IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When we want to get an interactive shell in a test that fails because
of a race condition, we might need to run the test a few times with
--repeat before it fails. However, currently, when -i is used, the VM
needs to be shut down manually each time before the next run can start.
Let's always shut down the VM if the test succeeds so that --repeat can
be used with -i to run the test until it fails and then get an interactive
shell in the VM.
If we set it to '0' if integration tests are not enabled then we can't
enable them from the command line since environment from meson takes
priority over environment variables from the command line.
We also rename the related variables to avoid conflicts with the
existing integration_tests variable.
We want /tmp to be a tmpfs so let's hack the debian packaging to
make sure that's the case until the debian packaging is fixed to
make /tmp a tmpfs for UPSTREAM=1 builds.
Only missing on CentOS/Fedora/OpenSUSE as in Arch/Debian/Ubuntu it's
part of the cryptsetup package which we already install.
Required for TEST-58-REPART.
Not supported by e2fsck from centos. We also disable building repart
from source in CI as running it from the build directory means repart
will run mkfs.ext4 from the host which doesn't know about the orphan_file
feature causing it to fail.
By default mkosi will not run VMs with these features if they're not
available, but since various stuff in systemd makes use of these, let's
fail loudly if any of these are not available by default in systemd.
Users can still override these defaults locally if they wish.
The systemd-confext use case description was mentioning an OSConfig
project which won't say much to users. Also, it's good to call out that
systemd-confext provides a reliable way to manage configuration because
in contrast to other tools it will remove all old configuration files.
The Xiaomi Mipad2 tablet has 3 capacitive buttons at the bottom.
These 3 buttons are handled by the touchsceen (the touchscreen extends
downwards to cover the bottom bezel).
By default these send Windows specific shortcuts which do not work
with Linux desktop environments:
Menu: LeftMeta + S
Home: LeftCtrl + Esc
Back: Backspace
Map these to menu / leftmeta (Windows key / Win 8 tablet home button key) /
back.
Let's use the new follow_symlinks flag instead on newer meson to.
We also switch back to copying symlinks instead of following them
and add an exclude for 25-default.link which becomes dangling when
installed and recreate it manually instead.
Otherwise there's a chance the handover timestamp is less than the
start timestamp depending on the whims of the scheduler.
For non-forking services, we also propagate the start timestamp into
Service->main_exec_status to make sure it starts earlier than the
handoff timestamp.
It is necessary to install the selinux policy in the initramfs
so that userland is entered with the correct label.
SELinuxRelabel defaults to auto, which will skip if the relabelling
command is not installed and will treat failure to relabel as non-fatal.
We can't force it on because root privileges are required if the labels
don't exist on the host system and we would like to be able to
cross-build from other distributions.
Since we are already committed to relabelling on first boot
there is no value in even trying to label.
Other distributions may be able to install selinux
but they are not expected to use it.
The distribution is tested rather than whether selinux is enabled
because it is expected to work on CentOS and Fedora
and we want it to fail noisily.
According to the documentation in systemd.resource-control(5),
resource-control options may be used in mount, scope, service,
slice, socket and swap units.
While e.g. systemd.service(5) includes that information,
documentation for some other units does not.
The most problematic example is systemd.slice(5).
Its documentation states a slice unit may only contain [Install]
and [Unit] sections, while actually it may contain also a [Slice]
section with options from systemd.resource-control(5).
units/user/app.slice is an example of a slice unit having a [Slice]
section.
Some people are just sad, sad lost souls who don't like even the tiniest
ray of color in their life. Let's add an env var knob for allowing them
to turn the background tinting off, to drive the last bit of color from
their life so that they can stay in their grey grey life.
Otherwise, if a service unit that requests LogNamespace= stopped before
systemd-journald@.service is started, logs generated by the service will be
lost, as systemd-journald@.socket is stopped and
systemd-journald@.service will never started.
To prevent the issue, let's introduce another implicit dependency to
a oneshot service that explicitly synchronizes a namespaced journal file
when the log namespace is not needed anymore.
Fixes#32604.
The recently merged PR #32295 introduced support for the credProtect
extension, but in doing so, it broke the discoverability of credentials
by setting the policy to FIDO_CRED_PROT_UV_REQUIRED for UV-less,
PIN-protected credentials. This policy would require us to pass the PIN
to the token in the pre-flight request to be able to discover it,
which defeats the purpose of pre-flight requests as they're supposed
to be non-interactive.
This commit restricts the usage of credProtect to UV credentials only.
