tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

resolved: add alignment to base64 We try to fit the lengthy key data into available space. If the other fields take less than half of the available columns, we use align everything in the remaining columns. Otherwise, we put everything after a newline, indented with 8 spaces. This is similar to dig and other tools do. $ COLUMNS=78 ./systemd-resolve -t any . . IN SOA a.root-servers.net nstld.verisign-grs.com 2016012701 1800 900 604800 86400 . IN RRSIG SOA RSASHA256 0 86400 20160206170000 20160127160000 54549 S1uhUoBAReAFi5wH/KczVDgwLb+B9Zp57dSYj9aX4XxBhKuzccIducpg0wWXhjCRAWuzY fQ/J2anm4+C4BLUTdlytPIemd42SUffQk2WGuuukI8e67nkrNF3WFtoeXQ4OchsyO24t2 rxi682Zo9ViqmXZ+MSsjWKt1jdem4noaY= . IN NS h.root-servers.net . IN NS k.root-servers.net . IN NS e.root-servers.net . IN NS c.root-servers.net . IN NS b.root-servers.net . IN NS g.root-servers.net . IN NS d.root-servers.net . IN NS f.root-servers.net . IN NS i.root-servers.net . IN NS j.root-servers.net . IN NS m.root-servers.net . IN NS a.root-servers.net . IN NS l.root-servers.net . IN RRSIG NS RSASHA256 0 518400 20160206170000 20160127160000 54549 rxhmTVKUgs72G3VzL+1JRuD0nGLIrPM+ISfmUx0eYUH5wZD5XMu2X+8PfkAsEQT1dziPs ac+zK1YZPbNgr3yGI5H/wEbK8S7DmlvO+/I9WKTLp/Zxn3yncvnTOdjFMZxkAqHbjVOm+ BFz7RjQuvCQlEJX4PQBFphgEnkiOnmMdI= . IN NSEC aaa ( NS SOA RRSIG NSEC DNSKEY ) . IN RRSIG NSEC RSASHA256 0 86400 20160206170000 20160127160000 54549 HY49/nGkUJJP1zLmH33MIKnkNH33jQ7bsAHE9itEjvC4wfAzgq8+Oh9fjYav1R1GDeJ2Z HOu3Z2uDRif10R8RsmZbxyZXJs7eHui9KcAMot1U4uKCCooC/5GImf+oUDbvaraUCMQRU D3mUzoa0BGWfxgZEDqZ55raVFT/olEgG8= . IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0 O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0 NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL4 96M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1ap AzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6 dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ2 5AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1 ihz0= . IN DNSKEY 256 3 RSASHA256 AwEAAbr/RV0stAWYbmKOldjShp4AOQGOyY3ATI1NUpP4X1qBs 6lsXpc+1ABgv6zkg02IktjZrHnmD0HsElu3wqXMrT5KL1W7Sp mg0Pou9WZ8QttdTKXwrVXrASsaGI2z/pLBSnK8EdzqUrTVxY4 TEGZtxV519isM06CCMihxTn5cfFBF . IN RRSIG DNSKEY RSASHA256 0 172800 20160204235959 20160121000000 19036 XYewrVdYKRDfZptAATwT+W4zng04riExV36+z04kok09W0RmOtDlQrlrwHLlD2iN/zYpg EqGgDF5T2xlrQdNpn+PFHhypHM7NQAgLTrwmiw6mGbV0bsZN3rhFxHwW7QVUFAvo9eNVu INrjm+sArwxq3DnPkmA+3K4ikKD2iiT/jT91VYr9SHFqXXURccLjI+nmaE7m31hXcirX/ r5i3J+B4Fx4415IavSD72r7cmruocnCVjcp+ZAUKeMyW+RwigzevLz3oEcCZ4nrTpGLEj wFaVePYoP+rfdmfLfTdmkkm4APRJa2My3XOdGFlgNS1pW1pH4az5LapLE2vMO7p1aQ== -- Information acquired via protocol DNS in 14.4ms. -- Data is authenticated: no

proc-cmdline: add runlevel to target mapping

test-parse-util: Move parse-util tests into their own test case Tests for the functions defined in src/basic/parse-util.c. Reorder them to match the order in which the functions are defined in the source file. Adjusted the list of include files to remove the ones no longer needed in test-util.c. Tested that `make check` still passes as expected. Also checked the number of lines removed from test-util.c matches the expected, as an additional verification that no tests were dropped or duplicated in the move.

