IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
But handle them gracefully. Otherwise, when the route to the address is
being configured, kernel refuse the route.
Note that kernel's wireguard module handle e.g. 192.168.10.3/24 as
192.168.10.0/24.
Fixes#21929.
(cherry picked from commit af670fc635)
This also fixes the pointer assigned to the gr_mem element of struct group.
Fixes a bug introduced by 47fd7fa6c6.
Fixes#21935.
(cherry picked from commit 1e65eb8f9b)
Before:
$ systemd-run --service-type=notify --user false
Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code.
See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details.
After:
$ systemd-run --service-type=notify --user false
Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code.
See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details.
Fixes https://github.com/systemd/systemd/issues/21933
(cherry picked from commit 466f2351bb)
The data seems to be properly aligned in real BCD stores, so it
should be fine to just reject bad ones.
Fixes: #21917
(cherry picked from commit 1cadb35fd6)
This fixes a bug introduced by 6d93265955.
The commit makes several functions skipped if the manager is already
in finished state, as
> In manager_check_finished(), more steps are skipped if MANAGER_IS_FINISHED().
> Those steps are idempotent, but no need to waste cycles trying to do them
> more than once.
However, the idle pipe may be re-opened after manager is finished:
manager_dispatch_run_queue() -> manager_watch_idle_pipe().
So, the closing the pipe is not idempotent here.
Fixes#21889.
(cherry picked from commit 9c1b17c3dc)
When chattr_full tries to apply flags one-by-one, and one fails,
record which errno was returned. But record EOPNOTSUPP(&friends)
only if no other error is observed, and return it only in that case
(otherwise keep returning ENOANO), so that callers can respond
appropriately to EOPNOTSUPP vs more relevant errors.
For example, this lets tmpfiles.d log at debug level when a filesystem
flag cannot be applied because the filesystem does not support it,
but at warning level if something else went wrong when applying it.
Restores logging behaviour of tmpfiles.d to pre-250.
Follow-up for: c1631ee124
Fixes: https://github.com/systemd/systemd/issues/21901
(cherry picked from commit 7c3b51c469)
Previously, when -Ddns-over-tls=false, libopenssl was missing in the
dependency of resolved.
Also, this drops libgpg_error when it is not necessary.
Replaces #21878.
Fixes#21872.
log_syntax_callback sets 's', a.k.a. '*userdata', to POINTER_MAX to signal allocation failure.
If the error does not cause immediate failure of the program, and log_syntax_callback is called
again, it would try to use 's' as a pointer to a set and fail badly.
LibLocateProtocol will return the protocol for the first device that
supports it. But it may not actually come from the ConIn device that
we want to use here.
This should be the root cause of what was previously considered just
broken firmware. If you ask the wrong device to return some key, of
course it will never provide one.
This changes the way we handle input yet again in light of this new
knowledge and because using the correct TextInputEx with fallback to
ConIn can actually create double input in some cases.
Since we are now confident that we get the right TextInputEx, we can
use that exclusively, only falling back to ConIn if the console input
device does not support the better interface (the spec is pretty clear
that it must support it, though).
Because some firmware is broken, we still need to provide a fallback
to the previously used TextInputEx thats overrides ConIn/ConInEx if
it is functional.
In kernel's arch/parisc/include/uapi/asm/errno.h, ECANCELLED and
EREFUSED are defined as aliases of ECANCELED and ECONNREFUSED,
respectively. Let's drop them.
Fixes#21844.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2006761:
> systemd-resolved always (reverse)-resolves the host's IP addresses and FQDN.
> This can be harmful when an application (for instance, a DNS zone manager) is
> installed on the same server instance. That application would expect
> NXDOMAIN to be returned if the current server's IP does not belong in an
> already managed reverse zone.
This allows clients of nss-resolve to use the same config options that are
available through the dbus api and as command-line options to resolvectl.
The man page text is is mostly copied directly from
c6f20515ab.
Migrate logind to use the new macros to declare a D-Bus method or signal.
Replaced SD_BUS_METHOD_WITH_NAMES with SD_BUS_METHOD_WITH_ARGS.
Replaced SD_BUS_SIGNAL_WITH_NAMES with SD_BUS_SIGNAL_WITH_ARGS.
When conditions fail on a service unit, a path unit can cause
PID 1 to busy loop as it keeps trying to activate the service unit.
