1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

62521 Commits

Author SHA1 Message Date
Yu Watanabe
71fa933b46 locale: sync two X11 contexts on update 2023-01-28 14:53:18 +09:00
Yu Watanabe
800f65f827 locale: always check input keyboard layout and friends earlier 2023-01-28 14:47:36 +09:00
Yu Watanabe
f59d83afaa locale: replace context_get_x11_context() with context_get_x11_context_safe()
Then, context_get_x11_context() always replies a valid X11 context.
No functional change, just refactoring.
2023-01-28 14:47:36 +09:00
Yu Watanabe
90005a4f0a locale: make vconsole_convert_to_x11() not update Context
This also makes x11_convert_to_vconsole() changed in the same way.
Then, their callers update Context if necessary.

No functional change, just preparation for later commits.
2023-01-28 14:47:36 +09:00
Yu Watanabe
ba4a886f2d locale: introduce VCContext and several helper functions for the struct
No functional changes, preparation for later commits.
2023-01-28 14:47:36 +09:00
Yu Watanabe
e0a720012d locale: add missing logs 2023-01-28 14:47:36 +09:00
Daan De Meyer
c811aba082 ukify: python 3.9 compat followup 2023-01-27 22:16:07 +01:00
Yu Watanabe
fe8e0f8e79 sleep: enumerate only existing and non-device batteries
The enumerator is now mostly consistent with on_ac_power() in
udev-util.c.
2023-01-27 20:52:12 +00:00
Yu Watanabe
3332cfe176 sleep: fix indentation 2023-01-27 20:52:12 +00:00
Yu Watanabe
a7795a4ecf sleep: introduce siphash24_compress_id128()
Also, rename get_battery_identifier() to siphash24_compress_device_sysattr().

This also makes any errors in sd_id128_get_machine() or id128_get_product()
ignored. For the machine ID, the failure should not be significant unless
the file stored in the discharge level is reused by another system, which
is quite unusual. For the product ID, if the firmware provides useless
ID (all zero or all 0xFF), then loading/storing the discharge rate
becomes completely broken, that should be avoided.

Note, now sysattrs are used instead of properties in uevent files, but
both provide the same information, hence no functionality should be
changed.
2023-01-27 20:52:12 +00:00
Yu Watanabe
3d9ca76f36 sleep: simplify code a bit
- use device_get_sysattr_int(),
- drop redundant log message.
2023-01-27 20:52:12 +00:00
Yu Watanabe
3c3f46013e sleep: coding style fixlets 2023-01-27 20:52:12 +00:00
Yu Watanabe
4f58b656d9 sleep: introduce SuspendEstimationSec=
Before v252, HibernateDelaySec= specifies the maximum timespan that the
system in suspend state, and the system hibernate after the timespan.

However, after 96d662fa4c, the setting is
repurposed as the default interval to measure battery charge level and
estimate the battery discharging late. And if the system has enough
battery capacity, then the system will stay in suspend state and not
hibernate even if the time passed. See issue #25269.

To keep the backward compatibility, let's introduce another setting
SuspendEstimationSec= for controlling the interval to measure
battery charge level, and make HibernateDelaySec= work as of v251.

This also drops implementation details from the man page.

Fixes #25269.
2023-01-27 20:52:12 +00:00
Jan Janssen
c49ac355c0 meson: Use files() in one more place 2023-01-27 18:37:15 +01:00
Jan Janssen
4c6d1e1665 meson: Install missing udev rule 2023-01-27 18:23:02 +01:00
Jan Janssen
7b2f84e3f2 meson: Install missing bash-completions 2023-01-27 17:56:12 +01:00
Jan Janssen
17be6f2709 meson: Install missing network file 2023-01-27 17:50:27 +01:00
Jan Janssen
3774ff06f2 meson: Install all catalogs 2023-01-27 17:47:09 +01:00
Jan Janssen
4c181c1a33 meson: Properly install 90-uki-copy.install 2023-01-27 17:47:09 +01:00
Jan Janssen
6249face77 meson: Remove unused variables 2023-01-27 17:47:09 +01:00
Frantisek Sumsal
42262f3e1b test: wrap delv & dig when running with sanitizers
On Arch both delv and dig pull in libnss_resolve:

```
$ grep resolve /etc/nsswitch.conf
hosts: mymachines resolve [!UNAVAIL=return] files myhostname dns
```
2023-01-27 16:40:52 +01:00
Frantisek Sumsal
270e9dcdb8 test: don't hang indefinitely on no match 2023-01-27 15:45:00 +01:00
Frantisek Sumsal
05bb428952 test: add a test for the OPENPGPKEY RR 2023-01-27 15:45:00 +01:00
Frantisek Sumsal
3095bd2cca test: add a couple of SRV records to check service resolution 2023-01-27 15:45:00 +01:00
Frantisek Sumsal
5c9111fe77 test: cover IPv6 in the resolved test suite 2023-01-27 15:45:00 +01:00
Daan De Meyer
c8943ce884 mkosi: Update and enable ukify in mkosi builds
We also add the necessary deps for ukify to the mkosi configs.

