IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It is not used in this commit, but will be used later.
Preparation for later commits.
This is the one for routes of 531c7246829a41dd7e51847bd4d77aa012ff478f.
Otherwise, the route may arrive after we call
link_drop_foreign_address() or so on reconfiguring interface.
This is the one for routes of 4303e9806befc0c5b8067e45225e5d952f427b3a.
If we could not remove a route, then previously the corresponding
Route object was never removed, as it was freed only when we receive
remove notification from the kernel. So, we might confused that the
route still exists and being removed, and might block reconfiguring
the route.
With this change, even if we fail to remove a route, the corresponding
Route object will be freed.
This is the one for routes of 56a995fe8e50b2432ff930ed0431cc70adbe492d.
Then, Route object can live if it is detached from the owner (Manager,
Network, or Wireguard object).
This is the one for routes of ebd96906477aac2bbc6b9de0d6e9bd0f39db5581.
Then, replace route_remove_and_drop() with it.
If a route is requested, and the request is already called,
we may not received its reply and notification from the kernel, and
the corresponding Route object may not be remembered. Even in such
case, we need to remove the route, otherwise the route will come
later after the function called.
This is the version for route of f22b586a215962416bdbd692aabb89b1ac2999d0.
In Knot 3.2 the nsec3-iterations default was changed to 0 and Knot now
issues a warning if the value is > 0. Let's just use the default value,
since it's not something that's important for our tests.
In confidential computing, a virtual firmware may support measurement and
event log based upon the hardware Trusted Execution Environment (TEE)
capability.
The UEFI specification defines an interface between the virtual guest OS
and virtual firmware as EFI_CC_MEASUREMENT_PROTOCOL. The (vendor specific)
measurements are captured in the CC eventlog that follows the TCG2 format.
OVMF virtual firmware has the EFI_CC_MEASUREMENT_PROTOCOL support for
Intel Trust Domain Extensions (TDX). Intel TDX has 4 runtime measurement
registers (RTMR) defined as:
RTMR[0] for TDVF configuration
RTMR[1] for the TD OS loader and kernel
RTMR[2] for the OS application
RTMR[3] reserved for special usage only
The RTMR to PCR mappings are defined in the UEFI Spec 2.10 Section 38.4.1
as follows:
TPM PCR Index | CC Measurement Register Index | TDX-measurement register
------------------------------------------------------------------------
0 | 0 | MRTD
1, 7 | 1 | RTMR[0]
2-6 | 2 | RTMR[1]
8-15 | 3 | RTMR[2]
The CC measurement eventlog is currently exposed as a raw CCEL ACPI table
by the guest OS and the events can be replayed to check log matches with
the RTMR values.
Add EFI CC measurement protocol to stub to get the UKI components measured
and included in the remote attestation reports when vTPMs are not available.
It's now a dlopen library and it is installed at build time via
libiptc-dev, but was never added to the running image.
Follow-up for 5b5f8f8b9aef405cdc42771e7876988d5aefb51e
The documentation for `RestartPreventExitStatus=` differs from that for `SuccessExitStatus=` in ways that are sometimes confusing (e.g. using `numeric exit codes` instead of `numeric termination statuses`), and other times plain incorrect (e.g. not mentioning `termination status names`, which I've just confirmed to work in systemd 255).
This patch modifies the documentation to be as similar as possible, so as to reduce the reader's cognitive load.
Previously, a Route object is owned by a Link object corresponding to the
outgoing interface of the route, and a Route object that does not have
outgoing interface is owned by the Manager object.
However, there were several issues:
- if a route has a nexthop ID, then the corresponding nexthop may be
changed to use another interface, hence the outgoing interface of the
route may be changed.
- if a route requested with MultiPathRoute=, then the link who requests
the route is different from the outgoing interface of the configured
route. So, we need to find routes on other interfaces on reconfiguring
or so.
By this change, the limit of the number of routes per-interface is
tentatively dropped. Let's re-introduce the limit later in a nicer way.
When I added the --background= switch I placed the empty line that was
supposed to separate the options from the next section before the switch
rather than after. Fix that.
To make issues like this harder to run into next time, let's move the \n
from the end of the preceeding line to the beginning of the section
title, since that's pretty much where they belong to.
Follow-up for: 3d8ba7b83f254ec9e137210630a602001674e4d0
`system.hostname` credential is treated similarly to the pre-existing
`system.machine_id` credential. It is considered after /etc/hostname,
but prior to the kernel defaults or os-release defaults.
Fixes#30667.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
If we are told to start from scratch we shouldn't look into the old
image to determine sector size. Looking there is confusing at best, but
plain wrong in many other cases.
I think the existing sections in the preset file make sense, but
alphabetical ordering is kinda cool too.
try to find a middle ground, and at least sort within each section.
No actual change of behaviour, just some reordering of lines.
With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).
Additionally, if a kernel has the kernel.unprivileged_userns_clone
sysctl patch, and that sysctl is 0, then unprivileged userns creation
will always fail.
If a test unit is going to be run in a user manager, and that unit
requires PrivateUsers=yes (explicitly or implicitly), then skip it if
we do not have user namespace privileges.
When using the Xen hypervisor the virtual machine UUID is exposed here.
This is useful when one needs stable IPv4 address assignment, e.g. for a
set of RAM nodes that are built from a template.
If the image name is different from the filename then show it in the
output, since it's relevant for finding sysext/confext release files.
(Image name is typically the filename without the ".raw" suffix and
similar).
Packit otherwise tries to get the latest tag by creation date, which
doesn't work well in the systemd-stable repo:
2024-01-23 13:40:47.858 upstream.py DEBUG No ref given or is not glob pattern
2024-01-23 13:40:47.859 upstream.py DEBUG We're about to get latest matching tag in the upstream repository /tmp/tmp07g2beo8.
2024-01-23 13:40:47.859 commands.py DEBUG Command: git tag --list --sort=-creatordate
2024-01-23 13:40:47.866 logging.py DEBUG v248.13
2024-01-23 13:40:47.866 logging.py DEBUG v249.17
2024-01-23 13:40:47.866 logging.py DEBUG v250.14
2024-01-23 13:40:47.866 logging.py DEBUG v251.20
2024-01-23 13:40:47.867 logging.py DEBUG v252.21
2024-01-23 13:40:47.867 logging.py DEBUG v253.15
2024-01-23 13:40:47.867 logging.py DEBUG v254.8
2024-01-23 13:40:47.867 logging.py DEBUG v255.2
2024-01-23 13:40:47.868 logging.py DEBUG v255.1
2024-01-23 13:40:47.868 logging.py DEBUG v255
...
When we want to tint the bg color we don't care about the hue, we want
to set it ourself after all, hence make the arguments optional, so that
we don't even have to ask for it.
Since signals can take arguments, let's suffix them with () as we
already do with functions. To make sure we remain consistent, make the
`update-dbus-docs.py` script check & fix any occurrences where this is
not the case.
Resolves: #31002
