summaryrefslogtreecommitdiffstats
path: root/docs (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-01-18systemd-analyze: Add --json=, --table and -no-legend tests for plotjoshuazivkovic1-0/+9
2023-01-18systemd-analyze: Add tab complete logic for plotjoshuazivkovic2-3/+19
2023-01-18systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and tablejoshuazivkovic1-3/+28
2023-01-18systemd-analyze: Add table and JSON output implementation to plotJoshua Zivkovic3-52/+154
2023-01-18test-network: reprocess the loopback network interfaceYu Watanabe1-0/+4
Fixes the issue reported at https://github.com/systemd/systemd-centos-ci/pull/585#issuecomment-1385537641.
2023-01-18bootctl: add kernel-inspect commandGerd Hoffmann4-0/+87
Takes a kernel image as argument. Prints details about the kernel. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2023-01-18bootctl: add kernel-identity commandGerd Hoffmann5-0/+132
The command takes a kernel as argument and checks what kind of kernel the image is. Returns one of uki, pe or unknown.
2023-01-18core: add GetUnitByPIDFD method and use it in systemctlLuca Boccassi5-13/+151
A pid can be recycled, but a pidfd is pinned. Add a new method that is safer as it takes a pidfd as input. Return not only the D-Bus object path, but also the unit id and the last recorded invocation id, as they are both useful (especially the id, as converting from a path object to a unit id from a script requires another round-trip via D-Bus). Note that the manager still tracks processes by pid, so theorethically this is not fully error-proof, but on the other hand the method response is synchronous and the manager is single-threaded, so once a call is being processed the unit database will not change anyway. Once the manager switches to use pidfds everywhere, this can be further hardened.
2023-01-18hwdb: Add mic mute key mappings for Dell G16 SeriesKoba Ko1-0/+2
add Dell G16 series to use the mic mute hotkey.
2023-01-18repart: auto-probe sector size when not specifiedLennart Poettering1-3/+17
2023-01-18homework: when creating/resizing GPT partitions, also set sector size explicitlyLennart Poettering6-14/+61
2023-01-18dissect: show sector size in info outputLennart Poettering1-0/+5
2023-01-18loop-util: always tell kernel explicitly about loopback sector sizeLennart Poettering11-16/+102
Let's not leave the sector size unspecified: either set a user supplied value, or auto-detect the right size by probing the disk image accordingly.
2023-01-18dissect-image: add probe_sector_size() helper for detecting sector size of a ↵Lennart Poettering2-0/+84
GPT disk image When we operate with DDIs with sector sizes != 512 we need to configure the loopback device to match it, otherwise the image and the kernel block device will disagree what things are. Let's add a prober that tries to determine the sector size of a GPT DDI. It does this by looking for the GPT partition table header at the various byte offsets they must be located on, given a specific sector size. It will try sector size 512, 1024, 2048 and 4096. Of these only the 512 and 4096 really make sense IRL I guess, but let's be thorough.
2023-01-18loop-util: insist on setting the sector size correctlyLennart Poettering1-1/+19
If we attach a disk image to a loopback device the sector size of the image must match the one of the loopback device, hence be more careful here.
2023-01-18blockdev-util: add simple wrapper around BLKSSZGETLennart Poettering3-6/+23
Just adds some typesafety and generates an error if the field is not initialized in the block device yet.
2023-01-18test: bump D-Bus service start timeout if we run without accelFrantisek Sumsal1-0/+12
The default (25s) doesn't seem to be enough in some cases (especially in VMs without acceleration), causing spurious timeouts: [ 174.297658] dbus-daemon[647]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.0' (uid=0 pid=645 comm="hostnamectl " label="kernel") [ 184.202313] systemd[1]: systemd-update-utmp-runlevel.service: Consumed 1.253s CPU time. [ 197.335422] systemd[1]: Started dbus.service. [ 199.211468] testsuite-71.sh[639]: + assert_in 'Static hostname: H' '' [ 199.347192] dbus-daemon[647]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms) [ 199.394879] testsuite-71.sh[657]: + set +ex [ 199.438918] testsuite-71.sh[657]: FAIL: 'Static hostname: H' not found in: [ 200.966006] systemd-logind[631]: Watching system buttons on /dev/input/event0 (Power Button) [ 201.008178] systemd-logind[631]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard) [ 201.034106] systemd-logind[631]: New seat seat0. [ 201.238267] sh[658]: + systemctl poweroff --no-block [ 201.329890] systemd[1]: Starting systemd-hostnamed.service... [ 202.156622] systemd[1]: systemd-update-utmp-runlevel.service: Deactivated successfully. [ 204.818913] hostnamectl[645]: Failed to query system properties: Connection timed out [ 205.195583] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE [ 205.227237] systemd[1]: testsuite-71.service: Failed with result 'exit-code'. [ 205.712780] systemd[1]: Failed to start testsuite-71.service.
