1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

61338 Commits

Author SHA1 Message Date
Aidan Dang
b04ff66b42 Implement --luks-pbkdf-force-iterations for homed 2022-12-06 15:56:11 +01:00
Yu Watanabe
64e7a14146
Merge pull request #25559 from intelfx/work/systemd-importd-quotas
import: wire up SYSTEMD_IMPORT_BTRFS_{SUBVOL,QUOTA} to importd
2022-12-06 14:05:35 +09:00
Lennart Poettering
5acb31a683 dissect: show color in log output 2022-12-06 12:25:00 +09:00
Luca Boccassi
83320324df journald: fix build error
Follow-up for: 379864f890

Two PRs clashed with each other and were merged before we noticed
2022-12-06 11:41:03 +09:00
Luca Boccassi
f252ea9ae4
Merge pull request #25638 from bluca/rate_limit_config
pid1: add env var to override default mount rate limit burst
2022-12-06 02:07:47 +01:00
Luca Boccassi
9cd4881d47
Merge pull request #25513 from brauner/pivot_root.nspawn
nspawn: support pivot_root()
2022-12-06 01:51:51 +01:00
Richard Phibel
379864f890 log: Switch logging to runtime when FS becomes read-only
The journal has a mechanism to log to the runtime journal if it fails to
log to the system journal. This mechanism is not triggered when the file
system becomes read-only. We enable it here.

When appending an entry fails if shall_try_append_again returns true,
the journal is rotated. If the FS is read-only, rotation will fail and
s->system_journal will be set to NULL. After that, when find_journal
will try to open the journal since s->system_journal will be NULL, it
will open the runtime journal.
2022-12-06 00:53:47 +01:00
Luca Boccassi
a5d63f1e29
Merge pull request #25633 from DaanDeMeyer/journald-another-ratelimit
journald: Ratelimit a few more log messages
2022-12-05 22:08:25 +01:00
Luca Boccassi
24a4542cfa pid1: add env var to override default mount rate limit burst
I am hitting the rate limit on a busy system with low resources, and
it stalls the boot process which is Very Bad (TM).
2022-12-05 21:05:57 +00:00
Jan Macku
c0ee89ac7e doc: CentOS is EOL use CentOS stream 2022-12-05 18:35:47 +01:00
Christian Brauner
e79581ddfe
nspawn: split mount tunnel setup
Before we supported pivot_root() nspawn used to make the rootfs shared
before setting up the mount tunnel. So it was safe for it to just turn
it into a dependent mount during setup.

However, we cannot do this anymore because of the requirements
pivot_root() has. After the pivot_root() we will make the rootfs shared
recursively. If we turned the mount tunnel into dependent mount before
mount_switch_root() this will have the consequence that it becomes a
shared mount within the same peer group as the rootfs. So no mounts will
propagate into the container from the host anymore.

To fix this we split setting up the mount tunnel and making it active
into two steps. Setting up the mount tunnel is performed before
mount_switch_root() and activating it afterwards. Note that this works
because turning a shared mount into a shared mount is a nop. IOW, no new
peer group will be allocated.

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-12-05 18:35:02 +01:00
Christian Brauner
b71a0192c0
nspawn: mount temporary visible procfs and sysfs instance
In order to mount procfs and sysfs in an unprivileged container the
kernel requires that a fully visible instance is already present in the
target mount namespace. Mount one here so the inner child can mount its
own  instances. Later we umount the temporary  instances created here
before we actually exec the payload. Since the rootfs is shared the
umount will propagate into the container. Note, the inner child wouldn't
be able to unmount the  instances on its own since it doesn't own the
originating mount namespace. IOW, the outer child needs to do this.

So far nspawn didn't run into this issue because it used MS_MOVE which
meant that the shadow mount tree pinned a procfs and sysfs instance
which the kernel would find. The shadow mount tree is gone with proper
pivot_root() semantics.

