1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

388 Commits

Author SHA1 Message Date
Jan Macku
de95bb2a98 ci: remove if: github.event.issue.pull_request from labeler.yml
`github.event.issue.pull_request` is an object, not a boolean.
This is the root cause of why the step that is supposed to remove labels
is always skipped. Having this condition in place is not necessary since
the workflow is run on the `pull_request_target` event.
2023-02-07 16:00:49 +01:00
Jan Macku
d709b92ef1 ci: fix missing quotes in labeler.yml 2023-02-07 15:39:37 +01:00
Zbigniew Jędrzejewski-Szmek
7a17e41dcf test: drop whitespace after shell redirection operators
(The one case that is left unchanged is '< <(subcommand)'.)

This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.

In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
2023-02-06 09:19:04 +01:00
Jan Macku
4dab1eb952 ci: Fix Development Freeze Automation
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks,
it's required to split the `development_freeze` workflow in two.

* First workflow will run on the `pull_request` trigger and save the PR
number in the artifact. This workflow is running with read-only permissions
on `GITHUB_TOKEN`.
* Second workflow will get triggered on `workflow_run`. It will be run
directly in the `systemd/systemd` context and can get permission to be
able to create comments on PR.

GITHUB_TOKEN limitations:

* https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations:

* https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2023-02-03 14:03:39 +00:00
Jan Janssen
2de6cc18f9 ci: Test with secure boot enabled under mkosi
This gives us some nice test coverage for secure boot enrolling and the
stub secure boot workound. The authenticated EFI variables are already
created by mkosi, all we need to do is request secure boot to be used.
2023-02-01 17:16:03 +01:00
dependabot[bot]
15796f28ea build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from f36983f552a197faf9e36361cc68a297e68bee73 to 500f93a36cc3d5bf1d06848a0a8870bf1424625f.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](f36983f552...500f93a36c)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:48:30 +00:00
dependabot[bot]
b8565f93e9 build(deps): bump actions/github-script from 6.3.3 to 6.4.0
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](d556feaca3...98814c53be)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:15:44 +00:00
dependabot[bot]
b0126d1e8e build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 2.0.1 to 2.0.4.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](88209aef58...25a1e41826)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 09:14:38 +00:00
Daan De Meyer
3d4fa9aaa0 mkosi: Disable auditd when running with nspawn in CI
auditd fails to start in CentOS Stream 9 causing CI failures so let's
disable it when running with nspawn in CI.
2023-01-29 17:34:21 +01:00
Daan De Meyer
868c318ba3 mkosi: Add back CentOS Stream 8 to CI
It's still useful to test the EFI handover logic in systemd-boot.
We use a mkosi.prepare script to install a newer python and update
the system to use it.
2023-01-29 17:05:23 +01:00
Daan De Meyer
c8943ce884 mkosi: Update and enable ukify in mkosi builds
We also add the necessary deps for ukify to the mkosi configs.

CentOS Stream 8 is dropped from CI because its python version is too
old (3.6) to be able to run ukify.
2023-01-27 15:05:04 +01:00
Zbigniew Jędrzejewski-Szmek
c26662b241 github/labeller: fix yaml syntax 2023-01-26 10:42:05 +01:00
Zbigniew Jędrzejewski-Szmek
58634a2989 github/labeller: add more match patterns 2023-01-26 10:04:58 +01:00
Daan De Meyer
9d2e4ceee5 ci: Update mkosi action to latest commit
Let's make sure we're testing with the latest changes in mkosi. This
includes both the switch to systemd-repart and ukify, making sure we
get extra testing coverage for those components.

This also drops options from the centos config that have been removed
in the newer mkosi.

For some reason idmapping runs into some issues so we disable it for
now.
2023-01-15 20:44:53 +01:00
Daan De Meyer
da2a4f6a2e ci: Fix PR labeling
Make sure we only add labels to open pull request and remove labels
from closed pull requests.
2023-01-12 11:42:16 +01:00
Zbigniew Jędrzejewski-Szmek
8112c91e48 github: use 'meson setup'
Meson started warning when 'setup' is not used:
WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated.

