IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Whereas RFC 1035 says the TTL field takes the "positive values of a
signed 32 bit number", and RFC 2181 says "Implementations should treat
TTL values received with the most significant bit set as if the entire
value received was zero,", the dns_packet_read_rr() function sets
rr->ttl to zero if the MSB is set.
However, EDNS(0) as specified in RFC 6891 repurposes the TTL field's 4
octets to store other information, c.f.:
+0 (MSB) +1 (LSB)
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
0: | EXTENDED-RCODE | VERSION |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
2: | DO| Z |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The first octet extends the usual 4-bit RCODE from the packet header by
providing an additional 8 bits of space, extending the RCODE to 12 bits.
But, our handling of the TTL field means that the high bit in the first
octet is not actually usable, since setting it will mean these 4 octets
are replaced with 0. This may have the effect of making us believe a
server does not support DNSSEC when it actually set the DO bit in its
OPT record.
Here we change things so that the TTL is only set to zero for record
types other than OPT.
(cherry picked from commit 131787979c)
When running the test on aarch64 the symlinks look as follows:
"""
[root@H ~]# ls /dev/disk/by-path
platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0 platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part1 platform-4010000000.pcie-pci-0000:00:05.0-nvme-16
platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part platform-4010000000.pcie-pci-0000:00:04.0-scsi-0:0:0:0-part2 platform-4010000000.pcie-pci-0000:00:05.0-nvme-17
"""
So let's make the PCI patterns a little more generic so they match
both the x86 and the aarch64 paths.
(cherry picked from commit 72d121b601)
We would say how *sources* are licensed, but actually most user care about the
resulting binaries. So say how the *binaries* are licensed. I used the word
"effectively" because the permissive licenses don't set any requirements on the
binaries, so the license of sources is a complex mix, but the resulting
binaries have a simple effective license.
Also, make it clear that the GPLv2 license applies to udev programs, but not
the shared library. Based on private correspondence, there's some confusion
about this.
(cherry picked from commit bd7236912f)
Let's make sure we pull in multi-user.target so that we get a console
when a test fails and we're running meson test with --interactive.
(cherry picked from commit 32f3617fd7)
Using double quotes in f-strings only works from python 3.12 onwards.
Use single quotes to make sure python 3.9 works as well.
Also clean up quotes a little in general.
(cherry picked from commit 4e469c0af2)
Trying to use bus pci slot 0 fails on aarch64 so let's use 1 instead.
The error:
"""
qemu-system-aarch64: -device virtio-blk-pci,drive=drive0,scsi=off,bus=pci_bridge25: Unsupported PCI slot 0 for standard hotplug controller. Valid slots are between 1 and 31.
"""
(cherry picked from commit 7f07f9c8cd)
I expect the test output to be the second argument, so we're diffing "expected"
and "output", not the other way around.
I noticed this when working on https://github.com/systemd/systemd/pull/33081.
(cherry picked from commit 6bb3ea655d)
Update the man page of tmpfiles.d to remove outdated comments regarding the behavior of ownership with symlinks.
The behavior has been changed in this commit 51207ca134
(cherry picked from commit d108198f39)
The logic of the Describe() call was supposed to be: if we can acquire
the PK priv to get the product UUID then let's return the product UUID,
and if we cannot then return the data without it.
This didn't work however, since the polkit varlink glue would
immediately propagate the error it acquired from polkit its own client.
Let's turn this off, optionally, so that hostnamed can handle this
nicely.
(cherry picked from commit b6464e80d6)
The kernel's sched_setattr interface allows for more control over a processes
scheduling attributes as the previously used sched_setscheduler interface.
Using sched_setattr is also the prerequisite for support of utilization
clamping (UCLAMP [1], see #26705) and allows to set sched_runtime. The latter,
sched_runtime, will probably become a relevant scheduling parameter of the
EEVDF scheduler [2, 3], and therefore will not only apply to processes
scheduled via SCHED_DEADLINE, but also for processes scheduled via
SCHED_OTHER/SCHED_BATCH (i.e., most processes).
1: https://docs.kernel.org/next/scheduler/sched-util-clamp.html
2: https://lwn.net/Articles/969062/
3: https://lwn.net/ml/linux-kernel/20240405110010.934104715@infradead.org/
(cherry picked from commit 016e9d8d08)
File offsets in UEFI are 64bit on all archs, hence let's use that typo
too, and not create artificial confusion around types.
(cherry picked from commit 9573ab8f5a)
Before 12001b1bf0, write() is required for
if Type=exec. However, with the previous commit, now write() is also used
for sending handoff timestamp. Let's allow write() if necessary.
Fixes a regression caused by 12001b1bf0.
Fixes#33299.
(cherry picked from commit 84b79215cc)
Before 12001b1bf0, the timestamp is sent
with write(), but the commit made the timestamp sent by send(), and
causes regressin #33299.
Note the invocation will still fail if write() is filtered by seccomp.
But, that is an old issue since Type=exec is introduced
(5686391b00).
Partially fixes a regression caused by 12001b1bf0.
Partially fixes#33299.
(cherry picked from commit 5161422bb5)
description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around.
(cherry picked from commit 1750e30d23)
Similar to the previous commit, but for preventing from removing static
routes on receiving RA with zero lifetime.
Fixes a regresson caused by 479d3e1994.
Fixes#33346.
(cherry picked from commit fd436c8d67)
We have already ignored conflicting address configurations requested by
NDisc protocol. See ndisc_request_address().
Let's follow the same rule for routes. That is, if there are conflicting
static routes configured or requested, do not override them by NDisc.
Also, swap the order of checking existing route and existing request.
Fixes a regression caused by 972f1d17ab.
Prompted by #33346.
(cherry picked from commit 7af3e8cd00)
The purpose of the check is to prevent leaking API VFS fds
from host into a mount namespace/container. When mountns
is not used at all, the check is pointless and causes
inconvenience. E.g. file managers might need to be spawned
under those directories, and they surely won't run in mountns.
Suggested in https://github.com/systemd/systemd/pull/33454#issuecomment-2186351467Fixes#33361
(cherry picked from commit 276bd392ec)
Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.
(cherry picked from commit 82f57401d9)
During cross-compilation of systemd, the compiler used to build the bpf's needs
to be pointed at the correct include searchpath. Which can be done by passing
the corresponding directory in through the cflags; for example in yocto/bitbake
this would work: CFLAGS += "--sysroot=${STAGING_DIR_TARGET}"
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
(cherry picked from commit b608bf5620)
Follow up for 8b3b01c4b7
We switch to PROJECT_VERSION instead of PROJECT_VERSION_FULL where
we report our version and which is likely being parsed to avoid
breaking compat. If we didn't, the output would change from systemd
255 to systemd 255.1 which could break various tools.
(cherry picked from commit 6a4fcf8cef)
The GIT_VERSION is changed to use VERSION_TAG, but in case of cross build
for src/boot/efi, it's not set, causing build error because the compiler cannot
know it's a macro thus treating it as some variable and error out.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
(cherry picked from commit 646ed5af00)
Now that we have a way to rebuild and reinstall systemd without
having to rebuild the image, let's default to building a disk image
again.
(cherry picked from commit 96110261ee)
Now that we're running on Noble instead of Jammy btrfs has the temp_fsid
feature which means we can mount the same image multiple times so let's
switch back to btrfs instead of ext4 as the filesystem as btrfs properly
records timestamps when building filesystems from a root directory unlike
ext4.
(cherry picked from commit 93440db8b5)
