1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-29 11:21:33 +03:00
Commit Graph

238 Commits

Author SHA1 Message Date
Lennart Poettering
047273e6e8 pcrphase: add two additional phases
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".

The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).

This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.

This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.
2022-10-17 12:09:43 +02:00
Lennart Poettering
baf3fdec27 sd-event: add helper for exiting event loop on SIGTERM/SIGINT
In many (most?) of our event loops we want to exit once SIGTERM/SIGINT
is seen. Add a common helper for that, that does the right things in a
single call.
2022-09-30 14:18:43 +02:00
Lennart Poettering
897448bd37 sd-event: if signal nr has high bit set sd_event_add_signal() auto-block it via sigprocmask()
So far we expected callers to block the signals manually. Which is
usually a good idea, since they should do that before forking off
threads and similar. But let's add a mode where we automatically block
it for the caller, to simplify things.
2022-09-30 14:17:46 +02:00
Lennart Poettering
0bbc5a5674 man: add man page decribing well known system credentials 2022-09-23 09:33:00 +02:00
Lennart Poettering
708d752479 boot: add new pcrphase tool to measure barrier strings into PCR 11 2022-09-22 16:52:06 +02:00
Lennart Poettering
ca1092dc15 measure: add new tool to precalculate PCR values for a kernel image
For now, this simply outputs the PCR hash values expected for a kernel
image, if it's measured like sd-stub would do it.

(Later on, we can extend the tool, to optionally sign these
pre-calculated measurements, in order to implement signed PCR policies
for disk encryption.)
2022-08-02 10:28:49 +02:00
Zbigniew Jędrzejewski-Szmek
85f8afb706 man: document sd_bus_message_read_strv_extend() 2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
944c124330 man: document sd_id128_string_equal() 2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
870c2aaf8c man: document sd_bus_error_setfv()
The description for sd_bus_error_set_errnof/sd_bus_error_set_errnofv are
adjusted to use the same pattern.
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
4e116dd4fc meson: update man-generation rules for sd_hwdb_new_from_path
Forgotten in 60f0ba7556.
2022-06-30 10:35:27 +02:00
Zbigniew Jędrzejewski-Szmek
2a1a7910f9 man: add page for sd_device_{ref,unref,unrefp}
Gotta start somewhere.
2022-04-12 12:35:44 +02:00
Zbigniew Jędrzejewski-Szmek
fc6f59aedc man: add landing page for sd-device
We got documentation for sd-device for the first time with
b51f4eaf7b, so let's celebrate by adding a
landing page that also explains the relationship with libudev.
2022-04-12 12:28:24 +02:00
Lennart Poettering
b51f4eaf7b man: document various sd_device_get_xyz() functions 2022-04-04 18:25:18 +02:00
Franck Bui
f887eab1da meson: build kernel-install man page when necessary 2022-03-31 21:12:05 +09:00
Lennart Poettering
838f094ce7 man: also install systemd-stub man page as sd-stub
So, typically systemd-boot is referenced as sd-boot, due to te usual
shorter naming in ESP resources. systemd-stub didnt do that so far,
since it never appears as separate files in the ESP. However it's super
annoying that you can find "man sd-boot", but not the very closely
related "man sd-stub". Let's fix that, and also add an "sd-stub" alias
to the "systemd-stub" man page.
2022-03-22 00:22:07 +01:00
Lennart Poettering
436aa3b16f man: add sysupdate documentation 2022-03-19 00:13:55 +01:00
Zbigniew Jędrzejewski-Szmek
b4e7d7555e man: describe capability checks on the bus
A description of SD_BUS_VTABLE_CAPABILITY is added, and the discussion
on SD_BUS_VTABLE_UNPRIVILEGED in expanded. I think it would be nice
to add longer description of how access is checked (maybe in sd-bus(3)),
but I'm leaving that for later. I think the text that was added here
describes everything, even if tersely.

Fixes #21882.
2022-03-04 15:43:18 +01:00
Lennart Poettering
b74163607b sd128: export sd_id128_to_uuid_string()
We expose various other forms of UUID helpers already, i.e.
SD_ID128_UUID_FORMAT_STR and SD_ID128_MAKE_UUID_STR(), and we parse
UUIDs, hence add a high-level helper for formatting UUIDs too.

This doesn't add any new code, it just moves some helpers
id128-util.[ch] → sd-id128.[ch], to make them public.
2022-02-14 15:13:23 +01:00
Yu Watanabe
674df18a32 unit: introduce wait-online@.service for specific interface
This should be useful when a host has multiple interfaces.

