use /etc/clonetab to provide devices to be cloned#1
Open
src-up wants to merge 2909 commits into
Open
Conversation
src-up
pushed a commit
that referenced
this pull request
Jan 21, 2026
Otherwise, if the VM is unexpectedly rebooted, then `importctl --user pull-tar` may fail as the file may already exist. ``` [ 123.351751] TEST-13-NSPAWN.sh[3946]: + run0 -u testuser importctl --user pull-tar file:///var/tmp/image-tar/kurps.tar.gz nurps --verify=checksum -m [ 123.541603] TEST-13-NSPAWN.sh[4311]: Enqueued transfer job 3. Press C-c to continue download in background. [ 123.552456] TEST-13-NSPAWN.sh[4311]: Pulling 'file:///var/tmp/image-tar/kurps.tar.gz', saving as 'nurps'. [ 123.552788] TEST-13-NSPAWN.sh[4311]: Operating on image directory '/home/testuser/.local/state/machines'. [ 123.819942] TEST-13-NSPAWN.sh[4311]: Got 1% of file:///var/tmp/image-tar/kurps.tar.gz. [ 124.156557] TEST-13-NSPAWN.sh[4311]: * shutting down connection #0 [ 124.156896] TEST-13-NSPAWN.sh[4311]: * Could not open file /var/tmp/image-tar/kurps.tar.gz.sha256 [ 124.157223] TEST-13-NSPAWN.sh[4311]: * closing connection #-1 [ 124.159198] TEST-13-NSPAWN.sh[4311]: * Could not open file /var/tmp/image-tar/kurps.nspawn [ 124.159493] TEST-13-NSPAWN.sh[4311]: * closing connection #-1 [ 124.159818] TEST-13-NSPAWN.sh[4311]: Acquired 68.5M. [ 124.160395] TEST-13-NSPAWN.sh[4311]: Download of file:///var/tmp/image-tar/kurps.tar.gz complete. [ 124.160664] TEST-13-NSPAWN.sh[4311]: Transfer failed: Could not read a file:// file [ 124.160923] TEST-13-NSPAWN.sh[4311]: Settings file could not be retrieved, proceeding without. [ 124.404733] TEST-13-NSPAWN.sh[4311]: * shutting down connection #1 [ 124.405162] TEST-13-NSPAWN.sh[4311]: Acquired 79B. [ 124.406170] TEST-13-NSPAWN.sh[4311]: Download of file:///var/tmp/image-tar/SHA256SUMS complete. [ 124.406734] TEST-13-NSPAWN.sh[4311]: SHA256 checksum of file:///var/tmp/image-tar/kurps.tar.gz is valid. [ 124.455446] TEST-13-NSPAWN.sh[4311]: Failed to rename to final image name to /home/testuser/.local/state/machines/.tar-file:\x2f\x2f\x2fvar\x2ftmp\x2fimage-tar\x2fkurps\x2etar\x2egz: File exists [ 124.457251] TEST-13-NSPAWN.sh[4311]: Exiting. ``` Workaround for issue systemd#38240.
src-up
force-pushed
the
PR-etc-clonetab
branch
3 times, most recently
from
aff7c48 to
63e0b1d
Compare
src-up
force-pushed
the
PR-etc-clonetab
branch
3 times, most recently
from
c35a30a to
bccc71a
Compare
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
Fix a typo which causes a segfault when processing a user record
with matchHostname when it's an array instead of a simple string:
$ echo '{"userName":"crashhostarray","perMachine":[{"matchHostname":["host1","host2"],"locked":false}]}' | userdbctl -F -
Segmentation fault (core dumped)
$ coredumpctl info
...
Message: Process 1172301 (userdbctl) of user 1000 dumped core.