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-12-05 18:34:25 +01:00
Christian Brauner
57c10a5650
nspawn: support pivot_root()
In order to support pivot_root() we need to move mount propagation
changes after the pivot_root(). While MS_MOVE requires the source mount
to not be a shared mount pivot_root() also requires the target mount to
not be a shared mount. This guarantees that pivot_root() doesn't leak
any mounts.

Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
2022-12-05 18:34:25 +01:00
Luca Boccassi
f587e19217
Merge pull request #25639 from jamacku/update-contributing
doc: update link to systemd-rhel GitHub repository - `CONTRIBUTING.md`
2022-12-05 17:53:14 +01:00
Jan Macku
efe05392f6 doc: fix markdown-lint issues in CONTRIBUTING.md 2022-12-05 16:33:57 +01:00
Jan Macku
f6f213acaf doc: update link to systemd-rhel GitHub repo
systemd-rhel GitHub repository has been moved to new location:

- https://github.com/redhat-plumbers
2022-12-05 16:33:57 +01:00
Luca Boccassi
de28dd77c1 test: double default image size
I am now hitting the 500MB limit on Debian stable.
2022-12-05 15:17:57 +00:00
Daan De Meyer
04cb8ee880 journal: Ratelimit more log messages
Followup for 8522691d4d.
2022-12-05 14:41:53 +01:00
Daan De Meyer
d9799ea2e2 journal: Use shared log ratelimit constant
Instead of maintaining two different constants, move the constant
to journal-internal.h and share it between files.
2022-12-05 14:41:51 +01:00
Zbigniew Jędrzejewski-Szmek
cda7c31065
Merge pull request #25537 from evverx/fuzz-resource-records
tests: fuzz dns resource records
2022-12-05 13:41:38 +01:00
Yu Watanabe
cfef0734a1 acl-util: several cleanups
- add missing assertions,
- rename function arguments for storing result,
- rename variables which conflict our macros,
- always initialize function arguments for results on success.
2022-12-05 10:37:58 +01:00
Zbigniew Jędrzejewski-Szmek
8608fef36c
Merge pull request #25437 from YHNdnzj/systemctl-disable-warn-statically-enabled-services
systemctl: warn if trying to disable a unit with no install info
2022-12-05 10:27:24 +01:00
Daan De Meyer
2877b14720 chase-symlinks: Fix regression from 5bc244aaa9
Previously, chase_symlinks() always returned an absolute path, which
changed after 5bc244aaa9. This commit
fixes chase_symlinks() so it returns absolute paths all the time again.
2022-12-05 09:27:58 +01:00
Eric DeVolder
5fbaa75707 pstore: fixes for dmesg.txt reconstruction
This patch fixes problems with the re-assembly of the dmesg
from the records stored in pstore.

The current code simply ignores the last 6 characters of the
file name to form a base record id, which then groups any
pstore files with this base id into the reconstructed dmesg.txt.
This approach fails when the following oops generated the
following in pstore:

 -rw-------.  1 root root  1808 Oct 27 22:07 dmesg-efi-166692286101001
 -rw-------.  1 root root  1341 Oct 27 22:07 dmesg-efi-166692286101002
 -rw-------.  1 root root  1812 Oct 27 22:07 dmesg-efi-166692286102001
 -rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286102002
 -rw-------.  1 root root  1807 Oct 27 22:07 dmesg-efi-166692286103001
 -rw-------.  1 root root  1791 Oct 27 22:07 dmesg-efi-166692286103002
 -rw-------.  1 root root  1773 Oct 27 22:07 dmesg-efi-166692286104001
 -rw-------.  1 root root  1801 Oct 27 22:07 dmesg-efi-166692286104002
 -rw-------.  1 root root  1821 Oct 27 22:07 dmesg-efi-166692286105001
 -rw-------.  1 root root  1809 Oct 27 22:07 dmesg-efi-166692286105002
 -rw-------.  1 root root  1804 Oct 27 22:07 dmesg-efi-166692286106001
 -rw-------.  1 root root  1817 Oct 27 22:07 dmesg-efi-166692286106002
 -rw-------.  1 root root  1792 Oct 27 22:07 dmesg-efi-166692286107001
 -rw-------.  1 root root  1810 Oct 27 22:07 dmesg-efi-166692286107002
 -rw-------.  1 root root  1717 Oct 27 22:07 dmesg-efi-166692286108001
 -rw-------.  1 root root  1808 Oct 27 22:07 dmesg-efi-166692286108002
 -rw-------.  1 root root  1764 Oct 27 22:07 dmesg-efi-166692286109001
 -rw-------.  1 root root  1765 Oct 27 22:07 dmesg-efi-166692286109002
 -rw-------.  1 root root  1796 Oct 27 22:07 dmesg-efi-166692286110001
 -rw-------.  1 root root  1816 Oct 27 22:07 dmesg-efi-166692286110002
 -rw-------.  1 root root  1793 Oct 27 22:07 dmesg-efi-166692286111001
 -rw-------.  1 root root  1751 Oct 27 22:07 dmesg-efi-166692286111002
 -rw-------.  1 root root  1813 Oct 27 22:07 dmesg-efi-166692286112001
 -rw-------.  1 root root  1786 Oct 27 22:07 dmesg-efi-166692286112002
 -rw-------.  1 root root  1754 Oct 27 22:07 dmesg-efi-166692286113001
 -rw-------.  1 root root  1752 Oct 27 22:07 dmesg-efi-166692286113002
 -rw-------.  1 root root  1803 Oct 27 22:07 dmesg-efi-166692286114001
 -rw-------.  1 root root  1759 Oct 27 22:07 dmesg-efi-166692286114002
 -rw-------.  1 root root  1805 Oct 27 22:07 dmesg-efi-166692286115001
 -rw-------.  1 root root  1787 Oct 27 22:07 dmesg-efi-166692286115002
 -rw-------.  1 root root  1815 Oct 27 22:07 dmesg-efi-166692286116001
 -rw-------.  1 root root  1771 Oct 27 22:07 dmesg-efi-166692286116002
 -rw-------.  1 root root  1816 Oct 27 22:07 dmesg-efi-166692286117002
 -rw-------.  1 root root  1388 Oct 27 22:07 dmesg-efi-166692286701003
 -rw-------.  1 root root  1824 Oct 27 22:07 dmesg-efi-166692286702003
 -rw-------.  1 root root  1795 Oct 27 22:07 dmesg-efi-166692286703003
 -rw-------.  1 root root  1805 Oct 27 22:07 dmesg-efi-166692286704003
 -rw-------.  1 root root  1813 Oct 27 22:07 dmesg-efi-166692286705003
 -rw-------.  1 root root  1821 Oct 27 22:07 dmesg-efi-166692286706003
 -rw-------.  1 root root  1814 Oct 27 22:07 dmesg-efi-166692286707003
 -rw-------.  1 root root  1812 Oct 27 22:07 dmesg-efi-166692286708003
 -rw-------.  1 root root  1769 Oct 27 22:07 dmesg-efi-166692286709003
 -rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286710003
 -rw-------.  1 root root  1755 Oct 27 22:07 dmesg-efi-166692286711003
 -rw-------.  1 root root  1790 Oct 27 22:07 dmesg-efi-166692286712003
 -rw-------.  1 root root  1756 Oct 27 22:07 dmesg-efi-166692286713003
 -rw-------.  1 root root  1763 Oct 27 22:07 dmesg-efi-166692286714003
 -rw-------.  1 root root  1791 Oct 27 22:07 dmesg-efi-166692286715003
 -rw-------.  1 root root  1775 Oct 27 22:07 dmesg-efi-166692286716003
 -rw-------.  1 root root  1820 Oct 27 22:07 dmesg-efi-166692286717003

The "reconstructed" dmesg.txt that resulted from the above contained
the following (ignoring actual contents, just providing the Part info):

