mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-18 06:03:42 +03:00
Merge pull request #26424 from ldv-alt/fix-typos
Fix a few typos in NEWS, docs and comments
This commit is contained in:
commit
fff1edc9f9
8
NEWS
8
NEWS
@ -167,7 +167,7 @@ CHANGES WITH 253 in spe:
|
|||||||
yet. (This feature has no security implications, because the code is
|
yet. (This feature has no security implications, because the code is
|
||||||
still privileged and can trivially exit the sandbox.)
|
still privileged and can trivially exit the sandbox.)
|
||||||
|
|
||||||
* The system manager manager will now parse a new "vmm.notify_socket"
|
* The system manager will now parse a new "vmm.notify_socket"
|
||||||
system credential, which may be supplied to a VM via SMBIOS. If
|
system credential, which may be supplied to a VM via SMBIOS. If
|
||||||
found, the manager will send a "READY=1" notification on the
|
found, the manager will send a "READY=1" notification on the
|
||||||
specified socket after boot is complete. This allows readiness
|
specified socket after boot is complete. This allows readiness
|
||||||
@ -180,7 +180,7 @@ CHANGES WITH 253 in spe:
|
|||||||
with something custom, so this change has limited effect.)
|
with something custom, so this change has limited effect.)
|
||||||
|
|
||||||
* A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
|
* A new environment variable $SYSTEMD_DEFAULT_MOUNT_RATE_LIMIT_BURST
|
||||||
can can be used to override the mount units burst late limit for
|
can be used to override the mount units burst late limit for
|
||||||
parsing '/proc/self/mountinfo', which was introduced in v249.
|
parsing '/proc/self/mountinfo', which was introduced in v249.
|
||||||
Defaults to 5.
|
Defaults to 5.
|
||||||
|
|
||||||
@ -1769,7 +1769,7 @@ CHANGES WITH 251:
|
|||||||
|
|
||||||
* A new build-time configuration setting default-user-shell= can be
|
* A new build-time configuration setting default-user-shell= can be
|
||||||
used to set the default shell for user records and nspawn shell
|
used to set the default shell for user records and nspawn shell
|
||||||
invocations (instead of of the default /bin/bash).
|
invocations (instead of the default /bin/bash).
|
||||||
|
|
||||||
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
|
* systemd-timesyncd now provides a D-Bus API for receiving NTP server
|
||||||
information dynamically at runtime via IPC.
|
information dynamically at runtime via IPC.
|
||||||
@ -2457,7 +2457,7 @@ CHANGES WITH 250:
|
|||||||
now also owned by the system group "sgx".
|
now also owned by the system group "sgx".
|
||||||
|
|
||||||
* A new build-time meson option "extra-net-naming-schemes=" has been
|
* A new build-time meson option "extra-net-naming-schemes=" has been
|
||||||
added to define additional naming schemes schemes for udev's network
|
added to define additional naming schemes for udev's network
|
||||||
interface naming logic. This is useful for enterprise distributions
|
interface naming logic. This is useful for enterprise distributions
|
||||||
and similar which want to pin the schemes of certain distribution
|
and similar which want to pin the schemes of certain distribution
|
||||||
releases under a specific name and previously had to patch the
|
releases under a specific name and previously had to patch the
|
||||||
|
12
TODO
12
TODO
@ -209,7 +209,7 @@ Features:
|
|||||||
|
|
||||||
* in journald: whenever we start a new journal file because the boot ID
|
* in journald: whenever we start a new journal file because the boot ID
|
||||||
changed, let's generate a recognizable log record containing info about old
|
changed, let's generate a recognizable log record containing info about old
|
||||||
and new new ID. Then, when displaying log stream in journalctl look for these
|
and new ID. Then, when displaying log stream in journalctl look for these
|
||||||
records, to be able to order them.
|
records, to be able to order them.
|
||||||
|
|
||||||
* timesyncd: when saving/restoring clock try to take boot time into account.
|
* timesyncd: when saving/restoring clock try to take boot time into account.
