1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-27 14:03:43 +03:00

60458 Commits

Author SHA1 Message Date
Daan De Meyer
f87338fa26 Update TODO 2022-10-17 16:10:42 +02:00
Daan De Meyer
0aa1d40649 mkosi: Switch to Fedora 37
Official release date is close so let's switch mkosi CI to it already.
2022-10-17 16:02:16 +02:00
Lennart Poettering
714c586943 cryptsetup: drop redundant parens/drop ternary op
A ternary op is a bit weird to use if we end up assigning a variable to
itself in one of the branches. Hence use a plain if check.
2022-10-17 13:52:54 +02:00
Zbigniew Jędrzejewski-Szmek
c39d018774
Merge pull request #24919 from anitazha/varlinkserialize
varlink/pid1 fixes for systemd-oomd (addresses #20330)
2022-10-17 13:44:28 +02:00
Zbigniew Jędrzejewski-Szmek
70427ec553
Merge pull request #24986 from keszybz/news-systemd-measure
NEWS: rework the description of systemd-measure a bit again
2022-10-17 13:24:07 +02:00
Lennart Poettering
8d9295bbf5 pcrphase: fix --help text
We don't take a command, we just take a "word" which we'll extend into
PCR 11.
2022-10-17 12:39:33 +02:00
Lennart Poettering
047273e6e8 pcrphase: add two additional phases
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".

The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).

This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.

This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.
2022-10-17 12:09:43 +02:00
Quentin Deslandes
961549ab41 tests: add nspawn's rootidmap integration test
Add integration test to testsuite-13.sh to ensure rootidmap option map
user IDs as expected.
2022-10-17 12:01:50 +02:00
Luca Boccassi
42fadfb168
Merge pull request #24938 from msizanoen1/journald-harden-clock-jump
journald: harden against forward clock jumps before unclean shutdown
2022-10-17 12:00:02 +02:00
Luca Boccassi
6d4f55f3eb
Merge pull request #25003 from DaanDeMeyer/mkosi-fixes
mkosi: Add Centos Stream 8 back to CI
2022-10-17 11:36:55 +02:00
Lennart Poettering
c868e95ebb update TODO 2022-10-17 11:21:00 +02:00
Daan De Meyer
71205f972b mkosi: Add Centos Stream 8 back to CI
We can build all of systemd's features again on CentOS Stream 8, so
let's add it back to CI.
2022-10-17 08:45:57 +02:00
Daan De Meyer
6afeac1dd6 mkosi: Make sure bpf-framework works on CentOS Stream 8 as well 2022-10-17 08:45:48 +02:00
Daan De Meyer
afd22e3219 README: Fix libbpf minimum version
This didn't get properly updated as part of #24511
2022-10-17 08:45:16 +02:00
Daan De Meyer
3632e90c85 mkosi: Reenable bpf-framework
This got changed by mistake by #24511. Since we still support the
same libbpf version, we can keep this enabled everywhere.
2022-10-17 08:45:16 +02:00
Daan De Meyer
3f5225d7f3 qrcode-util: Add support for libqrencode 3.0
They didn't actually change API between major versions, so let's
support the previous version as well so we can add CentOS 8 Stream
back to CI.
2022-10-17 08:45:16 +02:00
Jan Janssen
d388f3d723 stub: Fix booting with old kernels
This fixes a regression introduced in e1636807 that removed setting this
value as it seemingly was not used by the kernel and would actively
break above 4G boots. But old kernels (4.18 in particular) will not boot
properly if it is not filled out by us.
The original issue was using the truncated value to then jump into the
kernel entry point, which we do not do anymore. So setting this value
again on newer kernels is fine.
2022-10-17 08:43:01 +02:00
Lennart Poettering
235ae69cbe gpt-auto: rename all functions that operate on a DissectedPartition object add_partition_xyz()
The function for handling regular mounts based on DissectedPartition
objects is called add_partition_mount(), so let's follow this scheme for
all other functions that handle them, too. This nicely separates out the
low-level functions (which get split up args) from the high-level
functions (which get a DissectedPartition object): the latter are called
add_partition_xyz() the former just add_xyz().

