user-record: show CIFS extra mount options, in output too

Follow-up for 4c2ee5c7f26fda41d7eb1250c61c85cc869a90de
test: wait until lvm-activate-$vgroup.service finishes
2026-04-03 13:44:55 +02:00 · 2021-11-06 00:27:34 +01:00 · 2021-11-05 22:48:38 +00:00 · 2021-11-05 22:47:16 +00:00 · 2021-11-05 21:17:17 +00:00 · 2021-11-05 22:11:43 +01:00
14 changed files with 209 additions and 16 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -401,3 +401,35 @@ and `homectl`:
  current and a future password are required, for example if the password is to
  be changed. In that case `$PASSWORD` shall carry the current (i.e. old)
  password and `$NEWPASSWORD` the new.
+
+`systemd-homed`:
+
+* `$SYSTEMD_HOME_ROOT` – defines an absolute path where to look for home
+  directories/images. When unspecified defaults to `/home/`. This is useful for
+  debugging purposes in order to run a secondary `systemd-homed` instance that
+  operates on a different directory where home directories/images are placed.
+
+* `$SYSTEMD_HOME_RECORD_DIR` – defines an absolute path where to look for
+  fixated home records kept on the host. When unspecified defaults to
+  `/var/lib/systemd/home/`. Similar to `$SYSTEMD_HOME_ROOT` this is useful for
+  debugging purposes, in order to run a secondary `systemd-homed` instance that
+  operates on a record database entirely separate from the host's.
+
+* `$SYSTEMD_HOME_DEBUG_SUFFIX` – takes a short string that is suffixed to
+  `systemd-homed`'s D-Bus and Varlink service names/sockets. This is also
+  understood by `homectl`. This too is useful for running an additiona copy of
+  `systemd-homed` that doesn't interfere with the host's main one.
+
+* `$SYSTEMD_HOMEWORK_PATH` – configures the path to the `systemd-homework`
+  binary to invoke. If not specified defaults to
+  `/usr/lib/systemd/systemd-homework`.
+
+  Combining these four environment variables is pretty useful when
+  debugging/developing `systemd-homed`:
+```sh
+SYSTEMD_HOME_DEBUG_SUFFIX=foo \
+      SYSTEMD_HOMEWORK_PATH=/home/lennart/projects/systemd/build/systemd-homework \
+      SYSTEMD_HOME_ROOT=/home.foo/ \
+      SYSTEMD_HOME_RECORD_DIR=/var/lib/systemd/home.foo/ \
+      /home/lennart/projects/systemd/build/systemd-homed
+```
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -31,6 +31,12 @@
 /* magic string to find in the binary image */
 _used_ _section_(".sdmagic") static const char magic[] = "#### LoaderInfo: systemd-boot " GIT_VERSION " ####";

+/* Makes systemd-boot available from \EFI\Linux\ for testing purposes. */
+_used_ _section_(".osrel") static const char osrel[] =
+        "ID=systemd-boot\n"
+        "VERSION=\"" GIT_VERSION "\"\n"
+        "NAME=\"systemd-boot " GIT_VERSION "\"\n";
+
 enum loader_type {
        LOADER_UNDEFINED,
        LOADER_EFI,
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@ -323,14 +323,15 @@ if have_gnu_efi
                        input : so,
                        output : tuple[1],
                        command : [objcopy,
-                                   '-j', '.text',
-                                   '-j', '.sdata',
-                                   '-j', '.sbat',
-                                   '-j', '.sdmagic',
                                   '-j', '.data',
                                   '-j', '.dynamic',
                                   '-j', '.dynsym',
+                                   '-j', '.osrel',
                                   '-j', '.rel*',
+                                   '-j', '.sbat',
+                                   '-j', '.sdata',
+                                   '-j', '.sdmagic',
+                                   '-j', '.text',
                                   efi_format,
                                   '@INPUT@', '@OUTPUT@'],
                        install : true,
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@ -525,6 +525,7 @@ static int save_external_coredump(
        if (lseek(fd, 0, SEEK_SET) == (off_t) -1)
                return log_error_errno(errno, "Failed to seek on coredump %s: %m", fn);