test-extract-word: Move extract-word tests into their own test case Tests for the functions defined in src/basic/extract-word.c. Tested that `make check` still passes as expected.

cpu-set-util: Support ranges in parse_cpu_set_and_warn Tested CPUAffinity ranges on both a service unit and in system.conf and confirmed they work as expected (by inspecting /proc/PID/status, for the main pid of the service and for pid 1). Also mixed ranges with both spaces, commas, trailing commas and spaces. Added new tests to increase coverage of ranges and prevent regressions.

parse-util: Introduce new parse_range function This function will be useful for CPUAffinity settings that involve ranges of CPUs. Make it generic and include test coverage to prevent regressions.

cpu-set-util: Accept commas as separators in parse_cpu_set_and_warn Tested CPUAffinity settings on both a service unit and in system.conf and confirmed they work as expected. Added a new test to confirm that trailing commas and spaces work and to prevent any regressions in that area.

util-lib: split out allocation calls into alloc-util.[ch]

util-lib: split out globbing related calls into glob-util.[ch]

util-lib: move web-related calls into web-util.[ch]

util-lib: move /proc/cmdline parsing code to proc-cmdline.[ch]

util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]

util-lib: move a number of fs operations into fs-util.[ch]

util-lib: split xattr-related calls into xattr-util.[ch]

util: move filename_is_valid() and path_is_safe() to path-util.[ch]

util-lib: move fstab_node_to_udev_node() to fstab-util.[ch]

util-lib: split out hex/dec/oct encoding/decoding into its own file

util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]

util-lib: split out user/group/uid/gid calls into user-util.[ch]

util-lib: split out IO related calls to io-util.[ch]

util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.

util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.

util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.

util: allow unbalanced double quote in EXTRACT_QUOTES|EXTRACT_RELAX mode extract_first_word understands "\'string" but doesn't understand "\"string" fixed this inconsistency.

util: rework fgetxattrat_fake() to use O_PATH That way, we don't ever open the file, thus leave the atime untouched, and this works even when unprivileged.

basic: split out cpu set specific APIs into cpu-set-util.[ch]

util: rename parse_cpu_set() to parse_cpu_set_and_warn() It's pretty untypical for our parsing functions to log on their own. Clarify in the name that this one does.

util: Add test for parse_cpu_set

tree-wide: never use the off_t unless glibc makes us use it off_t is a really weird type as it is usually 64bit these days (at least in sane programs), but could theoretically be 32bit. We don't support off_t as 32bit builds though, but still constantly deal with safely converting from off_t to other types and back for no point. Hence, never use the type anymore. Always use uint64_t instead. This has various benefits, including that we can expose these values directly as D-Bus properties, and also that the values parse the same in all cases.

test: add one more test case for parse_pid()

util: document why parse_uid() returns ENXIO parse_uid() returns EINVAL for invalid strings, but ENXIO for the (uid_t) -1 user ids in order to distinguish these two cases. Document this.

test-util: fix a memleak

util: Add shell_escape This is for shell-style \ escaping rather than quoting, which while it has the same effect in produced shell commands, is not exclusively useful for shell commands. shell_escape would be useful for producing sed commands, as you would be able to \ escape the normal special characters, plus whichever argument separator was chosen; or it could be used to escape arguments passed to the overlayfs mount command.

util: Allow non-separator coalescing parsing in extract_first_word If EXTRACT_DONT_COALESCE_SEPARATORS is passed, then leading separators, trailing separators and spans of multiple separators aren't skipped, and empty arguments from before, after or between separators may be extracted.

util: Don't interpret quotes by default in extract_first_word This adds an EXTRACT_QUOTES option to allow the previous behaviour, of not interpreting any character inside ' or " quotes as separators.

util: change unquote_*_word to extract_*_word It now takes a separators argument, which defaults to WHITESPACE if NULL is passed.

