summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mkosi: Fix sections for settingsDaan De Meyer2024-10-0913-19/+27
| | | | | Upstream we moved settings around a bit to different sections, let's adapt to those changes in the systemd repo.
* mkosi: Update to latestDaan De Meyer2024-10-092-1/+5
|
* mkosi: Remove particle profileDaan De Meyer2024-10-0911-81/+0
| | | | | We have https://github.com/systemd/particleos for testing the particle stuff so let's drop it from the systemd repo as it's bit rotting.
* efi-loader: Add @ to valid charactersDaan De Meyer2024-10-091-1/+1
| | | | | This is now a valid character with the introduction of multi UKI profiles, so update the function to allow it.
* boot: Introduce file_size and use it when we're working with file_offsetDaan De Meyer2024-10-093-8/+15
| | | | | When we're reading a section from disk, use file_size to use the size on disk instead of the size in memory.
* boot: Rename pe section size to memory_sizeDaan De Meyer2024-10-094-27/+27
| | | | | Let's clearly indicate this is the size in memory and not the size on disk, these two are not guaranteed to be the same.
* ukify: Read .profile from path starting with @Daan De Meyer2024-10-091-0/+2
|
* ukify: Introduce resolve_at_path()Daan De Meyer2024-10-091-6/+13
|
* ukify: Fix off by one errorDaan De Meyer2024-10-091-1/+1
| | | | We weren't measuring the profile section itself.
* Merge pull request #34641 from behrmann/ukifystyleYu Watanabe2024-10-094-456/+598
|\ | | | | Type annotate and format ukify
| * ukify: Factor out sbat into constantsJörg Behrmann2024-10-091-10/+13
| |
| * ci: Check ukify types and formatting.Jörg Behrmann2024-10-091-0/+23
| |
| * ukify: Ensure that find_tool always returns a tool or throws an errorJörg Behrmann2024-10-091-19/+5
| | | | | | | | | | This also makes the error message configurable, so that find_sbsign and find_pesign can be inlined again.
| * ukify: Move summary option handling out of finalize_optionsJörg Behrmann2024-10-091-6/+4
| | | | | | | | This way finalize_options will not call sys.exit by itself.
| * ukify: Type-annotate ukifyJörg Behrmann2024-10-092-79/+138
| |
| * ukify: Make it lint cleanJörg Behrmann2024-10-092-11/+21
| |
| * ukify: Use OSError insteead of IOErrorJörg Behrmann2024-10-091-1/+1
| | | | | | | | The latter was deprecated for the former and is only an alias for it.
| * ukify: Use non-deprecated import for SequenceJörg Behrmann2024-10-091-1/+1
| |
| * ukify: Sort importsJörg Behrmann2024-10-091-4/+4
| |
| * ukify: Import Path directlyJörg Behrmann2024-10-091-41/+41
| |
| * ukify: Format with ruffJörg Behrmann2024-10-092-330/+393
| |
* | Merge pull request #34636 from WilliButz/repart/verity-hash-max-data-sizeYu Watanabe2024-10-092-5/+183
|\ \ | | | | | | repart: support verity hash partitions sized for custom data size
| * | test/repart: add test case for hash size derived from max data sizeWilliButz2024-10-091-0/+77
| | |
| * | repart: derive hash partition size from SizeMaxBytes= of data siblingWilliButz2024-10-091-5/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change makes it possible for repart to create dm-verity hash partitions for a custom amount of protected data. When the property `SizeMaxBytes=` is specified for a dm-verity data partition, the size of the corresponding hash partition is set to accommodate hash data for this maximum size, rather than the actual contents its data sibling. However, the contained hash data continues to be generated from said sibling.
* | | Merge pull request #34691 from poettering/polkit-varlink-field-macroYu Watanabe2024-10-098-18/+22
|\ \ \ | | | | | | | | polkit: introduce common macro for generating polkit allowInteractive…
| * | | update TODOLennart Poettering2024-10-091-3/+0
| | | |
| * | | polkit: introduce common macro for generating polkit allowInteractiveAuth ↵Lennart Poettering2024-10-097-15/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | varlink method call IDL field We define the same field at many places, let's add a macro with it, that also contains a suitable description comment.
