-
-
Notifications
You must be signed in to change notification settings - Fork 14.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #226192 from flokli/systemd-reintroduce-config-met…
…hod-disable systemd: reintroduce "hostnamed, localed, timedated: disable methods that change system settings" patch
- Loading branch information
Showing
18 changed files
with
295 additions
and
71 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 0 additions & 33 deletions
33
pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch
This file was deleted.
Oops, something went wrong.
152 changes: 152 additions & 0 deletions
152
pkgs/os-specific/linux/systemd/0004-fsck-look-for-fsck-binary-not-just-in-sbin.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,152 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: Florian Klink <flokli@flokli.de> | ||
| Date: Thu, 13 Apr 2023 22:54:54 +0200 | ||
| Subject: [PATCH] fsck: look for fsck binary not just in /sbin | ||
|
|
||
| This removes remaining hardcoded occurences of `/sbin/fsck`, and instead | ||
| uses `find_executable` to find `fsck`. | ||
|
|
||
| We also use `fsck_exists_for_fstype` to check for the `fsck.*` | ||
| executable, which also checks in `$PATH`, so it's fair to assume fsck | ||
| itself is also available. | ||
| --- | ||
| man/systemd-fsck@.service.xml | 8 ++++---- | ||
| src/fsck/fsck.c | 9 ++++++++- | ||
| src/home/homework-luks.c | 11 ++++++++++- | ||
| src/shared/dissect-image.c | 13 +++++++++++-- | ||
| 4 files changed, 33 insertions(+), 8 deletions(-) | ||
|
|
||
| diff --git a/man/systemd-fsck@.service.xml b/man/systemd-fsck@.service.xml | ||
| index e928aebdb3..403286829e 100644 | ||
| --- a/man/systemd-fsck@.service.xml | ||
| +++ b/man/systemd-fsck@.service.xml | ||
| @@ -51,17 +51,17 @@ | ||
| <para><filename>systemd-fsck</filename> does not know any details | ||
| about specific filesystems, and simply executes file system | ||
| checkers specific to each filesystem type | ||
| - (<filename>/sbin/fsck.<replaceable>type</replaceable></filename>). These checkers will decide if | ||
| + (<filename>fsck.<replaceable>type</replaceable></filename>). These checkers will decide if | ||
| the filesystem should actually be checked based on the time since | ||
| last check, number of mounts, unclean unmount, etc.</para> | ||
|
|
||
| <para><filename>systemd-fsck-root.service</filename> and <filename>systemd-fsck-usr.service</filename> | ||
| - will activate <filename>reboot.target</filename> if <filename>/sbin/fsck</filename> returns the "System | ||
| - should reboot" condition, or <filename>emergency.target</filename> if <filename>/sbin/fsck</filename> | ||
| + will activate <filename>reboot.target</filename> if <filename>fsck</filename> returns the "System | ||
| + should reboot" condition, or <filename>emergency.target</filename> if <filename>fsck</filename> | ||
| returns the "Filesystem errors left uncorrected" condition.</para> | ||
|
|
||
| <para><filename>systemd-fsck@.service</filename> will fail if | ||
| - <filename>/sbin/fsck</filename> returns with either "System should reboot" | ||
| + <filename>fsck</filename> returns with either "System should reboot" | ||
| or "Filesystem errors left uncorrected" conditions. For filesystems | ||
| listed in <filename>/etc/fstab</filename> without <literal>nofail</literal> | ||
| or <literal>noauto</literal> options, <literal>local-fs.target</literal> | ||
| diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c | ||
| index e25c5d5efa..0e0e73c9ac 100644 | ||
| --- a/src/fsck/fsck.c | ||
| +++ b/src/fsck/fsck.c | ||
| @@ -351,6 +351,7 @@ static int run(int argc, char *argv[]) { | ||
| if (r == 0) { | ||
| char dash_c[STRLEN("-C") + DECIMAL_STR_MAX(int) + 1]; | ||
| int progress_socket = -1; | ||
| + _cleanup_free_ char *fsck_path = NULL; | ||
| const char *cmdline[9]; | ||
| int i = 0; | ||
