[systemd-devel] Specifying calendar events in an arbitrary timezone

2016-12-15 Thread Ran Benita 
I would like to schedule some timers to execute daily at a given time in
some given timezone. My use-case for this is:

- The server's local timezone is UTC - this is just good practice for
  various reasons, so I don't want to change that.

- For business reasons, the service I want to run needs to run at the
  given time in the given timezone. Since that timezone switches
  daylight saving twice a year, I cannot specify the time in UTC, since
  it will become 1 hour off when the local time changes.

systemd does not allow to specify a calendar event in a non-local,
non-UTC timezone. This is explictly specified in systemd.time(7):

Non-local timezones except for UTC are not supported.

My question: is this not supported on purpose (because timezones suck),
or because it's just not implemented/hard to implement?

If it's on purpose, I can relate - in a local timezone, the event can
occur 0, 1 or 2 times, which is not good. However, since systemd already
supports the local timezone, I think this battle is already lost. So we
can say that the behavior for an arbitrary timezone is the same as if it
were the local timezone.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Specifying calendar events in an arbitrary timezone

2016-12-15 Thread Ran Benita 
On Thu, Dec 15, 2016 at 06:35:15PM +0100, Lennart Poettering wrote:
> So yeah, we'd love to support this, but are waiting for a suitable API.

I see, makes sense.

Since new glibc API will probably be slow to come, if ever, it might
make sense to circumvent it and go for the tzdata directly? It seems the
format is described in tzfile(5), and the glibc code which handles it
seems to be public domain as well: https://github.com/eggert/tz
I don't have any experience with those APIs, though.

If I get some time I'll try and see if such an approach is viable.

Thanks!
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?

2016-04-13 Thread Ran Benita 
Hey,

I read in the v229 NEWS that it is now possible to specify
DNSSEC=allow-downgrade and decided to try it. Note that I use my local
home router's DNS server which certainly does not support DNSSEC. I
configured the system to use resolved by changing "dns" to "resolve" in
nsswitch.conf. I use systemd v229.

I use the following simple python to test the DNS response time:

import time, socket;
before = time.time(); socket.gethostbyname('google.com'); after = 
time.time()
print((after - before) * 1000)

With resolved stopped entirely (systemctl stop), I get around ~22ms for
all queries.

With resolved started, and setting DNSSEC=no, I get ~22ms first time,
and ~2m in subsequent queries.

With resolved started, and setting DNSSEC=allow-downgrade, I get ~22ms
consistently after a few times.

So it seems like with allow-downgrade, local caching isn't performed? Is
this expected behavior for this option? Or maybe I did something wrong?
(I am lazy and didn't try to investigate with wireshark and/or the
code).

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?

2016-04-13 Thread Ran Benita 
OK, I just looked at the logs and figured out what happens: resolved
crashes whenever I perform a query with allow-downgrade, and after a few
times it doesn't restart and presumably the nss module falls back to
direct DNS queries. Here is the log:

Apr 13 13:56:31 ran systemd[1]: Started Network Name Resolution.
Apr 13 13:56:31 ran systemd-resolved[4687]: Switching to DNS server 10.0.0.10 
for interface wlp3s0.
Apr 13 13:56:31 ran systemd-resolved[4687]: Using degraded feature set 
(UDP+EDNS0) for DNS server 10.0.0.10.
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for 
question com. IN SOA: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for 
question google.com. IN DS: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for 
question google.com. IN SOA: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for 
question google.com. IN A: failed-auxiliary
Apr 13 13:56:31 ran kernel: systemd-resolve[4687]: segfault at 5c ip 
55b0062a5c57 sp 7ffee0d320a0 error 4 in 
systemd-resolved[55b006281000+9d000]
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Main process exited, 
code=killed, status=11/SEGV
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Unit entered failed 
state.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Failed with result 
'signal'.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Service has no 
hold-off time, scheduling restart.
Apr 13 13:56:31 ran systemd[1]: Stopped Network Name Resolution.
Apr 13 13:56:31 ran systemd[1]: org.freedesktop.resolve1.busname: Start request 
repeated too quickly.
Apr 13 13:56:31 ran systemd[1]: Failed to listen on Network Name Resolution 
Service Bus Name.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Start request 
repeated too quickly.
Apr 13 13:56:31 ran systemd[1]: Failed to start Network Name Resolution.

coredumpctl doesn't show the crash so can't say what it's about. Maybe
it's a distro problem (archlinux) or it's fixed in git.

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?

2016-04-13 Thread Ran Benita 
On Wed, Apr 13, 2016 at 01:04:17PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Apr 13, 2016 at 02:26:49PM +0300, Ran Benita wrote:
> > coredumpctl doesn't show the crash so can't say what it's about. Maybe
> > it's a distro problem (archlinux) or it's fixed in git.
> 
> It's probably the bug that was fixed in 
> https://github.com/systemd/systemd/pull/2702.

Thanks.

BTW, this brings up this thought: say I'm a system administrator and I
set DNSSEC=yes, and rely on it to fail any unauthenticated lookups. If
resolved crashes for some reason, the nss module will just start using
the fallback, which probably doesn't fail unauthenticated lookups. So
it's fail-open, IIUC. Maybe the nss module should look at the DNSSEC=
setting?

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] add bash completion for systemctl --system

2010-11-08 Thread Ran Benita 
I've been playing recently with systemd on Arch, and had much fun. But
soon, alas, my fingers started to ache from repeatedly writing
systemctl restart some-long-service.service. So, I wrote a completion
script. I figured other people may want to use it, so I prepared a
patch against systemd-git (attached).

There are some notes/disclaimers, however:

- It requires bash>=4.0, sed, grep and awk. A bash-completion package
is not strictly needed; sourcing the file is enough.
- It wouldn't work properly with --session, as I had no way to test it.
- It uses the output of systemctl list-units directly when that's
enough, but also runs systemctl show when completing on some verbs
(for example, to check for AllowIsolate=yes). This /may/ be somewhat
slow once there are many units, since it calls a dbus method on each
one. Is there a faster way to have that information?
- The code is perhaps a bit long and messy; honestly, I blame the tool ;)

One way to improve on the situation is to integrate some completion
code in systemctl itself, the way e.g. gdbus, gsettings and django do
it. This will allow for finer grained and faster completions, and it
won't be necessary to keep the verb/option tables in sync with some
other file. But it does mean adding all of this code in C. If this is
acceptable, I'll try to have a go at it.

Finally, a couple of completion tips I run into:
- If you alias systemctl to, say, sctl, you get completions on that
too by running to following command:
complete -F _systemctl sctl
- Add the following line to your .inputrc, to have the completion show
after only a single tab press:
set show-all-if-ambiguous on
It makes the shell quite more pleasant.

Hope it's good enough!

Ran
From 1d2b39dddfff3e5a1d4de10a030d09e35a66f4f4 Mon Sep 17 00:00:00 2001
From: Ran Benita 
Date: Sun, 7 Nov 2010 06:03:26 +0200
Subject: [PATCH] add bash completion for systemctl --system

Requires bash>=4.0, sed, grep and awk.
A bash-completion package is not strictly needed; sourcing
the file is enough.
---
 Makefile.am  |4 +
 src/systemctl-bash-completion.sh |  145 ++
 2 files changed, 149 insertions(+), 0 deletions(-)
 create mode 100644 src/systemctl-bash-completion.sh

diff --git a/Makefile.am b/Makefile.am
index 456553f..e1ecf1c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -26,6 +26,7 @@ udevrulesd...@udevrulesdir@
 pamlibd...@pamlibdir@
 pkgconfigdatadir=$(datadir)/pkgconfig
 polkitpolicydir=$(datadir)/polkit-1/actions
+bashcompletiondir=${sysconfdir}/bash_completion.d
 
 # Our own, non-special dirs
 pkgsysconfdir=$(sysconfdir)/systemd
@@ -156,6 +157,9 @@ dbusinterface_DATA = \
 	org.freedesktop.systemd1.Swap.xml \
 	org.freedesktop.systemd1.Path.xml
 
+dist_bashcompletion_DATA = \
+src/systemctl-bash-completion.sh
+
 dist_tmpfiles_DATA = \
 	tmpfiles.d/systemd.conf \
 	tmpfiles.d/x11.conf
diff --git a/src/systemctl-bash-completion.sh b/src/systemctl-bash-completion.sh
new file mode 100644
index 000..53f8e52
--- /dev/null
+++ b/src/systemctl-bash-completion.sh
@@ -0,0 +1,145 @@
+# This file is part of systemd.
+#
+# Copyright 2010 Ran Benita
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+__contains_word () {
+local word=$1; shift
+for w in $*; do [[ $w = $word ]] && return 0; done
+return 1
+}
+
+__filter_units_by_property () {
+local property=$1 value=$2 ; shift ; shift
+local -a units=( $* )
+local -a props=( $(systemctl show --property "$property" -- ${units[*]} | grep -v ^$) )
+for ((i=0; $i < ${#units[*]}; i++)); do
+if [[ "${props[i]}" = "$property=$value" ]]; then
+echo "${units[i]}"
+fi
+done
+}
+
+__get_all_units  () { systemctl list-units --full --all | awk ' {print $1}' ; }
+__get_active_units   () { systemctl list-units --full   | awk ' {print $1}' ; }
+__get_inactive_units () { systemctl list-units --full --all | awk '$3 == "inactive" {print $1}' ; }
+__get_failed_units   () { systemctl list-units --full   | awk '$3 == "failed"   {print $1}' ; }
+
+_systemctl () {
+local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORD

[systemd-devel] [PATCH] man, systemctl: correct handling of compatibility commands

2010-11-26 Thread Ran Benita 
The manpage says condrestart is equivalent to reload-or-try-restart, but
the code and the sysvinitscripts file from the initscripts package says
it is actually the same as try-restart.

