'
Type=oneshot
-SupplementaryGroups=1 2 3
+SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
index ff3fdc8142..e11743d754 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
@@ -5,8 +5,7 @@ Description=Test for Supplementary Group with multiple groups and Group=1
[Service]
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "3" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "%U"'
Type=oneshot
Group=1
-SupplementaryGroups=1 2 3
+SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
index f35ff84765..3efbbfb0f9 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
@@ -5,7 +5,6 @@ Description=Test for Supplementary Group with multiple groups and Uid=1
[Service]
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "3" && HAVE=1; done; test "$$HAVE" -eq 1'
Type=oneshot
User=1
-SupplementaryGroups=1 2 3
+SupplementaryGroups=1 2

@ -0,0 +1,150 @@
From 5685a8b01abf34ec5da7c43a99ede6e3bb7394eb Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 4 Nov 2022 12:50:04 +0100
Subject: [PATCH] tests: minor simplification in test-execute
No functional change.
(cherry picked from commit 09415aef940f4a471da7cb899b9a66f1504d7c77)
Related #2138081
---
...xec-dynamicuser-fixeduser-one-supplementarygroup.service | 2 +-
test/test-execute/exec-dynamicuser-fixeduser.service | 2 +-
.../exec-dynamicuser-supplementarygroups.service | 4 ++--
...mentarygroups-multiple-groups-default-group-user.service | 6 +++---
...exec-supplementarygroups-multiple-groups-withgid.service | 4 ++--
...exec-supplementarygroups-multiple-groups-withuid.service | 4 ++--
.../exec-supplementarygroups-single-group-user.service | 2 +-
.../exec-supplementarygroups-single-group.service | 2 +-
test/test-execute/exec-supplementarygroups.service | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service
index 0c2a218be0..bbb1af5fb3 100644
--- a/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service
+++ b/test/test-execute/exec-dynamicuser-fixeduser-one-supplementarygroup.service
@@ -3,7 +3,7 @@
Description=Test DynamicUser with User= and SupplementaryGroups=
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"'
Type=oneshot
User=1
diff --git a/test/test-execute/exec-dynamicuser-fixeduser.service b/test/test-execute/exec-dynamicuser-fixeduser.service
index 061bbd2b93..c5828c2a93 100644
--- a/test/test-execute/exec-dynamicuser-fixeduser.service
+++ b/test/test-execute/exec-dynamicuser-fixeduser.service
@@ -3,7 +3,7 @@
Description=Test DynamicUser with User=
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"'
Type=oneshot
User=1
diff --git a/test/test-execute/exec-dynamicuser-supplementarygroups.service b/test/test-execute/exec-dynamicuser-supplementarygroups.service
index 53ba0ec7cb..d601af272e 100644
--- a/test/test-execute/exec-dynamicuser-supplementarygroups.service
+++ b/test/test-execute/exec-dynamicuser-supplementarygroups.service
@@ -3,8 +3,8 @@
Description=Test DynamicUser with SupplementaryGroups=
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1'
Type=oneshot
DynamicUser=yes
SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
index 4cb0326320..0ecc34441c 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-default-group-user.service
@@ -3,9 +3,9 @@
Description=Test for Supplementary Group with multiple groups without Group and User
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "%G" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "%G" && test "$$(id -u)" = "%U"'
Type=oneshot
SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
index e11743d754..cd1021bbdf 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withgid.service
@@ -3,8 +3,8 @@
Description=Test for Supplementary Group with multiple groups and Group=1
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "%U"'
Type=oneshot
Group=1
diff --git a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
index 3efbbfb0f9..7913a2c2ed 100644
--- a/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
+++ b/test/test-execute/exec-supplementarygroups-multiple-groups-withuid.service
@@ -3,8 +3,8 @@
Description=Test for Supplementary Group with multiple groups and Uid=1
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "2" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "2" && exit 0; done; exit 1'
Type=oneshot
User=1
SupplementaryGroups=1 2
diff --git a/test/test-execute/exec-supplementarygroups-single-group-user.service b/test/test-execute/exec-supplementarygroups-single-group-user.service
index aae71d0a30..ee4017e74e 100644
--- a/test/test-execute/exec-supplementarygroups-single-group-user.service
+++ b/test/test-execute/exec-supplementarygroups-single-group-user.service
@@ -3,7 +3,7 @@
Description=Test for Supplementary Group with only one group and uid 1
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "1"'
Type=oneshot
User=1
diff --git a/test/test-execute/exec-supplementarygroups-single-group.service b/test/test-execute/exec-supplementarygroups-single-group.service
index c870774382..62275201cc 100644
--- a/test/test-execute/exec-supplementarygroups-single-group.service
+++ b/test/test-execute/exec-supplementarygroups-single-group.service
@@ -3,7 +3,7 @@
Description=Test for Supplementary Group with only one group
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
ExecStart=/bin/sh -x -c 'test "$$(id -g)" = "1" && test "$$(id -u)" = "0"'
Type=oneshot
Group=1
diff --git a/test/test-execute/exec-supplementarygroups.service b/test/test-execute/exec-supplementarygroups.service
index 75601eab57..03406c3ee8 100644
--- a/test/test-execute/exec-supplementarygroups.service
+++ b/test/test-execute/exec-supplementarygroups.service
@@ -3,7 +3,7 @@
Description=Test for Supplementary Group
[Service]
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "%G" && HAVE=1; done; test "$$HAVE" -eq 1'
-ExecStart=/bin/sh -x -c 'HAVE=0; for g in $$(id -G); do test "$$g" = "1" && HAVE=1; done; test "$$HAVE" -eq 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "%G" && exit 0; done; exit 1'
+ExecStart=/bin/sh -x -c 'for g in $$(id -G); do test "$$g" = "1" && exit 0; done; exit 1'
Type=oneshot
SupplementaryGroups=1

@ -1,671 +0,0 @@
From 845417e653b42b8f3928c68955bd6416f2fa4509 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 1 Feb 2022 12:06:59 +0100
Subject: [PATCH] tests: rework test macros to not take code as parameters
C macros are nasty. We use them, but we try to be conservative with
them. In particular passing literal, complex code blocks as argument is
icky, because of "," handling of C, and also because it's quite a
challange for most code highlighters and similar. Hence, let's avoid
that. Using macros for genreating functions is OK but if so, the
parameters should be simple words, not full code blocks.
hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
of code block as argument.
As side-effect this also fixes a bunch of cases where we might end up
returning a negative value from main().
Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
main() functions, these are replaced by static variables, and their
destructors by the static destructor logic.
This doesn't fix any bugs or so, it's just supposed to make the code
easier to work with and improve it easthetically.
Or in other words: let's use macros where it really makes sense, but
let's not go overboard with it.
(And yes, FOREACH_DIRENT() is another one of those macros that take
code, and I dislike that too and regret I ever added that.)
(cherry picked from commit 99839c7ebd4b83a5b0d5982d669cfe10d1252e1f)
Related: #2017035
---
src/shared/tests.h | 25 +++++++++++++-----
src/test/test-barrier.c | 46 +++++++++++++++++----------------
src/test/test-cgroup-setup.c | 15 ++++++-----
src/test/test-chown-rec.c | 15 ++++++-----
src/test/test-format-table.c | 14 +++++-----
src/test/test-fs-util.c | 7 ++++-
src/test/test-hashmap.c | 16 +++++++++---
src/test/test-install-root.c | 14 +++++++---
src/test/test-load-fragment.c | 21 ++++++++-------
src/test/test-mountpoint-util.c | 30 +++++++++++----------
src/test/test-namespace.c | 15 ++++++-----
src/test/test-proc-cmdline.c | 15 ++++++-----
src/test/test-process-util.c | 7 ++++-
src/test/test-sd-hwdb.c | 21 ++++++++-------
src/test/test-serialize.c | 16 ++++++------
src/test/test-sleep.c | 15 ++++++-----
src/test/test-stat-util.c | 7 ++++-
src/test/test-time-util.c | 6 +++--
src/test/test-unit-file.c | 7 ++++-
src/test/test-unit-name.c | 21 ++++++++-------
src/test/test-unit-serialize.c | 21 ++++++++-------
src/test/test-utf8.c | 7 ++++-
22 files changed, 215 insertions(+), 146 deletions(-)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 3b93aab498..59448f38f6 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -6,6 +6,7 @@
#include "sd-daemon.h"
#include "macro.h"
+#include "static-destruct.h"
#include "util.h"
static inline bool manager_errno_skip_test(int r) {
@@ -109,15 +110,27 @@ static inline int run_test_table(void) {
return r;
}
+static inline int test_nop(void) {
+ return EXIT_SUCCESS;
+}
+
#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
int main(int argc, char *argv[]) { \
- int _r = EXIT_SUCCESS; \
+ int _r, _q; \
test_setup_logging(log_level); \
save_argc_argv(argc, argv); \
- intro; \
- _r = run_test_table(); \
- outro; \
- return _r; \
+ _r = intro(); \
+ if (_r == EXIT_SUCCESS) \
+ _r = run_test_table(); \
+ _q = outro(); \
+ static_destruct(); \
+ if (_r < 0) \
+ return EXIT_FAILURE; \
+ if (_r != EXIT_SUCCESS) \
+ return _r; \
+ if (_q < 0) \
+ return EXIT_FAILURE; \
+ return _q; \
}
-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
+#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
index 8998282afb..b87538806a 100644
--- a/src/test/test-barrier.c
+++ b/src/test/test-barrier.c
@@ -421,25 +421,27 @@ TEST_BARRIER(barrier_pending_exit,
}),
TEST_BARRIER_WAIT_SUCCESS(pid2));
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- ({
- if (!slow_tests_enabled())
- return log_tests_skipped("slow tests are disabled");
-
- /*
- * This test uses real-time alarms and sleeps to test for CPU races
- * explicitly. This is highly fragile if your system is under load. We
- * already increased the BASE_TIME value to make the tests more robust,
- * but that just makes the test take significantly longer. Given the recent
- * issues when running the test in a virtualized environments, limit it
- * to bare metal machines only, to minimize false-positives in CIs.
- */
- int v = detect_virtualization();
- if (IN_SET(v, -EPERM, -EACCES))
- return log_tests_skipped("Cannot detect virtualization");
-
- if (v != VIRTUALIZATION_NONE)
- return log_tests_skipped("This test requires a baremetal machine");
- }),
- /* no outro */);
+
+static int intro(void) {
+ if (!slow_tests_enabled())
+ return log_tests_skipped("slow tests are disabled");
+
+ /*
+ * This test uses real-time alarms and sleeps to test for CPU races explicitly. This is highly
+ * fragile if your system is under load. We already increased the BASE_TIME value to make the tests
+ * more robust, but that just makes the test take significantly longer. Given the recent issues when
+ * running the test in a virtualized environments, limit it to bare metal machines only, to minimize
+ * false-positives in CIs.
+ */
+
+ int v = detect_virtualization();
+ if (IN_SET(v, -EPERM, -EACCES))
+ return log_tests_skipped("Cannot detect virtualization");
+
+ if (v != VIRTUALIZATION_NONE)
+ return log_tests_skipped("This test requires a baremetal machine");
+
+ return EXIT_SUCCESS;
+ }
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
index 018992f96d..6f93647685 100644
--- a/src/test/test-cgroup-setup.c
+++ b/src/test/test-cgroup-setup.c
@@ -64,10 +64,11 @@ TEST(is_wanted) {
test_is_wanted_print_one(false);
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
- ({
- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
- return log_tests_skipped("can't read /proc/cmdline");
- }),
- /* no outro */);
+static int intro(void) {
+ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+ return log_tests_skipped("can't read /proc/cmdline");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
index 53d44566d5..691cfe767f 100644
--- a/src/test/test-chown-rec.c
+++ b/src/test/test-chown-rec.c
@@ -149,10 +149,11 @@ TEST(chown_recursive) {
assert_se(!has_xattr(p));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
- ({
- if (geteuid() != 0)
- return log_tests_skipped("not running as root");
- }),
- /* no outro */);
+static int intro(void) {
+ if (geteuid() != 0)
+ return log_tests_skipped("not running as root");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
index a3b29ca337..7515a74c12 100644
--- a/src/test/test-format-table.c
+++ b/src/test/test-format-table.c
@@ -529,10 +529,10 @@ TEST(table) {
"5min 5min \n"));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- ({
- assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
- assert_se(setenv("COLUMNS", "40", 1) >= 0);
- }),
- /* no outro */);
+static int intro(void) {
+ assert_se(setenv("SYSTEMD_COLORS", "0", 1) >= 0);
+ assert_se(setenv("COLUMNS", "40", 1) >= 0);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
index 0e0d91d04e..da5a16b4bc 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -968,4 +968,9 @@ TEST(open_mkdir_at) {
assert_se(subsubdir_fd >= 0);
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, arg_test_dir = argv[1], /* no outro */);
+static int intro(void) {
+ arg_test_dir = saved_argv[1];
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
index cba0c33a8a..4dc155d818 100644
--- a/src/test/test-hashmap.c
+++ b/src/test/test-hashmap.c
@@ -158,7 +158,15 @@ TEST(hashmap_put_strdup_null) {
/* This variable allows us to assert that the tests from different compilation units were actually run. */
int n_extern_tests_run = 0;
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- assert_se(n_extern_tests_run == 0),
- assert_se(n_extern_tests_run == 2)); /* Ensure hashmap and ordered_hashmap were tested. */
+static int intro(void) {
+ assert_se(n_extern_tests_run == 0);
+ return EXIT_SUCCESS;
+}
+
+static int outro(void) {
+ /* Ensure hashmap and ordered_hashmap were tested. */
+ assert_se(n_extern_tests_run == 2);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
index ba715e6d7e..f540a832bd 100644
--- a/src/test/test-install-root.c
+++ b/src/test/test-install-root.c
@@ -11,8 +11,11 @@
#include "special.h"
#include "string-util.h"
#include "tests.h"
+#include "tmpfile-util.h"
-static char root[] = "/tmp/rootXXXXXX";
+static char *root = NULL;
+
+STATIC_DESTRUCTOR_REGISTER(root, rm_rf_physical_and_freep);
TEST(basic_mask_and_enable) {
const char *p;
@@ -1239,10 +1242,10 @@ TEST(verify_alias) {
verify_one(&di_inst_template, "goo.target.conf/plain.service", -EXDEV, NULL);
}
-static void setup_root(void) {
+static int intro(void) {
const char *p;
- assert_se(mkdtemp(root));
+ assert_se(mkdtemp_malloc("/tmp/rootXXXXXX", &root) >= 0);
p = strjoina(root, "/usr/lib/systemd/system/");
assert_se(mkdir_p(p, 0755) >= 0);
@@ -1264,6 +1267,9 @@ static void setup_root(void) {
p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
+
+ return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_root(), assert_se(rm_rf(root, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0));
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
index e878979a89..2e105df56a 100644
--- a/src/test/test-load-fragment.c
+++ b/src/test/test-load-fragment.c
@@ -30,6 +30,10 @@
/* Nontrivial value serves as a placeholder to check that parsing function (didn't) change it */
#define CGROUP_LIMIT_DUMMY 3
+static char *runtime_dir = NULL;
+
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
+
TEST_RET(unit_file_get_set) {
int r;
Hashmap *h;
@@ -894,15 +898,12 @@ TEST(unit_is_recursive_template_dependency) {
assert_se(unit_is_likely_recursive_template_dependency(u, "foobar@foobar@123.mount", "foobar@%n.mount") == 0);
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
+static int intro(void) {
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+ return log_tests_skipped("cgroupfs not available");
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
- ({
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
- return log_tests_skipped("cgroupfs not available");
-
- assert_se(runtime_dir = setup_fake_runtime_dir());
- }),
+ assert_se(runtime_dir = setup_fake_runtime_dir());
+ return EXIT_SUCCESS;
+}
- /* no outro */);
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 9515d8cf7b..102d2850bf 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -298,17 +298,19 @@ TEST(fd_is_mount_point) {
assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
- ({
- /* let's move into our own mount namespace with all propagation from the host turned off, so
- * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
- if (unshare(CLONE_NEWNS) < 0) {
- if (!ERRNO_IS_PRIVILEGE(errno))
- return log_error_errno(errno, "Failed to detach mount namespace: %m");
-
- log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
- } else
- assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
- }),
- /* no outro */);
+static int intro(void) {
+ /* let's move into our own mount namespace with all propagation from the host turned off, so
+ * that /proc/self/mountinfo is static and constant for the whole time our test runs. */
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ if (!ERRNO_IS_PRIVILEGE(errno))
+ return log_error_errno(errno, "Failed to detach mount namespace: %m");
+
+ log_notice("Lacking privilege to create separate mount namespace, proceeding in originating mount namespace.");
+ } else
+ assert_se(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0);
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
index 8df5533d6e..f9e34f3bfa 100644
--- a/src/test/test-namespace.c
+++ b/src/test/test-namespace.c
@@ -220,10 +220,11 @@ TEST(protect_kernel_logs) {
assert_se(wait_for_terminate_and_check("ns-kernellogs", pid, WAIT_LOG) == EXIT_SUCCESS);
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- ({
- if (!have_namespaces())
- return log_tests_skipped("Don't have namespace support");
- }),
- /* no outro */);
+static int intro(void) {
+ if (!have_namespaces())
+ return log_tests_skipped("Don't have namespace support");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
index 1c8c9b80b7..064b4d838f 100644
--- a/src/test/test-proc-cmdline.c
+++ b/src/test/test-proc-cmdline.c
@@ -247,10 +247,11 @@ TEST(proc_cmdline_key_startswith) {
assert_se(!proc_cmdline_key_startswith("foo-bar", "foo_xx"));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- ({
- if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
- return log_tests_skipped("can't read /proc/cmdline");
- }),
- /* no outro */);
+static int intro(void) {
+ if (access("/proc/cmdline", R_OK) < 0 && ERRNO_IS_PRIVILEGE(errno))
+ return log_tests_skipped("can't read /proc/cmdline");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 06a640b1cc..8661934929 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -895,4 +895,9 @@ TEST(set_oom_score_adjust) {
assert_se(b == a);
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
+static int intro(void) {
+ log_show_color(true);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
index 7961c17c4a..88992a6c2b 100644
--- a/src/test/test-sd-hwdb.c
+++ b/src/test/test-sd-hwdb.c
@@ -52,12 +52,15 @@ TEST(basic_enumerate) {
assert_se(len1 == len2);
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
- ({
- _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
- int r = sd_hwdb_new(&hwdb);
- if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
- return log_tests_skipped_errno(r, "cannot open hwdb");
- }),
- /* no outro */);
+static int intro(void) {
+ _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+ int r;
+
+ r = sd_hwdb_new(&hwdb);
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
+ return log_tests_skipped_errno(r, "cannot open hwdb");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
index fb04b3e7fa..9aeb6c5920 100644
--- a/src/test/test-serialize.c
+++ b/src/test/test-serialize.c
@@ -10,7 +10,7 @@
#include "tests.h"
#include "tmpfile-util.h"
-char long_string[LONG_LINE_MAX+1];
+static char long_string[LONG_LINE_MAX+1];
TEST(serialize_item) {
_cleanup_(unlink_tempfilep) char fn[] = "/tmp/test-serialize.XXXXXX";
@@ -189,10 +189,10 @@ TEST(serialize_environment) {
assert_se(strv_equal(env, env2));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
- ({
- memset(long_string, 'x', sizeof(long_string)-1);
- char_array_0(long_string);
- }),
- /* no outro */);
+static int intro(void) {
+ memset(long_string, 'x', sizeof(long_string)-1);
+ char_array_0(long_string);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
index 183ad4f7b7..f56e7e0167 100644
--- a/src/test/test-sleep.c
+++ b/src/test/test-sleep.c
@@ -118,10 +118,11 @@ TEST(sleep) {
log_info("Suspend-then-Hibernate configured and possible: %s", r >= 0 ? yes_no(r) : strerror_safe(r));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
- ({
- if (getuid() != 0)
- log_warning("This program is unlikely to work for unprivileged users");
- }),
- /* no outro */);
+static int intro(void) {
+ if (getuid() != 0)
+ log_warning("This program is unlikely to work for unprivileged users");
+
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
index 0f7b3ca3ce..2965ee679f 100644
--- a/src/test/test-stat-util.c
+++ b/src/test/test-stat-util.c
@@ -236,4 +236,9 @@ TEST(dir_is_empty) {
assert_se(dir_is_empty_at(AT_FDCWD, empty_dir) > 0);
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
+static int intro(void) {
+ log_show_color(true);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index 4d0131827e..f21d8b7794 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -588,7 +588,7 @@ TEST(map_clock_usec) {
}
}
-static void setup_test(void) {
+static int intro(void) {
log_info("realtime=" USEC_FMT "\n"
"monotonic=" USEC_FMT "\n"
"boottime=" USEC_FMT "\n",
@@ -603,6 +603,8 @@ static void setup_test(void) {
uintmax_t x = TIME_T_MAX;
x++;
assert_se((time_t) x < 0);
+
+ return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, setup_test(), /* no outro */);
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index 0f8c25c218..6c9f245c7e 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -102,4 +102,9 @@ TEST(runlevel_to_target) {
assert_se(streq_ptr(runlevel_to_target("rd.rescue"), SPECIAL_RESCUE_TARGET));
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, log_show_color(true), /* no outro */);
+static int intro(void) {
+ log_show_color(true);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 6bde9e090d..1f65407e5f 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -23,6 +23,10 @@
#include "user-util.h"
#include "util.h"
+static char *runtime_dir = NULL;
+
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
+
static void test_unit_name_is_valid_one(const char *name, UnitNameFlags flags, bool expected) {
log_info("%s ( %s%s%s ): %s",
name,
@@ -844,15 +848,12 @@ TEST(unit_name_prefix_equal) {
assert_se(!unit_name_prefix_equal("a", "a"));
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_INFO,
+static int intro(void) {
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+ return log_tests_skipped("cgroupfs not available");
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
- ({
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
- return log_tests_skipped("cgroupfs not available");
-
- assert_se(runtime_dir = setup_fake_runtime_dir());
- }),
+ assert_se(runtime_dir = setup_fake_runtime_dir());
+ return EXIT_SUCCESS;
+}
- /* no outro */);
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
index 899fdc000c..5d39176db2 100644
--- a/src/test/test-unit-serialize.c
+++ b/src/test/test-unit-serialize.c
@@ -4,6 +4,10 @@
#include "service.h"
#include "tests.h"
+static char *runtime_dir = NULL;
+
+STATIC_DESTRUCTOR_REGISTER(runtime_dir, rm_rf_physical_and_freep);
+
#define EXEC_START_ABSOLUTE \
"ExecStart 0 /bin/sh \"sh\" \"-e\" \"-x\" \"-c\" \"systemctl --state=failed --no-legend --no-pager >/failed ; systemctl daemon-reload ; echo OK >/testok\""
#define EXEC_START_RELATIVE \
@@ -48,15 +52,12 @@ TEST(deserialize_exec_command) {
test_deserialize_exec_command_one(m, "control-command", "ExecWhat 11 /a/b c d e", -EINVAL);
}
-DEFINE_CUSTOM_TEST_MAIN(
- LOG_DEBUG,
+static int intro(void) {
+ if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
+ return log_tests_skipped("cgroupfs not available");
- _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
- ({
- if (enter_cgroup_subroot(NULL) == -ENOMEDIUM)
- return log_tests_skipped("cgroupfs not available");
-
- assert_se(runtime_dir = setup_fake_runtime_dir());
- }),
+ assert_se(runtime_dir = setup_fake_runtime_dir());
+ return EXIT_SUCCESS;
+}
- /* no outro */);
+DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
index a21fcd6fd2..1b31d1f852 100644
--- a/src/test/test-utf8.c
+++ b/src/test/test-utf8.c
@@ -231,4 +231,9 @@ TEST(utf8_to_utf16) {
}
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, log_show_color(true), /* no outro */);
+static int intro(void) {
+ log_show_color(true);
+ return EXIT_SUCCESS;
+}
+
+DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);

@ -1,300 +0,0 @@
From 0be677fb6663ab6bfd02eae6ad32e7f031cfde0f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 2 Feb 2022 11:06:41 +0900
Subject: [PATCH] test: allow to set NULL to intro or outro
Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033.
(cherry picked from commit e85fdacc8ad7d91f140a135aaa3fd5372d3fa47c)
Related: #2017035
---
src/shared/tests.h | 45 +++++++++++++++++----------------
src/test/test-barrier.c | 2 +-
src/test/test-cgroup-setup.c | 2 +-
src/test/test-chown-rec.c | 2 +-
src/test/test-format-table.c | 2 +-
src/test/test-fs-util.c | 2 +-
src/test/test-hashmap.c | 2 +-
src/test/test-install-root.c | 2 +-
src/test/test-load-fragment.c | 2 +-
src/test/test-mountpoint-util.c | 2 +-
src/test/test-namespace.c | 2 +-
src/test/test-proc-cmdline.c | 2 +-
src/test/test-process-util.c | 2 +-
src/test/test-sd-hwdb.c | 2 +-
src/test/test-serialize.c | 2 +-
src/test/test-sleep.c | 2 +-
src/test/test-stat-util.c | 2 +-
src/test/test-time-util.c | 2 +-
src/test/test-unit-file.c | 2 +-
src/test/test-unit-name.c | 2 +-
src/test/test-unit-serialize.c | 2 +-
src/test/test-utf8.c | 2 +-
22 files changed, 44 insertions(+), 43 deletions(-)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 59448f38f6..ef6acd368e 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -110,27 +110,28 @@ static inline int run_test_table(void) {
return r;
}
-static inline int test_nop(void) {
- return EXIT_SUCCESS;
-}
-
-#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
- int main(int argc, char *argv[]) { \
- int _r, _q; \
- test_setup_logging(log_level); \
- save_argc_argv(argc, argv); \
- _r = intro(); \
- if (_r == EXIT_SUCCESS) \
- _r = run_test_table(); \
- _q = outro(); \
- static_destruct(); \
- if (_r < 0) \
- return EXIT_FAILURE; \
- if (_r != EXIT_SUCCESS) \
- return _r; \
- if (_q < 0) \
- return EXIT_FAILURE; \
- return _q; \
+#define DEFINE_TEST_MAIN_FULL(log_level, intro, outro) \
+ int main(int argc, char *argv[]) { \
+ int (*_intro)(void) = intro; \
+ int (*_outro)(void) = outro; \
+ int _r, _q; \
+ test_setup_logging(log_level); \
+ save_argc_argv(argc, argv); \
+ _r = _intro ? _intro() : EXIT_SUCCESS; \
+ if (_r == EXIT_SUCCESS) \
+ _r = run_test_table(); \
+ _q = _outro ? _outro() : EXIT_SUCCESS; \
+ static_destruct(); \
+ if (_r < 0) \
+ return EXIT_FAILURE; \
+ if (_r != EXIT_SUCCESS) \
+ return _r; \
+ if (_q < 0) \
+ return EXIT_FAILURE; \
+ return _q; \
}
-#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, test_nop, test_nop)
+#define DEFINE_TEST_MAIN_WITH_INTRO(log_level, intro) \
+ DEFINE_TEST_MAIN_FULL(log_level, intro, NULL)
+#define DEFINE_TEST_MAIN(log_level) \
+ DEFINE_TEST_MAIN_FULL(log_level, NULL, NULL)
diff --git a/src/test/test-barrier.c b/src/test/test-barrier.c
index b87538806a..bbd7e2bddb 100644
--- a/src/test/test-barrier.c
+++ b/src/test/test-barrier.c
@@ -444,4 +444,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c
index 6f93647685..c377ff0a00 100644
--- a/src/test/test-cgroup-setup.c
+++ b/src/test/test-cgroup-setup.c
@@ -71,4 +71,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-chown-rec.c b/src/test/test-chown-rec.c
index 691cfe767f..97711f58b0 100644
--- a/src/test/test-chown-rec.c
+++ b/src/test/test-chown-rec.c
@@ -156,4 +156,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
index 7515a74c12..1b4963d928 100644
--- a/src/test/test-format-table.c
+++ b/src/test/test-format-table.c
@@ -535,4 +535,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
index da5a16b4bc..602ce75f98 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -973,4 +973,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-hashmap.c b/src/test/test-hashmap.c
index 4dc155d818..dbf762cc0b 100644
--- a/src/test/test-hashmap.c
+++ b/src/test/test-hashmap.c
@@ -169,4 +169,4 @@ static int outro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, outro);
+DEFINE_TEST_MAIN_FULL(LOG_INFO, intro, outro);
diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
index f540a832bd..f718689c3a 100644
--- a/src/test/test-install-root.c
+++ b/src/test/test-install-root.c
@@ -1272,4 +1272,4 @@ static int intro(void) {
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
index 2e105df56a..1bd68c7e0a 100644
--- a/src/test/test-load-fragment.c
+++ b/src/test/test-load-fragment.c
@@ -906,4 +906,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
index 102d2850bf..4d140c42b6 100644
--- a/src/test/test-mountpoint-util.c
+++ b/src/test/test-mountpoint-util.c
@@ -313,4 +313,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c
index f9e34f3bfa..7a634adca9 100644
--- a/src/test/test-namespace.c
+++ b/src/test/test-namespace.c
@@ -227,4 +227,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-proc-cmdline.c b/src/test/test-proc-cmdline.c
index 064b4d838f..1f43bb3eb0 100644
--- a/src/test/test-proc-cmdline.c
+++ b/src/test/test-proc-cmdline.c
@@ -254,4 +254,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 8661934929..7a8adad50c 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -900,4 +900,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-sd-hwdb.c b/src/test/test-sd-hwdb.c
index 88992a6c2b..4251e2a809 100644
--- a/src/test/test-sd-hwdb.c
+++ b/src/test/test-sd-hwdb.c
@@ -63,4 +63,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-serialize.c b/src/test/test-serialize.c
index 9aeb6c5920..bcf2e843b0 100644
--- a/src/test/test-serialize.c
+++ b/src/test/test-serialize.c
@@ -195,4 +195,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c
index f56e7e0167..5aebcdd935 100644
--- a/src/test/test-sleep.c
+++ b/src/test/test-sleep.c
@@ -125,4 +125,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-stat-util.c b/src/test/test-stat-util.c
index 2965ee679f..7f633ab259 100644
--- a/src/test/test-stat-util.c
+++ b/src/test/test-stat-util.c
@@ -241,4 +241,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index f21d8b7794..554693834b 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -607,4 +607,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
index 6c9f245c7e..cc08a4ae4b 100644
--- a/src/test/test-unit-file.c
+++ b/src/test/test-unit-file.c
@@ -107,4 +107,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 1f65407e5f..8cd0e0b4a1 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -856,4 +856,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
diff --git a/src/test/test-unit-serialize.c b/src/test/test-unit-serialize.c
index 5d39176db2..3ef15f3b1e 100644
--- a/src/test/test-unit-serialize.c
+++ b/src/test/test-unit-serialize.c
@@ -60,4 +60,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_DEBUG, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_DEBUG, intro);
diff --git a/src/test/test-utf8.c b/src/test/test-utf8.c
index 1b31d1f852..7337b81227 100644
--- a/src/test/test-utf8.c
+++ b/src/test/test-utf8.c
@@ -236,4 +236,4 @@ static int intro(void) {
return EXIT_SUCCESS;
}
-DEFINE_CUSTOM_TEST_MAIN(LOG_INFO, intro, test_nop);
+DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);

