1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

57667 Commits

Author SHA1 Message Date
Lennart Poettering
4b9a4b0179 pid1: import creds from sd-stub + qemu + kernel cmdline
Let's beef up our system credential game a bit, and explicitly import
creds from sd-stub, from qemu fw_cfg and the kernel cmdline and expose
them in the same way as those passed in from nspawn.

Specifically, this will imprt such credentials to
/run/credentials/@system (if the source can be trusted, as in the
qemu/kernel cmdline case) and /run/credentials/@encrypted (otherwise,
such as sd-stub provided ones).

Once imported we'll set the $CREDENTIALS_PATH env var for PID 1, like it
would be done by a container manager for the payload. (Conversely, we'll
also creat a symlink from /run/credentials/@system to whatever is set in
$CREDENTIALS_PATH in case we are invoked by a container manager, thus
providing a fixed path where system credentials are found).
2022-04-28 18:12:00 +02:00
Lennart Poettering
5c1d67af46 pid1: load 'qemu_fw_cfg' kmod super early, so that we can import credentials from it
In one of the next commits we want to add support for importing system
credentials from qemu_fw_cfg, very early during boot. (So that we can
use the credentials therein for generators and even earlier). But that
means udev won#t load these modules for us, we have to load them
manually first.
2022-04-28 17:54:14 +02:00
Zbigniew Jędrzejewski-Szmek
6ef00eb846
Merge pull request #23200 from keszybz/oomd-docs
Extend the documentation for oomd a bit
2022-04-28 17:46:03 +02:00
Zbigniew Jędrzejewski-Szmek
483091b0f1 TODO: more entries for bootctl
https://bugzilla.redhat.com/show_bug.cgi?id=2079784#c9
2022-04-28 17:45:44 +02:00
Lennart Poettering
27c03586ea hwdb: run "ninja update-hwdb-autosuspend" for v251-rc2 2022-04-28 17:43:27 +02:00
Lennart Poettering
e21f7a133f hwbd: run "update-hwdb" for v251-rc2 2022-04-28 17:42:25 +02:00
Lennart Poettering
133a000369 hwdb: make sure "ninja update-hwdb" works on f35
let's restore compatibility with pyparsing from fedora 35, i.e.:

python3-pyparsing-2.4.7-9.fc35.noarch
2022-04-28 17:42:25 +02:00
Lennart Poettering
98045d12f6 update TODO 2022-04-28 17:16:33 +02:00
Lennart Poettering
61ade25782 NEWS: updates for 251-rc2 2022-04-28 17:16:33 +02:00
Zbigniew Jędrzejewski-Szmek
76c068b77c man: cross-advertize bootctl and systemctl boot loader support 2022-04-28 16:44:40 +02:00
Zbigniew Jędrzejewski-Szmek
4d620b90d9 oomd: "descendent" → "descendant"
The latter is the common spelling apparently.
2022-04-28 15:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
3b18f3017c man: direct users to systemd-oomd if they read about OOMPolicy
OOMPolicy remains valid, but let's push users for the userspace solution.
2022-04-28 15:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
6f83ea60e9 man: beef up the description of systemd-oomd.service
The gist of the description is moved from systemd.resource-control
to systemd-oomd man page. Cross-references to OOMPolicy, memory.oom.group,
oomctl, ManagedOOMSwap and ManagedOOMMemoryPressure are added in all
places.

The descriptions are also more down-to-earth: instead of talking
about "taking action" let's just say "kill". We *might* add configuration
for different actions in the future, but we're not there yet, so let's
just describe what we do now.
2022-04-28 15:46:44 +02:00
Zbigniew Jędrzejewski-Szmek
a34ecd1c37
Merge pull request #23204 from bluca/install_tag
meson: add install_tag and build alias for systemd-boot, libsystemd and libudev
2022-04-28 09:38:29 +02:00
Yu Watanabe
d10329a08e hwdb: add keyboard mapping for HP ProBook 11G2
Closes #23108.
2022-04-28 10:10:45 +09:00
Luca Boccassi
705d6b34ee meson: add systemd-boot and systemd-stub build target aliases
Allows to quickly build systemd-boot by itself without having to
reference the full path of the build target:

$ ninja -C foo systemd-stub
ninja: Entering directory `foo'
[21/21] Generating src/boot/efi/linuxx64.efi.stub with a custom command
$ ninja -C foo systemd-boot
ninja: Entering directory `foo'
[10/10] Generating src/boot/efi/systemd-bootx64.efi with a custom command
2022-04-27 22:24:58 +01:00
Luca Boccassi
0a5e638cc7 meson: add install_tag to sd-boot, libsystemd and libudev
Allows to 'meson install --tags systemd-boot --no-rebuild' to install only the EFI
binaries, skipping the rest, for a very quick build:

$ ninja src/boot/efi/linuxx64.efi.stub
[21/21] Generating src/boot/efi/linuxx64.efi.stub with a custom command
$ ninja src/boot/efi/systemd-bootx64.efi
[10/10] Generating src/boot/efi/systemd-bootx64.efi with a custom command
$ DESTDIR=/tmp/foo meson install --tags systemd-boot --no-rebuild
Installing src/boot/efi/systemd-bootx64.efi to /tmp/foo/usr/lib/systemd/boot/efi

Requires Meson 0.60 to be used, prints a warning for unknown keyword
in earlier versions, but there's no failure

https://mesonbuild.com/Installing.html#installation-tags
2022-04-27 22:24:53 +01:00
Luca Boccassi
8bc46fc006
Merge pull request #23206 from yuwata/meson-compression
meson: follow-ups about compression method
2022-04-27 18:27:47 +01:00
Zbigniew Jędrzejewski-Szmek
4d5713bb7e
Merge pull request #23119 from yuwata/test-sd-device-exclude-bdi
test: exclude "bdi" subsystem
2022-04-27 16:56:53 +02:00
Yu Watanabe
1788c6f3c0 meson: also use COMPRESSION_NONE for default compression 2022-04-27 20:49:17 +09:00
Yu Watanabe
9798deaf46 meson: show default compression method in summary 2022-04-27 20:47:38 +09:00
Zbigniew Jędrzejewski-Szmek
3d8a7e6f51
Merge pull request #23131 from poettering/shared-compress
move compress.[ch] → src/basic/
2022-04-27 10:47:54 +02:00
Yu Watanabe
ff56124b11 test: exclude "bdi" subsystem and loop block devices
On several CI environments, it seems that some loop block devices and
corresponding bdi devices are sometimes removed during the test is
running. Let's exclude them.

Fixes #22970.
2022-04-27 16:32:42 +09:00
Yu Watanabe
9409710097 sd-device-enumerator: introduce sd_device_enumerator_add_nomatch_sysname() 2022-04-27 16:32:42 +09:00
Yu Watanabe
c11810ed30 sd-device-enumerator: use set_fnmatch() 2022-04-27 16:32:42 +09:00
Yu Watanabe
d25d4f189c set: introduce set_fnmatch() 2022-04-27 16:32:15 +09:00
Lennart Poettering
cf393c5f44
Merge pull request #23161 from yuwata/nss-ipv6-disabled
nss: do not return IPv6 address when IPv6 is disabled
2022-04-26 22:52:09 +02:00
Lennart Poettering
d4cc5c8037 journal-verify: tighten check for compression of non-objects 2022-04-26 21:55:49 +02:00
Lennart Poettering
4d698d12de compress: make Compression a regular non-sparse enum
Given we have two different types for the journal object flags and the
Compression enum, let's make the latter a regular non-sparse enum, and
thus remove some surprises. We have to convert anyway between the two,
and already do via COMPRESSION_FROM_OBJECT().
2022-04-26 21:55:49 +02:00
Lennart Poettering
acc50c92eb basic: move compress.[ch] → src/basic/
The compression helpers are used both in journal code and in coredump
code, and there's a good chance we'll use them later for other stuff.