This makes naming a bit more systematic. No change in behaviour.
2022-10-17 08:07:58 +02:00
Lennart Poettering
e8ede6f57e generator: modernize generator_open_unit_file() 2022-10-17 08:06:55 +02:00
Lennart Poettering
06648fa991 gpt-auto-generator: use our usual ret_xyz parameter naming 2022-10-17 08:05:05 +02:00
Lennart Poettering
346a4e3db8 man: mention that pcrphase also measures into PCR 11 2022-10-17 08:02:53 +02:00
Lennart Poettering
b6fd88a511 cryptsetup: use errno-flavoured logging where we have an errno 2022-10-17 08:02:03 +02:00
Lennart Poettering
75b1d269cb tpm2-util: fix parameter name 2022-10-17 08:00:04 +02:00
msizanoen1
5bc787fa53 journal: fix indentation in managed_journal_file_open_reliably 2022-10-16 21:07:33 +07:00
msizanoen1
383d9155a2 journald: harden against forward clock jumps before unclean shutdown
Try harder to inherit the sequence number and ID from the old journal
file before rotating it away.

This helps the libsystemd journal file selection code make better decisions
even in the face of massive incorrect forward clock jumps prior to an
unclean shutdown.
2022-10-16 21:07:33 +07:00
Celeste Liu
09925036cf seccomp: add riscv_flush_icache to allow list
This system call is harmless because it only enforces ordering between stores
and instruction cache fetch.

fixed #24991
Related: https://github.com/felixonmars/archriscv-packages/issues/1840

Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
2022-10-16 12:40:00 +02:00
Yu Watanabe
3e15bed410 udev: drop unused source file
Follow-up for 5bbcfbaa11a92732f9bbc8d5f77e9311e6ac3d56.
2022-10-15 20:41:23 +09:00
Lennart Poettering
c8428d2d06 seccomp: drop per arch conditionalization in filter groups
We list plenty of arch-specific syscalls in our filter groups, treat the
s390 syscalls the same.

We handle gracefully anyway if some syscall doesn't exist locally on the
kernel or arch, let's rely on it. This has the benefit that
"systemd-analyze" will comprehensively tell you the syscalls filtered on
any arch for any arch.

And less conditionalization is good anyway.
2022-10-15 00:00:16 +02:00
Pyfisch
b45b4f5008 Update list of partition type identifiers
Include verity sig partition identifiers.
List all supported CPU architectures.
2022-10-14 22:29:43 +02:00
Pyfisch
ba4a5eff6e Document two systemd-repart options in man page
Note --private-key and --certificate options for configuring
verity signature partitions in the listing of options.

Adjust one error message referring to the --certificate option.
2022-10-14 22:00:43 +02:00
Lennart Poettering
924a329a00 update TODO 2022-10-14 21:07:29 +02:00
Thomas Blume
d72f4a3897 basic/mountpoint-util: skip dependency on quota services for some filesystems 2022-10-14 20:57:30 +02:00
Luca Boccassi
d2be5f641d
Merge pull request #25002 from poettering/install-type-fix
install: make InstallChangeType enum a proper enum
2022-10-14 20:56:44 +02:00
Anita Zhang
284212893b core: only allow systemd-oomd to use SubscribeManagedOOMCGroups
Attempt to address
https://github.com/systemd/systemd/issues/20330#issuecomment-1210028422.

Summary of the comment: Unprivileged users can potentially cause a denial of
service during systemd-oomd unit subscriptions by spamming requests to
SubscribeManagedOOMCGroups. As systemd-oomd.service is the only unit that
should be accessing this method, add a check on the caller's unit name to deter
them from successfully using this method.
2022-10-14 09:57:59 -07:00
Anita Zhang
008798e90c core: serialize/deserialize varlink sockets for pid1
Fixes #20330
2022-10-14 09:54:05 -07:00
Yu Watanabe
f6e88aac2c elf-util: drop assertion for metadata in report_module_metadata()
Fixes a bug introduced by 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a.

Fixes RHBZ#2134741 (https://bugzilla.redhat.com/show_bug.cgi?id=2134741).
2022-10-14 18:08:11 +02:00
msizanoen1
417cbcd6be shared/logs-show: do not overwrite journal time in export format with source timestamps
Using _SOURCE_{MONOTONIC,REALTIME}_TIMESTAMP in place of the results of
sd_journal_get_{monotonic,realtime}_usecs in export formats might cause
internal inconsistency of realtime timestamp values within a journal export,
violating the export file format and causing systemd-journal-remote to
mass-generate journal files.

