1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

78072 Commits

Author SHA1 Message Date
Luca Boccassi
8d20606eec mkosi: update debian commit reference
* e8b7c9a4dd Install 81-net-bridge.rules
* 50d2997a07 Install systemd-creds bash completion
* ff0c42823c test: fix flaky boot-and-services test
* 2a19dee4ba test: fix flaky boot-and-services test
* a15a0bfe60 Update changelog for 257-2 release
* c24eafcb7e Backport patches to fix test failures
* 29840f9b68 udev: install dmi_memory_id and its rules on riscv64
* 44893bdb32 Update changelog for 257-1 release
* 7f71d995fb Update symbols file for v257
* 2dd2b80499 Update upstream source from tag 'upstream/257'
* 51a3271a85 Update changelog for 257~rc3-1 release
* 8e687227c5 Update symbols for 257~rc3
* c9bae527d6 Drop patches, merged upstream
* e8cf329870 Update upstream source from tag 'upstream/257_rc3'
* 794457516d autopkgtest: fix one more tzdata dependency
* 16bb143da1 Bump version in tzdata dependency due to p-u upload
* f2ddf70604 sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl
* 79260cb0f4 Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500
* ed3af24635 systemd-ukfy: recommend systemd-boot-efi for the stub
2024-12-13 11:43:23 +00:00
Mike Yuan
8abeebdf83 core/mount: don't keep cred mounts around after mounted
Follow-up for 6577cf1ba9
2024-12-13 10:29:27 +00:00
Luca Boccassi
1ca315be00 units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no
Avoids subtle race conditions such as the one described at
#35582.

Fixes #35582
2024-12-12 22:48:04 +01:00
Luca Boccassi
9fdf10604b
core: fix loading verity settings for MountImages= (#35577)
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.

Follow-up for a1a40297db
2024-12-12 13:06:07 +00:00
Luca Boccassi
fc35981fda
network: several cleanups (#35267) 2024-12-12 12:47:23 +00:00
Daan De Meyer
3aa7257321 mkosi: Fix opensuse build
The opensuse spec still looks for README.testsuite so hack it to look
for README.md instead now that we changed the name in the repo.
2024-12-12 12:44:04 +00:00
Luca Boccassi
184ce19841
gpt-auto: take timeout opts in rootflags= into account; hibernate-resume: always respect user-defined timeout (#35518) 2024-12-12 11:01:40 +00:00
Luca Boccassi
47859053ba
Export two more functions, and update symbol tests (#35578)
Prompted by #35554.
Continuation of #35555.
2024-12-12 10:39:29 +00:00
Daan De Meyer
2d80c9c801
creds: introduce --transcode=help and friends and use them in shell completion (#35579)
Follow-ups for 783f794e89 (#35537).
2024-12-12 09:33:44 +00:00
Yu Watanabe
54944339e5 bash-completion/creds: generate suggestions by systemd-creds itself
Follow-ups for 783f794e89.
2024-12-12 15:25:38 +09:00
Yu Watanabe
831bbaf5cd creds: support --transcode=help and --with-key=help 2024-12-12 15:25:34 +09:00
Yu Watanabe
2a92e0bc6c string-table: make DUMP_STRING_TABLE() returns 0
Then, we can use it as
===
  return DUMP_STRING_TABLE(...);
===
2024-12-12 15:21:16 +09:00
Yu Watanabe
66d2c693ac tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices() 2024-12-12 15:21:16 +09:00
Yu Watanabe
945d1e5189 ci: enable linter for generate-sym-test.py 2024-12-12 15:04:29 +09:00
Yu Watanabe
0b39dc23ba test: also generate list of symbols from header files
To make the generated tests able to detect issues like #35554.
2024-12-12 15:04:28 +09:00
Yu Watanabe
6e399ece1f test: modernize generate-sym-test.py 2024-12-12 15:03:36 +09:00
Yu Watanabe
5fcabde35b sd-json: properly export sd_json_variant_type_from_string() and _to_string()
These exist in the header file, but were not exporeted.

