From cb29c0b51b66f934374908cd6a271786c69ca751 Mon Sep 17 00:00:00 2001 From: Sven Eden Date: Tue, 21 Mar 2017 18:05:54 +0100 Subject: Update Build files --- .gitignore | 1 - CODING_STYLE | 31 +++++++++ Makefile.am | 16 +++-- NEWS | 204 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ TODO | 12 +++- configure.ac | 52 +++++++-------- 6 files changed, 280 insertions(+), 36 deletions(-) diff --git a/.gitignore b/.gitignore index ce344702a..c77415bff 100644 --- a/.gitignore +++ b/.gitignore @@ -298,4 +298,3 @@ elogind_patches.lst *.bak /FIXME /create_dist.sh - diff --git a/CODING_STYLE b/CODING_STYLE index f13f9becb..7fd4af8b8 100644 --- a/CODING_STYLE +++ b/CODING_STYLE @@ -311,3 +311,34 @@ always-true expression for an infinite while() loop is our recommendation is to simply write it without any such expression by using "for (;;)". + +- Never use the "off_t" type, and particularly avoid it in public + APIs. It's really weirdly defined, as it usually is 64bit and we + don't support it any other way, but it could in theory also be + 32bit. Which one it is depends on a compiler switch chosen by the + compiled program, which hence corrupts APIs using it unless they can + also follow the program's choice. Moreover, in systemd we should + parse values the same way on all architectures and cannot expose + off_t values over D-Bus. To avoid any confusion regarding conversion + and ABIs, always use simply uint64_t directly. + +- Commit message subject lines should be prefixed with an appropriate + component name of some kind. For example "journal: ", "nspawn: " and + so on. + +- Do not use "Signed-Off-By:" in your commit messages. That's a kernel + thing we don't do in the systemd project. + +- Avoid leaving long-running child processes around, i.e. fork()s that + are not followed quickly by an execv() in the child. Resource + management is unclear in this case, and memory CoW will result in + unexpected penalties in the parent much much later on. + +- Don't block execution for arbitrary amounts of time using usleep() + or a similar call, unless you really know what you do. Just "giving + something some time", or so is a lazy excuse. Always wait for the + proper event, instead of doing time-based poll loops. + +- To determine the length of a constant string "foo", don't bother + with sizeof("foo")-1, please use strlen("foo") directly. gcc knows + strlen() anyway and turns it into a constant expression if possible. diff --git a/Makefile.am b/Makefile.am index b7cae64e5..117a45e5f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -38,9 +38,9 @@ SUBDIRS = . po # Keep the test-suite.log .PRECIOUS: $(TEST_SUITE_LOG) Makefile -LIBELOGIND_CURRENT=11 +LIBELOGIND_CURRENT=12 LIBELOGIND_REVISION=0 -LIBELOGIND_AGE=11 +LIBELOGIND_AGE=12 # Dirs of external packages dbuspolicydir=@dbuspolicydir@ @@ -52,8 +52,6 @@ pkgconfiglibdir=$(libdir)/pkgconfig polkitpolicydir=$(datadir)/polkit-1/actions bashcompletiondir=@bashcompletiondir@ zshcompletiondir=@zshcompletiondir@ -systemsleepdir=$(pkglibexecdir)/sleep.d -systemshutdowndir=$(pkglibexecdir)/shutdown.d CGROUP_CONTROLLER=@cgroup_controller@ PKTTYAGENT=$(bindir)/pkttyagent @@ -65,13 +63,14 @@ udevrulesdir=@udevrulesdir@ udevbindir=@udevbindir@ udevlibexecdir=$(udevbindir) udevhomedir=$(udevlibexecdir) +systemshutdowndir=$(rootlibexecdir)/system-shutdown +systemsleepdir=$(rootlibexecdir)/system-sleep factory_pamdir = $(datadir)/factory/etc/pam.d # And these are the special ones for / rootprefix=@rootprefix@ -rootlibdir=@rootlibdir@ rootbindir=$(rootprefix)/bin - +rootlibexecdir=$(rootprefix)/lib/elogind EXTRA_DIST = BUILT_SOURCES = @@ -122,7 +121,7 @@ AM_CPPFLAGS = \ -include $(top_builddir)/config.h \ -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\" \ -DSYSTEMD_CGROUP_CONTROLLER=\"$(CGROUP_CONTROLLER)\" \ - -DELOGIND_CGROUP_AGENT_PATH=\"$(pkglibexecdir)/elogind-cgroups-agent\" \ + -DELOGIND_CGROUP_AGENT_PATH=\"$(rootlibexecdir)/elogind-cgroups-agent\" \ -DUDEVLIBEXECDIR=\"$(udevlibexecdir)\" \ -DPOLKIT_AGENT_BINARY_PATH=\"$(PKTTYAGENT)\" \ -DSYSTEM_SLEEP_PATH=\"$(systemsleepdir)\" \ @@ -131,6 +130,8 @@ AM_CPPFLAGS = \ -DREBOOT=\"$(REBOOT)\" \ -DKEXEC=\"$(KEXEC)\" \ -DLIBDIR=\"$(libdir)\" \ + -DROOTLIBDIR=\"$(rootlibdir)\" \ + -DROOTLIBEXECDIR=\"$(rootlibexecdir)\" \ -DTEST_DIR=\"$(abs_top_srcdir)/test\" \ -I $(top_srcdir)/src \ -I $(top_builddir)/src/basic \ @@ -767,6 +768,7 @@ EXTRA_DIST += \ # ------------------------------------------------------------------------------ substitutions = \ + '|rootlibexecdir=$(rootlibexecdir)|' \ '|rootbindir=$(rootbindir)|' \ '|bindir=$(bindir)|' \ '|pkgsysconfdir=$(pkgsysconfdir)|' \ diff --git a/NEWS b/NEWS index 6803c6588..1b7dc2183 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,209 @@ systemd System and Service Manager +CHANGES WITH 227: + + * systemd now depends on util-linux v2.27. More specifically, + the newly added mount monitor feature in libmount now + replaces systemd's former own implementation. + + * libmount mandates /etc/mtab not to be regular file, and + systemd now enforces this condition at early boot. + /etc/mtab has been deprecated and warned about for a very + long time, so systems running systemd should already have + stopped having this file around as anything else than a + symlink to /proc/self/mounts. + + * Support for the "pids" cgroup controller has been added. It + allows accounting the number of tasks in a cgroup and + enforcing limits on it. This adds two new setting + TasksAccounting= and TasksMax= to each unit, as well as a + global option DefaultTasksAccounting=. + + * Support for the "net_cls" cgroup controller has been added. + It allows assigning a net class ID to each task in the + cgroup, which can then be used in firewall rules and traffic + shaping configurations. Note that the kernel netfilter net + class code does not currently work reliably for ingress + packets on unestablished sockets. + + This adds a new config directive called NetClass= to CGroup + enabled units. Allowed values are positive numbers for fixed + assignments and "auto" for picking a free value + automatically. + + * 'systemctl is-system-running' now returns 'offline' if the + system is not booted with systemd. This command can now be + used as a substitute for 'systemd-notify --booted'. + + * Watchdog timeouts have been increased to 3 minutes for all + in-tree service files. Apparently, disk IO issues are more + frequent than we hoped, and user reported >1 minute waiting + for disk IO. + + * 'machine-id-commit' functionality has been merged into + 'machine-id-setup --commit'. The separate binary has been + removed. + + * The WorkingDirectory= directive in unit files may now be set + to the special value '~'. In this case, the working + directory is set to the home directory of the user + configured in User=. + + * "machinectl shell" will now open the shell in the home + directory of the selected user by default. + + * The CrashChVT= configuration file setting is renamed to + CrashChangeVT=, following our usual logic of not + abbreviating unnecessarily. The old directive is still + supported for compat reasons. Also, this directive now takes + an integer value between 1 and 63, or a boolean value. The + formerly supported '-1' value for disabling stays around for + compat reasons. + + * The PrivateTmp=, PrivateDevices=, PrivateNetwork=, + NoNewPrivileges=, TTYPath=, WorkingDirectory= and + RootDirectory= properties can now be set for transient + units. + + * The systemd-analyze tool gained a new "set-log-target" verb + to change the logging target the system manager logs to + dynamically during runtime. This is similar to how + "systemd-analyze set-log-level" already changes the log + level. + + * In nspawn /sys is now mounted as tmpfs, with only a selected + set