IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ifname_resolvconf_mangle is supposed to remove protocol suffixes like .dhcp
from interface names. But this removed also valid parts of the ifname like
VLAN IDs, e.g. enp2s0u4.72.dhcp -> enp2s0u4 instead of enp2s0u4.72
After this change, everything behind the last dot is removed instead of the first.
(cherry picked from commit e8d0eb3915ac33cc0d3da87a836cee6e61645227)
This tweaks user creation logic to properly take into consideration
an explicitly requested GID.
It fixes a bug where the creation flow would mistakenly fall back
to use the username instead, resulting in wrong lookups in case of
users and groups using the same name.
(cherry picked from commit 5ed47c4d230b9491339c16c6ea4181dfd293bc98)
This relaxes the availability check when creating a group, if an
explicit GID has been requested.
It avoids mixing up users and groups entries with valid and unique
UIDs/GIDs, but each having the same ID number.
(cherry picked from commit 6b6e45eb7386bb4399746b70f6f606caea450fed)
Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315.
This also renames several macros for DHCP packet size.
(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b)
When deploying an image using systemd-repart and systemd-growfs one
should have the image expanded entirely and ready to use after the first
boot. This ensures that growfs does not occur before repart, thus
requiring a second boot.
(cherry picked from commit 7b45d6b6f64e9f5c006bdf31559a77294dbe00ad)
A compile time option is added to select behaviour: by default
UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to
UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to
opt-in can use the config option to change the behaviour.
(The option is just a boolean: it would be possible to make it multi-valued,
and allow full, enable-only, disable-only, none. But so far nobody has asked
for this, and it's better not to complicate things needlessly.)
With the configuration option flipped, instead of only doing enablements,
perform a full preset on first boot. The reason is that although
`/etc/machine-id` might be missing, there may be other files provisioned in
`/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of
those possible files include enablement symlinks even if presets dictate it
should be disabled.
Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS,
where we ship `/etc` as if `preset-all` were called. However, we want to
allow users to disable default-enabled services via Ignition, which does
this by creating preset dropins before switchroot. (For why we do
`preset-all` at compose time, see:
https://github.com/coreos/fedora-coreos-config/pull/77).
For example, the composed FCOS image has a `enable zincati.service`
preset and an enablement for that in `/etc`, while at boot time when we
switch root, there may be a `disable zincati.service` preset with higher
precedence. In that case, we want systemd to disable the service.
This is essentially a revert of 304b3079a203. It seems like systemd
*used* to do this, but it was changed to try to make the container
workflow a bit faster.
Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
(cherry picked from commit 93651582aef1ee626dc6f8d032195acd73bc9372)
This fixes error in parsing message when the rapid commit option is
located at the end of the message.
Fixes an issure reported in #24002.
(cherry picked from commit 68870a46b3b5d3d5b51d1c27b4128b8fb5188ecb)
This reverts commit f42d41cc5f9cd8cac538a1c30fda04d346b5bae2.
DHCPv6 client does not require MAC address.
DHCPv4 client will be handled in a different way in a later commit.
Partially fixes#23546.
(cherry picked from commit 8f4f6307313ccad0b068697bb054a105e5a50e92)
crypt_init_data_device() replaces the crypt_device struct with a
new allocation, losing the old one, which we get from crypt_init().
Use crypt_set_data_device() instead.
Enhance the test to cover this option too.
(cherry picked from commit 872f9da4d8b67b012f1b1b227416d0c99bcdf43c)
The llvm bpf compiler appears to place const volatile variables in
a non-standard section which creates an incompatibility with the gcc
bpf compiler.
To fix this force GCC to also use the rodata section.
Note this does emit an assembler warning:
Generating src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o with a custom command
/tmp/ccM2b7jP.s: Assembler messages:
/tmp/ccM2b7jP.s:87: Warning: setting incorrect section attributes for .rodata
See:
https://github.com/llvm/llvm-project/issues/56468
Fixes:
../src/core/restrict-ifaces.c:45:14: error: ‘struct
restrict_ifaces_bpf’ has no member named ‘rodata’; did you mean
‘data’?
45 | obj->rodata->is_allow_list = is_allow_list;
| ^~~~~~
| data
(cherry picked from commit e8b1e9cf1095f9d6d0f1e2dce2503e25fec2e6c5)
According to the C++ ISO standard, a conformant compiler is allowed to
define this macro to any value for any reason as it is implementation
defined: https://timsong-cpp.github.io/cppwp/cpp.predefined#2.3
This mean that it cannot be assumed that it is not defined in a C++.