Continuation of e11f5aa722.
2024-12-12 13:08:35 +09:00
Yu Watanabe
9d8cb69e7f test: rename README.testsuite -> README.md 2024-12-12 12:02:19 +09:00
Yu Watanabe
1fe583861f README: drop CentOS CI badges
CentOS CIs are disabled after ead814a0b0.
2024-12-12 11:58:52 +09:00
Yu Watanabe
fac5a5b747
polkit-agent: allow to invoke polkit agent even if STDIN is not a tty (#35431)
Closes #35018.
2024-12-12 10:32:02 +09:00
Luca Boccassi
c7fcb08324 test: add more coverage for extensions and verity 2024-12-12 00:58:20 +00:00
Luca Boccassi
59a83e1188 core: fix loading verity settings for MountImages=
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.

Follow-up for a1a40297db
2024-12-12 00:58:20 +00:00
Luca Boccassi
783f794e89 shell completion: add systemd-creds 2024-12-12 00:14:42 +00:00
Luca Boccassi
e19cae12ff semaphore: skip some tests
semaphore CI runs are always very close to the limit of 1hr, and often
time out when it's particularly oversubscribed.
Skip some low-value test cases to shorten the runtime.
2024-12-11 23:39:18 +00:00
Yu Watanabe
46c26454bd exec-util: use strv_from_stdarg_alloca()
No functional change, just refactoring.
2024-12-12 08:35:16 +09:00
Yu Watanabe
f0ace1655d exec-util: use open_terminal() in fork_agent() for safety 2024-12-12 08:35:16 +09:00
Yu Watanabe
90579fd0b3 exec-util: drop handling of ENXIO in opening /dev/tty
This effectively reverts 0bcf167900.

The handling is not necessary anymore after 61242b1f0f.
2024-12-12 08:35:16 +09:00
Yu Watanabe
fc3691a70a exec-util: split out common checks before fork_agent() to can_fork_agent()
No functional change, just refactoring.
2024-12-12 08:32:42 +09:00
Yu Watanabe
388d6c5f37 polkit-agent: modernize code a bit
- Use _cleanup_close_pair_ attribute for the pipe FDs,
- Return earlier on failure in forking polkit agent.
2024-12-12 08:30:55 +09:00
Yu Watanabe
0f81c8406f exec-util: allow to invoke polkit/ask-password agent even if STDIN is not a tty
Closes #35018.
2024-12-12 08:30:55 +09:00
Carlo Teubner
dfbd4d8bc5 systemd-cryptenroll.xml: fix typo 2024-12-11 23:10:59 +00:00
Yu Watanabe
4899255aa2
format-table: trivial cleanups (#35572) 2024-12-12 06:12:07 +09:00
cvlc12
693038fce4
man: update example in systemd-measure.xml (#35506)
In the example from systemd-measure(1), do not bind to PCR 7 in
addition to the PCR policy.

As long as this is still done by default, see #35280.
2024-12-12 06:09:11 +09:00
Mike Yuan
3ae314afdc Revert "run: disable --expand-environment by default for --scope"
This reverts commit 8167c56bfa.

We've announced the breaking change during v254-v257. Let's actually
apply it for v258.
2024-12-12 06:05:30 +09:00
Yu Watanabe
7e438055a6
pretty-print: don't use OSC 8 for incompatible URLs (#35223) 2024-12-12 05:43:36 +09:00
Mike Yuan
eded4272d2 cgroup-util: introduce cg_get_cgroupid_at()
Suggested in https://github.com/systemd/systemd/pull/35242#discussion_r1862658163
2024-12-12 05:19:07 +09:00
Mike Yuan
2522757a89 nsresourced: drop unneeded REMOVE_PHYSICAL flag for rm_rf()
Even without REMOVE_PHYSICAL, rm_rf() permits cgroupfs.
2024-12-12 05:17:17 +09:00
Yu Watanabe
ab5de638e9
process-util: modernize is_main_thread(); make sure get_process_ppid() won't return ppid == 0 (#35561)
Split out from #35242
2024-12-12 05:16:04 +09:00
Lennart Poettering
e11f5aa722 sd-varlink: properly export sd_varlink_reset_fds()
This function was listed in the public sd-varlink.h header, but not
actually made public. Fix that. It's quite useful, the comment in it
describes the usecase nicely.

