Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • pkg/systemd
  • em/systemd
  • wlozano/systemd
  • pkg-rebase-trixie/systemd
4 results
Show changes
Commits on Source (81)
Hide whitespace changes
Inline Side-by-side
Showing
with 1262 additions and 67 deletions
.clang-format
View file @ 368bca83
# This configuration file can be used to auto-format the code base.
# Not all guidelines specified in CODING_STYLE are followed, so the
# result MUST NOT be committed indiscriminately, but each automated
# change should be reviewed and only the appropriate ones commited.
# change should be reviewed and only the appropriate ones committed.
#
# The easiest way to apply the formatting to your changes ONLY,
# is to use the git-clang-format script (usually installed with clang-format).
......@@ -26,27 +26,28 @@
---
AccessModifierOffset: -4
AlignAfterOpenBracket: AlwaysBreak
AlignArrayOfStructures: Right
AlignEscapedNewlines: Left
AlignOperands: false
AlignOperands: false
AllowShortFunctionsOnASingleLine: None
AlwaysBreakBeforeMultilineStrings: true
AlwaysBreakTemplateDeclarations: Yes
BinPackArguments: false
BinPackParameters: false
BraceWrapping:
AfterEnum: false
AfterEnum: false
SplitEmptyFunction: false
SplitEmptyRecord: false
SplitEmptyNamespace: false
BreakBeforeBraces: Custom
BreakInheritanceList: BeforeComma
BreakBeforeTernaryOperators: false
BreakInheritanceList: BeforeComma
BreakStringLiterals: false
ColumnLimit: 109
ColumnLimit: 109
CompactNamespaces: true
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 8
ContinuationIndentWidth: 8
ContinuationIndentWidth: 16
Cpp11BracedListStyle: false
ForEachMacros:
- BITMAP_FOREACH
......@@ -107,7 +108,7 @@ ForEachMacros:
- STRV_FOREACH_BACKWARDS
- STRV_FOREACH_PAIR
IndentPPDirectives: AfterHash
IndentWidth: 8
IndentWidth: 8
IndentWrappedFunctionNames: true
MaxEmptyLinesToKeep: 2
PenaltyBreakAssignment: 65
......@@ -117,8 +118,10 @@ PenaltyBreakFirstLessLess: 50
PenaltyBreakString: 0
PenaltyExcessCharacter: 10
PenaltyReturnTypeOnItsOwnLine: 100
PointerAlignment: Right
SpaceAfterCStyleCast: true
SpaceAroundPointerQualifiers: Both
SpaceBeforeParens: ControlStatementsExceptForEachMacros
SpacesInAngles: true
TabWidth: 8
UseCRLF: false
SpacesInAngles: true
TabWidth: 8
UseCRLF: false
.clusterfuzzlite/Dockerfile 0 → 100644
View file @ 368bca83
FROM gcr.io/oss-fuzz-base/base-builder:v1
ENV MERGE_WITH_OSS_FUZZ_CORPORA=yes
COPY . $SRC/systemd
WORKDIR $SRC/systemd
COPY tools/oss-fuzz.sh $SRC/build.sh
.editorconfig
View file @ 368bca83
......@@ -14,12 +14,17 @@ insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
[NEWS]
indent_style = space
indent_size = 4
# Match config files, set indent to spaces with width of eight
[*.{c,h}]
indent_style = space
indent_size = 8
max_line_length = 109
[*.sh]
[*.sh,mkosi.build,mkosi.prepare,mkosi.postinst]
indent_style = space
indent_size = 4
......@@ -30,3 +35,12 @@ indent_size = 8
[man/*.xml]
indent_size = 2
indent_style = space
max_line_length = 109
[docs/**/*.css]
indent_style = space
indent_size = 2
[docs/**/*.html]
indent_style = space
indent_size = 2
.gitattributes
View file @ 368bca83
*.[ch] whitespace=tab-in-indent,trailing-space
*.gpg binary generated
*.bmp binary
*.base64 generated
# Mark files as "generated", i.e. no license applies to them.
# This includes output from programs, directive lists generated by grepping
# for all possibilities, samples from fuzzers, files from /proc, packet samples,
# and anything else where no copyright can be asserted.
#
# Use 'git check-attr generated -- <path>' to query the attribute.
[attr]generated
.github/ISSUE_TEMPLATE/Bug_report.md deleted 100644 → 0
View file @ 31283fcf
---
name: Bug report
about: A report of an error in a recent systemd version
---
**systemd version the issue has been seen with**
> …
<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released (non-rc) systemd versions upstream! -->
<!-- See https://github.com/systemd/systemd/releases for the list of most recent releases. -->
<!-- For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues). -->
**Used distribution**
> …
**Linux kernel version used** (`uname -a`)
> …
**CPU architecture issue was seen on**
> …
**Expected behaviour you didn't see**
> …
**Unexpected behaviour you saw**
> …
**Steps to reproduce the problem**
> …
.github/ISSUE_TEMPLATE/Feature_request.md deleted 100644 → 0
View file @ 31283fcf
---
name: Feature request
about: Suggest an improvement
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
.github/ISSUE_TEMPLATE/bug_report.yml 0 → 100644
View file @ 368bca83
name: Bug Report
description: A report of an error in a recent systemd version
labels: ["bug 🐛"]
body:
- type: markdown
attributes:
value: Thanks for taking the time to fill out this bug report!
