IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
To keep compatibility with any existing object authValues with trailing 0's,
change tpm2_get_pin_auth() to trim trailing 0's, which is what the TPM
implementation will do. This should retain compatibility with any existing
authValues that contain trailing 0's.
Note that any existing authValues with trailing 0's are unlikely to have worked
in the way that systemd uses them in object sealing, which is as a bind key for
the encryption (and policy) session. However, it is better to be compatible
with the TPM spec (and implementations) even if previously created objects that
are affected may not have worked.
Fixes: #28414
This reverts commit cefa4a02ab.
Because the first 'break' is inside a nested for loop, this second 'break' is
needed to exit the outer for loop.
Fixes: #28451
Previously, in path_is_root_at(), if statx() does not provide mount ID,
path_get_mnt_id_at() was called, but it also calls statx(). Let's avoid
the second trial.
When newer glibc is used, but kernel does not support statx(), then
glibc try to fallback with fstatat(). That's quite similar to our
implementation, but the supported flags are different, and if
unsupported flags are specified, it returns EINVAL.
Let's handle the case more gracefully.
As it says on the tin, configures the unit to survive a soft reboot.
Currently all the following options have to be set by hand:
Conflicts=reboot.target kexec.target poweroff.target halt.target
Before=reboot.target kexec.target poweroff.target halt.target
After=sysinit.target basic.target
DefaultDependencies=no
IgnoreOnIsolate=yes
This is not very user friendly. If new default dependencies are added,
or new shutdown/reboot types, they also have to be added manually.
The new option is much simpler, easy to find, and does the right thing
by default.
From the xfsprogs source code:
* We don't support filesystems smaller than 300MB anymore. Tiny
* filesystems have never been XFS' design target. This limit has been
* carefully calculated to prevent formatting with a log smaller than
* the "realistic" size.
*
* If the realistic log size is 64MB, there are four AGs, and the log
* AG should be at least 1/8 free after formatting, this gives us:
*
* 64MB * (8 / 7) * 4 = 293MB
So let's accommodate and bump the minimal XFS filesystem size to 300M.
Previously, if the priority is same, devlinks are always replaced by
newer events. The commit 331aa7aa15 changes
that to keep the existing devlink. That should not change any behavior
when the devices that request the same symlink do not have any
dependency, e.g. when /dev/sda1 and /dev/adb1 request the same
/dev/disk/by-label symlink, as there are no guarantee that which device
is processed first.
However, when devices has dependency, e.g. /dev/sda and /dev/sda1
request the same /dev/disk/by-label symlink, previously the symlink
always pointed to the partition, as the partition is always processed
later. But, 331aa7aa15 makes the symlink
point to the whole disk.
The change by 331aa7aa15 is crucial to
improve performance of devlink handling, especially when a system has
large number of disks with same label or so. Hence, cannot and should
not be reverted.
So, let's workaround the case, as such situation should happen only when
the disk is a hybrind ISO image, I guess.
Fixes#28468.
When an explicit sector size is set by the user it is also necessary to set the
sector size of any loopback devices. If the sector size is not set for loopback
devices then it can cause file system creation to fail or run into odd issues.
The intention was to have this option enabled by default everywhere,
but unfortunately at least one case was found where it breaks
compatibility of a program using systemd-run --scopes and expecting
variables not to be expanded:
https://sources.debian.org/src/pbuilder/0.231/pbuilder-checkparams/#L400
Example run:
systemd-run --quiet --scope --description=pbuilder_build_xfce4-notes-plugin_1.10.0-1.dsc '--slice=system-pbuilder-build-xfce4\x2dnotes\x2dplugin_1.10.0\x2d1-449932.slice' chroot /var/cache/pbuilder/build/449932 dpkg-query -W '--showformat=${Version}' apt
Restore backward compatibility and make the option disabled by default
when --scope is used, and enabled by default for other types.
In case --expand-environment is not specified and a '$' character is
detected, print a warning to nudge users toward specifying the
parameter as needed. In the future we can then flip the default.
Follow-up for 2ed7a221fa
This fixes the test failure when invoked by a user.
