1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

77022 Commits

Author SHA1 Message Date
Mike Yuan
b8fa230596
core/unit: put the reload job back to queue if unit is refreshing 2024-10-22 19:19:46 +02:00
Mike Yuan
c240f293b8
shared/bus-util: debug log when falling back to session bus
Follow-up for d0316b7a0d
2024-10-22 19:19:46 +02:00
Mike Yuan
d845254b7f
basic/fs-util: move unlink_tempfilep() to tmpfile-util 2024-10-22 19:19:39 +02:00
Mike Yuan
7e40b51a2e
man/org.freedesktop.systemd1: complete version info for ManagedOOMMemoryPressureDurationUSec
Follow-up for 63d4c4271c

Some unit types were left out.
2024-10-22 19:12:27 +02:00
Lennart Poettering
119252343e
Merge pull request #34848 from yuwata/network-dhcpv6-do-not-request-ia-pd-on-info-req
network/dhcp6: do not request IA_PD on information requesting mode
2024-10-22 18:00:12 +02:00
Ronan Pigott
afdb38a39f resolved: validate noerror response for CNAMEs
CNAME doesn't exist at the zone apex. When we get an unsigned noerror
response to a direct query for a CNAME record, we don't yet know if this
name is zone apex. We already request the correct DS record in this
case, but previously skipped it at validation time, causing the answer
to appear bogus. Make sure to also consider the DS record for the query
name for negative replies.
2024-10-22 17:59:05 +02:00
Daan De Meyer
a95aacc851
Merge pull request #34851 from DaanDeMeyer/medium
bus-util: Return ENOMEDIUM if XDG_RUNTIME_DIR is unset
2024-10-22 13:37:59 +02:00
Daan De Meyer
d64a5b30f1 bus-util: Fix bus_log_connect_error() 2024-10-22 12:32:02 +02:00
Daan De Meyer
d0316b7a0d bus-util: Special case when DBUS_SESSION_BUS_ADDRESS is set and XDG_RUNTIME_DIR isn't
We noticed some failures because we have code that connects to user
managers by setting DBUS_SESSION_BUS_ADDRESS without setting XDG_RUNTIME_DIR.
If that's the case, connect to the user session bus instead of the
private manager bus as we can't connect to the latter if XDG_RUNTIME_DIR
is not set.
2024-10-22 11:17:40 +02:00
Daan De Meyer
c5698fe907 bus-util: Return ENOMEDIUM if XDG_RUNTIME_DIR is unset
bus_log_connect_error() checks for ENOMEDIUM, not ENXIO.
2024-10-22 10:59:27 +02:00
Lennart Poettering
35f51be4f8
Merge pull request #34761 from ikruglov/ikruglov/io-systemd-Machine-GetAddresses
machine: add Addresses, OSRelease, and UIDShift fields in varlink io.systemd.Machine.List output
2024-10-22 09:06:56 +02:00
Lennart Poettering
2d74427a7c
Merge pull request #30952 from rpigott/resolved-dnr
RFC9463: Discovery of Network-designated Resolvers
2024-10-22 09:05:36 +02:00
Luca Boccassi
aa077884c1 test: CET/EET are deprecated, use Europe/Berlin and Kyiv
The links moved to the legacy dataset so they won't be available by
default, so stop using them and just use the city ones instead
2024-10-21 21:37:33 +02:00
Yu Watanabe
1f5a052963 man: suggest to use DHCPv6Client= when upstream provides RA with the Managed bit unset
Follow-up for daf9f42f91.
2024-10-22 04:35:03 +09:00
Yu Watanabe
5ff567f74f network/dhcp6: do not request IA_PD when running in the other-information mode
This reverts the following commits:
- 180cc5421d
  "sd-dhcp6-client: allow to request IA_PD on information requesting mode"
- cf7a403e47
  "sd-dhcp6-lease: adjust information refresh time with lifetime of IA_PD"
- 1918eda30d
  "network/dhcp6: process hostname and IA_PD on information requesting mode"