- type: input
id: version
attributes:
label: systemd version the issue has been seen with
description: |
Do not submit bug reports about anything but the two most recently released *major* systemd versions upstream!
If there have been multiple stable releases for that major version, please consider updating to a recent one before reporting an issue.
When using a distro package, please make sure that the version reported is meaningful for upstream.
If a distro build is used, please just paste the package version, e.g. `systemd-254.7-1.fc39.x86_64`.
See https://github.com/systemd/systemd-stable/tags for the list of most recent releases.
For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues).
placeholder: '256.x'
validations:
required: true
- type: input
id: distro
attributes:
label: Used distribution
description: Used distribution and its version
placeholder: Fedora 39
validations:
required: false
- type: input
id: kernel
attributes:
label: Linux kernel version used
description: |
Please use `uname -r` to get linux kernel version.
placeholder: kernel-6.6.8-200.fc39.x86_64
validations:
required: false
- type: dropdown
id: architecture
attributes:
label: CPU architectures issue was seen on
options:
- aarch64
- alpha
- arm
- i686
- ia64
- loongarch
- mips
- parisc
- ppc (big endian)
- ppc64 (big endian)
- ppc64le
- riscv64
- s390x
- sparc
- sparc64
- x86_64
- other
validations:
required: false
- type: dropdown
id: component
attributes:
label: Component
description: Please chose components related to this issue.
multiple: true
# When updating list of components please also update labeling policy
# policy: `.github/advanced-issue-labeler.yml`
options:
- 'bootctl'
- 'coredumpctl'
- 'homectl'
- 'hostnamectl'
- 'hardware database files'
- 'journalctl'
- 'kernel-install'
- 'loginctl'
- 'machinectl'
- 'networkctl'
- 'nss-resolve'
- 'oomctl'
- 'pam_systemd'
- 'pam_systemd_home'
- 'portablectl'
- 'resolvectl'
- 'rpm scriptlets'
- 'systemctl'
- 'systemd'
- 'systemd-analyze'
- 'systemd-ask-password'
- 'systemd-binfmt'
- 'systemd-boot'
- 'systemd-cgtop'
- 'systemd-coredump'
- 'systemd-cryptsetup'
- 'systemd-delta'
- 'systemd-dissect'
- 'systemd-env-generator'
- 'systemd-fsck'
- 'systemd-gpt-auto-generator'
- 'systemd-growfs'
- 'systemd-homed'
- 'systemd-hostnamed'
- 'systemd-hwdb'
- 'systemd-import'
- 'systemd-journal-gatewayd'
- 'systemd-journal-remote'
- 'systemd-journal-upload'
- 'systemd-journald'
- 'systemd-logind'
- 'systemd-machined'
- 'systemd-modules-load'
- 'systemd-network-generator'
- 'systemd-networkd'
- 'systemd-networkd-wait-online'
- 'systemd-nspawn'
- 'systemd-oomd'
- 'systemd-portabled'
- 'systemd-pstore'
- 'systemd-repart'
- 'systemd-resolved'
- 'systemd-rfkill'
- 'systemd-run'
- 'systemd-stub'
- 'systemd-sysctl'
- 'systemd-sysext'
- 'systemd-sysusers'
- 'systemd-sysv-generator'
- 'systemd-timedate'
- 'systemd-timesync'
- 'systemd-tmpfiles'
- 'systemd-udevd'
- 'systemd-userdb'
- 'systemd-veritysetup'
- 'systemd-vmspawn'
- 'systemd-xdg-autostart-generator'
- 'timedatectl'
- 'udevadm'
- 'udev rule files'
- 'userdbctl'
- 'tests'
- 'other'
validations:
required: false
- type: textarea
id: expected-behaviour
attributes:
label: Expected behaviour you didn't see
validations:
required: false
- type: textarea
id: unexpected-behaviour
attributes:
label: Unexpected behaviour you saw
validations:
required: false
- type: textarea
id: steps-to-reproduce
attributes:
label: Steps to reproduce the problem
validations:
required: false
- type: textarea
id: additional-information
attributes:
label: Additional program output to the terminal or log subsystem illustrating the issue
description: |
Please paste relevant program terminal or journal output here, ideally when generated in debug mode (try setting the `SYSTEMD_LOG_LEVEL=debug` environment variable).
For very long copy/pasted data consider using a service like https://gist.github.com/. Where copy/paste is not possible (for example early boot or late shutdown), a photo of the screen might do too, but text is always much preferred.
placeholder: This will be automatically formatted into code, so no need for backticks.
render: sh
validations:
required: false
.github/ISSUE_TEMPLATE/config.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
blank_issues_enabled: true
contact_links:
- name: systemd-devel mailing list
url: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
about: Please ask (and answer) questions here, use the issue tracker only for issues.
.github/ISSUE_TEMPLATE/feature_request.yml 0 → 100644
View file @ 368bca83
name: Feature request
description: Suggest an improvement
labels: ["RFE 🎁"]
body:
- type: markdown
attributes:
value: Thanks for taking the time to fill out this feature request!
