IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We check for homed stuff in the test itself, but this is way too late,
since we already started a unit that Requires=systemd-homed.service
(testsuite-46.service). For now this doesn't matter, but with #27852
the offending transaction is dropped from the job queue, making the test
fail.
Spotted in #27852 in Ubuntu CI.
Fixes a regression caused by ab3aed4a0349bbaa26f53340770c1b59b463e05d.
I thought the commit does not cause any severe regression. However,
drivers for network interfaces may be loaded later. So, we should wait
if no network interface is found.
Fixes#27822.
local-fs-pre.target is a passive unit, which means that it is supposed to be
pulled in by everything that is ordered before it. We had
Before=local-fs-pre.target, so add Wants= too.
I don't expect this to change anything. Instead, just make things follow the
docs so it's easier to reason about the dependency set.
These library syms should be restricted to use only in tpm2-util.c,
and all other code should use simpler functions exported in tpm2-util.h.
Also move the Esys_Freep() cleanup function into tpm-util.c, and make
tpm2-tss symbols static.
If this module is loaded, sending readiness notifications from the
VM will fail with "no route to host" so let's blacklist the module
to prevent that from happening.
This option allows overriding the architecture that's used for the
architecture specific partition types. This is useful to allow
reusing the same repart configuration to produce the same image for
different architectures.
By default, label_ops is initialized with a NULL pointer which translates
to noop labelling operations. In mac_selinux_init() and the new mac_smack_init(),
we initialize label_ops with a MAC specific LabelOps pointer.
We also introduce mac_init() to initialize any configured MACs and replace all
usages of mac_selinux_init() with mac_init().
All users of loopback_setup() ignore the return values (with the notable
exception of the test cases). Hence let's adjust the log messaging to
always log at LOG_WARNING level at most, and suffix messages with ",
ignoring", to make clear these failures are ignored.
Previously, unprivileged mode for find_esp_and_warn() and
find_xbootldr_and_warn() could be enabled or disabled. With this change
it can also be set to negative in which case the functions will enable
it automatically if found to be executing without privileges.
This just moves te geteuid() check we often do for the param inside of
the functions.
At the same time internally in the functions we also pass around the
VerifyESPFlags field across the various functions instead of booleans.
Both changes are just refactoring. No changes in behaviour.
In b6033b706028a64e9affb79050ced1ad9a4f5b43 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time
In 24039e1207c169b18adf5234ad300ea3ba1b671e support was added to create
/etc/credstore with perm 0700 from meson.build at build time.
This patch makes unifies the two parts:
1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
places (the build system still won't create them in /run/, since
that's pointless since not shipped, and the runtime won't create the
dirs below /usr/lib/, since that's not generically writable anyway).
2. Both at runtime and at build time we'll create the dirs with mode
0700. This is easier for packaging tools to handle since they
generally react pretty negatively on dirs they can't enumerate.
To appease the LTO overlords:
In file included from ../../../../src/basic/macro.h:446,
from ../../../../src/shared/blockdev-util.h:8,
from ../../../../src/shared/creds-util.c:11:
../../../../src/shared/creds-util.c: In function 'get_credential_host_secret':
../../../../src/shared/creds-util.c:379:52: error: '%s' directive argument is null [-Werror=format-overflow=]
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../../src/basic/log.h:214:86: note: in definition of macro 'log_full_errno_zerook'
214 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~
../../../../src/basic/log.h:250:41: note: in expansion of macro 'log_full_errno'
250 | #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__)
| ^~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:33: note: in expansion of macro 'log_debug_errno'
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~~~~~~~~~~~~~~
../../../../src/shared/creds-util.c:379:74: note: format string is defined here
379 | log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
| ^~
cc1: some warnings being treated as errors
../../../../src/core/transaction.c: In function 'transaction_verify_order_one':
../../../../src/core/transaction.c:338:38: error: '%s' directive argument is null [-Werror=format-overflow=]
338 | sprintf(ans + size, "%s%s", unit_log_field, *unit_id);
| ^~
cc1: some warnings being treated as errors
