Merge 201c169f02 into 9671efff78

NEWS: fix typo
Follow-up for dcc359010c.
2024-09-16 08:57:54 +02:00 · 2024-09-16 11:50:48 +09:00 · 2024-09-16 11:49:04 +09:00 · 2024-09-16 11:47:43 +09:00 · 2024-09-16 10:51:09 +09:00 · 2024-09-15 19:44:05 +02:00
15 changed files with 88 additions and 40 deletions
--- a/13
+++ b/13
@ -2,6 +2,15 @@ systemd System and Service Manager
 CHANGES WITH 257 in spe:
        Incompatible changes:
        * The --purge switch of systemd-tmpfiles (which was added in v256) has
          been reworked: it will now only apply to tmpfiles.d/ lines marked
          with the new "$" flag. This is an incompatible change, and means any
          tmpfiles.d/ files which shall be used together with --purge need to
          be updated accordingly. This change has been made to make it harder
          to accidentally delete too many files when using --purge incorrectly.
        Announcements of Future Feature Removals and Incompatible Changes:
        * Support for automatic flushing of the nscd user/group database caches
@ -85,7 +94,7 @@ CHANGES WITH 257 in spe:
          /usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
          systemd(1) for an detailed updated description.
-        * Ctrl-Alt-Delete is reenabled during late shutdown, so that the user
+        * Ctrl-Alt-Delete is re-enabled during late shutdown, so that the user
          can still initiate a reboot if the system freezes.
        * Unit option PrivateUsers=identity can be used to request a user
@ -202,7 +211,7 @@ CHANGES WITH 257 in spe:
          versions.
        * systemd-sysupdate gained a new --transfer-source= option to set the
-          directory to which transfer sources cofigured with
+          directory to which transfer sources configured with
          PathRelativeTo=explicit will be interpreted.
        Miscellaneous:
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
@ -115,7 +115,7 @@
    result can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section is not
    included in this PCR measurement, since it is supposed to contain signatures for the output of the
    measurement operation, and thus cannot also be input to it. If an UKI contains multiple profiles, only
-    the PE sections of the selected profile (and those of the base profile, except if overriden) are
+    the PE sections of the selected profile (and those of the base profile, except if overridden) are
    measured.</para>
    <para>If non-zero, the selected numeric profile is measured into PCR 12.</para>
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@ -152,10 +152,11 @@
      <varlistentry>
        <term><option>--purge</option></term>
-        <listitem><para>If this option is passed, all files and directories marked for
+        <listitem><para>If this option is passed, all files and directories declared for
-        <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
+        <emphasis>creation</emphasis> and marked with the <literal>$</literal> character by the
-        line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
+        <filename>tmpfiles.d/</filename> files specified on the command line will be
-        marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
+        <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories marked with
        <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
        <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
        <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
        <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@ -539,6 +539,10 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
      service, the line is silently skipped. If <literal>^</literal> and <literal>~</literal> are combined
      Base64 decoding is applied to the credential contents.</para>
      <para>If the dollar sign (<literal>$</literal>) is used, the file becomes subject to removal when
      <command>systemd-tmpfiles</command> is invoked with the <option>--purge</option> switch. Lines without
      this character are unaffected by that switch.</para>
      <para>Note that for all line types that result in creation of any kind of file node
      (i.e. <varname>f</varname>,
      <varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>,
--- a/src/network/networkd-dhcp4.c
+++ b/src/network/networkd-dhcp4.c
@ -6,6 +6,7 @@
 #include <linux/if_arp.h>
 #include "alloc-util.h"
 #include "device-private.h"
 #include "dhcp-client-internal.h"
 #include "hostname-setup.h"
 #include "hostname-util.h"
@ -1428,27 +1429,33 @@ static int dhcp4_set_request_address(Link *link) {
 }
 static bool link_needs_dhcp_broadcast(Link *link) {
        const char *val;
        int r;
        assert(link);
        assert(link->network);
        /* Return the setting in DHCP[4].RequestBroadcast if specified. Otherwise return the device property
-         * ID_NET_DHCP_BROADCAST setting, which may be set for interfaces requiring that the DHCPOFFER message
+         * ID_NET_DHCP_BROADCAST setting, which may be set for interfaces requiring that the DHCPOFFER
-         * is being broadcast because they can't  handle unicast messages while not fully configured.
+         * message is being broadcast because they can't handle unicast messages while not fully configured.
-         * If neither is set or a failure occurs, return false, which is the default for this flag.
