pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #194331 from oxalica/fix/systemd-unmerged-usr

systemd: don't taint on unmerged /usr

authored by Florian Klink and committed by GitHub 9b630a26 a984d3a7

+49
unified split
+1
nixos/tests/all-tests.nix
··· 607 systemd-networkd-dhcpserver-static-leases = handleTest ./systemd-networkd-dhcpserver-static-leases.nix {}; 608 systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {}; 609 systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; 610 systemd-nspawn = handleTest ./systemd-nspawn.nix {}; 611 systemd-oomd = handleTest ./systemd-oomd.nix {}; 612 systemd-shutdown = handleTest ./systemd-shutdown.nix {};
··· 607 systemd-networkd-dhcpserver-static-leases = handleTest ./systemd-networkd-dhcpserver-static-leases.nix {}; 608 systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {}; 609 systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; 610 + systemd-no-tainted = handleTest ./systemd-no-tainted.nix {}; 611 systemd-nspawn = handleTest ./systemd-nspawn.nix {}; 612 systemd-oomd = handleTest ./systemd-oomd.nix {}; 613 systemd-shutdown = handleTest ./systemd-shutdown.nix {};
+14
nixos/tests/systemd-no-tainted.nix
···
··· 1 + import ./make-test-python.nix ({ pkgs, ... }: { 2 + name = "systemd-no-tainted"; 3 + 4 + nodes.machine = { }; 5 + 6 + testScript = '' 7 + machine.wait_for_unit("multi-user.target") 8 + with subtest("systemctl should not report tainted with unmerged-usr"): 9 + output = machine.succeed("systemctl status") 10 + print(output) 11 + assert "Tainted" not in output 12 + assert "unmerged-usr" not in output 13 + ''; 14 + })
+33
pkgs/os-specific/linux/systemd/0018-core-don-t-taint-on-unmerged-usr.patch
···
··· 1 + From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 2 + From: oxalica <oxalicc@pm.me> 3 + Date: Tue, 4 Oct 2022 09:18:07 +0800 4 + Subject: [PATCH] core: don't taint on unmerged /usr 5 + 6 + NixOS has very different approach towards /bin and /sbin - they don't 7 + really exist (except for /bin/sh and /usr/bin/env, because these are used 8 + heavily in shebangs around the world). The concept of merged or unmerged 9 + usr doesn't really apply here at all, it's neither of the two. 10 + Users don't execute things from /bin or /sbin, there's nothing else in 11 + there. In all cases, systemd doesn't look things up from /usr/bin or /bin, 12 + so showing the taint isn't really helpful. 13 + 14 + See also: https://github.com/systemd/systemd/issues/24191 15 + --- 16 + src/core/manager.c | 4 ---- 17 + 1 file changed, 4 deletions(-) 18 + 19 + diff --git a/src/core/manager.c b/src/core/manager.c 20 + index 33ded94a7c..8847479799 100644 21 + --- a/src/core/manager.c 22 + +++ b/src/core/manager.c 23 + @@ -4488,10 +4488,6 @@ char* manager_taint_string(const Manager *m) { 24 + if (m->taint_usr) 25 + stage[n++] = "split-usr"; 26 + 27 + - _cleanup_free_ char *usrbin = NULL; 28 + - if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin")) 29 + - stage[n++] = "unmerged-usr"; 30 + - 31 + if (access("/proc/cgroups", F_OK) < 0) 32 + stage[n++] = "cgroups-missing"; 33 +
+1
pkgs/os-specific/linux/systemd/default.nix
··· 163 ./0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch 164 ./0016-pkg-config-derive-prefix-from-prefix.patch 165 ./0017-inherit-systemd-environment-when-calling-generators.patch 166 ] ++ lib.optional stdenv.hostPlatform.isMusl ( 167 let 168 oe-core = fetchzip {
··· 163 ./0015-path-util.h-add-placeholder-for-DEFAULT_PATH_NORMAL.patch 164 ./0016-pkg-config-derive-prefix-from-prefix.patch 165 ./0017-inherit-systemd-environment-when-calling-generators.patch 166 + ./0018-core-don-t-taint-on-unmerged-usr.patch 167 ] ++ lib.optional stdenv.hostPlatform.isMusl ( 168 let 169 oe-core = fetchzip {