CentOS Stream 8 is dropped from CI because its python version is too
old (3.6) to be able to run ukify.
2023-01-27 15:05:04 +01:00
Lennart Poettering
b6033b7060 tmpfiles: automatically create /etc/credstore/ and friends
This adds a tmpfiles.d/ snippet for LoadCredential= style credentials
directories in /etc/ and /run/.

This is done primarily to ensure that the access modes for the dirs are
set up properly, in the most restrictive ways. Specifically these are
set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read
the credentials, and being UID=0 is not sufficient to do so.

This creates /etc/credstore/, but leaves /run/credstore/ absent if
missing, for now. Thinking is: the latter being non-persistent is
created by software usually, not manually by users, and hence more
likely right. But dunno, we might want to revisit this sooner or later.

This is ultimately an exercise to advertise the LoadCredential= concept
a bit, and do so in a reasonably secure way, underlining the safety of
the concept.
2023-01-27 10:03:38 +01:00
Lennart Poettering
745de3506a
Merge pull request #26228 from DaanDeMeyer/resolve-cap
resolve: Skip stubs if running in a container with userns but without network namespace
2023-01-27 10:03:17 +01:00
Lennart Poettering
1ea616372d journald: don't check for -EREMCHG on open, given that open doesn't generate it
We generate EREMCHG when writing entries, but not during open, hence
don't bother with checking for it.
2023-01-27 09:41:36 +01:00
Lennart Poettering
23cd1e0962 journal: use TAKE_PTR() at one more place 2023-01-27 09:41:18 +01:00
Jan Janssen
2df8574af0 boot: Use aarch64 virtual counter
This should be used in VMs and should also yield the same value when
running on real devices. It is also what grub uses.

Fixes: #26224
2023-01-27 09:26:16 +01:00
Daan De Meyer
0398c084ef resolve: Skip creating stubs if missing CAP_NET_BIND_SERVICE
If we don't have CAP_NET_BIND_SERVICE, we won't be able to bind
the stub listener socket, so let's skip creating it and log a warning.

We do the same for the extra stubs if they're configured on privileged
ports.
2023-01-26 22:29:05 +01:00
Daan De Meyer
2642d22adc nspawn: Drop CAP_NET_BIND_SERVICE when in userns but not in netns
If we're in a user namespace but not unsharing the network namespace,
we won't be able to bind any privileged ports even with
CAP_NET_BIND_SERVICE, so let's drop it from the retained capabilities
so services can condition themselves on that.
2023-01-26 22:18:47 +01:00
Zbigniew Jędrzejewski-Szmek
5783c4f0a4
Merge pull request #26209 from PeterCxy/doc-fido2-changes
Update NEWS and docs regarding FIDO2 support in systemd-crypt{enroll,setup}
2023-01-26 16:29:06 +01:00
Peter Cai
ad901df995 NEWS: Add entry about support for multiple FIDO2 tokens 2023-01-26 09:33:28 -05:00
Peter Cai
820c66dcfc docs: Update crypt{enroll,setup} limitations regarding FIDO2 2023-01-26 09:33:24 -05:00
Lennart Poettering
9540782d7b journal: prefix all functions with "server_" that operate on Server objects
Just some search/replace, no real code changes.

