summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* network/dhcp-pd: do not remove unreachable route when reconfiguring ↵Yu Watanabe2024-11-114-23/+62
| | | | | | | | | | | | non-upstream interface Unreachable routes are not owned by any interfaces, and its ifindex is zero. Previously, if a non-upstream interface is reconfigured, all routes including unreachable routes configured by the upstream interface are removed. This makes unreachable routes are always handled by the upstream interface, and only removed when the delegated prefixes are changed or lost.
* network: reorder dropping dynamic configurationYu Watanabe2024-11-111-2/+2
| | | | Follow-up for 451c2baf30f50b95d73e648058c7c2348dbf0c31.
* test-network: reconfigure interface cleanly to drop previous DHCP lease and ↵Yu Watanabe2024-11-111-6/+12
| | | | | | | | | | | | | | | | friends Follow-up for 451c2baf30f50b95d73e648058c7c2348dbf0c31. With the commits, reloading .network files does not release previously acquired DHCP lease and friends if possible. On graceful reconfigure triggered by the reload, the interface may acquire a new DHCPv4 lease earlier than DHCPv6 lease. In that case, the check will fail as it is done with the new DHCPv4 lease and old DHCPv6 lease, which does not contain any IPv6 DNS servers or so. So, when switching from no -> yes, we need to wait a new lease with DNS servers or so. To achieve that, we need to clean reconfigure the interface.
* network: reset 'configured' flags even if we keep DHCP lease and friends on ↵Yu Watanabe2024-11-112-1/+9
| | | | | | | | | | | | | | | | | reconfigure Follow-up for 451c2baf30f50b95d73e648058c7c2348dbf0c31. With the commits, reloading .network files does not release previously acquired DHCP lease and friends if possible. If previously a DHCP client was configured as not requesting DNS servers or so, then the previously acquired lease might not contain any DNS servers. In that case, if the new .network file enables UseDNS=, then the interface should enter the configured state after a new lease is acquired. To achieve that, we need to reset the flags. With this change, the workaround applied to the test by the commit 451c2baf30f50b95d73e648058c7c2348dbf0c31 can be dropped.
* network: drop unnecessary size specifierYu Watanabe2024-11-111-1/+1
| | | | It does not save any memory usage but increase code complexity.
* netwrok: call link_drop_unmanaged_config() earlier in link_configure()Yu Watanabe2024-11-111-4/+4
| | | | | | | | | Otherwise, even if a link enters the configuring state at the beginning of link_configure(), link_check_ready() may be called before link_drop_unmanaged_config() is called, and the link may enter the configured state. Fixes #35092.
* Various multi-dt fixes and CHID test (#35056)Yu Watanabe2024-11-109-10/+131
|\ | | | | Part of #34158
| * fundamental: Fix buffer size in get_chidanonymix0072024-11-071-2/+2
| | | | | | | | NUL byte should not be hashed
| * fundamental: Fix iteration count in chid_calculateanonymix0072024-11-071-1/+2
| |
| * fundamental: move string includes from chid-fundamental.c to headeranonymix0072024-11-072-2/+6
| |
| * test: Add chid-fundamental testanonymix0072024-11-073-0/+108
| |
| * fundamental: Add userspace efi_guid_equalanonymix0072024-11-071-0/+7
| |
| * boot: Fix .dtbauto section number for error reportinganonymix0072024-11-071-1/+1
| |
| * boot: Fix overflow check for FDT_PROP in devicetree_get_compatibleanonymix0072024-11-071-1/+2
| |
| * boot: Drop const modifier for smbios_fields and fix smbios_info_doneanonymix0072024-11-071-3/+3
| |
* | login: fix session_kill(..., KILL_LEADER,...) (#35105)12paper2024-11-101-3/+13
| | | | | | | | | | | | `loginctl kill-session --kill-whom=leader <N>` (or the D-Bus equivalent) doesn't work because logind ends up calling `KillUnit(..., "main", ...)` on a scope unit and these don't have a `MainPID` property. Here, I just make it send a signal to the `Leader` directly.