2023-01-17coredump: use fstatvfs to check the available spaceDmitry V. Levin1-1/+1
Given that we already have the file descriptor opened for writing, it would make sense to call fstatvfs with that file descriptor rather than statvfs with the directory path that was used to open that descriptor.
2023-01-17doc: document how we expect empty lines to be usedLennart Poettering1-2/+16
2023-01-17repart: Allow configuring sector sizeDaan De Meyer10-41/+97
Let's allow users to configure the (logical) sector size of their image. This is required when building images for a 4k sector size disk on a 512b sector size host or vice-versa.
2023-01-17mkfs-util: Shorten strv operations error handlingDaan De Meyer1-36/+15
2023-01-17boot: Fix missed argument to Print()Jan Janssen1-2/+2
This fixes 3e87a057a796b57bf9540b948823fbefef6693d7, which passed the path to the wrong Print() call. Miraculously, this was printing the correct path during testing and was therefore missed.
2023-01-17units: don't install pcrphase-related units without gnu-efiFrantisek Sumsal1-2/+2
since we don't have systemd-pcrphase built anyway, which breaks the tests: ... I: Attempting to install /usr/lib/systemd/systemd-networkd-wait-online (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-network-generator (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-oomd (based on unit file reference) I: Attempting to install /usr/lib/systemd/systemd-pcrphase (based on unit file reference) W: Failed to install '/usr/lib/systemd/systemd-pcrphase' make: *** [Makefile:4: setup] Error 1 make: Leaving directory '/root/systemd/test/TEST-01-BASIC' Follow-up to 04959faa632272a8fc9cdac3121b2e4af721c1b6.
2023-01-17send dhcpv6 release when stoppingchris12-16/+168
2023-01-17tpm2: replace magic numberDan Streetman1-1/+1
2023-01-17update TODOLennart Poettering1-3/+2
2023-01-17test: add simple integration test for checking PCR extension works as it shouldLennart Poettering2-0/+31
2023-01-17man: document new machine-id/fs measurement optionsLennart Poettering3-6/+64
2023-01-17tpm2: add common helper for checking if we are running on UKI with TPM ↵Lennart Poettering7-39/+80
measurements Let's introduce a common implementation of a function that checks whether we are booted on a kernel with systemd-stub that has TPM PCR measurements enabled. Do our own userspace measurements only if we detect that. PCRs are scarce and most likely there are projects which already make use of them in other ways. Hence, instead of blindly stepping into their territory let's conditionalize things so that people have to explicitly buy into our PCR assignments before we start measuring things into them. Specifically bind everything to an UKI that reported measurements. This was previously already implemented in systemd-pcrphase, but with this change we expand this to all tools that process PCR measurement settings. The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE, to make it more generic (since we'll use it at multiple places now). This is not a compat break, since the original env var for that was not included in any stable release yet.
2023-01-17generators: optionally, measure file systems at bootLennart Poettering8-4/+115
If we use gpt-auto-generator, automatically measure root fs and /var. Otherwise, add x-systemd.measure option to request this.
2023-01-17units: rework growfs units to be just a regular unit that is instantiatedLennart Poettering5-49/+126
The systemd-growfs@.service units are currently written in full for each file system to grow. Which is kinda pointless given that (besides an optional ordering dep) they contain always the same definition. Let's fix that and add a static template for this logic, that the generator simply instantiates (and adds an ordering dep for). This mimics how systemd-fsck@.service is handled. Similar to the wait that for root fs there's a special instance systemd-fsck-root.service we also add a special instance systemd-growfs-root.service for the root fs, since it has slightly different deps. Fixes: #20788 See: #10014
2023-01-17generator: teach generator_add_symlink() to instantiate specified unitLennart Poettering2-13/+45
if we want generators to instantiate a template service, we need to teach generator_add_symlink() the concept. Just some preparation for a later commit. While we are at it, modernize the function around path_extract_filename() + path_extract_directory()
2023-01-17units: measure /etc/machine-id into PCR 15 during early bootLennart Poettering2-0/+25
We want PCR 15 to be useful for binding per-system policy to. Let's measure the machine ID into it, to ensure that every OS we can distinguish will get a different PCR (even if the root disk encryption key is already measured into it).
