1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

6223 Commits

Author SHA1 Message Date
Luca Boccassi
587f2a5e56 coredump: check cgroups memory limit if storing on tmpfs
When /var/lib/systemd/coredump/ is backed by a tmpfs, all disk usage
will be accounted under the systemd-coredump process cgroup memory
limit.
If MemoryMax is set, this might cause systemd-coredump to be terminated
by the kernel oom handler when writing large uncompressed core files,
even if the compressed core would fit within the limits.

Detect if a tmpfs is used, and if so check MemoryMax from the process
and slice cgroups, and do not write uncompressed core files that are
greater than half the available memory. If the limit is breached,
stop writing and compress the written chunk immediately, then delete
the uncompressed chunk to free more memory, and resume compressing
directly from STDIN.

Example debug log when this situation happens:

systemd-coredump[737455]: Setting max_size to limit writes to 51344896 bytes.
systemd-coredump[737455]: ZSTD compression finished (51344896 -> 3260 bytes, 0.0%)
systemd-coredump[737455]: ZSTD compression finished (1022786048 -> 47245 bytes, 0.0%)
systemd-coredump[737455]: Process 737445 (a.out) of user 1000 dumped core.
2021-06-08 14:05:56 +01:00
Luca Boccassi
93ff34e44a core: add MemoryAvailable unit property
Try to infer the unused memory that a unit can claim before the
memory.max limit is reached, including any limit set on any parent
slice above the unit itself.
2021-06-08 14:05:56 +01:00
Zbigniew Jędrzejewski-Szmek
f75420a43a man: explain ConditionNeedsUpdate a bit more
We were effectively doing all post-upgrade scripts twice in Fedora. We got this
wrong, so it's likely other people will get it wrong too. So let's explain
what is actually needed to make this work, but also when it's not useful.
2021-06-08 10:47:11 +02:00
alexlzhu
9f40351f77
man: update docs on systemd-system.conf logging (LogTime=) (#19846)
Updating documentation for systemd to reflect that logging is done in the console.
2021-06-08 15:54:07 +09:00
Yu Watanabe
165d7c5c42 network: introduce UplinkInterface= setting for DHCP server 2021-06-08 06:33:27 +09:00
Lennart Poettering
d27e6aee50 udevadm: fix --tag-match help + description 2021-06-08 01:47:01 +09:00
Sebastian Blunt
2cbca51a71 Rename crypttab opt silent to password-echo
Use the option name 'password-echo' instead of the generic term
'silent'.

Make the option take an argument for better control over echoing
behavior.

Related discussion in https://github.com/systemd/systemd/pull/19619
2021-06-07 10:35:28 +02:00
adrian5
d0fd114929 man: fix typo 2021-06-03 22:10:36 +02:00
Lennart Poettering
49365d1c6d ask-password: make password echo fully configurable
This adds --visible=yes|no|asterisk which allow controlling the echo of
the password prompt in detail. The existing --echo switch is then made
an alias for --visible=yes (and a shortcut -e added for it too).
2021-06-03 11:16:48 +02:00
Lennart Poettering
17e7561a97 homectl: store FIDO2 up/uv/clientPin fields in user records too
This catches up homed's FIDO2 support with cryptsetup's: we'll now store
the uv/up/clientPin configuration at enrollment in the user record JSON
data, and use it when authenticating with it.

This also adds explicit "uv" support: we'll only allow it to happen when
the client explicity said it's OK. This is then used by clients to print
a nice message suggesting "uv" has to take place before retrying
allowing it this time. This is modelled after the existing handling for
"up".
2021-06-01 13:31:53 +02:00
Lennart Poettering
7dba77a67e
Merge pull request #17096 from eworm-de/ask-password
ask-password: allow to control emoji
2021-06-01 11:44:00 +02:00
Luca Boccassi
6c498f6d89
Merge pull request #19765 from keszybz/early-boot-logging-improvements
Early boot logging improvements
2021-05-31 22:59:51 +01:00
Christian Hesse
e390c34d00 ask-password: allow to control lock and key emoji
Giving --echo to systemd-ask-password allows to echo the user input.
There's nothing secret, so do not show a lock and key emoji by default.

