1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 16:59:03 +03:00
Commit Graph

585 Commits

Author SHA1 Message Date
Franck Bui
7178cd76f2 build-sys: allow references to adm group to be omitted (#3150) 2016-05-01 00:02:17 -04:00
Lennart Poettering
3282493ad0 build-sys: improve compat with older kernel headers
In 4.2 kernel headers, some netlink defines are missing that we need. missing.h
already can add them in, but currently makes this dependent on a definition
that these kernels already have. Change the check hence to check for the newest
definition in the table, so that the whole bunch of definitions as added in on
all kernels lacking this.
2016-04-29 16:27:48 +02:00
Zbigniew Jędrzejewski-Szmek
95365a576f build-sys: add --without-kill-user-processes configure option 2016-04-21 00:21:32 -04:00
Lukas Nykryn
f0b7fc2d89 configure.ac: bump curl dependency to 7.32.0
We are using CURLOPT_XFERINFOFUNCTION which was added in 7.32.0.
2016-04-06 15:03:31 +02:00
Lennart Poettering
056f0498fe Merge pull request #2947 from keszybz/test-nss
Add a test for nss modules and some related fixes
2016-04-06 10:48:55 +02:00
Zbigniew Jędrzejewski-Szmek
2abb5b3b10 test-nss: test the resolution of various names
nss-dns is also "tested". It should be almost always available,
and provides a reference for comparison.
2016-04-05 23:19:56 -04:00
Zbigniew Jędrzejewski-Szmek
1d4b557d1b basic/missing: add copy_file_range
syscall numbers based on:
https://fedora.juszkiewicz.com.pl/syscalls.html
2016-03-17 13:02:18 -04:00
Zbigniew Jędrzejewski-Szmek
c1ab819162 Enable test-ipcrm, test-hostname in unsafe tests 2016-03-04 21:45:45 -05:00
Daniel Mack
232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00
Daniel Mack
26c34ab4ee missing.h: Explicitly check for IFLA_BRPORT_PROXYARP
RHEL explicitly disables IFLA_BRPORT_PROXYARP by renaming the enum value.

In order to support unpatched builds, we have two options:

a) redefine the enum value through missing.h and ignore the fact that it
   is really unsupported, or

b) omit that enum value on rtnl_prot_info_bridge_port_types[]

As we are not actually using this netlink type anywhere, and because it
is only hooked up for the sake of completeness, this patch opts for the
former.
2016-02-22 13:22:30 +01:00
Martin Pitt
2150e62287 Merge pull request #2621 from keszybz/wheel-group
build-sys: allow wheel group name to be specified
2016-02-18 19:20:14 +01:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Lennart Poettering
de08570050 build-sys: fix type detection
Before this patch existence of char16_t, char32_t, key_serial_t was checked
with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to
use AC_CHECK_TYPES() instead.

Also, while we are at it, change the check for memfd_create() to use
AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a
couple of syscalls are defined by glibc but not exported in the header files
(pivot_root() for example), and we hence should probably be more picky with
memfd_create() too, which glibc might decide to expose one day, but not
necessarily in the headers too.
2016-02-16 15:22:06 +01:00
Lennart Poettering
61ecb465b1 resolved: turn on DNSSEC by default, unless configured otherwise
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.

DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
2016-02-16 15:22:05 +01:00
Lennart Poettering
4de282cf93 build-sys: drop libsystemd-{id128,daemon,login,journal}.so compat libs
They have long been obsolete, and upstream distros and packages have mostly
switched over, let's get rid of it for good.
2016-02-13 11:57:14 +01:00
Lennart Poettering
c8b166b3ea Merge pull request #2587 from haraldh/tpmv3
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11 20:38:03 +01:00
Harald Hoyer
92ed3bb49e sd-boot: put hashed kernel command line in a PCR of the TPM
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.

Because manually added LoadOptions are not taken into account, these
should be recorded also.

This patch logs and extends a TPM PCR register with the LoadOptions.

This feature can be enabled with configure --enable-tpm

The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
2016-02-11 17:48:09 +01:00
Lennart Poettering
95adafc428 configure: bump version number 2016-02-11 17:28:00 +01:00
Lennart Poettering
888e378da2 coredump: dump priviliges when processing system coredumps
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10 16:09:24 +01:00
Daniel Mack
ccbd697b73 configure.ac: Fix help text of --enable-* options
Fixes #2567
2016-02-10 13:51:58 +01:00
Shawn Landden
c932fb71cc utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_t
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.

