1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-26 14:04:03 +03:00

52308 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
d1829af943 creds: fix leak of arg_tpm2_device
IIUC, "auto" is the same as NULL. There is no need to strdup() anything.

Coverity CID#1458113.
2021-07-09 15:29:47 +02:00
Zbigniew Jędrzejewski-Szmek
89fa9a6b7b networkd: add shared parser for mud urls
The same buggy code was triplicated…
2021-07-09 15:13:12 +02:00
Zbigniew Jędrzejewski-Szmek
bc1f27ff55 creds: drop unnecessary initialization
Coverity also thinks a leak happens here, CID #1458112.
This seems wrong, but let's add an assert, maybe that'll help.
2021-07-09 15:13:12 +02:00
Zbigniew Jędrzejewski-Szmek
1421705d9a core: drop unnecessary initialization
cunescape() sets output on success, so initialization is not necessary. There
was no comment, but I think they may have been added because the compiler
wasn't convinced that the return value is non-negative on success. It could
have been confused by the int return type on escape*(), which was changed by
the one of preceeding commits to ssize_t, or by the length calculation, so add
an assert to help the compiler.

For some reason coverity thinks the output can be leaked here (CID #1458111).
I don't see how.
2021-07-09 15:12:18 +02:00
Zbigniew Jędrzejewski-Szmek
2744c7bb01 xdg-autostart: minor refactoring
We can't say free_and_replace(exec_split[n++], quoted), because the the
argument is evaluated multiple times. But I think that this form is
still easier to read.
2021-07-09 15:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
12d729b2ec nspawn: inline one iterator variable declaration 2021-07-09 15:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
e437538f35 tree-wide: make cunescape*() functions return ssize_t
Strictly speaking, we are returning the size of a memory chunk of
arbitrary size, so ssize_t is more appropriate than int.
2021-07-09 15:07:40 +02:00
Zbigniew Jędrzejewski-Szmek
ddedf7ca69 basic/escape: use _cleanup_ in one more place
Also, let's not use 'r' for a char*.
2021-07-09 15:07:13 +02:00
Zbigniew Jędrzejewski-Szmek
fe819f569a shared/format-table: fix invalid free
Coverity CID#1458108.
2021-07-09 13:17:16 +02:00
Yu Watanabe
d0e18bb4b0
Merge pull request #20166 from poettering/fsync-more
various tweaks to existing fsync() helpers, and some new apis
2021-07-09 07:32:01 +09:00
Yu Watanabe
452a07cfd6
Merge pull request #20168 from poettering/signal-util-tweak
generalize SIGINT handling in copy.c
2021-07-09 07:24:43 +09:00
Yu Watanabe
f1ee01e342
Merge pull request #20167 from poettering/format-table-tweaks
format-table: three new features
2021-07-09 07:20:49 +09:00
Lennart Poettering
6a24c995f0 dirent-util: no need to bother with fstatat() for "." and ".." to figure out if these are dirs 2021-07-09 04:18:09 +09:00
Lennart Poettering
bcf8fc267f blockdev-util: add fd-based APIs for getting backing block device for file 2021-07-08 14:49:02 +02:00
Lennart Poettering
1053967781 path-util: make path_compare() accept NULL 2021-07-08 13:56:06 +02:00
Yegor Alexeyev
a520bb6654 logind: allow binding different operation to reboot key long presses 2021-07-08 13:08:20 +02:00
Lennart Poettering
949162552d conf-files: rename return parameters ret_xyz 2021-07-08 13:06:58 +02:00
Lennart Poettering
c860665ef3
Merge pull request #20163 from poettering/repart-root-fix
repart: drop duplicate handling of /sysroot/ prefix
2021-07-08 13:06:41 +02:00
Lennart Poettering
19755bca19
Merge pull request #19995 from poettering/cred-tool
Add support for encrypted credentials
2021-07-08 12:59:59 +02:00
Lennart Poettering
14a4c4edc7 repart: when we can't fit the partitions in, report needed disk size current disk size
This improves error output in repart if we can't fit the defined
partitions into the disk image. With this change we'll now show not only
the disk size we need (as before), but also the current one, as well as
the largest free area on disk.

This should make it a bit easier to debug disk space issues that repart
runs into.
2021-07-08 11:46:35 +02:00
Hugo Osvaldo Barrera
8859b8f77a Mount encrypted swap partitions via gpt-auto
If the auto-discovered swap partition is LUKS encrypted, decrypt it
automatically.

This aligns with the Discoverable Partitions Specification, though I've
also updated it to explicitly mention that LUKS is now supported here.

Since systemd retries any key already in the kernel keyring, if the swap
partition has the same passphrase as the root partition, the user won't
be prompted a second time for a second passphrase.