Convert unquote_*_word users to expect isempty(p) after the last entry This is so that, when called in a loop, unquote_first_word can distinguish between reaching the end of a string because it has consumed all the input before the end, and consuming all the input. This is important because we later add a flag that allows char *in = ""; char *out; unquote_first_word(&in, &out, flags); To put "" in out, and set in = NULL, so the trailing empty string of the input can be consumed, and mark that the input has been consumed.

hostname-util: add relax parameter to hostname_is_valid Tests are modified to check behaviour with relax and without relax. New tests are added for hostname_cleanup(). Tests are moved a new file (test-hostname-util) because there's now a bunch of them. New parameter is not used anywhere, except in tests, so there should be no observable change.

test-util: add more tests Add tests for safe_ato[iu]16() and some more unbase32hexmem() torture.

tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);

busctl: add and use strcmp_ptr() In member_compare_func(), it compares interface, type and name of members. But as it can contain NULL pointer, it needs to check them before calling strcmp(). So make it as a separate strcmp_ptr function (named after streq_ptr) so that it can be used by others. Also let streq_ptr() to use it in order to make the code simpler.

unquote_first_word: parse ` '' ` as an empty argument instead of no argument

basic: util - add base32hexmem() function similar to hexmem() This implements more of RFC4648.

basic: util - add base64mem() function similar to hexmem() This implements RFC4648 for a slightly more compact representation of binary data compared to hex (6 bits per character rather than 4).

basic: util - fix errorhandling in unhexmem() We were ignoring failures from unhexchar, which meant that invalid hex characters were being turned into garbage rather than the string rejected. Fix this by making unhexmem return an error code, also change the API slightly, to return the size of the returned memory, reflecting the fact that the memory is a binary blob,and not a string. For convenience, still append a trailing NULL byte to the returned memory (not included in the returned size), allowing callers to treat it as a string without doing a second copy.

fileio: consolidate write_string_file*() Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.

util: Introduce unquote_first_word_and_warn It will try to unquot_first_word, but if it runs into escaping problems it will retry it adding UNQUOTE_CUNESCAPE_RELAX to the flags. If it succeeds on the second try, it will log a warning about it. If it fails both times, it will log an error. Add test cases to confirm it behaves as expected.

util: New flag UNQUOTE_UNESCAPE_RELAX for unquote_first_word The new flag UNQUOTE_UNESCAPE_RELAX preserves unrecognized escape sequences verbatim in unquote_first_word, either when it's a trailing backslash (similar to UNQUOTE_RELAX, but in this case keep the extra backslash in the output) or in the middle of a sequence string. Add unit test cases to ensure the new flag works as expected and to prevent regressions from being introduced. Tested with a follow up commit converting config_parse_exec() to start using unquote_first_word, in which case this flags makes it possible to preserve unrecognized escape sequences. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794

util: when creating temporary file names, allow including extra id string in it This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.

test-util: fix a memleak

util: fix another cunescape() regression Fix a regression caused by 4034a06d ("util: rework word parsing and c unescaping code") which broke octal escape sequences. The reason for this breakage is that cunescape_one() expects 4 characters in an octal encoding, which is a stray left-over from the old code which operated on different variables to make the length check. While at it, add a test case to prevent the same thing from happening again.

util: split out signal-util.[ch] from util.[ch] No functional changes.

test: hostname - test that hostname is truly initialized Fixes CID CID 1299638 (use after free).

hostname: Allow comments in /etc/hostname The hostname(1) tool allows comments in /etc/hostname. Introduce a new read_hostname_config() in hostname-util which reads a hostname configuration file like /etc/hostname, strips out comments, whitespace, and cleans the hostname. Use it in hostname-setup.c and hostnamed and remove duplicated code. Update hostname manpage. Add tests. https://launchpad.net/bugs/1053048

util: split all hostname related calls into hostname-util.c

shared: add terminal-util.[ch]

shared: add process-util.[ch]

util: unify how we parse mode_t strings

util: fix unicode decoding in unquote_first_word()

util: when unescaping C escape sequences support C++11 \u and \U unicode literals We simply recode them in utf8.

util: add shell_maybe_quote() call for preparing a string for shell cmdline inclusion If necessary the passed string is enclosed in "", and all special characters escapes. This also ports over usage in bus-util.c and job.c to use this, instead of a incorrect local implementation that forgets to properly escape.

