| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
Usecase:
$ du $(systemd-vpick /srv/myimages.v/foo___.raw)
In order to determine size of newest image in /srv/myimages.v/
|
|
resources
This adds a new concept for handling paths. At appropriate places, if a
path such as /foo/bar/baz.v/ is specified, we'll
automatically enumerate all entries in /foo/bar/baz.v/baz* and then
do a version sort and pick the newest file.
A slightly more complex syntax is available, too:
/foo/bar/baz.v/quux___waldo
if that's used, then we'll look for all files matching
/foo/bar/baz.v/quux*waldo, and split out the middle, and version sort
it, and pick the nwest.
The ___ wildcard indicates both a version string, and if needed an
architecture ID, in case per-arch entries shall be supported.
This is a very simple way to maintain versioned resources in a dir, and
make systemd's components automatically pick the newest. Example:
/srv/myimages.v/foobar_1.32.65_x86-64.raw
/srv/myimages.v/foobar_1.33.45_x86-64.raw
/srv/myimages.v/foobar_1.31.5_x86-64.raw
/srv/myimages.v/foobar_1.31.5_arm64.raw
If now nspawn is invoked like this:
systemd-nspawn --image=/srv/myimages.v/foobar___.raw
Then it will automatically pick
/srv/myimages.v/foobar_1.33.45_x86-64.raw as the version to boot on
x86-64, and /srv/myimages.v/foobar_1.31.5_arm64.raw on arm64.
This commit only adds the basic implementation for picking files from a
dir, but no hook-up anywhere.
|
|
|
|
|
|
|
|
|
|
TPM2_RC_VALUES
If a TPM doesn't do ECC it could either return zero curves when asked
for it, or it could simply fail with TPM2_RC_VALUES because it doesn't
recognize the capability at all.
Handle both cases the same way.
Fixes: #30679
|
|
|
|
Distributions apparently only compile a subset of TPM2 drivers into the
kernel. For those not compiled it but provided as kmod we need a
synchronization point: we must wait before the first TPM2 interaction
until the driver is available and accessible.
This adds a tpm2.target unit as such a synchronization point. It's
ordered after /dev/tpmrm0, and is pulled in by a generator whenever we
detect that the kernel reported a TPM2 to exist but we have no device
for it yet.
This should solve the issue, but might create problems: if there are TPM
devices supported by firmware that we don't have Linux drivers for we'll
hang for a bit. Hence let's add a kernel cmdline switch to disable (or
alternatively force) this logic.
Fixes: #30164
|
|
|
|
When we receive a goodby packet about a host, and we have a cache entry about
the host, we do not immediately remove the cache entry, but update it with TTL 1.
See RFC 6762 section 10.1 and 3755027c2cada70345c96787a9b5569994dd23ed.
If we receive a request soon after the goodby packet, previously the
entry was included in the known answers section of the reply. But such
information should not be appended.
Follow-up for 3755027c2cada70345c96787a9b5569994dd23ed.
|
|
stub
With fixes from Maanya Goenka.
|
|
This does what we do for system extension also for configuration
extension.
This is complicated by the fact that we previously looked for
<uki-binary>.d/*.raw for system extensions. We want to measure sysexts
and confexts to different PCRs (13 vs. 12) hence we must distinguish
them, but *.raw would match both kinds.
This commit solves this via the following mechanism: we'll load confexts
from *.confext.raw and sysexts from *.raw but will then enclude
*.confext.raw from the latter. This preserves compatibility but allows
us to somewhat reasonable distinguish both types of images.
The documentation is updated not going into this detail though, and
instead now claims that sysexts shall be *.sysext.raw and confexts
*.confext.raw even though we actually are more lenient than this. This
is simply to push people towards using the longer, more descriptive
suffixes.
I added an XML comment (<!-- … -->) about this to the docs, so that
whenever somebody notices the difference between code and docs
understands why and leaves it that way.
|
|
Then, move basic functions for the object to sd-dhcp-server-lease.[ch].
No effective funcional changes.
|
|
|
|
This builtin reduces complexity and GCC/Clang have supported these builtins for a long time.
|
|
Closes #30507.
|
|
Closes #30699.
|
|
This effectively reverts 9b88f20aba6a78baf18d89e99ff31d5ee40856b8.
We do not support MPLS routes, only IPv4 or IPv6 routes are supported.
|
|
Currently, link_queue_request_safe(), which is a wrapper of
request_new(), is called with a free function at
- link_request_stacked_netdev() at netdev/netdev.c,
- link_request_address() at networkd-address.c,
- link_request_nexthop() at networkd-nexthop.c,
- link_request_neighbor() at networkd-networkd.c.
For the netdev case, the reference counter of the passed object is increased
only when the function returns 1. So, on failure (with -ENOMEM)
previously we unexpectedly dropped the reference of the NetDev object.