See https://github.com/systemd/systemd/issues/20019
2021-07-08 11:46:20 +02:00
Lennart Poettering
215b64b2ad copy: port over to pop_pending_signal() 2021-07-08 10:38:09 +02:00
Lennart Poettering
0178ff292b signal-util: add helper pop_pending_signal() 2021-07-08 10:33:38 +02:00
Lennart Poettering
2c177b30e3 format-table: teach table_hide_column_from_display() to accept multiple arguments
In case we want to hide multiple columns in one go, make that easy.
2021-07-08 10:29:43 +02:00
Lennart Poettering
21fbf095b8 format-table: add cell type for outputting 64bit values in hex 2021-07-08 10:29:43 +02:00
Lennart Poettering
bc773fcb35 format-table: add cell type for "mode_t" values 2021-07-08 10:29:43 +02:00
Lennart Poettering
4050625e5b fs-util: teach syncfs_path() handle with empty path argument 2021-07-08 10:22:34 +02:00
Lennart Poettering
32a3041656 fs-util: add fsync_path_and_parent_at() 2021-07-08 10:22:34 +02:00
Lennart Poettering
814a7e0345 fs-util: add API for fsync()ing parent dir of path 2021-07-08 10:22:34 +02:00
Lennart Poettering
427c934fdb fs-util: make sure fsync_directory_of_file() does something useful on O_PATH fds
When handling O_PATH fds it's safe to use the parent of
/proc/self/fd/<fd> for any kind of inode. Hence do so.
2021-07-08 10:22:34 +02:00
Lennart Poettering
e2e13bddcf repart: drop spurious whitespace 2021-07-08 10:10:39 +02:00
Lennart Poettering
6bbae9f8b3 repart: don't prefix /sysroot/ twice
For some reason I first commited
a73b2ad041469bf20e3771725dcf70069451e116 and then
8f47e32a3eefa1a366510b5d752875dd56bd7708. But the latter makes the
former obsolete and causes us to suffix paths twice.

Let's hence revert a73b2ad041469bf20e3771725dcf70069451e116 and stick to
8f47e32a3eefa1a366510b5d752875dd56bd7708 as the latter is the ore
generic solution of the two.
2021-07-08 10:10:39 +02:00
Lennart Poettering
199b097d57 update TODO 2021-07-08 09:32:03 +02:00
Lennart Poettering
8a6a781b58 man: document the new (Load|Set)CredentialEncrypted= settings 2021-07-08 09:31:43 +02:00
Lennart Poettering
c1017f6b7b man: add man page for "systemd-creds" 2021-07-08 09:31:18 +02:00
Lennart Poettering
c69620ef7f test: extend credentials test to cover encrypted credentials 2021-07-08 09:31:14 +02:00
Lennart Poettering
43144be4a1 pid1: add support for encrypted credentials 2021-07-08 09:30:56 +02:00
Lennart Poettering
5945640e2a creds: add a new tool for listing/showing/encrypting/decrypting credentials 2021-07-08 09:30:45 +02:00
Lennart Poettering
21bc0b6fa1 creds-util: add infra for encrypting/decrypting credentials 2021-07-08 09:30:29 +02:00
Lennart Poettering
8f860b4df0 util: move src/basic/creds-util.[ch] → src/shared/
This is preparation for adding encryption support to the credentials
logic, and we thus would like to add more deps. Let's hence move things
from src/basic/ to src/shared, so that we can rely on the OpenSSL
utilities already in src/shared.
2021-07-08 09:30:18 +02:00
Lennart Poettering
82b4ec445b hexdecoct: optionally, line break base64 encoded data 2021-07-08 09:30:03 +02:00
Lennart Poettering
7b0da71d49 fileio: optionally allow interpreting file size as limit 2021-07-08 09:29:53 +02:00
Lennart Poettering
c1631ee124 chattr-util: generalize chattr manipulation for files with secrets from journalctl
This moves the code for setting chattr file attributes appropriate for
"secrets" files from journalctl into generic chattr-util.c code so that
we can use it elsewhere.

Also, let's reuse the "bitwise" logic already implemented in the chattr
code, instead of doing it again.
2021-07-08 09:29:48 +02:00
Lennart Poettering
91358db9dc fs-util: add fd-based flavour of path_is_encrypted() 2021-07-08 09:29:33 +02:00
Lennart Poettering
0bfef8b46f blockdev-util: add fd-based flavour of get_block_device() 2021-07-08 09:29:18 +02:00
Lennart Poettering
011d129cf4 sd-id128: make sure sd_id128_get_machine_app_specific() logic also works without "khash"
So, as it turns out AF_ALG is turned off in a lot of kernels/container
environments, including our CI. Hence, if we link against OpenSSL
anyway, let's just use that client side. It's also faster.

One of those days we should drop the khash code, and ust use OpenSSL,
once the licensing issues are resolved.
2021-07-08 09:28:28 +02:00
Jan Palus
105a4245ff hostnamed: correct variable with errno in fallback_chassis
fixes assertion failure on arm:

systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting.
2021-07-08 09:27:12 +02:00
Luca Boccassi
f6278558da NEWS: finalize for v249 v249 2021-07-07 18:41:29 +01:00
Lennart Poettering
0c4d1e6d96 process-util: explicitly handle processes lacking parents in get_process_ppid()
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").

Replaces: #20153

This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.

This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
2021-07-07 18:41:08 +01:00
Zbigniew Jędrzejewski-Szmek
682047f834
Merge pull request #20145 from bluca/prep
Preparations for v249
2021-07-07 15:28:15 +02:00