|
|
||
| @@ -371,7 +372,13 @@ static int run(int argc, char *argv[]) { | ||
| } else | ||
| dash_c[0] = 0; | ||
|
|
||
| - cmdline[i++] = "/sbin/fsck"; | ||
| + r = find_executable("fsck", &fsck_path); | ||
| + if (r < 0) { | ||
| + log_error_errno(r, "Cannot find fsck binary: %m"); | ||
| + _exit(FSCK_OPERATIONAL_ERROR); | ||
| + } | ||
| + | ||
| + cmdline[i++] = fsck_path; | ||
| cmdline[i++] = arg_repair; | ||
| cmdline[i++] = "-T"; | ||
|
|
||
| diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c | ||
| index 2ea9887853..e267457b8e 100644 | ||
| --- a/src/home/homework-luks.c | ||
| +++ b/src/home/homework-luks.c | ||
| @@ -215,6 +215,7 @@ static int block_get_size_by_path(const char *path, uint64_t *ret) { | ||
| static int run_fsck(const char *node, const char *fstype) { | ||
| int r, exit_status; | ||
| pid_t fsck_pid; | ||
| + _cleanup_free_ char *fsck_path = NULL; | ||
|
|
||
| assert(node); | ||
| assert(fstype); | ||
| @@ -227,6 +228,14 @@ static int run_fsck(const char *node, const char *fstype) { | ||
| return 0; | ||
| } | ||
|
|
||
| + r = find_executable("fsck", &fsck_path); | ||
| + /* We proceed anyway if we can't determine whether the fsck | ||
| + * binary for some specific fstype exists, | ||
| + * but the lack of the main fsck binary should be considered | ||
| + * an error. */ | ||
| + if (r < 0) | ||
| + return log_error_errno(r, "Cannot find fsck binary: %m"); | ||
| + | ||
| r = safe_fork("(fsck)", | ||
| FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, | ||
| &fsck_pid); | ||
| @@ -234,7 +243,7 @@ static int run_fsck(const char *node, const char *fstype) { | ||
| return r; | ||
| if (r == 0) { | ||
| /* Child */ | ||
| - execl("/sbin/fsck", "/sbin/fsck", "-aTl", node, NULL); | ||
| + execl(fsck_path, fsck_path, "-aTl", node, NULL); | ||
| log_open(); | ||
| log_error_errno(errno, "Failed to execute fsck: %m"); | ||
| _exit(FSCK_OPERATIONAL_ERROR); | ||
| diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c | ||
| index 4749bdd230..2b6e1418dd 100644 | ||
| --- a/src/shared/dissect-image.c | ||
| +++ b/src/shared/dissect-image.c | ||
| @@ -1423,6 +1423,7 @@ static int is_loop_device(const char *path) { | ||
| static int run_fsck(int node_fd, const char *fstype) { | ||
| int r, exit_status; | ||
| pid_t pid; | ||
| + _cleanup_free_ char *fsck_path = NULL; | ||
|
|
||
| assert(node_fd >= 0); | ||
| assert(fstype); | ||
| @@ -1437,6 +1438,14 @@ static int run_fsck(int node_fd, const char *fstype) { | ||
| return 0; | ||
| } | ||
|
|
||
| + r = find_executable("fsck", &fsck_path); | ||
| + /* We proceed anyway if we can't determine whether the fsck | ||
| + * binary for some specific fstype exists, | ||
| + * but the lack of the main fsck binary should be considered | ||
| + * an error. */ | ||
| + if (r < 0) | ||
| + return log_error_errno(r, "Cannot find fsck binary: %m"); | ||
| + | ||
| r = safe_fork_full( | ||
| "(fsck)", | ||
| &node_fd, 1, /* Leave the node fd open */ | ||
| @@ -1446,7 +1455,7 @@ static int run_fsck(int node_fd, const char *fstype) { | ||
| return log_debug_errno(r, "Failed to fork off fsck: %m"); | ||
| if (r == 0) { | ||
| /* Child */ | ||
| - execl("/sbin/fsck", "/sbin/fsck", "-aT", FORMAT_PROC_FD_PATH(node_fd), NULL); | ||
| + execl(fsck_path, fsck_path, "-aT", FORMAT_PROC_FD_PATH(node_fd), NULL); | ||
| log_open(); | ||
| log_debug_errno(errno, "Failed to execl() fsck: %m"); | ||
| _exit(FSCK_OPERATIONAL_ERROR); | ||
| @@ -1454,7 +1463,7 @@ static int run_fsck(int node_fd, const char *fstype) { | ||
|
|
||
| exit_status = wait_for_terminate_and_check("fsck", pid, 0); | ||
| if (exit_status < 0) | ||
| - return log_debug_errno(exit_status, "Failed to fork off /sbin/fsck: %m"); | ||
| + return log_debug_errno(exit_status, "Failed to fork off %s: %m", fsck_path); | ||
|
|
||
| if ((exit_status & ~FSCK_ERROR_CORRECTED) != FSCK_SUCCESS) { | ||
