IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Let's not output a title line given that we don't output multiple
different things here anyway, and the "bootctl list" command is about
listing boot entries anyway and it's documented that way.
Having titles for sections if we have mutliple sections of output
definitely makes sense, but if there's only one kind of information we
list it's redundant clutter.
Let's better be safe than sorry, and follow symlinks in ESP + XBOOTLDR
via chase_symlinks() relative to the root of these files systems. This is
not a big issue given that ESP/XBOOTLDR are supposed to be VFAT where
symlinks don't exist, but the specs don't strictly require this, and by
loading efifs drivers in uefi it would be possible to support symlinks,
but we'd rather not have that here.
No real change in behaviour, just stricter rules to make me sleep better
at night.
Currently, the tpm2 support will use encrypted sessions by creating a
primary key that is used to encrypt traffic. This creates a problem as
the key created for encrypting the traffic could be faked by an active
interposer on the bus. In cases when a pin is used, we can introduce the
bind key. The pin is used as the auth value for the seal key, aka the
disk encryption key, and that auth value can be used in the session
establishment. An attacker would need the pin value to create the secure
session and thus an active interposer without the pin could not
interpose on TPM traffic.
Related-to: #22637
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit adds a new Verity= setting to repart definition files
with two possible values: "data" and "hash".
If Verity= is set to "data", repart works as before, and populates
the partition with the content from CopyBlocks= or CopyFiles=.
If Verity= is set to "hash", repart will try to find a matching
data partition with Verity=data and equal values for CopyBlocks=
or CopyFiles=, Format= and MakeDirectories=. If a matching data
partition is found, repart will generate verity hashes for that
data partition in the verity partition. The UUID of the data
partition is set to the first 128 bits of the verity root hash. The
UUID of the hashes partition is set to the final 128 bits of the
verity root hash.
Fixes#24559
Let's return ENOSYS if /proc/ is not mounted (as that's what we usually
return in that case in various helpers that operate on /proc/). Return
EOPNOTSUPP if the kernel simply doesn't support userns.
Currently, dissect_image() is only called through dissect_loop_device(),
and the LoopDevice object has device name. Hence, it is not necessary to
get device name in dissect_image().
Note, currently, for each call of dissect_loop_device_and_warn(), the
specified name is equivalent to the path passed to loop_device_make_by_path().
Hence, this should not change the current behavios.
This arg expects scan codes and it can be very confusing to find a key
conflict when trying to add a F3 button when there are no F3 keycodes
seemingly in use. CHAR_CARRIAGE_RETURN and SCAN_F3 use the same value,
so no changes in behavior.