GitLab

* NEWS: Record release date.

hostfs is provided by the Linux UML subsystem.
smackfs is provided by the Linux Smack security module.

* src/stat.c (human_fstype): Add new file system ID definitions.
* NEWS: Mention the improvement, and adjust for the fact that
SNFS is a remote file system.

* test/dd/no-allocate.sh: Use 'wait' to ensure we don't have
multiple writers to the fifo, which was seen to trigger
a very hard to reproduce deadlock with make -j20 on solaris.
Also avoid writing to the fifo with the shell; instead using dd.
(check_dd_seek_alloc): A new function refactored from the various
cases, which are now constructed from function parameters.

* tests/cp/link-deref.sh: On systems were cp can't determine if
gnulib linkat() emulation might create a symlink instead of a hardlink
to a symlink, copy.c will create a symlink to the symlink so that
it has more control over its metadata.  Also even if the system
supports this operation, the particular file system under test may not.
So avoid the hardlinked symlink verification in these cases.
This fixes a false failure on aix, solaris and freebsd.

* configure.ac: Don't change the gnulib default of 'no' for
whether to link with openssl system libraries if available.
Distributions can explicitly enable this as their policy allows.
* NEWS: Adjust accordingly.

* doc/coreutils.texi (numfmt invocation): s/nun/num/.
Fixes http://bugs.gnu.org/16122

* tests/df/total-unprocessed.sh: Skip the test when we can't
determine the file system type as the exclusion filter is not
applied in that case.  "lofs" being ignored is effectively
an unknown file system type.

* tests/cp/sparse-fiemap.sh: Newer versions of filefrag output
more fields, in different orders, so handle that to avoid warnings.

* gnulib: Update to incorporate a fix for building tests
with -Werror=old-style-declaration

* tests/readlink/multi.sh: Ensure there is a trailing delimeter
or xargs may (on AIX 7 at least) suppress the last argument.

* tests/rm/interactive-once.sh: Ensure the expected output
matches with the output on systems without /dev/stdin (like AIX 7).
Also change some fail=1 to a more appropriate framework_failure_.

* configure.ac: Use gl_SET_CRYPTO_CHECK_DEFAULT() to set the
coreutils default for --with-openssl early, so that the
help text can be provided in a standard and complete form.
* gnulib: Update to incorporate a build fix on platforms
with only some of md5 and sha* implemented by libcrypto.

Inline functions are awkward to breakpoint as mentioned at:
https://sourceware.org/bugzilla/show_bug.cgi?id=10738
The normal case here was for the breakpoint on the inline function
to fail, resulting in a 10s delay before skipping the test.
However on GCC 4.7.2 on ppc64 at least it was seen that
the test failed erroneously due to the breakpoint being successfully
set on an "out of line" function, but an inline function was
actually being called.

* tests/tail-2/inotify-race.sh: Switch to a line based breakpoint,
rather than a symbol base one, which avoids issues with breakpoints
on inline functions.  Also skip_ on the initial breakpoint check
in case the breakpoint is not traversed which would be the case
on remote file systems for example.

* src/tail.c: With inotify, when a file is initially absent,
we fstat(-1) for that file spec, thus recording an errnum of EBADF,
which caused the "has become accessible" diagnostic to be issued,
when the file first appears.  Instead we avoid the fstat(-1) and
thus emit the more natural and consistent "has appeared" diagnostic.
* tests/tail-2/retry.sh: Use the new diagnostic which also causes
this test to pass on systems without inotify.

* tests/df/total-unprocessed.sh: -t nfs and --local are
_not_ mutually exclusive on solaris, with lofs mounts.

* tests/cp/link-deref.sh: This was seen to cause an issue
with dash v0.5.6 at least, so change to a simpler expression.

* tests/ls/stat-free-color.sh: Add newfstatat to the list
of syscalls to trace.  Also add all "stat" syscalls to the
list of syscalls that we verify that strace supports.
Also only create a single dangling symlink to check, since
we already only check for a single "stat" call.
Fixes http://bugs.gnu.org/16075 seen on AArch64

* tests/misc/shuf-reservoir.sh: Restrict the valgrind
"exit on leak" behavior to developer environments where
specific "lint" code is enabled to avoid inconsequential leaks.

