IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes a bug introduced by 08b04ec7e72b7327b4803809732b1b8fce8dd069 and
953006dcb0a37a57aed0e762ff6289700e8689e8.
Fixes#28725.
(cherry picked from commit 685e0dd1924cce44327040b08a8980af2192bf59)
Otherwise, we silently ignore the received packet and that makes hard to
debug issue.
(cherry picked from commit 809da721f0167f88234e55a342e82023019e2341)
Otherwise, manager_parse_dns_server_string_and_warn() or
manager_parse_search_domains_and_warn() will trigger assertion.
(cherry picked from commit 91acee9906e973365109b1b1d5e880ced9aeae65)
If emergency.target is started while initrd-parse-etc.service/start is queued,
the initrd-parse-etc job did not get canceled. In parallel to the emergency
units, it eventually runs the service, which starts initrd-cleanup.service,
which in turn isolates initrd-switch-root.target. This stops the emergency
units and effectively starts the initrd boot process again, which likely
fails again like the initial attempt. The system is thus stuck in an endless
loop, never really reaching emergency.target.
With this conflict added, starting emergency.target automatically cancels
initrd-parse-etc.service/start, avoiding the loop.
(cherry picked from commit 327cd2d3db703555f8d572b4cd055fbe55e1068b)
The systemctl completion previously made use of PREFIX as a pattern
argument to list-unit-files and list-units. This had the problem of
erroneously filtering the results that were stored in the cache, and
erroneously filtering results that might have been requested according
to the users configuration (e.g. _correct completer, certain
matcher-lists or tag-orders, etc.).
Unfortunately, the runtime of list-unit-files increases when no pattern
argument is provided, and systemctl show, used to filter those units,
can become unacceptably slow when provided with too many units to
describe.
Let's re-introduce the pattern argument to list-unit-files and
list-units where necessary in order to alleviate these bottlenecks
without poisining the cache. A 'use-pattern' style is introduced that
may be used to disable this behavior if it is undesired. We can still
expect that certain completions, like `systemctl start <TAB>` will be
slow, like before. To fix this we will need systemd to learn a more
efficient way of filtering the units than parsing systemctl show.
(cherry picked from commit 2cbda74862049be2003496c7d432341d53a0fdf9)
The systemctl invocations used for these completions match the ones used
for the _sys_really_all_units parameter, so we should really just use
the cached parameter rather than recomputing the result.
(cherry picked from commit c8e2cd79c155151bcdb983eedd24a6a77082c41b)
This partially reverts the commit 684bce3d54463b3222246f72adfe82ad5d176fea
and fixes the issue introduced by it.
Fixes#28711.
(cherry picked from commit beddf8ba29152e8b7d8c04b8fc929ac33b693166)
We'll need this on each read() again, hence let's just allocate this
once and then reuse it for subsequent read()s.
Follow-up for: #28639
(cherry picked from commit 3c8680585c698668c4d9774d3801d3446a194113)
bus_unit_queue_job_one has two callers:
- bus_unit_queue_job which would do the appropriate transormations
to turn JOB_TRY_RESTART into JOB_TRY_RELOAD,
- and method_enqueue_marked_jobs which did not.
In effect, method_enqueue_marked_jobs() would queue restart jobs for
units which has Markers= needs-reload or needs-restart.
When the chunk of code which does the transformations is moved from
bus_unit_queue_job to bus_unit_queue_job_one, there is no change for
bus_unit_queue_job, and method_enqueue_marked_jobs is fixed.
The additional checks that are done seem reasonable to do from
method_enqueue_marked_jobs: we shouldn't be restarting units which are
configured to not allow that, or force unwanted start of dbus-broker.
(cherry picked from commit 8ea8e23f4013dbc4f4a66c81eb786f0505434f2e)
Follow-up for 99299d0d5a722812cedc0a23e4987f90a257c2d2
is_device_node() calls lstat(), causing device node
symlinks under /dev/disk/ not being compared correctly
using devnode_same().