* | ukify: Fix broken assert when building a signed addonValentin David2024-11-091-2/+1
| | | | | | | | | | | | | | An assert always expected a kernel when signature key was present in command line. That prevented building signed addons. Fixes #35041
* | po: Translated using Weblate (German)Weblate Translation Memory2024-11-091-6/+7
| | | | | | | | | | | | | | | | Currently translated at 93.7% (241 of 257 strings) Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/ Translation: systemd/main
* | po: Translated using Weblate (German)Ettore Atalan2024-11-091-15/+12
| | | | | | | | | | | | | | | | Currently translated at 93.7% (241 of 257 strings) Co-authored-by: Ettore Atalan <atalanttore@googlemail.com> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/ Translation: systemd/main
* | meson.build: add a few features to summaryMike Yuan2024-11-091-0/+4
| |
* | sysupdate: Bug fixes for target enumeration (#35052)Luca Boccassi2024-11-092-8/+20
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a couple of bugs with systemd-sysupdated's target enumeration. See commit messages for details. <!-- devel-freezer = {"comment-id":"2460494553","freezing-tag":"v257-rc1"} -->
| * | sysupdated: Permit mount namespacesAdrian Vovk2024-11-061-1/+1
| | | | | | | | | | | | | | | dissect-image tries to use mount namespaces to dissect images without polluting the host mounts. This change allows it to do that.
| * | sysupdated: Make sure targets we skip are skippedAdrian Vovk2024-11-061-7/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We'd log that we're skipping the target, but it would never actually get removed from the manager's list. Thus, we'd advertise targets that don't actually exist to clients. In the original version of the sysupdated PR, this was handled by removing the target from the manager's list in target_free, and using a _cleanup_ attribute to free the target when skipping. However, this changed at some point during review. So, this commit takes the alternative approach
* | | udev: skipping empty udev rules file while collecting the statsLidong Zhong2024-11-091-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | To keep align with the logic used in udev_rules_parse_file(), we also should skip the empty udev rules file while collecting the stats during manager reload. Otherwise all udev rules files will be parsed again whenever reloading udev manager with an empty udev rules file. It's time consuming and the following uevents will fail with timeout.
* | | uid-classification: properly classify *all* container UIDsLennart Poettering2024-11-093-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A bit confusingly CONTAINER_UID_BASE_MAX is just the maximum *base* UID for a container. Thus, with the usual 64K UID assignments, the last actual container UID is CONTAINER_UID_BASE_MAX+0xFFFF. To make this less confusing define CONTAINER_UID_MIN/MAX that add the missing extra space. Also adjust two uses where this was mishandled so far, due to this confusion. With this change the UID ranges we default to should properly match what is documented on https://systemd.io/UIDS-GIDS/.
* | | News and f41 and formatting (#35078)Zbigniew Jędrzejewski-Szmek2024-11-0846-156/+156
|\ \ \
| * | | man: drop whitespace from final <programlisting> linesZbigniew Jędrzejewski-Szmek2024-11-0844-145/+146
| | | | | | | | | | | | | | | | | | | | | | | | In the troff output, this doesn't seem to make any difference. But in the html output, the whitespace is sometimes preserved, creating an additional gap before the following content. Drop it everywhere to avoid this.
| * | | man: update Fedora links to F41Zbigniew Jędrzejewski-Szmek2024-11-072-3/+3
| | | |
| * | | NEWS: add specific versions in key codes entryZbigniew Jędrzejewski-Szmek2024-11-071-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should be easier for folks to consume. Refs: https://lists.x.org/archives/xorg-announce/2024-October/003543.html https://lists.x.org/archives/xorg-announce/2024-October/003544.html
* | | | mount-util: make path_get_mount_info() work arbitrary inodeYu Watanabe2024-11-083-41/+106
| | | | | | | | | | | | | | | | | | | | | | | | Follow-up for d49d95df0a260aaca9a3fdd1e6ce535592a53bca. Replaces 9a032ec55a9820a0424309670fe551c99203e5f1. Fixes #35075.
* | | | test: install integration-test-setup.sh in testdata/Franck Bui2024-11-082-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | integration-test-setup.sh is an auxiliary script that tests rely on at runtime. As such, install the script in testdata/. Follow-up for af153e36ae67c242251951c12d6d6b6ae4783845.