| log_debug("fsck failed with exit status %i.", exit_status); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
105 changes: 105 additions & 0 deletions
105
...os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | ||
| From: Gabriel Ebner <gebner@gebner.org> | ||
| Date: Sun, 6 Dec 2015 14:26:36 +0100 | ||
| Subject: [PATCH] hostnamed, localed, timedated: disable methods that change | ||
| system settings. | ||
|
|
||
| --- | ||
| src/hostname/hostnamed.c | 6 ++++++ | ||
| src/locale/localed.c | 9 +++++++++ | ||
| src/timedate/timedated.c | 10 ++++++++++ | ||
| 3 files changed, 25 insertions(+) | ||
|
|
||
| diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c | ||
| index 36ab0148b9..7d458d196d 100644 | ||
| --- a/src/hostname/hostnamed.c | ||
| +++ b/src/hostname/hostnamed.c | ||
| @@ -1028,6 +1028,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_ | ||
| if (r < 0) | ||
| return r; | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| name = empty_to_null(name); | ||
|
|
||
| context_read_etc_hostname(c); | ||
| @@ -1091,6 +1094,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess | ||
| if (r < 0) | ||
| return r; | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| name = empty_to_null(name); | ||
|
|
||
| context_read_machine_info(c); | ||
| diff --git a/src/locale/localed.c b/src/locale/localed.c | ||
| index 841e5e3e91..a21e34430b 100644 | ||
| --- a/src/locale/localed.c | ||
| +++ b/src/locale/localed.c | ||
| @@ -264,6 +264,9 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er | ||
|
|
||
| use_localegen = locale_gen_check_available(); | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| /* If single locale without variable name is provided, then we assume it is LANG=. */ | ||
| if (strv_length(l) == 1 && !strchr(l[0], '=')) { | ||
| if (!locale_is_valid(l[0])) | ||
| @@ -382,6 +385,9 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro | ||
| if (r < 0) | ||
| return bus_log_parse_error(r); | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| vc_context_empty_to_null(&in); | ||
|
|
||
| FOREACH_STRING(name, in.keymap ?: in.toggle, in.keymap ? in.toggle : NULL) { | ||
| @@ -607,6 +613,9 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err | ||
| if (r < 0) | ||
| return bus_log_parse_error(r); | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| x11_context_empty_to_null(&in); | ||
|
|
||
| if (!x11_context_is_safe(&in)) | ||
| diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c | ||
| index ad483301ef..31ed86955b 100644 | ||
| --- a/src/timedate/timedated.c | ||
| +++ b/src/timedate/timedated.c | ||
| @@ -665,6 +665,10 @@ static int method_set_timezone(sd_bus_message *m, void *userdata, sd_bus_error * | ||
| if (r < 0) | ||
| return r; | ||
|
|
||
| + if (getenv("NIXOS_STATIC_TIMEZONE")) | ||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing timezone via systemd is not supported when it is set in NixOS configuration."); | ||
| + | ||
| if (!timezone_is_valid(z, LOG_DEBUG)) | ||
| return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid or not installed time zone '%s'", z); | ||
|
|
||
| @@ -743,6 +747,9 @@ static int method_set_local_rtc(sd_bus_message *m, void *userdata, sd_bus_error | ||
| if (r < 0) | ||
| return r; | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| if (lrtc == c->local_rtc && !fix_system) | ||
| return sd_bus_reply_method_return(m, NULL); | ||
|
|
||
| @@ -923,6 +930,9 @@ static int method_set_ntp(sd_bus_message *m, void *userdata, sd_bus_error *error | ||
| if (r < 0) | ||
| return r; | ||
|
|
||
| + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, | ||
| + "Changing system settings via systemd is not supported on NixOS."); | ||
| + | ||
| r = context_update_ntp_status(c, bus, m); | ||
| if (r < 0) | ||
| return r; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.