mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
tree-wide: fix typo
This commit is contained in:
parent
31438511e0
commit
fcdd21ec6a
2
NEWS
2
NEWS
@ -33,7 +33,7 @@ CHANGES WITH 255 in spe:
|
||||
by default when combined with --scope, will be changed in a future
|
||||
release to be enabled by default.
|
||||
|
||||
* "systemctl switch-root" is now restricted to initrd transtions only.
|
||||
* "systemctl switch-root" is now restricted to initrd transitions only.
|
||||
Transitions between real systems should be done with "systemctl soft-reboot"
|
||||
instead.
|
||||
|
||||
|
8
TODO
8
TODO
@ -201,7 +201,7 @@ Features:
|
||||
* add a new PE binary section ".mokkeys" or so which sd-stub will insert into
|
||||
Mok keyring, by overriding/extending whatever shim sets in the EFI
|
||||
var. Benefit: we can extend the kernel module keyring at ukify time,
|
||||
i.e. without recompiling the kernel, taking an upstrem OS' kernel and adding
|
||||
i.e. without recompiling the kernel, taking an upstream OS' kernel and adding
|
||||
a local key to it.
|
||||
|
||||
* PidRef conversion work:
|
||||
@ -244,7 +244,7 @@ Features:
|
||||
|
||||
* similar, add the same for journal stream clients that log too much
|
||||
|
||||
* systemd-mount sould only consider modern file systems when mounting, similar
|
||||
* systemd-mount should only consider modern file systems when mounting, similar
|
||||
to systemd-dissect
|
||||
|
||||
* new "systemd-pcrlock" component for dealing with PCR4. Design idea:
|
||||
@ -512,7 +512,7 @@ Features:
|
||||
|
||||
* sd-boot: make boot loader spec type #1 accept http urls in "linux"
|
||||
lines. Then, do the uefi http dance to download kernels and boot them. This
|
||||
is then useful for network boot, by embdedding a cpio with type #1 snippets
|
||||
is then useful for network boot, by embedding a cpio with type #1 snippets
|
||||
in sd-boot, which reference remote kernels.
|
||||
|
||||
* maybe prohibit setuid() to the nobody user, to lock things down, via seccomp.
|
||||
@ -767,7 +767,7 @@ Features:
|
||||
* systemd-measure: allow operating with PEM certificates in addition to PEM
|
||||
public keys when signing PCR values. SecureBoot and our Verity signatures
|
||||
operate with certificates already, hence I guess we should also just deal for
|
||||
convencience with certificates for the PCR stuff too.
|
||||
convenience with certificates for the PCR stuff too.
|
||||
|
||||
* systemd-measure: add --pcrpkey-auto as an alternative to --pcrpkey=, where it
|
||||
would just use the same public key specified with --public-key= (or the one
|
||||
|
@ -39,7 +39,7 @@
|
||||
|
||||
<para><function>sd_event_set_signal_exit()</function> may be used to ensure the event loop terminates
|
||||
once a <constant>SIGINT</constant> or <constant>SIGTERM</constant> signal is received. It is a
|
||||
convencience wrapper around invocations of
|
||||
convenience wrapper around invocations of
|
||||
<citerefentry><refentrytitle>sd_event_add_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
for both signals. The two signals are automatically added to the calling thread's signal mask (if a
|
||||
program is multi-threaded care should be taken to either invoke this function before the first thread is
|
||||
|
@ -195,7 +195,7 @@
|
||||
#define LIST_CLEAR(name, head, free_func) \
|
||||
_LIST_CLEAR(name, head, free_func, UNIQ_T(elem, UNIQ))
|
||||
|
||||
/* Clear the list, destroing each element with free_func */
|
||||
/* Clear the list, destroying each element with free_func */
|
||||
#define _LIST_CLEAR(name, head, free_func, elem) \
|
||||
({ \
|
||||
typeof(head) elem; \
|
||||
|
@ -56,7 +56,7 @@ only load them after `ExitBootServices()` has been called.
|
||||
|
||||
Another mechanism is supported by `systemd-boot` and `systemd-stub` to add additional payloads to the boot
|
||||
process: `addons`. Addons are PE signed binaries that can carry kernel command line arguments or Devicetree
|
||||
blobs (more might be added in the future). In constrast to the user-specified additions in the Type #1 case
|
||||
blobs (more might be added in the future). In contrast to the user-specified additions in the Type #1 case
|
||||
described above, these addons are loaded through the UEFI image loading protocol, and thus are subject to
|
||||
signature validation, and will be rejected if not signed or if the signature is invalid, following the
|
||||
standard SecureBoot model. They are also measured in the TPM.
