1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-14 16:58:22 +03:00

60273 Commits

Author SHA1 Message Date
Daan De Meyer
bc958a19e3 openssl-util: Allow declaring openssl struct pointers without openssl 2022-09-23 16:15:34 +02:00
Lennart Poettering
842beda4c5 TODO 2022-09-23 16:13:11 +02:00
Lennart Poettering
dd5533801b
Merge pull request #24700 from poettering/ssh-creds
support easy provisioning for SSH key of root user
2022-09-23 16:01:09 +02:00
Lennart Poettering
6e19a7ce13
Merge pull request #24628 from medhefgo/boot-sections
boot: Try to detect overlapping PE sections
2022-09-23 15:45:28 +02:00
Lennart Poettering
a9dba3ef5f
Merge pull request #24796 from yuwata/doc-update
documentation updates
2022-09-23 15:13:18 +02:00
Lennart Poettering
e711431d50
Merge pull request #24794 from DaanDeMeyer/repart-follow-ups
repart: Extend squashfs logic to all read-only filesystems
2022-09-23 15:12:56 +02:00
Lennart Poettering
55c041b4e4 tree-wide: also settle on "initrd" instead of "initial RAM disk"
With this the concept is now called the same way everywhere except where
historical info is relevant or where the other names are API.
2022-09-23 15:12:18 +02:00
Lennart Poettering
32e2767080 tree-wide: use the term "initrd" at most places we so far used "initramfs"
In most cases we refernced the concept as "initrd". Let's convert most
remaining uses of "initramfs" to "initrd" too, to stay internally
consistent.

This leaves "initramfs" only where it's relevant to explain historical
concepts or where "initramfs" is part of the API (i.e. in
/run/initramfs).

Follow-up for: b66a6e1a5838b874b789820c090dd6850cf10513
2022-09-23 15:10:53 +02:00
Daan De Meyer
35e596f83f docs: Mention that "certificateFingerprint" source should be in DER 2022-09-23 14:10:11 +02:00
Daan De Meyer
2812017cfb basic: Add strgrowpad0() 2022-09-23 14:10:07 +02:00
Lennart Poettering
addc84ec91
Merge pull request #24686 from d4nuu8/delta_output
shared/logs-show: add new --output= format "short-delta"
2022-09-23 13:33:55 +02:00
Daan De Meyer
3dd73ea77e dissect: Process verity sig partitions if a root hash is specified
If a root hash is specified, we should be checking that it matches
the root hash in the verity signature partition, so let's not skip
processing of the verity signature partitions if a root hash is
specified.
2022-09-23 12:24:09 +02:00
Daan De Meyer
3c5f7ec4ca test: Install openssl 3 extra library dependencies 2022-09-23 12:24:09 +02:00
Daan De Meyer
738edfe667 dissect: Log when we fail to load the verity signature partition 2022-09-23 12:24:09 +02:00
Daan De Meyer
bc259e2338 repart: Rename verity integration test definition files 2022-09-23 12:24:09 +02:00
Daan De Meyer
9c98e277e9 repart: Improve missing libcryptsetup error message 2022-09-23 12:24:09 +02:00
Daan De Meyer
b6db96a2a6 repart: Rename context_verity() to context_verity_hash() 2022-09-23 12:24:09 +02:00
Lennart Poettering
fdcc31b718 update TODO 2022-09-23 11:44:01 +02:00
Yu Watanabe
78f14b2ff0 README: drop graphs counting issues or PRs
These cannot be accessible anymore.
2022-09-23 18:29:22 +09:00
Yu Watanabe
0b0cdb1652 doc: drop remaining references to LGTM.com 2022-09-23 18:29:22 +09:00
Avamander
a79f5097e7
Updated Lenovo ThinkPad T440p/T440 touchpad fuzz (#24779) 2022-09-23 18:26:01 +09:00
Daniel Braunwarth
893bcd3d07 shared/logs-show: add new --output= format "short-delta"
This new output formatting option is similar to "short-monotonic" but
also shows the time delta between two messages.

This fixes #24641.
2022-09-23 10:07:03 +02:00
Daniel Braunwarth
275e6be052 logs-show: move timestamp reading into show_journal_entry() 2022-09-23 10:07:03 +02:00
Daan De Meyer
eaec699494 shared: Don't try to generate read-only filesystem that we don't support
We need explicit support to generate read-only filesystems, since we
always need to pass a source tree to the mkfs binary to populate the
filesystem. As such, let's add an explicit check to return a
recognizable error when users try to generate a read-only filesystem
that we don't support.
2022-09-23 09:55:26 +02:00
Daan De Meyer
eb43379cec repart: Extend squashfs logic to all read-only filesystems
The same logic will apply to every read-only filesystem that we
might add support for in the future, so let's make this a bit more
future proof.
2022-09-23 09:55:17 +02:00
Lennart Poettering
d1666bde9c update TODO
(let's also merge all TODO items about adding creds support to various
tools into one item)
2022-09-23 09:34:12 +02:00
Lennart Poettering
0bbc5a5674 man: add man page decribing well known system credentials 2022-09-23 09:33:00 +02:00
Lennart Poettering
aebdd3f3d7 test: add test case for new ':' uid/gid/access modifier in tmpfiles.d 2022-09-23 09:31:54 +02:00
Lennart Poettering
fdc4b8b1e0 man: document new : modified for uid/gid/access mode in tmpfiles.d 2022-09-23 09:30:57 +02:00
Lennart Poettering
4cebd207d1 tmpfiles: add lines for provisioning ssh keys for root by default
With this, I can now easily do:

    systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot

To boot into an image with my SSH key copied in. Yay!
2022-09-23 09:30:00 +02:00
Lennart Poettering
27f6aa0b71 tmpfiles: rework empty_directory() to also use chase_symlinks() 2022-09-23 09:28:59 +02:00
Lennart Poettering
9e430ce3d4 tmpfiles: move symlink creation into its own function, and modernize
Let's ensure it also operates based on O_PATH, like fifo/device node/…
creation.
2022-09-23 09:27:53 +02:00
Lennart Poettering
8f6fb95cd0 tmpfiles: whenever creating an inode, immediately O_PATH open it to pin it
let's make things a bit less racy: whenever we create an inode,
immediately open it via O_PATH, compare type and continue operations
with the acquired fd.
2022-09-23 09:26:56 +02:00
Lennart Poettering
497ca785aa fs-util: add mknodat_atomic() 2022-09-23 09:25:33 +02:00
Lennart Poettering
4f477796f3 fs-util: make mkfifo_atomic() just a shortcut for mkfifoat_atomic() 2022-09-23 09:24:05 +02:00
Lennart Poettering
da9dd029a2 fs-util: replace symlink_atomic() by symlinkat_atomic() 2022-09-23 09:22:36 +02:00
Lennart Poettering
cc43328c7f tmpfiles: allow prefixing uid/gid/mode with ":" to only apply on creation
In some cases it is useful to specify the access mode/uid/gid for inodes
we create without also enforcing them on existing inodes. Let's add a
new flag for that: if the uid/gid/mode specificaitons are prefixed with
":", then they only apply to creation, not otherwise.

This is specifically useful for provisioning SSH keys later. Those we'd
like to provision like this:

<snip>
d /root :0700 root root -
d /root/.ssh :0700 root root -
f^ /root/.ssh/authorized_keys - - - - ssh.authorized_keys
</snip>

While /root/ + /root/.ssh/ being owned by root is pretty uncontroversial
the access mode of /root/ and /root/.ssh/ might not be. Hence we should
only have a default mode defined that is used when we create the dir,
but not otherwise.
2022-09-23 09:21:34 +02:00
Lennart Poettering
a9bc518c08 tmpfiles: generalize CreationMode and pass it everywhere
For some purposes we had CreationMode which indicates whether an inode
was created by us, or is pre-existing. Let's generalize that for *all*
operations. This is later useful to conditionalize certain operations on
that (and makes the codebase more systematic)
2022-09-23 09:20:37 +02:00
Lennart Poettering
c5d554aa66 tmpfiles: rebreak some comments 2022-09-23 09:19:02 +02:00
Daan De Meyer
c8f38bf077
Merge pull request #24797 from yuwata/networkctl
networkctl: several table format updates
2022-09-23 08:45:47 +02:00
Yu Watanabe
f8d7c0c55e networkctl: re-order entries in status command
Also fixes "Speed:" field, which may show empty value.
2022-09-23 11:20:26 +09:00
Yu Watanabe
767bc538c5 test-network: fix matching string
This partially reverts 5515f2169cb5980996044eabb5f1b35e00fd81eb.
As the commit changes 'networkctl list', not 'networkctl status'.
2022-09-23 10:43:17 +09:00
Yu Watanabe
3874765735 networkctl: use "-" for empty LLDP entries 2022-09-23 10:39:42 +09:00
Yu Watanabe
67c3e1f63a udev: support by-path devlink for multipath nvme block devices
If multipath feature is enabled, nvme block devices may belong to the
"nvme-subsystem" subsystem, instead of "nvme" subsystem.
(What a confusing name...)

Then, the syspath is something like the following,
    /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1
Hence, we need to find the 'real parent' device, such as
    /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964.
Replaces #24748.
2022-09-23 10:21:46 +09:00
Yu Watanabe
68f2134954
Merge pull request #24790 from poettering/run-chdir
run: let's make --working-directory= just work with --scope
2022-09-23 10:20:14 +09:00
Adam Williamson
97f9950698 kbd-model-map: add a mapping for switched czech qwerty/us
See https://bugzilla.redhat.com/show_bug.cgi?id=2121106 for the
background on this. One of Fedora's QA folks ran an install
and chose two keyboard layouts: Czech (qwerty) and US. Due to
the sad details of how the whole logic flow for trying to decide
what kbd layout best matches a given xkb config works (see
details in the bug comments), we wound up deciding the best-
matching kbd layout for this situation was cz-us-qwertz, which
is a czech/us switched layout, but is qwertz, not qwerty. This
seems like a poor outcome. Adding this line should result in us
picking cz-qwerty in this case. Which may be the 'legacy'
cz-qwerty.map from upstream kbd project (which is switched
cz/us), or may be the auto-converted xkb layout (which obviously
isn't switched). But either way, at least its primary mode is
Czech qwerty, which seems like a *better* choice than a layout
whose primary mode is Czech qwertz.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2022-09-23 10:19:41 +09:00
Yu Watanabe
96f974e47f network: use FOREACH_DEVICE_CHILD_WITH_SUFFIX() macro 2022-09-23 07:03:19 +09:00
Yu Watanabe
29c1fb3cb3 network: fix assertion triggered by passing wrong ifindex 2022-09-23 07:03:18 +09:00
Yu Watanabe
78463c6c4f udev-builtin-net_id: use FOREACH_DEVICE_CHILD_WITH_SUFFIX() macro 2022-09-23 07:03:18 +09:00
Yu Watanabe
fadc8c48ac test-sd-device: add tests for sd_device_get_child_first() and _next() 2022-09-23 07:03:18 +09:00