Fixes#28585
(cherry picked from commit cc1e1bb03e49ccb90f36173a3d1ff10ab5676eb0)
Handle the case when all the arguments are passed in through a
configuration file:
$ cat ukify.conf
[UKI]
Linux = /boot/vmlinuz-linux
Initrd = /boot/initramfs-linux.img
Before:
$ src/ukify/ukify.py --config ukify.conf build
Traceback (most recent call last):
File "/root/systemd/src/ukify/ukify.py", line 1604, in <module>
main()
File "/root/systemd/src/ukify/ukify.py", line 1590, in main
opts = parse_args()
^^^^^^^^^^^^
File "/root/systemd/src/ukify/ukify.py", line 1584, in parse_args
apply_config(opts)
File "/root/systemd/src/ukify/ukify.py", line 1431, in apply_config
item.apply_config(namespace, section_name, group, key, value)
File "/root/systemd/src/ukify/ukify.py", line 1123, in apply_config
self.config_push(namespace, group, dest, value)
File "/root/systemd/src/ukify/ukify.py", line 1019, in config_list_prepend
setattr(namespace, dest, value + old)
~~~~~~^~~~~
TypeError: can only concatenate list (not "NoneType") to list
After:
$ src/ukify/ukify.py --config ukify.conf build
Kernel version not specified, starting autodetection 😖.
Found uname version: 6.4.7-arch1-3
Wrote unsigned vmlinuz-linux.unsigned.efi
Resolves: #28688
(cherry picked from commit 0be1de7ffc4a608482e45890425b6fd90f6073f0)
The count field indicates the number of elements in the pcrSelections field,
and the size of each elements is greater than 1 byte, so using sizeof() is
incorrect when verifying the count field is valid; instead ELEMENTSOF() should
be used.
Caught by coverity check: https://github.com/systemd/systemd/pull/26331#pullrequestreview-1556629586
(cherry picked from commit 9afd4dde22f852fa4643799b218bef268a76272c)
The tty user is not guaranteed to exist, so let's remove the dependency
from the test.
(cherry picked from commit a1fedc613fe90b9f1f253fd02a7a6575351a27cc)
We already handle the case where /etc/machine-id is empty. Let's make
sure we also handle the case where /etc/machine-id is "uninitialized".
(cherry picked from commit 5dd814d7cd88b9d58c7c5bd79fb27ee2b22e82a3)
c18f4eb9e96836a made it possible to use --force with various verbs, by
going through the newer D-Bus methods. Except it didn't, as it regressed
during PR review refactorings, and nobody noticed because there were no
tests for it. Fix it, and add tests.
Follow-up for c18f4eb9e96836a6a8285ec42fd8a34c8909f6d9
(cherry picked from commit bdfa3f3a5c6d16d56d432e7bc52be0c03a5ce6ad)
Older versions used CreatePrimary() to create a transient primary key to use
when creating a sealed data object. That was changed in v254 to use Create()
instead, which should result in the same transient key, but it seems some
hardware TPMs refuse to allow using Create() to generate primary keys.
This reverts to using CreatePrimary() to create primary key.
Fixes: #28654
(cherry picked from commit aff853f8ea29f22b28e3b584807893c528227769)
Unmounting filesystem will be done gracefully by shutdown itself.
Follow-up for f2c1d491a539035d6cc1fa53a7cef0cbc8d52902 and
268d1244e87a35ff8dff56c92ef375ebf69d462e.
(cherry picked from commit 6b219b74de53729249956221a971047aab7c96e0)
Mounting /run/ recursively may be harmless, but not necessary on
shutdown as the new root is /run/initramfs.
Follow-up for b12d41a8bb7c99f7d7a1c7821a886d98b42d9ce0.
(cherry picked from commit d709d1b20e2e15ee2ae1b44de94d493e17834235)
We were passing the dir handle for the ESP to
config_entry_bump_counters(), which will obviously fail if the entry
actually resides on the XBOOTLDR partition.