@ -0,0 +1,29 @@
From 6d8f91ab2f7db862d95d0565bad3aaf4279c00bc Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 3 Nov 2022 20:10:57 +0000
Subject: [PATCH] tmpfiles.d: do not fail if provision.conf fails
On a read-only filesystem creating /root/.ssh might fail, but that's ok.
Do not fail the run, as this is only needed to add the credential, which
is a separate step.
(cherry picked from commit e0fc9be37e4d15e2c322eb8281692c2639dac023)
Related #2138081
---
tmpfiles.d/provision.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tmpfiles.d/provision.conf b/tmpfiles.d/provision.conf
index 3c56f42d58..093104aaaf 100644
--- a/tmpfiles.d/provision.conf
+++ b/tmpfiles.d/provision.conf
@@ -17,6 +17,6 @@ f^ /etc/issue.d/50-provision.conf - - - - login.issue
f^ /etc/hosts - - - - network.hosts
# Provision SSH key for root
-d /root :0700 root :root -
-d /root/.ssh :0700 root :root -
+d- /root :0700 root :root -
+d- /root/.ssh :0700 root :root -
f^ /root/.ssh/authorized_keys :0600 root :root - ssh.authorized_keys.root

@ -0,0 +1,31 @@
From d3b559f5e561750e6c50449b2ca84b40abeb492d Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Fri, 4 Nov 2022 09:57:24 +0100
Subject: [PATCH] kernel-install/90-loaderentry: do not add multiple
systemd.machine_id options
Do not unconditionally add a new systemd.machine_id command line option, first
check if it already exists with the expected value.
Fixes #25203
(cherry picked from commit 981502c5cc9ce32c3f77ff74aad87cd6f0da3b16)
Related #2138081
---
src/kernel-install/90-loaderentry.install | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
index 743af33aa9..ea75e1b0d8 100755
--- a/src/kernel-install/90-loaderentry.install
+++ b/src/kernel-install/90-loaderentry.install
@@ -85,7 +85,7 @@ BOOT_OPTIONS="${BOOT_OPTIONS% }"
# command line with the machine ID we use, so that the machine ID remains
# stable, even during factory reset, in the initrd (where the system's machine
# ID is not directly accessible yet), and if the root file system is volatile.
-if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ]; then
+if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ] && ! echo "$BOOT_OPTIONS" | grep -q "systemd.machine_id=$MACHINE_ID"; then
BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID"
fi

@ -0,0 +1,120 @@
From 1b7dfe48d6d66cad5d0368b8e8b387a4d9586ccd Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 27 Oct 2022 11:12:10 +0200
Subject: [PATCH] condition: Check that subsystem is enabled in
ConditionSecurity=tpm2
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
(cherry picked from commit 300bba79c22e4be1effe2faad0e59ac725d396a1)
Related #2138081
---
man/systemd-creds.xml | 4 ++--
src/creds/creds.c | 6 ++++--
src/shared/condition.c | 9 ++++-----
src/shared/tpm2-util.c | 6 +++++-
src/shared/tpm2-util.h | 11 ++++++-----
5 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml
index 1e5632e63d..003fbcd463 100644
--- a/man/systemd-creds.xml
+++ b/man/systemd-creds.xml
@@ -175,8 +175,8 @@
by the OS kernel drivers and by userspace (i.e. systemd) this prints <literal>yes</literal> and exits
with exit status zero. If no such device is discovered/supported/used, prints
<literal>no</literal>. Otherwise prints <literal>partial</literal>. In either of these two cases
- exits with non-zero exit status. It also shows three lines indicating separately whether drivers,
- firmware and the system discovered/support/use TPM2.</para>
+ exits with non-zero exit status. It also shows four lines indicating separately whether firmware,
+ drivers, the system and the kernel discovered/support/use TPM2.</para>
<para>Combine with <option>--quiet</option> to suppress the output.</para></listitem>
</varlistentry>
diff --git a/src/creds/creds.c b/src/creds/creds.c
index 5586fd776a..a755a52c34 100644
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -637,10 +637,12 @@ static int verb_has_tpm2(int argc, char **argv, void *userdata) {
printf("%sfirmware\n"
"%sdriver\n"
- "%ssystem\n",
+ "%ssystem\n"
+ "%ssubsystem\n",
plus_minus(s & TPM2_SUPPORT_FIRMWARE),
plus_minus(s & TPM2_SUPPORT_DRIVER),
- plus_minus(s & TPM2_SUPPORT_SYSTEM));
+ plus_minus(s & TPM2_SUPPORT_SYSTEM),
+ plus_minus(s & TPM2_SUPPORT_SUBSYSTEM));
}
/* Return inverted bit flags. So that TPM2_SUPPORT_FULL becomes EXIT_SUCCESS and the other values
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 310ffcbdc6..a23d6a3e45 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -664,14 +664,13 @@ static int condition_test_ac_power(Condition *c, char **env) {
}
static int has_tpm2(void) {
- /* Checks whether the system has at least one TPM2 resource manager device, i.e. at least one "tpmrm"
- * class device. Alternatively, we are also happy if the firmware reports support (this is to cover
- * for cases where we simply haven't loaded the driver for it yet, i.e. during early boot where we
- * very likely want to use this condition check).
+ /* Checks whether the kernel has the TPM subsystem enabled and the firmware reports support. Note
+ * we don't check for actual TPM devices, since we might not have loaded the driver for it yet, i.e.
+ * during early boot where we very likely want to use this condition check).
*
* Note that we don't check if we ourselves are built with TPM2 support here! */
- return (tpm2_support() & (TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_FIRMWARE)) != 0;
+ return FLAGS_SET(tpm2_support(), TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_FIRMWARE);
}
static int condition_test_security(Condition *c, char **env) {
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 13e92c4144..65e8d48347 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -2189,7 +2189,11 @@ Tpm2Support tpm2_support(void) {
if (r != -ENOENT)
log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
} else if (r == 0) /* populated! */
- support |= TPM2_SUPPORT_DRIVER;
+ support |= TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_DRIVER;
+ else
+ /* If the directory exists but is empty, we know the subsystem is enabled but no
+ * driver has been loaded yet. */
+ support |= TPM2_SUPPORT_SUBSYSTEM;
}
if (efi_has_tpm2())
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 048c28d6ca..c240335ae6 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -137,11 +137,12 @@ typedef struct {
typedef enum Tpm2Support {
/* NOTE! The systemd-creds tool returns these flags 1:1 as exit status. Hence these flags are pretty
* much ABI! Hence, be extra careful when changing/extending these definitions. */
- TPM2_SUPPORT_NONE = 0, /* no support */
- TPM2_SUPPORT_FIRMWARE = 1 << 0, /* firmware reports TPM2 was used */
- TPM2_SUPPORT_DRIVER = 1 << 1, /* the kernel has a driver loaded for it */
- TPM2_SUPPORT_SYSTEM = 1 << 2, /* we support it ourselves */
- TPM2_SUPPORT_FULL = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM,
+ TPM2_SUPPORT_NONE = 0, /* no support */
+ TPM2_SUPPORT_FIRMWARE = 1 << 0, /* firmware reports TPM2 was used */
+ TPM2_SUPPORT_DRIVER = 1 << 1, /* the kernel has a driver loaded for it */
+ TPM2_SUPPORT_SYSTEM = 1 << 2, /* we support it ourselves */
+ TPM2_SUPPORT_SUBSYSTEM = 1 << 3, /* the kernel has the tpm subsystem enabled */
+ TPM2_SUPPORT_FULL = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM,
} Tpm2Support;
Tpm2Support tpm2_support(void);

@ -0,0 +1,52 @@
From f0839034c9910529f368e60262b5653afad58f63 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 7 Nov 2022 16:39:12 +0100
Subject: [PATCH] semaphore: remove the Semaphore repositories recursively
The list of disabled repositories was recently converted from a single
file into a directory with separate repository files, so let's adjust
the setup script accordingly.
```
$ ls -lR /etc/apt/sources.list.d/
/etc/apt/sources.list.d/:
total 36
-rw-r--r-- 1 root root 76 Nov 3 10:28 azure-cli.list
-rw-r--r-- 1 root root 72 Nov 3 10:22 bazel.list
drwxr-xr-x 2 root root 4096 Nov 3 10:31 disabled
-rw-r--r-- 1 root root 113 Nov 3 10:13 docker-source.list
-rw-r--r-- 1 root root 367 Nov 3 10:28 github_git-lfs.list
-rw-r--r-- 1 root root 111 Nov 3 10:25 google-chrome-source.list
-rw-r--r-- 1 root root 64 Nov 3 10:14 google-cloud-sdk.list
-rw-r--r-- 1 root root 54 Nov 3 10:23 helm-stable-debian.list
-rw-r--r-- 1 root root 89 Nov 3 10:29 yarn-source.list
/etc/apt/sources.list.d/disabled:
total 20
-rw-r--r-- 1 root root 100 Nov 3 10:23 devel_kubic_libcontainers_stable.list
-rw-r--r-- 1 root root 103 Nov 3 10:27 git.list
-rw-r--r-- 1 root root 105 Nov 3 10:22 gradle.list
-rw-r--r-- 1 root root 118 Nov 3 10:13 pypy.list
-rw-r--r-- 1 root root 104 Nov 3 10:13 python.list
```
(cherry picked from commit 610eb3f8260ecbb161db5186a5e27417f3110a68)
Related #2138081
---
.semaphore/semaphore-runner.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index 98fd7b4411..b0d32bd136 100755
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -55,7 +55,7 @@ for phase in "${PHASES[@]}"; do
case "$phase" in
SETUP)
# remove semaphore repos, some of them don't work and cause error messages
- sudo rm -f /etc/apt/sources.list.d/*
+ sudo rm -rf /etc/apt/sources.list.d/*
# enable backports for latest LXC
echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_RELEASE-backports main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list.d/backports.list

@ -0,0 +1,29 @@
From c440081c968c93d527d441f4d106e0acad9540eb Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Mon, 7 Nov 2022 15:25:25 +0100
Subject: [PATCH] kernel-install/90-loaderentry: do not override an existing
systemd.machine_id
If the systemd.machine_id command line option is already set, do not override
it.
(cherry picked from commit 802d9219aa19d759113dd6cd1e91b2bb661fe9ba)
Related #2138081
---
src/kernel-install/90-loaderentry.install | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
index ea75e1b0d8..41a05534b9 100755
--- a/src/kernel-install/90-loaderentry.install
+++ b/src/kernel-install/90-loaderentry.install
@@ -85,7 +85,7 @@ BOOT_OPTIONS="${BOOT_OPTIONS% }"
# command line with the machine ID we use, so that the machine ID remains
# stable, even during factory reset, in the initrd (where the system's machine
# ID is not directly accessible yet), and if the root file system is volatile.
-if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ] && ! echo "$BOOT_OPTIONS" | grep -q "systemd.machine_id=$MACHINE_ID"; then
+if [ "$ENTRY_TOKEN" = "$MACHINE_ID" ] && ! echo "$BOOT_OPTIONS" | grep -q "systemd.machine_id="; then
BOOT_OPTIONS="$BOOT_OPTIONS systemd.machine_id=$MACHINE_ID"
fi

@ -1,34 +0,0 @@
From be021c2328550a9d5b987cb206eda5df90b45acd Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 26 Dec 2021 01:11:00 +0000
Subject: [PATCH] ci: replace apt-key with signed-by
to limit the scope of the key to apt.llvm.org only.
This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da)
Related: #2013213
---
.github/workflows/build_test.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index 5b18784461..549e59b2c9 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then
# llvm package if available in such cases to avoid that.
if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
+ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
+ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
fi
elif [[ "$COMPILER" == gcc ]]; then

@ -0,0 +1,28 @@
From d1abf107c5b4c661886001de996bf03587bb35c1 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Mon, 7 Nov 2022 16:28:33 +0000
Subject: [PATCH] kernel-install: skip 50-depmod if depmod is not available
Images might be built without any kernel module, and without
installing depmod as it is not needed. Skip it.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023607
(cherry picked from commit cda4d00dfcbcd075cef95341f8a466f0c4ee8e1d)
Related #2138081
---
src/kernel-install/50-depmod.install | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install
index d4b991cfd6..43bd87c7ed 100755
--- a/src/kernel-install/50-depmod.install
+++ b/src/kernel-install/50-depmod.install
@@ -26,6 +26,7 @@ KERNEL_VERSION="${2:?}"
case "$COMMAND" in
add)
[ -d "/lib/modules/$KERNEL_VERSION/kernel" ] || exit 0
+ command -v depmod >/dev/null || exit 0
[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "+depmod -a $KERNEL_VERSION"
exec depmod -a "$KERNEL_VERSION"
;;

@ -1,54 +0,0 @@
From b9b1f92cdc74beb8487c87aa2b5c2806e100d1aa Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 22 Feb 2022 14:43:40 +0100
Subject: [PATCH] ci: fix clang-13 installation
For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...
```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found
$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'llvm-13' has no installation candidate
```
(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077)
Related: #2013213
---
.github/workflows/build_test.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index 549e59b2c9..5a173a18d5 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -78,12 +78,12 @@ if [[ "$COMPILER" == clang ]]; then
# ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
# provided by the apt.llvm.org repositories. Let's use the system
# llvm package if available in such cases to avoid that.
- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
+ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
# Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
fi
elif [[ "$COMPILER" == gcc ]]; then

@ -0,0 +1,38 @@
From 04cdbacc26c7e38d3bd684235b51c79ab64b6026 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 8 Nov 2022 11:07:02 +0100
Subject: [PATCH] man: add note that network-generator is not a generator
Also fix indentation.
(cherry picked from commit 2fa6574e835566c2aa5cbf4167ecee316f71bf98)
Related #2138081
---
man/systemd-network-generator.service.xml | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/man/systemd-network-generator.service.xml b/man/systemd-network-generator.service.xml
index 6b7e2564d4..2ddeadfc54 100644
--- a/man/systemd-network-generator.service.xml
+++ b/man/systemd-network-generator.service.xml
@@ -41,10 +41,17 @@
</para>
<para>Files are generated in <filename>/run/systemd/network/</filename>.</para>
+
+ <para>Note: despite the name, this generator executes as a normal systemd service and is
+ <emphasis>not</emphasis> an implementation of the
+ <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ concept.</para>
</refsect1>
- <refsect1><title>Kernel command line options</title>
- <para>This tool understands the following options:</para>
+ <refsect1>
+ <title>Kernel command line options</title>
+
+ <para>This tool understands the following options:</para>
<variablelist class='kernel-commandline-options'>
<varlistentry>

@ -1,240 +0,0 @@
From 29cda567564d548cce5867c9d054ebb6cefcdca0 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 3 Mar 2022 20:30:43 +0100
Subject: [PATCH] test: check systemd RPM macros
Make sure our RPM macros work as intended. Based on the original PR
(#16464) by Mikhail Novosyolov.
Co-authored-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
(cherry picked from commit 55c09511e13c6a57ffe64bef4a9d0a00f34d37d9)
Related: #2017035
---
.github/workflows/unit_tests.sh | 1 +
.semaphore/semaphore-runner.sh | 2 +-
test/meson.build | 16 ++++
test/test-rpm-macros.sh | 162 ++++++++++++++++++++++++++++++++
4 files changed, 180 insertions(+), 1 deletion(-)
create mode 100755 test/test-rpm-macros.sh
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 9c7beb6d19..f41b070e57 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -20,6 +20,7 @@ ADDITIONAL_DEPS=(
perl
python3-libevdev
python3-pyparsing
+ rpm
zstd
)
diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh
index d02b449e0e..6ccf271a82 100755
--- a/.semaphore/semaphore-runner.sh
+++ b/.semaphore/semaphore-runner.sh
@@ -42,7 +42,7 @@ apt-get -q --allow-releaseinfo-change update
apt-get -y dist-upgrade
apt-get install -y eatmydata
# The following four are needed as long as these deps are not covered by Debian's own packaging
-apt-get install -y fdisk tree libfdisk-dev libp11-kit-dev libssl-dev libpwquality-dev
+apt-get install -y fdisk tree libfdisk-dev libp11-kit-dev libssl-dev libpwquality-dev rpm
apt-get purge --auto-remove -y unattended-upgrades
systemctl unmask systemd-networkd
systemctl enable systemd-networkd
diff --git a/test/meson.build b/test/meson.build
index 8de1043e17..04ae9ebc78 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -163,6 +163,22 @@ endif
############################################################
+rpm = find_program('rpm', required : false)
+rpmspec = find_program('rpmspec', required : false)
+test_rpm_macros = find_program('test-rpm-macros.sh')
+
+if rpm.found() and rpmspec.found()
+ if want_tests != 'false'
+ test('test-rpm-macros',
+ test_rpm_macros,
+ args : [project_build_root])
+ endif
+else
+ message('Skipping test-rpm-macros since rpm and/or rpmspec are not available')
+endif
+
+############################################################
+
if want_tests != 'false' and dmi_arches.contains(host_machine.cpu_family())
udev_dmi_memory_id_test = find_program('udev-dmi-memory-id-test.sh')
diff --git a/test/test-rpm-macros.sh b/test/test-rpm-macros.sh
new file mode 100755
index 0000000000..5843b72346
--- /dev/null
+++ b/test/test-rpm-macros.sh
@@ -0,0 +1,162 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# This test makes some basic checks that RPM macros work correctly.
+# RPM is a simple C program available on different Linux distros, not only RPM-based ones,
+# and even BSD systems, so it must not be a problem to require it.
+# rpmspec utility is required (so this test will work with RPM 4 but won't work with RPM 5).
+set -eu
+
+BUILD_DIR="${1:?Missing argument: build directory}"
+RPM_MACROS_FILE="${BUILD_DIR:?}/src/rpm/macros.systemd"
+
+if ! command -v rpm >/dev/null || ! command -v rpmspec >/dev/null; then
+ echo >&2 "Missing necessary utilities (rpm, rpmspec), can't continue"
+ exit 1
+fi
+
+if [[ ! -f "${RPM_MACROS_FILE:?}" ]]; then
+ echo "RPM macros file not found in $RPM_MACROS_FILE!"
+ exit 1
+fi
+
+at_exit() {
+ if [[ -v WORK_DIR && -d "$WORK_DIR" ]]; then
+ rm -frv "$WORK_DIR"
+ fi
+}
+
+trap at_exit EXIT
+
+WORK_DIR="$(mktemp -d)"
+RPM_SPEC="$(mktemp "$WORK_DIR/systemd-test-rpm-macros-XXX.spec")"
+TEMP_LOG="$(mktemp "$WORK_DIR/out-XXX.log")"
+
+die() {
+ echo >&2 "${1:?}"
+ exit 1
+}
+
+mk_mini_spec() {
+ cat >"${RPM_SPEC:?}" <<EOF
+%{load:$RPM_MACROS_FILE}
+Summary: Test systemd RPM macros
+Name: systemd-test-rpm-macros
+License: LGPLv2+ and MIT and GPLv2+
+Version: 1
+Release: 1
+%description
+%{summary}
+END_OF_INITIAL_SPEC
+EOF
+}
+
+echo "=== Test basic loadability ==="
+mk_mini_spec
+# ensure its loadability (macros will be just loaded and not used for now)
+# also check that rpm supports %load
+rpmspec --parse "$RPM_SPEC"
+
+echo "=== Test %systemd_requires ==="
+mk_mini_spec
+# The idea of tests is the following:
+# - make a minimal spec file
+# - add macros into its %description section
+# - use rpmspec(8) to print spec file with expanded macros
+# - check that macros have been expanded as required.
+echo "%systemd_requires" >>"$RPM_SPEC"
+: >"$TEMP_LOG"
+rpmspec --parse "$RPM_SPEC" | tee "$TEMP_LOG"
+for i in post preun postun; do
+ echo "== Requires($i) =="
+ grep "^Requires($i): systemd$" "$TEMP_LOG"
+done
+
+echo "=== Test %systemd_ordering ==="
+mk_mini_spec
+echo "%systemd_ordering" >>"$RPM_SPEC"
+: >"$TEMP_LOG"
+rpmspec --parse "$RPM_SPEC" | tee "$TEMP_LOG"
+for i in post preun postun; do
+ echo "== OrderWithRequires($i) =="
+ grep "^OrderWithRequires($i): systemd$" "$TEMP_LOG"
+done
+
+echo "=== Test macros requiring an argument without specifying such argument ==="
+for i in \
+ systemd_post \
+ systemd_preun \
+ systemd_postun \
+ systemd_postun_with_restart \
+ systemd_user_preun \
+ systemd_user_postun \
+ systemd_user_postun_with_restart \
+ tmpfiles_create \
+ tmpfiles_create_package \
+ sysusers_create \
+ sysusers_create_package
+do
+ echo "== Macro: $i =="
+ mk_mini_spec
+ echo "%${i}" >>"$RPM_SPEC"
+ if rpmspec --parse "$RPM_SPEC"; then
+ die "Unexpected pass with macro $i (no arguments)"
+ fi
+done
+
+echo "=== Test macros requiring two arguments ==="
+for i in \
+ tmpfiles_create_package \
+ sysusers_create_package
+do
+ echo "== Macro: $i =="
+ # Test with an incorrect number of arguments (0, 1, 3)
+ for args in "" "arg1" "arg1 arg2 arg3"; do
+ mk_mini_spec
+ echo "%${i} $args" >>"$RPM_SPEC"
+ if rpmspec --parse "$RPM_SPEC"; then
+ die "Unexpected pass with macro $i (arguments: $args)"
+ fi
+ done
+
+ # Test with the correct number of arguments (2)
+ mk_mini_spec
+ echo "%${i} arg1 arg2" >>"$RPM_SPEC"
+ if ! rpmspec --parse "$RPM_SPEC"; then
+ die "Unexpected fail with macro $i (arguments: $args)"
+ fi
+done
+
+
+# Test that:
+# - *_create_package macros do work correctly
+# - shell syntax is correct (https://github.com/systemd/systemd/commit/93406fd37)
+# - RPM macros, loaded from macros.in, are actually expanded
+echo "=== Test %*_create_package macros ==="
+for i in sysusers tmpfiles; do
+ echo "== Macro: ${i}_create_package =="
+
+ PKG_DATA_FILE="$(mktemp "$WORK_DIR/pkg-data-XXX")"
+ EXP_OUT="$(mktemp "$WORK_DIR/exp-out-XXX.log")"
+ CONF_DIR="$(pkg-config --variable="${i}dir" systemd)"
+ EXTRA_ARGS=()
+
+ if [[ "$i" == tmpfiles ]]; then
+ EXTRA_ARGS+=("--create")
+ fi
+
+ echo "TEST_DATA" >"$PKG_DATA_FILE"
+ mk_mini_spec
+ echo "%${i}_create_package TEST_NAME ${PKG_DATA_FILE}" >>"$RPM_SPEC"
+
+ cat >"$EXP_OUT" <<EOF
+systemd-$i --replace=$CONF_DIR/TEST_NAME.conf ${EXTRA_ARGS[*]:+${EXTRA_ARGS[@]} }- <<SYSTEMD_INLINE_EOF || :
+TEST_DATA
+SYSTEMD_INLINE_EOF
+EOF
+
+ : >"$TEMP_LOG"
+ rpmspec --parse "$RPM_SPEC" | tee "$TEMP_LOG"
+ diff "$EXP_OUT" <(grep -A1 -B1 '^TEST_DATA$' "$TEMP_LOG")
+
+ rm -f "$PKG_DATA_FILE"
+done

@ -0,0 +1,64 @@
From 054da791c98fba7e11079e94c9b9fe0b1ca4e8d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 4 Nov 2022 15:48:50 +0100
Subject: [PATCH] test: fstab-generator: adjust PATH for fsck
fsck(8) is located in /usr/sib/ on Debian sid:
stdout:
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-01-dev-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-02-dhcp.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-03-dhcp6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-04-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-05-nfs4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-06-ipv4.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-07-ipv6.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-08-implicit-nfs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-09-cifs.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-10-iscsi.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-11-live.input
*** Running /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
--- /dev/fd/63 2022-11-04 15:39:13.131532174 +0100
+++ /dev/fd/62 2022-11-04 15:39:13.131532174 +0100
@@ -6,3 +6,4 @@
initrd-usr-fs.target.requires
initrd-usr-fs.target.requires/sysroot.mount
sysroot.mount
+systemd-fsck-root.service
**** Unexpected output for /home/christian/Coding/workspaces/systemd/test/testdata/test-fstab-generator/test-12-dev-sdx.input
stderr:
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on NFS was requested.
Skipping root directory handling, as root on CIFS was requested.
Skipping root directory handling, as root on iSCSI was requested.
Skipping root directory handling, as root on live image was requested.
Found entry what=/dev/sdx1 where=/sysroot type=n/a opts=ro
Checking was requested for /dev/sdx1, but the fsck command does not exist.
(cherry picked from commit a45efc9e4b574a85176610496f2ac7ae769364bb)
Related #2138081
---
test/test-fstab-generator.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/test-fstab-generator.sh b/test/test-fstab-generator.sh
index 0c977645e3..7c060dfac7 100755
--- a/test/test-fstab-generator.sh
+++ b/test/test-fstab-generator.sh
@@ -14,6 +14,9 @@ fi
src="$(dirname "$0")/testdata/test-fstab-generator"
+# fsck(8) is located in /usr/sbin on Debian
+PATH=$PATH:/usr/sbin
+
for f in "$src"/test-*.input; do
echo "*** Running $f"

@ -0,0 +1,30 @@
From ba5d26d85d0c4250b10a46a5c9cd3a3e1f0ce43b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 4 Nov 2022 19:36:31 +0100
Subject: [PATCH] loop-util: open lock fd read-only
flock(2) works with file descriptors opened with O_RDONLY.
This affects SELinux systems where access to block devices is quite
restricted to avoid bypasses on filesystem objects.
(cherry picked from commit 3e6b7d2626de9c0faf8b34b2629e8d6d8fa85a7d)
Related #2138081
---
src/shared/loop-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c
index 731ce29112..fb7e80b1b5 100644
--- a/src/shared/loop-util.c
+++ b/src/shared/loop-util.c
@@ -77,7 +77,7 @@ static int open_lock_fd(int primary_fd, int operation) {
assert(primary_fd >= 0);
assert(IN_SET(operation & ~LOCK_NB, LOCK_SH, LOCK_EX));
- lock_fd = fd_reopen(primary_fd, O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+ lock_fd = fd_reopen(primary_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (lock_fd < 0)
return lock_fd;

