Age | Commit message (Collapse) | Author |
|
Add `--value` option to systemctl and loginctl to only print values
|
|
|
|
On the server side we already bypass the polkit checks if the caller is root
(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
there is no reason to invoke polkit when running
systemctl/machinectl/loginctl/timedatectl as root.
Fixes #2748
|
|
With this option, systemctl will only print the rhs in show:
$ systemctl show -p Wants,After systemd-journald --value
systemd-journald.socket ...
systemd-journald-dev-log.socket ...
This is useful in scripts, because the need to call awk or similar
is removed.
|
|
Fix copy&paste bug in map_basic() to use the correct data type for
SD_BUS_TYPE_UINT32. Before we were copying the wrong 32 bits into the
destination pointer, resulting in complete garbage on big-endian systems.
Fixes #2927
|
|
build-sys: fix build with libgrcypt disabled
|
|
|
|
- Move gcrypt.h include inside grcrypt-util.h.
- Allow gcrypt-util.[ch] to be compiled even without gcrypt.
This allows the logic in files using gcrypt to be simplified.
- Fix compilation of systemd-resolve without gcrypt.
systemd-resolved already supported that.
Fixes #2711.
|
|
Fixes #2823.
Also remove unnecessary feof check.
|
|
Fixes:
Message: Process 806 (systemd-importd) of user 0 dumped core.
Stack trace of thread 806:
#0 0x00007f5eaeff7227 raise (libc.so.6)
#1 0x00007f5eaeff8e8a abort (libc.so.6)
#2 0x000055b6d3418f4f log_assert_failed (systemd-importd)
#3 0x000055b6d3409daf safe_close (systemd-importd)
#4 0x000055b6d33c25ea closep (systemd-importd)
#5 0x000055b6d33c38d9 setup_machine_directory (systemd-importd)
#6 0x000055b6d33b8536 method_pull_tar_or_raw (systemd-importd)
#7 0x000055b6d33ed097 method_callbacks_run (systemd-importd)
#8 0x000055b6d33ef929 object_find_and_run (systemd-importd)
#9 0x000055b6d33eff6b bus_process_object (systemd-importd)
#10 0x000055b6d3447f77 process_message (systemd-importd)
#11 0x000055b6d344815a process_running (systemd-importd)
#12 0x000055b6d3448a10 bus_process_internal (systemd-importd)
#13 0x000055b6d3448ae1 sd_bus_process (systemd-importd)
#14 0x000055b6d3449779 time_callback (systemd-importd)
#15 0x000055b6d3454ff4 source_dispatch (systemd-importd)
#16 0x000055b6d34562b9 sd_event_dispatch (systemd-importd)
#17 0x000055b6d34566f8 sd_event_run (systemd-importd)
#18 0x000055b6d33ba72a bus_event_loop_with_idle (systemd-importd)
#19 0x000055b6d33b95bc manager_run (systemd-importd)
#20 0x000055b6d33b9766 main (systemd-importd)
#21 0x00007f5eaefe2a00 __libc_start_main (libc.so.6)
#22 0x000055b6d33b5569 _start (systemd-importd)
|
|
binary_is_good translates ENOENT to 0
See https://github.com/systemd/systemd/commit/85eca92e#diff-bcad68c477b6651521e880c40b7a9b40R813
|
|
Enable more tests by default, and even more with `--enable-tests=unsafe`
|
|
|
|
This data is simply missing on non-UEFI systems, and it is useful
to distinguish that from corrupted data.
|
|
tree-wide: merge pager_open_if_enabled() to the pager_open()
|
|
Many subsystems define own pager_open_if_enabled() function which
checks '--no-pager' command line argument and open pager depends
on its value. All implementations of pager_open_if_enabled() are
the same. Let's merger this function with pager_open() from the
shared/pager.c and remove pager_open_if_enabled() from all subsytems
to prevent code duplication.
|
|
|
|
|
|
tree-wide: make ++/-- usage consistent WRT spacing
|
|
Throughout the tree there's spurious use of spaces separating ++ and --
operators from their respective operands. Make ++ and -- operator
consistent with the majority of existing uses; discard the spaces.
|
|
After all, it is pretty generic, has no external deps besides libc, and is very
similar to virt.[ch] which is also in basic/
|
|
Usually, we place the #pragma once before the copyright blurb in header files,
but in a few cases we didn't. Move those around, so that we do the same thing
everywhere.
|
|
|
|
Followup for 4524439edb7d.
|
|
https://github.com/systemd/systemd/issues/2431
Some newlines are added, but the output will still exceed 80 columns in many
cases. The fallback for oom conditions is changed from "n/a" to something
"<service>", and a similar pattern is used for the new code. This way we
have a realistic fallback for oom, which seems nicer than making the whole
function return an error code which would then have to be propagated.
$ systemctl -M fedora-rawhide restart systemd-networkd.service
Job for systemd-networkd.service failed because start of the service was attempted too often.
See "systemctl -M fedora-rawhide status systemd-networkd.service" and "journalctl -M fedora-rawhide -xe" for details.
