IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Whether we should return an absolute path or not is irrelevant
to whether CHASE_AT_RESOLVE_IN_ROOT is set. We should only return
an absolute path if we are provided one and the directory file
descriptor is AT_FDCWD
- When the directory file descriptor is AT_FDCWD, we should always
resolve symlinks against "/". Currently, if the directory file
descriptor is AT_FDCWD and CHASE_AT_RESOLVE_IN_ROOT is set, we
resolve symlinks against the current working directory which is
almost always not going to be what the caller wants.
- Currently, if we provide an absolute path with a positive directory
file descriptor without CHASE_AT_RESOLVE_IN_ROOT SET, we interpret
the path relative to "/" instead of the given directory file descriptor.
Let's make sure that when we're given a positive directory file
descriptor, we always resolve the given path relative to it.
(cherry picked from commit c677e13c35ff2d475199bcc9432892396485b6b8)
This ensures that shell string escape operations will not produce output
with invalid UTF-8 from the input by escaping invalid UTF-8 data as if
they were single byte characters.
(cherry picked from commit 00f57157f32f6ed5a68d68986b013c203cd78c37)
We checked ERRNO_IS_NOT_SUPPORTED on a possible positive non-error code,
which isn't right.
Fix that. Also add caching, since we are about to call this more often.
(cherry picked from commit 90ec8ebe33ec72ed6d9f451de9443d67dd351d72)
Let's log exactly at one place about failed writing of log lines to
journal file: in shall_try_append_again().
Then, if we decide to suppress a retry-after-vacuum because we already
vacuumed anyway then say this explicitly as "supressed rotation",
because that's what we do here.
This removes triplicate logging about the same error, and logs exactly
once, plus optional one "suppressed rotation" message. (plus more debug
output). The triplicate logging was bad in particular because it had no
understanding of the actual error codes and just showed generic UNIX
error strings ("Not a XENIX named type file"). By relying on
shall_try_append_again() to do all logging we now get very clean error
strings for all conditions.
Fixes: #26496
(cherry picked from commit 0631aabdf567e5ce87166827e9645bc18083a7c9)
None of these conditions are real issues, but they can simply happen
because we just swtched from /run to /var as backend for logging and
there are old files from different boots with different systemd versions
and so on.
Let's not make more noise than necessary: still log, but not consider it
a warning, but just some normal thing.
We are handling these issues safely after all: by rotating and starting
anew, i.e. there's no reason to be concerned.
(cherry picked from commit ab84a03fdaf3954918d66da5c5294f9fe9a59074)
If the default target is masked, `systemctl get-default` prints
Failed to get default target: Operation not possible due to RF-kill
That's a bit too cryptic, so let's make it clear what's actually
happening.
Fixes#26589.
(cherry picked from commit 7c78a19322962bb386f87bcaf37bf650cca1c400)
This reverts commit df4524cb3796529b435af309f5e6a2d92bcdaaa0.
This commit is just wrong. The thing is that we *don't* know
automatically that the partition contains a swap image, because it could
be encrypted.
Hence revert.
Fixes: #26595
(cherry picked from commit 41aca66ba4f3a72ad709ef27e334392ef177450c)
In config_parse_socket_listen(), we have checked the path is absolute,
however we have not in the dbus method.
(cherry picked from commit 4de2b47bdec8bbb7df78678a152f18281b20e7b5)
If the boot ID cannot be obtained, let's first fallback to the machine
ID, and if still cannot, then let's use 0.
Otherwise, no timer event source cannot be triggered.
Fixes#26549.
(cherry picked from commit 6d2326e036ceed30f9ccdb0266713c10a44dcf6c)
Only service and scope units have RuntimeMaxUSec bus property.
To suppress the "Until:" field for other unit types, the entry must be
initialized with USEC_INFINITY.
Fixes#26473.
(cherry picked from commit b59052be261523721a86caf4ef820e63f03e26a4)
I'm not sure what "suffix" was meant by this comment, but the file has the usual suffix.
The file was added with the current name back in c4708f132381e4bbc864d5241381b5cde4f54878.
Maybe an earlier version of the patch did something different.