@ -1,161 +0,0 @@
From 7cc55d22394b8583b637e7e4b8baa00eb8f0dc49 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Wed, 12 Jan 2022 22:38:22 +0000
Subject: [PATCH] test: do not assume x86-64 arch in TEST-58-REPART
(cherry picked from commit 8e65d93e85f06e3f28b0b7a6e33b041ddf119917)
Related: #2017035
---
test/units/testsuite-58.sh | 76 ++++++++++++++++++++++++++++++++------
1 file changed, 65 insertions(+), 11 deletions(-)
diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh
index 78c25051a2..4b3c984c84 100755
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@@ -11,6 +11,60 @@ fi
export SYSTEMD_LOG_LEVEL=debug
export PAGER=cat
+machine="$(uname -m)"
+if [ "${machine}" = "x86_64" ]; then
+ root_guid=4f68bce3-e8cd-4db1-96e7-fbcaf984b709
+ root_uuid=60F33797-1D71-4DCB-AA6F-20564F036CD0
+ usr_guid=8484680c-9521-48c6-9c11-b0720656f69e
+ usr_uuid=7E3369DD-D653-4513-ADF5-B993A9F20C16
+ architecture="x86-64"
+elif [ "${machine}" = "i386" ] || [ "${machine}" = "i686" ] || [ "${machine}" = "x86" ]; then
+ root_guid=44479540-f297-41b2-9af7-d131d5f0458a
+ root_uuid=02b4253f-29a4-404e-8972-1669d3b03c87
+ usr_guid=75250d76-8cc6-458e-bd66-bd47cc81a812
+ usr_uuid=7b42ffb0-b0e1-4395-b20b-c78f4a571648
+ architecture="x86"
+elif [ "${machine}" = "aarch64" ] || [ "${machine}" = "aarch64_be" ] || [ "${machine}" = "armv8b" ] || [ "${machine}" = "armv8l" ]; then
+ root_guid=b921b045-1df0-41c3-af44-4c6f280d3fae
+ root_uuid=055d0227-53a6-4033-85c3-9a5973eff483
+ usr_guid=b0e01050-ee5f-4390-949a-9101b17104e9
+ usr_uuid=fce3c75e-d6a4-44c0-87f0-4c105183fb1f
+ architecture="arm64"
+elif [ "${machine}" = "arm" ]; then
+ root_guid=69dad710-2ce4-4e3c-b16c-21a1d49abed3
+ root_uuid=567da89e-8de2-4499-8d10-18f212dff034
+ usr_guid=7d0359a3-02b3-4f0a-865c-654403e70625
+ usr_uuid=71e93dc2-5073-42cb-8a84-a354e64d8966
+ architecture="arm"
+elif [ "${machine}" = "loongarch64" ]; then
+ root_guid=77055800-792c-4f94-b39a-98c91b762bb6
+ root_uuid=d8efc2d2-0133-41e4-bdcb-3b9f4cfddde8
+ usr_guid=e611c702-575c-4cbe-9a46-434fa0bf7e3f
+ usr_uuid=031ffa75-00bb-49b6-a70d-911d2d82a5b7
+ architecture="loongarch64"
+elif [ "${machine}" = "ia64" ]; then
+ root_guid=993d8d3d-f80e-4225-855a-9daf8ed7ea97
+ root_uuid=dcf33449-0896-4ea9-bc24-7d58aeef522d
+ usr_guid=4301d2a6-4e3b-4b2a-bb94-9e0b2c4225ea
+ usr_uuid=bc2bcce7-80d6-449a-85cc-637424ce5241
+ architecture="ia64"
+elif [ "${machine}" = "s390x" ]; then
+ root_guid=5eead9a9-fe09-4a1e-a1d7-520d00531306
+ root_uuid=7ebe0c85-e27e-48ec-b164-f4807606232e
+ usr_guid=8a4f5770-50aa-4ed3-874a-99b710db6fea
+ usr_uuid=51171d30-35cf-4a49-b8b5-9478b9b796a5
+ architecture="s390x"
+elif [ "${machine}" = "ppc64le" ]; then
+ root_guid=c31c45e6-3f39-412e-80fb-4809c4980599
+ root_uuid=061e67a1-092f-482f-8150-b525d50d6654
+ usr_guid=15bb03af-77e7-4d4a-b12b-c0d084f7491c
+ usr_uuid=c0d0823b-8040-4c7c-a629-026248e297fb
+ architecture="ppc64-le"
+else
+ echo "Unexpected uname -m: ${machine} in testsuite-58.sh, please fix me"
+ exit 1
+fi
+
rm -f /var/tmp/testsuite-58.img /var/tmp/testsuite-58.2.img /tmp/testsuite-58.dump
mkdir -p /tmp/testsuite-58-defs/
@@ -25,7 +79,7 @@ EOF
cat >/tmp/testsuite-58-defs/usr.conf <<EOF
[Partition]
-Type=usr
+Type=usr-${architecture}
SizeMinBytes=10M
Format=ext4
ReadOnly=yes
@@ -33,7 +87,7 @@ EOF
cat >/tmp/testsuite-58-defs/root.conf <<EOF
[Partition]
-Type=root
+Type=root-${architecture}
SizeMinBytes=10M
Format=ext4
MakeDirectories=/usr /efi
@@ -47,9 +101,9 @@ systemd-repart --definitions=/tmp/testsuite-58-defs/ \
sfdisk --dump /var/tmp/testsuite-58.img | tee /tmp/testsuite-58.dump
-grep -qxF '/var/tmp/testsuite-58.img1 : start= 2048, size= 20480, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=39107B09-615D-48FB-BA37-C663885FCE67, name="esp"' /tmp/testsuite-58.dump
-grep -qxF '/var/tmp/testsuite-58.img2 : start= 22528, size= 20480, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709, uuid=60F33797-1D71-4DCB-AA6F-20564F036CD0, name="root-x86-64", attrs="GUID:59"' /tmp/testsuite-58.dump
-grep -qxF '/var/tmp/testsuite-58.img3 : start= 43008, size= 20480, type=8484680C-9521-48C6-9C11-B0720656F69E, uuid=7E3369DD-D653-4513-ADF5-B993A9F20C16, name="usr-x86-64", attrs="GUID:60"' /tmp/testsuite-58.dump
+grep -qixF "/var/tmp/testsuite-58.img1 : start= 2048, size= 20480, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=39107B09-615D-48FB-BA37-C663885FCE67, name=\"esp\"" /tmp/testsuite-58.dump
+grep -qixF "/var/tmp/testsuite-58.img2 : start= 22528, size= 20480, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\", attrs=\"GUID:59\"" /tmp/testsuite-58.dump
+grep -qixF "/var/tmp/testsuite-58.img3 : start= 43008, size= 20480, type=${usr_guid}, uuid=${usr_uuid}, name=\"usr-${architecture}\", attrs=\"GUID:60\"" /tmp/testsuite-58.dump
# Second part, duplicate it with CopyBlocks=auto
@@ -61,14 +115,14 @@ EOF
cat >/tmp/testsuite-58-defs/usr.conf <<EOF
[Partition]
-Type=usr
+Type=usr-${architecture}
ReadOnly=yes
CopyBlocks=auto
EOF
cat >/tmp/testsuite-58-defs/root.conf <<EOF
[Partition]
-Type=root
+Type=root-${architecture}
CopyBlocks=auto
EOF
@@ -91,7 +145,7 @@ mkdir -p /tmp/testsuite-58.3-defs/
cat >/tmp/testsuite-58.3-defs/root.conf <<EOF
[Partition]
-Type=root
+Type=root-${architecture}
EOF
truncate -s 10g /var/tmp/testsuite-58.3.img
@@ -111,7 +165,7 @@ sfdisk --dump /var/tmp/testsuite-58.3.img | tee /tmp/testsuite-58.3.dump
grep -qF '/var/tmp/testsuite-58.3.img1 : start= 2048, size= 69044,' /tmp/testsuite-58.3.dump
grep -qF '/var/tmp/testsuite-58.3.img2 : start= 71092, size= 3591848,' /tmp/testsuite-58.3.dump
-grep -qxF '/var/tmp/testsuite-58.3.img3 : start= 3662944, size= 17308536, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709, uuid=60F33797-1D71-4DCB-AA6F-20564F036CD0, name="root-x86-64", attrs="GUID:59"' /tmp/testsuite-58.3.dump
+grep -qixF "/var/tmp/testsuite-58.3.img3 : start= 3662944, size= 17308536, type=${root_guid}, uuid=${root_uuid}, name=\"root-${architecture}\", attrs=\"GUID:59\"" /tmp/testsuite-58.3.dump
rm /var/tmp/testsuite-58.3.img /tmp/testsuite-58.3.dump
rm -r /tmp/testsuite-58.3-defs/
@@ -120,7 +174,7 @@ rm -r /tmp/testsuite-58.3-defs/
mkdir -p /tmp/testsuite-58-issue-21817-defs/
truncate -s 100m /tmp/testsuite-58-issue-21817.img
LOOP=$(losetup -P --show -f /tmp/testsuite-58-issue-21817.img)
-printf 'size=50M,type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709\n,\n' | sfdisk -X gpt /tmp/testsuite-58-issue-21817.img
+printf 'size=50M,type=%s\n,\n' "${root_guid}" | sfdisk -X gpt /tmp/testsuite-58-issue-21817.img
cat >/tmp/testsuite-58-issue-21817-defs/test.conf <<EOF
[Partition]
Type=root
@@ -129,7 +183,7 @@ systemd-repart --pretty=yes --definitions /tmp/testsuite-58-issue-21817-defs/ "$
sfdisk --dump "$LOOP" | tee /tmp/testsuite-58-issue-21817.dump
losetup -d "$LOOP"
-grep -qF 'p1 : start= 2048, size= 102400, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709,' /tmp/testsuite-58-issue-21817.dump
+grep -qiF "p1 : start= 2048, size= 102400, type=${root_guid}," /tmp/testsuite-58-issue-21817.dump
grep -qF 'p2 : start= 104448, size= 100319,' /tmp/testsuite-58-issue-21817.dump
rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump

@ -0,0 +1,30 @@
From ca92c2e035d5702f23f9a8d1cd705425b5605822 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 7 Nov 2022 11:55:29 +0100
Subject: [PATCH] test: don't ignore non-existent paths in inst_recursive()
The process substitution in the while loop hides errors raised by the
find utility, which might (and did), in turn, hide errors in test setup.
(cherry picked from commit eb5d7730e1b3b1bddecb80be37e5a4c938183f61)
Related #2138081
---
test/test-functions | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index 16d9da637b..80ce383e64 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -2773,6 +2773,10 @@ inst_recursive() {
local p item
for p in "$@"; do
+ # Make sure the source exists, as the process substitution below
+ # suppresses errors
+ stat "$p" >/dev/null || return 1
+
while read -r item; do
if [[ -d "$item" ]]; then
inst_dir "$item"

@ -1,68 +0,0 @@
From 9a98a3b83e9e974d8d1cdc31e2286a862cc548be Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 7 Feb 2022 14:35:40 +0100
Subject: [PATCH] tests: add repart tests for block devices with 1024, 2048,
4096 byte sector sizes
let's make sure repart works with 4K drives and exotic sector sizes.
(cherry picked from commit 2cd341afb96486bd4afcdba23f02a27631c5b8db)
Related: #2017035
---
test/units/testsuite-58.sh | 42 ++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh
index 4b3c984c84..7aed965fb4 100755
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@@ -189,6 +189,48 @@ grep -qF 'p2 : start= 104448, size= 100319,' /tmp/testsuite-58-issue-2
rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump
rm -r /tmp/testsuite-58-issue-21817-defs/
+testsector()
+{
+ echo "Running sector test with sector size $1..."
+
+ mkdir -p /tmp/testsuite-58-sector
+ cat > /tmp/testsuite-58-sector/a.conf <<EOF
+[Partition]
+Type=root
+SizeMaxBytes=15M
+SizeMinBytes=15M
+EOF
+ cat > /tmp/testsuite-58-sector/b.conf <<EOF
+[Partition]
+Type=linux-generic
+Weight=250
+EOF
+
+ cat > /tmp/testsuite-58-sector/c.conf <<EOF
+[Partition]
+Type=linux-generic
+Weight=750
+EOF
+
+ truncate -s 100m "/tmp/testsuite-58-sector-$1.img"
+ LOOP=$(losetup -b "$1" -P --show -f "/tmp/testsuite-58-sector-$1.img" )
+ systemd-repart --pretty=yes --definitions=/tmp/testsuite-58-sector/ --seed=750b6cd5c4ae4012a15e7be3c29e6a47 --empty=require --dry-run=no "$LOOP"
+ rm -rf /tmp/testsuite-58-sector
+ sfdisk --verify "$LOOP"
+ sfdisk --dump "$LOOP"
+ losetup -d "$LOOP"
+
+ rm "/tmp/testsuite-58-sector-$1.img"
+}
+
+# Valid block sizes on the Linux block layer are >= 512 and <= PAGE_SIZE, and
+# must be powers of 2. Which leaves exactly four different ones to test on
+# typical hardware
+testsector 512
+testsector 1024
+testsector 2048
+testsector 4096
+
echo OK >/testok
exit 0

@ -1,31 +0,0 @@
From c16ff9acad53e741ee121a21bd2ba5dfce1f459e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 25 Feb 2022 15:09:07 +0100
Subject: [PATCH] test: accept both unpadded and padded partition sizes
Since util-linux/util-linux@921c7da55ec78350e4067b3fd6b7de6f299106ee
libfdisk aligns the last partition (on GPT) for optimal I/O. Let's
account for that.
Fixes: #22606
(cherry picked from commit d490188b8f6da658d8086dd53b7db95735e5cca1)
Related: #2017035
---
test/units/testsuite-58.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/test/units/testsuite-58.sh b/test/units/testsuite-58.sh
index 7aed965fb4..f1b690a71f 100755
--- a/test/units/testsuite-58.sh
+++ b/test/units/testsuite-58.sh
@@ -184,7 +184,8 @@ sfdisk --dump "$LOOP" | tee /tmp/testsuite-58-issue-21817.dump
losetup -d "$LOOP"
grep -qiF "p1 : start= 2048, size= 102400, type=${root_guid}," /tmp/testsuite-58-issue-21817.dump
-grep -qF 'p2 : start= 104448, size= 100319,' /tmp/testsuite-58-issue-21817.dump
+# Accept both unpadded (pre-v2.38 util-linux) and padded (v2.38+ util-linux) sizes
+grep -qE "p2 : start= 104448, size= (100319| 98304)," /tmp/testsuite-58-issue-21817.dump
rm /tmp/testsuite-58-issue-21817.img /tmp/testsuite-58-issue-21817.dump
rm -r /tmp/testsuite-58-issue-21817-defs/

@ -0,0 +1,46 @@
From ea8b80cdc0dfd0ad92301a0e421df4d3110fe09c Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 7 Nov 2022 11:57:59 +0100
Subject: [PATCH] test: fix locale installation when locale-gen is used
locale-gen might merge all compiled locales into a simple archive, so we
need to install it as well if necessary.
(cherry picked from commit 0c416ea01bc14adff10f4fc5415a36bd2d48f604)
Related #2138081
---
test/test-functions | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/test/test-functions b/test/test-functions
index 80ce383e64..45ca472916 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1988,14 +1988,19 @@ install_locales() {
inst /usr/share/i18n/SUPPORTED || :
inst_recursive /usr/share/i18n/charmaps
inst_recursive /usr/share/i18n/locales
- inst_recursive /usr/share/locale/en
- inst_recursive /usr/share/locale/en_*
+ inst_recursive /usr/share/locale/en*
+ inst_recursive /usr/share/locale/de*
+ image_install /usr/share/locale/locale.alias
+ # locale-gen might either generate each locale separately or merge them
+ # into a single archive
+ if ! (inst_recursive /usr/lib/locale/C.*8 /usr/lib/locale/en_*8 ||
+ image_install /usr/lib/locale/locale-archive); then
+ dfatal "Failed to install required locales"
+ exit 1
+ fi
+ else
+ inst_recursive /usr/lib/locale/C.*8 /usr/lib/locale/en_*8
fi
-
- inst_recursive /usr/lib/locale/C.utf8
- inst_recursive /usr/lib/locale/C.UTF-8
- inst_recursive /usr/lib/locale/en_*.utf8
- inst_recursive /usr/lib/locale/en_*.UTF-8
}
# shellcheck disable=SC2120

@ -0,0 +1,71 @@
From bec9d65390249d4e88f5095e751283645a2a4c08 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 7 Nov 2022 12:07:27 +0100
Subject: [PATCH] test: fix keymaps installation on Arch
Where the keymaps live under /usr/share/kbd/keymaps/.
(cherry picked from commit 1edad89399e7cbee230878589ac618103c157ec7)
Related #2138081
---
test/test-functions | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/test/test-functions b/test/test-functions
index 45ca472916..194cd682bb 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -2007,7 +2007,8 @@ install_locales() {
install_keymaps() {
local i p
local -a prefix=(
- "/usr"
+ "/usr/lib"
+ "/usr/share"
)
dinfo "Install console keymaps"
@@ -2016,7 +2017,7 @@ install_keymaps() {
&& [[ "$(meson configure "${BUILD_DIR:?}" | grep 'split-usr' | awk '{ print $2 }')" == "true" ]] \
|| [[ ! -L /lib ]]; then
prefix+=(
- ""
+ "/lib"
)
fi
@@ -2025,12 +2026,12 @@ install_keymaps() {
# The first three paths may be deprecated.
# It seems now the last three paths are used by many distributions.
for i in \
- "$p"/lib/kbd/keymaps/include/* \
- "$p"/lib/kbd/keymaps/i386/include/* \
- "$p"/lib/kbd/keymaps/i386/qwerty/us.* \
- "$p"/lib/kbd/keymaps/legacy/include/* \
- "$p"/lib/kbd/keymaps/legacy/i386/qwerty/us.* \
- "$p"/lib/kbd/keymaps/xkb/us*; do
+ "$p"/kbd/keymaps/include/* \
+ "$p"/kbd/keymaps/i386/include/* \
+ "$p"/kbd/keymaps/i386/qwerty/us.* \
+ "$p"/kbd/keymaps/legacy/include/* \
+ "$p"/kbd/keymaps/legacy/i386/qwerty/us.* \
+ "$p"/kbd/keymaps/xkb/us*; do
[[ -f "$i" ]] || continue
inst "$i"
done
@@ -2039,10 +2040,10 @@ install_keymaps() {
# When it takes any argument, then install more keymaps.
for p in "${prefix[@]}"; do
for i in \
- "$p"/lib/kbd/keymaps/include/* \
- "$p"/lib/kbd/keymaps/i386/*/* \
- "$p"/lib/kbd/keymaps/legacy/i386/*/* \
- "$p"/lib/kbd/keymaps/xkb/*; do
+ "$p"/kbd/keymaps/include/* \
+ "$p"/kbd/keymaps/i386/*/* \
+ "$p"/kbd/keymaps/legacy/i386/*/* \
+ "$p"/kbd/keymaps/xkb/*; do
[[ -f "$i" ]] || continue
inst "$i"
done

@ -1,41 +0,0 @@
From fcaf368341c85285017f77333543656e1382975e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 9 Feb 2022 22:35:03 +0100
Subject: [PATCH] test: lvm 2.03.15 dropped the static autoactivation
so install the respective generator only if we're running with older
lvm versions.
See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=ee8fb0310c53ed003a43b324c99cdfd891dd1a7c
(cherry picked from commit d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4)
Related: #2017035
---
test/test-functions | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/test/test-functions b/test/test-functions
index 4827b6bedf..dcc893733c 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -973,16 +973,19 @@ install_lvm() {
image_install lvm
image_install "${ROOTLIBDIR:?}"/system/lvm2-lvmpolld.{service,socket}
image_install "${ROOTLIBDIR:?}"/system/{blk-availability,lvm2-monitor}.service
- image_install "${ROOTLIBDIR:?}"/system-generators/lvm2-activation-generator
image_install -o "/lib/tmpfiles.d/lvm2.conf"
if get_bool "$LOOKS_LIKE_DEBIAN"; then
inst_rules 56-lvm.rules 69-lvm-metad.rules
else
# Support the new udev autoactivation introduced in lvm 2.03.14
# https://sourceware.org/git/?p=lvm2.git;a=commit;h=67722b312390cdab29c076c912e14bd739c5c0f6
+ # Static autoactivation (via lvm2-activation-generator) was dropped
+ # in lvm 2.03.15
+ # https://sourceware.org/git/?p=lvm2.git;a=commit;h=ee8fb0310c53ed003a43b324c99cdfd891dd1a7c
if [[ -f /lib/udev/rules.d/69-dm-lvm.rules ]]; then
inst_rules 11-dm-lvm.rules 69-dm-lvm.rules
else
+ image_install "${ROOTLIBDIR:?}"/system-generators/lvm2-activation-generator
image_install "${ROOTLIBDIR:?}"/system/lvm2-pvscan@.service
inst_rules 11-dm-lvm.rules 69-dm-lvm-metad.rules
fi

@ -1,39 +0,0 @@
From 494045e03c7e1b81ac4dcea7d4bf776e2bc50c77 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 10 Feb 2022 12:29:53 +0100
Subject: [PATCH] test: accept GC'ed units in newer LVM
Since lvm 2.03.15 the transient units are started without `-r`, thus
disappearing once they finish and breaking the test (which expects them
to remain loaded after finishing). Let's accept `LoadState=not-found` as
a valid result as well to fix this.
Follow-up to: d10d562bd4b9f93130fb2b23f2b0d0d4126ea7d4
See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=fbd8b0cf43dc67f51f86f060dce748f446985855
(cherry picked from commit b034f02c628057c30a2136289a1b388a6fb9a737)
Related: #2017035
---
test/units/testsuite-64.sh | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh
index f75382d90a..dc8b263b10 100755
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@@ -96,6 +96,14 @@ helper_wait_for_lvm_activate() {
if [[ "$(systemctl show -P SubState "$lvm_activate_svc")" == exited ]]; then
return 0
fi
+ else
+ # Since lvm 2.03.15 the lvm-activate transient unit no longer remains
+ # after finishing, so we have to treat non-existent units as a success
+ # as well
+ # See: https://sourceware.org/git/?p=lvm2.git;a=commit;h=fbd8b0cf43dc67f51f86f060dce748f446985855
+ if [[ "$(systemctl show -P LoadState "$lvm_activate_svc")" == not-found ]]; then
+ return 0
+ fi
fi
sleep .5

@ -0,0 +1,43 @@
From d63a1edb6bef959e8d6a481464a809badcc3a2eb Mon Sep 17 00:00:00 2001
From: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Date: Mon, 7 Nov 2022 08:38:58 +0100
Subject: [PATCH] test: compile test-utmp.c only if UTMP is enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When compiling with -D utmp=false the compilation fails with:
../../git/systemd/src/test/test-utmp.c: In function test_dump_run_utmp:
../../git/systemd/src/test/test-utmp.c:21:9: error: cleanup argument not a function
21 | _unused_ _cleanup_(utxent_cleanup) bool utmpx = false;
| ^~~~~~~~
../../git/systemd/src/test/test-utmp.c:23:17: error: implicit declaration of function utxent_start [-Werror=implicit-function-declaration]
23 | utmpx = utxent_start();
| ^~~~~~~~~~~~
any many other errors
Add a conditional to compile test-utmp.c only if ENABLE_UTMP is true.
(cherry picked from commit 41cac2a8b98fc5faebe942c697b17e109822342d)
Related: #2138081
---
src/test/meson.build | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/test/meson.build b/src/test/meson.build
index 86fc1d4fc0..2a4dfe26db 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -622,7 +622,8 @@ tests += [
[files('test-journal-importer.c')],
- [files('test-utmp.c')],
+ [files('test-utmp.c'),
+ [], [], [], 'ENABLE_UTMP'],
[files('test-udev.c'),
[libudevd_core,

@ -0,0 +1,19 @@
From d9328ee5e53d1901af9396ae3e0b2dd05f731781 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 14 Nov 2022 09:25:37 +0100
Subject: [PATCH] Create CNAME
Related: #2138081
---
docs/CNAME | 1 +
1 file changed, 1 insertion(+)
create mode 100644 docs/CNAME
diff --git a/docs/CNAME b/docs/CNAME
new file mode 100644
index 0000000000..cdcf4d9a52
--- /dev/null
+++ b/docs/CNAME
@@ -0,0 +1 @@
+systemd.io
\ No newline at end of file

@ -1,127 +0,0 @@
From 3ed5b365c5134cb18da8aed397c7c4551af25715 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 1 Mar 2022 17:04:13 +0000
Subject: [PATCH] shared: Add more dlopen() tests
Add dlopen_dw(), dlopen_elf() and dlopen_pcre2() to the dlopen test.
To enable adding dlopen_pcre2(), we move pcre2-dlopen.h/c from
src/journal to src/shared.
(cherry picked from commit ee48779e05831a0ec5e1ba5e7ed5fe92aaca1d9e)
Related: #2017035
---
src/journal/meson.build | 2 --
src/shared/elf-util.c | 4 ++--
src/shared/elf-util.h | 3 +++
src/shared/meson.build | 2 ++
src/{journal => shared}/pcre2-dlopen.c | 0
src/{journal => shared}/pcre2-dlopen.h | 0
src/test/test-dlopen-so.c | 11 +++++++++++
7 files changed, 18 insertions(+), 4 deletions(-)
rename src/{journal => shared}/pcre2-dlopen.c (100%)
rename src/{journal => shared}/pcre2-dlopen.h (100%)
diff --git a/src/journal/meson.build b/src/journal/meson.build
index eb66bfd584..270592f2ac 100644
--- a/src/journal/meson.build
+++ b/src/journal/meson.build
@@ -49,8 +49,6 @@ systemd_cat_sources = files('cat.c')
journalctl_sources = files('''
journalctl.c
- pcre2-dlopen.c
- pcre2-dlopen.h
'''.split())
if install_sysconfdir_samples
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
index 4d93e7eaba..6d9fcfbbf2 100644
--- a/src/shared/elf-util.c
+++ b/src/shared/elf-util.c
@@ -80,7 +80,7 @@ unsigned int (*sym_elf_version)(unsigned int);
GElf_Phdr *(*sym_gelf_getphdr)(Elf *, int, GElf_Phdr *);
size_t (*sym_gelf_getnote)(Elf_Data *, size_t, GElf_Nhdr *, size_t *, size_t *);
-static int dlopen_dw(void) {
+int dlopen_dw(void) {
int r;
r = dlopen_many_sym_or_warn(
@@ -123,7 +123,7 @@ static int dlopen_dw(void) {
return 1;
}
-static int dlopen_elf(void) {
+int dlopen_elf(void) {
int r;
r = dlopen_many_sym_or_warn(
diff --git a/src/shared/elf-util.h b/src/shared/elf-util.h
index cf3d9be128..b28e64cea6 100644
--- a/src/shared/elf-util.h
+++ b/src/shared/elf-util.h
@@ -4,6 +4,9 @@
#include "json.h"
#if HAVE_ELFUTILS
+int dlopen_dw(void);
+int dlopen_elf(void);
+
/* Parse an ELF object in a forked process, so that errors while iterating over
* untrusted and potentially malicious data do not propagate to the main caller's process.
* If fork_disable_dump, the child process will not dump core if it crashes. */
diff --git a/src/shared/meson.build b/src/shared/meson.build
index 5dc58a863d..006310a917 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -241,6 +241,8 @@ shared_sources = files('''
parse-argument.h
parse-socket-bind-item.c
parse-socket-bind-item.h
+ pcre2-dlopen.c
+ pcre2-dlopen.h
pe-header.h
pkcs11-util.c
pkcs11-util.h
diff --git a/src/journal/pcre2-dlopen.c b/src/shared/pcre2-dlopen.c
similarity index 100%
rename from src/journal/pcre2-dlopen.c
rename to src/shared/pcre2-dlopen.c
diff --git a/src/journal/pcre2-dlopen.h b/src/shared/pcre2-dlopen.h
similarity index 100%
rename from src/journal/pcre2-dlopen.h
rename to src/shared/pcre2-dlopen.h
diff --git a/src/test/test-dlopen-so.c b/src/test/test-dlopen-so.c
index ea2ef31b1f..002f666ed8 100644
--- a/src/test/test-dlopen-so.c
+++ b/src/test/test-dlopen-so.c
@@ -5,10 +5,12 @@
#include "bpf-dlopen.h"
#include "cryptsetup-util.h"
+#include "elf-util.h"
#include "idn-util.h"
#include "libfido2-util.h"
#include "macro.h"
#include "main-func.h"
+#include "pcre2-dlopen.h"
#include "pwquality-util.h"
#include "qrcode-util.h"
#include "tests.h"
@@ -49,6 +51,15 @@ static int run(int argc, char **argv) {
assert_se(dlopen_bpf() >= 0);
#endif
+#if HAVE_ELFUTILS
+ assert_se(dlopen_dw() >= 0);
+ assert_se(dlopen_elf() >= 0);
+#endif
+
+#if HAVE_PCRE2
+ assert_se(dlopen_pcre2() >= 0);
+#endif
+
return 0;
}

