1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-25 23:21:33 +03:00
Commit Graph

517 Commits

Author SHA1 Message Date
Lennart Poettering
76917807eb shared: add minimal firewall manipulation helpers for establishing NAT rules, using libiptc 2015-01-13 13:55:15 +01:00
Umut Tezduyar Lindskog
3383f7e956 build: print conditions of ldconfig, hibernate configs 2015-01-08 14:08:04 +01:00
Lennart Poettering
f7ad54a301 util: make use of kcmp() to compare fds, if it is available 2015-01-07 02:14:14 +01:00
Lennart Poettering
ebd93cb684 machinectl/machined: implement "rename", "clone", "read-only" verbs for machine images 2014-12-28 02:08:40 +01:00
Dave Reisner
0a7f0fcc79 configure.ac: keep posix compat for string tests
'==' and '=' are equivalent in /bin/bash, but POSIX compliant shells do
not understand '==.'
2014-12-25 11:43:26 -05:00
Filipe Brandenburger
7115e487cd build-sys: remove references to dbusinterfacedir
This directory is not used by systemd.

Tested by running a full build, running `make install` and comparing the file
list in the target trees and making sure that `make distcheck` still works.
2014-12-25 10:55:42 -05:00
Filipe Brandenburger
977db91c29 build-sys: do not use pkgconfig dbus-1.pc to find dbus directories
Do not use the dbus-1.pc pkgconfig settings to determine dbus directories. Use
directories relative to ${sysconfdir} and ${datadir} instead.

This approach was suggested by Simon McVittie in:
http://lists.freedesktop.org/archives/systemd-devel/2014-October/024388.html

Tested by building and installing systemd without the dbus-devel installed.
Without this patch, the dbus files and directories end up in the root of the
filesystem. With this patch, they end up in the same locations as previously
(assuming default ${sysconfdir} and ${datadir}) whether dbus-devel is present
or not. Also made sure that `make check` works without dbus-devel installed.
2014-12-25 10:55:42 -05:00
Lennart Poettering
91f4347ef7 import: rename 'poll-dck' to 'pull-dkr'
I figure "pull-dck" is not a good name, given that one could certainly
read the verb in a way that might be funny for 16year-olds. ;-)

Also, don't hardcode the index URL to use, make it runtime and configure
time configurable instead.
2014-12-23 03:25:36 +01:00
Umut Tezduyar Lindskog
fe659612e4 build: add option to disable hwdb
[tomegun: fix Makefile-man.am, based on fix from Michael Biebl]
2014-12-20 00:23:37 +01:00
Gabriel de Perthuis
d47f6ca5f9 blkid: Warn when rejecting a superblock with a bad csum
Bump libblkid requirement from 2.20 to 2.24.
util-linux 2.25 is actually required since fdbbad981c
2014-12-14 12:54:17 -05:00
Michal Schmidt
fad5a6c66e journal: add debug mode for mmap-cache (--enable-debug=mmap-cache)
This is useful for exposing unsafe access to mmapped objects after
the context that they were mapped in was already moved.

For example:
journal_file_move_to_object(f1, OBJECT_DATA, p1, &o1);
journal_file_move_to_object(f2, OBJECT_DATA, p2, &o2);
t = o1->object.type; /* this usually works, but is unsafe */
2014-12-13 00:46:16 +01:00
Michal Schmidt
fc86aa0ed2 configure.ac: add a generic --enable-debug, replace --enable-hashmap-debug
There will be more debugging options later.
 --enable-debug will enable them all.
 --enable-debug=hashmap will enable only hashmap debugging.

Also rename the C #define to ENABLE_DEBUG_* pattern.
2014-12-13 00:46:16 +01:00
Lennart Poettering
9807712558 build-sys: bump package and library versions in preparation for 218 release 2014-12-10 22:31:27 +01:00
Przemyslaw Kedzierski
dd5ae4c36c bus-proxy: cloning smack label
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.

It is done before and independent of dropping privileges.

The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.

The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.

In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.