|
||||||
@ -744,11 +744,11 @@ Features:
|
|||||||
protections of the root OS are weakened after interactive confirmation, to
|
protections of the root OS are weakened after interactive confirmation, to
|
||||||
allow hackers to allow their own stuff. idea: allow entering developer mode
|
allow hackers to allow their own stuff. idea: allow entering developer mode
|
||||||
only via explicit choice in boot menu: i.e. add explicit boot menu item for
|
only via explicit choice in boot menu: i.e. add explicit boot menu item for
|
||||||
it. when developer mode is entered generate a key pair in the TPM2, and add
|
it. When developer mode is entered, generate a key pair in the TPM2, and add
|
||||||
the public part of it automatically to keychain of valid code signature keys
|
the public part of it automatically to keychain of valid code signature keys
|
||||||
on subsequent boots. Then provide a tool to sign code with the key in the
|
on subsequent boots. Then provide a tool to sign code with the key in the
|
||||||
TPM2. Ensure that boot menu item is only way to enter developer mode, by
|
TPM2. Ensure that boot menu item is the only way to enter developer mode, by
|
||||||
binding it to locality/PCRs so that that keys cannot be generated otherwise.
|
binding it to locality/PCRs so that keys cannot be generated otherwise.
|
||||||
|
|
||||||
* services: add support for cryptographically unlocking per-service directories
|
* services: add support for cryptographically unlocking per-service directories
|
||||||
via TPM2. Specifically, for StateDirectory= (and related dirs) use fscrypt to
|
via TPM2. Specifically, for StateDirectory= (and related dirs) use fscrypt to
|
||||||
@ -996,7 +996,7 @@ Features:
|
|||||||
mounted from host. maybe put this in systemd-user-sessions.service?
|
mounted from host. maybe put this in systemd-user-sessions.service?
|
||||||
|
|
||||||
* drop dependency on libcap, replace by direct syscalls based on
|
* drop dependency on libcap, replace by direct syscalls based on
|
||||||
CapabilityQuintet we already have. (This likely allows us drop drop libcap
|
CapabilityQuintet we already have. (This likely allows us to drop libcap
|
||||||
dep in the base OS image)
|
dep in the base OS image)
|
||||||
|
|
||||||
* sysext: automatically activate sysext images dropped in via new sd-stub
|
* sysext: automatically activate sysext images dropped in via new sd-stub
|
||||||
@ -1144,7 +1144,7 @@ Features:
|
|||||||
|
|
||||||
* credentials system:
|
* credentials system:
|
||||||
- acquire from EFI variable?
|
- acquire from EFI variable?
|
||||||
- acquire via via ask-password?
|
- acquire via ask-password?
|
||||||
- acquire creds via keyring?
|
- acquire creds via keyring?
|
||||||
- pass creds via keyring?
|
- pass creds via keyring?
|
||||||
- pass creds via memfd?
|
- pass creds via memfd?
|
||||||
|
@ -34,7 +34,7 @@ purpose. Specifically, the following features are provided:
|
|||||||
environment variables the credential data is not propagated down the process
|
environment variables the credential data is not propagated down the process
|
||||||
tree. Instead each time a credential is accessed an access check is enforced
|
tree. Instead each time a credential is accessed an access check is enforced
|
||||||
by the kernel. If the service is using file system namespacing the loaded
|
by the kernel. If the service is using file system namespacing the loaded
|
||||||
credential data is invisible to any other services.
|
credential data is invisible to all other services.
|
||||||
|
|
||||||
4. Service credentials may be acquired from files on disk, specified as literal
|
4. Service credentials may be acquired from files on disk, specified as literal
|
||||||
strings in unit files, acquired from another service dynamically via an
|
strings in unit files, acquired from another service dynamically via an
|
||||||
|
@ -28,7 +28,7 @@ avoiding an unnecessary synchronization point.
|
|||||||
## Network management services: `network.target`
|
## Network management services: `network.target`
|
||||||
|
|
||||||
`network.target` indicates that the network management stack has been started.
|
`network.target` indicates that the network management stack has been started.
|
||||||
Ordering after it it has little meaning during start-up: whether any network
|
Ordering after it has little meaning during start-up: whether any network
|
||||||
interfaces are already configured when it is reached is not defined.
|
interfaces are already configured when it is reached is not defined.
|
||||||
|
|
||||||
Its primary purpose is for ordering things properly at shutdown: since the
|
Its primary purpose is for ordering things properly at shutdown: since the
|
||||||
|
@ -212,7 +212,7 @@ object. The following fields are currently defined:
|
|||||||
|
|
||||||
`userName` → The UNIX user name for this record. Takes a string with a valid
|
`userName` → The UNIX user name for this record. Takes a string with a valid
|
||||||
UNIX user name. This field is the only mandatory field, all others are
|
UNIX user name. This field is the only mandatory field, all others are
|
||||||
optional. Corresponds with the `pw_name` field of of `struct passwd` and the
|
optional. Corresponds with the `pw_name` field of `struct passwd` and the
|
||||||
`sp_namp` field of `struct spwd` (i.e. the shadow user record stored in
|
`sp_namp` field of `struct spwd` (i.e. the shadow user record stored in
|
||||||
`/etc/shadow`). See [User/Group Name Syntax](USER_NAMES.md) for
|
`/etc/shadow`). See [User/Group Name Syntax](USER_NAMES.md) for
|
||||||
the (relaxed) rules the various systemd components enforce on user/group names.
