| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Don't hardcode the event number, so the test works correctly even if
someone wrote to the event log before us. Also, explicitly pick the
sha256 bank when checking digests, as the indexing may vary depending on
current TPM's capabilities.
|
|
|
|
|
|
|
|
|
|
|
|
If user requests hybrid sleep, we should always use 'suspend'
disk mode. If that's not supported, let's correctly report it
so they can choose plain hibernation instead. HybridSleepMode=
serves no purpose in this case and should be removed.
Addresses https://github.com/systemd/systemd/pull/29681#discussion_r1369812785
|
|
If the same section appears consecutively in a given file, subsequent
occurenced are not printed.
[Slice]
Foo=bar
[Slice] # this is not printed
Bar=bar
Requested in
https://github.com/systemd/systemd/pull/29553#pullrequestreview-1677310352.
|
|
|
|
|
|
|
|
This is like --cat-config, but omits the comments and empty lines.
The name is incoungrous with --cat-config, but I don't see a nice way to
call it that wouldn't be annoyingly long.
pager_open() is moved to cat_config() to remove some lines from run().
|
|
|
|
Also, sync state files before read.
Addresses the first issue in #29678.
|
|
When looking at configuration, often a user wants to suppress the comments and
just look at the parts that actually configure something, roughly equivalent to
systemd-analyze cat-config … | rg -v '^(#|;|$)
This switch implements this natively, skipping lines that start with a comment
character or only contain whitespace.
For formats that have section headers, section headers are skipped, if only
followed by stuff that would be skipped. (The last section header is printed
when we're about to print some actual output.)
Note that the caller doesn't know if the format has headers or not. We do format
type detection in pretty-print.c. So the caller only specifies tldr=true|false, and
conf_files_cat() figures out if the format has headers and whether those should
be handled specially.
The comments that show the file name are always printed, even if all of the file
is suppressed.
This is a partial answer to the discussions in
https://github.com/systemd/systemd/pull/28919,
https://github.com/systemd/systemd/pull/29248. If the default config is shown in
config files, the user can conveniently use '--tldr' to show the relevant parts.
|
|
This seems to be the only place where rm_rf_children() is called with a
possibly used fd, which is then passed through to rm_rf_children_impl().
This also fixes #29606.
(Tested on Fedora rawhide with kernel 6.5.6-300.fc39.x86_64.)
|
|
In several Ubuntu CI jobs I noticed timeouts in TEST-69, which are
apparently caused by a very stubborn bash/login process:
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal
[ 2011.698430] systemd[1]: shutdown.target: starting held back, waiting for: veritysetup.target
[ 2011.698473] systemd[1]: sysinit.target: stopping held back, waiting for: user@0.service
[ 2045.884982] systemd[1]: systemd-oomd.service: Got notification message from PID 54 (WATCHDOG=1)
[ 2071.576424] systemd[1]: Received SIGCHLD from PID 65 (bash).
[ 2071.576941] systemd[1]: Child 65 (bash) died (code=killed, status=1/HUP)
[ 2071.577026] systemd[1]: session-13.scope: Child 65 belongs to session-13.scope.
[ 2071.577100] systemd[1]: session-13.scope: cgroup is empty
[ 2071.577249] systemd[1]: session-13.scope: Deactivated successfully.
$ journalctl -o short-monotonic --no-hostname --file artifacts/TEST-69-SHUTDOWN.journal _PID=65
[ 3038.661488] login[65]: ROOT LOGIN on '/dev/pts/0'
Since, in this case, we really care only about the actual shutdown,
let's shorten the service stop/abort timeouts to let systemd SIGKILL all
remaining processes in the 60s `expect` window.
|
|
To get rid of some boilerplate.
|
|
|
|
|
|
On enumeration, (that is, before manager_start() is called), enumerated
links may already have the dirty flag. In that case, saving the state
file in manager_start() should clear the flag.
|
|
|
|
As suggested in
https://github.com/systemd/systemd/pull/29679#discussion_r1368678932.
|
|
This removes a duplicate condition check by adding a common surrounding
if block.
This also change a confusing if check: "(X && Y) && Z" to simply "X && Y && Z"
|
|
No change in behaviour
|
|
Follow-up for 665a3d6d15c09428
|
|
With the previous change, this should only be used when
doing hibernation.
|
|
SuspendState= not to include "disk"
I don't know why these existed in the first place, but as I
justified in the comments, it's simply not sensible to allow
HibernateState= or HybridSleepState= to take values other than
'disk'. So let's just remove those options. Also, SuspendState=
should not contain 'disk'.
|
|
|
|
|
|
Follow up to 159a855b34c35484c28cf4b0178f93bc16447fac
|
|
The macro isn't very useful, we can just use the direct setting to increase
readability.
|
|
We were using "i", "iov", and "iovec" in variuos places. Let's be
consistent.
|
|
This reverts commit 6bbb893b90e2dcb05fb310ba4608f9c9dc587845.
Let's try a different approach where we make sure that all callers only pass in
a fd that is "clean", i.e. at offset 0. The majority of callers of this function
(both direct and indirect) pass a freshly-opened fd, so the rewind call is not
needed.
|
|
|
|
Let's split out the logic that actually generates the word to measure to
PCRs into a new helper file pcrextend-util.[ch].
This we can later reuse to calculate PCR measurement predictions ahead
of time.
|
|
(while exporting, do some minor simplifications)
|
|
tpm2-util.c
|
|
These are not used outside of tpm2-util.[ch], and the way they merge
public/private key pair into one blob is kinda specific to our
implementation, hence better should be hidden away, and not used for new
code anyway.
|
|
data was passed as a null pointer when an address was expected.
As a result, the assert was always tripped.
|
|
Correct the parenthesis placement in 'man/tmpfiles.d.xml' to prevent the
following formatting:
> lock ( shared or exclusive) is
|
|
We'll soon have a function for determining the name of an NV index,
hence let's rename the existing function for the same of a public key to
make clear it's about public keys only.
|
|
modprobe treats "-" and "_" interchangeably, thereby avoiding frequent
errors because some module names contain dashes and others underscores.
Because modprobe@.service unescapes the instance name, an attempt to
start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt",
which is doomed to fail. "modprobe@dm_crypt.service" will work as
expected. Thus unescaping the instance name has surprising side effects.
Use "%i" instead.
|
|
Currently needed by test-dhcp-server unit test, af_packet is not built-in on
openSUSE distributions.
|
|
Follow-up for 5f48198af82e5a6f40adf887291fdd47bcecf64c
|
|
|
|
|
|
only mode
This is convenient when the server supports IPv6 only mode.
Otherwise, we cannot request a new address during the client is waiting an
IPv6 connectivity. Note, the minimal timespan is 5min, and a server may
send a quite large value.
|
|
|
