Merge pull request #16697 from yuwata/network-fix-suspend-issue

network: fix suspend issue
Merge pull request #16684 from keszybz/assorted-cleanups
2020-08-10 20:09:36 +02:00 · 2020-08-10 19:28:05 +02:00 · 2020-08-10 17:31:58 +02:00 · 2020-08-08 12:41:03 +09:00 · 2020-08-08 12:31:59 +09:00 · 2020-08-08 12:31:12 +09:00
11 changed files with 107 additions and 59 deletions
--- a/docs/AUTOMATIC_BOOT_ASSESSMENT.md
+++ b/docs/AUTOMATIC_BOOT_ASSESSMENT.md
@ -10,12 +10,11 @@ systemd provides support for automatically reverting back to the previous
 version of the OS or kernel in case the system consistently fails to boot. This
 support is built into various of its components. When used together these
 components provide a complete solution on UEFI systems, built as add-on to the
-[Boot Loader
-Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). However, the
-different components may also be used independently, and in combination with
-other software, to implement similar schemes, for example with other boot
-loaders or for non-UEFI systems. Here's a brief overview of the complete set of
-components:
+[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION).
+However, the different components may also be used independently, and in
+combination with other software, to implement similar schemes, for example with
+other boot loaders or for non-UEFI systems. Here's a brief overview of the
+complete set of components:

 * The
  [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
@ -45,11 +44,10 @@ components:

 * The `boot-complete.target` target unit (see
  [`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
-  serves as a generic extension point both for units that shall be considered
-  necessary to consider a boot successful on one side (example:
-  `systemd-boot-check-no-failures.service` as described above), and units that
-  want to act only if the boot is successful on the other (example:
-  `systemd-bless-boot.service` as described above).
+  serves as a generic extension point both for units that are necessary to
+  consider a boot successful (example: `systemd-boot-check-no-failures.service`
+  as described above), and units that want to act only if the boot is
+  successful (example: `systemd-bless-boot.service` as described above).

 * The
  [`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
--- a/hwdb.d/60-sensor.hwdb
+++ b/hwdb.d/60-sensor.hwdb
@ -111,6 +111,7 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100CHI*
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI*
 ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1

+sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnM80TA*
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA*
 sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@ -8778,7 +8778,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
  <refsect1>
    <title>Scope Unit Objects</title>

-    <para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
+    <para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
    interface (described here) in addition to the generic
    <interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>

--- a/src/boot/bless-boot.c
+++ b/src/boot/bless-boot.c
@ -34,6 +34,7 @@ static int help(int argc, char *argv[], void *userdata) {
        printf("%s [OPTIONS...] COMMAND\n"
               "\n%sMark the boot process as good or bad.%s\n"
               "\nCommands:\n"
+               "     status          Show status of current boot loader entry\n"
               "     good            Mark this boot as good\n"
               "     bad             Mark this boot as bad\n"
               "     indeterminate   Undo any marking as good or bad\n"
--- a/src/journal/journal-qrcode.c
+++ b/src/journal/journal-qrcode.c
@ -46,7 +46,7 @@ int print_qr_code(
        _cleanup_(dlclosep) void *dl = NULL;
        _cleanup_free_ char *url = NULL;
        _cleanup_fclose_ FILE *f = NULL;
-        size_t url_size = 0, i;
+        size_t url_size = 0;
        unsigned x, y;
        QRcode* qr;
        int r;
@ -79,7 +79,7 @@ int print_qr_code(

        fputs("fss://", f);

-        for (i = 0; i < seed_size; i++) {
+        for (size_t i = 0; i < seed_size; i++) {
                if (i > 0 && i % 3 == 0)
                        fputc('-', f);
                fprintf(f, "%02x", ((uint8_t*) seed)[i]);
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@ -1790,7 +1790,7 @@ static int add_syslog_identifier(sd_journal *j) {

 static int setup_keys(void) {
 #if HAVE_GCRYPT
-        size_t mpk_size, seed_size, state_size, i;
+        size_t mpk_size, seed_size, state_size;
        _cleanup_(unlink_and_freep) char *k = NULL;
        _cleanup_free_ char *p = NULL;
        uint8_t *mpk, *seed, *state;
@ -1902,52 +1902,49 @@ static int setup_keys(void) {

        k = mfree(k);

