Cockpit's podman plugin needs to know the lingering status so the UI can
advertise enabling `podman-restart` (which depends on lingering to
work). Currently it relies on watching `/var/lib/systemd/linger/${user}`
but that isn't a public API.
Related: #22244
The ability to encrypt/authenticate encryption with a null key was
originally just a fallback concept for cases where during early boot we
have no host key, but the local system has no TPM2. Nowadays it is used
for other stuff as well, such as pcrlock data propagation (i.e. data
that needs no protection itself and required to properly to TPM key
derivation).
Let's give better, explicit control over null key usage, i.e. let's make
it a tristate both on the systemd-creds command line and in the Varlink
IPC to control three cases:
- the default that we allow it only if SecureBoot is off
- explicitly allowed
- explicitly refused (this is new)
Ideally systemd-creds --allow-null switch would take a boolean argument
to control this as a tristate. Alas, that would be a compat break, hence
I added --refuse-null instead (which also maps to the low-level flag for
this).
This also normalizes that the null key is always called "null key" in
messages, and not sometimes "empty key" or "fallback key".
This makes systemd-sysctl support following syntax, like
systemd-sysusers and systemd-tmpfiles:
```sh
$ /usr/lib/systemd/systemd-sysctl --inline 'foo.bar=42'
$ /usr/lib/systemd/systemd-sysctl - <<EOF
foo.bar=42
EOF
```
* From the TEST-74-AUX-UTILS.ssh.sh writing directly into
/etc/ssh/sshd_config can hide config from distro using /usr/etc.
* Using directory configuration /etc/ssh/sshd_config.d/* suits for all
cases.
Signed-off-by: val4oss <val4oss@pm.me>
Those were added before 0.61 which is our minimum version.
Dots were dropped from the end of some messages. Most messages did not have the
trailing dot.
0.63 added support for multi-line f-strings. We can't use those yet.
This adds what #39101 and #39070 did for the regular firstboot wizard
but for the homectl firstboot part: i.e. port to the generic prompt
loop, show the "chrome" bars, and mute the console.
And then it also makes querying for aux groups and shells optional,
because quite frankly, i am not sure what to answer there.
When -f/--force is used, wipefs does not call ioctl(BLKRRPART), hence
the partitions will remain in sysfs. Let's not use the option.
This also makes it use 'udevadm lock' for safety.
The keymap only really matters if there's local access to a system, i.e.
if there's actually a physical kbd directly connected to it, to apply it
to. If during firstboot we are not talked to via a VT (but via SSH,
container, or hypervisor console or so instead), then it's very unlikely
we ever are. Hence, don't ask for a keymap, and let#s shortcut the
questions asked at boot.
We only show this blurb on the first question, but the first question is
interactive anyway, hence no need to wait for input first explicitly, we
won't progress anyway without user input.
(similar for homectl's firstboot)
Before 23ac08115a, even if we failed to
create the cgroup for a unit, a cgroup runtime object for the cgroup is
created with the cgroup path. Hence, the creation of cgroup is failed,
execution of the unit will fail in posix_spawn_wrapper() and logged
something like the following:
```
systemd[1]: testservice.service: Failed to create cgroup /testslice.slice/testservice.service: Cannot allocate memory
systemd[1]: testservice.service: Failed to spawn executor: No such file or directory
systemd[1]: testservice.service: Failed to spawn 'start' task: No such file or directory
systemd[1]: testservice.service: Failed with result 'resources'.
systemd[1]: Failed to start testservice.service.
```
However, after the commit, when we failed to create the cgroup, a cgroup
runtime object is not created, hence NULL will be assigned to
ExecParameters.cgroup_path in unit_set_exec_params().
Hence, the unit process will be invoked in the init.scope.
```
systemd[1]: testservice.service: Failed to create cgroup /testslice.slice/testservice.service: Cannot allocate memory
systemd[1]: Starting testservice.service...
cat[1094]: 0::/init.scope
systemd[1]: testservice.service: Deactivated successfully.
systemd[1]: Finished testservice.service.
```
where the test service calls 'cat /proc/self/cgroup'.
To fix the issue, let's fail earlier when we failed to create cgroup.
Follow-up for 23ac08115a (v258).
We passes log level through kernel command line. It is not necessary to
set to debug level at the beginning, and set to info at the end.
This is important when a test has several subtests. If a subtest sets
log level to info at the end, then subsequent tests may not generate any
useful logs.
We intend to make self-registering machines an unprivileged operation,
but currently that would allow an unprivileged user to register a
process they own in the root namespace, and then login as any
user they like, including root, which is not ideal.
Forbid non-root from shelling into a machine that is running in
the root user namespace.
When deserializing a serialized timer unit with RandomizedDelaySec= set,
systemd should use the last inactive exit timestamp instead of current
realtime to calculate the new next elapse, so the timer unit actually
runs in the given calendar window.
Provides coverage for:
- https://github.com/systemd/systemd/issues/18678
- https://github.com/systemd/systemd/pull/27752
This also makes shebang always use env command, and drops unnecessary
'bash -c' or 'sh -c' when a signle command is invoked in the shell,
like sleep or echo.
It's not well-formed to begin with. And util-linux's mount(8)
is pretty much ubiquitously employed, hence it will be rejected
elsewhere too. Just stop pretending it is valid just because
glibc parser is sloppy.
I noticed in our NixOS packaging that we were working around the fact
that core/swap.c looks for swapon and swapoff in /sbin
Lets make it configurable just like all the other util-linux binaries
through meson and make it default to /usr/sbin/{swapon,swapoff}
This way mounts work on a systemd without the /sbin -> /usr/sbin
compatibility symlink. (And as a side-effect has NixOS be able to have
it in /nix/store too like the other util-linux tools).
