1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-06 13:17:44 +03:00
Commit Graph

61788 Commits

Author SHA1 Message Date
Luca Boccassi
0a207d8f23 man: note that DynamicUser=yes is incompatible with D-Bus
Due to policy checks against system users this cannot currently work, and it is non-obvious.
In the future it might be implemented if support is added to dbus-broker/dbus-daemon, e.g.:

https://github.com/bus1/dbus-broker/issues/259
2023-01-04 17:49:41 +01:00
Lennart Poettering
e03fa62b63
Merge pull request #25802 from poettering/bootctl-reseed
move EFI random seed update logic from systemd-random-seed.service into separate service
2023-01-04 17:49:21 +01:00
Lennart Poettering
54978e3f3b bootctl: split out setting of system token into function of its own
Let's break a huge function in two. No code change, just some
refactoring.
2023-01-04 15:18:10 +01:00
Lennart Poettering
921fc451cb units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service
This renames systemd-boot-system-token.service to
systemd-boot-random-seed.service and conditions it less strictly.

Previously, the job of the service was to write a "system token" EFI
variable if it was missing. It called "bootctl --graceful random-seed"
for that. With this change we condition it more liberally: instead of
calling it only when the "system token" EFI variable isn't set, we call
it whenever a boot loader interface compatible boot loader is used. This
means, previously it was invoked on the first boot only: now it is
invoked at every boot.

This doesn#t change the command that is invoked. That's because
previously already the "bootctl --graceful random-seed" did two things:
set the system token if not set yet *and* refresh the random seed in the
ESP. Previousy we put the focus on the former, now we shift the focus to
the latter.

With this simple change we can replace the logic
f913c784ad added, but from a service that
can run much later and doesn't keep the ESP pinned.
2023-01-04 15:18:10 +01:00
Lennart Poettering
5019b0cb15 bootctl: downgrade graceful messages to LOG_NOTICE 2023-01-04 15:18:10 +01:00
Lennart Poettering
29d487adb4 random-seed: don't refresh EFI random seed from random-seed.c anymore
The ESP is simply not mounted early enough for this. We want that the
regular random seed handling runs as early as we possibly could, but we
don't want to delay this until the ESP is actually mounted.

Hence, let's remove this from random-seed.c here. A follow-up commit
will then add this back in, in a separate service which just calls
"bootctl random-seed".

Effectively reverts: f913c784ad

Fixes: #25769
2023-01-04 15:18:10 +01:00
Lennart Poettering
a16c65f3c4 sha256: add helper than hashes a buffer *and* its size
We use this pattern all the time in order to thward extension attacks,
add a helper to make it shorter.
2023-01-04 15:18:10 +01:00
Lennart Poettering
114172fbe7 bootctl: when updating EFI random seed file, hash old seed with new one
Let's not regress in entropy in any case.

This does what f913c784ad also does.
2023-01-04 15:18:10 +01:00
Lennart Poettering
60315d5953 bootctl: properly sync fs before/after moving random seed file into place
Let's do a careful, focussed sync at the right places instead of a
blanket sync at the end. After all we want to run this on every boot
soon.
2023-01-04 15:18:10 +01:00
Lennart Poettering
6b97b267bf bootctl: rework random seed logic to use open_mkdir_at() and openat()
This doesn't really fix anything, but in general we should put stronger
emphasis on operating via dir fds rather than paths more (in particular
when writing files as opposed to consuming them).

No real change in behaviour.
2023-01-04 15:18:10 +01:00
Lennart Poettering
e425849e99 bootctl: fix errno logging 2023-01-04 15:15:58 +01:00
Luca Boccassi
de712a85ff hwdb: remove spurious whitespace
Fixes test failures.
Follow-up for c3950f0a27 and
https://github.com/systemd/systemd/pull/25908
2023-01-03 23:41:19 +01:00
Lennart Poettering
fd1fec534e efi: skip Read() calls with zero sizes
Let's avoid calling Read() with zero-sized buffer, to avoid needless firmware
quirkiness.

See: #25911
2023-01-03 23:12:36 +01:00
Lennart Poettering
40557509be resolved: downgrade inability to send varlink reply error message
Previously, if a client disconnected after sending a lookup request but
before waiting for the reply we'd log at LOG_ERR level. That's
confusing, since it's entirely OK for the client to lose interest.

Hence, let's downgrade to debug level.

