1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

56843 Commits

Author SHA1 Message Date
Grigori Goronzy
2f5a892aa0 tpm2: support policies with PIN
Modify TPM2 authentication policy to optionally include an authValue, i.e.
a password/PIN. We use the "PIN" terminology since it's used by other
systems such as Windows, even though the PIN is not necessarily numeric.

The pin is hashed via SHA256 to allow for arbitrary length PINs.

v2: fix tpm2_seal in sd-repart
v3: applied review feedback
2022-03-15 21:17:00 +01:00
Grigori Goronzy
e560cf4f71 hmac/sha256: move size define to sha256.h 2022-03-15 21:17:00 +01:00
Daan De Meyer
cc20479f42 bpf: Fix error handling
The __open() functions actually set errno on failure so let's
update the error handling to account for that.
2022-03-15 17:14:19 +00:00
Daan De Meyer
8f048bb76a bpf: Log at debug when checking if restricting ifaces is supported
Same change as 1a9e33aee3 did for
socket-bind.
2022-03-15 17:12:06 +00:00
Yu Watanabe
172e3817b0 home: use open_image_file() helper at one more place 2022-03-15 22:07:11 +09:00
Frantisek Sumsal
c8a4306e63
Merge pull request #22745 from yuwata/test-repart-fixes
test: fixes for TEST-58-REPART
2022-03-15 11:52:50 +00:00
Yu Watanabe
3b591ebbd1
Merge pull request #22739 from mrc0mmand/list-boot-followup
A couple of follow-ups for #22721
2022-03-15 15:59:45 +09:00
Yu Watanabe
e60c3c72f7 home: shorten code a bit and add missing assertions
This drops redundant call of fstat(), and reduces indentation.
2022-03-15 12:38:08 +09:00
Yu Watanabe
6626ea08f6 test: wait for loopback device being actually created
It seems there exists a short time period that we cannot see the
loopback device after `losetup` is finished:
```
testsuite-58.sh[367]: ++ losetup -b 1024 -P --show -f /tmp/testsuite-58-sector-1024.img
kernel: loop1: detected capacity change from 0 to 204800
testsuite-58.sh[285]: + LOOP=/dev/loop1
testsuite-58.sh[285]: + systemd-repart --pretty=yes --definitions=/tmp/testsuite-58-sector/ --seed=750b6cd5c4ae4012a15e7be3c29e6a47 --empty=require --dry-run=no /dev/loop1
testsuite-58.sh[368]: Device '/dev/loop1' has no dm-crypt/dm-verity device, no need to look for underlying block device.
testsuite-58.sh[368]: Failed to determine canonical path for '/dev/loop1': No such file or directory
testsuite-58.sh[368]: Failed to open file or determine backing device of /dev/loop1: No such file or directory
```
2022-03-15 12:35:50 +09:00
Yu Watanabe
8c166c962d test: format disk image through loopback device
It seems that the change on the image file sometimes not propagated on
the loopback device immediately.
2022-03-15 12:35:50 +09:00
Yu Watanabe
cc75e1f7c9 test: use /var/tmp for storing disk images
The Ubuntu CI on ppc64el seems to have a issue on tmpfs, and files
may not be fsynced. See c10caebb98.
For safety, let's use /var/tmp to store disk images.
2022-03-15 12:35:50 +09:00
Luca Boccassi
629c1cdf03
Merge pull request #22730 from GeorgesStavracas/gbsneto/multimedia-stream-deck
Add AV production devices to hwdb
2022-03-14 23:40:51 +00:00
Vivien Didelot
7080df5c2e units: fix factory-reset.target description
The current description for the factory reset target does not add any
value and doesn't respect the definition of the related property as
described in systemd.unit(5).

Starting the target currently results in the following log:

    [   11.139174] systemd[1]: Reached target Target that triggers factory reset. Does nothing by default..
    [  OK  ] Reached target Target that…set. Does nothing by default..

Simply update the target description to "Factory Reset".

Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com>
2022-03-14 22:39:32 +00:00
Frantisek Sumsal
f01aafd283 journal: make --reverse affect --list-boots
Fixes: #16274
2022-03-14 23:33:59 +01:00
Frantisek Sumsal
8e4b9a252b journal: use table_set_json_field_name() to override a column name
Pointed out in: https://github.com/systemd/systemd/pull/22721#discussion_r826014227
Follow-up for: 5a1355d848
2022-03-14 23:33:22 +01:00
Lennart Poettering
715193d1a6
Merge pull request #22734 from poettering/decimal-str-width-test
DECIMAL_STR_WIDTH() + DECIMAL_STR_MAX() tweaks
2022-03-14 23:07:59 +01:00
Luca Boccassi
e9c3312da1
Merge pull request #22727 from fbuihuu/journald-preserve-acl-when-rotating
Journald preserve acl when rotating
2022-03-14 20:39:14 +00:00
Jason A. Donenfeld
ffa047a03e random-util: remove RDRAND usage
/dev/urandom is seeded with RDRAND. Calling genuine_random_bytes(...,
..., 0) will use /dev/urandom as a last resort. Hence, we gain nothing
here by having our own RDRAND wrapper, because /dev/urandom already is
based on RDRAND output, even before /dev/urandom has fully initialized.

Furthermore, RDRAND is not actually fast! And on each successive
generation of new x86 CPUs, from both AMD and Intel, it just gets
slower.

This commit simplifies things by just using /dev/urandom in cases where
we before might use RDRAND, since /dev/urandom will always have RDRAND
mixed in as part of it.

And above where I say "/dev/urandom", what I actually mean is
GRND_INSECURE, which is the same thing but won't generate warnings in
dmesg.
2022-03-14 19:47:13 +00:00
Lennart Poettering
e28770e367 docs: document how we usually define enums 2022-03-14 19:10:11 +00:00
Lennart Poettering
67840dbf37 hostnamed: update chassis table to SMBIOS 3.5 2022-03-14 18:44:09 +00:00
Lennart Poettering
40f55f6998 docs: document we use C11 with GNU extensions now
Follow-up for: #22711
2022-03-14 18:43:49 +00:00
Georges Basile Stavracas Neto
e982320b44 hwdb: Add AV production access to Elgado Stream Deck devices
The Stream Deck products from Elgato are simple key pads
intended to be used as macro pads. They're popular within
the streaming community.

This commit adds all 5 Stream Deck variants available to
the AV production file.

See https://www.elgato.com/en/stream-deck
2022-03-14 14:49:04 -03:00
Be
f2c36c0e24 Add AV production controllers to hwdb and add uaccess
This adds support for AV production controller devices, such
as DJ tables, music-oriented key pads, and others.

The USB vendor and product IDs come from Mixxx, Ctlra, and
Ardour.

Fixes #20533

Co-developed-by: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
2022-03-14 14:47:32 -03:00
Frantisek Sumsal
faf20d4cca journal: reset previously set JSON flags
Make sure we reset the JSON format flags if the format option is used
multiple times, e.g. `journalctl -o json-format -o export`.

Pointed out in: https://github.com/systemd/systemd/pull/22721#discussion_r826018985
Follow-up for: 5a1355d848
2022-03-14 18:28:19 +01:00
Lennart Poettering
b068ef6b3e test: add test case for DECIMAL_STR_MAX() 2022-03-14 18:18:24 +01:00
Lennart Poettering
56da8d5af3 macro: handle DECIMAL_STR_MAX() special cases more accurately
So far DECIMAL_STR_MAX() overestimated the types in two ways: it would
also adds space for a "-" for unsigned types.

And it would always return the same size for 64bit values regardless of
signedness, even though the longest maximum numbers for signed and
unsigned differ in length by one digit. i.e. 2^64-1 (i.e. UINT64_MAX) is
one decimal digit longer than -2^63 (INT64_MIN) - for the other integer
widths the number of digits in the "longest" decimal value is always the
same, regardless of signedness. by example: strlen("65535") ==
strlen("32768") (i.e. the relevant 16 bit limits) holds — and similar
for 8bit and 32bit integer width limits — but
strlen("18446744073709551615") > strlen("9223372036854775808") (i.e. the
relevant 64 bit limits).

Let's fix both misestimations.
2022-03-14 18:18:24 +01:00
Lennart Poettering
845ed47231 test: add test for DECIMAL_STR_WIDTH() 2022-03-14 18:18:24 +01:00
Lennart Poettering
92463840f8 macro: DECIMAL_STR_WIDTH() is about *values* not *types*
Hence, check if the value is negative, not whether the type can carry
negatives.

