1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

6556 Commits

Author SHA1 Message Date
Дамјан Георгиевски
12caf72716 bootctl: optionally install .signed efi file
if /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed exists
install that instead of /usr/lib/systemd/boot/efi/systemd-bootx64.efi

the idea is that SecureBoot tooling can create the efi.signed file
whenever /usr/lib/systemd/boot/efi/systemd-bootx64.efi from the package
is updated.
2021-12-08 22:21:34 +01:00
Daan De Meyer
8097f80500
Merge pull request #21637 from nabijaczleweli/EBA
kernel-install: export BOOT_ROOT instead of hacking it in hooks, note KERNEL_INSTALL_* ABI
2021-12-08 20:15:38 +00:00
Yu Watanabe
c923992c5c
Merge pull request #21678 from keszybz/sysusers-work
Make it easier to figure out what sysusers is doing and why
2021-12-09 04:35:50 +09:00
Daan De Meyer
ecfa85e9e1 docs: Clarify that the fd store is discarded when a service is stopped 2021-12-08 13:27:28 +00:00
наб
b51e71b2d2
kernel-install: note $KERNEL_INSTALL_{MACHINE_ID,BOOT_ROOT}= ABI 2021-12-08 13:44:27 +01:00
Zbigniew Jędrzejewski-Szmek
64fe10957b sysusers: add --dry-run 2021-12-08 11:46:33 +01:00
наб
dcd9d196a4 kernel-install: respect $MACHINE_ID and ignore /etc/machine-id if on tmpfs
Confer https://github.com/systemd/systemd/pull/19006#issuecomment-800234022:
  On some systems it's the admin's explicit choice not to to have the
  machine ID leak into the ESP
  On some systems the machine ID is transient, generated at every boot,
  and hence should not be written to the ESP
2021-12-08 09:34:02 +01:00
Zbigniew Jędrzejewski-Szmek
f333ed27fa
Merge pull request #20476 from jamacku/new-feature-reloaded-stamp
core: indicate the time when units were loaded
2021-12-07 18:47:25 +01:00
Zbigniew Jędrzejewski-Szmek
d4f8cd4d83
Merge pull request #21625 from yuwata/network-dhcp-6rd
network: dhcp: add 6rd support
2021-12-07 17:26:37 +01:00
Luca Boccassi
f43282670b core: add StartUnitWithFlags DBUS method
When an activation job is skipped because of a Condition*= setting failing,
currently the JobRemoved signal lists 'done' as the result, just as with
a successful job.

This is a problem when doing dbus activation: dbus-broker will receive a
signal that says the job was successful, so then it moves into a state where
it waits for the requested name to appear on the bus, but that never happens
because the job was actually skipped.

Add a new StartUnitWithFlags that changes the behaviour of the JobRemoved
signal to list 'done' or 'skipped'.

Fixes #21520
2021-12-07 16:30:49 +01:00
Jan Macku
49fbe940a4 core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic 2021-12-07 16:02:46 +01:00
Yu Watanabe
31fc1366d6 man: network: document Use6RD= setting 2021-12-07 20:33:20 +09:00
Yu Watanabe
a27588d4e7 network: dhcp-pd: rename [DHCPv6PrefixDelegation] -> [DHCPPrefixDelegation]
This just changes the names of settings, variables, functions, files, and so on.
No functionality is changed.

