2026-04-03 21:54:58 +02:00
14 changed files with 16 additions and 209 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -401,35 +401,3 @@ and `homectl`:
  current and a future password are required, for example if the password is to
  be changed. In that case `$PASSWORD` shall carry the current (i.e. old)
  password and `$NEWPASSWORD` the new.
 `systemd-homed`:
 * `$SYSTEMD_HOME_ROOT` – defines an absolute path where to look for home
  directories/images. When unspecified defaults to `/home/`. This is useful for
  debugging purposes in order to run a secondary `systemd-homed` instance that
  operates on a different directory where home directories/images are placed.
 * `$SYSTEMD_HOME_RECORD_DIR` – defines an absolute path where to look for
  fixated home records kept on the host. When unspecified defaults to
  `/var/lib/systemd/home/`. Similar to `$SYSTEMD_HOME_ROOT` this is useful for
  debugging purposes, in order to run a secondary `systemd-homed` instance that
  operates on a record database entirely separate from the host's.
 * `$SYSTEMD_HOME_DEBUG_SUFFIX` – takes a short string that is suffixed to
  `systemd-homed`'s D-Bus and Varlink service names/sockets. This is also
  understood by `homectl`. This too is useful for running an additiona copy of
  `systemd-homed` that doesn't interfere with the host's main one.
 * `$SYSTEMD_HOMEWORK_PATH` – configures the path to the `systemd-homework`
  binary to invoke. If not specified defaults to
  `/usr/lib/systemd/systemd-homework`.
  Combining these four environment variables is pretty useful when
  debugging/developing `systemd-homed`:
 ```sh
 SYSTEMD_HOME_DEBUG_SUFFIX=foo \
      SYSTEMD_HOMEWORK_PATH=/home/lennart/projects/systemd/build/systemd-homework \
      SYSTEMD_HOME_ROOT=/home.foo/ \
      SYSTEMD_HOME_RECORD_DIR=/var/lib/systemd/home.foo/ \
      /home/lennart/projects/systemd/build/systemd-homed
 ```
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -31,12 +31,6 @@
 /* magic string to find in the binary image */
 _used_ _section_(".sdmagic") static const char magic[] = "#### LoaderInfo: systemd-boot " GIT_VERSION " ####";
 /* Makes systemd-boot available from \EFI\Linux\ for testing purposes. */
 _used_ _section_(".osrel") static const char osrel[] =
        "ID=systemd-boot\n"
        "VERSION=\"" GIT_VERSION "\"\n"
        "NAME=\"systemd-boot " GIT_VERSION "\"\n";
 enum loader_type {
        LOADER_UNDEFINED,
        LOADER_EFI,
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@ -323,15 +323,14 @@ if have_gnu_efi
                        input : so,
                        output : tuple[1],
                        command : [objcopy,
                                   '-j', '.text',
                                   '-j', '.sdata',
                                   '-j', '.sbat',
                                   '-j', '.sdmagic',
                                   '-j', '.data',
                                   '-j', '.dynamic',
                                   '-j', '.dynsym',
                                   '-j', '.osrel',
                                   '-j', '.rel*',
                                   '-j', '.sbat',
                                   '-j', '.sdata',
                                   '-j', '.sdmagic',
                                   '-j', '.text',
                                   efi_format,
                                   '@INPUT@', '@OUTPUT@'],
                        install : true,
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@ -525,7 +525,6 @@ static int save_external_coredump(
        if (lseek(fd, 0, SEEK_SET) == (off_t) -1)
                return log_error_errno(errno, "Failed to seek on coredump %s: %m", fn);
        *ret_filename = TAKE_PTR(fn);
        *ret_data_fd = TAKE_FD(fd);
        *ret_size = (uint64_t) st.st_size;
        *ret_truncated = truncated;
--- a/src/home/home-util.c
+++ b/src/home/home-util.c
@ -133,7 +133,3 @@ int bus_message_append_secret(sd_bus_message *m, UserRecord *secret) {
        return sd_bus_message_append(m, "s", formatted);
 }
 const char *home_record_dir(void) {
        return secure_getenv("SYSTEMD_HOME_RECORD_DIR") ?: "/var/lib/systemd/home/";
 }
--- a/src/home/home-util.h
+++ b/src/home/home-util.h