The behavior can be controlled with --emoji=yes|no|auto. The default is
auto, which defaults to yes, unless --echo is given.
2021-05-31 21:13:31 +02:00
Zbigniew Jędrzejewski-Szmek
af88c399c0 tty-ask-password-agent: mention optional argument in help
0cf8469387 added --console.
6af621248f added an optional argument, but didn't
update the help texts.

Note that there is no ambiguity with the optional argument because no positional
arguments are allowed.
2021-05-31 19:22:51 +02:00
Sebastian Blunt
4858bc0d84 Respect option 'silent' on cryptsetup FIDO2 pin entry
Makes the silent flags behavior consistent between regular password
entry and FIDO2 pin entry.
2021-05-31 17:57:44 +02:00
Lennart Poettering
72c1542267 man: document that FIDO2 uv/up/clientPin feature support is now handled gracefully 2021-05-28 16:45:12 +02:00
Yu Watanabe
48008c1cbf tree-wide: fix typo 2021-05-28 19:52:12 +09:00
borna-blazevic
c517a49bf7 network: dhcp-server: introduce [DHCPServerStaticLease] section 2021-05-27 15:51:26 +09:00
Yu Watanabe
e954939b9e
Merge pull request #19736 from poettering/udev-trigger-uuid
sd-device: add support for triggering devices with UUID support
2021-05-27 13:05:00 +09:00
Christian Hesse
9fff026d60 man: fix tag type
This is an option, not a command.
2021-05-27 12:50:57 +09:00
Lennart Poettering
730b9c1e14 udevadm: make use of the new uuid-enabled triggering for "udevadm trigger"
This adds two things:

- A new switch --uuid is added to "udevadm trigger". If specified a
  random UUID is associated with the synthettic uevent and it is printed
  to stdout. It may then be used manually to match up uevents as they
  propagate through the system.

- The UUID logic is now implicitly enabled if "udevadm trigger --settle"
  is used, in order to wait for precisely the uevents we actually
  trigger. Fallback support is kept for pre-4.13 kernels (where the
  requests for trigger uevents with uuids results in EINVAL).
2021-05-26 21:44:36 +02:00
Lennart Poettering
6f75309295 man: document that it is guaranteed that generated ID128 are never all-zero or all-one
This is the case because the ID128 we generate are all marked as v4 UUID
which requires that some bits are zero and others are one. Let's
document this so that people can rely on SD_ID128_NULL being a special
value for "uninitialized" that is always distinguishable from generated
UUIDs.
2021-05-26 21:44:15 +02:00
Lennart Poettering
83aab043d3
Merge pull request #19737 from poettering/default-specifiers-env
pid1: add specifier expansion for DefaultEnvironment=
2021-05-26 21:38:38 +02:00
Topi Miettinen
d8e3c31bd8 Mount all fs nosuid when NoNewPrivileges=yes
When `NoNewPrivileges=yes`, the service shouldn't have a need for any
setuid/setgid programs, so in case there will be a new mount namespace anyway,
mount the file systems with MS_NOSUID.
2021-05-26 17:42:39 +02:00
Lennart Poettering
aa6dc3ec33 man: fix list of escaped characters in unit names
The code works differently than the docs, and the code is right here.
Fix the doc hence.

See VALID_CHARS in unit-name.c for details about allowed chars in unit
names, but keep in mind that "-" and "\" are special, since generated by
the escaping logic: they are OK to show up in unit names, but need to be
escaped when converting foreign strings to unit names to make sure
things remain reversible.

Fixes: #19623
2021-05-26 17:27:24 +02:00
Lennart Poettering
46a9ee5d9b core: support specifier expansion in DefaultEnvironment= and ManagerEnvironment=
Strictly speaking adding this is a compatibility break, given that
previously % weren't special. But I'd argue that was simply a bug, as
for the much more prominent Environment= service setting we always
resolved specifiers, and DEfaultEnvironment= is explicitly listed as
being the default for that. Hence, let's fix that.

