From 2d7302fd0bf91344e8fdd6c3fb66e265099843ba Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Mon, 6 Feb 2023 12:28:47 +0100 Subject: [PATCH] systemd-252-4 Resolves: #2138081,#2159448 --- ...rtfn_info-provide-physical-PCI-devic.patch | 29 ++ ...per_check_device_units-log-unit-name.patch | 40 ++ 0182-test-add-a-testcase-for-lvextend.patch | 45 ++ ...segv-triggered-by-status-query-26279.patch | 36 ++ 0184-test-create-config-under-run.patch | 31 ++ ...dd-tests-for-mDNS-and-LLMNR-settings.patch | 96 ++++ ...ce-the-_localdnsstub-and-_localdnspr.patch | 278 +++++++++++ ...e-monitoring-service-to-become-activ.patch | 65 +++ ...st-suppress-echo-in-monitor_check_rr.patch | 38 ++ ...-for-the-monitoring-service-to-becom.patch | 34 ++ ...eck-almost-all-journal-entries-since.patch | 113 +++++ ...over-IPv6-in-the-resolved-test-suite.patch | 449 ++++++++++++++++++ ...e-of-SRV-records-to-check-service-re.patch | 77 +++ ...est-add-a-test-for-the-OPENPGPKEY-RR.patch | 52 ++ ...-don-t-hang-indefinitely-on-no-match.patch | 25 + 0195-test-ndisc-fix-memleak-and-fd-leak.patch | 139 ++++++ 0196-test-unit-name-fix-fd-leak.patch | 33 ++ ...service-start-timeout-if-we-run-with.patch | 57 +++ ...lient-side-timeout-in-sd-bus-as-well.patch | 49 ++ ...p-the-container-spawn-timeout-to-60s.patch | 28 ++ 0200-network-fix-memleak.patch | 55 +++ ...tl-fix-introspecting-DBus-properties.patch | 64 +++ 0202-busctl-simplify-peeking-the-type.patch | 82 ++++ ...undant-call-of-socket_ipv6_is_suppor.patch | 29 ++ ...e-link_get_llmnr_support-and-link_ge.patch | 181 +++++++ ...effective-supporting-levels-of-mDNS-.patch | 42 ++ ...if-the-global-mDNS-or-LLMNR-support-.patch | 89 ++++ ...ble-per-link-mDNS-setting-by-default.patch | 71 +++ systemd.spec | 60 ++- 29 files changed, 2386 insertions(+), 1 deletion(-) create mode 100644 0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch create mode 100644 0181-test-make-helper_check_device_units-log-unit-name.patch create mode 100644 0182-test-add-a-testcase-for-lvextend.patch create mode 100644 0183-pid1-fix-segv-triggered-by-status-query-26279.patch create mode 100644 0184-test-create-config-under-run.patch create mode 100644 0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch create mode 100644 0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch create mode 100644 0187-test-wait-for-the-monitoring-service-to-become-activ.patch create mode 100644 0188-test-suppress-echo-in-monitor_check_rr.patch create mode 100644 0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch create mode 100644 0190-test-show-and-check-almost-all-journal-entries-since.patch create mode 100644 0191-test-cover-IPv6-in-the-resolved-test-suite.patch create mode 100644 0192-test-add-a-couple-of-SRV-records-to-check-service-re.patch create mode 100644 0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch create mode 100644 0194-test-don-t-hang-indefinitely-on-no-match.patch create mode 100644 0195-test-ndisc-fix-memleak-and-fd-leak.patch create mode 100644 0196-test-unit-name-fix-fd-leak.patch create mode 100644 0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch create mode 100644 0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch create mode 100644 0199-test-bump-the-container-spawn-timeout-to-60s.patch create mode 100644 0200-network-fix-memleak.patch create mode 100644 0201-busctl-fix-introspecting-DBus-properties.patch create mode 100644 0202-busctl-simplify-peeking-the-type.patch create mode 100644 0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch create mode 100644 0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch create mode 100644 0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch create mode 100644 0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch create mode 100644 0207-resolve-enable-per-link-mDNS-setting-by-default.patch diff --git a/0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch b/0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch new file mode 100644 index 0000000..d1cbe0c --- /dev/null +++ b/0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch @@ -0,0 +1,29 @@ +From fe2d716926d6b800be8775251826453b9a2808da Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 1 Feb 2023 23:39:43 +0900 +Subject: [PATCH] udev: make get_virtfn_info() provide physical PCI device + +Fixes a bug introduced by 78463c6c4fdcb703bc0dc694c3ea77df3c5624e0. + +Fixes #25545. + +(cherry picked from commit cf74e2e16fb06b7de9e3875c6462290998fb06bd) + +Resolves: #2159448 +--- + src/udev/udev-builtin-net_id.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 7504123700..d4e9dcb60d 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -144,7 +144,7 @@ static int get_virtfn_info(sd_device *pcidev, sd_device **ret_physfn_pcidev, cha + if (!suffix) + return -ENOMEM; + +- *ret_physfn_pcidev = sd_device_ref(child); ++ *ret_physfn_pcidev = sd_device_ref(physfn_pcidev); + *ret_suffix = suffix; + return 0; + } diff --git a/0181-test-make-helper_check_device_units-log-unit-name.patch b/0181-test-make-helper_check_device_units-log-unit-name.patch new file mode 100644 index 0000000..d91a1dc --- /dev/null +++ b/0181-test-make-helper_check_device_units-log-unit-name.patch @@ -0,0 +1,40 @@ +From 54c173eb34da7c94953ed3556b448da13a4dc5fa Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 1 Feb 2023 23:03:54 +0900 +Subject: [PATCH] test: make helper_check_device_units() log unit name + +(cherry picked from commit 5479d0f83a80810c475b14fbaf61872f4df6b20e) + +Related: #2138081 +--- + test/units/testsuite-64.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh +index fd1ad7c041..c572671c20 100755 +--- a/test/units/testsuite-64.sh ++++ b/test/units/testsuite-64.sh +@@ -89,6 +89,8 @@ check_device_unit() {( + path="${2?}" + unit=$(systemd-escape --path --suffix=device "$path") + ++ [[ "$log_level" == 1 ]] && echo "INFO: check_device_unit($unit)" ++ + syspath=$(systemctl show --value --property SysFSPath "$unit" 2>/dev/null) + if [[ -z "$syspath" ]]; then + [[ "$log_level" == 1 ]] && echo >&2 "ERROR: $unit not found." +@@ -156,12 +158,11 @@ helper_check_device_units() {( + + local i + +- for ((i = 0; i < 20; i++)); do +- (( i == 0 )) || sleep .5 +- ++ for (( i = 0; i < 20; i++ )); do + if check_device_units 0 "$@"; then + return 0 + fi ++ sleep .5 + done + + check_device_units 1 "$@" diff --git a/0182-test-add-a-testcase-for-lvextend.patch b/0182-test-add-a-testcase-for-lvextend.patch new file mode 100644 index 0000000..a92d0e9 --- /dev/null +++ b/0182-test-add-a-testcase-for-lvextend.patch @@ -0,0 +1,45 @@ +From 0894f502ad5a89a98a0a88ee739c0c5f516338c2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 1 Feb 2023 21:25:40 +0900 +Subject: [PATCH] test: add a testcase for lvextend + +For RHBZ#2158628 (https://bugzilla.redhat.com/show_bug.cgi?id=2158628) + +(cherry picked from commit d60e3482613d26e559fc4dc5a56b8edaa765a318) + +Related: #2138081 +--- + test/units/testsuite-64.sh | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh +index c572671c20..4017f61f59 100755 +--- a/test/units/testsuite-64.sh ++++ b/test/units/testsuite-64.sh +@@ -425,6 +425,26 @@ testcase_lvm_basic() { + helper_check_device_symlinks "/dev/disk" "/dev/$vgroup" + helper_check_device_units + ++ # Mount mypart1 through by-label devlink ++ mkdir -p /tmp/mypart1-mount-point ++ mount /dev/disk/by-label/mylvpart1 /tmp/mypart1-mount-point ++ timeout 30 bash -c "while ! systemctl -q is-active /tmp/mypart1-mount-point; do sleep .2; done" ++ # Extend the partition and check if the device and mount units are still active. ++ # See https://bugzilla.redhat.com/show_bug.cgi?id=2158628 ++ # Note, the test below may be unstable with LVM2 without the following patch: ++ # https://github.com/lvmteam/lvm2/pull/105 ++ # But, to reproduce the issue, udevd must start to process the first 'change' uevent ++ # earlier than extending the volume has been finished, and in most case, the extension ++ # is hopefully fast. ++ lvm lvextend -y --size 8M "/dev/$vgroup/mypart1" ++ udevadm wait --settle --timeout="$timeout" "/dev/disk/by-label/mylvpart1" ++ timeout 30 bash -c "while ! systemctl -q is-active '/dev/$vgroup/mypart1'; do sleep .2; done" ++ timeout 30 bash -c "while ! systemctl -q is-active /tmp/mypart1-mount-point; do sleep .2; done" ++ # Umount the partition, otherwise the underlying device unit will stay in ++ # the inactive state and not be collected, and helper_check_device_units() will fail. ++ systemctl show /tmp/mypart1-mount-point ++ umount /tmp/mypart1-mount-point ++ + # Rename partitions (see issue #24518) + lvm lvrename "/dev/$vgroup/mypart1" renamed1 + lvm lvrename "/dev/$vgroup/mypart2" renamed2 diff --git a/0183-pid1-fix-segv-triggered-by-status-query-26279.patch b/0183-pid1-fix-segv-triggered-by-status-query-26279.patch new file mode 100644 index 0000000..3396665 --- /dev/null +++ b/0183-pid1-fix-segv-triggered-by-status-query-26279.patch @@ -0,0 +1,36 @@ +From ba575dced76ed7420c8eaa77942e31b134927524 Mon Sep 17 00:00:00 2001 +From: Robin Humble +Date: Wed, 1 Feb 2023 23:36:48 +1100 +Subject: [PATCH] pid1: fix segv triggered by status query (#26279) + +If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL. +If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL) +which segfaults pid 1. + +This is triggered by eg. "systemctl status crond" in RHEL9 if + +/etc/systemd/system/crond.service + -> /ram/etc/systemd/system/crond.service + -> /usr/lib/systemd/system/.crond.service.blah.blah + -> /usr/lib/systemd/system/crond.service + +(cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85) + +Related: #2138081 +--- + src/shared/install.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 4b610b20a5..a760726628 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1653,7 +1653,7 @@ static int install_info_traverse( + r = install_info_follow(ctx, i, lp, flags, + /* If linked, don't look at the target name */ + /* ignore_different_name= */ i->install_mode == INSTALL_MODE_LINKED); +- if (r == -EXDEV) { ++ if (r == -EXDEV && i->symlink_target) { + _cleanup_free_ char *buffer = NULL; + const char *bn; + diff --git a/0184-test-create-config-under-run.patch b/0184-test-create-config-under-run.patch new file mode 100644 index 0000000..863068f --- /dev/null +++ b/0184-test-create-config-under-run.patch @@ -0,0 +1,31 @@ +From e99dcd2e9e9547d84c0bfc1dc4c68f1fe2f56f62 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 10 Nov 2022 15:51:30 +0900 +Subject: [PATCH] test: create config under /run + +(cherry picked from commit e4b3f0dfe91ae0b95f30594c7671be39c0a599b1) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 04a8b6e9cc..53ceced641 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -79,11 +79,13 @@ DNSSEC=allow-downgrade + DNS=10.0.0.1 + EOF + ++mkdir -p /run/systemd/resolved.conf.d + { ++ echo "[Resolve]" + echo "FallbackDNS=" + echo "DNSSEC=allow-downgrade" + echo "DNSOverTLS=opportunistic" +-} >>/etc/systemd/resolved.conf ++} >/run/systemd/resolved.conf.d/test.conf + ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + # Override the default NTA list, which turns off DNSSEC validation for (among + # others) the test. domain diff --git a/0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch b/0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch new file mode 100644 index 0000000..7540f88 --- /dev/null +++ b/0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch @@ -0,0 +1,96 @@ +From 0845d4d0f5a37493d3da68624aba1a576382e961 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 10 Nov 2022 15:52:57 +0900 +Subject: [PATCH] test: add tests for mDNS and LLMNR settings + +(cherry picked from commit b77899af0d75ea59c35ba454d869fa759fe7b3a1) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 73 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 53ceced641..1a656fcdc1 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -55,6 +55,79 @@ echo nameserver 10.0.3.1 10.0.3.2 | "$RESOLVCONF" -a hoge.inet.ipsec.192.168.35 + echo nameserver 10.0.3.3 10.0.3.4 | "$RESOLVCONF" -a hoge.foo.dhcp + assert_in '10.0.3.1 10.0.3.2' "$(resolvectl dns hoge)" + assert_in '10.0.3.3 10.0.3.4' "$(resolvectl dns hoge.foo)" ++ ++# Tests for mDNS and LLMNR settings ++mkdir -p /run/systemd/resolved.conf.d ++{ ++ echo "[Resolve]" ++ echo "MulticastDNS=yes" ++ echo "LLMNR=yes" ++} >/run/systemd/resolved.conf.d/mdns-llmnr.conf ++systemctl restart systemd-resolved.service ++systemctl service-log-level systemd-resolved.service debug ++# make sure networkd is not running. ++systemctl stop systemd-networkd.service ++# defaults to yes (both the global and per-link settings are yes) ++assert_in 'yes' "$(resolvectl mdns hoge)" ++assert_in 'yes' "$(resolvectl llmnr hoge)" ++# set per-link setting ++resolvectl mdns hoge yes ++resolvectl llmnr hoge yes ++assert_in 'yes' "$(resolvectl mdns hoge)" ++assert_in 'yes' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge resolve ++resolvectl llmnr hoge resolve ++assert_in 'resolve' "$(resolvectl mdns hoge)" ++assert_in 'resolve' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge no ++resolvectl llmnr hoge no ++assert_in 'no' "$(resolvectl mdns hoge)" ++assert_in 'no' "$(resolvectl llmnr hoge)" ++# downgrade global setting to resolve ++{ ++ echo "[Resolve]" ++ echo "MulticastDNS=resolve" ++ echo "LLMNR=resolve" ++} >/run/systemd/resolved.conf.d/mdns-llmnr.conf ++systemctl restart systemd-resolved.service ++systemctl service-log-level systemd-resolved.service debug ++# set per-link setting ++resolvectl mdns hoge yes ++resolvectl llmnr hoge yes ++assert_in 'resolve' "$(resolvectl mdns hoge)" ++assert_in 'resolve' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge resolve ++resolvectl llmnr hoge resolve ++assert_in 'resolve' "$(resolvectl mdns hoge)" ++assert_in 'resolve' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge no ++resolvectl llmnr hoge no ++assert_in 'no' "$(resolvectl mdns hoge)" ++assert_in 'no' "$(resolvectl llmnr hoge)" ++# downgrade global setting to no ++{ ++ echo "[Resolve]" ++ echo "MulticastDNS=no" ++ echo "LLMNR=no" ++} >/run/systemd/resolved.conf.d/mdns-llmnr.conf ++systemctl restart systemd-resolved.service ++systemctl service-log-level systemd-resolved.service debug ++# set per-link setting ++resolvectl mdns hoge yes ++resolvectl llmnr hoge yes ++assert_in 'no' "$(resolvectl mdns hoge)" ++assert_in 'no' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge resolve ++resolvectl llmnr hoge resolve ++assert_in 'no' "$(resolvectl mdns hoge)" ++assert_in 'no' "$(resolvectl llmnr hoge)" ++resolvectl mdns hoge no ++resolvectl llmnr hoge no ++assert_in 'no' "$(resolvectl mdns hoge)" ++assert_in 'no' "$(resolvectl llmnr hoge)" ++ ++# Cleanup ++rm -f /run/systemd/resolved.conf.d/mdns-llmnr.conf + ip link del hoge + ip link del hoge.foo + diff --git a/0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch b/0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch new file mode 100644 index 0000000..a1b2d5e --- /dev/null +++ b/0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch @@ -0,0 +1,278 @@ +From 677b20b6738ee287d1b882815b3bcca67754e003 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 25 Nov 2022 12:15:56 +0100 +Subject: [PATCH] resolved: introduce the _localdnsstub and _localdnsproxy + special hostnames for 127.0.0.54 + 127.0.0.53 + +Let's give these special IP addresses names. After all name resolution +is our job here. + +Fixes: #23623 +(cherry picked from commit 17f244e8f9de008ea1c6e0880bdc924b95a66e2b) + +Related: #2138081 +--- + man/resolvectl.xml | 11 +-- + man/systemd-resolved.service.xml | 6 ++ + src/basic/hostname-util.h | 8 ++ + src/resolve/resolvectl.c | 6 +- + src/resolve/resolved-dns-scope.c | 7 +- + src/resolve/resolved-dns-synthesize.c | 110 +++++++++++++++++++++++++- + test/units/testsuite-75.sh | 11 +++ + 7 files changed, 147 insertions(+), 12 deletions(-) + +diff --git a/man/resolvectl.xml b/man/resolvectl.xml +index 2cb855c360..c966ca67bd 100644 +--- a/man/resolvectl.xml ++++ b/man/resolvectl.xml +@@ -323,11 +323,12 @@ + + Takes a boolean parameter; used in conjunction with query. If true + (the default), select domains are resolved on the local system, among them +- localhost, _gateway and _outbound, or +- entries from /etc/hosts. If false these domains are not resolved locally, and +- either fail (in case of localhost, _gateway or +- _outbound and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups +- (in case of /etc/hosts entries). ++ localhost, _gateway, _outbound, ++ _localdnsstub and _localdnsproxy or entries from ++ /etc/hosts. If false these domains are not resolved locally, and either fail (in ++ case of localhost, _gateway or _outbound and ++ suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups (in case of ++ /etc/hosts entries). + + + +diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml +index 7f30fa6536..c006c03b53 100644 +--- a/man/systemd-resolved.service.xml ++++ b/man/systemd-resolved.service.xml +@@ -118,6 +118,12 @@ + local default gateway configured. This assigns a stable hostname to the local outbound IP addresses, + useful for referencing them independently of the current network configuration state. + ++ The hostname _localdnsstub is resolved to the IP address 127.0.0.53, ++ i.e. the address the local DNS stub (see above) is listening on. ++ ++ The hostname _localdnsproxy is resolved to the IP address 127.0.0.54, ++ i.e. the address the local DNS proxy (see above) is listening on. ++ + The mappings defined in /etc/hosts are resolved to their + configured addresses and back, but they will not affect lookups for non-address types (like MX). + Support for /etc/hosts may be disabled with ReadEtcHosts=no, +diff --git a/src/basic/hostname-util.h b/src/basic/hostname-util.h +index a00b852395..bcac3d9fb0 100644 +--- a/src/basic/hostname-util.h ++++ b/src/basic/hostname-util.h +@@ -60,4 +60,12 @@ static inline bool is_outbound_hostname(const char *hostname) { + return STRCASE_IN_SET(hostname, "_outbound", "_outbound."); + } + ++static inline bool is_dns_stub_hostname(const char *hostname) { ++ return STRCASE_IN_SET(hostname, "_localdnsstub", "_localdnsstub."); ++} ++ ++static inline bool is_dns_proxy_stub_hostname(const char *hostname) { ++ return STRCASE_IN_SET(hostname, "_localdnsproxy", "_localdnsproxy."); ++} ++ + int get_pretty_hostname(char **ret); +diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c +index b07761a495..2a7347ca27 100644 +--- a/src/resolve/resolvectl.c ++++ b/src/resolve/resolvectl.c +@@ -478,7 +478,11 @@ static bool single_label_nonsynthetic(const char *name) { + if (!dns_name_is_single_label(name)) + return false; + +- if (is_localhost(name) || is_gateway_hostname(name)) ++ if (is_localhost(name) || ++ is_gateway_hostname(name) || ++ is_outbound_hostname(name) || ++ is_dns_stub_hostname(name) || ++ is_dns_proxy_stub_hostname(name)) + return false; + + r = resolve_system_hostname(NULL, &first_label); +diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c +index 4f744499aa..607109ee0f 100644 +--- a/src/resolve/resolved-dns-scope.c ++++ b/src/resolve/resolved-dns-scope.c +@@ -635,8 +635,11 @@ DnsScopeMatch dns_scope_good_domain( + if (dns_name_dont_resolve(domain)) + return DNS_SCOPE_NO; + +- /* Never go to network for the _gateway or _outbound domain — they're something special, synthesized locally. */ +- if (is_gateway_hostname(domain) || is_outbound_hostname(domain)) ++ /* Never go to network for the _gateway, _outbound, _localdnsstub, _localdnsproxy domain — they're something special, synthesized locally. */ ++ if (is_gateway_hostname(domain) || ++ is_outbound_hostname(domain) || ++ is_dns_stub_hostname(domain) || ++ is_dns_proxy_stub_hostname(domain)) + return DNS_SCOPE_NO; + + switch (s->protocol) { +diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c +index b3442ad906..fa8b4a5760 100644 +--- a/src/resolve/resolved-dns-synthesize.c ++++ b/src/resolve/resolved-dns-synthesize.c +@@ -356,7 +356,90 @@ static int synthesize_gateway_rr( + return 1; /* > 0 means: we have some gateway */ + } + +-static int synthesize_gateway_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) { ++static int synthesize_dns_stub_rr( ++ Manager *m, ++ const DnsResourceKey *key, ++ in_addr_t addr, ++ DnsAnswer **answer) { ++ ++ _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; ++ int r; ++ ++ assert(m); ++ assert(key); ++ assert(answer); ++ ++ if (!IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_ANY)) ++ return 1; /* we still consider ourselves the owner of this name */ ++ ++ r = dns_answer_reserve(answer, 1); ++ if (r < 0) ++ return r; ++ ++ rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, dns_resource_key_name(key)); ++ if (!rr) ++ return -ENOMEM; ++ ++ rr->a.in_addr.s_addr = htobe32(addr); ++ ++ r = dns_answer_add(*answer, rr, LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED, NULL); ++ if (r < 0) ++ return r; ++ ++ return 1; ++} ++ ++static int synthesize_dns_stub_ptr( ++ Manager *m, ++ int af, ++ const union in_addr_union *address, ++ DnsAnswer **answer) { ++ ++ int r; ++ ++ assert(m); ++ assert(address); ++ assert(answer); ++ ++ if (af != AF_INET) ++ return 0; ++ ++ if (address->in.s_addr == htobe32(INADDR_DNS_STUB)) { ++ ++ r = dns_answer_reserve(answer, 1); ++ if (r < 0) ++ return r; ++ ++ r = answer_add_ptr(answer, "53.0.0.127.in-addr.arpa", "_localdnsstub", LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED); ++ if (r < 0) ++ return r; ++ ++ return 1; ++ } ++ ++ if (address->in.s_addr == htobe32(INADDR_DNS_PROXY_STUB)) { ++ ++ r = dns_answer_reserve(answer, 1); ++ if (r < 0) ++ return r; ++ ++ r = answer_add_ptr(answer, "54.0.0.127.in-addr.arpa", "_localdnsproxy", LOOPBACK_IFINDEX, DNS_ANSWER_AUTHENTICATED); ++ if (r < 0) ++ return r; ++ ++ return 1; ++ } ++ ++ return 0; ++} ++ ++static int synthesize_gateway_ptr( ++ Manager *m, ++ int af, ++ const union in_addr_union *address, ++ int ifindex, ++ DnsAnswer **answer) { ++ + _cleanup_free_ struct local_address *addresses = NULL; + int n; + +@@ -437,7 +520,22 @@ int dns_synthesize_answer( + continue; + } + +- } else if ((dns_name_endswith(name, "127.in-addr.arpa") > 0 && dns_name_equal(name, "2.0.0.127.in-addr.arpa") == 0) || ++ } else if (is_dns_stub_hostname(name)) { ++ ++ r = synthesize_dns_stub_rr(m, key, INADDR_DNS_STUB, &answer); ++ if (r < 0) ++ return log_error_errno(r, "Failed to synthesize local DNS stub RRs: %m"); ++ ++ } else if (is_dns_proxy_stub_hostname(name)) { ++ ++ r = synthesize_dns_stub_rr(m, key, INADDR_DNS_PROXY_STUB, &answer); ++ if (r < 0) ++ return log_error_errno(r, "Failed to synthesize local DNS stub RRs: %m"); ++ ++ } else if ((dns_name_endswith(name, "127.in-addr.arpa") > 