* | | | network/sysctl-monitor: change variable type to avoid preverifier denialMatteo Croce2024-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compiler clones the u32 i variable to another register, and fails to calculate the range of possible values, so the verification fails. libbpf: prog 'sysctl_monitor': BPF program load failed: Permission denied libbpf: prog 'sysctl_monitor': -- BEGIN PROG LOAD LOG -- 0: R1=ctx() R10=fp0 ; int sysctl_monitor(struct bpf_sysctl *ctx) { @ sysctl-monitor.bpf.c:65 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx() ; if (bpf_current_task_under_cgroup(&cgroup_map, 0)) @ sysctl-monitor.bpf.c:69 1: (18) r1 = 0xffff892a0fda9c00 ; R1_w=map_ptr(map=cgroup_map,ks=4,vs=4) 3: (b7) r2 = 0 ; R2_w=0 4: (85) call bpf_current_task_under_cgroup#37 ; R0_w=scalar() 5: (55) if r0 != 0x0 goto pc+88 ; R0_w=0 ; if (!ctx->write) @ sysctl-monitor.bpf.c:73 6: (61) r1 = *(u32 *)(r6 +0) ; R1_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) R6_w=ctx() 7: (15) if r1 == 0x0 goto pc+86 ; R1_w=scalar(smin=umin=umin32=1,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) 8: (b7) r1 = 1 ; R1_w=1 ; we.version = 1; @ sysctl-monitor.bpf.c:81 9: (7b) *(u64 *)(r10 -480) = r1 ; R1_w=1 R10=fp0 fp-480_w=1 10: (b7) r8 = 0 ; R8_w=0 ; we.path[0] = 0; @ sysctl-monitor.bpf.c:83 11: (73) *(u8 *)(r10 -440) = r8 ; R8_w=0 R10=fp0 fp-440=???????0 ; we.newvalue[0] = 0; @ sysctl-monitor.bpf.c:86 12: (73) *(u8 *)(r10 -180) = r8 ; R8_w=0 R10=fp0 fp-184=???0???? ; we.current[0] = 0; @ sysctl-monitor.bpf.c:85 13: (73) *(u8 *)(r10 -340) = r8 ; R8_w=0 R10=fp0 fp-344=???0???? ; we.comm[0] = 0; @ sysctl-monitor.bpf.c:84 14: (73) *(u8 *)(r10 -456) = r8 ; R8_w=0 R10=fp0 fp-456=???????0 ; we.pid = bpf_get_current_pid_tgid() >> 32; @ sysctl-monitor.bpf.c:89 15: (85) call bpf_get_current_pid_tgid#14 ; R0=scalar() 16: (77) r0 >>= 32 ; R0_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) 17: (63) *(u32 *)(r10 -472) = r0 ; R0_w=scalar(id=1,smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) R10=fp0 fp-472=????scalar(id=1,smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff)) ; we.cgroup_id = bpf_get_current_cgroup_id(); @ sysctl-monitor.bpf.c:90 18: (85) call bpf_get_current_cgroup_id#80 ; R0_w=s libbpf: prog 'sysctl_monitor': failed to load: -13 libbpf: failed to load object 'sysctl_monitor_bpf' libbpf: failed to load BPF skeleton 'sysctl_monitor_bpf': -13 Unable to load sysctl monitor BPF program, ignoring: Permission denied. Change the type to u64 to fix it.
* | | | namespace: rename drop_unused_mounts() → sort_and_drop_unused_mounts()Lennart Poettering2024-10-091-3/+3
| | | | | | | | | | | | | | | | | | | | The function sorts the listed mounts, and that's kinda key, hence reflect that in the name.
* | | | stub: Add support for .initrd addon filesTobias Fleig2024-10-094-13/+95
| |/ / |/| | | | | | | | | | | | | | | | | Teaches systemd-stub how to load additional initrds from addon files. This is very similar to the support for .ucode sections in addon files, but with different ordering. Initrds from addons have a chance to overwrite files from the base initrd in the UKI.
* | | Merge pull request #34679 from DaanDeMeyer/bus-logDaan De Meyer2024-10-0931-42/+65
|\ \ \ | | | | | | | | Various logging improvements
| * | | core: Log in more scenarios about which process initiated an operationDaan De Meyer2024-10-091-0/+12
| | | | | | | | | | | | | | | | | | | | Exit/Reboot/Poweroff and similar operations are invasive enough that logging about who initiated them is very useful to debug issues.
| * | | core: Bump log level of reexecute request to noticeDaan De Meyer2024-10-091-4/+4
| | | | | | | | | | | | | | | | | | | | A daemon-reload is important enough to deserve logging at notice level.
| * | | bus-util: Log more information when connecting to a bus socket failsDaan De Meyer2024-10-0930-38/+49
| | |/ | |/| | | | | | | | | | Let's log about which bus we're trying to connect to and what transport we're using to do it.
