test: call mksquashfs with -noappend to be safe on reruns

If the test VM reboots and the test re-runs, creating the images fails as they already exist: [ 218.227766] TEST-50-DISSECT.sh[889]: + mksquashfs testkit/ testkit.raw [ 218.238754] TEST-50-DISSECT.sh[2964]: FATAL ERROR: Could not read $HOME, use -recovery-path or -no-recovery options [ 218.239284] TEST-50-DISSECT.sh[2964]: Found a valid exportable SQUASHFS superblock on testkit.raw. [ 218.239554] TEST-50-DISSECT.sh[2964]: Compression used gzip [ 218.240176] TEST-50-DISSECT.sh[2964]: Inodes are compressed [ 218.240459] TEST-50-DISSECT.sh[2964]: Data is compressed [ 218.241072] TEST-50-DISSECT.sh[2964]: Fragments are compressed [ 218.241526] TEST-50-DISSECT.sh[2964]: Xattrs are compressed [ 218.241953] TEST-50-DISSECT.sh[2964]: Fragments are present in the filesystem [ 218.242411] TEST-50-DISSECT.sh[2964]: Always-use-fragments option is not specified [ 218.242843] TEST-50-DISSECT.sh[2964]: Duplicates are removed [ 218.243560] TEST-50-DISSECT.sh[2964]: Xattrs are stored [ 218.243889] TEST-50-DISSECT.sh[2964]: Filesystem size 0.38 Kbytes (0.00 Mbytes) [ 218.244563] TEST-50-DISSECT.sh[2964]: Block size 131072 [ 218.245051] TEST-50-DISSECT.sh[2964]: Number of fragments 1 [ 218.245512] TEST-50-DISSECT.sh[2964]: Number of inodes 6 [ 218.245851] TEST-50-DISSECT.sh[2964]: Number of ids 1 [ 218.246393] TEST-50-DISSECT.sh[2964]: Parallel mksquashfs: Using 2 processors [ 218.246820] TEST-50-DISSECT.sh[2964]: Scanning existing filesystem... [ 218.247286] TEST-50-DISSECT.sh[2964]: Read existing filesystem, 5 inodes scanned [ 218.252974] TEST-50-DISSECT.sh[2964]: Appending to existing 4.0 filesystem on testkit.raw, block size 131072 [ 218.253593] TEST-50-DISSECT.sh[2964]: All -b, -noI, -noD, -noF, -noX, -noId, -no-duplicates, -no-fragments, [ 218.253848] TEST-50-DISSECT.sh[2964]: -always-use-fragments, -exportable and -comp options ignored [ 218.257196] TEST-50-DISSECT.sh[2964]: If appending is not wanted, please re-run with -noappend specified! https://github.com/systemd/systemd/actions/runs/17674609143/job/50233691148?pr=38867
test: consolidate checks for unpriv nspawn support in TEST-13-NSPAWN
2025-09-24 14:24:46 +02:00 · 2025-09-15 14:42:03 +01:00 · 2025-09-15 15:39:05 +02:00 · 2025-09-15 13:42:48 +02:00 · 2025-09-15 11:22:19 +02:00 · 2025-09-15 11:11:01 +02:00
7 changed files with 53 additions and 57 deletions
--- a/meson.build
+++ b/meson.build
@ -485,6 +485,7 @@ possible_link_flags = [
        '-Wl,--fatal-warnings',
        '-Wl,-z,now',
        '-Wl,-z,relro',
+        '-Wl,-z,gcs-report-dynamic=none',
        '-Wl,--gc-sections',
 ]

--- a/src/shared/generator.c
+++ b/src/shared/generator.c
@ -26,6 +26,14 @@
 #include "tmpfile-util.h"
 #include "unit-name.h"

+static int symlink_unless_exists(const char *to, const char *from) {
+        (void) mkdir_parents(from, 0755);
+
+        if (symlink(to, from) < 0 && errno != EEXIST)
+                return log_error_errno(errno, "Failed to create symlink %s: %m", from);
+        return 0;
+}
+
 int generator_open_unit_file_full(
                const char *dir,
                const char *source,
@ -134,12 +142,7 @@ int generator_add_symlink_full(
        if (!to)
                return log_oom();