Replaces: #16787
2021-05-26 17:20:36 +02:00
Lennart Poettering
b3e22322b6 repart: resolve $TMP specifiers too
This might be useful for CopyFiles=, to reference some subdir of $TMP in
a generic way. This allows us to use the new common
system_and_tmp_specifier_table[].
2021-05-26 17:20:36 +02:00
Lennart Poettering
205013c800 man: document udevadm info output prefixes
Fixes: #19663
2021-05-26 12:46:51 +01:00
Lennart Poettering
74c88a2520 man: try to clarify that nss-mymachines does not provide name resolution outside its own scope
Fixes: #18229
2021-05-26 12:45:20 +01:00
Lennart Poettering
7dbc38db50 man: explicit say for priority/weight values whether more is more or less
Fixes: #17523
2021-05-26 12:42:13 +01:00
Yu Watanabe
b69855e645
Merge pull request #19727 from poettering/pcr-comma
Allow PCRs to be separated by "+" instead of ","
2021-05-26 10:37:24 +09:00
Luca Boccassi
93f235e8d8
Merge pull request #19722 from poettering/empty-string-loginctl-man
document that "loginctl kill-session" takes an empty string + add the same for per-user stuff
2021-05-25 23:23:42 +01:00
Lennart Poettering
a1788a69b2 tpm2: support "+" as separator for TPM PCR lists
Previously, we supported only "," as separator. This adds support for
"+" and makes it the documented choice.

This is to make specifying PCRs in crypttab easier, since commas are
already used there for separating volume options, and needless escaping
sucks.

"," continues to be supported, but in order to keep things minimal not
documented.

Fixe: #19205
2021-05-25 23:28:54 +02:00
Lennart Poettering
9f48b4e40e man: documet that loginctl {terminate|kill}-{session|user} take the empty string, optionally
Fixes: #19711
2021-05-25 17:42:34 +02:00
Lennart Poettering
0bc488c99a core: implement Uphold= dependency type
This is like a really strong version of Wants=, that keeps starting the
specified unit if it is ever found inactive.

This is an alternative to Restart= inside a unit, acknowledging the fact
that whether to keep restarting the unit is sometimes not a property of
the unit itself but the state of the system.

This implements a part of what #4263 requests. i.e. there's no
distinction between "always" and "opportunistic". We just dumbly
implement "always" and become active whenever we see no job queued for
an inactive unit that is supposed to be upheld.
2021-05-25 16:03:03 +02:00
Lennart Poettering
294446dcb9 core: add new OnSuccess= dependency type
This is similar to OnFailure= but is activated whenever a unit returns
into inactive state successfully.

I was always afraid of adding this, since it effectively allows building
loops and makes our engine Turing complete, but it pretty much already
was it was just hidden.

Given that we have per-unit ratelimits as well as an event loop global
ratelimit I feel safe to add this finally, given it actually is useful.

Fixes: #13386
2021-05-25 16:03:03 +02:00
Lennart Poettering
ffec78c05b core: add new PropagateStopTo= dependency (and inverse)
This takes inspiration from PropagatesReloadTo=, but propagates
stop jobs instead of restart jobs.

This is defined based on exactly two atoms: UNIT_ATOM_PROPAGATE_STOP +
UNIT_ATOM_RETROACTIVE_STOP_ON_STOP. The former ensures that when the
unit the dependency is originating from is stopped based on user
request, we'll propagate the stop job to the target unit, too. In
addition, when the originating unit suddenly stops from external causes
the stopping is propagated too. Note that this does *not* include the
UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT atom (which is used by BoundBy=),
i.e. this dependency is purely about propagating "edges" and not
"levels", i.e. it's about propagating specific events, instead of
continious states.

This is supposed to be useful for dependencies between .mount units and
their backing .device units. So far we either placed a BindsTo= or
Requires= dependency between them. The former gave a very clear binding
of the to units together, however was problematic if users establish
mounnts manually with different block device sources than our
configuration defines, as we there might come to the conclusion that the
backing device was absent and thus we need to umount again what the user
mounted. By combining Requires= with the new StopPropagatedFrom= (i.e.
the inverse PropagateStopTo=) we can get behaviour that matches BindsTo=
in every single atom but one: UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT is
absent, and hence the level-triggered logic doesn't apply.

