Commit Graph

674 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
7e299ffe10 meson: allow fuzzers to be built even if fuzz testing is disabled
This makes commands like 'ninja -C build fuzz-journal-remote' or
'ninja -C build fuzzers' work, even if we have -Dfuzz-tests=false.
Two advantages: correctness of the meson declarations is verified even
if fuzzers are not built, and it easier to do a one-off build to check for
regressions or such.

Follow-up for 1763ef1d49.
2020-12-02 13:51:31 +01:00
Yu Watanabe
0f82a2ab5c meson: use '_' as separator in fuzz test names
Follow-up for d448888924 and ca121e20c4.

Fixes #17568.
2020-12-02 11:14:26 +01:00
Zbigniew Jędrzejewski-Szmek
ce9067697b meson: add missing "S" to SYSTEMD_CGROUPS_AGENT_PATH
Other similar variables use the binary name underscorified and upppercased
(with "_BINARY" appended in some cases to avoid ambiguity). Add "S" to follow
the same pattern for systemd-cgroups-agent.

Based on the discussion in #16715.
2020-12-01 09:34:17 +01:00
Yu Watanabe
0d5eb02134
Merge pull request #17478 from yuwata/split-network-internal
libsystemd-network: split network-internal.c
2020-11-27 09:04:19 +09:00
Yu Watanabe
435b5ba8d5 meson: set CURL_NO_OLDIES in developer mode 2020-11-21 01:55:41 +09:00
Zbigniew Jędrzejewski-Szmek
1598b07da3
Merge pull request #17640 from keszybz/meson-test-c++20
Also test headers against c++20
2020-11-17 17:14:49 +01:00
Zbigniew Jędrzejewski-Szmek
e318c2a444 meson: use proper variable for libudev.h path 2020-11-17 10:01:05 +01:00
Yu Watanabe
1763ef1d49 meson: do not build fuzzers when fuzz-tests=false
Closes #17578.
2020-11-13 18:15:37 +09:00
Zbigniew Jędrzejewski-Szmek
08c1864f0d meson: allow oomd to be enabled even in release mode
A distro (Fedora in particular) may want to enable oomd in a unstable
branch for testing, even though the package as a whole is compiled in release
mode. Let's emit a warning but otherwise allow this.
2020-11-12 13:25:40 +01:00
Jörg Thalheim
d7aa78c32f meson: add option to skip installing to $sysconfdir
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.

Alternative to https://github.com/systemd/systemd/pull/17501

tested with:

$ mkdir inst build && cd build
$ meson \
  -Dcreate-log-dirs=false \
  -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \
  -Dsysvinit-path=$(realpath ../inst)/etc/init.d \
  -Drootprefix=$(realpath ../inst) \
  -Dinstall-sysconfdir=false \
  --prefix=$(realpath ../inst) ..
$ ninja install
2020-11-12 11:21:46 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Zbigniew Jędrzejewski-Szmek
ceedbf8185 meson: add option for fexecve use
There are downsides to using fexecve:

when fexecve is used (for normal executables), /proc/pid/status shows Name: 3,
which means that ps -C foobar doesn't work. pidof works, because it checks
/proc/self/cmdline. /proc/self/exe also shows the correct link, but requires
privileges to read. /proc/self/comm also shows "3".

I think this can be considered a kernel deficiency: when O_CLOEXEC is used, this
"3" is completely meaningless. It could be any number. The kernel should use
argv[0] instead, which at least has *some* meaning.

I think the approach with fexecve/execveat is instersting, so let's provide it
as opt-in.
2020-11-06 15:20:34 +01:00
Zbigniew Jędrzejewski-Szmek
8939eeae52 shared/exec-util: use our own execveat() wrapper instead of fexecve()
For scripts, when we call fexecve(), on new kernels glibc calls execveat(),
which fails with ENOENT, and then we fall back to execve() which succeeds:
[pid 63039] execveat(3, "", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory)
[pid 63039] execve("/home/zbyszek/src/systemd/test/test-path-util/script.sh", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */) = 0

But on older kernels glibc (some versions?) implement a fallback which falls
into the same trap with bash $0:
[pid 13534] execve("/proc/self/fd/3", ["/home/test/systemd/test/test-path-util/script.sh", "--version"], 0x7fff84995870 /* 0 vars */) = 0

We don't want that, so let's call execveat() ourselves. Then we can do the
execve() fallback as we want.
2020-11-06 15:20:34 +01:00
Yu Watanabe
26f4d32365 meson: drop libsystemd_network from several binaries
This reduces the size of udevadm:

Before:
```
$ ll udevadm
-rwxrwxr-x 1 watanabe watanabe 1203800 Oct 29 01:36 udevadm
```

