[systemd-commits] 15 commits - man/kernel-command-line.xml man/sd_notify.xml man/sd_watchdog_enabled.xml man/systemd-journal-upload.xml man/systemd-udevd.service.xml man/udev.conf.xml src/journal-remote src/libsystemd src/shared
Zbigniew JÄdrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Wed Oct 22 22:06:46 PDT 2014
man/kernel-command-line.xml | 2
man/sd_notify.xml | 15 +--
man/sd_watchdog_enabled.xml | 53 +++++++---
man/systemd-journal-upload.xml | 70 ++++++++++++++
man/systemd-udevd.service.xml | 9 +
man/udev.conf.xml | 35 ++++---
src/journal-remote/journal-remote-parse.c | 6 -
src/journal-remote/journal-remote.c | 146 ++++++++++++++++++------------
src/journal-remote/journal-upload.c | 107 ++++++++++++++++-----
src/libsystemd/sd-daemon/sd-daemon.c | 48 ++++-----
src/shared/log.h | 6 +
src/shared/socket-label.c | 3
src/shared/socket-util.c | 20 ++--
13 files changed, 352 insertions(+), 168 deletions(-)
New commits:
commit 99a1ab10b05251220ff94a867f198b9302afe346
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Thu Oct 23 00:43:49 2014 -0400
man: add example how to generate certificates with openssl
diff --git a/man/systemd-journal-upload.xml b/man/systemd-journal-upload.xml
index ca251c6..b4422f2 100644
--- a/man/systemd-journal-upload.xml
+++ b/man/systemd-journal-upload.xml
@@ -182,6 +182,76 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
</refsect1>
<refsect1>
+ <title>Examples</title>
+ <example>
+ <title>Setting up certificates for authentication</title>
+
+ <para>Certificates signed by a trusted authority are used to
+ verify that the server to which messages are uploaded is
+ legitimate, and vice versa, that the client is trusted.</para>
+
+ <para>A suitable set of certificates can be generated with
+ <command>openssl</command>:</para>
+
+ <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
+ -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
+
+cat >ca.conf <<EOF
+[ ca ]
+default_ca = this
+
+[ this ]
+new_certs_dir = .
+certificate = ca.pem
+database = ./index
+private_key = ca.key
+serial = ./serial
+default_days = 3650
+default_md = default
+policy = policy_anything
+
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+EOF
+
+touch index
+echo 0001 > serial
+
+SERVER=server
+CLIENT=client
+
+openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
+openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
+
+openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
+openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
+</programlisting>
+
+ <para>Generated files <filename>ca.pem</filename>,
+ <filename>server.pem</filename>, and
+ <filename>server.key</filename> should be installed on server,
+ and <filename>ca.pem</filename>,
+ <filename>client.pem</filename>, and
+ <filename>client.key</filename> on the client. The location of
+ those files can be specified using
+ <varname>TrustedCertificateFile=</varname>,
+ <varname>ServerCertificateFile=</varname>,
+ <varname>ServerKeyFile=</varname>, in
+ <filename>/etc/systemd/journal-remote.conf</filename> and
+ <filename>/etc/systemd/journal-upload.conf</filename>
+ respectively. The default locations can be queried by using
+ <command>systemd-journal-remote --help</command> and
+ <command>systemd-journal-upload --help</command>.</para>
+ </example>
+ </refsect1>
+
+ <refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
commit 36d4739a68c3edafe4d145d525a26de4ef0b8e5a
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Oct 22 23:31:56 2014 -0500
journal-upload: return proper exit code
Even when termninated normally, systemd-journal-upload would return
something positive which would be interpreted as failure.
