summaryrefslogtreecommitdiff
path: root/src/portable
Commit message (Collapse)AuthorAgeFilesLines
* policy files: adjust landing page linkZbigniew Jędrzejewski-Szmek2022-01-121-1/+1
|
* Define FOREACH_DIRENT through FOREACH_DIRENT_ALLZbigniew Jędrzejewski-Szmek2021-12-151-3/+0
| | | | As in the previous commit, 'de' is used as the iterator variable name.
* portable: move profile search helper to path-lookupLuca Boccassi2021-11-261-31/+2
| | | | Will be used in systemd-analyze later
* os-release: add new PORTABLE_PREFIXES= field for declaring valid portable ↵Lennart Poettering2021-11-233-43/+128
| | | | service match prefixes
* extension-release.d/: add a new field SYSEXT_SCOPE= for clarifying what a ↵Lennart Poettering2021-11-231-1/+1
| | | | | | | | | | | | | | | | system extension is for This should make things a bit more robust since it ensures system extension can only applied to the right environments. Right now three different "scopes" are defined: 1. "system" (for regular OS systems, after the initrd transition) 2. "initrd" (for sysext images that apply to the initrd environment) 3. "portable" (for sysext images that apply to portable images) If not specified we imply a default of "system portable", i.e. any image where the field is not specified is implicitly OK for application to OS images and for portable services – but not for initrds.
* Merge pull request #20138 from keszybz/coding-style-variable-declsLuca Boccassi2021-11-052-9/+7
|\ | | | | A coding style tweak and checking of sd_notify() calls and voidification of pager_open()
| * Make pager_open() return voidZbigniew Jędrzejewski-Szmek2021-11-031-2/+2
| |
| * tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1Zbigniew Jędrzejewski-Szmek2021-11-031-7/+5
| | | | | | | | | | | | | | | | Most sd_notify() calls are like log_info() — the result is only informative and if they fail, it's best ignore this. But if a call with READY=1 fails, the unit may enter a failed state, so we should warn about this. Similarly for FSTOREREMOVE=1: the manager may be left with a stale fd, at least wasting resources.
* | tree-wide: do not print hint about -M if -M is already usedZbigniew Jędrzejewski-Szmek2021-11-041-1/+1
|/ | | | | | | | (Or when -H is used, since -H and -M are incompatible.) Note that the slightly unusual form with separate boolean variables (hint_vars, hint_addr) instead of e.g. a const char* variable to hold the message, because this way we don't trigger the warning about non-literal format.
* alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhereLennart Poettering2021-10-141-1/+1
| | | | | | | | | | | | | Let's define two helpers strdupa_safe() + strndupa_safe() which do the same as their non-safe counterparts, except that they abort if called with allocations larger than ALLOCA_MAX. This should ensure that all our alloca() based allocations are subject to this limit. afaics glibc offers three alloca() based APIs: alloca() itself, strndupa() + strdupa(). With this we have now replacements for all of them, that take the limit into account.
* basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]Lennart Poettering2021-10-052-1/+3
|
* variuos: add missing includesZbigniew Jędrzejewski-Szmek2021-09-221-0/+2
|
* portable: copy SELinux label when extracting units from imagesLuca Boccassi2021-09-202-5/+42
| | | | | | | | Units are copied out via sendmsg datafd from images, but that means the SELinux labels get lost in transit. Extract them and copy them over. Given recvmsg cannot use multiple IOV transparently when the sizes are variable, use a '\0' as a separator between the filename and the label.
* portable: use send_one_fd_iov/receive_one_fd_iov instead of custom helpersLuca Boccassi2021-09-201-87/+26
| | | | Will be useful for the next commit switching to multiple IOVs
* portabled: refactor extraction/validation into a common helperLuca Boccassi2021-09-061-77/+92
|
* portabled: validate SYSEXT_LEVEL when attachingLuca Boccassi2021-09-062-18/+71
| | | | | | When attaching a portable service with extensions, immediately validate that the os-release and extension-release metadata values match, rather than letting it fail when the units are started
* portabled: error out if there are no units only after parsing all imagesLuca Boccassi2021-09-061-3/+26
| | | | | It's ok if the OS image doesn't have matching units, if we find them in the extensions. Tidies up the parsing logic a bit.
* dissect-image: add extension-specific validation flagLuca Boccassi2021-09-061-1/+8
| | | | Allows callers to specify which image type they are looking for
* Merge pull request #20257 from bluca/seqnoLuca Boccassi2021-08-311-0/+1
|\ | | | | Use new diskseq block device property
| * dissect: use DISKSEQ when waiting for block devicesLuca Boccassi2021-07-281-0/+1
| | | | | | | | | | | | | | | | DISKSEQ is a reliable way to find out if we missed a uevent or not, as it's monotonically increasing. If we parse an event with a smaller or no sequence number, we know we need to wait longer. If we parse an event with a greater sequence number, we know we missed it and the device was reused.
