IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Currently, the tpm2 support will use encrypted sessions by creating a
primary key that is used to encrypt traffic. This creates a problem as
the key created for encrypting the traffic could be faked by an active
interposer on the bus. In cases when a pin is used, we can introduce the
bind key. The pin is used as the auth value for the seal key, aka the
disk encryption key, and that auth value can be used in the session
establishment. An attacker would need the pin value to create the secure
session and thus an active interposer without the pin could not
interpose on TPM traffic.
Related-to: #22637
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit adds a new Verity= setting to repart definition files
with two possible values: "data" and "hash".
If Verity= is set to "data", repart works as before, and populates
the partition with the content from CopyBlocks= or CopyFiles=.
If Verity= is set to "hash", repart will try to find a matching
data partition with Verity=data and equal values for CopyBlocks=
or CopyFiles=, Format= and MakeDirectories=. If a matching data
partition is found, repart will generate verity hashes for that
data partition in the verity partition. The UUID of the data
partition is set to the first 128 bits of the verity root hash. The
UUID of the hashes partition is set to the final 128 bits of the
verity root hash.
Fixes#24559
Let's return ENOSYS if /proc/ is not mounted (as that's what we usually
return in that case in various helpers that operate on /proc/). Return
EOPNOTSUPP if the kernel simply doesn't support userns.
Currently, dissect_image() is only called through dissect_loop_device(),
and the LoopDevice object has device name. Hence, it is not necessary to
get device name in dissect_image().
Note, currently, for each call of dissect_loop_device_and_warn(), the
specified name is equivalent to the path passed to loop_device_make_by_path().
Hence, this should not change the current behavios.
This arg expects scan codes and it can be very confusing to find a key
conflict when trying to add a F3 button when there are no F3 keycodes
seemingly in use. CHAR_CARRIAGE_RETURN and SCAN_F3 use the same value,
so no changes in behavior.
D-Bus interfaces can have multiple methods with the same name, as long
as they have different arguments (signature). Currently busctl can call
those methods but when introspecting the interface it just displays
"Duplicate method"
This PR fixes the behavior, by also adding the signature to the hash for
the members set.
Before this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
Invalid introspection data: duplicate method 'sendMessage' on interface 'org.asamk.Signal'.
After this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.asamk.Signal interface - - -
.sendMessage method as x -
.sendMessage method s x -
Calling the methods already works as expected, as the user must specify
the signature explicitely:
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "as" 2 foo bar
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "s" foo
$ busctl --xml introspect org.asamk.Signal /org/asamk/Signal
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node name="/org/asamk/Signal">
<interface name="org.asamk.Signal">
<method name="sendMessage" >
<arg type="as" direction="in"/>
<arg type="x" direction="out"/>
</method>
<method name="sendMessage" >
<arg type="s" direction="in"/>
<arg type="x" direction="out"/>
</method>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg type="s" direction="out"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Peer">
<method name="Ping">
</method>
</interface>
</node>
On certain systems the `install_libnss()` function might end up with an
empty list of libraries to install, which triggers an assertion in
`image_install()`:
```
I: Install libnss
..//test-functions: line 2721: 1: parameter null or not set
make: *** [Makefile:4: setup] Error 1
```
E.g.:
```
# LD_DEBUG=files getent passwd 2>&1 >/dev/null | sed -n '/calling init: .*libnss_/ {s!^.* /!/!; p}'
/lib64/libnss_sss.so.2
/lib64/libnss_systemd.so.2
# dnf -y remove sssd-client systemd-libs
# LD_DEBUG=files getent passwd 2>&1 >/dev/null | sed -n '/calling init: .*libnss_/ {s!^.* /!/!; p}'
<no output>
```
Let's handle this case gracefully.
Until now using the INTERACTIVE_DEBUG=yes stuff together with sanitizers
was almost impossible, since the console kept eating up our inputs or
not responding at all. After a painful day of debugging I noticed that
if we use a shell script in the initrd -> root transition, we might end up
with a plymouthd still running, which kept screwing with the tty.
E.g. with initrd -> wrapper -> systemd transition, where the `wrapper`
is a simple script:
```
exec -- /usr/lib/systemd/systemd "$@"
```
we'd end up with a stray plymouthd process after the bootup:
```
1 0 440 2 20 0 0 0 worker I ? 0:00 [kworker/5:2-ata_sff]
1 0 453 2 20 0 0 0 worker I ? 0:00 [kworker/9:2-rcu_gp]
5 0 456 1 20 0 7252 1960 do_epo S ? 0:00 @usr/sbin/plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session
```
After killing it, the tty works finally as expected.