As per discussion in #34299,
https://github.com/systemd/systemd/issues/34299#issuecomment-2425153221
the offending commits violate RFC 8415 section 18.2.6:
> The client uses an Information-request message to obtain
> configuration information without having addresses and/or delegated
> prefixes assigned to it.
2024-10-22 04:34:50 +09:00
Daan De Meyer
e8fb0643c1
Merge pull request #34628 from DaanDeMeyer/measure
Rework TEST-86-MULTI-PROFILE-UKI + associated bugfixes
2024-10-21 18:55:33 +02:00
Ronan Pigott
ee2108dcd5 resolve: move sd-* api into libsystemd-network
This duplicates the svc param constants for the benefit of the
resolved-core library.
2024-10-21 09:10:20 -07:00
Ronan Pigott
e3a23b1679 ndisc: implement ndisc_option_build_encrypted_dns
This is only used by the fuzzer so far.
2024-10-21 09:10:20 -07:00
Ronan Pigott
7823f8a784 network: add dnr resolvers to networkctl status json output 2024-10-21 09:10:20 -07:00
Ronan Pigott
8ef7b6e656 test/fuzz: add dnr packets
The structure of DNR options is considerably more complicated than most
DHCP options, and as a result the fuzzer has poor coverage of these code
paths.

This adds some DNR packets to the fuzzing corpus, not with the intent of
capturing some specific edge case, but with the intent to rapidly
improve the fuzzers' coverage of these codepaths by giving it a valid
example to begin with.

Also include an ndisc router advert with a few Encrypted DNS options,
for the same purpose.
2024-10-21 09:10:20 -07:00
Ronan Pigott
65187c46ef network: Serialize ipv6ra DNR
Serialize DNR servers acquired by ipv6ra option, same as the V4/V6 DNR
DHCP options.
2024-10-21 09:10:20 -07:00
Ronan Pigott
9c683c0e1f network: Introduce IPv6RA UseDNR= option
Same as the DHCP v4/v6 options, this controls the use of DNR received
from ipv6ra.
2024-10-21 09:10:20 -07:00
Ronan Pigott
0c90d1d2f2 ndisc: Parse RFC9463 encrypted DNS (DNR) option
This option is equivalent to the V4/V6 DNR options for DHCP.
2024-10-21 09:10:19 -07:00
Ronan Pigott
cb386795c2 test-network: add DHCPv6 DNR test
Same as the DHCPv4 test.
2024-10-21 09:10:19 -07:00
Ronan Pigott
168ad243cc network: Serialize DHCPv6 DNR servers
This serializes DNR servers acquired by V6_DNR option, equivalent to the
V4_DNR option.
2024-10-21 09:10:19 -07:00
Ronan Pigott
c691f9d984 network: Introduce UseDNR DHCPv6 option
This is equivalent to the DHCPv4 option introduced earlier.
2024-10-21 09:10:19 -07:00
Ronan Pigott
a07e83cc58 network: Parse RFC9463 DHCPv6 DNR option
Implement the parsing for V6_DNR DHCPv6 option. This does the same as
the DHCP V4_DNR option.
2024-10-21 09:10:19 -07:00
Ronan Pigott
1be9b30a3b dhcp6: use dns_name_from_wire_format
Convert some of the option parsing to use dns_name_from_wire_format,
introduced earlier. No change in behavior intended.
2024-10-21 09:10:19 -07:00
Ronan Pigott
2d9822b634 test-dhcp6: terminate fqdn option
The encoded fqdn in this option must be properly terminated. We will
soon validate that this field is correctly encoded, so correct it in the
test.
2024-10-21 09:10:19 -07:00
Ronan Pigott
7957154e06 test-network: add test for DHCPv4 DNR
This will test that networkd/resolved can understand the V4_DNR DHCP
option.
2024-10-21 09:10:19 -07:00
Ronan Pigott
3fd6708cde network: Serialize DNR servers
Implement serialization/deserialization for DNR servers. This re-uses
the string format in place for user configuration of DoT servers, and as
a consequence non-DoT servers are discarded when recording the link
configuration, for correctness.