of subdirectories mounted in from the real sysfs. This + enhances security slightly, and is useful for ensuring user + namespaces work correctly. + + * Support for USB FunctionFS activation has been added. This + allows implementation of USB gadget services that are + activated as soon as they are requested, so that they don't + have to run continously, similar to classic socket + activation. + + * The "systemctl exit" command now optionally takes an + additional parameter that sets the exit code to return from + the systemd manager when exiting. This is only relevant when + running the systemd user instance, or when running the + system instance in a container. + + * sd-bus gained the new API calls sd_bus_path_encode_many() + and sd_bus_path_decode_many() that allow easy encoding and + decoding of multiple identifier strings inside a D-Bus + object path. Another new call sd_bus_default_flush_close() + has been added to flush and close per-thread default + connections. + + * systemd-cgtop gained support for a -M/--machine= switch to + show the control groups within a certain container only. + + * "systemctl kill" gained support for an optional --fail + switch. If specified the requested operation will fail of no + processes have been killed, because the unit had no + processes attached, or similar. + + * A new systemd.crash_reboot=1 kernel command line option has + been added that triggers a reboot after crashing. This can + also be set through CrashReboot= in systemd.conf. + + * The RuntimeDirectory= setting now understands unit + specifiers like %i or %f. + + * A new (still internal) libary API sd-ipv4acd has been added, + that implements address conflict detection for IPv4. It's + based on code from sd-ipv4ll, and will be useful for + detecting DHCP address conflicts. + + * File descriptors passed during socket activation may now be + named. A new API sd_listen_fds_with_names() is added to + access the names. The default names may be overriden, + either in the .socket file using the FileDescriptorName= + parameter, or by passing FDNAME= when storing the file + descriptors using sd_notify(). + + * systemd-networkd gained support for: + + - Setting the IPv6 Router Advertisment settings via + IPv6AcceptRouterAdvertisements= in .network files. + + - Configuring the HelloTimeSec=, MaxAgeSec= and + ForwardDelaySec= bridge parameters in .netdev files. + + - Configuring PreferredSource= for static routes in + .network files. + + * The "ask-password" framework used to query for LUKS harddisk + passwords or SSL passwords during boot gained support for + caching passwords in the kernel keyring, if it is + available. This makes sure that the user only has to type in + a passphrase once if there are multiple objects to unlock + with the same one. Previously, such password caching was + available only when Plymouth was used; this moves the + caching logic into the systemd codebase itself. The + "systemd-ask-password" utility gained a new --keyname= + switch to control which kernel keyring key to use for + caching a password in. This functionality is also useful for + enabling display managers such as gdm to automatically + unlock the user's GNOME keyring if its passphrase, the + user's password and the harddisk password are the same, if + gdm-autologin is used. + + * When downloading tar or raw images using "machinectl + pull-tar" or "machinectl pull-raw", a matching ".nspawn" + file is now also downloaded, if it is available and stored + next to the image file. + + * Units of type ".socket" gained a new boolean setting + Writable= which is only useful in conjunction with + ListenSpecial=. If true, enables opening the specified + special file in O_RDWR mode rather than O_RDONLY mode. + + * systemd-rfkill has been reworked to become a singleton + service that is activated through /dev/rfkill on each rfkill + state change and saves the