1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

69972 Commits

Author SHA1 Message Date
Lennart Poettering
8ef31e1f13
Merge pull request #29692 from H5117/fix_pkcs11_uri
cryptenroll: change class in provided PKCS#11 URI if necessary
2024-01-05 12:14:26 +01:00
Lennart Poettering
995389aac6 update TODO 2024-01-05 11:09:23 +01:00
Frantisek Sumsal
355222c404
Merge pull request #30772 from yuwata/test-network-improvements
test-network: add more test cases and several cleanups
2024-01-05 11:09:14 +01:00
Yu Watanabe
115a09004e test: fix typo
Follow-up for 995bf013a1.
2024-01-05 19:08:12 +09:00
Yu Watanabe
c270e41f5e man: fix typo
Follow-up for 7d93e4af80.
2024-01-05 19:08:12 +09:00
Yu Watanabe
20a0aeb039 vpick: fix typo
Follow-up for 76511c1bd3.
2024-01-05 19:08:12 +09:00
Yu Watanabe
d61df11fcd login: noone -> no one
Follow-up for 59afe07c21.
2024-01-05 19:08:12 +09:00
Yu Watanabe
e75c24c450 core/dbus-manager: fix typo
Follow-up for 84c01612de.
2024-01-05 19:08:12 +09:00
Yu Watanabe
9e44842a9a string-util: fix typo
Follow-up for 63566c6b6f.
2024-01-05 19:08:12 +09:00
Yu Watanabe
56a89426f6 TODO: fix typo
Follow-up for 97c493f214.
2024-01-05 19:08:12 +09:00
Lennart Poettering
35a7dd4834
Merge pull request #30728 from polarina/noda
Assign noDA attribute to TPM2 objects not dependant on a PIN
2024-01-05 11:04:11 +01:00
Adrian Vovk
cc51085a41 core: Add %D specifier for $XDG_DATA_HOME
We already have specifiers that resolve to $XDG_STATE_HOME, and
$XDG_CONFIG_HOME. $XDG_DATA_HOME is in a similar vein.

It allows units belonging to the user service manager to correctly look
into ~/.local/share. I imagine this would be most useful inside of
condition checks (i.e. only run a service on session startup if some
data is not found in ~/.local/share) or in the inotify monitoring of a
.path unit
2024-01-05 11:03:06 +01:00
Vladimir Stoiakin
85828ef920 cryptenroll: change class in provided PKCS#11 URI if necessary
cryptenroll accepts only PKCS#11 URIs that match both a certificate and a private key in a token.
This patch allows users to provide a PKCS#11 URI that points to a certificate only, and makes possible to use output of some PKCS#11 tools directly.
Internally the patch changes 'type=cert' in the provided PKCS#11 URI to 'type=private' before storing in a LUKS2 header.

Fixes: #23479
2024-01-05 12:32:36 +03:00
Yu Watanabe
2743854540 network: do not make the implied default have the first priority
Follow-up for b732606950 and
6706ce2fd2.

If Network.ignore_carrier_loss_set flag is set, then the timeout value
is always used, hence the logic implemented by
b732606950 never worked.
2024-01-05 18:04:18 +09:00
Mike Yuan
9c02eb283a core/cgroup: use designated initializer more, make dup source const 2024-01-05 10:01:52 +01:00
Lennart Poettering
4e99803f23
Merge pull request #30731 from poettering/logind-user-early
logind: rework the special casing we give root's sessions
2024-01-05 10:01:30 +01:00
Alberto Planas
ef949448ec Use .d path for PCRLOCK_KERNEL_*_PATH
Fix the path for the generated.pcrlock files for the cmdline and initrd
cases.  Without it the tool complains with:

    Failed to parse component file /var/lib/pcrlock.d/720-kernel-initrd.pcrlock, ignoring: Is a directory