This also enables sd-resolved to use these servers as it would other DNS
servers.
2024-10-21 09:10:19 -07:00
Ronan Pigott
b0e716310d network: Add serialization for DoT resolvers
For now only DoT is supported, so DoT resolvers are represented using
the existing configuration format.
2024-10-21 09:10:19 -07:00
Ronan Pigott
869381589d network: Introduce UseDNR DHCPv4 option
This option will control the use of DNR for choosing DNS servers on the
link. Defaults to the value of UseDNS so that in most cases they will be
toggled together.
2024-10-21 09:10:19 -07:00
Ivan Kruglov
3cb72c7862 machine: add tests for Addresses/OSRelease/UIDShift fields in io.systemd.Machine.List output 2024-10-21 17:42:37 +02:00
Ivan Kruglov
9de215219c machine: use AcquireMetadata in io.systemd.MachineImage.List method 2024-10-21 17:42:37 +02:00
Ivan Kruglov
45755275e5 machine: add Addresses field in varlink io.systemd.Machine.List output
This is equivalent to DBus implementation of GetMachineAddresses.
2024-10-21 17:38:29 +02:00
Ivan Kruglov
a94fbcaa35 machine: add OSRelease and UIDShift fields in varlink io.systemd.Machine.List output
This commit adds support of the above mentioned fields. This is equivalent to DBus implementation of:
- GetMachineOSRelease
- GetMachineUIDShift
2024-10-21 17:38:28 +02:00
Ivan Kruglov
16b1b304ba machine: enum AcquireMetadata 2024-10-21 17:34:11 +02:00
Daan De Meyer
977fc93603 Rework TEST-86-MULTI-PROFILE-UKI
Now that mkosi supports generating UKI profiles, let's make use of
that to generate the UKI profiles required for the test instead of
doing it within the test itself.
2024-10-21 17:24:14 +02:00
Daan De Meyer
922fe8b91d TEST-70-TPM2: Disable public key enrollment explicitly
Otherwise, when the test is executed on a system with signed PCRs,
cryptenroll will automatically pick up the public key from the UKI
which results in a volume that can't be unlocked because the pcrextend
tests appends extra things to pcr 11.
2024-10-21 17:24:14 +02:00
Daan De Meyer
88d9ca6d8a cryptenroll: Remove faulty assert()
We can break out of the preceeding for loop in certain scenarios
which would trigger the assert so let's drop it.
2024-10-21 17:24:14 +02:00
Daan De Meyer
b53f2d5ed8 pcrlock: Take VirtualSize > SizeOfRawData into account
If VirtualSize > SizeOfRawData, measure extra zeros to take into
account the extra zeros also measured by the stub.
2024-10-21 17:22:35 +02:00
Ivan Kruglov
d8964f9d4d machine: rework Operation logic to reuse in varlink interface 2024-10-21 17:08:14 +02:00
Lennart Poettering
9312b3dc28
Merge pull request #34403 from poettering/askpw-per-user
modernize the ask-password logic, and add unpriv askpw agents to the concept
2024-10-21 16:37:28 +02:00
Lennart Poettering
13be6e70af
Merge pull request #34787 from yuwata/core-ip-address-allow-deny
core/cgroup: fix IPAddressAllow=/IPAddressDeny= set through DBus
2024-10-21 16:35:49 +02:00
Luca Boccassi
3034dc0013 mkosi: update opensuse commit reference
It was force-pushed again
2024-10-21 15:17:00 +01:00
Lennart Poettering
e8139b15e1 varlinkctl: respect $COLUMNS when rebreaking lines and we are not connected to a TTY
Let's provide a mechanism to select the number of screen columns for
rebreaking comments in Varlink IDL connected to a TTY, by honouring the
$COLUMNS env var then too. Previously we'd only honour when connected to
a TTY, but it's also useful otherwise for rebreaking ridiculously long
comments, hence honour it in this case too.
2024-10-21 15:47:25 +02:00
Lennart Poettering
eda91cf080 tty-askpw-agent: modernize wall_tty_match() a bit 2024-10-21 14:15:21 +02:00
Lennart Poettering
2ee6fa552e ask-password-api: don't accidentally create a dir, when we don't want one
Previously, we were using touch(), which usually works fine, because the
path should always refer to an existing directory, in which case it just
updates the timestamp. However, if the dir does not exist yet (which
shouldn't happen), it would be created as regular file, which is just
wrong.

Hence, let's instead create the dir as dir if it is missing, and then
update its timestamp.
2024-10-21 14:14:16 +02:00
Lennart Poettering
f4c3bafd10 man: update PASSWORD_AGENTS spec, and introduce unpriv pw queries
Fixes: #1232 #2217
2024-10-21 14:14:13 +02:00