mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
Merge pull request #18011 from yuwata/trivial-fixes
Trivial fixes for recently merged PRs
This commit is contained in:
commit
9f62de5762
@ -246,7 +246,7 @@
|
||||
|
||||
<programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto</programlisting>
|
||||
|
||||
<para>The above command will enroll the TPM2 chip, and then wipe all previously crated TPM2
|
||||
<para>The above command will enroll the TPM2 chip, and then wipe all previously created TPM2
|
||||
enrollments on the LUKS2 volume, leaving only the newly created one. Combining wiping and enrollment
|
||||
may also be used to replace enrollments of different types, for example for changing from a PKCS#11
|
||||
enrollment to a FIDO2 one:</para>
|
||||
|
@ -114,7 +114,11 @@ basic_sources = files('''
|
||||
linux/libc-compat.h
|
||||
linux/loadavg.h
|
||||
linux/netdevice.h
|
||||
linux/netfilter/nf_tables.h
|
||||
linux/netfilter/nfnetlink.h
|
||||
linux/netlink.h
|
||||
linux/nexthop.h
|
||||
linux/pkt_sched.h
|
||||
linux/rtnetlink.h
|
||||
linux/wireguard.h
|
||||
list.h
|
||||
|
@ -258,7 +258,7 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
/* And of course, als remember the tokens to remove. */
|
||||
/* And of course, also remember the tokens to remove. */
|
||||
if (shall_wipe)
|
||||
if (set_put(wipe_tokens, INT_TO_PTR(token)) < 0)
|
||||
return log_oom();
|
||||
|
@ -90,7 +90,7 @@ static int help(void) {
|
||||
" --tpm2-device=PATH\n"
|
||||
" Enroll a TPM2 device\n"
|
||||
" --tpm2-pcrs=PCR1,PCR2,PCR3,…\n"
|
||||
" Specifiy TPM2 PCRs to seal against\n"
|
||||
" Specify TPM2 PCRs to seal against\n"
|
||||
" --wipe-slot=SLOT1,SLOT2,…\n"
|
||||
" Wipe specified slots\n"
|
||||
"\nSee the %s for details.\n"
|
||||
@ -390,7 +390,7 @@ static int prepare_luks(
|
||||
password,
|
||||
strlen(password));
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Password from environent variable $PASSWORD did not work.");
|
||||
return log_error_errno(r, "Password from environment variable $PASSWORD did not work.");
|
||||
} else {
|
||||
AskPasswordFlags ask_password_flags = ASK_PASSWORD_PUSH_CACHE|ASK_PASSWORD_ACCEPT_CACHED;
|
||||
_cleanup_free_ char *question = NULL, *disk_path = NULL;
|
||||
|
@ -90,7 +90,7 @@ int acquire_fido2_key(
|
||||
|
||||
r = ask_password_auto("Please enter security token PIN:", "drive-harddisk", NULL, "fido2-pin", until, flags, &pins);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to ask for user pasword: %m");
|
||||
return log_error_errno(r, "Failed to ask for user password: %m");
|
||||
|
||||
flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
|
||||
}
|
||||
|
@ -1035,7 +1035,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
&keyslot,
|
||||
&token);
|
||||
if (r == -ENXIO) {
|
||||
/* No futher TPM2 tokens found in the LUKS2 header.*/
|
||||
/* No further TPM2 tokens found in the LUKS2 header.*/
|
||||
if (found_some)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
"No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking.");
|
||||
|
@ -139,7 +139,7 @@ int socket_bind(sd_netlink *nl);
|
||||
int socket_broadcast_group_ref(sd_netlink *nl, unsigned group);
|
||||
int socket_broadcast_group_unref(sd_netlink *nl, unsigned group);
|
||||
int socket_write_message(sd_netlink *nl, sd_netlink_message *m);
|
||||
int socket_writev_message(sd_netlink *nl, sd_netlink_message *m[], size_t msgcount);
|
||||
int socket_writev_message(sd_netlink *nl, sd_netlink_message **m, size_t msgcount);
|
||||
int socket_read_message(sd_netlink *nl);
|
||||
|
||||
int rtnl_rqueue_make_room(sd_netlink *rtnl);
|
||||
|