Further, the code and manpage say that force-reload is equivalent to
reload-or-try-restart, but several legacy init scripts and the Debian
Policy Manual (9.3.2), not to mention the name itself, suggest that it
should be the same as the reload-or-restart command.

There are also some spelling corrections.
From 696db0b37560b53c615df3b1c6c3c5ba991dfcb3 Mon Sep 17 00:00:00 2001
From: Ran Benita 
Date: Fri, 26 Nov 2010 22:05:22 +0200
Subject: [PATCH] man, systemctl: correct handling of compatibility commands

The manpage says condrestart is equivalent to reload-or-try-restart, but
the code and the sysvinitscripts file from the initscripts package says
it is actually the same as try-restart.

Further, the code and manpage say that force-reload is equivalent to
reload-or-try-restart, but several legacy init scripts and the Debian
Policy Manual (9.3.2), not to mention the name itself, suggest that it
should be the same as the reload-or-restart command.

There are also some spelling corrections.
---
 man/systemctl.xml|   55 --
 src/systemctl-bash-completion.sh |4 +-
 src/systemctl.c  |6 ++--
 3 files changed, 34 insertions(+), 31 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index 844d218..06d1ace 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -154,7 +154,7 @@
 Suppress output to
 STDOUT in
 snapshot,
-check,
+is-active,
 enable and
 disable.
 
@@ -224,7 +224,7 @@
 When used with
 enable and
 disable, operate on the
-global user configuŕation
+global user configuration
 directory, thus enabling or disabling
 a unit file globally for all future
 logins of all users.
@@ -257,7 +257,7 @@
 systemctl will
 query the user on the terminal for the
 necessary secrets. Use this option to
-switch this behaviour off. In this
+switch this behavior off. In this
 case the password must be supplied by
 some other means (for example
 graphical password agents) or the
@@ -276,7 +276,7 @@
 process to select
 whether to kill the entire control
 group, the process group or only the
-selected process itself. If ommitted
+selected process itself. If omitted
 defaults to
 control-group if
 --kill-who=all is
@@ -296,22 +296,22 @@
 all to select whether
 to kill only the main process of the
 unit, the control process or all
-processes of the unit. If ommitted
+processes of the unit. If omitted
 defaults to
 all.
 
 
 
----signal=
+--signal=
 -s
 
 When used with
 kill, choose which
 signal to send to selected
 processes. Must be one of the well
-know signal specifiers such as
+known signal specifiers such as
 SIGTERM, SIGINT or SIGSTOP. If
-ommitted defaults to
+omitted defaults to
 SIGTERM.
 
 
@@ -416,7 +416,11 @@
 units specified on the command
 line. If the units are not running yet
 the operation will
-fail.
+fail. Note that for compatibility with
+SysV and Red Hat

Re: [systemd-devel] [PATCH] man, systemctl: correct handling of compatibility commands

2010-11-28 Thread Ran Benita 
On Sun, Nov 28, 2010 at 15:19, Kay Sievers  wrote:
> On Fri, Nov 26, 2010 at 23:56, Ran Benita  wrote:
>> The manpage says condrestart is equivalent to reload-or-try-restart, but
>> the code and the sysvinitscripts file from the initscripts package says
>> it is actually the same as try-restart.
>>
>> Further, the code and manpage say that force-reload is equivalent to
>> reload-or-try-restart, but several legacy init scripts and the Debian
>> Policy Manual (9.3.2), not to mention the name itself, suggest that it
>> should be the same as the reload-or-restart command.
>
> Bill, care to check the changes below if they apply to Fedora?
>
>> There are also some spelling corrections.
>
> I've committed all the spelling fixes. The remaining part is below,
> which should be checked by Bill.
>
> Thanks,
> Kay

These tiny differences were confusing enough for the author of the
manpage, and I managed to get it wrong as well;
upon closer examination, I was perhaps a bit reckless...
The LSB page here
http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
says force-reload = reload-or-try-restart, which is the current
behavior. So systemctl.c should not change.

The condrestart correction in the manpage is still applicable,
however. In the interest of complete clarity, here is my updated
suggestion:


diff --git a/man/systemctl.xml b/man/systemctl.xml
index 7bb8458..bb24002 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -416,21 +416,31 @@
units specified on the command
line. If the units are not running yet
the operation will
-fail.
+fail. Note that for compatibility
+with Red Hat init scripts
+condrestart is
+equivalent to this command.


reload-or-restart
[NAME...]
+
+Reload one or more
+units if they support it. If not,
+restart them instead. If the units
+are not running yet they will be
+started.
+
+
reload-or-try-restart
[NAME...]

Reload one or more
units if they support it. If not,
-restart them instead. Note that for
-compatibility with SysV and Red Hat
-init scripts
-force-reload and
-condrestart may be
-used as equivalent commands to
-
reload-or-try-restart.
+restart them instead. If the units
+are not running yes the operation
+will fail. Note that for
+compatibility with SysV init scripts
+force-reload is
+equivalent to this command.


isolate [NAME]
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] man, systemctl: correct handling of compatibility commands

2010-11-30 Thread Ran Benita 
On Mon, Nov 29, 2010 at 20:10, Kay Sievers  wrote:
> On Mon, Nov 29, 2010 at 18:26, Bill Nottingham  wrote:
>> Ran Benita (ran...@gmail.com) said:
>>> These tiny differences were confusing enough for the author of the
>>> manpage, and I managed to get it wrong as well;
>>> upon closer examination, I was perhaps a bit reckless...
>>> The LSB page here
>>> http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html
>>> says force-reload = reload-or-try-restart, which is the current
>>> behavior. So systemctl.c should not change.
>>>
>>> The condrestart correction in the manpage is still applicable,
>>> however. In the interest of complete clarity, here is my updated
>>> suggestion:
>>
>> Looks OK to me.
>
> Ran, your patch is mangled and doesn't apply. Care to resend it, or is
> the part unchanged since the original submit?
>
> Kay
>

Grr, I apologize for the noise. My ISP decided to block the smtp ports
so I'm forced to go through the web interface, which does some
autowrapping apparently :(
Anyway, here it is again, attached.
From 0e5c02ff6f97f9186211f6004a9233c282db6625 Mon Sep 17 00:00:00 2001
From: Ran Benita 
Date: Tue, 30 Nov 2010 19:05:13 +0200
Subject: [PATCH] man: systemctl - clarify condrestart, force-reload

---
 man/systemctl.xml |   26 ++
 1 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index 7bb8458..6b05e95 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -416,21 +416,31 @@
 units specified on the command
 line. If the units are not running yet
 the operation will
-fail.
+fail. Note that for compatibility
+with Red Hat init scripts
+condrestart is
+equivalent to this command.
 
 
 reload-or-restart [NAME...]
+
+Reload one or more
+units if they support it. If not,
+restart them instead. If the units
+are not running yet they will be
+started.
+
+
 reload-or-try-restart [NAME...]
 
 Reload one or more
 units if they support it. If not,
-restart them instead. Note that for
-compatibility with SysV and Red Hat
-init scripts
-force-reload and
-condrestart may be
-used as equivalent commands to
-reload-or-try-restart.
+restart them instead. If the units
+are not running yet the operation
+will fail. Note that for
+compatibility with SysV init scripts
+force-reload is
+equivalent to this command.
 
 
 isolate [NAME]
-- 
1.7.3.2

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 1/2] man: fix localectl set-x11-keymap syntax description

2014-10-17 Thread Ran Benita 
On Fri, Oct 17, 2014 at 02:02:12PM +0200, Jan Synacek wrote:
> ---
>  man/localectl.xml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/man/localectl.xml b/man/localectl.xml
> index 38e73c7..c332027 100644
> --- a/man/localectl.xml
> +++ b/man/localectl.xml
> @@ -178,7 +178,7 @@
>  
>  
>  
> -set-x11-keymap LAYOUT [MODEL] 
> [VARIANT] [OPTIONS]
> +set-x11-keymap LAYOUT [MODEL 
> [VARIANT [OPTIONS]]]

Would have been nice if this used the same order as setxkbmap (which is
more sensible), but I suppose this cannot be changed?