 Emergency#3 Part17
 Emergency#3 Part16
 Emergency#3 Part15
 Emergency#3 Part14
 Emergency#3 Part13
 Emergency#3 Part12
 Emergency#3 Part11
 Emergency#3 Part10
 Emergency#3 Part9
 Emergency#3 Part8
 Emergency#3 Part7
 Emergency#3 Part6
 Emergency#3 Part5
 Emergency#3 Part4
 Emergency#3 Part3
 Emergency#3 Part2
 Emergency#3 Part1
 Panic#2 Part17
 Panic#2 Part16
 Oops#1 Part16
 Panic#2 Part15
 Oops#1 Part15
 Panic#2 Part14
 Oops#1 Part14
 Panic#2 Part13
 Oops#1 Part13
 Panic#2 Part12
 Oops#1 Part12
 Panic#2 Part11
 Oops#1 Part11
 Panic#2 Part10
 Oops#1 Part10
 Panic#2 Part9
 Oops#1 Part9
 Panic#2 Part8
 Oops#1 Part8
 Panic#2 Part7
 Oops#1 Part7
 Panic#2 Part6
 Oops#1 Part6
 Panic#2 Part5
 Oops#1 Part5
 Panic#2 Part4
 Oops#1 Part4
 Panic#2 Part3
 Oops#1 Part3
 Panic#2 Part2
 Oops#1 Part2
 Panic#2 Part1
 Oops#1 Part1

The above is a interleaved mess of three dmesg dumps.

This patch fixes the above problems, and simplifies the dmesg
reconstruction process. The code now distinguishes between
records on EFI vs ERST, which have differently formatted
record identifiers. Using knowledge of the format of the
record ids allows vastly improved reconstruction process.

With this change in place, the above pstore records now
result in the following:

 # ls -alR /var/lib/systemd/pstore
 1666922861:
 total 8
 drwxr-xr-x. 4 root root   28 Nov 18 14:58 .
 drwxr-xr-x. 7 root root  144 Nov 18 14:58 ..
 drwxr-xr-x. 2 root root 4096 Nov 18 14:58 001
 drwxr-xr-x. 2 root root 4096 Nov 18 14:58 002

 1666922861/001:
 total 100
 drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
 drwxr-xr-x. 4 root root    28 Nov 18 14:58 ..
 -rw-------. 1 root root  1808 Oct 27 22:07 dmesg-efi-166692286101001
 -rw-------. 1 root root  1812 Oct 27 22:07 dmesg-efi-166692286102001
 -rw-------. 1 root root  1807 Oct 27 22:07 dmesg-efi-166692286103001
 -rw-------. 1 root root  1773 Oct 27 22:07 dmesg-efi-166692286104001
 -rw-------. 1 root root  1821 Oct 27 22:07 dmesg-efi-166692286105001
 -rw-------. 1 root root  1804 Oct 27 22:07 dmesg-efi-166692286106001
 -rw-------. 1 root root  1792 Oct 27 22:07 dmesg-efi-166692286107001
 -rw-------. 1 root root  1717 Oct 27 22:07 dmesg-efi-166692286108001
 -rw-------. 1 root root  1764 Oct 27 22:07 dmesg-efi-166692286109001
 -rw-------. 1 root root  1796 Oct 27 22:07 dmesg-efi-166692286110001
 -rw-------. 1 root root  1793 Oct 27 22:07 dmesg-efi-166692286111001
 -rw-------. 1 root root  1813 Oct 27 22:07 dmesg-efi-166692286112001
 -rw-------. 1 root root  1754 Oct 27 22:07 dmesg-efi-166692286113001
 -rw-------. 1 root root  1803 Oct 27 22:07 dmesg-efi-166692286114001
 -rw-------. 1 root root  1805 Oct 27 22:07 dmesg-efi-166692286115001
 -rw-------. 1 root root  1815 Oct 27 22:07 dmesg-efi-166692286116001
 -rw-r-----. 1 root root 28677 Nov 18 14:58 dmesg.txt