@ -1,36 +0,0 @@
From b07519fd5241eacfdb735917eca4ccbf441b5a8a Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 22 Feb 2022 11:06:00 +0000
Subject: [PATCH] systemctl: Show how long a service ran for after it exited in
status output
(cherry picked from commit 0802f62efc1d1c67d5be67223b529c93536cf2ed)
Related: #2017035
---
src/systemctl/systemctl-show.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c
index 37c898f313..9b23471990 100644
--- a/src/systemctl/systemctl-show.c
+++ b/src/systemctl/systemctl-show.c
@@ -433,6 +433,18 @@ static void print_status_info(
FORMAT_TIMESTAMP_STYLE(until_timestamp, arg_timestamp_style),
FORMAT_TIMESTAMP_RELATIVE(until_timestamp));
}
+
+ if (!endswith(i->id, ".target") &&
+ STRPTR_IN_SET(i->active_state, "inactive", "failed") &&
+ timestamp_is_set(i->active_enter_timestamp) &&
+ timestamp_is_set(i->active_exit_timestamp) &&
+ i->active_exit_timestamp >= i->active_enter_timestamp) {
+
+ usec_t duration;
+
+ duration = i->active_exit_timestamp - i->active_enter_timestamp;
+ printf(" Duration: %s\n", FORMAT_TIMESPAN(duration, MSEC_PER_SEC));
+ }
} else
printf("\n");

@ -0,0 +1,46 @@
From 31f0c1b06bfd90d52009b59b9a4bf26c297790a7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 14 Nov 2022 17:26:49 +0100
Subject: [PATCH] tpm2-util: force default TCTI to be "device" with parameter
"/dev/tpmrm0"
Apparently some distros default to tss-abmrd. Let's bypass that and
always go to the kernel resource manager.
abmrd cannot really work for us, since we want to access the TPM already
in earliest boot i.e. in environments the abmrd service is not available
in.
Fixes: #25352
(cherry picked from commit 34906680afe60d724ea435b79b9b830a4bf2e7e9)
Related: #2138081
---
src/shared/tpm2-util.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 65e8d48347..9d73316146 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -152,8 +152,19 @@ int tpm2_context_init(const char *device, struct tpm2_context *ret) {
if (r < 0)
return log_error_errno(r, "TPM2 support not installed: %m");
- if (!device)
+ if (!device) {
device = secure_getenv("SYSTEMD_TPM2_DEVICE");
+ if (device)
+ /* Setting the env var to an empty string forces tpm2-tss' own device picking
+ * logic to be used. */
+ device = empty_to_null(device);
+ else
+ /* If nothing was specified explicitly, we'll use a hardcoded default: the "device" tcti
+ * driver and the "/dev/tpmrm0" device. We do this since on some distributions the tpm2-abrmd
+ * might be used and we really don't want that, since it is a system service and that creates
+ * various ordering issues/deadlocks during early boot. */
+ device = "device:/dev/tpmrm0";
+ }
if (device) {
const char *param, *driver, *fn;

@ -1,130 +0,0 @@
From 5f59cc1593eaa251161061fe9a4ac4afb1592e6e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 21 Feb 2022 13:08:20 +0100
Subject: [PATCH] time-util: introduce TIMESTAMP_UNIX
Allow formatting timestamps as number of seconds since the Epoch for easier
machine parsing.
Fixes: #22567
```
$ systemctl show systemd-journald | grep Timestamp
WatchdogTimestampMonotonic=0
ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET
ExecMainStartTimestampMonotonic=13030408
ExecMainExitTimestampMonotonic=0
StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET
StateChangeTimestampMonotonic=13049273
InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveExitTimestampMonotonic=13030430
ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveEnterTimestampMonotonic=13049273
ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveExitTimestampMonotonic=12997236
InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveEnterTimestampMonotonic=13028890
ConditionTimestamp=Sat 2021-12-11 15:25:57 CET
ConditionTimestampMonotonic=13029539
AssertTimestamp=Sat 2021-12-11 15:25:57 CET
AssertTimestampMonotonic=13029540
$ systemctl show --timestamp=unix systemd-journald | grep Timestamp
WatchdogTimestampMonotonic=0
ExecMainStartTimestamp=@1639232757
ExecMainStartTimestampMonotonic=13030408
ExecMainExitTimestampMonotonic=0
StateChangeTimestamp=@1639232757
StateChangeTimestampMonotonic=13049273
InactiveExitTimestamp=@1639232757
InactiveExitTimestampMonotonic=13030430
ActiveEnterTimestamp=@1639232757
ActiveEnterTimestampMonotonic=13049273
ActiveExitTimestamp=@1639232757
ActiveExitTimestampMonotonic=12997236
InactiveEnterTimestamp=@1639232757
InactiveEnterTimestampMonotonic=13028890
ConditionTimestamp=@1639232757
ConditionTimestampMonotonic=13029539
AssertTimestamp=@1639232757
AssertTimestampMonotonic=13029540
```
(cherry picked from commit ed4a5b434517eeebc508379476cf112704e7981c)
Related: #2017035
---
src/basic/time-util.c | 11 +++++++++++
src/basic/time-util.h | 1 +
src/test/test-time-util.c | 5 +++++
3 files changed, 17 insertions(+)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index b659d6905d..c0841af8f3 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -320,11 +320,13 @@ char *format_timestamp_style(
time_t sec;
size_t n;
bool utc = false, us = false;
+ int r;
assert(buf);
switch (style) {
case TIMESTAMP_PRETTY:
+ case TIMESTAMP_UNIX:
break;
case TIMESTAMP_US:
us = true;
@@ -350,6 +352,14 @@ char *format_timestamp_style(
if (t <= 0 || t == USEC_INFINITY)
return NULL; /* Timestamp is unset */
+ if (style == TIMESTAMP_UNIX) {
+ r = snprintf(buf, l, "@" USEC_FMT, t / USEC_PER_SEC); /* round down µs → s */
+ if (r < 0 || (size_t) r >= l)
+ return NULL; /* Doesn't fit */
+
+ return buf;
+ }
+
/* Let's not format times with years > 9999 */
if (t > USEC_TIMESTAMP_FORMATTABLE_MAX) {
assert(l >= STRLEN("--- XXXX-XX-XX XX:XX:XX") + 1);
@@ -1632,6 +1642,7 @@ static const char* const timestamp_style_table[_TIMESTAMP_STYLE_MAX] = {
[TIMESTAMP_US] = "us",
[TIMESTAMP_UTC] = "utc",
[TIMESTAMP_US_UTC] = "us+utc",
+ [TIMESTAMP_UNIX] = "unix",
};
/* Use the macro for enum → string to allow for aliases */
diff --git a/src/basic/time-util.h b/src/basic/time-util.h
index 895af88299..01a72026e3 100644
--- a/src/basic/time-util.h
+++ b/src/basic/time-util.h
@@ -34,6 +34,7 @@ typedef enum TimestampStyle {
TIMESTAMP_US,
TIMESTAMP_UTC,
TIMESTAMP_US_UTC,
+ TIMESTAMP_UNIX,
_TIMESTAMP_STYLE_MAX,
_TIMESTAMP_STYLE_INVALID = -EINVAL,
} TimestampStyle;
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index 554693834b..799d271a44 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -325,6 +325,11 @@ TEST(format_timestamp) {
assert_se(parse_timestamp(buf, &y) >= 0);
assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC);
+ assert_se(format_timestamp_style(buf, sizeof(buf), x, TIMESTAMP_UNIX));
+ log_debug("%s", buf);
+ assert_se(parse_timestamp(buf, &y) >= 0);
+ assert_se(x / USEC_PER_SEC == y / USEC_PER_SEC);
+
assert_se(format_timestamp_style(buf, sizeof(buf), x, TIMESTAMP_UTC));
log_debug("%s", buf);
assert_se(parse_timestamp(buf, &y) >= 0);

@ -0,0 +1,52 @@
From 5b20ba25259da453a2aac5e65978a11bc2d048ed Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 15 Nov 2022 23:01:04 +0100
Subject: [PATCH] tpm2: add some extra validation of device string before using
it
Let's add some extra validation before constructing and using the .so
name to load. This isn't really security sensitive, given that we
used secure_getenv() to get the device string (and it thus should have
been come from a trusted source) but let's better be safe than sorry.
(cherry picked from commit 50a085143fa8f5dd6b6b3cef8a6ea2ec7c53ed0d)
Related: #2138081
---
src/shared/tpm2-util.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 9d73316146..4d0df944a9 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -174,15 +174,27 @@ int tpm2_context_init(const char *device, struct tpm2_context *ret) {
param = strchr(device, ':');
if (param) {
+ /* Syntax #1: Pair of driver string and arbitrary parameter */
driver = strndupa_safe(device, param - device);
+ if (isempty(driver))
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name is empty, refusing.");
+
param++;
- } else {
+ } else if (path_is_absolute(device) && path_is_valid(device)) {
+ /* Syntax #2: TPM device node */
driver = "device";
param = device;
- }
+ } else
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid TPM2 driver string, refusing.");
+
+ log_debug("Using TPM2 TCTI driver '%s' with device '%s'.", driver, param);
fn = strjoina("libtss2-tcti-", driver, ".so.0");
+ /* Better safe than sorry, let's refuse strings that cannot possibly be valid driver early, before going to disk. */
+ if (!filename_is_valid(fn))
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 driver name '%s' not valid, refusing.", driver);
+
dl = dlopen(fn, RTLD_NOW);
if (!dl)
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to load %s: %s", fn, dlerror());

@ -0,0 +1,25 @@
From 2fdb15b3053d20282d7f3c20a7a4d2bd96d9a39b Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Sun, 13 Nov 2022 16:14:17 +0100
Subject: [PATCH] boot: Fix error message
(cherry picked from commit 6ee4aa22140dd8d51b1a18882eb4220629b8dd8f)
Related: #2138081
---
src/boot/efi/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 4150b16ecf..84f4cc11a3 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2678,7 +2678,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
err = device_path_to_str(loaded_image->FilePath, &loaded_image_path);
if (err != EFI_SUCCESS)
- return log_error_status_stall(err, L"Error getting loaded image path: %m");
+ return log_error_status_stall(err, L"Error getting loaded image path: %r", err);
export_variables(loaded_image, loaded_image_path, init_usec);

@ -1,49 +0,0 @@
From 17dfcbd7fe332e7559e168520a57b0241d688485 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 21 Feb 2022 13:14:18 +0100
Subject: [PATCH] systemctl,man: update docs for `--timestamp=`
(cherry picked from commit b58b4a9f379748fec667fb60606de945eaafadbe)
Related: #2017035
---
man/systemctl.xml | 7 +++++++
src/systemctl/systemctl.c | 7 ++-----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/man/systemctl.xml b/man/systemctl.xml
index 3b3d709ab3..f28579e05d 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -2305,6 +2305,13 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
</varlistentry>
</variablelist>
+ <variablelist>
+ <varlistentry>
+ <term><option>unix</option></term>
+ <listitem><para><literal>@seconds-since-the-epoch</literal></para></listitem>
+ </varlistentry>
+ </variablelist>
+
<variablelist>
<varlistentry>
<term><option>us</option></term>
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 9031e685ea..0489796a75 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -296,11 +296,8 @@ static int systemctl_help(void) {
" --boot-loader-entry=NAME\n"
" Boot into a specific boot loader entry on next boot\n"
" --plain Print unit dependencies as a list instead of a tree\n"
- " --timestamp=FORMAT Change format of printed timestamps.\n"
- " 'pretty' (default): 'Day YYYY-MM-DD HH:MM:SS TZ\n"
- " 'us': 'Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ\n"
- " 'utc': 'Day YYYY-MM-DD HH:MM:SS UTC\n"
- " 'us+utc': 'Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC\n"
+ " --timestamp=FORMAT Change format of printed timestamps (pretty, unix,\n"
+ " us, utc, us+utc)\n"
" --read-only Create read-only bind mount\n"
" --mkdir Create directory before mounting, if missing\n"
" --marked Restart/reload previously marked units\n"

@ -0,0 +1,25 @@
From 58a3aaaad640bee3cca79a644422489e184b49c1 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Mon, 14 Nov 2022 14:18:26 +0100
Subject: [PATCH] boot: Fix memory leak
(cherry picked from commit b7b327f856b3782f28be561d612d66ff406c7789)
Related: #2138081
---
src/boot/efi/boot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 84f4cc11a3..17d4ec2d09 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2650,7 +2650,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
EFI_LOADED_IMAGE_PROTOCOL *loaded_image;
_cleanup_(file_closep) EFI_FILE *root_dir = NULL;
_cleanup_(config_free) Config config = {};
- char16_t *loaded_image_path;
+ _cleanup_free_ char16_t *loaded_image_path = NULL;
EFI_STATUS err;
uint64_t init_usec;
bool menu = false;

@ -1,69 +0,0 @@
From ab458e74eccf14550711ca024e9176fba7993abc Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 18 Feb 2022 23:09:18 +0100
Subject: [PATCH] systemctl: make `--timestamp=` affect the `show` verb as well
Currently the `--timestamp=` option has no effect on timestamps shown by
`systemctl show`, let's fix that.
Spotted in #22567.
Before:
```
$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp=
ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET
StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET
InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET
ConditionTimestamp=Sat 2021-12-11 15:25:57 CET
AssertTimestamp=Sat 2021-12-11 15:25:57 CET
```
After:
```
$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp=
ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC
StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC
InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC
ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC
ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC
InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC
ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC
AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC
```
(cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca)
Related: #2017035
---
src/systemctl/systemctl-show.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c
index 9b23471990..7a6655da74 100644
--- a/src/systemctl/systemctl-show.c
+++ b/src/systemctl/systemctl-show.c
@@ -1001,6 +1001,20 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m
}
break;
+ case SD_BUS_TYPE_UINT64:
+ if (endswith(name, "Timestamp")) {
+ uint64_t timestamp;
+
+ r = sd_bus_message_read_basic(m, bus_type, &timestamp);
+ if (r < 0)
+ return r;
+
+ bus_print_property_value(name, expected_value, flags, FORMAT_TIMESTAMP_STYLE(timestamp, arg_timestamp_style));
+
+ return 1;
+ }
+ break;
+
case SD_BUS_TYPE_STRUCT:
if (contents[0] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) {

@ -0,0 +1,88 @@
From 8cbb38625364640f390b2df2cda44ff3877fb16d Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Mon, 14 Nov 2022 14:37:13 +0100
Subject: [PATCH] boot: Do not require a loaded image path
If the device path to text protocol is not available (looking angrily at
Apple) we would fail to boot because we cannot get the loaded image
path. As this is only used for cosmetic purposes, we can just silently
continue.
Fixes: #25363
(cherry picked from commit af7ef648cddeb96da525de2410565d166f75cc96)
Related: #2138081
---
src/boot/efi/boot.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 17d4ec2d09..b490a1d972 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -471,7 +471,6 @@ static void print_status(Config *config, char16_t *loaded_image_path) {
_cleanup_free_ char16_t *device_part_uuid = NULL;
assert(config);
- assert(loaded_image_path);
clear_screen(COLOR_NORMAL);
console_query_mode(&x_max, &y_max);
@@ -619,7 +618,6 @@ static bool menu_run(
assert(config);
assert(chosen_entry);
- assert(loaded_image_path);
EFI_STATUS err;
UINTN visible_max = 0;
@@ -1478,7 +1476,7 @@ static void config_entry_add_type1(
entry->loader = xstra_to_path(value);
/* do not add an entry for ourselves */
- if (loaded_image_path && strcaseeq16(entry->loader, loaded_image_path)) {
+ if (strcaseeq16(entry->loader, loaded_image_path)) {
entry->type = LOADER_UNDEFINED;
break;
}
@@ -1908,12 +1906,11 @@ static ConfigEntry *config_entry_add_loader_auto(
assert(root_dir);
assert(id);
assert(title);
- assert(loader || loaded_image_path);
if (!config->auto_entries)
return NULL;
- if (loaded_image_path) {
+ if (!loader) {
loader = L"\\EFI\\BOOT\\BOOT" EFI_MACHINE_TYPE_NAME ".efi";
/* We are trying to add the default EFI loader here,
@@ -2562,7 +2559,6 @@ static void export_variables(
char16_t uuid[37];
assert(loaded_image);
- assert(loaded_image_path);
efivar_set_time_usec(LOADER_GUID, L"LoaderTimeInitUSec", init_usec);
efivar_set(LOADER_GUID, L"LoaderInfo", L"systemd-boot " GIT_VERSION, 0);
@@ -2591,7 +2587,6 @@ static void config_load_all_entries(
assert(config);
assert(loaded_image);
- assert(loaded_image_path);
assert(root_dir);
config_load_defaults(config, root_dir);
@@ -2676,9 +2671,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
if (err != EFI_SUCCESS)
return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err);
- err = device_path_to_str(loaded_image->FilePath, &loaded_image_path);
- if (err != EFI_SUCCESS)
- return log_error_status_stall(err, L"Error getting loaded image path: %r", err);
+ (void) device_path_to_str(loaded_image->FilePath, &loaded_image_path);
export_variables(loaded_image, loaded_image_path, init_usec);

@ -1,39 +0,0 @@
From fdd32f48af7993305f65989162dedd75a929966a Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 15 Feb 2022 01:13:10 +0000
Subject: [PATCH] tests: allow running all the services with SYSTEMD_LOG_LEVEL
It should make it easier to figure out what exactly services do there.
For example, with SYSTEMD_LOG_LEVEL=debug userdbd (v249) prints
```
varlink-5: New incoming message: {"method":"io.systemd.UserDatabase.GetUserRecord","parameters":{}}
```
before it crashes and systemd-resolved prints
```
varlink-21: New incoming message: {"method":"io.systemd.Resolve.ResolveAddress","parameters":{"address":[127,0,0,1],"flags":0,"ifindex":1000000,"family":0}}
```
and those messages are helpful (especially when scripts causing them
aren't clever enough to keep track of random stuff they send to systemd
:-))
(cherry picked from commit bf6ef6b6a9156e5f52ee69ce0c529a246f103e54)
Related: #2017035
---
test/test-functions | 3 +++
1 file changed, 3 insertions(+)
diff --git a/test/test-functions b/test/test-functions
index dcc893733c..a299f5ff1f 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1142,6 +1142,9 @@ install_systemd() {
# enable debug logging in PID1
echo LogLevel=debug >>"$initdir/etc/systemd/system.conf"
+ if [[ -n "$TEST_SYSTEMD_LOG_LEVEL" ]]; then
+ echo DefaultEnvironment=SYSTEMD_LOG_LEVEL="$TEST_SYSTEMD_LOG_LEVEL" >>"$initdir/etc/systemd/system.conf"
+ fi
# store coredumps in journal
echo Storage=journal >>"$initdir/etc/systemd/coredump.conf"
# Propagate SYSTEMD_UNIT_PATH to user systemd managers

@ -0,0 +1,75 @@
From 806165285b822436023df84ca0a3e5b28a3099d6 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Mon, 14 Nov 2022 15:24:32 +0100
Subject: [PATCH] boot: Manually convert filepaths if needed
The conversion of a filepath device path to text is needed for the stub
loader to find credential files.
(cherry picked from commit 679007044fbbcf82c66cf20b99f2f5086b7df6b4)
Related: #2138081
---
src/boot/efi/util.c | 40 ++++++++++++++++++++++++++++++++++++----
1 file changed, 36 insertions(+), 4 deletions(-)
diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c
index 5547d288de..57436dbf0c 100644
--- a/src/boot/efi/util.c
+++ b/src/boot/efi/util.c
@@ -772,19 +772,51 @@ EFI_STATUS make_file_device_path(EFI_HANDLE device, const char16_t *file, EFI_DE
EFI_STATUS device_path_to_str(const EFI_DEVICE_PATH *dp, char16_t **ret) {
EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *dp_to_text;
EFI_STATUS err;
+ _cleanup_free_ char16_t *str = NULL;
assert(dp);
assert(ret);
err = BS->LocateProtocol(&(EFI_GUID) EFI_DEVICE_PATH_TO_TEXT_PROTOCOL_GUID, NULL, (void **) &dp_to_text);
- if (err != EFI_SUCCESS)
- return err;
+ if (err != EFI_SUCCESS) {
+ /* If the device path to text protocol is not available we can still do a best-effort attempt
+ * to convert it ourselves if we are given filepath-only device path. */
+
+ size_t size = 0;
+ for (const EFI_DEVICE_PATH *node = dp; !IsDevicePathEnd(node);
+ node = NextDevicePathNode(node)) {
+
+ if (DevicePathType(node) != MEDIA_DEVICE_PATH ||
+ DevicePathSubType(node) != MEDIA_FILEPATH_DP)
+ return err;
+
+ size_t path_size = DevicePathNodeLength(node);
+ if (path_size <= offsetof(FILEPATH_DEVICE_PATH, PathName) || path_size % sizeof(char16_t))
+ return EFI_INVALID_PARAMETER;
+ path_size -= offsetof(FILEPATH_DEVICE_PATH, PathName);
+
+ _cleanup_free_ char16_t *old = str;
+ str = xmalloc(size + path_size);
+ if (old) {
+ memcpy(str, old, size);
+ str[size / sizeof(char16_t) - 1] = '\\';
+ }
+
+ memcpy(str + (size / sizeof(char16_t)),
+ ((uint8_t *) node) + offsetof(FILEPATH_DEVICE_PATH, PathName),
+ path_size);
+ size += path_size;
+ }
+
+ *ret = TAKE_PTR(str);
+ return EFI_SUCCESS;
+ }
- char16_t *str = dp_to_text->ConvertDevicePathToText(dp, false, false);
+ str = dp_to_text->ConvertDevicePathToText(dp, false, false);
if (!str)
return EFI_OUT_OF_RESOURCES;
- *ret = str;
+ *ret = TAKE_PTR(str);
return EFI_SUCCESS;
}

@ -1,46 +0,0 @@
From 19d3bf238c41c756b391fc7e66e5217cde42a896 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 8 Feb 2022 11:52:17 +0100
Subject: [PATCH] coredump: raise the coredump save size on 64bit systems to
32G (and lower it to 1G on 32bit systems)
Apparently 2G is too low for various real-life systems. But raising it
universally above 2^32 sounds wrong to me, since that makes no sense on
32bit systems, that we still support.
Hence, let's raise the limit to 32G on 64bit systems, and *lower* it to
1G on 32bit systems.
32G is 4 orders of magnitude higher then the old settings. Let's hope
that's enough for now. Should this not be enough we can raise it
further.
Fixes: #22076
(cherry picked from commit e677041e7a6988f73de802db6e49d962d432944b)
Related: #2017035
---
src/coredump/coredump.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 6a6e9765d4..fd156370b2 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -48,8 +48,14 @@
#include "uid-alloc-range.h"
#include "user-util.h"
-/* The maximum size up to which we process coredumps */
-#define PROCESS_SIZE_MAX ((uint64_t) (2LLU*1024LLU*1024LLU*1024LLU))
+/* The maximum size up to which we process coredumps. We use 1G on 32bit systems, and 32G on 64bit systems */
+#if __SIZEOF_POINTER__ == 4
+#define PROCESS_SIZE_MAX ((uint64_t) (1LLU*1024LLU*1024LLU*1024LLU))
+#elif __SIZEOF_POINTER__ == 8
+#define PROCESS_SIZE_MAX ((uint64_t) (32LLU*1024LLU*1024LLU*1024LLU))
+#else
+#error "Unexpected pointer size"
+#endif
/* The maximum size up to which we leave the coredump around on disk */
#define EXTERNAL_SIZE_MAX PROCESS_SIZE_MAX

