1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-09 01:18:19 +03:00
Commit Graph

72186 Commits

Author SHA1 Message Date
Yu Watanabe
077f63264f networkctl: use journal_add_matchf() and journal_add_match_pair() 2024-03-25 21:39:37 +09:00
Yu Watanabe
f936ae2120 journal-gateway: use journal_add_match_pair() and add_match_boot_id() 2024-03-25 21:39:37 +09:00
Yu Watanabe
8334b36653 coredumpctl: use strv_skip()
No functional change, just refactoring.
2024-03-25 21:39:37 +09:00
Yu Watanabe
5cacb0b645 coredumpctl: use journal_add_match_pair()
Also,
- use is_path(),
- drop unused pid.
2024-03-25 21:39:34 +09:00
Luca Boccassi
ccd956887f test: add missing return value check in test-dirent-util
CID#1540029

Follow-up for 6a57d86bf9
2024-03-25 12:25:18 +00:00
Daan De Meyer
b21d56e82c mkosi: Use new environment variables for Arch
These were changed to be prefixed with _systemd_ so let's account
for that.
2024-03-25 12:06:50 +00:00
Luca Boccassi
b0118b2533 homework: add missing assert
'cache' is used unconditionally in this function, so add an assert.

CID#1540860
2024-03-25 12:02:20 +00:00
Hans de Goede
93cc8de05c hwdb: Add mapping for ACPI quickstart keys on Toshiba Z830
The Toshiba Z830 has 3 hotkeys which use the ACPI PNP0C32 quickstart spec:
https://archive.org/details/microsoft-acpi-dirapplaunch

These devices have an ACPI method called GHID() which suggests
it returns a value from the "HID Usage Tables" document, but these
methods simple returns a follow number for the button (1, 2 and 3).

The first 2 buttons are for what the manual calls "TOSHIBA eco button"
and "TOSHIBA Presentation button", since there is no good match for
these simply map them to KEY_PROG1 and KEY_PROG2.

The third button is intended to toggle the touchpad on/off, map
this to F21 which GNOME/KDE will interpret as touchpad toggle.
2024-03-25 10:57:22 +00:00
dependabot[bot]
7cf4434c50 build(deps): bump pkg/arch from 4d1ecb0 to 3b86b91
Bumps pkg/arch from `4d1ecb0` to `3b86b91`.

---
updated-dependencies:
- dependency-name: pkg/arch
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 11:36:54 +01:00
dependabot[bot]
80320fa6bb build(deps): bump pkg/fedora from 2e32a33 to f1d3866
Bumps pkg/fedora from `2e32a33` to `f1d3866`.

---
updated-dependencies:
- dependency-name: pkg/fedora
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 11:36:12 +01:00
dependabot[bot]
9504b4cd8c build(deps): bump pkg/debian from 3b47281 to 1932e19
Bumps pkg/debian from `3b47281` to `1932e19`.

---
updated-dependencies:
- dependency-name: pkg/debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 11:34:24 +01:00
Krzesimir Nowak
18c1ea41c1 test: Add cases for failures to import the hierarchy 2024-03-25 08:33:31 +01:00
Krzesimir Nowak
f94da307f9 sysext: Fail when trying to import mutable layer that's a symlink to hierarchy 2024-03-25 08:33:31 +01:00
Krzesimir Nowak
baaa167926 test, sysext: Actually fail the whole operation if sd-merge worker failed
This also fixes a wrong merge failure check.
2024-03-25 08:33:22 +01:00
Krzesimir Nowak
e2bdece284 test: Add test cases for sysext ephemeral-import mode 2024-03-25 08:30:09 +01:00
Krzesimir Nowak
5ae2f83b3e man: Document sysext ephemeral-import mode 2024-03-25 08:30:09 +01:00
Krzesimir Nowak
3d6a34a591 sysext: Implement ephemeral import mode
To enable it, use "ephemeral-import" either for mutable mode environment
variable or for value of "--mutable=" flag.