* | Drop the text argument from assert_not_reached()Zbigniew Jędrzejewski-Szmek2021-08-032-2/+2
|/ | | | | | | | | | | | | | | | | In general we almost never hit those asserts in production code, so users see them very rarely, if ever. But either way, we just need something that users can pass to the developers. We have quite a few of those asserts, and some have fairly nice messages, but many are like "WTF?" or "???" or "unexpected something". The error that is printed includes the file location, and function name. In almost all functions there's at most one assert, so the function name alone is enough to identify the failure for a developer. So we don't get much extra from the message, and we might just as well drop them. Dropping them makes our code a tiny bit smaller, and most importantly, improves development experience by making it easy to insert such an assert in the code without thinking how to phrase the argument.
* meson: use a/b instead of join_paths(a,b)Zbigniew Jędrzejewski-Szmek2021-07-271-4/+4
| | | | It is nicer and shorter.
* tree-wide: coccinelle fixesFrantisek Sumsal2021-07-091-4/+2
| | | | Yet another batch of Coccinelle fixes.
* Merge pull request #20004 from yuwata/readdir-ensure-typeZbigniew Jędrzejewski-Szmek2021-06-241-3/+0
|\ | | | | dirent-util: introduce readdir_ensure_type()
| * dirent-util: use readdir_ensure_type() in readdir_no_dot() and FOREACH_DIRENT()Yu Watanabe2021-06-241-3/+0
| |
* | basic: move acquire_data_fd() and fd_duplicate_data_fd() to new data-fd-util.cZbigniew Jędrzejewski-Szmek2021-06-241-1/+2
|/ | | | | | | | | | | fd_duplicate_data_fd() is renamed to copy_data_fd(). This makes the two functions have nicely similar names. Now fd-util.[ch] is again about low-level file descriptor manipulations. copy_data_fd() is a complex function that internally wraps the other functions in copy.c. I want to move copy.c and the whole cluster of related code from basic/ to shared/ later on, and this is a preparatory step for that.
* tree-wide: always drop unnecessary dot in pathYu Watanabe2021-05-281-2/+2
|
* alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()Lennart Poettering2021-05-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | We recently started making more use of malloc_usable_size() and rely on it (see the string_erase() story). Given that we don't really support sytems where malloc_usable_size() cannot be trusted beyond statistics anyway, let's go fully in and rework GREEDY_REALLOC() on top of it: instead of passing around and maintaining the currenly allocated size everywhere, let's just derive it automatically from malloc_usable_size(). I am mostly after this for the simplicity this brings. It also brings minor efficiency improvements I guess, but things become so much nicer to look at if we can avoid these allocation size variables everywhere. Note that the malloc_usable_size() man page says relying on it wasn't "good programming practice", but I think it does this for reasons that don't apply here: the greedy realloc logic specifically doesn't rely on the returned extra size, beyond the fact that it is equal or larger than what was requested. (This commit was supposed to be a quick patch btw, but apparently we use the greedy realloc stuff quite a bit across the codebase, so this ends up touching *a*lot* of code.)
* dissect-image: add support for optionally mounting images with idmapping onLennart Poettering2021-05-071-1/+1
|
* various: print the image path when setting up of the loopback device failsZbigniew Jędrzejewski-Szmek2021-04-231-1/+1
|
* dissect: ignore udev database entries from before the loopback attachmentLennart Poettering2021-04-201-0/+1
| | | | | | | | | This tries to shorten the race of device reuse a bit more: let's ignore udev database entries that are older than the time where we started to use a loopback device. This doesn't fix the whole loopback device raciness mess, but it makes the race window a bit shorter.
* dissect: ignore old uevents when waiting for loopback partition scanLennart Poettering2021-04-201-0/+1
| | | | | | | | | | | Let's drop all monitor uevent that were enqueued before we actually started setting up the device. This doesn't fix the race, but it makes the race window smaller: since we cannot determine the uevent seqnum and the loopback attachment atomically, there's a tiny window where uevents might be generated by the device which we mistake for being associated with out use of the loopback device.
* tree-wide: avoid uninitialized warning on _cleanup_ variablesLuca Boccassi2021-04-142-2/+2
| | | | | | | With some versions of the compiler, the _cleanup_ attr makes it think the variable might be freed/closed when uninitialized, even though it cannot happen. The added cost is small enough to be worth the benefit, and optimized builds will help reduce it even further.
* tree-wide: sd_bus_error_setf → set_bus_error_setZbigniew Jędrzejewski-Szmek2021-04-073-6/+6
| | | | strdup() is more efficient than asprintf().