Module libz.so.1 from rpm zlib-ng-2.3.3-1.fc43.x86_64
Module libcrypto.so.3 from rpm openssl-3.5.4-2.fc43.x86_64
Stack trace of thread 1172301:
#0 0x00007fded7b3a656 __strcmp_evex (libc.so.6 + 0x159656)
#1 0x00007fded7e95397 per_machine_hostname_match (libsystemd-shared-260.so + 0x295397)
systemd#2 0x00007fded7e955b5 per_machine_match (libsystemd-shared-260.so + 0x2955b5)
systemd#3 0x00007fded7e957c6 dispatch_per_machine (libsystemd-shared-260.so + 0x2957c6)
systemd#4 0x00007fded7e96c97 user_record_load (libsystemd-shared-260.so + 0x296c97)
systemd#5 0x000000000040572d display_user (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x572d)
systemd#6 0x00007fded7ea9727 dispatch_verb (libsystemd-shared-260.so + 0x2a9727)
systemd#7 0x000000000041077c run (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x1077c)
systemd#8 0x00000000004107ce main (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x107ce)
systemd#9 0x00007fded79e45b5 __libc_start_call_main (libc.so.6 + 0x35b5)
systemd#10 0x00007fded79e4668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668)
systemd#11 0x00000000004038d5 _start (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x38d5)
ELF object binary architecture: AMD x86-64
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
The fido2_hmac_salt/fido2_hmac_credential/recovery_key fields kept
leaking memory as the array itself wasn't deallocated after deallocating
each of its elements data:
$ build-san/userdbctl -F fuzz-corpus-userdb/auth-fido2.json
...
=================================================================
==1292840==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x7f56f00e5e4b in realloc.part.0 (/lib64/libasan.so.8+0xe5e4b) (BuildId: 25975f766867e9e604dc5a71a8befeaed3301942)
#1 0x7f56ed869e42 in greedy_realloc ../src/basic/alloc-util.c:65
systemd#2 0x7f56ed7ff5e9 in dispatch_fido2_hmac_salt ../src/shared/user-record.c:836
systemd#3 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#4 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#5 0x7f56ed80100b in dispatch_privileged ../src/shared/user-record.c:998
systemd#6 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#7 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#8 0x7f56ed80622c in user_record_load ../src/shared/user-record.c:1697
systemd#9 0x000000408c15 in display_user ../src/userdb/userdbctl.c:447
systemd#10 0x7f56ed83cc9a in dispatch_verb ../src/shared/verbs.c:137
systemd#11 0x00000041df2b in run ../src/userdb/userdbctl.c:1908
systemd#12 0x00000041dfbe in main ../src/userdb/userdbctl.c:1911
systemd#13 0x7f56ec8105b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#14 0x7f56ec810667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#15 0x000000404a44 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/userdbctl+0x404a44) (BuildId: 19e8b7e7b7038d2cea20bc18a55bea2a9e4406d5)
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x7f56f00e5e4b in realloc.part.0 (/lib64/libasan.so.8+0xe5e4b) (BuildId: 25975f766867e9e604dc5a71a8befeaed3301942)
#1 0x7f56ed869e42 in greedy_realloc ../src/basic/alloc-util.c:65
systemd#2 0x7f56ed7fe779 in dispatch_fido2_hmac_credential_array ../src/shared/user-record.c:775
systemd#3 0x7f56edd73cbc in sd_json_dispatch_full ../src/libsystemd/sd-json/sd-json.c:5204
systemd#4 0x7f56edd745fc in sd_json_dispatch ../src/libsystemd/sd-json/sd-json.c:5276
systemd#5 0x7f56ed80622c in user_record_load ../src/shared/user-record.c:1697
systemd#6 0x000000408c15 in display_user ../src/userdb/userdbctl.c:447
systemd#7 0x7f56ed83cc9a in dispatch_verb ../src/shared/verbs.c:137
systemd#8 0x00000041df2b in run ../src/userdb/userdbctl.c:1908
systemd#9 0x00000041dfbe in main ../src/userdb/userdbctl.c:1911
systemd#10 0x7f56ec8105b4 in __libc_start_call_main (/lib64/libc.so.6+0x35b4) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#11 0x7f56ec810667 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x3667) (BuildId: 2b5beec0fd24fe9c9f43eddfdd5facf0b8a1b805)
systemd#12 0x000000404a44 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/userdbctl+0x404a44) (BuildId: 19e8b7e7b7038d2cea20bc18a55bea2a9e4406d5)
SUMMARY: AddressSanitizer: 176 byte(s) leaked in 2 allocation(s).
