We run the build as a regular user and create-log-dirs requires to
run as root so let's disable the option to avoid error noise during
the install phase.
Until now, we always excluded the top level directories that were
covered by child partition mount points, regardless of the source
directory and the target directory of the copy files operation.
This means that even if we were populating a XBOOTLDR partition, if
there was an EFI partition in the image, we'd exclude /boot
unconditionally, leading to the XBOOTLDR partition to be empty.
Also, because of the same cause, if we were copying a nested source
directory (e.g. /abc/def) to the root directory in the root
partition, if /abc/def/usr existed and was populated with files and
directories, the root partition would have those files under /usr,
even if a /usr partition was defined.
To fix these issues, instead of unconditionally excluding the top
level partition mount points under <source>, let's make sure that
when we're copying files from any source directory to the root
directory of a root partition, that we exclude the partition mount
point directories under the source directory instead of the top
level ones.
Some tests are skipped because initrd extracted from bootctl
is "/boot/initramfs-5.14.0-284.el9.x86_64.img $tuned_initrd"
and not just "/boot/initramfs-5.14.0-284.el9.x86_64.img".
Therefore split and remove the additional garbage.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
sbsign is not available everywhere, for example RHEL does not have it.
Add pesign as alternative to it.
pesign will use options "--secureboot-certificate-name" (mandatory) and
"--secureboot-certificate-dir" (optional), while sbsign will use
"--secureboot-private-key" and "--secureboot-certificate".
By default, use sbsign. If no key/cert is provided or sbsign is not found,
try pesign.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
If a package is missing, a subprocess is started with None as
command argument. Error raised by subprocess is therefore not helpful
at all to understand what needs to be done to fix that error.
Also fix doc since systemd-stub will look for .cmdline files, and not
.cmdline.efi files.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
GCC document [1] says:
The pure attribute prohibits a function from modifying the state
of the program that is observable by means other than inspecting
the function’s return value.
And there is an example:
`int hash (char *) __attribute__ ((pure));`
... Even though hash takes a non-const pointer argument it must
not modify the array it points to, ...
But we are modifying the object pointed to by the pointer u, which is
clearly a violation of the semantic of pure.
With -ftrivial-auto-var-init (enabled by -Dmode=release), on some
targets (GCC 12.2 on AArch64 and GCC 13.1 on x86_64) performs an
optimization: as the variable "u" in bus_match_parse has been
zero-initialized (by the -ftrivial-auto-var-init option) and never
modified (because a "pure" bus_message_type_from_string is not allowed
to modify it), "u" will be always 0.
Then 0 is used to initialize .value_u8 field of struct
bus_match_component. This then causes a infinite event loop, so
"systemctl restart" never stops, and pam_systemd timeouts communicating
with logind, etc.
So we should remove the "pure" attribute here.
Fixes#26395.
[1]:https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-pure-function-attribute
Previously, these strings were copied w/o any modification. However, if
mount table contained e.g. remote fs mount like NFS or CIFS that was
mounted from server running with non UTF-8 locale then those strings
might have contained some non UTF-8 characters.
If then client asked about status of such mount unit we tried to forward
these non UTF-8 strings over D-Bus. That is the violation of the
protocol and we ended up kicked from the bus.
Passing 0 to log_xxx_errno() leads to an assertion, so let's not do that:
$ NEWPASSWORD="" build-san/systemd-cryptenroll --unlock-key-file=/tmp/password --password "$img"
/tmp/password has 0644 mode that is too permissive, please adjust the ownership and access mode.
Assertion '(_error) != 0' failed at src/cryptenroll/cryptenroll-password.c:164, function enroll_password(). Aborting.
Aborted (core dumped)
Rename TEST-23-TYPE-EXEC to TEST-23-UNIT-FILE and merge it with
following tests:
- TEST-37-RUNTIMEDIRECTORYPRESERV
- TEST-40-EXEC-COMMAND-EX
- TEST-41-ONESHOT-RESTART
- TEST-42-EXECSTOPPOST
- TEST-57-ONSUCCESS-UPHOLD