test-util: don't mix declarations and code

util: rework cunescape(), improve error handling Change cunescape() to return a normal error code, so that we can distuingish OOM errors from parse errors. This also adds a flags parameter to control whether "relaxed" or normal parsing shall be done. If set no parse failures are generated, and the only reason why cunescape() can fail is OOM.

util: rework rm_rf() logic - Move to its own file rm-rf.c - Change parameters into a single flags parameter - Remove "honour sticky" logic, it's unused these days

util: rework word parsing and c unescaping code When parsing words from input files, optionally automatically unescape the passed strings, controllable via a new flags parameter. Make use of this in tmpfiles, and port everything else over, too. This improves parsing quite a bit, since we no longer have to process the same string multiple times with different calls, where an earlier call might corrupt the input for a later call.

test-util: remove superfluous const

util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.

tests: use assert_se instead of assert Otherwise they can be optimized away with -DNDEBUG

Assorted format fixes Types used for pids and uids in various interfaces are unpredictable. Too bad.

util: make http url validity checks more generic, and move them to util.c

import-raw: when downloading raw images, generate sparse files if we can

shared/util: respect buffer boundary on incomplete escape sequences cunescape_length_with_prefix() is called with the length as an argument, so it cannot rely on the buffer being NUL terminated. Move the length check before accessing the memory. When an incomplete escape sequence was given at the end of the buffer, c_l_w_p() would read past the end of the buffer. Fix this and add a test.

test-util: make sure that masking and overriding works

Implement masking and overriding of generators Sometimes it is necessary to stop a generator from running. Either because of a bug, or for testing, or some other reason. The only way to do that would be to rename or chmod the generator binary, which is inconvenient and does not survive upgrades. Allow masking and overriding generators similarly to units and other configuration files. For the systemd instance, masking would be more common, rather than overriding generators. For the user instances, it may also be useful for users to have generators in $XDG_CONFIG_HOME to augment or override system-wide generators. Directories are searched according to the usual scheme (/usr/lib, /usr/local/lib, /run, /etc), and files with the same name in higher priority directories override files with the same name in lower priority directories. Empty files and links to /dev/null mask a given name. https://bugs.freedesktop.org/show_bug.cgi?id=87230

Simplify execute_directory() Remove the optional sepearate opening of the directory, it would be just too complicated with the change to multiple directories. Move the middle of execute_directory() to a seperate function to make it easier to grok.

logind: unify how we cast between uid_t and pointers for hashmap keys

util: make use of kcmp() to compare fds, if it is available

macro: add DIV_ROUND_UP() This macro calculates A / B but rounds up instead of down. We explicitly do *NOT* use: (A + B - 1) / A as it suffers from an integer overflow, even though the passed values are properly tested against overflow. Our test-cases show this behavior. Instead, we use: A / B + !!(A % B) Note that on "Real CPUs" this does *NOT* result in two divisions. Instead, instructions like idivl@x86 provide both, the quotient and the remainder. Therefore, both algorithms should perform equally well (I didn't verify this, though).

test: wait for cloned thread to exit In test_raw_clone, make sure the cloned thread calls _exit() and in the parent thread call waitpid(..., __WCLONE) to wait for the child thread to terminate, otherwise there is a race condition where the child thread will log to the console after the test process has already exited and the assertion from the child thread might not be enforced. The absence of this patch might also create problems for other tests that would be added after this one, since potentially both parent and child would run those tests as the child would continue running. Tested by confirming that the logs from the child are printed before the test terminates and that a false assertion in the child aborts the test with a core dump. [zj: also add check for the return value.]

test: only use assert_se in test_raw_clone The asserts used in the tests should never be allowed to be optimized away.