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index fc095c3..9f13ffd 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -162,11 +162,14 @@ static int load_cursor_state(Uploader *u) {
"LAST_CURSOR", &u->last_cursor,
NULL);
- if (r < 0 && r != -ENOENT) {
+ if (r == -ENOENT)
+ log_debug("State file %s is not present.", u->state_file);
+ else if (r < 0) {
log_error("Failed to read state file %s: %s",
u->state_file, strerror(-r));
return r;
- }
+ } else
+ log_debug("Last cursor was %s", u->last_cursor);
return 0;
}
@@ -837,6 +840,12 @@ int main(int argc, char **argv) {
"STATUS=Processing input...");
while (true) {
+ r = sd_event_get_state(u.events);
+ if (r < 0)
+ break;
+ if (r == SD_EVENT_FINISHED)
+ break;
+
if (use_journal) {
if (!u.journal)
break;
@@ -852,12 +861,6 @@ int main(int argc, char **argv) {
if (r < 0)
goto cleanup;
- r = sd_event_get_state(u.events);
- if (r < 0)
- break;
- if (r == SD_EVENT_FINISHED)
- break;
-
if (u.uploading) {
r = perform_upload(&u);
if (r < 0)
@@ -879,5 +882,5 @@ cleanup:
destroy_uploader(&u);
finish:
- return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+ return r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
commit cb41ff2922b8a555c01d52e1038ac26360253c15
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Oct 22 23:27:57 2014 -0500
shared/log: add log_trace as compile-time optional debugging
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
diff --git a/src/journal-remote/journal-remote-parse.c b/src/journal-remote/journal-remote-parse.c
index 224e8f1..7dd8878 100644
--- a/src/journal-remote/journal-remote-parse.c
+++ b/src/journal-remote/journal-remote-parse.c
@@ -330,7 +330,7 @@ int process_data(RemoteSource *source) {
assert(line[n-1] == '\n');
if (n == 1) {
- log_debug("Received empty line, event is ready");
+ log_trace("Received empty line, event is ready");
return 1;
}
@@ -350,7 +350,7 @@ int process_data(RemoteSource *source) {
else
/* replace \n with = */
line[n-1] = '=';
- log_debug("Received: %.*s", (int) n, line);
+ log_trace("Received: %.*s", (int) n, line);
r = iovw_put(&source->iovw, line, n);
if (r < 0) {
@@ -438,7 +438,7 @@ int process_source(RemoteSource *source, bool compress, bool seal) {
return r;
/* We have a full event */
- log_debug("Received a full event from source@%p fd:%d (%s)",
+ log_trace("Received a full event from source@%p fd:%d (%s)",
source, source->fd, source->name);
if (!source->iovw.count) {
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 8a72c6e..dc7120b 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -505,11 +505,11 @@ static int process_http_upload(
assert(source);
- log_debug("request_handler_upload: connection %p, %zu bytes",
- connection, *upload_data_size);
+ log_trace("%s: connection %p, %zu bytes",
+ __func__, connection, *upload_data_size);
if (*upload_data_size) {
- log_debug("Received %zu bytes", *upload_data_size);
+ log_trace("Received %zu bytes", *upload_data_size);
r = push_data(source, upload_data, *upload_data_size);
if (r < 0)
@@ -572,7 +572,7 @@ static int request_handler(
assert(url);
assert(method);
- log_debug("Handling a connection %s %s %s", method, url, version);
+ log_trace("Handling a connection %s %s %s", method, url, version);
if (*connection_cls)
return process_http_upload(connection,
diff --git a/src/shared/log.h b/src/shared/log.h
index 9918381..a3e23a8 100644
--- a/src/shared/log.h
+++ b/src/shared/log.h
@@ -157,6 +157,12 @@ do { \
#define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__)
#define log_error(...) log_full(LOG_ERR, __VA_ARGS__)
+#ifdef LOG_TRACE
+# define log_trace(...) log_debug(__VA_ARGS__)
+#else
+# define log_trace(...) do {} while(0)
+#endif
+
#define log_struct(level, ...) log_struct_internal(level, __FILE__, __LINE__, __func__, __VA_ARGS__)
#define log_oom() log_oom_internal(__FILE__, __LINE__, __func__)
commit 8847551bcbfa8265bae04f567bb1aadc7b480325
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 21 22:32:17 2014 -0400
journal-upload: fix --trust=all option
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index 229bcee..fc095c3 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -63,7 +63,7 @@ static const char *arg_save_state = NULL;
#define STATE_FILE "/var/lib/systemd/journal-upload/state"
#define easy_setopt(curl, opt, value, level, cmd) \
- { \
+ do { \
code = curl_easy_setopt(curl, opt, value); \
if (code) { \
log_full(level, \
@@ -71,7 +71,7 @@ static const char *arg_save_state = NULL;
curl_easy_strerror(code)); \
cmd; \
} \
- }
+ } while(0)
static size_t output_callback(char *buf,
size_t size,
@@ -254,7 +254,10 @@ int start_upload(Uploader *u,
LOG_ERR, return -EXFULL);
}
- if (arg_trust || startswith(u->url, "https://"))
+ if (streq_ptr(arg_trust, "all"))
+ easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
+ LOG_ERR, return -EUCLEAN);
+ else if (arg_trust || startswith(u->url, "https://"))
easy_setopt(curl, CURLOPT_CAINFO, arg_trust ?: TRUST_FILE,
LOG_ERR, return -EXFULL);
commit 30776485c5bc2d9c356e875f2aee874d22c393b7
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Oct 22 23:27:25 2014 -0500
journal-upload: avoid calling printf with maximum precision
Precision of INT_MAX does not work as I expected it to.
