IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In mkosi, we've been having CI failures caused by
systemd-machine-id-commit.service timing out. Let's bump the timeout
for it and systemd-rfkill.service to 90s which we also use for other
oneshot services to avoid transient failures on slower systems.
By always cloning the latest branch commit, we can't bisect properly
using mkosi as when bisecting wildly different packaging sources will
be used compared to when the commit was merged. By using submodules, we
track individual commits which means when bisecting the same packaging
sources will be used.
We use git submodules as dependabot has support for automatically making
PRs to update git submodules. This commit also includes the necessary
dependabot configuration to enable this.
We make ubuntu/debian use the same submodule instead of adding the debian
packaging sources twice by introducing a new $PKG_SUBDIR environment variable
and using it instead of $DISTRIBUTION.
Typically if PK is not present we want to treat this as "denied". But
sometimes it makes sense to treat this case as "allowed".
In particular the combination POLKIT_ALWAYS_QUERY and
POLKIT_DEFAULT_ALLOW makes a lot of sense: it means we can enable PK
logic for actions where we so far bypassed the checks for root. With the
new combination we can have a default policy of allowing some operation
but still provide an effective hook to disable it.
Also add some debug logging about PK operations and results as they are ongoing.
When this flag is set we'll disable the local shortcut that skips polkit
checks for clients that are privileged, and assumes they are
authenticated.
Or in other words: if this flag is set, we'll query PK not matter what,
regardless if it's root we talk about or any other user.
This adds a new helper that basically just wraps
async_polkit_query_have_action() and allows calling this without
actually triggering a PK authentication operation: it just checks if we
aleady have acquired an action or not.
- prefix length and preference should be fit in uint8_t, and actually
the kernel and networkd uses uint8_t to store them.
- captive portal is now stored as a NUL-terminated string. Hence, it
is not necessary to also provide its length.
It is not used in this commit, but will be used for parsing NDisc
options in Router Advertisement message and friends.
The parser does mostly equivalent to what currently we do in
sd-ndisc-router.c. Several notable differences are:
- also perse source and target link-layer address,
- refuse multiple captive portals,
- check if the captive portal is in safe characters, as previously we
checked that in networkd-ndisc.c,
- dedup prefixes, routes, and pref64,
- limit the total number of options, for safety.
ProtectSystem=full remounts /boot and/or /efi read-only, but that
may trigger automount for the paths and delay the service being started.
===
systemd[1]: boot.automount: Got automount request for /boot, triggered by 720 ((networkd))
===
The service does not need to access the paths, so let's hide them.
Follow-up for f90eb08627.
Fixes#31742.
