1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

41211 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
6304fec37c
Merge pull request #13191 from poettering/sysctl-no-fail
allow sysctl assignments to fail
2019-07-26 14:57:56 +02:00
Zbigniew Jędrzejewski-Szmek
47685d9d4b
Merge pull request #13137 from poettering/efi-random
beef up random seed logic, add boot loader entropy privisioning, improve docs about it
2019-07-26 12:43:32 +02:00
Lennart Poettering
608807c163
Merge pull request #13186 from keszybz/tmpfiles-postponement
Create less stuff when systemd-tmpfiles --create is executed (during installation or otherwise)
2019-07-26 09:41:00 +02:00
Lennart Poettering
8deeef94e7
Merge pull request #13188 from yuwata/news-igmp-version
network: rename `IGMPVersion=` to `MulticastIGMPVersion=`
2019-07-26 09:40:21 +02:00
Yu Watanabe
13cb62af22 NEWS: mention SpeedMeter= 2019-07-26 09:38:20 +02:00
Lennart Poettering
b64c47c038 NEWS: mention the new sysctl.d/ - prefix 2019-07-26 09:28:43 +02:00
Lennart Poettering
000500c9d6 sysctl: prefix ping port range setting with a dash
Fixes: #13177
2019-07-26 09:26:07 +02:00
Lennart Poettering
0338934f4b Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""
This reverts commit be74f51605.

Let's add this again. With the new sysctl "-" thing we can make this
work.
2019-07-26 09:25:09 +02:00
Lennart Poettering
e08be64937 man: document the new sysctl.d/ - prefix 2019-07-26 09:24:47 +02:00
Lennart Poettering
dec02d6e19 sysctl: if options are prefixed with "-" ignore write errors 2019-07-26 09:24:47 +02:00
Lennart Poettering
2de30233f7 sysctl: reset 'r' only where needed 2019-07-26 09:24:47 +02:00
Lennart Poettering
8a65188437 sysctl: switch to log_syntax()
With @keszybz' recent work this will give us clickable links in the
journalctl output.
2019-07-26 09:24:47 +02:00
Evgeny Vereshchagin
be74f51605 Revert "sysctl: Enable ping(8) inside rootless Podman containers"
This reverts commit 90ce7627df.

See https://github.com/systemd/systemd/issues/13177#issuecomment-514931461
2019-07-26 06:56:58 +00:00
Yu Watanabe
9f0d45e402 NEWS: mention Bridge.MulticastIGMPVersion= 2019-07-26 11:01:28 +09:00
Yu Watanabe
b738530b04 network: slightly update log message 2019-07-26 11:00:56 +09:00
Yu Watanabe
e8489008cb network: rename IGMPVersion= -> MulticastIGMPVersion= 2019-07-26 11:00:56 +09:00
Zbigniew Jędrzejewski-Szmek
0a71e31c33 sd-boot: silence one warning about pointer cast
It doesn't matter either way. Fixes #13174.
2019-07-26 10:37:56 +09:00
Lennart Poettering
f293fc5147 update TODO 2019-07-25 19:25:50 +02:00
Zbigniew Jędrzejewski-Szmek
9ba77b9949 tmpfiles: copy files to /etc only on boot
We'd copy /etc/nsswitch.conf, /etc/pam.d/, and /etc/issue (*) on every
tmpfiles --create run. I think we should only do this at boot, so if
people install systemd.rpm in a larger transaction and want to create those
files at a later step, we don't interfere with that.

(Stuff like /etc/os-release and /etc/mtab is not really configurable,
we might as was create it uncondtionally.)

(Seemingly, the alternative approach might be to not call
systemd-tmpfiles --create in systemd.rpm %post. But this wouldn't have much
effect, because various packages call it anyway, and our
%tmpfiles_create_package macro does too.  So we need to change the
configuration instead.)

(*) We don't provide /usr/share/factory/issue, so normally this fails, but
somebody else might provide that file, so it seems useful to keep the
C line.
2019-07-25 19:13:41 +02:00
Zbigniew Jędrzejewski-Szmek
09bef967d9 tmpfiles: stop creating /etc/localtime symlink
If the symlink is not present, UTC is the default. There *is* a slight
advantage to it: humans might expect it to be present and look in /etc.
But it might interfere with post-install scripts and it doesn't serve
any technical purpose. Let's not create it. Fixes #13183.
2019-07-25 19:12:02 +02:00
Lennart Poettering
312dc1539e update TODO 2019-07-25 18:31:20 +02:00
Lennart Poettering
341fd87c83 TODO: remove apparently fixed issue from TODO 2019-07-25 18:31:20 +02:00
Lennart Poettering
93f5910078 docs: add longer document about systemd and random number seeds 2019-07-25 18:31:20 +02:00
Lennart Poettering
7fb0c61580 man: extend on the --print-boot-path description a bit 2019-07-25 18:31:20 +02:00
Lennart Poettering
a2aa605d22 bootctl: add is-installed verb
Fixes: #9428
2019-07-25 18:31:20 +02:00
Lennart Poettering
39867bb9fb man: document the systemd-random-seed rework 2019-07-25 18:31:20 +02:00
Lennart Poettering
c7bb4dfcf4 docs: document new random seed EFI vars as part of the boot loader interface 2019-07-25 18:31:20 +02:00
Lennart Poettering
26ded55709 random-seed: rework systemd-random-seed.service substantially
This makes two major changes to the way systemd-random-seed operates:

1. We now optionally credit entropy if this is configured (via an env
var). Previously we never would do that, with this change we still don't
by default, but it's possible to enable this if people acknowledge that
they shouldn't replicate an image with a contained random seed to
multiple systems. Note that in this patch crediting entropy is a boolean
thing (unlike in previous attempts such as #1062), where only a relative
amount of bits was credited. The simpler scheme implemented here should
be OK though as the random seeds saved to disk are now written only with
data from the kernel's entropy pool retrieved after the pool is fully
initialized. Specifically:

2. This makes systemd-random-seed.service a synchronization point for
kernel entropy pool initialization. It was already used like this, for
example by systemd-cryptsetup-generator's /dev/urandom passphrase
handling, with this change it explicitly operates like that (at least
systems which provide getrandom(), where we can support this). This
means services that rely on an initialized random pool should now place
After=systemd-random-seed.service and everything should be fine. Note
that with this change sysinit.target (and thus early boot) is NOT
systematically delayed until the entropy pool is initialized, i.e.
regular services need to add explicit ordering deps on this service if
they require an initialized random pool.

Fixes: #4271
Replaces: #10621 #4513
2019-07-25 18:30:06 +02:00
Lennart Poettering
c6127c3996 random-seed: drop falling back to O_WRONLY if O_RDWR on /dev/urandom doesn't work
There's no reason why writing should work if reading and writing
doesn't. Let's simplify this hence. /dev/urandom is generally an r/w
device, and everything else would be a serious system misconfiguration.
2019-07-25 18:20:50 +02:00
Lennart Poettering
15d961bf53 random-seed: reduce scope of variable 2019-07-25 18:20:50 +02:00
Lennart Poettering
d985064a8b units: automatically initialize the system token if that makes sense 2019-07-25 18:20:50 +02:00
Lennart Poettering
d6e9a347a5 bootctl: show random seed state 2019-07-25 18:20:50 +02:00
Lennart Poettering
e44c3229f2 bootctl: add new verb for initializing a random seed in the ESP 2019-07-25 18:20:50 +02:00
Lennart Poettering
3e155eba43 random-seed: move pool size determination to random-util.[ch]
That way we can reuse it elsewhere.
2019-07-25 18:16:46 +02:00
Lennart Poettering
c18ecf0375 core: take random seed from boot loader and credit it to kernel entropy pool 2019-07-25 18:16:46 +02:00
Lennart Poettering
e4dcf7aa52 sd-boot: read random seed from ESP and pass it to OS 2019-07-25 18:16:46 +02:00
Lennart Poettering
073220bf36 efi: steal glibc sha256 implementation 2019-07-25 17:10:51 +02:00
Lennart Poettering
22c5ff5132 bootctl: add new feature flag for indicating random seed management support 2019-07-25 17:10:51 +02:00
Lennart Poettering
7c122dfef8 bootctl: shortcut configuration file parsing 2019-07-25 17:10:51 +02:00
Lennart Poettering
b461576de4 bootctl: drop const from non-pointer function argument 2019-07-25 17:10:51 +02:00
Lennart Poettering
5509f91261 bootctl: use the fact that startswith() returns the suffix 2019-07-25 17:10:51 +02:00
Lennart Poettering
c242a08279 efivars: modernize efi_get_variable() a bit
Primarily, make sure the return parameters are all individually
optional.
2019-07-25 17:10:51 +02:00
Lennart Poettering
b19fa8126d efi: add log_oom() helper 2019-07-25 17:10:51 +02:00
Lennart Poettering
1aaabb17fd efi: modernize file_read() a bit 2019-07-25 17:10:51 +02:00
Lennart Poettering
5373172e80 xattr-util: document that we NUL suffix 2019-07-25 17:10:51 +02:00
Lennart Poettering
63d59b8dcf fs-util: add fsync_full() helper
We usually combine an fsync() with fsync_directory_of_file() hence let's
add a helper that does both in one.
2019-07-25 17:10:51 +02:00
Zbigniew Jędrzejewski-Szmek
57cd822887
Merge pull request #13144 from poettering/nspawn-modprobe
nspawn modprobe fixes
2019-07-25 11:34:37 +02:00
Yu Watanabe
500b96eb34 network: drop redundant Link::kind check
All CAN devices' iftype are ARPHRD_CAN. So, checking Link::kind is
redundant.

Follow-up for c6ac3729c9.
2019-07-25 16:47:16 +09:00
Yu Watanabe
b9109ff710 units: add initrd-network-generator.service 2019-07-25 16:46:55 +09:00
Yu Watanabe
0a9219986e
Merge pull request #13179 from yuwata/network-drop-new-settings-from-dhcp-section
network: drop recently added settings from deprecated [DHCP] section
2019-07-25 15:44:25 +09:00