https://bugzilla.redhat.com/show_bug.cgi?id=1154334
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index 37c12f0..229bcee 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -496,10 +496,12 @@ static int perform_upload(Uploader *u) {
code = curl_easy_perform(u->easy);
if (code) {
- log_error("Upload to %s failed: %.*s",
- u->url,
- u->error[0] ? (int) sizeof(u->error) : INT_MAX,
- u->error[0] ? u->error : curl_easy_strerror(code));
+ if (u->error[0])
+ log_error("Upload to %s failed: %.*s",
+ u->url, (int) sizeof(u->error), u->error);
+ else
+ log_error("Upload to %s failed: %s",
+ u->url, curl_easy_strerror(code));
return -EIO;
}
commit d71839afd88589247d8dd42b2b09d024f521749d
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 21 23:34:29 2014 -0400
journal-upload: verify state file can be saved before uploading
Do our best verify that we can actually write the state file
before upload commences to avoid duplicate messages on the server.
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index 87d6ff7..37c12f0 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -31,6 +31,7 @@
#include "util.h"
#include "build.h"
#include "fileio.h"
+#include "mkdir.h"
#include "conf-parser.h"
#include "journal-upload.h"
@@ -93,6 +94,32 @@ static size_t output_callback(char *buf,
return size * nmemb;
}
+static int check_cursor_updating(Uploader *u) {
+ _cleanup_free_ char *temp_path = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
+ int r;
+
+ if (!u->state_file)
+ return 0;
+
+ r = mkdir_parents(u->state_file, 0755);
+ if (r < 0) {
+ log_error("Cannot create parent directory of state file %s: %s",
+ u->state_file, strerror(-r));
+ return r;
+ }
+
+ r = fopen_temporary(u->state_file, &f, &temp_path);
+ if (r < 0) {
+ log_error("Cannot save state to %s: %s",
+ u->state_file, strerror(-r));
+ return r;
+ }
+ unlink(temp_path);
+
+ return 0;
+}
+
static int update_cursor_state(Uploader *u) {
_cleanup_free_ char *temp_path = NULL;
_cleanup_fclose_ FILE *f = NULL;
@@ -779,6 +806,10 @@ int main(int argc, char **argv) {
sd_event_set_watchdog(u.events, true);
+ r = check_cursor_updating(&u);
+ if (r < 0)
+ goto cleanup;
+
log_debug("%s running as pid "PID_FMT,
program_invocation_short_name, getpid());
commit cb6518345fcc057ca6ed3d037253bb4eeab4d94e
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 21 23:20:59 2014 -0400
socket-util: use IP address when hostname is not found
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c
index e3e54e8..911dbfe 100644
--- a/src/shared/socket-util.c
+++ b/src/shared/socket-util.c
@@ -633,20 +633,20 @@ int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret)
r = getnameinfo(&sa->sa, salen, host, sizeof(host), NULL, 0,
NI_IDN|NI_IDN_USE_STD3_ASCII_RULES);
if (r != 0) {
- _cleanup_free_ char *sockname = NULL;
int saved_errno = errno;
- r = sockaddr_pretty(&sa->sa, salen, true, &sockname);
- if (r < 0)
+ r = sockaddr_pretty(&sa->sa, salen, true, &ret);
+ if (r < 0) {
log_error("sockadd_pretty() failed: %s", strerror(-r));
- else
- log_error("getnameinfo(%s) failed: %s", sockname, strerror(-r));
- return -saved_errno;
- }
+ return r;
+ }
- ret = strdup(host);
- if (!ret)
- return log_oom();
+ log_debug("getnameinfo(%s) failed: %s", ret, strerror(saved_errno));
+ } else {
+ ret = strdup(host);
+ if (!ret)
+ return log_oom();
+ }
*_ret = ret;
return 0;
commit a7736b14de340c01580dd4c09145c846d21211b9
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 21 21:05:04 2014 -0400
journal-remote: add --split-mode to help
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index d94b2af..8a72c6e 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -1172,24 +1172,25 @@ static int parse_config(void) {
static void help(void) {
printf("%s [OPTIONS...] {FILE|-}...\n\n"
"Write external journal events to journal file(s).\n\n"
- " -h --help Show this help\n"
- " --version Show package version\n"
- " --url=URL Read events from systemd-journal-gatewayd at URL\n"
- " --getter=COMMAND Read events from the output of COMMAND\n"
- " --listen-raw=ADDR Listen for connections at ADDR\n"
- " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
- " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
- " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
- " --compress[=BOOL] Use XZ-compression in the output journal (default: yes)\n"
- " --seal[=BOOL] Use Event sealing in the output journal (default: no)\n"
- " --key=FILENAME Specify key in PEM format (default:\n"
- " \"" PRIV_KEY_FILE "\")\n"
- " --cert=FILENAME Specify certificate in PEM format (default:\n"
- " \"" CERT_FILE "\")\n"
- " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
- " \"" TRUST_FILE "\")\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " --url=URL Read events from systemd-journal-gatewayd at URL\n"
+ " --getter=COMMAND Read events from the output of COMMAND\n"
+ " --listen-raw=ADDR Listen for connections at ADDR\n"
+ " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
+ " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
+ " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
+ " --compress[=BOOL] XZ-compress the output journal (default: yes)\n"
+ " --seal[=BOOL] Use event sealing (default: no)\n"
+ " --key=FILENAME SSL key in PEM format (default:\n"
+ " \"" PRIV_KEY_FILE "\")\n"
+ " --cert=FILENAME SSL certificate in PEM format (default:\n"
+ " \"" CERT_FILE "\")\n"
+ " --trust=FILENAME|all SSL CA certificate or disable checking (default:\n"
+ " \"" TRUST_FILE "\")\n"
" --gnutls-log=CATEGORY...\n"
- " Specify a list of gnutls logging categories\n"
+ " Specify a list of gnutls logging categories\n"
+ " --split-mode=none|host How many output files to create\n"
"\n"
"Note: file descriptors from sd_listen_fds() will be consumed, too.\n"
, program_invocation_short_name);
@@ -1547,7 +1548,11 @@ int main(int argc, char **argv) {
if (remoteserver_init(&s, key, cert, trust) < 0)
return EXIT_FAILURE;
- sd_event_set_watchdog(s.events, true);
+ r = sd_event_set_watchdog(s.events, true);
+ if (r < 0)
+ log_error("Failed to enable watchdog: %s", strerror(-r));
+ else
+ log_debug("Watchdog is %s.", r > 0 ? "enabled" : "disabled");
log_debug("%s running as pid "PID_FMT,
program_invocation_short_name, getpid());
commit 9ce998b93770708ce992b53e93c3c7781ec9a8a2
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Oct 22 23:18:47 2014 -0500
journal-remote: better error message on failure
Return a proper code instead of simply NULL for failure.
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index d78607c..d94b2af 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -449,33 +449,32 @@ static int setup_raw_socket(RemoteServer *s, const char *address) {
**********************************************************************
**********************************************************************/
-static RemoteSource *request_meta(void **connection_cls, int fd, char *hostname) {
+static int request_meta(void **connection_cls, int fd, char *hostname) {
RemoteSource *source;
Writer *writer;
int r;
assert(connection_cls);
if (*connection_cls)
- return *connection_cls;
+ return 0;
r = get_writer(server, hostname, &writer);
if (r < 0) {
log_warning("Failed to get writer for source %s: %s",
hostname, strerror(-r));
- return NULL;
+ return r;
}
source = source_new(fd, true, hostname, writer);
if (!source) {
- log_oom();
writer_unref(writer);
- return NULL;
+ return log_oom();
}
log_debug("Added RemoteSource as connection metadata %p", source);
*connection_cls = source;
- return source;
+ return 0;
}
static void request_meta_free(void *cls,
@@ -487,9 +486,11 @@ static void request_meta_free(void *cls,
assert(connection_cls);
s = *connection_cls;
- log_debug("Cleaning up connection metadata %p", s);
- source_free(s);
- *connection_cls = NULL;
+ if (s) {
+ log_debug("Cleaning up connection metadata %p", s);
+ source_free(s);
+ *connection_cls = NULL;
+ }
}
static int process_http_upload(
@@ -622,8 +623,13 @@ static int request_handler(
assert(hostname);
- if (!request_meta(connection_cls, fd, hostname))
+ r = request_meta(connection_cls, fd, hostname);
+ if (r == -ENOMEM)
return respond_oom(connection);
+ else if (r < 0)
+ return mhd_respond(connection, MHD_HTTP_INTERNAL_SERVER_ERROR,
+ strerror(-r));
+
hostname = NULL;
return MHD_YES;
}
commit 50a0b0717563d08c027a16a896bff8d7754eab9e
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Oct 18 01:36:58 2014 -0400
