2025-12-27 11:24:46 +01:00
7 changed files with 128 additions and 53 deletions
--- a/man/kernel-install.xml
+++ b/man/kernel-install.xml
@ -211,9 +211,7 @@
          <filename>/etc/machine-id</filename>
        </term>
          <listitem>
-            <para>The content of this file specifies the machine identification
-            <replaceable>MACHINE-ID</replaceable>. If it cannot read <filename>/etc/machine-id</filename>,
-            kernel-install will use "Linux" as the machine ID instead.</para>
+            <para>The content of the file specifies the machine identification <replaceable>MACHINE-ID</replaceable>.</para>
          </listitem>
      </varlistentry>
      <varlistentry>
--- a/src/basic/log.c
+++ b/src/basic/log.c
@ -838,6 +838,7 @@ _noreturn_ void log_assert_failed_realm(
                const char *file,
                int line,
                const char *func) {
+        (void) log_open();
        log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
                   "Assertion '%s' failed at %s:%u, function %s(). Aborting.");
        abort();
@ -849,6 +850,7 @@ _noreturn_ void log_assert_failed_unreachable_realm(
                const char *file,
                int line,
                const char *func) {
+        (void) log_open();
        log_assert(LOG_REALM_PLUS_LEVEL(realm, LOG_CRIT), text, file, line, func,
                   "Code should not be reached '%s' at %s:%u, function %s(). Aborting.");
        abort();
--- a/src/basic/missing_syscall.h
+++ b/src/basic/missing_syscall.h
@ -515,7 +515,7 @@ static inline long missing_get_mempolicy(int *mode, unsigned long *nodemask,
                           unsigned long maxnode, void *addr,
                           unsigned long flags) {
        long i;
-#  if defined __NR_get_mempolicy && __NR_get_mempolicy >= 0
+#  ifdef __NR_get_mempolicy
        i = syscall(__NR_get_mempolicy, mode, nodemask, maxnode, addr, flags);
 #  else
        errno = ENOSYS;
@ -524,32 +524,7 @@ static inline long missing_get_mempolicy(int *mode, unsigned long *nodemask,
        return i;
 }

-#  define get_mempolicy missing_get_mempolicy
-#endif
-
-#if !HAVE_PIDFD_SEND_SIGNAL
-/* may be (invalid) negative number due to libseccomp, see PR 13319 */
-#  if ! (defined __NR_pidfd_send_signal && __NR_pidfd_send_signal >= 0)
-#    if defined __NR_pidfd_send_signal
-#      undef __NR_pidfd_send_signal
-#    endif
-/* should be always defined, see kernel 39036cd2727395c3369b1051005da74059a85317 */
-#    if defined(__alpha__)
-#      define __NR_pidfd_send_signal 534
-#    else
-#      define __NR_pidfd_send_signal 424
-#    endif
-#  endif
-static inline int missing_pidfd_send_signal(int fd, int sig, siginfo_t *info, unsigned flags) {
-#  ifdef __NR_pidfd_open
-        return syscall(__NR_pidfd_send_signal, fd, sig, info, flags);
-#  else
-        errno = ENOSYS;
-        return -1;
-#  endif
-}
-
-#  define pidfd_send_signal missing_pidfd_send_signal
+#define get_mempolicy missing_get_mempolicy
 #endif

 #if !HAVE_PIDFD_OPEN
@ -558,29 +533,38 @@ static inline int missing_pidfd_send_signal(int fd, int sig, siginfo_t *info, un
 #    if defined __NR_pidfd_open
 #      undef __NR_pidfd_open
 #    endif
-/* should be always defined, see kernel 7615d9e1780e26e0178c93c55b73309a5dc093d7 */
-#    if defined(__alpha__)
-#      define __NR_pidfd_open 544
-#    else
 #    define __NR_pidfd_open 434
-#    endif
-#  endif
-static inline int missing_pidfd_open(pid_t pid, unsigned flags) {
-#  ifdef __NR_pidfd_open
+#endif
+static inline int pidfd_open(pid_t pid, unsigned flags) {
+#ifdef __NR_pidfd_open
        return syscall(__NR_pidfd_open, pid, flags);
-#  else
+#else
        errno = ENOSYS;
        return -1;
-#  endif
+#endif
 }
+#endif

-#  define pidfd_open missing_pidfd_open
+#if !HAVE_PIDFD_SEND_SIGNAL
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_pidfd_send_signal && __NR_pidfd_send_signal >= 0)
+#    if defined __NR_pidfd_send_signal
+#      undef __NR_pidfd_send_signal
+#    endif
+#    define __NR_pidfd_send_signal 424
+#endif
+static inline int pidfd_send_signal(int fd, int sig, siginfo_t *info, unsigned flags) {
+#ifdef __NR_pidfd_open
+        return syscall(__NR_pidfd_send_signal, fd, sig, info, flags);
+#else
+        errno = ENOSYS;
+        return -1;
+#endif
+}
 #endif

