IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Currently, the tpm2 support will use encrypted sessions by creating a
primary key that is used to encrypt traffic. This creates a problem as
the key created for encrypting the traffic could be faked by an active
interposer on the bus. In cases when a pin is used, we can introduce the
bind key. The pin is used as the auth value for the seal key, aka the
disk encryption key, and that auth value can be used in the session
establishment. An attacker would need the pin value to create the secure
session and thus an active interposer without the pin could not
interpose on TPM traffic.
Related-to: #22637
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit adds a new Verity= setting to repart definition files
with two possible values: "data" and "hash".
If Verity= is set to "data", repart works as before, and populates
the partition with the content from CopyBlocks= or CopyFiles=.
If Verity= is set to "hash", repart will try to find a matching
data partition with Verity=data and equal values for CopyBlocks=
or CopyFiles=, Format= and MakeDirectories=. If a matching data
partition is found, repart will generate verity hashes for that
data partition in the verity partition. The UUID of the data
partition is set to the first 128 bits of the verity root hash. The
UUID of the hashes partition is set to the final 128 bits of the
verity root hash.
Fixes#24559
Let's return ENOSYS if /proc/ is not mounted (as that's what we usually
return in that case in various helpers that operate on /proc/). Return
EOPNOTSUPP if the kernel simply doesn't support userns.
Currently, dissect_image() is only called through dissect_loop_device(),
and the LoopDevice object has device name. Hence, it is not necessary to
get device name in dissect_image().
Note, currently, for each call of dissect_loop_device_and_warn(), the
specified name is equivalent to the path passed to loop_device_make_by_path().
Hence, this should not change the current behavios.
This arg expects scan codes and it can be very confusing to find a key
conflict when trying to add a F3 button when there are no F3 keycodes
seemingly in use. CHAR_CARRIAGE_RETURN and SCAN_F3 use the same value,
so no changes in behavior.
This effectively reverts 9c7f7d86f86322b76fc903ca8a06b87c4be4bd4a.
We dropped kernel crypto API use with
1fc8d0c9dd6a21de81e49cfa01af4a4d9a3ed37d, hence catch up in README.
D-Bus interfaces can have multiple methods with the same name, as long
as they have different arguments (signature). Currently busctl can call
those methods but when introspecting the interface it just displays
"Duplicate method"
This PR fixes the behavior, by also adding the signature to the hash for
the members set.
Before this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
Invalid introspection data: duplicate method 'sendMessage' on interface 'org.asamk.Signal'.
After this patch:
$ busctl introspect org.asamk.Signal /org/asamk/Signal
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
org.asamk.Signal interface - - -
.sendMessage method as x -
.sendMessage method s x -
Calling the methods already works as expected, as the user must specify
the signature explicitely:
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "as" 2 foo bar
busctl --user call org.asamk.Signal /org/asamk/Signal org.asamk.Signal sendMessage "s" foo
$ busctl --xml introspect org.asamk.Signal /org/asamk/Signal
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node name="/org/asamk/Signal">
<interface name="org.asamk.Signal">
<method name="sendMessage" >
<arg type="as" direction="in"/>
<arg type="x" direction="out"/>
</method>
<method name="sendMessage" >
<arg type="s" direction="in"/>
<arg type="x" direction="out"/>
</method>
<interface name="org.freedesktop.DBus.Introspectable">
<method name="Introspect">
<arg type="s" direction="out"/>
</method>
</interface>
<interface name="org.freedesktop.DBus.Peer">
<method name="Ping">
</method>
</interface>
</node>
On certain systems the `install_libnss()` function might end up with an
empty list of libraries to install, which triggers an assertion in
`image_install()`:
```
I: Install libnss
..//test-functions: line 2721: 1: parameter null or not set
make: *** [Makefile:4: setup] Error 1
```
E.g.:
```
# LD_DEBUG=files getent passwd 2>&1 >/dev/null | sed -n '/calling init: .*libnss_/ {s!^.* /!/!; p}'
/lib64/libnss_sss.so.2
/lib64/libnss_systemd.so.2
# dnf -y remove sssd-client systemd-libs
# LD_DEBUG=files getent passwd 2>&1 >/dev/null | sed -n '/calling init: .*libnss_/ {s!^.* /!/!; p}'
<no output>
```
Let's handle this case gracefully.