Fix this by using the real journal timestamps for
__{REALTIME,MONOTONIC}_TIMESTAMP.
2022-10-14 18:05:04 +02:00
Zbigniew Jędrzejewski-Szmek
1485925d2d man: reword some awkward sentences 2022-10-14 15:56:58 +02:00
Zbigniew Jędrzejewski-Szmek
8d3b7d2fd3 NEWS: rework the description of systemd-measure a bit again
Try to separate the description so that changes are described first, and the
discussion follows separately. Remove some repeated verbose descriptions of the
subject: if one sentence describes that UKI contains an signature and describes
it in detail, the next sentence can just say "the signature" without
elaborating. Also, we don't do version-keying yet, so don't say "future"
kernels — older kernels will work too.
2022-10-14 15:56:55 +02:00
Yu Watanabe
2ce39d78b8 udev-builtin-kmod: support to run without arguments
If no module name is provided, then try to load modules based on the
device modealias.

Previously, MODALIAS property is passed as an argument, but it may
contain quotation. Hence, unfortunately the modalias may be modified
and cannot load expected modules.

Fixes #24715.
2022-10-14 21:32:24 +09:00
Lennart Poettering
b364c4de62 install: include full type name in special UnitFilePresetMode values
Typically the _MAX and _INVALID special enum values use the full type as
prefix, even if the actual values of the enum might not. Let's follow
this rule here too.
2022-10-14 11:41:32 +02:00
Lennart Poettering
f8662fee2f install: make InstallChange enum type a proper type
We can just make this an enum, as long as we ensure it has enough range,
which we can do by adding -ERRNO_MAX as one possible value (at least on
GNU C). We already do that at multiple other places, so let's do this
here too.
2022-10-14 11:40:40 +02:00
Lennart Poettering
4554c178bf update TODO 2022-10-14 11:33:17 +02:00
Anita Zhang
658138f3af core: refactor manager varlink init
Split out per-socket code into a separate function to use as part of
serialize/deserialize in the next commit.
2022-10-14 01:59:12 -07:00
Anita Zhang
536827e05a varlink: refactor adding socket event source to the event loop 2022-10-14 01:59:09 -07:00
Lubomir Rintel
73bf6859cb udev/rules: add by-path and by-ibdev links to infiniband verbs
The uverbs devices are sequentially numbered and are not guarranteed to
stay stable across reboot.

At least one good person was disappointed by this, because they couldn't
find their device: https://bugzilla.redhat.com/show_bug.cgi?id=2036515

Let's add a few helpful links.
2022-10-14 12:18:08 +09:00
Zbigniew Jędrzejewski-Szmek
aaf4325954
Merge pull request #24461 from keszybz/better-unmask-message
Better unmask message when unit is masked via kernel commandline
2022-10-13 23:17:49 +02:00
Zbigniew Jędrzejewski-Szmek
bf3b0d5f29 shared/install: print warning when unmasking unit with cmdline mask
'systemctl unmask foo' will try to remove the symlink to /dev/null under /etc/.
But the unit may also be masked by a symlink under /run/generator, in particular
the one created by systemd-debug-generator based on systemd.mask=foo on the
kernel commandline. The unmask call cannot anything about this: even if it removed
the symlink from /run/generator, it'll be recreated on the next daemon-reload.
Thus, we can only warn about it.

Initially, I wanted to check if 'systemctl.mask' is defined on the kernel
command-line, but that's not effective, because such mask symlinks can be
created by other generators based on other conditions. Checking for runtime
mask is "dumber", but is more robust because it doesn't assume who created the
mask and why.

The handling of InstallInfo is the copied from install_info_symlink_wants().
It's pretty ugly, this whole code should be rewritten from scratch.

The message is printed, but the whole operation is still "successful". This
keep backwards compatibility: people might call unmask to remove filesystem
masks even if there's still a cmdline param in place. We allow 'systemctl
mask' to create such a mask, so 'unmask' should be able to remove it.

Fixes #22689.
2022-10-13 19:44:47 +02:00
Zbigniew Jędrzejewski-Szmek
acb5b83438 shared/install: use cleanup func for InstallInfo*
In the next commit cleanup will be used in one more place. This change
avoids proliferation of the open-coded cleanup calls.
2022-10-13 19:44:47 +02:00
Zbigniew Jędrzejewski-Szmek
0047d54d42 shared/install: rename 'UnitFileInstallInfo' to 'InstallInfo'
- shorter is better
- name now matches the defining-file name

I was also considering UnitInstallInfo. Can change if people prefer that.
2022-10-13 19:44:47 +02:00