 #if !HAVE_RT_SIGQUEUEINFO
-static inline int missing_rt_sigqueueinfo(pid_t tgid, int sig, siginfo_t *info) {
+static inline int rt_sigqueueinfo(pid_t tgid, int sig, siginfo_t *info) {
        return syscall(__NR_rt_sigqueueinfo, tgid, sig, info);
 }
-
-#  define rt_sigqueueinfo missing_rt_sigqueueinfo
 #endif
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@ -888,6 +888,14 @@ static int remove_subdirs(const char *root, const char *const *subdirs) {
        return r < 0 ? r : q;
 }

+static int remove_machine_id_directory(const char *root, sd_id128_t machine_id) {
+        char buf[SD_ID128_STRING_MAX];
+
+        assert(root);
+
+        return rmdir_one(root, sd_id128_to_string(machine_id, buf));
+}
+
 static int remove_binaries(const char *esp_path) {
        const char *p;
        int r, q;
@ -970,7 +978,8 @@ static int remove_loader_variables(void) {
        return r;
 }

-static int install_loader_config(const char *esp_path) {
+static int install_loader_config(const char *esp_path, sd_id128_t machine_id) {
+        char machine_string[SD_ID128_STRING_MAX];
        _cleanup_(unlink_and_freep) char *t = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        _cleanup_close_ int fd = -1;
@ -990,7 +999,8 @@ static int install_loader_config(const char *esp_path) {
                return log_oom();

        fprintf(f, "#timeout 3\n"
-                   "#console-mode keep\n");
+                   "#console-mode keep\n"
+                   "default %s-*\n", sd_id128_to_string(machine_id, machine_string));

        r = fflush_sync_and_check(f);
        if (r < 0)
@ -1006,6 +1016,14 @@ static int install_loader_config(const char *esp_path) {
        return 1;
 }

+static int install_machine_id_directory(const char *root, sd_id128_t machine_id) {
+        char buf[SD_ID128_STRING_MAX];
+
+        assert(root);
+
+        return mkdir_one(root, sd_id128_to_string(machine_id, buf));
+}
+
 static int help(int argc, char *argv[], void *userdata) {
        _cleanup_free_ char *link = NULL;
        int r;
@ -1513,6 +1531,7 @@ static int verb_install(int argc, char *argv[], void *userdata) {
        sd_id128_t uuid = SD_ID128_NULL;
        uint64_t pstart = 0, psize = 0;
        uint32_t part = 0;
+        sd_id128_t machine_id;
        bool install;
        int r;

@ -1524,6 +1543,10 @@ static int verb_install(int argc, char *argv[], void *userdata) {
        if (r < 0)
                return r;

+        r = sd_id128_get_machine(&machine_id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get machine id: %m");
+
        install = streq(argv[0], "install");

        RUN_WITH_UMASK(0002) {
@ -1545,7 +1568,11 @@ static int verb_install(int argc, char *argv[], void *userdata) {
                        return r;

                if (install) {
-                        r = install_loader_config(arg_esp_path);
+                        r = install_loader_config(arg_esp_path, machine_id);
+                        if (r < 0)
+                                return r;
+
+                        r = install_machine_id_directory(arg_dollar_boot_path(), machine_id);
                        if (r < 0)
                                return r;

@ -1567,7 +1594,7 @@ static int verb_install(int argc, char *argv[], void *userdata) {
 }

 static int verb_remove(int argc, char *argv[], void *userdata) {
-        sd_id128_t uuid = SD_ID128_NULL;
+        sd_id128_t uuid = SD_ID128_NULL, machine_id;
        int r, q;

        r = acquire_esp(false, NULL, NULL, NULL, &uuid);
@ -1578,6 +1605,10 @@ static int verb_remove(int argc, char *argv[], void *userdata) {
        if (r < 0)
                return r;

+        r = sd_id128_get_machine(&machine_id);
+        if (r < 0)
+                return log_error_errno(r, "Failed to get machine id: %m");
+
        r = remove_binaries(arg_esp_path);

        q = remove_file(arg_esp_path, "/loader/loader.conf");
@ -1596,11 +1627,19 @@ static int verb_remove(int argc, char *argv[], void *userdata) {
        if (q < 0 && r >= 0)
                r = q;

+        q = remove_machine_id_directory(arg_esp_path, machine_id);
+        if (q < 0 && r >= 0)
+                r = 1;
+
        if (arg_xbootldr_path) {
                /* Remove the latter two also in the XBOOTLDR partition if it exists */
                q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
                if (q < 0 && r >= 0)
                        r = q;
+
+                q = remove_machine_id_directory(arg_xbootldr_path, machine_id);
+                if (q < 0 && r >= 0)
+                        r = q;
        }

