1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-25 10:04:04 +03:00

908 Commits

Author SHA1 Message Date
Lennart Poettering
e127ac90ef
Merge pull request #22761 from poettering/pcr-fix
sd-boot: change kernel cmdline PCR from 8 to 12
2022-03-16 22:32:43 +01:00
Lennart Poettering
deb5c820ca sd-boot: disable bitlocker reboot feature for now
Conceptually the feature is great and should exist, but in its current
form should be worked to be generic (i.e. not specific to
Windows/Bitlocker, but appliable to any boot entry), not be global (but
be a per-entry thing), not require a BootXXXX entry to exist, and not
check for the BitLocker signature (as TPMs are not just used for
BitLocker).

Since we want to get 251 released, mark it in the documentation, in NEWS
and in code as experimental and make clear it will be reworked in a
future release. Also, make it opt-in to make it less likely people come
to rely on it without reading up on it, and understanding that it will
likely change sooner or later.

Follow-up for: #22043
See: #22390
2022-03-16 18:39:57 +01:00
Lennart Poettering
bbfabc4498 NEWS: add entry announcing PCR change 2022-03-16 17:44:46 +01:00
Jason A. Donenfeld
ffa047a03e random-util: remove RDRAND usage
/dev/urandom is seeded with RDRAND. Calling genuine_random_bytes(...,
..., 0) will use /dev/urandom as a last resort. Hence, we gain nothing
here by having our own RDRAND wrapper, because /dev/urandom already is
based on RDRAND output, even before /dev/urandom has fully initialized.

Furthermore, RDRAND is not actually fast! And on each successive
generation of new x86 CPUs, from both AMD and Intel, it just gets
slower.

This commit simplifies things by just using /dev/urandom in cases where
we before might use RDRAND, since /dev/urandom will always have RDRAND
mixed in as part of it.

And above where I say "/dev/urandom", what I actually mean is
GRND_INSECURE, which is the same thing but won't generate warnings in
dmesg.
2022-03-14 19:47:13 +00:00
Lennart Poettering
5e9c57d2e2 NEWS: add NEWS entry highlighting what the "entry-token" logic means for "gold image" builders 2022-03-11 11:39:34 +01:00
Lennart Poettering
69a21030b1
Merge pull request #22460 from bluca/monitor_refactor
core: split $MONITOR_METADATA and return it only if a single unit triggers OnFailure/OnSuccess
2022-03-10 18:34:20 +01:00
Luca Boccassi
3fbd5f2007 NEWS: note backward-incompatible MONITOR_METADATA change 2022-03-10 14:43:14 +00:00
Luca Boccassi
169bb1dee9 NEWS: note backward-incompatible change in StartUnitWithFlags() 2022-03-10 13:18:28 +00:00
Luca Boccassi
ce3ca32cb9 NEWS: note GetMetadataWithExtensions backward incompatible change 2022-03-07 14:49:54 +00:00
Yu Watanabe
5cf84d2545 NEWS: fix typo 2022-02-20 11:10:44 +09:00
Lennart Poettering
dfdaf9f2aa NEWS: update excerpt on container UID/GID mappings 2022-02-16 13:37:01 +01:00
Zbigniew Jędrzejewski-Szmek
8adba77294 NEWS: minor grammar adjustment
Follow-up for e41dcb822167116c8924e56b39640536df894bbd.
2022-02-15 10:30:35 +01:00
Yu Watanabe
e41dcb8221 NEWS: clarify that ForceDHCPv6PDOtherInformation= is removed
Closes #22493.
2022-02-13 11:50:05 +00:00
Lennart Poettering
bb7031bcaa NEWS: minor formatting tweaks 2022-02-01 17:59:49 +01:00
Christian Brauner
7e7a9f9c8b NEWS: mention temporary limitations for running containers in systemd-homed directories 2022-01-27 10:15:56 +00:00
Luca Boccassi
429cddbaf1 NEWS: note breaking change w.r.t. Restart=always and ExecCondition= 2022-01-26 19:03:34 +00:00
Yu Watanabe
f338a496e4 NEWS: update 2022-01-25 03:03:09 +09:00
Yu Watanabe
1d2842d1e6 NEWS: mention about the regression in WireGuard 2022-01-25 02:56:20 +09:00
Zbigniew Jędrzejewski-Szmek
a794a4d872 NEWS: adjust links to moved pages
All those pages contain a redirect at the top of the page, so it doesn't
make much sense to tell people to take the detour. Linking directly will
also increase the search rankings of the new pages.
2022-01-12 16:05:59 +01:00
Yu Watanabe
c0b28d44a9 NEWS: sort entries 2022-01-06 22:18:05 +09:00
Zbigniew Jędrzejewski-Szmek
a420d71793 NEWS: finalize release 2021-12-23 21:09:35 +01:00
Yu Watanabe
6e6dc09544 NEWS: update contributors list and release date 2021-12-23 19:54:07 +09:00
Zbigniew Jędrzejewski-Szmek
28be02e005 NEWS: add missing noun 2021-12-20 19:39:35 +01:00
Luca Boccassi
616779c345 NEWS: add note about path unit's TriggerLimitBurst= and TriggerLimitIntervalSec= 2021-12-20 13:52:49 +00:00
Zbigniew Jędrzejewski-Szmek
c20ecc9457 NEWS: add the boot loader stuff 2021-12-20 12:23:40 +01:00
Yu Watanabe
b0b1edc29b NEWS: fix typo 2021-12-17 04:12:14 +09:00
Zbigniew Jędrzejewski-Szmek
97b6ed3295 NEWS: update again 2021-12-16 14:18:09 +01:00
Zbigniew Jędrzejewski-Szmek
0c0bb433db
Merge pull request #21757 from DaanDeMeyer/boot-id
kernel-install: Introduce KERNEL_INSTALL_MACHINE_ID in /etc/machine-info
2021-12-16 13:47:17 +01:00
Daan De Meyer
357376d0bb kernel-install: Introduce KERNEL_INSTALL_MACHINE_ID in /etc/machine-info
If KERNEL_INSTALL_MACHINE_ID is defined in /etc/machine-info, prefer it
over the machine ID from /etc/machine-id. If a machine ID is defined in
neither /etc/machine-info nor in /etc/machine-id, generate a new UUID
and try to write it to /etc/machine-info as KERNEL_INSTALL_MACHINE_ID
and use it as the machine ID if writing it to /etc/machine-info succeeds.

