IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If everything points to the fact that TPM2 should work, but then the
driver fails to initialize we should handle this gracefully and not
cause failing services all over the place.
Fixes: #25700
(cherry picked from commit 0318d54539fe168822447889ac0e858a10c55f74)
Also, rename get_battery_identifier() to siphash24_compress_device_sysattr().
This also makes any errors in sd_id128_get_machine() or id128_get_product()
ignored. For the machine ID, the failure should not be significant unless
the file stored in the discharge level is reused by another system, which
is quite unusual. For the product ID, if the firmware provides useless
ID (all zero or all 0xFF), then loading/storing the discharge rate
becomes completely broken, that should be avoided.
Note, now sysattrs are used instead of properties in uevent files, but
both provide the same information, hence no functionality should be
changed.
(cherry picked from commit a7795a4ecfe5c51fc837d0cb2f27d892c83df7a4)
Before v252, HibernateDelaySec= specifies the maximum timespan that the
system in suspend state, and the system hibernate after the timespan.
However, after 96d662fa4c8cab24da57523c5e49e6ef3967fc13, the setting is
repurposed as the default interval to measure battery charge level and
estimate the battery discharging late. And if the system has enough
battery capacity, then the system will stay in suspend state and not
hibernate even if the time passed. See issue #25269.
To keep the backward compatibility, let's introduce another setting
SuspendEstimationSec= for controlling the interval to measure
battery charge level, and make HibernateDelaySec= work as of v251.
This also drops implementation details from the man page.
Fixes#25269.
(cherry picked from commit 4f58b656d92b09a953b7cffcfd1ee6d5136a57ed)
linux/btrfs.h needs to be included after sys/mount.h, as since [0]
linux/btrfs.h includes linux/fs.h causing build errors:
```
In file included from /usr/include/linux/fs.h:19,
from ../src/basic/linux/btrfs.h:29,
from ../src/partition/growfs.c:6:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
35 | MS_RDONLY = 1, /* Mount read-only. */
| ^~~~~~~~~
[1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o
ninja: build stopped: subcommand failed.
```
See: https://github.com/systemd/systemd/issues/8507
[0] a28135303a
(cherry picked from commit ed614f17fc9f3876b2178db949df42a2605f6895)
IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's
reflect that change to fix build with newer kernels:
```
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10:
../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror]
16 | #define IPPROTO_L2TP 115
|
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3:
/usr/include/netinet/in.h:85: note: this is the location of the previous definition
85 | #define IPPROTO_L2TP IPPROTO_L2TP
|
cc1: all warnings being treated as errors
```
When at it, update the rest of the headers we ship as well.
[0] 65b32f801b
(cherry picked from commit a95ff98ec40edad2825c824a186f44454120cf1f)
This handles a Debian-specific quirk where /etc/default/locale is used
instead of /etc/locale.conf. There is currently special handling for
this in testsuite-73.sh, so the quirk should be handled here too for
consistency.
(cherry picked from commit bb59fdc1e3a7119f3680d309147020fce9bf67b5)
Binutils 2.38 added support for efi-app-aarch64
Still use binary mode if we have an older objcopy
Add check for incompatible gnu-efi crt0 containing the header section
which gets added by objcopy and if used results in duplicate header
and subsequently a broken binary
Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
(cherry picked from commit 9c100c4e709e1a063578cad1b6b3cdbf7de48610)
Those hashmaps are created anew in each iteration of the loop. The
leak wasn't really a problem, because the loop is bounded and the
hashmaps were not huge, but it's nicer to be correct.
(cherry picked from commit de5d8b40eda84cfd546c9d969a191ce4615e6375)
read_battery_capacity_percentage() was already logging, but with a slightly
different wording.
More could be done, I just touched the most noticable places. Especially
in debug messages, it is much more useful to be direct about what couldn't
be accessed or parsed, instead of providing "descriptive names" which are
not useful to the user at all, who then needs to read the code to figure out
what was the actual property name.
(cherry picked from commit 099810a65b8d7e7e83098edff144643b77011a85)
Fixes#25584.
From the issue:
Assertion 'capacity >= 0' failed at src/shared/sleep-config.c:58, function PTR_TO_CAPACITY(). Aborting.
(gdb) bt
The problem is that PTR_TO_CAPACITY(hashmap_get(last_capacity, battery_name))
will abort if it's called with a name not present in the hashmap. We want to
skip the device silently in this case instead.
(cherry picked from commit 7ebbe4a5ce431a2bf03066ec85513c693836550b)
If we add a drop-in for init.scope (e.g.: to set some memory limit),
it will be loaded long after the cgroup has already been realized.
Do it again when creating the special unit.
(cherry picked from commit 020b2e41ea776cff73392da8084a0725b590d245)
As 30s might be not enough on busy systems (and we already bumped the
reboot timeout from 30s to 60s for this reason).
(cherry picked from commit d932022ddfe021b1c49ffaf4d7dfe4093656f0c5)
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:
```
[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[ 226.332965] testsuite-71.sh[576]: + set +ex
[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[ 228.910782] sh[577]: + systemctl poweroff --no-block
[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 237.931415] systemd[1]: Failed to start testsuite-71.service.