>  
>  Set the system default
>  keyboard mapping for X11. This takes a
> -- 
> 1.9.3
> 
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] localectl: verify layout, model, variant and options

2014-10-17 Thread Ran Benita 
On Fri, Oct 17, 2014 at 02:02:13PM +0200, Jan Synacek wrote:
> When setting any of those using set-x11-keymap, check that their values
> are available on the system.

I have only skimmed this patch, but generally:

1. There can only be one model.
2. There can be multiple layouts and variants, comma separated. E.g.,
   layout=us,il variant=,lyx. The amount of layouts and variants should
   match (or the variants can be empty), but most stuff you throw at it
   will be accepted though.
3. There can be multiple comma-separated options.

Do you handle input like "layout=us,il variant=,lyx" correctly?

Ran

> ---
>  src/locale/localectl.c | 179 
> ++---
>  1 file changed, 110 insertions(+), 69 deletions(-)
> 
> diff --git a/src/locale/localectl.c b/src/locale/localectl.c
> index 3690f9f..79bc2d0 100644
> --- a/src/locale/localectl.c
> +++ b/src/locale/localectl.c
> @@ -53,6 +53,14 @@ static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
>  static char *arg_host = NULL;
>  static bool arg_convert = true;
>  
> +enum keymap_state {
> +NONE,
> +MODELS   = 1 << 0,
> +LAYOUTS  = 1 << 1,
> +VARIANTS = 1 << 2,
> +OPTIONS  = 1 << 3
> +};
> +
>  static void pager_open_if_enabled(void) {
>  
>  if (arg_no_pager)
> @@ -350,59 +358,12 @@ static int list_vconsole_keymaps(sd_bus *bus, char 
> **args, unsigned n) {
>  return 0;
>  }
>  
> -static int set_x11_keymap(sd_bus *bus, char **args, unsigned n) {
> -_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
> -const char *layout, *model, *variant, *options;
> -int r;
> -
> -assert(bus);
> -assert(args);
> -
> -if (n > 5) {
> -log_error("Too many arguments.");
> -return -EINVAL;
> -}
> -
> -polkit_agent_open_if_enabled();
> -
> -layout = args[1];
> -model = n > 2 ? args[2] : "";
> -variant = n > 3 ? args[3] : "";
> -options = n > 4 ? args[4] : "";
> -
> -r = sd_bus_call_method(
> -bus,
> -"org.freedesktop.locale1",
> -"/org/freedesktop/locale1",
> -"org.freedesktop.locale1",
> -"SetX11Keyboard",
> -&error,
> -NULL,
> -"bb", layout, model, variant, options,
> -  arg_convert, arg_ask_password);
> -if (r < 0)
> -log_error("Failed to set keymap: %s", 
> bus_error_message(&error, -r));
> -
> -return r;
> -}
> -
> -static int list_x11_keymaps(sd_bus *bus, char **args, unsigned n) {
> +static int get_x11_keymaps_internal(char ***list, enum keymap_state 
> look_for, const char *layout)
> +{
>  _cleanup_fclose_ FILE *f = NULL;
> -_cleanup_strv_free_ char **list = NULL;
>  char line[LINE_MAX];
> -enum {
> -NONE,
> -MODELS,
> -LAYOUTS,
> -VARIANTS,
> -OPTIONS
> -} state = NONE, look_for;
> -int r;
> -
> -if (n > 2) {
> -log_error("Too many arguments.");
> -return -EINVAL;
> -}
> +enum keymap_state state = NONE;
> +int r = 0;
>  
>  f = fopen("/usr/share/X11/xkb/rules/base.lst", "re");
>  if (!f) {
> @@ -410,17 +371,6 @@ static int list_x11_keymaps(sd_bus *bus, char **args, 
> unsigned n) {
>  return -errno;
>  }
>  
> -if (streq(args[0], "list-x11-keymap-models"))
> -look_for = MODELS;
> -else if (streq(args[0], "list-x11-keymap-layouts"))
> -look_for = LAYOUTS;
> -else if (streq(args[0], "list-x11-keymap-variants"))
> -look_for = VARIANTS;
> -else if (streq(args[0], "list-x11-keymap-options"))
> -look_for = OPTIONS;
> -else
> -assert_not_reached("Wrong parameter");
> -
>  FOREACH_LINE(line, f, break) {
>  char *l, *w;
>  
> @@ -444,12 +394,12 @@ static int list_x11_keymaps(sd_bus *bus, char **args, 
> unsigned n) {
>  continue;
>  }
>  
> -if (state != look_for)
> +if (!(state & look_for))
>  continue;
>  
>  w = l + strcspn(l, WHITESPACE);
>  
> -if (n > 1) {
> +if (layout) {
>  char *e;
>  
>  if (*w == 0)
> @@ -465,23 +415,114 @@ static int list_x11_keymaps(sd_bus *bus, char **args, 
> unsigned n) {
>  
>  *e = 0;
>  
> -if (!streq(w, args[1]))
> +if (!streq(w, layout))
>  continue;
>  } else
>

Re: [systemd-devel] [PATCH 1/2] man: fix localectl set-x11-keymap syntax description

2014-10-20 Thread Ran Benita 
On Mon, Oct 20, 2014 at 11:07:06AM +0200, Jan Synacek wrote:
> Ran Benita  writes:
> > On Fri, Oct 17, 2014 at 02:02:12PM +0200, Jan Synacek wrote:
> >> ---
> >>  man/localectl.xml | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >> 
> >> diff --git a/man/localectl.xml b/man/localectl.xml
> >> index 38e73c7..c332027 100644
> >> --- a/man/localectl.xml
> >> +++ b/man/localectl.xml
> >> @@ -178,7 +178,7 @@
> >>  
> >>  
> >>  
> >> -set-x11-keymap LAYOUT 
> >> [MODEL] [VARIANT] [OPTIONS]
> >> +set-x11-keymap LAYOUT 
> >> [MODEL [VARIANT [OPTIONS]]]
> >
> > Would have been nice if this used the same order as setxkbmap (which is
> > more sensible), but I suppose this cannot be changed?
> 
> I'm not sure. The man page of setxkbmap doesn't specify model in the
> optional argumets at all, you can change it with the -model
> option. Otherwise, the order of arguments is the same. If you want to
> put the model argument somewhere, I think that the order that localectl
> uses now makes sense. That's just my opinion, though.

It cannot be changed, but just for reference: the natural order (IMO) is
LAYOUT VARIANT OPTIONS MODEL because: layout and variant are better
together, and model is the least used of the bunch.

In any case, the comparison to setxkbmap is probably not accurate, it
has different semantics (this is from memory):
1. setxkbmap applies the keymap immediately, localectl on next X
   restart.
2. setxkbmap allows to change model, options, or layout+variant (they
   always change together) individually without affecting what is not
   specified. localectl regards what isn't specified as empty.

So the order is unfortunate but doesn't matter as much.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] localectl: verify layout, model, variant and options

2014-10-20 Thread Ran Benita 
On Mon, Oct 20, 2014 at 11:15:14AM +0200, Jan Synacek wrote:
> Ran Benita  writes:
> > On Fri, Oct 17, 2014 at 02:02:13PM +0200, Jan Synacek wrote:
> >> When setting any of those using set-x11-keymap, check that their values
> >> are available on the system.
> >
> > I have only skimmed this patch, but generally:
> >
> > 1. There can only be one model.
> > 2. There can be multiple layouts and variants, comma separated. E.g.,
> >layout=us,il variant=,lyx. The amount of layouts and variants should
> >match (or the variants can be empty), but most stuff you throw at it
> >will be accepted though.
> > 3. There can be multiple comma-separated options.
> >
> > Do you handle input like "layout=us,il variant=,lyx" correctly?
> >
> > Ran
> 
> Nope, I didn't realize that. I'll send a better version of the patch.
> 
> The parsing won't be perfect, though. With setxkbmap, I can do the
> following without any error:
> 
> # setxkbmap us,cz lyx ctrl:nocaps -model idontexist
> # echo $?
> 0
> 
> Note that there is no lyx variant for either us or cz. Also, the number
> of layouts and variants *doesn't* match and the model doesn't exist as
> well. (That's probably what you meant by the last sentence in 2., I'm
> just restating it to be clear).

Right, these settings are pretty permissive.

But you reminded me - it is probably not a good idea to entirely abort
the operation if the provided arguments don't validate. That's because
the XKB rules file (/usr/share/X11/xkb/rules/) support wildcards, as you
noticed with the idontexist model. These are then passed along, and some
of them are in fact valid as far as I remember, just not mentioned in the
base.lst file.

