summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2017-02-21build-sys: bump package versionLennart Poettering
2017-02-21Merge pull request #5131 from keszybz/environment-generatorsLennart Poettering
Environment generators
2017-02-20build-sys: make environment.d support conditionalZbigniew Jędrzejewski-Szmek
We have ./configure switches for various parts of non-essential functionality, let's add one for this new stuff too. Support for environment generators is not conditional — if you don't want them, just don't install any.
2017-02-20build-sys,man: load /etc/environment and describe the new environment.d syntaxRay Strode
Add support for /etc/environment and document the changes to the user manager to automatically import environment *.conf files from: ~/.config/environment.d/ /etc/environment.d/ /run/environment.d/ /usr/local/lib/environment.d/ /usr/lib/environment.d/ /etc/environment
2017-02-20environment-generator: new generator to peruse environment.dZbigniew Jędrzejewski-Szmek
Why the strange name: the prefix is necessary to follow our own advice that environment generators should have numerical prefixes. I also put -d- in the name because otherwise the name was very easy to mistake with systemd.environment-generator. This additional letter clarifies that this on special generator that supports environment.d files.
2017-02-20man: add systemd.environment-generator(7) with two examplesZbigniew Jędrzejewski-Szmek
v2: - add example files to EXTRA_DIST v3: - rework for the new scheme where nothing is written to disk v4: - use separate dirs for system and user env generators
2017-02-20manager: run environment generatorsZbigniew Jędrzejewski-Szmek
Environment file generators are a lot like unit file generators, but not exactly: 1. environment file generators are run for each manager instance, and their output is (or at least can be) individualized. The generators themselves are system-wide, the same for all users. 2. environment file generators are run sequentially, in priority order. Thus, the lifetime of those files is tied to lifecycle of the manager instance. Because generators are run sequentially, later generators can use or modify the output of earlier generators. Each generator is run with no arguments, and the whole state is stored in the environment variables. The generator can echo a set of variable assignments to standard output: VAR_A=something VAR_B=something else This output is parsed, and the next and subsequent generators run with those updated variables in the environment. After the last generator is done, the environment that the manager itself exports is updated. Each generator must return 0, otherwise the output is ignored. The generators in */user-env-generator are for the user session managers, including root, and the ones in */system-env-generator are for pid1.
2017-02-17units: enable resolved bus activation though a symlink in /etcLennart Poettering
The change: -/usr/lib/systemd/system/dbus-org.freedesktop.resolve1.service +/etc/systemd/system/dbus-org.freedesktop.resolve1.service If resolved is disabled, without this, talking to the resolved bus API will activate it regardless whether it is enabled or not, let's fix that.
2017-02-17Merge pull request #5338 from mbiebl/fix-install-tests-targetEvgeny Vereshchagin
Fix "make install-tests" when srcdir != builddir, fix valgrind-tests
2017-02-17build-sys: drop now-unneeded $SYSTEMD_TEST_DATA when running testsZbigniew Jędrzejewski-Szmek
2017-02-16tests: look for tests relative to source dir when running from build dirZbigniew Jędrzejewski-Szmek
automake helpfully sets a few variables for during build. When our executable is in a directory underneath $(abs_top_builddir), we know that we're in the build environment $(abs_top_srcdir) contains the sources, and test data is under $(abs_top_srcdir)/test. This remains true no matter where the build directory is relative to the source directory. It also works if the test executable is invoked as ./test-whatever or .libs/test-whatever, since the relative path is not used at all. When running from outside of the build directory, we should be running from the installed location and we can look for ../testdata relative to the location of the exe file. Of course, $SYSTEMD_TEST_DATA always overrides this logic.
2017-02-16Rename $TEST_DIR to $SYSTEMD_TEST_DATA, document itZbigniew Jędrzejewski-Szmek
TEST_DIR is rather generic, and we prefix all variables used by installed executables with "SYSTEMD_".
2017-02-16test: run valgrind-tests under $TESTS_ENVIRONMENTMartin Pitt
Otherwise we are missing $TEST_DIR for the test data and run the test against the system-installed binaries and keyboard/locale maps.