Inspired by #22246.
2022-01-28 12:52:52 +00:00
Luca Boccassi
cf18de1b26 systemd-stdio-bridge: add manpage 2022-01-17 16:54:56 +09:00
Yu Watanabe
987dd89c77 meson: build network-generator unconditionally
The service also generates .link files for udevd.
2021-12-16 01:55:20 +09:00
Davide Cavalca
ba38a24de3 man: do not install sd-boot man pages when -Dgnu-efi=false is set 2021-12-14 00:08:55 +00:00
Yu Watanabe
558434a4aa man: add new man page org.freedesktop.network1 2021-11-19 07:23:40 +09:00
Lennart Poettering
423de19223 man: run ninja -C build update-man-rules 2021-11-12 22:21:22 +01:00
Lennart Poettering
e67d738a87 sd-event: add sd_event_add_inotify_fd() call
sd_event_add_inotify_fd() is like sd_event_add_inotify(), but takes an
fd to an inode instead of a path, and is hence a ton nicer.
2021-11-09 13:02:13 +01:00
Tony Asleson
1f1a2243c0 Add stand-alone dm-integrity support
This adds support for dm integrity targets and an associated
/etc/integritytab file which is required as the dm integrity device
super block doesn't include all of the required metadata to bring up
the device correctly.  See integritytab man page for details.
2021-10-15 10:19:54 -05:00
Lennart Poettering
3f9a615dcf man: add man page for the systemd UEFI stub
Fixes: #17215
2021-09-23 17:24:28 +02:00
Lennart Poettering
c970388b22 sd-id128: add compound literal love to sd_id128_to_string() + id128_to_uuid_string() 2021-08-20 11:09:48 +02:00
Lennart Poettering
f47234b6e6 man: re-run ninja -C update-man-rules 2021-08-20 11:09:47 +02:00
Lennart Poettering
c1017f6b7b man: add man page for "systemd-creds" 2021-07-08 09:31:18 +02:00
Lennart Poettering
fc20b9b598 Revert "Add systemd-resolve backwards compatibility section to resolvectl docs"
This reverts commit 9fcfc0470d.
2021-07-07 15:27:28 +02:00
Dan Streetman
9fcfc0470d Add systemd-resolve backwards compatibility section to resolvectl docs 2021-06-30 06:15:11 +09:00
Zbigniew Jędrzejewski-Szmek
7c7683f36c sd-id128: add SD_ID128_MAKE_UUID_STR
It's like SD_ID128_MAKE_STR, but with hyphens.
2021-06-15 22:01:39 +02:00
Zbigniew Jędrzejewski-Szmek
c0527e1f95 man: say that initrd-release is like os-release 2021-05-22 12:20:51 +02:00
Zbigniew Jędrzejewski-Szmek
64b21afc72 sd-id128: add convenience functions to compare multiple sd_id128_t
Similar to sd_bus_error_has_names() that was added in
2b07ec316a.

It is made inline in the hope that the compiler will be able to optimize
all the va_args boilerplate away, and do an efficient comparison when
the arguments are all constants.
2021-04-21 17:51:24 +02:00
Zbigniew Jędrzejewski-Szmek
78aa5b6f59 man: mention sd_id128_is_allf(), SD_ID128_ALLF
It was added in 670814387b, but not
mentioned in the man pages.
2021-04-21 08:45:05 +02:00
Zbigniew Jędrzejewski-Szmek
45b218b058 man: also refname rc-local.service to the generator man page
This makes it easier to find for users.
2021-03-12 09:04:59 +01:00
Lennart Poettering
cd6d2111c4 man: split out sd_bus_set_fd() man page from sd_bus_get_fd()
sd_bus_get_fd() and related calls are useful for integrating a bus
connection into arbitrary event loops. But sd_bus_set_fd() is quite a
different beast, it's for using D-Bus over pre-initialized sockets or
pairs of fifos or stuff, i.e. very advanced stuff.

Let's split this man page in two, in order not to confuse things
needlessly.

And while we are at it, let's slightly extend the documentation.
2021-02-20 16:13:06 +01:00
Lennart Poettering
6c41cf4459 sd-bus: simplify sd_bus_reply()
there's no point in having two arguments, if one does as well.
2021-02-20 13:44:02 +09:00
Luca Boccassi
23e5c8d296 portabled: add DBUS documentation 2021-02-15 21:34:00 +00:00
Zbigniew Jędrzejewski-Szmek
e3c368f63c meson: rename target to update-man-rules
Same justification as for update-dbus-docs.
2021-01-27 09:10:25 +01:00
Daan De Meyer
eb83eb63b8 sd-bus: Add sd_bus_reply()
While sd-bus already provides sd_bus_call() for calling a method
from a complete bus message object, We don't have an equivalent
function for replying from a method with a complete bus message
object.

Currently, we use sd_bus_send(call->bus, m, NULL) instead. Let's
add a shorthand for this pattern and name it sd_bus_reply().
2021-01-25 12:31:17 +09:00
Lennart Poettering
7a87fb6119 man: add man page for systemd-sysext 2021-01-19 13:41:42 +01:00
Yu Watanabe
a0e150b2f4 meson: add missing license header 2021-01-19 07:06:32 +09:00
Gaël PORTAY
08b04ec7e7 veritysetup-generator: add support for veritytab
This adds the support for veritytab.

The veritytab file contains at most five fields, the first four are
mandatory, the last one is optional:
 - The first field contains the name of the resulting verity volume; its
   block device is set up /dev/mapper/</filename>.
 - The second field contains a path to the underlying block data device,
   or a specification of a block device via UUID= followed by the UUID.
 - The third field contains a path to the underlying block hash device,
   or a specification of a block device via UUID= followed by the UUID.
 - The fourth field is the roothash in hexadecimal.
 - The fifth field, if present, is a comma-delimited list of options.
   The following options are recognized only: ignore-corruption,
   restart-on-corruption, panic-on-corruption, ignore-zero-blocks,
   check-at-most-once and root-hash-signature. The others options will
   be implemented later.

Also, this adds support for the new kernel verity command line boolean
option "veritytab" which enables the read for veritytab, and the new
environment variable SYSTEMD_VERITYTAB which sets the path to the file
veritytab to read.
2021-01-15 11:06:11 -05:00
Lennart Poettering
b433300e4c meson: catch up with 'update-man-rules' 2021-01-12 15:00:38 +01:00
Lennart Poettering
cf1e172d58 man: document new features 2020-12-17 20:02:32 +01:00
Lennart Poettering
a303686fc1 man: document new ratelimiting APIs 2020-12-01 15:15:39 +01:00
Lennart Poettering
af8e571450 man: properly list relative time event source API in man page
The content was already there, but it wasn't listed in the header
metadata. Fix that.
2020-11-10 14:20:06 +01:00
Zbigniew Jędrzejewski-Szmek
699a810b3f man: add org.freedesktop.oom1(5) stub 2020-10-15 15:08:31 +02:00