So I think this should be a warning, not an error. If the user knows
what he intended, he can ignore the error. Otherwise he will correct the
error. Not ideal, but better than preventing legal values.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] writing service file that used some /proc/cmdline variable

2014-05-21 Thread Ran Benita 
On Wed, May 21, 2014 at 09:38:43PM +0400, Vasiliy Tolstov wrote:
> Hello. I'm need to write specific service file that using
> /proc/cmdline variable (not standard, my own).
> Does systemd already have parsed array or how can i do that?

ConditionKernelCommandLine=
See systemd.unit(5)
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] writing service file that used some /proc/cmdline variable

2014-05-21 Thread Ran Benita 
On Wed, May 21, 2014 at 08:44:22PM +0300, Ran Benita wrote:
> On Wed, May 21, 2014 at 09:38:43PM +0400, Vasiliy Tolstov wrote:
> > Hello. I'm need to write specific service file that using
> > /proc/cmdline variable (not standard, my own).
> > Does systemd already have parsed array or how can i do that?
> 
> ConditionKernelCommandLine=
> See systemd.unit(5)

Oops, I thought you meant a condition.  I don't know if there's a
a way to *use* the variables directly in the service files, but it can
be done easily enough with a shell-script wrapper.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 11/11] Make redirections work with the bash command completions

2014-06-13 Thread Ran Benita 
>From a cursory look, the bash-completion package deals with this issue
in a more systematic way. See _init_completion() in
/usr/share/bash-completion/bash_completion. Maybe it's worthwhile to
(conditionally?) use that if possible.

Ran

On Fri, Jun 13, 2014 at 04:41:10PM +0200, Werner Fink wrote:
> ---
>  shell-completion/bash/hostnamectl |6 +-
>  shell-completion/bash/journalctl  |6 +-
>  shell-completion/bash/kernel-install  |   13 -
>  shell-completion/bash/localectl   |6 +-
>  shell-completion/bash/loginctl|6 +-
>  shell-completion/bash/systemctl   |6 +-
>  shell-completion/bash/systemd-analyze |6 +-
>  shell-completion/bash/systemd-coredumpctl |6 +-
>  shell-completion/bash/systemd-run |   14 +-
>  shell-completion/bash/timedatectl |6 +-
>  shell-completion/bash/udevadm |6 +-
>  11 files changed, 70 insertions(+), 11 deletions(-)
> 
> diff --git shell-completion/bash/hostnamectl shell-completion/bash/hostnamectl
> index 9c75da9..2e947f6 100644
> --- shell-completion/bash/hostnamectl
> +++ shell-completion/bash/hostnamectl
> @@ -30,6 +30,10 @@ _hostnamectl() {
>  local OPTS='-h --help --version --transient --static --pretty
>  --no-ask-password -H --host'
>  
> +if __contains_word ">" ${COMP_WORDS[*]:0:COMP_CWORD}; then
> +return 0
> +fi
> +
>  if [[ $cur = -* ]]; then
>  COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
>  return 0
> @@ -58,4 +62,4 @@ _hostnamectl() {
>  return 0
>  }
>  
> -complete -F _hostnamectl hostnamectl
> +complete -o default -o bashdefault -F _hostnamectl hostnamectl
> diff --git shell-completion/bash/journalctl shell-completion/bash/journalctl
> index e4b2f4a..50f83e0 100644
> --- shell-completion/bash/journalctl
> +++ shell-completion/bash/journalctl
> @@ -49,6 +49,10 @@ _journalctl() {
>--verify-key'
>  )
>  
> +if __contains_word ">" ${COMP_WORDS[*]:0:COMP_CWORD}; then
> +return 0
> +fi
> +
>  if __contains_word "$prev" ${OPTS[ARG]} ${OPTS[ARGUNKNOWN]}; then
>  case $prev in
>  --boot|--this-boot|-b)
> @@ -111,4 +115,4 @@ _journalctl() {
>  fi
>  }
>  
> -complete -F _journalctl journalctl
> +complete -o default -o bashdefault -F _journalctl journalctl
> diff --git shell-completion/bash/kernel-install 
> shell-completion/bash/kernel-install
> index 7cd2494..33cf27c 100644
> --- shell-completion/bash/kernel-install
> +++ shell-completion/bash/kernel-install
> @@ -18,11 +18,22 @@
>  # You should have received a copy of the GNU Lesser General Public License
>  # along with systemd; If not, see .
>  
> +__contains_word () {
> +local w word=$1; shift
> +for w in "$@"; do
> +[[ $w = "$word" ]] && return
> +done
> +}
> +
>  _kernel_install() {
>  local comps
>  local MACHINE_ID
>  local cur=${COMP_WORDS[COMP_CWORD]}
>  
> +if __contains_word ">" ${COMP_WORDS[*]:0:COMP_CWORD}; then
> +return 0
> +fi
> +
>  case $COMP_CWORD in
>  1)
>  comps="add remove"
> @@ -47,4 +58,4 @@ _kernel_install() {
>  return 0
>  }
>  
> -complete -F _kernel_install kernel-install
> +complete -o default -o bashdefault -F _kernel_install kernel-install
> diff --git shell-completion/bash/localectl shell-completion/bash/localectl
> index c9e22af..3150f87 100644
> --- shell-completion/bash/localectl
> +++ shell-completion/bash/localectl
> @@ -36,6 +36,10 @@ _localectl() {
>  local OPTS='-h --help --version --no-convert --no-pager 
> --no-ask-password
>  -H --host'
>  
> +if __contains_word ">" ${COMP_WORDS[*]:0:COMP_CWORD}; then
> +return 0
> +fi
> +
>  if __contains_word "$prev" $OPTS; then
>  case $prev in
>  --host|-H)
> @@ -89,4 +93,4 @@ _localectl() {
>  return 0
>  }
>  
> -complete -F _localectl localectl
> +complete -o default -o bashdefault -F _localectl localectl
> diff --git shell-completion/bash/loginctl shell-completion/bash/loginctl
> index e7adb93..9b137b4 100644
> --- shell-completion/bash/loginctl
> +++ shell-completion/bash/loginctl
> @@ -37,6 +37,10 @@ _loginctl () {
>[ARG]='--host -H --kill-who --property -p --signal -s'
>  )
>  
> +if __contains_word ">" ${COMP_WORDS[*]:0:COMP_CWORD}; then
> +return 0
> +fi
> +
>  if __contains_word "$prev" ${OPTS[ARG]}; then
>  case $prev in
>  --signal|-s)
> @@ -106,4 +110,4 @@ _loginctl () {
>  return 0
>  }
>  
> -complete -F _loginctl loginctl

Re: [systemd-devel] [ANNOUNCE] systemd 27

2011-05-21 Thread Ran Benita 
On Sat, May 21, 2011 at 15:53, microcai  wrote:
>
> 于 2011年05月21日 20:44, Kay Sievers 写道:
> >>> No, NO, NO! Don't use the release.
> >>>
> >>> It's totally unstable. do some systemctl  stuff, systemd crashed.
> >>
> >> Hmm?
> >>
> >> In which way?
> >>
> >> Can you provide a backtrace?
> >
> > systemd 27 works fine here, the tab-completion too. Seems more like a
> > local problem.
>
> Try more times. say, 100 times. systemd will crash eventually.

If systemd crashes, I believe the kernel should panic; is that what happened?

On another note, here's something nice to try (as a regular user):

echo -e does-not-exist{1..131072}.service\\n | xargs -P4 systemctl load

(see MANAGER_MAX_NAMES in manager.h).
You won't be able to do much with systemctl afterwards (Failed to
issue method call: Argument list too long), besides reboot --force.