0 && ++ dns_name_equal(name, "2.0.0.127.in-addr.arpa") == 0 && ++ dns_name_equal(name, "53.0.0.127.in-addr.arpa") == 0 && ++ dns_name_equal(name, "54.0.0.127.in-addr.arpa") == 0) || + dns_name_equal(name, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) { + + r = synthesize_localhost_ptr(m, key, ifindex, &answer); +@@ -445,7 +543,7 @@ int dns_synthesize_answer( + return log_error_errno(r, "Failed to synthesize localhost PTR RRs: %m"); + + } else if (dns_name_address(name, &af, &address) > 0) { +- int v, w; ++ int v, w, u; + + if (getenv_bool("SYSTEMD_RESOLVED_SYNTHESIZE_HOSTNAME") == 0) + continue; +@@ -458,7 +556,11 @@ int dns_synthesize_answer( + if (w < 0) + return log_error_errno(w, "Failed to synthesize gateway hostname PTR RR: %m"); + +- if (v == 0 && w == 0) /* This IP address is neither a local one nor a gateway */ ++ u = synthesize_dns_stub_ptr(m, af, &address, &answer); ++ if (u < 0) ++ return log_error_errno(u, "Failed to synthesize local stub hostname PTR PR: %m"); ++ ++ if (v == 0 && w == 0 && u == 0) /* This IP address is neither a local one, nor a gateway, nor a stub address */ + continue; + + /* Note that we never synthesize reverse PTR for _outbound, since those are local +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 1a656fcdc1..0c68e0636f 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -56,6 +56,17 @@ echo nameserver 10.0.3.3 10.0.3.4 | "$RESOLVCONF" -a hoge.foo.dhcp + assert_in '10.0.3.1 10.0.3.2' "$(resolvectl dns hoge)" + assert_in '10.0.3.3 10.0.3.4' "$(resolvectl dns hoge.foo)" + ++# Tests for _localdnsstub and _localdnsproxy ++assert_in '127.0.0.53' "$(resolvectl query _localdnsstub)" ++assert_in '_localdnsstub' "$(resolvectl query 127.0.0.53)" ++assert_in '127.0.0.54' "$(resolvectl query _localdnsproxy)" ++assert_in '_localdnsproxy' "$(resolvectl query 127.0.0.54)" ++ ++assert_in '127.0.0.53' "$(dig @127.0.0.53 _localdnsstub)" ++assert_in '_localdnsstub' "$(dig @127.0.0.53 -x 127.0.0.53)" ++assert_in '127.0.0.54' "$(dig @127.0.0.53 _localdnsproxy)" ++assert_in '_localdnsproxy' "$(dig @127.0.0.53 -x 127.0.0.54)" ++ + # Tests for mDNS and LLMNR settings + mkdir -p /run/systemd/resolved.conf.d + { diff --git a/0187-test-wait-for-the-monitoring-service-to-become-activ.patch b/0187-test-wait-for-the-monitoring-service-to-become-activ.patch new file mode 100644 index 0000000..b0dec38 --- /dev/null +++ b/0187-test-wait-for-the-monitoring-service-to-become-activ.patch @@ -0,0 +1,65 @@ +From 874959f2d9dfadd027f3d7e399ef8a32a408e1c8 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 7 Dec 2022 20:44:07 +0100 +Subject: [PATCH] test: wait for the monitoring service to become active +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise we might start querying resolved too early, causing the +monitoring service to miss stuff: + +``` +[ 1103.149474] testsuite-75.sh[35]: + systemd-run -u resmontest.service -p Type=notify resolvectl monitor +[ 1103.353803] testsuite-75.sh[423]: Running as unit: resmontest.service +[ 1103.353989] testsuite-75.sh[35]: + knotc zone-begin test. +[ 1103.354160] testsuite-75.sh[425]: OK +... +[ 1103.355298] testsuite-75.sh[35]: + knotc reload +[ 1103.355363] testsuite-75.sh[438]: Reloaded +[ 1103.355536] testsuite-75.sh[35]: + : '--- nss-resolve/nss-myhostname tests' +[ 1103.355536] testsuite-75.sh[35]: + run getent -s resolve hosts ns1.unsigned.test +[ 1103.356127] testsuite-75.sh[443]: + getent -s resolve hosts ns1.unsigned.test +[ 1103.356505] testsuite-75.sh[444]: + tee /tmp/tmp.bXg5Uj5Jkk +[ 1103.359591] resolvectl[424]: → Q: ns1.unsigned.test IN AAAA +[ 1103.359591] resolvectl[424]: ← S: success +[ 1103.359850] testsuite-75.sh[444]: 10.0.0.1 ns1.unsigned.test +[ 1103.359939] resolvectl[424]: → Q: ns1.unsigned.test IN A +[ 1103.359939] resolvectl[424]: ← S: success +[ 1103.359939] resolvectl[424]: ← A: ns1.unsigned.test IN A 10.0.0.1 +[ 1103.360149] testsuite-75.sh[35]: + grep -qE '^10\.0\.0\.1\s+ns1\.unsigned\.test' /tmp/tmp.bXg5Uj5Jkk +[ 1103.362119] systemd[1]: Starting resmontest.service... +[ 1103.362633] systemd[1]: Started resmontest.service. +[ 1103.363263] testsuite-75.sh[35]: + monitor_check_rr 'ns1.unsigned.test IN A 10.0.0.1' +[ 1103.363263] testsuite-75.sh[35]: + local 'match=ns1.unsigned.test IN A 10.0.0.1' +[ 1103.363377] testsuite-75.sh[35]: + set +o pipefail +[ 1103.363836] testsuite-75.sh[458]: + journalctl -u resmontest.service -f --full +[ 1103.364042] testsuite-75.sh[459]: + grep -m1 'ns1.unsigned.test IN A 10.0.0.1' +... +Trying to halt container. Send SIGTERM again to trigger immediate termination. +Container TEST-75 terminated by signal KILL. +``` + +(cherry picked from commit 5dd34c2604567320707625bc009cf01c3769605f) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 0c68e0636f..d2062c7b05 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -212,6 +212,11 @@ resolvectl log-level debug + + # Start monitoring queries + systemd-run -u resmontest.service -p Type=notify resolvectl monitor ++# Wait for the monitoring service to become active ++for _ in {0..9}; do ++ [[ "$(systemctl show -P ActiveState resmontest.service)" == "active" ]] && break ++ sleep .5 ++done + + # We need to manually propagate the DS records of onlinesign.test. to the parent + # zone, since they're generated online diff --git a/0188-test-suppress-echo-in-monitor_check_rr.patch b/0188-test-suppress-echo-in-monitor_check_rr.patch new file mode 100644 index 0000000..15ec829 --- /dev/null +++ b/0188-test-suppress-echo-in-monitor_check_rr.patch @@ -0,0 +1,38 @@ +From b6f459c221004de9753569e2ec5ee5f887fc8b51 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 15 Dec 2022 15:28:56 +0900 +Subject: [PATCH] test: suppress echo in monitor_check_rr() + +(cherry picked from commit ef09861a0b0aa7c6a948f4e008e2fea312bc68d6) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index d2062c7b05..d0c7133412 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -16,17 +16,17 @@ run() { + "$@" |& tee "$RUN_OUT" + } + +-monitor_check_rr() { ++monitor_check_rr() ( ++ set +x ++ set +o pipefail + local match="${1:?}" + + # Wait until the first mention of the specified log message is + # displayed. We turn off pipefail for this, since we don't care about the + # lhs of this pipe expression, we only care about the rhs' result to be + # clean +- set +o pipefail + journalctl -u resmontest.service -f --full | grep -m1 "$match" +- set -o pipefail +-} ++) + + # Test for resolvectl, resolvconf + systemctl unmask systemd-resolved.service diff --git a/0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch b/0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch new file mode 100644 index 0000000..d0c9303 --- /dev/null +++ b/0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch @@ -0,0 +1,34 @@ +From 058fab8aaad9fc6ececc647e369bf447a8327a4a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 15 Dec 2022 16:28:52 +0900 +Subject: [PATCH] Revert "test: wait for the monitoring service to become + active" + +This reverts commit 5dd34c2604567320707625bc009cf01c3769605f. + +`resolvectl monitor` sends notify event, and systemd-run wait for the +service being in active state. Hence, the loop is not necessary. + +(cherry picked from commit 133708b8790ab79e35ade63506c16e4d1e79a025) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index d0c7133412..844dbaebcc 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -212,11 +212,6 @@ resolvectl log-level debug + + # Start monitoring queries + systemd-run -u resmontest.service -p Type=notify resolvectl monitor +-# Wait for the monitoring service to become active +-for _ in {0..9}; do +- [[ "$(systemctl show -P ActiveState resmontest.service)" == "active" ]] && break +- sleep .5 +-done + + # We need to manually propagate the DS records of onlinesign.test. to the parent + # zone, since they're generated online diff --git a/0190-test-show-and-check-almost-all-journal-entries-since.patch b/0190-test-show-and-check-almost-all-journal-entries-since.patch new file mode 100644 index 0000000..48e73b9 --- /dev/null +++ b/0190-test-show-and-check-almost-all-journal-entries-since.patch @@ -0,0 +1,113 @@ +From 3e7bcbb274618a0d3cea9027db4e6abb1207f27d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 16 Dec 2022 01:11:39 +0900 +Subject: [PATCH] test: show and check almost all journal entries since the + relevant command being invoked +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For some reasons, journal timestamps from other sources sometimes +inconsistent. For example, +``` +$ journalctl --file system.journal -o short-monotonic -u resmontest.service +[ 1112.168109] ns1.unsigned.test resolvectl[419]: → Q: ns1.unsigned.test IN AAAA +[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← S: success +[ 1112.168109] ns1.unsigned.test resolvectl[419]: → Q: ns1.unsigned.test IN A +[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← S: success +[ 1112.168109] ns1.unsigned.test resolvectl[419]: ← A: ns1.unsigned.test IN A 10.0.0.1 +[ 1112.171961] ns1.unsigned.test systemd[1]: resmontest.service: Failed to load configuration: No such file or directory +[ 1112.172223] ns1.unsigned.test systemd[1]: resmontest.service: Trying to enqueue job resmontest.service/start/fail +[ 1112.179866] ns1.unsigned.test systemd[1]: resmontest.service: Installed new job resmontest.service/start as 312 +[ 1112.179894] ns1.unsigned.test systemd[1]: resmontest.service: Enqueued job resmontest.service/start as 312 +[ 1112.180389] ns1.unsigned.test systemd[1]: resmontest.service: Will spawn child (service_enter_start): /usr/bin/resolvectl +[ 1112.180418] ns1.unsigned.test systemd[1]: resmontest.service: Passing 0 fds to service +[ 1112.180447] ns1.unsigned.test systemd[1]: resmontest.service: About to execute /usr/bin/resolvectl monitor +[ 1112.180477] ns1.unsigned.test systemd[1]: resmontest.service: Forked /usr/bin/resolvectl as 419 +[ 1112.180619] ns1.unsigned.test systemd[1]: resmontest.service: Changed dead -> start +[ 1112.180651] ns1.unsigned.test systemd[1]: Starting resmontest.service... +[ 1112.180799] ns1.unsigned.test systemd[419]: resmontest.service: Kernel keyring access prohibited, ignoring. +[ 1112.180895] ns1.unsigned.test systemd[419]: resmontest.service: Executing: /usr/bin/resolvectl monitor +[ 1112.181383] ns1.unsigned.test systemd[1]: resmontest.service: Got notification message from PID 419 (READY=1) +[ 1112.181413] ns1.unsigned.test systemd[1]: resmontest.service: Changed start -> running +[ 1112.181441] ns1.unsigned.test systemd[1]: resmontest.service: Job 312 resmontest.service/start finished, result=done +[ 1112.181469] ns1.unsigned.test systemd[1]: Started resmontest.service. +``` +In such case, `journalctl -f` may not show the entries what we are interested in. + +Fixes #25749. (At least, workarond for the issue.) + +(cherry picked from commit ad48ff12bd0f7b19dc6bfa33c96221fd9c22e89c) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 844dbaebcc..852caac605 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -19,13 +19,14 @@ run() { + monitor_check_rr() ( + set +x + set +o pipefail +- local match="${1:?}" ++ local since="${1:?}" ++ local match="${2:?