src-up
pushed a commit
that referenced
this pull request
Apr 9, 2026
…d#40979) Fix a typo which causes a segfault when processing a user record with `matchHostname` when it's an array instead of a simple string: ``` $ echo '{"userName":"crashhostarray","perMachine":[{"matchHostname":["host1","host2"],"locked":false}]}' | userdbctl -F - Segmentation fault (core dumped) $ coredumpctl info ... Message: Process 1172301 (userdbctl) of user 1000 dumped core. Module libz.so.1 from rpm zlib-ng-2.3.3-1.fc43.x86_64 Module libcrypto.so.3 from rpm openssl-3.5.4-2.fc43.x86_64 Stack trace of thread 1172301: #0 0x00007fded7b3a656 __strcmp_evex (libc.so.6 + 0x159656) #1 0x00007fded7e95397 per_machine_hostname_match (libsystemd-shared-260.so + 0x295397) systemd#2 0x00007fded7e955b5 per_machine_match (libsystemd-shared-260.so + 0x2955b5) systemd#3 0x00007fded7e957c6 dispatch_per_machine (libsystemd-shared-260.so + 0x2957c6) systemd#4 0x00007fded7e96c97 user_record_load (libsystemd-shared-260.so + 0x296c97) systemd#5 0x000000000040572d display_user (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x572d) systemd#6 0x00007fded7ea9727 dispatch_verb (libsystemd-shared-260.so + 0x2a9727) systemd#7 0x000000000041077c run (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x1077c) systemd#8 0x00000000004107ce main (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x107ce) systemd#9 0x00007fded79e45b5 __libc_start_call_main (libc.so.6 + 0x35b5) systemd#10 0x00007fded79e4668 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x3668) systemd#11 0x00000000004038d5 _start (/home/fsumsal/repos/@systemd/systemd/build/userdbctl + 0x38d5) ELF object binary architecture: AMD x86-64 ```
src-up
pushed a commit
that referenced
this pull request
Apr 27, 2026
There are only a few target dirs we place resources in when generating on-the-fly initrd cpios. These dirs have very specific attributes. Instead of repeating this everywhere, let's encapsulate them in a new explicit structure, that we can reuse at various places. This is preparation for placing extra resources of Type #1 entry also in them without having to encode access modes at multiple places redundantly.
src-up
pushed a commit
that referenced
this pull request
Jun 2, 2026
On some architectures like m68k, alignof(void*) is 2, not sizeof(void*)
(which is 4). So the natural alignment of struct Option is 2 and
sizeof(Option) == 26.
However, each variable placed in the SYSTEMD_OPTIONS ELF section via
_OPTION() carries _alignptr_ (= __attribute__((aligned(sizeof(void*))))),
which forces each entry to start at a 4-byte boundary. The linker
therefore inserts 2 bytes of padding between adjacent entries, producing
an actual stride of 28 in the section.
option_parse() iterates over the section with pointer arithmetic
("opt++"), which advances by sizeof(Option) == 26 and lands inside the
padding. The fields read back as zero, and since commit cf88903
("tree-wide: get rid of most uses of ALIGN_PTR") added the ordering
assertion below, the resulting "0 < 0" trips it when running --help:
Assertion 'opt->id < (opt + 1)->id' failed at src/shared/options.c:116, function option_parse(). Aborting.