Treat a trailing backslash as an error Commit a2a5291b3f5 changed the parser to reject unfinished quoted strings. Unfortunately it introduced an error where a trailing backslash would case an infinite loop. Of course this must fixed, but the question is what to to instead. Allowing trailing backslashes and treating them as normal characters would be one option, but this seems suboptimal. First, there would be inconsistency between handling of quoting and of backslashes. Second, a trailing backslash is most likely an error, at it seems better to point it out to the user than to try to continue. Updated rules: ExecStart=/bin/echo \\ → OK, prints a backslash ExecStart=/bin/echo \ → error ExecStart=/bin/echo "x → error ExecStart=/bin/echo "x"y → error

core: use raw_clone instead of fork in signal handler fork() is not async-signal-safe and calling it from the signal handler could result in a deadlock when at_fork() handlers are called. Using the raw clone() syscall sidesteps that problem. The tricky part is that raise() does not work, since getpid() does not work. Add raw_getpid() to get the real pid, and use kill() instead of raise(). https://bugs.freedesktop.org/show_bug.cgi?id=86604

util: when using basename() for creating temporary files, verify the resulting name is actually valid Also, rename filename_is_safe() to filename_is_valid(), since it actually does a full validation for what the kernel will accept as file name, it's not just a heuristic.

test: fix some tests when running inside a container

sd-bus: get rid of PID starttime concept As kdbus no longer exports this, remove all traces from sd-bus too

util: add function getting proc environ On the contrary of env, the added function returns all characters cescaped, because it improves reproducibility.

util: add functions getting proc cwd and root /proc/[pid]/cwd and /proc/[pid]/root are symliks to corresponding directories The added functions returns values of that symlinks.

tests: fix minor memory leak

util: rework /proc/cmdline parser to use unquote_first_word()

test: only use assert_se The asserts used in the tests should never be allowed to be optimized away

util: add alloca_align() The alloca_align() helper is the alloca() equivalent of posix_memalign(). As there is no such function provided by glibc, we simply account for additional memory and return a pointer offset into the allocated memory to grant the alignment. Furthermore, alloca0_align() is added, which simply clears the allocated memory.

test-util: make valgrind happy Properly free all temporary resources to make valgrind not complain about lost records.

test: fix mem-leak in fdopen() test We must free FILE* after function return to not leak resources. Note that this also closes our fd as fdopen() takes ownership of it. Reported by Philippe De Swert (via coverity).

macro: use unique variable names for math-macros Similar to container_of(), we now use unique variable names for the bascic math macros MAX, MIN, CLAMP, LESS_BY. Furthermore, unit tests are added to verify they work as expected. For a rationale, see: commit fb835651aff79a1e7fc5795086c9b26e59a8e6ca Author: David Herrmann <dh.herrmann@gmail.com> Date: Fri Aug 22 14:41:37 2014 +0200 shared: make container_of() use unique variable names

shared: make container_of() use unique variable names If you stack container_of() macros, you will get warnings due to shadowing variables of the parent context. To avoid this, use unique names for variables. Two new helpers are added: UNIQ: This evaluates to a truly unique value never returned by any evaluation of this macro. It's a shortcut for __COUNTER__. UNIQ_T: Takes two arguments and concatenates them. It is a shortcut for CONCATENATE, but meant to defined typed local variables. As you usually want to use variables that you just defined, you need to reference the same unique value at least two times. However, UNIQ returns a new value on each evaluation, therefore, you have to pass the unique values into the macro like this: #define my_macro(a, b) __max_macro(UNIQ, UNIQ, (a), (b)) #define __my_macro(uniqa, uniqb, a, b) ({ typeof(a) UNIQ_T(A, uniqa) = (a); typeof(b) UNIQ_T(B, uniqb) = (b); MY_UNSAFE_MACRO(UNIQ_T(A, uniqa), UNIQ_T(B, uniqb)); }) This way, MY_UNSAFE_MACRO() can safely evaluate it's arguments multiple times as they are local variables. But you can also stack invocations to the macro my_macro() without clashing names. This is the same as if you did: #define my_macro(a, b) __max_macro(__COUNTER__, __COUNTER__, (a), (b)) #define __my_macro(prefixa, prefixb, a, b) ({ typeof(a) CONCATENATE(A, prefixa) = (a); typeof(b) CONCATENATE(B, prefixb) = (b); MY_UNSAFE_MACRO(CONCATENATE(A, prefixa), CONCATENATE(B, prefixb)); }) ...but in my opinion, the first macro is easier to write and read. This patch starts by converting container_of() to use this new helper. Other macros may follow (like MIN, MAX, CLAMP, ...).

test-util: use assert_se() for call to safe_mkdir with side effect Otherwise it gets optimized out when CPPFLAGS='-DNDEBUG' is used. Tested: - make check TESTS='test-util' CPPFLAGS='-DNDEBUG'

shared: add MAXSIZE() and use it in resolved The MAXSIZE() macro takes two types and returns the size of the larger one. It is much simpler to use than MAX(sizeof(A), sizeof(B)) and also avoids any compiler-extensions, unlike CONST_MAX() and MAX() (which are needed to avoid evaluating arguments more than once). This was suggested by Daniele Nicolodi <daniele@grinta.net>. Also make resolved use this macro instead of CONST_MAX(). This enhances readability quite a bit.

