1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

67426 Commits

Author SHA1 Message Date
Lennart Poettering
340d979af3 condition: add ConditionSecurity=measured-uki
We have various services that should only run in a measured UKI
environment. Let's add an explicit high-level check for that.
2023-09-27 12:10:46 +02:00
Lennart Poettering
be8f478c0f efi-loader: rename efi_stub_measured() → efi_measured_uki()
Let's say "uki" rather than "stub", since that is just too generic, and
we shouldn't limit us to our own stub anyway, but generally define a
concept of a "measured UKI", which is a UKI that measures its part to
PCR 11.

This is mostly preparation for exposing this check to the user via
ConditionSecurity=.
2023-09-27 11:51:13 +02:00
Susant Sahani
0ba8374bb8 ndisc: Also set link hoplimit
The per route hop limit does not place the hop limit in the IPv6 header.
https://github.com/systemd/systemd/issues/28437#issuecomment-1711055181
2023-09-27 11:05:15 +02:00
Lennart Poettering
c8cb548f0b Revert "userdbd: Order systemd-userdbd.service after systemd-remount-fs.service"
This reverts commit 9dd8858281.
2023-09-27 11:02:06 +02:00
Christian Hesse
75271582be fix typo in NEWS
Looks like `-a change` is a typo and should have been `-c change` to
match on the action.
2023-09-27 17:24:39 +09:00
Balázs Úr
3d6df0c4e2 po: Translated using Weblate (Hungarian)
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: Balázs Úr <balazs@urbalazs.hu>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/hu/
Translation: systemd/main
2023-09-27 07:56:54 +00:00
Abderrahim Kitouni
ad4934904a update-dbus-docs: Test that items are documented in the History section
This also adds an ignore list, which currently contains the whole API as of
version 250, since that's the base we used for dbus interfaces.

See d9d2d16aea
2023-09-26 19:11:53 +01:00
Daan De Meyer
3bd337a084 network: Rename json_append_one() and move to json.h 2023-09-26 19:01:34 +01:00
Daan De Meyer
418a498777 journal: Stop trying to open runtime journal once flushed
Once we've flushed the runtime journal to /var, stop trying to open
it since that will just fail with ENOENT all the time.
2023-09-26 19:01:07 +01:00
Jan Janssen
90461ef56f meson: Fix version script handling
Build targets should have a link dependency on the version scripts they
use. This also uses absolute paths in anticipation for meson 1.3
needlessly deprecating file to string conversions.
2023-09-26 19:41:53 +02:00
huyubiao
b53a80966e systemd-hwdb: fix unsigned and signed comparison problem
...
uint8_t c;
struct trie_node *child;

for (p = 0; (c = trie->strings->buf[node->prefix_off + p]); p++) {
        _cleanup_free_ struct trie_node *new_child = NULL;
        _cleanup_free_ char *s = NULL;
        ssize_t off;
if (c == search[i + p])
        continue;
...
When '®' is present in search, c is 194, search[i + p] is -62, c is not equal to search[i + p], but c should be equal to search[i + p].
2023-09-26 17:38:16 +01:00
beh_10257
5808300c44
add support for hp pavilion gaming 15 lid switch (#29304)
Tested together with kernel patch: https://lore.kernel.org/linux-acpi/20230920130506.8595-1-hdegoede@redhat.com/
but the d7 key is still interpreted as a wlan key switch, so an hwdb update is needed.

Raw dmi:

dmi:bvnInsyde:bvrF.45:bd07/07/2023:br15.45:efr2.51:svnHP:pnHPPavilionGamingLaptop15-dk1xxx:pvrType1ProductConfigId:rvnHP:rn8742:rvr02.51:cvnHP:ct10:cvrChassisVersion:sku20T68EA#BH4::

Related to: https://github.com/systemd/systemd/issues/28942
2023-09-26 13:32:03 +01:00
Lennart Poettering
d4899d49e6 Revert "man: Add /usr/local/lib path to Synopsis section for modules-load"
This reverts commit 1781176768.
2023-09-26 13:15:12 +01:00
Lennart Poettering
1617424ce7 udev: raise RLIMIT_NOFILE as high as we can
We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE
to what the service manager allows us, which is quite a lot these days.

udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus
ensuring that forked off processes get their RLIMIT_NOFILE soft limit
reset to 1K for compat with crappy old select().