Fixes: #25892
2023-01-03 23:12:02 +01:00
Luca Boccassi
1d75a24323
Merge pull request #25910 from crrodriguez/wth_c2x
Fix FTBS when -std=gnu2x
2023-01-03 23:10:36 +01:00
msizanoen1
3102499039 udev: match device tags in rules using current device tags
This ensures that udev scripts using `TAG-="..."` and expecting later
udev rules to honor it will work properly. An use case is removing the
`uaccess` tag from a device without overriding the original file and
ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later.
2023-01-03 18:39:22 +01:00
marcel151
c3950f0a27 Added Tablet Teclast X98 Air 3G (C5J6)
Latest BIOS of X98 Air 3G has later date, that's why it wasn't recognized. Uses the same Matrix as the X89 (E7ED).
2023-01-03 18:35:17 +01:00
Jia Zhang
4b33911581 efi-api: check the EFI_TCG2_FINAL_EVENTS_TABLE in efi_has_tpm2()
The EFI firmware may provide the TPM2 event log using
EFI_TCG2_FINAL_EVENTS_TABLE stored in EFI configuration table,
instead of the ACPI Table TPM2.

If the ACPI Table TPM2 doesn't exist, try to check whether
EFI_TCG2_FINAL_EVENTS_TABLE is available or not.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2023-01-03 18:02:18 +01:00
Jan Janssen
f151abb0e5 Revert "boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices"
This reverts commit b99bf58118.

It seems that using this protocol on some firmwares to forcibly
initialize console devices may break handles (already opened file
handles and the device handle itself) that we rely on to access the
boot filesystem, making it impossible to load the selected entry.

It might be possible to get a new handle by querying for the device
handle by using its device path after calling into this protocol, but
this is untested. The firmware might also be so buggy that accessing
devices after using this protocol is impossible.

It seems prudent to revert this for now until some reliable way is found
to initialize console devices without introducing huge boot delays. Any
users on firmware where console devices cannot be accessed would have to
rely on disabling fastboot.

Fixes: #25737, #25846
2023-01-03 17:12:33 +01:00
Cristian Rodríguez
2cc697d740 libsystemd-network: FTBS in c2x mode
cannot pass false as argument because function wants a pointer to bool
instead, use NULL instead
2023-01-03 15:58:55 +01:00
Cristian Rodríguez
a4a1569ff1 basic: Fix incompatible type for arguments errors in C2X
GCC-13 -std=gnu2x FTBS with:

error: incompatible type for argument 3 of ‘_hashmap_free’
2023-01-03 15:58:06 +01:00
Cristian Rodríguez
db8e720984 basic: fix hosed return value in skip_session()
../src/basic/cgroup-util.c: In function ‘skip_session’:
../src/basic/cgroup-util.c:1241:32: error: incompatible types when returning type ‘_Bool’ but ‘const char *’ was expected
 1241 |                         return false;
2023-01-03 15:58:06 +01:00
igo95862
8d41101a4a man: Fix systemd-boot man page wrong secure keys location
The keys should be placed at `/loader/keys/` not `/keys/`.

See `src/boot/efi/boot.c` file and
function `secure_boot_discover_keys`.
2023-01-03 10:16:40 +01:00
Lennart Poettering
4f06325ce9 fundamental: rework IN_SET() to require at least three arguments
If less than three parameters are passed a simple comparison is the
better choice.

Lo and behold this found two pretty bad typos.
2023-01-02 17:16:50 +01:00
Lennart Poettering
efa75d7022 core: rework operation_to_signal() to rename return parameter ret_xyz 2023-01-02 16:34:42 +01:00
Daan De Meyer
35fdc097f4
Merge pull request #25912 from DaanDeMeyer/ukify
ukify fixes
2023-01-02 16:07:58 +01:00
Vito Caputo
b22d392de6 manager: perform objective->shutdown_verb mapping locally
This is a small cleanup removing the need for the spurious
*ret_shutdown_verb argument on invoke_main_loop() while moving
the MANAGER_OBJECTIVE::shutdown_verb string mapping local to
where it actually gets added to the shutdown argv in
become_shutdown().

This also eliminates the need for the several clearings of
*ret_shutdown_argv, and the streq() branches of shutdown_verb in
favor of plain equality tests against the objective value.

Nothing functionally has been changed.
2023-01-02 16:00:22 +01:00
Jan Janssen
599c930e48 ukify: Fix section offset calculation
objcopy seems to expect that the offset passed to --change-section-vma
is absolute instead of relative to ImageBase. If this is not accounted
for an invalid image is created that cannot be loaded:

  0 .osrel        0000016b  0000000200016000  0000000200016000  00000400  2**2
  …
  6 .text         0000d242  0000000140001000  0000000140001000  00c6e800  2**4