Given that `unmerged-usr` support was dropped in 255 I think this is a
safe change?
Registering a process as a machine means a caller can get machined
to send sigterm to it, and more. If an unpriv user is registering,
ensure the registered process is actually owned by the user.
Follow-up for adaff8eb35
If the test VM reboots and the test re-runs, creating the images
fails as they already exist:
[ 218.227766] TEST-50-DISSECT.sh[889]: + mksquashfs testkit/ testkit.raw
[ 218.238754] TEST-50-DISSECT.sh[2964]: FATAL ERROR: Could not read $HOME, use -recovery-path or -no-recovery options
[ 218.239284] TEST-50-DISSECT.sh[2964]: Found a valid exportable SQUASHFS superblock on testkit.raw.
[ 218.239554] TEST-50-DISSECT.sh[2964]: Compression used gzip
[ 218.240176] TEST-50-DISSECT.sh[2964]: Inodes are compressed
[ 218.240459] TEST-50-DISSECT.sh[2964]: Data is compressed
[ 218.241072] TEST-50-DISSECT.sh[2964]: Fragments are compressed
[ 218.241526] TEST-50-DISSECT.sh[2964]: Xattrs are compressed
[ 218.241953] TEST-50-DISSECT.sh[2964]: Fragments are present in the filesystem
[ 218.242411] TEST-50-DISSECT.sh[2964]: Always-use-fragments option is not specified
[ 218.242843] TEST-50-DISSECT.sh[2964]: Duplicates are removed
[ 218.243560] TEST-50-DISSECT.sh[2964]: Xattrs are stored
[ 218.243889] TEST-50-DISSECT.sh[2964]: Filesystem size 0.38 Kbytes (0.00 Mbytes)
[ 218.244563] TEST-50-DISSECT.sh[2964]: Block size 131072
[ 218.245051] TEST-50-DISSECT.sh[2964]: Number of fragments 1
[ 218.245512] TEST-50-DISSECT.sh[2964]: Number of inodes 6
[ 218.245851] TEST-50-DISSECT.sh[2964]: Number of ids 1
[ 218.246393] TEST-50-DISSECT.sh[2964]: Parallel mksquashfs: Using 2 processors
[ 218.246820] TEST-50-DISSECT.sh[2964]: Scanning existing filesystem...
[ 218.247286] TEST-50-DISSECT.sh[2964]: Read existing filesystem, 5 inodes scanned
[ 218.252974] TEST-50-DISSECT.sh[2964]: Appending to existing 4.0 filesystem on testkit.raw, block size 131072
[ 218.253593] TEST-50-DISSECT.sh[2964]: All -b, -noI, -noD, -noF, -noX, -noId, -no-duplicates, -no-fragments,
[ 218.253848] TEST-50-DISSECT.sh[2964]: -always-use-fragments, -exportable and -comp options ignored
[ 218.257196] TEST-50-DISSECT.sh[2964]: If appending is not wanted, please re-run with -noappend specified!
https://github.com/systemd/systemd/actions/runs/17674609143/job/50233691148?pr=38867
The default is already to propagate the env vars, so this
was unnecessary and actually creates problem as it removes
custom PATHs
This reverts commit 994af53395.
When the test VM is accidentally rebooted, there exists the previously
created volume, and the command fails with the following:
```
TEST-64-UDEV-STORAGE.sh[282]: + lvm pvcreate -y /dev/md/mdlvm
TEST-64-UDEV-STORAGE.sh[442]: Can't initialize physical volume "/dev/md127" of volume group "mdlvm_vg" without -ff
TEST-64-UDEV-STORAGE.sh[442]: /dev/md127: physical volume not initialized.
[FAILED] Failed to start TEST-64-UDEV-STORAGE-mdadm_lvm.service.
```
Let's ignore the existence of previous volume and forcibly create new one.
Workaround for issue #38240.
Otherwise it remains there, and another test case accidentally
uses it on refresh, which then makes another later test fail,
as the hierarchy is already merged:
[ 203.969708] TEST-50-DISSECT.sh[890]: + systemd-sysext status
[ 203.981831] TEST-50-DISSECT.sh[2795]: HIERARCHY EXTENSIONS SINCE
[ 203.982196] TEST-50-DISSECT.sh[2795]: /opt app0 Mon 2025-09-08 11:49:11 UTC
[ 203.982551] TEST-50-DISSECT.sh[2795]: /usr app0 Mon 2025-09-08 11:49:11 UTC
[ 204.119772] TEST-50-DISSECT.sh[2799]: Hierarchy '/usr' is already merged.
Fixes https://github.com/systemd/systemd/issues/38282
The test occasionally fails with:
TEST-50-DISSECT.sh[3852]: Hierarchy '/usr' is already merged.
I can't really tell what is already merged as all previous ops
look as they are undone from the logs, so add status/list commands
just before the failing operation to hopefully give more info
For https://github.com/systemd/systemd/issues/38282
Previously, we have checked journal after TEST-XX-YYYYY.sh, but it was
forgotten when we switched to mkosi.
This re-enable the check but through ExecStartPost=, and drops unnecessary
workarounds for end.service. Then, this drops unnecessary end.service
and testsuite.target.
Otherwise, following debugging log will be saved and the checker for
the varlink-idl log triggers failure:
```
systemd-userwork: processing[3110]: varlink-6-6: Parameters for method
io.systemd.UserDatabase.GetUserRecord() didn't pass validation on field 'service': No anode
```
