| Commit message (Collapse) | Author | Files | Lines |
|---|
|
For confidential computing they want to be able to revoke initrds too, so allow
passing a specific --sbat section when building a UKI too, not just an addon.
Merge it with the stub and kernel sections.
|
|
|
|
|
|
|
|
|
|
|
|
sd_journal_open_directory_fd()
If it is called with the flag, then the provided file descriptor will be
owned by the sd_journal object, and will be closed in sd_journal_close().
|
|
Follow-up for 9173d31dfea5c2b05ff08480972c499cb7aac940.
The systemd-backlight@.service also save/restore state but the data
is in /var/.
|
|
Let's make our units more robust to being added to an initrd:
1. systemd-boot-update only makes sense if sd-boot is available in /usr/
to copy into the ESP. This is generally not the case in initrds, and
even if it was, we shouldn't update the ESP from the initrd, but from
the host instead.
2. The rfkill services save/restore rfkill state, but that information
is only available once /var/ is mounted, which generally happens
after the initrd transition.
3. utmp management is partly in /var/, and legacy anyway, hence don't
bother with it in the initrd.
|
|
|
|
Like fdisk_get_last_lba(), fdisk_partition_get_end() return the last
sector in the partition.
Fixes #28225.
|
|
|
|
Follow-up for 41f34dcf3bc7004aaa9b251480d56bcfe144346d.
|
|
Follow-up for 123c0e24dd3af4c7168ee77dad841cc730b5db60.
Note, the entry was originally added for IdeaPad Flex 5 in
21b589a15504cdbd309a82abb566ef4e36957f92.
Then, a bug introduced by 19db450f3a243fcaf0949beebafc3025f8e3a98e.
But, when it was fixed by 738a195bd59dc2e85c15382d17d391c1781aaa4e,
the glob becomes too stricter, and another variant was added by
123c0e24dd3af4c7168ee77dad841cc730b5db60.
|
|
Follow-up for 4687f001e689fd482f530a8d1d0adc93e01d74ea.
|
|
Follow-up for 9f6e0bd417fa287dd1e7b541bfe0c60f04cc29e4.
Note that sd_journal_open() is a simple wrapper of sd_journal_open_namespace(),
hence we can merge the two branch.
|
|
|
|
Follow-up for 017a7ba4f406adcf69d6b3ec15b9f2d9ed5ad853
Before this commit, when a unit that is restarting propagates stop
to other units, it can also depend on them, which results in
job type conflict and thus failure to pull in the dependencies.
So, let's introduce a new dependency atom UNIT_ATOM_PROPAGATE_STOP_GRACEFUL,
and use it for PropagatesStopTo=. It will enqueue a restart job if
there's already a start job, which meets the ultimate goal and avoids
job type conflict.
Fixes #26839
|
|
|
|
Follow-up for 09d04ad325473e05e23e6ba8382d7de1dd819bda
|
|
|
|
|
|
|
|
|
|
(as well as various other fixes)
|
|
These 5 generators only make sense on the host,not in the initrd, hence
if they end up in the initrd anyway, make them exit quickly.
|
|
|
|
|
|
|
|
|
|
|
|
Fixes: #27260
|
|
This extends the test framework a bit, and allows adding additional
initrds to the qemu invocation, which we use here to place credentials
in the new /run/systemd/@initrd/ credentials dir which are then passed
to the host.
|
|
acquire_encrypted_credential_directory()
Let's unify these very similar functions, and port them to the new
mount_credentials_fs() call.
While we are at it, if we detect that the credentials dir already is a
mount point, remount it writable so that we can actually write to it.
|
|
Let's add two new helpers: mount_credentials_fs() and
credentials_fs_mount_flags(). The former mounts a file system suitable
for storing of unencrypted credentials at runtime (i.e. a ramfs or
tmpfs). The latter determines the right mount flags to use for such a
mount.
Both functions mostly just take code from execute.c, but make two
changes:
1. If the kernel supports it we'll use a tmpfs with the new "noswap"
mount option instead of ramfs. Was added in kernel 6.4, hence is very
recent, but tmpfs is so much less crappy than ramfs, hence worth it.
2. We'll set MS_NOSYMFOLLOW on the mounts if supported. These file
systems should only contain regulra files, hence no need to allow
symlinks.
|
|
Let's make things easier to debug: provide an overview what has been
passed, during boot.
|
|
Let's hook up one more thing with credentials: the machine ID to use
when none is initialized yet.
This requires some reordering of initialization steps in PID 1: we need
to import credentials first, and only then initialize the machine ID.
|
|
Now that we have the infra in place, make PID 1 pick up encrypted
credentials too.
(While we are at it, split this out into its own helper)
|
|
This is just like read_credential() but also looks into the encrypted
credential directory, not just the regular one.
Normally, we decrypt credentials at the moment we pass them to services.
From service PoV all credentials are hence decrypted credentials.
However, when we want to access credentials in a generator this logic
does not apply: here we have the regular and the encrypted credentials
directory. So far we didn't attempt to make use of credentials in
generators hence.
Let's address and add helper that looks into both directories, and talks
to the TPM if necessary to decrypt the credentials.
|
|
credentials to host
|
|
When the credential dir is backed by an fs that supports ACLs we must be
more careful with adjusting the 'x' bit of the directory, as any chmod()
call on the dir will reset the mask entry of the ACL entirely which we
don't want. Hence, do a manual set of ACL changes, that only add/drop
the 'x' bit but otherwise leave the ACL as it is.
This matters if we use tmpfs rather than ramfs to store credentials.
|
|
|
|
|
|
|
|
The NEWS file was simply wrong. Let's also improve the --help text on
this.
Fixes: #28221
|
|
This log message is shown pretty regular at boot in various scenarios
(such as CI builds), and it's not a reason for any concern, it's just the
immediate effect of explicit configuration. Hence let's downgrade from
LOG_NOTICE to LOG_INFO so that it is still usually in the boot output,
but not particularly highlighted, since there's really no reason to.
|
|
|
|
Since 6e8477edd3 TEST-75 started failing with:
[ 571.468298] testsuite-75.sh[46]: + for addr in "${DNS_ADDRESSES[@]}"
[ 571.468298] testsuite-75.sh[46]: + run delv @fd00:dead:beef:cafe::1 -t A mail.signed.test
[ 571.468899] testsuite-75.sh[562]: + tee /tmp/tmp.qKlHPbCCJZ
[ 571.469317] testsuite-75.sh[561]: + delv @fd00:dead:beef:cafe::1 -t A mail.signed.test
[ 571.501381] testsuite-75.sh[562]: ;; network unreachable resolving 'mail.signed.test/A/IN': fd00:dead:beef:cafe::1#53
[ 571.501564] testsuite-75.sh[562]: ;; resolution failed: SERVFAIL
[ 571.515457] testsuite-75.sh[46]: + grep -qF '; fully validated' /tmp/tmp.qKlHPbCCJZ
Let's wait for the dns0 interface to become routable again after
re-enabling IPv6 to, hopefully, mitigate this.
|
|
This could probably be extended to include many more invalid uri
|
|
dhcp6_option_parse_string is intended to clear strings with length 0,
for consistency. The data assert is too strict for this purpose, so we
will allow data || data_len == 0, similar to other dhcp6_option_parse*
helpers.
Fixes: fde788601be8 ("dhcp6-client: parse RFC8910 captive portal dhcp6 option")
|
