Merged
Conversation
Section "Description" didn't actually say what systemd does. And we had a giant "Concepts" section that actually described units types and other details about them. So let's move the basic description of functionality to "Description" and rename the following section to "Units". The link to the Original Design Document is moved to "See Also", it is of historical interest mostly at this point. The only actual change is that when talking about API filesystems, /dev is also mentioned. (I think /sys+/proc+/dev are the canonical set and should be always listed on one breath.) (cherry picked from commit f11aaf7)
…ns are still ongoing And while we are at it, ongoing PK authorizations are also a reason to block exit on idle. (cherry picked from commit ac90815)
I do not think this is necessary, but all other places in libsystemd-network we clear buffer before receive. Without this, Coverity warns about use-of-uninitialized-values. Let's silence Coverity. Closes CID#1469721. (cherry picked from commit 40f9fa0)
As per the suggestion in systemd#33242. This reduces the number of /dev/ttySXX device units generated in mkosi from 32 to 4. (cherry picked from commit dc38f9a)
This allows us to reserve a bunch of capacity ahead of time, improving the performance of hwdb significantly thanks to not having to reallocate so many times. Before: ``` $ sudo time valgrind --leak-check=full ./systemd-hwdb update ==113297== Memcheck, a memory error detector ==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info ==113297== Command: ./systemd-hwdb update ==113297== ==113297== ==113297== HEAP SUMMARY: ==113297== in use at exit: 0 bytes in 0 blocks ==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated ==113297== ==113297== All heap blocks were freed -- no leaks are possible ==113297== ==113297== For lists of detected and suppressed errors, rerun with: -s ==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) 132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k 0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps ``` After: ``` $ sudo time valgrind --leak-check=full ./systemd-hwdb update ==112572== Memcheck, a memory error detector ==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info ==112572== Command: ./systemd-hwdb update ==112572== ==112572== ==112572== HEAP SUMMARY: ==112572== in use at exit: 0 bytes in 0 blocks ==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated ==112572== ==112572== All heap blocks were freed -- no leaks are possible ==112572== ==112572== For lists of detected and suppressed errors, rerun with: -s ==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) 21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k 0inputs+25264outputs (0major+57275minor)pagefaults 0swaps ``` Co-authored-by: Yu Watanabe <[email protected]> (cherry picked from commit 621b10f)
…n failure The TPM might be password/pin protected for various reasons even if there is no SRK yet. Let's handle those cases gracefully instead of failing the unit as it is enabled by default. (cherry picked from commit d651800)
This check introduced in 91adc4d is intended to spare us from encountering broken resolver behavior we don't want to deal with. However if we aren't validating we more than likely don't know the state of the upstream resolver's support for dnssec. Let's let clients try these queries if they want. This brings the behavior of sd-resolved in-line with previouly stated change in the meaning of DNSSEC=no, which now means "don't validate" rather than "don't validate, because the upstream resolver is declared to be dnssec-unaware". Fixes: 9c47b33 ("resolved: enable DNS proxy mode if client wants DNSSEC") (cherry picked from commit 364c948)
crypt_reencrypt() is deprecated, so let's look for and prefer crypt_reencrypt_run() if it is available. (cherry picked from commit b99b294)
Let's dump a list of skipped tests and logs from failed tests at the end of TEST-02-UNITTEST to make debugging fails in CI slightly less painful. (cherry picked from commit 2ac0e52)
Let's skip udev device scanning when activating a LUKS volume in systemd-repart as we don't depend on any udev symlinks and don't expect anything except repart to access the volume. Suggested by systemd#33129 (comment). (cherry picked from commit 726fc7a)
(cherry picked from commit 40d637b)
This skips directories and other stuff like /dev/core, /dev/initctl or /dev/log. (cherry picked from commit bde35f4)
In some recent PRs (e.g. systemd#32628) I started to systematically name return parameters that shall only be initialized on failure (because they carry additional error meta information, such as the line/column number of parse failures or so). Let's make this official in the coding style. (cherry picked from commit 7811864)
SHA384 is pretty much the bank we actually *want* to use, since it's faster to calculate than SHA256, hence at the very least, start considering. (cherry picked from commit acaca5a)
Silly workaround that: - allowed flexible arrays in unions - allowed flexible arrays in otherwise empty structs Is no longer needed since https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=adb1c8a0f167c3a1f7593d75f5a10eb07a5d741a (GCC15) or clang 19 llvm/llvm-project@14ba782 (cherry picked from commit 3c2f214)
Mention that by default, /home is managed by tmpfiles.d/home.conf, and recommend that users run systemd-tmpfiles --dry-run --purge first to see exactly what will be removed. (cherry picked from commit 9ebcac3)
Historically, systemd-tmpfiles was designed to manager temporary files, but nowadays it has become a generic tool for managing all kinds of files. To avoid user confusion, let's remove "temporary" from the tool's description. As discussed in systemd#33349 (cherry picked from commit b5c8cc0)
Ubuntu disables them by default in Noble, ship a sysctl to turn them back on so that tests can use them (cherry picked from commit 4cfcde0)
sbsigntool, systemd-boot and systemd-boot-efi do not exist on other architectures (cherry picked from commit 47fe3f2)
(cherry picked from commit e1daedb)
These tests no longer need this, as they are running in nspawn, drop it (cherry picked from commit f44fc53)
We want to keep various logic here instead of mkosi, so drop the temporary comment (cherry picked from commit 626518e)
The shell integration suite allows to manually deselect KVM, so suppor the same env var for the same purpose in python. (cherry picked from commit 7d2701e)
Same as the old integration test suite, allow skipping tests that require qemu. ppc64el's vsock support doesn't appear to work, so we'll skip it, as it is already done in the legacy framework. (cherry picked from commit 464d182)
mkosi will prefer UEFI if the architecture supports it, but fallback to 'linux' if it doesn't. (cherry picked from commit 80468db)
…ce v2.20 The current latest release is v2.19, hence the test is typically skipped now. (cherry picked from commit 4f6d8ab)
Booting a guest with secure boot is broken in Azure due to a hypervisor bug. Disable it for now. Given there's no option, need to edit the configuration on the fly. (cherry picked from commit bdd0b45)
(cherry picked from commit 3001339)
(cherry picked from commit f6d517f)
If a symlink is leftover, still allow cleaning it up via 'disable'. This happens when a unit is stopped and removed, but not disabled, and a reload has already happened. At that point, cleaning up the old symlinks becomes impossible through the APIs, and needs to be done manually. Always allow cleaning up symlinks, if they exist, by only erroring out if there is an OOM. Follow-up for f31f10a (cherry picked from commit 5163c9b)
(cherry picked from commit edeceb8)
…n --purge Also, extend the man page explanation substantially, matching more closely what --create says. Fixes: systemd#33349 (cherry picked from commit 41064a3)
…ongs Also, make contrast between --remove and --purge clearer: one deletes files marked for deletion, the other deletes files marked for creation. (cherry picked from commit 69d7682)
(cherry picked from commit a81f5ff)
The timestamp is not in CLOCK_MONOTONIC, but CLOCK_BOOTTIME, while header monotonic timestamp is in CLOCK_MONOTONIC. Hence, we cannot adjust timestamp by comparing with header monotonic timestamp and _SOURCE_MONOTONIC_TIMESTAMP field. Fixes a regression caused by affde1d. Fixes systemd#33293. (cherry picked from commit 144498e)
github-actions
bot
added
network
resolve
documentation
build-system
util-lib
tests
units
meson
apparmor
repart
tpm2
please-review
keszybz
added
ci-failure-appears-unrelated
and removed
please-review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.