#0 0xc0a7b248 in ?? () from /usr/lib/m68k-linux-gnu/libc.so.6
#1 0xc0a7b2ce in pthread_kill () from /usr/lib/m68k-linux-gnu/libc.so.6
systemd#2 0xc0a2edc6 in raise () from /usr/lib/m68k-linux-gnu/libc.so.6
systemd#3 0xc0a1c128 in abort () from /usr/lib/m68k-linux-gnu/libc.so.6
systemd#4 0xc05c6f78 in option_parse (options=0x0, options_end=0x0, state=0xc09ca968) at ../src/shared/options.c:116
Fix this by applying _alignptr_ to the struct definition itself, so that
sizeof(Option) is padded up to a multiple of sizeof(void*) and matches
the actual on-disk stride. Add an assert_cc() so any future regression
is caught at compile time.
The same latent bug applies to Verb and TestFunc, which use the same
section-placement pattern. Their natural sizeof was already a multiple
of sizeof(void*) so no crash was observed, but apply the same fix
defensively.
Follow-up for cf88903
Co-developed-by: Claude Opus 4.7 <noreply@anthropic.com>
src-up
pushed a commit
that referenced
this pull request
Jun 2, 2026
sd_journal_get_data() can return a MESSAGE data object whose payload does not start with "MESSAGE=", e.g. when the journal file is corrupted. Instead of aborting the whole process, log and skip over such an entry like we do for other bad/missing fields. [ 87.287390] post.sh[1619]: + journalctl -q -o short-monotonic --grep 'didn'\''t pass validation' [ 87.287844] post.sh[1620]: + grep -v test-varlink-idl [ 87.325676] post.sh[1619]: Assertion 'message = startswith(message, "MESSAGE=")' failed at src/journal/journalctl-show.c:261, function show(). Aborting. #0 0x00007fb47b49a29c n/a (libc.so.6 + 0x9a29c) #1 0x00007fb47b43e7d0 raise (libc.so.6 + 0x3e7d0) systemd#2 0x00007fb47b425681 abort (libc.so.6 + 0x25681) systemd#3 0x00007fb47b8a1ace log_assert_failed (libsystemd-shared-261~rc2.so + 0xa1ace) systemd#4 0x000055f8e1ef9ddb show (journalctl + 0xcddb) systemd#5 0x000055f8e1efa6ee action_show (journalctl + 0xd6ee) systemd#6 0x000055f8e1ef3c20 run (journalctl + 0x6c20) systemd#7 0x00007fb47b427741 n/a (libc.so.6 + 0x27741) systemd#8 0x00007fb47b427879 __libc_start_main (libc.so.6 + 0x27879) systemd#9 0x000055f8e1ef4915 _start (journalctl + 0x7915) Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
Change the review fan-out from one subagent per commit to one subagent per lens, each reviewing every commit through a single perspective. Four base lenses (correctness/memory safety, lifetimes/concurrency, security, API/style) always run; the orchestrator skims the diff and adds 1-3 PR-specific lenses (e.g. a DNS protocol lens for resolved changes). A single generalist reviewer tended to converge on one finding on large diffs; focused lenses dig deeper. Commits are reviewed in chronological order via a commit-order.txt manifest, since the SHA-named worktree dirs don't sort chronologically. Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
The orchestrator repeatedly emitted StructuredOutput with only a long `summary` and no `comments`, which the schema rejects as missing a required property; one run burned 12 retries (and a large share of its output tokens) re-typing rejected summaries before it shrank the summary enough to include `comments`. Instruct it to build `comments` first, always include `comments` and `resolve` (even when empty) in a single call, and keep the summary concise so the detailed prose lives in the comments rather than being duplicated. Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
- In `systemd.network.xml`, replaced `"without mode"` with `"without static"` to clarify that if an IPv6 address is specified without the explicit keyword `static`, then `static` mode is assumed. - The original wording was ambiguous because "mode" appears multiple times in the surrounding context (referring to IPv6 link-local address modes like `eui64`, `static`, etc.). Fixes: systemd#39754