|
the (relaxed) rules the various systemd components enforce on user/group names.
|
||||||
|
@ -77,7 +77,7 @@
|
|||||||
from the kernel entropy pool.</para></listitem>
|
from the kernel entropy pool.</para></listitem>
|
||||||
|
|
||||||
<listitem><para>In userspace the <filename>systemd-boot-random-seed.service</filename> service updates
|
<listitem><para>In userspace the <filename>systemd-boot-random-seed.service</filename> service updates
|
||||||
the boot loader random seed with a new value derived from the kernel kernel entropy pool.</para></listitem>
|
the boot loader random seed with a new value derived from the kernel entropy pool.</para></listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
|
|
||||||
<para>This logic should ensure that the kernel's entropy pool is seeded during earliest bool already, if
|
<para>This logic should ensure that the kernel's entropy pool is seeded during earliest bool already, if
|
||||||
|
@ -418,7 +418,7 @@ typedef struct {
|
|||||||
|
|
||||||
assert_cc(sizeof(dummy_t) == 0);
|
assert_cc(sizeof(dummy_t) == 0);
|
||||||
|
|
||||||
/* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for for
|
/* A little helper for subtracting 1 off a pointer in a safe UB-free way. This is intended to be used for
|
||||||
* loops that count down from a high pointer until some base. A naive loop would implement this like this:
|
* loops that count down from a high pointer until some base. A naive loop would implement this like this:
|
||||||
*
|
*
|
||||||
* for (p = end-1; p >= base; p--) …
|
* for (p = end-1; p >= base; p--) …
|
||||||
|
@ -329,7 +329,7 @@ int unit_file_resolve_symlink(
|
|||||||
|
|
||||||
assert(path_is_absolute(simplified));
|
assert(path_is_absolute(simplified));
|
||||||
|
|
||||||
/* Check if the symlink remain inside of of our search path.
|
/* Check if the symlink remain inside of our search path.
|
||||||
* If yes, it is an alias. Verify that it is valid.
|
* If yes, it is an alias. Verify that it is valid.
|
||||||
*
|
*
|
||||||
* If no, then this is a linked unit file or mask, and we don't care about the target name
|
* If no, then this is a linked unit file or mask, and we don't care about the target name
|
||||||
|
@ -892,7 +892,7 @@ static int device_setup_units(Manager *m, sd_device *dev, Set **ready_units, Set
|
|||||||
|
|
||||||
/* First, process the main (that is, points to the syspath) and (real, not symlink) devnode units. */
|
/* First, process the main (that is, points to the syspath) and (real, not symlink) devnode units. */
|
||||||
if (device_for_action(dev, SD_DEVICE_REMOVE))
|
if (device_for_action(dev, SD_DEVICE_REMOVE))
|
||||||
/* If the device is removed, the main and devnode units units will be removed by
|
/* If the device is removed, the main and devnode units will be removed by
|
||||||
* device_update_found_by_sysfs() in device_dispatch_io(). Hence, it is not necessary to
|
* device_update_found_by_sysfs() in device_dispatch_io(). Hence, it is not necessary to
|
||||||
* store them to not_ready_units, and we have nothing to do here.
|
* store them to not_ready_units, and we have nothing to do here.
|
||||||
*
|
*
|
||||||
|
@ -2994,7 +2994,7 @@ static int manager_dispatch_idle_pipe_fd(sd_event_source *source, int fd, uint32
|
|||||||
* on services that want to own the console exclusively without our interference. */
|
* on services that want to own the console exclusively without our interference. */
|
||||||
m->no_console_output = m->n_on_console > 0;
|
m->no_console_output = m->n_on_console > 0;
|
||||||
|
|
||||||
/* Acknowledge the child's request, and let all all other children know too that they shouldn't wait
|
/* Acknowledge the child's request, and let all other children know too that they shouldn't wait
|
||||||
* any longer by closing the pipes towards them, which is what they are waiting for. */
|
* any longer by closing the pipes towards them, which is what they are waiting for. */
|
||||||
manager_close_idle_pipe(m);
|
manager_close_idle_pipe(m);
|
||||||
|
|
||||||
|
@ -2242,7 +2242,7 @@ static int home_get_disk_status_luks(
|
|||||||
* that case the image is pre-allocated and thus appears all used from the host PoV but is not used
|
* that case the image is pre-allocated and thus appears all used from the host PoV but is not used
|
||||||
* up at all yet from the user's PoV.