+        _cleanup_free_ char *hn = NULL;
+
        if (on_tty()) {
+                hn = gethostname_malloc();
+                if (hn)
+                        hostname_cleanup(hn);
+
+                char tsb[FORMAT_TIMESPAN_MAX];
                fprintf(stderr,
+                        "\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
                        "\n"
-                        "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
-                        "the following local file. This key file is automatically updated when the\n"
-                        "sealing key is advanced. It should not be used on multiple hosts.\n"
+                        "The %ssecret sealing key%s has been written to the following local file.\n"
+                        "This key file is automatically updated when the sealing key is advanced.\n"
+                        "It should not be used on multiple hosts.\n"
                        "\n"
                        "\t%s\n"
                        "\n"
+                        "The sealing key is automatically changed every %s.\n"
+                        "\n"
                        "Please write down the following %ssecret verification key%s. It should be stored\n"
-                        "at a safe location and should not be saved locally on disk.\n"
+                        "in a safe location and should not be saved locally on disk.\n"
                        "\n\t%s",
+                        hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
                        ansi_highlight(), ansi_normal(),
                        p,
+                        format_timespan(tsb, sizeof(tsb), arg_interval, 0),
                        ansi_highlight(), ansi_normal(),
                        ansi_highlight_red());
                fflush(stderr);
        }
-        for (i = 0; i < seed_size; i++) {
+
+        for (size_t i = 0; i < seed_size; i++) {
                if (i > 0 && i % 3 == 0)
                        putchar('-');
                printf("%02x", ((uint8_t*) seed)[i]);
        }
-
        printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);

        if (on_tty()) {
-                _cleanup_free_ char *hn = NULL;
-                char tsb[FORMAT_TIMESPAN_MAX];
-
-                fprintf(stderr,
-                        "%s\n"
-                        "The sealing key is automatically changed every %s.\n",
-                        ansi_normal(),
-                        format_timespan(tsb, sizeof(tsb), arg_interval, 0));
-
-                hn = gethostname_malloc();
-                if (hn) {
-                        hostname_cleanup(hn);
-                        fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
-                } else
-                        fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
-
+                fprintf(stderr, "%s", ansi_normal());
 #if HAVE_QRENCODE
                (void) print_qr_code(stderr,
-                                     "\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
+                                     "\nTo transfer the verification key to your phone scan the QR code below:\n",
                                     seed, seed_size,
                                     n, arg_interval,
                                     hn, machine);
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@ -487,7 +487,7 @@ static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link
        r = sd_netlink_message_get_errno(m);
        if (r < 0 && r != -EADDRNOTAVAIL)
                log_link_message_warning_errno(link, m, r, "Could not drop address");
-        else
+        else if (r >= 0)
                (void) manager_rtnl_process_address(rtnl, m, link->manager);

        return 1;
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@ -1365,7 +1365,14 @@ static int link_request_set_addresses(Link *link) {
        assert(link->network);
        assert(link->state != _LINK_STATE_INVALID);

+        if (link->address_remove_messages != 0) {
+                log_link_debug(link, "Removing old addresses, new addresses will be configured later.");
+                link->request_static_addresses = true;
+                return 0;
+        }
+
        /* Reset all *_configured flags we are configuring. */
+        link->request_static_addresses = false;
        link->addresses_configured = false;
        link->addresses_ready = false;
        link->neighbors_configured = false;
@ -2884,6 +2891,35 @@ static int link_drop_foreign_config(Link *link) {
        return 0;
 }

+static int remove_static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+        int r;
+
+        assert(m);
+        assert(link);
+        assert(link->ifname);
+        assert(link->address_remove_messages > 0);
+
+        link->address_remove_messages--;
+
+        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
+                return 1;
+
+        r = sd_netlink_message_get_errno(m);
+        if (r < 0 && r != -EADDRNOTAVAIL)
+                log_link_message_warning_errno(link, m, r, "Could not drop address");
+        else if (r >= 0)
+                (void) manager_rtnl_process_address(rtnl, m, link->manager);
+
+        if (link->address_remove_messages == 0 && link->request_static_addresses) {
+                link_set_state(link, LINK_STATE_CONFIGURING);
+                r = link_request_set_addresses(link);
+                if (r < 0)
+                        link_enter_failed(link);
+        }
+
+        return 1;
+}
+
 static int link_drop_config(Link *link) {
        Address *address, *pool_address;
        Neighbor *neighbor;
@ -2896,19 +2932,20 @@ static int link_drop_config(Link *link) {
                if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link))
                        continue;

-                r = address_remove(address, link, NULL);
+                r = address_remove(address, link, remove_static_address_handler);
                if (r < 0)
                        return r;