@ -238,13 +238,14 @@ int socket_write_message(sd_netlink *nl, sd_netlink_message *m) {
|
||||
return k;
|
||||
}
|
||||
|
||||
int socket_writev_message(sd_netlink *nl, sd_netlink_message *m[], size_t msgcount) {
|
||||
int socket_writev_message(sd_netlink *nl, sd_netlink_message **m, size_t msgcount) {
|
||||
_cleanup_free_ struct iovec *iovs = NULL;
|
||||
ssize_t k;
|
||||
size_t i;
|
||||
|
||||
assert(nl);
|
||||
assert(msgcount);
|
||||
assert(m);
|
||||
assert(msgcount > 0);
|
||||
|
||||
iovs = new0(struct iovec, msgcount);
|
||||
if (!iovs)
|
||||
|
@ -1027,9 +1027,9 @@ static const NLType rtnl_types[] = {
|
||||
[RTM_NEWADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
|
||||
[RTM_DELADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
|
||||
[RTM_GETADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
|
||||
[RTM_NEWRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
|
||||
[RTM_DELRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
|
||||
[RTM_GETRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
|
||||
[RTM_NEWRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
|
||||
[RTM_DELRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
|
||||
[RTM_GETRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
|
||||
[RTM_NEWNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
|
||||
[RTM_DELNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
|
||||
[RTM_GETNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
|
||||
@ -1467,7 +1467,7 @@ static const NLTypeSystem nfnl_nft_rule_expr_type_system = {
|
||||
static const NLType nfnl_nft_rule_types[] = {
|
||||
[NFTA_RULE_TABLE] = { .type = NETLINK_TYPE_STRING, .size = NFT_TABLE_MAXNAMELEN - 1 },
|
||||
[NFTA_RULE_CHAIN] = { .type = NETLINK_TYPE_STRING, .size = NFT_TABLE_MAXNAMELEN - 1 },
|
||||
[NFTA_RULE_EXPRESSIONS] = { .type = NETLINK_TYPE_NESTED, .type_system = &nfnl_nft_rule_expr_type_system }
|
||||
[NFTA_RULE_EXPRESSIONS] = { .type = NETLINK_TYPE_NESTED, .type_system = &nfnl_nft_rule_expr_type_system }
|
||||
};
|
||||
|
||||
static const NLTypeSystem nfnl_nft_rule_type_system = {
|
||||
|
@ -122,21 +122,18 @@ int sd_nfnl_nft_message_new_basechain(sd_netlink *nfnl, sd_netlink_message **ret
|
||||
|
||||
r = sd_netlink_message_append_u32(m, NFTA_HOOK_HOOKNUM, htobe32(hook));
|
||||
if (r < 0)
|
||||
goto cancel;
|
||||
return r;
|
||||
|
||||
r = sd_netlink_message_append_u32(m, NFTA_HOOK_PRIORITY, htobe32(prio));
|
||||
if (r < 0)
|
||||
goto cancel;
|
||||
return r;
|
||||
|
||||
r = sd_netlink_message_close_container(m);
|
||||
if (r < 0)
|
||||
goto cancel;
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(m);
|
||||
return 0;
|
||||
cancel:
|
||||
sd_netlink_message_cancel_array(m);
|
||||
return r;
|
||||
}
|
||||
|
||||
int sd_nfnl_nft_message_del_table(sd_netlink *nfnl, sd_netlink_message **ret,
|
||||
@ -243,6 +240,7 @@ int sd_nfnl_nft_message_new_setelems_begin(sd_netlink *nfnl, sd_netlink_message
|
||||
r = sd_netlink_message_open_container(m, NFTA_SET_ELEM_LIST_ELEMENTS);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(m);
|
||||
return r;
|
||||
}
|
||||
@ -267,6 +265,7 @@ int sd_nfnl_nft_message_del_setelems_begin(sd_netlink *nfnl, sd_netlink_message
|
||||
r = sd_netlink_message_open_container(m, NFTA_SET_ELEM_LIST_ELEMENTS);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
*ret = TAKE_PTR(m);
|
||||
return r;
|
||||
}
|
||||
@ -283,10 +282,9 @@ static int sd_nfnl_add_data(sd_netlink_message *m, uint16_t attr, const void *da
|
||||
return sd_netlink_message_close_container(m); /* attr */
|
||||
}
|
||||
|
||||
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m,
|
||||
uint32_t num,
|
||||
