1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

44834 Commits

Author SHA1 Message Date
Lennart Poettering
7407f68980 cryptsetup: automatically load luks keys off disk
Let's make loading of keys a bit more automatic and define a common
place where key files can be placed. Specifically, whenever a volume of
name "foo" is attempted, search for a key file in
/etc/cryptsetup-keys.d/foo.key and /run/cryptsetup-keys.d/foo.key,
unless a key file is declared explicitly.

With this scheme we have a simple discovery in place that should make it
more straightfoward wher to place keys, and requires no explicit
configuration to be used.
2020-05-19 17:28:25 +02:00
Lennart Poettering
23769fb371 cryptsetup: split out key loading from pkcs11 code and teach search path logic
Let's do some rearrangements, so that we can later on use this to
automatically search for a key file.
2020-05-19 17:28:16 +02:00
Lennart Poettering
d3d49e7649 cryptsetup: optionally remove key file after use
This is useful when the key file is acquired dynamically in some form
and should be erased after use.

Note that this code tries to be robust, and removes the key file both on
success and on failure.
2020-05-19 17:28:13 +02:00
Lennart Poettering
8ced40c09b cryptsetup: catch up with debian crypttab options a bit
Support some aliases Debian added, and drop some options that Debian
dropped from our list of unsupported options.
2020-05-19 17:28:09 +02:00
Lennart Poettering
053e0626db fs-util: teach unlinkat_deallocate() a simple scheme for overwriting for erasing
With that it becomes useful for deleting password files and such.
2020-05-19 17:27:13 +02:00
Lennart Poettering
1d06deba0f
Merge pull request #15845 from poettering/btrfs-encrypted-fix
make path_is_encrypted() test pass on btrfs inside container
2020-05-19 17:15:22 +02:00
Zbigniew Jędrzejewski-Szmek
2946d46355
Merge pull request #15843 from poettering/busctl-duplicate-tweaks
busctl: improve log messages on duplicate members or interfaces
2020-05-19 16:33:46 +02:00
Lennart Poettering
f12465466d
Merge pull request #15848 from keszybz/small-doc-tweaks
A few tweaks to docs
2020-05-19 16:29:58 +02:00
Zbigniew Jędrzejewski-Szmek
70fcda8562 NEWS: retroactively document Family=
Requested in https://github.com/systemd/systemd/issues/13233#issuecomment-630800112.
2020-05-19 16:21:52 +02:00
Lennart Poettering
544e146b0e journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable
It annoyed me for quite a while that running "journalctl --file=…" on a
file that is not readable failed with a "File not found" error instead
of a permission error. Let's fix that.

We make this work by using the GLOB_NOCHECK flag for glob() which means
that files are not accessible will be returned in the array as they are
instead of being filtered away. This then means that our later attemps
to open the files will fail cleanly with a good error message.
2020-05-19 15:26:51 +02:00
Zbigniew Jędrzejewski-Szmek
7f6b827f36
Merge pull request #15836 from poettering/makefs-lock
lock whole block device file running makefs
2020-05-19 15:23:23 +02:00
Lennart Poettering
feb13fca97 repart: don't insist on coming up on partition label ourselves
If the user specified a label, use that.

Fixes: #15841
2020-05-19 15:04:01 +02:00
Lennart Poettering
3468e5ac51 btrfs-util: tweak error code a bit 2020-05-19 12:12:00 +02:00
Lennart Poettering
f8838c6c2f test-fs-util: don't fail on btrfs file systems in containers
Fixes: #15821
2020-05-19 12:11:12 +02:00
Frantisek Sumsal
44dcb318cc
Merge pull request #15842 from evverx/cifuzz
cifuzz: protect forks from CIFuzz
2020-05-19 10:30:32 +02:00
Norbert Lange
cdf7ad38b6 allow removal of initrd services 2020-05-19 10:19:18 +02:00
Zbigniew Jędrzejewski-Szmek
5e375a1ef2
Merge pull request #15794 from poettering/pam-sudo-fixes-part2
pam_systemd/pam_systemd_home: fix caching
2020-05-19 10:09:14 +02:00
Lennart Poettering
201fa8f256
Merge pull request #15166 from ssahani/networkctl-ipvlan
networkctl: Add support to display ipvlan
2020-05-19 09:29:45 +02:00
Lennart Poettering
c5dc0a298e homed: use right config section in example config
We really should get this right, otherwise it's a pretty useless vendor
default example configuration file.

Follow-up for: c76dd733af
2020-05-19 09:26:49 +02:00
Lennart Poettering
f17153a721 busctl: improve error messages on duplicate members/interfaces
Prompted by: #15833
2020-05-19 09:11:15 +02:00
Lennart Poettering
9600c27c41 busctl: use structured initialization 2020-05-19 09:04:36 +02:00
Zbigniew Jędrzejewski-Szmek
11aaaa2c96 TODO: drop some external items
Those are either implemented or obsolete.
2020-05-19 08:59:53 +02:00
Zbigniew Jędrzejewski-Szmek
e2da649182 TODO: drop some networkd items
DUID/IAID — #2818, #2890, #3156,
Scope – #6449,
bond options — #10542,
option 119: sd_network_get_domains/sd_network_get_search_domains,
/proc/cmdline parsing – 426c1d3852,
wait states — #14536.
2020-05-19 08:56:53 +02:00
Lennart Poettering
619720ba0a
Merge pull request #15810 from poettering/override-first-boot
core: allow overriding needs-update/first-boot/system clock via kernel cmdline
2020-05-19 08:45:59 +02:00
Lennart Poettering
01bcea4999 dhcp6: slightly improve log message
Let's clarify that we proceed anyway.

