1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-13 17:18:18 +03:00

60054 Commits

Author SHA1 Message Date
Lennart Poettering
842beda4c5 TODO 2022-09-23 16:13:11 +02:00
Lennart Poettering
dd5533801b
Merge pull request #24700 from poettering/ssh-creds
support easy provisioning for SSH key of root user
2022-09-23 16:01:09 +02:00
Lennart Poettering
6e19a7ce13
Merge pull request #24628 from medhefgo/boot-sections
boot: Try to detect overlapping PE sections
2022-09-23 15:45:28 +02:00
Lennart Poettering
a9dba3ef5f
Merge pull request #24796 from yuwata/doc-update
documentation updates
2022-09-23 15:13:18 +02:00
Lennart Poettering
e711431d50
Merge pull request #24794 from DaanDeMeyer/repart-follow-ups
repart: Extend squashfs logic to all read-only filesystems
2022-09-23 15:12:56 +02:00
Lennart Poettering
addc84ec91
Merge pull request #24686 from d4nuu8/delta_output
shared/logs-show: add new --output= format "short-delta"
2022-09-23 13:33:55 +02:00
Lennart Poettering
fdcc31b718 update TODO 2022-09-23 11:44:01 +02:00
Yu Watanabe
78f14b2ff0 README: drop graphs counting issues or PRs
These cannot be accessible anymore.
2022-09-23 18:29:22 +09:00
Yu Watanabe
0b0cdb1652 doc: drop remaining references to LGTM.com 2022-09-23 18:29:22 +09:00
Avamander
a79f5097e7
Updated Lenovo ThinkPad T440p/T440 touchpad fuzz (#24779) 2022-09-23 18:26:01 +09:00
Daniel Braunwarth
893bcd3d07 shared/logs-show: add new --output= format "short-delta"
This new output formatting option is similar to "short-monotonic" but
also shows the time delta between two messages.

This fixes #24641.
2022-09-23 10:07:03 +02:00
Daniel Braunwarth
275e6be052 logs-show: move timestamp reading into show_journal_entry() 2022-09-23 10:07:03 +02:00
Daan De Meyer
eaec699494 shared: Don't try to generate read-only filesystem that we don't support
We need explicit support to generate read-only filesystems, since we
always need to pass a source tree to the mkfs binary to populate the
filesystem. As such, let's add an explicit check to return a
recognizable error when users try to generate a read-only filesystem
that we don't support.
2022-09-23 09:55:26 +02:00
Daan De Meyer
eb43379cec repart: Extend squashfs logic to all read-only filesystems
The same logic will apply to every read-only filesystem that we
might add support for in the future, so let's make this a bit more
future proof.
2022-09-23 09:55:17 +02:00
Lennart Poettering
d1666bde9c update TODO
(let's also merge all TODO items about adding creds support to various
tools into one item)
2022-09-23 09:34:12 +02:00
Lennart Poettering
0bbc5a5674 man: add man page decribing well known system credentials 2022-09-23 09:33:00 +02:00
Lennart Poettering
aebdd3f3d7 test: add test case for new ':' uid/gid/access modifier in tmpfiles.d 2022-09-23 09:31:54 +02:00
Lennart Poettering
fdc4b8b1e0 man: document new : modified for uid/gid/access mode in tmpfiles.d 2022-09-23 09:30:57 +02:00
Lennart Poettering
4cebd207d1 tmpfiles: add lines for provisioning ssh keys for root by default
With this, I can now easily do:

    systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot

To boot into an image with my SSH key copied in. Yay!
2022-09-23 09:30:00 +02:00
Lennart Poettering
27f6aa0b71 tmpfiles: rework empty_directory() to also use chase_symlinks() 2022-09-23 09:28:59 +02:00
Lennart Poettering
9e430ce3d4 tmpfiles: move symlink creation into its own function, and modernize
Let's ensure it also operates based on O_PATH, like fifo/device node/…
creation.
2022-09-23 09:27:53 +02:00
Lennart Poettering
8f6fb95cd0 tmpfiles: whenever creating an inode, immediately O_PATH open it to pin it
let's make things a bit less racy: whenever we create an inode,
immediately open it via O_PATH, compare type and continue operations
with the acquired fd.
2022-09-23 09:26:56 +02:00
Lennart Poettering
497ca785aa fs-util: add mknodat_atomic() 2022-09-23 09:25:33 +02:00
Lennart Poettering
4f477796f3 fs-util: make mkfifo_atomic() just a shortcut for mkfifoat_atomic() 2022-09-23 09:24:05 +02:00
Lennart Poettering
da9dd029a2 fs-util: replace symlink_atomic() by symlinkat_atomic() 2022-09-23 09:22:36 +02:00
Lennart Poettering
cc43328c7f tmpfiles: allow prefixing uid/gid/mode with ":" to only apply on creation
In some cases it is useful to specify the access mode/uid/gid for inodes
we create without also enforcing them on existing inodes. Let's add a
new flag for that: if the uid/gid/mode specificaitons are prefixed with
":", then they only apply to creation, not otherwise.