In practice, this means we have a more robust fallback if there's no
machine ID in /etc/machine-id than just using "Default" and allows
image builders to force kernel-install to use KERNEL_INSTALL_MACHINE_ID
by simply writing it to /etc/machine-info themselves.
2021-12-16 12:24:42 +01:00
Yu Watanabe
bd47f33f16 NEWS: update networkd related entries 2021-12-16 02:12:03 +09:00
Zbigniew Jędrzejewski-Szmek
e63fa0756c NEWS: final update before -rc1 2021-12-09 15:32:55 +01:00
Zbigniew Jędrzejewski-Szmek
484abbe63b NEWS: add contributors 2021-12-09 13:31:11 +01:00
Zbigniew Jędrzejewski-Szmek
368910b1bf NEWS: fix crucial cultural misappropriation 2021-12-09 12:53:15 +01:00
Zbigniew Jędrzejewski-Szmek
dcdc652feb NEWS: adjust wording and reorder by category
Also wrap stuff to 80 columns, fix some spelling mistakes, and remove some
repetitions in phrasing.
2021-12-09 12:40:09 +01:00
Yu Watanabe
63b7d34716 NEWS: add more entries for v250 2021-12-09 19:40:38 +09:00
Daan De Meyer
6959a051cf NEWS file additions 2021-12-09 11:30:00 +01:00
Luca Boccassi
efeecf4010 NEWS: add more entries for v250 2021-12-06 15:58:38 +00:00
Luca Boccassi
11b109223f NEWS: add more entries for v250 2021-12-06 15:29:11 +00:00
Luca Boccassi
bf71ade808 NEWS: add more entries for v250 2021-12-05 14:12:36 +00:00
Lennart Poettering
195d181ca4 NEWS: start with an entry for v250 2021-11-26 14:49:25 +01:00
Lennart Poettering
721956f3e9
Merge pull request #20219 from khfeng/use-intel-hid-rfkill
hwdb: Remove intel-hid rfkill mask
2021-09-29 18:53:22 +02:00
Sho Iizuka
e447ffe4da NEWS: net.ipv4.tcp_ecn = 1 was reverted at v240
Turning on ECN was reverted by 1e190df.
2021-08-25 09:08:23 +01:00
Kai-Heng Feng
3c88ade5a0 NEWS: Note Intel HID rfkill mask is removed 2021-08-11 23:00:11 +08:00
Luca Boccassi
f6278558da NEWS: finalize for v249 2021-07-07 18:41:29 +01:00
Luca Boccassi
e7fbba5612 NEWS: note new user-visible change, drop 'in spe' 2021-07-07 10:36:04 +01:00
Luca Boccassi
fc4340b077 NEWS: update contributors list
Added Alexey Rubtsov, Icenowy Zheng, milaq, qhill, Trent Piepho,
Hamish Moffatt
2021-07-07 10:35:53 +01:00
Zbigniew Jędrzejewski-Szmek
88b2a95064 NEWS: add old entry about Type=ether
Apparently it's an important feature for some folks:
https://utcc.utoronto.ca/\~cks/space/blog/linux/NetworkdMACMatchesWidely.
I think we considered this more of a bugfix, but it's somewhere on the border.
Let's add this it's easier to discover.
2021-07-07 09:27:05 +02:00
Lennart Poettering
66e6128fc3 NEWS: update for imminent v249-rc3 tag 2021-07-01 17:18:11 +02:00
Zbigniew Jędrzejewski-Szmek
2f15b35352 NEWS: fix misplaces parenthesis
154b2f6129 (commitcomment-52902617)
2021-07-01 11:44:31 +02:00
Zbigniew Jędrzejewski-Szmek
b2f0876b7a NEWS: update contributor list for v249-rc3 2021-07-01 09:41:30 +02:00