settings to disk. This way, + systemd-rfkill is now compatible with devices that exist + only intermittendly, and even restores state if the previous + system shutdown was abrupt rather than clean. + + * The journal daemon gained support for vacuuming old journal + files controlled by the number of files that shall remain, + in addition to the already existing control by size and by + date. This is useful as journal interleaving performance + degrades with too many seperate journal files, and allows + putting an effective limit on them. The new setting defaults + to 100, but this may be changed by setting SystemMaxFiles= + and RuntimeMaxFiles= in journald.conf. Also, the + "journalctl" tool gained the new --vacuum-files= switch to + manually vacuum journal files to leave only the specified + number of files in place. + + * udev will now create /dev/disk/by-path links for ATA devices + on kernels where that is supported. + + * Galician, Serbian, Turkish and Korean translations were added. + + Contributions from: Aaro Koskinen, Alban Crequy, Beniamino + Galvani, Benjamin Robin, Branislav Blaskovic, Chen-Han Hsiao + (Stanley), Daniel Buch, Daniel Machon, Daniel Mack, David + Herrmann, David Milburn, doubleodoug, Evgeny Vereshchagin, + Felipe Franciosi, Filipe Brandenburger, Fran Dieguez, Gabriel + de Perthuis, Georg Müller, Hans de Goede, Hendrik Brueckner, + Ivan Shapovalov, Jacob Keller, Jan Engelhardt, Jan Janssen, + Jan Synacek, Jens Kuske, Karel Zak, Kay Sievers, Krzesimir + Nowak, Krzysztof Kotlenga, Lars Uebernickel, Lennart + Poettering, Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, + Marcel Holtmann, Marius Thesing, Martin Pitt, Michael Biebl, + Michael Gebetsroither, Michal Schmidt, Michal Sekletar, Mike + Gilbert, Muhammet Kara, nazgul77, Nicolas Cornu, NoXPhasma, + Olof Johansson, Patrik Flykt, Pawel Szewczyk, reverendhomer, + Ronny Chevalier, Sangjung Woo, Seong-ho Cho, Susant Sahani, + Sylvain Plantefève, Thomas Haller, Thomas Hindoe Paaboel + Andersen, Tom Gundersen, Tom Lyon, Viktar Vauchkevich, + Zbigniew Jędrzejewski-Szmek, Марко М. Костић + + -- Berlin, 2015-10-07 + CHANGES WITH 226: * The DHCP implementation of systemd-networkd gained a set of diff --git a/TODO b/TODO index 4fdecebd0..066d0ae6b 100644 --- a/TODO +++ b/TODO @@ -26,6 +26,16 @@ External: Features: +* add a concept of RemainAfterExit= to scope units + +* add journal vacuum by max number of files + +* add a new command "systemctl revert" or so, that removes all dropin + snippets in /run and /etc, and all unit files with counterparts in + /usr, and thus undoes what "systemctl set-property" and "systemctl + edit" create. Maybe even add "systemctl revert -a" to do this for + all units. + * sd-event: maybe add support for inotify events * PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when run via nspawn) @@ -59,8 +69,6 @@ Features: * install: include generator dirs in unit file search paths -* stop using off_t, it's a crazy type. Use uint64_t instead. - * logind: follow PropertiesChanged state more closely, to deal with quick logouts and relogins * invent a better systemd-run scheme for naming scopes, that works with remoting diff --git a/configure.ac b/configure.ac index 57bbb1d00..4757791c7 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ AC_PREREQ([2.64]) AC_INIT([elogind], - [226.5], + [227], [https://github.com/elogind/elogind/issues], [elogind], [https://github.com/elogind/elogind]) @@ -175,7 +175,6 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -Werror=implicit-function-declaration \ -Werror=missing-declarations \ -Werror=return-type \ - -Werror=shadow \ -Wstrict-prototypes \ -Wredundant-decls \ -Wmissing-noreturn \ @@ -200,17 +199,28 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -fPIE \ --param=ssp-buffer-size=4]) +CC_CHECK_FLAG_APPEND([with_cflags], [CFLAGS], [-Werror=shadow], [ +#include +#include +typedef uint64_t