Let's hence move them into src/basic/, to make them a proper internal
API we can use from everywhere where that's desirable. (pstore might be
a candidate, for example)

No real code changes, just some moving around, build system
rearrangements, and stripping of journal-def.h inclusion.
2022-04-26 21:45:03 +02:00
Daniele Medri
6ed7b6977f po: update italian translations 2022-04-26 16:41:30 +02:00
Evgeny Vereshchagin
c84fc00b37 ci: unpin CFLite
The idea was to catch CFLite regressions but since the action itself
pulls the latest docker images it can't be pinned properly and issues
like https://github.com/google/clusterfuzzlite/issues/91 are going to
pop up anyway. Let's unpin it by analogy with CIFuzz and hope it doesn't
break very often.
2022-04-26 09:13:57 +00:00
Zbigniew Jędrzejewski-Szmek
c0a96b1b1d oomd: actually fail if configuration is bad
Follow-up for a858355e4a.
2022-04-26 08:54:39 +02:00
Zbigniew Jędrzejewski-Szmek
23ce0271dc
Merge pull request #23160 from keszybz/compress-defines
meson: simplify setting of default compression
2022-04-25 10:57:51 +02:00
wangyuhang
cca3050b9e test: use cp for journal copying when systemd-journal-remote non-existent 2022-04-25 08:27:17 +00:00
Yu Watanabe
8ac6b05b7c tree-wide: Fix typo 2022-04-25 10:06:08 +09:00
Jan Janssen
d5a99b7c9c tree-wide: Simplify variable declarations behind #ifdef 2022-04-24 01:31:05 +09:00
Lennart Poettering
5662811e34 loopback-setup: tweak message if loopback device is already set up 2022-04-23 08:45:45 +09:00
Frantisek Sumsal
98f8c31638 test: extend the "hashed" unit names coverage a bit
Follow-up to #22759.
2022-04-23 08:45:25 +09:00
Yu Watanabe
b1aca4da60 udevadm: wait: check if specified path not exist on --remove
Even if the corresponding device node or syspath are already removed,
the specified symlink to the device node may still exist.

Fixes #23166.
2022-04-23 08:45:01 +09:00
Yu Watanabe
bb78da17fd test: do not accept IPv6 local address if IPv6 is disabled 2022-04-23 04:19:49 +09:00
Yu Watanabe
db50d326a4 nss-myhostname: do not return IPv6 local address if IPv6 is disabled 2022-04-23 04:18:51 +09:00
MkfsSion
70e723c000 cryptenroll,homectl: Introduce --fido2-credential-algorithm option
* Some authenticators(like Yubikey) support credential algorithm other than ES256
* Introduce a new option so users can make use of it
2022-04-22 20:22:40 +02:00
Lance
6dc18ca5dd hwdb: Fix rotation for HP Pro Tablet 408 G1 2022-04-23 01:48:33 +09:00
Benjamin Berg
386885c4e6 hwdb: Remap micmute to f20 for ASUS WMI hotkeys
For micmute userspace handles both micmute and f20, as Xorg cannot
handle the high keycode that the micmute key has. As such, adding the
remapping means that the key will work on Xorg clients and not just when
using wayland.
2022-04-22 18:24:00 +02:00
Lennart Poettering
005b126745 docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images 2022-04-22 16:51:50 +02:00
Lennart Poettering
0b3a64fed9 update TODO 2022-04-22 15:56:33 +02:00
Lennart Poettering
0f2ac643d8
Merge pull request #23157 from poettering/execute-refactor-fix
execute: refactor credential passing code, and fix two bugs
2022-04-22 15:51:41 +02:00
Zbigniew Jędrzejewski-Szmek
ee00684c50 meson: use a single constant for default compression setting
Suggested by Daniele Nicolodi:
https://github.com/systemd/systemd/pull/23160#discussion_r855853716

This is possible only if the macro is never used in #if, but only in C code.
This means that all places that use #if have to be refactored into C, but we
reduce the duplication a bit, and C is nicer to read than preprocessor
conditionals.
2022-04-22 15:08:28 +02:00
Zbigniew Jędrzejewski-Szmek
1d997b8114 meson: simplify setting of default compression
Follow-up for da13d2ca07. Instead of having
separate definitions of the bitmask flags, just define DEFAULT_COMPRESSION_FOO=0|1
directly.

(It *should* be possible to do this more simply, but the problem is that
anything that is used in #if cannot refer to C constants or enums. This is the
simplest I could come up with that preserves the property that we don't use #ifdef.)

The return value from compress_blob() is changed to propagate the error instead
of always returning -EOPNOTSUPP. The callers don't care about the specific error
value. compress_blob_*() are changed to return the compression method on success, so
that compress_blob() can be simplified. compress_stream_*() and compress_stream() are
changed in the same way for consistency, even though the callers do not currently use
this information (outside of tests).
2022-04-22 12:02:29 +02:00