After:
```
$ ll udevadm
-rwxrwxr-x 1 watanabe watanabe 1094384 Oct 29 01:38 udevadm
```
2020-10-29 14:23:49 +09:00
Zbigniew Jędrzejewski-Szmek
a1989bd84b
Merge pull request #17454 from keszybz/journal-dlopen-cleanup
Journal dlopen cleanup and qrcode printing test
2020-10-28 18:20:27 +01:00
Zbigniew Jędrzejewski-Szmek
a881d96183 meson: fix setting of ENABLE_OOMD
-Doomd=auto (the default) didn't work as intended because the initial correct
value was overwritten later by logic that didn't check for 'auto'.
2020-10-27 18:42:49 +01:00
Zbigniew Jędrzejewski-Szmek
9337945233 meson: sort include dirs
Our headers should have unique names, so the sort order shouldn't matter.
2020-10-23 20:33:28 +02:00
Lennart Poettering
a53225670d build-sys: prepare 247-rc1
Interestingly, the libudev so version was already bumped.
2020-10-23 13:44:33 +02:00
Lennart Poettering
f93ba37530 test: add heavy load loopback block device test 2020-10-22 15:10:03 +02:00
Zbigniew Jędrzejewski-Szmek
b8ee3493a5 meson: convert developer_mode boolean to an enum
I initially changed this to add a third state. But even with two values having
an explicit name instead of just 0/1 is mode descriptive.
2020-10-22 11:05:17 +02:00
Michael Biebl
427103f7a6
Merge pull request #17297 from keszybz/tmpfiles-sysusers-disable-standalone-image
tmpfiles,sysusers: disable --image= support in standalone versions
2020-10-20 23:07:16 +02:00
Zbigniew Jędrzejewski-Szmek
d58c5f0fe7 meson: enable oomd by default in developer mode
We want to compile the new code in CI without having to explicitly specify
-Doomd=true everywhere. Let's enable it by default, and rely on distros
setting -Dmode=release to not have it enabled by default.
2020-10-15 15:53:57 +02:00
Zbigniew Jędrzejewski-Szmek
69c0807432
Merge pull request #15206 from anitazha/systoomd-v0
systemd-oomd
2020-10-15 14:16:52 +02:00
Anita Zhang
c199dd3fd7 meson: disable systemd-oomd by default
systemd-oomd can be enabled when in developer mode (-Dmode=developer)
2020-10-14 23:14:24 -07:00
Lennart Poettering
441e0fdb90 missing: add close_range() wrapper
The syscall was added in 5.9 and is not yet exposed in glibc, hence
define our own wrapper.
2020-10-14 10:40:10 +02:00
Zbigniew Jędrzejewski-Szmek
4b6f74f5a0 basic/selinux: work around mallinfo deprecation
Latest glibc has deprecated mallinfo(), so it might become unavailable at some point
in the future. There is malloc_info(), but it returns XML, ffs. I think the information
that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and
not otherwise.
2020-10-12 15:51:39 +02:00
Zbigniew Jędrzejewski-Szmek
3537577c37 tmpfiles,sysusers: disable --image= support in standalone versions
Fixes #17278.
2020-10-09 18:03:04 +02:00
Anita Zhang
5c616ecfcd systemd-oomd: dbus hook ups and oomctl CLI 2020-10-07 17:12:24 -07:00
Anita Zhang
9de5e32136 systemd-oomd: manager/daemon 2020-10-07 17:12:24 -07:00
Anita Zhang
61ff7397d0 systemd-oomd: unit testable helper functions
Helpers used by the systemd-oomd daemon to read/fill in various contexts and
make detection and kill decisions.

i.e. a simplified/less configurable version of
https://github.com/facebookincubator/oomd/tree/master/src/oomd.
2020-10-07 17:12:22 -07:00
Lennart Poettering
daf71ef61c systemctl: split up humungous systemctl.c file
This is just some refactoring: shifting around of code, not change in
codeflow.

This splits up the way too huge systemctl.c in multiple more easily
digestable files. It roughly follows the rule that each family of verbs
gets its own .c/.h file pair, and so do all the compat executable names
we support. Plus three extra files for sysv compat (which existed before
already, but I renamed slightly, to get the systemctl- prefix lik
everything else), a -util file with generic stuff everything uses, and a
-logind file with everything that talks directly to logind instead of
PID1.

systemctl is still a bit too complex for my taste, but I think this way
itc omes in a more digestable bits at least.

No change of behaviour, just reshuffling of some code.
2020-10-07 23:12:15 +02:00
Lennart Poettering
c14ebe07a9
Merge pull request #17172 from keszybz/read-login-defs
Read /etc/login.defs
2020-10-02 11:01:30 +02:00
Zbigniew Jędrzejewski-Szmek
aa25270cb2 sysusers: look at login.defs when setting the default range to allocate users
Also, even if login.defs are not present, don't start allocating at 1, but at
SYSTEM_UID_MIN.

Fixes #9769.

The test is adjusted. Actually, it was busted before, because sysusers would
never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than
SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are
equal, so we didn't notice. Since sysusers now always uses the minimum of the
two, we only need to substitute one value.
2020-10-01 19:53:45 +02:00
Zbigniew Jędrzejewski-Szmek
bd7e6aa73a test/TEST-21-SYSUSERS: turn into a unit test
All this test does is manipulate text files in a subdir specified with --testroot.
It can be a normal unittest without the overhead of creating a machine image.

As a bonus, also test the .standalone version.
2020-10-01 17:52:51 +02:00
Zbigniew Jędrzejewski-Szmek
fc1a5d1a70 Also parse the minimum uid/gid values
We don't (and shouldn't I think) look at them when determining the type of the
user, but they should be used during user/group allocation. (For example, an
admin may specify SYS_UID_MIN==200 to allow statically numbered users that are
shared with other systems in the range 1–199.)
2020-10-01 17:52:41 +02:00
Zbigniew Jędrzejewski-Szmek
53393c894d Look at /etc/login.defs for the system_max_[ug]id values
It makes little sense to make the boundary between systemd and user guids
configurable. Nevertheless, a completely fixed compile-time define is not
enough in two scenarios:
- the systemd_uid_max boundary has moved over time. The default used to be
  500 for a long time. Systems which are upgraded over time might have users
  in the wrong range, but changing existing systems is complicated and
  expensive (offline disks, backups, remote systems, read-only media, etc.)
- systems are used in a heterogenous enviornment, where some vendors pick
  one value and others another.
So let's make this boundary overridable using /etc/login.defs.

Fixes #3855, #10184.
2020-10-01 17:49:31 +02:00
Luca Boccassi
feee7f6288 libcrypt-util: use build-time check for crypt_preferred_method
After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra
is checked, but there are cases where that function is available but crypt_preferred_method
is not, and they are used in the same ifdef.
Add a check for the latter as well.
2020-09-28 10:23:48 +02:00
Lennart Poettering
36f8cf0163
Merge pull request #17086 from keszybz/developer-mode-default
Update dbus docs, make developer mode default
2020-09-22 16:29:28 +02:00
Anita Zhang
06ca077ba2 meson: remove multi-line statement with trailing '\'
Error on meson 0.47:
```
meson.build:885:47: ERROR:  Expecting colon got eol_cont.
crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? \
                                               ^
```