const void *key, uint32_t klen,
|
||||
const void *data, uint32_t dlen) {
|
||||
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m, uint32_t num,
|
||||
const void *key, uint32_t klen,
|
||||
const void *data, uint32_t dlen) {
|
||||
int r;
|
||||
|
||||
r = sd_netlink_message_open_array(m, num);
|
||||
|
@ -227,7 +227,7 @@ int sd_netlink_send(sd_netlink *nl,
|
||||
}
|
||||
|
||||
int sd_netlink_sendv(sd_netlink *nl,
|
||||
sd_netlink_message *messages[],
|
||||
sd_netlink_message **messages,
|
||||
size_t msgcount,
|
||||
uint32_t **ret_serial) {
|
||||
_cleanup_free_ uint32_t *serials = NULL;
|
||||
@ -237,6 +237,7 @@ int sd_netlink_sendv(sd_netlink *nl,
|
||||
assert_return(nl, -EINVAL);
|
||||
assert_return(!rtnl_pid_changed(nl), -ECHILD);
|
||||
assert_return(messages, -EINVAL);
|
||||
assert_return(msgcount > 0, -EINVAL);
|
||||
|
||||
if (ret_serial) {
|
||||
serials = new0(uint32_t, msgcount);
|
||||
|
@ -840,9 +840,9 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
|
||||
|
||||
if (link_has_ipv6_address(link, &gateway.in6) == 0) {
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
||||
if (DEBUG_LOGGING) {
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
||||
(void) in_addr_to_string(AF_INET6, &gateway, &buf);
|
||||
log_link_debug(link, "Advertised route gateway, %s, is local to the link, ignoring route", strnull(buf));
|
||||
}
|
||||
|
@ -3,11 +3,10 @@
|
||||
|
||||
#include <inttypes.h>
|
||||
|
||||
#include "firewall-util.h"
|
||||
|
||||
#include "sd-event.h"
|
||||
#include "sd-netlink.h"
|
||||
|
||||
#include "firewall-util.h"
|
||||
#include "in-addr-util.h"
|
||||
#include "list.h"
|
||||
|
||||
|
@ -314,12 +314,13 @@ static int nfnl_add_expr_masq(sd_netlink_message *m) {
|
||||
return sd_netlink_message_close_container(m); /* NFTA_LIST_ELEM */
|
||||
}
|
||||
|
||||
/* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destionation/pflen -j MASQUERADE */
|
||||
static int sd_nfnl_message_new_masq_rule(sd_netlink *nfnl, sd_netlink_message **ret, int family,
|
||||
const char *chain) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
|
||||
int r;
|
||||
|
||||
/* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destination/pflen -j MASQUERADE */
|
||||
|
||||
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -351,7 +352,6 @@ static int sd_nfnl_message_new_masq_rule(sd_netlink *nfnl, sd_netlink_message **
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen -d destionation/pflen -j DNAT --to-destination remote_addr:remote_port */
|
||||
static int sd_nfnl_message_new_dnat_rule_pre(sd_netlink *nfnl, sd_netlink_message **ret, int family,
|
||||
const char *chain) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
|
||||
@ -359,6 +359,9 @@ static int sd_nfnl_message_new_dnat_rule_pre(sd_netlink *nfnl, sd_netlink_messag
|
||||
uint32_t local = RTN_LOCAL;
|
||||
int r;
|
||||
|
||||
/* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen
|
||||
* -d destination/pflen -j DNAT --to-destination remote_addr:remote_port */
|
||||
|
||||
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -471,7 +474,7 @@ static int sd_nfnl_message_new_dnat_rule_out(sd_netlink *nfnl, sd_netlink_messag
|
||||
return r;
|
||||
|
||||
/* 4th statement: dnat connection to address/port retrieved by the
|
||||
* preceeding expression. */
|
||||
* preceding expression. */
|
||||
proto_reg = NFT_REG32_02;
|
||||
r = nfnl_add_expr_dnat(m, family, NFT_REG32_01, proto_reg);
|
||||
if (r < 0)
|
||||
@ -788,7 +791,7 @@ static int nft_message_add_setelem_iprange(sd_netlink_message *m,
|
||||
* In the nftables case, everything gets removed. The next add operation
|
||||
* will yield -ENOENT.