The majority of functions already followed this rule, but some did not.
Fix that.
2023-01-26 15:27:51 +01:00
Lennart Poettering
a133189eee journal-file: be a tiny bit more careful with generating seqnums
Let's handle overflows in a vaguely reasonable way, i.e. avoid the
special values 0 and UINT64_MAX
2023-01-26 15:27:16 +01:00
Yu Watanabe
2ed56afeb3 sleep: drop unnecessary temporal vaiable and initialization 2023-01-26 11:27:52 +00:00
Yu Watanabe
d812e104c7 sleep: fetch_batteries_capacity_by_name() does not return -ENOENT 2023-01-26 11:27:20 +00:00
Yu Watanabe
3d23df005e sleep: rename hibernate_delay_sec -> _usec 2023-01-26 11:22:04 +00:00
Lennart Poettering
8f8d7dff54 update TODO 2023-01-26 11:51:50 +01:00
Lennart Poettering
208ff21a40 journald: minor modernizations in kmsg handling code
Nothing earth shattering. Mostly just fixes (and some more careful
checking of the boolean variables we keep)
2023-01-26 11:20:18 +01:00
Lennart Poettering
50bf54ad0a
Merge pull request #26198 from poettering/journal-strict-mode
journal: enforce strict ordering only when writing journal files from journald, but not from journal-remote and similar
2023-01-26 11:19:54 +01:00
Zbigniew Jędrzejewski-Szmek
c26662b241 github/labeller: fix yaml syntax 2023-01-26 10:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
58634a2989 github/labeller: add more match patterns 2023-01-26 10:04:58 +01:00
Lennart Poettering
bd524f497f journal: automatically pick up boot ID in journal_file_append_entry()
Let's pick up the boot ID early if unspecified, in
journal_file_append_entry(). This is symmetric to the fact that we
already pick up the monotonic timestamp in journal_file_append_entry()
if unspecified, and given that the monotonic clock is not too useful
without its boot ID it makes a lot of sense to pick them up at the same
time.

There are two relevant callers of journal_file_append_entry() right now:
journald (which leaves the boot ID unspecified) and journal-remote
(there are also some tests, but those don't matter too much). The former
calls it to store new entries in the journal file, the latter for
converting/processing/merging existing ones (where it passes along the
original boot ID). This new code hence only is relevant on the former,
and using the boot ID of the current system is the right choice for live
generated entries.

Note that this effectively changes little, since the lower-level
function journal_file_append_entry_internal() will copy boot ID stored
in the file header into all records if unspecified, and typically that's
the one of the local system. But strictly speaking this is not the right
thing to do, since we actually might end up appending to journal files
from previous boots. (The lower level function is indirectly used by
various tests, where the copying-from-header logic kinda makes sense
since they are detached from any live messages streaming in from the
host after all).
2023-01-26 09:52:49 +01:00
William Roberts
6ae3bd82d0 sha256: header needs stddef
The sha256 header uses size_t which is within stddef, so add it.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-01-25 22:26:26 +01:00
Lennart Poettering
6713ed7a63 journal: add some line breaks/comments 2023-01-25 22:12:30 +01:00
Lennart Poettering
ce92dc27a1 journal-file: make strict order optional
This is a follow-up for 1d8d483f59 and
makes the strict ordering by realtime clock within each journal file
optional, not mandatory. It then enables it for all journal files
written by journald, but leaves it off on others (for example those
written by journald-remote).

This relaxes the logic behind writing journal files to the status quo
ante for all cases where the journal files are not generated, but are
merged/processed/propagated. Typically when processing journal records
from many files ordering by realtime clock and monotonic clock are
contradictory, and cannot be universally guaranteed as the records are
interleaved. By enforcing strict rules we would thus end up generating
myriads of separate journal files, each with just a few records in them.

Hence, let's losen restrictions again, but continue to enforce them in
journald, i.e. when we original create the journal files locally.

Note that generally there's nothing really wring with having journal
files with non-monotonically ordered entries by realtime clock. Looking
for records will not be deterministic anymore, but that's inherent to a
realtime clock that jumps up and down. So you won't get the "only"
answer, but still *a* answer that is correct if you seek for a realtime
clock.

This also adds similar logic on the monotonic clock, which is also only
enabled when generating journal files locally. This should be harder to
trigger (as journald will generate the messages, and should run with a
stable boot id and monotonic clock), but let's better be safe than
sorry, and refuse on the lower layer what makes no sense, even if it's
unlikely the higher layer will ever generate records that aren't ordered
by their monotonic clock.
2023-01-25 22:12:29 +01:00