Replaces: #29298
Fixes: #28583
2023-09-26 13:01:02 +02:00
Lennart Poettering
7af33700e6 varlink: remove duplicate varlink_clear_current() 2023-09-26 12:59:24 +02:00
Mike Yuan
fe3d33c140 core/service: log the next restart usec only when we're arming timer
service_restart_usec_next() is also called when querying
'RestartUSecNext' dbus property. Let's avoid the redundant
logging triggered every time user does a 'systemctl status'.
2023-09-26 12:59:15 +08:00
Raul Cheleguini
1781176768 man: Add /usr/local/lib path to Synopsis section for modules-load 2023-09-26 12:56:32 +08:00
Luca Boccassi
4c9a288154 man: document SystemState's possible values 2023-09-25 22:55:54 +01:00
Abderrahim Kitouni
01f5c5d52d man: add version information for udev functions 2023-09-25 22:29:38 +01:00
Luca Boccassi
e1e0c4f025
Merge pull request #29314 from YHNdnzj/firstboot-fixup
Small fixups for first boot
2023-09-25 22:29:24 +01:00
Lennart Poettering
902dc432e2
Merge pull request #29309 from poettering/resolved-varlink-tweaks
resolved: minor varlink API tweaks
2023-09-25 23:27:33 +02:00
Lennart Poettering
0869e1326a oomd: correct listening sockets
So, unfortunately oomd uses "io.system." rather than "io.systemd." as
prefix for its sockets. This is a mistake, and doesn't match the
Varlink interface naming or anything else in oomd.

hence, let's fix that.

Given that this is an internal protocol between PID1 and oomd let's
simply change this without retaining compat.
2023-09-25 23:27:18 +02:00
Lennart Poettering
a4edf0335d varlink: move O_NONBLOCK setting to varlink_server_listen_fd(), and set O_CLOEXEC too
Let's move setting of O_NONBLOCK into varlink_server_listen_fd() and out
of varlink_server_create_listen_fd_socket(). The latter has two callers:
varlink_server_listen_fd() and varlink_server_listen_address(), which
guarantees O_CLOEXEC+O_NONBLOCK anyway, hence no neet to repeat the
logic.
2023-09-25 23:27:04 +02:00
Lennart Poettering
0e19744232
Merge pull request #29315 from poettering/strgrowpad0
string-util: make strgrowpad0() safer
2023-09-25 23:26:47 +02:00
Luca Boccassi
5ea69810fe
Merge pull request #29308 from aafeijoo-suse/dissect-fix
dissect: fix man and bash-completion
2023-09-25 19:16:08 +01:00
Lennart Poettering
3510df0ae4 repart: add extra safety check that the verity signature fits in the partition we want to write 2023-09-25 19:10:37 +02:00
Lennart Poettering
8e47958423 string-util: make strgrowpad0() a bit safer
Let#s make sure we never shorten the allocation leaving an invalid
string (i.e. a memory allocation without a trailing NUL) around.
2023-09-25 19:10:37 +02:00
Mike Yuan
ff4a7d32f1
man/systemd-firstboot: /etc/ empty -> unpopulated
We use the phrase "unpopulated" in systemd.unit(5) too.
And "/etc/ is empty" is simply spurious.
2023-09-26 01:01:57 +08:00
Mike Yuan
60e4b4291b
core/main: log that we assume first boot if failed to read machine-id 2023-09-26 01:00:23 +08:00
Lennart Poettering
b907b9075e alloc-util: remove duplicate empty line 2023-09-25 18:49:21 +02:00
Lennart Poettering
510b3b06fc resolved: rename varlink function to match exposed method name 2023-09-25 18:45:52 +02:00
Lennart Poettering
0319a28e42 resolved: also expose interface index in server JSON data 2023-09-25 18:45:52 +02:00
Lennart Poettering
8dcce20a27
Merge pull request #29301 from poettering/pcr-extend-rename
rename pcrphase binary to pcrextend
2023-09-25 18:28:03 +02:00
Lennart Poettering
75174a5de9 man: briefly document that we are now keeping an event log in userspace for out measurements 2023-09-25 17:17:20 +02:00
Lennart Poettering
b0d00ec60a pcrextend: make PCR index configurable
Let's make the tool a tiny bit more generic by allowing the PCR index to
measure into to be configurable.
2023-09-25 17:17:20 +02:00
Lennart Poettering
32295fa08f pcrphase: rename binary to pcrextend
The tool initially just measured the boot phase, but was subsequently
extended to measure file system and machine IDs, too. At AllSystemsGo
there were request to add more, and make the tool generically
accessible.