This is a combination of "ephemeral" and "import" modes. It results in a
mutable hierarchy that includes contents of the mutable extension data, but the
modifications are thrown away when the hierarchy is unmerged.
2024-03-25 08:30:01 +01:00
Krzesimir Nowak
153e7f7b24 test: Extend sysext tests with cases using ephemeral mode 2024-03-25 08:19:48 +01:00
Krzesimir Nowak
504bdf08b5 man: Document sysext ephemeral mode 2024-03-25 08:19:48 +01:00
Krzesimir Nowak
6be5b44239 sysext: Implement ephemeral mode
To enable it, use "ephemeral" either for mutable mode environment variable or
for value of "--mutable=" flag.

Instead of using mutable dir in /var/lib/extensions.mutable/<hierarchy>, we
create a directory for overlayfs upperdir and workdir in the same tmpfs mount
that sysext worker process creates in /run/systemd/sysext. As the path for the
workdir will be gone when the worker quits, there is no need to do any
additional cleanup. As such, there is also no need to store a path to workdir
in the metadata directory.
2024-03-25 08:19:43 +01:00
Krzesimir Nowak
454bb41030 sysext: Add missing --mutable mode in help output 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
ca49d4c33d man: Install sysext man pages when ENABLE_SYSEXT is true 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
9245b547cc test: Extend sysext tests with cases using env var for mutable mode 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
73cfa16d16 test: Fail sysext test if reusing a root directory 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
33cb10f68d docs: Document SYSTEMD_SYSEXT_MUTABLE_MODE env var 2024-03-25 08:14:36 +01:00
Krzesimir Nowak
ad43c784bb sysext: Add support for mutable mode environment variables
The environment variable names are SYSTEMD_SYSEXT_MUTABLE_MODE for
systemd-sysext and SYSTEMD_CONFEXT_MUTABLE_MODE for systemd-confext. These
override the default mutable mode setting, but can be still overridden by a
command-line flag.
2024-03-25 08:14:36 +01:00
Krzesimir Nowak
738eaf9697 sysext: Move parsing mutable mode to a separate function 2024-03-25 08:14:36 +01:00
Friedrich Altheide
5e3c08d375 basic/virt: Fix virtualbox detection on proprietary system via board_vendor
Identify an virtualbox instance even if product_name, sys_vendor and bios_vendor reflect the
information of the real hardware, by checking if board_vendor == "Oracle Corporation"

This fixes #13429 again
The previous fix was removed in #21127
2024-03-24 18:02:42 +00:00
Pierre GRASSER
1aee6aa5c5 po: Translated using Weblate (French)
Currently translated at 100.0% (233 of 233 strings)

Co-authored-by: Pierre GRASSER <pierre.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-03-24 16:55:33 +01:00
Luca Boccassi
22a36720bf test: explain how Ubuntu CI log URLs are created
Not trivially obvious, so add a couple of paragraph to explain it
2024-03-24 16:53:01 +01:00
Gabríel Arthúr Pétursson
1923e21316 shared: Fix TPM2 unsealing when PCR values change
Recreate the encryption session on each retry. It's invalidated along
with the policy session when freed, failing subsequent retries.

	Unsealing HMAC key.
	WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error
	ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x00000128)
	A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (30 tries left).
	Missing encryption session
	Failed to unseal secret using TPM2: Invalid argument