Replaces: #11340
2021-05-25 16:03:03 +02:00
Lennart Poettering
629b2a6f7b core: add a reverse dep for OnFailure=
Let's add an implicit reverse dep OnFailureOf=. This is exposed via the
bus to make things more debuggable: you can now ask systemd for which
units a specific unit is the failure handler.

OnFailure= was the only dependency type that had no inverse, this fixes
that.

Now that deps are a bit cheaper, it should be OK to add deps that only
serve debug purposes.
2021-05-25 16:03:03 +02:00
Lennart Poettering
d219a2b07c core: convert Slice= into a proper dependency (and add a back dependency)
The slice a unit is assigned to is currently a UnitRef reference. Let's
turn it into a proper dependency, to simplify and clean up code a bit.
Now that new dep types are cheaper, deps should generally be preferable
over everything else, if the concept applies.

This brings one major benefit: we often have to iterate through all unit
a slice contains. So far we iterated through all Before= dependencies of
the slice unit to achieve that, filtering out unrelated units, and
taking benefit of the fact that slice units are implicitly ordered
Before= the units they contain. By making Slice= a proper dependency,
and having an accompanying SliceOf= dependency type, this is much
simpler and nicer as we can directly enumerate the units a slice
contains.

The forward dependency is actually called InSlice internally, since we
already used the UNIT_SLICE name as UnitType field. However, since we
don't intend to expose the dependency to users as dep anyway (we already
have the regular Slice D-Bus property for this) this shouldn't matter.
The SliceOf= implicit dependency type (the erverse of Slice=/InSlice=)
is exported over the bus, to make things a bit nicer to debug and
discoverable.
2021-05-25 16:03:01 +02:00
Yu Watanabe
f0c09831bd network: allow to set Group=0 in [Link] section
Previously, when a link has already in a numbered group, we cannot
remove the link from the group.

This also fixes the range mentioned in the man page.
2021-05-25 07:12:05 +09:00
наб
8a2f7b7c9b
man: we is OK too -> which is OK too (#19708) 2021-05-24 18:39:38 +09:00
Yu Watanabe
75d5abd298 network: IPv6LinkLocalAddressGenerationMode=none disables IPv6LL addressing 2021-05-23 17:13:06 +09:00
Luca Boccassi
d1cb55e6e4
Merge pull request #19700 from keszybz/check-os-release-fixups
Fixups for man/check-os-release.*
2021-05-22 23:56:59 +01:00
Zbigniew Jędrzejewski-Szmek
91da09bd1a man/check-os-release.*: allow ID_LIKE to have multiple values
I missed the fact that it is documented to be a space-separated list.
2021-05-22 20:44:04 +02:00
Zbigniew Jędrzejewski-Szmek
82ca34e6e6 man/check-os-release.py: ignore comment and empty lines
Plus fix off-by-one in error printing.
2021-05-22 20:44:04 +02:00
Lennart Poettering
83a04afc06
Merge pull request #19686 from keszybz/os-release-modernization-and-examples
os-release modernization and examples
2021-05-22 14:44:50 +02:00
Zbigniew Jędrzejewski-Szmek
412339835e man/check-os-release.py: strip trailing whitespace
The shell parser would do that, so so should we.
2021-05-22 12:20:51 +02:00
Zbigniew Jędrzejewski-Szmek
c0527e1f95 man: say that initrd-release is like os-release 2021-05-22 12:20:51 +02:00
Yu Watanabe
228c3e21e9 network: nexthop: add Group= setting to configure multipath route with group nexthop 2021-05-22 04:59:40 +09:00
Zbigniew Jędrzejewski-Szmek
8fd67ab5a3 man: reword description of BUILD_ID in os-release
Our description was pretty hard to parse. Let's replace it with a description
loosely based on a fairly clear description written by a distro that actually
uses BUILD_ID:
https://developer.rigado.com/docsets/Working-with-the-Rigado-Vesta-Gateway/latest/production/versioning-images.html#the-rigos-scheme.
2021-05-21 17:06:28 +02:00
Zbigniew Jędrzejewski-Szmek
3ca606d103 man: add example os-release mangling in python
This is also not entirely obvious. I think the code I came
up with is pretty elegant ;] The final part of of the code that makes
use of the parsed data is kept very similar to the shell code on purpose,
even though it could be written a bit more idiomatically.
2021-05-21 16:33:04 +02:00
Zbigniew Jędrzejewski-Szmek
e839ebe551 man: add an example how to correctly read os-release in shell
This is not entirely obvious.