Follow-up for: e3dd9ea8ea
2022-03-14 18:10:49 +01:00
Lennart Poettering
14a8002ae5 test: change // comments to /* */
We use // comments only for "FIXME" style comments, and explanatory
comments get /* */, as per coding style.
2022-03-14 18:10:49 +01:00
Franck Bui
e394a6fc09 copy: use FLAGS_SET() in copy_xattr() 2022-03-14 18:06:42 +01:00
Franck Bui
11ee11dbb3 journal: preserve acls when rotating user journals with NOCOW attribute set
When restoring the COW flag for journals on BTRFS, the full journal contents
are copied into new files. But during these operations, the acls of the
previous files were lost and users were not able to access to their old
journal contents anymore.
2022-03-14 18:03:02 +01:00
Franck Bui
43c893e73e copy: fix wrong argument passed to S_ISREG() in copy_file_fd_full()
Follow-up for 2f78204498.
2022-03-14 16:46:54 +01:00
Lennart Poettering
0d67e2b584 random-util: drop left-over comment
We don't use non-blocking mode anymore, since 31234fbeec

Follow-up for: 31234fbeec
2022-03-14 16:46:54 +01:00
Yu Watanabe
d4782b51ec
Merge pull request #22721 from mrc0mmand/journalctl-tweaks
journal: convert --list-boots to a table
2022-03-14 10:59:13 +09:00
Frantisek Sumsal
a77d351e4d test: extend format-table tests with negative numbers 2022-03-13 21:03:08 +01:00
Yu Watanabe
c86efe34df man: replace full stop with colon
Fixes #22724.
2022-03-13 18:30:57 +00:00
Frantisek Sumsal
5a1355d848 journal: convert --list-boots to a table
so it can be output as JSON as well.

```
$ build-san/journalctl --list-boots --file boot-test.journal
IDX BOOT ID                          FIRST ENTRY                 LAST ENTRY
 -3 39d66eb1925f4d01b8464d502650a714 Sat 2022-03-05 15:20:33 CET Sat 2022-03-05 16:19:21 CET
 -2 5dffeb08a27344d5ae9e2fc244bbcbc5 Fri 2022-03-11 17:23:57 CET Fri 2022-03-11 17:38:31 CET
 -1 c8ebd52915b642c39eda4bf00f864f79 Fri 2022-03-11 17:38:41 CET Fri 2022-03-11 20:03:46 CET
  0 00bcba97c7094fa88cc5d1cf2a389057 Sat 2022-03-12 20:39:08 CET Sat 2022-03-12 20:40:18 CET

$ build-san/journalctl --list-boots --file boot-test.journal -q
-3 39d66eb1925f4d01b8464d502650a714 Sat 2022-03-05 15:20:33 CET Sat 2022-03-05 16:19:21 CET
-2 5dffeb08a27344d5ae9e2fc244bbcbc5 Fri 2022-03-11 17:23:57 CET Fri 2022-03-11 17:38:31 CET
-1 c8ebd52915b642c39eda4bf00f864f79 Fri 2022-03-11 17:38:41 CET Fri 2022-03-11 20:03:46 CET
 0 00bcba97c7094fa88cc5d1cf2a389057 Sat 2022-03-12 20:39:08 CET Sat 2022-03-12 20:40:18 CET

$ build-san/journalctl --list-boots --file boot-test.journal -o json-pretty
[
        {
                "index" : -3,
                "boot_id" : "39d66eb1925f4d01b8464d502650a714",
                "first_entry" : 1646490033438495,
                "last_entry" : 1646493561047353
        },
        {
                "index" : -2,
                "boot_id" : "5dffeb08a27344d5ae9e2fc244bbcbc5",
                "first_entry" : 1647015837289036,
                "last_entry" : 1647016711595489
        },
        {
                "index" : -1,
                "boot_id" : "c8ebd52915b642c39eda4bf00f864f79",
                "first_entry" : 1647016721056382,
                "last_entry" : 1647025426397414
        },
        {
                "index" : 0,
                "boot_id" : "00bcba97c7094fa88cc5d1cf2a389057",
                "first_entry" : 1647113948506002,
                "last_entry" : 1647114018943637
        }
]
```