This seems to have been fixed in meson 0.50 after a report from
https://github.com/mesonbuild/meson/issues/4720
2020-09-21 21:20:39 +02:00
Lennart Poettering
3f440b13b7
Merge pull request #16981 from keszybz/use-crypt_ra
Use crypt_ra to allocate scratch area for password hashing
2020-09-18 19:46:08 +02:00
Zbigniew Jędrzejewski-Szmek
4c8e5f442b meson: make "developer" mode the default
This means that the dbus doc consistency checks will be enabled by default,
including in the CI. I think that will work better than current state where
people do not enable them and them follow-up patches for the docs like the
parent commit must be had.
2020-09-17 09:02:29 +02:00
Zbigniew Jędrzejewski-Szmek
452d2dfd52 meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH
RC_LOCAL_SCRIPT_PATH_START and RC_LOCAL_SCRIPT_PATH_STOP were was originally
added in the conversion to meson based on the autotools name. In
4450894653 RC_LOCAL_SCRIPT_PATH_STOP was dropped.
We don't need to use such a long name.
2020-09-15 17:44:26 +02:00
Zbigniew Jędrzejewski-Szmek
2b49f0ca83 Check for crypt_gensalt_ra() instead of relying on libxcrypt presence
Since the loop to check various xcrypt functions is already in place,
adding one more is cheap. And it is nicer to check for the function
directly. People like to backport things, so we might get lucky even
without having libxcrypt.
2020-09-15 11:52:30 +02:00
Zbigniew Jędrzejewski-Szmek
e8644a414a meson: test if we have libcrypt_ra
We always seem to have either libcrypt_r and not the other two, or all
three. So the fallback for libcrypt_ra needs to be based on libcrypt_r.
2020-09-15 11:52:30 +02:00
Lennart Poettering
b612c26ceb sd-path: use ROOTPREFIX without suffixed slash
We already have rootprefix_noslash as meson variable, export it so that
we can also use it in C code.

Fixes: #16773
2020-09-11 13:08:30 +02:00
Lennart Poettering
bae66f4bda systemd-user: move pam snippet default location to /usr/lib/pam.d 2020-09-10 12:47:07 +02:00
Lennart Poettering
0d12936d9a shared: make libcryptsetup dep dlopen
Let's make libcryptsetup a dlopen() style dep for PID 1 (i.e. for
RootImage= and stuff), systemd-growfs and systemd-repart. (But leave to
be a regulra dep in systemd-cryptsetup, systemd-veritysetup and
systemd-homed since for them the libcryptsetup support is not auxiliary
but pretty much at the core of what they do.)

This should be useful for container images that want systemd in the
payload but don't care for the cryptsetup logic since dm-crypt and stuff
isn't available in containers anyway.

Fixes: #8249
2020-09-02 15:04:06 +02:00
Lennart Poettering
1e2f32305c shared: rename crypt-util.c → cryptsetup-util.c
"crypt-util.c" is such a generic name, let's avoid that, in particular
as libc's/libcrypt's crypt() function is so generically named too that
one might thing this is about that. Let's hence be more precise, and
make clear that this is about cryptsetup, and nothing else.

We already had cryptsetup-util.[ch] in src/cryptsetup/ doing keyfile
management. To avoid the needless confusion, let's rename that file to
cryptsetup-keyfile.[ch].
2020-09-02 15:00:32 +02:00
Lennart Poettering
3b684be04b libudev: also expose API to check for current tags in libudev 2020-09-01 17:40:12 +02:00
Zbigniew Jędrzejewski-Szmek
4cc73cf9c1 test: verify that dbus docs are fresh
This makes use of the developer mode switch: the test is only done
if the user opted-in into developer mode.

Before the man/update-dbus-docs was using the argument form where
we don't need to run find_command(), but that doesn't work with test(),,
so find_command() is used and we get one more line in the config log.
2020-08-27 21:30:22 +02:00
Zbigniew Jędrzejewski-Szmek
839bdf2505 meson: add "develop mode" config switch 2020-08-27 20:20:23 +02:00
Lennart Poettering
da3920c3a4 journal: move qrcode printing code to src/shared/
That way we can make use of it in homctl, too.
2020-08-25 17:58:02 +02:00
Zbigniew Jędrzejewski-Szmek
9f56c88aeb
Merge pull request #16819 from keszybz/seccomp-enosys
Return ENOSYS in nspawn for "unknown" syscalls
2020-08-25 09:18:46 +02:00
Zbigniew Jędrzejewski-Szmek
2aed63f427 tree-wide: fix spelling of "fallback"
Similarly to "setup" vs. "set up", "fallback" is a noun, and "fall back"
is the verb. (This is pretty clear when we construct a sentence in the
present continous: "we are falling back" not "we are fallbacking").
2020-08-20 17:45:32 +02:00
Zbigniew Jędrzejewski-Szmek
b3259a6e5f meson: add ENABLE_ANALYZE conditional 2020-08-20 17:42:13 +02:00
Lennart Poettering
1b13600948
Merge pull request #16771 from poettering/dyn-pwq
make libpwquality a dlopen() dependency + use it in systemd-firstboot, too
2020-08-19 15:40:41 +02:00
Zbigniew Jędrzejewski-Szmek
47354b440e meson: add syscall-names-update target
The calls to find_program("tools/*") are moved earlier so they can be used
in libshared/ (and it doesn't make sense to split them).
2020-08-19 15:30:24 +02:00
Anita Zhang
e71f5585b9 meson: add min version for libfdisk
Was trying to run src/partition/test-repart.sh on CentOS 8 and the first
resize call kept failing with ERANGE. Turned out that CentOS 8 comes
with libfdisk-devel-2.32.1 which is missing
2f35c1ead6
(in libfdisk 2.33 and up).
2020-08-19 10:18:33 +02:00
Lennart Poettering
679badd7ba home: make libpwquality dep a runtime dlopen() one
Also, let's move the glue for this to src/shared/ so that we later can
reuse this in sysemd-firstboot.

Given that libpwquality is a more a leaf dependency, let's make it
runtime optional, so that downstream distros can downgrade their package
deps from Required to Recommended.
2020-08-19 10:03:24 +02:00
Lennart Poettering
5a151082d7 meson: move systemd-dissect to /usr/bin 2020-08-11 22:29:50 +02:00
Zbigniew Jędrzejewski-Szmek
1472b58835
Merge pull request #16260 from poettering/pcre2-dlopen
turn pcre2 dependency into dlopen() dependency
2020-08-04 15:37:48 +02:00
Zbigniew Jędrzejewski-Szmek
3a4378cb9e
Merge pull request #16145 from poettering/qrcode-dlopen
journalctl: make libqrencode a weak (dlopen() style) dependency
2020-08-04 15:25:50 +02:00
Zbigniew Jędrzejewski-Szmek
2d2d0a57e7 repart: adjust --help and test output width 2020-07-30 16:02:45 +02:00
Zbigniew Jędrzejewski-Szmek
0390b094f5 meson: do not choke on time epoch when there are no git tags
github ci was failing with:

meson.build:685:16: ERROR: String '' cannot be converted to int
2020-07-23 12:25:14 +02:00
Daan De Meyer
bd190899bb Get SOURCE_EPOCH from the latest git tag instead of NEWS
Currently, each change to NEWS triggers a meson reconfigure that
changes SOURCE_EPOCH which causes a full rebuild. Since NEWS changes
relatively often, we have a full rebuild each time we pull from
master even if we pull semi-regularly. This is further compounded
when using branches since NEWS has a relatively high chance to
differ between branches which causes git to update the modification
time, leading to a full rebuild when switching between branches.