|
||||
|
@ -36,7 +36,7 @@ static uint64_t ticks_freq_arch(void) {
|
||||
|
||||
uint64_t freq = crystal_hz;
|
||||
if (crystal_hz == 0) {
|
||||
/* If the crystal frquency is not available, try to deduce it from
|
||||
/* If the crystal frequency is not available, try to deduce it from
|
||||
* the processor frequency leaf if available. */
|
||||
if (max_leaf < 0x16)
|
||||
return 0;
|
||||
|
@ -50,7 +50,7 @@ static int luks2_pkcs11_callback(
|
||||
/* Called for every token matching our URI */
|
||||
r = pkcs11_token_login_by_pin(m, session, token_info, token_label, data->pin, data->pin_size);
|
||||
if (r == -ENOLCK) {
|
||||
/* Referesh the token info, so that we can prompt knowing the new flags if they changed. */
|
||||
/* Refresh the token info, so that we can prompt knowing the new flags if they changed. */
|
||||
rv = m->C_GetTokenInfo(slot_id, &updated_token_info);
|
||||
if (rv != CKR_OK) {
|
||||
crypt_log_error(data->cd,
|
||||
|
@ -3197,7 +3197,7 @@ int home_resize_luks(
|
||||
|
||||
old_image_size = st.st_size;
|
||||
|
||||
/* Note an asymetry here: when we operate on loopback files the specified disk size we get we
|
||||
/* Note an asymmetry here: when we operate on loopback files the specified disk size we get we
|
||||
* apply onto the loopback file as a whole. When we operate on block devices we instead apply
|
||||
* to the partition itself only. */
|
||||
|
||||
|
@ -693,7 +693,7 @@ int mount_all(const char *dest,
|
||||
if (FLAGS_SET(mount_table[k].mount_settings, MOUNT_PREFIX_ROOT)) {
|
||||
/* Optionally prefix the mount source with the root dir. This is useful in bind
|
||||
* mounts to be created within the container image before we transition into it. Note
|
||||
* that MOUNT_IN_USERNS is run after we transitioned hence prefixing is not ncessary
|
||||
* that MOUNT_IN_USERNS is run after we transitioned hence prefixing is not necessary
|
||||
* for those. */
|
||||
r = chase(mount_table[k].what, dest, CHASE_PREFIX_ROOT, &prefixed, NULL);
|
||||
if (r < 0)
|
||||
|
@ -112,7 +112,7 @@ int openssl_digest_many(
|
||||
return log_openssl_errors("Failed to create new EVP_MD_CTX");
|
||||
|
||||
if (!EVP_DigestInit_ex(ctx, md, NULL))
|
||||
return log_openssl_errors("Failed to initializate EVP_MD_CTX");
|
||||
return log_openssl_errors("Failed to initialize EVP_MD_CTX");
|
||||
|
||||
for (size_t i = 0; i < n_data; i++)
|
||||
if (!EVP_DigestUpdate(ctx, data[i].iov_base, data[i].iov_len))
|
||||
@ -188,7 +188,7 @@ int openssl_hmac_many(
|
||||
return log_openssl_errors("Failed to build HMAC OSSL_PARAM");
|
||||
|
||||
if (!EVP_MAC_init(ctx, key, key_size, params))
|
||||
return log_openssl_errors("Failed to initializate EVP_MAC_CTX");
|
||||
return log_openssl_errors("Failed to initialize EVP_MAC_CTX");
|
||||
#else
|
||||
_cleanup_(HMAC_CTX_freep) HMAC_CTX *ctx = HMAC_CTX_new();
|
||||
if (!ctx)
|
||||
|
@ -391,7 +391,7 @@ int pkcs11_token_login(
|
||||
if (r != -ENOLCK)
|
||||
return r;
|
||||
|
||||
/* Referesh the token info, so that we can prompt knowing the new flags if they changed. */
|
||||
/* Refresh the token info, so that we can prompt knowing the new flags if they changed. */
|
||||
rv = m->C_GetTokenInfo(slotid, &updated_token_info);
|
||||
if (rv != CKR_OK)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EIO),
|
||||
|
@ -53,7 +53,7 @@ int serialize_item_escaped(FILE *f, const char *key, const char *value) {
|
||||
|
||||
int serialize_item_format(FILE *f, const char *key, const char *format, ...) {
|
||||
_cleanup_free_ char *allocated = NULL;
|
||||
char buf[256]; /* Something resonably short that fits nicely on any stack (i.e. is considerably less
|
||||
char buf[256]; /* Something reasonably short that fits nicely on any stack (i.e. is considerably less
|
||||
* than LONG_LINE_MAX (1MiB!) */
|
||||
const char *b;
|
||||
va_list ap;
|
||||
|
@ -670,7 +670,7 @@ int tpm2_context_new(const char *device, Tpm2Context **ret_context) {
|
||||
|
||||
r = tpm2_cache_capabilities(context);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to cache TPM capbilities: %m");
