1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

76557 Commits

Author SHA1 Message Date
Mike Yuan
0aae1a09a3
path-lookup: move xdg_user_dirs() to xdg-autostart-generator
This is the only place where xdg_user_dir() is needed and
makes sense. All other invocations have been replaced with
user_search_dirs() - see previous commits for details.
2024-10-06 19:42:39 +02:00
Mike Yuan
5ce4902249
path-lookup: refactor lookup_paths_init() search paths handling
* Rename user_dirs() -> user_unit_search_dirs() and port to
  user_search_dirs()
* Use STRV_IFNOTNULL to guard paths that could be NULL,
  assert otherwise
2024-10-06 19:42:39 +02:00
Mike Yuan
1f8eedba9d
path-lookup: introduce user_search_dirs() (shall replace xdg_user_dirs())
xdg_user_dirs() doesn't seem well-organized currently.
In all other xdg_user_*() funcs we assume /etc/xdg/systemd
to be a symlink to /etc/systemd/, hence it is the odd one out.
Also, when the relevant envvar is unset, it only returns
the global search dirs.

sd_path_lookup() actually covers this nicely with SD_PATH_SEARCH_*,
where the combined search paths (from user home and system) are used.
Therefore, let's introduce a wrapper for that, and deprecate xdg_user_dirs()
(would be removed in later commits).
2024-10-06 19:42:39 +02:00
Mike Yuan
546110ded9
path-lookup: assert that LOOKUP_PATHS_{EXCLUDE,TEMPORARY}_GENERATED are not used in conjunction 2024-10-06 19:42:39 +02:00
Mike Yuan
cfda202fa9
path-lookup: unify *_generator_binary_paths() 2024-10-06 19:32:55 +02:00
Mike Yuan
536f6bd467
path-lookup: modernize get_paths_from_environ()
Use retval rather than additional param to indicate
whether the normal paths shall be appended.
2024-10-06 19:32:55 +02:00
Mike Yuan
b8018297a8
path-lookup: shortcut patch_root_prefix() if no root_dir 2024-10-06 19:32:54 +02:00
Mike Yuan
716fab66ab
path-lookup: unify acquire_{config,control,attached}_dir()
Note that -ENXIO reported by xdg_user_config_dir() is now properly
propagated rather than ignored, as unlike XDG_RUNTIME_DIR, XDG_CONFIG_HOME
has a default value hence ENXIO is not really expected.
2024-10-06 19:32:54 +02:00
Mike Yuan
bd79a88f34
path-lookup: use path_strv_contains() rather than strv_contains() 2024-10-06 19:32:54 +02:00
Mike Yuan
0e0e20bfb1
path-lookup: clean up acquire_{generator,transient}_dirs() a bit 2024-10-06 19:32:54 +02:00
Mike Yuan
8cff087d27
path-lookup: modernize runtime_directory() too 2024-10-06 19:32:53 +02:00
Mike Yuan
60cd6deb06
path-lookup: deduplicate xdg_user_*() with sd_path_lookup()
While at it, place ret param at last.
2024-10-06 19:27:12 +02:00
Mike Yuan
f005e267bc
path-lookup: move from basic/ to libsystemd/
So that sd_path_lookup() can be utilized to replace
duplicate functions.
2024-10-06 19:27:12 +02:00
Mike Yuan
feae34d64e
path-lookup: move find_portable_profile() to portable-util 2024-10-06 19:27:11 +02:00
Mike Yuan
cd7d732dc5
path-lookup: move NETWORK_DIRS to network-util.h 2024-10-06 19:27:11 +02:00
Mike Yuan
1a7627f4e1
unit-file: make unit_type_may_{alias_template} static inline 2024-10-06 19:27:11 +02:00
Mike Yuan
2bf5b262b5
basic/unit-file: move to shared/
Preparation for later commits, where path-lookup would be
moved into libsystemd.

Note that it currently includes sd-id128.h, hence shared/
seems more appropriate anyway.
2024-10-06 19:27:00 +02:00
Daniel Martinez
f819a516db Use case insensitive comparison for the machine's architechture
boot loader specification states:

architecture: refers to the architecture this entry is for. The argument
should be an architecture identifier, using the architecture vocabulary
defined by the EFI specification (i.e. IA32, x64, IA64, ARM, AA64, …).
If specified and it does not match the local system architecture this
entry should be hidden. The comparison should be done case-insensitively.