|
* up at all yet from the user's PoV.
|
||||||
*
|
*
|
||||||
* That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
|
* That said, we use the stat() reported loopback file size as upper boundary: our footprint can
|
||||||
* never be larger than what we take up on the lowest layers. */
|
* never be larger than what we take up on the lowest layers. */
|
||||||
|
|
||||||
if (disk_size != UINT64_MAX && disk_size > disk_free) {
|
if (disk_size != UINT64_MAX && disk_size > disk_free) {
|
||||||
|
@ -1807,7 +1807,7 @@ static int oci_seccomp_args(const char *name, JsonVariant *v, JsonDispatchFlags
|
|||||||
|
|
||||||
expected = p->op == SCMP_CMP_MASKED_EQ ? 4 : 3;
|
expected = p->op == SCMP_CMP_MASKED_EQ ? 4 : 3;
|
||||||
if (r != expected)
|
if (r != expected)
|
||||||
json_log(e, flags|JSON_WARNING, 0, "Wrong number of system call arguments for JSON data data, ignoring.");
|
json_log(e, flags|JSON_WARNING, 0, "Wrong number of system call arguments for JSON data, ignoring.");
|
||||||
|
|
||||||
/* Note that we are a bit sloppy here and do not insist that SCMP_CMP_MASKED_EQ gets two datum values,
|
/* Note that we are a bit sloppy here and do not insist that SCMP_CMP_MASKED_EQ gets two datum values,
|
||||||
* and the other only one. That's because buildah for example by default calls things with
|
* and the other only one. That's because buildah for example by default calls things with
|
||||||
|
@ -2516,7 +2516,7 @@ static int setup_kmsg(int fd_inner_socket) {
|
|||||||
|
|
||||||
BLOCK_WITH_UMASK(0000);
|
BLOCK_WITH_UMASK(0000);
|
||||||
|
|
||||||
/* We create the kmsg FIFO as as temporary file in /run, but immediately delete it after bind mounting it to
|
/* We create the kmsg FIFO as a temporary file in /run, but immediately delete it after bind mounting it to
|
||||||
* /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves
|
* /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves
|
||||||
* differently from /dev/kmsg in that writing blocks when nothing is reading. In order to avoid any problems
|
* differently from /dev/kmsg in that writing blocks when nothing is reading. In order to avoid any problems
|
||||||
* with containers deadlocking due to this we simply make /dev/kmsg unavailable to the container. */
|
* with containers deadlocking due to this we simply make /dev/kmsg unavailable to the container. */
|
||||||
|
@ -351,7 +351,7 @@ static int run(int argc, char *argv[]) {
|
|||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Handle each pstore file */
|
/* Handle each pstore file */
|
||||||
/* Sort files lexigraphically ascending, generally needed by all */
|
/* Sort files lexicographically ascending, generally needed by all */
|
||||||
typesafe_qsort(list.entries, list.n_entries, compare_pstore_entries);
|
typesafe_qsort(list.entries, list.n_entries, compare_pstore_entries);
|
||||||
|
|
||||||
/* Process known file types */
|
/* Process known file types */
|
||||||
|
@ -348,7 +348,7 @@ static int dnssec_ecdsa_verify_raw(
|
|||||||
if (!s)
|
if (!s)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
/* TODO: We should eventually use use the EVP API once it supports ECDSA signature verification */
|
/* TODO: We should eventually use the EVP API once it supports ECDSA signature verification */
|
||||||
|
|
||||||
sig = ECDSA_SIG_new();
|
sig = ECDSA_SIG_new();
|
||||||
if (!sig)
|
if (!sig)
|
||||||
|
@ -2868,7 +2868,7 @@ static int normalize_linked_files(
|
|||||||
char ***ret_files) {
|
char ***ret_files) {
|
||||||
|
|
||||||
/* This is similar to normalize_filenames()/normalize_names() in src/systemctl/,
|
/* This is similar to normalize_filenames()/normalize_names() in src/systemctl/,
|
||||||
* but operates on real unit names. For each argument we we look up the actual path
|
