summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* sd-device: fix double-freeYu Watanabe2022-12-121-2/+7
| | | | | | | | | | If an attribute is read but the value is not used (i.e. ret_value is NULL), then sd_device_get_sysattr_value() mistakenly frees the read data even though it is cached internally. Fixes a bug introduced by acfc2a1d15560084e077ffb3be472cd117e9020a. Fixes #25702.
* repart: support erofsLennart Poettering2022-12-101-0/+17
| | | | | | | | | | | | | | | So, i think "erofs" is probably the better, more modern alternative to "squashfs". Many of the benefits don't matter too much to us I guess, but there's one thing that stands out: erofs has a UUID in the superblock, squashfs has not. Having an UUID in the superblock matters if the file systems are used in an overlayfs stack, as overlayfs uses the UUIDs to robustly and persistently reference inodes on layers in case of metadata copy-up. Since we probably want to allow such uses in overlayfs as emplyoed by sysext (and the future syscfg) we probably should ramp up our erofs game early on. Hence let's natively support erofs, test it, and in fact mention it in the docs before squashfs even.
* mount-setup: don't need to mount /sys/fs/pstore if there is no ENABLE_PSTOREjcg2022-12-101-0/+2
|
* Merge pull request #25636 from thom311/th/wcast-align-fixesZbigniew Jędrzejewski-Szmek2022-12-096-11/+25
|\ | | | | all: avoid various "-Wcast-align=strict" warnings
| * all: avoid various "-Wcast-align=strict" warningsThomas Haller2022-12-094-5/+7
| |
| * socket-util: add CMSG_TYPED_DATA() as type-safe wrapper around CMSG_DATA()Lennart Poettering2022-12-081-6/+8
| |
| * fundamental: add CAST_ALIGN_PTR() macroThomas Haller2022-12-081-0/+10
| |
* | resolve: optimize conversion of TXT fields to jsonYu Watanabe2022-12-091-17/+33
| | | | | | | | | | | | Fixes oss-fuzz#54080 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54080). Fixes #25654.
* | hexdecoct: fix NULL pointer dereferences in hexmem()Yu Watanabe2022-12-092-1/+22
| | | | | | | | | | | | Fixes oss-fuzz#54090 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54090). Fixes #25655.
* | hexdecoct: add missing NULL checkYu Watanabe2022-12-091-1/+1
| | | | | | | | | | | | Fixes oss-fuzz#54065 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54065). Fixes #25650.
* | test: add tests for base64_append()Yu Watanabe2022-12-091-0/+114
| |
* | hexdecoct: several cleanups for base64_append()Yu Watanabe2022-12-092-27/+47
|/ | | | | | | | - add missing assertions, - use size_t for buffser size or memory index, - handle empty input more gracefully, - return the length or the result string, - fix off-by-one issue when the prefix is already long enough.
* Merge pull request #25662 from msizanoen1/s2h-nosuspend-user-procLennart Poettering2022-12-089-28/+66
|\ | | | | sleep: always thaw user.slice even if freezing failed
| * core: pending_freezer_{message => invocation}msizanoen12022-12-084-11/+11
| | | | | | | | Rename the field to reflect the new semantics.
| * core/sleep: set timeout for freeze/thaw operation to 1.5 secondsmsizanoen12022-12-081-0/+3
| | | | | | | | | | | | | | A FreezeUnit operation can hang due to the presence of kernel threads (see last 2 commits). Keeping the default configuration will mean the system will hang for 25 seconds in suspend waiting for the response. 1.5 seconds should be sufficient for most cases.
| * core/cgroup: ignore kernel cgroup.events when thawingmsizanoen12022-12-081-8/+13
| | | | | | | | | | | | The `frozen` state can be `0` while the processes are indeed frozen (see last commit). Therefore do not respect cgroup.events when checking whether thawing is necessary.
