summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-01-22shared/acl-util: add mask only when needed, always add base ACLsZbigniew Jędrzejewski-Szmek
For ACLs to be valid, a set of entries for user, group, and other must be always present. Always add those entries. While at it, only add the mask ACL if it is actually required, i.e. when at least on ACL for non-owner group or user exists.
2015-01-22tmpfiles: use ACL magic on journal directoriesZbigniew Jędrzejewski-Szmek
2015-01-22tmpfiles: implement augmenting of existing ACLsZbigniew Jędrzejewski-Szmek
This is much more useful in practice (equivalent to setfacl -m).
2015-01-22tmpfiles: make t and a globby, add their recursive versions T and AZbigniew Jędrzejewski-Szmek
For types which adapt existing files it is generally more useful to accept globs. In analogy to z and Z, add recursive versions using uppercase letters. Technically, making a accept globs is backwards incompatible, but in practice it probably isn't yet widely used and we can assume that most people don't create files with wildcards in names. Functions which are used as callbacks, but not directly on items, are renamed not to have "item_" prefix.
2015-01-22tmpfiles: make recursive operation genericZbigniew Jędrzejewski-Szmek
2015-01-22tmpfiles: add 'a' type to set ACLsZbigniew Jędrzejewski-Szmek
2015-01-22tmpfiles: attach an array of items to each pathZbigniew Jędrzejewski-Szmek
The data structure used by tmpfiles is changed: instead of hashmaps mapping {path → Item*} we now have hashmaps containing {path -> ItemArray}, where ItemArray contains a pointer to an array of Items. For current code it doesn't matter much, but when we add new types it is easier to simply add a new Item for a given path, then to coalesce multiple lines into one Item. In the future, this change will also make it possible to remember the file and line where each Item originates, and use that in reporting errors. Currently this is not possible, since each Item can be created from multiple lines.
2015-01-22tmpfiles: make sure not to concatenate non-absolute pathZbigniew Jędrzejewski-Szmek
If the path is absolute was only checked later. Also do not check if path if absolute if we just specified it starting with a slash.
2015-01-22tmpfiles: detect all combinations of + and !Zbigniew Jędrzejewski-Szmek
The same algorithm as with - and @ in ExecStart= is used.
2015-01-22tmpfiles: simplificationZbigniew Jędrzejewski-Szmek
Certain conditions were checked more than once. Warning message is improved.
2015-01-22catalog: update pt_BR translationRafael Ferreira
Brazilian Portuguese update for CATALOG patch, according to commit 2057124e7910c4cab7e53d26e0c3749d326ae2bb ("Grammar changes to catalog") https://bugs.freedesktop.org/show_bug.cgi?id=88588
2015-01-22shared/cgroup-show: simplify show_pid_array()Zbigniew Jędrzejewski-Szmek
int[] should not be used as pid_t[], even if happens to be same thing. Also deduplicating in a quadratic loop right before sorting is unnecessary. Remove custom greedy_realloc implementation.
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-22Fix some format strings for enums, they are signedZbigniew Jędrzejewski-Szmek
2015-01-22shared/util: use signed printf format for PIDsZbigniew Jędrzejewski-Szmek
gcc 5 started warning about this.
2015-01-22update TODOLennart Poettering
2015-01-22import: introduce new mini-daemon systemd-importd, and make machinectl a ↵Lennart Poettering
client to it The old "systemd-import" binary is now an internal tool. We still use it as asynchronous backend for systemd-importd. Since the import tool might require some IO and CPU resources (due to qcow2 explosion, and decompression), and because we might want to run it with more minimal priviliges we still keep it around as the worker binary to execute as child process of importd. machinectl now has verbs for pulling down images, cancelling them and listing them.
2015-01-22impot: minor cleanupsLennart Poettering
2015-01-22log: add new log output mode, that prints to console, but prefixes with ↵Lennart Poettering
syslog priority This is useful when we execute our own programs, reading output from its STDERR, and want to retain priority information.
2015-01-21networkd: plug lldp leakTom Gundersen
2015-01-21network: dhcp - split out dhcp_identifier_set_{iaid,duid_en} from dhcp6-clientTom Gundersen
This will also be used in dhcp4-client.
2015-01-21network: dhcp - split out the duid structure into a new header fileTom Gundersen
We will use the same in both dhcp4 and dhcp6.
2015-01-21update TODOLennart Poettering
2015-01-21import: simplify dkr importer, by making use of generic import-job logic, ↵Lennart Poettering
used by the raw and tar importers This gets us progress output as well xz/bzip2 support.
2015-01-21import: minor cleanups for the tar and raw importersLennart Poettering
2015-01-21build: Add parallel-tests automake optionMartin Pitt
We use PY_LOG_COMPILER in Makefile.am for running *.py tests, which requires automake's parallel test runner. This has only been the default from 1.13 on. As we only require automake 1.11, add it as an option explicitly.
