1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-14 19:24:13 +03:00

248 Commits

Author SHA1 Message Date
Luca Boccassi
a460debc8e README: note Kconfig for verifying DDIs via MoK keys
Also note them in the mkosi.build kernel config list
2022-11-14 11:09:36 +00:00
Luca Boccassi
4445b3574f README: use https on one more link 2022-11-12 01:04:19 +00:00
Daan De Meyer
afd22e3219 README: Fix libbpf minimum version
This didn't get properly updated as part of #24511
2022-10-17 08:45:16 +02:00
Daan De Meyer
e2490f7384 Bump libbpf version to 0.7
We already depend on the skeleton APIs introduced in libbpf 0.7 so
let's bump our minimum version to reflect that.

We don't enforce bpf compilation on mkosi anymore since not all
distros have sufficiently up-to-date libbpf available.
2022-10-06 07:31:20 +09:00
Lennart Poettering
2c3794f422 README: we don't use crypto API in kernel anymore
This effectively reverts 9c7f7d86f86322b76fc903ca8a06b87c4be4bd4a.

We dropped kernel crypto API use with
1fc8d0c9dd6a21de81e49cfa01af4a4d9a3ed37d, hence catch up in README.
2022-09-07 11:04:34 +01:00
Lennart Poettering
c87abcfa5c README: make section title less confusing
This is about glibc NSS, not about the TLS implementation library NSS.
2022-09-07 11:30:23 +02:00
Lennart Poettering
659215cf14 README: drop some spurious empty lines, we otherwise don't place after section titles 2022-09-07 11:29:14 +02:00
Lennart Poettering
036b9e7fed README: use right emoji UTF-8 sequences for stop/warning sign 2022-09-07 10:49:49 +02:00
Lennart Poettering
4213dd2398 README: clarify baseline situation a bit (add emojis!) 2022-09-06 18:02:58 +01:00
matoro
bab5d84790 README: gcc now has a minimum requirement of 4.7 2022-07-14 17:39:35 -04:00
Zbigniew Jędrzejewski-Szmek
8bf9eb7e6b man: update the description of taint flags
We had a description in README, and an outdated list in the man page.
I think we should keep a reference-style list in the man page. The description
in README is more free-form.
2022-07-09 19:18:14 +02:00
Benjamin Franzke
a25d9395ad tree-wide: streamline wiki links
* Avoid traling slash as most links are defined without.
* Always use https:// protocol and www. subdomain

Allows for easier tree-wide linkvalidation
for our migration to systemd.io.
2022-05-21 14:28:03 +02:00
Zbigniew Jędrzejewski-Szmek
b16e93d73e README: fix typo 2022-05-18 08:29:17 +02:00
Zbigniew Jędrzejewski-Szmek
5810c2042a README: say that recent releases are supported
Prompted by the discussion in
https://github.com/systemd/systemd/pull/23391.
2022-05-16 22:05:40 +02:00
Zbigniew Jędrzejewski-Szmek
ead7e86d20 README: recommend --no-rebuild for sudo meson install
sudo and rebuilding don't mix well.
C.f. fe2b7631ad20b0e518b9f566608ff5f9b84d4d8b.
2022-05-16 19:50:26 +02:00
Zbigniew Jędrzejewski-Szmek
12801295d1 README: add missing colons and wrap to ~80 columns
Some paragraphs were narrow for no good reason. Let's make things
a bit more uniform.
2022-05-16 19:50:26 +02:00
Yu Watanabe
ad11dd94fd README: mention kernel requirement for ambient capabilities
Closes #23231.
2022-05-06 09:33:49 +01:00
Zbigniew Jędrzejewski-Szmek
3983fc0227 README: recommend zstd over xz
git archive automatically uses gzip when --output=*.tar.gz is used, but
not for other extensions. Thus we need to invoke the compressor separately :(

It's a good pattern to use a variable for the repeating number, so let's
recommend that.
2022-04-12 15:28:33 +02:00
Zbigniew Jędrzejewski-Szmek
e8a688178c docs: stop recommending meson compile
With meson-0.60, meson compile stopped working with some targets:

$ meson compile -C build update-man-rules
ERROR: Can't invoke target `update-man-rules`: ambiguous name. Add target type and/or path: `PATH/NAME:TYPE`

This is obviously a regression in meson, but based on a chat with the
maintainers, it seems that there's some disagreement as to whether 'meson
compile' is useful and how exactly it should work. Since we're already at
meson 0.60.3 and this hasn't been fixed, and people generally don't seem to
consider this an issue, let's return to documenting the usual practice of
'ninja -C build' that just works everywhere.