We fix this by using the creation time of the latest git tag instead.
2020-07-23 08:38:30 +02:00
Lennart Poettering
9200bb30d0 journalctl: make pcre2 a dlopen() dependency
Let's make use of the library if it is installed, but otherwise just
generate a nice error and provide all other functionality.
2020-07-21 10:37:54 +02:00
Norbert Lange
55678b9eae build: skip installation of 2 files if feature is disabled
dont install systemd-update-utmp if utmp is disabled.
dont install systemd-initctl.service if sysv is disabled.
2020-07-18 13:50:39 +09:00
Zbigniew Jędrzejewski-Szmek
3994922baf meson: bump version numbers for v246 2020-07-08 17:35:54 +02:00
Lennart Poettering
7b78db28e5 homed: add support for authenticating with fido2 hmac-secret tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
1c0c4a43c6 homectl: add support for enrolling FIDO2 HMAC-SECRET tokens 2020-07-01 11:17:28 +02:00
Lennart Poettering
af4fbd463f build-sys: add libfido2 as optional dependency 2020-07-01 11:17:28 +02:00
Lennart Poettering
d80b051cea tree-wide: add new HAVE_COMPRESSION compile time flag
let's simplify the checks for ZSTD/LZ4/XZ

As suggested:

https://github.com/systemd/systemd/pull/16096#discussion_r440705585
2020-06-25 15:02:45 +02:00
Luca Boccassi
c2923fdcd7 dissect/nspawn: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
2020-06-25 08:45:21 +01:00
Lennart Poettering
e44b500484 journalctl: make libqrencode a weak dependency
This way journalctl can make use of libqrencode if it's there, but will
quietly not use it if it isn't.

This means libqrencode remains a build-time dep, but not a strict
runtime dependency.

I figure we should do something similar for a bunch of other "leaf"
libraries we only use few symbols of. Specifically the following are
probably good candidates:

* pcre2
* libpwquality
* p11kit
* elfutils

and possibly:

* libcryptsetup (only in some parts. i.e. building systemd-cryptsetup
  without it makes no sense. However building the dissect option with
  libcryptsetup as optional dep does make sense)
* possibly the compression libraries (at least the ones we never use for
  compression, but only as alternative ones for decompression)

Already covered like this is:

* libxkcommon
2020-06-25 09:28:27 +02:00
Lennart Poettering
7bf6babfa2
Merge pull request #16112 from poettering/nss-systemd-block-fix
rework nss-systemd recursion lock
2020-06-24 08:39:44 +02:00
Lennart Poettering
037b0a47b0 userdb: replace recursion lock
Previously we'd used the existance of a specific AF_UNIX socket in the
abstract namespace as lock for disabling lookup recursions. (for
breaking out of the loop: userdb synthesized from nss → nss synthesized
from userdb → userdb synthesized from nss → …)

I did it like that because it promised to work the same both in static
and in dynmically linked environments and is accessible easily from any
programming language.

However, it has a weakness regarding reuse attacks: the socket is
securely hashed (siphash) from the thread ID in combination with the
AT_RANDOM secret. Thus it should not be guessable from an attacker in
advance. That's only true if a thread takes the lock only once and
keeps it forever. However, if a thread takes and releases it multiple
times an attacker might monitor that and quickly take the lock
after the first iteration for follow-up iterations.

It's not a big issue given that userdb (as the primary user for this)
never released the lock and we never made the concept a public
interface, and it was only included in one release so far, but it's
something that deserves fixing. (moreover it's a local DoS only, only
permitting to disable native userdb lookups)

With this rework the libnss_systemd.so.2 module will now export two
additional symbols. These symbols are not used by glibc, but can be used
by arbitrary programs: one can be used to disable nss-systemd, the other
to check if it is currently disabled.

The lock is per-thread. It's slightly less pretty, since it requires
people to manually link against C code via dlopen()/dlsym(), but it
should work safely without the aforementioned weakness.
2020-06-23 17:24:24 +02:00
Filipe Brandenburger
db64ba81c6 meson: build standalone version of systemd-tmpfiles
Use -Dstandalone-binaries=yes to enable building and installing this standalone
version of the binary without a dependency on the systemd-shared solib.

Also move the list of sources for systemd-tmpfiles to its own meson.build file.
2020-06-10 10:54:29 -07:00
Filipe Brandenburger
8ef8f3d5a7 meson: add a new -Dstandalone-binaries=true option
This adds an option to build standalone binaries that do not depend on the
systemd-shared library. This option can be handy to build binaries that can be
useful on a non-systemd system, binaries such as systemd-sysusers and
systemd-tmpfiles have been previously requested, but installing them with all
the required dependencies pulls in too much code that isn't really relevant for
those use cases. The standalone use case is also relevant in containers, where
minimizing the size of the container image is quite relevant.

For now, only `systemd-sysusers` is also built as a standalone binary.

The standalone binaries are installed as `/usr/bin/%{name}.standalone`, the
packaging system is reponsible for renaming those into the correct names
during the packaging step. RPM is able to do so with RemovePathPostfixes:

The default behavior is to build shared binaries only, since this option is
mainly intended for building distribution packages.

Tested that a proper separate binary is built when using this option and
that having it disabled (or using the default Meson configuration) does not
produce a binary for this option.
2020-06-10 10:54:29 -07:00
YmrDtnJu
2ffadd3cee AppArmor: Support for loading a set of pre-compiled profiles at startup time
Let systemd load a set of pre-compiled AppArmor profile files from a policy
cache at /etc/apparmor/earlypolicy. Maintenance of that policy cache must be
done outside of systemd.

After successfully loading the profiles systemd will attempt to change to a
profile named systemd.

If systemd is already confined in a profile, it will not load any profile files
and will not attempt to change it's profile.

