Дамјан Георгиевски
12caf72716
bootctl: optionally install .signed efi file
...
if /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed exists
install that instead of /usr/lib/systemd/boot/efi/systemd-bootx64.efi
the idea is that SecureBoot tooling can create the efi.signed file
whenever /usr/lib/systemd/boot/efi/systemd-bootx64.efi from the package
is updated.
2021-12-08 22:21:34 +01:00
Daan De Meyer
8097f80500
Merge pull request #21637 from nabijaczleweli/EBA
...
kernel-install: export BOOT_ROOT instead of hacking it in hooks, note KERNEL_INSTALL_* ABI
2021-12-08 20:15:38 +00:00
Yu Watanabe
c923992c5c
Merge pull request #21678 from keszybz/sysusers-work
...
Make it easier to figure out what sysusers is doing and why
2021-12-09 04:35:50 +09:00
Daan De Meyer
ecfa85e9e1
docs: Clarify that the fd store is discarded when a service is stopped
2021-12-08 13:27:28 +00:00
наб
b51e71b2d2
kernel-install: note $KERNEL_INSTALL_{MACHINE_ID,BOOT_ROOT}= ABI
2021-12-08 13:44:27 +01:00
Zbigniew Jędrzejewski-Szmek
64fe10957b
sysusers: add --dry-run
2021-12-08 11:46:33 +01:00
наб
dcd9d196a4
kernel-install: respect $MACHINE_ID and ignore /etc/machine-id if on tmpfs
...
Confer https://github.com/systemd/systemd/pull/19006#issuecomment-800234022 :
On some systems it's the admin's explicit choice not to to have the
machine ID leak into the ESP
On some systems the machine ID is transient, generated at every boot,
and hence should not be written to the ESP
2021-12-08 09:34:02 +01:00
Zbigniew Jędrzejewski-Szmek
f333ed27fa
Merge pull request #20476 from jamacku/new-feature-reloaded-stamp
...
core: indicate the time when units were loaded
2021-12-07 18:47:25 +01:00
Zbigniew Jędrzejewski-Szmek
d4f8cd4d83
Merge pull request #21625 from yuwata/network-dhcp-6rd
...
network: dhcp: add 6rd support
2021-12-07 17:26:37 +01:00
Luca Boccassi
f43282670b
core: add StartUnitWithFlags DBUS method
...
When an activation job is skipped because of a Condition*= setting failing,
currently the JobRemoved signal lists 'done' as the result, just as with
a successful job.
This is a problem when doing dbus activation: dbus-broker will receive a
signal that says the job was successful, so then it moves into a state where
it waits for the requested name to appear on the bus, but that never happens
because the job was actually skipped.
Add a new StartUnitWithFlags that changes the behaviour of the JobRemoved
signal to list 'done' or 'skipped'.
Fixes #21520
2021-12-07 16:30:49 +01:00
Jan Macku
49fbe940a4
core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic
2021-12-07 16:02:46 +01:00
Yu Watanabe
31fc1366d6
man: network: document Use6RD= setting
2021-12-07 20:33:20 +09:00
Yu Watanabe
a27588d4e7
network: dhcp-pd: rename [DHCPv6PrefixDelegation] -> [DHCPPrefixDelegation]
...
This just changes the names of settings, variables, functions, files, and so on.
No functionality is changed.
Preparation for supporting 6rd.
2021-12-07 20:30:30 +09:00
Yu Watanabe
2d00239cbe
network: dhcp6pd: always use main route table for unreachable route
...
This mostly reverts e47bcb7d0b
.
2021-12-07 18:35:30 +09:00
Yu Watanabe
ab106a609b
network: eui64 address is supported only ethernet or infiniband
...
So, this makes prefixstable mode will be used for other interface types.
2021-12-06 21:07:12 +09:00
Zbigniew Jędrzejewski-Szmek
ec1574cd8e
Merge pull request #21454 from bluca/inspect_elf
...
analyze: add inspect-elf verb to parse package metadata
2021-12-06 12:45:25 +01:00
Pavel Březina
2f121b6fa1
man: fix description of sd_uid_get_sessions
2021-12-06 12:39:03 +01:00
Urs Ritzmann
25060a570c
sd_bus_get_timeout: fix timeout value doc
...
The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.