}" + + # Wait until the first mention of the specified log message is + # displayed. We turn off pipefail for this, since we don't care about the + # lhs of this pipe expression, we only care about the rhs' result to be + # clean +- journalctl -u resmontest.service -f --full | grep -m1 "$match" ++ journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match" + ) + + # Test for resolvectl, resolvconf +@@ -232,9 +233,10 @@ knotc reload + + : "--- nss-resolve/nss-myhostname tests" + # Sanity check ++TIMESTAMP=$(date '+%F %T') + run getent -s resolve hosts ns1.unsigned.test + grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT" +-monitor_check_rr "ns1.unsigned.test IN A 10.0.0.1" ++monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1" + + # Issue: https://github.com/systemd/systemd/issues/18812 + # PR: https://github.com/systemd/systemd/pull/18896 +@@ -324,15 +326,16 @@ run delv dupe.signed.test + grep -qF "; fully validated" "$RUN_OUT" + + # Test resolution of CNAME chains ++TIMESTAMP=$(date '+%F %T') + run resolvectl query -t A cname-chain.signed.test + grep -qF "follow14.final.signed.test IN A 10.0.0.14" "$RUN_OUT" + grep -qF "authenticated: yes" "$RUN_OUT" + +-monitor_check_rr "follow10.so.close.signed.test IN CNAME follow11.yet.so.far.signed.test" +-monitor_check_rr "follow11.yet.so.far.signed.test IN CNAME follow12.getting.hot.signed.test" +-monitor_check_rr "follow12.getting.hot.signed.test IN CNAME follow13.almost.final.signed.test" +-monitor_check_rr "follow13.almost.final.signed.test IN CNAME follow14.final.signed.test" +-monitor_check_rr "follow14.final.signed.test IN A 10.0.0.14" ++monitor_check_rr "$TIMESTAMP" "follow10.so.close.signed.test IN CNAME follow11.yet.so.far.signed.test" ++monitor_check_rr "$TIMESTAMP" "follow11.yet.so.far.signed.test IN CNAME follow12.getting.hot.signed.test" ++monitor_check_rr "$TIMESTAMP" "follow12.getting.hot.signed.test IN CNAME follow13.almost.final.signed.test" ++monitor_check_rr "$TIMESTAMP" "follow13.almost.final.signed.test IN CNAME follow14.final.signed.test" ++monitor_check_rr "$TIMESTAMP" "follow14.final.signed.test IN A 10.0.0.14" + + # Non-existing RR + CNAME chain + run dig +dnssec AAAA cname-chain.signed.test +@@ -370,9 +373,10 @@ grep -qF 'this.should.be.authenticated.wild.onlinesign.test IN TXT "this is an o + grep -qF "authenticated: yes" "$RUN_OUT" + + # Resolve via dbus method ++TIMESTAMP=$(date '+%F %T') + run busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedesktop.resolve1.Manager ResolveHostname 'isit' 0 secondsub.onlinesign.test 0 0 + grep -qF '10 0 0 134 "secondsub.onlinesign.test"' "$RUN_OUT" +-monitor_check_rr "secondsub.onlinesign.test IN A 10.0.0.134" ++monitor_check_rr "$TIMESTAMP" "secondsub.onlinesign.test IN A 10.0.0.134" + + : "--- ZONE: untrusted.test (DNSSEC without propagated DS records) ---" + run dig +short untrusted.test diff --git a/0191-test-cover-IPv6-in-the-resolved-test-suite.patch b/0191-test-cover-IPv6-in-the-resolved-test-suite.patch new file mode 100644 index 0000000..c14e688 --- /dev/null +++ b/0191-test-cover-IPv6-in-the-resolved-test-suite.patch @@ -0,0 +1,449 @@ +From 6aa57233e5981473efb4fdc4351d8f407b0b5384 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 8 Jul 2022 13:36:03 +0200 +Subject: [PATCH] test: cover IPv6 in the resolved test suite + +(cherry picked from commit 5c9111fe779b44745256279052786e9cc499e57a) + +Related: #2138081 +--- + test/knot-data/knot.conf | 3 + + test/knot-data/zones/onlinesign.test.zone | 15 ++- + test/knot-data/zones/root.zone | 8 +- + test/knot-data/zones/signed.test.zone | 23 ++-- + test/knot-data/zones/test.zone | 12 +- + test/knot-data/zones/unsigned.test.zone | 12 +- + test/knot-data/zones/untrusted.test.zone | 11 +- + test/units/testsuite-75.sh | 135 ++++++++++++++++++---- + 8 files changed, 169 insertions(+), 50 deletions(-) + +diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf +index e3de69d0f4..6ea0cca3db 100644 +--- a/test/knot-data/knot.conf ++++ b/test/knot-data/knot.conf +@@ -4,6 +4,7 @@ server: + rundir: "/run/knot" + user: knot:knot + listen: 10.0.0.1@53 ++ listen: fd00:dead:beef:cafe::1@53 + + log: + - target: syslog +@@ -15,11 +16,13 @@ database: + acl: + - id: update_acl + address: 10.0.0.0/24 ++ address: fd00:dead:beef:cafe::/64 + action: update + + remote: + - id: parent_zone_server + address: 10.0.0.1@53 ++ address: fd00:dead:beef:cafe::1@53 + + submission: + - id: parent_zone_sbm +diff --git a/test/knot-data/zones/onlinesign.test.zone b/test/knot-data/zones/onlinesign.test.zone +index c12c6b3396..c8662fa3ed 100644 +--- a/test/knot-data/zones/onlinesign.test.zone ++++ b/test/knot-data/zones/onlinesign.test.zone +@@ -11,12 +11,17 @@ $ORIGIN onlinesign.test. + ) + + ; NS info +- NS ns1.unsigned.test. ++ NS ns1.unsigned.test. + +- TXT "hello from onlinesign" ++ TXT "hello from onlinesign" + +-*.wild TXT "this is an onlinesign wildcard" ++*.wild TXT "this is an onlinesign wildcard" + + ; No A/AAAA record for the $ORIGIN +-sub A 10.0.0.133 +-secondsub A 10.0.0.134 ++sub A 10.0.0.133 ++secondsub A 10.0.0.134 ++ ++dual A 10.0.0.135 ++dual AAAA fd00:dead:beef:cafe::135 ++ ++ipv6 AAAA fd00:dead:beef:cafe::136 +diff --git a/test/knot-data/zones/root.zone b/test/knot-data/zones/root.zone +index 72439fdc55..f601e8676d 100644 +--- a/test/knot-data/zones/root.zone ++++ b/test/knot-data/zones/root.zone +@@ -8,7 +8,9 @@ $TTL 300 + 1D ; minimum TTL + ) + +-. NS ns1.unsigned.test +-ns1.unsigned.test A 10.0.0.1 ++. NS ns1.unsigned.test ++; NS glue records ++ns1.unsigned.test A 10.0.0.1 ++ns1.unsigned.test AAAA fd00:dead:beef:cafe::1 + +-test NS ns1.unsigned.test ++test NS ns1.unsigned.test +diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone +index 38d8e2aa13..fa6706205a 100644 +--- a/test/knot-data/zones/signed.test.zone ++++ b/test/knot-data/zones/signed.test.zone +@@ -11,18 +11,27 @@ $ORIGIN signed.test. + ) + + ; NS info +- NS ns1.unsigned.test. ++ NS ns1.unsigned.test. + +-*.wild TXT "this is a wildcard" ++*.wild TXT "this is a wildcard" + +-@ MX 10 mail.signed.test. ++@ MX 10 mail.signed.test. + +- A 10.0.0.10 +-mail A 10.0.0.11 ++ A 10.0.0.10 ++mail A 10.0.0.11 ++mail AAAA fd00:dead:beef:cafe::11 + + ; https://github.com/systemd/systemd/issues/22002 +-dupe A 10.0.0.12 +-dupe A 10.0.0.13 ++dupe A 10.0.0.12 ++dupe A 10.0.0.13 ++dupe-ipv6 AAAA fd00:dead:beef:cafe::12 ++dupe-ipv6 AAAA fd00:dead:beef:cafe::13 ++dupe-mixed A 10.0.0.15 ++dupe-mixed A 10.0.0.16 ++dupe-mixed A 10.0.0.17 ++dupe-mixed AAAA fd00:dead:beef:cafe::15 ++dupe-mixed AAAA fd00:dead:beef:cafe::16 ++dupe-mixed AAAA fd00:dead:beef:cafe::17 + + ; CNAME_REDIRECTS_MAX is 16, so let's test something close to that + cname-chain CNAME follow1.signed.test. +diff --git a/test/knot-data/zones/test.zone b/test/knot-data/zones/test.zone +index 6cc2633082..ba5fcebc2d 100644 +--- a/test/knot-data/zones/test.zone ++++ b/test/knot-data/zones/test.zone +@@ -11,9 +11,11 @@ $ORIGIN test. + ) + + ; NS info +-@ NS ns1.unsigned +-ns1.signed A 10.0.0.1 ++@ NS ns1.unsigned ++; NS glue records ++ns1.unsigned A 10.0.0.1 ++ns1.unsigned AAAA fd00:dead:beef:cafe::1 + +-onlinesign NS ns1.unsigned +-signed NS ns1.unsigned +-unsigned NS ns1.unsigned ++onlinesign NS ns1.unsigned ++signed NS ns1.unsigned ++unsigned NS ns1.unsigned +diff --git a/test/knot-data/zones/unsigned.test.zone b/test/knot-data/zones/unsigned.test.zone +index 87d9437e2c..c5445d7672 100644 +--- a/test/knot-data/zones/unsigned.test.zone ++++ b/test/knot-data/zones/unsigned.test.zone +@@ -11,10 +11,12 @@ $ORIGIN unsigned.test. + ) + + ; NS info +-@ NS ns1.unsigned.test. +-ns1 A 10.0.0.1 ++@ NS ns1 ++ns1 A 10.0.0.1 ++ns1 AAAA fd00:dead:beef:cafe::1 + +-@ MX 15 mail.unsigned.test. ++@ MX 15 mail.unsigned.test. + +- A 10.0.0.101 +-mail A 10.0.0.111 ++ A 10.0.0.101 ++ AAAA fd00:dead:beef:cafe::101 ++mail A 10.0.0.111 +diff --git a/test/knot-data/zones/untrusted.test.zone b/test/knot-data/zones/untrusted.test.zone +index 6d29bd77fe..cf0dec5296 100644 +--- a/test/knot-data/zones/untrusted.test.zone ++++ b/test/knot-data/zones/untrusted.test.zone +@@ -11,11 +11,12 @@ $ORIGIN untrusted.test. + ) + + ; NS info +-@ NS ns1.unsigned.test. ++@ NS ns1.unsigned.test. + +-*.wild TXT "this is an untrusted wildcard" ++*.wild TXT "this is an untrusted wildcard" + +-@ MX 10 mail.untrusted.test. ++@ MX 10 mail.untrusted.test. + +- A 10.0.0.121 +-mail A 10.0.0.121 ++ A 10.0.0.121 ++ AAAA fd00:dead:beef:cafe::121 ++mail A 10.0.0.122 +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 852caac605..76b8f5b3c7 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -2,6 +2,12 @@ + # SPDX-License-Identifier: LGPL-2.1-or-later + # vi: ts=4 sw=4 tw=0 et: + ++# TODO: ++# - IPv6-only stack ++# - mDNS ++# - LLMNR ++# - DoT/DoH ++ + set -eux + set -o pipefail + +@@ -16,6 +22,15 @@ run() { + "$@" |& tee "$RUN_OUT" + } + ++disable_ipv6() { ++ sysctl -w net.ipv6.conf.all.disable_ipv6=1 ++} ++ ++enable_ipv6() { ++ sysctl -w net.ipv6.conf.all.disable_ipv6=0 ++ networkctl reconfigure dns0 ++} ++ + monitor_check_rr() ( + set +x + set +o pipefail +@@ -146,7 +161,10 @@ ip link del hoge.foo + ### SETUP ### + # Configure network + hostnamectl hostname ns1.unsigned.test +-echo "10.0.0.1 ns1.unsigned.test" >>/etc/hosts ++{ ++ echo "10.0.0.1 ns1.unsigned.test" ++ echo "fd00:dead:beef:cafe::1 ns1.unsigned.test" ++} >>/etc/hosts + + mkdir -p /etc/systemd/network + cat >/etc/systemd/network/dns0.netdev < +Date: Fri, 8 Jul 2022 18:12:47 +0200 +Subject: [PATCH] test: add a couple of SRV records to check service resolution + +(cherry picked from commit 3095bd2ccaf55f7c20567b990844dc2d9b451376) + +Related: #2138081 +--- + test/knot-data/zones/signed.test.zone | 8 ++++++++ + test/knot-data/zones/untrusted.test.zone | 4 ++++ + test/units/testsuite-75.sh | 17 +++++++++++++++++ + 3 files changed, 29 insertions(+) + +diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone +index fa6706205a..6ddeb0048e 100644 +--- a/test/knot-data/zones/signed.test.zone ++++ b/test/knot-data/zones/signed.test.zone +@@ -49,3 +49,11 @@ follow11.yet.so.far CNAME follow12.getting.hot.signed.test. + follow12.getting.hot CNAME follow13.almost.final.signed.test. + follow13.almost.final CNAME follow14.final.signed.test. + follow14.final A 10.0.0.14 ++ ++myservice A 10.0.0.20 ++myservice AAAA fd00:dead:beef:cafe::17 ++_mysvc._tcp SRV 10 5 1234 myservice ++ ++_invalidsvc._udp SRV 5 5 1111 invalidservice ++ ++_untrustedsvc._udp SRV 5 5 1111 myservice.untrusted.test. +diff --git a/test/knot-data/zones/untrusted.test.zone b/test/knot-data/zones/untrusted.test.zone +index cf0dec5296..a0dca62ca8 100644 +--- a/test/knot-data/zones/untrusted.test.zone ++++ b/test/knot-data/zones/untrusted.test.zone +@@ -20,3 +20,7 @@ $ORIGIN untrusted.test. + A 10.0.0.121 + AAAA fd00:dead:beef:cafe::121 + mail A 10.0.0.122 ++ ++myservice A 10.0.0.123 ++ AAAA fd00:dead:beef:cafe::123 ++_mysvc._tcp SRV 10 5 1234 myservice +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 76b8f5b3c7..66cc6c9d66 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -367,6 +367,19 @@ grep -qF "status: NXDOMAIN" "$RUN_OUT" + run resolvectl query -t TXT this.should.be.authenticated.wild.signed.test + grep -qF 'this.should.be.authenticated.wild.signed.test IN TXT "this is a wildcard"' "$RUN_OUT" + grep -qF "authenticated: yes" "$RUN_OUT" ++# Check SRV support ++run resolvectl service _mysvc._tcp signed.test ++grep -qF "myservice.signed.test:1234" "$RUN_OUT" ++grep -qF "10.0.0.20" "$RUN_OUT" ++grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT" ++grep -qF "authenticated: yes" "$RUN_OUT" ++(! run resolvectl service _invalidsvc._udp signed.test) ++grep -qE "invalidservice\.signed\.test' not found" "$RUN_OUT" ++run resolvectl service _untrustedsvc._udp signed.test ++grep -qF "myservice.untrusted.test:1111" "$RUN_OUT" ++grep -qF "10.0.0.123" "$RUN_OUT" ++grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" ++grep -qF "authenticated: yes" "$RUN_OUT" + + # DNSSEC validation with multiple records of the same type for the same name + # Issue: https://github.com/systemd/systemd/issues/22002 +@@ -479,6 +492,10 @@ grep -qF "untrusted.test:" "$RUN_OUT" + grep -qF "10.0.0.121" "$RUN_OUT" + grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT" + grep -qF "authenticated: no" "$RUN_OUT" ++run resolvectl service _mysvc._tcp untrusted.test ++grep -qF "myservice.untrusted.test:1234" "$RUN_OUT" ++grep -qF "10.0.0.123" "$RUN_OUT" ++grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" + + # Issue: https://github.com/systemd/systemd/issues/19472 + # 1) Query for a non-existing RR should return NOERROR + NSEC (?), not NXDOMAIN diff --git a/0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch b/0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch new file mode 100644 index 0000000..d01c312 --- /dev/null +++ b/0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch @@ -0,0 +1,52 @@ +From c1a79dbfdf667e965d8d390e6d395b64de1e2253 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 8 Jul 2022 20:23:13 +0200 +Subject: [PATCH] test: add a test for the OPENPGPKEY RR + +(cherry picked from commit 05bb428952d0a91c53398e8b20801af9fb7530f1) + +Related: #2138081 +--- + test/knot-data/zones/signed.test.zone | 14 ++++++++++++++ + test/units/testsuite-75.sh | 6 ++++++ + 2 files changed, 20 insertions(+) + +diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone +index 6ddeb0048e..a2baac4284 100644 +--- a/test/knot-data/zones/signed.test.zone ++++ b/test/knot-data/zones/signed.test.zone +@@ -57,3 +57,17 @@ _mysvc._tcp SRV 10 5 1234 myservice + _invalidsvc._udp SRV 5 5 1111 invalidservice + + _untrustedsvc._udp SRV 5 5 1111 myservice.untrusted.test. ++ ++; OPENPGPKEY RR for mr.smith@signed.test ++; The hash was generated using `echo -ne mr.smith | sha256sum | head -c56` ++; and exported via `gpg --export mr.smith | base64` ++5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey OPENPGPKEY ( ++ mDMEYshhzhYJKwYBBAHaRw8BAQdAuU2RxKaycSdaR5YZ/q+/yoHeil/1WNRDVbpjPSd6QBa0GW1y ++ LnNtaXRoQHNpZ25lZC50ZXN0LnpvbmWImQQTFggAQRYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJi ++ yGHOAhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEHd9yvMKUDBWo6MA/2oC ++ zdnzMlK9gM5bNCFfPyagJfFfv7fW1l7WXTve6FJtAP0faW24ahE1okjmrsTUwqZHvDThysW5zTSt ++ j49S3JQDA7g4BGLIYc4SCisGAQQBl1UBBQEBB0CuNcTAt5AUE3seFN/Gm2euC+8dgtztyzoO/78K ++ ictFLAMBCAeIeAQYFggAIBYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJiyGHOAhsMAAoJEHd9yvMK ++ UDBWtxkA/jlbUgHpSoTKFNNTeXYbTz9jnoupe9eT4O3tU55ofwO7AQCa5ntSIuzDJ1E2iy7oOLOZ ++ m2ocNqpC7SULHhSKYfUWDg== ++) +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index 66cc6c9d66..d36cab2923 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -380,6 +380,12 @@ grep -qF "myservice.untrusted.test:1111" "$RUN_OUT" + grep -qF "10.0.0.123" "$RUN_OUT" + grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" + grep -qF "authenticated: yes" "$RUN_OUT" ++# Check OPENPGPKEY support ++run delv -t OPENPGPKEY 5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test ++grep -qF "; fully validated" "$RUN_OUT" ++run resolvectl openpgp mr.smith@signed.test ++grep -qF "5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test" "$RUN_OUT" ++grep -qF "authenticated: yes" "$RUN_OUT" + + # DNSSEC validation with multiple records of the same type for the same name + # Issue: https://github.com/systemd/systemd/issues/22002 diff --git a/0194-test-don-t-hang-indefinitely-on-no-match.patch b/0194-test-don-t-hang-indefinitely-on-no-match.patch new file mode 100644 index 0000000..3d67f31 --- /dev/null +++ b/0194-test-don-t-hang-indefinitely-on-no-match.patch @@ -0,0 +1,25 @@ +From 3da691ba7ed23db37930dff5452fe3c3dcd9a963 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 27 Jan 2023 14:29:42 +0100 +Subject: [PATCH] test: don't hang indefinitely on no match + +(cherry picked from commit 270e9dcdb8c7f0f3c8b56803d0ef7bbf867b9fd1) + +Related: #2138081 +--- + test/units/testsuite-75.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh +index d36cab2923..ddd86d09bb 100755 +--- a/test/units/testsuite-75.sh ++++ b/test/units/testsuite-75.sh +@@ -41,7 +41,7 @@ monitor_check_rr() ( + # displayed. We turn off pipefail for this, since we don't care about the + # lhs of this pipe expression, we only care about the rhs' result to be + # clean +- journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match" ++ timeout -v 30s journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match" + ) + + # Test for resolvectl, resolvconf diff --git a/0195-test-ndisc-fix-memleak-and-fd-leak.patch b/0195-test-ndisc-fix-memleak-and-fd-leak.patch new file mode 100644 index 0000000..fd2c6e5 --- /dev/null +++ b/0195-test-ndisc-fix-memleak-and-fd-leak.patch @@ -0,0 +1,139 @@ +From 1d93f12c7068dedf9393f8d4d86335e1f40537c3 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 Jan 2023 14:37:12 +0900 +Subject: [PATCH] test-ndisc: fix memleak and fd leak + +Fixes issues reported at #22576. + +(cherry picked from commit 86d82cb8885afaac374225b945b2efc2a013cb7e) + +Related: #2138081 +--- + src/libsystemd-network/test-ndisc-ra.c | 20 ++++++-------------- + src/libsystemd-network/test-ndisc-rs.c | 21 ++++++++------------- + 2 files changed, 14 insertions(+), 27 deletions(-) + +diff --git a/src/libsystemd-network/test-ndisc-ra.c b/src/libsystemd-network/test-ndisc-ra.c +index 001df4d473..bd8c0fd426 100644 +--- a/src/libsystemd-network/test-ndisc-ra.c ++++ b/src/libsystemd-network/test-ndisc-ra.c +@@ -53,7 +53,6 @@ static uint8_t advertisement[] = { + + static bool test_stopped; + static int test_fd[2]; +-static sd_event_source *recv_router_advertisement; + static struct { + struct in6_addr address; + unsigned char prefixlen; +@@ -281,9 +280,9 @@ static int radv_recv(sd_event_source *s, int fd, uint32_t revents, void *userdat + } + + TEST(ra) { +- sd_event *e; +- sd_radv *ra; +- unsigned i; ++ _cleanup_(sd_event_unrefp) sd_event *e = NULL; ++ _cleanup_(sd_event_source_unrefp) sd_event_source *recv_router_advertisement = NULL; ++ _cleanup_(sd_radv_unrefp) sd_radv *ra = NULL; + + assert_se(socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC | SOCK_NONBLOCK, 0, test_fd) >= 0); + +@@ -303,7 +302,7 @@ TEST(ra) { + assert_se(sd_radv_set_rdnss(ra, 60, &test_rdnss, 1) >= 0); + assert_se(sd_radv_set_dnssl(ra, 60, (char **)test_dnssl) >= 0); + +- for (i = 0; i < ELEMENTSOF(prefix); i++) { ++ for (unsigned i = 0; i < ELEMENTSOF(prefix); i++) { + sd_radv_prefix *p; + + printf("Test prefix %u\n", i); +@@ -324,8 +323,8 @@ TEST(ra) { + assert_se(!p); + } + +- assert_se(sd_event_add_io(e, &recv_router_advertisement, test_fd[0], +- EPOLLIN, radv_recv, ra) >= 0); ++ assert_se(sd_event_add_io(e, &recv_router_advertisement, test_fd[0], EPOLLIN, radv_recv, ra) >= 0); ++ assert_se(sd_event_source_set_io_fd_own(recv_router_advertisement, true) >= 0); + + assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME, + 2 * USEC_PER_SEC, 0, +@@ -334,13 +333,6 @@ TEST(ra) { + assert_se(sd_radv_start(ra) >= 0); + + assert_se(sd_event_loop(e) >= 0); +- +- ra = sd_radv_unref(ra); +- assert_se(!ra); +- +- close(test_fd[0]); +- +- sd_event_unref(e); + } + + DEFINE_TEST_MAIN(LOG_DEBUG); +diff --git a/src/libsystemd-network/test-ndisc-rs.c b/src/libsystemd-network/test-ndisc-rs.c +index 3c679f60b5..e501b64377 100644 +--- a/src/libsystemd-network/test-ndisc-rs.c ++++ b/src/libsystemd-network/test-ndisc-rs.c +@@ -10,6 +10,7 @@ + #include "sd-ndisc.h" + + #include "alloc-util.h" ++#include "fd-util.h" + #include "hexdecoct.h" + #include "icmp6-util.h" + #include "socket-util.h" +@@ -255,8 +256,8 @@ static void test_callback(sd_ndisc *nd, sd_ndisc_event_t event, sd_ndisc_router + } + + TEST(rs) { +- sd_event *e; +- sd_ndisc *nd; ++ _cleanup_(sd_event_unrefp) sd_event *e = NULL; ++ _cleanup_(sd_ndisc_unrefp) sd_ndisc *nd = NULL; + + send_ra_function = send_ra; + +@@ -279,17 +280,13 @@ TEST(rs) { + assert_se(sd_ndisc_start(nd) >= 0); + assert_se(sd_ndisc_start(nd) >= 0); + assert_se(sd_ndisc_stop(nd) >= 0); ++ test_fd[1] = safe_close(test_fd[1]); + + assert_se(sd_ndisc_start(nd) >= 0); + + assert_se(sd_event_loop(e) >= 0); + +- nd = sd_ndisc_unref(nd); +- assert_se(!nd); +- +- close(test_fd[1]); +- +- sd_event_unref(e); ++ test_fd[1] = safe_close(test_fd[1]); + } + + static int test_timeout_value(uint8_t flags) { +@@ -342,8 +339,8 @@ static int test_timeout_value(uint8_t flags) { + } + + TEST(timeout) { +- sd_event *e; +- sd_ndisc *nd; ++ _cleanup_(sd_event_unrefp) sd_event *e = NULL; ++ _cleanup_(sd_ndisc_unrefp) sd_ndisc *nd = NULL; + + send_ra_function = test_timeout_value; + +@@ -367,9 +364,7 @@ TEST(timeout) { + + assert_se(sd_event_loop(e) >= 0); + +- nd = sd_ndisc_unref(nd); +- +- sd_event_unref(e); ++ test_fd[1] = safe_close(test_fd[1]); + } + + DEFINE_TEST_MAIN(LOG_DEBUG); diff --git a/0196-test-unit-name-fix-fd-leak.patch b/0196-test-unit-name-fix-fd-leak.patch new file mode 100644 index 0000000..272bfaa --- /dev/null +++ b/0196-test-unit-name-fix-fd-leak.patch @@ -0,0 +1,33 @@ +From a1ab44a859080aebd79355f58e57739ce4225e97 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 Jan 2023 14:54:44 +0900 +Subject: [PATCH] test-unit-name: fix fd leak + +Fixes an issue reported at https://github.com/systemd/systemd/issues/22576#issuecomment-1396774385. + +(cherry picked from commit 36f73b6c67afd9c826e612b751ea8f9249da7985) + +Related: #2138081 +--- + src/test/test-unit-name.