musl's getopt_long() behaves something different in handling optional arguments:
```
$ journalctl _PID=1 _COMM=systemd --since 19:19:01 -n all --follow
Failed to add match 'all': Invalid argument
```
This introduces getopt_long_fix() that reorders the passed arguments to make
getopt_long() provided by musl works as what we expect.
Also, musl's getopt() always behaves POSIXLY_CORRECT mode, and stops parsing
arguments when a non-option string found. Let's always use getopt_long().
Every other log in this function is debug level, so downgrade this too.
Otherwise compiling without libcryptsetup means sd-executor logs at
error level when starting any service, regardless of whether it is
needed or not.
Fixes https://github.com/systemd/systemd/issues/39968
Follow-up for efaf5a763d
This is a follow-up for 119d332d9c and
ensures the check only is applied to the system instance of machined. It
doesn't really apply to the per-user instance, because we never want to
permit differently privileged clients access anyway.
(The process_is_owned_by_uid() call might fail if invoked unpriv, hence
there's value in not calling it if machined runs in --user mode, it's
what makes machined actually work)
Previously, we looked for scripts in the tools/ directory ad hoc,
wherever they were needed. Let's do those checks in one place.
The main meson.build file is shrunk somewhat, which is always nice.
Quite often we need to specify include_directories('.'). Normally, meson
does this automatically, but we specify implicit_include_directories : false,
see 30d20907bd for an explanation.
Passing the include_directories argument through the template layers was rather
cumbersome. Let's simplify things by always including the directory of the
first source file. This makes the definitions simpler, at the cost of having an
unnecessary include directory in the list in some cases.
(Tests are excluded from this change, because they happen to not need this, but
also because some tests have source[0] which is a custom target, and we'd need
newer meson to support that.)
… and also when it fails, in the few cases where this wasn't done already.
When I was debugging https://github.com/systemd/systemd/issues/39048, it
was quite confusing that we print copious information about D-Bus messages
and all other steps we're undertaking, but nothing about the sd-notify
messages which are much more important. Add some debug messages for the
cases where we didn't print anything. (The case where $NOTIFY_SOCKET is
not set in left unchanged. The variable is often left unset and we don't
need to spam logs in that trivial case.)
--lines=1 means that we show the last message about the unit, whatever it is:
$ SYSTEMD_LOG_LEVEL=debug systemctl --verbose start demo2
...
Invoking 'journalctl -q --follow --no-pager --lines=1 --synchronize-on-exit=yes --unit=demo2.service' as child.
...
Directory /var/log/journal/7d16833bfa924410851e2a193bcfd4ba added.
Journal effective settings seal=no keyed_hash=yes compress=ZSTD compress_threshold_bytes=8B
...
Reiterating files to get inotify watches established.
Considering root directory '/run/log/journal'.
Considering root directory '/var/log/journal'.
Considering directory '/var/log/journal/7d16833bfa924410851e2a193bcfd4ba'.
Nov 26 17:24:35 rawhide systemd[1]: Finished demo2.service.
...
Executing dbus call org.freedesktop.systemd1.Manager StartUnit(demo2.service, replace)
...
Job for demo2.service finished.
Got result done/Success for job demo2.service.
journal: Sending message: {"method":"io.systemd.Journal.Synchronize","parameters":{"offline":false}}
Nov 27 13:05:30 rawhide systemd[1]: Starting demo2.service...
Nov 27 13:05:30 rawhide systemd[1]: demo2.service: Deactivated successfully.
Nov 27 13:05:30 rawhide systemd[1]: Finished demo2.service.
...
We obviously should only show _new_ messages, hence change to --lines=0.
This works properly after the fix in the previous commit.
Fixes#39048.
If --lines=0 is given, we'd skip the setup and not invoke sd_notify,
potentially blocking the caller. Change the condition for the callback
to also include that case. Since then the callback would always be
set, the 'if' statement is not necessary anymore.
One of the pending commits in Weblate causes conflicts due to an
unfortunate timing with 9e929e4aa7, so
let's pull the changes into the main tree manually (and resolve the
conflicts).
in pcrextend we destroy pcr 11, and if we are booted in a kernel that
has pcr11 sigs, we cannot use that signature anymore. hence, let's do
the nvpcr test first, before doing the pcrextend stuff.
Fixes: #39582
Always abbreviate import/pull/export structs with their first letter
instead of only doing it in some places and using the wrong letter in
other places.
gcry_mpi_t is defined as "typedef struct gcry_mpi *gcry_mpi_t;".
When const is applied to this type, it resolves to
"struct gcry_mpi *const" instead of what we expect ("const struct gcry_mpi *").
So we end up with a const pointer to a mutable object instead of a mutable
pointer to a const object. Since the pointer passed to the function
is copied regardless, making it const has zero benefit.
You'd think we could instead stop using gcry_mpi_t and replace it with
"const struct gcry_mpi *", except that gcrypt leaked this mess into its
api, so it expects const pointers to mutable objects as well, which means
we can't take pointers to const objects as arguments, as we'd discard the qualifier
when calling a gcrypt function.
To avoid confusion, let's drop the const qualifiers from the gcry_mpi_t arguments.
Follow-up for 7336f2c748
This alignes with some other optional modules in shraed/,
and it allows dlopen_libmount() to be optimized out entirely.
Let's avoid emitting pointless symbols.
Follow-up for b3243f4bee
and 5df44d0f6a
Since we now consider this a supported senario, let's hook up
libmount loading with the high-level unit_type_supported() machinery
and gracefully skip the whole unit accordingly.