+                link->address_remove_messages++;
+
                /* If this address came from an address pool, clean up the pool */
-                LIST_FOREACH(addresses, pool_address, link->pool_addresses) {
+                LIST_FOREACH(addresses, pool_address, link->pool_addresses)
                        if (address_equal(address, pool_address)) {
                                LIST_REMOVE(addresses, link->pool_addresses, pool_address);
                                address_free(pool_address);
                                break;
                        }
        }
-        }

        SET_FOREACH(neighbor, link->neighbors, i) {
                r = neighbor_remove(neighbor, link, NULL);
--- a/src/network/networkd-link.h
+++ b/src/network/networkd-link.h
@ -75,6 +75,7 @@ typedef struct Link {
        LinkAddressState address_state;

        unsigned address_messages;
+        unsigned address_remove_messages;
        unsigned address_label_messages;
        unsigned neighbor_messages;
        unsigned route_messages;
@ -111,6 +112,7 @@ typedef struct Link {
        sd_ipv4ll *ipv4ll;
        bool ipv4ll_address_configured:1;

+        bool request_static_addresses:1;
        bool addresses_configured:1;
        bool addresses_ready:1;
        bool neighbors_configured:1;
--- a/src/test/test-nss.c
+++ b/src/test/test-nss.c
@ -63,6 +63,7 @@ static void* open_handle(const char* dir, const char* module, int flags) {
        if (!path || access(path, F_OK) < 0)
                path = strjoina("libnss_", module, ".so.2");

+        log_debug("Using %s", path);
        handle = dlopen(path, flags);
        if (!handle)
                log_error("Failed to load module %s: %s", module, dlerror());
@ -70,10 +71,9 @@ static void* open_handle(const char* dir, const char* module, int flags) {
 }

 static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
-        const struct gaih_addrtuple *it;
        int n = 0;

-        for (it = tuples; it; it = it->next) {
+        for (const struct gaih_addrtuple *it = tuples; it; it = it->next) {
                _cleanup_free_ char *a = NULL;
                union in_addr_union u;
                int r;
@ -147,7 +147,10 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
        fname = strjoina("_nss_", module, "_gethostbyname4_r");
        f = dlsym(handle, fname);
        log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
-        assert_se(f);
+        if (!f) {
+                log_info("%s not defined", fname);
+                return;
+        }

        status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
        if (status == NSS_STATUS_SUCCESS) {
@ -197,7 +200,10 @@ static void test_gethostbyname3_r(void *handle, const char *module, const char *
        fname = strjoina("_nss_", module, "_gethostbyname3_r");
        f = dlsym(handle, fname);
        log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
-        assert_se(f);
+        if (!f) {
+                log_info("%s not defined", fname);
+                return;
+        }

        status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
        log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
@ -223,7 +229,10 @@ static void test_gethostbyname2_r(void *handle, const char *module, const char *
        fname = strjoina("_nss_", module, "_gethostbyname2_r");
        f = dlsym(handle, fname);
        log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
-        assert_se(f);
+        if (!f) {
+                log_info("%s not defined", fname);
+                return;
+        }

        status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
        log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -247,7 +256,10 @@ static void test_gethostbyname_r(void *handle, const char *module, const char *n
        fname = strjoina("_nss_", module, "_gethostbyname_r");
        f = dlsym(handle, fname);
        log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
-        assert_se(f);
+        if (!f) {
+                log_info("%s not defined", fname);
+                return;
+        }

        status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
        log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -279,8 +291,10 @@ static void test_gethostbyaddr2_r(void *handle,

        log_full_errno(f ? LOG_DEBUG : LOG_INFO,  errno,
                       "dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
-        if (!f)
+        if (!f) {
+                log_info("%s not defined", fname);
                return;
+        }

        assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);

@ -314,8 +328,10 @@ static void test_gethostbyaddr_r(void *handle,

        log_full_errno(f ? LOG_DEBUG : LOG_INFO,  errno,
                       "dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
-        if (!f)
+        if (!f) {
+                log_info("%s not defined", fname);
                return;
+        }

        assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);

@ -395,7 +411,6 @@ static int test_one_module(const char* dir,
                           int n_addresses) {
        void *handle;
        char **name;
-        int i;

        log_info("======== %s ========", module);

@ -406,7 +421,7 @@ static int test_one_module(const char* dir,
        STRV_FOREACH(name, names)
                test_byname(handle, module, *name);