(cherry picked from commit 9c7188547cd53dddd635c86c8ef5655290541966)
An rpminspect test in Fedora/RHEL is flagging our stub files as having an
executable stack. The check is correct:
$ readelf --wide --program-headers build/src/boot/efi/linuxx64.elf.stub | rg -i stack
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10
It seems to be just an omission in the linker script… None of the objects that
are linked into the stub are marked as requiring an executable stack:
$ readelf --wide --sections build/src/boot/efi/*.c.o \
/usr/lib/gnuefi/x64/libgnuefi.a \
/usr/lib/gnuefi/x64/libefi.a \
/usr/lib/gcc/x86_64-redhat-linux/12/libgcc.a \
| rg '.note.GNU-stack.*X'
(nothing)
On aarch64 we end up with a nonexecutable stack, but on ia32 and x64 we get one,
so this might be just a matter of defaults in the linker. It doesn't matter
greatly, but let's mark the stack as non-executable to avoid the warning.
Note: '-Wl,-z' is not needed, things work with just '-z'.
(cherry picked from commit 1eca770933e49a1be16e40bfbaefc0f75af81781)
Before this commit, battery_is_low() returns
true if there's no battery on the system.
It's now modified to check if the system is
on AC power first, and returns false early
if that's the case.
Fixes#26492
(cherry picked from commit e0b3a70fabb871bf55678e9e177445b1df2aee88)
When running in a container, like podman, docker or so, creating new mount
namespace may be disabled.
Fixes#26474.
Fixes RHBZ#2165004 (https://bugzilla.redhat.com/show_bug.cgi?id=2165004).
(cherry picked from commit a2275dcb9d48925f8192f44ec371710ce812bfce)
r and R take globs, so let's name the argument appropriately in the tl;dr listing.
Also, use 'clean-up' in the file name where it represents the verb "clean up",
and other minor spelling adjustments.
(cherry picked from commit 164297cd9a410fdd9ca3c068da4d80d74916cf18)
Let's skip parsing of some irrelevant information that we don't use
to speed up building UKIs with large initrds from +-15s to less than
1s.
(cherry picked from commit c87ff622101b82bae7f4c96b59218c7380927375)
systemctl disable some.service fails to acquire interactive permission
because the DisableUnitFilesWithFlagsAndInstallInto method isn't permitted
(cherry picked from commit d668ba131c72e85e50abdb05f189b3e07e1d378f)
There is a double free of unit_name when an instance is used, causing
systemctl --user edit service@instance to abort.
(cherry picked from commit fe5cb7a7aec49cdc77d02e109dde81293e4566a0)
Previously, we skip the entries before arg_lines
unconditionally, which doesn't behave correctly
when used with --grep. After this commit, when
a pattern is specified, we don't skip the entries
early, but rely on the count of the lines shown
to tell us when to stop. To achieve that we would
have to search backwards instead.
Fixes#25147
(cherry picked from commit db4691961ca52759fe6645d0fddb659ee4299ac2)
Follow-up for 504d0acf61c8472bc93c2a927e858074873b2eaf.
The function may be called with non-NULL salt and salt_size == 0.
(cherry picked from commit 8c2264abb9c16bc2933f95be299f15ee66c21181)
The TPM code expects a description unless the PCR index indicates that
no measurements have to take place. The assert was preempting this
check from happening.
Fixes: #26428
(cherry picked from commit f92428eae53685f372775e8cb0f0f4c249f02724)
Debian/Ubuntu use /usr/lib/<triplet> instead of /usr/lib64, so configure it
accordingly. This is especially important for cryptsetup token plugins,
as cryptsetup comes from the distro and is configured to look into those
directories.
(cherry picked from commit bbb40c4e6f45dd0929c59e719310239b11edc040)
If UDP is blocked on the system (e.g. by iptables or BPF), the kernel will
return EPERM on some or all of the system calls (connect, sendmsg, etc.).
In this case, try to fall back to TCP, which hopefully will not be blocked.
(cherry picked from commit 3dd6336ad0cb40e928745404ed72c41e4ac9c39e)
Salt was added in v253. We are not checking whether it was actually found
(non-zero size), so when an old tpm+pin enrollment is opened things go boom.
For good measure, check both the buffer and the size in both places.
Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