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 43fdb15d1c..eec4831b4e 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -241,11 +241,13 @@ TEST_RET(unit_printf, .sd_booted = true) { + *user, *group, *uid, *gid, *home, *shell, + *tmp_dir, *var_tmp_dir; + _cleanup_(manager_freep) Manager *m = NULL; ++ _cleanup_close_ int fd = -EBADF; + Unit *u; + int r; + + _cleanup_(unlink_tempfilep) char filename[] = "/tmp/test-unit_printf.XXXXXX"; +- assert_se(mkostemp_safe(filename) >= 0); ++ fd = mkostemp_safe(filename); ++ assert_se(fd >= 0); + + /* Using the specifier functions is admittedly a bit circular, but we don't want to reimplement the + * logic a second time. We're at least testing that the hookup works. */ diff --git a/0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch b/0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch new file mode 100644 index 0000000..ba9252a --- /dev/null +++ b/0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch @@ -0,0 +1,57 @@ +From f2a1b51350d535cbb6ed3a3d11071651e54f5c3c Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 17 Jan 2023 18:04:30 +0100 +Subject: [PATCH] test: bump D-Bus service start timeout if we run without + accel + +The default (25s) doesn't seem to be enough in some cases (especially +in VMs without acceleration), causing spurious timeouts: + +[ 174.297658] dbus-daemon[647]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.0' (uid=0 pid=645 comm="hostnamectl " label="kernel") +[ 184.202313] systemd[1]: systemd-update-utmp-runlevel.service: Consumed 1.253s CPU time. +[ 197.335422] systemd[1]: Started dbus.service. +[ 199.211468] testsuite-71.sh[639]: + assert_in 'Static hostname: H' '' +[ 199.347192] dbus-daemon[647]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms) +[ 199.394879] testsuite-71.sh[657]: + set +ex +[ 199.438918] testsuite-71.sh[657]: FAIL: 'Static hostname: H' not found in: +[ 200.966006] systemd-logind[631]: Watching system buttons on /dev/input/event0 (Power Button) +[ 201.008178] systemd-logind[631]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard) +[ 201.034106] systemd-logind[631]: New seat seat0. +[ 201.238267] sh[658]: + systemctl poweroff --no-block +[ 201.329890] systemd[1]: Starting systemd-hostnamed.service... +[ 202.156622] systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully. +[ 204.818913] hostnamectl[645]: Failed to query system properties: Connection timed out +[ 205.195583] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE +[ 205.227237] systemd[1]: testsuite-71.service: Failed with result 'exit-code'. +[ 205.712780] systemd[1]: Failed to start testsuite-71.service. + +(cherry picked from commit c78d18215b3e5b0f0896ddb1d0d72c666b5e830b) + +Related: #2138081 +--- + test/test-functions | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 94e11a686a..6e4ea80d89 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1909,6 +1909,18 @@ install_dbus() { + + + EOF ++ ++ # If we run without KVM, bump the service start timeout ++ if ! get_bool "$QEMU_KVM"; then ++ cat >"$initdir/etc/dbus-1/system.d/service.timeout.conf" < ++ ++ ++ 60000 ++ ++EOF ++ fi + } + + install_user_dbus() { diff --git a/0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch b/0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch new file mode 100644 index 0000000..793739b --- /dev/null +++ b/0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch @@ -0,0 +1,49 @@ +From 922c24e6b2074d63dd5554f2f0015a680958293e Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 23 Jan 2023 18:40:38 +0100 +Subject: [PATCH] test: bump the client-side timeout in sd-bus as well + +Since c78d18215b D-Bus services now have 60s to start, but the client +side (sd-bus) still waits only for 25s before giving up: + +``` +[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' '' +[ 226.332965] testsuite-71.sh[576]: + set +ex +[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in: +[ 228.910782] sh[577]: + systemctl poweroff --no-block +[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out +[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time. +[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1' +[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time. +[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE +[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'. +[ 237.931415] systemd[1]: Failed to start testsuite-71.service. +[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time. +[ 238.181030] systemd[1]: Reached target testsuite.target. +``` + +Let's override the timeout in sd-bus as well to mitigate this. + +Follow-up to c78d18215b3e5b0f0896ddb1d0d72c666b5e830b. + +(cherry picked from commit e0cbb739113b9e2fbb67b27099430c351f03315c) + +Related: #2138081 +--- + test/test-functions | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/test/test-functions b/test/test-functions +index 6e4ea80d89..1608644cbb 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -1920,6 +1920,9 @@ EOF + 60000 + + EOF ++ # Bump the client-side timeout in sd-bus as well ++ mkdir -p "$initdir/etc/systemd/system.conf.d" ++ echo -e '[Manager]\nDefaultEnvironment=SYSTEMD_BUS_TIMEOUT=60' >"$initdir/etc/systemd/system.conf.d/bus-timeout.conf" + fi + } + diff --git a/0199-test-bump-the-container-spawn-timeout-to-60s.patch b/0199-test-bump-the-container-spawn-timeout-to-60s.patch new file mode 100644 index 0000000..7ee431e --- /dev/null +++ b/0199-test-bump-the-container-spawn-timeout-to-60s.patch @@ -0,0 +1,28 @@ +From 5b859cca580ee9c050486024ebd8cfdb34049008 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 23 Jan 2023 19:13:49 +0100 +Subject: [PATCH] test: bump the container spawn timeout to 60s + +As 30s might be not enough on busy systems (and we already bumped the +reboot timeout from 30s to 60s for this reason). + +(cherry picked from commit d932022ddfe021b1c49ffaf4d7dfe4093656f0c5) + +Related: #2138081 +--- + test/test-shutdown.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test-shutdown.py b/test/test-shutdown.py +index e181f976be..13e18ecbaa 100755 +--- a/test/test-shutdown.py ++++ b/test/test-shutdown.py +@@ -17,7 +17,7 @@ def run(args): + logger.info("spawning test") + console = pexpect.spawn(args.command, args.arg, env={ + "TERM": "linux", +- }, encoding='utf-8', timeout=30) ++ }, encoding='utf-8', timeout=60) + + if args.verbose: + console.logfile = sys.stdout diff --git a/0200-network-fix-memleak.patch b/0200-network-fix-memleak.patch new file mode 100644 index 0000000..7fbbc98 --- /dev/null +++ b/0200-network-fix-memleak.patch @@ -0,0 +1,55 @@ +From 44d34632660f8456b7ca09510ed1b469541fac65 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 16 Jan 2023 22:07:06 +0900 +Subject: [PATCH] network: fix memleak + +Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803. + +Fixes #25883 and #25891. + +(cherry picked from commit 303dfa73b389e8f6dc58954e867c21724c1446f7) + +Related: #2138081 +--- + src/network/networkd-address.c | 6 +++++- + src/network/networkd-route.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 259cd312c9..4f8f95cba6 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -1189,9 +1189,13 @@ int link_request_address( + + (void) address_get(link, address, &existing); + +- if (address->lifetime_valid_usec == 0) ++ if (address->lifetime_valid_usec == 0) { ++ if (consume_object) ++ address_free(address); ++ + /* The requested address is outdated. Let's remove it. */ + return address_remove_and_drop(existing); ++ } + + if (!existing) { + _cleanup_(address_freep) Address *tmp = NULL; +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index d1f3bab092..5214a8ad2c 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -1437,9 +1437,13 @@ int link_request_route( + + (void) route_get(link->manager, link, route, &existing); + +- if (route->lifetime_usec == 0) ++ if (route->lifetime_usec == 0) { ++ if (consume_object) ++ route_free(route); ++ + /* The requested route is outdated. Let's remove it. */ + return route_remove_and_drop(existing); ++ } + + if (!existing) { + _cleanup_(route_freep) Route *tmp = NULL; diff --git a/0201-busctl-fix-introspecting-DBus-properties.patch b/0201-busctl-fix-introspecting-DBus-properties.patch new file mode 100644 index 0000000..8e5b3a4 --- /dev/null +++ b/0201-busctl-fix-introspecting-DBus-properties.patch @@ -0,0 +1,64 @@ +From 25e4d71e788ee7467e1d764c631de44d599e2b1c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 13 Jan 2023 14:12:31 +0900 +Subject: [PATCH] busctl: fix introspecting DBus properties + +Follow-up for f2f7785d7a47ffa48ac929648794e1288509ddd8. + +Fixes #26033. + +(cherry picked from commit 2cbb171d20a07ec0a25296f167b0385de102d74e) + +Related: #2138081 +--- + src/busctl/busctl.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c +index f57a5d605d..cc2d0e3458 100644 +--- a/src/busctl/busctl.c ++++ b/src/busctl/busctl.c +@@ -1022,10 +1022,11 @@ static int introspect(int argc, char **argv, void *userdata) { + + for (;;) { + Member *z; +- _cleanup_free_ char *buf = NULL; ++ _cleanup_free_ char *buf = NULL, *signature = NULL; + _cleanup_fclose_ FILE *mf = NULL; + size_t sz = 0; +- const char *name; ++ const char *name, *contents; ++ char type; + + r = sd_bus_message_enter_container(reply, 'e', "sv"); + if (r < 0) +@@ -1042,6 +1043,21 @@ static int introspect(int argc, char **argv, void *userdata) { + if (r < 0) + return bus_log_parse_error(r); + ++ r = sd_bus_message_peek_type(reply, &type, &contents); ++ if (r <= 0) ++ return bus_log_parse_error(r == 0 ? EINVAL : r); ++ ++ if (type == SD_BUS_TYPE_STRUCT_BEGIN) ++ signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END)); ++ else if (type == SD_BUS_TYPE_DICT_ENTRY_BEGIN) ++ signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_END)); ++ else if (contents) ++ signature = strjoin(CHAR_TO_STR(type), contents); ++ else ++ signature = strdup(CHAR_TO_STR(type)); ++ if (!signature) ++ return log_oom(); ++ + mf = open_memstream_unlocked(&buf, &sz); + if (!mf) + return log_oom(); +@@ -1055,6 +1071,7 @@ static int introspect(int argc, char **argv, void *userdata) { + z = set_get(members, &((Member) { + .type = "property", + .interface = m->interface, ++ .signature = signature, + .name = (char*) name })); + if (z) + free_and_replace(z->value, buf); diff --git a/0202-busctl-simplify-peeking-the-type.patch b/0202-busctl-simplify-peeking-the-type.patch new file mode 100644 index 0000000..6c0cc51 --- /dev/null +++ b/0202-busctl-simplify-peeking-the-type.patch @@ -0,0 +1,82 @@ +From ae1806eea8c688c6561b5f7dcbaa6f682233b73e Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 16 Jan 2023 14:16:14 +0100 +Subject: [PATCH] busctl: simplify peeking the type + +let's peek the type before we enter the variant, not after, so that we +can reuse it as-is, instead having to recombine it later. + +Follow-up for: #26049 + +(cherry picked from commit ec56edf55c26ed2c65cf8e86b81ab0b516c94dd9) + +Related: #2138081 +--- + src/busctl/busctl.c | 30 ++++++++++-------------------- + 1 file changed, 10 insertions(+), 20 deletions(-) + +diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c +index cc2d0e3458..901b0e15f6 100644 +--- a/src/busctl/busctl.c ++++ b/src/busctl/busctl.c +@@ -1021,17 +1021,16 @@ static int introspect(int argc, char **argv, void *userdata) { + return bus_log_parse_error(r); + + for (;;) { +- Member *z; +- _cleanup_free_ char *buf = NULL, *signature = NULL; + _cleanup_fclose_ FILE *mf = NULL; +- size_t sz = 0; ++ _cleanup_free_ char *buf = NULL; + const char *name, *contents; ++ size_t sz = 0; ++ Member *z; + char type; + + r = sd_bus_message_enter_container(reply, 'e', "sv"); + if (r < 0) + return bus_log_parse_error(r); +- + if (r == 0) + break; + +@@ -1039,24 +1038,15 @@ static int introspect(int argc, char **argv, void *userdata) { + if (r < 0) + return bus_log_parse_error(r); + +- r = sd_bus_message_enter_container(reply, 'v', NULL); ++ r = sd_bus_message_peek_type(reply, &type, &contents); + if (r < 0) + return bus_log_parse_error(r); ++ if (type != 'v') ++ return bus_log_parse_error(EINVAL); + +- r = sd_bus_message_peek_type(reply, &type, &contents); +- if (r <= 0) +- return bus_log_parse_error(r == 0 ? EINVAL : r); +- +- if (type == SD_BUS_TYPE_STRUCT_BEGIN) +- signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END)); +- else if (type == SD_BUS_TYPE_DICT_ENTRY_BEGIN) +- signature = strjoin(CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_DICT_ENTRY_END)); +- else if (contents) +- signature = strjoin(CHAR_TO_STR(type), contents); +- else +- signature = strdup(CHAR_TO_STR(type)); +- if (!signature) +- return log_oom(); ++ r = sd_bus_message_enter_container(reply, 'v', contents); ++ if (r < 0) ++ return bus_log_parse_error(r); + + mf = open_memstream_unlocked(&buf, &sz); + if (!mf) +@@ -1071,7 +1061,7 @@ static int introspect(int argc, char **argv, void *userdata) { + z = set_get(members, &((Member) { + .type = "property", + .interface = m->interface, +- .signature = signature, ++ .signature = (char*) contents, + .name = (char*) name })); + if (z) + free_and_replace(z->value, buf); diff --git a/0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch b/0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch new file mode 100644 index 0000000..f5b41ed --- /dev/null +++ b/0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch @@ -0,0 +1,29 @@ +From fb589eae3231c6d968b116774097c90a64755f19 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 4 Nov 2022 12:53:07 +0900 +Subject: [PATCH] resolve: drop redundant call of socket_ipv6_is_supported() + +As link_relevant() is called with AF_INET6, which returns true only when +the link has at least one relevant IPv6 address. + +(cherry picked from commit f6e4aa7b0370c8b39739e9d5dda780932489507a) + +Related: #2138081 +--- + src/resolve/resolved-link.