-        for (i = 0; i < n_addresses; i++)
+        for (int i = 0; i < n_addresses; i++)
                test_byaddr(handle, module,
                            &addresses[i].address,
                            FAMILY_ADDRESS_SIZE(addresses[i].family),
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@ -98,9 +98,6 @@ static void test_syscall_filter_set_find(void) {
 }

 static void test_filter_sets(void) {
-        unsigned i;
-        int r;
-
        log_info("/* %s */", __func__);

        if (!is_seccomp_available()) {
@ -112,7 +109,7 @@ static void test_filter_sets(void) {
                return;
        }

-        for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
+        for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
                pid_t pid;

                log_info("Testing %s", syscall_filter_sets[i].name);
@ -121,7 +118,7 @@ static void test_filter_sets(void) {
                assert_se(pid >= 0);

                if (pid == 0) { /* Child? */
-                        int fd;
+                        int fd, r;

                        /* If we look at the default set (or one that includes it), allow-list instead of deny-list */
                        if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
Author	SHA1	Message	Date
Lennart Poettering	3f64046cda	Merge pull request #16697 from yuwata/network-fix-suspend-issue network: fix suspend issue	2020-08-10 20:09:36 +02:00
Lennart Poettering	721bb6ed08	Merge pull request #16684 from keszybz/assorted-cleanups Assorted cleanups	2020-08-10 19:28:05 +02:00
Nicholas Narsing	a2af7e5c7e	hwdb: Add ACCEL_MOUNT_MATRIX quirk for Asus M80TA	2020-08-10 17:31:58 +02:00
Yu Watanabe	9b966cee43	network: wait for previous address removal before configuring static addresses Fixes #16696.	2020-08-08 12:41:03 +09:00
Yu Watanabe	b6766fb114	network: drop unnecessary bracket	2020-08-08 12:31:59 +09:00
Yu Watanabe	fb282d4e25	network: only process non-error message	2020-08-08 12:31:12 +09:00
Zbigniew Jędrzejewski-Szmek	d08a529518	man: fix typo	2020-08-05 19:44:53 +02:00
Zbigniew Jędrzejewski-Szmek	4ea0782649	docs: rework awkward sentence in AUTOMATIC_BOOT_ASSESSMENT	2020-08-05 19:44:37 +02:00
Zbigniew Jędrzejewski-Szmek	ddd8e23dc9	bless-boot: add missing verb to --help There is also "help" verb which duplicates the --help option. I don't think we should advertise it.	2020-08-05 12:16:03 +02:00
Zbigniew Jędrzejewski-Szmek	08554d4725	test-nss: do not assume all symbols are defined It is OK for some symbols to be missing. With this change, "test-nss sss" can be used to test nss-sss without crashing. $ build-rawhide/test-nss sss fedoraproject.org ======== sss ======== _nss_sss_gethostbyname4_r not defined _nss_sss_gethostbyname3_r not defined _nss_sss_gethostbyname3_r not defined _nss_sss_gethostbyname3_r not defined _nss_sss_gethostbyname3_r not defined _nss_sss_gethostbyname2_r("fedoraproject.org", AF_INET) → status=NSS_STATUS_NOTFOUND errno=0/--- h_errno=-1/Resolver internal error _nss_sss_gethostbyname2_r("fedoraproject.org", AF_INET6) → status=NSS_STATUS_NOTFOUND errno=0/--- h_errno=-1/Resolver internal error _nss_sss_gethostbyname2_r("fedoraproject.org", *) → status=NSS_STATUS_UNAVAIL errno=97/EAFNOSUPPORT h_errno=-1/Resolver internal error _nss_sss_gethostbyname2_r("fedoraproject.org", AF_UNIX) → status=NSS_STATUS_UNAVAIL errno=97/EAFNOSUPPORT h_errno=-1/Resolver internal error _nss_sss_gethostbyname_r("fedoraproject.org") → status=NSS_STATUS_NOTFOUND errno=0/--- h_errno=-1/Resolver internal error	2020-08-05 10:49:46 +02:00
Zbigniew Jędrzejewski-Szmek	604b163a31	test-seccomp: minor simpification	2020-08-05 10:49:46 +02:00
Zbigniew Jędrzejewski-Szmek	890e5a4d29	test-nss: modernize a bit and print path to the loaded so file This makes it easier to figure out if we're looking at the right module.	2020-08-05 10:49:46 +02:00
Zbigniew Jędrzejewski-Szmek	da012db02d	journalctl: reshuffle console message about fss keys We talked about the verification key, then about sealing keys, and then about the verification key again. Let's shorten things a bit, and divide the output in three paragraphs: one about the machine, one about the sealing keys, and one about verification keys and the qr code with them.	2020-08-05 10:49:46 +02:00