1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

76484 Commits

Author SHA1 Message Date
Lennart Poettering
81f1aad8ce hwdb: there's KEY_BRIGHTNESS_AUTO these days, hence hook it up where a FIXME suggests that 2024-10-01 18:46:49 +02:00
Lennart Poettering
d8b1d43758 hwdb: make key map match comment for one laptop
No idea what the right fix is here, the commnt says "touchpad off" but
uses "f22" which is touchpad "on".

let's trust the comment, because it's more literal, and assume this was
a mistake.
2024-10-01 18:36:15 +02:00
Lennart Poettering
0a73c8e7b8 linux: import input.h and friends
The CIs apparently have rally old headers, where KEY_BRIGHTNESS_AUTO is
missing, let's hence ship our own copies from a current kernel.
2024-10-01 18:35:00 +02:00
Lennart Poettering
5b80cef69f Revert "Preset user units on first boot as well"
This reverts commit 0a40325573.
2024-10-01 17:33:44 +02:00
Lennart Poettering
19b5853f82 update TODO 2024-10-01 16:50:36 +02:00
Marcel Hellwig
fec09ff094 Update sd_bus_message_append_array.xml
fix pointer constness in documentation
2024-10-01 15:55:28 +02:00
dependabot[bot]
086b94d8e2 build(deps): bump actions/checkout from 4.1.7 to 4.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-01 14:53:35 +02:00
dependabot[bot]
169e500b42 build(deps): bump github/codeql-action from 3.25.15 to 3.26.10
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...e2b3eafc8d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-01 14:53:24 +02:00
dependabot[bot]
156111e6c9 build(deps): bump meson from 1.5.1 to 1.5.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.5.1...1.5.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-10-01 14:53:05 +02:00
Daan De Meyer
9fd8a9dffe Add %posttrans versions of the systemd %postun scriptlets
On upgrades, only the %postun scriptlets of the old package version
run. This means that any changes related to restarting daemons require
two releases before they're actually used.

%postun is used because it runs after the old package has been removed,
which is important as it means any lingering dropins from the old package
will have been removed as well.

To allow deploying fixes in just a single release while still running after
the old package has been removed, let's introduce %posttrans versions of these
scriptlets as %posttrans of the new package runs on upgrade and install after
the old package has been removed.
2024-10-01 12:12:40 +02:00
Daniel Dawson
0c96911afb systemd-integritysetup: accept integrity-algorithm=xxhash64
Signed-off-by: Daniel Dawson <danielcdawson@gmail.com>
2024-10-01 11:16:14 +02:00
Daan De Meyer
bfc48578eb
Merge pull request #34582 from DaanDeMeyer/repart
repart: copy denylist fixes
2024-10-01 08:51:01 +02:00
Lennart Poettering
0376ef36a1 json: add json_dispatch_const_user_group_name()
This is the same as json_dispatch_user_group_name() but fills in the
string as "const char*" to the JSON field. Or in other words, it's what
sd_json_dispatch_const_string() is to sd_json_dispatch_string().

Note this drops the SD_JSON_STRICT flags from various dispatch tables
for these fields, and replaces this by SD_JSON_RELAX, i.e. the opposite
behaviour. As #34558 correctly suggests we should validate user names
in lookup functions using the lax rules, rather than the strict ones,
since clients not knowing the rules might ask us for arbitrary
resolution.

(SD_JSON_RELAX internally translates to valid_user_group_name() with the
VALID_USER_RELAX flag).

See: #34558
2024-10-01 08:32:00 +02:00
Mike Yuan
468c6265a2
Merge pull request #34534 from keszybz/man-exitrd
Formally document exitrds
2024-09-30 21:02:04 +02:00
Daan De Meyer
86c4a000c4
Merge pull request #34583 from DaanDeMeyer/ukify
ukify: Use SizeOfImage from linux image as virtual size of .linux section
2024-09-30 19:54:37 +02:00
Lennart Poettering
26e6986527 update TODO 2024-09-30 17:44:25 +02:00
Mike Yuan
a48c1699eb
Merge pull request #34564 from YHNdnzj/systemctl-status-job-id
systemctl: also show job id in status output
2024-09-30 17:39:19 +02:00
Mike Yuan
c52b2b6518
Merge pull request #34508 from intelfx/work/fix-io-reporting
core/cgroup: cache IO accounting data when pruning a cgroup
2024-09-30 17:38:00 +02:00
Daan De Meyer
7af304d3b6 ukify: Remove special casing for .linux section
Now that we properly leave sufficient space for inline execution of
the .linux section, let's remove the special casing of the .linux
section as it doesn't need to be the last section anymore now.
2024-09-30 16:15:16 +02:00
Daan De Meyer
2188c759f9 ukify: Use SizeOfImage from linux image as virtual size of .linux section
The SizeOfImage is bigger than the image itself so that space is
guaranteed to be available for in place execution of the linux image. Let's
make sure we take this into account and use SizeOfImage as the section's virtual
size instead of the size of the image itself.