Also add more quoting in output to make the message clearer.
2023-01-11 16:46:24 +01:00
Daan De Meyer
81315baa68 ci: Remove a bunch of labels when a PR is merged 2023-01-10 14:52:53 +01:00
Jan Janssen
3f92dc2fd4 boot: Simplify object erasure
This erase_obj() machinery looks like voodoo and creates an awful lot of
noise as soon as we get back to building with -O0. We can do this in a
more simple way by introducing a struct that holds the information we
need on cleanup. When building with optimization enabled, all this gets
inlined and the eraser vanishes.
2023-01-09 18:58:54 +01:00
dependabot[bot]
9826037476 build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser) from 2.0.4 to 3.0.1.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases)
- [Commits](f80b14f788...c1a559d78b)

---
updated-dependencies:
- dependency-name: stefanbuck/github-issue-parser
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 19:18:30 +00:00
dependabot[bot]
4371496fa9 build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...e38b1902ae)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:49:21 +00:00
dependabot[bot]
df242320e5 build(deps): bump github/super-linter from 4.9.6 to 4.9.7
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.6 to 4.9.7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](01d3218744...bb2d833b08)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:48:30 +00:00
dependabot[bot]
5afe9a300a build(deps): bump actions/checkout from 3.0.2 to 3.2.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...755da8c3cf115ac066823e79a1e1788f8940201b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:52 +00:00
dependabot[bot]
c129b184c9 build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.64.1 to 1.0.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.64.1...1.0.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:20 +00:00
Zbigniew Jędrzejewski-Szmek
616b8101b7 github: update version in bug templates 2022-12-20 15:12:41 +01:00
Frantisek Sumsal
a32831ae1d mkosi: work around a file conflict between systemd and systemd-boot 2022-12-15 16:04:28 +01:00
Daan De Meyer
52c602d4c6 ci: Labeler improvements
- Mention "/please-review" in the contributing guide
- Remove "needs-rebase" on push
- Don't add "please-review" if a green label is set
- Don't add please-review label to draft PRs
- Add please-review when a PR moves out of draft
2022-12-09 15:37:43 +01:00
Daan De Meyer
8fc78e6845 ci: Add/Drop labels on pull request activity and comment
When a pull request is opened/updated, add "please-review" and
remove a few other labels.

When a comment is made with /please-review on a PR. Add the
"please-review" label to the PR.
2022-12-09 04:50:13 +09:00
Lennart Poettering
a579990277
Merge pull request #25180 from keszybz/ukify
ukify: add helper to create UKIs
2022-12-08 15:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
1f6da5d902 ci: install pefile 2022-12-07 15:53:47 +01:00
dependabot[bot]
054f47defc build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows
Bumps [ninja](https://github.com/ninja-build/ninja) from 1.10.2.4 to 1.11.1.
- [Release notes](https://github.com/ninja-build/ninja/releases)
- [Commits](https://github.com/ninja-build/ninja/commits/v1.11.1)

