IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
As many laptops don't save/restore screen brightness across reboots,
let's do this in systemd with a minimal tool, that restores the
brightness as early as possible, and saves it as late as possible. This
will cover consoles and graphical logins, but graphical desktops should
do their own per-user stuff probably.
This only touches firmware brightness controls for now.
Moved zsh shell completion to shell-completion/zsh/_systemd for
automake's sake. Also allow users to specify where the files should go
with::
./configure --with-zshcompletiondir=/path/to/some/where
and by default going to `$datadir/zsh/site-functions`
Python 2.7, and 3.2 and higher support querying compilation
flags through pkg-config. This makes python support follow
rules similar to various other optional compilation-time
libraries. New flags are called PYTHON_DEVEL_CFLAGS and
PYTHON_DEVEL_LIBS, because PYTHON (without _DEVEL), is
already used for the python binary name, and things would
be confusing if the same prefix was used for two things.
configure has --disable-python-devel to disable python modules.
One advantage is that CFLAGS for modules gets smaller:
- -I/usr/include/python3.3m -I/usr/include/python3.3m -Wno-unused-result -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv
+ -I/usr/include/python3.3m
as does LIBS:
- -lpthread -ldl -lutil -lm -lpython3.3m
+ -lpython3.3m
Support for Python 2.6 is removed, but can be easily
restored by using
PYTHON_DEVEL_CFLAGS="$(python2.6-config --cflags)",
etc., as ./configure parameters.
https://bugs.freedesktop.org/show_bug.cgi?id=57800
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.
Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
Enable coverage with --enable-coverage.
"make coverage" will create the report locally,
"make coverage-sync" will upload the report to
http://www.freedesktop.org/software/systemd/coverage/.
Requires lcov version 1.10 to handle naming in systemd and to
use the --no-external option.
[zj: make the coverage at least generate something with
separate build dir, simplify rules a bit: all errors
are mine. ]
This reverts commit cd3069559a.
Emacs compilation can be fixed by putting
(custom-set-variables
'(compilation-environment (quote ("GCC_COLORS="))))
in ~/.emacs.
Guys, we know that emacs is the best editor on earth, but unfortunately
its "M-x compile" terminal cannot do colors (well, it does its own
highlighting of the output anyway), and it will inform the programs it
calls about this with TERM=dumb, and gcc should check for that. But you
guys turned that off. Not cool. Let's turn it on again.
PKG_CHECK_EXISTS won't created a cached variable that later messes with
our PKG_CHECK_MODULES check for an explicit version. Unfortunately,
nesting these checks as the code existed lead to an odd error. Rather,
split the checks apart.
This also improves to the error message when the requisite version
isn't found, and supplies the literal version systemd needs.
Almost everyone wants kmod support, so don't fail silently if the libs are
out-of-date.
kmod can still be explicitly disabled and if it is not found at all, we still
default to disabling it.
As of kmod v14, it is possible to export the static node information from
/lib/modules/`uname -r`/modules.devname in tmpfiles.d(5) format.
Use this functionality to let systemd-tmpfilesd create the static device nodes
at boot, and drop the functionality from systemd-udevd.
As an effect of this we can move from systemd-udevd to systemd-tmpfiles-setup-dev:
* the conditional CAP_MKNOD (replaced by checking if /sys is mounted rw)
* ordering before local-fs-pre.target (see 89d09e1b5c)
Embedded folks don't need the machine registration stuff, hence it's
nice to make this optional. Also, I'd expect that machinectl will grow
additional commands quickly, for example to join existing containers and
suchlike, hence it's better keeping that separate from loginctl.
This brings the check for ENABLE_GTK_DOC in line with
HAVE_INTROSPECTION and other similar checks. Only
the status line that is printed with uninstalled
gtk-doc is changed.
https://bugs.freedesktop.org/show_bug.cgi?id=63108
Distributions may have selinux but not sushell or might
need to set a custom debug shell.
Defaults to /sbin/sushell if selinux is enabled, /bin/sh if not.
[zj: Renamed --with-debugshelltty to --with-debug-tty, and
added a line in output showing DEBUGSHELL and DEBUGTTY.
I figure that debug shell is pretty useful, and I hope
the extra line in configure status will draw attention
to it.]
This patch adds --disable-tests to configure. It is based on a patch
posted by Thierry Reding in 2010. The motivation for adding it is that
some tests fail link-time when cross-compiling.
The patch adds a new Makefile variable -- manual_tests -- and uses
that instead of noinst_PROGRAMS. However, if ENABLE_TESTS is true,
the former is added to the latter. It also renames noinst_tests to
simply tests.
* using AC_PATH_TOOL does not allow to override it from shell environment
which is useful when cross-compiling
* with external toolchain I have different HOST_PREFIX and HOST_SYS
AC_PATH_TOOL is using HOST_SYS as prefix and fails to find objcopy
which is available only as ${TARGET_PREFIX}-objcopy then it tries
objcopy without prefix which is found on host, but that objcopy
does not work for !host (e.g. arm when building on x86) libs
Distributions that never shipped upstart do not have
"telinit" in /lib/upstart/..