Previously, the test triggered another error diagnostic:
  shuf: invalid input range ‘-e’
and therefore eclipsed the expected one:
  shuf: cannot combine -e and -i options

While at it, reindent a line with more than 80 characters, present
since the previous commit to silence sc_long_lines.

* tests/misc/shuf.sh: Pass a valid range to the -i option.

Original problem reported by Philipp Thomas in
<http://bugs.gnu.org/16061>.
* NEWS: shuf --repeat, not shuf --repetitions.
* doc/coreutils.texi (shuf invocation):
* src/shuf.c (usage, long_opts, main):
* tests/misc/shuf.sh:
Likewise.  Also, the default head-count is infinity.

Since v8.21-172-g33660b49, df not only treats symbolic link arguments
differently, as stated there, but now generally processes special file
arguments in a non-canonicalized form correctly:

  $ cd /dev && df-old sdb
  Filesystem     1K-blocks  Used Available Use% Mounted on
  devtmpfs         1014572    48   1014524   1% /dev

  $ cd /dev && df-new sdb
  Filesystem     1K-blocks    Used Available Use% Mounted on
  /dev/sdb        10190136 6039532   3609932  63% /home

Document df's new behavior.

* doc/coreutils.texi (df invocation): In the paragraph describing
df's behavior regarding special file arguments, relax the condition
for such special files from "... is an absolute name of ..." to
"... resolves to ...".
* NEWS (Bug fixes): Mention the new behavior also here.

This could trigger on SELinux systems where we build --qithout-selinux
or where the SELinux development libraries are not installed.

* init.cfg (require_selinux_enforcing_): Call require_selinux_()
to determine if the current build supports SELinux.  This avoids
a false failure in tests/mkdir/selinux.sh where only mkdir would
determine that SELinux was disabled and thus ignore invalid contexts.
(require_selinux_): Refactor a little to distinguish whether it's
the build or the (file) system that doesn't support SELinux.

* src/selinux.h (ignorable_ctx_err): A new function used
to determine if a warning should be given after a call
to defaultcon() or restorecon().
* src/cp.c (main): Fix the setfscreatecon() call to use
the argument passed by the user.
* src/mkdir.c (make_ancestor): Show all but "ignoreable" errors
from defaultcon() and restorecon().
* tests/misc/selinux.sh: Add a test run as root in selinux enforcing
mode, to ensure cp --context=invalid is honored and fails immediately.

libcrypto is generally available and has well optimized
crypto hash routines particular to various systems.
For example, testing sha1sum with openssl-1.0.0j
on an i3-2310M, gives a performance boost of about 40%:

$ time sha1sum.old --tag ~/test.iso
SHA1 (/home/padraig/test.iso) = 3c27f7ed01965fd2b89e22128fd62dc51a3bef30
real    0m4.692s
user    0m4.499s
sys     0m0.162s

$ time sha1sum.new --tag ~/test.iso
SHA1 (/home/padraig/test.iso) = 3c27f7ed01965fd2b89e22128fd62dc51a3bef30
real    0m2.685s
user    0m2.512s
sys     0m0.170s

* configure.ac: By default, enable use of libcrypto if available.
* src/local.mk: Link with libcrypto.
* NEWS: Mention the md5sum and sha*sum improvements.

* src/df.c (get_disk): Use the same heuristic used in
get_point() to select the shortest file system mount point,
in an attempt to show the base mounted file system.
* NEWS: Mention the bug fix.

This is so the matching for the device is done on the canonical name
of the disk node, rather than on the path of the symlink.
In any case the user will generally want to use the symlink target.

* src/df.c (get_disk): Canonicalize the passed file,
before matching against the list of mounted file system devices.
Note we pass the original symlink name to the "file" output field,
as the symlink target is usually available through the "source" field.
* tests/df/df-symlink.sh: Test the dereferencing operation.
* tests/local.mk: Mention the new test.
* NEWS: Mention the fix.
Reported by Ondrej Oprala

Note tests/init.sh and bootstrap are still in sync with gnulib.