* portabled: add --extension parameter for layered images supportLuca Boccassi2021-03-315-132/+660
| | | | | | | | | Add an --extension parameter to portablectl, and new DBUS methods to attach/detach/reattach/inspect. Allows to append separate images on top of the root directory (os-release will be searched in there) and mount the images using an overlay-like setup (unit files will be searched in there) using the new ExtensionImages service option.
* dissect-image: split DISSECT_IMAGE_REQUIRE_ROOT in twoLennart Poettering2021-03-161-1/+10
| | | | | | | | | | | | Previously, the flag did two things at once: enable support for using generic partitions as root fs if there were only one/allow use of partition-table-less images as root fs. And secondly, insist that there was a rootfs, and fail if not. Let's split these two in two separate options so that they can be used independently of each other. There are cases where one wants to use one without the other (i.e. when inspecting things with systemd-dissect tool it should be OK to do so even if image has no root fs), and it's cleaner anyway.
* tree-wide: make use of DISSECT_IMAGE_USR_NO_ROOT in various toolsLennart Poettering2021-03-161-1/+1
| | | | | | | | Let's make use of the new dissection in all tools where this makes sense, which are all tools that dissect images, except for those which inherently operate on state/configuraiton and thus where an image without state nor configuration is useless (e.g. systemd-tmpfiles/systemd-firstboot/… --image= switch).
* tree-wide: use UINT64_MAX or friendsYu Watanabe2021-03-052-3/+3
|
* table: drop last SIZE_MAX from table_set_sort() and table_set_display()Yu Watanabe2021-03-051-1/+1
|
* Move os-util.[ch] to basic/Zbigniew Jędrzejewski-Szmek2021-02-222-1/+2
| | | | parse_os_release() will be used basic/hostname-util.c later on.
* portable: make PortableChangeType enum anonymousLennart Poettering2021-02-174-12/+23
| | | | Same reasons as previous commit.
* portable: use -EINVAL for _PORTABLE_CHANGE_TYPE_INVALIDBenjamin Robin2021-02-161-1/+1
| | | | Follow-up of #11484
* portabled: use SD_BUS_METHOD_WITH_ARGSLuca Boccassi2021-02-152-21/+129
|
* portabled: use service_parse_argv/bus_add_implementationLuca Boccassi2021-02-155-10/+31
| | | | Remove some boilerplate and allow introspection
* portable: add 'reattach' verb and DBUS interfaceLuca Boccassi2021-02-108-24/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 'reattach' verb to portablectl, and corresponding DBUS interface to systemd-portabled. Takes the same parameters as 'attach', but it will do a 'detach' (and it will refuse to proceed if it cannot be done) first, matching on the unversioned prefix of the new image. Eg: portablectl reattach /tmp/foo_2.raw will cause foo_1.raw to be detached, and foo_2.raw to be attached. The key difference with a manual 'detach old' plus 'attach new' is that the running units are not disturbed until after the attach completed, and if --now is passed they are then restarted. A 'detach' is not allowed normally if the units are running. By using a restart-after-deploy method, 'reattach' allows for minimal interruption of service and also for features that only work on restart (eg: file descriptor store) to work as intended. The DBUS interface returns two lists: first the removals from the detach that were not immediately re-added in the attach, so that the caller can stop the relevant units, and then the list of additions that are either new or updates, so that the caller can restart/enable the relevant units. portablectl already implements this with the existing --now/--enable switches.
* portable: allow Detach to match images with different version suffixesLuca Boccassi2021-02-101-4/+12
|
* tree-wide: use -EINVAL for enum invalid valuesZbigniew Jędrzejewski-Szmek2021-02-102-2/+2
| | | | | | | | | As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617. This does not touch anything exposed in src/systemd. Changing the defines there would be a compatibility break. Note that tests are broken after this commit. They will be fixed in the next one.
* Merge pull request #18375 from yuwata/cli-tools-also-read-kernel-command-lineZbigniew Jędrzejewski-Szmek2021-02-082-2/+2
|\ | | | | tree-wide: make CLI tools also read kernel command line when run as service
| * tree-wide: enable colorized logging for daemons when run in consoleYu Watanabe2021-02-012-2/+2
| | | | | | | | It may be useful when debugging daemons.
* | shared: rename machine-image.[ch] → discover-image.[ch]Lennart Poettering2021-02-036-6/+6
|/ | | | | | | | | | The old name originates when this was used to discover "machine" images, as managed by machined/machinectl. But nowadays this is also used by portable services and system extensions, hence let's use a more generic name for this API. Taking inspiration from "dissect-image.[ch]", let's call this "discover-image.[ch]". This is pure renaming, no other changes.
View Lorry Controller Status