(Since nobody has raised any fuss in systemd, it means that people are
generally using the shorter form during development too. I only noticed
because I pasted a command from the release docs when preparing -rc1.)
2022-04-12 12:35:44 +02:00
Lennart Poettering
492f9e74ff
Merge pull request #23009 from keszybz/fix-detection-of-libsystemd-shared-with-suffix
Fix detection of libsystemd-shared with suffix
2022-04-08 15:43:09 +02:00
Zbigniew Jędrzejewski-Szmek
be6447b483 README: add one more kernel-version line
I want to add as many as possible to show people that each kernel version
has something nice to entice them to keep moving up ;)
2022-04-07 12:42:23 +02:00
Luca Boccassi
31cd2dd906 core: taint if /usr is unmerged
9afd5e7b975e8051c011ff9c07c95e80bd954469 introduced a build-time
taint, introduce a runtime one as well, in preparation for
removing support for unmerged-usr in a future release
2022-04-06 21:54:14 +01:00
Zbigniew Jędrzejewski-Szmek
88a3af9421 README: describe taint flags and how to check them
We should have this somewhere. We talk about versions of things
in the README, so it seems as good a place as any.
2022-04-05 20:31:30 +02:00
Zbigniew Jędrzejewski-Szmek
277f05872f README: say kernel 4.15 is the minimum recommended
After various long discussions
(https://lists.freedesktop.org/archives/systemd-devel/2022-March/047587.html,
https://lwn.net/Articles/889610/), there is no clear answer what the minimum
version should be. Bumping the version above 3.15 doesn't allow us to make any
significant simplifications (unless we went *much* higher). In particular, even
renameat2() is not fully supported with latest kernel versions, e.g. nfs still
doesn't have it. And the bpf stuff is optional anyway. So let's just say that
4.15 is what we recommend, because it provides fairly complete cgroups-v2, but
without any removals of compat in the code.
2022-04-05 20:30:00 +02:00
Lennart Poettering
ba4e0427e9 time-util: assume CLOCK_BOOTTIME always exists
Let's raise our supported baseline a bit: CLOCK_BOOTTIME started to work
with timerfd in kernel 3.15 (i.e. back in 2014), let's require support
for it now.

This will raise our baseline only modestly from 3.13 → 3.15.
2022-03-28 16:55:41 +02:00
Daan De Meyer
baec7d782b meson: Drop required libfdisk version to 2.32
We initially pinned this to 2.33 in
e71f5585b9b0580428f9530d0a485265c9c25165 because libfdisk 2.32 in
CentOS 8 didn't have
2f35c1ead6
backported.

If we check now, we can see it has been backported
(https://git.centos.org/rpms/util-linux/blob/c8s/f/SOURCES/0048-libfdisk-count-gaps-to-possible-size-when-resize.patch)
which means we can drop the required version to 2.32 instead of 2.33.
2022-02-24 20:06:55 +00:00
Lennart Poettering
560ace5da8 README: CONFIG_KCMP is the new kernel compile time option for kcmp()
Fixes: #21947
2022-02-08 19:54:14 +09:00
Zbigniew Jędrzejewski-Szmek
2777a4a3bf README: link to the new page
Lennart's blog is now mostly of historical interest, and the wiki
landing page has been replaced by systemd.io.
2022-01-12 16:05:59 +01:00
gregzuro
48538c19e5 change req meson version
since `meson compile` first appears in 0.54.0
2021-10-26 09:29:14 +01:00
Jan Janssen
53f69d671c sd-boot: Require gnu-efi 3.0.5
This version is from 2017 and should be stale enough to not cause
an outrage. All the relevant distros have it or a newer version.

We also already depend on some symbols defined in 3.0.5 anyway,
so let's take the opportunity to reduce our missing_efi.h
baggage.
2021-10-17 11:56:05 +02:00
Iago López Galeiras
ec31dd5a98 README: document LSM BPF requirements 2021-10-06 10:52:15 +02:00
Luca Boccassi
7fe57498de add LICENSES/README.md explaining the license situation 2021-10-01 17:27:34 +01:00
Mauricio Vásquez
43689840a2 README: add requirements for RestrictNetworkInterfaces=
Signed-off-by: Mauricio Vásquez <mauricio@kinvolk.io>
2021-08-19 07:25:01 -05:00
Zbigniew Jędrzejewski-Szmek
6d825ab2d4 rpm: use a helper script to actually invoke systemctl commands
Instead of embedding the commands to invoke directly in the macros,
let's use a helper script as indirection. This has a couple of advantages:

- the macro language is awkward, we need to suffix most commands by "|| :"
  and "\", which is easy to get wrong. In the new scheme, the macro becomes
  a single simple command.
- in the script we can use normal syntax highlighting, shellcheck, etc.
- it's also easier to test the invoked commands by invoking the helper
  manually.
- most importantly, the logic is contained in the helper, i.e. we can
  update systemd rpm and everything uses the new helper. Before, we would
  have to rebuild all packages to update the macro definition.

This raises the question whether it makes sense to use the lua scriptlets when
the real work is done in a bash script. I think it's OK: we still have the
efficient lua scripts that do the short scripts, and we use a single shared
implementation in bash to do the more complex stuff.

