Enabling libcrypsetup in libmount had several unintended side
effects.
First of all, it increases the Debian minimal image size by
~2.5% (5.6MB worth of new libraries).
Then, due to libcryptsetup linkage to OpenSSL and libjson-c,
it causes incompatibilities with external programs linking
against both libmount and a private, static, old version of
OpenSSL, or external programs linking against libjansson or
json-glib, which have one symbol in common with libjson-c.
If ./configure is ran with --with-crypsetup=dlopen,
instead of linking to libcrypsetup, use dlopen to resolve
the symbols at runtime only when the verity feature is
used, thus avoiding clashes and keeping images size down.
Fixes#1081
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
- use --with-vendordir= (rather than --enable) to be compatible with
another package stuuf
- add USE_VENDORDIR automake condition
- add vendordir to global AM_CPPFLAGS to avoid binary specific cflags
modifications
Signed-off-by: Karel Zak <kzak@redhat.com>
As the old commend said: 'This code would best be shared with the file(1)
program or, perhaps, more should not try to be so smart'. Now at configure
time one can choose whether more(1) is sharing code with file(1), or not.
Addresses: http://bugs.debian.org/139205
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
From man siglongjmp(3) 'longjmp() and siglongjmp() make programs hard to
understand and maintain. If possible, an alternative should be used.' That
manual page remark summarizes quite well why more(1) needs to move away from
jumping around.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The event loop takes care of the standard screen updates, signals, and user
inputs. Two nice things using even loop like this are; 1) no need for any
global variables and 2) effect of user commands is immediate.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The currently used date/time parser (for hwclock --set --date <date>)
is gnulib based code with GPLv3.
This patch allows to avoid this code and replace it with minimalistic
date/time parser.
Addresses: https://github.com/karelzak/util-linux/issues/891
Reported-by: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
A new API was added to libcryptsetup to make use of the kernel's new
CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG feature, which allows to sign
root hashes. Add a verity.roothashsig option to use it.
Device reuse will be allowed only if signatures are used by all, or
by none.
* 'kill-pidfd' of https://github.com/kerolasa/util-linux:
kill: use pidfd system calls to implement --timeout option
build-sys: add missing NR underscore to UL_CHECK_SYSCALL()
The following new options are added:
verity.hashdevice
verity.roothash
verity.hashoffset
The source path will be used as a dm-verity object, and will be
opened using libcryptsetup APIs.
A new --with-cryptsetup build-time option is added, which adds a
dependency on libcryptsetup. To ease bootstrapping, given libcryptsetup
build-depends on util-linux for libuuid, if --with-cryptsetup=yes but
libcryptsetup is not installed only a warning will be printed at
configure time rather than an error. This way stage0/first stage/ring0
builds can use the same configure options but avoid installing
cryptsetup to get a working base set, and then rebuild util-linux in
the next step of the boostrapping process.
If verity options are selected but cannot be fullfilled due to lack of
dependencies, mounting a volume will fail even if using a loop device
would work as a fallback, to avoid silently skipping integrity checks.
At times there is need in scripts to send multiple signals to a process.
Often these cases require some amount of waiting before follow-up signal
should be sent.
One common case is process termination, where first script tries to kill
process gracefully but if that does not work SIGKILL is sent. Functionality
like that is commonly done by periodically checking if signalled pid exist
or not, and if it does another signal is sent possibly to an unrelated
process that reused pid number. That means polling a pid is prone to a data
race. Also if the first signal immediately kills the process one polling
interval is lost in sleep.
Another example when multiple signal need to be sent is various daemon
process control situations, such as Upgrading Executable on the Fly (see
reference). This happens to be the case that inspired change author to make
sequential signaling a little bit easier.
Reference: http://nginx.org/en/docs/control.html#upgrade
Pull-request: https://github.com/karelzak/util-linux/pull/902
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The current situation is that distros differentiate between:
* host specific configuration -- usually /etc, maintained by admin
* distribution specific (static) configuration -- usually /usr/lib,
maintained by ditro packages
Unfortunately autotools have clue about $sysconfdir (/etc) only. This
patch introduces $sysconfstaticdir (default $prefix/lib).
Signed-off-by: Karel Zak <kzak@redhat.com>
Currently if `--disable-all-packages` is set, there is no configure
option for re-enabling `wipefs`.
As the current default for `wipefs` is "enabled", add `--disable-` flag
to maintain backward compatibility.