| * core/unit: allow overriding an ongoing freeze operationmsizanoen12022-12-084-11/+26
| | | | | | | | | | | | | | Sometimes a freeze operation can hang due to the presence of kernel threads inside the unit cgroup (e.g. QEMU-KVM). This ensures that the ThawUnit operation invoked by systemd-sleep at wakeup always thaws the unit.
| * core/cgroup: thaw slice of unit when thawing unitmsizanoen12022-12-081-0/+14
| | | | | | | | This ensures starting a new unit under a frozen slice work as expected.
| * core/slice: skip member units without realized cgroup during freeze or thawmsizanoen12022-12-081-0/+3
| | | | | | | | | | This ensures that services with `RemainAfterExit` but without any process running won't cause failure during freeze.
| * sleep: always thaw user.slice even if freezing failedmsizanoen12022-12-081-3/+1
| | | | | | | | | | | | `FreezeUnit` can fail even when some units did got frozen, causing some user units to be frozen. A possible symptom is `user@.service` being frozen while still being able to log in over SSH.
* | Merge pull request #25667 from poettering/sha256-align-fixLennart Poettering2022-12-086-38/+112
|\ \ | | | | | | sha256 alignment fixes/rework
| * | sha256: port to new generic IS_ALIGNED32() macroLennart Poettering2022-12-081-14/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | This drops the special casing for s390 and other archs, which was cargo-culted from glibc. Given it's not obvious why it exists, and is at best an optimization let's simply avoid it, in particular as the archs are relatively non-mainstream. Inspired by: #25636
| * | macro: add generic IS_ALIGNED32() anf friendsLennart Poettering2022-12-082-0/+62
| | | | | | | | | | | | | | | Let's generalize (and invert) the UNALIGNED32_P() macro from the sha256 code, and let's add a test for it.
| * | sha256: move to unaligned_write_ne32()Lennart Poettering2022-12-081-5/+2
| | |
| * | fundamental: split out unaligned_{read|write}_ne{16,32,64}() helpers into ↵Lennart Poettering2022-12-082-18/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | unaligned-fundamental.h Let's allow using this in code shared between userspace and EFI mode. Also, don't implement these functions via endianness conversions given we don't actually want to convert endianess here.
| * | sha256: external headers should be included with <>Lennart Poettering2022-12-081-1/+1
| | |
* | | Merge pull request #25665 from poettering/dissect-memoryLennart Poettering2022-12-085-7/+113
|\ \ \ | | | | | | | | dissect: add a mode for operating on an in-memory copy of a DDI, inst…
| * | | dissect: add a mode for operating on an in-memory copy of a DDI, instead of ↵Lennart Poettering2022-12-081-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | directly on it This is useful for operating in ephemeral, writable mode on any image, including read-only ones. It also has the benefit of not keeping the image file's filesystem busy. Inspired by the discussions in #25648
| * | | loop-util: add new loop_device_make_by_path_memory() helperLennart Poettering2022-12-082-0/+43
| | | | | | | | | | | | | | | | | | | | This uses the new memfd_clone_fd() call to make an in-memory copy of some file before setting up a loopback block device on it.
| * | | data-fd-util: add new memfd_clone_fd() helperLennart Poettering2022-12-082-0/+53
| | | | | | | | | | | | | | | | This adds a new helper for cloning any file's contents (or block device contents) into a new memfd.
* | | | fs-util: make chmod_and_chown_at() work with empty path and AT_FDCWDYu Watanabe2022-12-081-1/+9
| |/ / |/| | | | | | | | | | | | | | Follow-up for 7d000133c2fbf4b5986185ccfc0273a2428972a9. Fixes CID#1500608.