In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
2014-12-09 18:23:24 +01:00
Łukasz Stelmach
5a16bc264c build-sys: configure the list of system users, files and directories
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
2014-11-30 23:50:19 -05:00
Chris Leech
8d3ae2bd4c mount: use libmount to enumerate /proc/self/mountinfo
This lets libmount add in user options from /run/mount/utab, like
_netdev which is needed to get proper ordering against remote-fs.target
2014-11-28 14:30:50 -05:00
David Herrmann
cdcd0ccdbe terminal/idev: add compose-file support
Add support for compose files to idev-keyboard. This requires
libxkbcommon-0.5.0, which is pretty new, but should be fine.

We don't use the compose-files, yet. Further commits will put life into
them.
2014-11-24 18:30:03 +01:00
David Herrmann
d4f5a1f47d localed: validate xkb keymaps
Introduce a new optional dependency on libxkbcommon for systemd-localed.
Whenever the x11 keymap settings are changed, use libxkbcommon to compile
the keymap. If the compilation fails, print a warning so users will get
notified.

On compilation failure, we still update the keymap settings for now. This
patch just introduces the xkbcommon infrastructure to have keymap
validation in place. We can later decide if/how we want to enforce this.
2014-11-24 15:16:33 +01:00
Zbigniew Jędrzejewski-Szmek
8ecec322fe missing: add IFLA_BRPORT_LEARNING and friends
IFLA_BRPORT_LEARNING was added in v3.10-rc4-583-g9ba18891f7,
and IFLA_BRPORT_UNICAST_FLOOD in v3.10-rc4-584-g867a59436f.
2014-11-22 17:12:44 -05:00
Michal Schmidt
994701548d configure.ac: add --enable-hashmap-debug option
The option simply enables hashmap debugging by defining
ENABLE_HASHMAP_DEBUG.

I suggest developing new code with it enabled, to have the iterator checks.
2014-10-30 19:50:51 +01:00
Lennart Poettering
539618a0dd util: make use of the new getrandom() syscall if it is available when needing entropy
Doesn't require an fd, and could be a bit faster, so let's make use of
it, if it is available.
2014-10-29 17:06:32 +01:00
Lennart Poettering
9a4f7f5ef7 build-sys: bump version number in preparation for release 2014-10-28 15:29:49 +01:00
Timofey Titovets
3769415e65 login: remove multi-seat-x 2014-10-28 02:24:46 +01:00
Zbigniew Jędrzejewski-Szmek
c7e4a7bece missing: remove fanotify
It was only used in readahead.
2014-10-17 08:55:42 -04:00
Zbigniew Jędrzejewski-Szmek
65e3a2cf7c build-sys: use -Wno-gnu-variable-sized-type-not-at-end under clang
Otherwise we get useless warnings about journal code.
2014-10-09 23:32:55 -04:00
Zbigniew Jędrzejewski-Szmek
4f47bb8c5e build-sys: use -Wno-typedef-redefinition only for clang
Our checks for -Wno-xxx switches do not work with gcc [1].

[1] https://gcc.gnu.org/wiki/FAQ#wnowarning
2014-10-09 23:32:54 -04:00
Zbigniew Jędrzejewski-Szmek
27c64db6df build-sys: use linux/memfd.h if available
linux/memfd.h was added linux 3.17, so it might not be widely
available for a while.

Also, check if memfd_create is defined, for the HAVE_LINUX_MEMFD_H
check to have a chance of succeeding.

Also, collapse all ifdefs for memfd-related stuff, because they
were all added together so there's no need to check separately.
2014-10-05 19:07:28 -04:00
Emil Renner Berthing
37161c5148 make utmp/wtmp support configurable
This adds --disable-utmp option to configure. If it is used, all
utmp-related functionality, including querying runlevel support,
is removed.
2014-09-26 07:48:35 -04:00
Daniel Buch
d6bc8348d5 readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
David Herrmann
650c544427 terminal: add graphics interface
The grdev layer provides graphics-device access via the
libsystemd-terminal library. It will be used by all terminal helpers to
actually access display hardware.

Like idev, the grdev layer is built around session objects. On each
session object you add/remove graphics devices as they appear and vanish.
Any device type can be supported via specific card-backends. The exported
grdev API hides any device details.

Graphics devices are represented by "cards". Those are hidden in the
session and any pipe-configuration is automatically applied. Out of those,
we configure displays which are then exported to the API user. Displays
are meant as lowest hardware entity available outside of grdev. The
underlying pipe configuration is fully hidden and not accessible from the
outside. The grdev tiling layer allows almost arbitrary setups out of
multiple pipes, but so far we only use a small subset of this. More will
follow.