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c +index 9ab55eb82e..409d725686 100644 +--- a/src/resolve/resolved-link.c ++++ b/src/resolve/resolved-link.c +@@ -152,8 +152,7 @@ void link_allocate_scopes(Link *l) { + + if (link_relevant(l, AF_INET6, true) && + l->llmnr_support != RESOLVE_SUPPORT_NO && +- l->manager->llmnr_support != RESOLVE_SUPPORT_NO && +- socket_ipv6_is_supported()) { ++ l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { + if (!l->llmnr_ipv6_scope) { + r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6); + if (r < 0) diff --git a/0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch b/0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch new file mode 100644 index 0000000..e9838bf --- /dev/null +++ b/0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch @@ -0,0 +1,181 @@ +From d34f971ad09e43f583ff570e26c87e6cdc83d69d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 4 Nov 2022 12:53:07 +0900 +Subject: [PATCH] resolve: introduce link_get_llmnr_support() and + link_get_mdns_support() + +(cherry picked from commit bce459e3275249574f2142236275b2c33a9f88e3) + +Related: #2138081 +--- + src/resolve/resolved-link.c | 49 ++++++++++++++++++++++--------------- + src/resolve/resolved-link.h | 3 +++ + src/shared/resolve-util.h | 3 ++- + 3 files changed, 34 insertions(+), 21 deletions(-) + +diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c +index 409d725686..86112f3a3b 100644 +--- a/src/resolve/resolved-link.c ++++ b/src/resolve/resolved-link.c +@@ -140,8 +140,7 @@ void link_allocate_scopes(Link *l) { + l->unicast_scope = dns_scope_free(l->unicast_scope); + + if (link_relevant(l, AF_INET, true) && +- l->llmnr_support != RESOLVE_SUPPORT_NO && +- l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { ++ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) { + if (!l->llmnr_ipv4_scope) { + r = dns_scope_new(l->manager, &l->llmnr_ipv4_scope, l, DNS_PROTOCOL_LLMNR, AF_INET); + if (r < 0) +@@ -151,8 +150,7 @@ void link_allocate_scopes(Link *l) { + l->llmnr_ipv4_scope = dns_scope_free(l->llmnr_ipv4_scope); + + if (link_relevant(l, AF_INET6, true) && +- l->llmnr_support != RESOLVE_SUPPORT_NO && +- l->manager->llmnr_support != RESOLVE_SUPPORT_NO) { ++ link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) { + if (!l->llmnr_ipv6_scope) { + r = dns_scope_new(l->manager, &l->llmnr_ipv6_scope, l, DNS_PROTOCOL_LLMNR, AF_INET6); + if (r < 0) +@@ -162,8 +160,7 @@ void link_allocate_scopes(Link *l) { + l->llmnr_ipv6_scope = dns_scope_free(l->llmnr_ipv6_scope); + + if (link_relevant(l, AF_INET, true) && +- l->mdns_support != RESOLVE_SUPPORT_NO && +- l->manager->mdns_support != RESOLVE_SUPPORT_NO) { ++ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) { + if (!l->mdns_ipv4_scope) { + r = dns_scope_new(l->manager, &l->mdns_ipv4_scope, l, DNS_PROTOCOL_MDNS, AF_INET); + if (r < 0) +@@ -173,8 +170,7 @@ void link_allocate_scopes(Link *l) { + l->mdns_ipv4_scope = dns_scope_free(l->mdns_ipv4_scope); + + if (link_relevant(l, AF_INET6, true) && +- l->mdns_support != RESOLVE_SUPPORT_NO && +- l->manager->mdns_support != RESOLVE_SUPPORT_NO) { ++ link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) { + if (!l->mdns_ipv6_scope) { + r = dns_scope_new(l->manager, &l->mdns_ipv6_scope, l, DNS_PROTOCOL_MDNS, AF_INET6); + if (r < 0) +@@ -191,8 +187,7 @@ void link_add_rrs(Link *l, bool force_remove) { + link_address_add_rrs(a, force_remove); + + if (!force_remove && +- l->mdns_support == RESOLVE_SUPPORT_YES && +- l->manager->mdns_support == RESOLVE_SUPPORT_YES) { ++ link_get_mdns_support(l) == RESOLVE_SUPPORT_YES) { + + if (l->mdns_ipv4_scope) { + r = dns_scope_add_dnssd_services(l->mdns_ipv4_scope); +@@ -651,13 +646,13 @@ int link_update(Link *l) { + if (r < 0) + return r; + +- if (l->llmnr_support != RESOLVE_SUPPORT_NO) { ++ if (link_get_llmnr_support(l) != RESOLVE_SUPPORT_NO) { + r = manager_llmnr_start(l->manager); + if (r < 0) + return r; + } + +- if (l->mdns_support != RESOLVE_SUPPORT_NO) { ++ if (link_get_mdns_support(l) != RESOLVE_SUPPORT_NO) { + r = manager_mdns_start(l->manager); + if (r < 0) + return r; +@@ -802,6 +797,24 @@ bool link_dnssec_supported(Link *l) { + return true; + } + ++ResolveSupport link_get_llmnr_support(Link *link) { ++ assert(link); ++ assert(link->manager); ++ ++ /* This provides the effective LLMNR support level for the link, instead of the 'internal' per-link setting. */ ++ ++ return MIN(link->llmnr_support, link->manager->llmnr_support); ++} ++ ++ResolveSupport link_get_mdns_support(Link *link) { ++ assert(link); ++ assert(link->manager); ++ ++ /* This provides the effective mDNS support level for the link, instead of the 'internal' per-link setting. */ ++ ++ return MIN(link->mdns_support, link->manager->mdns_support); ++} ++ + int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr_union *in_addr) { + LinkAddress *a; + +@@ -885,8 +898,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) { + if (!force_remove && + link_address_relevant(a, true) && + a->link->llmnr_ipv4_scope && +- a->link->llmnr_support == RESOLVE_SUPPORT_YES && +- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { ++ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) { + + if (!a->link->manager->llmnr_host_ipv4_key) { + a->link->manager->llmnr_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->llmnr_hostname); +@@ -939,8 +951,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) { + if (!force_remove && + link_address_relevant(a, true) && + a->link->mdns_ipv4_scope && +- a->link->mdns_support == RESOLVE_SUPPORT_YES && +- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { ++ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) { + if (!a->link->manager->mdns_host_ipv4_key) { + a->link->manager->mdns_host_ipv4_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, a->link->manager->mdns_hostname); + if (!a->link->manager->mdns_host_ipv4_key) { +@@ -995,8 +1006,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) { + if (!force_remove && + link_address_relevant(a, true) && + a->link->llmnr_ipv6_scope && +- a->link->llmnr_support == RESOLVE_SUPPORT_YES && +- a->link->manager->llmnr_support == RESOLVE_SUPPORT_YES) { ++ link_get_llmnr_support(a->link) == RESOLVE_SUPPORT_YES) { + + if (!a->link->manager->llmnr_host_ipv6_key) { + a->link->manager->llmnr_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->llmnr_hostname); +@@ -1049,8 +1059,7 @@ void link_address_add_rrs(LinkAddress *a, bool force_remove) { + if (!force_remove && + link_address_relevant(a, true) && + a->link->mdns_ipv6_scope && +- a->link->mdns_support == RESOLVE_SUPPORT_YES && +- a->link->manager->mdns_support == RESOLVE_SUPPORT_YES) { ++ link_get_mdns_support(a->link) == RESOLVE_SUPPORT_YES) { + + if (!a->link->manager->mdns_host_ipv6_key) { + a->link->manager->mdns_host_ipv6_key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, a->link->manager->mdns_hostname); +diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h +index b5299e0b5b..d2043a1000 100644 +--- a/src/resolve/resolved-link.h ++++ b/src/resolve/resolved-link.h +@@ -104,6 +104,9 @@ bool link_dnssec_supported(Link *l); + + DnsOverTlsMode link_get_dns_over_tls_mode(Link *l); + ++ResolveSupport link_get_llmnr_support(Link *link); ++ResolveSupport link_get_mdns_support(Link *link); ++ + int link_save_user(Link *l); + int link_load_user(Link *l); + void link_remove_user(Link *l); +diff --git a/src/shared/resolve-util.h b/src/shared/resolve-util.h +index d9ab387301..e58173d864 100644 +--- a/src/shared/resolve-util.h ++++ b/src/shared/resolve-util.h +@@ -25,10 +25,11 @@ typedef enum ResolveSupport ResolveSupport; + typedef enum DnssecMode DnssecMode; + typedef enum DnsOverTlsMode DnsOverTlsMode; + ++/* Do not change the order, see link_get_llmnr_support() or link_get_mdns_support(). */ + enum ResolveSupport { + RESOLVE_SUPPORT_NO, +- RESOLVE_SUPPORT_YES, + RESOLVE_SUPPORT_RESOLVE, ++ RESOLVE_SUPPORT_YES, + _RESOLVE_SUPPORT_MAX, + _RESOLVE_SUPPORT_INVALID = -EINVAL, + }; diff --git a/0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch b/0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch new file mode 100644 index 0000000..52ed54f --- /dev/null +++ b/0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch @@ -0,0 +1,42 @@ +From f04078d864c969c7694a2cd131ca9eff75c15ce8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 4 Nov 2022 12:53:07 +0900 +Subject: [PATCH] resolve: provide effective supporting levels of mDNS and + LLMNR + +The per-link settings are ignored if the feature is disabled by the global setting. +Let's announce the effective level, to make not users confused. + +Closes #24863. + +(cherry picked from commit dc167037c4e7407bf597a65224c736874abeca11) + +Related: #2138081 +--- + src/resolve/resolved-link-bus.