-        (void) mkdir_parents_label(to, 0755);
-
-        if (symlink(from, to) < 0 && errno != EEXIST)
-                return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to);
-
-        return 0;
+        return symlink_unless_exists(from, to);
 }

 static int generator_add_ordering(
@ -331,19 +334,16 @@ int generator_write_fsck_deps(
        }

        if (path_equal(where, "/")) {
-                const char *lnk;
-
                /* We support running the fsck instance for the root fs while it is already mounted, for
                 * compatibility with non-initrd boots. It's ugly, but it is how it is. Since – unlike for
                 * regular file systems – this means the ordering is reversed (i.e. mount *before* fsck) we
                 * have a separate fsck unit for this, independent of systemd-fsck@.service. */

-                lnk = strjoina(dir, "/" SPECIAL_LOCAL_FS_TARGET ".wants/" SPECIAL_FSCK_ROOT_SERVICE);
-
-                (void) mkdir_parents(lnk, 0755);
-                if (symlink(SYSTEM_DATA_UNIT_DIR "/" SPECIAL_FSCK_ROOT_SERVICE, lnk) < 0)
-                        return log_error_errno(errno, "Failed to create symlink %s: %m", lnk);
+                const char *lnk = strjoina(dir, "/" SPECIAL_LOCAL_FS_TARGET ".wants/" SPECIAL_FSCK_ROOT_SERVICE);

+                r = symlink_unless_exists(SYSTEM_DATA_UNIT_DIR "/" SPECIAL_FSCK_ROOT_SERVICE, lnk);
+                if (r < 0)
+                        return r;
        } else {
                _cleanup_free_ char *_fsck = NULL;
                const char *fsck, *dep;
--- a/test/run-unit-tests.py
+++ b/test/run-unit-tests.py
@ -35,12 +35,6 @@ def argument_parser():

 opts = argument_parser().parse_args()

-env = {}
-if 'SYSTEMD_LOG_LEVEL' in os.environ:
-    env['SYSTEMD_LOG_LEVEL'] = os.environ['SYSTEMD_LOG_LEVEL']
-if 'SYSTEMD_LOG_TARGET' in os.environ:
-    env['SYSTEMD_LOG_TARGET'] = os.environ['SYSTEMD_LOG_TARGET']
-
 unittestdir = pathlib.Path(__file__).parent.absolute() / 'unit-tests'

 tests = list(unittestdir.glob('test-*'))
@ -59,7 +53,7 @@ for test in sorted(tests):
        total.skip += 1
        continue

-    ex = subprocess.run(test, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, env=env)
+    ex = subprocess.run(test, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    if ex.returncode == 0:
        print(f'{GREEN}PASS: {name}{RESET_ALL}')
        total.good += 1
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@ -1208,28 +1208,6 @@ EOF
    rm -fr "$root"
 }

-can_do_rootless_nspawn() {
-    # Our create_dummy_ddi() uses squashfs and openssl.
-    command -v mksquashfs &&
-    command -v openssl &&
-
-    # mountfsd must be enabled...
-    [[ -S /run/systemd/io.systemd.MountFileSystem ]] &&
-    # ...and have pidfd support for unprivileged operation.
-    systemd-analyze compare-versions "$(uname -r)" ge 6.5 &&
-    systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" ge 124 &&
-
-    # nsresourced must be enabled...
-    [[ -S /run/systemd/userdb/io.systemd.NamespaceResource ]] &&
-    # ...and must support the UserNamespaceInterface.
-    ! (SYSTEMD_LOG_TARGET=console varlinkctl call \
-           /run/systemd/userdb/io.systemd.NamespaceResource \
-           io.systemd.NamespaceResource.AllocateUserRange \
-           '{"name":"test-supported","size":65536,"userNamespaceFileDescriptor":0}' \
-           2>&1 || true) |
-        grep -q "io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported"
-}
-
 create_dummy_ddi() {
    local outdir="${1:?}"
    local container_name="${2:?}"
--- a/test/units/TEST-13-NSPAWN.unpriv.sh
+++ b/test/units/TEST-13-NSPAWN.unpriv.sh
@ -7,12 +7,7 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh

-if [[ ! -f /usr/lib/systemd/system/systemd-mountfsd.socket ]] ||
-   [[ ! -f /usr/lib/systemd/system/systemd-nsresourced.socket ]] ||
-   ! grep -q bpf /sys/kernel/security/lsm ||
-   ! find /usr/lib* -name libbpf.so.1 2>/dev/null | grep . ||
-   systemd-analyze compare-versions "$(uname -r)" lt 6.5 ||
-   systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" lt 124; then
+if ! can_do_rootless_nspawn; then
    echo "Skipping unpriv nspawn test"
    exit 0
 fi
@ -25,8 +20,6 @@ at_exit() {

 trap at_exit EXIT

-systemctl start systemd-mountfsd.socket systemd-nsresourced.socket
-
 run0 -u testuser mkdir -p .local/state/machines

 create_dummy_container /home/testuser/.local/state/machines/zurps
--- a/test/units/TEST-50-DISSECT.dissect.sh
+++ b/test/units/TEST-50-DISSECT.dissect.sh
@ -371,7 +371,7 @@ systemctl start testservice-50d.service

 # Mount twice to exercise mount-beneath (on kernel 6.5+, on older kernels it will just overmount)
 mkdir -p /tmp/wrong/foo
-mksquashfs /tmp/wrong/foo /tmp/wrong.raw
+mksquashfs /tmp/wrong/foo /tmp/wrong.raw -noappend
 systemctl mount-image --mkdir testservice-50d.service /tmp/wrong.raw /tmp/img
 test "$(systemctl show -P SubState testservice-50d.service)" = "running"
 systemctl mount-image --mkdir testservice-50d.service "$MINIMAL_IMAGE.raw" /tmp/img root:nosuid
@ -638,14 +638,14 @@ ExecStart=bash -x -c ' \\
    while true; do sleep 1; done; \\
 '
 EOF
-mksquashfs "$VDIR/${VBASE}_1" "$VDIR2/${VBASE}_1.raw"
+mksquashfs "$VDIR/${VBASE}_1" "$VDIR2/${VBASE}_1.raw" -noappend
 systemctl start testservice-50h.service
 systemctl is-active testservice-50h.service
 # First reload should pick up the v1 marker
 systemctl reload testservice-50h.service
 grep -q -F "${VBASE}_1.marker" /tmp/markers/50h
 # Second reload should pick up the v2 marker
-mksquashfs "$VDIR/${VBASE}_2" "$VDIR2/${VBASE}_2.raw"
+mksquashfs "$VDIR/${VBASE}_2" "$VDIR2/${VBASE}_2.raw" -noappend
 systemctl reload testservice-50h.service
 grep -q -F "${VBASE}_2.marker" /tmp/markers/50h
 # Test that removing all the extensions don't cause any issues
@ -750,11 +750,11 @@ if [ "$verity_sig_supported" -eq 1 ]; then
    veritysetup status "$(cat "$MINIMAL_IMAGE.roothash")-verity" | grep -q "verified (with signature)"
 fi
 # First reload should pick up the v1 marker
-mksquashfs "$VDIR/${VBASE}_1" "$VDIR2/${VBASE}_1.raw"
+mksquashfs "$VDIR/${VBASE}_1" "$VDIR2/${VBASE}_1.raw" -noappend
 systemctl reload testservice-50k.service
 grep -q -F "${VBASE}_1.marker" /tmp/markers/50k
 # Second reload should pick up the v2 marker
-mksquashfs "$VDIR/${VBASE}_2" "$VDIR2/${VBASE}_2.raw"
+mksquashfs "$VDIR/${VBASE}_2" "$VDIR2/${VBASE}_2.raw" -noappend
 systemctl reload testservice-50k.service
 grep -q -F "${VBASE}_2.marker" /tmp/markers/50k
 # Test that removing all the extensions don't cause any issues
@ -917,7 +917,7 @@ mkdir -p /run/extensions/ testkit/usr/lib/extension-release.d/
 echo "ID=_any" >testkit/usr/lib/extension-release.d/extension-release.testkit
 echo "ARCHITECTURE=_any" >>testkit/usr/lib/extension-release.d/extension-release.testkit
 echo "MARKER_SYSEXT_123" >testkit/usr/lib/testfile
-mksquashfs testkit/ testkit.raw
+mksquashfs testkit/ testkit.raw -noappend
 cp testkit.raw /run/extensions/
 unsquashfs -l /run/extensions/testkit.raw
 systemd-dissect --no-pager /run/extensions/testkit.raw | grep -q '✓ sysext for portable service'
@ -933,7 +933,7 @@ mkdir -p /run/confexts/ testjob/etc/extension-release.d/
 echo "ID=_any" >testjob/etc/extension-release.d/extension-release.testjob
 echo "ARCHITECTURE=_any" >>testjob/etc/extension-release.d/extension-release.testjob
 echo "MARKER_CONFEXT_123" >testjob/etc/testfile
-mksquashfs testjob/ testjob.raw
+mksquashfs testjob/ testjob.raw -noappend
 cp testjob.raw /run/confexts/
 unsquashfs -l /run/confexts/testjob.raw
 systemd-dissect --no-pager /run/confexts/testjob.raw | grep -q '✓ confext for system'
--- a/test/units/util.sh
+++ b/test/units/util.sh
@ -186,6 +186,36 @@ create_dummy_container() {
    coverage_create_nspawn_dropin "$root"
 }