The logic of how to interpret the fields applies in any language, so drop the
pointless mention of C or shell.
2021-05-21 16:32:54 +02:00
Zbigniew Jędrzejewski-Szmek
00e3abe024 man: reorder fields in os-release
Let's order the fields from the most general to least: os name, os variant, os
version, machine-parseable version details, metadata, special settings. I added
section headers to roughly group the settings. The division is not strict,
because for example CPE_NAME also includes the version, and PRETTY_NAME may
too, but it still makes it easier to find the right name.

Also split out Examples to separate paragraphs:
almost all descriptions had "Example:" at the end, where multiple
examples were listed. Splitting this out to separate paragraphs
makes the whole thing much easier to read.

Add missing markup and punctuation while at it.

About
- If not set, defaults to <literal>NAME=Linux</literal>.
+ If not set, a default of <literal>NAME=Linux</literal> may be used.
and similar changes: in many circumstances, if this is not set, no value should
be used. The fallback mostly make sense when we need to present something to the
user. So let's reword this to not imply that the default is necessary.
2021-05-21 12:24:14 +02:00
asavah
670427a4d4 man: prevent race condition when generating systemd.directives.xml 2021-05-20 20:49:50 +01:00
Lennart Poettering
f9e60ff9ad
Merge pull request #19605 from yuwata/network-fdb-outgoing-interface
network: bridge-fdb: add support to specify outgoing interface
2021-05-20 21:33:14 +02:00
Yu Watanabe
e6655fbe40 man: mention that drop-in files are merged in alphanumeric order
This addresses the request in https://github.com/systemd/systemd/issues/19467#issuecomment-829332877.
2021-05-20 21:20:51 +02:00
Susant Sahani
af99cdf4d4 network: bridge-fdb: add support to specify outgoing interface 2021-05-20 18:23:15 +09:00
Anita Zhang
1539124b39 man: document default rlimits
Fixes #19645
2021-05-20 09:58:48 +02:00
Lennart Poettering
a06c9ac277 man: document new nspawn --bind-user= feature 2021-05-19 17:46:59 +02:00
Alvin Šipraga
7e59cfe951 man: describe overall online status in networkctl(1) 2021-05-19 10:34:06 +09:00
Alvin Šipraga
553022c4af man: clarify RequiredFamilyForOnline= behaviour for online state
With new "online state" semantics in networkd, make the description of
RequiredFamilyForOnline= a little more broad. Some rewording has been
done to make the passage easier to understand.
2021-05-19 10:34:06 +09:00
Alvin Šipraga
6c95e09388 man: clarify RequiredForOnline= behaviour for online state
With new "online state" semantics in networkd, make the description of
RequiredForOnline= a little more broad.
2021-05-19 10:34:06 +09:00
Yu Watanabe
e7901aba14
Merge pull request #19611 from yuwata/network-dhcp-server-introduce-server-address
network: dhcp-server: introduce ServerAddress= setting
2021-05-19 10:29:43 +09:00
Zbigniew Jędrzejewski-Szmek
23b8071d47 man: use readable names for entities
Let's use the same names as in the jinja2 substitutions.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
fd3a3e31b3 meson: drop "_YES_NO" variables
We can generate the right string in the template directly.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
46c4f8dc8a meson: use jinja2 also for custom-entities.ent
This doesn't matter too much, but makes things a bit more consistent.
A minor advantage is that the file is not a configuration file for meson
anymore, so:
 a) It is not built unless pulled in by another target. Since
    we don't usually build man pages by default, this saves a tiny
    amount of work.
 b) When the .in file is updated, meson does not reconfigure everything,
    but just rebuilds the dependent targets.

