summaryrefslogtreecommitdiffstats
path: root/docs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* docs: add reminder to run update-man-rules before tagging a releaseLuca Boccassi2024-11-061-10/+11
|
* docs: remove 'v' prefix from meson.versionLuca Boccassi2024-11-061-1/+1
| | | | It is actually v-less
* docs/TPM2_PCR_MEASUREMENTS: drop quotes from around section titlesZbigniew Jędrzejewski-Szmek2024-11-061-18/+18
| | | | | | The section headers used quotes as if the strings were some constants. But AFAICT, those are just normal plain-text titles. Also lowercase them, because this is almost like a table and it's easier to read without capitalization.
* tree-wide: use Device*T*ree spellingZbigniew Jędrzejewski-Szmek2024-11-061-3/+3
| | | | | | | | We used both, in fact "Devicetree" was more common. But we have a general rule that we capitalize all words in names and also we have a DeviceTree= configuration setting, which we cannot change. If we use two different spelllings, this will make it harder for people to use the correct one in config files. So use the "DeviceTree" spelling everywhere.
* ask-password: Add $SYSTEMD_ASK_PASSWORD_KEYRING_TYPEDaan De Meyer2024-11-021-0/+5
| | | | | | | | | Currently ask_password_auto() will always try to store the password into the user keyring. Let's make this configurable so that we can configure ask_password_auto() into the session keyring. This is required when working with user namespaces, as the user keyring is namespaced by user namespaces which makes it impossible to share cached keys across user namespaces by using the user namespace while this is possible with the session keyring.
* ask-password: Drop "default" for SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SECDaan De Meyer2024-11-021-6/+5
| | | | Users can simply unset the environment variable to achieve the same effect.
* user-record: Introduce selfModifiable fieldsAdrian Vovk2024-11-011-1/+12
| | | | | Allows the system administrator to configure what fields the user is allowed to edit about themself, along with hard-coded defaults.
* ask-password: Allow configuring the keyring timeout via an environment variableDaan De Meyer2024-10-301-0/+9
| | | | | | | | | | | | | | | | In mkosi, we want an easy way to set the keyring timeout for every tool we invoke that might use systemd-ask-password to query for a password which is then stored in the kernel keyring. Let's make this possible via a new $SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC environment variable. Using an environment variable means we don't have to modify every separate tool to add a CLI option allowing to specify the timeout. In mkosi specifically, we'll set up a new session keyring for the mkosi process linked to the user keyring so that any pins in the user keyring are used if available, and otherwise we'll query for and store password in mkosi's session keyring with a zero timeout so that they stay in the keyring until the mkosi process exits at which point they're removed from the keyring.
* docs: Update instructions for building distribution packages in HACKING.mdDaan De Meyer2024-10-301-6/+9
| | | | | | | | | When building distribution packages without building an image, the distribution packages will only be located in mkosi.builddir/ now and not in mkosi.output/, so update the documentation to reflect that. Also add installation instructions for distributions other than CentOS/Fedora while we're at it.
* docs: Align some comments in HACKING.mdDaan De Meyer2024-10-301-3/+3
|
* Merge pull request #34245 from bluca/logind_drop_weak_delay_inhibitorZbigniew Jędrzejewski-Szmek2024-10-291-2/+2
|\ | | | | logind: drop new delay-weak inhibitor
| * logind: drop new delay-weak inhibitorLuca Boccassi2024-09-131-2/+2
| | | | | | | | | | | | | | | | It wasn't actually requested, just a misunderstanding, so drop it. Fixes https://github.com/systemd/systemd/issues/34091 Follow-up for 804874d26ac73e0af07c4c5d7165c95372f03f6d
* | docs: Mention that a local build might be required to use mkosiDaan De Meyer2024-10-231-26/+31
| | | | | | | | | | | | Currently we need ukify with support for --profile and --join-profile which isn't in an official release yet so mention that a local build from source might be required.
* | man: update PASSWORD_AGENTS spec, and introduce unpriv pw queriesLennart Poettering2024-10-211-21/+60
| | | | | | | | Fixes: #1232 #2217
* | Merge pull request #34783 from keszybz/man-nspawn-private-usersZbigniew Jędrzejewski-Szmek2024-10-181-1/+1
|\ \ | | | | | | Change systemd-nspawn man page to strongly recommend private users
| * | tree-wise: use "lightweight" spellingZbigniew Jędrzejewski-Szmek2024-10-181-1/+1
| | | | | | | | | | | | | | | Both spellings were used, but the dictionary says that "lightweight" is the standard spelling.
* | | cgroup: Add ManagedOOMMemoryPressureDurationSec= override setting for unitsRyan Wilson2024-10-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow units (scopes/slices/services) to override the default systemd-oomd setting DefaultMemoryPressureDurationSec=. The semantics of ManagedOOMMemoryPressureDurationSec= are: - If >= 1 second, overrides DefaultMemoryPressureDurationSec= from oomd.conf - If is empty, uses DefaultMemoryPressureDurationSec= from oomd.conf - Ignored if ManagedOOMMemoryPressure= is not "kill" - Disallowed if < 1 second Note the corresponding dbus property is DefaultMemoryPressureDurationUSec which is in microseconds. This is consistent with other time-based dbus properties.
