| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| | |
tpm2-util: convert various things over to struct iovec rather that data ptr + size
|
| | |
| |
| |
| |
| |
| |
| | |
Let's move more code to using struct iovec for passing around binary
chunks of data.
No real changes in behaviour, just refactoring.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids the ({}) that IOVEC_MAKE_STRING() so far used and might
cause a memory corruption if the parameter passed in is itself allocated
via a compount initialized array or so.
Also, this makes sure both IOVEC_MAKE_STRING() and IOVEC_MAKE() accept
'const' parameters without this causing a compiler warning.
|
| | | |
|
| |\ \
| | |
| | | |
json: add macro for automatically defining a dispatcher for an enum
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/ |
|
| |\ \
| | |
| | | |
json: add flag for allowing extension of json objects when dispatching, without otherwise being permissive
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If we want to allow method replies to be extended without this breaking
compat, then we should set this flag. Do so at various method call
replies hence.
Also do it when parsing user/group records, which are expressly
documented to be extensible, as well as the hibernate JSON record.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a subset of JSON_PERMISSIVE focussed on allowing parsing of
varlink replies that get extended, i.e. gain new fields, without
allowing more than that (i.e. without allowing missing fields, or bad
field types or such).
|
| |/ /
| |
| |
| |
| |
| | |
Otherwise, the command 'echo' may not be invoked yet.
Follow-up for 25aa35d465cf4725bc3ebd2a919e7f39ecafb920.
|
| |\ \
| |/
|/| |
cryptenroll: change class in provided PKCS#11 URI if necessary
|
| | |
| |
| |
| |
| |
| |
| |
| | |
cryptenroll accepts only PKCS#11 URIs that match both a certificate and a private key in a token.
This patch allows users to provide a PKCS#11 URI that points to a certificate only, and makes possible to use output of some PKCS#11 tools directly.
Internally the patch changes 'type=cert' in the provided PKCS#11 URI to 'type=private' before storing in a LUKS2 header.
Fixes: #23479
|
| | | |
|
| |\ \
| | |
| | | |
test-network: add more test cases and several cleanups
|
| | | | |
|
| | | |
| | |
| | |
| | | |
To speed up tests.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Follow-up for 995bf013a1959d4fb5aed8b135740490888fc196.
|
| | | |
| | |
| | |
| | | |
Follow-up for 7d93e4af8088fae7b50eb638c6e297fb8371e307.
|
| | | |
| | |
| | |
| | | |
Follow-up for 76511c1bd32a262c76d462919083925c47cbd212.
|
| | | |
| | |
| | |
| | | |
Follow-up for 59afe07c217c73e3c7c19fb06aef2ff7bf609fd2.
|
| | | |
| | |
| | |
| | | |
Follow-up for 84c01612de805d88875d4d91cfcf73cf10f99447.
|
| | | |
| | |
| | |
| | | |
Follow-up for 63566c6b6ffbb747727db4d6f78c28547430d54f.
|
| | | |
| | |
| | |
| | | |
Follow-up for 97c493f2140b207ace89e9e028949ceb254fbfc6.
|
| |\ \ \
| | | |
| | | | |
Assign noDA attribute to TPM2 objects not dependant on a PIN
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All the keys are high-entropy keys that cannot be practically
bruteforced and thus don't require protection from dictionary attacks.
With the exception of PINs, of course, which are low-entropy and user
provided.
Note that a new enrollment is required for unlocking while in DA
lockdown to function. Existing enrollments are subject to DA lockout.
Fixes: #30330
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We already have specifiers that resolve to $XDG_STATE_HOME, and
$XDG_CONFIG_HOME. $XDG_DATA_HOME is in a similar vein.
It allows units belonging to the user service manager to correctly look
into ~/.local/share. I imagine this would be most useful inside of
condition checks (i.e. only run a service on session startup if some
data is not found in ~/.local/share) or in the inotify monitoring of a
.path unit
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up for b732606950f8726c0280080c7d055a714c2888f5 and
6706ce2fd2a13df0ae5e469b72d688eaf643dac4.
If Network.ignore_carrier_loss_set flag is set, then the timeout value
is always used, hence the logic implemented by
b732606950f8726c0280080c7d055a714c2888f5 never worked.
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
logind: rework the special casing we give root's sessions
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Let's add an explicit session class "user-early" for this, so that
change of behaviour on logind is primarily bound to the "class"
property, and not some explicit root checks. This has the benefit that
we can be more fine grained with implying this class: only do so for tty
sessions, not others.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix the path for the generated.pcrlock files for the cmdline and initrd
cases. Without it the tool complains with:
Failed to parse component file /var/lib/pcrlock.d/720-kernel-initrd.pcrlock, ignoring: Is a directory
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
tree-wide: use defines from special.h in some missing places
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
stat-util: Add statx version of timespec_load
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is a new utility function recently added. Let's use it.
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
statx_timestamp is, for all intents and purposes, the same as a struct
timespec. So, we can trivially convert it and call timespec_load on it.
This commit adds helper functions that do just that.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Assorted coverity fixes
|