Preparation for supporting 6rd.
2021-12-07 20:30:30 +09:00
Yu Watanabe
2d00239cbe network: dhcp6pd: always use main route table for unreachable route
This mostly reverts e47bcb7d0b.
2021-12-07 18:35:30 +09:00
Yu Watanabe
ab106a609b network: eui64 address is supported only ethernet or infiniband
So, this makes prefixstable mode will be used for other interface types.
2021-12-06 21:07:12 +09:00
Zbigniew Jędrzejewski-Szmek
ec1574cd8e
Merge pull request #21454 from bluca/inspect_elf
analyze: add inspect-elf verb to parse package metadata
2021-12-06 12:45:25 +01:00
Pavel Březina
2f121b6fa1 man: fix description of sd_uid_get_sessions 2021-12-06 12:39:03 +01:00
Urs Ritzmann
25060a570c sd_bus_get_timeout: fix timeout value doc
The documentation of sd_bus_get_timeout wrongfully states that the returned time-value is relative. In fact, it is an absolute value which is based of CLOCK_MONOTONIC. This change corrects that documentation.
2021-12-06 11:21:48 +01:00
Zbigniew Jędrzejewski-Szmek
79fa910333
Merge pull request #21623 from nabijaczleweli/ekstrahuje
man/kernel-install clarifications
2021-12-06 11:10:40 +01:00
Zbigniew Jędrzejewski-Szmek
ea7c87bfd9
Merge pull request #21629 from yuwata/man-netdev-update
man: netdev: several cleanups
2021-12-06 10:23:04 +01:00
Yu Watanabe
ee44b32ff4 man: netdev: merge and reword Egress/IngressQOSMAps= 2021-12-06 17:59:35 +09:00
Yu Watanabe
9b65490f3f man: netdev: use … to specify range 2021-12-06 16:53:35 +09:00
Yu Watanabe
f3fa44cb8e man: netdev: use <varname> tag 2021-12-06 16:51:57 +09:00
Yu Watanabe
472e1349ed man: network: fix default values for DNSSEC= and DNSOverTLS= 2021-12-06 16:30:48 +09:00
Yu Watanabe
dee13c2f4e man: network: rebreak lines 2021-12-06 16:28:10 +09:00
наб
2a0ad72611
kernel-install: fix MACHINE_ID extraction behaviour description 2021-12-05 17:00:22 +01:00
наб
22a81fe49b
kernel-install: note the default $PRETTY_NAME if os-release wasn't found and that only 90-loaderentry uses it 2021-12-05 16:44:49 +01:00
наб
595fd662d4
kernel-install: note that 90-loaderentry will also use /usr/lib/k/cmdline 2021-12-05 16:44:48 +01:00
Yu Watanabe
72e65e6ffd network: add support to configure IPoIB interfaces 2021-12-05 00:18:58 +09:00
Yu Watanabe
b90d0f83b2 network/netdev: add support to create IPoIB subinterface 2021-12-04 15:06:58 +09:00
Yu Watanabe
bf1e65a4fd
Merge pull request #21585 from yuwata/network-radv-uplink-interface-auto-with-dhcp6-pd
network: cleanups for uplink interface handling for RADV and DHCP6-PD
2021-12-02 08:16:23 +09:00
KennthStailey
2ed6297f71 Fixed typo
`ip set dev eth0` should be `ip link set dev eth0`
2021-12-02 00:02:37 +09:00
Yu Watanabe
926fc8ee63 network: dhcp6: make UplinkInterface=:self take effect only when DHCPv6PrefixDelegation= is enabled 2021-12-01 20:35:03 +09:00
Yu Watanabe
f6032ff3e0 network: radv: use the uplink interface used in DHCPv6-PD 2021-12-01 20:35:03 +09:00
Luca Boccassi
81513b382b core: add Condition[Memory/CPU/IO]Pressure
By default checks PSI on /proc/pressure, and causes a unit to be skipped
if the threshold is above the given configuration for the avg300
measurement.
Also allow to pass a custom timespan, and a particular slice unit to
check under.

Fixes #20139
2021-12-01 09:53:18 +01:00
Yu Watanabe
99f8a6d7f5
Merge pull request #21581 from keszybz/really-random-fixlets
Really random fixlets
2021-12-01 12:54:00 +09:00
Luca Boccassi
917e655457 analyze: add inspect-elf verb to parse package metadata
Parses and prints package metadata from executables, libraries and core files

$ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverityb /bin/bash --json=off --no-pager
__________________________
           path: /tmp/core
        elfType: coredump
elfArchitecture: AMD x86-64

    module name: /tmp/crash
           type: deb
           name: hello
        version: 1.0
   architecture: amd64
             os: debian
      osVersion: 11
        buildId: b33541096a09c29a0ba4ec5c69364a2711b7c269

    module name: /usr/lib/x86_64-linux-gnu/libc-2.31.so
           type: deb
           name: hello
        version: 1.0
   architecture: amd64
             os: debian
      osVersion: 11
        buildId: 54eef5ce96cf37cb175b0d93186836ca1caf470c

    module name: /usr/lib/x86_64-linux-gnu/ld-2.31.so
           type: deb
           name: hello
        version: 1.0
   architecture: amd64
             os: debian
      osVersion: 11
        buildId: 32438eb3b034da54caf58c7a65446639f7cfe274
__________________________________________________________________
           path: /home/luca/git/systemd/../fsverity-utils/fsverity
        elfType: executable
elfArchitecture: AMD x86-64