Am I missing something? Is there a way to trigger a garbage collection
on the useless units?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 3/3] bash-completion: rename file since it is no longer for systemctl only

2011-09-23 Thread Ran Benita 
---
 Makefile.am|2 +-
 ...sh-completion.sh => systemd-bash-completion.sh} |0
 2 files changed, 1 insertions(+), 1 deletions(-)
 rename src/{systemctl-bash-completion.sh => systemd-bash-completion.sh} (100%)

diff --git a/Makefile.am b/Makefile.am
index 6f90e9c..1212615 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -313,7 +313,7 @@ dbusinterface_DATA += \
 endif
 
 dist_bashcompletion_DATA = \
-   src/systemctl-bash-completion.sh
+   src/systemd-bash-completion.sh
 
 dist_tmpfiles_DATA = \
tmpfiles.d/systemd.conf \
diff --git a/src/systemctl-bash-completion.sh b/src/systemd-bash-completion.sh
similarity index 100%
rename from src/systemctl-bash-completion.sh
rename to src/systemd-bash-completion.sh
-- 
1.7.6.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/3] bash-completion: update with new verbs and arguments

2011-09-23 Thread Ran Benita 
Adds arguments --root= and --runtime.
Adds verbs link, mask, unmask, reenable, list-unit-files.
Also uses list-unit-files to make nicer enable and disable completions.
---
 src/systemctl-bash-completion.sh |   49 +
 1 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/src/systemctl-bash-completion.sh b/src/systemctl-bash-completion.sh
index 6369a6c..c0f846c 100644
--- a/src/systemctl-bash-completion.sh
+++ b/src/systemctl-bash-completion.sh
@@ -36,6 +36,9 @@ __get_all_units  () { systemctl list-units --full --all | 
awk '
 __get_active_units   () { systemctl list-units --full   | awk '
 {print $1}' ; }
 __get_inactive_units () { systemctl list-units --full --all | awk '$3 == 
"inactive" {print $1}' ; }
 __get_failed_units   () { systemctl list-units --full   | awk '$3 == 
"failed"   {print $1}' ; }
+__get_enabled_units  () { systemctl list-unit-files --full  | awk '$2 == 
"enabled"  {print $1}' ; }
+__get_disabled_units () { systemctl list-unit-files --full  | awk '$2 == 
"disabled" {print $1}' ; }
+__get_masked_units   () { systemctl list-unit-files --full  | awk '$2 == 
"masked"   {print $1}' ; }
 
 _systemctl () {
 local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
@@ -44,14 +47,14 @@ _systemctl () {
 local -A OPTS=(
[STANDALONE]='--all -a --defaults --fail --ignore-dependencies 
--failed --force -f --full --global
  --help -h --no-ask-password --no-block --no-pager 
--no-reload --no-wall
- --order --require --quiet -q --privileged -P 
--system --user --version'
-  [ARG]='--host -H --kill-mode --kill-who --property -p 
--signal -s --type -t'
+ --order --require --quiet -q --privileged -P 
--system --user --version --runtime'
+  [ARG]='--host -H --kill-mode --kill-who --property -p 
--signal -s --type -t --root'
 )
 
 if __contains_word "$prev" ${OPTS[ARG]}; then
 case $prev in
 --signal|-s)
-comps=$(compgen -A signal | grep '^SIG' | grep 
-Ev 'RTMIN|RTMAX|JUNK')
+comps=$(compgen -A signal)
 ;;
 --type|-t)
 comps='automount device mount path service 
snapshot socket swap target timer'
@@ -62,7 +65,14 @@ _systemctl () {
 --kill-mode)
 comps='control-group process'
 ;;
---property|-p|--host|-H)
+--root)
+comps=$(compgen -A directory -- "$cur" )
+compopt -o filenames
+;;
+--host|-H)
+comps=$(compgen -A hostname)
+;;
+--property|-p)
 comps=''
 ;;
 esac
@@ -77,22 +87,26 @@ _systemctl () {
 fi
 
 local -A VERBS=(
-[ALL_UNITS]='enable disable is-active is-enabled status show'
+[ALL_UNITS]='is-active is-enabled status show mask preset'
+[ENABLED_UNITS]='disable reenable'
+   [DISABLED_UNITS]='enable'
  [FAILED_UNITS]='reset-failed'
   [STARTABLE_UNITS]='start'
-  [STOPPABLE_UNITS]='stop kill try-restart condrestart'
+  [STOPPABLE_UNITS]='stop condstop kill try-restart condrestart'
  [ISOLATABLE_UNITS]='isolate'
- [RELOADABLE_UNITS]='reload reload-or-try-restart force-reload'
-  [RESTARTABLE_UNITS]='restart reload-or-restart'
+ [RELOADABLE_UNITS]='reload condreload reload-or-try-restart 
force-reload'
+[RESTARTABLE_UNITS]='restart reload-or-restart'
+ [MASKED_UNITS]='unmask'
  [JOBS]='cancel'
 [SNAPSHOTS]='delete'
  [ENVS]='set-environment unset-environment'
-   [STANDALONE]='daemon-reexec daemon-reload default dot dump 
emergency exit halt kexec
- list-jobs list-units poweroff reboot rescue 
show-environment'
+   [STANDALONE]='daemon-reexec daemon-reload default dot dump
+ emergency exit halt kexec list-jobs list-units
+ list-unit-files poweroff reboot rescue 
show-environment'
  [NAME]='snapshot load'
+ [FILE]='link'
 )
 
-local verb
 for ((i=0; $i <= $COMP_CWORD; i++)); do
 if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
  ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG}]}; then
@@ -107,6 +121,12 @@ _systemctl () {
 elif __contains_word "$verb" ${VERBS[ALL_UNITS

[systemd-devel] [PATCH 2/3] bash-completion: add completions for systemd-loginctl

2011-09-23 Thread Ran Benita 
---
 src/systemctl-bash-completion.sh |   83 ++
 1 files changed, 83 insertions(+), 0 deletions(-)

diff --git a/src/systemctl-bash-completion.sh b/src/systemctl-bash-completion.sh
index c0f846c..84290bc 100644
--- a/src/systemctl-bash-completion.sh
+++ b/src/systemctl-bash-completion.sh
@@ -175,3 +175,86 @@ _systemctl () {
 return 0
 }
 complete -F _systemctl systemctl
+
+__get_all_sessions () { systemd-loginctl list-sessions | awk '{print $1}' ; }
+__get_all_users() { systemd-loginctl list-users| awk '{print $2}' ; }
+__get_all_seats() { systemd-loginctl list-seats| awk '{print $1}' ; }
+
+_systemd_loginctl () {
+local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+local verb comps
+
+local -A OPTS=(
+   [STANDALONE]='--all -a --help -h --no-pager --privileged -P 
--version'
+  [ARG]='--host -H --kill-who --property -p --signal -s'
+)
+
+if __contains_word "$prev" ${OPTS[ARG]}; then
+case $prev in
+--signal|-s)
+comps=$(compgen -A signal)
+;;
+--kill-who)
+comps='all leader'
+;;
+--host|-H)
+comps=$(compgen -A hostname)
+;;
+--property|-p)
+comps=''
+;;
+esac
+COMPREPLY=( $(compgen -W "$comps" -- "$cur") )
+return 0
+fi
+
+
+if [[ "$cur" = -* ]]; then
+COMPREPLY=( $(compgen -W "${OPTS[*]}" -- "$cur") )
+return 0
+fi
+
+local -A VERBS=(
+[SESSIONS]='session-status show-session activate lock-session 
unlock-session terminate-session kill-session'
+[USERS]='user-status show-user enable-linger disable-linger 
terminate-user kill-user'
+[SEATS]='seat-status show-seat terminate-seat'
+[STANDALONE]='list-sessions list-users list-seats 
flush-devices'
+[ATTACH]='attach'
+)
+
+for ((i=0; $i <= $COMP_CWORD; i++)); do
+if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
+ ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG}]}; then
+verb=${COMP_WORDS[i]}
+break
+fi
+done
+
+if   [[ -z $verb ]]; then
+comps="${VERBS[*]}"
+
+elif __contains_word "$verb" ${VERBS[SESSIONS]}; then
+comps=$( __get_all_sessions )
+
+elif __contains_word "$verb" ${VERBS[USERS]}; then
+comps=$( __get_all_users )
+
+elif __contains_word "$verb" ${VERBS[SEATS]}; then
+comps=$( __get_all_seats )
+
+elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
+comps=''
+
+elif __contains_word "$verb" ${VERBS[ATTACH]}; then
+if [[ $prev = $verb ]]; then
+comps=$( __get_all_seats )
+else
+comps=$(compgen -A file -- "$cur" )
+compopt -o filenames
+fi
+fi
+
+COMPREPLY=( $(compgen -W "$comps" -- "$cur") )
+return 0
+}
+complete -F _systemd_loginctl systemd-loginctl
-- 
1.7.6.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] man: document list-unit-files

2011-09-24 Thread Ran Benita 
It's documented in the --help, but not in the manpage.
---
 man/systemctl.xml |7 +++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index 468141c..894dec7 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -595,6 +595,13 @@
 
 
 
+list-unit-files
+
+List installed unit files.
+
+
+
+
 enable 
[NAME...]
 
 Enable one or more
-- 
1.7.6.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] man: document list-unit-files

2011-09-24 Thread Ran Benita 
It's documented in the --help, but not in the manpage.
---
 man/systemctl.xml |7 +++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index 468141c..894dec7 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -595,6 +595,13 @@
 
 
 
+list-unit-files
+
+List installed unit files.
+
+
+
+
 enable 
[NAME...]
 
 Enable one or more
-- 
1.7.6.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 1/3] bash-completion: update with new verbs and arguments

2011-11-02 Thread Ran Benita 
Adds arguments --root= --runtime --no-legend.
Adds verbs link mask unmask reenable list-unit-files.
Also uses list-unit-files to make nicer enable and disable completions.