 1666922861/002:
 total 104
 drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
 drwxr-xr-x. 4 root root    28 Nov 18 14:58 ..
 -rw-------. 1 root root  1341 Oct 27 22:07 dmesg-efi-166692286101002
 -rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286102002
 -rw-------. 1 root root  1791 Oct 27 22:07 dmesg-efi-166692286103002
 -rw-------. 1 root root  1801 Oct 27 22:07 dmesg-efi-166692286104002
 -rw-------. 1 root root  1809 Oct 27 22:07 dmesg-efi-166692286105002
 -rw-------. 1 root root  1817 Oct 27 22:07 dmesg-efi-166692286106002
 -rw-------. 1 root root  1810 Oct 27 22:07 dmesg-efi-166692286107002
 -rw-------. 1 root root  1808 Oct 27 22:07 dmesg-efi-166692286108002
 -rw-------. 1 root root  1765 Oct 27 22:07 dmesg-efi-166692286109002
 -rw-------. 1 root root  1816 Oct 27 22:07 dmesg-efi-166692286110002
 -rw-------. 1 root root  1751 Oct 27 22:07 dmesg-efi-166692286111002
 -rw-------. 1 root root  1786 Oct 27 22:07 dmesg-efi-166692286112002
 -rw-------. 1 root root  1752 Oct 27 22:07 dmesg-efi-166692286113002
 -rw-------. 1 root root  1759 Oct 27 22:07 dmesg-efi-166692286114002
 -rw-------. 1 root root  1787 Oct 27 22:07 dmesg-efi-166692286115002
 -rw-------. 1 root root  1771 Oct 27 22:07 dmesg-efi-166692286116002
 -rw-------. 1 root root  1816 Oct 27 22:07 dmesg-efi-166692286117002
 -rw-r-----. 1 root root 30000 Nov 18 14:58 dmesg.txt

 1666922867:
 total 4
 drwxr-xr-x. 3 root root   17 Nov 18 14:58 .
 drwxr-xr-x. 7 root root  144 Nov 18 14:58 ..
 drwxr-xr-x. 2 root root 4096 Nov 18 14:58 003

 1666922867/003:
 total 104
 drwxr-xr-x. 2 root root  4096 Nov 18 14:58 .
 drwxr-xr-x. 3 root root    17 Nov 18 14:58 ..
 -rw-------. 1 root root  1388 Oct 27 22:07 dmesg-efi-166692286701003
 -rw-------. 1 root root  1824 Oct 27 22:07 dmesg-efi-166692286702003
 -rw-------. 1 root root  1795 Oct 27 22:07 dmesg-efi-166692286703003
 -rw-------. 1 root root  1805 Oct 27 22:07 dmesg-efi-166692286704003
 -rw-------. 1 root root  1813 Oct 27 22:07 dmesg-efi-166692286705003
 -rw-------. 1 root root  1821 Oct 27 22:07 dmesg-efi-166692286706003
 -rw-------. 1 root root  1814 Oct 27 22:07 dmesg-efi-166692286707003
 -rw-------. 1 root root  1812 Oct 27 22:07 dmesg-efi-166692286708003
 -rw-------. 1 root root  1769 Oct 27 22:07 dmesg-efi-166692286709003
 -rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286710003
 -rw-------. 1 root root  1755 Oct 27 22:07 dmesg-efi-166692286711003
 -rw-------. 1 root root  1790 Oct 27 22:07 dmesg-efi-166692286712003
 -rw-------. 1 root root  1756 Oct 27 22:07 dmesg-efi-166692286713003
 -rw-------. 1 root root  1763 Oct 27 22:07 dmesg-efi-166692286714003
 -rw-------. 1 root root  1791 Oct 27 22:07 dmesg-efi-166692286715003
 -rw-------. 1 root root  1775 Oct 27 22:07 dmesg-efi-166692286716003
 -rw-------. 1 root root  1820 Oct 27 22:07 dmesg-efi-166692286717003
 -rw-r-----. 1 root root 30111 Nov 18 14:58 dmesg.txt