- type: dropdown
id: component
attributes:
label: Component
description: Please chose components related to this feature request.
multiple: true
# When updating list of components please also update labeling policy
# policy: `.github/advanced-issue-labeler.yml`
options:
- 'bootctl'
- 'coredumpctl'
- 'homectl'
- 'hostnamectl'
- 'hardware database files'
- 'journalctl'
- 'kernel-install'
- 'loginctl'
- 'machinectl'
- 'networkctl'
- 'nss-resolve'
- 'oomctl'
- 'pam_systemd'
- 'pam_systemd_home'
- 'portablectl'
- 'resolvectl'
- 'rpm scriptlets'
- 'systemctl'
- 'systemd'
- 'systemd-analyze'
- 'systemd-ask-password'
- 'systemd-binfmt'
- 'systemd-boot'
- 'systemd-cgtop'
- 'systemd-coredump'
- 'systemd-cryptsetup'
- 'systemd-delta'
- 'systemd-dissect'
- 'systemd-env-generator'
- 'systemd-fsck'
- 'systemd-gpt-auto-generator'
- 'systemd-growfs'
- 'systemd-homed'
- 'systemd-hostnamed'
- 'systemd-hwdb'
- 'systemd-import'
- 'systemd-journal-gatewayd'
- 'systemd-journal-remote'
- 'systemd-journal-upload'
- 'systemd-journald'
- 'systemd-logind'
- 'systemd-machined'
- 'systemd-modules-load'
- 'systemd-network-generator'
- 'systemd-networkd'
- 'systemd-networkd-wait-online'
- 'systemd-nspawn'
- 'systemd-oomd'
- 'systemd-portabled'
- 'systemd-pstore'
- 'systemd-repart'
- 'systemd-resolved'
- 'systemd-rfkill'
- 'systemd-run'
- 'systemd-stub'
- 'systemd-sysctl'
- 'systemd-sysext'
- 'systemd-sysusers'
- 'systemd-sysv-generator'
- 'systemd-timedate'
- 'systemd-timesync'
- 'systemd-tmpfiles'
- 'systemd-udevd'
- 'systemd-userdb'
- 'systemd-veritysetup'
- 'systemd-vmspawn'
- 'systemd-xdg-autostart-generator'
- 'timedatectl'
- 'udevadm'
- 'udev rule files'
- 'userdbctl'
- 'tests'
- 'other'
validations:
required: false
- type: textarea
id: description
attributes:
label: Is your feature request related to a problem? Please describe
description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
validations:
required: false
- type: textarea
id: solution
attributes:
label: Describe the solution you'd like
description: A clear and concise description of what you want to happen.
validations:
required: false
- type: textarea
id: alternatives
attributes:
label: Describe alternatives you've considered
description: A clear and concise description of any alternative solutions or features you've considered.
validations:
required: false
- type: input
id: version
attributes:
label: The systemd version you checked that didn't have the feature you are asking for
description: If this is not the most recently released upstream version, then please check first if it has that feature already.
placeholder: '256.x'
validations:
required: false
.github/advanced-issue-labeler.yml 0 → 100644
View file @ 368bca83
---
# syntax - https://github.com/redhat-plumbers-in-action/advanced-issue-labeler#policy
policy:
- template: [bug_report.yml, feature_request.yml]
section:
- id: [component]
block-list: [other]
label:
- name: analyze
keys: ['systemd-analyze']
- name: ask-password
keys: ['systemd-ask-password']
- name: binfmt
keys: ['systemd-binfmt']
- name: cgtop
keys: ['systemd-cgtop']
- name: coredump
keys: ['coredumpctl', 'systemd-coredump']
- name: cryptsetup
keys: ['systemd-cryptsetup']
- name: delta
keys: ['systemd-delta']
- name: dissect
keys: ['systemd-dissect']
- name: env-generator
keys: ['systemd-env-generator']
- name: fsck
keys: ['systemd-fsck']
- name: gpt-auto
keys: ['systemd-gpt-auto-generator']
- name: growfs
keys: ['systemd-growfs']
- name: homed
keys: ['systemd-homed', 'homectl', 'pam_systemd_home']
- name: hostname
keys: ['systemd-hostnamed', 'hostnamectl']
- name: hwdb
keys: ['systemd-hwdb', 'hardware database files']
- name: import
keys: ['systemd-import']
- name: journal
keys: ['systemd-journald', 'journalctl']
- name: journal-remote
keys: ['systemd-journal-remote', 'systemd-journal-upload', 'systemd-journal-gatewayd']
- name: kernel-install
keys: ['kernel-install']
- name: login
keys: ['systemd-logind', 'loginctl', 'pam_systemd']
- name: machine
keys: ['systemd-machined', 'machinectl']
- name: modules-load
keys: ['systemd-modules-load']
- name: network
keys: ['systemd-networkd', 'networkctl', 'systemd-networkd-wait-online', 'systemd-network-generator']
- name: nspawn
keys: ['systemd-nspawn']
- name: oomd
keys: ['systemd-oomd', 'oomctl']
- name: pid1
keys: ['systemd']
- name: portabled
keys: ['systemd-portabled', 'portablectl']
- name: pstore
keys: ['systemd-pstore']
- name: repart
keys: ['systemd-repart']
- name: resolve
keys: ['systemd-resolved', 'resolvectl', 'nss-resolve']
- name: rfkill
keys: ['systemd-rfkill']
- name: rpm
keys: ['rpm scriptlets']
- name: run
keys: ['systemd-run']
- name: sd-boot/sd-stub/bootctl
keys: ['bootctl', 'systemd-boot', 'systemd-stub']
- name: sysctl
keys: ['systemd-sysctl']
- name: sysext
keys: ['systemd-sysext']
- name: systemctl
keys: ['systemctl']
- name: sysusers
keys: ['systemd-sysusers']
- name: sysv
keys: ['systemd-sysv-generator']