Example: architecture aa64

https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-entry-keys
2024-10-06 14:19:43 +01:00
Yu Watanabe
61c7f38f10
Merge pull request #34638 from YHNdnzj/laccess-error-check
various: correct laccess() error check
2024-10-06 13:50:11 +09:00
Daan De Meyer
a407aaa6ff
Merge pull request #34639 from DaanDeMeyer/repart-fix
Two repart fixes
2024-10-05 08:36:14 +02:00
Mike Yuan
3f8999a76e
fs-util: rename laccess to access_nofollow
In order to distinguish it from libc function naming.
2024-10-05 01:30:43 +02:00
Daan De Meyer
87333bd1dc chase: Fix shortcut
We can't shortcut chaseat() if CHASE_PARENT is set.
2024-10-04 21:34:33 +02:00
Daan De Meyer
413d3ce1b7 repart: Don't copy root directory mode from source file
If the source is a file, don't copy the mode and such from it to
the root directory, even if the target is /.
2024-10-04 21:33:52 +02:00
Mike Yuan
7c1dd9e288
various: correct laccess() error check
laccess is our own macro that uses RET_NERRNO.
2024-10-04 21:26:04 +02:00
Daan De Meyer
598bb6fde4
Merge pull request #34608 from DaanDeMeyer/ukify
ukify: Rework multi-profile UKIs
2024-10-04 13:57:16 +02:00
Jörg Behrmann
56f32d9e78 man: Use proper conjunction and remove superfluous or 2024-10-04 12:45:21 +01:00
Daan De Meyer
7cd56ec951 repart: Handle empty arg_copy_source in file_is_denylisted() 2024-10-04 12:47:01 +02:00
Luca Boccassi
3509fe124d man: consolidate list of active unit states into a shared table
Avoids the need to maintain the same list over and over again, and
link it to the defition table in the implementation as a reminder
too
2024-10-04 12:22:55 +02:00
Daan De Meyer
16020c3324 ukify: Rework multi-profile UKIs
The API introduced in https://github.com/systemd/systemd/pull/34295
is less than ideal:

- It doesn't consider signing at all (ukify can't sign separately yet)
- Measurement is completely broken (all profile sections are marked to
  not be measured)
- It focuses on a very niche use case of extending existing UKIs and makes
  the more common use case of building a UKI with several profiles included
  much harder than needed.

Let's instead rework the API to focus on the primary use case of building
a UKI with multiple profiles added to it immediately. We require the profiles
to be built upfront as separate PE binaries with UKI. There's no need to sign
or measure these, they're solely vehicles for profile sections. This saves us
from having to complicate the command line and config parsing to support defining
multiple profiles.

To add the profiles when building a UKI, we introduce the new --add-profile
switch which takes a path to a PE binary describing a profile. The required
sections are read from each PE binary, measured and added as a profile.

The integration test is disabled until the new API is merged and exposed in
mkosi so that building a UKI with profiles can be left to mkosi and the integration
test will only test the switching between profiles and not the building of UKIs
with profiles.
2024-10-04 11:36:25 +02:00
Luca Boccassi
2f8ac1c4c7
Merge pull request #34610 from poettering/exec-start-single-line
Soft deprecate multiple ExecStart= command lines within a single assignment
2024-10-03 22:46:11 +01:00
Daan De Meyer
4f1c5a832c ukify: Fix Profile config setting 2024-10-03 23:15:32 +02:00
Daan De Meyer
db0f9720d6 ukify: Introduce pe_strip_section_name() 2024-10-03 23:15:32 +02:00
Daan De Meyer
3891d57c4f Revert "ukify: add new --extend= switch for importing an existing UKI's sections to later extend"
This reverts commit b6570095ce.
2024-10-03 23:15:32 +02:00
Daan De Meyer
71f11a8f4c Revert "ukify: introduce new --measure-base= switch"
This reverts commit bc3e2c5a57.
2024-10-03 23:15:32 +02:00
Luca Boccassi
bdbec7cfe0
Merge pull request #34590 from poettering/file-hier-removals
man: remove some irrelevant dirs from file-hierarchy(7)
2024-10-03 21:04:30 +01:00
Luca Boccassi
ac799d64bd
Merge pull request #34600 from poettering/varlink-idl-add-flags-everywhere
sd-varlink: maintain "more" flag support in the IDL structures
2024-10-03 21:02:22 +01:00
Michael Ferrari
f106fd2dbd repart: open target devices before UUID creation
This is to ensure that the UUIDs from the CopyBlocks= devices are copied
to the corresponding new partition instead of creating a new UUID for
it. With this verity partitions can be copied, keeping their UUIDs to
ensure that they still match up with what is specified in roothash=.
2024-10-03 20:55:06 +01:00
Zbigniew Jędrzejewski-Szmek
3be87dca03 homectl: fix inverted table footer condition
Fixup for 2413a0fab4.
2024-10-03 20:53:24 +01:00
Zbigniew Jędrzejewski-Szmek
fb0ef5eac0 man/systemd-stub: reword descriptions of .dtb and .profile sections
- The text was clearly edited in variuos places to e.g. allow multiple
  sections, so it first said that sections are singletons, and immediately
  after that that some section are not.
- Replace "regardless of the kernel" with "regardless of the kernel version".
  The kernel is very much involved e.g. in loading of the initrds.
- Various other small rewordings to make the text more legible.
2024-10-03 16:34:04 +01:00
Daan De Meyer
33f1c5287f nsresourced: Fix declaration of bpf_rdonly_cast()
Fixes compilation error