Furthemore, pstore records on ERST are now able to accurately
identify the change in timestamp sequence in order to start a
new dmesg.txt, as needed.
2022-12-05 09:25:12 +01:00
Lennart Poettering
f8a8f613c6 Revert "update credentials when reloading a service"
This reverts commit 16a42b84cf.
2022-12-05 09:00:45 +01:00
Zbigniew Jędrzejewski-Szmek
d22771fc00 gpt-auto-generator: do not write "noauto" in unit options
"auto"/"noauto" only make sense in the fstab. Putting them in Options= in the
generated unit has no effect and is confusing.
2022-12-05 08:42:04 +01:00
Zbigniew Jędrzejewski-Szmek
c99070a8cb
Merge pull request #25618 from keszybz/sysctl-simplify-writing
Write sysctl values without newlines and as fixed strings
2022-12-05 08:41:00 +01:00
Ivan Shapovalov
c7779a61ac import: wire up SYSTEMD_IMPORT_BTRFS_{SUBVOL,QUOTA} to importd
Btrfs quotas are actually being enabled in systemd-importd via
setup_machine_directory(), not in systemd-{import,pull} where those
environment variables are checked. Therefore, also check them in
systemd-importd and avoid enabling quotas if requested by the user.

Fixes: #18421
Fixes: #15903
Fixes: #24387
2022-12-03 20:31:48 +04:00
Ivan Shapovalov
e9231901a2 machine-pool: simplify return values from setup_machine_directory()
Non-negative return values of setup_machine_directory() were never used
and never had clear meaning, so do not distinguish between various
non-error conditions and just return 0 in all cases.
2022-12-03 20:31:48 +04:00
Mike Yuan
0acb1459a1
rpm/systemd-update-helper: use --no-warn when disabling units
Suppress the "empty [Install] section" warning (see #25437).
2022-12-03 20:27:47 +08:00
Mike Yuan
108d35ac7d
systemctl: allow suppress the warning of no install info using --no-warn
In cases like packaging scripts, it might be desired to use
enable/disable on units without install info. So, adding an
option '--no-warn' to suppress the warning.
2022-12-03 20:26:19 +08:00
Mike Yuan
bf1bea43f1
systemctl: warn if trying to disable a unit with no install info
Trying to disable a unit with no install info is mostly useless, so
adding a warning like we do for enable (with the new dbus method
'DisableUnitFilesWithFlagsAndInstallInfo()'). Note that it would
still find and remove symlinks to the unit in /etc, regardless of
whether it has install info or not, just like before. And if there are
actually files to remove, we suppress the warning.

Fixes #17689
2022-12-03 20:26:14 +08:00
Luca Boccassi
8825e90a70 Update TODO 2022-12-03 11:23:00 +00:00
Zbigniew Jędrzejewski-Szmek
27c8ca439f manager: write net/unix/max_dgram_qlen sysctl as fixed string 2022-12-03 11:59:03 +01:00
Zbigniew Jędrzejewski-Szmek
a5fac1df27 manager: define a string constant for LONG_MAX and use that for sysctl
This moves the formatting of the constant to compilation time and let's us
avoid asprintf() in the very hot path of initial boot.
2022-12-03 11:59:03 +01:00
Zbigniew Jędrzejewski-Szmek
b47e0fac03 manager: do not append '\n' when writing sysctl settings
When booting with debug logs, we print:

   Setting '/proc/sys/fs/file-max' to '9223372036854775807
   '
   Setting '/proc/sys/fs/nr_open' to '2147483640
   '
   Couldn't write fs.nr_open as 2147483640, halving it.
   Setting '/proc/sys/fs/nr_open' to '1073741816
   '
   Successfully bumped fs.nr_open to 1073741816

The strange formatting is because we explicitly appended a newline in those two
places. It seems that the kernel doesn't care. In fact, we have a few dozen other
writes to sysctl where we don't append a newline. So let's just drop those here
too, to make the code a bit simpler and avoid strange output in the logs.
2022-12-03 11:59:03 +01:00
Lennart Poettering
c2534821dc dissect: add new helper verity_settings_data_covers()
This function checks if the external verity data referenced in
VeritySettings covers the specified partition (indicated via
designator).