+        *ret_filename = TAKE_PTR(fn);
        *ret_data_fd = TAKE_FD(fd);
        *ret_size = (uint64_t) st.st_size;
        *ret_truncated = truncated;
--- a/src/home/home-util.c
+++ b/src/home/home-util.c
@ -133,3 +133,7 @@ int bus_message_append_secret(sd_bus_message *m, UserRecord *secret) {

        return sd_bus_message_append(m, "s", formatted);
 }
+
+const char *home_record_dir(void) {
+        return secure_getenv("SYSTEMD_HOME_RECORD_DIR") ?: "/var/lib/systemd/home/";
+}
--- a/src/home/home-util.h
+++ b/src/home/home-util.h
@ -25,3 +25,5 @@ int bus_message_append_secret(sd_bus_message *m, UserRecord *secret);
 /* Many of our operations might be slow due to crypto, fsck, recursive chown() and so on. For these
 * operations permit a *very* long timeout */
 #define HOME_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
+
+const char *home_record_dir(void);
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@ -300,9 +300,9 @@ int home_save_record(Home *h) {
                return r;

        (void) mkdir("/var/lib/systemd/", 0755);
-        (void) mkdir("/var/lib/systemd/home/", 0700);
+        (void) mkdir(home_record_dir(), 0700);

-        fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
+        fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");

        r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
        if (r < 0)
@ -316,7 +316,7 @@ int home_unlink_record(Home *h) {

        assert(h);

-        fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
+        fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
        if (unlink(fn) < 0 && errno != ENOENT)
                return -errno;

--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@ -436,7 +436,7 @@ unlink_this_file:
        if (unlinkat(dir_fd, fname, 0) < 0)
                return log_error_errno(errno, "Failed to remove empty user record file %s: %m", fname);

-        log_notice("Discovered empty user record file /var/lib/systemd/home/%s, removed automatically.", fname);
+        log_notice("Discovered empty user record file %s/%s, removed automatically.", home_record_dir(), fname);
        return 0;
 }

@ -446,10 +446,10 @@ static int manager_enumerate_records(Manager *m) {

        assert(m);

-        d = opendir("/var/lib/systemd/home/");
+        d = opendir(home_record_dir());
        if (!d)
                return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
-                                      "Failed to open /var/lib/systemd/home/: %m");
+                                      "Failed to open %s: %m", home_record_dir());

        FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read record directory: %m")) {
                _cleanup_free_ char *n = NULL;
--- a/src/shared/user-record-show.c
+++ b/src/shared/user-record-show.c
@ -269,17 +269,17 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
                printf("   IO Weight: %" PRIu64 "\n", hr->io_weight);

        if (hr->access_mode != MODE_INVALID)
-                printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr));
+                printf(" Access Mode: 0%03o\n", user_record_access_mode(hr));

        if (storage == USER_LUKS) {
                printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr)));

                if (!sd_id128_is_null(hr->luks_uuid))
-                        printf("   LUKS UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->luks_uuid));
+                        printf("   LUKS UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->luks_uuid));
                if (!sd_id128_is_null(hr->partition_uuid))
-                        printf("   Part UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->partition_uuid));
+                        printf("   Part UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->partition_uuid));
                if (!sd_id128_is_null(hr->file_system_uuid))
-                        printf("     FS UUID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->file_system_uuid));
+                        printf("     FS UUID: " SD_ID128_UUID_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(hr->file_system_uuid));

                if (hr->file_system_type)
                        printf(" File System: %s\n", user_record_file_system_type(hr));
@ -307,6 +307,9 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {

                if (hr->cifs_service)
                        printf("CIFS Service: %s\n", hr->cifs_service);
+
+                if (hr->cifs_extra_mount_options)
+                        printf("CIFS MntOpts: %s\n", hr->cifs_extra_mount_options);
        }

        if (hr->cifs_user_name)
--- a/test/TEST-67-INTEGRITY/Makefile
+++ b/test/TEST-67-INTEGRITY/Makefile
@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
--- a/test/TEST-67-INTEGRITY/test.sh
+++ b/test/TEST-67-INTEGRITY/test.sh
@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+TEST_DESCRIPTION="dm-integrity test"
+
+TEST_NO_NSPAWN=1
+QEMU_TIMEOUT=300
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+test_append_files() {(
+
+    instmods loop =block
+    instmods dm_integrity =md
+
+    inst_binary losetup
+    inst_binary integritysetup
+    inst_binary blkid
+    install_dmevent
+
+    generate_module_dependencies
+
+)}
+
+do_test "$@"
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@ -85,10 +85,19 @@ helper_wait_for_vgroup() {
 helper_wait_for_lvm_activate() {
    local vgroup="${1:?}"
    local ntries="${2:-10}"
-    local i
+    local i lvm_activate_svc

+    lvm_activate_svc="lvm-activate-$vgroup.service"
    for ((i = 0; i < ntries; i++)); do
-        ! systemctl -q is-active "lvm-activate-$vgroup.service" || return 0
+        if systemctl -q is-active "$lvm_activate_svc"; then
+            # Since the service is started via `systemd-run --no-block`, we need
+            # to wait until it finishes, otherwise we might continue while
+            # `vgchange` is still running
+            if [[ "$(systemctl show -P SubState "$lvm_activate_svc")" == exited ]]; then
+                return 0
+            fi
+        fi
+
        sleep .5
    done