Rebased due to changes in systemctl.
---
 src/systemctl-bash-completion.sh |   61 +++--
 1 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/src/systemctl-bash-completion.sh b/src/systemctl-bash-completion.sh
index 6ebb792..0aa87af 100644
--- a/src/systemctl-bash-completion.sh
+++ b/src/systemctl-bash-completion.sh
@@ -16,7 +16,7 @@
 # along with systemd; If not, see .
 
 __systemctl() {
-systemctl --no-legend "$@"
+systemctl --full --no-legend "$@"
 }
 
 __contains_word () {
@@ -36,10 +36,13 @@ __filter_units_by_property () {
 done
 }
 
-__get_all_units  () { __systemctl list-units --full --all | awk '  
   {print $1}' ; }
-__get_active_units   () { __systemctl list-units --full   | awk '  
   {print $1}' ; }
-__get_inactive_units () { __systemctl list-units --full --all | awk '$3 == 
"inactive" {print $1}' ; }
-__get_failed_units   () { __systemctl list-units --full   | awk '$3 == 
"failed"   {print $1}' ; }
+__get_all_units  () { __systemctl list-units --all | awk ' 
{print $1}' ; }
+__get_active_units   () { __systemctl list-units   | awk ' 
{print $1}' ; }
+__get_inactive_units () { __systemctl list-units --all | awk '$3 == "inactive" 
{print $1}' ; }
+__get_failed_units   () { __systemctl list-units   | awk '$3 == "failed"   
{print $1}' ; }
+__get_enabled_units  () { __systemctl list-unit-files  | awk '$2 == "enabled"  
{print $1}' ; }
+__get_disabled_units () { __systemctl list-unit-files  | awk '$2 == "disabled" 
{print $1}' ; }
+__get_masked_units   () { __systemctl list-unit-files  | awk '$2 == "masked"   
{print $1}' ; }
 
 _systemctl () {
 local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
@@ -47,15 +50,15 @@ _systemctl () {
 
 local -A OPTS=(
[STANDALONE]='--all -a --defaults --fail --ignore-dependencies 
--failed --force -f --full --global
- --help -h --no-ask-password --no-block --no-pager 
--no-reload --no-wall
- --order --require --quiet -q --privileged -P 
--system --user --version'
-  [ARG]='--host -H --kill-mode --kill-who --property -p 
--signal -s --type -t'
+ --help -h --no-ask-password --no-block 
--no-legend --no-pager --no-reload --no-wall
+ --order --require --quiet -q --privileged -P 
--system --user --version --runtime'
+  [ARG]='--host -H --kill-mode --kill-who --property -p 
--signal -s --type -t --root'
 )
 
 if __contains_word "$prev" ${OPTS[ARG]}; then
 case $prev in
 --signal|-s)
-comps=$(compgen -A signal | grep '^SIG' | grep 
-Ev 'RTMIN|RTMAX|JUNK')
+comps=$(compgen -A signal)
 ;;
 --type|-t)
 comps='automount device mount path service 
snapshot socket swap target timer'
@@ -66,7 +69,14 @@ _systemctl () {
 --kill-mode)
 comps='control-group process'
 ;;
---property|-p|--host|-H)
+--root)
+comps=$(compgen -A directory -- "$cur" )
+compopt -o filenames
+;;
+--host|-H)
+comps=$(compgen -A hostname)
+;;
+--property|-p)
 comps=''
 ;;
 esac
@@ -81,22 +91,26 @@ _systemctl () {
 fi
 
 local -A VERBS=(
-[ALL_UNITS]='enable disable is-active is-enabled status show'
+[ALL_UNITS]='is-active is-enabled status show mask preset'
+[ENABLED_UNITS]='disable reenable'
+   [DISABLED_UNITS]='enable'
  [FAILED_UNITS]='reset-failed'
   [STARTABLE_UNITS]='start'
-  [STOPPABLE_UNITS]='stop kill try-restart condrestart'
+  [STOPPABLE_UNITS]='stop condstop kill try-restart condrestart'
  [ISOLATABLE_UNITS]='isolate'
- [RELOADABLE_UNITS]='reload reload-or-try-restart force-reload'
-  [RESTARTABLE_UNITS]='restart reload-or-restart'
+ [RELOADABLE_UNITS]='reload condreload reload-or-try-restart 
force-reload'
+[RESTARTABLE_UNITS]='restart reload-or-restart'
+ [MASKED_UNITS]='unmask'
  [JOBS]='cancel'
 [SNAPSHOTS]='delete'
  [ENVS]='set-environment unset-environment'
-

[systemd-devel] [PATCH 2/3] bash-completion: add completions for systemd-loginctl

2011-11-02 Thread Ran Benita 
This script is straightforward and should give proper completions for
all of systemd-loginctl's verbs.
---
 src/systemctl-bash-completion.sh |   83 ++
 1 files changed, 83 insertions(+), 0 deletions(-)

diff --git a/src/systemctl-bash-completion.sh b/src/systemctl-bash-completion.sh
index 0aa87af..176591f 100644
--- a/src/systemctl-bash-completion.sh
+++ b/src/systemctl-bash-completion.sh
@@ -179,3 +179,86 @@ _systemctl () {
 return 0
 }
 complete -F _systemctl systemctl
+
+__get_all_sessions () { systemd-loginctl list-sessions | awk '{print $1}' ; }
+__get_all_users() { systemd-loginctl list-users| awk '{print $2}' ; }
+__get_all_seats() { systemd-loginctl list-seats| awk '{print $1}' ; }
+
+_systemd_loginctl () {
+local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+local verb comps
+
+local -A OPTS=(
+   [STANDALONE]='--all -a --help -h --no-pager --privileged -P 
--version'
+  [ARG]='--host -H --kill-who --property -p --signal -s'
+)
+
+if __contains_word "$prev" ${OPTS[ARG]}; then
+case $prev in
+--signal|-s)
+comps=$(compgen -A signal)
+;;
+--kill-who)
+comps='all leader'
+;;
+--host|-H)
+comps=$(compgen -A hostname)
+;;
+--property|-p)
+comps=''
+;;
+esac
+COMPREPLY=( $(compgen -W "$comps" -- "$cur") )
+return 0
+fi
+
+
+if [[ "$cur" = -* ]]; then
+COMPREPLY=( $(compgen -W "${OPTS[*]}" -- "$cur") )
+return 0
+fi
+
+local -A VERBS=(
+[SESSIONS]='session-status show-session activate lock-session 
unlock-session terminate-session kill-session'
+[USERS]='user-status show-user enable-linger disable-linger 
terminate-user kill-user'
+[SEATS]='seat-status show-seat terminate-seat'
+[STANDALONE]='list-sessions list-users list-seats 
flush-devices'
+[ATTACH]='attach'
+)
+
+for ((i=0; $i <= $COMP_CWORD; i++)); do
+if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
+ ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG}]}; then
+verb=${COMP_WORDS[i]}
+break
+fi
+done
+
+if   [[ -z $verb ]]; then
+comps="${VERBS[*]}"
+
+elif __contains_word "$verb" ${VERBS[SESSIONS]}; then
+comps=$( __get_all_sessions )
+
+elif __contains_word "$verb" ${VERBS[USERS]}; then
+comps=$( __get_all_users )
+
+elif __contains_word "$verb" ${VERBS[SEATS]}; then
+comps=$( __get_all_seats )
+
+elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
+comps=''
+
+elif __contains_word "$verb" ${VERBS[ATTACH]}; then
+if [[ $prev = $verb ]]; then
+comps=$( __get_all_seats )
+else
+comps=$(compgen -A file -- "$cur" )
+compopt -o filenames
+fi
+fi
+
+COMPREPLY=( $(compgen -W "$comps" -- "$cur") )
+return 0
+}
+complete -F _systemd_loginctl systemd-loginctl
-- 
1.7.7.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH 3/3] bash-completion: rename file since it is no longer for systemctl only

2011-11-02 Thread Ran Benita 
---
 Makefile.am|2 +-
 ...sh-completion.sh => systemd-bash-completion.sh} |0
 2 files changed, 1 insertions(+), 1 deletions(-)
 rename src/{systemctl-bash-completion.sh => systemd-bash-completion.sh} (100%)

diff --git a/Makefile.am b/Makefile.am
index f701a45..0ce2356 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -321,7 +321,7 @@ dbusinterface_DATA += \
 endif
 
 dist_bashcompletion_DATA = \
-   src/systemctl-bash-completion.sh
+   src/systemd-bash-completion.sh
 
 dist_tmpfiles_DATA = \
tmpfiles.d/systemd.conf \
diff --git a/src/systemctl-bash-completion.sh b/src/systemd-bash-completion.sh
similarity index 100%
rename from src/systemctl-bash-completion.sh
rename to src/systemd-bash-completion.sh
-- 
1.7.7.1

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] User Login and custom .service file