This is specifically useful for provisioning SSH keys later. Those we'd
like to provision like this:

<snip>
d /root :0700 root root -
d /root/.ssh :0700 root root -
f^ /root/.ssh/authorized_keys - - - - ssh.authorized_keys
</snip>

While /root/ + /root/.ssh/ being owned by root is pretty uncontroversial
the access mode of /root/ and /root/.ssh/ might not be. Hence we should
only have a default mode defined that is used when we create the dir,
but not otherwise.
2022-09-23 09:21:34 +02:00
Lennart Poettering
a9bc518c08 tmpfiles: generalize CreationMode and pass it everywhere
For some purposes we had CreationMode which indicates whether an inode
was created by us, or is pre-existing. Let's generalize that for *all*
operations. This is later useful to conditionalize certain operations on
that (and makes the codebase more systematic)
2022-09-23 09:20:37 +02:00
Lennart Poettering
c5d554aa66 tmpfiles: rebreak some comments 2022-09-23 09:19:02 +02:00
Daan De Meyer
c8f38bf077
Merge pull request #24797 from yuwata/networkctl
networkctl: several table format updates
2022-09-23 08:45:47 +02:00
Yu Watanabe
f8d7c0c55e networkctl: re-order entries in status command
Also fixes "Speed:" field, which may show empty value.
2022-09-23 11:20:26 +09:00
Yu Watanabe
767bc538c5 test-network: fix matching string
This partially reverts 5515f2169cb5980996044eabb5f1b35e00fd81eb.
As the commit changes 'networkctl list', not 'networkctl status'.
2022-09-23 10:43:17 +09:00
Yu Watanabe
3874765735 networkctl: use "-" for empty LLDP entries 2022-09-23 10:39:42 +09:00
Yu Watanabe
67c3e1f63a udev: support by-path devlink for multipath nvme block devices
If multipath feature is enabled, nvme block devices may belong to the
"nvme-subsystem" subsystem, instead of "nvme" subsystem.
(What a confusing name...)

Then, the syspath is something like the following,
    /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1
Hence, we need to find the 'real parent' device, such as
    /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964.
Replaces #24748.
2022-09-23 10:21:46 +09:00
Yu Watanabe
68f2134954
Merge pull request #24790 from poettering/run-chdir
run: let's make --working-directory= just work with --scope
2022-09-23 10:20:14 +09:00
Adam Williamson
97f9950698 kbd-model-map: add a mapping for switched czech qwerty/us
See https://bugzilla.redhat.com/show_bug.cgi?id=2121106 for the
background on this. One of Fedora's QA folks ran an install
and chose two keyboard layouts: Czech (qwerty) and US. Due to
the sad details of how the whole logic flow for trying to decide
what kbd layout best matches a given xkb config works (see
details in the bug comments), we wound up deciding the best-
matching kbd layout for this situation was cz-us-qwertz, which
is a czech/us switched layout, but is qwertz, not qwerty. This
seems like a poor outcome. Adding this line should result in us
picking cz-qwerty in this case. Which may be the 'legacy'
cz-qwerty.map from upstream kbd project (which is switched
cz/us), or may be the auto-converted xkb layout (which obviously
isn't switched). But either way, at least its primary mode is
Czech qwerty, which seems like a *better* choice than a layout
whose primary mode is Czech qwertz.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2022-09-23 10:19:41 +09:00
Luca Boccassi
c9d65b921b
Merge pull request #24771 from poettering/destroy-pcr11
extend boot phase information into PCR 11 during boot
2022-09-22 20:08:27 +01:00
Antonio Alvarez Feijoo
b5f8a35f39 man/portablectl: fix references to options 2022-09-22 20:04:49 +01:00
Daan De Meyer
e3a1cd9e98
Merge pull request #24746 from DaanDeMeyer/repart-split
repart: Add --split option to generate split artifacts
2022-09-22 19:09:12 +02:00
Lennart Poettering
7dad781102 update TODO 2022-09-22 16:57:58 +02:00
Lennart Poettering
1a9c67a98a measure: clarify we actually try to calculate for all four banks by default 2022-09-22 16:56:57 +02:00
Lennart Poettering
a434e25f52 measure: make --public-key= optional if "sign" is called
We can derive the public key from the private key, so let's do that, to
make things a bit easier.
2022-09-22 16:55:56 +02:00
Lennart Poettering
6ca0016398 measure: allow pre-calculating PCR values for multiple boot phases 2022-09-22 16:54:48 +02:00
Lennart Poettering
40f1856791 units: add pcrphase units 2022-09-22 16:53:34 +02:00
Lennart Poettering
708d752479 boot: add new pcrphase tool to measure barrier strings into PCR 11 2022-09-22 16:52:06 +02:00
Lennart Poettering
c5bf1f85cb tpm2-util: add helper for determining enabled/used PCR banks 2022-09-22 16:50:53 +02:00
Lennart Poettering
59fafaee5d tpm2-util: split out code that checks if bank has 24 pcrs into helper function of its own
Just some refactoring, not change in behaviour.
2022-09-22 16:49:47 +02:00
Lennart Poettering
1421943a71 tpm2-util: pick up Esys_PCR_Extend() symbol too 2022-09-22 16:48:11 +02:00
Zbigniew Jędrzejewski-Szmek
28f619d174
Merge pull request #24781 from DaanDeMeyer/link-remove-check
systemctl: Remove check that linked unit files must contain a "/"
2022-09-22 15:38:16 +02:00
Daan De Meyer
4cee83331c repart: Add --split option to generate split artifacts
For use with sysupdate or other systemd tooling, it's useful to be
able to generate split artifacts from disk images, where each
partition is written to a separate file. Let's support this with
a --split switch for repart and a SplitName= configuration option.

--split enables split artifacts generation, and SplitName= configures
for which partition to generate split artifacts, and which suffix to
add to the split artifact name.

For SplitName=, we add support for some extra specifiers, more specifically
the partition Type UUID and the partition UUID.
2022-09-22 15:10:03 +02:00
Daan De Meyer
1e58a0a82c shared: Add GPT_PARTITION_TYPE_UUID_TO_STRING_HARDER() 2022-09-22 14:54:55 +02:00