journal-upload: do not require port to be set
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index 3937683..87d6ff7 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -37,6 +37,7 @@
#define PRIV_KEY_FILE CERTIFICATE_ROOT "/private/journal-upload.pem"
#define CERT_FILE CERTIFICATE_ROOT "/certs/journal-upload.pem"
#define TRUST_FILE CERTIFICATE_ROOT "/ca/trusted.pem"
+#define DEFAULT_PORT 19532
static const char* arg_url;
@@ -392,6 +393,7 @@ static int setup_signals(Uploader *u) {
static int setup_uploader(Uploader *u, const char *url, const char *state_file) {
int r;
+ const char *host, *proto = "";
assert(u);
assert(url);
@@ -399,10 +401,24 @@ static int setup_uploader(Uploader *u, const char *url, const char *state_file)
memzero(u, sizeof(Uploader));
u->input = -1;
- if (!startswith(url, "http://") && !startswith(url, "https://"))
- url = strappenda("https://", url);
+ if (!(host = startswith(url, "http://")) && !(host = startswith(url, "https://"))) {
+ host = url;
+ proto = "https://";
+ }
+
+ if (strchr(host, ':'))
+ u->url = strjoin(proto, url, "/upload", NULL);
+ else {
+ char *t;
+ size_t x;
- u->url = strappend(url, "/upload");
+ t = strdupa(url);
+ x = strlen(t);
+ while (x > 0 && t[x - 1] == '/')
+ t[x - 1] = '\0';
+
+ u->url = strjoin(proto, t, ":" STRINGIFY(DEFAULT_PORT), "/upload", NULL);
+ }
if (!u->url)
return log_oom();
@@ -505,7 +521,8 @@ static void help(void) {
"Upload journal events to a remote server.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
- " -u --url=URL Upload to this address\n"
+ " -u --url=URL Upload to this address (default port "
+ STRINGIFY(DEFAULT_PORT) ")\n"
" --key=FILENAME Specify key in PEM format (default:\n"
" \"" PRIV_KEY_FILE "\")\n"
" --cert=FILENAME Specify certificate in PEM format (default:\n"
commit 1af719edc5958c01c19204fb68d6fc45c9eea85c
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Oct 18 01:30:54 2014 -0400
systemd-upload: print paths in help()
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 0803753..d78607c 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -1173,7 +1173,7 @@ static void help(void) {
" --listen-raw=ADDR Listen for connections at ADDR\n"
" --listen-http=ADDR Listen for HTTP connections at ADDR\n"
" --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
- " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
+ " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
" --compress[=BOOL] Use XZ-compression in the output journal (default: yes)\n"
" --seal[=BOOL] Use Event sealing in the output journal (default: no)\n"
" --key=FILENAME Specify key in PEM format (default:\n"
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index bf3a059..3937683 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -506,9 +506,12 @@ static void help(void) {
" -h --help Show this help\n"
" --version Show package version\n"
" -u --url=URL Upload to this address\n"
- " --key=FILENAME Specify key in PEM format\n"
- " --cert=FILENAME Specify certificate in PEM format\n"
- " --trust=FILENAME Specify CA certificate in PEM format\n"
+ " --key=FILENAME Specify key in PEM format (default:\n"
+ " \"" PRIV_KEY_FILE "\")\n"
+ " --cert=FILENAME Specify certificate in PEM format (default:\n"
+ " \"" CERT_FILE "\")\n"
+ " --trust=FILENAME|all Specify CA certificate or disable checking (default:\n"
+ " \"" TRUST_FILE "\")\n"
" --system Use the system journal\n"
" --user Use the user journal for the current user\n"
" -m --merge Use all available journals\n"
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index 83ea1a9..bd3ceef 100644
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -150,7 +150,8 @@ int make_socket_fd(int log_level, const char* address, int flags) {
r = socket_address_parse(&a, address);
if (r < 0) {
- log_error("Failed to parse socket: %s", strerror(-r));
+ log_error("Failed to parse socket address \"%s\": %s",
+ address, strerror(-r));
return r;
}
commit 43300d9d38dd26b197c70401d3054483ba248b95
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Oct 18 01:28:37 2014 -0400
journal-remote: give names to event sources
This possibility was recently added, and it makes debugging much nicer.