"""
[780/3171] /usr/bin/clang -std=gnu11 -Wno-compare-distinct-pointer-types -fno-stack-protector -O2 -target bpf -g -c -D__aarch64__ -I. -isystem /usr/include/ -idirafter /usr/include ../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/usr/src/kernels/6.11.1-0.hs1.hs+fb.el9.aarch64
FAILED: src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o
/usr/bin/clang -std=gnu11 -Wno-compare-distinct-pointer-types -fno-stack-protector -O2 -target bpf -g -c -D__aarch64__ -I. -isystem /usr/include/ -idirafter /usr/include ../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c -o src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.unstripped.o -I/usr/src/kernels/6.11.1-0.hs1.hs+fb.el9.aarch64
../src/nsresourced/bpf/userns_restrict/userns-restrict.bpf.c:27:7: error: conflicting types for 'bpf_rdonly_cast'
   27 | void *bpf_rdonly_cast(void *, __u32) __ksym;
      |       ^
/usr/src/kernels/6.11.1-0.hs1.hs+fb.el9.aarch64/vmlinux.h:143063:14: note: previous declaration is here
 143063 | extern void *bpf_rdonly_cast(const void *obj__ign, u32 btf_id__k) __weak __ksym;
        |              ^
1 error generated.
"""
2024-10-03 12:24:51 +01:00
Peter Hutterer
305272ab2b logind: add support for hidraw devices
Add support for opening /dev/hidraw devices via logind's TakeDevice().
Same semantics as our support for evdev devices, but it requires the
HIDIOCREVOKE ioctl in the kernel.
2024-10-03 09:36:57 +01:00
Antonio Alvarez Feijoo
16b50d4018 core: fix copy/paste error 2024-10-02 22:15:41 +01:00
Luca Boccassi
394c61416c core: load IPE policy on boot
IPE is a new LSM being introduced in 6.12. Like IMA, it works based on a
policy file that has to be loaded at boot, the earlier the better. So
like IMA, if such a policy is present, load it and activate it.

If there are any .p7b files in /etc/ipe/, load them as policies.
The files have to be inline signed in DER format as per IPE documentation.

For more information on the details of IPE:

https://microsoft.github.io/ipe/
2024-10-02 18:29:43 +02:00
Lennart Poettering
3cb93ebcf2
Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups
home: Prompt for auxiliary groups in homectl firstboot
2024-10-02 18:28:01 +02:00
Lukas Nykryn
67b6404b80 man: using WantedBy=default.target is not a good idea
We had several users, that wrote their unit files with
WantedBy=default.target because it should be started "every time".
But for example in Fedora/CentOS/RHEL, this often breaks for
example selinux relabels (where we just want to do a relabel and reboot).
2024-10-02 18:25:03 +02:00
Daan De Meyer
5f44675120 homectl: Acquire bus connection after querying for user input
Otherwise when the user takes a long time to enter input the operation
to create the user's home will fail with "transport endpoint not connected".
2024-10-02 15:08:50 +02:00
Daan De Meyer
84edd52121 home: Prompt for shell in homectl firstboot 2024-10-02 15:08:35 +02:00
Daan De Meyer
164ca24d74 home: Prompt for auxiliary groups in homectl firstboot 2024-10-02 15:07:59 +02:00
Daan De Meyer
ec75a254d2 Move show_menu() to terminal-util.h 2024-10-02 15:05:24 +02:00
Daan De Meyer
70bc8b3f0c
Merge pull request #34616 from DaanDeMeyer/mkosi
Various mkosi fixes
2024-10-02 13:44:12 +02:00