Change the condition to reflect that.
(cherry picked from commit 00852912edc69e652f4932fa536da60528f08ed3)
And point people to "journalctl --unit=" for information of prior runs.
Inspired by: #24159
(cherry picked from commit 157cb4337b83359267050bff43c1ad39b0303f10)
Via the "backing_fd" variable we intend to pin the backing inode through
our entire code. So far we typically created the fd via F_DUPFD_CLOEXEC,
and thus any BSD lock taken one the original fd is shared with our
backing_fd reference. And if the origina fd is closed but our backing_fd
is not, we'll keep the BSD lock open, even if we then reopen the block
device through the backing_fd. If hit, this results in a deadlock.
Let's fix that by creating the backing_fd via fd_reopen(), so that the
locks are no longer shared, and if the original fd is closed all BSD
locks on it that are in effect are auto-released.
(Note the deadlock is only triggered if multiple operations on the same
backing inode are executed, i.e. factory reset, resize and applying of
partitions.)
Replaces: #24181
(cherry picked from commit 38f81e937426993cfc899aa09298f69f00935852)
Everywhere else that `conf.get('ENABLE_*')` is used as a boolean key for
something (for example in if statements) it always checks if == 1, but
in this one case it neglects to do so. This is important because
conf.get yields the same int that was stored, but if statements require
booleans.
So does executable's "install" kwarg, at least according to the
documentation. In actuality, it accepts all types without sanity
checking, then uses python "if bool(var)", so you can actually do
`install: 'do not'` and that's treated identical to `true`. This is a
type-checking bug which Meson will eventually fix.
muon fails on the same code, today.
(cherry picked from commit 9e4a50bcdf7a275766e4f5c7af012c32bc22128d)
by default, gcrypt defaults to an userspace RNG, this is
the wrong thing (tm) to do on linux.
Switch to the SYSTEM rng instead.
(cherry picked from commit 80f967311ac53ae43b5a26332f32cc6665661338)
Kubevirt is currently technically based on KVM (but not xen yet[1]).
The systemd-detect-virt command, used to differentiate the current
virtualization environment, works fine on x86 relying on CPUID, while
fails to get the correct value (none instead of kvm) on aarch64.
Let's fix this by adding a new 'vendor[KubeVirt] = kvm' classification
considering the sys_vendor is always KubeVirt.
[1] https://groups.google.com/g/kubevirt-dev/c/C6cUgzTOsVg
Signed-off-by: Fei Li <lifei.shirley@bytedance.com>
(cherry picked from commit c15d1ac2c4e8ce46c6d07621f7d5531cbc2160a8)
Otherwise, if we have many cached entries or pending transactions with
TYPE_ANY, then dns_transaction_make_packet_mdns() fails with -EMSGSIZE.
This also fixes use-after-free.
Fixes#23894.
(cherry picked from commit 325513bc776c739a814996cc5c483235ca92be86)
Fixes the following assertion:
---
Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting.
---
(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad)
This also fixes timeout in dns_transaction_make_packet_mdns(), which was
incremented multiple times.
(cherry picked from commit 87b91644dbc14d9cdf4c614a3ac2dd8c15733cf6)
Also, this makes mDNS regular queries sent without delay (except for
one caused by the default accuracy of sd-event).
Note, RFC 6762 Section 5.2 is about continuous mDNS query, which is not
implemented yet.
(cherry picked from commit 765647ba805727e93ac8607e38c7b60da2aab2dd)
When running on images you don't want to modify the /tmp
directory even if it's writable, and often it will just
be read-only. Set PrivateTmp=yes.
Fixes https://github.com/systemd/systemd/issues/23592
(cherry picked from commit f2d26cd89b195e53f184387f1a5b97a98512c82a)
This reverts commit e4de58c8231e47509ffeb3aa47620ca42f22d7f6.
If mkdir() fails and the path does exist, then the later mount
command fails anyway. Hence, it is not necessary to fail here.
Fixes#24120.
(cherry picked from commit e5e6b7c225987551ebda14d2d7feadb66a64fb3c)
We ignore xattr copy failures on all other cases, and we should do so
here too.
Fixes: #24106
(cherry picked from commit d3efe29452aeddc395865469b776fe7a1eb45eae)