* | | Merge pull request #34656 from yuwata/private-usersLennart Poettering2024-10-096-15/+15
|\ \ \ | | | | | | | | core: drop implicit support of PrivateUsers=off
| * | | core: drop implicit support of PrivateTmp=offYu Watanabe2024-10-095-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | Follow-up for 0e551b04efb911d38b586cca1a6a462c87a2cb1b. Similar to the previous commit, but for PrivateTmp=.
| * | | core: drop implicit support of PrivateUsers=offYu Watanabe2024-10-085-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up for fa693fdc7e17618958c505af4b2f39ecd1c3363e. The documentation says the option takes a boolean or one of the "self" and "identity". But the parser uses private_users_from_string() which also accepts "off". Let's drop the implicit support of "off".
* | | | Merge pull request #34651 from yuwata/polkit-transient-unitLennart Poettering2024-10-095-62/+95
|\ \ \ \ | | | | | | | | | | dbus: pass transient unit name metadata to polkit
| * | | | core/dbus: pass transient unit name metadata to polkitRenjaya Raga Zenta2024-10-081-1/+8
| | | | | | | | | | | | | | | | | | | | Fixes #17224
| * | | | core/dbus: add assertionsYu Watanabe2024-10-081-0/+12
| | | | |
| * | | | core/dbus: introduce bus_verify_manage_units_async_impl()Yu Watanabe2024-10-082-21/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Then, make bus_verify_manage_units_async() and _full() inline. Co-authored-by: Renjaya Raga Zenta <ragazenta@gmail.com>
| * | | | core/dbus: move bus_verify_xyz() to dbus-util.cYu Watanabe2024-10-085-49/+51
| | | | |
* | | | | hwdb: move key 66/65 handling from specific to generic HP laptop coverageLennart Poettering2024-10-091-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This takes the idea from #18595 and implements it based on our current hwdb: the original PR suggested the keys 66/65 are a generic HP thing, and not limited to specific laptops. The current specific laptop entries do not contradict that claim. Hence, let's move them from the specific sections matching some HP laptops to the generic section matching all. This uses the correct key names, which have long been fixed (which used to be a problem our CI was tripped off by). This is not tested, but I think fairly risk-less, and should allow us to get rid of a really old PR. Replaces: #18595
* | | | | Merge pull request #34593 from Werkov/deprecate-aux-scopesLennart Poettering2024-10-093-8/+12
|\ \ \ \ \ | | | | | | | | | | | | core/manager: Deprecate StartAuxiliaryScope() method
| * | | | | core/manager: Deprecate StartAuxiliaryScope() methodMichal Koutný2024-10-083-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The method was added with migration of resources in mind (e.g. process's allocated memory will follow it to the new scope), however, such a resource migration is not in cgroup semantics. The method may thus have the intended users and others could be guided to StartTransientUnit(). Since this API was advertised in a regular release, start the removal with a deprecation message to callers. Eventually, the goal is to remove the method to clean up DBus API and simplify code (removal of cgroup_context_copy()). Part of DBus docs is retained to satisfy build checks.
* | | | | | Merge pull request #34671 from yuwata/memoryLennart Poettering2024-10-094-26/+32
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | tree-wide: several memory accounting cleanups
| * | | | | oomd: separate entries with comma for readabilityYu Watanabe2024-10-081-3/+3
| | | | | |
| * | | | | oomd: update system context when oomctl is invokedYu Watanabe2024-10-081-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise, oomctl shows 0 memory and swap usage when swap monitoring is not enabled. ======= $ oomctl Dry Run: no Swap Used Limit: 90.00% Default Memory Pressure Limit: 60.00% Default Memory Pressure Duration: 20s System Context: Memory: Used: 0B Total: 0B Swap: Used: 0B Total: 0B Swap Monitored CGroups: Memory Pressure Monitored CGroups: ... ======
| * | | | | oomd: drop unused usec_nowYu Watanabe2024-10-081-5/+0
| | | | | |
| * | | | | systemctl: separate memory usage with commaYu Watanabe2024-10-081-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just for readability. Before: $ build/systemctl status -n 0 systemd-networkd.service | grep Memory: Memory: 4.7M (peak: 14.3M swap: 1M swap peak: 1.1M) After: $ build/systemctl status -n 0 systemd-networkd.service | grep Memory: Memory: 4.7M (peak: 14.3M, swap: 1M, swap peak: 1.1M)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 14:11:28 +0100