A grdev-display is meant to represent real connected displays/monitors.
The upper level screen arrangements are user policy and not controlled by
grdev. Applications are free to apply any policy they want.

Real card-backends will follow in later patches.
2014-09-19 14:05:52 +02:00
Michal Schmidt
f44541bc93 build: colorize gcc only if on tty
Rather than forcing gcc to always produce colorized error messages
whether on tty or not, enable automatic colorization by ensuring
GCC_COLORS is set to a non-empty string.

Doing it this way removes the need for workarounds in ~/.emacs or
~/.vimrc for "M-x compile" or ":make", respectively, to work.
2014-09-15 16:08:50 +02:00
Umut Tezduyar Lindskog
4df5c00b6e build-sys: configure option to disable hibernation 2014-09-03 19:40:51 +02:00
Kay Sievers
be2ea723b1 udev: remove userspace firmware loading support 2014-08-30 11:34:20 +02:00
David Herrmann
e06cc7b074 terminal: add xkb-based keyboard devices to idev
The idev-keyboard object provides keyboard devices to the idev interface.
It uses libxkbcommon to provide proper keymap support.

So far, the keyboard implementation is pretty straightforward with one
keyboard device per matching evdev element. We feed everything into the
system keymap and provide proper high-level keyboard events to the
application. Compose-features and IM need to be added later.
2014-08-27 18:42:28 +02:00
David Herrmann
c93e5a62ff terminal: add evdev elements to idev
The evdev-element provides linux evdev interfaces as idev-elements. This
way, all real input hardware devices on linux can be used with the idev
interface.

We use libevdev to interface with the kernel. It's a simple wrapper
library around the kernel evdev API that takes care to resync devices
after kernel-queue overflows, which is a rather non-trivial task.
Furthermore, it's a well tested interface used by all other major input
users (Xorg, weston, libinput, ...).
Last but not least, it provides nice keycode to keyname lookup tables (and
vice versa), which is really nice for debugging input problems.
2014-08-27 18:42:28 +02:00
Tom Gundersen
aeb50ff0bd tmpfiles: make resolv.conf entry conditional on resolved support 2014-08-27 18:17:16 +02:00
Lennart Poettering
d5a169aaee build-sys: update versions for upcoming release 2014-08-19 22:45:53 +02:00
Lennart Poettering
de99c9dcba hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bit 2014-08-19 00:04:55 +02:00
Umut Tezduyar Lindskog
12e34d9d58 ldconfig: add configure option to disable 2014-08-14 01:01:43 +02:00
Lennart Poettering
bdf10b5b4d resolved: handle IDNA domains
Make sure we format UTF-8 labels as IDNA when writing them to DNS
packets, and as native UTF-8 when writing them to mDNS or LLMNR packets.

When comparing or processing labels always consider native UTF-8 and
IDNA formats equivalent.
2014-08-01 00:58:12 +02:00
Robert Schiele
a59f16ce4a build-sys: check for intltool also when polkit is enabled
intltool is needed for nls _and_ polkit, thus the check needs to be
changed to do the test whenever one of them is enables.

Without this build fails when configured with
--disable-nls --enable-polkit
2014-07-31 09:14:52 -04:00
Zbigniew Jędrzejewski-Szmek
1a40a3393e configure: add -Wno-typedef-redefinition
Message-ID: <CAJ+BJsz9Qy-JU25dUuGT2n0LMNzcOpoJNGNtbf_boSuT_6hONw@mail.gmail.com>
2014-07-21 21:07:19 -04:00
Jean-André Santoni
6589d0dba2 Add IFLA_VTI defines to missing.h 2014-07-21 21:04:44 -04:00
David Herrmann
84da4a3022 ui/term: add line/cell/char handling for terminal pages
This commit introduces libsystemd-ui, a systemd-internal helper library
that will contain all the UI related functionality. It is going to be used
by systemd-welcomed, systemd-consoled, systemd-greeter and systemd-er.
Further use-cases may follow.