@ -25,5 +25,3 @@ int bus_message_append_secret(sd_bus_message *m, UserRecord *secret);
 /* Many of our operations might be slow due to crypto, fsck, recursive chown() and so on. For these
 * operations permit a *very* long timeout */
 #define HOME_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
 const char *home_record_dir(void);
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@ -300,9 +300,9 @@ int home_save_record(Home *h) {
                return r;
        (void) mkdir("/var/lib/systemd/", 0755);
-        (void) mkdir(home_record_dir(), 0700);
+        (void) mkdir("/var/lib/systemd/home/", 0700);
-        fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
+        fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
        r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
        if (r < 0)
@ -316,7 +316,7 @@ int home_unlink_record(Home *h) {
        assert(h);
-        fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
+        fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
        if (unlink(fn) < 0 && errno != ENOENT)
                return -errno;
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@ -436,7 +436,7 @@ unlink_this_file:
        if (unlinkat(dir_fd, fname, 0) < 0)
                return log_error_errno(errno, "Failed to remove empty user record file %s: %m", fname);
-        log_notice("Discovered empty user record file %s/%s, removed automatically.", home_record_dir(), fname);
+        log_notice("Discovered empty user record file /var/lib/systemd/home/%s, removed automatically.", fname);
        return 0;
 }
@ -446,10 +446,10 @@ static int manager_enumerate_records(Manager *m) {
        assert(m);
-        d = opendir(home_record_dir());
+        d = opendir("/var/lib/systemd/home/");
        if (!d)
                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
-                                      "Failed to open %s: %m", home_record_dir());
+                                      "Failed to open /var/lib/systemd/home/: %m");
        FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read record directory: %m")) {
                _cleanup_free_ char *n = NULL;
--- a/src/shared/user-record-show.c
+++ b/src/shared/user-record-show.c
@ -269,17 +269,17 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
                printf("   IO Weight: %" PRIu64 "\n", hr->io_weight);
        if (hr->access_mode != MODE_INVALID)
-                printf(" Access Mode: 0%03o\n", user_record_access_mode(hr));
+                printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr));
        if (storage == USER_LUKS) {
                printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr)));
                if (!sd_id128_is_null(hr->luks_uuid))
-                        printf("   LUKS UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->luks_uuid));
+                        printf("   LUKS UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->luks_uuid));
                if (!sd_id128_is_null(hr->partition_uuid))
-                        printf("   Part UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->partition_uuid));
+                        printf("   Part UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->partition_uuid));
                if (!sd_id128_is_null(hr->file_system_uuid))
-                        printf("     FS UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->file_system_uuid));
+                        printf("     FS UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->file_system_uuid));
                if (hr->file_system_type)
                        printf(" File System: %s\n", user_record_file_system_type(hr));
@ -307,9 +307,6 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
                if (hr->cifs_service)
                        printf("CIFS Service: %s\n", hr->cifs_service);
                if (hr->cifs_extra_mount_options)
                        printf("CIFS MntOpts: %s\n", hr->cifs_extra_mount_options);
        }
        if (hr->cifs_user_name)
--- a/test/TEST-67-INTEGRITY/Makefile
+++ b/test/TEST-67-INTEGRITY/Makefile
@ -1 +0,0 @@
 ../TEST-01-BASIC/Makefile
--- a/test/TEST-67-INTEGRITY/test.sh
+++ b/test/TEST-67-INTEGRITY/test.sh