Signed-off-by: Alberto Planas <aplanas@suse.com>
2024-01-05 10:00:42 +01:00
Lennart Poettering
c759fad16c
Merge pull request #30753 from aafeijoo-suse/special-refactor
tree-wide: use defines from special.h in some missing places
2024-01-05 10:00:03 +01:00
Lennart Poettering
e745400bee
Merge pull request #30769 from AdrianVovk/statx-timestamp
stat-util: Add statx version of timespec_load
2024-01-05 09:59:40 +01:00
Luca Boccassi
90043781ba
Merge pull request #30743 from bluca/coverity
Assorted coverity fixes
2024-01-05 09:27:21 +01:00
Luca Boccassi
08b099a005
Merge pull request #30774 from mrc0mmand/test-tweaks
test: install correct kpartx udev rules (again) and dump cores of sanitized binaries
2024-01-05 09:26:42 +01:00
Luca Boccassi
6a80e22766
Merge pull request #30759 from mrc0mmand/resolved-followup
resolve: initialize `r` during OOM
2024-01-05 09:26:19 +01:00
Sergei Zhmylev
25aa35d465 journalctl: add --exclude-identifier option 2024-01-04 23:21:39 +01:00
Lennart Poettering
42301b6d96 creds-util: automatically append NUL byte to decrypted creds
Both as safety net and as convenience feature of a string is contained
in the credential
2024-01-04 22:57:04 +01:00
Lennart Poettering
6d78dc2827 creds: rename "tpm2-absent" encryption to "null" encryption
This is what it is after all: encryption with a NULL key. This is more
descriptive, but also relevant since we want to use this kind of
credentials in a different context soon: for carrying pcrlock data into
a UKI. In that case we don#t want encryption, since the pcrlock data is
intended to help unlocking secrets, hence should not be a secret itself.

This only changes the code labels and the way this is labelled in the
output. We retain compat with the old name.
2024-01-04 22:56:48 +01:00
Lennart Poettering
01ae684782 find-esp: adjust parameter indentating to our usual coding style 2024-01-04 22:56:33 +01:00
Lennart Poettering
489f67b4d8 logind: use unlink_and_free() at once more place 2024-01-04 22:56:20 +01:00
Lennart Poettering
bd334c0ebb json: drop redundant check
The same check is done exactly one line later, because this is one of
the things that json_variant_is_regular() checks.

As per: fa9a6db478 (r1441792019)
2024-01-04 22:55:42 +01:00
Lennart Poettering
86e62e9e02
Merge pull request #30749 from poettering/tmpfiles-verb-fix
tmpfiles: correctly apply globbing when cleaning 'x' lines
2024-01-04 22:55:23 +01:00
Lennart Poettering
a1e5800a27
Merge pull request #30758 from YHNdnzj/vpick-not-ptr
vpick: trivial follow-up
2024-01-04 22:54:41 +01:00
Frantisek Sumsal
96e4c62698 ci: build with -O2 and -Wmaybe-uninitialized
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Frantisek Sumsal
0a87b83497 shared: initialize a couple of values explicitly
As gcc has trouble figuring this itself with -O2 and -Wmaybe-initialized.
2024-01-04 20:57:03 +01:00
Frantisek Sumsal
5169f8cfd5 resolve: initialize r during OOM
Otherwise we'd use some garbage value in the error path.

../src/resolve/resolved-dns-query.c: In function ‘dns_query_accept’:
../src/resolve/resolved-dns-query.c:944:27: error: ‘r’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
  944 |         q->answer_errno = -r;
      |                           ^~
cc1: all warnings being treated as errors