Now that the conversion is finished, time for benchmarking:
a full build with default settings (and -Dstandalonebinaries=true), yields

before this pull request: 1687 targets, 148.13s user 35.17s system 317% cpu 57.697 total
with the full pull request: 1714 targets, 143.07s user 27.87s system 314% cpu 54.369 total

The difference doesn't seem significant. Partial rebuilds might be faster as
mentioned before.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
195a8a9327 meson: use custom configuration_data() object for man/man and man/html helpers
I want to stop using 'substs'. But in this case, configure_file() is nicer
than custom_target(), because it causes meson to immediately generate the
helpers after configuration, so it's possible to do
'meson build && build/man/man ...', without building anything first.

We only substitute one variable here, so let's use a custom configuration_data()
object.
2021-05-19 10:24:43 +09:00
Yu Watanabe
0017ba3165 network: dhcp-server: introduce ServerAddress= setting
This may be useful when the link which DHCP server running on has
multiple static addresses.
2021-05-18 20:20:24 +09:00
Anita Zhang
c54cfef396 man: only the system manager does not pass vars in ManagerEnvironment=
User managers always pass their environment on to their children.
Make that clear in the description of ManagerEnvironment= which
states that none of those args will get passed to child processes of
service managers.
2021-05-18 12:59:10 +02:00
ei-ke
410477a78f Fixed a typo 2021-05-16 18:28:58 +02:00
Sebastian Blunt
1fa94a3124 Add crypttab option silent
Adds a crypttab option 'silent' that enables the AskPasswordFlag
ASK_PASSWORD_SILENT. This allows usage of systemd-cryptsetup to default
to silent mode, rather than requiring the user to press tab every time.
2021-05-15 16:23:56 +02:00
Zbigniew Jędrzejewski-Szmek
f1e696221f
Merge pull request #19612 from keszybz/meson-0.58-quieting
Make meson output quiet again
2021-05-15 10:49:10 +02:00
Lennart Poettering
d47f96b4ef
Merge pull request #19609 from keszybz/networkd-dhcp-man
Tweak man page ordering for DHCPv[46] options
2021-05-14 16:26:18 +02:00
Zbigniew Jędrzejewski-Szmek
0f4c4f3824 meson: call find_program() once and reuse the variable everywhere
Meson 0.58 has gotten quite bad with emitting a message every time
a quoted command is used:
Program /home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh found: YES (/home/zbyszek/src/systemd-work/tools/meson-make-symlink.sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program sh found: YES (/usr/bin/sh)
Program xsltproc found: YES (/usr/bin/xsltproc)
Configuring custom-entities.ent using configuration
Message: Skipping bootctl.1 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping journal-remote.conf.5 because HAVE_MICROHTTPD is false
Message: Skipping journal-upload.conf.5 because HAVE_MICROHTTPD is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Message: Skipping loader.conf.5 because ENABLE_EFI is false
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
Program ln found: YES (/usr/bin/ln)
...

Let's suffer one message only for each command. Hopefully we can silence
even this when https://github.com/mesonbuild/meson/issues/8642 is
resolved.
2021-05-14 14:21:27 +02:00
Zbigniew Jędrzejewski-Szmek
6c55cefe2f man: reword descriptions of two DHCPv4 options 2021-05-14 11:48:33 +02:00
Zbigniew Jędrzejewski-Szmek
c3696a9111 man: reorder items in [DHCPv4] and [DHCPv6] sections
The settings were listen in a completely random order, also different
between the v4 and v6 sections. Order by "options sent", "options received",
"communication settings" in both sections.

Also minor formatting changes are done, e.g. "=" is added in various places.
2021-05-14 11:48:33 +02:00
Yu Watanabe
bfc2b05e59 networkctl: introduce --json option for "status" and "list" commands
When `--json` option is specified, "status" and "list" commands gives
the same information, as originally "list" just gives partial
information of "status" in different format.
2021-05-14 09:18:29 +09:00
Zbigniew Jędrzejewski-Szmek
c799d93cfa
Merge pull request #19567 from poettering/ipv4-ipv6-lowercase
various follow-ups to socket-bind logic
2021-05-12 12:21:58 +02:00
Lennart Poettering
971c07fc68 pam: fix typo try_authtok → use_authtok
This was a copy/paste mistae apparently, there's not "try_authtok" and
this was supposed to copy what Fedora uses, which uses "use_authtok"
correctly. Hence adjust this.