The meson version is raised to 0.47 because that's needed for install_mode.
We were planning to raise the required version anyway…
2021-07-24 11:46:23 +02:00
Andrea Pappacoda
0c651d32d4 docs: update autofs Kconfig name 2021-06-24 20:11:03 +02:00
Lennart Poettering
bb635f3706 README: drop reference to Kinvolk
Kinvolk got bought by Microsoft recently, I doubt they'd even be open
for engineering services like this, hence let's drop the free
advertisement.
2021-05-26 09:34:14 +02:00
Mantas Mikulėnas
fb906b00c6 README: point at IRC channel on the new network 2021-05-25 12:27:22 +02:00
Zbigniew Jędrzejewski-Szmek
44ff8df777 Drop dependency on m4
m4 was hugely popular in the past, because autotools, automake, flex, bison and
many other things used it. But nowadays it much less popular, and might not even
be installed in the buildroot. (m4 is small, so it doesn't make a big difference.)

(FWIW, Fedora dropped make from the buildroot now,
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. I think it's
reasonable to assume that m4 will be dropped at some point too.)

The main reason to drop m4 is that the syntax is not very nice, and we should
minimize the number of different syntaxes that we use. We still have two
(configure_file() with @FOO@ and jinja2 templates with {{foo}} and the
pythonesque conditional expressions), but at least we don't need m4 (with
m4_dnl and `quotes').
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
e0698c66f4 meson, mkosi: pull in jinja2 as required
In preparation for subsequent changes.
2021-05-19 10:24:43 +09:00
Julia Kartseva
c308025875 readme: update README with requirements for bpf 2021-04-26 16:26:28 -07:00
Anita Zhang
e7b3f1a6c3 README: add config_psi as requirement for systemd-oomd 2021-02-23 02:10:09 -08:00
Zbigniew Jędrzejewski-Szmek
1d10005b39 tree-wide: fix links to systemd.io pages
Having the extra slash at the end is not a problem, just inconsistent. But the links with
.html or .md return 404.
2021-02-19 09:28:08 +01:00
heretoenhance
8d186a35cb
Adding an explanation for CONFIG_NET requirement (#18600)
* README: replace CONFIG_NET with CONFIG_UNIX in requirements list
2021-02-16 16:26:51 +00:00
Zbigniew Jędrzejewski-Szmek
9afd5e7b97 Deprecate builds with split-usr, prepare for removal
There is no technical reason to support systems with split-usr, except for
backwards compatibility. Even though systemd itself makes an effort to support
this, many other tools aren't as careful. Despite those efforts, we
(collectively) get it wrong often, because doing it "wrong" on systems with
merged-usr has no consequences. Since almost all developers are on such
systems, any issues are only discovered late. Supporting this split-usr mode
makes both code and documentation more complicated. The split is purely
artificial and has no justification except to allow old installation to not
update. Mechanisms to update existing systems are available though: Fedora
did that in https://fedoraproject.org/wiki/Features/UsrMove, Debian has
the usrmerge package.

The next version of Debian will only support systems with split-usr=false,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978636#178:

  The Technical Committee resolves that Debian 'bookworm' should
  support only the merged-usr root filesystem layout, dropping support
  for the non-merged-usr layout.

Let's start warning if split-usr mode is used, in preparation to removing the
split in one of the future releases.
2021-02-03 22:08:35 +00:00
igo95862
5adfb06d55 docs: mesonconf is not a valid command, meson configure is
Meson documentation for `meson configure`
https://mesonbuild.com/Commands.html#configure
2021-01-12 14:17:48 +09:00
Lennart Poettering
8b08be4052 tree-wide: suggest meson command lines instead of ninja ones
This only changes documentation. In various places we call "ninja"
directly. I figured it would be safer to leave those in place for now,
given the meson replacement commands lines appears to be supported in
newer meson versions only.
2020-12-17 16:51:48 +01:00
Anita Zhang
e71f5585b9 meson: add min version for libfdisk
Was trying to run src/partition/test-repart.sh on CentOS 8 and the first
resize call kept failing with ERANGE. Turned out that CentOS 8 comes
with libfdisk-devel-2.32.1 which is missing
2f35c1ead6
(in libfdisk 2.33 and up).
2020-08-19 10:18:33 +02:00
Lennart Poettering
bfeb370abc README: fix indentation
All paragraphs are indented to 8 spaces, but one. Fix that.
2020-08-17 16:46:59 +09:00
Lennart Poettering
38ccb55731 nss-mymachines: drop support for UID/GID resolving
Now that we make the user/group name resolving available via userdb and
thus nss-systemd, we do not need the UID/GID resolving support in
nss-mymachines anymore. Let's drop it hence.

We keep the module around, since besides UID/GID resolving it also does
hostname resolving, which we care about. (One of those days we should
replace that by some Varlink logic between
nss-resolve/systemd-resolved.service too)

The hooks are kept in the NSS module, but they do not resolve anything
anymore, in order to keep compat at a maximum.
2020-07-14 17:08:12 +02:00
Luca Boccassi
c2923fdcd7 dissect/nspawn: add support for dm-verity root hash signature
Since cryptsetup 2.3.0 a new API to verify dm-verity volumes by a
pkcs7 signature, with the public key in the kernel keyring,
is available. Use it if libcryptsetup supports it.
2020-06-25 08:45:21 +01:00