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 5c3c671..0803753 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -398,6 +398,12 @@ static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
goto error;
}
+ r = sd_event_source_set_name(source->event, name);
+ if (r < 0) {
+ log_error("Failed to set source name for fd:%d: %s", fd, strerror(-r));
+ goto error;
+ }
+
return 1; /* work to do */
error:
@@ -407,15 +413,24 @@ static int add_source(RemoteServer *s, int fd, char* name, bool own_name) {
static int add_raw_socket(RemoteServer *s, int fd) {
int r;
+ _cleanup_close_ int fd_ = fd;
+ char name[strlen("raw-socket-") + DECIMAL_STR_MAX(int)];
+
+ assert(fd >= 0);
r = sd_event_add_io(s->events, &s->listen_event,
fd, EPOLLIN,
dispatch_raw_connection_event, s);
- if (r < 0) {
- close(fd);
+ if (r < 0)
+ return r;
+
+ snprintf(name, sizeof(name), "raw-socket-%d", fd);
+
+ r = sd_event_source_set_name(s->listen_event, name);
+ if (r < 0)
return r;
- }
+ fd_ = -1;
s->active ++;
return 0;
}
@@ -703,6 +718,12 @@ static int setup_microhttpd_server(RemoteServer *s,
goto error;
}
+ r = sd_event_source_set_name(d->event, "epoll-fd");
+ if (r < 0) {
+ log_error("Failed to set source name: %s", strerror(-r));
+ goto error;
+ }
+
r = hashmap_ensure_allocated(&s->daemons, &uint64_hash_ops);
if (r < 0) {
log_oom();
@@ -762,19 +783,6 @@ static int dispatch_http_event(sd_event_source *event,
**********************************************************************
**********************************************************************/
-static int dispatch_sigterm(sd_event_source *event,
- const struct signalfd_siginfo *si,
- void *userdata) {
- RemoteServer *s = userdata;
-
- assert(s);
-
- log_received_signal(LOG_INFO, si);
-
- sd_event_exit(s->events, 0);
- return 0;
-}
-
static int setup_signals(RemoteServer *s) {
sigset_t mask;
int r;
@@ -785,11 +793,19 @@ static int setup_signals(RemoteServer *s) {
sigset_add_many(&mask, SIGINT, SIGTERM, -1);
assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
- r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, dispatch_sigterm, s);
+ r = sd_event_add_signal(s->events, &s->sigterm_event, SIGTERM, NULL, s);
+ if (r < 0)
+ return r;
+
+ r = sd_event_source_set_name(s->sigterm_event, "sigterm");
+ if (r < 0)
+ return r;
+
+ r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, NULL, s);
if (r < 0)
return r;
- r = sd_event_add_signal(s->events, &s->sigint_event, SIGINT, dispatch_sigterm, s);
+ r = sd_event_source_set_name(s->sigint_event, "sigint");
if (r < 0)
return r;
commit 42b6bf75e414c4e6ff5b92cda1c76b6b73677cb7
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Oct 18 01:27:10 2014 -0400
journal-upload: fix socket activation
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index eb092ce..5c3c671 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -796,16 +796,19 @@ static int setup_signals(RemoteServer *s) {
return 0;
}
-static int fd_fd(const char *spec) {
+static int negative_fd(const char *spec) {
+ /* Return a non-positive number as its inverse, -EINVAL otherwise. */
+
int fd, r;
r = safe_atoi(spec, &fd);
if (r < 0)
return r;
- if (fd < 0)
- return -EINVAL;
- return fd;
+ if (fd > 0)
+ return -EINVAL;
+ else
+ return -fd;
}
static int remoteserver_init(RemoteServer *s,
@@ -851,7 +854,7 @@ static int remoteserver_init(RemoteServer *s,
}
for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
- if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
+ if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
log_info("Received a listening socket (fd:%d)", fd);
if (fd == http_socket)
@@ -860,7 +863,7 @@ static int remoteserver_init(RemoteServer *s,
r = setup_microhttpd_server(s, fd, key, cert, trust);
else
r = add_raw_socket(s, fd);
- } else if (sd_is_socket(fd, AF_UNSPEC, 0, true)) {
+ } else if (sd_is_socket(fd, AF_UNSPEC, 0, false)) {
char *hostname;
r = getnameinfo_pretty(fd, &hostname);
@@ -1256,7 +1259,7 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
- r = fd_fd(optarg);
+ r = negative_fd(optarg);
if (r >= 0)
http_socket = r;
else
@@ -1269,7 +1272,7 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
- r = fd_fd(optarg);
+ r = negative_fd(optarg);
if (r >= 0)
https_socket = r;
else
diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c
index e162044..bf3a059 100644
--- a/src/journal-remote/journal-upload.c
+++ b/src/journal-remote/journal-upload.c
@@ -220,8 +220,6 @@ int start_upload(Uploader *u,
LOG_WARNING, );
if (arg_key || startswith(u->url, "https://")) {
- assert(arg_cert);
-
easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE,
LOG_ERR, return -EXFULL);
easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
commit a9becdd65bb4b64675bc0c109d14ab12b1ecd2b7
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Oct 21 18:44:09 2014 -0400
sd-daemon,man: ignore missing $WATCHDOG_PID
Systemd 209 started setting $WATCHDOG_PID, and sd-daemon watch was
modified to check for this variable. This means that
sd_watchdog_enabled() stopped working with previous versions of
systemd. But sd-event is a public library and API and we must keep it
working even when a program compiled with a newer version of the
libary is used on a system running an older version of the manager.