@ -0,0 +1,433 @@
From 519625977d19b7842d9b2ded8be12ed0aecbaefc Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 15 Nov 2022 18:22:38 +0100
Subject: [PATCH] boot: Rework security arch override
This simplifies the caller interface for security arch overrides by only
having to pass a validator and an optional context.
(cherry picked from commit 5489c13bae119dc5f6e65be8d7f241aa7d54c023)
Related: #2138081
---
src/boot/efi/linux.c | 61 ++++++++-------------
src/boot/efi/secure-boot.c | 105 +++++++++++++++++++++++++++++--------
src/boot/efi/secure-boot.h | 28 +++-------
src/boot/efi/shim.c | 104 +++++++++++-------------------------
4 files changed, 146 insertions(+), 152 deletions(-)
diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c
index 75b9507709..dd7eb48c8c 100644
--- a/src/boot/efi/linux.c
+++ b/src/boot/efi/linux.c
@@ -20,35 +20,26 @@
#define STUB_PAYLOAD_GUID \
{ 0x55c5d1f8, 0x04cd, 0x46b5, { 0x8a, 0x20, 0xe5, 0x6c, 0xbb, 0x30, 0x52, 0xd0 } }
-static EFIAPI EFI_STATUS security_hook(
- const SecurityOverride *this, uint32_t authentication_status, const EFI_DEVICE_PATH *file) {
+typedef struct {
+ const void *addr;
+ size_t len;
+ const EFI_DEVICE_PATH *device_path;
+} ValidationContext;
- assert(this);
- assert(this->hook == security_hook);
+static bool validate_payload(
+ const void *ctx, const EFI_DEVICE_PATH *device_path, const void *file_buffer, size_t file_size) {
- if (file == this->payload_device_path)
- return EFI_SUCCESS;
+ const ValidationContext *payload = ASSERT_PTR(ctx);
- return this->original_security->FileAuthenticationState(
- this->original_security, authentication_status, file);
-}
-
-static EFIAPI EFI_STATUS security2_hook(
- const SecurityOverride *this,
- const EFI_DEVICE_PATH *device_path,
- void *file_buffer,
- size_t file_size,
- BOOLEAN boot_policy) {
-
- assert(this);
- assert(this->hook == security2_hook);
+ if (device_path != payload->device_path)
+ return false;
- if (file_buffer == this->payload && file_size == this->payload_len &&
- device_path == this->payload_device_path)
- return EFI_SUCCESS;
+ /* Security arch (1) protocol does not provide a file buffer. Instead we are supposed to fetch the payload
+ * ourselves, which is not needed as we already have everything in memory and the device paths match. */
+ if (file_buffer && (file_buffer != payload->addr || file_size != payload->len))
+ return false;
- return this->original_security2->FileAuthentication(
- this->original_security2, device_path, file_buffer, file_size, boot_policy);
+ return true;
}
static EFI_STATUS load_image(EFI_HANDLE parent, const void *source, size_t len, EFI_HANDLE *ret_image) {
@@ -79,19 +70,13 @@ static EFI_STATUS load_image(EFI_HANDLE parent, const void *source, size_t len,
/* We want to support unsigned kernel images as payload, which is safe to do under secure boot
* because it is embedded in this stub loader (and since it is already running it must be trusted). */
- SecurityOverride security_override = {
- .hook = security_hook,
- .payload = source,
- .payload_len = len,
- .payload_device_path = &payload_device_path.payload.Header,
- }, security2_override = {
- .hook = security2_hook,
- .payload = source,
- .payload_len = len,
- .payload_device_path = &payload_device_path.payload.Header,
- };
-
- install_security_override(&security_override, &security2_override);
+ install_security_override(
+ validate_payload,
+ &(ValidationContext) {
+ .addr = source,
+ .len = len,
+ .device_path = &payload_device_path.payload.Header,
+ });
EFI_STATUS ret = BS->LoadImage(
/*BootPolicy=*/false,
@@ -101,7 +86,7 @@ static EFI_STATUS load_image(EFI_HANDLE parent, const void *source, size_t len,
len,
ret_image);
- uninstall_security_override(&security_override, &security2_override);
+ uninstall_security_override();
return ret;
}
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 171b2c96b3..0e615c55e0 100644
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -127,10 +127,60 @@ out_deallocate:
return err;
}
-static EFI_STATUS install_security_override_one(EFI_GUID guid, SecurityOverride *override) {
+static struct SecurityOverride {
+ /* Our own security arch instances that we register onto original_handle, thereby replacing the
+ * firmware provided instances. */
+ EFI_SECURITY_ARCH_PROTOCOL override;
+ EFI_SECURITY2_ARCH_PROTOCOL override2;
+
+ /* These are saved so we can uninstall our own instance later. */
+ EFI_HANDLE original_handle, original_handle2;
+ EFI_SECURITY_ARCH_PROTOCOL *original_security;
+ EFI_SECURITY2_ARCH_PROTOCOL *original_security2;
+
+ security_validator_t validator;
+ const void *validator_ctx;
+} security_override;
+
+static EFIAPI EFI_STATUS security_hook(
+ const EFI_SECURITY_ARCH_PROTOCOL *this,
+ uint32_t authentication_status,
+ const EFI_DEVICE_PATH *file) {
+
+ assert(security_override.validator);
+ assert(security_override.original_security);
+
+ if (security_override.validator(security_override.validator_ctx, file, NULL, 0))
+ return EFI_SUCCESS;
+
+ return security_override.original_security->FileAuthenticationState(
+ security_override.original_security, authentication_status, file);
+}
+
+static EFIAPI EFI_STATUS security2_hook(
+ const EFI_SECURITY2_ARCH_PROTOCOL *this,
+ const EFI_DEVICE_PATH *device_path,
+ void *file_buffer,
+ size_t file_size,
+ BOOLEAN boot_policy) {
+
+ assert(security_override.validator);
+ assert(security_override.original_security2);
+
+ if (security_override.validator(security_override.validator_ctx, device_path, file_buffer, file_size))
+ return EFI_SUCCESS;
+
+ return security_override.original_security2->FileAuthentication(
+ security_override.original_security2, device_path, file_buffer, file_size, boot_policy);
+}
+
+static EFI_STATUS install_security_override_one(
+ EFI_GUID guid, void *override, EFI_HANDLE *ret_original_handle, void **ret_original_security) {
EFI_STATUS err;
assert(override);
+ assert(ret_original_handle);
+ assert(ret_original_security);
_cleanup_free_ EFI_HANDLE *handles = NULL;
size_t n_handles = 0;
@@ -152,8 +202,8 @@ static EFI_STATUS install_security_override_one(EFI_GUID guid, SecurityOverride
if (err != EFI_SUCCESS)
return log_error_status_stall(err, u"Error overriding security arch protocol: %r", err);
- override->original = security;
- override->original_handle = handles[0];
+ *ret_original_security = security;
+ *ret_original_handle = handles[0];
return EFI_SUCCESS;
}
@@ -161,35 +211,46 @@ static EFI_STATUS install_security_override_one(EFI_GUID guid, SecurityOverride
* Specification) with the provided override instances. If not running in secure boot or the protocols are
* not available nothing happens. The override instances are provided with the necessary info to undo this
* in uninstall_security_override(). */
-void install_security_override(SecurityOverride *override, SecurityOverride *override2) {
- assert(override);
- assert(override2);
+void install_security_override(security_validator_t validator, const void *validator_ctx) {
+ assert(validator);
if (!secure_boot_enabled())
return;
- (void) install_security_override_one((EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID, override);
- (void) install_security_override_one((EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID, override2);
-}
+ security_override = (struct SecurityOverride) {
+ { .FileAuthenticationState = security_hook, },
+ { .FileAuthentication = security2_hook, },
+ .validator = validator,
+ .validator_ctx = validator_ctx,
+ };
-void uninstall_security_override(SecurityOverride *override, SecurityOverride *override2) {
- assert(override);
- assert(override2);
+ (void) install_security_override_one(
+ (EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID,
+ &security_override.override,
+ &security_override.original_handle,
+ (void **) &security_override.original_security);
+ (void) install_security_override_one(
+ (EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID,
+ &security_override.override2,
+ &security_override.original_handle2,
+ (void **) &security_override.original_security2);
+}
+void uninstall_security_override(void) {
/* We use assert_se here to guarantee the system is not in a weird state in the unlikely case of an
* error restoring the original protocols. */
- if (override->original_handle)
+ if (security_override.original_handle)
assert_se(BS->ReinstallProtocolInterface(
- override->original_handle,
- &(EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID,
- override,
- override->original) == EFI_SUCCESS);
+ security_override.original_handle,
+ &(EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID,
+ &security_override.override,
+ security_override.original_security) == EFI_SUCCESS);
- if (override2->original_handle)
+ if (security_override.original_handle2)
assert_se(BS->ReinstallProtocolInterface(
- override2->original_handle,
- &(EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID,
- override2,
- override2->original) == EFI_SUCCESS);
+ security_override.original_handle2,
+ &(EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID,
+ &security_override.override2,
+ security_override.original_security2) == EFI_SUCCESS);
}
diff --git a/src/boot/efi/secure-boot.h b/src/boot/efi/secure-boot.h
index 91b6770edb..e98de81c2a 100644
--- a/src/boot/efi/secure-boot.h
+++ b/src/boot/efi/secure-boot.h
@@ -17,23 +17,11 @@ SecureBootMode secure_boot_mode(void);
EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path);
-typedef struct {
- void *hook;
-
- /* End of EFI_SECURITY_ARCH(2)_PROTOCOL. The rest is our own protocol instance data. */
-
- EFI_HANDLE original_handle;
- union {
- void *original;
- EFI_SECURITY_ARCH_PROTOCOL *original_security;
- EFI_SECURITY2_ARCH_PROTOCOL *original_security2;
- };
-
- /* Used by the stub to identify the embedded image. */
- const void *payload;
- size_t payload_len;
- const EFI_DEVICE_PATH *payload_device_path;
-} SecurityOverride;
-
-void install_security_override(SecurityOverride *override, SecurityOverride *override2);
-void uninstall_security_override(SecurityOverride *override, SecurityOverride *override2);
+typedef bool (*security_validator_t)(
+ const void *ctx,
+ const EFI_DEVICE_PATH *device_path,
+ const void *file_buffer,
+ size_t file_size);
+
+void install_security_override(security_validator_t validator, const void *validator_ctx);
+void uninstall_security_override(void);
diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c
index 3ae058cb84..ac224336bc 100644
--- a/src/boot/efi/shim.c
+++ b/src/boot/efi/shim.c
@@ -23,7 +23,7 @@
#endif
struct ShimLock {
- EFI_STATUS __sysv_abi__ (*shim_verify) (void *buffer, uint32_t size);
+ EFI_STATUS __sysv_abi__ (*shim_verify) (const void *buffer, uint32_t size);
/* context is actually a struct for the PE header, but it isn't needed so void is sufficient just do define the interface
* see shim.c/shim.h and PeHeader.h in the github shim repo */
@@ -41,79 +41,45 @@ bool shim_loaded(void) {
return BS->LocateProtocol((EFI_GUID*) SHIM_LOCK_GUID, NULL, (void**) &shim_lock) == EFI_SUCCESS;
}
-static bool shim_validate(void *data, uint32_t size) {
- struct ShimLock *shim_lock;
-
- if (!data)
- return false;
-
- if (BS->LocateProtocol((EFI_GUID*) SHIM_LOCK_GUID, NULL, (void**) &shim_lock) != EFI_SUCCESS)
- return false;
-
- if (!shim_lock)
- return false;
-
- return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
-}
-
-static EFIAPI EFI_STATUS security2_hook(
- const SecurityOverride *this,
- const EFI_DEVICE_PATH *device_path,
- void *file_buffer,
- UINTN file_size,
- BOOLEAN boot_policy) {
-
- assert(this);
- assert(this->hook == security2_hook);
-
- if (shim_validate(file_buffer, file_size))
- return EFI_SUCCESS;
-
- return this->original_security2->FileAuthentication(
- this->original_security2, device_path, file_buffer, file_size, boot_policy);
-}
-
-static EFIAPI EFI_STATUS security_hook(
- const SecurityOverride *this,
- uint32_t authentication_status,
- const EFI_DEVICE_PATH *device_path) {
+static bool shim_validate(
+ const void *ctx, const EFI_DEVICE_PATH *device_path, const void *file_buffer, size_t file_size) {
EFI_STATUS err;
+ _cleanup_free_ char *file_buffer_owned = NULL;
- assert(this);
- assert(this->hook == security_hook);
+ if (!file_buffer) {
+ if (!device_path)
+ return false;
- if (!device_path)
- return this->original_security->FileAuthenticationState(
- this->original_security, authentication_status, device_path);
+ EFI_HANDLE device_handle;
+ EFI_DEVICE_PATH *file_dp = (EFI_DEVICE_PATH *) device_path;
+ err = BS->LocateDevicePath(&FileSystemProtocol, &file_dp, &device_handle);
+ if (err != EFI_SUCCESS)
+ return false;
- EFI_HANDLE device_handle;
- EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *) device_path;
- err = BS->LocateDevicePath(&FileSystemProtocol, &dp, &device_handle);
- if (err != EFI_SUCCESS)
- return err;
+ _cleanup_(file_closep) EFI_FILE *root = NULL;
+ err = open_volume(device_handle, &root);
+ if (err != EFI_SUCCESS)
+ return false;
- _cleanup_(file_closep) EFI_FILE *root = NULL;
- err = open_volume(device_handle, &root);
- if (err != EFI_SUCCESS)
- return err;
+ _cleanup_free_ char16_t *dp_str = NULL;
+ err = device_path_to_str(file_dp, &dp_str);
+ if (err != EFI_SUCCESS)
+ return false;
- _cleanup_free_ char16_t *dp_str = NULL;
- err = device_path_to_str(dp, &dp_str);
- if (err != EFI_SUCCESS)
- return err;
+ err = file_read(root, dp_str, 0, 0, &file_buffer_owned, &file_size);
+ if (err != EFI_SUCCESS)
+ return false;
- char *file_buffer;
- size_t file_size;
- err = file_read(root, dp_str, 0, 0, &file_buffer, &file_size);
- if (err != EFI_SUCCESS)
- return err;
+ file_buffer = file_buffer_owned;
+ }
- if (shim_validate(file_buffer, file_size))
- return EFI_SUCCESS;
+ struct ShimLock *shim_lock;
+ err = BS->LocateProtocol((EFI_GUID *) SHIM_LOCK_GUID, NULL, (void **) &shim_lock);
+ if (err != EFI_SUCCESS)
+ return false;
- return this->original_security->FileAuthenticationState(
- this->original_security, authentication_status, device_path);
+ return shim_lock->shim_verify(file_buffer, file_size) == EFI_SUCCESS;
}
EFI_STATUS shim_load_image(EFI_HANDLE parent, const EFI_DEVICE_PATH *device_path, EFI_HANDLE *ret_image) {
@@ -122,20 +88,14 @@ EFI_STATUS shim_load_image(EFI_HANDLE parent, const EFI_DEVICE_PATH *device_path
bool have_shim = shim_loaded();
- SecurityOverride security_override = {
- .hook = security_hook,
- }, security2_override = {
- .hook = security2_hook,
- };
-
if (have_shim)
- install_security_override(&security_override, &security2_override);
+ install_security_override(shim_validate, NULL);
EFI_STATUS ret = BS->LoadImage(
/*BootPolicy=*/false, parent, (EFI_DEVICE_PATH *) device_path, NULL, 0, ret_image);
if (have_shim)
- uninstall_security_override(&security_override, &security2_override);
+ uninstall_security_override();
return ret;
}

@ -1,644 +0,0 @@
From 389cc9af2087aa5369ac6bf0124d14877d541966 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 4 Feb 2022 17:39:44 +0100
Subject: [PATCH] repart: fix sector size handling
This queries the sector size from libfdisk instead of assuming 512, and
uses that when converting from bytes to the offset/size values libfdisk
expects.
This is an alternative to Tom Yan's #21823, but prefers using libfdisk's
own ideas of the sector size instead of going directly to the backing
device via ioctls. (libfdisk can after all also operate on regular
files, where the sector size concept doesn't necessarily apply the same
way.)
This also makes the "grain" variable, i.e. how we'll align the
partitions. Previously this was hardcoded to 4K, and that still will be
the minimum grain we use, but should the sector size be larger than that
we'll use the next multiple of the sector size instead.
(cherry picked from commit 994b303123ebe6a140bf3e56c66aa66119ae7d95)
Related: #2017035
---
src/partition/repart.c | 212 +++++++++++++++++++++++++----------------
1 file changed, 132 insertions(+), 80 deletions(-)
diff --git a/src/partition/repart.c b/src/partition/repart.c
index d08f47f2c4..0862a37a8d 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -195,6 +195,8 @@ struct Context {
uint64_t start, end, total;
struct fdisk_context *fdisk_context;
+ uint64_t sector_size;
+ uint64_t grain_size;
sd_id128_t seed;
};
@@ -407,9 +409,12 @@ static bool context_drop_one_priority(Context *context) {
return true;
}
-static uint64_t partition_min_size(const Partition *p) {
+static uint64_t partition_min_size(Context *context, const Partition *p) {
uint64_t sz;
+ assert(context);
+ assert(p);
+
/* Calculate the disk space we really need at minimum for this partition. If the partition already
* exists the current size is what we really need. If it doesn't exist yet refuse to allocate less
* than 4K.
@@ -428,50 +433,60 @@ static uint64_t partition_min_size(const Partition *p) {
uint64_t d = 0;
if (p->encrypt != ENCRYPT_OFF)
- d += round_up_size(LUKS2_METADATA_SIZE, 4096);
+ d += round_up_size(LUKS2_METADATA_SIZE, context->grain_size);
if (p->copy_blocks_size != UINT64_MAX)
- d += round_up_size(p->copy_blocks_size, 4096);
+ d += round_up_size(p->copy_blocks_size, context->grain_size);
else if (p->format || p->encrypt != ENCRYPT_OFF) {
uint64_t f;
/* If we shall synthesize a file system, take minimal fs size into account (assumed to be 4K if not known) */
- f = p->format ? minimal_size_by_fs_name(p->format) : UINT64_MAX;
- d += f == UINT64_MAX ? 4096 : f;
+ f = p->format ? round_up_size(minimal_size_by_fs_name(p->format), context->grain_size) : UINT64_MAX;
+ d += f == UINT64_MAX ? context->grain_size : f;
}
if (d > sz)
sz = d;
}
- return MAX(p->size_min != UINT64_MAX ? p->size_min : DEFAULT_MIN_SIZE, sz);
+ return MAX(round_up_size(p->size_min != UINT64_MAX ? p->size_min : DEFAULT_MIN_SIZE, context->grain_size), sz);
}
-static uint64_t partition_max_size(const Partition *p) {
+static uint64_t partition_max_size(const Context *context, const Partition *p) {
+ uint64_t sm;
+
/* Calculate how large the partition may become at max. This is generally the configured maximum
* size, except when it already exists and is larger than that. In that case it's the existing size,
* since we never want to shrink partitions. */
+ assert(context);
+ assert(p);
+
if (PARTITION_IS_FOREIGN(p)) {
/* Don't allow changing size of partitions not managed by us */
assert(p->current_size != UINT64_MAX);
return p->current_size;
}
+ sm = round_down_size(p->size_max, context->grain_size);
+
if (p->current_size != UINT64_MAX)
- return MAX(p->current_size, p->size_max);
+ return MAX(p->current_size, sm);
- return p->size_max;
+ return sm;
}
-static uint64_t partition_min_size_with_padding(const Partition *p) {
+static uint64_t partition_min_size_with_padding(Context *context, const Partition *p) {
uint64_t sz;
/* Calculate the disk space we need for this partition plus any free space coming after it. This
* takes user configured padding into account as well as any additional whitespace needed to align
* the next partition to 4K again. */
- sz = partition_min_size(p);
+ assert(context);
+ assert(p);
+
+ sz = partition_min_size(context, p);
if (p->padding_min != UINT64_MAX)
sz += p->padding_min;
@@ -479,11 +494,11 @@ static uint64_t partition_min_size_with_padding(const Partition *p) {
if (PARTITION_EXISTS(p)) {
/* If the partition wasn't aligned, add extra space so that any we might add will be aligned */
assert(p->offset != UINT64_MAX);
- return round_up_size(p->offset + sz, 4096) - p->offset;
+ return round_up_size(p->offset + sz, context->grain_size) - p->offset;
}
/* If this is a new partition we'll place it aligned, hence we just need to round up the required size here */
- return round_up_size(sz, 4096);
+ return round_up_size(sz, context->grain_size);
}
static uint64_t free_area_available(const FreeArea *a) {
@@ -495,9 +510,12 @@ static uint64_t free_area_available(const FreeArea *a) {
return a->size - a->allocated;
}
-static uint64_t free_area_available_for_new_partitions(const FreeArea *a) {
+static uint64_t free_area_available_for_new_partitions(Context *context, const FreeArea *a) {
uint64_t avail;
+ assert(context);
+ assert(a);
+
/* Similar to free_area_available(), but takes into account that the required size and padding of the
* preceding partition is honoured. */
@@ -505,16 +523,16 @@ static uint64_t free_area_available_for_new_partitions(const FreeArea *a) {
if (a->after) {
uint64_t need, space_end, new_end;
- need = partition_min_size_with_padding(a->after);
+ need = partition_min_size_with_padding(context, a->after);
assert(a->after->offset != UINT64_MAX);
assert(a->after->current_size != UINT64_MAX);
/* Calculate where the free area ends, based on the offset of the partition preceding it */
- space_end = round_up_size(a->after->offset + a->after->current_size, 4096) + avail;
+ space_end = round_up_size(a->after->offset + a->after->current_size, context->grain_size) + avail;
/* Calculate where the partition would end when we give it as much as it needs */
- new_end = round_up_size(a->after->offset + need, 4096);
+ new_end = round_up_size(a->after->offset + need, context->grain_size);
/* Calculate saturated difference of the two: that's how much we have free for other partitions */
return LESS_BY(space_end, new_end);
@@ -523,15 +541,18 @@ static uint64_t free_area_available_for_new_partitions(const FreeArea *a) {
return avail;
}
-static int free_area_compare(FreeArea *const *a, FreeArea *const*b) {
- return CMP(free_area_available_for_new_partitions(*a),
- free_area_available_for_new_partitions(*b));
+static int free_area_compare(FreeArea *const *a, FreeArea *const*b, Context *context) {
+ assert(context);
+
+ return CMP(free_area_available_for_new_partitions(context, *a),
+ free_area_available_for_new_partitions(context, *b));
}
-static uint64_t charge_size(uint64_t total, uint64_t amount) {
+static uint64_t charge_size(Context *context, uint64_t total, uint64_t amount) {
+ assert(context);
/* Subtract the specified amount from total, rounding up to multiple of 4K if there's room */
assert(amount <= total);
- return LESS_BY(total, round_up_size(amount, 4096));
+ return LESS_BY(total, round_up_size(amount, context->grain_size));
}
static uint64_t charge_weight(uint64_t total, uint64_t amount) {
@@ -545,14 +566,14 @@ static bool context_allocate_partitions(Context *context, uint64_t *ret_largest_
assert(context);
/* Sort free areas by size, putting smallest first */
- typesafe_qsort(context->free_areas, context->n_free_areas, free_area_compare);
+ typesafe_qsort_r(context->free_areas, context->n_free_areas, free_area_compare, context);
/* In any case return size of the largest free area (i.e. not the size of all free areas
* combined!) */
if (ret_largest_free_area)
*ret_largest_free_area =
context->n_free_areas == 0 ? 0 :
- free_area_available_for_new_partitions(context->free_areas[context->n_free_areas-1]);
+ free_area_available_for_new_partitions(context, context->free_areas[context->n_free_areas-1]);
/* A simple first-fit algorithm. We return true if we can fit the partitions in, otherwise false. */
LIST_FOREACH(partitions, p, context->partitions) {
@@ -565,13 +586,13 @@ static bool context_allocate_partitions(Context *context, uint64_t *ret_largest_
continue;
/* How much do we need to fit? */
- required = partition_min_size_with_padding(p);
- assert(required % 4096 == 0);
+ required = partition_min_size_with_padding(context, p);
+ assert(required % context->grain_size == 0);
for (size_t i = 0; i < context->n_free_areas; i++) {
a = context->free_areas[i];
- if (free_area_available_for_new_partitions(a) >= required) {
+ if (free_area_available_for_new_partitions(context, a) >= required) {
fits = true;
break;
}
@@ -683,8 +704,8 @@ static int context_grow_partitions_phase(
if (r < 0)
return r;
- rsz = partition_min_size(p);
- xsz = partition_max_size(p);
+ rsz = partition_min_size(context, p);
+ xsz = partition_max_size(context, p);
if (phase == PHASE_OVERCHARGE && rsz > share) {
/* This partition needs more than its calculated share. Let's assign
@@ -712,13 +733,13 @@ static int context_grow_partitions_phase(
/* Never change of foreign partitions (i.e. those we don't manage) */
p->new_size = p->current_size;
else
- p->new_size = MAX(round_down_size(share, 4096), rsz);
+ p->new_size = MAX(round_down_size(share, context->grain_size), rsz);
charge = true;
}
if (charge) {
- *span = charge_size(*span, p->new_size);
+ *span = charge_size(context, *span, p->new_size);
*weight_sum = charge_weight(*weight_sum, p->weight);
}
@@ -742,7 +763,7 @@ static int context_grow_partitions_phase(
charge = try_again = true;
} else if (phase == PHASE_DISTRIBUTE) {
- p->new_padding = round_down_size(share, 4096);
+ p->new_padding = round_down_size(share, context->grain_size);
if (p->padding_min != UINT64_MAX && p->new_padding < p->padding_min)
p->new_padding = p->padding_min;
@@ -750,7 +771,7 @@ static int context_grow_partitions_phase(
}
if (charge) {
- *span = charge_size(*span, p->new_padding);
+ *span = charge_size(context, *span, p->new_padding);
*weight_sum = charge_weight(*weight_sum, p->padding_weight);
}
@@ -779,7 +800,7 @@ static int context_grow_partitions_on_free_area(Context *context, FreeArea *a) {
assert(a->after->offset != UINT64_MAX);
assert(a->after->current_size != UINT64_MAX);
- span += round_up_size(a->after->offset + a->after->current_size, 4096) - a->after->offset;
+ span += round_up_size(a->after->offset + a->after->current_size, context->grain_size) - a->after->offset;
}
for (GrowPartitionPhase phase = 0; phase < _GROW_PARTITION_PHASE_MAX;) {
@@ -799,13 +820,13 @@ static int context_grow_partitions_on_free_area(Context *context, FreeArea *a) {
assert(a->after->new_size != UINT64_MAX);
/* Calculate new size and align (but ensure this doesn't shrink the size) */
- m = MAX(a->after->new_size, round_down_size(a->after->new_size + span, 4096));
+ m = MAX(a->after->new_size, round_down_size(a->after->new_size + span, context->grain_size));
- xsz = partition_max_size(a->after);
+ xsz = partition_max_size(context, a->after);
if (xsz != UINT64_MAX && m > xsz)
m = xsz;
- span = charge_size(span, m - a->after->new_size);
+ span = charge_size(context, span, m - a->after->new_size);
a->after->new_size = m;
}
@@ -824,13 +845,13 @@ static int context_grow_partitions_on_free_area(Context *context, FreeArea *a) {
continue;
assert(p->new_size != UINT64_MAX);
- m = MAX(p->new_size, round_down_size(p->new_size + span, 4096));
+ m = MAX(p->new_size, round_down_size(p->new_size + span, context->grain_size));
- xsz = partition_max_size(p);
+ xsz = partition_max_size(context, p);
if (xsz != UINT64_MAX && m > xsz)
m = xsz;
- span = charge_size(span, m - p->new_size);
+ span = charge_size(context, span, m - p->new_size);
p->new_size = m;
if (span == 0)
@@ -910,7 +931,7 @@ static void context_place_partitions(Context *context) {
} else
start = context->start;
- start = round_up_size(start, 4096);
+ start = round_up_size(start, context->grain_size);
left = a->size;
LIST_FOREACH(partitions, p, context->partitions) {
@@ -1422,6 +1443,8 @@ static int determine_current_padding(
struct fdisk_context *c,
struct fdisk_table *t,
struct fdisk_partition *p,
+ uint64_t secsz,
+ uint64_t grainsz,
uint64_t *ret) {
size_t n_partitions;
@@ -1435,8 +1458,8 @@ static int determine_current_padding(
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Partition has no end!");
offset = fdisk_partition_get_end(p);
- assert(offset < UINT64_MAX / 512);
- offset *= 512;
+ assert(offset < UINT64_MAX / secsz);
+ offset *= secsz;
n_partitions = fdisk_table_get_nents(t);
for (size_t i = 0; i < n_partitions; i++) {
@@ -1454,8 +1477,8 @@ static int determine_current_padding(
continue;
start = fdisk_partition_get_start(q);
- assert(start < UINT64_MAX / 512);
- start *= 512;
+ assert(start < UINT64_MAX / secsz);
+ start *= secsz;
if (start >= offset && (next == UINT64_MAX || next > start))
next = start;
@@ -1467,16 +1490,16 @@ static int determine_current_padding(
assert(next < UINT64_MAX);
next++; /* The last LBA is one sector before the end */
- assert(next < UINT64_MAX / 512);
- next *= 512;
+ assert(next < UINT64_MAX / secsz);
+ next *= secsz;
if (offset > next)
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Partition end beyond disk end.");
}
assert(next >= offset);
- offset = round_up_size(offset, 4096);
- next = round_down_size(next, 4096);
+ offset = round_up_size(offset, grainsz);
+ next = round_down_size(next, grainsz);
*ret = LESS_BY(next, offset); /* Saturated subtraction, rounding might have fucked things up */
return 0;
@@ -1549,6 +1572,8 @@ static int context_load_partition_table(
bool from_scratch = false;
sd_id128_t disk_uuid;
size_t n_partitions;
+ unsigned long secsz;
+ uint64_t grainsz;
int r;
assert(context);
@@ -1583,8 +1608,12 @@ static int context_load_partition_table(
if (r < 0)
return log_error_errno(errno, "Failed to stat block device '%s': %m", node);
- if (S_ISREG(st.st_mode) && st.st_size == 0)
+ if (S_ISREG(st.st_mode) && st.st_size == 0) {
+ /* User the fallback values if we have no better idea */
+ context->sector_size = 512;
+ context->grain_size = 4096;
return /* from_scratch = */ true;
+ }
r = -EINVAL;
}
@@ -1602,6 +1631,23 @@ static int context_load_partition_table(
if (flock(fdisk_get_devfd(c), arg_dry_run ? LOCK_SH : LOCK_EX) < 0)
return log_error_errno(errno, "Failed to lock block device: %m");
+ /* The offsets/sizes libfdisk returns to us will be in multiple of the sector size of the
+ * device. This is typically 512, and sometimes 4096. Let's query libfdisk once for it, and then use
+ * it for all our needs. Note that the values we use ourselves always are in bytes though, thus mean
+ * the same thing universally. Also note that regardless what kind of sector size is in use we'll
+ * place partitions at multiples of 4K. */
+ secsz = fdisk_get_sector_size(c);
+
+ /* Insist on a power of two, and that it's a multiple of 512, i.e. the traditional sector size. */
+ if (secsz < 512 || secsz != 1UL << log2u64(secsz))
+ return log_error_errno(errno, "Sector size %lu is not a power of two larger than 512? Refusing.", secsz);
+
+ /* Use at least 4K, and ensure it's a multiple of the sector size, regardless if that is smaller or
+ * larger */
+ grainsz = secsz < 4096 ? 4096 : secsz;
+
+ log_debug("Sector size of device is %lu bytes. Using grain size of %" PRIu64 ".", secsz, grainsz);
+
switch (arg_empty) {
case EMPTY_REFUSE:
@@ -1732,12 +1778,12 @@ static int context_load_partition_table(
}
sz = fdisk_partition_get_size(p);
- assert_se(sz <= UINT64_MAX/512);
- sz *= 512;
+ assert_se(sz <= UINT64_MAX/secsz);
+ sz *= secsz;
start = fdisk_partition_get_start(p);
- assert_se(start <= UINT64_MAX/512);
- start *= 512;
+ assert_se(start <= UINT64_MAX/secsz);
+ start *= secsz;
partno = fdisk_partition_get_partno(p);
@@ -1762,7 +1808,7 @@ static int context_load_partition_table(
pp->current_partition = p;
fdisk_ref_partition(p);
- r = determine_current_padding(c, t, p, &pp->current_padding);
+ r = determine_current_padding(c, t, p, secsz, grainsz, &pp->current_padding);
if (r < 0)
return r;
@@ -1795,7 +1841,7 @@ static int context_load_partition_table(
np->current_partition = p;
fdisk_ref_partition(p);
- r = determine_current_padding(c, t, p, &np->current_padding);
+ r = determine_current_padding(c, t, p, secsz, grainsz, &np->current_padding);
if (r < 0)
return r;
@@ -1812,26 +1858,26 @@ static int context_load_partition_table(
add_initial_free_area:
nsectors = fdisk_get_nsectors(c);
- assert(nsectors <= UINT64_MAX/512);
- nsectors *= 512;
+ assert(nsectors <= UINT64_MAX/secsz);
+ nsectors *= secsz;
first_lba = fdisk_get_first_lba(c);
- assert(first_lba <= UINT64_MAX/512);
- first_lba *= 512;
+ assert(first_lba <= UINT64_MAX/secsz);
+ first_lba *= secsz;
last_lba = fdisk_get_last_lba(c);
assert(last_lba < UINT64_MAX);
last_lba++;
- assert(last_lba <= UINT64_MAX/512);
- last_lba *= 512;
+ assert(last_lba <= UINT64_MAX/secsz);
+ last_lba *= secsz;
assert(last_lba >= first_lba);
if (left_boundary == UINT64_MAX) {
/* No partitions at all? Then the whole disk is up for grabs. */
- first_lba = round_up_size(first_lba, 4096);
- last_lba = round_down_size(last_lba, 4096);
+ first_lba = round_up_size(first_lba, grainsz);
+ last_lba = round_down_size(last_lba, grainsz);
if (last_lba > first_lba) {
r = context_add_free_area(context, last_lba - first_lba, NULL);
@@ -1842,9 +1888,9 @@ add_initial_free_area:
/* Add space left of first partition */
assert(left_boundary >= first_lba);
- first_lba = round_up_size(first_lba, 4096);
- left_boundary = round_down_size(left_boundary, 4096);
- last_lba = round_down_size(last_lba, 4096);
+ first_lba = round_up_size(first_lba, grainsz);
+ left_boundary = round_down_size(left_boundary, grainsz);
+ last_lba = round_down_size(last_lba, grainsz);
if (left_boundary > first_lba) {
r = context_add_free_area(context, left_boundary - first_lba, NULL);
@@ -1856,6 +1902,8 @@ add_initial_free_area:
context->start = first_lba;
context->end = last_lba;
context->total = nsectors;
+ context->sector_size = secsz;
+ context->grain_size = grainsz;
context->fdisk_context = TAKE_PTR(c);
return from_scratch;
@@ -2360,7 +2408,7 @@ static int context_discard_range(
if (S_ISBLK(st.st_mode)) {
uint64_t range[2], end;
- range[0] = round_up_size(offset, 512);
+ range[0] = round_up_size(offset, context->sector_size);
if (offset > UINT64_MAX - size)
return -ERANGE;
@@ -2369,7 +2417,7 @@ static int context_discard_range(
if (end <= range[0])
return 0;
- range[1] = round_down_size(end - range[0], 512);
+ range[1] = round_down_size(end - range[0], context->sector_size);
if (range[1] <= 0)
return 0;
@@ -2519,6 +2567,7 @@ static int context_wipe_and_discard(Context *context, bool from_scratch) {
}
static int partition_encrypt(
+ Context *context,
Partition *p,
const char *node,
struct crypt_device **ret_cd,
@@ -2532,6 +2581,7 @@ static int partition_encrypt(
sd_id128_t uuid;
int r;
+ assert(context);
assert(p);
assert(p->encrypt != ENCRYPT_OFF);
@@ -2579,7 +2629,7 @@ static int partition_encrypt(
volume_key_size,
&(struct crypt_params_luks2) {
.label = strempty(p->new_label),
- .sector_size = 512U,
+ .sector_size = context->sector_size,
});
if (r < 0)
return log_error_errno(r, "Failed to LUKS2 format future partition: %m");
@@ -2735,7 +2785,7 @@ static int context_copy_blocks(Context *context) {
if (r < 0)
return log_error_errno(r, "Failed to lock loopback device: %m");
- r = partition_encrypt(p, d->node, &cd, &encrypted, &encrypted_dev_fd);
+ r = partition_encrypt(context, p, d->node, &cd, &encrypted, &encrypted_dev_fd);
if (r < 0)
return log_error_errno(r, "Failed to encrypt device: %m");
@@ -2988,7 +3038,7 @@ static int context_mkfs(Context *context) {
return log_error_errno(r, "Failed to lock loopback device: %m");
if (p->encrypt != ENCRYPT_OFF) {
- r = partition_encrypt(p, d->node, &cd, &encrypted, &encrypted_dev_fd);
+ r = partition_encrypt(context, p, d->node, &cd, &encrypted, &encrypted_dev_fd);
if (r < 0)
return log_error_errno(r, "Failed to encrypt device: %m");
@@ -3307,13 +3357,13 @@ static int context_mangle_partitions(Context *context) {
if (p->new_size != p->current_size) {
assert(p->new_size >= p->current_size);
- assert(p->new_size % 512 == 0);
+ assert(p->new_size % context->sector_size == 0);
r = fdisk_partition_size_explicit(p->current_partition, true);
if (r < 0)
return log_error_errno(r, "Failed to enable explicit sizing: %m");
- r = fdisk_partition_set_size(p->current_partition, p->new_size / 512);
+ r = fdisk_partition_set_size(p->current_partition, p->new_size / context->sector_size);
if (r < 0)
return log_error_errno(r, "Failed to grow partition: %m");
@@ -3353,8 +3403,8 @@ static int context_mangle_partitions(Context *context) {
_cleanup_(fdisk_unref_parttypep) struct fdisk_parttype *t = NULL;
assert(!p->new_partition);
- assert(p->offset % 512 == 0);
- assert(p->new_size % 512 == 0);
+ assert(p->offset % context->sector_size == 0);
+ assert(p->new_size % context->sector_size == 0);
assert(!sd_id128_is_null(p->new_uuid));
assert(p->new_label);
@@ -3378,11 +3428,11 @@ static int context_mangle_partitions(Context *context) {
if (r < 0)
return log_error_errno(r, "Failed to enable explicit sizing: %m");
- r = fdisk_partition_set_start(q, p->offset / 512);
+ r = fdisk_partition_set_start(q, p->offset / context->sector_size);
if (r < 0)
return log_error_errno(r, "Failed to position partition: %m");
- r = fdisk_partition_set_size(q, p->new_size / 512);
+ r = fdisk_partition_set_size(q, p->new_size / context->sector_size);
if (r < 0)
return log_error_errno(r, "Failed to grow partition: %m");
@@ -4746,18 +4796,20 @@ done:
}
static int determine_auto_size(Context *c) {
- uint64_t sum = round_up_size(GPT_METADATA_SIZE, 4096);
+ uint64_t sum;
Partition *p;
assert_se(c);
+ sum = round_up_size(GPT_METADATA_SIZE, 4096);
+
LIST_FOREACH(partitions, p, c->partitions) {
uint64_t m;
if (p->dropped)
continue;
- m = partition_min_size_with_padding(p);
+ m = partition_min_size_with_padding(c, p);
if (m > UINT64_MAX - sum)
return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Image would grow too large, refusing.");