Similarly, for Address and friends, the ownership of the object is moved to the
Request object only when the function returns 1. And on failure, previously
the object was freed twice.
Also, netdev_queue_request(), which is another wrapper of request_new()
potentially leaks memory when the same NetDev object is queued twice.
Fortunately, that should not happen as the function is called only once
per object.
This fixes the above issue, and now the ownership or the reference
counter of the object is changed only when it is succeeded with 1.
|
|
Rewrite the test in bash and make it part of our integration test suite,
so it's actually executed in all our upstream CI environments.
The original test is flaky in environments where daemon-reload might
occur during the test runtime (e.g. when running the test in parallel
with the systemd-networkd test suite). Also, it was run only in CentOS
CI in limited way (i.e. without sanitizers), since it tests the host's
systemd, instead of the just built one.
Resolves: #29943
|
|
We don't expose destructors for these internal structs already.
Let's make the struct itself implementation detail too.
|
|
|
|
Then, this makes it take sd_dhcp_client_id object, and introduce
sd_dhcp_client_id_to_string_from_raw().
|
|
This splits out client ID handling from sd-dhcp-client.c to
sd-dhcp-client-id.[ch]. This will be used later in other places.
|
|
On MIPS32 OABI, st_rdev is unsigned long, not dev_t. Use a temporary
variable to avoid an incompatible pointer.
Bug: https://bugs.gentoo.org/920576
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21278
Fixes: https://github.com/systemd/systemd/issues/30626
|
|
|
|
To make the hash function consistent with the compare function.
|
|
Then, replace address_remove_and_drop() with it.
If an address is requested, and the request is already called,
we may not received its reply and notification from the kernel, and
the corresponding address object may not be remmbered. Even in such
case, we need to remove the address, otherwise the address will come
later after the function called.
|
|
|
|
assigned to
No functional change. Preparation for later commits.
|
|
We already have the getter for the parameter, but forgot to introduce the setter.
|
|
|
|
Otherwise, IPv6 enable/disable setting may be changed after resolved is
started.
|
|
Fixes #30669.
|
|
Follow-up for c01a5c0.
|
|
Turns out Coccinelle can handle compound literals just fine, the parsing
errors were caused by incorrectly parsed macros in code before the
literals, so let's just provide simplified versions for such macros.
The parsing error in `Type *foo[ELEMENTSOF(bar)] = {};` is actually
harmless; it occurs only when creating an array of pointers for a type
that's in an external header and it occurs only on the first parser's
pass, subsequent passes resolve the type correctly.
Also, unset ENABLE_DEBUG_HASHMAP, so Coccinelle doesn't expand the
hashmap debug macros.
As for the remaining FIXMEs, I opened a couple of issues in the
Coccinelle upstream to see if they can be fixed there (or at least
properly analyzed).
|
|
Now that the ConditionSecurity=uki-measured check is tighter we can drop
the explicit TPM2 check again.
This reverts commit aa735b02196cf6f947fd1e4b2ec46b544ec7c3e1.
|
|
a check for TPM2
We simply don't carry any userspace support for TPM1.2 in our tree, and
we shouldn't given it's too weak by today's standards. Hence, if we
check if we are booted in UKI measured boot mode, don't just check if we
are booted in EFI, but also check that we have a TPM2 chip (as opposed
to none or only a TPM1.2 chip).
This is an alternative to #30652 but more comprehensive (and simpler),
since it covers all invocations of efi_measured_uki().
Fixes: #30650
Replaces: #30652
|
|
|
|
The issue[0] behind this workaround has been resolved[1], so we can set it
to a proper boolean field.
[0] https://github.com/systemd/systemd/issues/18671
[1] https://github.com/actions/labeler/pull/480
|
|
Turns out updating the labeler action is a bit annoying[0], so the
breaking change wasn't detected in the version bump PR.
[0] https://github.com/actions/labeler/#notes-regarding-pull_request_target-event
Follow-up to f88c9b0728.
|
|
This makes the folloing:
- Each Directory object now has a reference to sd-journal.
- Hence, directory_free(), which is renamed from remove_directory(), can
be called without sd-journal as an argument.
- Introduces hash ops for Directory, so the finalization becomes
slightly simpler.
- Allocate hashmaps that store Directory objects when necessary.
- Split out add_directory_impl().
No functional changes, just refactoring.
|
|
|
|
Since 138224fc807091d31f19a3b22f066d6044626001, HandleActionData
records the corresponding HandleAction. Let's use it instead of
relying on inhibit_what when mapping to string.
|
|
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.8 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/407ffafae6a767df3e0230c3df91b6443ae8df75...012739e5082ff0c22ca6d6ab32e07c36df03c4a4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