[
 @zonque:
  * rebased to current master
  * use AC_CHECK_DECLS to detect availibility of char{16,32}_t
  * make utf8_encoded_to_unichar() return int
]
2016-01-27 14:10:02 +01:00
Zbigniew Jędrzejewski-Szmek
ab6f56debf build-sys: allow building man pages even if disabled in ./configure
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.

Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
2016-01-18 16:19:13 -05:00
Evgeny Vereshchagin
c0957da3f4 build-sys: refactor have_smack detection 2015-12-12 06:08:25 +00:00
Evgeny Vereshchagin
566c9f5ad5 build-sys: fix ./configure --enable-smack
Fixes:

$ ./configure ... --enable-smack
$ make src/core/load-fragment-gperf.c
$ grep -i smack src/core/load-fragment-gperf.c
{"Swap.SmackProcessLabel", config_parse_warn_compat, DISABLED_CONFIGURATION, 0},
...

should be
{"Swap.SmackProcessLabel", config_parse_exec_smack_process_label, 0, offsetof(Swap, exec_context)},
...
2015-12-12 03:53:22 +00:00
Lennart Poettering
b43d75c378 importd: drop dkr support
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
2015-12-10 16:54:41 +01:00
Tom Gundersen
553947b77c Merge pull request #2129 from poettering/dnssec3
Third DNSSEC patch series
2015-12-10 15:22:18 +01:00
Lennart Poettering
d28ac939c1 build-sys: libgcrypt error messages make no sense without libgpg-error
Hence, pull in this library too, if we need libgcrypt.
2015-12-10 11:28:02 +01:00
Evgeny Vereshchagin
e400d4b3f5 build: fix systemd-journal-upload installation
Fixes:

$ ./configure ... --disable-microhttpd --enable-libcurl
--enable-sysusers
$ make && make install DESTDIR=$(pwd)/INST
$ ls INST/usr/lib/sysusers.d/
basic.conf  systemd.conf

There is no a file with `systemd-journald-upload`
2015-12-09 03:48:56 +00:00
David Herrmann
dd050decb6 build: bump version numbers
Prepare for v228 release and bump version numbers.
2015-11-18 08:59:06 +01:00
Martin Pitt
8218743e1e build-sys: temporarily lower libmount version check
util-linux 2.27.1's configure.ac still claims to be 2.27.0, which breaks our
version check. Lower it back to 2.27.0 until util-linux gets a fixed tarball.

See #1754
2015-11-03 07:25:34 -06:00
Martin Pitt
1d40ddbfd3 core: drop check for /etc/mtab
util-linux 2.27.1 now entirely stops looking at /etc/mtab, so we don't need to
verify /etc/mtab during early boot any more. Later on, tmpfiles.d/etc.conf will
fix /etc/mtab anyway, so there's not even a point in warning about it.

Drop test_mtab() and bump the util-linux dependency to >= 2.17.1.

Fixes #1495
2015-11-02 10:05:20 -06:00
Lennart Poettering
cb181af9b6 Merge pull request #1527 from keszybz/lz4
Using lz4 frame api for coredump files
2015-10-15 13:37:11 +02:00
Zbigniew Jędrzejewski-Szmek
1a2a0ac53b build-sys: enable lz4 by default if available
--enable-lz4 can be used to force lz4 requirement,
--disable-lz4 can be used to skip lz4 support even if available.

Also, make surrounding checks for bzip2, xz, and zlib similar in structure.
This fixes the check for requested but missing bzip2.
2015-10-14 23:16:50 -04:00
Michal Schmidt
e97379dea2 build: libdl is needed only for libnss_resolve
Not everything needs to link to libdl. dlopen+dlsym are used only by
libnss_resolve.
2015-10-14 14:49:18 +02:00
Michal Schmidt
5fd2e22843 build: don't link everything to libcap
The intent of the assignments around the check for libcap was obviously
to avoid polluting LIBS. To work properly, LIBS must be restored from
the save_LIBS variable.

The practical effect is small though, because pretty much everything
links with libbasic, which links with CAP_LIBS.
2015-10-14 14:49:18 +02:00
Michal Schmidt
7f7bfcf3cf build: fix overlinking to libdw
We have two AC_CHECK_LIB checks for libdw. The first one has an empty
action-if-found, so it defaults to adding "-ldw" to LIBS. LIBS are
applied to everything we build. But only systemd-coredump needs libdw.
It already links to ELFUTILS_LIBS correctly in Makefile.am.

Drop the first AC_CHECK_LIB check. The second check is sufficient.