…ecutables list their dlopen dependencies (systemd#42398) Currently almost all the dlopens happen in libbasic or libshared code, so the ELF dlopen notes all end up in libsystemd-shared. Many distributions split this library and various binaries in separate packages, and the library ends up with soft-dependencies, even though many binaries are either completely useless or do not work at all with the dlopen dependency. This also makes it impossible to know which executable uses which dlopen dependency without inspecting the source code. If someone only wants to add the soft dependencies from libshared they can just avoid parsing the executable binaries. By design the code in libbasic/libshared still does the stamping too, at lower priorities, so that libsystemd-shared will always list all the optional dependencies, and if one wants to build a minimal system by default, they can just parse libsystemd-shared dlopen notes, and ignore the individual executables. But for many distribution the current setup is insufficient and requires adding a ton of manual library dependencies, as many executables become effectively broken or useless without the dlopen dependencies installed (eg: resolved fails to start without libssl, repart can do basically nothing without blkid, etc). Add a new set of DLOPEN_<LIB> macros that wrap the dlopen_lib and also pull in the ELF note voodoo, so that the callers get their ELF binaries stamped too. Convert a bunch of callers to use the macro, and use `required` dependencies for the callers that do not work without the dlopen library being available. The one caveat is that, in order to avoid duplicating the exact same note in a binary due to multiple call sites, some `asm` voodoo is done instead of the previous bare-C section-creating macro. The drawback of this approach is that if `--gc-sections` is used to link the binary (as we do), then binutils >= 2.36 is required for the `SHF_GNU_RETAIN` flag. This effectively cuts off CentOS 9, so what I did here is adding an override in meson to detect missing support, and drop `SHF_GNU_RETAIN`. The build works, but on CentOS 9 there's no dlopen ELF notes anymore. Given it's just that version, and it goes EOL next year, that seems ok to me. The alternative is to drop the usage of `--gc-sections` on CentOS 9, or to accept duplicated notes everywhere, and both seem worse. End result: ``` $ readelf --notes build/systemd-executor Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 ISA needed: x86-64-baseline Displaying notes found in: .note.gnu.build-id Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 8a0c3db54adb79ae54e1432255011aa4ab583742 Displaying notes found in: .note.ABI-tag Owner Data size Description GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag) OS: Linux, ABI: 3.2.0 Displaying notes found in: .note.dlopen Owner Data size Description FDO 0x0000006b FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"pam","description":"Support for LinuxPAM","priority":"recommended","soname":["libpam.so.0"]}] FDO 0x0000007c FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"seccomp","description":"Support for Seccomp Sandboxes","priority":"recommended","soname":["libseccomp.so.2"]}] FDO 0x00000090 FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"bpf","description":"Support firewalling and sandboxing with BPF","priority":"recommended","soname":["libbpf.so.1","libbpf.so.0"]}] FDO 0x000000a0 FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"cryptsetup","description":"Support for disk encryption, integrity, and authentication","priority":"recommended","soname":["libcryptsetup.so.12"]}] FDO 0x00000078 FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"mount","description":"Support for mount enumeration","priority":"recommended","soname":["libmount.so.1"]}] $ readelf --notes build/systemd Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 ISA needed: x86-64-baseline Displaying notes found in: .note.gnu.build-id Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: dcd4568842e32da3e71be27db3def51c6b459994 Displaying notes found in: .note.ABI-tag Owner Data size Description GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag) OS: Linux, ABI: 3.2.0 Displaying notes found in: .note.dlopen Owner Data size Description FDO 0x00000075 FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"mount","description":"Support for mount enumeration","priority":"required","soname":["libmount.so.1"]}] FDO 0x00000072 FDO_DLOPEN_METADATA Dlopen Metadata: [{"feature":"selinux","description":"Support for SELinux","priority":"recommended","soname":["libselinux.so.1"]}] ```