* | | doc: fix typoYu Watanabe2024-10-161-1/+1
| | | | | | | | | | | | Follow-up for b3b7cf8b7c35df14c6eb4f79da1a241dc0aa8c7e.
* | | pid1: add env var to override default mount rate limit intervalxujing2024-10-161-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | Similar to 24a4542c. 24a4542c can only be set 1 in 1s at most, sometimes we may need to set to something else(such as 1 in 2s). So it's best to let the user decide. This also allows users to solve #34690.
* | | docs: add a missing : characterGaël PORTAY2024-10-141-1/+1
| | | | | | | | | | | | This adds the missing colon character to the section systemd-sysusers.
* | | man: document preference for secure_getenv() in coding styleLennart Poettering2024-10-141-0/+8
| | |
* | | Merge pull request #34716 from dvdhrm/pr/derandLennart Poettering2024-10-141-6/+9
|\ \ \ | | | | | | | | Clarify nameing-scheme in DESKTOP_ENVIRONMENT documentation
| * | | docs/DESKTOP_ENVIRONMENTS: clarify name aliasesDavid Rheinsberg2024-10-111-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a note to the service-file naming scheme that reminds developers that those names might be aliases. Hence, when parsing such unit names, the entire name-array of a unit must be parsed, rather than just the unit ID. The service-name of existing applications might be already part of their API. Hence, not all applications can switch the service ID to this new naming scheme, but can provide suitable aliases. Document this behavior.
| * | | docs/DESKTOP_ENVIRONMENT: clarify <RANDOM> usageDavid Rheinsberg2024-10-111-5/+5
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The <RANDOM> part is optional in the naming scheme of application units. However, this is only true for service files. Scope units must include the <RANDOM> part, otherwise it would be impossible to parse: The schema would be: `app[-<launcher>]-<ApplicationID>[-<RANDOM>].scope` in which case a two-part name would be impossible to parse, since it is unclear whether the launcher of the random bit where omitted.
* / / timer: introduce DeferReactivation settingArthur Shau2024-10-111-0/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, in instances where timers are running on a realtime schedule, if a service takes longer to run than the interval of a timer, the service will immediately start again when the previous invocation finishes. This is caused by the fact that the next elapse is calculated based on the last trigger time, which, combined with the fact that the interval is shorter than the runtime of the service, causes that elapse to be in the past, which in turn means the timer will trigger as soon as the service finishes running. This behavior can be changed by enabling the new DeferReactivation setting, which will cause the next calendar elapse to be calculated based on when the trigger unit enters inactivity, rather than the last trigger time. Thus, if a timer is on an realtime interval, the trigger will always adhere to that specified interval. E.g. if you have a timer that runs on a minutely interval, the setting guarantees that triggers will happen at *:*:00 times, whereas by default this may skew depending on how long the service runs. Co-authored-by: Matteo Croce <teknoraver@meta.com>
* | docs/DESKTOP_ENVIRONMENTS: fix formattingDavid Rheinsberg2024-10-111-3/+3
| | | | | | | | | | | | The annotation about omittance is meant to be about the `RANDOM` string. However, the current formatting makes it look like the entire naming scheme is optional. Fix this.
* | docs: don't mention split-usr path anymoreLennart Poettering2024-10-111-1/+1
| | | | | | | | | | | | | | We don't support split /usr/ anymore. Hence fix the paths. This apparently matters because of PK validating the binary path. Fixes: #34712
* | stub: Add support for .initrd addon filesTobias Fleig2024-10-091-0/+10
| | | | | | | | | | | | | | Teaches systemd-stub how to load additional initrds from addon files. This is very similar to the support for .ucode sections in addon files, but with different ordering. Initrds from addons have a chance to overwrite files from the base initrd in the UKI.
* | Fix reference to FileDescriptorStoreMax= directiveNils K2024-09-251-1/+1
| |
* | mkosi: Add back support for running clangd within mkosiDaan De Meyer2024-09-221-0/+16
| | | | | | | | | | This allows hacking on systemd without installing any build dependencies except mkosi on the host machine.
* | docs: fix typo in filename: REATLIME -> REALTIMEYu Watanabe2024-09-172-1/+1
| |
* | CONTROL_GROUP_INTERFACE: fix link to systemd-run codeArian van Putten2024-09-171-1/+1
| |
* | docs/ELF_DLOPEN_METADATA: add detailed exampleZbigniew Jędrzejewski-Szmek2024-09-131-0/+87
| |
* | docs/ELF_PACKAGE_METADATA: add detailed exampleZbigniew Jędrzejewski-Szmek2024-09-131-0/+94
|/ | | | | | | | When the spec was initially written, we didn't add good documentation of how to display the notes, also because there was no good way to display the data except manually extracting the section to a file and running 'jq' on that. But the tools have improved, so let's show the users how easy it is to use this data.