Defaults to /lib/upstart/telinit so there is no change
for systems existing installs.
use readlink -m instead of -f since we might be building in a minimal
chroot where those directories do not actually exist and readlink -f
would return an empty string.
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
Both gtk-doc and intltoolize have problems with VPATH builds.
"Creatively" disable tests when configuring from outside the
source directory.
This more-or-less reverts 9795da43c.
This patch only adds one line, but moves python detection
after cflags detection, so the result of the latter can
be used in the former.
$PYTHON_CFLAGS usually includes -D_FORTIFY_SOURCE, which will generate
a warning when compiling without optimization. Avoid by undefining
_FORTIFY_SOURCE.
Rather then force the user to undefine _FORTIFY_SOURCE,
don't define it in the first place if it cannot be used.
I'm assuming that -O* can only be sensibly specified in $CFLAGS.
Bootchart is renamed to 'systemd-bootchart' and installed as
/usr/lib/systemd/systemd-bootchart. The configuration file
will reside in /etc/systemd/bootchart.conf.
Note that there are still some rome for cleanups. In particular,
the .la files are now installed, which we probably don't want; and
some of the macros in Makefile.am are likely redundan.
Commit c4eb236a2c didn't take into account the situation when the user
sets e.g. PYTHON=python3 (without the full path). This value would
then be used verbatim for PYTHON_BINARY and in she-bang lines in
scripts, which is incorrect. To fix this, $PYTHON is passed through
which, which expands the path. If $PYTHON_BINARY is desired which is
not installed on the build system, then PYTHON_BINARY must be set
separately.
Python binary used in the she-bang line in installed
scripts can be set with ./configure PYTHON_BINARY=...
Defaults to the same path as python used during compilation.
Adding --version makes systemd-analyze behave consistently with the
rest of installed programs.
The lines in ./configure output are reordered to keep all yes/no lines
separate. I think that this makes the output clearer.
This also drops automatic selection of the rc local scripts
based on the local distro. Distributions now should specify the paths
of the rc-local and halt-local scripts on the configure command line.
TARGET_UBUNTU is effectively the same as TARGET_DEBIAN. Given the Ubuntu
is unlikely to use systemd anytime soon there's no point in keeping this
separate.
I'm building systemd for an embedded system and we would prefer not having
to include the entire util-linux package just to get a libblkid whose
functionality we don't need.
This is the usual setup, where pythonX.Y and pythonX.Y-config go
together. Using python-config with python3 will only lead to
confusion.
--libs is changed to --ldflags, since the latter also includes other
required flags like -L<dir>.
The tests for HAVE_PYTHON and HAVE_PYTHON_DEVEL are separated. It is
possible to have python development libraries installed without the
binary (or to want to build python modules without using python during
the build).
A line is added to the output, to show what flags will be used for
python.
Being able to be explicit about Python support (in addition to the
default of auto-detecting it) and acting upon the result, specifying
it as an option gains us more control about both dependencies and
the resulting build.
Furthermore, relying purely on auto-detection can lead to problems for
source-based distros. E. g. systemd being built before *both* 32-bit &
64-bit ABIs are installed will lead to build failures as systemd's
build system will pick up either 32-/64-bit Python, conclude both are
available and fail if that's not the case.
This minimal HTTP server can serve journal data via HTTP. Its primary
purpose is synchronization of journal data across the network. It serves
journal data in three formats:
text/plain: the text format known from /var/log/messages
application/json: the journal entries formatted as JSON
application/vnd.fdo.journal: the binary export format of the journal
The HTTP server also serves a small HTML5 app that makes use of the JSON
serialization to present the journal data to the user.
Examples:
This downloads the journal in text format:
# systemctl start systemd-journal-gatewayd.service
# wget http://localhost:19531/entries
Same for JSON:
# curl -H"Accept: application/json" http://localhost:19531/entries
Access via web browser:
$ firefox http://localhost:19531/
./.libs/libsystemd-core.a(libsystemd_core_la-selinux-access.o):
In function "selinux_access_check":
src/core/selinux-access.c:487: undefined reference to
"selinux_check_access"
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.
This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.
This requires libcryptsetup >= 1.4.2 (released 12.4.2012).
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
The MeeGo distribution is still a supported distribution, but
will probably not see an updated version of systemd anymore.
Most of the development is focussing on Tizen now, and the
generic support for building --with-distro=other is more than
adequate enough.
This patch removes the support as a custom configuration build
target in systemd. People who are still building this for
the MeeGo distribution should build as "other" distro.
On Sat, Jun 9, 2012 at 12:46 AM, Malte Starostik <lists@malte.homeip.net> wrote:
> From: Malte Starostik <m-starostik@versanet.de>
>
> Rules get installed in $(libexecdir)/udev/, so are keymaps. Helper
> binaries go to $(rootprefix)/lib/udev though. Problem is, in the code,
> both are referenced via UDEVLIBEXECDIR which is defined to the former
> location. Result: systemd-udev can't find e.g. the keymap binary to
> apply keymaps.
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>