2021-12-06 11:21:48 +01:00
Zbigniew Jędrzejewski-Szmek
79fa910333
Merge pull request #21623 from nabijaczleweli/ekstrahuje
...
man/kernel-install clarifications
2021-12-06 11:10:40 +01:00
Zbigniew Jędrzejewski-Szmek
ea7c87bfd9
Merge pull request #21629 from yuwata/man-netdev-update
...
man: netdev: several cleanups
2021-12-06 10:23:04 +01:00
Yu Watanabe
ee44b32ff4
man: netdev: merge and reword Egress/IngressQOSMAps=
2021-12-06 17:59:35 +09:00
Yu Watanabe
9b65490f3f
man: netdev: use … to specify range
2021-12-06 16:53:35 +09:00
Yu Watanabe
f3fa44cb8e
man: netdev: use <varname> tag
2021-12-06 16:51:57 +09:00
Yu Watanabe
472e1349ed
man: network: fix default values for DNSSEC= and DNSOverTLS=
2021-12-06 16:30:48 +09:00
Yu Watanabe
dee13c2f4e
man: network: rebreak lines
2021-12-06 16:28:10 +09:00
наб
2a0ad72611
kernel-install: fix MACHINE_ID extraction behaviour description
2021-12-05 17:00:22 +01:00
наб
22a81fe49b
kernel-install: note the default $PRETTY_NAME if os-release wasn't found and that only 90-loaderentry uses it
2021-12-05 16:44:49 +01:00
наб
595fd662d4
kernel-install: note that 90-loaderentry will also use /usr/lib/k/cmdline
2021-12-05 16:44:48 +01:00
Yu Watanabe
72e65e6ffd
network: add support to configure IPoIB interfaces
2021-12-05 00:18:58 +09:00
Yu Watanabe
b90d0f83b2
network/netdev: add support to create IPoIB subinterface
2021-12-04 15:06:58 +09:00
Yu Watanabe
bf1e65a4fd
Merge pull request #21585 from yuwata/network-radv-uplink-interface-auto-with-dhcp6-pd
...
network: cleanups for uplink interface handling for RADV and DHCP6-PD
2021-12-02 08:16:23 +09:00
KennthStailey
2ed6297f71
Fixed typo
...
`ip set dev eth0` should be `ip link set dev eth0`
2021-12-02 00:02:37 +09:00
Yu Watanabe
926fc8ee63
network: dhcp6: make UplinkInterface=:self take effect only when DHCPv6PrefixDelegation= is enabled
2021-12-01 20:35:03 +09:00
Yu Watanabe
f6032ff3e0
network: radv: use the uplink interface used in DHCPv6-PD
2021-12-01 20:35:03 +09:00
Luca Boccassi
81513b382b
core: add Condition[Memory/CPU/IO]Pressure
...
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.
Fixes #20139
2021-12-01 09:53:18 +01:00
Yu Watanabe
99f8a6d7f5
Merge pull request #21581 from keszybz/really-random-fixlets
...
Really random fixlets
2021-12-01 12:54:00 +09:00
Luca Boccassi
917e655457
analyze: add inspect-elf verb to parse package metadata
...