getenv() and unsetenv() are fairly expensive calls, so optimize
sd_watchdog_enabled() by not calling them when unnecessary.
man: centralize the description of $WATCHDOG_PID and $WATCHDOG_USEC in
the sd_watchdog_enabled manpage. It is better not to repeat the same
stuff in two places.
diff --git a/man/sd_notify.xml b/man/sd_notify.xml
index fbb882d..35f6f71 100644
--- a/man/sd_notify.xml
+++ b/man/sd_notify.xml
@@ -192,17 +192,12 @@
<varname>WatchdogSec=</varname> is
enabled for it. See
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details. It is recommended to send
- this message if the
- <varname>$WATCHDOG_PID</varname>
- environment variable has been set to
- the PID of the service process, in
- every half the time interval that is
- specified in the
- <varname>$WATCHDOG_USEC</varname>
- environment variable. See
+ for information how to enable this
+ functionality and
<citerefentry><refentrytitle>sd_watchdog_enabled</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- for details.</para></listitem>
+ for the details of how the service can
+ check if the the watchdog is enabled.
+ </para></listitem>
</varlistentry>
</variablelist>
diff --git a/man/sd_watchdog_enabled.xml b/man/sd_watchdog_enabled.xml
index 4164027..462d7c6 100644
--- a/man/sd_watchdog_enabled.xml
+++ b/man/sd_watchdog_enabled.xml
@@ -69,30 +69,37 @@
which the manager will act on the service if it did
not get such a notification.</para>
+ <para>If the <varname>$WATCHDOG_USEC</varname>
+ environment variable is set, and the
+ <varname>$WATCHDOG_PID</varname> variable is unset or
+ set to the PID of the current process, the service
+ manager expects notifications from this process. The
+ manager will usually terminate a service when it does
+ not get a notification message within the specified
+ time after startup and after each previous message. It
+ is recommended that a daemon sends a keep-alive
+ notification message to the service manager every half
+ of the time returned here. Notification messages may
+ be sent with
+ <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ with a message string of
+ <literal>WATCHDOG=1</literal>.</para>
+
<para>If the <parameter>unset_environment</parameter>
parameter is non-zero,
<function>sd_watchdog_enabled()</function> will unset
the <varname>$WATCHDOG_USEC</varname> and
<varname>$WATCHDOG_PID</varname> environment variables
- before returning (regardless of whether the function call
- itself succeeded or not). Further calls to
- <function>sd_watchdog_enabled()</function> will then
- return with zero, but the variable is no longer
- inherited by child processes.</para>
+ before returning (regardless of whether the function
+ call itself succeeded or not). Those variables are no
+ longer inherited by child processes. Further calls to
+ <function>sd_watchdog_enabled()</function> will also
+ return with zero.</para>
<para>If the <parameter>usec</parameter> parameter is
non-NULL, <function>sd_watchdog_enabled()</function>
- will return the timeout in µs for the watchdog
- logic. The service manager will usually terminate a
- service when it did not get a notification message
- within the specified time after startup and after each
- previous message. It is recommended that a daemon
- sends a keep-alive notification message to the service
- manager every half of the time returned
- here. Notification messages may be sent with
- <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- with a message string of
- <literal>WATCHDOG=1</literal>.</para>
+ will write the timeout in µs for the watchdog
+ logic to it.</para>
<para>To enable service supervision with the watchdog
logic, use <varname>WatchdogSec=</varname> in service
@@ -126,7 +133,6 @@
of the current process, under the assumption that in
that case, the variables were set for a different
process further up the process tree.</para>
-
</refsect1>
<refsect1>
@@ -157,6 +163,19 @@
</refsect1>
<refsect1>
+ <title>History</title>
+
+ <para>The watchdog functionality and the
+ <varname>$WATCHDOG_USEC</varname> variable were
+ added in systemd-41.</para>
+
+ <para><function>sd_watchdog_enabled()</function>
+ function was added in systemd-209. Since that version
+ the <varname>$WATCHDOG_PID</varname> variable is also
+ set.</para>
+ </refsect1>
+
