V255 stable batch #396
Merged
V255 stable batch #396
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The current output of 'systemctl list-jobs' with the --after and/or --before switches seems backwards. With artificial units # check-oil.service [Unit] Description=Check the oil level Before=engine-ready.target # fill-gas.service [Unit] Description=Fill the tank with gasoline Before=engine-ready.target # engine-ready.target [Unit] Description=The engine is ready [Unit] Description=Start the engine! After=engine-ready.target Wants=engine-ready.target running 'systemctl list-jobs --before --after' produces JOB UNIT TYPE STATE 93 check-oil.service start running └─ waiting for job 94 (engine-ready.target/start) - - 102 fill-gas.service start running └─ waiting for job 94 (engine-ready.target/start) - - 94 engine-ready.target start waiting └─ waiting for job 111 (start-engine.service/start) - - └─ blocking job 93 (check-oil.service/start) - - └─ blocking job 102 (fill-gas.service/start) - - 111 start-engine.service start waiting └─ waiting for job 1 (multi-user.target/start) - - └─ blocking job 94 (engine-ready.target/start) - - Obviously, job 93 is not waiting for job 94, but rather blocking it. (cherry picked from commit dc3058e)
…ATION_ID (cherry picked from commit 6cb8286)
(cherry picked from commit 3cb7fc5)
If a user only presses ENTER when the PIN is requested (without actually typing
the PIN), an assertion is reached and no other unlock method is requested.
```
sh-5.2# systemctl status systemd-cryptsetup@cr_root
× systemd-cryptsetup@cr_root.service - Cryptography Setup for cr_root
Loaded: loaded (/etc/crypttab; generated)
Drop-In: /etc/systemd/system/systemd-cryptsetup@.service.d
└─pcr-signature.conf
Active: failed (Result: core-dump) since Thu 2024-04-25 08:44:30 UTC; 10min ago
Docs: man:crypttab(5)
man:systemd-cryptsetup-generator(8)
man:systemd-cryptsetup@.service(8)
Process: 559 ExecStartPre=/usr/bin/pcr-signature.sh (code=exited, status=0/SUCCESS)
Process: 604 ExecStart=/usr/bin/systemd-cryptsetup attach cr_root /dev/disk/by-uuid/a8cbd937-6975-4e61-9120-ce5c03138700 none x-initrd.attach,tpm2-device=auto (code=dumped, signal=ABRT)
Main PID: 604 (code=dumped, signal=ABRT)
CPU: 19ms
Apr 25 08:44:29 localhost systemd[1]: Starting Cryptography Setup for cr_root...
Apr 25 08:44:30 localhost systemd-cryptsetup[604]: Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Main process exited, code=dumped, status=6/ABRT
Apr 25 08:44:30 localhost systemd[1]: systemd-cryptsetup@cr_root.service: Failed with result 'core-dump'.
Apr 25 08:44:30 localhost systemd[1]: Failed to start Cryptography Setup for cr_root.
```
In this case, `cryptsetup_token_open_pin()` receives an empty (non-NULL) `pin`
with `pin_size` equals to 0.
```
🔐 Please enter LUKS2 token PIN:
Breakpoint 3, cryptsetup_token_open_pin (cd=0x5555555744c0, token=0, pin=0x5555555b3cc0 "", pin_size=0, ret_password=0x7fffffffd380,
ret_password_len=0x7fffffffd378, usrptr=0x0) at ../src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:42
42 void *usrptr /* plugin defined parameter passed to crypt_activate_by_token*() API */) {
(gdb) continue
Assertion '!pin || pin_size > 0' failed at src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c:60, function cryptsetup_token_open_pin(). Aborting.