        (void) sync_everything();
--- a/src/kernel-install/kernel-install
+++ b/src/kernel-install/kernel-install
@ -87,8 +87,6 @@ KERNEL_IMAGE="$2"

 if [[ -f /etc/machine-id ]]; then
    read MACHINE_ID < /etc/machine-id
-else
-    MACHINE_ID="Linux"
 fi

 if [[ ! $COMMAND ]] || [[ ! $KERNEL_VERSION ]]; then
@ -96,7 +94,10 @@ if [[ ! $COMMAND ]] || [[ ! $KERNEL_VERSION ]]; then
    exit 1
 fi

-if [[ -d /efi/loader/entries ]] || [[ -d /efi/$MACHINE_ID ]]; then
+if ! [[ $MACHINE_ID ]]; then
+    ENTRY_DIR_ABS=$(mktemp -d /tmp/kernel-install.XXXXX) || exit 1
+    trap "rm -rf '$ENTRY_DIR_ABS'" EXIT INT QUIT PIPE
+elif [[ -d /efi/loader/entries ]] || [[ -d /efi/$MACHINE_ID ]]; then
    ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
 elif [[ -d /boot/loader/entries ]] || [[ -d /boot/$MACHINE_ID ]]; then
    ENTRY_DIR_ABS="/boot/$MACHINE_ID/$KERNEL_VERSION"
@ -145,6 +146,14 @@ case $COMMAND in
                ((ret+=$x))
            fi
        done
+
+        if ! [[ $MACHINE_ID ]] && ! rmdir "$ENTRY_DIR_ABS"; then
+            echo "Warning: In kernel-install plugins, requiring ENTRY_DIR_ABS to be preset is deprecated." >&2
+            echo "         All plugins should not put anything in ENTRY_DIR_ABS if the environment" >&2
+            echo "         variable KERNEL_INSTALL_MACHINE_ID is empty." >&2
+            rm -rf "$ENTRY_DIR_ABS"
+            ((ret+=$?))
+        fi
        ;;

    remove)
--- a/src/resolve/resolved-resolv-conf.c
+++ b/src/resolve/resolved-resolv-conf.c
@ -231,6 +231,7 @@ static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) {
 static void write_resolv_conf_search(
                OrderedSet *domains,
                FILE *f) {
+        unsigned length = 0, count = 0;
        Iterator i;
        char *domain;

@ -240,6 +241,15 @@ static void write_resolv_conf_search(
        fputs("search", f);

        ORDERED_SET_FOREACH(domain, domains, i) {
+                if (++count > MAXDNSRCH) {
+                        fputs("\n# Too many search domains configured, remaining ones ignored.", f);
+                        break;
+                }
+                length += strlen(domain) + 1;
+                if (length > 256) {
+                        fputs("\n# Total length of all search domains is too long, remaining ones ignored.", f);
+                        break;
+                }
                fputc(' ', f);
                fputs(domain, f);
        }
--- a/test/networkd-test.py
+++ b/test/networkd-test.py
@ -917,7 +917,40 @@ Domains= one two three four five six seven eight nine ten''')
            if ' one' in contents:
                break
            time.sleep(0.1)
-        self.assertRegex(contents, 'search .*one two three four five six seven eight nine ten')
+        self.assertRegex(contents, 'search .*one two three four')
+        self.assertNotIn('seven\n', contents)
+        self.assertIn('# Too many search domains configured, remaining ones ignored.\n', contents)
+
+    def test_search_domains_too_long(self):
+
+        # we don't use this interface for this test
+        self.if_router = None
+
+        name_prefix = 'a' * 60
+
+        self.write_network('test.netdev', '''\
+[NetDev]
+Name=dummy0
+Kind=dummy
+MACAddress=12:34:56:78:9a:bc''')
+        self.write_network('test.network', '''\
+[Match]
+Name=dummy0
+[Network]
+Address=192.168.42.100/24
+DNS=192.168.42.1
+Domains={p}0 {p}1 {p}2 {p}3 {p}4'''.format(p=name_prefix))
+
+        self.start_unit('systemd-networkd')
+
+        for timeout in range(50):
+            with open(RESOLV_CONF) as f:
+                contents = f.read()
+            if ' one' in contents:
+                break
+            time.sleep(0.1)
+        self.assertRegex(contents, 'search .*{p}0 {p}1 {p}2'.format(p=name_prefix))
+        self.assertIn('# Total length of all search domains is too long, remaining ones ignored.', contents)

    def test_dropin(self):
        # we don't use this interface for this test