mkosi CI: mask isc-dhcp-server units

The packages are installed to provide the dhcpd binary, used by
test/test-network/systemd-networkd-tests.py, but we don't need the units
to run, and in fact in some cases the image fails to boot because of
them:

Spawning container image on /home/runner/work/systemd/systemd/image.raw.
Press ^] three times within 1s to kill container.
● isc-dhcp-server.service  loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server
Container image failed with error code 1.
Error: Process completed with exit code 1.

Mask the units with an --extra-tree.

.github/workflows/run_mkosi.sh

@@ -7,11 +7,20 @@ set -o pipefail
 
 EC=0
 TEMPFILE="$(mktemp)"
-trap "rm -f '$TEMPFILE'" EXIT
+TEMP_EXTRA_TREE="$(mktemp --directory)"
+trap "rm -rf '$TEMPFILE' '$TEMP_EXTRA_TREE'" EXIT
+
+# We need isc-dhcp-server to be installed for the networkd unit tests, but we don't want to
+# run it by default. mktemp creates the directory as 700, so change it, otherwise it will
+# affect the image's root folder permissions.
+chmod 755 "$TEMP_EXTRA_TREE"
+mkdir -p "$TEMP_EXTRA_TREE/etc/systemd/system/"
+ln -s /dev/null "$TEMP_EXTRA_TREE/etc/systemd/system/isc-dhcp-server.service"
+ln -s /dev/null "$TEMP_EXTRA_TREE/etc/systemd/system/isc-dhcp-server6.service"
 
 for ((i = 0; i < 5; i++)); do
     EC=0
-    (sudo python3 -m mkosi "$@") |& tee "$TEMPFILE" || EC=$?
+    (sudo python3 -m mkosi --extra-tree="$TEMP_EXTRA_TREE" "$@") |& tee "$TEMPFILE" || EC=$?
     if [[ $EC -eq 0 ]]; then
         # The command passed — let's return immediately
         break

src/cryptsetup/cryptsetup-generator.c

@@ -277,7 +277,7 @@ static int print_dependencies(FILE *f, const char* device_path) {
 static int create_disk(
                 const char *name,
                 const char *device,
-                const char *password,
+                const char *key_file,
                 const char *keydev,
                 const char *headerdev,
                 const char *options,
@@ -285,7 +285,7 @@ static int create_disk(
 
         _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL,
                 *keydev_mount = NULL, *keyfile_timeout_value = NULL,
-                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL,
+                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *key_file_buffer = NULL,
                 *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         const char *dmname;
@@ -350,9 +350,9 @@ static int create_disk(
         if (r < 0)
                 return log_error_errno(r, "Failed to generate unit name: %m");
 
-        if (keydev && !password)
+        if (keydev && !key_file)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Key device is specified, but path to the password file is missing.");
+                                       "Key device is specified, but path to the key file is missing.");
 
         r = generator_open_unit_file(arg_dest, NULL, n, &f);
         if (r < 0)
@@ -388,11 +388,11 @@ static int create_disk(
                 if (r < 0)
                         return log_error_errno(r, "Failed to generate keydev umount unit: %m");
 
-                password_buffer = path_join(keydev_mount, password);
+                key_file_buffer = path_join(keydev_mount, key_file);
-                if (!password_buffer)
+                if (!key_file_buffer)
                         return log_oom();
 
-                password = password_buffer;
+                key_file = key_file_buffer;
 
                 fprintf(f, "After=%s\n", unit);
                 if (keyfile_can_timeout > 0)
@@ -462,8 +462,8 @@ static int create_disk(
                         "Before=%s\n",
                         netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
 
-        if (password && !keydev) {
+        if (key_file && !keydev) {
-                r = print_dependencies(f, password);
+                r = print_dependencies(f, key_file);
                 if (r < 0)
                         return r;
         }
@@ -495,7 +495,7 @@ static int create_disk(
         if (r < 0)
                 log_warning_errno(r, "Failed to write device timeout drop-in: %m");
 
-        r = generator_write_cryptsetup_service_section(f, name, u, password, filtered);
+        r = generator_write_cryptsetup_service_section(f, name, u, key_file, filtered);
         if (r < 0)
                 return r;
 

src/cryptsetup/cryptsetup.c

@@ -1639,7 +1639,7 @@ static int help(void) {
         if (r < 0)
                 return log_oom();
 
-        printf("%s attach VOLUME SOURCEDEVICE [PASSWORD] [OPTIONS]\n"
+        printf("%s attach VOLUME SOURCEDEVICE [KEY-FILE] [OPTIONS]\n"
                "%s detach VOLUME\n\n"
                "Attaches or detaches an encrypted block device.\n"
                "\nSee the %s for details.\n",
@@ -1721,7 +1721,7 @@ static int run(int argc, char *argv[]) {
                 unsigned tries;
                 usec_t until;
 
-                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
+                /* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [KEY-FILE] [OPTIONS] */
 
                 if (argc < 4)
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");

src/shared/generator.c

@@ -616,10 +616,10 @@ int generator_write_cryptsetup_service_section(
                 FILE *f,
                 const char *name,
                 const char *what,
-                const char *password,
+                const char *key_file,
                 const char *options) {
 
-        _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *password_escaped = NULL, *options_escaped = NULL;
+        _cleanup_free_ char *name_escaped = NULL, *what_escaped = NULL, *key_file_escaped = NULL, *options_escaped = NULL;
 
         assert(f);
         assert(name);
@@ -633,9 +633,9 @@ int generator_write_cryptsetup_service_section(
         if (!what_escaped)
                 return log_oom();
 
-        if (password) {
+        if (key_file) {
-                password_escaped = specifier_escape(password);
+                key_file_escaped = specifier_escape(key_file);
-                if (!password_escaped)
+                if (!key_file_escaped)
                         return log_oom();
         }
 
@@ -655,7 +655,7 @@ int generator_write_cryptsetup_service_section(
                 "OOMScoreAdjust=500\n"    /* Unlocking can allocate a lot of memory if Argon2 is used */
                 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
                 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
-                name_escaped, what_escaped, strempty(password_escaped), strempty(options_escaped),
+                name_escaped, what_escaped, strempty(key_file_escaped), strempty(options_escaped),
                 name_escaped);
 
         return 0;

src/systemctl/systemctl-show.c

@@ -989,6 +989,20 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m
                 }
                 break;
 
+        case SD_BUS_TYPE_UINT64:
+                if (endswith(name, "Timestamp")) {
+                        uint64_t timestamp;
+
+                        r = sd_bus_message_read_basic(m, bus_type, &timestamp);
+                        if (r < 0)
+                                return r;
+
+                        bus_print_property_value(name, expected_value, flags, FORMAT_TIMESTAMP_STYLE(timestamp, arg_timestamp_style));
+
+                        return 1;
+                }
+                break;
+
         case SD_BUS_TYPE_STRUCT:
 
                 if (contents[0] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) {