* | | Merge pull request #25180 from keszybz/ukifyLennart Poettering2022-12-0814-53/+1468
|\ \ \ | |/ / |/| | ukify: add helper to create UKIs
| * | ukify: allow multiple initrdsZbigniew Jędrzejewski-Szmek2022-12-072-11/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | If given, multiple initrds are concatenated into a temporary file which then becomes the .initrd section. It is also possible to give no initrd. After all, some machines boot without an initrd, and it should be possible to use the stub without requiring an initrd. (The stub might not like this, but this is something to fix there.)
| * | ci: install pefileZbigniew Jędrzejewski-Szmek2022-12-072-1/+8
| | |
| * | ukify: try to find the uname string in the linux image if not specifiedZbigniew Jędrzejewski-Szmek2022-12-072-0/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The approach is based on mkinicpio's autodetection. This is hacky as hell. Some cases are actually fairly nice: ppc64el images have a note that contains 'uname -r'. (The note is not uniquely labeled at all, and only contains the release part instead of the full version-hostname-release string, and we don't actually care about ppc, and it's very hard to read the note from Python, but in general that'd be the approach I'd like.) I opted to simply read and decompress the full linux binary in some cases. Python doesn't make it easy to do streaming decompression with regexp matching, and it doesn't seem to matter much: the image decompresses in a fraction of a second.
| * | tests: add pytest tests for ukifyZbigniew Jędrzejewski-Szmek2022-12-079-0/+510
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some gymnastics were needed to import ukify as a module. Before the file was templated, this was trivial: insert the directory in sys.path, call import. But it's a real pain to import the unsuffixed file after processing. Instead, the untemplated file is imported, which works well enough for tests and is very simple. The tests can be called via pytest: PATH=build/:$PATH pytest -v src/ukify/test/test_ukify.py or directly: PATH=build/:$PATH src/ukify/test/test_ukify.py or via the meson test machinery output: meson test -C build test-ukify -v or without verbose output: meson test -C build test-ukify Zekret files are obfuscated using base64.
| * | meson,ukify: hook up ukify, add --version optionZbigniew Jędrzejewski-Szmek2022-12-071-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The option is added because we have a similar one for kernel-install. This program requires python, and some people might want to skip it because of this. The tool is installed in /usr/lib/systemd for now, since the interface might change. A template file is used, but there is no .in suffix. The problem is that we'll later want to import the file as a module for tests, but recent Python versions make it annoyingly hard to import a module from a file without a .py suffix. imp.load_sources() works, but it is deprecated and throws warnings. importlib.machinery.SourceFileLoader().load_module() works, but is also deprecated. And the documented replacements are a maze of twisted little callbacks that result in an empty module. So let's take the easy way out, and skip the suffix which makes it easy to import the template as a module after adding the directory to sys.path.
| * | ukify: add helper to create UKIsZbigniew Jędrzejewski-Szmek2022-12-071-0/+576