+         * If neither is set or a failure occurs, return false, which is the default for this flag. */
         */
        r = link->network->dhcp_broadcast;
        if (r < 0 && link->dev && sd_device_get_property_value(link->dev, "ID_NET_DHCP_BROADCAST", &val) >= 0) {
                r = parse_boolean(val);
                if (r < 0)
                        log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to parse ID_NET_DHCP_BROADCAST, ignoring: %m");
                else
                        log_link_debug(link, "DHCPv4 CLIENT: Detected ID_NET_DHCP_BROADCAST='%d'.", r);
        r = link->network->dhcp_broadcast;
        if (r >= 0)
                return r;
        if (!link->dev)
                return false;
        r = device_get_property_bool(link->dev, "ID_NET_DHCP_BROADCAST");
        if (r < 0) {
                if (r != -ENOENT)
                        log_link_warning_errno(link, r, "DHCPv4 CLIENT: Failed to get or parse ID_NET_DHCP_BROADCAST, ignoring: %m");
                return false;
        }
-        return r == true;
+
        log_link_debug(link, "DHCPv4 CLIENT: Detected ID_NET_DHCP_BROADCAST='%d'.", r);
        return r;
 }
 static bool link_dhcp4_ipv6_only_mode(Link *link) {
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -5602,7 +5602,7 @@ static int run_container(
        }
        /* Note: we do not use SD_EVENT_SIGNAL_PROCMASK or sd_event_set_signal_exit(), since we want the
-         * signals to be block continously, even if we destroy the event loop and allocate a new one on
+         * signals to be block continuously, even if we destroy the event loop and allocate a new one on
         * container reboot. */
        if (arg_kill_signal > 0) {
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -170,6 +170,8 @@ typedef struct Item {
        bool try_replace:1;
        bool purge:1;
        OperationMask done;
 } Item;
@ -3046,6 +3048,9 @@ static int purge_item(Context *c, Item *i) {
        if (!needs_purge(i->type))
                return 0;
        if (!i->purge)
                return 0;
        log_debug("Running purge action for entry %c %s", (char) i->type, i->path);
        if (needs_glob(i->type))
@ -3602,7 +3607,7 @@ static int parse_line(
        ItemArray *existing;
        OrderedHashmap *h;
        bool append_or_force = false, boot = false, allow_failure = false, try_replace = false,
-                unbase64 = false, from_cred = false, missing_user_or_group = false;
+                unbase64 = false, from_cred = false, missing_user_or_group = false, purge = false;
        int r;
        assert(fname);
@ -3668,6 +3673,8 @@ static int parse_line(
                        unbase64 = true;
                else if (action[pos] == '^' && !from_cred)
                        from_cred = true;
                else if (action[pos] == '$' && !purge)
                        purge = true;
                else {
                        *invalid_config = true;
                        return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
@ -3684,6 +3691,7 @@ static int parse_line(
        i.append_or_force = append_or_force;
        i.allow_failure = allow_failure;
        i.try_replace = try_replace;
        i.purge = purge;
        r = specifier_printf(path, PATH_MAX-1, specifier_table, arg_root, NULL, &i.path);
        if (ERRNO_IS_NOINFO(r))
@ -3838,6 +3846,12 @@ static int parse_line(
                                  "Unknown command type '%c'.", (char) i.type);
        }
        if (i.purge && !needs_purge(i.type)) {
                *invalid_config = true;
                return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
                                  "Purge flag '$' combined with line type '%c' which does not support purging.", (char) i.type);
        }
        if (!should_include_path(i.path))
                return 0;
--- a/test/units/TEST-22-TMPFILES.18.sh
+++ b/test/units/TEST-22-TMPFILES.18.sh
@ -9,26 +9,39 @@ set -o pipefail
 export SYSTEMD_LOG_LEVEL=debug
 c='
-d /tmp/somedir
+d$ /tmp/somedir
-f /tmp/somedir/somefile - - - - baz
+f$ /tmp/somedir/somefile - - - - baz
 f /tmp/someotherfile - - - - qux
 '
 systemd-tmpfiles --create - <<<"$c"
 test -f /tmp/somedir/somefile
 grep -q baz /tmp/somedir/somefile
 grep -q qux /tmp/someotherfile
 systemd-tmpfiles --purge --dry-run - <<<"$c"
 test -f /tmp/somedir/somefile
 grep -q baz /tmp/somedir/somefile
 grep -q qux /tmp/someotherfile
 systemd-tmpfiles --purge - <<<"$c"
 test ! -f /tmp/somedir/somefile
 test ! -d /tmp/somedir/
 grep -q qux /tmp/someotherfile
 systemd-tmpfiles --create --purge --dry-run - <<<"$c"
 test ! -f /tmp/somedir/somefile
 test ! -d /tmp/somedir/
 grep -q qux /tmp/someotherfile
 systemd-tmpfiles --create --purge - <<<"$c"
 test -f /tmp/somedir/somefile
