IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.
Because manually added LoadOptions are not taken into account, these
should be recorded also.
This patch logs and extends a TPM PCR register with the LoadOptions.
This feature can be enabled with configure --enable-tpm
The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.
[
@zonque:
* rebased to current master
* use AC_CHECK_DECLS to detect availibility of char{16,32}_t
* make utf8_encoded_to_unichar() return int
]
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.
Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
Fixes:
$ ./configure ... --disable-microhttpd --enable-libcurl
--enable-sysusers
$ make && make install DESTDIR=$(pwd)/INST
$ ls INST/usr/lib/sysusers.d/
basic.conf systemd.conf
There is no a file with `systemd-journald-upload`
util-linux 2.27.1's configure.ac still claims to be 2.27.0, which breaks our
version check. Lower it back to 2.27.0 until util-linux gets a fixed tarball.
See #1754
util-linux 2.27.1 now entirely stops looking at /etc/mtab, so we don't need to
verify /etc/mtab during early boot any more. Later on, tmpfiles.d/etc.conf will
fix /etc/mtab anyway, so there's not even a point in warning about it.
Drop test_mtab() and bump the util-linux dependency to >= 2.17.1.
Fixes#1495
--enable-lz4 can be used to force lz4 requirement,
--disable-lz4 can be used to skip lz4 support even if available.
Also, make surrounding checks for bzip2, xz, and zlib similar in structure.
This fixes the check for requested but missing bzip2.
The intent of the assignments around the check for libcap was obviously
to avoid polluting LIBS. To work properly, LIBS must be restored from
the save_LIBS variable.
The practical effect is small though, because pretty much everything
links with libbasic, which links with CAP_LIBS.
We have two AC_CHECK_LIB checks for libdw. The first one has an empty
action-if-found, so it defaults to adding "-ldw" to LIBS. LIBS are
applied to everything we build. But only systemd-coredump needs libdw.
It already links to ELFUTILS_LIBS correctly in Makefile.am.
Drop the first AC_CHECK_LIB check. The second check is sufficient.
Q: Don't we already use "-Wl,--as-needed" to eliminate overlinking?
A: We do, but it is effective only for executables, not for shared
libraries. This is due to a libtool bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347650
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.
This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.
Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
If gcrypt's m4 macro files aren't installed, with this change, gcrypt
will be disabled --- unless gcrypt support was explicitly requested by
passing --enable-gcrypt to configure, in which case it will fail.
Without this change, autoconf would fail either way with not being able
to resolve AM_PATH_LIBGCRYPT.
What is the rationale to have AC_FUNC_MALLOC? It does not actually
abort the configure run if an "unsuitable" malloc was found, and
instead just replaces malloc by rpl_malloc, for which systemd however
has no definition, either.
Remove the call.
gcc versions 4.6 and earlier used to complain when a local variable
shadows a global function, 4.7 and above only complain if a local
variable shadows a global variable.
Fix this by checking whether gcc 4.7+ behavior is in place before
deciding to use -Werror=shadow in $(CFLAGS), by using a custom test
program source that shadows a global function with a local variable and
confirming that -Werror=shadow does not make the compile to break.
Tested:
- On gcc 4.7 and 4.8, confirmed nothing changed (other than the order of
the -Werror=shadow argument, going to the end of CFLAGS.)
- On gcc 4.6, confirmed by looking at the config.log output that the
check for -Werror=shadow failed and it was not included in CFLAGS.
- Ran `make V=1` to confirm -Werror=shadow was still in use, introduced
a bogus shadowing issue and confirmed it was caught when building with
a recent gcc.
The current implementation directly monitor /proc/self/mountinfo and
/run/mount/utab files. It's really not optimal because utab file is
private libmount stuff without any official guaranteed semantic.
The libmount since v2.26 provides API to monitor mount kernel &
userspace changes and since v2.27 the monitor is usable for
non-root users too.
This patch replaces the current implementation with libmount based
solution.
Signed-off-by: Karel Zak <kzak@redhat.com>
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
AC_CHECK_FILE fails when cross-compiling. It is intended to be used to
check for files that are used at runtime during build time (e.g.
/etc/passwd, /dev/*) [1]. For files which are only used at build time
'test -f' is sufficient.
[1]: https://lists.gnu.org/archive/html/autoconf/2000-10/msg00018.html
This drops the libsystemd-terminal and systemd-consoled code for various
reasons:
* It's been sitting there unfinished for over a year now and won't get
finished any time soon.
* Since its initial creation, several parts need significant rework: The
input handling should be replaced with the now commonly used libinput,
the drm accessors should coordinate the handling of mode-object
hotplugging (including split connectors) with other DRM users, and the
internal library users should be converted to sd-device and friends.
* There is still significant kernel work required before sd-console is
really useful. This includes, but is not limited to, simpledrm and
drmlog.
* The authority daemon is needed before all this code can be used for
real. And this will definitely take a lot more time to get done as
no-one else is currently working on this, but me.
* kdbus maintenance has taken up way more time than I thought and it has
much higher priority. I don't see me spending much time on the
terminal code in the near future.
If anyone intends to hack on this, please feel free to contact me. I'll
gladly help you out with any issues. Once kdbus and authorityd are
finished (whenever that will be..) I'll definitely pick this up again. But
until then, lets reduce compile times and maintenance efforts on this code
and drop it for now.
While 235c6e6 gets LTO builds running again, it goes back to using fat
LTO objects instead of using gcc-{ar,nm,ranlib}. Building these fat
objects takes significantly more time.
Use the suggested solution and look for gcc-{ar,nm,ranlib}, which launch
the binutils tools with the appropriate --plugin parameter. GCC versions
that do not ship these should either default to -ffat-lto-objects or do
not support LTO at all.