* but operates on real unit names. For each argument we look up the actual path
|
||||||
* where the unit is found. This way linked units can be re-enabled successfully. */
|
* where the unit is found. This way linked units can be re-enabled successfully. */
|
||||||
|
|
||||||
_cleanup_strv_free_ char **files = NULL, **names = NULL;
|
_cleanup_strv_free_ char **files = NULL, **names = NULL;
|
||||||
|
@ -488,7 +488,7 @@ static int fido2_use_hmac_hash_specific_token(
|
|||||||
* it gracefully (also see below.) */
|
* it gracefully (also see below.) */
|
||||||
|
|
||||||
if (has_up && (required & (FIDO2ENROLL_UP|FIDO2ENROLL_UP_IF_NEEDED)) == FIDO2ENROLL_UP_IF_NEEDED) {
|
if (has_up && (required & (FIDO2ENROLL_UP|FIDO2ENROLL_UP_IF_NEEDED)) == FIDO2ENROLL_UP_IF_NEEDED) {
|
||||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
log_notice("%s%sGot unsupported option error when user presence test is turned off. Trying with user presence test turned on.",
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
||||||
emoji_enabled() ? " " : "");
|
emoji_enabled() ? " " : "");
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
@ -957,7 +957,7 @@ int fido2_generate_hmac_hash(
|
|||||||
* slightly more defensively. */
|
* slightly more defensively. */
|
||||||
|
|
||||||
if (has_up && !FLAGS_SET(lock_with, FIDO2ENROLL_UP)) {
|
if (has_up && !FLAGS_SET(lock_with, FIDO2ENROLL_UP)) {
|
||||||
log_notice("%s%sGot unsupported option error when when user presence test is turned off. Trying with user presence test turned on.",
|
log_notice("%s%sGot unsupported option error when user presence test is turned off. Trying with user presence test turned on.",
|
||||||
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
emoji_enabled() ? special_glyph(SPECIAL_GLYPH_TOUCH) : "",
|
||||||
emoji_enabled() ? " " : "");
|
emoji_enabled() ? " " : "");
|
||||||
retry_with_up = true;
|
retry_with_up = true;
|
||||||
|
@ -38,7 +38,7 @@ static void test_xescape_full_one(bool eight_bits) {
|
|||||||
if (i >= full_fit)
|
if (i >= full_fit)
|
||||||
assert_se(streq(t, escaped));
|
assert_se(streq(t, escaped));
|
||||||
else if (i >= 3) {
|
else if (i >= 3) {
|
||||||
/* We need up to four columns, so up to three three columns may be wasted */
|
/* We need up to four columns, so up to three columns may be wasted */
|
||||||
assert_se(strlen(t) == i || strlen(t) == i - 1 || strlen(t) == i - 2 || strlen(t) == i - 3);
|
assert_se(strlen(t) == i || strlen(t) == i - 1 || strlen(t) == i - 2 || strlen(t) == i - 3);
|
||||||
assert_se(strneq(t, escaped, i - 3) || strneq(t, escaped, i - 4) ||
|
assert_se(strneq(t, escaped, i - 3) || strneq(t, escaped, i - 4) ||
|
||||||
strneq(t, escaped, i - 5) || strneq(t, escaped, i - 6));
|
strneq(t, escaped, i - 5) || strneq(t, escaped, i - 6));
|
||||||
|
@ -518,7 +518,7 @@ def make_uki(opts):
|
|||||||
uki = UKI(opts.stub)
|
uki = UKI(opts.stub)
|
||||||
initrd = join_initrds(opts.initrd)
|
initrd = join_initrds(opts.initrd)
|
||||||
|
|
||||||
# TODO: derive public key from from opts.pcr_private_keys?
|
# TODO: derive public key from opts.pcr_private_keys?
|
||||||
pcrpkey = opts.pcrpkey
|
pcrpkey = opts.pcrpkey
|
||||||
if pcrpkey is None:
|
if pcrpkey is None:
|
||||||
if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1:
|
if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1:
|
||||||
|
@ -9,7 +9,7 @@ MaxAgeSec=9
|
|||||||
AgeingTimeSec=9
|
AgeingTimeSec=9
|
||||||
ForwardDelaySec=9
|
ForwardDelaySec=9
|
||||||
Priority=9
|
Priority=9
|
||||||
#GroupForwardMask=9 # This interferes other other settings
|
#GroupForwardMask=9 # This interferes with other settings
|
||||||
DefaultPVID=9
|
DefaultPVID=9
|
||||||
MulticastQuerier=yes
|
MulticastQuerier=yes
|
||||||
MulticastSnooping=yes
|
MulticastSnooping=yes
|
||||||
|
Loading…
x
Reference in New Issue
Block a user