Fixes #34578
2024-09-30 15:52:59 +02:00
Yu Watanabe
82f2c33db5 tpm2-util: show loaded libraries in 'systemd-analyze has-tpm2'
After 3b16e9f419, even the libraries are
documented in the man page, it is useful to mention which libraries are
checked in the command output.

Of course, the dependencies are kind of implementation detail, and may
be changed in the future version, but that's especially why I think
showing the library deps in the output is useful.

systemd-analyze is a debugging tool, and already shows many internal
states. I think there is nothing to prevent from showing the deps.

Prompted by #34477.
2024-09-30 15:40:14 +02:00
David Tardon
cd9c3327cb logind-dbus: really cancel scheduled shutdown
Fixes #34554
2024-09-30 15:13:00 +02:00
Daan De Meyer
83d4c135e8 ukify: Drop unused size() method 2024-09-30 13:42:23 +02:00
Daan De Meyer
0bbe63fc66 repart: Apply denylist to individual files as well 2024-09-30 13:41:26 +02:00
Daan De Meyer
dc4710ceb2 repart: Shortcut copy if source or target starts with exclude path
If the source or target we're copying to is a subdirectory of any of the
directories specified in ExcludeFiles= or ExcludeFilesTarget=, shortcut the
entire copy operation.
2024-09-30 13:41:11 +02:00
Zbigniew Jędrzejewski-Szmek
d713c131a5
Merge pull request #34572 from keszybz/fix-printing-of-RootImageOptions
Fix printing of RootImageOptions
2024-09-28 17:23:44 +02:00
Mike Yuan
6fd58537e5
Merge pull request #34548 from SimonPilkington/fix-creds-cat
creds: fix cat with encrypted credentials
2024-09-27 20:51:57 +02:00
Zbigniew Jędrzejewski-Szmek
8dc40c25a4 shared: adjust whitespace and formatting 2024-09-27 20:19:58 +02:00
Zbigniew Jędrzejewski-Szmek
69c751c61c systemctl: fix printing of RootImageOptions
The type is a(ss), so a custom printer is required.

Fixes https://github.com/systemd/systemd/issues/33967.
2024-09-27 20:19:58 +02:00
Mickaël Salaün
e996663475 seccomp-util: include @sandbox in @default
Every services and containers should be able to protect their users and
limit the impact of security bugs thanks to the security syscalls
provided by seccomp and Landlock.  The goal of these syscalls is to
improve security with additional restrictions.  They are designed to be
safely used by unprivileged (and then potentially malicious) users.

Remove the now-redundant "seccomp" entry for nspawn.
2024-09-27 12:37:37 +02:00
Zbigniew Jędrzejewski-Szmek
1ca81b2e00 man: fix formatting in file-hierarchy
Somebody wrapped the text, but whitespace is preserved in <programlisting>, so
the output was mangled. It also doesn't make sense to run systemd-path as root
(as indicated by '#'), so drop that. Also, this chunk should be a separate
paragraph.
2024-09-26 19:57:07 +02:00
Mike Yuan
b1ec48369c
systemctl: also show job id in status output
Prompted by one ASG talk ;)
2024-09-26 17:59:00 +02:00
Mike Yuan
cdf684fc00
shared/bus-map-properties: move bus_map_job_id() from wait-for-units 2024-09-26 17:59:00 +02:00
Daan De Meyer
5acca1b885 mkosi: update arch commit reference
* d5a2dc54da Use vmlinux.h from linux-headers
* 59912d804f update checksums...
* 83edb5244e build: set ssh privsep dir to /usr/share/empty.sshd
* 65363cc5ba build: explicitly enable vmlinux-h=generated
* 14e6d27dd4 build: drop deprecated default-hierarchy option
* 81e7545ca3 systemd.install: stop applying ACL ourselves
* 147c214201 systemd-hook: use systemd-notify --booted to detect if systemd is running
* 010bc3c05c upgpkg: 256.6-1: new upstream release
2024-09-25 21:23:16 +02:00
Nils K
543015a164 Fix reference to FileDescriptorStoreMax= directive 2024-09-25 16:16:29 +02:00
Simon Pilkington
bb322e4340 NEWS: Document change to systemd-creds 'cat' verb
See: https://github.com/systemd/systemd/pull/34548
2024-09-25 16:08:01 +02:00
Ivan Kruglov
e826a8bed4 machine: resolve race condition in TEST-13-NSPAWN.machinectl.sh
I encountered this race condition while working on TEST-13-NSPAWN.varlinkctl.sh.
The long-running machine's init script sometimes does not have time to start and
register signals. As result, occasiounally failed tests.
2024-09-25 12:23:12 +02:00
Simon Pilkington
32951fe4de creds: fix cat with encrypted credentials
Fixes: https://github.com/systemd/systemd/issues/34547
2024-09-25 11:25:48 +02:00
Zbigniew Jędrzejewski-Szmek
20d00d1f3c TODO: add one more systemctl rfe 2024-09-25 08:56:35 +02:00
Yu Watanabe
4046c49c13
Merge pull request #34549 from weblate/weblate-systemd-main
Translations update from Fedora Weblate
2024-09-25 06:49:48 +02:00
Fábio Rodrigues Ribeiro
f46bc5a85e po: Translated using Weblate (Portuguese (Brazil))
Currently translated at 97.2% (246 of 253 strings)