2017-02-16build-sys: fix "make install-tests" when srcdir != builddirMichael Biebl
Follow-up for 4f8425b8d5a3fb2e5ec24b77f1a7a95db55f532c
2017-02-16build-sys: add exec-privatedevices-[yes|no]-capability-sys-rawio to ↵Evgeny Vereshchagin
TEST_DATA_FILES This is a follow-up for 625d8769fa6394a30
2017-02-16build-sys: treat journal-data/journal-[12].txt as TEST_DATA_FILESEvgeny Vereshchagin
Fixes: ``` Found container virtualization none. Assertion 'imp.fd >= 0' failed at ../src/test/test-journal-importer.c:43, function test_basic_parsing(). Aborting. FAIL: test-journal-importer (code: 134) ``` See https://github.com/systemd/systemd/pull/5366#issuecomment-280353804
2017-02-15test-journal-importer: add a test case with broken inputZbigniew Jędrzejewski-Szmek
2017-02-15test-journal-importer: new test file to check the newly exported importer codeZbigniew Jędrzejewski-Szmek
Only one test case is added, but it is enough to check basic sanity of the code (single-line and binary fields and trusted fields, allocation and freeing).
2017-02-14Move export format parsing from src/journal-remote/ to src/basic/Zbigniew Jędrzejewski-Szmek
No functional change.
2017-02-13buildsys: add "install-tests" targetMartin Pitt
Add a new "install-tests" make target that installs our unit test-* executables and their test data files into /usr/lib/systemd/tests/. This is useful for packaging the tests to run them with root privileges or in CI. Fixes #5257
2017-02-13test: make unit tests relocatableMartin Pitt
It is useful to package test-* binaries and run them as root under autopkgtest or manually on particular machines. They currently have a built-in hardcoded absolute path to their test data, which does not work when running the test programs from any other path than the original build directory. By default, make the tests look for their data in <test_exe_directory>/testdata/ so that they can be called from any directory (provided that the corresponding test data is installed correctly). As we don't have a fixed static path in the build tree (as build and source tree are independent), set $TEST_DIR with "make check" to point to <srcdir>/test/, as we previously did with an automake variable.
2017-02-13test: move resolved test data into test/Martin Pitt
Moe test-resolve's test data from src/resolve/test-data to test/test-resolve/ to be consistent with test/test-{execute,path}/. This will make it easier to make the tests relocatable.
2017-02-12core: skip ReadOnlyPaths= and other permission-related mounts on ↵Lennart Poettering
PermissionsStartOnly= (#5309) ReadOnlyPaths=, ProtectHome=, InaccessiblePaths= and ProtectSystem= are about restricting access and little more, hence they should be disabled if PermissionsStartOnly= is used or ExecStart= lines are prefixed with a "+". Do that. (Note that we will still create namespaces and stuff, since that's about a lot more than just permissions. We'll simply disable the effect of the four options mentioned above, but nothing else mount related.) This also adds a test for this, to ensure this works as intended. No documentation updates, as the documentation are already vague enough to support the new behaviour ("If true, the permission-related execution options…"). We could clarify this further, but I think we might want to extend the switches' behaviour a bit more in future, hence leave it at this for now. Fixes: #5308
2017-02-11basic/util: move execute_directory() to separate fileZbigniew Jędrzejewski-Szmek
It's a fairly specialized function. Let's make new files for it and the tests.
2017-02-10Merge pull request #5250 from ddstreet/test-sys-nodes-scriptZbigniew Jędrzejewski-Szmek
replace test/sys.tar.xz with script to create test/sys/ contents
2017-02-11networkd: add IPv6ProxyNDPAddress support (#5174)Florian Klink
IPv6 Neighbor discovery proxy is the IPv6 equivalent to proxy ARP for IPv4. It is required when ISPs do not unconditional route IPv6 subnets to their designated target, but expect neighbor solicitation messages for every address on a link. A variable IPv6ProxyNDPAddress= is introduced to the [Network] section, each representing a IPv6 neighbour proxy entry in the neighbour table.
2017-02-10test: change Makefile.am to use sys-script.py instead of sys.tar.xzDan Streetman
2017-02-09Introduce '## ' as internal comment prefix in .in files and filter out a ↵Zbigniew Jędrzejewski-Szmek
comment (#5289) Sometimes we have comments which don't make sense outside of the systemd codebase, so let's filter them out from the user-visible files. Fixes #5286.
2017-02-05build-sys,man: describe systemd-umount and hook it up to installation (#5227)Zbigniew Jędrzejewski-Szmek
2016-12-21verity: add support for setting up verity-protected root disks in the initrdLennart Poettering
This adds a generator and a small service that will look for "roothash=" on the kernel command line and use it for setting up a very partition for the root device. This provides similar functionality to nspawn's existing --roothash= switch.