Fixes: #19369
2021-05-12 12:14:17 +02:00
Lennart Poettering
f80a206aa4 socket-bind: use lowercase "ipv4"/"ipv6" spelling
In most of our codebase when we referenced "ipv4" and "ipv6" on the
right-hand-side of an assignment, we lowercases it (on the
left-hand-side we used CamelCase, and thus "IPv4" and "IPv6"). In
particular all across the networkd codebase the various "per-protocol
booleans" use the lower-case spelling. Hence, let's use lower-case for
SocketBindAllow=/SocketBindDeny= too, just make sure things feel like
they belong together better.

(This work is not included in any released version, hence let's fix this
now, before any fixes in this area would be API breakage)

Follow-up for #17655
2021-05-11 15:37:31 +02:00
Lennart Poettering
7eea910d24 bootctl: extend --make-machine-id-directory= documentation a bit
The directory might not be created in the ESP but in the extended boot
loader partition, hence don#t claim otherwise.

Also, give a brief reason why the concept exists at all.

Link up machine-id man page.

Follow-up for: 6a3fff75ba
2021-05-11 14:32:42 +09:00
Lennart Poettering
9854ac4af4 man: remove some trailing whitespace 2021-05-10 23:10:44 +02:00
Lennart Poettering
c96a301213 man: document new userdbctl features 2021-05-10 18:02:50 +02:00
Lennart Poettering
62a90b48d0 man: document new userdbd features 2021-05-10 14:59:05 +02:00
Lennart Poettering
71b5738030 man: update nss-systemd documentation with new features 2021-05-10 14:58:44 +02:00
Zbigniew Jędrzejewski-Szmek
8808d3289e
Merge pull request #19556 from lucasrangit/network-wifi-interface-type-typos
network: update documentation and examples to use correct interface type and lookup command
2021-05-10 13:55:07 +02:00
Lucas Magasweran
2480ca95ba man: network: use networkctl list instead of status to list network interface type
To determine the network interface type for use in the `Type=` directive, it is more concise to use the `list` command. Whereas, the `status` command requires an interface parameter.

For example, on a RaspberryPi 4 the following shows that the `wlan0` interface type `wlan` is more coveniently listed by the `list` command.

```
root@raspberrypi4-64:~# networkctl list
IDX LINK  TYPE     OPERATIONAL SETUP
  1 lo    loopback carrier     unmanaged
  2 eth0  ether    routable    configured
  3 wlan0 wlan     off         unmanaged

3 links listed.
```

Whereas the `networkctl status` command doesn't include this information.

```
root@raspberrypi4-64:~# networkctl status
●   State: routable
  Address: 192.168.1.141 on eth0
           fd8b:8779:b7a4::f43 on eth0
           fd8b:8779:b7a4:0:dea6:32ff:febe:d1ce on eth0
           fe80::dea6:32ff:febe:d1ce on eth0
  Gateway: 192.168.1.1 (CZ.NIC, z.s.p.o.) on eth0
      DNS: 192.168.1.1

May 07 14:17:18 raspberrypi4-64 systemd-networkd[212]: eth0: Gained carrier
May 07 14:17:19 raspberrypi4-64 systemd-networkd[212]: eth0: Gained IPv6LL
May 07 14:17:19 raspberrypi4-64 systemd-networkd[212]: eth0: DHCPv6 address fd8b:8779:b7a4::f43/128 timeout preferred -1 valid -1
May 07 14:17:21 raspberrypi4-64 systemd-networkd[212]: eth0: DHCPv4 address 192.168.1.141/24 via 192.168.1.1
```