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Features: - adds sections .linux, .initrd, .uname, .osrel, .pcrpkey, .pcrsig, .cmdline, .splash - multiple initrds can be concatenated - section flags are set properly (READONLY, DATA or CODE) - uses systemd-measure to precalculate pcr measurements and create a signed json policy - the inner linux image will be signed automatically with sbsign if unsigned - uses sbsign to sign the output image - offsets are calculated so that sections are placed adjacent, with .linux last - custom sections are possible - multiple pcr signing keys can be specified and different boot phase paths can be signed with different keys - most things can be overriden (path to tools, stub file, signing keys, pcr banks, boot phase paths, whether to sign things) - superficial verification of slash bmp is done - kernel uname "scraping" from the kernel if not specified (in a later patch) TODO: - change systemd-measure to not require a functional TPM2. W/o this, we'd need to support all banks in the build machine, which is hard to guarantee. - load signing keys from /etc/kernel/ - supress exceptions, so if something external fails, the user will not see a traceback - conversion to BMP from other formats $ sudo /usr/lib/systemd/ukify \ --tools=build/ \ --measure \ /lib/modules/6.0.5-300.fc37.x86_64/vmlinuz \ /boot/08a5690a2eed47cf92ac0a5d2e3cf6b0/6.0.5-300.fc37.x86_64/initrd \ --secureboot-private-key=server.key --secureboot-certificate=server.crt \ --pcr-private-key=tpm2-pcr-private.pem --pcr-public-key=tpm2-pcr-public.pem \ --cmdline='rw quiet' \ --section test:TESTTESTTEST \ --section test2:TESTTESTTEST2 \ --pcr-banks=sha1 \ --uname="$(uname -rv)" Host arch 'x86_64', efi arch 'x64' + sbverify --list /lib/modules/6.0.5-300.fc37.x86_64/vmlinuz + build/systemd-measure calculate --linux=/lib/modules/6.0.5-300.fc37.x86_64/vmlinuz --osrel=/etc/os-release --cmdline=/tmp/tmpcmdline_5aufjir --pcrpkey=tpm2-pcr-public.pem --initrd=/boot/08a5690a2eed47cf92ac0a5d2e3cf6b0/6.0.5-300.fc37.x86_64/initrd --bank=sha1 11:sha1=03df5e5243bc002b959d52359fe04e266d0b5ebf 11:sha1=54949b82bae32e80343ff0f01eeeeb75f4c07d3f 11:sha1=0fc62be88aa9c5ad7282aa8adb504f451bcec9df 11:sha1=b71155e7fcd467f7c1696f675e37887032e2eafa + build/systemd-measure sign --linux=/lib/modules/6.0.5-300.fc37.x86_64/vmlinuz --osrel=/etc/os-release --cmdline=/tmp/tmpcmdline_5aufjir --pcrpkey=tpm2-pcr-public.pem --initrd=/boot/08a5690a2eed47cf92ac0a5d2e3cf6b0/6.0.5-300.fc37.x86_64/initrd --bank=sha1 --private-key=tpm2-pcr-private.pem --public-key=tpm2-pcr-public.pem + objcopy /usr/lib/systemd/boot/efi/linuxx64.efi.stub --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x22000 --add-section .cmdline=/tmp/tmpcmdline_5aufjir --change-section-vma .cmdline=0x23000 --add-section .pcrpkey=tpm2-pcr-public.pem --change-section-vma .pcrpkey=0x24000 --add-section .initrd=/boot/08a5690a2eed47cf92ac0a5d2e3cf6b0/6.0.5-300.fc37.x86_64/initrd --change-section-vma .initrd=0x25000 --add-section .uname=/tmp/tmpuname0v3uzh5r --change-section-vma .uname=0x4009000 --add-section .test=/tmp/tmptestuxve59c8 --change-section-vma .test=0x400a000 --add-section .test2=/tmp/tmptest2_i143p9i --change-section-vma .test2=0x400b000 --add-section .pcrsig=/tmp/tmppcrsigdtcqxz_w --change-section-vma .pcrsig=0x400c000 --add-section .linux=/lib/modules/6.0.5-300.fc37.x86_64/vmlinuz --change-section-vma .linux=0x400d000 /tmp/uki4vsbf7y8 + sbsign --key server.key --cert server.crt /tmp/uki4vsbf7y8 --output vmlinuz.efi warning: data remaining[79849520 vs 79866644]: gaps between PE/COFF sections? warning: data remaining[79849520 vs 79866648]: gaps between PE/COFF sections? Signing Unsigned original image Wrote signed vmlinuz.efi
| * | bootctl: use output mode where "[]" is written instead for empty outputZbigniew Jędrzejewski-Szmek2022-12-013-4/+9
| | | | | | | | | | | | | | | It's easier for the caller if output is always a list, even if there are no entries.
