There's a race condition where the EXIT_STATUS= message we send
just before shutting down the VM doesn't arrive on the host,
presumably because the VM is shut down before the kernel has had a
chance to forward the message to the host.
Since there's no obvious way to wait until the message has been
flushed to the host, let's send the message before we execute the
final sync() instead of after executing the final sync(). In my
testing, this seems to either guarantee the message is sent or
introduces sufficient delay that the kernel always has time to flush
its socket buffers to the host.
Now that creds are processed even if systemd.firstboot=no is set, we can
use it to disable the root pw prompt *and* the new homectl prompt at the
same time, without breaking the creds stuff.
This extends what systemd-firstboot does and runs on first boots only
and either processes user records passed in via credentials to create,
or asks the user interactively to create one (only if no regular user
exists yet).
So far by setting systemd.firstboot=no simply short-cut the whole tool
and made it exit early. This is against what the docs say though: they
just claim the user isn't asked for questions anymore. Let's change
behaviour so that the code actually matches the docs, or more
specifically: if credentials are passed into firstboot, then honour
them, regardless of the kernel cmdline option.
After all, if we get explicit data passed in we should operate on it,
and then leave systemd.firstboot=no just affect the interactivity.
I think this was actually mostly a bug introduced because the credential
stuff was added after the kernel cmdline option, hence this just catches
up with the new addition.
This is just paranoia. In all these cases we don't really care about the
trailing NUL byte. But if there's space for it dns_label_unescape() is
going to insert it, and that's a good safety strategy.
This is a follow-up to c29c3adefa which
fixed an actual bug, unlike this commit, which is just paranoia.
With <para><filename>…</filename></para>, we get a separate "paragraph" for
each line, i.e. entries separated by empty lines. This uses up a lot of space
and was only done because docbook makes it hard to insert a newline. In some
other places, <literallayout> was used, but then we cannot indent the source
text (because the whitespace would end up in the final page). We can get the
desired result with <simplelist>.
With <simplelist> the items are indented in roff output, but not in html
output. In some places this looks better then no indentation, and in others it
would probably be better to have no indent. But this is a minor issue and we
cannot control that.
(I didn't convert all spots. There's a bunch of other man pages which have two
lines, e.g. an executable and service file, and it doesn't matter there so
much.)
The integration tests use /etc/rc.d/init.d if it exists
or falls back to /etc/init.d,
while the mkosi.build.chroot script dereferenced /etc/init.d.
This produces inconsistent results, as sometimes an image can be made
that has systemd built to expect /etc/init.d but /etc/rc.d/init.d
also exists.
locale files are not generated on-demand in Fedora like they are in
Debian-like systems and are typically installed from package instead.
This is necessary for the locale tests,
which expect en_US.UTF-8 to be available.
Then, all nexthops managed by networkd really exist (unless the kernel
silently removes a nexthop).
This is the same for nexthop already done by
3c283289ae and
0a0c2672db (for address), and
5d098f5d36 (for neighbor).
The kernel manages nexthops by their IDs. Previously networkd manages
nexthops in three ways:
- by the corresponding link, if a nexthop has ifindex,
- by the manager, if a nexthop does not have ifindex,
- by the manager with their IDs.
This unifies the three managements of nexthops into one, and use the
same way as the kernel uses.
This is the one for nexthop already done by
aa9626ee3b for neighbor.
If a nexthop is requested without a valid ID, then nexthop_acquire_id()
assigns an unused ID. So, at the time nexthop_configure() is called, the
ID is always valid.
