IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.
It has been demonstrated that tolerating an unbounded number of dnssec
signature validations is a bad idea. It is easy for a maliciously
crafted DNS reply to contain as many keytag collisions as desired,
causing us to iterate every dnskey and signature combination in vain.
The solution is to impose a maximum number of validations we will
tolerate. While collisions are not hard to craft, I still expect they
are unlikely in the wild so it should be safe to pick fairly small
values.
Here two limits are imposed: one on the maximum number of invalid
signatures encountered per rrset, and another on the total number of
validations performed per transaction.
If -Dtests=false but -Dinstall-tests=true the build will fail, as some tests will
be pulled in the build but not their prerequisites. It doesn't make sense to ask
for tests to be installed if they are disabled.
FAILED: test-acd
cc -o test-acd test-acd.p/src_libsystemd-network_test-acd.c.o -flto -Wl,--as-needed -Wl,--no-undefined -pie -fstack-protector -Wl,-z,relro -specs=/usr/share/debhelper/dh_package_notes/debian-package-notes.specs -g -O2 -ffile-prefix-map=/tmp/s=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -ffat-lto-objects -Wdate-time -D_FORTIFY_SOURCE=2 '-Wl,-rpath,$ORIGIN/src/shared:XXXXXXXXXXXXXXX' -Wl,-rpath-link,/tmp/s/obj-x86_64-linux-gnu/src/shared -Wl,--start-group src/shared/libsystemd-shared-255.so src/libsystemd-network/libsystemd-network.a -Wl,--end-group -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common -Wl,--gc-sections -Wl,--fatal-warnings -Wl,-z,now -Wl,-z,relro -Wl,--warn-common -Wl,--gc-sections
/usr/bin/ld: /tmp/cc0oYwFZ.ltrans0.ltrans.o: in function `main':
./obj-x86_64-linux-gnu/./obj-x86_64-linux-gnu/<artificial>:85:(.text.startup+0x33): undefined reference to `test_setup_logging'
collect2: error: ld returned 1 exit status
An UKI final command line is not just made of the content of .cmdline,
but also from the addons that are inserted in
/boot/efi/EFI/Linux/<UKI_NAME>.efi.extra.d (local addons) and /boot/efi/loader/addons
(global addons).
Therefore bootclt "status" and "list" should also include these addons
when printing the UKI command line.
Support for /boot/efi/EFI/Linux/<UKI_NAME>.efi.extra.d is already present,
so now cover addons present in /boot/efi/loader/addons (global addons).
Example (assume UKI_NAME=devel):
$ bootctl
ukiCmdline: console=tty0 console=ttyS0
globalAddon: loader/addons/global.addon.efi
cmdline: └─quiet
localAddon: devel.efi.extra.d/rpm_addon.addon.efi
cmdline: └─this is a normal addon
finalCmdline: console=tty0 console=ttyS0 quiet this is a normal addon
An UKI final command line is not just made of the content of .cmdline,
but also from the addons that are inserted in
/boot/efi/EFI/Linux/<UKI_NAME>.efi.extra.d (local addons) and
/boot/efi/loader/addons (global addons).
Therefore bootclt "status" and "list" should also include these addons
when printing the UKI command line.
Right now, discover addons present in
/boot/efi/EFI/Linux/<UKI_NAME>.efi.extra.d.
Example output (assume UKI_NAME=devel):
$ bootctl
ukiCmdline: console=tty0 console=ttyS0
localAddon: devel.efi.extra.d/rpm_addon.addon.efi
cmdline: └─this is a normal addon
finalCmdline: console=tty0 console=ttyS0 this is a normal addon
Currently, hashmap_dump_sorted sorts by key and then returns the values
in order sorted by key. This commit adds another helper that does the
same but returns the sorted keys instead
This is useful after a fork but before an exec into a binary that uses
systemd's logging utilities. For example, this should be used in dbus
services that fork off worker processes: currently, the log level set by
the LogControl dbus API will be lost because of the exec, and the worker
process will not have the correct log level set.
This pulls this generally useful helper out of sysusers and into the
util lib, and updates the places throughout the codebase where it makes
sense to use it.
These functions expect secrets to be passed in (some even dereference
the variables), but fail to assert that they're non-null. So this commit
adds some assertions
Follow-up for 0a0c2672db.
Before the commit, if a conflicting address exists or already requested,
then the configuration of newly requested address (especially, prefix
length) is mostly ignored silently.
However, after the commit, even if there exists a conflicting address,
networkd anyway tries to configure the newly requested address, and
enter failed state. Such situation can be triggered, e.g. when the DHCPv6
client is started earlier than NDisc, by WithoutRA=solicit.
Fixes#31263.
This field is like preferredLanguage, but takes a priority list of
languages instead. If an app isn't translated into a user's primary
language, it can fall back to one of the other languages in the list
thus making the app more accessible to the user.
For instance: in my experience, many Ukrainians are fluent in Russian,
often significantly better than English (especially if they are of a
generation that grew up during the USSR). Such a person might set this
new variable to ["uk_UA.UTF-8", "ru_UA.UTF-8"] so that software that
lacks Ukrainian translations will first try Russian translations before
defaulting to English.
Fixes#31290
This further restricts the charset of locales to better reflect what
locales actually look like.
This allows us to safely join locale names using the `:` character, for
instance, which cannot appear in a locale name and is used by the
`$LANGUAGE` env var
The user record should be the source of truth for the user's environment
variables, and the user should be able to override them in much the same
way that they can if they simply append the variable to their ~/.profile
For example, before $LANG would never get set to the user's preferred
language, because the service manager always ensures that $LANG is set
to something (either the localed config, or a compiled-in default). Thus
the user's preferredLanguage setting was always ignored
Adds a util function to sha256 an open fd (moved from dissect). Also
adds functions to check if a string contains a valid sha256 hash, and
parse it into a sha256 array.
ADD_SAFE/SUB_SAFE/MUL_SAFE do addition/subtraction/multiplication
respectively with an overflow check. If an overflow occurs these return
false, otherwise true. Example: (c = a + b) would become ADD_SAFE(&c, a,
b)
INC_SAFE/DEC_SAFE/MUL_ASSIGN_SAFE are like above but they also reassign
the first argument. Example: (a += b) would become INC_SAFE(&a, b)
tilde sorts lower in the version comparison spec:
https://uapi-group.org/specifications/specs/version_format_specification/
➜ systemd git:(strip) systemd-analyze compare-versions 249\~rc1 249
249\~rc1 < 249
➜ systemd git:(strip) systemd-analyze compare-versions 249-rc1 249
249-rc1 > 249
Also update tools/meson-vcs-tag.sh to use carets instead of hyphens
for the git part of the version as carets are allowed to be part of
a version by pacman while hyphens are not and both sort higher than
a version without the git part.
cryptsetup 2.7.0 adds feature to link effective volume key in custom
kernel keyring during device activation. It can be used later to pass
linked volume key to other services.
For example: kdump enabled systems installed on LUKS2 device.
This feature allows it to store volume key linked in a kernel keyring
to the kdump reserved memory and reuse it to reactivate LUKS2 device
in case of kernel crash.
OOMPolicy in scope units is separately supported in
version v253, so I think it cannot be directly used
in the manpage with the version from the service.
fix:#30836