Parses and prints package metadata from executables, libraries and core files
$ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverityb /bin/bash --json=off --no-pager
__________________________
path: /tmp/core
elfType: coredump
elfArchitecture: AMD x86-64
module name: /tmp/crash
type: deb
name: hello
version: 1.0
architecture: amd64
os: debian
osVersion: 11
buildId: b33541096a09c29a0ba4ec5c69364a2711b7c269
module name: /usr/lib/x86_64-linux-gnu/libc-2.31.so
type: deb
name: hello
version: 1.0
architecture: amd64
os: debian
osVersion: 11
buildId: 54eef5ce96cf37cb175b0d93186836ca1caf470c
module name: /usr/lib/x86_64-linux-gnu/ld-2.31.so
type: deb
name: hello
version: 1.0
architecture: amd64
os: debian
osVersion: 11
buildId: 32438eb3b034da54caf58c7a65446639f7cfe274
__________________________________________________________________
path: /home/luca/git/systemd/../fsverity-utils/fsverity
elfType: executable
elfArchitecture: AMD x86-64
type: deb
name: fsverity-utils
version: 1.3-1
architecture: amd64
os: debian
debugInfoUrl: https://debuginfod.debian.net
buildId: 05b899e6ee0d3653e20458719b202ed3ca8d566f
_________________________
path: /bin/bash
elfType: executable
elfArchitecture: AMD x86-64
buildId: 4fef260f60e257d2dbd4126bf8add83837aea190
$
$ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverity /bin/bash /tmp/core.test-condition.1000.f9b9a84a9fd1482c9702d6afa6f6934b.37640.1637083078000000 --json=pretty --no-pager
{
"elfType" : "coredump",
"elfArchitecture" : "AMD x86-64",
"/home/bluca/git/fsverity-utils/fsverity" : {
"type" : "deb",
"name" : "fsverity-utils",
"version" : "1.3-1",
"buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee"
},
"/home/bluca/git/fsverity-utils/libfsverity.so.0" : {
"type" : "deb",
"name" : "fsverity-utils",
"version" : "1.3-1",
"buildId" : "b5e428254abf14237b0ae70ed85fffbb98a78f88"
}
}
{
"elfType" : "executable",
"elfArchitecture" : "AMD x86-64",
"/home/bluca/git/systemd/../fsverity-utils/fsverity" : {
"type" : "deb",
"name" : "fsverity-utils",
"version" : "1.3-1",
"buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee"
}
}
{
"elfType" : "executable",
"elfArchitecture" : "AMD x86-64",
"/bin/bash" : {
"buildId" : "3313b4cb119dcce16927a9b6cc61dcd97dfc4d59"
}
}
{
"elfType" : "coredump",
"elfArchitecture" : "AMD x86-64"
}
2021-11-30 23:14:07 +00:00
Zbigniew Jędrzejewski-Szmek
baf60a80b5
man: prettify line number handling in python example
...
This way the 'line_number' variable contains the actual line number as we think
of it, instead of adjusting it on output.
2021-11-30 22:56:51 +01:00
Yu Watanabe
e908434458
network: wireguard: automatically configure routes to addresses specified in AllowedIPs=
...
Closes #14176 .
2021-12-01 04:00:11 +09:00
Zbigniew Jędrzejewski-Szmek
77e289abb4
man: fix typo
...
Follow-up for c896eb7ad6
.
2021-11-30 13:54:27 +01:00
Zbigniew Jędrzejewski-Szmek
17cd1f627b
man: add missing plural and reorder sentence
...
We shouldn't explain what a value does before listing valid values…
Follow-up for 4f1ac4a38d
.
2021-11-30 13:52:32 +01:00
Yu Watanabe
a6f44d610c
tree-wide: fix typo
2021-11-30 12:30:07 +00:00
Yu Watanabe
718f0a74ab
man: fix copy-and-paste mistake
2021-11-30 09:29:51 +01:00
Zbigniew Jędrzejewski-Szmek
08e70b4a21
Merge pull request #21541 from bluca/analyze_security_profile
...
analyze: add --profile switch to security verb
2021-11-29 21:23:34 +01:00
Yu Watanabe
5b8bdd20c6
network/netdev: generate persistent MAC address for batadv and bridge
...
This mostly reverts 489f01f806
and
deb2cfa4c6
.
As now MACAddress=none is supported. So, users can still disable MAC
address assignment.
2021-11-28 12:04:55 +09:00
Yu Watanabe
aaa5ca57ae
network/netdev: make MACAddress= take 'none' to suppress generating persistent hardware address
...
This is mostly equivalent to .link file's MACAddressPolicy=none.
2021-11-28 12:04:55 +09:00
Luca Boccassi
0446921131
analyze: add --profile switch to security verb
...
Allows to pass a portable profile when doing offline analysis of
units. Especially useful for analyzing portable images, since a
lot of the security-relevant settings in those cases come from
the profiles, but they are not shipped in the portable images.
2021-11-26 18:17:26 +00:00
Luca Boccassi
485c9e19e7
Merge pull request #21253 from poettering/homed-auto-grow-shrink
...
homed: automatic grow/shrink of LUKS home dirs
2021-11-25 22:14:17 +00:00
Yu Watanabe
5213507113
network,udev: make .network and .link file can match with hardware address longer or shorter than ETH_ALEN
2021-11-25 20:14:46 +01:00
Lennart Poettering
6d6d4459ab
homectl: add new "homectl rebalance" command
...
Let's add an explicit, synchronous command to request immediate rebalancing and
wait for it.
2021-11-25 18:28:44 +01:00