|
||||
*
|
||||
* If we see -ENOENT on add, replay the inital table setup.
|
||||
* If we see -ENOENT on add, replay the initial table setup.
|
||||
* If that works, re-do the add operation.
|
||||
*
|
||||
* Note that this doesn't protect against external sabotage such as a
|
||||
|
@ -101,10 +101,10 @@ shared_sources = files('''
|
||||
fdset.h
|
||||
fileio-label.c
|
||||
fileio-label.h
|
||||
firewall-util.c
|
||||
firewall-util-nft.c
|
||||
firewall-util.h
|
||||
firewall-util-private.h
|
||||
firewall-util.c
|
||||
firewall-util.h
|
||||
format-table.c
|
||||
format-table.h
|
||||
fsck-util.h
|
||||
|
@ -60,7 +60,7 @@ sd_netlink *sd_netlink_ref(sd_netlink *nl);
|
||||
sd_netlink *sd_netlink_unref(sd_netlink *nl);
|
||||
|
||||
int sd_netlink_send(sd_netlink *nl, sd_netlink_message *message, uint32_t *serial);
|
||||
int sd_netlink_sendv(sd_netlink *nl, sd_netlink_message *messages[], size_t msgcnt, uint32_t **ret_serial);
|
||||
int sd_netlink_sendv(sd_netlink *nl, sd_netlink_message **messages, size_t msgcnt, uint32_t **ret_serial);
|
||||
int sd_netlink_call_async(sd_netlink *nl, sd_netlink_slot **ret_slot, sd_netlink_message *message,
|
||||
sd_netlink_message_handler_t callback, sd_netlink_destroy_t destoy_callback,
|
||||
void *userdata, uint64_t usec, const char *description);
|
||||
|
@ -280,9 +280,9 @@ static void test_fd_is_mount_point(void) {
|
||||
assert_se(fd_is_mount_point(fd, "proc", 0) > 0);
|
||||
assert_se(fd_is_mount_point(fd, "proc/", 0) > 0);
|
||||
|
||||
/* /root's entire raison d'etre is to be on the root file system (i.e. not in /home/ which might be
|
||||
* split off), so that the user can always log in, so it cannot be a mount point unless the system is
|
||||
* borked. Let's allow for it to be missing though. */
|
||||
/* /root's entire reason for being is to be on the root file system (i.e. not in /home/ which
|
||||
* might be split off), so that the user can always log in, so it cannot be a mount point unless
|
||||
* the system is borked. Let's allow for it to be missing though. */
|
||||
assert_se(IN_SET(fd_is_mount_point(fd, "root", 0), -ENOENT, 0));
|
||||
assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
|
||||
}
|
||||
|
@ -572,7 +572,7 @@ static int dmi_table(int64_t base, uint32_t len, uint16_t num, const char *devme
|
||||
|
||||
/*
|
||||
* When reading from sysfs or from a dump file, the file may be
|
||||
* shorter than announced. For SMBIOS v3 this is expcted, as we
|
||||
* shorter than announced. For SMBIOS v3 this is expected, as we
|
||||
* only know the maximum table size, not the actual table size.
|
||||
* For older implementations (and for SMBIOS v3 too), this
|
||||
* would be the result of the kernel truncating the table on
|
||||
@ -599,7 +599,7 @@ static int smbios3_decode(const uint8_t *buf, const char *devmem, bool no_file_o
|
||||
buf[0x06], 0x18U);
|
||||
|
||||
if (!verify_checksum(buf, buf[0x06]))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Faied to verify checksum.");
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to verify checksum.");
|
||||
|
||||
offset = QWORD(buf + 0x10);
|
||||
if (!no_file_offset && (offset >> 32) != 0 && sizeof(int64_t) < 8)
|
||||
|
Loading…
Reference in New Issue
Block a user