| * | shared/json: optimize appending objects to arraysZbigniew Jędrzejewski-Szmek2022-12-011-33/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When repeatedly appending an object to a growing array, we would create a new array larger by one slot, insert all the old entries and the new element with ref count bumps into the new array, and then unref the old array. This would cause problems when building an array with more than a few thousand elements. If userdbctl is modified to construct an array, 'userdbctl --json=pretty group >/dev/null' with 31k groups: 0.74s (existing code) 102.17s (returning an array) 0.79s (with this patch) We append arrays in various places, so it seems nice to make this generally fast.
| * | shared/json: make it possible to specify source name for strings too, add testsZbigniew Jędrzejewski-Szmek2022-12-013-16/+117
| | | | | | | | | | | | | | | | | | | | | | | | The source would be set implicitly when parsing from a named file. But it's useful to specify the source also for cases where we're parsing a ready string. I noticed the lack of this API when trying to write tests, but it seems generally useful to be specify a source name when parsing things.
| * | bootctl: make --json output normal jsonZbigniew Jędrzejewski-Szmek2022-12-011-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We would output a sequence of concatenated JSON strings. 'jq' accepts such output without fuss, and can even automatically build an array with --slurp/-s. Nevertheless, parsing this format is more effort for the reader, since it's not "standard JSON". E.g. Python's json module cannot do this out-of-the-box, but needs some loop with json.JSONDecoder.raw_decode() and then collecting the objects into an array. Such streaming output make sense in case of logs, where we stream the output and it has no predefined length. But here we expect at most a few dozen entries, so it's nicer to write normal JSON that is trivial to parse. I'm treating this is a bugfix and not attempting to provide compatibility backwards. I don't think the previous format was seeing much use, and it's trivial to adapt to the new one.
* | | cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGEDAntonio Alvarez Feijoo2022-12-081-35/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Quoting "Trusted Platform Module Library - Part 3: Commands (Rev. 01.59)": "pcrUpdateCounter – this parameter is updated by TPM2_PolicyPCR(). This value may only be set once during a policy. Each time TPM2_PolicyPCR() executes, it checks to see if policySession->pcrUpdateCounter has its default state, indicating that this is the first TPM2_PolicyPCR(). If it has its default value, then policySession->pcrUpdateCounter is set to the current value of pcrUpdateCounter. If policySession->pcrUpdateCounter does not have its default value and its value is not the same as pcrUpdateCounter, the TPM shall return TPM_RC_PCR_CHANGED. If this parameter and pcrUpdateCounter are not the same, it indicates that PCR have changed since checked by the previous TPM2_PolicyPCR(). Since they have changed, the previous PCR validation is no longer valid." The TPM will return TPM_RC_PCR_CHANGED if any PCR value changes (no matter which) between validating the PCRs binded to the enrollment and unsealing the HMAC key, so this patch adds a retry mechanism in this case. Fixes #24906
* | | Merge pull request #25672 from jelly/FirwmwareNameYu Watanabe2022-12-081-1/+47
|\ \ \ | | | | | | | | Extend hostnamed DMI firmware properties
| * | | hostnamed: expose FirmwareDate dbus propertyJelle van der Waa2022-12-071-1/+23
| | | | | | | | | | | | | | | | Expose /sys/class/dmi/id/bios_date as dbus property in hostnamed.
| * | | hostnamed: expose FirmwareVendor as dbus propertyJelle van der Waa2022-12-071-1/+25
| | | | | | | | | | | | | | | | Expose /sys/class/dmi/id/bios_vendor as dbus property in hostnamed.
* | | | Merge pull request #25564 from poettering/dissect-discoverYu Watanabe2022-12-083-7/+92
|\ \ \ \ | | | | | | | | | | systemd-dissect: add simple "--discover" command
| * | | | dissect: add simple --discover commandLennart Poettering2022-12-071-0/+66
| | | | |
| * | | | discover-image: store image class in Image object too, if knownLennart Poettering2022-12-072-7/+15
| | | | |
| * | | | discover-image: add stringification helpers for ImageClassLennart Poettering2022-12-072-0/+11
| |/ / /
View Lorry Controller Status