           type: deb
           name: fsverity-utils
        version: 1.3-1
   architecture: amd64
             os: debian
   debugInfoUrl: https://debuginfod.debian.net
        buildId: 05b899e6ee0d3653e20458719b202ed3ca8d566f
_________________________
           path: /bin/bash
        elfType: executable
elfArchitecture: AMD x86-64

        buildId: 4fef260f60e257d2dbd4126bf8add83837aea190
$
$ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverity /bin/bash /tmp/core.test-condition.1000.f9b9a84a9fd1482c9702d6afa6f6934b.37640.1637083078000000 --json=pretty --no-pager
{
	"elfType" : "coredump",
	"elfArchitecture" : "AMD x86-64",
	"/home/bluca/git/fsverity-utils/fsverity" : {
		"type" : "deb",
		"name" : "fsverity-utils",
		"version" : "1.3-1",
		"buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee"
	},
	"/home/bluca/git/fsverity-utils/libfsverity.so.0" : {
		"type" : "deb",
		"name" : "fsverity-utils",
		"version" : "1.3-1",
		"buildId" : "b5e428254abf14237b0ae70ed85fffbb98a78f88"
	}
}
{
	"elfType" : "executable",
	"elfArchitecture" : "AMD x86-64",
	"/home/bluca/git/systemd/../fsverity-utils/fsverity" : {
		"type" : "deb",
		"name" : "fsverity-utils",
		"version" : "1.3-1",
		"buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee"
	}
}
{
	"elfType" : "executable",
	"elfArchitecture" : "AMD x86-64",
	"/bin/bash" : {
		"buildId" : "3313b4cb119dcce16927a9b6cc61dcd97dfc4d59"
	}
}
{
	"elfType" : "coredump",
	"elfArchitecture" : "AMD x86-64"
}
2021-11-30 23:14:07 +00:00
Zbigniew Jędrzejewski-Szmek
baf60a80b5 man: prettify line number handling in python example
This way the 'line_number' variable contains the actual line number as we think
of it, instead of adjusting it on output.
2021-11-30 22:56:51 +01:00
Yu Watanabe
e908434458 network: wireguard: automatically configure routes to addresses specified in AllowedIPs=
Closes #14176.
2021-12-01 04:00:11 +09:00
Zbigniew Jędrzejewski-Szmek
77e289abb4 man: fix typo
Follow-up for c896eb7ad6.
2021-11-30 13:54:27 +01:00
Zbigniew Jędrzejewski-Szmek
17cd1f627b man: add missing plural and reorder sentence
We shouldn't explain what a value does before listing valid values…

Follow-up for 4f1ac4a38d.
2021-11-30 13:52:32 +01:00
Yu Watanabe
a6f44d610c tree-wide: fix typo 2021-11-30 12:30:07 +00:00
Yu Watanabe
718f0a74ab man: fix copy-and-paste mistake 2021-11-30 09:29:51 +01:00
Zbigniew Jędrzejewski-Szmek
08e70b4a21
Merge pull request #21541 from bluca/analyze_security_profile
analyze: add --profile switch to security verb
2021-11-29 21:23:34 +01:00
Yu Watanabe
5b8bdd20c6 network/netdev: generate persistent MAC address for batadv and bridge
This mostly reverts 489f01f806 and
deb2cfa4c6.

As now MACAddress=none is supported. So, users can still disable MAC
address assignment.
2021-11-28 12:04:55 +09:00
Yu Watanabe
aaa5ca57ae network/netdev: make MACAddress= take 'none' to suppress generating persistent hardware address
This is mostly equivalent to .link file's MACAddressPolicy=none.
2021-11-28 12:04:55 +09:00
Luca Boccassi
0446921131 analyze: add --profile switch to security verb
Allows to pass a portable profile when doing offline analysis of
units. Especially useful for analyzing portable images, since a
lot of the security-relevant settings in those cases come from
the profiles, but they are not shipped in the portable images.
2021-11-26 18:17:26 +00:00
Luca Boccassi
485c9e19e7
Merge pull request #21253 from poettering/homed-auto-grow-shrink
homed: automatic grow/shrink of LUKS home dirs
2021-11-25 22:14:17 +00:00
Yu Watanabe
5213507113 network,udev: make .network and .link file can match with hardware address longer or shorter than ETH_ALEN 2021-11-25 20:14:46 +01:00
Lennart Poettering
6d6d4459ab homectl: add new "homectl rebalance" command
Let's add an explicit, synchronous command to request immediate rebalancing and
wait for it.
2021-11-25 18:28:44 +01:00