2023-01-17pcrphase: make tool more generic, reuse for measuring machine id/fs uuidsLennart Poettering2-24/+187
See: #24503
2023-01-17gpt-auto-generator: automatically measure root/var volume keys into PCR 15Lennart Poettering2-5/+39
let's enable PCR 15 measurements automatically if gpt-auto discovery is used and systemd-stub is also used.
2023-01-17man: document the new crypttab measurement optionsLennart Poettering2-0/+27
2023-01-17cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab optionsLennart Poettering3-15/+217
These options allow measuring the volume key used for unlocking the volume to a TPM2 PCR. This is ideally used for the volume key of the root file system and can then be used to bind other resources to the root file system volume in a secure way. See: #24503
2023-01-17tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process ↵Lennart Poettering3-6/+23
sensitive data When measuring data into a PCR we are supposed to hash the data on the CPU and then pass the hash value over the wire to the TPM2. That's all good as long as the data we intend to measure is not sensitive. Let's be extra careful though if we want to measure sensitive data, for example the root file system volume key. Instead of just hashing that and passing it over the wire to the TPM2, let's do a HMAC signature instead. It's also a hash operation, but should protect our secret reasonably well and not leak direct information about it to wiretappers.
2023-01-17tpm2-util: split out code that extends a PCR from pcrphaseLennart Poettering3-39/+72
This way we can reuse it later outside of pcrphase
2023-01-17tpm2-util: split out code that derives "good" TPM2 banks into an strv from ↵Lennart Poettering3-22/+50
pcrphase and generalize it in tpm2-util.c That way we can reuse it later from different places.
2023-01-17test-udev: add a brief test for -= operator for SYMLINKYu Watanabe1-2/+3
2023-01-17udev: support '-=' operator for SYMLINKFranck Bui3-7/+25
For some (corner) cases, it might be desirable to disable the generation of some persistent storage symlinks that 60-persistent-storage.rules creates. For example on big setups with a high number of partitions which uses the same label name, this can result in a noticeable slow-down in the (re)start of the udevd as there are many contenders for the symlink /dev/disk/by-partlabel. However it's currently pretty hard to overwrite just some specific part of the rule file. Indeed one need to copy and modify the whole rule file in /etc but will lost any upcoming updates/fixes that the distro might release in the future. With this simple patch, one can now disable the generation of the "by-partlabel" symlinks (for example) with the following single rule: $ cat /etc/udev/rules.d/99-no-by-partlabel.rules ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK-="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" Closes #24607.
2023-01-16sd-dhcp-client: gracefully handle invalid ether type client IDYu Watanabe1-20/+18
Currently, sd-dhcp-server accepts spurious client IDs, then the leases exposed by networkd may be invalid. Let's make networkctl gracefully show such leases. Fixes #25984.
2023-01-16busctl: simplify peeking the typeLennart Poettering1-20/+10
let's peek the type before we enter the variant, not after, so that we can reuse it as-is, instead having to recombine it later. Follow-up for: #26049
2023-01-16sd-dhcp6: always append the default status message generated from status codeYu Watanabe2-13/+18
Fixes #25988.
2023-01-16network: fix memleakYu Watanabe2-2/+10
Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803. Fixes #25883 and #25891.
2023-01-16boot: Skip soft-brick warning when in a VMJan Janssen1-27/+29
This part of the warning is annoying to look at not really true when running inside of a VM.
2023-01-16boot: Detect hypervisors using SMBIOS infoJan Janssen7-28/+163
This allows skipping secure boot enrollment wait time on other arches.
2023-01-16memory-util: add CLEANUP_ERASE_PTR() macro and use itLennart Poettering3-70/+89
2023-01-16tree-wide: use CLEANUP_ERASE() at various placesLennart Poettering5-107/+67
Let's use this new macro wherever it makes sense, as it allows us to shorten or clean-up paths, and makes it less likely to miss a return path.