---
updated-dependencies:
- dependency-name: ninja
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 11:59:45 +00:00
dependabot[bot]
80dd9e2de7 build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.3 to 0.64.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.3...0.64.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:28:47 +00:00
dependabot[bot]
58a1485fa9 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 3.1.1 to 3.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md)
- [Commits](1b1b75e42f...f3cd08fcf1)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:03:09 +00:00
dependabot[bot]
690e7bfe8f build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...83fd05a356d7e2593de66fc9913b3002723633cb)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:02:00 +00:00
dependabot[bot]
073747028b build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](fe9c43b7d7...88209aef58)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:01:10 +00:00
Luca Boccassi
c1fb3319ce GA: do not run codeql on systemd-security
Scanning is not available on private repositories
2022-11-30 10:59:03 +00:00
Luca Boccassi
77e6166679 GA: run development_freeze only on main repository
No point in running this checker on other forks
2022-11-30 10:59:03 +00:00
Luca Boccassi
39a306ba34
Merge pull request #25319 from zx2c4-forks/krngseed
boot: implement kernel EFI RNG seed protocol with proper hashing
2022-11-16 15:07:54 +01:00
Jason A. Donenfeld
0be72218f1 boot: implement kernel EFI RNG seed protocol with proper hashing
Rather than passing seeds up to userspace via EFI variables, pass seeds
directly to the kernel's EFI stub loader, via LINUX_EFI_RANDOM_SEED_TABLE_GUID.
EFI variables can potentially leak and suffer from forward secrecy
issues, and processing these with userspace means that they are
initialized much too late in boot to be useful. In contrast,
LINUX_EFI_RANDOM_SEED_TABLE_GUID uses EFI configuration tables, and so
is hidden from userspace entirely, and is parsed extremely early on by
the kernel, so that every single call to get_random_bytes() by the
kernel is seeded.

In order to do this properly, we use a bit more robust hashing scheme,
and make sure that each input is properly memzeroed out after use. The
scheme is:

    key = HASH(LABEL || sizeof(input1) || input1 || ... || sizeof(inputN) || inputN)
    new_disk_seed = HASH(key || 0)
    seed_for_linux = HASH(key || 1)

The various inputs are:
- LINUX_EFI_RANDOM_SEED_TABLE_GUID from prior bootloaders
- 256 bits of seed from EFI's RNG
- The (immutable) system token, from its EFI variable
- The prior on-disk seed
- The UEFI monotonic counter
- A timestamp

This also adjusts the secure boot semantics, so that the operation is
only aborted if it's not possible to get random bytes from EFI's RNG or
a prior boot stage. With the proper hashing scheme, this should make
boot seeds safe even on secure boot.

There is currently a bug in Linux's EFI stub in which if the EFI stub
manages to generate random bytes on its own using EFI's RNG, it will
ignore what the bootloader passes. That's annoying, but it means that
either way, via systemd-boot or via EFI stub's mechanism, the RNG *does*
get initialized in a good safe way. And this bug is now fixed in the
efi.git tree, and will hopefully be backported to older kernels.

As the kernel recommends, the resultant seeds are 256 bits and are
allocated using pool memory of type EfiACPIReclaimMemory, so that it
gets freed at the right moment in boot.
2022-11-14 15:21:58 +01:00
Zbigniew Jędrzejewski-Szmek
e642816b65 ci: use mkosi executable directly 2022-11-14 11:59:30 +01:00
Zbigniew Jędrzejewski-Szmek
976ceafe1b ci: skip running on docs-only changes
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths

> If you define a path with the ! character, you must also define at least one
> path without the ! character. If you only want to exclude paths, use
> paths-ignore instead.
>
> The order that you define patterns matters:
>     A matching negative pattern (prefixed with !) after a positive match will
>     exclude the path.
>     A matching positive pattern after a negative match will include the path
>     again.

Even if some of the exluded paths *could* impact the build, generally it's a
waste of time to do mkosi builds on them. Let's skip to releave the builders a
bit.
2022-11-11 11:27:35 +01:00
Jan Macku
b6a23ad642 ci(dev-freeze): Use GitHub Action for PR comments
GitHub Action `devel-freezer` helps with development freeze notifications
during the RC phase. It will create comments using predefined messages on
newly created and updated PRs when the RC tag has been released.
Also, it will update comments once a new major version has been released.