CONST_MAX breaks gcc on fedora 20 with optimiztation

sysusers: add another column to sysusers files for the home directory

tests: add tests for util.c add tests for: - is_symlink - pid_is_unwaited - pid_is_alive - search_and_fopen - search_and_fopen_nulstr - glob_exists - execute_directory

macro: add CONST_MAX() macro The CONST_MAX() macro is similar to MAX(), but verifies that both arguments have the same type and are constant expressions. Furthermore, the result of CONST_MAX() is again a constant-expression. CONST_MAX() avoids any statement-expressions and other non-trivial expression-types. This avoids rather arbitrary restrictions in both GCC and LLVM, which both either fail with statement-expressions inside type-declarations or statement-expressions inside static-const initializations. If anybody knows how to circumvent this, please feel free to unify CONST_MAX() and MAX().

test: fix strtod test for real The "0,5" syntax was actually right. The real problem is, the test should only run if the local system has the de_DE.UTF-8 locale. Therefore, skip the tests if setlocale() fails. This is kinda ugly, as it is done silently, but we cannot skip partial tests with the current infrastructure. Should be fine this way.

test: fix strtod() test One strtod() test is broken since: commit 8e211000025940b770794abf5754de61b4add0af Author: Thomas Hindoe Paaboel Andersen <phomes@gmail.com> Date: Mon Aug 4 23:13:31 2014 +0200 test: use fabs on doubles The commit was right, so no reason to revert it, but the test was broken before and only worked by coincidence. Convert "0,5" to "0.5" so we don't depend on locales for double conversion (or well, we depend on "C" which seems reasonable).

util: allow strappenda to take any number of args This makes strappenda3 redundant, so we remove its usage and definition. Add a few tests along the way for sanity.

test: use fabs on doubles

Properly report invalid quoted strings $ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument

Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird

parse_boolean: require exact matches Require exact matches in all cases instead of treating strings starting with 't' ('f') as true (false). This is required for config_parse_protect_system to parse ProtectSystem=full correctly: it uses parse_boolean and only tries a more specific parsing function if that did not return a valid result. Thus "full" was treated as "false" before.

util: fix has cc check and add test

util: when unescaping strings, don't allow smuggling in of additional NUL bytes Better safe than sorry.

tests: add tests to test-util add tests for: - filename_is_safe - ascii_strlower - files_same - is_valid_documentation_url - file_in_same_dir - endswith - close_nointr - unlink_noerrno - readlink_and_make_absolute - read_one_char - ignore_signals - strshorten

tests: unlink temp file used in test

Remove unnecessary casts in printfs No functional change expected :)

shared: add ALIGN_POWER2 macro Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns the next higher power of 2. clz(0) is undefined, same is true for left-shift-overflows, yey, C rocks!

util: add new FOREACH_STRING() macro as syntactic sugar to iterate through a number of fixed strings

util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.

timedated: use builtins for integer log and exp

util: add hexdump() call to create pretty hexdumps of data This is very useful when debugging sd-bus to look at messages.

macro: make sure we can use IN_SET() also with complex function calls as first argument

Disallow sizes with increasing unit size Things like 3B4T, 4B50B, 400 100 (meaning 4*1024**4+3, 54, and 500, respectively) are now disallowed. It is necessary to say 4T3B, 54B, 500 instead. I think this was confusing and error prone. As a special form, 400B 100 is allowed, i.e. "B" suffix is treated as different from "", although they mean the same thing.