===
Running ./systemd-tmpfiles --user on 'f /tmp/test-systemd-tmpfiles.1foag_ur/test-content.n_9r_xhm/arg - - - - %S'
expect: '/home/watanabe/.config'
actual: '/home/watanabe/.local/state'
Traceback (most recent call last):
File "/home/watanabe/git/systemd/test/test-systemd-tmpfiles.py", line 233, in <module>
test_valid_specifiers(user=True)
File "/home/watanabe/git/systemd/test/test-systemd-tmpfiles.py", line 135, in test_valid_specifiers
test_content('f {} - - - - %S',
File "/home/watanabe/git/systemd/test/test-systemd-tmpfiles.py", line 88, in test_content
assert content == expected
^^^^^^^^^^^^^^^^^^^
AssertionError
===
This also makes the test uses fallback paths.
Follow-up for b50aadaff2.
Template names can be learned from the filesystem, so there isn't a need
to parse the output of systemctl list-unit-files in this case. This
should accelerate the completion of some verbs like enable.
The existing caching policy isn't very sensible for this cache. We could
write a different policy, but I don't think there is much value in
caching these values, as in my experience the command used to generate
them is quick.
The existing caching policy was completely bogus.
In the first stanza, despite the comment, the pattern given would
consider the cache invalid if it was more than 1 hour old.
The second stanza was also incorrect, since the output of `systemctl
--all` is not unit file paths, but unit names. When they were being
tested against the cachefile mtime, the test would always fail becuase
of the nonexistant file (hopefully).
In fact it's not very useful to test if the unit files have newer mtime
in this case anyway, since we are only caching their names. Also,
`systemctl --all` is an unfortunately slow operation to be used in
testing for the cache validity — we want this operation to at least be
faster than rebuilding the cache.
I've rewritten this stanza with my best guess at its original intent. It
now checks against the mtime of the parent directories in the search
path, which should be updated and cause the cache to rebuild when we
add, remove, or rename any unit files.
The previous definition was not quite appropriate for the library code
because it relied on the message domain set by textdomain() invocation
which is not necessarily the same message domain defined in
GETTEXT_PACKAGE macro.
The only code that uses _() so far is located in pam_systemd_home.c.
Fixes: 20f56fddcd ("Add gettext support")
The shell script version of kernel-install silently ignored unexpected
arguments, but C version refused that. Unfortunately, Fedora's kernel
script specifies kernel file even for 'remove' command. Let's accept
extra arguments and silently ignore them to keep backward compatibility.
Fixes#28448.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2223794.
This fixes regression introduced in 5a0c810462 with which all requests
for link properties ended up with EINVAL as we kept hitting
the signature_is_single() assert in sd_bus_get_property().
Currently for portable services we automatically add a bind mount
os-release -> /run/host/os-release. This becomes problematic for the
soft-reboot case, as it's likely that portable services will be configured
to survive it, and thus would forever keep a reference to the old host's
os-release, which would be a problem because it becomes outdated, and also
it stops the old rootfs from being garbage collected.
Create a copy when the manager starts under /run/systemd/propagate instead,
and bind mount that for all services using RootDirectory=/RootImage=, so
that on soft-reboot the content gets updated (without creating a new file,
so the existing bind mounts will see the new content too).
This expands the /run/host/os-release protocol to more services, but I
think that's a nice thing to have too.
Closes https://github.com/systemd/systemd/issues/28023
As mentioned in the NEWS entry, it seems to see very little use, but adds
complexity in our code. It was added mainly with the goal of making it easier
for people using grub2 to modify their boot configuration, but grub2 is gaining
support for BLS snippets. On the systemd side, we now have credentials. So
let's deprecate this, and if there's no outcry, remove it in a few releases.
https://www.rfc-editor.org/rfc/rfc4035.html#section-3.2.1 says
security-aware recursive name server MUST set DO bit when sending
requests. systemd-resolved does not do that by design. State it more
clearly in manual page. Unlike other implementations it disables not
only validation as it stated, but complete DNSSEC awareness.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
This commits adds version_is_valid_versionspec and uses it in
analyze-compare-version.c.
version_is_valid_versionspec differs from version_is_valid in that it acepts
empty strings and since valid characters in a version spec version are all
ASCII letters and digits as well as "-.~^", but ",_+" allowed by
version_is_valid are not.
Also give a more specific warning message on invalid characters.