* | | | update TODOLennart Poettering2024-11-081-20/+5
| | | |
* | | | fs-util: add comment about XO_NOCOWLennart Poettering2024-11-081-0/+2
| | | |
* | | | Fix PrivatePIDs=yes integration test for kernels with no /proc/scsiRyan Wilson2024-11-081-5/+16
| | | |
* | | | sd-varlink: allow that method handles call sd_varlink_close()Lennart Poettering2024-11-071-0/+3
| | | | | | | | | | | | | | | | | | | | It's fine if a method handler closes the connection, deal with it gracefully.
* | | | tree-wide: Introduce --certificate-source= option (#35057)Daan De Meyer2024-11-0719-109/+520
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows loading the X.509 certificate from an OpenSSL provider instead of a file system path. This allows loading certficates directly from hardware tokens instead of having to export them to a file on disk first. <!-- devel-freezer = {"comment-id":"2460915782","freezing-tag":"v257-rc1"} -->
| * | | ukify: Introduce --certificate-provider= optionDaan De Meyer2024-11-073-48/+72
| | | | | | | | | | | | | | | | | | | | This translates to --certificate-source=provider:<provider> for signing tools invoked by ukify.
| * | | measure: Add pcrpkey verbDaan De Meyer2024-11-072-0/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This verb writes a public key to stdout extracted from either a public key path, from a certificate (path or provider) or from a private key (path, engine, provider). We'll use this in ukify to get rid of the use of the python cryptography module to convert a private key or certificate to a public key.
| * | | tree-wide: Introduce --certificate-source= optionDaan De Meyer2024-11-0712-61/+336
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows loading the X.509 certificate from an OpenSSL provider instead of a file system path. This allows loading certficates directly from hardware tokens instead of having to export them to a file on disk first.
| * | | openssl-util: Set expected object type to private keysDaan De Meyer2024-11-071-0/+3
| | | | | | | | | | | | | | | | | | | | Configures the store to only try to fetch private keys and nothing else.
| * | | bootctl: Validate private key pathDaan De Meyer2024-11-071-0/+6
| | | |
| * | | mkosi: Add pytest to toolsDaan De Meyer2024-11-074-0/+4
|/ / /
* | | Split and rename src/boot (#35068)Yu Watanabe2024-11-07109-1917/+1932
|\ \ \
| * | | Rename src/boot/efi to just src/bootZbigniew Jędrzejewski-Szmek2024-11-0779-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I very much dislike the approach in which we were mixing Linux and UEFI C code in the same subdirectory. No code was shared between two environments. This layout was created in e7dd673d1e0acfe5420599588c559fd85a3a9e8f, with the justification of "being more consistent with the rest of systemd", but I don't see how it's supposed to be so. Originally, when the C code was just a single bootctl.c file, this wasn't so bad. But over time the userspace code grew quite a bit. With the moves done in previuos commits, the intermediate subdirectory is now empty except for the efi/ subdir, and this additional subdirectory level doesn't have a good justification. The components is called "systemd-boot", not "systemd-efi", and we can remove one level of indentation.
| * | | Move systemd-sbsign to its own source subdirectoryZbigniew Jędrzejewski-Szmek2024-11-074-1/+1
| | | | | | | | | | | | | | | | | | | | It's already two files, and I expect that more will come. It's nicer to give its own subdirectory to maintain consistent structure.
| * | | Move systemd-measure to its own source subdirectoryZbigniew Jędrzejewski-Szmek2024-11-074-10/+15
| | | | | | | | | | | | | | | | | | | | | | | | We have other subdirectories with just a single C file. And I expect that systemd-measure will only grow over time, adding new functionality. It's nicer to give its own subdirectory to maintain consistent structure.
| * | | Move bless-boot components to their own source subdirectoryZbigniew Jędrzejewski-Szmek2024-11-076-33/+38
| | | |
| * | | Move bootctl to its own source subdirectoryZbigniew Jędrzejewski-Szmek2024-11-0721-22/+27
| |/ / | | | | | | | | | | | | It's been split into a bunch of files and deserves its own subdirectory similarly to systemctl.
* | | hwdb: fix broken numpad paren keys on Lenovo Thinkbook 16 G6+ 2024Vursc2024-11-071-0/+5
| | |
* | | po: Translated using Weblate (German)Anselm Schueler2024-11-071-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | Currently translated at 89.8% (231 of 257 strings) Co-authored-by: Anselm Schueler <mail@anselmschueler.com> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/ Translation: systemd/main