Prompted-by: #15830
2020-05-19 08:25:43 +02:00
Evgeny Vereshchagin
e2cf880e68 README: add a CIFuzz badge
Just a follow-up to https://github.com/systemd/systemd/pull/15760
2020-05-19 08:12:23 +02:00
Evgeny Vereshchagin
82d7a25ee6 cifuzz: protect forks from CIFuzz
CIFuzz isn't compatible with forks: https://github.com/google/oss-fuzz/issues/3731
2020-05-19 08:12:07 +02:00
Vladyslav Tronko
bc48b25afd journal: fix dropping first record during upload to remote journal 2020-05-19 07:58:59 +02:00
Zbigniew Jędrzejewski-Szmek
abc72137d1
Merge pull request #15838 from poettering/hostnamed-instant-part2
more hostnamed fixes, split out of #15624
2020-05-19 07:54:47 +02:00
Zbigniew Jędrzejewski-Szmek
7b9289b1a0 man: fix dir name in sysctl.d(5)
Pointed out by Коренберг Марк in
e0f424790d (commitcomment-39259499).
2020-05-18 21:14:42 +02:00
Lennart Poettering
cfb9433de4 hostnamed: call our destructor _destroy(), not _clear() 2020-05-18 21:12:37 +02:00
Lennart Poettering
5704cd733c hostnamed: don't cache system UUID
There's no point in caching this. Let's always get this directly from
sysfs, so that we can never get out-of-date data here (after all this is
going to be cheap, and people might overmount it or so)
2020-05-18 21:11:50 +02:00
Lennart Poettering
72f48cd3e3 hostnamed: don't cache uname() data
Let's not cache the uname(), it's very cheap to get it, and just means
we might get out of sync with what is current. After all, the data might
change IRL, due to setarch and stuff.
2020-05-18 21:11:50 +02:00
Lennart Poettering
db2c56b0dd cryptsetup-generator: use systemd-makefs for implementation of "swap" and "tmp" options
This way we can take benefit of the correct block device locking we just
added.

I was thinking whether to instead pull in a regular
systemd-makefs@.service instance, but I couldn't come up with a reason
to, and thus opted for just doing the minimal patch and just replacing
the simply mkfs calls.

Fixes: #10179
Replaces: #13162
2020-05-18 20:50:03 +02:00
Lennart Poettering
a5a8fe2e8d makefs: normalize logging a bit 2020-05-18 20:50:03 +02:00
Lennart Poettering
0181ad85b3 makefs: lock device while we operate
Let's implement our own specs, i.e.

https://systemd.io/BLOCK_DEVICE_LOCKING/

This should address issues like this: #13162
2020-05-18 20:50:03 +02:00
Lennart Poettering
c6526b8d66 update TODO 2020-05-18 20:20:50 +02:00
Lennart Poettering
34293dfafd core: allow overriding the system hostname with systemd.hostname= on the kernel command line 2020-05-18 20:20:50 +02:00
Lennart Poettering
3753325bef main: add a kernel command line option for setting the system clock early during boot 2020-05-18 20:20:50 +02:00
Lennart Poettering
814872e925 condition: introduce systemd.condition-first-boot= kernel command line switch
Much like systemd.condition-needs-update= this new switch allows
overriding of a unit file condition, but this time its
ConditionFirstBoot=.

Usecase is also primarily debugging, but could be useful for other
schemes too.
2020-05-18 20:20:50 +02:00
Lennart Poettering
5439d8212c condition: debug log if F_OK check on /run/systemd/first-boot fails unexpectedly 2020-05-18 20:20:50 +02:00
Lennart Poettering
ce0f7f5546 condition: reverse if check to lower indentation level
No change in behaviour. Let's just prefer early exit over deeper
indentation.
2020-05-18 20:20:22 +02:00
Lennart Poettering
f8b4ae29c7 condition: allow overriding of ConditionNeedsUpdate= on the kernel command line
This should be useful for addressing #15724.
2020-05-18 20:17:57 +02:00
Lennart Poettering
3931056767 proc-cmdline: add some explanatory comments 2020-05-18 20:17:57 +02:00
Lennart Poettering
b2d1ad757c condition: when reading /etc/ modification timestamp, let's actualy compare it as-is
Previously, we'd only compare the nsec component of it, which sounds
needlessly fragile. Let's instead compare the timestamp as it is.
2020-05-18 20:17:57 +02:00
Lennart Poettering
f33cd69b5c condition: downgrade a few log messages to debug
Condition checks shouldn't log loudly, since they run all the time.
Let's make things debuggable, by keeping the messages in LOG_DEBUG in,
but don't make more noise than necessary.
2020-05-18 20:17:57 +02:00
Lennart Poettering
df1f5dc1d9 condition: add debug log messages on unexpected errors 2020-05-18 20:17:57 +02:00
Lennart Poettering
841c0987f7 condition: check if path is absolute first
We should do this check first since it is done on the string itself
without any conditioning of system state otherwise. It is a weird to do
this test only if /etc is read-only.
2020-05-18 19:55:56 +02:00
Susant Sahani
851ef1ed56 networkctl: Add support to display ipvlan
```
build/networkctl status myipvlan1                                                                                                                                                        ─╯
● 26: myipvlan1
             Link File: /usr/lib/systemd/network/99-default.link
          Network File: n/a
                  Type: ether
                 State: off (unmanaged)
                Driver: ipvlan
            HW Address: 4e:c5:88:28:c1:c0
                   MTU: 1500 (min: 68, max: 65535)
                 QDisc: noop
                  Mode: L2 (bridge)
  Queue Length (Tx/Rx): 1/1

```
2020-05-18 19:07:04 +02:00
Lennart Poettering
ac83e5aeca blockdev: add helper for locking whole block device 2020-05-18 18:41:56 +02:00