1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-25 06:03:40 +03:00

39539 Commits

Author SHA1 Message Date
Lennart Poettering
3b21fd06ed
Merge pull request #12219 from keszybz/bootctl-check-entries
bootctl: check entries when showing them
2019-04-11 18:57:18 +02:00
Zbigniew Jędrzejewski-Szmek
1e5d2d6564 NEWS: update contributors and date v242 2019-04-11 18:28:36 +02:00
Sebastian Krzyszkowiak
155bc908bc hwdb: mark Apple Magic Trackpads as external
Applies only to USB - when connected via Bluetooth it already gets marked correctly.
2019-04-11 18:27:01 +02:00
Jonathan Lebon
30fdb8962a fstab-generator: use DefaultDependencies=no for /sysroot mounts
Otherwise we can end up with an ordering cycle. Since d54bab90, all
local mounts now gain a default `Before=local-fs.target` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.

Closes: #12231
2019-04-11 17:04:24 +02:00
Lennart Poettering
574ef404d8
Merge pull request #12279 from keszybz/sd-bus-long-signatures
sd-bus: properly handle messages with overlong signatures
2019-04-11 17:03:57 +02:00
Lennart Poettering
a3a1f24f81
Merge pull request #12274 from poettering/nss-fixlets
some nss module fixlets
2019-04-11 15:21:45 +02:00
Zbigniew Jędrzejewski-Szmek
fb270a26b2 sd-bus: add define for the maximum name length
Less magic numbers in the code…
2019-04-11 14:07:22 +02:00
Zbigniew Jędrzejewski-Szmek
cfcc0059bf sd-bus: add define for the maximum signature length
Less magic numbers in the code…
2019-04-11 14:02:59 +02:00
Zbigniew Jędrzejewski-Szmek
f0ae945ecc bus-message: validate signature in gvariant messages
We would accept a message with 40k signature and spend a lot of time iterating
over the nested arrays. Let's just reject it early, as we do for !gvariant
messages.
2019-04-11 14:01:38 +02:00
Lennart Poettering
8baaf650ef nss-resolve: list more errors as cause for fallback
If dbus-daemon kicks us from the bus or hangs, we should fallback too.

Fixes: #12203
2019-04-11 11:13:11 +02:00
Lennart Poettering
547fde4759 nss-resolve: simplify condition
Of course, if the error is NXDOMAIN then it's not one of the errors
listed for fallback, hence don't bother...
2019-04-11 11:13:11 +02:00
Lennart Poettering
2b0c1bfd8d nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar
This makes more semantical sense and is what we do in nss-resolve in a
similar case, hence let's remove the differences here.
2019-04-11 11:13:10 +02:00
Lennart Poettering
e09e7ac3c4 nss-myhostname: unify code that handles NOT_FOUND case
Just some minor rework to make this more like nss-resolve.
2019-04-11 11:13:10 +02:00
Lennart Poettering
a62fc245d0 nss-resolve: resue a jump target
We can reuse "fail" here, since it does the same thing.
2019-04-11 11:13:10 +02:00
Lennart Poettering
c7c468c92a nss-resolve: return error properly 2019-04-11 11:13:10 +02:00
Lennart Poettering
954cba660d nss-resolve: drop unnecessary variable
We assign the same value to "ret" always, let's just return the value
literally.
2019-04-11 11:13:10 +02:00
Lennart Poettering
fcd0f82e16
Merge pull request #12271 from poettering/errno-accept-again
accept() errno fixes
2019-04-11 10:22:46 +02:00
Yu Watanabe
8b0f4bac72 test: make directory for drop-in config
Follow-up for a2fbac5875776e9e327f30cf2a8b3070a4c1552a.
2019-04-11 09:58:47 +02:00
Zbigniew Jędrzejewski-Szmek
4ddff52640
Merge pull request #12270 from yuwata/test-set-longer-timeout
test: set longer timeout
2019-04-11 08:31:14 +02:00
Lennart Poettering
4ff9bc2ea6 tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call 2019-04-10 22:11:18 +02:00
Yu Watanabe
a2fbac5875 test: set longer watchdog timeout for timedated 2019-04-11 03:25:08 +09:00
Lennart Poettering
fb0302ddbc errno-util: add new ERRNO_IS_ACCEPT_AGAIN() test
This is modelled after the existing ERRNO_IS_RESOURCES() and in
particular ERRNO_IS_DISCONNECT(). It returns true for all transient
network errors that should be handled like EAGAIN whenever we call
accept() or accept4(). This is per documentation in the accept(2) man
page that explicitly says to do so in the its "RETURN VALUE" section.