2016-12-21fstab-generator: add support for volatile bootsLennart Poettering
This adds support for a new kernel command line option "systemd.volatile=" that provides the same functionality that systemd-nspawn's --volatile= switch provides, but for host systems (i.e. systems booting with a kernel). It takes the same parameter and has the same effect. In order to implement systemd.volatile=yes a new service systemd-volatile-root.service is introduced that only runs in the initrd and rearranges the root directory as needed to become a tmpfs instance. Note that systemd.volatile=state is implemented different: it simply generates a var.mount unit file that is part of the normal boot and has no effect on the initrd execution. The way this is implemented ensures that other explicit configuration for /var can always override the effect of these options. Specifically, the var.mount unit is generated in the "late" generator directory, so that it only is in effect if nothing else overrides it.
2016-12-20nspawn: split out VolatileMode definitionsLennart Poettering
This moves the VolatileMode enum and its helper functions to src/shared/. This is useful to then reuse them to implement systemd.volatile= in a later commit.
2016-12-14build-sys: include the builddir in $PATH while testingLennart Poettering
udev-test.pl shells out systemd-detect-virt, and it really should invoke the version from the build tree instead of one supplied by the installed system, hence let's add the builddir to $PATH while building.
2016-12-13core: hook up MountFlags= to the transient unit logicLennart Poettering
This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making MountFlags= to the list of properties that may be accessed transiently.
2016-12-13core: machine_id_setup overwrites broken machine-idEvgeny Vereshchagin
2016-12-12Merge pull request #4771 from keszybz/udev-property-orderingMartin Pitt
Udev property ordering
2016-12-10Merge pull request #4844 from hadess/sensor-quirksLennart Poettering
udev: Add rules for accelerometer orientation quirks
2016-12-10udev: Add rules for accelerometer orientation quirksBastien Nocera
This commit adds a rules file to extract the properties from hwdb to set on i2c IIO devices. This is used to set the ACCEL_MOUNT_MATRIX property on IIO devices, to be consumed by iio-sensor-proxy or equivalent daemon. The hwdb file contains documentation on how to write quirks. Note however that mount information is usually exported in: - the device-tree for ARM devices - the ACPI DSDT for Intel-compatible devices but currently not extracted by the kernel. Also note that some devices have the framebuffer rotation that changes between the bootloader and the main system, which might mean that the accelerometer is then wrongly oriented. This is a missing feature in the i915 kernel driver: https://bugs.freedesktop.org/show_bug.cgi?id=94894 which needs to be fixed, and won't require quirks.
2016-12-10Merge pull request #4795 from poettering/dissectZbigniew Jędrzejewski-Szmek
Generalize image dissection logic of nspawn, and make it useful for other tools.
2016-12-08Merge pull request #4686 from poettering/machine-id-app-specificZbigniew Jędrzejewski-Szmek
Add new "khash" API and add new sd_id128_get_machine_app_specific() function
2016-12-07dissect: add support for encrypted imagesLennart Poettering
This adds support to the image dissector to deal with encrypted images (only LUKS). Given that we now have a neatly isolated image dissector codebase, let's add a new feature to it: support for automatically dealing with encrypted images. This is then exposed in systemd-dissect and nspawn. It's pretty basic: only support for passphrase-based encryption. In order to ensure that "systemd-dissect --mount" results in mount points whose backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at the moment doesn't provide a proper API for this. Thankfully, the ioctl() API is pretty easy to use.
2016-12-07dissect: add small "systemd-dissect" tool as wrapper around dissect-image.cLennart Poettering
This adds a small tool that may be used to look into OS images, and mount them to any place. This is mostly a friendlier version of test-dissect-image.c. I am not sure this should really become a proper command of systemd, hence for now do not install it into bindir, but simply libexecdir. This tool is already pretty useful since you can mount image files with it, honouring the various partitions correctly. I figure this is going to become more interesting if the dissctor learns luks and verity support.
2016-12-07util-lib: split out image dissecting code and loopback code from nspawnLennart Poettering
This adds two new APIs to systemd: - loop-util.h is a simple internal API for allocating, setting up and releasing loopback block devices. - dissect-image.h is an internal API for taking apart disk images and figuring out what the purpose of each partition is. Both APIs are basically refactored versions of similar code in nspawn. This rework should permit us to reuse this in other places than just nspawn in the future. Specifically: to implement RootImage= in the service image, similar to RootDirectory=, but operating on a disk image; to unify the gpt-auto-discovery generator code with the discovery logic in nspawn; to add new API to machined for determining the OS version of a disk image (i.e. not just running containers). This PR does not make any such changes however, it just provides the new reworked API. The reworked code is also slightly more powerful than the nspawn original one. When pointing it to an image or block device with a naked file system (i.e. no partition table) it will simply make it the root device.
