IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If the file was removed by some other program, we should just go
to the next one without failing. item_do() is only used for recursive
globs instead of fixed paths so skipping on missing files makes sense
(unlike if the path was fixed where we should probably fail).
Fixes#32691 (hopefully)
(cherry picked from commit 677430b3c7fcd1b352eb66f19b8746741459b91a)
(cherry picked from commit 46419527af7e91346aa523f73ecf85a96ac94c9a)
Since AuditMode automatically switches SetupMode on, it should be
authorized to enroll SecureBoot keys.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
(cherry picked from commit a23a59b324a022a0b38b5f35d01ee1b2b4edf694)
(cherry picked from commit 04f6566568e0618088c7496a7e89da8d949b3c72)
As the former is deprecated and might not be available (i.e. on Ubuntu
Noble it's only available after installing the tzdata-legacy package).
(cherry picked from commit 568d97953b77fef4cb698894f567d08dfed453c9)
(cherry picked from commit 6e778d4b5fdb741e52fac7151d9789e24eb03648)
Previously, ret_boot_id was assigned even when the function failed due
to an invalid monotonic timestamp stored for a journal entry.
(cherry picked from commit c9df4714286223017aff1b2f32f96058d249d8ab)
(cherry picked from commit 6549d31b2c88ffecae9502aff6ff5e8fd4414bb6)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
(cherry picked from commit 4a06acda25fb895f65ee24c6378cb8db47577c7a)
(cherry picked from commit df98c064c0b6bdc611c2635631bfb67884e3337e)
Let's only accept valid ASCII and put a size limit on reboot arguments.
(cherry picked from commit b7ad4778794b6bfc63d4b11c7c39cfe5a21228a4)
(cherry picked from commit dba7fd523c61ea49cefce388bf3993cd52124aeb)
Otherwise the filenames will contain variable paths and break reproducibility
(cherry picked from commit 8d6e439aae6a5e2e1b89647ec05ca2d0cf8df8b9)
(cherry picked from commit 4a8f9649caa996a6969365f7f41cf577b5cca291)
The kernel headers match on __s390__ so the build fails
../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:159:6: error: Must specify a BPF target arch via __TARGET_ARCH_xxx
void BPF_KPROBE(userns_restrict_free_user_ns, struct work_struct *work) {
^
/usr/include/bpf/bpf_tracing.h:817:20: note: expanded from macro 'BPF_KPROBE'
return ____##name(___bpf_kprobe_args(args)); \
^
/usr/include/bpf/bpf_tracing.h:797:41: note: expanded from macro '___bpf_kprobe_args'
^
/usr/include/bpf/bpf_helpers.h:195:29: note: expanded from macro '___bpf_apply'
^
note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
/usr/include/bpf/bpf_tracing.h:789:72: note: expanded from macro '___bpf_kprobe_args1'
^
/usr/include/bpf/bpf_tracing.h:563:29: note: expanded from macro 'PT_REGS_PARM1'
^
<scratch space>:125:6: note: expanded from here
GCC error "Must specify a BPF target arch via __TARGET_ARCH_xxx"
(cherry picked from commit aab7bb596821e83f736bcb19b5c71ec1b8dc440e)
(cherry picked from commit bd9c837bb733ce516bd31cfd023f83907fe476fc)
options
Prompted by #32491
(cherry picked from commit 821bf13b6e7a20ca05bebad2bc435e40a424ca18)
(cherry picked from commit 2c1ce9f00b189ac03de2501f4a7b4691b2adb55c)
LinkLocalAddressing accepts a boolean. This can be seen by looking at
`link_local_address_family_from_strong(cont char *s)` in
`src/network/netword-util.c#L102-108` which falls back to
`address_family_from_string`, defined two lines above (L100)
using `DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN`.
(cherry picked from commit 07b6924de4d83c0d66ddfe92d3f2df4995e1e087)
(cherry picked from commit 586e10fa612c4740517acdd67727ed8a4ac9166d)
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
(cherry picked from commit 3eb329bfb5df8f5b6eba9cef195dff54b9ba0e4b)
(cherry picked from commit aff1099b0a4adb9dc7de20fb1914a80f80f88c21)
Previously, if we encountered a non-socket fd we'd return ENOTSOCK the
first time, but the subsequent times we'd return ENOMEDIUM, due to
caching. Let's make sure we return the same errors all the the time.
(cherry picked from commit b24c384b5dab5f568a263311f89881dc5c799a3b)
(cherry picked from commit 118a48bdec59db8048ac5f0fcbce3e3ccb2038e4)
The portable profiles assume /etc/resolv.conf exists, which isn't
always the case. Let's mark the mounts as optional so we don't fail
to start the unit if /etc/resolv.conf doesn't exist.