--- a/test/units/testsuite-67.service
+++ b/test/units/testsuite-67.service
@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=TEST-67-INTEGRITY
+After=multi-user.target
+
+[Service]
+ExecStartPre=rm -f /failed /testok
+ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
+Type=oneshot
--- a/test/units/testsuite-67.sh
+++ b/test/units/testsuite-67.sh
@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -euxo pipefail
+
+export DM_NAME="integrity_test"
+export FULL_DM_DEV_NAME="/dev/mapper/${DM_NAME}"
+export FS_UUID="01234567-ffff-eeee-eeee-0123456789ab"
+export GEN="/var/run/systemd/generator"
+
+image_dir=""
+
+cleanup()
+{
+    if [ -z "${image_dir}" ]; then
+        return
+    fi
+
+    if [ -f "${image_dir}/image" ]; then
+        if [ -e "${FULL_DM_DEV_NAME}" ]; then
+            integritysetup close "${DM_NAME}"
+        fi
+        losetup -d "${loop}"
+    fi
+
+    rm -rf "${image_dir}"
+}
+
+trap cleanup EXIT
+
+build_integrity_tab()
+{
+cat << _EOL > "/etc/integritytab"
+${DM_NAME} ${loop} - integrity-algorithm=$1
+_EOL
+}
+
+image_dir="$(mktemp -d -t -p / integrity.tmp.XXXXXX)"
+if [ -z "${image_dir}" ] || [ ! -d "${image_dir}" ]; then
+    echo "mktemp under / failed"
+    exit 1
+fi
+
+dd if=/dev/zero of="${image_dir}/image" bs=1048576 count=64 || exit 1
+loop="$(losetup --show -f "${image_dir}/image")"
+
+if [[ ! -e ${loop} ]]; then
+    echo "Loopback device created not found!"
+    exit 1
+fi
+
+for algorithm in crc32c crc32 sha1 sha256
+do
+    integritysetup format "${loop}" --batch-mode -I "${algorithm}" || exit 1
+    integritysetup open -I "${algorithm}" "${loop}" "${DM_NAME}" || exit 1
+    mkfs.ext4 -U "${FS_UUID}" "${FULL_DM_DEV_NAME}" || exit 1
+
+    # Give userspace time to handle udev events for new FS showing up ...
+    udevadm settle
+
+    integritysetup close "${DM_NAME}" || exit 1
+
+    # create integritytab, generate units, start service
+    build_integrity_tab ${algorithm}
+
+    # Cause the generator to re-run
+    systemctl daemon-reload || exit 1
+
+    # Check for existance of unit files...
+    if [[ ! -e "/run/systemd/generator/systemd-integritysetup@${DM_NAME}.service" ]]; then
+        echo "Service file does not exist!"
+        exit 1
+    fi
+
+    # Make sure we are in a consistent state, e.g. not already active before we start
+    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
+    systemctl start systemd-integritysetup@"${DM_NAME}".service || exit 1
+
+    # Check the signature on the FS to ensure we can retrieve it and that is matches
+    if [ -e "${FULL_DM_DEV_NAME}" ]; then
+        if [ "${FULL_DM_DEV_NAME}" != "$(blkid -U "${FS_UUID}")" ]; then
+            echo "Failed to locate FS with matching UUID!"
+            exit 1
+        fi
+    else
+        echo "Failed to bring up integrity device!"
+        exit 1
+    fi
+
+    systemctl stop systemd-integritysetup@"${DM_NAME}".service || exit 1
+
+    if [ -e "${FULL_DM_DEV_NAME}" ]; then
+        echo "Expecting ${FULL_DM_DEV_NAME} to not exist after stoping unit!"
+        exit 1
+    fi
+
+done
+
+echo OK >/testok
Author	SHA1	Message	Date
Lennart Poettering	84f261853c	user-record: show CIFS extra mount options, in output too Follow-up for 4c2ee5c7f26fda41d7eb1250c61c85cc869a90de	2021-11-06 00:27:34 +01:00