usec_t; +usec_t now(clockid_t clock); +int main(void) { + struct timespec now; + return 0; +} +]) + AS_CASE([$CC], [*clang*], [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ -Wno-typedef-redefinition \ -Wno-gnu-variable-sized-type-not-at-end \ ])]) -dnl AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*], -dnl [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -dnl -flto])], -dnl [AC_MSG_RESULT([skipping -flto, optimization not enabled])]) -dnl AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags") +AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*], + [CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ + -flto])], + [AC_MSG_RESULT([skipping -flto, optimization not enabled])]) +AC_SUBST([OUR_CFLAGS], "$with_cflags $sanitizer_cflags") AS_CASE([$CFLAGS], [*-O[[12345sz\ ]]*], [CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\ @@ -296,7 +306,6 @@ AS_IF([test "$have_python" != "yes"], [ AS_IF([test "$with_python" != "no"], [AC_MSG_WARN([*** python support not found, some documentation cannot be built])]) ]) - AM_CONDITIONAL([HAVE_PYTHON], [test "x$have_python" = "xyes"]) # ------------------------------------------------------------------------------ @@ -316,24 +325,15 @@ AS_IF([test x$have_printf_h = xyes], [ dnl AC_SEARCH_LIBS([clock_gettime], [rt], [], []) dnl AC_SEARCH_LIBS([mq_unlink], [rt], [], []) -AC_ARG_WITH([libcap], - AS_HELP_STRING([--with-libcap=DIR], [Prefix for libcap]), - [CAP_LDFLAGS="-L$with_libcap/lib"], - [CAP_LDFLAGS=""]) save_LIBS="$LIBS" -save_LDFLAGS="$LDFLAGS" LIBS= -LDFLAGS="$LDFLAGS $CAP_LDFLAGS" AC_SEARCH_LIBS([cap_init], [cap], [], [AC_MSG_ERROR([*** POSIX caps library not found])]) CAP_LIBS="$LIBS" AC_SUBST(CAP_LIBS) -AC_SUBST(CAP_LDFLAGS) -LIBS="$save_LIBS" -LDFLAGS="$save_LDFLAGS" AC_CHECK_FUNCS([memfd_create]) AC_CHECK_FUNCS([__secure_getenv secure_getenv]) -AC_CHECK_DECLS([gettid, pivot_root, name_to_handle_at, setns, getrandom, renameat2, kcmp, LO_FLAGS_PARTSCAN], +AC_CHECK_DECLS([gettid, pivot_root, name_to_handle_at, setns, getrandom, renameat2, kcmp, keyctl, key_serial_t, LO_FLAGS_PARTSCAN], [], [], [[ #include #include @@ -352,11 +352,11 @@ AC_CHECK_DECLS([IFLA_INET6_ADDR_GEN_MODE, IFLA_BOND_AD_INFO, IFLA_VLAN_PROTOCOL, IFLA_VXLAN_REMCSUM_NOPARTIAL, - IFLA_VXLAN_LOCAL6, IFLA_IPTUN_ENCAP_DPORT, IFLA_GRE_ENCAP_DPORT, IFLA_BRIDGE_VLAN_INFO, IFLA_BRPORT_LEARNING_SYNC, + IFLA_BR_PRIORITY, NDA_IFINDEX, IFA_FLAGS], [], [], [[ @@ -522,12 +522,17 @@ if test "x${have_smack}" = xauto; then have_smack=yes fi +have_smack_run_label=no AC_ARG_WITH(smack-run-label, AS_HELP_STRING([--with-smack-run-label=STRING], - [run elogind --system itself with a specific SMACK label]), - [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run elogind itself with SMACK label])], + [run systemd --system itself with a specific SMACK label]), + [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label]) have_smack_run_label=yes], []) +if test "x${have_smack_run_label}" = xyes; then + M4_DEFINES="$M4_DEFINES -DHAVE_SMACK_RUN_LABEL" +fi + AC_ARG_WITH(smack-default-process-label, AS_HELP_STRING([--with-smack-default-process-label=STRING], [default SMACK label for executed processes]), @@ -582,11 +587,6 @@ AM_CONDITIONAL(ENABLE_KDBUS, [test "$have_kdbus" = "yes"]) # ------------------------------------------------------------------------------ AC_CHECK_HEADERS_ONCE([valgrind/memcheck.h valgrind/valgrind.h]) -# ------------------------------------------------------------------------------ -PKG_CHECK_MODULES([GLIB], [glib-2.0 >= 2.22.0 gobject-2.0 >= 2.22.0 gio-2.0], - [have_glib=yes], [have_glib=no]) -AS_IF([test "x$have_glib" = "xyes"], [ AC_DEFINE(HAVE_GLIB, 1, [Define if glib is available]) ]) - # ------------------------------------------------------------------------------ have_manpages=no AC_ARG_ENABLE(manpages, AS_HELP_STRING([--disable-manpages], [disable manpages])) -- cgit v1.2.3