2011-11-25 Thread Ran Benita 
On Fri, Nov 25, 2011 at 03:50:06AM +, Malte Brandy wrote:
> Lennart Poettering  poettering.net> writes:
> > On Mon, 01.08.11 13:31, George Stefan (stefan.george87  gmail.com) 
> > wrote:
> > > Hi,
> > > I have a system configuration that requests the possibility of having
> > > multiple users. Does systemd allow us to have a path (like
> > > /lib/systemd/system) custom to each user? By this i mean something like
> > > "/home/user/systemd" where to have the associate .service/target/etc 
> > > placed.
> > What you can do already is run a per-user instance of systemd, where the
> > user can add his services. This is not complete yet, but it should
> > already get you quite far.
> 
> Hello, im probably breaking quite a lot of mail list rules be this mail.
> Especially because its quite old... 
> But this is problem driving me crazy for quite a while. But first I must say,
> that I love systemd.
> I use systemd --user and it's awesome. I start my xorg, my syncmail, mpd, etc.
> 
> > To make use of this use "systemd-loginctl
> > enable-linger lennart" (for a user lennart). This will make sure that a
> > systemd instance is automatically started at boot for this
> > user.
> 
> This just wont work for me:
> sudo systemd-loginctl enable-linger maralorn
> Failed to issue method call: Failed to execute program
> /usr/lib/dbus-1.0/dbus-daemon-launch-helper: Success
> 
> > This is implemented via a service user  lennart.service which is
> > instantiated for each user and runs a per-user systemd.
> I already tried modifiying this service in some ways but without success.
> I can start it like user  maralorn.service, but when I try 
> systemctl --user
> I get: 
> Failed to issue method call: Process /bin/false exited with status 1
> I figure this is a problem with dbus and sessions but I'm not sure.
> 
> As a workaround I start the 
> systemd --user from an already established tty session. 
> > As mentioned, this isn't complete yet, so ymmv.
> I know, but i think my problem is not unsolvable...
> 
> Greetings Malte
> 
> Archlinux Kernel 3.1
> Systemd 37 and some previous.

Hi,
I actually tried to get this to work once (I'm now using pretty much the
same system as you).
The enable-linger part worked for me. It seems all it does is create a
file named after the username under /var/lib/systemd/linger; I did have
to manually create /var/lib/systemd, since it wasn't created otherwise
and the command fails when it's not there (perhaps the code should do a
mkdir -p instead?).
As for the systemctl start user@.service, I figure it's not
supposed to be enabled manually but to start automatically. Alas, it's
not implemented yet (i.e user_start_service() at logind-user.c is just a
stub).
When I try systemctl start user@.service, as you tried, it
does start a user instance which works properly, so I can't say what's
going wrong for you there. Is there anything written to the logs?
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] WorkingDirectory for user units

2011-12-03 Thread Ran Benita 
On Sat, Dec 03, 2011 at 02:32:19PM +0100, Thomas Meyer wrote:
> Hi,
> 
> I put a "user" unit in "/usr/lib/systemd/user" called
> "smServer.service":
> 
> [Unit]
> Description=ShortMessage Server
> After=network.target
> 
> [Service]
> Type=simple
> StandardOutput=syslog
> Environment=CLASSPATH=/usr/share/java/smServer.jar
> WorkingDirectory=/home/thomas
> ExecStart=/usr/bin/java smServer.Controller
> 
> [Install]
> WantedBy=multi-user.target
> 
> 1.) Is there an option to set the WorkingDirectory automatically to the
> users home? The environment variable "HOME" seems to get set for the
> process. Or is there an option to set the WorkingDirectory based on the
> user? default working directory seems to be "/".

I don't think there's a way to do it. I looked into either
 - making the home directory the default working directory (for user's
   systemd)
 - adding a %~ format specifier
 - or maybe both?
A patch shouldn't be too hard, which do you think is best?

> 2.) Also i'm not sure which WantedBy= in the [Install] section to use?
> Do I need the section at all? what dependencies/values are sensible
> here?

I just used default.target, which worked as expected.

> greets
> thomas
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] unit: add specifiers for user name and home directory

2011-12-08 Thread Ran Benita 
Currently there is no way to refer to the user's name or home directory
from within a unit file. This is mainly a problem for unit files
intended for a --user systemd instance, where you might want to set the
user's home directory in WorkingDirectory, or otherwise refer to the
user's name.

This patch add two specifiers, %u and %~, for the user's name and home
directory. Note that these refer to the user who's running the instance,
and is otherwise unaffected by User=, RootDirectory=, etc.
---
 man/systemd.unit.xml |   10 ++
 src/unit.c   |   26 ++
 2 files changed, 36 insertions(+), 0 deletions(-)

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 897f99f..59868d5 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -258,6 +258,16 @@
 Runtime socket dir
 This is either /run (for the system manager) or 
$XDG_RUNTIME_DIR (for user managers).
   
+  
+%u
+User name
+This is the name of the user who is running the 
systemd instance.
+  
+  
+%~
+User home directory
+This is the home directory of the user who is 
running the systemd instance.
+  
 
   
 
diff --git a/src/unit.c b/src/unit.c
index 018e986..b1e2bca 100644
--- a/src/unit.c
+++ b/src/unit.c
@@ -2133,6 +2133,30 @@ static char *specifier_runtime(char specifier, void 
*data, void *userdata) {
 return strdup("/run");
 }
 
+static char *specifier_user_details(char specifier, void *data, void 
*userdata) {
+int r;
+char *username;
+const char *home, *_username;
+uid_t uid;
+gid_t gid;
+
+username = getlogname_malloc();
+if (!username)
+return NULL;
+
+if (specifier == 'u')
+return username;
+
+_username = username;
+r = get_user_creds(&_username, &uid, &gid, &home);
+free(username);
+if (r)
+return NULL;
+
+/* specifier == '~' */
+return strdup(home);
+}
+
 char *unit_name_printf(Unit *u, const char* format) {
 
 /*
@@ -2182,6 +2206,8 @@ char *unit_full_printf(Unit *u, const char *format) {
 { 'r', specifier_cgroup_root, NULL },
 { 'R', specifier_cgroup_root, NULL },
 { 't', specifier_runtime, NULL },
+{ 'u', specifier_user_details,NULL },
+{ '~', specifier_user_details,NULL },
 { 0, NULL, NULL }
 };
 
-- 
1.7.7.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH v2] unit: add specifiers for user name and home directory

2011-12-16 Thread Ran Benita 
Currently there is no way to refer to the user's name or home directory
from within a unit file. This is mainly a problem for unit files
intended for a --user systemd instance, where you might want to set the
user's home directory in WorkingDirectory, or otherwise refer to the
user's name.

This patch add two specifiers, %u and %h, for the user's name and home
directory. Note that these refer to the user who's running the instance,
and is otherwise unaffected by User=, RootDirectory=, etc.
---
 man/systemd.unit.xml |   10 ++
 src/unit.c   |   24 
 2 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 897f99f..2843007 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -258,6 +258,16 @@
 Runtime socket dir
 This is either /run (for the system manager) or 
$XDG_RUNTIME_DIR (for user managers).
   
+  
+%u
+User name
+This is the name of the user who is running the 
systemd instance.
+  
+  
+%h
+User home directory
+This is the home directory of the user who is 
running the systemd instance.
+  
 
   
 
diff --git a/src/unit.c b/src/unit.c
index 03c90f5..d45e16f 100644
--- a/src/unit.c
+++ b/src/unit.c
@@ -2145,6 +2145,28 @@ static char *specifier_runtime(char specifier, void 
*data, void *userdata) {
 return strdup("/run");
 }
 
+static char *specifier_user_details(char specifier, void *data, void 
*userdata) {
+int r;
+char *username;
+const char *home, *_username;
+
+username = getlogname_malloc();
+if (!username)
+return NULL;
+
+if (specifier == 'u')
+return username;
+
+_username = username;
+r = get_user_creds(&_username, NULL, NULL, &home);
+free(username);
+if (r)
+return NULL;
+
+/* specifier == 'h' */
+return strdup(home);
+}
+
 char *unit_name_printf(Unit *u, const char* format) {
 
 /*
@@ -2194,6 +2216,8 @@ char *unit_full_printf(Unit *u, const char *format) {
 { 'r', specifier_cgroup_root, NULL },
 { 'R', specifier_cgroup_root, NULL },
 { 't', specifier_runtime, NULL },
+{ 'u', specifier_user_details,NULL },
+{ 'h', specifier_user_details,NULL },
 { 0, NULL, NULL }
 };
 
-- 
1.7.8

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] unit: add specifiers for user name and home directory

2011-12-16 Thread Ran Benita 
On Thu, Dec 15, 2011 at 04:01:05PM +0100, Lennart Poettering wrote:
> On Fri, 09.12.11 03:00, Ran Benita (ran...@gmail.com) wrote:
> 
> > +_username = username;
> > +r = get_user_creds(&_username, &uid, &gid, &home);
> > +free(username);
> > +if (r)
> > +return NULL;
> > +
> > +/* specifier == '~' */
> 
> Do we really want '~' here, and not 'h'? Sounds a bit weird to me to
> chain up weird characters like % and ~ in a sequence. %h might be less
> of a surprise to the user?
> 
> And please pass uid and gid as NULL, get_user_creds() can deal with
> that.
> 
> > +return strdup(home);
> 
> Otherwise looks fine. Thanks!