If anything goes wrong, systemd will only log failures. It will not fail to
start.
2020-06-09 20:27:47 +02:00
Norbert Lange
63e2d1714e udev: single binary replacing udevd and udevadm
Since the separate binaries contain mostly the same code,
this almost halves the size of the installation.

before:
398K /bin/udevadm
391K /lib/systemd/systemd-udevd

after:
431K /bin/udevadm
0    /lib/systemd/systemd-udevd -> ../../bin/udevadm

Fixes: #14200
2020-06-01 09:41:21 +02:00
Benjamin Berg
8feca2472c xdg-autostart-generator: Add a generator for XDG autostart files
This generator can be used by desktop environments to launch autostart
applications and services. The feature is an opt-in, triggered by
xdg-desktop-autostart.target being activated.

Also included is the new binary xdg-autostart-condition. This binary is
used as an ExecCondition to test the OnlyShowIn and NotShowIn XDG
desktop file keys. These need to be evaluated against the
XDG_CURRENT_DESKTOP environment variable which may not be known at
generation time.

Co-authored-by: Henri Chain <henri.chain@enioka.com>
2020-05-27 09:02:10 +02:00
Norbert Lange
6589a56972 dont install systemd-initctl, runlevel, telinit if no SYSV compat
systemd-initctl executable is still built.
2020-05-26 15:04:36 +02:00
Frantisek Sumsal
c56463fdb4 meson: add fuzz-tests= option
The slow-tests= option already enables fuzzers as well, however, this
option can't be used in the "fully sanitized" runs, as certain slow
tests are affected by the performance quite significantly.

This option allows us to enable only fuzzers without the slow tests to
meet the needs of such runs.
2020-05-21 16:59:40 +02:00
Evgeny Vereshchagin
8976715804 build-system: build the fuzz targets with both ASan and UBSan
Just a follow-up to https://github.com/systemd/systemd/pull/15860
2020-05-20 16:07:13 +02:00
Lennart Poettering
23769fb371 cryptsetup: split out key loading from pkcs11 code and teach search path logic
Let's do some rearrangements, so that we can later on use this to
automatically search for a key file.
2020-05-19 17:28:16 +02:00
Norbert Lange
cdf7ad38b6 allow removal of initrd services 2020-05-19 10:19:18 +02:00
Dimitri John Ledkov
6dbf352cfb meson: initialize time-epoch to reproducible builds compatible value
Debian Policy encourages to preserve timestamps whenever possible in the
tarballs, thus stable release updates of systemd usually do not bump NEWS file
timestamp. And thus time-epoch remains the same for the lifetime of a release.

It would be better, if each new stable release rebuild of systemd would bump
the time epoch a bit. But at the same time remain
reproducible. SOURCE_DATE_EPOCH is an environmnet variable defined for this
purpose. Thus if available, prefer that, instead of the NEWS file modification
time.

For example, on Debian/Ubuntu under the reproducible builds the
SOURCE_DATE_EPOCH is set to the timestamp from the packaging metadata, thus it
is incremented on every new stable release update, whilst preserving
reproducible builds capability.

Reference: https://reproducible-builds.org/docs/timestamps/
2020-05-18 08:45:01 +02:00
Zbigniew Jędrzejewski-Szmek
94c0c5b7ea shared/ethtool-util: hush gcc warnings about array bounds
[127/1355] Compiling C object 'src/shared/5afaae1@@systemd-shared-245@sta/ethtool-util.c.o'
../src/shared/ethtool-util.c: In function ‘ethtool_get_permanent_macaddr’:
../src/shared/ethtool-util.c:260:60: warning: array subscript 5 is outside the bounds of an interior zero-length array ‘__u8[0]’ {aka ‘unsigned char[]’} [-Wzero-length-bounds]
  260 |                 ret->ether_addr_octet[i] = epaddr.addr.data[i];
      |                                            ~~~~~~~~~~~~~~~~^~~
In file included from ../src/shared/ethtool-util.c:5:
../src/shared/linux/ethtool.h:704:7: note: while referencing ‘data’
  704 |  __u8 data[0];
      |       ^~~~
../src/shared/ethtool-util.c: In function ‘ethtool_set_features’:
../src/shared/ethtool-util.c:488:31: warning: array subscript 0 is outside the bounds of an interior zero-length array ‘__u32[0]’ {aka ‘unsigned int[]’} [-Wzero-length-bounds]
  488 |         len = buffer.info.data[0];
      |               ~~~~~~~~~~~~~~~~^~~
In file included from ../src/shared/ethtool-util.c:5:
../src/shared/linux/ethtool.h:631:8: note: while referencing ‘data’
  631 |  __u32 data[0];
      |        ^~~~

The kernel should not define the length of the array, but it does. We can't fix
that, so let's use a cast to avoid the warning.

For https://github.com/systemd/systemd/issues/6119#issuecomment-626073743.

v2:
- use #pragma instead of a cast. It seems the cast only works in some cases, and
  gcc is "smart" enough to see beyond the cast. Unfortunately clang does not support
  this warning, so we need to do a config check whether to try to suppress.
2020-05-11 13:57:11 +02:00
Zbigniew Jędrzejewski-Szmek
f2a8372e37
Merge pull request #15703 from poettering/homed-tweak-default-storage
homed: avoid double encryption
2020-05-08 16:57:14 +02:00
Zbigniew Jędrzejewski-Szmek
165bda37ba
Merge pull request #15718 from poettering/tmpfiles-offline
tmpfiles: read /etc/passwd + /etc/group with fgetpwent()/fgetgrent() if --root= is specified
2020-05-08 11:22:19 +02:00
Lennart Poettering
c76dd733af homed: make default storage/file system type configurable in homed.conf 2020-05-07 23:33:09 +02:00
Zbigniew Jędrzejewski-Szmek
eef4b80033 Add a basic test that the configured fallback hostname is OK
Ideally, assert_cc() would be used for this, so that it is not possible to even
compile systemd with something like '-Dfallback-hostname=.foo'. But to do a
proper check we need to call hostname_is_valid(), and we cannot depend on being
able to run code (e.g. during cross-compilation). So let's do a very superficial
check in meson, and a proper on in test-util.
2020-05-07 17:35:26 +02:00
Lennart Poettering
a3451c2c4c tmpfiles: optionally, read /etc/passwd + /etc/group without NSS
There are two libc APIs for accessing the user database: NSS/getpwuid(),
and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's
use the latter. Otherwise the former. This means tmpfiles can use the
database included in the root environment for chowning, which is a lot
more appropriate.