Frantisek Sumsal	a0ac3652fc	test: wait until `lvm-activate-$vgroup.service` finishes The new lvm autoactivation method runs `vgchange` via `systemd-run --no-block`[0], which means that checking if the unit is in the `active` state is not enough, since the main binary might still be running. Let's fix this by waiting until the unit reaches the `exited` sub state. Follow-up to: * 29f8bef05eb9a4bb7f578b31409ca38ec1b1a069 * e50d743f99fa66c9f55e534c4e109a2cf6323f04 [0] https://sourceware.org/git/?p=lvm2.git;a=blob;f=udev/69-dm-lvm.rules.in;h=39e5b98074010745f78a7a86a05929700c9cd690;hb=67722b312390cdab29c076c912e14bd739c5c0f6#l83 Example: ``` [ 17.102002] systemd-udevd[282]: sdf: '/usr/bin/systemd-run -r --no-block --property DefaultDependencies=no --unit lvm-activate-iscsi_lvm2212 /usr/bin/lvm vgchange -aay --nohints iscsi_lvm2212'(err) 'Running as unit: lvm-activate-iscsi_> [ 17.102522] systemd-udevd[282]: sdf: Process '/usr/bin/systemd-run -r --no-block --property DefaultDependencies=no --unit lvm-activate-iscsi_lvm2212 /usr/bin/lvm vgchange -aay --nohints iscsi_lvm2212' succeeded. [ 17.102697] systemd-udevd[282]: sdf: Adding watch on '/dev/sdf' [ 17.104944] systemd[1]: lvm-activate-iscsi_lvm2212.service: Changed dead -> running ... [ 17.105434] systemd[1]: Started /usr/bin/lvm vgchange -aay --nohints iscsi_lvm2212. [ 17.105601] systemd[931]: lvm-activate-iscsi_lvm2212.service: Executing: /usr/bin/lvm vgchange -aay --nohints iscsi_lvm2212 ... [ 17.420228] testsuite-64.sh[268]: + systemctl -q is-active lvm-activate-iscsi_lvm2212.service [ 17.420228] testsuite-64.sh[268]: + return 0 [ 17.420228] testsuite-64.sh[268]: + test -e /dev/disk/by-path/ip-127.0.0.1:3260-iscsi-iqn.2021-09.com.example:iscsi.lvm.test-lun-4 [ 17.420228] testsuite-64.sh[268]: + udevadm settle [ 17.420228] testsuite-64.sh[268]: + test -e /dev/iscsi_lvm2212/mypart1 ... [ 17.451313] systemd[1]: testsuite-64.service: Main process exited, code=exited, status=1/FAILURE [ 17.451475] systemd[1]: testsuite-64.service: Failed with result 'exit-code'. ... [ 17.555759] systemd[1]: Starting End the test... [ 17.556972] sh[941]: + systemctl poweroff --no-block ... [ 17.688923] lvm[931]: 2 logical volume(s) in volume group "iscsi_lvm2212" now active ... [ 17.838484] systemd[1]: lvm-activate-iscsi_lvm2212.service: Child 931 belongs to lvm-activate-iscsi_lvm2212.service. [ 17.838718] systemd[1]: lvm-activate-iscsi_lvm2212.service: Main process exited, code=exited, status=0/SUCCESS (success) ```	2021-11-05 22:48:38 +00:00
xdavidwu	0cfb0971f0	coredump: fix filename in journal when not compressed Since 587f2a5e564cf434c2e0a653f52b8f73e86092d8, filename for not-compressed coredump is missing from save_external_coredump, making it write COREDUMP_FILENAME= (empty) in journal, making `coredumpctl` report it missing but it is actually saved. This fixes it.	2021-11-05 22:47:16 +00:00
Tony Asleson	788a0ef179	test: exercise sytemd-integritysetup & generator Ensures we can open a dm-integrity volume formated with integritysetup.	2021-11-05 21:17:17 +00:00
Jan Janssen	ad102dd09a	sd-boot: Add .osrel section This allows starting systemd-boot from \EFI\Linux for easier testing and bisection without risking an unbootable system as the user does not need to replace their working loader.	2021-11-05 22:11:43 +01:00
Lennart Poettering	874cbf675d	Merge pull request #21252 from poettering/homed-record-dir-env-var homed: add env var to override dir where we fine stored user records	2021-11-05 21:52:00 +01:00
Lennart Poettering	7cdd5c0d4c	user-record: fix display of access mode	2021-11-05 21:37:45 +01:00
Lennart Poettering	30df35869c	user-record: show fs/luks/gpt UUIDs as proper UUIDs These are not defined by us, but are defined as proper UUIDs by their respective specs, hence show them as such.	2021-11-05 21:37:20 +01:00
Lennart Poettering	67302b38b4	docs: document systemd-homed development env vars	2021-11-05 19:07:52 +01:00
Lennart Poettering	005daeed2b	homed: add env var to override dir where we fine stored user records This adds an env var which we can use to redirect where homed stores and looks for user records kept on the host. This is useful for debugging purposes so that one can easily run another homed instnce that doesn't interfere with the main instance.	2021-11-05 18:35:28 +01:00