To get the interface type using the `status` command you need to specify an additional argument.

```
root@raspberrypi4-64:~# networkctl status wlan0
● 3: wlan0
                     Link File: /lib/systemd/network/99-default.link
                  Network File: n/a
                          Type: wlan
                         State: off (unmanaged)
                          Path: platform-fe300000.mmcnr
                        Driver: brcmfmac
                    HW Address: dc:a6:32:be:d1:cf (Raspberry Pi Trading Ltd)
                           MTU: 1500 (min: 68, max: 1500)
                         QDisc: noop
  IPv6 Address Generation Mode: eui64
          Queue Length (Tx/Rx): 1/1
```
2021-05-10 13:40:33 +02:00
Samuel BF
c362a432af Wider range of options for selecting entries for systemd-journal-gatewayd
Introducing --user, --system, --merge and --file flags, like for journalctl
and systemd-journal-upload.
2021-05-10 12:20:27 +02:00
Lennart Poettering
2baec39665
Merge pull request #19545 from poettering/nss-systemd-shadow
nss-systemd: also expose shadow/gshadow entries from userdb records
2021-05-10 09:46:49 +02:00
Luca Boccassi
63225fe159
Merge pull request #19298 from bluca/cryptsetup_nopass
cryptsetup: add 'headless' parameter to skip password/pin query, allow pin-less enroll on FIDO2, support user presence/verification flags
2021-05-09 13:49:55 +01:00
Lennart Poettering
f43a19ecd6 nss-systemd: synthesize NSS shadow/gshadow records from userdb, as well
This ensures we not only synthesize regular paswd/group records of
userdb records, but shadow records as well. This should make sure that
userdb can be used as comprehensive superset of the classic
passwd/group/shadow/gshadow functionality.
2021-05-08 14:35:28 +02:00
Yegor Alexeyev
11c38d3e51 rfc3046 implementation 2021-05-08 15:59:29 +09:00
Lennart Poettering
22326f15a6 man: document new nspawn ID mapping mounts features 2021-05-07 22:44:17 +02:00
Luca Boccassi
896cc0da98 FIDO2: ask and record whether user verification was used to lock the volume
Some tokens support authorization via fingerprint or other biometric
ID. Add support for "user verification" to cryptenroll and cryptsetup.
Disable by default, as it is still quite uncommon.
2021-05-07 21:36:27 +01:00
Luca Boccassi
06f087192d FIDO2: ask and record whether user presence was used to lock the volume
In some cases user presence might not be required to get _a_
secret out of a FIDO2 device, but it might be required to
the get actual secret that was used to lock the volume.
Record whether we used it in the LUKS header JSON metadata.
Let the cryptenroll user ask for the feature, but bail out if it is
required by the token and the user disabled it.
Enabled by default.
2021-05-07 21:36:27 +01:00
Luca Boccassi
cde2f8605e FIDO2: support pin-less LUKS enroll/unlock
Closes: https://github.com/systemd/systemd/issues/19246

Some FIDO2 devices allow the user to choose whether to use a PIN or not
and will HMAC with a different secret depending on the choice.
Some other devices (or some device-specific configuration) can instead
make it mandatory.
Allow the cryptenroll user to choose whether to use a PIN or not, but
fail immediately if it is a hard requirement.
Record the choice in the JSON-encoded LUKS header metadata so that the
right set of options can be used on unlock.
2021-05-07 21:36:27 +01:00
Luca Boccassi
cd5f57bda7 cryptsetup: add 'headless' parameter to skip password/pin query
On headless setups, in case other methods fail, asking for a password/pin
is not useful as there are no users on the terminal, and generates
unwanted noise. Add a parameter to /etc/crypttab to skip it.
2021-05-07 21:36:27 +01:00
Lennart Poettering
37ef2fc9f7
Merge pull request #18863 from keszybz/cmdline-escaping
Escape command lines properly
2021-05-07 17:29:39 +02:00
Zbigniew Jędrzejewski-Szmek
d0f14a6cf4
Merge pull request #19134 from poettering/outbound-special-hostname
introduce a new synthetic hostname "_outbound" that maps to "the" local IP address
2021-05-07 17:15:22 +02:00
Zbigniew Jędrzejewski-Szmek
ac2c088939
Merge pull request #19391 from poettering/dissect-grow
optionally, grow file systems to partition size when mounting them via GPT auto-discovery
2021-05-07 15:04:55 +02:00