As the result is a bit funky (but still valid), i.e.:
static inline void iovec_done_erase(struct iovec *iovec) {
assert(iovec);
- iovec->iov_base = erase_and_free(iovec->iov_base);
- iovec->iov_len = 0;
+ *iovec = IOVEC_MAKE(erase_and_free(iovec->iov_base), 0);
}
If user requests hybrid sleep, we should always use 'suspend'
disk mode. If that's not supported, let's correctly report it
so they can choose plain hibernation instead. HybridSleepMode=
serves no purpose in this case and should be removed.
Addresses https://github.com/systemd/systemd/pull/29681#discussion_r1369812785
This seems to be the only place where rm_rf_children() is called with a
possibly used fd, which is then passed through to rm_rf_children_impl().
This also fixes#29606.
(Tested on Fedora rawhide with kernel 6.5.6-300.fc39.x86_64.)
In several Ubuntu CI jobs I noticed timeouts in TEST-69, which are
apparently caused by a very stubborn bash/login process:
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal
[ 2011.698430] systemd[1]: shutdown.target: starting held back, waiting for: veritysetup.target
[ 2011.698473] systemd[1]: sysinit.target: stopping held back, waiting for: user@0.service
[ 2045.884982] systemd[1]: systemd-oomd.service: Got notification message from PID 54 (WATCHDOG=1)
[ 2071.576424] systemd[1]: Received SIGCHLD from PID 65 (bash).
[ 2071.576941] systemd[1]: Child 65 (bash) died (code=killed, status=1/HUP)
[ 2071.577026] systemd[1]: session-13.scope: Child 65 belongs to session-13.scope.
[ 2071.577100] systemd[1]: session-13.scope: cgroup is empty
[ 2071.577249] systemd[1]: session-13.scope: Deactivated successfully.
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal _PID=65
[ 3038.661488] login[65]: ROOT LOGIN on '/dev/pts/0'
Since, in this case, we really care only about the actual shutdown,
let's shorten the service stop/abort timeouts to let systemd SIGKILL all
remaining processes in the 60s `expect` window.
This removes a duplicate condition check by adding a common surrounding
if block.
This also change a confusing if check: "(X && Y) && Z" to simply "X && Y && Z"
SuspendState= not to include "disk"
I don't know why these existed in the first place, but as I
justified in the comments, it's simply not sensible to allow
HibernateState= or HybridSleepState= to take values other than
'disk'. So let's just remove those options. Also, SuspendState=
should not contain 'disk'.
This reverts commit 6bbb893b90.
Let's try a different approach where we make sure that all callers only pass in
a fd that is "clean", i.e. at offset 0. The majority of callers of this function
(both direct and indirect) pass a freshly-opened fd, so the rewind call is not
needed.
Let's split out the logic that actually generates the word to measure to
PCRs into a new helper file pcrextend-util.[ch].
This we can later reuse to calculate PCR measurement predictions ahead
of time.
These are not used outside of tpm2-util.[ch], and the way they merge
public/private key pair into one blob is kinda specific to our
implementation, hence better should be hidden away, and not used for new
code anyway.
We'll soon have a function for determining the name of an NV index,
hence let's rename the existing function for the same of a public key to
make clear it's about public keys only.
modprobe treats "-" and "_" interchangeably, thereby avoiding frequent
errors because some module names contain dashes and others underscores.
Because modprobe@.service unescapes the instance name, an attempt to
start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt",
which is doomed to fail. "modprobe@dm_crypt.service" will work as
expected. Thus unescaping the instance name has surprising side effects.
Use "%i" instead.
This is convenient when the server supports IPv6 only mode.
Otherwise, we cannot request a new address during the client is waiting an
IPv6 connectivity. Note, the minimal timespan is 5min, and a server may
send a quite large value.