@ -0,0 +1,185 @@
From 8d0b70887a09b9d4a8b669620579d3b6780f0755 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 15 Nov 2022 18:53:02 +0100
Subject: [PATCH] boot: Replace firmware security hooks directly
For some firmware, replacing their own security arch instance with our
override using ReinstallProtocolInterface() is not enough as they will
not use it. This commit goes back to how this was done before by
directly modifying the security protocols.
Fixes: #25336
(cherry picked from commit 967a868563996e928f1fade5bcafc82a7219742b)
Related: #2138081
---
src/boot/efi/secure-boot.c | 119 +++++++++++++------------------------
1 file changed, 40 insertions(+), 79 deletions(-)
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 0e615c55e0..65457bf423 100644
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -128,15 +128,10 @@ out_deallocate:
}
static struct SecurityOverride {
- /* Our own security arch instances that we register onto original_handle, thereby replacing the
- * firmware provided instances. */
- EFI_SECURITY_ARCH_PROTOCOL override;
- EFI_SECURITY2_ARCH_PROTOCOL override2;
-
- /* These are saved so we can uninstall our own instance later. */
- EFI_HANDLE original_handle, original_handle2;
- EFI_SECURITY_ARCH_PROTOCOL *original_security;
- EFI_SECURITY2_ARCH_PROTOCOL *original_security2;
+ EFI_SECURITY_ARCH_PROTOCOL *security;
+ EFI_SECURITY2_ARCH_PROTOCOL *security2;
+ EFI_SECURITY_FILE_AUTHENTICATION_STATE original_hook;
+ EFI_SECURITY2_FILE_AUTHENTICATION original_hook2;
security_validator_t validator;
const void *validator_ctx;
@@ -148,13 +143,13 @@ static EFIAPI EFI_STATUS security_hook(
const EFI_DEVICE_PATH *file) {
assert(security_override.validator);
- assert(security_override.original_security);
+ assert(security_override.security);
+ assert(security_override.original_hook);
if (security_override.validator(security_override.validator_ctx, file, NULL, 0))
return EFI_SUCCESS;
- return security_override.original_security->FileAuthenticationState(
- security_override.original_security, authentication_status, file);
+ return security_override.original_hook(security_override.security, authentication_status, file);
}
static EFIAPI EFI_STATUS security2_hook(
@@ -165,92 +160,58 @@ static EFIAPI EFI_STATUS security2_hook(
BOOLEAN boot_policy) {
assert(security_override.validator);
- assert(security_override.original_security2);
+ assert(security_override.security2);
+ assert(security_override.original_hook2);
if (security_override.validator(security_override.validator_ctx, device_path, file_buffer, file_size))
return EFI_SUCCESS;
- return security_override.original_security2->FileAuthentication(
- security_override.original_security2, device_path, file_buffer, file_size, boot_policy);
+ return security_override.original_hook2(
+ security_override.security2, device_path, file_buffer, file_size, boot_policy);
}
-static EFI_STATUS install_security_override_one(
- EFI_GUID guid, void *override, EFI_HANDLE *ret_original_handle, void **ret_original_security) {
+/* This replaces the platform provided security arch protocols hooks (defined in the UEFI Platform
+ * Initialization Specification) with our own that uses the given validator to decide if a image is to be
+ * trusted. If not running in secure boot or the protocols are not available nothing happens. The override
+ * must be removed with uninstall_security_override() after LoadImage() has been called.
+ *
+ * This is a hack as we do not own the security protocol instances and modifying them is not an official part
+ * of their spec. But there is little else we can do to circumvent secure boot short of implementing our own
+ * PE loader. We could replace the firmware instances with our own instance using
+ * ReinstallProtocolInterface(), but some firmware will still use the old ones. */
+void install_security_override(security_validator_t validator, const void *validator_ctx) {
EFI_STATUS err;
- assert(override);
- assert(ret_original_handle);
- assert(ret_original_security);
-
- _cleanup_free_ EFI_HANDLE *handles = NULL;
- size_t n_handles = 0;
-
- err = BS->LocateHandleBuffer(ByProtocol, &guid, NULL, &n_handles, &handles);
- if (err != EFI_SUCCESS)
- /* No security arch protocol around? */
- return err;
-
- /* There should only ever be one security arch protocol instance, but let's be paranoid here. */
- assert(n_handles == 1);
-
- void *security = NULL;
- err = BS->LocateProtocol(&guid, NULL, &security);
- if (err != EFI_SUCCESS)
- return log_error_status_stall(err, u"Error getting security arch protocol: %r", err);
-
- err = BS->ReinstallProtocolInterface(handles[0], &guid, security, override);
- if (err != EFI_SUCCESS)
- return log_error_status_stall(err, u"Error overriding security arch protocol: %r", err);
-
- *ret_original_security = security;
- *ret_original_handle = handles[0];
- return EFI_SUCCESS;
-}
-
-/* This replaces the platform provided security arch protocols (defined in the UEFI Platform Initialization
- * Specification) with the provided override instances. If not running in secure boot or the protocols are
- * not available nothing happens. The override instances are provided with the necessary info to undo this
- * in uninstall_security_override(). */
-void install_security_override(security_validator_t validator, const void *validator_ctx) {
assert(validator);
if (!secure_boot_enabled())
return;
security_override = (struct SecurityOverride) {
- { .FileAuthenticationState = security_hook, },
- { .FileAuthentication = security2_hook, },
.validator = validator,
.validator_ctx = validator_ctx,
};
- (void) install_security_override_one(
- (EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID,
- &security_override.override,
- &security_override.original_handle,
- (void **) &security_override.original_security);
- (void) install_security_override_one(
- (EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID,
- &security_override.override2,
- &security_override.original_handle2,
- (void **) &security_override.original_security2);
+ EFI_SECURITY_ARCH_PROTOCOL *security = NULL;
+ err = BS->LocateProtocol(&(EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID, NULL, (void **) &security);
+ if (err == EFI_SUCCESS) {
+ security_override.security = security;
+ security_override.original_hook = security->FileAuthenticationState;
+ security->FileAuthenticationState = security_hook;
+ }
+
+ EFI_SECURITY2_ARCH_PROTOCOL *security2 = NULL;
+ err = BS->LocateProtocol(&(EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID, NULL, (void **) &security2);
+ if (err == EFI_SUCCESS) {
+ security_override.security2 = security2;
+ security_override.original_hook2 = security2->FileAuthentication;
+ security2->FileAuthentication = security2_hook;
+ }
}
void uninstall_security_override(void) {
- /* We use assert_se here to guarantee the system is not in a weird state in the unlikely case of an
- * error restoring the original protocols. */
-
- if (security_override.original_handle)
- assert_se(BS->ReinstallProtocolInterface(
- security_override.original_handle,
- &(EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID,
- &security_override.override,
- security_override.original_security) == EFI_SUCCESS);
-
- if (security_override.original_handle2)
- assert_se(BS->ReinstallProtocolInterface(
- security_override.original_handle2,
- &(EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID,
- &security_override.override2,
- security_override.original_security2) == EFI_SUCCESS);
+ if (security_override.original_hook)
+ security_override.security->FileAuthenticationState = security_override.original_hook;
+ if (security_override.original_hook2)
+ security_override.security2->FileAuthentication = security_override.original_hook2;
}

@ -1,36 +0,0 @@
From 77cde7d38bf8cd3438a867a6330c314f4580e43b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 2 Feb 2022 14:20:48 +0900
Subject: [PATCH] mkdir: allow to create directory whose path contains symlink
Fixes a regression caused by 3008a6f21c1c42efe852d69798a2fdd63fe657ec.
Before the commit, when `mkdir_parents_internal()` is called from `mkdir_p()`,
it uses `_mkdir()` as `flag` is zero. But after the commit, `mkdir_safe_internal()`
is always used. Hence, if the path contains a symlink, it fails with -ENOTDIR.
To fix the issue, this makes `mkdir_p()` calls `mkdir_parents_internal()` with
MKDIR_FOLLOW_SYMLINK flag.
Fixes #22334.
(cherry picked from commit 5117059ee9f84ed2fd37801ec0b90473db475422)
Related: #2017035
---
src/basic/mkdir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
index 6e2b94d024..88782ab0d4 100644
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -162,7 +162,7 @@ int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t ui
assert(_mkdirat != mkdirat);
- r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags, _mkdirat);
+ r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags | MKDIR_FOLLOW_SYMLINK, _mkdirat);
if (r < 0)
return r;

@ -1,26 +0,0 @@
From 848b8dde6fe096b317abf0b4996f21c8fe6a39ce Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 2 Feb 2022 15:06:27 +0900
Subject: [PATCH] mkdir: CHASE_NONEXISTENT cannot used in
chase_symlinks_and_stat()
(cherry picked from commit e22916e61d1fdb7b46918b605ebf783d9017f9d8)
Related: #2017035
---
src/basic/mkdir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
index 88782ab0d4..51a0d74e87 100644
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -42,7 +42,7 @@ int mkdir_safe_internal(
if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) {
_cleanup_free_ char *p = NULL;
- r = chase_symlinks_and_stat(path, NULL, CHASE_NONEXISTENT, &p, &st, NULL);
+ r = chase_symlinks_and_stat(path, NULL, 0, &p, &st, NULL);
if (r < 0)
return r;
if (r == 0)

@ -0,0 +1,31 @@
From a43bf9f897002744610a9ea5ce7bdc91c3e3dc83 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 8 Nov 2022 12:21:35 -0800
Subject: [PATCH] networkd-ipv4acd.c: Use net/if.h for getting IFF_LOOPBACK
definition
This helps in avoiding compiling errors on musl. Definition of
IFF_LOOPBACK is the reason for including linux/if_arp.h, this however
could be obtained from net/if.h glibc header equally and makes it
portable as well.
(cherry picked from commit 239e4a42a69c31e55e58618d800e0d68c68931d3)
Related: #2138081
---
src/network/networkd-ipv4acd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/network/networkd-ipv4acd.c b/src/network/networkd-ipv4acd.c
index 4127657ebd..877dee00ec 100644
--- a/src/network/networkd-ipv4acd.c
+++ b/src/network/networkd-ipv4acd.c
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#include <linux/if_arp.h>
+#include <net/if.h> /* IFF_LOOPBACK */
+#include <net/if_arp.h> /* ARPHRD_ETHER */
#include "sd-dhcp-client.h"
#include "sd-ipv4acd.h"

@ -0,0 +1,111 @@
From 94f9a80db599dcc298f3058e5cf2bb60c4972228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 24 Nov 2022 13:58:39 +0100
Subject: [PATCH] Revert "initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs
rootfs"
This reverts commit 1f22621ba33f8089d2ae5fbcaf8b3970dd68aaf0.
This is a replacement for b1fd5cd4eda02a323db93d7daa97f5138f89677d. See that
commit for details.
Related: #2138081
---
docs/ENVIRONMENT.md | 10 +++-------
src/basic/util.c | 47 ++++++++-------------------------------------
2 files changed, 11 insertions(+), 46 deletions(-)
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index a840dd0c90..ab3add6031 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -73,13 +73,9 @@ All tools:
(relevant in particular for the system manager and `systemd-hostnamed`).
Must be a valid hostname (either a single label or a FQDN).
-* `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
- method. Defaults to `auto`. Behavior is defined as follows:
- `auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted
- on `/`. If both conditions meet, then it's in initrd.
- `lenient`: Similar to `auto`, but the rootfs check is skipped.
- `0|1`: Simply overrides initrd detection. This is useful for debugging and
- testing initrd-only programs in the main system.
+* `$SYSTEMD_IN_INITRD` — takes a boolean. If set, overrides initrd detection.
+ This is useful for debugging and testing initrd-only programs in the main
+ system.
* `$SYSTEMD_BUS_TIMEOUT=SECS` — specifies the maximum time to wait for method call
completion. If no time unit is specified, assumes seconds. The usual other units
diff --git a/src/basic/util.c b/src/basic/util.c
index d7ef382737..981f917fab 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -52,13 +52,11 @@ int prot_from_flags(int flags) {
bool in_initrd(void) {
int r;
- const char *e;
- bool lenient = false;
if (saved_in_initrd >= 0)
return saved_in_initrd;
- /* We have two checks here:
+ /* We make two checks here:
*
* 1. the flag file /etc/initrd-release must exist
* 2. the root file system must be a memory file system
@@ -66,46 +64,17 @@ bool in_initrd(void) {
* The second check is extra paranoia, since misdetecting an
* initrd can have bad consequences due the initrd
* emptying when transititioning to the main systemd.
- *
- * If env var $SYSTEMD_IN_INITRD is not set or set to "auto",
- * both checks are used. If it's set to "lenient", only check
- * 1 is used. If set to a boolean value, then the boolean
- * value is returned.
*/
- e = secure_getenv("SYSTEMD_IN_INITRD");
- if (e) {
- if (streq(e, "lenient"))
- lenient = true;
- else if (!streq(e, "auto")) {
- r = parse_boolean(e);
- if (r >= 0) {
- saved_in_initrd = r > 0;
- return saved_in_initrd;
- }
- log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
- }
- }
-
- if (!lenient) {
- r = path_is_temporary_fs("/");
- if (r < 0)
- log_debug_errno(r, "Couldn't determine if / is a temporary file system: %m");
+ r = getenv_bool_secure("SYSTEMD_IN_INITRD");
+ if (r < 0 && r != -ENXIO)
+ log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
+ if (r >= 0)
saved_in_initrd = r > 0;
- }
-
- r = access("/etc/initrd-release", F_OK);
- if (r >= 0) {
- if (saved_in_initrd == 0)
- log_debug("/etc/initrd-release exists, but it's not an initrd.");
- else
- saved_in_initrd = 1;
- } else {
- if (errno != ENOENT)
- log_debug_errno(errno, "Failed to test if /etc/initrd-release exists: %m");
- saved_in_initrd = 0;
- }
+ else
+ saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
+ path_is_temporary_fs("/") > 0;
return saved_in_initrd;
}

@ -1,137 +0,0 @@
From 9cfc2fd3c58609252b3fd203af95bec1aab1b832 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 23 Dec 2021 12:55:40 +0100
Subject: [PATCH] meson: move efi file lists closer to where they are used
The goal is to have the detection of features and paths done first, and
then the build target constructions second.
(cherry picked from commit 65dcf9f9a0d877de0dc53558547462a7f1750c78)
Related: #2017035
---
src/boot/efi/meson.build | 104 +++++++++++++++++++--------------------
1 file changed, 51 insertions(+), 53 deletions(-)
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index e10e51cf4e..1125c64ea3 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -99,59 +99,6 @@ if efi_lds == ''
subdir_done()
endif
-efi_headers = files('''
- bcd.h
- console.h
- cpio.h
- devicetree.h
- disk.h
- drivers.h
- graphics.h
- linux.h
- measure.h
- missing_efi.h
- pe.h
- random-seed.h
- shim.h
- splash.h
- util.h
- xbootldr.h
-'''.split())
-
-common_sources = '''
- assert.c
- devicetree.c
- disk.c
- graphics.c
- measure.c
- pe.c
- secure-boot.c
- util.c
-'''.split()
-
-systemd_boot_sources = '''
- bcd.c
- boot.c
- console.c
- drivers.c
- random-seed.c
- shim.c
- xbootldr.c
-'''.split()
-
-stub_sources = '''
- cpio.c
- initrd.c
- splash.c
- stub.c
-'''.split()
-
-if efi_arch[1] in ['ia32', 'x86_64']
- stub_sources += 'linux_x86.c'
-else
- stub_sources += 'linux.c'
-endif
-
conf.set10('HAVE_GNU_EFI', true)
conf.set_quoted('EFI_MACHINE_TYPE_NAME', efi_arch[0])
@@ -332,6 +279,57 @@ if efi_cc_version.contains('clang') and efi_cc_version.split('.')[0].split(' ')[
efi_ldflags += ['-Wl,-T,' + efi_lds, '-Wno-unused-command-line-argument']
endif
+############################################################
+
+efi_headers = files(
+ 'bcd.h',
+ 'console.h',
+ 'cpio.h',
+ 'devicetree.h',
+ 'disk.h',
+ 'drivers.h',
+ 'graphics.h',
+ 'linux.h',
+ 'measure.h',
+ 'missing_efi.h',
+ 'pe.h',
+ 'random-seed.h',
+ 'shim.h',
+ 'splash.h',
+ 'util.h',
+ 'xbootldr.h')
+
+common_sources = [
+ 'assert.c',
+ 'devicetree.c',
+ 'disk.c',
+ 'graphics.c',
+ 'measure.c',
+ 'pe.c',
+ 'secure-boot.c',
+ 'util.c']
+
+systemd_boot_sources = [
+ 'bcd.c',
+ 'boot.c',
+ 'console.c',
+ 'drivers.c',
+ 'random-seed.c',
+ 'shim.c',
+ 'xbootldr.c']
+
+stub_sources = [
+ 'cpio.c',
+ 'initrd.c',
+ 'splash.c',
+ 'stub.c']
+
+if efi_arch[1] in ['ia32', 'x86_64']
+ stub_sources += 'linux_x86.c'
+else
+ stub_sources += 'linux.c'
+endif
+
systemd_boot_objects = []
stub_objects = []
foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources

@ -1,77 +0,0 @@
From a6c93d3200c0fd0eeee3a725b428cee94108cf48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 23 Dec 2021 13:05:01 +0100
Subject: [PATCH] meson: move efi summary() section to src/boot/efi
This way we can add the entries more naturally in the same place where
they are defined.
(cherry picked from commit 3f871f120520aa2d11218735b0741bacc0309b4d)
Related: #2017035
---
meson.build | 16 ++++------------
src/boot/efi/meson.build | 9 +++++++++
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/meson.build b/meson.build
index e07875a054..f040eeab99 100644
--- a/meson.build
+++ b/meson.build
@@ -43,6 +43,10 @@ endif
skip_deps = want_ossfuzz or want_libfuzzer
fuzzer_build = want_ossfuzz or want_libfuzzer
+# Create a title-less summary section early, so it ends up first in the output.
+# More items are added later after they have been detected.
+summary({'build mode' : get_option('mode')})
+
#####################################################################
# Try to install the git pre-commit hook
@@ -3902,7 +3906,6 @@ alt_time_epoch = run_command('date', '-Is', '-u', '-d', '@@0@'.format(time_epoch
check : true).stdout().strip()
summary({
- 'build mode' : get_option('mode'),
'split /usr' : split_usr,
'split bin-sbin' : split_bin,
'prefix directory' : prefixdir,
@@ -3960,17 +3963,6 @@ summary({
# CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
# LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS}
-if conf.get('ENABLE_EFI') == 1 and conf.get('HAVE_GNU_EFI') == 1
- summary({
- 'EFI machine type' : efi_arch[0],
- 'EFI CC' : '@0@'.format(' '.join(efi_cc)),
- 'EFI LD' : efi_ld,
- 'EFI lds' : efi_lds,
- 'EFI crt0' : efi_crt0,
- 'EFI include directory' : efi_incdir},
- section : 'Extensible Firmware Interface')
-endif
-
found = []
missing = []
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 1125c64ea3..dd318079fc 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -279,6 +279,15 @@ if efi_cc_version.contains('clang') and efi_cc_version.split('.')[0].split(' ')[
efi_ldflags += ['-Wl,-T,' + efi_lds, '-Wno-unused-command-line-argument']
endif
+summary({
+ 'EFI machine type' : efi_arch[0],
+ 'EFI CC' : '@0@'.format(' '.join(efi_cc)),
+ 'EFI LD' : efi_ld,
+ 'EFI lds' : efi_lds,
+ 'EFI crt0' : efi_crt0,
+ 'EFI include directory' : efi_incdir},
+ section : 'Extensible Firmware Interface')
+
############################################################
efi_headers = files(