+can_do_rootless_nspawn() {
+    # Our create_dummy_ddi() uses squashfs and openssl.
+    command -v mksquashfs &&
+    command -v openssl &&
+
+    # Need to have bpf-lsm
+    grep -q bpf /sys/kernel/security/lsm &&
+    # ...and libbpf installed
+    find /usr/lib* -name "libbpf.so.*" 2>/dev/null | grep -q . &&
+
+    # Ensure mountfsd/nsresourced are listening
+    systemctl start systemd-mountfsd.socket systemd-nsresourced.socket &&
+
+    # mountfsd must be enabled...
+    [[ -S /run/systemd/io.systemd.MountFileSystem ]] &&
+    # ...and have pidfd support for unprivileged operation.
+    systemd-analyze compare-versions "$(uname -r)" ge 6.5 &&
+    systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" ge 124 &&
+
+    # nsresourced must be enabled...
+    [[ -S /run/systemd/userdb/io.systemd.NamespaceResource ]] &&
+    # ...and must support the UserNamespaceInterface.
+    ! (SYSTEMD_LOG_TARGET=console varlinkctl call \
+           /run/systemd/userdb/io.systemd.NamespaceResource \
+           io.systemd.NamespaceResource.AllocateUserRange \
+           '{"name":"test-supported","size":65536,"userNamespaceFileDescriptor":0}' \
+           2>&1 || true) |
+        grep -q "io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported"
+}
+
 # Bump the reboot counter and call systemctl with the given arguments
 systemctl_final() {
    local counter
Author	SHA1	Message	Date
Luca Boccassi	876c4c5129	test: call mksquashfs with -noappend to be safe on reruns If the test VM reboots and the test re-runs, creating the images fails as they already exist: [ 218.227766] TEST-50-DISSECT.sh[889]: + mksquashfs testkit/ testkit.raw [ 218.238754] TEST-50-DISSECT.sh[2964]: FATAL ERROR: Could not read $HOME, use -recovery-path or -no-recovery options [ 218.239284] TEST-50-DISSECT.sh[2964]: Found a valid exportable SQUASHFS superblock on testkit.raw. [ 218.239554] TEST-50-DISSECT.sh[2964]: Compression used gzip [ 218.240176] TEST-50-DISSECT.sh[2964]: Inodes are compressed [ 218.240459] TEST-50-DISSECT.sh[2964]: Data is compressed [ 218.241072] TEST-50-DISSECT.sh[2964]: Fragments are compressed [ 218.241526] TEST-50-DISSECT.sh[2964]: Xattrs are compressed [ 218.241953] TEST-50-DISSECT.sh[2964]: Fragments are present in the filesystem [ 218.242411] TEST-50-DISSECT.sh[2964]: Always-use-fragments option is not specified [ 218.242843] TEST-50-DISSECT.sh[2964]: Duplicates are removed [ 218.243560] TEST-50-DISSECT.sh[2964]: Xattrs are stored [ 218.243889] TEST-50-DISSECT.sh[2964]: Filesystem size 0.38 Kbytes (0.00 Mbytes) [ 218.244563] TEST-50-DISSECT.sh[2964]: Block size 131072 [ 218.245051] TEST-50-DISSECT.sh[2964]: Number of fragments 1 [ 218.245512] TEST-50-DISSECT.sh[2964]: Number of inodes 6 [ 218.245851] TEST-50-DISSECT.sh[2964]: Number of ids 1 [ 218.246393] TEST-50-DISSECT.sh[2964]: Parallel mksquashfs: Using 2 processors [ 218.246820] TEST-50-DISSECT.sh[2964]: Scanning existing filesystem... [ 218.247286] TEST-50-DISSECT.sh[2964]: Read existing filesystem, 5 inodes scanned [ 218.252974] TEST-50-DISSECT.sh[2964]: Appending to existing 4.0 filesystem on testkit.raw, block size 131072 [ 218.253593] TEST-50-DISSECT.sh[2964]: All -b, -noI, -noD, -noF, -noX, -noId, -no-duplicates, -no-fragments, [ 218.253848] TEST-50-DISSECT.sh[2964]: -always-use-fragments, -exportable and -comp options ignored [ 218.257196] TEST-50-DISSECT.sh[2964]: If appending is not wanted, please re-run with -noappend specified! https://github.com/systemd/systemd/actions/runs/17674609143/job/50233691148?pr=38867	2025-09-15 14:42:03 +01:00