@ -1,27 +0,0 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -e
 TEST_DESCRIPTION="dm-integrity test"
 TEST_NO_NSPAWN=1
 QEMU_TIMEOUT=300
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"
 test_append_files() {(
    instmods loop =block
    instmods dm_integrity =md
    inst_binary losetup
    inst_binary integritysetup
    inst_binary blkid
    install_dmevent
    generate_module_dependencies
 )}
 do_test "$@"
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@ -85,19 +85,10 @@ helper_wait_for_vgroup() {
 helper_wait_for_lvm_activate() {
    local vgroup="${1:?}"
    local ntries="${2:-10}"
-    local i lvm_activate_svc
+    local i
    lvm_activate_svc="lvm-activate-$vgroup.service"
    for ((i = 0; i < ntries; i++)); do
-        if systemctl -q is-active "$lvm_activate_svc"; then
+        ! systemctl -q is-active "lvm-activate-$vgroup.service" || return 0
            # Since the service is started via `systemd-run --no-block`, we need
            # to wait until it finishes, otherwise we might continue while
            # `vgchange` is still running
            if [[ "$(systemctl show -P SubState "$lvm_activate_svc")" == exited ]]; then
                return 0
            fi
        fi
        sleep .5
    done
--- a/test/units/testsuite-67.service
+++ b/test/units/testsuite-67.service
@ -1,9 +0,0 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 [Unit]
 Description=TEST-67-INTEGRITY
 After=multi-user.target
 [Service]
 ExecStartPre=rm -f /failed /testok
 ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
 Type=oneshot
--- a/test/units/testsuite-67.sh
+++ b/test/units/testsuite-67.sh
@ -1,98 +0,0 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 set -euxo pipefail
 export DM_NAME="integrity_test"
 export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
 export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
 export GEN="/var/run/systemd/generator"
 image_dir=""
 cleanup()
 {
    if [ -z "${image_dir}" ]; then
        return
    fi
    if [ -f "${image_dir}/image" ]; then
        if [ -e "${FULL_DM_DEV_NAME}" ]; then
            integritysetup close "${DM_NAME}"
        fi
        losetup -d "${loop}"
    fi
    rm -rf "${image_dir}"
 }
 trap cleanup EXIT
 build_integrity_tab()
 {
 cat << _EOL > "/etc/integritytab"
 ${DM_NAME} ${loop} - integrity-algorithm=$1
 _EOL
 }
 image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
 if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
    echo "mktemp under / failed"
    exit 1
 fi
 dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
 loop="$(losetup --show -f "${image_dir}/image")"
 if [[ ! -e ${loop} ]]; then
    echo "Loopback device created not found!"
    exit 1
 fi
 for algorithm in crc32c crc32 sha1 sha256
 do
    integritysetup format "${loop}" --batch-mode -I "${algorithm}" || exit 1
    integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" || exit 1
    mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1
    # Give userspace time to handle udev events for new FS showing up ...
    udevadm settle
    integritysetup close "${DM_NAME}" || exit 1
    # create integritytab, generate units, start service
    build_integrity_tab ${algorithm}
    # Cause the generator to re-run
    systemctl daemon-reload || exit 1
    # Check for existance of unit files...
    if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
        echo "Service file does not exist!"
        exit 1
    fi
    # Make sure we are in a consistent state, e.g. not already active before we start
    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
    systemctl start systemd-integritysetup@"${DM_NAME}".service || exit 1
    # Check the signature on the FS to ensure we can retrieve it and that is matches
    if [ -e "${FULL_DM_DEV_NAME}" ]; then
        if [ "${FULL_DM_DEV_NAME}" != "$(blkid -U "${FS_UUID}")" ]; then
            echo "Failed to locate FS with matching UUID!"
            exit 1
        fi
    else
        echo "Failed to bring up integrity device!"
        exit 1
    fi
    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
    if [ -e "${FULL_DM_DEV_NAME}" ]; then
        echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stoping unit!"
        exit 1
    fi
 done
 echo OK >/testok