| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Now that mkosi supports generating UKI profiles, let's make use of
that to generate the UKI profiles required for the test instead of
doing it within the test itself.
|
|
Otherwise, when the test is executed on a system with signed PCRs,
cryptenroll will automatically pick up the public key from the UKI
which results in a volume that can't be unlocked because the pcrextend
tests appends extra things to pcr 11.
|
|
We can break out of the preceeding for loop in certain scenarios
which would trigger the assert so let's drop it.
|
|
If VirtualSize > SizeOfRawData, measure extra zeros to take into
account the extra zeros also measured by the stub.
|
|
|
|
It was force-pushed again
|
|
to a TTY
Let's provide a mechanism to select the number of screen columns for
rebreaking comments in Varlink IDL connected to a TTY, by honouring the
$COLUMNS env var then too. Previously we'd only honour when connected to
a TTY, but it's also useful otherwise for rebreaking ridiculously long
comments, hence honour it in this case too.
|
|
|
|
Previously, we were using touch(), which usually works fine, because the
path should always refer to an existing directory, in which case it just
updates the timestamp. However, if the dir does not exist yet (which
shouldn't happen), it would be created as regular file, which is just
wrong.
Hence, let's instead create the dir as dir if it is missing, and then
update its timestamp.
|
|
Fixes: #1232 #2217
|
|
This allows selecting which agents to ask about this: system-level
agents, or per-user agents.
Fixes: #1232 #2217
|
|
|
|
|
|
askpw dir
Fixes: #1232 #2217
|
|
|
|
|
|
Seems like we missed some snake_case field names in previous reviews of
systemd-sysupdate
|
|
Same change as https://github.com/systemd/systemd/pull/34583 but for
systemd-measure. Otherwise we end up with PCR policy digest mismatches
as systemd-stub will measure the full virtual size of the kernel image
after it has been loaded while systemd-measure will disregard the extra
size introduced by SizeOfImage.
While ideally the stub would only measure the data that's actually on
disk and not the uninitialized data introduced by VirtualSize > SizeOfRawData,
we want newer systemd-measure to work with older stubs so we have to fix
systemd-measure and can't fix this in the stub.
|
|
A basic test will verify that we provide the right flags.
|
|
Previously a full packet was cached only if the CD bit was set, but this
no longer corresponds to the cases where bypass is enabled.
Update the cache to retain a full packet in the cases where it might
actually be useful.
|
|
This is useful for a validating resolver to indicate to a non-validating
resolver when checking was disabled for the query. This matches the
behavior of the major public resovlers in response to queries with CD bu
tnot DO set.
|
|
Following 13e15dae9f0b, resolved does not forward the AD bit for bypass
queries, but resolved also didn't do it's own validation, making these
replies appear to never be authentic. We should enable validation for
bypass queries.
Let's disable our own validation when processing a +cd query, and also
ensure that it skips the cache so that we don't accidentally fail to
return inauthentic replies from upstream.
Previously, when we had a bypass transaction without cd, a cached,
authenticated, reply with cd could be served, leaving the cd bit
erroneously set in the reply. Only reply with a CD bit if the client
requested it.
Fixes: 13e15dae9f0b (resolved: clear the AD bit for bypass packets)
|
|
This ignore failures when running on kernel-6.12-rcX, which has a
regression in the kernel scheduler that breaks PSI.
From https://github.com/systemd/systemd/issues/32730#issuecomment-2415312260
> There is a known scheduler bug in 6.12 that breaks psi. It leaks
> "running tasks" counts, which matches your symptoms of seeing partial
> pressure only.
>
> Do you see "inconsistent task state" warnings in dmesg | grep psi?
>
> A fix is queued in the scheduler tree, should be sent to Linus shortly:
> https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=c6508124193d42bbc3224571eb75bfa4c1821fbb
Workaround for #32730.
|
|
This introduces a nice UX for listing, inspecting, enabling, and
disabling optional features from the command line.
|
|
This adds APIs to enumerate/inspect/enable/disable optional features.
|
|
|
|
Makes sure we don't regress on #33343 and #33344
|
|
Optional features allow distros to define sets of transfers that can
be enabled or disabled by the system administrator. This is useful for
situations where a distro may want to ship some resources version-locked
to the core OS, but many people have no need for the resource, such as:
development tools/compilers, drivers for specialized hardware, language
packs, etc
We also rename sysupdate.d/*.conf -> sysupdate.d/*.transfer, because
now there are more than one type of definition in sysupdate.d/. For
backwards compat, we still load *.conf files as long as no *.transfer
files are found and the *.conf files don't try to declare themselves
as part of any features
Fixes https://github.com/systemd/systemd/issues/33343
Fixes https://github.com/systemd/systemd/issues/33344
|
|
|
|
Both spellings were used, but the dictionary says that "lightweight"
is the standard spelling.
|
|
|
|
As per spec image builders can create a local /etc/os-release
with per-image IDs, so modify that one instead of the original
one in /usr/lib. For example we do this when we build debian
unstable images in mkosi.
|
|
Fixes: #31799
|
|
Some of the log message stricts used proper uppercasing, others didn't.
Fix that to make it uniform.
|
|
This might have the effect that some DNS server or search domain
disappears, hence rewrite the relevant files.
See: #27543
|
|
'factory' was reset to 8 years ago
|
|
This is by no means complete, but gets us a bit closer.
|
|
Limits should be enforced, but not in a way real setups collide with
them.
There have been multiple reports that current limits are too low, hence
raise them 8x.
Fixes: #24852
|
|
|
|
|
|
Previously, GREEDY_REALLOC_APPEND would compile perfectly fine and cause
subtle memory corruption if the caller messes up the type they're passing
in (i.e. by forgetting to pass-by-reference when appending a Type* to an
array of Type*). Now this will lead to compilation failure
|
|
sysattr is zero
Various archs do not know the "io port" concept, hence check for the
"iomem" configuration, too.
Fixes: #34800
|
|
This addresses #11112 fully. It mostly was addressed by
99620f457ed0886852ba18c9093b59767299121c already, but for fds not
even passed to the fdstore, this adds the missing asynchronous close
codepath.
Fixes: #11112
|
|
|
|
This commit reformats load-fragment-gperf.gperf.in after changes
made for adding the ManagedOOMMemoryPressureDurationSec= property.
|
|
This will allow units (scopes/slices/services) to override the default
systemd-oomd setting DefaultMemoryPressureDurationSec=.
The semantics of ManagedOOMMemoryPressureDurationSec= are:
- If >= 1 second, overrides DefaultMemoryPressureDurationSec= from oomd.conf
- If is empty, uses DefaultMemoryPressureDurationSec= from oomd.conf
- Ignored if ManagedOOMMemoryPressure= is not "kill"
- Disallowed if < 1 second
Note the corresponding dbus property is DefaultMemoryPressureDurationUSec
which is in microseconds. This is consistent with other time-based
dbus properties.
|
|
Parsing DefaultMemoryPressureDurationSec= is currently split between
conf parser, main() and manager_start() methods. This commit centralizes
parsing and bounds checking logic within a single custom conf parser
function.
|
|
Otherwise, journal check in testcase_mount_ratelimit() may fail and we
need to wait 2 minutes.
|
|
Then, use run_testcases().
|
|
|