These asserts don't make sense and actually break the FIDO2 support in systemd-cryptsetup. Follow-up for bd141bd
ninja -C build update-hwdb
This was likely a typo as the other timeouts are '30' instead of '3'. This test occasionally fails with sanitizers which make everything slow. Bump it to 30s like other timeouts in the same test. Follow-up for 985a6fa
I was running repart in a VM, and if failed because mkfs.vfat was not available. But if fails quite late in the process, possibly wasting quite a bit of work. So add a check that catches some obvious cases where repart would fail. The condition of whether we have the root directory is complex, determined in part by partition_target_prepare(). I didn't think it was worth it to recreate the full logic in the check, so in some cases it'll not miss cases. But that's still better than having no check ;)
$ mkdir /var/tmp/files $ touch /var/tmp/files/a $ mkdir /var/tmp/conf $ cat >>/var/tmp/conf/esp.conf [Partition] Type=esp Format=vfat CopyFiles=/var/tmp/files:/ $ truncate /var/tmp/disk -s 300M $ sudo systemd-repart --dry-run=no --empty=require --definitions=/var/tmp/conf /var/tmp/disk ... Populating vfat filesystem. Failed to copy '...' to '/run/systemd/mount-root/': Operation not permitted (sd-copy) failed with exit status 1. The issue is that if there's a file owned by non-root and we try to copy it into a newly-created DOS partition, fchown fails: fchown(11</run/systemd/mount-root/...>, 1000, 1000) = -1 EPERM (Operation not permitted) We want to ignore file ownership in such cases, so pass our own UID/GID to copy_tree_at(), which turns the fchown into a noop and let's the operation pass through. Fixes systemd#38863.
After enumeration, networkd may receive RTM_NEWLINK messages carrying a stale interface name. This can happen when interface rename notifications are queued before link enumeration and processed afterwards. Previously, networkd could become confused by such a message and put the corresponding Link into the failed state. Avoid this by checking whether the new interface name is already in use by another interface and ignoring the rename if so. Fixes systemd#20203.
On Hyper-V guests, `VMADDR_CID_ANY` is valid as per implementation in kernel driver: net/vmw_vsock/hyperv_transport.c. Fixes systemd#42496 Follow-up for 83359c4
manager_varlink_done() tore down the varlink server without dropping the queued reload reply, unlike bus_done_api() which unrefs pending_reload_message_dbus. Unref it here too, so the slot consistently mirrors the D-Bus side at teardown. Follow-up for 55a1b36 Assisted-by: kres (claude-opus-4-7) Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
Follow-up for f9e0a62 xescape() would unconditionally emit hex escapes, rendering \n unreadable.
src-up
force-pushed
the
PR-etc-clonetab
branch
3 times, most recently
from
bdc6592 to
2e87087
Compare
unhexmem_full() ignores whitespace, so a 64-byte manifest digest field can decode to fewer than 32 bytes. Reject that while parsing instead. [ 83.883087] TEST-72-SYSUPDATE.sh[5995]: systemd-sysupdate: ../src/src/sysupdate/sysupdate-resource.c:581: resource_load_from_web: Assertion `h.iov_len == sizeof(instance->metadata.sha256sum)' failed. Follow-up for 43cc7a3 Assisted-by: kres (claude-opus-4-7) Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
The test case is supposed to validate all IDLs we ship. But a bunch were added to the tree without hooking them up here. Fix that.
This will also allow debugging systemd-boot easily on RISC-V.