* gnulib: Sync two configure check fixes.
- Avoid generating core dumps from regex configure check
- Fix compile error in getcwd configure check

Note tests/init.sh and bootstrap are still in sync with gnulib.

* gnulib: Sync many fixes/changes, including the base64
encoding speedup mentioned in commit v8.21-145-g91208453
Also included is support for enabling use of libcrypto hash routines
which are generally well optimized for particular systems.

Add a new rule to ensure the use of quote() instead of '%s' or `%s'
in format strings of diagnostics messages.

* cfg.mk (sc_prohibit_quotes_notation): Add rule.
* TODO: Remove the entry regarding the '%s' notation.
* src/mkfifo.c (main): Remove the offending and in this case even
duplicate quoting in the format string of the error diagnostic.
* src/mknod.c (main): Likewise.
* src/df.c (decode_output_arg): Change two invocations of error()
according to the above new rule.
* src/numfmt.c: Fix numerous wrong quote notations to fit the above
new rule, mostly in internal debugging diagnostic messages.

* doc/coreutils.texi (ls invocation): Remove the note about
OSX terminals not aligning properly as this is no longer the case.
Tested by: Philipp Thomas

* src/longlong.h: Sync with the latest longlong.h from libgmp to:
- avoid arm asm when being compiled for the thumb instruction [sub]set
- avoid old powerpc assembly that is incompatible with newer GCC
- add arm64 optimized count_trailing_zeros()
- add sparc64 optimized add_ssaaaa() and umul_ppmm()

* tests/rm/r-root.sh: Add a non-root test.
* tests/local.mk (all_tests): Mention the test.

* src/extent-scan.c (extent_need_sync): Remove the FIXME comment about
removing the work around.  As discussed in [1], the needed FIEMAP fix
never made it into the Linux kernel.

* src/realpath.c (longopts): Remove the FIXME comment about deprecating
the --strip option as it's a valid alias for --no-symlinks option.
Also discussed in [1].

[1] http://lists.gnu.org/archive/html/coreutils/2013-11/msg00103.html

This option has been undocumented for 12 years [1], and warned
about for a year [2].

[1] commit FILEUTILS-4_1_4-23-gd1772031
[2] commit v8.17-43-g453ce92f

* src/df.c (MEGABYTES_OPTION): Remove.
(long_options): Remove "megabytes" element.
(main): In the option parsing loop, remove the MEGABYTES_OPTION case.
* NEWS: Mention the change.

* src/selinux.c: Don't include the system "fts.h" as
that disallows _FILE_OFFSET_BITS=64 which gnulib auto enables
to support large files on 32 bit systems.  Instead include
our "xfts.h" which includes the less limited gnulib replacement,
and also a checked version of xfts_open().
(restorecon): Use the checked xfts_open() rather than the standard
fts_open().
Prompted by the continuous integration build failure at:
http://hydra.nixos.org/build/6934169

Handle both newer selinux libraries with mode_to_security_class(),
and systems without selinux at all.  We could easily adjust
gnulib to provide the necessary stubs for use by this module,
but it's more efficient to just stub out the module completely,
when not using selinux.

* src/selinux.h: Define stubs for the two module functions,
when SELinux is not available.
* src/selinux.c: Exclude all logic in preference for the stubs
when selinux isn't used.  Also when newer selinux libs are used,
don't use our conflicting static version of mode_to_security_class().
m4/jm-macros.m4: Check for the system mode_to_security_class().

* src/selinux.c: This module introduced in commit v8.21-159-gd8e27ab0
doesn't need to include <selinux/flask.h>.  That header file
isn't catered for by gnulib, but is not needed as we're not
explicitly referencing any class IDs.
Prompted by the continuous integration build failure at:
http://hydra.nixos.org/build/6920020

cp, mv, install, mkdir, mkfifo, mknod are adjusted so that:
 -Z no longer accepts an argument.
 -Z or --context without an argument do not warn without SELinux.
 --context with an argument will warn without SELinux.