To avoid this from happening, add a trigger limit to the path unit,
identical to the trigger limit we have for socket units.
Initially, let's start with a high limit and not make it configurable.
If needed, we can add properties to configure the rate limit similar
to the ones we have for socket units.
I think this makes it much easier to figure out what information sources
were used to generate the names, and why certain names were not generated.
On my laptop:
Using default interface naming scheme 'v250'.
ID_NET_NAMING_SCHEME=v250
wwp0s20f0u2i12: addr_assign_type=3, MAC address is not permanent.
wwp0s20f0u2i12: Parsing slot information from sysname "0000:00:14.0": success
wwp0s20f0u2i12: dev_port=0
wwp0s20f0u2i12: PCI path identifier: domain=0 bus=0 slot=20 func=0 phys_port= dev_port=0 → p0s20f0
wwp0s20f0u2i12: USB name identifier: ports=2 config=1 interface=12 → u2i12
ID_NET_NAME_PATH=wwp0s20f0u2i12
Using default interface naming scheme 'v250'.
ID_NET_NAMING_SCHEME=v250
ID_NET_NAME_MAC=en54ee75cb1dc0
enp0s31f6: MAC address identifier: hw_addr=54:ee:75:cb:1d:c0 → 54ee75cb1dc0
ID_OUI_FROM_DATABASE=Wistron InfoComm(Kunshan)Co.,Ltd.
enp0s31f6: Parsing slot information from sysname "0000:00:1f.6": success
enp0s31f6: dev_port=0
enp0s31f6: PCI path identifier: domain=0 bus=0 slot=31 func=6 phys_port= dev_port=0 → p0s31f6
ID_NET_NAME_PATH=enp0s31f6
Using default interface naming scheme 'v250'.
ID_NET_NAMING_SCHEME=v250
ID_NET_NAME_MAC=en0050b6856d36
hub0: MAC address identifier: hw_addr=00:50:b6:85:6d:36 → 0050b6856d36
ID_OUI_FROM_DATABASE=GOOD WAY IND. CO., LTD.
hub0: Parsing slot information from sysname "0000:00:14.0": success
hub0: dev_port=0
hub0: PCI path identifier: domain=0 bus=0 slot=20 func=0 phys_port= dev_port=0 → p0s20f0
hub0: USB name identifier: ports=4.1.3 config=2 interface=0 → u4u1u3c2
ID_NET_NAME_PATH=enp0s20f0u4u1u3c2
Using default interface naming scheme 'v250'.
ID_NET_NAMING_SCHEME=v250
wlp4s0: addr_assign_type=3, MAC address is not permanent.
wlp4s0: Parsing slot information from sysname "0000:04:00.0": success
wlp4s0: dev_port=0
wlp4s0: PCI path identifier: domain=0 bus=4 slot=0 func=0 phys_port= dev_port=0 → p4s0
ID_NET_NAME_PATH=wlp4s0
Now that kernel-install creates the machine-id directory, we don't need to do
this is 'bootctl install', and in fact it's better not to do this since it
might never be necessary. So let's change the default behaviour to 'no'.
I kept support for 'auto' to maintain backwards compatibility, even though the
default was changed. Previous behaviour can be requested by specifying
--make-machine-id-directory=auto.
This is a natural extension of d6bce6e224: if we are installing sd-boot, we
want to use the sd-boot layout, so let's write the appropriate
KERNEL_INSTALL_LAYOUT setting. Effectively, if we do 'booctl install',
kernel-install will not autodetect the layout anymore.
And 357376d0bb added support for KERNEL_INSTALL_MACHINE_ID. We need to support
it here too. We both read it, so that we create the right directories, and also
write it if it wasn't written yet and we created some directories using it, so
that kernel-install that is executed later knows the machine-id that matches
the directories we crated.
The code is changed in some places to fail if we can't figure out the current
status. When installing the boot loader it's probably better not to guess.
341890de86 made "bootctl install" create
ESP\MID, in preparation of cf73f65089 that
followed it and created 00-entry-directory.install to make ESP\MID\KVER
if ESP\MID existed ‒ this meant that "bootctl install" followed by
"kernel-install $(uname -r) /boot/vml*$(uname -r) /boot/ini*$(uname -r)"
actually installed the kernel correctly.
Later, 31e57550b5 reverted the first
commit, meaning, that now running those two commands first installs
sd-boot, but then does nothing. Everything appears to work right,
nothing errors out, but no changes are actually done. To the untrained
eye (all of them), even running with -v appears to work:
all the hooks are run, as is depmod, but, again, nothing happens.