For now, this commit only adds terminal-page handling based on lines only.
Follow-up commits will add more functionality.
2014-07-17 11:48:40 +02:00
Zbigniew Jędrzejewski-Szmek
75616a1332 missing.h: add IFLA_MACVLAN_FLAGS
Now we are getting into kernel < 3.4 territory...

https://bugs.freedesktop.org/show_bug.cgi?id=80095
2014-07-16 16:44:50 -04:00
Zbigniew Jędrzejewski-Szmek
ad95fd1d2b journal-remote: add units and read certs from default locations 2014-07-15 22:23:49 -04:00
Zbigniew Jędrzejewski-Szmek
36ef43edcf build-sys: add check for libcurl 2014-07-15 22:23:47 -04:00
Zbigniew Jędrzejewski-Szmek
3b1a55e110 Fix build without any compression enabled 2014-07-11 10:42:27 -04:00
Lennart Poettering
418b9be500 firstboot: add new component to query basic system settings on first boot, or when creating OS images offline
A new tool "systemd-firstboot" can be used either interactively on boot,
where it will query basic locale, timezone, hostname, root password
information and set it. Or it can be used non-interactively from the
command line when prepareing disk images for booting. When used
non-inertactively the tool can either copy settings from the host, or
take settings on the command line.

$ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi

The tool will be automatically invoked (interactively) now on first boot
if /etc is found unpopulated.

This also creates the infrastructure for generators to be notified via
an environment variable whether they are running on the first boot, or
not.
2014-07-07 15:25:55 +02:00
Zbigniew Jędrzejewski-Szmek
d89c8fdf48 journal: add LZ4 as optional compressor
Add liblz4 as an optional dependency when requested with --enable-lz4,
and use it in preference to liblzma for journal blob and coredump
compression. To retain backwards compatibility, XZ is used to
decompress old blobs.

Things will function correctly only with lz4-119.

Based on the benchmarks found on the web, lz4 seems to be the best
choice for "quick" compressors atm.

For pkg-config status, see http://code.google.com/p/lz4/issues/detail?id=135.
2014-07-06 19:06:03 -04:00
Lennart Poettering
252ff40a38 build-sys: bump package and library versions 2014-07-03 20:48:40 +02:00
Filipe Brandenburger
f15515b5e6 build-sys: disable NLS support if intltool is not found
IT_PROG_INTLTOOL makes configure fail if intltool is not present.  If we can
not find intltool, then disable NLS (otherwise make in po/ fails since MSGFMT
will not be defined.)

Tested: Built it on a host without intltool.
  $ ./configure --enable-nls
  ...
  checking for intltool-merge... no
  configure: error: --enable-nls requested but intltool not found

  $ ./configure --disable-polkit
  ...
  checking for intltool-merge... no
  configure: WARNING: *** Disabling NLS support because intltool was not found
  checking whether NLS is requested... no
  ...
  $ make

https://bugs.freedesktop.org/show_bug.cgi?id=79692
2014-06-26 01:41:05 -04:00
Filipe Brandenburger
2f96919bcd build-sys: add explicit support for --disable-nls
In particular, disable intltool when --disable-nls is passed to configure.

Tested: Built it on a host without intltool or gettext.
  $ ./configure --disable-nls --disable-polkit
  $ make
2014-06-26 01:41:05 -04:00
Michael Marineau
972bded032 build-sys: require elfutils >= 158
The recently added stacktrace support in 8d4e028f uses functions added
in elfutils 158. Check for one of the new functions to avoid attempting
to build against older versions.
2014-06-22 12:26:09 -04:00
Zbigniew Jędrzejewski-Szmek
81577dc228 missing.h: add various network enums
We used to check if e.g. IFLA_BOND_MAX is defined and provide fallback
values in missing.h is it wasn't. But over time, various kernel
versions added IFLA_* defines, so checking for IFLA_BOND_MAX is not
enough if the kernel is new enough to have some of them but too old to
have all. In case we detect that the latest known enum value is
missing, #define most of them.

https://bugs.freedesktop.org/show_bug.cgi?id=80095
2014-06-20 22:05:43 -04:00
Zbigniew Jędrzejewski-Szmek
747cf8cdf6 build-sys: fail if python support requested but not found 2014-06-20 18:44:40 -04:00
Filipe Brandenburger
be8737ae38 build-sys: add verbosity to python-lxml detection in ./configure
Be verbose when checking if Python module lxml is available.  Also warn that
Python support will be disabled when the lxml module is not present.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=80005