- name: tests
keys: ['tests']
- name: timedate
keys: ['systemd-timedate', 'timedatectl']
- name: timesync
keys: ['systemd-timesync']
- name: tmpfiles
keys: ['systemd-tmpfiles']
- name: udev
keys: ['systemd-udevd', 'udevadm', 'udev rule files']
- name: userdb
keys: ['systemd-userdb', 'userdbctl']
- name: veritysetup
keys: ['systemd-veritysetup']
- name: vmspawn
keys: ['systemd-vmspawn']
- name: xdg-autostart
keys: ['systemd-xdg-autostart-generator']
.github/codeql-config.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
name: "CodeQL config"
disable-default-queries: false
queries:
- name: Enable possibly useful queries which are disabled by default
uses: ./.github/codeql-custom.qls
- name: systemd-specific CodeQL queries
uses: ./.github/codeql-queries/
.github/codeql-custom.qls 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et syntax=yaml:
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Note: it is not recommended to directly reference the respective queries from
# the github/codeql repository, so we have to "dance" around it using
# a custom QL suite
# See:
# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries
# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120
# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/
# Note: the codeql/<lang>-queries pack name can be found in the CodeQL repo[0]
# in <lang>/ql/src/qlpack.yml. The respective codeql-suites are then
# under <lang>/ql/src/codeql-suites/.
#
# [0] https://github.com/github/codeql
- import: codeql-suites/cpp-lgtm.qls
from: codeql/cpp-queries
- import: codeql-suites/python-lgtm.qls
from: codeql/python-queries
- include:
id:
- cpp/bad-strncpy-size
- cpp/declaration-hides-variable
- cpp/include-non-header
- cpp/inconsistent-null-check
- cpp/mistyped-function-arguments
- cpp/nested-loops-with-same-variable
- cpp/sizeof-side-effect
- cpp/suspicious-pointer-scaling
- cpp/suspicious-pointer-scaling-void
- cpp/suspicious-sizeof
- cpp/unsafe-strcat
- cpp/unsafe-strncat
- cpp/unsigned-difference-expression-compared-zero
- cpp/unused-local-variable
tags:
- "security"
- "correctness"
severity: "error"
- exclude:
id:
- cpp/fixme-comment
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql .github/codeql-queries/PotentiallyDangerousFunction.ql
View file @ 368bca83
/**
* vi: sw=2 ts=2 et syntax=ql:
*
* Borrowed from
* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*
* @name Use of potentially dangerous function
* @description Certain standard library functions are dangerous to call.
* @id cpp/potentially-dangerous-function
* @kind problem
* @problem.severity error
* @precision high
* @id cpp/potentially-dangerous-function
* @tags reliability
* security
*
* Borrowed from
* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*/
import cpp
......@@ -40,10 +42,13 @@ predicate potentiallyDangerousFunction(Function f, string message) {
message = "Call to ntohs() is confusing. Use be16toh() instead."
) or (
f.getQualifiedName() = "strerror" and
message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
message = "Call to strerror() is not thread-safe. Use printf()'s %m format string or STRERROR() instead."
) or (
f.getQualifiedName() = "accept" and
message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
) or (
f.getQualifiedName() = "dirname" and
message = "Call dirname() is icky. Use path_extract_directory() instead."
)
}
......
.github/codeql-queries/UninitializedVariableWithCleanup.ql 0 → 100644
View file @ 368bca83
/**
* vi: sw=2 ts=2 et syntax=ql:
*
* Based on cpp/uninitialized-local.
*
* @name Potentially uninitialized local variable using the cleanup attribute
* @description Running the cleanup handler on a possibly uninitialized variable
* is generally a bad idea.
* @id cpp/uninitialized-local-with-cleanup
* @kind problem
* @problem.severity error
* @precision high
* @tags security
*/
import cpp
import semmle.code.cpp.controlflow.StackVariableReachability
/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
* since they don't do anything illegal even when the variable is uninitialized
*/
predicate cleanupFunctionDenyList(string fun) {
fun = "erase_char"
}
/**
* A declaration of a local variable using __attribute__((__cleanup__(x)))
* that leaves the variable uninitialized.
*/
DeclStmt declWithNoInit(LocalVariable v) {
result.getADeclaration() = v and
not v.hasInitializer() and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
/* Check if the cleanup function is not on a deny list */
not cleanupFunctionDenyList(v.getAnAttribute().getAnArgument().getValueText())
}
class UninitialisedLocalReachability extends StackVariableReachability {
UninitialisedLocalReachability() { this = "UninitialisedLocal" }
override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
/* Note: _don't_ use the `useOfVarActual()` predicate here (and a couple of lines
* below), as it assumes that the callee always modifies the variable if
* it's passed to the function.