@ -0,0 +1,124 @@
From 7b6a09c47f1fee035c4b42840fabf65edce12aa8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 7 Nov 2022 12:40:20 +0100
Subject: [PATCH] pid1: skip cleanup if root is not tmpfs/ramfs
in_initrd() was really doing two things: checking if we're in the initrd, and
also verifying that the initrd is set up correctly. But this second check is
complicated, in particular it would return false for overlayfs, even with an
upper tmpfs layer. It also doesn't support the use case of having an initial
initrd with tmpfs, and then transitioning into an intermediate initrd that is
e.g. a DDI, i.e. a filesystem possibly with verity arranged as a disk image.
We don't need to check if we're in initrd in every program. Instead, concerns
are separated:
- in_initrd() just does a simple check for /etc/initrd-release.
- When doing cleanup, pid1 checks if it's on a tmpfs before starting to wipe
the old root. The only case where we want to remove the old root is when
we're on a plain tempory filesystem. With an overlay, we'd be creating
whiteout files, which is not very useful. (*)
This should resolve https://bugzilla.redhat.com/show_bug.cgi?id=2137631
which is caused by systemd refusing to treat the system as an initrd because
overlayfs is used.
(*) I think the idea of keeping the initrd fs around for shutdown is outdated.
We should just have a completely separate exitrd that is unpacked when we want
to shut down. This way, we don't waste memory at runtime, and we also don't
transition to a potentially older version of systemd. But we don't have support
for this yet.
This replaces 0fef5b0f0bd9ded1ae7bcb3e4e4b2893e36c51a6.
(cherry picked from commit a940f507fbe1c81d6787dc0b7ce232c39818eec9)
Related: #2138081
---
src/basic/util.c | 19 ++++++++-----------
src/shared/switch-root.c | 22 ++++++++++++----------
2 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index 981f917fab..e6aaa2dc9b 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -56,14 +56,8 @@ bool in_initrd(void) {
if (saved_in_initrd >= 0)
return saved_in_initrd;
- /* We make two checks here:
- *
- * 1. the flag file /etc/initrd-release must exist
- * 2. the root file system must be a memory file system
- *
- * The second check is extra paranoia, since misdetecting an
- * initrd can have bad consequences due the initrd
- * emptying when transititioning to the main systemd.
+ /* If /etc/initrd-release exists, we're in an initrd.
+ * This can be overridden by setting SYSTEMD_IN_INITRD=0|1.
*/
r = getenv_bool_secure("SYSTEMD_IN_INITRD");
@@ -72,9 +66,12 @@ bool in_initrd(void) {
if (r >= 0)
saved_in_initrd = r > 0;
- else
- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
- path_is_temporary_fs("/") > 0;
+ else {
+ r = access("/etc/initrd-release", F_OK);
+ if (r < 0 && errno != ENOENT)
+ log_debug_errno(r, "Failed to check if /etc/initrd-release exists, assuming it does not: %m");
+ saved_in_initrd = r >= 0;
+ }
return saved_in_initrd;
}
diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c
index 1a444841fa..4cad3551a6 100644
--- a/src/shared/switch-root.c
+++ b/src/shared/switch-root.c
@@ -32,7 +32,6 @@ int switch_root(const char *new_root,
_cleanup_free_ char *resolved_old_root_after = NULL;
_cleanup_close_ int old_root_fd = -1;
- bool old_root_remove;
int r;
assert(new_root);
@@ -42,12 +41,16 @@ int switch_root(const char *new_root,
return 0;
/* Check if we shall remove the contents of the old root */
- old_root_remove = in_initrd();
- if (old_root_remove) {
- old_root_fd = open("/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY|O_DIRECTORY);
- if (old_root_fd < 0)
- return log_error_errno(errno, "Failed to open root directory: %m");
- }
+ old_root_fd = open("/", O_RDONLY | O_CLOEXEC | O_DIRECTORY);
+ if (old_root_fd < 0)
+ return log_error_errno(errno, "Failed to open root directory: %m");
+ r = fd_is_temporary_fs(old_root_fd);
+ if (r < 0)
+ return log_error_errno(r, "Failed to stat root directory: %m");
+ if (r > 0)
+ log_debug("Root directory is on tmpfs, will do cleanup later.");
+ else
+ old_root_fd = safe_close(old_root_fd);
/* Determine where we shall place the old root after the transition */
r = chase_symlinks(old_root_after, new_root, CHASE_PREFIX_ROOT|CHASE_NONEXISTENT, &resolved_old_root_after, NULL);
@@ -117,9 +120,8 @@ int switch_root(const char *new_root,
struct stat rb;
if (fstat(old_root_fd, &rb) < 0)
- log_warning_errno(errno, "Failed to stat old root directory, leaving: %m");
- else
- (void) rm_rf_children(TAKE_FD(old_root_fd), 0, &rb); /* takes possession of the dir fd, even on failure */
+ return log_error_errno(errno, "Failed to stat old root directory: %m");
+ (void) rm_rf_children(TAKE_FD(old_root_fd), 0, &rb); /* takes possession of the dir fd, even on failure */
}
return 0;

@ -0,0 +1,106 @@
From 2ac7d7a818788110342a99978680485fbe27cc25 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 11 Nov 2022 13:54:03 +0900
Subject: [PATCH] ac-power: check battery existence and status
If a battery is not present or its status is not discharging, then
the battery should not be used as a power source.
Let's count batteries currently discharging.
Fixes #25316.
(cherry picked from commit 1c03f7f4ba419aa65997e90accc0d935ae1cfbc5)
Related: #2138081
---
src/shared/udev-util.c | 58 ++++++++++++++++++++++++++++++++----------
1 file changed, 44 insertions(+), 14 deletions(-)
diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c
index aac02cd61b..7d95353452 100644
--- a/src/shared/udev-util.c
+++ b/src/shared/udev-util.c
@@ -642,9 +642,46 @@ static int device_is_power_sink(sd_device *device) {
return found_sink || !found_source;
}
+static bool battery_is_discharging(sd_device *d) {
+ const char *val;
+ int r;
+
+ assert(d);
+
+ r = sd_device_get_sysattr_value(d, "scope", &val);
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_device_debug_errno(d, r, "Failed to read 'scope' sysfs attribute, ignoring: %m");
+ } else if (streq(val, "Device")) {
+ log_device_debug(d, "The power supply is a device battery, ignoring device.");
+ return false;
+ }
+
+ r = device_get_sysattr_bool(d, "present");
+ if (r < 0)
+ log_device_debug_errno(d, r, "Failed to read 'present' sysfs attribute, assuming the battery is present: %m");
+ else if (r == 0) {
+ log_device_debug(d, "The battery is not present, ignoring the power supply.");
+ return false;
+ }
+
+ /* Possible values: "Unknown", "Charging", "Discharging", "Not charging", "Full" */
+ r = sd_device_get_sysattr_value(d, "status", &val);
+ if (r < 0) {
+ log_device_debug_errno(d, r, "Failed to read 'status' sysfs attribute, assuming the battery is discharging: %m");
+ return true;
+ }
+ if (!streq(val, "Discharging")) {
+ log_device_debug(d, "The battery status is '%s', assuming the battery is not used as a power source of this machine.", val);
+ return false;
+ }
+
+ return true;
+}
+
int on_ac_power(void) {
_cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL;
- bool found_ac_online = false, found_battery = false;
+ bool found_ac_online = false, found_discharging_battery = false;
sd_device *d;
int r;
@@ -686,17 +723,10 @@ int on_ac_power(void) {
}
if (streq(val, "Battery")) {
- r = sd_device_get_sysattr_value(d, "scope", &val);
- if (r < 0) {
- if (r != -ENOENT)
- log_device_debug_errno(d, r, "Failed to read 'scope' sysfs attribute, ignoring: %m");
- } else if (streq(val, "Device")) {
- log_device_debug(d, "The power supply is a device battery, ignoring device.");
- continue;
+ if (battery_is_discharging(d)) {
+ found_discharging_battery = true;
+ log_device_debug(d, "The power supply is a battery and currently discharging.");
}
-
- found_battery = true;
- log_device_debug(d, "The power supply is battery.");
continue;
}
@@ -713,11 +743,11 @@ int on_ac_power(void) {
if (found_ac_online) {
log_debug("Found at least one online non-battery power supply, system is running on AC.");
return true;
- } else if (found_battery) {
- log_debug("Found battery and no online power sources, assuming system is running from battery.");
+ } else if (found_discharging_battery) {
+ log_debug("Found at least one discharging battery and no online power sources, assuming system is running from battery.");
return false;
} else {
- log_debug("No power supply reported online and no battery, assuming system is running on AC.");
+ log_debug("No power supply reported online and no discharging battery found, assuming system is running on AC.");
return true;
}
}

@ -1,53 +0,0 @@
From 340f8e02cf4db0e6b3733bfcc14630b3ce8181a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 23 Dec 2021 13:19:42 +0100
Subject: [PATCH] meson: report SBAT settings
(cherry picked from commit e4e44a0107645891e82a538100a7590eb59a516c)
Related: #2017035
---
src/boot/efi/meson.build | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index dd318079fc..e628068596 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -130,7 +130,6 @@ elif get_option('sbat-distro') != ''
if (value == '' or value == 'auto') and not meson.is_cross_build()
cmd = 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $@0@'.format(sbatvar[1])
value = run_command(sh, '-c', cmd).stdout().strip()
- message('@0@ (from @1@): @2@'.format(sbatvar[0], sbatvar[1], value))
endif
if value == ''
error('Required @0@ option not set and autodetection failed'.format(sbatvar[0]))
@@ -147,8 +146,11 @@ elif get_option('sbat-distro') != ''
pkgver = get_option('sbat-distro-version')
if pkgver == ''
efi_conf.set('SBAT_DISTRO_VERSION', 'GIT_VERSION')
+ # This is determined during build, not configuration, so we can't display it yet.
+ sbat_distro_version_display = '(git version)'
else
efi_conf.set_quoted('SBAT_DISTRO_VERSION', pkgver)
+ sbat_distro_version_display = pkgver
endif
endif
@@ -288,6 +290,16 @@ summary({
'EFI include directory' : efi_incdir},
section : 'Extensible Firmware Interface')
+if efi_conf.get('SBAT_DISTRO', '') != ''
+ summary({
+ 'SBAT distro': efi_conf.get('SBAT_DISTRO'),
+ 'SBAT distro generation': efi_conf.get('SBAT_DISTRO_GENERATION'),
+ 'SBAT distro version': sbat_distro_version_display,
+ 'SBAT distro summary': efi_conf.get('SBAT_DISTRO_SUMMARY'),
+ 'SBAT distro URL': efi_conf.get('SBAT_DISTRO_URL')},
+ section : 'Extensible Firmware Interface')
+endif
+
############################################################
efi_headers = files(

@ -1,79 +0,0 @@
From 2d3b47dcd5a4b356c481f89c483db3eb308fcab9 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 28 Dec 2021 13:10:39 +0100
Subject: [PATCH] boot: Build BCD parser only on arches supported by Windows
(cherry picked from commit 77fcf28cb88b302453b4c991a6571cb37f10634d)
Related: #2017035
---
src/boot/efi/boot.c | 2 ++
src/boot/efi/meson.build | 21 ++++++++++++---------
2 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 0286914b8b..83358406f2 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -1941,6 +1941,7 @@ static void config_entry_add_osx(Config *config) {
}
static void config_entry_add_windows(Config *config, EFI_HANDLE *device, EFI_FILE *root_dir) {
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
_cleanup_freepool_ CHAR8 *bcd = NULL;
CHAR16 *title = NULL;
EFI_STATUS err;
@@ -1961,6 +1962,7 @@ static void config_entry_add_windows(Config *config, EFI_HANDLE *device, EFI_FIL
config_entry_add_loader_auto(config, device, root_dir, NULL,
L"auto-windows", 'w', title ?: L"Windows Boot Manager",
L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi");
+#endif
}
static void config_entry_add_linux(
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index e628068596..6a0c8da9ba 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -331,7 +331,6 @@ common_sources = [
'util.c']
systemd_boot_sources = [
- 'bcd.c',
'boot.c',
'console.c',
'drivers.c',
@@ -351,6 +350,18 @@ else
stub_sources += 'linux.c'
endif
+# BCD parser only makes sense on arches that Windows supports.
+if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
+ systemd_boot_sources += 'bcd.c'
+ tests += [
+ [['src/boot/efi/test-bcd.c'],
+ [],
+ [libzstd],
+ [],
+ 'HAVE_ZSTD'],
+ ]
+endif
+
systemd_boot_objects = []
stub_objects = []
foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources
@@ -408,14 +419,6 @@ endforeach
############################################################
-tests += [
- [['src/boot/efi/test-bcd.c'],
- [],
- [libzstd],
- [],
- 'HAVE_ZSTD'],
-]
-
test_efi_disk_img = custom_target(
'test-efi-disk.img',
input : [efi_stubs[0][0], efi_stubs[1][1]],

@ -0,0 +1,34 @@
From c2317e2a2be2dd39266b82712ec9569a86f7fde3 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 13 Nov 2022 21:10:56 +0900
Subject: [PATCH] systemctl: do not show unit properties with --all
Fixes a bug introduced by a6e334649d4bdff0c6f664e98666b2223aa21a8b.
Fixes #25343.
(cherry picked from commit 0b51a1c8c4c77f98a8c234cd2c7a7849329be027)
Related: #2138081
---
src/systemctl/systemctl-show.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c
index 8d3db98c0a..24c7d564b8 100644
--- a/src/systemctl/systemctl-show.c
+++ b/src/systemctl/systemctl-show.c
@@ -2207,9 +2207,10 @@ int verb_show(int argc, char *argv[], void *userdata) {
if (!arg_states && !arg_types) {
if (show_mode == SYSTEMCTL_SHOW_PROPERTIES)
- r = show_one(bus, "/org/freedesktop/systemd1", NULL, show_mode, &new_line, &ellipsized);
- else
- r = show_system_status(bus);
+ /* systemctl show --all → show properties of the manager */
+ return show_one(bus, "/org/freedesktop/systemd1", NULL, show_mode, &new_line, &ellipsized);
+
+ r = show_system_status(bus);
if (r < 0)
return r;

@ -0,0 +1,46 @@
From abbfdf2aa3e17a84d0f4075f125e670defaf7296 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcus=20Sch=C3=A4fer?= <marcus.schaefer@gmail.com>
Date: Wed, 16 Nov 2022 00:17:19 +0100
Subject: [PATCH] Fix reading /etc/machine-id in kernel-install (#25388)
* Fix reading /etc/machine-id in kernel-install
The kernel-install script has code to read the contents of
/etc/machine-id into the MACHINE_ID variable. Depending
on the variable content kernel-install either logs the
value or creates a new machine id via 'systemd-id128 new'.
In that logic there is one issue. If the file /etc/machine-id
exists but is empty, the script tries to call read on an
empty file which return with an exit code != 0. As the
script code also uses 'set -e', kernel-install will exit at
this point which is unexpected.
The condition of an empty /etc/machine-id file exists for
example when building OS images, which should initialize the
system id on first boot but not staticly inside of the image.
afaik an empty /etc/machine-id is also a common approach
to make systemd indicate that it should create a new system
id. Because of this, the commit makes sure the reading of
/etc/machine-id does not fail in any case such that the
handling of the MACHINE_ID variable takes place.
(cherry picked from commit 883e7cbfc0dba6c81338e7924419b5cbb0cba0b2)
Related: #2138081
---
src/kernel-install/kernel-install.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kernel-install/kernel-install.in b/src/kernel-install/kernel-install.in
index 22eb4d2be1..bba22f8a20 100755
--- a/src/kernel-install/kernel-install.in
+++ b/src/kernel-install/kernel-install.in
@@ -158,7 +158,7 @@ if [ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ]; then
[ -n "$MACHINE_ID" ] && \
log_verbose "machine-id $MACHINE_ID acquired from /etc/machine-info"
fi
-if [ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ]; then
+if [ -z "$MACHINE_ID" ] && [ -s /etc/machine-id ]; then
read -r MACHINE_ID </etc/machine-id
[ -n "$MACHINE_ID" ] && \
log_verbose "machine-id $MACHINE_ID acquired from /etc/machine-id"

@ -1,96 +0,0 @@
From 38afe3074812ab355bc20a36d41871f1b4f4386b Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Wed, 29 Dec 2021 15:02:04 +0100
Subject: [PATCH] meson: Remove efi-cc option
Changing the efi compiler this way doesn't really work. The gnu-efi
header checks as well as supported compiler flag checks use the
regular cc that meson detects. Changing the compiler this way will
end up with bad compiler flags. For the very same reason, this does
not work with a cross-compiler without going through proper meson
cross-compilation steps either.
The proper way to build systemd-boot with a different compiler is to
use a different build folder and then just use the proper ninja build
target to only build the bootloader/stub.
(cherry picked from commit 52adf0e91ef00d21a2e83f7669d0823667ce6b6c)
Related: #2017035
---
meson_options.txt | 2 --
src/boot/efi/meson.build | 14 ++++----------
2 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/meson_options.txt b/meson_options.txt
index 401f0933d7..62cdeb4201 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -414,8 +414,6 @@ option('dbus', type : 'combo', choices : ['auto', 'true', 'false'],
option('gnu-efi', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gnu-efi support for sd-boot')
-option('efi-cc', type : 'array',
- description : 'the compiler to use for EFI modules')
# Note that LLD does not support PE/COFF relocations
# https://lists.llvm.org/pipermail/llvm-dev/2021-March/149234.html
option('efi-ld', type : 'combo', choices : ['auto', 'bfd', 'gold'],
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 6a0c8da9ba..11e6bf2dd0 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -44,10 +44,6 @@ if not cc.has_header_symbol('efi.h', 'EFI_IMAGE_MACHINE_X64',
endif
objcopy = find_program('objcopy')
-efi_cc = get_option('efi-cc')
-if efi_cc.length() == 0
- efi_cc = cc.cmd_array()
-endif
efi_ld = get_option('efi-ld')
if efi_ld == 'auto'
@@ -62,7 +58,7 @@ efi_libdir = ''
foreach dir : [get_option('efi-libdir'),
'/usr/lib/gnuefi' / efi_arch[0],
run_command('realpath', '-e',
- '/usr/lib' / run_command(efi_cc, '-print-multi-os-directory').stdout().strip()).stdout().strip()]
+ '/usr/lib' / run_command(cc.cmd_array(), '-print-multi-os-directory').stdout().strip()).stdout().strip()]
if dir != '' and fs.is_dir(dir)
efi_libdir = dir
break
@@ -275,15 +271,13 @@ if run_command('grep', '-q', '__CTOR_LIST__', efi_lds).returncode() == 0
]
endif
-efi_cc_version = run_command(efi_cc, '--version').stdout().split('\n')[0]
-if efi_cc_version.contains('clang') and efi_cc_version.split('.')[0].split(' ')[-1].to_int() <= 10
+if cc.get_id() == 'clang' and cc.version().split('.')[0].to_int() <= 10
# clang <= 10 doesn't pass -T to the linker and then even complains about it being unused
efi_ldflags += ['-Wl,-T,' + efi_lds, '-Wno-unused-command-line-argument']
endif
summary({
'EFI machine type' : efi_arch[0],
- 'EFI CC' : '@0@'.format(' '.join(efi_cc)),
'EFI LD' : efi_ld,
'EFI lds' : efi_lds,
'EFI crt0' : efi_crt0,
@@ -368,7 +362,7 @@ foreach file : fundamental_source_paths + common_sources + systemd_boot_sources
o_file = custom_target(file.split('/')[-1] + '.o',
input : file,
output : file.split('/')[-1] + '.o',
- command : [efi_cc, '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags],
+ command : [cc.cmd_array(), '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags],
depend_files : efi_headers + fundamental_headers)
if (fundamental_source_paths + common_sources + systemd_boot_sources).contains(file)
systemd_boot_objects += o_file
@@ -389,7 +383,7 @@ foreach tuple : [['systemd_boot.so', systemd_boot_efi_name, systemd_boot_objects
tuple[0],
input : tuple[2],
output : tuple[0],
- command : [efi_cc, '-o', '@OUTPUT@', efi_ldflags, efi_cflags, tuple[2], '-lefi', '-lgnuefi', '-lgcc'],
+ command : [cc.cmd_array(), '-o', '@OUTPUT@', efi_ldflags, efi_cflags, tuple[2], '-lefi', '-lgnuefi', '-lgcc'],
install : tuple[3],
install_dir : bootlibdir)

@ -0,0 +1,83 @@
From 29c414e616f39e06d585ce6ecf25bb226963d0bc Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 14 Nov 2022 12:45:47 +0100
Subject: [PATCH] Revert "journal: Make sd_journal_previous/next() return 0 at
HEAD/TAIL"
This commit broke backwards compatibility so let's revert it until
we find a better solution.
This reverts commit 977ad21b5b8f6323515297bd8995dcaaca0905df.
(cherry picked from commit 1db6dbb1dcdacfd7d2b4c84562fc6e77bc8c43a5)
Related: #2138081
---
src/journal/test-journal-interleaving.c | 4 ----
src/libsystemd/sd-journal/sd-journal.c | 8 ++++----
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/journal/test-journal-interleaving.c b/src/journal/test-journal-interleaving.c
index 378bf162ca..b3ae4b8143 100644
--- a/src/journal/test-journal-interleaving.c
+++ b/src/journal/test-journal-interleaving.c
@@ -158,7 +158,6 @@ static void test_skip_one(void (*setup)(void)) {
*/
assert_ret(sd_journal_open_directory(&j, t, 0));
assert_ret(sd_journal_seek_head(j));
- assert_ret(sd_journal_previous(j) == 0);
assert_ret(sd_journal_next(j));
test_check_numbers_down(j, 4);
sd_journal_close(j);
@@ -167,7 +166,6 @@ static void test_skip_one(void (*setup)(void)) {
*/
assert_ret(sd_journal_open_directory(&j, t, 0));
assert_ret(sd_journal_seek_tail(j));
- assert_ret(sd_journal_next(j) == 0);
assert_ret(sd_journal_previous(j));
test_check_numbers_up(j, 4);
sd_journal_close(j);
@@ -176,7 +174,6 @@ static void test_skip_one(void (*setup)(void)) {
*/
assert_ret(sd_journal_open_directory(&j, t, 0));
assert_ret(sd_journal_seek_tail(j));
- assert_ret(sd_journal_next(j) == 0);
assert_ret(r = sd_journal_previous_skip(j, 4));
assert_se(r == 4);
test_check_numbers_down(j, 4);
@@ -186,7 +183,6 @@ static void test_skip_one(void (*setup)(void)) {
*/
assert_ret(sd_journal_open_directory(&j, t, 0));
assert_ret(sd_journal_seek_head(j));
- assert_ret(sd_journal_previous(j) == 0);
assert_ret(r = sd_journal_next_skip(j, 4));
assert_se(r == 4);
test_check_numbers_up(j, 4);
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
index 53c0b2a01e..1e4d128f05 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -606,9 +606,9 @@ static int find_location_for_match(
/* FIXME: missing: find by monotonic */
if (j->current_location.type == LOCATION_HEAD)
- return direction == DIRECTION_DOWN ? journal_file_next_entry_for_data(f, d, DIRECTION_DOWN, ret, offset) : 0;
+ return journal_file_next_entry_for_data(f, d, DIRECTION_DOWN, ret, offset);
if (j->current_location.type == LOCATION_TAIL)
- return direction == DIRECTION_UP ? journal_file_next_entry_for_data(f, d, DIRECTION_UP, ret, offset) : 0;
+ return journal_file_next_entry_for_data(f, d, DIRECTION_UP, ret, offset);
if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
return journal_file_move_to_entry_by_seqnum_for_data(f, d, j->current_location.seqnum, direction, ret, offset);
if (j->current_location.monotonic_set) {
@@ -701,9 +701,9 @@ static int find_location_with_matches(
/* No matches is simple */
if (j->current_location.type == LOCATION_HEAD)
- return direction == DIRECTION_DOWN ? journal_file_next_entry(f, 0, DIRECTION_DOWN, ret, offset) : 0;
+ return journal_file_next_entry(f, 0, DIRECTION_DOWN, ret, offset);
if (j->current_location.type == LOCATION_TAIL)
- return direction == DIRECTION_UP ? journal_file_next_entry(f, 0, DIRECTION_UP, ret, offset) : 0;
+ return journal_file_next_entry(f, 0, DIRECTION_UP, ret, offset);
if (j->current_location.seqnum_set && sd_id128_equal(j->current_location.seqnum_id, f->header->seqnum_id))
return journal_file_move_to_entry_by_seqnum(f, j->current_location.seqnum, direction, ret, offset);
if (j->current_location.monotonic_set) {

@ -1,25 +0,0 @@
From b077524848816638fc7d0cf3e65c062da095626f Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Wed, 29 Dec 2021 15:13:35 +0100
Subject: [PATCH] meson: Get objcopy location from compiler
(cherry picked from commit 2f2b07226751827303a88f3a301f2d834f3fb97b)
Related: #2017035
---
src/boot/efi/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 11e6bf2dd0..144fbb0f43 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -43,7 +43,7 @@ if not cc.has_header_symbol('efi.h', 'EFI_IMAGE_MACHINE_X64',
subdir_done()
endif
-objcopy = find_program('objcopy')
+objcopy = run_command(cc.cmd_array(), '-print-prog-name=objcopy', check: true).stdout().strip()
efi_ld = get_option('efi-ld')
if efi_ld == 'auto'

@ -0,0 +1,29 @@
From f740d67fd0ed36bc3318d724ccb1fdfca2f04125 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Sun, 4 Sep 2022 00:22:23 +0200
Subject: [PATCH] boot: Correctly handle @saved default patterns
(cherry picked from commit 7941f11acb67c4f8ec857a791a51f3148af67b32)
Related: #2138081
---
src/shared/bootspec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c
index 6a34b10c04..d3cfb41a12 100644
--- a/src/shared/bootspec.c
+++ b/src/shared/bootspec.c
@@ -994,6 +994,12 @@ static int boot_config_find(const BootConfig *config, const char *id) {
if (!id)
return -1;
+ if (id[0] == '@') {
+ if (!strcaseeq(id, "@saved"))
+ return -1;
+ id = config->entry_selected;
+ }
+
for (size_t i = 0; i < config->n_entries; i++)
if (fnmatch(id, config->entries[i].id, FNM_CASEFOLD) == 0)
return i;

@ -1,123 +0,0 @@
From 3088f292855f4a525271906a5652985f01c5d7b2 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Fri, 7 Jan 2022 21:55:50 +0100
Subject: [PATCH] meson: Use files() for source lists for boot and fundamental
This fixes build reproducibility as otherwise the full path
of the source files ends up in the output binary.
(cherry picked from commit b3c5a7074cd434bc02c4b560afe933d3df24759e)
Related: #2017035
---
src/boot/efi/meson.build | 29 +++++++++++++++++------------
src/fundamental/meson.build | 22 +++++++++-------------
2 files changed, 26 insertions(+), 25 deletions(-)
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 144fbb0f43..4cc43dc00c 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -312,9 +312,10 @@ efi_headers = files(
'shim.h',
'splash.h',
'util.h',
- 'xbootldr.h')
+ 'xbootldr.h',
+)
-common_sources = [
+common_sources = files(
'assert.c',
'devicetree.c',
'disk.c',
@@ -322,31 +323,34 @@ common_sources = [
'measure.c',
'pe.c',
'secure-boot.c',
- 'util.c']
+ 'util.c',
+)
-systemd_boot_sources = [
+systemd_boot_sources = files(
'boot.c',
'console.c',
'drivers.c',
'random-seed.c',
'shim.c',
- 'xbootldr.c']
+ 'xbootldr.c',
+)
-stub_sources = [
+stub_sources = files(
'cpio.c',
'initrd.c',
'splash.c',
- 'stub.c']
+ 'stub.c',
+)
if efi_arch[1] in ['ia32', 'x86_64']
- stub_sources += 'linux_x86.c'
+ stub_sources += files('linux_x86.c')
else
- stub_sources += 'linux.c'
+ stub_sources += files('linux.c')
endif
# BCD parser only makes sense on arches that Windows supports.
if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
- systemd_boot_sources += 'bcd.c'
+ systemd_boot_sources += files('bcd.c')
tests += [
[['src/boot/efi/test-bcd.c'],
[],
@@ -359,9 +363,10 @@ endif
systemd_boot_objects = []
stub_objects = []
foreach file : fundamental_source_paths + common_sources + systemd_boot_sources + stub_sources
- o_file = custom_target(file.split('/')[-1] + '.o',
+ # FIXME: replace ''.format(file) with fs.name(file) when meson_version requirement is >= 0.59.0
+ o_file = custom_target('@0@.o'.format(file).split('/')[-1],
input : file,
- output : file.split('/')[-1] + '.o',
+ output : '@0@.o'.format(file).split('/')[-1],
command : [cc.cmd_array(), '-c', '@INPUT@', '-o', '@OUTPUT@', efi_cflags],
depend_files : efi_headers + fundamental_headers)
if (fundamental_source_paths + common_sources + systemd_boot_sources).contains(file)
diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build
index 287f0fe36a..f927788c3a 100644
--- a/src/fundamental/meson.build
+++ b/src/fundamental/meson.build
@@ -8,20 +8,16 @@ fundamental_headers = files(
'macro-fundamental.h',
'sha256.h',
'string-util-fundamental.h',
- 'types-fundamental.h')
-
-sources = '''
- bootspec-fundamental.c
- efivars-fundamental.c
- string-util-fundamental.c
- sha256.c
-'''.split()
+ 'types-fundamental.h',
+)
# for sd-boot
-fundamental_source_paths = []
-foreach source : sources
- fundamental_source_paths += meson.current_source_dir() / source
-endforeach
+fundamental_source_paths = files(
+ 'bootspec-fundamental.c',
+ 'efivars-fundamental.c',
+ 'sha256.c',
+ 'string-util-fundamental.c',
+)
# for libbasic
-fundamental_sources = files(sources) + fundamental_headers
+fundamental_sources = fundamental_source_paths + fundamental_headers

