summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* netlink: fix indentationYu Watanabe2020-12-181-4/+5
|
* netlink: drop unnecessary error handlingYu Watanabe2020-12-181-6/+3
|
* netlink: use whitespace instead of tabYu Watanabe2020-12-181-1/+1
|
* sd-netlink: add several assertionsYu Watanabe2020-12-182-1/+3
|
* sd-netlink: replace *messages[] -> **messagesYu Watanabe2020-12-184-4/+4
|
* meson: add missing headersYu Watanabe2020-12-181-0/+4
|
* network: move variable declarationYu Watanabe2020-12-181-2/+2
|
* tree-wide: fix typoYu Watanabe2020-12-188-15/+18
|
* network: Allow to configure unreachable/blackhole RoutingPolicyRule (#17984)Susant Sahani2020-12-186-13/+106
|
* Merge pull request #17741 from poettering/cryptsetup-fido2Lennart Poettering2020-12-1773-1212/+6562
|\ | | | | cryptsetup: add support for unlocking cryptsetup volumes via FIDO2 + TPM2 + add systemd-cryptenroll tool + more
| * update TODOLennart Poettering2020-12-171-10/+25
| |
| * mkosi: add TPM2 packages to debian/ubuntu/fedora mkosi filesLennart Poettering2020-12-173-2/+17
| | | | | | | | As suggested: https://github.com/systemd/systemd/pull/17741#issuecomment-743479834
| * man: document new featuresLennart Poettering2020-12-1710-94/+603
| |
| * fido2: when listing fido2/hmac-secret devices, actually validate feature setLennart Poettering2020-12-171-4/+45
| |
| * test: add tpm2 and fido2 libs to dlopen testLennart Poettering2020-12-172-1/+11
| |
| * repart: optionally lock encrypted partitions to TPM2Lennart Poettering2020-12-171-20/+141
| | | | | | | | | | This useful for bootstrapping encrypted systems: on first boot let's create a /var/ partition that is locked to the local TPM2.
| * string-table: add private version of lookup macro with boolean fallbackLennart Poettering2020-12-171-0/+1
| |
| * cryptsetup: add support for TPM2 unlocking of volumesLennart Poettering2020-12-174-4/+475
| |
| * cryptenroll: support listing and wiping tokensLennart Poettering2020-12-177-22/+740
| |
| * cryptenroll: add support for TPM2 enrollingLennart Poettering2020-12-178-0/+1279
| |
| * json: add APIs for quickly inserting hex blobs into as JSON stringsLennart Poettering2020-12-172-0/+55
| | | | | | | | | | | | This is similar to the base64 support, but fixed-size hash values are typically preferably presented as series of hex values, hence store them here like that too.
| * sort-util: make cmp_int() generic, so that we can reuse it elsewhereLennart Poettering2020-12-173-4/+6
| |
| * cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 ↵Lennart Poettering2020-12-1710-0/+829
| | | | | | | | security tokens
| * cryptsetup: add fido2 supportLennart Poettering2020-12-174-5/+460
| |
| * fido2: don't use up/uv/rk when device doesn't support itLennart Poettering2020-12-172-74/+137
| | | | | | | | | | | | | | Apparently devices are supposed to generate failures if we try to turn off features they don't have. Thus don't. Prompted-by: https://github.com/systemd/systemd/issues/17784#issuecomment-737730395
| * homed: split out HMAC-HASH fido2 decode code into src/shared/Lennart Poettering2020-12-173-180/+265
| | | | | | | | | | That way we can use it later on in systemd-cryptsetup to unlock devices with FIDO2 tokens.
| * homed: move fido2 setup code to src/shared/Lennart Poettering2020-12-173-245/+331
| | | | | | | | That way we can reuse it from systemd-cryptenroll
| * homed: move fido2 device enumeration logic to shared codeLennart Poettering2020-12-175-141/+143
| |
| * homed: turn libfido2 into a dlopen() type dependencyLennart Poettering2020-12-176-106/+313
| |
| * cryptsetup: split up attach_luks_or_plain_or_bitlk() into smaller functionsLennart Poettering2020-12-171-180/+250
| | | | | | | | Just some refactoring.
| * cryptsetup: read PKCS#11 key and token info from LUKS2 metadataLennart Poettering2020-12-174-13/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Optionally, embedd PKCS#11 token URI and encrypted key in LUKS2 JSON metadata header. That way it becomes very easy to unlock properly set up PKCS#11-enabled LUKS2 volumes, a simple /etc/crypttab line like the following suffices: mytest /dev/disk/by-partuuid/41c1df55-e628-4dbb-8492-bc69d81e172e - pkcs11-uri=auto Such a line declares that unlocking via PKCS#11 shall be attempted, and the token URI and the encrypted key shall be read from the LUKS2 header. An external key file for the encrypted PKCS#11 key is hence no longer necessary, nor is specifying the precise URI to use.
