1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

60066 Commits

Author SHA1 Message Date
Daan De Meyer
354dc913c5
Merge pull request #24635 from DaanDeMeyer/repart-verity-sig
repart: Add support for generating verity sig partitions
2022-09-23 18:53:04 +02:00
Daan De Meyer
b456191d3c repart: Add support for generating verity sig partitions 2022-09-23 16:15:37 +02:00
Daan De Meyer
8939d3351d openssl-util: Add x509_fingerprint() 2022-09-23 16:15:37 +02:00
Daan De Meyer
bc958a19e3 openssl-util: Allow declaring openssl struct pointers without openssl 2022-09-23 16:15:34 +02:00
Lennart Poettering
842beda4c5 TODO 2022-09-23 16:13:11 +02:00
Lennart Poettering
dd5533801b
Merge pull request #24700 from poettering/ssh-creds
support easy provisioning for SSH key of root user
2022-09-23 16:01:09 +02:00
Lennart Poettering
6e19a7ce13
Merge pull request #24628 from medhefgo/boot-sections
boot: Try to detect overlapping PE sections
2022-09-23 15:45:28 +02:00
Lennart Poettering
a9dba3ef5f
Merge pull request #24796 from yuwata/doc-update
documentation updates
2022-09-23 15:13:18 +02:00
Lennart Poettering
e711431d50
Merge pull request #24794 from DaanDeMeyer/repart-follow-ups
repart: Extend squashfs logic to all read-only filesystems
2022-09-23 15:12:56 +02:00
Daan De Meyer
35e596f83f docs: Mention that "certificateFingerprint" source should be in DER 2022-09-23 14:10:11 +02:00
Daan De Meyer
2812017cfb basic: Add strgrowpad0() 2022-09-23 14:10:07 +02:00
Lennart Poettering
addc84ec91
Merge pull request #24686 from d4nuu8/delta_output
shared/logs-show: add new --output= format "short-delta"
2022-09-23 13:33:55 +02:00
Daan De Meyer
3dd73ea77e dissect: Process verity sig partitions if a root hash is specified
If a root hash is specified, we should be checking that it matches
the root hash in the verity signature partition, so let's not skip
processing of the verity signature partitions if a root hash is
specified.
2022-09-23 12:24:09 +02:00
Daan De Meyer
3c5f7ec4ca test: Install openssl 3 extra library dependencies 2022-09-23 12:24:09 +02:00
Daan De Meyer
738edfe667 dissect: Log when we fail to load the verity signature partition 2022-09-23 12:24:09 +02:00
Daan De Meyer
bc259e2338 repart: Rename verity integration test definition files 2022-09-23 12:24:09 +02:00
Daan De Meyer
9c98e277e9 repart: Improve missing libcryptsetup error message 2022-09-23 12:24:09 +02:00
Daan De Meyer
b6db96a2a6 repart: Rename context_verity() to context_verity_hash() 2022-09-23 12:24:09 +02:00
Lennart Poettering
fdcc31b718 update TODO 2022-09-23 11:44:01 +02:00
Yu Watanabe
78f14b2ff0 README: drop graphs counting issues or PRs
These cannot be accessible anymore.
2022-09-23 18:29:22 +09:00
Yu Watanabe
0b0cdb1652 doc: drop remaining references to LGTM.com 2022-09-23 18:29:22 +09:00
Avamander
a79f5097e7
Updated Lenovo ThinkPad T440p/T440 touchpad fuzz (#24779) 2022-09-23 18:26:01 +09:00
Daniel Braunwarth
893bcd3d07 shared/logs-show: add new --output= format "short-delta"
This new output formatting option is similar to "short-monotonic" but
also shows the time delta between two messages.

This fixes #24641.
2022-09-23 10:07:03 +02:00
Daniel Braunwarth
275e6be052 logs-show: move timestamp reading into show_journal_entry() 2022-09-23 10:07:03 +02:00
Daan De Meyer
eaec699494 shared: Don't try to generate read-only filesystem that we don't support
We need explicit support to generate read-only filesystems, since we
always need to pass a source tree to the mkfs binary to populate the
filesystem. As such, let's add an explicit check to return a
recognizable error when users try to generate a read-only filesystem
that we don't support.
2022-09-23 09:55:26 +02:00
Daan De Meyer
eb43379cec repart: Extend squashfs logic to all read-only filesystems
The same logic will apply to every read-only filesystem that we
might add support for in the future, so let's make this a bit more
future proof.
2022-09-23 09:55:17 +02:00
Lennart Poettering
d1666bde9c update TODO
(let's also merge all TODO items about adding creds support to various
tools into one item)
2022-09-23 09:34:12 +02:00
Lennart Poettering
0bbc5a5674 man: add man page decribing well known system credentials 2022-09-23 09:33:00 +02:00
Lennart Poettering
aebdd3f3d7 test: add test case for new ':' uid/gid/access modifier in tmpfiles.d 2022-09-23 09:31:54 +02:00
Lennart Poettering
fdc4b8b1e0 man: document new : modified for uid/gid/access mode in tmpfiles.d 2022-09-23 09:30:57 +02:00
Lennart Poettering
4cebd207d1 tmpfiles: add lines for provisioning ssh keys for root by default
With this, I can now easily do:

    systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot

To boot into an image with my SSH key copied in. Yay!
2022-09-23 09:30:00 +02:00
Lennart Poettering
27f6aa0b71 tmpfiles: rework empty_directory() to also use chase_symlinks() 2022-09-23 09:28:59 +02:00
Lennart Poettering
9e430ce3d4 tmpfiles: move symlink creation into its own function, and modernize
Let's ensure it also operates based on O_PATH, like fifo/device node/…
creation.
2022-09-23 09:27:53 +02:00
Lennart Poettering
8f6fb95cd0 tmpfiles: whenever creating an inode, immediately O_PATH open it to pin it
let's make things a bit less racy: whenever we create an inode,
immediately open it via O_PATH, compare type and continue operations
with the acquired fd.
2022-09-23 09:26:56 +02:00
Lennart Poettering
497ca785aa fs-util: add mknodat_atomic() 2022-09-23 09:25:33 +02:00
Lennart Poettering
4f477796f3 fs-util: make mkfifo_atomic() just a shortcut for mkfifoat_atomic() 2022-09-23 09:24:05 +02:00
Lennart Poettering
da9dd029a2 fs-util: replace symlink_atomic() by symlinkat_atomic() 2022-09-23 09:22:36 +02:00
Lennart Poettering
cc43328c7f tmpfiles: allow prefixing uid/gid/mode with ":" to only apply on creation
In some cases it is useful to specify the access mode/uid/gid for inodes
we create without also enforcing them on existing inodes. Let's add a
new flag for that: if the uid/gid/mode specificaitons are prefixed with
":", then they only apply to creation, not otherwise.

This is specifically useful for provisioning SSH keys later. Those we'd
like to provision like this:

<snip>
d /root :0700 root root -
d /root/.ssh :0700 root root -
f^ /root/.ssh/authorized_keys - - - - ssh.authorized_keys
</snip>

While /root/ + /root/.ssh/ being owned by root is pretty uncontroversial
the access mode of /root/ and /root/.ssh/ might not be. Hence we should
only have a default mode defined that is used when we create the dir,
but not otherwise.
2022-09-23 09:21:34 +02:00
Lennart Poettering
a9bc518c08 tmpfiles: generalize CreationMode and pass it everywhere
For some purposes we had CreationMode which indicates whether an inode
was created by us, or is pre-existing. Let's generalize that for *all*
operations. This is later useful to conditionalize certain operations on
that (and makes the codebase more systematic)
2022-09-23 09:20:37 +02:00
Lennart Poettering
c5d554aa66 tmpfiles: rebreak some comments 2022-09-23 09:19:02 +02:00
Daan De Meyer
c8f38bf077
Merge pull request #24797 from yuwata/networkctl
networkctl: several table format updates
2022-09-23 08:45:47 +02:00
Yu Watanabe
f8d7c0c55e networkctl: re-order entries in status command
Also fixes "Speed:" field, which may show empty value.
2022-09-23 11:20:26 +09:00
Yu Watanabe
767bc538c5 test-network: fix matching string
This partially reverts 5515f2169c.
As the commit changes 'networkctl list', not 'networkctl status'.
2022-09-23 10:43:17 +09:00
Yu Watanabe
3874765735 networkctl: use "-" for empty LLDP entries 2022-09-23 10:39:42 +09:00
Yu Watanabe
67c3e1f63a udev: support by-path devlink for multipath nvme block devices
If multipath feature is enabled, nvme block devices may belong to the
"nvme-subsystem" subsystem, instead of "nvme" subsystem.
(What a confusing name...)

Then, the syspath is something like the following,
    /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1
Hence, we need to find the 'real parent' device, such as
    /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964.
Replaces #24748.
2022-09-23 10:21:46 +09:00
Yu Watanabe
68f2134954
Merge pull request #24790 from poettering/run-chdir
run: let's make --working-directory= just work with --scope
2022-09-23 10:20:14 +09:00
Adam Williamson
97f9950698 kbd-model-map: add a mapping for switched czech qwerty/us
See https://bugzilla.redhat.com/show_bug.cgi?id=2121106 for the
background on this. One of Fedora's QA folks ran an install
and chose two keyboard layouts: Czech (qwerty) and US. Due to
the sad details of how the whole logic flow for trying to decide
what kbd layout best matches a given xkb config works (see
details in the bug comments), we wound up deciding the best-
matching kbd layout for this situation was cz-us-qwertz, which
is a czech/us switched layout, but is qwertz, not qwerty. This
seems like a poor outcome. Adding this line should result in us
picking cz-qwerty in this case. Which may be the 'legacy'
cz-qwerty.map from upstream kbd project (which is switched
cz/us), or may be the auto-converted xkb layout (which obviously
isn't switched). But either way, at least its primary mode is
Czech qwerty, which seems like a *better* choice than a layout
whose primary mode is Czech qwertz.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2022-09-23 10:19:41 +09:00
Luca Boccassi
c9d65b921b
Merge pull request #24771 from poettering/destroy-pcr11
extend boot phase information into PCR 11 during boot
2022-09-22 20:08:27 +01:00
Antonio Alvarez Feijoo
b5f8a35f39 man/portablectl: fix references to options 2022-09-22 20:04:49 +01:00
Daan De Meyer
e3a1cd9e98
Merge pull request #24746 from DaanDeMeyer/repart-split
repart: Add --split option to generate split artifacts
2022-09-22 19:09:12 +02:00