Right now, we'll use that at one place, but in a later commit in more.
2022-12-03 00:22:23 +01:00
Lennart Poettering
d90b03f80d dissect: pick up gpt partition flags
Let's store the GPT partition flags in the dissected partition info.

Right now we won't actually use them for anything yet, but later we'll
add that, when enforcing policy on dissection.
2022-12-02 22:52:48 +01:00
Lennart Poettering
f6484e8503
Merge pull request #25570 from yuwata/dissect-rootless-image
dissect: support to unmount image without root partition
2022-12-02 18:25:53 +01:00
Lennart Poettering
1fe6e5c112 Revert "basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted"
This reverts commit 3e22dfc235.
2022-12-02 17:57:10 +01:00
Michal Sekletar
3e22dfc235 basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted
https://bugzilla.redhat.com/show_bug.cgi?id=2136916
2022-12-02 17:45:33 +01:00
Zbigniew Jędrzejewski-Szmek
6accdcc547
Merge pull request #25541 from medhefgo/boot-reconnect
boot: Fix huge boot delay
2022-12-02 14:37:17 +01:00
Frantisek Sumsal
d19e5540f2 test: check if we can use SHA1 MD for signing before using it
Some distributions have started phasing out SHA1, which breaks
the systemd-measure test case in its current form. Let's make sure we
can use SHA1 for signing beforehand to mitigate this.

Spotted on RHEL 9, where SHA1 signatures are disallowed by [0]:
```
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out "/tmp/pcrsign-private.pem"
...
openssl rsa -pubout -in "/tmp/pcrsign-private.pem" -out "/tmp/pcrsign-public.pem"
writing RSA key
/usr/lib/systemd/systemd-measure sign --current --bank=sha1 --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem"
Failed to initialize signature context.
```

[0] https://gitlab.com/redhat/centos-stream/rpms/openssl/-/blob/c9s/0049-Selectively-disallow-SHA1-signatures.patch
2022-12-02 14:33:05 +01:00
Zbigniew Jędrzejewski-Szmek
f323cac4a1
Merge pull request #25603 from DaanDeMeyer/mkosi
mkosi config changes
2022-12-02 14:27:16 +01:00
Yu Watanabe
a52efa813d dissect-image: log expected UUID for /var
Closes #25443.
2022-12-02 14:25:48 +01:00
Yu Watanabe
46dc071985 bootspec: fix null-dereference-read
Fixes [oss-fuzz#53578](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53578).
Fixes #25450.
2022-12-02 14:23:45 +01:00
Yu Watanabe
719b7d4dc2 fuzz-systemctl: limit the size of input
Fixes [oss-fuzz#53552](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53552).
Fixes #25445.
2022-12-02 14:22:25 +01:00
Daan De Meyer
d3a8471754 mkosi: Drop HostonlyInitrd=yes
This option will be removed in the upcoming version of mkosi so let's
stop using it in our config.
2022-12-02 10:46:32 +01:00
Daan De Meyer
6263e0a2c0 mkosi: Drop explicit Format=
Once mkosi migrates to systemd-repart, only "disk" will be supported
for making disk images with mkosi and the filesystem will have to be
specified in repart partition definition files. To accomodate this
change, let's remove the explicit Format= assignment which means we'll
default to a disk image with ext4 until we add our own mkosi.repart/
directory.
2022-12-02 10:44:56 +01:00
Yu Watanabe
6c2d70ce9f tree-wide: fix typo 2022-12-02 13:27:08 +09:00