| * cryptsetup: be more careful with erasing key material from memoryLennart Poettering2020-12-171-4/+5
| |
| * cryptsetup: split code that allocates udev security device monitor into its ↵Lennart Poettering2020-12-171-14/+28
| | | | | | | | own function
| * cryptsetup-util: add helper for setting minimal PBKDFLennart Poettering2020-12-172-0/+29
| |
| * cryptsetup-util: add helper call for extracting/parsing token JSONLennart Poettering2020-12-172-0/+110
| |
| * homed: move code to list and resolve "auto" pkcs#11 URL into common codeLennart Poettering2020-12-174-142/+143
| | | | | | | | That way we can reuse it from systemd-cryptenroll.
| * homed: split out code that determines suitable LUKS passphrase size from RSA keyLennart Poettering2020-12-173-18/+41
| | | | | | | | We can use this in cryptenroll later on, hence let's make this generic.
| * homed: move pkcs11 LUKS glue into shared codeLennart Poettering2020-12-173-83/+94
| | | | | | | | That way we can lter reuse it from cryptsetup/cryptenroll too.
| * homed: move helper calls for RSA encryption to shared codeLennart Poettering2020-12-174-40/+48
| |
| * homed: move homectl's recovery key generation/modhex code to src/shared/Lennart Poettering2020-12-179-68/+58
|/ | | | | This allows us to later reuse the code to generate recovery keys for traditional LUKS volumes, too and share the code.
* test: fix fd_is_mount_point() checkLennart Poettering2020-12-173-7/+60
| | | | | | | | | | | | | | | | | | | So the currentl and only fd_is_mount_point() check is actually entirely bogus: it passes "/" as filename argument, but that's not actually a a valid filename, but an absolute path. fd_is_mount_point() is written in a way tha the fd refers to a directory and the specified path is a file directly below it that shall be checked. The test call actually violated that rule, but still expected success. Let's fix this, and check for this explicitly, and refuse it. Let's extend the test and move it to test-mountpoint-util.c where the rest of the tests for related calls are placed. Replaces: #18004 Fixes: #17950
* tree-wide: suggest meson command lines instead of ninja onesLennart Poettering2020-12-175-22/+24
| | | | | | | This only changes documentation. In various places we call "ninja" directly. I figured it would be safer to leave those in place for now, given the meson replacement commands lines appears to be supported in newer meson versions only.
* Merge pull request #18001 from systemd/wip/hadess/unsupported-dmiZbigniew Jędrzejewski-Szmek2020-12-173-4/+12
|\ | | | | meson: Disable dmi_memory_id on arches without DMI
| * meson: Disable dmi_memory_id on arches without DMIBastien Nocera2020-12-163-3/+10
| |
| * meson: Split off udev helper programs arrayBastien Nocera2020-12-161-1/+2
| |
* | terminal-util: use 256 color mode for PID 1 output, tooLennart Poettering2020-12-171-3/+8
| | | | | | | | | | | | Follow-up for: #17702 Alsoe, see earlier review comment: https://github.com/systemd/systemd/pull/17702#pullrequestreview-552329600
* | Merge pull request #17998 from mrc0mmand/qemu-drop-trailing-whitespaceFrantisek Sumsal2020-12-162-2/+2
|\ \ | | | | | | test: drop the trailing whitespace from the QEMU version check
| * | test: s/MUMA/NUMA/Frantisek Sumsal2020-12-161-1/+1
| | |
| * | test: drop the trailing whitespace from the QEMU version checkFrantisek Sumsal2020-12-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I suspect the original version of the regex was written on a system, which prints both the QEMU version and the QEMU package version in the --version output, like Fedora: $ /bin/qemu-system-x86_64 --version QEMU emulator version 4.2.1 (qemu-4.2.1-1.fc32) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers However, Arch Linux prints only the QEMU version: $ /bin/qemu-system-x86_64 --version QEMU emulator version 5.2.0 Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers This causes the awk regex to not match the version string, since there's no whitespace after it, causing the version check to fail (as well as the TEST-36-NUMAPOLICY) as well. Follow-up for 43b49470d1f2808555c07f64cd0a1529b7ddd559.
* | | Merge pull request #17702 from rnhmjoj/masterLennart Poettering2020-12-168-74/+139
|\ \ \ | | | | | | | | Extend $SYSTEMD_COLORS to switch colors mode
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-30 17:24:03 +0100