* Change OS X to macOS in BOOT.md (#34358)Skye Chappelle2024-09-111-1/+1
|
* docs/UIDS-GIDS: drop obsolete comment about FedoraZbigniew Jędrzejewski-Szmek2024-08-311-3/+0
| | | | | | | https://fedoraproject.org/wiki/Changes/RenameNobodyUser, 2018: > Use "nobody:nobody" as the names for the kernel overflow UID:GID pair, and > retire the old "nfsnobody" name and the old "nobody:nobody" pair with 99:99 > numbers.
* Add $SYSTEMD_IN_CHROOT to override chroot detectionDaan De Meyer2024-08-161-7/+7
| | | | | | | When running unprivileged, checking /proc/1/root doesn't work because it requires privileges. Instead, let's add an environment variable so the process that chroot's can tell (systemd) subprocesses whether they're running in a chroot or not.
* docs: Mention the new mount API in the container interface docDaan De Meyer2024-08-131-1/+3
| | | | | Let's mention that the new mount API may be used to establish new mounts in a container without needing the /run/host/incoming directory.
* docs: Update upgrade commands in HACKING.mdDaan De Meyer2024-08-051-4/+4
| | | | | | | - Add the required options to make the package managers non interactive - Use apt-get instead of apt - Remove --reinstall from apt-get command so we only install newer packages - Add --needed to pacman command so we only install newer packages
* Merge pull request #33857 from DaanDeMeyer/mkosiDaan De Meyer2024-07-291-15/+4
|\ | | | | Two small improvements
| * docs: Simplify hacking instructions a bitDaan De Meyer2024-07-291-15/+4
| | | | | | | | | | We enable RuntimeBuildSources=yes by default so let's drop it from the documentation.
* | logind: always check for inhibitor locksLuca Boccassi2024-07-251-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently inhibitors are bypassed unless an explicit request is made to check for them, or even in that case when the requestor is root or the same uid as the holder of the lock. But in many cases this makes it impractical to rely on inhibitor locks. For example, in Debian there are several convoluted and archaic workarounds that divert systemctl/reboot to some hacky custom scripts to try and enforce blocking accidental reboots, when it's not expected that the requestor will remember to specify the command line option to enable checking for active inhibitor locks. Also in many cases one wants to ensure that locks taken by a user are respected by actions initiated by that same user. Change logind so that inhibitors checks are not skipped in these cases, and systemctl so that locks are checked in order to show a friendly error message rather than "permission denied". Add new block-weak and delay-weak modes that keep the previous behaviour unchanged.
* | docs/CONTROL_GROUP_INTERFACE.md: document accounting information available ↵Jeffrey Bosboom2024-07-251-1/+1
|/ | | | via D-Bus
* docs: Document how to do stable releasesDaan De Meyer2024-07-191-0/+6
|
* mkosi: Streamline running the integration tests without building systemdDaan De Meyer2024-07-181-0/+18
| | | | | | | | | | Let's document in detail how to build the integration test image and run the integration tests without building systemd. To streamline the process, we stop automatically using binaries from build/ when invoking mkosi directly and don't automatically use a tools tree anymore if systemd on the host is too old. Instead, we document these options in HACKING.md and change the mkosi meson target to automatically use the current build directory as an extra binary search path for mkosi.
* docs: update mkosi version mentioned in HACKING.md (#33723)migleeson2024-07-171-4/+3
| | | | | * fix: update docs since the default config uses a setting only available in v23 * fix: update docs to only refer to installing from the mkosi repo
* sysupdate: Support changelogs & appstream metadataAdrian Vovk2024-07-121-0/+118
| | | | | | Makes it possible to specify URLs to a changelog and an appstream catalog XML in the sysupdate.d/*.conf files. This will be passed along to the clients of systemd-sysupdated, which can then present this data.
* docs: Simplify update commands in HACKING.mdDaan De Meyer2024-07-101-7/+7
| | | | | Let's make use of mkosi ssh to give everyone a one liner to run instead of having to execute two commands (one outside the VM, one inside).
* mkosi: Adapt configuration to take into account configuration reworkDaan De Meyer2024-07-091-1/+1
| | | | | | | | | | | | | | | | | In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is removed, CLI arguments take priority over configuration files again and the "main" image is defined at the top level instead of in mkosi.images/. Additionally, not every setting from the top level configuration is inherited by the images in mkosi.images/ anymore, only settings which make sense to be inherited are inherited. This commit gets rid of all the usages of '@', moves the "main" image configuration from mkosi.images/system to the top level and gets rid of various hacks we had in place to deal with quirks of the old configuration parsing logic. We also remove usages of Images= and --append as these options are removed by the mentioned PR.
* stub: Add support for .ucode EFI addonsTobias Fleig2024-07-081-0/+10
| | | | This extends #31872 to also load microcode from addon files.