To force a start use "systemctl -M fedora-rawhide reset-failed systemd-networkd.service"
followed by "systemctl -M fedora-rawhide start systemd-networkd.service" again.
|
|
Better support of OPENPGPKEY, CAA, TLSA packets and tests
|
|
|
|
$ systemd-resolve --openpgp zbyszek@fedoraproject.org
d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlM
yfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAyn
...
|
|
It's annoying to have the exact same function in three places.
It's stored in src/shared, but it's not added to the library to
avoid the dependency on libgcrypt.
|
|
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
|
This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as
indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code
(following the logic that 0 means "no", and USEC_INFINITY means "never").
This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated,
and sd-event considers it has indication for turning off the event source.
This also alters the deserialization of the units to restart timeouts from the time they were originally started from.
Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to
artificially prolonged timeouts if a daemon reload took place.
Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a
specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs.
This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is
removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn()
calls fail.
Fixes: #2249
|
|
Make sure we can properly process resource limit properties. Specifically, allow transient configuration of both the
soft and hard limit, the same way from the unit files. Previously, only the the hard rlimits could be configured but
they'd implicitly spill into the soft hard rlimits.
This also updates the client-side code to be able to parse hard/soft resource limit specifications. Since we need to
serialize two properties in bus_append_unit_property_assignment() now, the marshalling of the container around it is
now moved into the function itself. This has the benefit of shortening the calling code.
As a side effect this now beefs up the rlimit parser of "systemctl set-property" to understand time and disk sizes
where that's appropriate.
|
|
Let's write the property name and value in one call, when that's possible, shorthing our code a bit.
|
|
Clear up some confusion regarding the USec and Sec suffixes we use. In configuration files we usually use the Sec
suffix, to indicate the implied time unit if none is specified. The respective bus properties however use the USec
property, since they expose 64bit unsigned integers containing time in µs.
Before this patch timer units exposed a bus property AccuracyUSec (which hence is the correct name) but when parsing
transient property data would look for AccuracySec instead (which is incorrect). This patch ensures we look for
AccuracySec correctly, but keeps the code for AccuracyUSec in place for compatibility, but adds a warning to ensure
that apps are updated to use the right property.
|
|
Resolved 2
|
|
|
|
This result can only happen if the job was a reload job for an inactive unit. Make the error message actually say that.
|
|
Some minor simplifications. Shouldn't change codepaths.
|
|
Ask password unicode fix
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1301984
|
|
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something
to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception
of the root domain, taking inspiration from UNIX file system paths.
|
|
Remove gcc warnings v2
|
|
Move IDNA logic out of the normal domain name processing, and into the bus frontend calls. Previously whenever
comparing two domain names we'd implicitly do IDNA conversion so that "pöttering.de" and "xn--pttering-n4a.de" would be
considered equal. This is problematic not only for DNSSEC, but actually also against he IDNA specs.
Moreover it creates problems when encoding DNS-SD services in classic DNS. There, the specification suggests using
UTF8 encoding for the actual service name, but apply IDNA encoding to the domain suffix.
With this change IDNA conversion is done only:
- When the user passes a non-ASCII hostname when resolving a host name using ResolveHostname()
- When the user passes a non-ASCII domain suffix when resolving a service using ResolveService()
No IDNA encoding is done anymore:
- When the user does raw ResolveRecord() RR resolving
- On the service part of a DNS-SD service name
Previously, IDNA encoding was done when serializing names into packets, at a point where information whether something
is a label that needs IDNA encoding or not was not available, but at a point whether it was known whether to generate a
classic DNS packet (where IDNA applies), or an mDNS/LLMNR packet (where IDNA does not apply, and UTF8 is used instead
for all host names). With this change each DnsQuery object will now maintain two copies of the DnsQuestion to ask: one
encoded in IDNA for use with classic DNS, and one encoded in UTF8 for use with LLMNR and MulticastDNS.
|
|
equivalent
|
|
This is not particularly intrusive because it happens in simple
utility functions. It helps gcc understand that error codes
are negative.
This gets a rid of most of the remaining warnings.
|
|
empty non-terminals generally lack NSEC RRs, which means we can deduce their existance only from the fact that there
are other RRs that contain them in their suffix. Specifically, the NSEC proof for NODATA on ENTs works by sending the
NSEC whose next name is a suffix of the queried name to the client. Use this information properly.
|
|
source and zone in each RR
Having this information available is useful when we need to check whether various RRs are suitable for proofs. This
information is stored in the RRs as number of labels to skip from the beginning of the owner name to reach the
synthesizing source/signer. Simple accessor calls are then added to retrieve the signer/source from the RR using this
information.
This also moves validation of a a number of RRSIG parameters into a new call dnssec_rrsig_prepare() that as side-effect
initializes the two numeric values.
|
|
Fourteenth DNSSEC PR
|
|
When a unit was started with "systemctl --user" and it failed, error
messages is printed as "systemctl status". But it should be "systemctl
--user status".
|
|
Compare errno with zero in a way that tells gcc that
(if the condition is true) errno is positive.
|