*
* i.e.:
* _cleanup_free char *x;
* fun(&x);
* puts(x);
*
* `useOfVarActual()` won't treat this as an uninitialized read even if the callee
* doesn't modify the argument, however, `useOfVar()` will
*/
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
/* only report the _first_ possibly uninitialized use */
useOfVar(v, node) or
(
/* If there's a return statement somewhere between the variable declaration
* and a possible definition, don't accept is as a valid initialization.
*
* E.g.:
* _cleanup_free_ char *x;
* ...
* if (...)
* return;
* ...
* x = malloc(...);
*
* is not a valid initialization, since we might return from the function
* _before_ the actual initialization (emphasis on _might_, since we
* don't know if the return statement might ever evaluate to true).
*/
definitionBarrier(v, node) and
not exists(ReturnStmt rs |
/* The attribute check is "just" a complexity optimization */
v.getFunction() = rs.getEnclosingFunction() and v.getAnAttribute().hasName("cleanup") |
rs.getLocation().isBefore(node.getLocation())
)
)
}
}
pragma[noinline]
predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
/**
* Auxiliary predicate: List common exceptions or false positives
* for this check to exclude them.
*/
VariableAccess commonException() {
/* If the uninitialized use we've found is in a macro expansion, it's
* typically something like va_start(), and we don't want to complain. */
result.getParent().isInMacroExpansion()
or
result.getParent() instanceof BuiltInOperation
or
/* Finally, exclude functions that contain assembly blocks. It's
* anyone's guess what happens in those. */
containsInlineAssembly(result.getEnclosingFunction())
}
from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
where
r.reaches(_, v, va) and
not va = commonException()
select va, "The variable $@ may not be initialized here, but has a cleanup handler.", v, v.getName()
.github/codeql-queries/qlpack.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et syntax=yaml:
# SPDX-License-Identifier: LGPL-2.1-or-later
library: false
name: systemd/cpp-queries
version: 0.0.1
dependencies:
codeql/cpp-all: "*"
codeql/suite-helpers: "*"
extractor: cpp
.github/dependabot.yml 0 → 100644
View file @ 368bca83
# SPDX-License-Identifier: LGPL-2.1-or-later
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
- package-ecosystem: "pip"
directory: "/.github/workflows"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
- package-ecosystem: "docker"
directory: "/.clusterfuzzlite"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
.github/development-freeze.yml 0 → 100644
View file @ 368bca83
# syntax - https://github.com/redhat-plumbers-in-action/devel-freezer#policy
---
policy:
# tags like v253-rc1, v253-rc2, etc.
- tags: ['^\S*-rc\d+$']
labels:
allow: ['needs-stable-backport', 'dependencies', 'l10n 🌍']
feedback:
frozen-state: |
> [!IMPORTANT]
> An -rc1 tag has been created and a release is being prepared, so please note that PRs introducing new features and APIs will be held back until the new version has been released.
unfreeze-state: |
> [!NOTE]
> We had successfully released a new major release. We are no longer in a development freeze phase.
> We will try our best to get back to your PR as soon as possible. Thank you for your patience.
.github/labeler.yml 0 → 100644
View file @ 368bca83
# SPDX-License-Identifier: LGPL-2.1-or-later
# vi: sw=2 ts=2 et:
analyze:
- changed-files:
- any-glob-to-any-file: 'src/analyze/*'
apparmor:
- changed-files:
- any-glob-to-any-file: '**/*apparmor*'
ask-password:
- changed-files:
- any-glob-to-any-file: '**/*ask-password*'
backlight:
- changed-files:
- any-glob-to-any-file: '**/*backlight*'
battery-check 🪫:
- changed-files:
- any-glob-to-any-file: '**/*battery*'
binfmt:
- changed-files:
- any-glob-to-any-file: '**/*binfmt*'
bsod:
- changed-files:
- any-glob-to-any-file: '**/*bsod*'
btrfs:
- changed-files:
- any-glob-to-any-file: '**/*btrfs*'
build-system:
- changed-files:
- any-glob-to-any-file: ['meson_options.txt', '**/meson.build']
busctl:
- changed-files:
- any-glob-to-any-file: '**/*busctl*'
catalog:
- changed-files:
- any-glob-to-any-file: 'catalog/*'
cgls:
- changed-files:
- any-glob-to-any-file: '**/*cgls*'
cgroups:
- changed-files:
- any-glob-to-any-file: ['src/basic/cgroup*', 'src/cgroups-agent/*', 'src/core/cgroup*', 'src/shared/cgroup*']
cgtop:
- changed-files:
- any-glob-to-any-file: '**/*cgtop*'
ci:
- changed-files:
- any-glob-to-any-file: '.github/*'
coccinelle:
- changed-files:
- any-glob-to-any-file: 'coccinelle/*'
coredump:
- changed-files:
- any-glob-to-any-file: '**/*coredump*'
creds:
- changed-files:
- any-glob-to-any-file: ['src/core/*cred*', 'src/creds/*', 'src/shared/*cred*', 'units/*cred*']
cryptsetup:
- changed-files:
- any-glob-to-any-file: ['src/cryptenroll/*', 'src/cryptsetup/*', 'units/*crypt*']
debug-generator:
- changed-files:
- any-glob-to-any-file: '**/*debug-generator*'
delta:
- changed-files:
- any-glob-to-any-file: '**/*delta*'
detect-virt:
- changed-files:
- any-glob-to-any-file: '**/*virt*'
dissect:
- changed-files:
- any-glob-to-any-file: '**/*dissect*'
documentation:
- changed-files:
- any-glob-to-any-file: ['NEWS', 'README*', 'docs/*', 'man/*']
env-generator:
- changed-files:
- any-glob-to-any-file: '**/*environment*generator*'
escape:
- changed-files:
- any-glob-to-any-file: 'src/escape/*'
firstboot:
- changed-files:
- any-glob-to-any-file: '**/*firstboot*'
fsck:
- changed-files:
- any-glob-to-any-file: '**/*fsck*'
fstab-generator:
- changed-files:
- any-glob-to-any-file: '**/*fstab-generator*'
gpt-auto:
- changed-files:
- any-glob-to-any-file: '**/*gpt-auto*'
growfs:
- changed-files:
- any-glob-to-any-file: '**/*growfs*'
hibernate-resume:
- changed-files:
- any-glob-to-any-file: '**/*hibernate-resume*'
homed:
- changed-files:
- any-glob-to-any-file: ['src/home*', 'units/*home*']
hostname:
- changed-files:
- any-glob-to-any-file: ['src/hostname/*', 'src/shared/*hostname*', 'units/*hostname*']
hwdb:
- changed-files:
- any-glob-to-any-file: '**/*hwdb*'
import:
- changed-files:
- any-glob-to-any-file: '**/*import*'
integritysetup:
- changed-files:
- any-glob-to-any-file: '**/*integrity*'
journal:
- changed-files:
- any-glob-to-any-file: ['src/journal/*', 'src/libsystemd/sd-journal/*', 'units/systemd-journal-catalog*', 'units/systemd-journal-flush*', 'units/systemd-journald*']
journal-remote:
- changed-files:
- any-glob-to-any-file: ['src/journal-remote/*', 'units/systemd-journal-gateway*', 'units/systemd-journal-remote*']
kernel-install:
- changed-files:
- any-glob-to-any-file: '**/*kernel-install*'
l10n 🌍:
- changed-files:
- any-glob-to-any-file: 'po/*'
locale:
- changed-files:
- any-glob-to-any-file: '**/*locale*'
login:
- changed-files:
- any-glob-to-any-file: ['src/login/*', '**/sd-login*/**']
machine:
- changed-files:
- any-glob-to-any-file: ['src/machine/*', 'units/*machine*']
meson:
- changed-files:
- any-glob-to-any-file: ['meson_options.txt', '**/meson.build']
mkosi:
- changed-files:
- any-glob-to-any-file: '**/*mkosi*'
modules-load:
- changed-files:
- any-glob-to-any-file: ['**/*modules-load*', 'modprobe.d/*']
mount:
- changed-files:
- any-glob-to-any-file: ['src/basic/*mount*', 'src/core/*mount*', 'src/mount/*', 'src/shared/*mount*']
mountfsd:
- changed-files:
- any-glob-to-any-file: '**/*mountfsd*'
network:
- changed-files:
- any-glob-to-any-file: ['src/libsystemd-network/**/*', 'src/network/**/*', 'network/*', 'test/networkd-test.py', 'test/test-network*']
notify:
- changed-files:
- any-glob-to-any-file: 'src/notify/*'
nspawn:
- changed-files:
- any-glob-to-any-file: '**/*nspawn*'
nsresource:
- changed-files:
- any-glob-to-any-file: '**/*nsresource*'
nss-myhostname:
- changed-files:
- any-glob-to-any-file: '**/*nss-myhostname*'
portable:
- changed-files:
- any-glob-to-any-file: 'src/portable/**/*'
pstore:
- changed-files:
- any-glob-to-any-file: '**/*pstore*'
random-seed:
- changed-files:
- any-glob-to-any-file: '**/*random-seed*'
rc-local-generator:
- changed-files:
- any-glob-to-any-file: 'src/rc-local-generator/*'
remount-fs:
- changed-files:
- any-glob-to-any-file: '**/*remount-fs*'
repart:
- changed-files:
- any-glob-to-any-file: '**/*repart*'
resolve:
- changed-files:
- any-glob-to-any-file: '**/*resolve*'
rfkill:
- changed-files:
- any-glob-to-any-file: '**/*rfkill*'
rpm:
- changed-files:
- any-glob-to-any-file: 'src/rpm/*'
run:
- changed-files:
- any-glob-to-any-file: ['src/run/*', 'man/systemd-run*']
sd-boot/sd-stub/bootctl:
- changed-files:
- any-glob-to-any-file: ['src/boot/**/*', 'man/bootctl*', 'man/systemd-boot.xml']
sd-bus:
- changed-files:
- any-glob-to-any-file: '**/sd-bus*/**'
sd-daemon:
- changed-files:
- any-glob-to-any-file: '**/sd-daemon*/**'
sd-device:
- changed-files:
- any-glob-to-any-file: '**/sd-device*/**'
sd-event:
- changed-files:
- any-glob-to-any-file: '**/sd-event*/**'
sd-hwdb:
- changed-files:
- any-glob-to-any-file: '**/sd-hwdb*/**'
sd-id128:
- changed-files:
- any-glob-to-any-file: '**/sd-id128*/**'
sd-netlink:
- changed-files:
- any-glob-to-any-file: '**/sd-netlink*/**'
sd-path:
- changed-files:
- any-glob-to-any-file: '**/sd-path*/**'
sd-resolve:
- changed-files:
- any-glob-to-any-file: '**/sd-resolve*/**'
selinux:
- changed-files:
- any-glob-to-any-file: '**/*selinux*'
shell-completion:
- changed-files:
- any-glob-to-any-file: 'shell-completion/*'
shutdown:
- changed-files:
- any-glob-to-any-file: ['src/shutdown/*', 'units/**/*shutdown*']
sleep:
- changed-files:
- any-glob-to-any-file: ['src/shared/*sleep*', 'src/sleep/*']
smack:
- changed-files:
- any-glob-to-any-file: '**/*smack*'
socket-proxy:
- changed-files:
- any-glob-to-any-file: '**/*socket-proxy*'
ssh-generator:
- changed-files:
- any-glob-to-any-file: '**/*ssh-generator*'
storagetm:
- changed-files:
- any-glob-to-any-file: '**/*storagetm*'
sulogin:
- changed-files:
- any-glob-to-any-file: '**/*sulogin*'
sysctl:
- changed-files:
- any-glob-to-any-file: '**/*sysctl*'
sysext:
- changed-files:
- any-glob-to-any-file: '**/*sysext*'
systemctl:
- changed-files:
- any-glob-to-any-file: '**/*systemctl*'
sysupdate:
- changed-files:
- any-glob-to-any-file: '**/*sysupdate*'
sysusers:
- changed-files:
- any-glob-to-any-file: '**/*sysusers*'
sysv-generator:
- changed-files:
- any-glob-to-any-file: '**/*sysv-generator*'
sysvcompat:
- changed-files:
- any-glob-to-any-file: '**/*sysv*'
tests:
- changed-files:
- any-glob-to-any-file: [
'src/shared/tests.*',
'src/test/**/*',
'src/fuzz/**/*',
'test/**/*',
'**/test-*',
'**/test_*',
'.github/workflows/*'
]
timedate:
- changed-files:
- any-glob-to-any-file: '**/*timedate*'
timesync:
- changed-files:
- any-glob-to-any-file: '**/*timesync*'
tmpfiles:
- changed-files:
- any-glob-to-any-file: '**/*tmpfiles*'
tpm2:
- changed-files:
- any-glob-to-any-file: ['**/*tpm2*', '**/*tpm-*']
udev:
- changed-files:
- any-glob-to-any-file: ['src/udev/**/*', 'src/libudev/*', 'man/*udev*', 'rules.d/*']
uki:
- changed-files:
- any-glob-to-any-file: '**/ukify*'
units:
- changed-files:
- any-glob-to-any-file: 'units/**/*'
user-session:
- changed-files:
- any-glob-to-any-file: '**/*user-session*'
userdb:
- changed-files:
- any-glob-to-any-file: '**/*userdb*'
util-lib:
- changed-files:
- any-glob-to-any-file: ['src/fundamental/**/*', 'src/basic/**/*', 'src/shared/**/*']
utmp/wtmp:
- changed-files:
- any-glob-to-any-file: '**/*utmp*'
varlink:
- changed-files:
- any-glob-to-any-file: ['src/varlink/*', 'src/libsystemd/sd-varlink/*', 'src/systemd/sd-varlink*']
vconsole:
- changed-files:
- any-glob-to-any-file: '**/*vconsole*'
veritysetup:
- changed-files:
- any-glob-to-any-file: '**/*veritysetup*'
vmspawn:
- changed-files:
- any-glob-to-any-file: '**/*vmspawn*'
volatile:
- changed-files:
- any-glob-to-any-file: '**/*volatile*'
xdg-autostart:
- changed-files:
- any-glob-to-any-file: '**/**xdg-autostart-generator*'
.github/workflows/build_test.sh 0 → 100755
View file @ 368bca83
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -ex
shopt -s nullglob
info() { echo -e "\033[33;1m$1\033[0m"; }
fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; }
success() { echo >&2 -e "\033[32;1m$1\033[0m"; }
ARGS=(
"--optimization=0 -Dopenssl=disabled -Dcryptolib=gcrypt -Ddns-over-tls=gnutls -Dtpm=true -Dtpm2=enabled"
"--optimization=s -Dutmp=false"
"--optimization=2 -Dc_args=-Wmaybe-uninitialized -Ddns-over-tls=openssl"
"--optimization=3 -Db_lto=true -Ddns-over-tls=false"
"--optimization=3 -Db_lto=false -Dtpm2=disabled -Dlibfido2=disabled -Dp11kit=disabled -Defi=false -Dbootloader=disabled"
"--optimization=3 -Dfexecve=true -Dstandalone-binaries=true -Dstatic-libsystemd=true -Dstatic-libudev=true"
"-Db_ndebug=true"
)
PACKAGES=(
cryptsetup-bin
expect
fdisk
gettext
iputils-ping
isc-dhcp-client
itstool
kbd
libblkid-dev
libbpf-dev
libcap-dev
libcurl4-gnutls-dev
libfdisk-dev
libfido2-dev
libgpg-error-dev
liblz4-dev
liblzma-dev
libmicrohttpd-dev
libmount-dev
libp11-kit-dev
libpwquality-dev
libqrencode-dev
libssl-dev
libtss2-dev
libxen-dev
libxkbcommon-dev
libxtables-dev
libzstd-dev
mold
mount
net-tools
python3-evdev
python3-jinja2
python3-lxml
python3-pefile
python3-pip
python3-pyelftools
python3-pyparsing
python3-setuptools
quota
strace
unifont
util-linux
zstd
)
COMPILER="${COMPILER:?}"
COMPILER_VERSION="${COMPILER_VERSION:?}"
LINKER="${LINKER:?}"
CRYPTOLIB="${CRYPTOLIB:?}"