Fixes #31881
2024-03-24 12:49:22 +00:00
Luca Boccassi
a2369b8be4
Merge pull request #31919 from YHNdnzj/analyze-verify
Some fixes/improvements for analyze
2024-03-24 11:50:44 +00:00
Luca Boccassi
7591ae713f
Merge pull request #31916 from YHNdnzj/socket-load-service
core/socket: validate service unit load state before continuing
2024-03-24 11:43:37 +00:00
Mike Yuan
8e1a1caa9c
Merge pull request #31886 from DaanDeMeyer/logind
logind: Add fallback for when the PIDFDs= property is not available
2024-03-24 19:19:12 +08:00
Luca Boccassi
9c5b5d01f9
Merge pull request #31917 from keszybz/path-equal-ptr-drop
Drop unnecessary path_equal_ptr() wrapper
2024-03-24 11:10:58 +00:00
Luca Boccassi
84c72b53c7
Merge pull request #31913 from YHNdnzj/dynamic-user-unref
core/dynamic-user: trivial modernization
2024-03-24 11:10:10 +00:00
networkException
f2cb9d17da bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules
This patch fixes an issue where, when not specifiying either at least one
`SocketBindAllow` or `SocketBindDeny` rule, behavior for the bind syscall
filtering would be unexpected.

For example, when trying to bind to a port with only "SocketBindDeny=any"
given, the syscall would succeed:

> systemd-run -t -p "SocketBindDeny=any" nc -l 8080

Expected with this set of rules (also in accordance with the documentation)
would be an Operation not permitted error.

This behavior occurs because a default initialized socket_bind_rule struct
matches what "any" represents. When creating the bpf list all elements get
default initialized, as such represeting "any". Seemingly it is necressarry
to set the size of the map to at least one, as such if no allow rule is
given default initialization and minimal map size cause one any allow rule
to be in the map, causing the behavior observed above.

This patch solves this by introducing a new "match nothing" magic stored in
the rule's address family and setting such a rule as the first one if no
rule is given, making sure that default initialized rule structs are never
used.

Resolves #30556
2024-03-24 11:08:58 +00:00
mkubiak
5011038f1d Added resolution for Huion Kamvas Pro 19 2024-03-24 11:06:56 +00:00
Luca Boccassi
e5db2600bc
Merge pull request #31552 from AdrianVovk/homed-update-policy-v2-split
Homed update policy: offline updates & use keyring
2024-03-24 10:11:09 +00:00
Mike Yuan
ac97053618
analyze: refuse --global dot/verify
I don't quite understand the rationale of making these
verbs work with --global back in the day. But realistically
they interact with/spawn manager, while there's no
--global runtime scope manager. And to verify/inspect user
units it's sufficient to just use --user.

Fixes #31911
2024-03-24 01:28:28 +08:00
Mike Yuan
147e7b4446
analyze-dot: also show BindsTo= in --require 2024-03-24 01:28:28 +08:00
Mike Yuan
de91848c3a
analyze-dot: minor modernization 2024-03-24 01:28:28 +08:00
Mike Yuan
3efb597b07
analyze-security: use FOREACH_ARRAY 2024-03-24 01:11:14 +08:00
Mike Yuan
54668cb9a0
core/socket: use FOREACH_ARRAY at one more place 2024-03-24 01:08:40 +08:00
Mike Yuan
d6a911e906
core/socket: clean up socket peer handling a bit
Currently, SocketPeer object acquired through
socket_acquire_peer() are referenced twice
in socket_enter_running and service_set_socket_fd,
and the reference taken by former gets dropped
through _cleanup_. This is a bit confusing.
Let's just pass ownership instead.
2024-03-24 01:08:40 +08:00
Mike Yuan
23908d8410
core/socket: remove duplicate unit_add_two_dependencies 2024-03-24 01:08:40 +08:00
Mike Yuan
f61e4e5380
core/socket: validate service unit load state before continuing
Fixes #31915
2024-03-24 01:08:40 +08:00
Mike Yuan
dc4c587163
core: introduce UNIT_IS_LOAD_ERROR helper 2024-03-24 01:08:40 +08:00
Zbigniew Jędrzejewski-Szmek
acb27fba43 shared/install: use PATH_IN_SET() 2024-03-23 13:30:24 +01:00
Zbigniew Jędrzejewski-Szmek
1934242b72 Drop unnecessary path_equal_ptr() wrapper
path_equal already works with NULL pointers.
2024-03-23 13:21:06 +01:00