IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This adds for both the D-Bus and the Varlink flavours of our polkit
client api a flags parameter. And then folds the "bool interactive" flag
that the D-Bus version so far had, into a flag, and also adds support
for it in the Varlink API.
Since this means the Varlink API gained another parameter, let's do what
we already did for the D-Bus API and add a _full() version of the API
that has the flags and the good_uid parameter, and one without both.
Kernel commit cb12fd8e0dabb9a1c8aef55a6a41e2c255fcdf4b added pidfs.
Update filesystems-gperf.gperf and missing_magic.h accordingly.
This fixes the following error building against a bleeding edge kernel.
```
../src/basic/meson.build:234:8: ERROR: Problem encountered: Unknown filesystems defined in kernel headers:
Filesystem found in kernel header but not in filesystems-gperf.gperf: PID_FS_MAGIC
```
After 8a1326581d9b066377f8d9f2d58e1bdfd8b645d0,
we always check whether there're mounts under
/boot/ or /efi/ first. Let's relax the check
for fstab_has_node hence, since on initrd-less
systems it might produce wrong results.
Instead of fixing the commit, we can workaround the adduser issue by
simply creating a user manually beforehand, which means the broken
codepath in autopkgtest is not taken. We can remove it once it's
fixed upstream, which is in progress:
https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/297
In some cases we refuse a query based on the RR type, mostly old
deprecated types. Let's return NOTIMP in this case, which best
communicates why the query failed.
In the current testing scheme in test-extract-word, we only
have two test cases covering unicode strings. Improve upon
this by adding more cases for the same.
Signed-off-by: Chandra Pratap <chandrapratap3519@gmail.com>
Required to make sure that any changes packaging specs make to the
source files are thrown away after the build so they don't mess with
the source tree.
The name resolver.arpa is reserved for RFC9462 "Discovery of Designated
Resolvers" (DDR). This relies on regular dns queries for SVCB records at
the special use domain name _dns.resolver.arpa. Unfortunately, older
nameservers (or broken ones) won't know about this SUDN and will likely
return NXDOMAIN. If this is cached, the cache entry will become an
impediment for any clients trying to discover designated resolvers
through the stub-resolver, or potentially even sd-resolved itself, were
it to implement DDR.
The RFC recommendation is that "clients MUST NOT perform A or AAAA
queries for resolver.arpa", and "resolvers SHOULD respond to queries of
any type other than SVCB for _dns.resolver.arpa. with NODATA and queries
of any type for any domain name under resolver.arpa with NODATA." which
should help avoid potential compatibility issues. This enforces that
condition within sd-resolved, and avoids caching any such erroneous
NXDOMAIN.
The RFC also recommends requests for this domain should never be
forwarded, to prevent authentication failures. Since there isn't much
point in establishing secure communication to the local stub, we still
allow SVCB to be forwarded from the stub, in case the client cares to
implement some other authentication method and understands the
consequences of skipping the local stub. Normal clients are not
expected to implement DDR, but this change will protect sd-resolved's
own caches in case they try.
Although A and AAAA are prohibited, I think validating resolvers
might reasonably query for dnssec records, even though the resolver.arpa
zone does not exist (it is declared to be a locally served zone). For
this reason, I have also added resolver.arpa to the builtin dnssec NTA.
In some cases there is no configured server to answer a given question,
because all scopes refused the query. In this case we currently return
rcode SERVFAIL.
In dns it is customary for authoritative nameservers to return REFUSED
where the question is outside of their authority. This is better than
SERVFAIL because it informs the client that they aren't likely to get an
answer out of us anytime soon, and either the configuration, or the
query, need to change.
Similar logic invites us to use use the rcode REFUSED on the stub if we
aren't configured with any suitable scope for this question.
This brings the handling of config for kernel-install in line with most of
systemd, i.e. we search the set of paths for the main config file, and the full
set of drop-in paths for drop-ins.
This mirrors what 07f5e35fe7967c824a87f18a3a1d3c22e5be70f5 did for udev.conf.
That change worked out fine, so I hope this one will too.
The update in the man page is minimal. I think we should split out a separate
page for the config file later on.
One motivating use case is to allow a drop-in to be created for temporary
config overrides and then removed after the operation is done.
This means the main config file is loaded also from /run and /usr.
We should load the main config file from all the places where we load drop-ins.
I realize I had a giant blind spot: I always assumed that we load config files
from /etc, /run, /usr/local/lib, /usr/lib. But it turns out that we only used
those paths for drop-ins. For the main config file, we only looked in /etc. The
docs actually partially described this behaviour, i.e. most SYNOPSIS sections
and some parts of the text, but not others.
This is strange, because 6495361c7d5e8bf640841d1292ef6cfe1ea244cf was completely
bogus with the behaviour before this patch. We had a huge discussion before it
was merged, and clearly nobody noticed this. Similarly, in the previous version
of the current pull request, we had a long discussion about the appropriate
order of directories, and apparently nobody noticed that there was no order,
because only looked in one directory. So the blind spot seems to have been
shared.
Also, systemd-analyze cat-config behaved incorrectly, i.e. its behaviour matches
the new behaviour.
Possibly, in the future it'll make it easier to add support for --root.
The function was partially implementing chroot lookups. It would be given
file names that were prefixed with the chroot, so it would mostly work.
But if any of those files were symlinks, fopen() would do the wrong thing.
Also we don't need locking.
So give 'root' as the argument and use chase_and_fopen_unlocked() to get
proper chroot-aware lookups.
The only place where config_parse_many() is called with root is is repart.c.
So this is a follow-up for e594a3b154bd06c535a934a1cc7231b1ef76df73 and
34f2fd5096cdb26ef57998740b1b876332d968fc.