Re: [PATCH 1/2] tools/{c,o}xenstored: Don't link against libsystemd

[Anthony PERARD <anthony.perard@xxxxxxxxx>]

On Thu, Apr 25, 2024 at 07:16:23PM +0100, Andrew Cooper wrote:
> On 25/04/2024 7:06 pm, Anthony PERARD wrote:
> > On Thu, Apr 25, 2024 at 06:32:15PM +0100, Andrew Cooper wrote:
> >> libsystemd is a giant dependency for one single function, but in the wake 
> >> of
> >> the xz backdoor, it turns out that even systemd leadership recommend 
> >> against
> >> linking against libsystemd for sd_notify().
> >>
> >> Since commit 7b61011e1450 ("tools: make xenstore domain easy 
> >> configurable") in
> >> Xen 4.8, the launch-xenstore script invokes systemd-notify directly, so its
> > That's not enough, it's needs to be `systemd-notify --ready` to be a
> > replacement for sd_notify(READY=1).
> >
> >> not even necessary for the xenstored's to call sd_notify() themselves.
> > So, sd_notify() or equivalent is still necessary.
> >
> >> Therefore, just drop the calls to sd_notify() and stop linking against
> >> libsystemd.
> > Sounds good, be we need to replace the call by something like:
> >     echo READY=1 > $NOTIFY_SOCKET
> > implemented in C and ocaml. Detail to be checked.
> >
> > Otherwise, things won't work.
> 
> Hmm.  It worked in XenRT when stripping this all out, but that is

I don't know how XenServer is setup, maybe it doesn't matter? Anyway...

> extremely unintuitive behaviour for `systemd-notify --booted`, seeing as
> it's entirely different to --ready.

Yes, this --booted option should probably not exist, and there's
`systemctl is-system-running` that does something similar.

> 
> I've got no interest in keeping the C around, but if:
> 
> [ -n "$NOTIFY_SOCKET" ] && echo READY=1 > $NOTIFY_SOCKET
> 
> works, then can't we just use that after waiting for the the pidfile ?

Run `systemd-notify --ready` instead. Hopefully, that will be enough.
($NOTIFY_SOCKET is a socket, and a bit more complicated that I though,
it can start with "@" for example)

Cheers,

-- 
Anthony PERARD