2015-01-21sysv-generator: Replace Provides: symlinks with real unitsMartin Pitt
Since commit b7e7184 the SysV generator creates symlinks for all "Provides:" in the LSB header. However, this is too greedy; there are cases where the creation of a unit .service file fails because of an already existing symlink with the same name: - Backup files such as /etc/init.d/foo.bak still have "Provides: foo", and thus get a foo.service -> foo.bak.service link. foo.bak would not be enabled in rcN.d/, but we (deliberately) create units for all executables in init.d/ so that a manual "systemctl start" works. If foo.bak is processed before, the symlink already exists. - init.d/bar has "Provides: foo", while there also is a real init.d/foo. The former would create a link foo.service -> bar.service, while the latter would fail to create the real foo.service. If we encounter an existing symlink, just remove it before writing a real unit. Note that two init.d scripts "foo" and "bar" which both provide the same name "common" already work. The first processed init script wins and creates the "common.service" symlink, and the second just fails to create the symlink again. Thus create an additional test case for this to ensure that it keeps working sensibly. https://bugs.debian.org/775404
2015-01-21systemd-sysv-generator test: test scripts with hidden suffixesMartin Pitt
We don't expect any unit generated from temporary package manager, swap, and similar files.
2015-01-21util: Add some missing hidden_file() suffixesMartin Pitt
dpkg itself also uses *.dpkg-dist, while .dpkg-{bak,backup,remove} are being used by dpkg-maintscript-helper.
2015-01-21sysv-generator: Handle .sh suffixes when translating Provides:Martin Pitt
When deciding whether the provided name equals the file name in sysv_translate_facility(), also consider them equal if the file name has a ".sh" suffix. This was uncovered by commit b7e7184 which then created a symlink "<name>.service" to itself for ".sh" suffixed init.d scripts. For additional robustness, refuse to create symlinks to itself in add_alias(). Add test case which reproduces the bug. https://bugs.debian.org/775889
2015-01-21update TODOLennart Poettering
2015-01-21import: support downloading bzip2-encoded imagesLennart Poettering
This way, we can import CoreOS images unmodified.
2015-01-21journal: Fix syslog forwarding without CAP_SYS_ADMINChristian Seiler
In case CAP_SYS_ADMIN is missing (like in containers), one cannot fake pid in struct ucred (uid/gid are fine if CAP_SETUID/CAP_SETGID are present). Ensure that journald will try again to forward the messages to syslog without faking the SCM_CREDENTIALS pid (which isn't guaranteed to succeed anyway, since it also does the same thing if the process has already exited). With this patch, journald will no longer silently discard messages that are supposed to be sent to syslog in these situations. https://bugs.debian.org/775067
2015-01-21zsh-completion: Do not interpret escape sequences in _filter_units_by_propertyWieland Hoffmann
This makes all functions that rely on _filter_units_by_property() (like _systemctl_{stop,kill,try_restart}) work with unit names that contain backslash escaped sequences (like automount units with spaces that are escaped to "\x20").
2015-01-21systemd-sysv-generator test: fix enabled checkMartin Pitt
Fix hardcoded "foo.service", test for the actual unit parameter.
2015-01-21systemd-sysv-generator test: don't parse symlinksMartin Pitt
Generated services which are symlinks should be tested/handled differently from files, so ignore them in run_generator()'s result parsing.
2015-01-21test: add integration test for systemd-sysv-generatorMartin Pitt
This covers the general functionality as well as regression tests for recent fixes like commits b7e718 and 1ed0c19.
2015-01-21import: also add verification support to tar importerLennart Poettering
2015-01-21import: make verification code generic, in preparation for using it pull-tarLennart Poettering
2015-01-21import: improve loggingLennart Poettering
2015-01-21import: show download speed while downloadingLennart Poettering
2015-01-21import: add image verification using gpgLennart Poettering
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later.
2015-01-20test: eliminate shell wrapper for Python testMartin Pitt
Use the parallel test runner's TEST_EXTENSIONS/*_LOG_COMPILER feature (https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html) to run *.py tests through $(PYTHON), and only if we have python available/enabled. This eliminates the need of having shell wrappers, thus drop test/rules-test.sh.
2015-01-20test: simplify rules-test.sh wrapperMartin Pitt
Drop globbing of rules/*.rules in the rules-test.sh wrapper and move that logic into the actual test rule-syntax-check.py. This can still be called with individual rules files, but when being called without arguments it will now process all top_builddir/rules/*.rules. Preparation for dropping the shell wrappers altogether.
2015-01-20nspawn: work around kernel bug with partition table probing on loopback devicesLennart Poettering
When we set up a loopback device with partition probing, the udev "change" event about the configured device is first passed on to userspace, only the the in-kernel partition prober is started. Since partition probing fails with EBUSY when somebody has the device open, the probing frequently fails since udev starts probing/opening the device as soon as it gets the notification about it, and it might do so earlier than the kernel probing. This patch adds a (hopefully temporary) work-around for this, that compares the number of probed partitions of the kernel with those of blkid and synchronously asks for reprobing until the numebrs are in sync. This really deserves a proper kernel fix.
2015-01-20import: add a couple of additional suffixes to remove from raw imagesLennart Poettering
2015-01-20import: make image verification optionalLennart Poettering
2015-01-20sd-dhcp6-client: Remove unnecessary debug printoutPatrik Flykt
2015-01-20import: add a simple scheme for validating the SHA256 sums of downloaded raw ↵Lennart Poettering
files
2015-01-20import: be less aggressive when allocating memory for downloaded payloadLennart Poettering