IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If everything points to the fact that TPM2 should work, but then the
driver fails to initialize we should handle this gracefully and not
cause failing services all over the place.
Fixes: #25700
(cherry picked from commit 0318d54539)
Before v252, HibernateDelaySec= specifies the maximum timespan that the
system in suspend state, and the system hibernate after the timespan.
However, after 96d662fa4c, the setting is
repurposed as the default interval to measure battery charge level and
estimate the battery discharging late. And if the system has enough
battery capacity, then the system will stay in suspend state and not
hibernate even if the time passed. See issue #25269.
To keep the backward compatibility, let's introduce another setting
SuspendEstimationSec= for controlling the interval to measure
battery charge level, and make HibernateDelaySec= work as of v251.
This also drops implementation details from the man page.
Fixes#25269.
(cherry picked from commit 4f58b656d9)
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
(cherry picked from commit 218cfe2335)
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
(cherry picked from commit 300bba79c2)
Quoting Richard Fontana in [1]:
CC0 has been listed by Fedora as a 'good' license for code and content
(corresponding to allowed and allowed-content under the new system). We plan
to classify CC0 as allowed-content only, so that CC0 would no longer be
allowed for code.
Over a long period of time a consensus has been building in FOSS that
licenses that preclude any form of patent licensing or patent forbearance
cannot be considered FOSS. CC0 has a clause that says: "No trademark or
patent rights held by Affirmer are waived, abandoned, surrendered, licensed
or otherwise affected by this document." (The trademark side of that clause
is nonproblematic from a FOSS licensing norms standpoint.) The regular
Creative Commons licenses have similar clauses.
For the case of our documentation snippets, patent issues do not matter much.
But it is always nicer to have a license that is considerred acceptable without
any further considerations. So let's change the license to the (now recommended
replacement) MIT-0.
[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NO7KGDNL5GX3KCB7T3XTGFA3QPSUJA6R/
Using 'git blame -b' and 'git log -p --follow', I identified the following
folks as having made non-trivial changes to those snippets:
Lennart Poettering
Tom Gundersen
Luca Bocassi
Zbigniew Jędrzejewski-Szmek
Thomas Mühlbacher
Daan De Meyer
I'll ask for confirmation in the pull request.
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.
Result of the mess that is #25052.
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.
There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".
The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).
This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.
This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.
Note --private-key and --certificate options for configuring
verity signature partitions in the listing of options.
Adjust one error message referring to the --certificate option.
The new function DumpPatterns() can be used to limit (drastically) the size of
the data returned by PID1. Hence the optimization of serializing data into a
file descriptor should be less relevant than having the possibility to limit
the data when communicating with the service manager remotely.
NB: when passing patterns, the dump command omits the version of the manager as
well as the features and the timestamps.
Let's nudge people towards the use of an anonymous buffer like we
do internally.
"errno" → "errnum", to match the man page for strerror, and also to avoid
confusion with the global variable. In general, I think that errno is a
terrible interface and we shouldn't encourage people to use it. Those functions
use errno-style error numbers, which are a different thing.
The need to set errno is very very ugly, but at least it is thread-safe and
works correctly. Using strerror() is likely to be wrong, so let's not recommend
that. People who do a lot of logging would provide use some wrapper that sets
errno like we do, so nudge people towards %m.
I tested that all the separate .c files compile cleanly.
This way it's much easier to test that the code compiles without issues.
It's also easier to edit the code.
Indentation in one of the examples is reduced to two spaces. This is what we
use in man pages to make them fit on screen better.