This isn't an issue with gnu-efi based PE images, but natively created
ones will have a non-zero ImageBase.
2023-01-02 15:59:17 +01:00
Daan De Meyer
4f312ba07b ukify: Require specifying --tools for each tools directory
Instead of consuming N arguments as tools directories, let's always
only consume one argument per specification of --tools. This avoids
issues where the linux image and initrd are interpreted as tools
directories.
2023-01-02 14:53:47 +01:00
Daan De Meyer
737dab1a8d ukify: Handle directories in path_is_readable() 2023-01-02 14:52:49 +01:00
Gio
8d885b4477 Update 60-sensor.hwdb
Updated DBook D10 / Juno Tablet. Before the bvr (bios version) was hard coded to v1.05. This will read all versions
2023-01-01 16:36:15 +01:00
Ludwig Nussel
d353fcceb5 machined: pass shell command line to polkit
Pass the joined arguments to polkit as command_line property like
pkexec does. Obviously not exactly perfect as it lacks quoting. Good
enough for polkit rules to check whether a program was called with
or without arguments though.
2022-12-29 13:29:25 +01:00
Luca Boccassi
7900968527
Merge pull request #25864 from yuwata/dissect-fix-mtree
dissect: fix mtree
2022-12-26 17:43:27 +01:00
Hannoskaj
cb6f38b182 Prevents airplane mode toggle for HP Spectre 16 2022-12-26 21:08:24 +09:00
Jia Zhang
486cf22c35 boot: don't convert the trailing newline in mangle_stub_cmdline()
It is pretty convenient to add .cmdline using /proc/cmdline like
this:
  --add-section .cmdline=/proc/cmdline --change-section-vma .cmdline=0x25000

However, it always returns a trailing newline, and stub will
convert it to a whitespace by mangle_stub_cmdline() in next boot.
Thus the resulting /proc/cmdline would contain a trailing
whitespace. When /proc/cmdline is used to generate .cmdline again,
the resulting UKI is mangled.

To address this kind of inconvenience, mangle_stub_cmdline() should
skip converting the trailing newline, and try to chomp all the
trailing whitespaces.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
2022-12-26 19:12:23 +09:00
Yu Watanabe
01a33cf7e8 dissect: reduce indent in mtree_print_item() 2022-12-26 16:42:29 +09:00
Yu Watanabe
5ffa6a0af4 dissect: do not trigger assertion on error
recurse_dir() does not provide 'sx' on error.

Fixes #25862.
2022-12-26 16:42:29 +09:00
Yu Watanabe
167f2c1a2b dissect: use assert() when no side effect 2022-12-26 16:42:29 +09:00
Lennart Poettering
5c8e19cc1c
Merge pull request #25850 from poettering/switch-root-tweaks-minor
pid1: minor tweaks to the SwitchRoot() logic
2022-12-24 11:20:02 +01:00
Yu Watanabe
20ada51464
Merge pull request #25828 from poettering/no-more-basename
convert a number of basename() invocations to path_extract_filename()
2022-12-24 08:13:00 +09:00
Lennart Poettering
8656f4a6ae prioq: make prioq_reshuffle() void
We never use the return value, and it's confusing and kinda pointless
what we return there.

Hence drop it.

Originally noticed by: tristone13th <tristone13th@outlook.com>

Alternative to: #25810
2022-12-23 23:26:26 +01:00
Lennart Poettering
b892124bdc
Merge pull request #25849 from poettering/repart-loop
pull in loop.ko from repart unit
2022-12-23 23:26:00 +01:00
Lennart Poettering
6ae5c39af1 docs: remove /dev/tty* confusion
The text said /dev/tty* as a whole was the VT subsystem and that VT is
not supported in containers.

But that's not accurate as /dev/tty* will match /dev/tty too and that
one device node is special and is not related to VT: it always points to
the current process own controlling tty, regardless what that is.

hence, rewrite /dev/tty* as /dev/tty[0-9]*.
2022-12-23 21:17:31 +01:00
Will Fancher
0941ccae3c sysroot: Order systemd-fsck-root after systemd-makefs 2022-12-23 18:34:09 +01:00
Lennart Poettering
457bbbce7b systemctl: rework how we detect if init is systemd 2022-12-23 18:29:35 +01:00
Lennart Poettering
e10086ac01 core: use chase_symlinks_and_access() where appropriate 2022-12-23 18:09:02 +01:00
Lennart Poettering
5f4c9c27d8 core: tighten validation checks in SwitchRoot() dbus call 2022-12-23 18:09:02 +01:00
Lennart Poettering
937362e02c lock-file: various updates 2022-12-23 17:35:21 +01:00
Lennart Poettering
020b66d850 analyze: basename() → path_extract_filename() 2022-12-23 17:35:21 +01:00
Lennart Poettering
d0242ac946 format-table: add field type TABLE_PATH_BASENAME
This is just like TABLE_PATH, but only shows the basename in regular
tabular output.

This is useful in systemd-repart for example
2022-12-23 17:35:21 +01:00