The error list we cover is a bit more comprehensive, and based on
existing code of ours. For example EINTR is included too (since we need
that to cover cases where we call accept()/accept4() on a blocking
socket), and of course ERRNO_IS_DISCONNECT() is a bit more comprehensive
than the list in the man page too.
2019-04-10 20:03:38 +02:00
Lennart Poettering
7f00010601 errno-util: rework ERRNO_IS_RESOURCE() from macro into static inline function
No technical reason, except that later on we want to add a new
ERRNO_IS() which uses the parameter twice and where we want to avoid
double evaluation, and where we'd like to keep things in the same style.
2019-04-10 20:03:38 +02:00
Lennart Poettering
916a9ec7c6 errno-util: add three more error codes to ERRNO_IS_DISCONNECT()
This is based on the recommendations in accept4() and the listed error
codes there.
2019-04-10 20:03:38 +02:00
Lennart Poettering
7ebd758cf6 tree-wide: voidify some socket calls 2019-04-10 20:03:38 +02:00
Lennart Poettering
e2d0fa6feb lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC] 2019-04-10 20:03:38 +02:00
Yu Watanabe
70f3336e96 test: set longer timeout for 'udevadm control' 2019-04-11 02:27:15 +09:00
Yu Watanabe
86a3d44de5 network: fix use-of-uninitialized-value or null dereference
This fixes a bug introduced by 6ef5c881dd5568f08dc35013e24f7d857f36b207.

Fixes oss-fuzz#14157 and oss-fuzz#14158.
2019-04-10 18:18:11 +09:00
Paul Menzel
55a37d7117 Update UEFI URLs (#12260)
* Use more secure https://www.uefi.org

http://www.uefi.org directs to https://uefi.org/, so this saves one
redirect.

    $ curl -I http://www.uefi.org
    HTTP/1.1 302 Found
    Server: nginx
    Date: Tue, 09 Apr 2019 14:54:46 GMT
    Content-Type: text/html; charset=iso-8859-1
    Connection: keep-alive
    X-Content-Type-Options: nosniff
    Location: https://uefi.org/
    Cache-Control: max-age=1209600
    Expires: Tue, 23 Apr 2019 14:54:46 GMT

Run the command below to update all occurrences.

    git grep -l http://www.uefi.org | xargs sed -i 's,http://www.uefi.org,https://www.uefi.org,'

* Use https://uefi.org to save redirect

Save one redirect by using the target location.

    $ curl -I https://www.uefi.org
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Tue, 09 Apr 2019 14:55:42 GMT
    Content-Type: text/html; charset=iso-8859-1
    Connection: keep-alive
    X-Content-Type-Options: nosniff
    Location: https://uefi.org/
    Cache-Control: max-age=1209600
    Expires: Tue, 23 Apr 2019 14:55:42 GMT

Run the command below to update all occurrences.

    git grep -l https://www.uefi.org | xargs sed -i 's,https://www.uefi.org,https://uefi.org,'
2019-04-09 18:37:46 +02:00
Zbigniew Jędrzejewski-Szmek
74b45889e4
Merge pull request #12252 from keszybz/libmount-dont-unescape
Don't unescape paths from libmount
v242-rc4
2019-04-09 11:56:52 +02:00
Zbigniew Jędrzejewski-Szmek
52efbd8f0e
Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
network: add PresharedKeyFile= setting and make reading key file failure fatal
2019-04-09 10:52:52 +02:00
Zbigniew Jędrzejewski-Szmek
9d1b2b2252 pid1,shutdown: do not cunescape paths from libmount
The test added in previous commit shows that libmount does the unescaping
internally.
2019-04-09 09:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
b57adc94cd test-libmount: let's see how libmount parses stuff
With libmount-2.33.1-3.fc30.x86_64 I get:
/* test_libmount_unescaping_one escaped space + utf8 */
from '729 38 0:59 / /tmp/\342\200\236zupa\\040z\304\231bowa\342\200\235 rw,relatime shared:395 - tmpfs die\\040Br\303\274he rw,seclabel'
source: 'die Brühe'
source: 'die Br\303\274he'
source: 'die Brühe'
expected: 'die Brühe'
target: '/tmp/„zupa zębowa”'
target: '/tmp/\342\200\236zupa z\304\231bowa\342\200\235'
target: '/tmp/„zupa zębowa”'
expected: '/tmp/„zupa zębowa”'
/* test_libmount_unescaping_one escaped newline */
from '729 38 0:59 / /tmp/x\\012y rw,relatime shared:395 - tmpfs newline rw,seclabel'
source: 'newline'
source: 'newline'
source: 'newline'
expected: 'newline'
target: '/tmp/x
y'
target: '/tmp/x\ny'
target: '/tmp/x
y'
expected: '/tmp/x
y'
/* test_libmount_unescaping_one empty source */
from '760 38 0:60 / /tmp/emptysource rw,relatime shared:410 - tmpfs  rw,seclabel'
source: ''
source: ''
source: ''
expected: ''
target: '/tmp/emptysource'
target: '/tmp/emptysource'
target: '/tmp/emptysource'
expected: '/tmp/emptysource'
/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo'
target: '/tmp/foo'
target: '/tmp/foo'
expected: 'n/a'