Luca Boccassi	27833c409d	test: consolidate checks for unpriv nspawn support in TEST-13-NSPAWN [ 69.058386] systemd-nspawn[4371]: varlink: Sending message: {"method":"io.systemd.NamespaceResource.AllocateUserRange","parameters":{"name":"nspawn-4371-zurps","mangleName":true,"size":65536,"userNamespaceFileDescriptor":0}} [ 69.058447] systemd-nsresourcework[4339]: varlink-6-6: Received message: {"method":"io.systemd.NamespaceResource.AllocateUserRange","parameters":{"name":"nspawn-4371-zurps","mangleName":true,"size":65536,"userNamespaceFileDescriptor":0}} [ 69.058455] systemd-nsresourcework[4339]: varlink-6-6: Changing state idle-server → processing-method [ 69.058479] systemd-nsresourcework[4339]: varlink-6-6: Sending message: {"error":"io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported","parameters":{}} [ 69.058482] systemd-nsresourcework[4339]: varlink-6-6: Changing state processing-method → processed-method [ 69.058486] systemd-nsresourcework[4339]: varlink-6-6: Changing state processed-method → idle-server [ 69.058599] systemd-nspawn[4371]: varlink: Received message: {"error":"io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported","parameters":{}} [ 69.058604] systemd-nspawn[4371]: varlink: Changing state calling → called [ 69.058609] systemd-nspawn[4371]: varlink: Changing state called → idle-client [ 69.058614] systemd-nspawn[4371]: Unprivileged user namespace delegation is not supported on this system. [ 69.058637] systemd-nsresourcework[4339]: varlink-6-6: Got POLLHUP from socket. [ 69.058647] systemd-nsresourcework[4339]: varlink-6-6: Changing state idle-server → pending-disconnect [ 69.058653] systemd-nsresourcework[4339]: varlink-6-6: Changing state pending-disconnect → processing-disconnect [ 69.058656] systemd-nsresourcework[4339]: varlink-6-6: Changing state processing-disconnect → disconnected [ 69.058698] systemd-nspawn[4371]: Failed to allocate user namespace with 64K users: Operation not supported [ 69.058779] systemd[4344]: systemd-nspawn@zurps.service: Got notification message from PID 4371: STOPPING=1, STATUS=Terminating... Follow-up for bfd356da63d9fe0720f1b5a61c527c8822c3b808	2025-09-15 15:39:05 +02:00
Luca Boccassi	310ab61139	meson: link with -Wl,-z,gcs-report-dynamic=none (#38901 ) There is a botched arm64 linker transition going on, where a new feature is enabled (GCS) and the linker fails the build unless all object files being linked are built with the new specific feature. This was enabled in the toolchain (GCC 15) _before_ all libraries were rebuilt, including glibc, so everything fails. The toolchain maintainers declined to fix it and instead say that this is a useless warning to have, and to just disable it and ignore it. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110461 > systemd fails to build from source on arm64 if built with GCC-15, currently in > experimental. > > GCC-15 includes support for an arm64 security feature called Guarded Control > Stack (GCS). To help with GCS adoption, the linker warns about shared libraries > built without GCS. For example: > > /usr/lib/gcc/aarch64-linux-gnu/15/../../../aarch64-linux-gnu/libncursesw.so.6: > warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. > The dynamic loader might not enable GCS or refuse to load the program unless > all the shared library dependencies have the GCS marking. > > The warning is harmless, and can be ignored. However, systemd is built with > --fatal-warnings, and for this reason will fail to build on arm64 once GCC-15 > becomes the default compiler in Debian. [585/3230] Linking target src/core/libsystemd-core-258.so FAILED: src/core/libsystemd-core-258.so gcc -o src/core/libsystemd-core-258.so -Wl,--as-needed -Wl,--no-undefined -shared -fPIC -Wl,-soname,libsystemd-core-258.so -Wl,--whole-archive -Wl,--start-group src/core/libsystemd-core-258.a -Wl,--no-whole-archive -fstack-protector -Wl,-z,relro -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/work/src=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -O0 -g -Og -Wdate-time '-Wl,-rpath,$ORIGIN/../shared' src/shared/libsystemd-shared-258.so -shared -Wl,--version-script=/work/src/src/shared/libshared.sym /usr/lib/aarch64-linux-gnu/libacl.so /usr/lib/aarch64-linux-gnu/libaudit.so /usr/lib/aarch64-linux-gnu/libblkid.so -ldl -lm /usr/lib/aarch64-linux-gnu/libmount.so -lrt /usr/lib/aarch64-linux-gnu/libseccomp.so /usr/lib/aarch64-linux-gnu/libselinux.so -Wl,--end-group -pthread -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--gc-sections -Wl,--warn-common src/shared/libsystemd-shared-258.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libacl.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libaudit.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libblkid.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libm.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libmvec.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libmount.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libseccomp.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /usr/lib/aarch64-linux-gnu/libselinux.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/aarch64-linux-gnu/libc.so.6: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. /lib/ld-linux-aarch64.so.1: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. collect2: error: ld returned 1 exit status	2025-09-15 13:42:48 +02:00
Luca Boccassi	8fac2eb212	Revert "test: propagate log env vars in run-unit-tests.py wrapper" The default is already to propagate the env vars, so this was unnecessary and actually creates problem as it removes custom PATHs This reverts commit 994af53395df1b572e9a9addc4c9a5452f427034.	2025-09-15 11:22:19 +02:00
Zbigniew Jędrzejewski-Szmek	8a9ab3dbbc	generators: when creating symlinks, silently ignore existing links in one more place After the update to systemd 257.7 in Fedora, there are reports that we fail to create a symlink: systemd-gpt-auto-generator[585]: Failed to create symlink /run/systemd/generator/local-fs.target.wants/systemd-fsck-root.service: File exists (sd-exec-[574]: /usr/lib/systemd/system-generators/systemd-gpt-auto-generator failed with exit status 1. I guess that some other generator created the symlink. We silently ignore EEXIST in similar codepaths, so add that in one more place. (The target of the symlink doesn't really matter. The name of the link matters. So something like symlink_idempotent would not be better. For example, a different generator might use a slightly different target path, and symlink_idempotent would be too strict.)	2025-09-15 11:11:01 +02:00