May I also ask why specifier expansion is not allowed in Exec= lines? I
think it's useful, and it works fine when I patch it. Is it problematic
in any way?

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH] unit: add specifiers for user name and home directory

2011-12-16 Thread Ran Benita 
On Fri, Dec 16, 2011 at 05:10:45PM +0100, Lennart Poettering wrote:
> On Fri, 16.12.11 12:41, Ran Benita (ran...@gmail.com) wrote:
> 
> > 
> > On Thu, Dec 15, 2011 at 04:01:05PM +0100, Lennart Poettering wrote:
> > > On Fri, 09.12.11 03:00, Ran Benita (ran...@gmail.com) wrote:
> > > 
> > > > +_username = username;
> > > > +r = get_user_creds(&_username, &uid, &gid, &home);
> > > > +free(username);
> > > > +if (r)
> > > > +return NULL;
> > > > +
> > > > +/* specifier == '~' */
> > > 
> > > Do we really want '~' here, and not 'h'? Sounds a bit weird to me to
> > > chain up weird characters like % and ~ in a sequence. %h might be less
> > > of a surprise to the user?
> > > 
> > > And please pass uid and gid as NULL, get_user_creds() can deal with
> > > that.
> > > 
> > > > +return strdup(home);
> > > 
> > > Otherwise looks fine. Thanks!
> > 
> > May I also ask why specifier expansion is not allowed in Exec= lines? I
> > think it's useful, and it works fine when I patch it. Is it problematic
> > in any way?
> 
> Hmm, it is allowed. In getty@.service for example, we have this:
> 
> ExecStart=-/sbin/agetty %I 38400
> 
> and it works fine?

Hmm, yes that works. I see service_spawn() expands the command
arguments, but not the path, which is what I tried. I previously
looked at config_parse_exec() in load-fragment.c.
So my question becomes, why not expand the path? (It seems intentional).

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Proposal: extend support for user session unit features

2012-07-10 Thread Ran Benita 
On Tue, Jul 10, 2012 at 05:00:43AM +, Kok, Auke-jan H wrote:
> So in short, I'd like to do both:
> 
> - have systemd chdir to $HOME if uid != 1
> 
> - extend the printf specifier list for user sessions with a specifer
> that can be used in various fields to refer to at minimum $HOME ("%h"
> ?) and possibly $UID ("%u") and $SHELL ("%s"), since these fields are
> part of the struct *passwd, and might be useful at some point.
> 
> Comments? I'll post a patch gladly to implement this.
> 

I think that's useful as well, and used it for a while. Also see
http://lists.freedesktop.org/archives/systemd-devel/2011-December/004076.html

Ran
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Proposal: extend support for user session unit features

2012-07-10 Thread Ran Benita 
On Tue, Jul 10, 2012 at 04:20:14PM +, Kok, Auke-jan H wrote:
> On Tue, Jul 10, 2012 at 2:06 PM, Lennart Poettering
>  wrote:
> > On Tue, 10.07.12 15:32, Ran Benita (ran...@gmail.com) wrote:
> >
> >>
> >> On Tue, Jul 10, 2012 at 05:00:43AM +, Kok, Auke-jan H wrote:
> >> > So in short, I'd like to do both:
> >> >
> >> > - have systemd chdir to $HOME if uid != 1
> >> >
> >> > - extend the printf specifier list for user sessions with a specifer
> >> > that can be used in various fields to refer to at minimum $HOME ("%h"
> >> > ?) and possibly $UID ("%u") and $SHELL ("%s"), since these fields are
> >> > part of the struct *passwd, and might be useful at some point.
> >> >
> >> > Comments? I'll post a patch gladly to implement this.
> >> >
> >>
> >> I think that's useful as well, and used it for a while. Also see
> >> http://lists.freedesktop.org/archives/systemd-devel/2011-December/004076.html
> >
> > Hmm, this patch looks pretty good. How did I miss that? Shame on me.
> 
> and on me! :^)
> 
> > I'd merge this patch, with two changes:
> >
> > Could you please split up the function into two, one for each of %u and
> > %h?
> >
> > Also, I think we should honour $HOME if it is set and fall back to
> > getpwuid(getuid())->pw_home if it isn't. This might be a good candidate
> > for a new call get_home() or so, in util.c. Hmm, and I wonder if
> > getlogname_malloc() is actually the best choice for %u. It probably
> > should honour $USER too, and otherwise resolve getpwuid(getuid()), but
> > not do the tty stuff that getlogname_malloc() does. (getlogname_mallc()
> > has a different use: it should return the user who actually really
> > originally logged in. But for the --user purpose we'd need the user of
> > that runs systemd, hence this should be a different call).
> >
> > And I guess Auke's suggested $SHELL specifier would be cool too.
> 
> we can do without that for a while longer, but it would be nice to be
> fairly complete at this point, which is why I suggested that.
> 
> Ran's patch looks exactly like what I need.
> 
> Ran, do you want to respin the patch? If not, I'll gladly do that.

I can't really compile systemd on my current machine, so I can't
rebase/test that it still works. So please go ahead and respin (along
with Lennart's other suggestions). That would be nice to have.

Thanks!
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [EXT] Best practice for giving a system daemon access to smartcard readers

2025-02-18 Thread Ran Benita 
On Tue, Feb 18, 2025, at 10:18, Windl, Ulrich wrote:
> Hi!
>  
> Did you consider using ACLs instead of changing owner and group? However I 
> must admit I never tried it with devices.
> So my idea was to add an ACL for pcscd when the service is in use and drop 
> that right if the service is not active.
> You could even query the ACL to use it as “locked flag”.

Yes, I considered it. ACLs seem like a good solution. The only reason I'm not 
going for it
is that udev rules don't provide a builtin way to add ACLs that I can see. So 
I'll need to use
RUN setfacl which seems not so nice to me. Although in my system I do see that 
at least
`brltty` rules seem to do exactly that...

Ran

[systemd-devel] Best practice for giving a system daemon access to smartcard readers

2025-02-17 Thread Ran Benita 
Hi,

I am working on improving the security of the pcscd smartcard daemon by
running it with a system user instead of root (the pcsclite author
indicated support for this). I'd like to ask for advice on a particular point.

# Background

For those who have never heard of it, pcscd[0][1] is part of a daemon/
shared library pair implementing the standard PC/SC API for
communicating with smartcards, this API is used on UNIX, Windows
and macOS. Smartcard readers almost all use the USB CCID (0x0b) class,
with some custom ones using the proprietary (0xff) class. The daemon
connects to smartcard readers using libusb. Clients connect via unix
socket. The daemon is socket-activated by default.

[0] https://pcsclite.apdu.fr
[1] https://github.com/LudovicRousseau/PCSC

Currently, this daemon is a big pile of C code running as root. The PC/SC
architecture involves the daemon calling into driver shared libraries to
perform the actual communication with the smartcard readers. These days
only one such is used widely, CCID[2][3].

[2] https://ccid.apdu.fr
[3] https://github.com/LudovicRousseau/CCID

The CCID driver enumerates a long list of USB vendor/product pairs it
supports, and ignores others. This list includes all common smartcard readers.
It can be extended by end users.

[4] /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist

# Switching to non-root user

The way my WIP patches implement this is:

- The pcsc package creates a `pcscd` system user/group.
- The ccid package installs udev rules making `pcscd` the owner/group of
all CCID devices (+ the few ones using the proprietary class by vendor/
product).

My question is, is it not considered "rude" for a particular package to
take ownership of these devices, when other processes might want to use
them as well? pcsclite is pretty standard but I'm not sure.

I noticed that the default udev rules already match smartcard reader
devices, set `ENV{ID_SMARTCARD_READER}=3D1` and add
`security-device` and `uaccess` tags.

The pcscd daemon cannot run as a user service and take advantage of the
uaccess tag because it needs to handle cross-user dynamic exclusive access
locking (transactions) and such, so it must run as a system service.

It seems better to me to give the device permissions to e.g. a `smartcard`
group instead of a `pcscd` group, and make `pcscd` user a member of that.
This is more neutral for other users. But how to coordinate this? It seems
inappeopriate for pcsclite to create such a group itself?

Another option I thought about is to only give the `pcscd` user ACL
permissions for the devices instead of full ownership, but I don't think udev
supports this?

Would appreciate any advice on best practices for this!

Ran