Fixes: #14806
2020-05-07 16:35:20 +02:00
Zbigniew Jędrzejewski-Szmek
dd1e33c8dc meson: drop "meson-" prefix from various helper script filenames
In a few cases, the prefix was originally necessary because a different helper
script was used for automake, and a different one for meson. But now we use
meson exclusively, and the prefix isn't useful. This also synchronizes the
target name, file name, and variable name in meson.build. The targets exposed
by meson didn't have the prefix, so the user interface is unchanged.

(The prefix is retained in the few tools that are used for meson itself,
e.g. meosn-vcs-tag.sh, meson-make-symlink.sh, etc.)
2020-05-07 13:57:48 +02:00
Benjamin Robin
0454681395 meson: Do not drop warnings (unused variable) when NDEBUG is defined
This is no longer needed, since there is now no warning with NDEBUG
defined
2020-05-06 23:03:25 +02:00
Zbigniew Jędrzejewski-Szmek
ba5a389d24 Merge pull request #15473 from keszybz/bus-introspection 2020-05-06 15:00:07 +02:00
Evgeny Vereshchagin
7f3a5eb70e build-system: bring back 'nonnull'
Having taken a look at https://github.com/systemd/systemd/runs/645252074?check_suite_focus=true
where fuzz-journal-remote failed with
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==16==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f864f98948e bp 0x7ffde5c6b7c0 sp 0x7ffde5c6b560 T0)
==16==The signal is caused by a READ memory access.
==16==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x7f864f98948e in output_short /work/build/../../src/systemd/src/shared/logs-show.c
    #1 0x7f864f984624 in show_journal_entry /work/build/../../src/systemd/src/shared/logs-show.c:1154:15
    #2 0x7f864f984b63 in show_journal /work/build/../../src/systemd/src/shared/logs-show.c:1239:21
    #3 0x4cabab in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:67:21
    #4 0x51fd16 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #5 0x51c330 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
    #6 0x523700 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:765:7
    #7 0x5246cd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/libfuzzer/FuzzerLoop.cpp:792:3
    #8 0x4de3d1 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6
    #9 0x4cfb47 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #10 0x7f864e69782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #11 0x41f2a8 in _start (out/fuzz-journal-remote+0x41f2a8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /work/build/../../src/systemd/src/shared/logs-show.c in output_short
==16==ABORTING
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x44,0x3d,0xa,0x5f,0x5f,0x52,0x45,0x41,0x4c,0x54,0x49,0x4d,0x45,0x5f,0x54,0x49,0x4d,0x45,0x53,0x54,0x41,0x4d,0x50,0x3d,0x31,0xa,0xa,
D=\x0a__REALTIME_TIMESTAMP=1\x0a\x0a
artifact_prefix='./'; Test unit written to ./crash-d635b9dd31cceff3c912fd45e1a58d7e90f0ad73
Base64: RD0KX19SRUFMVElNRV9USU1FU1RBTVA9MQoK
```
I was wondering why it hadn't been caught by the compiler even though clang should have failed to compile it with
```
../src/shared/logs-show.c:624:25: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
                        print_multiline(f, 4 + fieldlen + 1, 0, OUTPUT_FULL_WIDTH, 0, false,
                        ^
../src/shared/logs-show.c:161:24: note: callee declares array parameter as static here
                size_t highlight[static 2]) {
                       ^        ~~~~~~~~~~
../src/shared/logs-show.c:1239:21: warning: null passed to a callee that requires a non-null argument [-Wnonnull]
                r = show_journal_entry(f, j, mode, n_columns, flags, NULL, NULL, ellipsized);
                    ^                                                      ~~~~
../src/shared/logs-show.c:1133:30: note: callee declares array parameter as static here
                const size_t highlight[static 2],
                             ^        ~~~~~~~~~~
2 warnings generated.
```

Given that judging by https://github.com/systemd/systemd/issues/13039 it doesn't seem to be
the first time issues like that have been missed I think it would be better to turn nonnull on
and get around false positives on a case-by-case basis with DISABLE_WARNING_NONNULL .. REENABLE_WARNING

Reopens https://github.com/systemd/systemd/issues/6119
2020-05-06 09:50:57 +02:00
Zbigniew Jędrzejewski-Szmek
81e06775be meson: add man/update-dbus-docs target 2020-05-05 22:41:23 +02:00
Norbert Lange
ef5924aa31 coredump: add zstandard support for coredumps
this will hook libzstd into coredump,
using this format as default.
2020-05-04 10:59:43 +02:00
Zbigniew Jędrzejewski-Szmek
460e5af05d meson: test userdbctl and homectl --help 2020-04-28 09:56:24 +02:00
Zbigniew Jędrzejewski-Szmek
6164ec4c93 meson: modernize indentation
By using a newline after executable( and run_target(, we get less
indentation and the indentation level does not change when the returned
object is saved to a variable.
2020-04-28 09:53:51 +02:00
Jakov Smolic
f30bf4d937
Include new configure options in features list
Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2020-04-16 10:40:31 +02:00
Jakov Smolic
dd0f79523f
Add new meson configure option for controlling systemd-analyze support
Enables building systemd without systemd-analyze, which in
return saves approx. 4 MB of space upon installing systemd.

Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2020-04-15 17:53:43 +02:00
Zbigniew Jędrzejewski-Szmek
3614df0575 meson,resolved: make default LLMNR= and MulticastDNS= values configurable
For https://fedoraproject.org/wiki/Changes/systemd-resolved.
2020-04-15 14:37:21 +02:00
Frantisek Sumsal
15529f5cea
Merge pull request #14338 from keszybz/functional-test-rework
Functional test rework
2020-03-30 16:25:12 +02:00
Evgeny Vereshchagin
6b8d32ea7b ci: turn off FuzzBuzz
I don't think anyone uses it.
2020-03-30 14:57:22 +02:00
Zbigniew Jędrzejewski-Szmek
e2d612a8e4 meson: use find_program() for add-git-hook.sh
On azure systemd.systemd ci, the build would fail with:
meson.build:53:0: ERROR: Program or command '/home/appuser/fuzzer/tools/add-git-hook.sh' not found or not executable

We use find_program() for all helpers, so let's do it for this one too.