Documentation available at: https://github.com/redhat-plumbers-in-action/devel-freezer
2022-11-05 14:10:01 +01:00
Samuel Thibault
ede5a78f50 shutdown: Add Xen kexec support
In the Xen case, it's the hypervisor which manages kexec. We thus
have to ask it whether a kernel is loaded, instead of relying on
/sys/kernel/kexec_loaded.
2022-11-02 20:47:41 +01:00
dependabot[bot]
cd00185881 build(deps): bump github/codeql-action from 2.1.17 to 2.1.29
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.1.17...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 11:20:30 +00:00
dependabot[bot]
65444c9cba build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.2 to 0.63.3.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.2...0.63.3)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 11:19:52 +00:00
dependabot[bot]
a61119e299 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 792cbc60eb2dc4a58d66bb3c212bf92f8d50f6ea to 14. This release includes the previously tagged commit.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](792cbc60eb...c9772ec920)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 10:26:17 +00:00
dependabot[bot]
ed770fc10a build(deps): bump ossf/scorecard-action from 2.0.4 to 2.0.6
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e363bfca00...99c53751e0)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 10:25:31 +00:00
Luca Boccassi
6f96359dfc Disable code freeze banner 2022-10-31 18:57:13 +00:00
Luca Boccassi
035dc08bea gh actions: run a unit test iteration without machine-id 2022-10-25 16:00:26 +01:00
Frantisek Sumsal
b3ea9cf13b ci: run the Scorecards action in PRs only on config update
Also, unify the string quotation a bit and drop one unnecessary
expression syntax (as everything in `if` statements is automatically
evaluated as an expression).
2022-10-20 17:10:50 +02:00
Frantisek Sumsal
3e35a3302c ci: add a missing SPDX line 2022-10-20 17:03:37 +02:00
Joyce
b7a279f9ef
ci: Enable Scorecard Github Action and Badge (#25054)
* chore: enable scorecard action

* chore: add badge to the README file

* chore: enable on config file update

* chore: update scorecard to 2.0.4

* chore: run scorecard on PR at main branch

* chore: add condition to publish_result key

* chore: skip upload to code scanning if PR

* chore: only runs scorecard in the main repo

Resolves: #25042
2022-10-19 09:05:39 +00:00
Daan De Meyer
0aa1d40649 mkosi: Switch to Fedora 37
Official release date is close so let's switch mkosi CI to it already.
2022-10-17 16:02:16 +02:00
Daan De Meyer
71205f972b mkosi: Add Centos Stream 8 back to CI
We can build all of systemd's features again on CentOS Stream 8, so
let's add it back to CI.
2022-10-17 08:45:57 +02:00
Luca Boccassi
da60182759
Merge pull request #24933 from keszybz/erradicate-strerror
Erradicate strerror
2022-10-11 21:47:38 +02:00
Zbigniew Jędrzejewski-Szmek
0cf1a4b3a7 Get rid of strerror_safe() 2022-10-11 16:59:00 +02:00
Luca Boccassi
dcf1bf3b6d mkosi: update to latest commit
Require dto fix Debian testing/unstable builds, as the initrd is
versioned
2022-10-10 13:19:41 +02:00
Luca Boccassi
47819da972 Enable PR template for RC phase 2022-10-07 16:37:36 +02:00
dependabot[bot]
8ef866ace4 build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
Bumps [ninja](https://github.com/ninja-build/ninja) from 1.10.2.3 to 1.10.2.4.
- [Release notes](https://github.com/ninja-build/ninja/releases)
- [Commits](https://github.com/ninja-build/ninja/commits)

---
updated-dependencies:
- dependency-name: ninja
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 14:36:48 +02:00
Frantisek Sumsal
f00fe51b9c ci: pin stefanbuck/github-issue-parser to a tagged release
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.