Signed-off-by: Sam Voss <sam.voss@gmail.com>
This patch consolidate pseudo-terminal stuff in util-linux. From now
there is only one implementation used in su(1) --pty, scriptlive(1)
and script(1).
The new stuff is based on the original script(1) -- it means poll()
and signalfd() based.
Note that script(1) code does not provide fallback for systems/libc
where is no openpty().
Signed-off-by: Karel Zak <kzak@redhat.com>
After this change shell executed by scriptlive(1) is going to behave
like shell in script(1). It means that the shell stdin is a
pseudo-terminal rather than pipe. This allows live replay of
interactive applications, ssh sessions, etc.
Signed-off-by: Karel Zak <kzak@redhat.com>
The idea is to consolidate script(1), scriptlive(1) and su(1) --pty
and use the same code everywhere.
TODO: add callbacks for stdin/out logging (necessary for script(1)).
Signed-off-by: Karel Zak <kzak@redhat.com>
The old good scriptreplay(1) just display your recorded session, the
scriptlive(1) uses stdin typescript (from new script(1)) to execute
your commands again.
Signed-off-by: Karel Zak <kzak@redhat.com>
The standard way how we read mount table is not reliable because
during the read() syscalls the table may be modified by some another
process. The changes in the table is possible to detect by poll()
event, and in this case it seems better to lseek to the begin of the file
and read it again. It's expensive, but better than races...
This patch does not modify mountinfo parser, but it reads all file to
memory (by read()+poll()) and than it creates memory stream
from the buffer and use it rather than a regular file stream.
It means the parser is still possible to use for normal files
(e.g. fstab) as well as for mountinfo and it's also portable to
systems where for some reason is no fmemopen().
Note that re-read after poll() event is limited to 5 attempts (but
successful read() without event zeroize the counter). It's because we
do not want to wait for consistent mountinfo for ever. It seems better
to use old (less reliable) way than hang up in read()+poll()
loop.
Addresses: https://github.com/systemd/systemd/issues/10872
Reported-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Karel Zak <kzak@redhat.com>
- Add --disable-hwclock-cmos configuration argument
- Add USE_HWCLOCK_CMOS (enabled by default for i386/x86_64)
- Add define(USE_HWCLOCK_CMOS)
- Compile hwclock-cmos.c only if USE_HWCLOCK_CMOS is true
- Remove all unnecessary #ifdefs from hwclock-cmos.c
- Add #ifdef USE_HWCLOCK_CMOS around the determine_clock_access_method()
call in hwclock.c
Signed-off-by: Carlos Santos <unixmania@gmail.com>
Without #include <stdlib.h>, this configure check fails for strict
C99/C11 compilers which do not support implicit function declarations
(which are a C90 feature removed from C99).
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems we need a way how to override the default pkg-config install directory.
default:
$ ./configure
$ grep 'pkgconfigdir =' Makefile
pkgconfigdir = ${usrlib_execdir}/pkgconfig
user-defined:
$ ./configure --with-pkgconfigdir=/usr/share/pkgconfig
$ grep 'pkgconfigdir =' Makefile
$ pkgconfigdir = /usr/share/pkgconfig
Addresses: https://github.com/karelzak/util-linux/issues/793
Signed-off-by: Karel Zak <kzak@redhat.com>
It seems better to have a way to control when atexit(close_stdout()) is
used, because close stdout means that for example ASAN (or another
into binary integrated tool) is not able to print the final summary.
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'hardlink' of https://github.com/rudimeier/util-linux: (25 commits)
hardlink: add first simple tests
hardlink: util-linux usage
hardlink: fix compiler warnings
hardlink: style indentations and license header
hardlink: enable build with and without pcre2
fixes for the fixes
temporal fix before re-patch (updates from Fedora repo)
Update hardlink.1
Fixed version number, added changelog about Todd Lewis' patch
exclude files via pcre
Fixed 32 bit build with gcc7 (RH Bugzilla ID 1422989)
spec file reflects the atomic hardlinking patch; removed cleaning buildroot (redundant); update FSF address at .c source file
Revert "spec file reflects the atomic hardlinking patch; removed cleaning buildroot (redundant); current FSF address at .c source file"
spec file reflects the atomic hardlinking patch; removed cleaning buildroot (redundant); current FSF address at .c source file
Mention -f option in the man page
do not allow to hardlink files across filesystems by default (#786719) (use -f option to override)
fix possible buffer overflows, integer overflows, update man page
fix URL and remove mmap() (#676962, #672917)
- update docs to describe highest verbosity -vv option (#210816) - use dist Resolves: 210816
mostly spec cleanup
...