This should solve the issue, whatever it exactly is.
2020-03-28 12:37:28 +01:00
Zbigniew Jędrzejewski-Szmek
e29e4d5742 test: convert TEST-45 to a normal meson test
On my laptop, it now takes 0.23 s. We don't need the overhead of creating
an image and spawning a machine to mangle a file in /tmp.
2020-03-28 11:50:38 +01:00
Zbigniew Jędrzejewski-Szmek
fbaa11372b test: convert TEST-35-NETWORK-GENERATOR into a unit test 2020-03-28 11:46:48 +01:00
Zbigniew Jędrzejewski-Szmek
96d33e4ac0 Rename _PATH variables to _DIR when they refer to a directory
We were very inconsistent in this, but in general _PATH signifies
a search path (separated with :), and _DIR signifies a single directory.
2020-03-27 20:12:45 +01:00
Zbigniew Jędrzejewski-Szmek
b6261be84d meson: report -Dinstall-tests in summary 2020-03-22 10:22:42 +01:00
Florian Klink
f14266c843 meson.build: drop unused SYSTEMD_SLEEP_BINARY_PATH
seems usage was dropped in ddcbc87378.
2020-03-09 14:52:30 +01:00
Robert Scheck
fd74a13e85 timesync, meson: allow statically linked build
Build option "link-timesyncd-shared" to build a statically linked
systemd-timesyncd by using

  -Dlink-udev-shared=false -Dlink-timesyncd-shared=false

on systems with full systemd stack except systemd-timesyncd, such
as RHEL/CentOS 8.
2020-03-04 10:46:10 +01:00
Zbigniew Jędrzejewski-Szmek
6ffeca8c8f meson: explain GIT_VERSION and PROJECT_VERSION
Fixes #11415.
2020-02-28 16:54:33 +01:00
Zbigniew Jędrzejewski-Szmek
384db814ee meson: bump version numbers for v245 2020-02-05 10:20:56 +01:00
Zbigniew Jędrzejewski-Szmek
ce4121c6ff meson: update efi path detection to gnu-efi-3.0.11
Fixes systemd build in Fedora rawhide.

The old ldsdir option is not useful, because both the directory and the
file name changed. Let's remove the option and try to autodetect the file
name. If this turns out to be not enough, a new option to simply specify
the full path to the file can be added.

F31:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib64/gnuefi/elf_x64_efi.lds
         EFI crt0:                          /usr/lib64/gnuefi/crt0-efi-x64.o
         EFI include directory:             /usr/include/efi
F32:
         efi arch:                          x86_64
         EFI machine type:                  x64
         EFI CC                             ccache cc
         EFI lds:                           /usr/lib/gnuefi/x64/efi.lds
         EFI crt0:                          /usr/lib/gnuefi/x64/crt0.o
         EFI include directory:             /usr/include/efi
2020-02-04 23:43:21 +09:00
Yu Watanabe
60d0a5098b util: uid_t, gid_t, and pid_t must be 32bit
We already have assert_cc(sizeof(uid_t) == sizeof(uint32_t)) or friends
at various places.
2020-02-02 17:13:08 +01:00
Yu Watanabe
c757517d98 meson: fix feature list 2020-02-02 17:09:28 +01:00
Yu Watanabe
af06ddf51a meson, man: do not install pam_systemd_home(8) when pam or homed is disabled
Fixes #14725.
2020-02-01 12:13:45 +01:00
Lennart Poettering
26cf9fb7f8 home: add pam_systemd_home.so PAM hookup
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:41 +01:00
Lennart Poettering
4aa0a8ac3e home: add homectl client tool 2020-01-28 22:36:30 +01:00
Lennart Poettering
70a5db5822 home: add new systemd-homed service that can manage LUKS homes
Fixes more or less: https://bugs.freedesktop.org/show_bug.cgi?id=67474
2020-01-28 22:36:07 +01:00
Lennart Poettering
e594a3b154 repart: add new systemd-repart tool
Fixes: #14052
2020-01-20 17:42:03 +01:00
Zbigniew Jędrzejewski-Szmek
cdc6804b60 units: drop full paths for utilities in $PATH
This makes things a bit simpler and the build a bit faster, because we don't
have to rewrite files to do the trivial substitution. @rootbindir@ is always in
our internal $PATH that we use for non-absolute paths, so there should be no
functional change.
2020-01-20 16:50:16 +01:00
Lennart Poettering
1684c56f40 nss: hook up nss-systemd with userdb varlink bits
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.

(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).

Fixes: #12492
2020-01-15 15:29:07 +01:00
Lennart Poettering
1604937f83 userdbd: add userdbctl tool as client for userdbd 2020-01-15 15:28:42 +01:00
Lennart Poettering
d093b62c94 userdbd: add new service that can merge userdb queries from multiple clients 2020-01-15 15:28:17 +01:00
Zbigniew Jędrzejewski-Szmek
5425f8a57c Revert "docs: rename HACKING → Hacking"
This reverts commit 8c5cd27dd1.
2020-01-15 13:45:04 +01:00
Zbigniew Jędrzejewski-Szmek
8c5cd27dd1 docs: rename HACKING → Hacking
Let's see if this works at all.
2020-01-15 12:38:12 +01:00
Robert Scheck
5ac8b50d58 network, meson: allow statically linked build
Build option "link-networkd-shared" to build a statically linked
systemd-networkd by using

  -Dlink-udev-shared=false -Dlink-networkd-shared=false

on systems with full systemd stack except systemd-networkd, such
as RHEL/CentOS 8.
2020-01-08 09:50:32 +01:00
Lennart Poettering
086697094e cryptsetup: add native pkcs#11 support to cryptsetup
This adds a new crypttab option for volumes "pkcs11-uri=" which takes a
PKCS#11 URI. When used the key stored in the line's key file is
decrypted with the private key the PKCS#11 URI indiciates.

This means any smartcard that can store private RSA keys is usable for
unlocking LUKS devices.
2019-12-09 19:25:25 +01:00
Lennart Poettering
839fddbe50 shared: add pkcs11-util.[ch] 2019-12-09 19:25:25 +01:00
Lennart Poettering
5ead4e85f6 missing: add rt_sigqueueinfo() syscall definition
This is not a new system call at all (since kernel 2.2), however it's
not exposed in glibc (a wrapper is exposed however in sigqueue(), but it
substantially simplifies the system call). Since we want a nice fallback
for sending signals on non-pidfd systems for pidfd_send_signal() let's
wrap rt_sigqueueinfo() since it takes the same siginfo_t parameter.
2019-12-04 10:34:03 +01:00
Lennart Poettering
5f152f43d0 missing: define new pidfd syscalls 2019-12-04 10:33:41 +01:00
Zbigniew Jędrzejewski-Szmek
78af8a798a meson: bump version numbers for v244 2019-11-22 14:41:10 +01:00
Zbigniew Jędrzejewski-Szmek
62d3999518 meson: add target to update the chromiumos rules