RELEASE="$(lsb_release -cs)"
# Note: As we use postfixed clang/gcc binaries, we need to override $AR
# as well, otherwise meson falls back to ar from binutils which
# doesn't work with LTO
if [[ "$COMPILER" == clang ]]; then
CC="clang-$COMPILER_VERSION"
CXX="clang++-$COMPILER_VERSION"
AR="llvm-ar-$COMPILER_VERSION"
if systemd-analyze compare-versions "$COMPILER_VERSION" ge 17; then
CFLAGS="-fno-sanitize=function"
CXXFLAGS="-fno-sanitize=function"
else
CFLAGS=""
CXXFLAGS=""
fi
# Prefer the distro version if available
if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
# Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | \
sudo gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
echo "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" | \
sudo tee /etc/apt/sources.list.d/llvm-toolchain.list
fi
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "python3-lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
elif [[ "$COMPILER" == gcc ]]; then
CC="gcc-$COMPILER_VERSION"
CXX="g++-$COMPILER_VERSION"
AR="gcc-ar-$COMPILER_VERSION"
CFLAGS=""
CXXFLAGS=""
if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then
# Latest gcc stack deb packages provided by
# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
sudo add-apt-repository -y --no-update ppa:ubuntu-toolchain-r/test
fi
PACKAGES+=("gcc-$COMPILER_VERSION" "gcc-$COMPILER_VERSION-multilib")
else
fatal "Unknown compiler: $COMPILER"
fi
# This is added by default, and it is often broken, but we don't need anything from it
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
# add-apt-repository --enable-source does not work on deb822 style sources.
for f in /etc/apt/sources.list.d/*.sources; do
sudo sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
done
sudo apt-get -y update
sudo apt-get -y build-dep systemd
sudo apt-get -y install "${PACKAGES[@]}"
# Install more or less recent meson and ninja with pip, since the distro versions don't
# always support all the features we need (like --optimization=). Since the build-dep
# command above installs the distro versions, let's install the pip ones just
# locally and add the local bin directory to the $PATH.
pip3 install --user -r .github/workflows/requirements.txt --require-hashes --break-system-packages
export PATH="$HOME/.local/bin:$PATH"
$CC --version
meson --version
ninja --version
for args in "${ARGS[@]}"; do
SECONDS=0
if [[ "$COMPILER" == clang && "$args" =~ Wmaybe-uninitialized ]]; then
# -Wmaybe-uninitialized is not implemented in clang
continue
fi
info "Checking build with $args"
# shellcheck disable=SC2086
if ! AR="$AR" \
CC="$CC" CC_LD="$LINKER" CFLAGS="$CFLAGS" \
CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
meson setup \
-Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \
$args build; then
cat build/meson-logs/meson-log.txt
fatal "meson failed with $args"
fi
if ! meson compile -C build -v; then
fatal "'meson compile' failed with '$args'"
fi
for loader in build/src/boot/efi/*{.efi,.efi.stub}; do
if [[ "$(sbverify --list "$loader" 2>&1)" != "No signature table present" ]]; then
fatal "$loader: Gaps found in section table"
fi
done
git clean -dxf
success "Build with '$args' passed in $SECONDS seconds"
done
.github/workflows/build_test.yml
View file @ 368bca83
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
#
name: Build test
on:
......@@ -11,19 +12,27 @@ on:
- 'src/**'
- 'test/fuzz/**'
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-20.04
runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
env:
- { COMPILER: "gcc", COMPILER_VERSION: "10" }
- { COMPILER: "clang", COMPILER_VERSION: "10" }
- { COMPILER: "clang", COMPILER_VERSION: "11" }
- { COMPILER: "gcc", COMPILER_VERSION: "11", LINKER: "bfd", CRYPTOLIB: "gcrypt" }
- { COMPILER: "gcc", COMPILER_VERSION: "13", LINKER: "mold", CRYPTOLIB: "openssl" }
- { COMPILER: "clang", COMPILER_VERSION: "14", LINKER: "mold", CRYPTOLIB: "gcrypt" }
- { COMPILER: "clang", COMPILER_VERSION: "16", LINKER: "bfd", CRYPTOLIB: "openssl" }
- { COMPILER: "clang", COMPILER_VERSION: "18", LINKER: "lld", CRYPTOLIB: "auto" }
env: ${{ matrix.env }}
steps:
- name: Repository checkout
uses: actions/checkout@v1
- name: Build check (${{ env.COMPILER }}-${{ env.COMPILER_VERSION }})
run: sudo -E .github/workflows/ubuntu-build-check.sh
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Build check
run: .github/workflows/build_test.sh
Apertis Website Terms of Use Privacy Policy