With https://github.com/karelzak/util-linux/issues/780 fixed, we get

/* test_libmount_unescaping_one foo\rbar */
from '790 38 0:61 / /tmp/foo\rbar rw,relatime shared:425 - tmpfs tmpfs rw,seclabel'
source: 'tmpfs'
source: 'tmpfs'
source: 'tmpfs'
expected: 'tmpfs'
target: '/tmp/foo
bar'
target: '/tmp/foo\rbar'
target: '/tmp/foo
bar'
expected: '/tmp/foo
bar'
2019-04-09 09:07:40 +02:00
welaq
56d939e044 l10n: Updated Lithuanian translation 2019-04-09 09:00:16 +02:00
Yu Watanabe
78bb2866fd NEWS: mention PresharedKeyFile= 2019-04-09 15:50:23 +09:00
Yu Watanabe
9e5d79e7a1 test-network: add tests for WireGuardPeer.PresharedKey= and PresharedKeyFile= 2019-04-09 15:50:23 +09:00
Yu Watanabe
2b942a926c network: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN] 2019-04-09 15:50:23 +09:00
Yu Watanabe
26f86d500e network: warn when wireguard keys are stored in world readable files 2019-04-09 15:50:22 +09:00
Yu Watanabe
a3945c6361 network: add WireGuardPeer.PresharedKeyFile= setting 2019-04-09 15:50:22 +09:00
Yu Watanabe
6ef5c881dd network: clear wireguard keys on failure or on exit 2019-04-09 15:50:22 +09:00
Yu Watanabe
cb31e7c861 network: make reading PrivateKeyFile= failure always fatal
This also refactor wireguard_read_key_file().
2019-04-09 15:50:22 +09:00
Yu Watanabe
07d8c0eb1e fileio: add READ_FULL_FILE_UNBASE64 flag for read_full_file_full() 2019-04-09 15:50:22 +09:00
Yu Watanabe
50caae7b92 fileio: read_full_file_full() also warns when file is world readable and secure flag is set 2019-04-09 15:50:22 +09:00
Yu Watanabe
7a309a8c63 fileio: introduce warn_file_is_world_accessible() 2019-04-09 15:50:22 +09:00
Yu Watanabe
15f8f026cf util: introduce READ_FULL_FILE_SECURE flag for reading secure data 2019-04-09 15:50:16 +09:00
Zbigniew Jędrzejewski-Szmek
2c9e7540e0
Merge pull request #12241 from keszybz/two-man-link-additions
Two man link additions
2019-04-08 21:58:11 +02:00
Lennart Poettering
b473691d41 inhibit: fix argv[] usage
Another fix in style of ed179fd71030ddd657500591dac37e7499fc7b2c and
bd169c2be0fbdaf6eb2ea7951e650d5e5983fbf6..

I hope we are soon complete with these.

Fixes: #12246
2019-04-08 16:57:39 +02:00
Zbigniew Jędrzejewski-Szmek
ab80eca144 NEWS: add mention of time-set.target 2019-04-08 16:57:23 +02:00
Zbigniew Jędrzejewski-Szmek
7a447d2107 man: add a lengthy example for NamePolicy= debugging
This is still rather opaque, and test-builtin is quite useful in this
case, let's advertise it a bit more.
2019-04-08 15:36:02 +02:00
Zbigniew Jędrzejewski-Szmek
58576937bc man: say that .link NamePolicy= should be empty for Name= to take effect
The description of NamePolicy= implied this, but didn't spell it out. It's a
very common use case, so let's add a bit of explanation and ehance the example
a bit.

Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1695894.
2019-04-08 15:34:40 +02:00