|
||||
return log_debug_errno(r, "Failed to cache TPM capabilities: %m");
|
||||
|
||||
/* We require AES and CFB support for session encryption. */
|
||||
if (!tpm2_supports_alg(context, TPM2_ALG_AES))
|
||||
@ -862,7 +862,7 @@ int tpm2_index_from_handle(Tpm2Context *c, const Tpm2Handle *handle, TPM2_HANDLE
|
||||
*
|
||||
* Returns 1 if the object was successfully persisted, or 0 if there is already a key at the requested
|
||||
* handle, or < 0 on error. Theoretically, this would also return 0 if no specific persistent handle is
|
||||
* requiested but all persistent handles are used, but it is extremely unlikely the TPM has enough internal
|
||||
* requested but all persistent handles are used, but it is extremely unlikely the TPM has enough internal
|
||||
* memory to store the entire persistent range, in which case an error will be returned if the TPM is out of
|
||||
* memory for persistent storage. The persistent handle is only provided when returning 1. */
|
||||
static int tpm2_persist_handle(
|
||||
|
@ -12,7 +12,7 @@ static void test_path_is_encrypted_one(const char *p, int expect) {
|
||||
/* This might fail, if btrfs is used and we run in a container. In that case we cannot
|
||||
* resolve the device node paths that BTRFS_IOC_DEV_INFO returns, because the device nodes
|
||||
* are unlikely to exist in the container. But if we can't stat() them we cannot determine
|
||||
* the dev_t of them, and thus cannot figure out if they are enrypted. Hence let's just
|
||||
* the dev_t of them, and thus cannot figure out if they are encrypted. Hence let's just
|
||||
* ignore ENOENT here. Also skip the test if we lack privileges. */
|
||||
return;
|
||||
assert_se(r >= 0);
|
||||
|
@ -42,7 +42,7 @@ int main(int argc, char *argv[]) {
|
||||
assert_se(unit_add_name(c, "c.service") >= 0);
|
||||
assert_se(set_isempty(c->pids));
|
||||
|
||||
/* Fork off a child so thta we have a PID to watch */
|
||||
/* Fork off a child so that we have a PID to watch */
|
||||
_cleanup_(sigkill_waitp) pid_t pid = 0;
|
||||
pid = fork();
|
||||
if (pid == 0) {
|
||||
|
@ -512,7 +512,7 @@ static int find_source_vc(char **ret_path, unsigned *ret_idx) {
|
||||
|
||||
r = verify_vc_allocation(i);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "VC %u existance check failed, skipping: %m", i);
|
||||
log_debug_errno(r, "VC %u existence check failed, skipping: %m", i);
|
||||
RET_GATHER(err, r);
|
||||
continue;
|
||||
}
|
||||
|
@ -5142,7 +5142,7 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
|
||||
self.wait_online(['veth-peer:carrier'])
|
||||
|
||||
# Note that at this point the DHCPv6 client has not been started because no RA (with managed
|
||||
# bit set) has yet been recieved and the configuration does not include WithoutRA=true
|
||||
# bit set) has yet been received and the configuration does not include WithoutRA=true
|
||||
state = get_dbus_dhcp6_client_state('veth99')
|
||||
print(f"State = {state}")
|
||||
self.assertEqual(state, 'stopped')
|
||||
|
@ -96,7 +96,7 @@ tpm2_pcrextend 0:sha256=00000000000000000000000000000000000000000000000000000000
|
||||
(! systemd-cryptsetup attach test-volume "$img" - tpm2-device=auto,headless=1)
|
||||
|
||||
if tpm_has_pcr sha256 12; then
|
||||
# Enroll using an explict PCR value (that does match current PCR value)
|
||||
# Enroll using an explicit PCR value (that does match current PCR value)
|
||||
systemd-cryptenroll --wipe-slot=tpm2 "$img"
|
||||
EXPECTED_PCR_VALUE=$(cat /sys/class/tpm/tpm0/pcr-sha256/12)
|
||||
PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs="12:sha256=$EXPECTED_PCR_VALUE" "$img"
|
||||
|
@ -76,8 +76,8 @@ verify_version() {
|
||||
# $1: block device
|
||||
# $2: sector size
|
||||
# $3: version
|
||||
# $4: partiton number of part1
|
||||
# $5: partiton number of part2
|
||||
# $4: partition number of part1
|
||||
# $5: partition number of part2
|
||||
|
||||
gpt_reserved_sectors=$(( 1024 * 1024 / $2 ))
|
||||
part1_offset=$(( ( $4 - 1 ) * 2048 + gpt_reserved_sectors ))
|
||||
|
Loading…
Reference in New Issue
Block a user