Tested:
- Without python-lxml package installed:
  $ ./configure
  checking for python extension module directory... ${exec_prefix}/lib64/python2.7/site-packages
  checking for python lxml module... no
  configure: WARNING: *** python support requires python-xml module installed

- With python-lxml package installed:
  $ ./configure
  checking for python extension module directory... ${exec_prefix}/lib64/python2.7/site-packages
  checking for python lxml module... yes
  checking for PYTHON_DEVEL... yes
  ...
          Python:                  yes
          Python Headers:          yes
2014-06-20 18:44:40 -04:00
Lennart Poettering
8d4e028f18 coredump: include stacktrace of coredumps in the log message
elfutils' libdw is maintained, can read DWARF debug data and appears to
be the library of choice for generating backtraces today.
2014-06-19 12:38:45 +02:00
Lennart Poettering
f8b5d99408 sysuser: generate default snippet incorporating TTY_GID properly
When the user specifies --with-tty-gid= then we should honour that and
write it to the snippet, too.
2014-06-12 23:22:27 +02:00
Lennart Poettering
1b99214789 sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.

The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.

This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.

The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.

The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.

This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
2014-06-12 23:07:33 +02:00
Lennart Poettering
42a04ee69c build-sys: update library versions 2014-06-11 15:30:28 +02:00
Kay Sievers
4196a3ead3 NEWS: add section about udev locking 2014-06-11 12:00:47 +02:00
John
235c6e6281 build-sys: accommodate gcc-4.9.0 link-time optimization (LTO) changes
systemd fails to build (symbols not found/resolved during cgls link step)
under gcc-4.9.0 due to link-time optimization (lto) changes, in particular
from gcc-4.9.0/NEWS:

  + When using a linker plugin, compiling with the -flto option
    now generates slim objects files (.o) which only contain
    intermediate language representation for LTO. Use
    -ffat-lto-objects to create files which contain additionally
    the object code. To generate static libraries suitable for LTO
    processing, use gcc-ar and gcc-ranlib; to list symbols from a
    slim object file use gcc-nm. (Requires that ar, ranlib and nm
    have been compiled with plugin support.)

Both -flto and -ffat-lto-objects are now needed when building and linking
against static libs w/LTO.
2014-06-04 17:47:20 +02:00
Tom Gundersen
0bbea466dc configure: networkd no longer requires kmod
Reported by Samuli Suominen.
2014-06-03 01:05:13 +02:00
Lennart Poettering
fdd2531170 virt: rework container detection logic
Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
2014-05-28 18:53:44 +08:00
Kay Sievers
d2edfae0f9 build-sys: use glibc's xattr support instead of requiring libattr 2014-05-28 17:36:40 +08:00
Lennart Poettering
76d4bef384 build-sys: bump package and library version 2014-05-27 19:02:22 +08:00
Zbigniew Jędrzejewski-Szmek
49e5c2b26a build-sys: fix typo in variable name 2014-05-24 18:50:21 -04:00
Lennart Poettering
f7dc3ab9f4 logind: don't apply RemoveIPC= to system users
We shouldn't destroy IPC objects of system users on logout.

http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html

This introduces SYSTEM_UID_MAX defined to the maximum UID of system
users. This value is determined compile-time, either as configure switch
or from /etc/login.defs. (We don't read that file at runtime, since this
is really a choice for a system builder, not the end user.)