```
(cherry picked from commit 5cef6b5)
The portable profiles assume /etc/resolv.conf exists, which isn't always the case. Let's mark the mounts as optional so we don't fail to start the unit if /etc/resolv.conf doesn't exist. (cherry picked from commit f449a29)
Previously, if we encountered a non-socket fd we'd return ENOTSOCK the first time, but the subsequent times we'd return ENOMEDIUM, due to caching. Let's make sure we return the same errors all the the time. (cherry picked from commit b24c384)
(cherry picked from commit a0a09da)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> (cherry picked from commit 35dcdca)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> (cherry picked from commit 3eb329b)
(cherry picked from commit 7248912)
(cherry picked from commit 3f1c304)
Resolves: #32501 (cherry picked from commit 6a68270)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> (cherry picked from commit 2055011)
LinkLocalAddressing accepts a boolean. This can be seen by looking at `link_local_address_family_from_strong(cont char *s)` in `src/network/netword-util.c#L102-108` which falls back to `address_family_from_string`, defined two lines above (L100) using `DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN`. (cherry picked from commit 07b6924)
Signed-off-by: spdfnet <32593931+spdfnet@users.noreply.github.com> (cherry picked from commit 7fee8fa)
options Prompted by #32491 (cherry picked from commit 821bf13)
(cherry picked from commit 767d817)
The kernel headers match on __s390__ so the build fails
../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:159:6: error: Must specify a BPF target arch via __TARGET_ARCH_xxx
void BPF_KPROBE(userns_restrict_free_user_ns, struct work_struct *work) {
^
/usr/include/bpf/bpf_tracing.h:817:20: note: expanded from macro 'BPF_KPROBE'
return ____##name(___bpf_kprobe_args(args)); \
^
/usr/include/bpf/bpf_tracing.h:797:41: note: expanded from macro '___bpf_kprobe_args'
^
/usr/include/bpf/bpf_helpers.h:195:29: note: expanded from macro '___bpf_apply'
^
note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
/usr/include/bpf/bpf_tracing.h:789:72: note: expanded from macro '___bpf_kprobe_args1'
^
/usr/include/bpf/bpf_tracing.h:563:29: note: expanded from macro 'PT_REGS_PARM1'
^
<scratch space>:125:6: note: expanded from here
GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx"
(cherry picked from commit aab7bb5)
Otherwise the filenames will contain variable paths and break reproducibility (cherry picked from commit 8d6e439)
(cherry picked from commit 5bcf088)
…nd and friends Fixes #32599. (cherry picked from commit 1cca93f)
Let's only accept valid ASCII and put a size limit on reboot arguments. (cherry picked from commit b7ad477)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> (cherry picked from commit 4a06acd)
Previously, ret_boot_id was assigned even when the function failed due to an invalid monotonic timestamp stored for a journal entry. (cherry picked from commit c9df471)
This is so that systemd.directives picks up the -D argument as being supported by vmspawn. (cherry picked from commit 5cd6605)
As the former is deprecated and might not be available (i.e. on Ubuntu Noble it's only available after installing the tzdata-legacy package). (cherry picked from commit 568d979)
Since AuditMode automatically switches SetupMode on, it should be authorized to enroll SecureBoot keys. Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr> (cherry picked from commit a23a59b)
(cherry picked from commit 47eab95)
(cherry picked from commit bad6cb5)
(cherry picked from commit ac10f7e)
(cherry picked from commit 6400084)
(cherry picked from commit be6aa74)
(cherry picked from commit af1690c)
(cherry picked from commit 192a452)
(cherry picked from commit 1174ebb)
(cherry picked from commit 2dd1676)
(cherry picked from commit 3a50467)
(cherry picked from commit bc65a5e)
(cherry picked from commit 11bbc1f)
(cherry picked from commit 2c30973)
(cherry picked from commit 75c64e5)
(cherry picked from commit cd35c15)
Firstly, if we encounter an error when iterating over the directory, gather the error but continue. This is unlikely to happen, but if it happens, then it doesn't seem very useful to break the preset processing at a random point. If we can't process a unit — too bad, but since we already might have processed some units earlier, we might as well try to process the remaining ones. Secondly, add missing error codes for units that are in a bad state to the exclusion list. Those, we report them in the changes list, but consider the whole operation a success. (-ETXTBSY and -ENOLINK were missing.) Thirdly, add a message generator for -ENOLINK. Fixes systemd/systemd#21224. (cherry picked from commit a4f0e0d)
It's Canonical Event Format, not Common (cherry picked from commit bd96d63)
If the file was removed by some other program, we should just go to the next one without failing. item_do() is only used for recursive globs instead of fixed paths so skipping on missing files makes sense (unlike if the path was fixed where we should probably fail). Fixes #32691 (hopefully) (cherry picked from commit 677430b)
git restore -s origin/main hwdb.d/ test/hwdb.d
bluca
approved these changes
May 8, 2024
|
@evverx thank you for looking into the failures. |
|
centos ci (arch linux + sanitizers): So it looks like a timeout caused by the dbus policy failures. I don' think this is caused by the changes here. |
|
jammy-* seems to be stuck, i.e. the jobs have started but at moving at a glacial pace. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.