Replaces: #24886

[0] https://github.com/stefanbuck/github-issue-parser/issues/23
[1] https://github.com/stefanbuck/github-issue-parser/pull/39
2022-10-01 14:35:41 +02:00
dependabot[bot]
e316ab5747 build(deps): bump actions/labeler from 4.0.0 to 4.0.1
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](9fd24f1f9d...e54e5b338f)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:04:34 +02:00
dependabot[bot]
254c049ccb build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 3.0.1 to 3.1.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md)
- [Commits](a14889568f...1b1b75e42f)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:04:15 +02:00
dependabot[bot]
5d4ba4e534 build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.1 to 0.63.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.1...0.63.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:00:45 +02:00
Frantisek Sumsal
9fe61660ba ci: fix a couple of typos 2022-09-14 22:09:19 +02:00
Frantisek Sumsal
5e781e07db ci: enable a couple more possibly useful CodeQL queries 2022-09-14 22:09:19 +02:00
Frantisek Sumsal
d97733908b ci: rename codeql-analysis.yml to codeql.yml
Just to be consistent with other repos under the systemd umbrella.
2022-09-14 19:13:49 +02:00
Frantisek Sumsal
736a1df747 ci: limit scope for the CodeQL scan
Don't run the workflow unnecessarily for non-{cpp,python} related changes.
2022-09-13 21:32:15 +02:00
Frantisek Sumsal
774cf0d8fd ci: drop LGTM stuff and move remaining bits into a new location 2022-09-13 21:32:15 +02:00
Frantisek Sumsal
27d6281158 ci: run CodeQL on push to main/stable branches as well
Since we need results for the base branches as well in order to have
something to compare against.

Follow-up to cbe25d0dcc.
2022-09-13 21:18:44 +02:00
Frantisek Sumsal
cbe25d0dcc ci: run CodeQL on every PR
Since LGTM is no longer enabled for the systemd repo (as it's going to
be discontinued by the EOY), let's run CodeQL on every PR instead to
replace it.
2022-09-14 03:55:16 +09:00
Jan Macku
500ca79f22 issue-templates: Add note about updating labeling policy 2022-09-07 10:51:48 +02:00
Jan Macku
a4965366ec ci(issue-labeler): Update to advanced-issue-labeler@v2
The new version of `advanced-issue-labeler` GitHub Action introduces new
structure of policy that requires adjustments to systemd issue labeling
policy.

Changes introduced in v2.0.0 - https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases/tag/v2.0.0
2022-09-07 10:43:48 +02:00
Jan Macku
3a8352cbf3 ci(issue-labeler): Add missing policy for coredump label 2022-09-06 14:59:00 +00:00
Luca Boccassi
31ed4b9147 mkosi: update to latest commit
Required to fix Debian testing/unstable builds, as resolved is
now in its own package
2022-09-02 19:46:54 +01:00
Yu Watanabe
0a3e413516 github: update differential shellcheck to v3.0.1
v3 supports external sources. Yey!
2022-09-01 17:27:09 +00:00
dependabot[bot]
c19053e657 build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.0 to 0.63.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.0...0.63.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 10:31:30 +00:00
dependabot[bot]
d1cc2654fd build(deps): bump github/super-linter from 4.9.5 to 4.9.6
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.5 to 4.9.6.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](2d64ac1c06...01d3218744)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 09:21:53 +00:00
dependabot[bot]
42907767bd build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](b89eb39b97...d12b782ff9)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 09:08:19 +00:00
Luca Boccassi
df16869660 shellcheck/labeler: disable on systemd-security 2022-09-01 00:53:46 +09:00
Luca Boccassi
255963ec3a mkosi: disable isc-dhcp-server again
It's still failing in Ubuntu:

● isc-dhcp-server.service  loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server

Just disable them via the kernel command line masking.
2022-08-25 23:02:29 +01:00
Luca Boccassi
5e98346220
Merge pull request #24254 from medhefgo/mold
ci: Add mold to build tests
2022-08-23 19:33:47 +01:00
Daan De Meyer
37d35150cb mkosi: Ensure we build all features/components in mkosi
Explicitly enable all features/components in the mkosi build to
ensure they all get built and we get an error if they can't be built.

We also rework the packages sections of all mkosi configs to reduce
duplication and cover all the dependencies necessary to build/use all
systemd features.

Note that for the final image, since systemd is installed by default
in base images, we rely on that to install the base library dependencies
and we only list extra optional dependencies and tools that aren't already
installed by default into the base image.