2016-12-01hwdb: improve and test syntax error messagesZbigniew Jędrzejewski-Szmek
Since syntax error are non-fatal, downgrade them to warnings. Use log_syntax to have uniform formatting including the line number. State machine states like DATA and MATCH are internal, user-facing messages should use the names from hwdb(7): match, property, record. Also change "key/value" to "key-value", since there's no alternative here, both parts must be present. [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:2] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:5] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:9] Property expected, ignoring record with no properties [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:11] Key/value pair expected but got " NO_VALUE", ignoring [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:18] Property or empty line expected, got "BAD:7:match at wrong place", ignoring record [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:22] Property or empty line expected, got "BAD:8:match at wrong place", ignoring record [/tmp/tmp.KFwEhm74n4/etc/udev/hwdb.d/10-bad.hwdb:23] Match expected but got indented property " Z=z", ignoring line squash! hwdb: improve syntax error messages
2016-11-29networkctl: install zsh completion from #3062 (#4767)Gabriel Rauter
zsh autocompletion provided by #3062 will be installed when networkd is enabled.
2016-11-29core: add "khash" API to src/basic/ (as wrapper around kernel AF_ALG)Lennart Poettering
Let's take inspiration from bluez's ELL library, and let's move our cryptographic primitives away from libgcrypt and towards the kernel's AF_ALG cryptographic userspace API. In the long run we should try to remove the dependency on libgcrypt, in favour of using only the kernel's own primitives, however this is unlikely to happen anytime soon, as the kernel does not provide Elliptic Curve APIs to userspace at this time, and we need them for the DNSSEC cryptographic. This commit only covers hashing for now, symmetric encryption/decryption or even asymetric encryption/decryption is not available for now. "khash" is little more than a lightweight wrapper around the kernel's AF_ALG socket API.
2016-11-29units: add system-update-cleanup.service to guard against offline-update loopsZbigniew Jędrzejewski-Szmek
Note: the name is "system-update-cleanup.service" rather than "system-update-done.service", because it should not run normally, and also because there's already "systemd-update-done.service", and having them named so similarly would be confusing. In https://bugzilla.redhat.com/show_bug.cgi?id=1395686 the system repeatedly entered system-update.target on boot. Because of a packaging issue, the tool that created the /system-update symlink could be installed without the service unit that was supposed to perform the upgrade (and remove the symlink). In fact, if there are no units in system-update.target, and /system-update symlink is created, systemd always "hangs" in system-update.target. This is confusing for users, because there's no feedback what is happening, and fixing this requires starting an emergency shell somehow, and also knowing that the symlink must be removed. We should be more resilient in this case, and remove the symlink automatically ourselves, if there are no upgrade service to handle it. This adds a service which is started after system-update.target is reached and the symlink still exists. It nukes the symlink and reboots the machine. It should subsequently boot into the default default.target. This is a more general fix for https://bugzilla.redhat.com/show_bug.cgi?id=1395686 (the packaging issue was already fixed).
2016-11-24tests: add hwdb parsing testMartin Pitt
This calls the built "systemd-hwdb update" on the source tree's hwdb/ in a temporary directory and verifies that there are no error messages.
2016-11-23networkd: allow networkd to set the timezone in timedatedMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the timezone acquired from DHCP: systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required. Similarly to commit e8c0de912, add a polkit rule to grant org.freedesktop.timedate1.set-timezone to the "systemd-network" system user. Move the polkit rules from src/hostname/ to src/network/ to avoid too many small distributed policy snippets (there might be more in the future), as it's easier to specify the privileges for a particular subject in this case. Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for all people except those in Pacific/Honolulu, there the test doesn't prove anything -- sorry ☺ ).
2016-11-20hostnamed: allow networkd to set the transient hostnameMartin Pitt
systemd-networkd runs as user "systemd-network" and thus is not privileged to set the transient hostname: systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required. Standard polkit *.policy files do not have a syntax for granting privileges to a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules file (for polkit >= 106) that grants the "systemd-network" system user that privilege. Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to cover this. Make do_test() a bit more flexible by interpreting "coldplug==None" as "test sets up the interface by itself". Change DnsmasqClientTest to set up test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a special host name for that. Fixes #4646