Resolves: #14625
2022-03-13 19:25:21 +01:00
Frantisek Sumsal
e3dd9ea8ea macro: account for negative values in DECIMAL_STR_WIDTH()
With negative numbers we wouldn't account for the minus sign, thus
returning a string with one character too short, triggering buffer
overflows in certain situations.
2022-03-13 19:25:18 +01:00
Yu Watanabe
21547367cd doc: fix error code 2022-03-13 10:24:45 +00:00
Frantisek Sumsal
34c4dff4d2 time-util: support parsing OUTPUT_SHORT and OUTPUT_SHORT_PRECISE timestamps
so we can feed journalctl the localized syslog-style timestamps it shows
by default, e.g.:

```
$ LANG=cs_CZ.utf-8 build-san/journalctl -b --no-hostname | head -n1
led 30 22:13:54 systemd-journald[981]: System Journal (/var/log/journal/1588e1d9d0b74acdbaada907b163b837) is 4.1G, max 4.0G, 0B free.
$ LANG=cs_CZ.utf-8 build-san/journalctl --no-hostname --since 'led 30 22:13:54' -n1
led 30 22:13:54 systemd-journald[981]: System Journal (/var/log/journal/1588e1d9d0b74acdbaada907b163b837) is 4.1G, max 4.0G, 0B free.
$ LANG=cs_CZ.utf-8 build-san/journalctl --no-hostname --since 'led 30 22:13:54.9999' -n1
led 30 22:13:58 rsyslogd[1300]: imjournal: journal files changed, reloading...  [v8.2102.0-4.fc35 try https://www.rsyslog.com/e/0 ]
```

Resolves: #15899
2022-03-12 17:18:08 +00:00
Luca Boccassi
1627f158fc
Merge pull request #22463 from poettering/kernel-install-propagate-machine-id
kernel-install: clean-up machine-id handling
2022-03-12 17:17:28 +00:00
Yu Watanabe
27a5281f4b
Merge pull request #22711 from yuwata/c11
move to C11 (gnu11) and use u8 specifier for special characters
2022-03-12 14:27:48 +09:00
Luca Boccassi
9c9a6123d7
Merge pull request #22714 from mrc0mmand/codeql-docs
A couple of doc updates
2022-03-11 19:03:38 +00:00
Frantisek Sumsal
7fcded4055 resolve: update the referenced RFC & section for mDNS
Resolves: #20386
2022-03-11 16:55:55 +01:00
Frantisek Sumsal
42734a21eb test: document how to run CodeQL/LGTM stuff manually
Let's have this documented somewhere so I don't have to relearn all this
stuff every time I need it.
2022-03-11 16:51:53 +01:00
Luca Boccassi
1bd29614ff
Merge pull request #22631 from yuwata/network-redesign-request-queue
network: re-design request queue
2022-03-11 10:48:45 +00:00
Lennart Poettering
5e9c57d2e2 NEWS: add NEWS entry highlighting what the "entry-token" logic means for "gold image" builders 2022-03-11 11:39:34 +01:00
Lennart Poettering
f337f903df bootctl: update to new kernel-install semantics
This makes a bunch of closely related changes:

1. The "entry-token" concept already introduced in kernel-install is now
   made use of. i.e. specifically there's a new option --entry-token=
   that can be used to explicitly select by which ID to identify boot
   loader entries: the machine ID, or some OS ID (ID= or IMAGE_ID= from
   /etc/os-release, or even some completely different string. The
   selected string is then persisted to /etc/kernel/entry-token, so that
   kernel-install can find it there.

2. The --make-machine-id-directory= switch is renamed to
   --make-entry-directory= since after all it's not necessarily the
   machine ID the dir is named after, but can be any other string as
   selected by the entry token.

3. This drops all code to make automatic changes to /etc/machine-info.
   Specifically, the KERNEL_INSTALL_MACHINE_ID= field is now more
   generically implemented in /etc/kernel/entry-token described above,
   hence no need to place it at two locations. And the
   KERNEL_INSTALL_LAYOUT= field is not configurable by user switch or
   similar anyway in bootctl, but only read from
   /etc/kernel/install.conf, and hence copying it from one configuration
   file to another appears unnecessary, the second copy is fully
   redundant. Note that this just drops writing these fields, they'll
   still be honoured when already set.
2022-03-11 11:39:34 +01:00
Lennart Poettering
fe81e346c8 man: document recent changes
This drops documentation of KERNEL_INSTALL_MACHINE_ID as machine-info
field (though we'll still read it for compat).

This updates the kernel-install man page to always say "ENTRY-TOKEN"
instead of "MACHINE-ID" where appropriate, to clear the confusion up
between the two.

This also tries to fix how we denote env vars (always prefix with $ and
without = suffix), and other vars (without $ but with = suffix)

Other fixes.
2022-03-11 11:39:34 +01:00
Lennart Poettering
c73cf41844 kernel-install: add new "inspect" verb, showing paths and parameters we discovered 2022-03-11 11:39:34 +01:00