Q: Don't we already use "-Wl,--as-needed" to eliminate overlinking?
A: We do, but it is effective only for executables, not for shared
   libraries. This is due to a libtool bug:
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347650
2015-10-14 14:43:38 +02:00
Zbigniew Jędrzejewski-Szmek
2fd385c670 build-sys: check for xsltproc when building manpages
Only check for xsltproc if it will be used.
If not found, complain.

https://github.com/systemd/systemd/issues/1521
2015-10-12 13:53:55 -04:00
Zbigniew Jędrzejewski-Szmek
898d5660eb build-sys: use pkgconfig and lz4 and bump version
The new frame api was released in v. 125.
2015-10-10 23:00:15 -04:00
Daniel Mack
44f169accf configure.ac: bump version number 2015-10-07 16:39:59 +02:00
Lennart Poettering
e287086b8a ask-password: add support for caching passwords in the kernel keyring
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.

This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.

Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
2015-10-07 12:26:14 +02:00
Susant Sahani
c3eae485bb missing.h : add bridge params 2015-10-05 09:43:29 +05:30
Lennart Poettering
ae4566a67f Merge pull request #1374 from olof/autoconf_gcrypt_dep
build-sys: only use AM_PATH_LIBGCRYPT macro if it exists
2015-09-24 16:31:49 +02:00
Olof Johansson
79e8bde40d build-sys: only use AM_PATH_LIBGCRYPT macro if it exists
If gcrypt's m4 macro files aren't installed, with this change, gcrypt
will be disabled --- unless gcrypt support was explicitly requested by
passing --enable-gcrypt to configure, in which case it will fail.
Without this change, autoconf would fail either way with not being able
to resolve AM_PATH_LIBGCRYPT.
2015-09-24 14:30:30 +02:00
Jan Engelhardt
e71fadd4dc build: remove AC_FUNC_MALLOC
What is the rationale to have AC_FUNC_MALLOC? It does not actually
abort the configure run if an "unsuitable" malloc was found, and
instead just replaces malloc by rpl_malloc, for which systemd however
has no definition, either.

Remove the call.
2015-09-23 16:25:37 +02:00
Filipe Brandenburger
a01a4517e1 build-sys: Check behavior of -Werror=shadow before deciding to use it
gcc versions 4.6 and earlier used to complain when a local variable
shadows a global function, 4.7 and above only complain if a local
variable shadows a global variable.

Fix this by checking whether gcc 4.7+ behavior is in place before
deciding to use -Werror=shadow in $(CFLAGS), by using a custom test
program source that shadows a global function with a local variable and
confirming that -Werror=shadow does not make the compile to break.

Tested:
- On gcc 4.7 and 4.8, confirmed nothing changed (other than the order of
  the -Werror=shadow argument, going to the end of CFLAGS.)
- On gcc 4.6, confirmed by looking at the config.log output that the
  check for -Werror=shadow failed and it was not included in CFLAGS.
- Ran `make V=1` to confirm -Werror=shadow was still in use, introduced
  a bogus shadowing issue and confirmed it was caught when building with
  a recent gcc.
2015-09-22 09:54:33 -07:00
Karel Zak
d379d44255 mount: use libmount to monitor mountinfo & utab
The current implementation directly monitor /proc/self/mountinfo and
/run/mount/utab files. It's really not optimal because utab file is
private libmount stuff without any official guaranteed semantic.

The libmount since v2.26 provides API to monitor mount kernel &
userspace changes and since v2.27 the monitor is usable for
non-root users too.

This patch replaces the current implementation with libmount based
solution.

Signed-off-by: Karel Zak <kzak@redhat.com>
2015-09-14 09:12:31 +02:00
Sangjung Woo
1fab0cbafc smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
2015-09-10 21:52:39 +09:00
David Herrmann
23d08d1b2b build: prepare for v226
Bump version info and update NEWS for the upcoming release.
2015-09-08 13:31:57 +02:00
Michael Biebl
d6629e64f8 build-sys: remove sphinx binary from configure summary
We no longer use sphinx as part of the build process so remove it from
the configure summary as well.
This is a leftover from commit 2799e519ca.
2015-09-06 19:08:13 +02:00
Jan Alexander Steffens (heftig)
0e3b0a95cc build-sys: Look for gcc-* binutils wrappers only if we're using GCC
If we don't look for them, LT_INIT will and default to the unprefixed
tools.

Apparently clang doesn't like the wrappers being used. Should fix #1077.
2015-09-01 13:27:42 +02:00