Allow fractional parts in disk sizes It seems natural to be able to say SystemMaxUsage=1.5G. https://bugzilla.redhat.com/show_bug.cgi?id=1047568

core: clean up some confusing regarding SI decimal and IEC binary suffixes for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.

make gcc shut up If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.

util: drop parse_user_at_host() since its unused now

Get rid of write_safe Current glibc implementation is safe. Kernel does this atomically, and write is actually implemented through writev. So if write is async-signal-safe, than writev pretty much must be too.

always use the same code for creating temporary files Let's unify our code here, and also always specifiy O_CLOEXEC.

journal: guarantee async-signal-safety in sd_journald_sendv signal(7) provides a list of functions which may be called from a signal handler. Other functions, which only call those functions and don't access global memory and are reentrant are also safe. sd_j_sendv was mostly OK, but would call mkostemp and writev in a fallback path, which are unsafe. Being able to call sd_j_sendv in a async-signal-safe way is important because it allows it be used in signal handlers. Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an open-coded writev replacement which uses write. Unfortunately, O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is unavailable, an open-coded mkostemp is used. https://bugzilla.gnome.org/show_bug.cgi?id=722889

macro: add a macro to test whether a value is in a specified list Introduce IN_SET() macro to nicely check whether a value a is one of a few listed values. This makes writing this: if (a == 1 || a == 7 || a == 8 || a == 9) nicer, by allowing this: if (IN_SET(a, 1, 7, 8, 9)) This is particularly useful for state machine enums.

bus: add API calls to escape string components of objects paths

tests: fix some memory leaks in tests

Fix buffer overrun when enumerating files https://bugs.freedesktop.org/show_bug.cgi?id=69887 Based-on-a-patch-by: Hans Petter Jansson <hpj@copyleft.no>

Use udev_encode_string in fstab_node_to_udev_node Resolves a longstanding bug which caused this function to wrongly handle (escape) valid utf8 characters.

test: Make testing work on systems without or old systemd * Introduce a macro to conditionally execute tests. This avoids skipping the entire test if some parts require systemd * Skip the journal tests when no /etc/machine-id is present * Change test-catalog to load the catalog from the source directory of systemd. * /proc/PID/comm got introduced in v2.6.33 but travis is still using v2.6.32. * Enable make check and make distcheck on the travis build * Use -D"CATALOG_DIR=STR($(abs_top_srcdir)/catalog)" as a STRINGIY would result in the path '/home/ich/source/linux' to be expanded to '/home/ich/source/1' as linux is defined to 1.

tests: fix indentation

util: add split_pair() for splitting foo=bar strings

tests: add more tests for shared/util.c

Properly check for overflow in offsets

Use attribute(unused) in PROTECT_ERRNO clang emits warnings about unused attribute _saved_errno_, which drown out other—potentially useful—warnings. gcc documentation is not exactly verbose about the effects of __attribute__((unused)) on variables, but let's assume that it works if the unit test passes.

util: rework safe_atod() to be locale-independent This adds some syntactic sugar with a macro RUN_WITH_LOCALE() that reset the thread-specific locale temporarily.

util: make generation of profcs PID paths nicer

journal: u64log2 can be expressed just as __builtin_clzll(n) ^ 63U

util: be more picky when validating hostnames No longer allow dots at the beginning or end of host names, Or double dots. https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/comments/14

test-util: add more tests Improve test coverage a bit with tests for close_many strappend (to cover all ways through strnappend)

util: properly escape corner cases in bus_path_escape(), too This follows the suggestions from: http://lists.freedesktop.org/archives/systemd-devel/2013-March/009363.html

test-util.c: added hexchar, unhexchar, octchar, unoctchar, decchar, undecchar tests

tests: add a few more tests to test-util.c Add asserts on the resutls in FOREACH_WORD_QUOTED Added tests for: FOREACH_WORD strstrip delete_chars in_charset

tests: more tests for util.c tests for: test_parse_pid test_parse_uid test_safe_atolli test_safe_atod

tests: add test of memdup_multiply

tests: more tests tests for: parse_boolean env_name_is_valid Also convert assert to assert_se to make sure they are run even with optimization. (see commit 9b5d6bd909855543cba75a4469bff6f82845cf0d)

test: add a few tests and tidy up adds test of: strv_find strv_find_prefix strv_overlap strv_sort streq_ptr first_word Splits tests of util.c into own file to avoid clutter as we add more. Removed a few prints and uses _cleanup_free_ to make the tests more focused.