po: Translated using Weblate (Portuguese (Brazil))

Currently translated at 96.0% (243 of 253 strings)

Co-authored-by: Fábio Rodrigues Ribeiro <farribeiro@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pt_BR/
Translation: systemd/main
2024-09-25 03:07:13 +02:00
Gabriel Elyas
f557945157 po: Translated using Weblate (Portuguese (Brazil))
Currently translated at 96.0% (243 of 253 strings)

po: Translated using Weblate (Portuguese (Brazil))

Currently translated at 89.3% (226 of 253 strings)

Co-authored-by: Gabriel Elyas <gabrielelyas@protonmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pt_BR/
Translation: systemd/main
2024-09-25 03:07:13 +02:00
Daan De Meyer
df4d09f78e units: Order ldconfig after systemd-tmpfiles-setup.service
tmpfiles might be linking the configuration for ldconfig into /etc
so make sure it runs after it so that the configuration is guaranteed
to be in place.
2024-09-24 15:32:58 +02:00
Daan De Meyer
e11745d000 repart: Determine verity sig size based on partition designator
Verity= is an image build concept, not a first boot concept, whereas
a partition designator is always available, so let's do the size stuff
based on that.
2024-09-24 09:07:41 +02:00
Ivan Shapovalov
17bbdefd8c core/cgroup: cache IO accounting data when pruning a cgroup
When removing a cgroup in unit_prune_cgroup(), read IO metrics to cache
them similar to the existing treatment of the CPU and memory usage data.

Note that we do not do this for the IP metrics as the firewall objects
are only destroyed in unit_free() and thus stay alive long enough to
be read out directly by all interested parties.

Fixes #26988.
2024-09-23 20:12:58 +02:00
Zbigniew Jędrzejewski-Szmek
7352a0093f man: say that SYSEXT_SCOPE=initrd also applies to exitrds
We generally do _not_ want the same sysexts to be loaded in both initrd and
exitrd phases. The environment is completely different and it's unlikely that
the same code can be useful in both places. Nevertheless, it can be useful in
_some_ cases, for example when the sysexts contains debugging tools.

I think we don't need to differentiate between initrds and exitrds through
SYSEXT_SCOPE, because the two types are made available in completely different
locations and loaded through a different mechanism, with very little chance of
an initrd being loaded as an exitrd without an explicit admin action (or the
other way around). So let's not complicate our code or definitions by an
explicit "exitrd" sysext designator, but just clarify that "initrd" also
encompasses exitrds in this context.
2024-09-23 12:12:06 +02:00
Zbigniew Jędrzejewski-Szmek
c87bce7d28 man: reword some sentences with umbiguous subjects
A sencence like "The system manager does, a, b, c, which is really d, and e.",
it is generally understood that the manager also does "e". This can be
quite confusing if the manager cannot do "e", in our case unmount the file
system on which it is sitting.

Similary, we cannot "fall back to x if it is missing", since "it" in that
sentence means "x".
2024-09-23 12:09:43 +02:00
Zbigniew Jędrzejewski-Szmek
ace26a511f man: slightly enhance docs about "exitrd" and remove TODO entry for it
The concept is fairly well established and present in our docs in various
places.

Say that the exitrd is also marked by the presence of /etc/initrd-release.
2024-09-23 12:09:43 +02:00
Daan De Meyer
942eba930b repart: Use swap format for swap partition even if encrypted 2024-09-23 10:44:37 +02:00
Daan De Meyer
f3b8e81f54 repart: Add a log message when we're about to fsync(). 2024-09-23 10:43:42 +02:00