[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[ 238.181030] systemd[1]: Reached target testsuite.target.
```
Let's override the timeout in sd-bus as well to mitigate this.
Follow-up to c78d18215b3e5b0f0896ddb1d0d72c666b5e830b.
(cherry picked from commit e0cbb739113b9e2fbb67b27099430c351f03315c)
Fix incorrection assumption about the Debian patch being buggy and
actually making TEST-73-LOCALE fail on Debian.
```
# localectl set-locale LANG=C.UTF-8
# cat /etc/default/locale
LANG=C.UTF-8
```
(cherry picked from commit a4bc35740a052d0c69269f44d81f350dd7930b69)
With the previous form, gcc is confused and thinks that .type might be unset.
Fixes#26118.
(cherry picked from commit 8f5d716a71f1dfe50a2902a3ee3334b83c76d805)
We would set .path in all cases except INSTALL_CHANGE_AUXILIARY_FAILED, where
we would just just .source. This special case is just not worth it, because
we can't easily assert that .path is set. Let's remove this special case to
help the compiler know that .path is actually set.
Avoids a warning with gcc-13.0.1-0.1.fc38.x86_64.
(cherry picked from commit 4a4af850b3551aff9bc39e5af5ccf3b876fc50ed)
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
(cherry picked from commit b9f976fb45635e09cd709dbedd0afb03d4b73c05)
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.
Fixes#25984.
(cherry picked from commit 841dfd3dc0dd370a21f190a5b7b870db1c95f7e6)
Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803.
Fixes#25883 and #25891.
(cherry picked from commit 303dfa73b389e8f6dc58954e867c21724c1446f7)
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
(cherry picked from commit 218cfe23354397ded28ac898f82b52724f48dae7)
This patch merge the TPM2 detection paths when we are inside and outside
an initrd.
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e37dfcec528b43e203d198f978f9eaa87787c762)
During the credentials encryption, if systemd it is compiled with TPM2
support, it will try to use it depending on the key flags passed.
The current code only checks if the system has a functional TPM2 if the
case of the INITRD flag.
This patch do a similar check in the case that it is outside initrd (but
still automatic).
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit e653a194e490fae7d166f40762c334006d592051)
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2). This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.
This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.
Non-root users can now create per-user credentials with:
export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
systemd-creds setup
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f2792fdeecaf65606861bd3db9eb949c3)
On RHEL/CentOS/Fedora this directory is provided by the chkconfig or
initscripts package, which might not be installed:
testsuite-26.sh[1225]: + [[ -x /usr/lib/systemd/system-generators/systemd-sysv-generator ]]
testsuite-26.sh[1225]: + cat
testsuite-26.sh[2330]: /usr/lib/systemd/tests/testdata/units/testsuite-26.sh: line 299: /etc/init.d/issue-24990: No such file or directory
Follow-up to 5f882cc3ab32636d9242effb2cefad20d92d2ec2.
(cherry picked from commit 7fcf0fab078ed92a4f6c3c3658c0a9dfd67c9601)
CURLOPT_PROTOCOLS [0] was deprecated in libcurl 7.85.0 with
CURLOPT_PROTOCOLS_STR [1] as a replacement, causing build warnings/errors:
../build/src/import/curl-util.c: In function ‘curl_glue_make’:
../build/src/import/curl-util.c:255:9: error: ‘CURLOPT_PROTOCOLS’ is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations]
255 | if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK)
| ^~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/curl-util.c:6:
/usr/include/curl/curl.h:1749:3: note: declared here
1749 | CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181,
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since there's no grace period between the two symbols, let's resort
to a light if-def-ery to resolve this.
[0] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html
[1] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html
(cherry picked from commit e61a4c0b7c79eabbe4eb50ff2e663734fde769f0)
CURLINFO_PROTOCOL has been deprecated in curl 7.85.0 causing compilation
warnings/errors:
../build/src/import/pull-job.c: In function ‘pull_job_curl_on_finished’:
../build/src/import/pull-job.c:142:9: error: ‘CURLINFO_PROTOCOL’ is deprecated: since 7.85.0. Use CURLINFO_SCHEME [-Werror=deprecated-declarations]
142 | code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
| ^~~~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/pull-job.h:6,
from ../build/src/import/pull-common.h:7,
from ../build/src/import/pull-job.c:16:
/usr/include/curl/curl.h:2896:3: note: declared here
2896 | CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME")
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since both CURLINFO_SCHEME and CURLINFO_PROTOCOL were introduced in
the same curl version (7.52.0 [0][1]) we don't have to worry about
backwards compatibility.
[0] https://curl.se/libcurl/c/CURLINFO_SCHEME.html
[1] https://curl.se/libcurl/c/CURLINFO_PROTOCOL.html
(cherry picked from commit 2285c462ebb0b5d9a7043719a4f0d684a5dc37c2)
Inspired by #25957 there's one other place where we don't guard
acl_free() calls with a NULL check.
Fix that.
(cherry picked from commit 34680637e838415204850f77c93ca6ca219abaf1)
