tree-wide: remove Emacs lines from all files This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.

tty-ask-password: Split out password sending This is a piece of refactoring I've done while looking for a solution to bug #2378. It separates the password sending from `parse_password`, which only needs to know about the socket path and the list of passwords to send. As a caveat, the `ask_password_tty` path needs to construct a one-password strv, too.

tty-ask-password-agent: fix typo in error message

util-lib: split out allocation calls into alloc-util.[ch]

util-lib: introduce dirent-util.[ch] for directory entry calls Also, move a couple of more path-related functions to path-util.c.

util-lib: split out IO related calls to io-util.[ch]

util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.

util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.

strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_

tree-wide: whenever we deal with passwords, erase them from memory after use A bit snake-oilish, but can't hurt.

tty-ask-password-agent: don't warn if we cannot disable wall messages on the calling tty For example, due to perm issues. THis simply downgrades the message about it, since this is purely cosmetical anyway. Fixes #1543.

util: do not reset terminal in acquire_terminal() Before, we'd always reset acquired terminals, which is not really desired, as we expose a setting TTYReset= which is supposed to control whether the TTY is reset or not. Previously that setting would only enable a second resetting of the TTY, which is of course pointless... Hence, move the implicit resetting out of acquire_terminal() and make the callers do it if they need it.

ask-password: add support for caching passwords in the kernel keyring This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.

ask-password: various modernizations Primarily clean-up error logging: log either all or no error messages in the various functions. Mostly this means the actual password querying calls no longer will log on their own, but the callers have to do so. Contains various other fixes too, for example ports some code over to use the clean-up macro. Should contain no functional changes.

tree-wide: use strempty() where possible Also add a Coccinell patch to detect such locations in the future.

tty-ask-password: minor modernizations

util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.

tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);

everywhere: port everything to sigprocmask_many() and friends This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.

util: split out signal-util.[ch] from util.[ch] No functional changes.

shared/utmp-wtmp: add parameter for origin tty and callback userdata Instead of looking up the tty from STDIN, let utmp_wall() take an argument to specify an origin tty for the wall message. Only if that argument is NULL do the STDIN lookup. Also add an void *userdata argument that is handed back to the callback function.

shared: add terminal-util.[ch]

shared: add process-util.[ch]

include <poll.h> instead of <sys/poll.h> include-what-you-use automatically does this and it makes finding unnecessary harder to spot. The only content of poll.h is a include of sys/poll.h so should be harmless.

util: rework strappenda(), and rename it strjoina() After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.

util: rename ignore_file() to hidden_file() hidden_file() is a bit more precise, since dot files usually shouldn't be ignored, but certainly be considered hidden.

treewide: sanitize loop_write loop_write() didn't follow the usual systemd rules and returned status partially in errno and required extensive checks from callers. Some of the callers dealt with this properly, but many did not, treating partial writes as successful. Simplify things by conforming to usual rules.

treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".

treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.

treewide: yet more log_*_errno + return simplifications Using: find . -name '*.[ch]' | while read f; do perl -i.mmm -e \ 'local $/; local $_=<>; s/(if\s*\([^\n]+\))\s*{\n(\s*)(log_[a-z_]*_errno\(\s*([->a-zA-Z_]+)\s*,[^;]+);\s*return\s+\g4;\s+}/\1\n\2return \3;/msg; print;' $f done And a couple of manual whitespace fixups.

treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.

treewide: auto-convert the simple cases to log_*_errno() As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().

ask-password: Add --echo to enable echoing the user input Programs such as OpenVPN may use ask-password for not only retrieving passwords, but also usernames. Masking usernames with * seems just silly. v2 - Don't mess with termios flags, instead print the input instead of an asterix. Resolves issues with backspace and TAB input. v3 - Renamed 'do_echo' variables and argument to 'echo'. Also modified the ask_password_{tty,agent,auto} API instead of additional wrapper functions. [zj: undo changes to ask_password_auto, since no callers were using the new argument.]

Correct a few typos

tty-ask-password-agent: modernization

Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.

time-util: add and use USEC/NSEC_INFINIY

Always check asprintf return code There is a small number of the places in sources where we don't check asprintf() return code and assume that after error the function returns NULL pointer via the first argument. That's wrong, after error the content of pointer is undefined.

tty-ask-password-agent: modernization

Let config_parse open file where applicable Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.

Constify ConfigTableItem tables

tty-ask-password-agent: Do tell what directory we failed to open

tty-ask-password-agent: return negative errno Return negative errno in wall_tty_block(). get_ctty_devnr() already returns a negative errno in case of failure, no need to negate it again. Reported-by: Simon <hwold@odai.homelinux.net>

util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.

utmp-wtmp: allow overriding username on wall utmp_wall() now takes an optional argument 'username_override' which allows the caller to override the username shown on wall messages. journald will use this to inform users that its wall messages comes from 'systemd-journald'.

make gcc shut up If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.

util: generalize code that checks whether PIDs are alive or unwaited for

clients: unify how we invoke getopt_long() Among other things this makes sure we always expose a --version command and show it in the help texts.

conf-parser: restrict .include usage Disallow recursive .include, and make it unavailable in anything but unit files.

Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>

tty-ask-password-agent: free passwords

Use initalization instead of explicit zeroing Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.

Revert "log_error() if inotify_add_watch() fails" This reverts commit 2826d14091e43ed3397d862dee79d09d0115c84e. We never should generate log messages from a library.

log_error() if inotify_add_watch() fails [zj: Reworded message s/to watch/to add watch on/ to make it clear that it was the watch init action that failed, and not the "process of watching". I think this way it'll be clearer to people who don't know what inotify does.]

build-sys: drop all distribution specfic checks Yay, we now have a completely generic systemd. No distribution specific checks anymore!

log.h: new log_oom() -> int -ENOMEM, use it also a number of minor fixups and bug fixes: spelling, oom errors that didn't print errors, not properly forwarding error codes, few more consistency issues, et cetera

use "Out of memory." consistantly (or with "\n") glibc/glib both use "out of memory" consistantly so maybe we should consider that instead of this. Eliminates one string out of a number of binaries. Also fixes extra newline in udev/scsi_id

log: correct usage of logging API at a few places

man: document tty-ask-password-agent

core: make systemd.confirm_spawn=1 actually work This adds a timeout if the TTY cannot be acquired and makes sure we always output the question to the console, never to the TTY of the respective service.

mkdir: append _label to all mkdir() calls that explicitly set the selinux context

util: split-out path-util.[ch]

move all tools to subdirs