On another note, nm from binutils 2.25 seems to be smart enough to load
the LTO plugin when needed without having to specify --plugin.
Similar to SmackProcessLabel=, if this configuration is set, systemd
executes processes with given SMACK label. If unit has
SmackProcessLabel=, this config is overwritten.
But, do NOT be confused with SMACK64EXEC of execute file. This default
execute process label(and also label which is set by
SmackProcessLabel=) is set fork-ed process SMACK subject label and
used to access the execute file.
If the execution file has also SMACK64EXEC, finally executed process
has SMACK64EXEC subject.
While if the execution file has no SMACK64EXEC, the executed process
has label of this config(or label which is set by
SmackProcessLabel=). Because if execution file has no SMACK64EXEC then
excuted process inherits label from caller process(in this case, the
caller is systemd).
Currently, 'make distcheck' fails with an error such as this:
srcdir=../../po /usr/bin/intltool-update -m
The following files contain translations and are currently not in use.
Please consider adding these to the POTFILES.in file, located in the po/ directory.
build2/src/core/org.freedesktop.systemd1.policy.in
build3/src/core/org.freedesktop.systemd1.policy.in
[...]
This is caused by a new behavior of autmake 1.15 which changed the
location of the build tree during 'make distcheck', and the fact that
intltool doesn't yet ignore that paths.
We used to have a workaround in configure.ac that makes the failing call
a no-op, but it was accidentially removed in 23756070
("remove gudev and gtk-doc").
Bring back that snipet for now, until intltool and automake sorted out
their issues and like each other again.
Also see
https://bugs.launchpad.net/intltool/+bug/1117944
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
Unfortunately, gcc keeps warning about those even when we use an
explicit (void) cast to indicate we are not interested in the result.
LLVM's clang does not have that issue and works fine with the casts.
GCC bug being tracked at:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
Until that GCC bug is fixed (and the version with the fix is in
many/most distributions) or we switch to LLVM as the default compiler,
it looks like we'll have to disable this warning by default...
Tested by building files known to present warnings about unused results
without the suppression, confirmed that the warnings were no longer
present with this patch applied.
This partially reverts commit 00c11bc53a ("build-sys: don't suppress irrelevant warnings").
Make the build sys error out on missing function prototypes, missing
variable declarations, implicit function declarations or forgotten return
statements.
None of these conditions are acceptable, and by making them hard errors, the
build bots can detect them earlier.
This way, development builds will not rely on gc-sections to
paper over cyclic link dependencies. Newly introduced broken
link requirements will immediatley fail.
Since we introduced AX_NORMALIZE_PATH, using --with-rootprefix=/ does
produce an empty string, but using --with-rootprefix= (empty) now
produces "." instead which is wrong.
Work around it until we can find a better solution for AX_NORMALIZE_PATH
upstream at autoconf-archive.
Bug: https://github.com/systemd/systemd/issues/54
Strip trailing slashes from options such as --with-rootprefix, so that building
with rootprefix="/" results in paths like "/lib" instead of "//lib".
Also handle paths such as "/usr/" gracefully.
Use m4/ax_normalize_path.m4 from the autoconf-archive project, which is now
included in our tree as per usual practices in using autoconf-archive macros.
Tested with the following configure options:
./configure \
--with-rootprefix=/ \
--with-rootlibdir=/lib64/ \
--prefix=/usr/ \
--libdir=/lib/ \
--with-bashcompletiondir=/bash-completion/completions/
(The "prefix" and "libdir" are already automatically normalized by Autoconf,
this command is testing the others.)
Compared the config.log and resulting trees (in particular man pages) to
confirm double slashes were not present in the latter.
Also tested that a configuration using default options is not affected and that
`make distcheck` still works as expected.
Previously we always ran distcheck with --disable-split-usr. This caused
test-path-util to fail with
Assertion 'fsck_exists("minix") == 0' failed at ../src/test/test-path-util.c:224, function test_fsck_exists(). Aborting.
as looking up fsck.minix would only look into DEFAULT_PATH_NORMAL, but on these
systems fsck is in /sbin/.
Introduce /usr/lib/systemd/systemd-sysv-install [--root=] <action> <name>
abstraction, replacing the direct calling of chkconfig. This allows
distributions to call their specific tools like update-rc.d without patching
systemd.
Ship systemd-sysv-install.SKELETON as an example for packagers how to implement
this.
Drop the --enable-chkconfig configure option.
Document this in README and point to it in NEWS.
Using the DIR macro breaks caching and has no benefit as it only offers
performance improvements when AS_FOR is used with a single element list.
Also --with-lds-dir= was broken as we never set have_efi_lds in this case.
Fix this and check if PATH actually contains the efi-lds file.
The build would fail later anyway, so it is better to bail
out early.
Also check for the second bios file only if the first one was not
found. I'm not sure which one is preferred. If the other one, the
order should be flipped.
gcc5 introduced this option (gcc4 silently ignores it, which is fine).
Given that gcc5 thinks 'unsigned char'/'unsigned short' is promoted to
'int' for var-args, stuff like this spits out warnings:
uint8_t x;
printf("%" PRIu8", x);
gcc5 promots 'x' to 'int', instead of 'unsigned int' and thus gets a
signedness-warnings as it expects an 'unsigned int'.
glibc states otherwise: unsigneds are always promoted to 'unsigned int'.
Until gcc and glibc figure this out, lets just ignore that warning (which
is totally useless in its current form).
We should prefer the unifont.hex file from the system, instead of our
own. Upstream has made a few releases since our version was included,
and we should follow upstream changes. But adding 2.6MB to our source
repo every time upstream releases is not nice.
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
