shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-26 22:50:16 +03:00
Code
79,176 Commits 4 Branches 403 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Luca Boccassi 515ab90e4d
cryptenroll/repart/creds: no longer default to binding against literal PCR 7 (#36200) 
PCR 7 covers the SecureBoot policy, in particular "dbx", i.e. the
denylist of bad actors. That list is pretty much as frequently updated
as firmware these days (as fwupd took over automatic updating). This
means literal PCR 7 policies are problematic: they likely break soon,
and are as brittle as any other literal PCR policies.

hence, pick safer defaults, i.e. exclude PCR 7 from the default mask.
This means the mask is now empty.

Generally, people should really switch to signed PCR policies covering
PCR 11, in combination with systemd-pcrlock for the other PCRs.
2025-01-30 14:57:15 +00:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
test: install stub package for test-ukify unit test
2025-01-28 15:04:28 +00:00
.obs
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
.semaphore
Revert "semaphore: skip some tests"
2024-12-13 23:43:28 +00:00
catalog
Fix tense in SD_MESSAGE_SHUTDOWN_STR
2025-01-30 10:36:38 +01:00
coccinelle
coccinelle: add .gitignore for cache files
2025-01-19 08:27:47 +09:00
docs
docs: fix plural form
2025-01-29 13:13:59 +01:00
factory
man: don't suggest using pam_unix.so's use_authtok switch
2024-01-17 23:59:05 +00:00
hwdb.d
Adds asus T103HAF rotation matrix to 60-sensor.hwdb (#36177)
2025-01-27 13:01:05 +00:00
LICENSES
boot: Add HWID calculation from SMBIOS strings and matching against a built-in list
2024-11-05 22:29:58 +03:00
man
cryptenroll/repart/creds: no longer default to binding against literal PCR 7
2025-01-30 10:32:26 +01:00
mime
creds-util: add a concept of "user-scoped" credentials
2024-01-30 17:07:47 +01:00
mkosi.conf.d
mkosi: add loongarch64 to Debian's list of EFI arches
2025-01-27 22:32:34 +00:00
mkosi.coverage
mkosi: Make sure the /coverage directory exists
2024-12-05 22:03:07 +01:00
mkosi.extra
mkosi: move drop-in config for sanitizers
2024-12-10 09:46:29 +09:00
mkosi.extra.common
mkosi: disable multipathd by default
2025-01-16 00:57:07 +09:00
mkosi.images
mkosi: update debian commit reference
2025-01-24 22:14:41 +09:00
mkosi.repart
mkosi: switch rootfs to ext4
2025-01-22 22:50:52 +00:00
mkosi.sanitizers
mkosi: drop wrapper for unshare
2024-12-14 17:30:01 +09:00
mkosi.uki-profiles
Rework TEST-86-MULTI-PROFILE-UKI
2024-10-21 17:24:14 +02:00
modprobe.d
modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
2024-01-12 23:24:54 +00:00
network
network: request non-NULL SSID when a wlan interface is configured as station
2024-07-31 10:06:04 +09:00
po
po: Translated using Weblate (French)
2025-01-22 23:43:34 +09:00
presets
presets: Don't enable systemd-homed-firstboot.service by default
2024-06-08 11:29:55 +01:00
profile.d
profile.d: don't bail if $SHELL_* variables are unset
2024-12-11 18:33:41 +00:00
rules.d
udev: add input/by-{id,path} symlinks for hidraw devices
2025-01-27 18:57:13 +00:00
shell-completion
nspawn: add support for 'managed' userns mode even when we run privileged
2025-01-23 21:48:02 +01:00
src
cryptenroll/repart/creds: no longer default to binding against literal PCR 7 (#36200)
2025-01-30 14:57:15 +00:00
sysctl.d
sysctl.d: Fix pid_max comment
2023-10-31 13:07:49 +01:00
sysusers.d
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
test
cryptenroll/repart/creds: no longer default to binding against literal PCR 7
2025-01-30 10:32:26 +01:00
tmpfiles.d
Revert "link README.logs from tmpfiles.d/legacy.conf only if available"
2024-11-29 14:18:15 +01:00
tools
tools: add loongarch64 to debug-sd-boot script
2025-01-25 01:25:38 +00:00
units
mntfsd: add api to mount dirs for containers
2025-01-23 21:48:02 +01:00
xorg
xorg/50-systemd-user: add a full license header
2021-10-01 14:45:00 +02:00
.clang-format
Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
2024-03-06 15:24:23 +01:00
.ctags
editors: Prevent ctags from following symlinks
2019-02-15 11:01:20 -08:00
.dir-locals.el
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.editorconfig
editorconfig: add NEWS whitespace configuration
2023-10-26 22:41:03 +01:00
.gitattributes
Mark all base64 files as generated
2023-08-16 12:49:45 +02:00
.gitignore
Add .venv to gitignore
2024-12-20 15:33:32 +00:00
.mailmap
mailmap: fix entries for Tobias Klauser
2024-12-11 13:55:07 +00:00
.packit.yml
packit: Simplify configuration
2025-01-07 15:18:50 +01:00
.pylintrc
Add .pylintrc to globally suppress warnings we don't really care about
2023-08-10 18:13:29 +02:00
.vimrc
vimrc: explicitly set shiftwidth for the C file type
2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py
ycm: add doc string for all the functions in configuration file
2017-11-29 13:21:49 -07:00
LICENSE.GPL2
relicense to LGPLv2.1 (with exceptions)
2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1
licence: remove references to old FSF address
2012-12-17 11:41:31 +01:00
meson_options.txt
udev: set clock group for PTP and RTC devices
2025-01-16 21:12:47 +01:00
meson.build
build: fail the build if we accidentally drop a "const" qualifier on a parameter
2025-01-20 21:44:23 +01:00
meson.version
meson: update version to 258~devel
2024-12-10 19:30:06 +00:00
mkosi.clangd
mkosi.clangd: Fail on command errors
2024-12-20 20:09:36 +01:00
mkosi.clean
mkosi: Add missing SPDX line
2024-09-22 15:23:08 +02:00
mkosi.conf
mkosi: Add VCS_TAG to PassEnvironment=
2025-01-27 11:27:49 +01:00
mkosi.functions
mkosi: Move copying packages to the output directory to the postinst script
2024-10-29 11:28:47 +01:00
mkosi.postinst.chroot
mkosi: Fix authselect systemd-homed feature name
2024-12-21 21:03:03 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
cryptenroll/repart/creds: no longer default to binding against literal PCR 7
2025-01-30 10:32:26 +01:00
README
user-runtime-dir: enforce /tmp/ and /dev/shm/ quota
2025-01-23 22:36:39 +01:00
README.md
OBS: switch to new top-level namespace
2025-01-22 20:34:04 +00:00
ruff.toml
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
TODO
cryptenroll/repart/creds: no longer default to binding against literal PCR 7
2025-01-30 10:32:26 +01:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Description
The systemd System and Service Manager
cinitlinuxservicessystemsystemd
Readme 568 MiB
Languages
C 89.2%
Python 5.3%
Shell 4.1%
Meson 1.2%