(cherry picked from commit f449a29bb9914f2645f37a3e177afef1e2c0536a)
(cherry picked from commit e3d5e162eb84e5e679159bce20b9a92929f01bbc)
If the parent zone uses a non-opt-out method that provides authenticated
negative DS replies, we still can't expect signatures from the child
zone. sd-resolved was using the authenticated status of the DS reply to
require signatures for CNAMEs, even though it had already proved that no
signature exists.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
(cherry picked from commit a1580223a5dd67ab61c5f888b114de43b65fffbf)
Previously, sd-resolved unnecessarily requested SOA records for each dns
label in the query, even though they are not needed for the chain of
trust. Since 47690634f157, only the necessary records are queried when
validating.
This is actually a problem in allow-downgrade mode, since we will no
longer attempt a query for a record that we know is signed a priori, and
will therefore never update our belief about the state of dnssec support
in the recursive resolver.
Rectify this by reintroducing a query for the root zone SOA in the
allow-downgrade case, specifically to test that the resolver attaches
the RRSIGs which we know must exist.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
(cherry picked from commit 5237ffdf2b63a5afea77c3470d9981a2c29643cc)
(cherry picked from commit ee15f5efaf2f6cdbb867fca601e92761276e2b1e)
If we request a DS and the resolver offers an unsigned SOA, a new
auxiliary transaction for the DS will be rejected as a loop, and we
might not make any progress toward finding the DS we need. Let's ensure
that we at least always check the parent in this case.
Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
(cherry picked from commit d840783db5208219c78d73b9b46ef5daae9fea0a)
(cherry picked from commit 52c17febf14c866d9808d1804f13ac98d76e665b)
Before this PR, if m->varlink_server is not yet set up during
deserialization, we call manager_setup_varlink_server rather than
manager_varlink_init, the former of which doesn't setup varlink
addresses, but only binds to methods. This results in that
newly-added varlink addresses not getting created if deserialization
takes place.
Therefore, let's switch to manager_varlink_init, and add some
sanity checks to it in order to prevent listening on the same
address twice.
Fixes#29373
Replaces #29421
(cherry picked from commit 6906c028e83b77b35eaaf87b27d0fe5c6e1984b7)
meson's `cpp_args` option is defined only if it detects a C++ compiler,
otherwise we get an error:
../test/fuzz/meson.build:56:28: ERROR: Tried to access unknown option 'cpp_args'.
(cherry picked from commit a3d3bf559c9789c8abe96d931fc5d3f109886db9)
Prompted by #29972, because right now it's practically impossible to pass
-fno-sanitize=function to the fuzzer targets without some extensive
sed'ing.
This splits both c_args and cpp_args to separate arguments for
tools/meson-build.sh, because the other way would be to use `eval`, so
the space-separated but quoted strings passed to these options are not
split where they shouldn't, and I'd rather avoid using `eval` if
possible.
Also, this switches the positional arguments we pass to `meson setup`,
as they were in incorrect order (docs say it should be buildir followed
by sourcedir); meson is apparently clever enough to figure this out and
switch the arguments around if necessary, so it didn't complain.
(cherry picked from commit 17ee59c9c922553a8cb4d54cb8ae415706c4feff)
THis needs 15 entries as far as I can count, not just 14.
Follow-up for: 5686391b006ee82d8a4559067ad9818e3e631247
Sniff.
(cherry picked from commit 07296542d636dcac43f6c9ee45a638fca8c5f3dd)
(cherry picked from commit 8f4dab049074d31c31af2bb9eb76f9f4f08e3711)
For issue #24150 and #31222.
(cherry picked from commit 8cc42169f1f945d286ea334c55e7013d585947d8)
(cherry picked from commit d1a7ffc8b192c1378d07d5ae17eca739fd4ddfc6)
As the main thread may call journal_directory_vacuum() ->
unlinkat_deallocate() while another thread is copying the file.
Fixes#24150 and #31222.
(cherry picked from commit 18d4e475c7fad8a5f003e5eb2a9ed0616e0ade20)
(cherry picked from commit 04209567d40b4bf802ac22b631f126aa52647732)
No effective functionality changed, just refactoring.
(cherry picked from commit f73ad0a9fb18bdba3f0704f5feef2dcbd6130915)
(cherry picked from commit 8ee43d11581f8f8debef9793c7776a584eb4157d)
If the flag is set, then copy_file() and friends check if the source
file still exists when the copy operation finished.
(cherry picked from commit 72ef2a617f43e156dbe15e9fa28b84224c2969ad)
(cherry picked from commit 47c90f516f58b0d4ab2ff3c676e49111e064a149)