Note that the following much simpler variant won't work, as we might be missing
the optional 'zihintpause' extension:
asm volatile("pause");
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@codethink.co.uk>
If a partition gets removed due to factory reset, we will recreate it as blkpg later. So it needs to get removed. So rescan is needed to be done after we write the partition table for factory reset. Fixes systemd#42453
It is enabled by default since systemd/mkosi@c4af878
A previous refactoring failed to copy the flag from the command line argument to the installation context object, so the flag was ignored. Closes: systemd#41488 Fixes: 38433a6 ("bootctl: rework bootctl-install.c in preparation of varlinkification")
```
../src/boot/test-efi-string.c: In function 'test_xvasprintf_status':
../src/boot/test-efi-string.c:744:34: error: format '%zi' expects argument of type 'signed size_t', but argument 4 has type 'long int' [-Werror=format=]
744 | test_printf_one("%i %i %zi", INT_MIN, INT_MAX, SSIZE_MAX);
| ~~^
| |
| int
| %li
cc1: some warnings being treated as errors
ninja: subcommand failed
```
At line 285, ftruncate() failure was logged using 'r' which is 0 from the preceding successful loop_write() call. log_error_errno(0, ...) triggers an assertion crash in developer builds (ASSERT_NON_ZERO) and silently returns success in release builds, swallowing the ftruncate error. Replace with errno which is set by ftruncate() on failure. Signed-off-by: dongshengyuan <dongshengyuan@uniontech.com> Co-developed-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Now that the fast path performs a deep copy identical to the general loop (when n_changes_attached==0, found stays false for all entries), the block is redundant. Remove it and let the general loop handle this case. Signed-off-by: dongshengyuan <dongshengyuan@uniontech.com> Co-developed-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…evice Since 4e0eabd ("udev: also trigger loop device for boot disk when partition scanning is unsupported"), builtin_blkid() bails out entirely as soon as probe_gpt_boot_disk_needs_loop() reports that a loop device is needed, skipping all superblock probing. As a result whole-disk properties such as ID_PART_TABLE_UUID and ID_FS_* are no longer set. This regresses any whole disk whose partitions the kernel cannot expose itself but which is otherwise perfectly probeable, most notably device-mapper multipath disks: kernel partition scanning is disabled on them (their partitions are managed in userspace by kpartx), so they are now flagged as needing a loop device and lose their ID_PART_TABLE_UUID. The early return was never necessary. The original intent was only to skip root partition discovery on the device, and that already happens on the loop device instead: find_gpt_root() bails when the kernel can't scan partitions, blkid probes at the device's own logical sector size so a GPT written for a different sector size is simply not detected, and PART_ENTRY_* is only emitted for partitions the kernel actually registered, of which a loop-needing whole disk has none. So keep probing the device for its whole-disk properties unconditionally and let partition and root discovery happen on the loop device. Co-developed-by: Claude Fable 5 <noreply@anthropic.com>
probe_gpt_boot_disk_needs_loop() sets ID_PART_GPT_AUTO_ROOT_DISK_NEEDS_LOOP for any whole disk that holds the boot ESP/XBOOTLDR but whose partition table the kernel cannot parse. Until now the udev rule turned that into a systemd-loop@.service for every block device. That is too broad: device-mapper devices also report kernel partition scanning as disabled, but their partitions are managed in userspace by kpartx (see 66-kpartx.rules). Setting up a loop device on top of them re-exposes the same partition table a second time and only causes trouble. Restrict the rule to optical drives, the one class that genuinely needs a kernel-side loop device (El Torito GPT sector size mismatch, or drives that do not support partition scanning) and that has no userspace partition manager of its own. Co-developed-by: Claude Fable 5 <noreply@anthropic.com>
Adds dm-clone device setup at boot via a new /etc/clonetab config file, following the crypttab/veritytab pattern. - Add systemd-clonesetup-generator to parse /etc/clonetab and generate units. - Add systemd-clonesetup binary to create/remove dm-clone devices via ioctl. - Add clonesetup.target for ordering dm-clone activation at boot. - Add region_size= option in clonetab to configure dm-clone hydration granularity. - Add clonetab(5) and systemd-clonesetup-generator(8) man pages. Fixes: systemd#39500
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.