Fixes: #28637
(cherry picked from commit 66fd078ba89e90e8aeba6edac52d20456fc2cd5d)
$ journalctl -u systemd-bless-boot.service
systemd[1]: Starting Mark the Current Boot Loader Entry as Good...
systemd-bless-boot[536]: Marked boot as 'good'. (Boot attempt counter is at 2.)
systemd-bless-boot[536]: Can't find boot counter source file for '/loader/entries/arch.conf': Device or resource busy
systemd[1]: Finished Mark the Current Boot Loader Entry as Good.
(cherry picked from commit 8f30a066ff48325c9197ae3b103cd446852b9f3d)
Since it's ~16K, which might cause issues in environments with limited
stack space.
Resolves: #28635
(cherry picked from commit b456f2266afd839f8817235475e57c38e9d76dc9)
Otherwise, it also matches later created virtual devices, and that
breaks networks generated and managed by container management services,
like docker.
Closes#28626.
(cherry picked from commit c25aa6c8acc6d95eaacae7858a7057907d61a25e)
Fixes
| ../git/src/basic/user-util.c:708:30: error: use of undeclared identifier 'LOCK_EX'; did you mean 'LOCK_BSD'?
| 708 | r = unposix_lock(fd, LOCK_EX);
| | ^~~~~~~
| | LOCK_BSD
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 213ddf2d0525535533a8d758b50b99fcbd31c17b)
This is clearly a change that can break existing units, and broke my
system in at least two different ways. For this reason this should have
been added to NEWS in #26458, specifically c2da3bf, but wasn't.
(cherry picked from commit 6b2d576f2b38c0385bb056af328754ec8966f9fd)
We were running systemd-measure before adding the sbat section,
let's fix that.
Also make sure we only pass --linux to systemd-measure once instead
of twice.
(cherry picked from commit d713104abef503708451a8efd88a7f5a78418f91)
Private mappings are required when F_SEAL_WRITE is set on a memfd,
because otherwise you could end up with writable mappings through
mprotect() and other calls. This is a limitation of the kernel
implementation, and might be lifted by future extensions.
Regardless, the current code tests for the full `is_sealed()` before
using MAP_PRIVATE. This might end up using MAP_SHARED for write-sealed
memfds, which will be refused by the kernel.
Fix this and make memfd_map() check for exactly `F_SEAL_WRITE`.
(cherry picked from commit 69688410566aa9e2a00530abd91e7dfef0212c83)
Add wrappers around GET/ADD_SEALS to allow future use outside of the
current `memfd_get/set_sealed()` helpers.
(cherry picked from commit 4d903003715b160acf7bf4baeffee7829ff99f85)
Rather than always setting all seals, make `memfd_set_seals()` employ
the original set of seals, that is: SEAL+GROW+SHRINK+WRITE
Historically, the memfd code was used with the out-of-tree memfd
patches, which merely supported a single seal ("SEALED", which
effectively was GROW+SHRINK+WRITE). When the code was adapted to the
upstream memfd seals, it was extended to the full seal set. With more
and more seals being added upstream, this because more problematic. In
particular, it is unclear what the function really is meant to achieve.
Instead of just adding all seals, the function is returned to its
original purpose: seal the memfd so futher modifications to its content
are prevented.
(cherry picked from commit e1007a928a18baad7726113c9f473dd8b17cc0fe)
With `F_SEAL_SEAL` a memfd can disable further sealing operations,
effectively sealing the set of seals. Testing for it ensures that no
further seals can be added, it never prevents seals from being dropped,
since seals cannot be dropped, ever.
Now testing for `F_SEAL_SEAL` makes sense if you want to ensure that
some seals are *not* set. That is, you either test for the entire set of
seals to match a local set, or you verify that a specific seal is not
set. Neither is what we are doing, so it feels wrong requiring it to be
set.
By dropping the requirement for `F_SEAL_SEAL`, the same FD can be shared
with other entities while retaining the ability to further restrict the
set of seals later on (e.g., being able to mark a region as executable
later on, and then adding `F_SEAL_EXEC`).
(cherry picked from commit d268b22b25f4a911067b3779f06dce8355af6868)
