IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Some .install plugins does not require that machine ID is set such as
20-grubby.install for Fedora and 50-depmod.install.
To support such plugins to run without valid machine-id, this commit
makes the following change:
* if /etc/machine-id is missing or empty, create temporary directory
and set its path to BOOT_DIR_ABS,
* run the .install helpers with KERNEL_INSTALL_MACHINE_ID environment
variable that'd be empty if /etc/machine-id is missing or empty.
This may be useful for installing kernel for e.g. stateless systems
which initialize machine-id while booting the systems.
If we could not communicate with systemd-resolved, we would call into
libnss_dns. libnss_dns would return NOTFOUND for stuff like "localhost" and
other names resolved by nss-myhostname, which we would fall under the !UNAVAIL=
condition and cause resolution to fail. So the following recommended
configuration in nsswitch.conf would not work:
hosts: resolve [!UNAVAIL=return] dns myhostname
Remove the internal fallback code completely so that the fallback logic
can be configured in nsswitch.conf.
Tested with
hosts: resolve [!UNAVAIL=return] myhostname
and
hosts: resolve [!UNAVAIL=return] dns myhostname
Fixes#5742.
This doesn't add anything major, but moves some stuff around.
In particular changes which might require updates to the build
environment (new kernel requirements, cgroup stuff, dbus, etc)
are moved to the top, where it's most likely that people will
read them. In particular cgroup hierarchy changes are moved to the
top because they're most likely to be problematic.
Various items are grouped by subject where it's easy.
The description of list-jobs --after/--before was reversed.
Apparently if people are adventurous enought to run Go programs in udev
rules they might run into problems with MemoryDenyWriteExecute=.
I am pretty sure the best way out is for the toolchain generating
programs incompatible with W^X to be fixed, but this still deserves
documentation.
This was forgotten for the 232 release, hence add it now, retroactively.
See: #5400
Let's make sure we verify that all BindsTo= are in order before we actually go
and dispatch a start operation to a unit. Normally the job queue should already
have made sure all deps are in order, but this might not have been sufficient
in two cases: a) when the user changes deps during runtime and reloads the
daemon, and b) when the user placed BindsTo= dependencies without matching
After= dependencies, so that we don't actually wait for the bound to unit to be
up before upping also the binding unit.
See: #4725
"sushell" is a Fedora-specific concept, shipped as part of
"initscripts". We shouldn't actively search for it if we can avoid it.
Hence, lets now default to /bin/sh as debug shell on all systems, and
permit Fedora to override that for their RPMs via --with-debug-shell= at
configure time.
Previously it was "[Yes, Fail, Skip]" which is pretty misleading because it
suggests that the whole word needs to be entered instead of a single char.
Also this won't fit well when we'll extend the number of choices.
This patch addresses this by changing the choice hint with "[y, f, s – h for help]"
so it's now clear that a single letter has to be entered.
It also introduces a new choice 'h' which describes all possible choices since
a single letter can be not descriptive enough for new users.
It also allow to stick with the same hint string regardless of how
many choices we will support.
Before this patch we had:
- "no" which gives "failing execution" but the command is actually assumed as
succeed.
- "skip" which gives "skipping", but the command is assumed to have failed,
which ends up with "Failed to start ..." on the console.
Now we have:
- "fail" which gives "failing execution" and the command is indeed assumed as
failed.
- "skip" which gives "skipping execution" and the command is assumed as
succeed.
Unfortunately, github drops the original commiter when a PR is "squashed" (even
if it is only a single commit) and replaces it with some rubbish
github-specific user id. Thus, to make the contributors list somewhat useful,
update the .mailmap file and undo all the weirdness github applied there.
In this mode, messages from processes which are not part of the session
land in the main journal file, and only output of processes which are
properly part of the session land in the user's journal. This is
confusing, in particular because systemd-coredump runs outside of the
login session.
"Deprecate" SplitMode=login by removing it from documentation, to
discourage people from using it.
As suggested by @mbiebl we already use the "!" special char in unit file
assignments for negation, hence we should not use it in a different context for
privileged execution. Let's use "+" instead.
"strict versioned dependency" suggests that version "231" of the library
is stable. But the ABI or API might be changed in any patch, so reword
the text to avoid using "version".
In some cases, caching DNS results locally is not desirable, a it makes DNS
cache poisoning attacks a tad easier and also allows users on the system to
determine whether or not a particular domain got visited by another user. Thus
provide a new "Cache" resolved.conf option to disable it.
There are many cgroups-related changes (thanks, @htejun!)
This commit will simplify testing a bit.
Use:
make run UNIFIED_CGROUP_HIERARCHY=yes to enable cgroup-v2
make run UNIFIED_CGROUP_HIERARCHY=no to enable cgroup-v1
... logind SIGHUP support, sd_journal_open_{directory,files}_fd,
specifiers in DeviceAllow, "generated" and "trasnient" unit types.
Move removed features to the end and cluster features by type.
Add an option to disable appending DHCP option 3 (Router) to the DHCP
OFFER and ACK packets.
This commit adds the boolean option EmitRouter= for the [DHCPServer]
section in .network files.
Rationale: On embedded devices, it is very useful to have a DHCP server
running on an USB OTG ethernet gadget interface to avoid manual setup on
the client PCs, but it should only serve IP addresses, no route(r)s.
Otherwise, Windows clients experience network connectivity issues, due
to them using the address set in DHCP option 3 as default gateway.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
We enable lingering for anyone who wants this. It is still disabled by
default to avoid keeping long-running processes accidentally.
Admins might want to customize this policy on multi-user sites.
This ensures that users sessions are properly cleaned up after.
The admin can still enable or disable linger for specific users to allow
them to run processes after they log out. Doing that through the user
session is much cleaner and provides better control.
dbus daemon can now be run in the user session (with --enable-user-session,
added in 1.10.2), and most distributions opted to pick this configuration.
In the normal case it makes a lot of sense to kill remaining processes.
The exception is stuff like screen and tmux. But it's easy enough to
work around, a simple example was added to the man page in previous
commit. In the long run those services should integrate with the systemd
users session on their own.
https://bugs.freedesktop.org/show_bug.cgi?id=94508https://github.com/systemd/systemd/issues/2900
NEWS for `219` references `machinectl list-images` to describe the introduced clone feature - this looks like a copy'n'paste problem.
Use `machinectl clone` instead.
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.
DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
It has fairly wide functionality now and the interface has been
stable for a while. It it a useful testing tool.
The name is changed to better indicate what it does.
Support for net_cls.class_id through the NetClass= configuration directive
has been added in v227 in preparation for a per-unit packet filter mechanism.
However, it turns out the kernel people have decided to deprecate the net_cls
and net_prio controllers in v2. Tejun provides a comprehensive justification
for this in his commit, which has landed during the merge window for kernel
v4.5:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd1060a1d671
As we're aiming for full support for the v2 cgroup hierarchy, we can no
longer support this feature. Userspace tool such as nftables are moving over
to setting rules that are specific to the full cgroup path of a task, which
obsoletes these controllers anyway.
This commit removes support for tweaking details in the net_cls controller,
but keeps the NetClass= directive around for legacy compatibility reasons.
Hardly any software uses that any more, and better locking mechanisms like
flock() have been available for many years.
Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as
nothing else is using this.