Hence, let's rename the binary (but not the pcrphase services), to make
clear the tool is not just measureing the boot phase, but a lot of other
things too.

The tool is located in /usr/lib/ and still relatively new, hence let's
just rename the binary and be done with it, while keeping the unit names
stable.

While we are at it, also move the tool out of src/boot/ and into its own
src/pcrextend/ dir, since it's not really doing boot related stuff
anymore.
2023-09-25 17:17:20 +02:00
Antonio Alvarez Feijoo
acb7d23d8f
bash-completion: add missing commands and options to systemd-dissect 2023-09-25 16:46:11 +02:00
Frantisek Sumsal
7f048f0ed0 test: enable debug logs for the user instances as well
To make debugging [0], hopefully, easier.

[0] https://github.com/systemd/systemd/issues/28504
2023-09-25 15:24:11 +01:00
Luca Boccassi
b7733dfee9
Merge pull request #29303 from abderrahim/syntax-fixes
man: a couple of small fixes
2023-09-25 15:23:48 +01:00
Antonio Alvarez Feijoo
a0582220f5
man/systemd-dissect: various fixes
- Add synopsis to `--discover` and `--validate` options.
- `-l` is for `--list`, not for `--mtree`.
2023-09-25 16:16:41 +02:00
Abderrahim Kitouni
0ee4239437 man: fix docbook syntax for function docs
This fixes sd_bus_error_add_map and man/sd_uid_get_state
2023-09-25 13:34:45 +01:00
Abderrahim Kitouni
d511acdf82 man/kernel-command-line: don't refer early_core_pattern to systemd
It is defined later in the same file
2023-09-25 13:14:34 +01:00
Zbigniew Jędrzejewski-Szmek
61afc53924 docs/FDS: add missing article and reword sentence 2023-09-25 11:30:02 +01:00
Lennart Poettering
02c9d62b30 update TODO 2023-09-25 12:23:29 +02:00
Daan De Meyer
7d376f1dde mkosi: Run meson and ninja as the user invoking mkosi
Latest mkosi sets $MKOSI_UID and $MKOSI_GID to the uid/gid of the
user running mkosi. Let's make use of this to run meson setup and
ninja as the user running mkosi, so that if we execute git as a
subprocess during meson setup, it doesn't complain about unsafe
directories. This also makes sure all the build artifacts are owned
on the host by the user running mkosi.
2023-09-25 11:06:15 +01:00
김인수
e2b8a61919 po: Translated using Weblate (Korean)
Currently translated at 100.0% (227 of 227 strings)

Co-authored-by: 김인수 <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ko/
Translation: systemd/main
2023-09-25 12:59:02 +09:00
Alexandre Peixoto Ferreira
13abd00685
sd-dhcp-client: reject NAKs from servers that we did not send an offer to (#29290)
To support multiple DHCP servers in a network.
2023-09-25 11:46:41 +09:00
Takashi Sakamoto
fb86af6399 hwdb: ieee1394-unit-function: add Miglia Technology Harmony Audio (HA02)
This commit adds hwdb entry for Miglia Technology Harmony Audio (HA02).
The device is an application of OXford Semiconductor FW970 and will be
supported by ALSA oxfw driver in future.
2023-09-24 10:56:40 +01:00
Frantisek Sumsal
18c3ffbfcc test: wait for the swtpm socket to appear
On slower/overloaded systems it may take a bit for the swtpm socket
to show up:

I: Started swtpm as PID 189419 with state dir /tmp/tmp.pWqUutuGUj
I: Configured emulated TPM2 device tpm-spapr
+ tee /var/tmp/systemd-test-TEST-70-TPM2_1/console.log
+ timeout --foreground 1200 /bin/qemu-system-ppc64le -smp 4 ...
qemu-system-ppc64le: -chardev socket,id=chrtpm,path=/tmp/tmp.pWqUutuGUj/sock: Failed to connect to '/tmp/tmp.pWqUutuGUj/sock': No such file or directory
E: qemu failed with exit code 1

Spotted regularly in the ppc64le cron job and in some Ubuntu CI/CentOS CI
pr runs [0].

[0] https://github.com/systemd/systemd/pull/29183#issuecomment-1721727927
2023-09-23 11:32:12 +01:00
Frantisek Sumsal
3a89904e45 test: don't panic on soft lockups
We can't do anything about them anyway, and most importantly this seems
to alleviate systemd/systemd-centos-ci#660, which should make the CIs
a bit less angry (at least until the issue is addressed properly).
2023-09-23 14:19:55 +08:00