IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes a regression introduced by 81fb5375b3b3bfc22d023d7908ad9eee4b3c1ffb.
If one of the cursor option is specified, we first seek to the cursor position.
So, the current position may be out of the time range specified by --until,
and we need to verify the timestamp of the current position.
Fixes#31776.
Co-authored-by: Reid Wahl <nrwahl@protonmail.com>
The new version of `devel-freezer` GitHub Action adds support for milestones, labels, and more. Now, when the `rc` tag is published, it won't post a development freeze comment on PRs included in the next milestone.
This commit also sets a delay of the 20s for PR validation to give some time for updating labels and milestones on submitted PRs.
It's great that we provide fallback values, but if we got one of those wrong,
it could be a long time before anyone noticed. So let's add asserts that the
our internal defines actually match the official ones, when the latter are
available.
I did not add '#include "macro.h"' to missing_{audit,capability}, because
those are processed by an awk script that would need additional include
directories and could be confused by the additional lines. We don't include
those headers standalone anyway, so this is not necessary anyway.
IOPRIO_* is defined in linux/ioprio.h, so we were always using our fallback
definitions.
The header list in meson.build is sorted. I'm not sure why it wasn't.
Custom mode allows to write updates to db, dbx, KEK and PK without
signature. See the comment block for a more detailed description.
In case the PK update has no signature try to enable custom mode.
For "kernel-install remove ..." only the kernel version is passed, not
the kernel image. So auto-detecting KERNEL_INSTALL_IMAGE_TYPE and
setting KERNEL_INSTALL_LAYOUT does not work for uninstall.
The 90-uki-copy.install plugin must consider this and *not* exit early
for the "remove" command, otherwise $BOOT_ROOT will be filled with stale
kernel images.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Naming is always a matter of preference, and the old name would certainly work,
but I think the new one has the following advantages:
- A verb is better than a noun.
- The name more similar to "the competition", i.e. 'sudo', 'pkexec', 'runas',
'doas', which generally include an action verb.
- The connection between 'systemd-run' and 'run0' is more obvious.
There has been no release yet with the old name, so we can rename without
caring for backwards compatibility.
c0aeff4b999318d4da48328fff0ea93c8c457ace added this in one unit file, but the
same problem occurs here. (There are no other files where this would apply.)
I think we should solve this systematically somehow, but it's not clear how to
do that, so until we have that better solution, let's apply the manual solution
so that our units work as expected.
Now, networkd accesses the state directory through the file descriptor
passed from systemd-networkd-persistent-storage.service.
Hence, the networkd itself does not need to access the state directory
through its path, and we can use more stronger mode for ProtectSystem=.
The state directory is owned by systemd-networkd-persistent-storage.service,
at least technically. Let's not directly access the storage through the path,
but through the fd.
Addresses https://github.com/systemd/systemd/pull/31746#issuecomment-1993556966.
Suggested-by: Mike Yuan <me@yhndnzj.com>
When validating, when we lookup a DNSKEY for validation we will almost
certainly need the corresponding DS to complete the chain of trust.
Let's go ahead and request it right away so that we don't have to wait
in this common case.
When validating insecure delegations we don't actually need to request
the SOA for every single dns label. We need the DS records for the zone,
and we can seek them by querying for DS directly (in case we are at a
zone cut) and then following the SOA referrals or the parent name until
we have found a chain of trust.
Extra transactions and roundtrips, especially transactions for RRs that
aren't actually needed to validate and therefore aren't likely to be in
the recursive resolver's own cache are a big slowdown during validation.
Consequently, this change results in an enourmous speed up in validating
most names from our own cold-cache (10x or more), by eliminating a large
number of superfluous dnssec transactions.
It's not actually a dbus method, just function that all the various dbus
methods end up calling to update the user record. So rename it to
reflect as such
ukify is part of systemd-experimental on OpenSUSE and not its own
package. Because the OpenSUSE systemd maintainers do not want to
introduce a python dependency for systemd-experimental, we have to
install python3-pefile manually to make sure ukify works properly.
Currently, if a unit file is enabled from outside of the search path,
and that unit has an alias, then the symlink ends up pointing outside of
the search path too. For example:
$ cat /tmp/a.service
[Service]
ExecStart=sleep infinity
[Install]
Alias=b.service
WantedBy=multi-user.target
$ systemctl enable /tmp/a.service
Created symlink /etc/systemd/system/a.service → /tmp/a.service.
Created symlink /etc/systemd/system/b.service → /tmp/a.service.
Created symlink /etc/systemd/system/multi-user.target.wants/a.service → /tmp/a.service.
This then means the alias is treated as a separate unit:
$ systemctl start a.service
$ sudo systemctl status a
● a.service
Loaded: loaded (/etc/systemd/system/a.service; enabled; preset: enabled)
Active: active (running) since Fri 2024-03-15 15:17:49 EDT; 9s ago
Main PID: 769593 (sleep)
Tasks: 1 (limit: 18898)
Memory: 220.0K
CPU: 5ms
CGroup: /system.slice/a.service
└─769593 sleep infinity
Mar 15 15:17:49 six systemd[1]: Started a.service.
$ sudo systemctl status b
○ b.service
Loaded: loaded (/etc/systemd/system/b.service; alias)
Active: inactive (dead)
To fix this, make sure the alias uses a target that is inside the search
path. Since the unit file itself is outside of the search path, a
symlink inside the search path will have been created already. Hence,
just point the alias symlink to that recently created symlink.
In some cases when a query completes there are still pending
transactions that are no longer useful to answer the query. But if this
query is repeated in the future and we don't have the answers cached,
we're going to ask and ignore the answer again.
Instead of purging these superfluous transactions, let's wait and see if
they produce an answer, since we already asked the question, and use it
to fill our cache.