Fixes: #35554
2024-12-12 05:13:12 +09:00
Yu Watanabe
e53be91e5d
libfido2-util: show also verity features when listing FIDO2 devices (#35295)
This way, users don't have to check those features using an external
program, or wait for later failure when trying to enroll using an
unsupported feature.

E.g.:

```
# systemd-cryptenroll --fido2-device list
PATH         MANUFACTURER PRODUCT               RK  CLIENTPIN UP  UV
/dev/hidraw2 Yubico       YubiKey OTP+FIDO+CCID yes no        yes no
```
2024-12-12 05:11:46 +09:00
Yu Watanabe
bfff0f5ac8
Add credential support for mount units (#34732)
Add `EXEC_SETUP_CREDENTIALS` flag to allow using credentials with mount units.
Fixes: #23535
2024-12-12 05:07:35 +09:00
Daan De Meyer
1c658c639d test-bpf-restrict-fs: Migrate to new assertion macros 2024-12-12 05:05:30 +09:00
Lennart Poettering
3c702e8210 condition: add new ConditionKernelModuleLoaded=
This introduces a new unit condition check: that matches if a specific
kmod module is allowed. This should be generally useful, but there's one
usecase in particular: we can optimize modprobe@.service with this and
avoid forking out a bunch of modprobe requests during boot for the same
kmods.

Checking if a kernel module is loaded is more complicated than just
checking if /sys/module/$MODULE/ exists, since kernel modules typically
take a while to initialize and we must check that this is complete (by
checking if the sysfs attr "initstate" is "live").
2024-12-12 05:03:52 +09:00
Yu Watanabe
c9011f170b
journalctl: also mangle unit name when --invocation= or --list-invocations is specified (#35542)
Fixes #35538.
2024-12-12 05:01:54 +09:00
andrejpodzimek
ae2f3af639 Fixing VLAN ranges in man systemd.network.
Otherwise it doesn't hold that VLANs 100-400 are allowed (because 201-299 are disallowed).
2024-12-12 03:52:00 +09:00
Tobias Klauser
12e33d332b profile.d: don't bail if $SHELL_* variables are unset
If - for whatever reason - a script uses set -u (nounset) and includes
/etc/profile.d/70-systemd-shell-extra.sh (e.g. transitively via
/etc/profile) the script would fail with:

    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

For example:

    $ cat > foo.sh <<EOF
    #!/bin/sh
    set -u

    source /etc/profile
    EOF
    $ chmod 700 foo.sh
    $ ./foo.sh
    /etc/profile.d/70-systemd-shell-extra.sh: line 15: SHELL_PROMPT_PREFIX: unbound variable

Fix this by using shell parameter substitution[^1] (which is a POSIX
shell concept) to set the $SHELL_* variables to the empty string if
undefined.

[^1]: https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html
2024-12-11 18:33:41 +00:00
Lennart Poettering
9948b4668c virt: drop userns detection heuristic
Now that we have an explicit userns check we can drop the heuristic for
it, given that it's kinda wrong (because mapping the full host UID range
into a userns is actually a thing people do).

Hence, just delete the code and only keep the userns inode check in
place.
2024-12-11 19:23:03 +01:00
Lennart Poettering
7f0a615ef8 virt: dont check for cgroupns anymore
Now that we have a reliable pidns check I don't think we really should
look for cgroupns anymore, it's too weak a check. I mean, if I myself
would implement a desktop app sandbox (like flatpak) I'd always enable
cgroupns, simply to hide the host cgroup hierarchy.

Hence drop the check.

I suggested adding this 4 years ago here:

https://github.com/systemd/systemd/pull/17902#issuecomment-745548306
2024-12-11 19:23:03 +01:00
Mike Yuan
8f3862ceed
userdbctl: use ansi_highlight_green_red() where appropriate 2024-12-11 19:19:46 +01:00
Mike Yuan
26c29eed53
format-table: drop pointless table_data_rgap_color() func
Follow-up for aab79f5278
2024-12-11 19:19:46 +01:00