File diff suppressed because it is too large Load Diff

@ -0,0 +1,82 @@
From fda254c954d6a543e1977edc1d283c915ee43adc Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Tue, 15 Nov 2022 14:57:23 +0100
Subject: [PATCH] shared/tpm2-util: Fix "Error: Esys invalid ESAPI handle
(40000001)" warning
systemd-cryptenroll complains (but succeeds!) upon binding to a signed PCR
policy:
$ systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto
--tpm2-public-key=... --tpm2-signature=..." /tmp/tmp.img
ERROR:esys:src/tss2-esys/esys_iutil.c:394:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (40000001).
WARNING:esys:src/tss2-esys/esys_iutil.c:415:iesys_is_platform_handle() Convert handle from TPM2_RH to ESYS_TR, got: 0x40000001
ERROR:esys:src/tss2-esys/esys_iutil.c:394:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (40000001).
WARNING:esys:src/tss2-esys/esys_iutil.c:415:iesys_is_platform_handle() Convert handle from TPM2_RH to ESYS_TR, got: 0x4000000
New TPM2 token enrolled as key slot 1.
The problem seems to be that Esys_LoadExternal() function from tpm2-tss
expects a 'ESYS_TR_RH*' constant specifying the requested hierarchy and not
a 'TPM2_RH_*' one (see Esys_LoadExternal() -> Esys_LoadExternal_Async() ->
iesys_handle_to_tpm_handle() call chain).
It all works because Esys_LoadExternal_Async() falls back to using the
supplied values when iesys_handle_to_tpm_handle() fails:
r = iesys_handle_to_tpm_handle(hierarchy, &tpm_hierarchy);
if (r != TSS2_RC_SUCCESS) {
...
tpm_hierarchy = hierarchy;
}
Note, TPM2_RH_OWNER was used on purpose to support older tpm2-tss versions
(pre https://github.com/tpm2-software/tpm2-tss/pull/1531), use meson magic
to preserve compatibility.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
(cherry picked from commit 155c51293d5bf37f54c65fd0a66ea29e6eedd580)
Related: #2138081
---
meson.build | 3 +++
src/shared/tpm2-util.c | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/meson.build b/meson.build
index 7750534466..015849af49 100644
--- a/meson.build
+++ b/meson.build
@@ -1474,11 +1474,14 @@ if want_tpm2 != 'false' and not skip_deps
tpm2 = dependency('tss2-esys tss2-rc tss2-mu',
required : want_tpm2 == 'true')
have = tpm2.found()
+ have_esys3 = tpm2.version().version_compare('>= 3.0.0')
else
have = false
+ have_esys3 = false
tpm2 = []
endif
conf.set10('HAVE_TPM2', have)
+conf.set10('HAVE_TSS2_ESYS3', have_esys3)
want_elfutils = get_option('elfutils')
if want_elfutils != 'false' and not skip_deps
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 4d0df944a9..8171b3e9e9 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1117,7 +1117,13 @@ static int tpm2_make_policy_session(
ESYS_TR_NONE,
NULL,
&pubkey_tpm2,
+#if HAVE_TSS2_ESYS3
+ /* tpm2-tss >= 3.0.0 requires a ESYS_TR_RH_* constant specifying the requested
+ * hierarchy, older versions need TPM2_RH_* instead. */
+ ESYS_TR_RH_OWNER,
+#else
TPM2_RH_OWNER,
+#endif
&pubkey_handle);
if (rc != TSS2_RC_SUCCESS) {
r = log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),

@ -0,0 +1,31 @@
From 89adb54468aff192fccc9dce793e24d98b26d994 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcus=20Sch=C3=A4fer?= <marcus.schaefer@gmail.com>
Date: Wed, 16 Nov 2022 16:25:08 +0100
Subject: [PATCH] Handle MACHINE_ID=uninitialized
systemd supports /etc/machine-id to be set to: uninitialized
In this case the expectation is that systemd creates a new
machine ID and replaces the value 'uninitialized' with the
effective machine id. In the scope of kernel-install we
should also enforce the creation of a new machine id in this
condition
(cherry picked from commit 305dd91adfde332e7e5c1b2470edb32774f9a032)
Related: #2138081
---
src/kernel-install/kernel-install.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/kernel-install/kernel-install.in b/src/kernel-install/kernel-install.in
index bba22f8a20..fa2c0d5276 100755
--- a/src/kernel-install/kernel-install.in
+++ b/src/kernel-install/kernel-install.in
@@ -160,6 +160,7 @@ if [ -z "$MACHINE_ID" ] && [ -f /etc/machine-info ]; then
fi
if [ -z "$MACHINE_ID" ] && [ -s /etc/machine-id ]; then
read -r MACHINE_ID </etc/machine-id
+ [ "$MACHINE_ID" = "uninitialized" ] && unset MACHINE_ID
[ -n "$MACHINE_ID" ] && \
log_verbose "machine-id $MACHINE_ID acquired from /etc/machine-id"
fi

@ -1,95 +0,0 @@
From f06002981d2bd2a582d2252f7d509205bcc2a9ed Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 26 Dec 2021 23:26:56 +0000
Subject: [PATCH] tests: add fuzz-bcd
(cherry picked from commit 4b65fc8725fa169bf870eb022d7b346796977c21)
Related: #2017035
---
src/boot/efi/fuzz-bcd.c | 26 ++++++++++++++++++++++++++
src/boot/efi/meson.build | 3 +++
tools/oss-fuzz.sh | 16 ++++++++++++++++
3 files changed, 45 insertions(+)
create mode 100644 src/boot/efi/fuzz-bcd.c
diff --git a/src/boot/efi/fuzz-bcd.c b/src/boot/efi/fuzz-bcd.c
new file mode 100644
index 0000000000..e5ed6638a4
--- /dev/null
+++ b/src/boot/efi/fuzz-bcd.c
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "alloc-util.h"
+#include "fd-util.h"
+#include "fuzz.h"
+#include "utf8.h"
+
+#include "bcd.c"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ _cleanup_free_ void *p = NULL;
+
+ /* This limit was borrowed from src/boot/efi/boot.c */
+ if (size > 100*1024)
+ return 0;
+
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
+ log_set_max_level(LOG_CRIT);
+
+ p = memdup(data, size);
+ assert_se(p);
+
+ char16_t *title = get_bcd_title(p, size);
+ assert_se(!title || char16_strlen(title) >= 0);
+ return 0;
+}
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 16b34f0ac2..229771026d 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -358,6 +358,9 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
[],
'HAVE_ZSTD'],
]
+ fuzzers += [
+ [['src/boot/efi/fuzz-bcd.c']],
+ ]
endif
systemd_boot_objects = []
diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh
index 8a19da665e..ae57fc25d5 100755
--- a/tools/oss-fuzz.sh
+++ b/tools/oss-fuzz.sh
@@ -36,6 +36,13 @@ else
apt-get install -y gperf m4 gettext python3-pip \
libcap-dev libmount-dev libkmod-dev \
pkg-config wget python3-jinja2
+
+ # gnu-efi is installed here to enable -Dgnu-efi behind which fuzz-bcd
+ # is hidden. It isn't linked against efi. It doesn't
+ # even include "efi.h" because "bcd.c" can work in "unit test" mode
+ # where it isn't necessary.
+ apt-get install -y gnu-efi zstd
+
pip3 install -r .github/workflows/requirements.txt --require-hashes
# https://github.com/google/oss-fuzz/issues/6868
@@ -56,6 +63,15 @@ fi
ninja -v -C "$build" fuzzers
+# Compressed BCD files are kept in test/test-bcd so let's unpack them
+# and put them all in the seed corpus.
+bcd=$(mktemp -d)
+for i in test/test-bcd/*.zst; do
+ unzstd "$i" -o "$bcd/$(basename "${i%.zst}")";
+done
+zip -jqr "$OUT/fuzz-bcd_seed_corpus.zip" "$bcd"
+rm -rf "$bcd"
+
# The seed corpus is a separate flat archive for each fuzzer,
# with a fixed name ${fuzzer}_seed_corpus.zip.
for d in "$(dirname "$0")/../test/fuzz/fuzz-"*; do

@ -0,0 +1,26 @@
From c64c705d9496faba81c8a2326a23f87470ffa692 Mon Sep 17 00:00:00 2001
From: Li kunyu <kunyu@nfschina.com>
Date: Fri, 18 Nov 2022 06:03:41 +0000
Subject: [PATCH] fuzz: fuzz-compress: fix copy-and-paste error: buf -> buf2
(#25431)
(cherry picked from commit f54f6d88b1235487eb7f0c634c488edc7813579a)
Related: #2138081
---
src/fuzz/fuzz-compress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fuzz/fuzz-compress.c b/src/fuzz/fuzz-compress.c
index 712ab3ffa9..10956cc548 100644
--- a/src/fuzz/fuzz-compress.c
+++ b/src/fuzz/fuzz-compress.c
@@ -55,7 +55,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
size_t sw_alloc = MAX(h->sw_alloc, 1u);
buf2 = malloc(sw_alloc);
- if (!buf) {
+ if (!buf2) {
log_oom();
return 0;
}

@ -1,335 +0,0 @@
From a21bc03df9504c7a9b0c8e0e894d94f226a7a038 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 11 Jan 2022 10:47:01 +0100
Subject: [PATCH] meson: Use files() for fuzzers
Not having to provide the full path in the source tree is much
nicer and the produced lists can also be used anywhere in the source
tree.
(cherry picked from commit bbec46c817951225f1e535d3df95b82a114e502a)
Related: #2017035
---
meson.build | 3 ++-
src/boot/efi/meson.build | 2 +-
src/core/meson.build | 2 +-
src/fuzz/meson.build | 20 ++++++++++----------
src/journal-remote/meson.build | 2 +-
src/journal/meson.build | 24 ++++++++++++------------
src/libsystemd-network/meson.build | 8 ++++----
src/libsystemd/meson.build | 4 ++--
src/network/meson.build | 4 ++--
src/nspawn/meson.build | 4 ++--
src/resolve/meson.build | 2 +-
src/systemctl/meson.build | 7 ++++---
src/udev/meson.build | 11 +++++------
src/xdg-autostart-generator/meson.build | 6 +++---
14 files changed, 50 insertions(+), 49 deletions(-)
diff --git a/meson.build b/meson.build
index 35ba29aecf..fdf02b8110 100644
--- a/meson.build
+++ b/meson.build
@@ -3677,7 +3677,8 @@ foreach tuple : fuzzers
sources += 'src/fuzz/fuzz-main.c'
endif
- name = sources[0].split('/')[-1].split('.')[0]
+ # FIXME: Use fs.stem() with meson >= 0.54.0
+ name = '@0@'.format(sources[0]).split('/')[-1].split('.')[0]
exe = executable(
name,
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 229771026d..3e948281f2 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -359,7 +359,7 @@ if efi_arch[1] in ['ia32', 'x86_64', 'arm', 'aarch64']
'HAVE_ZSTD'],
]
fuzzers += [
- [['src/boot/efi/fuzz-bcd.c']],
+ [files('fuzz-bcd.c')],
]
endif
diff --git a/src/core/meson.build b/src/core/meson.build
index d229d46779..97ac431763 100644
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -228,7 +228,7 @@ endif
############################################################
fuzzers += [
- [['src/core/fuzz-unit-file.c'],
+ [files('fuzz-unit-file.c'),
[libcore,
libshared],
[libmount]],
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 1ed1dd8251..d987f32b08 100644
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -1,23 +1,23 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
fuzzers += [
- [['src/fuzz/fuzz-catalog.c']],
+ [files('fuzz-catalog.c')],
- [['src/fuzz/fuzz-json.c']],
+ [files('fuzz-json.c')],
- [['src/fuzz/fuzz-varlink.c']],
+ [files('fuzz-varlink.c')],
- [['src/fuzz/fuzz-udev-database.c']],
+ [files('fuzz-udev-database.c')],
- [['src/fuzz/fuzz-compress.c']],
+ [files('fuzz-compress.c')],
- [['src/fuzz/fuzz-bus-label.c']],
+ [files('fuzz-bus-label.c')],
- [['src/fuzz/fuzz-env-file.c']],
+ [files('fuzz-env-file.c')],
- [['src/fuzz/fuzz-hostname-setup.c']],
+ [files('fuzz-hostname-setup.c')],
- [['src/fuzz/fuzz-calendarspec.c']],
+ [files('fuzz-calendarspec.c')],
- [['src/fuzz/fuzz-time-util.c']],
+ [files('fuzz-time-util.c')],
]
diff --git a/src/journal-remote/meson.build b/src/journal-remote/meson.build
index 168d0ed6a3..1f3e0878ae 100644
--- a/src/journal-remote/meson.build
+++ b/src/journal-remote/meson.build
@@ -76,7 +76,7 @@ endif
############################################################
fuzzers += [
- [['src/journal-remote/fuzz-journal-remote.c'],
+ [files('fuzz-journal-remote.c'),
[libsystemd_journal_remote,
libshared],
[],
diff --git a/src/journal/meson.build b/src/journal/meson.build
index b9a63d5e2f..21c4d2561c 100644
--- a/src/journal/meson.build
+++ b/src/journal/meson.build
@@ -116,38 +116,38 @@ tests += [
]
fuzzers += [
- [['src/journal/fuzz-journald-audit.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-audit.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
- [['src/journal/fuzz-journald-kmsg.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-kmsg.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
- [['src/journal/fuzz-journald-native.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-native.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
- [['src/journal/fuzz-journald-native-fd.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-native-fd.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
- [['src/journal/fuzz-journald-stream.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-stream.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
- [['src/journal/fuzz-journald-syslog.c',
- 'src/journal/fuzz-journald.c'],
+ [files('fuzz-journald-syslog.c',
+ 'fuzz-journald.c'),
[libjournal_core,
libshared],
[libselinux]],
diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build
index 3923df48ea..6be409d8ad 100644
--- a/src/libsystemd-network/meson.build
+++ b/src/libsystemd-network/meson.build
@@ -105,19 +105,19 @@ tests += [
]
fuzzers += [
- [['src/libsystemd-network/fuzz-dhcp6-client.c'],
+ [files('fuzz-dhcp6-client.c'),
[libshared,
libsystemd_network]],
- [['src/libsystemd-network/fuzz-dhcp-server.c'],
+ [files('fuzz-dhcp-server.c'),
[libsystemd_network,
libshared]],
- [['src/libsystemd-network/fuzz-lldp-rx.c'],
+ [files('fuzz-lldp-rx.c'),
[libshared,
libsystemd_network]],
- [['src/libsystemd-network/fuzz-ndisc-rs.c'],
+ [files('fuzz-ndisc-rs.c'),
[libshared,
libsystemd_network]],
]
diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build
index 42746e560f..2e5255d479 100644
--- a/src/libsystemd/meson.build
+++ b/src/libsystemd/meson.build
@@ -316,7 +316,7 @@ endif
############################################################
fuzzers += [
- [['src/libsystemd/sd-bus/fuzz-bus-message.c']],
+ [files('sd-bus/fuzz-bus-message.c')],
- [['src/libsystemd/sd-bus/fuzz-bus-match.c']],
+ [files('sd-bus/fuzz-bus-match.c')],
]
diff --git a/src/network/meson.build b/src/network/meson.build
index a598701e4f..23743233fa 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -261,14 +261,14 @@ if conf.get('ENABLE_NETWORKD') == 1
endif
fuzzers += [
- [['src/network/fuzz-netdev-parser.c'],
+ [files('fuzz-netdev-parser.c'),
[libnetworkd_core,
libsystemd_network,
networkd_link_with],
[threads],
network_includes],
- [['src/network/fuzz-network-parser.c'],
+ [files('fuzz-network-parser.c'),
[libnetworkd_core,
libsystemd_network,
networkd_link_with],
diff --git a/src/nspawn/meson.build b/src/nspawn/meson.build
index 3c1a9c6182..2934672e9a 100644
--- a/src/nspawn/meson.build
+++ b/src/nspawn/meson.build
@@ -66,12 +66,12 @@ tests += [
]
fuzzers += [
- [['src/nspawn/fuzz-nspawn-settings.c'],
+ [files('fuzz-nspawn-settings.c'),
[libshared,
libnspawn_core],
[libseccomp]],
- [['src/nspawn/fuzz-nspawn-oci.c'],
+ [files('fuzz-nspawn-oci.c'),
[libshared,
libnspawn_core],
[libseccomp]],
diff --git a/src/resolve/meson.build b/src/resolve/meson.build
index 4de50c3d8e..1fee993d0a 100644
--- a/src/resolve/meson.build
+++ b/src/resolve/meson.build
@@ -216,7 +216,7 @@ tests += [
]
fuzzers += [
- [['src/resolve/fuzz-dns-packet.c'],
+ [files('fuzz-dns-packet.c'),
[libsystemd_resolve_core,
libshared],
[lib_openssl_or_gcrypt,
diff --git a/src/systemctl/meson.build b/src/systemctl/meson.build
index 38bf33d49a..f0d405bb58 100644
--- a/src/systemctl/meson.build
+++ b/src/systemctl/meson.build
@@ -83,7 +83,8 @@ else
endif
fuzzers += [
- [['src/systemctl/fuzz-systemctl-parse-argv.c',
- systemctl_sources],
+ [files('fuzz-systemctl-parse-argv.c') +
+ systemctl_sources,
systemctl_link_with,
- [], [], ['-DFUZZ_SYSTEMCTL_PARSE_ARGV']]]
+ [], [], ['-DFUZZ_SYSTEMCTL_PARSE_ARGV']]
+]
diff --git a/src/udev/meson.build b/src/udev/meson.build
index 57fbf8c8fc..9fd0bcdd0e 100644
--- a/src/udev/meson.build
+++ b/src/udev/meson.build
@@ -174,24 +174,23 @@ if install_sysconfdir
endif
fuzzers += [
- [['src/udev/net/fuzz-link-parser.c',
- 'src/fuzz/fuzz.h'],
+ [files('net/fuzz-link-parser.c'),
[libudevd_core,
libshared],
[threads,
libacl],
udev_includes],
- [['src/udev/fuzz-udev-rules.c'],
+ [files('fuzz-udev-rules.c'),
[libudevd_core,
libshared],
[threads,
libacl]],
- [['src/udev/fuzz-udev-rule-parse-value.c']],
+ [files('fuzz-udev-rule-parse-value.c')],
- [['src/udev/fido_id/fuzz-fido-id-desc.c',
- 'src/udev/fido_id/fido_id_desc.c']],
+ [files('fido_id/fuzz-fido-id-desc.c',
+ 'fido_id/fido_id_desc.c')],
]
tests += [
diff --git a/src/xdg-autostart-generator/meson.build b/src/xdg-autostart-generator/meson.build
index 6418f57c40..cdce66b6fc 100644
--- a/src/xdg-autostart-generator/meson.build
+++ b/src/xdg-autostart-generator/meson.build
@@ -12,7 +12,7 @@ tests += [
]
fuzzers += [
- [['src/xdg-autostart-generator/fuzz-xdg-desktop.c',
- 'src/xdg-autostart-generator/xdg-autostart-service.c',
- 'src/xdg-autostart-generator/xdg-autostart-service.h']],
+ [files('fuzz-xdg-desktop.c',
+ 'xdg-autostart-service.c',
+ 'xdg-autostart-service.h')],
]

@ -0,0 +1,25 @@
From 944fa2afca2bd6bd4d1d5aecd265fd4756ee44e2 Mon Sep 17 00:00:00 2001
From: Li kunyu <kunyu@nfschina.com>
Date: Fri, 18 Nov 2022 16:10:24 +0900
Subject: [PATCH] boot/measure: fix oom check
(cherry picked from commit fc0cc6db1ecbaa16513125d3fd1a7d11e391a8ee)
Related: #2138081
---
src/boot/measure.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 4f16acedf0..0bbd386449 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -897,7 +897,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
}
_cleanup_free_ void *sig = malloc(ss);
- if (!ss) {
+ if (!sig) {
r = log_oom();
goto finish;
}

@ -1,137 +0,0 @@
From 5a35f08026cad007f460170fe6a3e43bd51f60f9 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 11 Jan 2022 10:56:22 +0100
Subject: [PATCH] meson: Add check argument to remaining run_command() calls
(cherry picked from commit 68a06b3cdfe35ff08092e139033edb4a5189a439)
Related: #2017035
---
man/meson.build | 2 +-
src/basic/meson.build | 2 +-
src/boot/efi/meson.build | 11 +++++++----
src/test/meson.build | 2 +-
test/fuzz/meson.build | 7 ++++---
test/meson.build | 8 +++++---
6 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index a06a601767..710b4ca008 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -105,7 +105,7 @@ endforeach
############################################################
-have_lxml = run_command(xml_helper_py).returncode() == 0
+have_lxml = run_command(xml_helper_py, check: false).returncode() == 0
if not have_lxml
message('python-lxml not available, not making man page indices')
endif
diff --git a/src/basic/meson.build b/src/basic/meson.build
index 229ac97c69..5a9e13d741 100644
--- a/src/basic/meson.build
+++ b/src/basic/meson.build
@@ -384,7 +384,7 @@ filesystem_includes = ['linux/magic.h',
'linux/gfs2_ondisk.h']
check_filesystems = find_program('check-filesystems.sh')
-r = run_command([check_filesystems, cpp, 'filesystems-gperf.gperf'] + filesystem_includes)
+r = run_command([check_filesystems, cpp, 'filesystems-gperf.gperf'] + filesystem_includes, check: false)
if r.returncode() != 0
error('found unknown filesystem(s) defined in kernel headers:\n\n' + r.stdout())
r.stdout()
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 3e948281f2..fad92f09a1 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -57,8 +57,11 @@ endif
efi_libdir = ''
foreach dir : [get_option('efi-libdir'),
'/usr/lib/gnuefi' / efi_arch[0],
- run_command('realpath', '-e',
- '/usr/lib' / run_command(cc.cmd_array(), '-print-multi-os-directory').stdout().strip()).stdout().strip()]
+ run_command(
+ 'realpath', '-e',
+ '/usr/lib' / run_command(cc.cmd_array(), '-print-multi-os-directory', check: false).stdout().strip(),
+ check: false
+ ).stdout().strip()]
if dir != '' and fs.is_dir(dir)
efi_libdir = dir
break
@@ -125,7 +128,7 @@ elif get_option('sbat-distro') != ''
value = get_option(sbatvar[0])
if (value == '' or value == 'auto') and not meson.is_cross_build()
cmd = 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $@0@'.format(sbatvar[1])
- value = run_command(sh, '-c', cmd).stdout().strip()
+ value = run_command(sh, '-c', cmd, check: true).stdout().strip()
endif
if value == ''
error('Required @0@ option not set and autodetection failed'.format(sbatvar[0]))
@@ -254,7 +257,7 @@ if efi_arch[1] == 'arm'
efi_ldflags += ['-Wl,--no-warn-mismatch']
endif
-if run_command('grep', '-q', '__CTOR_LIST__', efi_lds).returncode() == 0
+if run_command('grep', '-q', '__CTOR_LIST__', efi_lds, check: false).returncode() == 0
# fedora has a patched gnu-efi that adds support for ELF constructors.
# If ld is called by gcc something about these symbols breaks, resulting
# in sd-boot freezing when gnu-efi runs the constructors. Force defining
diff --git a/src/test/meson.build b/src/test/meson.build
index 9e224d69ce..75f78e2e1a 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -11,7 +11,7 @@ test_hashmap_ordered_c = custom_target(
test_include_dir = include_directories('.')
-path = run_command(sh, '-c', 'echo "$PATH"').stdout().strip()
+path = run_command(sh, '-c', 'echo "$PATH"', check: true).stdout().strip()
test_env = environment()
test_env.set('SYSTEMD_LANGUAGE_FALLBACK_MAP', language_fallback_map)
test_env.set('PATH', project_build_root + ':' + path)
diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build
index 30e26b09cf..b4766de3eb 100644
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@@ -13,12 +13,13 @@ sanitize_address_undefined = custom_target(
sanitizers = [['address,undefined', sanitize_address_undefined]]
-if git.found()
+if git.found() and fs.exists(project_source_root / '.git')
out = run_command(env, '-u', 'GIT_WORK_TREE',
git, '--git-dir=@0@/.git'.format(project_source_root),
- 'ls-files', ':/test/fuzz/*/*')
+ 'ls-files', ':/test/fuzz/*/*',
+ check: true)
else
- out = run_command(sh, '-c', 'ls @0@/test/fuzz/*/*'.format(project_source_root))
+ out = run_command(sh, '-c', 'ls @0@/test/fuzz/*/*'.format(project_source_root), check: true)
endif
fuzz_regression_tests = []
diff --git a/test/meson.build b/test/meson.build
index 04ae9ebc78..baf94703ea 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -182,14 +182,16 @@ endif
if want_tests != 'false' and dmi_arches.contains(host_machine.cpu_family())
udev_dmi_memory_id_test = find_program('udev-dmi-memory-id-test.sh')
- if git.found()
+ if git.found() and fs.exists(project_source_root / '.git')
out = run_command(
env, '-u', 'GIT_WORK_TREE',
git, '--git-dir=@0@/.git'.format(project_source_root),
- 'ls-files', ':/test/dmidecode-dumps/*.bin')
+ 'ls-files', ':/test/dmidecode-dumps/*.bin',
+ check: true)
else
out = run_command(
- sh, '-c', 'ls @0@/test/dmidecode-dumps/*.bin'.format(project_source_root))
+ sh, '-c', 'ls @0@/test/dmidecode-dumps/*.bin'.format(project_source_root),
+ check: true)
endif
foreach p : out.stdout().split()

@ -1,43 +0,0 @@
From 5de4b00e4150080e68064fa1de003039a0901468 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 11 Jan 2022 11:27:27 +0100
Subject: [PATCH] meson: Use echo to list files
No need to invoke ls when we are just interested in file names.
Also, the cd to source root makes the output identical to
"git ls-files" (relative instead of absolute paths).
(cherry picked from commit 3a469802f4d7b0a59fe1644cb53d34aee4e56bab)
Related: #2017035
---
test/fuzz/meson.build | 2 +-
test/meson.build | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build
index b4766de3eb..39730a615c 100644
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@@ -19,7 +19,7 @@ if git.found() and fs.exists(project_source_root / '.git')
'ls-files', ':/test/fuzz/*/*',
check: true)
else
- out = run_command(sh, '-c', 'ls @0@/test/fuzz/*/*'.format(project_source_root), check: true)
+ out = run_command(sh, '-c', 'cd "@0@"; echo test/fuzz/*/*'.format(project_source_root), check: true)
endif
fuzz_regression_tests = []
diff --git a/test/meson.build b/test/meson.build
index baf94703ea..c5d8d6917b 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -190,7 +190,7 @@ if want_tests != 'false' and dmi_arches.contains(host_machine.cpu_family())
check: true)
else
out = run_command(
- sh, '-c', 'ls @0@/test/dmidecode-dumps/*.bin'.format(project_source_root),
+ sh, '-c', 'cd "@0@"; echo test/dmidecode-dumps/*.bin'.format(project_source_root),
check: true)
endif

@ -0,0 +1,57 @@
From b2d259a82329e37b0f369e9951f19a067cb8bfb4 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Fri, 18 Nov 2022 07:18:18 +0000
Subject: [PATCH] nspawn: allow sched_rr_get_interval_time64 through seccomp
filter
We only allow a selected subset of syscalls from nspawn containers
and don't list any time64 variants (needed for 32-bit arches when
built using TIME_BITS=64, which is relatively new).
We allow sched_rr_get_interval which cpython's test suite makes
use of, but we don't allow sched_rr_get_interval_time64.
The test failures when run in an arm32 nspawn container on an arm64 host
were as follows:
```
======================================================================
ERROR: test_sched_rr_get_interval (test.test_posix.PosixTester.test_sched_rr_get_interval)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/tmp/portage/dev-lang/python-3.11.0_p1/work/Python-3.11.0/Lib/test/test_posix.py", line 1180, in test_sched_rr_get_interval
interval = posix.sched_rr_get_interval(0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 1] Operation not permitted
```
Then strace showed:
```
sched_rr_get_interval_time64(0, 0xffbbd4a0) = -1 EPERM (Operation not permitted)
```
This appears to be the only time64 syscall that isn't already included one of
the sets listed in nspawn-seccomp.c that has a non-time64 variant. Checked
over each of the time64 syscalls known to systemd and verified that none
of the others had a non-time64-variant whitelisted in nspawn other than
sched_rr_get_interval.
Bug: https://bugs.gentoo.org/880131
(cherry picked from commit b9e7f22c2d80930cad36ae53e66e42a2996dca4a)
Related: #2138081
---
src/nspawn/nspawn-seccomp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 77f4c2ac88..27044fadd2 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -88,6 +88,7 @@ static int add_syscall_filters(
{ 0, "sched_getparam" },
{ 0, "sched_getscheduler" },
{ 0, "sched_rr_get_interval" },
+ { 0, "sched_rr_get_interval_time64" },
{ 0, "sched_yield" },
{ 0, "seccomp" },
{ 0, "sendfile" },

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save