Follow-up for 9ca133e97a.
2024-01-04 20:56:21 +01:00
Frantisek Sumsal
91da9458f8 test: allow sanitized binaries to dump a core
If a binary built with ASan crashes for a reason unrelated to ASan
stuff, we're left with pretty much nothing, as there is neither an ASan
trace nor a coredump. Let's make this slightly more debug-able by
allowing such binaries to dump a core, but without the huge shadow map
(we should be actually fine by just setting disable_coredump=0, since
use_madv_dontdump defaults to true, but let's play it safe and not
potentially dump a 16+ TB core file).
2024-01-04 20:36:25 +01:00
Frantisek Sumsal
7eb234fe2b test: install correct kpartx udev rules on Ubuntu
Follow-up for 519f0074cf.
2024-01-04 20:28:37 +01:00
Yu Watanabe
78265b5b4a test-network: add test case about replacing nexthop 2024-01-05 04:00:16 +09:00
Yu Watanabe
9362f7d5b5 test-network: merge three tests for neighbor
To speed up tests.
2024-01-05 04:00:16 +09:00
Yu Watanabe
dc60ac2960 test-network: show monotonic timestamp and drop hopstname from logs 2024-01-05 04:00:16 +09:00
Adrian Vovk
41fea218ee
tmpfiles: Use statx_timestamp_load
This is a new utility function recently added. Let's use it.
2024-01-04 12:49:39 -05:00
Adrian Vovk
d3c2288c9f
stat-util: Add statx version of timespec_load
statx_timestamp is, for all intents and purposes, the same as a struct
timespec. So, we can trivially convert it and call timespec_load on it.

This commit adds helper functions that do just that.
2024-01-04 12:49:14 -05:00
Luca Boccassi
81a183800f tmpfiles: add --purge switch
Any file/directory created by a tmpfiles.d will be deleted. Useful for
purge/factory reset patterns.
2024-01-04 17:36:43 +01:00
Gabríel Arthúr Pétursson
9bf91584c8 Assign noDA attribute to TPM2 objects not dependant on a PIN
All the keys are high-entropy keys that cannot be practically
bruteforced and thus don't require protection from dictionary attacks.
With the exception of PINs, of course, which are low-entropy and user
provided.

Note that a new enrollment is required for unlocking while in DA
lockdown to function. Existing enrollments are subject to DA lockout.

Fixes: #30330
2024-01-04 15:52:37 +00:00
Mike Yuan
1f233020dc
shared/vpick: don't say "ptr" for TAKE_PICK_RESULT (struct) 2024-01-04 23:35:37 +08:00
Mike Yuan
657febec97
vpick-tool: sort includes 2024-01-04 23:35:13 +08:00
Lennart Poettering
59afe07c21 logind: rework the special casing we give root's sessions
Let's add an explicit session class "user-early" for this, so that
change of behaviour on logind is primarily bound to the "class"
property, and not some explicit root checks. This has the benefit that
we can be more fine grained with implying this class: only do so for tty
sessions, not others.
2024-01-04 16:11:16 +01:00
Lennart Poettering
29e1857b68 logind: explain session class types a bit 2024-01-04 16:11:16 +01:00
Lennart Poettering
115d6abf87
Merge pull request #30744 from poettering/logind-trivial-tweaks
logind: 3 trivial cleanups
2024-01-04 16:02:20 +01:00
Lennart Poettering
20604ff219 logind: do TTY idle logic only for sessions marked as "tty"
Otherwise things might be weird, because background sessions might
become "idle", wich doesn#t really make much sense.

This shouldn't change much in 99% of the cases, but slightly corrects
behaviour as it ensures only "primary"/"foreground" sessions get the
idle logic, i.e. where a user exists that could actually make it
non-idle.
2024-01-04 15:40:27 +01:00
Lennart Poettering
c16167ea10 update TODO 2024-01-04 15:32:14 +01:00
Lennart Poettering
e20bfa5005 logind: don't make idle action timer accuracy more coarse than timeout
If we allow the timer accuracy to grow larger then the timeout itself
things are very confusing, because people might set a 1s time-out and we
turn that into 30s.

Hence, let's just cut off the 30s accuracy to the time-out itself, so
that we stay close to what users configured.
2024-01-04 23:29:09 +09:00