We also drop the centos stream 8 mkosi build as dependencies on that
distro are too out-of-date to be able to build all systemd features.
Since centos stream 9 has been out for a while, let's focus on that
and leave it to downstream to keep systemd building on centos stream 8.

Finally, there's a few additions to the mkosi scripts to make sure
services don't start by default on boot.
2022-08-23 15:19:26 +02:00
Zbigniew Jędrzejewski-Szmek
00616643de
Merge pull request #24352 from DaanDeMeyer/mkosi-opensuse
mkosi: Update to latest commit
2022-08-23 11:05:02 +02:00
Jan Janssen
4fb6506deb meson: Downgrade efi-ld warning
The warning isn't that serious and mostly there to inform the user that
lld/mold cannot build efi binaries. It is also better to build test with
fatal meson warnings.
2022-08-23 10:26:02 +02:00
Jan Janssen
ed862b95b2 ci: Add mold to build tests 2022-08-23 10:25:30 +02:00
Jan Macku
3d59b0470a ci: Drop actions/setup-node - unused
In `issue_labeler.yml` is no need for node.js runtime (`actions/setup-node`). It was accidentally added by `copy & paste` from another workflow.
2022-08-22 21:21:08 +09:00
Frantisek Sumsal
d7c1024b6b ci: build with clang-15; drop clang-12 2022-08-20 20:12:03 +02:00
Daan De Meyer
0e961391c1 mkosi: Drop workarounds
None of these should be necessary anymore with recent versions of
mkosi.
2022-08-19 16:50:17 +02:00
Daan De Meyer
2dddae253b mkosi: Update to latest commit
Fixes #1128
2022-08-19 16:49:57 +02:00
Jan Macku
3f3c718e79 ci(lint): add shell linter - Differential ShellCheck
It performs differential ShellCheck scans and report results directly in
pull request.

documentation:
https://github.com/redhat-plumbers-in-action/differential-shellcheck
2022-08-16 13:33:57 +00:00
Daan De Meyer
599884bd9a mkosi: Update to latest commit
Introduces a more reliable mirror for Arch which should reduce the
number of mkosi Arch CI failures due to unreliable mirror selection.
2022-08-16 08:59:15 +09:00
Jan Janssen
8ea086c894 Use correct label for boot related issues 2022-08-14 05:35:55 +09:00
Frantisek Sumsal
34a2f39b37 ci: lint the Coverity script
as we now use our own custom script for it.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
176086a2ec ci: simplify the Coverity script a bit
Also, address https://github.com/systemd/systemd/pull/24252#issuecomment-1208747320
by using a pre-defined e-mail address stored in the GH Action secrets.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
578355684d ci: set a timeout for each mkosi stage
Work around #24202 so we don't wait ~6 hours for a stuck QEMU job.
2022-08-05 12:12:13 +00:00
Luca Boccassi
c1178baacd docs: add disabled PR template for code freeze
To be enabled on rc1, and disabled again after the final release.
Gives contributors a clear warning that new features/APIs will be
postponed.
2022-08-04 11:10:28 +02:00
Daan De Meyer
a268e7f402 mkosi: Update to latest
Fixed centos stream 8 builds that were hitting a nonexisting mirror
url
2022-08-02 20:19:21 +01:00
Daan De Meyer
859614439a mkosi: Update to latest commit
With this update, Arch Linux keyring updates will be automatically
pulled in instead of having to update to a new mkosi commit every
time the keyring gets outdated.
2022-08-02 12:58:31 +02:00
dependabot[bot]
bc4b9a7117 build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.62.2 to 0.63.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.62.2...0.63.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 14:06:32 +00:00
dependabot[bot]
c3ebbcf7cb build(deps): bump github/codeql-action from 2.1.15 to 2.1.17
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...0c670bbf04)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 11:17:18 +00:00
dependabot[bot]
cc7f5ac478 build(deps): bump github/super-linter from 4.9.4 to 4.9.5
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](a320804d31...2d64ac1c06)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 11:10:08 +00:00