+ <refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index 46241f7..1f2a533 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -491,39 +491,35 @@ _public_ int sd_booted(void) {
}
_public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
- const char *e;
+ const char *s, *p = ""; /* p is set to dummy value to do unsetting */
uint64_t u;
- pid_t pid;
- int r;
+ int r = 0;
- e = getenv("WATCHDOG_PID");
- if (!e) {
- r = 0;
+ s = getenv("WATCHDOG_USEC");
+ if (!s)
goto finish;
- }
- r = parse_pid(e, &pid);
+ r = safe_atou64(s, &u);
if (r < 0)
goto finish;
-
- /* Is this for us? */
- if (getpid() != pid) {
- r = 0;
- goto finish;
- }
-
- e = getenv("WATCHDOG_USEC");
- if (!e) {
+ if (u <= 0) {
r = -EINVAL;
goto finish;
}
- r = safe_atou64(e, &u);
- if (r < 0)
- goto finish;
- if (u <= 0) {
- r = -EINVAL;
- goto finish;
+ p = getenv("WATCHDOG_PID");
+ if (p) {
+ pid_t pid;
+
+ r = parse_pid(p, &pid);
+ if (r < 0)
+ goto finish;
+
+ /* Is this for us? */
+ if (getpid() != pid) {
+ r = 0;
+ goto finish;
+ }
}
if (usec)
@@ -532,10 +528,10 @@ _public_ int sd_watchdog_enabled(int unset_environment, uint64_t *usec) {
r = 1;
finish:
- if (unset_environment) {
- unsetenv("WATCHDOG_PID");
+ if (unset_environment && s)
unsetenv("WATCHDOG_USEC");
- }
+ if (unset_environment && p)
+ unsetenv("WATCHDOG_PID");
return r;
}
commit 203af57fcdced5debfc26e1083eaefa031e322f4
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed Oct 22 23:12:50 2014 -0500
man: make udev.event-timeout more visible
Evidently some people had trouble finding it in the documentation.
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml
index 2552c79..68460ac 100644
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@@ -255,6 +255,8 @@
<term><varname>rd.udev.children-max=</varname></term>
<term><varname>udev.exec-delay=</varname></term>
<term><varname>rd.udev.exec-delay=</varname></term>
+ <term><varname>udev.event-timeout=</varname></term>
+ <term><varname>rd.udev.event-timeout=</varname></term>
<term><varname>net.ifnames=</varname></term>
<listitem>
diff --git a/man/systemd-udevd.service.xml b/man/systemd-udevd.service.xml
index 049a440..ab5c163 100644
--- a/man/systemd-udevd.service.xml
+++ b/man/systemd-udevd.service.xml
@@ -58,10 +58,11 @@
<refentrytitle>udev</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>.</para>
- <para>The behavior of the running daemon can be changed
- dynamically with <command>udevadm control</command>, or
- configured using
- <citerefentry><refentrytitle>udev.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ <para>The behavior of the daemon can be configured using
+ <citerefentry><refentrytitle>udev.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ its command-line options, environment variables, and on the kernel
+ command-line, or changed dynamically with <command>udevadm
+ control</command>.
</para>
</refsect1>
diff --git a/man/udev.conf.xml b/man/udev.conf.xml
index de84b91..16ad41e 100644
--- a/man/udev.conf.xml
+++ b/man/udev.conf.xml
@@ -61,20 +61,27 @@
<filename>/etc/udev/udev.conf</filename>. It consists of a set
of variables allowing the user to override default udev
values. All empty lines or lines beginning with '#' are
- ignored. The following variables can be set:</para>
-
- <variablelist>
- <varlistentry>
- <term><varname>udev_log</varname></term>
-
- <listitem>
- <para>The logging priority. Valid values are the numerical
- syslog priorities or their textual representations:
- <option>err</option>, <option>info</option> and
- <option>debug</option>.</para>
- </listitem>
- </varlistentry>
- </variablelist>
+ ignored. The following variables can be set:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><varname>udev_log</varname></term>
+
+ <listitem>
+ <para>The logging priority. Valid values are the numerical
+ syslog priorities or their textual representations:
+ <option>err</option>, <option>info</option> and
+ <option>debug</option>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ In addition, <filename>systemd-udevd</filename> can be configured
+ by command-line options and the kernel commandline (see
+ <citerefentry><refentrytitle>systemd-udevd</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
+ </para>
</refsect1>
<refsect1>
More information about the systemd-commits
mailing list