There is no change in the file right now, but the download seems to work
OK.

It's funny that the biggest company in the world cannot provide a
download link in plain text.
2019-11-15 11:36:59 +01:00
Zbigniew Jędrzejewski-Szmek
67f5b9e06e
Merge pull request #14003 from keszybz/user-path-configurable
meson: make user $PATH configurable
2019-11-14 10:08:40 +01:00
Zbigniew Jędrzejewski-Szmek
5bc655cd20 meson: avoid ternary op in .format()
meson 0.49 can't parse that for some reason. I'm keeping this separate so it
can be reverted easily when we bump required meson version.
2019-11-13 22:34:33 +01:00
Zbigniew Jędrzejewski-Szmek
3602ca6f0c meson: make user $PATH configurable
This partially reverts db11487d10 (the logic to
calculate the correct value is removed, we always use the same setting as for
the system manager). Distributions have an easy mechanism to override this if
they wish.

I think making this configurable is better, because different distros clearly
want different defaults here, and making this configurable is nice and clean.
If we don't make it configurable, distros which either have to carry patches,
or what would be worse, rely on some other configuration mechanism, like
/etc/profile. Those other solutions do not apply everywhere (they usually
require the shell to be used at some point), so it is better if we provide
a nice way to override the default.

Fixes  #13469.
2019-11-13 22:34:14 +01:00
Zbigniew Jędrzejewski-Szmek
e9f4f5667d meson: apply our -Wno-* options also in c++ calls
We compile some c++ code for tests. We would simply use the default options for
those. When the previous commit raised the default warning level, we started
getting warnings from c++ code. Let's add the most important options to the c++
command, so that we get a compilation without any warnings again.

I don't think it makes sense to add *all* the options that we add for c to the
c++ flags, because testing them takes quite a while, and the c++ compilations
are for small amounts of code, mostly to check that the headers have compatible
syntax.
2019-11-12 09:23:31 +01:00
Zbigniew Jędrzejewski-Szmek
827ca90986 meson: use warning_level=2 by default
Let's bump up the warning level, and not add by -Wextra by hand. This is the
approach recommended by meson. The idea is that all projects should be as
similar as possible to make it easier for users to switch between projects.
2019-11-12 09:23:31 +01:00
Yu Watanabe
737f140546 network: cleanup header inclusion 2019-10-30 22:23:43 +09:00
Iwan Timmer
38e053c58f resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
Increase the required version to ensure TLS 1.3 is always supported when using GnuTLS for DNS-over-TLS and allow further changes to use recent API additions.
2019-10-29 20:26:05 +01:00
Anita Zhang
7bc9ea513a meson: expand ternary in functions to if statements
Per https://github.com/mesonbuild/meson/issues/5003, ternary doesn't
always work as function args with older versions of meson.
Expand out ternary statements to stay compatible with older versions (< 0.49).
2019-10-26 11:15:56 +02:00
Zbigniew Jędrzejewski-Szmek
21d0dd5a89 meson: allow WatchdogSec= in services to be configured
As discussed on systemd-devel [1], in Fedora we get lots of abrt reports
about the watchdog firing [2], but 100% of them seem to be caused by resource
starvation in the machine, and never actual deadlocks in the services being
monitored. Killing the services not only does not improve anything, but it
makes the resource starvation worse, because the service needs cycles to restart,
and coredump processing is also fairly expensive. This adds a configuration option
to allow the value to be changed. If the setting is not set, there is no change.

My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases
where a service is actually hanging.

[1] https://lists.freedesktop.org/archives/systemd-devel/2019-October/043618.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1300212
2019-10-25 17:20:24 +02:00
Zbigniew Jędrzejewski-Szmek
4f10b80786 Rename udev's hwdb/ to hwdb.d/
As in the parent commit, this makes the name consistent with the
rest of the source tree and the actuall installation path.
2019-10-10 00:53:09 +01:00
Zbigniew Jędrzejewski-Szmek
ef2ad30aee Rename udev's rules/ to rules.d/
This change is only about the source tree. We have tmpfiles.d/, modprobe.d/,
sysctl.d/, and sysusers.d/, but for historical reasons, rules/ didn't fit this
pattern. We also *install* it as rules.d/. Let's rename to be consistent.
2019-10-10 00:53:09 +01:00
Mario Limonciello
b61d777abe rules: Add automatic suspend udev rules
The ChromeOS ecosystem has a large amount of testing, both automated
and manual across devices including measurement of power regressions.

It's safe to assume that any of these devices will handle USB
auto-suspend appropriately.  Use the script from ChromeOS
https://chromium.googlesource.com/chromiumos/platform2/+/master/power_manager/udev/gen_autosuspend_rules.py
to generate udev rules at build time.

This script in systemd `tools/chromeos/gen_autosuspend_rules.py` should be kept
in sync with the ChromeOS version of the script.

Manually added autosuspend devices should be placed in the new
template `rules/61-autosuspend-manual.rules`

Suggested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
2019-10-04 08:57:29 +02:00
Norbert Lange
68e70ac2b2 fix build with compilers with default stack-protector enabled
building systemd fails with a compiler that supports
-fstack-protector but does not enable it by default.
(will miss several __stack_chk_* symbols).

fix this by also adding the switch during linking.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
2019-10-03 12:19:29 +02:00
Jay Strict
d90874b4e2 cryptsetup: bump minimum libcryptsetup version to v2.0.1
libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide
integers for `keyfile_offset`. This change invokes the new function
call, gets rid of the warning that was added in #7689, and removes
redundant #ifdefery and constant definitions.
See https://gitlab.com/cryptsetup/cryptsetup/issues/359.

Fixes #7677.
2019-10-01 13:34:06 +02:00