This is horrible. Nothing in either manpage suggests what to do
(nor should it, really), but the user is left with a bootloader that
appears fully funxional, since nothing suggests a failure in the output,
but with an unbootable machine, /no way to boot it/, even if they drop
to an EFI shell, since the boot bundle isn't present on the ESP,
and no real recourse even if they boot into a recovery system,
apart from installing like GRUB or whatever.
00- is purely instrumentation for 90-,
and separating one from the other has led to downstream dissatisfaxion
(indeed, the last mentioned commit cited cited exactly that as the
reversion reason), while creating $ENTRY_DIR_ABS is only required
for bootloaders using the BLS, and shouldn't itself toggle anything.
To that end, introduce an /{e,l}/k/install.conf file that allows
overriding the detected layout, and detect it as "bls" if
$BOOT_ROOT/$MACHINE_ID ($ENTRY_DIR_ABS/..) exists, otherwise "other" ‒
if a user wishes to select a different bootloader,
like GRUB, they (or, indeed, the postinst script) can specify
layout=grub. This disables 90- and $ENTRY_DIR_ABS manipulation.
The code was correct, but looked suspicious: we were comparing
strlen(x) with sizeof(y), with looks like an off-by-one. But we actually
want x to be one longer than y, so that's fine. Let's use STRLEN() to
make this more obvious.
While at it, drop unnecessary "_" prefix.
link_address_is_dynamic() is costful in general. Call it only when
KeepConfiguration= is set.
Note, it is not necessary to check link->network in the loop, as we have
the assertion for that in the beginning of the function.
If KERNEL_INSTALL_MACHINE_ID is defined in /etc/machine-info, prefer it
over the machine ID from /etc/machine-id. If a machine ID is defined in
neither /etc/machine-info nor in /etc/machine-id, generate a new UUID
and try to write it to /etc/machine-info as KERNEL_INSTALL_MACHINE_ID
and use it as the machine ID if writing it to /etc/machine-info succeeds.
In practice, this means we have a more robust fallback if there's no
machine ID in /etc/machine-id than just using "Default" and allows
image builders to force kernel-install to use KERNEL_INSTALL_MACHINE_ID
by simply writing it to /etc/machine-info themselves.
The way that the cryptsetup plugins were built was unnecessarilly complicated.
We would build three static libraries that would then be linked into dynamic
libraries. No need to do this.
While at it, let's use a convenience library to avoid compiling the shared code
more than once.
We want the output .so files to be located in the main build directory,
like with all consumable build artifacts, so we need to maintain the split
between src/cryptsetup/cryptsetup-token/meson.build and the main meson.build
file.
AFAICT, the build artifacts are the same: exported and undefined symbols are
identical. There is a tiny difference in size, but I think it might be caused
by a different build directory name.
It doesn't make much sense to do this, the result is very similar to including
to objects directly in the output binary without going through an intermediate
target.
The linkage of test-libudev was rather strange too: udev_link_with is used to
allow udev to be linked to a static version of libshared, so that udev is not
linked to libshared.so. But here we were using both, defeating the purpose of
udev_link_with. I don't think it matters what the test is linked to, so let's
use the non-static linkage to save space.
The meson default for static_library() are:
build_by_default=true, install=false. We never interact with the
static libraries, and we only care about them as a stepping-stone towards
the installable executables or libraries. Thus let's only build them if
they are a dependency of something else we are building.
While at it, let's drop install:false, since this appears to be the default.
This change would have fixed the issue with lib_import_common failing
to build too: we wouldn't attempt to build it.
In practice this changes very little, because we generally only declare static
libraries where there's something in the default target that will make use of
them. But it seems to be a better pattern to set build_by_default to false.
Use a 'convenience library' to do the compilation once and then link the
objects into all the files that need it. Those files are small, so this probably
doesn't matter too much for speed, but has the advantage that we don't get the
same error four times if something goes wrong.
The library is conditionalized in the same way importd itself, because we
cannot build it without the deps.
Let's not try to be overly clever here. This code path is not overly
performance sensitive and we should avoid trying to outsmart the kernel
without proper benchmarking.
pread() is not guaranteed to completely fill up the given buffer with
data which we assumed until now. Instead, only increment the offset by
the number of bytes that were actually read.