 grep -q baz /tmp/somedir/somefile
 grep -q qux /tmp/someotherfile
 systemd-tmpfiles --purge - <<<"$c"
 test ! -f /tmp/somedir/somefile
 test ! -d /tmp/somedir/
 grep -q qux /tmp/someotherfile
 rm /tmp/someotherfile
--- a/tmpfiles.d/20-systemd-shell-extra.conf.in
+++ b/tmpfiles.d/20-systemd-shell-extra.conf.in
@ -8,5 +8,5 @@
 # See tmpfiles.d(5) for details
 {% if LINK_SHELL_EXTRA_DROPIN %}
-L {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
+L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
 {% endif %}
--- a/tmpfiles.d/20-systemd-ssh-generator.conf.in
+++ b/tmpfiles.d/20-systemd-ssh-generator.conf.in
@ -8,7 +8,7 @@
 # See tmpfiles.d(5) for details
 {% if LINK_SSH_PROXY_DROPIN %}
-L {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
+L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
 {% endif %}
 {% if CREATE_SSHDPRIVSEPDIR %}
 d {{SSHDPRIVSEPDIR}} 0755
--- a/tmpfiles.d/legacy.conf.in
+++ b/tmpfiles.d/legacy.conf.in
@ -13,7 +13,7 @@
 d /run/lock 0755 root root -
 L /var/lock - - - - ../run/lock
 {% if CREATE_LOG_DIRS %}
-L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
+L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
 {% endif %}
 # /run/lock/subsys is used for serializing SysV service execution, and
--- a/tmpfiles.d/systemd-network.conf
+++ b/tmpfiles.d/systemd-network.conf
@ -7,7 +7,7 @@
 # See tmpfiles.d(5) for details
-d /run/systemd/netif        0755 systemd-network systemd-network -
+d$ /run/systemd/netif        0755 systemd-network systemd-network -
-d /run/systemd/netif/links  0755 systemd-network systemd-network -
+d$ /run/systemd/netif/links  0755 systemd-network systemd-network -
-d /run/systemd/netif/leases 0755 systemd-network systemd-network -
+d$ /run/systemd/netif/leases 0755 systemd-network systemd-network -
-d /var/lib/systemd/network  0755 systemd-network systemd-network -
+d$ /var/lib/systemd/network  0755 systemd-network systemd-network -
--- a/tmpfiles.d/systemd-nspawn.conf
+++ b/tmpfiles.d/systemd-nspawn.conf
@ -19,5 +19,5 @@ Q /var/lib/machines 0700 - - -
 # systemd-nspawn --ephemeral places snapshots) we are more strict, to
 # avoid removing unrelated temporary files.
-R! /var/lib/machines/.#*
+R!$ /var/lib/machines/.#*
-R! /.#machine.*
+R!$ /.#machine.*
--- a/tmpfiles.d/systemd-tmp.conf
+++ b/tmpfiles.d/systemd-tmp.conf
@ -14,10 +14,10 @@ x /var/tmp/systemd-private-%b-*
 X /var/tmp/systemd-private-%b-*/tmp
 # Remove top-level private temporary directories on each boot
-R! /tmp/systemd-private-*
+R!$ /tmp/systemd-private-*
-R! /var/tmp/systemd-private-*
+R!$ /var/tmp/systemd-private-*
 # Handle lost systemd-coredump temp files. They could be lost on old filesystems,
 # for example, after hard reboot.
 x  /var/lib/systemd/coredump/.#core*.%b*
-r! /var/lib/systemd/coredump/.#*
+r!$ /var/lib/systemd/coredump/.#*
--- a/tmpfiles.d/systemd.conf.in
+++ b/tmpfiles.d/systemd.conf.in
@ -13,11 +13,11 @@ f+! /run/utmp 0664 root utmp -
 {% endif %}
 d /run/systemd/ask-password 0755 root root -
-d /run/systemd/seats 0755 root root -
+d$ /run/systemd/seats 0755 root root -
-d /run/systemd/sessions 0755 root root -
+d$ /run/systemd/sessions 0755 root root -
-d /run/systemd/users 0755 root root -
+d$ /run/systemd/users 0755 root root -
 d /run/systemd/machines 0755 root root -
-d /run/systemd/shutdown 0755 root root -
+d$ /run/systemd/shutdown 0755 root root -
 d /run/log 0755 root root -
Author	SHA1	Message	Date
Yu Watanabe	f104fdb678	Merge `201c169f02` into `9671efff78`	2024-09-16 08:57:54 +02:00
Yu Watanabe	9671efff78	NEWS: fix typo Follow-up for `dcc359010c`.	2024-09-16 11:50:48 +09:00
Yu Watanabe	4f0bc2582e	man: fix typo Follow-up for `a632d8dd9f`.	2024-09-16 11:49:04 +09:00
Yu Watanabe	3292120adf	nspawn: fix typo Follow-up for `d7a6bb9891`.	2024-09-16 11:47:43 +09:00
Yu Watanabe	f6cc5e1c8d	Merge pull request #34393 from poettering/tmpfiles-ownership-flag tmpfiles: introduce an explicit line flag $ for enabling purge logic …	2024-09-16 10:51:09 +09:00
Lennart Poettering	a859d0d378	tmpfiles.d: add $ flag to all lines which are clearly private to our packages, and should be removed on package removal (This excludes any dirs that contain resources placed there by the user) (I also didn't bother marking resources belonging to components that are really not optional for us)	2024-09-15 19:44:05 +02:00
Lennart Poettering	db15657dfb	tmpfiles: introduce an explicit line flag $ for enabling purge logic for a line Let's make the risk of accidental misuse, and mark lines that shall be covered by --purge with an explicit new flag "$". See: #33349	2024-09-15 19:43:09 +02:00
Yu Watanabe	201c169f02	network/dhcp4: use device_get_property_bool() at link_needs_dhcp_broadcast() No functional change, just refactoring.	2024-09-16 02:42:33 +09:00