While we are at it we then also update journald to use SYSTEM_UID_MAX
when we decide whether to split out log data for a specific client.
2014-05-21 09:36:49 +09:00
Tom Gundersen
091a364c80 resolved: add daemon to manage resolv.conf
Also remove the equivalent functionality from networkd.
2014-05-19 18:14:56 +02:00
Cristian Rodríguez
2a4d1ec152 build: Compile everything with PIE 2014-05-19 01:14:35 +09:00
Tom Gundersen
7b4d796839 networkd: also add IPv6 DNS servers by default 2014-05-16 19:48:25 +02:00
Tom Gundersen
e16cb2e4ef networkd: hardcode a set of default dns servers
Similarly to NTP servers, this can be set at compile-time.
2014-05-16 17:19:04 +02:00
Lennart Poettering
4468835285 build-sys: at configure check for verifying that ln supports --relative 2014-05-16 16:51:42 +02:00
Cristian Rodríguez
679be2a742 network: fix build failure, missing KMOD_XXX flags
- Add KMOD_CFLAGS and KMOD_LIBS where appropiate
- networkd now requires kmod. make --disable-kmod --enable-networkd
to raise an error.
2014-05-15 18:51:54 +02:00
Zbigniew Jędrzejewski-Szmek
5ea846cc51 networkd, build-sys: spelling fix 2014-05-15 15:29:59 +02:00
Zbigniew Jędrzejewski-Szmek
de0671ee7f Remove unnecessary casts in printfs
No functional change expected :)
2014-05-15 15:29:58 +02:00
Lennart Poettering
661278ee29 timesyncd: never accept NTP time from server that is older than systemd's release time 2014-05-06 18:08:04 +02:00
Lennart Poettering
e8af69739a timesyncd: read server settings from a configuration file
Also, allow compiling in a default server list via a configure command
line item.
2014-05-06 17:02:11 +02:00
Lennart Poettering
43ba1b3e64 build-sys: enable timesyncd by default 2014-05-05 21:39:10 +02:00
Kay Sievers
a91df40e69 timesyncd: add unit and man page 2014-04-29 09:51:53 +02:00
Kay Sievers
687ed1237b rename timedate-sntp to timesync 2014-04-28 17:08:52 +02:00
Zbigniew Jędrzejewski-Szmek
ae0ceefc2f build-sys: add configure switch for -fsanitize=undefined
--enable-undefined-sanitizer mirrors --enable-memory-sanitizer.
2014-04-26 08:16:39 -04:00
Cristian Rodríguez
aca33b078c build: if -fstack-protector-strong is available, use it. 2014-04-12 11:56:07 -04:00
Lennart Poettering
3b5b000fbc build-sys: prepare 212 2014-03-25 20:22:41 +01:00
Lennart Poettering
7f8aa67131 core: remove tcpwrap support
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.

Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
2014-03-24 20:07:42 +01:00
Lennart Poettering
5f381b355a missing: define LO_FLAGS_PARTSCAN if it is missing
https://bugs.freedesktop.org/show_bug.cgi?id=76335
2014-03-19 01:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
3f57309664 build-sys: bump required µhttpd version
MHD_USE_EPOLL_LINUX_ONLY, MHD_USE_DUAL_STACK are only available in
next-but-last release.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
f12be7e8ca journal-gatewayd: check if certificate is signed by CA
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.

Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
2014-03-17 01:55:48 -04:00
Zbigniew Jędrzejewski-Szmek
6031319956 build-sys: add check on gnutls 2014-03-17 01:55:48 -04:00
Lennart Poettering
6bf6f402b6 build-sys: prepare release 211 2014-03-11 20:25:00 +01:00
Samuli Suominen
2d0efdf1af build-sys: Find the tools for users with no /sbin:/usr/sbin in PATH since some systems still make the distiction between bin and sbin. 2014-03-10 22:36:17 +01:00
Lennart Poettering
1c231f5648 logind: make $XDG_RUNTIME_DIR a per-user tmpfs
This way each user allocates from his own pool, with its own size limit.

This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
2014-03-04 20:02:50 +01:00
Lennart Poettering
62ca29b81b build-sys: bump revisions and version 2014-02-24 19:25:00 +01:00
Mike Gilbert
4ca39b280f configure: Do not require xsltproc for installation of man pages
The release tarballs ship with pre-generated man pages, so we do not
need xsltproc for a typical end-user build.

Developers will probably have xsltproc anyway, but if not they will now
encounter a build-time failure instead of an error in configure.
2014-02-24 00:20:25 -05:00
Jason A. Donenfeld
7a243b2204 configure: show if networkd is enabled in status 2014-02-21 09:36:04 -05:00
Michael Scherer
eef65bf3ee core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
2014-02-21 03:44:20 +01:00
Lennart Poettering
fdc8509fb6 build-sys: don't use -Wcast-align anymore
We do a lot of these casts, and they are all OK, so let's get rid of the
warning, to make things quieter.

http://lists.freedesktop.org/archives/systemd-devel/2014-February/017174.html
2014-02-21 03:15:52 +01:00
Holger Schurig
3b79431414 build-sys: Add setns() functions if not in the C library.
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
2014-02-21 03:06:29 +01:00
Lennart Poettering
e2044076bf build-sys: bump release in preparation for release 2014-02-19 21:03:55 +01:00