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c +index a817b1b453..1f7d092112 100644 +--- a/src/resolve/resolved-link-bus.c ++++ b/src/resolve/resolved-link-bus.c +@@ -22,6 +22,8 @@ + + static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported); + static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string); ++static BUS_DEFINE_PROPERTY_GET2(property_get_llmnr_support, "s", Link, link_get_llmnr_support, resolve_support_to_string); ++static BUS_DEFINE_PROPERTY_GET2(property_get_mdns_support, "s", Link, link_get_mdns_support, resolve_support_to_string); + + static int property_get_dns_over_tls_mode( + sd_bus *bus, +@@ -864,8 +866,8 @@ static const sd_bus_vtable link_vtable[] = { + SD_BUS_PROPERTY("CurrentDNSServerEx", "(iayqs)", property_get_current_dns_server_ex, offsetof(Link, current_dns_server), 0), + SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0), + SD_BUS_PROPERTY("DefaultRoute", "b", property_get_default_route, 0, 0), +- SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0), +- SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0), ++ SD_BUS_PROPERTY("LLMNR", "s", property_get_llmnr_support, 0, 0), ++ SD_BUS_PROPERTY("MulticastDNS", "s", property_get_mdns_support, 0, 0), + SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode, 0, 0), + SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0), + SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0), diff --git a/0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch b/0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch new file mode 100644 index 0000000..e7e7aff --- /dev/null +++ b/0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch @@ -0,0 +1,89 @@ +From 4b911f2d385feb8153dacaf923108fc6d00fa149 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 4 Nov 2022 13:11:55 +0900 +Subject: [PATCH] resolvectl: warn if the global mDNS or LLMNR support level is + lower than the requested one + +(cherry picked from commit c38a03df4af78721f45947ffa2013554d81954a4) + +Related: #2138081 +--- + src/resolve/resolvectl.c | 37 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + +diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c +index 2a7347ca27..c52773508f 100644 +--- a/src/resolve/resolvectl.c ++++ b/src/resolve/resolvectl.c +@@ -32,6 +32,7 @@ + #include "pretty-print.h" + #include "process-util.h" + #include "resolvconf-compat.h" ++#include "resolve-util.h" + #include "resolvectl.h" + #include "resolved-def.h" + #include "resolved-dns-packet.h" +@@ -2280,6 +2281,8 @@ static int verb_default_route(int argc, char **argv, void *userdata) { + + static int verb_llmnr(int argc, char **argv, void *userdata) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; ++ _cleanup_free_ char *global_llmnr_support_str = NULL; ++ ResolveSupport global_llmnr_support, llmnr_support; + sd_bus *bus = ASSERT_PTR(userdata); + int r; + +@@ -2295,6 +2298,22 @@ static int verb_llmnr(int argc, char **argv, void *userdata) { + if (argc < 3) + return status_ifindex(bus, arg_ifindex, NULL, STATUS_LLMNR, NULL); + ++ llmnr_support = resolve_support_from_string(argv[2]); ++ if (llmnr_support < 0) ++ return log_error_errno(llmnr_support, "Invalid LLMNR setting: %s", argv[2]); ++ ++ r = bus_get_property_string(bus, bus_resolve_mgr, "LLMNR", &error, &global_llmnr_support_str); ++ if (r < 0) ++ return log_error_errno(r, "Failed to get the global LLMNR support state: %s", bus_error_message(&error, r)); ++ ++ global_llmnr_support = resolve_support_from_string(global_llmnr_support_str); ++ if (global_llmnr_support < 0) ++ return log_error_errno(global_llmnr_support, "Received invalid global LLMNR setting: %s", global_llmnr_support_str); ++ ++ if (global_llmnr_support < llmnr_support) ++ log_warning("Setting LLMNR support level \"%s\" for \"%s\", but the global support level is \"%s\".", ++ argv[2], arg_ifname, global_llmnr_support_str); ++ + r = bus_call_method(bus, bus_resolve_mgr, "SetLinkLLMNR", &error, NULL, "is", arg_ifindex, argv[2]); + if (r < 0 && sd_bus_error_has_name(&error, BUS_ERROR_LINK_BUSY)) { + sd_bus_error_free(&error); +@@ -2314,6 +2333,8 @@ static int verb_llmnr(int argc, char **argv, void *userdata) { + + static int verb_mdns(int argc, char **argv, void *userdata) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; ++ _cleanup_free_ char *global_mdns_support_str = NULL; ++ ResolveSupport global_mdns_support, mdns_support; + sd_bus *bus = ASSERT_PTR(userdata); + int r; + +@@ -2329,6 +2350,22 @@ static int verb_mdns(int argc, char **argv, void *userdata) { + if (argc < 3) + return status_ifindex(bus, arg_ifindex, NULL, STATUS_MDNS, NULL); + ++ mdns_support = resolve_support_from_string(argv[2]); ++ if (mdns_support < 0) ++ return log_error_errno(mdns_support, "Invalid mDNS setting: %s", argv[2]); ++ ++ r = bus_get_property_string(bus, bus_resolve_mgr, "MulticastDNS", &error, &global_mdns_support_str); ++ if (r < 0) ++ return log_error_errno(r, "Failed to get the global mDNS support state: %s", bus_error_message(&error, r)); ++ ++ global_mdns_support = resolve_support_from_string(global_mdns_support_str); ++ if (global_mdns_support < 0) ++ return log_error_errno(global_mdns_support, "Received invalid global mDNS setting: %s", global_mdns_support_str); ++ ++ if (global_mdns_support < mdns_support) ++ log_warning("Setting mDNS support level \"%s\" for \"%s\", but the global support level is \"%s\".", ++ argv[2], arg_ifname, global_mdns_support_str); ++ + r = bus_call_method(bus, bus_resolve_mgr, "SetLinkMulticastDNS", &error, NULL, "is", arg_ifindex, argv[2]); + if (r < 0 && sd_bus_error_has_name(&error, BUS_ERROR_LINK_BUSY)) { + sd_bus_error_free(&error); diff --git a/0207-resolve-enable-per-link-mDNS-setting-by-default.patch b/0207-resolve-enable-per-link-mDNS-setting-by-default.patch new file mode 100644 index 0000000..7daa0e6 --- /dev/null +++ b/0207-resolve-enable-per-link-mDNS-setting-by-default.patch @@ -0,0 +1,71 @@ +From 11132a6c20b64eb14a3386ff480086b5bae72146 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 4 Nov 2022 12:06:21 +0900 +Subject: [PATCH] resolve: enable per-link mDNS setting by default + +Otherwise, if the link is not managed by systemd-networkd, mDNS cannot +be enabled without calling `resolvectl` explicitly. + +Fixes #25252. + +(cherry picked from commit e31540196b8fb136a8f197c7a26d851bd0b93329) + +Related: #2138081 +--- + src/resolve/resolved-link-bus.c | 2 +- + src/resolve/resolved-link.c | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c +index 1f7d092112..9b6d14f20c 100644 +--- a/src/resolve/resolved-link-bus.c ++++ b/src/resolve/resolved-link-bus.c +@@ -562,7 +562,7 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err + return r; + + if (isempty(mdns)) +- mode = RESOLVE_SUPPORT_NO; ++ mode = RESOLVE_SUPPORT_YES; + else { + mode = resolve_support_from_string(mdns); + if (mode < 0) +diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c +index 86112f3a3b..d41f6f3e54 100644 +--- a/src/resolve/resolved-link.c ++++ b/src/resolve/resolved-link.c +@@ -37,7 +37,7 @@ int link_new(Manager *m, Link **ret, int ifindex) { + .ifindex = ifindex, + .default_route = -1, + .llmnr_support = RESOLVE_SUPPORT_YES, +- .mdns_support = RESOLVE_SUPPORT_NO, ++ .mdns_support = RESOLVE_SUPPORT_YES, + .dnssec_mode = _DNSSEC_MODE_INVALID, + .dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID, + .operstate = IF_OPER_UNKNOWN, +@@ -64,7 +64,7 @@ void link_flush_settings(Link *l) { + + l->default_route = -1; + l->llmnr_support = RESOLVE_SUPPORT_YES; +- l->mdns_support = RESOLVE_SUPPORT_NO; ++ l->mdns_support = RESOLVE_SUPPORT_YES; + l->dnssec_mode = _DNSSEC_MODE_INVALID; + l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID; + +@@ -354,7 +354,7 @@ static int link_update_mdns_support(Link *l) { + + assert(l); + +- l->mdns_support = RESOLVE_SUPPORT_NO; ++ l->mdns_support = RESOLVE_SUPPORT_YES; + + r = sd_network_link_get_mdns(l->ifindex, &b); + if (r == -ENODATA) +@@ -1156,7 +1156,7 @@ static bool link_needs_save(Link *l) { + return false; + + if (l->llmnr_support != RESOLVE_SUPPORT_YES || +- l->mdns_support != RESOLVE_SUPPORT_NO || ++ l->mdns_support != RESOLVE_SUPPORT_YES || + l->dnssec_mode != _DNSSEC_MODE_INVALID || + l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID) + return true; diff --git a/systemd.spec b/systemd.spec index 6828787..3409bb2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 252 -Release: 3%{?dist} +Release: 4%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -257,6 +257,34 @@ Patch0176: 0176-core-unit-merge-unit-names-after-merging-deps.patch Patch0177: 0177-core-unit-fix-log-message.patch Patch0178: 0178-test-explicitly-create-the-etc-init.d-directory.patch Patch0179: 0179-test-support-a-non-default-SysV-directory.patch +Patch0180: 0180-udev-make-get_virtfn_info-provide-physical-PCI-devic.patch +Patch0181: 0181-test-make-helper_check_device_units-log-unit-name.patch +Patch0182: 0182-test-add-a-testcase-for-lvextend.patch +Patch0183: 0183-pid1-fix-segv-triggered-by-status-query-26279.patch +Patch0184: 0184-test-create-config-under-run.patch +Patch0185: 0185-test-add-tests-for-mDNS-and-LLMNR-settings.patch +Patch0186: 0186-resolved-introduce-the-_localdnsstub-and-_localdnspr.patch +Patch0187: 0187-test-wait-for-the-monitoring-service-to-become-activ.patch +Patch0188: 0188-test-suppress-echo-in-monitor_check_rr.patch +Patch0189: 0189-Revert-test-wait-for-the-monitoring-service-to-becom.patch +Patch0190: 0190-test-show-and-check-almost-all-journal-entries-since.patch +Patch0191: 0191-test-cover-IPv6-in-the-resolved-test-suite.patch +Patch0192: 0192-test-add-a-couple-of-SRV-records-to-check-service-re.patch +Patch0193: 0193-test-add-a-test-for-the-OPENPGPKEY-RR.patch +Patch0194: 0194-test-don-t-hang-indefinitely-on-no-match.patch +Patch0195: 0195-test-ndisc-fix-memleak-and-fd-leak.patch +Patch0196: 0196-test-unit-name-fix-fd-leak.patch +Patch0197: 0197-test-bump-D-Bus-service-start-timeout-if-we-run-with.patch +Patch0198: 0198-test-bump-the-client-side-timeout-in-sd-bus-as-well.patch +Patch0199: 0199-test-bump-the-container-spawn-timeout-to-60s.patch +Patch0200: 0200-network-fix-memleak.patch +Patch0201: 0201-busctl-fix-introspecting-DBus-properties.patch +Patch0202: 0202-busctl-simplify-peeking-the-type.patch +Patch0203: 0203-resolve-drop-redundant-call-of-socket_ipv6_is_suppor.patch +Patch0204: 0204-resolve-introduce-link_get_llmnr_support-and-link_ge.patch +Patch0205: 0205-resolve-provide-effective-supporting-levels-of-mDNS-.patch +Patch0206: 0206-resolvectl-warn-if-the-global-mDNS-or-LLMNR-support-.patch +Patch0207: 0207-resolve-enable-per-link-mDNS-setting-by-default.patch # Downstream-only patches (9000–9999) @@ -1048,6 +1076,36 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s %files standalone-sysusers -f .file-list-standalone-sysusers %changelog +* Mon Feb 06 2023 systemd maintenance team - 252-4 +- udev: make get_virtfn_info() provide physical PCI device (#2159448) +- test: make helper_check_device_units() log unit name (#2138081) +- test: add a testcase for lvextend (#2138081) +- pid1: fix segv triggered by status query (#26279) (#2138081) +- test: create config under /run (#2138081) +- test: add tests for mDNS and LLMNR settings (#2138081) +- resolved: introduce the _localdnsstub and _localdnsproxy special hostnames for 127.0.0.54 + 127.0.0.53 (#2138081) +- test: wait for the monitoring service to become active (#2138081) +- test: suppress echo in monitor_check_rr() (#2138081) +- Revert "test: wait for the monitoring service to become active" (#2138081) +- test: show and check almost all journal entries since the relevant command being invoked (#2138081) +- test: cover IPv6 in the resolved test suite (#2138081) +- test: add a couple of SRV records to check service resolution (#2138081) +- test: add a test for the OPENPGPKEY RR (#2138081) +- test: don't hang indefinitely on no match (#2138081) +- test-ndisc: fix memleak and fd leak (#2138081) +- test-unit-name: fix fd leak (#2138081) +- test: bump D-Bus service start timeout if we run without accel (#2138081) +- test: bump the client-side timeout in sd-bus as well (#2138081) +- test: bump the container spawn timeout to 60s (#2138081) +- network: fix memleak (#2138081) +- busctl: fix introspecting DBus properties (#2138081) +- busctl: simplify peeking the type (#2138081) +- resolve: drop redundant call of socket_ipv6_is_supported() (#2138081) +- resolve: introduce link_get_llmnr_support() and link_get_mdns_support() (#2138081) +- resolve: provide effective supporting levels of mDNS and LLMNR (#2138081) +- resolvectl: warn if the global mDNS or LLMNR support level is lower than the requested one (#2138081) +- resolve: enable per-link mDNS setting by default (#2138081) + * Mon Jan 16 2023 systemd maintenance team - 252-3 - swap: tell swapon to reinitialize swap if needed (#2151993) - coredump: adjust whitespace (#2155517)