* src/local.mk: Reference the new selinux module where required.
* src/system.h: Make the argument to --context optional.
* src/mkdir.c: Likewise.  Also handle the SMACK case for --context.
Note we currently silently ignore -Z with SMACK.
* src/mkfifo.c: Likewise.
* src/mknod.c: Likewise.
* src/install.c: Likewise.  Note install(1) by default already
set the context for target files to their system default,
albeit with an older method.  Use the -Z option to select between
the old and new context restoration behavior, and document
the differences and details for how context restoration
is done in new and old methods, with a view disabling the
old method entirely in future.
* src/cp.c: Make the argument to --context optional.
Note -Z implies --no-preserve=context.  I.E. -Z overrides
that aspect of -a no matter what order specified.
(struct cp_options): Document the context handling options.
(main): Check/adjust option combinations after all
options are processed, to both simplify processing
and to make handling independent of order of options
on the command line.  Also improve the diagnostics
from a failed call to setfscreatecon().
(set_process_security_ctx): A new function,
refactored to set the default context from the source file,
or with the type adjusted as per the system default for
the destination path.
(set_file_security_ctx): A new function refactored to
set the security context of an existing file, either based on
the process context or the default system context for a path.
(copy_internal): Use the refactored functions to simplify
error handling and consistently fail or warn as needed.
(copy_reg): Likewise.
(copy_internal): With --preserve=context, also copy
context from non regular files.  Note for directories this may
impact the copying of subsequent files to that directory?
(copy_attr): If we're handling SELinux explicitly,
then exclude to avoid the redudant copy with --preserve=context,
and the problematic copy with -Z.  Note SELinux attribute exclusion
also now honors cp -a --no-preserve=context.  Note there was a
very small window over 10 years ago, where attr_copy_file was
available, while attr_copy_check_permissions was not, so we
don't bother adding an explicit m4 check for the latter function.
* src/mv.c: Support --context, but don't allow specifying an argument.
* src/chcon.c: Adjust a comment to be specific to SELinux.
* src/runcon.c: Likewise.
* src/copy.c: Honor the context settings to "restorecon" as appropriate.
* src/copy.h: Add a new setting to select "restorecon" functionality.
* tests/mkdir/selinux.sh: s/-Z/--context=/
* tests/cp/cp-a-selinux.sh: Augment this test with cases
testing basic -Z functionality, and also test the various
invalid option combinations and option precedence.
* tests/mkdir/restorecon.sh: Add a new test for the
more involved mkdir -Z handling, since the directory changing
and non existent directories need to be specially handled.
Also check the similar but simpler handling of -Z by mk{nod,fifo}.
* tests/local.mk: Reference the new test.
* doc/coreutils.texi (cp invocation): Update as per interface changes.
(mv invocation): Likewise.
(install invocation): Likewise.
(mkfifo invocation): Likewise.
(mknod invocation): Likewise.
(mkdir invocation): Likewise.
* NEWS: Mention the new feature and change in behavior.

* src/selinux.c: A new module implementing "restorecon" functionality.
There are two main functions to adjust the type of the referenced
file system item.  defaultcon() will setup the process context so
that new items will have the required context without races.  This is
the preferred method.  For existing files, the equivalent restorecon()
is available which has two modes.  With the "local" parameter set to
false, restorecon() will adjust the type according to the system
configuration for that file, and set to true will update the context
as per the context for the current process (disregarding type).
* src/selinux.h: Likewise.
* po/POTFILES.in: Reference the new module.

A sync operation is very often expensive.  For illustration
I timed the following python script which indicated that
each ext4 dir sync was taking about 2ms and 12ms, on an
SSD and traditional disk respectively.

  import os
  d=os.open(".", os.O_DIRECTORY|os.O_RDONLY)
  for i in range(1000):
     os.fdatasync(d)

So syncing for each character for each file can result
in significant delays.  Often this overhead is redundant,
as only the data is sensitive and not the file name.
Even if the names are sensitive, your file system may
employ synchronous metadata updates, which also makes
explicit syncing redundant.

* tests/misc/shred-remove.sh: Ensure all the new parameters
actually unlink the file.
* doc/coreutils.texi (shred invocation): Describe the new
parameters to the --remove option.
* src/shred.c (Usage): Likewise.
(main): Parse the new options.
(wipename): Inspect the new enum to see which of
the now optional tasks to perform.
* NEWS: Mention the new feature.
* THANKS.in: Add reporter Joseph D. Wagner